--- Day changed Thu Jan 01 2015
00:05 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:09 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer]
01:28 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:43 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:53 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Remote host closed the connection]
02:26 -!- ColdFeet [~Dani@expopremier.com] has quit [Quit: Leaving]
02:56 -!- sireebob is now known as Baxtir
02:58 -!- mistermajestic [~mistermaj@unaffiliated/mistermajestic] has joined #openvpn
02:59 -!- Baxtir is now known as sireebob
04:05 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
04:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:46 -!- Novice201y [~lubuntu@aauk230.neoplus.adsl.tpnet.pl] has joined #openvpn
05:47 < Novice201y> Hi. Is it possible to make tunel between PC that are behind the same router?
06:01 -!- cosinus [~ec2-user@ec2-54-194-237-2.eu-west-1.compute.amazonaws.com] has left #openvpn []
06:05 -!- ub1quit33 [~quassel@cpe-23-243-158-241.socal.res.rr.com] has joined #openvpn
06:06 -!- ub1quit33 [~quassel@cpe-23-243-158-241.socal.res.rr.com] has quit [Remote host closed the connection]
06:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
06:17 -!- Novice201y [~lubuntu@aauk230.neoplus.adsl.tpnet.pl] has quit [Ping timeout: 272 seconds]
06:32 -!- Novice201y [~lubuntu@aekp58.neoplus.adsl.tpnet.pl] has joined #openvpn
06:40 -!- AnonGirl [janice@need.sleep.caffeinet.uk.to] has left #openvpn []
06:53 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:54 -!- Novice201y [~lubuntu@aekp58.neoplus.adsl.tpnet.pl] has quit [Ping timeout: 256 seconds]
07:06 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Remote host closed the connection]
07:10 -!- Novice201y [~lubuntu@afmq208.neoplus.adsl.tpnet.pl] has joined #openvpn
07:17 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
07:18 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
07:18 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
07:34 <@Dougy> happy new year to you lads
07:35 <@Dougy> Novice201y:
07:35 <@Dougy>   Novice201y | Hi. Is it possible to make tunel between PC that are behind the same router?
07:35 <@Dougy> in same LAN? sure
07:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
07:38 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 245 seconds]
07:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
07:51 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
07:54 -!- deranged [Jess@sciurus.net] has quit [Ping timeout: 244 seconds]
07:56 -!- deranged [Jess@sciurus.net] has joined #openvpn
07:58 -!- deranged [Jess@sciurus.net] has quit [Excess Flood]
07:58 -!- deranged [Jess@sciurus.net] has joined #openvpn
08:11 -!- Novice201y [~lubuntu@afmq208.neoplus.adsl.tpnet.pl] has quit [Ping timeout: 245 seconds]
08:20 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
08:20 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
08:22 -!- havingFun is now known as xrosnight
08:25 -!- Novice201y [~lubuntu@afjh127.neoplus.adsl.tpnet.pl] has joined #openvpn
08:42 -!- Novice201y [~lubuntu@afjh127.neoplus.adsl.tpnet.pl] has quit [Quit: Leaving.]
09:50 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 255 seconds]
10:45 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 256 seconds]
10:52 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
11:00 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
11:19 < esde> turns out i wasn't copying over the init script in its entirety
11:19 < esde> :D
11:19 < esde> only took a few hours to figure it out
11:19 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
11:27 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Quit: Headin Out...]
11:51 -!- Brutser [~plater@d51A48718.access.telenet.be] has joined #openvpn
11:51 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has quit [Remote host closed the connection]
11:51 < Brutser> hi all, when i try connect from client, i receive: read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
11:51 < Brutser> is it a problem with the certificates?
11:52 < Brutser> i want to check here before re-creating them
11:52 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has joined #openvpn
11:54 < Brutser> Oh yes, Happy New Year! :)
11:56 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
12:13 -!- julius_ [~julius_@p3EE284E4.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
12:14 -!- julius_ [~julius_@p3EE292BE.dip0.t-ipconnect.de] has joined #openvpn
12:24 -!- Brutser [~plater@d51A48718.access.telenet.be] has quit []
12:39 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
12:58 -!- Brutser [~plater@d51A48718.access.telenet.be] has joined #openvpn
12:59 < Brutser> constantly I keep getting: read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
13:00 < Brutser> research on google give various reasons, but no solution seem to work (yet)
13:00 < Brutser> most basic setup I used
13:18 < BtbN> It's a generic connection issue.
13:19 < BtbN> Basicaly, fix your connection to that host.
13:19 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Quit: Headin Out...]
13:25 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
13:33 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
13:36 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:43 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
14:27 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
14:35 -!- Kniaz1 [~Kniaz@unaffiliated/kniaz] has joined #openvpn
14:35 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:38 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Ping timeout: 256 seconds]
14:44 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
14:46 -!- simlay [~simlay@maderas.amandrai.net] has joined #openvpn
15:23 -!- Henryabcd [~Henryabcd@dyndsl-091-096-021-081.ewe-ip-backbone.de] has joined #openvpn
15:35 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
15:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
15:41 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Remote host closed the connection]
15:51 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Ping timeout: 244 seconds]
15:52 -!- justinzane [~justinzan@67.21.190.132] has quit []
15:52 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
15:52 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
15:57 -!- ketas- [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
15:59 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
16:03 -!- moparsthbest [~quassel@gateway/tor-sasl/moparisthebest] has joined #openvpn
16:03 -!- jrg_ [jrg@unaffiliated/jrg] has joined #openvpn
16:03 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
16:05 -!- pipi-_ [~pipi-@unaffiliated/pipi-] has joined #openvpn
16:05 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
16:05 -!- nath_schwarz [~nath_schw@HSI-KBW-134-3-105-207.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 256 seconds]
16:05 -!- zoredache_ [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 256 seconds]
16:05 -!- jrg [jrg@unaffiliated/jrg] has quit [Ping timeout: 256 seconds]
16:05 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 256 seconds]
16:05 -!- adaptr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 256 seconds]
16:05 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Ping timeout: 256 seconds]
16:05 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 256 seconds]
16:05 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Ping timeout: 256 seconds]
16:05 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
16:06 -!- jrg_ is now known as jrg
16:06 -!- moparisthebest [~quassel@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
16:06 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
16:07 -!- mode/#openvpn [+v RBecker] by ChanServ
16:07 -!- mattock is now known as mattock_afk
16:07 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Ping timeout: 250 seconds]
16:07 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
16:09 -!- ketas- is now known as ketas
16:09 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:15 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
16:31 -!- simlay [~simlay@maderas.amandrai.net] has left #openvpn []
16:36 < Brutser> anyone around at this time?
16:46 -!- Brutser [~plater@d51A48718.access.telenet.be] has quit []
16:48 -!- tempus_fol [~tempus@gateway/tor-sasl/foltempus] has joined #openvpn
16:50 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
16:50 < tempus_fol> !goal
16:50 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
16:52 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
16:55 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
16:56 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:08 < tempus_fol> !configs
17:08 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
17:11 -!- Henryabcd [~Henryabcd@dyndsl-091-096-021-081.ewe-ip-backbone.de] has quit [Quit: Leaving]
17:32 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
17:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
17:46 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:50 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
17:51 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:51 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
17:52 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:34 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
18:37 -!- Zune [~Zune@188-180-61-96-dynamic.dk.customer.tdc.net] has joined #openvpn
18:42 -!- Zune [~Zune@188-180-61-96-dynamic.dk.customer.tdc.net] has quit [Ping timeout: 240 seconds]
18:43 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
18:45 -!- Zune [~Zune@188-180-61-96-dynamic.dk.customer.tdc.net] has joined #openvpn
18:46 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 272 seconds]
18:53 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:06 -!- Zune [~Zune@188-180-61-96-dynamic.dk.customer.tdc.net] has quit [Ping timeout: 255 seconds]
19:07 -!- Zune [~Zune@188-180-61-96-dynamic.dk.customer.tdc.net] has joined #openvpn
19:10 -!- Strogg [~jean@unaffiliated/strogg] has quit [Quit: WeeChat 0.3.8]
19:21 -!- Zune [~Zune@188-180-61-96-dynamic.dk.customer.tdc.net] has quit [Ping timeout: 255 seconds]
19:27 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
19:31 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:54 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
20:01 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
20:26 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has joined #openvpn
20:28 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has quit [Client Quit]
20:32 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has joined #openvpn
20:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
20:37 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has quit [Client Quit]
20:45 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
20:46 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
21:02 -!- rich0_ is now known as rich0
21:07 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
21:12 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
21:35 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
21:54 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
21:56 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
21:56 -!- mode/#openvpn [+o krzee] by ChanServ
23:33 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
23:35 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:35 -!- ShadniX [dagger@p579416B4.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
23:38 -!- ShadniX [dagger@p5481CB16.dip0.t-ipconnect.de] has joined #openvpn
23:44 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
--- Day changed Fri Jan 02 2015
00:18 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
00:22 -!- julius_ [~julius_@p3EE292BE.dip0.t-ipconnect.de] has left #openvpn ["Leaving"]
00:30 -!- arkie [~arkie@unaffiliated/arkie] has quit [Quit: Bye]
00:33 -!- arkie [~arkie@unaffiliated/arkie] has joined #openvpn
01:11 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
01:22 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:44 -!- mattock_afk is now known as mattock
01:44 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:45 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:05 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:11 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:12 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Read error: No route to host]
02:39 -!- Orbixx_ is now known as Orbixx
02:45 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Ping timeout: 244 seconds]
02:48 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
03:35 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:40 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
03:43 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
04:02 -!- Fraxinus [4e16614e@gateway/web/freenode/ip.78.22.97.78] has joined #openvpn
04:02 < Fraxinus> Anyone in here to help?
04:16 < KjetilK> Fraxinus, I probably can't but see the topic on how to get started
04:17 < Fraxinus> Well got it working ^^
04:17 < Fraxinus> I see the qulity of the stream on netflix isn't good tho
04:17 < Fraxinus> i guess because the vpn is heavily used and thus slow?
04:17 < Fraxinus> anyone know a good free vpn link?
04:19 < Fraxinus> us/uk based
04:23 -!- Fraxinus [4e16614e@gateway/web/freenode/ip.78.22.97.78] has quit [Ping timeout: 246 seconds]
04:33 -!- Fraxinus [c6073ecc@gateway/web/freenode/ip.198.7.62.204] has joined #openvpn
04:34 < Fraxinus> Got dcd, does anyone know a fast free vpn ?
04:42 -!- Fraxinus [c6073ecc@gateway/web/freenode/ip.198.7.62.204] has quit [Ping timeout: 246 seconds]
04:43 -!- bone_idol [~bone_idol@apple.rat.burntout.org] has left #openvpn []
04:46 -!- wobelinger [~hexer81@p54B19084.dip0.t-ipconnect.de] has joined #openvpn
04:51 -!- wobelinger [~hexer81@p54B19084.dip0.t-ipconnect.de] has quit [Remote host closed the connection]
04:52 -!- wobelinger [~hexer81@209.197.20.209] has joined #openvpn
04:52 -!- wobelinger [~hexer81@209.197.20.209] has quit [Remote host closed the connection]
04:52 -!- wobelinger [~hexer81@209.197.20.209] has joined #openvpn
04:52 -!- wobelinger [~hexer81@209.197.20.209] has quit [Max SendQ exceeded]
04:54 -!- wobelinger [~hexer81@209.197.20.209] has joined #openvpn
04:54 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:59 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
04:59 -!- mode/#openvpn [+o dazo_afk] by ChanServ
04:59 -!- dazo_afk is now known as dazo
05:00 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
05:00 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
05:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:16 < tempus_fol> Hello, I heve these configs server and client side: http://fpaste.org/164932/42019638/ ; everything worked perfectly 'till I upgraded the client OS (from Fedora 20 to Fedora 21). OpenVPN allegedly works fine, I can't see anything strange in the logs (server and client side). If, after having established the VPN connection, I connect from my client to web services/sites (like whatismyip, ifconfig.me and so on) that show my ip address, they
05:16 < tempus_fol> correctly report my openvpn server's ip address; the same occurs from the terminal as well (e.g. curl ifconfig.me) Everything seems working fine, except that I noticed (at first, thanks to knemo) that not all the traffic is routed through the VPN. This is hugely self-evident with Ktorrent; in Ktorrent, connections to UDP peers are routed via the VPN (tun0) whilst connection established via TCP are routed via wlp0s20u2 (sorry for the ugly
05:16 < tempus_fol> device name, you know, "it's a feature"). This is not consistent with the web browser checks. I've checked with wireshark whilst trying to torrent something, and I can confirm that only some of the traffic (it seems only UDP traffic, as far as Ktorrent is concerned) is routed. Whilst browsing, I've noticed anyway that such double-routing occurs in other occasions as well. Here the `netstat -rn' client-side before and after the VPN
05:16 < tempus_fol> connection: http://fpaste.org/164933/01971011/
05:18 < esde> holy wall o text
05:19 < tempus_fol> Final note: on the server there's a different openvpn tcp server running (listening on 443) that I use when I'm behind some restrictive networks; . I've tried to use that, it behaves in the same way.
05:20 < tempus_fol> yep, sorry, I didn't realize I wrote that much. I've tried to post everything I could think relevant
05:21 < tempus_fol> TL;DR some traffic is not routed through the VPN
05:22 -!- Turn_Left [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:27 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco_]
05:30 -!- dazo is now known as dazo_afk
05:35 -!- Turn_Left [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
05:47 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 240 seconds]
05:49 -!- dazo_afk is now known as dazo
05:53 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
06:18 -!- jkli [~jkli@brln-4d072903.pool.mediaways.net] has joined #openvpn
06:26 -!- Brutser [~brutser@d51A48718.access.telenet.be] has joined #openvpn
06:26 < Brutser> with basic setup I keep receiving: read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
06:26 < Brutser> must be some firewall issue
06:26 < Brutser> i disabled selinux already
06:27 < Brutser> what i need to upload to get some help on this?
06:27 < Brutser> or what i need to check?
06:31 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
06:36 < Brutser> !configs
06:36 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
06:38 < Brutser> !logs
06:38 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
06:42 -!- jkli [~jkli@brln-4d072903.pool.mediaways.net] has quit [Quit: Computer has gone to sleep.]
06:43 < Brutser> some of the relevant files: http://pastebin.com/L4DREmvJ
06:55 -!- jkli [~jkli@brln-4d072903.pool.mediaways.net] has joined #openvpn
06:58 < Brutser> no packets captured on server when tcpdump on tun0
06:58 < Brutser> is that normal?
07:08 -!- moparsthbest [~quassel@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
07:13 -!- moparisthebest [~quassel@unaffiliated/moparisthebest] has joined #openvpn
07:43 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco_]
07:47 -!- wobelinger [~hexer81@209.197.20.209] has quit [Ping timeout: 250 seconds]
08:06 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Read error: Connection reset by peer]
08:12 -!- mirco_ [~mirco@pd95b6029.dip0.t-ipconnect.de] has joined #openvpn
08:17 -!- pa [~pa@unaffiliated/pa] has quit [Read error: Connection reset by peer]
08:22 < tempus_fol> Brutser: I have zero knowledge in the windows realm, but it really sounds a firewall issue
08:22 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
08:25 < esde> Fromt he topic, "Your problem is probably firewall, Really"
08:25 < tempus_fol> About the issue I tried to describe earlier ( http://fpaste.org/164932/42019638/ ; http://fpaste.org/164933/01971011/ ; only some traffic is routed through the VPN after an upgrade of the client's OS), I've discovered that if I browse whatismyipaddress.com I'm presented with my home ip, whilst whatismyip.com shows me my VPN server's ip... in the same browser
08:25 < esde> *from the
08:33 -!- pipi-_ is now known as pipi-
08:38 < tempus_fol> I've tried to wireshark it as well.. after querying the dns for whatismyip.com, the connection is performed via VPN, whilst with whatismyaddress.com the connection is performed directly.. and I don't know why. routel: http://fpaste.org/164979/42020946/
08:51 < Brutser> firewall issue is logical, but what is the issue? :)
08:51 < Brutser> server is centos 6.6
08:52 < KjetilK> Brutser, just to be sure, you have opened port 1194?
08:53 < KjetilK> for UDP traffic, even?
08:53 < Brutser> iptables -A INPUT -p udp --dport 1149 -m state --state NEW,ESTABLISHED -j ACCEPT
08:53 < Brutser> iptables -A OUTPUT -p udp -m state --state ESTABLISHED -j ACCEPT
08:53 < Brutser> those 2 lines were issued for that
08:54 < KjetilK> *cough*
08:54 < KjetilK> 1194... :-)
08:55 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
08:55 < Brutser> sorry i made typo only here
08:55 < KjetilK> typical thing you can stare at for ages, and not discover that you've written 1149 :-)
08:55 < Brutser> i changed to another port to test on that
08:55 < KjetilK> oh, ok
08:56 < Brutser> i put iptables -L in pastebin
08:56 < Brutser> http://pastebin.com/L4DREmvJ
08:57 -!- mirco_ [~mirco@pd95b6029.dip0.t-ipconnect.de] has quit [Quit: mirco_]
08:57  * KjetilK started with OpenVPN last weekend, my ability to help doesn't go very far
08:57 -!- mirco_ [~mirco@pd95b6029.dip0.t-ipconnect.de] has joined #openvpn
08:58 < KjetilK> have you nmapped the server to see if there are any other things that are surprisingly not there?
09:02 < tempus_fol> Brutser: the CentOS server is on a VPS? OpenVZ or KVM? `iptables -L -n -v -t nat' ?
09:04 < tempus_fol> (in the meanwhile, about my issue, even `$ ip r get $(dig whatismyip.com +short) ; ip r get $(dig whatismyipaddress.com +short)' client-side confirms that some of the traffic passes through tun0, some doesn't)
09:06 < tempus_fol> (what turns me mad is that this untouched OpenVPN setup worked wonders over two client OS' upgrades... and now this)
09:17 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
09:18 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
09:19 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 245 seconds]
09:29 < Brutser> tempus_fol: no it is dedicated
09:29 < Brutser> moment i will get the output
09:33 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 272 seconds]
09:45 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
09:48 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
09:57 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
10:14 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:15 < tempus_fol> (in the meanwhile, about my issue, a `ip r a default via 10.8.0.5' issued once the VPN connection has been established seems to "patch" the issue, all the traffic gets routed thorugh tun0 - but the "redirect-gateway def1 bypass-dhcp" push were always received by the client, so I don't know why is it required an explict, subsequent, manual routing)
10:18 -!- An_Ony_Moose [~linus@static.3.75.76.144.clients.your-server.de] has quit [Quit: leaving]
10:20 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:20 < tempus_fol> I have an idea...
10:25 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
10:25 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
10:26 -!- jkli [~jkli@brln-4d072903.pool.mediaways.net] has quit [Quit: Computer has gone to sleep.]
10:28 -!- Kniaz1 [~Kniaz@unaffiliated/kniaz] has quit [Ping timeout: 250 seconds]
10:43 < tempus_fol> The suspicion is: the new NetworkManager tries to "manage" an openvpn connection even if it's started from the CLI, presenting a new config for it and possibly (? it's a speculation) messing with the routing tables _after_ the "redirect-gateway def1 bypass-dhcp" push
10:43 < tempus_fol> (I'm checking this)
10:44 < Brutser> switched to debian on the server, now with win7 client
10:44 < Brutser> exact same problem as with centos - winxp
10:45 < Brutser> Fri Jan 02 17:43:23 2015 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
10:45 < Brutser> just default config on 10.8.0.0/24
10:46 < Brutser> client cannot ping server on 10.8.0.1
10:57 < tempus_fol> it's not CentOS or Debian (I'm more used to CentOS-alike stuff)... anyway, I did not see the output `iptables -L -n -v -t nat' ; also, I'm not aware if windows and/or something in the middle is blocking/firewalling the relevant UDP port (I haven't used windows for ~5 years)
10:58 < Brutser> http://pastebin.com/XBTZFi1Z
10:59 < tempus_fol> Eh. That's it.
10:59 <@krzee> !factoids search --values iptables-save
10:59 <@vpnHelper> 'iptables-rules' and 'netfilter'
10:59 <@krzee> !iptables-rules
10:59 <@vpnHelper> "iptables-rules" is When posting iptables rules, please use the `iptables-save` syntax as it is easiest to read. While we try to be helpful, #netfilter may be more appropriate for complex netfilter issues
10:59 <@krzee> tempus_fol, that sucks, i hate network mangler
11:00 < Brutser> tempus_fol: so in more detail, what you suggest?
11:00 < tempus_fol> Brutser: a look at https://wiki.archlinux.org/index.php/OpenVPN#Using_iptables can help maybe
11:00 <@vpnHelper> Title: OpenVPN - ArchWiki (at wiki.archlinux.org)
11:02 < Brutser> added the masquerade, but it makes no difference
11:03 < Brutser> i know i need to add that, but i was not even that far, because client cannot reach server
11:03 < tempus_fol> krzee: it seems that NetworkManager *wants* me to use the NetworkManager-openvpn plugin.. but it doesn't have all the relevant option/switches, and anyway I don't see why NetworkManager should "handle" a tun0 not crafted by it
11:04 < Brutser> new iptables: http://pastebin.com/2rZLWBPC
11:04 < BtbN> NM handles everything. If you want to use OpenVPN not via NM, give the device a specific name in the config, and add that device name to the NM ignore list.
11:04 < BtbN> But the last time i checked, the NM-OpenVPN options seemed quite complete.
11:04 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
11:05 < BtbN> Brutser, stop querying me about stuff that belongs in this channel please.
11:06 < tempus_fol> Last time I checked, it constantly triggered MITM warnings and did not have some options I used.
11:06 < BtbN> Brutser, i already told you, connection reset by peer is not an openvpn issue, it's a generic networking issue.
11:07 < tempus_fol> ...I was not aware that you can put some device names in ignore list
11:08 < BtbN> It's not unlikely that NM will break/overwrite VPN specific routes
11:08 < tempus_fol> ..but it never happened to me before - I guess I should have been prepared
11:09 < BtbN> The behaviour changed some versions ago
11:10 < Brutser> BtbN: ok, i try to setup a test setup local with virtualization, using virtualbox at the moment - most likely this will influence the network behaviour, but I find so many people using this exact same setup to create an openvpn test setup
11:11 < BtbN> Well, you are doing something wrong with your networking. Not realy possible to tell what exactly.
11:11 < tempus_fol> Brutser: I'd like to help more but I do not even know how to check routing tables, interfaces and pings and whatnot in windows. Sorry about that... maybe you can try with a non-windows client (a Live distro could be fine as well), it may give some insight (in case it's not a windows-firewall thing)
11:12 < Brutser> tempus: i turned off the firewall in win7
11:13 < Brutser> btbN: yes i am doing something wrong, but i just start from a clean setup, the host as well, install minimal centos, clean windows client - but whatever i do, i keep getting the same issue
11:13 < Brutser> also i tried with a ubuntu as host
11:13 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
11:13 < kexmex> hi
11:13 < kexmex> stupid question
11:13 < kexmex> if OpenVPN server goes down, can clients still maintain a network
11:13 < kexmex> ?
11:13 < tempus_fol> ...a virtualization would just add an additional layout of complication in something that is not clear...also, distro-hopping won't really help (never helps)
11:14 < Brutser> tempus: yea i know, i just not have the means to get an additional server just for testing, so that is why i want to try it local
11:14 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:15 < tempus_fol> kexmex: I'd rush to say "no", but I'm somewhat curious about why do you think otherwise
11:16 < kexmex> well
11:16 < kexmex> if machines are clustered via OpenVPN
11:16 < kexmex> for say, DB redundancy
11:16 < kexmex> like if one of the 3 machiens in cluster goes down, another one takes over as primary DB
11:16 < kexmex> but if one shitty openVPN server goes down, then the whole cluster goes down?
11:18 -!- tobinski [~tobinski@x2f5f47a.dyn.telefonica.de] has joined #openvpn
11:26 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
11:28 < tempus_fol> I don't have any experience in openvpn clusters, but it could be doable to create different lans, in each of those a openvpn server & client of all the others openvpn servers.... it seems fun
11:35 -!- Brutser [~brutser@d51A48718.access.telenet.be] has quit [Ping timeout: 240 seconds]
11:38 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
11:41 < BtbN> OpenVPN is strictly client/server. All traffic goes through the single server. Public/Private key communication just works like that.
11:42 < BtbN> The only P2P VPN i can think of is hamachi, but even that relies on a central server to initialy connect the hosts. And it's a proprietary tool.
11:46 < tempus_fol> BtbN: I've tried to blacklist tun0 (adding a [keyfile] section in /etc/NetworkManager/NetworkManager.conf, and adding there the line "unmanaged-devices=interface-name:tun0"; after a NetworkManager restart restart NetworkManager, still I can't get tun0 in unmananged state...
11:47 < BtbN> It should appear as unmanaged in the ui
11:47 < BtbN> if it doesn't it didn't work
11:48 < BtbN> https://gist.github.com/5229f18503b992874d82 that's how i blacklisted some of my vmware devices
11:48 <@vpnHelper> Title: /etc/NetworkManager/NetworkManager.conf (at gist.github.com)
11:48 < tempus_fol> in the ui I see that a new tun0 "profile" is created right after the connection to the VPN server
11:48 < BtbN> And don't name it tun0, give it some more specific name
11:48 < BtbN> could easily become tun1 at some point otherwise
11:49 < tempus_fol> (indeed, I blacklisted tun0 and tun1)
11:50 < BtbN> My openvpn interfaces usualy have usefull names, which indicate which vpn it is
11:50 < BtbN> you can freely name them
11:50 < tempus_fol> that's a nice feature to consider, first I just wanted to make sure I can blacklist the device properly..
11:53 < tempus_fol> yay, I managed to blacklist it properly... apparently, a systemctl restart NetworkManager wasn't enough, it wanted a systemctl force-reload too
11:54 < tempus_fol> now my routing tables are proper, the first default gw in the routing tables is 10.8.0.5 on tun0.... ok, now I'll check more in depth the tun0-renaming
11:55 < BtbN> The problem is, a single change via NM will entirely overwrite the routing table
11:55 < BtbN> To the state NM expects
11:55 < BtbN> so everything except the implicit route to your VPN network will be gone
12:01 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
12:01 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 245 seconds]
12:03 -!- justinzane [~justinzan@67.21.190.132] has quit [Ping timeout: 272 seconds]
12:14 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
12:16 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
12:17 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Read error: Connection reset by peer]
12:33 -!- Brutser [~brutser@d51A48718.access.telenet.be] has joined #openvpn
12:34 < Brutser> lol, decided to grab my old laptop and install centos on there, but now im rebuilding 6.x because cpu not support pae
12:35 < Brutser> i really wonder why virtualbox makes it for me impossible to setup basic openvpn server ... :/
12:35 < Brutser> it is such a convenient way for me to test things
13:01 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:07 -!- RGamma [~RGamma@ip-84-118-23-37.unity-media.net] has quit [Remote host closed the connection]
13:10 -!- RGamma [~RGamma@ip-84-118-23-37.unity-media.net] has joined #openvpn
13:18 -!- mirco_ [~mirco@pd95b6029.dip0.t-ipconnect.de] has quit [Quit: mirco_]
13:28 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
13:30 -!- Denial [~Denial@81.141.3.116] has quit [Ping timeout: 240 seconds]
13:45 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:46 -!- asper [~argali@volans.uberspace.de] has joined #openvpn
13:55 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
13:57 -!- bruxC [~bruxC@66.63.84.178] has quit [Client Quit]
14:01 -!- mistermajestic [~mistermaj@unaffiliated/mistermajestic] has quit [Changing host]
14:01 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has joined #openvpn
14:06 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:24 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
14:35 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
14:35 -!- BtbN [btbn@btbn.de] has joined #openvpn
14:38 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
14:41 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:50 < kexmex> can an openvpn cluster function
14:50 < kexmex> if server is down?
14:53 < esde> "The basic idea is that you can run two (or three, or more) OpenVPN servers, and add all of their IP addresses or hostnames to your VPN client configurations. Also, the client should re-try quickly in order to minimize the downtime experienced by the user. When one server fails, the client rotates to the next address in its connect-to list, and the connection gets re-established in pretty short order."
14:53 < esde> could be outdated information though. got it from http://serverfault.com/questions/110105/redundant-openvpn-configuration
14:53 <@vpnHelper> Title: high availability - redundant openvpn configuration - Server Fault (at serverfault.com)
14:57 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 276 seconds]
14:59 -!- tobinski_ [~tobinski@x2f5f47a.dyn.telefonica.de] has joined #openvpn
15:00 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
15:02 -!- tobinski [~tobinski@x2f5f47a.dyn.telefonica.de] has quit [Ping timeout: 240 seconds]
15:10 -!- Brutser [~brutser@d51A48718.access.telenet.be] has quit [Ping timeout: 240 seconds]
15:39 -!- stevecrozz [~stevecroz@173.227.0.2] has joined #openvpn
15:39 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
15:41 < stevecrozz> vpn connection established, but cannot ping vpn server IP from the client: [client log --verb 6 http://lithostech.com/openvpnlog]
15:44 < stevecrozz> when I issue a ping 10.8.0.1 from the client, I see TUN READ and UDPv4 WRITE messages in the client log, but there is no reply
15:45 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
15:47 -!- jrg [jrg@unaffiliated/jrg] has left #openvpn []
15:48 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has quit []
15:48 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has joined #openvpn
15:50 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
15:54 < burp_> I'm trying to run openvpn with a /64 subnet assigned to me, I have a main adapter where I assign the first /65 subnet, and openvpn gets the second /65. A client gets an IP from the second /65 but is not able to ping external ipv6 addresses, though ipv6 forwarding is enabled on the server and routing is pushed
15:55 < burp_> now the interesting/strange thing:
15:56 < burp_> when I add the ipv6 address from the second /65 block that is assigned to a client to the servers main interface (next to the first /65 block) and remove it afterwards, routing/pinging outside works
15:56 < burp_> after a "while" things stop working again and I'd have to alias/unalias the client ip from the main interface again
15:58 < burp_> routing table doesn't change, ipv6 neighbor table seems to stay the same, I'm currently looking for ideas where to look
16:00 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
16:23 -!- u0m3_ [~u0m3@92.80.69.178] has joined #openvpn
16:26 -!- u0m3 [~u0m3@92.80.67.140] has quit [Ping timeout: 255 seconds]
16:27 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
16:31 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
16:31 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:36 -!- tekk [~me@185.17.149.149] has joined #openvpn
16:43 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco_]
16:47 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
17:07 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:23 -!- Brutser [~brutser@d51A48718.access.telenet.be] has joined #openvpn
17:24 < Brutser> Need some help: openvpn server on centos 6.6 seem to work fine, but when i connect from windows client, browsing works on some urls, but times out on others - how can i find the cause of this problem? should i run some tcpdump on the server to find out and how to do this?
17:24 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Ping timeout: 244 seconds]
17:26 -!- stevecrozz [~stevecroz@173.227.0.2] has left #openvpn ["Leaving"]
17:26 -!- jkli [~jkli@brln-4d072903.pool.mediaWays.net] has joined #openvpn
17:26 -!- jkli [~jkli@brln-4d072903.pool.mediaWays.net] has left #openvpn []
17:26 < Brutser> also can someone say me if these iptables settings are acceptable?
17:26 < Brutser> http://pastebin.com/iCHytReR
17:27 < Brutser> port for openvpn is obviously 2244 udp
17:27 < Brutser> maybe i put too many rules or not right order
17:27 < Brutser> all help is appreciated!
17:31 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
17:33 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:34 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
17:40 < Brutser> i can watch a youtube movie through the vpn, but ibm.com times out .. :S
17:46 < Brutser> seems i only can reach ipv6
18:00 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:02 -!- dazo is now known as dazo_afk
18:07 < burp_> and linux client works?
18:07 < burp_> try pinging server tunnel end on clients for ipv4,ipv6
18:08 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:11 -!- tobinski_ [~tobinski@x2f5f47a.dyn.telefonica.de] has quit [Quit: Leaving]
18:13 < Brutser> burp_: ok moment
18:14 < burp_> I guess first you should figure out if the tunnel itself works, if server and client can ping each other through the tunnel interface
18:14 < burp_> and if that works for both ipv4 ipv6 you can check the routing
18:24 < Brutser> burp_: seems both not working :S
18:25 < Brutser> so internet i receive in browser is cached, or just not using the vpn tunnel?
18:25 < burp_> can't say, browse http://ifconfig.me to check IP address? :D
18:26 < Brutser> does not open :)
18:26 < Brutser> must be firewall, let me pastebin the rules
18:26 < Brutser> i use bash script, probably some wrong order
18:26 < burp_> I'm not so familiar with iptables
18:27 < burp_> but could be, yea
18:27 < Brutser> http://pastebin.com/vLUvE8ca
18:27 < burp_> can you remove all iptables rules? then you know if the rules break them
18:27 -!- backz [~daniel@189.100.10.39] has joined #openvpn
18:27 < burp_> break it
18:28 -!- backz [~daniel@189.100.10.39] has left #openvpn []
18:28 < Brutser> ok, but the masquerade rule is needed by vpn no?
18:28 < burp_> for NAT?
18:28 < Brutser> yes
18:28 < burp_> for now we're just testing if the tunnel connection works properly
18:28 < Brutser> ok
18:28 < burp_> NAT is only required if you want to reach something externally
18:29 < burp_> you can start with empty iptables everywhere
18:29 < burp_> make sure tunnel works
18:29 < burp_> then enable ip forwarding on server, and set up iptables NAT rules
18:30 < Brutser> stopped iptables
18:30 < Brutser> but tunnel not work it seems
18:32 < Brutser> let me upload server.conf
18:34 < Brutser> also i notice the client not get gateway on the 10.10.10.0 network
18:35 < Brutser> http://pastebin.com/yn49EpiX
18:36 < Brutser> i am for sure overlooking something very basic
18:36 < burp_> so your client gets 10.10.10.2 I guess
18:36 < Brutser> 10.10.10.6
18:36 < burp_> while the server side tunnel is 10.10.10.1
18:36 < burp_> ok
18:36 < burp_> and pinging 10.10.10.1 doesn't work
18:36 < Brutser> no
18:37 < Brutser> iptables i stopped
18:37 < Brutser> centos 6.6 btw the server
18:37 < burp_> client is windows, right?
18:37 < Brutser> yes
18:39 < burp_> well, can't help there :/
18:39 < burp_> for linux I'd check if a route has been set
18:39 < Brutser> selinux?
18:40 < Brutser> i think maybe that give the problem
18:40 < Brutser> possible?
18:41 < burp_> don't know
18:41 < burp_> hmm, maybe you are missing
18:42 < burp_> push "route 10.10.10.0 255.255.255.0" for that to work?
18:42 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:42 < Brutser> i will give that a try, sec
18:43 < Brutser> i thought about that, but it is getting the ip from this network, so thought it was not necessary
18:44 < Brutser> no, does not seem to make much difference
18:44 < burp_> so you still can't ping 10.10.10.1, hmm
18:45 < burp_> I guess my expertise ends here
18:45 < Brutser> and mine too :)
18:45 < Brutser> still sucks :)
18:46 < burp_> on linux client I'd check routing table to check whether 10.10.10.X is really routed through tun0
18:47 < burp_> one can probably do the same on windows, but I don't know the tools there
19:02 < Brutser> switched to tcp
19:02 < Brutser> now receive: SIGUSR1 connection-reset
19:02 < Brutser> from the server
19:03 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
19:07 -!- sand3r [~user@unaffiliated/sand3r] has joined #openvpn
19:07 < sand3r> hi
19:07 < sand3r> how do i disable logs for openvpnserver?
19:07 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
19:07 < sand3r> by verb "0"?
19:08 < Brutser> send log file to /dev/null
19:08 < sand3r> how?
19:08 < sand3r> i thought verb 0 did that?
19:08 < sand3r> verb 0= no logs?
19:09 < burp_> don't you have to specify log or syslog so it logs in first place?
19:09 < Brutser> log /dev/null
19:11 < Brutser> should work fine
19:11 < Brutser> but ok, my setup should work fine too but it does not :)
19:13 < sand3r> burp_: is that a question?
19:13 < burp_> yes
19:14 < sand3r> burp_: you know how to disable logs completyly?
19:14 < burp_> see what Brutser said
19:15 < sand3r> Brutser: whats the different between log         /dev/null and verb 0?
19:15 < burp_>               0 -- No output except fatal errors.
19:15 < burp_> says man openvpn
19:16 < sand3r> burp_: you know what the different is?
19:17 < burp_> well, I thought one had to activate log or syslog first before any logging happens
19:18 < Brutser> log /dev/null make sure that if any logging would happen, it is not saved
19:19 < tempus_fol> usually any distro ootb has one of those turned on, and usually it's always better to keep some logging than none. There's also the --mute directive to drop subsequent similar messages...
19:19 < tempus_fol> (one of those logging systems)
19:20 < tempus_fol> (rather than none) I apologize, it's quite late ^^"
19:22 < sand3r> is it like, verb 0 are disable ip, error logs. and log /dev/null are disabling activity logs?
19:22 < sand3r> i am right?
19:23 < tempus_fol>  well /dev/null is ... null. void. the emptiness. You can throw anything at it, and it becomes zilch. nada. nothing.
19:23 < Brutser> yea
19:23 < Brutser> verb determine the 'extensiveness' of logging
19:23 < sand3r> so, what function are verb 0 giving?
19:23 < Brutser> but verb 0 still log
19:24 < tempus_fol>  with /dev/null it's not exactly "disabling" logs, it's "throwing them in a black hole"
19:24 < Brutser> yea
19:24 < burp_> black hole that doesn't grow with it :D
19:24 < sand3r> lol
19:24 < burp_> even worse thing
19:25 < tempus_fol> verb 0 can log very exceptional fatalities you totally want to know. Why do you want to disable logging in the first place?
19:25 < Brutser> yes, i suggest leave verb 1 at least
19:25 < sand3r> tempus_fol: privacy reasons
19:25 < Brutser> just rotate the logging, so they dont keep long history
19:26 < sand3r> Brutser: should it not be enough with log /dev/null and verb 0 we talkied about?
19:26 < Brutser> log /dev/null and verb 9 will just be the same
19:26 < tempus_fol> sand3r: like? If someone has root access to your box/VPS/server, logs aren't the thing you should focus on
19:27 < sand3r> Brutser: how do i rotate the logging? and why rotate it IF i using log /dev/null?
19:27 < Brutser> netstat reveal just as much
19:27 < tempus_fol> well true
19:27 < sand3r> tempus_fol: what should i focus on?
19:28 < sand3r> then..
19:29 < tempus_fol> sand3r: not letting your box rooted ^^" and giving your box to professionals who can deserve your trust
19:29 < Brutser> swiss guard :)
19:33 < sand3r> please explain more..
19:33 < sand3r> :)
19:34 < sand3r> tempus_fol: mean like fail2ban?
19:34 < tempus_fol> also, most distro include some kind/variant of log rotation, so; but tbh logs aren't hampering any privacy ever; logs are meant to be usable by the system administrator only. Someone not trusted with physical or rooted access (that's what's needed) can do much worse than just reading... it's the worst case scenario you want to avoid
19:36 < tempus_fol> every distro has its way of hardening; some distro (CentOS,RHEL,Fedora) implement SELinux, other implements grsec; tbh "sane" configurations should be enough, but those tools can save an admin from exceptional errors (and some exploit).
19:37 < sand3r> tempus_fol: what about debian 7?
19:37 < tempus_fol> hardening ssh (fail2ban is sometimes used with it) is another thing you could consider... but we would go very offtopic I guess
19:39 -!- sand3r [~user@unaffiliated/sand3r] has quit [Read error: Connection reset by peer]
19:39 < tempus_fol> debian stable is well, stable - make sure to double check the permissions of files/folders you edit/move around, check which services are exposed to the general public, adopt decent passphrases, try to hide ssh login (someone would say that's not really hardening, and mostly it would just avoid to fill logs with intrusion attempts by bots) and so on
19:41 < tempus_fol> it's a wide topic, you should maybe focus on securing openvpn for now ^^ For example Brutser is using CentOS, right? One of the first things whilst troubleshooting is disabling SELinux... it's not really correct, one should check the logs of SELinux and eventually adopt a custom policy
19:47 < tempus_fol> for example, SELinux is expecting OpenVPN on tcp and/or UDP port 1194 ( "# semanage port  -l|grep openvpn" ); if you use e.g. port 40123 upd instead, you just run "# semanage port -a -t openvpn_port_t -p udp 40123" ; on SELinux-hardened system it's better to never turn off completely SELinux but at most to put it temporarily in permissive mode. CentOS has a nice (and fast) wiki on SELinux
19:51 < Brutser> yes but even disable iptables and selinux are not giving me any solution right now
19:51 < Brutser> right now i get: MULTI: bad source address from client [::], packet dropped
19:51 < tempus_fol> wait no you don't disable iptables... you need it :|
19:51 < Brutser> i know, but i just try to create the tunnel
19:53 < tempus_fol> maybe me and/or someone else already suggested it but: have you tried to connect to it using a linux client? Just to rule window out. Also a linux client could give you some more details I guess. A so-called "live image" of any distribution should be enough, if you don't want to install it on bare metal.
19:56 < Brutser> tempus_fol: i guess i will have to do that...
19:57 < tempus_fol> also: when pasting iptables it's better to just use iptables-save (iptables-save actually dumps to stdout, doesn't commit any change if you don't redirect the output to a file), so a helper passing by could have a complete overview (and your current "# grep -vE '^#|^;|^$' server.conf" ). And the configuration client side too..
19:58 < Brutser> seems i messed up iptables pretty much
19:58 < tempus_fol> the official openvpn faq suggest, for that specific error, to double check the actual configuration file
19:59 < Brutser> tempus = bot?
20:00 < burp_> lol
20:00 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Read error: Connection reset by peer]
20:00 < burp_> does he sound too proficiently? :D
20:01 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
20:01 < Brutser> my smart brother not even sound like that :)
20:02 < tempus_fol> I attempt to be a humble helper for a different linux community but tbh openvpn isn't my bread and butter ^^" Thanks anyway
20:03 < burp_> maybe IBM Watson
20:03 < Brutser> that was a compliment really
20:03 < Brutser> iptables: http://pastebin.com/PEEH9fBc
20:06 < Brutser> MULTI: bad source address from client [::], packet dropped
20:06 < tempus_fol> lol I wish I were IBM Watson... you've set many times "POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE" in the nat table... once is enough, and are you sure that 10.10.10.0/24 is correct? It's not what I'd expect...
20:07 < Brutser> let me paste server.conf
20:07 < Brutser> http://pastebin.com/KP1gGK1j
20:07 < tempus_fol> I'd expect a "-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE" (assuming eth0 is correct) but then we need the server.conf as well to double check (and "ifconfig" or better "ip a" )
20:07 < tempus_fol> ninja'd
20:09 < tempus_fol> ok no, you're using "server 10.10.10.0 255.255.255.0" (still one entry in the nat table is enough)
20:12 < Brutser> updated iptables: http://pastebin.com/jFtCKArL
20:13 < Brutser> MULTI: bad source address from client [::], packet dropped
20:13 < Brutser> RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRW
20:14 < Brutser> but i cannot even ping 10.10.10.6 from the server
20:14 < Brutser> and i can also not ping 10.10.10.1 from the client
20:15 < Brutser> and the RRRRRR is not my frustration, but was in the log
20:15 < Brutser> though it could have easily been my frustration too :p
20:17 < tempus_fol> why some lines that were supposed to be grepped out are there? "# sestatus" says that SELinux is disabled, enabled with current mode "permissive" or enabled with current mode "enforcing" ?
20:18 < Brutser> Current mode:                   permissive
20:19 < Brutser> SELinux status:                 enabled
20:22 < tempus_fol> if you have conntrack available, you could just state '-A INPUT -m conntrack --ctstate INVALID -j DROP' rather than...ok, I'll try to rearrange a bit, a sec. In the meanwhile, install the setroubleshoot package and "sealert -a /var/log/audit/audit.log > /path/to/mylog.txt"  (and check if in mylog.txt there's anything relevant for openvpn)
20:23 < Brutser> MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
20:28 < tempus_fol> Ah! "-A INPUT -p udp -m state --state NEW -m udp --dport 22244 -j ACCEPT " why only new? wait one more sec
20:29 < Brutser> ok
20:29 < Brutser> it is all set with a bash script, but i collected lines from 3 bash scripts really
20:30 < Brutser> i can upload the bash script?
20:30 < tempus_fol> the bash script isn't really relevant
20:30 < Brutser> yea ok
20:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
20:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:40 < Brutser> almost done installing setroubleshoot
20:41 < Brutser> i just execute like this? : sealert -a /var/log/audit/audit.log > /root/selinux.txt
20:43 < tempus_fol> yep
20:45 < Brutser> SELinux is preventing /usr/sbin/openvpn from name_bind access on the udp_socket
20:46 < Brutser> and same on tcp_socket
20:46 < tempus_fol> give a look at this basic iptables-save http://pastebin.centos.org/14861/ ; you can import it by echoing to /etc/sysconfig/iptables, and then giving a restart of the openvpn service
20:47 < tempus_fol> sure SELinux complains because you're not using 1194 tcp or udp; see the comment I wrote before
20:48 -!- moparisthebest [~quassel@unaffiliated/moparisthebest] has quit [Ping timeout: 265 seconds]
20:48 < Brutser> ok, the iptables-save you pasted, it not include the ssh port 11122 i seee
20:48 < Brutser> i should put it also there?
20:48 < Brutser> else i cannot access over ssh
20:49 < tempus_fol> sure, add your ssh port, it's just a barebone
20:49 < Brutser> yea ok
20:50 < Brutser> ok iptables done
20:51 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
20:51 < tempus_fol> have you double checked that the newer iptables are loaded with "iptables -L -n -v", "iptables -L -n -v nat" ?
20:52 < tempus_fol> to instruct SELinux for the custom openvpn udp port, step by step: http://pastebin.centos.org/14866/
20:53 < Brutser> i already have that
20:53 < Brutser> semanage port  -l|grep openvpn
20:53 < Brutser> openvpn_port_t                 tcp      1194
20:53 < Brutser> openvpn_port_t                 udp      22244, 1194
20:53 < tempus_fol> ok, restart the openvpn service
20:54 < tempus_fol> double check the server logs when you restart it
20:54 < Brutser> 192.168.68.233:62563 MULTI: bad source address from client [::]
20:54 < Brutser> .233 is client
20:56 < Brutser> ping -6 google.com
20:56 < Brutser> give reply from client
20:56 < tempus_fol> nice, now we have to look at the client config, but here (as I've said before) I have no experience with windows.
20:57 < tempus_fol> If only you could check now with a live distro...
20:57 < Brutser> ok
20:57 < Brutser> i have centos in virtualbox, would that be the same?
20:58 < tempus_fol> obviously no
20:58 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Ping timeout: 255 seconds]
20:58 < Brutser> moment, i think i have kali linux on some usb
20:59 < Brutser> ok it turned out to be backtrack, but that will do
21:00 < tempus_fol> (you can even "burn" a live image on a stick with with dd or (given that you're on windows) with https://github.com/downloads/openSUSE/kiwi/ImageWriter.exe or http://www.netbsd.org/~martin/rawrite32/ , they work with almost any Linux image meant to be burnt)
21:00 <@vpnHelper> Title: Rawrite32 (at www.netbsd.org)
21:00 < tempus_fol> whatever, it will have the openvpn package I guess
21:01 < tempus_fol> you just have to create a configuration file for linux client (it differs from the window one)
21:02 < Brutser> linux distro started
21:02 < Brutser> enabled wifi from the laptop
21:02 < Brutser> now checking to see for openvpn
21:02 < Brutser> ok installed
21:03 < tempus_fol> the "openvpn --version" is on par with the CentOS one?
21:03 < Brutser> 2.1.0
21:03 < Brutser> so not really
21:12 < Brutser> anyway, it is early morning almost
21:12 < Brutser> i need to catch some sleep now
21:12 < Brutser> hope i can fix the problem tomorrow, if you are here, hope you can help me some more
21:13 < Brutser> already i want to thank you for the help so far
21:13 < tempus_fol> the configuration for the client could be http://pastebin.centos.org/14871/
21:13 < tempus_fol> ok, good night and good luck ^^
21:13 < Brutser> ok got the client config
21:13 < Brutser> you won't believe it
21:14 < Brutser> but i restart the server
21:14 < Brutser> and it give some hdd error
21:14 < Brutser> so will need to check on that first thing in morning anyway
21:14 < Brutser> but that is not related i suppose
21:14 < tempus_fol> ...better check
21:14 < Brutser> yes
21:14 < Brutser> thanks so far!
21:15 < tempus_fol> you're welcome
21:15 < Brutser> before my head falls on keyboard: good night!
21:15 < tempus_fol> gn ^^
21:31 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Read error: Connection reset by peer]
21:43 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
21:44 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:49 -!- TommyC [~TommyC@unaffiliated/sepulchralbloom] has joined #openvpn
22:09 < TommyC> Hi, is there a way to exclude certain connections from OpenVPN (e.g. ssh)?
22:12 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
22:17 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
22:59 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Read error: Connection reset by peer]
23:06 < Eugene> !routebyapp
23:06 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on defined
23:06 <@vpnHelper> policies you set. For Linux, read about !lartc
23:08 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 272 seconds]
23:10 < TommyC> Eugene: Danke!
23:11 < TommyC> !lartc
23:11 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
23:12 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
23:33 -!- Denial [~Denial@81.141.0.36] has joined #openvpn
23:35 -!- ShadniX [dagger@p5481CB16.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
23:36 -!- ShadniX [dagger@p5481DE46.dip0.t-ipconnect.de] has joined #openvpn
23:52 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
--- Day changed Sat Jan 03 2015
00:00 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
00:48 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:48 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
00:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:04 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
01:07 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Quit: Leaving]
01:08 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
01:20 -!- IronWard [~zos@unaffiliated/ironward] has joined #openvpn
01:21 -!- heraclitus [~phobos@unaffiliated/heraclitis] has joined #openvpn
01:21 < IronWard> !ovpnuke
01:21 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
01:21 < IronWard> !welcome
01:21 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
01:21 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
01:23 < IronWard> !topology
01:23 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
01:23 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
01:25 < IronWard> !configs
01:25 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
01:25 < IronWard> !sample
01:25 <@vpnHelper> "sample" is (#1) http://www.ircpimps.org/openvpn.configs for a working sample config or (#2) DO NOT use these configs until you understand the commands in them, read up on each first column of the configs in the manpage (see !man) or (#3) these configs are for a basic multi-user vpn, which you can then build upon to add lans or internet redirecting
01:37 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
01:45 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:45 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:26 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 240 seconds]
02:27 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
02:27 -!- mode/#openvpn [+v hazardous] by ChanServ
02:28 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
02:34 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 240 seconds]
02:35 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 256 seconds]
02:37 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
02:41 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
02:41 -!- mode/#openvpn [+v hazardous] by ChanServ
02:45 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Ping timeout: 255 seconds]
03:02 -!- [1]Kiwi [~Kiwi@ip-118-90-34-236.xdsl.xnet.co.nz] has joined #openvpn
03:04 -!- [1]Kiwi [~Kiwi@ip-118-90-34-236.xdsl.xnet.co.nz] has left #openvpn []
03:14 -!- stewi [~quassel@2400:6800:ffff:2:695c:cad6:863a:31f9] has joined #openvpn
03:24 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Ping timeout: 250 seconds]
03:39 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
04:09 -!- stewi [~quassel@2400:6800:ffff:2:695c:cad6:863a:31f9] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
04:10 -!- stewi [~quassel@2400:6800:ffff:2:695c:cad6:863a:31f9] has joined #openvpn
04:47 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:56 < stewi> If I have an SSL secured OpenVPN connection, am I safe to allow completely unencrypted or secured traffic within the VPN. i.e. I have a quassel IRC core running my server, and a client for it on my personal desktop. I connect to the server through the VPN, external traffic to the quassel core is blocked in the firewall. Would it be a waste of my time to configure quassel to use ssl?
04:57 < stewi> I am strictly using quassel as an example
05:03 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Remote host closed the connection]
05:04 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco]
05:04 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:04 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:05 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
05:05 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:05 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:06 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:06 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:06 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:07 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:07 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:07 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:08 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:08 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:09 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:09 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:09 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:10 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:10 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:11 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:11 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:11 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:11 -!- u0m3_ [~u0m3@92.80.69.178] has quit [Read error: Connection reset by peer]
05:12 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:12 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:13 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:13 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:13 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:13 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:14 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:14 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:15 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:15 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:15 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:16 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:16 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:16 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:17 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:17 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:18 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:18 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:18 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:19 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:19 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:20 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:20 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:20 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:21 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:21 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:22 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:22 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:22 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:22 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:23 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:23 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:24 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:24 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:24 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:25 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:25 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:25 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Remote host closed the connection]
05:25 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:26 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:26 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
05:26 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:27 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:27 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:27 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:28 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:28 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:28 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:29 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:29 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:30 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:30 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:30 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:30 -!- IronWard [~zos@unaffiliated/ironward] has left #openvpn ["Leaving"]
05:31 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:31 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:32 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:32 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:32 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:33 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:33 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:33 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:34 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:34 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:34 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:35 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:35 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:36 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:36 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:36 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:37 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:37 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:38 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:38 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:38 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:39 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:39 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:40 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:40 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:40 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:41 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:41 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:41 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:42 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:42 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:42 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:43 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
05:59 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:27 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
06:56 < stewi> I have a problem. I am running an OpenVPN server on my VPS, and I need clients to be able to see and connect to eachother for lan (VPN) gaming
06:56 < stewi> Only some clients are visible from soem other clients
06:57 < stewi> I (.8) can see .16, but not .3 or .5
06:58 < stewi> .3 can see .5, .16 and .8
07:00 < stewi> sorry .3 can see .16 and .8, but not .5
07:01 < stewi> .5 can see .8 and .16 but not .3
07:02 < stewi> yet .3 is hosting a game that .5 is connected to, and noone else can connect?!
07:02 < stewi> What is going on?!
07:03 < stewi> iptables --list:
07:03 < stewi> Chain INPUT (policy DROP)
07:03 < stewi> target     prot opt source               destination
07:03 < stewi> ACCEPT     all  --  anywhere             anywhere
07:03 < stewi> ACCEPT     all  --  anywhere             anywhere
07:03 < stewi> ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
07:03 < stewi> ACCEPT     all  --  anywhere             anywhere             state RELATED
07:03 < stewi> ACCEPT     udp  --  anywhere             anywhere             udp dpt:9987
07:03 < stewi> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:25565
07:03 < stewi> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
07:03 < stewi> ACCEPT     icmp --  anywhere             anywhere
07:03 < stewi> ACCEPT     udp  --  anywhere             anywhere             udp dpt:http-alt
07:03 < stewi> Chain FORWARD (policy ACCEPT)
07:03 < stewi> target     prot opt source               destination
07:03 < stewi> Chain OUTPUT (policy ACCEPT)
07:03 < stewi> target     prot opt source               destination
07:04 < stewi> iptables -t nat --list:
07:05 < stewi> target     prot opt source               destination
07:05 < stewi> Chain INPUT (policy ACCEPT)
07:05 < stewi> target     prot opt source               destination
07:05 < stewi> Chain OUTPUT (policy ACCEPT)
07:05 < stewi> target     prot opt source               destination
07:05 < stewi> Chain POSTROUTING (policy ACCEPT)
07:05 < stewi> target     prot opt source               destination
07:05 < stewi> iptables -t mangle --list:
07:05 < stewi> target     prot opt source               destination
07:05 < stewi> Chain INPUT (policy ACCEPT)
07:05 < stewi> target     prot opt source               destination
07:05 < stewi> Chain FORWARD (policy ACCEPT)
07:05 < stewi> target     prot opt source               destination
07:05 < stewi> Chain OUTPUT (policy ACCEPT)
07:05 < stewi> target     prot opt source               destination
07:06 < stewi> Chain POSTROUTING (policy ACCEPT)
07:06 < stewi> target     prot opt source               destination
07:06 < stewi> the first two rules form iptables filter are for the lo and tap1 interfaces
07:08 < stewi> this is my server.conf:
07:08 < stewi> port 8080
07:08 < stewi> proto udp
07:08 < stewi> dev tap
07:08 < stewi> ca ca.crt
07:08 < stewi> cert server.crt
07:08 < stewi> key server.key  # This file should be kept secret
07:08 < stewi> dh dh2048.pem
07:09 < stewi> server 10.8.0.0 255.255.255.0
07:09 < stewi> ifconfig-pool-persist ipp.txt
07:09 < stewi> push "dhcp-option DNS 8.8.4.4"
07:09 < stewi> push "dhcp-option DNS 8.8.8.8"
07:09 < stewi> client-to-client
07:09 < stewi> keepalive 10 120
07:09 < stewi> persist-key
07:09 < stewi> persist-tun
07:09 < stewi> status openvpn-status.log
07:09 < stewi> verb 3
07:10 < stewi> and client config:
07:10 < stewi> client
07:10 < stewi> dev tap
07:10 < stewi> proto udp
07:10 < stewi> remote lenqua.net 8080
07:10 < stewi> resolv-retry infinite
07:10 < stewi> nobind
07:10 < stewi> persist-key
07:10 < stewi> remote-cert-tls server
07:10 < stewi> verb 3
07:10 < stewi> ca ca.crt
07:10 < stewi> cert cert.crt
07:10 < stewi> key key.key
07:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
07:26 < _FBi> pastebin brah
07:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:29 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
07:30 -!- mode/#openvpn [+v s7r] by ChanServ
07:31 <+s7r> if i connect to an openvpn server via tun device and TCP protocol, can I tunnel UDP traffic via that TCP tunnel also?
07:31 <+s7r> like encapsulate UDP in TCP from me to openvpn server, and openvpn server to destination regular UDP ?
07:36 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
07:37 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:37 < tempus_fol> s7r: sure
07:38 <+s7r> thanks
07:38 <+s7r> one more thing. what iptable rule do i need to add on the openvpn server in order to allow a client to do UPnP port mapping / remote port opening ?
07:39 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Client Quit]
07:58 -!- u0m3 [~u0m3@92.80.69.178] has joined #openvpn
08:21 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
08:37 -!- BenLue [~No@unaffiliated/benlue] has joined #openvpn
08:38 < BenLue> !paste
08:38 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
08:38 < BenLue> !configs
08:38 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
08:43 < BenLue> !logs
08:43 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
08:44 < BenLue> !logfile
08:44 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
08:44 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
08:45 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
08:49 < BenLue> i have some troubles. Openvpn Client is connected after few min i get an TLS Error! syslog: http://paste.debian.net/139039/ cyberghost.conf: http://paste.debian.net/139035/ cyberghost-up: http://paste.debian.net/139036/
08:49 < BenLue> anyone ideas?
09:01 < BenLue> iptables -nL: http://paste.debian.net/139042/
09:04 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
09:04 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
09:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
09:36 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:06 -!- stewi [~quassel@2400:6800:ffff:2:695c:cad6:863a:31f9] has quit [Remote host closed the connection]
10:20 -!- justinzane [~justinzan@67.21.190.132] has quit []
10:25 -!- raidz_away [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 250 seconds]
10:25 <@krzee> BenLue, doesnt look to me like it was connected
10:25 <@krzee> but not enough log to know what happened before
10:28 -!- mattock is now known as mattock_afk
10:29 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
10:29 -!- mode/#openvpn [+o raidz] by ChanServ
10:33 < BenLue> arrrgs damit sry wait a sec pls
10:36 < BenLue> krzee a bit more from syslog: http://paste.debian.net/139050/
10:37 < BenLue> every minute its the same msg
11:15 < Brutser> receive on client: UDPv4 [ECONNREFUSED]: Connection refused (code=111)
11:15 < Brutser> info: http://pastebin.centos.org/14876/
11:16 < Brutser> server CentOS 5.11 - client BackTrack 5 LiveCD / Windows 7
11:20 < Brutser> from Win7 client:
11:20 < Brutser> ping -6 google.com
11:20 < Brutser> Pinging google.com [2a00:1450:4013:c00::66] with 32 bytes of data:
11:20 < Brutser> Reply from 2a00:1450:4013:c00::66: time=43ms
11:20 < Brutser> Reply from 2a00:1450:4013:c00::66: time=52ms
11:20 < Brutser> ping -4 google.com
11:20 < Brutser> Pinging google.com [173.194.65.138] with 32 bytes of data:
11:20 < Brutser> Request timed out.
11:20 < Brutser> Request timed out.
11:21 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:28 -!- Six6siX [~Devil@jasmine.sammybakar.com] has quit [Disconnected by services]
11:30 -!- Six6siX [~Devil@jasmine.sammybakar.com] has joined #openvpn
11:41 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
11:42 -!- james41382 [~james@unaffiliated/james41382] has quit [Quit: Leaving]
11:43 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 244 seconds]
11:44 -!- james41382 [~james@unaffiliated/james41382] has joined #openvpn
11:44 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 276 seconds]
11:46 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
11:47 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
11:49 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
11:50 < Brutser> ok, the ipv6 is probably because the vpn create tunnel on ipv4 and ipv6 traffic is not going over the tunnel
11:50 < Brutser> for some reason
11:50 < Brutser> so that means the tunnel is still rejecting
11:58 -!- stewi [~quassel@203.143.84.86] has joined #openvpn
12:12 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
12:16 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
12:18 -!- tobinski [~tobinski@x2f6158d.dyn.telefonica.de] has joined #openvpn
12:36 -!- james41382 [~james@unaffiliated/james41382] has quit [Ping timeout: 264 seconds]
12:41 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
12:45 -!- james41382 [~james@unaffiliated/james41382] has joined #openvpn
12:47 -!- Brutser [~brutser@d51A48718.access.telenet.be] has quit []
13:26 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: ["Textual IRC Client: www.textualapp.com"]]
13:27 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:33 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 265 seconds]
14:10 <@krzee> BenLue, maybe firewall on tun interface?
14:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
14:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:54 -!- he_bgb5 [~1badb0y@98.206.248.96] has joined #openvpn
14:54 < he_bgb5> howdy all
14:54 < he_bgb5> first time visitor
14:55 < he_bgb5> Downloaded bitmask to android but not sure its working properly. Any helpers?
14:56 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
15:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:04 <+s7r> he_bgb5 never used bitmask
15:04 <+s7r> what's its use anwyay?
15:04 <+s7r> seams like it's badly documented
15:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
15:06 < he_bgb5> vpn
15:06 <+s7r> how is it any different  / better than using simple openvpn ?
15:07 < he_bgb5> s7r Bitmask is a VPN joined through riseup.net
15:07 < he_bgb5> supposed to be the most secure by what I've read.
15:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:10 < he_bgb5> !goal is to build a secure pendrive for anonymous surfing and Tor purchases. Just starting the learning process. Comcast is my ISP so anything trouble I can avoid where they're concerned is paramount.
15:11 < he_bgb5> s7r maybe I'm to paranoid but...
15:12 <+s7r> hehe
15:12 <+s7r> better of using Tor
15:15 < he_bgb5> s7r I thought I'd need to run Tor through a VPN or Virtualbox or something...is this needed?
15:15 <@plaisthos> !providers
15:15 <@plaisthos> !commercial
15:15 <@vpnHelper> "commercial" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc
15:15 <@plaisthos> not that one
15:15 <@plaisthos> !support
15:16 < he_bgb5> ok
15:16 < he_bgb5> <--noob
15:16 <+s7r> he_bgb5 no, why pay for it? if you want to hide the fact that you use Tor, better use a bridge
15:16 <+s7r> bridges are free: https://bridges.torproject.org/
15:16 <@vpnHelper> Title: BridgeDB (at bridges.torproject.org)
15:17 < he_bgb5> Lost to learn!! Any blogs...?
15:17 < he_bgb5> lots to learn
15:17 < he_bgb5> No need for VPN than?
15:18 < he_bgb5> just bridges?
15:18 <+s7r> depends on your purpose
15:18 <+s7r> and usemodel
15:19 < he_bgb5> purchasing overseas medication for my disabled niece with bitcoin(which I'm still reading about)
15:19 -!- _KaszpiR__ is now known as _KaszpiR_
15:19 < he_bgb5> She is allergic to the medications in the states
15:20 < he_bgb5> suffered a spinal cord injury lat year...19 years old.
15:21 < he_bgb5> s7r purpose now stated. What advice do you have on set up? Step by step please...noob.
15:23 <+s7r> download tor browser and use it with bridges to obfuscate the fact that you use Tor.
15:23 <+s7r> everything free, nothing required
15:23 < he_bgb5> I have an old Evo N400c 400MB Ram / 20 gb hdd I'd use as a throw away for these needs. Ready to wipe drive and start fresh but lost on os, virtualbox, ssh, etc.
15:23 <+s7r> just be careful how you place your orders and what else you do with Tor simultaneously in order not to leak your real identity
15:24 <+s7r> if you have an old pc for this purpose, why do you need also virtualization?
15:24 <+s7r> install the operating system on bare metal and run Tor
15:24 < he_bgb5> lol ok
15:24 < he_bgb5> not just noob. Paranoid noob.
15:24 <+s7r> you don't need to worry
15:25 <+s7r> just encrypt your hard drive
15:25 <+s7r> FULLY
15:25 <+s7r> and use a strong passphrase
15:25 <+s7r> download Tor Browser, it's like a portable firefox. at first in that menu select that you want to use bridges, and use an obfs3 type bridge.
15:25 <+s7r> that's all you need to do. browse safe and anonymous
15:26 <+s7r> but pay attention to your operational security, don't do stupid things like for example open your real email address in one tab and in second tab place the order with bitcoins
15:26 <+s7r> or your facebook account
15:27 < he_bgb5> I have no operating system disks that will run on the Evo, been looking into puppy, tahrpuppy 6.0 wont load properly...
15:27 < he_bgb5> it included tor
15:27 < he_bgb5> I would never use the Evo for anything but tor
15:28 < he_bgb5> s7r ty for the advice btw
15:28 <+s7r> he_bgb5 i'll give you a better one and spare you the encryption effort
15:29 <+s7r> use Tails, it's a live linux distribution which runs from a flashdrive or a DVD, and routes everything via Tor
15:29 <+s7r> it's very secure and has a lot of encryption tools included in it
15:29 <+s7r> https://tails.boum.org/
15:29 <@vpnHelper> Title: Tails - Privacy for anyone anywhere (at tails.boum.org)
15:30 <+s7r> this is basically something for non tech people who are vulnerable to make mistakes and have the real IP disclosed. like install stuff, open attachments.
15:30 <+s7r> this linux distro has everything covered for you
15:35 < he_bgb5> thank you
15:59 -!- james41382 [~james@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
16:51 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has quit [Ping timeout: 250 seconds]
16:54 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has joined #openvpn
17:03 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
17:09 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
17:25 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
17:46 -!- jrg [jrg@unaffiliated/jrg] has joined #openvpn
17:54 -!- james41382 [~james@unaffiliated/james41382] has joined #openvpn
17:57 < he_bgb5> Testing
18:18 -!- he_bgb5 [~1badb0y@98.206.248.96] has quit [Quit: Leaving]
18:26 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:39 -!- BenLue [~No@unaffiliated/benlue] has quit []
18:40 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:94c3:c835:4c38:5077] has joined #openvpn
18:50 -!- tobinski [~tobinski@x2f6158d.dyn.telefonica.de] has quit [Quit: Leaving]
19:02 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
19:09 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
19:49 -!- heraclitus [~phobos@unaffiliated/heraclitis] has quit [Ping timeout: 245 seconds]
20:14 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
20:33 -!- RGamma [~RGamma@ip-84-118-23-37.unity-media.net] has quit [Read error: Connection reset by peer]
20:34 -!- RGamma [~RGamma@ip-84-118-23-37.unity-media.net] has joined #openvpn
20:35 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
20:44 -!- nrdb [~neil@123.185.168.125.sta.wbroadband.net.au] has joined #openvpn
20:47 <@Dougy> evening lads
20:47 <@Dougy> what the . when did i get ops
20:47 < esde> lol
20:48 < nrdb> I am trying to setup a openvpn between two VMs (as a test) ... I keep getting "TLS Error: TLS handshake failed" on the client ... I have confirmed that the ta.key file is the same on both setups... I have confirmed that there are no filewalls involved .. and the "tls-auth ta.key 0" and "tls-auth ta.key 1" seem to be correct ... any ideas on what could be wrong?
20:48 <@Dougy> 10:34:08             -- | Mode #openvpn [+o Dougy] by ecrist
20:48  * Dougy feels empowered
20:49  * Dougy waves at raidz
20:49 < esde> ta.key are the same file on server and client, and are readable by openvpn?
20:50 < nrdb> esde, yes .. its permissions "-rw-r--r-- 1 root root  636 Jan  4 12:31 ta.key"
20:51 < pekster> the tls-auth key isn't related to TLS at all beyond "allowing it to continue"
20:52 < pekster> It's merely an extra level of protection to provide security even if the cipher-suite you're using is (partially) compromised in the future, and as a basic ddos protection. Use --verb 4 on both sides and review the errors from both ends
20:52 < esde> iirc 600 is all that's needed for the tls auth key file
21:01 < nrdb> pekster, would you like me to pastebin the verb=4 output?  I don't understand most of it.
21:04 < nrdb> pekster, one thing odd is the last message on the server is "Initialization Sequence Completed"  ... there is no indication that the client tried to connect.
21:07 < pekster> Sounds like either packets aren't making it to the server, or your tls-auth key isn't exactly the same on both ends
21:08 < pekster> verb-4 output from the client should confirm that though
21:21 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
21:24 < nrdb> pekster, diff says the files are the same....
21:25 < pekster> easy enough to see if packets are arriving: tcpdump the port you're using on the server and watch for packets (udp/1194, or such)
21:37 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 265 seconds]
21:40 < nrdb> pekster, the tcpdump is showing packets comming in (but none seem to be going out)
21:43 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
21:45 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
21:46 < pekster> If you've no 'initial packet received' message on the server, either 1) your tls-auth key doesn't match (or the direction-arg is bad,) or 2) server has a firewall and the packet doesn't make it to the server
22:26 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:44 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
22:44 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
22:45 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
22:45 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
23:16 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Quit: Leaving]
23:28 < nrdb> pekster, I found out what was wrong :-)
23:31 < _FBi> sup dougy
23:31 < _FBi> hiya pekster
23:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 240 seconds]
23:34 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
23:35 -!- ShadniX [dagger@p5481DE46.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
23:36 -!- ShadniX [dagger@p5481D978.dip0.t-ipconnect.de] has joined #openvpn
23:37 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
23:38 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
23:53 < nrdb> Is there a limit to how many openvpn servers can run on a single computer (ignoring the limit on port numbers)
23:57 < _FBi> and ram
23:57 < _FBi> and processor power
--- Day changed Sun Jan 04 2015
00:02 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:14 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Quit: Leaving]
00:26 -!- not_phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
00:32 < stewi> If I wanted to play lan games over the VPN, with broadcasts getting through the VPN (lan game discovery, rather than trying to find ip and port manually), would I want tap or tun, and would I need any special configuration to allow broadcasts through?
00:33 < stewi> I have been at this for over a week now, and I can't even ping some clients from the server.
00:33 < _FBi> :S
00:33 < _FBi> !tap
00:33 <@vpnHelper> "tap" is (#1) "bridge" is (#1) http://openvpn.net/index.php/documentation/faq.html#bridge1, or (#2) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html, or (#3) Bridging looks like a good choice to people who don't know how to set up IP routing, but to learn routing is generally far better., or (#4) useful for windows sharing (without wins server) and LAN gaming, anything
00:33 <@vpnHelper> where the protocol uses MAC addresses instead of IP addresses. or (#2) For tun/tap and route/bridge comparing, see https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
00:33 < _FBi> ;)
00:34 < stewi> thanks, but it ethernet bridging not for connecting a VPN to a phisical lan? Like in a busness setting?
00:34 < stewi> I am running off a VPS
00:35 < stewi> I will be using routing
00:37 < _FBi> boss is here, gotta jet
00:41 < stewi> My VPS is not a DHCP server, nor is it a gatway for a phisical subnet. How can I bridge? My VPS eth0 is connected directly to the internet, no LAN at all to bridge to?
00:41 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
01:03 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 244 seconds]
01:04 -!- stewi [~quassel@203.143.84.86] has quit [Quit: No Ping reply in 180 seconds.]
01:04 <@krzee> can do a routed tap if you only need broadcasts between vpn endpoints
01:05 <@krzee> _FBi's answer on bridging was assuming the game server is on the same lan as the server
01:05 <@krzee> !whybridge
01:05 <@vpnHelper> "whybridge" is (#1) you only bridge if you want layer2 to the lan. if you want layer2 only between vpn nodes then routed tap is enough. if you only want layer3 use tun. or (#2) See this URL for a more in-depth discussion on bridging vs routing: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting or (#3) See also !tunortap
01:05 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
01:05 -!- mode/#openvpn [+v hazardous] by ChanServ
01:06 <@krzee> i know broadcasts are l3, but tun doesnt do broadcasts
01:06 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 245 seconds]
01:06 <@krzee> but there is always:
01:06 -!- stewi [~quassel@2400:6800:ffff:2:fdca:4dda:1a6:52a3] has joined #openvpn
01:06 <@krzee> !bcrelay
01:06 <@krzee> !broadcasts
01:06 <@krzee> !factoids search --values broadcast
01:06 <@vpnHelper> 'broadcast-relay', 'bcast', and 'bcast'
01:06 <@krzee> !bcast
01:06 <@vpnHelper> "bcast" is (#1) pptp source tree has bcrelay in it, bcrelay can be used to relay broadcasts over a tun setup or (#2) http://www.hanksoft.de/service/46-udpbroadcastforwarder seems to be a windows program for relaying bcast (use google translate if needed)
01:07 <@krzee> !broadcast-relay
01:07 <@vpnHelper> "broadcast-relay" is a software that comes with pptp. use it in tun mode when needing broadcasts, and WINS isnt enough.
01:09 < nrdb> Is it possible to set the MAC address of the tap interface so it does change?
01:09  * nrdb oops s/does/doesn't/
01:09 <@krzee> whatever you are hoping to do based on that, DONT
01:10 <@krzee> and no.
01:12 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
01:13 < nrdb> krzee, rats!
01:27 < stewi> Let me get this straight, ethernet briging is for connectige two subnets (including VPN) togeather, and is no help to me, trying to set up a VPN to play lan games exclusively over the VPN
01:27 < stewi> connecting*
01:27 < stewi> together*
01:29 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:41 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:54 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
01:54 -!- not_phunyguy is now known as phunyguy
02:44 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
03:06 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
03:09 -!- MACscr [~Adium@2601:d:c800:de3:b96b:9a2d:7865:a240] has joined #openvpn
03:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:53 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Remote host closed the connection]
03:54 -!- stewi [~quassel@2400:6800:ffff:2:fdca:4dda:1a6:52a3] has quit [Remote host closed the connection]
03:57 -!- Latrina [~Latrina@ppp-111-3.26-151.libero.it] has quit [Ping timeout: 245 seconds]
03:59 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
04:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:00 -!- Latrina [~Latrina@adsl-ull-202-194.50-151.net24.it] has joined #openvpn
04:13 -!- tobinski [~tobinski@x2f5f427.dyn.telefonica.de] has joined #openvpn
04:15 < novae> Anyone know what the openvpn configuration equivelents are for VyOS's 'tls role'?
04:17 < novae> Struggling to setup a series of point to point (site-to-site) links between a router and some linux boxes, the links were functional linux to linux but i can't seem to work out how to configure the router the same.
04:18 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:18 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:19 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:43 -!- jrg [jrg@unaffiliated/jrg] has left #openvpn []
04:46 < novae> Solved. :)
04:47 < novae> For interests sake 'tls role' refers to tls-client/server. And was NOT in the end the source of my misconfiguration
05:35 <@plaisthos> Orbixx: tls-client/tls-server
05:48 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 244 seconds]
05:48 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:54 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
06:16 -!- stewi [~quassel@203.143.84.86] has joined #openvpn
06:16 -!- Latrina [~Latrina@adsl-ull-202-194.50-151.net24.it] has quit [Ping timeout: 245 seconds]
06:20 -!- Latrina [~Latrina@151.56.181.67] has joined #openvpn
07:03 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 240 seconds]
07:05 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
07:21 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
07:45 -!- tempus_fol [~tempus@gateway/tor-sasl/foltempus] has quit [Remote host closed the connection]
07:46 -!- tempus_fol [~tempus@gateway/tor-sasl/foltempus] has joined #openvpn
08:32 -!- gffa [~unknown@unaffiliated/gffa] has quit [Ping timeout: 265 seconds]
08:33 -!- master_of_master [~master_of@p4FF24914.dip0.t-ipconnect.de] has joined #openvpn
08:34 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
08:35 < master_of_master> hi, I'd like to know if it is possible to route two networks between vpn clients?
08:37 < master_of_master> route add -net 172.16.3.0/24 gw 10.8.0.114 dev tun0 leads to "SIOCADDRT: No such process"
09:37 < nrdb> master_of_master, yes it is possible... but remember the packets not only need to get to the destination, but there also needs to be return route as well.
09:38 < master_of_master> nrdb: sure :-) I need also to add a route on the other side. But there "ip route add 192.168.10.0/24 via 10.8.0.110 dev tun0" returns "RTNETLINK answers: Network is unreachable"
09:38 < nrdb> I have on used a setup where 10.8.0.0/24 is at my home 10.7.0.0/24 is the vpn and whatever the DHCP is configured to when I am away.
09:40 < nrdb> can you ping 10.8.0.110 from the 192.168.10.0 net?
09:41 < master_of_master> if I am pinging from the router yes.
09:41 < master_of_master> here my route -n output: http://pastebin.com/sHM1yLmA
09:42 < nrdb> my setup uses "route add -net 10.8.0.0/24 gw 10.7.0.1" without the "dev tun0"
09:42 < nrdb> master_of_master, that is Linux ... what are you using?
09:42 < master_of_master> yes, that is debian Linux
09:43 < master_of_master> well I  think what I'm trying is a bit different
09:43 < master_of_master> the VPN server (10.8.0.1) shouldn't be involved, or?
09:46 < master_of_master> or do I need to set up a client specific push rule on the server?
09:46 < nrdb> I haven't
09:47 < nrdb> but the client2 setup seems sus... what is the vpn there you say 10.8.0.114 but use 10.8.0.113
09:49 < nrdb> use ping and tcpdump moving along the chain of I.P.s one at a time.
09:50 -!- JackWinter [~jack@vodsl-4724.vo.lu] has joined #openvpn
09:50 -!- JackWinter_ [~jack@vodsl-11198.vo.lu] has quit [Ping timeout: 272 seconds]
09:50 < master_of_master> 10.8.0.112/30 is the openvpn tun subnet?
09:53 < nrdb> you realise this only give 2 usable addresses 10.8.0.113 and 10.8.0.114
09:53 -!- ChromeShrimp [~chromey@gateway/tor-sasl/chromeshrimp] has joined #openvpn
09:55 < nrdb> the address you gave in client1 is out of this range.
09:59 < master_of_master> well, that is how the openvpn server deligates the ip addresses
09:59 < master_of_master> each client gets its own /30 subnet
10:01 < nrdb> I am using two openvpn setups ... 10.7.0.0/24 and 10.0.0.0/16
10:02 < nrdb> confirmed by ifconfig
10:03 < nrdb> its the ip address that is reported by ifconfig that needs to be in the routing table.
10:04 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://hallowe.lt/]
10:05 < master_of_master> well, this setup is working since years. And I can ping from 10.8.0.110 to .114
10:07 < ChromeShrimp> how can i change the limit of clients connect its saying i can only have max 2 clients and giving me some error?
10:09 < ChromeShrimp> about a license
10:11 < nrdb> one of my server.conf file has the "server 10.0.0.0 255.255.0.0" line...
10:11 < master_of_master> nrdb: I use server 10.8.0.0 255.255.255.0
10:12 < master_of_master> additionally there is a push "route 10.8.0.0 255.255.255.0"
10:12 < nrdb> master_of_master, so its a /24 setup
10:13 < master_of_master> yes, the server  uses that /24 net. But each client gets its own /30 subnet out of that
10:13 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
10:15 < nrdb> maybe yes/maybe no... but it not of any consequence .... it the I.P. of the tun/tap interface that is important
10:16 < nrdb> otherwise the ARP request packets that are broadcast wont be answered properly.
10:16 < master_of_master> yes, and I thought that it is simple possible to send all traffic for that certain subnet to that ip address in the vpn.
10:16 -!- mode/#openvpn [+e *!*~qizhez@95.211.224.45] by krzee
10:19 < nrdb> my main VPN is run in a VM (so I can reset it if needed) its LAN IP is 10.8.0.101 so that is why my route for the 10.7.0.0/24 network points to that IP.
10:20 -!- mode/#openvpn [+e *!*qizhez@95.211.224.45] by krzee
10:21 < nrdb> I think you have too many routes pointing to tun0 ... that might some of your trouble.
10:21 -!- mode/#openvpn [-r] by krzee
10:21 -!- _bt [~bt@mongs.yotm.com] has joined #openvpn
10:22 -!- qizhez [~qizhez@95.211.224.45] has joined #openvpn
10:22 < ChromeShrimp> !ovpnuke
10:22 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
10:22 -!- mode/#openvpn [+r] by krzee
10:22 < ChromeShrimp> !poodle
10:22 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
10:22 < ChromeShrimp> !heartbleed
10:22 <@vpnHelper> "heartbleed" is (#1) only affects OpenSSL 1.0.1 through 1.0.1f. Does not affect polarssl or (#2) if running vuln openssl then both client and server keys not protected by tls-auth should be considered compromised. or (#3) android 4.1.2_r1 is the first one to have -DOPENSSL_NO_HEARTBEATS and it is still in master. android 4.1 and 4.1.1 are probably affected. or (#4)
10:22 <@vpnHelper> https://community.openvpn.net/openvpn/wiki/heartbleed or (#5) http://xkcd.com/1354/
10:23 -!- mode/#openvpn [-e *!*qizhez@95.211.224.45] by krzee
10:23 -!- mode/#openvpn [-e *!*~qizhez@95.211.224.45] by krzee
10:24 < ChromeShrimp> !welcome
10:24 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
10:24 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:24 < qizhez> does anybody here know anything about a precisely five hour (300min) window between softhups and complete reconnections?
10:24 <@plaisthos> no
10:24 <@plaisthos> but tls renogiation is 1h
10:25 < master_of_master> nrdb: I think the fact, that 10.8.0.113 is used as router to 10.8.0.0/24 causes the problem. I would need to stack two routes onto each other...
10:25 < qizhez> yeah tls is fine. that doesnt seem to be the problem. this is on android client (arnes) and seems to be totally server agnostic
10:26 < ChromeShrimp> !howto
10:26 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
10:28 < nrdb> so you have a computer (running openvpn) with the 10.8.0.113 IP?  what is the network range of the LAN there
10:28 <@plaisthos> qizhez: can you show the log of connection?
10:28 <@plaisthos> qizhez: use the share button to export the log
10:28 <@plaisthos> I never seen that
10:29 < qizhez> plaisthos yes give me a minute. i have a bunch
10:31 < nrdb> master_of_master, the route on the other LAN computers needs to have a gateway IP of the LAN IP of the computer running openvpn
10:31 < master_of_master> nrdb: no  the ip of that vpn client is .114
10:31 < qizhez> i dont have a ßhare button. im on a crappy android client. i can privmsg but theres nothing spectacular. it just compeĺetely softhups and restarts every five hours like clockwork.
10:31 < master_of_master> nrdb: 192.168.178.0/24
10:32 < master_of_master> and 172.16.3.0/24 (via vlan3 interface)
10:32 <@krzee> if you're using arne's android client then a) not crappy , b) theres a share button when at the logs
10:35 <@plaisthos> qizhez: you should have
10:35 <@plaisthos> qizhez: are you in the log window?
10:35 <@plaisthos> and see the faq about the share button :)
10:35 < nrdb> master_of_master, so the other computers on that LAN need to have one route for the 10.8.0.0/24 with a gateway of that computer 10.8.0.x IP
10:36 <@plaisthos> https://code.google.com/p/ics-openvpn/wiki/FAQ
10:36 <@vpnHelper> Title: FAQ - ics-openvpn - Openvpn for Android 4.0+ - Google Project Hosting (at code.google.com)
10:36 <@plaisthos> copying log entries
10:36 < qizhez> oh there. i clear those every few hrs lemme check if it happened since the last. ive just been copypasting to tfiles
10:37 < qizhez> plaisthos those do give out a ton of ptivate info tho ;p
10:37 <@plaisthos> qizhez: hardware button? :)
10:37 < qizhez> no my irc client is crappy. arnes client is awesome
10:37 < nrdb> master_of_master, what is the vlan3 network... is that you wi-fi
10:38 < qizhez> sorry very hard to multitask on here. minute.
10:38 < master_of_master> nrdb: well, the computer on the local network use 172.16.3.1 (==10.8.0.114) as default gateway
10:39 < qizhez> the next is due in under an hour but i have one from earlier today. lemme dig up.
10:39 < master_of_master> the problem is not yet on the clients in the local network
10:39 < master_of_master> it is already when I want to add the route to the gateway
10:39 -!- ChromeShrimp [~chromey@gateway/tor-sasl/chromeshrimp] has left #openvpn []
10:44 <@plaisthos> qizhez: you can send the log privately if you want
10:45 < qizhez> i cannot find this mystery button. fwiw i disabled google on here and grab apks via plai.de
10:45 < nrdb> master_of_master, it 3:40AM here I need sleep... I think you need to first get rid of the "push route" in the openvpn config .. simplify the routes to there minimum .. traceroute or ping .. get each step working ... don't try to get it all working at once... once you know what is needed try putting the "push routes" back in the config files.
10:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
10:47 <@plaisthos> qizhez: tried your hardware menu key?
10:47 < nrdb> master_of_master, tcpdump filtering for icmp (i.e. ping) packets is very handy too.
10:48 < qizhez> yah doesnt do anything
10:48 < master_of_master> nrdb: thanks for your help! I'll look into client specific config
10:48 <@plaisthos> qizhez: in the log window, there share button should be either a share thing directly in the log window or in the overflow menu
10:48 <@plaisthos> on some devices you need the hw button for the overflow menu
10:49 <@plaisthos> qizhez: the apks on plaisthos.de are identical to the play store apks
10:49 -!- Six6siX [~Devil@jasmine.sammybakar.com] has quit [Read error: Connection reset by peer]
10:49 < qizhez> im on a large screen phone w hardware keys but nada pulls up for that
10:49 < qizhez> well theres the android stock share bit
10:50 < qizhez> but as i said its not in my current log (yet) anyway
10:50 -!- Yoder [~Yoda@unaffiliated/itsyoda] has quit [Quit: YourBNC - (https://yourbnc.co.uk)]
10:50 -!- Six6siX [~Devil@jasmine.sammybakar.com] has joined #openvpn
10:50 <@plaisthos> qizhez: yeah I meant the stock android share bit
10:50 < qizhez> itll be in 30 mins when i get dxed hehe
10:51 -!- `Yoda [~Yoda@unaffiliated/itsyoda] has joined #openvpn
10:52 < qizhez> i mean theres nothing to share to that applies either anyway
10:53 <@plaisthos> there should plently options
10:53 <@plaisthos> like drive, email, dropbox, your pastebin android client, sms, ....
10:53 <@Dougy> hi _FBi
10:56 -!- nrdb [~neil@123.185.168.125.sta.wbroadband.net.au] has quit [Remote host closed the connection]
10:57 < qizhez> yeah all those things i disabled because they invade privacy amd leak ip and stuff? lol. i can pastebin manually ;)
10:57 < qizhez> <3 dougie
10:57 < qizhez> dougy that is
10:58 < qizhez> it does strike me i havent tried on wifi only mobile
10:58 < qizhez> since i dont use wifi
10:59 <@Dougy> wut
10:59 <@Dougy> why am i getting some loving
10:59 < qizhez> sorry at this point waiting for it to dx me. i shall rejoin after and pass new log. what i have isnt useful.
10:59 < qizhez> hah i thought you were agreeing all those share methods were sending my vpn info to the fbi ;p
11:00 <@Dougy> oh no
11:00 <@Dougy> i was saying hi to _FBi lol
11:00 < qizhez> id think it might be a carrier issue but ive had it on at least two networks
11:01 < qizhez> i say hi to fbi every day .... even here i bet :)
11:01 < qizhez> not a fan kf the new leaked docs
11:02 < qizhez> about nine minutes more.... la la la
11:04 < qizhez> only somewhat related but when it does reconnect it first tries to pass thru tun0 insteam of ccmi0 as it should (tun0 is tor transproxy and limited to afew apps but it doesnt try to send to localhost or block. it tries to send to the vpn server ip.
11:04 < qizhez> this is for tcp
11:04 < qizhez> and tun
11:04 < qizhez> (persist)
11:07 -!- qizhez [~qizhez@95.211.224.45] has quit [Quit: AndroidIrc Disconnecting]
11:09 -!- mode/#openvpn [-r] by krzee
11:09 -!- qizhez [~qizhez@95.211.224.44] has joined #openvpn
11:09 -!- mode/#openvpn [+r] by krzee
11:19 < qizhez> thanks
11:20 < qizhez> plaisthos get pm? just wanna make sure after flood
11:20 <@plaisthos> qizhez: yes
11:20 <@plaisthos> qizhez: your problem is this line:
11:20 <@plaisthos> 2015-01-04 18:04:55 read TCP_CLIENT [NO-INFO]: Connection timed out (code=110)
11:20 <@plaisthos> that mens your tcp connection is broken
11:21 < qizhez> yes but im not sure why. the connectivity is fine and theres no setting to time it out
11:21 <@plaisthos> qizhez: mobile data or wifi?
11:21 < qizhez> mobile. two diff carriers.
11:22 < qizhez> ymy only other thought was they forbid persistent connections longer than five hours but ive had udp last longer a few times
11:22 <@plaisthos> timeouts for udp might be different
11:22 < qizhez> and ive had nonvpn be fine for more than that
11:22 <@plaisthos> but it is probably the nat in between
11:22 <@plaisthos> it is at least nothing openvpn specific
11:22 < qizhez> yeah i considered that.
11:23 < qizhez> thr other problem is :)
11:23 < qizhez> which ive capped
11:32 < qizhez> hm short of uploading a pic im unable to show you but i can tell you
11:32 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has quit [Ping timeout: 264 seconds]
11:33 < qizhez> basically when it renegotiates it first tries tun0 to renegotiate then connects thru ccmni0
11:33 <@plaisthos> !?
11:33 <@plaisthos> tls renegoation or what?
11:34 <@plaisthos> ccmni0 is your mobile interface?
11:34 < qizhez> tun0 typicalky being where orbot resides but i turned it off to verify thats not it. couldnt be anyway. doesnt transproxy. uses the vpn ip, proto and prt
11:34 < qizhez> yeah ccmni0 usually unless i switch vpn connections then obv it chamges to ccmni1 etc
11:35 < qizhez> never saw it before the current version. used to use .16 iirc but maybe that was just a fluke
11:36 < qizhez> the dns part always drive me nuts but i cant make heads or tails of it trying to use tun and that has to be the client. using logcat via root with network log
11:37 < qizhez> dns part if i dont hard code ip instead of a fqdn. but thats not a flaw in your app obv. the tun thing i have no idea
11:37 <@plaisthos> openvpn request dns from android
11:37 <@plaisthos> and well that happens to user whatever interface it thinks is best at the meoment
11:37 < qizhez> anyway orbot doesnt proxy all either and firewall doesnt block as tho it were orbot
11:38 < qizhez> yeah not worries about the dns. i may tweak a commit/bramch some time tho to offer you maybe if.i find time. the other thing is strange tho.
11:40 < qizhez> any ideas?
11:41 <@plaisthos> I am still not sure what your problem is
11:41 < qizhez> like afaik tun shoukdnt even exist at all at that point. its almost snake eating its own tailing
11:41 <@plaisthos> dns queries over your mobile interface?
11:41 <@plaisthos> qizhez: persistent-tun?
11:41 < qizhez> no nothing to do with dns
11:41 < qizhez> that was something else
11:42 < qizhez> except it never happened before with persistent tun afaik
11:42 < qizhez> if its just a quirk i can live with it its just weird i guess
11:44 < qizhez> anyway im grateful for the time youve given me.... is there any dev or support or any sort of help i can offer? im pretty good at some stuff.
11:46 < qizhez> i think i came on to find out if thesse were "only me" problems or not so i could narrow things down. you pretty much confirmed what id hoped wasnt but suspected was thebproblem with the first issje
11:48 < qizhez> it does give me ideas tho about the possibility of maybe adding randomisation for people whose carriers might do this... persistent tun might protect against leaks but if someone always drops and comes back like clockwork that sorta ssems like a predictabilitybweakness to me and i wonder if it can be gotten around. esp if you use tor on top etc.
11:48 -!- `Yoda [~Yoda@unaffiliated/itsyoda] has quit [Quit: YourBNC - (https://yourbnc.co.uk)]
11:50 -!- `Yoda [Yoda@unaffiliated/itsyoda] has joined #openvpn
11:50 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
11:52 < qizhez> good night
11:54 -!- qizhez [~qizhez@95.211.224.44] has quit [Quit: AndroidIrc Disconnecting]
12:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.1-dev]
12:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:16 -!- Latrina [~Latrina@151.56.181.67] has quit [Ping timeout: 245 seconds]
12:20 -!- Latrina [~Latrina@adsl-ull-31-216.50-151.net24.it] has joined #openvpn
12:53 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has joined #openvpn
13:29 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
13:31 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
13:37 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Read error: Connection reset by peer]
13:38 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
13:41 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
13:43 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 240 seconds]
13:46 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
15:17 -!- `Yoda is now known as Yoder
15:18 -!- Yoder is now known as Yoderp
15:40 -!- evelea [~evelea@5469881C.cm-12-2c.dynamic.ziggo.nl] has joined #openvpn
15:40 < evelea> hi
15:41 < evelea> i'm having problems configuring openvpn, the server is a windows machine and the client is a mac
15:41 < evelea> i'm getting the following error: "This computer's apparent public IP address was not different after connecting to "
15:42 < evelea> is anyone around that could help me?
15:43 < evelea> !paste
15:43 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
15:44 < evelea> ping :)
15:46 < evelea> anyone around?
15:50 -!- flyingkiwi [~kiwi@nat.hamburg.contentfleet.com] has quit [Remote host closed the connection]
15:50 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
15:52 -!- Latrina [~Latrina@adsl-ull-31-216.50-151.net24.it] has quit [Ping timeout: 244 seconds]
15:52 < evelea> nobody? :(
15:54 < KjetilK> evelea, you probably need to wait for a white, but make sure you read all of the topic and what help that could give you
15:55 < evelea> KjetilK, I've been reading forums and help files for the past 3 hours
15:55 < evelea> before entering this chat channel
15:55 < esde> !goal
15:55 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:56 < esde> Also, you will wait until a user is available to help. Otherwise
15:56 < esde> !commercial
15:56 < evelea> II would like to access the internet over my vpn :)
15:56 <@vpnHelper> "commercial" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc
15:56 < esde> !redirect
15:56 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
15:56 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
15:56 < esde> should be everything you need.
15:56 < evelea> !def1
15:56 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
15:57 < KjetilK> evelea, I find it helpful to think carefully about my questions, as it helps pin down the problem
15:57 < evelea> i tried to push redirect-gateway def1 and it stopped working
15:58 < esde> !ipforward
15:58 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
15:58 < KjetilK> I came in here as a complete newbie last Saturday, and got almost to the core of my problem by just the automated messages
15:58 < evelea> that works, the client connects to the server
15:58 < evelea> ah, not port forward but ip.. lemme read that
15:58 < evelea> !winipforward
15:58 <@vpnHelper> "winipforward" is (#1) http://support.microsoft.com/kb/315236 to enable ip forwarding on windows or (#2) reboot after enabling it
16:00 < evelea> KjetilK, as I said, I have been trying to get it working for the past 3 hours.. I like to troubleshoot problems myself
16:01 < evelea> this one, though... can't get it to work and seems every single thing I try breaks things even worse
16:02 < esde> https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide
16:02 <@vpnHelper> Title: Easy_Windows_Guide – OpenVPN Community (at community.openvpn.net)
16:02 < evelea> yup, that's the one I followed
16:02 < evelea> the client connects to the server
16:02 < esde> I (thankfully) don't personally have any experience provisioning openvpn on windows
16:03 < esde> go grab a snack and come back to it with a fresh head
16:04 < evelea> if it will be faster, I don't even mind paying a few bucks (via paypal) for beer for the one that helps me get it done
16:05 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:30 < evelea> ok, so.. bribe does not work ;)
16:36 -!- maxiepax [max@83.241.146.10] has joined #openvpn
16:38 < maxiepax> anyone have an opinion on the "safety" of just using local auth instead of "proper" certificates?
16:40 -!- Latrina [~Latrina@ppp-39-38.26-151.libero.it] has joined #openvpn
16:48 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 265 seconds]
16:56 < esde> this looks like a fun project http://acksyn.org/docs/smart-cards-openvpn.html
17:05 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
17:06 -!- evelea [~evelea@5469881C.cm-12-2c.dynamic.ziggo.nl] has quit [Quit: Leaving]
17:28 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
17:37 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 244 seconds]
17:43 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
17:51 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
18:00 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
18:26 -!- tobinski [~tobinski@x2f5f427.dyn.telefonica.de] has quit [Quit: Leaving]
19:10 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
19:25 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Quit: Leaving]
19:33 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
19:40 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Quit: ZNC - http://znc.sourceforge.net]
19:43 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
19:50 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
19:50 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:23 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:52 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 244 seconds]
21:53 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
21:54 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
22:22 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
22:22 < ljvb> yo
23:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:33 -!- ShadniX [dagger@p5481D978.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
23:34 -!- ShadniX [dagger@p5481D560.dip0.t-ipconnect.de] has joined #openvpn
23:44 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Quit: Leaving]
--- Day changed Mon Jan 05 2015
00:21 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 244 seconds]
00:31 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
00:35 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Remote host closed the connection]
00:35 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
00:58 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
01:19 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 240 seconds]
01:19 -!- master_o1_master [~master_of@p4FF24AC0.dip0.t-ipconnect.de] has joined #openvpn
01:23 -!- master_of_master [~master_of@p4FF24914.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
01:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
01:42 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 244 seconds]
01:46 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:48 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
01:57 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:00 -!- mattock_afk is now known as mattock
02:00 -!- JackWinter [~jack@vodsl-4724.vo.lu] has quit [Read error: Connection reset by peer]
02:03 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:08 -!- JackWinter [~jack@vodsl-4724.vo.lu] has joined #openvpn
02:12 -!- JackWinter [~jack@vodsl-4724.vo.lu] has quit [Remote host closed the connection]
02:17 -!- abbe [having@badti.me] has quit [Quit: “Everytime that we are together, it's always estatically palpitating!”]
02:27 -!- JackWinter [~jack@vodsl-4724.vo.lu] has joined #openvpn
02:38 -!- abbe [having@badti.me] has joined #openvpn
02:45 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
02:49 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:02 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
03:07 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
03:31 -!- Tracker [~tracker@m88.ip1.anvianet.fi] has joined #openvpn
03:33 -!- Denial [~Denial@81.141.0.36] has quit [Ping timeout: 256 seconds]
03:34 -!- Denial [~Denial@5.80.234.73] has joined #openvpn
03:36 < Tracker> Hi, I have a strange problem with 2 different openvpn servers one 10.8.0.0 255.255.255.128 and one 10.8.0.128 255.255.255.128 , same client keys both servers but different ips other 1-127 and other 129-... when connecting to both servers from windows xp box all ok can ping both 10.8.0.x client ips from openvpn servers local net 192.168.100.x push "route 192.168.100.0 255.255.255.0" is applied..
03:36 < Tracker> but when trying same configuration from windows 7 box cant ping the seconds servers 10.8.0.x client ip anywhere but the second server... windows 7 doesnt know to route the packet trought the same interface its coming from trying to send it trounght servcer 1 its log says MULTI: bad source address from client [10.8.0.138], packet dropped.. any help with my issue?
03:45 -!- tobinski [~tobinski@x2f58ee7.dyn.telefonica.de] has joined #openvpn
04:13 -!- dazo_afk is now known as dazo
04:13 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-zvlhhgylcitxtcng] has joined #openvpn
04:14 -!- hyper_ch [~hyper_ch@81.4.108.20] has joined #openvpn
04:14 < mjkr> what does openvpn offers over openssh's tuntap?
04:14 < hyper_ch> hmmm, I just added tls-auth and cipher AES-256-CBC to my server and client configs. All work fine except the windows 8.1 client
04:15 < hyper_ch> mjkr: drugs, sex, rock'n'roll :)
04:16 < mjkr> seriously...
04:16 <@dazo> mjkr: an easier configuration, especially setting up tun/tap adapters for you.  More advanced possibilities for authentication.  UDP transport (to avoid tcp-over-tcp issues) ... to mention some things
04:16 < hyper_ch> can't answer that since I don't know openssh's tuntap
04:16 < mjkr> dazo: but with tcp at least you get proper pmtud
04:16 <@dazo> mjkr: openvpn with udp + tls-auth actually hides your open UDP for port scans
04:16 <@dazo> pmtud?
04:17 < mjkr> path mtu discovery
04:17 < hyper_ch> Here's the pastebin... seems something goes wrong but no real idea what... http://paste.debian.net/139217/
04:18 < mjkr> right tls auth and static keys
04:18 <@dazo> mjkr: well, you can use openvpn with tcp too ... but it can seriously give you a noticable performance hit if you're having an unstable connection
04:18 < hyper_ch> damn it... fixed it Ithink.... stupid windows :)
04:19 < mjkr> well, it's the server operator's responsibility to find a stable ip transit.
04:19 <@dazo> mjkr: you can also use a fullblown PKI using CA signed X.509 certificates for authentication ... and you can extend with additional plug-ins, which can f.ex give you better network access control for your clients ... each client can have different firewall profiles
04:20 < mjkr> (there are well-maintained patches around for x509/pgp support in openssh)
04:20 <@dazo> mjkr: well, to some degree ... if you have road warriors travelling, you never know what kind of network they use
04:26 <@dazo> mjkr: you may very well make openssh tuntap stuff work well.  But my experience is that it requires far more from the configuration than just setting up an openvpn tunnel.  Using UDP+tun devices (not tap) gives you a nice routable subnet and it gives quite good performance out-of-the-box ... and depending on your requirements to security, you have much to choose between in openvpn.
04:27 <@dazo> (plus openvpn with tun drivers enables mobile/tablet devices as well as all major OSes, pretty much out-of-the-box)
04:27 <@dazo> s/tun drivers/tun devices/
04:28 < mjkr> i've done tls auth with tcp/udp before, but i think it doesn't hide openvpn's traffic fingerprint well enough.
04:28 < mjkr> straight blocking from my national firewall
04:28 <@dazo> tls-auth is about HMAC packet authentication ... not hiding the traffic
04:29 < mjkr> but yes, more options is always better
04:29 <@dazo> and the side effect with UDP is that the openvpn server can just drop UDP packets with the wrong signature
04:29 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
04:29 < mjkr> would be great though if you folks implement dtls for udp
04:29 <@dazo> and since there is no handshake, the port is considered closed by scanners
04:29 <@dazo> patches are welcome
04:30 <@dazo> but generally, we've not seen dtls providing enough benefits to provide such support yet ... however, there's been a lot of dtls cve security bugs too, which have never hit openvpn
04:31 < mjkr> that would have depend on the plibrary providing dtls
04:31 <@dazo> (openvpn intercepts the SSL packets and wraps them into it's own containers, so it can be used over UDP ... otherwise SSL/TLS is strictly TCP)
04:32 < mjkr> ah, i see why i can't do openvpn over udp then
04:32 < mjkr> the traffic fingerprint is similar
04:34 < mjkr> plus, there are only very few dtls implementors
04:35 < mjkr> while tls is very common, and dtls 1.2 only bring the number down.
04:35 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
04:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:54 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 244 seconds]
04:56 -!- defswork [~andy@141.0.50.98] has quit [Ping timeout: 245 seconds]
04:59 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:01 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 265 seconds]
05:06 -!- Tracker [~tracker@m88.ip1.anvianet.fi] has quit [Ping timeout: 244 seconds]
05:37 -!- Netsplit *.net <-> *.split quits: mete, ribasushi, Latrina, Taftse|Mac
05:38 -!- Netsplit over, joins: Taftse|Mac
05:38 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has quit [Ping timeout: 250 seconds]
05:38 -!- Champi [Champi@damn.e-leet.be] has quit [Ping timeout: 250 seconds]
05:39 -!- Champi [Champi@damn.e-leet.be] has joined #openvpn
05:39 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has joined #openvpn
05:40 -!- Netsplit over, joins: mete
05:41 -!- Netsplit over, joins: Latrina, ribasushi
06:03 -!- JackWinter [~jack@vodsl-4724.vo.lu] has quit [Remote host closed the connection]
06:05 -!- JackWinter [~jack@vodsl-4724.vo.lu] has joined #openvpn
06:06 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
06:16 -!- JackWinter [~jack@vodsl-4724.vo.lu] has quit [Quit: Konversation terminated!]
06:17 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-zvlhhgylcitxtcng] has quit [Quit: WeeChat 1.0.1]
06:21 -!- Denial [~Denial@5.80.234.73] has quit [Ping timeout: 264 seconds]
06:27 -!- JackWinter [~jack@vodsl-4724.vo.lu] has joined #openvpn
06:27 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Read error: Connection reset by peer]
06:41 -!- Manis_ [~Manis@gateway/tor-sasl/manis] has joined #openvpn
06:56 -!- Manis_ [~Manis@gateway/tor-sasl/manis] has quit [Remote host closed the connection]
07:05 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 250 seconds]
07:25 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
07:49 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 244 seconds]
07:55 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
07:59 < ljvb> anyone fsmiliar with the iffucial android client.  hsving abysmal perf issues. ps, excuse tge mistskes, bumpy flight. snd no, its not the plsne wifi, priblem is over lte on nexus 6
08:00 < ljvb> wow... that was horrible.. too many typos... need better kbd
08:01 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:01 -!- kexmex [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
08:01 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:03 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Read error: Connection reset by peer]
08:08 -!- nullie [~nullie@linode.nullie.name] has quit [Ping timeout: 250 seconds]
08:08 -!- nullie [~nullie@linode.nullie.name] has joined #openvpn
08:16 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Max SendQ exceeded]
08:16 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
08:22 < asper> hey guys. is it possible to automate the process of client certificate generation with easy-rsa? e.g. no prompting anymore
08:27 -!- james41382 [~james@unaffiliated/james41382] has quit [Quit: Leaving]
08:29 < asper> ahh i see no --interact
08:30 -!- defswork [~andy@mailhost.mirrormail.co.uk] has joined #openvpn
08:30 -!- james41382 [~james@unaffiliated/james41382] has joined #openvpn
08:34 < ljvb> i prefer ssl-admin
08:34 < ljvb> better cert management
08:50 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
09:08 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
09:08 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
09:09 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
09:10 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
09:30 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Ping timeout: 244 seconds]
09:30 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
09:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
10:00 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
10:10 -!- Manis [~manis@gateway/tor-sasl/manis] has joined #openvpn
10:11 < Manis> !welcome
10:11 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
10:11 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:11 < Manis> !/30
10:11 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
10:12 < Manis> hey, I'm trying to harden my OpenVPN config. If no tls-cipher is specified, what will be used?
10:12 < esde> huh
10:12 < esde> !hardening
10:12 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
10:12 < esde> read up on what tls-auth does first
10:13 < Manis> I have tls-auth set up.
10:13 < esde> ok?
10:13 < Manis> esde: What do you mean by ok?
10:14 < esde> RE: >If no tls-cipher is specified, what will be used? Read up on what tls-atuh does
10:14 < esde> *auth
10:14 < Manis> Yes? tls-auth adds HMAC, doesn't it?
10:14 < asper> !topology
10:14 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
10:15 < esde> Correct
10:16 < esde> If tls-auth is not present, you don't have the benefit of it.
10:16 < esde> Not sure how else to answer your question, really.
10:16 < Manis> So afaik OpenVPN first(?) does TLS for handshake and key exchange. So tls-auth authenticates the TLS session but the payload is encrypted, right?
10:16 < Manis> tls-auth is present in my setup.
10:17 < asper> is it possible to set openvpn up in a way such that no client can reach other clients except for one or two i specify? i want to have a network of nodes i want to administrate and don't want to ssh into the server first.
10:17 < esde> Manis, read the summation at the url provided in !hardening
10:18 < esde> asper, I've never done that but it sounds do-able. now that you've stated your goal, idle around and see if another user has any advice :)
10:20 < asper> thanks esde. i will start idling now! :D
10:26 -!- Manis [~manis@gateway/tor-sasl/manis] has quit [Remote host closed the connection]
10:26 -!- Manis_ [~manis@gateway/tor-sasl/manis] has joined #openvpn
10:33 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has quit [Ping timeout: 250 seconds]
10:34 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
10:46 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:53 -!- Manis_ [~manis@gateway/tor-sasl/manis] has quit [Remote host closed the connection]
10:53 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:12 -!- Manis [~manis@gateway/tor-sasl/manis] has joined #openvpn
11:13 -!- Latrina [~Latrina@ppp-39-38.26-151.libero.it] has quit [Ping timeout: 240 seconds]
11:16 < hyper_ch> hmmm, in dhcp you can normally set a certain ip range to not be used by the dhcp server ... is there a way to do that in openvpn?
11:16 < hyper_ch> e.g. provide ips if there's no ccd starting at x.x.x.101
11:19 <@krzee> you could stop using --server and set your own pool
11:19 <@krzee> see what --server does and emulate it, selecting the pool you want
11:19 <@krzee> its simply a helper directive, so make configuration far easier
11:19 <@krzee> s/so/to/
11:20 < hyper_ch> just had a collission case :)
11:20 < hyper_ch> made new certs
11:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
11:20 < hyper_ch> renamed the one of my comp
11:20 <@krzee> could also just assign static ips outside of the pool
11:20 < hyper_ch> and it promptly got assigned an ip reserved to another comp
11:21 < hyper_ch> and I wondered why it's not accepting my password again
11:21 <@krzee> in !policy in the howto they show an example where they assign ccd ips outside the ifconfig-pool
11:21 -!- stewi [~quassel@203.143.84.86] has quit [Quit: No Ping reply in 180 seconds.]
11:22 <@krzee> note that with that you may have additional routing to configure, if you have routing configured
11:22 < hyper_ch> that looks all so complicated and it seems only real gurus can achieve that (in other words, I'm too lazy and was hoping just for a simple configuration line )
11:22 <@krzee> vpns are advanced networking
11:22 < hyper_ch> vpns should be a simple as cooking noodles
11:22 <@krzee> it's easy, but requires understanding it and doing it
11:23 <@krzee> i dont cook ;]
11:23 < hyper_ch> you have a gf/wife to do it for you ;)
11:23 <@krzee> correct!
11:23 < hyper_ch> btw, I don't like android L :(
11:23 <@krzee> havnt seen it yet
11:23 < hyper_ch> in 4.4 you finally had seperate encryption and screen unlock passwords
11:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:24 < hyper_ch> in L they seem to have improed the encryption mechanism
11:24 < hyper_ch> however you're back stuck to one password
11:24 <@krzee> no wayyyy
11:24 <@krzee> thats a huge step back
11:24 < hyper_ch> at least I couldn't figure out a way
11:25 < Manis> Android L is not supposed to make Android more secure.
11:25 <@krzee> did you try changing screen lock and seeing if the crypto pass stayed?
11:25 < hyper_ch> this guy did an analysis it seems.... however I think he misunderstood my question http://nelenkov.blogspot.ch/2014/10/revisiting-android-disk-encryption.html
11:25 <@vpnHelper> Title: Android Explorations: Revisiting Android disk encryption (at nelenkov.blogspot.ch)
11:25 <@krzee> Manis, is it supposed to make android *less* secure?
11:25 -!- Latrina [~Latrina@ppp-177-9.26-151.libero.it] has joined #openvpn
11:25 <@krzee> Manis, because what hyper_ch said is just that.
11:25 < Manis> krzee: Why not? Google doesn't make money by having a secure OS they can't get your data from
11:26 < hyper_ch> well, the encryption password seems to get padded to 16 chars and another 16 chars salt is added ot it
11:26 <@krzee> encryption would not stop them, they operate while your phone is in use and unencrypted
11:26 <@krzee> invalid point.
11:26 < Manis> krzee: also Android L seems to be a step to make everything more animated, colourful and n00b-friendly :(
11:26 <@krzee> oh god
11:26 <@krzee> why android why!
11:27 <@krzee> if i wanted a windows phone i would have one
11:27 < Manis> krzee: Yes, sure. But why should they be interested in having good disk encryption? As long as they can put it on a feature-list, that's fine
11:27 < hyper_ch> krzee: what do you think of this:  http://shop.geeksphone.com/en/phones/9-revolution.html
11:27 <@vpnHelper> Title: Revolution - Geeksphone (at shop.geeksphone.com)
11:28 < hyper_ch> seems like they can run pure linux
11:28 <@krzee> Manis, allowing proper passphrases seperate from the screen lock code is not a crazy idea
11:28 <@krzee> im not asking for my choice of cipher, im just saying let us have proper passphrases
11:28 < Manis> krzee: Letting AOSP apps in AOSP and keep them updated is neither
11:29 < hyper_ch> because the root password is asked maybe once every few weeks
11:29 < Manis> *isn't either
11:29 < hyper_ch> while the screen unlock password is asked a few times every day
11:29 < hyper_ch> so have a strong root encryption password
11:29 < hyper_ch> and an "ok" password for screen unlcok
11:29 < Manis> hyper_ch: that might be the reason. people tend to forget stuff they don't have to use all the time
11:29 <@krzee> numeric is acceptable for screen lock, not for crypto
11:30 <@krzee> having them default to your screen lock was acceptable, and solves that ^ (also is how android nhandled it in the past)
11:31 <@krzee> then those who know and care would change one of them
11:31 <@krzee> i would set a strong screen lock passphrase then encrypt then change screenlock,   hyper_ch would encrypt with screen lock then change his crypto passphrase… end result was the same
11:32 <@krzee> hyper_ch, did L at least bring privacy guard?
11:32 < hyper_ch> that's a CM thing
11:32 <@krzee> that was originally a google thing iirc
11:32 < hyper_ch> really?
11:32 <@krzee> CM kept it, google didnt
11:32 < hyper_ch> I only checked L to see how it is
11:33 < hyper_ch> have it on my N4 now
11:33 < hyper_ch> but I'll replaced it again with CM11
11:33 <@krzee> maybe theres a CM12 for it
11:33 < hyper_ch> no cm12 yet for the n4
11:33 <@krzee> werd
11:34 <@krzee> ill be interested to hear your thoughts on that sometime
11:34 <@krzee> cm usually gives less suck
11:34 < hyper_ch> I still don't like that CM did give an exclusive deal to some indian company when they knew OPO was going to ship to india
11:35 <@krzee> http://www.1mobile.com/appops-999442.html
11:36 <@krzee> hyper_ch, theres things i dont like about the cm business as well, i still like the project though
11:36 < hyper_ch> yes, same here
11:36 <@krzee> think of it like openvpn, theres a corp and a community… we're just lucky we like corp ;]
11:37 < hyper_ch> btw, you remember a while back, you had an idea for direct client-to-client communication....
11:37 < hyper_ch> did you ever follow up on it?
11:37 -!- Brutser [~Pete@d51A48718.access.telenet.be] has joined #openvpn
11:37 <@krzee> it recently got a post from a dev saying it sounds like a cool idea
11:37 <@krzee> cause after you mentioned it i decided to ask his opinion on it
11:37 <@krzee> https://forums.openvpn.net/topic141.html
11:37 <@vpnHelper> Title: OpenVPN Support Forum Idea for direct connections : Wishlist (at forums.openvpn.net)
11:37 < hyper_ch> there's a forum? oO
11:38 <@krzee> he says tinc uses a similar style to accomplish that
11:38 <@krzee> are you kidding?
11:38 < hyper_ch> (yes)
11:38 <@krzee> good :-p
11:38 < hyper_ch> well, asking the dev sound more like a wish on the bug tracker or something ;)
11:39 <@krzee> haha
11:39 < Brutser> for a client i want to setup openvpn connection, but if the connection would drop for whatever reason, i want to prevent it to fall back to default connection - so basically only allow traffic over the vpn tunnel. i have a limited (embedded) OS, so I cannot do anything fancy like firewall config - i could use proxy or something similar - any ideas?
11:39 <@krzee> wasnt asking him to do it, wrong dev for that request anyways
11:39 <@krzee> just wanted his opinion as hes a crypto guy
11:39 <@krzee> actually maybe not wrong dev for the request
11:40 <@krzee> but either way, its one of those things id need to do if i wanna see it, and i dont have the skills to impliment it tbh
11:40 < hyper_ch> don't underestimate your skills :)
11:40 <@krzee> Brutser, i guess you could break routes, but really its a job for a firewall.
11:41 < Brutser> Yes I know, but xp embedded and not really look forward to run some 3rd party firewall on it
11:41 <@krzee> then maybe you should choose something more suited to your goal?
11:42 <@krzee> or run the firewall you dont look forward to...
11:42 < hyper_ch> ecrist is so negative in that forum thread :(
11:42 < Brutser> :) ok
11:42 <@krzee> on osx i use "little snitch"
11:42 <@krzee> then if an app starts communicating with something i havnt allowed, it pops up and asks what to do
11:43 < Brutser> yes something like that would do just fine
11:43 < hyper_ch> (sounds like zone alarm)
11:43 <@krzee> so if my proxifiers (over openvpn) die and im naked, i get popups not traffic
11:43 <@krzee> ya zone alarm is probably a more popular windows version
11:43 <@krzee> basically we're just talking outbound firewall
11:43 < hyper_ch> back in the old windows days, I used zone alarm
11:43 < Brutser> ok
11:43 <@krzee> in this case with fancy popups
11:44 < hyper_ch> (you never replied to syzzer's question)
11:44 <@krzee> we talked a bit off the forum
11:45 < Brutser> and a local proxy that routes traffic through the vpn tunnel? - then i could set proxy rules for the apps i want and if the connection dies, no traffic
11:45 < Brutser> or will that not work?
11:45 <@krzee> hyper_ch, i think the fact i posted the idea 5 years ago and theres no code submitted answers the question
11:45 < hyper_ch> well, you didn't have dev approval before dec 28, 2014 ;)
11:45 <@krzee> lol
11:46 <@krzee> i could set myself to developer on the forum and approve myself :-p
11:46 <@krzee> in fact, i set him to developer on there ;]
11:47 <@krzee> at first it called him an openvpn noob, which i found funny
11:47 <@krzee> since dude is mad skilled
11:47 < hyper_ch> those are not mutually exlusive terms ;)
11:47 < hyper_ch> one can be a developer and still be a noop ;)
11:47 <@krzee> well hes quite far from noob
11:48 < hyper_ch> I don't know :)
11:48 <@krzee> northern lights is mmm mmm good
11:48 <@ecrist> what did I do?
11:48 <@krzee> ecrist, broke the internets
11:49 <@krzee> you filled the tubez
11:49 < hyper_ch> ecrist: you forgot your post on the forum on may 21, 2009?
11:49 <@krzee> lol
11:49 < hyper_ch> "I don't think it's a great idea in many scopes."
11:49 <@ecrist> heh, apparently.
11:54 < hyper_ch> krzee: but syzzle pointed out, you don't need extra routes and stuff... so it should be a piece of cake to implement that ;)
11:54 <@krzee> hyper_ch, sweet, let us know when you have progress
11:55 < hyper_ch> you know that I do php... do you REALLY want to let me work on openvpn code?
11:55 <@krzee> nothing gets included without others going over it
11:56 < hyper_ch> they might get a brain stroke when they go over my code
11:56 < hyper_ch> you really wanna risk that?
11:56 < hyper_ch> bra
11:56 <@krzee> they made it through automake i think they can handle anything
11:56 < hyper_ch> s/stroke/meltdown/
11:57 <@krzee> they survived alonb they can handle you :-p
11:59 < hyper_ch> there are some weird sports in Nippon
12:10 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit1]
12:10 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:94c3:c835:4c38:5077] has quit [Read error: Connection reset by peer]
12:10 -!- abbe [having@badti.me] has quit [Read error: Connection reset by peer]
12:10 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:b876:305b:3c5e:f25a] has joined #openvpn
12:10 -!- abbe [having@badti.me] has joined #openvpn
12:11 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 265 seconds]
12:12 -!- kokel [~quassel@kenneth.kokelnet.de] has quit [Remote host closed the connection]
12:12 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Remote host closed the connection]
12:13 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
12:13 -!- Manis [~manis@gateway/tor-sasl/manis] has quit [Remote host closed the connection]
12:13 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 265 seconds]
12:13 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
12:13 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 265 seconds]
12:13 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 265 seconds]
12:14 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 265 seconds]
12:14 -!- Yoderp [Yoda@unaffiliated/itsyoda] has quit [Ping timeout: 265 seconds]
12:14 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Ping timeout: 265 seconds]
12:14 -!- lachesis [~lachesis@unaffiliated/lachesis] has quit [Ping timeout: 265 seconds]
12:15 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Read error: Connection reset by peer]
12:15 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
12:15 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Read error: Connection reset by peer]
12:16 -!- lachesis [~lachesis@unaffiliated/lachesis] has joined #openvpn
12:16 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
12:16 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
12:17 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
12:17 -!- kokel [~quassel@kenneth.kokelnet.de] has joined #openvpn
12:17 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
12:17 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
12:17 -!- MacGyver [~macgyver@sog.polvanaubel.com] has quit [Ping timeout: 244 seconds]
12:19 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
12:19 -!- `Yoda [Yoda@unaffiliated/itsyoda] has joined #openvpn
12:19 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
12:21 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:b876:305b:3c5e:f25a] has quit [Read error: Connection reset by peer]
12:21 -!- jefferai [sid1300@kde/mitchell] has quit [Read error: Connection reset by peer]
12:21 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
12:21 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:b876:305b:3c5e:f25a] has joined #openvpn
12:21 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
12:22 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Remote host closed the connection]
12:22 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
12:22 -!- mode/#openvpn [+o dazo] by ChanServ
12:26 -!- Brutser [~Pete@d51A48718.access.telenet.be] has quit []
12:26 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
12:27 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
12:29 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:30 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
12:31 -!- raeflondon [raeflondon@got.ourback.net] has quit [Ping timeout: 250 seconds]
12:37 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 245 seconds]
12:40 -!- mete [~mete@91.247.253.160] has joined #openvpn
12:45 -!- zune [~zune_free@188-180-61-96-dynamic.dk.customer.tdc.net] has joined #openvpn
12:45 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
12:47 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 240 seconds]
12:50 -!- mete [~mete@91.247.253.160] has joined #openvpn
12:50 -!- CivisUS [~CivisUS@208.80.0.1] has joined #openvpn
13:14 -!- `Yoda is now known as Yoderp
13:28 -!- hyper_ch [~hyper_ch@81.4.108.20] has left #openvpn ["Konversation terminated!"]
13:29 -!- hyper_ch [~hyper_ch@81.4.108.20] has joined #openvpn
13:29 < hyper_ch> damn, I hate it when znc messes up channel order
13:36 -!- CivisUS [~CivisUS@208.80.0.1] has quit [Ping timeout: 256 seconds]
13:38 -!- Mike-- [mad@mx.probie.nl] has quit []
13:44 < asper> kind okind of a noob question: i want one machine which generates client keys and deploys them on them via local lan, the clients are then shipped out into the world. i want a seperate vpn server. do i have to put the database of clients to the vpn server, or does it accept incoming connections plainly because they are signed by the ca?
13:46 -!- Manis [~manis@gateway/tor-sasl/manis] has joined #openvpn
13:46 -!- Manis [~manis@gateway/tor-sasl/manis] has quit [Remote host closed the connection]
13:50 < hyper_ch> signed by ca is fine... no need to keep the db on the vpn server
13:50 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
13:50 < hyper_ch> however if you revoke certs, that file has to be copied to the vpn server then$
13:51 < asper> ok, but thats one file per revoke then?
13:52 < hyper_ch> not with easy rsa
13:52 < hyper_ch> not sure if htere's another way
14:00 < asper> well, doesn't matter. the question is answered, thank you!
14:03 -!- Henryabcd [~Henryabcd@pD9E0B82D.dip0.t-ipconnect.de] has joined #openvpn
14:15 -!- Brutser [~Pete@d51A48718.access.telenet.be] has joined #openvpn
15:01 -!- Henryabcd [~Henryabcd@pD9E0B82D.dip0.t-ipconnect.de] has quit [Quit: Leaving]
15:02 -!- Manis [~Manis@gateway/tor-sasl/manis] has joined #openvpn
15:03 <@dazo> hyper_ch, asper: The CRL is a signed file with a list of serial numbers, basically ... CRLs usually expires and the content is replaced whenever it is renewed - with or without any additional revokes since last time
15:03 < hyper_ch> expires? how?
15:03 <@dazo> CRLs can have expiry dates ... however, openvpn/openssl doesn't necessarily stop using it if it has expired
15:04 < Manis> Hi. Can OpenVPN 2.3.6 use "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" as a tls-cipher? Whenever I add that line to the servers conf, I can't connect anymore.
15:04 <@dazo> Manis: mostly depends on your SSL library ... check with openvpn --show-ciphers and --show-tls
15:04 < hyper_ch> dazo: I don't believe in expiration dates :)
15:04 <@dazo> :)
15:05 < Manis> dazo: I copied that line out from `openvpn --show-tls`
15:05 < hyper_ch> ok, I make the certs usually valid for 36500 days
15:05 < hyper_ch> I'll probably expire before the cert
15:05 <@dazo> Manis: then it should work with --tls-cipher ... but both server and client must support the same ciphers
15:07 <@dazo> --tls-cipher and --cipher options must be identical on both server and client configs, that is ... plus a few others as well, such as --comp-lzo, --{link,tun}-mtu, --fragment, --mssfix etc
15:07  * dazo need to run
15:07 < Manis> dazo: I have just checked again on the client. It's also supported there. I don't have the link anymore, but I read earlier that openvpn suggests ciphers that openssl supports but not openvpn itself.
15:08 <@dazo> Manis: if it did ... that's hopefully corrected in openvpn 2.3.x ;-)
15:08 <@dazo> but it's easy to check ... if it works, it works ;-)
15:08 < Manis> dazo: Don't wanna keep you from running, but both client and server are running 2.3.6
15:08 < Manis> dazo: It doesn't work. That's the problem ;-)
15:09 <@dazo> ahh ... okay, then we need log files with --verb 4 ... and try to grab syzzer or plaisthos ... they're quite into these code paths in openvpn :)
15:10  * dazo runs :)
15:10  * Manis hopes dazo doesn't fall over
15:10 -!- dazo is now known as dazo_afk
15:16 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
15:19 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:21 <@syzzer> Manis: that will only work if you enable TLS version negotiation
15:21 <@syzzer> so add 'tls-version-min 1.0' to your config
15:21 < hyper_ch> running increases the risk of accidents
15:22 <@syzzer> (at both ends)
15:22 < Manis> syzzer: What is it using without that line?
15:22 <@syzzer> fixed at TLS 1.0
15:22 <@syzzer> which has nog support for SHA256
15:22 <@syzzer> *no
15:23 < Manis> syzzer: So you actually mean to add "tls-version-min 1.2"?
15:23 <@syzzer> well, you could indeed do that, and then leave out the tls-cipher stuff
15:23 <@syzzer> the tls-cipher stuff is far too error-prone if you ask me
15:24 < Manis> syzzer: I'm confused. As TLS 1.0 doesn't support SHA256, and I set the minimum to 1.0 it still doesn't support SHA256?! Or does tls-version-min enable TLS 1.2?
15:24 <@syzzer> yes, that is quite confusing
15:25 < Manis> syzzer: Yes. Why isn't TLS 1.2 enabled by default?
15:25 <@syzzer> setting tls-version-min will enable negotiation
15:25 <@syzzer> we did that in 2.3.3, but then a lot of people came complaining with broken setups
15:26 < Manis> syzzer: Oh man :( So annoying that default settings have to be awful always simply to keep idiots quiet :(
15:26 <@syzzer> broken firewalls, external software, also broken pieces of our own code, so we decided not postpone default enabling it to 2.4
15:26 < esde> yeah tls 1.2 isnt compatible with a few of my ovpn clients
15:26 < esde> im stuck on 1.0 too atm
15:26 < Manis> esde: Which ones do you use?
15:26 <@syzzer> in the mean time we are fixing our own stuff, hoping for other to do the same and see if adoption is better by the time we release 2.4
15:27 < esde> hell if i know. i just know i got complaints when i set min to 1.2
15:27 < Brutser> trying to figure out what (free) firewall to use on windows xp embedded, i need to allow only vpn traffic, so if vpn server would go down, normal internet access is not allowed - but i want the firewall to use minimum resources - any suggestions?
15:27 < Manis> esde: Complaints from whom? Are you running commercial VPNs?
15:27 < esde> nuke windows and install pfsense
15:27 < esde> nunya :)
15:27 <@syzzer> Manis: but if you control both your servers and clients, there's not much reason to set you tls-version-min higher than 1.0, or specify --tls-cipher, as TLS will automatically pick the strongest available cipher for you
15:28 <@syzzer> and unlike browsers, openvpn is not vulnerable to TLS rollback
15:29 < Manis> syzzer: Hmm.
15:29 < Manis> syzzer: I definitely wanna use TLS 1.2. TLS 1.0 is just ancient and we have to move away from it imho.
15:30 -!- Brutser [~Pete@d51A48718.access.telenet.be] has quit []
15:30 <@syzzer> setting 'tls-version-min 1.0' will give you that :)
15:30 < Manis> syzzer: min 1.2 also :D
15:31 <@syzzer> true, until you visit that hotel with the crappy firewall which blocks 1.2...
15:31 <@syzzer> at that point you wish you has at least 1.0 at your disposal ;)
15:31 < esde> or at least ssh access to the openvpn server ;)
15:31 < Manis> syzzer: Wat? They block TLS versions?!
15:31 < Manis> esde: I can only access SSH through VPN :P
15:32 <@syzzer> I've never encountered it before, but there were reports about such things, yes
15:32 < esde> yuck
15:32 < Manis> ouch
15:32 <@syzzer> I don't even think it's on purpose, but just too-strict 'default deny'
15:33 < esde> i personally believe it's the goal of hotels to make complimentary internet as unusable as possible.
15:33 < Manis> esde: Is that a conspiracy?
15:34 < esde> hell if i know. nowadays i bring my own hardware and dont worry about it
15:34 < Manis> I have to say though that I never use their internet. I don't use public internet at all if I can.
15:34 < esde> o_0
15:34  * esde asks Manis for some private internet
15:35 < Manis> esde: I meant hotspots and all that kinda "here's some free internet, take it" services
15:35 < Manis> even my university's Wi-Fi is horrible
15:36 < esde> comcast just launched free Wi-Fi at universal in orlando, shit-tier
15:36 < Manis> I don't know what they did, but something with multicast is definitely broken. My mDNSResponder is logging like an idiot and my logs are going into the gigabytes
15:37 < Manis> are you guys using tun or tap? #justwonderin
15:37 < esde> !tun
15:38 < Manis> esde: is that a "not-tun"?
15:38 < esde> !tunortap
15:38 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
15:38 <@vpnHelper> rooted/jailbroken) support only tun
15:38 < esde> there we go
15:39 -!- mattock is now known as mattock_afk
15:39 < Manis> Yeah, I know, but I can't decide what to use. Somehow I like to transport Layer 2, but I don't have a specific case for which I would want to use it
15:40 < esde> >but I don't have a specific case for which I would want to use it + >remember layer2 has no security = why would you want to?
15:40 < Manis> does layer 3 have security?
15:41 < esde> https://en.wikipedia.org/wiki/OSI_model
15:41 <@vpnHelper> Title: OSI model - Wikipedia, the free encyclopedia (at en.wikipedia.org)
15:43 < Manis> esde: What do you want to tell me? That tun is Layer 4?
15:43 < esde> I'm not trying to tell you anything
15:43 < esde> im trying to give you the resources to learn for yourself
15:43 < Manis> that's nice but I'm still confused ;)
15:44 -!- Brutser [~Pete@d51A48718.access.telenet.be] has joined #openvpn
15:44 < esde> exactly
15:44 < esde> if i tell you something, and you dont understand it, whats the point
15:44 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Ping timeout: 265 seconds]
15:44 < esde> lead a horse to something or another
15:44 < Manis> by telling I meant "what's your message"
15:44 < Brutser> really confused me, but when i install openvpn client (2.3.6-I001-i686) - why is the installer trying to connect to 2 different servers?
15:45 < esde> !configs
15:45 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
15:45 < Manis> Brutser: Are you using Windows?
15:45 < Brutser> yes
15:45 < Brutser> 205.234.175.175 and 93.184.220.29
15:45 < Brutser> strange that an installer would try connect anywhere no?
15:46 < Manis> Brutser: I think you have to ask the guy who's created the installer, but maybe someone else knows it
15:46 < Manis> Brutser: It seems to be a new trend to ship small installers and then download the payload/application at runtime.
15:46 < Brutser> That is not the case here
15:46 < esde> !crystal
15:46 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
15:46 < Brutser> The installer installs perfectly well offline
15:47 < Brutser> Just I was testing some firewall settings and then I noticed when I click the executable, it try to connect to the IPs I mentioned
15:47 < Manis> Brutser: Have you run Wireshark and checked what it transferred?
15:47 < Brutser> No, not yet
15:48 < Brutser> I was confused and came here :)
15:48 < esde> Brutser, if you're seeking help, heed the advice given by vpnHelper. Else, you're wasting your time really.
15:49 < Manis> Brutser: I'm not using Windows and I don't think esde is, so we can't tell you what's the installer is trying to do.
15:49 < Brutser> esde: vpnHelper? I just think it is strange that a security product just contact different servers without telling the user
15:49 < esde> ...
15:49 < Manis> Brutser: the first IP you mentionned is cachefly and the second seems to be edgecast.
15:50 < Manis> Brutser: If you don't like that behavior you should probably stop using Windows.
15:50 < Brutser> Yes, i searched it immediately of course
15:50 < Brutser> What does Windows have to do with openvpn installer??
15:50 < esde> Brutser, in the time you've been here, we still have yet to receive any logs, configs, are really anything relevant from which we could help you
15:50 < Manis> Brutser: You misunderstood me. I wanted to say that most installers are phoning home these days. You're lucky if they don't install Ask toolbar :P
15:51 < Brutser> :) well that is true, but for a security product such as openvpn, i still think it is strange
15:51 < Manis> esde: Do you know what his problem is? What logs do you think he should provide?
15:51 < esde> Brutser, did you download the installer from http://openvpn.net/index.php/open-source/downloads.html?
15:51 <@vpnHelper> Title: Downloads (at openvpn.net)
15:51 < Manis> Brutser: For a VM such as JVM it's also quite embarassing ;-)
15:52 < Brutser> yes downloaded from official site openvpn.net
15:52 < Brutser> anyway, i think it is strange
15:52 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
15:52 -!- mode/#openvpn [+v RBecker] by ChanServ
15:52 < esde> then maybe you've got some hostile party intercepting your downloads, have you checked the signature?
15:52 < esde> http://openvpn.net/index.php/open-source/documentation/sig.html
15:52 <@vpnHelper> Title: File Signatures (at openvpn.net)
15:54  * esde gotta run, good luck!
15:54 < Manis> esde: bye
16:02 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]
16:05 < Brutser> Manis: you still here?
16:08 <@syzzer> Brutser: I think it's strange too. But without more information I can't help you either. I've seen a bit of the installers, and afaik there's nothing in there that should call home.
16:08 <@syzzer> only thing I can come up with is that the installer and drivers are signed, perhaps windows is looking for CRLs?
16:09 <@syzzer> those could be distributed over something like cachefly
16:09 < Manis> Brutser: yes
16:09 < Brutser> syzzer: i got confirm that the download from 2 days ago was not showing this behaviour!
16:09 < Brutser> i don't want to think this is something big, but it can be...
16:10 <@syzzer> did you check signatures?
16:10 < Brutser> i want to, but i dont know how exactly
16:10 < Manis> Brutser: I think it would really help if you could run Wireshark and filter by those two IPs.
16:11 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:11 < Brutser> Manis: I will also setup virtualbox to do this, but it would be nice if at least someone download the installer too and check
16:11 <@syzzer> Brutser: do you have any *nix hosts at your disposal? in that case just run shasum on both
16:12 < Brutser> i got some centos server running
16:12 < Manis> Brutser: I can download it and check the signatures, but I can't tell you if the installer has that behavior
16:13 <@syzzer> same here, no windows host available atm
16:13 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:18 < Manis> syzzer: Should I add "client" to the client's conf? I can't find out what it is supposed to do
16:19 <@syzzer> Manis: yes. Client is basically a 'macro' that expands to 'pull' and 'tls-client'
16:19 <@syzzer> see the man-page :)
16:20 < Manis> So I can remove pull and tls-client when I have client?
16:20 <@syzzer> correct
16:20 < Manis> OK. Cool
16:20 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Remote host closed the connection]
16:21 < Manis> so annoying I don't have the man page installed.
16:22 < Manis> oh. i found it online \o/
16:23 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
16:31 < Brutser> Manis and syzzer: sorry for the time, but it seems my IE has been hijacked and is injecting code into each executable I download
16:31 < Manis> Brutser: Ouch. Now, why exactly are you using IE?
16:31 <@syzzer> oh, wow...
16:31 < Manis> Brutser: Are you using Tor by chance?
16:31 < Brutser> I am actually using Firefox - but in the virtualbox I was using IE for download
16:32 < Brutser> No, not using TOR
16:32 < Manis> It's "Tor"
16:32 < Manis> I was asking because recently there was a similar behavior of some exit nodes
16:32 < Brutser> Oh, I am using Tor yes
16:32 < Brutser> :)
16:32 < Brutser> No, just kidding
16:32 <@syzzer> Brutser: can you check whether windows still accepts the installer signature? (right click > properties > digital signatures)
16:33 <@syzzer> (because that mechanisms is supposed to protect your from exactly this stuf...)
16:34 -!- aulait [~irenacob@li629-190.members.linode.com] has quit [Max SendQ exceeded]
16:34 < Brutser> yes it is pretty clever virus it seems
16:35 < Manis> for windows to accept a signature, don't you just have to have a valid certificate from some corrupt CA?
16:35 < Manis> Windows is known to have such clean Root CA lists :D
16:36 <@syzzer> well, the CA system is pretty broken, yes, but it should still succeed in detecting this ;)
16:36 < Brutser> well i started to think about this, then download some simple freeware executable and yes, after start, explorer.exe try to communicate with 178.255.83.2 now
16:37 -!- aulait [~irenacob@li629-190.members.linode.com] has joined #openvpn
16:37 < Manis> syzzer: Did Brutser verify who was written to be the author/publisher?
16:38 <@syzzer> !crystal
16:38 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
16:38 <@syzzer> :p
16:39 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
16:40 < Manis> It was more like a question to Brutser
16:40 < Manis> Also it would be interesting to know which CA signed the certificate.
16:42 < Brutser> I am now first scanning the virtualbox with some AV
16:43 <@syzzer> I don't think it is something in the binaries actually, since it is explorer.exe which is making the connections (but, I have to dig deep into my windows memories, it's been a while...)
16:43 < Manis> As if AV's would help :P
16:44 < Brutser> they will not help, but at least i can see if they find anything
16:44 < Manis> syzzer: It might be anything.
16:44 <@syzzer> so could be some AV-like service, checking fingerprints or signatures
16:44 <@syzzer> and actually, yes, Manis is correct, for now it could be almost anything...
16:44 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
16:45 < Brutser> well if i download same executable on my host system, executing this file not give any external connection
16:45 < Manis> Brutser: If I were you I'd go and get Debian ;-)
16:45 < Brutser> only if I download from the virtualbox IE
16:46 < Brutser> yes, but still need IE for testing in virtual environment anyway, so yea
16:46 < Manis> Brutser: Does your IE have a Proxy set?
16:47 < Brutser> no
16:47 < Brutser> :) hehe, so many other things planned, but i know already now this will keep me awake :)
16:48 < Manis> Brutser: I know that feeling ;-) I'm hardening my OpenVPN :P
16:48 < Brutser> That is on my list too
16:48 < Manis> Oh good luck trying to make it NSA safe :P
16:49 < Brutser> I wanted to make windows xp embedded to be forced to only use VPN tunnel, so was testing some firewalls, then saw the connections and bam, another ' problem ' :)
16:50 < Manis> Brutser: Doesn't --redirect-gateway route all the traffic through the VPN on Windows?
16:53 < Brutser> yes, but windows have this tendency that when the connection times out, it will use the isp gateway again
16:53 < Manis> use keepalive?
16:54 < Manis> Or set a system-wide proxy. Tor e.g.
16:55 < Brutser> yea
16:55 < Manis> Then most applications will only use Tor. So you only have to run a Tor relay on your VPN server and most applications will only go online through VPN :P
16:55 < Brutser> well it all has to do wiht windows, it have some strange behaviour now and then
16:55 < Manis> now and then? hmm, well
16:55 < Brutser> :)
16:56 < Brutser> vpn icon show connection is alive to user, but it is using the isp connection all the time
16:56 < Brutser> things like that happen
16:56 < Brutser> unless you set rules on outgoing connection
16:56 <@syzzer> Brutser, you are aware of def1?
16:56 <@syzzer> !def1
16:56 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
16:56 < Manis> hmm. Well, they can happen on any system, but I haven't had that so far
16:57 < Manis> syzzer: But syzzer wants to wipe out the default gateway
16:57 <@syzzer> that was added specifically because windows will override your default gateway after a new dhcp response
16:57 < Brutser> exactly what manis says
16:58 < Brutser> i am using def1
16:58 < Brutser> but it will still go back to original gateway
16:58 < Brutser> outgoing fw rule will help
16:58 < Manis> isn't the point of def1 to keep the default gateway? Or am I misunderstanding vpnHelper
16:58 < Manis> ?
16:58 < Brutser> but winxp embedded not have outgoing firewall
16:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
16:59 <@syzzer> the point is that it will overrule the default gateway, so windows can reinstate its default gateway, but traffic will still go over the vpn
17:00 < Brutser> well in some circumstances it will fall back to the original gw
17:00 <@syzzer> before 0.0.0.0/1 is preferred over 0.0.0.0/0 (or 'default gateway')
17:00 < Brutser> dont ask me why
17:00 < Manis> that might work if you make sure that the routes stay when disconnecting
17:00 < Brutser> yes but then i need to trigger the disconnect event
17:00 < Brutser> dont know how
17:01 < Manis> it seems btw that Tunnelblick does def1 by itself. I haven't set it in my conf but it still creates a 0/1 route
17:01 <@syzzer> ah, right, you want to block any connections, also when vpn is shut down. firewall it is then.
17:01 < Manis> syzzer: That's what he wants.
17:01 < Brutser> yes, system should not work if vpn tunnel not active
17:01 < Manis> Brutser: I think you will have to use a 3rd party firewall
17:01 < Brutser> manis: yes i am afraid i have to
17:02 < Brutser> so taht is what i was testing when i found the malware on my virtualbox
17:02 < Manis> actually this just brought a new idea to my mind
17:02 < Manis> I will have to keep an eye on my routing table and check when the routes are being removes
17:03 <@syzzer> Manis: did the tls-version-min work for you btw?
17:03 < Manis> syzzer: Yes, it worked :)
17:03 <@syzzer> ok, cool!
17:03 < Manis> Next will be client certs :)
17:04 < Manis> but not today. too late already
17:04 < Manis> cya
17:04 <@syzzer> yep, same here. time for bed!
17:04 <@syzzer> cya
17:05 -!- Manis [~Manis@gateway/tor-sasl/manis] has quit [Remote host closed the connection]
17:05 < Brutser> good night all
17:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
17:33 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:51 -!- tobinski [~tobinski@x2f58ee7.dyn.telefonica.de] has quit [Quit: Leaving]
18:10 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:19 -!- esde [~esde@unaffiliated/esde] has quit [Quit: .]
18:55 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
19:48 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Quit: Leaving]
19:57 -!- Brutser [~Pete@d51A48718.access.telenet.be] has quit []
20:00 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Read error: Connection reset by peer]
20:01 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
20:14 -!- esde [~esde@unaffiliated/esde] has joined #openvpn
20:15 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
20:41 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
20:43 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
21:06 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Ping timeout: 264 seconds]
21:08 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Quit: bbl]
21:10 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
21:58 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:01 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
22:23 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
22:50 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:08 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Read error: Connection reset by peer]
23:32 -!- ShadniX [dagger@p5481D560.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
23:33 -!- ShadniX [dagger@p5DDFDCA5.dip0.t-ipconnect.de] has joined #openvpn
23:35 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Remote host closed the connection]
23:41 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
--- Day changed Tue Jan 06 2015
00:32 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
00:46 -!- svm_invictvs [~svm_invic@unaffiliated/svminvictvs/x-938456] has joined #openvpn
00:46 < svm_invictvs> Hello
01:20 -!- master_of_master [~master_of@p4FD7BB4A.dip0.t-ipconnect.de] has joined #openvpn
01:23 -!- master_o1_master [~master_of@p4FF24AC0.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]
01:31 -!- mattock_afk is now known as mattock
01:48 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:48 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:48 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
02:01 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:01 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:10 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
02:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:49 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:50 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
02:51 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:10 -!- JackWinter [~jack@vodsl-4724.vo.lu] has quit [Ping timeout: 250 seconds]
04:15 <@plaisthos> dazo_afk, Manis: iirc, with the SHA256 in that cipher it is a tls 1.1 or tls 1.2 cipher
04:16 <@plaisthos> which menas both cient and server need to have tls 1.1 and 1.2 support
04:16 <@plaisthos> which is a recent 2.3.6 client
04:16 <@plaisthos> or -master
04:19 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: leaving]
04:20 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
04:20 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Client Quit]
04:21 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
04:37 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
04:45 -!- JackWinter [~jack@vodsl-9585.vo.lu] has joined #openvpn
05:10 -!- svm_invictvs [~svm_invic@unaffiliated/svminvictvs/x-938456] has quit [Read error: Connection reset by peer]
05:12 -!- JackWinter [~jack@vodsl-9585.vo.lu] has quit [Ping timeout: 244 seconds]
05:22 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 244 seconds]
05:28 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
05:38 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Remote host closed the connection]
05:39 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
05:44 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Read error: Connection reset by peer]
05:53 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
05:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:11 -!- dazo_afk is now known as dazo
06:21 -!- sheepman [~sheepman@unaffiliated/sheepman] has joined #openvpn
06:22 < sheepman> hi all, are comments permitted in ccd files?
06:30 -!- JackWinter [~jack@vodsl-9520.vo.lu] has joined #openvpn
06:32 < sheepman> they are :)
06:32 < sheepman> i'll stop being lazy kthxbai
06:32 -!- sheepman [~sheepman@unaffiliated/sheepman] has left #openvpn []
06:38 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
06:40 -!- ccha [~ccha@unaffiliated/ccha] has joined #openvpn
06:40 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:42 < ccha> hello I configured my openvpn with dev tap. Client side got the tap ip, but client can't ping openvpn's local ip address, neither others lan addresses
06:43 < ccha> hwo can I check what is wrong with my configuration ?
06:43 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
06:46 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Read error: Connection reset by peer]
06:53 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 244 seconds]
06:55 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
06:57 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
06:59 < ccha> my openvpn server is inside the LAN
07:00 < ccha> does server_bridge_ip is my LAN gateway ip? or my openvpn server LAN ip ? both are differents servers
07:06 < hyper_ch> why do you want to use tap?
07:06 < hyper_ch> !tap
07:06 <@vpnHelper> "tap" is (#1) "bridge" is (#1) http://openvpn.net/index.php/documentation/faq.html#bridge1, or (#2) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html, or (#3) Bridging looks like a good choice to people who don't know how to set up IP routing, but to learn routing is generally far better., or (#4) useful for windows sharing (without wins server) and LAN gaming,
07:06 <@vpnHelper> anything where the protocol uses MAC addresses instead of IP addresses. or (#2) For tun/tap and route/bridge comparing, see https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
07:14 < ccha> hyper_ch: because I don't want my openvpn server with alot routings rules, and I want to install openvpn on my router.
07:19 < esde> !bridging
07:19 <@vpnHelper> "bridging" is (#1) Using bridges is either completely stupid or clever. It is stupid if you do it because you think it is easier. It is clever if you're a network knowledgeable person who understands networking very well and knows why routing won't fit for you or (#2) See also https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
07:20 -!- tempus_fol [~tempus@gateway/tor-sasl/foltempus] has quit [Ping timeout: 250 seconds]
07:20 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:25 -!- tempus_fol [~tempus@gateway/tor-sasl/foltempus] has joined #openvpn
07:27 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:34 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
07:35 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
08:01 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
08:12 -!- jl- [~lao@c-174-60-71-232.hsd1.pa.comcast.net] has joined #openvpn
08:13 < jl-> is it problematic if my subnet mask is 255.255.255.x at both the local (work) and the remote (vpn-server) network?
08:18 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
08:19 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
08:33 -!- jdmf [~jdmf@78.156.100.202] has joined #openvpn
08:41 -!- tobinski [~tobinski@x2f583d9.dyn.telefonica.de] has joined #openvpn
08:49 -!- james41382 [~james@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
08:56 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:59 -!- dazo is now known as dazo_afk
09:00 -!- dazo_afk is now known as dazo
09:04 -!- ub1quit33 [~quassel@cpe-23-243-158-241.socal.res.rr.com] has joined #openvpn
09:07 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
09:08 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
09:31 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Remote host closed the connection]
09:32 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
09:59 <@dazo> jl-: no, subnet shouldn't normally cause any issues .... it's the network range (where the size of the range is defined by the subnet mask) which can cause troubles if they overlap
10:01 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:01 <@dazo> so: 192.168.0.0/24  and   192.168.1.0/24   would be no problem.  (/24 == 255.255.255.0)
10:02 <@dazo> however:  192.168.0.0/23 and 192.168.1.0/23  will cause issues ... as they will be the same network
10:02 <@dazo> (/23 == 255.255.254.0)
10:21 < hyper_ch> subnets, masks, networks..... all super complicated :)
10:22 < hyper_ch> maybe when I grow old I'll finally get the hang of it
10:52 -!- Arr0way [~Arr0way@unaffiliated/arr0way] has joined #openvpn
10:54 < Arr0way> Guys, I'm getting constant stalls when trying to transfer files using multiple protocols. WAN Router => Switch => pfsense => OpenVPN Servers    I've tried tweaking MTU's etc no effect.
10:54 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
10:54 < hyper_ch> iperf or I don't believe it
10:54 < Arr0way> so iperf through the tunnel ?
10:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
10:55 -!- ShotokanZH [~ShotokanZ@unaffiliated/shotokanzh] has joined #openvpn
10:55 < ShotokanZH> hi guys :)
10:56 < ShotokanZH> i'd love an help in configuring a fresh install with openvpn
10:56 < hyper_ch> !howto
10:56 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
10:56 < Arr0way> ill set that up now.
10:56 < ShotokanZH> hyper_ch, thx
10:56 < ShotokanZH> hyper_ch, what i ask btw is:
10:57 < ShotokanZH> is it compatible with ksplice/oracle uptrack?
10:57 < ShotokanZH> as openvpn-as isn't
10:57 < hyper_ch> !as
10:57 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
10:57 < ShotokanZH> hyper_ch, oh please i'm not talking about openvpn-as
10:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:57 < hyper_ch> reflex :)
10:58 < hyper_ch> isn't ksplice real-time kernel patching?
10:58 < esde> yes
10:58 < ShotokanZH> hyper_ch, yep
10:58 < hyper_ch> I fail to see how that's related to openvpn
10:58 < esde> same here
10:58 < ShotokanZH> hyper_ch, openvpn-as fails to start (or re-start) if uptrack version is != than kernel version
10:59 < ShotokanZH> hyper_ch, so i don't know if this happens on openvpn too
10:59 < esde> != does not equal less than or greater than.
10:59 < jl-> dazo: thx
10:59 < ShotokanZH> esde, uptrack version can be only greater obv..
11:01 < hyper_ch> I still fail to see how that's related to openvpn
11:01 < hyper_ch> but maybe that's just me
11:01 < ShotokanZH> hyper_ch, i'm just asking if anyone here does use openvpn with ksplice so it can confirm that after a openvpn service restart everything goes well
11:01 < ShotokanZH> :)
11:01 < esde> obviously? you wrote an illogical statement. How exactly would an uninformed user be able to know you (obviously) meant greater than if that's not what you wrote.
11:01  * esde shrugs
11:02 < hyper_ch> krzee: https://twitter.com/__apf__/status/551083956326920192
11:02 <@vpnHelper> Title: Adrienne Porter Felt on Twitter: "hey @Gogo, why are you issuing *.google.com certificates on your planes? http://t.co/UmpIQ2pDaU" (at twitter.com)
11:02 < esde> it's sad people have to ask
11:02 < hyper_ch> or rather: http://arstechnica.com/security/2015/01/gogo-issues-fake-https-certificate-to-users-visiting-youtube/
11:02 <@vpnHelper> Title: Gogo issues fake HTTPS certificate to users visiting YouTube | Ars Technica (at arstechnica.com)
11:02 < esde> public reason: load balancing
11:02 < esde> real reason: ?????
11:03 < hyper_ch> ShotokanZH: it's simple to try it :)
11:03 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:03 < jl-> so after connecting successfully, I now have 2 active Local Area Connections. the TAP-Adapter and the regular one. does the TAP adapter take over the regular one?
11:03 < jl-> or how do they interact?
11:03 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:04 <@dazo> ShotokanZH: openvpn-as and the community version of openvpn are two very different products ... ask in #openvpn-as for ksplice on openvpn-as ....
11:04 <@dazo> ShotokanZH: but the core openvpn component (which the community edition is all about) doesn't care about kernel versions
11:04 < ShotokanZH> esde, uptrack downloads updates of the currently running kernel so how can it be older?
11:05  * esde whoooooooosh
11:05 < ShotokanZH> dazo, in #openvpn-as replied that they just don't know why it does that, so i'm trying to switch to basic openvpn
11:06 <@dazo> ShotokanZH: you'll loose a lot of functionality (like the web admin) by doing that ... openvpn-as uses the core openvpn we have here, but adds a lot of additional stuff around it
11:07 <@dazo> jl-: it depends on your routing table .... you can tell your OS to route everything via the tunnel, or just some subnets
11:07 < ShotokanZH> dazo, i don't really care i'd just love to see it working with my pcs :) (1 user)
11:07 < ShotokanZH> also, does it fill the iptables table with a lot of rules like openvpn-as i suppose?
11:07 <@dazo> (openvpn can assist setting up these routes, using --route)
11:07 <@dazo> ShotokanZH: nope
11:08 < ShotokanZH> dazo, good, great.
11:09 <@dazo> The core OpenVPN piece does only one thing ... allow users to connect, authenticate users and tunnel data ... nothing more.  But it can be extended by using script hooks or --plugins
11:10 <@dazo> jl-: If you're new to VPN and/or networking .... please read !tcpip ... to do VPN, you do need to understand networking quite well, no matter what ... otherwise, it'll just mess up your life badly ;-)
11:10 <@dazo> !tcpip
11:10 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know
11:10  * dazo need to run
11:10 < hyper_ch> "to do VPN, you do need to understand networking quite well"  -> I still fail pretty badly on this point
11:11 -!- dazo is now known as dazo_afk
11:11 < hyper_ch> dazo: running heightens your risk of having an accident
11:13 < esde> especially with scissors
11:16 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:b876:305b:3c5e:f25a] has quit [Read error: Connection reset by peer]
11:19 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: Lost terminal]
11:24 -!- hmmhesays [~hmmhesays@64.135.116.184] has joined #openvpn
11:25 < Arr0way> hyper_ch: iperf looks alright :s
11:25 < Arr0way> any suggestions
11:27 < hyper_ch> all is well then :)
11:27 < Arr0way> hyper_ch: well all is not well, connections are stalling.
11:28 < hyper_ch> that's just what they want to make you believe
11:28 < Arr0way> haha
11:28 < Arr0way> if i scp a file it stalls :P
11:28 < hyper_ch> then rsync it
11:28 < hyper_ch> rsync --stats --progress
11:29 < Arr0way> its not just scp
11:29 < Arr0way> its all protocols
11:29 < ShotokanZH> hyper_ch, how much time do i have to wait for the ./build-dh script? lol
11:29 < ShotokanZH> it's like 5 minutes as of now
11:30 < ShotokanZH> on an octacore 2.4GHz server
11:30 < hyper_ch> 4096 bit?
11:30 < ShotokanZH> 2048
11:30 < hyper_ch> you don't have to wait nearly as long as for 4096 bit
11:30 < ShotokanZH> it's a huge lot as of now :/
11:31  * hyper_ch heard that empires raise to power and vanish into nothingness while it's generating a 4096bit dh file
11:31 < hyper_ch> rise
11:31 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
11:33 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
11:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
11:37 < hyper_ch> krzee: https://stribika.github.io/2015/01/04/secure-secure-shell.html
11:37 <@vpnHelper> Title: Secure Secure Shell (at stribika.github.io)
11:38 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
11:44 < ShotokanZH> hyper_ch, does openvpn use multiple threads like openvpn-as, one for every core?
11:45 < hyper_ch> I have no idea
11:45 < hyper_ch> and I have plenty of that
11:45 < ShotokanZH> ok :)
11:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:46 < ShotokanZH> hyper_ch, and can i put as cipher something like AES256+EECDH ?
11:47 < ShotokanZH> or it does support a single one only
11:47 < hyper_ch> I've heard of AES and ECHR before
11:48 < ShotokanZH> hyper_ch, try running openssl ciphers AES256+EECDH;
11:48 < hyper_ch> I've heard rumors that if you do that you could make the universe implode
11:49 < ShotokanZH> hyper_ch, it's actually the most secure & retro-compatible configuration for https web servers
11:49 < ShotokanZH> valued 100/95/100/100 on qualys
11:49 < ShotokanZH> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA
11:49 < ShotokanZH> :)
11:57 < ShotokanZH> hyper_ch, what about a nice openvpn client for windows?
11:57 < ShotokanZH> gui is preferred
11:57 < ShotokanZH> :)
11:57 < hyper_ch> the one provided on the openvpn page
11:57 < hyper_ch> maybe
11:57 < ShotokanZH> hyper_ch, sucks a lot :<
11:58 < ShotokanZH> i'm gonna try tunxten
11:58 < hyper_ch> which is strange that you say that since it runs perfectly well
11:58 < ShotokanZH> hyper_ch, it does run well
11:58 < ShotokanZH> but it's completely guiless
11:59 < hyper_ch> it's strange, I see a gui with buttons and stuff
11:59 < ShotokanZH> o.o
11:59 < ShotokanZH> can you link it?
11:59 < hyper_ch> link what?
12:13 -!- scyld [~scyld@gateway/tor-sasl/wasyl] has joined #openvpn
12:14 -!- Uber-Ich [~qi@unaffiliated/uber-ich] has joined #openvpn
12:15 < Uber-Ich> Out of curiosity, is OpenVPN often blocked by Comcast? I am unable to connect to my VPN from a vacation rental, which uses Comcast wifi.
12:19 < hyper_ch> let me fetch my magic crystal ball and do mind-read over the internet to the comcast execs
12:19 < Uber-Ich> hyper_ch: That would be fantastic :P I am from Europe, and therefore am unfamiliar with the state of VPN usage in the United States.
12:20 < hyper_ch> isn't everybody from Yrope?
12:20 < Uber-Ich> Ebola-chan is mai waifu, and she is from Africa :3
12:21 < esde> !crystal
12:21 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
12:22 < hyper_ch> how comes I don't recall ahving seen that factoid before?
12:24 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Remote host closed the connection]
12:24 < esde> !download
12:25 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
12:25 < esde> ShotokanZH, you can download the windows client (gui) at the link above
12:25 < ShotokanZH> esde, ty
12:25 < esde> np
12:26 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
12:30 < ShotokanZH> esde, so.. what if openvpn connects (green icon) and i still reach internet using the main adapter?
12:30 < ShotokanZH> i mean, i still see my own ip address instead of my server's
12:33 < esde> ShotokanZH, I have zero experience with configuring openvpn server on windows.
12:33 <@ecrist> !def1
12:33 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
12:33 <@ecrist> see that, ShotokanZH 
12:33 < ShotokanZH> ecrist, o.o where da hell do i have to type that
12:33 < esde> o_0
12:34 < ShotokanZH> i mean, with other vpn clients i had not to do that thing :/
12:35 < ShotokanZH> push "redirect-gateway def1"  in the config?
12:43 < esde> !man
12:43 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
12:43 < esde> give that a read
12:44 < hyper_ch> ShotokanZH: shall all clients only go throught the vpn? then put it into the server config
12:44 < hyper_ch> shall only certain clients use that, put it into
12:44 < hyper_ch> !ccd
12:44 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
12:44 < ShotokanZH> hyper_ch, ok thank you
12:52 < ShotokanZH> hyper_ch, it seems like it now forces everything to pass thru the vpn, but i can't really contact enything thru that
12:52 < hyper_ch> !ipforward
12:52 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
12:53 < ShotokanZH> hyper_ch, i've already done that iptables -w -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
12:53 < ShotokanZH> isn't that correct?
12:53 < hyper_ch> !linipforward
12:53 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
12:54 < hyper_ch> not the same
12:54 < ShotokanZH> hyper_ch, mine is not necessary or both has to be running?
12:55 < hyper_ch> what does it say? it has three different factoids for it, all giving you information
12:55 < ShotokanZH> oh yeah sorry
12:56 < hyper_ch> an I use:  iptables -t nat -A POSTROUTING -s ${vpnSub}.0/24 -o eth0 -j MASQUERADE
12:56 < hyper_ch> you have a -w in it.. no idea what that does though
12:56 < ShotokanZH> hyper_ch, it does wait for other iptables to end
12:57 < hyper_ch> all the smart people that I know use it without the -w
12:57 < hyper_ch> not sure if that could lead to any complications
12:57 < ShotokanZH> hyper_ch, i've a complex firewall script
12:57 < ShotokanZH> using it without the -w results in the command not running
12:58 < hyper_ch> do you also push dns servers?
12:58 < ShotokanZH> hyper_ch, yep, enabled googles dns & the default ones
12:58 < hyper_ch> then the ipforward is the only thing that I still can collect... also
12:58 < esde> and I use  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to (eth0 ip)
12:58 < hyper_ch> !configs
12:58 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
12:58 < esde> :D
13:00 < hyper_ch> no idea what it does :) but if it works for your, all is well
13:00 < ShotokanZH> hyper_ch, yeahh it does now work :D
13:00 < ShotokanZH> thank you ^^
13:02 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
13:05 < esde> https://unix.stackexchange.com/questions/21967/difference-between-snat-and-masquerade "The SNAT target requires you to give it an IP address to apply to all the outgoing packets. The MASQUERADE target lets you give it an interface, and whatever address is on that interface is the address that is applied to all the outgoing packets. In addition, with SNAT, the kernel's connection tracking keeps track of all the connections when the interface is taken down a
13:05 < esde> nd brought back up; the same is not true for the MASQUERADE target."
13:06 <@vpnHelper> Title: iptables - Difference between SNAT and Masquerade - Unix & Linux Stack Exchange (at unix.stackexchange.com)
13:06 < esde> oops, sorry for multi-line paste.
13:06 < hyper_ch> you should be quartered for multi-line pasting....
13:06 < hyper_ch> :)
13:07 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
13:10 -!- ShotokanZH [~ShotokanZ@unaffiliated/shotokanzh] has left #openvpn ["Leaving"]
13:12 -!- Uber-Ich [~qi@unaffiliated/uber-ich] has quit [Quit: WeeChat 1.0.1]
13:45 -!- hoople [~hoople@tengo.link] has joined #openvpn
13:47 -!- hoople [~hoople@tengo.link] has quit []
13:49 -!- hoople [~hoople@tengo.link] has joined #openvpn
13:53 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:57 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Quit: Gone...]
14:19 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
14:46 < jl-> when I have my browser open, then connect to the vpn, and google "what's my ip", google will display my local ip. however, when I open an incognito window, it will show the ip of the vpn server. is this normal?
14:56 <@ecrist> that's weird
14:58 < jl-> is my IP cached? :P
14:58 < jl-> when I go to any real website (non-google) it'll show the vpn ip
14:59 < jl-> it also seems like after some time, when I refresh that page, it will show the vpn ip
14:59 < jl-> so it almost seems like there's an old "session" that's causing google to show that ip
14:59 < jl-> not sure
14:59 <@ecrist> https://secure-computing.net/ip.php
15:00 < jl-> yup, vpn IP
15:00 < jl-> same with all those "what's my ip" websites
15:01 <@ecrist> there you go
15:02 <@ecrist> that web page doesn't cache IPs, fwiw
15:15 < hoople> i haven't experienced that caching behaviour with google
15:19 -!- hoople [~hoople@tengo.link] has quit [Read error: Connection reset by peer]
15:30 <@novaflash> you are all awesome
15:30 <@novaflash> except for.. *points to esde*
15:30 <@novaflash> he's super awesome
15:30  * esde hides
15:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
15:46 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:52 < hyper_ch> how comes that generating the dh takes like forever?
15:52 < esde> depends on how large
15:53 < hyper_ch> 4096bit
15:53 < esde> 1024 is much quicker than 2048, and 2048 is much quicker than 4096, and 4096 is much quicker than 8196
15:53 < hyper_ch> one cup of coffee just isn't good enough for it
15:53 < esde> etc
15:53 < hyper_ch> you can generate 8196 ?
15:53 < esde> yes
15:54 < hyper_ch> interesting
15:54 < hyper_ch> and for 16xxx you'll just sleep through the night?
15:54 < jl-> pretty much
15:54 < esde> as the bitsize increases the resources (cpu time) also increase to a larger degree
15:55 < jl-> just 1 bit increases the number significantly
15:55 < jl-> now imagine 200 bit more
15:55 < jl-> *2000
15:55 < hyper_ch> but what is the process behind it?
15:56 < esde> math problem
15:56 < esde> that's about it
15:56 < jl-> it generates random bits
15:57 < esde> https://security.stackexchange.com/questions/42415/openvpn-dhparam
15:57 <@vpnHelper> Title: openssl - OpenVPN dhparam - Information Security Stack Exchange (at security.stackexchange.com)
15:57 < hyper_ch> still doesn't explain why it's taking that long
15:57 < esde> you have to learn how it works at a lower level
15:57 < esde> the larger the resulting file, the longer it takes to generate it
15:58 < esde> it also depends on how much entropy is available
15:58 < esde> haveged can help increase entropy
15:59 < hyper_ch> haveged?
15:59 < esde> look it up
15:59 < esde> i gotta run
16:07 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
16:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.1-dev]
16:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:23 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Client Quit]
16:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:35 < esde> hyper_ch, here's the link for haveged http://www.issihosts.com/haveged/
16:35 <@vpnHelper> Title: haveged - a simple entropy daemon (at www.issihosts.com)
16:36 < hyper_ch> can things that operate on logic only, like computer, actually achieve true randomness?
16:39 < esde> i've run some random tests on the data and not yet recorded any anomalous results
16:49 < esde> http://pastebin.com/xCgFsPXd
16:52 -!- aeny [631058e1@gateway/web/freenode/ip.99.16.88.225] has joined #openvpn
16:54 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:58 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Ping timeout: 245 seconds]
17:06 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
17:06 -!- tobinski [~tobinski@x2f583d9.dyn.telefonica.de] has quit [Quit: Leaving]
17:07 -!- mattock is now known as mattock_afk
17:10 -!- adaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
17:10 -!- diranged [~Adium@162.245.21.10] has joined #openvpn
17:11 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
17:11 < diranged> Hey.. I'm trying to setup an OpenVPN server using a wildcard godaddy SSL cert for our vpn endpoint (we already have it, and its already installed on all ofo ur employee laptops). I'm running into a problem though with the OpenVPN client (tunnelblick in this case) saying "self signed certificate in chain", even though i've supplied the client with a copy of the godaddy intermediate certs.
17:11 < diranged> Can anyone offer a pointer her?
17:15 -!- adaptr [~jgeilman@unaffiliated/adaptr] has quit [Quit: WeeChat 1.0]
17:16 -!- adaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
--- Log closed Tue Jan 06 17:20:54 2015
--- Log opened Tue Jan 06 21:00:42 2015
21:00 -!- ecrist [~ecrist@freebsd/contributor/openvpn.community.support.ecrist] has joined #openvpn
21:00 -!- Irssi: #openvpn: Total of 196 nicks [9 ops, 0 halfops, 2 voices, 185 normal]
21:00 -!- mode/#openvpn [+o ecrist] by ChanServ
21:00 -!- Irssi: Join to #openvpn was synced in 1 secs
21:17 -!- havingFun_ [~quassel@unaffiliated/xrosnight] has quit [Read error: Connection reset by peer]
21:51 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
21:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:56 -!- novaflash is now known as novaflash_away
22:08 -!- ub1quit33 [~quassel@cpe-23-243-158-241.socal.res.rr.com] has quit [Read error: Connection reset by peer]
22:14 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:21 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Quit: Leaving]
22:21 -!- novaflash_away is now known as novaflash
22:37 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:41 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Quit: Leaving]
22:46 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 265 seconds]
23:24 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
23:25 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
23:25 -!- zalami is now known as ZiconiumNitrate
23:25 -!- ZiconiumNitrate is now known as ZirconiumNitrate
23:26 -!- ZirconiumNitrate is now known as offended
23:26 -!- offended is now known as zimbobwe
23:28 -!- zimbobwe is now known as zalami[slp]
23:33 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 265 seconds]
23:34 -!- ShadniX [dagger@p5DDFDCA5.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:34 -!- ShadniX [dagger@p5DDFF120.dip0.t-ipconnect.de] has joined #openvpn
23:42 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
23:47 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
23:54 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 245 seconds]
23:57 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
--- Day changed Wed Jan 07 2015
00:32 -!- heraclitus [~phobos@unaffiliated/heraclitis] has joined #openvpn
01:09 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
01:11 -!- mattock_afk is now known as mattock
01:15 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
01:20 -!- master_o1_master [~master_of@p4FF24564.dip0.t-ipconnect.de] has joined #openvpn
01:23 -!- master_of_master [~master_of@p4FD7BB4A.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
01:30 -!- aeny [631058e1@gateway/web/freenode/ip.99.16.88.225] has quit [Quit: Page closed]
01:35 -!- novae [~novae@unaffiliated/novae] has quit [Remote host closed the connection]
01:47 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:48 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:00 -!- Rambozo [~Rambozo@ns503798.ip-192-99-11.net] has joined #openvpn
02:08 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:15 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
02:18 < Arr0way> hi
02:19 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
02:20 -!- ljvb [~jason@us.vps.vanbrecht.com] has quit [Quit: brb reboot (hopefully back)]
02:37 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Ping timeout: 272 seconds]
02:39 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
02:47 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:50 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
03:12 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
03:19 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
03:33 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
03:45 -!- ShotokanZH [~ShotokanZ@unaffiliated/shotokanzh] has joined #openvpn
03:46 < ShotokanZH> hi guys
03:46 < ShotokanZH> is there out any "official/unofficial but trustworthy" repository for ubuntu 14.04 LTS?
03:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:58 -!- i336_ [~i336_@CPE-58-164-17-215.lnse5.ken.bigpond.net.au] has joined #openvpn
04:00 < i336_> Hey everyone. I'd like to configure OpenVPN on Linux to handle all network I/O for a specific set of processes, as opposed to the whole system. Where do I start with that sort of thing, or should I be asking ##Linux for help with process isolation?
04:00 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
04:01 < i336_> I'm not sure if it changes anything, but some of the processes will be being run in WINE. (Not all of them though.)
04:03 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
04:20 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Quit: Contact: http://hallowe.lt/]
04:24 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
04:28 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: Lost terminal]
04:28 -!- ikke-t [~ikke@62.237.43.150] has left #openvpn ["Leaving"]
04:29 < ShotokanZH> i336_, tha hell are you doing dude :D
04:30 -!- i336_ [~i336_@CPE-58-164-17-215.lnse5.ken.bigpond.net.au] has quit [Ping timeout: 264 seconds]
05:01 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
05:04 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:13 < esde> ShotokanZH, still about?
05:14 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
05:22 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
05:27 -!- dazo_afk is now known as dazo
05:40 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
05:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
06:10 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Remote host closed the connection]
06:13 -!- stewi [~quassel@2400:6800:ffff:2:d12d:c01a:e607:1b94] has joined #openvpn
06:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
06:19 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
06:20 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
06:21 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
06:21 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
06:22 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
06:23 -!- Tracker [~tracker@m88.ip1.anvianet.fi] has joined #openvpn
06:24 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
06:24 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
06:26 < Tracker> I have a problem with windows 7 openvpn ip routing.. I have 2 openvpn instances connected and both servers can ping ok to the client and when just one client connected I can ping the client from lan behind both servers. but when both connected openvpn tryes to route connecting trought the first connecting because client has both routes to lan behind servers trounght server one and two. but in
06:26 < Tracker> windows xp this same setup works correctly ,.. using newest openvpn client and tap .. tun openvpn used for a long time with one server...
06:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:32 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
06:36 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
06:36 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
06:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
06:54 <@ecrist> Tracker: we're going to need more information in order to help you
06:55 <@ecrist> configs for both servers, both client configuration files, logs, etc
06:55 <@ecrist> !configs
06:55 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
06:55 <@ecrist> !logs
06:55 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
06:55 <@ecrist> don't paste in-channel, make sure to use pastebin or something similar
06:55 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:03 < esde> ShotokanZH, I havent come across any repos for ubuntu 14.04, yet. your best bet is to download the source and install from scratch. there's only a few dependencies and the process is simple
07:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
07:09 -!- toli_ [~toli@d51A4CC08.access.telenet.be] has joined #openvpn
07:10 < toli_> hello, I use openvpn comunity in p2p mode, but when I include my secret key for android client it is asking for the CA, and I normally not using this!
07:10 < toli_> any workaround?
07:12 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
07:13 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
07:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:24 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
07:28 < esde> !inline
07:28 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
07:28 < esde> toli_, ^
07:29 < toli_> esde, thanks, but I don't use CA certificate for the other p2p connections, only openvpn secret key
07:30 < esde> s/certs/keys
07:30 < toli_> thank you
07:36 -!- glosoli [~textual@unaffiliated/glosoli] has joined #openvpn
07:37 < glosoli> Hey is there some way to easily connect to VPN using only username and password. I get an error like this from Tunnelblick "OpenVPN Options error: You must define CA file"
07:38 < esde> !authpass
07:38 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
07:39 < esde> >highly NOT recommended
07:43 -!- glosoli [~textual@unaffiliated/glosoli] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:44 -!- james41382 [~james@unaffiliated/james41382] has joined #openvpn
08:04 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:09 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 264 seconds]
08:55 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
09:05 <@dazo> esde: Using username/password auth without client certificates is no worse than what most users do with webmail or imap/pop3 over SSL.  Clients still need the CA the server uses, so clients will always authenticate the server.  Client certificates is just another way of client authentication .... not using user/pass auth and not using client certs is "highly not recommended"
09:23 < esde> http://pastebin.com/zihCLJmR I hope with the same factoid formatted differently, you can understand my misconception
09:30 -!- diranged [~Adium@162.245.21.10] has joined #openvpn
09:31 < diranged> Hey.. I'm seeing some performance and reliability issues between an openvpn server and its client. The two machines are not that far away to explain the issues. We're seeing ping times through the openvpn server (to some backend servers that are close) bounce from 90ms (good) -> 1700ms(bad).
09:31 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Ping timeout: 250 seconds]
09:32 < diranged> 3-4 will go through at 90ms, then 2 will take nearly 2s..
09:32 < diranged> We're running OpenVPN on port 443 in TCP mode. I'm curious it TCP mode could have anything to do with this?
09:32 < diranged> (we aer simultaneously running a strongswan ipsec service.. and when we use that, we see consistent 90ms pings)
09:32 < esde> UDP is a good option when you notice performance issues on TCP
09:34 < diranged> Is it really likely that TCP is causing the issue here though?
09:38 < diranged> I'm trying UDP now just to see how it behaves
09:40 < diranged> Indeed.. it seems with UDP the performance is about right (90-91ms).. but i've seen 2 packets fail to make it so far.
09:41 < esde> "UDP can be less reliable that TCP VPN connections as UDP does not guarantee the delivery of packets."
09:41 < esde> s/that/than
09:41 < diranged> Yes .. I understand that technically. Its just rare to see that in practice today..
09:41 < diranged> at least, in my experience..
09:41 < diranged> but.. hey .. i havn't setup VPNs in a long time, so maybe at that layer, its still common enough
09:46 < diranged> ok another question.. can someone help me get openvpn to bind to a management socket rather than a local tcp port?
09:46 < diranged> i tried 'management /tmp/some_socket_file'.. and that failed
09:50 -!- toli_ [~toli@d51A4CC08.access.telenet.be] has quit [Quit: Leaving]
09:55 < esde> from the managament man page https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage "The management interface can also listen on a unix domain socket, for those platforms that support it. To use a unix domain socket, specify the unix socket pathname in place of IP and set port to 'unix'. While the default behavior is to create a unix domain socket that may be connected to by any process, the --management-client-user and --management-client-group direc
09:55 < esde> tives can be used to restrict access."
09:55 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
09:55 < esde> *management
09:55 < diranged> bah.. thanks
09:56 < diranged> hrmm of course.. it sets the permissions to 777..
10:01 -!- Voyage [~Voyage@182.189.236.89] has joined #openvpn
10:01 < Voyage> HI
10:02 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
10:03 < Voyage> I can see this directory. I am following a guide to install openvpn server on ubuntu. /usr/share/doc/openvpn/examples/easy-rsa/2.0/*     Guide https://help.ubuntu.com/community/OpenVPN
10:03 <@vpnHelper> Title: OpenVPN - Community Help Wiki (at help.ubuntu.com)
10:07 < Voyage>  cant*
10:10 < esde> !goal
10:10 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
10:12 < Voyage>  I would like to access the internet over my vpn
10:15 < esde> !howto
10:15 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
10:16 < Voyage> esde http://nerdanswer.com/answer.php?q=737345
10:16 <@vpnHelper> Title: Extreme difficulty setting up VPN (at nerdanswer.com)
10:16 < esde> also i doubt you need bridged
10:16 < Voyage> ok. what do I need?
10:16 < esde> !bridging
10:16 <@vpnHelper> "bridging" is (#1) Using bridges is either completely stupid or clever. It is stupid if you do it because you think it is easier. It is clever if you're a network knowledgeable person who understands networking very well and knows why routing won't fit for you or (#2) See also https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
10:17 < esde> you want to use tun, more than likely
10:17 < esde> !tunortap
10:17 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
10:17 <@vpnHelper> rooted/jailbroken) support only tun
10:17 < Voyage> ok. esde is there a tutorial?
10:17 < esde> yes, the howto i linked
10:17 < Voyage> k'
10:18 < Voyage> esde this link does not says "howto for tunnel"  http://openvpn.net/index.php/open-source/documentation/howto.html
10:18 <@vpnHelper> Title: HOWTO (at openvpn.net)
10:19 < Voyage> esde which part should I follow?
10:22 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:28 < esde> installing OpenVPN, Numbereing Private Subnets, Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients, Creating configuration files for server and clients, Starting up the VPN and testing for initial connectivity. Are the first areas of interest
10:29 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
10:32 -!- Voyage [~Voyage@182.189.236.89] has left #openvpn []
10:33 < esde> pekster, you about?
10:38 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
10:44 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:45 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer]
10:50 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: Lost terminal]
10:54 -!- Voyage [~Voyage@182.189.236.89] has joined #openvpn
10:54 < Voyage> I am trying to connect skype through ssh -D 1080 user@hostVPS        I put socks5 and port 1080 in skype network settings. But still I cannot bypass restrictions set by my ISP. any reasons you may think of?
10:55 < esde> this isn't the place for openssh support. but what is the host set to?
10:57 < Voyage> host?
10:57 < esde> should be 127.0.0.1 or localhost
10:57 < Voyage> yes.
10:57 < Voyage> it is
10:58 < esde> try #openssh for openssh support
10:58 < Voyage> k
10:58 < Voyage> esde,  setting openvpn instead would do better?
10:59 < Voyage> skype says "proxy to use for incomming connections" but I need proxy for out going calls. Am I on valid options?
10:59 < esde> depends on your needs. i generally prefer openvpn to ssh tunneling. but ssh tunneling is a neat thing too
10:59 < Voyage> k
10:59 < Voyage> skype says "proxy to use for incomming connections" but I need proxy for out going calls. Am I on valid options?
10:59 < esde> please don't spam
11:00 < Voyage> sory for double type
11:03 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
11:03 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Ping timeout: 265 seconds]
11:12 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
11:12 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
11:12 < esde> Voyage, here's an extremely basic (and possible incomplete) "to-do" list for accomplishing your goal http://pastebin.com/raw.php?i=Ukfp4ATq
11:13 < esde> *possibly
11:13 < Voyage> esde,  ya, but I am not a master. need step by step guide
11:14 < esde> !effort
11:14 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
11:15 < esde> If you ask questions, I/we will try to answer them :)
11:17 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:19 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
11:21 < Voyage> esde,  ok
11:26 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit1]
11:31 -!- quup [~ppp@unaffiliated/quup] has joined #openvpn
11:36 -!- Voyage [~Voyage@182.189.236.89] has quit [Read error: No route to host]
11:36 <@ecrist> securing SSH.  good read: https://stribika.github.io/2015/01/04/secure-secure-shell.html
11:36 <@vpnHelper> Title: Secure Secure Shell (at stribika.github.io)
11:37 <@ecrist> This post will still be here when you finish. My goal with this post here is to make NSA analysts sad.
11:38  * esde gives ecrist the talles, coldest, of beers
11:38 < esde> *tallest
11:39 <@ecrist> :)
11:43 < esde> are these warnings tongue-in-cheek? "You attempted to reach stribika.github.io, but instead you actually reached a server identifying itself as a shape shifter humanoid reptile alien. This may be caused by a misconfiguration on the server or something more serious. An attacker on your network could be trying to get you to visit a fake (and definitely harmful) version of stribika.github.io. You should not proceed."
11:44 <@krzee> yep that is a good read
11:45 <@krzee> i believe hyper_ch posted it here the other day
11:45 <@krzee> yep, twas him
11:46 <@krzee> he's my personal rss, better configured than any rss reader i had in the past! he only pings me on articles i am interested in
11:46 <@krzee> hyper_ch, :D
11:47 < esde> haha
12:08 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:09 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
12:22 < hyper_ch> krzee: what?
12:22 < hyper_ch> secure shell?
12:22 <@krzee> yep, good link
12:22 < hyper_ch> why can't the distros make that by default?
12:24 <@krzee> ++
12:24 <@krzee> hyper_ch++
12:24 < hyper_ch> (well, except the part with the hidden tor service...)
12:25 <@krzee> right that was another topic all together
12:37 -!- hmmhesays is now known as hmmhesegs
12:51 < hyper_ch> krzee: I'll try that on my servers on the weekend :)
12:51 < hyper_ch> what could possibly more fun than hardening ssh on servers on the weekend, right?
12:52 -!- masterkorp [~masterkor@static.85-10-196-211.clients.your-server.de] has joined #openvpn
12:53 < masterkorp> hello
12:53 < masterkorp>  socks_handshake: TCP port read timeout expired:
12:53 < masterkorp> i am getting this using openvpn trough a socks server in obsfropxy
13:00 < masterkorp> does openvpn support socks 4 ??
13:05 -!- Voyage [~Voyage@182.189.236.89] has joined #openvpn
13:05 < Voyage> Hi,
13:05 < Voyage> What command to use to connect to a openvpn server from a client?
13:06 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
13:07 <@krzee> hyper_ch, i recommend making a second config and a seperate port for testing so you dont risk locking yourself out =]
13:07 < Voyage> esde, ?
13:07 <@krzee> Voyage, start openvpn on the client, it does what its instructed, --remote will let you specify the server
13:07 < hyper_ch> on hetzner I have lara consoles if I need :)
13:07 < hyper_ch> ramnode gives web-based kvms
13:08 < Voyage> krzee,  so           sudo service openvpn start --remote server.com ?
13:08 <@krzee> no
13:09 < Voyage> krzee,  then?
13:09 <@krzee> the config which is started when you run 'service openvpn start' should already have remote entries in it
13:09 <@krzee> !howto
13:09 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
13:11 < Voyage> krzee,  its    Autostarting VPN 'client'      but my ip has not changed
13:11 <@krzee> do you run your server?
13:11 < Voyage> I am at client. The server is up though
13:12 <@krzee> you need to control the server as well for us to rebug it...
13:12 <@krzee> !redirect
13:12 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
13:12 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
13:12 <@krzee> see flowchart at #4
13:12 <@krzee> the sdf link
13:14 < Voyage> krzee,  I followed this http://grantcurell.com/2014/07/22/setting-up-a-vpn-server-on-ubuntu-14-04/
13:14 <@vpnHelper> Title: How to Setup OpenVPN on Ubuntu 14.04 » Grant Curell (at grantcurell.com)
13:14 <@krzee> !walkthrough
13:14 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
13:14 < hyper_ch> !howto > Voyage
13:15 < hyper_ch> bot can't highlight users? :(
13:15 <@krzee> nope
13:15 < hyper_ch> bot must become smarter
13:15 < hyper_ch> !howto
13:15 <@krzee> if you find a supybot plugin for it, lemme know
13:15 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:16 < hyper_ch> krzee: plenty of bots can do that
13:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:16 < Voyage> hyper_ch,  very difficult to understand tutorial
13:17 <@krzee> i gave you a flowchart for troubleshooting your problem
13:17 < hyper_ch> but once you understand it, you're ready to go
13:17 -!- ShotokanZH [~ShotokanZ@unaffiliated/shotokanzh] has left #openvpn ["Leaving"]
13:17 <@krzee> im betting you have not clicked it
13:17 < hyper_ch> we used flowcharts back at university
13:19 < Voyage> krzee,  I followed this http://grantcurell.com/2014/07/22/setting-up-a-vpn-server-on-ubuntu-14-04/     I think I need to NAT through it. How do I do that?
13:19 <@vpnHelper> Title: How to Setup OpenVPN on Ubuntu 14.04 » Grant Curell (at grantcurell.com)
13:19 <@krzee> im not going to read their walkthrough
13:19 <@krzee> !linnat
13:19 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
13:19 <@krzee> !iptables
13:19 <@vpnHelper> "iptables" is (#1) To test if netfilter ("iptables rules") are your problem, disable all rules with an ACCEPT policy. See https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules for a script to do this. or (#2) See also the manpage section on firewalls at this link: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbBG or (#3) These are just the basics to get you started
13:19 <@vpnHelper> as firewall design is beyond this channel's scope; you can also see #netfilter
13:19 <@krzee> !factoids search --values iptables-save
13:20 <@vpnHelper> 'iptables-rules' and 'netfilter'
13:20 <@krzee> !iptables-rules
13:20 <@vpnHelper> "iptables-rules" is When posting iptables rules, please use the `iptables-save` syntax as it is easiest to read. While we try to be helpful, #netfilter may be more appropriate for complex netfilter issues
13:23 <@krzee> !iptables-rules | hyper_ch
13:24 < esde> Maybe it's hungry
13:24 < esde> !botsnack
13:24 <@vpnHelper> "botsnack" is Om nom nom!
13:24 <@krzee> lol
13:25 < hyper_ch> isn't   ! >   better than   ! |  ?
13:25 < esde> | is less likely to cause confusion
13:26 < hyper_ch> well, from a bash point of view I think > is better....
13:29 <@krzee> depends what you view people as
13:29 <@krzee> if they are flat files >
13:30 <@krzee> if they are more like executables |
13:30 <@krzee> ;]
13:30 < Voyage> my vpn server is not starting
13:30 < Voyage> how to debug
13:30 < Voyage> * Starting virtual private network daemon(s)...                                                                      *   Autostarting VPN 'server'                                                                                       root@cqtechnologies:/var/www/html# service openvpn status
13:30 < Voyage>  * VPN 'server' is not running
13:30 < esde> !paste
13:30 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
13:31 < esde> check the log sudo tail -f /path/to/openvpn.log
13:31 <@krzee> when using > the bash analogy would be flat files which you are clobbering and overwriting with the factoid
13:31 <@krzee> Voyage,
13:31 <@krzee> !logfile
13:31 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
13:31 <@krzee> !man
13:31 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
13:32 < hyper_ch> krzee: in unix, everything's a file :)
13:32 < hyper_ch> or so I was told
13:32 < Voyage> esde,  logs are not in /var/log. where might they be?
13:32 <@krzee> of course
13:32 <@krzee> but what kind of file and how is it used
13:32 < Voyage> krzee,  esde  oh . syslog
13:32 < Voyage> ok
13:32 < esde> Voyage, are you absorbing anything we're telling you?
13:32 <@krzee> you would never > to a binary, for example
13:32 < Voyage> esde,  yes. just read late
13:32 < hyper_ch> echo "some smart text" > /dev/user/brain
13:33 < esde> Check your openvpn server config, look for the log directive
13:33 < esde> it will show the path, if logging is enabled in the config, that is
13:33 <@krzee> esde, he has his heart set on doing this without reading the manual
13:33 < esde> apparently
13:33 <@krzee> if you do not want to learn i recommend openvpn-as
13:33 < Voyage>  Options error: --dh fails with 'dh1024.pem': No such file or directory
13:33 <@krzee> they made something for you
13:33 < esde> you have to create the certs and keys yourself
13:34 < esde> it's all in the
13:34 < esde> !howto
13:34 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:34 <@krzee> !as
13:34 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
13:34 <@krzee> i recommend you change to openvpn-as
13:35 <@krzee> you will not be required to read documentation or learn about networking or cert management
13:35 < Voyage> esde,  krzee  I see that  dh2048.pem in dir and not dh1024
13:35 <@krzee> if you choose to use the version you are using, you will be expected to read the docs we point you to
13:35 <@krzee> Voyage, and the fix isnt obvious?
13:35 < esde> change the server config to reflect that, then
13:35 < hyper_ch> krzee: but you did spoon-feed me...
13:35 < Voyage> esde, krzee  yes. should I rename the file or change configs?
13:36 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:36 < esde> change config
13:36 <@krzee> hyper_ch, you read what told to read
13:36 < Voyage> k
13:36 < esde> the numbers is the bitsize of the file
13:36 < hyper_ch> krzee: impossible... real men don't need to read :)
13:36 <@krzee> hey didnt you run my config generator actually?
13:36 < esde> renaming dh2048.pem to dh1024.pem will only cause further confusion
13:37  * hyper_ch wonders who in here has a Stallmann-beard
13:37 <@krzee> esde, lol
13:37 < hyper_ch> krzee: I used your config generator a few times
13:37 <@krzee> ya i think you did get spoonfed
13:37 <@krzee> cause you were testing my config generator
13:37 <@krzee> lol
13:37 <@krzee> !spoonfeeding
13:37 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html
13:38 < Voyage> http://pastie.org/9818799
13:38 < esde> Okay now you're cooking
13:38 < esde> you need to get tun enabled
13:38 < Voyage> :)
13:38 <@krzee> looks like your kernel doesnt have tun compiled in
13:38 <@krzee> maybe you have the module
13:39 < Voyage> :(
13:39 < esde> is this your hardware, or a VPS?
13:39 <@krzee> i think openvpn tries to load it but couldnt hurt to 'modprobe tun'
13:39 <@krzee> esde, good question! ^
13:40 < Voyage> vps
13:40 < esde> if it's a vps open a ticket and ask them to enable tun
13:40 < Voyage> esde,  cant i enable it myself?
13:40 < esde> maybe, but possibly no
13:40 < Voyage> whys that. iam  the root
13:40 < esde> because it's not your machine
13:41 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Ping timeout: 250 seconds]
13:41 < esde> the feature needs to be enabled at a higher (lower?) level than your container
13:41 < hyper_ch> is it kvm or openvz?
13:41 < Voyage> openvz
13:42 < Voyage> hyper_ch,  will do?
13:42 < hyper_ch> well, in kvm you'd run a realy vm
13:42 < esde> the time you spend not opening a ticket and asking for tun to be enabled, is being wasted
13:42 < Voyage> hyper_ch,  sorry?
13:43 < Voyage> esde,  hm
13:43 < hyper_ch> Voyage: don't worry about it
13:43 < esde> especially since openvz is weird with un sometimes. you may need to reboot a couple of times for it to take effect, once your provider enables it
13:43 < Voyage> hyper_ch,  ok. in short, I can do what ever I want in kvm and not in openvz?
13:43 < esde> s/un/tun
13:44 < hyper_ch> Voyage: yes.... someone described openvz a little while ago as glorified chroot
13:44 < esde> KVM and OpenVZ both have their own benefits and pitfalls
13:44 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
13:44 < Voyage> which one gives more control?
13:44 < hyper_ch> yes, I use openvz on some stuff and kvm on others
13:45 < hyper_ch> e.g. freeswitch I run on openvz for better performance
13:45 < esde> KVM
13:45 < Voyage> like tune, etc
13:45 < hyper_ch> with kvm you run your own kernel
13:46 < hyper_ch> with openvz you run the host node's kernel
13:46 < esde> especially since openvz shares the host kernel with the containers running on it
13:46 < esde> but this is all getting away from the point at hand
13:46 < esde> you need to conact your provider and request they enable tun.
13:47 < esde> s/conact/contact
13:47 < Voyage> apt-get install linux-headers-`uname -r`
13:47 < Voyage> Unable to locate package linux-headers-2.6.32-042stab093.5
13:47 < esde> what?????
13:48 < Voyage> http://serverfault.com/questions/91340/how-to-install-tun-tap-driver-for-openvpn-on-centos-linux       second answer
13:48 <@vpnHelper> Title: How to install tun/tap driver for openvpn on centos linux? - Server Fault (at serverfault.com)
13:48 < esde> you cant change the kernel on openvz
13:48 < esde> >you need to contact your provider and request they enable tun.
13:48 < Voyage> hm
13:48 < Voyage> ok. support ticket then
13:48 < esde> look at all that wasted time
13:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
13:49 < Voyage> If, in case, I lay down weapons; anyone knows an openvpn provider ?
13:50 < hyper_ch> what do you need?
13:50 < esde> check openvpn.com
13:50 < hyper_ch> or rather how much you're willing to pay
13:50 < esde> .net that is
13:50 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:51 < Voyage> how much would I have to pay for a normal openvpn server?
13:52 < hyper_ch> depends on what you want to do with it
13:52 < esde> there are some for free
13:52 < Voyage> I just need my skype trafic to be routed through it
13:52 < Voyage> as my ISP blocks calls on landline numbers via skype
13:53 < hyper_ch> what country should the server be in?
13:53 < Voyage> esde,  are those free onese reliable?
13:53 < Voyage> hyper_ch,  US maybe?
13:53 < hyper_ch> http://www.ramnode.com/vps.php
13:53 <@vpnHelper> Title: RamNode | VPS Plans (at www.ramnode.com)
13:53 < hyper_ch> maybe one of the $3.50 / M
13:53 < esde> depends on your geographical location and the load on the server in question
13:53 < hyper_ch> the provide browser based vnc so you can run the complete OS installation in the browser
13:54 < esde> skype over VNC on a headless VPS?
13:54 < hyper_ch> (switch to kvm)
13:54 < esde> sounds awful
13:54 < hyper_ch> esde: he wants vpn server
13:54 < esde> ....you provided a link to a vps provider
13:55 < esde> methinks he's asking about paid vpn service
13:55 < hyper_ch> yes, in which he can setup a server and deploy openvpn
13:55 < esde> but i could be wrong
13:55 < hyper_ch> maybe I'm wrong
13:55 < Voyage> esde,  I have skype on my pc. just need a ssh tunnel
13:55 < hyper_ch> I thought he was looking for a kvm solution
13:55 < esde> to be fair, he's not being extremely clear about anything
13:56 < Voyage> hyper_ch,  do you like ramnode? they get DDOSed so often
13:56 < hyper_ch> Voyage: haven't had issues with them this far
13:56 < Voyage> ok
13:56 < hyper_ch> but there's others
13:56 < Voyage> esde,  so its headless I gues
13:57 < hyper_ch> and there's openvpn providers that just provide the vpn tunnel
13:57 < hyper_ch> a free one would be  hide.me
13:57 < Voyage> esde,  well, I could use more apps with skype. like browser if I have a vpn...
13:57 < esde> if you'd just wait for your provider to enable tun.....
13:57 < hyper_ch> but only free for 2GB
13:57 < Voyage> hyper_ch,  so http://www.ramnode.com/vps.php       is =  openvpn providers that just provide the vpn tunnel  /
13:57 <@vpnHelper> Title: RamNode | VPS Plans (at www.ramnode.com)
13:57 < Voyage> ?\
13:57 < esde> no that's vps
13:57 < esde> not vpn
13:58 < hyper_ch> Voyage: no, thats a virtual private server
13:58 < hyper_ch> that provides either kvm or openvz... kvm starts at $ 3.50 per month
13:58 < hyper_ch> you can install your own OS there
13:58 < hyper_ch> and then deploy openvpn if you use kvm
13:59 < Voyage> as a matter of fact, the server I was configuring is already on ramnode
13:59 < Voyage> but an openvz.
13:59 < hyper_ch> if you just wanna use it as vpn gateway, the $3.50 is ok.... and you get 1 TB
13:59 < Voyage> I really wonder if I could get it right, up and running.
13:59 < hyper_ch> Voyage: maybe contact them if you could switch over to kvm instead
13:59 < Voyage> iam not a guru
13:59 < hyper_ch> !confgen
13:59 < esde> Voyage, it'd be running now if it were KVM
13:59 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ or (#3) you must run this in bash
13:59 < esde> you wouldn't have to wait to enable tun
13:59 < Voyage> esde,  hm ok
14:02 < Voyage> If, in case, I lay down weapons; anyone knows an openvpn provider that just gives me a tunnel ?
14:03 < hyper_ch> why give up now?
14:04 < Voyage> hm
14:04 < esde> because he doesn't want to read
14:04 < esde> he should go paid vpn or AS
14:04 < Voyage> I fear that I might not mess my server that has a lot of things in it already
14:04 < hyper_ch> I don't want to read either, but I get paid for that
14:05 < Voyage> and.. if i can find a ready made tunnel for cheap. why configure a server
14:05 < esde> huh
14:05 < esde> !effort
14:05 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
14:05 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Quit: brb]
14:05 < esde> s/your problem/how openvpn works/
14:05 < hyper_ch> !krzee
14:06 < esde> * vpnHelper has quit (Quit: brb)
14:06 < hyper_ch> dang :)
14:06 < hyper_ch> the bot anticipated that I was trying to get info on krzee
14:06 < hyper_ch> and quit before I could query
14:07 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
14:07 -!- mode/#openvpn [+o vpnHelper] by ChanServ
14:08 < esde> !kiss | esde
14:08 < Voyage> I am going for [Standard] KVM SSD
14:08 < esde> So much for that
14:08 <@krzee> !krzee | esde
14:08 < Voyage> 512MB SKVMS 	512 MB 	1 Core 	1 	/64 	10 GB 	1000 GB 	$5 / mo 	
14:08 < Voyage> good?
14:08 < esde> it can run on less
14:08 <@krzee> !krzee > esde
14:08 < esde> but that looks sufficient
14:08 < esde> !keys < krzee
14:09 < hyper_ch> Voyage: it all depends what you want to do on it
14:09 < esde> my openvpn instance is using about 75MB of memory right now
14:09 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:09 < esde> and i doubt that's all being used by the openvpn process itself
14:10 < hyper_ch> you probably could go for premium kvm ssd - 256MB SKVM	256 MB	1 Core	1	/64	8 GB	1000 GB	$3.50 / mo	NYC / ATL / SEA / NL
14:10 < hyper_ch> half ram and 2 GB less disk space
14:11 < hyper_ch> but if you want to run webserver on it and database server and what else... then go for more ram... it's up to you what you want to use it for
14:11 < Voyage> I have a website of 5 pages, a demo site of x2engine.com that also requires a mysql database. a redmine project management software in ruby and rails that also runson mysql.  I would add openvpn on those. so the server is ok?
14:11 < Voyage> 512MB SKVMS 	512 MB 	1 Core 	1 	/64 	10 GB 	1000 GB 	$5 / mo 	
14:11 < hyper_ch> no idea how much redmine requires
14:12 < Voyage> know about x2?
14:12 < Voyage> am any ways. whats KVM SSD-Cached
14:13 < hyper_ch> uses ssd for chaching and has normal harddrives for actual storage of data
14:13 < hyper_ch> no idea what x2 is
14:14 < esde> CRM
14:14 < Voyage> esde,  hyper_ch  ramnode replied that I can enable tun on openvz. just giving a link
14:15 -!- diranged [~Adium@162.245.21.10] has left #openvpn []
14:16 < hyper_ch> Voyage: then you don't need to change :)
14:17 -!- zalami[slp] is now known as zalami
14:20 < Voyage> ya.
14:20 < Voyage> How do i find my username?
14:21 < esde> ?
14:21 < esde> whoami
14:21 <@krzee> !101
14:21 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
14:21 < Voyage> on ramnod
14:21 < Voyage> :)
14:23 < Voyage> https://vpscp.ramnode.com/login.php      is something different . hyper_ch  would know
14:23 <@vpnHelper> Title: Control Panel (at vpscp.ramnode.com)
14:23 < hyper_ch> ?
14:23 < esde> It's not a matter of who knows. It's a matter of, this discussion is not appropriate for this channel.
14:23 < Voyage> nevermind. I would figure
14:23 < Voyage> esde,  ok
14:24 < hyper_ch> RNuser...... for me
14:24 < esde> taking hand holding to a whole new level
14:31 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
14:31 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 252 seconds]
14:33 < Voyage> hyper_ch,  esde  do I need to enable PPP?
14:33 < esde> no
14:33 < hyper_ch> only if ou want to use ppp
14:34 < Voyage> # cat /dev/net/tun
14:34 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
14:34 < Voyage> cat: /dev/net/tun: File descriptor in bad state
14:34 < esde> it's enabled
14:35 < Voyage> # service openvpn status
14:35 < Voyage>  * VPN 'server' is running
14:35 < esde> how bout that
14:35 < hyper_ch> openvpn could be lying to you
14:36 < Voyage> am. so how do I make sure of things?
14:36 < esde> tail -f /path/to/openvpn.log
14:36 < hyper_ch> try to connect with a client
14:36 < hyper_ch> or what esde said
14:36 < esde> last line should read Initialization Sequence Completed
14:36 < Voyage> hyper_ch,  client is already connected
14:37 < Voyage> * VPN 'client' is running
14:37 < esde> when the client browses, does it show the VPS's WAN IP?
14:37 < Voyage> no
14:37 < hyper_ch> esde: that depends on how it's configured
14:37 < hyper_ch> !def1
14:37 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
14:37 < esde> his goal is to forward traffic through openvpn
14:37 < Voyage> because I guess no firewall rules were made
14:37 < esde> yup, been through all this earlier
14:38 < esde> i posted a rule in #openssh earlier
14:38 < hyper_ch> Voyage: use redirect-gateway def1
14:38 < esde> try this Voyage iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to (eth0 ip)
14:38 < esde> hyper_ch, he doesnt have iptables even set yet
14:39 < hyper_ch> that doesn't need to be set for redirect gateway, does it?
14:39 < esde> it does
14:39 < hyper_ch> really?
14:39 < Voyage> hyper_ch,  esde  what do I need to do from : http://pastie.org/9818913
14:40 < hyper_ch> is your interface even eth0?
14:40 < Voyage> dont know.
14:40 < hyper_ch> then you should check
14:40 < Voyage> ip route ls ?
14:40 < esde> what do you mean what do you need to do from? those are three iptables commands
14:41 < esde> the first one, is to forward all traffic from openvpn clients through the WAN IP, dunno what the other two are for
14:41 < Voyage> http://pastie.org/9818919
14:42 < Voyage> esde,  I meant, which ip tables command do I need. the only one you gave or anything else?
14:42 < esde> ok this is getting far too convoluted
14:43 < esde> you need the rule i provided and `push "redirect-gateway def1"` in the conf
14:43 < Voyage> hm. ok.
14:44 < Voyage> for a first step, what should I type
14:44 < esde> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to (eth0 ip)
14:44 < Voyage> whats  (eth0 ip)
14:44 < esde> the wan ip of the vps
14:44 < Voyage> can it be a domain name ?
14:45 < esde> i dont think so
14:45 < Voyage> ok
14:45 < esde> you need the push directive in the client conf too
14:45 < esde> <push "redirect-gateway def1"> that is
14:45 < esde> without the <>'s
14:45 < Voyage> its 168.235.66.43   and I am typing command in terminal
14:46 < esde> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 168.235.66.43
14:46 < esde> assuming eth0 too, your interface name may be different
14:47 < esde> whatever interface name has that ip, put that name in place of eth0
14:48 < Voyage> ;push "redirect-gateway def1 bypass-dhcp"
14:48 < Voyage> uncommenting it
14:48 < esde> great!
14:48 < esde> you'll need to reload/restart openvpn to reflect any changes you make to configs
14:49 < Voyage> how can I know the interface name?
14:49 < esde> ifconfig
14:49 < Voyage> k
14:50 < Voyage> venet0:0  Link encap:UNSPEC
14:50 < esde> there ya go! :D
14:50 < Voyage> so its venet0?  or venet0:0
14:51 < esde> whatever interface name has that ip, put that name in place of eth0
14:51 < hyper_ch> venet0:0 IMHO
14:51 < Voyage> Just did iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0:0 -j SNAT --to 168.235.66.43
14:52 < Voyage> restarted vpn
14:52 < esde> bear in mind, you restart openvpn for config changes. iptables rules are automatic
14:53 < Voyage> did that but ip of client browser did not changed
14:53 < Voyage> do I need to reconnect client?
14:54 < esde> did you add the redirect-gateway directive to the client conf too?
14:54 < Voyage> yes
14:55 < Voyage> I just uncommnented it.
14:55 < esde> yes
14:55 < Voyage> how can I debug?
14:55 < Voyage> Do I need to add the highligted lines also ? http://pastie.org/9818919#9,11
14:56 < esde> Not afaik
14:56 < Voyage> ok. how can I list iptables rules
14:56 < Voyage> any other way to debug?
14:57 < esde> is it not working still?
14:57 < esde> if not, do you have ip forwarding enabled on the server?
14:58 < Voyage> how can I know
14:59 < esde> cat /proc/sys/net/ipv4/ip_forward
14:59 < esde> 0=no 1=yes
14:59 < Voyage> ok
14:59 < Voyage> esde,  dont you think I need these http://pastie.org/9818956#14-19
15:00 < Voyage> cat /proc/sys/net/ipv4/ip_forward says 1
15:00 < esde> this came from a guide "Enter the following commands one by one to forward traffic through OpenVPN:"
15:00 < Voyage> ya
15:01 < esde> i think your iptables are borked
15:01 < Voyage> ok. how can I list iptables rules
15:02 -!- JBravo [~JBravo@babylon5.ra.is] has joined #openvpn
15:03 < esde> iptables -L and iptables -t nat -L are probably what you need
15:03 < JBravo> need some help with "Bad LZO decompression header byte: 69" in server's log (and no traffic over the vpn tunnel
15:03 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
15:03 < esde> JBravo, is compression set on both sides? or vice-versa?
15:04 < JBravo> yes
15:04 < esde> you only want one postrouting rule to route openvpn clients out to WAN. If you have the MASQUERADE and SNAT rules both in place at the same time, it wont work
15:05 < Voyage> http://pastie.org/9818966  esde
15:05 < esde> do you have fragment in your confs?
15:05 < JBravo> omg
15:05 < JBravo> what is it with asking for help and then finding the answer :)
15:05 < JBravo> 64 bytes from 10.8.0.1: icmp_seq=945 ttl=64 time=1.71 ms
15:05 < JBravo> hah :)
15:06 < esde> iptables -t nat -D POSTROUTING 2 Voyage to get rid of the double SNAT rules
15:06 < JBravo> thanks :)
15:06 -!- JBravo [~JBravo@babylon5.ra.is] has left #openvpn ["Leaving"]
15:06 < Voyage> iptables -t nat -D POSTROUTING 2 ?
15:06 < Voyage> ok
15:06 < esde> yeah, you have that rule entered twice
15:07 < Voyage> shoudl It work now?
15:07 < Voyage> I just just open a browser from client now?
15:07 < Voyage> to check ip?
15:07 < esde> give it a shot
15:07 < Voyage> same issue
15:08 < Voyage> ok. how can I check that the vpn is in action and connection?
15:08 < Voyage> can I browse files of server from client?
15:08 < esde> sudo service openvpn status
15:08 < Voyage> running
15:08 < esde> and tail -f /path/to/openvpn.log
15:08 < Voyage> on client or on server?
15:08 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
15:08 < esde> server
15:09 < Voyage> issues.
15:09 < Voyage> too many
15:10 < esde> try deleting the POSTROUTING rule thats left and in it's place put this iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0:0(or whatever the WAN interface is) -j MASQUERADE
15:10 < Voyage> http://pastie.org/9818978#
15:11 < Voyage> TLS handshake failed
15:11 < esde> paste at pastebin.com so we can see the whole lines
15:11 < Voyage> TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
15:11 < Voyage> k
15:12 < esde> not here, on a site like pastebin.com
15:12 < Voyage> http://pastebin.com/uiD9eh3W
15:13 < esde> looks like you didnt copy the client certs/keys to the client or the conf doesn't have their locations defined properly
15:14 < Voyage> I did
15:14 < Voyage> let me check
15:14 -!- glosoli [~textual@unaffiliated/glosoli] has joined #openvpn
15:15 < Voyage> :/etc/openvpn$ ls
15:15 < Voyage> ca.crt  client.conf  clientname.crt  clientname.key  update-resolv-conf
15:15 < esde> is that client or server?
15:16 < Voyage> client
15:16 < Voyage> the client.conf says # file can be used for all clients.
15:16 < Voyage> ca ca.crt
15:16 < Voyage> cert clientname.crt
15:16 < Voyage> key clientname.key
15:16 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]
15:16 < esde> stop pasting mulitple lines at once in the channel please
15:17 < Voyage> k
15:17 < esde> so the client.conf is at /etc/openvpn/openvpn.conf and the certs/keys are in the same directory?
15:18 < Voyage> the client conf is client.conf in :/etc/openvpn
15:18 < Voyage> and certs/keys are in same dir
15:18 < Voyage> yes
15:18 -!- glosoli [~textual@unaffiliated/glosoli] has left #openvpn []
15:19 < esde> ok, does the user running the openvpn client process have permissions to view those files?
15:19 < Voyage> he should as openvpn was started as sudo
15:19 < Voyage> he should as openvpn was started as sudo openvpn start
15:19 < esde> ps aux, look for the openvpn process and see who the user is running the process
15:20 < Voyage> the files have this permissions too rwxrwxrwx
15:21 < esde> only need 0600 on keys/certs and ownership set to the openvpn user
15:21 < Voyage> $ sudo ps aux | grep openvpn
15:21 < Voyage> root      5771
15:22 < Voyage> ownership? should I chown openvpn .key .crt ?
15:22 < esde> 1sec
15:23 < esde> sudo adduser openvpn; sudo chown openvpn:openvpn /etc/openvpn/ca.crt /etc/openvpn/client.crt /etc/openvpn/client.key; sudo chmod 0600 /etc/openvpn/ca.crt /etc/openvpn/client.crt /etc/openvpn/client.key
15:24 < esde> that will create a non-root user (open) and set the correct permissions and ownership
15:24 < esde> *openvpn
15:24 < esde> then add user openvpn group openvpn to config
15:25 -!- mattock is now known as mattock_afk
15:27 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 244 seconds]
15:28 < Voyage> esde,  where in config?
15:29 < esde> between the first and last line
15:29 < Voyage> in client config? right?
15:29 < esde> yes
15:29 < Voyage> ok. how to add it?
15:29 < Voyage> the exact line/command
15:29 < esde> i would do the same thing on the server
15:30 < Voyage> what line be added?
15:31 < esde> ;user openvpn ;group openvpn
15:31 < esde> without the comments, on separate lines
15:31 < Voyage> oh]
15:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:33 < Voyage>  error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
15:33 -!- Brutser [~email@d51A48718.access.telenet.be] has joined #openvpn
15:34 < esde> !all
15:34 <@vpnHelper> "all" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#' client.conf`), also include which OS and version of openvpn, include your routing tables, firewall settings and client/server logfiles or (#2) For more detailed instructions, look to: !logs !configs !interface
15:34 < Brutser> hi, anyone around with some windows background? i try create some rules in outpost firewall, to only allow openvpn traffic for certain applications - really having a hard time with this...
15:34 < esde> please post what you have for client and server conf to pastebin
15:34 < Voyage> esde,  and I would not want a password to be entered for openvpn user and he be able to login
15:35 < esde> you should have ssh password login disabled
15:40 < Voyage> esde,  http://pastebin.com/C7rVnqK5
15:42 < esde> sudo chown openvpn:openvpn /etc/openvpn/client.conf; sudo chmod 0600 /etc/openvpn/client.conf
15:42 < esde> i doubt it's not seeing the conf file, but i noticed it sticking out like a sore thumb
15:43 < Voyage> done
15:44 < esde> did you use the easy-rsa scripts?
15:44 < Voyage> yes
15:44 < esde>  ./build-ca ./build-key-server ./build-key client ?
15:44 < Voyage> yes
15:44 < esde> *+server
15:44 < esde> it looks like something is wrong with them
15:45 < esde> try ./clean-all and recreate them
15:45 < esde> unless someone wants you to set verbosity higher and help you, as I'll need to leave soon
15:46 < esde> https://forums.openvpn.net/topic10261.html
15:46 <@vpnHelper> Title: OpenVPN Support Forum [Resolved] Self Signed certificate : Server Administration (at forums.openvpn.net)
15:47 < esde> that thread sould be helpful
15:47 < esde> s/sould/should
15:47 < Voyage> is there a service that I can use just to tunnel traffic?
15:48 < esde> openvpn
15:48 < Voyage> I mean some service that is already setup
15:48 < esde> you've come this far, just troubleshoot your configuration until it works how you want it
15:49 < Voyage> hm
15:49 < Voyage> ok
15:49 < esde> you've got the daemon running, now you just need to fix the PKI issues
15:49 < esde> if you take some time and read through that thread, there is very helpful information
15:50 < Voyage> ok
15:54 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:58 < esde> gotta run, good luck
16:10 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Remote host closed the connection]
16:20 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 245 seconds]
16:26 < Brutser> on one client, every time he will try first connection (after reboot) to vpn server - the dhcp times out
16:27 < Brutser> only 'solution' i have now is to remove tap and re-add it
16:27 -!- dazo is now known as dazo_afk
16:27 < Brutser> what can be wrong with the config for this behaviour?
16:33 < Voyage> http://pastebin.com/rFupb818  any ideas ?
16:36 < Voyage> my internet goes off on client when I connect
16:40 < Voyage> krzee,  hyper_ch  you around?
16:43 < Voyage> http://pastebin.com/8MTYrQvL
16:43 < esde> Voyage, see this http://openvpn.net/index.php/open-source/faq/79-client/253-tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity.html
16:43 <@vpnHelper> Title: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) (at openvpn.net)
16:47 < Voyage> esde,  which port does openvpn uses? I will check if its blocked or not
16:47 < esde> 1194 by default
16:49 < Voyage> PORT     STATE  SERVICE
16:49 < Voyage> 1194/tcp closed openvpn
16:49 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:b876:305b:3c5e:f25a] has joined #openvpn
16:50 < esde> got another firewall running?
16:50 < Voyage> iam on ramnode. i dont think they do
16:51 < esde> !configs
16:51 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
16:51 < esde> follow those steps to a T, i wont read it with comments, i dont have the time and i'll check out your configs before i have to go again
16:54 < Voyage> cat /etc/openvpn/server.conf | grep -vE '^#|^;|^$
16:54 < Voyage> ?
16:54 < pekster> Why TCP?
16:54 < pekster> !tcp
16:54 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
16:55 < esde> i don't know why he chose tcp, but given his geoip i'd think possibly to get past some restrictive fireall maybe
16:56 < Voyage> esde,  no . I can ping server
16:56 < esde> also pekster here, http://pekster.sdf.org/code/projects/easyrsa3.html you have a hyperlink (see my GitHub project) that 404's. it should be https://github.com/OpenVPN/easy-rsa not https://github.com/QueuingKoala/easy-rsa as it is now
16:56 <@vpnHelper> Title: Project: Easy-RSA 3 (next-gen Easy-RSA codebase) (at pekster.sdf.org)
16:57 < pekster> Don't use that first URL
16:57 < Voyage> cat /etc/openvpn/server.conf | grep -vE '^#|^;|^$   esde
16:57 < esde> .......
16:57 < esde> that's the link defined in the hyperlink
16:58 < pekster> Use the real project URL, not a supremely out of date development resource
16:58 < pekster> !easyrsa
16:58 <@vpnHelper> "easyrsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Source checkouts available from the github project; current official release download is 2.2.2 with 3.x code in git-master. or (#4) Helpful wiki info about easyrsa at: https://community.openvpn.net/openvpn/wiki/EasyRSA
16:58 < esde> I was trying to be helpful
16:58 < esde> I'll stop now
16:58 < esde> tip: maybe remove that hyperlink to avoid any confusion
16:59 < esde> as it is linked from a factoid
16:59 < esde> !easyrsa-ng
16:59 <@vpnHelper> "easyrsa-ng" is To track development or usage of the next-gen Easy-RSA codebase with improvements to the original, see http://pekster.sdf.org/code/projects/easyrsa3.html . Be aware this code is beta , but is usable as it stands now. Send suggestions/comments to pekster.
16:59 < pekster> esde: Fixed.
17:00 < Voyage> esde,  I think server might not be routing traffic to client. no?
17:00 < pekster> esde: The !easyrsa has the right URL. Where did you find the ancient URL?
17:00 < Voyage> esde,  client gets connected fine. and server is runing UDP on the port. but when client gets connected, internet goes off on client side
17:00 < esde> pekster, if he's willing to help, can offer assistance. As i mentioned, im about to leave
17:01 < esde> I told you in my first massage.
17:01 < esde> *e
17:01 < esde> the parenthetical is the hyperlink text (mostly)
17:01 < pekster> I'm not "seeing your github project" for whatever reference you think you're helping with
17:02 < esde> this paragraph For active source development, see my GitHub project (Windows wrapper-scripts available at this GitHub project, with binaries included in my Windows-release above from the win-bash project.)
17:02  * pekster does not have time for 20 questions. Maybe message me or send me a nickserv memo that I'll read when I have time
17:02 < esde> the first hyperlink
17:02 < pekster> No, that's outdated
17:02 < pekster> Where did you get THAT resources?
17:02 < esde> the link to that page is the last link in the easyrsa-ng factoid
17:02 < pekster> !easyrsa-ng
17:02 <@vpnHelper> "easyrsa-ng" is To track development or usage of the next-gen Easy-RSA codebase with improvements to the original, see http://pekster.sdf.org/code/projects/easyrsa3.html . Be aware this code is beta , but is usable as it stands now. Send suggestions/comments to pekster.
17:02 < esde> i dont have time either i gotta run lol
17:02 < pekster> !forget easyrsa-ng
17:02 <@vpnHelper> Joo got it.
17:02 < pekster> !learn easyrsa-ng as [easyrsa]
17:02 <@vpnHelper> Joo got it.
17:04 < Voyage> esde,  http://pastebin.com/6bppep1b
17:05 < esde> Voyage, if you're on later I'll highlight you and see how it went/is going but i have to go now
17:05 < esde> get those uncommented configs with your logs and iptables and pastebin them, they will be helpful to the next helper
17:06 < Voyage> esde,  ok. thanks a lot :)
17:06 < esde> yw, good luck man! :)
17:12 < Voyage> http://pastebin.com/Sy3BBN9y     server and client configs at botton
17:13 -!- Brutser [~email@d51A48718.access.telenet.be] has quit [Ping timeout: 245 seconds]
17:32 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
17:43 -!- Voyage [~Voyage@182.189.236.89] has quit [Ping timeout: 264 seconds]
18:05 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
18:05 -!- mode/#openvpn [+v s7r] by ChanServ
18:09 -!- xsamurai [~fahad@unaffiliated/xsamurai] has joined #openvpn
18:09 < xsamurai> is it possible to send a single command to the telnet management interface ?
18:09 < xsamurai> as in  " echo kill someguy | telnet localhost 1234 "
18:34 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
18:34 < ljvb> evening
18:37 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 255 seconds]
18:43 -!- xsamurai [~fahad@unaffiliated/xsamurai] has left #openvpn []
18:45 -!- stewi [~quassel@2400:6800:ffff:2:d12d:c01a:e607:1b94] has quit [Ping timeout: 244 seconds]
18:49 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:58 < ljvb> anyone around running ovpn/fbsd as a gateway..  I'm getting terrible performance.. between client and vpn gateway is fine, as well as any internal host.. but when routing traffic to the outside (using ovpn as default route for clients), performance is abysmal.
19:02 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
19:03 < ljvb> it appears to be somewhere around the handoff to the external interface.
19:06 < esde> there are people running openvpn on bsd in here. im just not one of them lol
19:07 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
19:09 < ljvb> I know.. just trying to figure out why I am taking a perf hit when routing externally..
19:11 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
19:12 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
19:17 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
19:30 -!- Brutser [~email@d51A48718.access.telenet.be] has joined #openvpn
19:31 < Brutser> im trying to create a static route to the vpn server, but not allow any other traffic - how can i accomplish this?
19:31 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
20:18 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
20:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
20:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
21:50 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:54 -!- nutron [~nutron@unaffiliated/nutron] has quit [Remote host closed the connection]
22:08 <@krzee> http://www.spiegel.de/media/media-35515.pdf
22:09 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Ping timeout: 250 seconds]
22:10 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
22:11 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:49 < ljvb> if anyones alive.. when use level 5 verb.. W w R r.. for read write obviously, but what is the difference between upper and lower case?
22:51 <@krzee> !man
22:51 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
22:51 <@krzee> its in --verb
22:51 < ljvb> I'm already in there
22:51 < ljvb> :)
22:52 < ljvb> aha
22:52 < ljvb> trying to figure out why I have such piss poor performance currently
22:54 < ljvb> gained a little perf after removing the static routes
22:54 <@krzee> !speed
22:54 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
22:55 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better.
22:58 < ljvb> not sure the problem is with openvpn, performance between the client and the vpn server is fine, it is when I try to use it as my def gateway to non internal addresses...
22:59 < ljvb> getting around 300 to 400 kbit when I should be getting close to 8mbit.. thats not really a tuning issue.. I could be wrong..
23:12 -!- OShobbit [~andrew@cpe-72-228-8-249.nycap.res.rr.com] has joined #openvpn
23:24 < ljvb> *sigh* okay.. I have narrowed the problem down to not openvpn.. at least I do not think it is.  using iperf3, I get exact same performance over the 2 external ip's using public network as I get over the 2 internal ip's traversing openvpn
23:25 < ljvb> guess it is time to bust out tcpdump on the external interface
23:32 -!- ShadniX [dagger@p5DDFF120.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX [dagger@p5481D67A.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Thu Jan 08 2015
00:01 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
00:05 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has joined #openvpn
00:09 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
00:10 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Client Quit]
00:11 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 244 seconds]
00:12 -!- OShobbit [~andrew@cpe-72-228-8-249.nycap.res.rr.com] has quit [Quit: Leaving]
00:14 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
00:42 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
00:47 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
00:47 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
01:20 -!- master_of_master [~master_of@p4FD7B201.dip0.t-ipconnect.de] has joined #openvpn
01:23 -!- master_o1_master [~master_of@p4FF24564.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
01:25 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has quit [Ping timeout: 250 seconds]
01:26 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
01:43 -!- havingFun_ [~quassel@unaffiliated/xrosnight] has joined #openvpn
01:44 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 265 seconds]
01:47 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
01:48 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:49 -!- havingFun_ [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 240 seconds]
01:55 < hyper_ch> hmmm, anyone here knows czech?
01:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Remote host closed the connection]
01:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:59 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
01:59 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:03 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:05 -!- havingFun is now known as xrosnight
02:13 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:22 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 244 seconds]
02:30 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
02:33 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Ping timeout: 250 seconds]
02:48 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:58 -!- TommyC [~TommyC@unaffiliated/sepulchralbloom] has left #openvpn ["TTFN, Ta Ta For Now!"]
03:02 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
03:06 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Remote host closed the connection]
03:10 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
03:17 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Ping timeout: 250 seconds]
03:19 -!- DerDuddle [~duddle@s15408483.onlinehome-server.info] has joined #openvpn
03:23 < DerDuddle> hello! I am trying to expand my openvpn 2.1.4 setup with a new network, ideally without needing to restarting the daemon.
03:23 < DerDuddle> on the client side is a new network and I want the server side to be able to route through the vpn tunnel
03:24 < DerDuddle> the client-config-dir has a config file for the client with iroute options for the new network
03:24 < DerDuddle> I've manually added a route via "ip route", because I don't want to restart the daemon
03:25 < DerDuddle> with tcpdump I can see that it already sends packets to the tunnel interface, but from there they seem to get lost
03:25 -!- KidCartouche [~user@194.183.244.5] has joined #openvpn
03:26 < DerDuddle> there is already a working network on the client side and I basically copied that configuration and modified it
03:26 < KidCartouche> !welcome
03:26 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
03:26 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:26 < DerDuddle> there are no firewall rules that would prevent the communication
03:26 < DerDuddle> !route
03:26 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
03:26 <@vpnHelper> client
03:27 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
03:32 < DerDuddle> !serverlan
03:32 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
03:32 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
03:35 < DerDuddle> !route_outside_openvpn
03:35 <@vpnHelper> "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
03:35 < DerDuddle> !clientlan
03:35 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
03:35 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/clientlan.png | http://pekster.sdf.org/misc/clientlan.png
03:36 < DerDuddle> I think I did everything correctly. I'll compile my config, maybe I am missing something
03:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
03:41 -!- iokill [~dave@pippin.sigma-star.at] has joined #openvpn
03:50 < iokill> !welcome
03:50 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:50 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:56 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 265 seconds]
03:56 < DerDuddle> http://pastebin.com/YKXEG5A3
03:57 < DerDuddle> a bit of my config and what works and what doesn't
03:57 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
03:57 -!- mode/#openvpn [+v hazardous] by ChanServ
03:59 < iokill> hi! i just hit this bug: https://community.openvpn.net/openvpn/ticket/71
03:59 <@vpnHelper> Title: #71 (Windows 7 (and Vista) - tunnel fails after resume from Sleep/Standby) – OpenVPN Community (at community.openvpn.net)
03:59 < iokill> is there any known workaround for this?
04:02 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:04 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 244 seconds]
04:11 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
04:15 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
04:45 -!- JackWinter [~jack@vodsl-9520.vo.lu] has quit [Excess Flood]
04:45 -!- hypermist [hypermist@unaffiliated/hypermist] has joined #openvpn
04:46 -!- JackWinter [~jack@vodsl-9520.vo.lu] has joined #openvpn
04:46 < hypermist> Erm. someone mind helping i tried to start my openvpn-as via the webpanel annd this happened http://hastebin.com/etibekitep.vhdl
04:46 <@vpnHelper> Title: hastebin (at hastebin.com)
04:47 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 245 seconds]
05:00 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
05:12 -!- hypermist is now known as extrememist
05:12 -!- extrememist is now known as hypermist
05:13 < hypermist> hello anyone ??
05:14 < hypermist> !welcome
05:14 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
05:15 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
05:15 < hypermist> !howto
05:15 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
05:15 < hypermist> not what i need. waits
05:15 -!- dazo_afk is now known as dazo
05:20 < hypermist> why is erryone dead D:
05:20 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 272 seconds]
05:21 < hypermist> dazo you there
05:37 < DerDuddle> ok, it seems like I _had_ to use openvpns "route" to add the route and restart the daemon, the manual static route wasn't enough
05:38 < DerDuddle> which seems really weird, but I guess openvpn somehow needs to know that on startup ...
05:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:47 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 244 seconds]
05:48 -!- edward [~edward@4angle.com] has quit [Ping timeout: 244 seconds]
05:54 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
05:55 -!- edward [~edward@4angle.com] has joined #openvpn
06:02 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
06:04 -!- edward [~edward@4angle.com] has quit [Ping timeout: 244 seconds]
06:10 -!- edward [~edward@4angle.com] has joined #openvpn
06:13 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 240 seconds]
06:13 -!- havingFun_ [~quassel@unaffiliated/xrosnight] has joined #openvpn
06:15 -!- DerDuddle [~duddle@s15408483.onlinehome-server.info] has quit [Quit: Leaving]
06:18 -!- havingFun_ [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 255 seconds]
06:22 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
06:30 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
06:34 <@dazo> hypermist: whazzup?
06:35 <@dazo> !ask
06:35 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
06:51 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 245 seconds]
07:00 < hypermist> dazo i already asked my question but i never got an answer sadly
07:01 < hypermist> and i basically got my friend to answer it for me.
07:01 < hypermist> Since i only have a vps i cannot make a openvpn-as :\
07:03 <@dazo> if you asked a question, it's not in my scrollback
07:06 < hypermist> <hypermist> Erm. someone mind helping i tried to start my openvpn-as via the webpanel annd this happened http://hastebin.com/etibekitep.vhdl
07:06 <@vpnHelper> Title: hastebin (at hastebin.com)
07:06 < hypermist> well i asked for help
07:06 <@dazo> !as
07:06 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
07:07 < hypermist> Oh sorry
07:10 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
07:20 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Ping timeout: 245 seconds]
07:25 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
07:26 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
07:31 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
07:32 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
07:41 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 264 seconds]
08:12 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
08:36 -!- mattock_afk is now known as mattock
08:41 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 240 seconds]
08:48 < hyper_ch> krzee: http://www.usatoday.com/story/tech/2015/01/04/ces-2015-intels-new-biometric-password-manager/21198555/ - what could possibly go wrong... I guess they didn't take notice of 31C3
08:48 <@vpnHelper> Title: Intel unveils app that opens sites with user's face (at www.usatoday.com)
09:07 -!- KidCartouche [~user@194.183.244.5] has quit [Ping timeout: 264 seconds]
09:25 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
09:32 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
09:44 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
09:52 -!- Henryabcd [~Henryabcd@pD9E0AA1A.dip0.t-ipconnect.de] has joined #openvpn
10:21 < masterkorp> Do I need to be a subscriber to post to the openvpn mailing list ?
10:22 < hyper_ch> that's how mailing lists usually work
10:27 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: Lost terminal]
10:36 < masterkorp> not always
10:36 < masterkorp> most of them don't
10:41 -!- elfixit [~Icedove@88-227.197-178.cust.bluewin.ch] has joined #openvpn
10:46 < hyper_ch> all lists I've been involved with require subscription
10:47 <@plaisthos> masterkorp: in the 90s, yes
10:47 < masterkorp> "You are not allowed to post to this mailing list, and your message has
10:47 < masterkorp> "
10:47 <@plaisthos> but nowadays it is different
10:48 < masterkorp> well, the git mailing list the email had to be accepted by hand
10:48 < masterkorp> anyways I will subscribe
10:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:50 -!- hmmhesegs is now known as hmmhesays
10:55 < hyper_ch> krzee: http://marc.info/?l=openssl-announce&m=142046772204265
10:55 <@vpnHelper> Title: '[openssl-announce] Forthcoming OpenSSL releases' - MARC (at marc.info)
10:57 < hyper_ch> krzee: http://marc.info/?l=openssl-announce&m=142046772204265 -->  ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
10:57 <@vpnHelper> Title: '[openssl-announce] Forthcoming OpenSSL releases' - MARC (at marc.info)
10:57 < hyper_ch> sorry, meant this:  https://www.openssl.org/news/secadv_20150108.txt
10:58 -!- elfixit [~Icedove@88-227.197-178.cust.bluewin.ch] has quit [Ping timeout: 256 seconds]
11:00 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:05 -!- elfixit [~Icedove@88-227.197-178.cust.bluewin.ch] has joined #openvpn
11:10 -!- elfixit [~Icedove@88-227.197-178.cust.bluewin.ch] has quit [Ping timeout: 264 seconds]
11:43 -!- Karou [~smuxi@unaffiliated/karou] has joined #openvpn
11:43 < Karou> yo
11:44 < Karou> is there a config switch for tls-auth for embeding it in the config like <ca></ca> ?
11:46 -!- Karou [~smuxi@unaffiliated/karou] has quit [Read error: Connection reset by peer]
11:47 -!- karou [~smuxi@unaffiliated/karou] has joined #openvpn
11:47 < karou> sorry, swapped networks
11:52 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
11:52 < hyper_ch> probably
11:54 < karou> if so what would the syntax for that be
11:55 < hyper_ch> what does the man page say?
11:55 < karou> it doesn't
11:56 < hyper_ch> that's weird...
11:56 < hyper_ch> I guess you must have missed it in the man page
12:03 < karou> yeah, doesn't look like it
12:17 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
12:17 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:25 -!- karou [~smuxi@unaffiliated/karou] has quit [Ping timeout: 245 seconds]
12:35 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
12:58 < esde> damniy
12:58 < esde> *t
13:01 < esde> In the future, to inline the tls auth key, 'key-direction 1' '<tls-auth>' 'static key contents' '</tls-auth>' the text between quotes goes on separate lines
13:06 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
13:07 < hyper_ch> a quick google search told me so
13:39 -!- bonjurkes [~bonjurkes@104.131.52.107] has joined #openvpn
13:40 < bonjurkes> guys, I get TLS: tls_process: killed expiring key  in my logs. Is it ta key file?
13:40 < bonjurkes> I will post full log when it includes the other bad package error also
13:41 < esde> iirc, thats what shows in the logs when openvpn renegotiates the connection every hour by default
13:41 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has joined #openvpn
13:42 < bonjurkes> yeah, the other problem is I started to get lots of stuff like Authenticate/Decrypt packet error: bad packet ID (may be a replay)
13:43 < bonjurkes> it was working fine for a long time, right now after some time, my vpn connection stops working, so I need to reconnect to make it work again
13:43 < esde> that could be at least a few different things
13:43 < bonjurkes> I thought it's related with this expiring key thing
13:43 < esde> i've seen people report that syncing the clocks on client and server will resolve the replays
13:43 < bonjurkes> yeah but I never saw that stuff before, and never saw this expiring key thing also.
13:43 < hyper_ch> I just set my keys to expire in 100 years... I don't expect to live that long ;)
13:43 < bonjurkes> aha
13:43 < esde> i've seen people claim it's an attack
13:44 < esde> but for me, it was a faulty NIC
13:44 < bonjurkes> hyper_ch good idea, I didn't know that so I created a normal key with normal expiry date, so I am trying to find it's expiry date now
13:44 < hyper_ch> did you use easy rsa?
13:44 < esde> the client/server keys and certs you generated and their lifetime has no bearing on the ephemeral keys that are renegotiated every hour be default IIRC
13:45 < bonjurkes> hyper_ch afaik yes
13:46 < hyper_ch> then edit the config file
13:46 < hyper_ch> it's in there
13:46 < hyper_ch> well, the vars file
13:46 < esde> You realize you could set the days from 3650 to 999999 and it would still renegotiate every hour, right?
13:47 < esde> you can change the renegotiation time, but vars isnt where to do it
13:47 < bonjurkes> I am just trying to find why my connection stops working after some time
13:47 < bonjurkes> It is connected but pinging etc doesn'T work
13:48 < esde> this might be helpful http://openvpn.net/archive/openvpn-users/2005-09/msg00171.html
13:48 <@vpnHelper> Title: Re: [Openvpn-users] VPN disconnecting (possibly re-auth) (at openvpn.net)
13:49 < esde> of course the fact OP is using PAM and cryptocard could make it a one-off situation that wont apply to you, but it's the first thing i found
13:49 < bonjurkes> time is correct and same on both server and client
13:50 < bonjurkes> crt files expiry dates are good, trying to find how to check expiry dates for .key files
13:50 < esde> ..
13:50 < esde> this might be more helpful http://openvpn.net/archive/openvpn-users/2007-07/msg00104.html
13:50 <@vpnHelper> Title: Re: [Openvpn-users] TLS: tls_process, killed expiring key - What does this mean? (at openvpn.net)
13:51 < bonjurkes> I don't know expiry dates of my tls keys
13:55 < bonjurkes> aha so it's not really some certificate or tls key is expiring for real, it's just the 1 hour timeout to generate new key?
13:56 < bonjurkes> esde did I got it right?
13:56 < esde> ephemeral keys, check it out
13:57 < esde> they are real keys, by default only used for an hour.
13:58 < bonjurkes>  Authenticate/Decrypt packet error: packet HMAC authentication failed
13:58 < bonjurkes> Sun May 25 19:40:12 2014 us=761451 TLS Error: incoming packet authentication failed from
13:58 < bonjurkes> this is from an old log tho
13:58 < esde> That's different
13:59 < bonjurkes> well okay if there is  ephemeral keys . Why does my vpn stops working after some time
13:59 < bonjurkes> but stays connected
14:00 < bonjurkes> and reconnecting fixes everything
14:01 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has joined #openvpn
14:01 < esde> did you read any of the links i provided?
14:01 < esde> specifically http://openvpn.net/archive/openvpn-users/2007-07/msg00104.html
14:01 <@vpnHelper> Title: Re: [Openvpn-users] TLS: tls_process, killed expiring key - What does this mean? (at openvpn.net)
14:01 < bonjurkes> esde yes
14:02 < esde> that's got your answer in it
14:03 < bonjurkes> However, the renegotiation doesn't cause OpenVPN to restart; data can still be sent during the negotiation process, and the old key is still valid for a default of 60 minutes and can be changed with the --tran-window option.
14:03 < bonjurkes> this vpn is working rock solid till 2013
14:03 < bonjurkes> what I do is updating client and server versions from time to time that's it
14:04 < esde> well as it's 2015 now, you've waited sometime to address the issue, it seems
14:04 < bonjurkes> but nothing has changed?
14:05 < bonjurkes> same keys, i am a personal user, it's on a vpn in a cloud that nothing else works on it
14:07 -!- crised [~crised@186.67.181.203] has joined #openvpn
14:08 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:b876:305b:3c5e:f25a] has quit [Read error: Connection reset by peer]
14:08 < bonjurkes> or my level of english sucks
14:08 < esde> !info
14:08 <@vpnHelper> Error: The command "info" is available in the Factoids and RSS plugins.  Please specify the plugin whose command you wish to call by using its name as a command before "info".
14:09 < esde> !allinfo
14:09 <@vpnHelper> "allinfo" is Please type !configs !logs and !interface to see all the info we want to be able to help you
14:11 < bonjurkes> ..
14:12 < esde> !effort
14:12 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
14:13 < bonjurkes> !noclue
14:13 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
14:13 < esde> There is also AS, if you'd like it to "just work". Join #openvpn-as for more information.
14:13 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:206f:b2a9:3d71:f30b] has joined #openvpn
14:13 < bonjurkes> well there is no canned response about it
14:13 < bonjurkes> I can provide all data required and whatever is needed. But linking to 2 posts didn't ring any bells on me
14:15 < esde> This narration is unnecessary, if you have the info at your disposal, pastebin and share it with the channel the users can help. Else, try access server, which requires far less effort
14:15 < esde> *so the
14:17 -!- Darkclaw66 [~Andre@unaffiliated/darkclaw66] has joined #openvpn
14:17 < Darkclaw66> hi, I am trying to install openvpn 2.3.6_1 and I am getting the following error: Cannot resolve host address: fe80::1: ai_family not supported
14:18 < Darkclaw66> im not sure how to fix this error
14:20 -!- Henryabcd [~Henryabcd@pD9E0AA1A.dip0.t-ipconnect.de] has quit [Quit: Leaving]
14:20 < bonjurkes> esde http://pastebin.com/Ra4XV8H8
14:21 < esde> from lines 476 to 494, everything looks ok
14:22 < crised> !welcome
14:22 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:22 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:22 < bonjurkes> those huge errors started to appear recently I think, and the problem about connection stop working is related with those loong errors on top
14:22 < crised> !goal
14:22 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:23 < esde> right bonjurkes
14:23 < Darkclaw66> any chance someone knows how to fix the error im getting?
14:23 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
14:23 < esde> when i had that issue, it was a faulty nic
14:23 < crised> I would like to access a machine that's behind a LAN, this machine can change LANs, so I want to put it in every LAN in the world, and this machine needs to contact my public control server, how to achieve this? Is this an uncommon thing to do?
14:23 < bonjurkes> esde can you describe more about this faulty nic thing?
14:23 < bonjurkes> I mean "nic" part
14:24 < esde> nic = network interface controller
14:24 < esde> the thing you plug the internet cable into on your machine
14:24 < bonjurkes> orr the connection maybe?
14:24 < esde> wat
14:25 < esde> yeah it could be a crappy connection, or the server's nic could be bad too
14:25 < bonjurkes> it's on digitalocean, so I doubt
14:25 < bonjurkes> it's not home hosted server
14:25 < bonjurkes> then it must be about my home connection then? or can be
14:25 < esde> you'd be surprised. DO's infrastructure isn't bleeding-edge or stellar by any means
14:26 < esde> but the fact is (as i mentioned initially), there are at least a few different things that can cause that. the constant is the issue will be something that effects the data traveling over the network
14:27 < Darkclaw66> Im not sure where else to turn to. this is the error I am getting when trying to install openvpn RESOLVE: Cannot resolve host address: fe80::1: ai_family not supported
14:27 < bonjurkes> Darkclaw66 why are you messing up on ipv6 ?
14:27 < esde> !whining
14:27 <@vpnHelper> "whining" is < MacGyver> If somebody reads your question, and knows the answer, he'll answer it when and how he feels like it. This is IRC, not your company's paid tech support desk. Whining doesn't do any good except annoy the people who could help you.
14:27 < Darkclaw66> bonjurkes I am not sure
14:28 < bonjurkes> esde thank you, so it's about networking. Sorry if I sounded like an a.hole or d.bag . Just didn't understood what you meant and those links didn't ring any bells on me. I'm grateful that you helped me
14:28 < esde> Darkclaw66, you've stated your issue at least twice within a short amount of time. Instead of repeating your issue, please provide !allinfo and wait for assistance.
14:29 < esde> good luck bonjurkes!
14:33 < Darkclaw66> I am able to install an older version of openvpn but when I try to connect to it with the client, this is the error I get http://pastebin.com/97xdsqx9
14:37 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
14:43 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
14:46 < bonjurkes> Does openvpn use any encyption for traffic as default? I forgot to uncomment encryption method in server.conf  but in the connection log it shows http://pastebin.com/S0JhNzh8
14:47 < hyper_ch> yes
14:47 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 244 seconds]
14:47 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
14:47 <@krzee> default it uses blowfish sipher and sha1
14:47 < bonjurkes> Blowfish is default then I assum
14:47 <@krzee> cipher*
14:48 <@krzee>   <hyper_ch> krzee: http://www.usatoday.com/story/tech/2015/01/04/ces-2015-intels-new-biometric-password-manager/21198555/ - what could possibly go wrong... I guess they didn't take notice of 31C3
14:48 <@krzee> wow
14:48 <@vpnHelper> Title: Intel unveils app that opens sites with user's face (at www.usatoday.com)
14:49 <@krzee> i mean, forget 31c3
14:49 <@krzee> we knew this was a DAMN stupid idea for a long long time
14:49 < hyper_ch> yes, but 31c3 has taken it to a whole new level :)
14:49 < hyper_ch> btw, I didn't see you at 31c3
14:50 <@krzee> https://www.youtube.com/watch?v=MAfAVGES-Yc
14:50 <@vpnHelper> Title: MythBusters Fingerprints Busted - YouTube (at www.youtube.com)
14:51 <@krzee> thats mythbusters in 2008 breaking fingerprint readers with a fingerprint touched up (with high tech mspaint.exe) and printed on a normal sheet of paper
14:51 < hyper_ch> well, 31c3... you don't need physical access anymore... just taking pictures is enough for fingerprints and iris
14:51 <@krzee> thats awesome, but it was never a difficulty to get biometrics
14:51 <@krzee> they did go further, but it wasnt an issue anyways
14:52 <@krzee> dont get me wrong, they did awesome work
14:52 < hyper_ch> :)
14:52 <@krzee> certainly not intending to downplay what they did
14:52 < hyper_ch> as do the Mythbusters
14:52 <@krzee> but like, intel knew this was dumb WAY WAY before 31c3
14:52 < hyper_ch> roundabouts are more traffic efficient than a traffic cop or red lights ;)
14:52 <@krzee> that was recent, if it was something that was thought to be secure until 31c3 i would feel sorry for them
14:53 <@krzee> for having used all that $ making the product
14:53 < hyper_ch> unfortuantely, roundabouts are deemed to bo too complex for the average USian :)
14:54 <@krzee> that episode of mythbusters is fun
14:54 <@krzee> they severely overestimate the machine
14:54 <@krzee> they win, then back off and try with less skill, win, back up, win
14:54 <@krzee> til its just printed on paper
14:56 <@krzee> oh and for legal purposes, biometrics can be compelled in USA
14:56 < hyper_ch> I know
14:57 <@krzee> which is another bad thing about that intel thing
14:57 <@krzee> you give them a method to compell actual passwords
14:57 < hyper_ch> and three-letter-agencies can beat passwords out of you :)
14:57 <@krzee> using a biometric pw manager gives them a legal loophole to compel passwords
14:57 <@krzee> ^ they can and probably do, but not legally.
14:58 < hyper_ch> you know, as long as it's not on US soil, you have no consitutional protection... or so the try to justify it
14:58 <@krzee> not true
14:58 <@krzee> 1sec lemme find the vid from my class
14:59 < hyper_ch> yes, they did use that to justify things
15:00 < esde> however, 1024 bit is weak
15:00 <@krzee> correct
15:01 < esde> re: http://pastebin.com/S0JhNzh8 line 6
15:01 < hyper_ch> add more bits to it :)
15:01 < esde> that's bonjurkes paste
15:02 < hyper_ch> make him add more bits to it :)
15:02 < esde> I wouldnt add more bits. I would remove the weak file and regenerate a stronger one. As I'm not aware of any way to extend the bitsize of an existing cert/key
15:03 < hyper_ch> I'm pretty sure krzee knows a way:)
15:03 <@krzee> hyper_ch,
15:03 <@krzee> 5 - 2 - The Fourth Amendment in Extraterritorial and National Security Contexts (26_32)
15:03 <@krzee> err misfire
15:03 <@krzee> https://class.coursera.org/surveillance-001/lecture/57?_escaped_fragment_=
15:03 <@vpnHelper> Title: The Fourth Amendment in Extraterritorial and National Security Contexts | Coursera (at class.coursera.org)
15:04 < hyper_ch> krzee: however, the administration used this argumentation a few years back
15:04 < hyper_ch> law doesn't matter when it's ignored
15:04 < esde> ^yup
15:04 <@krzee> hence:  <krzee> ^ they can and probably do, but not legally.
15:04 < esde> krzee, is there a way to extend bitsize of existing certs/keys? i.e. - make a 1024 bit key 2048 bits
15:04 <@krzee> esde, nope.
15:05 < hyper_ch> probably not :)
15:05 < hyper_ch> taking the easy route and recreating all the stuff :)
15:05 <@krzee> you'll want the CA to be stronger too anyways
15:05 -!- bonjurkes [~bonjurkes@104.131.52.107] has quit [Ping timeout: 255 seconds]
15:05 <@krzee> prolly want to beef up the digest alg too
15:05 < hyper_ch> in the vars file just set it to 4096, right?
15:05  * esde just rekeyed all his hosts to 8192bit rsa keys (after ed25519 was too much of a PITA :P )
15:05 <@krzee> ya and check your openssl.cnf doesnt suck
15:06 < hyper_ch> 8192 dh generation... you probably can have a nap in between
15:06 < esde> depends on the entropy (;
15:06 < hyper_ch> I've heard that word before :)
15:08 <@krzee> hyper_ch, skip to 7:10 in the video if you like
15:08 < hyper_ch> krzee: seen the openssl link?
15:08 <@krzee> the whole video is great, but 7:10 is where it clearly goes over it
15:09 <@krzee> and really, the whole class is great, not just that video
15:09 < hyper_ch> well, there's no 4th amendmened here
15:11 <@krzee> im not sure what the laws are here where im at
15:11 <@krzee> but im generally left alone here anyways
15:11 < hyper_ch> the laws of the strongest?
15:11 <@krzee> *flex*
15:17 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
15:18 <@krzee> reading the openssl link now
15:21 <@krzee> oh also:  https://class.coursera.org/surveillance-001/lecture/53
15:21 <@vpnHelper> Title: Decrypting Your Devices (Fifth Amendment Privilege) | Coursera (at class.coursera.org)
15:23 < esde> did i miss a useful openssl link?
15:23 -!- mattock is now known as mattock_afk
15:24 < hyper_ch> esde: https://www.openssl.org/news/secadv_20150108.txt  ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
15:24 < esde> ah the exploits from earlier today, yeah. :(
15:28 -!- Darkclaw66 [~Andre@unaffiliated/darkclaw66] has quit []
15:29 <@syzzer> yeah, not very relevant to openvpn, the most recent release doesn't do ECDH anyway :')
15:33 -!- alphawave [~aw@unaffiliated/alphawave] has joined #openvpn
15:35 < hyper_ch> krzee: your forum post has replies again :)
15:38 < alphawave> Openvpn 2.3.6-1 is working fine, no errors, connects and sets up the tun0 interface with correct IP information. Problem is that the system is not using the VPN when it's active. Same as if it wasn't active.
15:38 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has quit [Quit: bis später]
15:38 -!- `Ile` [~ile@178-221-191-46.dynamic.isp.telekom.rs] has joined #openvpn
15:38 < hyper_ch> syzzer: you use android?
15:39 < esde> !goal
15:39 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:39 <@syzzer> hyper_ch: yes
15:39 < hyper_ch> which openvpn client do you recommend for it?
15:39 <@syzzer> openvpn for android
15:39 <@syzzer> it's the app by plaisthos
15:39 < hyper_ch> can that autoconnect upon restart?
15:39 < esde> i think so
15:40 < hyper_ch> been using the other this far and upon reboot of the phone it asks me if I want to connect again/if I trust the app
15:40 <@syzzer> I wouldn't know, I don't do that
15:40 < alphawave> Goal is to figure out why, when the VPN connection is established, that the system is still using the regular interface as if the VPN wasn't connected.
15:40 < esde> Reconnect on reboot is in the settings
15:40 <@krzee> hyper_ch, is that you on the forum?
15:40 < hyper_ch> syzzer: plaisthos - arne schwabe?
15:40 <@krzee> yes
15:40 < hyper_ch> krzee: no :)
15:40 <@syzzer> hyper_ch: yes, same guy
15:40 < hyper_ch> I'll have to try that then
15:40 < esde> !welcome
15:40 <@krzee> whois him and see his arne@
15:40 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
15:40 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:41 < esde> read that too alphawave ^
15:41 <@syzzer> the 'do you trust this app' is an android thing, which no vpn app (upto android 5.0) can avoid
15:41 < hyper_ch> the other one works fine.. except reboot where I need to confirm it again
15:41 < esde> you'll have to with any app that does that
15:41 < hyper_ch> syzzer: no, no idea how to avoid it
15:41 < hyper_ch> not using 5
15:41 < esde> it's default behavior to confirm before connecting to another network and forwarding traffic through or something like that
15:41 < esde> iirc it's a play store best practice
15:42 < hyper_ch> same will happen with the OpenVPN for Android app?
15:42 < esde> yup
15:42 < esde> why would you want it to auto-connect?
15:42 < hyper_ch> awwwwww
15:43 < esde> what if some adversary modified your config?
15:43 < hyper_ch> esde: because I route csipsimple over the vpn to my server
15:43 < esde> BAM - automatically sending your data to god knows who
15:43 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:44 < hyper_ch> well, if you just get a dialog whether you want to allow it
15:44 < hyper_ch> you won't notice anyway if someone modified the config
15:44 < esde> you have the opportunity too and that's the point
15:45 < esde> if you want to go clicking yes on dialogs all willy-nilly, that's on you
15:45 < hyper_ch> you always have the opportunity to check your config
15:46 < esde> if you were to boot your phone, and on boot, openvpn immediately connected, to the default config, that may or may not have been modified. you've got zero chance to review what you're connecting to
15:46 < hyper_ch> have you ever reviewed what you're connecting to?
15:46 < esde> but this a moot point, so i dont see the point in furthering this discussion. it's default behavior for a reason and I doubt the functionality will change just because it's inconvenient for your special use
15:46 < esde> yes i do
15:46 < hyper_ch> every time?
15:47 < esde> yes.
15:47 < esde> it only takes a few seconds
15:47 < esde> are people really this lazy?
15:47 < hyper_ch> yes
15:49 < hyper_ch> krzee: still love battery life on my OPO :)
15:50 <@krzee> same
15:50 < esde>  Xposed Module "Auto VPN Dialog Confirm" might be worth a look (never used it personally),maybe. if you're willing to blindly trust the connection automatically
15:51 < hyper_ch> well, as long as baseband is still one big blob, how can you trust anything on a cell phone?
15:53 <@krzee> hyper_ch, looks like we're getting closer, you saw karsten nohls talk at 31c3 im sure
15:54 < hyper_ch> no
15:54 <@krzee> oh DUDE
15:54 <@krzee> mobile self defense
15:54 <@krzee> also, https://forums.openvpn.net/post48323.html#p48323
15:54 <@vpnHelper> Title: OpenVPN Support Forum Idea for direct connections : Wishlist (at forums.openvpn.net)
15:54 <@krzee> i replied =]
15:56 < hyper_ch> :)
15:56 <@krzee> https://www.youtube.com/watch?v=GeCkO0fWWqc
15:56 <@vpnHelper> Title: Karsten Nohl: Mobile self-defense [31c3] (SnoopSnitch) - YouTube (at www.youtube.com)
15:56 < hyper_ch> but why do you say server1 and server2? I thought it's for direct client-to-client connection
15:56 < hyper_ch> ah, snoopsnitch...
15:57 < hyper_ch> now that rings a bell
15:57 <@krzee> good xcall, refreshed
15:58 <@krzee> changed to client1 client2
15:58 < hyper_ch> :)
15:58 <@krzee> i think of servers because when i do this stuff they're really all a bunch of servers
15:59 < esde> clients serve data to servers :)
15:59 < hyper_ch> servers serve data to clients
15:59 < esde> so their interchangeable?
15:59 < esde> *they're
15:59 < hyper_ch> not always :)
15:59 < esde> :P
16:00 <@krzee> in ptp sure
16:00 < hyper_ch> not in the current setup where everything has to go to a central server
16:00 <@krzee> right but direct connections would happen over impromptu ptp connections
16:01 <@krzee> with keyx happening over the existing centralized vpn
16:01 <@krzee> transparent to the user of course
16:01 < hyper_ch> but you or syzzer need first to implement that of course
16:01 <@krzee> thought you were on it
16:01 < hyper_ch> you have my mental support :)
16:02 < hyper_ch> I only know a bit of PHP
16:02 < hyper_ch> and python and JS terrifies me
16:02 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
16:02 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:03 -!- badon_ is now known as badon
16:05 <@krzee> no problem openvpn uses no python nor js
16:05 < hyper_ch> it probably uses some c dialect
16:05 <@krzee> probably
16:05 < hyper_ch> like c # maybe
16:06 < hyper_ch> and most of it is OOP?
16:09 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
16:18 -!- Darkclaw66 [~Andre@unaffiliated/darkclaw66] has joined #openvpn
16:18 < Darkclaw66> hi, I am trying to have the client connect to the openvpn server and I am getting the following error: http://pastebin.com/cuDrAE5N
16:19 <@krzee> !mitm
16:19 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
16:20 <@krzee> you probably have remote-cert-tls server and did not build the key signed as server
16:21 < Darkclaw66> I used easy-rsa to build all the certs/keys. ./build-ca then ./build-key-server server then ./build-key client1
16:22 <@krzee> easy-rsa 3?
16:22 <@krzee> !easy-rsa
16:22 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/downloads or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
16:22 < Darkclaw66> looks like 2.0
16:22 <@krzee> since its not too late, i sugest 3
16:23 < Darkclaw66> it looks like the latest version available for my distro is 2.2
16:23 <@krzee> its a shell script, what makes you think its distro specific?
16:23 <@krzee> !easy-rsa
16:23 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/downloads or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
16:24 < Darkclaw66> I am using freebsd and they have it as a port but I see I can just d/l it seperately
16:24 < hyper_ch> krzee: are you involed in the easy rsa scripts?
16:25 <@krzee> no
16:25 <@krzee> !factoids remove 2
16:25 <@krzee> !factoids
16:25 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
16:26 < Darkclaw66> so the reason why im having these problems is because easyrsa is generating certs/keys not compatible with newer versions of the openvpn client?
16:26 < hyper_ch> no
16:26 <@krzee> !factoids forget easy-rsa 2
16:26 <@vpnHelper> Joo got it.
16:26 <@krzee> !factoids forget easy-rsa 2
16:26 <@vpnHelper> Joo got it.
16:26 < hyper_ch> why do you want to forget the easy rsa 2 download?
16:27 <@krzee> !learn easy-rsa as Download here: https://github.com/OpenVPN/easy-rsa/releases
16:27 <@vpnHelper> Joo got it.
16:27 <@krzee> !learn easy-rsa as Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
16:27 <@vpnHelper> Joo got it.
16:28 <@krzee> Darkclaw66, yes, but only because of the exact config option you choose to have
16:28 <@krzee> 1sec ill get the other
16:28 <@krzee> --ns-cert-type server
16:29 <@krzee> but really, since you can still update, do
16:29 < Darkclaw66> I'll give it a shot :)
16:30 < hyper_ch> Ha... "Easy-RSA is able to manage multiple PKIs".... up so fare I just made copies of the easy rsa folder for different servers
16:35 < Darkclaw66> weird, still getting the same error
16:41 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Read error: Connection reset by peer]
16:43 -!- alphawave [~aw@unaffiliated/alphawave] has quit [Ping timeout: 265 seconds]
16:43 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
16:47 < Darkclaw66> hmm interesting. I deleted all reference to --ns-cert-type server and remote-cert-tls and now it connects but does that mean openvpn is vulnerible to mitm attacks?
16:48 < esde> more vulnerable to
16:49 -!- `Ile` is now known as Veil
16:49 -!- Veil is now known as Kerkis
16:54 -!- alphawave [~aw@unaffiliated/alphawave] has joined #openvpn
16:55 <@syzzer> Darkclaw66: it means any client can pose as a server
16:55 < esde> that sounds secure
16:55 < esde>  /s
16:56 < Darkclaw66> it's funny because I had this all working perfectly in the past when I had a static ip. but now im running it behind a router and it has a private ip address it seems like it created a lot of problems
17:00 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:00 < esde> i dont see how it's funny. but if you put enough effort into troubleshoot the issue, im sure you'll get it going :)
17:07 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:16 -!- Kerkis [~ile@178-221-191-46.dynamic.isp.telekom.rs] has quit [Quit: leaving]
17:19 < esde> krzee, you around?
17:20 <@krzee> kinda
17:20 <@krzee> writing some bash too, but still physically at the terminal
17:20 <@krzee> wassup?
17:21 < esde> quick question about that thread. the source port for a user, if i visit http://www.displaymyhostname.com/ for instance and it shows a remote port, is the remote port the same as the one you're talking about
17:21 <@vpnHelper> Title: Display My Hostname - Find your current public hostname (at www.displaymyhostname.com)
17:21 < esde> if /that/ makes sense
17:24 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Remote host closed the connection]
17:26 <@krzee> yep, thats likely the same thing
17:26  * esde happy dance
17:27 <@krzee> your web browser sent its request with that srcport
17:27 <@krzee> the webserver then sent its request to that dstport
17:27 <@krzee> thats how the response got through your NAT
17:27 < esde> srcport = dstport?
17:28 < esde> for the client
17:28 < esde> wait. i mean to say, is the client srcport the same as the server's destination port?
17:29 < esde> Yeah, it is, nice.
17:30 <@krzee> easily seen from looking at packet dumps in wireshark
17:31 <@krzee> and once you think about how the nat table works, its not hard to use that to your advantage
17:31 <@krzee> note, you must have keepalives!
17:33 < esde> im not too knowledgeable about NAT but so long as the clients keep sending data thats flagged to keep alive for a duration of time, they could connection could persist that way?
17:33 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
17:33 <@krzee> clients?
17:33 < esde> *-y
17:33 <@krzee> this is a 1 - 1 thing
17:33 < esde> A and B
17:33 <@krzee> doesnt matter about being flagged
17:34 <@krzee> just got to have some data
17:34 <@krzee> something so the nat table doesnt remove it
17:34 < esde> so as soon as the port opens, keep using it
17:34 <@krzee> a standard --keepalive is fine
17:35 <@krzee> its possible to have a ptp connection where the vpn is up but no traffic has moved for an hour
17:35 <@krzee> and when more does send, it works fine
17:35 <@krzee> that would not be ok for this.
17:35 < esde> so long as the keepalives are there, got ya
17:35 < esde> very cool
17:35 -!- mattock_afk [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
17:36 -!- Darkclaw66 [~Andre@unaffiliated/darkclaw66] has quit []
17:37 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 245 seconds]
17:38 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
17:38 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
17:38 -!- mode/#openvpn [+o mattock] by ChanServ
17:48 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:03 <@krzee> hey esde, can you read the post again after my edits and tell me if that is more clear?
18:06 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Remote host closed the connection]
18:07 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
18:11 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Remote host closed the connection]
18:13 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
18:24 -!- alphawave [~aw@unaffiliated/alphawave] has quit [Quit: Leaving]
18:24 -!- crised [~crised@186.67.181.203] has quit [Quit: Leaving.]
18:26 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 256 seconds]
18:29 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Read error: Connection reset by peer]
18:40 -!- phunyguy is now known as phunyguy-zombie
18:42 -!- phunyguy-zombie is now known as phunyguy
19:25 < esde> yeah
19:34 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Read error: Connection reset by peer]
19:46 -!- r00t^2_ [~bts@g.rainwreck.com] has joined #openvpn
19:48 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 265 seconds]
19:48 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:53 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
19:59 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Remote host closed the connection]
20:01 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
20:02 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Read error: Connection reset by peer]
20:03 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
20:06 -!- r00t^2_ is now known as r00t^2
20:16 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Remote host closed the connection]
20:33 -!- dazo is now known as dazo_afk
20:45 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
21:12 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Ping timeout: 255 seconds]
21:20 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 244 seconds]
21:21 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
21:32 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Ping timeout: 250 seconds]
21:35 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
21:44 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Remote host closed the connection]
21:46 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
21:54 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
21:55 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 245 seconds]
22:00 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
22:12 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 264 seconds]
22:17 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
22:18 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
22:19 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
22:24 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
22:24 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
22:54 -!- james41382 [~james@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:56 -!- james41382 [~james@unaffiliated/james41382] has joined #openvpn
23:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:12 -!- Yoderp [Yoda@unaffiliated/itsyoda] has quit [Ping timeout: 244 seconds]
23:18 -!- `Yoda [Yoda@unaffiliated/itsyoda] has joined #openvpn
23:30 -!- ShadniX [dagger@p5481D67A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:30 -!- Brutser [~email@d51A48718.access.telenet.be] has quit []
23:31 -!- ShadniX [dagger@p5481D788.dip0.t-ipconnect.de] has joined #openvpn
23:36 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
23:45 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
23:47 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Quit: Lost terminal]
23:51 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
23:51 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
--- Day changed Fri Jan 09 2015
00:16 -!- quup [~ppp@unaffiliated/quup] has quit [Ping timeout: 244 seconds]
00:22 -!- edward [~edward@4angle.com] has quit [Read error: Connection reset by peer]
01:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 245 seconds]
01:20 -!- master_o1_master [~master_of@p4FD7BA92.dip0.t-ipconnect.de] has joined #openvpn
01:23 -!- master_of_master [~master_of@p4FD7B201.dip0.t-ipconnect.de] has quit [Ping timeout: 255 seconds]
01:56 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:30 -!- brallan [~brallan@186.176.89.59] has joined #openvpn
02:31 < brallan> Hi. Is it possible to restring VPN traffic for a specific app?
02:53 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:30 < hyper_ch> depends on the app
03:41 < brallan> hyper_ch: I want for example, use vpn only for torrent traffic, and use "normal" traffic with other apps/resources
03:43 < hypermist> yay two hyper's :D
03:44 < hyper_ch> can your torrent client be bound to a specific interface?
03:45 < brallan> hyper_ch: nope
03:47 < hyper_ch> can it use proxies?
03:48 < brallan> hyper_ch: yes, it can
03:48 < hyper_ch> do you run the vpn server?
03:48 < brallan> hyper_ch: no
03:49 < hyper_ch> then no idea how you could achieve that
03:50 < brallan> hyper_ch: umm, ok thank you :)
03:55 < hypermist> I really want to turn the pc in my bedroom to a vpn. but thats not gunna be any help cause its on the same network..
03:55 < hypermist> xD
04:02 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Read error: Connection reset by peer]
04:05 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
04:05 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Read error: Connection reset by peer]
04:06 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
04:15 -!- dazo_afk is now known as dazo
04:25 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:45 -!- brallan [~brallan@186.176.89.59] has quit [Quit: Konversation terminated!]
04:59 < hyper_ch> why would same network prevent you from setting up a vpn?
05:00 < hypermist> cause then i can't mask my ip and stuff things hyper_ch
05:14 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:16 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
05:19 -!- AL13N_work [~alien@91.183.52.232] has joined #openvpn
05:21 < AL13N_work> i got a serious issue, i got a tunnel over UDP where i do voip over, but every packet loss on my ISP seems to result in a 2min where i can't ping over the tunnel... then it gets inactivity timeout and restarts
05:21 < AL13N_work> i tried setting keepalive 2 5
05:21 < AL13N_work> but it didn't seem to work
05:22 < AL13N_work> why does the keepalive not work sooner? is it something else?
05:23 < hypermist> hydrajump you there ?
05:24 < hypermist> woops
05:24 < hypermist> sorry i ment hyper_ch reason is i wanted to make an access server so yea
05:35 < pekster> AL13N_work: Using --keepalive 2 5? Do you really want the client to die after missing just 2 stateless packets from the server after 5 seconds? That seems very prone to failure. Try 5 30 or something for a bit more sanity
05:37 < pekster> The main reason for keepalive is two-fold: 1) it keeps stateful firewalls aware that the UDP stream is still alive, because many firewalls (and OS defaults for them) consider UDP streams unused after somewhere between 1 and 5 minutes, and 2) it provides a mechanism by which true connectivity issues (network died, ISP problems, server crashed, etc) can be detected by either end
05:38 < AL13N_work> the problem isn't that it seems
05:39 < pekster> And with --keepalive on the server, you'll need to first restart the server instance (to pick up that change) and then the client instance (to pull it.) And of course your client needs to be using --pull (implied by --client) to have it pushed, and should not specify that itself
05:39 < AL13N_work> it seems a single packet loss from ISP just makes the tunnel non-functional
05:39 < AL13N_work> though it's still up
05:39 < pekster> !configs
05:39 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
05:40 < AL13N_work> the problem here is that the client doesn't restart itself unless after 2min no matter what ping/ping-restart settings i try on the client
05:41 < pekster> That's not the default behavior with pushing --keepalive which is why I asked for your configs. But I don't have much time this morning, so if you'd rather tell me what your problem is, you probably don't need my suggestions anyway
05:41 < AL13N_work> which means that a single packet loss seems to hang the tunnel, it's still up but eg: a running ping stops until the inactivity timeout restarts the client connection
05:42 < AL13N_work> pekster: sorry, i'll get the config and logs
05:42 < pekster> That's not the default behavior; the client *will* reconnect by default, by definition of what --keepalive does. YMMV if you're using other options or a frontend or initscript that changes them
05:42 < AL13N_work> pekster: but surely i can set ping and ping-restart on a single client? i don't want to kill the other connections that don't have issues
05:42 < AL13N_work> ic
05:43 < pekster> See --client-connect or --client--config-dir for dynamic pushing to clients
05:44 < pekster> You can also set --keepalive (or just the directives it sets) on the client to alter its own timeouts for that client, though then you can't control it from the server anymore. And it has to be defined after --pull in that case
05:44 < AL13N_work> client config: http://pastebin.com/twwADkjQ
05:45 < pekster> Don't use --persist-key and --persist-tun on a client, and don't use the --user and --group options. It's incompatible with dynamic IP assignment unless you've gone to great lenghts to assure that the client always gets the same IP with !static reservations
05:46 < AL13N_work> server: http://pastebin.com/P8kVaBYA
05:46 < AL13N_work> in this case, the ips are always the same
05:46 < pekster> --verb 9 is worthless. Use --verb 4 (or 5 when you can't get the initial VPN connection and need per-packet printouts.) >5 is only ever useful for developers who compiled openvpn with special debugging builds
05:47 < AL13N_work> i only changed to 9 to see what went wrong
05:47 < AL13N_work> it was 3 before
05:47 < pekster> You have not done the !static config. Do not have your client persist tun or things are likely to break
05:47 < AL13N_work> ccd only has ifconfig push and iroute
05:48 < pekster> Those would be helpful to see
05:48 < pekster> Also your networks would be useful to know as well, but..
05:48 < pekster> !topsecret
05:48 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
05:48 < pekster> Assuming you haven't overlaped networks, used common networks likely to collide, or otherwise made a mistake somewhere, it may be fine
05:48 < pekster> Also, if you're pushing an IP, you didn't properly limit your dynamic pool
05:48 < pekster> !static
05:48 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
05:49 < pekster> ie: don't use --server with --ifconfig-push (via ccd or --client-connect)
05:49 < AL13N_work> ccd for this client: http://pastebin.com/gnB9QKwc
05:49 < pekster> Expand it, and limit your pool accordingly
05:49 < pekster> You need --topology subnet for that
05:50 < pekster> Otherwise your IPs should be the middle of a /30, which is basically deprecated behavior to support 7-year-old builds with Windows. No one should be running code that ancient
05:50 < AL13N_work> all clients have ccd here
05:50 < pekster> Read wiki info at !topology for details
05:50 < pekster> You're also not pushing your routes for the "hidden" address space. I'm both out of time and since you apparently want to hide your netwnork info (wtf man, really) I can't provide any more useful suggestions
05:51 < AL13N_work> ... fine
05:51 < pekster> I'm unlikely to look for several hours, but someone else might have suggestions in the meantime. Review use of --push
05:51 < pekster> Probably the info/flowcharts at !clientlan too
05:52 < AL13N_work> but this openvpn server has 4 clients, only 1 has issues, and it's due to packet loss from ISP, but somehow it fails to work when a packet loss was there, and immediately all running pings over the tunnel fail until the inactivity timeout
05:52 < AL13N_work> something seems wrong here
05:53 < masterkorp> http://sourceforge.net/p/openvpn/mailman/message/33216641/
05:53 <@vpnHelper> Title: OpenVPN / Mailing Lists (at sourceforge.net)
05:53 < AL13N_work> i don't need to push routes, these are only iroutes, there's nothing behind the server
05:53 < masterkorp> shameless link for help
06:00 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has quit [Quit: Leaving]
06:06 < AL13N_work> pekster: maybe this makes my problem more clearly visible: loglevel 5 on the client side:
06:06 < AL13N_work> http://pastebin.com/6siVawZB
06:06 < AL13N_work> you see the sudden Wr pattern?
06:06 < AL13N_work> this is the moment the tunnel stops working
06:07 < AL13N_work> and at the same time, monitoring shows a single packet loss from ISP
06:07 < AL13N_work> eventually, there's inactivity timeout and the output looks better again... but then it fails again...
06:10 < AL13N_work> imho an UDP tunnel shouldn't suffer from a single packet loss
06:10 < AL13N_work> if this goes on for too long, i'll switch to TCP
06:11 <@ecrist> um
06:11 <@ecrist> UDP is best-effort
06:11 <@ecrist> packet loss is a thing, it's bound to happen at some point.
06:11 <@ecrist> a TCP tunnel isn't ideal for encapsulating VPN traffic 
06:11 <@ecrist> !tcp
06:11 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
06:11 < AL13N_work> ecrist: i know
06:12 < AL13N_work> ecrist: i don't mind a few packet loss
06:12 < AL13N_work> but one packet loss shouldn't mean a nonworking tunnel for 2 minutes
06:12 < AL13N_work> i know TCP is a bad idea
06:12 < AL13N_work> and TCP is bad for encapsulating vpn traffic, especially udp stuff like voip (which is what i use in this case)
06:13 < AL13N_work> but i can't have phone being dead for 2min just because my ISP is doing badly
06:13 < AL13N_work> the ping-restart was indeed pushed, so i put it on the server side now
06:13 < AL13N_work> gonna check if this "works around" the problem
06:14 < AL13N_work> i donno why the tunnel stops working, that's the real problem
06:14 <@ecrist> what do the logs show
06:14 < AL13N_work> we've been using this a lot, but it seems our ISP is having packet loss since this morning
06:14 < AL13N_work> ecrist: http://pastebin.com/6siVawZB
06:15 < AL13N_work> see this?
06:15 < AL13N_work> the Wr stuff means the tunnel is dead and the ping i'm running with interval 0.2 has stopped working
06:16 <@ecrist> no, the Wr stuff is reads and writes from the tunnel
06:17 < AL13N_work> i know
06:17 <@ecrist> though, it does indicate that the local instance is trying to read and not getting anything back.
06:17 < AL13N_work> but do you see the sudden pattern?
06:17 < AL13N_work> right
06:17 <@ecrist> you keep saying you know things, but you say the wrong things
06:17 < AL13N_work> i think i just explain badly
06:17 < AL13N_work> sorry
06:17 < AL13N_work> but i see a pattern
06:18 <@ecrist> what shows in the logs after line 2?
06:18 < AL13N_work> eventually inactivity timeout
06:18 < AL13N_work> lemme get a full log of such a thing
06:19 < AL13N_work> ecrist: http://pastebin.com/VRznXzgw
06:20 < AL13N_work> anyway, the ping i keep running stops a the same time the Wr pattern starts and then after 2min, inactivity timeout
06:21 < AL13N_work> ecrist: do you want something else?
06:22 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
06:23 < masterkorp> http://sourceforge.net/p/openvpn/mailman/message/33216641/
06:23 <@vpnHelper> Title: OpenVPN / Mailing Lists (at sourceforge.net)
06:23 < masterkorp> another shameless call for help :p
06:23 < AL13N_work> when i look at google people tell mostly about multiple openvpn instances, running or whatever, but i checked that. i even issued a new key and crt to be sure
06:31 < AL13N_work> ecrist: anyway, if you tell me that 1 packet loss means the tunnel will be down, and that is normal behavior, i can leave you alone, but i don't think it does?
06:36 < masterkorp> Can you guys explain me this line 'push “redirect-gateway def1 bypass-dhcp”' or point me to doc about it ?
06:40 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:45 <@ecrist> !def1
06:45 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
06:46 < masterkorp> thanks
06:50 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has joined #openvpn
06:52 < masterkorp> Ok, i am thinking on another approach for this
06:53 < masterkorp> Can I have 2 separated openvpn servers in the same machine ?
06:53 < masterkorp> one with udp where the main users get into
06:53 < masterkorp> udp is open to the world
06:53 < masterkorp> openvpn udp is stealthy
06:55 < masterkorp> stealhthy as is can't be mapped on a network scan unless you're really looking for
06:56 < masterkorp> I will have a tcp server that will not be open to the wourld that will respond to the obfsproxy
06:56 -!- Latrina [~Latrina@ppp-177-9.26-151.libero.it] has quit [Ping timeout: 255 seconds]
07:00 -!- Latrina [~Latrina@151.56.185.105] has joined #openvpn
07:18 -!- _FBi [~B@Aircrack-NG/User] has quit [Excess Flood]
07:19 -!- _FBi [~B@Aircrack-NG/User] has joined #openvpn
07:23 < AL13N_work> pfff
07:23 < masterkorp> any ideas or suggestions ?
07:27 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 252 seconds]
07:41 <@krzee>  <masterkorp> Can I have 2 separated openvpn servers in the same machine ?
07:41 <@krzee> you may have more than 2
07:42 <@krzee> they must use different VPN subnets and different listen sockets
07:42 <@krzee> but thats just general networking ;]
07:44 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
07:45 -!- Tracker [~tracker@m88.ip1.anvianet.fi] has quit []
08:02 <@ecrist> they do NOT need different subnets, but that's just advanced networking ;]
08:03 -!- Paladine [~Paladine@secure.think-privacy.com] has joined #openvpn
08:04 < Paladine> anyone managed to get openvpn 0.6.26 for android to work on Lollipop?
08:05 <@plaisthos> Paladine: yes
08:05 < lev__> Paladine: works for me on Nexus 5 (Android 5.0.1)
08:06 < Paladine> I keep getting the following error
08:06 < Paladine> route rejected by android 224.0.0.0/3 bad link address
08:06 <@plaisthos> Paladine: ignore that one
08:06 < Paladine> but my config works fine on windows and kit-kat
08:07 < Paladine> well I would ignore it except it errors straight afterwards ERROR: Cannot open TUN
08:07 < Paladine> and exits
08:07 <@plaisthos> there should be another error before/after that
08:07 < Paladine> nope
08:07 < Paladine> just the rejected route and that error
08:07 <@plaisthos> hm
08:08 <@plaisthos> that was never a fatal error for me
08:08 <@plaisthos> Paladine: do you full details on? Slider to the right?
08:09 < Paladine> yeah I just did now
08:09 < Paladine> MANAGEMENT: CMD 'needok 'OPENTUN' cancel'
08:10 < Paladine> MANAGEMENT: Client disconnected
08:10 < Paladine> then the TUN error
08:10 < Paladine> and finally MGMT: Got unrecognised command>FATAL:ERROR:Cannot open TUN
08:11 <@plaisthos> anything before the line with cancel?
08:12 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
08:12 < Paladine> nope, I just went through the log after trying again, nothing else
08:13 < Paladine> let me check my server logs sec (because it does connect to the server for a second)
08:13 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
08:16 < Paladine> SENT CONTROL [home]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,redirect-gateway def1 bypas
08:16 < Paladine> s-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' (status=1)
08:17 <@plaisthos> hm
08:17 < Paladine> that is the last command sent from the server
08:17 < Paladine> am wondering if the apk is bad
08:18 < Paladine> I don't use Google Play so I had to get it from another source which I thought would be ok
08:18 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:18 < Paladine> that was from syslog, is there an openvpn specific server log?  I don't seem to be able to find on in /var/log
08:20 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
08:23 <@krzee> !logfile
08:23 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
08:23 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
08:27 < Paladine> I don't get it at all - I mean I am connected to the VPN right now on this windows machine accessing IRC - my tablet on kitkat is connected to the same VPN right now as well, this phone was connected to the VPN 1 hour ago when it was on KitKat but now it is on Lollipop using 0.6.26 it doesn't work and the error doesn't really tell me anything...
08:40 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
08:44 <@krzee> Paladine, well id say you got the right guy paying attention, if plaisthos doesnt know then nobody does :D
08:44 < Paladine> oh I wasn't complaining about the help, just frustrated with the problem :)
08:44 < Paladine> clearly it isnt an issue with the configuration otherwise it wouldn't work for everything else
08:44 <@krzee> right i did not think there was a complaint
08:45 <@plaisthos> Paladine: as an obscure test
08:45 <@plaisthos> add 224.0.0.0/3 to the list of excluded networks
08:45 <@plaisthos> and seei f that changes anything
08:46 < Paladine> same error
08:47 < Paladine> the issue seems to be with MANAGEMENT: CMD 'needok 'OPENTUN' cancel'
08:47 < Paladine> it is getting a cancel instead of an ok
08:48 <@plaisthos> yeah
08:48 <@plaisthos> could you send me the whole log?
08:49 < Paladine> earlier in the log I get also MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
08:49 < Paladine> no ok
08:51 < Paladine> trying to figure out how I can grab the log file from android, the only option in the menu is to send
08:52 <@plaisthos> yepp
08:52 <@plaisthos> that should work
08:52 <@plaisthos> and then send it to email/dropbox/sms/pastebin app/whatever :)
08:52 < Paladine> oh I don't have email setup yet that is why I am not getting an email option :)
08:52 < Paladine> do you know where the log is stored on android so I can just grab it?
08:53 <@plaisthos> Paladine: in memory
08:54 <@plaisthos> anyway, http://plai.de/android/ics-openvpn-0.6.27pre.apk, should fix the multicast route error
08:54 <@plaisthos> but I don't think that is really your problem
09:00 < Paladine> I think I know what the problem is
09:00 < Paladine> I am on cyanogenmod and it seems there might be a permissions error on /dev/tun
09:01 <@plaisthos> Paladine: look if there are errors in adb logcat
09:02 <@plaisthos> but openvpn for android *should* log a error message if it does a cancel on the opnetun command
09:03 < Paladine> yeah I can't get adb working at the moment, settings keep crashing when I go into developer settings to enable usb debug
09:05 < Paladine> just rebooting phone to see if it fixes dev settings
09:06 <@plaisthos> you should have a line in your log like Failed to open tun interface
09:06 <@plaisthos> Error: something
09:06 <@plaisthos> that something is the real error
09:09 < Paladine> ok weirdness
09:09 < Paladine> reboot fixed openvpn, no more errors
09:09 < Paladine> it is connected and running fine now
09:09 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
09:10 < Paladine> I was sat in alogcat waiting for the error and nothing was happening so I went back to make sure I had hit connect and discovered it connected lol
09:10 < Paladine> so now I have no idea what the problem was but hey at least it works now
09:19 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
09:22 < Paladine> plaisthos, thanks for your help, apologies that I didn't try a reboot sooner
09:25 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: Lost terminal]
09:27  * krzee cheers
09:29 <@krzee> hyper_ch, new posts in my wishlist thread
09:30 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
09:31 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 265 seconds]
09:32 <@krzee> https://forums.openvpn.net/post48342.html#p48342
09:32 <@vpnHelper> Title: OpenVPN Support Forum Idea for direct connections : Wishlist (at forums.openvpn.net)
09:32  * krzee thinks plaisthos would like this too
09:32 <@krzee> seeing as arne is the socketmaster
09:34 <@plaisthos> yeah. But so interesting for me ;)
09:35 <@plaisthos> I haven't really looked into nat tranversal
09:35 < esde> looks very neat
09:36 -!- dkr [~dkr@108.60.141.178] has joined #openvpn
09:38 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
09:39 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
09:43 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
09:53 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
10:02 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:14 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
10:19 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:21 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
10:33 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
10:48 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 244 seconds]
10:50 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:54 < hyper_ch> krzee: so poking holes in NAT is simple?
10:54 <@krzee> well it depends what we mean by that
10:54 < hyper_ch> wouldn't it be just sufficient if client A would make a request to client B on port XXX
10:54 <@krzee> to support all nat is very not simple
10:55 <@krzee> to support the average househoulds nat box linksys type router then ya pretty easy
10:55 < hyper_ch> then stateful firewalls should allow back communications for a while
10:55 < hyper_ch> and client B does the same, makes a request to client A on the same port
10:55 < hyper_ch> then on both sides firewalls should be open... or something
10:56 < hyper_ch> well, with IPv6, there's no need for NAT anymore - at least that's what people keep telling me
10:56 <@krzee> right
10:56 < hyper_ch> (I like NAT)
10:56 < hyper_ch> so probably in 20 years, when we have wide-range deployed ipv6....
10:57 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:58 < hyper_ch> btw, that thread has become quite popular over the last few days :)
10:58 < hyper_ch> (compared to the years before)
10:59 -!- `Yoda is now known as Yoder
11:00 <@krzee> it got burried before the forum had so much activity
11:00 <@krzee> now theres too much activity for the bot to scrape it to irc without flooding
11:01 < hyper_ch> you could make a bot that scrapes your wish list to irc ;)
11:01 <@krzee> the trac is scraped to irc
11:01 <@krzee> thats the real place for that stuff anyways
11:03 < hyper_ch> wishlist isn't so budy
11:03 < hyper_ch> busy
11:04 < hyper_ch> Automatic Version Update --> don't they use linux?
11:05 < hyper_ch> "We are using openvpnas and would have 100+ users for Windows Phone 8 openvpn on use." I never knew so many WP actually got sold....
11:07 < hyper_ch> krzee: there isn't too much going on in the forum
11:07 <@krzee> maybe at the moment
11:07 < hyper_ch> in the main admin subofrum there were only like 3 threads updated today
11:07 <@krzee> vpnHelper has flooded off in the past
11:08 < hyper_ch> :)
11:08 < hyper_ch> tomorrow it'll be like 14°.... that's rather warm for middle of january
11:20 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Ping timeout: 264 seconds]
11:29 <@krzee> "warm for middle of january" depends on where you are :-p
11:30 < hyper_ch> there should be snow here
11:30 < hyper_ch> and you know what the freezing point of water is, right?
11:30 <@krzee> 14° right now where i live would be a sign of some sort of global event
11:30 <@krzee> 0°
11:30 < hyper_ch> you know your metric system :)
11:30 < hyper_ch> or rather si system
11:31 <@krzee> metric makes far more sense
11:31 < hyper_ch> although si system is a bit redundant
11:31 <@krzee> celsius / kelvin as well
11:31 <@krzee> the usa system is weird
11:31 <@krzee> i mean i understand it, grew up with it, but still weird
11:32 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:33 <@krzee> we wont be dropping below 25° this week :D
11:33 < hyper_ch> that's rather hot
11:35 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
11:57 -!- _jdccdevel [~chatzilla@69.196.87.218] has joined #openvpn
11:57 < _jdccdevel> Hey all.
12:08 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:13 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
12:14 < _jdccdevel> I have a TAP Connection between two systems, and the tap endpoint devices (on both client and server) are bridged with ethernet devices. Traffic is flowing from the client side to the network bridged on the server side, but devices on the client network cannot ping the server. The server has client-to-client enabled. I've checked iptables rules, and everything looks OK. Ideas?
12:15 < pie_> any implications for openvpn?: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
12:20 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
12:23 < _jdccdevel> Also, the client and server cannot ping eachother over the bridge. tcpdump shows the packets leaving the client, but not showing up on the server for some reason.
12:23 < _jdccdevel> other bridged traffic is fine though.
12:26 < pie_> im no guru but it still sounds like firewall issues to me, can hosts on, the server network ping the serverÜ
12:26 < pie_> ?
12:28 < esde> "possibly, for really exotic certificates: DH client certificates accepted without verification [Server] (CVE-2015-0205)" pie
12:29 < _jdccdevel> pie_: Hosts on the server network can ping the server, and the client, and devices on the client network.  The visibility problem is between the server and the client and the client network.
12:30 <@krzee> _jdccdevel, why using tap/bridge?
12:31 < _jdccdevel> pie_: Say box 2 is the client, and 3 is the server, with network topology 1-2<->3-4 ... 1 and 2 can see 4 (and vice versa) but not 3
12:32 < _jdccdevel> krzee: need L2 connection (shared subnet), with a L3 link in between (Wan Failover scenario)
12:32 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Max SendQ exceeded]
12:32 <@krzee> sounds valid
12:33 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
12:33 <@krzee> im not much of a tap/bridging guy but id suppose you may need the client tap bridged to its network if you want its lan as part of the bridge
12:33 < hyper_ch> krzee: "Sorry but you are not permitted to use the search system."  :(
12:33 <@krzee> hyper_ch, on the forum?
12:33 < hyper_ch> yes
12:33 <@krzee> use google with site:
12:34 <@krzee> the forum search stuff was way beyond suck/broken
12:34 < hyper_ch> can't find a furball thread there
12:34 < hyper_ch> what serious forum has no cute kitten thread....
12:34 <@krzee> !google site:forums.openvpn.net hyper_ch
12:34 <@vpnHelper> OpenVPN Support Forum • "normal ssh" won't work : Configuration: <https://forums.openvpn.net/topic504.html>
12:35 < _jdccdevel> krzee: I'm bridging on both sides, and that's mostly working... But neither the client, nor devices on the client's network can see the server. (But they can see devices on the server's network)
12:35 <@krzee> oh interesting
12:35 < hyper_ch> I do have an account there?
12:35 < hyper_ch> I never knew
12:35 <@krzee> tried by lan ip?
12:36 < hyper_ch> 6 years and still newbie
12:36 < _jdccdevel> krzee: when I ping the server IP from the client, tcpdump sees the packets leave via the tap interface, but tcpdump on the server never sees them arrive
12:37 <@krzee> _jdccdevel, and tried vpn ip?
12:37 < _jdccdevel> krzee: which VPN ip, the one configured via server-bridge?
12:38 <@krzee> yes
12:38 <@krzee> probably .1
12:38 <@krzee> 10.8.0.1 or whatev
12:39 < _jdccdevel> krzee: It doesn't see that either, but this is something I'm not 100% confident is configured correctly. In a tap-bridge scenario, which interface should that IP belong to? The Tap interface before bridging, or the bridge?
12:39 <@krzee> no idea i dont bridge
12:39 <@krzee> pekster would likely know, if he happens to pop through
12:40 < _jdccdevel> krzee: Thanks, I'll look for him.
12:40 <@krzee> i think ecrist also plays with bridges
12:42 < masterkorp> Hello
12:42 < masterkorp> Is it possible to serve tcp and udp at the same time?
12:42 < masterkorp> if not, how can I have 2 servers with minimal hassle ?
12:43 <@krzee> only by having 2 seperate instances running
12:43 <@krzee> simply use 2 configs and start both
12:43 < masterkorp> will they use the same keys ?
12:43 <@krzee> if you tell them to
12:44 < masterkorp> how do i tell them to ? :)
12:44 <@krzee> not sure what you dont understand
12:45 <@krzee> if both configs reference the same certs, then they will use the same certs
12:45 < masterkorp> oh sweet
12:45 <@krzee> its not like openvpn is writing to the certs
12:45 <@krzee> you can also read those files with programs like cat and openvpn will not care ;]
12:45 < masterkorp> can they have the same ip range and everything ?
12:46 < _jdccdevel> krzee: The Wan is back on it's normal circuit now, so the pressure is off a bit. I'm going to experiment a bit now that I know what symptoms to look for.
12:46 <@krzee> masterkorp, they must have a different socket, so one may bind to IP:PORT:TCP and another may bind to IP:PORT:UDP
12:46 < masterkorp> yeah no problem
12:47 <@krzee> masterkorp, for vpn subnet, they will need to have their own
12:47 < masterkorp> aww that sucks
12:47 <@krzee> its 1 push route away from them communicating if needed
12:47 <@krzee> well 1 on each
12:59 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: Connection reset by peer]
12:59 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
13:03 < masterkorp> true
13:06 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:13 < _jdccdevel> krzee: It looks like the vpn ip for both interfaces need to be attached to the bridge (on each side). After playing around a bunch I've been able to get it to work properly that way (And that does make some sense). Now I just have to figure out the configuration options I need to do what I want.
13:18 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: Connection reset by peer]
13:19 <@krzee> generally i believe at least some of it happens as an up script
13:19 < masterkorp> ok i made the obfsproxy get to the vpn
13:19 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
13:19 <@krzee> awesome
13:19 < masterkorp> but the vpn server tried to make a connection with the client to a port
13:20 < masterkorp> https://www.zerobin.net/?799058a05b4f7bf2#YVUKj8ObzalskLbQAQ7AnuKlpy2P8c8Myw6EJdy4hds=
13:20 <@vpnHelper> Title: ZeroBin (at www.zerobin.net)
13:20 < masterkorp> any ideas how to force all connection to happen trough that port
13:20 < masterkorp> ?
13:20 <@krzee> see all port options in the manual
13:21 <@krzee> --lport --rport iirc
13:21 < masterkorp> thanks
13:21 <@krzee> that port you saw was your clients tcp source port
13:22 < masterkorp> the client connects to the obfsproxy server port 80
13:23 < masterkorp> so help me understand the problem
13:24 < masterkorp>  TCP connection established with [AF_INET]172.31.37.18:50767
13:24 < masterkorp> why do i see this one the logs
13:24 <@krzee> i dont know your problem
13:24 <@krzee> but i know your client had src port 50767
13:25 <@krzee> dst port 80 from what you said
13:26 < masterkorp> so how do i change that
13:26 <@krzee> by doing what i said the first time you asked that
13:26 < masterkorp> lport ?
13:26 <@krzee> it was only 6 minutes ago
13:26 < masterkorp> or rport ?
13:26 <@krzee> !man
13:26 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
13:28 < masterkorp> what is the lport param equilaton on the config file ?
13:29 < masterkorp> is this a server param or client param ?
13:31 < masterkorp> Fri Jan  9 19:31:01 2015 TCP connection established with [AF_INET]172.31.37.18:50779
13:31 < masterkorp> it still tried too
13:58 -!- akamaru [~akamaru21@2601:0:8a80:1064:206f:b2a9:3d71:f30b] has joined #openvpn
14:00 -!- lachesis [~lachesis@unaffiliated/lachesis] has quit [Ping timeout: 265 seconds]
14:02 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:206f:b2a9:3d71:f30b] has quit [Ping timeout: 265 seconds]
14:03 -!- MrSparkle [~MrSparkle@cpe-74-69-103-73.rochester.res.rr.com] has joined #openvpn
14:03 -!- lachesis [~lachesis@unaffiliated/lachesis] has joined #openvpn
14:11 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has quit [Quit: Error closing Trouser.zip - Replace floppy and retry?]
14:14 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 245 seconds]
14:15 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
14:15 -!- mode/#openvpn [+o raidz] by ChanServ
14:15 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Excess Flood]
14:16 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
14:16 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
14:16 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:46 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
14:46 -!- mode/#openvpn [+v s7r] by ChanServ
14:51 -!- KeatonT [~keatont@keatonstaylor.com] has quit [Ping timeout: 255 seconds]
15:02 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 240 seconds]
15:14 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
15:15 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
15:19 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
15:22 -!- gmc [~gmc@freenode/sponsor/gmc] has joined #openvpn
15:34 -!- dazo is now known as dazo_afk
15:35 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
15:37 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has joined #openvpn
15:42 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
15:45 -!- Henryabcd [~Henryabcd@pD9E087C7.dip0.t-ipconnect.de] has joined #openvpn
15:52 -!- Henryabcd [~Henryabcd@pD9E087C7.dip0.t-ipconnect.de] has quit [Quit: Leaving]
16:00 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
16:00 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:02 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
16:33 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
17:04 -!- _jdccdevel [~chatzilla@69.196.87.218] has left #openvpn []
17:04 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:13 -!- mattock is now known as mattock_afk
17:22 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has quit [Remote host closed the connection]
17:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:30 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has joined #openvpn
17:34 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:55 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
17:56 < linuxthefish> hi, why does openvpn not work on windows 8.1 ?
17:58 <@krzee> works for others
17:58 <@krzee> !8ball
17:58 <@krzee> !crystalball
17:58 <@krzee> !crystal
17:58 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
17:59 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
17:59 < svm_invictvs> so...
18:01 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
18:01 < linuxthefish> i've talked to many people who say openvpn does not work in windows 8.1...
18:01 < linuxthefish> it connects fine but nttwork is not connected
18:02 < svm_invictvs> Why would a VPN work fine on one OS but not another
18:02 < linuxthefish> yet on other PC can connect and connected to vpn network
18:02 < svm_invictvs> OSX, my VPN connection works without any issues.
18:02 < svm_invictvs> Windows, not so much
18:02 < svm_invictvs> I've tried turning off the firewall to no avail
18:02 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has quit [Quit: bis später]
18:03 <@krzee> svm_invictvs, whats the error
18:04 < svm_invictvs> krzee: Nothing
18:05 < svm_invictvs> krzee: Windows connects successfully, the GUI icon goes green
18:05 <@krzee> svm_invictvs, linuxthefish, did you change the gui to always start as admin?
18:05 < linuxthefish> yes
18:05 <@krzee> svm_invictvs, you also on 8.1?
18:05 < svm_invictvs> Yes
18:05 < linuxthefish> it works now after reboot :S
18:05 <@krzee> :D
18:05 < svm_invictvs> Whatever client is current as of like 4 weeks ago
18:05 <@krzee> windows 8.1
18:05 <@krzee> seems like people always show up in waves with the same problem
18:05 < svm_invictvs> oh, no
18:06 < svm_invictvs> Windws 7
18:06 <@krzee> did you disable the windows firewall on the tap interface?
18:09 < svm_invictvs> Yeah
18:09 < svm_invictvs> Well, I think I did
18:09 < svm_invictvs> I'm a bit lost on how to actually disable it on the interface
18:10 < svm_invictvs> so I just disabled it compoletely
18:10 <@krzee> then give it a reboot
18:11 <@krzee> and test again
18:12 < svm_invictvs> Okay
18:14 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:23 < esde> svm_invictvs, did you run the vpn gui ads administrator the first time?
18:23 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
18:23 < esde> oh nvm
18:23 < esde> are you using the client from !download?
18:26 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 264 seconds]
18:27 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
18:41 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
18:42 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:42 < esde> see if this helps http://pastebin.com/mPCkh6Ga
19:23 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has joined #openvpn
19:29 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 264 seconds]
19:32 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
19:32 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
19:34 -!- ljvb [~jason@us.vps.vanbrecht.com] has quit [Quit: reboot]
19:37 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has joined #openvpn
19:50 -!- Paladine [~Paladine@secure.think-privacy.com] has quit [Quit: Leaving]
20:08 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 264 seconds]
20:24 -!- ArtVandalae [~SuperUnkn@CPE-110-148-145-150.vxl8.lon.bigpond.net.au] has joined #openvpn
20:28 < ArtVandalae> Hi all. I've been using OpenVPN for years as a "road warrior", it's a fantastic piece of software. I'm currently looking for a different use-case. I'm looking to configure a 24/7 remote server (as opposed to a human with a laptop/desktop) to VPN into a site. What's the recommended way to do this? Authentication via shared secret, certificates, etc. Anything else that I need to know? Any guides would be much appreciated
20:28 < ArtVandalae> . I'm having issues finding guides on Google because I think I'm using wrong terminology
20:30 < esde> You came to the right place!
20:31 < esde> type !welcome
20:32 < ArtVandalae> !welcome
20:32 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
20:32 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:32 < esde> you have goal almost covered, but we need a few more details
20:34 < ArtVandalae> !howto
20:34 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
20:50 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer]
21:11 < BtbN> You don't realy need to change anything.
21:11 < BtbN> Works the exact same way
21:46 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 244 seconds]
21:52 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:04 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
22:04 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Quit: No Ping reply in 180 seconds.]
22:07 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
22:10 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
22:24 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:27 -!- ampsix [uid26275@gateway/web/irccloud.com/x-dyxiyxsgndexsnur] has joined #openvpn
22:58 -!- jadergabriel [~quassel@179-197-167-254.user.veloxzone.com.br] has joined #openvpn
23:13 -!- jadergabriel [~quassel@179-197-167-254.user.veloxzone.com.br] has quit [Remote host closed the connection]
23:32 -!- ShadniX [dagger@p5481D788.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX_ [dagger@p5DDFE699.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- ShadniX_ is now known as ShadniX
23:37 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
23:42 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
23:45 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
23:49 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds]
23:50 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Quit: and in a dream i'm a different me, with a perfect you, we fit perfectly, and for once in my life i feel complete- and i still want to ruin it, afraid to look, as clear as day, this plan has long been underway, i hear them call, i cannot stay, the voice i]
--- Day changed Sat Jan 10 2015
00:12 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
00:17 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
01:20 -!- master_of_master [~master_of@p4FD7B43F.dip0.t-ipconnect.de] has joined #openvpn
01:24 -!- master_o1_master [~master_of@p4FD7BA92.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
01:36 < hyper_ch> good morning, channel
02:12 -!- Veverak [~Squirrel@ip-89-102-104-133.net.upcbroadband.cz] has quit [Ping timeout: 245 seconds]
02:30 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
02:33 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
02:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
02:51 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:09 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
03:21 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
03:46 -!- mattock_afk is now known as mattock
03:50 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 245 seconds]
03:51 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Ping timeout: 265 seconds]
04:08 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
04:09 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:25 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Remote host closed the connection]
04:25 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
04:29 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
04:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:43 -!- ampsix [uid26275@gateway/web/irccloud.com/x-dyxiyxsgndexsnur] has quit [Quit: Connection closed for inactivity]
05:11 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
05:39 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
05:45 -!- Latrina [~Latrina@151.56.185.105] has quit [Ping timeout: 244 seconds]
05:48 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 265 seconds]
05:50 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has joined #openvpn
05:50 -!- Latrina [~Latrina@ppp-170-5.26-151.libero.it] has joined #openvpn
05:55 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
06:40 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
06:41 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
06:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:18 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 244 seconds]
07:28 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Read error: Connection reset by peer]
07:30 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
07:34 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 244 seconds]
07:34 -!- TBJoe [~TBJoe@drms-4d0d6cff.pool.mediaWays.net] has joined #openvpn
07:35 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
07:37 -!- brallan [~brallan@186.176.89.59] has joined #openvpn
07:38 < brallan> Hi. Can anyone help me with VPN splitting?
07:41 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Read error: Connection reset by peer]
07:44 < esde> brallan, type !welcome
07:44 < brallan> !welcome
07:44 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
07:44 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
07:45 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
07:46 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:46 < brallan> !interface
07:46 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For Linux:
07:46 <@vpnHelper> iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
07:52 < brallan> esde: Right now I can connect to VPN, but I want to restring it to one application (KTorrent) and keep other ones unaffected. I am not the server, my app can use proxy and use specific interface
07:53 < hyper_ch> esde: you're nick isn't an abbreviation for esdeath, right?
07:56 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
08:02 -!- natha_n [~nathan@unaffiliated/natha-n/x-3655843] has joined #openvpn
08:07 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
08:07 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
08:10 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
08:16 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
08:16 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
08:21 < esde> brallan, I've not worked with openvpn on a per application basis. but for the time being (until you work out how to do it with openvpn), try creating an ssh session with the server (the one you'd like to forward ktorrent traffic through) with a port forward option. and only define localhost:$forwarded_port within ktorrent. then ktorrent goes through the server and everything else works as normal.
08:22 < esde> it might be not be an ideal solution, but it could work as a band-aid until you get the fix you need :)
08:35 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
08:36 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Max SendQ exceeded]
08:42 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
08:44 -!- natha_n [~nathan@unaffiliated/natha-n/x-3655843] has quit [Remote host closed the connection]
08:51 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco_]
08:52 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has joined #openvpn
08:55 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 264 seconds]
08:58 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
09:02 -!- mirco [~mirco@tmo-113-153.customers.d1-online.com] has joined #openvpn
09:02 -!- mirco [~mirco@tmo-113-153.customers.d1-online.com] has quit [Remote host closed the connection]
09:02 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:15 -!- tekk [~me@185.17.149.149] has quit [Ping timeout: 264 seconds]
09:24 -!- brallan [~brallan@186.176.89.59] has quit [Quit: Konversation terminated!]
10:12 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 245 seconds]
10:23 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
10:33 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
10:37 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 264 seconds]
10:38 -!- hyper_ch [~hyper_ch@81.4.108.20] has quit [Changing host]
10:38 -!- hyper_ch [~hyper_ch@unaffiliated/hyper-ch/x-5230410] has joined #openvpn
10:42 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
10:43 -!- mode/#openvpn [+o raidz] by ChanServ
10:56 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Quit: Gone...]
11:05 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has quit [Quit: 98% of all constipated people don't give a crap.]
11:23 -!- elfixit [~Icedove@2001:1620:2018:11:5e51:4fff:fec8:5b90] has joined #openvpn
11:35 -!- james41382 [~james@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
11:36 -!- james41382 [~james@unaffiliated/james41382] has joined #openvpn
11:55 < hyper_ch> krzee: https://scontent-a-ord.xx.fbcdn.net/hphotos-xfa1/v/t1.0-9/10924790_676027922516411_3609482144127501544_n.jpg?oh=3cd739fb18434e923511a15340c70651&oe=5536E80A
11:57 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
11:59 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
12:06 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
12:06 -!- johnfg [johnfg@spirit.org] has joined #openvpn
12:07 < johnfg> hi folks
12:07 < johnfg> I'm stumped over some behavior of openvpn.
12:07 < johnfg> All's fine with my original server and clients (3 of them).
12:08 < johnfg> However, when I want to add a new client, I get a tls error.
12:10 < johnfg> I source ./vars; do a ./build-key client4; copy the ca.* and client5.* files to the new client; edit client.conf to reflect the server; and add client5 to /etc/openvpn/ccd.
12:10 < johnfg> But, it won't connect due to a TLS error.
12:10 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:12 < johnfg> If I were to shut down an existing client, then use its client and server files, then I can connect.
12:12 < johnfg> What to do?
12:13 < pekster> If you copied your ca.key to the client, your entire PKI is compromised
12:14 < pekster> !intro-to-pki
12:14 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
12:15 < hyper_ch> what makes easy-rsa 3.0 better than 2.0?
12:15 < johnfg> pekster: But that's not why the new client can't connect, right?
12:15 < pekster> Nope. There are a number of TLS errors, so without !logs it's hard to say anything
12:15 < pekster> (logs from both ends)
12:16 < johnfg> pekster: ok.
12:17 < pekster> hyper_ch: It's a complete re-write, because 2.0 was hard to maintain, did a horrible job of supporting true CA separation (ie: all nodes, servers & clients, should send a CSR to get signed, and 2.0 did that poorly)
12:17 < hyper_ch> I see
12:18 < pekster> See that !hardening wiki link on PKI security recommendations, plus the above intro if you're new to PKI concepts
12:18 < johnfg> Here's from the server: http://dpaste.com/0H6CDGZ
12:18 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
12:18 < hyper_ch> but is there anything wrong with the keys and certs generate from 2.x?
12:19 < pekster> Until the most recent release, they're using 1024-bit key sizes by default, largely considered too small today. There's also the potential exposure of (by design) the org/company/city/state info in the "traditional" X.509 field model that's useless to openvpn
12:20 < pekster> If people fill them in honsetly, it makes cold-call attacks a bit easier if you know that guy at the coffee shop is "John Doe, working for the Customer Sales divission of Acme Widgets, Inc." -- giving that info out by default is usually quite silly.
12:23 < pekster> johnfg: Looks like the server can't validate the clients cert against the CA; it might not be signed by the same PKI
12:23 < hyper_ch> well, the I did change to 4096
12:23 < hyper_ch> and altered to aes something
12:23 < pekster> You can check by taking the _actual_ cert the client is presenting and verifying it to:
12:23 < pekster> !verify
12:23 <@vpnHelper> "verify" is (#1) If you receive certificate-based 'VERIFY ERROR' messages, you can manually verify the remote cert against a local CA using openssl: `openssl verify -verbose -CAfile /local/ca.crt /remote/copy/of/other.crt` or (#2) Note that this requires you to manually transfer the remote certificate to the local system for testing or (#3) You can also manually check issuer fingerprints with
12:23 <@vpnHelper> detailed cert output: `openssl x509 -in /some/cert.crt -noout -text` and compare against the CA cert fingerprint
12:24 < hyper_ch> does 3.0 now have as default 2048 or 4096 bit?
12:24 < pekster> 2048 by default
12:24 < hyper_ch> why so low=
12:25 < hyper_ch> well, I need to use 2048 for my snome phones... they can only handle that much
12:25 < hyper_ch> (according to the documentation...)
12:25 < pekster> Because increasing it won't really do what you expect from a cryptographic standpoint, and has very real implications in embedded and mobile environments
12:25 < pekster> You're free to do so if you want, but it doesn't make sense to use 4k as a default for everyone
12:26 < hyper_ch> I fail to see why it doesn't make sense to use 4k as default
12:26 < pekster> Bummer.
12:27 < pekster> !hardening
12:27 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
12:27 < pekster> And that "EU suggestion" is kind of moot anyway: just re-issue your keys at _least_ once a decade, which you should be anyway
12:27 < hyper_ch> but once a decade is pretty frequent...
12:27 < pekster> For an end-node? Not really
12:28 < pekster> Web servers often have to get new certificates every 1-5 years from "real" CAs
12:28 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
12:28 < hyper_ch> I made mine valid for 36500 days :)
12:28 < troulouliou_dev> hi is it ossible to connect multiple client with a tun setup ?
12:28 < pekster> Yea, RSA is going to be broken in the next "100 years" almost without a doubt
12:28 < pekster> ECC is the next thing anyway. ##security can explain why.
12:29 < hyper_ch> error correcting code?
12:29 < hyper_ch> electronic credit cards?
12:29 < hyper_ch> troulouliou_dev: what do you mean?
12:29 < pekster> Surely you can try harder. https://en.wikipedia.org/wiki/ECC
12:29 <@vpnHelper> Title: ECC - Wikipedia, the free encyclopedia (at en.wikipedia.org)
12:30 < pekster> troulouliou_dev: Yes, use a multi-client mode for your server
12:30 < pekster> TLS is required for that
12:30 < pekster> (ie: you can't use --secret and support multiple clients)
12:30 < troulouliou_dev> pekster, yes  i have with topology subnet
12:30 < troulouliou_dev> pekster, but i can't connect client between them
12:31 < troulouliou_dev> but all can connect server
12:31 < pekster> What's your goal here? Are you just trying to let the clients reach other clients over the VPN, using the VPN network addressing?
12:32 < pekster> You'll either need to allow that in your OS firewall on the server (and obviously the client's firewalls too) or see --client-to-client in the manpage to let openvpn route such traffic directly, without hitting your server-side OS firewall
12:33 < pekster> Personally I'd recommend going the firewall apparoach so you don't need to restart your server if you ever need to firewall one client uniquely, but it depends on what you want/need really
12:34 < troulouliou_dev> pekster, i want all client to be visible between them
12:34 < pekster> Right, so I just gave you 2 solutions to that
12:34 < pekster> Pick which one works better and implement it
12:34 < troulouliou_dev> pekster, it works with tap flawlessly with remote clients and some vm bridge to the tap
12:35 < troulouliou_dev> pekster, but in this mode the latency is too high and i have problems with freeswitch / sip
12:35 < pekster> It's best not to use tap unless you need non-IP (ie: raw Ethernet frame support)
12:35 < troulouliou_dev> mainly due to echio cancelation / lag issue
12:36 < troulouliou_dev> pekster, so in tun i need to put my vms in a separate neswork and route ?
12:37 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
12:37 < pekster> What's a VM got to do with it? OpenVPN doesn't care, and it's just "a computer"
12:37 < troulouliou_dev> pekster, even if i connect my vm by vpn i can't xwonnect client between them without routing
12:37 < pekster> You only mentioned you have clients, which in the context of openvpn, are location-agnostic. I don't understand what this "separate network" for your VMs has to do with your originally stated goal of allowing the OpenVPN clients to talk directly to another OpenVPN client
12:38 < pekster> So, back up a moment. Is _all_ you want to do connect 2 or more OpenVPN clients and allow them to reach other clients on this same VPN, using the unique addressing the openvpn server is using?
12:38 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:38 < troulouliou_dev> pekster, yes
12:39 < pekster> Then the OpenVPN server uses a network (RFC1918 is fine here, best to pick an unlikely to collide network) and your clients connect to it. Then configure your firewall properly on the server to allow forwarding between the clients, or optionally have openvpn route client traffic directly by using --client-to-client (both from my suggestions to you earlier)
12:39 < pekster> That's it.
12:40 < pekster> You _cannot_ re-use that OpenVPN network on any OpenVPN node (server or any clients.)
12:40 < pekster> It'd be like having 2 houses named "123 Fake Street" -- how would the mail carrier know which to deliver mail to
12:40 < troulouliou_dev> pekster, yeah just fugured out too thanks ; but without client-to*-client what is the difference btween topology subnet end p2p ?
12:41 < johnfg> Here's from the client: http://dpaste.com/0XAEK7Q
12:41 < pekster> One uses Point-to-Point networking, the other forms a more traditional subnet. Unless you know 1) you're never going to use Windows clients on your VPN, and 2) you're handling pushing the client supernet over the VPN to all clients, you should not use p2p
12:42 < pekster> troulouliou_dev: See also a description of topology options here:
12:42 < pekster> !topology
12:42 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
12:42 < pekster> You almost surely want --topology subnet
12:43 < troulouliou_dev> pekster, and if i want to improve latency ; but not allow client to client then i use p2p
12:43 < pekster> Nope
12:43 < pekster> It makes exactly zero difference for latency
12:43 < troulouliou_dev> pekster, ok got it perfect thanks :)
12:44 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
12:44 < pekster> johnfg: Right, the issue is that the sever cannot validate your certificate. I gave you the !validate info above
12:44 < pekster> Did you do that? WHat did you find out by having the server validate the exact same certificate the client is using (best to actually send it over from the client based on the file refernced in the client's config)
12:44 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:48 < troulouliou_dev> pekster, where does the latency comes from in tap mode from aditional arp .. pacquets
12:48 < troulouliou_dev> pekster, or from internal process ?
12:50 < pekster> Mostly the additional RTT for ARP, yea. There's a slight loss of efficiency due to the Ethernet frame overhead, but that's not usually relevant for RTP like SIP. L2 is also less secure since any client can spoof another client's IP
12:53 -!- stewi [~quassel@2400:6800:ffff:2:3507:a9ac:1cfa:235c] has joined #openvpn
12:56 -!- tekk [~me@185.17.149.149] has joined #openvpn
13:01 -!- gringao [~gringao@2a02-8420-4d45-cf00-e024-00bc-1228-edb9.rev.sfr.net] has joined #openvpn
13:43 -!- elfixit [~Icedove@2001:1620:2018:11:5e51:4fff:fec8:5b90] has quit [Ping timeout: 265 seconds]
13:56 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:03 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has joined #openvpn
14:07 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has joined #openvpn
14:14 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has quit []
14:14 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has joined #openvpn
14:16 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
14:21 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 252 seconds]
14:24 < ljvb> looking for help still.. trying to figure out what the problem is with the handoff between my internal ovpn tunnel and the outside world.
14:26 < ljvb> doing a speed tests.. from A to B (b neing the openvpn server and gateway) I get "Download: 29.43 Mbit/s", between b and the internet I get Download: 564.27 Mbit/s, between a and the internet going through b, I get around 2 to 3 MBit
14:26 < ljvb> (fyi, a network limitation is 30Mbit, so thats about right)
14:27 < ljvb> freebsd, not an appliance, just openvpn, freebsd, and pf
14:50 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
14:54 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
14:58 -!- mattock is now known as mattock_afk
15:14 -!- i336_ [~i336_@101.174.0.19] has joined #openvpn
15:15 < i336_> Hey. I want OpenVPN to handle all network I/O for a given set of processes on Linux, some of which will be being run through WINE. Where do I start?
15:33 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
15:48 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 264 seconds]
16:18 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
16:23 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 264 seconds]
16:27 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
16:39 -!- shio [marmot@6.121.101.84.rev.sfr.net] has quit [Ping timeout: 255 seconds]
16:42 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 244 seconds]
16:53 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:01 -!- z1ktest [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
17:01 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has joined #openvpn
17:04 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Ping timeout: 264 seconds]
17:04 < Thermi> i336_: Run those applications inside a dedicated network namespace and create virtual adapters, whose traffic is routed through your openvpn tun device.
17:06 < i336_> ah. I see...
17:06 < i336_> so like, a cgroup where the only network device is the virtual adapter?
17:06 < Thermi> i336_: I don't know anything about cgroups, sorry.
17:07 < Thermi> It's a semi contained network area with its own routing table, network devices and stuff.
17:07 < Thermi> Interaction with the normal namespace is done using virtual interfaces
17:07 < i336_> right. Yeah, I was trying to figure out what you meant by "dedicated network namespace"
17:08 < i336_> and what actual /thing/ that term translated to in practice =P
17:08 < Thermi> network namespace
17:08 < Thermi> netns
17:08 < Thermi> ip netns help
17:09 < i336_> oh ok
17:10 < i336_> ohh. Interesting
17:11 < i336_> thanks, I'll run with that and see how I go...
17:12 < Thermi> Sure, sure.
17:12 < Thermi> Don't mind bothering me with any specifics or other questions. Sadly, that is all I know about network namespaces on Linux.
17:18 -!- L0uk3 [~lukethedr@gateway/tor-sasl/lukethedrifter] has quit [Quit: bis später]
17:19 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 245 seconds]
17:35 -!- idl0r [~idl0r@gentoo/developer/idl0r] has quit [Ping timeout: 244 seconds]
17:43 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:47 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
17:51 -!- z1ktest [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Ping timeout: 264 seconds]
17:52 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:03 -!- nutron [~nutron@unaffiliated/nutron] has quit [Remote host closed the connection]
18:21 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
18:26 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 252 seconds]
18:29 -!- shio [marmot@6.121.101.84.rev.sfr.net] has joined #openvpn
18:47 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
18:48 -!- z1ktest [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
18:51 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Ping timeout: 256 seconds]
18:53 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
18:53 -!- z1ktest [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Ping timeout: 245 seconds]
18:54 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 244 seconds]
18:56 -!- TBJoe [~TBJoe@drms-4d0d6cff.pool.mediaWays.net] has quit [Quit: TBJoe]
19:00 -!- JackWinter [~jack@vodsl-9520.vo.lu] has quit [Quit: Konversation terminated!]
19:01 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Ping timeout: 244 seconds]
19:04 -!- JackWinter [~jack@vodsl-9520.vo.lu] has joined #openvpn
19:12 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
19:17 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Ping timeout: 252 seconds]
19:20 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
19:21 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
19:22 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
19:23 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:25 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Remote host closed the connection]
19:30 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
19:31 -!- mode/#openvpn [+v RBecker] by ChanServ
19:48 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
19:49 < bluenemo> hi guys. can i only use crl-verify when I actually have a crl.pem file? When I create the server I'd like to already specify a crl.pem path, as the server auto updates the crl.pem file for new clients as far as i know. so when I start the server the first time I dont have banned clients yet, and therefore no crl.pem file. can I supply a dummy crl.pem file somehow until i have my first unwanted certific
19:49 < bluenemo> ate?
19:50 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
19:55 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 264 seconds]
20:05 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
20:06 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
20:29 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
20:43 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
21:11 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Read error: Connection reset by peer]
21:14 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
21:18 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
21:19 < esde> !revoke
21:19 < esde> !crl
21:19 <@vpnHelper> "crl" is (#1) --crl-verify <crl> A CRL (certificate revocation list) is used when a particular key is compromised but when the overall PKI is still intact. The only time when it would be necessary to rebuild the entire PKI from scratch would be if the root certificate key itself was compromised. or (#2) you can make use of CRL by using the revoke-full script in easy-rsa (packaged with openvpn) that
21:19 <@vpnHelper> will create the CRL file for you. ssl-admin will also build a crl for you or (#3) openssl ca -config openssl-1.0.0.cnf -gencrl -out keys/crl.pem
21:19 < esde> bluenemo, ^
21:19 < esde> :)
21:24 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
21:41 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
21:46 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:06 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:11 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
22:19 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
23:03 -!- akamaru [~akamaru21@2601:0:8a80:1064:206f:b2a9:3d71:f30b] has quit [Read error: Connection reset by peer]
23:08 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:d8d3:44be:23fe:c65b] has joined #openvpn
23:12 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 264 seconds]
23:16 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
23:19 -!- akamaru [~akamaru21@2601:0:8a80:1064:1c44:fefa:fd88:b819] has joined #openvpn
23:20 -!- akamaruu [~akamaru21@2601:0:8a80:1064:7c81:4727:3145:a8f4] has joined #openvpn
23:22 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:d8d3:44be:23fe:c65b] has quit [Ping timeout: 244 seconds]
23:24 -!- akamaru [~akamaru21@2601:0:8a80:1064:1c44:fefa:fd88:b819] has quit [Ping timeout: 265 seconds]
23:27 -!- akamaruu [~akamaru21@2601:0:8a80:1064:7c81:4727:3145:a8f4] has quit [Ping timeout: 265 seconds]
23:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
23:32 -!- ShadniX [dagger@p5DDFE699.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX_ [dagger@p5DDFCE07.dip0.t-ipconnect.de] has joined #openvpn
23:33 -!- ShadniX_ is now known as ShadniX
23:35 -!- kossy [a@unaffiliated/kossy] has quit [Excess Flood]
23:38 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
23:45 -!- linuxthefish [~ltf@unaffiliated/edmundf] has quit [Ping timeout: 244 seconds]
23:50 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
23:54 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 264 seconds]
23:57 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:e051:1773:8bb:8586] has joined #openvpn
--- Day changed Sun Jan 11 2015
00:04 -!- stewi [~quassel@2400:6800:ffff:2:3507:a9ac:1cfa:235c] has quit [Quit: No Ping reply in 180 seconds.]
00:23 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
00:28 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds]
00:28 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
00:29 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
00:30 -!- mode/#openvpn [+v RBecker] by ChanServ
00:48 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
00:49 -!- gerforce [~zoujunc@120.210.161.234] has joined #openvpn
01:02 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has joined #openvpn
01:02 < altker128> Hey guys.  Anyone here use Tunnelblick on OSX Mavericks?
01:15 -!- gerforce [~zoujunc@120.210.161.234] has quit [Quit: leaving]
01:19 -!- MACscr [~Adium@2601:d:c800:de3:b96b:9a2d:7865:a240] has quit [Ping timeout: 244 seconds]
01:20 -!- master_o1_master [~master_of@p4FF24B56.dip0.t-ipconnect.de] has joined #openvpn
01:23 -!- master_of_master [~master_of@p4FD7B43F.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
01:24 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
01:28 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 244 seconds]
01:35 -!- u0m3 [~u0m3@92.80.69.178] has quit [Ping timeout: 245 seconds]
01:39 < hyper_ch> no
01:57 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has quit [Ping timeout: 256 seconds]
03:01 -!- Henryabcd [~Henryabcd@pD9E0AAB8.dip0.t-ipconnect.de] has joined #openvpn
03:12 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:19 -!- Henryabcd [~Henryabcd@pD9E0AAB8.dip0.t-ipconnect.de] has quit [Quit: Leaving]
03:25 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
03:26 -!- u0m3 [~u0m3@92.80.116.127] has joined #openvpn
03:30 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 265 seconds]
03:45 -!- i336_ [~i336_@101.174.0.19] has quit [Ping timeout: 265 seconds]
03:59 -!- mattock_afk is now known as mattock
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:21 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:21 -!- KavanS [~quassel@LINBIT/KavanS] has joined #openvpn
04:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
04:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:27 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
04:31 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 255 seconds]
04:32 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
04:32 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:33 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:38 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
04:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:43 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
04:49 -!- tobinski [~tobinski@x2f5eafa.dyn.telefonica.de] has joined #openvpn
04:49 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
04:53 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 256 seconds]
05:00 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Max SendQ exceeded]
05:02 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
05:04 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Max SendQ exceeded]
05:04 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
05:30 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Quit: I Was Just De-c0ded!]
05:31 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
05:47 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:48 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Quit: I Was Just De-c0ded!]
05:50 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
05:53 -!- rhagu [5ed98f15@gateway/web/freenode/ip.94.217.143.21] has joined #openvpn
05:57 < rhagu> Hi, what android Client (open source and free of charge) is secure and recommended?
05:57 <@plaisthos> !faq
05:57 <@vpnHelper> "faq" is (#1) http://openvpn.net/index.php/documentation/faq.html or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ
05:57 <@plaisthos> hm not that one
05:58 <@plaisthos> !learn android as https://code.google.com/p/ics-openvpn/wiki/FAQ
05:58 <@vpnHelper> Joo got it.
05:58 <@plaisthos> see that FAQ: Difference between android clients
06:01 < rhagu> Thanks, I guess openvpn connect is the way to go then
06:03 <@plaisthos> depends on what you are trying to accomplish
06:03 < rhagu> I have a owncloud server which hands out carddav and caldav data in my vpn and would like to connect to it via vpn
06:10 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
06:12 < rhagu> this is the config I use on my ubuntu laptop: http://pastebin.com/9g7f03aQ
06:18 -!- rhagu [5ed98f15@gateway/web/freenode/ip.94.217.143.21] has quit [Ping timeout: 246 seconds]
06:37 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
06:55 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
06:58 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:58 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
07:03 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 252 seconds]
07:39 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 244 seconds]
07:52 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has quit [Quit: leaving]
07:52 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has joined #openvpn
07:58 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:59 < hyper_ch> krzee: can anyone just ask to get an openvpn host cloak on freenode?
08:11 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
08:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:30 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
08:41 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:55 -!- gffa [~unknown@unaffiliated/gffa] has quit [Ping timeout: 264 seconds]
08:56 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
09:00 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
09:05 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Ping timeout: 264 seconds]
09:15 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
09:32 -!- tobinski [~tobinski@x2f5eafa.dyn.telefonica.de] has quit [Quit: Leaving]
09:47 -!- gringao [~gringao@2a02-8420-4d45-cf00-e024-00bc-1228-edb9.rev.sfr.net] has quit [Ping timeout: 244 seconds]
09:54 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:06 -!- webczat [webczat@webczatnet.pl] has joined #openvpn
10:07 < webczat> !welcome
10:07 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
10:07 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:09 < webczat> questions: if I have any globally routed pool ipv4 or ipv6, do I always need to have another public or private v4/v6 address over which the parent router can send packets coming to those routed subnets?
10:11 < webczat> Yes, I am starting with questions from general networking, but in general my goal is to configure ipv6-only vpn with openvpn, I am just trying to also understand exactly what I am doing or going to do
10:16 < webczat> ethernet links have (at least sometimes) local link addresses like fe80::/64 for this too, am I right? but I am not sure how do you actually configure openvpn in dev tun mode when I wanted to use ipv6, I mean server side.. I wanted to run openvpn in server mode
10:17 < webczat> the problem is the ifconfig-ipv6 setting. what is the remote address on the server?
10:23 -!- ddddddda [~yaaic@unaffiliated/he110wo1d] has joined #openvpn
10:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
10:49 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Remote host closed the connection]
10:51 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
10:53 <@krzee> hyper_ch, sure, user cloaks for all!
10:54 <@krzee> see ecrist for yours
11:09 < pekster> altker128: Tunnelblick is the most popular build and frontend for Macs; AFAIK it "should" work on the latest version too; you're likely to get more useful help if you ask a real question, not "does anyone use X"
11:12 < hyper_ch> krzee: how comes you can give cloaks away on this network?
11:12 < hyper_ch> does ecrist have some kind of super magic powers?
11:14 <@krzee> he runs the openvpn cloaks, if that counts as magic
11:14 <@krzee> you ask him, then he talks to an oper, and gets you your cloak
11:16 < hyper_ch> now knowing what kind of power he weilds, I'm kinda scared talking to him
11:16  * hyper_ch hides behind krzee
11:17 <@krzee> just avoid fridays
11:17 <@krzee> !friday
11:17 <@vpnHelper> "friday" is It's Friday, be warned that, due to him working at home, our resident guard-dog, ecrist, is likely already in the bag. Tread carefully.
11:23 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has quit [Ping timeout: 252 seconds]
11:27 -!- heraclitus [~phobos@unaffiliated/heraclitis] has quit [Ping timeout: 264 seconds]
11:27 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has joined #openvpn
11:30 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 256 seconds]
11:33 -!- lamppid [~lamppid@78.58.251.19] has joined #openvpn
12:05 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Remote host closed the connection]
12:15 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
13:05 < esde> ecrist, may I have an openvpn cloak, too? much shorter than *unaffiliated*
13:06 -!- Popsikle [~popsikle@2600:1017:b024:f3c2:a0e1:de6:da4c:a120] has joined #openvpn
13:07 < KavanS> !mitm
13:07 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
13:10 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:10 -!- Popsikle [~popsikle@2600:1017:b024:f3c2:a0e1:de6:da4c:a120] has quit [Ping timeout: 244 seconds]
13:34 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
13:34 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
13:35 -!- mode/#openvpn [+v RBecker] by ChanServ
13:42 < webczat> If I use openvpn in server mode with ipv6 tunnel
13:43 < webczat> and I assign with ifconfig-ipv6 and ifconfig-ipv6-push ip addresses that are in /80 address pool
13:43 < webczat> then why does windows add a route to /64 too when windows client connects over this vpn?
14:16 < pekster> webczat: Your CIDR for the pool and server-side network should match or strange things happen
14:17 < pekster> IOW, don't push a /80 CIDR mask if your VPN is really a /64 (which is & should be the common use-case, although things like a /112 are possible too if needed/desired)
14:21 -!- KjetilK is now known as Guest29245
14:21 -!- Guest29245 [~kjetil@ti0071a400-3057.bb.online.no] has quit [Ping timeout: 240 seconds]
14:23 < webczat> pekster: hmmm... actually they match., the whole configuration is set to /80 in openvpn
14:24 < pekster> Have a pastebin of your server config, sans comments/blanks? Plus the ccd for your push bits?
14:25 < pekster> If you're using /80 everywhere, it should be pushing that to the client. There's some odd behavior if your pool attempts to use a smaller CIDR size than the server network though (but sounds like this won't matter here)
14:25 < webczat> not really, I have removed it because I happen to hmm not do things I do not fully understand, so I wanted to understand it first. also, on linux the routing table is good and does not have anything with /64
14:25 < webczat> it actually pushes /80, but on windows I get address with /80, route with /80, but also another route with /64 even though config does not specify it
14:26 < pekster> The "no idea." Presumably you're declaring a /64 somewhere, but without !configs or !logs (bot has suggestions for pasting those) best you can be told here is "something is probably not configured right"
14:26 < pekster> Verify your configs & logs yourself for clues
14:26 < webczat> I believe it is just some windows specific behaviour, not config error
14:26 < webczat> because same config clientside on linux works and does not do this
14:27 < webczat> and same ccd config
14:28 < webczat> I do not add any routes. I am pushing /80 and ipconfig-ipv6 is also setting /80, but windows adds both /80 as push suggests, and /64 too
14:28 < webczat> and there is no config like routes in openvpn.conf
14:29 < webczat> I really believe this may be windows specific.
14:29 < pekster> Without logs I don't really care.
14:29 < pekster> Surely you're able to go read the factoids above and read your own logs for clues?
14:29 < webczat> I believe it is not a route added by openvpn, that in turn means openvpn does not do this and logs would not show anything
14:30 < webczat> lemme check something then
14:31 < pekster> Unlikely, unles you mean IPv6 LL
14:31 < pekster> But since you refuse to show any deatils, that's nothing more than a WAG
14:31 < webczat> I cannot show you things that I do not have, as I said
14:32 < pekster> Then you obviously haven't read !logs that I referenced above that explains very clearly how to generate logs
14:32 < pekster> !logs
14:32 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
14:32 < pekster> !configs
14:32 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
14:32 < pekster> !verb
14:32 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only
14:32 < pekster> !logfile
14:32 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
14:32 < pekster> Happy hunting.
14:32 < pekster> Oh, and probably:
14:32 < pekster> !interface
14:32 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For Linux:
14:32 <@vpnHelper> iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
14:33 < pekster> to see wtf you actually have as for interface configs and verify if you're "mystery top secret /64 that can't be shared with the class" is LL or some strange supernet
14:34 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has joined #openvpn
14:35 < webczat> this /64 actually exists but I just divided it :) and as said I cannot test it at the moment. I will have to look/write it again
14:40 < pekster> Curious, I'm seeing similar behavior
14:40 < pekster> C:\Windows\system32\netsh.exe interface ipv6 add route fd29:884a:4456:123::/80 Local Area Connection 3 fe80::8 store=active
14:48 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:50 < pekster> I'd guess this is either Windows being brain-dead, or possibly the TAP-WIN32 driver not handling non-/64 subnets properly
14:51 < pekster> fwiw, you're usually better off just using /64 anyway so that the "early developer preview" patches that Debian was so fond of including before OpenVPN officially supported IPv6 will work: they break if you use sub-/64 networks
14:54 < webczat> pekster: actually: I just tested by command like openvpn --proto tcp-server ... --dev tun --tun-ipv6 --ifconfig-ipv6 .../80 remote etc, and similar on a client side (windows) and didn't get /64 route. :O maybe it works differently in case of a push/whatever?
14:54 < webczat> like now it was p2p mode
14:54 < pekster> Unlikely; here's my testcase for the server that resultsin duplicate routes, one /80 and one /64
14:55 < pekster> https://paste.kde.org/p5lm46sja
14:56 < pekster> Here's the nonsense that results from `route -6 print` on the client:
14:56 < pekster>  17    286 fd29:884a:4456:123::/64  On-link
14:56 < pekster>  17    286 fd29:884a:4456:123::/80  fe80::8
14:56 < pekster>  17    286 fd29:884a:4456:123::1000/128
14:58 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has quit [Remote host closed the connection]
14:58 < webczat> okay. suggestion: what happens if you replace a mode server vpn with mode p2p and configure ip address on the client with ifconfig-ipv6? same with configuring ipv6 address client side but leaving mode server. :D
14:58 < webczat> because it didn't  add this /64 route in p2p mode when clients were locally specifying addresses in their config
14:59 < webczat> s/clients/peers/
14:59 < pekster> You can't use p2p in Windows since that OS is incapiable of Point-to-Point networking
14:59 < webczat> I mean --mode p2p, not the p2p topology
15:00 < webczat> like openvpn without --mode server
15:00 < webczat> that works, trust me, tested. :P
15:00 < webczat> another things that would be interesting: what is gonna happen if you use a larger pool like /48... lol
15:01 < pekster> /48 on-link? Don't do stupid things like that
15:01 < pekster> The only reason for a /64 is convention and integration with SLAAC (and backwards-compat with older 2.2.x dev-patches, as noted earlier.) Unelss you're going to tell me how you need more than 2^64 clients on your VPN
15:02 < webczat> I meant just testing, nothing more. my network here is incapable of v6 and such tests are probably safe
15:02 < pekster> That's still a useless thing to try
15:02 < pekster> Try something useful instead, like evalaute the netsh.exe call win your non-multi-client serve setup
15:02 < pekster> server*
15:03 < webczat> in my p2p setup, /64 is not added but the netsh call is the same
15:04 < pekster> Inlcuding the silly fe80::8 call?
15:04 < webczat> hmm
15:05 < webczat> hell... I cannot as easily compare it with multiserver set up because I have no certs at hand
15:06 < webczat> but yes, it seems to use something like fe88, like it probably uses the link local addresses appropriate for the tunnel
15:07 < pekster> "something like" isn't good enough here. https://github.com/OpenVPN/openvpn/blob/v2.3.6/src/openvpn/route.c#L1639
15:07 <@vpnHelper> Title: openvpn/route.c at v2.3.6 · OpenVPN/openvpn · GitHub (at github.com)
15:10 -!- mattock is now known as mattock_afk
15:12 < webczat> mmm
15:14 < webczat> anyway it still does not explain the /64 thing
15:14 < webczat> I would if possible test /48 but just for one reason: checking if it is consistent/smart/whatever
15:15 < webczat> unfortunately I cannot atm
15:16 < pekster> I bet this is the issue: C:\Windows\system32\netsh.exe interface ipv6 set address vpn1 fd29:884a:4456:123::1000 store=active
15:16 < webczat> but, seems like if I want to have a good v6 support, I should get /48 prefix first and delegate one /64 to vpn. I am using my /64 proper for linux containers and stuff
15:17 < webczat> pekster: the p2p mode linking shows the same message, I checked. but there is no /64 anyway :)
15:17 < pekster> https://imgflip.com/i/g9z7h
15:17 <@vpnHelper> Title: Creepy Condescending Wonka Meme - Imgflip (at imgflip.com)
15:17  * webczat is blind. give me as much images as you want :P
15:18 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:18 < webczat> I won't see them anyway
15:18 < pekster> Ah, fair enough. Just poking fun at 18446744073709551616 hosts being too small for anyone's network
15:19 < webczat> pekster: of course. but you are unable to predict the future and the way vpn is used :P
15:19 < pekster> Any single network larger than a /64 is 100% worthless
15:19 < pekster> More worthwhile is the cause of the on-link route addition that doesn't match the linked code line, which might be caused by:
15:19 < pekster> C:\Windows\system32\netsh.exe interface ipv6 set address vpn1 fd29:884a:4456:123::1000 store=active
15:19 < webczat> hmm actually the recommendation is often to grant max /48 to end user.:D
15:20 < pekster> RFC6177 says otherwise
15:20 < pekster> Also, you don't put that /48 on-link unless you're clueless or hate your customers (like a number of well-known VPS "providers" do)
15:21 < webczat> I mean min /64, max /48. I've read ripe recommendations I think and things like that. and ipv6 tunnelbrokers still give both /64 and /48
15:21 < webczat> what is the problem with on-link /48?
15:21 < webczat> maybe except the fact it may or may not be too large?
15:22 < pekster> wtf dude. Do you need more than 18,446,744,073,709,551,616
15:22 < pekster> hosts on your VPN network? If not, don't do insane things like this
15:22 < webczat> no. but slaac has a different model anyway, based on someone's mac address. it's more like if I need more than one subnet, I should have larger than /64
15:22 < pekster> That's 18.4 SEPTILLIAN hosts. I don't think there's enough RAM in the world, nevermind a computer to hold that much, do support it
15:23 < pekster> Yes. But *EACH* subnet should not be larger than a /64
15:23 < webczat> yes.
15:23 < pekster> I'm 100% on-board with RFC6177's recommendations to provide a large enough allocation to end-site (customers, businesses, etc) to route/subnet as they need
15:23 < pekster> on-link /48 is what brain-dead VPSes do, forcing customers who want to use it to do awful, horrible, insane hacks like NDP proxy. These companies hate their users
15:24 < webczat> but I am not sure if it is not said somewhere that end users may need more subnets, I may be mistaken :)
15:24 < pekster> Spend some time looking at RFC6177; it's quite clear, and their conclusion is very upfront about the design goals involved
15:24 < webczat> okay
15:25 < pekster> At any rate, something like a /56 to end-sites is a good starting place. Maybe a /48 for established businesses that can demonstrate a need, and more if the user/customer/site needs it for something
15:25 < webczat> anyway if I need more subnets because I have one for containers and one for vpn, does it justify /48 or /56? like tap mode vpn is not recommended so I cannot use one subnet for all this
15:26 < webczat> I cannot get /56 on the tunnel I have one routed /64 and can optionally get a routed /48.
15:26 < pekster> Right, you should get (without any question from your network provder) a /56 if you ask. A *routed* /56 (none oft his on-link crap.)
15:26 < pekster> Sure, /48 is fine
15:26 < pekster> I said at least ;)
15:27 < pekster> That's now 65,536 unique /64 networks (though usually you'd subnet that /48. That's the whole point of IPv6 is so we can route/subnet properly and do away with NAT-Overload)
15:28 < pekster> The tl;dr here is that there's no reason to give openvpn more than a /64 per-network, and IIRC it prohibits that configuration
15:28 < pekster> Less than that, sure, although that does have implications for backwords-compat support too, and is best avoided as a result
15:29 < webczat> yes. I am doing it mainly for educational purposes. I wanted to have educational linux container with public v6 and I use the main /64 for it. and another thing is that it is all done on a public server, but I also have a "server" that is connected to ipv4 network but behind a nat, that I want to use for hmm testing networking.
15:29 < webczat> so I need a vpn to give the natted server test ipv6 connectivity and possibly I would need a routed /64 going over this server for the purpose of testing
15:30 < pekster> You need a routed allocation to use IPv6 meaningfully with OpenVPN
15:31 < pekster> Unelss you use ULA, but that's not globally routable (and is only valid in the routed domain of your network or "site" that understands about that ULA space)
15:31 < webczat> I have routed /64 and can get additional independent /48 that I could probably divide into vpn thing and the subnet going to the natted server over vpn
15:31 < pekster> fwiw, I think this is a bug in the address setting code by not properly setting the CIDR mask during address execution
15:32 < pekster> This appears to do the right thing from the CLI: netsh interface ipv6>set address vpn1 fd29:884a:4456:1234::1001/80
15:32 < webczat> pekster: maybe, but in p2p case it still does not result in /64, it results in /128  and then route to /80 is separately added
15:32 < pekster> Yea, probably a different codepath, but I'd need to dig further to find out
15:32 < pekster> Did you compare the address setting call at --verb 4?
15:33 < webczat> yeah. but notice that in the case of --mode server, /80 pool etc, it results in /64, /128 and /80 all being there
15:33 < pekster> So is there a CIDR mask at the end of the address set ... call?
15:33 < webczat> no
15:34 < webczat> I am running with default settings for logging and there is no /xxx afgter the ipv6 address in p2p mode. and for server mode I would have to generate and send certificates and that hmm
15:34 < pekster> Right, my above paste is what you get for a P2MP server
15:35 < webczat> unless you are able to go without a client certificate?
15:35 < pekster> And if I omit the CIDR mask, it assumes a /64
15:35 < webczat> so why I did not get /64?
15:35 < webczat> in pure p2p
15:35 < pekster> No clue
15:35 < webczat> try and check what happens if you invoke openvpn in p2p mode.
15:36 < webczat> maybe I am mistaken
15:36 < pekster> https://github.com/OpenVPN/openvpn/blob/v2.3.6/src/openvpn/tun.c#L1209 If I'm going too slow for you in the code review while you keep asking me about the frontend
15:36 <@vpnHelper> Title: openvpn/tun.c at v2.3.6 · OpenVPN/openvpn · GitHub (at github.com)
15:40  * webczat hates reading c. ofc this thing was clear but :P
15:40 < pekster> Seems it's handled by add_route_connected_v6_net possibly, although the easier solution might be to pull the right mask out of the route_ipv6 struct for the involved address, or the tuntap struct if that's not yet availble
15:42 < webczat> so have you found this /64 thing that gets added always?
15:42 < webczat> and it is still interesting why the hell it does not get added in normal cases like p2p
15:42 < pekster> It's implicit, as demonstrated earlier. No clue (yet) why --topology p2p is different, because Windows doesn't understand it at all to begin with (it's only able to create actual subnets)
15:42 < webczat> different code path as you said
15:43 < webczat> pekster: first the topology thing as man says does not affect ipv6
15:43 < pekster> Except all the v6 address stuff is under line 1201 at if ( do_ipv6 )
15:43 < pekster> Yea
15:44 < pekster> The only v6 address-setting specific netsh call is from the arguments starting at tun.c:1209 (as of 2.3.6 anyway)
15:46 < webczat> pekster: okay lemme phase it this way: the /64 thing appears if one openvpn is the server with --mode server, and possibly only if the server pushes addresses to clients. /64 didn't get added for me if none of the openvpn instances had --mode server, and if ip was not pushed, like if it was manually set by both sides
15:47 < webczat> and it may be possible that if you remove the ifconfig-ipv6-pool from server and use ifconfig-ipv6 on the client it may work unless such usage is forbidden
15:48 < webczat> if it is then it should work if you will also remove --mode server
15:49 < johnfg> Sorry I had to be away after an answer from pekster.  I generated the client certificate on the server, so why or how could the pki not be the same?
15:51 < pekster> No idea; this is why you'd test it. That's the first thing you'd normally do when faced with a verification error
15:51 < pekster> Could be anything from accidently being in the wrong directory to your click being off, or a dozen more failure modes I could invent if I cared more.
15:51 < pekster> clock*
15:51 < pekster> Which is why you should do exactly what I suggested earlier, using the _actual_ client-cert as referenced by its _current_ config, defined in:
15:52 < pekster> !verify
15:52 <@vpnHelper> "verify" is (#1) If you receive certificate-based 'VERIFY ERROR' messages, you can manually verify the remote cert against a local CA using openssl: `openssl verify -verbose -CAfile /local/ca.crt /remote/copy/of/other.crt` or (#2) Note that this requires you to manually transfer the remote certificate to the local system for testing or (#3) You can also manually check issuer fingerprints with
15:52 <@vpnHelper> detailed cert output: `openssl x509 -in /some/cert.crt -noout -text` and compare against the CA cert fingerprint
15:54 < johnfg> pekster: righto.  I actually saw and read it from yesterday, but hadn't done it. I'm on it now :-)
15:55 < webczat> I am curious if I was not mistaken about the behavior of manually configured addresses hmhm
15:56 < pekster> webczat: I think this fixes it: https://github.com/QueuingKoala/openvpn/commit/ffc7ef7966396f3a08db6d663a1e2b217793b104
15:56 <@vpnHelper> Title: Add CIDR mask to win32 netsh call for ipv6 set address · ffc7ef7 · QueuingKoala/openvpn · GitHub (at github.com)
15:57 < pekster> My win32 build VM is a bit FUBAR now, but I might be able to have a build you can test within a day or two
15:58 < webczat> pekster: hmm I am not sure if it is really like you said if my last testcase without --mode server did not add /64 and your testcase with --mode server did. and both had no prefix length when setting address using netsh
15:58 < johnfg> pekster: On the first part of the !verify message, it returns: error 20 at 0 depth lookup:unable to get local issuer certificate
15:58 < webczat> then it may not fix the issue
15:59 < johnfg> I used the ca.crt ro the CAfile, and client5.crt for the remote.
15:59 < pekster> johnfg: Check the AIA of the client-cert against the CA's fingerprint
15:59 < johnfg> What's the remedy?
15:59 < johnfg> pekster: Is that following (#3) of the !verify msg?
16:00 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
16:01 < pekster> Yup. Dump the client cert, get the fingerprint of the issuing CA, and compare to the actual CA cert fingerprint
16:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:01 < pekster> If they don't match, you managed to sign that client cert with a different CA, which would not be matched to your -CAfile you attempted to verify with
16:02  * pekster meant AKI, not AIA)
16:03 < johnfg> pekster: Before I do that, the CA has definitely not changed.
16:04 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
16:04 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:05 < johnfg> pekster: One thing I note, in running the cmd on the client5.crt, it shows CA:FALSE, but on ca.crt, CA:TRUE.
16:06 < pekster> That's correct, but not currently relevant
16:07 < pekster> More relevant would be a matching AKI on the client to the SKI on the CA
16:08 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:08 < johnfg> pekster: I think you're in the process of nailing it.
16:10 < johnfg> I have one ca.crt in /etc/openvpn, and another in /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
16:11 < johnfg> Both generated on the same day, 1.5 yrs. ago.
16:11 < johnfg> Which is the one that ./build-keys uses when it runs?
16:11 < pekster> Whatever dir your're in
16:11 < pekster> Both are, for the record, horrible places to be doing your PKI in
16:12 < johnfg> pekster: What/where would you recommend?
16:12 < johnfg> At present: server is debian, this client is gentoo.
16:12 < pekster> A dedicated non-root user, with restrictive permisions on the homedir to prevent accidents like the ca.key read by other users
16:13 < pekster> Or out of /root/pki if you really hate priv-sep for some reason
16:13 < johnfg> pekster: Is there a cmd I can run on the current working 4 clients to see which ca.crt they are built (or whatever the word) with?
16:13 < pekster> As above, in !verify
16:14 < pekster>             X509v3 Subject Key Identifier:
16:14 < pekster>                 B4:F5:E3:34:03:F5:63:18:AD:D3:DE:1E:70:05:28:7F:B1:66:99:EC
16:14 < pekster> My sample cert was signed by keyid B4:F5:E3:34:03:F5:63:18:AD:D3:DE:1E:70:05:28:7F:B1:66:99:EC
16:14 < johnfg> pekster: Ok.
16:14 -!- lamppid [~lamppid@78.58.251.19] has quit [Ping timeout: 240 seconds]
16:14 < pekster> You'd go and verify your CAs to see which CA has a matching keyid
16:15 < pekster> Erm, AKI
16:15 < pekster> AKI: what signed this cert. SKI: this own cert's fingerprint
16:16 < pekster> A root CA will have matching values, since it "signed itself", and thus is vouching for its own correctness (and if you cannot trust it independently, you ought to reject it as a CA)
16:16 < pekster> !intro-to-pki
16:16 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
16:17 < webczat> btw why ipv6 does not support topologies, but ipv4 does? and also why in ipv6 I haveto provide remote address even server side? I do not understand that
16:19 < pekster> Because the concept of net30 is a broken 7-year old Windows concept from before the driver on that crappy platform supported real networking. Since we're behind ancient limitations in the driver there's no point to perpetuate such behavior
16:19 < pekster> Since IPv6 requres >=2.3.0 anyway, it's gaurenteed that Windows can support the non-broken methods
16:19 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
16:19 < pekster> !net30
16:19 <@vpnHelper> "net30" is "/30" is (#1) http://openvpn.net/index.php/documentation/faq.html#slash30 explains why routed clients each use 4 ips, or (#2) you can avoid this behavior with by reading !topology
16:19 < pekster> !topology
16:19 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
16:20 < pekster> The server still needs a routing target for the OS-routes
16:20 < pekster> (hence the "peer" IP)
16:21 < webczat> oses support adding routes going through interfaces
16:22 < pekster> It's more complex than that since OpenVPN has multiple routing options. Read about --iroute and --iroute-ipv6 to understand how openvpn routes things to particular clients
16:22 < pekster> and the !clientlan info/flowchart
16:22 < webczat> pekster: also what about topology p2p? there is such a thing as a third topology. is it just like when you don't need any subnet? but in any case you still cannot do that with ipv6.
16:22 < webczat> like you can probably but in a different way
16:23 < pekster> Linux can do device routing; build with ENABLE_IPROUTE2
16:23 < pekster> This is for some reason still not the default; patches welcome if you'd like to see the buildsystem do this by default when iproute2 headers/userland is availble
16:24 < pekster> See route.c:1599
16:25 < webczat> arch does not have ifconfig
16:25 < webczat> it has iproute2 only and it means that it probably has it enabled
16:25 < pekster> Wonderful. And if we removed backwards-compat stuff it'll break every other distro that doesn't support this, plus other OSes that don't support this at all
16:27 < pekster> Manpage for --ifconfig-ipv6 is pretty clear on its use. Plus in tap you might be doing on-link IPv6 routes; see route.c:1585 for the explanation
16:28 < webczat> pekster: honestly trued using old route for a while
16:28 < webczat> route add 11.0.0.0 dev vmnet
16:28 < johnfg> pekster: Ok, the certificate in /etc/openvpn is *not* the cert that the other clients were signed with.
16:28 < webczat> worked
16:29 < johnfg> Should I just copy the ca.crt that's the right one to that directory?
16:29 < pekster> FFS, you ask why things are and then refuse to read
16:29 < pekster> I really don't give any more shits if you're goign to be this much of a PITA
16:29 < pekster> 1585   /* On "tun" interface, we never set a gateway if the operating system
16:29 < pekster> 1586    * can do "route to interface" - it does not add value, as the target
16:29 < pekster> 1587    * dev already fully qualifies the route destination on point-to-point
16:29 < pekster> 1588    * interfaces.   OTOH, on "tap" interface, we must always set the
16:29 < pekster> 1589    * gateway unless the route is to be an on-link network
16:29 < pekster> 1590    */
16:29 < pekster> So happy I could paste in what I asked you to read that EXPLAINS EXACTLY WHY WE DO WHAT YOU SUGGEST, AND WHY WE SUPPORT LESSER OSES THAT CAN'T DO TI
16:30 < webczat> okay
16:31 < pekster> And yes, net-tools is a smoldering pile of crap
16:31 < pekster> !net-tools
16:31 <@vpnHelper> "net-tools" is https://github.com/QueuingKoala/fn-netfilter/wiki#avoid
16:31 < webczat> I prefer ip, I installed net-tools for something once but do not use it
16:31 < pekster> johnfg: Nope, you need to re-sign your client cert with the PKI your server is expecting
16:32 < pekster> Or replace your CA completely, which will invalidate all your previously-signed certs on every system (all servers & clients under that CA)
16:32 < johnfg> pekster: I'm wondering if that latter actually might be the best way to go.
16:33 < johnfg> And you're recommend I do it in say: /home/<non-root-user>/pki, e.g.?
16:33 < webczat> is it possible to do ipv6 only openvpn? it seems to enforce the resence of normal ifconfig directives on tun
16:33 < pekster> I create a `pki` user, with a umask of 77 defined in its .profile
16:33 < pekster> You could do it as root too, but I dislike doing things as root that don't require it as a security measure
16:34 < pekster> Further security (especially PKI) recommendations at:
16:34 < pekster> !hardening
16:34 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
16:35 < pekster> webczat: hmm? --ifconfig is a platform-agnostic directive to set addressing; it's got zero to do with /sbin/ifconfig (ENABLE_IPROUTE on Linux, and #if defined(win32) for ipconfig are notably not using ifconfig)
16:35 < pekster> Again, reference tun.c for all the magic ways the addressing gets sent depending on the #ifdef code that's very platform-specific
16:36 < webczat> pekster: I meant something else. the ifconfig directive sets ipv4 addresses. but if my openvpn wants ipv6 and does not want ipv4 and I try to start a client with no ipv4 it just fails loudly
16:36 < pekster> You'll need IPv4, but since RFC1918 is huge, just issue some bogus network if you don't care
16:36 < pekster> At some point that'll change, and it's a todo item. As with all FOSS code, patches welcome if this is a feature you'd like to see sooner.
16:36 < johnfg> pekster: Thanks for your help the last couple of days.
16:36 < pekster> Best check the ML and -master though; I think some groundwork has been done on this fairly recently
16:36 < webczat> It is annoyhing, but not very annoying. I was just wondering why that happens, and I feel satisfied :)
16:40 -!- CaTtleyA_ [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has joined #openvpn
16:43 < webczat> so in ipv4 and topology subnet case I should always set route-gateway in case I hit a platform that does not support on link routes? man says that topology subnet's ifconfig requires just ip and netmask instead of localip remoteip so
16:44 -!- CaTtleyA_ [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has quit [Client Quit]
16:45 < pekster> You probably want to push that to clients, yes
16:45 < pekster> That ought to be the default with --server but IIRC isn't, making life fun when that breaks for complex routing settups
16:45 < webczat> so I should push it to clients even if I do not forward from the vpn to the internet?
16:46 < pekster> "It depends." Skip it if you're not pushing networks that break
16:46 < pekster> Add it if you get a warning to the effect that it's missing
16:46 < pekster> File a bug if one isn't already open if this is a problem
16:46 < webczat> I am trying to understand the behavior, nothing more
16:47 < pekster> No --push "route ..." means you can happily ignore it
16:48 < webczat> but in case of ipv6 the route-gateway6 is also set by ifconfig-ipv6 and in this case it seems required. so server side, should the address set there not be hmm really used, or it does not matter?
16:58 < webczat> downloading sources
17:13 < webczat> okay i cannot find that in the code. the code seems like the gateway in routes is used only when we are using tap adapters, at least the specified one is used probably only in this case unless I am wrong. and the default gateway param is the one in ifconfig-ipv6 so I don't know where the ipv6 remote addr is used
17:13 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:13 < webczat> because ifconfig-ipv6 is probably not to be used on tap
17:15 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
17:32 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has joined #openvpn
17:34 < webczat> I probably see. this gateway is just not needed on linux even with net-tools it seems, but solaris needs it for compat
17:49 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
18:03 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
18:07 -!- ddddddda [~yaaic@unaffiliated/he110wo1d] has left #openvpn []
18:07 -!- hypermist is now known as pcupgrades
18:15 -!- pcupgrades is now known as hypermist
18:33 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Remote host closed the connection]
18:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
18:41 -!- webczat [webczat@webczatnet.pl] has left #openvpn ["WeeChat 1.0.1"]
19:18 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
19:38 -!- ddddddda [~he110wo1d@unaffiliated/he110wo1d] has joined #openvpn
19:59 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has quit [Quit: Nothing is more believed as that known least by the most.]
20:00 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
20:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
20:05 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
20:06 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
20:52 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
21:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:01 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:12 -!- ddddddda [~he110wo1d@unaffiliated/he110wo1d] has quit [Quit: Leaving]
22:14 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
22:41 -!- Denial [~Denial@81.141.16.42] has joined #openvpn
23:16 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 256 seconds]
23:31 -!- ShadniX [dagger@p5DDFCE07.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:31 -!- ShadniX_ [dagger@p5481DB12.dip0.t-ipconnect.de] has joined #openvpn
23:31 -!- ShadniX_ is now known as ShadniX
23:55 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
--- Day changed Mon Jan 12 2015
00:19 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Ping timeout: 244 seconds]
00:26 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 244 seconds]
00:40 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Remote host closed the connection]
00:43 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
01:02 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
01:11 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
01:12 < hyper_ch> krzee: can you teach me how cidr are actually calculated?
01:15 -!- nullm0dem [~kaiju@ip24-254-180-150.rn.hr.cox.net] has joined #openvpn
01:20 -!- master_of_master [~master_of@p4FF24197.dip0.t-ipconnect.de] has joined #openvpn
01:24 -!- master_o1_master [~master_of@p4FF24B56.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
01:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
01:32 -!- mattock_afk is now known as mattock
01:51 <@krzee> !cidr
01:51 <@vpnHelper> "cidr" is http://www.oav.net/mirrors/cidr.html
01:51 <@krzee> @ hyper_ch
01:51 < hyper_ch> krzee: you don't happen to have a shell script that converts a network range to cidr?
01:51 <@krzee> no, did you bother reading the link?
01:52 < hyper_ch> yes, looking at it
01:53 < hyper_ch> so a network range needs first to be converted to binary
01:55 < hyper_ch> btw, shouldn't whois be standardized?
01:59 <@krzee> what are you really trying to do?
02:03 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:03 < hyper_ch> well, I found yesterday a pythong script that can be used with fail2ban to block a whole subnet instead an individual IP.... I get many attempts from the Gaza... anyway, that script relieas on the inetnum in the whois... but I noticed that other whois return cidr itself or network range.... since I really suck at python, I thought I could do it in bash... so I need to convert a network range like 37.8.0.0 - 37.8.63.255
02:03 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 240 seconds]
02:04 < hyper_ch> also I wonder is it better to use     -j DROP    or   -j REJECT --reject-with icmp-port-unreachable
02:05 <@krzee> ya dunno
02:05 < AL13N_work> depends on what you want
02:05 <@krzee> might be able to find that already done for you in python
02:05 < AL13N_work> with REJECT you let them know
02:05 < AL13N_work> and/or you spend a packet on them
02:05 < hyper_ch> krzee: well, in bash I can at least understand what it does... python just hates me ;)
02:06 < AL13N_work> there's also iptables extensions like LABREA
02:06 < AL13N_work> which is like DROP, except they are grabbing the connection and aren't letting go, making the attacker lose a port
02:06 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
02:08 < hyper_ch> doesn't labrea put more stress on the network?
02:22 < AL13N_work> iiuc, it means just the regular TCP keepalive things, nothing more than that
02:23 < hyper_ch> I see
02:24 < AL13N_work> i should note that i haven't used it...
03:02 <@krzee> r/j #python
03:03 <@krzee> oops
03:03 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
03:03 -!- jdmf [~jdmf@78.156.100.202] has quit [Quit: Bye.]
03:09 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
03:12 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
03:22 < hyper_ch> krzee: well, can't be too hard to write an network range to cidr converter in bash... right?
03:22 <@krzee> *shrug* dunno
03:22 <@krzee> id google for it
03:23 < hyper_ch> in #bash they say that google is not the recommended way of learning bash... too many stupid and wrong scripts out there ;)
03:26 < AL13N_work> man bash
03:36 <@krzee> i wouldnt be looking for it in bash either
03:36 <@krzee> id suspect perl or python would be better suited
03:50 < hyper_ch> they both hate me
04:24 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
04:51 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Read error: Connection reset by peer]
04:52 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
04:54 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:55 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has joined #openvpn
05:01 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
05:43 -!- jetole [~jetole@unaffiliated/jetole] has joined #openvpn
05:47 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 244 seconds]
05:54 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
06:22 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:22 -!- mode/#openvpn [+o mattock_] by ChanServ
06:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:33 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
06:48 -!- Henryabcd [~Henryabcd@pD9E08E29.dip0.t-ipconnect.de] has joined #openvpn
06:50 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Ping timeout: 272 seconds]
06:51 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
06:52 -!- Henryabcd [~Henryabcd@pD9E08E29.dip0.t-ipconnect.de] has quit [Client Quit]
07:19 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Quit: IRC for Sailfish 0.8]
07:32 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has joined #openvpn
07:33 -!- JackWinter [~jack@vodsl-9520.vo.lu] has quit [Read error: Connection reset by peer]
07:56 -!- jetole [~jetole@unaffiliated/jetole] has quit [Quit: Leaving]
08:00 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
08:15 -!- kexmex [~kexmex@78.111.187.153] has joined #openvpn
08:17 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
08:35 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Quit: Leaving]
08:43 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer]
08:44 -!- Rambozo [~Rambozo@ns503798.ip-192-99-11.net] has quit [Ping timeout: 265 seconds]
08:46 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 244 seconds]
08:48 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
08:51 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:52 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
09:01 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
09:06 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has joined #openvpn
09:09 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
09:09 -!- mode/#openvpn [+v s7r] by ChanServ
09:11 < linuxthefish> hi, why does openvpn not work on Windows 8.1 after resuming from sleep?
09:12 < linuxthefish> i need to restart every time i wish to use openvpn or i can't ping anyone inside my vpn network or on the internet
09:12 < esde> !crystal
09:12 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
09:12 < linuxthefish> i just did, i want it to work
09:13  * esde reads up
09:13 < linuxthefish> http://pastebin.com/raw.php?i=0bjFnrRJ is client log
09:13 < esde> I see no logs or configs
09:13 < linuxthefish> what other log do you need? :S
09:13 < esde> !allinfo
09:13 <@vpnHelper> "allinfo" is Please type !configs !logs and !interface to see all the info we want to be able to help you
09:14 < linuxthefish> !configs
09:14 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
09:14 < linuxthefish> !logs
09:14 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
09:14 < linuxthefish> !interface
09:14 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For
09:14 <@vpnHelper> Linux: iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
09:14 < linuxthefish> how come it works on my linux and mac PC's after restart?
09:15 < linuxthefish> i've seen lots of other people ask about this before :S
09:15 < esde> (Also, bear in mind, there are less windows users than linux user on average, so this may also contribute to a longer wait time for help)
09:15 < esde> No clue, as I don't use microsoft products wherever possible. Especially windows 8.*
09:16 < esde> There is also openvpn-as if you'd like it to "just work"
09:16 < esde> !as
09:16 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
09:17 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Ping timeout: 265 seconds]
09:22 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
09:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
09:30 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
09:31 -!- kexmex [~kexmex@78.111.187.153] has quit [Quit: Computer has gone to sleep.]
09:31 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
09:40 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 256 seconds]
09:41 -!- jetole [~jetole@unaffiliated/jetole] has joined #openvpn
09:43 < jetole> Hey guys. I am trying to provide routing to a client network. The OpenVPN server is also the router. The client network is on 10.3.0.0/24. All local networks are within the parent 10.2.0.0/16. I have added iroute to the ccd. route to the openvpn server config. "push route" and client-to-client to the openvpn server config however I am not seeing any routes appear to 10.3.0.0/24 on the openvpn server. I am not sure what I am missing
09:43 < jetole> I have restarted openvpn on both the server and client
09:44 < jetole> the client is connected. It's receiving the ifconfig-push IP address from ccd and I can reach other hosts on the server side network but the route for the server (and other server side nodes) to reach 10.3.0.0/24 does not appear
09:52 < esde> Not sure if clientlan is applicable to your goal, but if it is, there's a nifty flowchart to help troubleshooting
09:52 < esde> !clientlan
09:52 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
09:52 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/clientlan.png | http://pekster.sdf.org/misc/clientlan.png
09:53 < jetole> the first link appears dead
09:53 < jetole> oh and yeah I enabled forwarding on the client machine
09:53 < jetole> everything else you mentioned I already said I did
09:53 < esde> the second link is a mirror
09:53 < jetole> reviewing second link now
09:55 < jetole> esde: on the flow chart under route, it says push "route 10.10.10.0 255.255.255.0". On my server I have push "route 10.3.0.0 255.255.255.0 vpn_gateway"
09:55 < jetole> is the vpn_gateway maybe why the route is not being automatically added?
09:57 < esde> I am not sure. Hopefully that information will help someone else understand the issue and offer advice, or help you sort it yourself. :)
10:08 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:14 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Ping timeout: 255 seconds]
10:22 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
10:24 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
10:26 -!- Y0sh1 [~Y0sh1@TiP01.theinternets.nl] has quit [Quit: OK, Doei!]
10:26 -!- Y0sh1 [~Y0sh1@TiP01.theinternets.nl] has joined #openvpn
10:27 < johnfg> pekster: btw...all is working on the server & clients.  Thanks for the help!
10:27 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
10:29 -!- johnfg [johnfg@spirit.org] has left #openvpn []
10:33 -!- shio [marmot@6.121.101.84.rev.sfr.net] has quit [Ping timeout: 252 seconds]
10:34 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Remote host closed the connection]
10:40 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Read error: Connection reset by peer]
10:43 -!- shio [marmot@6.121.101.84.rev.sfr.net] has joined #openvpn
10:44 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
10:46 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 245 seconds]
10:51 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
10:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
10:57 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:01 -!- Drustan [~Drustan@lea.tristanpilat.com] has joined #openvpn
11:02 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
11:02 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
11:07 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:09 -!- AL13N_work [~alien@91.183.52.232] has quit [Ping timeout: 265 seconds]
11:13 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has joined #openvpn
11:13 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
11:14 < Drustan> Hi all.
11:14 -!- AL13N_work [~alien@91.183.52.232] has joined #openvpn
11:14 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:16 < Drustan> I have 2 WAN. Anyone know how to configure openvpn to send traffic through the interface the client connect to
11:16 < Drustan> ?
11:17 -!- jetole [~jetole@unaffiliated/jetole] has quit [Quit: Leaving]
11:20 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 264 seconds]
11:22 <@plaisthos> !policy-routing
11:22 <@plaisthos> !policy
11:22 <@vpnHelper> "policy" is (#1) http://openvpn.net/howto.html#policy for Configuring client-specific rules and access policies or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules for a lil writeup by mario or (#3) dynamic OpenVPN policy github project: https://github.com/QueuingKoala/openvpn-dynamic
11:28 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
11:29 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
11:31 < Drustan> Thanks for your help !
11:44 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
11:45 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
11:48 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:24 -!- linuxthefish [~ltf@unaffiliated/edmundf] has left #openvpn ["Leaving"]
12:32 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
13:13 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
13:15 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
13:28 -!- Matias_Arg [~matias@190.246.146.237] has joined #openvpn
13:28 < Matias_Arg> buenas tardes
13:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
13:31 < Matias_Arg> tengo un par de dudas con respecto al funcionamiento de openvpn, ya que tengo 5 servidores bajo la topologia Malla ( todos contra todos)  y estoy teniendo algunos problemas
13:32 < esde> English only afaik
13:32 < esde> No espanol
13:32 < Matias_Arg> esde ok.
13:32 < Matias_Arg> sry
13:33 < Matias_Arg> I have a couple of questions regarding the operation of openvpn, since I have 5 servers in the grid (all against all) topology and am having some problems
13:33 < esde> please type !welcome
13:33 < Matias_Arg> !welcome
13:33 -!- Matias_Arg [~matias@190.246.146.237] has quit [Read error: Connection reset by peer]
13:33 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:33 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:36 -!- Matias_Arg [~matias@190.246.146.237] has joined #openvpn
13:36 < Matias_Arg> !welcome
13:36 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:36 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:37 < Matias_Arg> openvpn runs slow
13:37 < Matias_Arg> in my topology
13:38 -!- Matias_Arg [~matias@190.246.146.237] has quit [Read error: Connection reset by peer]
13:38 < esde> !cloak
13:38 <@vpnHelper> "cloak" is Talk to ecrist if you want an OpenVPN user host cloak such as ircuser@openvpn/user/ircuser
13:38 < esde> I would like one cloak please. Are daggers extra?
13:40 < hyper_ch> no, but you get some % off on poisons
13:40 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 244 seconds]
13:40 -!- Matias_Arg [~matias@190.246.146.237] has joined #openvpn
13:40 < Matias_Arg> and I have 50Mbits at each site
13:41 < Matias_Arg> any ideas or suggestions?
13:42 < hyper_ch> it runs fast
13:42 < hyper_ch> you use dpb?
13:42 < hyper_ch> udp
13:42 < hyper_ch> tried iperf
13:42 < Matias_Arg> udp
13:42 < Matias_Arg> iperf?
13:43 < hyper_ch> yes, iperf
13:43 < hyper_ch> tried different ports?
13:43 < Matias_Arg> yes
13:43 < hyper_ch> does connection work fine when ont using vpn?
13:43 < hyper_ch> tried tcp instead of udp?
13:44 < Matias_Arg> if I perform tests outside openvpn these operate at 50Mbits
13:44 < Matias_Arg> between nodes
13:44 < hyper_ch> you know that everything goes through the vpn server?
13:45 < Matias_Arg> yes
13:45 < hyper_ch> iperf or I don't believe it
13:45 < Matias_Arg> the servers are mine
13:46 < Matias_Arg> I use tcpdump and ntop and iptraf
13:46 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has joined #openvpn
13:46 < Matias_Arg> ok
13:47 < Matias_Arg> any suggestions to better measure
13:47 < Matias_Arg> are production servers. Is there any risk in using iperf?
13:48 < hyper_ch> it could make the universe implode
13:48 -!- Matias_Arg [~matias@190.246.146.237] has quit [Read error: Connection reset by peer]
13:48 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 272 seconds]
13:48 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Ping timeout: 272 seconds]
13:48 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 272 seconds]
13:49 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 264 seconds]
13:50 -!- Matias_Arg [~matias@190.246.146.237] has joined #openvpn
13:50 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
13:50 < Matias_Arg> sorry did not read if they wrote something
13:50 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
13:50 < esde> <hyper_ch> it could make the universe implode
13:51 < Matias_Arg> any suggestions to better measure and are production servers. Is there any risk in using iperf?
13:56 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has quit [Quit: Thank you for not discussing the outside world.]
13:58 < Matias_Arg> hyper_ch: are you there?
13:59 < Matias_Arg> it is over openvpn iperf3
13:59 -!- Matias_Arg [~matias@190.246.146.237] has quit [Read error: Connection reset by peer]
14:00 -!- Matias_Arg [~matias@190.246.146.237] has joined #openvpn
14:00 < Matias_Arg> and whitout openvpn
14:00 < Matias_Arg> [  4] local 10.10.254.2 port 36708 connected to 10.10.254.18 port 5201
14:00 < Matias_Arg> [ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
14:00 < Matias_Arg> [  4]   0.00-1.00   sec  5.98 MBytes  50.2 Mbits/sec    4    405 KBytes
14:00 < Matias_Arg> [  4]   1.00-2.00   sec  5.28 MBytes  44.3 Mbits/sec    4    340 KBytes
14:00 < Matias_Arg> [  4]   2.00-3.00   sec  5.20 MBytes  43.6 Mbits/sec    0    377 KBytes
14:00 < Matias_Arg> [  4]   3.00-4.00   sec  5.54 MBytes  46.4 Mbits/sec    0    399 KBytes
14:00 < Matias_Arg> [  4]   4.00-5.00   sec  5.27 MBytes  44.2 Mbits/sec    2    307 KBytes
14:00 < Matias_Arg> [  4]   5.00-6.00   sec  5.19 MBytes  43.5 Mbits/sec    0    328 KBytes
14:00 < Matias_Arg> [  4]   6.00-7.00   sec  5.17 MBytes  43.3 Mbits/sec    0    339 KBytes
14:00 < Matias_Arg> [  4]   7.00-8.00   sec  5.19 MBytes  43.5 Mbits/sec    0    342 KBytes
14:00 < Matias_Arg> [  4]   8.00-9.00   sec  5.18 MBytes  43.4 Mbits/sec    0    342 KBytes
14:00 < Matias_Arg> [  4]   9.00-10.00  sec  5.19 MBytes  43.5 Mbits/sec    0    342 KBytes
14:00 < esde> no
14:00 < esde> !paste
14:00 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
14:00 < Matias_Arg> ok. sry
14:00 < esde> In the future, please don't spam.
14:01 < hyper_ch> iperf looks good
14:02 < Matias_Arg> the same destination
14:02 < Matias_Arg> but the performance is poor using openvpn
14:02 < Matias_Arg> see the bandwidth
14:02 < Matias_Arg> 50-43Mbits vs 45-14mbits
14:03 < hyper_ch> where's the one with openvpn?
14:04 < Matias_Arg> the first
14:05 < hyper_ch> there's only one
14:05 < hyper_ch> use pastebins to show them properly
14:05 < Matias_Arg> sry
14:06 < Matias_Arg> wait
14:06 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has quit [Excess Flood]
14:07 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has joined #openvpn
14:07 < Matias_Arg> http://pastebin.com/jBZ8j7Eu
14:07 < hyper_ch> pastebin.com is evil
14:08 < hyper_ch> !configs
14:08 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
14:09 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has quit [Excess Flood]
14:10 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has joined #openvpn
14:10 < Matias_Arg> hyper_ch: I can not understand you ask me
14:10 < hyper_ch> I need configs
14:10 < Matias_Arg> ok
14:11 < hyper_ch> without comments
14:11 < Matias_Arg> by pastebin or where?
14:11 < hyper_ch> yes
14:11 < Matias_Arg> its only a line
14:11 < hyper_ch> but without comments
14:12 < hyper_ch> config is only one line?
14:12 < Matias_Arg> its run over linux
14:12 < hyper_ch> that should be 10+ lines
14:12 < Matias_Arg> can I paste here?
14:12 < hyper_ch> you can try
14:13 < Matias_Arg>  /usr/sbin/openvpn --remote 10.10.254.18 --local 10.10.254.2 --dev tun8 --ifconfig 192.168.2.37 192.168.2.73 --verb 5 --secret /etc/openvpn/clave.key --persist-key --persist-tun --port 5308 --ping 15 --float --daemon --writepid /tmp/pid_tun8
14:14 < hyper_ch> why is that not in a config file?
14:14 < hyper_ch> that's the client config?
14:14 < Matias_Arg> /usr/sbin/openvpn --remote 10.10.254.2 --local 10.10.254.18 --dev tun8 --ifconfig 192.168.2.73 192.168.2.37 --verb 5 --secret /etc/openvpn/clave.key --persist-key --persist-tun --port 5308 --ping 15 --float --daemon --writepid /tmp/pid_tun8
14:14 < hyper_ch> and server config?
14:14 < Matias_Arg> yeap
14:15 < hyper_ch> where's dh? and ca cert?
14:15 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has quit [Excess Flood]
14:15 < Matias_Arg> are not necessary
14:16 < hyper_ch> no idea waht the --float is
14:16 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has joined #openvpn
14:16 < Matias_Arg> --float         : Allow remote to change its IP address/port, such as through
14:17 < hyper_ch> why don't you use ca.crt and dh.pem?
14:17 < hyper_ch> what's the server config?
14:17 < Matias_Arg> those are the 2 points
14:18 < hyper_ch> ?
14:18 < Matias_Arg> I paste 2 lines
14:18 < esde> methinks he's not using configs
14:18 < Matias_Arg> first client and the second is server
14:18 < hyper_ch> yes, but really weird setup
14:19 < esde> methinks hes using cli arguments for the daemon
14:19 < esde> *'
14:19 < Matias_Arg> I copy this sample from openvpn site
14:19 < Matias_Arg> and really work fine
14:19 < hyper_ch> well, doesn't seem to work fine, otherwise you wouldn't be in here with speed issues
14:19 < Matias_Arg> but I have problem with the speed
14:20 < Matias_Arg> the performance is poor over tun
14:21 < hyper_ch> I'd first try a proper setup like I have it setup
14:21 < hyper_ch> but that's just me
14:23 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
14:23 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
14:23 -!- jefferai [sid1300@kde/mitchell] has quit [Ping timeout: 265 seconds]
14:23 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Read error: Connection reset by peer]
14:24 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Remote host closed the connection]
14:24 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Remote host closed the connection]
14:24 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has quit [Excess Flood]
14:25 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has joined #openvpn
14:25 -!- lachesis [~lachesis@unaffiliated/lachesis] has quit [Ping timeout: 265 seconds]
14:25 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 265 seconds]
14:25 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 265 seconds]
14:25 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 265 seconds]
14:25 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 265 seconds]
14:26 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Ping timeout: 265 seconds]
14:26 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 265 seconds]
14:26 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 265 seconds]
14:26 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 265 seconds]
14:26 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
14:26 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
14:26 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
14:27 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
14:27 -!- BtbN [btbn@btbn.de] has quit [Ping timeout: 244 seconds]
14:29 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 244 seconds]
14:29 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
14:29 -!- lachesis [~lachesis@unaffiliated/lachesis] has joined #openvpn
14:29 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
14:30 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
14:31 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
14:32 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
14:32 < Matias_Arg> hyper_ch: are you there?
14:32 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
14:32 < hyper_ch> yes
14:32 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
14:33 -!- JackWinter_ [~jack@vodsl-9520.vo.lu] has quit [Ping timeout: 244 seconds]
14:33 < Matias_Arg> you can suggest me some change?
14:33 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
14:33 < hyper_ch> that would consist of makin a ca, generate server and client certs, and dh file
14:34 < hyper_ch> and tls-auth
14:34 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
14:35 -!- BtbN [btbn@btbn.de] has joined #openvpn
14:35 < Matias_Arg> hyper_ch: ok and how these changes that would improve the speed?
14:35 < hyper_ch> works for me
14:36 < Matias_Arg> you have a network of high traffic and not lose performance?
14:36 -!- haasn [~haasn@static.102.126.46.78.clients.your-server.de] has joined #openvpn
14:36 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 244 seconds]
14:36 < Matias_Arg> This did not happen because me up to 20Mbits
14:39 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
14:41 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
14:42 < Matias_Arg> someone can really help me? I understand that hyper_ch not going to work with me if I do what he asks and I saw that his solution besides being cumbersome will worsen processor usage.
14:43 < esde> my first piece of advice would be to provision a test lab to work on instead of making live changes on your production system(s)
14:43 < Matias_Arg> esde: ok
14:44 < Matias_Arg> esde: I can do thats
14:44 < esde> second, what's more important to you. speed of data transfers, or the integrity of those transfers?
14:45 < Matias_Arg> speed and latency
14:45 < Matias_Arg> I have voip
14:45 < esde> then you don't need any PKI (ca, client certs, tls authentication, et all)
14:46 < esde> but your data becomes more vulnerable to different attacks
14:47 < Matias_Arg> Its run over mpls
14:47 < Matias_Arg> I dont need more security
14:48 < Matias_Arg> I have 2 mpls per site
14:48 < Matias_Arg> I need security
14:48 < Matias_Arg> sry
14:48 < esde> your first goal is to get the test lab up and running. once you've got that, gather your logs, configs (you should be using configs to make things easier), and interface/routing information. then come back, restate your goal, provide pastebin links to your info, and await a reply :)
14:48 < Matias_Arg> I need speed :)
14:48 < Matias_Arg> ok.
14:49 < Matias_Arg> why need use a config file?
14:49 < esde> for our sanity in this case
14:49 < esde> saying, the first one is A
14:50 < esde> the sconed one is B
14:50 < esde> is difficult to keep track of
14:50 < esde> *second
14:50 < Matias_Arg> ok.
14:50 < Matias_Arg> thanks esde
14:51 < esde> it's not mandatory, but if I were capable of helping you, I'd prefer to see individual links with the directives inside, rather than try to decipher a command with arguments within the channel
14:52 < Matias_Arg> ok.
14:52 < Matias_Arg> openvpn has no speed limits ?
14:52 < esde> well Gigabit speed needs some tweaking iirc
14:52 < esde> !gbps
14:52 < esde> !gigabit
14:52 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
14:53 < Matias_Arg> ok
14:53 < Matias_Arg> but not 50 Mbits
14:53 < esde> no you could run 100Mbps and saturate your connection
14:54 < Matias_Arg> when removing the LZO compression, got 30% more performance
14:57 -!- bruce927 [~bruce@cpc10-slou3-2-0-cust163.17-4.cable.virginm.net] has joined #openvpn
14:57 < bruce927> Is it possible to only divert certain traffic through an ovpn connection? I need to connect to some ssh servers but don't want the rest of my traffic going through the vpn connection
14:58 < bruce927> (In linux mint specifically)
14:58 -!- Matias_Arg [~matias@190.246.146.237] has quit [Read error: Connection reset by peer]
14:59 < hyper_ch> bruce927: depends
14:59 < bruce927> hyper_ch on what exactly?
14:59 < hyper_ch> can you use proxies with those apps?
15:00 < hyper_ch> or if you know the destination of that traffic, you could probably add routes to the routing table that will route certain destinations through the vpn
15:01 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 244 seconds]
15:01 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
15:01 < bruce927> It's just an SSH connection I want to make, though it would be handy to be able to do it via nemo too so I can mount the ssh volume
15:01 < bruce927> So really, more accurately, is it possible to only send traffic on a certain port (22 in this case) through ovpn?
15:01 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Read error: Connection reset by peer]
15:02 < hyper_ch> bruce927: then make the endpoint a client also in the vpn
15:03 < ValdikSS> Hello. Paypal address openvpn@secure-computing.net is not working?
15:03 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
15:03 <@plaisthos> just give me the money :P
15:03 <@plaisthos> (joking)
15:07 -!- abbe_ [having@badti.me] has joined #openvpn
15:08 -!- abbe [having@badti.me] has quit [Disconnected by services]
15:09 -!- abbe_ is now known as abbe
15:10 -!- roentgen_ [~none@openvpn/community/support/roentgen] has joined #openvpn
15:11 -!- Orbixx_ [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
15:12 -!- nsrbnc [whois@unaffiliated/nsrafk] has joined #openvpn
15:13 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has joined #openvpn
15:14 -!- Netsplit *.net <-> *.split quits: roentgen, clu5ter, Orbixx, nsrafk
15:14 -!- nsrbnc is now known as nsrafk
15:15 < two_oes> !welcome
15:15 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:15 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:15 < two_oes> !howto
15:15 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
15:16 -!- mattock is now known as mattock_afk
15:17 < bruce927> hyper_ch: Would doing something like that need access to the vpn server?
15:24 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has joined #openvpn
15:26 -!- mistermajestic [~mistermaj@gateway/vpn/privateinternetaccess/mistermajestic] has quit [Remote host closed the connection]
15:34 -!- user98067 [~Sappo@46-166-164-239.ip-rdns.com] has joined #openvpn
15:35 < user98067> I get this error Authenticate/Decrypt packet error: packet HMAC authentication failed when a client connects, vpn works fine just logs are filling up with that error and other tls errors, how can i fix this?
15:46 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:48 -!- user98067 [~Sappo@46-166-164-239.ip-rdns.com] has quit [Ping timeout: 252 seconds]
15:51 -!- bruce927 [~bruce@cpc10-slou3-2-0-cust163.17-4.cable.virginm.net] has quit [Ping timeout: 245 seconds]
15:52 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
15:54 -!- bruce927 [~bruce@cpc10-slou3-2-0-cust163.17-4.cable.virginm.net] has joined #openvpn
15:54 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
15:54 < bruce927> I figured out that I need to setup a route for a specific IP to the openvpn tunnel IP, how do I get my system to not send all traffic through the virtual tunnel interface?
16:07 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]
16:12 -!- bruce927 [~bruce@cpc10-slou3-2-0-cust163.17-4.cable.virginm.net] has quit [Ping timeout: 256 seconds]
16:22 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:24 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has quit [Quit: Leaving]
16:26 -!- markelite [croftworth@gateway/shell/yourbnc/x-prquuakoeiqwuipb] has quit [Ping timeout: 272 seconds]
16:28 -!- atyoung_ [~darkwurm@gateway/tor-sasl/darkwurm] has joined #openvpn
16:29 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has quit [Ping timeout: 250 seconds]
16:51 -!- benoliver999 [~ben@2001:41d0:a:1fb5::] has quit [Ping timeout: 272 seconds]
16:52 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:53 -!- benoliver999 [~ben@ben.baconseed.org] has joined #openvpn
17:25 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
17:32 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
17:37 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has joined #openvpn
17:39 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
17:44 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
17:49 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
18:03 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:04 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
18:05 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
18:36 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:40 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:40 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
18:44 -!- markelite [croftworth@gateway/shell/yourbnc/x-ymizpxtrskwrnrnb] has joined #openvpn
18:59 -!- Adian [~tim@c-71-193-193-43.hsd1.or.comcast.net] has joined #openvpn
19:00 < Adian> I have a tun server set up under Linux and I want to get my android 4.1.2 phone connected to it.  The android client connects fine and routes are pushed to the android.  Somehow no traffic at all travels over the tunnel.  I'm sniffing with tcpdump on the server and pinging from adb shell.  nothing at all
19:00 < Adian> would anyone be able to help me debug this?
19:09 < esde> type !welcome
19:11 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
19:12 < Adian> here are my configs: http://pastebin.com/wZUvpsXd
19:12 < Adian> !welcome
19:12 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
19:12 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:14 < Adian> esde: I think my goal was stated.  to clarify that, I want to connect my phone but not route all traffic.  But even when I do try to push all traffic, it doesn't work either.  I'm not new to OpenVPN, routing, firewalling or any of that.  I can also paste logs if you like, though I see no errors currently.
19:16 < Adian> on the firewalling end of things, that's not a problem unless my 4G provider is blocking traffic from my phone.  (I don't see how that would be an issue, since the handshake is fully successful.)  On my server side, I'm sniffing on tun0.  If iptables were blocking that, I'd still see a ping request.
19:29 < Adian> I just started seeing "IP packet with unknown IP version=15 seen" in the server log
19:29 < Adian> initial googling says disable compression.  did that.  still showing up and no traffic
19:30 -!- ruicruz [~ruicruz@100.ip-5-196-5.eu] has joined #openvpn
19:30 -!- ruicruz [~ruicruz@100.ip-5-196-5.eu] has left #openvpn []
19:33 < Adian> ok, so that error is probably nothing.  explained here: http://www.toofishes.net/blog/openvpn-and-aoe-interaction/
19:33 <@vpnHelper> Title: toofishes.net - OpenVPN and ATA over Ethernet (AoE) interaction (at www.toofishes.net)
19:40 < Adian> here's the server side log when my client connects: http://pastebin.com/09KZQaBY
20:04 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
20:06 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
20:36 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
20:40 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 245 seconds]
20:42 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
20:46 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
20:55 -!- nullm0dem [~kaiju@ip24-254-180-150.rn.hr.cox.net] has quit [Quit: Lost terminal]
21:02 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has quit [Quit: Don't force it, get a bigger hammer.]
21:34 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
21:35 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
21:38 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Read error: Connection reset by peer]
21:44 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
21:46 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
21:47 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
22:00 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:16 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
22:32 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
22:46 -!- u0m3_ [~u0m3@92.80.89.9] has joined #openvpn
22:46 -!- u0m3 [~u0m3@92.80.116.127] has quit [Ping timeout: 245 seconds]
22:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
23:31 -!- ShadniX [dagger@p5481DB12.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX [dagger@p5481DB6D.dip0.t-ipconnect.de] has joined #openvpn
23:52 -!- MrWhoo [4c0ab658@gateway/web/freenode/ip.76.10.182.88] has joined #openvpn
23:52 < MrWhoo> Hello @ll
23:54 < MrWhoo> Quick question for you guys, I'm trying to establish two connections to two different VPN servers, Is that possible using one config file ?
23:57 < MrWhoo> !welcome
23:57 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
23:58 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
23:58 < MrWhoo> !configs
23:58 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
23:58 < MrWhoo> !redirect
23:58 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
23:58 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
23:59 < MrWhoo> !route
23:59 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
23:59 <@vpnHelper> client
--- Day changed Tue Jan 13 2015
00:07 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
00:07 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
00:08 -!- badon_ is now known as badon
00:21 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:24 -!- mattock_afk is now known as mattock
00:40 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has quit [Ping timeout: 264 seconds]
00:50 -!- mattock is now known as mattock_afk
00:50 -!- arkie [~arkie@unaffiliated/arkie] has quit [Quit: Bye]
00:51 -!- arkie [~arkie@unaffiliated/arkie] has joined #openvpn
00:57 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
01:02 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has joined #openvpn
01:07 -!- MrWhoo [4c0ab658@gateway/web/freenode/ip.76.10.182.88] has quit [Ping timeout: 246 seconds]
01:13 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
01:20 -!- master_o1_master [~master_of@p4FD7B4C2.dip0.t-ipconnect.de] has joined #openvpn
01:23 -!- master_of_master [~master_of@p4FF24197.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
01:26 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:33 -!- mattock_afk is now known as mattock
02:13 -!- swebb [~swebb@8.36.226.184] has quit [Ping timeout: 245 seconds]
02:33 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 244 seconds]
02:36 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
03:15 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
03:24 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Quit: Lost terminal]
03:27 -!- swebb [~swebb@8.36.226.184] has joined #openvpn
03:28 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:34 -!- scyld [~scyld@unaffiliated/wasyl] has joined #openvpn
03:41 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
03:42 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
03:51 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
03:53 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
03:53 < troulouliou_dev> hi how can i in the server config push some static route but not redirect the gateway ?
03:56 < hyper_ch> push "route 10.66.0.0 255.255.255.0"
03:56 -!- Orbixx_ is now known as Orbixx
03:57 < troulouliou_dev> hyper_ch, at client side ?
03:57 < hyper_ch> that's in the server config
03:57 < hyper_ch> and then it gets pushed to the client
03:57 < hyper_ch> to all clients if it's in the main server config
03:57 < hyper_ch> or individual clients if it's in ccds
03:58 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
03:59 < hyper_ch> what are you trying to achieve though?
04:03 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:04 < troulouliou_dev> hyper_ch, all my client that connect get theu gateway redirected as well
04:04 < troulouliou_dev> hyper_ch, i m already using a push config like thois for internal network
04:05 < hyper_ch> !configs
04:05 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
04:08 < troulouliou_dev> hyper_ch, can't get it as soon as i connect to server ; gaeway is redorected :)
04:08 < hyper_ch> what you mean you can't get it?
04:08 < hyper_ch> pretty sure you can reach your server...
04:08 < troulouliou_dev> hyper_ch, basically i xant a "route no-pull gateway" or similar on the srver side
04:09 < hyper_ch> and get the configs
04:09 < troulouliou_dev> hyper_ch, yes byt then the gaeway is redirected
04:09 < troulouliou_dev> and all traffic to the gateway so the conectio ncloses
04:09 < hyper_ch> I fail to comprehend
04:09 < hyper_ch> kill on your client the vpn
04:09 < hyper_ch> and connect to the server through it's public ip
04:09 < troulouliou_dev> hyper_ch, ha i have only openvpn listening on it
04:10 < hyper_ch> I have no idea what you're doing
04:10 < hyper_ch> so, I need configs
04:11 < troulouliou_dev> hyper_ch, after connectin the client here is my route -n : 0.0.0.0         192.168.115.1   0.0.0.0         UG    1024   0        0 tun0
04:11 < troulouliou_dev> normally it should stay to 0.0.0.0 192.168.1.1
04:11 < hyper_ch> as said, provide configs from server, client and if applicable ccd entries
04:11 < troulouliou_dev> hyper_ch, yeah but don't have the server conf here ;(
04:11 < troulouliou_dev> will do tommorow
04:12 < hyper_ch> just ssh into the server...
04:13 < troulouliou_dev> hyper_ch, no ssh there without openvpn
04:13 < hyper_ch> how do you administrate taht server???
04:19 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Read error: Connection reset by peer]
04:30 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
04:31 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:40 -!- hypermist is now known as pcupgrades
04:44 -!- pcupgrades is now known as hypermist
04:51 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
04:59 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
05:05 < hyper_ch> krzee: hmm, made progress now... I convert the ip addresses now in binary format.... now I just need some cool algorithm to convert the range into cidr
05:14 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 245 seconds]
05:23 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
05:44  * plaisthos still thinks that coding in shell is crazy
05:46 < hyper_ch> ?
05:46 < hyper_ch> why is that crazy?
05:57 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
06:05 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Ping timeout: 265 seconds]
06:09 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
06:27 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
06:27 -!- atyoung_ [~darkwurm@gateway/tor-sasl/darkwurm] has quit [Ping timeout: 250 seconds]
06:27 -!- K1rk [~Kirk@5.135.221.149] has quit [Ping timeout: 250 seconds]
06:27 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
06:27 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Ping timeout: 250 seconds]
06:28 -!- K1rk [~Kirk@5.135.221.149] has joined #openvpn
06:31 -!- Henryabcd [~Henryabcd@pD9E0995D.dip0.t-ipconnect.de] has joined #openvpn
06:32 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
06:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
06:34 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
07:04 -!- xMopxShell [~xMopxShel@davepedu.com] has quit [Ping timeout: 245 seconds]
07:15 -!- Henryabcd [~Henryabcd@pD9E0995D.dip0.t-ipconnect.de] has quit [Quit: Leaving]
07:16 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has joined #openvpn
07:29 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
07:36 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
07:37 -!- PLOKIJ__ [c39a4463@gateway/web/freenode/ip.195.154.68.99] has joined #openvpn
07:38 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
07:38 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
07:38 -!- mode/#openvpn [+o syzzer] by ChanServ
07:40 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Excess Flood]
07:40 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
07:40 < PLOKIJ__> Hi. There is a DNS service running on my OpenVPN server. This DNS server is not accessible from outside the VPN. I want to push my server in-VPN IP to the clients. The problem is (if I understood correctly) that the VPN server will have
07:41 < PLOKIJ__> a different IP for each client.
07:41 < PLOKIJ__> Is there a way to refer to the in-VPN server IP for each client ?
07:42 < PLOKIJ__> (Or am I doing everything wrong in which case a reference would help.)
07:43 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:55 < hyper_ch> no, vpn server has same ip for all clients
07:55 < PLOKIJ__> Oh nevermind vpn_gateway that is.
07:55 -!- PLOKIJ__ [c39a4463@gateway/web/freenode/ip.195.154.68.99] has quit []
08:00 < hyper_ch> krzee: http://venturebeat.com/2015/01/12/this-usb-wall-charger-secretly-logs-keystrokes-from-microsoft-wireless-keyboards-nearby/
08:00 <@vpnHelper> Title: This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby | VentureBeat | Security | by Emil Protalinski (at venturebeat.com)
08:12 < esde> also interesting, http://samy.pl/pwnat/
08:12 <@vpnHelper> Title: pwnat - NAT to NAT client-server communication (at samy.pl)
08:13 < esde> if i understand correctly it's a PoC similar to the idea being discussed in that wishlist thread
08:36 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
08:44 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
08:46 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
08:47 -!- scyld [~scyld@unaffiliated/wasyl] has quit [Quit: Zzzzzz]
08:49 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
09:07 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
09:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:12 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has quit [Ping timeout: 264 seconds]
09:19 -!- speaker1234 [~speaker12@173-14-129-9-NewEngland.hfc.comcastbusiness.net] has joined #openvpn
09:38 -!- elfixit [~Icedove@77-57-39-82.dclient.hispeed.ch] has joined #openvpn
10:01 -!- xMopxShell [~xMopxShel@198.27.127.96] has joined #openvpn
10:02 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
10:02 < masterkorp> hello
10:02 < masterkorp> ue Jan 13 16:01:25 2015 TCP connection established with [AF_INET]172.31.37.18:51289
10:02 < masterkorp> how cann limit the port that the server uses to connect to the client ???
10:08 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
10:27 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 244 seconds]
10:27 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
10:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
10:29 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
10:30 < masterkorp> http://thread.gmane.org/gmane.network.openvpn.user/35538
10:30 <@vpnHelper> Title: Gmane Loom (at thread.gmane.org)
10:30 -!- Yoder [Yoda@unaffiliated/itsyoda] has quit [Quit: YourBNC - (https://yourbnc.co.uk)]
10:30 < masterkorp> shameless link for help
10:31 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
10:33 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
10:47 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: Lost terminal]
10:51 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
10:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:36 -!- nikgul [~nikgul@176.126.52.105] has joined #openvpn
11:38 < nikgul> hi, I'd like to get access to my home ubuntu lapton from office, I suppose tu use vpn, I have router d-link dir 300 and ext ip is dynamic white, can you help me with it?
11:39 < nikgul> !welcome
11:40 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:40 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:40 < nikgul> !goal  I'd like to get access to my home ubuntu lapton from office
11:40 < nikgul> !goal
11:40 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:44 < hyper_ch> Mr. ecrist, when you peek into this channel, let me know
11:44 -!- singcat [~singcat@gateway/tor-sasl/singcat] has joined #openvpn
11:45 < singcat> I setup an openvpn server on my mikrotik router, and can succesfully connect to it using a windows openvpn client, but cannot connect to anything in the router's LAN. I do not receive any gateway from the router. What should I do?
11:45 < singcat> Router is running on routeros 6.24, and I am connecting from win7x64 with openvpn 2.3.6
11:46 < singcat> I receive correct ip address 172.16.0.2 netmask 255.255.255.252 on the client, but no default gateway
11:46 < hyper_ch> !lan
11:46 < singcat> My local network is 192.168.0.0/24, router's local network is 192.168.1.0/24
11:46 < esde> !lans
11:47 <@vpnHelper> "lans" is https://www.secure-computing.net/wiki/index.php/OpenVPN/Routing
11:48 < hyper_ch> tststs.... those nerds have more than one lan.... :)
11:50 -!- nikgul [~nikgul@176.126.52.105] has quit []
11:54 < hyper_ch> krzee: I have my script almost hacked together :)
11:55 < singcat> the router has limited options - there is no standard openvpn server conf file - therefore I cannot push arbitrary routes from server
11:56 < hyper_ch> then let openvpn server run on a different computer in your lan and not on the router
11:56 < singcat> there is no computer in the router's lan, there are only ip cameras behind the router
11:59 < hyper_ch> krzee: http://wiki.snom.com/8.7.5.15_OpenVPN_Security_Update
11:59 <@vpnHelper> Title: 8.7.5.15 OpenVPN Security Update - Snom User Wiki (at wiki.snom.com)
12:00 < hyper_ch> krzee: openvpn client on snom is affected
12:07 < masterkorp> http://sourceforge.net/p/openvpn/mailman/message/33226669/
12:07 <@vpnHelper> Title: OpenVPN / Mailing Lists (at sourceforge.net)
12:07 < masterkorp> any ideas ?
12:17 < masterkorp> Why does the openvpn server connect to a ramdom port on the client ????????
12:17 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has joined #openvpn
12:31 < masterkorp> Tue Jan 13 18:29:36 2015 TCP connection established with [AF_INET]172.31.37.18:51385
12:31 < masterkorp> how can i force the server to connect yo the same port back ??
12:33 < masterkorp> this does not make sense to me
12:33 < masterkorp> can anyone please help
12:33 < masterkorp> ?
12:42 -!- svm_invictvs [~svm_invic@unaffiliated/svminvictvs/x-938456] has joined #openvpn
12:44 < svm_invictvs> So OpenVPN clients in Windows are not able to connect to anything in the VPN.
12:44 < svm_invictvs> The identical configuration file works fine for OSX
12:44 < svm_invictvs> The Windows log shows no errors, and even shows the routing tables.
12:45 < svm_invictvs> I've also disabled windows firewall completley, rebooted, tried several times making sure it was really disabled.
12:45 < hyper_ch> actually, openvpn clients in widnows are able to connect to vpns.... works fine in my Windows 8.1 virtual machine
12:47 < singcat> svm_invictvs: what about the openvpn log?
12:47 -!- svm_invictvs [~svm_invic@unaffiliated/svminvictvs/x-938456] has quit [Read error: Connection reset by peer]
12:48 < hyper_ch> real men don't need log files ;)
12:48 -!- pervy_sage [~svm_invic@unaffiliated/svminvictvs/x-938456] has joined #openvpn
12:49 -!- pervy_sage is now known as svm_invictvs
12:51 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 244 seconds]
12:53 < esde> svm_invictvs, unfortunately, our collective crystal ball is on the fritz right now. If you could gather your uncommented configs, log files, routing and interface information, and share the pastebin links, that'd be great.
12:54 < singcat> esde: he's gone
12:54 < hyper_ch> svm_invictvs: why didn't you keep your pervy_sage nick? it was said he died :(
12:55 < esde> singcat, huh?
12:56 < svm_invictvs> esde, Sec
12:57 < masterkorp> any ideas ?
13:19 -!- Blue2000k [~chatzilla@67.208.108.228] has joined #openvpn
13:21 < KavanS> guys, I'm looking to route a certain local subnet to use my remote VPN endpoint as their internet gateway.  Can anyone suggest a document/howto for someone who's not looking to become an expert in iptables-foo?
13:22 < esde> !howto
13:22 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:22 < esde> also, putting blinder on (so to speak) regarding iptables is the wrong attitude entirely.
13:23 < KavanS> esde: I feel you...
13:23 < KavanS> I'm mediocre at iptables
13:24 < KavanS> esde: I'm specifically looking to route a local subnet to a remote gateway which is a bit new for me topic wise
13:24 < esde> for forwarding there's nothing really difficult. the hard stuff is when you want to do weird stuff
13:24 < esde> what have you got so far?
13:24 < esde> !allinfo
13:24 <@vpnHelper> "allinfo" is Please type !configs !logs and !interface to see all the info we want to be able to help you
13:25 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 240 seconds]
13:25 < KavanS> esde: vpn is connected, can route back and forth
13:26 < KavanS> so like...I'd like a new subnet ex 192.168.4.x to be routed entirely over to the VPN
13:26 < KavanS> any internet request hits out the remote VPN endpoint
13:26 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Remote host closed the connection]
13:27 < KavanS> just not sure what I need to read to determine how to set it up
13:28 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
13:31 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
13:31 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 245 seconds]
13:45 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Quit: Leaving]
13:46 -!- elfixit [~Icedove@77-57-39-82.dclient.hispeed.ch] has quit [Remote host closed the connection]
13:46 -!- Blue2000k [~chatzilla@67.208.108.228] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]
13:57 -!- svm_invictvs [~svm_invic@unaffiliated/svminvictvs/x-938456] has quit [Read error: Connection reset by peer]
14:10 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has joined #openvpn
14:24 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Ping timeout: 264 seconds]
14:28 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
14:39 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has quit [Quit: Leaving]
14:41 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
14:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:44 -!- speaker1234 [~speaker12@173-14-129-9-NewEngland.hfc.comcastbusiness.net] has quit [Read error: Connection reset by peer]
14:47 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
14:55 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:56 -!- elfixit [~Icedove@77-57-39-82.dclient.hispeed.ch] has joined #openvpn
14:56 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-ifftiopviorfsduj] has joined #openvpn
14:59 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:10 -!- mattock is now known as mattock_afk
15:22 -!- singcat [~singcat@gateway/tor-sasl/singcat] has quit [Ping timeout: 250 seconds]
15:26 -!- linton [~linton@96-18-216-10.cpe.cableone.net] has joined #openvpn
15:27 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
15:30 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]
15:32 -!- Netsplit *.net <-> *.split quits: @Dougy, jeev, Mike--, AsadH, Chais, deviantintegral, typ, mirco, thumbs, Reventlov,  (+40 more, use /NETSPLIT to show all of them)
15:34 -!- Netsplit *.net <-> *.split quits: nsrafk, tapout, u0m3_, @dazo_afk, mcp, novae, ExtraCarpety, Jeroen52, kossy, bakhtiya,  (+1 more, use /NETSPLIT to show all of them)
15:34 -!- Netsplit over, joins: doop, deviantintegral, thumbs, jeev, @novaflash, Pandemic_Force, CGML, yoavz, airking, @Dougy (+49 more)
15:34 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Max SendQ exceeded]
15:35 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Max SendQ exceeded]
15:35 -!- Netsplit over, joins: tapout
15:35 -!- Netsplit *.net <-> *.split quits: atyoung, Fusl, moparisthebest, DrCode, Shiftos
15:35 -!- Latrina [~Latrina@ppp-170-5.26-151.libero.it] has quit [Max SendQ exceeded]
15:35 -!- Netsplit over, joins: moparisthebest, atyoung, DrCode, Fusl, Shiftos
15:36 -!- Netsplit *.net <-> *.split quits: K1rk
15:36 -!- Netsplit over, joins: K1rk
15:36 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Max SendQ exceeded]
15:36 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Max SendQ exceeded]
15:36 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Max SendQ exceeded]
15:36 -!- K1rk [~Kirk@5.135.221.149] has quit [Max SendQ exceeded]
15:36 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Max SendQ exceeded]
15:36 -!- Netsplit *.net <-> *.split quits: badon, Droolio
15:36 -!- Netsplit over, joins: kossy
15:36 -!- Netsplit *.net <-> *.split quits: master_o1_master, ShadniX, shivanshu, julieeharshaw, haasn, james41382
15:36 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
15:36 -!- K1rk [~Kirk@5.135.221.149] has joined #openvpn
15:36 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
15:37 -!- Latrina [~Latrina@ppp-170-5.26-151.libero.it] has joined #openvpn
15:37 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
15:37 -!- Netsplit over, joins: badon, Droolio, master_o1_master, ShadniX, haasn, james41382, shivanshu, julieeharshaw
15:37 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 245 seconds]
15:37 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
15:38 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Max SendQ exceeded]
15:38 -!- Netsplit *.net <-> *.split quits: burp_, Slippern, mete, Adian, ratsupremacy, zalami, jl-, D-Boy, nlb, Zimsky,  (+6 more, use /NETSPLIT to show all of them)
15:39 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
15:39 -!- mode/#openvpn [+v hazardous] by ChanServ
15:39 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:39 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 244 seconds]
15:40 -!- Netsplit over, joins: lbft, Left_Turn, Slippern, Adian, D-Boy, masterkorp, ratsupremacy, jl-, Zimsky
15:40 -!- mete [~mete@91.247.253.160] has joined #openvpn
15:40 -!- Netsplit over, joins: jgeboski, burp_, zalami, Papey, TheEternalAbyss, nlb
15:42 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:42 -!- Netsplit *.net <-> *.split quits: marlinc, BtbN, Exagone313
15:42 -!- Netsplit over, joins: BtbN, marlinc, Exagone313
15:42 -!- Exagone313 [exa@ewd.ovh] has quit [Max SendQ exceeded]
15:43 -!- Netsplit *.net <-> *.split quits: keatont, Kephael, @mattock_afk, phunyguy, MogDog, cyberspace-
15:43 -!- Exagone313 [exa@ewd.ovh] has joined #openvpn
15:43 -!- Netsplit over, joins: Kephael, phunyguy, cyberspace-, keatont, MogDog, @mattock_afk
15:43 -!- Netsplit *.net <-> *.split quits: MatToufoutu
15:44 -!- Netsplit over, joins: MatToufoutu
15:46 -!- Netsplit *.net <-> *.split quits: Denial, KavanS, DonRichie, APTX, d10n, Synced, MatToufoutu, @raidz, Papey, Zimsky,  (+158 more, use /NETSPLIT to show all of them)
15:48 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Read error: Network is unreachable]
15:51 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:51 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
15:51 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
15:51 -!- Netsplit over, joins: Thermi
15:51 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
15:51 -!- Netsplit over, joins: mattock_afk, MatToufoutu, MogDog, keatont, cyberspace-, phunyguy, Kephael, Exagone313, marlinc, BtbN (+6 more)
15:51 -!- mete [~mete@91.247.253.160] has joined #openvpn
15:51 -!- Netsplit over, joins: shivanshu, Zimsky, jl-, ratsupremacy, masterkorp, Adian, Slippern, Left_Turn, lbft, badon (+14 more)
15:51 -!- ServerMode/#openvpn [+vo hazardous mattock_afk] by sendak.freenode.net
15:51 -!- Netsplit over, joins: @dazo_afk, @vpnHelper, riddle, @novaflash, roentgen_, pekster, Haigha, lev__, ender|, atyoung (+101 more)
15:51 -!- BladedThesis [~BladedThe@2001:1af8:4010:a027:3::] has joined #openvpn
15:51 -!- Netsplit over, joins: architekt, Esya, Fiouz, boypussy, gardar, hydrajump, early
15:51 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Max SendQ exceeded]
15:51 -!- esde [~esde@unaffiliated/esde] has quit [Max SendQ exceeded]
15:51 -!- TonyL [~Tony@unaffiliated/darkg] has quit [Max SendQ exceeded]
15:51 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Max SendQ exceeded]
15:51 -!- elfixit [~Icedove@77-57-39-82.dclient.hispeed.ch] has quit [Ping timeout: 288 seconds]
15:52 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
15:52 -!- TonyL [~Tony@unaffiliated/darkg] has joined #openvpn
15:53 -!- Netsplit *.net <-> *.split quits: MacGyver, markelite, Brando753, DArqueBishop, hyper_ch, pekster, jareth_, Anoniem4l, Orbixx, Drustan,  (+4 more, use /NETSPLIT to show all of them)
15:53 -!- TonyL [~Tony@unaffiliated/darkg] has quit [Max SendQ exceeded]
15:53 -!- Netsplit over, joins: Anoniem4l, Orbixx, pekster, DArqueBishop, seba, SushiDude, MacGyver, lachesis, Drustan, hyper_ch (+2 more)
15:54 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
15:54 -!- AL13N_work [~alien@91.183.52.232] has joined #openvpn
15:54 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
15:54 -!- KavanS [~quassel@LINBIT/KavanS] has joined #openvpn
15:54 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
15:54 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
15:54 -!- Synced [~Synced@unaffiliated/synced] has joined #openvpn
15:54 -!- ServerMode/#openvpn [+o raidz] by sendak.freenode.net
15:54 -!- gffa_ [~unknown@unaffiliated/gffa] has joined #openvpn
15:54 -!- esde [~esde@unaffiliated/esde] has joined #openvpn
15:54 -!- Netsplit over, joins: Brando753
15:54 -!- Netsplit *.net <-> *.split quits: kloeri, Y0sh1, ender|, Fiouz, kef, obscurehero, pythonsnake1, deranged, Haigha, busch,  (+9 more, use /NETSPLIT to show all of them)
15:54 -!- Netsplit over, joins: Haigha, ender|, Y0sh1, halothe23, maxiepax, ketas, deranged, obscurehero, pythonsnake1, Matir_ (+5 more)
15:54 -!- BladedThesis [~BladedThe@2001:1af8:4010:a027:3::] has joined #openvpn
15:54 -!- Netsplit over, joins: architekt, Fiouz, hydrajump
15:54 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Max SendQ exceeded]
15:54 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has quit [Max SendQ exceeded]
15:54 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Max SendQ exceeded]
15:55 -!- Netsplit *.net <-> *.split quits: lev__, JackWinter, Eagleman, bakhtiya, boypussy, RGamma, XJR-9, badon, +RBecker, almostworking,  (+7 more, use /NETSPLIT to show all of them)
15:55 -!- Guest77113 [~Tony@unaffiliated/darkg] has joined #openvpn
15:55 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
15:55 -!- gffa [~unknown@unaffiliated/gffa] has quit [Max SendQ exceeded]
15:55 -!- KavanS [~quassel@LINBIT/KavanS] has quit [Max SendQ exceeded]
15:55 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Max SendQ exceeded]
15:55 -!- justinzane [~justinzan@67.21.190.132] has quit [Remote host closed the connection]
15:56 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has joined #openvpn
15:57 -!- markelite [croftworth@gateway/shell/yourbnc/x-vjuydoaqeudxtzon] has joined #openvpn
15:57 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
15:58 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
15:59 -!- Netsplit over, joins: badon, bakhtiya, Reventlov, roentgen_, XJR-9, +RBecker, dkr, Eagleman, Arr0way, RGamma (+6 more)
16:01 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Max SendQ exceeded]
16:01 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
16:01 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:03 -!- Netsplit *.net <-> *.split quits: Denial, nullie, shadok, badon, Nothing4You, early, boypussy, dkr, Six6siX, kloeri,  (+53 more, use /NETSPLIT to show all of them)
16:04 -!- Netsplit *.net <-> *.split quits: Synced, MatToufoutu, @raidz, Adian, +hazardous, Poster, BtbN, cyberspace-, Slippern, lbft,  (+12 more, use /NETSPLIT to show all of them)
16:04 -!- Netsplit *.net <-> *.split quits: Papey, Zimsky, DrCode, master_o1_master, Brando753, julieeharshaw, K1rk, shivanshu, jl-, ratsupremacy,  (+15 more, use /NETSPLIT to show all of them)
16:05 -!- Netsplit *.net <-> *.split quits: d10n, DonRichie, arkie, Magiobiwan, @novaflash, riddle, APTX, `Yoda, mcp, Jeroen52,  (+50 more, use /NETSPLIT to show all of them)
16:05 -!- markelite [croftworth@gateway/shell/yourbnc/x-vjuydoaqeudxtzon] has quit [Excess Flood]
16:06 -!- Netsplit over, joins: badon, JackWinter, early, gardar, boypussy, lev__, almostworking, asper, RGamma, Arr0way (+160 more)
16:09 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
16:09 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
16:09 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 241 seconds]
16:09 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
16:09 -!- markelite [~croftwort@gateway/shell/yourbnc/x-rziadwgwujgwgecs] has joined #openvpn
16:11 -!- hypermist [hypermist@unaffiliated/hypermist] has quit [Quit: Consider Donating - http://nzminers.pw/]
16:11 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
16:12 -!- mode/#openvpn [+o syzzer] by ChanServ
16:12 -!- hypermist [hypermist@unaffiliated/hypermist] has joined #openvpn
16:15 -!- KavanS [~quassel@LINBIT/KavanS] has joined #openvpn
16:15 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Max SendQ exceeded]
16:19 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
16:29 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Quit: WeeChat 0.3.8]
16:31 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
16:31 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:32 -!- badon_ is now known as badon
16:38 -!- hyper_ch [~hyper_ch@unaffiliated/hyper-ch/x-5230410] has left #openvpn ["Konversation terminated!"]
16:38 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
16:38 -!- hyper_ch [~hyper_ch@unaffiliated/hyper-ch/x-5230410] has joined #openvpn
16:44 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
16:48 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
16:48 -!- mode/#openvpn [+o syzzer] by ChanServ
16:58 -!- linton [~linton@96-18-216-10.cpe.cableone.net] has quit [Ping timeout: 244 seconds]
17:04 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:05 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
17:23 -!- gffa_ [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:28 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Read error: Connection reset by peer]
17:32 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
17:36 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Read error: Connection reset by peer]
17:36 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
17:38 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
17:40 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
17:42 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
17:42 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 244 seconds]
17:45 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
17:50 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
18:03 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
18:09 -!- ShadniX [dagger@p5481DB6D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
18:09 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 264 seconds]
18:09 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 264 seconds]
18:09 -!- Droolio [~drool@host86-134-61-249.range86-134.btcentralplus.com] has quit [Ping timeout: 264 seconds]
18:09 -!- master_o1_master [~master_of@p4FD7B4C2.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
18:09 -!- haasn [~haasn@static.102.126.46.78.clients.your-server.de] has quit [Ping timeout: 264 seconds]
18:09 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 264 seconds]
18:09 -!- james41382 [~james@unaffiliated/james41382] has quit [Ping timeout: 264 seconds]
18:09 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
18:09 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
18:10 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
18:10 -!- ShadniX [dagger@p5481DB6D.dip0.t-ipconnect.de] has joined #openvpn
18:20 <@ecrist> hyper_ch: ping
18:25 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
18:28 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
18:36 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
18:55 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:06 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Read error: Connection reset by peer]
19:06 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 244 seconds]
19:08 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
19:09 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
19:10 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
19:10 -!- mode/#openvpn [+o syzzer] by ChanServ
19:14 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 244 seconds]
19:19 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
19:23 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
19:25 -!- MrWhoo [4c0ab658@gateway/web/freenode/ip.76.10.182.88] has joined #openvpn
19:26 < MrWhoo> Hello @ll
19:27 < esde> ecrist, may I have an openvpn user cloak to replace my unaffiliated one?
19:28 < MrWhoo> I'm trying to do selective routing but not having any luck, I tried the "route" xx.xx.xx.xx  xx.xx.xx.xx dev tap0
19:28 < MrWhoo> http://pastebin.com/vw6C07kM
19:29 < pekster> MrWhoo: MIPS, as in embedded, like OpenWRT?
19:30 < MrWhoo> yes sir, its an DD-Wrt actually
19:30 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
19:30 < pekster> Ugh, they're full of much fail and you might reconsider
19:30 < pekster> !dd-wrt
19:30 <@vpnHelper> "dd-wrt" is (#1) While some users have success with dd-wrt, the build system isn't very accessible to users and there have been security issues with the distro. Consider carefully if this is the platform you want to use for OpenVPN or (#2) Firewall oopsie : http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783 or (#3) more issues: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=84536
19:30 < MrWhoo> I got it working with another VPN provider but for some reason its not working.
19:31 < MrWhoo> ha! good to know.
19:31 < pekster> fwiw, for advancd routing you generally want real tooling, which dd-wrt may/may-not actually give you. Namely proper Netfilter userland tooling (specifically iptables-save & iptables-restore frontends to xtables-multi) and iproute2
19:31 < pekster> the busybox implementation/interface to `ip` works well fwiw, at least on a more hacker-friendly distro like openwrt provided it's built with the right support (no clue how dd-wrt builds things, and they have a very hostile build system that I care very little for)
19:32 < pekster> MrWhoo: What's the goal here though? Just route a particular IP/CIDR block via the VPN?
19:32 < MrWhoo> Sounds complicated :), But let me ask you this, I would like to have 2 VPN connections UP and route traffic based on destination IP to my IPS or via tap0 and tap1 is that doable ?
19:32 < pekster> Basic routing tables will do that, even via openvpn using the --route command
19:32 < pekster> Destination IP, yes. But not DNS names, if that's what you're really trying to do and failed to say so
19:32 < pekster> And no, "figuring out the IPs based on DNS names" is very likely to break, so don't try that
19:33 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
19:33 -!- mode/#openvpn [+o syzzer] by ChanServ
19:34 < MrWhoo> sorry for not being clear, Pretty much trying to route traffic EU via EU VPN and NA via NA VPN all other via ISP, I do have full IP ranges of the servers.
19:35  * pekster doesn't really understand your use-case, but it sounds to me like you just want to read about the --route directive in the openvpn manpage and set these destination networks you already have a list of, and place them in each of your VPN configs
19:35 -!- u0m3_ [~u0m3@92.80.89.9] has quit [Read error: Connection reset by peer]
19:35 < MrWhoo> route-nopull  route xx.xxx.xx.xx 255.255.255.0 net_gateway  route xx.xx.xx.0 255.255.240.0 vpn_gateway
19:36 < pekster> You shouldn't need that net_gateway bit with --route-nopull
19:36 < MrWhoo> and this does the trick with one VPN provider but not with other.
19:36 < pekster> (that's because without pulling routes, everything already goes via the net_gateway)
19:36 < MrWhoo> good to know.
19:36 < pekster> You also must verify you're not attempting to route the traffic to the VPN server over the VPN for what should be obvious reasons
19:37 < pekster> Otherwise, check logs at --verb 4 for clues if the route isn't getting added. It'll either be in your routing table or it won't
19:38 < MrWhoo> thank you, I will go and poke around :)
19:39 < MrWhoo> I had verbose at 3
19:39 < MrWhoo> instead of 4 maybe that's why I couldn't see what is going on.
19:39 < pekster> Yea, best to use 4, at least until you're done tracking down issues
19:39 < pekster> !verb
19:39 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only
19:39 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 244 seconds]
19:42 < MrWhoo> thank you, its weird log does not even show a record for trying to add route :(
19:43 < MrWhoo> I'm blind
19:43 < MrWhoo> OpenVPN ROUTE: failed to parse/resolve route for host/network: 141.101.120.14
19:43 < pekster> Sounds like a config mistake; verified your config file syntax against the manpage requirements?
19:45 < MrWhoo> I did look at the manpage but let me double check,:)
19:45 < pekster> Otherwise, a pastebin of your openvpn configs (comments/blanks removed, we've grep for that at !configs) would help
19:46 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
19:47 < MrWhoo> !configs
19:47 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
19:48 < MrWhoo> http://pastebin.com/rWY29bcw
19:49 < MrWhoo> thank you for looking it over
19:52 < pekster> line 48 is incorrect; you only get a single route target. If you want it via the VPN, this is the default (assuming everything else is properly set up) and you may omit the 3rd argument to --route
19:52 < MrWhoo> no OpenWrt support for my router :(
19:52 < pekster> You can't treat it like the `ip route` command here
19:54 < pekster> vpn_gateway might be the only possible value you'd need for the 3rd argument, but you may not need that unless it's dropped by --route-nopull (I don't recall offhand if it does or not)
19:55 < MrWhoo> I will drop the vpn_gateway I actually already did when you mentioned it 1st :)
19:56 < pekster> You don't have it in that config paste
19:56 < MrWhoo> This was local backup, I updated directly on router via ssh.
19:56 < pekster> I'm not taling about line 47 (which you don't need, unless that's part of a supernet you're otherwise attempting to route and need to sent it out your real egress route here.)
19:56 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
19:57 < MrWhoo> dev tun0
19:57 < pekster> Yea, either remove that, or replace it with vpn_gateway if that's not implied for some reason
19:57 < MrWhoo> let me re test
19:58 < pekster> Do be warned that IP you're attempting to route might be part of a CDN, which may not be doing what you expect when you muck with routing those uniquely
19:59 < pekster> YMMV based on what it's actually used for
20:00 -!- svm_invi1tvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
20:00 < svm_invi1tvs> Heya
20:00 < svm_invi1tvs> So I finally go around to getting my log/config
20:00 < svm_invi1tvs> Basically with this server config everything works fine on OSX, but fails on Windows.
20:00 < svm_invi1tvs> http://mysticpaste.com/view/XMjk4JMoje;jsessionid=1m1m2drf1oz201cazcnjw7m1ce?2
20:02 < MrWhoo> @pekster, I did notice that it was CloudFare.
20:02 < MrWhoo> this was actually Website that checks IP
20:03 < svm_invi1tvs> (I've already verified the Windows Firewall is not the issue)
20:03 < MrWhoo> I will find another one that is not using CDN.
20:03 < pekster> Not just that, but it's listed as a CDN block (see the public whois info.) It may/may-not be the same query to query, client to client
20:04 < pekster> svm_invi1tvs: Best to avoid those networks you're using, since 10.0.0/24 is very often used by client networks (default routers, etc.) If your client is connecting from them, that'll cause issues. Same with 10.0.1/24, which might be slightly less common. Best to use a !randomsubnet
20:04 < svm_invi1tvs> !randomsubnet
20:04 <@vpnHelper> "randomsubnet" is (#1) http://scarydevilmonastery.net/subnet.cgi for a random !1918 subnet or (#2) If your shell has $RANDOM support, perhaps try this: `echo 10.$((RANDOM%256)).$((RANDOM%256)).0/24 `
20:05 < pekster> line 33 is unnecessary (implied by line 23 already)
20:05 < svm_invi1tvs> pekster: Yeah, but I know the client is using 192.168.1.1
20:05 < pekster> Not broken in that case, anyway
20:05 < svm_invi1tvs> pekster: Trying to elimiate hte problem, and as I said works fine with OSX from the same client network.
20:06 < pekster> Then you'll need logs and a better description of "fails"
20:07 < svm_invi1tvs> pekster: well in mac I can establish a socket with a box inside the VPN.  ssh foo@somebox.mydomain.com
20:07 < svm_invi1tvs> pekster: When I try to do that in putty on Windows (from the same network) no dice
20:07 < svm_invi1tvs> pekster: connection times out
20:07 < svm_invi1tvs> pekster: I'm digging up logs right now
20:08 < MrWhoo> ha, some progress once I added "vpn_gateway" route was added
20:08 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
20:08 < MrWhoo> but I can't reach the website .. it times out :(
20:09 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
20:09 < MrWhoo> http://pastebin.com/inHAFxxL  - routing table
20:10 < MrWhoo> 66.171.248.172 - is the new IP
20:10 < MrWhoo> and looks like its pointing to tun0
20:10 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
20:11 < pekster> Either your connecting to the UK Ministry Of Defense as your VPN provider, or they're doing very silly/stupid things (and not all that clever, but that's besides the point and not really important)
20:12 < pekster> But yes, that IP is listed as routed via the "UK MOD" (aka, whatever 25.0.8.1 really is, since the MOD doesn't route publicly)
20:13 < MrWhoo> VPN provider is Ironsocket
20:13 < pekster> Also, wtf is up with your 1.0/16 route? Also very odd, and belongs to APNIC
20:14 < MrWhoo> :) I just like how easy it was ... :)
20:17 < MrWhoo> Is that Gateway being 25.0.8. being pushed by Iron Socket ?
20:20 < MrWhoo> PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology-subnet,mssfix 1400,comp-lzo adaptive,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,dhcp-option DNS 25.0.0.1,dhcp-option DISABLE-NBT,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,register-dns,block-ipv6,route-gateway 25.0.8.1,topology subnet,ping 12,ping-restart 50,ifconfig 25.0.8.4 255.255.255.0'
20:20 < MrWhoo> it is, very strange
20:20 < pekster> That's the network they don't own that they're pushing. Unless it really is the UK MoD, in which case all your base are belong to the Queen.
20:21 -!- svm_invi1tvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 245 seconds]
20:22 < MrWhoo> haha :) I hope that I don't get in trouble for trying to push traffic there ... as its not taken as attack or something.
20:23 < MrWhoo> I guess I have to reach out to them and ask to fix this ? I assume this is server config issues ?
20:23 < pekster> Lots of fools use that IP space, plus bunches of other quasi-bogon space. It's usually an indicating the party using it isn't all that aware what they're doing, but it's not "broken" so much as something they ought not to be doing
20:23 < pekster> indication*
20:24 < MrWhoo> good to know, I was getting concerned.
20:25 < MrWhoo> any recommendations for good VPN provider ?
20:25 < esde> yourself
20:25 < pekster> !learn 25/8 As God Save the Queen! This IP block is assigned for use by the UK Ministry of Defense. If it's used by someone not the UK MoD, they're probably trying (and failing) to be clever. If you're doing this, use RFC1918 space (see: !randomsubnet for ideas.) Or better, use IPv6.
20:25 <@vpnHelper> (learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
20:26 < pekster> !learn 25/8 as God Save the Queen! This IP block is assigned for use by the UK Ministry of Defense. If it's used by someone not the UK MoD, they're probably trying (and failing) to be clever. If you're doing this, use RFC1918 space (see: !randomsubnet for ideas.) Or better, use IPv6.
20:26 <@vpnHelper> Joo got it.
20:26 < MrWhoo> !randomsubnet
20:27 <@vpnHelper> "randomsubnet" is (#1) http://scarydevilmonastery.net/subnet.cgi for a random !1918 subnet or (#2) If your shell has $RANDOM support, perhaps try this: `echo 10.$((RANDOM%256)).$((RANDOM%256)).0/24 `
20:27 < MrWhoo> http://scarydevilmonastery.net/subnet.cgi < Dead Link
20:27 < MrWhoo> or actually 502 Bad Gateway
20:27 < pekster> Good thing that shell snippit works under zsh, bash, and mksh (and likely many others) then
20:29 < MrWhoo> :)
20:29 < MrWhoo> As for setting up my own OpenVPN server to expensive :(
20:29 < MrWhoo> even with cheap VPS's
20:29 < pekster> !learn randomsubnet Or try this perl oneliner: `perl -e 'printf "10.%d.%d.0/24\n", int(rand(256)), int(rand(256));'`
20:29 <@vpnHelper> (learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
20:30 < pekster> !learn randomsubnet as Or try this perl oneliner: `perl -e 'printf "10.%d.%d.0/24\n", int(rand(256)), int(rand(256));'`
20:30 <@vpnHelper> Joo got it.
20:30 < esde> you can get an okay vps for around $3.50/m
20:30 < MrWhoo> really ? any examples
20:30 < esde> last paid vpn i used was years ago and ~$15/m
20:30 < esde> ramnode
20:30 < MrWhoo> I will check them out, thx
20:31 < esde> there's plenty at the $5 price point too, DigitalOcean, Vultr, are the first couple that come to mind
20:31 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
20:31 < KavanS> if you want a really cheap one check out buyvm.net, cheaper than $5 a month
20:32 -!- testerbit [~testerbit@unaffiliated/testerbit] has joined #openvpn
20:32 < MrWhoo> thx guys.
20:33 -!- testerbit [~testerbit@unaffiliated/testerbit] has left #openvpn []
20:34 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 244 seconds]
20:36 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
20:39 -!- MrWhoo [4c0ab658@gateway/web/freenode/ip.76.10.182.88] has quit [Ping timeout: 246 seconds]
20:40 -!- MrWhoo [4c0ab658@gateway/web/freenode/ip.76.10.182.88] has joined #openvpn
20:40 < MrWhoo> I sent email to Ironsocket.com to let them know about the gateway problem :)
20:41 < MrWhoo> as for the routers any better alternatives then DD-Wrt / beside OpenWrt ( no support )
20:41 < pekster> Buy one that is supported, would be my suggestion
20:42 < pekster> Or some low profile/powerdraw mini/cube PC for a bit more computing power, and the possibility of AES-NI instructions if you want more performance
20:42 < MrWhoo> That is always an option, I have some other ones but looks like they just don't support Broadcom in general :(
20:42 < pekster> broadcom is well-known for not being friendly to open-source
20:42 < MrWhoo> :)
20:42 < pekster> Then again, so is dd-wrt, which is why hackers tend to avoid both
20:42 < MrWhoo> How about Raspberry PI with USB lan ?
20:43 < pekster> I've heard of that being done; they CPU on that thing is very minimal, but it seems to work for folks where performance isn't an issue
20:43 < pekster> Probably on-par with MIPS though
20:44 < MrWhoo> I see, I might look at PfSense boxes on ebay .. this all is really just something new to learn .. whole VPN
20:44 < MrWhoo> its kinda cool to learn new stuff and be back on IRC, last time it was about 1997 :)
20:45 < MrWhoo> one more question, once I get the VPN sorted out and I connect to 2 providers
20:46 < MrWhoo> how I can use "route" command to to point traffic to tap0 and tap1
20:46 < MrWhoo> vpn_gateway = tap0 ?
20:46 < MrWhoo> I know that I can't use "dev tap1"
20:46 -!- lachesis [~lachesis@unaffiliated/lachesis] has quit [Ping timeout: 265 seconds]
20:47 -!- james41382 [~james@unaffiliated/james41382] has joined #openvpn
20:48 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 265 seconds]
20:48 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 265 seconds]
20:48 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Ping timeout: 265 seconds]
20:48 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 265 seconds]
20:49 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Ping timeout: 244 seconds]
20:49 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Quit: Leaving]
20:50 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
20:52 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Excess Flood]
20:52 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
20:52 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 244 seconds]
20:53 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 244 seconds]
20:53 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
20:53 -!- lachesis [~lachesis@unaffiliated/lachesis] has joined #openvpn
20:53 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 244 seconds]
20:55 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
20:58 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
20:58 -!- mode/#openvpn [+o krzee] by ChanServ
20:58 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
21:00 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
21:02 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Remote host closed the connection]
21:02 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
21:07 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
21:07 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 245 seconds]
21:07 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 245 seconds]
21:08 -!- james41382 [~james@unaffiliated/james41382] has quit [Quit: Leaving]
21:09 -!- james41382 [~james@unaffiliated/james41382] has joined #openvpn
21:10 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
21:13 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
21:13 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 244 seconds]
21:15 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
21:15 -!- mode/#openvpn [+o syzzer] by ChanServ
21:15 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
21:25 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
21:27 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
21:30 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
21:30 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
21:30 -!- mode/#openvpn [+o syzzer] by ChanServ
21:35 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
21:35 -!- james41382 [~james@unaffiliated/james41382] has quit [Quit: Leaving]
21:39 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Ping timeout: 245 seconds]
21:43 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 244 seconds]
21:43 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
21:47 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
21:49 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
21:49 -!- mode/#openvpn [+o syzzer] by ChanServ
21:50 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Quit: Reconnecting]
21:51 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
21:56 -!- james41382 [~James@unaffiliated/james41382] has joined #openvpn
21:59 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
22:02 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
22:04 -!- james41382 [~James@unaffiliated/james41382] has quit [Quit: Leaving]
22:04 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:06 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
22:10 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
22:10 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
22:10 -!- mode/#openvpn [+o syzzer] by ChanServ
22:10 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
22:12 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has joined #openvpn
22:12 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 244 seconds]
22:13 -!- svm_invictvs [~patricktw@unaffiliated/svminvictvs/x-938456] has quit [Client Quit]
22:13 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
22:19 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:19 -!- james41382 [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
22:23 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
22:24 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
22:25 -!- mode/#openvpn [+o syzzer] by ChanServ
22:28 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 244 seconds]
22:28 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
22:31 -!- MrWhoo [4c0ab658@gateway/web/freenode/ip.76.10.182.88] has quit [Ping timeout: 246 seconds]
22:41 -!- MrWhoo [4c0ab658@gateway/web/freenode/ip.76.10.182.88] has joined #openvpn
22:42 < MrWhoo> @pekster are you still around ?
22:42 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
22:44 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
22:45 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
22:45 -!- mode/#openvpn [+o syzzer] by ChanServ
22:47 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 243 seconds]
22:47 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
22:51 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:52 -!- svm_invictvs [~svm_invic@unaffiliated/svminvictvs/x-938456] has joined #openvpn
22:57 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
22:57 -!- svm_invictvs [~svm_invic@unaffiliated/svminvictvs/x-938456] has quit [Read error: Connection reset by peer]
22:58 -!- james41382 [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Ping timeout: 244 seconds]
22:59 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 244 seconds]
23:00 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
23:00 -!- mode/#openvpn [+o syzzer] by ChanServ
23:01 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:03 < hyper_ch> ecrist:
23:08 -!- svm_invictvs [~svm_invic@unaffiliated/svminvictvs/x-938456] has joined #openvpn
23:08 < svm_invictvs> Hello
23:09 -!- MrWhoo [4c0ab658@gateway/web/freenode/ip.76.10.182.88] has quit [Ping timeout: 246 seconds]
23:09 < svm_invictvs> So I fiddled with my configuration a bit more, removed all the stuff that seemed extraneous
23:11 < svm_invictvs> When it connects, this appears int he log
23:11 < svm_invictvs> http://mysticpaste.com/view/i5I8hcwTlY;jsessionid=1ukhe06f7vasca18nxq75i3ua?2
23:11 < svm_invictvs> And when I do tracert somehost it looks like it's routed not through the tunneled device
23:11 < svm_invictvs> Which is weird
23:14 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
23:14 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 244 seconds]
23:15 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
23:15 -!- mode/#openvpn [+o syzzer] by ChanServ
23:17 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
23:26 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 244 seconds]
23:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:32 -!- ShadniX [dagger@p5481DB6D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX [dagger@p579410E0.dip0.t-ipconnect.de] has joined #openvpn
23:33 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 245 seconds]
23:35 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
23:36 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 244 seconds]
23:38 -!- lxusrbin [~lxusrbin@han.solo.atw0rk.net] has quit [Ping timeout: 244 seconds]
23:38 -!- lxusrbin [~lxusrbin@han.solo.atw0rk.net] has joined #openvpn
23:38 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
23:40 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
23:42 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
23:42 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:42 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
23:43 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
23:43 -!- mode/#openvpn [+o syzzer] by ChanServ
23:48 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
23:53 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
23:59 -!- svm_invictvs [~svm_invic@unaffiliated/svminvictvs/x-938456] has quit [Read error: Connection reset by peer]
--- Day changed Wed Jan 14 2015
00:21 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
00:27 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
00:30 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
00:40 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
00:52 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
00:56 -!- mattock_afk is now known as mattock
00:58 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
01:06 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
01:06 -!- mode/#openvpn [+o syzzer] by ChanServ
01:12 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 244 seconds]
01:12 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
01:14 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:e051:1773:8bb:8586] has quit [Read error: Connection reset by peer]
01:14 -!- akamaru217 [~akamaru21@67.191.183.251] has joined #openvpn
01:18 -!- nullm0dem [~kaiju@ip24-254-180-150.rn.hr.cox.net] has joined #openvpn
01:19 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
01:22 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
01:23 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
01:24 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 244 seconds]
01:29 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
01:29 -!- mode/#openvpn [+o syzzer] by ChanServ
01:50 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 244 seconds]
01:52 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 244 seconds]
01:56 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
01:56 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
02:09 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 244 seconds]
02:10 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
02:12 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:14 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:31 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
02:34 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
02:35 -!- mode/#openvpn [+o syzzer] by ChanServ
02:46 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
02:47 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
02:47 -!- mode/#openvpn [+o syzzer] by ChanServ
03:03 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
03:04 -!- Latrina [~Latrina@ppp-170-5.26-151.libero.it] has quit [Ping timeout: 255 seconds]
03:04 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
03:05 -!- mode/#openvpn [+o syzzer] by ChanServ
03:05 -!- Latrina [~Latrina@adsl-ull-159-179.50-151.net24.it] has joined #openvpn
03:10 -!- scyld [~scyld@unaffiliated/wasyl] has joined #openvpn
03:20 -!- lxusrbin [~lxusrbin@han.solo.atw0rk.net] has quit [Ping timeout: 244 seconds]
03:26 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
03:50 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
03:56 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
04:00 -!- two_oes [orenoi@nat/redhat/x-giwjkmtizxwfigtu] has joined #openvpn
04:06 -!- nullm0dem [~kaiju@ip24-254-180-150.rn.hr.cox.net] has quit [Quit: Lost terminal]
04:20 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
04:26 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:27 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
04:35 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
04:37 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
04:41 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
04:41 -!- hypermist is now known as pcupgrades
04:42 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
04:42 -!- mode/#openvpn [+o syzzer] by ChanServ
04:44 -!- pcupgrades is now known as hypermist
04:52 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 244 seconds]
04:55 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
05:02 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
05:11 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 244 seconds]
05:17 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
05:26 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 240 seconds]
05:32 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
05:45 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Read error: Connection reset by peer]
05:55 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
06:22 -!- lxusrbin [~lxusrbin@han.solo.atw0rk.net] has joined #openvpn
06:36 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
07:00 -!- two_oes [orenoi@nat/redhat/x-giwjkmtizxwfigtu] has quit [Quit: Leaving]
07:02 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
07:04 < hyper_ch> hi ecrist
07:14 -!- hypermist is now known as hypermistbot
07:14 -!- hypermistbot [hypermist@unaffiliated/hypermist] has quit [Changing host]
07:14 -!- hypermistbot [hypermist@unaffiliated/hypermist/bot/hypermistbot] has joined #openvpn
07:15 -!- hypermistbot is now known as uno
07:15 -!- uno is now known as hypermistbot
07:16 -!- hypermistbot is now known as UnoBot
07:16 -!- UnoBot is now known as hypermistbot
07:18 -!- hypermistbot is now known as unob0t
07:38 -!- unob0t is now known as hypermist
07:38 -!- hypermist [hypermist@unaffiliated/hypermist/bot/hypermistbot] has quit [Changing host]
07:38 -!- hypermist [hypermist@unaffiliated/hypermist] has joined #openvpn
07:49 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
08:13 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
08:17 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 244 seconds]
08:19 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
08:20 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
08:25 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
08:37 -!- u0m3 [~u0m3@92.80.89.9] has joined #openvpn
08:37 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:46 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:49 -!- scyld [~scyld@unaffiliated/wasyl] has quit [Quit: leaving]
09:00 <@ecrist> hyper_ch: what di dyou need yesterday?
09:00 <@ecrist> you asked me to ping you
09:01 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
09:03 < hyper_ch> could you give me one of those awesome openvpn cloaks?
09:03 < hyper_ch> I was told your the Master of Cloaks
09:04 <@ecrist> oh, yeah, I am.
09:05 <@ecrist> what cloak do you want?
09:06 < hyper_ch> what cloaks can I have?
09:06 < esde> I too am interested
09:06 < hyper_ch> esde: you need to be registered for at least 8 years on freenode to get one....
09:06 <@ecrist> openvpn/user/<username> we give to anyone
09:07 < hyper_ch> sounds good :)
09:07 <@ecrist> support folks get openvpn/community/support/<username>
09:07 <@ecrist> ok, esde, you want a user cloak as well?
09:07 < esde> please
09:12 < hyper_ch> do I need to reconnect?
09:12 < hyper_ch> if ecrist handles the cloaks, who handles the daggers?
09:13 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
09:14 <@ecrist> working on it now, folks
09:14 < esde> i do
09:14  * esde shanks hyper_ch 
09:14 -!- esde [~esde@unaffiliated/esde] has quit [Changing host]
09:14 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
09:14 -!- mode/#openvpn [+v esde] by ChanServ
09:15 < hyper_ch> ecrist just offloads the cloaking work to others....
09:15 -!- hyper_ch [~hyper_ch@unaffiliated/hyper-ch/x-5230410] has quit [Changing host]
09:15 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
09:15 -!- mode/#openvpn [+v hyper_ch] by ChanServ
09:18 <+hyper_ch> shanks? as in Red-hair Shanks?
09:32 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
09:33 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 272 seconds]
09:50 < masterkorp> https://www.ab9il.net/crypto/openvpn-cloaking.html
09:50 <@vpnHelper> Title: OpenVPN Cloaking (at www.ab9il.net)
09:51 < masterkorp> can anyone explain me this line route your.vpn.server’s.IP 255.255.255.255 net_gateway
09:51 < masterkorp> why is needed on that article ?
09:55 <@ecrist> because they're not using the def1 option
09:55 <@ecrist> !def1
09:55 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
09:55 <@ecrist> if you route ALL, that will lump your local path to your VPN server over itself, which doesn't work.  It's like a snake eating it's own tail.
09:55 < masterkorp> ecrist: so its basically to access the internet trough the gateway ?
09:55 <@ecrist> kinda, almost
09:56 <@ecrist> it's so your openvpn connection, itself, still goes over the internet (and knows how to) but you're other traffic will all try to use the VPN.
09:56 < masterkorp> I am currently having a problem on the VPN server connecting back to the client trogh obfsproxy
09:58 < masterkorp> just posted to the OpenVPN forums
10:00 < masterkorp> waiting approval
10:05 -!- MrSparkle [~MrSparkle@cpe-74-69-103-73.rochester.res.rr.com] has left #openvpn []
10:12 <@ecrist> I'll approve it now.
10:12 < masterkorp> thanks !
10:13 < masterkorp> Off all the searches I did, I could not find with with anyone same problem
10:13 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 240 seconds]
10:19 -!- l3g3nd [~l3g3nd@unaffiliated/l3g3nd] has joined #openvpn
10:19 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
10:20 < l3g3nd> !welcome
10:20 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
10:20 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:20 < l3g3nd> !goal
10:20 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
10:21 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
10:23 < l3g3nd> alright, i'm attempting to assign static ip addresses on connection to my vpn server.  i have to use 'client-cert-not-required' and 'username-as-common-name'.  I have a 'ccd' directory with usernames that are used for login (I use PAM), but I keep getting handed dynamic ips
10:23 < masterkorp> deep packet inspection
10:23 < masterkorp> https://forums.openvpn.net/topic17960.html
10:23 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN and obfsproxy : Server Administration (at forums.openvpn.net)
10:24 < masterkorp> shanmeless link for help
10:24 < masterkorp> :)
10:25 < l3g3nd> i'm not sure that's what is going on...
10:26 < l3g3nd> i don't have any need for proxy's and avoiding censorship, so i'm not sure what to pull from that
10:29 < masterkorp> Deep packet Inspection
10:29 < masterkorp> aka some countries that block OpenVPN traffic based on this technique
10:31 <+hyper_ch> blocking openvpn is just plain evil
10:34 < masterkorp> "If we can't see what you're doing, then you not doing anything."
10:34 < masterkorp> i would love some insight please
10:45 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
10:50 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
11:00 -!- l3g3nd [~l3g3nd@unaffiliated/l3g3nd] has left #openvpn ["and suddenly, boredom overtook me"]
11:03 -!- moparsthbest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
11:04 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Remote host closed the connection]
11:11 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
12:12 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:12 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
12:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:33 -!- hypermist is now known as pcupgrades
12:35 < masterkorp> https://community.openvpn.net/openvpn/wiki/325-openvpn-as-a--forking-tcp-server-which-can-service-multiple-clients-over-a-single-tcp-port
12:35 <@vpnHelper> Title: 325-openvpn-as-a--forking-tcp-server-which-can-service-multiple-clients-over-a-single-tcp-port – OpenVPN Community (at community.openvpn.net)
12:35 < masterkorp> hmmmm
12:36 < masterkorp> i want to use single TCP port
12:46 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has quit [Ping timeout: 255 seconds]
12:47 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has joined #openvpn
12:49 < masterkorp> ok, I found why the proxy wasn't workingggg
12:50 < masterkorp> obfsproxy needs to running on the same machien as the vpn server
13:01 -!- intransit [~intransit@69.46.234.21] has joined #openvpn
13:01 < intransit> !welcome
13:01 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:01 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:01 < intransit> !goal
13:01 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:03 < intransit> I have an openvpn server running in EC2. I can connect to the VPN successfully, but once I'm connected I can't connect to instances inside of my VPC unless I open up port 22 to everything, which impllies to me that I'm not picking up the local IP to be allowed by my security groups. How can I troubleshoot that I'm picking up the correct VPN IP?
13:03 < intransit> My local IP doesn't change from a corp network to the local IP when I'm attached to the VPN.
13:03 < intransit> !route
13:03 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
13:03 <@vpnHelper> client
13:25 <+hyper_ch> krzee: why does systemd need ip forwarding, ip masquerading and other firewall stuff?
13:28 <+hyper_ch> krzee: http://falkvinge.net/2015/01/14/hilarious-activists-turn-tables-on-political-surveillance-hawks-wiretaps-them-with-honeypot-open-wi-fi-at-security-conference/
13:28 <@vpnHelper> Title: Hilarious: Activists Turn Tables On Political Surveillance Hawks, Wiretap Them With Honeypot Open Wi-Fi At Security Conference - Falkvinge on Infopolicy (at falkvinge.net)
13:41 -!- ImDevinC [~ImDevinC@c-50-188-37-42.hsd1.mn.comcast.net] has joined #openvpn
13:42 < ImDevinC> !welcome
13:42 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:42 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:42 < ImDevinC> !route
13:42 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
13:42 <@vpnHelper> client
13:43 -!- ImDevinC [~ImDevinC@c-50-188-37-42.hsd1.mn.comcast.net] has left #openvpn []
13:51 -!- intransit [~intransit@69.46.234.21] has quit [Ping timeout: 264 seconds]
13:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 245 seconds]
13:55 < hydrajump> in order to write an ubuntu indicator to show the connection status on an openvpn client I need to use the management interface and get the connection status via telnet is that correct?
13:57 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:59 <+hyper_ch> why not just check if the tun device is listed in ifconfig ?
14:04 -!- ayaka [~ayaka@ayaka-2-pt.tunnel.tserv21.tor1.ipv6.he.net] has joined #openvpn
14:08 < hydrajump> hyper_ch: that's a good idea thanks
14:08 < ayaka> When and where should I use DIT Content Rules? I think the object class have define the MUST fields
14:08 < ayaka> I don't think I could add new attribute to a object class if it is not in MUST or MAY?
14:10 <+hyper_ch> hydrajump: there's probably better ways.... but that should work.. depends what you all want to do
14:26 -!- Manis [~Manis@gateway/tor-sasl/manis] has joined #openvpn
14:49 -!- mattock is now known as mattock_afk
15:11 -!- yeik [~jeff@2601:7:6881:4700:15f5:9d14:7a65:6827] has joined #openvpn
15:12 < yeik> Question for everybody here, has anybody seen performance issues with the windows openvpn client?
15:12 < yeik> by about 4x slower?
15:19 -!- You're now known as resource
15:19 <+hyper_ch> no
15:22 < yeik> so is there a configuration difference that would need to be done between windows and linux to get them to run at the same speeds? I have identical openvpn client configs for windows and linux, connecting to the same box, doing identical things, linux speed is about the same with and without openvpn, windows with vpn is 4x slower than without openvpn
15:22 < yeik> using aes-256-cbc encryption
15:23 <+hyper_ch> why not just upgrade to linux?
15:24 < yeik> that isn't really an option.
15:24 <+hyper_ch> it's a real option... maybe just not a confortable one
15:25 < yeik> maybe i should say that really isn't an optioin
15:25 < yeik> option*
15:25 < yeik> and no, it isn't a real option, not possible for an option in my use case.
15:29 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has joined #openvpn
15:52 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
15:55 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
16:09 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has quit [Quit: Leaving]
16:19 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:20 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:32 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
16:33 -!- _FBi [~B@Aircrack-NG/User] has quit [Excess Flood]
16:34 -!- _FBi [~B@Aircrack-NG/User] has joined #openvpn
16:35 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:54 -!- yeik [~jeff@2601:7:6881:4700:15f5:9d14:7a65:6827] has quit [Ping timeout: 245 seconds]
17:01 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
17:04 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
17:05 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
17:22 -!- Exagone313 [exa@ewd.ovh] has quit [Remote host closed the connection]
17:23 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
17:26 < zoredache> Have you done any performance monitoring on the Windows box to see if you can get any ideas why it is slower for you?  Is a CPU core maxing out or something..  Is OpenVPN using a lot of RAM.
17:26 < zoredache> If that doesn't lead anywhere, then fireup your favorite packet capture tool and see if you can see any obvious errors related to the VPN or something.
17:30 -!- Exagone313 [exa@ewd.ovh] has joined #openvpn
17:40 -!- swebb [~swebb@8.36.226.184] has quit [Remote host closed the connection]
17:43 -!- swebb [~swebb@8.36.226.184] has joined #openvpn
17:48 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
17:50 -!- Manis [~Manis@gateway/tor-sasl/manis] has quit [Remote host closed the connection]
18:00 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
18:08 <@krzee> hyper_ch, i dont understand your question
18:19 -!- _quadDamage [~EmperorTo@boom.blissfulidiot.com] has joined #openvpn
18:41 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has quit [Remote host closed the connection]
18:45 -!- pcupgrades is now known as hypermist
18:48 -!- dvl_ [~dvl@freebsd/developer/dvl] has joined #openvpn
18:53 -!- deskjob [b32b8502@gateway/web/freenode/ip.179.43.133.2] has joined #openvpn
19:04 < deskjob> hello
19:05 < deskjob> I am having tls handshake failures and I have no idea why
19:05 <+esde> !logs
19:05 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
19:05 <+esde> !configs
19:05 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
19:06 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:11 < deskjob> sorry
19:11 < deskjob> thanks esde
19:12 < deskjob> https://pastee.org/vzpd
19:12 < deskjob> https://pastee.org/es4ht
19:12 < deskjob> https://pastee.org/2vccv
19:13 <@krzee> log from other side?
19:13 <@krzee> also, use verb 5 on both sides and repaste please
19:13 <+esde> mtu looks odd to me. 1570 and 1500??
19:13 < deskjob> I didn't realize I could use verb 5
19:14 < deskjob> is that the most verbose?
19:14 <+esde> 9000
19:14 <@krzee> verb can be higher than 5, please dont use higher than 5 for this post
19:14 <@krzee> you'll likely never ever need more than 5 (i never have)
19:15 <@krzee> higher than 5 is for devs
19:15 < deskjob> 3 is fine for me, but this is nice to know
19:15 < deskjob> thank you
19:15 <+esde> . .
19:15 <@krzee> 3 is not fine right now
19:15 <@krzee> need 5
19:15 < deskjob> by other side, do you mean windows?
19:16 <@krzee> 3 is for everyday usage, 5 for debugging where firewall could be at fault
19:16 <@krzee> im guessing yes, but my crystal ball is broken so i dont know if you're using windows on the other side
19:16 <@krzee> !crystal
19:16 < deskjob> I am trying to connect a windows desktop to a debian server
19:16 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
19:16 < deskjob> sorry
19:16 <@krzee> no problem ;]
19:18 <@krzee> esde, ya that mtu thing looks weird to me too, not sure what it really means, but since it is output from before a client even tried to connect i figure it's safe to ignore
19:22 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
19:23 -!- deskjob [b32b8502@gateway/web/freenode/ip.179.43.133.2] has quit [Ping timeout: 246 seconds]
19:27 -!- dvl_ [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
19:34 -!- deskjob [b32b9442@gateway/web/freenode/ip.179.43.148.66] has joined #openvpn
19:34 < deskjob> sorry, I got disconnected
19:34 -!- dvl_ [~dvl@freebsd/developer/dvl] has joined #openvpn
19:38 < deskjob> I don't see any difference with verb 5 on except for the tail end of the negotiation
19:38 < deskjob> https://pastee.org/tnmha
19:38 < deskjob> but it makes no sense to me
19:41 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
19:42 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:43 -!- dvl_ [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
19:44 < deskjob> here is the windows log https://pastee.org/2r8cj
19:44 < deskjob> do you see anything I am missing esde?
19:46 -!- dvl_ [~dvl@freebsd/developer/dvl] has joined #openvpn
19:52 < deskjob> krzee?
19:57 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.ma.comcast.net] has left #openvpn ["Leaving"]
19:59 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
20:05 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
20:05 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
20:24 -!- MrWhoo [b8af07c1@gateway/web/freenode/ip.184.175.7.193] has joined #openvpn
20:24 < MrWhoo> hello @ll
20:25 < MrWhoo> perkster are you around ?
20:27 < MrWhoo> anyone familiar with "route"  - it does use  "vpn_gateway" alias ... and "net_gateway"
20:28 < MrWhoo> and it works but what if I have second tunnel on tap0 how can I route that ?
20:28 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has joined #openvpn
20:31 -!- david_dionne [32820fab@gateway/web/freenode/ip.50.130.15.171] has joined #openvpn
20:31 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
20:32 < david_dionne> greetings
20:32 < david_dionne> anyone up for chatting about running layer 2 mode?
20:33 < david_dionne> i connect but im not seeing any bootpc or bootps frames
20:33 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has joined #openvpn
20:33 < phix> local/remote TLS keys are out of sync
20:34 < phix> TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20:34 < david_dionne> iptables shows an filter input for 67 and 68 on interface virbr0
20:34 < david_dionne> thanks phix, how can i fix that?
20:35 < david_dionne> reinstall the client?
20:36 < phix> TLS Error: TLS handshake failed
20:36 < phix> david_dionne: i just joined, that is the error i am getting
20:37 < david_dionne> OHHHH, im sorry man
20:37 < phix> the time is synved, the ports ate not being filteted
20:38 < david_dionne> do you get this error with both tcp and udp?
20:41 < david_dionne> i looked that up and it sounds like 99% of the time, that error is associated with udp
20:41 < david_dionne> if ur using udp (1194), try switching to tcp just as a test
20:44 -!- david_dionne [32820fab@gateway/web/freenode/ip.50.130.15.171] has quit [Quit: Page closed]
20:46 -!- dvl_ is now known as dvl
20:49 <@krzee> deskjob, you didnt use verb 5 on EITHER log
20:49 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has quit [Quit: ZNC - http://znc.in]
20:50 < deskjob> krzee yes sir I did
20:51 <@krzee> that log was not verb 5
20:51 <@krzee> nor was the first one
20:51 < deskjob> https://pastee.org/zctd2
20:52 < deskjob> same verb 5 for server conf
20:52 < MrWhoo> I'm trying to establish to OpenVPN tunnels on MIPS device as soon as I start second one, 1st gets killed ?
20:52 < MrWhoo> any ideas
20:52 <@krzee> deskjob, now start the client over again, and paste the new log
20:52 <@krzee> i just saw the re-paste of server log, that was verb 5 =]
20:52 < deskjob> I restarted openvpn on my server, but not the client
20:53 < deskjob> didn't think restarting the gui would matter
20:53 <@krzee> well when you update configs you must restart the process to read the new config
20:53 <@krzee> didnt need to restart the gui, needed to restart the vpn from within the gui
20:53 <@krzee> but ya, restarting the gui works too
20:53 <@krzee> (assuming your vpn process was started via gui)
20:56 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has joined #openvpn
20:58 < deskjob> krzee: https://pastee.org/b9g7q
20:58 < deskjob> that is my client
20:58 < deskjob> the only differences I see is all of those WW
20:59 <@krzee> windows firewall (or some other filtering software on that machine) is your problem
20:59 < deskjob> the server log shows W and R
20:59 <@krzee> turn off windows firewall on your tap device
21:00 < deskjob> windows firewall is completely turned off
21:00 < deskjob> comodo is in use
21:00 <@krzee> well something is blocking packets on the tap device.
21:00 < deskjob> openvpn gui and .exe is approved
21:05 < deskjob> well I just allowed every file in the openvpn bin directory, and I still cannot connect
21:06 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
21:06 < Dougy> stupid auto rejoin didnt work
21:06  * Dougy grunts
21:06 < deskjob> krzee: my vpn service works fine
21:06 < deskjob> >.>
21:07 < deskjob> I have been trying to figure this out for days
21:07 <@krzee> congrats
21:07 < Dougy> helo krzee
21:07 < Dougy> or, hello too
21:07 <@krzee> sup Dougy
21:07 < Dougy> helo dougy
21:07 <@krzee> how you doing
21:07 < Dougy> rcpt to:krzee
21:07 < Dougy> i am ok
21:07 < Dougy> i guess
21:07 < deskjob> krzee: no I meant my paid service works fine, but openvpn is still doing that
21:07 < Dougy> how are you
21:08  * Dougy is upgrading xenservers
21:08 <@krzee> deskjob, fix your packet filter!
21:08 <@krzee> :/
21:08 < deskjob> I don't know what more I can do
21:08 <@krzee> you're messing with "allowing files" after i told you that something is blocking your packets on the windows machine
21:08 <@krzee> an anti-virus or something else that filters packets
21:09 <@krzee> i cant help you with your windows setup, but its that.
21:09 < deskjob> I allowed all files in the bin directory in kaspersky too
21:09 <@krzee> its not a matter of allowing files
21:09 <@krzee> lol
21:09 < deskjob> I don't know what else I can do
21:09 < Dougy> turn it off
21:09 < Dougy> temporarily
21:09 <@krzee> how do you hear "allow files" when i say "stop filtering internet"
21:10 < deskjob> you want me to turn my firewall off completely?
21:10 <@krzee> or get an OS that you understand?
21:10 <@krzee> openvpn is not your problem
21:11 <@krzee> your packet filtering in windows is your problem.
21:11 < deskjob> why isn't it filtering my paid vpn service which is also using openvpn?
21:12 <@krzee> !crystal
21:12 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
21:12 <@krzee> i can see your issue, not your non-issues
21:12 < deskjob> well I turned off anti-virus and my firewall
21:12 < deskjob> idk what else could be blocking packets
21:13 <@krzee> me neither, but your server is recieving and responding to packets, and your client is only sending, no recieving
21:13 <@krzee> W is write, R is read
21:13 < deskjob> I figured that
21:14 <@krzee> Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets.
21:15 <@krzee> !learn verb5 as the WRWRwrwr is explained in !man at --verb : Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets.
21:15 <@vpnHelper> Joo got it.
21:17 < Dougy> krzee: can i has my ops back? :D
21:18 < deskjob> well, thank you krzee
21:18 < deskjob> but this is insane
21:18 < Dougy> hmm online pfsense university is online now, neato
21:18 -!- mode/#openvpn [+o Dougy] by krzee
21:18 <@krzee> Dougy, www.coursera.org
21:18 < deskjob> the windows firewall is off, my firewall is off, no anti-virus is on, yet it's still screwed
21:18 < deskjob> >.>
21:19 <@Dougy> krzee: im decently versed in pfsense
21:19 <@krzee> deskjob, break out wireshark and do some packet dumps, something somewhere is blocking stuff
21:19 <@Dougy> just got an email bout it
21:19 <@krzee> Dougy, unrelaed to the link i gave… the link i gave is university classes from all over about all sorts of stuff
21:20 <@krzee> im currently taking cryptography 1 from stanford
21:20 <@krzee> also took a python class and surveillance law
21:20 <@krzee> great stuff!
21:20 < deskjob> all free?
21:21 <@Dougy> krzee: awesome
21:21 <@Dougy> that's pretty leet
21:21 <@krzee> yes, all free
21:21 <@Dougy> every time i hear the phrase patriot act, i think of you krzee
21:21 < deskjob> nice
21:21 <@krzee> well you can pay if you like, if you want to prove you took it and whatnot
21:21 < deskjob> lol
21:21 < deskjob> why?
21:21 <@krzee> personally im just there for the knowledge so i take it free
21:23 < deskjob> well, hopefully I can figure this out
21:23 < deskjob> thanks for the help krzee
21:23 < deskjob> I'll probably be back, wish me luck
21:24 <@krzee> gl
21:24 < deskjob> thank you to esde
21:24 < deskjob> *too
21:24 < deskjob> have a good night krzee
21:24 <@krzee> thanks i will, you do the same
21:25 <@krzee> first night of vacation and im in vegas… i'll be fine :D
21:27 <@Dougy> krzee: welcome back to the continental US
21:27 <@Dougy> but i must ask
21:27 <@Dougy> what the hell are you doing in here, if you are in Vegas
21:27 <@krzee> thx
21:27  * Dougy smacks krzee around with a large trout
21:27 <@krzee> i been to vegas way too much to make it a big deal
21:27 <+esde> good luck deskjob!
21:27 <@krzee> im just passing through on my way to california
21:27 <@Dougy> o
21:27 <@Dougy> whats there? 420?
21:27 <@Dougy> err, business?
21:27 <@krzee> just people i know
21:28 <@Dougy> ah
21:28 <@krzee> i should prolly call for some 420 tho
21:28 <@Dougy> are you still in island paradise usually?
21:28 <@krzee> yes
21:28 <@Dougy> one of my dudes moved to St Croix last week
21:28 <@Dougy> well, i call her my dude. because she is a lesbian and sits around with us and drinks budweiser in wifebeaters
21:28  * Dougy wnats to go visit
21:28 <@Dougy> wants
21:29 -!- deskjob [b32b9442@gateway/web/freenode/ip.179.43.148.66] has quit [Ping timeout: 246 seconds]
21:32 -!- swebb_ [~swebb@8.36.226.184] has joined #openvpn
21:34 -!- swebb [~swebb@8.36.226.184] has quit [Quit: ZNC - http://znc.in]
21:34 -!- swebb_ is now known as swebb
21:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
21:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:48 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:59 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 244 seconds]
22:01 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
22:01 -!- mode/#openvpn [+o syzzer] by ChanServ
22:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:31 -!- MrWhoo [b8af07c1@gateway/web/freenode/ip.184.175.7.193] has quit [Ping timeout: 246 seconds]
23:04 <+hyper_ch> krzee: just read that systemd got basic firewall functions and stuff... and I wonder why an init system needs that
23:05 <@krzee> prolly better for #ubuntu no idea
23:07 <@krzee> you might like uselessd
23:07 <@krzee> https://en.wikipedia.org/wiki/Systemd#Forks_and_alternative_implementations
23:07 <@vpnHelper> Title: systemd - Wikipedia, the free encyclopedia (at en.wikipedia.org)
23:07 <@krzee> In 2014, uselessd, a lightweight fork of systemd was created. The project seeks to remove features and programs deemed unnecessary for an init system, increase implementation modularity, improve portability across platforms, as well as address other perceived faults.
23:08 <+hyper_ch> krzee: :)
23:09 <@krzee> Dougy, got my herb getting delivered :D
23:09 <@krzee> you know how krzee rolls!
23:09 <@krzee> !krzee
23:09 <@vpnHelper> "krzee" is (#1) krzee says happy 4/20 or (#2) http://www.ircpimps.org/pics/krzee/blunt.jpg or (#3) location: moon base where he smokes moonajuana or (#4) takes bonghits on the freeswitch teleconference
23:09 <@krzee> oh god lol i still havnt put that webserver back up
23:10 <@krzee> i should do that sometime lol
23:14 -!- car [~car@101.98.155.139] has joined #openvpn
23:15 < car> !welcome
23:15 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
23:15 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
23:19 < car> Hi. Does openvpn use DH for key exchange (and only DH)? So certificates are "only" for authentication? Or does openvpn use certificates (public key) for keyexchange as well, when the session renews?
23:19 <+esde> !keys
23:19 <@vpnHelper> "keys" is http://openvpn.net/howto#pki
23:19 < car> !keys
23:19 <@vpnHelper> "keys" is http://openvpn.net/howto#pki
23:20 < car> thx
23:21 < KavanS> !hotwo
23:21 < KavanS> !howto
23:22 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
23:31 -!- ShadniX [dagger@p579410E0.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:31 < car> ok. as far as i understand, keyexchange is done by DH. And only by DH. Even if the session is renewd key exhange is done by DH. That implies that Openvpn does not work without DH - Except your using a static key?
23:33 -!- ShadniX [dagger@p5481D726.dip0.t-ipconnect.de] has joined #openvpn
23:33 < car> (or if you skip encryption at all)
23:37 <@krzee> car, you are correct
23:37 < car> krzee, cool thank you
23:38 <@krzee> yw
23:38 <@krzee> any specific reason you were wondering?
23:38 < car> no, just a technical question :)
23:38 <@krzee> cool
23:38 <@krzee> more in depth answers may come from syzzer if he has anything to add
23:39 <@krzee> and if he says im wrong, then i am ;]
23:39 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Ping timeout: 245 seconds]
23:40 < car> so the "only" reason using DH is PFS. Otherwise i could use cert+key for keyexchange. i guess.
23:41 <@krzee> but theres no setting to do that
23:41 <@krzee> or you're designing a crypto system?
23:42 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
23:42 < car> yes true there is no setting. and no i am not designing a crypto system, which would be a bad idea , i think
23:43 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:43 < car> krzee, thank you again ;-)
23:43 <@krzee> yw
23:45 <@krzee> "That implies that Openvpn does not work without DH - Except your using a static key?"
23:46 <@krzee> i understood what you meant. it was "openvpn in server mode while using encryption does not work without dh"
23:49 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:53 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
23:55 < KavanS> I've got 2 subnets, on 1 side of my VPN.  I'd like 1 subnet to act normally, using default gateway....the other subnet I'd like to redirect gateway to other side of VPN.  Any suggestions?
23:55 < KavanS> all linux of course
23:57 < KavanS> in abstract, I'd like to "take everything from 192.168.5.x and throw it over the VPN as default gw, my regular subnet 192.168.4.x, I want to act normal sending traffic over the local default gateway"
23:58 < KavanS> any links/docs would be awesome.  I've read the howto and am not finding anything on this adv. routing topic
23:59 <+hyper_ch> so the vpn server run on 192.168.5.1?
--- Day changed Thu Jan 15 2015
00:00 < KavanS> vpn server 1 has two subnets, 192.168.5.1/192.168.4.1 on eth0 and eth0:0 respectively
00:00 <+hyper_ch> !lans
00:00 <@vpnHelper> "lans" is https://www.secure-computing.net/wiki/index.php/OpenVPN/Routing
00:00 < KavanS> I'd like to take one of those subnets (192.168.5.x) and force it over the tunnel, using the remote eth0 as my exit point
00:00 < KavanS> well...not sure if that will do it, but I'll read now
00:01 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
00:02 < KavanS> yeah that doesn't help
00:02 < KavanS> routing isn't the issue...
00:02 < KavanS> at least I don't think so...
00:02 < KavanS> I need to redirect everything headed to 192.168.5.1 (default gateway for the 192.168.5.x subnet)
00:02 < KavanS> and throw it over the VPN, and pipe it out eth0 on vpn server 2
00:03 <+hyper_ch> !def1
00:03 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
00:04 < KavanS> ok
00:04 < KavanS> still don't think that will help...
00:04 <+hyper_ch> I have no idea what you're trying to do
00:05 < KavanS> I only want 1 single subnet on vpn server 1, to have redirect default gw
00:05 < KavanS> I don't want it to apply for the other subnet
00:05 <+hyper_ch> not getting what you wnat
00:05 < KavanS> basically anything on X subnet goes over VPN, everything on Y subnet stays on LAN uses normal ISP default gateway
00:06 <+hyper_ch> but it's way too early here anyway
00:06 < KavanS> same LAN, same physical hardware
00:06 < KavanS> just different subnets :)
00:06 < KavanS> I want redirect-gateway to only apply to 1 subnet
00:07 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
00:07 < KavanS> so I might have my question incorrectly formed
00:07 < KavanS> I want the source subnet to define which gateway it goes to
00:17 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
00:18 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 264 seconds]
00:19 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Read error: Connection reset by peer]
00:19 <@krzee> thats called policy routing
00:19 < KavanS> there we go...
00:19 <@krzee> !factoids search --values policy
00:19 <@vpnHelper> 'policy', 'someclient2client', 'win2k8', 'current', 'policy', 'lartc', 'routebyapp', 'iptables', 'redirect-policy', and 'lartc'
00:19 < KavanS> sorry I'm an idiot.
00:20 <@krzee> !redirect-policy
00:20 <@vpnHelper> "redirect-policy" is If you are using --redirect-gateway and wish to maintain external access to the same system, you need Policy Routing. If using Linux, see !lartc for reading on the subject. Note that this is a somewhat advanced networking topic.
00:20 <@krzee> !lartc
00:20 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
00:20 <@krzee> there ya goes
00:20 < KavanS> thanks for the direction krzee, searching now.  definitely appreciate
00:20 <@krzee> yw
00:20 <@krzee> in linux thats ip route + ip rule
00:20 <@krzee> in freebsd you'll need multiple routing tables (enabled in kernel) and use setfib
00:21 <+hyper_ch> sounds easier on linux
00:21 <+hyper_ch> and I still don't get what he wants though
00:21 <@krzee> he wants routing to take source address into account
00:22 <+hyper_ch> ah
00:22 <@krzee> so 2 packets going to same destination from different source can go to different gateways
00:22 <@krzee> aka, policy routing
00:22 <+hyper_ch> why didn't he say so?
00:22 <@krzee> he did
00:22 <@krzee> "<KavanS> I want the source subnet to define which gateway it goes to"
00:22 <@krzee> thats all i saw, all i needed to see
00:22 <+hyper_ch> well, you're the smart one regarding routing and stuff
00:23 <@krzee> plus my weed just arrived
00:23 <+hyper_ch> I just see packets entering the router and exiting it somewhere :)
00:23 <+hyper_ch> pretty sure it's medical weed, right?
00:24 <@krzee> nah
00:24 <+hyper_ch> you're supposed to answer with yes ;)
00:24 <+hyper_ch> anyway, gotta go to work
00:28 -!- ayaka [~ayaka@ayaka-2-pt.tunnel.tserv21.tor1.ipv6.he.net] has left #openvpn ["离开"]
00:29 <@krzee> hyper_ch, well i am medical, but thats in california
00:29 <@krzee> im currently in vegas
00:30 <@krzee> it was dropped off by a friend, he was nice enough to come like 30min out of his way to drop it off, you *know* he got a nice tip ;]
00:33 <@krzee> i've had my medical in california since the 90s
00:33 <@krzee> cause thats how krzee rolls ;]
00:34 <@krzee> oh KavanS you can also mark things in the firewall for policy routing, so you can even route by app
00:35 <@krzee> or port
00:35 <@krzee> or whatev
00:37 < KavanS> nice
00:37 < KavanS> reading now on iproute2, definitely the way to go
00:37 <@krzee> yepyep
00:37 < KavanS> thanks for the pro tips, I'm sure I'll be back during testing :)
00:38 <@krzee> no problem, you will find #networking helpful as well
00:38 < KavanS> I'll pop in there now, bam
00:39 <@krzee> but for now
00:39 <@krzee> did you setup redirect-gateway first and get it working, then simply remove the call for redirect-gateway?
00:39 <@krzee> because if not, you should. you need to do as much seperately as possible
00:40 < KavanS> yep
00:40 < KavanS> already tested
00:40 <@krzee> oh you did, nice
00:40 <@krzee> proceed ;]
00:40 < KavanS> I've got nat working
00:40 < KavanS> so we're good :)
00:42 <@krzee> i have a openwrt setup which joins 2 lans, has 2 gateways, routes 1 lan out a gateway on the other lan and visa versa, runs a openvpn server on 2 addresses with --multihome
00:42 <@krzee> so imagine my policy routing craziness
00:44 <@krzee> oh and it sometimes needs to nat some addresses, and other times needs to not nat those same addresses :D
00:45 <@krzee> once i got that all working, i got another identical router and cloned the thing for a cold spare, i am *NOT* doing that again from scratch
00:49 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
00:50 < Nothing_Much> I'm a bit frustrated trying to get OpenVPN working on Ubuntu 14.10
00:50 <+hyper_ch> so, NV allows gambling but not medical treatment and CA allows medial treatment but not gambling?
00:50 < Nothing_Much> It pops up immediately after clicking to connect to the vpn: "The VPN connection [connection] failed"
00:50 < Nothing_Much> Can I get some help?
00:51 < Nothing_Much> !welcome
00:51 <+hyper_ch> do you want always to establish the vpn connection?
00:51 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
00:51 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
00:51 < Nothing_Much> !howto
00:51 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
00:52 -!- mattock_afk is now known as mattock
00:52 <+hyper_ch> krzee: so, NV allows gambling but not medical treatment and CA allows medial treatment but not gambling?
00:52 <+hyper_ch> Nothing_Much: do you want always to establish the vpn connection?
00:53 <@krzee> hyper_ch, actually theres tons of casinos in california, they're all over
00:53 < Nothing_Much> hyper_ch: Yeah, mostly for privacy concerns and stuff
00:53 <@krzee> they are "indian casinos"
00:53 <@krzee> but they are everywhere
00:53 <+hyper_ch> Nothing_Much: then why not install openvpn client and make a client.conf in /etc/openvpn/ ?
00:53 <+hyper_ch> krzee: but thats sovereign territory or something, right?
00:53 <@krzee> or something
00:53 < Nothing_Much> I don't have my own rented server, I'm using a website's free vpn
00:54 <@krzee> https://en.wikipedia.org/wiki/List_of_casinos_in_California
00:54 <@vpnHelper> Title: List of casinos in California - Wikipedia, the free encyclopedia (at en.wikipedia.org)
00:55 <+hyper_ch> "card room"
00:55 <+hyper_ch> Nothing_Much: better go the .conf file route
00:55 <+hyper_ch> IMHO
00:56 < Nothing_Much> hyper_ch: That doesn't work either
00:56 <+hyper_ch> !configs
00:56 < Nothing_Much> Hang on, lemme get the error message again
00:56 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
00:57 <+hyper_ch> krzee: btw, you saw the thing about the snom security issue?
00:57 <@krzee> hyper_ch, ya its just the web interface bugs
00:57 <@krzee> probably some of the ones i found ;]
00:57 <+hyper_ch> :)
00:57 <@krzee> either way, nothing new
00:57 <@krzee> just disable the web interface like i do
00:57 <+hyper_ch> probably not a big deal if you're properly nated...
00:57 <@krzee> screw that, still a big deal imo
00:58 <@krzee> easily rootable and unless you are also in it you will NEVER know im in it
00:58 <+hyper_ch> :) they have new firmware that fixes it but without openvpn client
00:58 <@krzee> perfect place to hide
00:58 <@krzee> i stopped upgrading my firmware long ago
00:58 <+hyper_ch> do you auto provision the SNOMs incl. openvpn config and stuff?
00:58 <@krzee> they broke other stuff before that
00:58 <@krzee> i auto do EVERYTHING
00:58 < Nothing_Much> Error: private key password verification failed ?
00:59 <+hyper_ch> I still can't figure out how to auto provision those
00:59 <@krzee> including in android flashing the recovery, rom, installing and configuring apps etc
00:59 <@krzee> no touch
00:59 <@krzee> my partner builds our phones, hes a lawyer not a tech
01:00 <+hyper_ch> what do lawyers know about tech anyway?
01:00 <+hyper_ch> Nothing_Much: sounds like you need to provide a password?
01:00 <@krzee> he plugs things in and watches it autosense and setup the device, tests it, ships
01:00 <+hyper_ch> and you're sure he's a lawyer?
01:00 < Nothing_Much> hyper_ch: I was told to leave the private key password blank
01:00 <@krzee> hes also a long time close friend of mine
01:00 <+hyper_ch> told by whom and where?
01:01 <+hyper_ch> (he's a close friend until he'll give you his bill)
01:01 <@krzee> has Nothing_Much posted configs or logs or anything?
01:01 <+hyper_ch> no
01:02 <+hyper_ch> krzee: [07:58] <Nothing_Much> Error: private key password verification failed ?
01:02 < Nothing_Much> I got the config from http://www.vpnbook.com/ , it's the .ovpn file, right?
01:02 <@vpnHelper> Title: Free VPN 100% Free PPTP and OpenVPN Service (at www.vpnbook.com)
01:02 <@krzee> Nothing_Much, try starting openvpn by hand not using the linux scripts
01:02 <@krzee> Nothing_Much, ps auxw|grep vpn
01:02 <@krzee> are any openvpn processes running?
01:03 <+hyper_ch> Nothing_Much: just rename it to xxxx.conf and put it into /etc/openvpn/
01:03 <@krzee> yes its the .ovpn file, i assume you made it .conf now tho
01:04 <@krzee> .ovpn is the windows file extension but the linux startup scripts are set to start every *.conf in /etc/openvpn/
01:04 < Nothing_Much> ohh
01:05 <@krzee> but when you start it with those scripts you lose things like the ability to interactively type in the password
01:05 <@krzee> !factoids search --values *.conf
01:05 <@vpnHelper> No keys matched that query.
01:05 <@krzee> !learn extension as .ovpn is the windows file extension for openvpn configs
01:05 <@vpnHelper> Joo got it.
01:05 <@krzee> !learn extension as the linux startup scripts are set to start every *.conf in /etc/openvpn/
01:05 <@vpnHelper> Joo got it.
01:06 < Nothing_Much> hang on a second
01:07 < Nothing_Much> http://pastie.org/private/auzyy1jtyfdktufa8cew
01:07 < Nothing_Much> won't work even with the terminal :\
01:09 < Nothing_Much> should I get rid of the --ip-win32?
01:10 <@krzee> post the config
01:11 < Nothing_Much> http://pastie.org/private/gyvdsjvg2jhae7gu9v2azw krzee
01:15 <@krzee> i dont even see ip-win32
01:15 <@krzee> and now delete that
01:15 <@krzee> and go get another
01:15 <@krzee> never paste your private key
01:15 <@krzee> you just made yours completely public
01:16 < Nothing_Much> that key's public?
01:16 <@krzee> now that you posted it, it is
01:16 <@krzee> yours is inline
01:16 <@krzee> normally people have it pointing to a file
01:16 <@krzee> inline is fine, but it needed to be redacted
01:17 <@krzee> !learn configs as remember to remove any inline private key or tls-auth key before posting
01:17 <@vpnHelper> Joo got it.
01:17 <@krzee> !configs
01:17 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remember to remove any inline private key or tls-auth
01:17 <@vpnHelper> key before posting
01:17 <@krzee> damn
01:17 <@krzee> !forget configs 4
01:17 <@vpnHelper> Joo got it.
01:18 <@krzee> !learn configs as remove inline private keys or tls-auth key before posting
01:18 <@vpnHelper> Joo got it.
01:18 < Nothing_Much> maybe i'll just re-download the thing..
01:18 <@krzee> yes, you need to.
01:18 <@krzee> and make sure its different
01:18 <@krzee> might need a new account or whatever their system uses
01:19 < Nothing_Much> uh.. dude those keys are publically available to download
01:19 < Nothing_Much> on vpnbook.com
01:19 <@krzee> yes, but you dont want YOUR keys public
01:19 <@krzee> if i get my own it doesnt effect you
01:19 < Nothing_Much> none of those are my keys
01:20 < Nothing_Much> it's vpnbook's
01:20 <@krzee> they dont assign one for you?
01:20 < Nothing_Much> it's a free vpn
01:20 <@krzee> its the same exact file for every single person?
01:20 < Nothing_Much> am i supposed to get one?
01:20 < Nothing_Much> i think so
01:20 <@krzee> then whats the point?
01:20 <@krzee> your traffic is not secured even on the vpn if that is the case
01:21 < Nothing_Much> oh
01:23 -!- scyld [~scyld@unaffiliated/wasyl] has joined #openvpn
01:28 <@krzee> !certinfo
01:28 <@vpnHelper> "certinfo" is run `openssl x509 -in <file> -noout -text` for info from your cert file
01:29 <@krzee>         Issuer: C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com/name=vpnbook.com/emailAddress=admin@vpnbook.com
01:30 <@krzee> the cert is weak, 1024. there is no mitm protection, and it is a publicly avail key
01:31 <@krzee> you should consider that no protection at all.
01:33 <@krzee> but if you're simply using it as an open proxy and you want your traffic to go through them regardless of encryption, then its fine
01:40 < car> krzee, but the encyryption is done by the key which is generated through DH. That key is used by AES-128. So the only thing what i would worry about is authentication. but that should be fine as well, cause its not a server that Nothing_Much owns.
01:41 < car> so the traffic is encrypted
01:41 <@krzee> until there is a mitm
01:41 < car> or i am wrong?!
01:41 < Nothing_Much> yeah, I'm still trying to figure out why it's not letting me use it
01:41 < Nothing_Much> but apparently openvpn isn't running
01:41 < Nothing_Much> am I missing a package?
01:41 <@krzee> you removed ip-win32, start openvpn again
01:41 < Nothing_Much> openvpn is installed here
01:42 <@krzee> post new log
01:42 < car> krzee, mitm - thats true ;)
01:42 <@krzee> !mitm
01:42 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
01:42 < Nothing_Much> it's not in the config..
01:43 <@krzee> correct, and you dont have control to do it
01:43 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 244 seconds]
01:43 <@krzee> Nothing_Much, shouldnt you be busy getting a new log?
01:43 < car> i meant your right. i forgot mitm...
01:43 <+hyper_ch> Nothing_Much: sudo service openvpn restart
01:43 <@krzee> car, but openvpn didn't,   Thu Jan 15 02:06:15 2015 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
01:44 <@krzee> =]
01:44 < car> :)
01:45 < Nothing_Much> Thu Jan 15 02:44:51 2015 ERROR: Cannot ioctl TUNSETIFF tun1: Operation not permitted (errno=1)
01:45 < Nothing_Much> the config is the same exact one o.o
01:45 <@krzee> are you root?
01:46 < Nothing_Much> nope...
01:46 < Nothing_Much> hmm..
01:46 <@krzee> lol
01:46 <@krzee> well you'll need to be
01:50 < Nothing_Much> uh oh
01:50 <@krzee> you thought a non root user could modify the routing table?
01:53 < Nothing_Much> krzee: how long does it take before the vpn works?
01:56 <@krzee> it wont, you are not root
01:58 < Nothing_Much> krzee: I did it with root
01:58 < Nothing_Much> now it's stuck...
01:58 -!- no_mu [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
01:58 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Remote host closed the connection]
01:59 < no_mu> krzee: I did it with root
01:59 < no_mu> now it's stuck...
01:59 -!- no_mu is now known as Nothing_Much
01:59 < Nothing_Much> well it was, but it was taking over 3 minutes to connect
01:59 < Nothing_Much> is that normal?
02:08 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
02:17 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Read error: Connection reset by peer]
02:24 -!- ampsix [uid26275@gateway/web/irccloud.com/x-kjteoloyvxcjmfup] has joined #openvpn
02:33 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
02:33 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Remote host closed the connection]
02:46 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
02:57 -!- lachesis [~lachesis@unaffiliated/lachesis] has quit [Ping timeout: 244 seconds]
03:00 -!- lachesis [~lachesis@unaffiliated/lachesis] has joined #openvpn
03:02 -!- Denial [~Denial@81.141.16.42] has quit [Ping timeout: 256 seconds]
03:11 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:13 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 245 seconds]
03:16 -!- ArtVandalae [~SuperUnkn@CPE-110-148-145-150.vxl8.lon.bigpond.net.au] has left #openvpn ["Leaving"]
03:22 -!- lachesis [~lachesis@unaffiliated/lachesis] has quit [Ping timeout: 245 seconds]
03:30 -!- lachesis [~lachesis@unaffiliated/lachesis] has joined #openvpn
03:49 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:10 -!- car [~car@101.98.155.139] has quit [Quit: Leaving]
04:21 -!- _bt [~bt@mongs.yotm.com] has quit [Changing host]
04:21 -!- _bt [~bt@unaffiliated/bt/x-192343] has joined #openvpn
04:23 -!- rbjorklin [~rbjorklin@128.199.34.53] has joined #openvpn
04:28 -!- defswork [~andy@mailhost.mirrormail.co.uk] has quit [Remote host closed the connection]
04:52 -!- zerenden [~zerenden@46.7.69.83] has joined #openvpn
05:03 < zerenden> Hi guys
05:10 < zerenden> I wan to create a virtual network with some fiends. We will use three tomato routers, connected via OpenVPN. Every router will host an ESXI server. The idea is to be able to connect (multiple protocols) , from a computer in router A, to a computer in router B, or C... using hostname and not just IP. What kind of interface do you recomend? Tun or tap?
05:19 -!- masterkorp [~masterkor@static.85-10-196-211.clients.your-server.de] has quit [Ping timeout: 240 seconds]
05:19 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 264 seconds]
05:21 -!- ampsix is now known as `^-_-^`
05:30 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Quit: Leaving]
05:32 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
05:32 -!- singcat [~singcat@gateway/tor-sasl/singcat] has joined #openvpn
05:36 < singcat> When I connect with lubuntu x64 14.10 running openvpn client to an openvpn server, I get access to the server's LAN and can access the internet with the server's IP.
05:36 < singcat> When I connect with Windows 7 x64 running openvpn client openvpn-install-2.3.6-I601-x86_64.exe I cannot access the server's LAN nor can I connect to the internet with the servers IP (I still connect with my client IP).
05:36 < singcat> I suspect there is a problem on windows that the routes are not added automatically.
05:36 < singcat> I run the openvpn client gui as an administrator.
05:37 < singcat> How can I make it work on windows?
05:37 < singcat> I tried route-delay 30 and route-method exe but it did not work
05:37 < singcat> I tried redirect-gateway def1 but it did not work
05:37 < singcat> both linux and windows are using the same openvpn client config
05:38 < singcat> !paste
05:38 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
05:38 < singcat> !configs
05:38 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private keys or tls-auth key before
05:38 < singcat> !logs
05:38 <@vpnHelper> posting
05:38 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
05:38 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
05:39 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
05:39 -!- mode/#openvpn [+v s7r] by ChanServ
05:42 < singcat> this is my client config: http://fpaste.org/169967/13220671/
05:46 < singcat> last message in log is Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
05:46 < singcat> MANAGEMENT: >STATE:1421322218,CONNECTED,ERROR,172.17.0.2,1.2.3.4
05:46 <@vpnHelper> Title: FAQ – OpenVPN Community (at openvpn.net)
05:50 -!- AL13N_work [~alien@91.183.52.232] has quit [Ping timeout: 245 seconds]
05:55 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 250 seconds]
06:00 -!- mcp [~mcp@wolk-project.de] has quit [Remote host closed the connection]
06:01 -!- zerenden [~zerenden@46.7.69.83] has quit [Ping timeout: 245 seconds]
06:01 -!- singcat [~singcat@gateway/tor-sasl/singcat] has quit [Remote host closed the connection]
06:06 -!- barbariandude [~james@unaffiliated/barbariandude] has joined #openvpn
06:08 < barbariandude> Hi, I'm trying to deploy the Windows OpenVPN client to our network via group policy, and for that I need an MSI file. Unfortunately, we can only find an MSI for 1.5.6, which seems to be incompatible with the other end (which is 2.3.1). Would anyone be able to tell me where I can find the MSI file for this version of the OpenVPN client?
06:10 < pekster> The GPL program is an NSIS installer, which does support silent installation (although it also requires the TAP-WIN32 driver, so you may need to tweak your driver signing policy for automated deployments there.)
06:10 < pekster> 1.5.6 isn't the community-maintained openvpn version, see this for more info:
06:10 < pekster> !connect
06:10 <@vpnHelper> "connect" is (#1) OpenVPN Connect is part of the commercial, non-free (non-GPL) corporate offering; see #openvpn-as for help with these. For the community-maintained GPL OpenVPN, see !download for download links, !android for GPL-openvpn on Android, or !howto for the beginner how-to guide or (#2) https://forums.openvpn.net/post34969.html#p34969 or (#3) the source is here:
06:10 <@vpnHelper> http://staging.openvpn.net/openvpn3/ except for the portion that may not be released because of NDA with apple (for its vpn API)
06:10 < rbjorklin> !welcome
06:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
06:10 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:11 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
06:11 < rbjorklin> !goal
06:11 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
06:11 < pekster> barbariandude: Check out the /S flag for NSIS installers (the NSIS docs should help here) as that causes installation to be silent. I've done AD deployments of NSIS-installers before using login scripts; maybe that's an option here?
06:11 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
06:13 < barbariandude> Thanks for the help! Will start reading about the NSIS installer. I had no idea OpenVPN Connect was nothing to do with the community
06:13 < barbariandude> !download
06:13 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
06:14 -!- singcat [~singcat@gateway/tor-sasl/singcat] has joined #openvpn
06:14 < singcat> I am back
06:19 < rbjorklin> Hi, I'm trying to connect to the company VPN from Linux with openvpn. I can successfully auth however we use OTP (one time password) which are sent out via SMS after successful auth. This is where openvpn fails
06:21 < rbjorklin> Does openvpn support OTP or do I have to find some 3rd party module for that? If it's the latter, any recommendations?
06:22 < singcat> ignore previous log snippet, here is the full one http://fpaste.org/169971/24466142/
06:29 < singcat> additionally, same symptoms on the android client
06:29 < singcat> everything only works in linux client, not in win, not in android
06:38 -!- moparsthbest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 245 seconds]
06:45 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
07:03 < singcat> can anyone give me some more pointers what to try or investigate?
07:10 -!- singcat [~singcat@gateway/tor-sasl/singcat] has quit [Ping timeout: 250 seconds]
07:10 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
07:10 -!- singcat [~singcat@gateway/tor-sasl/singcat] has joined #openvpn
07:15 <@Dougy> rbjorklin: support it?
07:16 <@Dougy> rbjorklin: what do you mean? is there a SMS module for openvpn?
07:16 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has joined #openvpn
07:22 <+hyper_ch> people still think sms is save for authentication?
07:24 <@Dougy> as a 2nd factor, it's not a "bad" method
07:26 <+hyper_ch> if you don't trust the generated certificates but trust the sms... then there's something wrong IMHO
07:27 <@Dougy> hyper_ch: i think this user is looking to use it in addition to certificates
07:28 <+hyper_ch> I fail to see what security besides make-believe security is provided by that
07:34 <@Dougy> how do you figure?
07:37 <@Dougy> theoretically, if i had my computer compromised and someone got my certs, they still wouldn't have a token sent to my phone
07:37 <@Dougy> unless i'm missing something
07:50 < singcat> anyone who could help me with the issue?
07:58 <@plaisthos> whois Dougy
07:58 <@plaisthos> !whois Dougy
07:58 <@plaisthos> :p
08:03 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-kjteoloyvxcjmfup] has quit [Quit: Connection closed for inactivity]
08:04 <@Dougy> hrmm
08:04 <@Dougy> wat
08:08 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:12 -!- You're now known as ecrist
08:16 -!- aoseki [~akaseki@unaffiliated/akaseki] has joined #openvpn
08:24 -!- aep [~aep@libqxt/developer/aep] has quit [Ping timeout: 244 seconds]
08:24 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:24 -!- mdorenka [~marcel3@unaffiliated/mdorenka] has joined #openvpn
08:24 < mdorenka> hey guys i got a question regarding routing between VPNs
08:25 < mdorenka> i have a vpn server tun0 for incomming connections - i can ping my local network 10.0.0.0
08:25 < mdorenka> now i have another tunnel,this time a client - tun0
08:25 < mdorenka> from 10.0.0.0 i can reach clients in 192.168.113.0 (the network behind tun0)
08:26 < mdorenka> sorry tun1 i mean
08:26 -!- seba [~seba@kratzbaum.someserver.de] has quit [Ping timeout: 244 seconds]
08:26 < mdorenka> how can i allow clients from tun0 to connect to tun1?
08:27 -!- aep [~aep@libqxt/developer/aep] has joined #openvpn
08:38 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:41 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:44 <@Dougy> ha
08:44 <@Dougy> hahaahahaha
08:44  * Dougy cries
08:44 <@Dougy> pfsense y u give me headaches
08:45 <@Dougy> mdorenka: so you want the 2 sets of clients to talk to one another?
08:45 < mdorenka> yep
08:45 < mdorenka> i got them talking but i needed push "route 0.0.0.0 0.0.0.0" in config
08:45 < mdorenka> not that nice :|
08:46 <@Dougy> that isn't right
08:46 <@Dougy> pushing routes is correct, but not that route
08:46 < mdorenka> sorry - didnt push it
08:46 < mdorenka> push "redirect-gateway def1 bypass-dhcp"
08:47 <@Dougy> did you try pushing the proper routes to each set of clients?
08:47 <@Dougy> rather than that
08:47 <@Dougy> if forcing 0/0 through it worked, then if you just set it to push the "right" route yu should be good
08:47 < mdorenka> so a correct route would be push "route 192.168.113.0 255.255.255.0", correct?
08:48 <@Dougy> if you push that to the other set of clients
08:48 <@Dougy> !iroute
08:48 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
08:48 <@Dougy> !route
08:48 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
08:49 <@Dougy> that guide may be of good use to you
08:50 < mdorenka> huh ... i just restarted everything (firewall + openvpn) and now it seems to work?!
08:50 <@Dougy> couldn't tell you, you'd need to tell me
08:50 <@Dougy> ;]
08:57 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
08:57 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:00 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Client Quit]
09:08 -!- barbariandude [~james@unaffiliated/barbariandude] has quit [Remote host closed the connection]
09:11 -!- singcat [~singcat@gateway/tor-sasl/singcat] has quit [Ping timeout: 250 seconds]
09:13 < jeev> doug
09:13 < jeev> i lost another supermicro
09:16 < dvl> jeev: Lost as in dead, or as in gone walkabouts?
09:22 < jeev> dead
09:22 < jeev> put a second cpu in it and boom, stopped working again
09:22 < jeev> now second cpu socket wont work
09:25 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
09:26 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:30 -!- mdorenka [~marcel3@unaffiliated/mdorenka] has quit [Ping timeout: 246 seconds]
09:38 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 276 seconds]
09:45 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
10:09 -!- liriel [~liriel@asia.feralhosting.com] has quit [Quit: bye]
10:09 -!- liriel [~liriel@asia.feralhosting.com] has joined #openvpn
10:15 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]
10:16 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
10:17 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:26 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:45 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
10:47 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:52 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
11:05 <+hyper_ch> all my € are now worthless :( maybe I should throw them out of the window...
11:05 <+esde> send to me
11:05 <@krzee> ya ill take them
11:05 <+hyper_ch> ;)
11:05 <+esde> address is as follows
11:05 <+esde> P. Sherman
11:05 <+esde> 42, Wallaby Way,
11:05 <+esde> Sydney, Australlia
11:05 <+hyper_ch> doesn't sound fair when I send you worthless stuff ;)
11:06 <@krzee> you can get them to me at:
11:06 <@krzee> !donate
11:06 <@vpnHelper> "donate" is (#1) send monetary donations to openvpn@secure-computing.net via paypal. All money donated goes to staff toward development of the community wiki, forum, and this IRC channel. or (#2) Contributions to this address do *NOT* directly benefit OpenVPN Technologies, Inc. or (#3) http://www.secure-computing.net/wiki/index.php/OpenVPN/Donations for Contribution totals and benefactors
11:06 <+hyper_ch> esde: How are the Adelaide Crows doing?
11:06 <+hyper_ch> krzee: esde:  https://www.ecb.europa.eu/stats/exchange/eurofxref/html/eurofxref-graph-chf.en.html
11:06 <@vpnHelper> Title: ECB: Euro exchange rates CHF (at www.ecb.europa.eu)
11:06 <+esde> krzee, mind a pm?
11:07 <@krzee> esde, all good
11:07 <@krzee> hyper_ch, omg what happened
11:08 <@krzee> hyper_ch, and ill still take them :D
11:09 <+hyper_ch> krzee: well, with the subprime crisis followed by a euro crisis, the swiss national bank announced in 2011 that it will keep a min. exchange rate of  1.20  : 1  so the € won't fall further (from swiss point of view)... that has worked
11:10 <+hyper_ch> but at around 11:30 this morning, the SNB announced, that it will not fix the exchange rate anymore by buying € if needed... and then the course plummeted
11:11 <+hyper_ch> also the swiss market index lost 10% by the end of the business day
11:11 <+hyper_ch> however, EU zone has become cheaper for me to buy stuff :)
11:11 <+hyper_ch> I think I have like 50-60 € here :)
11:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:15 <@krzee> i thought you were .ch
11:15 <@krzee> they use swiss franc there?
11:16 <+esde> ch = country code for switzerland, right?
11:16 <@krzee> oh i just looked up the TLD
11:16 <@krzee> lol
11:16 <@krzee> i was thinking .cz
11:16 <+esde> croatia?
11:16 <@krzee> my americanism is showing
11:17 <+esde> ah czech republic
11:17 <+esde> HAHAHAHAHA
11:17 <@krzee> cz = Czech
11:17 <+esde> dialing code = 420
11:17 <@krzee> no wayyyyy
11:17 <@krzee> cz is 420?
11:17 <+esde> look it up
11:17 <+esde> https://encrypted.google.com/search?hl=en&q=cz%20country%20code
11:17 <@vpnHelper> Title: cz country code - Google Search (at encrypted.google.com)
11:17 <@krzee> dazo_afk, im moving to cz bro
11:17 <@krzee> only because of your phone prefix
11:18 <+esde> can we emigrate together?
11:18 <+esde> i dont take up much room
11:21 <+hyper_ch> krzee: most people think china
11:21 <+hyper_ch> (most people --> most USians)
11:21 <+hyper_ch> well, switzerland is +41
11:24 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:25 -!- scyld [~scyld@unaffiliated/wasyl] has quit [Ping timeout: 245 seconds]
11:27 -!- scyld [~scyld@unaffiliated/wasyl] has joined #openvpn
11:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
11:31 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
11:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
11:36 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:52 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has joined #openvpn
12:01 -!- You're now known as f^cking-moron
12:01 -!- You're now known as ecrist
12:06 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
12:07 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:13 <@krzee> esde, was that a failed attempt to search for "cz tld" ?
12:14 < Marc128000> !welcome
12:14 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:14 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:15 <+esde> no
12:15 < Marc128000> Simple question, and most likely my error, but when building 2.3.6 from source on debian 7, init scripts are not built. Is there a place to find the init scripts?
12:15 <+esde> i wanted the country code
12:15 <@krzee> gotchya
12:16 <+esde> *to know what the country code stood for
12:17 <@krzee> Marc128000, that is not part of openvpn, it is part of your OS
12:17 <@krzee> Marc128000, you can install openvpn from your package manager and will probably get the init scripts
12:17 <+esde> Marc128000, do you have opencpn installed anywhere?
12:17 <+esde> *vpn
12:17 <+esde> *server *else
12:18 < Marc128000> Okay, thats what I was trying to avoid. But probably easiest option
12:18 <@krzee> well at least to pull out the init scripts
12:18 <+esde> actually i'll pastebin one for you now if you'd like
12:18 <@krzee> ya or esde can give you his ^
12:18 < Marc128000> that'd be great
12:18 < Eagleman> How do i allow a client with the same username but a different certificate to connect twice or more to the VPN?
12:20 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
12:20 <+esde> cd /tmp; wget http://pastebin.com/raw.php?i=h9NG1kGQ -O openvpn; sudo mv openvpn /etc/init.d; sudo chown 755 /etc/init.d/openvpn; sudo update-rc.d openvpn defaults
12:20 <+esde> iirc
12:20 <+esde> YMMV
12:21 < Marc128000> thank you sir, I'll give it a shot. Worst case I'm back to having to steal the init section from the deb package
12:21 < Marc128000> or ma'am
12:21 < Marc128000> lol
12:21 <+esde> well the pastebin is the init script you need
12:21 <+esde> i just tried to give you the "recipe" you needed by including the commands
12:22 < Marc128000> I appreciate the extra effort
12:22 <+esde> np
12:24 <+esde> those commands get you into the tmp dir first, grab the script and save it as openvpn. then it moves the file to your init.d directory and makes the script executable with appropriate permissions, and the finally command would enable the script if i'd added enable to the end. having said that
12:24 <+esde> cd /tmp; wget http://pastebin.com/raw.php?i=h9NG1kGQ -O openvpn; sudo mv openvpn /etc/init.d; sudo chown 755 /etc/init.d/openvpn; sudo update-rc.d openvpn defaults enable
12:24 <+esde> is the correct set of commands
12:24 <+esde> s/finally/update-rc.d
12:25 -!- aoseki [~akaseki@unaffiliated/akaseki] has left #openvpn ["Leaving"]
12:27 < Marc128000> Dang, as I expected, the init scripts are spread through file system
12:27 <+esde> ?
12:27 < Marc128000> can't open /lib/lsb/init-functions
12:27 < Marc128000> the file is there
12:29 < Marc128000> Don't want to flood channel with my issue. Appreciate the help!
12:29 <+esde> can you pastebin the commands you ran and the errors?
12:29 < Marc128000> sure
12:30 < Marc128000> http://pastebin.com/iNBTRaJ6
12:32 < Marc128000> I'm thinking about using apt-get to install package, then using make install to overwrite with my build
12:32 <@krzee> is it the right file permissions?
12:33 <@krzee> oh ya it is, esde gave the command for i
12:33 <@krzee> it*
12:33 < Marc128000> Should be, I haven't changed the permissions on anything but openvpn script
12:33 <@krzee> sry i didnt read all scroll before talking
12:33 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has quit [Quit: ZNC - http://znc.in]
12:33 <@krzee> :x
12:33 < Marc128000> No problem! I'll never hate on folks trying to help
12:33 <+esde> i found something when searching for your error, but it's in cryllic :/
12:34 <+esde> http://slitaz30.rssing.com/chan-15642138/all_p104.html
12:34 <@vpnHelper> Title: SliTaz Forum » Recent Posts (at slitaz30.rssing.com)
12:34 <+esde> at least the bits that might be helpful
12:34 < Marc128000> haha
12:34 < Marc128000> I'll take a look
12:34 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has joined #openvpn
12:34 <@krzee> any special reason you prefer installing from source?  (not that im against that at all)
12:34 <@krzee> you loading patches or something?
12:35 < Marc128000> Trying a patch out
12:35 < Marc128000> https://forums.openvpn.net/topic12605.html
12:35 <@vpnHelper> Title: OpenVPN Support Forum Patch: Fix for Iran and China users : Scripting and Customizations (at forums.openvpn.net)
12:35 < Marc128000> Thx bot!
12:35 <@krzee> why not use:
12:35 <@krzee> !obfs
12:35 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
12:35 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
12:35 < Marc128000> Two main reasons
12:35 <@krzee> (thats the reason that patch wont be accepted into openvpn)
12:36 <+esde> i like running from source because I know where it came from and since openvpn is something i love, i figure it's a good way to learn about manually installing packages :)
12:36 < Marc128000> Client connections are about .5/.12 mbs
12:36  * esde shudders
12:36 < Marc128000> Also clients aren't tech savy so I'm attempting to minimize their setup and possible error
12:37 <+esde> is this a widespread issue?
12:37 < Marc128000> proxy/wrappers are an excellent solution iff the user understands how to setup
12:37 < Marc128000> I would think so
12:37 < Marc128000> Folks behind gov't firewalls that aren't techies
12:37 <+esde> that's fucked up
12:38 <@krzee> esde, yes, in certain locations
12:38 <+esde> the gov't need to keep their nose out and let you do your thang.
12:38 < Marc128000> Lol, trying to assist that
12:38 <+esde> that said, let's get you going!!
12:38 -!- mode/#openvpn [+v Marc128000] by krzee
12:38 <@krzee> Marc128000, you plan on helping others do the same?
12:38  * esde goes to the bathroom and grabs a juicebox
12:38 <+Marc128000> This idea may not work anyhow, as it'll mean I need to custom build and distribute clients as well
12:39 <+Marc128000> I'd like to
12:39 <@krzee> Marc128000, good man.
12:39 <@krzee> in the long run you may find obfsproxy easier
12:39 <+Marc128000> Usually I've only set up vanilla setups
12:39 <+Marc128000> There is an element of byod (bring your own device) that also adds complexity to obfsproxy
12:39 <@krzee> ehh?
12:39 <+Marc128000> The XOR traffic option seemed quite elegant
12:39 <@krzee> how so?
12:40 <+Marc128000> Installing obfsproxy for android, IOS, win, linux and MacOS
12:40 <@krzee> sure, unless it becomes popular then it'll get blocked and you're back to square 1
12:40 <@krzee> obfsproxy is made for just that!
12:40 <+Marc128000> Hrm, thats a good point
12:40 <+Marc128000> How much of an overhead hit is obfsproxy?
12:40 <@krzee> just use a diff plugin and it obfuscates to another proto
12:41 <@krzee> i dunno, never had an excuse to play with it
12:41  * Marc128000 gets to reading
12:41 <@krzee> .o
12:41 <+Marc128000> lol
12:41 <@krzee> oops
12:41 <@krzee> http://community.openvpn.net/openvpn/wiki/TrafficObfuscation
12:41 <@vpnHelper> Title: TrafficObfuscation – OpenVPN Community (at community.openvpn.net)
12:42 <+Marc128000> Read that, its a good primer
12:42 -!- rbxs [~rbxs@cable-213-34-250-223.zeelandnet.nl] has joined #openvpn
12:43 <@krzee> when those firewalls last changed they effectively blocked all openvpn users again, thats when the xor patch came out, and we decided that it would be useless to include it
12:43 <@krzee> because the game of cat + mouse with DPI firewalls belongs to obfsproxy not to openvpn
12:43 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-ilapitckhanvcdbw] has joined #openvpn
12:43 <@krzee> its already a nice project dedicated to just that goal
12:44 <+Marc128000> "but it does have a much lower bandwidth overhead since it is not carrying an additional layer of encryption. This can be a particularly relevant for users in places such as Syria or Ethiopia, where bandwidth is often a critical resource. Obfsproxy is also somewhat easier to set up and configure."
12:44 <+Marc128000> Maybe the overhead is not as bad as I thought
12:44 <+Marc128000> I'll be doing some testing. Maybe I'll do a writeup and compare
12:45 <@krzee> feel free to use one of our wikis for the writeup if you like
12:45 <@krzee> !wiki
12:45 <@vpnHelper> "wiki" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN for the Unofficial wiki or (#2) https://community.openvpn.net/openvpn/wiki for the Official wiki
12:45 <+Marc128000> I wonder if you used the scramble patch, and had a rolling password if that would work
12:45 <+Marc128000> I can't imagine a polymorphic XOR getting caught by automated pattern recognition
12:46 <@krzee> the other side would have to roll equally
12:46 <@krzee> which means it would be staticly rolling
12:46 <@krzee> which means they could include it to the DPI code
12:46 <@krzee> because remember, its the initiation of the session they block
12:47 <@krzee> so you dont get to hand the xor keys over the secure channel, which wont exist
12:47 <+Marc128000> What about copying something like the RSA Key idea, where it rolls based of a seed?
12:47 <+Marc128000> Hrm thats a good point
12:47 <@krzee> the best solution is obfsproxy ;]
12:47 <@krzee> we've gone over this in dev meetings
12:48 <+Marc128000> I appreciate the explination! Always nice to understand the choices
12:48 <+Marc128000> I have no dog in the fight, I'm just hashing out options at this point
12:48 <+Marc128000> I think obfsproxy is the better choice though
12:48 <@krzee> but if you just need something quick, i expect statickey would be fine too
12:48 <@krzee> since there is no handshake
12:48 <@krzee> its just an encrypted stream, no way to distinguish it
12:49 <+Marc128000> For the simple fact that if I custom build OVPN, I'll have to do it for all possible client devices AND somehow securely deliver it
12:49 <+Marc128000> Which is exactly what I was trying to avoid by using obfsproxy. In other words its the same either way
12:49 <@krzee> ya client device*S* means no statickey ;]
12:49 <@krzee> ^ yep
12:50 <@krzee> the big difference is that your obfsproxy will work still after they catch on to whatever comes next
12:50 <+Marc128000> Also yes, plural. Said no to statickey due to threat of data aggregation attack due to number of clients
12:50 <@krzee> in the game of cat + mouse, obfsproxy will never have to work as hard as the governments
12:50 <@krzee> thats the point of obfsproxy, with that we're always winning the game
12:50 <+Marc128000> Imagine that, the experts already thought it out ;-)
12:51 <@krzee> oh you blocked my obfsproxy transport? ok i'll just change that real quick, done!
12:51 <@Dougy> hello krzee
12:51 <@krzee> helo Dougy
12:51 <@krzee> ;]
12:51  * Marc128000 sets to undoing all the hackish fixes on server
12:51 <+esde> i need to look into opfsproxy more... it'd be nice to know my traffic is cloaked. because we know comcast is watching
12:51 <@Dougy> krzee: REJECTED
12:52 <+esde> *b
12:52 <@krzee> esde, all comcast sees is the encrypted connection
12:52 <+Marc128000> In US, I'm not concerned. The encryption is enough
12:52 <+esde> correct
12:52 <+Marc128000> They are welcome to see my VPN connection. Not yet a jailable offense to simply be using one
12:52 <+Marc128000> yet...
12:52 <@krzee> im also not concerned about obfs my vpns ^
12:53 <+esde> but it would just be nice to know they see a bunch of non-sense that couldnt even be profiled as vpn traffic
12:53 <+esde> if that makes sense
12:53 <@krzee> i consider it a tool for bypassing censorship firewalls
12:53 <+Marc128000> Would be a good theory if they start to throttle it
12:53 <@krzee> although really, its a good tool to play with and learn
12:53 <@krzee> if for no other reason than to help those being censored
12:53 <+Marc128000> however, VPN are standard tools for all kinds of uses in US. So I doubt that'll become an issue
12:53 <+esde> that's really why i want to use it, just for the experience to help someone whose life might depend on it
12:53 <+Marc128000> krzee: thats my goal
12:53 <+esde> as dramatic as that may sound
12:53 <+Marc128000> Not dramatic at all
12:54 <@krzee> totally not dramatic
12:54 <@krzee> thats real life some places bro
12:54 <+Marc128000> Knowing the threats and mitigating technologies back and forth is vital when a user trusting your advice can have serious physical consequences
12:54 <+Marc128000> Hence all my reading and testing
12:55 <+esde> obfsproxy will work clientside with no extra finagling? just configure obfsproxy on the serverside and configure some directives in the server/client confs?
12:56 <+Marc128000> Throw in some other hinderences like, no ability to test [not in client country], low bandwidth, poor connection, registered IPs, data aggregation ...
12:56 <+Marc128000> and its a real challenge
12:56 <@krzee> ^^
12:56 <@krzee> esde, i havnt played with it, feel free to answer that to me when you find it ;]
12:56 <+Marc128000> Haha, over the next few hours I should become pretty familiar with it
12:56 <+esde> i'll go do some r&d in the sandbox is openvpn is fronting cash for the trip :)
12:57 <+esde> *if
12:57 <+Marc128000> lol, my adventure days are over. Now doing my part with the brain ;-)
12:58 <+Marc128000> some vps are avaiable from within some of the countries in question
12:58 <+Marc128000> However, I'm trying to minimize connections to server, as too much traffic can raise a flag
12:58 <+esde> but if they dont accept buttcoin, a user might be putting themselves on some lists lol
12:59 <+Marc128000> That is definitely true
12:59 <+esde> and accepting buttcoin defeats the purpose of all the censorship :/
12:59 <@krzee> bbl
13:15 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:17 -!- int32 [~int32@unaffiliated/xero-] has joined #openvpn
13:17 -!- int32 [~int32@unaffiliated/xero-] has left #openvpn []
13:19 -!- EnRage [~EnRage@quadrifun.com] has joined #openvpn
13:20 < EnRage> hey guys, i've ran into problems with an openvpn client on debian 7.7 wheezy as i wanted it to route all traffic over the vpn, but after i've started the vpn i couldn't connect via public ip anymore
13:21 < EnRage> anything i need to do in order to be able to connect to the public ip of the server and get a response from it?
13:21 <+hyper_ch> I doubt there's a Debian 7.7 Wheezy
13:21 <+esde> there is.
13:22 <+esde> EnRage, can you use different words to describe your goal and problem? it's a bit confusing to me how you've explained it
13:22 < EnRage> Linux x  3.2.0-4-amd64 #1 SMP Debian 3.2.63-2+deb7u2 x86_64 GNU/Linux
13:22 <+esde> hell 7.8 is out even
13:22 <+hyper_ch> that was faster then I though :)
13:22 <+hyper_ch> I guess I was wrong :)
13:22 < EnRage> umm i just want to use both networks
13:22 <+hyper_ch> even the most brilliant minds err sometimes..... so I can do that too :)
13:23 < EnRage> i want to route everything the server requests from the internet over the vpn
13:23 <+esde> !goal
13:23 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:23 <+esde> sounds like you want to connect to the server and forward all traffic through it
13:23 <+hyper_ch> you contradict yourself
13:23 <+hyper_ch> you say you want to route all over the vpn
13:23 <+hyper_ch> but then you say you want to use both netwroks
13:23 < EnRage> all traffic the server is requesting
13:24 <+esde> language barrier, probably
13:24 < EnRage> but if someone from the internet is requesting the public ip of the server, i want that it is able answer
13:25 <+esde> That's still confusing
13:25 < EnRage> i have a server in a datacenter and want to be able to connect to it using its public ip, but also everything the server does should be routed over the vpn
13:25 < EnRage> so my public ip of the server is not visible when the server is acting on its own
13:25 <+esde> "the server" is the machine in the data center?
13:26 < EnRage> right
13:26 < KavanS> would this be a good scenario for redirect-gateway?
13:26 <+esde> and you want to hide it's traffic?
13:26 < EnRage> yup
13:27 <+esde> You would need to create a connection to another machine (openvpn server) as an openvpn client
13:27 < EnRage> sorry if i cant tell you clearly what i want, its just that i can route everything through that openvpn server without a problem
13:28 < EnRage> but i use the servers public ip to connect to it
13:28 < EnRage> but i cant use*
13:29 < EnRage> from my computer at home i cant get a connection to the server with its public ip anymore
13:29 < EnRage> thats the problem i want to fix
13:29 < EnRage> so it should be reachable over the vpn network and its public ip
13:29 <+esde> you want the computer at home to connect to the server in the data center and forward all traffic through the server? so the client appears to others online as the $SERVER_IP?
13:30 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
13:30 <+esde> s/online/internet
13:30 < EnRage> but as soon as the openvpn server is pushing the routes and is adding this one: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.14.13.1
13:30 < EnRage> i cant connect anymore
13:30 <+esde> stop
13:30 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Remote host closed the connection]
13:30 <+esde> you're getting way to far ahead of me
13:30 <+esde> im not even sure i understand your goal yet
13:31 < EnRage> i just want to get access to the ssh server from my local computer
13:31 <+Marc128000> It sounds like a redirect gateway
13:31 <+esde> it does
13:31 <+esde> but i don't want to lead him down the wrong path. i almost think he can't connect to the server at all currently, including via ssh
13:32 <+Marc128000> oh, yeah that'd be a problem. Could also be iptables incorrectly configured [assuming Linux]
13:32 < EnRage> right, as soon as the route is pushed from the server, all connections to the server i have open are closed
13:32 <+esde> !allinfo
13:32 <@vpnHelper> "allinfo" is Please type !configs !logs and !interface to see all the info we want to be able to help you
13:32 <+esde> gather and share all the things!!!
13:32 <+esde> :)
13:32 < EnRage> okay
13:32 < EnRage> !configs
13:32 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private keys or tls-auth key before
13:32 <@vpnHelper> posting
13:33 <+esde> also, to be clear. you can connect to the server and get a shell, it's just when using the openvpn connection, that connectivity is lost?
13:36 < EnRage> i can use the server completely without problems, but as soon as i start the openvpn client with that config, all connections are lost and i cant reach it anymore until i do a restart of the machine (via datacenter)
13:37 < EnRage> !logs
13:37 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
13:37 <+esde> no problem, get us those uncommented configs, logs, and routing info and we'll see what help we can offer
13:37 < EnRage> thank you
13:37 < EnRage> verb to 4?
13:38 < EnRage> kk is already ;)
13:38 <+esde> fine for right now, might ask for higher later
13:38 < EnRage> the only problem is, that i cant give you any server informations since the server is not in my hands
13:39 <+esde> :(
13:39 <+esde> !crystal
13:39 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
13:39 < EnRage> im using a commercial provider for that :\
13:39 <+esde> AH
13:40 <+esde> so it's not your own openvpn connection failing, it's someone else's
13:40 <+esde> well your connection, their server
13:40 < EnRage> its not failing
13:40 < EnRage> im using it on my local machine too
13:40 <+esde> then i'm still a little confused, but i have to run now
13:40 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
13:41 < EnRage> but its like the public ip of the server itself isnt reachable anymore
13:41 < EnRage> when the server connects itself to that openvpn provider
13:41 -!- Voyage [~Voyage@39.34.149.234] has joined #openvpn
13:41 < Voyage> HI
13:42 < Voyage> I am talking through an openVpn. Still my skype calls are blocked by my ISP . whhat can be the reason?
13:42 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
13:43 <+hyper_ch> crappy ISP
13:44 < Voyage> vpn should bypas
13:44 < Voyage> http://pastebin.com/TiX0TpZT
13:47 < EnRage> hope this helps: http://pastebin.com/8LQ2qHQV
13:48 < Voyage> guys, my ip is not changed. ip of client. so the traffic is not routing through the vpn.
13:51 < Voyage> rephrase. I got connected via openvpn but my ip is not changed. ie. client's trafic is not routing through the vpn server.  http://pastebin.com/TiX0TpZT    I did this on the server though.  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
13:52 -!- EnRage [~EnRage@quadrifun.com] has quit [Disconnected by services]
13:52 -!- EnRage [~EnRage@research.quadrifun.com] has joined #openvpn
13:52 < EnRage> sorry
13:57 < Voyage> helo
14:04 < DArqueBishop> Voyage: you need to be running OpenVPN with administrator privileges.
14:04 < Voyage> I am
14:04 < DArqueBishop> That log says otherwise.
14:04 < Voyage> DArqueBishop you mean on client side?
14:04 < DArqueBishop> Yes.
14:04 < Voyage> hm
14:05 < DArqueBishop> OpenVPN cannot set the tun adapter properties or change routes without admin privileges.
14:06 < Voyage> thanks
14:10 <+Marc128000> For anyone that was around earlier, using TCP/443 has fixed throttling issue
14:11 <+Marc128000> Phase 2 for my project will be using obfsproxy
14:11 < EnRage> anyone any idea for my problem?
14:11 -!- yeik [~jeff@2601:7:6881:4700:210a:45c3:6608:84dd] has joined #openvpn
14:12 <+Marc128000> EnRage: Reading over your conversation now
14:12 < EnRage> thank you
14:14 < DArqueBishop> EnRage...
14:14 < DArqueBishop> !both
14:14 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
14:14 <+Marc128000> Agree with DArqueBisho, if you can't adjust your iptables and server config then I'm not sure its something you can fix
14:15 < EnRage> couldnt i use nopull to prevent the route add stuff to be set?
14:15 < EnRage> and route the traffic port based?
14:15 < yeik> So, I could use some help. I have been testing an openvpn server and client, windows and linux clients connecting to it
14:15 <+Marc128000> On your local side, but it sounds like the server side iptables are triggred by openvpn connection
14:16 < EnRage> because i want all traffic routed through the vpn to hide my ip
14:16 < EnRage> but the services on the server should also be reachable
14:16 < EnRage> which they arent
14:16 < yeik> the windows side gets heavily bogged down and huge performance decrease to the server when openvpn is up. linux  I can do the same things and get the same throughput I was getting without openvpn
14:17 < yeik> i changed ciphers, did auth none, set mtu, mssfix, and nothing I have found seems to help.
14:17 <+Marc128000> Yeik: could be related to TAP interface if its in use
14:17 <+Marc128000> Yeik: are you using TAP or TUN?
14:17 < yeik> we are doing dev tun
14:17 <+Marc128000> okay
14:17 < yeik> i tried tap and it seemed to have the same throughput
14:17 <+Marc128000> Why not make linux the server ;-)
14:18 <+Marc128000> Ciphers would've been my next guess
14:18 < yeik> This is for a company product and will be used on linux and windows.
14:18 < yeik> I tried setting ciphers to none, but I have a version that has a bug so wasn't able to fully test that
14:18 < yeik> 10-20% cpu utilization on the windows side, with both blowfish and aes-256-cbc
14:18 <+Marc128000> With just one client?
14:18 <+Marc128000> That seems high
14:19 < yeik> 10% cpu utilization on the server side with one client
14:19 < yeik> aes-256-cbc (this is a guest in kvm with 1 cpu)
14:19 < yeik> no AES-NI gets passed to kvm
14:20 < yeik> I have read people say they see 10% slower speeds with the windows tap driver.
14:20 < yeik> but this is magnitudes slower.
14:20 <+Marc128000> TCP or UDP?
14:20 < yeik> udp
14:20 <+Marc128000> possible gateway/isp throttling? Have you tried port TCP/443?
14:20 < yeik> these machines are on the same network for testing.
14:21 <+Marc128000> ok, thats makes it more interesting
14:21 < yeik> and even on the same machine (both kvm guests, fyi, it ran a little slower when both server and client were on the same host, speeds were better but not great when they were on seperate hosts)
14:22 <+Marc128000> Something with the windows firewall perhaps? Which version of windows?
14:22 < yeik> differences I was seeing, locally 2.7 MiB/s file transfer speed max with openvpn, 30 MiB/s without openvpn
14:22 < yeik> server 2008r2
14:22 < yeik> firewall has been disabled
14:22 <+Marc128000> Have you tried disabling it for a test
14:22 <+Marc128000> beat me to it
14:23 <+Marc128000> Well I think you've done everything I would've thought to check
14:23 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]
14:23 < yeik> now, because these communicate over openvpn, we do some stuff with natting and blocking all traffic except the udp port. from the interface ip. But we have ruled that out because we have the same config working in linux.
14:24 <+Marc128000> Maybe a performance issue with windows in KVM?
14:24 < yeik> Interestingly though we did notice a bug probably inside the kernel or something with connection tracking ending too soon and so when a connection is closed the syn/ack isn't able to finish properly and keeps getting retransmitted.
14:24 < yeik> We were seeing the same kind of performance issues inside vmware
14:24 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 276 seconds]
14:24 < yeik> brought it to kvm to isoolate from other static noise
14:25 <+Marc128000> Good work on doing your homework :-). Sounds like the issue is out of my leauge
14:25 <+Marc128000> Perhaps someone else can step up!
14:25 < yeik> Who would be the best person to talk to about something like this, maybe profiling the tap driver, fixing bugs or making it perform better.
14:26 < yeik> FYI, i also tested the NDIS 6.0 and the older driver for windows.
14:27 <+Marc128000> Not sure, I'm just a user not a dev. Haha, I was just about to suggest a driver rollback or update
14:28 < yeik> I work in IT, it may only be my third month doing anything with openvpn.
14:28 < yeik> but I do my research
14:32 <+Marc128000> Similar background here
14:33 < hydrajump> the client.conf in /etc/openvpn should it be owned by `root:root` for openvpn to establish a connection on boot?
14:37 -!- EnRage [~EnRage@research.quadrifun.com] has quit [Ping timeout: 272 seconds]
14:37 -!- MrWhoo [c777e9df@gateway/web/freenode/ip.199.119.233.223] has joined #openvpn
14:37 < MrWhoo> Greetings
14:38 < MrWhoo> I finally was able to get tap1 and tun1 going on DD-Wrt at the same time :)!
14:38 -!- akamaru217 [~akamaru21@67.191.183.251] has quit [Read error: Connection reset by peer]
14:39 < MrWhoo> But I have problem with routing could please someone take a look at the table and give me some guidance, ... I'm very new to all this ...
14:39 -!- akkad [akkad@166.84.6.60] has joined #openvpn
14:40 < MrWhoo> http://pastebin.com/BJaBW79U
14:40 < akkad> I have an openvpn server that ran out of disk space, stopped routing packets for users. restarted openvpn, and am not seeing any logs, but no packets are routing when connected.
14:40 < MrWhoo> just on simple command to route stuff to tap1 or tun1 .. will do the trick I can take it from there :)
14:40 < MrWhoo> is this something that needs to be done with Iptables ?
14:44 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:c069:f6fb:4d2c:8e8c] has joined #openvpn
14:47 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 244 seconds]
14:48 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has quit [Ping timeout: 245 seconds]
14:49 < yeik> is tun1 a valid address space?
14:49 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
14:49 <+hyper_ch> tun1 is a network interface
14:50 < yeik> MrWhoo, 25.0.8.0 in your pastebin doesn't seem like a proper ip/route for a tunnel interface
14:56 < MrWhoo> yeik, yes it is
14:56 < MrWhoo> I know that its weird ip, but I verified with
14:57 < yeik> is it a public block that you own?
14:57 < MrWhoo> with provided
14:57 < MrWhoo> Nope, this actually belongs to MOD
14:57 < MrWhoo> in UK
14:57 < MrWhoo> its strange what they do internally there :D
14:58 < MrWhoo> but if I don't use --route-nopull
14:58 < yeik> usually the idea of vpn is to use a non public ip block to connect over the internet to another non public block..
14:58 < MrWhoo> everything is working
14:59 < MrWhoo> response from provider: We are using 25.0.X.X as private subnet for the point-to-point VPN connection (between client and VPN server) for technical reason. The server is also pushing a private DNS server (25.0.0.1) to your VPN client. The 25.0.0.1 DNS server is hosted on the VPN server.\
15:00 -!- Henryabcd [~Henryabcd@pD9E08888.dip0.t-ipconnect.de] has joined #openvpn
15:00 < yeik> MrWhoo, still doesn't seem right then, it would be a 25.0.0.0 that you would need to route through that interface
15:01 < yeik> 25.0.0.0/16 if they own 25.0.x.x
15:02 < MrWhoo> I'm not sure, This the route that shows up when I start OpenVpn, I don't really understand it
15:03 < MrWhoo> I did tons of google searches and its making sense but very slow progress.
15:03 < MrWhoo> how about the route to the other provider.
15:05 < yeik> tap1 looks fine.
15:05 < yeik> just tun1 is the one I saw...
15:06 < akkad> openvpn keeps pushing a secondary default route of  "default 10.1.0.5 UGScI 0 0 tun0"
15:06 < akkad>  
15:06 < MrWhoo> yeik, how can I send some traffic down tun1 ?
15:08 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:09 < MrWhoo> I tried to setup IP vpn_net and vpn_gateway
15:09 < MrWhoo> but no luck
15:17 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
15:20 -!- Voyage [~Voyage@39.34.149.234] has quit [Ping timeout: 252 seconds]
15:23 -!- MrWhoo [c777e9df@gateway/web/freenode/ip.199.119.233.223] has quit [Ping timeout: 246 seconds]
15:27 < yeik> you just need to ping something in 25.0.8.x
15:28 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has quit [Ping timeout: 255 seconds]
15:38 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has joined #openvpn
15:43 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has quit [Remote host closed the connection]
15:46 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has joined #openvpn
15:46 -!- rbxs [~rbxs@cable-213-34-250-223.zeelandnet.nl] has quit [Remote host closed the connection]
15:51 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has quit [Remote host closed the connection]
15:56 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has joined #openvpn
16:01 -!- yeik [~jeff@2601:7:6881:4700:210a:45c3:6608:84dd] has quit [Remote host closed the connection]
16:02 -!- Henryabcd [~Henryabcd@pD9E08888.dip0.t-ipconnect.de] has quit [Quit: Leaving]
16:08 < Eagleman> How do i allow a client with the same username but a different certificate to connect twice or more to the VPN?
16:13 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has quit [Ping timeout: 272 seconds]
16:24 -!- `^-_-^` is now known as ampsix
16:24 -!- ampsix [uid26275@gateway/web/irccloud.com/x-ilapitckhanvcdbw] has quit [Changing host]
16:24 -!- ampsix [uid26275@unaffiliated/ampsix] has joined #openvpn
16:24 -!- ampsix [uid26275@unaffiliated/ampsix] has quit [Changing host]
16:24 -!- ampsix [uid26275@gateway/web/irccloud.com/x-ilapitckhanvcdbw] has joined #openvpn
16:31 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
16:34 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
16:35 -!- debbie10t [~debbie10t@unaffiliated/m10t] has joined #openvpn
16:39 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has joined #openvpn
16:43 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
--- Log closed Thu Jan 15 16:46:44 2015
--- Log opened Thu Jan 15 16:46:58 2015
16:46 -!- ecrist_ [~ecrist@freebsd/contributor/openvpn.community.support.ecrist] has joined #openvpn
16:46 -!- Irssi: #openvpn: Total of 206 nicks [10 ops, 0 halfops, 4 voices, 192 normal]
16:46 -!- mode/#openvpn [+o ecrist_] by ChanServ
16:47 -!- CGML_ [~CGML@unaffiliated/cgml] has joined #openvpn
16:47 -!- rooth_ [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
16:47 -!- riddle [riddle@us.yunix.net] has quit [Disconnected by services]
16:47 -!- Irssi: Join to #openvpn was synced in 40 secs
16:47 -!- riddle [riddle@us.yunix.net] has joined #openvpn
16:49 -!- julie_harshaw [~julie@juliekoubova.net] has joined #openvpn
16:49 -!- badaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
16:49 -!- JackWinter_ [~jack@vodsl-10478.vo.lu] has joined #openvpn
16:50 -!- shivanshu_ [~shivanshu@104.131.8.15] has joined #openvpn
16:51 -!- antihero [~antihero@37.139.5.204] has joined #openvpn
16:51 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has quit [Ping timeout: 276 seconds]
16:52 -!- Netsplit *.net <-> *.split quits: scyld, KavanS, Left_Turn, pythonsnake1, Mike--, AsadH, jeev, deviantintegral, typ, mirco,  (+41 more, use /NETSPLIT to show all of them)
16:52 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
16:52 -!- Netsplit *.net <-> *.split quits: ratsupremacy, TheEternalAbyss, Adian, jl-, Slippern, nlb, julieeharshaw, Zimsky, mete, burp_,  (+3 more, use /NETSPLIT to show all of them)
16:52 -!- shivanshu_ is now known as shivanshu
16:52 -!- Netsplit *.net <-> *.split quits: nsrafk, tapout, @dazo_afk, dvl, lachesis, ExtraCarpety, kossy, trumee, akamaru217
16:53 -!- Netsplit over, joins: @vpnHelper, @novaflash, pythonsnake1, Left_Turn, james41382, KavanS, `Yoda, mirco, mgorbach, rich0 (+13 more)
16:53 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has quit [Max SendQ exceeded]
16:54 -!- Netsplit *.net <-> *.split quits: @Dougy, sireebob, pppingme, Neal_, Haseo, abbe, lxusrbin, pekster, troyt, carlcrack,  (+15 more, use /NETSPLIT to show all of them)
16:54 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Max SendQ exceeded]
16:54 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:54 -!- liriel [~liriel@asia.feralhosting.com] has joined #openvpn
16:54 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
16:54 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
16:54 -!- arkie [~arkie@unaffiliated/arkie] has joined #openvpn
16:54 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
16:54 -!- benoliver999 [~ben@ben.baconseed.org] has joined #openvpn
16:54 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
16:54 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
16:54 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
16:54 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
16:55 -!- early` [~early@192.241.198.49] has joined #openvpn
16:55 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has joined #openvpn
16:55 -!- Netsplit *.net <-> *.split quits: someone, early, boypussy, dkr, Reventlov, roentgen_, almostworking, RGamma, gardar, Papey,  (+9 more, use /NETSPLIT to show all of them)
16:56 -!- markelite [croftworth@gateway/shell/yourbnc/x-tcbsaqyavfnpcsln] has joined #openvpn
16:57 -!- Netsplit over, joins: bakhtiya
16:58 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
16:58 -!- Netsplit *.net <-> *.split quits: D-Boy
16:58 -!- mode/#openvpn [+o dazo_afk] by ChanServ
16:58 -!- dazo_afk is now known as dazo
16:58 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
16:58 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
17:01 -!- zalami_ [~realnameo@unaffiliated/zalami] has quit [Quit: No Ping reply in 180 seconds.]
17:01 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Quit: No Ping reply in 180 seconds.]
17:01 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
17:01 -!- debbie10t [~debbie10t@unaffiliated/m10t] has quit [Read error: Connection reset by peer]
17:01 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
17:01 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
17:01 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
17:01 -!- u0m3 [~u0m3@92.80.89.9] has quit [Read error: Connection reset by peer]
17:01 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 272 seconds]
17:01 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Ping timeout: 272 seconds]
17:01 -!- mpoole [~mpoole@minotaur.apache.org] has quit [Ping timeout: 272 seconds]
17:01 -!- early` [~early@192.241.198.49] has quit [Ping timeout: 272 seconds]
17:01 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 272 seconds]
17:01 -!- riddle [riddle@us.yunix.net] has quit [Ping timeout: 272 seconds]
17:01 -!- maxiepax [max@83.241.146.10] has quit [Ping timeout: 272 seconds]
17:01 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Remote host closed the connection]
17:01 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 272 seconds]
17:01 -!- Matir_ [~matir@ubuntu/member/matir] has quit [Ping timeout: 272 seconds]
17:01 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has quit [Ping timeout: 272 seconds]
17:02 -!- u0m3 [~u0m3@92.80.89.9] has joined #openvpn
17:02 -!- RGamma [~RGamma@ip-84-118-23-37.unity-media.net] has joined #openvpn
17:02 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has quit [Read error: Connection reset by peer]
17:02 -!- keatont [~keatont@keatonstaylor.com] has quit [Ping timeout: 264 seconds]
17:02 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 264 seconds]
17:02 -!- _quadDamage [~EmperorTo@boom.blissfulidiot.com] has quit [Read error: Connection reset by peer]
17:02 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 264 seconds]
17:02 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Ping timeout: 264 seconds]
17:02 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 264 seconds]
17:02 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
17:02 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
17:02 -!- mode/#openvpn [+v hazardous] by ChanServ
17:03 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
17:03 -!- haasn [~haasn@static.102.126.46.78.clients.your-server.de] has joined #openvpn
17:03 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
17:03 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
17:03 -!- mode/#openvpn [+v RBecker] by ChanServ
17:03 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
17:03 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has joined #openvpn
17:03 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
17:04 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
17:04 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
17:04 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
17:04 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
17:05 -!- mpoole [~mpoole@minotaur.apache.org] has joined #openvpn
17:05 -!- Netsplit *.net <-> *.split quits: jeev, Maxel, @vpnHelper, thumbs, ghormoon, james41382, DonRichie, ketas, `Yoda, rich0,  (+28 more, use /NETSPLIT to show all of them)
17:05 -!- mirco_ is now known as mirco
17:05 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
17:05 -!- mode/#openvpn [+o mattock] by ChanServ
17:05 -!- lxusrbin [~lxusrbin@han.solo.atw0rk.net] has joined #openvpn
17:05 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
17:05 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
17:05 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
17:05 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
17:05 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
17:05 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
17:05 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
17:05 -!- hypermist [hypermist@unaffiliated/hypermist] has joined #openvpn
17:05 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
17:05 -!- Guest77113 [~Tony@unaffiliated/darkg] has joined #openvpn
17:05 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
17:05 -!- abbe [having@badti.me] has joined #openvpn
17:05 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
17:05 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
17:05 -!- kokel [~quassel@kenneth.kokelnet.de] has joined #openvpn
17:05 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
17:05 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
17:05 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
17:05 -!- ServerMode/#openvpn [+oo krzee plaisthos] by sinisalo.freenode.net
17:05 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
17:05 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
17:06 -!- Netsplit over, joins: Jeroen52
17:06 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Max SendQ exceeded]
17:06 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
17:06 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
17:07 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has joined #openvpn
17:07 -!- riddle [riddle@us.yunix.net] has joined #openvpn
17:07 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has joined #openvpn
17:07 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
17:07 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
17:08 -!- Netsplit *.net <-> *.split quits: bakhtiya, @raidz, Synced
17:08 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
17:08 -!- Netsplit *.net <-> *.split quits: Brando753, K1rk, Shiftos, Fusl, badon, atyoung, DrCode
17:08 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:09 -!- tekk [~me@185.17.149.149] has joined #openvpn
17:09 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:10 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
17:10 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has joined #openvpn
17:12 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
17:12 -!- Latrina [~Latrina@adsl-ull-159-179.50-151.net24.it] has joined #openvpn
17:12 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
17:12 -!- deviantintegral [~deviantin@mail.furrypaws.ca] has joined #openvpn
17:12 -!- doop [~doop@colostomy.club] has joined #openvpn
17:12 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
17:12 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
17:12 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
17:12 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
17:12 -!- benoliver999 [~ben@ben.baconseed.org] has joined #openvpn
17:12 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
17:12 -!- arkie [~arkie@unaffiliated/arkie] has joined #openvpn
17:12 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
17:12 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
17:12 -!- liriel [~liriel@asia.feralhosting.com] has joined #openvpn
17:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:12 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
17:13 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Max SendQ exceeded]
17:13 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
17:13 -!- someon [~someone@sonoshee.chronostasis.net] has joined #openvpn
17:13 -!- jeev [~j@107.170.196.88] has joined #openvpn
17:13 -!- raidz [~raidz@raidz.im] has joined #openvpn
17:13 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Max SendQ exceeded]
17:13 -!- 7JTAB3J4F [~lev@stipakov.fi] has joined #openvpn
17:13 -!- Magiobiwan [IRC@192.210.209.165] has joined #openvpn
17:13 -!- `Yoda [Yoda@gateway/shell/yourbnc/session] has joined #openvpn
17:13 -!- gmc [~gmc@babbelbox.metro.cx] has joined #openvpn
17:13 -!- novaflash [~novaflash@its.novaflash.nl] has joined #openvpn
17:13 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:c069:f6fb:4d2c:8e8c] has joined #openvpn
17:13 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
17:13 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
17:13 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
17:13 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
17:13 -!- yoavz [yoavz@yoavz.net] has quit [Max SendQ exceeded]
17:14 -!- Magiobiwan [IRC@192.210.209.165] has quit [Max SendQ exceeded]
17:14 -!- `Yoda [Yoda@gateway/shell/yourbnc/session] has quit [Changing host]
17:14 -!- `Yoda [Yoda@unaffiliated/itsyoda] has joined #openvpn
17:14 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Max SendQ exceeded]
17:14 -!- deviantintegral [~deviantin@mail.furrypaws.ca] has quit [Changing host]
17:14 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
17:14 -!- raidz [~raidz@raidz.im] has quit [Changing host]
17:14 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
17:14 -!- mode/#openvpn [+o raidz] by ChanServ
17:14 -!- jeev [~j@107.170.196.88] has quit [Changing host]
17:14 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
17:14 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
17:14 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
17:14 -!- Zimsky-- [~alice@unaffiliated/zimsky] has joined #openvpn
17:14 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
17:14 -!- gmc is now known as Guest39046
17:14 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
17:14 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
17:15 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
17:15 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
17:15 -!- K1rk [~Kirk@equinox.epecweb.com] has joined #openvpn
17:16 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
17:16 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Quit: leaving]
17:16 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
17:17 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has joined #openvpn
17:17 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
17:18 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
17:18 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
17:20 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
17:20 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
17:22 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:23 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
17:23 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:23 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has joined #openvpn
17:23 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Max SendQ exceeded]
17:24 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:26 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Changing host]
17:26 -!- james41382_ [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
17:27 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
17:27 -!- ampsix [uid26275@gateway/web/irccloud.com/x-ilapitckhanvcdbw] has quit []
17:30 -!- `Yoda [Yoda@unaffiliated/itsyoda] has quit [Changing host]
17:31 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-qafvbngfwpqktbdm] has joined #openvpn
17:31 -!- debbie10t [~debbie10t@unaffiliated/m10t] has joined #openvpn
17:36 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
17:38 -!- someon is now known as someone
17:39 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
17:43 -!- shivanshu [~shivanshu@104.131.8.15] has quit [Read error: Connection reset by peer]
17:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:57 -!- nlb [~nlb@unaffiliated/nlb] has joined #openvpn
18:01 -!- debbie10t is now known as JudgeJudyfk
18:04 -!- JudgeJudyfk is now known as TheManual
18:04 < TheManual> they must have read me ..
18:04 -!- TheManual is now known as theSource
18:05 -!- theSource is now known as SourceCode
18:05 -!- SourceCode is now known as ballzucker
18:32 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
18:32 -!- atyoung [~darkwurm@gateway/tor-sasl/darkwurm] has quit [Ping timeout: 250 seconds]
18:33 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
18:39 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
18:45 -!- ballzucker [~debbie10t@unaffiliated/m10t] has quit [Killed (Sigyn (Spam is off topic on freenode))]
19:15 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
19:22 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
19:33 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 272 seconds]
19:34 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
19:35 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
19:35 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
19:43 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
19:44 -!- arkie [~arkie@unaffiliated/arkie] has quit [Ping timeout: 252 seconds]
19:49 -!- arkie [~arkie@unaffiliated/arkie] has joined #openvpn
20:05 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
20:05 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
20:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
20:35 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 265 seconds]
20:41 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
20:58 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Quit: Konversation terminated!]
20:58 -!- rich0_ is now known as rich0
21:17 -!- BladedThesis [~BladedThe@2001:1af8:4010:a027:3::] has quit [Ping timeout: 272 seconds]
21:20 -!- BladedThesis [~BladedThe@2001:1af8:4010:a027:3::] has joined #openvpn
21:40 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:41 <@krzee> anyone waiting for help with something?
21:41 -!- BladedThesis [~BladedThe@2001:1af8:4010:a027:3::] has quit [Quit: You shouldn't be seeing this]
21:45 -!- BladedThesis [~BladedThe@lamp.whatbox.ca] has joined #openvpn
21:54 -!- BladedThesis [~BladedThe@lamp.whatbox.ca] has quit [Excess Flood]
21:54 -!- BladedThesis [~BladedThe@2001:1af8:4010:a027:3::] has joined #openvpn
22:05 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
22:10 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
22:41 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
22:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:03 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
23:20 -!- keatont [~keatont@keatonstaylor.com] has quit [Quit: ZNC - http://znc.in]
23:22 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Read error: Connection reset by peer]
23:31 -!- ShadniX [dagger@p5481D726.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:31 -!- ShadniX_ [dagger@p5794135A.dip0.t-ipconnect.de] has joined #openvpn
23:31 -!- ShadniX_ is now known as ShadniX
23:31 -!- james41382_ is now known as james41382
23:44 -!- novaflash [~novaflash@its.novaflash.nl] has quit [Changing host]
23:44 -!- novaflash [~novaflash@openvpn/corp/support/novaflash] has joined #openvpn
23:44 -!- mode/#openvpn [+o novaflash] by ChanServ
--- Day changed Fri Jan 16 2015
00:38 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
01:34 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 264 seconds]
01:36 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has joined #openvpn
01:44 -!- aulait [~irenacob@li629-190.members.linode.com] has quit [Remote host closed the connection]
01:46 -!- aulait [~irenacob@li629-190.members.linode.com] has joined #openvpn
01:56 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
02:01 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
02:29 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 256 seconds]
02:50 -!- Tobinski [~tobinski@x2f6003b.dyn.telefonica.de] has joined #openvpn
02:51 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:54 -!- Tobinski [~tobinski@x2f6003b.dyn.telefonica.de] has quit [Quit: Leaving]
02:54 -!- Tobinski [~tobinski@x2f6003b.dyn.telefonica.de] has joined #openvpn
03:02 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
03:03 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:12 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
03:20 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:45 <+hyper_ch> krzee: google publishes another security issue with windows... 90 days to fix just aren't good enough for Microsoft...
03:50 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
04:08 -!- asper [~argali@volans.uberspace.de] has joined #openvpn
04:10 < asper> hey guys, i set up a vpn with client-to-client OFF. Is it possible to create rules so that some "controlling hosts" can see all or just a few "slave hosts"?
04:16 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
04:23 -!- badaptr is now known as adaptr
04:33 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Remote host closed the connection]
04:33 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
04:33 -!- mode/#openvpn [+o plaisthos] by ChanServ
04:43 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
04:49 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
04:54 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:55 -!- shio [marmot@6.121.101.84.rev.sfr.net] has joined #openvpn
05:00 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
05:02 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
05:03 -!- mode/#openvpn [+o krzee] by ChanServ
05:03 <@krzee> asper, did you get your question answered already?
05:03 < asper> no
05:03 <@krzee> !c2c
05:04 <@krzee> hey whered my bot go!
05:04 <@krzee> 1sec
05:04 < asper> waiting for the bot......
05:04 < asper> .....
05:04 < asper> ....
05:04 < asper> ....
05:04 < asper> ..
05:04 < asper> .
05:05 < asper> ok i'll wildly guess what c2c means... consumer to consumer?
05:05 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
05:05 -!- mode/#openvpn [+o vpnHelper] by ChanServ
05:05 <@krzee> !c2c
05:05 <@vpnHelper> "c2c" is "client-to-client" is with this option packets from 1 client to another are routed inside the server process. without it packets leave the server process, hit the kernel (firewall, routing table) and if allowed by firewall and routed back to server process, they go to the client. you use this option when you do not want to use selective firewall rules on what clients can access things behind
05:05 <@vpnHelper> other clients
05:06 <@krzee> so as you can see, for what you want you can simply not use that config option, and use your firewall on your server to accomplish your goal
05:12 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
05:15 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:36 -!- Zimsky-- is now known as Zimsky
05:39 < asper> thanks krzee
05:39 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Ping timeout: 255 seconds]
05:39 <@krzee> np
05:45 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
05:45 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Read error: Connection reset by peer]
05:52 -!- Dropje [~yge@ip4da1148b.direct-adsl.nl] has joined #openvpn
05:54 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
05:55 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
05:59 -!- MatToufoutu [~MaT@unaffiliated/mattoufoutu] has left #openvpn ["Quitte"]
06:14 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco]
06:25 -!- mirco [~mirco@tmo-100-202.customers.d1-online.com] has joined #openvpn
06:25 -!- mirco [~mirco@tmo-100-202.customers.d1-online.com] has quit [Remote host closed the connection]
06:32 -!- RoyK [~roy@77.88.71.251] has joined #openvpn
06:33 < RoyK> hi all. anyone that knows where I can find a howto on setting up android access?
06:37 < RoyK> that is, setting up an access server for distributing profiles to be imported
06:41 <@plaisthos> !as
06:41 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
06:50 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
06:52 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
06:56 -!- Guest77113 [~Tony@unaffiliated/darkg] has quit [Max SendQ exceeded]
06:57 -!- TonyL [~Tony@unaffiliated/darkg] has joined #openvpn
07:09 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:37 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Quit: ZNC - http://znc.in]
07:38 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
07:44 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
07:48 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
07:49 < RoyK> plaisthos: sorry - didn't mean AS, just openvpn, I just don't understand this client config file distribution thing
07:50 <@krzee> !sleep
07:51 <@krzee> !learn sleep as if you are having issues with openvpn after waking from sleep mode in windows see: https://community.openvpn.net/openvpn/wiki/WhyMyOpenVPNTunnelDoesNot
07:51 <@vpnHelper> Joo got it.
07:54 <@plaisthos> RoyK: just get the ovpn file to that device and open it
07:54 <@plaisthos> email it or something
07:54 <@krzee> copy it over using android file transer, adb, or by mounting the sdcard
07:55 <@krzee> then just import
07:55 <@krzee> its as easy as could be
07:55 <@plaisthos> or use a webserver with the right mime type
07:55 <@plaisthos> !android
07:55 <@vpnHelper> "android" is (#1) an open source OpenVPN client for ICS is available in Google Play, look for OpenVPN for Android. FAQ is here: http://code.google.com/p/ics-openvpn/wiki/FAQ or (#2) Direct Play link: https://play.google.com/store/apps/details?id=de.blinkt.openvpn or (#3) Old (pre-ICS) device? See: !android-old or (#4) You can get the apk directly from http://plai.de/android/ or (#5)
07:55 <@vpnHelper> https://code.google.com/p/ics-openvpn/wiki/FAQ
08:05 < RoyK> krzee: the thing is, it's a wee bit more than one device :P
08:05 < RoyK> OpenVPN Connect asks for an Access Server Hostname from which to import a profile. Any idea how to setup such a thing with OSS OpenVPN?
08:06 <@krzee> no
08:06 <@krzee> thats all AS stuff
08:06 <@plaisthos> RoyK: there is no standard for that
08:06 <@krzee> it uses AS black magic
08:06 < RoyK> well, shouold be able to reverse engineer it :P
08:06 <@plaisthos> you can do your own login/pw site and service ovpn profiles
08:07 <@krzee> RoyK, you going to touch each device?
08:07 < RoyK> krzee: no
08:19 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
08:30 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
08:40 -!- lorens [~lorens@213.27.241.114] has quit [Remote host closed the connection]
08:50 -!- rangerpb [~rangerpb@gentoo/developer/rangerpb] has joined #openvpn
08:53 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
08:54 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
08:55 < rangerpb> hey folks, I'm having some mixing luck with a simple openvpn connection between two nodes behind NAT'd firewalls.  I'm using nat-traversal to initially get them aware of each other.  Subsequently the nodes DO connect, but I cannot flow any data (like pings, curl) over the tunnel.  I've tried the iptables recommendations to now avail.
08:55 < rangerpb> my configs look like -> http://paste.fedoraproject.org/170519/14214200
08:55 < rangerpb> using tcpdump, i can def see the data headed out the right device, etc
08:56 < rangerpb> Any ideas of where I could poke at to next to debug this?
08:57 < rangerpb> firewalls on both nodes is disabled
09:01 < Poster> if you're attempting to route from network to network, you'll need to have return routes via the OpenVPN host
09:02 < rangerpb> i only want the client and server to communicate ... the routes openvpn adds should be sufficient right?
09:03 < Poster> just peer to peer?
09:04 < Poster> no networks on either side?
09:04 < rangerpb> no i dont want the peer networks to use the vpn
09:04 < rangerpb> the vpn tunnel that is
09:04 < Poster> ok so you need to add routes to the remote network by way of the local OpenVPN host IP address along with enabling IP routing on both sides
09:04 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
09:05 < Poster> so route to network B via OpenVPN host A | route to network A via OpenVPN host B
09:05 < rangerpb> can you translate that into a route command?  Would appreciate it
09:06 < Poster> ok what is the IP subnet on site 1?
09:06 < rangerpb> 192.168.1.0
09:07 < rangerpb> and site 2 192.168.2.0
09:07 < Poster> ok and what is the IP address of the OpenVPN server at site 1? 192.168.1.?
09:07 < rangerpb> .129
09:07 < Poster> ok and what is the IP address of the OpenVPN server at site 2? 192.168.2.?
09:07 < rangerpb> .227
09:08 < Poster> ok and what OS is the default gateway on site 1?
09:08 < rangerpb> .5
09:08 < rangerpb> and .7 on other side
09:09 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
09:10 < Poster> is it a firewall of some type?
09:11 < rangerpb> the client and server are not firewalls, is that what you are asking?
09:11 < Poster> what is the default gateway?
09:11 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
09:11 < rangerpb> Poster, to be clear, the vpn client and vpn server cannot even communicate (i.e., 10.10.10.11 and 10.10.10.12)
09:12 < Poster> what device is connecting your 192.168.1.0/24 to the Internet?
09:12 < rangerpb> eth0
09:12 < Poster> so it's a Linux system?
09:12 < rangerpb> definately
09:12 < rangerpb> both sides
09:13 < Poster> ok, so on 192.168.1.5, type:
09:13 < Poster> route add -net 192.168.2.0/24 gw 192.168.1.129
09:13 < Poster> on 192.168.2.7, type:
09:13 < Poster> route add -net 192.168.1.0/24 gw 192.168.2.227
09:14 < rangerpb> ok but dont those routes enable the two sep LANs to communicate?
09:14 < Poster> the default gateway has to know to route traffic destined for the remote network via the local OpenVPN host
09:15 < rangerpb> and that enables one to ping 10.10.10.11 from 10.10.10.12 ?
09:15 < rangerpb> and other way around?
09:16 < Poster> that probably works already
09:16 < rangerpb> it doesnt
09:16 < rangerpb> thats what I am trying to debug
09:16 < rangerpb> sorry if my misused terminology confused things
09:16 < Poster> ok, on both the client and server, please run
09:17 < Poster> openvpn --config /path/to/your/config.conf
09:17 < Poster> and paste the output into pastebin or something
09:18 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
09:18 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 256 seconds]
09:21 < rangerpb> client -> http://paste.fedoraproject.org/170539/21421653/
09:21 < rangerpb> server -> http://paste.fedoraproject.org/170541/42142161/
09:23 -!- yeik [~jket@2601:7:6881:4700:fab1:56ff:feb8:524a] has joined #openvpn
09:25 < rangerpb> Poster, that info you were looking for ?
09:28 -!- Ferriss [~server6@what.possessed.us] has joined #openvpn
09:28 < Ferriss> !welcome
09:28 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
09:28 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:30 < Ferriss> !/30
09:30 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
09:30 < Ferriss> !topology
09:30 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
09:31 < Ferriss> !config
09:31 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
09:31 < Ferriss> !configs
09:31 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private keys or tls-auth key before
09:31 <@vpnHelper> posting
09:32 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
09:34 < Ferriss> I would like to access the internet over my vpn. I am a new user. I feel my current issue might be with server.conf. Upon attempt to manually run openvpn with my server.conf specified, it responds "Options error: You must define TUN/TAP device. (--dev)"
09:34 < Ferriss> I will have to do some digging before I am able to provide my server.conf. It is remote
09:34 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
09:35 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
09:39 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
09:42 < Ferriss> nevermind. I can't SSH into it right now for some reason. Keeps timing out.
09:42 < Ferriss> I have other open connections through it that are working fine. Rather strange.
09:44 < KaiForce> If I have a site to site OpenVPN based VPN with the remote subnet 192.168.1.0, and I have a client key for a separate OpenVPN VPN to another site with the same subnet, which VPN will traffic flow to if I connect to the second VPN?  If that is possible...  Is there a way to control which is used?
09:45 -!- zune [~zune_free@188-180-61-96-dynamic.dk.customer.tdc.net] has quit [Quit: ZNC - http://znc.in]
09:50 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
09:53 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:56 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
10:13 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
10:16 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:27 < Dropje> KaiForce: you would have to setup metrics. I *assume* that without metrics an error will be generated upon route creation, as it will already exist
10:30 < KaiForce> Dropje: Ok, thanks.  This isn't a big deal - we do remote support and for clients that we do more work for, we usually have a site to site VPN.  We have a few that have overlapping subnets, so I'll probably just continue to create client keys for those.
10:37 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
10:43 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:54 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: ["Textual IRC Client: www.textualapp.com"]]
10:59 -!- swebb [~swebb@8.36.226.184] has quit [Ping timeout: 246 seconds]
10:59 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
11:13 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:28 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
11:51 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
11:51 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:03 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
12:15 -!- Henryabcd [~Henryabcd@pD9E0AC63.dip0.t-ipconnect.de] has joined #openvpn
12:37 -!- Henryabcd [~Henryabcd@pD9E0AC63.dip0.t-ipconnect.de] has quit [Quit: Leaving]
12:39 -!- swebb [~swebb@8.36.226.184] has joined #openvpn
12:46 -!- raidz [~raidz@openvpn/corp/admin/andrew] has left #openvpn []
12:57 <+hyper_ch> krzee: I knew that gaming was a waste of time... but it's also a security rist to your data:  https://github.com/ValveSoftware/steam-for-linux/issues/3671
12:57 <@vpnHelper> Title: Moved ~/.local/share/steam. Ran steam. It deleted everything on system owned by user. · Issue #3671 · ValveSoftware/steam-for-linux · GitHub (at github.com)
13:10 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has joined #openvpn
13:24 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has quit [Read error: Connection reset by peer]
13:29 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]
13:31 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has joined #openvpn
13:41 -!- Synced [~Synced@unaffiliated/synced] has joined #openvpn
13:58 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has quit [Ping timeout: 246 seconds]
14:00 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has joined #openvpn
14:01 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Ping timeout: 252 seconds]
14:02 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has quit [Client Quit]
14:02 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has joined #openvpn
14:06 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has quit [Read error: Connection reset by peer]
14:08 -!- _quadDamage [~EmperorTo@boom.blissfulidiot.com] has joined #openvpn
14:11 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has joined #openvpn
14:19 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
14:23 < yeik> is anybody here good with openvpn and performance?
14:28 <+hyper_ch> no
14:33 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has quit [Read error: Connection reset by peer]
14:34 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has joined #openvpn
14:36 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Remote host closed the connection]
14:36 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
14:42 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has joined #openvpn
14:44 < yeik> Is there a good person/people to talk to about seeing low performance even with no cipher, no auth?
14:49 <+hyper_ch> no
14:49 < yeik> are you very helpful?
14:50 <+hyper_ch> yes
15:09 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:10 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 246 seconds]
15:11 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Max SendQ exceeded]
15:22 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
15:23 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
15:26 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:49 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
15:54 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
16:08 -!- mattock is now known as mattock_afk
16:12 -!- rangerpb is now known as rangerpbzzzz
16:20 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
16:21 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
16:22 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
16:28 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
16:29 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
16:30 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:30 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
16:35 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:35 <@krzee> yeik,
16:35 <@krzee> !speed
16:35 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
16:35 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better.
16:36 < yeik> so Krzee, we have looked at MTU size, it isn't cpu, we are using UDP, i have turned cipher none, auth none, mssfix, fragment/mntu size
16:36 < yeik> we are using tap
16:36 < yeik> err tun, and have tested with tap
16:37 < yeik> i tried setting txqueuelen on windows but it isn't supported.
16:37 -!- lachesis [~lachesis@unaffiliated/lachesis] has joined #openvpn
16:38 -!- lachesis [~lachesis@unaffiliated/lachesis] has left #openvpn []
16:38 < yeik> we have an openvpn server inside linux, same settings on linux and windows, linux box sees no performance difference, windows we see 4x or greater performance hit.
16:47 -!- swebb [~swebb@8.36.226.184] has quit [Ping timeout: 272 seconds]
16:47 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
16:57 -!- two_oes [~orenoi@85.64.3.169.dynamic.barak-online.net] has quit [Ping timeout: 264 seconds]
17:00 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
17:03 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
17:15 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
17:15 -!- mode/#openvpn [+v s7r] by ChanServ
17:18 -!- Tobinski [~tobinski@x2f6003b.dyn.telefonica.de] has quit [Quit: Leaving]
17:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:33 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Quit: Quit]
17:35 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
17:45 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Remote host closed the connection]
17:46 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
17:59 -!- Diabolik [DiabolikFr@2a00:d880:3:1::6be5:5bc8] has joined #openvpn
17:59 < Diabolik> hi guys
18:00 < Diabolik> i have a newb question, i just installed openvpn on my ubuntu server, im frustrated as to where to find my .ovpn files and keys on the server?
18:02 -!- ApplesInArrays [~Administr@207.126.91.2] has joined #openvpn
18:02 -!- ApplesInArrays [~Administr@207.126.91.2] has left #openvpn []
18:10 < pekster> You have to create them in OpenVPN; how do you not know where they are?
18:10 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:10 < pekster> Unless you're not referring to OpenVPN, but the commercial product, for which you should seek them out for support. For more info, see:
18:10 < pekster> !as
18:10 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
18:32 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn []
18:45 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:06 <@krzee> also Diabolik
19:06 <@krzee> !extension
19:06 <@vpnHelper> "extension" is (#1) .ovpn is the windows file extension for openvpn configs or (#2) the linux startup scripts are set to start every *.conf in /etc/openvpn/
19:34 -!- KavanS [~quassel@LINBIT/KavanS] has joined #openvpn
19:44 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
20:25 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 265 seconds]
20:34 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
20:36 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Excess Flood]
20:36 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
20:37 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
20:39 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Excess Flood]
20:41 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
20:46 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 265 seconds]
20:48 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
20:49 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Excess Flood]
20:52 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
20:53 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Excess Flood]
20:58 -!- StickyRice [d036d4c2@gateway/web/cgi-irc/kiwiirc.com/ip.208.54.212.194] has joined #openvpn
20:58 < StickyRice> ok so everyone heard of barracuda?
20:58 < StickyRice> no not the fishj
20:59 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
21:01 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Excess Flood]
21:02 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
21:02 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Excess Flood]
21:06 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 256 seconds]
21:06 -!- StickyRice [d036d4c2@gateway/web/cgi-irc/kiwiirc.com/ip.208.54.212.194] has left #openvpn []
21:29 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:30 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
21:43 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit []
21:48 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 244 seconds]
21:49 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
21:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:59 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
22:01 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
22:05 -!- james41382 [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Ping timeout: 276 seconds]
22:14 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
22:17 -!- james41382_ is now known as james41382
22:35 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:37 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:38 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
22:56 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
22:56 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
23:19 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:31 -!- ShadniX [dagger@p5794135A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:31 -!- ShadniX [dagger@p5481DE39.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Jan 17 2015
00:26 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
00:35 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 264 seconds]
01:08 -!- MogDog is now known as Laika
01:08 -!- Laika is now known as MogDog
01:50 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
01:54 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 245 seconds]
01:58 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
02:11 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 272 seconds]
02:14 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
02:37 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
02:43 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
02:44 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
04:31 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:56 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:19 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
05:25 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
05:42 -!- Denial [~Denial@81.141.17.58] has joined #openvpn
05:44 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has quit [Read error: Connection reset by peer]
05:52 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has joined #openvpn
06:00 -!- Denial [~Denial@81.141.17.58] has quit [Ping timeout: 256 seconds]
06:06 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
06:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:18 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
06:20 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
06:21 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
06:33 -!- mattock_afk is now known as mattock
06:36 -!- Left_Turn is now known as oreoOs
06:53 <+hyper_ch> krzee: http://thehill.com/policy/technology/229787-obama-backs-call-for-tech-backdoors
06:53 <@vpnHelper> Title: Obama backs call for tech backdoors | TheHill (at thehill.com)
06:54 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
07:16 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
07:20 -!- aditsu [~aditsu@059148208052.ctinets.com] has joined #openvpn
07:21 < aditsu> hi, is there a way to automatically disconnect openvpn when one of the regular interfaces is using a certain subnet?
07:31 <+hyper_ch> why would you want that?
07:42 < pekster> You probably should investigate what hooks your distro has for DHCP
07:42 < pekster> Presumably if you're setting networks statically you already know them, so it sounds like you want some scripted logic to do clever things based on what DHCP gets, which is what hooks in your dhcp script are for
07:42 < pekster> You can SIGTERM openvpn to have it shut down, or read the docs on the management interface if you want a more formal API
07:50 < aditsu> hyper_ch: because that means I'm already in the network I would be connecting to via vpn
07:51 < aditsu> pekster: aha, sounds like that could work; I guess openvpn itself doesn't have any such feature?
07:53 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has quit [Ping timeout: 246 seconds]
07:54 < aditsu> (obviously, it's for laptops/portable devices using dhcp)
07:56 < pekster> Nope, nor should it
07:56 < pekster> Should openvpn also identify your coutry of origin? Your city? The state of your lawn?
07:56 < pekster> This isn't systemd ;)
07:57 < aditsu> those things have nothing to do with openvpn's operation, but the routing table does :p
07:57 < pekster> Routing table has very little to do with "what never you're connected to"
07:57 < pekster> That's none of openvpn's business, although see for instance the detection of your pre-existing default gateway as perhaps the only thing that might matter when using --redirect-gateway
07:57 < pekster> But you'll notice that's only there as a precondition for not breaking things when inserting the two /1 routes
07:58 < pekster> what network*
07:58 <+hyper_ch> I fail to see why openvpn shouldn't be run in that case
07:58 <+hyper_ch> pekster: it seems you have a dislike for systemd?
07:59 < aditsu> hyper_ch: because 1) it's redundant and 2) there's a conflict and connections are breaking or at least slowing down
07:59 < pekster> hyper_ch: your belitting OP doens't really help
08:00 <+hyper_ch> my what doesn't help?
08:00 < pekster> His/her needs are there, unless you have a reason why you know the user "doesn't really want" to not run the VPN on a particular netwnork. Sounds plausable, and talking users out of what they want isn't really helpful
08:00 < pekster> But whatever
08:01 < pekster> aditsu: So yea, look at DHCP as a hook. OpenVPN doesn't do magic things for the same reason openssh, or any other daemon doesn't offer this support: it's not the role of service daemons to make operating decisions based on external network conditions, like what IP network you're on
08:01 < pekster> You'll need to build a bit of log around it to either start (if unstarted and you want it up) or stop (if started and you want it terminated) based on network state, but otherwise there's not much magic involved
08:02 < pekster> logic* (let's see if coffee improves typos..)
08:03 < aditsu> if it wasn't obvious, I'll specify that the vpn server is pushing one or more routes
08:03 < pekster> Yes, I figured that
08:04 < pekster> At least one of which you don't want at your location, which makes perfect sense. Don't let those who can't "fathom" your needs tell you they aren't there
08:05 < pekster> You could also consider puting the route pushes in a --client-connect script that's smart enough to look at the source IP of the VPN connection
08:06 < pekster> That way you could leave the VPN up all the time and simply change the routes pushed. This would require that you do _not_ run the client-VPN with downgraded user permisions so it can remove/re-create the routes (without the omitted ones for these alternate locations) which it can't do without persistent root perms
08:09 -!- Latrina [~Latrina@adsl-ull-159-179.50-151.net24.it] has quit [Ping timeout: 264 seconds]
08:10 -!- oreoOs is now known as Left_Turn
08:10 -!- Latrina [~Latrina@adsl-ull-84-253.45-151.net24.it] has joined #openvpn
08:11 < aditsu> pekster: ok, thanks for your suggestions; I'll look into it later since it doesn't seem very simple
08:11 < pekster> The --client-connect stuff is pretty easy
08:12 < pekster> Write a script, have it check the $trusted_ip env-var, and conditionally echo the push statements (instead of putting "--push "192.0.2.0 255.255.255.0"" in your server config) and you're done
08:13 < pekster> For shell, start with the conditional: if [ "$trusted_ip{%.*}" != "192.168.1" ]; then your_special_routes_that_should_not_be_pushed_for_clients_from_192_168_0_network; fi
08:14 < pekster> !scripts
08:14 <@vpnHelper> "scripts" is "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
08:15 < pekster> Erm, "${trusted_ip%.*}", but you probably get the idea
08:27 -!- mattock is now known as mattock_afk
08:56 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
08:59 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
09:15 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:17 -!- aditsu [~aditsu@059148208052.ctinets.com] has quit [Ping timeout: 265 seconds]
09:21 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:35 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
09:44 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
09:44 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Read error: Connection reset by peer]
09:56 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:08 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
10:11 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:12 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:17 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 255 seconds]
10:40 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has joined #openvpn
10:41 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:45 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
10:45 -!- mode/#openvpn [+v s7r] by ChanServ
11:04 -!- JackWinter_ [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
11:06 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
11:11 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
12:02 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:05 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
12:05 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:21 -!- aditsu [~aditsu@183178080020.ctinets.com] has joined #openvpn
12:24 -!- s7r [~s7r@openvpn/user/s7r] has quit [Read error: Connection reset by peer]
12:24 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
12:24 -!- mode/#openvpn [+v s7r] by ChanServ
12:38 <+hyper_ch> krzee: http://www.spiegel.de/media/media-35663.pdf
13:13 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
13:13 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:38 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
14:01 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
14:03 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
14:12 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
14:18 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
14:24 -!- Henryabcd [~Henryabcd@pD9E0A5C1.dip0.t-ipconnect.de] has joined #openvpn
14:28 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:29 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
14:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
14:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:40 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
14:40 -!- mode/#openvpn [+v esde] by ChanServ
15:10 -!- r00t^2_ [~bts@g.rainwreck.com] has joined #openvpn
15:12 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 252 seconds]
15:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:17 -!- r00t^2_ is now known as r00t^2
15:31 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:33 -!- 7JTAB3J4F is now known as lev__
15:37 -!- Henryabcd [~Henryabcd@pD9E0A5C1.dip0.t-ipconnect.de] has quit [Quit: Leaving]
16:23 -!- techtopia [~dystopia@95.211.195.1] has joined #openvpn
16:23 < techtopia> hey guys
16:24 < techtopia> is there a way to only route some traffic through a vpn
16:24 < techtopia> and let some apps connect directly to the internet
16:24 < techtopia> using openvpn connect client in windows
16:30 <+hyper_ch> yes
16:30 < techtopia> how would i go about doing it hyper_ch
16:30 < techtopia> would like to let ftprush connect directly to sites
16:30 <+hyper_ch> well, some apps can be bound to an interface
16:31 <+hyper_ch> or you set according gateway through the vpn for  specific sites/ips that shall be reached
16:31 <+hyper_ch> or if you run the vpn server, you can setup a proxy and let some apps connect through tthere
16:32 < techtopia> unfortunatly i paid for a vpn
16:32 < techtopia> i learn since i should ahve got a vps and set it up myself
16:32 <+hyper_ch> probably you could setup a local (socks) proxy that goes through the vpn
16:33 < techtopia> ok i will do some research :)
16:49 <+esde> techtopia, if you're running openvpn client on a firewall, it would be feasible to combine iptables on the openvpn server with some rules on the openvpn clientside firewall.
16:51 <+esde> as an axample, you could configure the clientside to only allow outbound traffic from port 80 through $wan, while forcing all other traffic through $ovpn.
16:52 <+esde> *lan traffic
17:07 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
17:08 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
17:09 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:25 < KavanS> openvpn is acting funny...linux to linux over a 4G connection....it might be MTU related....when I get a big burst of data it'll choke out...but say regular ping/ssh seems to work fine
17:25 < KavanS> any suggestions?
17:26 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:31 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
17:36 < KavanS> n/m found mssfix
17:36 < KavanS> seems to have fixed it :)
17:45 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
17:47 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
17:54 -!- deskjob [2e138974@gateway/web/freenode/ip.46.19.137.116] has joined #openvpn
18:00 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
18:05 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
18:19 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
18:32 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has quit [Remote host closed the connection]
18:45 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
18:49 -!- paxmark9 [~paxtormar@198.144.158.14] has joined #openvpn
18:56 -!- KavanS [~quassel@LINBIT/KavanS] has quit [Ping timeout: 244 seconds]
19:08 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
21:09 -!- Diabolik [DiabolikFr@2a00:d880:3:1::6be5:5bc8] has quit [Ping timeout: 244 seconds]
21:11 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has quit [Excess Flood]
21:11 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
21:12 -!- mode/#openvpn [+v hyper_ch] by ChanServ
21:20 -!- deskjob [2e138974@gateway/web/freenode/ip.46.19.137.116] has left #openvpn []
21:29 -!- Latrina [~Latrina@adsl-ull-84-253.45-151.net24.it] has quit [Ping timeout: 246 seconds]
21:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:30 -!- Latrina [~Latrina@adsl-ull-52-202.50-151.net24.it] has joined #openvpn
21:55 -!- Diabolik [DiabolikFr@2a00:d880:3:1::6be5:5bc8] has joined #openvpn
22:37 -!- Latrina [~Latrina@adsl-ull-52-202.50-151.net24.it] has quit [Ping timeout: 256 seconds]
22:55 -!- Latrina [~Latrina@adsl-ull-168-213.50-151.net24.it] has joined #openvpn
23:31 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Remote host closed the connection]
23:31 -!- ShadniX [dagger@p5481DE39.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX [dagger@p5DDFE95B.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Jan 18 2015
00:23 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:25 -!- paxmark9 [~paxtormar@198.144.158.14] has left #openvpn ["Leaving"]
00:58 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [K-Lined]
00:58 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
01:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
01:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:01 -!- novae [~novae@unaffiliated/novae] has quit [Remote host closed the connection]
02:07 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
02:46 -!- mattock_afk is now known as mattock
03:14 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
03:38 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:52 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:21 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:24 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
05:30 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
05:48 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 244 seconds]
05:55 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
06:43 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
07:20 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
07:22 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
07:49 -!- AlbSpirit [~Bad@shoqeria.al] has joined #openvpn
07:51 -!- rooth_ is now known as rooth
08:15 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:16 -!- kexmex [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
08:17 < AlbSpirit> can someone help me please, i have installed openvpn as and all is working good. My problem is i have 2 IP FAILOVER. I need to have the ip failover to use not my real ip, is that possible?
08:21 <+hyper_ch> no idea what you mean with ip failover
08:24 < AlbSpirit> when i connect with the vpn i use the real ip of the vps, in my vps i have also 2 ip failover (pointing to usa and canada), i want to use the us ip failover
08:35 -!- AlbSpirit [~Bad@shoqeria.al] has quit [Quit: (AS v9.0) download it @ www.albaniasite.net]
09:23 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 245 seconds]
09:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
09:43 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:52 -!- D-Boy [~D-Boy@unaffiliated/cain] has left #openvpn ["Leaving"]
10:53 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
10:55 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 245 seconds]
11:02 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:08 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:10 <@krzee> hyper_ch, you could have stopped him at "openvpn as"
11:10 <+hyper_ch> krzee: whom?
11:11 <@krzee>  AlbSpirit
11:11 <+hyper_ch> didn't see that
11:12 <@krzee> "can someone help me please, i have installed openvpn as and all is working good. My problem is i have 2 IP FAILOVER. I need to have the ip failover to use not my real ip, is that possible?"
11:12 <@krzee>  <hyper_ch> no idea what you mean with ip failover
11:12 <+hyper_ch> didn't see the "as" then
11:12 <@krzee> oh i get it, you didnt see the "as"
11:18 <+hyper_ch> krzee: did you see the pdf I linked you to?
11:18 <@krzee> most likely
11:18 <@krzee> what was it
11:18 <+hyper_ch> nsa "diary" on openssh
11:18 <+hyper_ch> [19:38] <hyper_ch> krzee: http://www.spiegel.de/media/media-35663.pdf
11:18 <@krzee> yep
11:19 <+hyper_ch> so, in 2007 the NSA hasn't hacked openssh yet
11:19 <+hyper_ch> that analyst even says how annoyingly openssh has builtin mechanisms to prevent abuse and stuff
11:22 <+hyper_ch> to me that sounded like a compliment to the openssh devs :)
11:24 -!- Evil_Eric [~Evil_Eric@gateway/vpn/privateinternetaccess/evileric/x-42088219] has joined #openvpn
11:24 < Evil_Eric> hi guys i need help im running openvpn on xubuntu and when i log in it segfaults can someone help?
11:25 < Evil_Eric> 32-bit and 14.10
11:25 <+hyper_ch> when you log in?
11:25 <+hyper_ch> also, logs or it didn't happen
11:25 <+hyper_ch> and
11:25 <+hyper_ch> !configs
11:25 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private keys or tls-auth key before
11:25 <@vpnHelper> posting
11:26 <+hyper_ch> krzee: I still don't get what he means with failover ip
11:26 < Evil_Eric> thanks ill get on that
11:30 < Evil_Eric> ummmmm now i know this is a newby question but where in xubuntu do they store the crash logs thought xubuntu had a log reader like ubuntu did
11:33 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
11:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:35 <+hyper_ch> do you use network manager for openvpn connection?
11:36 < Evil_Eric> yes
11:36 <+hyper_ch> no idea then
11:36 < Evil_Eric> i found the log
11:36 < Evil_Eric> brb going to do this thing
11:37 <+hyper_ch> better to use a .conf file in /etc/openvpn/ IMHO
11:37 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
11:43 < Evil_Eric> yeah here come pastebin :\
11:44 <+hyper_ch> ?
11:44 < Evil_Eric> http://pastebin.com/QrNFutu6
11:45 < Evil_Eric> if you need more info please just ask
11:45 <+hyper_ch> no idea
11:47 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:48 <+hyper_ch> well, try to use a .conf file in /etc/openvpn/
11:49 < Evil_Eric> never mind i got like 6 people on it one of them will give me an answer on this issue probally a simple thing where i dint use like sudo or something somewhere
11:55 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
12:00 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
12:09 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
12:14 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
12:18 -!- dob1 [~d@dynamic-adsl-78-12-174-21.clienti.tiscali.it] has joined #openvpn
12:18 < dob1> hi, i would like to run a script (on server side) after a client is connected to the vpn, i read about "up etc"  but seems this is related to client side
12:19 < dob1> am i wrong?
12:19 -!- Evil_Eric [~Evil_Eric@gateway/vpn/privateinternetaccess/evileric/x-42088219] has quit [Quit: I am out of here!!!! ...... for awhile]
12:22 -!- Evil_Eric [~Evil_Eric@gateway/vpn/privateinternetaccess/evileric/x-42088219] has joined #openvpn
12:28 <@krzee> !client-connect
12:28 <@vpnHelper> "client-connect" is --client-connect <script>, runs script on client connection. This can be useful for generating firewall rules dynamicly, or for assigning static ips. This can do anything that a ccd (see !ccd) entry can do, but dynamicly... to use it that way, you should write your dynamic ccd commands to the file named by $1.
12:28 <@krzee> up is run when you start the vpn, it can be used for a server but its only run when initialized
12:30 < dob1> !ccd
12:30 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
12:30 < dob1> thanks krzee
12:31 <@krzee> yw
12:34 < Evil_Eric> hmmmmmm just restarted and now nothing is crashing
12:34 < Evil_Eric> thanks for the help guys
12:34 < Evil_Eric> and for putting up with my noobieness
12:35 -!- Evil_Eric [~Evil_Eric@gateway/vpn/privateinternetaccess/evileric/x-42088219] has left #openvpn ["IM leaving on a jet plane, dont know when ill be back again"]
12:36 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
12:38 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
12:53 -!- _FBi is now known as Da_FBi
12:54 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 256 seconds]
12:57 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
12:57 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
13:00 -!- rich0__ is now known as rich0
13:19 -!- julie_harshaw [~julie@juliekoubova.net] has quit [Remote host closed the connection]
13:20 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
13:21 -!- mattock is now known as mattock_afk
13:29 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
13:29 -!- paxmark9 [~paxtormar@199.21.149.142] has joined #openvpn
13:35 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 272 seconds]
13:48 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
13:52 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 252 seconds]
14:03 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:03 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Remote host closed the connection]
14:16 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Quit: ZZZZZzzzz]
14:17 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
14:18 -!- KavanS [~quassel@LINBIT/KavanS] has joined #openvpn
14:19 -!- Latrina [~Latrina@adsl-ull-168-213.50-151.net24.it] has quit [Ping timeout: 255 seconds]
14:20 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
14:20 -!- Latrina [~Latrina@adsl-ull-172-191.50-151.net24.it] has joined #openvpn
14:22 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
14:30 < techtopia> hey guys
14:30 < techtopia> so i signed up to a vpn provider based in hong kong, which says it keeps no logs and so on
14:31 < techtopia> it gives me lots of connections to choose from and a chose an nl connection which is just a box with leaseweb
14:31 < techtopia> but even if the hong kong provider isnt keeping logs, leaseweb probably are right?
14:31 <+hyper_ch> ask them
14:32 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:35 < techtopia> they say this "No, we're not aware of that, anyway it is irrelevant, because the web sites visited from one of our servers in any Leaseweb server would be recorded as visited by us, not by our customers. Any correlation with our customers' traffic is destroyed. "
14:36 < techtopia> but my box connects directly to their leaseweb box
14:45 -!- ljvb [~jason@us.vps.vanbrecht.com] has quit [Quit: BitchX-1.2-final -- just do it.]
14:52 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
14:55 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
14:56 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
15:11 -!- MrWhoo [4c0aa1d3@gateway/web/freenode/ip.76.10.161.211] has joined #openvpn
15:12 < MrWhoo> Greetings
15:12 < MrWhoo> I finally got the dual VPN "working" on DD-Wrt - yes ... I can't wait to move to OpenWrt per recommendation here ... I just need new hardware.
15:13 < MrWhoo> I have one problem, Its not really openvpn related ... I added static routes via   tun1 and tap1  then tun1 - reaches the website ok but the tap1 does not work from computer but works via ssh from router
15:14 < MrWhoo> any ideas what could be wrong -  http://pastebin.com/anyk0hAK
15:14 <+hyper_ch> no
15:15 < MrWhoo> :(
15:15 < MrWhoo> If i have only one vpn up it works if I start second no workie :(
15:30 -!- MrWhoo [4c0aa1d3@gateway/web/freenode/ip.76.10.161.211] has quit [Quit: Page closed]
16:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:18 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:29 -!- SviMik [~pIRCuser8@131-250-35-213.dyn.estpak.ee] has joined #openvpn
16:31 -!- bonjurkes [~bonjurkes@104.131.52.107] has joined #openvpn
16:31 < bonjurkes> ahoy guys
16:31 < bonjurkes> can openvpn server work good on 128 mb ram vps?
16:31 < bonjurkes> I will be the only user
16:32 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 264 seconds]
16:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
16:35 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
16:36 < SviMik> bonjurkes how much ram is free? OS will also take some :)
16:36 < bonjurkes> SviMik not sure, I havent ordered the server yet
16:36 < bonjurkes> 6 bucks for a year
16:42 < SviMik> we have 14 servers with 256mb ram, and ram usage is 40-65% right now
16:43 < bonjurkes> this is the specs SviMik http://pastebin.com/u520DcP3
16:43 -!- techtopia [~dystopia@95.211.195.1] has quit [Ping timeout: 244 seconds]
16:45 < SviMik> I think that's possible.
16:46 < bonjurkes> well otherwise it will be waste of 6 bucks
16:46 < bonjurkes> or I can turn it into a smtp
16:49 < SviMik> openvpn itself doesn't use much. maybe 15mb if there is not many users.
16:49 < bonjurkes> I will be the only one
16:49 < bonjurkes> that sounded a bit weird yes
16:50 < SviMik> but not any linux distro can run with such memory. you may need to do some tweaks, like disabling services which you don't use
16:50 <@krzee> sup SviMik
16:51 < bonjurkes> well I will install debian, and it will be only openvpn let's see how it will work
16:51 < SviMik> hi krzee
16:53 < SviMik> now my question. maybe you already know the problem with chinese firewall. their DPI somehow detects ovpn connections and drops them. is there a way to overcome it?
16:55 < SviMik> we used tcp port 443, hoping that ovpn connection will be difficult to distinguish from HTTPS (as they both are SSL), but it seems I was wrong
16:56 <+esde> !obfs
16:56 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
16:56 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
16:56 <@krzee> SviMik,
16:56 <@krzee> oh nevermind esde already gave it
16:57 < SviMik> !forwardsecurity
16:57 <@vpnHelper> "forwardsecurity" is (#1) in server/client mode with certs your key renegotiates (changes) every hour (by default), so if someone captures your traffic, and then gets your key, they can only decrypt the traffic within the timeframe since last renegotiation or (#2) in ptp mode (static key) you do not have this, so if someone gets your key they can decrypt ANY past traffic that they captured
16:58 -!- pm- [~pmv@95.128.184.170] has joined #openvpn
16:59 -!- pm- [~pmv@95.128.184.170] has left #openvpn []
17:04 < SviMik> well, maybe there is a chance to add obfuscation into ovpn? I'm trying to understand the code right now, but I have no idea how difficult it may be...
17:05 < SviMik> only if I could find the right place to insert an obfuscation code... maybe simple XORing would be enough to stop firewall from recognition
17:07 < SviMik> krzee maybe you know the source structure to say which file should I look for?
17:11 <+esde> obfsproxy is the simplest and most effective method, as i've seen it discussed in here. the guide should be pretty useful, but post any questions you've got along the way and we'll try to help
17:14 < hydrajump> is it possible to replace a client.conf and PKI files when the client is connected?
17:15 < SviMik> esde maybe it's simple for a single user, but if you have a lot of clients... the question is to make a 2-in-1 installer with obfsproxy, or just patched ovpn installer?
17:15 <+esde> the client would need to drop the connection and reconnect using the new certs and keys afaik
17:15 < hydrajump> basically I have an openvpn client that needs to be reconfigured and is in a remote location currently connected to an old openvpn server, so I need to change the config on the client as well as the client.crt, client.key, tls.key, ca.crt. Is this possible?
17:16 < SviMik> hydrajump you have to restart it.
17:16 < hydrajump> esde: that's fine. Will the current connection be disrupted by when the files are overwritten?
17:16 <+esde> if you're chainging the PKI files on the server, the client will need to have those new files copied over,  and reconnect using the new certs and keys afaik
17:18 <+esde> SviMik, I've never used it personally. But client-side it's a simple config change from what i can tell
17:19 <+esde> oh "On the client it will start a obfsproxy serving as a SOCKS proxy" you may need to install some extra software on the client, as well. but again, i've never used obfsproxy
17:20 < SviMik> esde yes, every client have to download, install, configure and run obfsproxy, which is too complicated for them
17:22 <+esde> there's no such thing as too complicated, when it's their only hope at using the service.
17:23 <+esde> perhaps create some documentation for your end-users?
17:23 <+esde> or look for existing products to meet your goal (wrappers or whatnot)
17:23 < SviMik> even the "download and copy config files" is sometimes a challenge... :)
17:24 < hydrajump> ^^ sooo true
17:24  * esde shrugs
17:26 <+esde> !effort
17:26 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
17:26 <+esde> https://proxy.sh/obfs seems to be able to offer obfsproxy with their opevpn offerings, with docs.
17:26 <@vpnHelper> Title: Client Panel - Proxy.sh (at proxy.sh)
17:26 <+esde> requires login to view, though
17:29 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
17:33 < SviMik> <esde> there's no such thing as too complicated, when it's their only hope at using the service. \\ or, they just go to our competitor, who already did it in a more simple way (from the user's perspective)
17:33 <+esde> Exactly
17:34 <+esde> so I would figure out how they're doing it so simply and work to emulate that in your systems
17:35 < SviMik> they have patched openvpn client.
17:37 -!- bonjurkes [~bonjurkes@104.131.52.107] has quit [Ping timeout: 256 seconds]
17:39 -!- bonjurkes [~bonjurkes@24.133.109.208] has joined #openvpn
17:40 < bonjurkes> new openvpn server means new problems gah
17:41 < bonjurkes> how can I list all iptables command? Just to see which rules I have added for openvpn
17:41 <+esde> bonjurkes, iptables -t nat -L; iptables -L
17:46 < bonjurkes> thanks esde appearently iptables --flush doesn'T flush nat rules
17:49 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:02 < bonjurkes> !help
18:02 <@vpnHelper> (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.
18:06 < bonjurkes> so the issue is: I can't ping anywhere except my openvpn server. No ping to google, no ping to ip address. linnat setting is done and ipforward is done also
18:06 < bonjurkes> I am pushing dns addresses to client also
18:07 <+esde> show us iptables -t nat -L and iptables -L (pastebin please)
18:08 < bonjurkes> sorry, I think this is openvz
18:08 <+esde> and?
18:09 < bonjurkes> !openvzlinnat
18:09 < bonjurkes> meh
18:09 <+esde> why cant you just show us the rules you've got?
18:10 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:12 < bonjurkes> esde sorry I wanted to be sure that I made everything correct first
18:12 < bonjurkes> it was openvzlinnat rule missing. It's a new server didn'T know that it's on openvz
18:20 < bonjurkes> so it works like a charm now, thank you
18:25 <+esde> nice!
18:33 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
18:35 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:38 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has quit [Remote host closed the connection]
18:38 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has joined #openvpn
18:53 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 240 seconds]
19:19 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
19:24 -!- SviMik [~pIRCuser8@131-250-35-213.dyn.estpak.ee] has quit [Quit: svimik@mail.ru]
19:26 -!- bonjurkes [~bonjurkes@24.133.109.208] has quit [Read error: Connection reset by peer]
19:35 -!- You're now known as ecrist
19:49 -!- dob1 [~d@dynamic-adsl-78-12-174-21.clienti.tiscali.it] has quit [Quit: Leaving]
20:04 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
20:06 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
20:20 -!- hypermist is now known as pcupgrades
20:24 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
20:55 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
20:56 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
21:07 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Remote host closed the connection]
21:07 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
21:25 -!- ampsix [uid26275@gateway/web/irccloud.com/x-xhbckuumxkdzabmn] has joined #openvpn
21:45 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has joined #openvpn
22:01 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has quit [Max SendQ exceeded]
22:02 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has joined #openvpn
22:17 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:21 -!- mattock_afk is now known as mattock
22:57 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:57 -!- james41382_ [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
23:11 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has quit [Quit: ZNC - http://znc.sourceforge.net]
23:13 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
23:13 -!- mode/#openvpn [+v hyper_ch] by ChanServ
23:19 -!- paxmark9 [~paxtormar@199.21.149.142] has left #openvpn ["Leaving"]
23:31 -!- pcupgrades is now known as hypermist
23:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:33 -!- ShadniX [dagger@p5DDFE95B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:34 -!- ShadniX [dagger@p5DDFF7AC.dip0.t-ipconnect.de] has joined #openvpn
23:39 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
--- Day changed Mon Jan 19 2015
00:53 -!- ampsix [uid26275@gateway/web/irccloud.com/x-xhbckuumxkdzabmn] has quit [Quit: Connection closed for inactivity]
01:09 -!- scyld [~scyld@unaffiliated/wasyl] has joined #openvpn
01:20 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Read error: No route to host]
01:20 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
01:25 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:54 -!- scyld [~scyld@unaffiliated/wasyl] has quit [Ping timeout: 276 seconds]
01:55 -!- scyld [~scyld@unaffiliated/wasyl] has joined #openvpn
02:06 -!- scyld [~scyld@unaffiliated/wasyl] has quit [Quit: Lost terminal]
02:29 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
02:29 -!- BtbN [btbn@btbn.de] has joined #openvpn
02:39 -!- Blaster [~Blaster@unaffiliated/blaster] has joined #openvpn
02:39 -!- Blaster [~Blaster@unaffiliated/blaster] has left #openvpn ["Leaving"]
02:50 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
02:51 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:51 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:13 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
03:13 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Client Quit]
03:15 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
03:38 -!- catphish [~catphish@unaffiliated/catphish] has joined #openvpn
03:50 -!- julius_ [~julius_@p3EE29E22.dip0.t-ipconnect.de] has joined #openvpn
03:50 < julius_> hi
03:50 < julius_> looking at "resolv-retry 60"  does 60 seconds make sense?       a dns request that isnt answered after below one second times out anyway?  and even if you retry, wouldnt 10 seconds be a better version?
04:23 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Quit: WeeChat 1.0.1]
04:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:05 -!- shio [marmot@6.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
05:24 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Remote host closed the connection]
05:25 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
05:29 -!- grache28 [~noodles@2601:e:9e80:f:76d0:2bff:fe8f:a0d0] has joined #openvpn
05:31 -!- Fraland [6c3d600a@gateway/web/cgi-irc/kiwiirc.com/ip.108.61.96.10] has joined #openvpn
05:32 < Fraland> Hello #openvpn
05:33 < Fraland> I`m having idea to start VPN service. Anyone maybe running them self this type of service?
05:33 -!- shio [marmot@6.121.101.84.rev.sfr.net] has joined #openvpn
05:42 <+esde> !howto
05:42 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
06:00 <+hyper_ch> esde: he didn't ask how to start but he plans to start one and asked if one here does already so :)
06:03 <+esde> Thank you for explaining the already obvious. The user should review the howto and come back with more detailed questions as they're relates to their specific needs.
06:04 <+esde> *they relate
06:04 <+esde> it's too early, why can't we have Martin Luther King Jr day off????
06:08 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
06:08 <+hyper_ch> is that another made up holiday?
06:09 <+hyper_ch> or that user asked exactely the question we wanted to ask
06:11 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
06:20 -!- catphish [~catphish@unaffiliated/catphish] has left #openvpn ["Leaving"]
06:36 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Quit: Leaving]
06:46 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
06:58 -!- Shiftos_ [~shiftos@gateway/tor-sasl/shiftos] has joined #openvpn
06:59 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]
06:59 -!- Shiftos_ is now known as Shiftos
07:12 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
07:14 <@ecrist> Fraland: good luck.  Lot's of people do exactly that.
07:15 <+hyper_ch> ecrist: why did I suddenly get voice?
07:17 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:19 <@ecrist> your host cloak
07:20 <@ecrist> openvpn/user/* gets +V
07:20 < Fraland> ecrist, thats a good.  What tax'es are paid?
07:21 <@plaisthos> and people with developer get +o for some reason
07:21 <@plaisthos> because you know being developers mean you are good at moderating a channel :)
07:21 -!- mode/#openvpn [-o plaisthos] by plaisthos
07:28 <@krzee> Fraland, we support openvpn, your question is more suitable for a lawyer, tax guy, or maybe some other business in your area… one thing is for certain and that i that we do not help with peoples taxes here LOL
07:28 <@krzee> and that is*
07:28 <+hyper_ch> but taxes are so much fun :)
07:28 <@krzee> Fraland, maybe see hyper_ch in private msg for help with your taxes
07:29 <+hyper_ch> I just noticed znc scrambled all my channels again
07:29 <+hyper_ch> brb
07:29 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
07:29 <@krzee> hah
07:29 < Fraland> lol
07:29 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
07:29 -!- mode/#openvpn [+v hyper_ch] by ChanServ
07:30 <+hyper_ch> back
07:31 < Fraland> hyper_ch: wanna talk about taxes?
07:31 <+hyper_ch> doesn't everybody?
07:42 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:46 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
07:47 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
08:04 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
08:06 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Ping timeout: 244 seconds]
08:11 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
08:12 -!- pythonsnake1 is now known as pythonsnake
08:30 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
08:31 -!- rangerpbzzzz is now known as rangerpb
08:35 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Ping timeout: 272 seconds]
08:36 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
08:36 -!- rangerpb is now known as rangerpbzzzz
08:37 -!- rangerpbzzzz is now known as rangerpb
08:39 -!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]
08:54 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:22 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
09:29 -!- grache28 [~noodles@2601:e:9e80:f:76d0:2bff:fe8f:a0d0] has quit [Quit: WeeChat 1.0.1]
09:35 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:04 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 240 seconds]
10:13 -!- kexmex [~kexmex@195.42.130.233] has quit [Ping timeout: 255 seconds]
10:20 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
10:24 -!- yeik [~jket@2601:7:6881:4700:fab1:56ff:feb8:524a] has quit [Ping timeout: 245 seconds]
10:29 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Quit: elfixit]
10:41 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Ping timeout: 272 seconds]
10:45 -!- harsheesh [~harsheesh@cpc64607-nfds14-2-0-cust129.8-2.cable.virginm.net] has joined #openvpn
10:45 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco]
10:46 < harsheesh> !welcome
10:46 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
10:46 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:49 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
10:49 < harsheesh> Hello. I'm having trouble with my openvpn server. I'm running a server and client on the same machine. The client connects to a private vpn service using open vpn.
10:49 < harsheesh> I would like clients who connect to my server to access the internet using the private vpn service.
10:51 <+esde> any particular reason the server can't act as the server for clients? what is so special about the client connection on the server, that you want all traffic to go through it?
10:51 < harsheesh> Also I'd like the server to access the internet via the private VPN service too. At the moment clients who connect to my openvpn server can access the internet using my normal internet connection.
10:52 < harsheesh> The client connection is one of those anonymising services. It also gives me ip addresses in the country of my choice.
10:53 <+hyper_ch> now I'm back
10:55 < harsheesh> I can't connect to my vpn server when the private vpn connection is initiated. If I initiate the private vpn connection whilst a client is already connected to my vpn server, the client stops being able to access the internet. As soon as I kill the private vpn tunnel the internet starts working again for the client connected to my vpn server.
10:55 <+esde> I've never done it. However, it seems like if you connect the Server to the private VPN with a client connection, then note the client's IP. When you get openvpn server configured, make sure the openvpn clients are on a different subnet. Once a client can connect to your openvpn server instance, try creating a rule to forward it's traffic through the IP of the openvpn client of the "PrivateVPN service"
10:56 <+esde> but i could (and probably am) way off since I've yet to do something like you described.
10:57 < harsheesh> iptables -A FORWARD -s "PrivateVPN service assigned IP" -j ACCEPT  -m comment --comment "For communication between openvpn server/client"
10:57 < harsheesh> Something similar to the above?
10:58 <+esde> I was thinking something like the MASQUERADE rule usually used to funnel 10.8.0.0 traffic out through $WAN_IP
10:58 <+esde> but with $ovpn_client in place of $wan_ip
11:02 < harsheesh> The MASQUERADE rule I have is currently
11:02 < harsheesh> iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o enp2s0 -j MASQUERADE  -m comment --comment "For OpenVPN"
11:03 <+esde> >Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:03 <+esde> just a heads up, can bake things confusing
11:04 <+esde> make, even
11:04 <+esde> harsheesh, it would be easier to understand your setup if you typed !allinfo, and provided the information mentioned with pastebin links
11:05 < harsheesh> I'm using 192.168.50.0/24 and 192.168.51.0/24 so should be OK.
11:05 < harsheesh> OK cool. I'll get the info.
11:05 < harsheesh> !allinfo
11:05 <@vpnHelper> "allinfo" is Please type !configs !logs and !interface to see all the info we want to be able to help you
11:05 < harsheesh> !configs
11:05 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private keys or tls-auth key before
11:05 <@vpnHelper> posting
11:05 <+esde> right, but the idea is 192.168.X.X addresses are harder to work with, they are confusing in the context we're working with them in. (if that makes sense)
11:07 <@krzee> ^ huh?
11:07 -!- atmosx [~bsd@convalesco.org] has joined #openvpn
11:07 <@krzee> no the idea is that most routers use 192.168.0.0/24 and 192.168.1.0/24 by default so it will conflict
11:08 <+esde> right
11:08 <@krzee> using .51 and .50 should be fine
11:08 <+esde> with 192.168.0 and 192.168.1
11:08 < harsheesh> Ye, I had that problem in the past. Thats why I'm using 50 and 51
11:08 -!- atmosx [~bsd@convalesco.org] has left #openvpn ["WeeChat 0.4.4-dev"]
11:08 <@krzee> or you could also use:
11:08 <@krzee> !randomsubnet
11:08 <@vpnHelper> '"randomsubnet" is (#1) http://scarydevilmonastery.net/subnet.cgi for a random !1918 subnet or (#2) If your shell has $RANDOM support, perhaps try this: `echo 10.$((RANDOM%256)).$((RANDOM%256)).0/24 ` or (#3) Or try this perl oneliner: `perl -e \'printf 10.%d.%d.0/24\n , int(rand(256)), int(rand(256));\'`'
11:08 <+esde> at least for me, it makes things confusing thinking of openvpn addresses in terms of 192.168.x.x addresses.
11:09 <@krzee> why?
11:10 <+esde> in most cases i deal with day-to-day 192.168.x.x is local to the network, not to openvpn. so when i see 192.168.x.x in terms of openvpn it's not as fluid for me
11:10 <+esde> BECAUSE IM WEIRD KRZEE IS THAT GOOD ENOUGH? :P
11:10  * esde poking fun
11:10 <@krzee> not the same for 10. ?
11:10 <@krzee> haha
11:11 <+esde> i rarely see 10. addresses day-to-day. i think we have that format for one wireless network and a few remote sites on ISP provided equipment
11:11 <@krzee> i guess if i was at someone's house and their lan was 10.8.0.0/24 i'd be like "uhhhhh bro…?"
11:13 -!- atmosx [~bsd@convalesco.org] has joined #openvpn
11:13 < atmosx> hello, is there any option that will allow OpenVPN to use a predefined virtual interface?
11:14 <@krzee> --dev lol
11:14 < atmosx> hm
11:14 <@krzee> im thinking you skipped the manual on that one
11:14 < harsheesh> !logs
11:14 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:15 < harsheesh> !logfile
11:15 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
11:15 < harsheesh> !interface
11:15 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For
11:15 <@vpnHelper> Linux: iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
11:16 <@krzee> "I'm running a server and client on the same machine. The client connects to a private vpn service using open vpn."
11:16 <@krzee> harsheesh, explain why you have a client and server on the same machine
11:16 <+esde> he wants to connect >1 machine to a service that normally allows 1 machine from what i can make of it
11:17 < atmosx> krzee: so if I already have a dev 'tun0' and the .conf file has a 'dev tun0' openvpn it is going to use it and not create a tun1?
11:17 < atmosx> hm let's try..
11:17 -!- atmosx [~bsd@convalesco.org] has quit [Quit: WeeChat 0.4.4-dev]
11:17 <+esde> wat
11:18 <+esde> * atmosx has quit (Quit: WeeChat 0.4.4-dev)
11:18 < harsheesh> The server is there so I can access my media whilst on the go. Allowing the client to access the private vpn is useful if I need an IP in a diff country so netflix or something.
11:18 -!- atmosx [~osx@79.103.165.42.dsl.dyn.forthnet.gr] has joined #openvpn
11:18 <+esde> Let's ask a question, then quit immediately. It's SUPER EFFECTIVE :P
11:18 <+esde> (failed pokemon joke)
11:18 < harsheesh> I know I could connect directly to the private vpn service but then I'd lose access to the media on the server too.
11:19 < harsheesh> esde, good try :P
11:19 <@krzee> esde, at least that guy got his answer before quitting, webchat users were known for waiting 5min and leaving before anybody answers
11:20 <+esde> 5 minutes is an eternity compared to some channels. I've seen web-users wait as little as 10-30s in some cases.
11:21 <+esde> harsheesh, if it's media you want to share, have you tried a solution that addresses just the issue of sharing media, separately from openvpn?
11:21 <+esde> Plex is the first solution that comes to mind
11:22 < harsheesh> Yes. I have plex and I can access media using the open vpn server
11:22 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:22 <+esde> You shouldnt need openvpn for plex, an internet accessible address with an open port forwarded to the server ip, and a free plex account is all you need
11:23 < harsheesh> I don't want to open it up, just want one entry point to the network via openvpn and then I have a number of services running on my server.
11:24 <@krzee> harsheesh, ok i understand now
11:24 <+esde> Understandable. Just offering other solutions
11:24 <@krzee> and im guessing the problem is as follows:
11:24 <@krzee> when you are redirecting gateway it breaks your connections to your clients
11:24 < harsheesh> esde No worries :) I appreciate the help. Ask away.
11:24 < harsheesh> Yup
11:25 <@krzee> harsheesh, ^ that about right?
11:25 <@krzee> !factoids search redirect
11:25 <@vpnHelper> 'redirect', 'redirect_ips', 'redirect-policy', and 'redirect_ignore'
11:25 < harsheesh> I'm just getting those logs together now.
11:25 <@krzee> !factoids search override
11:25 <@vpnHelper> "route_override" is (#1) https://forums.openvpn.net/viewtopic.php?f=15&t=7161 for how to override --redirect-gateway for a certain subnet or (#2) to see how to make it so the client will still reply to requests to its public ip over the internet and not the vpn see !splitroute
11:25 <@krzee> thats not it...
11:25 <@krzee> !splitroute
11:25 <@vpnHelper> "splitroute" is (#1) https://forums.openvpn.net/topic7175.html to see how to add a second routing table so you can use --redirect-gateway AND still serve things to the internet or (#2) see !route_override for how to override --redirect-gateway for a certain subnet
11:25 -!- yeik [~jket@2601:7:6881:4700:fab1:56ff:feb8:524a] has joined #openvpn
11:25 <@krzee> that is it ^^
11:26  * esde has some reading to do
11:26 < harsheesh> Cool, will that allow my servers clients to access the internet via the tun interface too?
11:26 <+esde> should
11:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:27 < harsheesh> Nice, lets have a read. In the words of the mighty Schwarzenegger, I'll be back.
11:29 <@krzee> it's called policy routing
11:29 <@krzee> or source routing
11:29 <@krzee> !rolicyroute
11:29 <@krzee> !policyroute
11:29 <@krzee> !factoids search --values policy
11:29 <@vpnHelper> 'policy', 'someclient2client', 'win2k8', 'current', 'policy', 'lartc', 'routebyapp', 'iptables', 'redirect-policy', and 'lartc'
11:29 <@krzee> !redirect-policy
11:29 <@vpnHelper> "redirect-policy" is If you are using --redirect-gateway and wish to maintain external access to the same system, you need Policy Routing. If using Linux, see !lartc for reading on the subject. Note that this is a somewhat advanced networking topic.
11:29 <@krzee> !lartc
11:29 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
11:30 <+esde> does LARTC come in audiobook format? :)
11:32 <@krzee> no but theres a coloring book version of selinux guide
11:32 <@krzee> http://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf
11:33 <@krzee> because its never too early to teach kids about access control
11:34 <+esde> it's ridiculous how much more i think i know now, then when i first installed a linux distro, and how little i know in the grand scheme of things.
11:34 <+esde> linux is always very humbling.
11:35 <@krzee> the more i learn the less i know
11:35 <+esde> i know, that i know nothing
11:35 -!- LostNeko [~LostNeko@static-173-76-4-194.bstnma.fios.verizon.net] has joined #openvpn
11:36 <@krzee> i know that this is some gooooood herb
11:36 <@krzee> !botsnack
11:36 <@vpnHelper> "botsnack" is Om nom nom!
11:36 <+esde> Welcome, LostNeko! :)
11:36 < LostNeko> Thank you!
11:36 < LostNeko> I am having some interesting trouble here. My server keeps getting locked in a pollin state.
11:36 < LostNeko> poll([{fd=5, events=POLLIN}], 1, -78207176) = 1 ([{fd=5, revents=POLLIN}])
11:37 <@krzee> LostNeko, as our 1 billionth person to ask for help, you have won:  Free support!
11:37 <@krzee> congratulations!
11:37 < LostNeko> lol
11:37 < LostNeko> i feel so lucky today
11:38 <@krzee> ive never used that high of a debug level
11:38 <@krzee> why do you feel its locked?
11:39 < harsheesh> Awesome. So, I can now connect to the server whilst the privatevpn connection is connected. But the client uses the regular internet connection instead of the privatevpn connection :/
11:39 < LostNeko> so our vpn has worked fine for years now. all of a sudden it got unhappy. I have gone over server configs client configs. the server works fine for a few hours then locks up. connection attempts hit the server then just hang. When stopping the service it looks to be stopped (service command returns success) but the process is still running spitting that line out with slowly incrementing negative numbers
11:39 <@krzee> harsheesh, you must nat his subnet and make sure his default route is the vpn
11:39 <+esde> LostNeko, I can see how that could aggravate your allergies
11:39 <+esde> :P
11:40 < LostNeko> i have to kill -9 in order to restart the service
11:40 <@krzee> weird, what version of openvpn?
11:40 <+esde> pollin/pollen.....nvm
11:40  * esde shows himself out
11:41 < LostNeko> while operating straces will return a good amount of information. when it gets into a locked state it just spams the pollin message. the version is 2.2.1 x86_64-linux-gnu
11:42 <@krzee> hehe
11:42 <+esde> stale
11:42 <@krzee> see if simply updating fixes it
11:42 <@krzee> …it might
11:51 <+hyper_ch> krzee: hehehe http://cdn.arstechnica.net/wp-content/uploads/2015/01/warning-640x468.jpg
11:54 < LostNeko> that is the same version we use in all our data centers, and they are all stable. also its the most up to date package in debian wheezy stable
11:55 <@krzee> then you need a better repo or convince them to update their crap
11:55 <@krzee> because thats hella old
11:56 <@krzee> thats from may 2013
11:56 <+hyper_ch> krzee: you know debian stable :)
11:56 <@krzee> nope
11:57 <+hyper_ch> but but but...
11:57 < LostNeko> Jr.Sys Admin dealing with overworked Sr. handling the job of 3 Seniors. Not gonna ask him if i can change the ops box to a testing build
11:57 < LostNeko> :3
11:57 <@krzee> testing build?
11:57 <@krzee> 2.3.6 is stable 2.2.1 is outdated
11:57 < LostNeko> well for debian stable
11:58 < LostNeko> https://packages.debian.org/search?keywords=openvpn
11:58 <@vpnHelper> Title: Debian -- Package Search Results -- openvpn (at packages.debian.org)
11:58 <+esde> debian stable != stable
11:59 <+esde> better yet debian stable != current
11:59 < LostNeko> stable as a rock. and about as old
11:59 -!- Drb0b [~drb0b@193.242.210.141] has joined #openvpn
11:59 <+esde> Right, I should have been more precise
12:00 < LostNeko> dont even mention systemd in this office if you want to leave with your head
12:00 <@krzee> https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
12:00 <@vpnHelper> Title: OpenvpnSoftwareRepos – OpenVPN Community (at community.openvpn.net)
12:00 <@krzee> maybe that helps ya
12:00 <+esde> Politics is neither here nor there. Fact is using outdated versions is unpredictable
12:00 <+hyper_ch> One Centos dev to another: "Hey you think we can already update the repos to openvpn 2.2.1?" The other replies: "Better not, it recently got added to debian stable, let's wait a bit longer."
12:01 <+esde> especially if clients are using newer versions
12:01 <@krzee> which they *are*
12:01 <@krzee> well how about THIS
12:01 <+esde> you don't tell them
12:01 <@krzee> all your servers are vulnerable to a DOS
12:01 <+esde> :P
12:02 <@krzee> !ovpnuke
12:02 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
12:02 <+esde> that should raise some ears
12:02 <@krzee> so… there you go
12:02 < LostNeko> :3
12:03 <+hyper_ch> isn't every server vulnerable to DOS?
12:03 <@krzee> enjoy the overworked senior, maybe someone will do their job and update their shit now :D
12:03 <@krzee> hyper_ch, no.
12:03 <+hyper_ch> if you have a big enough pipe and the openvpn server hasn't, can't you DOS it?
12:04 <@krzee> thats not DOSing the server, it is DOSing the pipe
12:04 <@krzee> there is a very noticable difference.
12:05  * esde throws a firecracker down krzee's pipe
12:05 <+hyper_ch> in both cases you can't use openvpn anymore ;)
12:05 <+esde> says who
12:05 < atmosx> h
12:05 <+hyper_ch> what does it matter if you blow up a target with dynamite or c4
12:05 <@krzee> hyper_ch, unless i was using another instance of openvpn on the same server, then theres a difference again
12:05 <+esde> denial of service mitigation is a thing, FYI
12:06 <+esde> I'm not good at it, per se. But there are people/appliances/services that are.
12:06 <+hyper_ch> cloudfare?
12:06 <+esde> for web stuff, sure
12:07 <+esde> http://www.incapsula.com/blog/behemoth-ddos-mitigation-appliance.html never used it, but 170Gbps is nothing to scoff at
12:07 <@vpnHelper> Title: Who Says Behemoths Can’t Dance? | Agile 170Gbps DDoS Mitigation Appliance | Incapsula.com (at www.incapsula.com)
12:08 <+hyper_ch> if people stopped using Windows, wouldn't a lot of zombies disappear?
12:09 <@krzee> temporarily
12:09 <@krzee> however, there would be more worms made for whatever OS they all flock to
12:09 <+esde> or or ditch zombies altogether...............
12:09 <+hyper_ch> OS/2
12:09 <@krzee> windows gets picked on in that respect because of its market share
12:10 <+esde> windows zombies are peanuts
12:10 <+esde> https://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks/
12:10 <+hyper_ch> not only market share but also because it's easy
12:10 <@vpnHelper> Title: Understanding and mitigating NTP-based DDoS attacks (at blog.cloudflare.com)
12:10 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
12:11 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
12:12 <+esde> any idea why it's so easy?
12:12 <+hyper_ch> because people click on every "i-love-you.txt.bat" file?
12:12 <+esde> because there's so much documentation, because it's so pervasive. it's only the target OS of choice because so many people use it
12:13 <+hyper_ch> it's the easy to infiltrate and the amounts of installs... both play a key factor
12:13 <+hyper_ch> what good is an OS that's impenetrable even if a large majority runs it
12:13 <@krzee> theres nothing that is super hard to infiltrate
12:13 <+esde> if insertRandomNicheDistro here had an easy peezy 1,2,3 remote exploit that allowed for root control. its useless if no one is using the distro
12:13 <+hyper_ch> you just look at the ROI
12:14 <+esde> .....
12:14 <+esde> the more users, the more vulnerable
12:14 <+esde> more people aiming to undermine it
12:14 -!- atmosx [~osx@79.103.165.42.dsl.dyn.forthnet.gr] has left #openvpn ["Let him that would move the world first move himself. - Socrates"]
12:17 <+esde> anywhooo, lunch now!
12:20 -!- gbkersey [~gbkersey@unaffiliated/gbkersey] has joined #openvpn
12:27 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Quit: ZNC - http://znc.sourceforge.net]
12:31 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
12:57 -!- wmp [~wmp@sored/admin/wmp] has joined #openvpn
12:57 < wmp> hello
12:57 < Drb0b> Is there no access server for raspberry pi? :(
12:57 < wmp> i need dhcp reservation, is possible to do it in openvpn server?
13:01 < plaisthos> can you explain what you mena with dhcp reservation?
13:01 < plaisthos> !goal
13:01 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:02 < wmp> plaisthos: now after reboot i have other ip from dhcp, i want have this same ip all time
13:03 < wmp> plaisthos: withous static ip address configuration
13:03 < plaisthos> wmp: err, what does this have to do with vpn?
13:04 < DArqueBishop> !AS
13:04 <@vpnHelper> "AS" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
13:04 < wmp> plaisthos: sorry, i dont understand
13:04 <+esde> Drb0b, ^
13:04 < Drb0b> esde yo?
13:04 <+esde> see the AS factoid above ^^^
13:04 -!- Envil [~meep@e182061137.adsl.alicedsl.de] has joined #openvpn
13:04 < Drb0b> Thank you
13:04 < Drb0b> :)
13:04 < plaisthos> wmp: You are speaking about the wifi/lan ip of your computer right?
13:04 <+esde> np
13:05 < wmp> plaisthos: no, i thinks about VPN IP from subnet 10.8.0/24
13:06 < DArqueBishop> I'm not sure about anyone else, but my clients always have the same IP when they reconnect to the VPN.
13:06 < wmp> plaisthos: now when i start computers in work, first booted computer has ip 10.8.0.4
13:06 < wmp> second computer has .8
13:06 < plaisthos> wmp: --ifconfig-pool-persist file
13:06 < plaisthos> did you look at that?
13:06 < plaisthos> !ipp
13:06 <@vpnHelper> "ipp" is (#1) the option --ifconfig-pool-persist ipp.txt does NOT create static ips or (#2) Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, see !iporder and !static
13:07 < wmp> plaisthos: thanks, i have write content to this file manual or this is automatical?
13:08 < plaisthos> !iporder
13:08 <@vpnHelper> "iporder" is (#1) OpenVPN's internal client IP address selection algorithm works as follows: 1 -- Use --client-connect script generated file for static IP (first choice). or (#2) Use --client-config-dir file for static IP (next choice) !static for more info or (#3) Use --ifconfig-pool allocation for dynamic IP (last choice) or (#4) if you use --ifconfig-pool-persist see !ipp
13:08 < plaisthos> !static
13:08 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
13:08 < plaisthos> wmp: read the documentation and that bot output
13:08 < wmp> plaisthos: hmmm, i have file ipp.txt and this option enables and ipp.txt has content
13:09 < wmp> plaisthos: maybe problem is in time?
13:09 < wmp> Persist/unpersist ifconfig-pool data to file, at seconds intervals (default=600),
13:10 < wmp> so yes, i need 24 hours or more ;)
13:11 < plaisthos> wmp: that option specifies how often the file is written
13:11 < plaisthos> please read !iporder and !static and understand those
13:11 < wmp> ok
13:12 < LostNeko> So i managed to get the backported version of openvpn 2.3.2-7 approved for install. removal of old openvpn version went fine and installation went fine. now trying to start the server just issues. [FAIL] Starting virtual private network daemon: server failed!
13:13 < LostNeko> Anyone have any advice on how to start troubleshooting this one?
13:13 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
13:17 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
13:19 < wmp> plaisthos: so, if i havent configured client-connect script and client-config-dir then openvpn should use ifconfig-pool?
13:26 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
13:30 -!- doebi [~doebi@doebi.at] has joined #openvpn
13:30 < doebi> i guess there is noly one way windows can fail on initalizing a connection to a vpn server?
13:31 < doebi> since it's error message is just like: "Connecting to server has failed!"
13:31 < doebi> as in "fuck you, i won't give you any further details. deal with it!"
13:31 < doebi> i love windows <3
13:33 <+hyper_ch> verb 5
13:33 -!- doebi [~doebi@doebi.at] has left #openvpn ["self-kick"]
13:38 < LostNeko> is there a change between openvpn 2.2 and 2.3 server.conf files. would a 2.2 server.conf be usable by 2.3 server?
13:40 <+hyper_ch> should be usable
13:40 <+hyper_ch> does 2.2 already have client-to-client?
13:41 -!- alnkpa [~alnkpa@2001:1a50:11:0:5f:8f:acc3:1] has left #openvpn ["Leaving"]
13:42 < LostNeko> would that be in the server.conf file?
13:42 <+hyper_ch> yes
13:43 <+hyper_ch> if you even need that
13:44 < plaisthos> hyper_ch: yes
13:45 <+hyper_ch> :)
13:47 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Quit: elfixit]
13:49 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:50 -!- harsheesh [~harsheesh@cpc64607-nfds14-2-0-cust129.8-2.cable.virginm.net] has quit [Quit: harsheesh]
13:55 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
13:58 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
14:02 < ValdikSS> Guys, what about polarssl vulnerability for mobile clients?
14:02 -!- ender` [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
14:04 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 272 seconds]
14:10 -!- u0m3 [~u0m3@92.80.89.9] has quit [Read error: Connection reset by peer]
14:11 <@krzee> got link?
14:11 <@krzee> ValdikSS, ^
14:11 < ValdikSS> krzee: sure, https://www.certifiedsecure.com/polarssl-advisory/
14:11 <@vpnHelper> Title: Certified Secure (at www.certifiedsecure.com)
14:11 < ValdikSS> krzee: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
14:11 <@vpnHelper> Title: PolarSSL Security Advisory 2014-04 - Tech Updates (at polarssl.org)
14:12 < ValdikSS> krzee: afaik OpenVPN iOS and Android clients use PolarSSL
14:12 <@krzee> they do
14:12 <@krzee> plaisthos, here to comment?
14:13 <@krzee> or syzzer ?
14:14 < plaisthos> OpenVPN Connect does
14:14 < plaisthos> OpenVPN for Android uses OpenSSL
14:14 < plaisthos> (unless you compiled it from source yourself with PolarSSL)
14:14 <@krzee> ahh i thought it did too, learned something new =]
14:18 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 252 seconds]
14:18 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
14:18 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
14:39 -!- u0m3 [~u0m3@92.80.89.9] has joined #openvpn
14:44 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:57 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
15:11 -!- deskjob [2e138974@gateway/web/freenode/ip.46.19.137.116] has joined #openvpn
15:12 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
15:12 -!- TommyC [~TommyC@unaffiliated/sepulchralbloom] has joined #openvpn
15:12 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
15:15 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
15:20 -!- mattock is now known as mattock_afk
15:33 -!- Envil [~meep@e182061137.adsl.alicedsl.de] has quit [Remote host closed the connection]
16:09 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:20 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
16:20 -!- `Yoda is now known as Yoder
16:26 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
16:48 -!- rangerpb is now known as rangerpbzzzz
16:49 -!- lorens [~lorens@84.79.104.213] has joined #openvpn
16:56 -!- lorens [~lorens@84.79.104.213] has quit [Remote host closed the connection]
16:59 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
17:01 -!- Drb0b [~drb0b@193.242.210.141] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
17:03 -!- Latrina [~Latrina@adsl-ull-172-191.50-151.net24.it] has quit [Ping timeout: 245 seconds]
17:05 -!- Fraland [6c3d600a@gateway/web/cgi-irc/kiwiirc.com/ip.108.61.96.10] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
17:06 -!- Latrina [~Latrina@151.26.16.255] has joined #openvpn
17:26 -!- Latrina [~Latrina@151.26.16.255] has quit [Read error: Connection reset by peer]
17:26 < deskjob> I am still having troubles connecting my 2.3.6 windows client to my debian server running 2.3.6, I was wondering if anyone can offer me some insight or maybe some tips to find the answer?
17:26 < deskjob> server conf: https://pastee.org/qx9qk
17:27 < deskjob> client conf: https://pastee.org/sax6k
17:27 < deskjob> server verb 6 log: https://pastee.org/xtxbj
17:27 < deskjob> client verb 6 log: https://pastee.org/txsj9
17:31 -!- Latrina [~Latrina@ppp-122-59.26-151.libero.it] has joined #openvpn
17:32 -!- paxmark9 [~paxtormar@50.72.94.240] has joined #openvpn
17:36 < pekster> More than 5 is just worthless noise
17:36 < pekster> !verb
17:36 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only
17:36 -!- Latrina [~Latrina@ppp-122-59.26-151.libero.it] has quit [Ping timeout: 265 seconds]
17:37 < deskjob> I see
17:37 < pekster> Packets aren't making it back to the client at any rate
17:38 < pekster> The server appears to be sending them back, so I'd guess a firewal between (and including) the OS on the server and the client end is dropping them
17:38 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:38 -!- Latrina [~Latrina@ppp-69-0.26-151.libero.it] has joined #openvpn
17:38 < deskjob> pekster:  krzee said the issue is with the client
17:39 < deskjob> something blocking the client end
17:39 < deskjob> I have tried disabling all security
17:39 < deskjob> I cannot find anything blocking the clientside
17:40 < deskjob> in a windows environment, what would you suggest me to do to move forward?
17:40 < deskjob> It is very strange to me because PIA and airvpn both work fine
17:41 < pekster> The usual; trace the flow of packets between the ends you control
17:41 -!- paxmark9 [~paxtormar@50.72.94.240] has quit [Ping timeout: 264 seconds]
17:41 < pekster> tcpdump or similar (wireshark / tshark.exe on Windows)
17:42 < deskjob> I have wireshark installed, but I am not sure what exactly I am looking for
17:42 < deskjob> also, should I be viewing the tap interface, or my main interface?
17:43 < deskjob> the tap interface just says unplugged the entire time
17:43 < pekster> Right, the TLS handshake isn't completing
17:43 < pekster> If packets don't arrive on your client, then something upstream is dropping them
17:43 < pekster> (could be your router, your ISP, or even the server if it's misconfigured, or the server router, server ISP, or some router between any of those)
17:44 < deskjob> well I have had openvpn working fine with this server in the past
17:44 < deskjob> and as I said, PIA and airvpn both work fine on this computer
17:45  * pekster shrugs. My VPN to $work and $home also work fine, but do about as much to help your situation
17:45 < deskjob> I tried to use several older version of the client software, but not older versions on the server side
17:45 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:46 -!- Latrina [~Latrina@ppp-69-0.26-151.libero.it] has quit [Ping timeout: 256 seconds]
17:47 < pekster> THat's not your problem; some _firewall_ is
17:47 < pekster> If you tried to send postal letters to your friend and they never arrived, you'd hardly blame your pen or envelope for it; same thing here
17:48 -!- Latrina [~Latrina@ppp-134-38.26-151.libero.it] has joined #openvpn
17:48 < pekster> Server is sending packets (see log lines 341, 343, 345, etc) but never arrive on your client. You need to tcpdump each "step" of the way and find out where they get lost. Basic network troubleshooting
17:48 < pekster> Does it leave your server interface? Does it leave your router's interface that the server is using? Do you control the gateway beyond that? Does it reach there?, etc, etc
17:48 < deskjob> well I'm sorry I am not a networking genius mate
17:48 < deskjob> I'm trying
17:49 < pekster> !tcpdump
17:49 <@vpnHelper> "tcpdump" is (#1) tcpdump is a great troubleshooting tool (Wireshark or the tshark.exe CLI tools for Windows.) To start, try a syntax like `tcpdump -pni ifWhatever` or (#2) You can also add filters to the command, like 'icmp' or 'udp port 1194' and the like. Consult the tcpdump docs for details.
17:49 < deskjob> ok, I'll give this a shot
17:49 < deskjob> thank you
17:50 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 276 seconds]
17:51 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
17:52 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
17:54 < deskjob> pekster: before I start dumping to troubleshoot, can you tell me if my iptables rules look ok?
17:54 < deskjob> https://pastee.org/6nbjr
17:56 -!- Latrina [~Latrina@ppp-134-38.26-151.libero.it] has quit [Ping timeout: 256 seconds]
17:58 -!- Latrina [~Latrina@ppp-59-41.26-151.libero.it] has joined #openvpn
18:01 < pekster> It's not the cause of your current problem, but lines 21-22 are worthless because line 20 rejects anything it gets
18:01 < pekster> Lines 15-16 also don't help you as-is since your filter/INPUT policy is ACCEPT anyway
18:06 < deskjob> ok thank you
18:10 < pekster> Well, subtract 1 from each of those numbers, but the same idea holds
18:13 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
18:15 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
18:29 -!- deskjob [2e138974@gateway/web/freenode/ip.46.19.137.116] has quit []
18:44 -!- Latrina [~Latrina@ppp-59-41.26-151.libero.it] has quit [Ping timeout: 246 seconds]
18:46 -!- Latrina [~Latrina@ppp-166-56.26-151.libero.it] has joined #openvpn
18:54 -!- Latrina [~Latrina@ppp-166-56.26-151.libero.it] has quit [Ping timeout: 240 seconds]
18:56 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
18:57 -!- Latrina [~Latrina@ppp-8-55.26-151.libero.it] has joined #openvpn
18:57 -!- aditsu [~aditsu@183178080020.ctinets.com] has quit [Ping timeout: 245 seconds]
19:02 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
19:03 -!- Latrina [~Latrina@ppp-8-55.26-151.libero.it] has quit [Ping timeout: 256 seconds]
19:41 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
19:46 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
20:17 -!- julius_ [~julius_@p3EE29E22.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
20:20 -!- julius_ [~julius_@p3EE29E90.dip0.t-ipconnect.de] has joined #openvpn
20:32 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Remote host closed the connection]
20:37 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
20:46 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
20:47 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
20:48 -!- GladiaTeur [~wgpqhaijm@unaffiliated/gladiateur] has joined #openvpn
20:48 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
20:48 -!- mode/#openvpn [+o krzee] by ChanServ
21:18 < GladiaTeur> !welcome
21:18 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
21:18 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:19 < GladiaTeur> !goal
21:19 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
22:05 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:21 -!- gully-foyle [~pumpkinpa@pool-173-67-88-70.snfcca.dsl-w.verizon.net] has joined #openvpn
22:27 -!- GladiaTeur [~wgpqhaijm@unaffiliated/gladiateur] has left #openvpn []
22:53 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has quit [Quit: closing IRC]
22:53 -!- gully-foyle [~pumpkinpa@pool-173-67-88-70.snfcca.dsl-w.verizon.net] has quit [Quit: Leaving]
22:57 -!- u0m3 [~u0m3@92.80.89.9] has quit [Ping timeout: 255 seconds]
23:31 -!- ShadniX [dagger@p5DDFF7AC.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX [dagger@p5481DD2E.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Tue Jan 20 2015
00:03 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 245 seconds]
00:47 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:51 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-nseiuozmbriswpdd] has joined #openvpn
00:51 < mjkr> if a dpi is to detect openvpn traffic, would it base the decision on packet size?
00:56 -!- mattock_afk is now known as mattock
01:04 -!- u0m3 [~u0m3@109.96.148.10] has joined #openvpn
01:06 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 244 seconds]
01:11 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 255 seconds]
01:12 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
01:18 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-nseiuozmbriswpdd] has quit [Quit: WeeChat 1.0.1]
01:22 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 245 seconds]
01:31 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has joined #openvpn
01:33 < altker128> Hey guys.  I want to get OpenVPN going on my S4 running 4.4.4 .  There are three OpenVPN clients that I know of, the official one, OpenVPN Settings (freidrich) and OpenVPN for Android (Arne).  Any opinions of them?
01:33 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
01:33 <+hyper_ch> I use Arne's at the moment
01:34 < altker128> That uses the built-in Android VPN services IIRC
01:34 < altker128> hyper_ch: Any comments?  Good?  Bad?  Issues on WiFi or 3G?  DNS server issues?
01:34 <+hyper_ch> works find
01:34 <+hyper_ch> the only annoying thing is when I reboot the phone, I need to say it's ok to use it again
01:35 <+hyper_ch> but I heard that's the same for friedrichs one
01:35 < altker128> Did you try the "official" app?
01:39 <+hyper_ch> and using that script to create the .conf file resp .ovpn for Arnes.... tls auth still missing though http://paste.debian.net/141335/
01:40 < altker128> Do you see any drawbacks to using the official application?
01:40 <+hyper_ch> I said all I have to say about it
01:55 < altker128> I guess Arne's app doesn't allow tethering and VPN at the same time :(
02:17 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has joined #openvpn
02:18 < stk> Hello folks, I would like to know how to do a site-to-site VPN with this kind of setup
02:19 < stk> openvpn server 1 - dhcp providing IP on subnet 10.0.1.0/24
02:19 < stk> openvpn server 2 - dhcp providing IP on subnet 11.0.1.0/24
02:19 < stk> 2 openvpn servers above are separated on Internet
02:20 < stk> I want to be able to connect from a client of openvpn-server-1, say 10.0.1.11 to a client of the other site, say 11.0.1.11
02:21 < stk> I've read through countless docs and guides on the Internet but it seems to me that they try to solve specific, assumed cases rather than going for a generic setup and ideas
02:21 < stk> Now, my question is: How can I connect 2 OpenVPN server together? Which techniques and configurations I would need to get familiar with?
02:25 < stk> documentation such as this page is just... bad https://openvpn.net/index.php/access-server/section-faq-openvpn-as/server-configuration/209-how-do-i-setup-openvpn-access-server-to-use-site-to-site.html
02:25 <@vpnHelper> Title: How do I setup OpenVPN Access Server to use site-to-site? (at openvpn.net)
02:26 < BtbN> One server is a client.
02:28 < stk> Does it mean that I need 2 openvpn-server processes on 1 server? And on the other server, 1 openvpn-server and 1 openvpn-client?
02:28 < stk> Is my assumption correct?
02:35 < BtbN> Yes, at least if I understand your setup correctly.
02:38 < stk> right, then I assume that after connecting 2 OpenVPN server together (via a server-client model), I would only need to setup gateway and routing to achieve my goals?
02:38 < stk> (which is to get the client from one LAN to connect to another client on the other LAN)
02:39 < BtbN> Yes, the site-to-site VPN would have some internal transfer network, and on each site you add a route to the other network.
02:47 < plaisthos> altker128: see the faq for that :)
02:47 < plaisthos> altker128: it is a an Android bug
02:47 < plaisthos> altker128: with 4.4+ tethering+vpn should work at the same time
02:48 < plaisthos> at least it works on my 4.4 devices
02:55 < stk> BtbN: thank you very much!
02:56 < stk> That clarifies a lot for me. Appreciate it.
02:59 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
03:00 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Client Quit]
03:01 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
03:01 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:06 -!- ValdikSS [~valdikss@5.144.106.59] has joined #openvpn
03:06 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has left #openvpn []
03:13 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:27 -!- ValdikSS [~valdikss@5.144.106.59] has quit [Ping timeout: 245 seconds]
03:34 -!- ValdikSS [~valdikss@5.144.106.59] has joined #openvpn
03:39 -!- eike_52n [~eike@80.156.182.234] has joined #openvpn
03:39 < eike_52n> !windows
03:39 <@vpnHelper> "windows" is (#1) computers are like air conditioners, they work well until you open windows. or (#2) http://secure-computing.net/files/windows.jpg for funny or (#3) http://secure-computing.net/files/windows_2.jpg for more funny
03:46 -!- u0m3 [~u0m3@109.96.148.10] has quit [Ping timeout: 244 seconds]
04:00 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has joined #openvpn
04:04 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 264 seconds]
04:18 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has quit [Ping timeout: 264 seconds]
05:22 -!- atmosx [~osx@130.43.124.168.dsl.dyn.forthnet.gr] has joined #openvpn
05:22 < atmosx> hello
05:22 < atmosx> does anyone know what media type is opevpn's device 'tun0' ?
05:22 < atmosx> I see 'unknown' in most places.
05:24 < BtbN> media type?
05:24 < BtbN> It's a layer 3 tunnel device.
05:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:36 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
05:38 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
05:51 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 272 seconds]
05:55 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
05:57 < KavanS> !howto
05:57 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
06:22 -!- ValdikSS [~valdikss@5.144.106.59] has quit [Ping timeout: 255 seconds]
06:23 -!- ValdikSS [~valdikss@5.144.106.59] has joined #openvpn
06:25 -!- atmosx [~osx@130.43.124.168.dsl.dyn.forthnet.gr] has quit [Quit: Let him that would move the world first move himself. - Socrates]
06:38 -!- Henryabcd [~Henryabcd@p4FC437ED.dip0.t-ipconnect.de] has joined #openvpn
07:00 -!- rhineheart_m [~rhinehear@unaffiliated/rhineheartm/x-283746] has joined #openvpn
07:00 -!- rhineheart_m [~rhinehear@unaffiliated/rhineheartm/x-283746] has left #openvpn ["Leaving"]
07:15 -!- Henryabcd [~Henryabcd@p4FC437ED.dip0.t-ipconnect.de] has quit [Quit: Leaving]
07:22 -!- spiekey [~admin@projekte.imos.net] has joined #openvpn
07:47 -!- rangerpbzzzz is now known as rangerpb
08:22 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
08:34 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
08:48 -!- markelite [croftworth@gateway/shell/yourbnc/x-tcbsaqyavfnpcsln] has quit [Quit: I shall return...]
09:01 -!- eike_52n [~eike@80.156.182.234] has quit [Quit: Leaving]
09:16 -!- ValdikSS [~valdikss@5.144.106.59] has quit [Quit: Konversation terminated!]
09:19 -!- someone [~someone@168.235.155.111] has joined #openvpn
09:22 -!- pvl1 [~pvl1@unaffiliated/pvl1] has joined #openvpn
09:23 < pvl1> is there a script that openvpn runs to add routes and such on my system? id like to change some of the behavior
09:43 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:43 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
09:50 <+esde> pvl1,
09:50 <+esde> !route
09:50 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
09:55 <+esde> !scared
09:55 <@vpnHelper> "scared" is http://www.youtube.com/watch?v=P_WI0VI7aIw
09:55 <+esde> defunct link^
09:57 < pvl1> esde: are you recommending that i push routes from server to clients, to tell them what shoudl be done?
09:57 < pvl1> im trying to prevent all traffic from routting through vpn
09:59 <+esde> I'm recommending you read up on routing as it relates to openvpn. Else, do your routing within the LAN, before the traffic hits openvpn
10:06 < DArqueBishop> pvl1, are you the admin of the OpenVPN server you're connecting to?
10:06 < pvl1> yep
10:06 < pvl1> DArqueBishop: ^
10:07 < pvl1> esde: thanks ill read thruought the day
10:07 < DArqueBishop> Then remove the redirect-gateway line in your config.
10:07 < pvl1> i thought ; means its a comment
10:08 <+esde> lines prefixed with ; are commented
10:08 < pvl1> hence my confusion
10:08 < DArqueBishop> !pastebin
10:08 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
10:08 < DArqueBishop> !logs
10:08 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:09 < DArqueBishop> Sorry, wrong one.
10:09 < DArqueBishop> !configs
10:09 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private keys or tls-auth key before
10:09 <@vpnHelper> posting
10:10 < pvl1> DArqueBishop: sorry have to run into a meeting, but ill post config soon. i have to show routes as well
10:14 -!- spiekey [~admin@projekte.imos.net] has quit [Quit: spiekey]
10:15 -!- u0m3 [~u0m3@109.96.158.204] has joined #openvpn
10:16 <+esde> :)
10:20 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has joined #openvpn
10:20 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
10:20 < altker128> plaisthos: You around?
10:32 < plaisthos> altker128: yes
10:32 < TommyC> Is there a way (without a packet capture) to check my connection to my VPN is properly encrypted? I know for a fact that it is getting to the VPN server but I'm not 100% sure how to check it's encrypted.
10:32 < plaisthos> openvpn should log your encryption
10:33 < plaisthos> as in data connection established with xxx cipher
10:33 < plaisthos> or something similar
10:33 < plaisthos> Jan 20 16:34:54 hermes ovpn-hd[1405]: orion/131.234.14.23:47331 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
10:34 < TommyC> plaisthos: Danke I'll take a look at the logs.
10:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
10:34 < altker128> plaisthos: Are you using the official OpenVPN Connect client?  You mentioned that VPN+tethering is working for you.  Which device do you use?
10:35 < plaisthos> altker128: I use my own client :). It works on a Nexus 7 and a Xperia Z1 compact
10:35 < plaisthos> but should generally work on 4.4+ devices
10:35 < plaisthos> the tethering will not use the VPN
10:35 < altker128> Your own client?  You compiled OPenVPN stuff yourself?
10:35 < plaisthos> Sure!
10:36 < plaisthos> you can a copy too https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en
10:36 < altker128> Ah, you're Arne :)
10:36 < plaisthos> (:
10:37 < altker128> Nice to meet you.  Thanks for your hard work!
10:38 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Ping timeout: 272 seconds]
10:39 < plaisthos> but since you are using a S4 and Samsung likes to break things, it may well be that they have broken VPN+tethering in their own builds
10:39 < altker128> plaisthos: Hrm, so it's possible tethering+VPN works with your client
10:40 < plaisthos> altker128: it should not depend on the client
10:40 < altker128> plaisthos: It looks like it's a few iptables rules to route traffice from wlan (whatever the device name) to tun, right?
10:40 < altker128> plaisthos: From a security perspective, is there any issue using Google's VPN services provider?
10:41 <+esde> it's google
10:41 <+esde> :P
10:41 < plaisthos> altker128: see last faq of my clinet ;)
10:41 < plaisthos> but yes
10:43 < altker128> esde: Are you saying they care or don't care?  My implication is the later
10:43 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
10:43 <+esde> I keep my apples out of google's basket whenever/wherever possible
10:44 < altker128> esde: Yeah...me too.
10:44 < altker128> esde: Which is why I'm a bit worried about relying on their VPN service
10:44 <+esde> roll your own! :D
10:44 < altker128> (software layer)
10:44 <+esde> openvpn is schweet
10:44 < altker128> Yeah...with Android's non-UNIX/Linux standard userland?  They really screwed that up.
10:45 <+esde> OpenVPN for Android works very well
10:45 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
10:45 < altker128> esde: Yes..but uses the underlying Android services
10:46 < plaisthos> altker128: what exactly do you mean with Googl's VPN services provider?
10:46 < plaisthos> the android VPN API?
10:46 <+esde> Some stuff is inevitable. Not sure how else it could be done, but if a solution comes along that doesn't use android services, I'll be trying it out
10:46 < altker128> esde: https://f-droid.org/repository/browse/?fdfilter=openvpn&fdid=de.schaeuffelhut.android.openvpn
10:46 <@vpnHelper> Title: F-Droid (at f-droid.org)
10:46 < altker128> esde: But I haven't used it myself
10:47 < plaisthos> that API can be trusted
10:47 <+esde> huh, havent seen this before
10:47 < plaisthos> it is just a local API
10:50 < altker128> plaisthos: So, to re-cap, tethering+VPN MIGHT work on 4.4.4 , depending on how badly Samsung screwed up or didn't screw up? :)
10:53 < plaisthos> altker128: yes (:
10:54 < plaisthos> but the tethered connection is not using the VPN
10:54 < altker128> Oh :(
10:54 < plaisthos> it is getting the "normal" mobile connection
10:57 < altker128> plaisthos: I guess that is not the worst in the world, I can run OVPN on any devices I connect through as well
11:15 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
11:15 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Client Quit]
11:15 -!- lorens [~lorens@213.27.241.114] has quit []
11:23 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-uyiqcadxhyrwcgro] has joined #openvpn
11:23 < MalteJ> hi
11:23 < MalteJ> is it possible to assign an IPv6 subnet to every OpenVPN client?
11:28 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:28 < plaisthos> MalteJ:
11:28 < plaisthos> !ccd
11:28 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
11:28 < plaisthos> !iroute6
11:29 < plaisthos> !iroute
11:29 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
11:29 < MalteJ> plaisthos: thank you
11:50 -!- spiekey [~admin@HSI-KBW-078-043-156-025.hsi4.kabel-badenwuerttemberg.de] has joined #openvpn
11:51 < KavanS> yeah openvpn is the best
11:51 < KavanS> Using TLS - I've adjusted my cipher, and am using a large(r) key.  Are there any good articles on security?
11:55 <+esde> !hardening
11:55 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
11:55 <+esde> !security
11:55 <@vpnHelper> "security" is "secure" is (#1) http://openvpn.net/howto.html#security for hardening, or (#2) http://openvpn.net/index.php/documentation/security-overview.html for security overview
11:56 <+esde> i guess i couldve killed two birds with one stone, had i used !secure, but c'est la vie
12:03 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
12:05 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
12:12 -!- jdzielny [~mint@cpe-74-76-34-181.nycap.res.rr.com] has joined #openvpn
12:15 < yeik> So, anybody in here know a good person to talk to about the windows tap driver?
12:23 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:28 -!- jdzielny [~mint@cpe-74-76-34-181.nycap.res.rr.com] has quit [Quit: Leaving]
12:28 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has quit [Ping timeout: 245 seconds]
12:30 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:31 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Read error: Connection reset by peer]
12:41 < KavanS> nice
12:41 < KavanS> thanks for the links esde
12:42  * KavanS reads up on lunch break
12:42 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
12:48 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
12:49 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
12:52 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Read error: No route to host]
13:03 < pvl1> well that lasted long
13:03 < pvl1> ie lunch
13:06 < pvl1> DArqueBishop: https://gist.github.com/pvl1/1ace346eba350533a025
13:06 <@vpnHelper> Title: gist:1ace346eba350533a025 (at gist.github.com)
13:06 < pvl1> lemme know if you need more info
13:06 <@syzzer> yeik: depends on what you want to know
13:08 < yeik> Performance testing, who we might be able to pay to fix it, if anybody has tried to fix performance problems, anybody has good test cases/test code
13:18 <@syzzer> are you the Dan on the mailinglist asking about driver profiling?
13:18 <@syzzer> *the same guy as
13:22 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
13:23 <@syzzer> at least make sure to fiddle with --sndbuf and --rcvbuf openvpn options, but if you're looking for someone with deep knowledge, I could only refer you to the author of the new tap-windows6 driver (TDivine <tdivine@pcausa.com>)
13:24 -!- mattock is now known as mattock_afk
13:24 < yeik> syzzer, He is a co-worker.
13:24 <@syzzer> heh, that won't help you much than :p
13:24 <@syzzer> *then
13:24 < yeik> At least we know that people are seeing it.
13:25 < yeik> is Tdivine on the mailing list or likely to check it?
13:25 < yeik> or should we contact him directly?
13:25 <@syzzer> not sure, I never had direct contact with him, everything went through OpenVPN corp.
13:26 <@syzzer> dropping him an email directly is probably the best way to get in touch
13:35 -!- spiekey [~admin@HSI-KBW-078-043-156-025.hsi4.kabel-badenwuerttemberg.de] has quit [Quit: spiekey]
13:44 <+hyper_ch> hi syzzer
13:44 <@syzzer> hyper_ch: hi :)
13:44 <+hyper_ch> syzzer: how's the direct client to client connection progressing?
13:44 <@syzzer> heh, not at all afaik ;)
13:45 <+hyper_ch> not at all? /me is a sad panda
13:45 <@syzzer> there too much crypto stuff on my plate to actually start working on that too
13:45 <@syzzer> sorry to disappoint you
13:45 <+hyper_ch> syzzer: it's ok :) it's not like it's already 5 or so years... ;)
13:46 <+hyper_ch> what crypto stuff are you working on?
13:46 <@syzzer> I still think it's a really cool thing to have, but I'm a crypto guy, so that gets my attention more easily
13:47 <+hyper_ch> it would be a unique selling point IMHO
13:47 <@syzzer> currently AES-GCM, and looking into cipher negotiation
13:47 <@syzzer> well, not really unique, since tinc is already doing it ;)
13:47 <+hyper_ch> btw, why are elliptic curves the "latest" hype in cryptography? and how can some curves be weaker than others?
13:47 <+hyper_ch> s/unique/almost unique/
13:48 <@syzzer> hehe
13:48 <@syzzer> curves are cool for multiple reasons, but the main reason is that keys can be shorter while maintaining the same security level (or even while increasing the security level)
13:49 <@syzzer> and that pays off in a reduced computational load for higher security levels
13:50 <@syzzer> as to strength, there simple the 'curve size', but there's also questions like 'how easy is it to create a secure implementation?' and 'could there be back doors?' (the second being quite in the tin foiled hat area, if you ask me...)
13:52 <+hyper_ch> so I assume the elliptic curves in crypto aren't the same elliptic curves I remember from geometry classes?
13:53 <@syzzer> sort of, but 'on steroids'  ;)
13:54 <@syzzer> have you even seen this one:
13:54 <@syzzer> http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
13:54 <@vpnHelper> Title: A (relatively easy to understand) primer on elliptic curve cryptography | Ars Technica (at arstechnica.com)
13:54 <@syzzer> *ever
13:54 <+hyper_ch> can openvpn actually be secured against a bruce schneier attack?
13:54 -!- spiekey [~admin@HSI-KBW-078-043-156-025.hsi4.kabel-badenwuerttemberg.de] has joined #openvpn
13:55 <+hyper_ch> oh, that's what diffie and hellman look like :)
13:55 <@syzzer> what is a 'bruce schneier attack'? I'm not familiar with the term.
13:55 <+hyper_ch> you don't know the bruce schneier facts?
13:56 <@syzzer> heh, no, never seen those before :')
13:56 <+hyper_ch> http://www.schneierfacts.com/facts/3
13:56 <@vpnHelper> Title: Bruce Schneier Facts (at www.schneierfacts.com)
13:57 <@syzzer> yeah, currently F5'ing ;)
13:57 <+hyper_ch> hehehe :)
13:58 <+hyper_ch> I only get a few of those
13:59 <+hyper_ch> http://www.schneierfacts.com/facts/33
13:59 <@syzzer> well, I guess OpenVPN would not be able to withstand such an attack :')
13:59 <@vpnHelper> Title: Bruce Schneier Facts (at www.schneierfacts.com)
14:01 <+hyper_ch> :)
14:05 -!- cali [~cali@unaffiliated/cali] has joined #openvpn
14:09 -!- DomeMaster [~iain@cpc30-lanc6-2-0-cust53.3-3.cable.virginm.net] has joined #openvpn
14:09 < DomeMaster> Hello
14:09 < DomeMaster> when I put in the wrong config file
14:09 < DomeMaster> openvpn sometimes never stops trying to connect
14:10 < DomeMaster> can I get it to fail if it doesn't connect in say 1 min
14:10 < DomeMaster> plesae?
14:11 < altker128> One comment, I know that OpenVPN does a keep alive every 10 seconds, and firewalls often drop the connection if it's more than 60 seconds.  Any reason not to set the keep alive to 55 seconds or so?  And how much data in bytes is exchanged?  I'm a bit worried about blowing through my data plan.
14:11 < altker128> Note:  Using UDP for OVPN
14:31 <+hyper_ch> krzee: syzzer:  https://twitter.com/CharlieVedaa/status/541031447986184192
14:31 <@vpnHelper> Title: ʇıq on Twitter: "Attention Onionland- @shodanhq search by fingerprint uncloaks darknet/Internet SSH servers. https://t.co/F5OI60XGfR http://t.co/RaQNFTtOg5" (at twitter.com)
14:34 <@syzzer> hyper_ch: yes, authenticating using a public key (ssl, ssh, etc.) is very likely to blow your cover ;)
14:45 <+hyper_ch> just letting you know :)
15:18 -!- markelite [yourbnc@gateway/shell/yourbnc/x-qgninclwlqgouxpc] has joined #openvpn
15:18 < MalteJ> can I use different keys for every user when using symmetric crypto or does this only work with asymmetric keys?
15:20 < KavanS> altker128: keepalive setting
15:23 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
15:33 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:33 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
15:36 <@krzee> hyper_ch, all i can say to that is *DUH*
15:36 <@krzee> wtf they thought *fingerprint* was used for?
15:36 <+hyper_ch> how to get different fingerprints on tor and normal ssh?
15:36 <@krzee> run different ssh processes with different key files in them
15:37 <@krzee> a fingerprint is for cryptographically verifying identity
15:37 <@krzee> and they are surprised it can be used to… identify identity?
15:37 <+hyper_ch> well, I wouldn't have thought of that
15:38 <@krzee> heh
15:38 <@krzee> i like to hide my ssh inside openvpn anyways
15:39 -!- markelite [yourbnc@gateway/shell/yourbnc/x-qgninclwlqgouxpc] has quit [Quit: I shall return...]
15:41 -!- markelite [croftworth@gateway/shell/yourbnc/x-auzemhtfbjgooyvg] has joined #openvpn
15:41 <+hyper_ch> krzee: btw, what password manager do you use?
15:41 <@krzee> my brain
15:41 <@krzee> its a little old fashioned but it still works
15:42 <+hyper_ch> I really have a linking for pass now :)
15:46 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:46 <+hyper_ch> "simple" bash scripts that just gpg encrypts the passwords and stuff and has integrated git capabilities :)
15:51 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Write error: Connection reset by peer]
15:51 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Read error: Connection reset by peer]
15:52 <@krzee> ya you showed it to me
15:52 <@krzee> i thought it was cool, then continued as normal
15:53 <+hyper_ch> I did?
15:53 <+hyper_ch> really?
15:54 <@krzee> yep awhile back
15:54 <@krzee> when you found it im guessing
15:56 <+hyper_ch> :)
15:56 <+hyper_ch> I still ike it :)
15:57 < altker128> KavanS: Yes, I know it's keepalive setting, was just asking about setting it it > 10 seconds and if anyone had any personal experience doing that.
15:58 <@krzee> altker128, your keepalive setting depends on your needs
15:58 <@krzee> i recommend looking at it in the manual and seeing exactly what it does
16:03 <+hyper_ch> krzee: I just read that the Tasker app can take a picture when the screen unlock code was entered unsuccessfully, email the picture and then shut itself down
16:03 <+hyper_ch> do you happen to know if that's true?
16:07 <@krzee> yes, i use it
16:07 <@krzee> :-p
16:07 <@krzee> my girl got a BIG surprise one day
16:09 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
16:10 < KavanS> lol krzee
16:12 <@krzee> it can even mute the phone before the camera
16:17 <+hyper_ch> krzee: you use it the same way?
16:17 <+hyper_ch> I just looked at it but couln't figure out how to do it
16:17 <@krzee> i dont use the email part
16:17 <@krzee> theres hella guides on google for it
16:18 <+hyper_ch> google hates me
16:18 <+hyper_ch> but taking a pic when screen unlock passwd has been entered wrongly...
16:18 <@krzee> you got that part?
16:18 <@krzee> thats that i use
16:18 <+hyper_ch> no, that's what I couldn't figure out
16:19 <@krzee> !google tasker camera lockscreen
16:19 <@vpnHelper> Bypass Pattern from lockscreen with Camera - Tasker Wiki: <http://tasker.wikidot.com/bypass-pattern-from-lockscreen-with-camera>; Opening Google Camera app on shake from lockscreen : tasker: <http://www.reddit.com/r/tasker/comments/2q5pmk/opening_google_camera_app_on_shake_from_lockscreen/>; How to Recreate Moto X Camera Shake (Tasker) - YouTube: <http://www.youtube.com/watch?v=n5W6tnOOVwI>
16:20 -!- chrisb [~chrisb@li482-205.members.linode.com] has joined #openvpn
16:21 <+hyper_ch> krzee: it's late here.. I might look at it tomorrow :)
16:21 <@krzee> meh ill find it later for you
16:21 <@krzee> smoking a joint with a guy right now
16:21 <@krzee> remind me
16:25 < altker128> ssshh
16:25 < chrisb> !
16:25 <+hyper_ch> that guy also has medical weed perscription, right?
16:27 <@krzee> hyper_ch, actually yes
16:28 <+hyper_ch> just making sure that people know you're not doing anything illegal ;)
16:32 -!- rangerpb is now known as rangerpbzzzz
16:40 <@krzee> just so the people know
16:40 <@krzee> i smoke weed, and dont care about the laws about it.
16:40 <@krzee> in case the people are curious
16:41 <+hyper_ch> shhushhhh
16:43 -!- paxmark9 [~paxtormar@198.144.158.14] has joined #openvpn
16:44 -!- catalase [~catalase@gateway/tor-sasl/catalase] has joined #openvpn
16:44 < catalase> hello
16:44 < catalase> i require assistance with openvpn
16:44 <@krzee> !ask
16:44 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
16:45 <+hyper_ch> off to bed :) nighty night
16:45 <@krzee> nite
16:45 < catalase> since i have no idea whether or not my local firewall is blocking openvpn or other vpn protocols like pptp. i have opened an ssh tunnel to a server which has unrestricted access to the internet
16:46 < catalase> so the openvpn will connect via ssh tunnel proxy to a box elsewhere which hosts the openvpn
16:47 <@krzee> bad idea
16:47 < catalase> so when i connect, the connection verifies and constantly resets
16:47 < DArqueBishop> !logs
16:47 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:47 <@krzee> the ssh tunnel means everything has to go over tcp, which means you will have tcp over tcp over tcp
16:47 <@krzee> which is bad^2
16:47 < catalase> lol its like tcpception
16:47 <@krzee> !tcp
16:47 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
16:47 <@krzee> just dont do it
16:48 < catalase> ok one moment then
16:49 < catalase> i will produce logs via nopaste
16:49 <@krzee> why?
16:49 <@krzee> just dont do that
16:49 <@krzee> even when it works it wont work
16:49 < catalase> it still does not connect
16:49 < DArqueBishop> catalase: why are you unsure if OpenVPN will not work through your firewall? Have you not tried it?
16:49 < catalase> even when i try to run over no tunnel
16:50 <@krzee> try to get it working through the firewall
16:50 < catalase> correct. i am posting logs now
16:50 <@krzee> find a ip/port/proto that works
16:50 <@krzee> !configs
16:50 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries or (#3) on pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private keys or tls-auth key before
16:50 <@vpnHelper> posting
16:50 <@krzee> !logs
16:50 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:51 <@krzee> !forget configs *
16:51 <@vpnHelper> Joo got it.
16:51 <@krzee> !learn configs as please !paste your logfiles from both client and server with verb set to 4 (or use 5 if asked)
16:51 <@vpnHelper> Joo got it.
16:52 <@krzee> !forget configs *
16:52 <@vpnHelper> Joo got it.
16:52 < catalase> krzee, here is the log: http://nopaste.info/f602d3fddc.html
16:52 < catalase> now i will post config
16:52 <@krzee> !learn configs as please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version
16:52 <@vpnHelper> Joo got it.
16:52 <@krzee> !learn configs as dont forget to include any ccd entries
16:52 <@vpnHelper> Joo got it.
16:53 <@krzee> !learn configs as pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
16:53 <@vpnHelper> Joo got it.
16:53 <@krzee> !learn configs as remove inline private key or tls-auth key before posting
16:53 <@vpnHelper> Joo got it.
16:53 <@krzee> !configs
16:53 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
16:53 <@krzee> much better
16:54 < catalase> here is client config, krzee: http://nopaste.info/4039b7ab1c.html
16:54 <@krzee> no
16:55 <@krzee> read this again
16:55 <@krzee> !configs
16:55 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
16:55 <@krzee> remove comments
16:55 < DomeMaster> I've noticed some config files have shell commands in them
16:55 < DomeMaster> is it possible to disable that?
16:55 <@krzee> DomeMaster, the scripting interface?
16:55 <@krzee> !script
16:55 <@vpnHelper> "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
16:55 <@krzee> that ^?
16:55 < DomeMaster> no the "--config x" option
16:56 < DomeMaster> can there be shell commands in the file x
16:56 < DomeMaster> ?
16:56 < DomeMaster> If so can I disallow their execute please :)
16:56 <@krzee> no, except for --up /path/tp/script
16:56 <@krzee> where /path/tp/script contains shell commands
16:56 < catalase> http://nopaste.info/a4c380985a.html krzee no comments now
16:56 <@krzee> up and other script hooks
16:56 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:56 < pekster> Any of the !scripts could contain "shell commands" if passed as arguments to a shell interperter
16:57 < pekster> s/shell/script/
16:57 <@krzee> exactly ^
16:57 <@krzee> catalase, that was not even set to use the proxy
16:57 < DomeMaster> ok great
16:57 <@krzee> it would use one of the --socks options
16:58 < catalase> oh
16:58 < DomeMaster> well I pass the up and down as an option on the command line so I should be fine
16:58 < DomeMaster> and they can't create their own file
16:58 < DomeMaster> so there is no probelm
16:58 < catalase> would it work over socks then?
16:58 < DomeMaster> thanks for letting me know
16:58 <@krzee> DomeMaster, heres what you see in that config filke
16:58 <@krzee> file*
16:58 <@krzee> !--
16:58 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
16:58 <@krzee> !man
16:58 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
16:58 < DomeMaster> Thanks krzee just wanted to double check
16:58 < DomeMaster> I wasn't vulnerable
16:59 <@krzee> catalase, well when you use ssh tunneling its really emulating a socks server on your localhost for your apps to connect to
16:59 < catalase> but krzee, i input that socks proxy in the gui
16:59 < catalase> does it also need to be in the config file
16:59 <@krzee> i know nothing about guis
16:59 <@krzee> windows gui?
16:59 < catalase> correct
16:59 <@krzee> dunno
17:00 <@krzee> openvpn is configured via config file, thats what i do
17:00 < catalase> forget the entire idea of socks server atm, no ssh tunnel lets go back to square one
17:00 < catalase> just trying to connect with openvpn
17:00 < pekster> IIRC the stock windows GUI proxy options are just a proxy (pun not intended) to the various openvpn proxy CLI options
17:00 < DArqueBishop> Are you using Windows 8.x, catalase?
17:01 <@krzee> gotta find something open, i suggest netcat (nc)
17:01 < catalase> does not work as shown in the log  http://nopaste.info/f602d3fddc.html
17:01 < catalase> DArqueBishop no, win 7
17:01 < catalase> netcat, for windows?
17:01 < DArqueBishop> The server is set to listen on TCP, correct?
17:01 <@krzee> dunno not a windows user
17:01 <@krzee> thats for you to figure out
17:03 < catalase> krzee, ok i have netcat
17:03 < catalase> can you suggest some ports that i should check?
17:04 < pekster> That's a really screwy error. Assuming that's returned from the win32 network API, I'd verify packets arrive at the far end
17:06 < pekster> Maybe try using the TAP-WIN32 program tools to remove and re-create the tap device
17:06 < catalase> does the config look ok though?
17:06 < catalase> yes, DArqueBishop
17:06 < catalase> the server is on a ddwrt router
17:07 -!- catalase [~catalase@gateway/tor-sasl/catalase] has quit [Remote host closed the connection]
17:07 -!- catalase [~catalase@gateway/tor-sasl/catalase] has joined #openvpn
17:07 < pekster> Without server configs it's hard to say
17:08 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:08 < pekster> It's also generally unwise to use any of the --persist-*, --user, or --group options as a client
17:08 < catalase> pekster, here you go http://nopaste.info/480e34f484.html
17:08 < catalase> server config
17:09 < pekster> (it's going to break in cases where reconnects provide a differnet IP, which you can't avoid unless you go out of your way to issue !static addressing, and disconnect old connections prior to reconnects, ie, don't allow !dupe connections)
17:10 < pekster> Careful pushing such a common server-side network; that'll cause issues anywhere your client is on the same network on its local LAN
17:10 < pekster> Your --comp-lzo settings are mis-matched
17:10 < pekster> Also, --ns-cert-type is deprecated; see !mitm for the modern alternative
17:12 < catalase> !mitm
17:12 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
17:13 < catalase> pekster, how are they mismatched?
17:13 <@krzee> one side does not have it
17:13 < catalase> i see comp-lzo and comp-lzo
17:13 <@krzee> not in your paste
17:15 < catalase> ok i added it to the server side
17:17 <@krzee> new error?
17:18 <@krzee> also, did you already try udp?
17:18 < catalase> krzee, have not yet tried udp
17:18 <@krzee> udp should be preferred, try it first
17:18 < catalase> should i add this to the server config and firewall rule and give it a go?
17:19 <@krzee> then give us both logs with verb 5
17:19 < catalase> ok will try
17:24 < catalase> it gives tls negotiation error
17:25 < catalase> i think my workplace blocks pptp, so it may also block openvpn on 1194
17:25 < catalase> thats why i used a tunnel
17:26 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:26 < pekster> So try a different port
17:26 <@krzee> try 53 udp
17:26 < pekster> If it's a DPI that can detect the openvpn handshake, you'd either need a !static tunnel, or obfuscation, like !obfs
17:26 < pekster> Try that, and some other arbitrary and/or common ports
17:27 < pekster> (sometimes UDP is forced to a special DNS server that validates it as DNS, or dropped by DPI if it's _not_ DNS)
17:27 < pekster> s/UDP/DNS/
17:28 <@krzee> sometimes
17:28 <@krzee> depends who hes dealing with
17:28 <@krzee> usually worth testing
17:29 <@krzee> next tcp 443
17:29 < pekster> Easy to test a good dozen in quick succession
17:29 <@krzee> yep
17:32 < catalase> Tue Jan 20 18:32:19 2015 TCP: connect to [AF_INET]CENSORED:443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
17:33 < catalase> udp 53 no luck either
17:35 <@krzee> join a drive?
17:35 < catalase> yes, i have no clue wtf that means
17:36 < catalase> closest i got was ssh tunneling the vpn connection
17:37 < catalase> it actually verified the certificates and keys and such
17:38 <@krzee> so what port was that using? try that port
17:38 < catalase> 8190. but no dice when i tried it here
17:38 <@krzee> that was probably the localhost port
17:38 <@krzee> more likely was tcp 22
17:38 < catalase> ah i see
17:39 < catalase> yeah it is dynamic ssh tunnel
17:40 < catalase> Tue Jan 20 18:40:28 2015 WARNING: Bad encapsulated packet length from peer (21331), which must be > 0 and <= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
17:41 < catalase> then it just restarts over and over. but it actually made the connection on tcp 22
18:06 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:22 -!- Denial [~Denial@host86-163-6-191.range86-163.btcentralplus.com] has joined #openvpn
18:37 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
18:38 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 264 seconds]
19:04 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
19:06 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:07 -!- YeahToast [32cb03f9@gateway/web/freenode/ip.50.203.3.249] has joined #openvpn
19:07 -!- YeahToast [32cb03f9@gateway/web/freenode/ip.50.203.3.249] has left #openvpn []
19:13 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
19:13 -!- mode/#openvpn [+v esde] by ChanServ
19:25 < Eugene> !osx
19:25 <@vpnHelper> "osx" is (#1) Tunnelblick includes everything you need to run OpenVPN on OS X. https://code.google.com/p/tunnelblick/ or (#2) Viscosity is another OpenVPN client for OS X, but it is commercial. http://www.thesparklabs.com/viscosity/
19:26 -!- DomeMaster [~iain@cpc30-lanc6-2-0-cust53.3-3.cable.virginm.net] has quit [Read error: Connection reset by peer]
19:27 -!- DomeMaster [~iain@cpc30-lanc6-2-0-cust53.3-3.cable.virginm.net] has joined #openvpn
19:32 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
19:44 -!- doop [~doop@colostomy.club] has joined #openvpn
19:51 -!- chrisb [~chrisb@li482-205.members.linode.com] has quit [Ping timeout: 264 seconds]
20:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:18 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
20:19 -!- julius_ [~julius_@p3EE29E90.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]
20:20 -!- DomeMaster [~iain@cpc30-lanc6-2-0-cust53.3-3.cable.virginm.net] has quit [Read error: Connection reset by peer]
20:21 -!- julius_ [~julius_@p3EE29FD6.dip0.t-ipconnect.de] has joined #openvpn
20:21 -!- DomeMaster [~iain@cpc30-lanc6-2-0-cust53.3-3.cable.virginm.net] has joined #openvpn
20:23 -!- DomeMaster [~iain@cpc30-lanc6-2-0-cust53.3-3.cable.virginm.net] has quit [Read error: Connection reset by peer]
20:25 -!- DomeMaster [~iain@cpc30-lanc6-2-0-cust53.3-3.cable.virginm.net] has joined #openvpn
20:26 -!- DracoDan [~no@pool-108-28-227-179.washdc.fios.verizon.net] has joined #openvpn
20:26 < DracoDan> how can a non-admin user change their password for OpenVPN? Using basic authentication
20:29 <+esde> they cant AFAIK without some custom setup
20:33 < DracoDan> that's.... pretty poor design
20:35 <+esde> i said AFAIK, and IDK everthing
20:35 <+esde> are you referring to AS?
20:37 <+esde> DracoDan &
20:37 <+esde> *^
21:01 < DracoDan> AS?
21:01 < DracoDan> oh, yes
21:01 < DracoDan> I don't really care enough though, it's just my brother and I already gave him admin rights on the VPN server
21:02 < DracoDan> but thanks!
21:06 <+esde> !as
21:06 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
21:06 <+esde> that's why i asked
21:06 <+esde> completely different
21:07 <+esde> openvpn community is the core, everything you need tools. AS is the fancy web gui and prepackaged management tools
21:07 <+esde> like AD integration and stuffs
21:09 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:13 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
21:15 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:35 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 245 seconds]
21:53 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:07 -!- XJR-9 [XJR-9@pdpc/supporter/active/xjr-9] has joined #openvpn
22:31 -!- nesta [pr@suidci.de] has joined #openvpn
22:32 < nesta> hello, anyone here using OpenBSD 5.6/current and having issues with OpenVPN not working on it?
22:32 < nesta>  /sbin/route add -net 46.246.47.2 192.168.0.1 -netmask 255.255.255.255
22:32 < nesta> route: writing to routing socket: File exists
22:33 < nesta> add net 46.246.47.2: gateway 192.168.0.1: File exists
22:33 < nesta> ERROR: OpenBSD/NetBSD route add command failed: external program exited with error status: 1
22:33 < nesta> I see some things on Google about it but not having any joy finding a solution
22:34 < nesta> I have my confs and everything else set up correctly 100%. I have used OpenVPN numerous times on various different OS
22:34 < nesta> not sure what to do :[
22:39 < Eugene> !beer
22:39 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
22:39 < Eugene> A good place to start
22:39 -!- Haigha [~root@dovahkiin.xomg.net] has quit [Ping timeout: 272 seconds]
22:47 -!- grache28 [~noodles@c-71-203-157-109.hsd1.fl.comcast.net] has joined #openvpn
22:47 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
23:01 -!- grache28 [~noodles@c-71-203-157-109.hsd1.fl.comcast.net] has quit [Ping timeout: 245 seconds]
23:05 -!- catalase [~catalase@gateway/tor-sasl/catalase] has quit [Ping timeout: 250 seconds]
23:06 -!- catalase [~catalase@gateway/tor-sasl/catalase] has joined #openvpn
23:31 -!- ShadniX [dagger@p5481DD2E.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX_ [dagger@p5481DD3C.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- ShadniX_ is now known as ShadniX
--- Day changed Wed Jan 21 2015
00:19 -!- spiekey [~admin@HSI-KBW-078-043-156-025.hsi4.kabel-badenwuerttemberg.de] has quit [Quit: spiekey]
00:23 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has joined #openvpn
00:24 < CMEPTb> hi guys.  i know i must have read the wrong docs, wrong place, or etc.. but. Just trying to get some more ideas on troubleshooting. i have openvpn on openwrt (server) configured, followed the guide on openwrt wiki. android client with openvpn for android connects fine locally, but when i tried to come in via LTE won't forward net traffic thru the tunnel. what can I try?
00:25 < CMEPTb> openvpn 2.2.2
00:27 -!- mattock_afk is now known as mattock
00:31 -!- dfrey [~dfrey@d173-180-95-43.bchsia.telus.net] has joined #openvpn
00:35 < CMEPTb> hi dfrey
00:54 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 276 seconds]
00:57 -!- spiekey [~admin@projekte.imos.net] has joined #openvpn
01:21 -!- Haigha [~root@2001:41d0:1:d4e5::1] has joined #openvpn
01:35 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
01:47 -!- u0m3_ [~u0m3@92.80.85.133] has joined #openvpn
01:48 -!- u0m3 [~u0m3@109.96.158.204] has quit [Ping timeout: 272 seconds]
02:00 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has quit [Read error: Connection reset by peer]
02:00 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has joined #openvpn
02:07 -!- ender` [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 276 seconds]
02:08 -!- paxmark9 [~paxtormar@198.144.158.14] has quit [Quit: Leaving]
02:22 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has quit [Read error: Connection reset by peer]
02:23 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has joined #openvpn
02:28 -!- deranged [Jess@sciurus.net] has quit [Quit: et nos unum sumus]
02:28 -!- deranged [Bit@sciurus.net] has joined #openvpn
02:42 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
02:52 -!- u0m3 [~u0m3@92.80.64.20] has joined #openvpn
02:54 -!- u0m3_ [~u0m3@92.80.85.133] has quit [Ping timeout: 255 seconds]
02:59 -!- KavanS [~quassel@LINBIT/KavanS] has quit [Ping timeout: 245 seconds]
03:12 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
03:12 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:13 -!- gbkersey [~gbkersey@unaffiliated/gbkersey] has quit [Ping timeout: 264 seconds]
03:17 -!- XJR-9 [XJR-9@pdpc/supporter/active/xjr-9] has quit []
03:17 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
03:19 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 276 seconds]
03:21 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has quit [Ping timeout: 245 seconds]
03:25 -!- mbrgm [~mbrgm@unaffiliated/mbrgm] has joined #openvpn
03:25 < mbrgm> hi! what is the reason for every client having its own gateway in openvpn?
03:30 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:34 < Eugene> !net30
03:34 <@vpnHelper> "net30" is "/30" is (#1) http://openvpn.net/index.php/documentation/faq.html#slash30 explains why routed clients each use 4 ips, or (#2) you can avoid this behavior with by reading !topology
03:34 < Eugene> mbrgm - ^
03:42 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has joined #openvpn
03:52 -!- mbrgm_ [~mbrgm@unaffiliated/mbrgm] has joined #openvpn
03:55 -!- mbrgm [~mbrgm@unaffiliated/mbrgm] has quit [Ping timeout: 264 seconds]
04:01 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has quit [Read error: Connection reset by peer]
04:01 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has joined #openvpn
04:04 < mbrgm_> !topology
04:04 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
04:04 -!- mbrgm_ is now known as mbrgm
04:07 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Quit: WeeChat 1.0.1]
04:15 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
04:18 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has quit [Ping timeout: 244 seconds]
04:32 -!- mbrgm [~mbrgm@unaffiliated/mbrgm] has quit [Ping timeout: 256 seconds]
04:40 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:43 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:43 -!- mirco_ [~mirco@176.198.211.199] has joined #openvpn
04:54 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
05:02 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
05:08 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
05:18 -!- DomeMaster [~iain@cpc30-lanc6-2-0-cust53.3-3.cable.virginm.net] has left #openvpn []
05:32 -!- u0m3_ [~u0m3@92.80.64.20] has joined #openvpn
05:33 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
05:35 -!- u0m3 [~u0m3@92.80.64.20] has quit [Ping timeout: 245 seconds]
05:52 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
06:09 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
07:20 -!- two_oes [orenoi@nat/redhat/x-jrbacgtyeqglrhgk] has joined #openvpn
07:20 -!- blackbit [ahuemer@unaffiliated/ahuemer] has joined #openvpn
07:48 -!- rangerpbzzzz is now known as rangerpb
08:14 -!- Exagone313 [exa@ewd.ovh] has quit [Read error: Connection reset by peer]
08:15 -!- two_oes [orenoi@nat/redhat/x-jrbacgtyeqglrhgk] has quit [Quit: Leaving]
08:20 -!- Exagone313 [exa@ewd.ovh] has joined #openvpn
08:45 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Ping timeout: 272 seconds]
08:49 -!- akamaru217 [~akamaru21@2601:0:8a80:1064:c069:f6fb:4d2c:8e8c] has quit [Ping timeout: 245 seconds]
08:51 -!- Saw [5bcd9b90@gateway/web/freenode/ip.91.205.155.144] has joined #openvpn
08:53 < Saw> hi, I am currently using openvpn server on remote pc (A), where the openvpn client, my pc (B) can successfully connect to it. However, I also want to be able to access computer C, which is accessible only from the openvpn server (pc A).
08:53 < Saw> I used 'route add' command on windows (I know i can use 'push' on openvpn push, but trying to do it manually first), and when doing tracert to pc C, it seems to work(ish). The first computer, is pc A. Everything after though, is '* * * request time out'
09:00 -!- gbkersey [~gbkersey@unaffiliated/gbkersey] has joined #openvpn
09:18 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
09:22 -!- Saw [5bcd9b90@gateway/web/freenode/ip.91.205.155.144] has quit [Quit: Page closed]
09:39 -!- tchiwam [~tchiwam@194.177.246.74] has joined #openvpn
09:41 < tchiwam> I have yet another dumb question for experts, now that my dual link working... What's the best way to get one tun interface and share the load on both link ?
09:44 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
09:44 -!- Yoder [Yoda@gateway/shell/yourbnc/x-qafvbngfwpqktbdm] has quit [Ping timeout: 245 seconds]
09:53 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-tmeecoyzxccfsurf] has joined #openvpn
09:55 < xorox90> Do I have to install CA certificate to redirect client HTTPS packet?
10:07 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-crgykzbusvouiekx] has joined #openvpn
10:14 -!- pvl1 [~pvl1@unaffiliated/pvl1] has left #openvpn ["WeeChat 1.1-dev"]
10:24 -!- Six6siX [~Devil@jasmine.sammybakar.com] has quit [Ping timeout: 256 seconds]
10:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
10:29 -!- spiekey [~admin@projekte.imos.net] has quit [Quit: spiekey]
10:31 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:36 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
10:55 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
10:57 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Ping timeout: 272 seconds]
10:59 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Ping timeout: 272 seconds]
11:28 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
11:32 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
11:33 < blackbit> hi all. i get a tunnel, but the client does not get an ip assigned. i am out of ideas http://ahuemer.xx.vu/volatile/2015-01-21-ns9QLIh3Rw0/
11:33 <@vpnHelper> Title: Index of /volatile/2015-01-21-ns9QLIh3Rw0/ (at ahuemer.xx.vu)
11:35 -!- LostNeko [~LostNeko@static-173-76-4-194.bstnma.fios.verizon.net] has quit [Quit:  HydraIRC -> http://www.hydrairc.com <- Would you like to know more?]
11:35 < blackbit> openvpn is 2.2.1-8+deb7u2 on both client and server, on debian wheezy, x86_64
12:00 -!- mirco_ [~mirco@176.198.211.199] has quit [Quit: mirco_]
12:21 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
12:34 < catalase> krzee
12:34 < catalase> after messing around with openvpn, i finally got it to work over ssh tunnel
12:34 < catalase> lol
12:34 < catalase> it says it is connected, but my IP is not different lol
12:37 < catalase> anyone know how to actually utilize the connection then?
12:39 < catalase> oh it says unidentified network, no internet access
12:39 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-tmeecoyzxccfsurf] has quit [Quit: Connection closed for inactivity]
12:46 <@ecrist> catalase: see !goal
12:46 <@ecrist> !goal
12:46 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
12:51 < catalase> I would like to access the internet over my vpn
12:52 <@ecrist> you need to enable NAT on the VPN server, ip forwarding to allow the routing, and then push a default gateway to your VPN clients
12:52 <@ecrist> !def1
12:53 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
12:53 < catalase> oh boy lol
12:54 < catalase> can you help me with the server config if i nopaste it?
12:54 <+esde> !configs
12:54 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:54 <@krzee> catalase,
12:54 <@krzee> !redirect
12:54 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
12:54 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
12:55 < catalase> http://nopaste.info/d6772a92df.html = server config, http://nopaste.info/8cd1e6a6c5.html = client config
13:03 < catalase> !ipforward
13:03 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
13:03 < catalase> it doesn't like redirect-gateway directive
13:04 < catalase> !linipforward
13:04 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
13:04 < catalase> !winipforward
13:04 <@vpnHelper> "winipforward" is (#1) http://support.microsoft.com/kb/315236 to enable ip forwarding on windows or (#2) reboot after enabling it
13:06 < catalase> iptables looks like this: http://nopaste.info/8778f2a74a.html
13:17 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:40 < catalase> !nat
13:40 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
13:43 <@krzee> !linnat
13:43 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
13:43 <@krzee> assuming linux server
13:44 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:49 < catalase> ok so it took the redirect-gateway now
13:49 -!- ampsix [uid26275@gateway/web/irccloud.com/x-lwqlopcdwtbbhhmy] has joined #openvpn
13:49 <@krzee> in the client config right?
13:50 < catalase> server config :/ should it be clientside?
13:50 <@krzee> if in server config you are pushing it, right?
13:52 < catalase> yes
13:53 < catalase> and then it cuts off my internet acces on the client side interestingly enough
13:53 < catalase> well, the http access at least
13:54 < catalase> need redirect-gateway only be on one side? or both client and server where server side is pushing it
13:54 <@krzee> !push
13:54 <@vpnHelper> "push" is usage: push <command> , goes in the server config and makes the command act as if it was in the client config, can be used in ccd entries
13:54 <@krzee> you can push it from server to client or run it directly on the client, they do the same thing
13:54 <@krzee> but then your server needs to NAT the vpn subnet
13:55 <@krzee> and your server must have ip forwarding enabled
13:55 <@krzee> what os is your server?
13:55 < catalase> it is linux based i think. running on ddwrt router
13:56 <@krzee> !ddwrt
13:56 <@krzee> !dd-wrt
13:56 <@vpnHelper> "dd-wrt" is (#1) While some users have success with dd-wrt, the build system isn't very accessible to users and there have been security issues with the distro. Consider carefully if this is the platform you want to use for OpenVPN or (#2) Firewall oopsie : http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783 or (#3) more issues: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=84536
13:56 <@krzee> however
13:56 <@krzee> show me iptables-save
13:57 < catalase> should be same as the firewall rules from earlier
13:57 <@krzee> that wasnt iptables-save
13:57 < catalase> i guess i need to telnet into ddwrt and ask iptables-save?
13:57 <@krzee> that was just a couple rules
13:57 <@krzee> you probably have never seen your real obfuscated ruleset
13:58 <@krzee> haha
13:58 < catalase> probably right about that
13:59 <@krzee> i would hope it would be ssh not telnet, but yes get a shell
13:59 <+esde> poor telnet
14:00 <@krzee> meh its still ok for manually testing smtp servers
14:00 <@krzee> :D
14:00 <+esde> and nntp :D
14:01 < catalase> ok i have shell access
14:01 < catalase> no idea what to type to output iptables-save to a file
14:01 <+esde> iptables-save > file
14:01 < catalase> and then to read that file
14:01 <@krzee> iptables-save > file
14:01 <+esde> cat file
14:01 <@krzee> you need to understand your server os, really
14:01 < catalase> iptables-save not found lol
14:01 <@krzee> !bestos
14:01 <@vpnHelper> "bestos" is the best os for openvpn is the one you are most comfortable with
14:02 < catalase> maybe different for ddwrt
14:02 <+esde> nix is nix
14:02 <+esde> the commands i provided should be standard
14:02 <+esde> !101
14:02 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
14:02 < catalase> am linux noob, but can work with it. one sec
14:03 <+esde> oh iptables-save failed, on dd-wrt, 1 sec
14:03 <+esde> let me try mine
14:04 <+esde> it has ssh in the administration > management page, FYI
14:04 <@krzee> http://svn.dd-wrt.com/ticket/1979
14:04 <@vpnHelper> Title: #1979 (iptables-save) – DD-WRT (at svn.dd-wrt.com)
14:04 <+esde> wtf, it's greyed out
14:04 <+esde> LAME
14:04 <@krzee> Changed 3 years ago by Sash
14:04 <@krzee> Resolution set to invalid
14:04 <@krzee> Status changed from reopened to closed
14:04 <@krzee> i guess 99% of the users dont use or even know it so imho it wastes space if we dont need it. i havent used it in 6 years of ddwrt.
14:04 <+esde> oh, thx krzee
14:05 <@krzee> just another reason openwrt > dd-wrt
14:05 < catalase> lolz
14:05  * esde pours cold water on krzee 
14:06 <+hyper_ch> krzee: I got the taking-picture-and-sending-it-by-email with tasker
14:06 <+hyper_ch> however I want to power off the phone afterwards but I can't figure out how to add a wait time there
14:07 < catalase> krzee, so does that mean that iptables-save no longer in ddwrt?
14:07 <@krzee> dunno i dont have it set to turn mine off, nor do i want it to
14:07 <@krzee> catalase, correct, they seem to have removed it
14:07 <+esde> krzee, any OSS project that lists a drink recipe on their homepage gets a nod from me
14:07 <@krzee> can you even run iptables -L ; iptables -L -t nat
14:08 < catalase> yes very verbose output
14:08 <+hyper_ch> krzee: it's an encrypted phone... so turning it off is a good thing :)
14:08 <@krzee> esde, and in the motd upon ssh
14:08 -!- ad^2 [~ad^2@wsip-70-165-87-18.dc.dc.cox.net] has joined #openvpn
14:08 <+esde> ffs, let's drink!
14:08 <+esde> (in a couple hours)
14:08 <@krzee> hyper_ch, i want more pics of attempts to unlock
14:09 <+hyper_ch> why?
14:09 <@krzee> plus i want that email to get out for sure
14:09 <@krzee> because sometimes the pic is blurry (phone moving while its taken)
14:09 <+hyper_ch> I'm more worried about access to the data than the phone ;)
14:09 <@krzee> and sometimes its not pointing directly at the face
14:09 <@krzee> im more worried about catching the person than blocking access
14:10 < catalase> why not just use cerberus or something
14:10 <@krzee> i mean mines encrypted too
14:10 < catalase> android phone got stolen?
14:10 <@krzee> and i see what you mean
14:10 <+esde> i still need to remove root and encrypt mine
14:10 < ad^2> Hello all. I just upgraded to version 2.3.6 now I get TLS errors "TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate"
14:11 <+hyper_ch> krzee: :)
14:11 <@krzee> catalase, no, you must configure it before its stolen
14:11 <+esde> check your PKI stuff
14:11 <@krzee> hyper_ch, you could set it up to shut off upon a certain sms to it
14:11 < ad^2> Nothing has changed on the server side. Simply yum upgrade openvpn
14:11 < ad^2> Nothing configuration wise that is.
14:11 < catalase> why not just pay insurance 10$
14:12 < catalase> replace phone if it is lost or stolen
14:12 <+esde> well that's what that error means, something to do with PKI is fucky
14:12 <+esde> for me re-generating my certs and keys usually resolves that
14:12 <@krzee> catalase, we're talking about protecting data and seeing who tried to access the data, not replacing the phone.
14:12 < ad^2> Yeah I guess but there are no upgrade instructions telling me I need to make server.conf changes.
14:12 < catalase> did someone's phone get stolen?
14:12 <+hyper_ch> krzee: I'll think more about it
14:12 <+hyper_ch> I found wait
14:12 <@krzee> catalase, no.
14:13 <+hyper_ch> and 20 secs should be enough to send the pic ;)
14:13 < ad^2> recreating keys is going to prevent users from connecting.
14:13 <+esde> !allinfo
14:13 <@vpnHelper> "allinfo" is Please type !configs !logs and !interface to see all the info we want to be able to help you
14:13 < catalase> oh, but if their phone was to get stolen, take a picture of user trying to access protected data
14:13 <@krzee> hyper_ch, remember that you will also get it wrong from time to time
14:13 <+hyper_ch> kitty also made it into the pic now :)
14:13 <+esde> ad^2, provide some more info and we might be able to help
14:13 <+esde> else
14:13 <+esde> !crystal
14:13 <@krzee> my tasker dir is full of pictures of me
14:13 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
14:13 <+hyper_ch> 3 tries then it starts doing its magic :)
14:13 <@krzee> oh ok
14:14 <@krzee> ya after 3 tries thats all good
14:14 <@krzee> be sure to take pic after 1 try
14:14 <+esde> you gave us literally one entry from your log, and no other helpful info
14:14 <@krzee> then you get 3 pics of the person
14:14 <@krzee> and run the shutdown after 3
14:14 <@krzee> actually i like that too
14:14 <+hyper_ch> krzee: hmm, good idea :) I could add two profiles... one for shutting down the phone and one for taking/emailing the pic
14:15 <+hyper_ch> however, I have not figure out how to enable gps/wifi location
14:15 <@krzee> i think ill set mine to take a pic each time, email the second and third, shutdown at the 4th
14:15 <+esde> I love this idea http://gizmodo.com/self-destructing-ssds-will-nuke-themselves-if-you-text-1640733628
14:15 <@vpnHelper> Title: Self-Destructing SSD (at gizmodo.com)
14:15 < ad^2> The configuration is pretty simple. port, proto udp, ca, cert, key, dh, server, duplicate-cn keepalive, comp-lzo, status, log and script-security
14:15 <+esde> ad^2, im not reading that
14:15 <+hyper_ch> after 5 unsuccessfull tries, the phone has a 30 sec timeout anyway
14:16 <+esde> please provided the requested info, as it was requested :) pastebin is a great place for pastes
14:16 <+esde> *-ed
14:16 < ad^2> esde, these are just the directives specified in the file. Nothing tricky going on.
14:16 < ad^2> Connections worked fine before the upgrade to 2.3.6
14:17 <+esde> will self destruct "even after a pre-determined series of finger taps detected through a motion sensor." sofa king cool
14:17 < ad^2> Are you aware of upgrade instructions recommending additional directives?
14:18 < catalase> krzee, do you want the output of iptables -L?
14:18 <+hyper_ch> ad^2: from which version to which vesion did you upgrade?
14:19 < ad^2> http://pastebin.com/gTviwqnJ
14:19 < ad^2> From openvpn-2.3.1-3
14:21 <+esde> and certs are in the same location, owned by the same user, with the same permissions as before the upgrade?
14:21 <+esde> *certs/keys
14:21 <+hyper_ch> krzee: seems if you don't enter the passwords too rapidly, then it will not trigger
14:21 <+esde> i noticed you're not using tls-auth, you like to live dangerously, i take it?
14:21 < ad^2> Yes. timestamps on the file and directory are unchanged.
14:22 < ad^2> Its a closed system.
14:23 <+esde> could try posting a larger chunk of your logs
14:24 <+hyper_ch> ad^2: dh1024? oO
14:25 < ad^2> hyper_ch, that is correct.
14:25 < ad^2> One sec I will get some more logs pasted in.
14:25 <+hyper_ch> and shouldn't this:  push "redirect-gateway"    be   push "redirect-gateway def1"   ?
14:26 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 246 seconds]
14:26 < ad^2> hyper_ch, nope this works to redirect all packets down the tunnel
14:30 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit1]
14:33 < ad^2> http://pastebin.com/YH51mTxL
14:33 < ad^2> The pastbin shows the log from two attempts from a client with and without a cert.
14:34 -!- mattock is now known as mattock_afk
14:34 < ad^2> After I reverted both of these attempts work.
14:57 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 240 seconds]
15:00 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
15:26 -!- ampsix is now known as `^-_-^`
15:33 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
15:51 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 244 seconds]
15:53 -!- ad^2 [~ad^2@wsip-70-165-87-18.dc.dc.cox.net] has quit [Quit: Leaving]
16:16 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:19 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
16:21 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
16:44 -!- keatont [~keatont@keatonstaylor.com] has quit [Ping timeout: 255 seconds]
16:48 -!- TheZealous [TheZealous@c-67-175-154-170.hsd1.il.comcast.net] has joined #openvpn
16:50 < TheZealous> have anyone in here install OpenVPN on a Hyper-V VM before?
16:52 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
16:52 -!- Cultist [~CultOfThe@67.175.170.187] has joined #openvpn
16:57 <+esde> !ask
16:57 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
16:59 <+esde> !bcast
16:59 <@vpnHelper> "bcast" is (#1) pptp source tree has bcrelay in it, bcrelay can be used to relay broadcasts over a tun setup or (#2) http://www.hanksoft.de/service/46-udpbroadcastforwarder seems to be a windows program for relaying bcast (use google translate if needed)
16:59 <+esde> broken link ^
17:07 -!- atmosx [~bsd@convalesco.org] has joined #openvpn
17:25 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 256 seconds]
17:29 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
17:33 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-lwqlopcdwtbbhhmy] has quit [Quit: Connection closed for inactivity]
17:43 -!- keatont [~keatont@keatonstaylor.com] has quit [Ping timeout: 252 seconds]
17:45 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
17:46 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
17:57 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
18:26 -!- keatont [~keatont@keatonstaylor.com] has quit [Ping timeout: 244 seconds]
18:33 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
18:36 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
19:00 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
19:00 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
19:00 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-uyiqcadxhyrwcgro] has quit [Ping timeout: 245 seconds]
19:01 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has quit [Ping timeout: 245 seconds]
19:03 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
19:03 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-vdkfrwyjjrlnuubx] has joined #openvpn
19:03 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has joined #openvpn
19:03 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
19:03 -!- keatont [~keatont@keatonstaylor.com] has quit [Ping timeout: 245 seconds]
19:04 -!- TonyL [~Tony@unaffiliated/darkg] has quit [Quit: derp]
19:11 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
19:15 -!- gardar [~gardar@bnc.giraffi.net] has quit [Ping timeout: 256 seconds]
19:18 -!- zalami is now known as greenmango_
19:18 -!- greenmango_ is now known as zalami
19:20 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
19:26 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Ping timeout: 240 seconds]
19:35 -!- gbkersey [~gbkersey@unaffiliated/gbkersey] has quit [Ping timeout: 276 seconds]
19:36 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 252 seconds]
19:37 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
19:50 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
19:51 -!- rangerpb is now known as rangerpbzzzz
19:54 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 256 seconds]
19:55 -!- jefferai [sid1300@kde/mitchell] has quit [Ping timeout: 256 seconds]
19:56 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
19:56 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
19:57 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
19:59 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
19:59 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 256 seconds]
20:00 -!- Eagleman7 [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
20:01 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
20:04 -!- tekku [~me@185.17.149.149] has joined #openvpn
20:04 -!- paxmark9 [~paxtormar@199.21.149.142] has joined #openvpn
20:05 -!- ketas- [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
20:06 -!- swebb [~swebb@192.69.23.161] has quit [Ping timeout: 264 seconds]
20:06 -!- mpoole [~mpoole@minotaur.apache.org] has quit [Ping timeout: 264 seconds]
20:06 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 264 seconds]
20:06 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Ping timeout: 264 seconds]
20:06 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 264 seconds]
20:06 -!- tekk [~me@185.17.149.149] has quit [Ping timeout: 264 seconds]
20:06 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 264 seconds]
20:06 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
20:06 -!- RoyK [~roy@77.88.71.251] has quit [Ping timeout: 264 seconds]
20:06 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Ping timeout: 264 seconds]
20:06 -!- phix [~threat@123-243-44-131.static.tpgi.com.au] has quit [Remote host closed the connection]
20:06 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 264 seconds]
20:06 -!- Eagleman7 is now known as Eagleman
20:19 -!- julius_ [~julius_@p3EE29FD6.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
20:21 -!- julius_ [~julius_@p3EE2A077.dip0.t-ipconnect.de] has joined #openvpn
20:45 -!- keatont [~keatont@keatonstaylor.com] has quit [Ping timeout: 264 seconds]
20:52 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
20:53 -!- gbkersey [~gbkersey@unaffiliated/gbkersey] has joined #openvpn
20:54 -!- gbkersey [~gbkersey@unaffiliated/gbkersey] has quit [Remote host closed the connection]
20:56 -!- catalase [~catalase@gateway/tor-sasl/catalase] has quit [Ping timeout: 250 seconds]
20:56 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
21:00 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
21:05 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:05 -!- CMEPTb [~CMEPTb@unaffiliated/cmeptb] has quit [Read error: Connection reset by peer]
21:26 -!- keatont [~keatont@keatonstaylor.com] has quit [Ping timeout: 246 seconds]
21:32 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
21:33 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
21:40 -!- james41382_ [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Quit: Leaving]
21:53 -!- Cultist [~CultOfThe@67.175.170.187] has quit [Ping timeout: 244 seconds]
22:00 -!- dfrey [~dfrey@d173-180-95-43.bchsia.telus.net] has quit [Quit: WeeChat 0.4.2]
22:01 -!- Cultist [~CultOfThe@67.175.170.187] has joined #openvpn
22:20 -!- james41382 [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
22:24 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:09 -!- catalase [~catalase@gateway/tor-sasl/catalase] has joined #openvpn
23:32 -!- ShadniX [dagger@p5481DD3C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:33 -!- ShadniX [dagger@p5481DFA5.dip0.t-ipconnect.de] has joined #openvpn
23:37 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Ping timeout: 250 seconds]
23:48 -!- zalami is now known as jesis
23:48 -!- jesis is now known as zalami
23:50 -!- zalami is now known as JAP
23:50 -!- JAP is now known as zalami
23:50 -!- paxmark9 [~paxtormar@199.21.149.142] has left #openvpn ["Leaving"]
23:52 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
23:52 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
--- Day changed Thu Jan 22 2015
00:20 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 272 seconds]
00:34 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
00:37 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
00:48 -!- mattock_afk is now known as mattock
01:03 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
01:17 -!- two_oes [orenoi@nat/redhat/x-qukjbkbdwyughxwd] has joined #openvpn
01:30 -!- mattock is now known as mattock_afk
01:49 -!- spiekey [~admin@projekte.imos.net] has joined #openvpn
02:00 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
02:08 -!- Rambozo [~Brendan@107-129-127-14.lightspeed.austtx.sbcglobal.net] has joined #openvpn
02:09 -!- mattock_afk is now known as mattock
02:33 < blackbit> let's try again
02:33 < blackbit> hi all. i get a tunnel, but the client does not get an ip assigned. i am out of ideas http://ahuemer.xx.vu/volatile/2015-01-21-ns9QLIh3Rw0/
02:33 <@vpnHelper> Title: Index of /volatile/2015-01-21-ns9QLIh3Rw0/ (at ahuemer.xx.vu)
02:33 < blackbit> openvpn is 2.2.1-8+deb7u2 on both client and server, on debian wheezy, x86_64
02:52 -!- two_oes [orenoi@nat/redhat/x-qukjbkbdwyughxwd] has quit [Quit: Leaving]
02:54 -!- frerich [~frerich@kde/raabe] has joined #openvpn
02:56 < frerich> Hi! I've been a happy OpenVPN user for about ten years now, but recently noticed problems after switching to a new ISP. It seems that this is because the new ISP uses IPv6 by default and enables IPv4 via tunnelling, which reduces the maximum MTU. I was able to resolve the issue by adding 'mssfix 1392' to my OpenVPN configuration, but I wonder - does anybody know of documentation to read up on the topic?
02:56 < frerich> I'd love to know how e.g. 'mssfix' and 'fragment' relate exactly (I only found a brief description in the man page), maybe with some examples?
02:57  * frerich uses OpenVPN via UDP, without having any explicit fragment/mssfix/mtu size set, i.e. it's all default values.
02:57 -!- two_oes [oren@nat/redhat/x-qateccetpvfmxzfe] has joined #openvpn
02:58  * frerich suspects any ISP using DS-lite triggers the same issue, so maybe somebody else here has some experiences to share.
03:00 < plaisthos> frerich: they do different thinkgs
03:00 < plaisthos> mssfix overrides the mss value of tcp packets
03:00 < plaisthos> and fragment fragments packet that are too large
03:00 < plaisthos> *if* mssfix works then fragment should not be used for tcp packets
03:01 -!- two_oes [oren@nat/redhat/x-qateccetpvfmxzfe] has quit [Quit: Leaving.]
03:01 < frerich> plaisthos : Ah, interesting! So mssfix is preferrable - why is that?
03:01 -!- two_oes [orenoi@nat/redhat/x-umsqrtsnmrxxlurm] has joined #openvpn
03:01 < plaisthos> frerich: mssifx tells a tcp session a lower maximum segment size
03:02 < plaisthos> resulting in smaller packets
03:02 < frerich> plaisthos : Hm that's confusing; the OpenVPN man page says 'The --mssfix option only makes sense when you are using the UDP protocol for OpenVPN peer-to-peer communication, i.e. --proto udp.'
03:02 < frerich> Hence my impression that this issue is specific to UDP connections.
03:03 < plaisthos> frerich: yes
03:03 < plaisthos> that is true
03:03 < plaisthos> do not confuse payload packets with openvpn packets
03:04 < plaisthos> A UDP OpeNVPN VPN will still carry TCP packets
03:04 < frerich> Ah, right
03:04 < frerich> It's basically TCP wrapped into UDP?
03:04 < plaisthos> yeah kind of
03:04 < plaisthos> + OpeNVPN header and stuff and encryption
03:04 < frerich> I see
03:07 < frerich> I never did it before, but maybe I should grab something like Wireshark to get an idea of how packages are 'wrapped'. It seems the 'outermost' layer added by my cabl modem, which wraps the IPv4 packages into IPv6 (adding 40bytes overhead AFAIK) triggered the problem and I now "solved" it by reducing the MSS such that it all still fits into 1500
03:07 < plaisthos> quite possible
03:08 < frerich> I wonder why it only got triggered with OpenVPN though, shouldn't any other device on my computer which has a 'pretty large' MTU value set suffer from the same?
03:08 < plaisthos> your router is probably also doing mss fix for unecrypted packets
03:09 < frerich> Aren't all packets "unencrypted" as far as the router goes, i.e. the SSL encryption used by OpenVPN is really part of the payload, no?
03:09 < frerich> I wish I hadn't tip-toed around learning about all this stuff during the last years, now I feel like an idiot :}
03:11 < plaisthos> frerich: the router can fiddle with your unecrypted tcp packets
03:11 < plaisthos> but for tcp over openvpn your router only see udp packets and cannot modify the mss
03:11 < frerich> Ah, true, I forgot that the router only sees the UDP packages...
03:12 < frerich> Is this 'Router adjusts MSS value of TCP packages' feature what's sometimes called 'MSS clamping'?
03:13 < frerich> I think I read about that in the context of PPPoE, where the router 'clamps' the MSS value to account for the PPPoE overhead.
03:17 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
03:29 -!- Rambozo [~Brendan@107-129-127-14.lightspeed.austtx.sbcglobal.net] has quit [Read error: Connection reset by peer]
03:57 -!- singcat [~singcat@gateway/tor-sasl/singcat] has joined #openvpn
04:01 -!- singcat [~singcat@gateway/tor-sasl/singcat] has quit [Disconnected by services]
04:02 -!- singcat [~singcat@gateway/tor-sasl/singcat] has joined #openvpn
04:28 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
04:42 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
04:44 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:52 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Read error: Connection reset by peer]
04:54 -!- ketas- is now known as ketas
04:58 -!- singcat [~singcat@gateway/tor-sasl/singcat] has quit [Remote host closed the connection]
05:17 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:35 -!- spiekey [~admin@projekte.imos.net] has left #openvpn []
05:38 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
05:53 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
05:56 -!- Kottizen [martin@trekweb/supporter/kottizen] has joined #openvpn
05:56 < Kottizen> Hi everyone. I'm running the community server and I'd like to know if there's a way to see the total amount of data a user has sent or received. I can see per session via the periodically updated status file, but is there a way to see total usage?
05:58 < plaisthos> no
05:58 < plaisthos> at least not out of the box
06:00 <+hyper_ch> on disconnect write a script to read out the amount from the status file and put it into a db
06:00 <+hyper_ch> or somethings like that
06:14 -!- Omni_ [1f319eaa@gateway/web/freenode/ip.31.49.158.170] has joined #openvpn
06:15  * Omni_ looks for signs of life
06:16 < Omni_> I was hoping someone might be willing to help me with an OpenVPN issue, one that is covered in multiple locations, yet I just cannot get it to work :)
06:18 < Omni_> I can create the tunnel successfully, and can see/ping each side over the VPN ip addresses. However, from the client side, I cannot get 'out' at the other end, to the internet. As far as I can tell, I have the correct iptables rules on the server side, and routing -looks- ok, but no go for me.
06:23 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
06:27 <+hyper_ch> no idea what you mean
06:30 < Omni_> lol, thanks for the reply
06:31 < Omni_> so, my aim is to have an ubuntu client on my LAN, using OpenVPN to my VPS for all internet traffic
06:31 < Omni_> should be simple right
06:32 < Omni_> the client connects to the server fine, and then can connect (ping, etc) to each other over the VPN addresses, 10.8.*.*
06:33 < Omni_> but the client cannot access anything outside of 192.168.1.* (LAN) and 10.8.*.* - i.e internet traffic.
06:33 < Omni_> so, it would sound like a gateway issue
06:33 < Omni_> or, a routing issue?
06:34 <+hyper_ch> ipforwarding needs to be enabled
06:34 <+hyper_ch> also you need iptable rules to handle the traffic
06:34 < Omni_> on the server side, yes?
06:34 <+hyper_ch> yes
06:36 < Omni_> yeah, following a guide, I have these rules added to the iptables config on server side - http://pastebin.com/KDAYLhAk
06:36 <+hyper_ch> I have this http://paste.debian.net/141743/
06:38 < Omni_> that was previously the only MASQUERADE line I had, taken from using OpenVPNs own guide - when that wasn't working, I found a guide that suggested to add the others in my pastebin
06:38 <+hyper_ch> do you have ip forwarding enabled?
06:39 < Omni_> yeah
06:40 <+hyper_ch> cat /proc/sys/net/ipv4/ip_forward
06:40 < Omni_> cat /proc/sys/net/ipv4/ip_forward returns 1
06:41 < frerich> plaisthos: Gotta run, thanks again for your feedback!
06:41 -!- frerich [~frerich@kde/raabe] has left #openvpn []
06:41 <+hyper_ch> Omni_: do you have any iptable rules beside the ones for openvpn?
06:41 < Omni_> I've removed the additional FORWARD lines, so I'm back to just the one you have
06:41 <+hyper_ch> do you currently have any other iptables rules besides the openvpn ones?
06:42 < Omni_> nothing hugely exciting: http://pastebin.com/F9wnswJW
06:43 <+hyper_ch> clear them all: http://paste.debian.net/141745/
06:43 <+hyper_ch> then run my script:  http://paste.debian.net/141743/
06:45 < pekster> hyper_ch: You forgot raw. Also, scripts suck. Ask #netfilter why.
06:45 <+hyper_ch> pekster: fill free to improve it ;)
06:45 < pekster> Worthless use of bash too (that's not installed everywhere, and could just as easily be POSIX except for the shebang)
06:46 <+hyper_ch> pekster: lol, bash is awesome :)
06:46 < pekster> It's a systemic flaw in your design. Write proper _rulesets_ instead
06:46 <+hyper_ch> but I should change it to #!/usr/bin/env bash
06:46 < pekster> Which is fine, if you're not aiming for that to work universally on POSIX-capiable shells
06:46 <+hyper_ch> I fail to see what flaw you mean
06:46 < Omni_> now now :P
06:46 <+hyper_ch> I only use debian on servers ;)
06:47 < pekster> 1) you forgot the other 2 tables Netfilter supports 2) what you've done is not atomic 3) calling iptables commands is slow. 4) this is what iptables-restore is for 5) #Netfilter has details for you
06:47 <+hyper_ch> and one of the frist things I do is to make the /bin/sh symlink point to bash
06:47 < pekster> So, at least 4 flaws, and more after my first cup of coffee
06:48 < Omni_> ok, cleared using your first list, and then I added a masquerade using your second
06:48 <+hyper_ch> pekster: 1) you have no understanding owhat I do on my server 2) what makes you think I need atomic changes 3) it's still faster than me taking a sip from my coffee mug 4) there's no need for iptables-restore for what I use it 5) #netfilter is a nice channel
06:48 <+hyper_ch> Omni_: does it work now? if not
06:49 <+hyper_ch> !configs
06:49 < pekster> One hopes this is in a lab
06:49 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
06:49 < pekster> If not, you're now running zero firewall at all.. Probably a really bad idea
06:49 <+hyper_ch> pekster: I don't believe in labs
06:49 < pekster> And like fucking over other people who ask for help without inquiry, anyway
06:49 < pekster> Omni_: Add the bits you need to a sane starting point: https://github.com/QueuingKoala/netfilter-samples
06:49 <@vpnHelper> Title: QueuingKoala/netfilter-samples · GitHub (at github.com)
06:51 <+hyper_ch> pekster: you're too funny today
06:51 < pekster> If you're a router connected to an upstream network provider with RFC1918 space, I have a sample for that, with comments, in the ideal ruleset syntax. As an added bonus, it already handles NAT on egress for you, so you'd just need to tweak the filter/FORWARD table
06:54 < Omni_> ok, server.conf: http://pastebin.com/8qjXK5UN client.ovpn:http://pastebin.com/BuTP3dHL
06:57 <+hyper_ch> the connection gets established?
06:57 < Omni_> yep, and I can ping 10.8.0.1 from client, and the 10.8 client IP from server
06:58 < Omni_> but pinging outside of that, say google.co.uk, I get Destination Host Prohibited
06:58 <@krzee> !redirect
06:58 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
06:58 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
06:58 <@krzee> see flowcharts ^
06:59 <+hyper_ch> krzee: he has redirect gateway in the server conf
07:00 <+hyper_ch> the only difference I have is that I have push "route 10.8.0.0 255.255.255.0"  in the server config and the redirect gateway is in some ccds
07:00 < Omni_> your ircpimps link times out :)
07:00 < Omni_> !nat
07:00 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
07:01 < Omni_> so, the masquerade iptables command you gave me should enable nat, right?
07:02 <@krzee> Omni_, yes, use the other link
07:02 < Omni_> yeah, looking at it now :)
07:02 < Omni_> following the flowchart suggests I  have 'Firewall Issues'
07:03 < Omni_> server side I just need the masquerade line for 10.8.0.0, yes?
07:04 < Omni_> what, if any, firewall rules do I need on the client side?
07:05 < Omni_> or maybe my modem/router firewall?
07:05 <+hyper_ch> Omni_: what client are you using?
07:05 < Omni_> thanks for assisting, by the way
07:05 <+hyper_ch> windows?
07:05 < Omni_> noe, ubuntu client to centos server
07:06 <+hyper_ch> and you run with a client.conf in /etc/openvpn/ ?
07:06 <+hyper_ch> or the network manager?
07:07 < Omni_> I have a client.ovpn in my user homedir
07:07 <+hyper_ch> check your routes
07:07 <+hyper_ch> sudo route -n
07:09 < Omni_> route before and after http://pastebin.com/eWxusbqP
07:10 <+hyper_ch> no idea then :) should be working :)
07:10 < Omni_> sadface :(
07:10 < Omni_> lol
07:10 <+hyper_ch> you're not using ipv6
07:10 < Omni_> nah, just 4
07:10 < Omni_> I honestly can't see what is wrong either.. hence why I turned up here
07:11 <+hyper_ch> can the server actually resolve domain names?
07:11 < Omni_> I'm more of a RH/Centos guy though, my ubuntu/debian skills are... old. So I thought maybe there was something different going on
07:12 <+hyper_ch> does the server resolve domain names?
07:12 < Omni_> yes, it has full internet access fine
07:13 <+hyper_ch> but you can ping 8.8.8.8 from the client?
07:13 < Omni_> not when connected to the VPN, no
07:14 < Omni_> Destination Host Prohibited
07:14 < Omni_> which still sounds like the server is rejecting it for some reason
07:14 <+hyper_ch> wait, what openvpn version on the server?
07:14 <+hyper_ch> (and client)
07:15 < Omni_>  rpm -qa | grep openvpn openvpn-2.3.2-2.el6.x86_64
07:15 < Omni_> i'm.. not sure of the ubuntu equivalent command :D
07:15 <+hyper_ch> openvpn --version
07:16 < Omni_>  openvpn --version OpenVPN 2.3.2 x86_64-pc-linux-gnu
07:16 <+hyper_ch> well, it has the connection to the server... so I didn't expect problems there... just making sure
07:16 <+hyper_ch> ip forward enabled... connection to server fine... no ide why it's not working
07:17 < Omni_> sure thing, at this stage, anything you think would help is worth investigating
07:17 <+hyper_ch> Omni_: well, just keep bugging krzee :)
07:17  * Omni_ gets a pointy stick
07:18 < Omni_> thanks for trying though, hyper_ch . Hopefully krzee will browse over this channel again soon :)
07:22 < Omni_> i don't need anything specific in the client firewall right? as technically the connection is outgoing?
07:25 <+hyper_ch> with that rule it works fine for me
07:25 <+hyper_ch> and we cleared the other rules so there should be nothing interfereing
07:27 < Omni_> hmmm.
07:28 < Omni_> it's a puzzle..
07:30 < Omni_> it's definitely something server side stopping traffic using it as a gateway to the internet.. a traceroute from client doesn't get past the vpn gateway... but what..
07:31  * hyper_ch looks at krzee
07:32 < Omni_> unless the server is not passing traffic (such as a ping response) back to the client?
07:33 < Omni_> so it would be going out ok, just not getting back...
07:33 < Omni_> .me clutches at straws
07:37 -!- two_oes [orenoi@nat/redhat/x-umsqrtsnmrxxlurm] has quit [Quit: Leaving]
07:39 <@krzee> omg, lets ping krzee over and over
07:39 < Omni_> lol, sorry
07:39 <@krzee> …what is it?
07:40 < Omni_> hyper_ch was helping me with my issue, but we reached the end without resolution
07:40 <@krzee> the end of the flowchart?
07:40 <+hyper_ch> krzee: well, you're an easy target to ping ;)
07:40 < Omni_> as far as I (we?) can tell, everything is in place and looks fine, but I cannot get traffic from client to internet via server
07:41 < Omni_> the flowchart would suggest a firewall issue, but I don't see where. :/
07:41 <@krzee> iptables-save
07:42 <@krzee> and cat /proc/sys/net/ipv4/ip_forward
07:42 <@krzee> !paste
07:42 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
07:44 < Omni_> http://pastebin.com/xRgBtu0t
07:45 <+hyper_ch> Omni_: what is the ethernet devices labelled on your server?
07:45 <+hyper_ch> is it eth0?
07:45 < Omni_> eth0 on client
07:45 <+hyper_ch> on server
07:45 < Omni_> ohhh, not eth0.. it's a VPS so it's venet0:0
07:45 <@krzee> Omni_, ok now show me:
07:45 <@krzee> !configs
07:45 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
07:46 <+hyper_ch> so the iptables rule doesn't work :)
07:46 <@krzee> AND cat /proc/sys/net/ipv4/ip_forward
07:46 <@krzee> haha
07:46 <@krzee> ya, fix your nat rule to match reality
07:46  * Omni_ slaps self
07:46 <@krzee> i ALMOST asked for ifconfig, but i was like "nahhhh he knows his interfaces"
07:47 <+hyper_ch> krzee: I just gave him my masquerade rule and didn't bother either to check
07:47 < Omni_> i'm so used to working with local servers ;/
07:47 < Omni_> that all use eth*
07:47 <@krzee> hyper_ch, meh, his job!
07:47 <+hyper_ch> Omni_: fix iptable rules and retry ;)
07:49 < Omni_> ok, i now have the rule: -A POSTROUTING -s 10.8.0.0/24 -o venet0:0 -j MASQUERADE
07:49 <@krzee> umm
07:49 <@krzee> does iptables even take that interface syntax?
07:50 <@krzee> you may want #netfilter
07:50 < Omni_> well, it didn't error, but didn't fix the issue, so you might indeed be right!
07:51 < Omni_> I've never used netfilter though, so this will be new :)
07:51 <+hyper_ch> did you delete the old rule first?
07:52 < Omni_> yeah
07:52 <+hyper_ch> that could also work:  iptables -t nat -A POSTROUTING -j SNAT --to-source <venet0:0 IP>
07:54 < Omni_> nah, still the same with SNAT ;/
07:54 <+hyper_ch> krzee I splitted up tasker now in to parts... one takes a pic after every wrong entry and one shuts phone down after five wrong entries... however the taking pic part is still messy :( doesn't always work
07:55 < Omni_> excuse the newb, but any guides for using netfilter?
07:55 <@krzee> #netfilter
07:55 <@krzee> wrong channel
08:03 < Omni_> well, a PREROUTING iptables entry appears to have allowed my client to reach the internet
08:10 < Omni_> at least via ping, but not browsing. getting somewhere though, thanks for your help!
08:20 <@krzee> np =]
08:20 -!- rangerpbzzzz is now known as rangerpb
08:23 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
08:24 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:34 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 256 seconds]
08:36 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
08:37 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
09:18 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 245 seconds]
09:33 -!- Omni_ [1f319eaa@gateway/web/freenode/ip.31.49.158.170] has quit [Quit: Page closed]
09:53 -!- blackbit [ahuemer@unaffiliated/ahuemer] has left #openvpn []
10:09 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Ping timeout: 272 seconds]
10:10 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
10:14 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
10:15 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
10:28 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Remote host closed the connection]
10:38 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
10:53 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
10:59 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
11:05 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
11:07 -!- kerio [kerio@acehack.de] has joined #openvpn
11:08 < kerio> hi all
11:08 < kerio> i have an ipv6 /64 routed to my eth0
11:09 < kerio> a public /64
11:09 < kerio> i'd like to assign it to my openvpn clients
11:10 < kerio> and make it routable
11:11 < kerio> how do i do that?
11:11 < kerio> there's no masquerading to be done, or so i'd think
11:12 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:17 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:17 < kerio> i'm able to ping6 my server from my client
11:22 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
11:38 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:39 -!- markelite [croftworth@gateway/shell/yourbnc/x-auzemhtfbjgooyvg] has quit [Quit: I shall return...]
11:40 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:41 < kerio> nvm, it works
11:41 < kerio> yay
11:41 -!- kerio [kerio@acehack.de] has left #openvpn ["bye"]
12:05 <+hyper_ch> looks like I was very helpful to kerio
12:12 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
12:30 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
12:30 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
12:42 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
12:50 -!- mattock is now known as mattock_afk
12:53 -!- u0m3_ [~u0m3@92.80.64.20] has quit [Read error: Connection reset by peer]
12:53 -!- u0m3_ [~u0m3@92.80.64.20] has joined #openvpn
13:25 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:42 -!- keatont is now known as jeatont
13:42 -!- jeatont is now known as KeatonT
14:04 <+hyper_ch> krzee: what could be the issue:   me <-> server  good speeds....       server <-> other vpn client   also good speeds..... however  me <-> other client   terrible speeds
14:22 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
14:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
14:41 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
14:50 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
15:04 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:49 -!- [1]Kiwi [~Kiwi@ip-118-90-101-15.xdsl.xnet.co.nz] has joined #openvpn
15:50 < [1]Kiwi> hey there people
15:50 < [1]Kiwi> the system tried to join a drive to a directory on a joined drive
15:51 < [1]Kiwi> the above error is bugging me
15:51 < [1]Kiwi> any ideas ?
15:51 <+hyper_ch> there's no error and this is #openvpn
15:52 < [1]Kiwi> thanks - yeah i need some help to get openvpn client troubleshooted
15:52 < [1]Kiwi> hah
15:53 < [1]Kiwi> it works fine over a dsl connection
15:53 < [1]Kiwi> but when i teather a  smartphone
15:53 < [1]Kiwi> i get this error
15:53 < [1]Kiwi> on the client when trying to connect
15:56 < [1]Kiwi> the system tried to join a drive to a directory on a joined drive
15:56 < [1]Kiwi> ^ thats the error msg
15:57 <+hyper_ch> I don't see any error message
15:57 < [1]Kiwi> failed will tryagain in 5 seconds. the system tried to join a drive to a directory on a joined drive
15:58 <+hyper_ch> that's no openvpn error
15:58 < [1]Kiwi> if you google it you can see this situation is common
16:00 <+hyper_ch> it's no openvpn error
16:01 < [1]Kiwi> what is it then
16:02 < [1]Kiwi> ?
16:02 <+hyper_ch> no idea what you're trying to do
16:02 < [1]Kiwi> i have a windows 7 client trying to connect to an open vpn server
16:03 < [1]Kiwi> and its using TUN
16:03 < [1]Kiwi> and it works fine until i use a smartphones internet conection
16:03 < [1]Kiwi> ie teatherd
16:04 <+hyper_ch> no idea, but I fail to see how joining drives is related to openvpn.... maybe someone else knows
16:04 < [1]Kiwi> yeah i know what your saying and I agree
16:04 < [1]Kiwi> its very oddd
16:04 < [1]Kiwi> but its whats happening
16:05 < [1]Kiwi> and it seems im not the oly one experienceing it
16:05 <+hyper_ch> no idea
16:05 < [1]Kiwi> https://forums.openvpn.net/topic11667.html
16:05 <@vpnHelper> Title: OpenVPN Support Forum 2.3_rc1 and Windows 8 : Testing branch (at forums.openvpn.net)
16:08 < pekster> There was someone earlier in the week who asked the same thing (maybe you?) The same advice I gave then is that it's a Windows API error getting returned because the OS is unhappy about something related to the initial connection (plenty of forum and web posts about the issue.)
16:08 < [1]Kiwi> yeah none of teh forums i have been reading have given me an answer
16:08 < [1]Kiwi> and it was not me that asked previously
16:09 < [1]Kiwi> this is brand new for me today
16:09 < pekster> Try removing all the tap devices through the TAP-WIN32 utility, and re-creating them. Or just removing openvpn completely, verifying that this also removes the tap devices, and reinstall from there with a fresh virtual device created
16:09 < [1]Kiwi> what i find very strange is that it works over standard wifi dsl connection
16:09 < [1]Kiwi> but its when trying to use a smartphone
16:09 < [1]Kiwi> as the hotspot
16:10 <+hyper_ch> replace windows with a decent linux
16:10 <+hyper_ch> all problems solved
16:10 < [1]Kiwi> yeah i know hyper_ch i actually really like the mac openvpn client
16:10 < [1]Kiwi> its very nice
16:11 < pekster> Whatever text is after the "will try again in %d seconds: " message comes directly from the OS
16:11 < pekster> https://github.com/OpenVPN/openvpn/blob/v2.3.6/src/openvpn/socket.c#L1048
16:11 <@vpnHelper> Title: openvpn/socket.c at v2.3.6 · OpenVPN/openvpn · GitHub (at github.com)
16:13 < [1]Kiwi> pekster dont you think its odd that the only thing im changing is the internet connection
16:13 < [1]Kiwi> both are wifi
16:13 < [1]Kiwi> just one is via smartphone
16:13 < pekster> Not really. Probably not the client adapter propterties, but obviously the other connection is getting the OS to return a new error message that, in classic Windows format, is utterly worthless
16:15 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:17 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Read error: No route to host]
16:18 < [1]Kiwi> maybe its mtu ?
16:18 < DArqueBishop> We saw a similar message the other day with a user who couldn't connect to his OpenVPN instance.
16:19 < DArqueBishop> At the risk of sounding clueless, could the traffic through the tethered connection be going through a transparent proxy on the provider's side and as such OpenVPN is filtered out/blocked?
16:20 < [1]Kiwi> i can see it connecting to the server... I guess how would I know
16:21 < pekster> By checking your logs on both ends, probably with --verb 5 so you can see per-packet printed characters
16:21 < pekster> !logs
16:21 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:21 < pekster> Might be reasonable to tcpdump both client & server ends too, watching for the encrypted packets on the physical interfaces
16:22 < pekster> (or "tshark.exe" / wireshark for non-*nix users)
16:23 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
16:23 < [1]Kiwi> ;( why me
16:23 < pekster> 'eh, Windows does stupid things all the time. You just happened to notice this one..
16:42 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:52 -!- compufreak [411bc9e9@gateway/web/freenode/ip.65.27.201.233] has joined #openvpn
16:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
16:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:54 < compufreak> Can clients connected to the same server communicate directly, or does everything have to go through the server?
16:55 < DArqueBishop> They would go through the server because all of the VPN traffic is routed through it.
16:56 < [1]Kiwi> correct
16:58 < [1]Kiwi> sorry guys i think this one is all my dumb fault
16:59 < [1]Kiwi> basically thats the error the windows client will give if it cant get to the server
17:00 < [1]Kiwi> and it could not get to the server because someone had a firewall rule that only allowed computers on a certain network to connect
17:02 < [1]Kiwi> to toprt 1194
17:05 < [1]Kiwi> im using open vpn on a mikrotik router - and it works very well just FYI
17:05 < [1]Kiwi> as a server
17:09 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 246 seconds]
17:13 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
17:18 -!- [1]Kiwi [~Kiwi@ip-118-90-101-15.xdsl.xnet.co.nz] has quit [Quit:  HydraIRC -> http://www.hydrairc.com <- Po-ta-to, boil em, mash em, stick em in a stew.]
17:20 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:30 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
17:30 < Cydrobolt> hello
17:30 < Cydrobolt> does anyone have experience with openvpn on both TCP + UDP, and setting up ipv6 in the tunnel?
17:35 < Cydrobolt> I'm trying to run both a TCP and an UDP server, but running them both causes issues
17:35 < Cydrobolt> e.g routing issues and stuff
17:36 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Quit: ZNC - http://znc.in]
17:37 -!- atmosx [~bsd@convalesco.org] has left #openvpn ["WeeChat 0.4.4-dev"]
17:38 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
17:59 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
18:31 -!- sireebob is now known as AirForceBase
18:31 -!- AirForceBase [sireebob@unaffiliated/sireebob] has quit [Disconnected by services]
18:31 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
18:47 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
18:48 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:56 -!- compufreak [411bc9e9@gateway/web/freenode/ip.65.27.201.233] has quit [Quit: Page closed]
19:36 < pekster> Cydrobolt: You can run as many instances as you'd feasibly want, on as many ports/protocols as you'd like. Are you sure you haven't overlapped network ranges between your instances or something?
19:38 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
19:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:43 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
19:47 -!- paxmark9 [~paxtormar@198.144.158.14] has joined #openvpn
19:53 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 246 seconds]
19:55 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
20:02 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has quit [Ping timeout: 276 seconds]
20:13 < Cydrobolt> pekster, yes, I used the same subnets etc
20:15 < pekster> Right, don't do that (unless you're an expert and have a very good reason and Know What You're Doing™)
20:20 -!- julius_ [~julius_@p3EE2A077.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
20:22 -!- julius_ [~julius_@p3EE29D8F.dip0.t-ipconnect.de] has joined #openvpn
20:31 -!- rangerpb is now known as rangerpbzzzz
20:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:01 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
22:05 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
22:11 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:37 -!- paxmark9 [~paxtormar@198.144.158.14] has left #openvpn ["Leaving"]
22:45 -!- james41382_ [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
22:47 -!- james41382 [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Ping timeout: 256 seconds]
23:09 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
23:09 -!- mode/#openvpn [+v esde] by ChanServ
23:23 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:33 -!- ShadniX [dagger@p5481DFA5.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:34 -!- ShadniX [dagger@p57941097.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Fri Jan 23 2015
00:10 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has joined #openvpn
00:12 -!- mattock_afk is now known as mattock
00:13 < Anteac> why are people talking openvpn everywhere, what would it be useful for if i dont leave my house ever
00:14 <+hyper_ch> Anteac: so that the NSA won't spy on you when you copy files from your notebook to your desktop or tablet
00:15 < Anteac> I guess u mean clients then and the need for some paid vpn service
00:16 < Anteac> i got server on my router, but no use really
00:16 <+hyper_ch> the NSA can even spy on your lan
00:16 <+hyper_ch> and wifi
00:16 <+hyper_ch> at the office everything is openVPNed
00:16 <+hyper_ch> gotta get to work now
00:17 < Anteac> but u need a paid server for it
00:18 < Anteac> right
00:18 < Anteac> or can u just go from ur own server to clients
00:31 -!- hypermist is now known as pcupgrades
00:36 -!- pcupgrades is now known as hypermist
00:39 -!- Anteac_ [~Anteac@095-096-217-126.static.chello.nl] has joined #openvpn
00:56 <+hyper_ch> Anteac: you can run your own server
00:57 <+hyper_ch> there are some routers that can act as openvpn server etc...
00:57 <+hyper_ch> if you have a computer running at home all the time and use dynamic dns or even have a static ip, then that could be use as openvpn server...
00:57 < Anteac> ye i have a server running
00:58 < Anteac> but didnt see the point of connecting to it
00:58 < Anteac> since its the same network
00:58 <+hyper_ch> when you're abroad
00:58 <+hyper_ch> you might want to have a secure connection
00:58 <+hyper_ch> so you connect to your openvpn server from a free wifi
00:58 <+hyper_ch> then your queries to the internet go all through your home connection
00:58 <+hyper_ch> and the free wifi cannot snoop on you
00:59 <+hyper_ch> there's plenty of reasons to use openvpn
00:59 < Anteac> ok ok but what about cellular
00:59 <+hyper_ch> there's clients for android
00:59 <+hyper_ch> probably also iPhone but I don't believe in iPhone
00:59 < Anteac> oh shit brilliant
01:00 <+hyper_ch> e.g.
01:00 < Anteac> iphone has it build in
01:00 <+hyper_ch> for office, so that I don't have to bother with a lot of port fowarding
01:00 <+hyper_ch> I setup also openvpn
01:00 <+hyper_ch> I just forward port 1194 udp throught he firewall
01:00 < Anteac> smart
01:00 <+hyper_ch> and so I connect to my FreeSWITCH Server with CSipSimple
01:01 <+hyper_ch> I use FreeSWITCH as pbx in the office
01:01 <+hyper_ch> so basically I'm always "in the office"
01:01 <+hyper_ch> and with openvpn I prevent eaves dropping and as said, I also negate all the port forwarding issues and stuff
01:02 <+hyper_ch> you might not have a need for it
01:02 <+hyper_ch> openvpn provides basically a secured channel to one of more computers/devices
01:02 < Anteac> maybe convince some foreign friend to setup a server
01:02 < Anteac> lol
01:08 <+hyper_ch> do not just query people
01:11 <+hyper_ch> Anteac: do not just query people
01:12 < Anteac_> sorry boss
01:24 -!- Anteac_ [~Anteac@095-096-217-126.static.chello.nl] has left #openvpn ["Leaving"]
01:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
01:45 -!- u0m3 [~u0m3@92.80.70.244] has joined #openvpn
01:45 -!- u0m3_ [~u0m3@92.80.64.20] has quit [Ping timeout: 246 seconds]
01:50 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
01:51 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
02:55 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
02:56 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
03:06 -!- deranged [Bit@sciurus.net] has quit [Remote host closed the connection]
03:07 -!- deranged [Bit@lolnerd.net] has joined #openvpn
03:31 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
03:35 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:41 <+hyper_ch> lol, I've been prevented by a captcha to post something in a forum...
03:45 < hypermist> lol
03:47 <+hyper_ch> well, recaptcah... tried like 10 times and refershed for a new about a 100 times
03:49 <+hyper_ch> can any human help me on this recaptcha? http://images.sjau.ch/img/c7302ec7.png
03:53 < plaisthos> sure, it is *(#^$*&^!*&^#* V #*&@(#&(*!*(@#
03:53 < plaisthos> or something like this ;)
03:53 <+hyper_ch> :)
04:04 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
04:21 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has quit [Quit: Leaving]
04:25 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: leaving]
04:45 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
05:17 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
05:18 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 256 seconds]
05:18 < road|runner> !welcome
05:18 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
05:18 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
05:19 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
05:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:22 < road|runner> !goal
05:22 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
05:28 < road|runner> hi, i would like to harden openvpn controlchannel using tls-cipher. i run the recent version on client and server machine. openvpn --show-tls shows all supported control channel cipher suites but it seems not all are atually supported by openvpn. ie. using ciphers with hmac other than sha, TLS-DHE-WITH-RSA-AES-256-CBC-SHA256 doesnt work
05:31 < road|runner> so far i have thougt control channel settings and data channel setting are undependent from each other. is this correct?
05:40 < TheZealous> !ask install openVPN on pfsense 2.2
05:40 < TheZealous> !goal install openVPN on pfsense 2.2
05:40 < TheZealous> sure
05:40 < TheZealous> lol
05:42 < road|runner> !ask
05:42 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
05:45 < road|runner> !ask tls-auth
05:46 < road|runner> !man
05:46 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
06:10 <+hyper_ch> !harden
06:10 <+hyper_ch> !howto
06:10 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
06:10 <+hyper_ch> there's a hardening section on the bottom or so
06:56 < road|runner> yeah, i have read but i cant find any reason why TLS-DHE-WITH-RSA-AES-256-CBC-SHA works and TLS-DHE-WITH-RSA-AES-256-CBC-SHA256, TLS-DHE-WITH-RSA-AES-256-GCM-SHA384 .... doest work
06:58 < road|runner> if i setup tls-cipher TLS-DHE-WITH-RSA-AES-256-CBC-SHA all clients are able to connect the server, if i setup TLS-DHE-WITH-RSA-AES-256-CBC-SHA256 no client is able to connect, all is refused
06:59 < road|runner> i dont no why
07:10 < pekster> !hardening
07:10 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
07:10 < pekster> ^ that explains why
07:13 <+hyper_ch> pekster: you also told him to read :)
07:22 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: Lost terminal]
07:25 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]
08:01 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
08:01 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:08 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
08:11 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
08:16 -!- hypermist is now known as pcupgrades
08:20 -!- rangerpbzzzz is now known as rangerpb
08:38 < road|runner> hm, yeah... i see, TLSv1.2 is supported when using 2.3.3 at least... i have running 2.3.6 on all peers and cant set up TLS-DHE-WITH-RSA-AES-256-GCM-SHA384
08:43 < road|runner> another interesting question, why does "openvpn --show-tls" list TLS-ECDHE-* ciphers when not supported?
08:45 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
08:46 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
08:57 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:02 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
09:04 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Client Quit]
09:15 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
09:17 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
09:20 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
09:47 -!- u0m3 [~u0m3@92.80.70.244] has quit [Read error: Connection reset by peer]
09:49 < plaisthos> road|runner: what error are you getting?
09:51 < plaisthos> road|runner: my android client (-master) against my serer (also -master) negoiate Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
09:51 -!- u0m3 [~u0m3@109.96.139.134] has joined #openvpn
09:53 <+esde> i dont owe you anything :P
09:54 < road|runner> plaisthos: where can i send you a pastebin?
09:54 <+esde> here! :)
09:54 <+esde> the more eyes on it, the better!! :D
09:55 < road|runner> !paste
09:55 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
09:58 < road|runner> https://gist.github.com/anonymous/46cb163fcb8498f724ee
09:58 <@vpnHelper> Title: client output connecting server setup tls-ciper TLS-DHE-WITH-RSA-AES-256-GCM-SHA384, both machines run openvpn 2.3.6 (at gist.github.com)
09:58 < road|runner> that is, what i see, at client site
10:00 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:00 < road|runner> then client waits for 2s and starts next trail of connecting server
10:00 <+esde> !configs
10:00 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:00 <+esde> let me see the client config please
10:02 < plaisthos> road|runner: openssl version on the server?
10:03 < road|runner> 1.0.1j
10:04 < road|runner> i run openvpn on windows
10:04 < plaisthos> both sides?
10:04 < plaisthos> okay then that shouldn't be the problem
10:05 <+esde> k then. my .02 is to make sure you're using double-backslashes in your config
10:05 <+esde> since i cant see the config itself
10:06 < road|runner> https://gist.github.com/anonymous/7c1ce1d27fa9ffc55ac9
10:06 <@vpnHelper> Title: client.ovpn (at gist.github.com)
10:09 <+esde> :)
10:09 <+esde> auth RSA-SHA512?
10:09 <+esde> not familiar with that
10:10 < road|runner> yeah... i have tried out some things
10:10 <+esde> Have you tried removing the RSA- prefix?
10:10 < road|runner> no... but ill do
10:11 <+esde> and i dont see tls-auth in the config at all
10:11 <+esde> *-cipher
10:12 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 244 seconds]
10:12 <+esde> if it's in the server config, but not the client, that would cause an error
10:12 < plaisthos> esde: no
10:12 < plaisthos> it shouldn't
10:12 < plaisthos> esde: you are thinking of cipher
10:13 <+esde> right
10:13 <+esde> tls-cipher
10:13 < road|runner> yeah... docs explain only data channel settings must be copied form server to client configs
10:13 < road|runner> am i wrong?
10:14 < plaisthos> tls-cipher set the ciphersuite argument of SSL for the control channel
10:14 <+esde> ive only ever put tls-cipher on client/server configs, both. and never had a problem with it
10:15 < plaisthos> the default of tls-cipher is "DEFAULT:!EXP:!PSK:!SRP:!kRSA"
10:18 <+esde> yuk
10:24 < road|runner> ok... when i set up tls-cipher option in client conf, then a tls-error occours
10:25 < plaisthos> esde: welcome to OpenSSL  :)
10:25 < road|runner> set up only in server conf... client refuses connection
10:25 <+esde> so remove tls-cipher entierly for a moment
10:25 < plaisthos> road|runner: your log shows no error message at all
10:26 <+esde> thanks plaisthos i've used scripts that deal with the openssl stuff for me. but for openssl itself, im still green
10:26 < road|runner> yeah... that one is with tls-cipher option only in server conf...   errors occour, when i copy it to client conf too
10:27 < plaisthos> esde: apache configs usually have the same stuff in them
10:27 < plaisthos> someting like SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
10:27 <+esde> created web certs and dhparam with openssl directly, but thats really straightforward for the most part, lol
10:27 < plaisthos> (only that openvpn does remove suits instead of adding)
10:28 < road|runner> hm... so, this ist not a openvpn issue, its an openssl one?
10:29 < plaisthos> road|runner: yeah that tls-cipher stuff is more OpenSSL version talking to each other
10:29 < plaisthos> but you a need a certain openvpn version to enable tls1.1+
10:31 < road|runner> and on *nix systems everything is fine?
10:31 <+esde> !bestos
10:31 <@vpnHelper> "bestos" is the best os for openvpn is the one you are most comfortable with
10:32 <+esde> if windows is your bag, keep at it and get it working. if you are comfortable with other OS's, trial some :)
10:32 < plaisthos> road|runner: what cipher do you get if you let client/server connect without the tls-cipher option?
10:32 < plaisthos> openssl should automatically select the strongest cipher
10:32 < yeik> found something interesting yesterday.
10:32 < plaisthos> you can set tls-version-min 1.2 on server/client to guard yourself against old tls versions
10:32 < yeik> plaisthos i believe you get a blowfish cipher by default...
10:33 < plaisthos> yeik: tls-cipher != cipher
10:33 < road|runner> one moment.. i ll look for it
10:33 <+esde> mmmm tls 1.2
10:33 < yeik> right, just noticed you mentioned tls cipher in the post above.
10:33 < plaisthos> :)
10:33 < plaisthos> I mean I get  cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
10:33 <+esde> too bad pfsense openvpn client only support tls 1.0 :/ lol
10:34 < plaisthos> yeah
10:34 < plaisthos> the feature is relatively new
10:34 <+esde> someone needs to poke them with a sharp stick. i want 2.3.6 in pfsense, not 2.3.3 :[
10:35 -!- NTolerance [~nt@2606:a000:a002:8c00:21a:4dff:fe4d:4e75] has joined #openvpn
10:35 < NTolerance> !welcome
10:35 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
10:35 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:36 < road|runner> plaisthos: control channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
10:36 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds]
10:36 < NTolerance> !goal
10:36 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
10:36 < road|runner> this ist what i get, when tls-cipher option is not set up att all
10:37 < NTolerance> I would like to make OpenVPN connection logs available to another server on my network.  This will be given to an application that will generate a VPN connection report.
10:37 <+esde> rsync?
10:38 < NTolerance> esde, yeah, that would work.  i just wonder if there's any "fancier" way to do it.  like remote syslogging or maybe some feature in the openvpn server for shipping off log data.
10:38 <+esde> the best solution is what works for you
10:38 < NTolerance> in my case i have a python script that generates an HTML report for security data. i want to include VPN connection logs.
10:38 <+esde> but there might be some remote logging feature
10:39 < plaisthos> road|runner: that is a tls 1.0 cipher suite iirc
10:40 <@krzee> remote logging feature? you mean syslog?
10:40 < NTolerance> yeah, something like that
10:40 <+esde> http://chschneider.eu/linux/server/openvpn.shtml
10:40 <@vpnHelper> Title: OpenVPN (Virtual Private Network) (at chschneider.eu)
10:40 <+esde> see Caveat: Chroot Jail and Syslog
10:40 <+esde> dont use it as a copy-paste guide, but maybe you can find some useful info
10:41 <@krzee> NTolerance, syslog is the default when you use --daemon, but see the syslog options
10:41 < plaisthos> road|runner: you can try with tls-version-min 1.2 set on both client and server
10:41 < plaisthos> and see what happens
10:41 < plaisthos> the result /should/ be different
10:41  * esde hands krzee a coffee
10:41 < NTolerance> thanks folks, i am reading about syslog options now
10:41 < plaisthos> or server/client fail to start because tls 1.2 does not work
10:42 <@krzee> esde, i wish you really just did that, after my joint im going to go make one :D
10:42 <+esde> it's a milky way latte, FYI
10:42 <@krzee> mmmm
10:43 <@krzee> in jail thats called a cadilac
10:46 < road|runner> plaisthos: this works
10:49 < plaisthos> iirc there was something OpenVPN 2.3.x that some client/server combination would not work with tls 1.1+ enabled (weird corner cases) and for 2.3.6 the default *might* be tls 1.0 only
10:49 < plaisthos> setting tls-version-max/tls-version-min to same values might enable tls 1.1+
10:52 < road|runner> hm...now, we have solved. together we are strong :)
10:53 <+esde> the last bit is very true
10:53 < plaisthos> I tend to use master on client and server so I forgot about that quirk
10:54 <+esde> oh pfsense will have openvpn 2.3.6 in 2.2, which will hopefully be released soon(ish?)
10:54 -!- `Yoda is now known as Yoder
10:58 <@krzee> meh i just use freebsd, i dont need the web gui of pfsense
10:58 <+esde> i still do
10:59 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:59 <+esde> to maintain my sanity, under the current conditions
11:03 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
11:07 -!- lpapp [~lpapp@kde/lpapp] has joined #openvpn
11:07 < lpapp> hi, are the ca, cert, and key parameters mandatory in the client configuration file?
11:07 <+esde> !howto
11:07 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:08 <+esde> see the bit about PKI
11:08 <@krzee> !pki
11:08 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) See !certman for various PKI management frontends or (#3) also see
11:08 <@vpnHelper> !intro-to-pki
11:09 <@krzee> oh haha used to be a direct link to the relevant part of the howto
11:09 <@krzee> !forget pki 2
11:09 <@vpnHelper> Joo got it.
11:09 <@krzee> !forget pki 2
11:09 <@vpnHelper> Joo got it.
11:10 <@krzee> !learn pki as !certman for various PKI management tools
11:10 <@vpnHelper> Joo got it.
11:10 <@krzee> !learn pki as see !intro-to-pki
11:10 <@vpnHelper> Joo got it.
11:10 <@krzee> !pki
11:10 -!- Latrina [~Latrina@ppp-90-5.26-151.libero.it] has joined #openvpn
11:10 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-pki
11:11 < lpapp> interesting ... our windows users do not need such keys to use VPN.
11:11 < lpapp> for the same server.
11:12 < lpapp> they just enter the server address and the normal login credentials for the daily login... so apparently, it can be done without. Why is it mandatory then by openvpn?
11:12 < pekster> !factoids search log
11:12 <@vpnHelper> 'irclogs', 'topology', 'blog', 'changelog', 'logs', and 'logfile'
11:12 <@krzee> lpapp, who said it was mandatory?
11:12 < pekster> NTolerance: Maybe something like this does what you want? https://github.com/QueuingKoala/openvpn-db-log
11:12 <@vpnHelper> Title: QueuingKoala/openvpn-db-log · GitHub (at github.com)
11:12 <+esde> PKI is optional
11:12 < lpapp> krzee: I did :)
11:12 <+esde> iirc
11:12 < lpapp> based on my understanding, so I am probably wrong then.
11:13 <@krzee> !authpass
11:13 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
11:13 < NTolerance> pekster, yes, that sounds like my use case
11:13 <+esde> been reading a guide or tut of some sort? lpapp
11:13 < lpapp> oh, yeah, --auth-user-pass-verify was what I used 4-5 years ago, I think.
11:13 < lpapp> esde: yes, archwiki
11:13 < lpapp> https://wiki.archlinux.org/index.php/OpenVPN
11:13 <@vpnHelper> Title: OpenVPN - ArchWiki (at wiki.archlinux.org)
11:14 <+esde> howto is the de facto guide
11:14 <+esde> that and man pages :)
11:15 <@krzee> !walkthrough
11:15 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
11:15 < lpapp> I see, thanks.
11:15 <@krzee> np
11:16 < lpapp> # This configuration can be used by multiple #
11:16 < lpapp> # clients, however each client should have   #
11:16 < lpapp> # its own cert and key files.                #
11:16 < lpapp> from here: http://openvpn.net/index.php/open-source/documentation/howto.html#client
11:16 <@vpnHelper> Title: HOWTO (at openvpn.net)
11:16 <+esde> !paste
11:16 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
11:17 <+esde> Please dont spam the channel
11:17 < lpapp> should does not read as optional.
11:17 < lpapp> esde: that was three lines as far as I can tell.
11:17 < lpapp> does that count as spam here?
11:17 <+esde> 4 plus vpnHelper's spam
11:19 < lpapp> no, the paste was three lines, eh, either way, there must be bigger problems in life :)
11:19 < lpapp> is there some tutorial for raw password authentication? I would expect it as a common case.
11:19 <+esde> !walkthrough
11:19 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
11:20 < lpapp> that was already pasted and as you can see above I linked from the above
11:20 < lpapp> is this some walkthrough robo channel?
11:20 <+esde> lol
11:20 <+esde> not if you can read
11:20 < lpapp> well, I cannot see any tutorial for raw password
11:20 < lpapp> that is exactly why I linked the text above
11:20 <+esde> someone already provided !authpass for you
11:20 < lpapp> even that tutorial writes "should".
11:21 < lpapp> esde: sure, but that is not a tutorial with example client configuration
11:21 < lpapp> what I am looking for really, is copy/pastable example that just works.
11:22 <+esde> wont find it here
11:22 < lpapp> not because I am lazy or something, because I guess that is what raw password users really need.
11:22 <+esde> you have to think for yourself
11:22 < lpapp> eh.
11:22 <+esde> !spoonfeed
11:22 < lpapp> tutorial reading != not thinking.
11:22 < lpapp> ok, I am done with this channel.
11:22 <+esde> !spoonfed
11:22 -!- lpapp [~lpapp@kde/lpapp] has left #openvpn []
11:23 <+esde> ¯\_(ツ)_/¯
11:26 -!- lpapp [~lpapp@kde/lpapp] has joined #openvpn
11:26 < lpapp> for those who look for it in the future, here goes it (sort of): http://openvpn.net/index.php/open-source/documentation/howto.html#auth
11:26 <@vpnHelper> Title: HOWTO (at openvpn.net)
11:27 < lpapp> that is exactly the link that I was looking for.
11:27 < lpapp> despite the bot says google sucks, that led me to this.
11:38 <@krzee> thats the howto
11:39 <@krzee> we told you to look at that, lol
11:39 <@krzee> thought you were done with this channel?
11:40 < lpapp> I were not looking for the general howto
11:41 < lpapp> I was looking for specific information
11:41 <@krzee> and you found it in the howto
11:41 < lpapp> by googling and found some third-party site where they linked to it, yes.
11:41 < lpapp> thankful for that.
11:41 <@krzee> then you came back and gave us the link to the howto that we told you to look at
11:41 <@krzee> good job, lol
11:41 < lpapp> eh, I do not care about this discussion.
11:42 < lpapp> I just provided the link for those who look for the same information as I did.
11:42 < lpapp> to help them out.
11:42 < lpapp> there really is not more to it.
11:42 <@krzee> dont worry we'll give them the link to the howto
11:42 < lpapp> unless I am here; I can give the specific link.
11:42 <@krzee> !howto
11:42 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:42 < lpapp> no problem, do not worry.
11:43 <@krzee> if your browser has the search feature that may help, if not maybe you're in the shell so you can try grep :-p
11:44 < lpapp> not sure how search helps if you do not know what to look for ...
11:44 < lpapp> but I really do not want to get involed much in this discussion
11:44 < lpapp> I was looking for some information and luckily, I found it. I thought I would share it with others for future reference.
11:44 < lpapp> that is all to it.
11:45 < lpapp> hope that it helps some, if not, that is fine, too.
11:46 <@krzee> next time when you go to a help channel and they give you a link to their howto, maybe just read the whole thing
11:46 <@krzee> thats my advise to you
11:46 <@krzee> you do not need to take it, but it is offered.
11:47 < lpapp> I would have read it if no one had provided the information I needed.
11:47 <@krzee> cool, ttyl
11:47 <@krzee> or do you need more help?
11:47 < lpapp> (not sure why you think this is my first help question or answer on irc though, but I am fine with you thinking so)
11:47 < lpapp> no, that is all to it, thanks.
11:49 < lpapp> probably I will blog about the solution as well to have another "sucky" third-party post :)
11:49 <@krzee> i did not think it was your first time, but i did feel you could use some advice
11:49 <@krzee> because you literally came back and said something about how the bot was wrong and that you used google to find the information in the howto that the bot had given you
11:50 <@krzee> collectively every person who does support online facepalmed at that moment
11:50 < lpapp> I do not really care if others facepalm. What I care about problems solved for the questions.
11:51 < lpapp> I am not too much interested in anything else than solving the problems in the questions.
11:51 < lpapp> I could also give advices... but probably it would be handled as offense, so I will skip that.
11:51 <@krzee> you left, then came back to argue simply because we said to read the howto instead of using google, and you used google to find the document we gave you
11:51 < lpapp> not sure what point you are trying to achieve. Like I mentioned a while ago, the problem is solved.
11:52 < lpapp> that is good, isn't it?
11:52 <@krzee> hey you're the one who came back to talk about it
11:52 < lpapp> what is wrong about giving a link that answers the question?
11:52 <@krzee> well its the exact link we gave you
11:52 < lpapp> others may find it useful ... blogs and sites (e.g. Stack Overflow) build on that.
11:52 <@krzee> so aside from the irony and humor, nothing.
11:53 < lpapp> not really, no.
11:53 < lpapp> #auth was the answer for the question and I did not see that.
11:53 <@krzee> how about this
11:53 < lpapp> let me see the log again if someone had pasted #auth.
11:54 <@krzee> *!*@lpapp@kde/lpapp added to ignore list.
11:54 < lpapp> grep -rn "#auth" \#openvpn.log | grep -v lpapp -> returns nothing.
11:54 < lpapp> yet, if I had skipped it, I apologize.
11:54 <@krzee> grr messged up my ignore
11:55 <@krzee> better
12:00 -!- lpapp [~lpapp@kde/lpapp] has left #openvpn []
12:03 <@krzee> he literally linked us to the howto
12:04 <@krzee> :D
12:07 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Quit: x]
12:09 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
12:35 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
12:58 < road|runner> plaisthos: have i to setup ecparams to use TLS-ECDHE-* just like dhparam at DHE ?
12:59 < road|runner> TLS-DHE-*
13:00 <+esde> i just got back from lunch, nice scrollback, lol
13:03 < road|runner> ;-)
13:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:32 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
13:32 -!- mode/#openvpn [+v s7r] by ChanServ
13:34 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
13:44 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 245 seconds]
13:52 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:53 -!- yeik [~jket@2601:7:6881:4700:fab1:56ff:feb8:524a] has quit [Remote host closed the connection]
13:53 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
13:56 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has joined #openvpn
13:56 < Dimik> can some one help me with openvpn dns issue on windows box
13:57 <+esde> !welcome
13:57 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
13:57 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:59 < Dimik> !sample server.conf
13:59 < Dimik> !route
14:00 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
14:01 < Dimik> !serverlan
14:01 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
14:01 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
14:22 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds]
14:42 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has joined #openvpn
14:44 < Dimik> i can ping openvpn server but not lan
14:47 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:51 <+esde> Dimik, we require more detail than that. Please try to describe your goal, and current setup. And also include any configs, logs, and routing information (see !allinfo for more info). :)
14:51 <+esde> !crystal
14:51 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
14:54 < Dimik> esde, hi, I setup an OpenVPN server on Windows 8 machine in the office so I can access office LAN, when I connect with client to OpenVPN server I get the VPN IP and am able to ping the OpenVPN server but I am not able to ping/reach any computers on the LAN
14:55 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:55 -!- kexmex [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
14:55 < Dimik> here's my server.ovpn config file http://pastebin.com/Bp77VYrZ
14:56 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:56 -!- kexmex [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
14:56 < Dimik> the LAN is 192.168.80.1/24
14:57 < Dimik> OpenVPN IP block is 172.16.1.1/24
14:58 < Dimik> the LAN IP of the Windows 8 machine is 192.168.80.112
14:58 <+esde> good detail, thank you. just wait and someone may be able to offer advice shortly
15:00 < Dimik> thx
15:00 <+esde> on an unrelated note,dh1024.pem is too weak. you should be using >2048 bit for security:)
15:00 < Dimik> thank you i'll keep that in mind
15:01 <+esde> attacks on that bitsize are a threat nowadays
15:02 <+esde> one other recommendation onces it's up, is to configure tls-auth as well, with tls-cipher too :)
15:03 < Dimik> great
15:04 <+esde> that'll help prevent denial of service attacks and !ovpnuke
15:04 <+esde> though ovpnuke is a denial of service attack iirc
15:05 < Dimik> interesting
15:05 <+esde> is ip forwarding enabled on the server?
15:05 <+esde> !winipforward
15:05 <@vpnHelper> "winipforward" is (#1) http://support.microsoft.com/kb/315236 to enable ip forwarding on windows or (#2) reboot after enabling it
15:05 < Dimik> i don't think it is
15:07 < Dimik> let's see :)
15:08 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:13 < Dimik> (rebooting remote server)
15:16 < Dimik> oh wow
15:16 < Dimik> it's working
15:17 <+esde> :D
15:17 < Dimik> thank you thank you thank you
15:17 <+esde> now go add tls-auth and tls-cipher :)
15:17 <+esde> !hardening
15:17 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
15:18 <+esde> and kick up the bitsize for your PKI stuff by editting vars, and recreting your keys and certs when you get a chance :)
15:18 <+esde> *ea
15:19 < Dimik> false alarm
15:20 < Dimik> it's not working, i guess something wrong with the push route statement
15:20 <+esde> did you pastebin that already?
15:20 < Dimik> the server.ovpn config file yeah
15:21 <+hyper_ch> or go 4096
15:21 <+esde> oh yeah, probably a routing misconfiguration.  best to wait for someone with more networking prowess to help
15:22 <+esde> >=4096 is nice if you have the time to spare
15:22 <+hyper_ch> esde: did you prey on pekster?
15:22 <+esde> wat
15:22 <+hyper_ch> pekster added the hardening factoid this afternoon ;) and you're already using it
15:23 <+esde> erm, it's been there
15:23 <+hyper_ch> arg.... you're right :)
15:23 <+hyper_ch> I tried !harden ;)
15:25 <+esde> onto chroot and jail this weekend, possibly
15:25 <+hyper_ch> ?
15:25 <+esde> make openvpn safer
15:25 < Dimik> yeah it's not routing :\
15:26 < Dimik> i manually added 'route add 192.168.80.0 mask 255.255.255.0 172.16.1.1' that gets me nowhere
15:26 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Quit: Leaving]
15:28 <+esde> hyper_ch, running openvpn in a chroot jail
15:28 <+hyper_ch> if you wanna make it save, build a faraday cage around your computer ;)
15:30 <+esde> farraday cages and chroot jail are completely different
15:30 <+hyper_ch> I know
15:30 <+esde> ah.
15:30 <+hyper_ch> but farrayday cage will make it really safe
15:31 <+esde> if i'm to the point where im up against physical intrusion, it's already over
15:31 <+hyper_ch> farrayday cage won't protect against physical intrusion
15:31 <+esde> then my understanding of radio waves is way off
15:32 <+esde> and EMP that is
15:32 <+hyper_ch> oh, you understand physical intrusion as radio waves and emp?
15:32 <+esde> i would count a malicious EMP as physical intrusion to my machine
15:32 <+esde> the EMP is physically effecting the system at that point
15:32 <+hyper_ch> well, I thought it would shield against any electric communication (and render the vpn useless)
15:33 <+hyper_ch> you can't signal out
15:33 <+hyper_ch> but others can't signal in
15:33 <+esde> ?
15:33 <+hyper_ch> maybe my understanding is off
15:35 <+esde> if farraday cages prevented computers within them from being able to communicate electronically, then a lot of alphabet agencies would not be getting a lot of work done
15:35 <+esde> among other organizations
15:35 <+esde> (as many secure buildings are essentially giant farraday cages)
15:37 < Dimik> i'll donate 5 bucks to whoever can help me lol
15:37  * Dimik desperate
15:37 -!- voglster [c63d3a01@gateway/web/cgi-irc/kiwiirc.com/ip.198.61.58.1] has joined #openvpn
15:37 <+esde> Dimik, if you wait patiently, other helpers may offer advice for free :) (as is the norm)
15:37 <+hyper_ch> Dimik: just do what esde said :)
15:38 < Dimik> i know i'm so impatient :)
15:38 <+hyper_ch> but my guess is your main problem is using Windows :)
15:38 < Dimik> yeah it's for the office, i used untangle firewall before and it worked fine
15:38 <+esde> Dimik, AS might work for you. 2 users is free, and it's got a web gui
15:39 <+esde> !AS
15:39 < voglster> this might be a linux question or an openvpn question... im trying to setup a point to point tunnel on some linux based routers with open vpn... openvpn --mktun --dev tun0 && ifconfig tun0 10.0.0.2 netmask 255.255.255.255 promisc up
15:39 <@vpnHelper> "AS" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
15:39 <+esde> !welcome
15:39 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
15:39 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:39 <+esde> voglster, ^
15:39 < voglster> but if i just check the tun using ifconfig tun0 i see the p-t-p link is 10.0.0.2 as well when it should be 10.0.0.1
15:40 < Dimik> they don't let me run linux anymore so i'm stuck with windows8
15:40 <+esde> bummer
15:40 <+esde> virtualbox
15:41 < Dimik> yeahhhhhhh that includes virtualbox
15:41 <+esde> ouch
15:41 < Dimik> which is what i ran openvpn on before
15:41 < Dimik> with untangle firewall
15:41 <+esde> ssh tunnel? (;
15:42 < Dimik> hm?
15:42 < Dimik> :)
15:43 -!- Kottizen [martin@trekweb/supporter/kottizen] has left #openvpn []
15:44 <+esde> http://www.extremetech.com/computing/93106-escaping-the-firewall-with-an-ssh-tunnel-socks-proxy-and-putty
15:44 <@vpnHelper> Title: Escaping the firewall with an SSH tunnel, SOCKS proxy, and PuTTY | ExtremeTech (at www.extremetech.com)
15:44 <+esde> not the greatest informational, but it should give you at least the gist
15:45 < Dimik> interesting
15:51 < voglster> I would like to setup a site to site vpn using dd-wrt routers...  i started with following this guide http://wadihzaatar.com/?p=11 but there is an error when creating the route...  pastebin of all my configs and firewall changes http://pastebin.com/6mYaXPXc includes route error... anyone have any thoughts?
15:51 < Dimik> so i uncommented 'push "redirect-gateway def1 bypass-dhcp" ' and now all my traffic goes through the remote server
15:52 < Dimik> the outside global IP changes
15:52 <+hyper_ch> !def1
15:52 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
15:52 < Dimik> but still can't reach LAN computers
15:52 <+esde> !walkthrough
15:52 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
15:52 <+esde> voglster, ^
15:53 < Dimik> ohh
15:53 <+esde> permissions on static.key are too liberal for one voglster
15:53 < Dimik> i am able to reach the windows 8 machine that's a progress!
15:53 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 272 seconds]
15:53 <+esde> WARNING: file '/tmp/static.key' is group or others accessible
15:53 <+esde> not sure why you'd have one of your keyfiles in /tmp, but hey, you're setup
15:53 < voglster> esde i know that... but that shouldnt cause the problem...
15:54 <+esde> *your
15:54 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:54 <+esde> i didnt say it was
15:54 < voglster> because its a dd-wrt router not a full linux box
15:54 < voglster> ok
15:55 <+hyper_ch> how is a dd-wrt not a full linux box=
15:56 <+hyper_ch> ?
15:57 <+esde> i think he meant it's not a full featured distro, iterating that he's working with embedded hardware
15:57 < voglster> it is... just saying i dont have a easily accesible r/w directory at the moment so I am using tmp to test it
15:57 < voglster> esde thanks.. thats what i should have said
15:57 <+esde> dd-wrt has built-in openvpn support, does it not?
15:58 <+esde> not that i'm a fan of tools to do something you can do yourself, but if it will save you aggravation...
15:58 < voglster> with the right build yes
15:58 <+hyper_ch> and what openvpn version has it?
15:58 <+esde> i gotta run soon but is it a micro build or something?
15:59 <+esde> 2.3.2 -  OpenVPN 2.3.2 arm-unknown-linux-gnu
15:59 < voglster> no its the standard buffalo build
16:00 < voglster> should be mega if my memory serves me right but havent confirmed
16:00 <+esde> http://i.imgur.com/EmCO5oU.png
16:00 <+esde> am i missing something?
16:00 < Dimik> ok by manual route it's working
16:01 < Dimik> wonder how to push it automatically
16:01 <+esde> woo-hoo o/ Dimik
16:01 < Dimik> xDDD
16:01 <+esde> wait in here for an answer if you cant find it yourself :)
16:01  * Dimik pays himself 5 bucks lol
16:01 < Dimik> coffee money :)
16:01 <+esde> ok gotta go, good luck voglster
16:01 < voglster> thanks anyway esde
16:02 <+esde> you'll get help in here if you're patient and listen to ppl trying to help
16:02 < voglster> i come here because im not patient enough for forums :)
16:02 < voglster> but i know... i help plenty of others in #linux, #ruby.. etc
16:03 < voglster> hopefully someone can help its gotta be something simple
16:03 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:05 < pekster> openwrt fixes that with a proper filesystem, and real userland tooling too
16:05 < pekster> Plus they don't violate GPL by keeping their build tools a secret, and don't "accidently" allow mystery IP addresses though the firewall
16:05 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Remote host closed the connection]
16:06 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
16:06 < voglster> pekster while I agree with you its outside my control at the moment to decide what to use
16:07 < voglster> pekster I already have an openvpn server running on an internal box that i can connect to... I am just trying to do someone on the router side at a satelite site so each client doenst need to run their own openvpn
16:08 < voglster> something*
16:09 < pekster> I don't see any configs, just ugly shell code
16:09 < voglster> well ugly shell code dumps the configs to tmp accordingly
16:09 < pekster> Also, don't use ifconfig for displaying PtP details; it omits the peering IP becuase ifconfig is about 15 years out of date
16:09  * pekster shrugs
16:10 < voglster> pekster:what should i use?
16:10 < pekster> I'm not interested in parsing or supporting shell code, or how you set up your configs (you could probably give me an ed script too that I'd be just as inclined to ignore)
16:10 < pekster> Pastebin just the configs. If you're trying to show Netfilter configuration, pastebin the actual ruleset, not shell code that you think shows your full ruleset state (becuase it probably doesn't.)
16:11 < pekster> https://github.com/QueuingKoala/fn-netfilter/wiki#paste
16:11 < pekster> Real interface output shold be used too, provided the userland doesn't suck so bad as to lack that too:
16:11 < pekster> !interface
16:11 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For Linux:
16:12 <@vpnHelper> iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
16:12 < pekster> !logs
16:12 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:12 < pekster> Note the bit about verbosity; that's going to be about 200 or 300 lines long
16:12 < pekster> Basically all the bits you missed from !welcome
16:14 < pekster> PtP doesn't use netmasks either, nor is it on-link
16:14 < pekster> Really you should just use the --ifconfig directive to openvpn because it's aware of PtP interfaces. If you want to do it yourself, use the `ip` command (a busybox applet call is fine here, since it _does_ support enough of the modern Linux kernel semantics for this)
16:15 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 35.0/20150108202552]]
16:18 < voglster> pekster: thank you for taking the time to explain this to me.. may take me a bit to get the required logs and rework my configs.. sorry you needed to point me to !welcome and I didnt take the time to read it
16:18 < pekster> Well, the other half of the issue here is that if you want a PtP config, you need to actually set that up
16:20 < pekster> The most basic example of that would be: openvpn --ifconfig 10.3.2.1 10.3.2.2 --dev tun --secret /some/key
16:20 < pekster> Then just route across it in the usual way. For real-world applications you probably want some --keepalive set up too so firewalls stay open, unless you own all border filtering
16:21 < pekster> The concept of promisc on tun devices is meaningless too
16:21 < voglster> yea i was a little curious about that too
16:21 < voglster> but i figured id leave it up
16:23 < pekster> See /sbin/ip (or maybe aliases to 'busybox ip' for embedded/busybox setups) for the modern way to do this for over a decade on Linux. Really it's best to avoid all of the net-tools bits: https://github.com/QueuingKoala/fn-netfilter/wiki#avoid
16:23 <@vpnHelper> Title: Home · QueuingKoala/fn-netfilter Wiki · GitHub (at github.com)
16:24 -!- mattock is now known as mattock_afk
16:25 < voglster> pekster: im an oldschool freebsd user (from late 80's) and completely self taught so I guess i missed ip somehow
16:25 < voglster> pekster: but thank you
16:26 < pekster> Right, *BSD userland simply kept their "classicly" named tools up to date, including for IPv6, and kernel changes. Linux just up and abaonded the cruft with the now-quite-old-news changes during 2.2 development
16:28 -!- u0m3_ [~u0m3@109.96.139.134] has joined #openvpn
16:28 < pekster> I think all you need/want here is to use openvpn's --ifconfig directive in your configs, drop all the manual addressing you're doing now, and then route across as you need. The routes can probably go into the openvpn config too using the --route semantics of the openvpn config
16:28 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:31 -!- u0m3 [~u0m3@109.96.139.134] has quit [Ping timeout: 245 seconds]
16:31 < voglster> yup thats what i just what i am testing right now
16:33 < voglster> rebooting router might disconnect here
16:33 < voglster> thanks again pekster
16:36 -!- voglster [c63d3a01@gateway/web/cgi-irc/kiwiirc.com/ip.198.61.58.1] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
16:39 -!- paxmark9 [~paxtormar@50.72.94.240] has joined #openvpn
16:49 -!- rangerpb is now known as rangerpbzzzz
16:58 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 250 seconds]
16:58 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
16:59 -!- mode/#openvpn [+v s7r] by ChanServ
17:02 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
17:06 -!- paxmark9 [~paxtormar@50.72.94.240] has quit [Ping timeout: 245 seconds]
17:09 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
17:09 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has quit [Excess Flood]
17:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
17:09 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has joined #openvpn
17:10 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has quit [Excess Flood]
17:11 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has joined #openvpn
17:18 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:18 -!- james41382__ [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
17:19 -!- james41382_ [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Read error: Connection reset by peer]
17:41 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
17:54 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
17:54 -!- james41382__ [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Ping timeout: 265 seconds]
17:59 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
18:20 -!- pcupgrades is now known as hypermist
18:23 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has quit [Ping timeout: 272 seconds]
18:36 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:59 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
19:01 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
19:02 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Client Quit]
19:11 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
19:25 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
19:25 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
19:40 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
20:14 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
20:21 -!- julius_ [~julius_@p3EE29D8F.dip0.t-ipconnect.de] has quit [Ping timeout: 252 seconds]
20:22 -!- julius_ [~julius_@p3EE28B1C.dip0.t-ipconnect.de] has joined #openvpn
20:31 -!- hypermist is now known as pcupgrades
20:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
20:53 -!- DracoDan [~no@pool-108-28-227-179.washdc.fios.verizon.net] has quit [Read error: Connection reset by peer]
21:12 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Remote host closed the connection]
21:22 -!- pcupgrades is now known as hypermist
21:30 -!- Denial [~Denial@host86-163-6-191.range86-163.btcentralplus.com] has quit [Ping timeout: 256 seconds]
21:46 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 245 seconds]
21:46 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
21:58 -!- yeik [~jeff@c-76-23-46-182.hsd1.ut.comcast.net] has joined #openvpn
22:00 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
22:00 < yeik> Does anybody have basic overview of how openvpn handles the tap driver in windows? is it multi-threaded, one thread for read, one for write?
22:02 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
22:04 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 264 seconds]
22:04 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
22:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:25 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
22:28 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
22:59 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:27 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
23:31 -!- ShadniX [dagger@p57941097.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX [dagger@p5481DA90.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Jan 24 2015
00:20 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
00:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
00:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Max SendQ exceeded]
00:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
00:46 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 255 seconds]
00:53 -!- floydwilde [floyd@2600:3c01::f03c:91ff:fe84:8ed8] has joined #openvpn
00:59 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
01:04 -!- katsmeow [~someone@unaffiliated/katsmeow] has joined #openvpn
01:06 < katsmeow> i have a question: my isp severely limits upload speeds, will use of a vpn block their ability to see the difference between uploading and downloading?
01:08 < katsmeow> or am i still sending normal (upload) packets with the data encrypted inside them?
01:19 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
01:21 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 276 seconds]
02:34 -!- mattock_afk is now known as mattock
03:04 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
03:25 -!- mattock is now known as mattock_afk
03:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:44 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Max SendQ exceeded]
03:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:48 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Max SendQ exceeded]
03:49 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:53 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 244 seconds]
04:15 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:21 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 256 seconds]
05:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:28 < plaisthos> katsmeow: a vpn will not help you
05:28 < plaisthos> a 5MBit/s down 512kBit/s up will stay that way
05:30 < katsmeow> no chance of a "bi-directional connection opened as a downstream"?
05:30  * katsmeow curses
05:30 < plaisthos> well it is a physical limit of the technology of most cases
05:31 < katsmeow> i'd need two lines then, one 5M/512k, one 512k/5M
05:31 < plaisthos> yeah
05:31 < katsmeow> thing is, my upload is 20k bits/sec , and that seriously sucks
05:33 < katsmeow> took me 6hrs to upload something to an http server, that took someone else only 30 secs to dl
05:34 < katsmeow> it's the only isp in town, and any connection out of the area will be on a channelised T1, and 56k at best
05:34  * katsmeow sighs
05:35  * katsmeow waves bye and nicetomeecha to plaisthos
05:35 -!- katsmeow [~someone@unaffiliated/katsmeow] has left #openvpn []
05:39 < TheZealous> I cannot get the OpenVPN to work in pfsense 2.2. Does anyone in here installed OpenVPN on a pfsense box before?
05:39 < plaisthos> !pfsense
05:39 <@vpnHelper> "pfsense" is (#1) dont use the web gui for configuring openvpn, you need to understand the config and logfiles or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config
05:39  * plaisthos personally has not
05:43 < TheZealous> that link doesn't help me at all
05:43 < TheZealous> lol
05:43 < TheZealous> !centos
05:43 <@vpnHelper> "centos" is See !epel5
05:44 < TheZealous> !openvpn
05:49 < TheZealous> where can I get a good instruction on how to install OpenVPN on a linux box...? Any distro
05:49 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 245 seconds]
05:55 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
05:56 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 256 seconds]
05:59 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
06:06 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
06:10 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
06:28 -!- rich0_ is now known as rich0
06:41 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
06:41 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
06:41 -!- badon_ [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
06:42 -!- shadowe989 [~shadowe98@184.9.189.122] has joined #openvpn
06:43 -!- shadowe989 [~shadowe98@184.9.189.122] has quit [Remote host closed the connection]
07:01 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
07:44 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
08:00 -!- hypermist is now known as pcupgrades
08:04 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 276 seconds]
08:06 -!- mattock_afk is now known as mattock
08:11 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:15 < Dougy> mmmm mmm mmm
08:15  * Dougy is up to pfsense 2.2 at home now
08:19 < Eagleman> Is there a counterpart for: --duplicate-cn. I got different cn's but the same usernames.
08:20 < Dougy>  i dont believe so
08:21 < Eagleman> So i need different usernames, or use the option to be able to connect with 2 or more users at the same time?
08:28 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:34 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
08:37 < Eagleman> Also, how do i use peer-id?
08:43 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:01 -!- yeik [~jeff@c-76-23-46-182.hsd1.ut.comcast.net] has quit [Ping timeout: 272 seconds]
09:05 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has quit [Ping timeout: 245 seconds]
09:06 -!- Guest39046 [~gmc@babbelbox.metro.cx] has left #openvpn []
09:08 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
09:17 -!- ender| [~ender1@93-103-210-183.dynamic.t-2.net] has joined #openvpn
09:23 <@krzee> Eagleman, see common-name-as-username
09:23 <@krzee> something like that
09:23 <@krzee> !authpass
09:23 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
09:24 <@krzee> --username-as-common-name, then you can use --duplicate-cn
09:24 <@krzee> Eagleman, hope that helps =]
09:25 < Eagleman> thanks!
09:25 < Eagleman> Do you also know how tu use peer-id?
09:25 < Eagleman> to
09:25  * esde peer-id's Eagleman 
09:27 <@krzee> how are you looking to use it?
09:28 < Eagleman> I read that it saved a lot of power on your phone when using it, i am using OpenVPN for Android
09:28 < Eagleman> saves*
09:29 <@krzee> umm
09:29 <@krzee> so you dont know what it is or does?
09:30 <@krzee> just that it saves power...
09:30 <@krzee> ?
09:30 -!- ender| [~ender1@93-103-210-183.dynamic.t-2.net] has quit [Ping timeout: 252 seconds]
09:30 < Eagleman> not really
09:30 <@krzee> hehe
09:30 <@krzee> well me neither, and i doubt it changes openvpn's power consumption
09:31 <+esde> get a bigger battery
09:31 < Eagleman> - Add peer-id patch (saves energy and makes roaming better if the server supports it)
09:31 <+esde> unless your stuck on iScuk or something
09:31 <+esde> *youre
09:31 <@krzee> wait so this patch isnt even actually part of openvpn??
09:31 < Eagleman> it is...
09:31 <@krzee> oh ok
09:31 <+esde> !peer-id
09:32 <@krzee> so you dont need to add it?
09:32 <+esde> !peerid
09:32 <@krzee> esde,
09:32 < Eagleman> thats why i asked
09:32 <@krzee> !factoids search --values peer-id
09:32 <@vpnHelper> No keys matched that query.
09:32 <@krzee> !factoids search --values peerid
09:32 <@vpnHelper> No keys matched that query.
09:32 <+esde> shiny
09:32 < Eagleman> https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
09:32 <@vpnHelper> Title: ChangesInOpenvpn23 – OpenVPN Community (at community.openvpn.net)
09:32 < Eagleman> Gert Doering (2):
09:32 < Eagleman>       Add client-only support for peer-id.
09:32 <@krzee> Eagleman, im not sure, maybe wait til you see plaisthos talking and ask again
09:33 -!- yeik [~jeff@c-76-23-46-182.hsd1.ut.comcast.net] has joined #openvpn
09:33 < Eagleman> alright
09:36 <@krzee> i dont know about it but he will, he is arne the guy who released "openvpn for android" so if it effects mobile im pretty sure he knows
09:37 <@krzee> i found the patch in trac but its use is not quite obvious to me
09:37 <+esde> im blankly staring at this https://community.openvpn.net/openvpn/attachment/ticket/49/peer-id-v2.patch
09:37 < yeik> why do we use wsasendto instead of sendto?
09:37 <@vpnHelper> Title: peer-id-v2.patch on Ticket #49 – Attachment – OpenVPN Community (at community.openvpn.net)
09:38 <@krzee> lol esde thats it
09:38 <+esde> yeik, #openvpn-devel for development related discussion
09:38 < yeik> k
09:39 <@krzee> definitely not wrong to ask here first, but i dont know and esde doesnt, and we seem to be the active ones here right now ;]  the dev channel idles a bit so ask and then wait, and possibly continue and continue waiting
09:39 < yeik> haha lol
09:40 < yeik> I have been playing with the tap driver in windows a lot lately, and noticed that there are major differences in the way windows 8 handles the driver and the way windows 7 does.
09:40 < yeik> windows 8 buffers everything in memory it seems, and windows 7 overruns the buffer (udp) and drops packets.
09:41 <+esde> wouldnt hurt to copy paste that in the other channel too
09:41 < yeik> slightly unrelated to my question for now.
09:42 <@krzee> The WSASendTo function provides enhanced features over the standard sendto function in two important areas:
09:42 <@krzee> It can be used in conjunction with overlapped sockets to perform overlapped send operations.
09:42 <@krzee> It allows multiple send buffers to be specified making it applicable to the scatter/gather type of I/O.
09:42 <@krzee> https://msdn.microsoft.com/en-us/library/windows/desktop/ms741693(v=vs.85).aspx
09:43 < yeik> I did read that.
09:43 < yeik> and it seems there was a lot of work put in to making windows openvpn fork instead of using createthread from windows.
09:43 <@krzee> cool, was worth linking you, i know nothing of it but google showed me that and i hoped it helped ;]
09:44 <@krzee> openvpn isnt threaded (not sure if related)
09:44 < yeik> no, I appreciate you bringing it up.
09:44 < yeik> threaded, as in one for receive one for send?
09:45 <@krzee> oh
09:45 <@krzee> threaded as in cpu
09:45 <@krzee> thats the context "thread" takes in my head ;]
09:46 < yeik> although maybe the code I am looking at is used for creating sub processes for the up scripts and down scripts
09:47 <@krzee> Eagleman, some peer-id info:  https://community.openvpn.net/openvpn/ticket/49
09:47 <@vpnHelper> Title: #49 (--float does not work with --server) – OpenVPN Community (at community.openvpn.net)
09:47 <+esde> https://stackoverflow.com/posts/3266951/revisions
09:47 <@vpnHelper> Title: Revisions - Stack Overflow (at stackoverflow.com)
09:47 <@krzee> Eagleman, looks like its automagically used when using --float
09:47 < yeik> http://sourceforge.net/p/openvpn/openvpn-testing/ci/master/tree/src/openvpn/win32.c#l929
09:47 <@vpnHelper> Title: OpenVPN / openvpn-testing / [f95010] /src/openvpn/win32.c (at sourceforge.net)
09:48 < Eagleman> Is there a way to test if i am using it?
09:48 <@krzee> by testing if --float works
09:48 <@krzee> it was broken before that patch iirc
09:49 <+esde> Opened 4 Years ago, Closed 3 Weeks ago, lol
09:49 <@krzee> So, using a 2.3.6 or newer client and git master server, you can have the benefits of "tls-float" without the associated risks -
09:59 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has quit [Ping timeout: 264 seconds]
10:01 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
10:10 <+hyper_ch> what good does tls-float bring us?
10:10 <@krzee> !man
10:10 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
10:11 <+hyper_ch> krzee: I don't have friends ;)
10:11 <@krzee> i think he meant --float
10:11 <@krzee> cause i dont see --tls-float
10:12 <+hyper_ch> neither do I see the --tls-float
10:28 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has quit [Max SendQ exceeded]
10:28 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has joined #openvpn
10:30 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
10:33 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has quit [Max SendQ exceeded]
10:34 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has joined #openvpn
10:57 -!- MidnightCommande [MidnightCo@2600:3c03::f03c:91ff:fe50:c0af] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
11:15 -!- Anoniem4l is now known as mein
11:15 -!- mein is now known as mein_
11:15 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
11:19 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
11:20 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has quit [Excess Flood]
11:22 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
11:45 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has joined #openvpn
11:51 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
11:57 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 240 seconds]
12:01 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
12:03 -!- mattock is now known as mattock_afk
12:20 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has quit [Ping timeout: 264 seconds]
12:25 -!- KavanS [~quassel@unaffiliated/kavans] has joined #openvpn
12:34 -!- Peppi [~Peppi@S01065404a62a7737.ed.shawcable.net] has joined #openvpn
12:55 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has joined #openvpn
12:59 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
13:00 < Zedax> Hello.. i'm having an issue on a ovpn "server" (latest version),  i want the clients to go through the server network to internet, i already do this in one machine using *push "redirect-gateway"* and it works fine.. however in other one, with the exact same iptables rules, same kernel version, same ovpn version, and same ovpn config.. it doesn't work, clients don't go anywhere, on the client i can connect with the vpn and talk with o
13:00 < Zedax> any idea what could be wrong?
13:14 -!- KFlambe [81432911@gateway/web/freenode/ip.129.67.41.17] has joined #openvpn
13:15 < KFlambe> Any idea how to get TAP configs running on android?
13:15 < KFlambe> I know the basic android API doesn't accept it without rooting.
13:15 < KFlambe> So... if my phone is rooted, how do I do it?
13:21 < Zedax> KFlambe:  does this work? https://f-droid.org/repository/browse/?fdid=de.blinkt.openvpn
13:21 -!- KavanS [~quassel@unaffiliated/kavans] has quit [Read error: Connection reset by peer]
13:21 <@vpnHelper> Title: F-Droid (at f-droid.org)
13:21 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
13:22 < KFlambe> zedex: No - Anything that uses VPNService can't do TAP-style connects
13:22 < KFlambe> Something about android API based limitations.
13:22 < KFlambe> So the thing is, the newest 4.0 allows VPN apps, but they must be set to TUN.
13:29 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
13:42 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has left #openvpn []
13:48 -!- adaptr [~jgeilman@unaffiliated/adaptr] has quit [Quit: WeeChat 1.0]
13:59 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:02 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
14:04 -!- Henryabcd [~Henryabcd@pD9E097FB.dip0.t-ipconnect.de] has joined #openvpn
14:16 -!- nullx [nullx@unaffiliated/newlex] has joined #openvpn
14:16 -!- nullx [nullx@unaffiliated/newlex] has left #openvpn []
14:19 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
14:33 -!- dob1 [~d@adsl-ull-50-140.51-151.net24.it] has joined #openvpn
14:35 < dob1> hi, i am not able to access a samba share from a windows 7 pc, i think that this related to windows because i have no problems with other clients (different os) but i don't know where to look (googling too). what i see is that the openvpn network is identified as "public network" by windows 7.  all the services (ssh to the server, ftp etc works) but not samba.  just tried to disable windows firewall
14:36 <+hyper_ch> is the samba server also a client in the vpn?
14:38 < dob1> hyper_ch, it's the pc where the vpn run
14:39 <+hyper_ch> and you made samba available for the vpn subnet=
14:39 < dob1> "host allow" and "interfaces" in smb.conf are ok
14:39 <+hyper_ch> I have this:          hosts allow = 127.0.0.1, 10.10.10.0/24, 10.10.11.0/24
14:39 <+hyper_ch> in my smb conf
14:40 < dob1> it's the same, different network but it's this
14:40 <+hyper_ch> 10.10.10.x is the lan and 10.10.11.x is the vpn
14:40 <+hyper_ch> and that works fine for me
14:40 < dob1> are you using windows 7?
14:40 <+hyper_ch> 8.1 on one of the VMs
14:40 < dob1> it identifies the openvpn network as public network?
14:41 <+hyper_ch> I set it as home network
14:41 < dob1> how do you do this?
14:41 <+hyper_ch> it asked when I first established the connection
14:41 -!- Milo- [milo@tux.fi] has joined #openvpn
14:42 < dob1> you open "connection center" and on the vpn network is called as "not identified network" ?
14:43 < dob1> (sorry maybe is different because my system is not in english but hope you understand)
14:43 < Milo-> Hello. This is my openvpn.conf: http://codepad.org/YxoDUozQ and I've used it roughly for a year. Now all of a sudden, starting the service no longer creates tun interface nor necessary local ip addresses.
14:43 <@vpnHelper> Title: Plain Text code by Milo - 14 lines - codepad (at codepad.org)
15:02 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 265 seconds]
15:03 -!- Henryabcd [~Henryabcd@pD9E097FB.dip0.t-ipconnect.de] has quit [Quit: Leaving]
15:06 -!- atmosx_ [~osx@79.103.99.64.dsl.dyn.forthnet.gr] has joined #openvpn
15:07 -!- atmosx_ [~osx@79.103.99.64.dsl.dyn.forthnet.gr] has quit [Client Quit]
15:11 -!- KFlambe [81432911@gateway/web/freenode/ip.129.67.41.17] has quit [Quit: Page closed]
15:26 < dob1> no way, i was able to setup the vpn network on windows 7 as home network but i can't access to the samba share,  even with my phone i can access to it
15:34 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-vdkfrwyjjrlnuubx] has quit []
15:34 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-jyupalcdxfknbizc] has joined #openvpn
15:50 -!- u0m3_ [~u0m3@109.96.139.134] has quit [Read error: Connection reset by peer]
15:51 -!- u0m3_ [~u0m3@109.96.139.134] has joined #openvpn
16:00 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
16:00 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
16:00 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
16:00 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
16:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:32 -!- dob1 [~d@adsl-ull-50-140.51-151.net24.it] has quit [Quit: Leaving]
16:41 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has quit [Max SendQ exceeded]
16:49 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Remote host closed the connection]
16:50 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
17:12 -!- defrio [60325264@gateway/web/cgi-irc/kiwiirc.com/ip.96.50.82.100] has joined #openvpn
17:15 < defrio> if "cipher none" is in the config, can vpn traffic still be encrypted?
17:15 < defrio> thank you in advance, for your time
17:17 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 244 seconds]
17:17 < defrio> !welcome
17:17 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
17:17 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:21 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
17:21 < defrio> !goal
17:21 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
17:23 < defrio> !paste
17:23 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
17:27 < defrio> goal,  I would like to know if my vpn traffic is encrypted, client config pasted below
17:27 < defrio> config,  http://fpaste.org/174087/
17:27 < defrio> sorry if this isn't the right format for questions. It's my first time on openvpn irc
17:29 -!- defrio [60325264@gateway/web/cgi-irc/kiwiirc.com/ip.96.50.82.100] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
17:59 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:05 -!- pcupgrades is now known as hypermist
18:06 -!- defrio [60325264@gateway/web/cgi-irc/kiwiirc.com/ip.96.50.82.100] has joined #openvpn
18:07 -!- defrio [60325264@gateway/web/cgi-irc/kiwiirc.com/ip.96.50.82.100] has quit [Client Quit]
18:40 -!- tchiwam [~tchiwam@194.177.246.74] has quit [Ping timeout: 244 seconds]
18:43 -!- yeik [~jeff@c-76-23-46-182.hsd1.ut.comcast.net] has quit [Quit: Leaving]
18:44 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
19:25 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://hallowe.lt/]
19:27 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
19:30 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:32 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:38 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
20:00 -!- defrio [~holoirc@96.50.82.100] has joined #openvpn
20:11 -!- funnel_ [~funnel@unaffiliated/espiral] has joined #openvpn
20:14 -!- Chais_ [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
20:15 -!- jgeboski- [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
20:15 -!- nsrbnc [whois@unaffiliated/nsrafk] has joined #openvpn
20:16 -!- Netsplit *.net <-> *.split quits: lev__, tekku, Nothing_Much, Milo-, KeatonT, Yoder, funnel, jgeboski, cpt-oblivious, lbft,  (+6 more, use /NETSPLIT to show all of them)
20:16 -!- Chais_ is now known as Chais
20:16 -!- jgeboski- is now known as jgeboski
20:16 -!- funnel_ is now known as funnel
20:16 -!- nsrbnc is now known as nsrafk
20:17 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-yjtqlyffedjyvgmh] has joined #openvpn
20:17 -!- Netsplit over, joins: keatont
20:20 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
20:21 -!- Peppi [~Peppi@S01065404a62a7737.ed.shawcable.net] has quit [Ping timeout: 264 seconds]
20:21 -!- lev__ [~lev@stipakov.fi] has joined #openvpn
20:21 -!- shivanshu_ [~shivanshu@104.131.8.15] has joined #openvpn
20:22 -!- julius_ [~julius_@p3EE28B1C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
20:23 -!- julius_ [~julius_@p3EE2AA73.dip0.t-ipconnect.de] has joined #openvpn
20:24 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
20:25 -!- cyberspace- [20253@ninthfloor.org] has quit [Disconnected by services]
20:25 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
20:26 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 264 seconds]
20:27 -!- Poster is now known as 17SABITAZ
20:27 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
20:29 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 244 seconds]
20:29 -!- shivanshu_ is now known as shivanshu
20:29 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
20:30 -!- jeev_ [~j@unaffiliated/jeev] has joined #openvpn
20:35 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 244 seconds]
20:35 -!- 17SABITAZ [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 244 seconds]
20:35 -!- Netsplit *.net <-> *.split quits: jeev
20:37 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
20:42 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
20:43 -!- MalteJ_ [sid46380@gateway/web/irccloud.com/x-scdzhhayehtilgnn] has joined #openvpn
20:44 -!- kloeri_ [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
20:44 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
20:44 -!- TommyC7 [~TommyC@unaffiliated/sepulchralbloom] has joined #openvpn
20:45 -!- TommyC [~TommyC@unaffiliated/sepulchralbloom] has quit [Disconnected by services]
20:45 -!- TommyC7 is now known as TommyC
20:45 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Disconnected by services]
20:46 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
20:48 -!- Brando753-o_O_o [~Brando753@unaffiliated/brando753] has joined #openvpn
20:48 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
20:48 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has quit [Disconnected by services]
20:48 -!- hyper__ch [~hyper_ch@81.4.108.20] has joined #openvpn
20:48 -!- hyper__ch is now known as hyper_ch
20:49 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 246 seconds]
20:49 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
20:49 -!- Netsplit *.net <-> *.split quits: kloeri, mein_, WinstonSmith, _quadDamage, MalteJ, Brando753, antihero, clu5ter, rbjorklin, shivanshu,  (+8 more, use /NETSPLIT to show all of them)
20:49 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
20:50 -!- Netsplit over, joins: clu5ter
20:50 -!- Brando753-o_O_o is now known as Brando753
20:50 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
20:51 -!- MalteJ_ is now known as MalteJ
20:51 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
20:55 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
20:56 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
20:56 -!- mode/#openvpn [+o dazo_afk] by ChanServ
20:56 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
20:56 -!- dazo_afk is now known as dazo
20:57 -!- defrio [~holoirc@96.50.82.100] has quit [Remote host closed the connection]
20:59 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
20:59 -!- mode/#openvpn [+o syzzer] by ChanServ
21:02 -!- WinstonSmith [~WinstonSm@2001:8a0:77e5:7b01:c0b5:1ca5:7a20:df3f] has joined #openvpn
21:02 -!- WinstonSmith [~WinstonSm@2001:8a0:77e5:7b01:c0b5:1ca5:7a20:df3f] has quit [Changing host]
21:02 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
21:03 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
21:04 -!- defrio [d18d37ed@gateway/web/cgi-irc/kiwiirc.com/ip.209.141.55.237] has joined #openvpn
21:05 -!- K1rk [~Kirk@equinox.epecweb.com] has quit [Ping timeout: 250 seconds]
21:06 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 250 seconds]
21:06 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
21:07 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
21:07 < defrio> question, my VPN provider says their nodes are encrypted but the OpenVPN config file has "cipher none". Can it still be encrypted with "cipher none"?
21:08 < defrio> I looked at the traffic with WireShark, but I can't tell the difference between encrypted and compressed traffic
21:10 -!- K1rk [~Kirk@equinox.epecweb.com] has joined #openvpn
21:13 -!- hypermist is now known as `hypermist`
21:15 -!- `hypermist` is now known as hypermist
21:15 -!- hypermist is now known as `hypermist`
21:16 -!- defrio [d18d37ed@gateway/web/cgi-irc/kiwiirc.com/ip.209.141.55.237] has left #openvpn []
21:16 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
21:21 -!- defrio [d18d37ed@gateway/web/cgi-irc/kiwiirc.com/ip.209.141.55.237] has joined #openvpn
21:28 -!- defrio [d18d37ed@gateway/web/cgi-irc/kiwiirc.com/ip.209.141.55.237] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
21:40 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
21:41 -!- julie_harshaw [~julie@juliekoubova.net] has joined #openvpn
21:47 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
21:50 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
21:52 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 628 seconds]
21:52 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 628 seconds]
21:52 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Ping timeout: 628 seconds]
21:52 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 628 seconds]
21:52 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has quit [Ping timeout: 628 seconds]
21:52 -!- arkie [~arkie@unaffiliated/arkie] has quit [Ping timeout: 628 seconds]
21:53 -!- xMopxShell [~xMopxShel@198.27.127.96] has quit [Quit: ZNC - http://znc.in]
21:55 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
21:55 -!- xMopxShell [~xMopxShel@davepedu.com] has joined #openvpn
22:02 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 245 seconds]
22:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:04 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
22:05 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
22:07 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
22:07 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
22:18 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
22:56 -!- someone [~someone@168.235.155.111] has quit [Quit: ZNC - http://znc.in]
23:05 -!- catalase [~catalase@gateway/tor-sasl/catalase] has quit [Remote host closed the connection]
23:26 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
23:30 -!- ShadniX [dagger@p5481DA90.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX [dagger@p5DDFD8EC.dip0.t-ipconnect.de] has joined #openvpn
23:33 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 265 seconds]
23:50 -!- child [b39b499f@gateway/web/freenode/ip.179.155.73.159] has joined #openvpn
--- Day changed Sun Jan 25 2015
00:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:10 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
00:15 -!- child [b39b499f@gateway/web/freenode/ip.179.155.73.159] has quit [Quit: Page closed]
02:05 -!- `hypermist` is now known as pcupgrades
02:11 < hyper_ch> so, finally updated my postfix header_checks rules :)
02:12 -!- pcupgrades is now known as `hypermist`
02:20 -!- `hypermist` is now known as pcupgrades
02:33 -!- mattock_afk is now known as mattock
02:44 -!- arkie [~arkie@unaffiliated/arkie] has joined #openvpn
03:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:14 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
03:27 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
04:01 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
04:07 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
04:11 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:21 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
04:27 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:32 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
04:42 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:45 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
04:47 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
04:51 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
05:17 -!- nrdb [~neil@123.185.168.125.sta.wbroadband.net.au] has joined #openvpn
05:19 < nrdb> hi --- I just setup a client-connect and client-disconnect script ... but the when I stop the client the client-disconnect script doesn't get run, until I re-connect... then the disconnect runs then straight away the client-connect script runs... is this how it is meant to be?  is there any way to get the client-disconnect to run at the correct time?
05:36 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:04 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
06:07 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:15 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
06:19 -!- Anoniem4l is now known as mein_
07:04 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has joined #openvpn
07:21 -!- hht [~hht@unaffiliated/hg-5/x-8664886] has joined #openvpn
07:21 < hht> hi\
07:21 < hht> i want to make a bridge connection through openvpn between my router nad my PC
07:50 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-himskgcqomgcrfuv] has joined #openvpn
08:44 -!- ausjke [~xxiao@li259-246.members.linode.com] has joined #openvpn
08:48 < ausjke> what does openvpnserv mean in the code?
08:53 -!- hht [~hht@unaffiliated/hg-5/x-8664886] has quit [Read error: Connection reset by peer]
08:59 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
09:00 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
09:17 -!- tekk [~me@185.17.149.149] has joined #openvpn
09:31 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:39 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
09:45 -!- FuryFoo [c6f53d8e@gateway/web/cgi-irc/kiwiirc.com/ip.198.245.61.142] has joined #openvpn
09:47 < FuryFoo> Hey everyone did anyone got a problem with Google suddenly being able to see past the VPN ?
09:47 < hyper_ch> yes
09:47 < FuryFoo> Nothings changed but in the past 24 hours Google has been to see the user's country . Corect ?
09:48 < hyper_ch> no idea
09:48 < FuryFoo> What in the world is going on ?
09:48 < FuryFoo> Is it a bug or something that we must change ?
09:51 < FuryFoo> @hyper_ch Do you have the Google problem right now ?
09:52 < hyper_ch> no
09:52 < FuryFoo> When did you encountered it ?
09:52 < hyper_ch> never
09:53 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 272 seconds]
09:53 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-himskgcqomgcrfuv] has quit [Ping timeout: 245 seconds]
09:54 < FuryFoo> Do you have any additional info about it please ? Like a forum topic or an article ?
09:54 < FuryFoo> *forum thread
09:54 < hyper_ch> no
09:55 < FuryFoo> Do you remember when did you first hear about this problem ?
09:55 < hyper_ch> yes
09:56 < FuryFoo> When was it ?
09:56 < hyper_ch> 10 minutes ago
09:56 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
09:56 < FuryFoo> From who ?
09:56 < hyper_ch> you
09:57 < FuryFoo> Are you a special person ?
09:57 < hyper_ch> no idea what you mean by that
09:57 < FuryFoo> Google it
09:57 < hyper_ch> or you just tell me
09:58 < FuryFoo> You provided me with a trove of valuable info so it's mandatory that I reciprocate.
09:58 < hyper_ch> I just answered your questions
10:00 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-pbxlnjwqxyuxxqgg] has joined #openvpn
10:00 < FuryFoo> In neither a truthful or helpful manner. You might as well be working for TAO given the level love you display for OpenVPN.
10:00 < hyper_ch> it was all true
10:01 < FuryFoo> Just like a politician's speech.
10:01 < hyper_ch> I just answered the question you asked
10:05 -!- paxmark9 [~paxtormar@198.144.158.14] has joined #openvpn
10:11 -!- FuryFoo [c6f53d8e@gateway/web/cgi-irc/kiwiirc.com/ip.198.245.61.142] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
10:42 < `^-_-^`> was the bug FuryFoo talking about exist?
10:42 < `^-_-^`> is the bug*
10:46 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
10:54 < hyper_ch> no idea
10:54 < hyper_ch> I just answered his question
10:55 < hyper_ch> " did anyone got a problem" --> Fury obviously has that problem, otherwise he wouldn't ask.... so the answer is clearly a "yes"
11:01 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
11:06 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
11:08 -!- Poster|x [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
11:08 -!- no_mu [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
11:10 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
11:10 -!- _FBi- [~B@Aircrack-NG/User] has joined #openvpn
11:14 -!- antihero [~antihero@37.139.5.204] has joined #openvpn
11:15 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 240 seconds]
11:15 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Ping timeout: 240 seconds]
11:15 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 240 seconds]
11:15 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 240 seconds]
11:15 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 240 seconds]
11:15 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 240 seconds]
11:15 -!- Netsplit *.net <-> *.split quits: lev__, Nothing_Much, mein_, kloeri_
11:16 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
11:18 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
11:23 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 240 seconds]
11:24 -!- no_mu is now known as Nothing_Much
11:38 -!- Netsplit over, joins: lev__
11:59 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
12:05 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 252 seconds]
12:08 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
12:08 < `^-_-^`> kthx
12:09 <@krzee> did furypoo leave a link about what hes talking about?
12:12 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
12:14 < hyper_ch> no
12:14 <@krzee> you know anything about it?
12:15 <@krzee> (so you can link me to it)
12:15 < hyper_ch> no
12:15 <@krzee> weird you didnt ask him to prove it
12:15 <@krzee> maybe he knew something we dont know...
12:15 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.0.1]
12:16 < hyper_ch> I just answered his questions
12:16 < hyper_ch> and then he left
12:18 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
12:19 < hyper_ch> krzee: btw, you liked The Sopranos?
12:19 <@krzee> not much of a tv watcher
12:20 <@krzee> seen a couple episodes it was cool
12:21 < hyper_ch> well, one of the Soprano guys is now in Lilyhammer :) bddy told me about it and started watching it today :) it's good
12:21 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
12:24 -!- ayaka [~ayaka@120.32.115.113] has joined #openvpn
12:26 < ayaka> the static key is good, but lack of flexible. I want to use static key to start connection and key exchange to use key verify
12:26 < ayaka> is there some documents or info for me to develop?
12:29 <@krzee> nothing that i know of.
12:38 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
12:44 -!- Diabolik [DiabolikFr@2a00:d880:3:1::6be5:5bc8] has quit [Ping timeout: 245 seconds]
13:10 < ayaka> krzee, ok, is there some document describe the some detail of openvpn? I am reading the source code of openvpn
13:15 < hyper_ch> isn't the source code documentation enough?
13:20 < ayaka> but I am afraid I can't find it
13:22 < hyper_ch> can't really help you
13:22 < ayaka> the table of contents in https://community.openvpn.net/openvpn#Developmentstatustracking  doesn't tell me enough thing
13:22 <@vpnHelper> Title: OpenVPN Community (at community.openvpn.net)
13:23 -!- malikeye [malikeye@unaffiliated/malikeye] has joined #openvpn
13:33 < ayaka> hyper_ch, thank you all the same
13:35 -!- rich0_ is now known as rich0
13:48 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 245 seconds]
13:53 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
14:20 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [K-Lined]
14:22 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
14:42 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-pbxlnjwqxyuxxqgg] has quit [Ping timeout: 265 seconds]
14:43 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 276 seconds]
14:50 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
14:52 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
15:13 -!- mattock is now known as mattock_afk
15:24 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:31 < malikeye> if I am using PIA, do I still need a firewall? strugging with setting one up to just block tun0
15:32 < hyper_ch> if only I knew what PIA is
15:32 < hyper_ch> !goal
15:32 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:32 < malikeye> privateinternetaccess... vpn provider
15:33 < hyper_ch> yes, you still need firewall
15:34 < malikeye> gotcha
15:36 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
15:36 -!- mode/#openvpn [+v s7r] by ChanServ
15:43 -!- Kephael_ is now known as Kephael
15:44 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
16:13 -!- litewait [60200589@gateway/web/freenode/ip.96.32.5.137] has joined #openvpn
16:17 < litewait> my openvpn server's goal provide a gateway to block of addresses on the internet.  On OSX I never specify redirect-gateway (because I don't all traffic to head through this vpn) and that works fine.  Trying to do the same with ubuntu, but I can't reach that block of addresses unless I add redirect-gateway.
16:20 -!- Diabolik [DiabolikFr@2a00:d880:3:1::6be5:5bc8] has joined #openvpn
16:22 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
16:25 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:32 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:46 -!- litewait [60200589@gateway/web/freenode/ip.96.32.5.137] has quit [Ping timeout: 246 seconds]
16:50 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-rzjgbjpfijqkfmlz] has joined #openvpn
17:08 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
17:08 < Netas3k> hello!
17:09 < Netas3k> !welcome
17:09 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
17:09 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:09 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
17:09 < Netas3k> Well I suppose that answers my question
17:09 < Netas3k> :D
17:11 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Killed (zelazny.freenode.net (Nickname regained by services))]
17:13 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
17:30 -!- nrdb [~neil@123.185.168.125.sta.wbroadband.net.au] has quit [Remote host closed the connection]
17:35 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
17:44 -!- shio [marmot@6.121.101.84.rev.sfr.net] has quit [Ping timeout: 276 seconds]
17:44 -!- shio [marmot@42.121.101.84.rev.sfr.net] has joined #openvpn
17:49 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:55 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
17:57 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
18:29 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
18:48 -!- pcupgrades is now known as `hypermist`
18:55 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-rzjgbjpfijqkfmlz] has quit [Quit: Connection closed for inactivity]
19:06 -!- `hypermist` is now known as hypermist
19:07 -!- hypermist is now known as `hypermist`
19:12 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
19:24 -!- `hypermist` is now known as pcupgrades
19:31 -!- pcupgrades is now known as `hypermist`
19:48 < malikeye> so, I'm a little lost here, as usual :)... I have openvpn connection established with my home router... but I can't access and IP's from my phone once connected
19:49 < malikeye> my home is 10.1.0.0/16 and my VPN ip is a 10.8.0.0/24
19:50 < malikeye> I've read through a ton of "how-to's" and it's just supposed to work... everyones setting are pretty much the same, and I've used those settings
19:50 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Quit: ZNC - http://znc.sourceforge.net]
19:51 < wowaname> my vpn is 1.0.0.0/8
19:53 < malikeye> well, I guess it works.. I have one box that is VPN'd out to a VPN provider.... I want to get to that box while VPN'd into my house... I can get to that box fine from anywhere on my subnet, but the I can't get to it VPN'd into my house... if that makes sense
19:54 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
19:55 < malikeye> I can ping non-VPN's hosts in my house from the phone, so I guess it's working... guess I need to figure out how to get mobile -> VPN -> house -> host that is VPN'd out
19:56 -!- Poster|x is now known as Poster
19:58 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
20:23 -!- julius_ [~julius_@p3EE2AA73.dip0.t-ipconnect.de] has quit [Ping timeout: 276 seconds]
20:49 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
20:54 -!- `hypermist` is now known as hypermist
20:54 -!- hypermist is now known as `hypermist`
20:56 -!- `hypermist` is now known as hypermist
20:56 -!- hypermist is now known as `hypermist`
20:57 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:07 -!- `hypermist` is now known as pcupgrades
21:08 -!- pcupgrades is now known as `hypermist`
21:13 -!- `hypermist` is now known as pcupgrades
21:16 -!- Synced [~Synced@unaffiliated/synced] has quit [Quit: ZNC - http://znc.in]
21:18 -!- pcupgrades is now known as `hypermist`
21:21 -!- `hypermist` is now known as hypermist
21:21 -!- hypermist is now known as `hypermist`
21:34 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
21:37 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
21:43 -!- `hypermist` is now known as pcupgrades
22:06 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:11 -!- justinzane [~justinzan@67.21.190.132] has quit []
22:22 -!- jeev_ is now known as jeev
23:04 -!- pcupgrades is now known as `hypermist`
23:06 -!- paxmark9 [~paxtormar@198.144.158.14] has left #openvpn ["Leaving"]
23:13 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Ping timeout: 250 seconds]
23:25 -!- justinzane [~justinzan@67.21.190.49] has joined #openvpn
23:30 -!- justinzane [~justinzan@67.21.190.49] has quit [Ping timeout: 245 seconds]
23:30 -!- ShadniX [dagger@p5DDFD8EC.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:30 -!- ShadniX_ [dagger@p5481DBE8.dip0.t-ipconnect.de] has joined #openvpn
23:31 -!- ShadniX_ is now known as ShadniX
23:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:32 <@krzee> ayaka, what detail are you looking for?
23:32 <@krzee> ayaka, maybe this?  http://openvpn.net/index.php/open-source/documentation/security-overview.html
23:32 <@vpnHelper> Title: Security Overview (at openvpn.net)
23:35 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
23:45 < ayaka> krzee, thank you
23:45 <@krzee> np
23:45 < ayaka> I have had some idea to do that, adding a mode
23:48 <@krzee> to do what?
23:49 < ayaka> making all the data encrypted, even in key exchange state
23:52 -!- kubanc [563d4c96@gateway/web/freenode/ip.86.61.76.150] has joined #openvpn
23:52 <@krzee> ahh you mean protecting the tls handshake inside a statickey layer of crypto?
23:52 <@krzee> i would find it interesting because it would defeat DPI
23:57 < kubanc> Hello, I am trying to connect from Xubuntu virtual host to VPN Server "Euro2 Server OpenVPN". The connection to VPN Server is succesfull, but I cannoto ping www.google.si or use http protocol. I can connect to pop (port 110) or smtp server (465) with no problems. any Idea.
23:58 < kubanc> Correction. I cannot connect to smtp or pop Server...
23:59 < ayaka> krzee, yes, that is what I want or you can't use openvpn in china anymore
--- Day changed Mon Jan 26 2015
00:01 < ayaka> maybe not in statickey layer, I think it is possible to use server public key, but I am not familiar with ssl, I just it may be possible
00:02 < ayaka> kubanc, do you set the default gateway?
00:02 <@krzee> still possible to use openvpn as normal over a obfsproxy
00:02 <@krzee> !obfs
00:02 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
00:02 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
00:03 <@krzee> kubanc, do you run the server?
00:05 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
00:07 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
00:08 < ayaka> krzee, yes, but tor doesn't not always work and in my plan, it will be faster than obfs
00:14 < kubanc> krzee: No, I do not run a server...
00:16 < kubanc> I must correct what I wrote: I have a Ubuntu host, and for Xubuntu guest I would to connect it to OpenVPN Server. The connection to Server is successfull, but I cannot ping http, test smtp or pop protocol
00:19 < kubanc> ayaka: My default gateway IP is automaticly set...
00:20 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
00:27 <@krzee> kubanc,
00:27 <@krzee> !provider
00:27 <@vpnHelper> "provider" is (#1) We are not your provider's free tech support. We support the free open source app OpenVPN, not your provider. Just because they run openvpn does not mean we are their support team. or (#2) Please contact their support team.
00:37 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Ping timeout: 246 seconds]
00:39 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
00:42 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
00:42 -!- mode/#openvpn [+v RBecker] by ChanServ
00:42 < kubanc> krzee: this is a free OpenVpn Server. http://www.vpnbook.com/freevpn. I would only like to test if my openVPN is working OK, nothing else...
00:46 -!- hyper_ch [~hyper_ch@81.4.108.20] has quit [Changing host]
00:46 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
00:46 -!- mode/#openvpn [+v hyper_ch] by ChanServ
00:57 -!- mattock_afk is now known as mattock
01:00 < ayaka> krzee, about obfsproxy, does data will traffic through tor? in that case speed is a problem
01:02 < ayaka> if just the handshake state, it is still acceptable, but it seems not
01:08 -!- fiacha [6d47db37@gateway/web/freenode/ip.109.71.219.55] has joined #openvpn
01:13 -!- fiacha [6d47db37@gateway/web/freenode/ip.109.71.219.55] has quit [Client Quit]
01:19 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
01:35 <@krzee> ayaka, no, obfsproxy has nothing to do with tor other than the developers
01:37 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
01:37 < ayaka> krzee, but it seems need to launch tor https://www.torproject.org/projects/obfsproxy-instructions.html.en
01:47 < ayaka> I am not sure the tor circuit could set up here
01:50 <@krzee> tor is used in the example because it was made for that
01:54 < ayaka> ok, but the problem is that the router I use openvpn doesn't have big flash space
01:54 < ayaka> it can't use python
01:56 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
02:13 < ayaka> I got [ERROR] Invalid SOCKS command: '3' in obfsproxy log, what is the problem ?
02:13 -!- tobinski [~tobinski@tmo-096-47.customers.d1-online.com] has joined #openvpn
02:13 < ayaka> it seems that openvpn has some problem with socks
02:16 < ayaka> krzee, anyway, would you accept my idea? whether you will accept my patch is the other problem
02:20 <@krzee> im just support
02:20 <@krzee> best to ask on trac
02:20 <@krzee> !trac
02:20 <@vpnHelper> "trac" is (#1) see https://community.openvpn.net for development information and bug tracker. or (#2) if you have a forum login, use that for trac, its the same database.
02:21 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
02:23 < ayaka> ok, I will open a new issue
02:31 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:33 -!- kubanc [563d4c96@gateway/web/freenode/ip.86.61.76.150] has quit [Quit: Page closed]
02:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:49 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
03:06 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 250 seconds]
03:08 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
04:18 -!- Kingsy [~chris@unaffiliated/kingsy101] has joined #openvpn
04:19 < Kingsy> I am going to install openvpn tonight.. On the server am I correct in thinking that I only need to open UDP 1194 to make EVERYTHING work ?
04:19 < Kingsy> prot 1194**
04:20 < Kingsy> ffs.. haha **** PORT
04:30 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
04:45 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
04:50 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
05:06 < ayaka> I have a problem with using obfsproxy, I got recv_socks_reply: Socks proxy returned bad reply in openvpn and Invalid SOCKS command: '3' in obfsproxy
05:06 < ayaka> what is the problem?
05:20 <+hyper_ch> weird... from my new tablet I have issues connecting with openvpn :(
05:25 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has quit [Read error: Connection reset by peer]
05:27 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:27 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has joined #openvpn
05:27 < bluenemo> hi guys. I assign ips to my clients via staticclients. Can I disable that a client gets an IP if he has no staticclients entry?
05:31 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
05:37 <+hyper_ch> krzee: the embedded tls-auth should be working, right:  http://paste.debian.net/142292/
05:38 <+hyper_ch> or does the key-redirection 1 need to be directly before the tls auth?
05:45 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:46 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Read error: Connection reset by peer]
05:56 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
05:57 -!- tobinski [~tobinski@tmo-096-47.customers.d1-online.com] has quit [Ping timeout: 252 seconds]
06:00 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
06:04 -!- tobinski [~tobinski@tmo-105-109.customers.d1-online.com] has joined #openvpn
06:05 -!- grep0r [grep0r@104.171.118.134] has joined #openvpn
06:12 <+hyper_ch> aaargh..... for some reason I can't connect and I can't figure out why
06:25 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:31 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
06:45 -!- Shadow` [~Shadow@unaffiliated/shadow/x-5767407] has joined #openvpn
06:46 < Shadow`> im having an issue with connecting from a windows client to a debian server. I've googled and checked numerous tutorials and Q/A sections, but to no avail. Keep getting "TLS error: incoming plaintext read error"
06:47 < Shadow`> ca.crt paths are correct, both client as server ones are identical (although I formatted the one on Windows to Windows text formatting(but without doing this, same result))
06:48 < Shadow`> i recreated the certificates several times, thought i might did something wrong (like not filling in all the vars)
06:48 -!- crised [~crised@186.67.181.203] has joined #openvpn
06:49 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
06:49 < crised> Is it possible to initiate an openvpn connection from a client having GPRS connectivity, with maximum bandwith of 32 kbps? ping times, 600 ms
06:51 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has quit [Quit: No Ping reply in 60 seconds.]
06:51 -!- Latrina [~Latrina@ppp-90-5.26-151.libero.it] has quit [Ping timeout: 252 seconds]
06:51 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
06:51 -!- liriel [~liriel@asia.feralhosting.com] has quit [Ping timeout: 252 seconds]
06:51 -!- d10n [~d10n@unaffiliated/d10n] has quit [Ping timeout: 252 seconds]
06:51 -!- antihero [~antihero@37.139.5.204] has quit [Ping timeout: 252 seconds]
06:51 -!- DonRichie [~DonRichie@ricl.de] has quit [Ping timeout: 252 seconds]
06:51 -!- benoliver999 [~ben@ben.baconseed.org] has quit [Ping timeout: 252 seconds]
06:51 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has joined #openvpn
06:52 -!- liriel [~liriel@asia.feralhosting.com] has joined #openvpn
06:53 -!- benoliver999 [~ben@ben.baconseed.org] has joined #openvpn
06:53 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
06:53 -!- Latrina [~Latrina@ppp-90-5.26-151.libero.it] has joined #openvpn
06:53 -!- `hypermist` is now known as pcupgrades
06:53 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
06:54 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
06:56 -!- tobinski_ [~tobinski@tmo-105-109.customers.d1-online.com] has joined #openvpn
06:57 -!- pcupgrades is now known as `hypermist`
06:58 -!- mago_ [~mago@unaffiliated/blastur] has joined #openvpn
07:00 -!- tobinski [~tobinski@tmo-105-109.customers.d1-online.com] has quit [Ping timeout: 256 seconds]
07:02 -!- deranged [Bit@lolnerd.net] has joined #openvpn
07:03 < mago_> i have 4 servers running on 4 networks (connected by internet). i'd like to form a private network between these 4 servers, and the network should remain online as long as there is at least 1 server online. I would then also like external clients to be able to connect to this private network. Does OpenVPN support this use-case?
07:04 -!- Kingsy [~chris@unaffiliated/kingsy101] has quit [Quit: Changing server]
07:05 < mago_> !goal
07:05 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
07:05 < mago_> !welcome
07:05 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
07:05 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
07:07 <+hyper_ch> stupid me :)
07:07 < crised> !route
07:07 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
07:07 <@vpnHelper> client
07:07 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
07:07 <+hyper_ch> pebkac... I wrote as port 1994 instead of 1194....
07:08 < crised> !tcpip
07:08 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know
07:08 < crised> !serverlan
07:08 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
07:08 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
07:08 <+hyper_ch> mago_: not really sure what you're trying to do
07:09 <+hyper_ch> crised: what do you need?
07:09 < mago_> hyper_ch: me and my friends have servers running at home. we would like these servers to form a private network. then, whenever any of us are not home, we would like to be able to join the private network by connecting to any of these servers. sometimes one or two servers are down
07:10 < Shadow`> any way to just disable the whole TLS part?
07:10 <+hyper_ch> Shadow`: you mean tls auth?
07:10 < Shadow`> yes
07:10 < Shadow`> it refuses to work
07:10 < Shadow`> and noone answers
07:10 < Shadow`> so
07:10 < Shadow`> i want it disabled
07:11 <+hyper_ch> Shadow`: tls-auth works fine... and you can disable it... just comment auth   tls-auth ta.key 0   in the configs
07:11 < Shadow`> tls-auth does not work fine for me, and after reading almost every google result on every openvpn error available, no avail
07:11 <+hyper_ch> mago_: hmmm.... something like round robin....
07:11 < crised> hyper_ch: well first, I would like to tunderstand a bit more about openvpn,
07:12 <+hyper_ch> !configs > Shadow`
07:12 < crised> hyper_ch: second, if configuring openvpn as a client, what happens if the connection in either side drops?
07:12 <+hyper_ch> !config > Shadow`
07:12 <@vpnHelper> Error: 'supybot.>' is not a valid configuration variable.
07:12 <+hyper_ch> !configs
07:12 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
07:12 <+hyper_ch> crised: depends... normal case would be to auto-reconnect
07:13 < Shadow`> !paste
07:13 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
07:13 < crised> hyper_ch: in this case: https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site
07:13 <@vpnHelper> Title: OpenVPN Site To Site - PFSenseDocs (at doc.pfsense.org)
07:13 < crised> hyper_ch: would it reconnect, if my client side drops or anything like that?
07:14 <+hyper_ch> mago_: well, don't know how to do that.... if all servers would run same CA and keys... you could connect to any... then you'd need some round-robin or something like that which connects you to one of them
07:15 <+hyper_ch> mago_: if you're connected, what do you want to do then? a simpler solution might be for each server to provide a seperate subnet and you will then have 3-4 vpn connections open
07:15 <+hyper_ch> of course that probably won't work with redirect default gateway
07:15 < mago_> hyper_ch: perhaps its a weird usecase? i thought i'd run 1 openvpn server on each server. each server would then connect to the other 3 servers.
07:16 <+hyper_ch> crised: it can be setup to do so
07:17 < crised> hyper_ch: what's the cli option?
07:18 <+hyper_ch> crised: http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html -> resolv-retry infinite
07:18 <@vpnHelper> Title: OpenVPN 2.0.x (at openvpn.net)
07:18 <+hyper_ch> which is normal behaviour
07:18 <+hyper_ch> mago_: you can do that and then from your computer / cell phone connect to all four
07:19 <+hyper_ch> but still, what do you want to do there? there could be issues if you want to route all your internet traffic through the vpn
07:19 < crised> hyper_ch: atm just cli to box
07:19 < crised> just to use the bash
07:19 < mago_> hyper_ch: well, once connect to any of the servers, i'd be able to reach all other servers, right? for example, if they are running samba servers, i can view file shares?
07:21 <+hyper_ch> crised: well, probably best for each server to deploy an own subnet:   A: 10.8.0.x   B: 10.8.1.x   C  10.8.2.x   D  10.8.3.x
07:22 <+hyper_ch> ok, that was meant for mago
07:22 <+hyper_ch> crised: not sure what you mean by just cli to box...
07:22 < crised> hyper_ch: access the shell
07:23 < Shadow`> hyper_ch: http://paste.debian.net/142314/
07:24 <+hyper_ch> crised: I still don't understand what you want to tell me
07:24 < mago_> hyper_ch: but if they are on different subnets, broadcast traffic won't show, right? which is required if you want to find samba servers etc
07:25 < crised> hyper_ch: give me some time
07:25 <+hyper_ch> mago_: well, you could also make samba a client in all subnets....
07:25 <+hyper_ch> then use the vpn servers as dns server
07:25 <+hyper_ch> and access samba by dns
07:25 < mago_> hm, i don't fully follow
07:25 <+hyper_ch> mago_: but it sounds really complicated what you wanna do
07:26 <+hyper_ch> Shadow`: where did you get that config from?
07:26 < Shadow`> google
07:26 < crised> hyper_ch: pfsense box has an ISP connection, that blocks all incoming connections, so I need to use openvpn to access the shell of pfsense
07:26 < Shadow`> the only one that even works except the TLS auth complaints
07:26 < Shadow`> and some jerking around
07:26 < Shadow`> since ive been screwing around on this for the past 3-4 hours
07:28 < mago_> hyper_ch: yeah, i guess i want something like http://software.schmorp.de/pkg/gvpe.html
07:28 <@vpnHelper> Title: gvpe (at software.schmorp.de)
07:29 <+hyper_ch> Shadow`: want me to post mine?
07:30 -!- crised [~crised@186.67.181.203] has quit [Quit: Leaving.]
07:30 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
07:33 <+hyper_ch> Shadow`: that's more or less my server conf:  http://paste.debian.net/142319/
07:35 < Shadow`> thanks hyper_ch, ill give it a whirl
07:36 <+hyper_ch> Shadow`: you need also the client config
07:36 <+hyper_ch> and you do have a ta.key file, right?
07:36 <+hyper_ch> as for the paths, you could also use relative paths...
07:36 < Shadow`> no i do not have a ta.key file
07:37 <+hyper_ch> did you generate teh certs and stuff?
07:37 < Shadow`> client, server, 01, 02, ca, dh1024
07:37 < Shadow`> yes by using the easy-rsa tools
07:37 <+hyper_ch> also, dh1024 is weak
07:37 < Shadow`>  ./build-ca ./build-dh ./build-key-server server ./build-key client
07:37 < Shadow`> i dont really care much for security
07:37 <+hyper_ch> if you want stronger, you'll need to restart
07:37 < Shadow`> i just want the vpn to work
07:38 <+hyper_ch> 1024 isn't safe
07:38 < Shadow`> if it was easy findable
07:38 <+hyper_ch> edit the vars file and set it to higher bit rate
07:38 < Shadow`> i'd disable the entire security stuff
07:38 <+hyper_ch> ok
07:38 < Shadow`> i have no use for it in this use-case, and so far the past couple of hours its TLS being a pain in the ass
07:38 < Shadow`> also
07:38 < Shadow`> your config fails, service openvpn restart gives a fail *checks logs*
07:39 <+hyper_ch> openvpn --genkey --secret ta.key
07:39 < Shadow`> and put it with the rest of the keys or in /etc/openvpn?
07:39 <+hyper_ch> because there's no ta.key file
07:39 <+hyper_ch> well, if you don't want tls-auth
07:39 <+hyper_ch> then just remove that line
07:39 < Shadow`> well if i can get it to work with TLS, its ok
07:40 <+hyper_ch> you said you don't care about security ;)
07:40 < Shadow`> not for this use case as i'm not going to be doing very private stuff on it
07:40 < Shadow`> but if it isnt to much more trouble to get it to work including TLS, thats ofc better
07:40 < Shadow`> so far the only issue i'm having is the TLS handshake
07:42 <+hyper_ch> and something like that should work for the client http://paste.debian.net/142324/
07:43 <+hyper_ch> I gave you the command before on how to generate the ta.key file
07:43 < Shadow`> okay, but openvpn refuses to start with the server config you gave earlier
07:43 < Shadow`> and tailing the logs seems pointless
07:44 <+hyper_ch> it can be useful
07:44 <+hyper_ch> and it can be commented out
07:44 <+hyper_ch> but did you generate the ta.key file?
07:44 < Shadow`> yeah
07:44 < Shadow`> its in /etc/openvpn/
07:44 <+hyper_ch> is it located in the right spot?
07:44 < Shadow`> oh
07:44 -!- crised [~crised@186.67.181.203] has joined #openvpn
07:44 < Shadow`> it is now
07:45 < Shadow`> overlooked the ta.key added certlinething
07:45 <+hyper_ch> Shadow`: well, I said it's to find where all other certs and keys are ;)
07:45 <+hyper_ch> mago_: don't know if openvpn can do that
07:45 <+hyper_ch> wb crised
07:46 < crised> hyper_ch: sorry, rebooted
07:46 < Shadow`> well i got passed the TLS handshake timeout
07:47 <+hyper_ch> crised: what was your issue?
07:47 <+hyper_ch> Shadow`: what do you kmean by that?
07:48 < crised> hyper_ch: I was aking you about reconnects on gprs connection
07:48 < crised> hyper_ch: you told me about resol-retry
07:48 <+hyper_ch> resolv-retry infinite
07:49 < crised> yep
07:50 <+hyper_ch> which is default, so you wouldn't even need to add that
07:50 <+hyper_ch> If hostname resolve fails for --remote, retry resolve for n seconds before failing. Set n to "infinite" to retry indefinitely. By default, --resolv-retry infinite is enabled. You can disable by setting n=0.
07:51 <+hyper_ch> Shadow`: so it works for you  now?
07:52 <+hyper_ch> Shadow`: if you don't want to be plagued by paths to certs and stuff, you can embed them directly in the config files
07:54 < Shadow`> ye read somewhere you could merge/embed the cert stuff
07:55 < Shadow`> and it sorta worked but then went poof, something came in between few min ago, gonna check the logs now
07:56 < Shadow`> ah, seems Windows issue "All TAP-Windows adapters are currently in use"
07:57 <+hyper_ch> http://paste.debian.net/142326/  --> here's my actual client config
07:58 <+hyper_ch> basically just paste the stuff between   <ca></ca>  etc
07:58 <+hyper_ch> crised: so got it working now?
08:00 < crised> hyper_ch: no direct application, I'm just evaluating different systems to use as a router, specifically pfsense or openbsd :)
08:00 < Shadow`> it works now
08:00 < Shadow`> enabled all the 50 TAP network device doowackies
08:00 <+hyper_ch> Shadow`: http://paste.debian.net/142327/
08:00 < Shadow`> thanks a lot hyper_ch, sorry if i responded a bit annoyed earlier
08:01 <+hyper_ch> Shadow`: next step, edit the vars
08:01 <+hyper_ch> set to 4096 bit
08:01 <+hyper_ch> regenerate all certs and dh
08:01 <+hyper_ch> and stuff ;)
08:01 <+hyper_ch> dh creation will take a quite a few minutes though ;)
08:01 < Shadow`> can i use ./build-dh for the 4096 bit?
08:02 <+hyper_ch> yes, you need to edit the vars file, source it
08:02 <+hyper_ch> and then recreate everything
08:02 <+hyper_ch> just do a clean of they keys folder ;)
08:02 <+hyper_ch> but as said, dh will take a while to create
08:02 <+hyper_ch> also the last script I posted is a little script of mine to create client configs with embedded certs
08:03 <+hyper_ch> !hardening
08:03 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
08:04 < Shadow`> no issue if it takes a while :) the system is idling mostly anyways
08:04 < Shadow`> but for now the connection isnt routing the traffic it seems
08:05 <+hyper_ch> also I set cipher to AES-256-CBC... thinking that with current processors and AES-NI (and amd equivalent) you get better results... but never tested it
08:05 <+hyper_ch> routing traffic?
08:06 < Shadow`> cant ping the rest of the internet anymore
08:06 <+hyper_ch> do you have redirect gateway in there?
08:07 < Shadow`> dont think so
08:07 <+hyper_ch> push "redirect-gateway def1"
08:07 <+hyper_ch> yes
08:07 <+hyper_ch> you have
08:07 <+hyper_ch> this creates two routing entries that routes the whole internet through the vpn
08:08 <+hyper_ch> so, on the server you need of course to enable ip_forwarding and set iptables rules
08:08 < Shadow`> ah
08:08 < Shadow`> figures
08:08 <+hyper_ch> !ip_forward
08:08 <+hyper_ch> !ip4_forward
08:08 <+hyper_ch> argh
08:08 <+hyper_ch> !forwarding
08:09 <+hyper_ch> !ipforward
08:09 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
08:09 < Shadow`> in Windows thats tagging a checkbox in the adapter settings
08:09 < Shadow`> no clue on Win but i'll check
08:09 < Shadow`> linux*
08:10 <+hyper_ch> !linnat
08:10 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
08:10 <+hyper_ch> !linipforward
08:10 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
08:10 <+hyper_ch> there we go :)
08:14 < Shadow`> ah the help/tutorial gives the /proc/sys temp solution as it where a fixed one
08:14 <+hyper_ch> which tutorial?
08:14 < Shadow`> some random googled one
08:14 < Shadow`> http://www.tecmint.com/install-openvpn-in-debian/
08:14 <@vpnHelper> Title: OpenVPN Server and Client Installation and Configuration on Debian 7 (at www.tecmint.com)
08:15 <+hyper_ch> :)
08:15 <+hyper_ch> but he said to use 4096 bit ;)  KEY_SIZE=4096
08:15 < Shadow`> but i'll do the temp one first
08:15 < Shadow`> im no fan of jerking around in the kernel, which the sysctrl.conf seems to be part of
08:16 < Shadow`> and yeah in the meantime i updated the vars file to 4096 and was going to redo the certs
08:16 <+hyper_ch> but you're right about ipforward
08:16 <+hyper_ch> as said, generating the dh file will take some time
08:16 < Shadow`> ta.key has to be remade as well?
08:16 <+hyper_ch> but with tmux you can easily make it build the dh file while you genearte the other stuff already
08:17 <+hyper_ch> yes
08:17 <+hyper_ch> I'd clean all of the ca stuff
08:17 <+hyper_ch> ./clean-all
08:17 < Shadow`> yeah ./clean-all already did
08:17 <+hyper_ch> then build-ca
08:17 <+hyper_ch> then you should be able to build dh
08:17 <+hyper_ch> and the other stuff
08:18 <+hyper_ch> but the ipforward in that tutorial is not so good :)
08:19 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:20 < Shadow`> ok now build-ca complains about having to run a clean-all
08:20 < Shadow`> >.>
08:21  * Shadow` resets easy-rsa
08:21 <+hyper_ch> :)
08:23 < Shadow`> oookay
08:23 < Shadow`> still doesnt
08:24 <+hyper_ch> no idea what you did
08:24 < Shadow`> i did a ./clean-all then nano vars to change 1024 to 4096, then ./build-ca
08:24 < Shadow`> and now Please edit the vars script to reflect your configuration,
08:25 < Shadow`> then i rm -R /etc/openvpn/easy-rsa
08:25 < Shadow`> and copied it back from the /usr/share
08:25 < Shadow`> and again edited the vars file and then ./build-ca, same error
08:26 <+hyper_ch> after editing the vars file
08:26 <+hyper_ch> you need to source it
08:26 < Shadow`> oh i skipped that step earlier i think
08:26 <+hyper_ch> edit, source, clean-all
08:27 <+hyper_ch> build-ca
08:27 < Shadow`> ah ye now it continues
08:29 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
08:29 < Shadow`> lol
08:29 < Shadow`> /etc/openvpn/easy-rsa/keys/serial: No such file or directory
08:30  * Shadow` sighs
08:30 < Shadow`> well duh, the script suposed to make it
08:30 <+hyper_ch> what did you do?
08:30 < Shadow`> build-ca
08:30 < Shadow`> build-server-key server
08:31 <+hyper_ch> hmmm....
08:31 <+hyper_ch> well, you managed already once :) I'm sure you'll manage again ;)
08:31 < Shadow`> ye
08:31 < Shadow`> for later
08:32 < Shadow`> lets first fix the ip routing
08:33 <+hyper_ch> edit sysctl
08:33 < Shadow`> ye the echo 1 > into the file didnt do anything
08:33 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
08:33 <+hyper_ch> and run this:   iptables -t nat -A POSTROUTING -s $10.0.0.0/24 -o eth0 -j MASQUERADE
08:33 <+hyper_ch> the echo 1 into that file does something ;)
08:33 <+hyper_ch> and run this:   iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
08:33 < Shadow`> ye but not what i wanted i supose =p
08:34 < Shadow`> vim /etc/sysctl.conf
08:34 < Shadow`> :%s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/
08:34 < Shadow`> = correct?
08:34 <+hyper_ch> if you use ipv4 :)
08:34 < Shadow`> ye, ISP is a jerk and still hasnt rolled out ipv6 yet
08:34 <+hyper_ch> also that iptables rule assumes you have eth0
08:34 < Shadow`> i think its eth0
08:34  * Shadow` checks
08:34 <+hyper_ch> ifconfig
08:35 < Shadow`> ye it is
08:35 < Shadow`> eth0, loopback and tun0
08:35 <+hyper_ch> when rebooting, that rule must be run again
08:35 <+hyper_ch> or make it permanent somehow
08:35 < Shadow`> oh
08:35 <+hyper_ch> and I think I remembered correctly that you use 10.0.0.0 as vpn subnet, right?
08:36 < Shadow`> yeah i am
08:36 <+hyper_ch> that should work then
08:36 < Shadow`> ill add the iptables rule to a start up script
08:36  * Shadow` notes the line just in case
08:38 < Shadow`> stupid vim
08:40 < Shadow`> aaaaaaaaaaaaaaaand it works
08:43 < Shadow`> can i also use this setup for multiple clients?
08:49 -!- `hypermist` is now known as pcupgrades
08:52 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Ping timeout: 250 seconds]
08:54 <+hyper_ch> Shadow`: yes
08:54 <+hyper_ch> just add more clients
08:54 <+hyper_ch> however, if you you want to run services ont eh clients
08:55 <+hyper_ch> will you need to configure portforwarding on the server from the wan to the vpned client
08:57 <+hyper_ch> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.8.0.17
08:57 <+hyper_ch> iptables -t filter -A FORWARD -p tcp -d 10.8.0.17 --dport 80 -j ACCEPT
08:58 <+hyper_ch> that would forward incoming port 80 from the wan to the vpn server to the client on ip 10.8.0.17
09:07 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
09:14 -!- pcupgrades is now known as `hypermist`
09:33 -!- tobinski_ [~tobinski@tmo-105-109.customers.d1-online.com] has quit [Quit: Leaving]
09:43 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
09:43 -!- Ulrar [~Ulrar@luwin.ulrar.net] has joined #openvpn
09:44 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Ping timeout: 272 seconds]
09:44 < Ulrar> Hi, a friend has a client connecting to a server, everything works fine but as long as the client is connected, it can't be pinged on it's physical interface
09:44 < Ulrar> Is there some configuration to add to make it respond to ping on it's eth0 ?
10:11 -!- james41382__ [~james4138@unaffiliated/james41382] has joined #openvpn
10:11 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
10:15 -!- shio [marmot@42.121.101.84.rev.sfr.net] has quit [Ping timeout: 264 seconds]
10:18 -!- shio [marmot@42.121.101.84.rev.sfr.net] has joined #openvpn
10:23 <+hyper_ch> hi krzee and ecrist and dazo and syzzer
10:26 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:36 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Remote host closed the connection]
10:44 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
10:48 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Remote host closed the connection]
10:56 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
11:11 -!- coderbrahmin [~quassel@ec2-54-148-219-76.us-west-2.compute.amazonaws.com] has joined #openvpn
11:11 < coderbrahmin> !welcome
11:11 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
11:11 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:12 < coderbrahmin> !goal
11:12 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:15 < coderbrahmin> !configs
11:15 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:16 < coderbrahmin> !paste
11:16 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
11:17 < coderbrahmin> !logs
11:17 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:47 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 265 seconds]
11:55 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
12:17 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Quit: ZNC - http://znc.in]
12:17 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
12:18 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
12:22 -!- Changer90 [~quassel@217.160.177.68] has joined #openvpn
12:22 -!- Changer90 [~quassel@217.160.177.68] has quit [Client Quit]
12:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:38 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
13:01 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:04 -!- sinshiva [~sinshiva@209.208.65.221] has joined #openvpn
13:04 < sinshiva> hiya
13:04 < sinshiva> anybody have any magical advice for TCP over TCP?
13:05 < sinshiva> i keep getting crazy window sizes and mostly small segment sizes
13:05 < sinshiva> i only have the tun-mtu specified and am applying TCPMSS at the router via iptables
13:06 < sinshiva> tried lots of tun-mtu options between 1200 and 1400
13:06 < sinshiva> UDP was so much easier :\
13:09 < crised> In which layer does openvpn works?
13:09 <@dazo> !tcp
13:09 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
13:09 < crised> When doing site to site
13:09 <@dazo> sinshiva: ^^
13:10 < sinshiva> :p i know it's not a good idea; i'm running two server instances, actually
13:10 <@dazo> crised: it's more depending on tun or tap mode ... tun is layer 3, tap is layer 2
13:10 < sinshiva> tcp-nodelay, got it
13:11 < crised> dazo: what's non-ip based traffic?
13:11 <+hyper_ch> hi dazo
13:11 < crised> I believe most known protocols that I know are ip based
13:13 < crised> if it's ok to create vpn on layer 3 (one more hop between subnets) - go for tun.
13:13 <@dazo> crised: TAP will transport Ethernet frames, so it will be "IP agnostic".  Useful for odd protocols, bridging or where broadcast traffic is crucial ... tun mode will be reduce the Ethernet overhead and filter out the broadcast traffic
13:13 <@dazo> crised: we generally recommend tun over tap
13:13 < crised> dazo: yes definely, it's like using a transparent firewall or router/firewall,
13:14 < crised> dazo: am I right?
13:14 <@dazo> crised: no, not really ... it's more that tun is peer-to-peer focused, so you only have the relevant IP traffic going to the client
13:15 < crised> dazo: I may have a client with 2 WAN NICs, in the middle of a site to site tun vpn connection
13:15 < crised> I change the routing inside this *nix box, to use the other NIC, will I destroy the vpn session?
13:15 <@dazo> crised: with TAP, you can actually tunnel a VPN over a OpenVPN "bridge" not having any IP addresses available, but do all the rounting based on devices
13:15 <@dazo> TAP is the closest you'll get to a hardware NIC interface
13:16 <@dazo> crised: Your setup was slightly unclear to me ...
13:16 < crised> dazo: I have a openbsd firewall, with dynamic ip, that connects to a fixed ip server
13:17 < crised> in this openbsd firewall, I might switch WAN interfaces, for example from em0 to em1
13:17 < crised> What will happen if I do this on an ongoin openvpn connection?
13:17 <@dazo> is that firewall openvpn server or client?
13:17 < crised> client
13:17 <@dazo> okay, that will most likely trigger a reconnect ... do you control the server at all?
13:18 <@dazo> (the openvpn server, that is)
13:18 < crised> dazo: yes
13:18 <@dazo> okay, there are some on going work to allow seemless client float ... patches are under review on the ML
13:19 <@dazo> if you're eager to test this out, and willing to run bleeding edge code ... feel free to join #openvpn-devel and ask for details ... say you want to help testing the new float patches
13:19 < crised> dazo: nope, not at all, I'm looking for a tested solution :)
13:24 <@dazo> fair enough ... IIRC, it'll appear in 2.4 ... but I can't promise anything yet
13:29 < zoredache> !route
13:29 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
13:29 <@vpnHelper> client
13:37 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
13:41 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Excess Flood]
13:42 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:50 < Eugene> !inline
13:50 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
13:51 < Eugene> <3 bot
13:56 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has quit [Quit: Leaving]
14:06 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
14:16 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
14:35 < wowaname> hh
14:49 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:12 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-scdzhhayehtilgnn] has quit [Remote host closed the connection]
15:23 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:24 -!- hyper_ch was kicked from #openvpn by ecrist [why must you hilight?]
15:24 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
15:24 -!- mode/#openvpn [+v hyper_ch] by ChanServ
15:35 -!- mattock is now known as mattock_afk
15:38 -!- Shadow` [~Shadow@unaffiliated/shadow/x-5767407] has quit [Ping timeout: 245 seconds]
15:42 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-rieqrzyyiebxopng] has joined #openvpn
15:47 -!- GrantK [~GrantK@bolt.sonic.net] has joined #openvpn
15:53 -!- sigkill [~tjp@gateway/vpn/privateinternetaccess/tjp] has joined #openvpn
15:53 < sigkill> !poodled
15:54 < GrantK> I need to 'de-fuzzy' my understanding of a vpn concept.   I have a daemon running on a remote VPS. It needs to connect to a daemon on a local server.  The two boxes are connected with openvpn.
15:54 < GrantK> I want the two boxes to talk using 'internal' IPv4 addresses.  I.e. remove server IP = 192.168.1.10, local server IP = 192.168.2.10.
15:54 < GrantK> Since the VPS doesn't actually HAVE an internal NIC -- just external (eth0) and loopback (lo) -- which interface do I assign the  192.168.1.10 to on the VPS?  eth0, lo, the vpn's tun0, or a dummy interface?
15:55 -!- Denial [~Denial@81.141.2.75] has joined #openvpn
15:56 < sigkill> !welcome
15:56 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:56 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:57 < sigkill> !poodle
15:57 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
15:57 < sigkill> !ask
15:57 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
16:02 < GrantK> fine. change it to addreses in 10.x.x.x.  The question still stands.
16:20 -!- `hypermist` is now known as hypermist
16:20 -!- hypermist is now known as `hypermist`
16:23 -!- GrantK [~GrantK@bolt.sonic.net] has quit [Quit: GrantK]
16:24 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has joined #openvpn
16:27 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:38 -!- sigkill is now known as tjp
16:39 < tjp> Hello, I am trying to understand how the OpenVPN protocol works over UDP.  Are packets guaranteed to get delivered or is there the potential for packet loss?
16:43 < tjp> In other words, if use TCP the the TCP protocol will guarantee delivery.  UDP does not.  But I am wondering if OpenVPN has something built-in to verify the data transmitted via UDP?
16:51 < pekster> Only for the TLS channel (because TLS requires it, and openvpn doesn't use DTLS)
16:52 < pekster> You normally do not want your encapsulating protocol to use reliable-delivery since the goal is usually to emulate IP, which also does not gaurentee reliability. See also:
16:52 < pekster> !tcp
16:52 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
16:54 < tjp> I'll read those in sec, thanks.   So, if I am on OpenVPN and say using "dd" to copy some data, there is the chance the UDP connect will drop some data, and my transfer will be corrupted?
16:55 < pekster> dd copies to devices, not sockets
16:56 -!- grep0r [grep0r@104.171.118.134] has quit [Ping timeout: 264 seconds]
16:56 < pekster> The status of your _network_ traffic depends on the characteristics of the transport protocol you're using. dd is a file copier, not a netework protocol
16:56 < cwillu_at_work> tjp, openvpn uses udp to send it's own packets; those packets may contain your udp or your tcp packets
16:56 < pekster> OpenVPN can use either UDP or TCP to encapsulate the tunneled traffic
16:57 -!- BenLue [~No@unaffiliated/benlue] has joined #openvpn
16:57 < cwillu_at_work> i.e., if you're doing dd | nc some_host over the udp tunnel, if nc is itself using tcp, then it gets the tcp "reliability" regardless of whether openvpn is using udp or tcp for its traffic
16:57 < pekster> Use of TCP is usually the wrong choice unless 1) UDP does not work (such as with hostile/restrictive firewalls) or 2) when you are for some reason using an unreliable transport protocol that you must gaurentee delivery for, and which to use TCP to do that
16:57 < pekster> wish*
16:58 < cwillu_at_work> and if nc is using -u to use udp packets, then they're unreliable, regardless again of whether openvpn is using tcp or udp
17:00 < tjp> Yeah, I was using "dd" just as an example of a program that doesn't do any error checking or correction.  I can't recall if ftp does.  But lets say we have an OpenVPN tunnel using UDP, and an application that just takes raw data with no error detection or correction.  OpenVPN does nothing to guarantee the data is intact, right?
17:01 -!- NBhosting [~nbhosting@D97BE3F1.cm-3-4d.dynamic.ziggo.nl] has joined #openvpn
17:01 < NBhosting> is there somethign that creates an .tblk automatic?
17:01 < tjp> But if I were to use OpenVPN over TCP, then TCP would verify the data was intact?
17:01 < cwillu_at_work> tjp, dd doesn't do network traffic
17:02 < cwillu_at_work> tjp, you have to say whether that application is using tcp or udp
17:02 < cwillu_at_work> which has _nothing_ to do with whether openvpn sends that traffic itself over tcp or udp
17:02 < cwillu_at_work> in fact, tcp over tcp tends to be less reliable because you have two layers doing retransmits which can interact really badly in some cases
17:03 < Eugene> s/some/all/
17:03 < cwillu_at_work> s/all/nearly all/
17:05 < BenLue> hello guys: i have some trouble. OpenVPN client is connecting fine after few minutes i become dc´s. Some Information: openvpnlog: http://paste.debian.net/hidden/ec6fc182/ cyberghost.conf:http://paste.debian.net/hidden/9afa370c/ cyberghost-up:http://paste.debian.net/hidden/dbd38280/
17:06 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
17:08 < BenLue> anyone idea?
17:08 < tjp> OK, so if I have OpenVPN/UDP and I use something like ssh across the OpenVPN, ssh uses TCP and then I would get the delivery guarantess that come with TCP, correct?
17:19 -!- `hypermist` is now known as hypermist
17:19 -!- hypermist is now known as `hypermist
17:19 -!- `hypermist is now known as `hypermist`
17:20 < tjp> but if I did something like "nc -u host.destination.org 2112 < /var/log/messages" across a VPN/UDP, then there is no guarantee I would get the exact file?
17:21 < tjp> But if I did that nc command across a VPN/TCP then the outer TCP would guarantee the exact file?  Or I am just missing something here?
17:31 -!- Eugene [eugene@kashpureff.org] has left #openvpn ["Leaving"]
17:32 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has quit [Quit: Leaving]
17:33 < tjp>  Ah reading the BLUG talk now, addresses exactly what I am asking!  Thanks vpnHelper!
17:37 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
17:44 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
17:47 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:53 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:56 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
17:56 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:59 < tjp> Huh, is there a video of that BLUG talk anywhere?  That really answered a lot of my questions.
18:01 <+esde> what BLUG talk?
18:03 <+esde> nvm
18:06 -!- _quadDamage [~EmperorTo@boom.blissfulidiot.com] has joined #openvpn
18:07 -!- NBhosting [~nbhosting@D97BE3F1.cm-3-4d.dynamic.ziggo.nl] has quit []
18:12 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
18:19 < crised> Why OpenBSD chooses IPsec as it's default VPN server/client implementation>
18:19 < crised> ?
18:20 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
18:21 <+esde> crised
18:21 < crised> esde: hi
18:21 <+esde> that question is much better suited for #openbsd
18:21 < crised> esde: already asked it there ;)
18:22 < crised> esde: can IPsec run on udp as well as openvpn?
18:22 <+esde> this is not #ipsec or #openbsd, and to answer your question, I don't know
18:22 <+esde> try the openbsd mailing lists
18:33 < crised> esde: tba s
18:33 -!- crised [~crised@186.67.181.203] has quit [Quit: Leaving.]
18:37 -!- tjp [~tjp@gateway/vpn/privateinternetaccess/tjp] has quit [Quit: Konversation terminated!]
18:37 -!- sinshiva [~sinshiva@209.208.65.221] has left #openvpn []
18:52 <+esde> and that talk was (apparently) from 2003. I'd absolutely love to see a current BLUG talk, in the same context.
18:54 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
19:00 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
19:17 -!- dazo is now known as dazo_afk
19:25 -!- NTolerance [~nt@2606:a000:a002:8c00:21a:4dff:fe4d:4e75] has left #openvpn ["Leaving"]
19:44 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:47 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
19:48 -!- BenLue [~No@unaffiliated/benlue] has quit []
19:51 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit1]
20:30 -!- lkthomas [~lkthomas@218.255.225.18] has joined #openvpn
20:30 < lkthomas> recently we encounter VPN disconnection to China
20:30 < lkthomas> anyone have similar issue recently ? like these two weeks ?
20:46 -!- paxmark9 [~paxtormar@199.21.149.142] has joined #openvpn
21:13 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
21:17 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
22:01 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:29 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
22:57 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-mjtdxpqywklmbqxj] has joined #openvpn
22:57 < coderbrahmin> Hello guys. I have a tiny instance on AWS running ubuntu 14.04 64 bit. The client is fedora 20 64 bit. I want to setup an openvpn server on AWS. I have the following configuration on server and client found here https://gist.github.com/venkateshshukla/4be140a3b728782ab0d9. Also, I have port 80 open in the security group. I am able to connect to the server. (Client logs in the same gist). But after initialisation is
22:57 < coderbrahmin> completed, I don't get any access to the internet.
22:59 < coderbrahmin> I don't know much about openvpn. What should I do so that I get internet access?
23:12 < coderbrahmin> !logs
23:12 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
23:12 < coderbrahmin> !logfile
23:12 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
23:28 -!- ShadniX [dagger@p5481DBE8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:28 -!- ShadniX_ [dagger@p5481D4DA.dip0.t-ipconnect.de] has joined #openvpn
23:28 -!- ShadniX_ is now known as ShadniX
23:40 -!- funnel [~funnel@unaffiliated/espiral] has quit [Remote host closed the connection]
23:43 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:43 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:44 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
23:50 < coderbrahmin> Anyone?
23:56 -!- wsky [~sexyboy@unaffiliated/sexyboy] has joined #openvpn
23:56 < wsky> hey, what's the best method to use openvpn2 on osx yosemite?
--- Day changed Tue Jan 27 2015
00:01 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Quit: Bye!]
00:02 < jeev> probably getting a pc. ha ha...... i 'll see myself out
00:02 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
00:06 -!- coderbrahmin [~quassel@ec2-54-148-219-76.us-west-2.compute.amazonaws.com] has quit [Remote host closed the connection]
00:07 -!- coderbrahmin [~quassel@ec2-54-148-219-76.us-west-2.compute.amazonaws.com] has joined #openvpn
00:10 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-mjtdxpqywklmbqxj] has quit [Quit: SMD]
00:11 < wsky> heh
00:12 < wsky> i've enabled unsigned kext loading and used tuntaposx
00:12 < wsky> works just like on mavericks now
00:14 -!- wsky [~sexyboy@unaffiliated/sexyboy] has left #openvpn ["o/"]
00:19 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Ping timeout: 272 seconds]
00:27 -!- akkad [akkad@dns.mauthesis.com] has joined #openvpn
00:28 < akkad> is there a way to set a timeout so max connection is say 12 hours?
00:28 < lkthomas> anyone have idea why openvpn keep disconnecting every 10 minutes ?
00:29 < lkthomas> I do have keepalive set on OpenVPN, but doesn't help
00:29 < akkad> shitty network?
00:29 < lkthomas> most likely session timeout
00:29 < lkthomas> it stopped exactly 10 minutes, so what do you think? :P
00:50 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
00:56 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 252 seconds]
01:03 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
01:14 -!- mattock_afk is now known as mattock
01:24 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
02:07 -!- kadath [~kadath@cpe-184-57-252-175.cinci.res.rr.com] has joined #openvpn
02:14 -!- myp [~andrew@mx2.admin.tomsk.ru] has joined #openvpn
02:19 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:30 -!- singcat [~singcat@gateway/tor-sasl/singcat] has joined #openvpn
02:31 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
02:31 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:32 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
02:33 < singcat> I installed linux mint 17.1 and then installed openvpn and network-manager-openvpn packages, but I see no option to create openvpn connection in network manager. How can I make openvpn appear there?
02:45 < singcat> Solved it myself, apparently linux mint splits out the package into network-manager-openvpn and network-manager-openvpn-gnome, but network-manager-openvpn-gnome is not installed when I install network-manager-openvpn. network-manager-openvpn-gnome is a necessary package to make it appear in network manager.
02:50 -!- paxmark9 [~paxtormar@199.21.149.142] has quit [Quit: Leaving]
02:55 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco_]
03:26 -!- mattock is now known as mattock_afk
03:31 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Quit: Lost terminal]
03:36 -!- ocx [25d1fd8d@gateway/web/freenode/ip.37.209.253.141] has joined #openvpn
03:36 < ocx> hello all
03:36 < akkad> does the management interface show you when they last did something? or when they first connected?
03:38 < ocx> i would like to provide vpn access to only authorized vpn clients trying to connect to my server, the vpn clients already have keys so they are able to establish connections to my vpn server, now i am adding routing table to on,ly authorized ones, is this a good technique? or should i totally block the vpn access to tthe unauthorized vpn clients?
03:38 < ocx> idea here is i dont want to make any changes on the client side dont want to ask them to import keys or whatoever to get access, the access needs to be granted on server side and clients will always try to connect
04:00 -!- singcat [~singcat@gateway/tor-sasl/singcat] has quit [Ping timeout: 250 seconds]
04:02 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
04:02 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:02 -!- badon_ [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
04:06 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:27 -!- `hypermist` is now known as pcupgrades
04:29 < ocx> anyone here?
04:29 -!- pcupgrades is now known as `hypermist`
04:30 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
04:35 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has joined #openvpn
04:57 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:06 -!- mattock_afk is now known as mattock
05:19 -!- Y0sh1 [~Y0sh1@TiP01.theinternets.nl] has quit [Quit: OK, Doei!]
05:29 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Ping timeout: 272 seconds]
05:33 -!- dazo_afk is now known as dazo
05:36 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
05:39 -!- Y0sh1 [~Y0sh1@TiP01.theinternets.nl] has joined #openvpn
05:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
05:40 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
05:46 < ocx> http://swupdate.openvpn.org/community/releases/openvpn-2.3.6.tar.xz is the newest?
05:53 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:55 <+hyper_ch> git is probably more current but that looks like latest release
05:56 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
05:56 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
06:01 -!- arkie [~arkie@unaffiliated/arkie] has left #openvpn ["Leaving"]
06:06 < ocx> https://openvpn.net/index.php/open-source/documentation/howto.html#quick does not work with latest release please fix
06:06 <@vpnHelper> Title: HOWTO (at openvpn.net)
06:06 < ocx> specially the easy-rsa part
06:45 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:56 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
07:00 <@dazo> ocx: latest easy-rsa is here: https://github.com/OpenVPN/easy-rsa/ ... easy-rsa has become a separate OpenVPN project, with their own maintainers ... and the latest Easy-RSA v3 is a massive improvement over the former versions
07:00 <@vpnHelper> Title: OpenVPN/easy-rsa · GitHub (at github.com)
07:42 -!- kexmex [~kexmex@78.111.186.44] has joined #openvpn
07:43 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
08:44 -!- kexmex [~kexmex@78.111.186.44] has quit [Quit: Computer has gone to sleep.]
08:46 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:02 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
09:02 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:06 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Client Quit]
09:06 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:23 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
09:52 -!- ocx [25d1fd8d@gateway/web/freenode/ip.37.209.253.141] has quit [Ping timeout: 246 seconds]
10:01 -!- u0m3 [~u0m3@92.80.78.25] has joined #openvpn
10:02 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
10:02 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
10:03 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
10:03 -!- u0m3_ [~u0m3@109.96.139.134] has quit [Ping timeout: 255 seconds]
10:18 -!- mago_ [~mago@unaffiliated/blastur] has quit [Ping timeout: 276 seconds]
10:18 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Read error: Connection reset by peer]
10:21 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Ping timeout: 272 seconds]
10:29 -!- mattock is now known as mattock_afk
10:34 -!- mattock_afk is now known as mattock
10:36 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Remote host closed the connection]
10:39 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
10:40 <+hyper_ch> krzee: https://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/
10:40 <@vpnHelper> Title: Comparing the Regin module 50251 and the "Qwerty" keylogger - Securelist (at securelist.com)
10:45 -!- ocx [25d1fd8d@gateway/web/freenode/ip.37.209.253.141] has joined #openvpn
10:46 < ocx> hi all, does openvpn use the standard SSL method for client/server communication?
10:46 < ocx> which is public key with an symmetric key for encryption?
10:48 <+hyper_ch> !hardening
10:48 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
10:49 < ocx> huh?
10:49 < ocx> hyper_ch: mainly a client authenticates to an openvpn server by using its private key and the openvpn decrypts it using its public key right?
10:51 <+hyper_ch> they doe somehow a handshake
10:51 <+hyper_ch> and it gets even more complicated with tls-auth for perfect forward security
10:51 <+hyper_ch> no idea how it really works
10:53 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
11:07 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 265 seconds]
11:08 < ayaka> I have a problem with openvpn work with obfsproxy, obfxproxy also report "[ERROR] Invalid SOCKS command: '3'"
11:08 < ayaka> so openvpn can't work, what is the problem? and how to solve it?
11:09 <+esde> !crystal
11:09 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
11:09 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
11:11 < ayaka> log http://fpaste.org/176183/37863514/ config http://ur1.ca/jk0k5
11:11 <@vpnHelper> Title: #176184 Fedora Project Pastebin (at ur1.ca)
11:11 < ayaka> my network need obfsproxy or openvpn can't work
11:12 <+esde> no worries, no sit tight and wait for a helper :)
11:12 <+esde> *now
11:12 < DArqueBishop> Personally, I'd first look at obfsproxy and see if that's working first.
11:13 < DArqueBishop> I see the problem already, though.
11:13 < ayaka> P.S why openvpn still show obfs2 way? obfs3 can't work with openvpn?
11:13 < DArqueBishop> You have OpenVPN configured to use udp while the proxy requires TCP connections.
11:13 < ayaka> ok, that is the point
11:14 < DArqueBishop> (At least, that's how I'm reading it.)
11:14 < ayaka> but I think I could pass udp package through socks proxy
11:15 -!- p-trust [~dep-k@unaffiliated/p-trust] has joined #openvpn
11:15 < p-trust> should I install openvpn-2.4.6.l601 or l001 on windows 8.1 ?
11:16 < p-trust> is there big difference?
11:16 <+esde> 2.4.6?
11:16 <+esde> huh
11:16 < p-trust> 2.3.6 sorry
11:16 < p-trust> latest release
11:16 <+esde> not sure, i havent used 8.1
11:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:17 <+esde> oh
11:17 <+esde> I601
11:17 <+esde> or L or whatever letter that is
11:17 < p-trust> I dunno what letter is that lol
11:17 <+esde> you want Vista or later
11:18 < p-trust> it's 601 right
11:18 <+esde> 32 bit http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.6-I601-i686.exe 64 bit http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.6-I601-x86_64.exe
11:18 <+esde> :)
11:18 < p-trust> yea but I have l001 working fine on windows 7
11:19 < ocx> i have a question, does openvpn uses PKI and encryption using SSL?
11:19 < p-trust> that's why I am not sure
11:19 < ocx> so i can use PKI for client identification only?
11:20 <+esde> trial-and-error p-trust. but i'd think the client built for the "latest" windows build would be the most likely to work successfully.
11:20 < p-trust> where I can read about the difference between l001 and l601 releases?
11:21 < p-trust> release changes mention nothing about it
11:21 < p-trust> well I just want to install tun adapter
11:22 < p-trust> i am really stuck lol
11:23 < p-trust> because "Windows XP and later" may be equal to windows 8 as well as "Windows Vista or later"
11:26 -!- mattock is now known as mattock_afk
11:28 < ayaka> DArqueBishop, thank you, it works
11:30 < ayaka> also obfs3 works fine
11:31 < ayaka> esde, thank you
11:31 < ayaka> krzee, thank you
11:32 < p-trust> well, I suppose 601 means windows 6.1 and is architecture-related
11:32 < p-trust> thank you
11:45 -!- BenLue [~No@unaffiliated/benlue] has joined #openvpn
11:46 < BenLue> i have some trouble. OpenVPN client is connecting fine after few minutes i become dc´s. Some Information: openvpnlog: http://paste.debian.net/hidden/ec6fc182/ cyberghost.conf:http://paste.debian.net/hidden/9afa370c/ cyberghost-up:http://paste.debian.net/hidden/dbd38280/
11:51 < ayaka> any one could modify the openvpn wiki? I want to add something I got into https://community.openvpn.net/openvpn/wiki/TrafficObfuscation
11:51 <@vpnHelper> Title: TrafficObfuscation – OpenVPN Community (at community.openvpn.net)
11:51 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:58 -!- ocx [25d1fd8d@gateway/web/freenode/ip.37.209.253.141] has quit [Ping timeout: 246 seconds]
12:00 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 265 seconds]
12:03 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
12:04 -!- p-trust [~dep-k@unaffiliated/p-trust] has quit [Quit: Leaving]
12:05 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:05 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 252 seconds]
12:15 <+esde> http://www.openwall.com/lists/oss-security/2015/01/27/9
12:15 <@vpnHelper> Title: oss-security - Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (at www.openwall.com)
12:15 <+esde> BOLO
12:17 -!- NBhosting [~nbhosting@D97BE3F1.cm-3-4d.dynamic.ziggo.nl] has joined #openvpn
12:18 < NBhosting> when i connect localy to my vpn server im able to ping my vps server internal ip, but i cant ping to other machines in the internal network, what could cause that?
12:18 < NBhosting> vps=vpn
12:19 <+esde> !welcome
12:19 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
12:19 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:19 <+esde> goal is covered, but we'll still need other info to help
12:21 < NBhosting> route/interfaces and firewall https://dpaste.de/fc6c
12:22 < NBhosting> i can ping 10.90.7.2  when connected to vpn  but for example not to 10.90.7.10
12:22 < NBhosting> i would think its the firewall somehow, but i dont see why
12:23 < NBhosting> when i ssh into 10.90.7.2 im able to ping 10.90.7.10
12:23 < NBhosting> only not trough vpn
12:25 -!- ayaka [~ayaka@120.32.115.113] has left #openvpn ["离开"]
12:26 < DArqueBishop> !route
12:26 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:26 <@vpnHelper> client
12:28 < NBhosting> mac doesnt seem to use route, (my client)
12:29 < NBhosting> so it could be localy
12:32 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
12:39 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Remote host closed the connection]
12:39 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
12:45 -!- NBhosting [~nbhosting@D97BE3F1.cm-3-4d.dynamic.ziggo.nl] has quit []
12:51 -!- NBhosting [~nbhosting@D97BE3F1.cm-3-4d.dynamic.ziggo.nl] has joined #openvpn
12:55 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
13:13 -!- mattock_afk is now known as mattock
13:22 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
13:27 -!- ocx [25d1fd8d@gateway/web/freenode/ip.37.209.253.141] has joined #openvpn
13:27 < ocx> hi all, what is the usage of this step in the doc: Generate Diffie Hellman parameters
13:28 < ocx> i understand the build-key creates an RSA pair so why the diffie
13:35 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
13:41 <+esde> http://openvpn.net/archive/openvpn-users/2004-11/msg00530.html ocx
13:41 <@vpnHelper> Title: Re: [Openvpn-users] what are DH parameters for (at openvpn.net)
13:43 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 245 seconds]
13:45 -!- ocx [25d1fd8d@gateway/web/freenode/ip.37.209.253.141] has quit [Ping timeout: 246 seconds]
13:48 -!- swebb [~swebb@192.69.23.161] has quit [Ping timeout: 255 seconds]
13:56 < akkad> is the time given in the status the last time they were active? or when they started their sesssion?
14:14 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:19 -!- mattock is now known as mattock_afk
14:21 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
14:22 -!- lxusrbin_ [~lxusrbin@han.solo.atw0rk.net] has joined #openvpn
14:22 -!- lxusrbin [~lxusrbin@han.solo.atw0rk.net] has quit [Disconnected by services]
14:22 -!- lxusrbin_ is now known as lxusrbin
14:22 -!- abbe_ [having@badti.me] has joined #openvpn
14:22 -!- Neal|ZNC [neal@felix.ineal.me] has joined #openvpn
14:23 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
14:23 -!- pekster_ [~rewt@openvpn/community/support/pekster] has joined #openvpn
14:23 < NBhosting> oh man i so hate networking and routing :P  im still stuck at a point where i can connect from home to my openvpn, i can ping the local vpn ip , but i cant ping to any other machine on the vpn network. , but when i ssh into the vpn machine i can ping the internal network , so confussing
14:23 -!- `hypermi- [hypermist@unaffiliated/hypermist] has joined #openvpn
14:24 -!- abbe [having@badti.me] has quit [Disconnected by services]
14:24 -!- abbe_ is now known as abbe
14:24 <+hyper_ch> !routing
14:24 <+hyper_ch> !lan
14:24 <+hyper_ch> !serverlan
14:24 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
14:24 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
14:24 <+hyper_ch> all good things are 3
14:24 <+hyper_ch> ecrist: ping
14:26 < NBhosting> ow freaking... is it that simple... somehow mu cat /proc/sys/net/ipv4/ip_forward  went to 0
14:26 < NBhosting> no sure why it resetted
14:26 <+hyper_ch> !linipforward
14:26 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
14:26 < NBhosting> ah that could be it idd, that i only did the command
14:26 < NBhosting> ill set it
14:29 <@ecrist> hyper_ch: pong
14:29  * ecrist readies the /kick
14:29 -!- gchristensen [~gchristen@unaffiliated/grahamc] has joined #openvpn
14:30 <+hyper_ch> ecrist: I wonder, who can get an openvpn mask?
14:30 <+hyper_ch> !goal
14:30 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:30 <@ecrist> currently, any one who wants one can get an openvpn/user mask
14:30 <+hyper_ch> some birdy (ex-freenode admin or something) told me it's dangerous to just hand out masks to random strange people
14:31 <+esde> birdys are stupid
14:32 -!- Netsplit *.net <-> *.split quits: Neal_, malikeye, kenyon, pekster, kokel, Haseo, `hypermist`, Gman32, pppingme
14:33 -!- ocx [25d1fd8d@gateway/web/freenode/ip.37.209.253.141] has joined #openvpn
14:33 < ocx> hi all, what is the use of diffie hellman in openvpn?
14:33 < ocx> at which stage is it used?
14:33 <+esde> http://openvpn.net/archive/openvpn-users/2004-11/msg00530.html ocx
14:33 <@vpnHelper> Title: Re: [Openvpn-users] what are DH parameters for (at openvpn.net)
14:34 <@ecrist> !dh
14:34 <@vpnHelper> "dh" is (#1) build-dh from easy-rsa and option dh in ssl-admin, creates a file which is a prime number the size of bits you defined (1024 default) which is used in the diffie-hellman algorithm to provide a method to negotiate a secure connection over an insecure channel. just one of the layers of encryption available to you in your VPN or (#2) openssl gendh [numbits]
14:35 <+esde> thx ecrist
14:35 -!- Neal|ZNC is now known as Neal_
14:37 <+hyper_ch> ecrist: hmmm, in my vars I have set it to 4096 bit... however the generated ta.key is 2048 bit.... why is that?
14:40 < ocx> why not using RSA and a symmetric key like SSL way?
14:41 <+esde> ta.key doesnt need to be any larger
14:41 <+esde> i can try to find the explanation from when i asked before if you'd like
14:42 < ocx> esde: ecrist so mainly build-dh generate variable should be on the client and the server side?
14:42 <+esde> dhXXXX.pem is required for server and clients, if it's being used
14:42 <+hyper_ch> ain't ssl broken and shouldn't TLS be used?
14:43 < ocx> esde: so i can skip the build-dh and openvpn will revert to using RSA to encrypt the channels?
14:43 <+esde> SSLv1-3 is, but SSL is (wrongly) commonly used to reference TLS
14:44 <+hyper_ch> I'm no commoner :)
14:44 < ocx> esde: i see only dh{n}.pem	server only	Diffie Hellman parameters
14:44 <+esde> oh you're correct
14:44 <+esde> got mixed up with the ta.key question
14:44 < ocx> so no need to have it on clients
14:44 <+hyper_ch> dh file only needs to be on the server
14:44 <+esde> nope
14:44 <+hyper_ch> !howto > ocx
14:44 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 240 seconds]
14:44 <+esde> should stay secret
14:45 < ocx> ok so mainly i can run openvpn without DH?
14:45 <+hyper_ch> !howto
14:45 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
14:45 < ocx> no it should stay secret..
14:45 < ocx> should NOT
14:45 <+hyper_ch> there's a section about setting up your PKI
14:45 <@ecrist> openvpn doesn't use SSL
14:45 <@ecrist> it's only ever used TLS
14:45 < ocx> i read all that doc
14:45 <+esde> configure yours however you want ocx, but my dh param will remain secret :)
14:45 < ocx> esde: i think it doesnt remain secret
14:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
14:46 < ocx> for the client to use or something
14:46 <+esde> K
14:46 < ocx> once the certificates are approved i think that DH file is used by both client and server
14:46 < ocx> ^ ecrist correct?
14:47 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Ping timeout: 255 seconds]
14:48 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
14:48 < ocx> Diffie-Hellman is a one-roundtrip key exchange algorithm: recipient sends his half ("DH public key"), sender computes his half, obtains the key, encrypts, sends the whole lot to the recipient, the recipient computes the key, decrypts
14:48 < ocx> recipient is server in this case
14:48 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Remote host closed the connection]
14:48 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Remote host closed the connection]
14:48 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
14:49 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
14:50 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
14:50 <+esde> hyper_ch, http://pastebin.com/CUZ2FNgD
14:51 <+hyper_ch> pastebin.com is evil
14:52 <+esde> K
14:52 <+hyper_ch> but thx for the paste
14:53 <+esde> http://paste.debian.net/plainh/9645b31c hyper_ch if that's not good enough, you can do without
14:53 <+hyper_ch> well, debian pastebin does actually show the code the way you enter it
14:54 <+hyper_ch> contrary to pastebin
14:54 <+hyper_ch> also debian paste is ad-infected
14:54 <+esde> ¯\_(ツ)_/¯
14:54 <+hyper_ch> just letting you know :)
14:54 <+esde> i dont know what ads are
14:54 <+hyper_ch> can you also do ascii kitties?
14:55 <+hyper_ch>   |\      _,,,---,,_
14:55 <+hyper_ch>    /,`.-'`'    -.  ;-;;,_
14:55 <+hyper_ch>   |,4-  ) )-,_..;\ (  `'-'
14:55 <+hyper_ch>  '---''(_/--'  `-'\_)  Felix Lee <flee@cse.psu.edu>
14:56 -!- gchristensen is now known as terratoma
14:56 -!- terratoma is now known as gchristensen
14:59 -!- Netsplit over, joins: malikeye
15:00 < malikeye> !welcome
15:00 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:00 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
15:08 -!- pekster_ is now known as pekster
15:08 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
15:12 -!- ocx [25d1fd8d@gateway/web/freenode/ip.37.209.253.141] has quit [Ping timeout: 246 seconds]
15:17 -!- Pyrogerg [~Gregory@205.167.120.206] has joined #openvpn
15:20 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Quit: Headin Out...]
15:28 -!- mirco__ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
15:28 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Ping timeout: 264 seconds]
15:29 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
15:37 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
15:38 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 245 seconds]
15:39 -!- Diabolik [DiabolikFr@2a00:d880:3:1::6be5:5bc8] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
15:54 -!- kexmex [~kexmex@78.111.186.252] has joined #openvpn
16:03 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
16:04 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
16:05 -!- Pyrogerg [~Gregory@205.167.120.206] has quit [Ping timeout: 245 seconds]
16:06 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
16:06 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
16:11 -!- kexmex [~kexmex@78.111.186.252] has quit [Quit: Computer has gone to sleep.]
16:20 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
16:34 -!- adaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
16:37 -!- adaptr [~jgeilman@unaffiliated/adaptr] has quit [Client Quit]
16:37 -!- adaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
16:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Max SendQ exceeded]
16:41 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:48 < MrSavage> I'm having issues connecting to my openvpn server from my school network. I'm getting this error ERROR: Linux route delete command failed: external program exited with error status: 2
16:49 < MrSavage> is it because my school is blocking this port from letting me connect?
16:54 < DArqueBishop> !logs
16:54 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:54 -!- `hypermi- is now known as `hypermist`
16:57 < MrSavage> !logfile
16:57 < MrSavage> !logs
16:57 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
16:57 < MrSavage> !logfile
16:57 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:57 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
17:02 -!- Pyrogerg [~Gregory@205.167.120.206] has joined #openvpn
17:07 -!- Pyrogerg [~Gregory@205.167.120.206] has quit [Ping timeout: 264 seconds]
17:08 < MrSavage> this is my server openvpn.log http://sprunge.us/DNbe
17:08 < MrSavage> this is my client openvpn.log http://sprunge.us/AIQW
17:08 < MrSavage> why can't my client connect to my server from school?
17:08 < MrSavage> @ DArqueBishop
17:12 <@dazo> MrSavage: I presume you get that when you stop openvpn from running.  That error is not uncommon, and you don't need to worry about that
17:12 < MrSavage> dazo: but i cannot connect to any website once i'm connected to my openvpn
17:12 <@dazo> the reason is that openvpn tries explicit to remove some routes which it configured.  But on Linux those routes are deleted automatically when the tun/tap device is removed
17:12 <@dazo> okay, that's an entirely different issue
17:12 <@dazo> !redirect
17:12 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
17:12 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
17:13 <@dazo> MrSavage: ^^^ Go carefully through those few lines from vpnHelper ... that'll get you started
17:14  * dazo need to go :/
17:15 -!- dazo is now known as dazo_afk
17:16 < MrSavage> dazo: it works on my desktop at my house
17:16 < MrSavage> but not on this laptop at my school
17:18 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
17:20 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:22 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Max SendQ exceeded]
17:24 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:25 < MrSavage> is it bad that telnet <myserver> 1194 says connection refused?
17:25 < MrSavage> even though openvpn's logs reports that i do connect and so fourth through openvpn
17:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
17:35 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:37 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
17:38 < MrSavage> do i need nat enabled on the client?
17:38 < MrSavage> Or is that a server thing?
17:39 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:50 -!- architekt [archi@i.love.coding4.coffee] has quit [Quit: WeeChat / ZNC]
17:54 < MrSavage> I can't figure out why openvpn isn't working on my school's wifi
18:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 240 seconds]
18:08 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:08 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:21 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 272 seconds]
18:23 -!- codehero [codehero@i.have.ipv6.on.coding4coffee.org] has joined #openvpn
18:27 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
18:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:40 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
19:01 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
19:17 < MrSavage> dazo_afk: I fixed the issue
19:29 -!- haasn [~haasn@static.102.126.46.78.clients.your-server.de] has quit [Quit: haasn]
19:29 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has joined #openvpn
19:35 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [K-Lined]
19:36 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
19:37 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
19:39 -!- kenyon_ [kenyon@darwin.kenyonralph.com] has joined #openvpn
19:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
19:59 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
20:05 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit1]
20:24 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
20:33 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
20:47 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Ping timeout: 252 seconds]
20:47 -!- zalami is now known as quality_humor
20:50 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
20:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
20:58 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Ping timeout: 255 seconds]
20:59 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
20:59 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Max SendQ exceeded]
21:00 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
21:00 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Max SendQ exceeded]
21:01 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
21:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:23 -!- Anteac [~Anteac@095-096-217-126.static.chello.nl] has quit [Quit: Leaving]
21:34 -!- paxmark9 [~paxtormar@199.21.149.142] has joined #openvpn
21:40 -!- BenLue [~No@unaffiliated/benlue] has left #openvpn []
21:40 -!- BenLue [~No@unaffiliated/benlue] has joined #openvpn
21:41 < BenLue> !welcome
21:41 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
21:41 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:41 < wowaname> !goodbye
21:41 < BenLue> !byebye
21:41 < wowaname> lol hi
21:42 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:44 < BenLue> !goal
21:44 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
21:45 < wowaname> hm
21:45 < BenLue> !sample
21:45 <@vpnHelper> "sample" is (#1) http://www.ircpimps.org/openvpn.configs for a working sample config or (#2) DO NOT use these configs until you understand the commands in them, read up on each first column of the configs in the manpage (see !man) or (#3) these configs are for a basic multi-user vpn, which you can then build upon to add lans or internet redirecting
21:45 < wowaname> #openvpn-dev isnt a thing
21:45 < wowaname> !goal dev channel pls thanks
21:45 < BenLue> ^^
21:46 < wowaname> ninight
21:46 < BenLue> gn8
21:46 < wowaname> <3
21:47 -!- james41382__ is now known as james41382
21:56 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Ping timeout: 240 seconds]
21:57 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
22:00 < BenLue> !ask
22:00 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
22:04 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Remote host closed the connection]
22:12 < BenLue> !configs
22:12 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
22:22 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
22:36 < BenLue> !paste
22:36 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
22:38 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
22:57 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
23:02 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 256 seconds]
23:04 < BenLue> Good night @all
23:05 -!- BenLue [~No@unaffiliated/benlue] has quit []
23:06 -!- KNERD [~KNERD@64.31.22.134] has joined #openvpn
23:09 -!- mirco__ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Ping timeout: 245 seconds]
23:22 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:28 -!- ShadniX [dagger@p5481D4DA.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:29 -!- ShadniX [dagger@p5481D08C.dip0.t-ipconnect.de] has joined #openvpn
23:41 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 252 seconds]
23:43 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 255 seconds]
23:44 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:47 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
--- Day changed Wed Jan 28 2015
00:29 -!- lbft [~lbft@unaffiliated/lbft] has quit [Quit: Bye]
00:30 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
00:35 -!- `hypermist` is now known as pcupgrades
00:42 -!- paxmark9 [~paxtormar@199.21.149.142] has left #openvpn ["Leaving"]
00:48 -!- pcupgrades is now known as `hypermist`
00:56 -!- `hypermist` is now known as pcupgrades
01:03 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 246 seconds]
01:09 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
01:13 -!- pcupgrades is now known as `hypermist`
01:15 -!- `hypermist` is now known as pcupgrades
01:33 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Remote host closed the connection]
01:34 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
01:38 -!- mattock_afk is now known as mattock
01:40 -!- kexmex [~kexmex@78.111.186.20] has joined #openvpn
01:41 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
01:47 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
01:48 -!- d_duese [~Daniel@b2b-130-180-23-74.unitymedia.biz] has joined #openvpn
01:49 -!- lxusrbin [~lxusrbin@han.solo.atw0rk.net] has quit [Quit: leaving]
01:55 -!- d_duese [~Daniel@b2b-130-180-23-74.unitymedia.biz] has left #openvpn []
02:12 -!- Latrina [~Latrina@ppp-90-5.26-151.libero.it] has quit [Ping timeout: 264 seconds]
02:23 -!- lxusrbin [~lxusrbin@han.solo.atw0rk.net] has joined #openvpn
02:24 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:31 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
02:31 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
02:42 -!- ghormoon [~ghormoon@ghorland.net] has quit [Remote host closed the connection]
02:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
02:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:58 -!- pcupgrades is now known as `hypermist`
03:06 -!- altker128 [~vr@lothar.media.mit.edu] has joined #openvpn
03:06 -!- `hypermist` is now known as hypermist
03:07 -!- hypermist is now known as `hypermist`
03:08 < altker128> Hey guys.  I'm using OpenVPN for Android and I'm seeing what looks like packet leakage ; my OpenVPN IP domain is 10.0.8.x ;  I am packet logging between the phone (wifi) and my wired router.  I see 10.0.8.x traffic when logging (TCP) even though my understanding is everything should be routed through the tunnel (i.e. 10.0.8.x traffic shouldn't appear)
03:08 < altker128> For testing, I'm running Firefox on the Android phone and doing a simple search and looking at the UDP traffic between phone and OpenVPN server (of which there is corresponding traffic) but the 10.0.8.x traffic (TCP) seems very bizarre
03:09 -!- mattock is now known as mattock_afk
03:22 -!- altker128 [~vr@lothar.media.mit.edu] has quit [Ping timeout: 245 seconds]
03:22 < kexmex> hi
03:23 < kexmex> doesn openVPN resolve hosts?
03:33 < kexmex> hello?
03:34 -!- mjseymour [~mjseymour@remote.controlsystems.co.uk] has joined #openvpn
03:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
03:34 < mjseymour> Hi all
03:34 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
03:36 < mjseymour> I have successfully managed to connect to a remote network and can access the remote router . However if I want to access  any devices connected to remote router how do I configure it so that the local ip address given by openvpn network alllocates one to point to the ip addresses of each device on the remote router?
03:38 < mjseymour> i.e 10.8.0.6 points to the router, but device #1 on the remote router has an ip address of 192.168.1.11. Is there a way of vpn pointing to 192, address by getting its own equivlant address such as 10.8.0.7 for example?
03:41 -!- danci1973 [~danci1973@router.agenda.si] has joined #openvpn
03:43 < danci1973> Hello, I have many users that should get the 'default gateway' through OpenVPN, but only one or two that shouldn't... Is there a way to have the 'push "redirect-gateway def1"' option in my 'server.conf', but then 'negate' that in users's CCD file?
03:57 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
04:06 -!- kexmex [~kexmex@78.111.186.20] has quit [Quit: Computer has gone to sleep.]
04:11 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
04:26 <+hyper_ch> I just found out that skype can use sed... or something
04:29 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:31 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has joined #openvpn
04:35 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
04:42 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
04:54 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Remote host closed the connection]
04:54 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
04:58 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 255 seconds]
04:59 -!- mattock_afk is now known as mattock
05:03 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:09 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:10 -!- mattock is now known as mattock_afk
05:16 -!- Tachikomas [~tachikoma@46.218.38.58] has joined #openvpn
05:19 < Tachikomas> Hello, i'have a problem with openvpn on a raspberry pi (using raspbian) i'm on 192.168.1.X network, my server too, and i just want connect to it, locally. Iptables is full open, no firewall between us, and i have a TLS key negotiation failed : http://pastebin.com/RuzDs4Yj
05:20 < Zimsky> hyper_ch: sort of
05:20 < Zimsky> hyper_ch: doesn't it only work on nix
05:21 <+hyper_ch> found that out now
05:21 <+hyper_ch> I still wonder what the windows counter part gets
05:23 -!- `hypermist` is now known as hypermist
05:23 -!- mattock_afk is now known as mattock
05:24 < Tachikomas> the server conf : http://pastebin.com/eeP32PAc
05:24 -!- hypermist is now known as `hypermist`
05:28 -!- dazo_afk is now known as dazo
05:29 -!- shio [marmot@42.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
05:34 -!- Tachikomas [~tachikoma@46.218.38.58] has quit [Remote host closed the connection]
05:49 -!- shio [marmot@145.121.101.84.rev.sfr.net] has joined #openvpn
05:50 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
05:50 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 255 seconds]
05:52 -!- danci1973 [~danci1973@router.agenda.si] has quit [Quit: KVIrc 4.0.2 Insomnia http://www.kvirc.net/]
05:56 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
05:57 -!- Denial [~Denial@81.141.2.75] has quit [Ping timeout: 256 seconds]
06:01 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
06:03 -!- gardar [~gardar@bnc.giraffi.net] has quit [Quit: ZNC - http://znc.in]
06:12 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
06:41 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
06:45 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Remote host closed the connection]
06:56 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 245 seconds]
07:05 -!- Tachikomas [~tachikoma@46.218.38.58] has joined #openvpn
07:07 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
07:09 -!- _bt [~bt@unaffiliated/bt/x-192343] has joined #openvpn
07:14 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
07:18 < mjseymour> How can I assign a vpn ip address to the 3g router connected as a client to my server? http://i.stack.imgur.com/wSQXh.png
07:20 <+hyper_ch> !ccd > mjseymour
07:20 <+hyper_ch> !ccd
07:20 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
07:21 < mjseymour> so I should be able to access the webserver through a vpn ip address?
07:21 <+hyper_ch> ifconfig-push 10.0.8.99 255.255.255.0
07:21 <+hyper_ch> as example for pushing a vpn ip
07:21 <+hyper_ch> in a ccd entry
07:22 <+hyper_ch> use whatever subnet you use
07:22 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
07:22 < mjseymour> so then by pointing to 10.0.8.99 i should be able to connect to the webserver?
07:23 <+hyper_ch> that's the IP the vpn client gets
07:23 <+hyper_ch> so you can assign static ips to the clients
07:24 <+hyper_ch> of course youalso need
07:24 <+hyper_ch> !client-to-client
07:24 <@vpnHelper> "client-to-client" is with this option packets from 1 client to another are routed inside the server process. without it packets leave the server process, hit the kernel (firewall, routing table) and if allowed by firewall and routed back to server process, they go to the client. you use this option when you do not want to use selective firewall rules on what clients can access things behind other
07:24 <@vpnHelper> clients
07:25 < mjseymour> You've lost me :p
07:27 < mjseymour> The Windows 7 box is set to run as a OpenVPN server(10.8.0.1) and the 3G router is set as a client and connection is successful and I can access the routers admin portal by pointing to 10.8.0.6.  Now there is a PC which runs a local web server running at port 8080 which is connected to the 3G router which has a local IP address of 192.168.1.212.  I've setup port forwarding on the 3G router so any requests to 10.8.0.6 with port 8080 points
07:38 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco_]
07:47 -!- mjseymour [~mjseymour@remote.controlsystems.co.uk] has quit [Ping timeout: 264 seconds]
07:59 -!- Tachikomas [~tachikoma@46.218.38.58] has quit [Remote host closed the connection]
08:08 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
08:09 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 245 seconds]
08:17 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Ping timeout: 264 seconds]
08:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 240 seconds]
08:37 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 265 seconds]
08:37 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
08:40 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
08:40 -!- Dave666 [~chatzilla@94.117.194.122] has joined #openvpn
08:40 < Dave666> Hi, Looking for a good gui openvpn client for MacOSX. Tried Tunnelblick but that doesn't seem to work with the latest version of OSX.
08:41 < Dave666> Can anyone recommend one? I'm using the openvpn gui on windows and that works fine.
08:41 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Ping timeout: 245 seconds]
08:43 <+esde> Dave666,
08:43 <+esde> !tunnelblick
08:43 <@vpnHelper> "tunnelblick" is http://www.tunnelblick.net - Free OpenVPN GUI Client for Mac OS X
08:46 <+hyper_ch> if I read that request correctly, he's looking for another client
08:49 <+esde> i dont have mac, but a quick google search yielded results. this was among them https://www.sparklabs.com/viscosity/
08:49 <@vpnHelper> Title: Viscosity - OpenVPN Client for Mac & Windows (at www.sparklabs.com)
08:49 <+esde> Free*** (for 30 days)... typical mac bullshit
08:50 <+esde> within 30 days tunnelblick might have their client fixed for the newest os x release
08:53 -!- Dave666 [~chatzilla@94.117.194.122] has quit [Ping timeout: 246 seconds]
08:54 <+hyper_ch> (this wouldn't have happened with linux)
08:55 -!- Pyrogerg [~Gregory@205.167.120.206] has joined #openvpn
09:02 -!- techwharf [~techwharf@ec2-54-194-62-157.eu-west-1.compute.amazonaws.com] has joined #openvpn
09:02 <@dazo> hyper_ch: that's right, in Linux it's constantly broken :-P
09:03 <+hyper_ch> only when you let krzee work on it
09:03 <@dazo> heh
09:16 < techwharf> How can I troubleshoot ridicilously slow OpenVPN speed? Downloaded 30kb of image in a minute, still pending. Suddenly started today. CPU/memory fine. Network is fine. Setup: LAN -> pfSense router -> OpenVPN Access Server -> EC2 instance. No network issues between LAN and OpenVPN and neither between OpenVPN and EC2 instances
09:17 <+hyper_ch> !as
09:17 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
09:17 < techwharf> I know about that. In general with OpenVPN, how do you troubleshoot this?
09:18 <@krzee> !speed
09:18 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
09:18 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better.
09:18 <+hyper_ch> krzee: will next openvpn version be multi-core?
09:18 <+esde> check the roadmap
09:18 <@krzee> not likely
09:19 <+esde> https://community.openvpn.net/openvpn/roadmap
09:19 <@vpnHelper> Title: Roadmap – OpenVPN Community (at community.openvpn.net)
09:19 <@krzee> "next version"
09:19 <+esde> wrong link, maybe
09:19 <@krzee> nah link is good
09:19 <@krzee> but thats not next version
09:19 <+esde> not the one i meant tho
09:20 < techwharf> hyper_ch out of those options, any suggestions where to start first if this was all running fine and without any reboots or reconnects and then suddenly started to behave like this?
09:20 <@krzee> !roadmap
09:20 <@vpnHelper> "roadmap" is https://community.openvpn.net/openvpn/wiki/RoadMap for the roadmap for OpenVPN 3
09:20 <+esde> https://community.openvpn.net/openvpn CTRL+F Plans for
09:20 <@vpnHelper> Title: OpenVPN Community (at community.openvpn.net)
09:20 <+esde> there we go
09:21 <+esde> i knew what i was looking for when i found it lmao
09:21 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
09:21 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Remote host closed the connection]
09:22 < techwharf> !mtu
09:22 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
09:22 <+esde> there is a bit about threading in there too (;
09:23 -!- CaTtleyA [~CaTtleyA@185.24.142.82] has quit [Remote host closed the connection]
09:25 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Remote host closed the connection]
09:26 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
09:37 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
09:40 <@krzee> yes
09:40 <@krzee> and that link was made years ago
09:40 <@krzee> also, openvpn 3 has been made since then, so thats for openvpn4 now
09:40 <@krzee> esde, i did not say it would never happen, i said its not coming in the next version of openvpn
09:41 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
09:41 <+hyper_ch> what's the differencet between adding processes and threads?
09:42 <@krzee> having to add more processes
09:42 <@krzee> (and subnets)
09:45 <+esde> if you got the impression I was implying multithreading would never come to openvpn, that was not my intent. however, there are still obstacles that have prevented (and may continue to prevent) it's implementation :)
09:46 <@krzee> nobody is in a hurry to add threading
09:46 <@krzee> it will be tough to do correctly without possibly opening security issues
09:47  * esde nods 
09:47 <@krzee> i didnt take it that way, but if i had i would have said nothing ;]
09:47 -!- mjseymour [~mjseymour@remote.controlsystems.co.uk] has joined #openvpn
09:48 < mjseymour> After much confusion I have finally managed to connect Windows 7 box to a remote 3G router using OpenVpn.  The Windows 7 box is set to run as a OpenVPN server(10.8.0.1) and the 3G router is set as a client and connection is successful and I can access the routers admin portal by pointing to 10.8.0.6.  Now there is a PC which runs a local web server running at port 8080 which is connected to the 3G router which has a local IP address of 19
09:52 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
09:52 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
09:54 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
09:54 <+esde> https://i.imgur.com/8boCyhJ.png who needs pronouns and adverbs!?
10:00 <@dazo> esde: just reply with: "Yes very much"
10:00 <+esde> I would looooove to
10:01 <@dazo> :)
10:06 -!- Tachikomas [~tachikoma@46.218.38.58] has joined #openvpn
10:11 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
10:26 -!- mjseymour [~mjseymour@remote.controlsystems.co.uk] has quit [Ping timeout: 252 seconds]
10:35 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:38 -!- Tachikomas [~tachikoma@46.218.38.58] has quit [Remote host closed the connection]
10:49 -!- kokel [~quassel@kenneth.kokelnet.de] has joined #openvpn
11:01 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
11:03 -!- OneEyedWill [~studmuf@gateway/vpn/privateinternetaccess/studmuf] has joined #openvpn
11:04 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
11:08 < OneEyedWill> How does one setup a .ovpn file to forward all traffic except specific ports (ie. split-tunneling)?
11:09 < OneEyedWill> *through the vpn tunnel
11:15  * OneEyedWill feeling lonely...
11:16 < OneEyedWill> I've search the almighty google but did see anything that seem to answer this question to completion I need.
11:19 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:21 < OneEyedWill> !goal
11:21 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:21 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Quit: End of line.]
11:23 < OneEyedWill> I guess following the goal example: I would like to access two services running on two different ports from my local IP and would like everything else to go through my vpn tunnel.
11:24 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
11:25 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
11:25 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Remote host closed the connection]
11:30 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
11:34 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Remote host closed the connection]
11:36 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
11:47 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has joined #openvpn
11:47 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:47 < altker128> Hey all, for those of you using OpenVPN on Android a few quesitons...
11:47 -!- gchristensen [~gchristen@unaffiliated/grahamc] has left #openvpn ["WeeChat 0.4.2"]
11:48 < altker128> Is there anyway to have the VPN work "on demand" ?  i.e. keep the VPN normally down but if I run Firefox or F-Droid, then bring the VPN up?
11:51 < altker128> Currently I'm using "OpenVPN for Android", but would like to try "OpenVPN Connect"
11:56 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Remote host closed the connection]
11:58 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
12:04 <+esde> OpenVPN for Android > OpenVPN Connect. AFAIK, there is no way to achieve the functionality you described with either app mentioned.
12:04 <+esde> not by default, at least
12:05 < altker128> That sucks :(
12:06 < altker128> esde: Why do you say OpnVPN for Android is better than OpenVPN Connect?  Not that I disagree.
12:06 <+esde> it's opensource for one, and also an openvpn developer is the author of the app
12:07 -!- Tachikomas [~tachikoma@46.218.38.58] has joined #openvpn
12:07 < altker128> I thought OpenVPN Connect was put out by the OpenVPN people as well?
12:08 <+hyper_ch> i prefer connect
12:08 <+esde> You misunderstand.
12:08 < altker128> esde: From a functionality stand-point, licensing aside, any pros of Connect?
12:08 <+esde> Openvpn.net != OpenVPN developer
12:08 < altker128> hyper_ch: Do you have any more details?
12:08 <+esde> not afaik
12:09 <+esde> one app is released by OpenVPN.net, the other is released by a developer working on OpenVPN
12:09 < altker128> OK.
12:09 <+esde> maybe even for, I don't know his official employment status
12:09 < altker128> From a features standpoint, do you have any reason to say Arne's is better?
12:10 <+esde> see my previous answer above
12:10 < altker128> Seems like it comes down to licensing for you.
12:11 < altker128> The OVPConnect source (some of it) has actually been posted FWIW.
12:11 <+esde> Please enlighten us
12:12 < altker128> http://staging.openvpn.net/openvpn3/
12:12 <@vpnHelper> Title: OpenVPN 3 (at staging.openvpn.net)
12:13  * esde looks at screen with head tilted
12:14 <+esde> That has no relation to the code included in the actual net.openvpn.openvpn  package
12:14 < altker128> I haven't gone through it myself, there were others in the Android thread who were building it, but from what I know this is the core of what the OpenVPN Connect app uses
12:17 <+esde> Exactly, that code has no bearing on what actually makes it into the app itself. Which makes gleaning any useful information from it pointless. Fact, if you want to know what code you're running use OpenVPN for Android. On the other hand, if you you're comfortable with not knowing what code you're running, use OpenVPN Connect. We've already established that there is no stark difference in the functionality of the apps themselves.
12:17 <+esde> And with that, I'm off to lunch.
12:19 < altker128> hyper_ch: Why do you use Connect?  What does it do for you differently?
12:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
12:50 -!- Tachikomas [~tachikoma@46.218.38.58] has quit [Remote host closed the connection]
12:50 <+hyper_ch> altker128: it works just fine, never had issues with it
12:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:52 < altker128> hyper_ch: Did you ever try the other client?
12:52 <+hyper_ch> esde: can openvpn for android connect to multiple vpn networks at the same time?
12:52 <+hyper_ch> altker128: in the beginning
12:52 < altker128> And?
12:53 <+hyper_ch> and?
12:53 < altker128> I meant, what did you think?
12:53 < altker128> Between the two of them
12:53 <+hyper_ch> i prefer connect
12:53 <+esde> better question for the developer himself, than an end-user. and since he's here..... just ask him.
12:54 <+hyper_ch> mr. s?
12:54 <+esde> plai
12:54 <+hyper_ch> two devs in here at the same time?
12:54 <+hyper_ch> my head starts spinning
12:56 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
12:57 <+esde> plaisthos, is the author of OpenVPN for Android.
12:58 < altker128> plaisthos: Sorry to bug you, I wanted to ask, is "on demand" use OVPN a planned feature, or even easy to implement?
12:58 <+esde> you could check the roadmap and see if it's under the planned features :)
12:58 <+esde> !roadmap
12:58 <@vpnHelper> "roadmap" is https://community.openvpn.net/openvpn/wiki/RoadMap for the roadmap for OpenVPN 3
12:58 < altker128> plaisthos: One step back.  Thanks for your excellent work, I got OpenVPN for Android going last night and it was a pretty seamless process, the UI is very clear and works extremely well.
12:58 <+hyper_ch> what's on demand vpn?
12:59 <+esde> only "activates" when certain apps are opened/used
12:59 <+esde> check scrollback where he descirbed it earlier
12:59 <+esde> s/descirbed/described/
12:59 < altker128> Aside question for an Android users here:  Does the kernel even need network access?  I only granted it access to VPN and yet WiFi works...pretty weird.
13:00 <+hyper_ch> I don't believe in backlogs :)
13:00 < altker128> Android's avoidance of Linux userland certainly confounds me.
13:31 -!- OneEyedWill [~studmuf@gateway/vpn/privateinternetaccess/studmuf] has quit []
13:47 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
13:47 -!- mode/#openvpn [+o dazo_afk] by ChanServ
13:49 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 245 seconds]
13:49 -!- dazo_afk is now known as dazo
13:49 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
13:51 -!- john-soda [~john-soda@eciuv1.ift.tuwien.ac.at] has joined #openvpn
13:52 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
13:58 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
13:58 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
14:17 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
14:23 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
14:24 -!- wmp [~wmp@sored/admin/wmp] has left #openvpn ["Konversation terminated!"]
14:37 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
14:42 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 244 seconds]
14:48 -!- mattock is now known as mattock_afk
14:54 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
14:58 -!- `^-_-^` [uid26275@gateway/web/irccloud.com/x-tgkvxpukyuvdxgju] has joined #openvpn
15:02 -!- `^-_-^` is now known as ampsix
15:02 -!- ampsix [uid26275@gateway/web/irccloud.com/x-tgkvxpukyuvdxgju] has quit [Changing host]
15:02 -!- ampsix [uid26275@unaffiliated/ampsix] has joined #openvpn
15:02 -!- ampsix [uid26275@unaffiliated/ampsix] has quit [Changing host]
15:02 -!- ampsix [uid26275@gateway/web/irccloud.com/x-tgkvxpukyuvdxgju] has joined #openvpn
15:03 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Quit: i don’t know why i think pressing ctrl-c harder will help.]
15:04 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
15:04 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Excess Flood]
15:04 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
15:06 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
15:06 -!- iokill [~dave@pippin.sigma-star.at] has quit [Ping timeout: 256 seconds]
15:07 -!- john-soda [~john-soda@eciuv1.ift.tuwien.ac.at] has quit [Quit: Leaving]
15:07 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 272 seconds]
15:07 -!- codehero [codehero@i.have.ipv6.on.coding4coffee.org] has quit [Ping timeout: 276 seconds]
15:08 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
15:11 -!- codehero [codehero@i.have.ipv6.on.coding4coffee.org] has joined #openvpn
15:14 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
15:18 -!- Pyrogerg [~Gregory@205.167.120.206] has quit [Ping timeout: 255 seconds]
15:20 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
15:22 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 245 seconds]
15:30 -!- ocx [b9162257@gateway/web/freenode/ip.185.22.34.87] has joined #openvpn
15:30 -!- nesta [pr@suidci.de] has left #openvpn ["->"]
15:30 < ocx> hi all, i am reading the example on the openvpn exmaple page and got a question:
15:30 < ocx> # This will allow Thelonious' private subnet to # access the VPN. <-- do we assume here Thelonious pc is a router?
15:30 < ocx> and routing traffic without natting?
15:31 < ocx> https://openvpn.net/index.php/open-source/documentation/howto.html#examples
15:31 <@vpnHelper> Title: HOWTO (at openvpn.net)
15:32 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
15:33 <+esde> !101
15:33 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
15:34 < ocx> my question is related to openvpn
15:36 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
15:42 < ocx> route 10.10.1.0 255.255.255.0 route 10.10.3.0 255.255.255.0 <-- openvpn knows how to route?
15:42 < ocx> or i need to instruct it how to route between these 2 networks?
15:47 <+hyper_ch> !routelan
15:47 <+hyper_ch> !computerlan
15:48 <+hyper_ch> damn...
15:48 <+hyper_ch> !serverlan
15:48 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
15:48 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
15:48 -!- ocx [b9162257@gateway/web/freenode/ip.185.22.34.87] has quit [Ping timeout: 246 seconds]
15:49 -!- ampsix is now known as amp6
15:50 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:50 -!- amp6 [uid26275@gateway/web/irccloud.com/x-tgkvxpukyuvdxgju] has quit [Quit: lulz]
16:07 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
16:09 -!- kernal [~kernal@lavaboom.io] has joined #openvpn
16:10 < kernal> hey, i'm trying to set up a network inbetween servers that users would be able to connect to
16:11 < kernal> servers are ubuntu 14.04, clients are using all platforms - win8, macs, various linux distros
16:13 < kernal> i can connect from 10.8.0.2 (linux server #2) to 10.8.0.1 (linux server #1)
16:13 < kernal> and in reverse
16:13 < kernal> but i'm unable to connect to any of those servers when i connect to them from windows
16:13 < kernal> here's my server config: https://gist.github.com/pzduniak/f9d388c8f7c720003b12
16:14 <@vpnHelper> Title: gist:f9d388c8f7c720003b12 (at gist.github.com)
16:14 < kernal> and here's my client config: https://gist.github.com/pzduniak/cb6f7c8bc280024b5640
16:14 <@vpnHelper> Title: gist:cb6f7c8bc280024b5640 (at gist.github.com)
16:24 -!- SpeakerToMeat [~Speaker@prgmr/customer/SpeakerToMeat] has joined #openvpn
16:25 < SpeakerToMeat> I have a machine connected to my vpn server, that I can't ssh into right now (I don't have the keys handy), but it's connected, and I want to make a change to it's /ccd config (add a push route). Is there any way to push these changes to the ccd from the server if I can't ssh into the client to restart the openvpn service?
16:26 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
16:50 -!- paxmark9 [~paxtormar@198.144.158.14] has joined #openvpn
16:51 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
16:52 < DArqueBishop> SpeakerToMeat: the only way I can think of to do so is if the remote management interface is enabled. IIRC it's not enabled by default.
16:52 < DArqueBishop> Wait.
16:53 < DArqueBishop> SpeakerToMeat: if you can get the ccd file onto the server via another method, the changes should take effect immediately.
16:56  * DArqueBishop 's statement has not been evaluated by the FDA. His support statements are not intended to diagnose, treat, cure, or prevent any disease.
16:57 -!- gffa [~unknown@unaffiliated/gffa] has quit [Remote host closed the connection]
16:58 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
17:06 -!- dazo is now known as dazo_afk
17:07 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 276 seconds]
17:08 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
17:21 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 256 seconds]
17:31 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
17:32 < altker128> Hrm...anyone else here using the OpenVPN Connect Android client?
17:37 -!- SpeakerToMeat [~Speaker@prgmr/customer/SpeakerToMeat] has quit [Ping timeout: 276 seconds]
17:41 -!- Pyrogerg [~Gregory@205.167.120.203] has joined #openvpn
17:43 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 265 seconds]
17:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:49 -!- Pyrogerg [~Gregory@205.167.120.203] has quit [Ping timeout: 264 seconds]
17:50 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 240 seconds]
17:52 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
18:03 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:04 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
18:04 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:12 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
18:20 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 265 seconds]
18:24 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
18:35 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Remote host closed the connection]
18:40 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
18:43 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 265 seconds]
18:44 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 272 seconds]
18:57 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit1]
19:00 -!- debbie10t [~debbie10t@unaffiliated/m10t] has joined #openvpn
19:00 < debbie10t> hi - using mlock - roughly how much RAM is required for openvpn ?
19:00 < debbie10t> in server mode
19:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:03 <+esde> mine's only using.... well not a lot, http://i.imgur.com/m7rXVkR.png
19:03 <+esde> s/http/https/
19:04 < debbie10t> hi esde
19:04 < debbie10t> i am running in virtual box a server
19:04 < debbie10t> fir straight forwardsetup : 23git master
19:04 < debbie10t> archlinux
19:05 < debbie10t> 896mb RAM
19:05 < debbie10t> and it will not start
19:05 <+esde> !enter
19:05 <@vpnHelper> "enter" is The enter key is not a punctuation mark.
19:05 < debbie10t> out of memory
19:07 < debbie10t> do i need help on my punctuation ...
19:08 < debbie10t> i can run openvpn server in a virtual box with 128mb RAM and 32 mb swap without --mlock
19:08 < debbie10t> but with --mlock .. even with 896mb RAM it will not run ?
19:09 < debbie10t> so i simply want to know what the rough estimate of RAM is required to use --mlock ..
19:10 <+esde> https://community.openvpn.net/openvpn/ticket/293
19:10 <@vpnHelper> Title: #293 (Using --mlock and --user makes openvpn "run out of memory") – OpenVPN Community (at community.openvpn.net)
19:10 < debbie10t> ahh .. thanks
19:10 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
19:11 < debbie10t> i'l see what i can do about that
19:12 < debbie10t> possibly this applies to arch as wll
19:14 < debbie10t> removing user.group does allow server to start .. thanks
19:23 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 240 seconds]
19:38 < debbie10t> ..
19:38 < debbie10t> just as a suggestion: maybe some of these "bug" reps could be referenced in the "manual"
19:39 < debbie10t> this one especially
19:39  * esde points debbie10t to #openvpn-devel 
19:39  * debbie10t is banned on devel .. and the manual is not fdevelopement
19:39 < debbie10t> it is just a suggestion
19:40 < debbie10t> i bung it in "wishlist"
19:40 <+esde> K. then wiki it
19:40 <+esde> !trac
19:40 <@vpnHelper> "trac" is (#1) see https://community.openvpn.net for development information and bug tracker. or (#2) if you have a forum login, use that for trac, its the same database.
19:43 < debbie10t> esde .. thanks allthe same
19:45 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
19:46 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
19:46 -!- debbie10t [~debbie10t@unaffiliated/m10t] has left #openvpn ["Leaving"]
19:50 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Ping timeout: 252 seconds]
19:56 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 276 seconds]
19:59 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
20:09 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
20:11 -!- shootbird [~quassel@d0g.chickenkiller.com] has joined #openvpn
20:13 < altker128> Why bother with mlock?
20:20 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
20:40 -!- quality_humor is now known as zilch_quality_hu
20:41 -!- zilch_quality_hu is now known as fogna_bologna
20:47 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
20:48 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
20:50 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
20:50 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 240 seconds]
20:58 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 256 seconds]
21:00 -!- NBhosting [~nbhosting@D97BE3F1.cm-3-4d.dynamic.ziggo.nl] has quit []
21:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:06 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 240 seconds]
21:11 < wowaname> <@vpnHelper> "enter" is The enter key is not a punctuation mark.
21:11 < wowaname> lies
21:13 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
21:18 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
21:19 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:19 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
21:19 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:25 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 245 seconds]
21:30 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
21:41 -!- KNERD [~KNERD@64.31.22.134] has quit [Ping timeout: 276 seconds]
22:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
22:03 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 250 seconds]
22:05 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
22:15 -!- KNERD [~KNERD@64.31.22.134] has joined #openvpn
22:28 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:44 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has quit [Read error: Connection reset by peer]
22:46 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has joined #openvpn
22:50 -!- `hypermist` is now known as pcupgrades
22:57 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
23:07 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
23:10 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
23:11 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 245 seconds]
23:17 -!- paxmark9 [~paxtormar@198.144.158.14] has quit [Remote host closed the connection]
23:26 -!- ShadniX [dagger@p5481D08C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:28 -!- ShadniX [dagger@p5481CB75.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:49 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:50 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:52 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
--- Day changed Thu Jan 29 2015
00:59 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Ping timeout: 272 seconds]
00:59 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
01:09 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has quit [Ping timeout: 246 seconds]
01:12 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
01:25 -!- mattock_afk is now known as mattock
02:17 -!- Tachikomas [~tachikoma@AMontsouris-655-1-19-115.w90-44.abo.wanadoo.fr] has joined #openvpn
02:23 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 246 seconds]
02:26 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
02:32 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 245 seconds]
02:35 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
02:42 -!- Tachikomas [~tachikoma@AMontsouris-655-1-19-115.w90-44.abo.wanadoo.fr] has quit []
02:50 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:03 -!- Tachikomas [~tachikoma@AMontsouris-655-1-19-115.w90-44.abo.wanadoo.fr] has joined #openvpn
04:07 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
04:07 -!- BtbN [btbn@btbn.de] has joined #openvpn
04:12 -!- pcupgrades is now known as `hypermist`
04:55 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:10 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
05:10 -!- russell-- [~russell@74.85.245.161] has joined #openvpn
05:15 < russell--> is the ifconfig-pool recorded anywhere I can look? if not, why not?  i'm having trouble with clients stomping on each other.
05:15 < russell--> that is, the dynamic addresses that are given to clients, are they recorded?
05:16 < BtbN> Only if you persist them.
05:16 < russell--> using --ifconfig-pool-persist file?
05:17 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
05:19 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 244 seconds]
05:36 -!- Tachikomas [~tachikoma@AMontsouris-655-1-19-115.w90-44.abo.wanadoo.fr] has quit [Remote host closed the connection]
05:58 -!- Ulrar [~Ulrar@luwin.ulrar.net] has left #openvpn ["WeeChat 1.1-dev"]
06:26 -!- dazo_afk is now known as dazo
06:31 < pekster> russell--: If you just want to record them for reference, use --status
06:32 < pekster> If you want static IPs, you can't rely on --ifconfig-pool to do that (this is a suggestion to openvpn only.) See !static (type that here for bot refs)
06:32 < pekster> You can also send openvpn a SIGUSR2 and it will print the current client status to the logfile (wherever you have placed that: see !logfile)
06:32 < russell--> pekster: i mostly want them not stomping on each other ;-)
06:33 < pekster> They won't unless you've done something wrong
06:33 < pekster> The pool is fully available for openvpn to do what it wants (assiging them to connecting clients) but as soon as a client disconnects, that IP is free for another client
06:33 < russell--> if the server reboots, clients still have an addr, server doesn't remember, chaos seems to ensue
06:33 < pekster> No, clients need to reconnect
06:34 < pekster> Don't use the --persist-tun options on the client unless you're also using the !static config (thus with a reduced pool range) or you will have these kinds of issues
06:34 < pekster> OpenVPN's pool addresses are like DHCP: don't rely on getting the same one
06:34 < pekster> !static
06:34 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
06:35 < pekster> #4 is quite important there, which also means you can't use --server with that as you need to expand the helper-directive for pool control. Or just stop whatever you're doing to break a new client IP, which is normal and expected behavior when clients timeout
06:35 < pekster> !keepalive
06:35 <@vpnHelper> "keepalive" is (#1) see --keepalive in the manual for how to make clients retry connecting if they get disconnected. or (#2) basically it is a wrapper for managing --ping and --ping-restart in server/client mode or (#3) if you use this, don't use --tls-exit and also avoid --single-session and --inactive or (#4) Also beware of --auth-nocache for automated reconnects
06:35 < russell--> ah, persist-tun seems to be the issue then
06:35 < pekster> ^ you should be doing that too so clients know when the server has restarted
06:35 < pekster> Yea, that's rarely ever a good idea on clients
06:36 < pekster> Don't use any of --persist-tun, --user, --group, or --chroot on clients unless you're very sure about what you're doing
06:36  * russell-- has to say, the manpage is horrible in defining the arguments it uses
06:38 <+hyper_ch> russell--: what do you want to achieve?
06:38 < russell--> i want a set of clients to get reasonably stable addresses without defining them in advance
06:38 <+hyper_ch> define reasonably stable
06:39 < russell--> dhcp servers can reserve addresses by macaddr
06:39 < russell--> hyper_ch: "reasonably stable" == "not gratiutously variable"
06:39 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:40 < russell--> like, not changing if it doesn't clash with an existing "lease"
06:41 < russell--> it looks like ifconfig-pool-persist is what i want
06:42 < BtbN> even without persist it should never hand out the same ip to two clients at the same time.
06:43 <+hyper_ch> ifconfig-pool-persist ipp.txt
06:43 < russell--> BtbN: unless i have persist-tun on the client (which i do, apparently erroneously)
06:43 < russell--> i'll fix that
06:44 < russell--> i seem to remember vaguely that we added that because openvpn would die on the client and not reconnect
06:44 < russell--> i may be misremembering
06:45 < pekster> russell--: I already told you
06:45 < pekster> !static
06:45 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
06:45 < pekster> Do _NOT_ rely on the persist file, unless you want it to possibly not give out the saved address, such as when the pool is full and the only available adddress is a saved, but not-currently-connected-client
06:45 < pekster> If that's fine, then maybe that'll work
06:46 < russell--> the pool is never full in our case
06:46 < pekster> The pool simply offers the first free IP in the pool to the next connecting client. The persist files tries to apply memory based on the CN of the client (which might not work right if you allow duplicate CNs.) Static configuration must not give a client an IP in the pool, but gaurentees static addressing. Pick whichever one you want
06:47 < russell--> no duplicate CNs
06:47 < pekster> Then sure, try the persist file; sounds like that might work
06:49 < pekster> The client should never fail to reconnect (and in fact it must reconnect anyway on server failure.) Again, verify you're not dropping user privs, which isn't apprpriate unless you are using a static config as the IP still might change, and without root you can't set addressing/routes
06:50 < russell--> i think we are dropping priveleges also, or that sure sounds familiar
06:50  * russell-- checks
06:53 < russell--> GID set to nogroup ; UID set to nobody ; Initialization Sequence Completed
06:57 < pekster> Right, don't do that unless you can 100% gaurentee: 1) the IP the server issues with never change (ie: with !static), 2) you will never want to change routes and expect a server restart to have clients pick them up on restart, 3) use the relevant --persist-* options to avoid behavior that requires root after forking to a non-root user
06:57 < pekster> issues to the client*
06:58 < russell--> this explains much ;-)
07:23 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
07:28 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 240 seconds]
07:31 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
07:33 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
07:36 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Remote host closed the connection]
07:37 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
07:39 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
07:42 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
07:43 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 264 seconds]
07:46 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
07:57 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
07:57 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
07:58 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
08:00 -!- SpeakerToMeat [~Speaker@prgmr/customer/SpeakerToMeat] has joined #openvpn
08:01 < SpeakerToMeat> DArqueBishop: Interestign what you say. What I do is edit the ccd file directly on the server side.. but my experience so far is that I need to restart the clients for changes to take effect
08:02 -!- dazo is now known as dazo_afk
08:02 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
08:06 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
08:13 -!- dazo_afk is now known as dazo
08:16 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 264 seconds]
08:20 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
08:30 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
08:33 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 245 seconds]
08:41 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 245 seconds]
08:41 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 245 seconds]
08:44 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
08:49 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
08:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:38 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:44 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
09:53 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Remote host closed the connection]
09:56 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
10:15 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
10:15 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
10:19 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
10:24 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:25 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
10:40 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
10:52 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:58 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:07 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 265 seconds]
11:08 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
11:11 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:13 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
11:19 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
11:21 -!- diranged [~Adium@c-50-168-82-121.hsd1.ca.comcast.net] has joined #openvpn
11:21 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
11:23 < diranged> We have multiple in-office networks that are 10.xx.xx.xx/20's .. each one broken into a few subnets (/22's). We have a remote datacenter that employees can VPN into that basically covers "all other 10.0.0.0/8" traffic. When an employee , IN OUR OFFICE, VPNs into the remote datacenter, they lose access to the other subnets in our office. So to be clear, if the employee is on 10.0.0.0/22, and they're trying to reach the shared-printers o
11:24 < diranged> The question I have is, is there a simple way in our VPN server config to push a route that says 10.0.0.0/8 -> vpn router, 10.0.0.0/20 -> <your default gateway>?
11:25 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:26 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
11:30 < plaisthos> route 10.0.0.0 255.255.255.224 net_gateway
11:30 < plaisthos> in the client config
11:31 < plaisthos> (or push that from the server might work)
11:31 < diranged> yeah i was gonig to ask, can we push that from the server at all
11:31 < plaisthos> i think so
11:31 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
11:31 < diranged> ok ill experiment with it.. thank you
11:31 < plaisthos> and my netmask is wrong :)
11:32 < plaisthos> completely wrong :D
11:32 < diranged> yeah.. 240..
11:33 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Quit: Quit]
11:34 <+hyper_ch> krzee: wrote myself now a php script to send the email... so I'm python-independant :)
11:34 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
11:34 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
11:44 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 276 seconds]
11:53 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:10 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 245 seconds]
12:28 -!- d3lphi [~d3lphi@unaffiliated/d3lphi] has joined #openvpn
12:29 < d3lphi> hello all. I have LAN1 and LAN2 connected with iroute using. All hosts in LAN1 can access all hosts in LAN2 and vice-versa. Now I'd like to create an iptables block rule on LAN1 side, so all incoming packets from LAN2-->LAN1 will be blocked. How do I do that without blocking the rest of communication? I tried with ...
12:30 < d3lphi> ...
12:30 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 256 seconds]
12:30 < d3lphi> "iptables -A FORWARD -i tun1 -d 192.168.222.0/24 -m conntrack --ctstate NEW -j DROP" where tun1 is the tun device name on LAN1 side, and 192.168.222.0/24 is the subnet in LAN2
12:31 < d3lphi> but it won't work. Hosts in LAN2 still can access hosts in LAN1. And when I would use "iptables -A FORWARD -i tun1 -d 192.168.222.0/24 -j DROP" then the whole connection is blocked and LAN1 is disconnected from LAN2 :( any help appreciated
12:33 < pekster> Obviously by writing rules in the proper order to accept traffic you want a block the rest, just like you'd have been told in #Netfilter if you stayed more than 9 minutes before impatiently leaving
12:38 < d3lphi> pekster: I didn't get any reply in #netfilter, that's why I left and tried here my luck
12:39 < d3lphi> I am not very familiar with iptables that's why I am asking for help
12:41 < d3lphi> any help really appreciated
12:43 < BtbN> you waited a whole 9 minutes..
12:43 < d3lphi> ?
12:44 -!- kexmex [~kexmex@78.111.187.195] has joined #openvpn
12:45 < plaisthos> which is a very short time for irc
12:45 < plaisthos> in #Openvpn-devel we sometimes have answer time of hours
12:47 -!- diranged [~Adium@c-50-168-82-121.hsd1.ca.comcast.net] has left #openvpn []
12:49 <+hyper_ch> there's a secred channel for the devs?
12:49 < plaisthos> yes
12:50 <+hyper_ch> and I'm sure there's always party going on in there :(
12:50 < plaisthos> no
12:50 < plaisthos> there is more like nothing happening at all :)
12:50 < plaisthos> feel free to join and see for yourself
12:50 <+hyper_ch> you just say that so I won't feel bad
12:50 < pipi-> he's lying. they have super secret party party all the time in there
12:51 < plaisthos> I will just invite hyper_ch to the party
12:51 <+hyper_ch> I'm sure you just told everyone in there to stop the party
12:51 <+hyper_ch> while I visit
12:52 <+hyper_ch> but thx for the invite :)
12:54 < plaisthos> (everyone can join btw)
12:55 -!- kexmex_ [~kexmex@178.136.234.6] has joined #openvpn
12:56 -!- kexmex [~kexmex@78.111.187.195] has quit [Ping timeout: 255 seconds]
12:58 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
13:02 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
13:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
13:15 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
13:15 <+hyper_ch> plaisthos: rumors are that you created one of the vpn android guis
13:17 <+esde> it's not a rumor.
13:20 <+hyper_ch> isn't there a way to load the .conf or .ovpn into plaisthos's client?
13:21 <+esde> There is
13:21 <+hyper_ch> how?
13:21 <+hyper_ch> and the config files contains all the keys and certs also
13:21 <+esde> browse to the file and import it. the conf should use inline notation for certs and keys
13:21 <+hyper_ch> how to import it?
13:22 <+esde> open the openvpn for android app and browse to the file
13:22 <+hyper_ch> there is no option to brows
13:22 <+esde> when you tap the file you want the app will offer to import it
13:22 <+esde> there surely is
13:23 <+hyper_ch> it asked me to create a profile
13:23 <+hyper_ch> now I see a gazillion of switches but no way to import a file
13:24 -!- yeik [~jket@2601:7:6881:4700:fab1:56ff:feb8:524a] has joined #openvpn
13:24 < yeik> question, can openvpn run and use a different tap adapter name, ie tap0901, can it be renamed to tap0805?
13:26 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 276 seconds]
13:28 <+esde> here's a screenshot with the button you need to use to import an existing openvpn conf from your device https://i.imgur.com/Nh8D5hR.png
13:28 <+hyper_ch> that's well hidden
13:29 <+esde> are you serious?
13:29 <+esde> it took me all of a second after switching to openvpn for android to find the import button
13:29 <+hyper_ch> well, it ask me to create a profile and then there was no import option
13:29 <+esde> when you tap the file you want the app will offer to import it
13:29 <+esde> like i said earlier.....
13:30 <+hyper_ch> you first need a dialog to actually select a file
13:30 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has left #openvpn ["Leaving"]
13:30 <+hyper_ch> as said, after I installed it, I was prompted to create a profile
13:30 <+esde> ..... sorry your having trouble
13:30 <+esde> works fine here
13:30 <+esde> *re
13:30 <+hyper_ch> then came the directly the options
13:30 <+hyper_ch> but nothing to actually import the config
13:31 <+esde> there is
13:31 <+hyper_ch> plaisthos: is there no way to auto-reconnect after reboot without having to confirm again
13:31 <+hyper_ch> esde: whatever... I know what I saw
13:33 <+esde> the "I trust this application" dialog is mandatory
13:33 <+hyper_ch> that's rather annoying
13:33 <+esde> there are supposedly tools to byapss it, never tried them though
13:34 <+hyper_ch> when I select to trust that app today, why should I trust it tomorrow?
13:34 <+esde> this isnt the place to discuss android development guidelines........
13:36 <+esde> s/byapps/bypass
13:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:48 -!- shootbird [~quassel@d0g.chickenkiller.com] has quit [Read error: Connection reset by peer]
13:49 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
13:51 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
13:53 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
13:56 -!- _quadDamage [~EmperorTo@boom.blissfulidiot.com] has quit [Read error: Connection reset by peer]
13:56 -!- kernal [~kernal@lavaboom.io] has quit [Ping timeout: 264 seconds]
13:56 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
14:27 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
14:31 -!- teion [Elite12276@gateway/shell/elitebnc/x-fykwfrzyrwapsoty] has joined #openvpn
14:32 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
14:33 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
14:44 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
14:48 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
14:56 -!- d3lphi [~d3lphi@unaffiliated/d3lphi] has left #openvpn []
15:03 -!- mattock is now known as mattock_afk
15:05 -!- justinzane [~justinzan@67.21.190.132] has quit [Ping timeout: 272 seconds]
15:05 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has joined #openvpn
15:05 < Dimik> I'm back! yey
15:12 -!- BR_ [~jamesr@cpc14-bexl8-2-0-cust374.2-3.cable.virginm.net] has joined #openvpn
15:13 < BR_> Hi All! I have an openvpn server that does ipv6 for its clients. All works great except I have a new client that doesn't support IPv6 being sent to it (its a Windows box that sucks for some complicated reasons!). Is there anyway to make the client ignore the ipv6 ifconfig pushed to it?
15:15 -!- dazo is now known as dazo_afk
15:17 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:20 -!- justinzane [~justinzan@67.21.190.49] has joined #openvpn
15:37 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
16:07 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
16:16 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Remote host closed the connection]
16:19 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
16:23 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 255 seconds]
16:24 -!- u0m3_ [~u0m3@92.80.127.13] has joined #openvpn
16:25 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 245 seconds]
16:27 -!- u0m3 [~u0m3@92.80.78.25] has quit [Ping timeout: 272 seconds]
16:28 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:29 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has joined #openvpn
16:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:34 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
16:37 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
16:38 -!- Dr-007 [~Dr-007@178.84.248.47] has joined #openvpn
16:38 < Dr-007> !welcome
16:38 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:38 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:39 < Dr-007> !goal
16:39 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
16:41 < pekster> BR_: If you use a ccd (see !ccd) consider --push-reset for this "special" client and don't push the --tun-ipv6 (and other v6 addressing) options, though you'll have to re-do all your routes and other settings then too. The other option is to use a --client-connect script that writes out all the pushed options and use conditional code (if/case statements) to do things different for different clients
16:41 < BR_> cheers - i'll look into that
16:43 -!- kexmex_ [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:43 < Dr-007> hello there. i've been gladly using openvpn for a while now to keep connected with these routers (dd-wrt/tomato). my problem is with the openvpn client in windows. it told me in ipconfig that it is connected and i've got an ip. but when trying to connect to anything on the openvpn network it doesnt work. so it looks like there has been a timeout or something, just leaving my windows openvpn
16:43 < Dr-007> client sitting there acting like its still connected.
16:45 < Dr-007> it has been idling for a day tho, since yersterday 6 o' clock. anyway, i was wondering if there is something different then the unix client. because i've noticed those actively reconnect when the wan connection gets disconnected with the openvpn server
16:46 < Dr-007> those=unix client(s)
16:47 < pekster> You might want to read and verify use of:
16:47 < pekster> !keepalive
16:47 <@vpnHelper> "keepalive" is (#1) see --keepalive in the manual for how to make clients retry connecting if they get disconnected. or (#2) basically it is a wrapper for managing --ping and --ping-restart in server/client mode or (#3) if you use this, don't use --tls-exit and also avoid --single-session and --inactive or (#4) Also beware of --auth-nocache for automated reconnects
16:47 < pekster> Normally in a server/client setup you use that on your server and it gets pushed to clients, which should be acceping such config directives from the server
16:48 < pekster> Couldn't hurt to verify your !logs too, confirming that no unexpected errors occured on your client (like permission-induced failures dealing with IPs or routes)
16:51 < Dr-007> keepalive 10 60
16:51 < Dr-007> its inthere
16:52 < Dr-007> its just a difference between unix and windows clients
16:52 < Dr-007> maybe because windows power saves alot of tools at night?
16:56 < pekster> You need to start with much more basic troubleshooting: if you can't ping the VPN server, your VPN is either not working, or you've got a firewall stopping that (which is a bad idea since that's one of the easiest ways to see if your VPN is delivering traffic)
16:56 < pekster> If you can ping the server's VPN-IP (NOT its public or any physical address it's using) then your VPN works and anything else is a routing or firewall issue
16:57 < Dr-007> i can use it for hours
16:57 < Dr-007> but after a while of idling it just hangs
16:57 < Dr-007> pinging the vpn server ip doesnt work
16:57 < Dr-007> a while = a day
16:58 < Dr-007> so it could be firewall of windows kicking it after some time, i havent checked yet
16:58 < pekster> With the keepalive there, the client will time out after 60 seconds of not getting a reply
16:58 < pekster> If that's _not_ applied to the client, it'll sit there forever
16:58 < pekster> Maybe paste some:
16:58 < pekster> !configs
16:58 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:00 < Dr-007> !paste
17:00 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
17:01 < Dr-007> https://gist.github.com/anonymous/fe03e33bcdb710086096#file-gistfile1-txt
17:01 <@vpnHelper> Title: vpn client, windows timeouts (at gist.github.com)
17:06 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
17:08 < pekster> That's all pretty boilerplate; so long as logs don't show a disconnect due to a timeout event, the VPN itself is up
17:10 < BR_> pekster: Cheers for the help - over and out
17:10 -!- BR_ [~jamesr@cpc14-bexl8-2-0-cust374.2-3.cable.virginm.net] has quit [Quit: ircII EPIC5-1.1.5 -- Are we there yet?]
17:15 -!- paxmark9 [~paxtormar@199.21.149.142] has joined #openvpn
17:21 < Dr-007> pekster: so its only logical that a device gets 'missing' in the arp -e list because its 'resting' due to the timeout?
17:22 < pekster> No clue what you mean by "resting"
17:22 < pekster> OpenVPN does not care at all about your Ethernet packets; it just delivers them
17:22 < pekster> Don't use tap either, unless you have a good reason
17:22 < pekster> !tunortap
17:22 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
17:22 <@vpnHelper> rooted/jailbroken) support only tun
17:24 < pekster> In OpenVPN, exceeding the threshold for receieving an (authenticated) remote keepalive packet causes a USR1, or soft-restart
17:24 < pekster> That's got zero to do with arp, or IP, or pings
17:25 < pekster> Your !logs would also show that, and you didn't show me your server config either, so any useful help is likely to be limited
17:25 < pekster> Reivew your
17:25 < pekster> !configs
17:25 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:25 < pekster> and your
17:25 < pekster> !logs
17:25 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
17:25 < pekster> For clues
17:29 < Dr-007> ok, thanks man
17:29 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:30 < Dr-007> i'll look into the tun configuration, it's something i didnt know
17:30 < Dr-007> and i'll haveto test another openvpn client, i think.
17:30 < Dr-007> thnx for your help
17:31 < pekster> No idea what "other" client you mean -- it's usually best to avoid the complete re-write that the !connect client is
17:31 < pekster> Otherwise you should see "whoever else wrote your client" for assistance debugging it
17:31 < pekster> !download
17:31 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
17:36 < Dr-007> an upgrade i think, !logs "In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log" isn't inthere
17:38 < pekster> Then you're possibly using a really old version, or something else
17:40 -!- K1rk [~Kirk@equinox.epecweb.com] has quit [Ping timeout: 250 seconds]
17:42 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
17:43 -!- K1rk [~Kirk@5.135.221.149] has joined #openvpn
17:44 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 255 seconds]
17:48 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:51 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit []
17:51 -!- DHowett [~dustin@velocitylimitless/awesome/ultraviolet/DHowett] has joined #openvpn
17:51 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
17:52 < DHowett> potentially a stupid question, but: why do I need to provide an IP pool to server-bridge when a DHCP server within the target network will offer addresses over DHCP? it just results in my clients having two IPs - one from openvpn, and one from the DHCP server, both of which appear valid
17:53 < pekster> You wouldn't. But have you properly used DHCP classes on your server-side (non-VPN-server) DHCP server such that it doesn't pass out a default gateway?
17:53 -!- Henryabcd [~Henryabcd@pD9E0840C.dip0.t-ipconnect.de] has joined #openvpn
17:53 < DHowett> almost certainly not!
17:53 < pekster> Otherwise you'll end up with subtle issues where clients actual gateways get overwritten
17:53 < pekster> ie: don't do that unless you're very aware of the implications. Better yet, don't bridge unless you need non-IP, raw Ethernet packets exchanged across the VPN
17:54 < pekster> !tunortap
17:54 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
17:54 <@vpnHelper> rooted/jailbroken) support only tun
17:54 < russell--> pekster: what about ipv6?
17:55 < pekster> What about it? OpenVPN dual-stacks fine inside the tunnel, and can optionally do v6 for the encapsulated packets too
17:55 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
17:55 < DHowett> I mostly set up tap for bonjour/multicast DNS and service discovery support; was using tun and routing before
17:56 < pekster> Multicast is one such use-case as it relies on L2 broadcasts. This said, save yourself time if you need that and just have openvpn manage its own pool
17:56 < pekster> Exclude that from the local DHCP server and you'll have much better results
17:57 < DHowett> ah, use DHCP classes to not offer IPs to openvpn clients?
17:57 < DHowett> outstanding. thank you!
17:57 < pekster> You could, but I'd suggest just give openvpn a pool that's not used on the DHCP server
17:57 < pekster> Far easier
17:57 < pekster> (classes come into play when you insist you want the LAN DHCP server serving VPN clients, becuase you must not pass them DHCP params that will break things. Just avoid that nonsense)
18:05 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 246 seconds]
18:11 -!- Henryabcd [~Henryabcd@pD9E0840C.dip0.t-ipconnect.de] has quit [Quit: Leaving]
18:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:39 -!- teion [Elite12276@gateway/shell/elitebnc/x-fykwfrzyrwapsoty] has left #openvpn ["WeeChat 1.0.1"]
19:05 -!- paxmark9 [~paxtormar@199.21.149.142] has quit [Ping timeout: 272 seconds]
19:36 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
19:57 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:58 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has joined #openvpn
19:59 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Quit: ZNC - http://znc.sourceforge.net]
19:59 -!- SpeakerToMeat [~Speaker@prgmr/customer/SpeakerToMeat] has quit [Ping timeout: 265 seconds]
20:03 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
20:03 -!- hackman127 [~luke@cable-33-146.sssnet.com] has joined #openvpn
20:06 < hackman127> I have a client computer running Windows 8 and connecting to 2 VPNs. I have 2 TAP devices installed, but one VPN never connects. The log is saying "All TAP-Windows adapters on this system are currently in use." 2 TAP devices, 2 VPN configs. I've uninstalled/reinstalled OpenVPN, didn't help. Any ideas?
20:10 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 276 seconds]
20:14 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
20:19 < hackman127> Got it. Used the Tap-Win tools to uninstall all tap devices and reinstalled them again, now it's working.
20:19 -!- hackman127 [~luke@cable-33-146.sssnet.com] has left #openvpn []
20:26 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 276 seconds]
20:31 -!- Popsikle [~popsikle@pool-108-27-211-233.nycmny.fios.verizon.net] has joined #openvpn
20:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
20:43 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
20:44 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 250 seconds]
20:47 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
21:07 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:07 -!- spyroboy_ [~spyroboy@tuxhacker/spyroboy] has joined #openvpn
21:08 < spyroboy_> I've read the full topic.
21:08 -!- spyroboy_ is now known as spyroboy
21:08 < spyroboy> in full, rather.
21:09 < spyroboy> my question is really simple. I'm looking to use topology subnet, and I'm trying to setup my client IPs to something reasonable. I just don't understand what ifconfig and ifconfig-pool do in the server.conf
21:09 < spyroboy> does anyone have a good documentation on what those options mean
21:18 <+esde> do we ever (;
21:18 <+esde> !topology
21:18 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
21:19 < spyroboy> so if I want a regular subnet
21:19 <+esde> and if you have questions, there are some bright users in here that are happy to help (when available) :)
21:19 < spyroboy> (btw, I have seen that page already)
21:19 < spyroboy> yeah.
21:19 < spyroboy> I feel like I want topology subnet but I'm not sure I'm using the correct ifconfig/ifconfig-pool
21:20 <+esde> have you reviewed the man pages?
21:20 <+esde> !man
21:20 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
21:22 < spyroboy> I have checked the man pages.
21:23 < spyroboy> to give you some background. 1. I'm not new to IRC help channels. 2. I'm not new to linux. 3. I'm not new to man pages.
21:23 < spyroboy> I've googled around extensively for some better explanation of the openvpn server config directives
21:23 < spyroboy> and I've found very little in way of further details. a lot of it is copied and pasted.
21:23 <+esde> Ask your specific question, and await an answer then :)
21:24 < spyroboy> can someone please explain to me how ifconfig and ifconfig-pool translate to local client routes? thank you.
21:24 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Read error: Connection reset by peer]
21:34 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
21:38 < Dimik> can openvpn cause port blocks ?
21:39 <+esde> ?
21:44 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:47 < Dimik> hi esde how are you
21:47 < Dimik> so last time we spoke i installed an openvpn server on windows8
21:48 < Dimik> i'm having an interesting issue where i can ping every machine on the network but i fail to connect to it's services
21:48 < Dimik> such as remote desktop
21:48 <+esde> it shouldnt trigger any blocking, but dpi that takes place on the isps side can interfere with openvpn, if it's running stock without obfsproxy
21:48 <+esde> oh that's different
21:49 < Dimik> so usually i'd think there's a device between openvpn server and lan blocking ports
21:50 < Dimik> is there anything to enable ?
21:51 <+esde> maybe some routing or a directive in confs
21:51 <+esde> !clientlan
21:51 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
21:51 <+esde> maybe
21:51 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/clientlan.png | http://pekster.sdf.org/misc/clientlan.png
21:52 < Dimik> !iroute
21:52 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
21:52 -!- `hypermist` is now known as CliffordTheDog
21:52 <+esde> lol^ at that nick
21:52 < Dimik> !ccd
21:52 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
21:53 -!- CliffordTheDog is now known as extremhyper
21:53 -!- extremhyper is now known as `hypermist`
21:53 <+esde> i think you might want iroute
21:53 < Dimik> yeah i think so too
21:53 <+esde> night, good luck
21:53 < Dimik> thanks gnite
21:56 -!- `hypermist` is now known as haiper
21:56 -!- haiper is now known as hypermist
21:56 -!- hypermist is now known as extrememist
21:57 -!- extrememist is now known as `hypermist`
22:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 255 seconds]
22:10 -!- `hypermist` is now known as `ponzimist`
22:12 -!- `ponzimist` is now known as `hypermist`
22:26 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:59 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
23:20 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:26 -!- ShadniX [dagger@p5481CB75.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:26 -!- hive-mind [pranq@2001:0:53aa:64c:30db:ab9:bcca:66c4] has quit [Ping timeout: 265 seconds]
23:26 -!- ShadniX_ [dagger@p5481D43E.dip0.t-ipconnect.de] has joined #openvpn
23:26 -!- ShadniX_ is now known as ShadniX
23:31 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Ping timeout: 246 seconds]
23:39 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has quit [Ping timeout: 246 seconds]
23:43 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
--- Day changed Fri Jan 30 2015
00:15 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Ping timeout: 245 seconds]
00:21 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has joined #openvpn
00:41 -!- mattock_afk is now known as mattock
01:13 -!- TommyC [~TommyC@unaffiliated/sepulchralbloom] has quit [Ping timeout: 246 seconds]
01:21 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
01:27 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
01:56 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
02:02 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
02:19 < rooth> !net_gateway
02:21 < rooth> Trying to understand pushed routes for the ios openvpn client, found a similar error message online but not sure I follow.
02:21 < rooth>  2013-09-16 17:49:07 Error parsing IPv4 route: [route] [172.29.0.0] [255.255.0.0] [172.29.85.1] : tun_builder_route_error: route destinations other than vpn_gateway or net_gateway are not supported
02:21 < rooth> ... so just leave off the "172.29.85.1" at the end, it's not needed anyway (a gateway address is relevant if you have a tap interface, but not for tun - and iOS only supports tun anyway)
02:21 < rooth> .
02:21 < rooth> What does that mean?
02:22 < rooth> I'm trying to push out 198.18.0.0/16 to my ios-client with 198.19.0.1 as the gateway for that network.
02:22 < rooth> Things seem to work but error message in log.
02:26 < rooth> I guess that the ios-client doesn't support route entries like:   [route] [198.18.0.0] [255.255.0.0] [198.19.0.1]  rather I have to just list it as [route] [198.18.0.0] [255.255.0.0], i.e. leave out the "gateway" for that route?
02:38 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:45 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
02:45 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
02:45 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
02:45 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
03:05 -!- cali [~cali@unaffiliated/cali] has quit [Ping timeout: 276 seconds]
03:22 -!- TommyC [~TommyC@unaffiliated/sepulchralbloom] has joined #openvpn
03:22 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:39 -!- cali [~cali@unaffiliated/cali] has joined #openvpn
03:39 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Quit: WeeChat 1.0.1]
03:49 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
03:59 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
04:02 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
04:03 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 245 seconds]
04:13 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
04:19 -!- altker128 [~vr@c-24-61-12-138.hsd1.ma.comcast.net] has quit [Ping timeout: 276 seconds]
04:25 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has joined #openvpn
04:31 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
04:31 -!- awk [~phillip@alpha.security.web.za] has joined #openvpn
04:32 < awk> hi, hmm... having a weird query.. if I tail my openvpn.log when my client connects I start getting rwrwrw all over the screen every time something is done on the client
04:32 < awk> any suggestions to point me in the right direction?
04:40 -!- lxusrbin [~lxusrbin@han.solo.atw0rk.net] has quit [Quit: leaving]
04:44 -!- pa [~pa@unaffiliated/pa] has quit [Remote host closed the connection]
04:56 -!- AL13N_work [~alien@91.183.52.232] has joined #openvpn
04:56 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
04:58 < AL13N_work> i have a problem that during reboot of the openvpn server, the openvpn server was started before the ldap server and thus the clients trying to reconnect got AUTH_FAILED and exited instead of retrying (even though retry infinite was active)
04:58 < AL13N_work> can't it give AUTH_TEMP_FAIL or something or  AUTH_RETRY instead of AUTH_FAIL?
04:58 < AL13N_work> or at least the client not exit
04:59 < AL13N_work> but retry
05:00 -!- Latrina [~Latrina@adsl-ull-95-183.50-151.net24.it] has joined #openvpn
05:08 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:08 < BtbN> Or just make sure your init system starts the services in the propper order.
05:09 -!- pa [~pa@unaffiliated/pa] has quit [Remote host closed the connection]
05:11 < AL13N_work> yes, but if for whatever reason openldap has issues, all remote clients disconnect
05:11 < AL13N_work> which is not good
05:12 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
05:25 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
05:26 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 256 seconds]
05:28 < plaisthos> hyper_ch: 20:31:39 <+hyper_ch> plaisthos: is there no way to auto-reconnect after reboot without having to confirm again
05:28 < plaisthos> hyper_ch: upgrade to 5.0 or xposed module
05:30 < plaisthos> hyper_ch: for the hidden import button, if you have no profile you get something like this: http://plai.de/android/Bildschirmfoto%202014-02-05%20um%2014.25.11.png
05:32 <+hyper_ch> plaisthos: I have exposed module
05:32 <+hyper_ch> well, as for the hidden button: after I installed it, I was prompted to create a profile. I'd expect there to import existing configs... but no such option was offered
05:33 <+hyper_ch> I require xposed module for two things: taking a pic when someone enters wrong unlock password and send that pic to my email... and to poweroff the phone after entering a wrong password 3x
05:34 <+hyper_ch> also 5.0 is currently no option... at least not with CM since I have no way to use a seperate password for the encryption and for the screen unlock
05:35 < plaisthos> hyper_ch: there is one button for adding a profile and one to import an existing Profile
05:36 <+hyper_ch> "when I first installed it I was prompted to create a new profile"
05:37 <+hyper_ch> or maybe I just didn't see it... hmmm.... that screenshot looks... I'll retry ;)
05:41 < plaisthos> it has been that way ever since config import was supported :)
05:42 <+hyper_ch> I might redact my earlier comments
05:43 -!- pa [~pa@unaffiliated/pa] has quit [Remote host closed the connection]
05:43 <+hyper_ch> still annoyed at the MoBo thas was delivered today.... faulty like the other two before
05:46 < awk> has nobody has rwrwrwrwrw being writen on their logs when a client connects?
05:47 <+hyper_ch> no
05:47 < awk> I'm trying to understand what the rw means? eg: read and write problem? but then I should have seen a log complaining about reading a file
05:47 < awk> even started openvpn with elevated (root) priv, this happens
05:48 < awk> it's probably a stupid windows openvpn client thing :P
05:49 <+hyper_ch> set verb to 5 or 7
05:49 <+hyper_ch> restart openvpn server
05:49 <+hyper_ch> check what it logs now
05:49 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has quit [Ping timeout: 245 seconds]
05:52 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
05:52 -!- `hypermist` is now known as hypermist
05:54 -!- hypermist is now known as `hypermist`
05:56 < plaisthos> awk: that is verb 4
05:56 < plaisthos> it is documented in the man page
05:56 -!- Chais [~Chais@chello062178229110.15.15.vie.surfer.at] has joined #openvpn
05:57 < plaisthos> under --verb
05:58 <+hyper_ch> I still need to figure out why my intruder script on my tab won't work
05:59 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:59 -!- dazo_afk is now known as dazo
06:15 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:18 -!- lxusrbin [~lxusrbin@2a01:4a0:40:5500::64] has joined #openvpn
06:26 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
06:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:35 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Remote host closed the connection]
06:37 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
06:37 < awk> plaisthos: :D thanks man!
06:40 < awk> great, that worked..
06:41 < awk> something else hostname/123.123.123.0:51340 MULTI: bad source address from client [fe80::1ebf:4jd5:4cf0:438d], packet dropped
06:41 < awk> now, i've seen this with client [ip] but why is it showing client [mac]
06:41 < awk> As I have no idea how to add this to ccd/host
06:42 < plaisthos> ignore the fe80:: stuff
06:42 < plaisthos> that are the link lokal adresses
06:42 < plaisthos> it is not a mac
06:42 < plaisthos> it is the ipv6 link local address
06:42 < awk> local to the server or the client?
06:44 < awk> I have disabled ipv6 throughout the server, so it's strange that it is even attemping or showing information around ipv6
06:44 < awk> I will just find a way to suppress that
06:46 < plaisthos> awk: you can just ignore that
06:47 < plaisthos> nwer versions will not even show the warning for link local addresses
06:49 < awk> plaisthos: ye, I just want to suppress it because it's filling my log, so either I remove it from the source, or I pass my log and remove this line
06:50 < awk> appreciate your help, not easy finding people that know openvpn like you!
07:08 -!- AL13N_work [~alien@91.183.52.232] has left #openvpn []
07:29 -!- `hypermist` is now known as pcupgrades
07:30 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Remote host closed the connection]
07:32 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
07:38 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
07:39 -!- tekku [~me@185.17.149.149] has joined #openvpn
07:40 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
07:41 -!- Netsplit *.net <-> *.split quits: tekk, Olipro, Thermi
07:41 -!- TheBrayn [~TheBrayn@nerdfront.de] has joined #openvpn
07:41 < TheBrayn> hi
07:41 -!- Olipro_ is now known as Olipro
07:51 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
07:53 -!- pcupgrades is now known as `hypermist`
07:59 -!- techwharf [~techwharf@ec2-54-194-62-157.eu-west-1.compute.amazonaws.com] has quit []
08:21 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
08:27 -!- yoavz [yoavz@yoavz.net] has quit [Read error: Connection reset by peer]
08:30 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
09:04 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
09:06 -!- `hypermist` is now known as pcupgrades
09:06 -!- TheBrayn [~TheBrayn@nerdfront.de] has left #openvpn ["WeeChat 1.0.1"]
10:07 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
10:07 -!- Latrina [~Latrina@adsl-ull-95-183.50-151.net24.it] has quit [Ping timeout: 276 seconds]
10:10 -!- Latrina [~Latrina@ppp-62-15.26-151.libero.it] has joined #openvpn
10:16 -!- Latrina [~Latrina@ppp-62-15.26-151.libero.it] has quit [Ping timeout: 245 seconds]
10:20 -!- Latrina [~Latrina@adsl-ull-144-182.50-151.net24.it] has joined #openvpn
10:23 <+hyper_ch> wow, that new outlook app for iphone/android seems to be really bad in one way....
10:34 -!- awk [~phillip@alpha.security.web.za] has quit [Read error: Connection reset by peer]
11:12 <+hyper_ch> krzee: http://torrentfreak.com/huge-security-flaw-leaks-vpn-users-real-ip-addresses-150130/ -> a problem for OpenVPN?
11:12 <@vpnHelper> Title: Huge Security Flaw Leaks VPN Users Real IP-Addresses | TorrentFreak (at torrentfreak.com)
11:37 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 255 seconds]
11:44 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
11:44 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:49 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 264 seconds]
11:55 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
11:59 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has joined #openvpn
11:59 < Dimik> what is def1?
12:00 < plaisthos> !manual
12:00 < plaisthos> !man
12:00 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
12:00 < plaisthos> !manpage
12:00 < Dimik> !man def1
12:00 < Dimik> !def1
12:00 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
12:01 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:04 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
12:04 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
12:04 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
12:05 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
12:06 < Dimik> how is bridging different from routing
12:06 -!- Dr-007 [~Dr-007@178.84.248.47] has quit [Read error: Connection reset by peer]
12:07 -!- keatont [~keatont@keatonstaylor.com] has quit [Ping timeout: 252 seconds]
12:07 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Remote host closed the connection]
12:07 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
12:08 -!- nlb [~nlb@unaffiliated/nlb] has quit [Ping timeout: 252 seconds]
12:08 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 252 seconds]
12:08 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
12:09 -!- spyroboy [~spyroboy@tuxhacker/spyroboy] has quit [Ping timeout: 252 seconds]
12:09 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Ping timeout: 252 seconds]
12:09 -!- KNERD [~KNERD@64.31.22.134] has quit [Ping timeout: 252 seconds]
12:10 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 252 seconds]
12:13 -!- nlb [~nlb@unaffiliated/nlb] has joined #openvpn
12:13 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
12:13 -!- keatont [~keatont@keatonstaylor.com] has joined #openvpn
12:14 <+hyper_ch> with bridging you build a bridge... with routing you build a route :)
12:27 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit1]
12:27 -!- diranged [~Adium@162.245.21.10] has joined #openvpn
12:28 < diranged> Hey, we hjave a ton of clients running OpenVPN to tunnel into some of our cloud resources. The office, though, has its own tunnel into the cloud.. making the OpenVPN connections unnecessary when they are in the office. The clients though are all set to auto-connect and generally stay connected. Is there a way for us to tell the clients to avoid connecting to the VPN if they can directly reach a particular IP or something?
12:28 < diranged> (mac, ios, and android clients btw)
12:28 < diranged> (just trying to avoid the overhead of unnecessary connections when people are in the office)
12:35 <+hyper_ch> how much overhead is there?
12:40 < diranged> hyper_ch:  honestly, not sure.. its more of a "feels wrong" kind of thing..
12:41 <+hyper_ch> I also always use vpn whether I'm at the office or not
12:41 <+hyper_ch> just feels safer that way
13:07 <@dazo> Dimik: bridging is using layer 2 traffic, and it is comparable to using a network switch ... you just add NICs into a bridge, similar to putting network cables into a switch.  So bridging is way more lowlevel, and produces more overhead in the traffic for VPN tunnels
13:07 <@dazo> Dimik: which means that broadcast traffic on one of the NICs/ports will be sent to all other NICs/ports
13:07 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
13:08 <@dazo> Dimik: while routing happens on layer 3, where only IP packets for specific hosts are sent directly to the proper host(s), based on the routing table
13:08 <@dazo> having that said, bridging also requires routing knowledge as well
13:09 <@dazo> Dimik: For more details, have a look here: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
13:09 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
13:10 <+hyper_ch> dazo: you explained it much better than I ever could :)
13:10 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 244 seconds]
13:11 <@dazo> :)
13:11 <+hyper_ch> but mine was way shorter than yours :)
13:11 <+hyper_ch> (although it said nothing really)
13:12 <@dazo> diranged: no, there are no mechanisms for doing such controls ... I'd recommend you to have a little start-up script which checks the IP address of your network adapter in use and then consider if to start openvpn or not
13:13 <+hyper_ch> dazo: how much overhead does openvpn produce?
13:13 <@dazo> (ideally this should be triggered each time the IP address changes ... that's doable with dhclient in *nix ... dunno about Windows)
13:13 <@dazo> hyper_ch: how heavy is air?
13:14 <+hyper_ch> dazo: http://ed.ted.com/lessons/how-heavy-is-air-dan-quinn
13:15 <@dazo> hyper_ch: it's hard to say ... but there are some CPU overhead due to encryption/decryption of all packets, plus they're encapsulated into openvpn packets, which again cause more overhead
13:15 <@dazo> but how much ... it depends on MTU settings, compression, ciphers, NIC speeds, and more
13:16 <@dazo> it also depends on how you measure the overhead ... in CPU usage?  In latency?  In number of network packets?  Network packet sizes?
13:17 < diranged> dazo: ok.. thanks
13:17 <+hyper_ch> dazo: I learnt a gym of air weights about an elephant and you don't get crushed by it :)
13:17 < diranged> ultimately theres just a question about whether we want 100+ people connected to the VPN server, or 1 Ipsec tunnel conected..
13:18 <+hyper_ch> I'd go for the vpn option :)
13:18 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Read error: No route to host]
13:18 <@dazo> diranged: I don't see why it would be different with ipsec ... care to explain why?
13:19 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
13:32 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has quit [Ping timeout: 276 seconds]
13:34 -!- Fusl_ [~Fusl@gateway/tor-sasl/fusl] has joined #openvpn
13:36 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Disconnected by services]
13:36 -!- Fusl_ is now known as Fusl
13:36 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:38 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Remote host closed the connection]
13:53 < diranged> dazo: With a single ipsec tunnel, traffic is encrypted with one key…. but with 100+ openvpn tunnels, theres just alot of different encryption systems being handled tehre..
13:54 <@dazo> diranged: it sounds like two very different approaches ... as 100+ openvpn clients is the "roadwarrior" approach, while a single tunnel is a "site to site" approach
13:54 <@dazo> and you can do site-to-site with openvpn just as well
13:54 < diranged> so let me explain again..
13:54 < diranged> we have both models..
13:55 < diranged> We have 100+ employees who will need toconnect when they are at home.. on the road, etc..
13:55 <@dazo> yupp
13:55 < diranged> However, when they come in the office, we already have a site-to-site VPN in place. So the OpenVPN tunnel becomes just extra overhead — it bypasses the ipsec site-to-site tunnel. I'd like to make the OpenVPN clients smart enough that htey do not auto-connect when they're in the office.
13:56 <@dazo> right ... so all you do need, is in the start-up script for your openvpn tunnels to identify the network they are in ... if they are in the office, don't start openvpn - as it will use the site-to-site tunnel
13:57 <@dazo> if you configure ipsec roadwarriours, you'll have the same challenge as well ... hence I don't see the difference between ipsec and openvpn
13:58 <@dazo> diranged: there is however another approach, and that is to use route metrics ... so if the local LAN route metric has a lower value than the VPN routes, these laptops will use the LAN route if that is available, otherwise go via the local VPN process
13:59 <@dazo> (but that will most likely be tricker if you do --redirec-gateway setups ... but still doable, just need to be more careful and most like need to have explicit routes for local nets)
14:01 < diranged> eh ok.. if we create the startup-script you mentioned, does it show up as an 'error' in any way for the lcient?
14:01 < diranged> we havnt done much at all with openvpn startup/shutdown scripts..
14:07 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Ping timeout: 245 seconds]
14:29 -!- ShadniX [dagger@p5481D43E.dip0.t-ipconnect.de] has quit [Quit: Bye.]
14:31 -!- ShadniX [~ShadniX@p5481D43E.dip0.t-ipconnect.de] has joined #openvpn
14:35 <@dazo> diranged: if your script detects that it is in the subnet it doesn't need to openvpn running, openvpn will never run ... but if it is in an "unknown" net, it will start openvpn
14:44 < zoredache> Another way to approach that situation might be to simply adjust the firewall rules on your OpenVPN server so that a connection will simply be rejected if the it appears to come within a certain network.
14:45 < diranged> zoredache:  I was thinking about that.. its a possibility. Not sure what impact that has to the clients..
14:45 < diranged> oh well, for now this is mostly a hypothetical issue.. we're not actively running into problems..
14:46 < zoredache> Somewhat depends on your config, but most likely they will just log errors occasionally if they can't connect.
14:54 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
14:57 -!- swebb [~swebb@192.69.23.161] has quit [Ping timeout: 264 seconds]
15:10 -!- teward [LordOfTime@ubuntu/member/teward] has joined #openvpn
15:12 < teward> so, I have a question.  Using the OPenVPN that came on my pfSense bundle, i noticed its working on SSLv3/TLS1.0.  Is there no way to use TLS1.1+ instead of the (now totally insecure SSLv3 and inferior TLSv1), or is this done by default for a logical reason?
15:12 < teward> (I know the TLS1.2 negotiation problem. that's not my question)
15:15 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
15:17 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
15:28 -!- dazo is now known as dazo_afk
15:39 -!- mattock is now known as mattock_afk
15:44 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 35.0.1/20150122214805]]
15:46 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:58 <@krzee> hyper_ch, you around?
15:58 <+hyper_ch> krzee: no :)
15:58 <+hyper_ch> maybe
15:58 <@krzee> ill msg
15:58 <+hyper_ch> hard to say
15:58 <+hyper_ch> what's up?
16:01 <+esde> teward, tls-version-min
16:01 <+esde> can be 1 1.1 or 1.2 IIRC
16:09 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:10 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
16:12 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
16:29 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
16:30 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
16:36 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
16:42 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
16:46 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Ping timeout: 264 seconds]
16:47 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:51 -!- paxmark9 [~paxtormar@199.21.149.142] has joined #openvpn
16:52 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
17:01 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Remote host closed the connection]
17:01 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
17:10 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:18 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
17:32 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Read error: Connection reset by peer]
17:38 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
17:38 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
17:39 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
17:39 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
17:39 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
17:41 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
17:49 -!- shio [marmot@145.121.101.84.rev.sfr.net] has quit [Ping timeout: 240 seconds]
17:51 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 256 seconds]
17:51 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
17:55 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 272 seconds]
17:55 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
17:55 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
18:02 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
18:04 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has left #openvpn []
18:09 -!- gffa [~unknown@unaffiliated/gffa] has quit [Remote host closed the connection]
18:38 -!- ketas- [ketas@ketas6-sixxs.si.pri.ee] has joined #openvpn
18:40 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Ping timeout: 272 seconds]
18:42 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
18:44 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Remote host closed the connection]
19:00 -!- shio [marmot@145.121.101.84.rev.sfr.net] has joined #openvpn
19:56 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
20:01 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
20:08 -!- diranged [~Adium@162.245.21.10] has quit [Quit: Leaving.]
20:26 -!- kadath [~kadath@cpe-184-57-252-175.cinci.res.rr.com] has quit [Ping timeout: 276 seconds]
20:33 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
20:36 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Client Quit]
21:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:35 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
21:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
22:05 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
22:15 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has joined #openvpn
22:15 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has quit [Remote host closed the connection]
22:48 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
22:51 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 245 seconds]
23:01 -!- linelevel [~mike@unaffiliated/linelevel] has joined #openvpn
23:01 < linelevel> Hi,what's the best way to connect to a VPN but contain the tunnel to a single terminal window? i.e. I want all my applications except for one terminal window to access the internet directly, but I want this one bash shell to go through the tunnel. I'm running Ubuntu 14.04 if that helps.
23:26 -!- ShadniX [~ShadniX@p5481D43E.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:27 -!- ShadniX [dagger@p57941F48.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Jan 31 2015
00:02 <+esde> maybe some kind of local proxy configured to go through openvpn client, then only configure that shell session to use the proxy :)
00:21 -!- pcupgrades is now known as hypermist
00:29 -!- TommyC [~TommyC@unaffiliated/sepulchralbloom] has quit [Ping timeout: 272 seconds]
00:29 -!- paradizelost [sid23952@gateway/web/irccloud.com/x-czqgbveuzrppbhog] has joined #openvpn
00:29 < paradizelost> hey all, on android 4.4.4 droid maxx i keep getting "openvpn: pausing (waiting for network)"
00:30 < paradizelost> not finding a whole lot of use out on the web
00:30 < paradizelost> connecting to pfsense 2.2
01:02 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Read error: No route to host]
01:02 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
01:19 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:37 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
01:38 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Read error: No route to host]
01:38 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
01:43 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
02:00 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
02:01 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Ping timeout: 255 seconds]
02:01 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
02:03 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:24 -!- hypermist is now known as pcupgrades
02:58 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 256 seconds]
02:59 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
03:08 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
04:10 -!- P-NuT [~P-NuT@0547252d.skybroadband.com] has joined #openvpn
04:12 < P-NuT> Hi all, when using easy_rsa there's a command called build-dh which builds your diffe-helman entropy. When you use this to build a 2048 bit entropy on a raspberry pi it can take anywhere from 5 mins to 1.5 hours. First of all, what is the reason it takes so long, secondly is there a much faster way to do this somehow?
04:23 <+hyper_ch> build all of the ca stuff on a different computer
04:23 <+hyper_ch> and well, try building it with 4096 bit ;)
04:27 <+hyper_ch> as to why it takes so much time... no idea... that's just the way it is
04:49 -!- P4k3 [~P4k3@c-d334e255.026-8-6b6c7810.cust.bredbandsbolaget.se] has joined #openvpn
04:50 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
04:50 -!- mode/#openvpn [+v s7r] by ChanServ
04:50 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:52 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Client Quit]
04:53 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
04:53 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:08 -!- asper [~argali@volans.uberspace.de] has quit [Ping timeout: 276 seconds]
05:10 < P-NuT> My project does not have the option of building it on another computer
05:12 <+hyper_ch> then you'll just have to accept that it takes so long to build it
05:17 < P-NuT> Yeah... ok.
05:17 -!- P-NuT [~P-NuT@0547252d.skybroadband.com] has quit [Quit: Leaving]
05:29 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
05:34 -!- mattock_afk is now known as mattock
05:41 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
05:41 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
05:41 -!- mode/#openvpn [+o krzee] by ChanServ
06:00 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:15 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:27 -!- ShadniX [dagger@p57941F48.dip0.t-ipconnect.de] has quit [Quit: Bye.]
06:28 -!- ShadniX [dagger@p57941F48.dip0.t-ipconnect.de] has joined #openvpn
06:43 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
06:46 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
06:49 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:51 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
06:55 -!- maccampus [~textual@d54C44271.access.telenet.be] has joined #openvpn
06:56 < maccampus> hello, do i use tunnelblick or privetunnel on Mac to connect to an ovpn server ?
06:57 < maccampus> are there free ovpn servers that i can use ?
07:06 <+hyper_ch> no idea
07:06 <+hyper_ch> and there are free ones
07:11 < maccampus> So which country has to most free Internet ?
07:15 <+hyper_ch> none
07:22 -!- MogDog66 [MogDog@unaffiliated/mogdog66] has joined #openvpn
07:24 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 256 seconds]
07:24 -!- MogDog66 is now known as MogDog
07:45 -!- linelevel [~mike@unaffiliated/linelevel] has quit [Ping timeout: 264 seconds]
07:45 -!- linelevel [~mike@unaffiliated/linelevel] has joined #openvpn
07:50 -!- linelevel [~mike@unaffiliated/linelevel] has quit [Ping timeout: 276 seconds]
07:54 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
07:55 -!- linelevel [~mike@unaffiliated/linelevel] has joined #openvpn
08:02 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
08:08 -!- linelevel [~mike@unaffiliated/linelevel] has quit [Ping timeout: 245 seconds]
08:20 -!- maccampus [~textual@d54C44271.access.telenet.be] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:21 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
08:29 -!- anthony25 [~anthony25@aruhier.fr] has quit [Ping timeout: 246 seconds]
08:37 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Remote host closed the connection]
08:40 -!- early [~early@192.241.198.49] has joined #openvpn
08:45 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 264 seconds]
08:46 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
08:46 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
08:47 -!- Ferriss [~server6@what.possessed.us] has quit [Quit: ZNC - http://znc.sourceforge.net]
08:47 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
08:51 -!- rich0_ is now known as rich0
08:52 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
09:04 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
09:12 -!- early [~early@192.241.198.49] has quit [Quit: ERC Version 5.3 (IRC client for Emacs)]
09:14 -!- early [~early@192.241.198.49] has joined #openvpn
09:20 -!- sireebob is now known as Dbrickashaw
09:25 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has quit [Read error: Connection reset by peer]
09:38 -!- Denial [~Denial@host31-52-125-228.range31-52.btcentralplus.com] has joined #openvpn
09:43 -!- Dbrickashaw is now known as sireebra
09:47 -!- early [~early@192.241.198.49] has quit [Ping timeout: 252 seconds]
09:47 -!- Denial [~Denial@host31-52-125-228.range31-52.btcentralplus.com] has quit []
09:48 -!- Denial [~Denial@host31-52-125-228.range31-52.btcentralplus.com] has joined #openvpn
09:54 -!- kokel [~quassel@kenneth.kokelnet.de] has quit [Remote host closed the connection]
09:55 -!- kokel [~quassel@kenneth.kokelnet.de] has joined #openvpn
10:16 -!- ketas- is now known as ketas
10:27 -!- `Yoda is now known as Yoder
11:30 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
11:49 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:47 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Remote host closed the connection]
12:52 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
12:54 -!- mgorbach [~mgorbach@pool-108-20-78-135.bstnma.fios.verizon.net] has joined #openvpn
12:59 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:07 <@krzee> !winnat
13:07 <@vpnHelper> "winnat" is (#1) http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html for a guide on setting up NAT in windows or (#2) http://www.nanodocumet.com/?p=14 for windows XP or (#3) https://community.openvpn.net/openvpn/wiki/NatOverWindows2008 for 2k8
13:13 <+hyper_ch> hi krzee
13:13 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 264 seconds]
13:13 <@krzee> heyhey
13:13 <+hyper_ch> up this early?
13:14 <@krzee> yep been up
13:14 <+hyper_ch> but it's still bright outside
13:17 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
13:31 -!- pa [~pa@unaffiliated/pa] has quit [Remote host closed the connection]
13:35 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:44 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:03 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
14:12 -!- teward [LordOfTime@ubuntu/member/teward] has left #openvpn ["Leaving"]
14:22 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
14:28 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
14:38 -!- Champi [Champi@damn.e-leet.be] has quit [Quit: Quit]
14:38 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
14:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
14:40 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
14:40 -!- Champi [Champi@damn.e-leet.be] has joined #openvpn
15:09 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
15:10 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:19 -!- mattock is now known as mattock_afk
15:24 -!- justinzane [~justinzan@67.21.190.49] has quit [Ping timeout: 256 seconds]
15:29 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
15:31 -!- troyt [~troyt@2601:7:6202:211:44dd:acff:fe85:9c8e] has joined #openvpn
15:58 -!- Elio19 [~elio19@gateway/tor-sasl/elio19] has joined #openvpn
15:58 < Elio19> !goal
15:58 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
16:00 < Elio19> !goal to remotely manage a VPN server. Including collecting bandwidth usage of clients and ability to block clients that have exceeded their allocated "width."
16:00 < Elio19> Happy to pay in BTC for the assistance of OpenVPN devs. Thank YOU!
16:02 -!- justinzane [~justinzan@67.21.190.49] has joined #openvpn
16:04 < pekster> Elio19: Maybe this gives you a starting point? https://github.com/QueuingKoala/openvpn-db-log . If you do periodic updates, querying for still-connected clients over whatever limit you come up with might get easier
16:04 <@vpnHelper> Title: QueuingKoala/openvpn-db-log · GitHub (at github.com)
16:05 < pekster> You'll probably need to add your own glue to associate that with a long-lived total of bandwidth consumed, or write some queries to aggregate that by user, etc
16:07 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has joined #openvpn
16:07 < Dimik> hi guys
16:07 < Dimik> esde i fixed my openvpn
16:08 < Dimik> turned out that the remote windows 8 (openvpn server) had some faulty static routes added to it which were interfering with original router routes because they had a better metric
16:08 < Dimik> go figure right :D
16:09 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:10 < Elio19> Brilliant pekster! I'm reading the code now, just wondering if has capability to report on usage ( in MB ) since the description said it logs "connect / disconnect events."
16:12 < pekster> Right, both disconnect events and the on-demand status polling record the bytes transferred in each direction
16:12 < Elio19> Do you by chance have a BTC address?
16:12 < pekster> Nah, just feel free to send suggestions or improvements upstream if you think they might be generally useful
16:13 -!- justinzane [~justinzan@67.21.190.49] has quit [Ping timeout: 255 seconds]
16:14 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
16:17 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:18 -!- Dimik [~Dimik@pool-108-6-165-149.nycmny.fios.verizon.net] has quit [Ping timeout: 246 seconds]
16:18 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
16:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:20 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
16:38 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
16:46 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
16:46 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:21 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:41 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 264 seconds]
17:41 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 264 seconds]
17:42 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 264 seconds]
17:43 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
17:45 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Ping timeout: 264 seconds]
17:45 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
17:49 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Ping timeout: 264 seconds]
17:50 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
17:51 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:51 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
17:53 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
18:30 -!- Pyrogerg [~Gregory@67-0-193-170.albq.qwest.net] has joined #openvpn
18:35 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
18:41 -!- HyP3r [~HyP3r@elektro-fendt.de] has joined #openvpn
19:37 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 256 seconds]
19:37 -!- justinzane [~justinzan@67.21.190.132] has quit [Ping timeout: 256 seconds]
19:38 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 256 seconds]
19:38 -!- aep [~aep@libqxt/developer/aep] has quit [Ping timeout: 256 seconds]
19:38 -!- nullie [~nullie@linode.nullie.name] has quit [Ping timeout: 256 seconds]
19:40 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
19:43 -!- Esya [~zncuser@195-154-90-140.rev.poneytelecom.eu] has quit [Ping timeout: 256 seconds]
19:43 -!- ecrist [~ecrist@freebsd/contributor/openvpn.community.support.ecrist] has quit [Ping timeout: 256 seconds]
--- Log closed Sat Jan 31 19:43:01 2015
--- Log opened Thu Feb 05 17:20:16 2015
17:20 -!- ecrist [~ecrist@freebsd/contributor/openvpn.community.support.ecrist] has joined #openvpn
17:20 -!- Irssi: #openvpn: Total of 201 nicks [6 ops, 0 halfops, 5 voices, 190 normal]
17:20 -!- mode/#openvpn [+o ecrist] by ChanServ
17:20 -!- Irssi: Join to #openvpn was synced in 3 secs
17:26 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
17:32 -!- drywheat [~bernhard@rrcs-24-227-130-234.sw.biz.rr.com] has joined #openvpn
17:36 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
17:38 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Remote host closed the connection]
17:57 -!- Fusl [~Fusl@gateway/tor-sasl/fusl] has quit [Quit: Contact: http://hallowe.lt/]
17:58 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
17:58 -!- drywheat [~bernhard@rrcs-24-227-130-234.sw.biz.rr.com] has quit [Quit: leaving]
18:04 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:28 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has quit [Ping timeout: 245 seconds]
18:29 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has joined #openvpn
18:30 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
18:30 -!- pcupgrades is now known as `hypermist`
19:00 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:06 -!- civillian [~nick@174.202.49.122-static.velocitynet.com.au] has left #openvpn []
19:09 -!- TheZealous [TheZealous@c-67-175-154-170.hsd1.il.comcast.net] has quit [Ping timeout: 264 seconds]
19:27 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has quit [Ping timeout: 244 seconds]
19:29 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has joined #openvpn
19:46 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:58 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Quit: Konversation terminated!]
19:58 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
20:19 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:19 -!- justinzane [~justinzan@67.21.190.132] has quit [Ping timeout: 250 seconds]
20:29 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
20:38 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:39 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
20:39 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
20:52 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 250 seconds]
20:54 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:03 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
21:10 -!- paxmark9 [~paxtormar@198.144.158.14] has quit [Quit: Leaving]
21:16 -!- justinzane [~justinzan@67.21.190.132] has quit [Ping timeout: 264 seconds]
21:26 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:49 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Remote host closed the connection]
21:52 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
21:55 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Read error: No route to host]
21:56 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
22:04 -!- early [~early@192.241.142.243] has quit [Ping timeout: 252 seconds]
22:17 -!- Sup3rFly [~sup3r@host-64-17-84-48.beyondbb.com] has joined #openvpn
22:18 < Sup3rFly> trying to get openvpn (bridged) working on a vmware esxi host, with multiple NICs in a vswitch.  Can't route.
22:18 < Sup3rFly> promicious mode is enabled
22:18 < Sup3rFly> anyone dealt with this?
22:25 -!- early [~early@192.241.142.243] has joined #openvpn
22:32 -!- Sup3rFly [~sup3r@host-64-17-84-48.beyondbb.com] has quit []
22:33 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:41 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
22:43 -!- early [~early@192.241.142.243] has quit [Ping timeout: 252 seconds]
22:45 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 265 seconds]
22:52 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
22:57 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has joined #openvpn
22:58 < Dimik> what was that link to mess with the adapter in windows for openvpn
22:58 < Dimik> in registry
23:09 < Dimik> !welcome
23:09 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
23:09 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
23:11 < Dimik> !interface
23:11 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For Linux:
23:11 <@vpnHelper> iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
23:11 < Dimik> !registry
23:11 < Dimik> !regedit
23:11 < Dimik> !man
23:11 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
23:12 -!- justinzane [~justinzan@24.49.184.10] has quit [Ping timeout: 265 seconds]
23:20 -!- ShadniX [dagger@p579411B7.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:20 -!- ShadniX_ [dagger@p5481DC3D.dip0.t-ipconnect.de] has joined #openvpn
23:20 -!- ShadniX_ is now known as ShadniX
23:28 -!- mattock_afk is now known as mattock
23:33 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 245 seconds]
23:45 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
23:47 -!- early [~early@192.241.142.243] has joined #openvpn
23:50 -!- early [~early@192.241.142.243] has quit [Excess Flood]
--- Day changed Fri Feb 06 2015
00:06 -!- early [~early@192.241.142.243] has joined #openvpn
00:12 -!- early [~early@192.241.142.243] has quit [Ping timeout: 252 seconds]
00:16 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
00:23 -!- early [~early@192.241.142.243] has joined #openvpn
00:43 -!- early [~early@192.241.142.243] has quit [Ping timeout: 252 seconds]
00:49 -!- early [~early@192.241.142.243] has joined #openvpn
00:53 -!- sireebob is now known as blobby
00:54 -!- blobby is now known as sireebob
01:07 -!- notAfads [~notAfads@unaffiliated/notafads] has quit [Ping timeout: 244 seconds]
01:07 -!- mattock is now known as mattock_afk
01:13 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds]
01:57 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Remote host closed the connection]
01:59 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
02:01 < albercuba> hello everyone. how can i configure openvpn to use --auth-user-pass-verify
02:19 <+hyper_ch> what should that do?
02:26 < albercuba> when a client connects to the server beside the key it asks for a password verification
02:31 -!- `hypermist` is now known as pcupgrades
02:32 <+hyper_ch> good luck
02:45 < albercuba> thanks
02:55 <+hyper_ch> any reason why you go for a password?
02:56 -!- mattock_afk is now known as mattock
02:59 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:02 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
03:38 -!- pcupgrades is now known as `hypermist`
03:51 -!- Denial [~Denial@81.141.17.243] has joined #openvpn
03:51 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 252 seconds]
03:51 -!- early [~early@192.241.142.243] has quit [Ping timeout: 252 seconds]
03:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:52 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Ping timeout: 252 seconds]
03:52 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
03:54 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 252 seconds]
03:55 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 252 seconds]
03:56 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
03:57 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
03:58 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
04:07 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
04:27 -!- mattock is now known as mattock_afk
04:43 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Read error: Connection reset by peer]
04:46 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Ping timeout: 272 seconds]
04:46 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
05:00 -!- nixfloyd [~floyd@vps2.eulinux.org] has quit [Quit: leaving]
05:01 -!- nixfloyd [~floyd@vps2.eulinux.org] has joined #openvpn
05:06 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
05:27 -!- goschtl [~Adium@ip-77-24-121-163.web.vodafone.de] has joined #openvpn
05:28 < goschtl> hi i have a really simple vpn config with a secret, is it possible that i secify more then one host
05:28 < goschtl> ifconfig 192.168.30.1 192.168.30.10
05:28 < goschtl> this works
05:28 < goschtl> but what if i want to
05:28 < goschtl> ifconfig 192.168.30.1 192.168.30.11
05:29 < goschtl> ifconfig 192.168.30.1 192.168.30.10 192.168.30.12
05:43 <+hyper_ch> what are you trying to accomplish exactely?
05:51 -!- mattock_afk is now known as mattock
05:58 -!- Denial [~Denial@81.141.17.243] has quit [Ping timeout: 250 seconds]
05:58 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 250 seconds]
05:59 -!- swebb [~swebb@192.69.23.161] has quit [Ping timeout: 265 seconds]
05:59 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Ping timeout: 265 seconds]
05:59 -!- Denial [~Denial@81.141.17.243] has joined #openvpn
05:59 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 265 seconds]
06:01 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
06:01 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
06:04 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 265 seconds]
06:05 -!- JackWinter_ [~jack@vodsl-10478.vo.lu] has joined #openvpn
06:05 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Ping timeout: 250 seconds]
06:05 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Ping timeout: 250 seconds]
06:05 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
06:06 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 250 seconds]
06:06 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
06:06 -!- yeik [~jket@2601:7:6881:4700:fab1:56ff:feb8:524a] has quit [Ping timeout: 265 seconds]
06:06 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 265 seconds]
06:07 -!- APTX_ [~APTX@unaffiliated/aptx] has quit [Ping timeout: 250 seconds]
06:08 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
06:08 -!- mode/#openvpn [+o krzee] by ChanServ
06:08 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 250 seconds]
06:09 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Ping timeout: 250 seconds]
06:09 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
06:09 -!- mode/#openvpn [+o syzzer] by ChanServ
06:10 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
06:10 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
06:10 -!- mode/#openvpn [+o plaisthos] by ChanServ
06:10 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
06:12 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:14 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
06:14 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
06:19 -!- Netsplit *.net <-> *.split quits: FruitieX_, jzaw, MalteJ, nixfloyd, ketas, Moonlightning, typ, nullie, benoliver999, Nothing_Much,  (+8 more, use /NETSPLIT to show all of them)
06:19 -!- Netsplit over, joins: ketas
06:21 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
06:21 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
06:21 -!- nixfloyd [~floyd@vps2.eulinux.org] has joined #openvpn
06:21 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:21 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
06:21 -!- FruitieX_ [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
06:21 -!- lev__ [~lev@stipakov.fi] has joined #openvpn
06:21 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has joined #openvpn
06:21 -!- codehero [codehero@i.have.ipv6.on.coding4coffee.org] has joined #openvpn
06:21 -!- nullie [~nullie@linode.nullie.name] has joined #openvpn
06:21 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
06:21 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
06:21 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
06:21 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
06:21 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-rieqrzyyiebxopng] has joined #openvpn
06:21 -!- benoliver999 [~ben@ben.baconseed.org] has joined #openvpn
06:21 -!- julie_harshaw [~julie@juliekoubova.net] has joined #openvpn
06:21 -!- ServerMode/#openvpn [+o dazo_afk] by barjavel.freenode.net
06:24 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
06:28 -!- goschtl [~Adium@ip-77-24-121-163.web.vodafone.de] has quit [Quit: Leaving.]
06:34 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:39 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
06:46 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Ping timeout: 272 seconds]
06:47 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
06:58 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Remote host closed the connection]
07:01 -!- early [~early@192.241.142.243] has joined #openvpn
07:08 -!- early [~early@192.241.142.243] has quit [Ping timeout: 264 seconds]
07:11 <+hyper_ch> ecrist: you look bored :)
07:21 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 244 seconds]
07:28 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
07:42 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has joined #openvpn
07:47 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
07:49 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:49 -!- kexmex [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
08:17 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
08:21 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
08:22 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
08:42 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:44 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
08:46 -!- RGamma [~RGamma@ip-84-118-23-37.unity-media.net] has quit [Quit: WeeChat 0.3.8]
08:49 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Ping timeout: 276 seconds]
08:52 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
09:02 <@ecrist> Id o?
09:03 -!- ACKNAK [~regolith@79.133.97.154] has joined #openvpn
09:14 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
09:14 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Remote host closed the connection]
09:15 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 256 seconds]
09:15 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
09:16 -!- debbie10t [~debbie10t@unaffiliated/m10t] has joined #openvpn
09:17 < debbie10t> I have a question about version: i compiled gitmaster from github.com/OpenVPN/openvpn and the version is 2.3_gitmaster .. I was under the impression that it would be 2.4
09:18 < debbie10t> with that in mind:
09:19 < debbie10t> I am curious as to how this post https://forums.openvpn.net/topic18115.html indicates 2.4_gitmaster in use ?
09:19 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN connect not working, but 3rd party OpenVPN apps do : OpenVPN Connect (Android) (at forums.openvpn.net)
09:26 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
09:34 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
09:39 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
09:42 -!- apollo2k is now known as aPollO2k
09:43 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
09:48 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:49 -!- Artabros [~Artabros@29.Red-79-154-235.dynamicIP.rima-tde.net] has joined #openvpn
09:52 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 250 seconds]
10:04 < debbie10t> !ovpnuke
10:04 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
10:05 < ACKNAK> D:
10:05 < ACKNAK> gosh
10:05 <+hyper_ch> WE'RE ALL GOING TO DIE
10:06 < debbie10t> true
10:07  * ACKNAK runs around panicking and screaming
10:07  * ACKNAK updates openvpn 
10:07 < debbie10t> you are still going to die ;)
10:08 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:08 <+hyper_ch> we all are
10:11 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:12 < ACKNAK> debbie10t, thats not so scary
10:13 < debbie10t> oblivioon is /not/ scary ?
10:14 < ACKNAK> its nothing!
10:14 < ACKNAK> nobody to be scared
10:14 < debbie10t> i would tend to agree .. but many would not .. hence ^God^ ey al
10:15 < ACKNAK> xD
10:20 -!- ACKNAK [~regolith@79.133.97.154] has quit [Quit: Leaving]
10:26 <@ecrist> debbie10t: quit being weird
10:26 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
10:26 < debbie10t> never :)
10:26 < debbie10t> i asked a openvpn question .. hyper_ch took us OT
10:30 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
10:33 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Ping timeout: 272 seconds]
10:41 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:43 -!- Latrina [~Latrina@adsl-ull-28-215.50-151.net24.it] has quit [Ping timeout: 245 seconds]
10:45 <+hyper_ch> I'm never OT :)
10:46 -!- Latrina [~Latrina@adsl-ull-60-185.50-151.net24.it] has joined #openvpn
10:49 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
10:51 <+hyper_ch> 4086bit dh generation on a 1.4ghz athlon takes quite a while
10:55 < debbie10t> it does .. and you did ;)
10:55 < debbie10t> hyper_ch, i preume it is still going ?
10:57 < debbie10t> took my 3.2ghz intel p4 3h47m
11:00 <+hyper_ch> I'm never OT
11:00 <+hyper_ch> it's a fact of life... like 42
11:00 <+hyper_ch> started it about.... 3h ago or something
11:04 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
11:09 -!- justinzane [~justinzan@67.21.190.132] has quit []
11:10 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
11:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:22 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
11:23 -!- early [~early@192.241.142.243] has joined #openvpn
11:25 <+hyper_ch> debbie10t: :)
11:25 <+hyper_ch> also 4096 bit?
11:26 <+hyper_ch> too bad it doesn't have a progress indicator that lets you see how much is done
11:28 -!- aPollO2k is now known as apollo2k
11:32 < debbie10t> 2^4096 = 1.0443888814131525066917527107166e+1233
11:33 <+hyper_ch> I once counted that far
11:56 <+hyper_ch> easy rsa 3 looks too complicated for me
11:56 <+hyper_ch> I prover v2
11:56 <+hyper_ch> prefer
11:56 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
11:58 < manitou> :) i like topic part " Your problem is probably firewall "  ;)
11:58 <+hyper_ch> you read the topic? oO
12:00 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
12:00 -!- early [~early@192.241.142.243] has quit [Ping timeout: 252 seconds]
12:00 < manitou> :) why not ? hahaha firewall and openvpn are friends !
12:06 -!- early [~early@192.241.142.243] has joined #openvpn
12:16 -!- control [~control@unaffiliated/control] has joined #openvpn
12:17 -!- control [~control@unaffiliated/control] has quit [Remote host closed the connection]
12:20 < debbie10t> EasyRSA3 is easy ...
12:20 -!- early [~early@192.241.142.243] has quit [Ping timeout: 264 seconds]
12:21 <+hyper_ch> people say that about theoretical physics also...
12:24 < debbie10t> theoretical physics does not have a README
12:25 <+hyper_ch> that's what they want to make you believe
12:25 < debbie10t> they*
12:30 -!- Azrael [~azrael@terra.negativeblue.com] has joined #openvpn
12:31 < Azrael> has anyone experienced the issue where the Windows GUI for OpenVPN doesn't work in Windows?
12:31 <+hyper_ch> yes
12:31 < debbie10t> lol
12:31 < Azrael> Windows 8.1 i mean
12:31 <+hyper_ch> yes
12:31 < Azrael> seems that the GUI reads the wrong config file
12:31 < Azrael> is there an active/open bug report?  i can't find one.
12:31 <+hyper_ch> no idea
12:32 < Azrael> i'd like my team to use openvpn instead of ipsec/pptp setups.  but i have some users with windows desktops.
12:32 < Azrael> and as we all know... windows users definitely need a gui hah.
12:33 < debbie10t> no they dont - there is also the much more reliable OpenVPNService
12:34 < Azrael> haha they most definitely do
12:34 < Azrael> but
12:34 < Azrael> we figured out the issue it looks
12:34 < Azrael> windows 8.1 builds a virtual folder
12:34 <+hyper_ch> you can autostart it with windows and stuff
12:34 < Azrael> and places a default openvpn config file in there
12:34 < Azrael> so as we were modifying the c:\Program Files\openvpn\config files ... they were not getting read
12:34 < debbie10t> sounds hideous ....
12:35 < Azrael> sigh, yes
12:35 <+hyper_ch> I have no such issues... works all fine
12:36 < debbie10t> are you using official openvpn or some monkey fudge job ?
12:36 < debbie10t> :D
12:36 <+hyper_ch> or
12:38 < debbie10t> oo-er !
12:40 < pekster> hyper_ch: There's a howto with syntax you can nearly copy/paste. Feel free to edit it if clarification is needed (it's a wiki, and updates/improvements are more than welcome.) See:
12:41 < pekster> !easyrsa
12:41 <@vpnHelper> "easyrsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Source checkouts available from the github project; current official release download is 2.2.2 with 3.x code in git-master. or (#4) Helpful wiki info about easyrsa at: https://community.openvpn.net/openvpn/wiki/EasyRSA
12:41 < pekster> wiki links via (#4) above
12:42 -!- early [~early@192.241.142.243] has joined #openvpn
12:53 -!- early [~early@192.241.142.243] has quit [Quit: Leaving]
12:59 < Azrael> debbie10t: official
13:00 < debbie10t> Azrael, are you sure openvpn is doing that and not some anti-virus ?
13:01 <+hyper_ch> people still believe in snake oil AV?
13:02 < debbie10t> hyper_ch, i do .. just to shut windows security centre up
13:03 < debbie10t> hyper_ch, people are not like computers .. you cannot upgrade the whole world at will
13:04 <+hyper_ch> well, the whole world should be upgraded to Kubuntu :)
13:04 < debbie10t> blech !
13:04 <+hyper_ch> or NixOS with KDE
13:04 <+hyper_ch> or Debian stable on server
13:04 <+hyper_ch> s
13:04 < debbie10t> whoarf
13:10 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:12 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Quit: elfixit]
13:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:17 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has quit [Ping timeout: 272 seconds]
13:18 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has joined #openvpn
13:20 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has quit [Quit: Leaving]
13:27 <+hyper_ch> !iplinforward
13:27 <+hyper_ch> !linipforward
13:27 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
13:35 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
13:36 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 240 seconds]
13:36 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
13:37 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
13:37 -!- mode/#openvpn [+o krzee] by ChanServ
13:40 < Azrael> debbie10t: yes
13:40 < Azrael> debbie10t: its how windows 8.1 works these days apparently
13:40 < Azrael> debbie10t: or at least what my windows folks are telling me
13:41 < Azrael> debbie10t: they got things working by adjusting a registry entry and by modifying the files in the virtual folder
13:41 < Azrael> debbie10t: its too bad the openvpn windows gui client isnt yet aware of this windows behavior modification
13:41 < Azrael> debbie10t: also too bad the gui doesn't support multiple configurations :-(
13:50 -!- early [~early@192.241.142.243] has joined #openvpn
13:53 -!- early [~early@192.241.142.243] has quit [Excess Flood]
13:58 -!- early [~early@192.241.142.243] has joined #openvpn
14:00 <+esde> http://www.forbes.com/sites/antoinegara/2015/02/05/radioshack-cuts-the-cord-after-90-years-files-for-bankruptcy/
14:00 <@vpnHelper> Title: RadioShack Cuts The Cord After 94 Years, Files For Bankruptcy - Forbes (at www.forbes.com)
14:00 <+esde> RIP in peace radioshack
14:03 -!- early [~early@192.241.142.243] has quit [Excess Flood]
14:07 -!- early [~early@192.241.142.243] has joined #openvpn
14:10 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has quit [Quit: ZNC - http://znc.sourceforge.net]
14:10 < debbie10t> Azrael, i will check that out some time ..
14:11 < debbie10t> Azrael, W81 is a box of horrible tricks anyway
14:13 < debbie10t> RIP in peace in pieces
14:14 -!- early [~early@192.241.142.243] has quit [Ping timeout: 252 seconds]
14:17 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
14:17 -!- mode/#openvpn [+v hyper_ch] by ChanServ
14:20 <+hyper_ch> hmmmm, using tls-auth - will that put more stress on the machines?
14:24 -!- early [~early@192.241.142.243] has joined #openvpn
14:35 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Remote host closed the connection]
14:49 -!- early [~early@192.241.142.243] has quit [Ping timeout: 252 seconds]
15:05 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
15:17 -!- mattock is now known as mattock_afk
15:22 -!- nixfloyd [~floyd@vps2.eulinux.org] has left #openvpn ["WeeChat 0.3.8"]
15:35 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
15:37 -!- malikeye [malikeye@unaffiliated/malikeye] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
15:37 <+esde> any time you add something that uses cpu time, you will increase load.
15:39 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:39 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
15:40 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
15:43 -!- iGamer [60f6eefb@gateway/web/cgi-irc/kiwiirc.com/ip.96.246.238.251] has joined #openvpn
15:46 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Quit: Leaving]
15:47 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:48 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
15:49 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
15:52 -!- kotoReZ [~chatzilla@CPE84948c924fb1-CM84948c924fb0.cpe.net.cable.rogers.com] has joined #openvpn
15:56 < kotoReZ> i am a bit confused, is it possible to setup openvpn in the way that my client machine can connect to the openvpn office and get local lan ip or do I need a non free version for that?
15:57 <+hyper_ch> !serverlan
15:57 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
15:57 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
16:01 < iGamer> Hello, I was here two weeks ago. I had trouble bridging the connections on my VPS for OpenVPN but nothing is working. I can connect to the VPN fine, but there's no internet connection when using it.
16:02 < iGamer> TUN/TAP is definitely enabled.
16:02 < iGamer> I followed everything on that chart that someone linked me to and none of the those were the problem.
16:03 < joker2u> win8 clients cannot connect to openvpn servers. No firewall and no connection attempt.
16:04 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:04 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
16:04 < iGamer> Really? That's interesting. Well, I'm connecting through OSX using Tunnelblick.
16:04 <+hyper_ch> win8 clients can connect to openvpn server
16:05 < joker2u> hyper_ch:  none of mine can. and they are using .ovpn files that work on other clients.
16:06 < joker2u> is there a tun bug in in WinHate?
16:07 <+hyper_ch> well, works fine for me on win 8.1
16:08 <+hyper_ch> enable logs
16:11 < iGamer> Any idea about my problem?
16:11 <+hyper_ch> !linipforward
16:11 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
16:12 <+hyper_ch> !configs
16:12 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
16:12 <+hyper_ch> !logs
16:12 < iGamer> thats set in sysctl.conf
16:12 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:13 < iGamer> iptables: http://pastebin.com/L7zMNrZg
16:14 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
16:16 < iGamer> The log says Initialization Sequence Completed
16:17 < iGamer> I'm using CentOS 6.6 on what i believe is an OpenVZ vps
16:18 <+hyper_ch> https://openvz.org/VPN_via_the_TUN/TAP_device
16:18 <@vpnHelper> Title: VPN via the TUN/TAP device - OpenVZ Linux Containers Wiki (at openvz.org)
16:19 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
16:20 < iGamer> FATAL: Module tun not found.
16:30 -!- MyChris_ [~DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has joined #openvpn
16:31 < MyChris_> Anyone ever used this native implementation of OTP for Google Authenticator instead of PAM? https://github.com/evgeny-gridasov/openvpn-otp
16:31 <@vpnHelper> Title: evgeny-gridasov/openvpn-otp · GitHub (at github.com)
16:31 -!- Mchammerdad [~Larlochth@fenixci.com] has joined #openvpn
16:32 < MyChris_> !paste
16:32 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
16:33 < MyChris_> http://pastebin.com/5hiPKu7N
16:33 < Mchammerdad> I keep getting this error when importing my default openvpn certs into my android openvpn connect profile: error parsing oepnvpn profile: client.ovpn : option_error: option keyid:xxxxxxxxxx is to long
16:33 < Mchammerdad> please someone tell me this is a easy fix.
16:33 < MyChris_> Attempting to use that plugin specified on the github but always getting back that my details are incorrect, the above is my server config.
16:34 < MyChris_> Server Logs( http://pastebin.com/ikb3E6bP )
16:37 < MyChris_> As far as the otp-secrets file it specifies I have this... http://pastebin.com/exnKNQxh
16:41 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 264 seconds]
16:49 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
17:01 -!- paxmark9 [~paxtormar@199.21.149.142] has joined #openvpn
17:02 < pekster> MyChris_: There are plenty of TOTP implementations, and in fact there's a CLI utility that just takes in the shared secret and spits out the OTP result (or a series of them if you're doing validation and wish to permit a few before/after for clock skew or transmit delays
17:03 < pekster> "native implementation" is a bit of a misnomer here since you're free to use whatever method you want; TOTP is a published OATH standard that has been implemented in dozens of popular languages
17:03 < pekster> You probably do not want to use PAM here, unless you can somehow get the openvpn to ignore the auth requirement for re-keys, which happen hourly by default
17:04 < pekster> Unless you really want some method to make clients enter in new OTP keys every hour..
17:04 < MyChris_> I don't want to use PAM that's the whole idea of what I'm trying to accomplish.
17:04 < pekster> Right. I'd either go with classic user/pass auth scripts that just dump the current (or agan, maybe current plus 2 prior/after or something) and compare to what the client provided
17:04 < MyChris_> I just wanted to implement OTP via google authenticator I had it previously after following some guide but it requires local users be created.
17:05 < pekster> There's also C/R auth, though you'd need to read the procedure on that in the management docs for openvpn
17:05 < pekster> (you'd need that if you wanted user/pass *plus* TOTP)
17:06 < pekster> oathtool is the package I've used before to spit out keys; it's braindead simple to use
17:09 < iGamer> okay
17:09 < iGamer> service openvpn [failed]
17:09 < iGamer> yet the log says Initialization Sequence Completed
17:10 < pekster> !learn launch as Problems starting OpenVPN with a service or init wrapper? Run it directly instead to debug, like this: openvpn --config /path/to/openvpn.conf
17:10 <@vpnHelper> Joo got it.
17:10 < pekster> !learn launch as Then, once you get that working, feel free to integrate this into your init per your distro's documentation
17:10 <@vpnHelper> Joo got it.
17:11 < pekster> iGamer: ^
17:11 < iGamer> i am
17:11 <+hyper_ch> tun module not supported in your openvz container
17:11 < pekster> No, you're not. OpenVPN does not generate the "service openvpn [failed]" message
17:11 < pekster> This is your distro, so you'd need to consult the distro documentation on why a filure code is generated
17:12 < pekster> Sounds to me like you're using service(8) which is generally a wrapper to launch distro-centric init services (for example, Debian and FreeBSD have such a command)
17:16 -!- kotoReZ [~chatzilla@CPE84948c924fb1-CM84948c924fb0.cpe.net.cable.rogers.com] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 35.0.1/20150122214805]]
17:18 < lev__> sys
17:19 < iGamer> well it was yum openvpn start
17:20 < iGamer> but i started it with the regular conf and the connections still aren't bridging
17:20 < iGamer> i pasted my iptables here
17:20 < iGamer> and TUN/TAP is running
17:20 <+hyper_ch> tun module not supported in your openvz container
17:21 < iGamer> yes it is because i've used openvpn in this vps before
17:21 < iGamer> it even has the option in the control panel
17:21 < iGamer> i just have to resetup openvpn since i upgraded to centos 6
17:22 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
17:22 < pekster> don't bridge unless you actually need non-IP traffic: read !tunortap and !whybridge
17:25 < joker2u> windows clients cannot connect https://bpaste.net/show/dc586777d7ec but Android clients can. Same config and keys (used at different times of coarse).
17:26 < joker2u> all firewalls are disabled. Server shows no connection attempt.
17:26 < pekster> I do hope those are test/example keys, because that private key is not encrypted and should now be considered a world-known file
17:27 < pekster> Also, --verb 9 is worthless unless you've built a custom version of openvpn
17:27 < pekster> !verb
17:27 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only
17:28 -!- gr89 [~gr89@ool-4355399b.dyn.optonline.net] has joined #openvpn
17:28 < joker2u> pekster: changing the verb won't help me connect.  :(
17:30 < pekster> Config seems more or less fine, although you shouldn't miss-match your keepalive values so much between client/server
17:31 < pekster> Not the cause of your current problem, but you don't want the client waiting longer to timeout than the server does, generally. Server considers the client dead after 120 seconds of no TLS keepalive packets, but the client hangs on for 900 seconds. Best to just let the clien tpull that
17:31 < pekster> Oh, you're not pulling client details
17:32 < pekster> You probably want to add --client to the client config, then drop line 17
17:33 < pekster> That config won't be parsed as it is nowThat config won't load at all on anything
17:36 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has joined #openvpn
17:43 < MyChris_> pekster how would you go about integrating oathtool
17:44 < MyChris_> would it have to be used by a plug-in or?
17:44 < pekster> --auth-user-pass-verify script (see: !scripts) that pulls in the key from a saved database on disk (could be just a dir with keys in text files by CN) and matches the past few with the -w command
17:44 < MyChris_> !scripts
17:44 <@vpnHelper> "scripts" is "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
17:45 < pekster> The only thing the script needs to do that's particularly clever is always permit auth if the client is a renewing client, not a first-connect
17:45 < pekster> I forget what the env-var is offhand for that, but it shouldn't be hard to figure out if you watch an auth renewal and dump the environment
17:45 < pekster> It's either set on renewals and not on initial, or maybe the var changes
17:53 -!- `hypermist` is now known as pcupgrades
18:07 -!- DocMAX [~docmax@g224157233.adsl.alicedsl.de] has joined #openvpn
18:07 < DocMAX> hi
18:07 < DocMAX> i can connet at my home!
18:07 < DocMAX> connect
18:07 < DocMAX> my ip is 10.0.0.6!
18:11 < iGamer> I don't think thats a public IP
18:12 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
18:13 < iGamer> What do you mean by non-IP traffic?
18:13 < iGamer> I'm just trying to set up a simple VPN. This was so much easier last time.
18:13 < iGamer> Now it seems like everything I do isn't working
18:15 -!- pcupgrades is now known as `hypermist`
18:17 < pekster> I mean traffic that is raw Ethernet frames
18:17 < pekster> !tunortap
18:17 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
18:17 <@vpnHelper> rooted/jailbroken) support only tun
18:17 < pekster> !whybridge
18:17 <@vpnHelper> "whybridge" is (#1) you only bridge if you want layer2 to the lan. if you want layer2 only between vpn nodes then routed tap is enough. if you only want layer3 use tun. or (#2) See this URL for a more in-depth discussion on bridging vs routing: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting or (#3) See also !tunortap
18:17 < pekster> I'm curious what non-IP traffic you need to send over your "simple" VPN
18:19 < pekster> iGamer: As I said above, your client config is not functional. Your statement that it runs anywhere, as it is, is incorrect:
18:19 < pekster> Options error: Parameter ca_file can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.
18:19 < pekster> Which I told you above, and the fix
18:22 < iGamer> i think i might just be using the wrong terms
18:23 < iGamer> You saw my iptables paste?
18:23 < iGamer> When you say client config, you mean server.conf?
18:24 < pekster> Hopefully you haven't named your client config "server.conf", because that would be confusing
18:25 < pekster> I'm talking about your pastebin, of which I coppied lines 1 through 152 where you also exposed your client private key (which is now compromised, if you didn't get that from earlier) and the config will not parse
18:25 < pekster> Your config is incomplete and will never work because the TLS options require that you act as a client or server, and you're not acting as either
18:25 < pekster> DId you read that part above?
18:25 < pekster> Also, you never pasted usable firewall rules, but that's not even your problem
18:26 < pekster> https://github.com/QueuingKoala/fn-netfilter/wiki#paste
18:26 < pekster> -L is a worthless pile of no good
18:26 < iGamer> i didn't paste my server.conf
18:26 < iGamer> someone else pasted their key and stuff. that wasn't me
18:26 < iGamer> i only pasted my iptables
18:27 < pekster> You pasted trash
18:27 < pekster> My fn-netfilter wiki FAQ link explains how to paste useful information
18:27 < pekster> If your service is "failing" you need to not use the service
18:27 < pekster> !configs
18:27 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
18:27 < pekster> !logs
18:27 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
18:27 < pekster> !launch
18:27 <@vpnHelper> "launch" is (#1) Problems starting OpenVPN with a service or init wrapper? Run it directly instead to debug, like this: openvpn --config /path/to/openvpn.conf or (#2) Then, once you get that working, feel free to integrate this into your init per your distro's documentation
18:27 < pekster> !verb
18:27 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only
18:27 < pekster> !paste
18:27 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
18:27 < pekster> And if you missed it from our /TOPIC:
18:27 < pekster> !welcome
18:27 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
18:27 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:28 < pekster> joker2u: That was you that pasted private keys; you need to verify you're not accepting those from the Internet anymore
18:30 < iGamer> What's the difference between server.conf and openvpn.conf?
18:30 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
18:30 < iGamer> Both of those are on my VPS
18:30 < pekster> They're different files
18:31 < pekster> Presumably with different contents, but that's for you (or maybe /usr/bin/diff) to determine
18:33 < joker2u> pekster: the keys were very edited prior to my post. not worried at all
18:38 < iGamer> whats the best way to stop all openvpn processes running since yum thinks its not running
18:39 < pekster> SIGTERM them
18:39 < pekster> Perhaps with: kill $(pgrep ping)
18:40 < pekster> Erm, rather: kill $(pgrep openvpn)
18:44 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:03 < iGamer> NWTF
19:03 < iGamer> OpenVPN started ok when i reinstalled it. lol
19:03 < iGamer> That's so weird.
19:05 < debbie10t> kill ...
19:20 < iGamer> is openvpn.conf required? or can i get rid of it?
19:24 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:26 <+esde> Quick question. I just had my speed increased by my ISP and it has taken effect at the modem. However, through my openvpn server (with the previous speed I got full line speed 50Mbps/12Mbps over the openvpn connection) but when I'm connected to openvpn im getting about half the speed i should on download even though upload is fine. the new line speed should be 105Mbps/25Mbps so I was expecting about 90-80Mbps/20-22Mbps so the results of 39.81/21.98 are wor
19:26 <+esde> rysome. How can I troubleshoot this? The openvpn server and client are not at 100% usage during the speedtest, only around 40% cpu on the server and the same at the client.
19:27 <+esde> sorry for the wall-o-text. I know ive seen iperf or something like it mentioned in the past in here. would that be a tool i should use to start determining what's going on?
19:28 <+esde> also logs on both sides are "still" clean (even after the ISP increased speed, no errors)
19:30 < iGamer> i'm guessing the server is faster than what your ISP is providing you
19:30 <+esde> iGamer, obviously. the server is at almost 900Mbps down
19:31 <+esde> but my line speed at the modem is sufficient to carry >50Mb
19:32 <+esde> in fact, it's capacity is as advertised at the modem, without openvpn. only through the vpn does it take a huge hit
19:32 <+esde> I mean i take a 50% speed hit with a different VPS, but that because of it's location (a lot farther away). This closer server maxed out my previous connection 50Mbps/12Mbps
19:37 -!- gr89 [~gr89@ool-4355399b.dyn.optonline.net] has quit [Quit: ircII EPIC5-1.1.10 -- Are we there yet?]
19:37 < TommyC> ws 15
19:38 <+esde> would it be a good idea to open a ticket with my vps provider? it seems like it's not an issue with them to me, but i could be wrong
19:40 <+esde> !bottleneck
19:41 <@vpnHelper> "bottleneck" is (#1) OpenVPN uses userland crypto unless you have HW accel available (as shown with `openvpn --show-engines`.) This means the CPU is frequently the performance bottleneck; remember that OVPN is single-threaded or (#2) See also: !gigabit for ideas on advanced performance tuning options
19:41 <+esde> thats not it though
19:42 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:42 < debbie10t> pfft
19:46 < debbie10t> esde, maybe you live in a cave ...
19:46 <+esde> that makes no sense
19:47 < debbie10t> how not ?
19:47 <+esde> well
19:47 <+esde> #1, i dont live in a cave
19:47 < debbie10t> lol
19:47 <+esde> so theres that
19:47 < debbie10t> &so?
19:48 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
19:48 <+esde> well since the issue is only present over openvpn, here i am
19:48 < debbie10t> but is it only on one network ?
19:48 <+esde> huh?
19:49 < debbie10t> pfft ..
19:49 <+esde> there is only one lan.
19:49 <+esde> no seperate subnets or anything weird
19:50 < debbie10t> server&client on same lan ?
19:50 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
19:50 < debbie10t> seriously ..
19:50 < debbie10t> dont worry about it
19:51 < iGamer> okay
19:51 <+esde> my local lan is 192.168.1.1, my openvpn subnet is 10.8.0.0. my server is a vps, my client is the firewall at my local lan.
19:51 <+esde> *.0
19:51 < iGamer> i think i found the problem. i'm connecting on 10.9.0.0 but the iptables rule is for 10.8.0.0
19:51 < debbie10t> 192.168.1.1 .. oh know
19:51 < iGamer> but whenever i try to add an iptables rule, nothing changes
19:52 <+esde> iGamer, are you removing the other rule first?
19:52 < iGamer> no
19:52 < iGamer> should I?
19:52 <+esde> yeah
19:52 <+esde> if you dont need it
19:52 <+esde> and its wrong
19:53 <+esde> i havent read the scrollback if there's deeper context to your question, then disregard me
19:53 < iGamer> ok i removed the rule
19:53 < iGamer> lemme try adding the new one
19:53 < debbie10t> scrollback .. ph know
19:53 < iGamer> Yeah its not adding
19:53 < iGamer> I'm trying: iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -j SNAT --to-source 199.175.48.219
19:54 <+esde> looks correct
19:54 < iGamer> iptables wont add the rule
19:54 < iGamer> whenever i do iptables -L, nothing changes
19:55 <+esde> oh
19:55 < debbie10t> reload ....
19:55 <+esde> no
19:55 <+esde> iptables -t nat -L
19:55 <+esde> :)
19:55 <+esde> any reason i shouldnt add you to my ignore list debbie10t ?
19:56 < debbie10t> no reason at all
19:56 <+esde> ok i just wanted to ask first.
19:56 <+esde> the rule was added with -t nat so it wont show up with the command you used earlier
19:56 <+esde> any list or delete rules will also need the -t nat bit
19:57 <+esde> and if you've got ipforwarding enabled, you should be good to go
19:58 < iGamer> do i need to restart iptables?
19:58 <+esde> no
19:58 <+esde> it takes effect immediately
19:58 < iGamer> okay i got a bunch of dupes in the list -t nat -L
19:58 <+esde> Ok, so lets delete them
19:59 <+esde> iptables -t nat -D (PRE/POST/WHATEVERROUTING) # (<number of the rule if you read the list 1,2,3 etc starting from the top down)
19:59 <+esde> for instance iptables -t nat -D PREROUTING 2 would delete the second prerouting rule
19:59 < iGamer> got it
20:00 <+esde> :)
20:00 <+esde> also, if you ever decide to (or are currently) using ufw, dont forget to update it's default file to allow incoming (iirc), by default it will block any incoming traffic
20:00 <+esde> i learned this the hard way
20:01 < iGamer> i'm on whatever the default centos firewall is
20:01 < iGamer> Centos 6.6
20:01 <+esde> run ufw status to be sure, but i doubt it's installed/enabled
20:01 -!- debbie10t [~debbie10t@unaffiliated/m10t] has quit [Quit: Closing]
20:02 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Read error: Connection reset by peer]
20:02 < iGamer> ufw: command not found
20:02 <+esde> ok great
20:05 <+esde> get the dupes out of there and keep the one you need
20:06 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
20:07 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
20:10 < iGamer> Ok whmmmm
20:10 < iGamer> Starting openvpn: RTNETLINK answers: File exists
20:11 < iGamer> [OK]
20:11 <+esde> is that some centos specific thing?
20:13 < iGamer> i don't know lol
20:13 <+esde> is it working?
20:15 < iGamer> ah ok
20:15 < iGamer> found the problem in the log
20:15 < iGamer> ERROR: Linux route add command failed: external program exited with error status: 2
20:16 <+esde> uh was it run with sudo or as root?
20:17 < iGamer> theres the full log: http://pastebin.com/rTsDwSFG
20:17 < iGamer> root
20:18 <+esde> !configs
20:18 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:19 < iGamer> and here's my iptables: http://pastebin.com/34SwTf3d
20:19 <+esde> ok clean up iptables first
20:19 <+esde> get rid of 1-8 and 10
20:19 <+esde> keep 9
20:19 < iGamer> server.conf http://pastebin.com/wacQNPnz
20:20 < iGamer> with the -d command for iptables can i remove multiple rules?
20:20 <+esde> " D" it is case sensitive
20:20 <+esde> and just do it manually
20:20 <+esde> *-
20:22 <+esde> and ipforwarding is enabled?
20:22 < iGamer> ok the one rule is in there by itself
20:22 < iGamer> yes ipforwarding is enabled
20:22 <+esde> give it a go
20:22 < iGamer> Starting openvpn: RTNETLINK answers: File exists [OK]
20:23 < iGamer> lemme see the log
20:23 <+esde> that error on line 15 from your earlier log seems to indicate the route already exists according to google
20:23 < MyChris_> How can I have openvpn not use the host's IP when making connections to other internal network resources?
20:24 <+esde> routing
20:24 < iGamer> That could be the error on my vpn has no internet connection right?
20:24 < iGamer> *on why it doesn't
20:24 <+esde> i dont know how, but you could. and you would need to configure routing.
20:24 <+esde> iGamer, huh?
20:25 < MyChris_> esde: Damn lol I don't know enough about the routing to make it happen.... I'm still quite new to openvpn configuration in general this is only my second time dealing with it.
20:25 < MyChris_> http://pastebin.com/dkiGcm5u
20:25 < iGamer> That error could be the reason that my vpn has no internet connection right?
20:25 < MyChris_> Is my server configuration... any connections I make uses the host system's IP though rather then my specified range of "172.19.197.0"
20:25 < iGamer> It seems to be the only error present.
20:25 <+esde> ive dealt with it for a while, but never configured anything to meet your use-case, so i dont personally know how to either
20:26 <+esde> iGamer, what log?
20:27 < MyChris_> esde: I'm thinking it'd have to do with the iptables setup.. but I'm probably wrong.
20:28 < MyChris_> actually I believe that is where I went wrong by MASQUERADING all packets to the hosts IP via iptables..
20:28 <+esde> no not that, i think you want to tell openvpn something like, don't route traffic from this network over the openvpn connection, let it stay where it is and don't mess with it
20:28 < iGamer> esde: http://pastebin.com/mXdUAmwq
20:28 <+esde> but i dont think you'll use iptbales to do it. i could be wrong
20:28 <+esde> WARNING: file 'server.key' is group or others accessible
20:28 <+esde> should be readable to the openvpn user only (ideally)
20:29 <+esde> change the openvpn subnet to 10.8.0.0 and reconfigure your iptables to reflect the change and see what happens
20:29 <+esde> openvpn cant create a route because one already exsists apparently
20:29 <+esde> *-s
20:30 <+esde> does it work? before you do anything
20:30 <+esde> it does say initialization complete.
20:31 < iGamer> Nope, connects to the vpn but no internet connection
20:32 < iGamer> whats the exact rule i need to add to iptables?
20:32 <+esde> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to (eth0 ip)
20:32 < iGamer> this? iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 199.175.xx.xxx
20:32 <+esde> is the command i generally use
20:33 < iGamer> eth0 doesnt work with OpenVZ right? gotta put something else?
20:33 <+esde> venet0:0 i think
20:33 <+esde> ifconfig will say
20:33 <+esde> but i think ifconfig is deprecated and i dont remember which tool is current
20:33 <+esde> !ifconfig
20:33 <@vpnHelper> "ifconfig" is usage: ifconfig l rn | Set TUN/TAP adapter parameters. l is the IP address of the local VPN endpoint. For TUN devices, rn is the IP address of the remote VPN endpoint. For TAP devices, rn is the subnet mask of the virtual ethernet segment which is being created or connected to.
20:33 <+esde> TIL
20:34 < iGamer> i got venet0 and venet0:0
20:34 <+esde> see the factoid pls
20:35 <+esde> oh nvm i thought it might have been a nifty command to tell us which to use. im pretty sure its venet0:0 though
20:35 <+esde> !openvz
20:35 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
20:36 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:36 < iGamer> well the rtnetlink error is gone
20:36 <+esde> oh?
20:37 < iGamer> lemme try
20:39 < iGamer> still no internet connection
20:40 <+esde> what's your goal? just redirecting?
20:41 < iGamer> heres the log: http://pastebin.com/MSgJ2vj5
20:41 <+esde> nothing wrong there
20:41 < iGamer> my goal? To get a working vpn. Whenever I connect to this VPN, theres no internet connection
20:41 <+esde> did you update iptables?
20:41 < MyChris_> esde: I'm trying to research what I'm trying to do but can't seem to find the right keywords...
20:41 < iGamer> yup
20:41 <+esde> with the rule I pasted?
20:42 < iGamer> http://pastebin.com/dFqCjHAx
20:42 <+esde> !iroute !ccd something like that.
20:42 < iGamer> thats the iptables
20:42 <+esde> get rid of rul1
20:42 <+esde> *e
20:43 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:43 < iGamer> done
20:43 <+esde> if SNAT wont work we'll try MASQUERADE
20:44 < iGamer> didn't fix it
20:44 <+esde> are all the other people out drinking or something? I'd love to get to the root of my slow openvpn client issue tonight too :D lol
20:44 < MyChris_> lol
20:44 <+esde> delete the only rule left, try this instead iptables -t nat -A POSTROUTING -j MASQUERADE
20:45 < iGamer> ok
20:45 < MyChris_> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
20:45 <+esde> what
20:45 <+esde> why
20:45 < MyChris_> was providing what I used
20:45 < MyChris_> lol
20:45 < MyChris_> and it works fine.
20:46 < iGamer> iptables v1.4.7: Need TCP, UDP, SCTP or DCCP with port specification Try `iptables -h' or 'iptables --help' for more information.
20:46 <+esde> use sudo
20:46 <+esde> or however use superuser
20:46 < iGamer> sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE --to 199.175.xx.xxx
20:46 < iGamer> look good?
20:46 <+esde> oh wait
20:47 <+esde> sure
20:47 <+esde> why not
20:47 <+esde> :D
20:48 < iGamer> same error
20:48 <+esde> 0:0
20:48 <+esde> not 0
20:48 < iGamer> same error again
20:48 <+esde> dont forget to delete rules you add
20:49 < iGamer> iptables -t nat -L is blank lol
20:50 <+esde> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
20:50 <+esde> s/eth0/venet0:0
20:51 < iGamer> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE s/eth0/venet0:0
20:51 < iGamer> you mean that, all in one command?
20:51 <+esde> no sorry
20:51 <+esde> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0:0 -j MASQUERADE
20:53 < iGamer> nope no internet connection still
20:53 <+esde> !redirect
20:53 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
20:53 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
20:53 <+esde> theres a flowchart that will be helpful, it's late and my noggin is fried
20:53 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
20:54 < iGamer> yup thats the flowchat that didn't help last time
20:54 < iGamer> the one on ircpimps doesnt even load
20:54 <+esde> are your client and lan on the same network?
20:54 <+esde> and server i mean
20:55 < iGamer> nope server is a vps somewhere else in the country
20:55 <+esde> firewall?
20:55 <+esde> other than iptables
20:55 < iGamer> the conf has this:
20:55 < iGamer> push "redirect-gateway def1"
20:55 < iGamer> push "dhcp-option DNS 208.67.222.222"
20:55 < iGamer> push "dhcp-option DNS 208.67.220.220"
20:56 < iGamer> maybe those are a problem?
20:56 <+esde> can you ping out from the client?
20:56 <+esde> to 8.8.8.8 for example
20:56 < MyChris_> esde what about that ipv4 forwarding thing..
20:57 <+esde> he says it's enabled
20:57 < iGamer> nope
20:57 < MyChris_> you had him cat /proc/sys/net/ipv4/ip_forward
20:57 < iGamer> cant ping 8.8.8.8
20:57 <+esde> nope was about to
20:57 <+esde> lol
20:57 < iGamer> Request timeout
20:57 < iGamer> cat /proc/sys/net/ipv4/ip_forward 1
20:58 < MyChris_> esde, part of the reason I want the connections on their own address is because then the firewall handles nat stuff from there and gives different users different external addresses :P
20:58 <+esde> i get why. i just dont know how.
20:58 < MyChris_> yeah I hate it lol.
20:58 <+esde> i know exactly what you want to do
20:59 < iGamer> can't reach address
21:00 <+esde> i dont know specifically what it is, but i know it's routing
21:00 <+esde> maybe kick up verbosity on your server, but it's doing what's supposed to so i dont know if it'll yield anything of value but its worth a shot
21:03 < iGamer> me? I dont know what verbosity is, never heard of it?
21:03 <+esde> verb is set to 3 now in your server.con
21:03 <+esde> you'd set it to 4
21:03 <+esde> *f
21:03 <+esde> and then restart openvpn
21:04 < iGamer> ok
21:04 -!- julie_harshaw [~julie@juliekoubova.net] has quit [Ping timeout: 265 seconds]
21:05 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
21:06 < iGamer> nope that didn't do it
21:06 <+esde> it wouldnt have done it, but it should give more info in the logs
21:06 < iGamer> oh ok
21:07 < MyChris_> lol
21:07 < MyChris_> esde: I have the most ghetto OTP implementation now.
21:07 <+esde> !two-factor
21:08 <+esde> whoa
21:08 <+esde> https://secure-computing.net/factoids.php
21:08 < iGamer> http://pastebin.com/ZDRrmF3D
21:08 <+esde> certificate error for me
21:08 <+esde> anyone else?
21:08 < iGamer> theres the log
21:08 < MyChris_> I didn't want PAM based esde
21:09 < MyChris_> but also
21:09 < MyChris_> yeah.
21:09 <+esde> ecrist, krzee anyone
21:09 < MyChris_> I have a really bad habbit
21:09 < MyChris_> of ignoring them..
21:09 < MyChris_> and adding exceptions
21:09 <+esde> ...................
21:09 <+esde> that's terrible
21:09 <+esde> !ops
21:09 < iGamer> anything weird in the log?
21:10 <+esde> nothing jumps out at me
21:10 <+esde> try UDP?
21:10 <+esde> for shiggles
21:10 <+esde> syzzer, plaisthos maybe??
21:11 <+esde> secure-computing is giving an odd cert error. very uncharacteristic of it.
21:12 < iGamer> isn't tcp more secure?
21:13 <+esde> no
21:13 <+esde> protocol doesnt really matter so much
21:13 <+esde> for security
21:13 <+esde> thats what configuration options are for
21:14 <+esde> !tcpudp
21:14 <+esde> !tcp
21:14 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
21:14 <+esde> sucks not having the factoid cheatsheet
21:14 < iGamer> interesting
21:14 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
21:14 < iGamer> now openvpn failed
21:15 < MyChris_> so esde
21:15 < MyChris_> the cert expired?
21:15 < MyChris_> http://i.gyazo.com/c5a18e6d1045457ad34ebdb618deedb2.png
21:15 < MyChris_> as of 2 days ago.
21:16 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
21:16 <+esde> ok so long as it's the same cert, we're good
21:16 <+esde> and it's just poor planning :P
21:16 <+esde> if it's not and it's a plant used to intentionally mislead, that's bad
21:17 < iGamer> heres the log: http://pastebin.com/z2gEe9cw
21:17 <+esde> and i dont just happen to have a backup of the old cert to check it against lmao
21:17 < MyChris_> lol
21:17 <+esde> iGamer, like i said earlier im fried
21:17 < MyChris_> iGamer, can you provide your configs
21:17 <+esde> ive got my own issue im up against
21:17 < MyChris_> client and server.
21:18 < MyChris_> I'll check it out and see if I spot anything.
21:18 <+esde> doubled my damn internet and i can't even notice (over openvpn) lmao
21:18 < MyChris_> esde: at least where I'm connecting to is like 12 miles away lol.
21:19 <+esde> that's nice
21:19 <+esde> and convenient for latecny
21:19 <+esde> *ency
21:19 < iGamer> server.conf http://pastebin.com/WUCcSf7J
21:19 < MyChris_> our DC
21:19 < iGamer> server at the moment doesn't start
21:19 < MyChris_> isn't much further.
21:20 <+esde> lucky. and the arbitrary 40Mbps cutoff has me stumped
21:20 <+esde> I was getting 40-55+Mbps with only 50Mbps/12Mbps
21:21 < MyChris_> iGamer can you run iptables -t nat -L
21:21 < MyChris_> and paste output.
21:22 -!- codebam [codebam@gateway/shell/yourbnc/x-spzajmowgxnfjamu] has joined #openvpn
21:22 < iGamer> http://pastebin.com/4fkdyPxQ
21:23 < codebam> what cipher should I use? https://community.openvpn.net/openvpn/wiki/Hardening
21:23 <@vpnHelper> Title: Hardening – OpenVPN Community (at community.openvpn.net)
21:23 < codebam> I dont care about <= 2.3.2
21:23 <+esde> TLS-DHE-RSA-WITH-AES-256-CBC-SHA looks nice
21:23 < MyChris_> lol..
21:24 < MyChris_> iGamer, everything I'm seeing looks fine
21:24 < MyChris_> so long as you did that ip_forward portion.
21:24 < MyChris_> that's usually what I miss when it doesn't work.
21:24 < iGamer> but the server won't even start
21:24 <+esde> yeah it does
21:24 <+esde> in tcp
21:24 < iGamer> right
21:24 <+esde> udo was when that issue began
21:24 < iGamer> with udp, it doesnt work
21:24 <+esde> erm
21:24 <+esde> tcp
21:25 <+esde> udp initializes but then no internet connectivity
21:25 < MyChris_> stupid question..
21:25 < MyChris_> what user is openvpn being started under?
21:25 < iGamer> tcp initializes
21:25 < iGamer> but no internet
21:25 < iGamer> should i set it back to tcp?
21:25 <+esde> oh shit
21:25 <+esde> iGamer, you're 100% correct
21:25 <+esde> like i said, my brain is scrambled
21:26 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
21:26 < codebam> esde: just saw that... thank you :)
21:26 <+esde> np
21:26 <+esde> 2.3.6 is nice though codebam
21:26 < MyChris_> btw iGamer, you didn't clean the IP out of the logs.
21:26 < iGamer> at this point, i dont really care
21:26 < MyChris_> esde, do you think it's in relation
21:26 < codebam> esde: what do you mean?
21:26 < iGamer> i've been trying to solve this for weeks
21:26 < MyChris_> to something done on the DC side
21:26 < MyChris_> to prevent it?
21:27 < codebam> so CBC is better than GCM?
21:27 <+esde> MyChris_, no
21:27 <+esde> codebam, when you said <codebam> I dont care about <= 2.3.2
21:27 <+esde> 2.3.6 is a nice version
21:28 <+esde> 2.3.3 is too, both are nice than 2.3.2
21:28 <+esde> and SHA1 is broken
21:28 < codebam> esde: oh... wouldnt I just want the latest version?
21:28 <+esde> of course
21:28 <+esde> 2.3.6 is current
21:28 -!- justinzane [~justinzan@67.21.190.132] has quit [Remote host closed the connection]
21:28 < codebam> oh okay
21:28 <+esde> so you are running a greater version than 2.3.2?
21:29 <+esde> do TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 then if thats the case
21:29 < codebam> esde: I didnt check. but I assume so since its arch linux
21:29 <+esde> SHA256 if the hmac overhead is toomuch
21:29 < codebam> ah okay. cool thanks
21:30 <+esde> np
21:30 -!- justinzane [~justinzan@67.21.190.132] has joined #openvpn
21:31 < iGamer> it says it pushes the request from my client computer
21:32 < codebam> yea. 2.3.6-1
21:32 < iGamer> then this
21:32 < iGamer> SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
21:33 < MyChris_> iGamer, here's my config..
21:33 < MyChris_> http://pastebin.com/F85i9qiu
21:34 < MyChris_> client config, http://pastebin.com/QDGebZES
21:34 < MyChris_> iGamer is your client side windows?
21:35 < iGamer> OSX using Tunnelblick
21:35 < iGamer> i don't have a push "route" in my config
21:35 < MyChris_> hmm, I have little experience with OSX.
21:35 < MyChris_> that could actually be your issue.
21:36 < MyChris_> you set server
21:36 < MyChris_> but you don't push the route to the client.
21:37 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:39 < iGamer> nope
21:39 < iGamer> didn't fix it
21:39 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
21:40 < MyChris_> are you able to ping your server
21:40 < MyChris_> over the virtual network
21:40 < MyChris_> I.E. I ping 172.19.197.1
21:41 <+esde> OHHHHHHHHHHHHHHHHHH
21:41 <+esde> other ppl have had sisues with tunnelblick recently
21:41 <+esde> your issue might be some kind of bug
21:41 <+esde> i missed that part
21:41 <+esde> spin up a vm and try win or ni
21:41 <+esde> x
21:43 < MyChris_> esde reading up on it
21:43 < MyChris_> apparently the beta fixes some of the issues.
21:44 < iGamer> nope cant ping local ips on the vpn
21:44 < MyChris_> odd
21:44 < MyChris_> it's literally routing no traffic.
21:46 < iGamer> nothing on my windows machine either
21:46 < iGamer> its definitely the vpn
21:46 < MyChris_> oh, so you're doing this on a windows machine as well.
21:46 -!- early [~early@2607:5300:100:200::160d] has quit [Ping timeout: 245 seconds]
21:47 < MyChris_> iGamer
21:47 < MyChris_> can you remove the ifconfig-pool-persist ine.
21:47 < MyChris_> and do route print on your windows machine
21:47 < MyChris_> while you're connected to the VPN
21:47 < MyChris_> and paste the results
21:48 < MyChris_> (On windows also make sure openvpn is running as admin)
21:48 < iGamer> route print where?
21:48 < MyChris_> in command line.
21:48 < iGamer> k
21:49 < MyChris_> http://pastebin.com/75275zqx
21:49 < MyChris_> should be something like this.
21:52 < iGamer> it says invalid parameter
21:54 < MyChris_> can you screenshot
21:54 < MyChris_> please
21:55 < iGamer> all it says is use --help for more information
21:57 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
21:57 < MyChris_> on the windows machine?
21:58 < iGamer> yes, i dont usually use the cmd. i usually use the gui
21:59 < MyChris_> and you typed "route print" right?
22:02 < MyChris_> I'm sorry I'm just not sure how you could be getting "invalid parameter"
22:02 < MyChris_> unless you're running an outdated version of windows or something.
22:32 < iGamer> well what do i do
22:32 < iGamer> i drag the ovpn file into the openvpn.exe right?
22:36 < MyChris_> well, or you can use the openvpn gui.
22:36 < MyChris_> but I was talking about route print
22:36 < MyChris_> in cmd.
22:36 < MyChris_> I wanted to see what routes you had while you were connected.
22:37 < iGamer> so i connect with the gui
22:37 < iGamer> then what do i enter in the cmd window
22:37 < MyChris_> if you connect with the GUi
22:37 < MyChris_> *GUI you shouldn't have to enter anything in any cmd window.
22:37 < iGamer> OH
22:37 < iGamer> I seer
22:38 < MyChris_> place your configs in the config folder..
22:38 < MyChris_> http://i.gyazo.com/112bc28e1ffa57e8fbdefdb844cbc720.png
22:39 -!- iGamer [60f6eefb@gateway/web/cgi-irc/kiwiirc.com/ip.96.246.238.251] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
22:39 < MyChris_> Then use GUI from task bar to connect to the config you want.
22:39 < MyChris_> http://i.gyazo.com/463e617be7f944c5ac58b7df79809e57.gif
22:40 -!- paxmark9 [~paxtormar@199.21.149.142] has quit [Quit: Leaving]
22:41 -!- iGamer [60f6eefb@gateway/web/cgi-irc/kiwiirc.com/ip.96.246.238.251] has joined #openvpn
22:41 < iGamer> see, no internet on the vpn ;)
22:41 < iGamer> http://pastebin.com/t7hKUVKn
22:41 < iGamer> theres the route print
22:44 < MyChris_> 169.254.0.0 255.255.0.0 On-link 169.254.62.170 266
22:44 < MyChris_> 169.254.62.170 255.255.255.255 On-link 169.254.62.170 266
22:44 < MyChris_> 169.254.255.255 255.255.255.255 On-link 169.254.62.170 266
22:44 < MyChris_> interesting routes..
22:44 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:46 < iGamer> what does it mean
22:46 < MyChris_> Just means I found those interesting/to be uncommon lo
22:46 < MyChris_> lol
22:46 <+esde> means you got no dhcp
22:46 <+esde> windows fallback ip range
22:46 < MyChris_> esde, they could be actual ranges too :P
22:46 < MyChris_> but yeah....
22:47 <+esde> google it
22:47 <+esde> :)
22:47 < MyChris_> I'm also tired as hell.
22:47 < MyChris_> but anyway, if the case is no dhcp.
22:47 < MyChris_> then..
22:47 < MyChris_> I'm assuming the openvpn server isn't providing dhcp.
22:47 < MyChris_> did you ever remove that one line I mentioned?
22:48 < MyChris_> "ifconfig-pool-persist ipp.txt"
22:48 <+esde> not openvpn, the lan
22:50 < iGamer> yes
22:50 < iGamer> heres the current conf: http://pastebin.com/mQmgK5b7
23:02 < MyChris_> not that it should really matter..
23:02 < MyChris_> but can you change 10.8.0.0
23:02 < MyChris_> to like 10.8.1.0 or 10.8.10.0
23:02 < MyChris_> or something.
23:03 < MyChris_> and can I see your client side config.
23:03 < iGamer> you mean in the iptables rules?
23:03 < MyChris_> no
23:03 < MyChris_> in general the address it has
23:03 < MyChris_> server 10.8.0.0 255.255.255.0
23:03 < MyChris_> route 10.8.0.0 255.255.255.0
23:04 < MyChris_> you would want to update the MASQUERADE rule in iptables as well though, yeah.
23:04 < iGamer> http://pastebin.com/D2GzK1L5
23:04 < iGamer> client conf
23:05 < MyChris_> route-method exe
23:05 < MyChris_> route-delay 2
23:05 < MyChris_> add that to your client conf on the windows machine at least.
23:06 < iGamer> what does that do
23:07 < MyChris_> On windows it tells it to use the route.exe executable to add routes rather then normal ip helper api.
23:08 < MyChris_> as far as server 10.8.0.0 I personally would try changing it to 10.8.10.0 or something like that
23:08 < iGamer> what about mac
23:08 < iGamer> i use the vpn on a mac
23:09 < MyChris_> just leave it how it is on the mac.
23:12 -!- iGamer [60f6eefb@gateway/web/cgi-irc/kiwiirc.com/ip.96.246.238.251] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
23:12 -!- iGamer [60f6eefb@gateway/web/cgi-irc/kiwiirc.com/ip.96.246.238.251] has joined #openvpn
23:12 -!- iGamer [60f6eefb@gateway/web/cgi-irc/kiwiirc.com/ip.96.246.238.251] has left #openvpn []
23:12 -!- iGamer [60f6eefb@gateway/web/cgi-irc/kiwiirc.com/ip.96.246.238.251] has joined #openvpn
23:12 < iGamer> Nope
23:12 < iGamer> didn't work
23:12 < MyChris_> what's the server config look like now?
23:13 < MyChris_> and did you update the iptables rule too?
23:14 < iGamer> you mean the client config?
23:14 < iGamer> i didn't touch the server config
23:14 < MyChris_> try changing in the server config 10.8.0.0 to 10.8.10.0
23:14 < MyChris_> instead.
23:14 < MyChris_> for the sake of bullshitting around.
23:15 < MyChris_> and make sure you delete the previous MASQUERADE rule in iptables and add a new one.
23:16 < iGamer> and push "route 10.8.0.0." to push "route 10.8.10.0"?
23:16 < MyChris_> as well as
23:16 < MyChris_> server 10.8.0.0
23:17 <+esde> im going to solve this problem im having with speed tomorrow
23:17 <+esde> i just verified  comcast is not the issue (for once)
23:17 < MyChris_> heh, I hate comcast esde.
23:17 <+esde> tonight i dont actually
23:17 <+esde> it's weird
23:18 < iGamer> give me the exact iptables rule to add
23:18 < iGamer> please
23:18 <+esde> i mean they do passive dpi and stuff, but who cares if you're using a vpn
23:19 -!- ShadniX [dagger@p5481DC3D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:19 <+esde> (at the modem)
23:19 < MyChris_> iGamer, first delete the old rule..
23:19 < MyChris_> iptables -t nat -D POSTROUTING 1
23:19 < iGamer> done that
23:19 <+esde> however in this case, the vpn is somehow reducing my throughput to 30-40% it's capacty
23:20 < MyChris_> iptables -t nat -I POSTROUTING -s 10.8.10.0/24 -j MASQUERADE
23:20 < MyChris_> if you made it 10.8.10
23:20 < MyChris_> that'd be your new rule.
23:21 <+esde> systemctl restart network.service
23:21 <+esde> try that
23:21 -!- ShadniX [dagger@p5481DC5B.dip0.t-ipconnect.de] has joined #openvpn
23:22 < iGamer> nope changing the ip didn't fix it. still no internet
23:22 < MyChris_> +esde • systemctl restart network.service
23:22 < iGamer> will restarting network.service disconnect the rest of the stuff i have running?
23:23 <+esde>  ¯\_(ツ)_/ ¯
23:24 < iGamer> ,lol
23:24 < iGamer> systemctl: command not found
23:24 <+esde> sysctl -p
23:26 < iGamer> net.ipv4.ip_forward = 1
23:26 < iGamer> net.ipv4.tcp_syncookies = 1
23:26 < iGamer> error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
23:26 < iGamer> error: "net.bridge.bridge-nf-call-iptables" is an unknown key
23:26 < iGamer> error: "net.bridge.bridge-nf-call-arptables" is an unknown key
23:26 <+esde> hmm
23:27 < MyChris_> I'm out for the night... gll iGamer sorry I couldn't be of help.
23:27 < iGamer> its alright. you're not the first one.
23:27 < iGamer> thanks anyway
23:27 <+esde> iGamer,  who has helped you so far?
23:28 < MyChris_> hopefully I can get my issue figured out tomorrow
23:28 < MyChris_> all my research has led to a dead end.
23:28 <+esde> same here
23:28 <+esde> iperf does not tell lies
23:28 < iGamer> i was here a week ago
23:28 < iGamer> i forget
23:29 <+esde> there are some much brighter minds than mine that will be glad to help
23:29 <+esde> just timing is difficult on irc
23:30 < iGamer> i'll pop on tomorrow and if not, sunday
23:30 <+esde> if you can, just idle
23:31 < iGamer> i'll add this to znc, also which is on this same VPS
23:34 -!- iGamer [60f6eefb@gateway/web/cgi-irc/kiwiirc.com/ip.96.246.238.251] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
23:35 -!- iGamer [~Elite@199.175.48.219] has joined #openvpn
23:35 < iGamer> There we go.
23:35 <+esde> http://results.speedtest.comcast.net/result/797179784.png
23:35 <+esde> no problemo on open internet
23:37 <+esde> http://pastebin.com/Vk5MPxn5
23:37 < iGamer> at least you get in/out connections on your vpn ;)
23:38 <+esde> but on openvpn it goes to crap. and i can reproduce the issue (using different servers that is)
23:38 <+esde> iGamer, i suspect something is tinkering on your network
23:38 <+esde> theres an openvpn troubleshooting page that uses wireshark
23:38 <+esde> !wireshark
23:39 <+esde> https://docs.openvpn.net/how-to-tutorialsguides/administration/troubleshooting-openvpn-connectivity-issues/
23:39 <@vpnHelper> Title: Troubleshooting OpenVPN Connectivity Issues | Documentation (at docs.openvpn.net)
23:40 < iGamer> but i can connect fine
23:40 < iGamer> its just not bridging the two connections
23:41 <+esde> you dont know what it's doing. you just know it's not working. a tcpdump will help figure what is going where
23:43 < iGamer> so many things to do just to fix this damn thing
23:43 <+esde> it's a fringe scenario i assure you
23:43 <+esde> everything makes sense on the surface from what we can tell
23:44 <+esde> then again, i dont know centos
23:44 <+esde> i know debian based distros
23:44 < iGamer> i had the choice to use those and went with centos lol
23:45 <+esde> chances are the root cause isnt due to your choice of os
23:45 < iGamer> i had centos 7 but it didn't work with anything
23:45 < iGamer> so i reverted back to centos 6
23:45 <+esde> are you in some country with a great firewall?
23:45 < iGamer> no im in the US and its a US VPS
23:46 <+esde> do you have a local firewall? built into the router maybe?
23:46 < iGamer> nope, my ISP doesn't block shit.
23:46 <+esde> youre connected to the modem?
23:47 < iGamer> don't use a modem. its fiberoptics
23:48 <+esde> my main question is, is there networking hardware between the openvpn client and the line from your isp, at all?
23:48 <+esde> managed switches, routers, etc
23:48 < iGamer> nope
23:49 < iGamer> direct connection
23:49 <+esde> directly plugged into the IAD?
23:49 < iGamer> well, the router, yes
23:49 < iGamer> but its set up with an Open NAT, my IP is forwarded, etc.
23:50 <+esde> what is this router
23:50 <+esde> is it from the isp?
23:50 < iGamer> Actiontec
23:50 < iGamer> yes, from the ISP
23:50 <+esde> are there any "helpers" you can turn off? firewalls? ALG handling? anything at all that could mess with your connection??
23:51 < iGamer> Nope, i'm completely exposed to the internet, sadly. Which is why it would be great to have this VPN working for at least some "protection"
23:51 <+esde> pfsense man
23:51 <+esde> ##pfsense
23:51 <+esde> i cant believe it's free, really
23:52 <+esde> and there's whole books on it
23:53 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has quit [Ping timeout: 246 seconds]
23:54 <+esde> it's got a built-in vpn client that is nifty
23:54 < iGamer> wat
23:54 < iGamer> I'm confused
23:54 <+esde> oh yeah among a million other features
23:55 <+esde> pfsense is a router, you'd put it right at the isp line, and it would serve dhcp and act as a fireall (and anything else) you want for your network. but this is beyond whats at hand
23:55 <+esde> *w
23:57 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has joined #openvpn
23:57 < iGamer> well i would set up this vpn per computer, not on the router
23:57 < iGamer> i have a pi that i set up a tor router, and i use that sometimes.
23:59 <+esde> http://paste.debian.net/hidden/ada1f9f5/ my server conf if anyeon thinks itd be relevant to my issue
--- Day changed Sat Feb 07 2015
00:00 <+esde> sadly though, i think most people are out
00:03 < iGamer> a lot of stuff in there
00:03 <+esde> and it all servers a purpose
00:04 <+esde> serves even
00:04 -!- justinzane [~justinzan@67.21.190.132] has quit [Ping timeout: 245 seconds]
00:05 < iGamer> Mine is so frustrating :(
00:05 <+esde> youre trying though man!
00:05 <+esde> !effort
00:05 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
00:05 <+esde> its the opposite of that for you
00:05 <+esde> we want to help! :)
00:06 <+esde> that's why those brighter people will likely be able to solve it. because you're wiling to put forth the effort it seems
00:07 < iGamer> i've been at it for weeks
00:07 <+esde> i was too before i got going
00:07 <+esde> all of this was brand new
00:10 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Ping timeout: 245 seconds]
00:11 <+esde> !symmetric
00:28 <+hyper_ch> krzee: online?
01:17 <+esde> if someone sees an op before i do, mention the expired cert pls
01:33 <@krzee> hyper_ch, ?
01:34 <+hyper_ch> krzee: what could be the cause for slow speeds between two clients?   client1 <-> server = fast      client2 <-> server = fast      client1 <-> client2 slow
01:35 <@krzee> could be plenty of things
01:36 <@krzee> no idea
01:36 <+hyper_ch> cpu doesn't seem to go to more than 20%
01:36 <+hyper_ch> (in htop)
01:36 < DocMAX> hello
01:37 < DocMAX> if i connect at my router at home i get 10.0.0.6. but i cant reach my hosts. what to do?
01:37 <+hyper_ch> it just seems weird to me... if both clients can transfer to the server at max speed... why don't I get almost same results when client ot client?
01:37 <+hyper_ch> !welcome
01:37 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
01:37 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
01:38 < DocMAX> was this for me?
01:38 < DocMAX> !howto
01:38 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
01:46 <+hyper_ch> DocMAX: what exactely are you trying to do?
01:49 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has quit [Ping timeout: 244 seconds]
01:49 <+hyper_ch> krzee: btw, what you think of my little helper here: http://paste.debian.net/144399/
01:50 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has joined #openvpn
01:54 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
01:56 < DocMAX> hyper_ch
01:56 < DocMAX> i want to reach my home-hosts
01:57 < DocMAX> @home for instance i have client1
01:57 < DocMAX> and i want to reach it externaly via VPN
01:57 <+hyper_ch> !client-to-client
01:57 <@vpnHelper> "client-to-client" is with this option packets from 1 client to another are routed inside the server process. without it packets leave the server process, hit the kernel (firewall, routing table) and if allowed by firewall and routed back to server process, they go to the client. you use this option when you do not want to use selective firewall rules on what clients can access things behind other
01:57 <@vpnHelper> clients
01:58 < DocMAX> Uncomment out the client-to-client directive if you would like connecting clients to be able to reach each other over the VPN. By default, clients will only be able to reach the server.
01:58 < DocMAX> ?
02:08 -!- Matir [~matir@ubuntu/member/matir] has quit [Ping timeout: 245 seconds]
02:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:19 < DocMAX> ethernet bridgin seems to be the solution!!!
03:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
03:28 <+hyper_ch> hmmmm, on a vpn client there are connection to two vpn networks a and b.   for network a, the server sends def1 and for network b server just pushes normal route. should network b still be accessible despite network a having def1?
03:54 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 245 seconds]
03:57 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
04:00 -!- Mchammerdad [~Larlochth@fenixci.com] has quit [Read error: Connection reset by peer]
04:11 <+hyper_ch> so, improved the script a tiny bit http://paste.debian.net/144407/
04:24 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:25 < ValdikSS> !welcome
04:25 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:25 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:46 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:52 -!- dazo_afk is now known as dazo
04:52 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has quit [Ping timeout: 264 seconds]
05:02 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
05:02 -!- mode/#openvpn [+v hyper_ch] by ChanServ
05:06 -!- DocMAX [~docmax@g224157233.adsl.alicedsl.de] has quit []
05:09 -!- Winestone [7a6aa480@gateway/web/freenode/ip.122.106.164.128] has joined #openvpn
05:09 < Winestone> hello, am I allowed to ask for help here?
05:13 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
05:13 -!- Winestone [7a6aa480@gateway/web/freenode/ip.122.106.164.128] has quit [Ping timeout: 246 seconds]
05:16 -!- dazo is now known as dazo_afk
05:16 -!- Winestone [~Winestone@c122-106-164-128.carlnfd1.nsw.optusnet.com.au] has joined #openvpn
05:16 < Winestone> !welcome
05:16 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
05:16 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
05:17 < Winestone> !goal
05:17 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
05:20 -!- Ben` [~b3n@gateway/shell/blinkenshell.org/x-jjbhftvywyabfqug] has joined #openvpn
05:20 < Winestone> I would like to create an openvpn network running on lan A, computer A, where lan A, computer B and any other computer accross the net can connect to it given certificate stuff and config and use it to play lan games eg little fighter 2
05:20 < Winestone> problem, cannot ping a computer on the network
05:21 < Winestone> if any config/whatever stuff is needed, please ask
05:21 < Winestone> !ask
05:21 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
05:22 < Ben`> Hello. How can I connect one OpenVPN server to another? So I want client->server1->server2->Internet.
05:24 < Winestone> pings from lan A computer B to other computers on openvpn network fail with "Reply from (oppenvpn ip of this computer): Destination host unreachable."
05:31 -!- Winestone [~Winestone@c122-106-164-128.carlnfd1.nsw.optusnet.com.au] has quit [Read error: Connection reset by peer]
05:32 -!- Winestone [~Winestone@c122-106-164-128.carlnfd1.nsw.optusnet.com.au] has joined #openvpn
05:39 <+hyper_ch> !client-to-clinet
05:39 <+hyper_ch> !client-to-client
05:39 <@vpnHelper> "client-to-client" is with this option packets from 1 client to another are routed inside the server process. without it packets leave the server process, hit the kernel (firewall, routing table) and if allowed by firewall and routed back to server process, they go to the client. you use this option when you do not want to use selective firewall rules on what clients can access things behind other
05:39 <@vpnHelper> clients
05:39 <+hyper_ch> Winestone: see above
05:40 <+hyper_ch> Ben`: is server1 client of server2?
05:40 < Winestone> if you mean does the server config have client-to-client in it, it does
05:40 <+hyper_ch> !configs
05:40 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
05:41 <+hyper_ch> please provide the configs
05:41 < Winestone> ok
05:42 < Ben`> hyper_ch: I tried to run both a client and server on server1 but then I get lots of "bad source address from client [...] packet dropped" so I'm not sure what I'm doing wrong
05:42 <+hyper_ch> any particular reason why you want to run throught two vpns?
05:44 < Ben`> I don't have control over server2 but want to maintain anonymity so it should only get server1's IP address when I connect.
05:45 <+hyper_ch> Ben`: I don't think I can help you
05:45 < Ben`> Ok, thank you anyway.
05:46 < Winestone> hyper_ch: so this is what I got http://pastebin.com/1YDcN7s9
05:46 < Winestone> not sure what ccd/pfsense is
05:46 <+hyper_ch> you really need tap?
05:46 < Winestone> no idea what it does
05:46 <+hyper_ch> !tunortap
05:46 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
05:46 <@vpnHelper> rooted/jailbroken) support only tun
05:47 <+hyper_ch> lan gaming...
05:47 < Winestone> so you say I should tun?
05:47 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
05:47 < Winestone> you're*
05:47 <+hyper_ch> nah, seems you need to use tap
05:48 < Winestone> oh ok
05:48 <+hyper_ch> also for proto it's probably better to use udp instead of tcp
05:49 <+hyper_ch> and no idea what those up and down rules do
05:51 < Winestone> hyper_ch: with up/down so at some point it kinda semi-worked with udp and seems to drop some packets
05:51 < Winestone> I meant http://pastebin.com/SaTu1rSP
05:51 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 245 seconds]
05:52 < Winestone>  so at some point it kinda semi-worked with udp and seems to drop some packets  at some times, tcp seems to prevent these packet drops for some reason
05:54 -!- kennyboy [~ken@ec2-54-79-14-174.ap-southeast-2.compute.amazonaws.com] has joined #openvpn
05:57 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:06 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:17 <+hyper_ch> how do I get the environment varialbe into up/down scripts? I thought I could just call them by   $ifconfig_local  $ifconfig_remote and  $dev
06:21 < Winestone> hyper_ch: they are passed in as parameters $1, $2 and $3 in the server.conf script
06:22 <+hyper_ch> Winestone: for my understainding you don't need to pass them... at least that's how various examples show
06:22 < Winestone> hyper_ch: oh wait
06:23 < Winestone> hyper_ch: I think server-bridge might need to be used?
06:23 <+hyper_ch> not according to the man pages
06:29 < Winestone> hyper_ch: something about "OpenVPN can be setup for either a routed or a bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus layer-3 VPN. In a bridged VPN all layer-2 frames - e.g. all ethernet frames - are sent to the VPN partners and in a routed VPN only layer-3 packets are sent to VPN partners. In bridged mode all traffic including traffic which was traditionally LAN-local like local network
06:29 < Winestone> broadcasts, DHCP requests, ARP requests etc. are sent to VPN partners whereas in routed mode this would be filtered." from https://help.ubuntu.com/12.04/serverguide/openvpn.html
06:29 <@vpnHelper> Title: OpenVPN (at help.ubuntu.com)
06:30 <+hyper_ch> what is that for? I'm talking about up/down scripts and env vars in tehre
06:31 < Winestone> that is server/server-bridge maybe
06:33 < Winestone> hyper_ch: so on that page if you go down to "Prepare server config for bridging", it has a similar up setup
06:33 < Winestone> hyper_ch: and also there is up/down on https://help.ubuntu.com/community/OpenVPN and that is kinda the one I followed
06:33 <@vpnHelper> Title: OpenVPN - Community Help Wiki (at help.ubuntu.com)
06:40 < Winestone> I will have to leave and I will hope my computer stays open to keep logs
06:45 -!- Winestone [~Winestone@c122-106-164-128.carlnfd1.nsw.optusnet.com.au] has quit [Ping timeout: 246 seconds]
06:45 -!- winestone [~Winestone@c122-106-164-128.carlnfd1.nsw.optusnet.com.au] has joined #openvpn
06:52 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
07:07 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 264 seconds]
07:09 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
07:12 -!- ShadniX [dagger@p5481DC5B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
07:12 -!- ShadniX [dagger@p5DDFF66E.dip0.t-ipconnect.de] has joined #openvpn
07:13 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
07:30 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 245 seconds]
07:32 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
07:43 -!- winestone [~Winestone@c122-106-164-128.carlnfd1.nsw.optusnet.com.au] has quit [Ping timeout: 264 seconds]
08:04 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:04 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:12 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 245 seconds]
08:13 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
08:16 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
08:28 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
08:30 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
08:41 -!- paxmark9 [~paxtormar@199.21.149.142] has joined #openvpn
08:45 -!- Netsplit *.net <-> *.split quits: joker2u, novae, _KaszpiR_, DHowett, Champi, gardar, akkad
08:45 -!- Netsplit over, joins: _KaszpiR_
08:46 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
08:47 -!- Netsplit over, joins: Champi
08:47 -!- Netsplit over, joins: gardar
08:55 -!- JackWinter_ [~jack@vodsl-10478.vo.lu] has quit [Ping timeout: 245 seconds]
08:56 -!- JackWinter_ [~jack@vodsl-10478.vo.lu] has joined #openvpn
09:00 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
09:35 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has joined #openvpn
09:40 -!- tekk [~me@185.17.149.149] has quit [Ping timeout: 264 seconds]
09:41 -!- early [~early@105.ip-167-114-152.net] has quit [Quit: Leaving]
09:44 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
09:48 -!- JackWinter_ [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
09:50 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 245 seconds]
09:55 -!- JackWinter_ [~jack@vodsl-10478.vo.lu] has joined #openvpn
10:00 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
10:01 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
10:16 <@krzee> hyper_ch, you could run `env` in a script
10:16 <@krzee> that'll show all env vars
10:16 <+hyper_ch> that sounds way too easy
10:16 <@krzee> (or you can output it to a file for a better look)
10:16 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
10:17 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
10:18 -!- kurokatze [~felis@s2.katzen.me] has joined #openvpn
10:19 < kurokatze> !welcome
10:19 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
10:19 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:19 < kurokatze> !goal
10:19 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
10:21 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
10:22 < kurokatze> so i have a vpn server set up with pritunl,
10:23 < kurokatze> along with sslh, to forward from port 443. It worked well, until recently, but only on windows
10:24 < kurokatze> i've set up this kind of connection many times, with all of them using port 443 by using sslh, but somehow, sometimes it randomly wont work on win
10:24 < kurokatze> any suggestion where i should try to check?
10:24 <@krzee> some sort of windows port sharing?  like the unix only --port-share ?
10:26 <+hyper_ch> krzee: that was a good idea :)
10:27 < kurokatze> windows port sharing?
10:28 < kurokatze> oh, im not using openvpn port share
10:28 <+hyper_ch> krzee: well, just implemented source based policy routing :)
10:28 -!- Artabros [~Artabros@29.Red-79-154-235.dynamicIP.rima-tde.net] has quit [Ping timeout: 256 seconds]
10:30 <@krzee> kurokatze, just trying to figure out what you're trying to do
10:32 < kurokatze> openvpn on 127.0.0.1:111 accessed by using sslh via publicip:443 . client can connect from linux/android, but not on windows
10:33 <+hyper_ch> http://paste.debian.net/144452/
10:44 <@krzee> oh i see what sslh is now
10:44 <@krzee> i cant really help with it though
10:45 < pekster> kurokatze: That sounds very silly; why are you trying to use a VPN over tcp over ssh?
10:45 <@krzee> pekster, http://www.rutschle.net/tech/sslh.shtml
10:45 <@vpnHelper> Title: ssl/ssh multiplexer (at www.rutschle.net)
10:45 < kurokatze> it's a port multiplexer
10:46 < kurokatze> but i think i recall just straight up using port 443, and the same issue still arises
10:46 < pekster> So you still haven't explained your goal here..
10:46 < kurokatze> works on linux, doesnt work on win
10:46 < kurokatze> a mo, im getting the logs
10:46 < pekster> Do you really plan to run X number of openvpn instances and somehow require that they all will be used based on the _ssh_ (⁈) credentials?
10:48 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has joined #openvpn
10:49 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:49 <@krzee> it's an external solution for port-share
10:50 <@krzee> so you can serve https to those who are not on openvpn
10:50 <@krzee> at least thats what i gathered from it, i could be wrong i guess
10:51 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
10:51 < kurokatze> yep, spot on
10:52 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has quit [Ping timeout: 244 seconds]
10:56 < kurokatze> okay, i've tried running it directly on port 443, still the same
10:56 < kurokatze> connects on win, straight up fails on windows
10:56 < kurokatze> i mean, linux
11:00 < pekster> Logs won't say "openvpn straight up failed" -- but !configs and !logs will reveal more
11:02 -!- justinzane [~justinzan@24.49.184.10] has quit [Remote host closed the connection]
11:02 < kurokatze> yeah, a mo, im getting the logs
11:02 < kurokatze> using win is not fun ye know
11:03 < kurokatze> using the mouse so much, gui and stuff
11:03 < kurokatze> !configs
11:03 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:03 < kurokatze> !logs
11:03 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:13 -!- `hypermist` is now known as pcupgrades
11:15 <+esde> pekster, are you aware that the certificate for secure-computing.net is expired?
11:15 < pekster> Not my domain
11:16  * pekster pokes ecrist: "The certificate expired on 02/04/2015 05:59 PM"
11:16 <+esde> Ok. Any chance you could alert whomever does maintain it? I'm not sure who to bother.
11:16 < pekster> meanwhile, unless you were sending private info there, you can hapily continue using it with the benefits unauthenticated https provides (namely, OE)
11:18 <+esde> Informed users yes. However, the default browsing warning seems extremely ominous to your average end-user.
11:18 < pekster> Most users are idiots; those same "concerned users" wouldn't blink an eye if it wasn't encrypted at all
11:18 < pekster> The importance of "warnings" on security is only as important as the information being exchanged over it
11:19 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has joined #openvpn
11:19 <+esde> Believe it or not if you'd like. But my users are actually astute when it comes to this. I have received numerous calls for this and almost every time it was a phishing attack.
11:19 <+esde> In other news, sonicwall sucks.
11:19 < pekster> And obvoiusly they were being asked to submit data
11:20 < pekster> Were you logging into the wiki on secure-computing? Then maybe there's cause for conern. Or sending a message with confidential information?
11:20 -!- iGamer [~Elite@199.175.48.219] has quit [Changing host]
11:20 -!- iGamer [~Elite@unaffiliated/igamer] has joined #openvpn
11:20 < pekster> If you were just looking to view the information, surely you're not actually suggesting your important enough to launch a MITM attack against and have the page information falsified?
11:21 <+esde> I'm not suggesting that.
11:21 < pekster> I get your point about not using X.509 on a public site unless it's got a valid cert, but assessing that it's a "huge security problem" is nonsense unless you're transmitting/receiving confidential info
11:21 < iGamer> Hello
11:21 < iGamer> I'm back with the same problem :/
11:22 < kurokatze> win log (the one im having trouble) http://pastebin.com/gtwjFuDQ linux logs (working) http://pastebin.com/jqfAWGS8 client config http://pastebin.com/f7dQuGAz server http://pastebin.com/iVGNahYg
11:23 <+esde> My point wasn't that it was a security concern. My point was that it might scare some users accessing the domain. That's all. The less confusion the better, and with something like an invalid certificate warning when connecting to a domain aptly name secure-computing. Well, it's just a smidge ironice.
11:23 -!- sireebob [sireebob@unaffiliated/sireebob] has quit [Ping timeout: 245 seconds]
11:23 <+esde> *-e
11:24 < pekster> markdown's official site has had a self-signed x.509 for years, yet it remains largely popular. All depends on context. But yes, "should be corrected." And also "not my problem" ;)
11:25 < pekster> kurokatze: max clients 2048 on a network that can only issue 253 IPs? That's not overly useful
11:27 < pekster> kurokatze: line 314 of your client log shows that the conneciton was reset
11:27 < kurokatze> it's for personal use, and i dont connect more than 3-4 devices at a time
11:27 < pekster> You need to figure out why there's a TCP RST packet coming in. You didn't paste server logs, so if there's a reason there it's unknown
11:27 < kurokatze> yeah
11:27 < kurokatze> ah, right, server logs >.>
11:27 < pekster> Also, don't use mute on the server
11:28 < pekster> At least until you figure out why things are broken
11:28 < pekster> and use !verb as it explains
11:28 < pekster> level 1 is _not_ suitable for debugging
11:29 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
11:37 < kurokatze> i may have left out an important bit. im behind a restrictive firewall that i have no control over
11:37 < kurokatze> it would prolly work if i use a diff internet connection
11:38 < pekster> Then 443 might be a poor choice if the firewall uses DPI that blocks non-https traffic
11:38 < pekster> openvpn is easy to distinguish from other types of traffic (and in fact, with TLS it's even rather trivial to identify it as openvpn traffic)
11:39 < pekster> restrictive firewalls frequently attempt to restrict traffic on common ports to the protocols "expected" on such ports
11:39 < pekster> You can try variations on: tcp/80, tcp/443, udp/53, tcp/53, tcp/113, udp/123, etc
11:40 < kurokatze> figured that would be the case. most of the times it works though, it just randomly wont connect sometimes
11:40 < pekster> Use of PSK can avoid most forms of traffic fingerprinting (though not traffic analysis) at a loss of forward-secrecy. One could run a TLS-openvpn tunnel over a PSK tunnel to get the benefits of both (but at the expense of complexity)
11:45 -!- Aelos [~Aelos@unaffiliated/aelos] has joined #openvpn
11:45 -!- JackWinter_ [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
11:46 < kurokatze> hmm, didnt know that. guess i could give PSK a shot
11:46 < Aelos> Hi :) i'm trying to use openVPN only for one application (who can't use a socks proxy) under linux (debian sid), is that possible ? I have control over the server & client
11:47 < pekster> With policy routing, possibly. You can naturally avoid that if you run that application in a VM with its own routing table
11:49 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
11:49 < pekster> The latter is far simplier, because to do policy routing you need some way to identify the traffic to route unqiuely and write defined rules. In Linux you'd use a combination of Netfilter, generally to apply a connmark to the identified traffic so both it and connections related to it (like ICMP replies, etc) are identified, then clone the ctmark to the fwmark where the routing engine can send it to an alternate routing table (ie: ...
11:49 < pekster> ... adjusting the FIB in use)
11:49 < pekster> !lartc
11:49 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
11:57 < Aelos> if i know which IP + which port the application will try to reach (i mean, on the internet), woudld that be enough for policcy routing ?
11:58 < pekster> Sort of, but keep in mind that other related (but not RELATED according to Netfilter/conntrack) won't be matched by such a policy routing definition
11:58 < pekster> Things like DNS lookups, etc
11:58 < Aelos> mmh thanks
11:58 < Aelos> i'll look for that
12:00 < pekster> Another possibly easier option if you really don't want to use the VM option (which is IMO the simpliest) would be to run your "special" app under a different user, then you can match all outbound traffic by that user and policy route on that
12:01 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
12:01 < pekster> See the 'owner' module in iptables-extensions(8) (and you can use that to apply fwmark via -J MARK on all packets, and policy route on that fwmark)
12:01 < Aelos> humm, i prefer this option
12:02 < iGamer> Okay so I was here two weeks ago, then a week ago, then last night, and now i'm here again
12:02 < iGamer> I have a CentOS 6.6 OpenVZ VPS with OpenVPN installed
12:02 < iGamer> The VPN runs, and I can connect to it, but there's no internet connection when I'm connected to it.
12:02 < pekster> OpenVPN does not provide an "Internet connection" (an ISP does)
12:02 < pekster> !goal
12:02 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
12:02 < iGamer> We tried fiddling with iptables last night, fiddling with the configs, etc
12:03 < iGamer> The VPN doesn't work when we use udp btw. Have to use tcp.
12:03 < pekster> You can possibly route traffic over a VPN connection, but then you should state that (not expect me to read hours of backlog to figure it out and play detective)
12:03 < iGamer> In other words, the connections arent routing
12:11 < kurokatze> lol switching to port 53 did the trick right away
12:11 < kurokatze> pekster: thanks a bunch. i owe ye one mate
12:11 < pekster> Might even be able to use UDP there too
12:12 < pekster> (which makes openvpn perform better, particularly in the face of any packet loss)
12:25 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
12:26 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
12:42 -!- u0m3 [~u0m3@109.96.141.114] has quit [Quit: Leaving]
13:05 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:06 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
13:08 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 245 seconds]
13:09 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:10 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:14 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:22 < Aelos> pekster: routing traffic only for one user worked, thanks :) if anyone is interested, here is the script i used : https://www.niftiestsoftware.com/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/
13:22 <@vpnHelper> Title: Making all network traffic for a Linux user use a specific network interface | Niftiest Software (at www.niftiestsoftware.com)
13:25 < pekster> best not to use "scripts" and properly save/restore your Netfilter rules (ask #Netfilter how)
13:25 < pekster> Same way you'd use sysctl.conf and not use an rc.local "script" to set sysctl settings
13:26 < pekster> no idea what you're doing marking things out egressing with the LAN IP with 0x1 either
13:27 < pekster> Seems really odd to test the source without testing -o as well, but whatever
13:27 < pekster> Also better to set rp_filter to 2 (loose mode) not disable it completely unless you're willing to give up spoof protection
13:31 -!- Aelos [~Aelos@unaffiliated/aelos] has left #openvpn ["Client Quit"]
13:58 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
14:05 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
14:30 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has quit [Remote host closed the connection]
14:31 -!- wowaname [~wow@gateway/tor-sasl/wowaname] has joined #openvpn
14:37 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 250 seconds]
14:38 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
14:56 <+esde> I still can't get my openvpn speed over 40Mbps download. Upload is still fine. Speed between my WAN connection and the VPS using iperf shows OK. But over the vpn, it slows down download. CPU bottleneck isn't the issue as CPU usage on server and client doesnt go above 30% usage
15:04 < pekster> If you're pegging a core, that's the best you'll get unless you use AES-NI
15:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:11 <+esde> I'm not "pegging a core". Openvpn is only using 30% CPU on both ends. Load on the server and client are both low
15:13 < pekster> Total CPU? Or per core?
15:13 < pekster> 30% of a 4-core system is clearly pegging a core, plus whatever network processing
15:13 < pekster> pegging = maxing out, if this wans't clearly
15:13 < pekster> OpenVPN is single-threaded, if this also wasn't clear
15:13 <+esde> 30% of one core is pegging?
15:14 < pekster> 30% total of a 4 core system is pegged, plus extra
15:14 < pekster> Yes
15:14 <+esde> who said i had 4 cores?
15:14  * pekster sighs
15:14 <+esde> I'm not trying to complicate things. The client and server are single core.
15:14 < pekster> Whatever, I'm watching a movie and don't have time to explain elementray math now
15:15  * esde shrugs
15:15 -!- Komanda [~komanda3@unaffiliated/komanda3] has joined #openvpn
15:15 < Komanda> you guys have experience with tap/tun type of stuff right?
15:17 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Remote host closed the connection]
15:28 < pekster> !speed
15:28 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
15:28 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better.
15:29 < pekster> Depends on protocol in use too
15:29 < pekster> (ie: what you're testing with. For example, CIFS is well-known to be one of the most ineficient protocols known to human-kind)
15:30 < pekster> Might try turning compression off explicitly too
15:31 < pekster> !learn speed as also consider testing without compression (on _both_ sides, try: --comp-lzo no)
15:31 <@vpnHelper> Joo got it.
15:34 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Quit: So long and thankful is the fish...]
15:35 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has joined #openvpn
15:38 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
15:52 <+esde> compression was disabled from the start. running UDP.
16:13 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 252 seconds]
16:20 <@ecrist> pekster: yeah, I'm horrible, figured nobody would notice.  I'll fix it now.
16:32 -!- Komanda [~komanda3@unaffiliated/komanda3] has quit [Remote host closed the connection]
16:50 -!- Champi [Champi@damn.e-leet.be] has quit [Ping timeout: 245 seconds]
16:50 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 245 seconds]
16:50 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 245 seconds]
16:50 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 245 seconds]
16:50 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 245 seconds]
16:50 -!- lxusrbin [~lxusrbin@han.solo.from-outer.space] has quit [Ping timeout: 245 seconds]
16:51 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:51 -!- lxusrbin [~lxusrbin@han.solo.from-outer.space] has joined #openvpn
16:51 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
16:51 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
16:51 -!- Champi [Champi@damn.e-leet.be] has joined #openvpn
16:52 -!- XJR-9 is now known as XJR-9_
16:53 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
16:53 -!- mode/#openvpn [+o plaisthos] by ChanServ
16:58 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:58 < pekster> ecrist: Well, OE is still worth plenty (turns what would otherwise be a trivial MITM into an attack requiring complex active-spoofing; not that average users seeing browser errors care about though)
17:07 -!- Latrina [~Latrina@adsl-ull-60-185.50-151.net24.it] has quit [Ping timeout: 265 seconds]
17:10 -!- Latrina [~Latrina@ppp-223-52.26-151.libero.it] has joined #openvpn
17:30 -!- pcupgrades is now known as `hypermist`
17:30 <+esde> switching from SHA512 to SHA256 and AES-256-CBC to AES-128-CBC gained about 10-12Mbps
17:31 <@ecrist> lol, esde upgrade your hardware
17:31 <@ecrist> pekster: still working on it, apache doesn't like the crt/key pair
17:32 <+esde> i dont get it though, cpu usage is not high. :/
17:32 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 252 seconds]
17:34 <+esde> i am using a P4 processor in my firewall though, since it's lacking AES-NI, could that be the issue. even absent high cpu usage?
17:34 <@ecrist> pekster: website is back on line with a new cert
17:35 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
17:40 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 252 seconds]
17:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:42 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
17:55 < MyChris_> Hi anyone around?
17:56 < MyChris_> Was wondering if anyone knew of how I could make internal traffic come from the actual vpn/virtual address rather then my openvpn hosts address
17:58 <+esde> you want to allow a local connection to an openvpn client? so that you could connect to a service with $VPN_IP:PORT instead of $WAN_IP:PORT?
17:58 < MyChris_> No esde we talked about this last night :P... I want the clients on the VPN to connect to other resources on the LAN using their assigned IP rather then the openvpn's host IP.
17:59 <+esde> ah
17:59 < MyChris_> I.E. if I specify server 172.19.197.0 in my config and my connected client gets 172.19.197.5, when I connect to 172.19.195.13 I connect with 172.19.195.18(Open VPN host) where as I'd like it to carry over the client address of 172.19.197.5
18:00 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 252 seconds]
18:01 < MyChris_> https://openvpn.net/index.php/access-server/docs/admin-guides/215-how-to-setup-routing-in-openvpn-access-server.html
18:01 <@vpnHelper> Title: How to setup Global Routing in OpenVPN Access Server (at openvpn.net)
18:01 < MyChris_> Yes, using routing (advanced):
18:01 < MyChris_> that's what I want lol
18:01 < MyChris_> "VPN Clients can access private subnets, and it is the virtual address of each VPN Client that is used as the source address on client packets destined for private subnets."
18:01 < MyChris_> I'm not sure how to do it though.
18:01 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
18:07 < MyChris_> I guess bridging would be one option but I really don't want to go down that route.
18:13 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
18:20 <+esde> is aes-ni comulsory or would a hardware rng show the same benefit?
18:21 <+esde> *p
18:22 < MyChris_> esde
18:22 < MyChris_> did iGamer ever get his issue solved?
18:23 <+esde> i dont believe so
18:23 < MyChris_> Odd issue man.
18:23 < MyChris_> It seemed properly configured.
18:24 <+esde> mmmhmm. and now im looking around at what ive got to solve my problem. looks like  ill be throwing a couple of nics in my main box and running a vm, since mine has aes-ni support
18:26 <+esde> if it works it'll be nice to decommission one box at least and benefit from the power savings lol
18:26 < MyChris_> So you believe your issue is power related?
18:26 < MyChris_> not literally power but processing power.
18:27 <+esde> from what im being told it sounds like i want the aes-ni support to make the crypto load less
18:27 <+esde> on the cpu
18:30 < MyChris_> Think I found the answer to my issues.
18:30 < MyChris_> https://community.openvpn.net/openvpn/wiki/RoutedLans
18:30 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
18:30 <+esde> \m/
18:30 < MyChris_> except it means I have to apply static routes
18:30 < MyChris_> in my SRX.
18:30 < MyChris_> for VPN users.
18:31 < MyChris_> http://kb.juniper.net/InfoCenter/index?page=content&id=KB16572
18:31 <@vpnHelper> Title: Juniper Networks - SRX Getting Started - Configure Static Route - Knowledge Base (at kb.juniper.net)
18:31 < MyChris_> shouldn't be too hard :)
18:32 < MyChris_> ^ servers/firewalls/etc laugh at me saying "he thinks that now"
18:32 < MyChris_> as with any networking configuration..
18:45 -!- XJR-9_ is now known as XJR-9
18:48 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
19:00 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:01 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
19:18 -!- Starthunder [~blackl@unaffiliated/moonlightning] has joined #openvpn
19:20 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has quit [Ping timeout: 265 seconds]
19:21 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Quit: leaving]
19:22 -!- Starthunder [~blackl@unaffiliated/moonlightning] has quit [Read error: Connection reset by peer]
19:22 -!- Starthunder [~blackl@unaffiliated/moonlightning] has joined #openvpn
19:25 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
19:41 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 252 seconds]
19:43 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
19:55 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
19:57 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
20:01 -!- u0m3 [~u0m3@109.96.141.114] has joined #openvpn
20:20 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:25 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
21:13 -!- BladedThesis [~BladedThe@2001:1af8:4010:a027:3::] has left #openvpn ["Leaving"]
22:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
23:01 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:08 -!- CGML [~CGML@unaffiliated/cgml] has quit [Quit: No Ping reply in 180 seconds.]
23:09 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Remote host closed the connection]
23:10 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
23:11 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
23:13 -!- riddle [riddle@us.yunix.net] has quit [Ping timeout: 276 seconds]
23:14 -!- riddle [riddle@us.yunix.net] has joined #openvpn
23:19 -!- ShadniX [dagger@p5DDFF66E.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:21 -!- ShadniX [dagger@p5DDFE320.dip0.t-ipconnect.de] has joined #openvpn
23:43 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
23:47 < iGamer> Well, I guess I can forget getting my VPN set up on my VPS
23:47 < iGamer> just bought a VPN service.
23:48 < iGamer> haha
23:58 -!- iGamer [~Elite@unaffiliated/igamer] has quit [Quit: Bye Bye!]
--- Day changed Sun Feb 08 2015
00:05 -!- MyChris_ [~DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has quit [Ping timeout: 252 seconds]
00:24 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
00:26 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
00:37 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
00:50 -!- DrCode [~DrCode@gateway/tor-sasl/drcode] has quit [Ping timeout: 250 seconds]
01:05 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
01:05 <+hyper_ch> krzee: https://www.samsung.com/uk/info/privacy-SmartTV.html  -  lease note that when you watch a video or access applications or content provided by a third-party, that provider may collect or receive information about your SmartTV (e.g., its IP address and device identifiers), the requested transaction (e.g., your request to buy or rent the video), and your use of the application or service. Samsung is not responsible for these providers’
01:05 <+hyper_ch> privacy or security practices. You should exercise caution and review the privacy statements applicable to the third-party websites and services you use.
01:05 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:05 <+hyper_ch> in other words: Don't talk in front of your tv
01:23 -!- _wired [~kelvin@132.147.85.42] has joined #openvpn
01:27 < _wired> hey guys, i’ve a server with say, a 1.1.1.0/24 (public IPs) range in a datacenter, and i’m wanting to use these public IPs directly from my network in the office (i.e, the servers in my office should not require vpn clients individually *and* ifconfig should show the servers being set to 1.1.1.0/24 directly, rather, openvpn sits on the router or on a seperate box). how should i go about doing this?
01:31 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
01:33 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:35 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:37 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
01:53 -!- _wired [~kelvin@132.147.85.42] has quit [Quit: _wired]
02:09 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Quit: ZNC - http://znc.in]
02:12 -!- BenLue [~No@unaffiliated/benlue] has joined #openvpn
02:12 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 252 seconds]
02:14 < BenLue> good morning together, my clients become an lease, Client ping www.debian.org (Destination Host Unreachable)! my config files: #/etc/network/interfaces http://paste.debian.net/144513/ #/etc/default/isc-dhcp-server http://paste.debian.net/144516/ #/etc/dhcp/dhcpd.conf http://paste.debian.net/144514/ #/etc/iptables/rules.v4 http://paste.debian.net/144515/ anyone ideas?
02:16 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
02:17 < BenLue> Client Config: http://paste.debian.net/144519/
02:18 < BenLue> and my Server Config: http://paste.debian.net/144520/
02:23 <+hyper_ch> why use route-noexec?
02:24 <+hyper_ch> !ipforward
02:24 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
02:25 < BenLue> To prevent all outgoing traffic is diverted through the VPN tunnel
02:25 <+hyper_ch> why then use def1?
02:25 <+hyper_ch> I fail to comprehend what you want to achieve with tht
02:25 <+hyper_ch> !goal
02:25 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
02:28 < BenLue> hyper_ch i need to remove push "redirect-gateway def1 bypass-dhcp" ?
02:28 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has joined #openvpn
02:28 <+hyper_ch> how would I know if you need to remove that when I don't even know what you're trying to accomplish
02:30 < BenLue> To anonymize outgoing network traffic
02:31 < BenLue> the IP address of the gateway and thus to hide our identity
02:31 <+hyper_ch> !def1
02:31 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
02:32 < BenLue> To prevent all outgoing traffic is diverted through the VPN tunnel, in the configuration file we remove the entry 'redirect-gateway def1'
02:33 < BenLue> For the same reason, we also take the following line: route-noexec
02:33 < BenLue> thats not correct?
02:33 <+hyper_ch> you make no sense
02:33 <+hyper_ch> so you want all outgoing traffic to go through the vpn or not?
02:34 <+hyper_ch> because when you say you want to anonymize, it sounds like you want
02:34 -!- paxmark9 [~paxtormar@199.21.149.142] has quit [Quit: Leaving]
02:34 <+hyper_ch> but then you say you don't want
02:34 <+hyper_ch> !goal
02:34 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
02:34 < BenLue> ahhh hyper_ch we are working with an script
02:34 < BenLue> likes gw3-up
02:35 <+hyper_ch> there's no script in your config
02:36 < BenLue> http://paste.debian.net/144522/
02:36 < BenLue> ahhh i see wait a sec please.. sry :/
02:39 < BenLue> hyper_ch; now http://paste.debian.net/144523/
02:40 <+hyper_ch> and what does that upscript do?
02:41 < BenLue> The commands in the 2nd and 3rd line judge in the routing table 42 a default route to the VPN server
02:42 <+hyper_ch> so why not use def1 instead? and where's the according down script?
02:42 <+hyper_ch> this gets too complicated for me as I still don't understand what you actually want
02:43 < BenLue> in /usr/local/bin/check-gateway
02:43 < BenLue> via cron
02:44 < BenLue> #/usr/local/bin/check-gateway http://paste.debian.net/144524/
02:44 <+hyper_ch> sounds all like a weird hack to me especially when there's def1
02:45 -!- _wired [~kelvin@132.147.85.42] has joined #openvpn
02:50 < BenLue> hyper_ch: our Projekt Page: http://freifunk.net/weil-am-rhein/2014/07/13/internet-gateway-einrichten/
02:50 <@vpnHelper> Title: Internet-Gateway einrichten › 3laendereck.freifunk.net (at freifunk.net)
02:51 <+hyper_ch> then follow that howto
02:51 < BenLue> haha done :P
02:52 < BenLue> Now i can ping ips like 8.8.8.8
02:52 < BenLue> ping google.de isnt working
02:53 < BenLue> canot find host :/
02:57 <+hyper_ch> !ipforwad
02:57 <+hyper_ch> !ipforward
02:58 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
02:58 <+hyper_ch> !dns
02:58 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
02:58 < BenLue> !linipforward
02:58 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
03:00 < BenLue> 'iptables -nL' http://paste.debian.net/144526/
03:00 < BenLue> !pushdns
03:00 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
03:00 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
03:03 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 245 seconds]
03:04 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
03:04 < BenLue> hyper_ch;
03:04 < BenLue> root@s1:/etc/openvpn# cat /proc/sys/net/ipv4/ip_forward
03:04 < BenLue> 1
03:04 < BenLue> the settings are correct
03:06 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:10 -!- dazo_afk is now known as dazo
03:27 -!- dazo is now known as dazo_afk
03:29 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
04:10 -!- mattock_afk is now known as mattock
04:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:27 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
04:28 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:28 -!- arkie [~arkie@unaffiliated/arkie] has joined #openvpn
04:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
04:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:37 -!- arkie [~arkie@unaffiliated/arkie] has left #openvpn []
04:39 -!- _wired [~kelvin@132.147.85.42] has quit [Quit: _wired]
04:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
04:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
04:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:47 < BenLue> hyper_ch; its working now
04:48 < BenLue>  /etc/dnsmasq.d/rules wasnt configurated correct
04:48 < BenLue> replace with other fav. DNS Server and now ist working fine
04:51 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
04:53 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:58 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
04:59 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:03 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
05:05 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:10 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
05:11 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:16 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
05:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:22 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
05:23 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:29 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
05:30 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:31 -!- mattock is now known as mattock_afk
05:35 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
05:36 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:41 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
05:42 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:47 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
05:48 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:53 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
05:54 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:59 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
06:00 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:05 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
06:05 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:08 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
06:10 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
06:11 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:11 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:16 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
06:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:22 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
06:23 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:25 -!- rich0_ is now known as rich0
06:28 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
06:29 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:34 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
06:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
06:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
06:47 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:52 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
06:53 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:58 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
06:58 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:04 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
07:05 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:09 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
07:11 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:16 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
07:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:18 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 256 seconds]
07:21 -!- CasperVector [~CasperVec@112.195.102.37] has joined #openvpn
07:22 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
07:23 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
07:23 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:26 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
07:27 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:28 -!- CasperVector [~CasperVec@112.195.102.37] has left #openvpn []
07:28 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
07:29 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:34 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
07:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
07:41 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:46 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
07:47 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:52 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
07:53 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
07:58 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
07:59 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:04 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
08:05 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:10 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
08:11 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:16 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
08:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:21 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
08:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:25 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
08:27 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
08:29 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:34 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 255 seconds]
08:34 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
08:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:40 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
08:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
08:41 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:42 -!- wmp [~wmp@sored/admin/wmp] has joined #openvpn
08:42 < wmp> hello, is possible to connect client to other subnet?
08:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
08:47 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:51 <+esde> sure, you'll just have to create routes to do it
08:52 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
08:53 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:57 -!- nilesh [~nilesh@unaffiliated/-nilesh-/x-1644389] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
08:58 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
08:58 -!- Manis [~Manis@gateway/tor-sasl/manis] has joined #openvpn
08:58 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:03 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
09:03 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
09:05 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:10 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:10 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
09:10 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:15 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
09:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:21 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
09:23 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:28 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
09:29 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:34 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
09:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
09:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
09:45 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:47 -!- Manis [~Manis@gateway/tor-sasl/manis] has quit [Remote host closed the connection]
09:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
09:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:56 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
09:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
10:06 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:13 -!- Manis [~Manis@gateway/tor-sasl/manis] has joined #openvpn
10:40 -!- Manis [~Manis@gateway/tor-sasl/manis] has quit [Remote host closed the connection]
10:52 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
11:05 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
11:14 <+hyper_ch> hi krzee
11:17 -!- `hypermist` is now known as pcupgrades
11:33 -!- DoctorWedgeworth [~james@fsf/member/stwange] has joined #openvpn
11:33 < DoctorWedgeworth> hey, have there been changes to openvpn? I'm getting "error: route parameter network/IP 'xx.xx.xx.xx/32' must be a valid address after updates. I'm *reasonably* sure the same config was working before the update around a month ago
11:34 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 250 seconds]
11:34 < DoctorWedgeworth> the problem is occuring on an arch laptop and the same config is still working (or was yesterday anyway) on a Fedora 20 laptop
11:34 <+esde> well x isnt allowed in an ip address. providing a valid address may be a good start.
11:34 < pekster> You can't use CIDR in openvpn's --route command
11:35 < pekster> See --route in the manpage, and otherwise a pastebin of your !configs is likely going to be required for any specific help
11:39 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:39 < DoctorWedgeworth> the config is here but I've changed the hostname http://pastie.org/private/q9wkjhfizdrsj9p2vymqeg (not sure which bits I shouldn't be sharing, sorry if that seems overly cautious)
11:39 < DoctorWedgeworth> I thought the route command was being pushed because the erroring IP isn't in the config, but I guess it could be coming from the route remote_host?
11:41 < DoctorWedgeworth> if I comment out the route line it still fails
11:42 < pekster> That's one of your configs: you're missing the server config
11:42 < pekster> !configs
11:42 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:42 < pekster> And yes, it appears to be getting pushed, which is why _both_ sides of your config are highly relevant here
11:43 < pekster> It will also be relevant if your "top secret IP" is the same as the remote server you're connecting to since that would mean the expansion of line 14 is at fault
11:43 < pekster> That's at this point up to you to figure out, since:
11:43 < pekster> !topsecret
11:43 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
11:44 < pekster> That might be the problem. It might be the server pushes. It might be something else. Check those things.
11:44 < DoctorWedgeworth> I love that you already have autoresponders for this
11:44 < pekster> We get this a lot, and when we don't have enough information, we are happy to also tell you:
11:44 < pekster> !crystal
11:44 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
11:44 < pekster> ;)
11:50 < DoctorWedgeworth> heh. The super secret IP isn't the same as the super secret server but it is the IP of another machine I've used in the past. I'll speak to them at work tomorrow if I'm not doing anything obviously wrong :) thanks for looking
11:51 < pekster> This reaks of unnecessary config too, since line 14 in your client wouldn't be required unless they're either using --redirect-gateway, or pushing a supernet that contains the remote IP of the server
11:52 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has joined #openvpn
11:52 < pekster> But without the far config, that's just a guess. So yea, you'dneed to ask the owners of the VPN who have _both_ sides of the config available
11:52 < pekster> Maybe full client logs at --verb 4 could provide clues too, if you wanted to dig further
11:54 < DoctorWedgeworth> that does help a little, thanks. That particular route is the only IPv4 one using CIDR
11:55 < Zedax> I'm having an issue.. and i don't what else to look into, i have computer A, which is mostly centos, and computer B, which is gentoo, both have same kernel 3.18.6, same iptables version, same iptables rules, same sysctl.conf, same openvpn server config, same openvpn version and build options,  forwarding works in B (gentoo) but doesn't in A (centos)
11:56 < Zedax> ssh forwarding and other forwardings work in A
11:56 < Zedax> i'm clueless...
11:56 < pekster> Probably either network config differences between them or SELinux
11:56 < pekster> Drop SELinux into permisive mode (or disable it completely) as a test
11:57 < Zedax> selinux is disabled :/
11:59 < Zedax> the bigger difference is that on gentoo ovpn is compiled with gcc 4.9.2 and on centos it uses the 4.4.7, but if there was some issue it should appear as error on the logs or something, no?
12:00 < pekster> It's unlikely a stable gcc building stable openvpn would be your cause
12:00 < pekster> Feel free to pastebin some !configs, and maybe !interface information for further ideas
12:12 < Exagone313> can you send me a link for a good tutorial for setting up an openvpn server using easyrsa3 etc... the official tutorials are not helpful. thanks
12:12 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
12:12 < Exagone313> i've already did it one time but i dont find the tutorials used
12:12 < Zedax> pekster: https://bpaste.net/show/515cbe1e8f26
12:13 <+esde> !walkthrough
12:13 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
12:14 < pekster> Exagone313: Seen the wiki? It has syntax you can nearly copy/paste to get a working PKI:
12:14 < pekster> !easyrsa3
12:15 < Exagone313> the wiki is helpless
12:15 < pekster> Not the project wiki, the openvpn wiki
12:15 < pekster> Easy-RSA is for more than openvpn, so there's an openvpn-specific walkthough (but our lazy bot is too lazy to give the link, it seems)
12:15 < Exagone313> https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto
12:15 <@vpnHelper> Title: EasyRSA3-OpenVPN-Howto – OpenVPN Community (at community.openvpn.net)
12:15 < Exagone313> this?
12:16 < pekster> Right. It is a wiki, so feel free to improve it. If you need clarification on a point, feel free to ask
12:16 <+esde> !easyrsa-ng
12:16 <@vpnHelper> "easyrsa-ng" is "easyrsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Source checkouts available from the github project; current official release download is 2.2.2 with 3.x code in git-master. or (#4) Helpful wiki info about easyrsa at: https://community.openvpn.net/openvpn/wiki/EasyRSA
12:16 <+esde> FYI
12:17 <+esde> weird i see this in the factoid site "To track development or usage of the next-gen Easy-RSA codebase with improvements to the original, see http://pekster.sdf.org/code/projects/easyrsa3.html . Be aware this code is beta , but is usable as it stands now. Send suggestions/comments to pekster."
12:17 <@vpnHelper> Title: Project: Easy-RSA 3 has a new home (at pekster.sdf.org)
12:17 < Exagone313> i am looking for a full tutorial for ubuntu
12:17 < pekster> esde: That's identical to 'easyrsa' -- the bot even says so
12:17 < pekster> esde: Yes, factoid list is out of date. It's not "live"
12:17 <+esde> Now someone tells me.
12:17 <+esde> Why wouldnt it by dynamic? (as most factoid lists are)
12:18 < pekster> I also removed that dated reference because it's dated. And someone whined about it enough that I updated my old page to warn users using ancient links about that fact
12:18 < pekster> Because it's not. Deal with it.
12:18 < pekster> (obviously the generation of the HTML from the database doesn't happen every time you visit the page..)
12:18 <+esde> How was that movie? lol
12:18 < Exagone313> for now i am using openvpn-as but i'vz a new server and I want to go back to openvpn
12:19 < Exagone313> because openvpn-as is easy to use
12:19 < pekster> You extract easyrsa onto 3 places: your CA, your server, and clients. Then blindly copy/paste those commands in, hopefully adjusting the UNIQUE_WHATEVER_NAME
12:20 < pekster> (although nothing stops you from calling your server UNIQUE_SERVER_SHORT_NAME if you really wanted)
12:20 < pekster> Exagone313: Maybe an intro to basic certificate concepts would help you?
12:20 < pekster> !intro-to-pki
12:21 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
12:26 < Zedax> pekster:  the thing is that the usual vpn functions do work, as client i cant talk with ovpn and with other clients, clients do receive the redirect-gateway, but they can't go any further than the vpn network, this happens on linux or windows clients.., using the same client and server config on the other machine it works.. :/
12:27 < pekster> Well that's your problem right there: you can't use the "same" server config because the return-routing won't be sending the identical VPN network to two different devices
12:27 < Zedax> by same i mean globally but the network is different
12:28 < pekster> As the !serverlan flowchart shows, your server-side LAN gateawy needs a return-route to the VPN network range routed via the VPN server (unless the VPN server is also the LAN gateway, in which case that step is already provided when the VPN server starts up as it has a route for the VPN network, obviously)
12:28 < pekster> Have you handled return routing?
12:28 < pekster> Without some configs, help will be limited to theoretical issues only
12:28 < pekster> Configs would help give you specific advice
12:28 < pekster> As always, the flowchart here is most useful:
12:28 < pekster> !serverlan
12:28 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
12:28 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
12:30 < Zedax> pekster:  this is the config i pastes before https://bpaste.net/show/515cbe1e8f26
12:31 < pekster> -L is worthless for Netfilter (don't use it to show your rules: it lies to you and omits info.) Only ever use `iptables-save -c` to show _complete_ rulesets
12:31 < pekster> (#Netfilter can explain why if you want to learn more about that)
12:31 < Zedax> pekster: i'm not pushing routes because it has always worked with just the redirect-gateway
12:32 < pekster> Return routing
12:32 < pekster> OpenVPN does not magically make classic routing rules go away
12:32 < pekster> Also, ifconfig on Linux is dated; avoid it
12:32 < pekster> !net-tools
12:32 <@vpnHelper> "net-tools" is https://github.com/QueuingKoala/fn-netfilter/wiki#avoid
12:32 < pekster> (note that the --ifconfig in openvpn is the right thing to use, as is ifconfig on BSDs)
12:35 < pekster> Just follow the flowchart to get server-side routing working
12:36 < pekster> You still haven't explained any of your topology downstream of the openvpn server, or on the server LAN (apperas to be that topsecret /24 network, which you'd need to set up routing and firewalling properly on)
12:36 < pekster> Once OpenVPN gets the packet just treat it like any other router
12:39 < pekster> Zedax: Basically you need to play "follow the packet" (basic networking troubleshooting.) Can your clients ping the VPN gateway on its VPN IP? Can it pign the VPN gateway on its LAN side IP? Can clients ping a server on the server-side LAN? If any of those don't work, debug further with "the usual" tools: tcpdump, etc
12:39 < Zedax> pekster: the route table on the client, after receiving the redirect-gateway from the server, should be ok and points to the vpn as main exit, and is the same table (not same exact network numbers)  for both ovpn servers (the one working and the one who doesn't), so i don't think is a route issue, i'll paste the proper whole config but it doesn't seem to show much else
12:39 < pekster> Figure out where the packet gets "lost." Investigate further
12:39 < pekster> WHere did you get stuck in the flowchart I've referencd several times?
12:40 < pekster> (you have followed the flowchart now, yes?)
12:40 < Zedax> pekster:  the vpn server has a real wan address, clients can have real address like a mobile phone or also lan clients like a computer behind a router
12:40 < Zedax> pekster: and yes clients on the vpn can talk to each other, is just the forwarding outside it seems
12:40 < pekster> Forwarding to your LAN, or to the Internet?
12:40 < pekster> !goal
12:40 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
12:41 < Zedax> internet
12:41 < pekster> That changes things then
12:41 < pekster> SHow your real fireawll rules, not the BS that got pasted before
12:41 < pekster> -L is horrible: never use it
12:43 < pekster> https://github.com/QueuingKoala/fn-netfilter/wiki#paste if you need the reference
12:43 < Exagone313> pekster: finnally i found an updated tutorial in my language
12:48 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
12:55 -!- DoctorWedgeworth [~james@fsf/member/stwange] has quit [Remote host closed the connection]
12:58 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has quit [Ping timeout: 246 seconds]
12:59 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has joined #openvpn
12:59 < Zedax> pekster: https://bpaste.net/show/39246797d116
13:05 -!- pcupgrades is now known as `hypermist`
13:07 < pekster> Zedax: You haven't set up NAT on your outbound leg, and you're using RFC1918 space for your VPN
13:08 < pekster> As with any RFC1918 LAN you can't route that onto the Internet without perform NAT-Overload (aka SNAT or MASQUERADE after the Netfilter targets by the same name)
13:08 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 246 seconds]
13:09 < Zedax> pekster:  then how does it work on the gentoo with the same firewall rules
13:09 < Zedax> :S
13:09 < Zedax> sysctl.conf is the same also
13:11 < pekster> Obviously they're not the same
13:11 < pekster> Or you're doing NAT on an upstream router from the VPN range
13:11 < pekster> Since you haen't pasted a full firewall from this "working" system I can't verify your claim that the rules are the same
13:12 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:19 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
13:22 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:50 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has quit [Ping timeout: 246 seconds]
13:57 -!- Netsplit *.net <-> *.split quits: wowaname, +s7r, badon
13:57 < Exagone313> hello, i think i've a problem in my configuration, but i don't know what is the problem exactly. i want to connect with user and password, and i got these errors on client: http://pastie.org/9905998
13:57 < Exagone313> can you help me pelase?
13:58 <+hyper_ch> !configs
13:58 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:59 < pekster> Sounds like your client failed to verify the server-presented certificate
13:59 < pekster> That's usually caused by the CA certificate your client is using not being the same one you signed the server's certificate with
14:01 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:04 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
14:04 -!- mode/#openvpn [+o plaisthos] by ChanServ
14:05 < Exagone313> the ca.crt is the same used by the server?
14:06 <@plaisthos> normally yes
14:07 < pekster> Right. Did you read that into to PKI document I linked? You should be using a single PKI (although advanced use is possible for "split CA" situations, but you want to avoid that unless you know what you're doing and need advanced/complex configuration)
14:07 < pekster> The CA vets a public keypair as trusted by a CA; if the certificate the remote OpenVPN peer presents is not signed by the CA the local end trusts, the connection will be rejected
14:07 < Exagone313> i want two users: one with user and pass, one with direct connection
14:08 < pekster> The client still needs the ca.crt that is from the CA used to sign the server cert
14:08 < pekster> See also:
14:08 < pekster> !authpass
14:08 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
14:22 < Exagone313> without tls-auth, auth-pass and ta.key, it does not work with the same error
14:24 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:24 -!- kexmex [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
14:24 < Exagone313> should I reconfigure openvpn?
14:24 < Exagone313> pki, etc
14:29 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:30 < pekster> You need a functional PKI to use openvpn in any multi-client mode
14:30 < pekster> --tls-auth is an _extra_ form of protection for the TLS layer that does not change the requirement for a functional PKI
14:32 < pekster> You probably just need to correctly sign your server certificate with the PKI you intend to use, and send _that_ ca.crt to your client
14:42 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
14:44 -!- BenLue [~No@unaffiliated/benlue] has quit []
15:15 -!- elfixit [~Icedove@77.109.185.86] has joined #openvpn
15:18 -!- techevo [~simon@93.158.36.59] has joined #openvpn
15:18 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
15:44 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:02 -!- elfixit [~Icedove@77.109.185.86] has quit [Ping timeout: 256 seconds]
16:06 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
16:09 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
16:37 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
16:40 -!- techevo [~simon@93.158.36.59] has quit [Ping timeout: 244 seconds]
16:42 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
16:42 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:47 < manitou> All keys , certs , and DH can i build them on PC and move to another device like openvrt router running openvpn server?
16:52 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
17:15 -!- manitou [~manitou@unaffiliated/manitou] has quit [Read error: Connection reset by peer]
17:15 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
17:35 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
17:37 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
17:37 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:04 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:20 -!- `hypermist` is now known as pcupgrades
18:23 -!- dgbaley [~matt@c-67-176-93-83.hsd1.co.comcast.net] has joined #openvpn
18:31 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
18:31 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
18:33 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
18:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
18:44 < dgbaley> The man page says ifconfig-pool-persist isn't a guarantee and that a client won't necessarily get the listed IP. However, is it possible for other clients to get this IP?
18:44 < dgbaley> I have a subnet that I'd like to make available only to certain clients using iptables, and I don't know how I can get to the point where I trust a particular IP address matches a client cert.
18:46 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
19:03 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
19:03 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Client Quit]
19:08 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:44 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
20:09 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
20:35 -!- pcupgrades is now known as `hypermist`
21:19 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
21:19 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
21:32 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
21:38 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:41 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:28 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has joined #openvpn
23:11 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
23:11 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
23:13 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has quit [Quit: Leaving]
23:19 -!- ShadniX [dagger@p5DDFE320.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:20 -!- ShadniX [dagger@p5481DE2B.dip0.t-ipconnect.de] has joined #openvpn
23:25 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
23:26 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has joined #openvpn
23:34 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has quit [Quit: Leaving]
23:47 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
--- Day changed Mon Feb 09 2015
00:06 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
00:13 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Quit: Bye]
00:44 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has joined #openvpn
00:44 -!- BookPage [~BookPage@74-95-0-146-SFBA.hfc.comcastbusiness.net] has joined #openvpn
00:44 < BookPage> !welcome
00:44 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
00:44 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
00:44 < BookPage> !redirect
00:44 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
00:45 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
00:52 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
00:58 -!- dgbaley [~matt@c-67-176-93-83.hsd1.co.comcast.net] has quit [Quit: Leaving.]
01:00 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
01:01 -!- BookPage [~BookPage@74-95-0-146-SFBA.hfc.comcastbusiness.net] has quit [Ping timeout: 245 seconds]
01:10 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 252 seconds]
01:11 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 244 seconds]
01:37 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
01:38 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has joined #openvpn
01:41 -!- rap_wrk [~rap_wrk@unaffiliated/rap-wrk/x-769542] has joined #openvpn
01:42 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has quit [Ping timeout: 245 seconds]
01:43 -!- mattock_afk is now known as mattock
01:51 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
02:12 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 252 seconds]
02:17 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
02:20 -!- albercuba [~albercuba@HSI-KBW-46-237-192-160.hsi.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
02:25 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:04 -!- Perun [~perun@89.238.78.61] has joined #openvpn
03:04 < Perun> hi
03:07 < Perun> All my openvpn clients are connecting to one openvpn server. For these clients it is allowed to cómmunicate with each other one. But the openvpn 'stream' goes ever over the server where they are connected. It is possible to configure openvpn clients/server that they communicate directly with each other without the way over the server?
03:09 <@plaisthos> no
03:09 <@plaisthos> OpenVPN does not support such a configuration
03:10 <@plaisthos> Implementing this is possible but non trivial
03:21 <+hyper_ch> Perun: https://forums.openvpn.net/topic141.html
03:21 <@vpnHelper> Title: OpenVPN Support Forum Idea for direct connections : Wishlist (at forums.openvpn.net)
03:30 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
03:40 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
04:10 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 245 seconds]
04:11 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
04:12 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
04:15 -!- TommyC [~TommyC@unaffiliated/sepulchralbloom] has quit [Ping timeout: 255 seconds]
04:20 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
04:28 -!- Latrina [~Latrina@ppp-223-52.26-151.libero.it] has quit [Ping timeout: 250 seconds]
04:30 -!- Latrina [~Latrina@adsl-ull-87-248.45-151.net24.it] has joined #openvpn
04:42 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
04:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:51 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
04:52 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Read error: Connection reset by peer]
04:54 -!- d10n [~d10n@unaffiliated/d10n] has quit [Ping timeout: 245 seconds]
04:54 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 245 seconds]
04:57 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
04:59 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has quit [Ping timeout: 245 seconds]
05:01 -!- xMopxShell [~xMopxShel@davepedu.com] has quit [Ping timeout: 245 seconds]
05:01 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
05:02 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
05:02 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
05:02 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 245 seconds]
05:04 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
05:04 -!- xMopxShell [~xMopxShel@davepedu.com] has joined #openvpn
05:05 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
05:05 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
05:12 -!- swebb [~swebb@192.69.23.161] has quit [Ping timeout: 265 seconds]
05:20 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
05:22 -!- roadrunner|2 is now known as road|runner
05:28 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
05:29 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
05:32 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 264 seconds]
05:52 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 244 seconds]
05:57 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:33 -!- justinzane [~justinzan@24.49.184.10] has quit [Ping timeout: 256 seconds]
06:34 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
06:47 -!- mcp [~mcp@wolk-project.de] has quit [Remote host closed the connection]
06:51 -!- Chais [~Chais@unaffiliated/chais] has quit [Quit: ZNC - http://znc.in]
06:53 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:55 -!- justinzane [~justinzan@24.49.184.10] has quit [Remote host closed the connection]
06:56 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
06:57 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
07:01 -!- `hypermist` is now known as pcupgrades
07:06 -!- justinzane [~justinzan@24.49.184.10] has quit [Remote host closed the connection]
07:07 -!- Denial [~Denial@81.141.17.243] has quit []
07:08 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
07:16 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
07:20 -!- justinzane [~justinzan@24.49.184.10] has quit [Ping timeout: 264 seconds]
07:20 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
07:25 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
07:40 -!- Chais [~Chais@unaffiliated/chais] has quit [Quit: ZNC - http://znc.in]
07:42 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
07:46 -!- Chais [~Chais@unaffiliated/chais] has quit [Client Quit]
07:48 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
07:49 -!- Denial [~Denial@81.141.17.243] has joined #openvpn
08:03 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Remote host closed the connection]
08:07 -!- Netsplit *.net <-> *.split quits: moparisthebest
08:17 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:20 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
08:21 -!- Chais [~Chais@unaffiliated/chais] has quit [Quit: ZNC - http://znc.in]
08:23 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Client Quit]
08:23 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
08:37 -!- justinzane [~justinzan@24.49.184.10] has quit [Read error: Connection reset by peer]
08:38 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
08:49 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has joined #openvpn
08:51 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
08:54 -!- justinzane [~justinzan@24.49.184.10] has quit [Ping timeout: 246 seconds]
08:55 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
09:20 -!- justinzane [~justinzan@24.49.184.10] has quit [Remote host closed the connection]
09:21 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
09:27 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
09:30 < jefferai> My openvpn connection is spewing out error messages saying "bad lzo decompression header byte: 0" and reconnecting over and over. This only started happening when I added no-reply to server and client.
09:30 < jefferai> Is there some issue with no-replay that I haven't foreseen?
09:31 < jefferai> I added no-replay because I'm using OpenVPN for connectivity, not security, and I was trying to diagnose a problem where the tunnel would just stop passing any traffic until the keepalive delay hit, then re-establish itself (after which it would work for a while until that happened again, anywhere from 20 minutes to several hours)
09:31 < jefferai> I saw some messages about potential replay issues, so I figured I'd turn off replay protection, but now I get all those messages
09:32 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
09:33 -!- kurokatze [~felis@s2.katzen.me] has left #openvpn ["WeeChat 1.0.1"]
09:35 < jefferai> Actually, about the original problem (as I don't need to deal with no-replay if I solve it); I believe it's related to these messages:
09:35 < jefferai> Mon Feb  9 15:34:18 2015 us=658866 pomluser/172.19.41.84:51109 MULTI: bad source address from client [10.0.2.15], packet dropped
09:35 < jefferai> The machine connecting to the server is a VM
09:36 < jefferai> 172.19.41.84 is the external address of the machine that the VM is on; 10.0.2.15 is the internal VM's address
09:36 < jefferai> I have seen that this means you need iroute commands, but every VM may have the same or very similar addresses
09:36 < jefferai> and it seems that that might cause problems
09:37 < jefferai> if two VMs with the same address connect and there is an iroute statement
09:37 < jefferai> at the same time I'm not sure why sometimes the packet coming in is from the external IP and sometimes from the internal
09:55 -!- justinzane [~justinzan@24.49.184.10] has quit [Read error: Connection reset by peer]
09:55 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
10:03 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
10:20 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
10:21 -!- justinzane [~justinzan@24.49.184.10] has quit [Ping timeout: 250 seconds]
10:22 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
10:26 -!- justinzane [~justinzan@24.49.184.10] has quit [Remote host closed the connection]
10:26 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
10:32 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Quit: Lost terminal]
10:32 -!- justinzane [~justinzan@24.49.184.10] has quit [Read error: Connection reset by peer]
10:43 -!- l30 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:46 -!- Chais [~Chais@unaffiliated/chais] has quit [Quit: ZNC - http://znc.in]
10:48 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
10:50 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
10:52 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
10:52 -!- Chais [~Chais@unaffiliated/chais] has quit [Client Quit]
10:55 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
11:12 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
11:18 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:22 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
11:23 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
11:24 < SupaYoshi> Hey I cannot resolve netbios names over openvpn
11:24 < SupaYoshi> But I can resolve the IP's ofcourse
11:24 < SupaYoshi> But I want to resolve the netbios names? What am I doing wrong?
11:25 -!- deranged [Bit@lolnerd.net] has joined #openvpn
11:27 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
11:30 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:49 -!- apollo2k is now known as aPollO2k
11:58 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
11:59 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
11:59 -!- mode/#openvpn [+v hyper_ch] by ChanServ
12:00 < SupaYoshi> anyone know?
12:17 -!- nickSwe [~quassel@mobile-166-173-056-157.mycingular.net] has joined #openvpn
12:19 < nickSwe> Hi I am having issues with OpenVPN client dropping connection to my OpenVPN server when large data is being transmitted. I have a Android Lollipop phone that wifi tether with my laptop. I then connect with my OpenVPN client on Win 7 and I get a good connection so that I can access my local network at home. Then I ssh to a server and run for example command: du -h   then the server starts spitting out messages about disk usage, and
12:19 < nickSwe> then my OpenVPN client drops the connection. Any ideas on how to resolve this? It is pretty annoying. Connection works just fine otherwise. But as soon as im starting to demand some bandwidth it drops the connection.
12:20 <+hyper_ch> !configs
12:20 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:21 < pekster> SupaYoshi: Easy fix: use DNS as it was intended (rob0 has a good writeup on dnsmasq somewhere, probably easy to find via search.) Otherwise you can use WINS or something awful, but DNS is really how you translate names to IPs
12:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:23 < pekster> NBNS is a boadcast-based service, and WINS is the "microsoft way" to do that over OSI L3. DNS does that all without the hassle of L2 broadcasts or MS-specific protocols and servers involved
12:26 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Quit: elfixit]
12:26 < nickSwe> hyper_ch: was that intended for me?
12:26 < nickSwe> !paste
12:26 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
12:36 < nickSwe> My server config: http://fpaste.org/183430/ (Debian 7 64 bit)   client: http://fpaste.org/183431/  (Windows 7 64 bit)
12:37 < nickSwe> Why is the connection dropping when large data is being sent? Is it because of using 3G connection with my phone by wifi tether, or is there something wrong with the configs?
12:37 <+hyper_ch> and what's this: client-connect /etc/openvpn/scripts/client-connect.sh
12:39 < nickSwe> hyper_ch: It is a script that sends an email to myself when someone connects to the VPN
12:40 < nickSwe> hyper_ch: login script:   http://fpaste.org/183433/
12:40 -!- aPollO2k is now known as apollo2k
12:40 <+hyper_ch> no idea... I can copy gigabytes of data without issue
12:41 <+hyper_ch> you own xxx.com? awesome :)
12:41 < nickSwe> So there is no obvious reasons for it to drop out based on my configs as you see it?  haha lol its masking! I wish I would own that domain name lol
12:41 <+hyper_ch> better use domain.tld
12:42 <+hyper_ch> because bots scavenge emai addresses ;)
12:42 <+hyper_ch> a possible reason would be becuase you use windows ;) but even that works fine for me
12:42 <+hyper_ch> tried with a linux client to connect and then test it?
12:44 < nickSwe> hehe... yeah I wish I did not have to. But its company computer and they force us to use windows for multiple reasons... I have not tested my elementaryos laptop over vpn. I can try with my android phone hang on...
12:45 <+hyper_ch> well, if it's for company, then you should up the encryption to 4096bit or higher
12:45 <+hyper_ch> and use tls-auth
12:46 < nickSwe> its not FOR company... I use it for connecting to my private server at home for personal reasons. My company has filtered out OpenVPN traffic since they use their Checkpoint VPN. So I am tethering wifi from my android phone to connect to my OpenVPN. Does it make sense?
12:46 <+hyper_ch> yes, so you can still go for 4096 bit with tls-auth
12:47 <+hyper_ch> how strong is that debian server?
12:47 <+hyper_ch> I mean cpu wise
12:48 < nickSwe> It is a i7 cpu, 8gb of ram
12:48 <+hyper_ch> that shouldn't be a bottleneck then
12:50 < nickSwe> I dont think so... OK so I tried on my android phone, connecting with OpenVPN android client successfully, then running JuiceSSH to connect... ran: "du -h" in root and it spits out all my files on screen right now and still running OK...
12:51 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has quit [Ping timeout: 276 seconds]
12:51 <+hyper_ch> so we can deduce:   android > windows 7
12:51 <+hyper_ch> s/deduce/summarize/
12:52 < nickSwe> Still keeping connection alive. When doing the same thing from my Windows laptop, my OpenVPN client drops the connection and kicks up my password prompt so that I have to reconnect again, and my SSH session is lost.
12:52 <+hyper_ch> user password prompt?
12:52 < nickSwe> Yeah when using the OpenVPN client on Windows 7, I have to specify my openvpn password upon connection
12:52 <+hyper_ch> also you can run tmux on the server ;)
12:53 <+hyper_ch> weird... using the 64bit openvpn client?
12:53 -!- pcupgrades is now known as `hypermist`
12:54 < nickSwe> OpenVPN GUI v1.0.3 Copyright 2004-2005 Mathias Sundman (info@openvpn.se)  Hmm did not know OpenVPN was Swedish - Just like myself ;)
12:54 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has joined #openvpn
12:55 <+hyper_ch> I still think ccTLD for Sweden should be .vi
12:55 < nickSwe> .vi ? Why is that?
12:55 <+hyper_ch> viking :)
12:55 < nickSwe> lol sounds about right!
12:56 < nickSwe> Hmm this client is from 2005... I found another one openvpn.net which is from dec 2014... i will try that one
12:56 <+hyper_ch> well, configs look alright to me....
12:56 -!- `hypermist` is now known as sleeepypc
12:56 <+hyper_ch> yeah, could be the clinet
12:58 -!- sleeepypc is now known as `hypermist`
13:02 < nickSwe> Here we go!
13:02 < nickSwe> So far it appears stable
13:02 < nickSwe> at least >more< stable than before
13:03 < nickSwe> wait... i take it back :P
13:03 < nickSwe> it dropped out again
13:04 <+hyper_ch> no replace windows7 with the kubuntu upgrade
13:04 <+hyper_ch> and all your troubles are a thing of the past
13:05 < nickSwe> I can imagine 15,000 users switching over to Kubuntu from Windows... Some are still on XP even
13:05 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:06 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:06 < nickSwe> and all millions of dollars invested in merging sharepoint with the windows desktop.
13:06 < nickSwe> just aint going to happen this decade lol
13:09 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 252 seconds]
13:18 <+hyper_ch> I have no idea what sharepoint is
13:18 <+hyper_ch> it's probably something that sounds a lot better than it actually is
13:20 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:28 -!- nickSwe_ [~quassel@12.182.11.116] has joined #openvpn
13:31 -!- nickSwe [~quassel@mobile-166-173-056-157.mycingular.net] has quit [Ping timeout: 246 seconds]
13:36 -!- nickSwe_ [~quassel@12.182.11.116] has quit [Ping timeout: 265 seconds]
13:37 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 245 seconds]
13:37 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
13:42 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
13:43 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
13:56 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
14:04 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
14:09 < SupaYoshi> Hey
14:09 < SupaYoshi> how do I get Netbios names working over OpenVPN?
14:10 -!- Exagone313 [exa@ewd.ovh] has quit [Quit: see ya!]
14:19 < SupaYoshi> i can access em by the IP but not by name
14:24 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
14:29 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
14:31 <+esde> See peksters advice from earlier: <pekster> SupaYoshi: Easy fix: use DNS as it was intended (rob0 has a good writeup on dnsmasq somewhere, probably easy to find via search.) Otherwise you can use WINS or something awful, but DNS is really how you translate names to IPs
14:32 <+esde> <pekster> NBNS is a boadcast-based service, and WINS is the "microsoft way" to do that over OSI L3. DNS does that all without the hassle of L2 broadcasts or MS-specific protocols and servers involved
14:32 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:34 -!- Popsikle [~popsikle@pool-72-69-117-20.nycmny.fios.verizon.net] has quit []
14:35 < SupaYoshi> Hey pekster
14:35 < SupaYoshi> How are you?
14:37 < SupaYoshi> I have my local dns server set up as the vpn dns already
14:37 <+esde> http://rob0.nodns4.us/dnsmasq.html
14:37 <@vpnHelper> Title: DNS in OpenVPN: a better approach (at rob0.nodns4.us)
14:37 <+esde> might be the write-up he mentioned
14:37 < SupaYoshi> thanks
14:37 < SupaYoshi> let me seeeee
14:47 -!- techevo [~simon@93.158.36.59] has joined #openvpn
14:54 -!- mattock is now known as mattock_afk
14:56 -!- Exagone313 [~exa@elou.world] has joined #openvpn
15:19 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 265 seconds]
15:19 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
15:23 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
15:32 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:37 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:47 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
15:50 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:55 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
15:56 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
16:12 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
16:12 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
16:22 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
16:29 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
16:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:53 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-rieqrzyyiebxopng] has quit [Read error: Connection reset by peer]
16:54 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-svfuujbyglzvriss] has joined #openvpn
16:57 -!- Exagone313 [~exa@elou.world] has quit [Read error: Connection reset by peer]
17:00 -!- Exagone313 [~exa@elou.world] has joined #openvpn
17:10 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-svfuujbyglzvriss] has quit [Read error: Connection reset by peer]
17:11 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 240 seconds]
17:11 -!- d10n [~d10n@unaffiliated/d10n] has quit [Ping timeout: 256 seconds]
17:13 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
17:19 -!- Exagone313 [~exa@elou.world] has quit [Quit: see ya!]
17:19 -!- Exagone313 [znc@elou.world] has joined #openvpn
17:21 -!- Exagone313 [znc@elou.world] has quit [Client Quit]
17:24 -!- Exagone313 [znc@elou.world] has joined #openvpn
17:25 -!- Exagone313 [znc@elou.world] has quit [Client Quit]
17:25 -!- Exagone313 [znc@elou.world] has joined #openvpn
17:26 -!- Exagone313 [znc@elou.world] has quit [Remote host closed the connection]
17:27 -!- Exagone313 [znc@elou.world] has joined #openvpn
17:28 -!- techevo [~simon@93.158.36.59] has quit [Ping timeout: 244 seconds]
17:49 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
17:55 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:00 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:03 -!- Rapture [~Rapture@c-50-174-153-89.hsd1.ca.comcast.net] has joined #openvpn
18:03 < Rapture> I enabled google authenticator for my openVPN access server and one user can't seem to get google auth to work.
18:04 < Rapture> we go through the setup and after scanning the barcode we click "I scanned the qr code"
18:04 < Rapture> after we try to login again it again asks us to scan a barcode
18:04 < Rapture> like openvpn isn't saving the "I clicked"
18:04 < Rapture> any ideas?
18:05 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
18:07 < pekster> openvpn does not have any concept of managing your 2FA auth secrets
18:07 < pekster> That's up to whatever backend you're using to do your 2FA; have you consulted its documentation?
18:07 < Rapture> so the issue would be the users phone?
18:07 < pekster> Probably not
18:08 < Rapture> it's google authenticator
18:08 < pekster> OpenVPN does _not_ ship with any 2FA auth system
18:08 < pekster> I know; you're not listening. OpenVPN does not support, out of the box, the OATH TOTP implementation to which you are referring
18:08 < Rapture> my openVPN access server disagrees
18:08 < pekster> !as
18:08 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
18:08 < pekster> Wrong channel
18:08 < Rapture> it's an option to enable google auth
18:08 < pekster> AS is a commercial value-add service wrapped around the 2.2.x OpenVPN series, and a licensed product
18:09 -!- Rapture [~Rapture@c-50-174-153-89.hsd1.ca.comcast.net] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
18:10 < pekster> the /TOPIC must be black-on-black (or white/white) or something
18:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 265 seconds]
18:34 -!- `hypermist` is now known as sleepypc
18:41 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:47 -!- akkad [akkad@dns.mauthesis.com] has joined #openvpn
18:48 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
18:48 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:49 -!- badon_ [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
18:50 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:51 <+esde> http://rob0.nodns4.us/dnsmasq.html pekster is this the writeup you referred to earlier?
18:51 <@vpnHelper> Title: DNS in OpenVPN: a better approach (at rob0.nodns4.us)
18:53 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:00 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-nftcsihxblzznqnw] has joined #openvpn
19:05 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Ping timeout: 246 seconds]
19:09 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
19:09 -!- mode/#openvpn [+v RBecker] by ChanServ
20:00 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-skameahyblivyxdm] has joined #openvpn
20:11 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
20:12 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
20:32 -!- sleepypc is now known as `hypermist`
20:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 265 seconds]
21:19 -!- Josh` [~Josh@2601:e:2180:6f:d954:5833:e6d9:10b9] has joined #openvpn
21:21 < Josh`> I'm having difficulty understanding the cert schema, is there a guide somewhere that can explain just enough so I can wrap my head around the process? (running OpenVPN on pfsense, attempting to get my clients to connect)
21:23 < Josh`> I've already created the CA on the server, as well as the server certificate, Should I sign my clients with the same CA as the server?
21:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:31 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:36 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 264 seconds]
21:40 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
21:57 < pekster> Josh`: Generally, yes (unelss you're doing some rather advanced split-CA setup, but save the ninja-stuff for later, perhaps.) Maybe a intro to PKI concepts would be useful? See:
21:57 < pekster> !intro-to-pki
21:57 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
22:06 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Read error: Connection timed out]
22:08 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
22:10 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-skameahyblivyxdm] has quit [Quit: Connection closed for inactivity]
22:11 -!- wmp [~wmp@sored/admin/wmp] has quit [Read error: Connection reset by peer]
22:14 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 245 seconds]
22:16 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
22:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:49 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
22:51 -!- Josh` [~Josh@2601:e:2180:6f:d954:5833:e6d9:10b9] has quit [Quit: Leaving]
23:06 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 245 seconds]
23:09 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:12 <@ecrist> sup kids?
23:17 -!- Erock23 [~mint@unaffiliated/erock23] has joined #openvpn
23:19 -!- ShadniX [dagger@p5481DE2B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:19 -!- ShadniX_ [dagger@p5481D72D.dip0.t-ipconnect.de] has joined #openvpn
23:20 -!- ShadniX_ is now known as ShadniX
23:26 <+hyper_ch> got a cold :(
--- Day changed Tue Feb 10 2015
00:03 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
00:13 < jeev> weak
00:13 < jeev> oh, that was an hour ago
00:18 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
00:50 -!- funyun [~funyun@gateway/vpn/privateinternetaccess/funyun] has joined #openvpn
00:51 < funyun> what is the default username and password for openvpn AS? the page comes up but i don't know the login details..
00:53 <+hyper_ch> !as
00:53 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
00:57 < funyun> nobody is awake over there. anyone here know?
01:00 -!- BookPage [~BookPage@74-95-0-146-SFBA.hfc.comcastbusiness.net] has joined #openvpn
01:00 < BookPage> has anyone got openvpn client running on a docker container?
01:03 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Quit: i don’t know why i think pressing ctrl-c harder will help.]
01:06 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
01:08 -!- neonixcoder [~surendra@59.167.66.240] has joined #openvpn
01:08 < neonixcoder> !welcome
01:08 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
01:08 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
01:09 < neonixcoder> !howto for beginners
01:09 < neonixcoder> !'howto for beginners'
01:09 < neonixcoder> !howto
01:09 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
01:10 < neonixcoder> !goal
01:10 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
01:15 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 252 seconds]
01:16 -!- mattock_afk is now known as mattock
01:18 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
01:31 -!- neonixcoder [~surendra@59.167.66.240] has quit [Ping timeout: 246 seconds]
01:39 -!- funyuns [~funyun@cpe-74-141-27-123.swo.res.rr.com] has joined #openvpn
01:40 -!- funyun [~funyun@gateway/vpn/privateinternetaccess/funyun] has quit [Ping timeout: 250 seconds]
01:53 -!- apollo2k is now known as aPollO2k
01:54 -!- funyuns [~funyun@cpe-74-141-27-123.swo.res.rr.com] has quit [Quit: leaving]
01:59 -!- user3 [~user@162.38.218.222] has joined #openvpn
01:59 < user3> Hi
01:59 < user3> hm, my registration didnt work, why my name is user3 ...
01:59 < user3> llbe back
01:59 < user3> bye
01:59 -!- user3 [~user@162.38.218.222] has quit [Client Quit]
02:01 -!- user3 [~user@162.38.218.222] has joined #openvpn
02:01 -!- Erock23 [~mint@unaffiliated/erock23] has quit [Read error: Connection reset by peer]
02:01 -!- user3 is now known as eolien
02:01 < eolien> hi
02:02 < eolien> i have some pb to set up my openvpn
02:02 < eolien> it worked
02:02 < eolien> but then i wanted to activate routing
02:02 < eolien> it dont work
02:02 < eolien> so i changed to udp to try, and then i cant connect locally too
02:03 < eolien> i mean, openvpn dont open connexion
02:03 < eolien> 1° worked with tcp, acces to my 192.168.0.0/24 port 443
02:04 < eolien> 2° activate routing and iptables masquerading : able to connect to my 192.168.0.0/24, but not acces the web through vpn
02:05 < eolien> 3° changing tcp to udp, in my server.conf, and client.conf, opened 443 udp port in my router, and then vpn client cant connect
02:07 < eolien> in 2°, i edited my server.conf to "push "redirect-gateway def1 bypass-dhcp"
02:07 < eolien> "
02:08 < eolien> client side it stops at "Tue Feb 10 09:08:31 2015 MANAGEMENT: >STATE:1423555711,WAIT,,,"
02:09 < eolien> waiting for server
02:09 < eolien> server side : Tue Feb 10 07:15:51 2015 Initialization Sequence Completed
02:11 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:22 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
02:28 -!- toli_ [~toli@d51A4CC08.access.telenet.be] has joined #openvpn
02:30 < toli_> guys, do you know any document refer to howto make config file which refers to another folder to read configs? I have a lot of openvpn config files and I want to separate them in different folders
02:35 -!- BookPage [~BookPage@74-95-0-146-SFBA.hfc.comcastbusiness.net] has quit [Ping timeout: 265 seconds]
02:37 -!- eolien [~user@162.38.218.222] has quit [Quit: WeeChat 1.1.1]
02:46 -!- toli__ [~toli@d51a4cc08.access.telenet.be] has joined #openvpn
02:49 -!- toli_ [~toli@d51A4CC08.access.telenet.be] has quit [Ping timeout: 244 seconds]
03:14 -!- aPollO2k is now known as apollo2k
03:16 -!- flyingkiwi [~flyingkiw@nat.hamburg.contentfleet.com] has joined #openvpn
03:17 -!- Latrina [~Latrina@adsl-ull-87-248.45-151.net24.it] has quit [Ping timeout: 244 seconds]
03:20 -!- Latrina [~Latrina@adsl-ull-118-240.45-151.net24.it] has joined #openvpn
03:23 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:23 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
03:29 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
03:31 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
03:35 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
03:37 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
03:54 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Read error: Connection reset by peer]
04:00 -!- toli_ [~toli@d51A4CC08.access.telenet.be] has joined #openvpn
04:04 -!- toli__ [~toli@d51a4cc08.access.telenet.be] has quit [Ping timeout: 256 seconds]
04:08 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 264 seconds]
04:09 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
04:10 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
04:57 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 250 seconds]
05:03 < toli_> guys, do you know any document refer to howto make config file which refers to another folder to read configs? I have a lot of openvpn config files and I want to separate them in different folders
05:04 -!- swebb [~swebb@192.69.23.161] has quit [Ping timeout: 245 seconds]
05:04 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Remote host closed the connection]
05:06 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:14 -!- pipi- [~pipi-@unaffiliated/pipi-] has joined #openvpn
05:18 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
05:23 <+hyper_ch> toli_: linus?
05:24 <+hyper_ch> s/s/x/
05:24 < toli_> hyper_ch, yep linux
05:24 <+hyper_ch> just make a symlink
05:24 <+hyper_ch> ln -s /path/to/actual/client.conf xxxxx.con
05:24 <+hyper_ch> f
05:25 <+hyper_ch> also you could embed keys and certs into the config files
05:25 < toli_> can't I do a file"config /openvpn/configs/network1" and there put all my net1 config files?
05:25 < shimano> sorry for off topic, but maybe you could help me... I'm trying to get date of unixtime from found file (by filename): find /tmp/ -type f -mmin +3000 -mmin -3600 |date -d `awk -F '/' '{print "@"$4}'` "+%d.%m.%Y, %H:%I:%S"
05:25 < shimano> but it wont work
05:26 <+hyper_ch> shimano: /j #bash
05:26 <+hyper_ch> you can somehow
05:27 <+hyper_ch> toli_: but not really sure what you're trying to do
05:27 <+hyper_ch> why not just symlink them?
05:27 < toli_> hyper_ch, because I have 30 config files and they are to 3 separate networks
05:28 <+hyper_ch> why do you have 30 config files for 3 networks?
05:28 < toli_> hyper_ch, because most of them are p2p connections
05:29 <+hyper_ch> still fail to see the issue
05:30 < toli_> well, I want to put all the conf files of NET1 into the folder NET1 and all the files of NET2 into the NET2 folder
05:30 <+hyper_ch> then do that
05:31 < toli_> but openvpn is not reading the files into the subfolders
05:31 <+hyper_ch> it does
05:31 < toli_> ah ok! I will try this now
05:32 < toli_> didn't want to test without being sure:)
05:32 < toli_> thx
05:32 < pekster> toli_: You can "chain" configs by using the --config directive, but this is not what you appear to want as that will apply directives to a _single_ configuration instance (just split up into chunks.) OpenVPN will treat all options passed on the CLI and configs files as a single set of options per instance
05:33 < pekster> Check your distro init documentation as userlands usually ship a way to launch and manage/control multiple instances
05:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
05:33 < toli_> thanks pekster I will check that
05:41 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
05:42 < toli_> hyper_ch, fyi, it does not look into the subfolders in the /etc/openvpn/ :)
05:42 <+hyper_ch> just make a symlink to the conf there
05:42 <+hyper_ch> then it reads the files
05:42 <+hyper_ch> or adjust the init script accordingly
05:43 < toli_> kk
05:55 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:18 -!- wiuempe [~wmp@sored/admin/wmp] has joined #openvpn
06:31 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 246 seconds]
06:39 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
06:40 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
06:52 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:31 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
07:44 -!- CasperVector [~CasperVec@221.10.85.141] has joined #openvpn
07:47 < CasperVector> Hello #openvpn, is it possible at all to run OpenVPN in the TUN dev-type under Linux without things like iptables?  (Please forgive me if this question sounds stupid :()
07:53 <+hyper_ch> what do you mean without iptables?
07:57 < CasperVector> hyper_ch: roughly like "without using firewalls at all"...
07:57 -!- manitou [~manitou@unaffiliated/manitou] has quit [Ping timeout: 250 seconds]
07:58 <+hyper_ch> as server or as client?
07:58 < CasperVector> hyper_ch: server.  Sorry for forgetting to mention it just now :(
07:59 <+hyper_ch> well, you need ip forwarding enabled on the server
08:00 <+hyper_ch> and if you want to run services on a client you need to also to forward according incoming port requests
08:00 <+hyper_ch> besides that, you don't need a firewall I'd say
08:00 <+hyper_ch> !linipforward
08:00 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
08:01 < CasperVector> hyper_ch: Thanks.  I was not sure whether #3 is mandatory...
08:01 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
08:20 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
08:25 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has joined #openvpn
08:26 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has joined #openvpn
08:26 -!- shadowe989 [~shadowe98@74-32-104-186.dr01.rmny.wv.frontiernet.net] has quit [Remote host closed the connection]
08:30 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
08:36 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:38 -!- sireebob [sireebob@unaffiliated/sireebob] has joined #openvpn
08:43 -!- CasperVector [~CasperVec@221.10.85.141] has left #openvpn []
08:44 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:47 -!- net125mp [~rsooddft@unaffiliated/net125mp] has joined #openvpn
08:48 < net125mp> im attempt to connect to my vpn via terminal, im using openvpn --config openvpnconfigfile   and i keep getting this eror"you must define tun/tap device --dev
08:48 < net125mp> any idea ?
08:52 < net125mp> actually if i run   #openvpn --config configfile.ovpn  i get  "error openeing oconfiguration file
08:52 < net125mp> cmd-line 1
09:07 < Zedax> net125mp: on the config file you need tu put either "dev tun" or "dev tap"
09:16 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
09:20 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
09:25 < Zedax> is there any way to build openvpn on cygwin with polarssl 1.3x? (using the github source)
09:35 -!- tekk [~me@185.17.149.149] has joined #openvpn
09:39 -!- net125mp [~rsooddft@unaffiliated/net125mp] has left #openvpn ["Leaving"]
09:52 -!- toli_ [~toli@d51A4CC08.access.telenet.be] has quit [Quit: Leaving]
10:02 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:04 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 240 seconds]
10:31 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Excess Flood]
10:32 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Ping timeout: 272 seconds]
10:36 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:37 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
10:56 -!- liriel [~liriel@asia.feralhosting.com] has quit [Ping timeout: 255 seconds]
10:57 -!- liriel [~liriel@asia.feralhosting.com] has joined #openvpn
10:58 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 252 seconds]
10:59 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.1.1]
11:06 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
11:14 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:16 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:16 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:27 -!- `hypermist` is now known as sleepypc
11:31 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
12:15 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:16 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
12:47 -!- ayaka [~ayaka@124.72.228.182] has joined #openvpn
12:47 < ayaka> could I build openvpn with polarssl in windows?
12:49 <+esde> why couldnt you?
12:49 < ayaka> esde, then how to do that, it doesn't cover by the document
12:49 < ayaka> should I use mingw? or could I use visual stdio to do that?
12:50 <+esde> ah. so you really want to know how it's possible, not if it's possible
12:52 <+esde> well. https://openvpn.fox-it.com/lifecycle.html would be less work. and the source code is freely available
12:52 <@vpnHelper> Title: OpenVPN-NL (at openvpn.fox-it.com)
12:53 <+esde> no experience with it, but it was one of the first google results
12:58 < ayaka> esde, I see thank you
12:58 <+esde> np
12:58 < ayaka> then let me find out how do they do that
13:00 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 252 seconds]
13:00 <+esde> https://openvpn.fox-it.com/background.html might be worth a read
13:00 <@vpnHelper> Title: OpenVPN-NL (at openvpn.fox-it.com)
13:01  * esde points to the mailing list
13:03 -!- Exagone313 [znc@elou.world] has quit [Quit: see ya!]
13:04 -!- Exagone313 [exa@elou.world] has joined #openvpn
13:04 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
13:06 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:06 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:09 < Zedax> about the same thing i asked before if there's a way to build the github openvpn with polarssl 1.3x , i'm not able to even build it with the old 1.2 tree.. :/
13:09 < Zedax> it build perfectly on linux
13:09 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 250 seconds]
13:09 < Zedax> s*
13:17 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:19 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
13:23 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has left #openvpn []
13:27 < akkad> so if I generate a bunch of keys/certs for developers to connect, it seems like they can connect without explicit permission.
13:35 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:37 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:39 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
13:45 -!- iGamer [898ba9fd@gateway/web/cgi-irc/kiwiirc.com/ip.137.139.169.253] has joined #openvpn
13:45 < iGamer> Can't believe I'm back here, but I need help
13:45 < iGamer> Ok, I have a working OpenVPN server. But I'm on a college network that only has ports 443 or 80 open.
13:46 < iGamer> When I connect the server using either of those ports in the config, it doesn't connect.
13:46 < MrSavage> iGamer: so you set your openvpn to work off of 443, simple
13:46 < MrSavage> also 443 is SSL which openvpn supports
13:46 < iGamer> Right, but it doesn't connect when I have port 443 in the config
13:46 < iGamer> yet on other networks, I can use it just fine.
13:47 < iGamer> College networks suck.
13:47 < MrSavage> iGamer: did you set it in your client.conf and in your server.conf?
13:47 < iGamer> the server doesn't specify a port since its a web address. It allows any port.
13:48 < iGamer> I'll post my client.conf
13:49 < iGamer> http://pastebin.com/ExvqyPec
13:52 < iGamer> Those are the only two open ports I can find. 80 and 443.
13:53 < iGamer> But it just keeps saying "Waiting for server response"
13:53 < MrSavage> iGamer: wait so you're not hosting openvpn on your own VPS?
13:53 < MrSavage> because your server has to be hosting on port 443
13:54 < iGamer> Nope, ended up buying a service that had a deal
13:55 -!- pr0t [~NoFace@68-190-208-189.dhcp.gldl.ca.charter.com] has joined #openvpn
13:55 < pr0t> Does anyone know how openvpn determines that hostname of the host it is on?
13:56 < pr0t> I am trying to configure the web interface with my wild card ssl cert but it keeps erroring with hostnames do not match.
13:56 <+esde> que?
13:56 < iGamer> Any ideas?
13:57 < pr0t> I get this error - Hostname u'x.x.x.x' doesn't match certificate domain(s): *.xxxx.org, xxxx.org
13:57 < pr0t> but my hostname is set correctly
13:58 < MrSavage> pr0t: well i can't help you, you'll have to ask your service to change the port it's being hosted
13:59 <+esde> s/pr0t/iGamer
13:59 < pekster> "the web interface" ??
13:59 < MrSavage> yes
13:59 <+esde> heh
13:59 < pekster> If you're running your own website, you should verify your own DNS settings
13:59  * esde gets popcorn
14:00 < pr0t> openvpn-as, sorry maybe this is the wrong channel
14:00 <+esde> bingo!
14:00 < iGamer> I can change it to any port on my home network and connect fine
14:00 < pekster> !as
14:00 < iGamer> its on this college network that it doesn't allow anything.
14:00 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
14:01 -!- pr0t [~NoFace@68-190-208-189.dhcp.gldl.ca.charter.com] has left #openvpn ["Leaving"]
14:01 <+esde> iGamer, it's possible that is in fact the problem
14:02 < MrSavage> regardless he could it working via port 443
14:02 < MrSavage> if his openvpn host actually hosted on port 443
14:02 <+esde> well
14:02 <+esde> fwiw
14:02 < iGamer> tried 443 last night, connected perfectly
14:02 < iGamer> at home
14:02 <+esde> when i was helping him previously, i was helping as if he had control over the remote server
14:03 <+esde> so im not sure how his client machine is currently configured
14:04 -!- iGamer [898ba9fd@gateway/web/cgi-irc/kiwiirc.com/ip.137.139.169.253] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
14:04 <+esde> wouldnt you want 443/tcp and not udp? ignore me if im being an idiot again
14:04 <@krzee> !tcp
14:04 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
14:05 <+esde> krzee, i understand all that factoid has to say about it. I was asking if he needs to use tcp instead of udp, just to make the connection due to the firewalling beyond his control
14:05 <+esde> as i've never been in such a position or had to deal with such a use-case
14:05 <@krzee> try dns port first, and maybe other common udp ports
14:06 <+esde> he's gone now
14:06 <+esde> im just asking if it's possible its not working since he's using 443/udp and not 443/tcp
14:06 <@krzee> gotchya
14:09 <+esde> so im gathering it shouldnt matter
14:09 <+esde> but is it possible the school is blocking udp on that port? or that would break other things too (like skype), right?
14:14 <@krzee> skype has all sorts of magic for keeping connections
14:16 <+esde> i heard somewhere that's what most of the code is, just different tricks to punch holes in firewalls
14:23 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 252 seconds]
14:44 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Ping timeout: 256 seconds]
14:47 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
15:06 -!- mattock is now known as mattock_afk
15:27 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
15:33 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:34 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
15:57 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
16:11 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:17 < akkad> if I create certs/keys with pkitool for many users and they all seem able to connect by default. how do you block unauthroized access?
16:17 < akkad> can anyone with a cert connect? or only those generated from the same CA?
16:18 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
16:22 < pekster> Only those _signed_ by that CA (or more accurately, signed by a root CA the server trusts.) Ideally you don't generate client certs on your CA, but sometimes this concept of 'key escrow' is done in smaller deployments where auditable ownership of private keys is not important
16:22 < pekster> akkad: See also:
16:22 < pekster> !intro-to-pki
16:22 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
16:24 < pekster> To be clear, that should have read "ideally you don't generate client keypairs on the CA" (the requests are always signed, becoming newly issued certs, by a CA)
16:29 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:39 < akkad> thanks
16:44 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:47 < akkad> ok I see ccd-exclusive needs to be set. assuming all keys not listed will be banned?
16:47 -!- imsomeoneelse [~eh@wsip-98-190-221-98.dc.dc.cox.net] has quit [Quit: ChatZilla 0.9.91.1 [Iceweasel 31.4.0/20150113105201]]
16:49 -!- imsomeoneelse [~eh@wsip-98-190-221-98.dc.dc.cox.net] has joined #openvpn
16:49 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
16:58 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Quit: Leaving]
17:19 -!- dob1 [~d@dynamic-adsl-78-12-177-47.clienti.tiscali.it] has joined #openvpn
17:21 < dob1> hi, connecting to openvpn via android client i get a lot of these errors/warning TLS Error: incoming packet authentication failed from .... , Authenticate/Decrypt packet error: bad packet ID,  i have just read some topic about these issues, key-direction on client is set to 1, server 0
17:22 < dob1> connecting to the vpn via a pc client gives me no errors/warning
17:22 -!- imsomeoneelse [~eh@wsip-98-190-221-98.dc.dc.cox.net] has quit [Changing host]
17:22 -!- imsomeoneelse [~eh@unaffiliated/imsomeoneelse] has joined #openvpn
17:23 <+esde> dob1, you need to think about the differences in your $windows_client and your $other_client
17:23 < dob1> esde, i don't have any windows client
17:24 <+esde> s/$windows_client/$working_client
17:24 <+esde> happy now?
17:25 <+esde> make sure the certs/keys were generated from the same CA
17:25 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
17:26 < dob1> esde, the vpn works, i can access server resource, but i have these messages
17:26 < dob1> i was thinking about the tls-auth key, but it is correct
17:27 < dob1> and if it was not i was not able to connect
17:27 < pekster> mis-matched comp-lzo settings are a frequent cause of that
17:28 <+esde> are we missing parts of the actual error?
17:28 < dob1> the strange fact is that i have another openvpn, on another server, same configuration, different keys, certificates, and i can connect to it without these error message
17:28 <+esde> are we missing parts of the actual error?
17:28 <+esde> i.e. - have you redacted anything
17:29 <+esde> that error as you pasted it looks, incomplete
17:29 < dob1> ok sorry, one second
17:29 < pekster> Nothing overly relevant (see ssl.c:1279 (as of v2.3.6 tag)
17:30 <+esde> I'm just wondering (and forgive my stupid uninformed self for trying to think, again), if it's just a replay error, and is innocuous for the most part
17:31 < dob1> this is complete http://pastebin.com/d7i44zFH
17:31 <+esde> \m/
17:31 <+esde> i's a replay error
17:31 < dob1> what does it means?
17:31 <+esde> could just be a faulty nic
17:31 <+esde> that was my problem
17:31 < pekster> "maybe", but there's also crypto.c:376 (ref line 239 for the raw error text)
17:31 < pekster> NIC issue? That's very unlikely
17:32 <+esde> fixed my right up
17:32 <+esde> switched from 3com to intel and havent seen an error since
17:32 <+esde> *me
17:32 < dob1> sorry, what is a replay error?
17:32 <+esde> !replay
17:32 <+esde> :(
17:32 < pekster> Yes, obviously everyone has your problem becauase you once did, and grep is a hard tool to use to begin to learn how the code works
17:33 < pekster> dob1: see --replay-window in the manpage (!man) for a description. Basically links with a high product of speed * latency can queue up enough packets in transit to overflow the default protections, or things can just arrive out of order sometimes
17:33 <+esde> anyway, dob1 do you have auth in the offending machines config? and if so, is it not present in the serverside config?
17:33 <+esde> https://forums.openvpn.net/topic15588.html
17:33 <@vpnHelper> Title: OpenVPN Support Forum Authenticate/Decrypt packet error: packet HMAC authenticatio : Server Administration (at forums.openvpn.net)
17:33 < pekster> It's also possible the packets are actually being tampered with and replayed on purpose, but openvpn is smart enough to catch and disallow this
17:33 <+esde> this case was offending directives
17:34 < dob1> ok, so you said it's a nic problem, but consider this, i can connect to another vpn server from this phone, android client, without seeing this error.  I can connect to the server with other pc, as i said, without any error. so which nic?
17:34 <+esde> for me my issue was the openvpn client nic
17:34 < pekster> I didn't say that, no. But feel free to hunt that down if you'd like
17:34 <+esde> but there's not a sure thing thats your problem
17:34 <+esde> as pekster was so quick to point out
17:34 < pekster> Even a blind man pins the tail on the donkey now and then..
17:35 <+esde> i am not sure what that is even supposed to mean
17:35 <+esde> but OK
17:35 < dob1> esde, auth in the offending machine, i don't know i just imported the profile in the android app
17:36 < dob1> it has not auth, tls-auth and key-direction 1
17:36 <+esde> no auth is different
17:36 <+esde> and as mentioned in the thread, you'd likely see some indication that you're using the directive incorrectly, if that were the case
17:37 <+esde> anything like this in your logs? "WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'"
17:37 < pekster> Or, instead of guessing, you do this:
17:37 < pekster> !configs
17:37 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:37 <+esde> but guessing is so much more exciting when you guess correctly
17:37 <+esde> (;
17:37 < pekster> And instead of suggesting your highly untlikely "hardware problem" is the cause, you could stop and think of what might be causing packet id errors is commonly the compression
17:37 -!- paxmark9 [~paxtormar@199.21.149.142] has joined #openvpn
17:38 < pekster> I once had a NIC get hit by lightening, but I'm hardly going to suggest this is the next person's problem becuase "it once happened to me." That's insane.
17:38 <+esde> as if im forcing my idea, but i digress.
17:38 < pekster> You wasted far too much time and OP thought it was worth something.
17:38 < pekster> But whatever, clearly you have things well in hand. Go nuts.
17:39 < dob1> i can post server and client config, just have to remove inline key/cert from the client
17:44 < dob1> server http://pastebin.com/MSRdp5eQ   client http://pastebin.com/yZzxNd2p
17:44 < dob1> server debian, client android
17:44 <+esde> com-lzo matches
17:45 <+esde> tls-auth key direction is correct
17:46 < dob1> openvpn version 2.2.1-8+deb7u3
17:46  * esde shudders
17:48 < dob1> thanks anyway esde
18:10 < dob1> well, just an update about my issue, i just used another openvpn client for android and no error's messages. strange again...
18:11 < dob1> as i said, using the other client (the one with that gives me errors) with another vpn gives me no errors
18:13 < pekster> dob1, fwiw, I believe there's only one android client that's both up to date and built from the community-maintained sources. More info here:
18:13 < pekster> !android
18:13 <@vpnHelper> "android" is (#1) an open source OpenVPN client for ICS is available in Google Play, look for OpenVPN for Android. FAQ is here: http://code.google.com/p/ics-openvpn/wiki/FAQ or (#2) Direct Play link: https://play.google.com/store/apps/details?id=de.blinkt.openvpn or (#3) Old (pre-ICS) device? See: !android-old or (#4) You can get the apk directly from http://plai.de/android/ or (#5)
18:13 <@vpnHelper> https://code.google.com/p/ics-openvpn/wiki/FAQ
18:14 < dob1> pekster, i am using it right now, before i was using openvpn-connect
18:15 < pekster> That's a completely different codebase that shares no code (mostly thanks to apple's NDA)
18:15 < pekster> !connect
18:15 <@vpnHelper> "connect" is (#1) OpenVPN Connect is part of the commercial, non-free (non-GPL) corporate offering; see #openvpn-as for help with these. For the community-maintained GPL OpenVPN, see !download for download links, !android for GPL-openvpn on Android, or !howto for the beginner how-to guide or (#2) https://forums.openvpn.net/post34969.html#p34969 or (#3) the source is here:
18:15 <@vpnHelper> http://staging.openvpn.net/openvpn3/ except for the portion that may not be released because of NDA with apple (for its vpn API)
18:16 < pekster> At the end of the day, connect is designed to play with the non-free AS product. Some folks have success mixing-and-matching implementations, while others seem to run into some issues
18:18 < dob1> thanks for the info
18:24 <+esde> check the time too
18:25 <+esde> if the clock is off on one or both sides, it will cause that error
18:26 <+esde> for android i use ntpsync
18:26 < pekster> FUD isn't helpful; a consistent but incorrect clock does nothing so long as any TLS auentication still passes
18:26 <+esde> https://forum.pfsense.org/index.php?topic=71434.0
18:27  * pekster doesn't care. I've run openvpn with clocks off (UTC-set liveCDs work just fine, for instance. I'm hours behind UTC)
18:27 < pekster> You're full of crap
18:27 <+esde> lol
18:57 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:21 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:27 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
19:29 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 252 seconds]
19:31 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
19:41 -!- cattune [~bryan110@unaffiliated/bryan110] has joined #openvpn
19:42 -!- paxmark9 [~paxtormar@199.21.149.142] has left #openvpn ["Leaving"]
19:47 < cattune> Hi all....just wanted to explore the security aspects of vpn vs a shorter non encrypted route....to date I've been using a local ISP without vpn for email and banking though this lets my isp log all activity....if I were to switch to vpn the local ISP would only see encrypted traffic flow but the connection path to the host server would be much longer...does this mean a decrease in security
19:47 < cattune> or increase in the possiblr attack vectors??
19:48 < cattune> possible
20:07 -!- dob1 [~d@dynamic-adsl-78-12-177-47.clienti.tiscali.it] has quit [Quit: Leaving]
20:09 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
20:10 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:10 -!- badon_ is now known as badon
20:10 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
20:14 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:17 -!- adaptr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 246 seconds]
20:25 <@ecrist> cattune: you're asking vpn 101 stuff.  what are you *actually* concerned with?
20:26 -!- adaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
20:35 -!- sleepypc is now known as `hypermist`
20:46 < akkad> is ccd-exclusive required?
20:48 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
20:50 < cattune> ecrist: sorry wasn't watching..:)
20:51 < cattune> I was just attempting to evaluate the situation for the "lesser of two evils" in this case
21:14 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:20 < akkad> so is it possible that when ccd-exclude is not set, that anyone could be able to connect to my vpn server?
21:20 < akkad> when I enable it, no one can connect
21:41 <@krzee> akkad, ccd exclusive makes it so only valid users which *also* have a ccd entry may connect
21:41 <@krzee> !ccd
21:41 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
21:42 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 250 seconds]
21:44 <@krzee>   akkad without that option only valid users may connect to your server
21:44 <@krzee> with it only valid users *with a ccd entry* may connect
21:48 < akkad> So I need to create a ccd entry for each one
21:48 < akkad> ok
21:51 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
21:51 < nullsign> hi guys..
21:51 < nullsign> im trying to circumvent the great firewall of china.
21:51 < nullsign> to do so, i am tunneling to openvpn via SSH
21:51 < nullsign> which works fine,
21:51 < nullsign> but once my openvpn connection is made over the ssh tunnel, my ssh tunnel breaks, which of course - breaks the openvpn tunnel
21:51 < nullsign> is there a setting/option i should be using to keep this from happening?
21:52 < nullsign> basically im doing a simple ssh forward/tunnel via ssh -o TCPKeepAlive=yes -L 1194:127.0.0.1:1194 -l [userid] remote ip
21:56 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
21:56 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
21:58 < nullsign> any thoughts?
21:58 <+esde> !obfsproxy
21:58 <@vpnHelper> "obfsproxy" is (#1) For a writeup on using obfsproxy with OpenVPN see https://syria.hacktivist.me/?p=148 or (#2) See also !obfs. The link to TrafficObfuscation also contains a setup example
21:59 <+esde> !obfs
21:59 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
21:59 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
22:00 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Excess Flood]
22:00 <+esde> no need for the ssl tunnel
22:00 < nullsign> yeah but i want to use the ssh tunnel
22:00 < nullsign> as they only let me send ssh out
22:00 <+esde> but why?
22:00 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
22:00 <+esde> so put it on port 22
22:00 < nullsign> then i'll lose ssh on that host.
22:00 < nullsign> rather not move ssh around
22:00 < nullsign> and just leverage openvpn normally
22:00 < nullsign> i think a static route might fix this.. lemme see
22:01 <+esde> you wouldnt lose it....
22:01 <+esde> !portshare
22:01 <+esde> !share
22:01 <+esde> hmmm
22:01 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 252 seconds]
22:01 <+esde> there is a share directive IIRC
22:01 <+esde> https://doc.pfsense.org/index.php/Sharing_a_Port_with_OpenVPN_and_a_Web_Server
22:01 <@vpnHelper> Title: Sharing a Port with OpenVPN and a Web Server - PFSenseDocs (at doc.pfsense.org)
22:01 <+esde> (not pfsense specific)
22:02 -!- K1rk [~Kirk@5.135.221.149] has quit [Ping timeout: 252 seconds]
22:02 <+esde> should work
22:02 -!- K1rk [~Kirk@5.135.221.149] has joined #openvpn
22:03 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
22:03 <+esde> anyway if you have any questions krzee might be of assistance if he's about, but im off good luck! :)
22:08 -!- MyChris_ [~DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has joined #openvpn
22:11 < MyChris_> Anyone around who's dealt with Routing and having the clients keep their Virtual source address rather then bridging?
22:14 < MyChris_> http://sprunge.us/RZOO
22:15 < MyChris_> Can't get it to keep the virtual address as the source address when accessing other systems on LAN it uses the OpenVPN server's host address.
22:17 < MyChris_> I've also already added a static route in my SRX to handle it following ( https://community.openvpn.net/openvpn/wiki/RoutedLans#no1 )
22:17 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
22:42 -!- shio [marmot@145.121.101.84.rev.sfr.net] has quit [Ping timeout: 264 seconds]
22:43 -!- Perun [~perun@89.238.78.61] has quit [Ping timeout: 272 seconds]
22:44 < MyChris_> This channel is always dead :(
22:57 <+esde> i wish i could get this speed over openvpn https://imgur.com/a/5SxT0 instead of just open internet
22:57 <@vpnHelper> Title: Imgur (at imgur.com)
22:58 < MyChris_> esde I wish I could route my shit properly lol
22:58 <+esde> routing is fun /s
23:00 < MyChris_> "/s"
23:06 <+esde> :)
23:12 -!- cattune [~bryan110@unaffiliated/bryan110] has left #openvpn []
23:17 -!- ShadniX [dagger@p5481D72D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:18 -!- ShadniX [dagger@p5DDFC154.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
--- Day changed Wed Feb 11 2015
00:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
00:17 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
00:52 -!- mattock_afk is now known as mattock
01:01 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 252 seconds]
01:14 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
01:36 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:58 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:08 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 264 seconds]
02:20 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:58 < MyChris_> esde: I think iGamer's issue from before
02:58 < MyChris_> was actually in relation to the host
02:59 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:02 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
03:24 -!- shio [marmot@145.121.101.84.rev.sfr.net] has joined #openvpn
03:49 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Read error: Connection reset by peer]
03:59 -!- MyChris_ [~DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has quit [Ping timeout: 246 seconds]
04:05 -!- wiuempe is now known as wmp
04:05 -!- pipi- [~pipi-@unaffiliated/pipi-] has quit [Ping timeout: 256 seconds]
04:06 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:13 -!- MyChris_ [DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has joined #openvpn
04:34 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
04:34 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:35 -!- badon_ is now known as badon
04:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:44 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
04:58 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
05:00 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has joined #openvpn
05:11 < Otacon22> I am tunnelling all my traffic through a tap VPN running over UDP on a machine connected to a 100Mbps symmetric link, however I get only 10Mbps upload through the VPN
05:12 < Otacon22> could that be a MTU issue?
05:16 <+hyper_ch> krzee: https://gigaom.com/2015/02/10/samsung-tvs-start-inserting-ads-into-your-movies/
05:16 <@vpnHelper> Title: Samsung TVs start inserting ads into your movies Tech News and Analysis (at gigaom.com)
05:17 <+hyper_ch> Otacon22: or could be too slow a cpu
05:17 <+hyper_ch> or your isp might fiddle with packages
05:18 < Otacon22> hyper_ch, checking with openssl speed I see good speed on the cpu side
05:18 < Otacon22> also with iperf it's 100mbps
05:18 <+hyper_ch> I never achieve 100mbps on a 100mbps line :(
05:26 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has quit [Read error: Connection reset by peer]
05:31 -!- Z-Chymera [~chymera@130.60.232.177] has joined #openvpn
05:32 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
05:35 < Z-Chymera> hi guys, seeing as I am not very proficient in networking, the only way I was able to get openvpn to work was this http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
05:35 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
05:36 < Z-Chymera> how might I be able to extend this tutorial so that I can use multiple servers from one client, and a server from multiple clients?
05:36 < Z-Chymera> cupying the static ke to every machine should be easy (though a bit less secure, I guess) - but what do I do about the ifconfig line?
05:42 <+hyper_ch> on each server use a different subnet
05:43 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has joined #openvpn
05:46 < Z-Chymera> hyper_ch: and on the client? I would need to have 3 entries to the ifconfig line, right?
05:46 <+hyper_ch> why not use config files instead?
05:47 <+hyper_ch> on all linux distros I know each .conf file in /etc/openvpn/ will be auto started
05:47 <+hyper_ch> and that way I maintain currently 4 vpn connections
05:50 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 255 seconds]
05:57 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:09 -!- mirco_ [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco_]
06:19 < Z-Chymera> hyper_ch: yes, I am talking about the ifconfig line in the config files under /etc/openvpn
06:19 < Z-Chymera> so you have 1 config file per server/client combination, and you start them as individual services?
06:19 < Z-Chymera> I had hoped I can just start one service which gives all of my clients access to all of my servers?
06:20 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has quit [Read error: Connection reset by peer]
06:32 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has joined #openvpn
06:59 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Quit: Lost terminal]
06:59 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
07:03 -!- aep [~aep@libqxt/developer/aep] has quit [Ping timeout: 244 seconds]
07:04 -!- ayaka [~ayaka@124.72.228.182] has left #openvpn ["离开"]
07:04 -!- aep [~aep@libqxt/developer/aep] has joined #openvpn
07:13 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
07:38 -!- lbft is now known as Gorn
07:50 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
07:58 -!- geosmin [~geosmin@199.19.94.16] has joined #openvpn
07:58 < geosmin> something weird. before yesterday if i'd do systemctl status openvpn@$VPN.service i'd see openvpn's output
07:59 < geosmin> now i see nothing, even though the connection is succesful
08:06 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has joined #openvpn
08:09 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has quit [Ping timeout: 244 seconds]
08:12 -!- geosmin [~geosmin@199.19.94.16] has quit [Ping timeout: 252 seconds]
08:15 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
08:24 -!- Gorn is now known as lbft
08:50 -!- manitou [~manitou@unaffiliated/manitou] has quit [Read error: No route to host]
09:07 < Z-Chymera> hyper_ch: still around?
09:23 -!- Stalker_LV [~Stalker@217.28.52.66] has joined #openvpn
09:30 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
09:36 -!- Stalker_LV [~Stalker@217.28.52.66] has quit [Quit: Stalker_LV Ðåøèë âàñ ïîêèíóòü, ïðîâåäÿ â IRC 16mins 7secs (èç íèõ â ñîñòîÿíèè away: 0secs), Ïîñëåäíÿÿ ìûñëü:]
09:38 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 272 seconds]
09:40 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
09:50 <+hyper_ch> Z-Chymera: no
10:08 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Quit: Leaving]
10:26 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Quit: Lost terminal]
10:28 -!- ayaka [~ayaka@124.72.228.182] has joined #openvpn
10:28 < ayaka> about build openvpn on windows, on this time, only build on mingw is supported?
10:33 < ayaka> the information I could find in https://community.openvpn.net/openvpn/wiki/BuildingOnWindows seems too old
10:33 <@vpnHelper> Title: BuildingOnWindows – OpenVPN Community (at community.openvpn.net)
10:34 < ayaka> I have no idea how to build on windows now
10:36 <+esde> ayaka, if you have development questions, the development channel may be the best place to have them answered. :)
10:46 < ayaka> sorry, I don't think it is a development question before
10:47 < ayaka> esde, thank you
10:50 -!- `hypermist` is now known as sleepypc
11:01 -!- ayaka [~ayaka@124.72.228.182] has left #openvpn ["离开"]
11:26 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
11:34 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:31 -!- MyChris_ [DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has quit [Ping timeout: 245 seconds]
12:49 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Quit: leaving]
12:57 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
12:59 -!- Z-Chymera [~chymera@130.60.232.177] has quit [Ping timeout: 256 seconds]
12:59 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
13:05 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 265 seconds]
13:08 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
13:11 -!- brianblaze420 [~brianblaz@unaffiliated/brianblaze] has joined #openvpn
13:11 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
13:12 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 265 seconds]
13:23 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
13:34 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
13:34 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
14:33 -!- Ben` [~b3n@gateway/shell/blinkenshell.org/x-jjbhftvywyabfqug] has quit [Ping timeout: 244 seconds]
14:36 -!- Ben` [b3n@gateway/shell/blinkenshell.org/x-fgvwqiyzjdxuuhvu] has joined #openvpn
14:57 -!- krphop [~krphop@watch.out.the.feds.are.rightbehind.us] has joined #openvpn
15:00 -!- brianblaze420 [~brianblaz@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! YES YOU!]
15:06 -!- mattock is now known as mattock_afk
15:26 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has joined #openvpn
15:27 < Zedax> anyone knows what's the error that appears when trying to configure openvpn on cygwin to build?
15:27 < Zedax> https://bpaste.net/show/b6e43951a390
15:27 < Zedax> it detects polarssl but at the end it says: configure: error: polarssl crypto is required but missing
15:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:39 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 252 seconds]
15:43 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
15:56 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
16:22 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:36 -!- MyChris_ [DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has joined #openvpn
16:38 -!- Otacon22 [~Otacon22@109.53.20.89] has joined #openvpn
16:48 -!- desssita [~desss@87.97.190.13] has joined #openvpn
16:48 -!- desssita [~desss@87.97.190.13] has left #openvpn []
17:40 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:45 -!- Zedax [d4e1d545@gateway/web/freenode/ip.212.225.213.69] has quit [Quit: Page closed]
18:02 -!- darlinger [~jd@172.56.40.160] has joined #openvpn
18:03 < darlinger> o/
18:03 < darlinger> !welcome
18:03 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
18:03 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:03 < darlinger> !goal
18:03 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
18:03 < darlinger> !/30
18:04 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
18:06 < darlinger> alright :) i just have a couple of quick questions: if you're using ifconfig-pool-linear, do you have to use the ifconfig-pool option or can you just use the server "[subnet] [netmask]" setting with it?
18:07 < darlinger> and with ifconfig-pool-linear, what are the client files in ccd supposed to look like? is there still an address solely with the vpn for routing and then the address that is assigned to the client?
18:07 < darlinger> so, say ifconfig-push 10.8.0.4 10.8.0.5?
18:08 -!- wox [~bartleby@unaffiliated/scroy] has joined #openvpn
18:08 < darlinger> i'd like to use up only one address per client
18:09 < wox> hey
18:09 < wox> I can't get the openvpn systemd service to successfully restart after resuming from suspend
18:09 < darlinger> wox: do you have logs?
18:10 < wox> sure
18:10 < wox> !paste
18:10 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
18:12 < wox> http://ur1.ca/jpe1b
18:12 <@vpnHelper> Title: #184495 Fedora Project Pastebin (at ur1.ca)
18:12 < darlinger> gracias :)
18:12 < wox> the update-resolv-conf.sh is from here: https://wiki.archlinux.org/index.php/OpenVPN#DNS
18:12 <@vpnHelper> Title: OpenVPN - ArchWiki (at wiki.archlinux.org)
18:13 < wox> the basic story is that resolve fails
18:13 < darlinger> wox: question, are you on using wifi when you do this?
18:14 < wox> yes, right
18:14 < wox> so my best guess is it's trying to resolve the gateway before the network is up
18:14 < darlinger> because what may be happening is that your openvpn daemon may be trying to connect quicker than your NIC can connect
18:14 < darlinger> ^ yes that
18:15 < darlinger> wox: i think there may be an option to make openvpn sleep before reconnecting
18:15 < wox> which means it's a systemd problem.. (I did post on #systemd)
18:15 < darlinger> wox: what do you mean? as far as them not putting in a hook to see if you have gateway before proceeding to reconnect?
18:16 < wox> well, a problem with my configuration more likely
18:16 < wox> though it would be nice if it just worked
18:17 < darlinger> wox: openvpn. just worked. hahaha
18:17 < darlinger> i get your sentiment
18:18 < darlinger> i'm in the middle of reworking my server and my clients because the setup i have now sucks and some of my clients can't resolve
18:20 < darlinger> hmmm i think i just answered my own question.
18:21 < darlinger> i'm guessing with ifconfig-pool-linear, you can just use "ifconfig-push 10.8.0.1 10.8.0.x" for each client, assuming that the server is on 10.8.0.1
18:26 < wox> networking is such a tricky beast
18:28 < darlinger> i friggin love it. like, i'm mostly a sysadmin guy with linux over the last few years
18:28 < darlinger> but openvpn has been sort of my gateway (pardon the pun) into the world of networking
18:28 < darlinger> and the world of networking is pretty cool
18:28 <+esde> darlinger, nice
18:29 <+esde> it's slowly working it's magic here too
18:29 <+esde> emphasis on slowly
18:30 < wox> i must say i have respect for the experts
18:30 < wox> heads full of convoluted cables
18:31 < darlinger> lol, only if they do their cable management wrong ;)
18:31 < darlinger> esde: lol i have no idea what you mean. this is my first time here
18:31 < darlinger> esde: could you possibly give me an answer on my questions/assumptions? ^
18:35 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Remote host closed the connection]
18:35 <+esde> darlinger, see !howto, there's sample config's included :)
18:39 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
18:50 < darlinger> esde: for ifconfig-pool-linear specifically?
18:50 < darlinger> !howto
18:50 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
18:52 < darlinger> esde: because i just finished getting through the how-to. it tells you how to set up static ips / configs for clients compatible with the windows tun driver
18:53 < darlinger> esde: as far as doing it the other way where you only use 1 ip per client it tells me to use ifconfig-pool-linear and then stops there
18:54 < darlinger> it's a little discouraging
18:54 < darlinger> to say the least
18:59 <+esde> darlinger, im sorry i had gone afk for a sec
18:59 <+esde> im not the best with routing, but there are some really brilliant minds in here
18:59 < darlinger> esde: lol it's fine. i just have to leave for class in like the next five minutes
18:59 <+esde> if you idle, eventually someone will help :)
19:00 <+esde> use a bouncer
19:00 <+esde> or leave the window up
19:00 <+esde> then your answer will be here when you get back
19:00 <+esde> :)
19:00 < darlinger> esde: i have neither at the moment :/ but i will probably be back tonight
19:00 <+esde> awww
19:00 < darlinger> i know :(
19:00 <+esde> highlight me when you come back
19:00 < darlinger> are bouncers hard to get?
19:00 <+esde> and ill check my scrollback
19:00 <+esde> no not at all
19:00 < darlinger> esde: alright :D
19:00 < darlinger> esde: you don't have to set up your own server?
19:00 <+esde> yah we'll chat
19:01 <+esde> not necessarily
19:01 < darlinger> oh i'm guessing there are services? i need to get more up to date with this irc thing ;)
19:01 < darlinger> anyways. gotta go. thanks so much for your help!
19:01 <+esde> np
19:01 <+esde> off to dinner myself
19:05 < wox> what a pita
19:05 -!- Denial [~Denial@81.141.17.243] has quit [Ping timeout: 240 seconds]
19:06 < wox> amazing how much time this stuff eats up
19:06 < wox> i just have no idea how to proceed
19:06 <+esde> i'd help but im out the door as we speak
19:07 -!- Denial [~Denial@host31-52-126-18.range31-52.btcentralplus.com] has joined #openvpn
19:08 <@ecrist> wox: what's your issue?
19:09 < wox> ecrist: resolve fails after resuming from suspend
19:10 < wox> i'm using systemd, it seems to be restarting at the wrong time
19:10 <@ecrist> wox: the pink bunny wears slippers after noon
19:10  * ecrist needs more context
19:10 < wox> i'll pass that to systemd sleep
19:11 < wox> ecrist: yeah it's in backscroll. i can repost
19:11 < wox> logs http://ur1.ca/jpe1b
19:11 <@vpnHelper> Title: #184495 Fedora Project Pastebin (at ur1.ca)
19:12 < wox> that RESOLVE error is the issue
19:12 < wox> i am using a systemd service to run openvpn
19:13 < wox> whenever it comes back from sleep, it fails to resolve. restarting the service manually works
19:14 <@ecrist> systemd is something dazo is familiar with
19:14 < wox> dazo_afk: ?
19:15 < wox> i posted in #systemd too, its slower in there
19:15 < akkad> how can I test if my openvpn server allows anyone to connect?
19:16 <@ecrist> akkad: connect to it
19:18 < akkad> with any CA/cert?
19:18 -!- darlinger [~jd@172.56.40.160] has quit [Ping timeout: 252 seconds]
19:18 <@ecrist> what are you concerned with?
19:19 < akkad> the fact everyone seems able to connect to it with a cert/key  they generated from the CA.crt
19:19 < akkad> and nothing was require to be updated on the server side to allow them explicitly.
19:19 <@ecrist> why can they create their own certs?
19:20 < akkad> some contractors set this up, and left. having to verify it's secure
19:20 < akkad> these are employees.
19:20 <@ecrist> so what?  every employee has access to the CA cert?
19:20 < akkad> they have the CA.cert and pkitool
19:20 < akkad> yes.
19:20 < akkad> again, not by design.
19:20 <@ecrist> they have the CA.key?
19:20 < akkad> I walked into this situation.
19:20 < akkad> How, not why, is always the question.
19:20 <@ecrist> well, there is a solution
19:20 < akkad> Suggest instead it's a bad idea vs "why?!?!"
19:21 < akkad> trying to understand if the openvpn server is wide open, or only open to those with access to the CA.crt and keys generated from it, ala PKI
19:21 <@ecrist> add --ccd-exclusive to your server config
19:21 <@ecrist> also, you'll need --client-config-dir <dir>
19:22 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
19:22 <@ecrist> where <dir> is a directory where client-specific configurations can go
19:22 <@ecrist> the first options *requires* a file with the CN exist in the client config directory
19:22 < akkad> excellent. thanks. so the CA.cert is still required to get access? this is the critical concern I'm trying to identify
19:22 <@ecrist> see the man page.
19:22 < akkad> yeah I turned it on, and no one could connect :P
19:22 <@ecrist> if they can create certificates, they have the key, not just the ca cert
19:22 < akkad> trying to identify scope of access
19:23 < akkad> right. it's all in git.. :(
19:23 <@ecrist> that's fucking retarded
19:23 < akkad> I agree
19:23 < akkad> again, disregard my shitty haircut, and understand that the circumstances are beyond the control of those in this conversation
19:23 < akkad> :D
19:23 <@ecrist> but the ccd-exclusive allows you to restrict *who* or rather, which, certificates are allowed to connect
19:24 <@ecrist> also, you could enforce user/pass, or change the certificates the VPN uses
19:25 < akkad> that's the plan. just it's a dependency of all employees atm, which means downtime. but openvpn will still limit connections to ONLY those keys created under that CA cert/key?
19:25 < akkad> or is there an open mode where it's completely open
19:26 <@ecrist> there is an 'open' mode
19:26 <@ecrist> --client-cert-not-required
19:26 < akkad> excellent, thanks for being patient
19:27 <@ecrist> fwiw, this is all in the manual...
19:32 < akkad> Yeah, our contractor, Manuel was fired.
19:34 -!- wox [~bartleby@unaffiliated/scroy] has quit [Ping timeout: 255 seconds]
19:45 -!- tpw_rules [~tpw_rules@li242-215.members.linode.com] has joined #openvpn
19:45 < tpw_rules> hey. what's the recommended key security? i have 1024 bit keys as evidenced by dh1024.pem. should i generate 2048 bit ones? it was the default when i installed another server
19:50 < akkad> never use power of 2. computers break those easier.
19:51 < tpw_rules> um
19:51 < tpw_rules> you can't actually do that?
19:53  * akkad uses trinary based systems all the time
19:53 < tpw_rules> when is it going to start using elliptic curve instead of rsa?
19:58 -!- Otacon22 [~Otacon22@109.53.20.89] has quit [Ping timeout: 250 seconds]
20:09 <@ecrist> akkad: wtf are you talking about?
20:17 < akkad> FreeBaSeD supports it
20:17 <@ecrist> supports what?
20:20  * esde passes ecrist a beer
20:20 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
20:21 < tpw_rules> do either of you have an answer that makes sense?
20:21 < tpw_rules> is 2048 bit that much of an improvement?
20:21 <@ecrist> tpw_rules: 2048 is sufficient.  If you're paranoid, run 4096
20:21 <@ecrist> your diffie-hellman file only needs to be generated once
20:22 < tpw_rules> what about 1024? will it eventually support elliptic curve?
20:22 < tpw_rules> if i want to upgrade, what do i need to change?
20:23 < tpw_rules> do i need to rebuild all my keys or just the diffie hellman parameters?
20:23 <@ecrist> eventually, probably,  today, not likely
20:23 <@ecrist> just the dh params
20:23 < tpw_rules> oh that's it? cool
20:24 -!- MyChris_ [DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has quit [Disconnected by services]
20:24 < tpw_rules> so all i have to do is change to dh2048.pem and restart the server? that was easy
20:24 <@ecrist> yup
20:25 -!- MyChris_ [DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has joined #openvpn
20:29 < tpw_rules> it worked, thank you!
20:30 -!- tpw_rules [~tpw_rules@li242-215.members.linode.com] has left #openvpn ["Evil will always triumph, because good is dumb."]
20:31 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Remote host closed the connection]
20:34 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
20:43 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
20:44 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:45 -!- badon_ is now known as badon
20:46 -!- sleepypc is now known as `hypermist`
20:47 -!- CGML_ [~CGML@unaffiliated/cgml] has joined #openvpn
20:48 -!- Starthunder [~blackl@unaffiliated/moonlightning] has quit [Quit: The Nightmares will Collide. And become a Dream. <3]
20:52 -!- moparsthbest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
20:52 -!- Netsplit *.net <-> *.split quits: CGML, Brando753, Anoniem4l, moparisthebest
20:55 -!- Netsplit over, joins: Brando753
20:56 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
21:00 -!- xelar [~X@leto.feralhosting.com] has joined #openvpn
21:02 < xelar> hi guys, I’m having trouble to setup openvpn on my server. I’ve done it a few times, but this time I can’t get any internetconnection after I connect to the VPN. I have ip forward activated and also NAT in iptables. dunno what else could cause it, it seems that the client is not getting any routes from the server
21:02 <+esde> !welcome
21:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
21:02 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:03 <+esde> We need some info from openvpn first :)
21:03 <+esde> and from your iptables
21:04 < pekster> xelar: You haven't stated your goal yet; start there
21:04 < pekster> !goal
21:04 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
21:05 < xelar> ok goal: i’d like to connect the internet over my vpn server
21:05 < pekster> For that, you want to start with the highly-useful flowchart:
21:05 < pekster> !redirect
21:05 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
21:05 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
21:06 < xelar> I have a few servers that are working already but this time I got stuck and can’t get an internet connection on the client
21:06 < pekster> The first step of which is a working VPN where you can ping between your endpoints, followed by more steps to identify the likely cause of the problem
21:07 < xelar> I likely have a firewall issue according to the handy flowchart ;)
21:07 < xelar> but I figured that already, the question is if you guys can help me fixing the firewall
21:07 < xelar> lets start with iptables -L -t nat
21:08 < xelar> Chain PREROUTING (policy ACCEPT)
21:08 < xelar> target     prot opt source               destination
21:08 < xelar> Chain INPUT (policy ACCEPT)
21:08 < xelar> target     prot opt source               destination
21:08 < xelar> Chain OUTPUT (policy ACCEPT)
21:08 < xelar> target     prot opt source               destination
21:08 < xelar> Chain POSTROUTING (policy ACCEPT)
21:08 < xelar> target     prot opt source               destination
21:08 < xelar> MASQUERADE  all  --  10.1.0.0/24          anywhere
21:08 < xelar> oh crap sorry for that
21:08 <+esde> !paste
21:08 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
21:08 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
21:08 < xelar> !configs
21:08 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
21:09 <+esde> !logs
21:09 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
21:09 <+esde> !route
21:09 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
21:09 <+esde> hmm thought there were iptables commands with that last one sorry about that
21:11 < pekster> xelar: For firewall assistance you'll need to post real rules, not worthless ones. More info at:
21:11 < pekster> !netfilter
21:11 <@vpnHelper> "netfilter" is Under Linux, use `iptables-save` to show firewall rulesets (add -c to include counters.) Do not use iptables -L as it is incomplete & often lies. #netfilter is more on-topic for detailed help.
21:28 < xelar> nevermind figured it out finally :)
21:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 252 seconds]
22:01 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Ping timeout: 250 seconds]
22:02 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Quit: I Was Just De-c0ded!]
22:04 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
22:07 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
22:32 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:18 -!- ShadniX [dagger@p5DDFC154.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:18 -!- ShadniX_ [dagger@p5794153A.dip0.t-ipconnect.de] has joined #openvpn
23:18 -!- ShadniX_ is now known as ShadniX
23:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:53 -!- u0m3 [~u0m3@109.96.141.114] has quit [Read error: Connection reset by peer]
23:59 < MyChris_> esde
--- Day changed Thu Feb 12 2015
00:00 < MyChris_> Are you around?
00:11 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
00:15 -!- u0m3 [~u0m3@109.96.141.114] has joined #openvpn
00:20 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
00:29 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Ping timeout: 265 seconds]
00:33 <+hyper_ch> krzee: http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/
00:33 <@vpnHelper> Title: One-Bit To Rule Them All: Bypassing Windows’ 10 Protections using a Single Bit - Breaking Malware (at breakingmalware.com)
00:47 -!- darlinger [~jd@172.56.40.160] has joined #openvpn
01:01 -!- mattock_afk is now known as mattock
01:05 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
01:11 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Ping timeout: 265 seconds]
01:12 -!- aulait [~irenacob@li629-190.members.linode.com] has quit [Remote host closed the connection]
01:20 -!- aulait [~irenacob@li629-190.members.linode.com] has joined #openvpn
01:38 < darlinger> esde: just came back to say that i solved all my problems :) while there wasn't a guide walking me through what i wanted to do, i was able to piece it all together
01:44 -!- FruitieX_ [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 265 seconds]
01:47 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
01:48 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
01:52 -!- darlinger [~jd@172.56.40.160] has quit [Quit: leaving]
01:57 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
02:16 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
02:21 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Remote host closed the connection]
02:36 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:51 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:53 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Ping timeout: 256 seconds]
03:23 -!- dazo_afk is now known as dazo
03:39 -!- cellardoor [~quassel@unaffiliated/cellardoor] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
03:52 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
03:54 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
03:58 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 255 seconds]
04:02 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
04:03 -!- Chais [~Chais@unaffiliated/chais] has quit [Quit: ZNC - http://znc.in]
04:05 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
04:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:27 -!- early [~early@105.ip-167-114-152.net] has quit [Read error: Connection reset by peer]
05:34 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
05:35 < shimano> If I use ccd, can I assign multiple IPs to one certified client?
05:35 <+hyper_ch> easy to test
05:36 < shimano> just add another ifconfig-push line? ;)
05:36 < shimano> Will not crash?
05:47 -!- Y0sh1 [~Y0sh1@TiP01.theinternets.nl] has quit [Quit: OK, Doei!]
05:48 -!- Y0sh1 [~Y0sh1@TiP01.theinternets.nl] has joined #openvpn
05:54 <+hyper_ch> easy to test
06:08 <@plaisthos> shimano: no
06:08 <@plaisthos> !iroute
06:08 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
06:10 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:29 <+hyper_ch> plaisthos: got an issue with your openvpn client on android 5/cm12
06:30 <+hyper_ch> Protecting socket fd 4
06:30 <+hyper_ch> Route von Android zurückgewiesen: 10.10.12.2/24 Bad address
06:31 -!- moparsthbest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 246 seconds]
06:36 <+hyper_ch> plaisthos: just imported the same .ovpn file into OpenVPN Connect and tehre it works fine
06:46 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
06:48 -!- wmp [~wmp@sored/admin/wmp] has left #openvpn ["Konversation terminated!"]
07:34 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:54 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has joined #openvpn
07:56 < Otacon22> Hello, I am tunnelling all my traffic through a tap OpenVPN running over UDP on a machine connected to a 100Mbps symmetric link, however I get only 10Mbps in upload (download is ~80Mbps) through the VPN. Could that be an MTU issue? the MTU of the physical link is 1500. Do I have to specify something MTU-related in the conf file?
07:57 < Otacon22> My CPU should be powerful enough. I checked using openssl speed aes. and I'm using aes in the openvpn config
07:58 < Otacon22> Looking with tcpdump on the physical interface I see quite a lot number of packets with small size. This is why I think that could be an MTU issue
08:12 <+esde> !tunortap
08:12 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
08:12 <@vpnHelper> rooted/jailbroken) support only tun
08:15 < Otacon22> esde, are you telling to me?
08:16 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
08:20 <@plaisthos> hyper_ch: just ignore that error
08:20 <@plaisthos> hyper_ch: 0.6.28 fixes that
08:20 <+hyper_ch> plaisthos: well, the connection won't get established :(
08:21 <+hyper_ch> which is inconvenient :)
08:21 <+hyper_ch> also cm12 breaks my super intruder setup :(
08:29 <@plaisthos> hyper_ch: do you get some error other than that?
08:29 <+hyper_ch> plaisthos: no, just that error and it seems no connection is established and I can't connect to my sip server through the vpn
08:30 <+hyper_ch> because I can't ping any vpn addresses
08:31 <+hyper_ch> now people can h4xx0r my cell phone again :(
08:32 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
08:35 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-jwmcuwtgkrtniweg] has joined #openvpn
08:37 <@plaisthos> hyper_ch: did you already email about that?
08:37 <+hyper_ch> yeah, but he needs google to fix it:  https://intangibleobject.uservoice.com/forums/216738-general/suggestions/6735637-android-5-0-issues --> https://code.google.com/p/android/issues/detail?id=79971
08:38 <@vpnHelper> Title: Android 5.0 Issues – intangibleObject Feedback and Support (at intangibleobject.uservoice.com)
08:38 <+hyper_ch> with tasker and secure settings you could observe failed login attempts and then e.g. take a pic and send an email
08:38 <+hyper_ch> and I set to to power off after 3 failed login attempts
08:38  * hyper_ch feels so vulernable now
08:42 -!- `hypermist` is now known as sleepypc
08:52 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 250 seconds]
08:57 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:59 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
09:02 <+hyper_ch> plaisthos: when will your updated version be in the playstore
09:15 <@plaisthos> hyper_ch: when the peer id bug is fixed in master
09:15 <@plaisthos> you can get the updated version from the playstore if you join the beta
09:15 <+hyper_ch> what is that?
09:16 <+hyper_ch> peer id I mean
09:19 -!- jmp242 [~jmp242@pc03.classe.cornell.edu] has joined #openvpn
09:22 <+esde> how to join beta
09:29 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
09:33 < jmp242> I'm trying to install the openvpn client x64 on Windows 7 x64 of 2.3.6. However, it keeps saying OpenVPN is already running and the install cannot continue...
09:33 < jmp242> any idea why it says that?
09:34 < jmp242> I check the process list, and no openvpn.exe
09:34 < jmp242> and no openvpn service I can see
09:34 <+hyper_ch> tried to reboot?
09:34 < jmp242> tested reboot as well
09:34 <+hyper_ch> reinstall windows ;)
09:35 < jmp242> great
09:35 <+hyper_ch> no idea
09:35 <+hyper_ch> check installed programs whether it has already an entry
09:36 < manitou> ghost in the shell . :)
09:37 <+hyper_ch> or maybe it's the Elders of the Internet
09:38 < manitou> jmp242: try to check if your network manager auto connect toopenvpn if yes thenremove ovpn connection
09:42 < lev__> plaisthos: you mean last mtu fix ?
09:45 < lev__> I guess we're waiting for an ack
09:47 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has joined #openvpn
09:47 < unaM> !welcome
09:47 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
09:47 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:50 <@plaisthos> lev__: yes, I want to run the code before acking
09:53 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
09:57 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
10:22 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
10:22 -!- impromptu [~impromptu@gateway/vpn/privateinternetaccess/impromptu] has joined #openvpn
10:23 < impromptu> how to check which cipher-algo is the connection VPN connection using ?
10:23 < impromptu> is there a cli command to check it ?
10:25 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 265 seconds]
10:31 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
10:34 -!- nickSwe [~quassel@cpe-76-187-131-228.tx.res.rr.com] has joined #openvpn
10:37 <+esde> impromptu, cipher is defined in the configuration files
10:38 < impromptu> esde, cannot we check what cipher-algo and HMAC is being used in a connection ?
10:38 <+esde> you can, look at your configuration file.
10:39 < impromptu> which file ?
10:39 <+esde> the one openvpn client is using to create the connection to the server.
10:40 <+esde> Or just open a ticket with PIA and ask if this is all too much for you.
10:40 < impromptu> esde, it has no information, I can show you that file
10:40 <+esde> !configs
10:40 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:40 <+esde> sure
10:41 -!- manitou [~manitou@unaffiliated/manitou] has quit [Ping timeout: 252 seconds]
10:41 <+esde> I realize you can't provide the serverside conf, but please remove any commenting and sensitive info like inline keys and certs
10:42 -!- justinzane [~justinzan@24.49.184.10] has quit [Ping timeout: 245 seconds]
10:51 -!- impromptu [~impromptu@gateway/vpn/privateinternetaccess/impromptu] has quit [Quit: Leaving]
10:51 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
10:52 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has quit [Ping timeout: 264 seconds]
11:06 <+esde> K
11:10 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
11:10 -!- roadrunner|2 is now known as road|runner
11:11 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:19 -!- eike_52n [~eike@leasedline-static-080-228-037-083.ewe-ip-backbone.de] has joined #openvpn
11:23 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:26 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
11:26 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
11:28 -!- eike_52n [~eike@leasedline-static-080-228-037-083.ewe-ip-backbone.de] has quit [Ping timeout: 246 seconds]
11:28 -!- impromptu [~impromptu@gateway/vpn/privateinternetaccess/impromptu] has joined #openvpn
11:31 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
11:36 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has quit [Quit: unaM]
11:51 -!- impromptu [~impromptu@gateway/vpn/privateinternetaccess/impromptu] has left #openvpn ["Leaving"]
12:00 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-jwmcuwtgkrtniweg] has quit [Quit: Connection closed for inactivity]
12:12 -!- manitou [~manitou@unaffiliated/manitou] has quit [Ping timeout: 246 seconds]
12:32 -!- ment0s [~ment0s@cpc6-bahd4-2-0-cust97.14-2.cable.virginm.net] has joined #openvpn
12:33 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Quit: elfixit]
12:33 < ment0s> Hello, Could someone point me in the right direction. I am trying to create multiple openvpn servers on lets say 6 VPS's( point-point only). Then I want 1 vps to have 6 VPN connections as a client to those servers.
12:34 <+hyper_ch> not really sure waht you mean
12:34 < ment0s> I want to have 1 VPS with 6 tun interfaces pointing to 6 VPS's
12:35 <+hyper_ch> go ahead
12:35 <+hyper_ch> just make 6 config files in /etc/openvpn/
12:35 <+hyper_ch> for each vps
12:35 <+hyper_ch> well, one for each vps
12:35 <+hyper_ch> and make sure the subnets don't collide
12:37 <+hyper_ch> e.g. use 10.8.{1..6}.x
12:37 < ment0s> so I create 6 client config files.
12:37 <+esde> or 0-5 :)
12:37 < ment0s> ohh, cheers. It really seems to be straight forward lol
12:37 <+esde> K I S S
12:38 <+hyper_ch> it is
12:41 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
12:43 -!- dangersalad [~user@pool-71-114-51-120.washdc.dsl-w.verizon.net] has joined #openvpn
12:45 < dangersalad> I have my desktop using openvpn to connect to the internet, and that is working fine. I want to be able to ssh to a machine that is locked down by IP address, which changes every time I restart the VPN. Is there a way to allow ssh to connect using my regular connection, rather than using the openvpn connection?
12:45 <+hyper_ch> I fail to comprehend
12:47 < dangersalad> I am connected to the internet using openvpn, so all my browsing/chat/irc traffic goes through a different ip, as do my ssh connections (from the computer, to a cloud server). I want these connections to not use openvpn, but rather to come straight from my router, meaning my real IP address
12:48 <+hyper_ch> good luck with that... can't really help you there
12:49 < dangersalad> any rooms I should check in? I am asking in #linux as well
12:49 <+esde> you need to firewall it that way
12:49 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
12:49 < dangersalad> ok, so I should set up a multistep ssh config target with agent forwarding I guess
12:49 < dangersalad> I was just wondering if there was another way rather thanadding another hop in my already laggy connection
12:50 <+hyper_ch> you use def1 for routing all traffic through the vpn?
12:51 < dangersalad> def1?
12:51 <+hyper_ch> how do you route all traffic through the vpn?
12:52 < dangersalad> client
12:52 < dangersalad> dev tun
12:52 < dangersalad> proto udp
12:52 < dangersalad> remote us-east.privateinternetaccess.com 1194
12:52 < dangersalad> resolv-retry infinite
12:52 <+esde> oh jo
12:52 < dangersalad> nobind
12:52 < dangersalad> persist-key
12:52 < dangersalad> persist-tun
12:52 <+esde> !paste
12:52 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
12:52 < dangersalad> ca ca.crt
12:52 < dangersalad> tls-client
12:52 <+esde> please dont flood again
12:52 < dangersalad> remote-cert-tls server
12:52 < dangersalad> auth-user-pass
12:52 < dangersalad> comp-lzo
12:52 <+hyper_ch> the server config is way more interesting
12:52 < dangersalad> verb 1
12:52 < dangersalad> reneg-sec 0
12:52 < dangersalad> crl-verify crl.pem
12:52 < dangersalad>  
12:52 <+esde> he isnt running the vpn
12:52 < dangersalad> oh... sorry about that
12:52 <+esde> its a vpn provider
12:52 < dangersalad> apologies
12:53 < dangersalad> this is ust a provider
12:53 <+hyper_ch> oh well, can't help...
12:53 <+esde> he has no serverside control
12:53 < dangersalad> I have another vpn server on my router so I can VPN to my home network from outside
12:53 < dangersalad> but that is function fine
12:53 < dangersalad> I wll look at the ssh hop, seems like my only method
12:54 <+esde> if you had a proper firewall, you could use openvpn client on the firewall and use some rules to allow whatever you want to hit your real ip
12:54 <+esde> but im assuming the openvpn client is running on your workstation
12:54 < dangersalad> esde: I have ddwrt, so the resources are there, I just have not done it yet.
12:55 <+esde> dd-wrt is kinda watered down
12:55 < dangersalad> esde: so I could probably easily do that in reverse
12:55 < dangersalad> esde: well, it has an openvpn client
12:55 <+esde> I'm thinking pfsense
12:55 <+esde> yeah but it's no where near a proper firewall
12:56 <+esde> i only use dd-wrt as firmware for my WAP, iirc it doesnt even support iptables
12:56 < dangersalad> esde: I see, unless pfsense will run on an arm v6 or v7, I am outta luck for that at the moment
12:56 <+esde> it'll run a ton of different hardware
12:57 < dangersalad> esde: there may be a way to set up the openvpn client on ddwrt and then have it only work on a virtual network, so anything connecting to the virtual AP will be routed through the vpn
12:57 <+esde> stop highlighting me on every line please. the channel is not crowded atm
12:58 <+esde> yeah you could do something like that
12:58 <+esde> if you put openvpn before the workstation, you'll have less headaches if you want to do anything special with routing
12:59 <+esde> unless the workstation was connected directly to the modem, but that's just foolish
12:59 < dangersalad> I am not that foolish
12:59 <+esde> (anything special with routing locally) is the key
13:02 <+esde> and freebsd doesn't run on ARM, so no luck there
13:02 <+esde> open-wrt i've heard is more functional than dd-wrt
13:03 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 256 seconds]
13:12 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 245 seconds]
13:25 <@plaisthos> esde: freebsd has an arm port
13:26 <@plaisthos> https://www.freebsd.org/platforms/arm.html
13:26 <@vpnHelper> Title: FreeBSD/ARM Project (at www.freebsd.org)
13:29  * esde clicks
13:29 <+esde> ooooooooooooooooooooooohhhhhhhhhhhhhhhhhhhhhhh
13:30 <+esde> soo pfsense arm is viable
13:30 -!- impromptu [~impromptu@gateway/vpn/privateinternetaccess/impromptu] has joined #openvpn
13:31 < impromptu> why is OpenVPN still using BF-CBC even though it is broken ?
13:32 <+esde> this is news to me
13:33 <+hyper_ch> you can set a cipher to use yourself
13:33 < impromptu> oh a lot of folks told me that BF is broken
13:33 <+esde> so what makes them right?
13:33 <+esde> can you prove your claim?
13:34 <+esde> https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors
13:34 <+esde> granted, it's weak, but not broken per se
13:36 < impromptu> so it is generally advised to choose AES-128 instead ?
13:37 <+esde> choose whatever works best for you
13:37 < impromptu> they all were talking about a leak NSA document
13:37 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
13:37 <+esde> if you have aes-ni available, aes will perform very well
13:37 < impromptu> What is AES-NI ?
13:38 <+esde> AES - new instructions. a feature on intel cpu's to accelerate crypto functions
13:39 <+hyper_ch> impromptu: it's an intel thingy for speeding up aes
13:39 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 256 seconds]
13:39 <+hyper_ch> impromptu: since 2nd gen intel core cpus
13:40 < impromptu> hyper_ch, I have 3rd gen
13:40 < impromptu> also 4th gen
13:41 <+esde> check ark to see if your cpu supports it
13:41 < impromptu> ok
13:41 < impromptu> AES-128 is what I want to switch to
13:41 <+hyper_ch> !cipher
13:41 <+esde> AES is ubiquitous these days :)
13:41 <+hyper_ch> no factoid... interesting
13:42 < impromptu> hyper_ch, :)
13:42 <+esde> pretty standard cipher for keeping secrets secret
13:42 < impromptu> ok
13:42 < impromptu> esde, is AES-256 over killing ?
13:42 <+esde> no
13:42 <+esde> if you can spare the extra cpu cycles
13:43 <+esde> !hardening
13:43 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
13:43 < impromptu> I mean it would of course decrease interface performance
13:43 <+esde> marginally
13:43 < impromptu> internet*
13:43 < impromptu> esde, upto 30 percent in many cases
13:44 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
13:44 < impromptu> and people with slower internet under 2 Mbps for example would get much less speed
13:44 < impromptu> so AES-128 is fine until news :)
13:44 <+esde> K. i didnt notice near a 30% increase when i went from aes-256-cbc to aes-128-cbc, but i wish i had
13:45 <+esde> i dont know what youretlaking about
13:45 <+esde> are you just talking out your ass?
13:45 < impromptu> I am talking what I see
13:45 <+esde> line speed has almost nothing to do with the crypto funtion being used
13:45 < impromptu> Am I wrong ?
13:45 < impromptu> does AES-256 affect internet speed ?
13:45 <+esde> so long as the processing power is there at the nics and cpus of the servers and clients, line speed is ancillary
13:45 < impromptu> wont encryption/decryption take time and slow the connection ?
13:46 <+esde> .......
13:46 <+esde> read what i said
13:46 <+esde> let it sink in
13:46 <+esde> if the hardware cant handle it, yes the connection will be slow
13:46 < impromptu> ok
13:46 < impromptu> :)
13:46 < impromptu> I have i5 3rd gen
13:46 < impromptu> and 4th gen
13:46 <+esde> if the hardware can handle it, you could do gigabit
13:47 <+esde> it's all dependent on your hardware
13:47 < impromptu> ok
13:47 < impromptu> I get it
13:47 < impromptu> so my computer can do AES-256 easily
13:47 <+esde> i can't say that.
13:47 < impromptu> maybe I did not configure it right
13:47 < impromptu> you can by knowing my processor
13:47 < impromptu> :)
13:47 <+esde> !spoonfeed
13:47 <+esde> !spoonfed
13:47 <+esde> !spoonfeeding
13:48 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html
13:48 < impromptu> esde, yay you did it :)
13:48 <+esde> go to ark.intel.com, look up your cpu and find out for ytourself
13:48 < impromptu> esde, I know where to look, I was just telling you :)
13:49 <+esde> if it's AES-NI enabled then yeah, it should handle AES instructions much better than it's non AES-NI enabled counterpart (from what i hear)
13:49 < impromptu> do you think openvpn works better with much less leaks on BSD and Linux in comparison with OS X and Windows ?
13:49 <+esde> no clue
13:49 < impromptu> ok
13:50 <+esde> bsd does tend to be more strict though
13:50 <@plaisthos> impromptu: we don't know of mem leaks on os x/windows
13:50 <+esde> (generally speaking)
13:50 < impromptu> most of the VPN providers suggest using GNU/Linux or BSD
13:50 < impromptu> instead of Windows and OS X
13:50 <+esde> there is wisdom to be had in that suggestion
13:51 < impromptu> I use GNU/Linux-libre
13:52 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 264 seconds]
13:53 -!- Taftse|Mac is now known as Taftse|Devil
13:55 -!- Taftse|Devil is now known as Taftse|Popcorn
13:55 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
13:56 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:57 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
13:58 -!- Taftse|Popcorn is now known as Taftse|SoldHisSo
13:58 -!- Taftse|SoldHisSo is now known as Taftse|Mac
14:02 -!- impromptu [~impromptu@gateway/vpn/privateinternetaccess/impromptu] has left #openvpn ["Leaving"]
14:19 -!- ccait [~caitlin@50.243.180.57] has joined #openvpn
14:20 -!- jmp242 [~jmp242@pc03.classe.cornell.edu] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"]
14:20 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:22 < ccait> Hello. Whenever I have a UDP server clients seem to hang around in the openvpn-status file for a significant amount of time after they disconnect. Is there any way to reduce this “lag”? I’ve played with the settings and looked online but couldn’t find anything. Thanks.
14:23 <+esde> keepalive? perhaps
14:25 < ccait> I do have a very long keepalive. (keepalive 60 480) but the TCP clients seem to be fine with it. Would it be a factor?
14:28 <+esde> not sure, sounded relevant. share the !logs and !configs pls
14:36 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
14:38 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:41 < ccait> Los and confs here: http://pastebin.com/jFb5f4kL
14:43 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
15:11 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
15:19 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
15:23 -!- unaM [~unaM@i15-les02-ntr-176-181-151-95.sfr.lns.abo.bbox.fr] has joined #openvpn
15:24 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
15:42 <+esde> set verb 4 on both sides, and show us the logs once the behavior happens again
15:43 -!- mattock is now known as mattock_afk
15:43 <+esde> (this isnt a fix, it's just to get more information about the problem)
15:49 <+esde> just curious, why are you running such a stale version of openvpn?
15:55 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 35.0.1/20150122214805]]
16:21 -!- shio [marmot@145.121.101.84.rev.sfr.net] has quit [Ping timeout: 245 seconds]
16:23 -!- shio [marmot@145.121.101.84.rev.sfr.net] has joined #openvpn
16:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:28 -!- ccait [~caitlin@50.243.180.57] has quit [Quit: ccait]
16:34 -!- floydwilde [floyd@2600:3c01::f03c:91ff:fe84:8ed8] has quit [Quit: WeeChat 1.0.1]
16:36 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
16:59 -!- unaM [~unaM@i15-les02-ntr-176-181-151-95.sfr.lns.abo.bbox.fr] has quit [Quit: unaM]
17:04 <@dazo> esde: the proper solution is --explicit-exit-notify in this case with ccait
17:04 -!- Denial [~Denial@host31-52-126-18.range31-52.btcentralplus.com] has quit [Read error: Connection reset by peer]
17:05 -!- Denial [~Denial@host31-52-126-18.range31-52.btcentralplus.com] has joined #openvpn
17:16 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:43 -!- dazo is now known as dazo_afk
17:47 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
17:56 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
19:12 -!- nickSwe [~quassel@cpe-76-187-131-228.tx.res.rr.com] has quit [Remote host closed the connection]
19:22 -!- u0m3 [~u0m3@109.96.141.114] has quit [Read error: Connection reset by peer]
19:30 -!- u0m3 [~u0m3@109.96.141.114] has joined #openvpn
19:30 -!- dangersalad [~user@pool-71-114-51-120.washdc.dsl-w.verizon.net] has quit [Remote host closed the connection]
20:06 -!- xelar [~X@leto.feralhosting.com] has quit [Quit: ZNC - http://znc.in]
20:08 <+esde> thank you dazo, i read up on it and learned something new :)
20:39 -!- sleepypc is now known as `hypermist`
20:49 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Quit: Konversation terminated!]
20:57 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
20:59 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 244 seconds]
21:33 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
21:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
22:06 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:57 < MyChris_> esde whats up
22:58 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
23:01 -!- u0m3 [~u0m3@109.96.141.114] has quit [Ping timeout: 264 seconds]
23:07 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
23:07 -!- u0m3 [~u0m3@109.96.141.114] has joined #openvpn
23:15 -!- ShadniX [dagger@p5794153A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:18 -!- ShadniX [dagger@p5481D0AD.dip0.t-ipconnect.de] has joined #openvpn
23:24 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
23:31 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
23:50 -!- kenyon_ [kenyon@darwin.kenyonralph.com] has quit [Remote host closed the connection]
23:50 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 272 seconds]
23:54 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
--- Day changed Fri Feb 13 2015
00:11 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
00:15 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
00:18 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
01:01 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
01:07 -!- rap_wrk [~rap_wrk@unaffiliated/rap-wrk/x-769542] has quit [Ping timeout: 246 seconds]
01:16 -!- mattock_afk is now known as mattock
01:21 -!- audle [~jay_lee@2602:306:399f:a2a0:9ce1:c18d:5f7d:e6a3] has joined #openvpn
02:14 -!- audle [~jay_lee@2602:306:399f:a2a0:9ce1:c18d:5f7d:e6a3] has quit [Quit: Leaving]
02:17 -!- mattock is now known as mattock_afk
02:19 -!- mattock_afk is now known as mattock
02:34 -!- novae [~novae@unaffiliated/novae] has quit [Remote host closed the connection]
02:39 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has joined #openvpn
02:59 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has joined #openvpn
03:19 -!- dazo_afk is now known as dazo
03:36 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has quit [Remote host closed the connection]
03:37 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has joined #openvpn
04:22 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
04:22 -!- elfixit [~Icedove@2001:1620:2018:11:863a:4bff:fe93:6310] has quit [Ping timeout: 265 seconds]
04:31 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:41 -!- ment0s [~ment0s@cpc6-bahd4-2-0-cust97.14-2.cable.virginm.net] has quit [Ping timeout: 264 seconds]
04:42 < unaM> Hi, I was wondering about dh fixed configuration. Why OpenVPN need a hard file to store dh.key ? During a TLS communication, dh keys are dynamically generated right ?
04:57 -!- grosjean [~grosjean@unaffiliated/grosjean] has joined #openvpn
04:57 < grosjean> yo all
04:58 < grosjean> running openvpn in chroot with plugin ldap do not work
04:58 < grosjean> i can't find element on docs fot this problem
04:58 < grosjean> any hints ?
04:58 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 240 seconds]
04:59 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
05:25 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
05:25 -!- Y0sh1 [~Y0sh1@TiP01.theinternets.nl] has left #openvpn []
06:00 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Quit: Lost terminal]
06:29 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:50 -!- tdn [~tdn@syrah.adora.dk] has joined #openvpn
06:52 < tdn> I have just set up a debian server as openvpn server with a few windows and linux clients. On the Windows clients, I have the problem that, even though the connection works (i.e., when I go to whatismyip.com, I get the VPN server's IP address), however, when I open an SSH connection to the VPN server it self and do a "who am i" command, I see that I am connected to SSH via the real public IP address. Not the VPN server's. I am concerned that connections "leak" ou
06:54 <+hyper_ch> !def1
06:54 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
06:58 < BtbN> tdn, there is no way to tunnel the actual server through the VPN. That would cause OpenVPN to try to reach the server through itself.
06:58 < BtbN> Obviously won't work.
06:58 < BtbN> Access the server via its IP on the VPN tunnel device if you want to access it through the VPN.
06:58 < BtbN> Its original IP will allways be a direct connection.
07:25 < tdn> BtbN, oh, so this is because this was the actual VPN server, I tested with? This will never happen on some other random connection?
07:27 < BtbN> just look at your routes, it added an explicit route to that ip via your actual nic
07:57 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has joined #openvpn
07:57 -!- krphop [~krphop@watch.out.the.feds.are.rightbehind.us] has quit [Ping timeout: 250 seconds]
07:57 < Otacon22>  Hello, I am tunnelling all my traffic through a tap OpenVPN running over UDP on a machine connected to a 100Mbps symmetric link, however I get only 10Mbps in upload (download is ~80Mbps) through the VPN. Could that be an MTU issue? the MTU of the physical link is 1500. Do I have to specify something MTU-related in the conf file?
07:57 < Otacon22> My CPU should be powerful enough. I checked using openssl speed aes. and I'm using aes in the openvpn config
07:58 < Otacon22> what is the recommended MTU setting in order to avoid high computational workload on the openvpn client ?
08:02 -!- MyChris_ [DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has quit [Ping timeout: 244 seconds]
08:05 < Otacon22> Another detail: on my 100mbps physical connection ICMP is blocked by my "provider", therefore I can't use path MTU discovery
08:05 < BtbN> shout at your provider then
08:05 < BtbN> icmp support is important
08:10 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 240 seconds]
08:12 < Otacon22> I'm in a university and they would laugh at me
08:12 < Otacon22> I know that the correct MTU is 1500
08:13 < Otacon22> can't I just force openvpn to only send IP datagrams of size<=1500 ?
08:13 < Otacon22> but without doing internal fragmentation
08:13 < BtbN> that's not OpenVPNs job to decide
08:13 < BtbN> just set the interface mtu correctly.
08:14 < Otacon22> BtbN, which interface?
08:14 < BtbN> the vpn interface.
08:14 < Otacon22> I don't know the openvpn overhead
08:14 < Otacon22> it's not documented
08:15 < BtbN> OpenVPN substracts that automaticaly from the value you set
08:15 < BtbN> default is 1500
08:15 < BtbN> try if 1472 works better
08:15 < Otacon22> my setup is this:
08:15 < Otacon22> OpenVPN server (eth0 - 1500)--->....--->(eth0) OpenVPN client (tap0)<-->(internal routing of the client)<-->(eth1)---->LAN
08:16 < Otacon22> the client is working as router for the lan
08:16 < Otacon22> tunneling all the LAN's traffic to the vpn
08:17 < Otacon22> my openvpn client and server setup are not specifying any detail about mtu. the config file it's vanilla
08:17 -!- justinzane [~justinzan@24.49.184.10] has quit []
08:18 < Otacon22> BtbN, you mean by setting with --tun-mtu ?
08:19 < BtbN> link mtu, or something like that
08:19 <@plaisthos> Otacon22: *laugh at icmp block*
08:19 < BtbN> But seriously, withput Path-MTU detection, you're lost anyway
08:19 <@plaisthos> Otacon22: did you look at mssfix?
08:20 < Otacon22> plaisthos, yes, but I'm not sure if I should modify the default value or not
08:20 <@plaisthos> Otacon22: just try :)
08:20 < Otacon22> plaisthos, what value should I set?
08:21 < Otacon22> all physical interfaces are 1500MTU
08:21 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:23 < grosjean> yop anyone for my ldap chroot pb ?
08:35 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 240 seconds]
08:36 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
08:39 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
09:02 -!- EthicalHacker [~khax@unaffiliated/ethicalhacker] has joined #openvpn
09:03 -!- EthicalHacker [~khax@unaffiliated/ethicalhacker] has left #openvpn ["Leaving"]
09:05 -!- hikenboot [~hikenboot@2601:6:7000:5b00:21b:21ff:fe54:42f7] has joined #openvpn
09:07 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
09:10 < hikenboot> hi! I found these directions for ubuntu which is wonderful. But I am ideally looking for 2 factor authentication capability if i can find it for free, or certificates + userpassword combo is there a good set of scripts for doing this with ubuntu anywhere?
09:10 < hikenboot> these are the great directions i am currently following http://www.slsmk.com/getting-started-with-openvpn/installing-openvpn-on-ubuntu-server-12-04-or-14-04-using-tap/
09:10 <@vpnHelper> Title: Installing OpenVPN on Ubuntu Server 12.04 or 14.04 using TAP | Super Library of Solutions (at www.slsmk.com)
09:10 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Remote host closed the connection]
09:11 <+hyper_ch> I don't believe in two factor authentication
09:12 < hikenboot> curious, why not hyper_ch?
09:12 <+hyper_ch> I just don't
09:12 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
09:13 < hikenboot> you must have  a reason. It seems to help secure things so you must have objections
09:13 <+hyper_ch> do you believe in god?
09:13 <+hyper_ch> or aliens?
09:15 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 246 seconds]
09:16 -!- BIF [BIF@unaffiliated/bif] has joined #openvpn
09:17 < hikenboot> both
09:18 < hikenboot> it would be dumb to think otherwise
09:19 < hikenboot> but that has nothing to do with 2 factor authentication
09:19 <+hyper_ch> do you believe in an after life? if so, why? if not, why not?
09:19 < hikenboot> I believe we are neither live nor dead but exist in a quantum superposition
09:20 <+hyper_ch> only usb has a superposition
09:20 < hikenboot> IC
09:22 < hikenboot> anyways could you help by at least pointing me to 2 factor authentication for openvpn directions  or to at least password + certificate directions, preferably that work with a ubuntu or debian install. I cant seem to find one. the directions i found are very complete but this is outside the scope of its intentions
09:22 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
09:25 < phreakocious> hikenboot: https://www.duosecurity.com/docs/openvpn
09:25 < phreakocious> works well
09:27 <+esde> !two-factor
09:27 <+esde> !2fa
09:27 <+esde> !twofactor
09:27 <+esde> !googleauth
09:27 <@vpnHelper> "googleauth" is http://securityskittles.wordpress.com/2012/03/14/two-factor-authentication-for-openvpn-on-centos-using-google-authenticator/
09:27 <+esde> winrar
09:28 < hikenboot> thanks esde and phreakocious
09:32 < hikenboot> esde, the google authentication is perfect, dont think i could ask for more, but the jury is out until i get it setup!
09:32 < hikenboot> thanks
09:43 -!- BIF [BIF@unaffiliated/bif] has left #openvpn ["Leaving"]
10:07 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has quit [Remote host closed the connection]
10:22 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
10:32 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
10:36 <+esde> np
10:39 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
10:40 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
10:41 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
11:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:33 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:42 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:18 -!- OneEyedWill [~studmuf@gateway/vpn/privateinternetaccess/studmuf] has joined #openvpn
12:19 < OneEyedWill> How does one setup a split tunnel with openvpn for linux?
12:20 < OneEyedWill> ie. send all traffic through vpn tunnel accept for traffic directed at a specific port.
12:23 <+hyper_ch> sourced based policy routing?
12:23 < pekster> !lartc
12:23 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
12:25 < pekster> OneEyedWill: This may also be of interest: https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
12:25 <@vpnHelper> Title: Concepts-PolicyRouting-Linux – OpenVPN Community (at community.openvpn.net)
12:26 < OneEyedWill> pekster: Thanks for the material. I'll give it a look over and see if I can get this going. If not I'll be back (said in Arnold's voice)!
12:52 -!- OneEyedWill [~studmuf@gateway/vpn/privateinternetaccess/studmuf] has quit [Ping timeout: 256 seconds]
12:53 <+hyper_ch> krzee: http://it.slashdot.org/story/15/02/13/1548202/new-encryption-method-fights-reverse-engineering
12:53 <@vpnHelper> Title: New Encryption Method Fights Reverse Engineering - Slashdot (at it.slashdot.org)
13:12 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:13 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 240 seconds]
13:15 -!- MyChris_ [DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has joined #openvpn
13:16 -!- Otacon22 [~Otacon22@ns305437.ip-91-121-220.eu] has quit [Ping timeout: 250 seconds]
14:11 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
14:17 -!- dazo is now known as dazo_afk
14:34 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
14:57 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
14:59 -!- MyChris_ [DeadOne@c-69-181-66-88.hsd1.ca.comcast.net] has quit [Ping timeout: 246 seconds]
15:12 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
15:13 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:14 -!- tdn [~tdn@syrah.adora.dk] has quit [Remote host closed the connection]
15:25 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
15:28 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
15:32 -!- mattock is now known as mattock_afk
15:44 -!- Cultist [~CultOfThe@67.175.170.187] has quit [Quit: Tension, apprehension, and dissension have begun.]
15:45 -!- Cultist [~CultOfThe@67.175.170.187] has joined #openvpn
15:46 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
15:50 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
15:54 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Ping timeout: 245 seconds]
15:54 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
15:56 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
15:59 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
16:00 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
16:15 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
16:22 < hikenboot> hi, trying to understand what ip's the following line is looking for server-bridge 'server-ip' 'subnetmask' 'DHCP start ip' 'DHCP Ending ip'
16:22 < hikenboot> can anyone shed some light.
16:23 < hikenboot> is it supposed to be ip's on the openvpn servers lan network same subnet or a different ip range and different subnet?
16:29 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
16:30 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
16:30 < Exagone313> hello, how to uninstall openvpn tap drivers on windows? it prevents me to reinstall openvpn
16:31 < Exagone313> or i want to add one
16:32 < hikenboot> well not sure how reliable but this seems to answer my question http://openvpn.net/index.php/open-source/faq/77-server/323-i-want-to-set-up-an-ethernet-bridge-on-the-1921681024-subnet-existing-dhcp.html anyone able to confirm its right?
16:33 <@vpnHelper> Title: I want to set up an ethernet bridge on the 192.168.1.0/24 subnet. existing DHCP. (at openvpn.net)
16:39 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
16:46 -!- cattune [~bryan110@unaffiliated/bryan110] has joined #openvpn
16:48 < Exagone313> how to uninstall tab drivers on windows please? openvpn installation fail to reinstall them
16:48 < Exagone313> tap*
16:53 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
16:54 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Client Quit]
17:00 -!- Dan39 [~ddan39@unaffiliated/dan39] has joined #openvpn
17:00 < Dan39> howdy :)
17:04 < Dan39> some guy just made a claim that when using an encrypted VPN an ISP could "use traffic analysis to make an educated guess about whether he's using Bittorrent or not". most ive seen are openvpn. i was under the impression the encryption used is pretty good, and in most cases no ISP would be able to analyze the vpn traffic like he says....
17:05 < Dan39> any expert dev in here care to make a comment? i am now being called out for telling this guy there is no way they could do it
17:20 -!- Ben` [b3n@gateway/shell/blinkenshell.org/x-fgvwqiyzjdxuuhvu] has left #openvpn ["WeeChat 1.0.1"]
17:22 < cattune> there's no reason a timing analysis can't be done providing nodes are accessible
17:23 < cattune> so if you're able to see both ends, even though you can't see traffic content you can make assumptions based on timing
17:23 < Dan39> well the isp isnt seeing both ends...
17:23 < Dan39> or do you mean start/end of the vpn session?
17:27 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 245 seconds]
17:28 < Dan39> i dont think it's impossible, but just dont think any isp is currently able to haha
17:28 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
17:32 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
17:32 < Dan39> interesting methods tho
17:41 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
17:43 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
17:49 < cattune> Yeah, whether the ISP in question has access to both ends of the data stream is an issue...pretty sure the NSA does..:P
18:01 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:16 < pekster> Dan39: All the bits about traffic analysis are true, but not overly useful. I download Linux/Unix distributions and other open-source/gratis tools via bittorrent because they're often faster and take load off traditional mirrors. Knowing someone uses bittorrent is a bit like knowing they have a firearm; it's not generally that "interesting" a fact
18:16 < Dan39> indeed
18:17 < Dan39> and blizzard uses bittorrent :P
18:42 -!- faye [~CRUNCH@unaffiliated/faye] has joined #openvpn
18:42 < faye> hi, there any way to bind a connection to the vpn server to an address and port?
18:43 < faye> ive tried the bind option but im not sure it does what i think its suppose to do
18:44 < cattune> tried the blind option, but that wasn't too successful..:P
18:44 < pekster> faye: --local
18:46 < faye> oh okay thanks i see that and lport
18:46 < faye> will give it a try
19:51 -!- Dan39 [~ddan39@unaffiliated/dan39] has left #openvpn ["WeeChat 1.1"]
20:00 -!- doeow [~user@unaffiliated/sand3r] has joined #openvpn
20:00 < doeow> WARNING: Failed running command (--up/--down): could not execute external program
20:01 < doeow> why this?
20:01 < doeow> :S
20:17 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
20:22 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
20:23 -!- wocn [~user@unaffiliated/sand3r] has joined #openvpn
20:23 < wocn> up /etc/openvpn/update-resolv-conf
20:24 < wocn> down /etc/openvpn/update-resolv-conf
20:24 < wocn> what is this commands do?
20:24 -!- doeow [~user@unaffiliated/sand3r] has quit [Ping timeout: 264 seconds]
20:31 -!- wocn [~user@unaffiliated/sand3r] has quit [Quit: leaving]
20:41 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
20:45 -!- wh0isthis [~user@unaffiliated/sand3r] has joined #openvpn
20:45 < wh0isthis> hi
20:45 < wh0isthis> anybody here?
20:53 < wh0isthis> hello?
20:54 < wh0isthis> up /etc/openvpn/update-resolv-conf
20:54 < wh0isthis> down /etc/openvpn/update-resolv-conf
20:54 < wh0isthis> anybody know what this is for?
21:24 -!- wh0isthis [~user@unaffiliated/sand3r] has quit [Ping timeout: 240 seconds]
21:28 -!- hikenboot [~hikenboot@2601:6:7000:5b00:21b:21ff:fe54:42f7] has quit [Ping timeout: 245 seconds]
22:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:45 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:12 -!- ghormoon [~ghormoon@ghorland.net] has quit [Remote host closed the connection]
23:16 -!- ShadniX [dagger@p5481D0AD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:16 -!- ShadniX_ [dagger@p579411F8.dip0.t-ipconnect.de] has joined #openvpn
23:16 -!- ShadniX_ is now known as ShadniX
23:49 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
--- Day changed Sat Feb 14 2015
00:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
00:23 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:04 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Remote host closed the connection]
01:05 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
01:07 -!- thumbs [1000@unaffiliated/thumbs] has quit [Quit: Reconnecting]
01:07 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
01:16 -!- shio [marmot@145.121.101.84.rev.sfr.net] has quit [Ping timeout: 250 seconds]
01:17 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Ping timeout: 250 seconds]
01:18 -!- shivanshu_ [~shivanshu@104.131.8.15] has joined #openvpn
01:20 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
01:23 -!- not_phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
01:23 -!- `hypermist` is now known as sleepypc
01:24 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
01:28 -!- Netsplit *.net <-> *.split quits: phunyguy, shivanshu, carlcrack
01:28 -!- shivanshu_ is now known as shivanshu
01:28 -!- not_phunyguy is now known as phunyguy
01:28 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:56 -!- sleepypc is now known as `hypermist`
02:12 -!- mattock_afk is now known as mattock
02:50 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:07 -!- mirco [~mirco@ip-176-198-211-199.hsi05.unitymediagroup.de] has quit [Quit: mirco]
03:16 -!- shivanshu [~shivanshu@104.131.8.15] has quit [Changing host]
03:16 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
03:46 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
03:48 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
03:48 -!- ralala [~ralala@2a02:908:2211:91c0:cc21:8055:e474:1648] has joined #openvpn
03:49 < ralala> What exactly is the P-z-P address of the tun device?
03:51 <+hyper_ch> what is a p-z-p address?
03:53 < ralala> https://gist.github.com/anonymous/5592682c26402fa5a873
03:53 <@vpnHelper> Title: gist:5592682c26402fa5a873 (at gist.github.com)
03:56 < ralala> ahh, it's the localized version of p-t-p :-)
04:01 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
04:04 < leo2007> I am setting up vpn for the first time.
04:05 < leo2007> using tunnelblink as a client on a macbook.
04:05 < leo2007> but it is reconnecting immediately after connection. I am seeing https://bpaste.net/show/b55306b2b766
04:05 < leo2007> Ideas?
04:06 < leo2007> roughly every 2 seconds.
04:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:27 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:28 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:29 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:34 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
04:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:38 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
04:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
04:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:45 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
04:46 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
04:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:51 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
04:52 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:57 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
04:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:02 -!- rich0_ is now known as rich0
05:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
05:09 -!- cattune [~bryan110@unaffiliated/bryan110] has quit []
05:09 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
05:34 -!- jhall_ [~jhall@m106.maoz.com] has joined #openvpn
05:36 < jhall_> !welcome
05:36 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
05:36 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
05:38 < jhall_> !route
05:38 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
05:38 <@vpnHelper> client
05:54 < jhall_> I want the client to be able to connect to any point in the VPN hierarchy and use the same address
05:54 < jhall_> so I have vpn server1 which has hub connectors region 1 and region 2
05:55 < jhall_> so the client could connect to either server1 directly, region 1 -> server 1, or region 2 -> server 1 to reach the lan behind server1
05:56 < jhall_> in the ccb config for client1, which is rep.icated to each server node, I have an iroute
05:56 < jhall_> the same iroute for some space that is the client's ethernet segment
05:56 < jhall_> but it says route not permitted in options list when I put the route statement in ccb dir
05:57 < jhall_> I think this may be privs related
05:57 < jhall_> because I drop to nobody / nogroup
05:57 < jhall_> running debian sid
06:04 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:04 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:34 -!- Denial [~Denial@host31-52-126-18.range31-52.btcentralplus.com] has quit []
07:07 < jhall_> it's compounded because i have to run multiple instances with udp, tcp, and different ports
07:07 -!- ciscam [~ciscam@aftr-88-153-7-55.unity-media.net] has joined #openvpn
07:07 < jhall_> having different subnets associated with each instance is a bit much
07:08 < ciscam> can i mod my client config to not route all traffic via the vpn although the server directive says so? i'm using an openvpn server on a synology nas
07:21 -!- ciscam [~ciscam@aftr-88-153-7-55.unity-media.net] has quit [Ping timeout: 250 seconds]
07:25 -!- shio [marmot@145.121.101.84.rev.sfr.net] has joined #openvpn
07:32 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
07:36 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
08:32 -!- Denial [~Denial@host31-52-126-18.range31-52.btcentralplus.com] has joined #openvpn
08:40 -!- anthony25 [~anthony25@aruhier.fr] has quit [Ping timeout: 246 seconds]
09:00 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
09:01 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:03 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
09:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:37 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 264 seconds]
09:38 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
09:45 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:45 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
09:52 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
09:54 -!- `hypermist` is now known as sleepypc
09:56 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
09:57 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:05 -!- asdfffdsa [~asdffdsa@48.sub-70-209-134.myvzw.com] has joined #openvpn
10:07 -!- bugfixer [~bugfixer@unaffiliated/hoagie] has joined #openvpn
10:14 -!- bugfixer [~bugfixer@unaffiliated/hoagie] has left #openvpn []
10:15 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
10:17 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
10:24 -!- unaM [~unaM@fullpower.lacavernedemanu.fr] has joined #openvpn
10:25 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
10:26 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
10:29 -!- ghormoon [~ghormoon@ghorland.net] has quit [Quit: ZNC - http://znc.in]
10:31 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has joined #openvpn
10:34 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Read error: Connection reset by peer]
10:35 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Quit: Konversation terminated!]
10:38 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
10:38 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
10:39 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
10:39 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
11:24 -!- bonjurkes_ [~bonjurkes@104.224.146.249.16clouds.com] has joined #openvpn
11:24 -!- bonjurkes_ is now known as bonjurkes
11:24 < bonjurkes> hello guys, I created a new certificate for a new client but I can't find where is it?
11:25 < bonjurkes> found it ))
11:25 <+hyper_ch> how did you create it?
11:25 < bonjurkes>  buildkey command
11:25 < bonjurkes> do I need to copy them under openvpn/certs folder so it will be working ?
11:26 < bonjurkes> they are under easy-rsa/keys folder now
11:26 <+hyper_ch> you need to tell the connection scripts there they are
11:26 <+hyper_ch> you can even have them inline of the connection config files
11:26 <+hyper_ch> do you use tls-auth?
11:27 < bonjurkes> yeah I have all other files
11:27 < bonjurkes> The thing is, I want to transfer them to my iphone. I didn't do that before
11:27 < bonjurkes> How should I specify key path for config file of openvpn client on iphone?
11:27 < bonjurkes> just writing key file name and transferring them all together will be enough?
11:28 < pekster> !inline
11:28 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
11:28 < bonjurkes> aha so I should make them as inline?
11:28 -!- asdfffdsa [~asdffdsa@48.sub-70-209-134.myvzw.com] has left #openvpn ["PONG :hobana.freenode.net"]
11:29 <+hyper_ch> bonjurkes: I use this bash script to create client config files for me:   http://paste.debian.net/148204/   you'd just need do adjust parameters and stuff
11:29 < bonjurkes> ahaaa
11:30 < bonjurkes> and how should I send that config file to iphone?
11:31 <+hyper_ch> or here's a version with tls-auth and custom cipher... http://paste.debian.net/148205/
11:31 < pekster> bonjurkes: The link I gave you would answer that if you bothered to read it
11:31 < pekster> Feel free to ignore it and ask to be spoonfed instead, by someone who has that interest
11:33 < bonjurkes> I missed your lovely answers pekster after last time
11:34 < bonjurkes> I really hope someday, someone will give you same kind of answers you do to other people
11:34 < bonjurkes> openvpn app itself says "drag and drop" method and there is another method in the link you provided.
11:34 < bonjurkes> But let's just hope someone will bash you something in your daily life
11:34 < bonjurkes> thanks hyper_ch I will have a look at the script
11:38 < pekster> Feel free to ask the authors fo the iOS app; that's not community maintained
11:38 <+hyper_ch> bonjurkes: my script just helps making config files... however you still need to know what to put in there first
11:38 < pekster> !connect
11:38 <@vpnHelper> "connect" is (#1) OpenVPN Connect is part of the commercial, non-free (non-GPL) corporate offering; see #openvpn-as for help with these. For the community-maintained GPL OpenVPN, see !download for download links, !android for GPL-openvpn on Android, or !howto for the beginner how-to guide or (#2) https://forums.openvpn.net/post34969.html#p34969 or (#3) the source is here:
11:38 <@vpnHelper> http://staging.openvpn.net/openvpn3/ except for the portion that may not be released because of NDA with apple (for its vpn API)
11:38 < bonjurkes> pekster you should really stop doing this thing
11:39 < bonjurkes> hyper_ch yeah I will just copy and modify my desktop config file with inline keys
11:39 < pekster> So should you, apparently. http://catb.org/~esr/faqs/smart-questions.html#keepcool
11:39 <@vpnHelper> Title: How To Ask Questions The Smart Way (at catb.org)
11:39 <+hyper_ch> bascially put the script into the keys folder
11:39 <+hyper_ch> and run it like   ./script common_name
11:39 < bonjurkes> How to not act like a d.bag , just google that pekster. Sorry I don't keep a ready link for it
11:40 < pekster> That script won't work with the new easy-rsa layout, and obviously won't work with any config that doesn't "match" the template
11:40 < bonjurkes> yeah thank you pekster, we got it
11:41 < pekster> Keep your insults to yourself (I won't warn you again)
11:42 < bonjurkes> I am not insulting anyone
11:42 < bonjurkes> I said thank you
11:42 < bonjurkes> sorry if you take it as insult
11:42 -!- problame [~problame@2a01:4f8:201:4108:3:5:0:1] has left #openvpn ["Leaving..."]
11:43 -!- mode/#openvpn [+o Eugene] by ChanServ
11:53 < bonjurkes> great, works like a charm
11:54 < bonjurkes> thank you hyper_ch
11:54 <+hyper_ch> having certs inline makes it much simpler to deploy to different devices
11:54 <+hyper_ch> only saw the light of that a little while ago myself
11:55 < bonjurkes> I didn't even know about that. I just thought I need to drag and drop everything into the device via itunes. As app itself says that
11:55 <+hyper_ch> I don't belive in iDevices
11:55 <+hyper_ch> so no idea
11:57 < bonjurkes> well I am not fan of them too but after Android experience with Samsung I am happy that at least it's stable )
11:57 <+hyper_ch> why would you go for samsung?
11:58 <+hyper_ch> well, whatever works for you
11:58 < bonjurkes> I am not fanboy of any brand or product. But I was using htc wildfire S back then and I said like I really need a fast device that I will buy it the first day. Galaxy S3 was so great I thought S4 would be same
11:58 < bonjurkes> but nope never Samsung again
11:59 <+hyper_ch> and replace stock android with CM :)
11:59 <+hyper_ch> first thing after flashing CM would be to enable privacy guard
11:59 <+hyper_ch> and only then start adding apps
12:00 < bonjurkes> yeah but there was this Knox thing and I was scared of loosing my warranty. Now I say f**k warranty )
12:00 <+hyper_ch> yeah, samsung tightened up
12:01 <+hyper_ch> had a S2, it was easy to flash and stuff
12:01 <+hyper_ch> but now it's a nightmare
12:01 <+hyper_ch> switched then to a nexus 4 and now a OnePlus One
12:01 <+hyper_ch> too bad, CM fucked over OnePlus.... so not sure how OPO will handle CM in the future
12:02 < bonjurkes> well if I switch back to Android, I will stick to nexus devices or maybe LG
12:03 <+hyper_ch> other interesting things could come up
12:03 < bonjurkes> they dont sell nexus devices in my country, so that's a bit problem. And actually I bought iPhone to it's half price so that's why I am using it but so far I am happy about it
12:03 <+hyper_ch> firefox os
12:03 <+hyper_ch> ubuntu phone
12:03 < bonjurkes> yeah, there is ubuntu also yeah
12:03 <+hyper_ch> xiaomi
12:04 < bonjurkes> xiaomi guys are interesting.
12:05 < bonjurkes> Only thing I knew about them was some ROM about it but now they offer something bigger )
12:05 <+hyper_ch> I'll see how long my OPO works and then I'll decide what new device to get ;)
12:05 <+hyper_ch> I'm still not really happy with the android encryption
12:06 < bonjurkes> I like this market to be honest for iPhone. Sell iPhone and put some little money on it and buy new model but that's another story
12:06 <+hyper_ch> I don't like Apple
12:06 < bonjurkes> me neither
12:06 <+hyper_ch> so not giving them any money
12:06 < bonjurkes> but when I push power button I don't have to wait 30 secs to screen blink up, like on Samsung
12:07 < bonjurkes> I don't use encryption that much actually. Never tried full device encryption, or don't know if there is any other encrypting thing on Android. But for iOS everything is shady
12:07 <+hyper_ch> everything here is encrypted
12:08 <+hyper_ch> but android just encrypts the data partition
12:08 <+hyper_ch> and not all partitions
12:08 <+hyper_ch> that's what I don't like about it
12:08 < bonjurkes> And wht do you use for encryption?
12:09 <+hyper_ch> to encrypt the data
12:10 < bonjurkes> what
12:10 < bonjurkes> sorry )
12:15 < bonjurkes> as software
12:16 <+hyper_ch> on linux?
12:17 < bonjurkes> android )
12:17 <+hyper_ch> what comes with android
12:17 < bonjurkes> aha okay
12:17 < bonjurkes> so you are on linux, not win?
12:18 <+hyper_ch> yes
12:18 < bonjurkes> I think linux comes with encryption tools as defaulty
12:40 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
13:09 -!- jhall_ [~jhall@m106.maoz.com] has quit [Remote host closed the connection]
13:12 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:15 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
13:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 245 seconds]
13:16 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:17 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:33 -!- bonjurkes [~bonjurkes@104.224.146.249.16clouds.com] has left #openvpn ["Leaving"]
13:42 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:43 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
13:52 -!- unaM [~unaM@fullpower.lacavernedemanu.fr] has quit [Remote host closed the connection]
14:00 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:04 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
14:14 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
14:31 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:47 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
14:50 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
15:01 -!- sleepypc is now known as `hypermist`
15:03 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
15:06 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
15:08 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
15:16 -!- Term1nal [~metal@unaffiliated/f41l] has joined #openvpn
15:18 < Term1nal> So, I've never really used OpenVPN before, I'm not sure if this is possible, here's my setup... http://imgur.com/SVdTugI ... My PBX is having troubles traversing NAT on our bakup ISP's weird network they have going on, and to alleviate that.. I was hoping to setup OpenVPN on a VPS out in the cloud to act as my hopping off point to reach my SIP trunking provider. That way, despite what path we take to get to the internet, I only have to worry about the
15:18 <@vpnHelper> Title: Imgur (at imgur.com)
15:18 < Term1nal> NAT between my network and the VPS's external IP..
15:19 < Term1nal> Problem is, I also need to get NAT -inbound- from the VPS back to my PBX
15:20 < Term1nal> I'm next to clueless to what sort of setup I should take. TUN or TAP, etc
15:32 <@krzee> hello from Philippines
15:41 < pekster> Term1nal: NAT on the public gateway (the VPS, in this case) same as always. Just mind the return-routing, because the inside host (the real SIP/VoIP host) needs to route the reply over the same path it arrived for the NAT to be undone
15:42 < pekster> I'd also verify your issue with the backup ISP (dual-WAN link setup?) isn't because the old outbound NAT state is still active, trying to NAT to the IP of the old, no-longer-functional uplink when it goes down
15:43 < pekster> If it is, the fix is simply dumping the NAT state (if that's a Linux host, see the conntrack(8) tool that can drop selective (or all) states
15:50 <@krzee> or you could setup 2 edge pbx and have the real pbx on the inside of the lan
15:51 <@krzee> then each edge pbx only worries anout *its* route to the internet
15:51 <@krzee> just an idea, there may be better ways
15:51 <@krzee> (like peksters)
16:06 < Term1nal> krzee: the router on our end is pfSense. When main ISP goes down, it will then change our gateway to the backup ISP. the NAT issue is on the backup ISP's network because they have some funky bi-NAT going on that screws up the inbound traffic.
16:06 < Term1nal> RTP session.
16:06 < Term1nal> We get one-way audio only.
16:07 < Term1nal> If I set the PBX to qualify, it will instead insta-drop the call.
16:07 < Term1nal> It's mainly the fault of our provider being so damn weird. (phone-power)
16:07 < Term1nal> They don't do a traditional setup where you have a registration string and all this noise.
16:07 <@krzee> ouch, cant you get a provider that sucks less?
16:08 < Term1nal> We can, for like 3x the cost.
16:08 <@krzee> haha
16:08 < Term1nal> otherwise, on our main ISP (comcast business), it works splendidly.
16:08 <@Eugene> I'm so damned glad we're outsourcing PBX stuff at $DAYJOB now.
16:08 < Term1nal> but we have to have specific outbound NAT rules to not change ports and all sorts of dumb.
16:08 <@Eugene> They're my least-favorite thing to deal with
16:09 < Term1nal> So we have to have a static port map for it.
16:09 < Term1nal> it's dumb, but I think, since we're NAT'd with our backup ISP
16:10 < Term1nal> they too need static port map
16:10 < Term1nal> So I'd hoped to solve the issue by just tunneling through a VPN out to digital ocean
16:10 < Term1nal> I've just never setup openvpn ;(
16:11 < Term1nal> But our SIP trunk needs to be able to connect in to us on UDP 5060
16:12 <@Eugene> Running voice over openvpn then back to your ISP is going to result in way worse call quality than just talking to the provider directly
16:12 < Term1nal> I don't think it to be the case.
16:12 < Term1nal> our round trip is 16ms to the droplet.
16:14 < Term1nal> from digital ocean. to the SIP trunk is about 10ms
16:15 < Term1nal> from our network to the sip trunk is about 32ms
16:16 < Term1nal> digital ocean and the sip trunk provider are backboned by level 3
16:18 < Term1nal> so their path is basically nothing, some 4 hops
16:19 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
16:20 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
16:21 < Term1nal> So yeah, overhead of the VPN would be super negligable, geographically they're all pretty close anyway. Instead of Sonomoa <-> LA, it's Sonoma <-> SF <-> LA
16:23 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-nftcsihxblzznqnw] has quit [Ping timeout: 245 seconds]
16:36 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-kdxbaiinsbyrzfdz] has joined #openvpn
16:38 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:55 -!- Denial [~Denial@host31-52-126-18.range31-52.btcentralplus.com] has quit [Ping timeout: 252 seconds]
17:17 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
17:25 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
17:25 -!- mode/#openvpn [+v s7r] by ChanServ
17:32 -!- Term1nal [~metal@unaffiliated/f41l] has quit []
17:39 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
18:15 -!- shio [marmot@145.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
18:19 -!- shio [marmot@145.121.101.84.rev.sfr.net] has joined #openvpn
18:20 -!- nanooo [~nanooo@ns363356.ip-91-121-179.eu] has joined #openvpn
18:21 < nanooo> !welcome
18:21 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
18:21 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:21 < nanooo> !goal
18:21 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
18:23 < nanooo> Hi! I would like to have a client not pull the routes that are pushed from the openvpn server but set them up manually so that I can tell specific applications to use the tun1 interface. If I use route-nopull or route-noexec then the interface gets set up but I cannot reach the internet i.e. using ping -I tun1 8.8.8.8. I know that I have to set up some routes, but I cannot figure out how exactly that works
18:24 -!- sireebob is now known as JAS39_AFK
18:24 -!- JAS39_AFK is now known as Guest67196
18:32 -!- Denial [~Denial@81.141.4.85] has joined #openvpn
18:34 < pekster> nanooo: The routing table is insufficient to route "apps" over the VPN; you need policy routing configured for that, which is very much an advanced routing topic. What OS are you using?
18:35 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:36 < pekster> Optionally, it's frequently far easier to configure apps to use a proxy (a SOCKS proxy is ideal, since it can do remote-DNS lookups), although that requires you have a cooperating SOCKS proxy at the far side of the VPN; this may be trivial if you control both endpoints, for example by running tinyproxy as a server on your openvpn server host
18:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
18:37 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:38 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
18:39 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:40 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
18:42 -!- Guest67196 [sireebob@unaffiliated/sireebob] has left #openvpn []
18:44 -!- ralala [~ralala@2a02:908:2211:91c0:cc21:8055:e474:1648] has quit [Remote host closed the connection]
19:02 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Excess Flood]
19:03 -!- JackWinter [~jack@vodsl-10478.vo.lu] has joined #openvpn
19:14 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Ping timeout: 250 seconds]
19:20 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
19:23 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:32 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
20:09 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn []
20:33 < nanooo> pekster: I dont want to "route apps" I just want a way to that openvpn doesnt pull the default routes and I can reach the internet when binding to the openvpn ip address like "ping -I tun1 8.8.8.8"
20:37 < pekster> You already can; bind(2) binds to IPs
20:37 < pekster> If your application does not support this, offer a patch
20:37 < pekster> If it does not, then you must either SOCKS-ify your app, or use policy routing, both of which are somewhat non-trivial
20:38 < pekster> As an example, the openvpn process can bind to a local IP by use of the --local directive in an openvpn config, but this is supported only because the application is specifically built with this support
20:38 < pekster> Internally, this is performed by calling the bind(2) process call such that the process binds locally to the given IP
20:39 < nanooo> I want to have a openvpn connection open on my machine without routing all the default traffic trough it. Some apps however, I can specify that they bind to 10.10.0.1 i.e. (on TUN1 interface) and this traffic should go through the openvpn connection only
20:39 < pekster> That won't quite do what you want since the routing table is still consulted
20:39 < nanooo> But if I just use "route-nopull" I cannot reach the internet. i.e. "ping -I tun1 8.8.8.8" does not work
20:40 < pekster> Naturally, because tun1 probably has RFC1918 space, and your default route is still via your physical uplink
20:40 < pekster> RFC1918 can't be use magically with your uplink, and it's dropped by either your router as bogus trafic, of by your ISP, also because it's not legit traffic
20:40 < nanooo> So I need to set some routing and I don't know how
20:40 < pekster> !lartc
20:40 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
20:40 < pekster> Policy routing
20:41 < pekster> This is highly non-trivial, and as I suggested before, consider the use of a SOCKS proxy you run at the openvpn server end if your client applications can be configured to use a SOCKS proxy with remote DNS
20:42 < nanooo> I am the client here, I don't have access to the openvpn server
20:42 < nanooo> and SOCKS is not an option
20:42 < pekster> Then you'd best read up on advanced routing concepts
20:43 < pekster> An easier solution would be to drop all the things you wanted routed via the VPN in a VM because that has an isolated (thus separate) routing table
20:43 < pekster> Then just redirect the gateway in the usual fashion
20:45 < nanooo> So this is basically exact the same problem that I have: http://ubuntuforums.org/showthread.php?t=2254597
20:46 < pekster> I understand your problem well
20:46 < pekster> You don't seem to understand that routing decisions are not based on "applications" but on your routing table
20:47 < nanooo> no that I do understand, and I was asking if someone can tell me how I have to setup the routing table manually after I don't pull the default routes from the server :)
20:47 < pekster> LARTC explains this
20:47 < nanooo> ok
20:47 < pekster> It involves a lot of complex things I don't think you even yet fully appricate including:
20:47 < pekster> 1) multiple routing tables, including a secondary routing table
20:48 < pekster> 2) routing rules to identify the source traffic you wish to route via this separate table; you must express this in terms of something the routing decision engine in your OS can understand
20:49 < pekster> 3) you need to consider if you're willing to neglect "related" traffic, such as ICMP replies; it's usually not proper to ignore that, but frequently done when people don't understand how such related flows could be generated by the original flow
20:49 < pekster> This is fairly advanced networking, and comes up a lot here by people complaining this should be "easy"
20:49 < pekster> (and why I suggest you just throw your "special" applications in a VM and all this complex mess goes away)
20:50 < pekster> What's so special you need to route it over a VPN anyway? Is a VM prohibitive here?
20:51 < nanooo> I just thought it would be easily done by binding the app to the tun1 interface and VM would be an overkill
20:51 -!- mattock is now known as mattock_afk
20:52 < pekster> binding is only half the story; route selection is the other
20:52 < pekster> What OS is this? Linux?
20:52 < nanooo> debian
20:52 < pekster> See the standard Netfilter flow diagram
20:52 < pekster> Specifically the bit about the routing decisions that happens _after_ source address selection
20:52 < pekster> IOW, you need your routing table to match what you need for the traffic to flow correctly
20:53 < pekster> VM is most certainly not overkill here unless you're well-versed (or plan to become skilled) at complex routing
20:54 < pekster> Personally, if you go that route I'd suggest use of the -m owner Netfilter match (ref: netfilter-extensions(8)) and run your app as a dedicated OS user, followed by use of the CONNMARK target so conntrack tracks the RELATED states, properly routing/handling ICMP and other RELATED flows. Then you use --restore-mark in the CONNMARK target in mangle/POSTROUTING to clone ctmark to fwmark such that iproute2 can identify the traffic to ...
20:54 < pekster> ... send to a secondary routing table
20:54 < nanooo> Well I thought people would have done it before and I could get this to work with a few "route add…" commands
20:54 < pekster> Consult LARTC if any of those terms are new to you. Or just go the VM route ;)
20:54 < nanooo> I'll check LARTC
20:55 < pekster> Nope, far more complex than that dude, for about the 4th time.
20:55 < pekster> You might find crappy guides from people who have done a much more incomplete version of what I suggest, but be well-aware some of the limiations of doing this poorly mean possible "leaks" of addressing information from the ICMP traffic people are so happy to ignore
20:57 < pekster> Then again, if this is bittorrent or some other mis-guided attempt to break local laws, chances are good with enough angry men with guns whoever you're paying to run the VPN server may well just hand over information on customers when faced with jail time (yes, even across legal jurisdictions with some friendly cooperation.) For all I know you're using this to traverse a firewall from an opressive government, and the information is ...
20:57 < pekster> ... all the same from a technical point
20:57 < pekster> Tune your security needs to suit
20:59 < nanooo> ;)
21:02 < pekster> You might even be able to abuse the MASQUERADE target if you can't properly bind applications to the right egress address, but you'd need to see how well that works in practice
21:16 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
21:18 -!- justinzane [~justinzan@24.49.184.10] has quit []
21:19 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
21:20 -!- hikenboot [~hikenboot@2601:6:7000:5b00:21b:21ff:fe54:42f7] has joined #openvpn
21:20 < nanooo> so whats wrong with this guide: http://snikt.net/blog/2013/10/10/how-to-force-program-to-use-vpn-tunnel/
21:21 <@vpnHelper> Title: Andreas Happe - Linux: How to force an application to use a given VPN tunnel (at snikt.net)
21:22 < hikenboot> hi, I have a vpn server clients connect to it I wold like to make it so that I can preauthorize one client to bridge to another to create like a virtual lan.tunnel. Is this posisble wtih openvpn? Has it been done? Is there softare for doing this...like the software from google that allows 2 factor authentication?
21:22 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
21:27 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
21:29 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
21:49 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:49 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
21:49 < nanooo> actually that guide that I posted works, I had route-nopull instead of route-noexec in my config.
21:50 < nanooo> but I don't understand what you mean by leaking  ICMP traffic, pekster
21:58 <@krzee> pekster> This is highly non-trivial, and as I suggested before, consider the use of a SOCKS proxy you run at the openvpn server end if your client applications can be configured to use a SOCKS proxy with remote DNS    <-- even if the applications cannot be configured for that you can still force it with apps like proxifier / tsocks
21:58 <@krzee> thats the solution i use
21:59 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has joined #openvpn
21:59 <@krzee> and an outbound firewall to catch anything trying to slip past the vpn that i do not approve of
21:59 < stk> I have a question about server-bridge
21:59 < stk> from my understanding, server-bridge without parameters will act as a DHCP-proxy
22:00 < stk> so that VPN clients connect to the VPN server will get DHCP IP from the DHCP server
22:00 <@krzee> why do you want a bridge in the first place?
22:01 <@krzee> (why l2?)
22:01 <@krzee> !whybridge
22:01 <@vpnHelper> "whybridge" is (#1) you only bridge if you want layer2 to the lan. if you want layer2 only between vpn nodes then routed tap is enough. if you only want layer3 use tun. or (#2) See this URL for a more in-depth discussion on bridging vs routing: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting or (#3) See also !tunortap
22:01 < stk> but in reality, whenever the client connects,. it creates the interface
22:01 < stk> but I'll have to dhcpcd the interface for the client to get DHCP IP
22:02 < stk> $ sudo dhcpcd tap0
22:02 < stk> is it by design?
22:02 < stk> the manual step of triggering dhcpcd/dhclient, I mean
22:03 <@krzee> you asking why your client needs to run a dhcp client to get dhcp from the other side of the tunnel?
22:03 < stk> yes
22:03 < stk> is it by design ?
22:03 <@krzee> why wouldnt you!?
22:03 <@krzee> you arent using openvpn to serve the ip either...
22:04 < stk> or OpenVPN actually supports the client to get dhcp ip from external dhcp server?
22:04 <@krzee> no, openvpn supports making a bridge.
22:04 <@krzee> if you choose to run dhcp software of the bridge, your call.
22:04 <@krzee> not openvpn's business.
22:04 <@krzee> because you told openvpn not to worry about it.
22:04 < stk> from the man page
22:05 < stk> it's not very clear so
22:05 <@krzee> if you grab the cookbook there is a recipe for a bridge with no IPs at all...
22:05 <@krzee> !book
22:05 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2!
22:05 < stk> so my question is about the technical implementation of OpenVPN
22:05 < stk> so in short
22:06 <@krzee> you dont even NEED ips for tap to have a bridge.
22:06 < stk> there is no option for Open VPN client to get IP from external DHCP server automatically
22:06 < stk> is that correct
22:06 < stk> with all due respect, I AM asking a question about technical specification, not morality or philosophy here
22:06 <@krzee> no idea, i dont bridge and i normally discourage users from doing it
22:07 < stk> then please dont anwser my question
22:07 < stk> http://xyproblem.info/
22:07 <@vpnHelper> Title: The XY Problem (at xyproblem.info)
22:07 < stk> for you
22:07 <@krzee> lol
22:07 <@krzee> heres the thing
22:07 <@krzee> on 1 end (server) you are saying openvpn should NOT handle the addressing
22:07 <@krzee> im pretty sure you cannot then tell the client you want openvpn to handle it.
22:08 <@krzee> you COULD use a script to run the dhcpcd tho
22:08 <@krzee> !scripts
22:08 <@vpnHelper> "scripts" is "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
22:08 < stk> of course I know about that
22:08 <@krzee> and here thats simply !xy
22:08 <@krzee> !xy
22:08 <@vpnHelper> "xy" is http://mywiki.wooledge.org/XyProblem -- I want to do X, but I'm asking how to do Y...
22:08 < stk> my question is that, does OpenVPN server supports client to get IP from external DHCP server, via a trigger or hook or something
22:09 <@krzee> pretty sure thats a no.
22:09 < stk> I read all the documentation, but it was very unclear
22:09 < stk> I see
22:09 <@krzee> i mean you're looking at it wrong
22:09 < stk> thank you
22:09 <@krzee> openvpn handles addressing or not
22:11 <@krzee> if pekster corrects me on that listen to him over me, he actually supports bridges
22:12 <@krzee> i normally try to help people figureout why they dont need to bridge, seeing as 99% of the time they're doing it wrong when they bridge because they dont actually need layer2 to the lan
22:12 <@krzee> !tunortap
22:12 < stk> well, from the man page "If  --server-bridge  is  used  without  any parameters, it will enable a DHCP-proxy mode, where connecting OpenVPN clients will receive an IP address for their TAP adapter from the DHCP server running on the OpenVPN server-side LAN"
22:12 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
22:12 <@vpnHelper> rooted/jailbroken) support only tun
22:13 < stk> it's kinda confused whether the OpenVPN server has anything to do with the OpenVPN client receiving IPs from external DHCP server
22:15 < stk> krzee: for my use case, I have a router providing IP addresses to an office
22:15 < stk> and I want to have employees from outside of the office to connect to that router, get a LAN DHCP IP
22:16 < stk> something I've used to have with Juniper VPN
22:16 <@krzee> any reason the ip matters instead of simply using proper routing?
22:16 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
22:16 < stk> for monitoring, each employee will get a static LAN IP
22:16 <@krzee> dont need bridge for that lol
22:17 < stk> that IP will be used to log their works within the system
22:17 <@krzee> any reasons that include layer2 traffic?
22:17 < stk> nope
22:17 <@krzee> then its the wrong way :-p
22:17 < stk> what is the correct way then
22:17 <@krzee> routed tun setup with static ips
22:18 <@krzee> proper routing.
22:18 <@krzee> layer3 over the vpn, no layer2 needed in your setup.
22:18 < stk> that I achieved
22:18 <@krzee> good!
22:18 < stk> call me a saddist/extremist
22:18 < stk> but I actually would like to give bridge a try
22:18 <@krzee> you want to then make the setup less secure?
22:19 < stk> how would it be less secure
22:19 <@krzee> layer2 has no security, im sure you have used arp poisoning before, no?
22:19 < stk> I see
22:20 <@krzee> also you are trying to change to using higher overhead
22:20 <@krzee> adding a layer2 header to every packet for no reason
22:20 <@krzee> so higher overhead and less security for no benefit.
22:20 <@krzee> better to use proper routing =]
22:21 < stk> then what would be the real advantages/benefits of bridge mode, in your opinion?
22:21 < stk> which use case scenarios
22:21 <@krzee> layer2 to the lan.
22:21 <@krzee> no other benefit,.
22:21 <@krzee> layer2 to vpn nodes only = tap without bridge.
22:22 <@krzee> anything else = tun.
22:22 <@krzee> aka:
22:22 <@krzee> !tunortap
22:22 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
22:22 <@vpnHelper> rooted/jailbroken) support only tun
22:22 <@krzee> !whybridge
22:22 <@vpnHelper> "whybridge" is (#1) you only bridge if you want layer2 to the lan. if you want layer2 only between vpn nodes then routed tap is enough. if you only want layer3 use tun. or (#2) See this URL for a more in-depth discussion on bridging vs routing: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting or (#3) See also !tunortap
22:26 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
22:26 < stk> OK, interesting
22:27 < stk> something for me to read about
22:27 < stk> krzee: thank you very much for pointing these out
22:27 <@krzee> you're welcome
22:27 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
22:28 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 245 seconds]
22:28 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 245 seconds]
22:28 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 245 seconds]
22:29 <@krzee> choosing bridge / routed tap / routed tun comes down to what layer you need and where you need it to.
22:29 <@krzee> unless its about broadcast traffic without a bcrelay, but thats unrelated to you afaik
22:29 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
22:29 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
22:29 -!- hikenboot [~hikenboot@2601:6:7000:5b00:21b:21ff:fe54:42f7] has quit [Ping timeout: 245 seconds]
22:29 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 245 seconds]
22:29 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 245 seconds]
22:30 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
22:31 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
22:32 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
22:38 -!- nanooo [~nanooo@ns363356.ip-91-121-179.eu] has left #openvpn ["bye."]
22:54 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
22:54 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 245 seconds]
22:54 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
22:55 -!- krzie [~k@openvpn/community/support/krzee] has joined #openvpn
22:55 -!- mode/#openvpn [+o krzie] by ChanServ
22:55 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
22:55 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 245 seconds]
22:55 -!- krzie is now known as krzee
22:56 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
22:57 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
22:57 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
23:16 -!- ShadniX [dagger@p579411F8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:16 -!- ShadniX_ [dagger@p5DDFC3BD.dip0.t-ipconnect.de] has joined #openvpn
23:16 -!- ShadniX_ is now known as ShadniX
23:40 -!- krzee [~k@openvpn/community/support/krzee] has quit [Read error: Connection reset by peer]
23:40 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
23:41 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
23:41 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
23:41 -!- mode/#openvpn [+o krzee] by ChanServ
23:42 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 245 seconds]
23:42 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 245 seconds]
23:42 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
23:43 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
23:43 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
23:43 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
--- Day changed Sun Feb 15 2015
00:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
00:31 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
00:39 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:42 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 250 seconds]
00:44 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 264 seconds]
01:12 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
01:13 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
01:31 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has left #openvpn []
01:32 -!- `hypermist` is now known as sleepypc
01:43 -!- sleepypc is now known as `hypermist`
02:20 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Quit: o_O_o]
02:45 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
02:55 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
03:15 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
03:21 -!- julie_harshaw [~julie@juliekoubova.net] has joined #openvpn
03:21 -!- phreakocious_ [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
03:24 -!- Chais_ [~Chais@unaffiliated/chais] has joined #openvpn
03:28 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
03:29 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
03:31 -!- Netsplit *.net <-> *.split quits: phreakocious, obscurehero, +RBecker, liriel, Chais, deviantintegral, julieeharshaw
03:31 -!- Chais_ is now known as Chais
03:32 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
03:39 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
03:42 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
03:47 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 245 seconds]
03:47 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
03:48 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 245 seconds]
03:49 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
03:59 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
04:00 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
04:01 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
04:15 -!- n3ss [~n3ss@c-174-56-156-176.hsd1.sc.comcast.net] has joined #openvpn
04:15 -!- n3ss [~n3ss@c-174-56-156-176.hsd1.sc.comcast.net] has quit [Client Quit]
04:21 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:28 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 245 seconds]
04:30 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
04:30 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
04:31 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
04:32 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 245 seconds]
04:32 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Ping timeout: 245 seconds]
04:32 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
04:32 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
04:34 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
04:35 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
04:37 -!- Tander1gi [Tander1gi@gateway/vpn/mullvad/x-uklvbdqyqcxdiotu] has joined #openvpn
04:39 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
04:40 -!- `hypermist` [hypermist@unaffiliated/hypermist] has quit [Ping timeout: 245 seconds]
04:40 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
04:42 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
04:43 -!- `hypermist` [hypermist@unaffiliated/hypermist] has joined #openvpn
04:43 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
04:45 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:46 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
04:47 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
04:53 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
04:53 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
05:00 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
05:00 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
05:02 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
05:06 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
05:13 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
05:13 -!- kossy [a@unaffiliated/kossy] has quit [Excess Flood]
05:17 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
05:18 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
05:21 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
05:22 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
05:23 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
05:28 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
05:29 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
05:30 -!- kossy [a@unaffiliated/kossy] has quit [Excess Flood]
05:32 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
05:32 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
05:40 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
05:40 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
05:49 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
05:51 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 245 seconds]
05:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:54 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Quit: o_O_o]
05:58 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
05:59 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
06:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:11 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
06:24 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:28 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Quit: ZNC - http://znc.in]
06:36 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
06:45 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
07:23 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
07:24 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
07:32 -!- hikenboot [~hikenboot@2601:6:7000:5b00:21b:21ff:fe54:42f7] has joined #openvpn
07:34 < hikenboot> good morning, I will pose the same question I did last night but noone was around to answer. I would like to know if there is free software out there (like googles 2 factor authentication ) that extends OpenVPN capability. This is what I am looking for:
07:37 < hikenboot> I am looking to have a VPN server. Lets say 50 clients log into the vpn server. According to some look up tables I would like the clients to be able to create a virtual lan between themselves, where the server is only iniitiating the connections and terminating them by account capability.  Is there any software or configuration of OpenVPN that would allow this?
07:38 <+hyper_ch> all vpn traffic goes through the server
07:38 <+hyper_ch> there's no way for direct client-to-client traffic
07:41 < hikenboot> ok, thanks for that information, what about software for creating tables of connected clients and managing those exclusive connections?
07:41 <+hyper_ch> not sure what you mean by that
07:41 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
07:43 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
07:45 < hikenboot> ok, I have 4 clients, client A,B,C,D when they authenticate with 2 factor authentication (which I have installed) I would like client A and Client B to be able to create virtual LAN's fused together by vpn tunnels so they can access one another as if they were directly connected but at the same time Client  C and D couldnt see them but could create their own little lan. I would like t do this by utilizing some kind of lookup tab
07:45 < hikenboot> le. To that end I was hoping someone like google had built software like that that was setup to that (ideally open source and free)
07:46 <+hyper_ch> !client-to-client
07:46 <@vpnHelper> "client-to-client" is with this option packets from 1 client to another are routed inside the server process. without it packets leave the server process, hit the kernel (firewall, routing table) and if allowed by firewall and routed back to server process, they go to the client. you use this option when you do not want to use selective firewall rules on what clients can access things behind other
07:46 <@vpnHelper> clients
07:47 < hikenboot> ok thanks
07:47 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
07:48 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
07:48 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
07:59 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:02 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 265 seconds]
08:30 -!- jafeha [~jafeha@dslb-092-074-169-011.092.074.pools.vodafone-ip.de] has joined #openvpn
08:41 -!- jafeha [~jafeha@dslb-092-074-169-011.092.074.pools.vodafone-ip.de] has quit [Ping timeout: 246 seconds]
08:44 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:46 -!- jafeha [~jafeha@zankapfel.org] has joined #openvpn
08:50 -!- jafeha [~jafeha@zankapfel.org] has quit [Ping timeout: 264 seconds]
08:54 -!- mattock_afk is now known as mattock
08:54 -!- grosjean [~grosjean@unaffiliated/grosjean] has quit [Remote host closed the connection]
08:56 -!- grosjean [~grosjean@unaffiliated/grosjean] has joined #openvpn
09:08 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 245 seconds]
09:13 -!- `hypermist` is now known as sleepypc
09:19 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
09:50 -!- JackWinter_ [~jack@vodsl-4965.vo.lu] has joined #openvpn
09:51 -!- JackWinter [~jack@vodsl-10478.vo.lu] has quit [Ping timeout: 246 seconds]
10:03 -!- liriel [~liriel@asia.feralhosting.com] has joined #openvpn
10:13 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
10:15 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
11:28 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
11:34 < hikenboot> hyper_ch indicated that client to client capability is what I am looking for. This is partially correct. I am wondering if there is any client-to-client vpn connection management software that is free? I.E. No associated with a commercial product, thanks in advance
11:34 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
11:35 <@krzee> im not sure you understand what you're talking about, or maybe i dont understand what you're talking about
11:35 <@krzee> but tell me if this is your goal:
11:35 <@krzee> you want to have 4 machines in a vpn, but only want 2 of them to communicate with eachother over the vpn.
11:36 <@krzee> is that right?
11:36 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
11:37 <@krzee> if so… then if you read the factoid hyper_ch gave you, you will see that you do *not* want --client-to-client but instead want to configure your firewall and ip forwarding correctly.
11:37 <+hyper_ch> krzee: you understand what he wants? good :)
11:38 <@krzee> well im not sure, but i took my best shot at it… he may say im wrong but then he needs to be clearer
11:41 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
11:43 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
11:46 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
11:46 < hikenboot> In this case I mentioned four example clients. But Ideally I would like to scale this to hundreds. and am looking for software for managing the setup and teardown and negotiation of the client to client connections. I was hoping there was some sort of OpenVPN plugin for this somewhere...I know its a lot to ask but am just hoping to save lots of programming time. I was pointed to google 2 factor authentication which has already s
11:46 < hikenboot> aved me a lot of time..thanks
11:50 <@krzee> managing tear down and negotiation of client to client traffic?
11:50 <@krzee> no, nothing of the sort.
11:50 <@krzee> and 2 factor auth is TOTALLY unrelated to what you're talking about
11:51 -!- hikenboot [~hikenboot@2601:6:7000:5b00:21b:21ff:fe54:42f7] has quit [Ping timeout: 265 seconds]
11:51 <@krzee> with a normal openvpn setup you can selectively allow clients to route to eachother in your server's firewall
11:52 <@krzee> but you will get no gui, and no options to manage traffic other than managing your firewall which is totally outside openvpn's duties
11:52 <@krzee> you can use 2 factor auth, but it will have NOTHING to do with clients communicating with eachother
12:04 -!- hikenboot [~hikenboot@2601:6:7000:5b00:21b:21ff:fe54:42f7] has joined #openvpn
12:05 < hikenboot> sorry got disconnected
12:12 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
12:15 <@krzee> [01:50]  <krzee> managing tear down and negotiation of client to client traffic?
12:15 <@krzee> [01:50]  <krzee> no, nothing of the sort.
12:15 <@krzee> [01:50]  <krzee> and 2 factor auth is TOTALLY unrelated to what you're talking about
12:15 <@krzee> [01:51]  <krzee> with a normal openvpn setup you can selectively allow clients to route to eachother in your server's firewall
12:15 <@krzee> [01:52]  <krzee> but you will get no gui, and no options to manage traffic other than managing your firewall which is totally outside openvpn's duties
12:15 <@krzee> [01:52]  <krzee> you can use 2 factor auth, but it will have NOTHING to do with clients communicating with eachother
12:15 <@krzee> hikenboot, ^
12:16 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
12:17 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
12:20 -!- kossy [a@unaffiliated/kossy] has quit [Excess Flood]
12:20 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
12:50 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
13:04 -!- u0m3 [~u0m3@109.96.141.114] has quit [Read error: Connection reset by peer]
13:12 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
13:12 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:13 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:14 -!- u0m3 [~u0m3@109.96.141.114] has joined #openvpn
13:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 244 seconds]
13:20 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
13:22 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
13:24 -!- akkad [akkad@dns.mauthesis.com] has quit [Ping timeout: 245 seconds]
13:24 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 244 seconds]
13:24 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 240 seconds]
13:26 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
13:33 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:48 -!- Latrina [~Latrina@adsl-ull-118-240.45-151.net24.it] has quit [Ping timeout: 244 seconds]
13:49 -!- Latrina [~Latrina@adsl-ull-188-188.50-151.net24.it] has joined #openvpn
13:49 -!- JackWinter_ [~jack@vodsl-4965.vo.lu] has quit [Read error: Connection reset by peer]
13:52 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
14:21 -!- mattock is now known as mattock_afk
14:22 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
14:23 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
14:42 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:11 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
15:14 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 250 seconds]
15:25 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
15:27 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 244 seconds]
15:34 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
15:34 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:35 -!- badon_ is now known as badon
15:41 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
15:50 -!- justinzane [~justinzan@24.49.184.10] has quit []
16:27 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:31 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
16:32 -!- justinzane [~justinzan@24.49.184.10] has quit [Client Quit]
17:05 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
17:08 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:19 < hikenboot> krzee, thanks for the input, fine there is no such software. thanks. as far as 2 factor authentication , I am well aware there is no link between the two ...it was an EXAMPLE
17:36 -!- Latrina [~Latrina@adsl-ull-188-188.50-151.net24.it] has quit [Ping timeout: 244 seconds]
17:38 -!- Latrina [~Latrina@ppp-219-0.26-151.libero.it] has joined #openvpn
18:35 -!- hikenboot [~hikenboot@2601:6:7000:5b00:21b:21ff:fe54:42f7] has quit [Ping timeout: 265 seconds]
18:46 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
19:04 -!- Hello71 [~Hello71@wikipedia/Hello71] has joined #openvpn
19:04 -!- Hello71 [~Hello71@wikipedia/Hello71] has left #openvpn []
19:04 -!- aias [~ice@host86-132-174-78.range86-132.btcentralplus.com] has joined #openvpn
19:05 < aias> hi. i've setup a point-to-point tunnel with openvpn. i thought i could begin routing traffic via that tunnel using `ip route add default via <peer ip>`, but this does not work. should it?
19:05 <+esde> !welcome
19:05 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
19:05 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:22 -!- aias [~ice@host86-132-174-78.range86-132.btcentralplus.com] has quit [Ping timeout: 245 seconds]
19:24 -!- Yoder [Yoda@gateway/shell/yourbnc/x-yjtqlyffedjyvgmh] has quit [Ping timeout: 246 seconds]
19:30 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-gkxrmkivexisogcd] has joined #openvpn
19:36 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
19:37 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:37 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
19:37 -!- badon_ is now known as badon
19:39 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 265 seconds]
19:46 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 256 seconds]
20:04 -!- lkthomas [~lkthomas@218.255.225.18] has quit [Remote host closed the connection]
20:12 -!- Denial [~Denial@81.141.4.85] has quit [Ping timeout: 245 seconds]
20:13 -!- Denial [~Denial@5.80.235.251] has joined #openvpn
20:16 <@ecrist> what's going on folks?
20:17 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-gkxrmkivexisogcd] has quit [Ping timeout: 264 seconds]
20:27 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-evixxwocmdazymin] has joined #openvpn
20:30 -!- sleepypc is now known as `hypermist`
21:34 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
21:49 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
21:58 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:59 <@krzee> wassup ecrist
22:12 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
22:12 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:13 -!- badon_ is now known as badon
22:52 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
22:53 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
23:10 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:15 -!- ShadniX [dagger@p5DDFC3BD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:15 -!- ShadniX_ [dagger@p5481D7F0.dip0.t-ipconnect.de] has joined #openvpn
23:15 -!- ShadniX_ is now known as ShadniX
23:59 -!- MACscr|lappy [42578f32@gateway/web/freenode/ip.66.87.143.50] has joined #openvpn
--- Day changed Mon Feb 16 2015
00:00 < MACscr|lappy> anyone have much experience with Chrome OS as clients to openvpn servers? Seems to be a huge pain. Got a connection, but all traffic seems to get pushed through it vs just specific routes
00:04 < Eugene> Staring at a graph, waiting for a raid array to finish rebuilding.
00:04 < Eugene> Pretty damned boring.
00:20 -!- edward [~edward@4angle.com] has joined #openvpn
01:37 -!- MACscr|lappy [42578f32@gateway/web/freenode/ip.66.87.143.50] has quit [Ping timeout: 246 seconds]
01:42 < grosjean> yo all
01:42 < grosjean> anyone try auth ldap with inside a chroot ?
01:46 -!- mattock_afk is now known as mattock
02:00 <@krzee> g'day mattock
02:02 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
02:05 -!- Denial [~Denial@5.80.235.251] has quit [Ping timeout: 252 seconds]
02:20 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 255 seconds]
02:26 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:28 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
02:28 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
02:29 <@mattock> krzee: hi!
02:44 -!- `hypermist` is now known as sleepypc
02:47 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:10 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 252 seconds]
03:11 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
03:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
03:17 -!- sleepypc is now known as `hypermist`
04:25 -!- dazo_afk is now known as dazo
04:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:01 -!- justinzane [~justinzan@24.49.184.10] has quit [Ping timeout: 252 seconds]
05:35 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
05:41 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
05:43 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
05:44 -!- KjetilK [~kjetil@ti0071a400-0441.bb.online.no] has joined #openvpn
05:50 < KjetilK> I have something really bizarre: Around xmas, I put up an OpenVPN server on my Debian-based router for clients on the Wifi. Then, I didn't have much more time, so only my laptop and my phone got keys, but I'm not using it on either. Soon thereafter, I started seeing occasional peaks in the UDP traffic through the firewall. The latest peak lasted a few days, and I also noticed my DNS server (using dnsmasq) was really slow, and then I find
05:50 < KjetilK> that something was making lots and lots of DNS requests for two domains, undercover.fm and dbbok.no
05:50 < KjetilK> I found that they were coming from the tun interface, and when I shut down OpenVPN those DNS requests disappeared...
05:51 < KjetilK> weird, huh?
05:56 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
06:03 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Read error: Connection reset by peer]
06:05 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
06:14 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
06:19 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Read error: Connection reset by peer]
06:30 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
06:33 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 256 seconds]
06:54 -!- mattock is now known as mattock_afk
06:55 -!- mattock_afk is now known as mattock
06:55 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:57 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Quit: Lost terminal]
06:58 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
06:59 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
07:00 -!- kossy [a@unaffiliated/kossy] has quit [Excess Flood]
07:03 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
07:03 -!- kossy [a@unaffiliated/kossy] has quit [Excess Flood]
07:04 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
07:11 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
07:22 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:22 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
07:57 -!- l30 is now known as le0
08:10 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
08:11 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
08:15 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
08:35 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
08:37 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
08:40 <@dazo> KjetilK: not necessarily that weird ... doing a tcpdump on the tun interface could reveal which VPN client caused this ... it also depends on your configs, if you've instructed your clients to use your VPN server as the primary DNS server
08:42 < KjetilK> dazo, yeah, but the strange thing is that there shouldn't be any clients on the VPN...
08:43  * KjetilK restarts the tun interface to check
08:43 <@dazo> KjetilK: well, I'm pretty sure you had some clients connected ... the openvpn server doesn't do such lookups on its own ... checking logfiles or status files can be helpful
08:43 < BtbN> Sounds like a DNS amplificated DDoS with a spoofed source.
08:44 <@dazo> --status can be useful to see connected clients quickly
08:44 <@dazo> BtbN: but on the tun device?
08:44 < BtbN> are you sure that's where the reuqest came from, or only where the answer was sent to?
08:45 -!- justinzane [~justinzan@24.49.184.10] has joined #openvpn
08:46 <@dazo> fair enough
08:47 < KjetilK> BtbN, hmmmm, I have to scroll back
08:48 < KjetilK> ah, killed my scrollback, let me see if I can find it in some logs
08:50 < KjetilK> Feb 15 07:35:25 kanga dnsmasq[2576]: query[PTR] 251.180.55.1.in-addr.arpa from 172.22.128.1
08:50 < KjetilK> which should mean it came from there, I think
08:51 < KjetilK> well
08:51 < KjetilK> Feb 15 07:35:25 kanga dnsmasq[2576]: query[AAAA] www.undercover.fm from 172.22.128.1
08:51 < KjetilK> is more representative of the traffic I saw
08:51 <@dazo> how does your config look like?
08:52 <@dazo> !configs
08:52 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
08:55 < KjetilK> !paste
08:55 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
08:55 < KjetilK> here it is: https://gist.github.com/kjetilk/0357d1a589592e281728
08:55 <@vpnHelper> Title: My VPN config (at gist.github.com)
08:55 < KjetilK> that's the server
08:58 < KjetilK> my clients are
08:58 < KjetilK> root@kanga:/etc/openvpn# cat /var/lib/openvpn/ipp.txt
08:58 < KjetilK> owl,172.22.128.4
08:58 < KjetilK> mobilen,172.22.128.8
08:59 < KjetilK> the thing is that this has been going on while none of these have physically separated from the Wifi by hundreds of kms...
09:02 < KjetilK> s/none of these have/both of these ave been/ :-)
09:46 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:59 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has joined #openvpn
09:59 < stk> hello all
09:59 < stk> what is the best pratice to handle multiple OpenVPN server?
10:00 < stk> say I would like to have 3 OpenVPN servers that serve the same set of clients on only one subnet
10:01 < stk> for example, 3 openvpn servers that take 3 IPs, respectively, 10.0.0.1, 10.0.0.2 and 10.0.0.3
10:02 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
10:02 < stk> now a client can connect to either of them and still receives the same IP address, say, 10.0.0.10
10:02 < stk> what should be the best pratice in such case?
10:05 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
10:05 < stk> my primary goal is that, when one server is down, the clients are still able to maintain connection betwen each others
10:05 < stk> I suppose that a mesh network would make it too complicated?
10:17 <@krzee> stk, nope.
10:17 <@krzee> each server needs a different subnet.
10:18 <@krzee> then you configure routing between the servers
10:18 <@krzee> (if desired)
10:18 < stk> but that mean the server is the single point of failure, right?
10:19 <@krzee> you were right to assume there would need to be a sort of mesh built
10:19 <@krzee> im not going to design your darknet, but you do need to know you need a different subnet for each server.
10:19 < stk> if a server is down, then all clients connecting to it shall be disconnected from others
10:19 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
10:20 <@krzee> you add mutliple --remote antries
10:20 <@krzee> entries*
10:20 <@krzee> then when the server goes down clients on that server connect to the next server in their list (or to a random one if --remote-random is used)
10:21 < stk> but then there is no static IP or internal dns
10:21 <@krzee> actually internal DNS is the solution to the static ip issue
10:21 < stk> since the IP for the client will be changed, depends on which server it connects to
10:21 <@krzee> !factoids search --values dnsmasq
10:21 <@vpnHelper> 'splitdns', 'dnsmasq', and 'splitdns'
10:21 <@krzee> !splitdns
10:21 <@vpnHelper> "splitdns" is (#1) see http://www.thekelleys.org.uk/dnsmasq/doc.html for dnsmasq, which will let you do split-dns setups or (#2) "dnsmasq" is http://rob0.nodns4.us/dnsmasq.html for a writeup on how to handle DNS for lans shared with !route
10:22 <@krzee> #2
10:22 < stk> yeah, thought of dnsmasq as well
10:22 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
10:22 < stk> well, I don't have real urgent need for this,
10:22 < stk> more like I'm an extreme everything-must-be-online kind of dude
10:23 <@krzee> designing well built darknets with failover can be fun, but is not super easy
10:23 < stk> yap, not super easy
10:23 < stk> I'm well aware of that
10:23 <@krzee> i bet you are =]
10:28 < stk> kaykay, thank you, for giving me clues, again
10:28 <@krzee> np
10:59 -!- imsomeoneelse [~eh@unaffiliated/imsomeoneelse] has quit [Read error: Connection reset by peer]
11:12 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:25 -!- Netsplit *.net <-> *.split quits: jeev, @vpnHelper, ghormoon, joako, grosjean, zalami, +esde, nocturn, HyP3r, yoavz,  (+11 more, use /NETSPLIT to show all of them)
11:28 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:31 -!- Netsplit over, joins: +esde, @vpnHelper, stk, jeev, Taftse|Mac, carlcrac_, grosjean, joako, ghormoon, dyer (+11 more)
11:31 -!- yoavz [yoavz@yoavz.net] has quit [Max SendQ exceeded]
11:32 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
11:40 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
11:44 -!- eryuio [~chatzilla@195-154-82-165.rev.poneytelecom.eu] has joined #openvpn
11:44 < eryuio> hello there
11:44 < eryuio> how to list active connect on openvpn ?
11:47 <+hyper_ch> for i in {1..254} ;do (ping 10.8.0.${i} -c 1 -w 5  >/dev/null && echo "10.8.0.${i}" &) ;done
11:47 < pekster> Um, what? Clients can run these things known as firewalls too
11:48 <@krzee> hell no hyper_ch
11:48 <@krzee> !management
11:48 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read https://github.com/OpenVPN/openvpn/blob/release/2.3/doc/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN or (#3) Enable with `--management 127.0.0.1 1234` (adjust port to taste.) See the manpage for pw and socket options
11:48 <+hyper_ch> krzee: what's wrong with pinging? :)
11:48 < pekster> eryuio: Look at the --status option for a client list, or the ability of SIGUSR2 to generate such a list. Or yea, the --management channel
11:48 <@krzee> what pekster said.
11:48 <@krzee> not to mention efficiency lol
11:48 < pekster> Plus openvpn lets clients stay connected without even so much as an IP; there's no way to "ping" such clients at all
11:48 <+hyper_ch> no idea what he said
11:49 < pekster> And this is why offering advice like that is best avoided
11:49 <@krzee> hyper_ch, <pekster> Um, what? Clients can run these things known as firewalls too
11:49 < pekster> firwealled ICMP echo-request? No reply. No address configured? No reply. Misconfigured network? No reply. etc, etc, etc
11:49 <+hyper_ch> nobody runs firewalls
11:49 <@krzee> hyper_ch, is he on your ignore list or something?  he said it right away...
11:49 <+hyper_ch> yes
11:50 <@krzee> you should probably remove him from your ignore list, he very often has useful information
11:50 <@krzee> knows his shit
11:50 <+hyper_ch> nah, no need for removal
11:50 < pekster> That or I'll just kick him later for ignoring a direct request if the quality of advice stays this bad
11:50 <@krzee> lol
11:51 <@krzee> ya that was pretty bad :D
11:51 < pekster> Yes, yes it was. IRC is a place to learn, but not to proliferate consistently bad advice
11:52 < Eugene> I'm not even sure what's going on here
11:52 < Eugene> But I'm sure we need more booze
11:56 -!- max87 [~max87@ims1.ims-mail.in] has joined #openvpn
11:56 < max87> is there any documentation for easyrsa3 installation
11:56 < max87> ?
11:57 <@krzee> yep
11:57 <@krzee> !easy-rsa
11:57 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
11:59 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Remote host closed the connection]
11:59 < max87> ok
11:59 < max87> thanks :)
12:00 <@krzee> np
12:02 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has left #openvpn []
12:06 < eryuio> hello there i got this error : ******* WARNING *******: all encryption and authentication features disabled
12:06 < eryuio> how to enable ?
12:06 <@plaisthos> well that error is "only" a warning
12:10 < eryuio> well how to remedy that warning ?
12:11 <@plaisthos> read it and understand it
12:12 <@plaisthos> if you did not write the config yourself, ask your adminstrator/vpn provider what the hell is going on ;)
12:13 <+hyper_ch> geez, why is sourceforge down
12:13 -!- pEYEd [~kvirc@ool-4355399b.dyn.optonline.net] has joined #openvpn
12:51 -!- faraim [~faraim@2604:180:2:433::6d74] has joined #openvpn
12:58 <+hyper_ch> krzee: http://motherboard.vice.com/read/sony-microsoft-and-others-agree-to-share-customer-data-for-national-security
13:13 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:13 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:16 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 246 seconds]
13:25 -!- max87 [~max87@ims1.ims-mail.in] has quit [Remote host closed the connection]
13:35 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
13:36 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
13:39 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
13:48 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Remote host closed the connection]
13:53 -!- MaxFrames [kvirc@unaffiliated/maxframes] has joined #openvpn
13:53 < MaxFrames> hello
13:54 < MaxFrames> unless explicitly changed, what's the default mtu for openvpn? 1500?
14:00 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
14:00 < MaxFrames> I had to use tcp for the connection because in some situations roaming clients could only use tcp ports (80, 443)
14:01 < MaxFrames> this has made samba/smb horribly slow
14:01 < MaxFrames> I'm hoping to regain a bit of performance by tweaking the mtu
14:01 <+hyper_ch> !mtu
14:01 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
14:01 < MaxFrames> but based on my tests, I'm currently on adsl, 1 payload of 1472 does get through which would indicate I'm at 1500
14:02 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
14:05 < MaxFrames> ok, so mtu is not an issue here
14:05 < MaxFrames> I guess there's no solution if I'm forced to use tcp
14:09 < Exagone313> hello, i am unable to set up tap drivers on windows (devcon.exe failed), what can I do? I tried to reinstall OpenVPN multiple times, after reboots, and it does not work, the tap driver installation failed all times. thanks for helping
14:10 -!- MaxFrames [kvirc@unaffiliated/maxframes] has quit [Quit: It's nice to be important, but it's more important to be nice]
14:11 <+hyper_ch> don't use tcp
14:11 <+hyper_ch> !tunortap
14:11 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
14:11 <@vpnHelper> rooted/jailbroken) support only tun
14:30 < Exagone313> nobody can help me?
14:30 < Exagone313> i really need openvpn
14:35 < grosjean> yo
14:35 < grosjean> anyone try auth ldap with inside a chroot ?
14:53 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn
15:13 <@dazo> grosjean: that should work, LDAP needs TCP, and TCP traffic cannot be jailed inside a chroot
15:14 < grosjean> so this should not work ?
15:14 <@dazo> grosjean: if anything, it might be you need some support directories (tmp or similar) which the openvpn process can read/write in ... that might need to be inside the chroot
15:14 <@dazo> it will work
15:15 <@dazo> chroot does not restrict network traffic at all
15:15 < grosjean> no it's ok
15:15 < grosjean> when i configure jail, auth do not work anymore
15:15 <@dazo> [resend] grosjean: if anything, it might be you need some support directories (tmp or similar) which the openvpn process can read/write in ... that might need to be inside the chroot
15:15 < grosjean> chroot without auth works great
15:16 < grosjean> hmm i've tmp directory inside chroot
15:16 < grosjean> but maybe not all the librairies of ldap auth ?
15:16 <@dazo> try the opposite too ... with auth without chroot and see if that works
15:17 <@dazo> if you use openvpn --chroot option, it is missing some access to some directories inside the chroot ... I'm pretty sure of that
15:17 <@dazo> (but I do presume that LDAP auth does work)
15:17 -!- mattock is now known as mattock_afk
15:18 <@dazo> Exagone313: not too many Windows users hanging around here ... but what kind of error do you get?  That's always a good starting point
15:19  * dazo is not a windows user either, just providing hints to maybe get better answers
15:19 < grosjean> auth without chroot works great too
15:19 < Exagone313> dazo: what i said devcon.exe failed
15:19 < grosjean> thanks dazo
15:19 < grosjean> i will dig further
15:19 <@dazo> Exagone313: yes ... and that is all it said?  No error message, just "Failed!"?
15:19 < eryuio> anyone there ?
15:19 <@dazo> eryuio: no
15:20 < eryuio> how to read this one : http://paste.ubuntu.com/10261946/
15:20  * rob0 is not here
15:20 < eryuio> simply i m asking what is this mean  ? : dir             = ./demoCA     ?
15:20 < eryuio> i m sorry i m newbies
15:20 < Exagone313> during the installation, it say something like "the installation of tap drivers failed"
15:20 -!- Term1nal [~metal@unaffiliated/f41l] has joined #openvpn
15:21 <@dazo> Exagone313: did you run the installer with admin privileges?
15:21 < Exagone313> yes
15:21 < Exagone313> it always ask for this on windows
15:21 <@dazo> Which windows version?
15:21 < Exagone313> i've the same projet as here: https://community.openvpn.net/openvpn/ticket/393
15:21 <@vpnHelper> Title: #393 (Error occured installing tap device driver) – OpenVPN Community (at community.openvpn.net)
15:21 < Exagone313> windows 8.1
15:22 < Exagone313> i had another openvpn version that worked well, before i retry and my pc frozen
15:22 < Exagone313> so i unsintalled to install another version - a second
15:22 <@dazo> Exagone313: which openvpn did you install?
15:22 <@dazo> openvpn version
15:23 < Exagone313> on https://openvpn.net/index.php/open-source/downloads.html before i had the alst link, now two links before (64 bits)
15:23 <@vpnHelper> Title: Downloads (at openvpn.net)
15:23 < Exagone313> 2.3.6
15:23 < eryuio> hello
15:23 < eryuio> anyone ?
15:24 <@dazo> so, 2.3.6-I001 or 2.3.6-I601 ?
15:24 < Term1nal> So, I've gotten a VPN server set up on a VPS out in the cloud. I have successfully configured my client to connect to it (pfsense, which is offering this VPN connection as a gateway to the internet, and I am using rules to specify certain hosts to access the internet through this VPN)
15:24 < Exagone313> two links before
15:24 < Exagone313> I001
15:24 <@dazo> eryuio: nobody answers because nobody has an answer ... stop being annoying and be patient
15:24 < Term1nal> What I'd like to figure out how to do, is to get a port forward from the VPS (the openvpn server) to the openvpn client.
15:25 <@dazo> Exagone313: goodie ... can you try the I601 version?  It has a newer tap-driver ... I don't recall now if the old driver in I001 was incompatible with win8.1 or the coming 8.2
15:25 < Exagone313> i try to reinstall I601? But with this it freezes windows, on another computer i removed I601 to replace with I101 to correct this, and on this computer it does not install
15:25 < Term1nal> I have a firewall rule in iptables to forward a port to the address of the openvpn client.
15:25 < Term1nal> Thing is, I can't ping the client address from the openVPN server.
15:26 < Exagone313> I101 works on another computer with windows 8.1 64 bits
15:26 <@dazo> Term1nal: Do you ping the VPN IP address of the client?
15:26 < Term1nal> dazo: the address of the client is 10.13.37.6 (as reported on the client side)
15:26 < Term1nal> So I ping from the openvpn server to that address, and get nothing.
15:26 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 276 seconds]
15:27 <@dazo> Term1nal: firewall rules blocking it?
15:27 < Term1nal> Not that I am aware?
15:27 <@dazo> Exagone313: okay ... then please update the bug ticket, more skilled people need to look at it to be able to figure it out ... and please state which openvpn version you've tested
15:27 < Term1nal> I have a rule to allow any traffic
15:27 < Exagone313> there is no way?
15:27 < Exagone313> i format windows..?
15:27 <@dazo> Term1nal: in these cases ... it is most likely that a firewall or policy is blocking the ICMP packets ... or that something is messed up in the routing
15:28 < Exagone313> it is posisble to copy files from my other computer ?
15:28 <@dazo> Exagone313: maybe ... I am just not competent enough on Windows
15:28 < Term1nal> Source * Dest * Port * Allow
15:28 < Exagone313> me too i understand, i don't like windows for those things
15:28 < Term1nal> should I also be able to ping the openVPN gateway address from the openvpn server?
15:28 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
15:29 < Exagone313> i try to install the I601
15:29 <@dazo> Term1nal: lets take first things first ... can you ping the server from the client?  (VPN addresses, that is)
15:29 < Term1nal> Yes, I can ping 10.13.37.1
15:29 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
15:30 < Exagone313> it does not work
15:30 <@dazo> Term1nal: goodie ... then there is either a firewall rule or a sysctl setting blocking ICMP echo packets ... try investigate using tcpdump ... otherwise, we need
15:30 <@dazo> !configs
15:30 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:30 <@dazo> !logs
15:30 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:30 <@dazo> Exagone313: :(
15:31 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
15:31 <@dazo> Exagone313: well, please update the trac ticket ... that's really helpful for those of the developers who understands Windows
15:31 < Exagone313> ok i see
15:32 < Term1nal> oh, you know what, I figured it out :D
15:32 < Term1nal> I didn't happen to notice the firewall rule was only allowing TCP any any any
15:32 < Term1nal> instead of any protocol
15:32 <@dazo> Term1nal: this is where I get to say: TOLD YOU SO! ;-)
15:32 < Term1nal> haha
15:32 < Term1nal> yeah.
15:32 < Term1nal> okay, great.
15:33 < Term1nal> this gives me hope!
15:33 -!- Latrina [~Latrina@ppp-219-0.26-151.libero.it] has quit [Ping timeout: 240 seconds]
15:33 <@dazo> Term1nal: but you're doing some port-nat from openvpn server to a service behind the VPN client?
15:33 < Term1nal> one thing I'd like to be able to do, is possibly... can I specify a static address for the client?
15:33 < Term1nal> yes correct
15:33 <@dazo> Term1nal: yeah, use --client-config-dirs
15:33 <@dazo> !ccd
15:33 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
15:34 <@dazo> Term1nal: I've done that a few times ... then you need some policy routing, so that the traffic going VPNserver->VPNclient doesn't exit on the wrong interface on your client side
15:35 -!- Latrina [~Latrina@adsl-ull-24-201.50-151.net24.it] has joined #openvpn
15:53 -!- roadrunner|2 is now known as road|runner
15:55 < Exagone313> dazo: but the ticket is closed
15:58 < Term1nal> dazo: My setup is a bit more elaborate than that :D
15:59 < Term1nal> Essentially, my pfsense router is acting as the client, and I have rules to route traffic sourced from particular LAN addresses out the VPN link to the OpenVPN server out in the cloud.
16:00 < Term1nal> So, I think all I need to do is port forward on the openVPN server to the client address (the pfsense router), and on the pfsense router, it has it's own forward rules to the -real- client.
16:01 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
16:01 < Term1nal> pfsense is pretty hawt :D
16:01 < Term1nal> we have some... jeeze.. 4 LAN segments and 2 WAN segments
16:07 < Term1nal> had a problem with one of the WANs and how they were routing us was stomping on our RTP sessions. They're a fail-over ISP. So I hoped to solve the problem by just setting up a VPN tunnel out to a VPS so that no matter which ISP we were traversing, we need only worry about getting the NAT-ing working with the openVPN setup.
16:09 < Term1nal> So far so good, the tunnel is beautiful, my pfsense router has intel AES hardware acceleration, pushing about 75% speed of our overall bandwidth allocation out the VPN to a small digital ocean VPS, with hardly a blip of extra latency.
16:16 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
16:17 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
16:17 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:36 < Term1nal> dazo: and the port forward is-a-workin'
16:36 < Term1nal> super hotness.
16:47 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:17 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 244 seconds]
17:19 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
17:27 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:33 < Term1nal> dazo: I was preemptively happy about the port forward
17:33 < Term1nal> It's not werkin :(
17:33 < Term1nal> from external.
17:33 < Term1nal> -A PREROUTING -i eth0 -p tcp -m tcp --dport 65522 -j DNAT --to-destination 10.13.37.6
17:33 < Term1nal> ufw status: 65522/tcp                  ALLOW       Anywhere
17:34 < Term1nal> I set up the port foward on the client as well, and from the VPN server, I can connect to 10.13.37.6:65522 successfully.
17:35 < Term1nal> but connecting -to- the VPN server from outside on port 65522 does not route to the client.
17:41 <+esde>  http://superuser.com/a/519269 the second iptables command is usually the sauce i need @Term1nal
17:41 <@vpnHelper> Title: networking - Allow Local Connection to Client Running OpenVPN - Super User (at superuser.com)
17:44 < Term1nal> esde: https://ghostbin.com/paste/72cvp
17:45 <+esde> welp
17:45 <+esde> get rid of the last two rules
17:45 <+esde> those are redundant
17:45 < Term1nal> yeah, not sure why those are there :P
17:45 < Term1nal> probably UFW's doing.
17:45 <+esde> and allz i knowz iz my rules are written with 10.8.0.X:PORT
17:45 <+esde> not just ip
17:46 <+esde> mp thats not ufw's doing afaik
17:46 <+esde> *no
17:46 <+esde> and they can 100% be safely removed
17:46 < Term1nal> Like, I can, on the openvpn server, connect to 10.13.37.6:65522
17:46 <+esde> Term1nal, i told you the fix :)
17:46 < Term1nal> but if I connect to the public IP of the openVPN server on port 65522, I get nothin'
17:47 <+esde> s/10.13.37.6/10.13.37.6:65522
17:47 <@krzee> sounds like a job for #netfilter
17:47 <+esde> also that 13.37 subnetting is annoying
17:47 <@krzee> esde, but he's 1337
17:47 < Term1nal> :P
17:47 <+esde> oic
17:48  * esde throws his box in a farraday cage to avoid being h4x0r3d
17:48 < Term1nal> haha
17:48 < Term1nal> yeah, made the change suggested, no bueno.
17:48 <@krzee> anyways, setting up a proper DNAT is outside the scope of openvpn
17:48 <@krzee> !dnat
17:48 <@krzee> !factoids search --values dnat
17:48 <@vpnHelper> 'freebsdnat', 'bsdnat', 'linportforward', 'openbsdnat', 'nat', and 'frozentux'
17:48 <@krzee> !linportforward
17:48 <@vpnHelper> "linportforward" is (#1) to forward port 80 tcp to a vpn client, use this (replacing <SERVERIP> with the real ip of the server, and <VPNIP> with the clients VPN ip) or (#2) iptables -t nat -A PREROUTING -i eth0 -d <SERVERIP> -p tcp --dport 80 -j DNAT --to <VPNIP> or (#3) iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -i eth0 -p tcp --dport 80 -j ACCEPT
17:49 <+esde> that rule in the link i provided has worked for me since i found it, but YMMV apparently :)
17:49 <@krzee> looks like --to-destination should be --to
17:49 <+esde> # iptables -t nat -A PREROUTING -p tcp --dport port -j DNAT --to-destination ip:port
17:49 <@krzee> but really your question belongs in #netfilter
17:50 <+esde> is the specific command im referring to
17:50 <@krzee> you know, where they support iptables, the program you are asking for help with...
17:50  * esde hands krzee a beer
17:50 <@krzee> lol its 8am here
17:50 <@krzee> i'll wait til breakfast thanks ;]
17:50 <+esde> u mean beer o clock
17:50 <@krzee> !beer
17:50 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
17:52 <+esde> Term1nal, im not trying to tease that the command works for me. i wanted to do the same thing and for about a year i couldnt phrase my question right to get any help. well one day i finally explained my goal to the right person and the shared that link.  i tried the command and it worked so i've kept it around since. sorry if it's not working for you but #netfilter /is/ the best place for more help :)
17:53 < Term1nal> hrm
18:12 -!- dazo is now known as dazo_afk
19:17 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:20 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
19:34 < Term1nal> esde: and it's all working.
19:35 <+esde> \m/
19:35 < Term1nal> Looks like the issue turned out to be, that since I was hitting the VPS's WAN address from the WAN address of my router, I assumed that the source IP of the connecton as it came through the port forward would be rewritten to the VPN gateway address
19:35 < Term1nal> but it was not, so the return route was going async and not making it back
19:36 < Term1nal> but if I hit it from a 3rd party, it worked perfectly.
19:36 <+esde> :D
19:36 < Term1nal> so I switched my PBX host over to being routed through the VPN
19:36 < Term1nal> like a charm.
19:36 <+esde> vpn'd voip, yummy
19:37 < Term1nal> which means now when we fail over to the ISP that muttles our RTP traffic
19:37 < Term1nal> won't give a hoot.
19:37 < Term1nal> VPN bebbeh.
19:37 <+esde> openvpn is officially against isp muttling
19:37 < Term1nal> lol
19:38 < Term1nal> everythign went super smoothly.
19:38 < Term1nal> I'm impress'd
19:38 <+esde> openvpn is beautiful :)
20:18 <@krzee> esde, do you know about my voi darknet voip company?
20:19 <@krzee> s/ voi//
20:23 <+esde> wat
20:23 <@krzee> guess not
20:23 <@krzee> you said voip over vpn is yummy...
20:24 <@krzee> i run a voip service that ONLY operates within the darknet i built with openvpn
20:24 <@krzee> completely off the POTS grid
20:24 <+esde> oooh
20:26 < rob0> krzee, how's that going?
20:26  * Eugene plugs krzee into a RJ-11
20:26 <@krzee> well i completely stopped advertising after i took the surviellance law class from stanford online
20:26 <@krzee> lol
20:27 <@krzee> not that advertising helped anyways
20:27 <+esde> link?
20:27 <@krzee> all customers have come from word of mouth
20:27 <+esde> to the online thing
20:27 <@krzee> it'll never make me rich, but those who use it love it
20:27 <@krzee> and the overhead is basically nothing since im the only admin
20:27 <@krzee> so it makes good enough $ i guess
20:27 < rob0> good deal
20:28 <@krzee> i also sell them super cheap
20:28 <@krzee> 450 gets them the phone and a year of unlimited service (only offer unlimited because we keep no records so we cant count anything)
20:28 <@krzee> then 100/yr
20:28 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
20:29 <@krzee> esde, i took the site down
20:30 <+esde> no the sanford online thing
20:30 <@krzee> since once we become interesting we'll get a NSL and have to lavabit ourselves, im in no hurry to make that happen
20:30 <@krzee> ohhh
20:30 <@krzee> coursera.org bro
20:31 <@krzee> not just that surviellance law class, but also many other awesome classes such as crypto 1 from stanford
20:31 < Eugene> "just shut up" is a surprisingly effective way to deal with problems
20:31 < Eugene> The best way to advertise that you're doing something criminal is to say Privacy
20:31 < Eugene> So.... don't. Just do it.
20:32 < Eugene> (not that you are actualyl criminal, but $JUDGE disagrees!"
20:32 <@krzee> what we do is legal
20:32 <@krzee> we dont even need to support wiretaps according to CALEA
20:32 <@krzee> however, a NSL trumps *
20:32 < Eugene> Yeah.
20:32 <@krzee> "give us backdoor or goto prison!"
20:32 <@krzee> …and prison is hella boring
20:33 <@krzee> and i refuse to backdoor people who trust me
20:33 <@krzee> so… that'll mark our end
20:34 < Eugene> There's a buttsex joke there, but I can't find my way in
20:34 < rob0> HAHA
20:34 <@krzee> hah
20:35 <@krzee> cant find my way in… pun?
20:35 < Eugene> We need to go deeper
20:35 < rob0> So use the backdoor
20:35 <+esde> too soon
20:36 <@krzee> esde, not on the first date?
20:37 <+esde> gotta keep em wantin more
20:38 < rob0> A significant worry of providing a secure service is the brute force attack, whereby the spooks apply brute force upside yo' head until you give them access.
20:38 <+esde> relevant xkcd to be had
20:38 < rob0> I no longer harbor any beliefs about being ruled by law.  We're ruled by force.
20:38 <@krzee> $5 wrench
20:38 <+esde> https://xkcd.com/538/
20:38 <@vpnHelper> Title: xkcd: Security (at xkcd.com)
20:39 <@krzee> (although id like a price check on that)
20:39 <+esde> harbor freight baby
20:39 < rob0> oh!  A chinese-made wrench!  The irony!!
20:39 <+esde> http://www.harborfreight.com/18-inch-jumbo-steel-pipe-wrench-39644.html
20:39 <+esde> $8
20:39 <@vpnHelper> Title: 18" Jumbo Steel Pipe Wrench (at www.harborfreight.com)
20:39 <+esde> inflation
20:41 < rob0> They have smaller ones for $5
20:41 < rob0> and smaller could still hurt a lot!
20:42 <@krzee> especially if put in a pillow case or anything else that adds centriphical force
20:42 <@krzee> long sock...
20:44 < Eugene> http://www.amazon.com/dp/B000FK6Z04
20:44 < Eugene> That includes delivery
20:44 < Eugene> Also, the alt-text
20:46 -!- Term1nal [~metal@unaffiliated/f41l] has quit []
20:54 -!- Dimik [~Dimik-@pool-173-68-183-137.nycmny.fios.verizon.net] has joined #openvpn
20:57 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
20:58 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
21:03 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
21:11 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:43 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
21:50 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 250 seconds]
21:53 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
22:04 < Dimik> hey guys can openvpn bridging work without ip forwarding on ?
22:21 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:27 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
22:27 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:41 -!- Dimik [~Dimik-@pool-173-68-183-137.nycmny.fios.verizon.net] has quit [Ping timeout: 246 seconds]
22:49 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
22:57 -!- pEYEd [~kvirc@ool-4355399b.dyn.optonline.net] has quit [Ping timeout: 245 seconds]
23:13 -!- ShadniX [dagger@p5481D7F0.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:13 -!- ShadniX_ [dagger@p579415E8.dip0.t-ipconnect.de] has joined #openvpn
23:13 -!- ShadniX_ is now known as ShadniX
23:23 <+hyper_ch> krzee: major information disclosure vulnerability at mozilla - https://bugzilla.mozilla.org/show_bug.cgi?id=949446
23:23 <@vpnHelper> Title: 949446 Source Code Disclosure of every possible project (at bugzilla.mozilla.org)
23:23 <+hyper_ch> krzee: http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216
23:32 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
--- Day changed Tue Feb 17 2015
00:08 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
00:11 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
00:15 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
00:22 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
00:27 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 244 seconds]
00:30 -!- mattock_afk is now known as mattock
00:33 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
00:40 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
00:44 -!- edward [~edward@4angle.com] has quit [Quit: bye]
00:45 -!- edward [~edward@4angle.com] has joined #openvpn
00:46 -!- faraim [~faraim@2604:180:2:433::6d74] has left #openvpn ["Leaving"]
00:53 -!- edward [~edward@4angle.com] has quit [Quit: bye]
00:53 -!- edward [~edward@4angle.com] has joined #openvpn
01:59 -!- MaxFrames [~MaxFrames@unaffiliated/maxframes] has joined #openvpn
02:02 -!- `hypermist` is now known as hypermistbot
02:02 -!- hypermistbot [hypermist@unaffiliated/hypermist] has quit [Changing host]
02:02 -!- hypermistbot [hypermist@unaffiliated/hypermist/bot/hypermistbot] has joined #openvpn
02:03 -!- hypermistbot is now known as `hypermist`
02:03 -!- `hypermist` [hypermist@unaffiliated/hypermist/bot/hypermistbot] has quit [Changing host]
02:03 -!- `hypermist` [hypermist@unaffiliated/hypermist] has joined #openvpn
02:03 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 252 seconds]
02:36 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:49 -!- Latrina [~Latrina@adsl-ull-24-201.50-151.net24.it] has quit [Ping timeout: 264 seconds]
02:51 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:55 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
02:59 -!- Latrina [~Latrina@adsl-ull-24-201.50-151.net24.it] has joined #openvpn
03:07 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
03:14 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has joined #openvpn
03:20 -!- u0m3 [~u0m3@109.96.141.114] has quit [Ping timeout: 245 seconds]
03:22 -!- MaxFrames [~MaxFrames@unaffiliated/maxframes] has left #openvpn ["Reality is that which, when you stop believing in it, doesn't go away"]
04:04 -!- justinzane [~justinzan@24.49.184.10] has quit [Ping timeout: 244 seconds]
04:05 -!- flyingkiwi [~flyingkiw@nat.hamburg.contentfleet.com] has quit [Ping timeout: 246 seconds]
04:09 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 255 seconds]
04:10 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 244 seconds]
04:11 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
04:15 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
04:25 -!- u0m3 [~u0m3@109.96.153.181] has joined #openvpn
04:54 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:02 -!- eryuio [~chatzilla@195-154-82-165.rev.poneytelecom.eu] has quit [Remote host closed the connection]
05:34 -!- dazo_afk is now known as dazo
05:42 < shimano> Can iptables forward traffic from VPN_IP:PORT to LAN_IP:PORT ? Or should I use squid for that?
05:50 -!- elfixit [~Icedove@93.82.194.50] has joined #openvpn
05:51 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 252 seconds]
05:58 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:06 <@krzee> !notovpn
06:06 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
06:06 <+hyper_ch> iptables can do that
06:06 <@krzee> but yes
06:06 <@krzee> !linportforward
06:06 <@vpnHelper> "linportforward" is (#1) to forward port 80 tcp to a vpn client, use this (replacing <SERVERIP> with the real ip of the server, and <VPNIP> with the clients VPN ip) or (#2) iptables -t nat -A PREROUTING -i eth0 -d <SERVERIP> -p tcp --dport 80 -j DNAT --to <VPNIP> or (#3) iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -i eth0 -p tcp --dport 80 -j ACCEPT
06:06 <+hyper_ch> krzee: stupid UEFI is driving me insane
06:06 <@krzee> more relevant in #netfilter if you have questions about iptables
06:07 <+hyper_ch> and saw the links I pasted to you?
06:08 <@krzee> yep
06:08 <@krzee> nsa firmware hacks are elite
06:08 <@krzee> been reading about them for awhile
06:08 <+hyper_ch> that was a bad bug on mozilla site, right?
06:08 <+hyper_ch> all their source code was plain open to view for everybody
06:08 <@krzee> umm
06:09 <@krzee> its opensource dude
06:09 <+hyper_ch> you didn't see the bug report? oO
06:09 <@krzee> or is tht the joke?
06:09 <+hyper_ch> https://bugzilla.mozilla.org/show_bug.cgi?id=949446
06:09 <+hyper_ch> :)
06:09 <@vpnHelper> Title: 949446 Source Code Disclosure of every possible project (at bugzilla.mozilla.org)
06:09 <@krzee> Status: 	RESOLVED WONTFIX
06:10 <@krzee> opensource bro
06:10 <+hyper_ch> :(
06:10 <@krzee> get unreported write access, then you got something
06:11 <@krzee> source code disclosure for opensource projects is lol
06:11 <+hyper_ch> I found it a funny bug report
06:12 <@krzee> exactly, very funny
06:12 <@krzee> they reported finding the source of opensource projects :D
06:13 <+hyper_ch> :)
06:13 <+hyper_ch> btw, saw that flip-one-bit-bug for windows?
06:13 <@krzee> was that the exploitable bug that was in every version of windows?
06:14 <+hyper_ch> I think so
06:14 <+hyper_ch> flip one bit in the scrollbar thingy and you get admin privileges
06:14 <@krzee> whoa no i didnt see that
06:15 <+hyper_ch> http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/
06:15 <@vpnHelper> Title: One-Bit To Rule Them All: Bypassing Windows’ 10 Protections using a Single Bit - Breaking Malware (at breakingmalware.com)
06:15 <@krzee> ahh windows 10
06:16 <@krzee> ya i have seen literally nothing about windows 10
06:16 <@krzee> i still havnt used any windows past xp
06:18 <+hyper_ch> how much do you knwo about uefi and stuff?
06:19 < shimano> damn, this forwarding doesn't work for me... ;/
06:19 <@krzee> not enough to help
06:19 <@krzee> shimano, #iptables (aka #netfilter)
06:20 <@krzee> port forwarding has nothing to do with openvpn
06:20 < shimano> okey thanks
06:20 <@krzee> np
06:33 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:49 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
06:58 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 245 seconds]
07:22 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:26 -!- elfixit [~Icedove@93.82.194.50] has quit [Ping timeout: 245 seconds]
07:28 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
07:56 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:18 -!- _8 [layer8@gateway/shell/blinkenshell.org/x-nforqyzwyipxhxka] has joined #openvpn
08:32 -!- justinzane [~justinzan@64.234.62.112] has joined #openvpn
08:42 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:13 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 250 seconds]
09:18 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
09:45 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
09:45 -!- u0m3 [~u0m3@109.96.153.181] has quit [Quit: Leaving]
09:46 -!- u0m3 [~u0m3@109.96.153.181] has joined #openvpn
09:53 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:01 -!- `hypermist` is now known as sleepypc
10:03 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
10:06 -!- elfixit [~Icedove@83-65-234-66.static.inode.at] has joined #openvpn
10:17 -!- elfixit [~Icedove@83-65-234-66.static.inode.at] has quit [Ping timeout: 244 seconds]
10:26 -!- kokel [~quassel@kenneth.kokelnet.de] has quit [Read error: Connection reset by peer]
10:28 -!- kokel [~quassel@kenneth.kokelnet.de] has joined #openvpn
11:04 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 246 seconds]
11:05 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
11:13 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:14 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:39 -!- justinzane [~justinzan@64.234.62.112] has quit [Ping timeout: 245 seconds]
11:53 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
11:54 -!- vasundhar [~vasundhar@122.171.74.164] has joined #openvpn
11:55 -!- ciscam [~ciscam@aftr-88-153-6-199.unity-media.net] has joined #openvpn
12:05 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
12:24 -!- vasundhar [~vasundhar@122.171.74.164] has quit [Quit: vasundhar]
13:00 -!- askwhy [~usr@unaffiliated/sand3r] has joined #openvpn
13:00 < askwhy> hi
13:01 < askwhy> any issue with openvpn+debian7+virtualbox 4.3.22?
13:01 < askwhy> i am losing wired connection
13:01 < askwhy> every 10 min
13:01 < askwhy> wh?
13:01 < askwhy> why?
13:02 -!- askwhy [~usr@unaffiliated/sand3r] has quit [Remote host closed the connection]
13:07 <+hyper_ch> no, but I compiled latest openvpn on my own in debian
13:09 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
13:15 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
13:17 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 244 seconds]
13:20 -!- sleepypc is now known as `hypermist`
13:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:43 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Write error: Connection reset by peer]
13:56 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
13:56 -!- mode/#openvpn [+v s7r] by ChanServ
14:08 <+esde> https://cdt.org/blog/us-doj-seeks-to-search-and-seize-data-on-computers-worldwide/
14:08 <@vpnHelper> Title: US DOJ Seeks to Search and Seize Data on Computers Worldwide | Center for Democracy & Technology (at cdt.org)
14:08 <+esde> should be interesting
14:11 <+esde> Looks like using tor or even a VPN could be enough to merit a search warrant.
14:12 < rob0> Not a warrant valid according to the US Constitution, but I suppose that's considered optional these days.
14:14 <+hyper_ch> the US cst. is just to make people feel better about themselves
14:19 <+esde> the date makes me wonder if it's over with or if this is still a threat
14:20 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
14:24 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
14:28 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
14:30 -!- justinzane [~justinzan@64.234.62.112] has joined #openvpn
14:40 <+esde> another fun read https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
15:11 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
15:15 -!- mattock is now known as mattock_afk
15:53 -!- ultima [~Ultima@unaffiliated/ultima] has joined #openvpn
15:59 < ultima> hello, I have a question about openvpn and ipv4 & ipv6. Currently I have a router running freebsd with openvpn as the primary gateway for the lan. If I enabled ipv6, will traffic continue to go through the vpn or will it go out the ipv6 gateway?
16:03 -!- Exagone313 [exa@elou.world] has quit [Read error: Connection reset by peer]
16:07 < Thermi> ultima: Depends
16:09 < Thermi> Enable IPv6 where? Also, depends on if you connect via IPv4 and IPv6 and hence what ressource it is and if the traffic comes from an IPv4 IP or an IPv6 IP
16:11 < ultima> Yeah thats what I thought, does this mean you need to run 2 instances of openvpn to cover both ipv4 and ipv6?
16:12 < Thermi> Depends on the interface type you're using
16:13 < Thermi> for tun, yes
16:13 < Thermi> for tap, np
16:13 < Thermi> *no
16:13 < ultima> yeah im using tun
16:13 < Thermi> Then you do.
16:13 < ultima> thanks for the info =]
16:14 < Thermi> You're welcome.
16:20 -!- Exagone313 [exa@elou.world] has joined #openvpn
16:30 < pekster> ultima: OpenVPN is fully able to dual-stack inside the tunnel, including with tun
16:31 < pekster> Obviously where traffic goes from a routing context is up to your FIB (ie: your routing tables) and not openvpn at al
16:31 < pekster> all*
16:42 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:56 -!- u0m3_ [~u0m3@109.96.153.181] has joined #openvpn
16:59 -!- u0m3 [~u0m3@109.96.153.181] has quit [Ping timeout: 245 seconds]
17:22 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:31 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
18:39 -!- `hypermist` is now known as sleepypc
18:46 -!- dazo is now known as dazo_afk
18:58 -!- vegardx [~vegardx@176.111.205.230] has joined #openvpn
18:58 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
19:00 < vegardx> Are there any good management / dashboards for OpenVPN?
19:05 <@krzee> only AS
19:05 <@krzee> !as
19:05 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
19:05 <@krzee> other than that there might be a project or 2 out there, but certainly nothing "good"
19:05 < vegardx> Well well, then chef it is then! :p
19:06 <@krzee> gunna write something?
19:08 < vegardx> The problem with automating things is that you end up automating everything. Can't be that hard to set up a OpenVPN server in chef with automatic key generation!
19:08 <@krzee> oh i see, thought you were going to write a web management tool :D
19:09 < vegardx> Aah, no no, that would mean doing actual meaningful work!
19:10 <@krzee> hahaha
19:10 < vegardx> But if I do, I'll make sure to make it in something highly unsupported and not document a thing!
19:10 <@krzee> hahah
19:10 <@krzee> i was going to point you to:
19:10 <@krzee> !management
19:10 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read https://github.com/OpenVPN/openvpn/blob/release/2.3/doc/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN or (#3) Enable with `--management 127.0.0.1 1234` (adjust port to taste.) See the manpage for pw and socket options
19:10 <@krzee> for the backend to talk to
19:12 < vegardx> Cool, I'll take a look at it tomorrow!
19:18 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:24 -!- ciscam [~ciscam@aftr-88-153-6-199.unity-media.net] has quit [Quit: Verlassend]
19:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:08 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
20:12 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
20:33 -!- sleepypc is now known as `hypermist`
20:33 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
20:35 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 255 seconds]
21:16 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
21:50 -!- Milos|Work [~Milos@pdpc/supporter/student/milos] has joined #openvpn
21:50 < Milos|Work> If I run openvpn --config <filename> and I can confirm that <filename> has all of the 'route' parameters commented out, is this going to touch/replace my default route at all?
22:07 -!- `hypermist` is now known as sleepypc
22:29 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
22:43 -!- sleepypc is now known as `hypermist`
23:12 -!- ShadniX [dagger@p579415E8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:13 -!- ShadniX [dagger@p57941C6C.dip0.t-ipconnect.de] has joined #openvpn
23:14 -!- Dimik [~Dimik-@pool-173-68-183-137.nycmny.fios.verizon.net] has joined #openvpn
23:14 < Dimik> is it possible to setup openvpn bridging without ip forwarding ?
23:25 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
23:33 -!- Dimik [~Dimik-@pool-173-68-183-137.nycmny.fios.verizon.net] has quit [Ping timeout: 246 seconds]
23:53 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
--- Day changed Wed Feb 18 2015
00:01 <@krzee> i was ready to tell dimik to ask in #networking twice now
00:01 <@krzee> but he keeps quitting before the response
00:02 <@krzee> Milos|Work, depends on the server
00:02 <@krzee> also default route isnt --route its --redirect-gateway fyi
00:02 <@krzee> if the server pushes default route, then yes it will
00:12 -!- CGML_ is now known as CGML
00:21 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
00:22 -!- Milos|Work [~Milos@pdpc/supporter/student/milos] has quit [Ping timeout: 272 seconds]
00:54 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
01:34 -!- mattock_afk is now known as mattock
01:50 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
02:00 -!- rewozz [~root@unaffiliated/rewozz] has joined #openvpn
02:02 < rewozz> hey, I'm using a Synology NAS that gives me a ca.cert and ovpn file that imports fine on my iPhone through itunes
02:03 < rewozz> I can't seem to make a unified profile to mail out to ovpn
02:03 < rewozz> this is how the file looks, sensitive info edited: http://hastebin.com/umatawizim.vbs
02:03 <@vpnHelper> Title: hastebin (at hastebin.com)
02:05 < rewozz> I get error loading profile: Inbox/openvpn.ovpn - Missing/bad file : ca.crt: cannot open for read /var/m ...
02:06 <@krzee> is your question about openvpn or synology?
02:06 < rewozz> the ovpn config
02:06 <@krzee> ok, ask it in a way that synology doesnt matter
02:07 < rewozz> the one I posted on hastebin, why isn't the app recognizing the inline ca.cert?
02:07 <@krzee> oh i see
02:07 <@krzee> you still have ca ca.crt
02:07 <@krzee> comment that out if using inline
02:08 < rewozz> ah, let me try that
02:08 <@krzee> !inline
02:08 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
02:09 < rewozz> it works :)
02:09 <@krzee> sweet!
02:09 <@krzee> may i recommend using client certs as well
02:10 <@krzee> if you like security that is
02:10 < rewozz> I created an account on the forum and was about to post, then I thought...hey, IRC :)
02:11 < rewozz> yeah I should learn more about it tho, the synology interface is poor so I would have to use CLI
02:11 <@krzee> even if the CLI was great id recommend doing it via CLI
02:12 <@krzee> err
02:12 <@krzee> even if the GUI was great
02:13 < rewozz> I don't mind the CLI just need to spend more time learning openvpn
02:13 <@krzee> if you ever find a good gui for configuring openvpn, your idea of good gui is probably wrong :D
02:13 < rewozz> got it after my dad had problems with l2tp/ipsec being blocked at a hotel, he's on vacation
02:14 <@krzee> ahh, you may enjoy:
02:14 <@krzee> !obfs
02:14 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
02:14 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
02:15 <@krzee> you may find this handy:
02:15 <@krzee> !factoids
02:15 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
02:15 < rewozz> well the hotel only blocked the specific l2tp/ipsec ports
02:15 < rewozz> but the openvpn port should be fine, if not I'll run it on 443
02:16 <@krzee> udp > tcp for openvpn
02:16 <@krzee> so maybe port 53 would get through more firewalls than 443 (which is normally a tcp port)
02:17 <@krzee> !tcp
02:17 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
02:18 < rewozz> yeah I'm running the default udp port currently will see how it goes
02:19 <@krzee> cool
02:19 -!- albercuba [~albercuba@HSI-KBW-46-237-192-160.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
02:21 < albercuba> hello everyone. Question: If i want to install a new VPN server but i don't want this to be transparent to the users, what files (keys, certs, etc) do i need to copy from the old server to the new one?
02:21 < albercuba> sorry i need to correct that
02:21 < albercuba> hello everyone. Question: If i want to install a new VPN server but i WANT this to be transparent to the users, what files (keys, certs, etc) do i need to copy from the old server to the new one?
02:25 <@krzee> ahh ok
02:25 <@krzee> first version i was like just use a new hostname and it wont be transparent
02:25 <@krzee> hahah
02:25 <@krzee> albercuba, do you know where your PKI is?
02:25 < albercuba> no, i just got new here and i need to install a new vpn serer to replace the old one
02:26 <@krzee> if that happens to be on the server (it should not be, but since you are asking this question you may have done that)
02:26 <@krzee> well you need the openvpn config and every file referenced in it
02:26 <@krzee> and you must find the PKI
02:26 < albercuba> is there an easy way to find the pki
02:26 <@krzee> if you dont find the PKI you will need to redo ALL certs next time you need to add somebody
02:27 <@krzee> easiest way is call the old admin, but it could be in the easy-rsa dir
02:27 <@krzee> thats totally a guess, nothing says they even used easy-rsa
02:27 <@krzee> and best security would mandate its NOT on the server, but that doesnt mean it is not there in reality
02:27 < albercuba> yes he used easy-rsa
02:27 <@krzee> people do bad things every day ;]
02:30 < albercuba> so if i have the server crt, key, pem and all the users csr crt and key files what else do i need
02:31 <@krzee> its not about gettings the users key files
02:31 <@krzee> grab the ENTIRE easy-rsa dir that contains that stuff
02:31 <@krzee> as for the server itself, just make sure you have the openvpn config and every file referenced in it
02:32 <@krzee> you see, the PKI (easy-rsa) and the server stuff are totally seperate
02:32 <@krzee> normally on seperate machines for security
02:35 < albercuba> thanks a lot
02:35 <@krzee> yw
02:35 < albercuba> i am gonna try it later
02:39 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has quit [Ping timeout: 265 seconds]
02:39 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 265 seconds]
02:39 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 250 seconds]
02:40 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 246 seconds]
02:41 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has joined #openvpn
02:41 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
02:41 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
02:41 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
02:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:48 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
03:01 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:17 -!- Denial [~Denial@5.80.234.234] has joined #openvpn
03:17 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
03:21 -!- Denial [~Denial@5.80.234.234] has quit [Ping timeout: 252 seconds]
03:41 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
03:54 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:59 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
04:25 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
04:26 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:27 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 265 seconds]
04:40 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
05:16 -!- Gorkhaan [~Gorkhaan@94.31.49.67] has joined #openvpn
05:16 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 245 seconds]
05:17 < Gorkhaan> Hey. I just want to share with you 3 howtos what is a big solution if it is combined:
05:17 < Gorkhaan> https://forums.openvpn.net/topic18210.html
05:17 <@vpnHelper> Title: OpenVPN Support Forum Set up OpenVPN GUI with registry settings using GPO Windows : Tutorials (at forums.openvpn.net)
05:17 < Gorkhaan> https://forums.openvpn.net/topic18209.html
05:17 <@vpnHelper> Title: OpenVPN Support Forum Deploy OpenVPN client configuration file with MSI package : Tutorials (at forums.openvpn.net)
05:17 < Gorkhaan> https://forums.openvpn.net/topic18208.html
05:17 <@vpnHelper> Title: OpenVPN Support Forum Creating OpenVPN Client x64 MSI Package using WiX Toolset : Tutorials (at forums.openvpn.net)
05:17 < Gorkhaan> Thanks for OpenVPN!
05:18 -!- johnubi [548bf4bd@gateway/web/cgi-irc/kiwiirc.com/ip.84.139.244.189] has joined #openvpn
05:19 < johnubi> I'm trying to configure openvpn client on pfsense (freebsd) and I'm getting some strange results...
05:20 < johnubi> Feb 18 12:12:23 openvpn[18889]: /sbin/ifconfig ovpnc1 10.108.1.6 10.108.1.5 mtu 1500 netmask 255.255.255.255 up
05:20 < johnubi> Feb 18 12:12:23 openvpn[18889]: FreeBSD ifconfig failed: external program exited with error status: 1
05:20 < johnubi> this is immediately after the connection is established
05:20 < johnubi> any idea what the issue might be? Also, this was totally working yesterday
05:21 -!- Gorkhaan [~Gorkhaan@94.31.49.67] has quit [Quit: Leaving]
05:30 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
05:31 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:36 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
05:38 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
06:02 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Excess Flood]
06:06 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
06:08 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:20 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
06:32 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:36 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
06:42 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 276 seconds]
06:44 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
06:48 -!- Latrina [~Latrina@adsl-ull-24-201.50-151.net24.it] has quit [Ping timeout: 256 seconds]
06:48 -!- liriel [~liriel@asia.feralhosting.com] has quit [Ping timeout: 246 seconds]
06:49 -!- Latrina [~Latrina@151.56.178.156] has joined #openvpn
06:50 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
06:54 -!- liriel [~liriel@asia.feralhosting.com] has joined #openvpn
06:55 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
07:24 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
07:35 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Quit: ZNC - http://znc.in]
07:35 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
07:35 -!- mode/#openvpn [+o syzzer] by ChanServ
07:58 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
08:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 246 seconds]
08:11 -!- ertyui [~chatzilla@195-154-82-165.rev.poneytelecom.eu] has joined #openvpn
08:11 < ertyui> hi there
08:11 < ertyui> i got an issue with my openvpn
08:12 < ertyui> anyone ?
08:12 < ertyui>  /usr/local/etc/rc.d/openvpn start
08:12 < ertyui> Starting openvpn.
08:12 < ertyui> /usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn
08:18 < DArqueBishop> !logs
08:18 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
08:37 < ertyui> sorry i understand where the problem
08:37 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has joined #openvpn
08:37 < ertyui> when i try to sign the key with this command : openssl ca -out al-vpn1.alcasat.net.crt -in al-vpn1.alcasat.net.csr -policy policy_anything
08:38 < ertyui> i got this error : Check that the request matches the signature
08:38 < ertyui> Signature ok
08:38 < ertyui> The commonName field needed to be supplied and was missing
08:51 < ertyui> anyone
08:51 < ertyui> ?? ?
09:06 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
09:12 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has quit [Quit: Leaving]
09:15 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
09:16 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:20 < ertyui> hello
09:20 < ertyui> anyone there ? ?????
09:20 < vegardx> You have to set a common name, it says it right there.
09:21 < ertyui> set the common name where ? vegardx
09:21 < ertyui> you mean an option have to include on my command : openssl ca -out al-vpn1.alcasat.net.crt -in al-vpn1.alcasat.net.csr -policy policy_anything
09:22 < ertyui> something like --comman mydomain.tld ?
09:22 < vegardx> Likely in the CSR.
09:23 < ertyui> when i generate the csr ? openssl req -nodes -new
09:23 < ertyui> -keyout vpn.mondomaine.com.key
09:23 < ertyui> -out vpn.mondomaine.com.csr
09:23 < vegardx> When you generate a CSR you set certain fields, among them a common name.
09:28 < ertyui> you are absolutately true
09:28 < ertyui> can you explain me one thing i can't understand
09:28 < ertyui> before generating that file
09:29 < ertyui> .csr
09:29 < ertyui> i started editing the file openssl.cnf
09:30 < ertyui> where i put  some customized value on some parameter such as  countryName_default = FR
09:30 < ertyui> emailAddress_default = contact@mondomaine.com
09:30 < ertyui> etc ...
09:31 < vegardx> They basically just set the default value when you generate a csr.
09:31 -!- Karou [~androirc@unaffiliated/karou] has joined #openvpn
09:31 < ertyui> wait
09:31 < vegardx> Say you want to generate a lot of certificates, all with mostly the same infomation you'd do it like that.
09:31 < Karou> Is there a quick and first config I can use to just setup a tunnel?
09:32 < vegardx> ssh -D 8080, there, now you have a quick tunnel
09:32 < ertyui> then when i run this command  openssl req -nodes -new -keyout vpn.mondomaine.com.key -out vpn.mondomaine.com.csr
09:32 < Karou> I mean I need for forward all ports, not prpxy
09:32 < Karou> Proxy*
09:32 < ertyui> it is asking me again all those option which is predefined
09:33 < ertyui> by pressing the enter is that enough or have to rewrite again ?
09:33 < vegardx> That would create a socket on port 8080 which you could do whatever you wanted with. But setting up a tunnel to redirect all traffic is not just a "quick config"
09:33 < vegardx> ertyui: Pressing enter is sufficient, yes.
09:34 < ertyui> seems in my case it wasn't working
09:34 < ertyui> that's why i got that error :  The commonName field needed to be supplied and was missing
09:34 < ertyui> i retaping every value it works again
09:36 < Karou> vegardx problem is I can't do a system wide redirect to that socket
09:36 < vegardx> Then you'll have to do it the right way with OpenVPN and routing.
09:36 < vegardx> But there is no "quick config", but it's pretty basic and easy to do.
09:38 < Karou> I mean like I've got the server and client installed and ssh access to the server, I don't have proper configs for certs yet though, I'm hoping I can skip the certificate part
09:38 < vegardx> Then don't use it?
09:38 < vegardx> There are boatloads of methods of authentication in OpenVPN, like PAM as an example.
09:38 < Karou> Last time I tried the lack of certs caused an issue
09:40 < vegardx> The server obviously needs a certificate. But apart from that, there are non.
09:40 < vegardx> You need a CA, cert and possibly a DH. But clients can be configured to only use PAM or similar.
09:46 < Karou> Oh right
09:46 < Karou> I had that problem
09:47 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
09:47 -!- Karou [~androirc@unaffiliated/karou] has quit [Quit: AndroIRC - Android IRC Client ( http://www.androirc.com )]
09:47 -!- Karou [~smuxi@unaffiliated/karou] has joined #openvpn
09:47 < Karou> Wed Feb 18 10:47:20 2015 UDPv4 link local: [undef]
09:48 < Karou> thats a problem yeh?
09:48 < vegardx> Beats me, probably.
09:48 -!- mutilator [muti@c-68-56-137-33.hsd1.fl.comcast.net] has joined #openvpn
09:49 < mutilator> if i want to give clients different ip's & networks, do i need to run multiple instances?
09:55 < Eugene> Yes.
09:57 < vegardx> They'll get different IPs, and you can disable client-to-client communication. But for total isolation you need more than one server.
10:00 -!- ultima [~Ultima@unaffiliated/ultima] has quit [Ping timeout: 246 seconds]
10:01 < mutilator> ok, based on all i was reading that seemed to be the case but i didnt want to be doing something retarded
10:01 < mutilator> thanks
10:04 < vegardx> Unless you want some clients to have inter-communication and routing between different subnets I don't really think you need more than one server.
10:04 -!- ultima [~Ultima@unaffiliated/ultima] has joined #openvpn
10:05 < mutilator> i need some clients on different subnets so i can route internal and external subnets through those clients
10:05 < mutilator> and i'd prefer not to fire up firewall rules for each case
10:06 < vegardx> I do it like that at home, works as you'd expect. :)
10:08 -!- Karou [~smuxi@unaffiliated/karou] has quit [Read error: Connection reset by peer]
10:08 -!- ultima [~Ultima@unaffiliated/ultima] has quit [Ping timeout: 252 seconds]
10:15 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://hallowe.lt/]
10:17 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
10:35 -!- justinzane [~justinzan@64.234.62.112] has quit [Ping timeout: 246 seconds]
10:39 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Quit: Lost terminal]
10:44 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
10:46 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://hallowe.lt/]
10:48 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
10:50 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
11:16 < pekster> mutilator: In theory you can route arbitrary IPs over the VPN just fine (networks, or even "extra" IPs on the client) so long as you use --iroute and set up your routing table to do the right thing
11:17 < pekster> A separate VPN might be more appropriate depending on your usecase & needs though
11:25 -!- casdude [57ed466d@gateway/web/freenode/ip.87.237.70.109] has joined #openvpn
11:35 -!- cardiel [~cardiel@unaffiliated/cardiel] has joined #openvpn
11:36 < cardiel> is it possible to setup openvpn so that one client get access to the internal lan and internet, and one other client just get access to internet with openvpn?
11:38 < vegardx> Yes, with routing. But it's easier to just use two VPN servers.
11:39 < cardiel> vegardx, ok
11:40 < cardiel> does openvpn use much cpu?.. its a low performance server im using
11:41 <+hyper_ch> intel cpu?
11:41 < pekster> A firewall can do that pretty well too, if you'd rather do that; a !ccd file or --client-connect script can selectively push routes, but remember you _still_ need to run a firewall anyway with IP forwarding since an untrusted client can add their own routes
11:41 < casdude> Hey, I have a problem where a vpn tunnel seems to be generating a lot of TCP traffic and I can't figure out why. Normally the VPN would use UDP but it seems to have fallen back on using TCP, possibly because the UDP port is blocked on the remote sites firewall. The connection seems to be pretty stable, although re-initialising it takes longer than usual (about 1 minute for the tunnel to come up).  Packet capture (a few seconds) - ht
11:42 < casdude> config - http://pastebin.com/3XVakQKM
11:42 < pekster> cardiel: openvpn is normally CPU-bound for the symmetric data encryption; what kinds of uplink speeds are you talking here between your peers?
11:43 < pekster> cardiel: openvpn will not "fall back" on anything. Check your --proto option
11:43 < pekster> cardiel: Oh, wrong product; AS is a commercial, licensed product unsupported by the community; seek the vendor for support
11:43 < pekster> !as
11:43 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
11:44 < cardiel> hyper_ch, yes core2duo
11:44 <+hyper_ch> does it support aes-ni?
11:44 <+hyper_ch> (is it 2nd generation or newer)
11:44 < casdude> Verb 10 log also - http://pastebin.com/MyDdqmWc
11:44 < cardiel> pekster, i have good connection 1gbit
11:45 < pekster> casdude: You can't get help here for AS. Seek our the vendor for support as commercial wrappers and licensed products are not supported here. This is also in our /TOPIC
11:45 < casdude> oops, didn't notice that
11:45 < casdude> my bad
11:45 <+hyper_ch> cardiel: cat /proc/cpuinfo | grep aes
11:45 < pekster> cardiel: Yea, embedded will hit that way-before that theoretical speed, even with AES-NI (check the intel ark website)
11:46 < cardiel> i dont have access to the machine from here, its at home and a t8100
11:46 < cardiel> im running some kvm machines on with other stuff, thats why i dont want it to hog too much resorces
11:47 <+hyper_ch> well, then check intel DB if it has aes
11:47 <+hyper_ch> if so, you could enforce aes as cipher and it will take load of since it has special instructions for handling that
11:47 < cardiel> hyper_ch, no information about it so i guess not
11:48 <+hyper_ch> it should be listed as aes-ni
11:48 <+hyper_ch> in the intel db
11:48 < pekster> Possibly, if your openvpn and openssl was build with it (which hyper_ch doesn't seem to know about and can't help you with.) You can verify more properly with: openvpn --show-engines
11:48 < cardiel> i check here http://ark.intel.com/products/33916/Intel-Core2-Duo-Processor-T8100-3M-Cache-2_10-GHz-800-MHz-FSB , and theres nothing about aes-ni
11:48 <+hyper_ch> then it's first gen
11:49 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
11:49 < cardiel> ok
11:51 < cardiel> so it will use pretty much resources if i run 2 servers then?
11:51 < pekster> If the CPU is the limiting factor (see !speed for other theoretical limits) then yes, it'll load up a core; remember openvpn is single-threaded, and your kernel still gets to schedule it normally
11:52 < pekster> Maybe read about nice(1) as well on your platform for options to adjust scheduling priority
11:52 < cardiel> ok
11:52 < cardiel> thanks for the info
11:55 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
12:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
12:06 -!- casdude [57ed466d@gateway/web/freenode/ip.87.237.70.109] has quit [Ping timeout: 246 seconds]
12:12 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Ping timeout: 252 seconds]
12:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:17 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
12:19 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
12:23 -!- ertyui [~chatzilla@195-154-82-165.rev.poneytelecom.eu] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0/20141127111021]]
13:03 -!- Dimik [~Dimik-@pool-173-68-183-137.nycmny.fios.verizon.net] has joined #openvpn
13:03 < Dimik> is it possible to setup openvpn bridging without ip forwarding ?
13:03 < Dimik> enbled
13:03 < Dimik> enabled
13:11 < rob0> I don't know, might depend on OS.  Did you try it?
13:12 < rob0> In Linux, I think CONFIG_BRIDGE_NETFILTER might have something to say about it, and if Y, you'd probably need IP forwarding.
13:12 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:16 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 246 seconds]
13:31 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has quit [Ping timeout: 245 seconds]
13:32 -!- aulait [~irenacob@li629-190.members.linode.com] has quit [Ping timeout: 245 seconds]
13:32 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
13:36 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:36 -!- aulait [~irenacob@li629-190.members.linode.com] has joined #openvpn
13:37 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
13:38 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
13:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
13:59 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 252 seconds]
14:03 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:12 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
14:25 < Dimik> im on windows
14:26 < Dimik> haven't tried it but we're having an issue with ip forwarding it conflicts with the medical cloud softwares
14:27 -!- tyuiop [~chatzilla@195-154-82-165.rev.poneytelecom.eu] has joined #openvpn
14:29 < tyuiop> hi
14:29 < tyuiop> there i m looking for client openvpn
14:29 < tyuiop> for windows 7
14:29 < tyuiop> ?
14:35 <+hyper_ch> openvpn.net
14:36 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 245 seconds]
14:38 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
14:42 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:52 <+esde> !download
14:52 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
14:52 <+esde> yw :)
14:58 -!- vegardx [~vegardx@176.111.205.230] has quit [Ping timeout: 246 seconds]
15:04 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:40 -!- HollowPoint [~Alex@89.193.212.254] has joined #openvpn
15:41 < HollowPoint> Hey guys, anyone around? I have a really odd problem and could use some help
15:45 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
15:46 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
15:49 <+esde> !ask
15:49 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
15:54 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 250 seconds]
16:00 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
16:13 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:16 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:21 -!- reactor16 [~reactor16@91.228.52.114] has joined #openvpn
16:21  * reactor16 Hi ALL
16:22 -!- johnubi [548bf4bd@gateway/web/cgi-irc/kiwiirc.com/ip.84.139.244.189] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
16:23 < HollowPoint> Hi guys, I'm pretty sure a new router has broken my openvpn connection. I have 3 different openvpn servers, in 3 different locations, 2 in separate AWS regions and 1 physical machine in Yorkshire. I connect to them daily at different times and all has been fine, until a new router has been installed in this building, now, I can connect, but within 30 seconds, traffic stops flowing. Any ideas?
16:23 < reactor16> is there way to not route lan traffic throught vpn ?
16:24 < HollowPoint> reactor16: your LAN traffic should by default be still using it's ordinary gateway and shouldn't be going through the VPN, unless you've set it to redirect local in the config file.
16:25 < reactor16> when i connect to the vpn lan traffic not work i can't join other pc's like 192.168.x.x .
16:25 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
16:25 < HollowPoint> can you create a gist or a pastebin with your config file in?
16:26 < reactor16> ok
16:27 < reactor16> HollowPoint, http://pastebin.com/Y9ktcZd1
16:27 < reactor16> you want client too ?
16:28 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:30 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
16:30 < reactor16> HollowPoint , what you see ?
16:31 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:32 < HollowPoint> just to clarify, you're connecting with the client and you want the client to still be able to connect to machines on that same LAN yes?
16:33 < HollowPoint> You have a route at the bottom of the config for 192.168.1.0 what is the LAN subnet?
16:35 -!- mattock is now known as mattock_afk
16:35 < reactor16> my lan is 192.168.1.0/24
16:35 < HollowPoint> both LANs?
16:35 < reactor16> what both lans you mean ?
16:36 < HollowPoint> so there is a LAN at either end of the VPN, are they both 192.168.1.0/24?
16:36 < reactor16> nah vpn is small vps that have fixed ip
16:36 < HollowPoint> ah ok
16:37 < pekster> Haseo: You checked our keepalive settings?
16:38 < pekster> reactor16: FYI, that's a horrible choice for exposing remote-LANs since it's the #1 most-used RFC1918 network globally. Try one less like to collide unless you know for a fact no VPN client will ever use that IP space
16:38 < pekster> HollowPoint: ^ see above, that was for you, not Has..
16:39 < reactor16> pekster, what you mean ?
16:39 < pekster> You're pushing a route to that 192.168.1.0/24 LAN, yes?
16:40 < reactor16> yes
16:40 < reactor16> if i remove route "192.168.1.0 255.255.255.0" i cannot connect to the internet throught vpn ?
16:41 < HollowPoint> pekster: I have tried keepalive yes, unfortunately it hasn't worked. I've got access to both routers, one is a 4G LTE and the other is a LAN router, neither has any settings that I can see, which would interrupt the VPN, but something has to be, because it worked this morning and a new router has been installed, not sure which as it's a hotel.
16:41 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:42 < pekster> reactor16: That's a different goal. Is your goal to access that server-side network from clients, to redirect client internet-bound traffic via the VPN, both, or something else?
16:42 < pekster> HollowPoint: With a low keepalive interval? Try something like --keepalive 5 60 or similar
16:42 < reactor16> i want to connect to the internet throught vpn and keep access to my lan network
16:44 < HollowPoint> pekster: I'll give it a go, but it isn't going to help lol. The way I'm testing how long it takes for the VPN to go down, is by setting off a ping and letting it go, somewhere between ping 7 and ping 30, the ping stops and until I stop the VPN, I have no access to anything at all.
16:46 < HollowPoint> pekster: didn't help :(
16:48 < pekster> reactor16: So you want to follow the flowchart at !redirect , but you _also_ *cannot* use 192.168.1.0/24 from the _client_ LAN you connect to
16:48 < reactor16> ok
16:49 < pekster> This breaks because you'll have "two" of the same network, and the local network will end up taking priority. You cannot easily get around this, so you really should re-number your server network unless you are confident you will never connect a client from a duplicate numbered network (like pretty much any coffee shop)
16:49 < pekster> HollowPoint: You did restart both the server and client instance after that change, right?
16:49 < HollowPoint> yup
16:49 < pekster> HollowPoint: And you're using --pull or an equivilent wrapper directive on the client, like --client?
16:50 < HollowPoint> It's Linux to Linux, just using basic config files
16:50 < pekster> How about you paste them, because "basic config files" doesn't answer that question
16:51 < pekster> Grep syntax to strip any blanks/whitespace at !configs if you need it; please only redact private key material, not config directives
16:51 < HollowPoint> lol true, but the point being, they haven't changed and all 3 servers worked fine this morning. I don't think this is an issue with openvpn, I think it's the network I'm on right now which is the problem. I can prove that when I get to the office tomorrow, but could do with figuring it out tonight lol
16:52 < pekster> tcpdump can also help
16:52 < HollowPoint> yeah, tcpdump shows traffic, until it stops and traffic only goes one way
16:52 < pekster> Obviously with no transit traffic, the keepalives should appear in both directions along the transit path; if they don't, you know you have issues
16:52 < pekster> keepalive traffic, or tunneled traffic?
16:52 < pekster> That's rather important here if you're getting ping-timeout messages in your:
16:52 < pekster> !logs
16:52 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:52 < pekster> If it's not a ping timeout, you've got a completely different problem
16:53 < HollowPoint> traffic on 1194, so tunnel activity full stop. It shows two way traffic, then when my rolling ping stops, traffic shows going out, but not coming back
16:54 < HollowPoint> I strongly suspect the router is killing off/blocking the inbound reply connections after a small period of time
16:54 < pekster> Unfortinuately, the type of traffic is vastly important here and you're not getting this fact
16:55 < pekster> Though it does sound like a misconfigured firewall
16:56 < pekster> I'd verify you're correctly configured for stateful firewall operation; this is something most SOHO/NAT boxes do out of the box, when configured right
16:56 < HollowPoint> Perhaps I'm misunderstanding you. My answer, was that monitoring port 1194 (The port I'm using to connect) shows traffic in both directions, until suddenly it only shows outbound traffic, i.e. overall tunnel traffic going both ways, then only one way.
16:56 < pekster> From what host, the server? The client will disconnect first since --keepalive is a helper-directive that multiples the timeout by 2 for server operation
16:56 < HollowPoint> Yeah, I configured the SPI on the firewall, and enabled Upnp, neither fixed the problem sadly
16:56 < pekster> openvpn does not use upnp
16:57 < HollowPoint> on the client, I can't monitor it on the server, because the connection dies
16:57 < HollowPoint> I wasn't sure if it did or not, so I enabled it
16:57 < pekster> Then you need to get real control over your server
16:57 < pekster> Try 'screen'
16:57 < pekster> Or a tcpdump to a file you look at later
16:57 < pekster> Or a number of other standard system administration techniques
17:00 < pekster> Might be worth packet tracing on the endpoints themselves too, although normally transmit errors would show up in your logs
17:01 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
17:01 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
17:02 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 252 seconds]
17:07 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
17:18 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:21 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
17:22 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
17:23 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:25 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
17:25 <@krzee> hey plaisthos can you tell me where openvpn for android stores its files such as config file?
17:25 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
17:27 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
17:28 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
18:07 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
18:22 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
18:24 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
18:25 -!- reactor16 [~reactor16@91.228.52.114] has quit [Ping timeout: 252 seconds]
19:26 <+esde> !forward
19:26 <+esde> !ipforward
19:26 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
19:26 <+esde> !redirect
19:26 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
19:26 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
19:26 -!- liriel [~liriel@asia.feralhosting.com] has quit [Ping timeout: 246 seconds]
19:28 -!- liriel [~liriel@asia.feralhosting.com] has joined #openvpn
19:52 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
19:54 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 256 seconds]
20:41 -!- Milos|Work [~Milos@pdpc/supporter/student/milos] has joined #openvpn
20:41 < Milos|Work> how does openvpn select interfaces for IPs if I use --route-nopull and there are no routes defined in my config file?
20:42 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Quit: ZNC - http://znc.in]
20:43 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
21:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:14 <@krzee> Milos|Work, what does pulling routes have to do with setting the ip on the vpn interface?
21:14 <@krzee> i dont think i understand your question
21:14 < Milos|Work> how does openvpn know which IP to use on the interface?
21:15 <+esde> it's got super powers
21:15 < Milos|Work> yes
21:15 <+esde> :)
21:15 <@krzee> the server assigns it
21:15 <@krzee> based on --server directive
21:15 <@krzee> or the peer assigns it itself
21:15 <@krzee> really it depends on your setup
21:16 <@krzee> hell, you can setup a bridge and NOT have openvpn even use an ip
21:16 <@krzee> it all comes down to your goal...
21:17 <@krzee> without making giant assumptions that question cannot be answered
21:28 < Milos|Work> krzee, I don't see it ANYWHERE in the server config despite showing up in PUSH_REPLY
21:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:28 < Milos|Work> PUSH_REPLY has ifconfig 10.8.0.6 10.8.0.5 in it
21:29 < Dimik> any one set up bridging on windows machine?
21:30 <@krzee> Dimik, better to just ask your question, but first let me ask why you want to bridge
21:30 < Dimik> experimenting with "ip forwarding" state for NIC
21:30 < Milos|Work> because he wants to get over it ;)
21:30 < Dimik> maybe bridging does not require for it to be on
21:30 <@krzee> Milos|Work, does the server have a line starting with server?
21:30 <@krzee> like server 10.8.0.0 255.255.255.0 for example
21:31 < Milos|Work> krzee, yes
21:31 < Milos|Work> that exact line
21:31 <@krzee> well, go read what server is in the manual
21:31 <@krzee> !manual
21:31 < Milos|Work> oki doki
21:31 <@krzee> see --server
21:31 < Milos|Work> !automatic
21:31 <@krzee> !man
21:31 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
21:31 < Milos|Work> I'm quite aware
21:31 < Milos|Work> but I imagine you'd argue otherwise ;)
21:31 <@krzee> i like the web man page personally
21:32 <@krzee> so gave you a quick link to it =]
21:32 < Dimik> so the question is does bridging in windows require for IpEnabledRouter to be on
21:32 < Milos|Work> if you're forwarding packets
21:32 < Milos|Work> then yes
21:32 <@krzee> Dimik, i dont know, you may want to ask #networking as thats not a question specific to openvpn
21:32 < Milos|Work> otherwise no
21:32 <@krzee> well the packets are layer2
21:32 < Dimik> krzee danke
21:33 <@krzee> i dont know if l2 packets need ip forwarding or not
21:33 <@krzee> Dimik, but why do you want a bridge?
21:33 <@krzee> you ONLY bridge when you need layer2 packets to flow over the vpn to the lan
21:33 <@krzee> normally not needed
21:33 < Dimik> i heard that bridging uses layer 2 therefore i assumed no routing needed to be enabled on the server
21:33 <@krzee> normally when people ask about bridging its a misunderstanding and they dont need a bridge
21:34 <@krzee> can only bridge tap, tap is layer2
21:34 <@krzee> !tunortap
21:34 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
21:34 <@vpnHelper> rooted/jailbroken) support only tun
21:34 < Milos|Work> krzee, ok I read the big. so why the fk is it using 10.8.0.5 as the gateway?
21:34 <@krzee> !whybridge
21:34 <@vpnHelper> "whybridge" is (#1) you only bridge if you want layer2 to the lan. if you want layer2 only between vpn nodes then routed tap is enough. if you only want layer3 use tun. or (#2) See this URL for a more in-depth discussion on bridging vs routing: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting or (#3) See also !tunortap
21:34 < Milos|Work> s/big/bit/
21:34 <@krzee> Milos|Work,
21:34 < Milos|Work> yes
21:34 <@krzee> !/30
21:34 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
21:34 < Milos|Work> there must be a shit ton of FAQs asked here
21:34 < Dimik> krzee thank you very much
21:34 <@krzee> Dimik, you're welcome
21:35 <@krzee> Milos|Work, yes, many
21:35 <@krzee> !factoids
21:35 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
21:37 < Milos|Work> krzee, damn windows.
21:37 < Milos|Work> messing shit up for everyone
21:37 <@krzee> yep!
21:37 <@krzee> but now theres a better way!
21:37 <@krzee> !topology
21:37 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
21:37 < Milos|Work> !holymoly
21:37  * Milos|Work digests
21:38 <@krzee> tldr; add 'topology subnet' to server config to use .2 .3 .4 etc
21:38 < Milos|Work> thank god the server has 2.3.6
21:39 < Milos|Work> is 2.1 fairly old?
21:39 <@krzee> every server should have it now
21:39 < Milos|Work> awesome
21:39 <@krzee> yes, years old
21:39 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
21:39 < Milos|Work> great
21:39 < Milos|Work> hmm... one problem
21:39 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
21:39 <@krzee> any server that old NEEDS to be upgraded
21:39 <@krzee> (security reasons)
21:39 < Milos|Work> I need to use the VPN to change the server config, so if I mess this up, it'l be a small issue
21:40 <@krzee> Milos|Work, start the new config on a new port
21:40 < Milos|Work> s/'l/'ll/
21:40 <@krzee> then test, or maybe even keep it up until you are local
21:40 < Milos|Work> won't that conflict with the subnet? or do you imply using another subnet
21:40 <@krzee> dont actually kill the old server
21:40 < Milos|Work> ah ok
21:40 < Milos|Work> so the latter
21:40 <@krzee> good call, another subnet
21:41 < Milos|Work> that bot is really handy.
21:41 <@krzee> thank you =]
21:41 < Milos|Work> you wrotei t?
21:41 <@krzee> no no its opensource
21:41 <@krzee> !version
21:41 <@vpnHelper> The current (running) version of this Supybot is 0.83.4.1.  The newest version available online is 0.83.4.1.
21:41 < Milos|Work> ah, but you populated it?
21:42 <@krzee> ya, i started him
21:42 < Milos|Work> awesome
21:42 < Milos|Work> him lol
21:42 <@krzee> then others helped too, definitely not all me
21:42 <@krzee> yep, its a boy ;]
21:42 < Milos|Work> :O
21:42 <@krzee> if vpnHelper was female we'ld have to deal with monthly issues
21:42 <@krzee> lol
21:43 < Milos|Work> LOL
21:43 < Milos|Work> wow
21:43 <@krzee> too far? :D
21:48 < Milos|Work> nah just right ;)
21:48 < Milos|Work> krzee, so I just change the server line and make all the pushed routes use the new subnet
21:48 < Milos|Work> then I start the server with --daemon etc.
21:48 < Milos|Work> it will be ok?
21:49 -!- colinstgeorge [~colin@cloud.hwcdi.com] has joined #openvpn
21:49 < colinstgeorge> Hey Everyone!
21:50 < colinstgeorge> any hints to steady out a udp openvpn connection
21:50 < colinstgeorge> it spikes from 0 to 355k to 2.4M
21:50 < colinstgeorge> draggin big file from client a to client b, cpu at 16% on an APU
22:23 < Milos|Work> is there any reason why a packet sent to an openvpn server via tun0 refuses to show up in tcpdump on the server-side..
22:25 < Eugene> It never gets there would definitely cause it
22:25 < Eugene> UDP is unreliable
22:29 < Milos|Work> what
22:29 < Milos|Work> this has nothing to do with reliability of udp
22:30 < Milos|Work> if I ping 10.8.0.1 from 10.8.0.5 it works, but if I ping 10.8.0.1 from 192.168.2.x it does not seem to be seen at the server end despite tcpdump showing it being sent down tun0
22:30 < Milos|Work> 17:30:42.114907 IP 192.168.2.75 > 192.168.1.1: ICMP echo request, id 1, seq 189, length 40
22:31 < Milos|Work> 192.168.1.0/24 dev tun0
22:37 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Remote host closed the connection]
22:38 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
22:39 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
22:42 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
23:13 -!- ShadniX [dagger@p57941C6C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:13 -!- ShadniX [dagger@p5DDFC1D2.dip0.t-ipconnect.de] has joined #openvpn
23:16 < Milos|Work> nobody? if I force a packet with a forged source ip or whatever down tun0, it should show up at the other end unless there is a firewall blocking, is that correct or not?
23:20 <+hyper_ch> !lartc
23:20 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
23:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:48 <@krzee> Milos|Work, instead of asking why dont you try it
23:48 <@krzee> colinstgeorge,
23:48 <@krzee> !speed
23:48 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
23:48 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no)
23:49 < Milos|Work> krzee, because trying it wouldn't answer the question
23:49 < Milos|Work> krzee, if there is a firewall blocking it I will come to a different conclusion
23:49 < Milos|Work> if there isn't, I will come to a different conclusion
23:50 <@krzee> you dont control both ends of the vpn?
23:50 <@krzee> if so then you should easily know if theres a firewall blocking it
23:50 < Milos|Work> not the network on the other end, no
23:50 <@krzee> oh
23:50 < Milos|Work> it is in a completely different country on the other side of the world and I've logged into it for the first time today
23:50 < Milos|Work> I've got no idea how the network is set up
23:51 < Milos|Work> or whether the firewall is restricting the srcip to 10.8.0.0/24
23:51 < Milos|Work> if there is one active.
23:51 < Anoniem4l> Milos|Work try scanning to see
23:51 <@krzee> Milos|Work, you are the client?
23:52 < Milos|Work> yes, but I can login to the server machine
23:52 < Milos|Work> Anoniem4l, scanning in what way exactly?
23:52 <@krzee> openvpn itself will drop packets with src ip unknown to it
23:52 <@krzee> !iroute
23:52 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
23:52 <@krzee> assuming client/server setup
23:52 < Milos|Work> what does "unknown" mean - if there is no route in the routing table kind of unknown?
23:52 <@krzee> if ptp then that is no longer true
23:53 <@krzee> not routing table, openvpn's internal routing table
23:53 < Milos|Work> tun0 is a p2p link, but I believe you're referring to something else
23:53 < Milos|Work> right. ok
23:53 <@krzee> you see, the kernel sends traffic to the openvpn process
23:53 < Milos|Work> then I should be able to see it in tcpdump
23:53 <@krzee> but if the server doesnt know how to get that traffic to the right client theres a problem
23:53 <@krzee> so theres an internal routing table controlled by iroute
23:53 < Anoniem4l> Milos|Work: I am sorry, i misunderstood your need(s)
23:53 < Milos|Work> Anoniem4l, thanks ok
23:54 < Milos|Work> s/thanks/thats/
23:54 <@krzee> and packets on their way into the server from clients will be dropped before the kernel gets them if the server sees it wont know what to do with return packets
23:54 < Milos|Work> s/thats/that's/ ..
23:54 <@krzee> you will see a MULTI error in the server logfile when this happens
23:54 < Milos|Work> hmmm
23:54 <@krzee> so no, tcpdump would not see it inside tun device
23:55 <@krzee> it would go over the eth device encrypted, but tcpdump will only see encrypted stuff there so you wont know it
23:55 <@krzee> and it gets dropped before it gets to tun device
23:55 < Milos|Work> yes
23:55 < Milos|Work> I understand
23:55 < Milos|Work> but that makes no sense
23:55 < Milos|Work> why does the kernel care about return routes
23:55 < Milos|Work> who said I even want a reply
23:55 <@krzee> kernel?
23:55 <@krzee> kernel never gets it
23:55 < Milos|Work> this isn't udp, but that doesn't mean I want a reply
23:55 < Milos|Work> didn't you say kenrel?
23:55 <@krzee> openvpn cares.
23:55 < Milos|Work> I must have misread
23:56 <@krzee> you have to think about NORMAL traffic
23:56 < Milos|Work> ah right
23:56 < Milos|Work> I get it hang on
23:56 <@krzee> think of when clients have lans routed over them
23:56 < Milos|Work> stuff comes in encrypted, then openvpn decrypts it and only leaves stuff that matters to show up at tun0
23:56 <@krzee> the kernel cant route to the specific client
23:56 < Milos|Work> any other stuff is dropped before tcpdump
23:56 <@krzee> only to openvpn itself
23:56 < Milos|Work> so tcudmp will only see openvpn-approved traffic
23:56 < Milos|Work> am I right?
23:56 <@krzee> because of that, there is a routing table inside openvpn
23:56 <@krzee> traffic that will never be able to make it back gets dropped in the first place
23:57 < Milos|Work> right
23:57 < Milos|Work> so I need to disable that
23:57 <@krzee> cant.
23:57 < Milos|Work> :l
23:57 <@krzee> well sure you can, dont use server/client
23:57 < Milos|Work> I see.
23:57 <@krzee> or add a iroute to the server for the client with a foreign subnet behind it
23:57 <@krzee> i dont care if the subnet is real or spoofed, thats how it works =]
23:58 < Milos|Work> so I need to configure my LAN's local subnet in the server's config?
23:58 < Milos|Work> if I want this to work properly
23:58 <@krzee> ya
23:58 <@krzee> !ccd
23:58 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
23:58 <@krzee> !iroute
23:58 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
23:58 < Milos|Work> and if I don't, then it drops the packets before they are shown in tcpdump?
23:58 < Milos|Work> (if the srcip is my LAN)
23:58 < Milos|Work> rather than 10.8.0.0/24
23:58 <@krzee> if they are from a subnet openvpn doesnt know about, yes.
23:58 < Milos|Work> makes a lot of sense now. I'll give those things a read, above
23:58 <@krzee> !clientlan
23:58 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
23:58 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/clientlan.png | http://pekster.sdf.org/misc/clientlan.png
23:59 <@krzee> !route
23:59 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
--- Day changed Thu Feb 19 2015
00:01 < Milos|Work> krzee, you mean, iroute belongs in ccd?
00:02 <@krzee> correct.
00:02 < Milos|Work> ok
00:02 <@krzee> a ccd file is part of the server config, but only for the specific client
00:02 < Milos|Work> ic
00:02 <@krzee> iroute would make no sense anywhere else
00:02 < Milos|Work> except an apple store, right
00:02 <@krzee> heh
00:03 < Milos|Work> krzee, " the server needs to push a route for the lan to clients"
00:03 < Milos|Work> why? I am the client, why do I need my own route pushed to myself
00:03 < Milos|Work> or do they mean, an openvpn application route
00:03 <@krzee> other clients
00:04 <@krzee> if ONLY the server needs access to that client lan you dont need to push the route
00:04 < Milos|Work> :D
00:04 < Milos|Work> slowly making more sense.
00:04 <@krzee> dont worry about it being pushed to the client itself, iroute is smart enough to catch that and ignore the pushed route
00:04 < Milos|Work> good
00:06 <@krzee> you read the doc in !route ?
00:06 <@krzee> its a really good doc aimed at giving understanding
00:06 <@krzee> i think you'll like it, i wrote it for you :-p
00:15 < Milos|Work> :D
00:16 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
00:19 < Milos|Work> krzee, one more question
00:19 < Milos|Work> does redirect-gateway change/add a default route on a client?
00:25 <@krzee> checked the manual?
00:27 < Milos|Work> yes. it does not say that it changes the default route.
00:27 < Milos|Work> it says something different.
00:28 < Milos|Work> changing the default route is a Serious Thing and it should be more clearly explained, because I'm pretty sure, judging by the explanation, that it does do this. but it's not explicitly stated.
00:40 <@krzee> !man
00:40 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
00:40 <@krzee> lemme look
00:41 <@krzee> omg i dont believe you
00:41 <@krzee> This option performs three steps:
00:41 <@krzee> (1) Create a static route for the --remote address which forwards to the pre-existing default gateway. This is done so that (3) will not create a routing loop.
00:41 <@krzee> (2) Delete the default gateway route.
00:41 <@krzee> (3) Set the new default gateway to be the VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).
00:41 <@krzee> hah
00:41 <@krzee> that wasnt clear enough? really?
00:45 -!- pailaps [~pailaps@nyc.lovesexmoney.info] has joined #openvpn
00:46 -!- HollowPoint [~Alex@89.193.212.254] has quit [Remote host closed the connection]
00:52 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
01:02 -!- Milos|Work [~Milos@pdpc/supporter/student/milos] has quit [Ping timeout: 272 seconds]
01:02 < pailaps> morning
01:02 < pailaps> a little help needed regarding openvpn ipv6 configuration in a openvz container
01:02 < pailaps> http://paste.ee/p/50Va8 - server.conf && http://paste.ee/p/xROHe - route table
01:03 < pailaps> am i missing something?
01:03 < pailaps> thanks for any pointers
01:06 -!- Milos|Work [~Milos@pdpc/supporter/student/milos] has joined #openvpn
01:10 -!- Milos [~Milos@pdpc/supporter/student/milos] has joined #openvpn
01:11 < Milos|Work> krzee, sorry, I deserve a beating for that.
01:13 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
01:17 -!- Eugene [eugene@2600:3c01::14:7116] has joined #openvpn
01:21 -!- mattock_afk is now known as mattock
01:38 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:41 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
01:43 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
02:37 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:02 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: really? must I leave? aw pls let me stay!]
03:14 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 244 seconds]
03:23 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
03:45 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
03:54 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:04 -!- Joost` [~Joost@unaffiliated/joost] has joined #openvpn
04:05 < Joost`> I'm trying to set up openvpn on my server, but I keep getting "ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)"
04:05 < Joost`> anyone know what that might be?
04:06 < Joost`> syslog tells me tun: Unknown symbol ipv6_proxy_select_ident (err 0)
04:07 < Joost`> it appears to be this https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767836
04:07 <@vpnHelper> Title: #767836 - openvpn: Openvpn server cant start after upgrade to kernel 3.2.63-2+deb7u1 (tun: Unknown symbol ipv6_proxy_select_ident) - Debian Bug report logs (at bugs.debian.org)
04:16 <@krzee> Joost`, you dont have tun loaded
04:16 <@krzee> kernel module
04:16 <@krzee> you on a vps?
04:18 < Joost`> Yeah, it's becoming more and more apparent to me that I messed up by upgrading to jessie
04:18 < Joost`> I'm on a DigitalOcean vps
04:21 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:21 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
04:22 <@krzee> openvz?
04:22 < Joost`> i'm not sure
04:23 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
04:23 <@krzee> well you probably need them to do something
04:24 <@krzee> or if possible try compiling and loading the kernel module
04:24 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
04:24 <@krzee> if its openvz,  http://wiki.openvz.org/VPN_via_the_TUN/TAP_device
04:24 <@vpnHelper> Title: VPN via the TUN/TAP device - OpenVZ Linux Containers Wiki (at wiki.openvz.org)
04:25 <@krzee> but without knowing whats running its impossible to help you
04:25 <@krzee> time for me to go eat
04:26 < Joost`> thanks :)
04:26 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
04:27 <@krzee> np
04:41 -!- dazo_afk is now known as dazo
05:10 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:12 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:25 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
05:30 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
05:40 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
05:51 -!- Joost` [~Joost@unaffiliated/joost] has quit [Ping timeout: 252 seconds]
05:51 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 255 seconds]
05:52 -!- mattock is now known as mattock_afk
05:54 < Milos> krzee, your guide, when it talks about "Common Name" is it talking about the name specified in the cert, or is there another way to identify the client?
05:54 -!- Joost` [~Joost@unaffiliated/joost] has joined #openvpn
05:58 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:04 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:25 -!- mattock_afk is now known as mattock
06:46 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
06:53 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
06:56 < Milos> anyone know how to find out the client name...?
06:56 < Milos> i.e. the name of the file that goes in the ccd directory
07:00 <@krzee> Milos, CN is the common name when you made the cert
07:00 <@krzee> !certinfo
07:00 <@vpnHelper> "certinfo" is run `openssl x509 -in <file> -noout -text` for info from your cert file
07:01 < Milos> yeah, I figured, but it still gives me the MULTI bad srcip error :(
07:01 <@krzee> its also reported in the server log when the client connects
07:01 < Milos> are you sure?
07:01 <@krzee> then there was an issue
07:01 <@krzee> what do you mean am i sure?
07:01 < Milos> all I can see is my name, this setup is using peruser auth methods, the cert is shared with all clients...
07:02 <@krzee> !authpass
07:02 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
07:02 <@krzee> you want --username-as-common-name
07:02 < Milos> -___-
07:03 < Milos> I've been scouring documentation for the past hour and didn't see that, what is wrong with me
07:03 < Milos> krzee, btw, how come it didn't work when I used the cert CN as the ccd filename either?
07:03 < Milos> is it because I am connecting peruser, or what
07:04 <@krzee> dunno, could be a number of things, and whats peruser?
07:04 < Milos> peruser as in, I type my login, password, and OTP as well as use the cert
07:04 < Milos> rather than just cert
07:06 < Milos> krzee, ......... omg, the config file already had username-as-common-name
07:06 < Milos> I hate dealing with other people's setup ;p
07:08 <@krzee> at a minimum you should know what the config has
07:08 <@krzee> whether you configured it yourself or not
07:08 < Milos> yes, I know.
07:09 < Milos> anyway, I need to get to the bottom of this, because I already tried using a file the same name as the user
07:09 < Milos> hmm
07:09 < Milos> I'm this close to using strace | grep /etc/openvpn/ccd
07:09 < Milos> ls -l
07:09 < Milos> whoops wrong window
07:15 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
07:19 < Milos> TLS: Username/Password authentication succeeded for username 'milos.blah' [CN SET]
07:19 < Milos> # cat /etc/openvpn/ccd/milos.blah
07:19 < Milos> iroute 192.168.2.0 255.255.255.255
07:19 < Milos> MULTI: bad source address from client [192.168.2.75], packet dropped
07:20 < Milos> I've spent an hour and a half on this. There is nothing in the verb 5 log that shows the ccd file being read at all.
07:20 < Milos> Do I need to increase the verbosity further...?
07:21 < Milos> client-config-dir /etc/openvpn/ccd
07:21 < Milos> username-as-common-name
07:21 < Milos> ]# ls -l /etc/openvpn/ccd/
07:21 < Milos> total 4
07:21 < Milos> -rw-r--r--. 1 nobody nobody 35 Feb 19 12:39 milos.blah
07:22 < Milos> hang on, it says IMPORT: reading client specific options from: /etc/openvpn/ccd/milos.blah
07:23 < Milos> internal route 192.168.2.0 -> milos.blah/IP
07:23 < Milos> so what the frak is it complaining about?
07:31 < Milos> same bug as here. http://comments.gmane.org/gmane.network.openvpn.user/35309
07:31 <@vpnHelper> Title: OpenVPN users list (at comments.gmane.org)
07:32 < Milos> this is turning into a bit of a waste of time considering the configuration is correct
07:33 -!- dupondje [~dupondje@artemis.dupie.be] has joined #openvpn
07:34 < Milos> again, same bug. http://readlist.com/lists/lists.sourceforge.net/openvpn-users/1/7571.html
07:34 <@vpnHelper> Title: Re: 2.1-rc7: iroute is ignored? - ReadList.com (at readlist.com)
07:34 < dupondje> How can you specify in the server config that it only listens to 1 ipv4 and 1 ipv6 address? Can you give 2 ip's to 'local' ?
07:38 < tyuiop> hi everyone
07:39 < tyuiop> i just followed this tutorial : http://blog.nicolargo.com/2009/04/installation-dun-serveur-vpn-sous-freebsd.html
07:39 < tyuiop> and setup without any problem
07:40 < tyuiop> openvpn server
07:40 < tyuiop> the problem  i m facing is
07:41 < tyuiop> the full traffic not passing through the vpn network
07:41 <+hyper_ch> !def1 > tyuiop
07:41 <+hyper_ch> !def1
07:41 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
07:41 < tyuiop> just only part of traffic passing through openvn
07:42 < tyuiop> and i would like to pass full traffic through vpn
07:42 <+hyper_ch> read above
07:42 < tyuiop> ok thanks
07:42 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 250 seconds]
07:43 < tyuiop> let me check that
07:46 < tyuiop> welll  i add this directive rules : push "redirect-gateway def1"
07:46 < tyuiop> and restart my openvpn server
07:46 <+hyper_ch> yes
07:46 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
07:46 < tyuiop> how to check if everything is routed my that gateway ?
07:47 <+hyper_ch> check your routing table on the client
07:47 < Milos> use tcpdump
07:47 < Milos> figure it out
07:48 < tyuiop> i m not familiar with tcpdump
07:48 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
07:48 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
07:48 < Milos> ip route | grep default
07:48 < Milos> if that matches the vpn gateway then you're fine
07:49 < Milos> anyway, I'm going to go to bed soon. when someone technical arrives, if they can explain why internal route 192.168.2.0 -> milos.blah/101.98.75.234 leads to MULTI: bad source address from client [192.168.2.75], packet dropped
07:49 < Milos> it would be great.
07:49 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
07:50 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
07:50 < tyuiop> i don't understand
07:51 < tyuiop> tcpdump 192.168.1.200  | grep default not working
07:51 < Milos> <Milos> ip route | grep default
07:51 < Milos> I'm not sure what you're reading
07:51 < Milos> it says "ip route" not "tcpdump 192.168.1.200"
07:51 < tyuiop> ip route is command ?
07:51 < Milos> yes
07:52 < tyuiop> but it gives me that
07:52 < tyuiop> ip route | grep default
07:52 < tyuiop> ip: Command not found.
07:52 < Milos> route | grep default
07:52 < tyuiop> usage: route [-dnqtv] command [[modifiers] args]
07:52 < Milos> what damn OS are you using
07:53 < Milos> netstat -r ?
07:53 < tyuiop> ppl calls that one freebsd
07:54 < Milos> try netstat -r | grep default
07:54 < Milos> I don't have much experience with bsd
07:54 < tyuiop> that's working
07:54 < tyuiop> i can see my default gateway
07:55 < Milos> great, so your problem is solved?
07:55 < tyuiop> i have to check
07:55 < tyuiop> with setiing a client
07:55 < Milos> ok well I'm going to bed, but good luc
07:55 < Milos> k
07:56 < tyuiop> wait
07:56 < tyuiop> netstat -r i have to run on the openvpn server
07:57 < Milos> no.
07:57 < tyuiop> or one of my client openvpn ?
07:57 < Milos> client.
07:57 < tyuiop> and the directive : push "redirect-gateway def1"
07:57 < tyuiop> where i have to put ?
07:58 < tyuiop> server or client side ?
07:59 < tyuiop> if it's on server side, it seems the directive not taking effect correctly
07:59 < tyuiop> because when i do netstat -r on my client
08:00 < tyuiop> i can't see my default route
08:01 < Milos> it definitely goes on the server side, but I don't know if you need to set other things as well. you'll have to wait for someone else to answer, as I only started using openvpn today, so I'm not really sure.
08:02 < tyuiop> i got an other interesting point when i do netstat -n
08:03 < tyuiop> i can default in twice time
08:03 < tyuiop> which means i have two default route
08:04 < tyuiop> how to delete default one route ?
08:06 < tyuiop> will this one clork ? route del default gw 192.168.0.1
08:06 < Milos> why don't you try it.
08:06 < Milos> you're starting to ask bsd-related questions which you'll find better support for in other respective channels
08:06 < tyuiop> yes working
08:06 < tyuiop> thanks a lot
08:06 < tyuiop> bye
08:06 -!- zhangyh26258 [~john@192.241.220.85] has joined #openvpn
08:08 < Milos> when someone technical arrives, if they can explain why internal route 192.168.2.0 -> milos.blah/101.98.75.234 leads to MULTI: bad source address from client [192.168.2.75], packet dropped
08:10 -!- elfixit [~Icedove@83-65-234-66.static.inode.at] has joined #openvpn
08:31 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 265 seconds]
08:34 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
08:35 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 246 seconds]
08:36 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Ping timeout: 245 seconds]
08:36 -!- zhangyh26258 [~john@192.241.220.85] has quit [Quit: Leaving]
08:36 < albercuba> hello everyone. can someone help me setting up openvpn with tap0?
08:37 < albercuba> i followed this http://www.slsmk.com/getting-started-with-openvpn/installing-openvpn-on-ubuntu-server-12-04-or-14-04-using-tap/ and it doesnt work for me
08:37 <@vpnHelper> Title: Installing OpenVPN on Ubuntu Server 12.04 or 14.04 using TAP | Super Library of Solutions (at www.slsmk.com)
08:37 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
08:37 < albercuba> yes i did that and it does not work
08:38 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
08:39 < DArqueBishop> Why are you using tap0?
08:39 <+hyper_ch> !tunortap
08:39 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
08:39 <@vpnHelper> rooted/jailbroken) support only tun
08:39 < albercuba> i am just gonna try again
08:39 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has joined #openvpn
08:39 <+hyper_ch> albercuba: any specific reason why you want tap?
08:45 <+hyper_ch> who is the botmaster in here again?
08:45  * hyper_ch eyes ecrist
08:47 < dupondje> How can you specify in the server config that it only listens to 1 ipv4 and 1 ipv6 address? Can you give 2 ip's to 'local' ?
08:47 < dupondje> any idea's?
08:48 <+hyper_ch> what would that be good for?
08:48 < dupondje> well I use 1 IPv6 for each service. Just don't want the openvpn to listen on all ipv6 addresses
08:48 < dupondje> only the one designed for it :)
08:49 <+hyper_ch> what's the problem with listening to them all?
08:50 < dupondje> its not really an issue ofc
08:52 <+hyper_ch> well, I don't konw
08:52 <+hyper_ch> just use 4096 bit, and tls-auth and you should be fine IMHO
08:52 <+hyper_ch> or setup the firewall to allow only port 1194 for that one ip
09:15 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
09:19 < albercuba> hyper_ch, because i want the users to be able to get drives mapped
09:19 <+hyper_ch> you don't need tap for that
09:19 <+hyper_ch> just run samba
09:19 <+hyper_ch> I think
09:20 <+hyper_ch> or I don't know what you mean by drives mapped
09:20 < albercuba> thee is a windows domain controller on the internal network
09:20 <+hyper_ch> no idea
09:20 < albercuba> and samba drives are mapped
09:20 < albercuba> through this DC
09:20 <+hyper_ch> windows is too complicated for me simple brain
09:21 < albercuba> and i was reading that if you want your drives to be mapped automatically you need tap
09:21 <+hyper_ch> I run a start up script that maps samba shares
09:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:23 < albercuba> yes because u dont have a DC
09:23 < albercuba> here there is a DC so all those policies are managed through it
09:23 <+hyper_ch> as said, too Windows is too complicated for my simple brain
09:25 < albercuba> i am new here and they have the DC, i cannot change that :P
09:29 < DArqueBishop> Have you tried it via tun?
09:39 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
09:41 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 250 seconds]
10:00 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 250 seconds]
10:03 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
10:03 -!- mode/#openvpn [+o plaisthos] by ChanServ
10:03 < tyuiop> hello there
10:04 < tyuiop> i can't able access to internet through my vpn
10:04 <+esde> !welcome
10:04 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
10:04 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:07 < colinstgeorge> Hello Everyone (Haven't googled yet, so don't jump down my throat)... anyone have nay good references for openvpn encrytion settings for different throughput benchmarks?
10:07 < colinstgeorge> or is this WAY to broad of a topic?
10:07 < colinstgeorge> becuase it is proc dependant?
10:08 < colinstgeorge> Like with the current config (AES-256 CBC, SHA-256), I am getting ~3Mbps through my APU1D4
10:08 <+esde> Why wouldnt we jump down your throat for asking something here before you even bothered to google. That's literally step one before asking others for help.
10:09 < colinstgeorge> :)
10:09 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 265 seconds]
10:09 < colinstgeorge> esde: jump away - I jump down my tech's throats, I'm just lazy and was hoping for some pro-tips or if someone already had a good link
10:10 <+esde> !spoonfeed
10:10 <+esde> !spoonfeeding
10:10 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html
10:10 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
10:10 -!- mode/#openvpn [+o plaisthos] by ChanServ
10:12 < colinstgeorge> !lovinit
10:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
10:16 < tyuiop> hello there
10:16 < tyuiop> i start following this tutorial : http://blog.nicolargo.com/2009/04/installation-dun-serveur-vpn-sous-freebsd.html
10:16 < tyuiop> i setup my openvpn server successfully
10:18 < tyuiop> i add this option in additional on server side : push "redirect-gateway def1"
10:18 <+esde> !walkthrough
10:18 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
10:18 < tyuiop> to route whole traffic through my vpn server
10:18 < tyuiop> but it seems that option not working properly
10:19 < tyuiop> i can't able to access to internet
10:19 < tyuiop> on windows 7 openvpn client
10:19 <+esde> tyuiop, see the message from vpnHelper above ^^
10:20 < tyuiop> which one ?
10:20 <+esde> !walkthrough
10:20 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
10:20 < tyuiop> i m using freebsd
10:20 <+esde> ^ that one
10:21 <+esde> the message is universal
10:21 <+esde> !howto and !man will be helpful. if not, type !allinfo to get directions on how to gather information to assist others who may want to help you
10:22 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
10:22 < tyuiop> !allinfo
10:22 <@vpnHelper> "allinfo" is Please type !configs !logs and !interface to see all the info we want to be able to help you
10:22 < tyuiop>  !configs !logs
10:22 < tyuiop> !configs !logs and !interface
10:23 <+esde> one trigger at a time
10:23 <+esde> !configs
10:23 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:23 <+esde> !logs
10:23 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:23 <+esde> !interface
10:23 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For Linux:
10:23 <@vpnHelper> iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
10:24 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 252 seconds]
10:24 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 252 seconds]
10:27 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
10:27 -!- mode/#openvpn [+o plaisthos] by ChanServ
10:29 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
10:30 <@ecrist> hyper_ch: what are you eying me up for wrt the bot?
10:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:32 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:34 <+hyper_ch> ecrist: you're the bot master, right?
10:34 -!- tekzilla [~jon@217.147.92.57] has joined #openvpn
10:37 < tekzilla> hi, if on the client i use "route-nopull", i also don't get the dhcp options pushed like DNS servers. is that how its supposed to work ?
10:39 <+esde> check the man pages
10:40 <+esde> !man
10:40 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
10:40 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
10:43 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:44 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:46 < tekzilla> ok i checked that beforehand, according to the manpage it should only reject routes. but at the same time it says "option dhcp-option cannot be used in this context" (right along with "option route cannot be used in this context")
10:47 < tekzilla> and without route-nopull the client gets pushed the dhcp options
10:48 < tekzilla> manpage: "When used with --client or --pull, accept options pushed by server EXCEPT for routes."
10:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:50 < pekster> tekzilla: Not quite. The manpage reads "… EXCEPT for routes and dhcp options like DNS servers."
10:50 < pekster> If you want to selectively accept and act on options, you might want --route-noexec and handle them in a script (or not at all if you didn't want the routes anyway.) On Unix-alikes you'll need to process the dhcp-options bits specially anyway
10:51 < tekzilla> pekster: argh thanks, in the current manpage it actually does!
10:51 < pekster> Probably a document update at some point, yea
10:53 < tekzilla> thanks for the hints, its not a real problem as i plan to have clients accept all pushed routes and just push specific host routes
10:53 < tekzilla> but i was reading the old manpage because of some older client installs, and i think it was behaving the same there
10:53 < tekzilla> anyway, thanks
10:55 < pekster> If it helps, you can also dynamically push (or reset a list of pushed options) by way of ccd files (!ccd) or a --client-connect script
10:55 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
10:56 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 250 seconds]
10:59 -!- rewozz [~root@unaffiliated/rewozz] has left #openvpn ["WeeChat 1.1"]
11:00 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
11:00 -!- mode/#openvpn [+o plaisthos] by ChanServ
11:01 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
11:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 252 seconds]
11:02 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 246 seconds]
11:07 < tekzilla> pekster: yes thanks, i have tested that in some cases
11:09 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
11:17 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
11:19 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
11:20 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
11:20 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
11:25 < tekzilla> just to correct myself: client version 2.1 does not reject the dhcp options with route-nopull, so the manpage is accurate
11:31 <+hyper_ch> you should get newer client
11:33 < tekzilla> indeed, i'll get them all updated soon
11:33 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
11:39 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
11:44 -!- Latrina [~Latrina@151.56.178.156] has quit [Ping timeout: 240 seconds]
12:00 -!- Latrina [~Latrina@adsl-ull-52-189.50-151.net24.it] has joined #openvpn
12:06 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
12:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:12 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:19 -!- Dimik [~Dimik-@pool-173-68-183-137.nycmny.fios.verizon.net] has quit [Ping timeout: 255 seconds]
12:29 < phunyguy> hey guys, what is the proper way to specify a different default gateway to connecting clients instead of the vpn server address? The VPN server is not the gatway...
12:30 < colinstgeorge> esde: ugly, but my results FWIW - https://hwcdi.com/blogpost/122/OpenVPN_on_APU1D4
12:30 <@vpnHelper> Title: HWCDI - OpenVPN on APU1D4 - HWCDI (at hwcdi.com)
12:30 < phunyguy> I tried specifying --route-gateway x.x.x.x and --redirect-gateway def1 on client
12:30 < phunyguy> (via push)
12:31 < phunyguy> but no matter what, it still puts the vpn server IP as the default gateway on the client.... :(
12:32 -!- elfixit [~Icedove@83-65-234-66.static.inode.at] has quit [Quit: elfixit]
12:38 < tyuiop> !man
12:38 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
12:42 < phunyguy> was that to me?
12:43 < phunyguy> I have been reading the man pages, and apparently either I am getting it wrong, or do not understand it.  That is why I am asking for help here :(
12:43 <+hyper_ch> phunyguy: not really sure what you want to accomplish
12:44 < phunyguy> the openvpn server is not a router... and the openvpn interface on the server is bridged to the server adapter.  I am trying to have it specify my router as the gateway and not the VPN server as that is not working.
12:44 <+hyper_ch> still not following what you're trying to do
12:44 < phunyguy> server is 172.24.0.2, adn the router for my network is 172.24.0.1...  I want clients to use 172.24.0.1 as the default gateway when they connect.
12:45 < phunyguy> let me post config
12:45 <+hyper_ch> well, the clients have to go through the server
12:45 <+hyper_ch> I fail to see what role your routes should play there
12:45 < phunyguy> yes but it is not a routed network... it isbridged.
12:46 <+hyper_ch> I'm lost
12:46 < phunyguy> clients can get to 172.24.0.1, but they just aren't being told to use it as the gateway.
12:46 <+hyper_ch> no idea
12:47 < phunyguy> http://paste.ubuntu.com/10312034/
12:47 < tyuiop> can anyone tell me why we need to put these two parameter ? :
12:47 < tyuiop> push "redirect-gateway def1 bypass.dhcp"
12:47 < tyuiop> push "dhcp-option DNS 8.8.8.8"
12:48 <+hyper_ch> tyuiop: you don't need to
12:48 < tyuiop> and also i don't understand the syntaxe
12:48 < tyuiop> why don't need ?
12:48 <+hyper_ch> !def1
12:48 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
12:48 <+hyper_ch> what makes you think you need to set those?
12:49 < phunyguy> hyper_ch: --redirect-gateway: (3) Set the new default gateway to be the VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).
12:49 < tyuiop> and this option : bypass.dhcp
12:49 < tyuiop> ???
12:49 < phunyguy> oh, not to me again.
12:49 <+hyper_ch> tyuiop: you set that
12:49 <+hyper_ch> tyuiop: I have no idea why you did
12:51 < tyuiop> i don't have any idea me too
12:51 < phunyguy> hyper_ch: I thought this would be pretty simple :(  clients connect and get a 172.24.0.x address, which iincludes the route for 172.24.0.0/24... but the wrong gateway is specified.... I get that traffic has to go through the tunnel, but that is what the 172.24.0.0/24 route is for.
12:51 <+hyper_ch> phunyguy: I have no idea what you're trying to achieve
12:51 < phunyguy> hyper_ch: I have no idea where you are confused
12:52 < tyuiop> and this option ? : push "dhcp-option DNS 8.8.8.8"
12:52 <+hyper_ch> tyuiop: what about it?
12:52 < tyuiop> why we need to précise dhpcp-option ?
12:52 < phunyguy> hyper_ch: perhaps if I explain the issue I am running into?  172.24.0.2 is a standalone server, and doesn't give a crap about routingm but it is being set as the default gateway on clients.
12:53 < tyuiop> why we need to mention dhcp-option on the conf file of openvpn server ?
12:55 <+hyper_ch> tyuiop: you don't necessarily have to
12:55 < tyuiop> but that's what its written here :http://doc.ubuntu-fr.org/openvpn
12:55 <+hyper_ch> !howto
12:55 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
12:56 <@krzee> Milos,
12:56 <@krzee> !configs
12:56 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:56 <@krzee> !logs
12:56 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
12:56 <+hyper_ch> tyuiop: have a read here:  http://openvpn.net/index.php/open-source/documentation/howto.html#redirect
12:56 <@vpnHelper> Title: HOWTO (at openvpn.net)
12:58 <+hyper_ch> krzee: do you know what phunyguy is trying to do?
12:58 < phunyguy> I am not sure how to explain it any better :(
12:58 < phunyguy> I have the vpn server behind my router, with port forwarded, and openvpn clients are getting the wrong gateway because of it.
12:59 <@krzee> !goal
12:59 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
12:59 <@krzee> phunyguy, what gateway do you feel the clients should get
13:00 < phunyguy> krzee: 172.24.0.1 instead of the VPN server IP.
13:00 < phunyguy> (172.24.0.2)
13:00 <@krzee> are they on the local lan, or remote?
13:00 < phunyguy> remote being server side?
13:00 <@krzee> you dont know what local and remote is?
13:00 < phunyguy> context...
13:00 < DArqueBishop> krzee: he wants the gateway on the VPN clients to be changed to a router behind the VPN server.
13:01 <@krzee> thats not how that works
13:01 <@krzee> you turn the server itself into the gateway
13:01 <@krzee> routing takes care of the rest
13:01 <@krzee> !redirect
13:01 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
13:01 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
13:01 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
13:01 < phunyguy> krzee: the openvpn tap adapter on the server is bridged to the interface of the server
13:01 <@krzee> why are you bridging?
13:02 < phunyguy> krzee: I am not sure what you are asking.... I only have one network....
13:02 <@krzee> what layer2 protocol do you need to work over the vpn?
13:02 < phunyguy> why is bridging an issue?
13:02 <@krzee> phunyguy, the clients are on the same LAN as the server?
13:02 <@krzee> because:
13:02 <@krzee> !tunortap
13:02 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
13:02 <@vpnHelper> rooted/jailbroken) support only tun
13:02 <@krzee> !whybridge
13:02 <@vpnHelper> "whybridge" is (#1) you only bridge if you want layer2 to the lan. if you want layer2 only between vpn nodes then routed tap is enough. if you only want layer3 use tun. or (#2) See this URL for a more in-depth discussion on bridging vs routing: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting or (#3) See also !tunortap
13:03 <@krzee> if you're bridging without a reason you can explain clearly you are doing it wrong
13:03 < phunyguy> the reason was for network simplicity since my network is complex in other ways./
13:03 <@krzee> no.
13:03 <@krzee> bridging is more complex
13:03 <+hyper_ch> I just put everything into the vpn
13:03 <+hyper_ch> makes networking a lot simpler
13:03 < phunyguy> yes but it worked great until about 3 hours ago... now I am troubleshooting.
13:03 <@krzee> heh
13:03 < phunyguy> :)
13:04 <@krzee> ok, well thats my answer
13:04 <@krzee> no reason for me to care about doing it right more than you
13:04 < phunyguy> just trying to figure out where it went wrong.
13:04 < DArqueBishop> Well, it started going wrong when you chose bridging.
13:04 < DArqueBishop> ;-)
13:04 < phunyguy> yes but it worked.
13:04 <@krzee> i'll do my setup right and ill let you do whatever you want with yours
13:04 <+hyper_ch> I still don't comprehend what he's trying to do
13:04 <+hyper_ch> but maybe it's just because I'm simple minded
13:04 < phunyguy> hyper_ch: then you never will.
13:04 <@krzee> hyper_ch, thats cause you do things correctly =]
13:05 < DArqueBishop> I think I understand, but I also think he's doing it wrong.
13:05 <+hyper_ch> just setup another bunch of vms today and deployed them into two vpns :)
13:05 < phunyguy> look, I get that this is not ideal.... but I really would like to know what happened here and why it broke without being called an idiot,.
13:06 < DArqueBishop> phunyguy: do you want ALL internet traffic for clients going through your local router, or just traffic for internal networks?
13:06 < DArqueBishop> If all, why?
13:06 < phunyguy> and I also don't understand what is so difficult about specifing a different default route on the client.
13:07 < phunyguy> DArqueBishop: all
13:07 < phunyguy> DArqueBishop: because it is my work PC and I don't like them tracking everything I do.
13:07 <@krzee> OMG
13:07 <@krzee> you are bridging to your work lan?
13:07 < phunyguy> no
13:07 < phunyguy> jesus no.
13:07 <@krzee> ok good, i'ld fire you for that
13:07 < DArqueBishop> Yeah, as a sysadmin, I'm going to stop helping you right there.
13:07 < phunyguy> wat?
13:08 < phunyguy> it is my work PC... connecting to home.
13:08 <@krzee> ahh yes, id fire ya
13:08 < phunyguy> I route all traffic there except work related stuff.
13:08 < phunyguy> well good thing youa ren't my boss!
13:08 <@krzee> layer2 isnt secure, if you extended my work lan thered be a problem
13:08 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
13:08 < phunyguy> I'm not bridging work stuff to home.
13:08 < DArqueBishop> I'd have you fired in an instance if I knew you installed something like that without my permission.
13:08 < phunyguy> not in that sense anyway
13:08 <@krzee> yes, you are, its 2 way
13:08 < DArqueBishop> s/instance/instant/
13:08 <@krzee> work can arp poison home, home can arp poison work.
13:09 <@krzee> bridges arent 1 way
13:09 < phunyguy> 172.24.0.x and 10.0.0.x are two different networks.
13:09 < phunyguy> 10.0.0.x is the work LAN
13:09 <@krzee> they can arp to eachother if you bridged
13:09 < phunyguy> layer two traffic from 172.24.0.x is not going to make it to 10.0.0.x
13:09 < phunyguy> i am not bridging on the client side.
13:10 < phunyguy> my server is at home.  That has the bridge.
13:10 < phunyguy> ????
13:10 <@krzee> the client can be poisoned from the home lan
13:10 <@krzee> your work must now trust your house's lan
13:10 -!- Victor-Sierra [~Chimq@unaffiliated/victorsierra] has joined #openvpn
13:10 < phunyguy> that makes no sense to me.
13:10 <@krzee> i know it doesnt
13:11 <@krzee> thats why you're bridging
13:11 < phunyguy> I do not access the work LAN from my home PCs nor is it possible.
13:11 <@krzee> anyways, bbl
13:12 <+hyper_ch> krzee: I also have my home server vpned to my work server... (but then I'm not employed but self-employed)
13:12 < phunyguy> I think I am being misunderstood here....
13:12 <@krzee> no, you are not
13:12 <@krzee> you just dont get it ;]
13:13 < phunyguy> "[14:10:29] <krzee> the client can be poisoned from the home lan"
13:13 <@krzee> yep
13:13 < DArqueBishop> hyper_ch: I have my work laptop routed to my home server, but a) my bosses know I do it, b) it's routed, and c) I don't use redirect-gateway.
13:13 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:13 < phunyguy> what does that have to do with the work LAN
13:13 <@krzee> you ever been an attacker?
13:13 <+hyper_ch> DArqueBishop: I'm my boss... except for my clients when they pay me... then they're my boss - for the time being
13:13 < phunyguy> maybe I should clarify something... my work PC runs linux, and all work related things are in a VM with Windows 7, and no redirect-gateway.
13:13 <@krzee> you just need 1 machine in a lan
13:13 <@krzee> once you get there, you get further
13:14 <@krzee> you are opening a vector from your home lan, now your work needs to trust your house lan
13:14 <@krzee> all because you think bridging is easy
13:14 <@krzee> hah
13:14 < phunyguy> what is untrusted on my home lan?
13:14 <@krzee> heh
13:14 <@krzee> nothing, im sure your work would love to trust everybodys houses lan
13:14 < phunyguy> I certainly trust anything on it, or it wouldn't be on it.
13:14 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:15 < phunyguy> the network guys know about it.
13:15  * Victor-Sierra raises a hand to ask a questoin
13:15 <@krzee> cool, ill ignore and let you be
13:15  * hyper_ch heard that raised hands usually get chopped off
13:15 < Victor-Sierra> :)
13:15 <@krzee> sup Victor-Sierra?
13:15 < Victor-Sierra> Question please. I appear to be limited to the number (or rather length) of my tls-ciphers on 2.3.2 server on Ubuntu. This appears to be at the 255 char point per line. How can I please add more ciphers beyond this 255 char limit?
13:15 < phunyguy> so the issue here is you think I am practicing poor security?
13:15 < phunyguy> and since when is this the ##security channel?
13:16 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 252 seconds]
13:16 < Victor-Sierra> anything beyond char 255 is flagged as an error
13:16 < Victor-Sierra> e.g. Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/server.conf:181: -CBC-SHA (2.3.2)
13:16 <@krzee> Victor-Sierra, never seen that one, you'll want to file a bug report at trac
13:16 <@krzee> !trac
13:16 <@vpnHelper> "trac" is (#1) see https://community.openvpn.net for development information and bug tracker. or (#2) if you have a forum login, use that for trac, its the same database.
13:17 < Victor-Sierra> thanks
13:17 <@krzee> np
13:17 < phunyguy> ok that was harsh.   If the concern here is work trusting my home LAN, then that is not a concern.
13:17 -!- BtbN [btbn@btbn.de] has joined #openvpn
13:18 < phunyguy> can we move on past that and actually try to figure this out?
13:18 <+hyper_ch> Victor-Sierra: tried current version?
13:19 <@krzee> oh right that says 2.3.2
13:19 <@krzee> try 2.3.6 before filing the bug report
13:19 <@krzee> just in case
13:20 <+hyper_ch> only knew because I compiled it today 6x :)
13:20 <+hyper_ch> otherwise I wouldn't know the current version number
13:20 < phunyguy> krzee: when you say "It doesn't work like that", that is what I am not understanding, strictly from a network/routing perspective.  Clients can access 172.24.0.1 via the 172.24.0.0/24 route that is added.  172.24.0.2 is set as the default gateway, which again, is NOT a router.  Why is making 172.24.0.1 the default gateway "not the way it works"?
13:20 < Victor-Sierra> might try that. running ubuntu aptitude which is 2.3.2 with patches implemented by ubuntu/debian team
13:21 <+hyper_ch> Victor-Sierra: apt-get build-dep openvpn
13:21 <+hyper_ch> wget http://.....
13:21  * Victor-Sierra shudders
13:21 <+hyper_ch> tar xvfz openvpn....tgz
13:21 <+hyper_ch> cd openvpn....
13:21 <+hyper_ch> ./configure && make && make install
13:21 < Victor-Sierra> i do that for nginx when i can see clear benefits or if i need to modify source for iso 27001 / sox
13:21 <+hyper_ch> and then edit /etc/init.d/openvpn  and set the path to the binary to /usr/local/sbin/...
13:22 < Victor-Sierra> checking https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
13:22 <@vpnHelper> Title: ChangesInOpenvpn23 – OpenVPN Community (at community.openvpn.net)
13:22 <+hyper_ch> basically insert the "local" in the path
13:24 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:30 < dupondje> SENT CONTROL [router.network.name.com]: => router.network.name.com is the common name right? I make a file in the ccd folder with the name 'router.network.name.com', but it looks like its never read?
13:31 < dupondje> I put some iroutes in it, but still routes get pushed
13:36 < dupondje> hmz
13:36 < dupondje> "TLS Auth Error: --client-config-dir authentication failed for common name 'router.network.name.com'
13:37 <+hyper_ch> dupondje: the common name is the on you used when building the cert
13:37 <+hyper_ch> ./build-key COMMON_NAME
13:38 <+hyper_ch> but not sure what that error is
13:38 <+hyper_ch> !conf
13:38 <+hyper_ch> !config
13:38 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
13:38 <+hyper_ch> !configs
13:38 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:39 < dupondje> seems like it was a permission error :)
13:40 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
13:47 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:57 -!- gffa [~unknown@unaffiliated/gffa] has quit [Remote host closed the connection]
14:17 < Victor-Sierra> turns out the 255 char limit is a semi known issue, especially to tunnelbrick devs
14:18 < Victor-Sierra> "OpenVPN truncates the command line it uses to start the scripts to 255 characters"
14:18 <+hyper_ch> krzee: http://now.avg.com/malware-is-still-spying-on-you-after-your-mobile-is-off/
14:18 <@vpnHelper> Title: Malware Is Still Spying On You After Your Mobile Is Off (at now.avg.com)
14:19 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:20 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:21 <@krzee> yep
14:21 <+hyper_ch> and heard about the stunt lenovo pulled?
14:21 <@krzee> neg, still out here in philippines
14:21 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 252 seconds]
14:22 -!- mattock is now known as mattock_afk
14:22 <@krzee> but its 4:20am so imma crash
14:22 <+hyper_ch> krzee: http://thenextweb.com/insider/2015/02/19/lenovo-caught-installing-adware-new-computers/
14:22 <@vpnHelper> Title: Lenovo Caught Installing Adware On New Computers (at thenextweb.com)
14:22 <@krzee> oh right
14:22 <@krzee> not a big shock, just another piece of crapware sent with stock machines
14:22 < Victor-Sierra> its snowballed a bit
14:23 < Victor-Sierra> they add an ssl cert to the laptops for 'serving content'
14:23 <@krzee> oh boy
14:23 <+hyper_ch> that can be nicely abused to forge other certs
14:23 <@krzee> ouch
14:23 < Victor-Sierra> connect to your bank and this cert actually connected, decrypted all content and passed info back
14:24 <@krzee> thats bad
14:24 < Victor-Sierra> and now they've found the password used to anyone can MITM a lenovo
14:24 < Victor-Sierra> http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html
14:24 <@vpnHelper> Title: Errata Security: Extracting the SuperFish certificate (at blog.erratasec.com)
14:24 <+hyper_ch> first thing when you get a windows lappy is to reinstall everything from a clean source
14:26 < Victor-Sierra> earlier explanation at http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOZG3PlIdFM
14:26 <@vpnHelper> Title: Errata Security: Some notes on SuperFish (at blog.erratasec.com)
14:27 <@krzee> hyper_ch, especially cause you gotta get windows off it :D
14:27 <+hyper_ch> for some unexplainable reason, there are some people that like windows
14:30 <+hyper_ch> btw, checked a user/password file with 10 million entries if I am in there as well
14:30 <+hyper_ch> luckily I wasn't :)
14:30 < Victor-Sierra> or have to use it in a corporate environment or find oem licensing cheap
14:31 <+hyper_ch> why don't corporations move away from windows?
14:33 < zoredache> MS Office.
14:33 <+esde> well
14:34 <+esde> people are used to MS Office
14:34 <+esde> thats why
14:35 <+esde> there are free alternatives id love attempted to implement, but they arent something 99% of the people in the office can go from MS Office to XYZ Free Office Suite. And that sucks :(
14:35 <+esde> * to attempt
14:37 <+hyper_ch> EvilOffice
14:38 -!- VictorSierra [~Chimq@unaffiliated/victorsierra] has joined #openvpn
14:39 -!- Victor-Sierra [~Chimq@unaffiliated/victorsierra] has quit [Ping timeout: 276 seconds]
14:49 -!- anthony25 [~anthony25@aruhier.fr] has quit [Quit: Quitte]
14:51 <@dazo> esde: I have hope that LibreOffice has began to understand the need for a better UX ... and the latest 4.4 release got a lot of UX improvements, so the work has obviously started ... May it not stop!
14:52 <+hyper_ch> better ux?
14:52 <@dazo> User eXperience
14:52 <+hyper_ch> I really love the simpleness of how you can use variables in LO
14:52 <+hyper_ch> Writer
14:53 <+hyper_ch> also coherent formatting is much simpler
14:53 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
14:53 <@dazo> well, average office users wouldn't understand what you talk about now :) ... but they understand where to click to make things happen, and when they don't find their buttons, the panic arises
14:53 <+hyper_ch> so why don't we have much more suicides since the advent of ribbons?
14:54 <@dazo> so improving that, aligning things and using terminology closer to what you'll find in other places (like MSO), that will help
14:55 <@dazo> hyper_ch: Because the ribbons in MSO have usually been the same since the first incarnation of MSO ribbons ... just minor changes ... however, it was one MSO release where they redid a lot, which caused panic
14:56 <@dazo> (Some guys I know called that MSO version for "The beach ball release")
15:00 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
15:05 -!- anthony25 [~anthony25@aruhier.fr] has quit [Quit: Quitte]
15:06 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Quit: Leaving]
15:12 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
15:14 < phunyguy> krzee: I think I figured out the cause of the problem, and the only fix is to do what you said and create a separate network.  I don't mind doing that, I just feel more comfortable knowing the reason.   Two words.  "Network Manager".
15:15 < Milos|Work> krzee, server config: https://bpaste.net/show/1bc9a0c9b1b1 - client config: https://bpaste.net/show/cfcf65a0c5ed
15:16 < Milos|Work> krzee, ccd: https://bpaste.net/show/2d521e7ebb15
15:17 < phunyguy> krzee: openvpn intercepts the config options, does its own procedures, and adds --route-noexec --ifconfig-noexec to the openvpn process it spawns.  The other option is to not use network-manager with openvpn, but like you said, using a separate network is easier.
15:18 < phunyguy> good to know it was me using a bridge that caused the issue, though!
15:18 < Milos|Work> krzee, server log: https://bpaste.net/show/380512980987
15:21 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 264 seconds]
15:22 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:22 -!- badon_ is now known as badon
15:24 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-evixxwocmdazymin] has quit [Quit: YourBNC - (https://yourbnc.co.uk)]
15:27 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-pkmgjqfwqqyaucxq] has joined #openvpn
15:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
15:29 -!- anthony25 [~anthony25@aruhier.fr] has quit [Ping timeout: 246 seconds]
15:33 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has joined #openvpn
15:33 < tyuiop> hi hi hi
15:33 < tyuiop> Hi
15:34 < tyuiop> strange my openvpn network won't working properly
15:35 < tyuiop> when i m using a client openvpn to connect to my openvpn server
15:35 < tyuiop> it says it is connected but can't able to access to internet
15:35 < tyuiop> nor in internal network
15:36 <@dazo> !goal
15:36 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:36 <@dazo> !configs
15:36 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:36 <@dazo> !logs
15:36 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:36 < tyuiop> just a sec
15:37 -!- VictorSierra [~Chimq@unaffiliated/victorsierra] has left #openvpn []
15:40 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has quit [Ping timeout: 246 seconds]
15:44 < tyuiop> here is my conf : http://paste.ubuntu.com/10314180/
15:46 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
15:48 -!- anthony25 [~anthony25@aruhier.fr] has quit [Client Quit]
15:51 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
15:57 < mutilator> so the openvpn-auth-ldap module seems fubar on debian & ubuntu
15:57 < mutilator> been searching for a bit now, anyone know of a fix?
16:01 -!- dazo is now known as dazo_afk
16:05 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: really? must I leave? aw pls let me stay!]
16:05 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
16:05 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:06 -!- badon_ is now known as badon
16:07 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
16:13 < tyuiop> hello anyone ?
16:47 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
16:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:50 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
16:52 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:53 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
16:54 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:05 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 252 seconds]
17:05 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
17:05 -!- mode/#openvpn [+o plaisthos] by ChanServ
17:23 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
17:27 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Quit: There is no knowledge that is not power.]
17:28 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:28 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
17:30 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
17:32 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:34 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
17:35 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
17:37 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:38 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
17:39 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:40 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
18:01 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
18:25 <@krzee> tyuiop,
18:25 <@krzee> !logs
18:25 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
18:25 <@krzee> !redirect
18:25 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
18:25 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
18:25 <@krzee> follow the flowchart in the last link
18:27 <@krzee> Milos, found your problem
18:27 <@krzee> iroute 192.168.2.0 255.255.255.255
18:27 <@krzee> that is a single ip you just irouted, fix your netmask
18:28 <@krzee> ONLY the ip 192.168.2.0 exists in your netmask
18:28 <@krzee> which is not 192.168.2.75 or 192.168.2.90
18:28 < pekster> And that would only be valid if your netmask is a /22 or larger
18:28  * pekster guesses that's not the 192.168.0.0/22 network. But it would (possibly) be valid for that!
18:29 -!- ser_berry is now known as cpt_berry
18:29 <@krzee> well his issue is .75 and .90 arent working, so its irrelevant if .0 is valid
18:30 -!- cpt_berry is now known as ser_berry
18:33 < phunyguy> Hello... new issue while converting to a routed network vs bridged.... "Options error: --server directive network/netmask combination is invalid", the server line is just "server 172.24.1.1 255.255.255.0"
18:34 < pekster> --server is for a routed setup
18:34 < phunyguy> it is...
18:35 < phunyguy> well I am attempting to set it up that way anyway, based on an earlier conversation
18:35 < pekster> Read about --server vs --server-bridge in the manpage. Then go review why you're briding in the first place since it's usually the wrong choice
18:35 < phunyguy> ???
18:35 < pekster> !tunortap
18:35 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
18:35 <@vpnHelper> rooted/jailbroken) support only tun
18:35 < pekster> Why are you trying to bridge?
18:35 < phunyguy> tun, routed.
18:35 < phunyguy> I'M NOT.  lol
18:35 < phunyguy> (I was, but got slapped around in here earlier)
18:36 < pekster> Then that config line is fine
18:37 < pekster> Oh, no it's not
18:37 < phunyguy> apparently not...
18:37 < pekster> You specify the network IP, not the IP you want the server to have
18:37 < phunyguy> ahh.
18:37 < pekster> Note in the manpage that it says "network" and not "address"
18:37 < phunyguy> /headdesk
18:37 < phunyguy> yes yes yes... different than server-bridge.
18:37 < phunyguy> that's where I was confused.  Thanks, pekster
18:39 < phunyguy> (well not really confused... more just not paying attention to detail)
18:41 -!- dyce [62bd4908@gateway/web/freenode/ip.98.189.73.8] has joined #openvpn
18:42 < dyce> is it possible to have site to site openvpn where the server and client are not on the router? or does the client have to be on the router?
18:43 < pekster> By definition a routed VPN endpoint is itself a route, but this doesn't have to be "the router" (presumably you mean the default gateway for a LAN)
18:44 < pekster> Routing is not fundamentally changed by openvpn; treat openvpn as you would any other route with a dedicated link between the 2 VPN endpoints (think of it as a long "virtual fibre run" if you'd like)
18:45 < Milos|Work> krzee, you've got to be kidding me.
18:45 < Milos|Work> krzee, I swear I did not write that
18:45 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
18:45 < dyce> pekster thanks I am still trying to better understand routes.
18:46 < pekster> That should have been "router", but routers have routes (naturally)
18:47 < Milos|Work> krzee, oh my god :( thanks for that, I feel like an idiot
18:53 <@krzee> np, sometimes all you need is a second pair of eyes ;]
18:53 <@krzee> dyce, sure no problem, you just need this:
18:53 <@krzee> !route_outside_ovpn
18:53 <@vpnHelper> "route_outside_ovpn" is "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
18:54 < Milos|Work> krzee, well, I could be mistaken but it seems like that only partially fixed the issue
18:54 < Milos|Work> krzee, I can ping the OpenVPN server at its "real" address 192.168.1.x
18:54 < Milos|Work> wait
18:54 < Milos|Work> probably just need to check forwarding
18:54 < Milos|Work> yes
18:54 <@krzee> Milos, got you past the MULTI error tho, right?
18:55 < Milos|Work> yes
18:55 < Milos|Work> must be forwarding
18:55 <@krzee> then ya, you just keep working on it =]
18:55 <@krzee> !serverlan
18:55 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
18:55 <@krzee> !clientlan
18:55 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
18:55 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
18:55 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/clientlan.png | http://pekster.sdf.org/misc/clientlan.png
18:55 < Milos|Work> !ipforward
18:55 < Milos|Work> ;)
18:55 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
18:55 <@krzee> flowcharts in the above factoids will help ^^
18:55 <@krzee> also make sure you read !route a few times
18:55 < Milos|Work> # sysctl net.ipv4.ip_forward
18:55 < Milos|Work> net.ipv4.ip_forward = 1
18:56 < Milos|Work> I guess it wasn't that
18:56 < Milos|Work> krzee, no I mean, the packets don't show up on tun0 again
18:56 <@krzee> sure, but they got past the MULTI error
18:56 <@krzee> so your iroute isnt the problem
18:56 <@krzee> now start over on troubleshooting
18:56 < Milos|Work> ok
18:58 < Milos|Work> krzee, troubleshooting PNGs are down unfortunately
18:58 < Milos|Work> I'll have a read
18:58 <@krzee> make sure you read !route a number of times, and then since this is a client lan follow the clientlan flowchart
18:58 <@krzee> ircpimps.org is down because im so lazy
18:58 <@krzee> the sdf link is up
18:58 < Milos|Work> !route
18:58 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
18:58 <@vpnHelper> client
19:00 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
19:01 < Milos|Work> krzee, do I *HAVE* to have push "route <my client lan> 255.255.255.0" even if I only have one client
19:01 < Milos|Work> which already has <my client lan> as its local LAN
19:01 <@krzee> only if you want other clients to access it
19:01 < Milos|Work> because that's the only thing I can see which doesn't match the documentation.
19:02 < Milos|Work> well,no I don't
19:02 <@krzee> otherwise just --route is enough
19:02 < Milos|Work> what do you mean just --route is enoug
19:02 <@krzee> (adds the route to the server)
19:02 < Milos|Work> ah
19:02 < Milos|Work> yes
19:02 < Milos|Work> I have that
19:02 < Milos|Work> I have all the routes added - I can communicate but only with the server via the client ALN
19:02 < Milos|Work> s/ALN/LAN/
19:02 < Milos|Work> does that make sense?
19:02 < Milos|Work> client at 192.168.2.75 can ping 192.168.1.103
19:02 <@krzee> so whats not working now?
19:02 < Milos|Work> because 103 is the openvpn server
19:02 < Milos|Work> but it can ONLY talk to 103
19:02 <@krzee> oh so clientlan works
19:03 < Milos|Work> any other IP address shows no packets on the server tun0 interface
19:03 < Milos|Work> yes
19:03 <@krzee> !serverlan
19:03 < Milos|Work> excatly
19:03 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
19:03 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
19:03 <@krzee> there you go!
19:04 < Milos|Work> of course..... the router needs a route added to it
19:04 < Milos|Work> sorry, I kept thinking this was the router (not my setup)
19:04 < Milos|Work> ok, I'll talk to the other team to have them add that
19:04 < Milos|Work> thanks
19:04 <@krzee> yw
19:04 < Milos|Work> finally :)
19:05 <@krzee> got it working?
19:05 < Milos|Work> this will make it work, yes. team is asleep on the other side of the world at the moment so I'll e-mail them.
19:05 <@krzee> well we think it will
19:05 <@krzee> never know til it works
19:05 < Milos|Work> no, it definitely will.
19:05 < Milos|Work> I can guarantee it.
19:05 <@krzee> can only fix 1 issue at a time =]
19:06 <@krzee> when it works you're probably out of issues
19:06 < dyce> what is the key difference for a open vpn client that forwards all of the pc's traffic to the openvpn server's gateway vs just being able to see behind the openvpn server's lan?
19:06 <@krzee> also, your config has client-cert-not-required?
19:06 < Milos|Work> like I said, ping 192.168.2.75 -> 192.168.1.103 works, because the server IS 103, but any other device will reply through their default gateway, which has no route on it
19:06 < Milos|Work> hence, no reply.
19:06 <@krzee> you sure you want that?
19:06 <@krzee> Milos, sure… or could be a firewall, etc etc… you never know til its working =]
19:07 < Milos|Work> krzee, actually, the packets should still show up on tun0
19:07 < Milos|Work> so never mind. it's that AND something else.
19:07 <@krzee> dyce, routing.
19:07 <@krzee> Milos, firewall maybe
19:07 < Milos|Work> if I ping 192.168.2.75 -> 192.168.1.x, and x is not the openvpn server itself, it should still show up on tun0, right?
19:07 < dyce> so the routing is set to the gateway on the openvpn side?
19:07 <@krzee> if linux post iptables-save
19:07 < Milos|Work> tun0 being the server's tun0
19:07 < Milos|Work> iptables is set to allow all
19:08 <@krzee> dyce,
19:08 <@krzee> !goal
19:08 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
19:08 < dyce> ahem, the routing is set the the gateway that the ovpn server is set to*
19:08 < dyce> krzee, just trying to better understand
19:08 <@krzee> dyce, tell me your goal, not whats set how
19:09 <@krzee> i cant help you understand til i know what you want
19:09 < Milos|Work> krzee, oh it does show up on tun0. ok it's definitely the gateway :) problem solved.
19:09 <@krzee> ahh, bad tcpdump command? or just didnt check again?
19:09 < Milos|Work> same command - even used CTRL+R. I must have not noticed. checking history now
19:09 <@krzee> gotchya
19:11 < Milos|Work> krzee, aha... ICMP shows, but TCP SYN does not
19:11 < Milos|Work> same command, but I was running a GET requset before. later, I did a ping (which showed up in tun0)
19:12 < Milos|Work> for some reason, TCP SYN does not show up in tun0 on the server, coming from clientlan
19:12 <@krzee> dyce, a serverlan setup and a redirect-gateway setup *normally* differ by:   redirect-gateway setup needs to NAT the vpn network at the server. and uses redirect-gateway
19:12 <@krzee> but without knowing what you want, i cant help you understand it
19:13 < Milos|Work> krzee, client side: 14:13:16.523067 IP 192.168.2.75.60518 > 192.168.1.102.80:
19:13 < Milos|Work> krzee, server side: nothing.
19:14 < Milos|Work> krzee, client side: 14:13:53.284307 IP 192.168.2.75 > 192.168.1.3: ICMP echo request, id 1, seq 8942, length 40
19:14 <@krzee> no troubleshooting til you fix the route on the server gateway
19:14 < Milos|Work> krzee, server side: 01:14:47.386645 IP 192.168.2.75 > 192.168.1.3: ICMP echo request, id 1, seq 8942, length 40
19:14 <@krzee> pointless
19:14 < Milos|Work> wrong.
19:14 <@krzee> fix 1 problem at a time
19:14 < Milos|Work> TCP SYN should show up in tun0 regardless.
19:14 <@krzee> well *i* wont be helping with it, you may do anyrthing you want
19:14 <@krzee> i fix 1 problem at a time
19:15 < Milos|Work> right
19:15 < Milos|Work> I have 6 hours before I can ask them to add the default route
19:15 < Milos|Work> I'm being efficient
19:15 < Milos|Work> do you have any idea why a TCP SYN might not show up on the server's tun0 for the same src/dest IP? I'm thinking firewall, but it would be strange to allow icmp in that case.
19:16 <@krzee> you refused to show me your firewall
19:16 <@krzee> and i dont care to ask again before you fix your routing issue
19:17 < Milos|Work> that's because I don't know if there is any other firewall, and iptables is set to allow everything. if you really need proof, here it is :) https://bpaste.net/show/27560bedba61
19:17 < Milos|Work> anyway, I'll ask tomorrow if the issue persists after adding the default route, which it will
19:17 < Milos|Work> unless they can tell me where their firewall is
19:18 < pekster> Why on earth are you doing NAT everywhere? :\
19:18 < Milos|Work> this is not my setup
19:18 < Milos|Work> I added 0 of those firewall rules
19:18 < pekster> Then you need the help of the network administrator there
19:18 < Milos|Work> you mean I need to help the network administrator
19:19 < Milos|Work> (there isn't one.)
19:19 < pekster> Guess that explains the highly-suspect ruleset
19:19 < Milos|Work> yes
19:19 < Milos|Work> I already knew that
19:19 < Milos|Work> and thre issue is I have no ides what their network toplogy is like
19:19 < Milos|Work> so I can't tell if there are firewalls interfering
19:19 < pekster> Don't do NAT between routed RFC1918 networks you have control over
19:19 < Milos|Work> anyway I'll ask later
19:19 < pekster> Yea, that's most certainly required to do any advanced routing on a network
19:20 < pekster> And understanding, that is
19:20 < pekster> An*
19:20 < Milos|Work> of course
19:20 <@krzee> ya you dont need nat
19:20 <@krzee> ditch that crap!
19:20 < pekster> See what you can do to get rid of the highly-questionable NAT of the VPN range apparently "everywhere" -- route properly instead
19:20 < pekster> If they don't know how to route, suggest they hire someone who can first ;)
19:21 < Milos|Work> indeed
19:21 < Milos|Work> I like how it says -j MASQUERADE 4 times
19:22 < Milos|Work> for the same interface
19:22 < Milos|Work> like 1 wasn't enough
19:22 <@krzee> you told it 4 times =]
19:22 < pekster> They're probably doing horrible things like using "scripts" to set up/adjust the ruleset. That's quite wrong, and #Netfilter knows why
19:22 < Milos|Work> yep
19:22 < pekster> Sane distros (basically anything not Debian-based) have proper initscripts for it; Debian makes you go get sanity
19:22 <@krzee> my scripts call iptables-restore if anything
19:23 < Milos|Work> I personally just use iptables-save > fw
19:23 < Milos|Work> edit the file
19:23 < Milos|Work> iptables-restore < fw
19:23 <@krzee> ^ same
19:23 < pekster> Yea, then when you've happy with the result, set the distro to load that on init
19:23 < Milos|Work> and at shutdown there's /etc/init.d/iptables save
19:23 < Milos|Work> gentoo :)
19:23 < pekster> Yea, gentoo's pretty on the ball there
19:23 < Milos|Work> ^_^
19:23 < pekster> gentoo and fBSD have probably the best userland init on all Unix-alikes
19:23 < Milos|Work> I can't speak for freeBSD but I can say for gentoo
19:23 < pekster> Everything else just feels like a step backwards (or a good football field)
19:24 < Milos|Work> indeed
19:27 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 250 seconds]
19:30 < Milos|Work> krzee, ok, I feel *really* stupid now. I think I just need to take a break - I had tcpdump to filter only ICMP traffic, and I was complaining why it wasn't showing TCP SYN packets :D
19:31 < Milos|Work> anyway, it WORKS FINE NOW. just need to get the owners to add a static route to their gateway
19:31 < Milos|Work> thanks for your help.
19:31 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
19:31 -!- mode/#openvpn [+o plaisthos] by ChanServ
19:35 <@krzee> lol
19:37 < dyce> in this setup http://i.imgur.com/BM9r1.png , can target see client? the gateway needs to have the tun0 address of the server added as a route correct?
19:40 <@krzee> every lan that needs the vpn subnet to route to it, and does not have openvpn on its default gateway needs a route added to the default gateway telling the gateway how to reach the vpn subnet
19:41 <@krzee> same for foreign lan subnets behind other vpn nodes
19:41 <@krzee> standard routing
19:41 <@krzee> next hop needs to know what to do
19:42 <@krzee> follow the hops and see what happens to the packet
19:42 <@krzee> im not big on the graph you are using, someone else made that one so i posted both, i made the other one
19:42 <@krzee> so to me the other is easier to understand, but that has to be true since i made it how it made sense to me
19:43 < pekster> That one kind of works, but I had to do a double-take (the 4 red lines really needed a second color to make it more clear)
19:44 < pekster> Your LAN-gateway needs the VPN network as a route, not just one IP on it
19:44 < pekster> /24, (presuming that's what you're using), not a /32
19:46 <@krzee> !route_outside_ovpn
19:46 <@vpnHelper> "route_outside_ovpn" is "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
19:46 <@krzee> do you like that other one pekster?
19:46 <@krzee> \the secure-computing link one
19:47 < pekster> That's more straight-forward, yea
19:47 <@krzee> =] thx
19:53 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 250 seconds]
19:56 < dyce> https://secure-computing.net/wiki/images/graphviz/e49135615ed3644f7ac4586d82348e8f.png ok so in this example how would you configure dd-wrt for the gateway on the ovpn server side
19:56 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
19:56 -!- mode/#openvpn [+o plaisthos] by ChanServ
19:57 < dyce> https://www.dd-wrt.com/demo/Routing.asp
19:57 <@vpnHelper> Title: DD-WRT (build 16562) - Routing (at www.dd-wrt.com)
19:57 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
20:01 < dyce> ok so to answer my own question, gateway would be set to the  eth0 ip of the ovpn server
20:01 < dyce> and lan net would be the tun 0 ip
20:02 < dyce> 10.8.0.0
20:08 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
20:15 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:16 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:22 -!- Denial [~Denial@5.80.234.234] has joined #openvpn
20:41 -!- Milos|Work [~Milos@pdpc/supporter/student/milos] has quit [Ping timeout: 272 seconds]
20:42 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
20:42 -!- Milos|Work [~Milos@pdpc/supporter/student/milos] has joined #openvpn
21:10 <@krzee> yes ^
21:10 <@krzee> your answer to your question is correct.
21:13 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:25 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:30 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Ping timeout: 240 seconds]
21:32 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
22:12 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
22:37 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
22:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
22:53 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 264 seconds]
23:02 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
23:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
23:07 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
23:07 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:08 -!- mete [~mete@91.247.253.160] has joined #openvpn
23:11 -!- ShadniX [dagger@p5DDFC1D2.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:12 -!- ShadniX [dagger@p5DDFC238.dip0.t-ipconnect.de] has joined #openvpn
23:13 -!- Denial [~Denial@5.80.234.234] has quit [Ping timeout: 265 seconds]
23:13 -!- Denial [~Denial@81.141.0.168] has joined #openvpn
23:18 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Ping timeout: 272 seconds]
23:21 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
23:24 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
23:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
--- Day changed Fri Feb 20 2015
00:01 -!- phreakocious_ [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 265 seconds]
00:24 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
00:36 -!- mattock_afk is now known as mattock
00:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
01:52 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
02:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:23 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
02:25 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 250 seconds]
02:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:28 <+hyper_ch> !configs
02:28 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
02:28 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 246 seconds]
02:28 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
02:28 -!- mode/#openvpn [+o plaisthos] by ChanServ
02:44 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has joined #openvpn
02:44 < stk> hello all
02:45 < stk> for a client to route all of its traffic through a vpn tunnel
02:45 < stk> instead of the push def1 on server side
02:45 < stk> is there anyway to set it that way in client configuration
02:45 < stk> ?
02:45 < stk> I'm talking about Android and iOS
02:46 < stk> so iptables and ip route are not available on the client
02:52 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Ping timeout: 244 seconds]
02:56 <+hyper_ch> well, the client will have to setup routes on his device then
02:57 <+hyper_ch> and with arno's openvpn client for android, there's a simple checkbox to route all traffic through the vpn
02:58 <+hyper_ch> not sure if it works though
03:02 <@krzee> stk, yes
03:02 <@krzee> !push
03:02 <@vpnHelper> "push" is usage: push <command> , goes in the server config and makes the command act as if it was in the client config, can be used in ccd entries
03:02 <@krzee> just dont push, put it direct into the client config
03:03 <@krzee> however, the vpn IP either needs to be internet routable or NAT'ed on the server network
03:15 < stk> gotcha
03:15 < stk> thank you very much hyper_ch and krzee
03:18 <+hyper_ch> stk: http://images.sjau.ch/img/4e47b32c.png  ---> Benutze Default Route
03:21 < albercuba> hello everyone. can anyone help me or give me a link to a tutorial on enabling auth-user-pass-verify in opevpn?? thanks
03:22 <+hyper_ch> google
03:22 < albercuba> yes, i dont find it
03:22 < albercuba> i mean, i find the official doc but i don't understand how to do it
03:23 <+hyper_ch> why do you want auth-user-pass-verify?
03:23 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:23 < albercuba> i want the server to ask for a password when the user tries to connect
03:24 < albercuba> a password to decrypt the key
03:26 -!- m0hm0h [m0hm0h@kapsi.fi] has joined #openvpn
03:26 < pailaps> easier to do via file option
03:27 < albercuba> what do you mean
03:28 < albercuba> in the offical doc it says that i can do it via script plugins, using shared object or via dll plugin
03:28 <+hyper_ch> dll is some windows thingy, right?
03:29 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has joined #openvpn
03:29 < albercuba> i guess
03:32 < pailaps> well i use a simple userdb with withauth-user-pass-verify via-file
03:32 < albercuba> do u have a tutorial?
03:33 < pailaps> yea
03:33 < pailaps> https://github.com/troydm/ovpnauth.sh
03:33 <@vpnHelper> Title: troydm/ovpnauth.sh · GitHub (at github.com)
03:33 < albercuba> ok i am gonna read#
03:33 < albercuba> thanks
03:40 <@krzee> [17:24]  <albercuba> a password to decrypt the key
03:40 <@krzee> !authpass
03:40 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
03:40 <@krzee> err no
03:41 <@krzee> i mean
03:41 <@krzee> !changepass
03:41 <@krzee> !factoids
03:41 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
03:42 <@krzee> !certpw
03:42 <@vpnHelper> "certpw" is "change-passphrase" is see http://openvpn.net/archive/openvpn-users/2005-03/msg00230.html for how to change (or add) a key's passphrase
03:42 <@krzee> albercuba, thats how you encrypt the private key
03:43 <@krzee> which is different than supplying the server with login/password
04:11 < albercuba> krzee, actually the "authpass" is what i was loking for
04:11 < albercuba> to use passwords in addition to certs
04:23 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:28 < albercuba> krzee, can u tell me what the "challenge password" is or what do i need it for??
04:35 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 252 seconds]
04:38 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
04:39 -!- mode/#openvpn [+o plaisthos] by ChanServ
04:50 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 244 seconds]
05:01 -!- Milos [~Milos@pdpc/supporter/student/milos] has quit [Read error: Connection reset by peer]
05:21 < m0hm0h> Does anyone have any suggestions on how to extract the "real" destination address from the packet headers in the function read_incoming_tun() in forward.c? Help would be greatly appreciated
05:32 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has left #openvpn []
05:37 -!- JohnUbi [548bf4bd@gateway/web/cgi-irc/kiwiirc.com/ip.84.139.244.189] has joined #openvpn
05:37 < JohnUbi> I'm having an issue where the VPN connection is dropped during the soft reset that happens every hour. The message is "ERROR: could not read Auth username from stdin"
05:37 < JohnUbi> is this because of not caching the credentials?
05:37 < JohnUbi> as I've got auth-nocache;
05:38 <+hyper_ch> somehow I can't see the reason why people use openvpn with passwords...
05:39 < JohnUbi> it's a vpn provider, not like I have much control over it
05:40 <+hyper_ch> never used passwords with ovpn
05:40 <+hyper_ch> so no idea
05:41 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
05:42 < JohnUbi> so forgive the stupid question, but how would you configure it without passwords? I mean I've configured a openvpn server before with a client certificate for each client, but still had a username/pwd required on top
05:42 < JohnUbi> if you just require the client certificate isn't that a bit.. insecure perhaps?
05:43 < JohnUbi> else say a road warrior loses his laptop and someone manages to gain access to it, without having to enter a username/pwd they can just connect through the vpn.
05:43 -!- Netsplit *.net <-> *.split quits: Netas3k
05:43 < JohnUbi> and they can take the client certificate and ovpn files and clone them to somewhere else. ofc at that point you should revoke the client certificate but ...
05:45 <+hyper_ch> JohnUbi: certs I create don't requires a password...  not sure what you do
05:45 <+hyper_ch> and usually, you encrypt your computers... so losing it doesn't matter
05:48 < JohnUbi> hyper_ch: I know you can't secure everything 100% and the job is only to make it as hard as possible, but encryption only really works if the device is not already booted from the hdd. If you're already on the OS and somehow left the session unlocked then you're giving whoever free access to the device and everything in it. Granted you probably hav
05:48 < JohnUbi> e bigger things to worry about than a vpn certificate if that happens but you shouldn't make it any easier either imho
05:49 <+hyper_ch> my android powers down after three unsuccessfull password entries for the screen unlock
05:49 <+hyper_ch> also after first try it takes a pic and emails it to me
05:49 <+hyper_ch> my notebook is never turned on when I'm not there
05:50 < JohnUbi> but you're someone who is technical. What about that guy in HR that spends his days drinking coffee from "world's best dad" mug and gluing boogies under his chair?
05:50 <+hyper_ch> I'm not technical
05:50 <+hyper_ch> I just know a thing or two
05:51 < JohnUbi> besides, username/password just adds another authentication lawyer, I don't see anything wrong with multi-lawyered authentication
05:51 <+hyper_ch> I fail to see the point of it
05:51 <+hyper_ch> but go ahead and use it :)
05:51 < JohnUbi> it becomes something you know + something you have
05:51 < JohnUbi> rather than just something you have
05:52 < JohnUbi> why do we use otps for example?
05:52 <+hyper_ch> no idea what otps is
05:52 < JohnUbi> one time password
05:52 <+hyper_ch> no idea why you'd use that
05:53 < JohnUbi> how many websites would you say you registered your main e-mail address on?
05:53 < JohnUbi> 20? 50? 100?
05:53 <+hyper_ch> I use a different email for every service
05:53 < JohnUbi> and how many unique passwords do you have?
05:54 <+hyper_ch> for each service a different password
05:54 < JohnUbi> and how many ppl do that?
05:54 < JohnUbi> 0.001%?
05:54 <+hyper_ch> all I know of
05:54 < JohnUbi> E100?
05:54 < JohnUbi> come on...
05:55 < JohnUbi> I probably know 2 ppl that use a different password for every service, and one of them is me
05:56 <+hyper_ch> using pass and pwdhash makes it easy
05:56 <+hyper_ch> as well as running an own mailserver where you can just easily add an alias
05:57 < JohnUbi> I once did a domain migration from novell to ad where the passwords needed to be brought across, which meant having access to the passwords in clear text. There was no password policy on the novell side, so the first thing we did was check how many ppl had no password at all
05:57 < JohnUbi> out of 25k ppl, over 1500 had no password
05:57 <+hyper_ch> I use neither :)
05:57 < JohnUbi> out of those, over 700 had logged in the last 2 weeks, so regular users
05:58 <+hyper_ch> btw, I checked here:  https://xato.net/passwords/ten-million-passwords/
05:58 <@vpnHelper> Title: Today I Am Releasing Ten Million Passwords (at xato.net)
05:58 <+hyper_ch> nothing of mine showed up
05:58 < JohnUbi> we wanted to set the password policy to 8 characters and enforce ad strong password
05:58 < tyuiop> Hello there
05:58 < JohnUbi> so we did a check to see how many ppl out of the 25k would have to change their password if we enabled that
05:58 <+hyper_ch> I hope you meant to say to set password to min. 8 chars
05:59 < tyuiop> here is my conf
05:59 < JohnUbi> it was over 24k
05:59 < tyuiop> http://paste.ubuntu.com/10323355/
05:59 < JohnUbi> yeah min 8chars
05:59 < tyuiop> i can't able to sleep witout working it to work
05:59 < JohnUbi> so 24k/25k ppl would have to change their password if we just increased min pass length to 8 chars
05:59 < tyuiop> well, the problem is the client vpn
05:59 < tyuiop> says that's it is connected
05:59 < JohnUbi> and unfortunately this was not that long ago, 4 years ago
06:00 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
06:00 < tyuiop> but i can't able to access to internet all
06:00 < JohnUbi> ppl's notice of security hasn't changed that much since. they continue to use rubbish passwords
06:00 < tyuiop> i don't understand i pass 3 days with this problem i tried serveral settings, but not working
06:01 < tyuiop> at all
06:05 <+hyper_ch> tyuiop: http://paste.debian.net/153034/  my setup
06:06 <+hyper_ch> well, I actually use the certs inline
06:07 <+esde> no auth? nice
06:10 < tyuiop> it seems the certificate authentificatin working properly
06:10 < tyuiop> but the problem is only on the gw issue
06:11 < tyuiop> why the client is using the internal gw of the router when it is connected to my openvpn server
06:24 -!- ValdikSS [~valdikss@92.42.31.58] has joined #openvpn
06:24 <+hyper_ch> tyuiop: tried my config?
06:24 < ValdikSS> Hi guys. Can we add http://lowendtalk.com/discussion/comment/843711/ somewhere in the "!" menu?
06:24 <@vpnHelper> Title: Why OpenVPN is so slow? (cool story) - LowEndTalk (at lowendtalk.com)
06:26 <@krzee> albercuba, basically its for nothing, i think it may have something to do with intermediate certs or something
06:27 <+hyper_ch> ValdikSS: ?
06:27 <+hyper_ch> krzee: you're awake :)
06:28 < ValdikSS> hyper_ch: ?
06:28 <+hyper_ch> ValdikSS: please ask a full question
06:28 <+hyper_ch> ValdikSS: I feel not like guessing what you're asking
06:29 < ValdikSS> hyper_ch: ah sorry. OpenVPN buffer sizes are pretty low which throttles speed on high bandwidth AND high latency links. Here is a ticket https://community.openvpn.net/openvpn/ticket/461
06:29 <@vpnHelper> Title: #461 (Change default sndbuf and rcvbuf values) – OpenVPN Community (at community.openvpn.net)
06:29 < ValdikSS> hyper_ch: I wrote an article about that with a workaround and it would be cool if somebody adds this article or link to the ticket to the "!" menu (I don't know how this is called)
06:30 < ValdikSS> Like when you type "!help"
06:30 <+hyper_ch> ValdikSS: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux
06:30 <@vpnHelper> Title: Gigabit_Networks_Linux – OpenVPN Community (at community.openvpn.net)
06:30 <+hyper_ch> ValdikSS: now i see what you mean
06:30 <+hyper_ch> !speed
06:30 < ValdikSS> hyper_ch: I know about that. This is for low latency links. And tuning buffer sizes helps even for low latency links
06:30 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
06:30 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no)
06:31 < ValdikSS> hyper_ch: if somebody adds this article to this menu, that would be great.
06:31 <+hyper_ch> I don't have such powers
06:32 <+hyper_ch> but how do you get 80mbit on wifi?
06:33 <@krzee> 802.11n or ac
06:33 < ValdikSS> hyper_ch: why not? I have 100mbit/s internet link and 300mbit/s 802.11n 5GHz wifi link
06:33 <@krzee> !learn speed as a user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
06:33 <@vpnHelper> Joo got it.
06:33 <+hyper_ch> I just don't get such speeds on ac I think
06:33 <@krzee> hyper_ch, withing your LAN?
06:33 <@krzee> within*
06:33 <+hyper_ch> yes
06:33 < ValdikSS> hyper_ch: 2.4GHz?
06:33 <+hyper_ch> at least I think so
06:33 <+hyper_ch> 5ghz
06:34 < ValdikSS> hyper_ch: oh, ac.
06:34 <@krzee> well my office gets 120mbit on internet using 802.11ac on 5ghz
06:34 < ValdikSS> hyper_ch: there is something wrong with your setup then
06:34 <@krzee> not even on lan, on inet
06:34 <@krzee> yep ^
06:34 <+hyper_ch> bridging one asus rt-ac68u router to another one
06:36 <+hyper_ch> oh well, maybe it's jsut my impression that wifi is slow... don't actually measure it.... it's just not as fast as my ssd
06:36 < ValdikSS> krzee: oh, by the way, mssfix code is very slow. It's a bottleneck for gigabit links.
06:37 < ValdikSS> krzee: with default mssfix i have 350 mbit/s on my old PC, and with mssfix 0 I have 800
06:37 < ValdikSS> krzee: that's with all the tuning from gigabit article
06:37 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has joined #openvpn
06:38 < ValdikSS> krzee: i'll dig into it a bit later and check if I can speed it up.
06:38 <+hyper_ch> why do people get gigbit internet connections and I dont :(
06:38 < stk> hi guys, can the server access the client's private subnet with proper routing?
06:38 <+hyper_ch> stk: I tend to say yes
06:38 < ValdikSS> stk: sure. Use iroute
06:39 < ValdikSS> !iroute
06:39 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
06:39 < stk> I'm feeling weird since I set up all the nat and forwarding
06:39 < ValdikSS> stk: do you use tap or tun?
06:39 <@krzee> ValdikSS, why not put those in the same writeup?
06:39 < stk> but there is no way to get the server to ping one of the server on the client's private subnet
06:39 < stk> tun
06:40 < stk> but if I reverse the setup
06:40 < stk> then the client can ping other machine (not VPN ones) on the server side
06:40 <@krzee> stk,
06:40 <+hyper_ch> ValdikSS: so, can't you push   sndbuf 0   then?
06:40 <@krzee> !clientlan
06:40 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
06:40 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/clientlan.png | http://pekster.sdf.org/misc/clientlan.png
06:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
06:40 < stk> thank krzee
06:40 < stk> thanks*
06:40 < ValdikSS> hyper_ch: I can't.
06:41 <@krzee> yw
06:41 <+hyper_ch> I might just test this for fun :)
06:41 < ValdikSS> hyper_ch: openvpn sets buffer sizes before connection
06:41 < stk> the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, << the part I was missing, probably
06:41 < ValdikSS> hyper_ch: and if you push 0, it won't change anything
06:42 <+hyper_ch> so what to do when you have linux server and windows client?
06:42 <@krzee> stk, yep thats the only real openvpn specific part, easiest to miss
06:42 < ValdikSS> hyper_ch: set sudbuf rcfbuf 0 on both sides, i.e. in server and client config and don't push anything
06:43 < ValdikSS> hyper_ch: if it's difficult to alter client config, then use 0 on server side and push 393216
06:43 <+hyper_ch> not difficult to alter
06:43 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 264 seconds]
06:43 <+hyper_ch> I might give it a test spin
06:44 <+hyper_ch> have a new server setup here anyway ;)
06:45 <@krzee> i already get max speed over my vpn
06:45 < ValdikSS> hyper_ch: as i said, this have a lot of difference on high bandwidth high latency links. With low latency link, like in local network, you probably won't notice anything.
06:45 <@krzee> actually, over all of my vpns
06:45 <+hyper_ch> krzee: well, you're krzee :)
06:45 <@krzee> tru
06:46 <@krzee> even over a satellite i have access to, i get max bandwidth
06:46 <@krzee> no opportunity for me to tune, ever
06:46 < ValdikSS> krzee: wow, how?
06:47 <@krzee> so i never get to help with !speed issues from personal experience, only from anecdotal evidence, which !speed is full of
06:47 <@krzee> ValdikSS, luck i guess?
06:47 < ValdikSS> krzee: i dunno, maybe
07:01 < ValdikSS> krzee: oh, another important thing: why openvpn always uses 100-bytes packets for data channel? I'm pushing 3500 routes from the server and it takes 2-3 minutes for connection to establish because of high latency link.
07:01 < ValdikSS> krzee: I mean, we could easily increase this to 576 (minimum MTU value for IPv4)
07:02 <@krzee> dunno, my sat link is 500ms+ and i dont have issues
07:02 < ValdikSS> krzee: try to push a lot of routes
07:02 < ValdikSS> krzee: oh, and it works much better in non-windows
07:02 < pekster> ValdikSS: Nah, have to stay well under IPv4 MTU since encapsulation eats more space
07:03 < ValdikSS> krzee: http://antizapret.prostovpn.org/antizapret.ovpn try to connect here
07:03 < ValdikSS> pekster: but not the 476 bytes
07:03 -!- Glar [~Glar@gut75-2-82-225-240-216.fbx.proxad.net] has joined #openvpn
07:03 <@krzee> i push 13 routes
07:03 < pekster> And screws up people trying do "tunnel in a tunnel (in a ..)
07:03 <@krzee> that is alot
07:03 <@krzee> sorry not connecting to your vpn
07:03 < pekster> 3500? Yea. You're almost better off handling that out of band with a post-connect script or something
07:04 < pekster> Not sure why on earth you need that, but that's up to you I suppose
07:04 < ValdikSS> krzee: in Russia, we have a website blacklisting procedure. Some providers blocks by IP, so that's why 3500 routes
07:04 < ValdikSS> pekster: that's why.
07:04 < ValdikSS> pekster: antizapret translates as "antiblocker"
07:04 < pekster> That's broken anyway since that only works if the pepole access it by IP or the website owners never use DNS
07:05 <@krzee> lol
07:05 <@krzee> use firewalls instead
07:05 < pekster> Sounds like you really want a proxy the client uses to reach them
07:05 <@krzee> routes is a broken way to handle that
07:05 < ValdikSS> pekster: I update IP list every 6 hours and regenerate ccd file
07:05 < pekster> Still broken for CDNs
07:05 < pekster> Those return _different_ IPs depending on a variety of factors, down to as little as 60 seconds
07:06 < pekster> But, again, not my fight here
07:06 < ValdikSS> pekster: I have proxy also. But some ISPs here have FULL DPI, which intercepts exact URL even in proxy!
07:06 < pekster> Not if the proxy goes over the VPN
07:06 < pekster> Unless you mean Russia knows something I don't about the security of TLS or modern symmertic ciphers
07:06 < ValdikSS> pekster: that's not very convinient as some people configure VPN on their routers
07:06 <@krzee> openvpn is not the place to handle that
07:06 <@krzee> imho
07:07 < ValdikSS> krzee: well, it doesn't actually matter how do I use it. It's just too low packet size.
07:07 < ValdikSS> krzee: even with triple incapsulation, we could use 300 bytes.
07:07 <@krzee> cool, i guess i wont get to test your use case as i consider 13 routes a lot
07:07 < ValdikSS> krzee: but 100 is too low in my opinion
07:08 <@krzee> feel free to tune it
07:08 < pekster> You could just run BGP/OSPF on the router
07:08 < pekster> Problem solved there, and that'll scale to thousands of routes no problem
07:08 <@krzee> ^
07:09 < pekster> Still doesn't help the "websites don't directly correspond to an IP" problem, but that doesn't seem part of your design anyway
07:12 < ValdikSS> pekster: This service is generally used by non-technical aware Windows end users
07:12  * hyper_ch considers 3 routes a lot...
07:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 255 seconds]
07:13 <+hyper_ch> ValdikSS: I hope they don't use lenovo
07:13 < ValdikSS> hyper_ch: hah
07:13 <+hyper_ch> so, all updated to snd/rcvbuf 0
07:13 <+hyper_ch> except my snom phones
07:14 <+hyper_ch> I need to re-create the ca there anyway and start using tls auth
07:14 <+esde> https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
07:14 <@vpnHelper> Title: The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle (at firstlook.org)
07:15 < ValdikSS> esde: http://www.gemalto.com/press/Pages/Information-regarding-a-report-mentioning-a-hacking-of-SIM-card-encryption-keys.aspx
07:15 <@vpnHelper> Title: Pages - Information regarding a report mentioning a hacking of SIM card encryption keys (at www.gemalto.com)
07:15 <+esde> checking
07:15 <@krzee> esde, i told you, dont trust devices that have a baseband
07:16 <@krzee> this is just 1 reason why
07:16 <@krzee> there are plenty more
07:16  * esde looks up plans for the DIY cellphone
07:16 <+hyper_ch> open baseband :)
07:17 -!- ValdikSS [~valdikss@92.42.31.58] has quit [Quit: Konversation terminated!]
07:18 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
07:21 <+esde> that note from gemalto doesnt mean much. with all the tools and techniques those intelligence agencies have at their disposal, they may never be able to find any proof of the breach.
07:44 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
08:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
08:17 -!- vegardx [~vegardx@176.111.205.230] has joined #openvpn
08:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:29 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
08:30 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
08:30 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
08:31 -!- JohnUbi [548bf4bd@gateway/web/cgi-irc/kiwiirc.com/ip.84.139.244.189] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
08:31 -!- badon_ is now known as badon
08:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
08:54 -!- CaTtleyA [~CaTtleyA@206.42-14-84.ripe.coltfrance.com] has quit [Quit: Lost terminal]
08:57 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
08:59 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 246 seconds]
09:01 -!- albercuba [~albercuba@HSI-KBW-46-237-192-160.hsi.kabel-badenwuerttemberg.de] has quit [Remote host closed the connection]
09:06 -!- tyuiop [~chatzilla@195-154-82-165.rev.poneytelecom.eu] has quit [Remote host closed the connection]
09:07 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:10 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
09:10 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
09:11 -!- badon_ is now known as badon
09:22 <+hyper_ch> krzee: what cipher do you recommend to use?
09:23 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
09:37 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
09:39 -!- frege [~frege@unaffiliated/frege] has joined #openvpn
09:39 < frege> hey
09:40 < frege> I'm trying to openvpn but I get this error "VERIFY ERROR: depth=0, error=certificate signature failure:"
09:40 <+hyper_ch> !configs
09:40 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
09:40 <+esde> !pki
09:40 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-pki
09:41 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:42 < frege> well when I use openssl verify it says my crt is OK
09:42 < frege> I don't have the server configuration
09:42 < frege> I'm connecting as a client
09:43 <+esde> md5?
09:43 < frege> md5 of what?
09:43 <+esde> the cert
09:43 <+esde> is it md5?
09:44 < frege> Signature Algorithm: sha1WithRSAEncryption
09:44 < frege> esde: I think it's sha1
09:44 <+esde> yeah it is
09:48 < frege> esde: what's wrong?
09:49 -!- dazo_afk is now known as dazo
09:49 <+esde> don't know. that was my best guess after googling your error
09:50 < DArqueBishop> frege: you don't control the server?
09:50 < frege> no I don't
09:50 < DArqueBishop> !both
09:50 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
09:50 < frege> server must be fine
09:50 < frege> jeeezuz
09:51 <+hyper_ch> jesus was a cool dude
09:51 < frege> that's bruthal
09:52 < frege> https://gist.github.com/anonymous/98121fe089cb5c886b5a
09:52 <@vpnHelper> Title: gist:98121fe089cb5c886b5a (at gist.github.com)
09:52 < DArqueBishop> The problem as I see it is that any troubleshooting that would need to be done to the certs would really need to be done by your server admin, as he's the one who generated them and has access to the private keys.
09:53 < frege> well if the keys get verified
09:53 < frege> then it's not a key issue
09:54 < frege> if openssl verifies my keys then it must be something on openvpn side
09:54 <+esde> wat
09:54 <+esde> what is openvpn side
09:54 <+esde> enlighten me
09:56 < frege> https://gist.github.com/anonymous/ab26536562fe14c82895
09:56 <@vpnHelper> Title: gist:ab26536562fe14c82895 (at gist.github.com)
09:56 -!- stk [~stk@unaffiliated/-5tk/x-9484778] has left #openvpn []
09:58 < DArqueBishop> From that log excerpt, it sounds like the server doesn't like your certs.
09:58 < DArqueBishop> Again, you need to talk to the server's admin.
09:59 <+esde> FWIW, your ca.crt is not quoted, but the other .crt and .key are
09:59 <+esde> no telling if it's your problem, but you should keep your configs consistent
10:01 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Read error: Connection reset by peer]
10:01 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
10:08 <+esde> https://twitter.com/kennwhite/status/568270748638318593/photo/1
10:08 <@vpnHelper> Title: Kenn White on Twitter: "This is a problem. #superfish http://t.co/jKDfSo99ZR" (at twitter.com)
10:09 -!- atmosx [~bsd@convalesco.org] has joined #openvpn
10:10 < atmosx> Hello, trying to install openvpn client on Windows 8.1 but for some reason I get a: FlushIpNetTable failed on Interface ... OpenVPN can't add routes. Any idea why this happens?
10:11 <+esde> run openvpn as administrator
10:12 -!- dazo is now known as dazo_afk
10:13 -!- dazo_afk is now known as dazo
10:19 < atmosx> esde: I do. The user running openvpn is in the adminstrator group
10:19 < atmosx> the user initiating the OpenVPN
10:23 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:25 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
10:25 -!- fixi [~fixi@unaffiliated/fixi] has joined #openvpn
10:25 < fixi> hey
10:26 < fixi> could you please help me with this? I'm a newbie on windows 8.1 as I'm mostly using debian{7,8}. so my problem is I've installed the latest official openvpn package, all works fine if I start the openvpn gui as administrator i can connect to the remote server
10:28 < fixi> however I would like if openvpn would run as a service so my machine is connected all the time. but i receive these in the log during startup: createfile failed on tap device, all tap windows adapter on this system are currently in use
10:28 < fixi> does anyone know about a solution?
10:28 < fixi> it worked out of the box win 7 :%
10:31 < fixi> :(
10:35 -!- SviMik [~pIRCuser8@131-250-35-213.dyn.estpak.ee] has joined #openvpn
10:37 < SviMik> hi! I have a silly question... why tap adapter doesn't appear in ifconfig?
10:37 < SviMik> using Debian. ovpn in server mode.
10:38 < SviMik> Fri Feb 20 17:28:40 2015 TUN/TAP device tap3 opened
10:38 < fixi> SviMik: seems we r the only ones currently active here with two different questions..
10:43 < SviMik> just fine...
10:44 < atmosx> hm, now the problem is the 'valid subnet'
10:45 < SviMik> # ifconfig | grep tap3
10:45 < SviMik> (nothing)
10:45 < SviMik> # ifconfig tap3
10:45 < SviMik> tap3      Link encap:Ethernet  HWaddr 72:6b:2c:bf:9a:b3
10:45 < pekster> SviMik: What OS?
10:45 < SviMik> looks like I have to learn something important about ifconfig...
10:45 < SviMik> pekster Debian-78
10:45 < pekster> Try using 21st century tools
10:45 < pekster> https://github.com/QueuingKoala/fn-netfilter/wiki#avoid
10:45 <@vpnHelper> Title: Home · QueuingKoala/fn-netfilter Wiki · GitHub (at github.com)
10:46 < pekster> ifconfig was replaced well over a decade ago and has serious limitations. Thankfully Debian ships the replacements you should use instead
10:46 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:48 <+hyper_ch> !tunortap
10:48 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
10:48 <@vpnHelper> rooted/jailbroken) support only tun
10:49 < SviMik> tap2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT qlen 100
10:49 < SviMik> tap3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 100
10:49 < SviMik> how it is possible that ovpn is running, but interface is DOWN?
10:50 < SviMik> (I have multiple instances, a server on tap3, and a client on tap2)
10:50 < pekster> Check your logs for clues; chances are it isn't running, isn't using the device you expect, or didn't actually open the device for some other reason
10:51 < SviMik> pekster the funny thing is that server works, and even accepting connections
10:51 < fixi> hey nice activity :)
10:51 <+hyper_ch> any reason why you use tap?
10:52 < fixi> does anyone by chance have an idea on my question? :(. which is stripped down: windows 8.1 openvpn service autostart doesnt work :/
10:55 <+esde> https://github.com/QueuingKoala/fn-netfilter/wiki#avoid "How to patebin rules" should be "How to pastebin rules". :)
10:55 <@vpnHelper> Title: Home · QueuingKoala/fn-netfilter Wiki · GitHub (at github.com)
10:55 < frege> what's the difference between 'ca' and 'cert' in config?
10:55 < dyce> in this config https://secure-computing.net/wiki/images/graphviz/e49135615ed3644f7ac4586d82348e8f.png , it should be possible for target to redirect all traffic via client's gateway (using client2client not redirectgateway) by specifying a route to the client's default gw? where would you define the route?
10:56 < dyce> on target's eth0 or target's default gateway? then you would just change eth0's gateway to client's?
10:56 < SviMik> hyper_ch I'm tired of this question here. I guess i'll get it even if I ask question not related to vpn at all.
10:58 < SviMik> - why the sky is blue?
10:58 < SviMik> - any reason why you use tap?
10:58 <+esde> SviMik, http://math.ucr.edu/home/baez/physics/General/BlueSky/blue_sky.html
10:58 <@vpnHelper> Title: Why is the sky Blue? (at math.ucr.edu)
10:59 <+esde> tl;dr - Tyndall effect
10:59 < SviMik> esde thanks for not asking why I use tap.
11:03 <+hyper_ch> !pki
11:03 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-pki
11:04 <+hyper_ch> frege: see above
11:05 <+hyper_ch> fixi: how do you start it?
11:07 < fixi> hyper_ch: i've set the openvpn service in services.msc to autostart
11:07 < fixi> :)
11:07 < fixi> that didnt work so ive changed it to autostart(delayed)
11:07 < fixi> still not working..
11:08 -!- tyuio [~chatzilla@62-210-193-154.rev.poneytelecom.eu] has joined #openvpn
11:08 < tyuio> hi there
11:09 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
11:10 <+hyper_ch> fixi: I have an entry at the task planner that calls a batch script which calls the openvpn gui (and then mounts network shares)
11:12 <+hyper_ch> fixi: the task planner xml file for import:  http://paste.debian.net/153221/
11:12 <+hyper_ch> you'll just need to adjust the user
11:14 <+hyper_ch> fixi: and here's the batch script that's being called http://paste.debian.net/153227/
11:14 <+hyper_ch> but you could alter the task planner entry to just start the openvpn gui
11:22 < fixi> hyper_ch: i dont exactly get it
11:22 < fixi> why would i need to openvpn gui?
11:22 < fixi> i just would like the openvpn service to connect
11:22 < fixi> as soon as the machine and network is up
11:23 <+hyper_ch> well, don't use it then$
11:23 < fixi> or that way is broken now?
11:24 < fixi> :(
11:28 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 256 seconds]
11:33 -!- Denial [~Denial@81.141.0.168] has quit [Ping timeout: 245 seconds]
11:36 -!- Denial [~Denial@81.141.19.34] has joined #openvpn
11:51 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
11:54 <@krzee> hyper_ch, thats a personal question
11:54 <+hyper_ch> which one?
11:54 <+hyper_ch> I ask so many questions
11:54 <@krzee> im partial to blowfish
11:55 <+hyper_ch> well, I use AES-256-CBC because I think Intel's AES-NI helps...
11:56 <+hyper_ch> am I wrong there?
12:01 -!- cardiel [~cardiel@unaffiliated/cardiel] has quit [Ping timeout: 250 seconds]
12:03 -!- mattock is now known as mattock_afk
12:14 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:14 < atmosx> hyper_ch: nope, the performance gains are huge https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux
12:14 <@vpnHelper> Title: Gigabit_Networks_Linux – OpenVPN Community (at community.openvpn.net)
12:17 <+hyper_ch> atmosx:
12:17 <+hyper_ch> I just wonder how it compares to blowfish waht krzee seems to use
12:19 < atmosx> test it
12:20 <+hyper_ch> atmosx: krzee is my test case ;)
12:20 < atmosx> ah nice :-)
12:20 < DArqueBishop> fixi, I don't see why it wouldn't work. What version of OpenVPN are you running?
12:21 < DArqueBishop> Also, what user is the service running under?
12:22 <+hyper_ch> atmosx: but krzee isn't as compliant as I'd like him/her/it to be ;)
12:22 < fixi> DArqueBishop: a moment pl
12:22 < fixi> *pls
12:22 < DArqueBishop> No worries. My version question may not even be relevant.
12:22 < fixi> c:\Program Files\OpenVPN\bin>openvpn --version
12:22 < fixi> OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on De
12:22 < fixi> c  1 2014
12:23 < fixi> im using the default installed windows service
12:23 < fixi> im going to check the run user
12:24 < fixi> "local admin"
12:24 -!- Denial [~Denial@81.141.19.34] has quit [Ping timeout: 264 seconds]
12:24 < fixi> i guess the run user is the one at services.msc -> openvpn service -> properties: login as user right?
12:25 < DArqueBishop> Local System account?
12:25 < DArqueBishop> Right.
12:25 < DArqueBishop> Unfortunately none of my machines are currently running Windows 8.1, so I'm kinda guessing here.
12:25 < fixi> DArqueBishop: yeah that one (just windows is localized so i tried to translate back to english so we understand each other hence the possible typos:) )
12:26 < DArqueBishop> No worries.
12:26 < fixi> yeah same with me: im mostly running w7
12:26 < fixi> the error messages are:
12:26 < fixi> dang sorry the last service-restart overwrote them
12:27 < fixi> but its strange enough that it doesnt work with the autostart
12:27 < fixi> but if i log in and restart the service myself it connects without issue
12:27 < DArqueBishop> Yeah, I have nothing right now.
12:30 -!- SviMik [~pIRCuser8@131-250-35-213.dyn.estpak.ee] has quit [Quit: svimik@mail.ru]
12:40 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
12:58 -!- ValdikSS [~valdikss@92.42.31.58] has joined #openvpn
12:58 < ValdikSS> !speed
12:58 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
12:58 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or (#9)
12:58 <@vpnHelper> a user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
13:10 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 246 seconds]
13:13 -!- roadrunner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:16 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 240 seconds]
13:30 -!- roadrunner is now known as road|runner
14:05 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:12 -!- debbie10t [~debbie10t@unaffiliated/m10t] has joined #openvpn
14:15 < debbie10t> in order to answer this post:
14:15 < debbie10t> https://forums.openvpn.net/topic18019.html
14:15 <@vpnHelper> Title: OpenVPN Support Forum Error--profile doesn't include a client certificate : OpenVPN Connect (Android) (at forums.openvpn.net)
14:16 < debbie10t> the question is: does openvpn support --key-direction bidirectional ?
14:16 < debbie10t> AFAIK: it must be --key-direction 1 (client) 0 (server)
14:17 < debbie10t> and so whatever the firmware on the router this guy is using it is totally wrong ..
14:18 < debbie10t> or is this something I have not come across before ?
14:22 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
14:40 -!- dazo is now known as dazo_afk
14:43 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn
14:44 < rob0> oh, ugh, $dayjob bought AS :(
15:23 -!- reactor16 [~reactor16@91.228.52.114] has joined #openvpn
15:28 < kexmex> rob0: what's an AS
15:28 < DArqueBishop> I think he means the commercial version of OpenVPN.
15:28 < DArqueBishop> !AS
15:28 <@vpnHelper> "AS" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
15:29 < rob0> correct
15:30 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
15:31 < kexmex> oh
15:33 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
15:57 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
16:16  * esde gives rob0 a kerchief to dry his tears
16:17 < debbie10t> boo hoo
16:18 < pailaps> is there anything that the opensauce version cant do?
16:18 < pailaps> just curious
16:18 < pailaps> doubt it
16:18 < pekster> "Do your work for you" <-- it won't do that
16:18 < vegardx> A clean management interface, for one.
16:18 < debbie10t> you cant put the opensuace on potato chips
16:19 < pailaps> well if it would help me to deploy easier integration between multiple nodes, i might consider it
16:19 < pekster> Like anything in FOSS, you get to keep the pieces if you break it. You're basically paying for a glorified web frontend, a few pre-packaged features you'd otherwise have to implement yourself, and legal use of the product under the licensing terms. This is a benefit for some people
16:19 < pailaps> i still cant get ipv6 tunneling via openvpn to work in a shared openvz enviroment:/
16:20 < pailaps> anybody up to pick the brain while were at it?
16:20 < debbie10t> ok
16:20 < pekster> pailaps: Possibly, if you have your own routed IPv6 block (not on-link, but properly routed) and a config file to go with that
16:21 < Eugene> I presume you've already been told that openvz is a steaming pile of crap, and you shouldn't even be bothering to do openvpn with it anyway
16:21 < pailaps> pekster, currently using the block provided by he.net
16:21 < pailaps> first things first
16:21 < pekster> "the block" -- the routed /48?
16:21 < pailaps> output of ifconfig http://paste.ee/p/QGbPx
16:21 < pailaps> pekster, /64 out of that /48 yes
16:21 < pekster> Or, are you using the single routed /64 you get for the VPN?
16:21 < pekster> Ah, k
16:22 < Eugene> Honestly, I would guess that the kernel doesn't know how to deal with routing IPv6 blocks in openvz
16:22 < pekster> ifconfig on Linux is deprecated by over a decade, and that's got nothing to do with the OpenVPN config
16:22 < pekster> https://github.com/QueuingKoala/fn-netfilter/wiki#avoid
16:22 <@vpnHelper> Title: Home · QueuingKoala/fn-netfilter Wiki · GitHub (at github.com)
16:22 < pailaps> ok the pertinent information
16:22 < pailaps> http://paste.ee/p/g0ss0
16:22 < pekster> Yea, you can't magically have overlapping networks like that
16:23 < pekster> And don't use ifconfig for PtP interfaces; it's severely broken for that
16:23 < pailaps> ok, since my network provider failed to give me a native block , i decited to route one via tb-tun
16:24 < pailaps> pinging ipv6 in container works
16:24 < pailaps> a single ipv6 address is assigned on the client too and connecting otherwise works perfectly
16:24 < pekster> You _cannot_ use the on-link network for your VPN, period
16:25 < pekster> You need a unique, otherwise unused block; you have two identical /64's on two different interfaces. Do not do this.
16:25 -!- Latrina [~Latrina@adsl-ull-52-189.50-151.net24.it] has quit [Ping timeout: 246 seconds]
16:26 < pailaps> oh, now i get it
16:26 < pailaps> one block to bind and the other one to assign
16:26 < pailaps> i thought itd work if i got a /112 out of that /64
16:26 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Remote host closed the connection]
16:26 < pekster> You'll have a single /64 used as a PtP for the tunnel, but you need a _dedicated_ range that is otherwise _completely_ unused
16:26 < pailaps> gotcha
16:27 < pekster> Do _not_ try to use a /112 out of the "/64" you get for the PtP to HE, because that is truely a PtP
16:27 < pekster> Brokers these-days tend to give you a PtP for the tunnel, then a de-facto /64; you can generally request a /48 (sometimes a /56) allocation for downstream use, as for VPNs, LANs, labs, wifi, whatever
16:28 < pekster> This is what you carve out VPN space from; you can use a /112, but you'd best stick with /64 otherwise older Debian clients won't work
16:28 -!- Latrina [~Latrina@ppp-65-2.26-151.libero.it] has joined #openvpn
16:28 < pailaps> well id avoid the brokers completely, but the host simply refuses to give more than one ipv6 address
16:28 < pailaps> :/
16:28 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
16:28 < pailaps> nor can i route my own
16:28 < pekster> Then you'd best find an ISP who can give you real internet (ref: RFC6177)
16:28 < Eugene> Get a better host and skip the whole mess. I like Linode.
16:28 < pekster> Anyone refusing to give you at least a /56 on request is not worth paying
16:28 < pailaps> well i think its down to the control panel
16:29 < Eugene> Weigh the $10/mo against all your lost time fiddling with this
16:29 < pekster> (a _routed_ /56. Anyone putting it on-link is criminally braindead)
16:29 < pailaps> its actually 90 cents :]
16:29 < pailaps> a really really low end box
16:29 < Eugene> "You get what you pay for"
16:29 < pailaps> figures
16:29 < Eugene> (and I meant LInode's $10/mo)
16:29 < pailaps> not that i have many options
16:30 < pailaps> id like my tunnel closer to home
16:30 < pailaps> thats Sweden :P
16:30 < pailaps> Linode closest node is in UK i guess
16:30 < pailaps> or i could just buy a new router that does IA_NA & IA_PD properly
16:30 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac]
16:31 < pailaps> nowadays isps charge for v6 blocks
16:31 < pailaps> 6.39 to be exact plus a 108€ modem
16:32 < pailaps> then you get a whopping /56 of which /64 is allocated to wifi and /64 to lan
16:32 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
16:33 -!- Linuxnet is now known as Netas3k
16:35 < pekster> "nowdays"? That's also insane (again, ref RFC6177)
16:35 < pailaps> go figure, thats the reality
16:35 < pekster> Not really. maybe in the low-end shitty VPS market you're playing in, but they're well-known for being clueless ass-hats
16:37 < pailaps> pekster, words of praise
16:37 < pailaps> http://mailman.nanog.org/pipermail/nanog/2014-December/072264.html
16:37 <@vpnHelper> Title: Estonian IPv6 deployment report (at mailman.nanog.org)
16:38 < pailaps> this is what most of me and colleagues put together
16:39 < pailaps> hackish at best, but Linode isnt perfect either
16:39 < pekster> I only skimmed that, but if they're doing downstream PD with sane prefix sizes, it sounds reasonable to me
16:41 < pailaps> pretty reasonable to me too after a few cold ones
16:41 < pailaps> thanks again pekster , im not really so bright after a night end shift
16:41 < pekster> Yea, just get a unique routed allocation (if you don't already have that) and use that in the openvpn config
16:41 < pekster> The rest is just the usual enabling of routing and firewalling correctly on the router (ie: penvpn)
16:42 < pekster> openvpn*
16:42 < pailaps> will do and wont try to derp
16:42 < pekster> I'd also strongly advice you to enable TCP MSS-clampping since there are still a great many sites that are run by clueless admins who (incorrectly) block icmpv6-too-big
16:43 < pailaps> lol
16:43 < pailaps> does that really happen
16:43 < pailaps> i wonder
16:43 < pailaps> guess so
16:43 < pekster> Yes; I've run into it on government-run sites as well
16:43 -!- Tander1gi [Tander1gi@gateway/vpn/mullvad/x-uklvbdqyqcxdiotu] has quit [Remote host closed the connection]
16:44 < pailaps> eh, i wrote it down, but atm , thanks again, zzz time
16:47 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
16:48 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:58 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
17:00 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:15 -!- reactor16 [~reactor16@91.228.52.114] has quit [Quit: Quitte]
17:15 -!- ValdikSS [~valdikss@92.42.31.58] has quit [Ping timeout: 250 seconds]
17:16 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
17:17 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
17:18 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
17:18 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Client Quit]
17:19 -!- debbie10t [~debbie10t@unaffiliated/m10t] has quit [Quit: Closing]
17:29 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
17:42 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:11 -!- TerjeG [~Terje@ip98-177-147-7.ph.ph.cox.net] has joined #openvpn
18:12 < TerjeG> I have successfully set up an openvpn server on my raspberry pi and it works great! However, am i wrong to believe i should be able to remotely tinker with my router while connected to the VPN? The router local to the VPN that is.
18:14 < zoredache> What happens when you try?  What do you mean by 'tinker'?
18:14 < zoredache> Anything changes that interupts your connection, is going to interupt your connection.
18:15 < TerjeG> I mean change things such as portmapping remotely. Unfortunately it is an apple airport, so when i attempt to scan for available devices with their less-than-fun tool, it just says it can't find any. I can however ping its local IP-address and receive a response.
18:16 < TerjeG> Im aware that i will be temporarily disconnected from the VPN when the router is rebooting :)
18:28 -!- TerjeG [~Terje@ip98-177-147-7.ph.ph.cox.net] has quit [Ping timeout: 252 seconds]
18:37 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:38 <@krzee> heh
18:38 <@krzee> zoredache, good answer =]
18:40 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Read error: Connection reset by peer]
18:42 -!- trumee [~parul@2601:e:1580:799:624:5684:b42:5b00] has joined #openvpn
18:44 -!- trumee [~parul@2601:e:1580:799:624:5684:b42:5b00] has quit [Read error: Connection reset by peer]
18:46 -!- trumee [~parul@2601:e:1580:799:624:5684:b42:5b00] has joined #openvpn
18:47 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
18:49 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
18:50 -!- trumee [~parul@2601:e:1580:799:624:5684:b42:5b00] has quit [Client Quit]
18:53 < zoredache> The apple wireless tool uses a bonjour to locate the router.  Bonjour does not cross routers.  If your OpenVPN connection is a tun* and not a tap, then you will not be able to connect to the router.
18:53 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
18:54 < pekster> So don't use the "apple wireless tool" to hit it
18:54 < zoredache> Sure, but I don't think you can configure an airport through a web interface or anything.  At least you couldn't with the older airports.
18:55 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Client Quit]
18:55 < pekster> Seems the utility has an "other" button
18:55 < pekster> http://oit.ncsu.edu/resnet/apple-airport-extreme
18:55 <@vpnHelper> Title: Apple Airport Extreme Configuration | OIT Website (at oit.ncsu.edu)
18:56 < pekster> Google should have similar results if that's not quite right for your model
18:57 < pekster> If broadcast/multicast IP protocols are a requirement for your needs, you'll probably need tap for that to work though
18:57 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
18:58 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:00 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Client Quit]
19:04 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
20:06 -!- james41382_ is now known as james41382
20:09 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
20:18 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:29 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn []
20:36 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:48 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
21:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
21:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
21:19 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
21:44 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:46 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:47 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 246 seconds]
21:56 -!- Glar [~Glar@gut75-2-82-225-240-216.fbx.proxad.net] has quit [Ping timeout: 245 seconds]
22:10 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
22:12 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
22:15 <@krzee> the funny part is the user with the apple airport was off irc way before you guys solved his problem :D
22:16 <@krzee> [08:16]  <TerjeG> Im aware that i will be temporarily disconnected from the VPN when the router is rebooting :)
22:16 <@krzee> [08:28]  * TerjeG has quit (Ping timeout: 252 seconds)
22:23 -!- cstk421 [~cstk421@173-14-40-58-Michigan.hfc.comcastbusiness.net] has joined #openvpn
22:29 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
22:34 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
22:48 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
22:54 -!- cstk421 [~cstk421@173-14-40-58-Michigan.hfc.comcastbusiness.net] has quit []
23:08 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:11 -!- ShadniX [dagger@p5DDFC238.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:11 -!- ShadniX_ [dagger@p5481D376.dip0.t-ipconnect.de] has joined #openvpn
23:11 -!- ShadniX_ is now known as ShadniX
23:12 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:16 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
23:51 -!- pmbapat [~pmbapat@122.172.244.158] has joined #openvpn
23:52 < pmbapat> !welcome
23:52 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
23:52 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
--- Day changed Sat Feb 21 2015
00:06 -!- pmbapat [~pmbapat@122.172.244.158] has quit [Quit: Leaving.]
00:41 -!- Denial [~Denial@81.141.4.46] has joined #openvpn
01:01 -!- mattock_afk is now known as mattock
02:15 <+hyper_ch> geeez, what's wrong.... people actuall start reading the topic
02:38 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:57 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
03:13 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
03:14 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:54 -!- cellardoor [~quassel@unaffiliated/cellardoor] has joined #openvpn
04:00 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
04:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
04:02 -!- mattock is now known as mattock_afk
04:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
04:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:55 <+hyper_ch> just made an update on my repo generator :)
06:05 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Ping timeout: 272 seconds]
06:10 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
06:12 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
06:34 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:41 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:28 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 252 seconds]
07:37 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
08:11 -!- u0m3 [~u0m3@92.80.115.124] has joined #openvpn
08:14 -!- u0m3_ [~u0m3@109.96.153.181] has quit [Ping timeout: 256 seconds]
08:43 < Reventlov> /74
08:44 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
08:45 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
08:46 -!- badon_ is now known as badon
08:46 -!- Joost` [~Joost@unaffiliated/joost] has left #openvpn ["-"]
08:49 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:58 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
09:46 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:52 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:58 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:19 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:30 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has joined #openvpn
10:54 -!- f0o [~f0o@46.246.25.86] has joined #openvpn
10:54 < f0o> Good Evening!
10:56 -!- KeyboardNotFound [~KeyboardN@unaffiliated/keyboardnotfound] has joined #openvpn
10:57 < KeyboardNotFound> I have installed openvpn server 2.3.2 , how to create keys and to start using my server?
10:57 <@plaisthos> !easyrsa
10:57 <@vpnHelper> "easyrsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Source checkouts available from the github project; current official release download is 2.2.2 with 3.x code in git-master. or (#4) Helpful wiki info about easyrsa at: https://community.openvpn.net/openvpn/wiki/EasyRSA
10:59 < pekster> Note that there's no "openvpn server", just OpenVPN (you'd configure it as a server or client based on how you write your config files)
11:00 < pailaps> KeyboardNotFound: https://github.com/viljoviitanen/setup-simple-openvpn or https://github.com/Nyr/openvpn-install
11:00 <@vpnHelper> Title: viljoviitanen/setup-simple-openvpn · GitHub (at github.com)
11:00 < pailaps> thats the two first random searches i made on google, took literally 5 secs
11:01 < pailaps> i however do suggest to read on the functions it provides, not to click and install :p
11:10 < f0o> I've a weird error with OpenVPN 2.3.x and Sub-CA's. Paste with CA-Structure, Configs and Errorlog: https://dpaste.de/Vo8b - tl;dr my VPN clients and server cert share the same CA but this CA is a 3rd-level subCA. Despite sharing the entire trustchain in the ca-config-directive of client&server, the client fails to validate the VPN's CA. Openssl verify can validate fine against that chain though. What to do?
11:12 < f0o> (https://dpaste.de/Vo8b/raw is nicer for ASCII art)
11:13 <@plaisthos> f0o: openvpn does not always send the intermediate ca
11:13 <@plaisthos> I don't remember the exact details though
11:13 < rob0> Before google, you're best off looking at the official HOWTO.
11:13 < rob0> !howto
11:14 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:14 < f0o> plaisthos: I've tried appending the chain to the server's cert but it didnt change anything either - However when I changed the 'ca' directive of the server to the Offline-CA the client verified well but the server showed up the exact same issue as the client before
11:15 < f0o> plaisthos: I've even tried appending the entire chain to both server's and client's cert and only having the Offline-CA as 'ca' config but no luck either :<
11:15 -!- brendan6 [~brendan6@ec2-52-1-210-143.compute-1.amazonaws.com] has joined #openvpn
11:16 < brendan6> Hello! I just started using OpenVPN on EC2 but I am having a hell of a time adding another user onto the server.  The documentation says I have to create an account over SSH with the adduser command and set the password which I have done but I am not able to login with these credentials.  Is there a second step I am missing?
11:16 < brendan6> Note: I am able to login with the default openvpn user
11:17 < rob0> login with the openvpn user?  Huh?
11:17 < rob0> The openvpn user is to run the tunnel, it is a system account.
11:18 < brendan6> It setup the tunnel user as openvpnas
11:18 < f0o> rob0: if the !howto was directed to me: I actually followed the Howto (https://community.openvpn.net/openvpn/wiki/Using_Certificate_Chains) But this didnt helped at all because it's essentially what I was doing before googling... Google prints me ~100 pages with the text 'just append the subca's to the ca-directive' ... :|
11:18 <@vpnHelper> Title: Using_Certificate_Chains – OpenVPN Community (at community.openvpn.net)
11:18 < brendan6> That's the one I use to actually ssh with
11:19 < rob0> Nono, never use system accounts for login.  You should make a user, such as "brendan", to use for ssh.
11:20 < f0o> By the way, does OpenVPN rely on the v3 extensions for intermediate CA's ? (like ca:true/false) - Picked this up from the mailing list in '05...
11:20 -!- brendan6_ [~brendan6@ec2-52-1-210-143.compute-1.amazonaws.com] has joined #openvpn
11:21 < brendan6_> Shoot ..lost internet there for a second.  f0o could you send that link again?
11:23 -!- brendan6 [~brendan6@ec2-52-1-210-143.compute-1.amazonaws.com] has quit [Ping timeout: 244 seconds]
11:23 < f0o> brendan6_: I dont think it's login-related but sure: https://community.openvpn.net/openvpn/wiki/Using_Certificate_Chains
11:23 <@vpnHelper> Title: Using_Certificate_Chains – OpenVPN Community (at community.openvpn.net)
11:23 < rob0> !howto
11:23 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:27 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
11:28 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
11:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
11:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:31 -!- ser_berry is now known as cpt_berry
11:32 < brendan6_> Man this HowTO is so complicated ....I just need something simple.  Is there a simple procedure for doing this?
11:34 < rob0> !goal
11:34 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:36 < brendan6_> I would like a user named brendan to be able to connect to the VPN I have setup.  I can successfully connect to the VPN with the default user that was created named "openvpn" but I need other users in my organization to be able to connect.
11:37 < brendan6_> I have tried using "$ adduser brendan" then "sudo passwd brendan" to set the password.  Then I disconnect and try to connect to the VPN with this newly created user from the login interface and the client.  Both tell me my login information is incorrect.
11:37 < rob0> OpenVPN uses TLS certificate authentication, not "users".  So that makes no sense to me.
11:37 < rob0> oh
11:37 < rob0> I bet you are talking about:
11:37 < rob0> !as
11:37 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
11:38 < brendan6_> I think you are right ....that must be what I am talking about considering it does ask me to buy a licence
11:38 < brendan6_> rob0: Thanks
11:39 < rob0> yw
11:39 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
11:39 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
11:40 -!- badon_ is now known as badon
11:43 -!- russell-- is now known as russell_
11:48 -!- brendan6_ [~brendan6@ec2-52-1-210-143.compute-1.amazonaws.com] has quit [Ping timeout: 246 seconds]
11:49 -!- russell_ is now known as russell--
12:03 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
12:06 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:08 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
12:08 -!- mode/#openvpn [+v s7r] by ChanServ
12:09 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 240 seconds]
12:13 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
12:22 <+s7r> I have an openvpn client - server connection (TCP) which works just fine, with push redirect gateway def1 (client's internet traffic routed via the openvpn server). all work just fine,  and it uses also the DNS server of the openvpn server. but it uses _also_ the DNS servers of the client ISP. how can this be avoided?
12:23 < pekster> Configure your client OS not to add the local uplink as DNS servers
12:23 < pekster> Not OpenVPN's problem at that point as local networking policy enforcement is outside the design of openvpn
12:28 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
12:29 <+s7r> hmm
12:29 <+s7r> if i connect via wireless it does not do this
12:29 <+s7r> only when the cabble is plugged in
12:30 <+s7r> wonder if i can teach the client OS when connected to the openvpn server, do not use the defafult DNS resolvers from the Local network connection
12:30 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
12:34 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
12:40 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
12:41 -!- cpt_berry is now known as ser_berry
13:02 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:06 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
13:07 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
13:07 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:08 -!- badon_ is now known as badon
13:13 -!- roadrunner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:16 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 256 seconds]
13:16 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:19 -!- KeyboardNotFound [~KeyboardN@unaffiliated/keyboardnotfound] has quit [Read error: Connection reset by peer]
13:47 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:16 -!- thumbs [1000@unaffiliated/thumbs] has quit [Quit: Reconnecting]
14:16 -!- frank-- [1000@unaffiliated/thumbs] has joined #openvpn
14:16 -!- frank-- is now known as thumbs
14:46 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 250 seconds]
14:47 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
15:33 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
15:35 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
15:36 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Quit: ZNC - http://znc.sourceforge.net]
15:39 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
15:47 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Quit: ZNC - http://znc.sourceforge.net]
15:50 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
16:07 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
16:10 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
16:10 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:10 -!- badon_ is now known as badon
16:11 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Quit: ZNC - http://znc.sourceforge.net]
16:28 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
16:29 -!- Denial [~Denial@81.141.4.46] has quit [Ping timeout: 255 seconds]
16:31 -!- Denial [~Denial@81.141.2.159] has joined #openvpn
16:33 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Quit: ZNC - http://znc.sourceforge.net]
16:36 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
16:36 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
16:40 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Read error: Connection reset by peer]
16:44 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
16:44 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:45 -!- badon_ is now known as badon
16:54 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
16:59 -!- ultima [~Ultima@unaffiliated/ultima] has joined #openvpn
17:19 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Read error: Connection reset by peer]
17:19 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
17:20 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Read error: Connection reset by peer]
17:20 -!- deranged [Bit@lolnerd.net] has quit [Ping timeout: 252 seconds]
17:20 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
17:20 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Ping timeout: 252 seconds]
17:22 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:23 -!- deranged [Bit@lolnerd.net] has joined #openvpn
17:31 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 245 seconds]
17:32 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
17:44 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:44 -!- u0m3 [~u0m3@92.80.115.124] has quit [Read error: Connection reset by peer]
18:10 -!- u0m3 [~u0m3@92.80.115.124] has joined #openvpn
18:21 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:24 < vegardx> The server is beeing flooded with connection refused errors when there are no clients connected to it. Sup with that?
18:25 < vegardx> And I mean flooded. 10-20 lines per second.
18:32 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Quit: ZNC - http://znc.sourceforge.net]
18:34 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
19:03 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
19:39 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:49 -!- bogie [bogie@mail.epow0.org] has joined #openvpn
19:54 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
20:13 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:16 -!- SoCo_cpp [~soco@gateway/vpn/privateinternetaccess/sococpp/x-48425895] has joined #openvpn
20:19 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:24 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:28 -!- SoCo_cpp_ [~soco@gateway/vpn/privateinternetaccess/sococpp/x-48425895] has joined #openvpn
20:29 -!- SoCo_cpp_ is now known as Guest68636
20:31 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn []
20:31 -!- SoCo_cpp [~soco@gateway/vpn/privateinternetaccess/sococpp/x-48425895] has quit [Ping timeout: 264 seconds]
21:10 -!- Guest68636 [~soco@gateway/vpn/privateinternetaccess/sococpp/x-48425895] has quit [Ping timeout: 264 seconds]
21:19 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:22 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 264 seconds]
21:47 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
21:47 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
21:49 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
21:56 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
21:56 < cstk421> can someone tell me if there is a method to make pfsense/openvpn server dish out dhcp addresses from the same pool for lan clients and remote vpn clients ?
21:57 -!- Reyu [Reyu@ec2-54-152-128-33.compute-1.amazonaws.com] has joined #openvpn
22:01 <+esde> !welcome
22:01 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
22:01 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
22:02 <+esde> elaborate on your goal please, would you like the openvpn client address also be the local area network address on the client's internal network?
22:02 <+esde> if not please correct my understanding
22:07 < cstk421> ok to clarify my goal is for the vpn remote client to obtain an ip on the local network from the local dhcp server.  From some reading i just did I guess it would be considered a bridge connection requiring TAP and not TUN which i am using. Does that help ?
22:07 <+esde> yes, i can't offer any assistance with this, but someone else can :)
22:08 <+esde> !bridge-dhcp
22:08 <@vpnHelper> "bridge-dhcp" is http://openvpn.net/faq.html#bridge-addressing for making clients grab dhcp ip over the bridge but not over-riding dhcp ip from local dhcp server
22:09 <+esde> https://community.openvpn.net/openvpn/wiki/323-i-want-to-set-up-an-ethernet-bridge-on-the-1921681024-subnet-existing-dhcp
22:09 <@vpnHelper> Title: 323-i-want-to-set-up-an-ethernet-bridge-on-the-1921681024-subnet-existing-dhcp – OpenVPN Community (at community.openvpn.net)
22:09 <+esde> might be similar to your goal
22:10 < cstk421> will read up on those thanks
22:10 <+esde> please review the last link first, im wondering if it's applicable to your goal
22:10 < cstk421> k
22:11 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:12 < cstk421> esde: yes that is basically my goal. i dont need the server-bridge directive
22:12 < cstk421> just need vpn clients to be able to get dhcp from the local server
22:17 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit [Read error: Connection reset by peer]
22:54 < vegardx> Set up a bridge with a tap interface.
22:55 < vegardx> I don't think pfsense has implemented tap, have they?
22:56 < vegardx> You can just define server-bridge alone. You don't have to specify a subnet and which IP-addresses to pull from. Then the clients will just get a regular dhcp response.
22:57 < vegardx> Oh, he left. I should stop filtering out join/quits.
23:10 -!- ShadniX [dagger@p5481D376.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:11 -!- ShadniX [dagger@p5481D0DE.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Feb 22 2015
00:06 -!- Denial [~Denial@81.141.2.159] has quit [Ping timeout: 245 seconds]
00:06 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:06 -!- Denial [~Denial@5.80.232.173] has joined #openvpn
00:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:23 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 245 seconds]
00:24 -!- roadrunner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
00:26 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
00:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
01:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:08 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
01:44 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
02:27 -!- `hypermist` is now known as sleepypc
02:38 -!- sleepypc is now known as `hypermist`
02:48 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 252 seconds]
02:48 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:52 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
03:43 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 255 seconds]
03:54 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:04 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
04:04 < elliotdenk> !welcome
04:04 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:04 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:14 < elliotdenk> Hi, is it possible to bind one OpenVPN process (OpenVPN 2.3.x) to a (specific) IPv4 and a (specific) IPv6 address at the same time, man page and documentation are not of much help with respect to IPv6 support, tried different settings for "local" and "proto"  but had no success, what is the way to go for a dual stack setup? Any advice or help appreciated.
04:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:33 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:34 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
04:41 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:46 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
04:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:51 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
04:52 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:57 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
04:58 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:03 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
05:04 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:09 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
05:09 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:15 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
05:15 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:20 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
05:21 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
05:27 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:32 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
05:35 -!- nutron [~nutron@unaffiliated/nutron] has quit [Ping timeout: 264 seconds]
05:58 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
06:03 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:46 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
06:46 -!- mode/#openvpn [+v s7r] by ChanServ
07:19 -!- Exagone313 [exa@elou.world] has quit [Read error: Connection reset by peer]
07:20 -!- Exagone313 [exa@2001:bc8:3e46:313::1] has joined #openvpn
07:41 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:50 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 246 seconds]
07:53 -!- u0m3_ [~u0m3@109.96.133.187] has joined #openvpn
07:55 -!- u0m3 [~u0m3@92.80.115.124] has quit [Ping timeout: 250 seconds]
08:14 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
08:19 < elliotdenk> Four hours and no answer, so let me ask again: Is it possible to bind one OpenVPN process (OpenVPN 2.3.x) to a (specific) IPv4 and a (specific) IPv6 address at the same time, man page and documentation are not of much help with respect to IPv6 support, tried different settings for "local" and "proto"  but had no success, what is the way to go for a dual stack setup? Any advice, help, or reference appreciated.
08:20 < pekster> elliotdenk: Today openvpn is only able to dual-stack inside the tunnel, not for the transit; you'd need to run 2 instances (each with unique networks, of course) to accept encapsulated traffic on both IPv4 and IPv6
08:20 < pekster> There is active work on the mainline development branches to dual-stack on transit, but that's still being developed
08:35 < elliotdenk> pekster: thx for the info
08:49 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
09:01 -!- Reyu [Reyu@ec2-54-152-128-33.compute-1.amazonaws.com] has left #openvpn ["WeeChat 1.1.1"]
09:24 -!- Netsplit *.net <-> *.split quits: tapout, kef, Fusl, Mike--, burp, ljvb, nlb, Haigha, busch, kernal,  (+4 more, use /NETSPLIT to show all of them)
09:24 -!- Netsplit over, joins: burp, kef
09:24 -!- Netsplit over, joins: halothe23, nlb, Fusl, hazardous
09:24 -!- mode/#openvpn [+v hazardous] by ChanServ
09:24 -!- Netsplit over, joins: kernal
09:26 -!- Haigha [~root@dovahkiin.xomg.net] has joined #openvpn
09:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:36 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 265 seconds]
09:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
09:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:41 -!- Denial [~Denial@5.80.232.173] has quit [Ping timeout: 240 seconds]
09:42 -!- Denial [~Denial@host31-52-126-43.range31-52.btcentralplus.com] has joined #openvpn
09:44 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
09:44 -!- mode/#openvpn [+o dazo] by ChanServ
09:50 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
09:53 -!- u0m3_ [~u0m3@109.96.133.187] has quit [Ping timeout: 244 seconds]
09:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
09:55 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:55 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:08 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Quit: Sleeping.]
10:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
10:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:16 -!- u0m3 [~u0m3@109.96.133.187] has joined #openvpn
10:16 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:22 -!- u0m3 [~u0m3@109.96.133.187] has quit [Ping timeout: 264 seconds]
10:35 -!- u0m3 [~u0m3@109.96.133.187] has joined #openvpn
10:37 -!- KjetilK [~kjetil@ti0071a400-0441.bb.online.no] has quit [Quit: Konversation terminated!]
10:56 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
11:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
11:00 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:00 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Client Quit]
11:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:07 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
11:34 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
12:05 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 246 seconds]
12:13 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
12:24 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
12:45 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
13:00 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
13:03 -!- ment0s [~ment0s@cpc6-bahd4-2-0-cust97.14-2.cable.virginm.net] has joined #openvpn
13:06 < ment0s> I have a VPS which hosts OpenVPN as a server with tap interface . I also have client which connects to VPS and it gets an IP address from pool specified in VPS so everything works fine. Now, I want to use assign tap0 interface on client to vmbr0 and I want to use vmbr0 for virtual machines to automatically get ip address from VPS. I've been trying to follow few different manuals but without success. Any ad
13:06 < ment0s> vise ?
13:09 <+esde> !walkthrough
13:09 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
13:10 <+esde> !bridging
13:10 <@vpnHelper> "bridging" is (#1) Using bridges is either completely stupid or clever. It is stupid if you do it because you think it is easier. It is clever if you're a network knowledgeable person who understands networking very well and knows why routing won't fit for you or (#2) See also https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
13:13 -!- roadrunner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:16 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 246 seconds]
13:18 < ment0s> esde: this is not helpfull at all.
13:19 < rob0> Why tap?  It does not sound necessary.
13:20 < ment0s> rob0: Well, it didnt work on TUN so I changed to tap and it still doesnt work
13:23 < ment0s> rob0: as far as I understand when I have TAP or TUN and I add them to bridge then any VM that uses that bridge with static IP from the same subnet should be able to ping server's TUN
13:23 < ment0s> obviously after adding bridge postrouting
13:28 < pekster> But why are you bridging in the first place? Are you sending non-IP protocols, or need multicast delivery across the VPN?
13:29 < pekster> It depends a bit on your !goal, but bridging is generally not needed outside of these special use-cases by people who know why they need it
13:29 < ment0s> pekster: I have a few VM's under KVM that I want to share with someone, but they have access to one bridge, vmbr0 which I want to use for internet connection . vmbr0 will have tap or tun interface and they will not be able to use my local network but existing vpn tunnel instead.
13:30 < pekster> But what is the goal?
13:30 < pekster> !goal
13:30 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:31 < pekster> You don't "use a VPN tunnel", but would use it to do something; what is this thing you wish to use a VPN for?
13:32 < ment0s> Virtual machines have access to vmbr0, I want to use vmbr0 for internet connection over TAP or TUN. So vmbr0 has tap/tun as slave and everything that will use vmbr0 will be using vpn for internet
13:33 <+hyper_ch> sourced based policy routing?
13:33 -!- justinzane [~justinzan@24.49.199.88] has quit []
13:33 < ment0s> the way I picture it : vmbr0 with tap0 as its slave. If VM is using vmbr0 then it gets IP address from tunnel
13:34 < pekster> What's the _end_ goal here? Just to redirect traffic over a VPN? You shouldn't be using any bridge at all for the VPN
13:34 < pekster> Just set up your VPN tunnel normally and route whatever you wish across it. Be sure to mind the return routing, as you would in any routing setup
13:34 <+hyper_ch> I'd just go with source policy routing
13:35 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Quit: Quit]
13:35 -!- abucode [~sharjeel@192.241.201.153] has joined #openvpn
13:35 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
13:36 < ment0s> pekster: can I redirect traffic from vmbr using policy routing ? The problem is that Virtual Machines needs vmbr0 to work. Right now i just have my eth0 as a slave but i want to replace it with tunnel
13:39 < pekster> This means nothing in an openvpn context. You can route as you would normally, regardless if you have br0, vmbr0, eth0, or en0 as your device
13:39 < pekster> I've no clue what you mean by "slave" and all this. Maybe if you describe your topology better, but it sounds like all you want is to route some/all traffic from some/all of your virtual infrastructure across some VPN tunnel, going somewhere between endpoitns you control
13:40 < pekster> This all sounds very vauge because you haven't explained anything of your setup that I understand beyond your use of bridges in a VM layout
13:40 < pekster> If you have {Inetneret} -> [VM Host] -> [VM Guests] , I'm very confused why you need a VPN at all between the guests and host
13:42 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
13:43 < ment0s> Lets say I have a Virtual Machine, this machine uses vmbr0 for any sort of connections so virtual interface of my VM is using vmbr0. So : VM_eth0 > vmbr0 > eth0 > internet. I want to use VM_eth0 > vmbr0 > tap/tun > internet.
13:44 < ment0s> while tap/tun is already configured
13:45 < ment0s> the point here is that all virtual machines are using bridges for networking. So lets say you create two virtual machines and both of them will use vmbr1 then you have point-point connection betwen them. But you can add second interface to VM which will be using vmbr0 for internet connection
13:46 < pekster> You don't need a VPN here. You need to configure your host networking properly
13:47 < ment0s> pekster: What do you mean, I want to force VM users to not to use my internet connection ( my localnet subnet ) but I want them to be piped through tunnel to VPS server somwhere else for all internet connections
13:48 < pekster> Then you should have stated this upfront, when I asked for your goal (before you went on about your VM network setup
13:48 < ment0s> pekster: sorry, It a bit confusing when trying to explain.
13:48 < pekster> You want a _tun_ setup here; tap is worthless. Put that on the VM host and policy route anything sourced from the guest VMs you want out the VPN route
13:49 < pekster> Just create a secondary routing table with the default route via the VPN gateway (a --route-up script in openvpn might be good here, read about that in !scripts) and then an `ip rule` to direct the guest VM traffic there
13:49 < pekster> See also:
13:49 < pekster> !lartc
13:49 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
13:49 < pekster> ment0s: ^ read about policy routing on Linux there
13:50 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
13:50 < ment0s> pekster: cheers, Im going to follow this setup. Thanks for clarification
13:50 -!- kef [~kef@matrix.fullmotion.de] has quit [Ping timeout: 265 seconds]
13:51 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Read error: Connection reset by peer]
13:51 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
13:51 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Remote host closed the connection]
13:52 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 265 seconds]
13:52 -!- codehero [codehero@i.have.ipv6.on.coding4coffee.org] has quit [Ping timeout: 265 seconds]
13:53 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 265 seconds]
13:53 -!- Eugene [eugene@2600:3c01::14:7116] has quit [Ping timeout: 265 seconds]
13:53 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Ping timeout: 265 seconds]
13:53 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 265 seconds]
13:53 -!- fixi [~fixi@unaffiliated/fixi] has quit [Ping timeout: 265 seconds]
13:53 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 265 seconds]
13:53 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 265 seconds]
13:53 -!- lxusrbin [~lxusrbin@han.solo.from-outer.space] has quit [Ping timeout: 265 seconds]
13:53 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
13:54 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 250 seconds]
13:54 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 265 seconds]
13:54 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
13:55 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
13:55 -!- mode/#openvpn [+o plaisthos] by ChanServ
13:55 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
13:56 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
13:56 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
13:56 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
13:56 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
13:56 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
13:57 -!- kef [~kef@matrix.fullmotion.de] has joined #openvpn
13:57 -!- codehero [codehero@i.have.ipv6.on.coding4coffee.org] has joined #openvpn
13:57 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
13:57 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
13:58 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
13:58 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:58 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
13:59 -!- jefferai [sid1300@kde/mitchell] has quit [Read error: Connection reset by peer]
14:01 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-kdxbaiinsbyrzfdz] has quit [Read error: Connection reset by peer]
14:02 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
14:03 -!- mode/#openvpn [+o krzee] by ChanServ
14:03 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-cqdplbbbtpntybcw] has joined #openvpn
14:04 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
14:06 -!- lxusrbin [~lxusrbin@han.solo.from-outer.space] has joined #openvpn
14:10 -!- ment0s [~ment0s@cpc6-bahd4-2-0-cust97.14-2.cable.virginm.net] has quit [Ping timeout: 252 seconds]
14:15 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 250 seconds]
14:17 -!- pailaps [~pailaps@nyc.lovesexmoney.info] has quit [Ping timeout: 250 seconds]
14:22 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
14:22 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
14:23 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:32 -!- frege [~frege@unaffiliated/frege] has left #openvpn []
15:10 < f0o> Is there a way to only validate a client's cert at depth 1 ?
15:10 < f0o> I dont want to trust everybody my root-ca trusts, only need to trust a particular sub-sub-ca
15:13 < pekster> You might be able to use the sub-CA as the --ca directive, though I haven't tried that. If you have an independent set of clients, it might make more sense to run an independent CA anyway
15:15 < f0o> I got that subca as --ca but it fails when trying to lookup the --ca's issuer
15:15 < f0o> thought limiting verification depth would eliminate the need to lookup the --ca's issuer
15:16 < pekster> Yea, I was wondering if it might do that; you might have to use one of the manual tls extra checks through a script or something an inspect the key ID of the issuing cert from the client
15:22 < f0o> I was afraid you'd say that hehe
15:22 < f0o> fair enough, thanks :)
15:27 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
15:30 < pekster> f0o: You could also consider using --ccd-exclusive if you know in advance the names of the client commonName values you wish to accept
15:36 < f0o> cant assert that sadly :/
15:36 < f0o> doing a quick tls-verify script now that checks for $X509_0_OU
15:38 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:49 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
16:02 -!- u0m3 [~u0m3@109.96.133.187] has quit [Ping timeout: 264 seconds]
16:05 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:22 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Quit: Leaving.]
16:30 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
17:26 -!- u0m3 [~u0m3@109.96.133.187] has joined #openvpn
18:03 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Read error: Connection reset by peer]
18:06 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:54 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:04 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
19:14 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
19:25 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
19:30 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:58 <@ecrist> dazo: -CURRENT is a development branch.
20:04 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
20:19 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:37 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:59 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Quit: Leaving]
21:04 -!- u0m3 [~u0m3@109.96.133.187] has quit [Ping timeout: 246 seconds]
21:46 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:08 -!- ShadniX [dagger@p5481D0DE.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:08 -!- ShadniX [dagger@p5DDFC561.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Feb 23 2015
00:24 -!- roadrunner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
00:25 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has quit [Quit: Lost terminal]
00:29 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
01:33 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
02:15 -!- mattock_afk is now known as mattock
02:19 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:21 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:26 -!- apollo2k is now known as aPollO2k
02:48 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 246 seconds]
03:00 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
03:09 -!- Latrina [~Latrina@ppp-65-2.26-151.libero.it] has quit [Ping timeout: 255 seconds]
03:11 -!- Latrina [~Latrina@adsl-ull-61-223.50-151.net24.it] has joined #openvpn
03:42 -!- nicety [nicety@2604:a880:800:10::654:5001] has joined #openvpn
03:54 -!- arcsky [~arcsky@87.117.231.108] has joined #openvpn
03:54 < arcsky> can a client side send a route to the server side?
04:00 <+hyper_ch> I hope not
04:08 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 264 seconds]
04:18 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:19 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
04:21 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 264 seconds]
04:30 < tyuio> hello everyone
04:30 < tyuio> can anyone can post their conf ?
04:31 < vegardx> tyuio: Just a config won't help you a lot.
04:34 < tyuio> just troubleshoot issue
04:34 < tyuio> seriously i can't understand one thing
04:39 <+hyper_ch> [Friday 20 February 2015] [13.24:54] <hyper_ch> tyuiop: tried my config?
04:39 <+hyper_ch> I guess you didn't
04:39 < tyuio> i tried too
04:39 < tyuio> just a sec
04:39 <+hyper_ch> [Friday 20 February 2015] [01.25:04] <krzee> tyuiop,
04:40 <+hyper_ch> krzee tried to help also
04:43 < tyuio> not helpling too much to
04:44 < tyuio> well i  state everything here :
04:44 < tyuio> http://paste.ubuntu.com/10370332/
04:46 <+hyper_ch> I tried to help you 3 days ago... you chose to ignore it
04:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
04:51 < tyuio> i m sorry
04:51 < tyuio> maybe i understand what you meant
04:51 < tyuio> i don't
04:52 < tyuio> well
04:52 < tyuio> do you see my pastebin ?
04:52 < tyuio> 	http://paste.ubuntu.com/10370332/
04:52 < tyuio> when i initiate the vpn connexion on  my client
04:52 < tyuio> the connection is succeed
04:53 < tyuio> but i can't able to connect to the internet using my vpn gateway
04:57 < tyuio> anyone there ?
04:59 < tyuio> it seems that i m not ignore it
05:13 < tyuio> hyper_ch: are you there ?
05:35 -!- tyuio [~chatzilla@62-210-193-154.rev.poneytelecom.eu] has left #openvpn []
05:36 -!- erop [~chatzilla@62-210-193-154.rev.poneytelecom.eu] has joined #openvpn
05:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:49 < erop> hi there
05:49 < erop> anyone here ?
05:58 <+hyper_ch> erop: changed name?
05:58 < erop> well
05:59 < erop> when i initiate the vpn connexion on  my client
05:59 < erop> the connection is succeed
05:59 <+hyper_ch> I offered my help 3 days ago, you chose it to ignore
06:00 < erop> here is everything :
06:00 < erop> http://paste.ubuntu.com/10370332/
06:01 < erop> i can't understand why you feel that i ignore your help ?
06:02 < erop> you are mostly welcome
06:03 < erop> seriously i got this issue from last week
06:03 < erop> i can't able to troubleshoot it
06:03 < erop> i get tired with this
06:11 -!- abucode [~sharjeel@192.241.201.153] has quit [Quit: WeeChat 1.0]
06:13 < erop> hello are you there?
06:34 -!- soLucien [~Lu@h179.natout.aau.dk] has joined #openvpn
06:35 -!- erop [~chatzilla@62-210-193-154.rev.poneytelecom.eu] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 35.0.1/20150125222008]]
06:41 -!- soLucien [~Lu@h179.natout.aau.dk] has quit [Ping timeout: 250 seconds]
06:41 -!- soLucien [~Lu@h179.natout.aau.dk] has joined #openvpn
06:43 < soLucien> hi guys ! I am about to install a openVPN server on a DigitalOcean droplet in order for me to be able to access my home PC from a remote location. My question is : Would all my traffic between my latop and home PC go through the server, or would it use peer 2 peer once connected?
06:43 < soLucien> if i address it using the virtual LAN address?
06:44 < soLucien> does the server act as a relay for all traffic, or does it just bootstrap the computers, and communication is done directly between the 2 PCs
06:46 < soLucien> i can try asking Google, i'm sure there's an answer on some forum, but it's difficult to formulate this :)
06:48 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
06:49 < soLucien> anyone? :)
06:50 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
06:51 < soLucien> !heartbleed
06:51 <@vpnHelper> "heartbleed" is (#1) only affects OpenSSL 1.0.1 through 1.0.1f. Does not affect polarssl or (#2) if running vuln openssl then both client and server keys not protected by tls-auth should be considered compromised. or (#3) android 4.1.2_r1 is the first one to have -DOPENSSL_NO_HEARTBEATS and it is still in master. android 4.1 and 4.1.1 are probably affected. or (#4)
06:51 <@vpnHelper> https://community.openvpn.net/openvpn/wiki/heartbleed or (#5) http://xkcd.com/1354/
06:51 < soLucien> !poodl
06:51 < soLucien> !poodle
06:51 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
07:00 <+esde> soLucien, afaik yes the traffic would ho through the machine that is configured as the server.
07:00 <+esde> go even
07:01 < soLucien> ok, thanks !
07:05 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has quit [Remote host closed the connection]
07:06 -!- aulait [~irenacob@li629-190.members.linode.com] has quit [Excess Flood]
07:07 -!- julius__ [~14354s@dslb-178-011-227-006.178.011.pools.vodafone-ip.de] has joined #openvpn
07:07 < julius__> hi
07:07 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has joined #openvpn
07:07 -!- soLucien [~Lu@h179.natout.aau.dk] has quit [Quit: Leaving]
07:07 < julius__> ive read http://openvpn.net/index.php/open-source/documentation/howto.html#scope       but is there also a way to include machines that are behind the client?  i mean i would like to access the machines behind the client from my other client that accesse the openvpn server
07:07 <@vpnHelper> Title: HOWTO (at openvpn.net)
07:09 -!- aulait [~irenacob@li629-190.members.linode.com] has joined #openvpn
07:11 -!- soLucien [~Lu@h179.natout.aau.dk] has joined #openvpn
07:12 -!- soLucien [~Lu@h179.natout.aau.dk] has quit [Client Quit]
07:14 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
07:14 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
07:15 -!- soLucien [~Lu@h179.natout.aau.dk] has joined #openvpn
07:15 -!- soLucien [~Lu@h179.natout.aau.dk] has quit [Client Quit]
07:16 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
07:22 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 250 seconds]
07:22 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
07:34 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:43 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
07:57 -!- G-virt [~quassel@unaffiliated/g-virt] has joined #openvpn
07:57 -!- G-virt [~quassel@unaffiliated/g-virt] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
08:10 -!- ShadniX [dagger@p5DDFC561.dip0.t-ipconnect.de] has quit [Quit: Bye.]
08:12 -!- ShadniX [~ShadniX@p5DDFC561.dip0.t-ipconnect.de] has joined #openvpn
08:19 -!- Gnimsh [~IceChat78@50.241.101.4] has joined #openvpn
08:19 < Gnimsh> !welcome
08:19 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:19 < Gnimsh> !goal
08:19 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:19 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
08:20 < Gnimsh> hello, I'm having trouble connecting to my company VPN. It seems to be specific to me as other users can login fine, even on my machine (set up with LDAP authentication). I get the following error message: There is a problem in your selection of --ifconfig endpoints [local=10.8.0.10, remote=10.8.0.1].  The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet.  This is a limitation of --dev tun when used with the TAP-WIN32 driver
08:24 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Quit: Leaving]
08:27 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:32 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Quit: The only time the word "incorrectly" isn't spelled incorrectly is when it's spelled incorrectly.]
08:35 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
08:47 -!- jpalmer [~jpalmer@unaffiliated/jpalmer] has joined #openvpn
08:49 < jpalmer> hey guys.  having a bit of an issue, that I've never run into before.   I have an openvpn server,  the network behind it is publically routable /24,  the openvpn server is listening on one of the ip's in the same /24,  meaning, if I push a route to the client, it tries to route everything through the tunnel,  including traffic that should be destined to the openvpn server itself.
08:50 <@plaisthos> redirect-gateway or redirect-private should take care of that
08:50 < jpalmer> any thoughts on what to research?  I've looked at route, pushed routes, and iroute.  none seem to be what I'm looking for.   my guess is I need to either push a static route for that 1 IP,  or..  somehow tell openvpn to exclude that one IP
08:51 < jpalmer> hmm,  I thought those were for doing split-tunnel, or not.. so didn't think to check.  I'll have a look.  thanks
08:51 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Quit: Sleeping.]
08:54 < jpalmer> yeah, looking at redirect-gateway,  thats not what I want to do.  I only want traffic destined to that subnet to be sent over the vpn tunnel.  not all traffic
08:57 <@plaisthos> jpalmer: redirect-private
09:02 < jpalmer> looks promising, but.. docs seem kinda lacking.   thanks for the pointer, gonna hit google for some reading.
09:11 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]
09:11 -!- txdv [~unreal@78-56-71-41.static.zebra.lt] has joined #openvpn
09:12 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:15 < txdv> hey guys
09:16 < txdv> i wanted to ask if the basic connection to a server uses ssl encryption
09:17 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
09:18 -!- aPollO2k is now known as apollo2k
09:28 -!- donoban [~donoban@148.Red-81-33-188.dynamicIP.rima-tde.net] has joined #openvpn
09:30 < donoban> hi, I'm trying to have a transparent backup interface (mobile internet) for my home computer. i.e. if my normal internet fails, switch to my USB mobile connection, and once my normal internet is up again return to it
09:31 < donoban> anybody knows the best way for achieve it?
09:36 -!- happytoo [~happyone@184.173.77.5-static.reverse.softlayer.com] has joined #openvpn
09:39 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:41 < jpalmer> plaisthos: awesome,   got redirect-private working, did exactly what I needed.  thanks!
09:46 < arcsky> can a client side send a route to the server side?
09:46 < Papey> I've got some trouble setting up openvpn on Android, some socket_protect error, no more info
09:49 < happytoo> Hi guys. What is an affordable device that I can use to route all traffic on a network through openvpn? My criteria are: 1) open source firmware, 2) reliably fast throughput -- total 50-100 Mbps (the more, the better), 3) automatically re-establishes connection to vpn on failures, 4) internet killswitch when vpn disconnects (until it reconnects), 5) dns routed through vpn
09:55 < txdv> is there any documentation on how the underlying openvpn communication protocol works?
09:57 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
10:00 -!- happytoo [~happyone@184.173.77.5-static.reverse.softlayer.com] has quit [Ping timeout: 244 seconds]
10:00 < txdv> If I use a configuration file like this http://paste.ubuntu.com/10373778/
10:01 < txdv> does it use tls or static key authentication
10:01 < txdv> ?
10:02 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
10:03 < DArqueBishop> I'm pretty sure it uses TLS.
10:03 < DArqueBishop> BTW, you might want to redo your keys as we all now have the certs to get into your server.
10:03 < Papey> woops
10:04 < Papey> :)
10:04 < txdv> DArqueBishop: they are open servers
10:04 < txdv> everyone can get it in there
10:06 -!- elfixit [~Icedove@93.82.194.50] has joined #openvpn
10:07 -!- w00tb3ast [~w00tb3ast@184.71.203.90] has joined #openvpn
10:11 -!- w00tb3ast [~w00tb3ast@184.71.203.90] has left #openvpn ["Cya!"]
10:13 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Quit: Leaving]
10:13 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
10:20 <@dazo> txdv: when using --cert, --key and --ca, TLS is used ... only using --secret uses static encryption (no authentication)
10:31 -!- mattock is now known as mattock_afk
10:43 < txdv> from the documentation i got that --client = --pull tls
10:43 < txdv> so it is a tls connection
10:44 < txdv> i am unable to create a tls connection to a vpn server programatically and I wonder why that is
10:44 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Read error: Connection reset by peer]
10:48 < txdv> the certificate exchange doens't happen whatsoever, the client sends some data but the server never returns anything back
10:49 -!- u0m3 [~u0m3@109.96.133.187] has joined #openvpn
10:50 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:57 < txdv> i'm not really sure if it uses the standard method
11:00 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:08 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 256 seconds]
11:12 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:13 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
11:13 < happytoo> What is an affordable device that I can use to route all traffic on a network through openvpn? My criteria are: 1) open source firmware, 2) reliably fast throughput -- total 50-100 Mbps (the more, the better), 3) automatically re-establishes connection to vpn on failures, 4) internet killswitch when vpn disconnects (until it reconnects), 5) dns routed through vpn
11:24 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Read error: Connection reset by peer]
11:27 <@dazo> happytoo: tp-link wr1043nd
11:27 <@dazo> runs openwrt, plenty with good space, usb and usually really affordable
11:28 <@dazo> 4) is basically just some scripting ... 5) is vpn+iptables configuration
11:28 <@dazo> 3) is also a configuration issue
11:29 < vegardx> Open Source /firmware/? Well good luck.
11:29 <@dazo> vegardx: openwrt
11:30 < vegardx> Do we look at openwrt as firmware? That is an operating system.
11:30 <@dazo> firmware for embedded devices, such as routers
11:30 < vegardx> I might not be up to date with terminology then!
11:30 <@dazo> otherwise, there is the coreboot initiative for the Intel platform
11:32 < vegardx> Do you need the killswitch if you just use do routing properly?
11:33 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
11:33 < satdav> Hello whats the difference between open vpn and OpenVPN Access Server
11:34 <@dazo> routing + firewall will probably result into a killswitch functionality .... don't allow anything else than the VPN traffic out, block everything else ... and only allow traffic to be forwarded to go via the tunnel
11:34 < satdav> !docs
11:35 <@dazo> satdav: Access Server provides some additional (close source) admin interfaces, configures multiple servers and more advanced authentication schemes out-of-the-box
11:35 <@dazo> satdav: the core of openvpn community and access server, is the same ... just the management is improved
11:35 < satdav> dazo: is their docs for instaling and setting up openvpn on a debain box
11:35 <@dazo> !as
11:35 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
11:36 < satdav> dazo: do you get a lience limit on the openvpn
11:36 <@dazo> satdav: or are you asking about debian + openvpn community edition?
11:36 < satdav> yes dazo
11:36 <@dazo> there's no limitations on the community editions
11:36 < satdav> if thats easier to setup
11:37 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
11:37 <@dazo> and basically, the configuration is usually fairly simple ... and there's no need to really have distro specific docs
11:37 <@dazo> (well, you need to understand general networking configuration and firewalling before starting with openvpn)
11:37 <@dazo> satdav: have you ever configured openvpn before?
11:37 < rob0> (and it helps to know a bit about your distro also)
11:38 <@dazo> satdav: if no ... start here ... http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html ... and then update this config of yours with proper PKI setup (keys, certs, ca)
11:38 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
11:38 < satdav> I have never done it before
11:39 < satdav> I have setup access server in the past
11:39 < happytoo> hi dazo
11:39 < happytoo> thanks for commenting
11:39 -!- pEYEd [~kvirc@ool-4355399b.dyn.optonline.net] has joined #openvpn
11:40 <@dazo> okay, well, start with the static mini howto, which gets you flying in no-time ... and then add your own CA setup, and use --server/--client, --key, --ca and --cert instead of --secret
11:40 < happytoo> i looked up the specs for that router here: http://www.tp-link.com/en/products/details/?model=TL-WR1043ND#spec
11:40 <@dazo> !--
11:40 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
11:40 <@vpnHelper> Title: 300Mbps Wireless N Gigabit Router TL-WR1043ND - Welcome to TP-LINK (at www.tp-link.com)
11:41 < pEYEd> clients can connect to server and get IP, but client and server connot ping each other??  https://bpaste.net/show/8ab1acea25fe
11:41 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
11:41 < pEYEd> no firewalls.
11:41 < happytoo> there is no mention of openvpn support out of the box
11:41 <@dazo> happytoo: yeah,that's the one ... really nice box ... you need to install the openwrt firmware on it, then you'll get that
11:42 <@dazo> happytoo: http://wiki.openwrt.org/toh/tp-link/tl-wr1043nd
11:42 < happytoo> openwrt firmware is probably above my skill level. dd-wrt is a challenge for me
11:43 <@dazo> happytoo: nah, if you care to read the openwrt configuration docs ... it's generally easier and quicker than the webUI admin crap you get
11:43 <@dazo> well, knowing some networking basics always helps
11:43 < happytoo> i have very limited tech skills. i've heard that openwrt is the tech's first choice, but i have to recognize my current limitations
11:44 <@dazo> happytoo: as long as you're able to read and understand what you read, I believe you're able to manage this
11:44 <@dazo> (afaik, there are no router firmware which comes with openvpn support out-of-the-box from the factory)
11:45 < happytoo> as a longer term goal, i would like to learn openwrt, but as an intermediate step, it would be wise for me to start with something simpler
11:45 < happytoo> i realize that it probably seems simple to you, but the prerequisite skills are lacking
11:46 <@dazo> well, I don't think you have much to choose between here, of openvpn is your requirement ... and configuring openvpn correctly is much more complicated than configuring an openwrt router
11:47 <@dazo> not to mention all your other requirements too
11:47 < happytoo> dazo: http://www.amazon.com/BUFFALO-AirStation-Source-Wireless-WHR-300HP2D/dp/B00IB8IVDQ/
11:47 <@dazo> !dd-wrt
11:48 <@vpnHelper> "dd-wrt" is (#1) While some users have success with dd-wrt, the build system isn't very accessible to users and there have been security issues with the distro. Consider carefully if this is the platform you want to use for OpenVPN or (#2) Firewall oopsie : http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783 or (#3) more issues: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=84536
11:48 < happytoo> that model lists dd-wrt and openvpn out of the box
11:48 <@dazo> happytoo: I will never ever touch dd-wrt again after experiencing their security mindset
11:49 -!- pailaps [~pailaps@nyc.lovesexmoney.info] has joined #openvpn
11:49 < happytoo> but i've heard that throughput with an openvpn router can be problematic
11:49 <@dazo> happytoo: buffalo routers aren't easily available in my region, so that's probably why I'm not updated ... plus, it mentions dd-wrt which renders it uninteresting to me
11:49 <@dazo> happytoo: depends on the configuration again
11:49 <@dazo> !gigabit
11:49 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
11:49 < happytoo> in your experience, what is the limiting factor with openvpn router throughput?
11:50 <@dazo> happytoo: the linux kernel
11:50 <@dazo> and in particular the tun driver
11:50 <@dazo> but that first begins to get in the way when you go above 100Mbit/s or so
11:51 < happytoo> that is beyond my criteria
11:51 < happytoo> 100 would be great at the moment
11:52 <@dazo> happytoo: at the openvpn hackathon last autumn, I believe we managed to squeeze through 50-60Mbit/s from my laptop to my employers network using VPN ... we believe we may have saturated some internal links behind the VPn server to much that I got capped down
11:52 < pailaps> i wonder why openvpn doesnt detect os settings for receive and send buffers
11:52 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
11:53 < pailaps> its still 64KB size for latest build
11:53 <@dazo> pailaps: patches are welcome
11:54 <@dazo> the dev-team is quite small, most of us working on openvpn in our spare time ... so for such things, we mostly scratch our own scratches ... and reviews patches fixing issues others have issues with
11:56 < pailaps> hope someone could review the snippets later
11:56 < pailaps> im the most terrible coder
11:56 <@dazo> pailaps: terrible coder produces at least some code .... no coder produces no code
11:56 <@dazo> and with the reviews, you'll get help to clean up the code first
11:57 < pailaps> looks like i have a plan set
11:59 < happytoo> dazo: i read a post that claimed that openvpn throughput is often limited by cpu speed. can you speak to that?
12:00 < happytoo> tp-link doesn't even seem to provide cpu specs on that website i linked to
12:00 <+hyper_ch> sicne it has to de/encrypt the cpu is a factor I'd say
12:01 <@dazo> happytoo: well, with encryption it is always somehow bound to the CPU performance, but it also depends a lot which cipher you use too ... blowfish for example scales according too the CPU frequency, regardless of what kind of CPU you have .... AES can perform quite well, but really well on CPUs with the AES-NI instruction set (like some Intel i5/i7 processors)
12:02 < pailaps> happytoo, well you can specify cipher none and disable compression
12:02 <+hyper_ch> !speed
12:02 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
12:02 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or (#9)
12:02 <@vpnHelper> a user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
12:02 < happytoo> cipher: none?? wouldn't that be unwise?
12:02 < pailaps> i run openvpn on a tp-link wr841nd
12:03 <@dazo> happytoo: regarding to TP-Link info ... I pointed you at http://wiki.openwrt.org/toh/tp-link/tl-wr1043nd which lists CPU details and all the hardware details
12:03 <@dazo> cipher none is unwise if you want to protect the contents
12:03 < happytoo> oh, sorry dazo
12:03 <@dazo> if you just want to tunnel stuff ... using iptunnel will probably be just as good
12:03 < happytoo> i hadn't dug into that page yet
12:04 < pailaps> i got to thank pekster again, my setup is working fully with some pointers
12:13 <+hyper_ch> krzee: https://blog.hboeck.de/archives/865-Comodo-ships-Adware-Privdog-worse-than-Superfish.html
12:13 <@vpnHelper> Title: Adware Privdog worse than Superfish - Hanno's blog (at blog.hboeck.de)
12:15 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
12:17 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
12:17 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
12:19 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 246 seconds]
12:21 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
12:25 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
12:37 -!- donoban [~donoban@148.Red-81-33-188.dynamicIP.rima-tde.net] has quit [Ping timeout: 244 seconds]
12:40 -!- mattock_afk is now known as mattock
12:42 -!- u0m3 [~u0m3@109.96.133.187] has quit [Read error: Connection reset by peer]
12:51 -!- dazo is now known as dazo_afk
12:52 < happytoo> d*****, Comodo
12:55 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Read error: Connection reset by peer]
12:57 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:12 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Read error: Connection reset by peer]
13:13 -!- roadrunner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:14 -!- roadrunner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:17 -!- teward [teward@ubuntu/member/teward] has joined #openvpn
13:17 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 246 seconds]
13:17 -!- quup [~ppp@unaffiliated/quup] has joined #openvpn
13:18 < quup> Hi, on the android client (OpenVPN Connect) can I "blacklist" a wifi connection where it shouldn't be active? (I'm running openvpn client in the home router, and the vpn server only allowes a fixed amount of devices at a time)
13:19 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:20 -!- volkswagner [~Adium@cpe-98-15-160-220.hvc.res.rr.com] has joined #openvpn
13:21 -!- gardar [~gardar@bnc.giraffi.net] has quit [Quit: ZNC - http://znc.in]
13:22 < pEYEd> quup:   what router restricts the number of connection?  (assuming they aren't just putting you on a /30)
13:22 < pEYEd> quup:  you could always double NAT.  o.0
13:23 < teward> pEYEd: stupid assumption: he doesn't run the server
13:23 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:23 < teward> second stupid assumption: the remote server is restricting the # of connections
13:28 < quup> teward: correct, server restricts
13:28 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
13:29 < pEYEd> quup:  iptables?
13:31 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
13:33 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:43 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
13:51 -!- u0m3 [~u0m3@109.96.133.187] has joined #openvpn
13:52 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:54 -!- elfixit [~Icedove@93.82.194.50] has quit [Ping timeout: 245 seconds]
13:57 -!- atmosx [~bsd@convalesco.org] has left #openvpn ["WeeChat 0.4.4-dev"]
14:01 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:07 -!- volkswagner [~Adium@cpe-98-15-160-220.hvc.res.rr.com] has quit [Quit: Leaving.]
14:13 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
14:13 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
14:24 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
14:25 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
14:42 -!- pEYEd [~kvirc@ool-4355399b.dyn.optonline.net] has quit [Ping timeout: 265 seconds]
14:44 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
14:47 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 246 seconds]
14:52 -!- mattock is now known as mattock_afk
14:57 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has joined #openvpn
15:21 -!- `hypermist` is now known as sleepypc
15:25 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:27 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
15:30 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
15:31 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
15:40 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:51 -!- Gnimsh [~IceChat78@50.241.101.4] has quit [Quit: The early bird may get the worm, but the second mouse gets the cheese]
15:53 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:55 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
16:01 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
16:17 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
16:21 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:35 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Quit: Leaving]
16:43 -!- eklo [~eklo@unaffiliated/eklo] has joined #openvpn
16:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:52 -!- eklo [~eklo@unaffiliated/eklo] has left #openvpn []
17:16 -!- elfixit [~Icedove@93.82.194.50] has joined #openvpn
17:31 < satdav> were is the docs for installing openvpn on debain
17:58 <@krzee> quup, no. you probably want tasker.
17:59 <@krzee> satdav, there is nothing different about openvpn on debian than any OS/distro really
17:59 < satdav> ok
18:01 <@krzee> !howto
18:01 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
18:16 -!- julius__ [~14354s@dslb-178-011-227-006.178.011.pools.vodafone-ip.de] has quit [Ping timeout: 244 seconds]
18:28 -!- s7r [~s7r@openvpn/user/s7r] has quit [Read error: Connection reset by peer]
18:37 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 255 seconds]
18:38 -!- cnnx [~cizzi@MTRLPQ3401W-LP130-01-1176433132.dsl.bell.ca] has joined #openvpn
18:39 < cnnx> if i setup an openvpn tunnel between my computer at home and a remote server, will my ip appear as the remote server's ip? and can i then use that ip to whitelist it in mysqld so it only accepts connections from that ip?
18:46 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: ["Textual IRC Client: www.textualapp.com"]]
18:53 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 264 seconds]
18:54 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
18:56 < zoredache> If you establish a tunnel usually you setup a specific subnet for that tunnel.  So you might use `server 10.5.12.0 255.255.255.0`.  You can adjust your firewalls to permit the VPN subnet.
18:57 < zoredache> As for what else happens, that all depends on your routing/NAT.  But there is a lot of flexibility available to those that understand networking.
19:00 -!- elfixit [~Icedove@93.82.194.50] has quit [Quit: elfixit]
19:01 -!- cnnx [~cizzi@MTRLPQ3401W-LP130-01-1176433132.dsl.bell.ca] has quit [Quit: Lost terminal]
19:12 -!- cnnx [~cizzi@MTRLPQ3401W-LP130-01-1176433132.dsl.bell.ca] has joined #openvpn
19:13 -!- nicety [nicety@2604:a880:800:10::654:5001] has quit [Quit: nicety]
19:13 < cnnx>  i established an openvpn tunnel with my server but my ip still shows as my local isp's ip how come?
19:21 < pekster> Because !redirect
19:28 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Read error: Connection reset by peer]
19:28 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:29 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Quit: Leaving.]
19:34 -!- nicety [nicety@2604:a880:800:10::654:5001] has joined #openvpn
19:45 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:51 < cnnx> when i run  iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
19:51 < cnnx> it get iptables: No chain/target/match by that name.
19:51 < cnnx> !redirect
19:51 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
19:51 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
19:51 < cnnx> !ipforward
19:51 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
19:51 < cnnx> !linipforward
19:52 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
20:01 -!- cnnx [~cizzi@MTRLPQ3401W-LP130-01-1176433132.dsl.bell.ca] has quit [Ping timeout: 256 seconds]
20:14 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
20:16 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
20:19 -!- nicety [nicety@2604:a880:800:10::654:5001] has quit [Quit: nicety]
20:19 -!- nicety [nicety@2604:a880:800:10::654:5001] has joined #openvpn
20:27 < rob0> adaptr, where are you when we need you?
20:30 < rob0> thumbs, ^^
20:30 < thumbs> ah
20:31 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 245 seconds]
20:35 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:54 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
20:54 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:55 -!- badon_ is now known as badon
21:02 -!- sleepypc is now known as `hypermist`
21:14 -!- u0m3 [~u0m3@109.96.133.187] has quit [Ping timeout: 255 seconds]
21:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
21:19 -!- anthony25 [~anthony25@aruhier.fr] has quit [Ping timeout: 246 seconds]
21:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
21:22 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
21:22 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:22 -!- badon_ is now known as badon
21:28 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
21:36 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:50 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
21:55 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
21:55 < mnathani_> does anyone have a sample server.conf and client.conf for providing IPv6 access over an IPv4 tunnel? Server endpoint has multiple /64 which can be used to route IPv6 traffic
22:02 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
22:10 -!- kazoo [~WHY@unaffiliated/kazoo] has joined #openvpn
22:11 < kazoo> http://sammael.ml/brandon1.txt http://sammael.ml/brandon2.txt any ideas on why this is happening?
22:16 < mnathani_> perhaps be helpful to define what 'this' is
22:20 < kazoo> well theres some type of error and windows is claming a error with ca.crt
22:20 < kazoo> but I personally dont see any issues with ca.crt and I myself cant quite figure it out
22:20 < kazoo> I see error status 7 & error status 255
22:22 < kazoo> But like I said, I can't figure out why I can't connect
22:22 < mnathani_> is the client android?
22:23 < kazoo> ye
22:23 < kazoo> well i tried on both Windows and Android
22:23 < mnathani_> OpenVPN Connect ?
22:24 < kazoo> I just gave you my Android Log
22:24 < mnathani_> Sat Feb 21 23:19:23 2015 sammael/172.56.15.187:22151 /sbin/ifconfig tun0 0.0.0.0
22:24 < mnathani_> SIOCSIFADDR: Permission denied
23:09 -!- ShadniX [~ShadniX@p5DDFC561.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:09 -!- ShadniX [dagger@p5DDFC651.dip0.t-ipconnect.de] has joined #openvpn
23:14 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
--- Day changed Tue Feb 24 2015
00:36 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 246 seconds]
00:59 <+hyper_ch> hmmm, is there actually a way to name the tun devices?  e.g. tun.work or something?
01:04 -!- mattock_afk is now known as mattock
01:11 <+hyper_ch> or can they only be named tun[0-999]?
01:12 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 256 seconds]
01:20 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
01:23 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
01:28 -!- IPJunkie1 [~mike@garza.riseup.net] has joined #openvpn
01:56 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
02:34 -!- u0m3 [~u0m3@109.96.133.187] has joined #openvpn
02:44 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
02:59 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Quit: Sleeping.]
03:04 -!- aulait [~irenacob@li629-190.members.linode.com] has quit [Remote host closed the connection]
03:04 < txdv> i still canta comrepehend what protocol openvpn uses
03:04 < txdv> i am trying to use openssl to connect and all i get is an empty response
03:05 <+hyper_ch> txdv: what do you mean?
03:05 -!- Netsplit *.net <-> *.split quits: dyce
03:07 <+hyper_ch> you use openssl to generate certs and stuff
03:07 <+hyper_ch> and you point the openvpn configs to use according client/server/ca certs
03:10 < txdv> i use the command line tool to check if i can connect
03:11 < txdv> openssl s_client -connect vpn104441400.opengw.net:1573
03:12 <+hyper_ch> that's not how you do it
03:12 < txdv> all i do is try to connect to a vpn server and get past the initial handshake
03:12 <+hyper_ch> use openvpn binary to connect
03:12 <+hyper_ch> !howto
03:12 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
03:12 < txdv> I know how to connect with the 'openvpn' binary
03:13 < txdv> What I want to do is write a library in my own language to connect to a vpn server
03:13 <+hyper_ch> good luck
03:13 < txdv> so I am asking whether anyone knows why the initial secure handshake is not happening
03:14 <+hyper_ch> my first guess is that you're doing it wrong
03:14 <+hyper_ch> but that's about all I can say/guess
03:14 < txdv> yes
03:15 < txdv> obviously i am doing it wrong
03:15 < txdv> otherwise i wouldnt be here asking
03:17 < txdv> ok nevermind
03:17 <+hyper_ch> solved it?
03:17 < txdv> the wireshark has revealed the secrets
03:18 <+hyper_ch> s/the //
03:19 < txdv> the one and only wireshark
03:20 <+hyper_ch> you've seen the facebook movie?
03:20 <+hyper_ch> the best thing (sort of) ever happend to facebook is to have dropped the "the"
03:20 <+hyper_ch> same goes for wireshark ;)
03:21 < txdv> No, I haven't seen the facebook movie
03:21 <+hyper_ch> you didn't miss out much
03:21 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
03:22 < txdv> hmmm, the udp communication is more transparent than the tcp
03:22 < txdv> i can see the openvpn protocol in the udp one and only then it uses encryption
03:22 < txdv> tcp on the other hand establishes a secure socket immediately
03:22 < txdv> not much information
03:23 < txdv> and I can't quite figure out why my secure socket handshake doesn't get any answer from openvpn
03:34 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
03:36 < txdv> so i changed basically nothing
03:36 < txdv> and now I can get the tls handshake
03:36 < txdv> sometimes i wonder if my computer just doesn't work right just to spite me
03:44 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
03:44 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 245 seconds]
03:47 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
04:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:29 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:30 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
04:31 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
05:12 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Read error: Connection reset by peer]
05:12 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
05:28 -!- elfixit [~Icedove@93.82.194.50] has joined #openvpn
05:29 -!- arcsky [~arcsky@87.117.231.108] has left #openvpn []
05:41 -!- elfixit [~Icedove@93.82.194.50] has quit [Ping timeout: 252 seconds]
05:41 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
05:48 -!- dazo_afk is now known as dazo
05:50 -!- gardar [~gardar@bnc.giraffi.net] has quit [Quit: ZNC - http://znc.in]
05:51 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
05:56 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 246 seconds]
06:04 -!- rap_wrk [~rap_wrk@unaffiliated/rap-wrk/x-769542] has joined #openvpn
06:09 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 244 seconds]
06:09 < rap_wrk> hi, I am having issues routing between vpn clients on the same vpn, say 10.8.0.xx and 10.8.0.yy connected to the same server. I have client-to-client option in my server config
06:11 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
06:11 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
06:11 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
06:12 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:18 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
06:18 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:22 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
06:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
06:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:31 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
06:31 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:37 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
06:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:43 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
06:44 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:49 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
06:50 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:55 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
06:55 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Quit: ZNC - http://znc.in]
06:56 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:56 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
07:01 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
07:02 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:08 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
07:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:13 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
07:15 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:20 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
07:20 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:21 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
07:27 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:30 < flyingkiwi> rap_wrk, what is "issues"?
07:31 < flyingkiwi> "not working at all"?
07:32 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
07:33 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:38 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
07:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:44 <@dazo> !goal
07:44 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
07:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
07:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
07:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:53 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:56 <+hyper_ch> hi dazo
07:57 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
07:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:00 <@dazo> catsup: can you please sort out your connectivity issues?
08:01 <@dazo> hyper_ch: hey!
08:01 <+hyper_ch> dazo: can you name your tun devices like:   tun.work or tun_work or something? or does it have to be   tun[0-9]
08:02 <@dazo> hyper_ch: you can do that with --dev ... but it detects tun/tap type based on the first 3 chars, unless you provide --dev-type ... then you can use --dev workvpn --dev-type tun
08:02 <+hyper_ch> great....
08:03 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
08:03 <+hyper_ch> now how do I do that in the confige? :)
08:03 <@dazo> seriously, I'd expect more from you than this!
08:03 <@dazo> !--
08:03 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
08:04 <+hyper_ch> well, everybody expect more from me and I can't stand all this pressure ;)
08:04 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:04 <@dazo> heh
08:04 -!- mode/#openvpn [+b *!*@ps38852.dreamhost.com] by dazo
08:04 -!- catsup was kicked from #openvpn by dazo [Fix your IRC connection]
08:05 < txdv> No reall success with that protocol of openvpn
08:06 <@dazo> txdv: what's the issue?
08:06 <+hyper_ch> he wants to use openssl directly for making the vpn connection somehow
08:06 < txdv> I am trying to write an openvpn client in C#
08:06 < txdv> i am creating the ssl connection, that works
08:06 <+hyper_ch> or that
08:07 <@dazo> txdv: okay, that's going to be a challenge .... openvpn is its own protocol
08:07 < txdv> but when I send the first packet just nothing happens
08:07 <@dazo> txdv: the history is ....
08:07 < txdv> im not even sure what HMAC openvpn uses
08:07 < txdv> the documentation just states HMAC
08:08 < txdv> dazo: yes, openvpn has its own protocol, I understand that
08:08 <@dazo> SSL/TLS requires TCP connections by design.  When OpenVPN was written, DTLS wasn't even invented ... so it uses the SSL library to intercept packets, add some additional info and then can pass that over UDP or TCP, depending on the config
08:08 <@dazo> so you need to dig into the source code of OpenVPN to figure out the core protocol details
08:09 < txdv> no one around here codes on openvpn?
08:09  * esde points to #openvpn-devel
08:09 < txdv> lol
08:09 < txdv> of course there is
08:10 < txdv> and I have been asking the wrong questions in the wrong channel
08:10 <@dazo> txdv: http://community.openvpn.net/openvpn/wiki/SecurityOverview ... this is a brief overview
08:10 <@vpnHelper> Title: SecurityOverview – OpenVPN Community (at community.openvpn.net)
08:10 < txdv> dazo: Yeah, I already saw that
08:10 < txdv> I even created a forum post with linking to that
08:11 <@dazo> txdv: then you'll probably need to start poking at these files: src/oepnvpn/{socket,multi,mtcp,mudp}.c
08:11 < txdv> ive been poking for 4 hours
08:12 < txdv> its not like there is a write(operation) write(hmac)
08:12 < txdv> over complicated code
08:13 <@dazo> well, it's ancient code ... and plaisthos has been brave enough to start clean up one of the hardest nuts, socket.c
08:14 <@dazo> james have written much incredibly clever code, but sometimes it's not easy to follow what really happens (options.c and the option parser is a great example here)
08:14 <@dazo>  what also complicates the code, is that openvpn is both client and server in the same code
08:15 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
08:16 < txdv> i wish i could set up a server and connect to it and sniff it with wireshark
08:16 <@dazo> txdv: you might be lookgin for link_socket_{read,write}_* the functions, as well as socket_{recv,send}_queue
08:17 <@dazo> wireshark works ... but there's no decoder for it, as the traffic is encrypted ;-)
08:17 < txdv> yeah
08:17 -!- wallbroken [wallbroken@unaffiliated/wallbroken] has joined #openvpn
08:17 < wallbroken> hi
08:17 < txdv> that is the sucky part
08:17 < txdv> but ill probably just add a printf to link_socket_write
08:17 < wallbroken> wo you know why vpnbook does not allow irc ports?
08:18 < txdv> vpnbook?
08:18 <+esde> the hell is vpnbook
08:18 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
08:18 < txdv> a free vpn service
08:18 <@dazo> txdv: we actually discussed writing an RFC describing the openvpn protocol at the last hackathon ... but syzzer and james probably haven't had time to dig into that yet
08:18 < txdv> when was the last hackathon?
08:19 <@dazo> In november
08:19 <@dazo> wallbroken: you need to ask vpnbook
08:19 <@dazo> !notovpn
08:19 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
08:20 < txdv> Well i care since i am planning to abuse open vpns for irc
08:20 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
08:20 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
08:20 <@dazo> txdv: !notovpn was not for you ;-)
08:21 < txdv> well i hope syzzer and james won't wait another 3 months to do it
08:24 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
08:24 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:25 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
08:28 <@dazo> txdv: probably not if you pay them to do it ;-) ... james it the only one working for openvpn tech.
08:29 -!- Eagleman [~Eagleman@546BC778.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
08:31 < txdv> i am poor scrub
08:31 < txdv> need to save up for university myself
08:39 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
08:40 < txdv> hm
08:40 < txdv> socket_write_tcp is encrypted as well
08:40 < txdv> need to do something before encryption
08:44 -!- wallbroken [wallbroken@unaffiliated/wallbroken] has left #openvpn []
08:44 <@vpnHelper> "heartbleed" is (#1) only affects OpenSSL 1.0.1 through 1.0.1f. Does not affect polarssl or (#2) if running vuln openssl then both client and server keys not protected by tls-auth should be considered compromised. or (#3) android 4.1.2_r1 is the first one to have -DOPENSSL_NO_HEARTBEATS and it is still in master. android 4.1 and 4.1.1 are probably affected. or (#4)
08:44 <@vpnHelper> https://community.openvpn.net/openvpn/wiki/heartbleed or (#5) http://xkcd.com/1354/
08:45 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
08:45 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
08:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
08:46 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
08:48 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
08:52 <+esde> no
08:53 < txdv> this c code
08:54 < txdv> can't find a place where the buffer is plain text before encrypting it
08:54 <+esde> huh
08:55 < rob0> That is a strange question to ask here.
08:55 <+esde> nope no vpn here
08:56 <+esde> here we just like to idle and talk about stickers and unicorns
08:56 <+esde> the channel name is arbitrary, really
08:57 < DArqueBishop> We like to talk about very pretty necklaces, and we're pretty open about it.
08:57 < DArqueBishop> Hence, #openvpn.
08:58 <+esde> clever
09:05 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:08 -!- ultima [~Ultima@unaffiliated/ultima] has quit [Read error: Connection reset by peer]
09:08 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 256 seconds]
09:09 -!- elfixit [~Icedove@89.185.125.3] has joined #openvpn
09:14 < rob0> Trollololol
09:18 < txdv> apt-get install openvpn
09:23 < DArqueBishop> I'm pretty sure (others may correct me) that OpenVPN does not work like that.
09:23 < DArqueBishop> OpenVPN requires admin/root privileges on your system in order to operate.
09:23 -!- sm` [~S@46.217.87.73] has joined #openvpn
09:24 < sm`> hello... im having issues with my openvpn server. The server is in my private network, i have it NATed but clients from outside still are not able to reach it... i believe my nat sure is fine, here's the openvpn log - http://pastebin.com/Pd4Dtu2t
09:32 < vegardx> eh
09:32 < vegardx> You want to do layer2 in a browser plugin?
09:33 < vegardx> sm`: Double check that the ports are open. If you can connect from the inside that is the only thing I can think of that can go wrong.
09:33 < vegardx> Probably not even if you installed a plugin.
09:34 < sm`> vegardx: i should only open 1194 port right or maybe openvpn uses few other ports i need to allow?
09:34 < vegardx> OpenVPN does things on a level I highly doubt any plugin sandbox would ever allow.
09:34 < vegardx> sm`: You should open whatever port you have set OpenVPN to use, on the proper protocol. I'm guessing you just opened for TCP and have configured OpenVPN for UDP.
09:35 < vegardx> Perhaps not.
09:35 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
09:36 < sm`> nah ive done that right... the openvpn runs on tcp 1194 so i opened only that port
09:36 < sm`> and checked that 100 times till now :D
09:37 <+hyper_ch> you sure it doesn't run on udp?
09:38 < sm`> yep positive...
09:38 < vegardx> You generally don't run OpenVPN on TCP. It makes very little sense.
09:38 < vegardx> zertyuio: No.
09:38 < sm`> i can also see the traffic going and these are the msg in the log file - http://pastebin.com/Pd4Dtu2t
09:39 < sm`> if i block the content nothing is logged ofc
09:39 < sm`> so i assume that my fw rule is right but im having some issue with the openvpn server
09:39 < vegardx> Well, first of all, just getting access to low level networking capabilities, zertyuio.
09:40 <+hyper_ch> !configs
09:40 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
09:40 <+hyper_ch> @sm
09:40 < vegardx> sm`: Simple deduction leads me to believe that it is your firewall/NAT that blocks access.
09:40 <+hyper_ch> without configs, hard to say
09:40 < vegardx> True, but he said it works from the inside.
09:41 <+hyper_ch> you've never seen the bashisms, right?
09:41 <+hyper_ch> bashphorisms I mean - http://wiki.bash-hackers.org/misc/bashphorisms
09:41 <@vpnHelper> Title: The Bashphorisms [Bash Hackers Wiki] (at wiki.bash-hackers.org)
09:42 < vegardx> *looks*
09:42 <+hyper_ch> see 0-2
09:42 < vegardx> Heh
09:42 <+hyper_ch> 9 is also nice
09:47 <+hyper_ch> so, time to go home before I actually start doing the things I wanted to do first in the morning
09:53 < sm`> hyper_ch: the server conf - http://pastebin.com/0JRmrcxD
09:54 < sm`> and the client conf - http://pastebin.com/6vrAQuFD
09:56 -!- elfixit [~Icedove@89.185.125.3] has quit [Ping timeout: 256 seconds]
09:58 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
10:21 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Ping timeout: 245 seconds]
10:22 <+hyper_ch> dazo: you won't believe it but it really works
10:22 <+hyper_ch> sm`: please make one pastebin out of it...
10:23 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
10:25 -!- Tander1gi [Tander1gi@gateway/vpn/mullvad/x-pjkumjrdxlywmdtk] has joined #openvpn
10:27 -!- mode/#openvpn [+o pekster] by ChanServ
10:27 < sm`> hyper_ch: http://pastebin.com/AgtW3pxY
10:30 -!- mdorenka__ [d51efb89@gateway/web/freenode/ip.213.30.251.137] has joined #openvpn
10:31 < mdorenka__> hi guys, how can i create some kind of ipv6 tunnel provider using ovpn? i have a server which already handles all ipv4 traffic of my clients (which connect to a ipv4only network) - what steps are necessary to do the same with ipv6?
10:33 <+hyper_ch> sm`: one weird config but should work....  guess it's also the firewall or the dns
10:33 <+hyper_ch> !ipv6
10:33 <@vpnHelper> "ipv6" is (#1) The wiki has IPv6 details: https://community.openvpn.net/openvpn/wiki/IPv6 or (#2) The manpage contains info about IPv6 features present in 2.3+: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ
10:33 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
10:35 < vegardx> If you're using pfsense you can just make it poke holes in your WAN interface for you, sm`.
10:35 -!- mode/#openvpn [-b+b *!*@ps38852.dreamhost.com *!d@ps38852.dreamhost.com$##fix_your_connection] by pekster
10:35 <+hyper_ch> mdorenka__: see links above
10:35 -!- mode/#openvpn [-o pekster] by ChanServ
10:35 < vegardx> Also remember that opening a port in the firewall is not the same as port forwarding.
10:35 < sm`> well the openvpn server is running on pfsense but i have diferrent router/swtich on the edgeof the private network
10:35 < sm`> so my rules are set there
10:36 < vegardx> Even if you set the destination address to the internal VPN-server. You need a forward.
10:36 <+hyper_ch> sm`: open ssh the same way and try to ssh into the server
10:36 < sm`> i already have ssh nat rule fwding traffic to different boxes
10:36 < sm`> and that one works fine
10:37 <+hyper_ch> it's a different box
10:37 < sm`> yes it is but the rules are almost identical
10:37 < sm`> they different only on the port 22 vs 1194 and the destination address
10:37 < vegardx> Have you opened up on the pfsense box as well?
10:37 < sm`> addresses*
10:37 < vegardx> Given that it's actually a firewall.
10:39 < mdorenka__> hyper_ch: already read it
10:40 <@dazo> hyper_ch: I do believe it works, because I use it myself ;-)  And if you hadn't been able to make it work, I'd ban you from this channel as punishment ;-)
10:41 <+hyper_ch> now I have nicely named interface :)
10:41 <+hyper_ch> no need to remeber which 10.x. space I gave which vpn :)
10:41 <@dazo> heh
10:42 <@dazo> mdorenka__: first of all, your OpenVPN server must have IPv6 connectivity, if you want IPv6 over the VPN tunnel to be useful
10:43 < sm`> vegardx: yep u were right... i added fw rule on the pfsense box too
10:43 < sm`> and now its oke
10:44 < sm`> ok*
10:44 < vegardx> I'd think twice about running a firewall / gateway as anything but a firewall or gateway. But that's just me.
10:45 < mdorenka__> dazo: the server has ipv6 connectivity
10:45 < mdorenka__> i can already reach the ovpn server itself
10:45 < mdorenka__> but i cant nodes on the internet
10:45 < mdorenka__> (via v6)
10:45 < vegardx> mdorenka__: If you read the link then I'm pretty sure it said something about tap-interfaces.
10:45 < pekster> No, don't dot hat
10:45 < pekster> Use a real routed block, since you're given enough in IPv6 to do this (ref: RFC6177)
10:46 < pekster> Just like the old budweiser commercials: "Routing, tastes great less filling!"
10:47 < sm`> vegardx yes i know but i need to keep the vpn available until i find time to setup new clean box that would run openvpn
10:47 < pekster> mdorenka__: So, use a block _routed_ to your v6 VPN server, use that with your network configuration for the VPN, and see either --server-ipv6 , or use the directives that "helper" directive expands into if you need to tune the defaults
10:47 < sm`> i completly agree with you :)
10:48 < mdorenka__> hm i used a /112 subnet out of my /64 block
10:48 < pekster> "out of"? No, you cannot further divide what's on-link
10:49 < pekster> You should have a /56 on-request, or at least "more" space. Per the RFC I mentioned
10:49 < pekster> If you don't, your ISP is retarted and you need to find one that has a clue (or better yet: several)
10:49 <+hyper_ch> oh well, I just haven a asus rt-ac68u as router/firewall - should I feel bad now?
10:49 < mdorenka__> well... the vps it runs on only costs 2ct/day
10:50 < mdorenka__> is it realy neccessary to have a whole 64 block?
10:50 < pekster> They're still idiots. Can't really fix broken, and there are a lot of idiots selling things
10:50 < pekster> It's necessary to have a ROUTED block; you can use a /112, although this will not wnork with the 2.2 debian patched version of openvpn
10:50 < pekster> Best to use a /64 to avoid that brekage. And don't hack stupidity. If your network provider is clueless, I strongly suggest you get a real grown-up ISP who is not stupid first
10:51 < pekster> (it's a bit like asking if you can mow your lawn with scisors because your lawn mower is out of gas. You _could_ do that, but it's very foolish)
10:53 < mdorenka__> im on ovpn2.3.2 so i should be fine using a /112 block?
10:53 < mdorenka__> i also get a ipv6 assigned out of that subnet
10:53 < pekster> No idea what that means
10:54 < pekster> If what you're assigned is routed to you, use that for the VPN. If not, you're doing things very wrong from the start anad can expect to need to perform goat sacrifices to get it to work
10:55 < mdorenka__> i have a whole 64 block assigned to the server, i can use arbitrary adresses of that and each one gets routet to the server
10:55 < pekster> No, on-link != routed
10:55 < pekster> Sounds like you need both some basic network knowledge and an ISP who's not fucked up
10:56 < pekster> On-link involves IPv6 NDP, while a routed block does not
10:56 < pekster> NDP proxy is also fucking retarted. So is "subnetting" a block that is already on-link.
10:56 < vegardx> There are some hosts out there with whack IPv6 setups.
10:56 < pekster> I already referenced the RFC. "You get what you pay for" and you've basically paid for the lowest level of monkey entrails you can find
10:57 < pekster> Don't expect me to tell you how to make the monkey guts dance for you
10:57 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 252 seconds]
10:58 < mdorenka__> ok how can i figure outh whether it is routet to the server or not?
10:58 <+hyper_ch> mdorenka__: you should update your client
10:58 < pekster> If it's on-link it's not routed; you'd need to ask your provider what routed block they've assigned you
10:58 < pekster> If they tell you they don't do that, buy from someone who isn't clueless
10:58 < pekster> (Linnode has good service here; you can get a routed /56 block on-reuqest)
10:58 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 264 seconds]
10:58 < pekster> No extra charge, because RFC6177 says you deserve this.
10:59 < mdorenka__> pekster,  that didnt answer my question on how to determine that ;)
11:00 < pekster> So look at your network config
11:00 < vegardx> Online.net gives you /48, which you delegate into /56 per server.
11:00 < mdorenka__> hyper_ch how is the client relevant for that? i mean i can get ipv6 data through the tunnel in both directions
11:00 < pekster> The /64 on-link is consumed. Obviously you cannot use what is on-link in a routed context
11:00 < pekster> If this is over your head, you need to go back and read about basisc networking before you can hope to do advanced networking like VPNs and routing across them
11:01 < pekster> vegardx: Routed in, one hopes
11:01 < vegardx> Naturally!
11:01 -!- Eagleman7 [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
11:01 < pekster> Yea. I've seen stupid providers put an entire /48 on-link :(
11:01 < mdorenka__> pekster: so if its routed i should be able to add an arbitrary address of that network to my server and then be able to ping it from the internet?
11:01 < pekster> Nope
11:01 < pekster> If it's routed you route it from your server
11:01 < pekster> Same as IPv4 works when routing
11:02 < pekster> Your problem isn't IPv6 so much as lack of basic networking concepts
11:02 < pekster> (that, and an ISP who is equally unqualified to do any real networking)
11:02 <+hyper_ch> it just seems old
11:02 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
11:02 -!- sm` [~S@46.217.87.73] has quit [Quit: Leaving.]
11:03 < pekster> Routers route packets. Routed blockcs are deligated to you from the upstream network provider, and then your router (the VPN server in this case) would receive them from that next-hop and would in turn direct them
11:03 < pekster> AKA, "routing."
11:03 < pekster> Maybe invest in a good book on the subject, or take some courses
11:06 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
11:09 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
11:14 -!- Eagleman7 is now known as Eagleman
11:15 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:17 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
11:17 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
11:36 <@dazo> mdorenka__: I don't remember if the current IPv6 implementation works with anything else than /64 ... I haven't used anything smaller anyway, so hard to say
11:37 <@dazo> (I see pekster have provided far better details)
11:51 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 272 seconds]
11:52 -!- elfixit [~Icedove@93.82.194.50] has joined #openvpn
11:55 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
12:02 -!- nicety [nicety@2604:a880:800:10::654:5001] has quit [Quit: nicety]
12:09 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
12:09 -!- mode/#openvpn [+v s7r] by ChanServ
12:15 -!- julius__ [~14354s@dslb-092-077-097-041.092.077.pools.vodafone-ip.de] has joined #openvpn
12:15 < julius__> ive read http://openvpn.net/index.php/open-source/documentation/howto.html#scope       but is there also a way to include machines that are behind the client?  i mean i would like to access the machines behind the client from my other client that accesse the openvpn server
12:15 <@vpnHelper> Title: HOWTO (at openvpn.net)
12:22 <+hyper_ch> !lan
12:22 <+hyper_ch> !serverlan
12:22 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/serverlan.png |
12:22 <@vpnHelper> http://pekster.sdf.org/misc/serverlan.png
12:23 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has joined #openvpn
12:23 < Dimik> i have openvpn server on windows 7 x64 and the speed is dramatically decreased
12:23 < Dimik> the openvpn uses TCP
12:24 < Dimik> i thought maybe if i used UDP i'd speed it up but when i switch to UDP the client connects but can't ping anything
12:25 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:27 < julius__> hyper_ch, i dont believe i have a serverlan. the clients i want to reach are behind a actual openvpn client
12:28 <@krzee> ya thats:
12:28 <@krzee> !clientlan
12:28 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
12:28 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://ircpimps.org/clientlan.png | http://pekster.sdf.org/misc/clientlan.png
12:28 <@krzee> same idea, but with an iroute
12:28 < julius__> crap, the flowchart doesnt open
12:29 <@krzee> use the second link
12:29 <@krzee> grr im going to remove the ones with my domain, im too lazy
12:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 245 seconds]
12:29 < Dimik> any idea why switching from tcp to udp stops vpn from working ?
12:29 <@krzee> stillllll havnt put my webserver back online :D
12:30 <@krzee> Dimik, firewall?
12:30 <@krzee> !forget clientlan 3
12:30 <@vpnHelper> Joo got it.
12:30 <@krzee> !learn clientlan as Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
12:30 <@vpnHelper> Joo got it.
12:30 <@krzee> !forget serverlan 3
12:30 <@vpnHelper> Joo got it.
12:30 <@krzee> !learn serverlan Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
12:30 <@vpnHelper> (learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
12:31 <@krzee> !learn serverlan as Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
12:31 <@vpnHelper> Joo got it.
12:31 < Dimik> yeah if it was firewall blocking it it just wouldn't connect
12:31 <@krzee> !factoids search --values ircpimps
12:31 <@vpnHelper> 'sample', 'sockd', 'krzee', and 'redirect'
12:31 < Dimik> but it connects and is unable to ping server
12:31 <@krzee> !redirect
12:31 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
12:31 <@vpnHelper> http://ircpimps.org/redirect.png | http://pekster.sdf.org/misc/redirect.png
12:31 <@krzee> Dimik, it cant ping server and server cant ping it?
12:31 <@krzee> !forget redirect 4
12:31 <@vpnHelper> Joo got it.
12:32 < Dimik> krzee, correct
12:32 <@krzee> !learn redirect as Handy troubleshooting flowchart: http://pekster.sdf.org/misc/redirect.png
12:32 <@vpnHelper> Joo got it.
12:32 <@krzee> Dimik,
12:32 <@krzee> !logs
12:32 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
12:32 <@krzee> verb 5 please
12:32 < Dimik> ok
12:32 <@krzee> and run both pings before posting the logs
12:34 < Dimik> server: http://pastebin.com/SqP776kd
12:36 <@krzee> you ran both pings before posting that?
12:36 < Dimik> yes sir
12:36 < Dimik> no wait
12:36 < Dimik> not on this config, sorry
12:36 < Dimik> hold on
12:36 <@krzee> hehe
12:37 <@krzee> ya, i was going to point out that the client never connected, and you should connect a client before running the pings :D
12:37 <@krzee> for best results, connect a client to your server ;]
12:37 < Dimik> :)
12:39 < Dimik> server: http://pastebin.com/nHhKdwC
12:41 <@krzee> This paste has been removed!
12:41 < Dimik> http://pastebin.com/nHhKdwxC
12:42 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:43 < Dimik> client: http://pastebin.com/7hi3EtdL
12:43 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:43 <@krzee> what ip did you ping?
12:44 < Dimik> 172.16.201.6 from server
12:44 < Dimik> 172.16.201.1 from client
12:45 <+hyper_ch> I still wonder why routers by default use 192.168.[0|1].x as lan... 10.0.0.x is so much easier to remember
12:46 < Dimik> because 10.0.0.x is a larger block
12:46 <@krzee> no its not
12:46 <@krzee> a /24 is /24
12:46 < Dimik> it used to be overwhelming for the routers a while back
12:46 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Max SendQ exceeded]
12:46 < Dimik> yeah but by default it's not /24
12:46 -!- DrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:47 <@krzee> no?
12:47 < Dimik> on some of cisco firewalls it automatically changes the mask to /8 so you have to edit it by hand
12:47 < Dimik> anyway
12:47 <+hyper_ch> sounds more like a cisco particularity
12:47 <@krzee> Dimik, your client is already running i think
12:47 <@krzee> when you try to run the config it hates
12:47 <@krzee> ps auxw|grep openvpn
12:48 < Dimik> krzee, windows on both sides unfortunately
12:48 <+hyper_ch> krzee: dazo told me the most wonderful thing today.... namely that your tun devices don't need to be named tun[0-9] but can have any awesome name
12:48 < Dimik> let me look into processes
12:48 <@krzee> oh, then are you running this as admin?
12:48 <@krzee> or maybe the service?
12:48 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:49 <@krzee> !winadmin
12:49 < Dimik> krzee, service on server side but i stopped it
12:49 <@krzee> server side is fine, client side is puking
12:49 <@krzee> its also not verb 5, but thats fine since we see the error
12:49 < Dimik> let me see here
12:50 <@krzee> also Dimik, show me your configs
12:50 <@krzee> you may obfuscate the server ip, thats fine
12:50 <@krzee> !configs
12:50 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:50 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 272 seconds]
12:52 < Dimik> so weeeeeeeeeeird
12:52 < Dimik> brb reboot tiem
12:52 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has quit [Remote host closed the connection]
12:53 -!- jssjr [~relax@wigeon.jssjr.net] has joined #openvpn
12:54 < jssjr> possibly off-topic, but perhaps someone here can help. is there a way to have Viscocity reload profiles from the command line? I see how to connect/disconnect, but importing the same configuration twice result in multiple connection profiles.
12:54 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
12:55 <+hyper_ch> I have never heard of Viscocity... so my answer te your question is 42
12:55 <@krzee>  no idea i use tunnelblick
12:55 <@krzee> but could delete the old one and import again, in response to "but importing the same configuration twice result in multiple connection profiles"
12:56 < jssjr> krzee: i can remove the config directory that was created on import, but Viscocity doesn't reload its profiles, so subsequent imports still create new profiles
12:57 < jssjr> this is really annoying. the actual openvpn parts were trivial ;)
12:57 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has joined #openvpn
12:57 < Dimik> baq
12:57 <@krzee> hyper_ch, viscosity is for osx, but it is payware so i use tunnelblick (oss)
12:58 <@krzee> !osx
12:58 <@vpnHelper> "osx" is (#1) Tunnelblick includes everything you need to run OpenVPN on OS X. https://code.google.com/p/tunnelblick/ or (#2) Viscosity is another OpenVPN client for OS X, but it is commercial. http://www.thesparklabs.com/viscosity/
12:58 <+hyper_ch> krzee: I still stand by my answer to his question
13:01 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 272 seconds]
13:03 <@krzee> same error Dimik?
13:03 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:04 < Dimik> krzee, take a look at this log verb5 from client
13:04 < Dimik> http://tny.cz/0c9ccf27
13:04 <@vpnHelper> Title: client verb5 - 0c9ccf27 (at tny.cz)
13:06 < Dimik> http://tny.cz/dd742526
13:06 <@vpnHelper> Title: client config - dd742526 (at tny.cz)
13:06 < Dimik> client config file
13:06 <@krzee> you gotta remove all those comments
13:07 <@krzee> not looking at 300 lines to see 10 lines
13:07 <@krzee> and the first link isnt working
13:08 <+hyper_ch> krzee: you're eyes aren't conditioned to automagically blend out commented lines?
13:09 <@krzee> nope, thats why vpnHelper tells us how to do it
13:09 <@krzee> !configs
13:09 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:09 < Dimik> sorry
13:09 <@krzee> np
13:10 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Ping timeout: 256 seconds]
13:11 < Dimik> http://tny.cz/cc242214
13:11 <@vpnHelper> Title: client config - cc242214 (at tny.cz)
13:12 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
13:13 <@krzee> and server config, and new client log with verb 5
13:13 -!- roadrunner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:15 <+hyper_ch> plaisthos: in my configs I set retry to infinite but in your client it was auto-bad-magically altered to retry 5 times only
13:15 -!- roadrunner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:16 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 245 seconds]
13:17 < Dimik> server config: http://tny.cz/85bee4b6
13:17 <@vpnHelper> Title: local 192.168.80.116 port 1194 ;proto tcp proto udp ;dev tap dev... - 85bee4b6 (at tny.cz)
13:17 < Dimik> err nvm
13:17 < Dimik> wrong paste
13:17 < Dimik> server config: http://tiny.cz/85bee4b6
13:17 < Dimik> wait
13:18 < Dimik> wrong again
13:18 < Dimik> server config: http://tny.cz/85bee4b6
13:19 <@vpnHelper> Title: local 192.168.80.116 port 1194 ;proto tcp proto udp ;dev tap dev... - 85bee4b6 (at tny.cz)
13:19 <@krzee> what is 192.168.80.1 ?
13:20 < Dimik> the 192.168.80.1 is the router on a remote LAN
13:20 <@krzee> what are you trying to do?
13:21 < Dimik> trying to establish a UDP openvpn connection with the openvpn server on the other side
13:21 < Dimik> server is behind a router 192.168.80.1
13:21 <@krzee> remove all lines where that 80.1 shows up
13:21 <@krzee> not needed
13:21 < Dimik> ok
13:21 <@krzee> change server netmask to 255.255.255.0
13:22 <@krzee> it will break clients into /30 subnets on its own
13:22 <@krzee> !/30
13:22 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
13:23 < Dimik> ok i'm just trying to avoid it using a block that's already in use
13:23 <@krzee> is some of 172.16.201.0 already in use?
13:23 < Dimik> yeah
13:23 <@krzee> use a different subnet!!!
13:23 <@krzee> !randomsubnet
13:23 <@vpnHelper> '"randomsubnet" is (#1) http://scarydevilmonastery.net/subnet.cgi for a random !1918 subnet or (#2) If your shell has $RANDOM support, perhaps try this: `echo 10.$((RANDOM%256)).$((RANDOM%256)).0/24 ` or (#3) Or try this perl oneliner: `perl -e \'printf 10.%d.%d.0/24\n , int(rand(256)), int(rand(256));\'`'
13:23 < Dimik> can't, it's a clusterfuck
13:24 <@krzee> you must, you are creating the clusterfuck
13:24 <@krzee> i will help you get it all routing
13:24 <@krzee> but do it right!
13:24 < Dimik> the other admins have a rule for their remote equipment using that block they won't add another block for me
13:24 < Dimik> so that's the block that i share with 4 different vpn types
13:24 < Dimik> pptp ipsec ssl and openvpn
13:25 <@krzee> lol
13:25 < Dimik> yeah
13:25 <@krzee> they cant give you like a /23?
13:25 < Dimik> my point exactly
13:25 <@krzee> thats no harder to route to than a /24
13:25 <@krzee> ok so you want topology subnet for sure
13:25 <@krzee> !topology
13:25 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
13:26 < Dimik> the guy that i'm dealing with is braindead he won't configure his firewall because he's afraid to mess something up
13:26 < Dimik> the setup works with TCP openvpn
13:26 < Dimik> but speed is dramatically decreased
13:26 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:26 < Dimik> 10 times decrease to be exact, so i thought maybe it was a TCP problem
13:27 < Dimik> i also tried different versions of software
13:27 <@krzee> ok so you removed those .80.1 lines, right?
13:27 < Dimik> yeah
13:27 < Dimik> just now i did
13:27 <@krzee> you also dont want push "route 172.16.201.1"
13:27 <@krzee> read --server in the manual and see thats already handled
13:28 <@krzee> you can only push redirect-gateway once
13:28 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:29 <@krzee> you dont want the local flag
13:29 <@krzee> that is for connecting from within the same lan
13:29 < Dimik> ok
13:30 < Dimik> why is my client log on verb5 scrolling wrwrwrwrwrwrwrw nonestop
13:30 <@krzee> because its reading and writing
13:30 <@krzee> thats verb 5
13:30 <@krzee> and thats good
13:30 < Dimik> ok :)
13:30 <@krzee> now do the pings
13:31 < Dimik> when pinging client from server i get TTL expired in transit
13:31 < Dimik> pinging server from client i get request timeout
13:31 <@krzee> now look at server logs
13:31 <@krzee> is it rwrwrwrw or wwwwww?
13:33 <@krzee> windows firewall might need to be disabled on the tap device
13:33 < Dimik> the server log doesn't show rwrwr
13:33 < Dimik> it's disabled on both sides
13:34 <@krzee> did you open properties on the gui and set it to start in admin compatibility mode?
13:35 <@krzee> sorry man i gotta run these cambodia mosquitos are eating me alive
13:35 < Dimik> :)
13:35 < Dimik> yeah i'm running in admin mode
13:35 < Dimik> alright thanks for your help!
13:36 <@krzee> figure out why you arent seeing the rwrwrw in server side
13:36 <@krzee> np
13:36 <@krzee> and definitely add topology subnet
13:37 <@krzee> thats the only way server 172.16.201.0 255.255.255.240   becomes useful
13:38 <@krzee> as for increasing security, after you get it working you'll want to increase dh key size, and look into --tls-auth
13:39 < Dimik> yep
13:39 < Dimik> thanks
13:42 <@plaisthos> hyper_ch: err, will put that on my todo list
13:42 <+hyper_ch> plaisthos: :)
13:43 <+hyper_ch> I thought it might have been intentionally
13:43 <+hyper_ch> e.g. it could cause huge battery drain when trying to reconnect or something
13:45 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:49 <@plaisthos> hyper_ch: yeah that is reason
13:49 <@plaisthos> i think it just ignores the settings when reading config and just has 5 as default
13:50 <+hyper_ch> not good since I set infinite explicitely :(
13:51 <@plaisthos> I know :)
13:52 <+hyper_ch> :)
14:09 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 240 seconds]
14:09 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 255 seconds]
14:10 -!- DrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 255 seconds]
14:11 -!- dazo is now known as dazo_afk
14:14 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
14:20 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
14:20 -!- DrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
14:21 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
14:29 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
14:32 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
14:40 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
14:41 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
14:43 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has quit [Ping timeout: 250 seconds]
14:54 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 256 seconds]
14:54 -!- DrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 265 seconds]
15:12 -!- swebb [~swebb@192.69.23.161] has quit [Quit: badcheese.com - where crap sometimes gets done]
15:15 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
15:20 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
15:23 -!- A_Pickle [~apickle@192.146.216.10] has joined #openvpn
15:24 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:24 -!- kexmex [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
15:25 < A_Pickle> I have a few questions - I'm trying to set up a VPN that I'm hosting from my server at home, and it's running Windows Server 2008 R2.
15:25 < A_Pickle> I'm using OpenVPN 2.3.6 I601
15:25 < A_Pickle> And I'm wondering:  Is there a particular version of EasyRSA I'm supposed to use?
15:26 < mnathani_> how does one enable ipv6 forwarding on CentOS
15:26 <+esde> !easy-rsa
15:26 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
15:26 <+esde> !!linipforwarding
15:26 <+esde> !linipforwarding
15:26 <+esde> !ipforward
15:26 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
15:26 <+esde> !linipforward
15:26 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
15:27 < A_Pickle> The reason I ask is because I have, without exception, found that while EasyRSA is GREAT for initial startup... if I need to add a user or client down the road (and I will have to)... I basically have to rebuild the entire CA and certificate structure.
15:27 < mnathani_> thats all good for ipv4, but I need ipv6 forwarding
15:27 <+esde> wat
15:27 <+esde> you just run the script and generate a new client cert/key pair
15:27 <+esde> no need to rebuild anything
15:27 < mnathani_> A_Pickle you use the same ca keys
15:27 < mnathani_> dont do the vars and clean all steps
15:28 <+esde> no
15:28 < A_Pickle> Right, but whenever I try to run the same "build-key ________" command, it doesn't work.
15:28 <+esde> you should still source vars, just no clean all
15:28 < A_Pickle> It'll work moments after I create the CA, just fine.
15:28 <+esde> then you need to find out why that is
15:28 <+esde> but that is not default behavior
15:28 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
15:29 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Client Quit]
15:29 < A_Pickle> But if I need to create a new certificate, like, months down the road, I get "WARNING: can't open config file: /usr/local/ssl/openssl.cnf"
15:29 < A_Pickle> This is using an elevated command prompt and everything.
15:29 <+esde> again, you need to troubleshoot that and get it resolved first
15:30 <+esde> that's not openvpn related
15:30 <+esde> that's an openssl specific problem
15:30 < A_Pickle> Okay.
15:30 < A_Pickle> I assume that the current OpenVPN installer includes EasyRSA 2.2.2?
15:30 <+esde> It usually just works. perhaps some permissions got changed or something :/
15:31 <+esde> openvpn no longer ships with easy-rsa
15:31 < A_Pickle> Whaaaaaaaaaaat.
15:31 < A_Pickle> Maybe my easy-rsa folder just got... left in...
15:31 -!- quup [~ppp@unaffiliated/quup] has left #openvpn []
15:31 <+esde> Note that easy-rsa is no longer bundled with OpenVPN source code archives. To get it, visit the easy-rsa page on GitHub, or download it from our Linux software repositories.
15:32 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
15:32 <+esde> source:
15:32 <+esde> http://openvpn.net/index.php/open-source/downloads.html
15:32 <@vpnHelper> Title: Downloads (at openvpn.net)
15:33 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Client Quit]
15:34 < A_Pickle> I actually read that
15:35 < A_Pickle> That's what prompted me to start messing around with easyRSA v3
15:35 < A_Pickle> Which seems very cool and much more powerful and secure, but... I'm not trying to fight the NSA here, I'm just trying to set up reasonably secure file access to my home server from my mobile devices and such.
15:36 < A_Pickle> I'm MUCH more familiar with easyRSA of the 2.x branch.
15:36 < A_Pickle> So I guess I'll fetch that and give it a go.
15:36 < A_Pickle> Is there a recommended version of easyRSA to use with OpenVPN 2.3.x?
15:36 < A_Pickle> IE, should I be using v3 for security purposes?
15:38 -!- jssjr [~relax@wigeon.jssjr.net] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
15:56 < vegardx> I really doubt the keys them selves will be any different.
15:56 < vegardx> So likely not more secure.
15:57 < vegardx> But breaking the encryption is not the attack vector you want to focus on.
15:57 -!- nicety [nicety@2604:a880:800:10::654:5001] has joined #openvpn
16:11 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has quit [Ping timeout: 264 seconds]
16:13 < A_Pickle> Hah, I know what you mean.  I guess I should get a server case with decent locks on the drives, in a secure room, before I go on about MITM attacks.
16:14 < A_Pickle> The keys in EasyRSA v3 though use the whole DN concept which is nice, thoug
16:14 < A_Pickle> I'm so pressured to be honest with the key variables
16:16 < vegardx> Hehe, know the feeling.
16:17 < julius__> ive used: http://pekster.sdf.org/misc/clientlan.png  to setup my server config so that my "internal lan" can be reached from the outside...but i can only "ping 192.168.1.145" (a client inside the lan) from my vpn server...not from one of my vpn clients.  i got: route 192.168.1.0 255.255.255.0          AND          push "route 192.168.1.0 255.255.255.0"  in my server config and the openvpn server has ip forwarding enabl
16:17 < julius__> ed
16:17 < julius__> why cant i reach my clients?
16:18 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:23 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:23 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 246 seconds]
16:33 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
16:34 -!- Eagleman [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
16:36 -!- chocolate [~user@187.181.99.77] has joined #openvpn
16:44 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
16:45 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has joined #openvpn
16:49 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:57 -!- Eagleman [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:16 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:17 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
17:21 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
17:21 < pekster> A_Pickle: That's one of the benefits of v3, yes. The other big high-level improvement is that sending CSRs to be signed by a "secure" CA (whatever that means for your environment) is more straight-forward
17:27 -!- julius__ [~14354s@dslb-092-077-097-041.092.077.pools.vodafone-ip.de] has quit [Ping timeout: 265 seconds]
17:28 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
17:32 -!- Exagone313 [exa@2001:bc8:3e46:313::1] has quit [Quit: see ya!]
17:33 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
17:33 -!- Exagone313 [exa@elou.world] has joined #openvpn
17:39 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:46 < A_Pickle> pekster:  Yes, I did see that, I have always just used trusted flash drives and encrypted .7z archives -- much to the chagrin of security professionals everywhere.
17:47 < A_Pickle> I am nonetheless interested in doing it the RIGHT way, though, so I'm going to give v3 a shot.
17:53 -!- IPJunkie1 [~mike@garza.riseup.net] has left #openvpn []
18:00 -!- A_Pickle [~apickle@192.146.216.10] has quit [Read error: Connection reset by peer]
18:15 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
18:20 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:53 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Quit: Leaving.]
19:00 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
19:04 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn []
19:06 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 256 seconds]
19:07 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 256 seconds]
19:07 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 252 seconds]
19:08 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
19:08 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 264 seconds]
19:12 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
19:13 -!- `Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
19:14 -!- Netsplit *.net <-> *.split quits: tekzilla, Olipro, cali, marlinc, cyberanger, Exagone313, dupondje, haasn, Nothing4You, D-Boy,  (+3 more, use /NETSPLIT to show all of them)
19:14 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
19:16 -!- Olipro_ is now known as Olipro
19:16 -!- `Nothing4You is now known as Nothing4You
19:20 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 256 seconds]
19:24 -!- Netsplit over, joins: _bt, D-Boy, Exagone313, tekzilla, dupondje, marlinc, codebam, cali, cyberanger, haasn (+1 more)
19:24 -!- Exagone313 [exa@elou.world] has quit [Max SendQ exceeded]
19:24 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
19:24 -!- Exagone313 [exa@elou.world] has joined #openvpn
19:35 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
19:37 -!- Netsplit *.net <-> *.split quits: nsrafk, Fusl, SupaYoshi, ratsupremacy, cali, someone, Denial, varesa, Nothing4You, pythonsnake1,  (+75 more, use /NETSPLIT to show all of them)
19:37 -!- Netsplit *.net <-> *.split quits: lxusrbin, d10n, shootbird, `hypermist`, ausjke, FruitieX, Magiobiwan, JackWinter, carlcrack, @krzee,  (+82 more, use /NETSPLIT to show all of them)
19:37 -!- Netsplit *.net <-> *.split quits: Milos|Work, Schrottfresse, nomad_fr, AlexRussia, luckman212, nicety, funnel, Tander1gi, Cultist, Pandemic_Force,  (+11 more, use /NETSPLIT to show all of them)
19:52 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has joined #openvpn
19:52 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
19:52 -!- Netsplit over, joins: _bt, ender|, Tander1gi, txdv, @krzee, @plaisthos, @dazo_afk, Haigha, shivanshu, luckman212 (+128 more)
19:52 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has joined #openvpn
19:52 -!- Netsplit over, joins: pekster, HyP3r, awk, zalami, nocturn, dyer, ghormoon, grosjean, jeev, zimboboyd (+33 more)
19:52 -!- ServerMode/#openvpn [+vv esde hyper_ch] by barjavel.freenode.net
19:52 -!- Netsplit over, joins: lev__, roentgen, Fiouz, varesa, shimano, Schrottfresse, meepmeep, funnel, Pandemic_Force, AsadH (+1 more)
19:52 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Max SendQ exceeded]
19:52 -!- riddle [riddle@us.yunix.net] has quit [Max SendQ exceeded]
19:52 -!- Netsplit over, joins: ser_berry
19:52 -!- tekk [~me@185.17.149.149] has quit [Ping timeout: 245 seconds]
19:52 -!- edward [~edward@4angle.com] has quit [Ping timeout: 245 seconds]
19:52 -!- edward [~edward@4angle.com] has joined #openvpn
19:52 -!- khaldrogox [~anonymous@66.87.119.170] has joined #openvpn
19:56 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
19:56 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
19:56 -!- riddle [riddle@us.yunix.net] has joined #openvpn
20:04 -!- kazoo [~WHY@unaffiliated/kazoo] has joined #openvpn
20:04 -!- burp [~quassel@ns337126.ip-188-165-218.eu] has joined #openvpn
20:04 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
20:11 -!- Netsplit *.net <-> *.split quits: kazoo, Nothing_Much, burp
20:16 -!- Netsplit over, joins: kazoo, burp, Nothing_Much
20:19 -!- khaldrogox [~anonymous@66.87.119.170] has quit [Quit: khaldrogox]
20:20 -!- elfixit [~Icedove@93.82.194.50] has quit [Ping timeout: 265 seconds]
20:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
20:42 -!- nicety [nicety@2604:a880:800:10::654:5001] has quit [Quit: nicety]
20:43 -!- nicety [nicety@2604:a880:800:10::654:5001] has joined #openvpn
20:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:50 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
21:05 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has quit [Ping timeout: 272 seconds]
21:08 -!- khaldrogox [~anonymous@c-50-148-174-212.hsd1.ca.comcast.net] has joined #openvpn
21:09 -!- khaldrogox [~anonymous@c-50-148-174-212.hsd1.ca.comcast.net] has quit [Client Quit]
21:24 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Quit: he's got nothing to lose and now he made you believe the ruiner's your only friend well he's the living end to the cattle he deceives the raping of the innocent the ruiner ruins everything he sees now the only pure thing left in my fucking world is weari]
21:28 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 252 seconds]
21:32 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
21:32 -!- mode/#openvpn [+o plaisthos] by ChanServ
21:36 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:37 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
21:39 -!- jpalmer [~jpalmer@unaffiliated/jpalmer] has quit [Quit: WeeChat 0.4.2]
22:42 -!- u0m3 [~u0m3@109.96.133.187] has quit [Ping timeout: 244 seconds]
22:51 < mnathani_> I am looking for assistance with my ipv6 openvpn setup. Aim is to get a v4 only client v6 connectivity through the v4 openvpn tunnel terminating on a dual stack server with extra routable /64
22:52 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
23:05 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
23:07 -!- ShadniX [dagger@p5DDFC651.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:08 -!- ShadniX [dagger@p5DDFE074.dip0.t-ipconnect.de] has joined #openvpn
23:41 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
23:41 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
23:42 -!- badon_ is now known as badon
--- Day changed Wed Feb 25 2015
00:56 -!- mdorenka__ [d51efb89@gateway/web/freenode/ip.213.30.251.137] has quit [Quit: Page closed]
01:32 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
01:56 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Remote host closed the connection]
01:58 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:03 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
02:08 -!- lxusrbin [~lxusrbin@han.solo.from-outer.space] has quit [Quit: leaving]
02:38 < flyingkiwi> mnathani_, openvpn can do that. any issues?
03:16 -!- `hypermist` is now known as sleepypc
03:18 -!- donnib [~donnib@152.115.31.4] has joined #openvpn
03:18 < donnib> Hi
03:18 < donnib> i have problems connecting to a tunnel i just created, i get Options error: --auth-user-pass fails with 'pull': No such file or directory
03:18 < donnib> i tried searching online and can't seem to find what the reason for this problem is
03:19 < donnib> i am on Tunnelblick on Mac trying to connect to a OpenVPN server on EdgeRouter
03:24 -!- sleepypc is now known as `hypermist`
03:30 < donnib> nevermind, i removed pull and then it started asking for password
03:31 -!- julius__ [~14354s@dslb-092-077-026-120.092.077.pools.vodafone-ip.de] has joined #openvpn
03:32 < julius__> ive used: http://pekster.sdf.org/misc/clientlan.png  to setup my server config so that my "internal lan" can be reached from the outside...but i can only "ping 192.168.1.145" (a client inside the lan) from my vpn server...not from one of my vpn clients.  i got: route 192.168.1.0 255.255.255.0          AND          push "route 192.168.1.0 255.255.255.0"  in my server config and the openvpn server has ip forwarding enabl
03:32 < julius__> ed
03:32 < julius__> any ideas?
03:36 -!- grosjean [~grosjean@unaffiliated/grosjean] has quit [Ping timeout: 255 seconds]
03:42 < julius__>  tcpdump -i tun0 icmp
03:42 < julius__>           on the vpn server shows nothing, so my vpn client doenst even send the pings to the server
03:42 < julius__> !clientlan
03:42 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
03:42 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
03:51 < flyingkiwi> julius__, is your vpn-client also connected to another 192.168.1.0/24 network (like its LAN)?
03:51 < julius__> no, one lan is 192.168.178.0 and the other is 192.168.1.0
03:52 < julius__> btw, nice nick
03:53 < flyingkiwi> hehe! can you pastebin you server and client config?
03:56 < julius__> sure
03:56 < julius__> !paste
03:56 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
03:56 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
04:01 < julius__> https://gist.github.com/anonymous/ab6849854b3297b8ea4f
04:01 <@vpnHelper> Title: gist:ab6849854b3297b8ea4f (at gist.github.com)
04:01 < julius__> server config is up to line 32
04:04 -!- lxusrbin [~lxusrbin@2001:4ba0:fffd:f7::6667] has joined #openvpn
04:08 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
04:12 -!- donnib [~donnib@152.115.31.4] has quit [Ping timeout: 256 seconds]
04:14 < flyingkiwi> julius__, ah, okay! you're having a VPN concentrator (10.8.33.0/24), a LAN (192.168.1.0/24) behind the client and you try to rech 192.168.1.0/24 from another vpn client?
04:14 < flyingkiwi> *reach
04:19 < flyingkiwi> tcpdump -ni tun0 will not show anything, because in this case the traffic is routed internal
04:25 -!- grosjean [~grosjean@unaffiliated/grosjean] has joined #openvpn
04:25 < flyingkiwi> you missed "push route 10.8.33.0 255.255.255.0"
04:35 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Ping timeout: 252 seconds]
04:36 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
04:37 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:37 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:38 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
04:48 < julius__> flyingkiwi, yes...let me test that
04:50 < julius__> /etc/init.d/openvpn restart      on the server - looks like this does not kill current connections and does not make the clients reconnect to get the new server config information?
04:50 < julius__> is there a way to make the clients reconnect from the server?
05:02 < julius__> flyingkiwi, ah, you were right...it works
05:03 < julius__> but why do i have to add "push route 10.8.33.0 255.255.255.0"       ? shouldnt the openvpn server know about 10.8.33.0?
05:03 <+hyper_ch> does your client know?
05:06 <@krzee> !push
05:06 <@vpnHelper> "push" is usage: push <command> , goes in the server config and makes the command act as if it was in the client config, can be used in ccd entries
05:19 -!- nicety [nicety@2604:a880:800:10::654:5001] has quit [Quit: nicety]
05:20 -!- donnib [~donnib@152.115.31.4] has joined #openvpn
05:34 < julius__> ah ok
05:38 < julius__> im not that big into routing, what does route 10.8.33.0 tell the client?   i know what a default gateway does and how its setup but besides that i only know about "route via 1.2.3.4" but in this case theres no via...just one ip?
05:40 -!- donnib [~donnib@152.115.31.4] has quit [Ping timeout: 246 seconds]
05:49 -!- Chais [~Chais@unaffiliated/chais] has quit [Read error: Connection reset by peer]
05:53 <@krzee> via the vpn.
05:53 < julius__> but 10.8.33.0 is the vpn
05:58 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:15 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:27 -!- wiflix [~wiflix@ip1f100bd2.dynamic.kabel-deutschland.de] has joined #openvpn
06:28 < pekster> julius__: You won't have to add that route-push for 10.8.33.0/24 with --client-to-client in net30 mode (see also: !net30) as this is implied. This said, net30 sucks and you're better off using subnet topology anyway to avoid 7-year-old behavior that's not necessary: read about that in !topology
06:28 < wiflix> hey guys ...
06:30 < wiflix> i can't really find info about how persistent pushed options are. if i push "remote"-options, will they be stored? will they be forgotten after that current connection? (then it would not make sense to push remote-options at all :) )
06:30 < wiflix> or after next restart?
06:31 < pekster> Those can't be pushed
06:31 < pekster> They deal with connecting and authenticating the connection itself, which naturally occurs before the PUSH_REQUEST can happen
06:36 < julius__> will do
06:36 < julius__> !topology
06:36 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
06:39 < wiflix> mh, so my idea of having a load-balancing instance, just pushing a list of remotes and then disconnect to make the client connect to the pushed remote won't work
06:41 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
06:42 < wiflix> on the server side is it possible to hand over an established connection to another openvpn instance? using the client's float option ...
06:42 < pekster> Nope, and --float doens't actually work today (work is being done on that though.) It does _not_ float "across" instances, just across changing IPs
06:43 < wiflix> thanks
06:43 < wiflix> ok, so there is no real way to loadbalance openvpn between instances? :-/
06:43 < pekster> DNS, or a list of remotes and --remote-random, or an actual load balancer that does the usual NAT to its internal pool of servers are all valid choices
06:44 < wiflix> other then a) routing through a loadbalancer which then would have to route all combined traffic or b) round robin pseudo random
06:44 < pekster> DNS with low TTLs gives you some fairly direct control over things so long as the extra DNS traffic isn't an issue
06:45 < pekster> You could probably come up wtih a clever solution to generally round-robin that but weight away from heavily loaded backends
06:48 < wiflix> mh ... that was my last resort. to update dns records via the API depending on current load ...
06:48 < wiflix> ok, thanks a bunch for the info
06:53 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
06:55 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
06:58 -!- lxusrbin [~lxusrbin@2001:4ba0:fffd:f7::6667] has quit [Quit: leaving]
07:11 -!- lxusrbin [~lxusrbin@han-solo.atw0rk.net] has joined #openvpn
07:16 -!- dazo_afk is now known as dazo
07:16 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:24 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
07:26 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:43 -!- donnib [~donnib@152.115.31.4] has joined #openvpn
07:44 < donnib> how does one handle a full tunnel and split tunnel config ? should i create two separete tunnels or ?
07:44 < donnib> i need a way of selecting either one
07:50 < rob0> no idea what you are saying, sorry
07:54 < wiflix> if i have a client config with two remotes, both remotes are domainnames with two A-records. the first A-record of the first remote is not availbale. will openvpn try the second A-record of remote1 or will it just move on to remote2?
07:56 < rob0> I bet it would only try each name once, but I don't know for sure.  Maybe you could test?
07:59 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
08:03 < donnib> rob0: i have a OpenVPN server which i connect to from Mac, the OpenVPN server is configured in such way that it pushes the redirect gateway tot the client so i can accomplish a Full Tunnel e.g route all traffic thru the VPN, this is working great
08:04 < donnib> rob0: now i want a Split Tunnel as well on the same server, i know how to do that but how do i accomplish to have both ? I want to change between Full / Split tunnel on the Client side
08:04 < donnib> rob0: sometimes i need full and some times (most of the times) i need the Split Tunnel
08:05 < donnib> rob0: does it make sense now ?
08:05 < rob0> yes
08:06 < rob0> I guess "split tunnel" means a secure link between two hosts/sites, not using --redirect-gateway
08:06 < rob0> and it's tricky
08:07 < donnib> Split tunnel just means that when i connect to the OpenVPN server i can access the local lan thru the VPN but all other traffic to the internet goes to the local computer gateway
08:07 < rob0> somehow you want to except the second tunnel transport from the first tunnel's redirected gateway
08:08 < donnib> i know how to do this so that’s not the issue e.g setup a split tunnel, my problem is pure what’s the best way to do this, have two different tunnels on the OpenVPN server (they need different config)
08:08 < donnib> and then have two client profiles so i can choose between them
08:09 -!- u0m3 [~u0m3@92.80.124.148] has joined #openvpn
08:17 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Ping timeout: 265 seconds]
08:22 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
08:34 -!- JackWinter_ [~jack@vodsl-4965.vo.lu] has joined #openvpn
08:37 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Ping timeout: 264 seconds]
08:41 -!- elfixit [~Icedove@89.185.125.3] has joined #openvpn
08:52 -!- elfixit [~Icedove@89.185.125.3] has quit [Ping timeout: 252 seconds]
08:59 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
09:01 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
09:14 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 255 seconds]
09:18 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
09:24 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
09:27 -!- wiflix [~wiflix@ip1f100bd2.dynamic.kabel-deutschland.de] has quit [Ping timeout: 250 seconds]
09:29 < julius__> pekster, im pretty sure that adding    push route "10.8.33.0 255.255.255.0"   solved my problem, now i can ping from one private lan into the other
09:29 < julius__> before it wasnt working
09:30 -!- hikenboot [~hikenboot@2601:6:7000:5b00::6120] has joined #openvpn
09:30 < mutilator> ugh maaaan
09:30 < mutilator> so disappointed, openvpn client works perfect on ios
09:30 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:31 < mutilator> but ofcourse most android need rooted if they even have a module available for them
09:31 < hikenboot> hi, struggling to understand a couple of things "server 10.8.0.0 255.255.255.0" in general.ovpn is the external ip and subnet for the vpn server? Second question: does this have to have more than one address for open vpn to work? (I will hold off for my 3rd and 4th question for this answer)
09:32 < hikenboot> more than one addresss (inbound and outbound is what I am thinking)
09:45 < julius__> i would bet that 10.8.0.0 is not a ip adress but describes a network, the last 0 tells you that
09:45 < julius__> if you try to give your windows host a ip that ends in a zero the dialog complains
09:46 < hikenboot> I realize that but what is the minimum number of ip's on the subnet that will make this work (this is experimental)
09:47 < hikenboot> only needs two clients to attach for proof of concept
09:47 < hikenboot> by the way that config file is from the sample files
09:48 -!- wiflix [~wiflix@89.246.130.115] has joined #openvpn
09:49 < julius__> cant help you there, maybe youre looking for !topology
09:49 -!- JackWinter_ [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
09:50 -!- wiflix [~wiflix@89.246.130.115] has quit [Client Quit]
09:50 < hikenboot> !topology
09:50 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
10:01 <@dazo> mutilator: if you have Android 4.x, you can use "OpenVPN for Android" which does not need a rooted device
10:01 <@dazo> mutilator: https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en
10:03 < mutilator> um.. nope
10:04 <@dazo> mutilator: I don't know what you reject ... but I'm using that one on my Android devices, none of them rooted.
10:06 < mutilator> hm
10:06 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
10:07 < mutilator> it was giving me a tun error unable to initalize or something when i tried it yesterday
10:07 < mutilator> today it's working...
10:07 < mutilator> i just opened it and tapped the vpn and it magically worked
10:08 < mutilator> what pixie dust did you spread..
10:13 <@dazo> I rather wonder what you changed since yesterday ;-)
10:13 < mutilator> heh nothing
10:13 < mutilator> i just tested an ios device when i got in this morning to see if it worked cause i didnt have one with me
10:13 < mutilator> worked fine
10:13 < mutilator> well thanks, i probbly would have never tried to re-open it and test it
10:13 < mutilator> probably*
10:18 < hikenboot> my question is can I use one external ip on a subnet with only one usable IP as a VPN server? I want clients to connet to this vpn server and connect to one another so I will be using client-to-client rules
10:18 < hikenboot> this is for a test insance I am hosting on a free amazon cloud instance
10:19 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:21 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
10:22 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:24 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 246 seconds]
10:27 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
10:38 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
10:38 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
10:39 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Read error: Connection reset by peer]
10:43 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
10:43 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:43 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Remote host closed the connection]
10:46 -!- kazoo [~WHY@unaffiliated/kazoo] has quit [Quit: Leaving]
10:54 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
11:01 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 246 seconds]
11:01 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
11:28 -!- _8 [layer8@gateway/shell/blinkenshell.org/x-nforqyzwyipxhxka] has left #openvpn []
11:28 -!- chocolate [~user@187.181.99.77] has quit [Read error: Connection reset by peer]
11:37 -!- chocolate [~chocolate@187.181.99.77] has joined #openvpn
11:40 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 245 seconds]
11:41 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 252 seconds]
11:45 -!- Eagleman [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 255 seconds]
11:52 -!- Eagleman [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
11:59 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
12:04 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
12:06 < pekster> hikenboot: By definition the smallest usable subnet has 2 usable IPs on it (that would be a /30.) Anything smaller is either a host netmask (/32 for IPv4) or a pair of PtP addresses (could in theory be in a /31) but neither of those is an actual subnet at that point
12:07 -!- u0m3 [~u0m3@92.80.124.148] has quit [Read error: Connection reset by peer]
12:07 < pekster> OpenVPN works just fine with RFC1918 space for the VPN is that's what you're asking. Obviously you need to do the usual NAT-Overload if you intend to route that onto the public Internet, but you're free to use RFC1918 in your own infra in the traditional way to
12:07 -!- Mathias___ [uid55083@gateway/web/irccloud.com/x-bfjbntmyghtncywv] has joined #openvpn
12:08 < Mathias___> hey guys. I'm having the " ERROR: Windows route add command failed [adaptive]: returned error code 1 " issue etc. been looking on the forums but still can't get it to work
12:08 < Mathias___> or I run the GUI as admin, then the error above doesn't appear. But then i get error: route addition failed using createipforwardentry
12:09 < Mathias___> i'm on Windows 8.1 and installed OpenVPN using this installer;: https://github.com/Nyr/openvpn-install
12:09 <@vpnHelper> Title: Nyr/openvpn-install · GitHub (at github.com)
12:15 < hikenboot> thaks for the pointer to that RFC pekster
12:16 < Mathias___> anyone who can help me?
12:18 < hikenboot> pekster, if the clients are coming from the wan side, how does that effect this. the one internet ip uses tcp/ip stack sessions to point from one internal ip to another?
12:18 < hikenboot> so what i am saying is that two clients can connect to the vpn gateway over 1 public ip?
12:19 < pekster> Sure. OpenVPN runs over UDP (or optionally TCP, but avoid that. !tcp for why.) Thus up to 64k clients per public IP can connect
12:19 < pekster> If that's not enough you're probably doing something very wrong
12:20 < hikenboot> no for this test instance of my idea I actually only need to connect two vpn clients
12:20 < hikenboot> problem is amazon cloud free instance doesnt give you any lan ip's from what i can figure out
12:21 < hikenboot> sorry ...err only one lan ip
12:21 < hikenboot> wonder if i can do it with loop back addresses?
12:21 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
12:22 < pekster> You need to read more about how networking functions; OpenVPN creats its own virtual network interface from which you can use any RFC1918 network without ISP involvement
12:23 < pekster> Same as using a router at home. If it helps, think of OpenVPN as a "virtual router" that just happens to have some neat security bits built-in
12:23 < hikenboot> ah on br0 you mean...ok then not sure I configed a br0 interface anywhere...perhaps the directions I am following are missing something
12:25 < pekster> No
12:25 < pekster> Do not bridge. Route
12:25 < pekster> !tunortap
12:25 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
12:25 <@vpnHelper> rooted/jailbroken) support only tun
12:25 < pekster> You might also want to read !welcome, !howto, and !route
12:25 < hikenboot> thanks
12:26 <+hyper_ch> good evening
12:26 < hikenboot> !tunortap
12:26 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
12:26 <@vpnHelper> rooted/jailbroken) support only tun
12:27 < hikenboot> !route
12:27 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:27 <@vpnHelper> client
12:44 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
12:46 -!- nicety [nicety@nicety.tk] has joined #openvpn
12:47 -!- rap_wrk [~rap_wrk@unaffiliated/rap-wrk/x-769542] has quit [Ping timeout: 250 seconds]
12:57 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
13:13 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:14 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:17 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 255 seconds]
13:17 -!- `hypermist` is now known as sleepypc
13:20 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:22 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:26 -!- TheSov [~rabbit@73.8.189.128] has joined #openvpn
13:27 < TheSov> is there a plan to go back to a multithread app again anytime soon?
13:28 -!- teward [teward@ubuntu/member/teward] has left #openvpn ["Leaving"]
13:29 <+hyper_ch> go back again?
13:29 < TheSov> was it not once multithreaded?
13:30 <+hyper_ch> no idea
13:30 <+hyper_ch> if it was, I'd be surprised if it isn't anymore
13:31 < TheSov> I believe there were scheduler issues with it
13:34 < TheSov> I have some openvpn P2P's running and I'm hitting a cpu wall when it comes to data transfer
13:34 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
13:34 < TheSov> 500'ish megabits on the lastest 4gig xeon, but the line is gig speeds
13:34 <+hyper_ch> !gigabit
13:34 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
13:35 <@dazo> TheSov: openvpn has never publicly been multi-threaded.  There existed a configure option and some opt-in code in the source tree, but in reality it was hard-coded as disabled ... when we ripped out all the pieces, it didn't even compile
13:36 <+hyper_ch> what dazo said :)
13:36 <@dazo> TheSov: the v3 generation of OpenVPN will most likely improve this ... but server code is not existing
13:36 < TheSov> i c
13:37 < vegardx> There has been a lot of work in newer kernel versions to improve networking.
13:38 <@dazo> the trouble with openvpn multi-threads is that there are very few aspects where it really would be a big improvement ... as the tun driver is single-threaded (there are on-going work for multi-queue support, not sure how far it has come)
13:39 <@dazo> the only aspect which really drains CPU resources in OpenVPN context is the TLS session key negotiations, which involves public/private key crypto ... otherwise, the static encryption used (once the session key is negotiated) is blazingly fast and not really a bottle neck
13:41 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Remote host closed the connection]
13:43 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
13:44 <+hyper_ch> dazo: is there any kind of aes accelerator on arm?
13:44 <@dazo> not afaik
13:44 <+hyper_ch> too bad
13:45 <@dazo> well, that might change ... arm is just a specification, it might be chip-vendors add it to their variant
13:45 <+hyper_ch> hmmm
13:47 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
13:47 -!- mode/#openvpn [+v s7r] by ChanServ
13:56 -!- u0m3 [~u0m3@92.80.124.148] has joined #openvpn
14:00 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
14:02 -!- Eagleman [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has quit [Excess Flood]
14:04 -!- Eagleman [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:07 <+hyper_ch> dazo: do you konw how aes-ni actually works? how can that speed up things?
14:09 <@dazo> hyper_ch: the CPU have AES specific functions which does the work directly in the hardware ... so openssl pushes some data to the CPU, lets the CPU do the hardest work and then receive the data afterwards ... this is not 100% accurate, but it's something like this
14:09 <+hyper_ch> but how does that work?
14:10 -!- u0m3 [~u0m3@92.80.124.148] has quit [Ping timeout: 264 seconds]
14:10 <@dazo> hyper_ch: how does what work?
14:10 <+hyper_ch> those aes specific function
14:11 <+hyper_ch> could same thing achieved for blowfish?
14:11 <@dazo> I haven't read the CPU manual, so I don't know exactly ... it's a similar things as the SSE, 3D and similar multimedia operations which is common in most CPUs today
14:12 <+hyper_ch> hmmm
14:12 <@dazo> blowfish is a very simple algorithm, and due to that, it already uses the CPU directly ... so it would be very little benefit of hardware blowfish support ... the only advantage would be that you could tell the CPU to work on larger chunks
14:13 <+hyper_ch> so blowfish should perform well on arm as well?
14:13 <@dazo> hyper_ch: here's a simple blowfish implementation ... https://en.wikipedia.org/wiki/Blowfish_%28cipher%29
14:13 <@vpnHelper> Title: Blowfish (cipher) - Wikipedia, the free encyclopedia (at en.wikipedia.org)
14:14 <@dazo> blowfish is strictly cpu FREQUENCY bound ... so the more cpu cycles it supports in a second (HZ), the quicker it will be
14:14 <@dazo> and the reason is that it basically uses bitwise operators to do it's core work
14:15 <@dazo> (which is fast on more CPUs available)
14:15 <+hyper_ch> hmmm, maybe I should switch the vpn for phone <-> freeswitch to blowfish?
14:15 <@dazo> there may certainly benefits in doing so ... only proper performance testing will completely reveal what works best
14:16 <+hyper_ch> not sure what cpu my snom370s use
14:16  * hyper_ch pokes krzee
14:23 -!- imbezol [~imbezol@shire.bigfiber.net] has joined #openvpn
14:23 -!- u0m3 [~u0m3@92.80.124.141] has joined #openvpn
14:25 < imbezol> i upgraded from 2.3.2-7ubuntu3 to 2.3.2-7ubuntu3.1
14:25 < imbezol> client can no longer connect
14:25 < imbezol> i still see the attempts in the server's log so i know it's hitting it ok
14:26 <@dazo> imbezol: hard to day what that can be ... need to see !logs and possibly whatever the ubuntu packager guys changed from ubuntu3->ubuntu3.1 (which is strictly not an OpenVPN problem)
14:26 <@dazo> !logs
14:26 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
14:27 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:28  * dazo calls it a day
14:28 -!- u0m3_ [~u0m3@92.80.84.85] has joined #openvpn
14:28 < imbezol> ok. is there a relevant part to start with?
14:29 < imbezol> not sure i want to post a tonne of IPs etc
14:29 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
14:31 <@dazo> IP addresses are not top secret information
14:31 -!- u0m3 [~u0m3@92.80.124.141] has quit [Ping timeout: 264 seconds]
14:34 -!- u0m3_ [~u0m3@92.80.84.85] has quit [Ping timeout: 252 seconds]
14:36 -!- dazo is now known as dazo_afk
14:38 < imbezol> server: http://pastebin.com/fkJ2KKfM
14:44 < zoredache> Do you have logs from the client?  Are you working on that?
14:44 < imbezol> client: http://pastebin.com/iB2VaWkj
14:44 < imbezol> yeah sorry.. takes a while to get it here without the vpn up :P
14:44 <+hyper_ch> well, with ipv5 you get a 1: 4.5 bn chance to get the right now (or something like that)
14:45 < zoredache> ipv5?
14:46 < rob0> yep, that's what I use.  Not ready to jump into ipv6 yet.
14:47 <+hyper_ch> yeah, you don't use ipv5? :)
14:47 < zoredache> I thought OpenVPN only supported v4, and v6.
14:48 <+hyper_ch> you have to use a secret config switch to get ipv5
14:51 < zoredache> And is that somehow using ST2 (rfc1819), or is that some other magic.  After all version=5 is a value used by st2.
14:52 <+hyper_ch> zoredache: it was a simple typo ;)
14:53 < zoredache> I know, but I treating it as if it wasn't, and I was taking it to absurd lengths.
14:54 <+hyper_ch> I see
14:54 <+hyper_ch> you trolled me
14:54 <+hyper_ch> shame on you!!!
14:55 < rob0> awww
15:00 < imbezol> i don't think this connection issue is due to a version mismatch since the version change was so slight
15:00 < imbezol> i'm wondering if maybe something with openssl changed with the server updates and now they can't negotiate properly
15:01 <+hyper_ch> well, there were some ssl bugs that were fixed... and I think even some stuff ws removes
15:02 < zoredache> oh, I didn't notice you posted your client config.  I am confused by your configurations.  The server seems to be listening on 1194, but the client seems to be trying to connect to 443.
15:03 <+hyper_ch> firewall, router... can forward ports to different ports
15:03 < imbezol> the server has an iptables run to forward 443 to 1194
15:03 < imbezol> the client can only get out on 443
15:03 < imbezol> *rule
15:04 < imbezol> i know that part is working or the server wouldn't log the connection attempts
15:04 < imbezol> plus i can see the counters in iptables going up
15:05 < imbezol> (that and it's been there 5+ years with no issue and no changes)
15:06 < imbezol> i upgraded from 2.3.2-7ubuntu3 to 2.3.2-7ubuntu3.1 and it wouldn't connect after so i'm pretty sure it's related to that or the dependency upgrades
15:07 < imbezol> openssl upgraded from 1.0.1f-1ubuntu2.7 to 1.0.1f-1ubuntu2.8
15:07 -!- elfixit [~Icedove@93.82.194.50] has joined #openvpn
15:12 < zoredache> It doesn't seem likely that that minor of a change should break anything.
15:13 < imbezol> hmm.. just tried connecting with a different client and no issues
15:14 -!- mattock is now known as mattock_afk
15:14 < imbezol> the client that works is ubuntu 14.10, the server is ubuntu 14.04, and the client that doesn't work is ubuntu 12.04
15:14 < imbezol> maybe the older one is running some funky openssl
15:14 < imbezol> weird that it worked until i upgraded (or perhaps it was just the server service restart)
15:15 -!- TheSov [~rabbit@73.8.189.128] has quit [Quit: Leaving]
15:18 < hikenboot> what command would show the tun /tap virtual interfaces? ifconfig doesnt show them
15:19 < imbezol> i see them with "ifconfig" and "ip link"
15:21 < imbezol> you could also list /sys/devices/virtual/net/
15:25 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has joined #openvpn
15:26 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 250 seconds]
15:27 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
15:32 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
15:33 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:35 -!- elfixit [~Icedove@93.82.194.50] has quit [Ping timeout: 246 seconds]
15:36 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
15:38 < imbezol> just created new certificates for the client and same thing
15:41 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Ping timeout: 264 seconds]
15:45 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Remote host closed the connection]
15:47 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
15:47 -!- mode/#openvpn [+o plaisthos] by ChanServ
15:55 < hikenboot> are the tap interfaces only created when the client connects to the server or should i see the server side after putting it in the config. Secondly on the server config side what specifies what is the name of the config file (where is this set) my examples show non standard naming conventions (so  am thinking the server isnt even seeing the conf files
15:56 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
15:58 <+esde> !howto
15:58 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
15:58 <+esde> !briding
15:58 <+esde> !bridging
15:58 <@vpnHelper> "bridging" is (#1) Using bridges is either completely stupid or clever. It is stupid if you do it because you think it is easier. It is clever if you're a network knowledgeable person who understands networking very well and knows why routing won't fit for you or (#2) See also https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
15:58 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
15:58 <+esde> and ifconfig doesnt show them because ifconfig is dumb and deprecated
15:59 <+esde> !ifconfig
15:59 <@vpnHelper> "ifconfig" is usage: ifconfig l rn | Set TUN/TAP adapter parameters. l is the IP address of the local VPN endpoint. For TUN devices, rn is the IP address of the remote VPN endpoint. For TAP devices, rn is the subnet mask of the virtual ethernet segment which is being created or connected to.
15:59 <+esde> wrong factoid
15:59 <+esde> !ifconfig-linux
15:59 <@vpnHelper> "ifconfig-linux" is Avoid use of 'ifconfig' and 'route' commands on modern Linux distros. It's old, deprecated, and often misleading/wrong. Use the 'ip a' and 'ip r' commands instead. More info: http://inai.de/2008/0219-ifconfig-sucks.php
15:59 <+esde> there we go
15:59 <+esde> hikenboot, ^^^^
16:00 < imbezol> hikenboot: i get a tun0 on the server whether or not i have a client connected
16:01 < imbezol> hikenboot: the config file is specified by your startup command. what distro is the server?
16:04 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:07 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
16:10 -!- ShadniX [dagger@p5DDFE074.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
16:12 -!- nicety [nicety@nicety.tk] has quit [Quit: nicety]
16:18 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:24 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Quit: Leaving.]
16:28 -!- ShadniX [dagger@p5DDFE074.dip0.t-ipconnect.de] has joined #openvpn
16:34 -!- nicety [nicety@nicety.tk] has joined #openvpn
16:35 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
16:37 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 255 seconds]
16:39 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:40 -!- fryfrog [~fryfrog@gallery/fryfrog] has joined #openvpn
16:40 < fryfrog> !welcome
16:40 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:40 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:40 < fryfrog> My goal is to run a vpn, but only route traffic from a specific daemon over it.
16:41 < fryfrog> Since I'm not messing with my default route, I'm not sure how to test... across it?
16:41 <@ecrist> with openvpn, you can route IP
16:41 < fryfrog> Like, how can I ping or traceroute through it to see if it has connectivity on the other side?
16:41 <@ecrist> !configs
16:41 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
16:42 <@ecrist> that was for you, fryfrog
16:42 < fryfrog> ecrist: http://paste.ubuntu.com/10416522/
16:43 < fryfrog> ecrist: and here is some useful output from ufw, ip route, ifconfig, etc
16:43 < fryfrog> ecrist: http://paste.ubuntu.com/10416433/
16:43 <@ecrist> I need the server config
16:43 < fryfrog> ecrist: i wish i had that, but it is a hosted vpn solution :/
16:43 <@ecrist> then you need to talk to them.
16:44 < fryfrog> ecrist: Wed Feb 25 14:10:48 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.20.20.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.20.20.254 255.255.252.0'
16:44 <@ecrist> unfortunately, we can't help non-administrators
16:44 <@ecrist> you're specifically commenting out config they require
16:44 <@ecrist> i.e. the default route.
16:45 < fryfrog> ecrist: so generic would be to let it default route me, see what it adds and then tweak those to my own desires, right?
16:45 < fryfrog> generic advice, i mean
16:45 <@ecrist> no
16:45 <@ecrist> generic advice is to run your own vpn server
16:45 < fryfrog> well thanks for trying :)
16:46 <@ecrist> why can't you run your own?
16:46 <@ecrist> it's pretty simple
16:46 <+esde> ^this
16:46 < fryfrog> ecrist: well, to be honest i actually do. my routers are all connected via vpn
16:47 < fryfrog> but this vpn session is intended to obfuscate bittorrent traffic, so running my own would be less than ideal.
16:47 <@ecrist> based on what you said, your vpn is out-sourced.
16:47 <@ecrist> why do you say that?
16:47 < fryfrog> though maybe a cheap vps somewhere would do?
16:47 <+esde> si
16:48 <@ecrist> sure, or any of your other locations with a static IP
16:48 < Mathias___> one that allows torrenting tho
16:48 <+esde> right
16:48 < fryfrog> It is less the allows and more the who it points at :)
16:48 <+esde> check the AUP first
16:48 <@ecrist> rootbsd.net
16:49 < Mathias___> ramnode allows p2p up to 20mbps iirc
16:49 <@ecrist> I use them, and they support openvpn (provided two free VPS for builds and other tasks)
16:49 <+esde> Mathias___, that's a shitty cap though
16:49 <+esde> seedboxes run 10x+ that speed, easy
16:49 <@ecrist> rootbsd does 100Mbit with 250GB/mo transfer
16:49 < Mathias___> it is, and only US location
16:50 < Mathias___> but they re not expensive
16:50 <+esde> ewww us only
16:50 < fryfrog> I guess I could also just throw this into a vm and let the vpn have the default route.
16:50 <+esde> torrents should be euro only
16:50 < fryfrog> anyway, thanks a bunch for all the suggestions! :)
16:50 <+esde> i'd get a cheap euro dedi and call it a day
16:50 < Mathias___> cheapest rootbsd is $19.97 / Month
16:50 < Mathias___> you can get like 8 ramnodes for ;p
16:50 <@ecrist> my home connection is 1Gbps
16:51 <@ecrist> :P
16:51 <+esde> cheap seedbox, unmetered conection, plenty of storage
16:51 < Mathias___> lucky u ecrist
16:51 < Mathias___> :p
16:51 <+esde> and anything else you want to do
16:51 < Mathias___> how much you pay for that? :p
16:51 <@ecrist> $140
16:51 <+esde> i saw a euro dedi special recently with 24GB and 6TB, gigabit connection about 30 euro
16:52 < Mathias___> wut what host esde ?
16:52 <+esde> xeon processor
16:52 <+esde> one in europe :)
16:52 <@ecrist> I have fibre all the way to the CO
16:52 < Mathias___> i live in europe so even better esde  :p
16:52  * esde steals ecrist's connection
16:52 <+esde> MINE
16:52 <@ecrist> heh, good luck
16:53 < Mathias___> no srsly esde : what host?
16:53 <+esde> i dont think stealing fiber will ever be a concern
16:54 <+esde> but free cable man, those were the days
16:54 <+esde> bonus if your neighbor had the movie channels
16:54 <@ecrist> I used to encode satellite TV cards
16:55 <+esde> Mathias___, server4you i think
16:55 <+esde> ecrist, ?
16:55 <@ecrist> for Direct TV and Dish Network, back in late '90s early 2000's
16:56 <@ecrist> they had an access card that provided the codes needed to decrypt the satellite signal
16:56 <@ecrist> I used to re-encode them to increase the service level or activate otherwise inactive receivers
16:57 <+esde> were you able to crack the pattern or something? or was it just a matter of making a copy and making some changes to the data on the card?
17:05 <@ecrist> a bit of both
17:47 -!- soLucien [~Lu@130.225.165.39] has quit [Ping timeout: 272 seconds]
18:01 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
18:02 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
18:08 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
18:24 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:32 -!- chemich [therealche@104.228.144.172] has joined #openvpn
18:36 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:45 -!- chemich [therealche@104.228.144.172] has quit [Quit: I'm ouuuuut]
19:03 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
19:05 -!- julius__ [~14354s@dslb-092-077-026-120.092.077.pools.vodafone-ip.de] has quit [Ping timeout: 245 seconds]
19:06 < Eugene> Remind me, does --pull work in static-key-mode(--secret)? Or do I need to put the --route on the client.
19:07 < Eugene> The man page says it "must be used on a client which is connecting to a multi-client server", but not whether it CAN be used on the other sort
19:13 < pekster> P2MP is just tls; you can use p2p topology there if you wish
19:29 < Eugene> I'm talking about P2P mode
19:30 < pekster> Right, p2p mode is just "blast (possibly) encrypted packets to the remote end" -- there's zero negotiation, including pre-auth (certs/tls-auth) or push potential
19:30 < pekster> tls wraps that in a pre-auth sequence and then multiplexes the control & data sessions over the established socket
19:30 < Eugene> So no, --pull won't work. Got it.
19:31 < Eugene> Moot point, $CLIENT can't be bothered to get back to me. Sigh.
19:31 < pekster> Right. But if it was just the PtP layout you wanted, you can --push with that, you just need TLS to do it
19:31 < Eugene> I'm just trying to hack this in for a single client
19:31 < Eugene> Because they're on a Mac, and can't possibly understand how to use the SSTP VPN(barf) being used for everybody else
19:32 < pekster> Several companies I've seen tunnelblick quite easily understood by users, assuming a sane rollout (read: admin gives them a "here, drag this to applications and it works" configs-included-deployment-package)
19:33 < Eugene> Yeah, this user isn't nearly that smart.
19:33 < Eugene> "You want me to hold the mouse?"
19:33 < Eugene> "But its a touchpad"
19:33 < pekster> Right, they need the Fisher Price model computer
19:33 < Eugene> We're pushing for Google Apps and chromebooks
19:34 < Eugene> Which, yeah.
19:34 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 272 seconds]
19:35 < pekster> I like many of the newer apple .dmg files that include a background image for the finder folder with a giant arrow, and usually text like "drag to applications to install" and a symlink to /Applications/ ;)
19:35 < pekster> Despite the things I do dislike about apple, that's one of the most brilliant application installation schemes you can come up with
19:36 < Eugene> That is rather nice
19:37 < pekster> I mean, if users can't figure _that_ out they need soup cans and string
19:38 < pekster> (or apparently, google ;)
19:50 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
19:50 -!- ender| [krneki@foo.eternallybored.org] has joined #openvpn
19:57 <@ecrist> pekster: FreeBSD has a similar scheme with PBIs
19:59 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 244 seconds]
20:06 -!- MogDog66 [MogDog@unaffiliated/mogdog66] has joined #openvpn
20:08 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 246 seconds]
20:08 -!- MogDog66 is now known as MogDog
20:12 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
20:16 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
20:33 -!- sleepypc is now known as `hypermist`
20:34 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
20:39 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Quit: Konversation terminated!]
20:43 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
20:48 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
20:51 -!- Mathias___ [uid55083@gateway/web/irccloud.com/x-bfjbntmyghtncywv] has quit [Quit: Connection closed for inactivity]
21:02 -!- ser_berry is now known as DougJudy
21:07 -!- DougJudy is now known as ser_berry
21:12 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
21:20 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
21:34 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
21:37 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
21:37 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 255 seconds]
21:39 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
21:41 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
22:28 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has joined #openvpn
22:45 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 272 seconds]
22:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:05 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
23:07 -!- ShadniX [dagger@p5DDFE074.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:07 -!- ShadniX [dagger@p57941A46.dip0.t-ipconnect.de] has joined #openvpn
23:26 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 245 seconds]
23:49 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 252 seconds]
--- Day changed Thu Feb 26 2015
00:04 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 255 seconds]
00:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
00:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:53 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
01:12 -!- mattock_afk is now known as mattock
01:14 -!- fryfrog [~fryfrog@gallery/fryfrog] has quit [Ping timeout: 264 seconds]
01:16 -!- `hypermist` is now known as sleepypc
01:32 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
01:45 -!- mattock is now known as mattock_afk
02:07 -!- mattock_afk is now known as mattock
02:14 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
02:17 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:26 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
02:45 <+hyper_ch> plaisthos: hmmm, your app seems also to have issues when changing from wifi to 3g/LTE and back
02:59 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
03:05 -!- sleepypc is now known as `hypermist`
03:11 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
03:14 -!- julius__ [~14354s@dslb-092-077-020-001.092.077.pools.vodafone-ip.de] has joined #openvpn
03:23 -!- Mathias___ [uid55083@gateway/web/irccloud.com/x-tjnwsxtbgknmqpxh] has joined #openvpn
03:26 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 252 seconds]
03:33 -!- `hypermist` is now known as sleepypc
03:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
03:57 < Mathias___> Android app says: server poll timeout
03:57 < Mathias___> Is this an error due to iptables?
04:08 <@plaisthos> hyper_ch: yeah, I know current stable version is broken
04:08 <@plaisthos> which almost nobody notices strangely enough
04:08 <@plaisthos> if you use peer-id it works :D
04:09 <@plaisthos> for the 5 people using it ;)
04:10 <+hyper_ch> what's peer-id?
04:12 -!- zoobab [~zoobab@ks3271128.kimsufi.com] has joined #openvpn
04:12 < zoobab> hi
04:12 < zoobab> I am struggling trying to debuild a debian package for release 2.36
04:12 < zoobab> v2.3.6
04:15 < zoobab> does someone would have the debian/ dir from openvpn.net swpupdate.openvpn.net
04:15 < zoobab> they do not provide the deb-src url
04:29 -!- hadifarnoud [~hadifarno@31.59.94.14] has joined #openvpn
04:29 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
04:29 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
04:33 < hadifarnoud> as you may know, Iran and China have f*ing great firewall to block users access. I followed this guide (which seems very old) to use obfsproxy to hide my ovpn footprint
04:33 < hadifarnoud> doesn't seem to work. do you have an alternative method? this is the guide http://safesrv.net/setup-openvpn-with-obfsproxy-on-ubuntu/
04:33 <@vpnHelper> Title: Obfuscate your OpenVPN traffic using Obfsproxy (at safesrv.net)
04:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:41 -!- julius__ [~14354s@dslb-092-077-020-001.092.077.pools.vodafone-ip.de] has quit [Ping timeout: 246 seconds]
04:43 -!- AndrzejL [~AndrzejL@unaffiliated/andrzejl] has joined #openvpn
04:44 < AndrzejL> Hi there. Is AES-256-CBC still THE best cipher to be used? As in is it the strongest one?
04:51 < donnib> guys, i need a server configured both to handle full tunnel and split tunnel ? is there a way to differentiate on that or do i need to create two different tunnels on two different ports ?
04:54 <+hyper_ch> AndrzejL: best = strongest?
04:55 <+hyper_ch> what's full tunnel and what's split tunnel?
04:56 < AndrzejL> Yeah I've asked the question the wrong way. I don't care about the speed. I would like to use the strongest one so I used word best to describe it but I understand its very subjective.
04:57 <+hyper_ch> well, how did you generate the certs?
05:00 < leo2007> The same setup (except for the port) connects successfully on 1194/udp but fails 443/udp. the server log doesn't even receive the client's attempt to connect. Ideas?
05:01 < leo2007> I have both 1194/udp 443/udp open to public.
05:02 < AndrzejL> hyper_ch: I used easy-rsa 8192 server / client keys and Diffie-Hellman
05:03 -!- NChief [~nchief@unaffiliated/nchief] has quit [Remote host closed the connection]
05:03 < AndrzejL> I used this method https://www.youtube.com/watch?v=_4I8W-jpWg0#t=232 described in this tutorial
05:03 <@vpnHelper> Title: Installing and configuring OpenVpn - YouTube (at www.youtube.com)
05:06 < AndrzejL> Took me roughly 27 hours to generate Diffie-Hellman... ;)
05:07 < AndrzejL> Server / Clients are working I am just wondering about the strongest cipher I could use. Its using AES-256-CBC at the moment.
05:07 <+hyper_ch> AndrzejL: also TLS?
05:08 <+hyper_ch> AES-256-CBC seems a good choice
05:08 <+hyper_ch> especially if you have cpus that support AES-NI or equivalents
05:09 < AndrzejL> [11:07]           hyper_ch  | AndrzejL: also TLS?
05:09 <+hyper_ch> donnib: what do you mean?
05:09 < AndrzejL> I dont understand the question
05:09 <+hyper_ch> AndrzejL: do you also use TLS-Auth?
05:09 <+hyper_ch> !hardening
05:09 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
05:09 < donnib> hyper_ch: i have a OpenVPN server which i connect to from Mac, the OpenVPN server is configured in such way that it pushes the redirect gateway tot the client so i can accomplish a Full Tunnel e.g route all traffic thru the VPN, this is working great
05:10 < AndrzejL> will do
05:10 < donnib> hyper_ch: now i want a Split Tunnel as well on the same server, i know how to do that but how do i accomplish to have both ? I want to change between Full / Split tunnel on the Client side
05:10 < donnib> hyper_ch: sometimes i need full and some times (most of the times) i need the Split Tunnel
05:10 <+hyper_ch> what do you mean by split tunnel?
05:10 < donnib> split tunnel = send only specific traffic to vpn tunnel
05:10 < donnib> full tunnel = route all traffic from client thru the vpn tunnel
05:11 <+hyper_ch> !ccd
05:11 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
05:11 <+hyper_ch> then create according profiles where in one you push for example
05:14 < donnib> hyper_ch: thank you, exactly what i was looking for according to the description above, let me read upon that
05:19 < AndrzejL> hyper_ch: I use tls-auth something.key 0 in the server conf and tls-auth something.key 1 in the client conf.
05:21 < AndrzejL> Sounds correct?
05:21 <+hyper_ch> yeah....
05:21 <+hyper_ch> and for the ta.key you use that ssl command that is shown
05:22 <+hyper_ch> also you can use keys inline
05:24 < AndrzejL> openvpn --genkey --secret something.key
05:24 < AndrzejL> that's what I've used
05:25 <+hyper_ch> yeah
05:26 <+hyper_ch> !inline
05:26 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
05:30 < AndrzejL> Ok thank You I'm glad I've asked about it
05:30 < AndrzejL> another tiny improvement
05:31 < AndrzejL> Oh I need to google if openvpn works with fail2ban :D
05:31 < AndrzejL> yes it does ;D
05:33 <+hyper_ch> btw, I have a little script to have the client keys inline
05:34 <+hyper_ch> the advantage of it is, that you only need to pass one config file
05:34 <+hyper_ch> and not several files with keys and stuff
05:36 <+hyper_ch> AndrzejL:
05:36 <+hyper_ch> http://paste.debian.net/157443/
05:37 <+hyper_ch> basicall put that das bash script in the folder where you have the keys and certs and the ta.key
05:37 <+hyper_ch> adjust the template to your needs
05:37 < AndrzejL> hyper_ch: that looks great I will look closer into that
05:37 <+hyper_ch> maybe remove line 46
05:37 <+hyper_ch> it will just line convert the .conf file to windows .ovpn
05:37 <+hyper_ch> but needs dos2unix installed
05:38 <+hyper_ch> I hardcoded the ta.key - line 69
05:38 < AndrzejL> :D
05:39 <+hyper_ch> and key-direction 1 is needed on the client for proper tls-auth key
05:39 <+hyper_ch> line 19
05:39 <+hyper_ch> so when you have a client cert name   HomePC then you'd just run it as:   ./script.sh HomePC
05:42 <@plaisthos> hyper_ch: peer id is a cool new feature of master that allows changing from mobile to wifi and back without reconnecting (needs a -master server)
05:44 <+hyper_ch> what's a -master server?
05:44 <@plaisthos> server built from git master
05:45 <@plaisthos> running a development snapshot
05:45 <+hyper_ch> that sounds too adventerous to me ;)
05:46 <+hyper_ch> I can just compile from the stable tar ball :)
05:47 <+hyper_ch> plaisthos: so when will that master snapshot be released as stable tarball?
05:48 <@plaisthos> hyper_ch: master will become 2.4 at some point
05:52 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
05:58 < donnib> common_name is that the same as username ? I am using username-as-common-name
05:58 < donnib> regarding ccd i need to know what the folder should be called
05:59 < donnib> and if it’s not then what is it and how do i specify it in the client config
05:59 <+hyper_ch> !ccd
05:59 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
05:59 <+hyper_ch> use --client-config-dir <dir>
05:59 <+hyper_ch> the common name is the name you have given to the cert when creating
06:00 <+hyper_ch> e.g.   ./build-client xyz   --> then xyz would be the common name
06:00 < AndrzejL> Ok thanks for all the pointers hyper_ch I am all set
06:00 < AndrzejL> You have a great day
06:01 < AndrzejL> and I am off to deal with angry wife and house chores ;)
06:01 <+hyper_ch> AndrzejL: well, inline configs are also nice when you want to use configs on your cell phone
06:01 <+hyper_ch> or if you generate a lot of them and hand them out
06:01 <+hyper_ch> have fun
06:01 < AndrzejL> She wants me to go and do some shopping... now....
06:01 < AndrzejL> Notice the keyword is NOW :D
06:01 < AndrzejL> Thanks - I will
06:01 < AndrzejL> ;D
06:01 -!- AndrzejL [~AndrzejL@unaffiliated/andrzejl] has left #openvpn []
06:21 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:22 -!- NChief [~nchief@unaffiliated/nchief] has joined #openvpn
06:30 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 250 seconds]
06:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 246 seconds]
06:37 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
06:38 -!- dazo_afk is now known as dazo
06:41 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
06:53 < pekster> donnib: You were given incorrect information above; yes, the common_name will be the username supplied by the client when using --username-as-common-name
06:53 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
07:01 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:03 < hadifarnoud> where can I find openvpn utw profile? nothing in /etc/ufw/applications.d/
07:08 -!- b4tm4n [~b4tm4n@gateway/vpn/privateinternetaccess/b4tm4n] has joined #openvpn
07:10 < b4tm4n> using openvpn on debian through NetworkManager app and it keeps dropping the connection. the error being generated in syslog is "VPN Service 'openvpn' disappeared" - any thoughts?  It seems others have had this problem, but i've yet to find a solution
07:11 <+hyper_ch> don't use networkmanager app
07:12 < b4tm4n> that is an answer, but not really a solution to the problem
07:21 <+hyper_ch> why not?
07:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:21 <+hyper_ch> just put a proper config file into /etc/openvpn and all should be awesome
07:21 <+hyper_ch> hadifarnoud: what's a openvpn ufw profile?
07:21 < hadifarnoud> ufw is a firewall
07:22 -!- b4tm4n [~b4tm4n@gateway/vpn/privateinternetaccess/b4tm4n] has quit [Ping timeout: 256 seconds]
07:31 < donnib> pekster: thank you, that was what i thought according to documentation but i was unsure
07:32 <+hyper_ch> hadifarnoud: then just open the port and according protocoll
07:33 < hadifarnoud> hyper_ch: that you, I already did that. still my traffic not routing
07:33 <+hyper_ch> what do you mean by that?
07:34 < hadifarnoud> the ports are open
07:34 <+esde> hadifarnoud, there is no application profile for openvpn per se
07:35 <+esde> the allow rule depends on how the specific instance is configured. not every openvpn instance is the same, obviously. so an application profile in ufw would be pointless.
07:36 <+hyper_ch> what do you mean by the traffic is not routing?
07:39 -!- hikenboot [~hikenboot@2601:6:7000:5b00::6120] has quit [Ping timeout: 256 seconds]
07:42 -!- ib54003 [~ib54003@fedora/ib54003] has joined #openvpn
07:43 < ib54003> Hey does someone know how to get openvpn working in china?
07:43 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 265 seconds]
07:44 <+hyper_ch> http://www.greycoder.com/openvpn-china/
07:44 <@vpnHelper> Title: How To Hide OpenVPN Connections In China - GreyCoder (at www.greycoder.com)
07:44 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
07:44 -!- mode/#openvpn [+v hazardous] by ChanServ
07:44 < ib54003> hyper_ch thx ;)
07:44 <+hyper_ch> https://forums.openvpn.net/topic12605.html
07:44 <@vpnHelper> Title: OpenVPN Support Forum Patch: Fix for Iran and China users : Scripting and Customizations (at forums.openvpn.net)
07:45 <+hyper_ch> good luck though
08:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
08:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:03 -!- geosmin [~geosmin@199.19.94.193] has joined #openvpn
08:04 < geosmin> why does tethering stop working when my tethering host is connected to openvpn and how can i work around that?
08:10 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
08:20 -!- donnib_ [~donnib@2-108-123-138-static.dk.customer.tdc.net] has joined #openvpn
08:21 -!- donnib [~donnib@152.115.31.4] has quit [Ping timeout: 245 seconds]
08:24 -!- donnib [~donnib@152.115.31.4] has joined #openvpn
08:24 -!- donnib_ [~donnib@2-108-123-138-static.dk.customer.tdc.net] has quit [Ping timeout: 250 seconds]
08:24 -!- GoldenGlovez [~GG@78.129.218.25] has joined #openvpn
08:25 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:33 < donnib> if i have in my server config push "redirect-gateway def1” how do i add this line to the client config in the dir ccd ?
08:33 < donnib> same way or ?
08:33 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
08:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:43 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:45 -!- geosmin [~geosmin@199.19.94.193] has quit [Ping timeout: 265 seconds]
08:45 -!- swebb [~swebb@192.69.23.161] has quit [Ping timeout: 250 seconds]
08:47 <@krzee> yes hyper_ch?
08:48 <@krzee> oh i dont know anything about your snom370
08:48 <@krzee> ive only played in the snom821
08:48 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:49 <@krzee> ib54003,
08:49 <@krzee> !obfs
08:49 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
08:49 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
08:49 <@krzee> thats how i would do it
08:49 <@krzee> because its 1 solution forever
08:49 <@krzee> if they detect and block what you do next, you just change obfsproxy's transport protocol and done.
08:50 < ib54003> krzee, thx ;)
08:51 -!- Eagleman [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
08:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:54 -!- Eagleman [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:56 <@krzee> np
08:59 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
08:59 -!- geosmin [~geosmin@199.19.95.188] has joined #openvpn
09:06 -!- donnib_ [~donnib@152.115.31.4] has joined #openvpn
09:06 -!- donnib [~donnib@152.115.31.4] has quit [Read error: Connection reset by peer]
09:06 -!- donnib_ is now known as donnib
09:09 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
09:09 -!- ib54003 [~ib54003@fedora/ib54003] has quit [Quit: Verlassend]
09:11 <+hyper_ch> krzee: I see
09:18 -!- hadifarnoud [~hadifarno@31.59.94.14] has quit [Ping timeout: 264 seconds]
09:38 <+esde> I really wish this https://forums.openvpn.net/topic12605.html thread would get locked or deleted. Encouraging users to forgo an existing solution (obfsproxy) in lieu of a "patched" version of openvpn, created by some openvpn forums user with 15 posts. Is just plain silly.
09:38 <@vpnHelper> Title: OpenVPN Support Forum Patch: Fix for Iran and China users : Scripting and Customizations (at forums.openvpn.net)
09:47 <@dazo> esde: I'll see what I can do
10:13 -!- TXX [~TXX@nat.nordija.com] has joined #openvpn
10:14 < TXX> Hello, quick question, doing openvpn --genkey --secret ***.** is it possible to decide the key-size ?
10:14 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
10:17 <+esde> there's no need
10:17 < Eugene> No. The --secret mode only ever uses 1024 of the generated bits, or less if you're using it for --tls-auth.
10:17 < Eugene> If you want stronger security(including forward-secrecy) then you need to use --server mode, with TLS.
10:24 <@dazo> TXX: what esde and Eugene said.  The VPN tunnel itself never uses more that 256 bits for encryption. That is the maximum what the current ciphers in OpenSSL/PolarSSL supports.  This is because that part of the tunnel uses symmetric encryption keys.  When adding asymmetric keys into play, you will, as Eugene said, have a possibility to have a stronger key - but only for the public/private keys (--server / TLS mode).  Those keys are used to ne
10:24 <@dazo> gotiate a temporary key (which is changed regularly) ... but this temporary key is also never bigger than 256 bits
10:24 < Eugene> I thoughti t was 1024? Meh.
10:25 <@dazo> This might sound odd ... but symmetric encryption is much stronger than public/private keys ... so those public/private keys must be "bigger"
10:26 <@dazo> Eugene: it supports up to 1024 for each direction ... so that if a newer cipher is made available, you can still use the old key
10:26 <@dazo> or no ... that's not even remotely correct
10:26 <@dazo> just a sec, I'll find the proper source
10:26 < Eugene> I'm sure I got the number from somewhere, heh.
10:27 < Eugene> Maybe it was openvpn 1.x keys were 1024-bits in size, but still only used 256 of them?>
10:27  * Eugene changes his mental note to "doesn't use all of the bits in the key anyway"
10:27 <+esde> can't find the link that was shared the last time i saw this mentioned, but someone had a link to a nice graphic that showed what data was pulled from ta.key and how much data is left unused.
10:28 < Eugene> I remember that graph!
10:28 <@dazo> Eugene: it's somewhat related, but it uses 256 bits for the cipher, and then some for HMAC and then some others for some other purpose
10:28 < Eugene> The angle was "Why can I change some of the characters and my VPN still works?", right?
10:29 <+esde> likely. someone used it to illustrate how increasing the bitsize of ta.key is pointless, because the whole file isnt being used anyway
10:29 <@dazo> yeah, that's right!
10:29 <@dazo> Eugene: https://community.openvpn.net/openvpn/wiki/327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key
10:29 <@vpnHelper> Title: 327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key – OpenVPN Community (at community.openvpn.net)
10:29  * Eugene isnt' crazy, just nuts
10:29 <@dazo> esde: ^^
10:29 < Eugene> That's the one!
10:29 <+esde> yupp
10:31 < happytoo> does anyone here have an openvpn client running on a raspberry pi, nuc, or similar?
10:31 <@dazo> happytoo: I've tested it ... and it works ... but not in "production" now
10:31 <@dazo> (used rpi)
10:32 < happytoo> what was your throughput with that setup?
10:32 <+esde> many things affect throughput.....
10:33 <+esde> asymmetrical or symmetrical encryption, what cipher, what mode, what protocol, etc etc
10:37 < happytoo> esde, are you in a position to answer this question if I throw out a setting for each of those variables?
10:38 <+esde> no
10:38 < happytoo> it seems simpler to ask dazo for his throughput, and then we can pick apart the variables if he's game
10:40 <@dazo> happytoo: I never tested throughput performance, but I wouldn't thing it would be superb ... the ethernet interface is an embedded USB2 ethernet adapter ... which both limits the adapter to 100Mbit/s, and the traffic passes through the USB2 driver stack
10:40 <@dazo> For me it was "just for fun"-testing ... to see that it would be possible to mount such a setup.
10:40 <@dazo> and it passed traffic back and forth, and for that test, throughput was not important
10:41 < happytoo> ok thanks. have you tried with a nuc or such that has stronger hardware than a pi?
10:41 <@dazo> nope
10:42 <+esde> if you're looking for experiences with openvpn, try ##pfsense or ##hardware. there may be more users willing to share their experiences regarding openvpn hardware configurations and throughput benchmarks
10:42 < happytoo> thanks, esde. it seems appropriate to discuss there, also
10:42 <+esde> it is. however, considering your limited success thus far
10:43 <@dazo> well, I used tp-link wr1043nd for many years, and that gave decent performance using blowfish ... I could do NFS/glusterfs mounts and have reasonable transfer speeds ... but I used that when I was travelling, and mobile networks, hotel networks and such places aren't usually known to have top-performance networks
10:45 <@dazo> (I recently re-did my network setup, so now my OpenVPN server is a proper server ... but that was due to a really needed network re-config rather than performance)
10:45 < happytoo> i'm running blowfish -- so not exactly heavy encryption -- on an e1200 with high-speed connection and only getting about 5 throughput
10:45 <+esde> 5
10:46 < happytoo> 5 mbps
10:46  * esde facepalm
10:46 <+esde> megabits megabytes
10:46 <+esde> billitbits billibytes
10:46 <+esde> s/b/m
10:46 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
10:47 < happytoo> isn't throughput usually quoted in megabits?
10:47 <+esde> no
10:47 <+esde> it's usually notated with proper shorthand abbreviations
10:48 <+esde> Mb MB Kb KB etc
10:48 < happytoo> do you know what i am trying to say? because this feels rude
10:49 -!- TXX [~TXX@nat.nordija.com] has quit [Quit: Lost terminal]
10:50 <+esde> I dont have time for feelings. I'm encouraging consistency to avoid confusion.
10:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
10:54 -!- mehwork [~mehwork@162.243.148.21] has joined #openvpn
10:55 < happytoo> i'm staring at speedtest, which quotes the result as Mbps. Google says that Mbps = Megabits per second
10:55 < mehwork> if i'm connected to someone's vpn, can they log all requests i make to external websites? e.g., if i go to http://youtube.com?
10:55 <@vpnHelper> Title: YouTube (at youtube.com)
10:55 <+esde> mehwork, sure.
10:55 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:55 < mehwork> thx
10:56 < happytoo> so, the 5 I quoted to dazo was megabits
10:56 < happytoo> does that clarify the issue, esde?
10:57 <+esde> mehwork, some people have compiled their own list of providers and their policies regarding logging. such as, http://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/3/
10:57 <@vpnHelper> Title: Which VPN Services Take Your Anonymity Seriously? | TorrentFreak (at torrentfreak.com)
10:58 <+esde> Take it with a grain of salt, since you aren't the admin and have to take them at their word, though
10:58 < Eugene> For best privacy, unplug your network from the wall
10:58 < Eugene> And wear a tin foil helmet
10:59 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:59 <+esde> tin foil actually enhances the military psyops frequencies. /s
11:00 < Eugene> Yeah, but they're not doing any brain-scanning.
11:00 < Eugene> It's the NSA freqs you gotta worry about
11:13 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
11:15 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
11:18 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
11:19 < happytoo> dazo: what range of throughput did you typically experience with your tp-link wr1043nd?
11:22 <@dazo> happytoo: Remember that I connected from slow connections ... but I could utilize them and was happy when I achieved with 8-20Mbit/s
11:22 < happytoo> dazo: that is impressive speed relative to what i am currently getting
11:23 <@dazo> I use tun+udp and a routed setup
11:24 < happytoo> i am using tun+udp, too, but I'm sorry to say i don't know about routed setups yet
11:25 < happytoo> dazo: short of just rolling the dice and buying a more expensive router, is there a way that i can determine if it is the e1200 router that is the reason i can only get 5 Mbps on a fast connection?
11:25 <@dazo> !gigabit
11:25 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
11:26 <@dazo> happytoo: read that, and do similar tests ... that's the best way to determine where your trouble is
11:27 < happytoo> thanks, dazo. i actually had that bookmarked, but have not been able to get my head around it yet because i am such a linux primitive
11:28 <@dazo> There are no generic instructions to achieve maximum performance, it's individual.  Some places you need need to tweak MTU, other places you need TCP and or tap (despite being generally a worse alternatives) ... or you need different ciphers, etc, etc, etc
11:29 <@dazo> and if you feel all this is overwhelming, then you need to spend time learning what you do need to understand this ... there are no shortcuts in this area
11:29 <@dazo> (well, there is *one* shortcut, pay someone skilled to do the job)
11:32 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
11:38 < happytoo> dazo: thank you
11:38 <@dazo> you're welcome!
11:45 -!- geosmin [~geosmin@199.19.95.188] has quit [Ping timeout: 264 seconds]
12:00 < mutilator> hey guys, this isnt 100% a openvpn issue or anything but openvpn is still involved so i want to ask.....
12:00 < mutilator> i have snom870 handsets, which have a LAN and a PC port, the phone vpns back and everything works fine
12:00 < mutilator> question is.. i want to get the PC ethernet port to allow access to the network the phone is connected to
12:01 < mutilator> does it make more sense to bridge the vpn and dhcp for everything or to NAT that port from the phones VPN IP if the snom even supports doing NAT...
12:01 < mutilator> in normal operation w/o a VPN that pc port is bridged to the LAN port so it's just like a pass thru
12:02 < mutilator> and i dont know if i want to route a /30 to every client  so it has routable ips for the pc port
12:04 <@dazo> !clientlan
12:04 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
12:04 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
12:04 <@dazo> mutilator: ^^^^ that's usually what you need to care for doing what you want
12:04 < rob0> /30 should die, and I don't see any reason why you'd be doing NAT?
12:05 < mutilator> um
12:06 < mutilator> i dont see how that pertains to me
12:06 < mutilator> there is no client side LAN
12:06 < mutilator> it's a computer plugging directly into the phone
12:06 -!- DrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:06 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:07 < rob0> the phone is the openvpn client?
12:07 < mutilator> yes
12:08 < rob0> is it capable of IP forwarding (like a router)?
12:08 < mutilator> yes
12:09 < rob0> then you tell the server to route that LAN through the phone, and tell the LAN to route the VPN through the phone.  And yes, !clientlan is pertinent.
12:09 < mutilator> to route what lan thru the phone?
12:11 < pekster> Your client LAN (ie: the one you stated in your original goal)
12:11 < mutilator> there is no client lan
12:12 < mutilator> there is a pc plugging into the phone
12:12 < pekster> Which obviously needs an address
12:12 < mutilator> so i guess you could say that connect is THE lan
12:12 < pekster> Where does it get its addressing from? The phone?
12:12 < mutilator> thats exactly my question
12:12 < rob0> uh
12:12 < mutilator> should i bridge it and dhcp over the vpn
12:12 < pekster> You don't know how your LAN is configured?
12:12 < mutilator> or route it a /30 so the pc and have an ip
12:12 < pekster> No, do not do far-side DHCP
12:12 < mutilator> and = can
12:12 < pekster> Sure, you could do that. I'd use a wider netmask though, so you could have additional devices if the need ever came up
12:13 < pekster> Consider a /27 or /28
12:14 < pekster> You really want a split-VPN setup unless you're truely OK with your LAN PCs not being able to reach _anything_ if the VPN goes down. IOW, configure your phone as a router in "the usual" way, and treat the client LAN as you would any other internal client-side network for routing
12:14 < mutilator> thats exactly how it will be setup
12:15 < mutilator> you plug into the phone and thats your gateway
12:15 < rob0> is there some device providing Internet connectivity to this phone?
12:15 < mutilator> if the vpn dies then no connectivity
12:15 < mutilator> it could be anything rob0
12:15 < pekster> No, I mean even to google will fail
12:15 < mutilator> if you bring this phone to an internet cafe
12:15 < pekster> Or the ISP; you will be 100% unable to reach _anything_ if the phone is doing !redirect
12:15 < mutilator> and plug it in, you will have a phone
12:15 < mutilator> if you want on the network you plug your pc into the phone
12:15 < pekster> But that's just up to your own routing needs to determine
12:16 < mutilator> you'll never touch the network the phone is plugged into
12:16 < mutilator> any traffic on that pc port will always flow over the vpn
12:16 < pekster> Maybe. If the VPN is up, depending on how you handle failure to connect or disconnect events
12:17 < pekster> Firewalls stop traffic from going where you don't intend; routing tables tell a device how to reach certain networks
12:17 < pekster> Use both wisely
12:17 < mutilator> well sure, if the vpn is up then it'll work, if its not up then plugging in wont do anything
12:17 < pekster> Also posibly wrong without a firewall config that does this
12:17 < mutilator> it will be configured to do that
12:18 < mutilator> this isnt all magically just going to do what i want
12:18 < mutilator> i was just asking what you thought might be the best way to do it
12:18 < mutilator> and obviously you think far end dhcp isn tit
12:19 < pekster> Right, do do that for a variety of reasons, particurlarly that you either need a giant "bridge everything together" solution (which has its own logicical and security issues,) and issues of dealing with the gateway if you're "also" trying to use DHCP on a physical LAN
12:19 < pekster> don't do that*
12:20 < mutilator> which is also why i asked about NAT so i'm not pushing routes to each device that connects
12:20 < pekster> Huh?
12:20 < mutilator> and have a small dhcp on the phone that hands out addresses and the client never needs to configure anything
12:20 < pekster> !redirect
12:20 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
12:20 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
12:21 < mutilator> then the phone will nat all traffic back thru the vpn for the pc
12:21 < pekster> Horrible idea if you control the network at the server side
12:21 < pekster> Try real routing, not hacky NAT
12:21 < pekster> Unless you like awful hacky solutions that by definition prevent any possible way to reach the client device from the server-side LAN
12:21 < mutilator> so just give everyone a /29
12:22 < pekster> Yup
12:23 < mutilator> will need to figure out how to hand out addresses then
12:23 < pekster> RFC1918 gives you a "lot" of /29's, so there's no reason to shoot yourself in the foot for later when it turns out you really need to reach the device (for support, diagnostic, or w/e purposes)
12:23 -!- Mathias___ [uid55083@gateway/web/irccloud.com/x-tjnwsxtbgknmqpxh] has left #openvpn []
12:23 < pekster> Presumably you provision the phones in the normal way; go generate a bunch of networks and push configs to them as you would
12:23 < pekster> Again, none of that is really OpenVPN specific
12:23 -!- geosmin [~geosmin@199.19.94.135] has joined #openvpn
12:24 < pekster> You'll pair that network in a ccd (or --client-connect dynamic config echoing to its $1) file, per !clientlan that you were referenced earlier
12:24 < mutilator> well sure but the pc that plugs into the phone needs to know what addresses & gateways to use
12:24 < pekster> Yes, obviously. This is provided by the phone that you control
12:24 < mutilator> so i need to just figure that part out
12:24 < pekster> So, go configure/control the phone in whatever clever way you're provisioning these
12:24 < mutilator> if its possible even..
12:24 < pekster> You already said it is; they run a DHCP server
12:25 < pekster> Sounds like what you really have is a router/device management problem, not a VPN problem
12:25 < mutilator> they might, i dont know, i'm at the point of figuring out the best way to do this, not what the capabilities currently are
12:26 < mutilator> right, i dont have a vpn problem at all, thats why i started my question the way i did :P
12:27 < pekster> Personally, I've had much better results doing what you suggest in the past by shipping a router (openwrt works well, and are fairly cheap) and put the phone behind it
12:27 < pekster> Then you can also switch phones without needing one that can do "phone stuff plus routing plus DHCP plus fireawll plus VPN"
12:27 < pekster> That's quite the laundry list, especially if you're trying to "automagically provision" this all from the phone server
12:28 < mutilator> yea it's a possibility
12:28 < mutilator> the plug a pc into the phone is icing at this point
12:28 < mutilator> i just want to see how feesable it really is
12:28 < pekster> And if you're not very careful with the firewall on the magic router, you'll end up exposing that PC to serious issues
12:28 < pekster> (I'm not usually inclined to make a phone double as a firewall either, but I like separation of duty, especially for network firewalls)
12:29 < mutilator> it's just running linux
12:29 < mutilator> can be just as good as a lil router
12:29 < pekster> And that's the sound of my point being missed, and my lunch consumed
12:30 < mutilator> minus the inconvienice of carrying yet another device and yet another power outlet necessary
12:36 -!- quup [~ppp@unaffiliated/quup] has joined #openvpn
12:38 < happytoo> dazo: i've been trying to get my head around that page you recommended. so far, it looks like I can *dramatically increase throughput by disabling Tunnel UDP Fragment and Tunnel UDP MSS-Fix, then increasing Tunnel MTU from 1500 to 6000. But then the speed becomes volatile during the speed test and looks like it is locking up. Repeat tests with same settings...back to 5 Mbps
12:38 < happytoo> dazo: any idea what might explain this weirdness?
12:48 -!- geosmin [~geosmin@199.19.94.135] has quit [Ping timeout: 250 seconds]
13:13 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
13:15 -!- manitou [~manitou@unaffiliated/manitou] has quit [Client Quit]
13:24 -!- Eagleman [~Eagleman@546BCA74.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
13:26 -!- mattock is now known as mattock_afk
13:32 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 240 seconds]
13:33 -!- mehwork [~mehwork@162.243.148.21] has left #openvpn []
13:34 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
13:36 -!- mattock_afk is now known as mattock
13:40 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:43 <@dazo> happytoo: are you testing on an internal network, or going via an ISP?
13:44 < happytoo> via an isp
13:44 < happytoo> dazo
13:44 < happytoo> dazo: after lots of tweaking and researching, i think the issue may be the weak cpu in the linksys e1200
13:44 <@dazo> happytoo: then that might be the reason ... if measure your performance via sites like speedtest.net, you never get exactly the same result .... and it might be your ISP caps your network speed in some circumstances too
13:45 < happytoo> i thought about that
13:45 < happytoo> isp isn't throttling if i vpn from computer
13:45 < happytoo> only if the router is handling the vpn
13:45 < happytoo> makes me think hardware is the bottleneck
13:46 <@dazo> try without a router on the side with the linksys router ... to see if it's the ISP or something else
13:46 <@dazo> (reduce the variables as much as possible, and then add each "variable" one-by-one, to see where the performance drops)
13:46 < happytoo> that's what i did over the last couple of hours
13:46 < happytoo> through router without vpn = very fast
13:47 < happytoo> from computer with vpn = same (very fast)
13:47 < happytoo> through router *with vpn = 5 Mbps
13:47 <@dazo> right, then the router might be an issue
13:47 < happytoo> :)
13:47 < happytoo> I can be taught!
13:47 <@dazo> s/ an / the /
13:52 < happytoo> if cpu is going to be the issue, then wouldn't it make more sense to get a cheap older desktop and use that as a router?
14:00 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 252 seconds]
14:05 -!- rbxs [~rbxs@92.63.171.51] has joined #openvpn
14:06 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:12 -!- Tander1gi [Tander1gi@gateway/vpn/mullvad/x-pjkumjrdxlywmdtk] has quit [Ping timeout: 252 seconds]
14:13 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
14:25 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
14:26 <+esde> happytoo, that is literally how my network is currently configured
14:26 <+esde> im on my second or third GX270
14:28 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 252 seconds]
14:28 -!- DrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 264 seconds]
14:45 -!- dazo is now known as dazo_afk
14:53 <+hyper_ch> good evening, folks, aliens, bots, other beings
14:54 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
14:56 -!- mattock is now known as mattock_afk
14:57 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
14:57  * Eugene vomits welcomingly
14:57 <+hyper_ch> you must fall into the aliens categor
14:57 <+hyper_ch> y
15:01 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:7548:4475:a6e2:d134] has joined #openvpn
15:01 -!- Dropje [~yge@ip4da1148b.direct-adsl.nl] has quit [Read error: No route to host]
15:01 < wiflix> hey guys. what is the best way for me to identify an openvpn session in client-connect and client-disconnect?
15:02 < wiflix> just take the filename of the temp config file given in $1?
15:02 <+hyper_ch> what do you mean by identify openvpn session?
15:03 < wiflix> i have multiple instances running and i want to register each session in a shared database
15:03 < wiflix> to limit the number of connections per client
15:04 < wiflix> but in client-connect and client-disconnect i don't have access to the commonName, if i am correct
15:05 <+hyper_ch> common_name
15:05 <+hyper_ch> The X509 common name of an authenticated client. Set prior to execution of --client-connect, --client-disconnect, and --auth-user-pass-verify scripts.
15:05 <+hyper_ch> it's available as env var
15:05 <+hyper_ch> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAU
15:05 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
15:06 < wiflix> aaah ... thanks a bunch :) will read up on that
15:06 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:08 < wiflix> ok, there does not seem to be any kind of session identifier.
15:09 < wiflix> but the common_name env variable helps for the first step ...
15:09 <+hyper_ch> I still have no idea what you want to do
15:09 <+hyper_ch> but good luck
15:10 < wiflix> i have a client A and two instances 1 and 2. A connects to 1, to 1 again and to 2
15:10 < wiflix> so it has three running connections
15:11 < wiflix> in a database i want to track all of those sessions ... on client-disconnect, how do i know, which session to delete from the database? how can i identify my session? i can not use the common_name for that, because it can have multiple running sessions, even per instance
15:12 <+hyper_ch> you can do a combo of common name and dev name
15:12 <+esde> >the filename of the temp config file given in $1
15:12 <+esde> i dont even
15:12 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
15:12 < wiflix> but if it's the same instance, it will be $commonName and tun0 for two sessions
15:13 <+hyper_ch> why even allow same common name to connect twice
15:13 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
15:13 < wiflix> why not? :)
15:13 < wiflix> could be pc and iphone e.g.
15:15 < wiflix> ok, i can't even use the temp conf file name, because it is not available in the client-disconnect :D
15:15 <+hyper_ch> then hand out two certs
15:16 < wiflix> i am not using certs :) i am using usernames ...
15:16 <+hyper_ch> certs are so much better imho
15:24 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
15:25 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:7548:4475:a6e2:d134] has quit [Quit: Leaving.]
15:30 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:36 < Mutantx> I have a uBuntu Desktop with OPENVPN setup so I've generated both client and server conf/certs. Would it be simple to port this over to archlinux openvpn setup as I'm replacing the setup?
15:38 <+hyper_ch> just copy certs and confs
15:43 < Mutantx> hyper_ch: Thanks .. Would i need to copy over RSA related files or do the certs take care of everything?
15:43 < pekster> certificates are the P in PKI.
15:44 < pekster> You need the K (private key components) and I (your CA layout) to continue to functionally use it
15:44 < rob0> Pekster Kan Inform!
15:44 < pekster> Public Key Infrastructure. The certificates are the public bits (signed with the CAs key for authenticity,) private keys (K) and the CA that ties it all together
15:45 < pekster> !intro-to-pki
15:45 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
15:45 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
15:55 <+esde> hmm uBuntu
15:55 <+esde> never heard of it :P
15:56 < Mutantx> haha
15:59 < happytoo> esde: if an old desktop is capable of running lubuntu, is it reasonable to expect that it could serve as an openwrt router with good throughput?
16:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
16:02 < happytoo> hold that thought. turbulence coming...
16:02 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Quit: Leaving]
16:18 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
16:46 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
16:52 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
16:56 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
17:03 -!- hikenboot [~hikenboot@pool-71-174-171-244.bstnma.east.verizon.net] has joined #openvpn
17:04 < hikenboot> hi, I sorry if this is a stupid question but the amazon openvpn appliance does not appear to have an /etc/openvpn director can someone point me to a doc where it tells me this location is?
17:05 < hikenboot> "tells me this location is" "where this location is"
17:12 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
17:14 -!- Eagleman [~Eagleman@546BC110.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:15 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
17:20 < rob0> There's nothing hardcoded about a directory.  The /etc/openvpn/ directory has become a defacto standard, but you can put your config files anywhere you want.
17:20 < rob0> When you say "appliance", I wonder if you mean ...
17:20 < rob0> !as
17:20 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
17:20 < rob0> ?
17:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
17:22 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:24 < hikenboot> yes thats it, i am using it for my 2 user proof of concept
17:25 < hikenboot> thanks
17:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
17:45 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
17:51 < happytoo> back...
17:51 < happytoo> esde: if an old desktop is capable of running lubuntu, is it reasonable to expect that it could serve as an openwrt router with good throughput?
18:00 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Quit: Leaving.]
18:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
18:09 < pekster> !tias
18:09 < pekster> happytoo: Try It And See
18:10 < pekster> Depends on what you define as "reasonable", if you need AES-NI for that definition, if you're using TCO or ASICs could change things, plus factors not relevant
18:10 < pekster> lxde is not a good indication of encryption or I/O, so it's a non-sequitor
18:14 < happytoo> pekster: this computer definitely predates AES-NI
18:15 < happytoo> pekster: "lxde is not a good indication of encryption or I/O, so it's a non-sequitor"   <-- I picked that up on radar, but the meaning is heavily obscured by clouds
18:15 < pekster> "Bob is a great polition. Is he a good artist?"
18:16 < pekster> Obviously, the answer is "maybe." That's the answer to your question too.
18:17 < pekster> politician*
18:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
18:28 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 250 seconds]
18:29 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 276 seconds]
18:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
18:29 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Quit: No Ping reply in 210 seconds.]
18:30 -!- K1rk [~Kirk@5.135.221.149] has quit [Ping timeout: 250 seconds]
18:30 -!- benoliver999 [~ben@ben.baconseed.org] has quit [Ping timeout: 265 seconds]
18:30 -!- K1rk [~Kirk@5.135.221.149] has joined #openvpn
18:30 -!- benoliver999 [~ben@ben.baconseed.org] has joined #openvpn
18:30 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
18:31 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
18:31 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
18:33 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn []
18:52 -!- Eagleman [~Eagleman@546BC110.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
18:53 < happytoo> *
19:02 -!- Eagleman [~Eagleman@546BC110.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
19:22 -!- Nothing_Much [~nothing_m@unaffiliated/nothing-much/x-2931824] has quit [Remote host closed the connection]
19:25 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
19:32 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
19:32 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
19:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
19:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Excess Flood]
19:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
19:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
20:05 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
20:17 < leo2007> I am setting up a openvpn on 443/tcp. the client side is using tunnelblink on OS X. I can verify that the client can connect by using a socks-proxy (using ssh). but it failed without the socks-proxy.
20:17 < leo2007> any ideas what the problem might be?
20:28 <+esde> happytoo, ##pfsense
20:28 <+esde> all your problems solved :)
20:31 <+esde> only with the right hardware though, as i've recently learned. cpu has been the bottleneck for my system unfortunately a P4 2.8GHz is not sufficient for much more than 40+Mbps+ throughput
20:41 <+esde> not just pointing you to the channel. im suggesting you check out the project homepage and see how it's being used on many different hardware combinations from P2's (possibly older legacy CPU's) and to current. also review the feature set and see if it meets your needs. i was able to replace my dd-wrt router running openvpn with a bottleneck, with an old dell desktop and a couple of old nic's. setup was simple and well documented, upgrades are seamless, th
20:41 <+esde> e feature-set is constantly growing and development is active. good luck :)
20:46 <+esde> https://deekayen.net/mac-viscosity-obfsproxy-configuration leo2007
20:46 <@vpnHelper> Title: Mac OS X obfsproxy client configuration | David Norman (at deekayen.net)
20:47 <+esde> but i dont mac :(
20:48 < leo2007> esde: the client can connect via 1194/udp without using any proxy. but I want the 443/tcp as a backup just in case.
20:51 <+esde> what do the logs show
21:08 -!- ExtraCarpety [~ExtraCarp@2607:5300:60:a0d::1] has quit [Quit: ZNC - http://znc.in]
21:08 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
21:23 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
21:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
21:33 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
21:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
21:41 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
21:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
21:55 -!- sleepypc is now known as `hypermist`
22:24 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:38 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 250 seconds]
22:39 < leo2007> esde: I can see the client keep re-connecting. The log looks like this: https://bpaste.net/show/9639b36fd130
22:40 < leo2007> using 443/tcp
23:05 -!- ShadniX [dagger@p57941A46.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:06 -!- ShadniX_ [dagger@p5481CB9C.dip0.t-ipconnect.de] has joined #openvpn
23:06 -!- ShadniX_ is now known as ShadniX
23:15 <+hyper_ch> krzee: so you got net neutrality now?
23:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Excess Flood]
23:20 <+hyper_ch> krzee: https://firstlook.org/theintercept/2015/02/26/fbi-manufacture-plots-terrorism-isis-grave-threats/ see the quote at the end
23:20 <@vpnHelper> Title: Why Does the FBI Have to Manufacture its Own Plots if Terrorism and ISIS Are Such Grave Threats? - The Intercept (at firstlook.org)
23:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:59 < Mutantx> Has anyone had issues with OPENvpn not generating DH parameters? Sits there for "a long time" but doesn't spit out the file. Advice?
23:59 <+hyper_ch> Mutantx: someone generated dh for 8192 bit... he said it took 27h
--- Day changed Fri Feb 27 2015
00:01 < Mutantx> Wow.. Mine after 45 minutes appeared to be done as it allowed for input but nothing was created. Doubt it's a background process.. crashing?
00:01 <+hyper_ch> [Thursday 26 February 2015] [12.02:43] <AndrzejL> hyper_ch: I used easy-rsa 8192 server / client keys and Diffie-Hellman
00:01 <+hyper_ch> [Thursday 26 February 2015] [12.06:10] <AndrzejL> Took me roughly 27 hours to generate Diffie-Hellman... ;)
00:01 <+hyper_ch> if you're back at the prompt then it's doen
00:01 < Mutantx> Ouch...
00:02 <+hyper_ch> it increases exponentially or something
00:02 <+hyper_ch> 4096 only took me a few hourse... 3-4h I think
00:02 < Mutantx> Setting up standard 2048 bit..
00:03 <+hyper_ch> well, it also depends on the cpu
00:03 <+hyper_ch> I think
00:03 < Mutantx> Maybe 3rd time will be the charm..
00:03 <+hyper_ch> you really sure you don't have it?
00:03 < Mutantx> Don't see it in easy-rsa folder.. assuming it wouldn't spit it out anywhere else..
00:04 <+hyper_ch> it's in the key subfolder
00:04 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Quit: haasn]
00:04 <+hyper_ch> dh2048.key
00:04 <+hyper_ch> not sure about the file ext though
00:05 < Mutantx> Yup thats the file name .. I've got WinSCP up i'll sneak in while it generates/controls console
00:06 <+hyper_ch> isn't winscp a windows proggy?
00:07 < Mutantx> Yeah have my pc up winscp is connected to my Wandboard Quad through network
00:07 <+hyper_ch> just surprised people still use windows...
00:08 < Mutantx> Haha I'm stubborn.. Sure enough it's in the keys folder
00:08 < Mutantx> Already done 2048 took ~8-10 minutes
00:09 <+hyper_ch> now set bitrate to 8192 bit in your vars, run clean all, and redo ;)
00:11 < Mutantx> That's cake hyper_ch..
00:13 < Mutantx> Appreciate it, btw
00:22 < leo2007> on centos7 /etc/openvpn by default has perm 0755
00:22 < leo2007> do you set it to something more restrictive?
00:22 < leo2007> 0700 for example?
00:29 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
00:47 <+hyper_ch> no, but the keys are 0600 on my systems
00:47 <+hyper_ch> conf ig 0644
01:09 -!- mattock_afk is now known as mattock
01:13 -!- NChief [~nchief@unaffiliated/nchief] has quit [Ping timeout: 246 seconds]
01:27 -!- benoliver999 [~ben@ben.baconseed.org] has quit [Ping timeout: 246 seconds]
01:30 < leo2007> hyper_ch: thanks
01:38 < pekster> hyper_ch: Generally recommending 8k key sizes is a diservice to users here
01:40 < pekster> It's utteraly unrequired and offers no practical security gain. Feel free to use it yourself, but de-facto recommendations to that effect are so worthless and may actually harm low-power devices, not only vastly increasting generation time, but making connections (or re-negoations) take siganifanctly longer or outright fail
01:54 -!- donnib [~donnib@152.115.31.4] has quit [Read error: Connection reset by peer]
01:54 -!- donnib [~donnib@152.115.31.4] has joined #openvpn
02:01 -!- rbxs [~rbxs@92.63.171.51] has quit [Excess Flood]
02:03 < pekster> hyper_ch: Also, assuming you maintain that inline config thing you really ought to fix the lack of a umask, or it's a security problem
02:04 < pekster> Oh fun, that's the one who perma-ignored me
02:04 -!- mode/#openvpn [+o pekster] by ChanServ
02:05 -!- hyper_ch was kicked from #openvpn by pekster [Come back when you're going to listen]
02:05 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
02:05 -!- mode/#openvpn [+v hyper_ch] by ChanServ
02:06 <@pekster> hyper_ch: ping
02:16 <@pekster> hyper_ch: Last chance..
02:18 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
02:19 -!- hyper_ch was kicked from #openvpn by pekster [failure to heed op requests: 24 ban for you to fix this (and your auto-rejoin before you've read my first warning kick sucks too.)]
02:19 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
02:19 -!- mode/#openvpn [+v hyper_ch] by ChanServ
02:19 -ChanServ:#openvpn- pekster added *!*@openvpn/user/hyper-ch to the AKICK list, expires in 1 day, 0:00:00.
02:19 -!- mode/#openvpn [+b *!*@openvpn/user/hyper-ch] by ChanServ
02:19 -!- hyper_ch was kicked from #openvpn by ChanServ [Banned: ignoring op requests: 24 ban for you to fix this]
02:19 -!- mode/#openvpn [-o pekster] by ChanServ
02:27 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 250 seconds]
02:29 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 252 seconds]
02:31 < leo2007> how is the --ca being used in a server? Is it used to authenticate clients?
02:32 < pekster> Right, the certificate (and its possible chain) presented by the client on a connect is validated back to the root specified by --ca on the server side
02:33 < leo2007> pekster: thanks.
02:35 < leo2007> can a compromised client key/cert be used to impersonate a server?
02:36 < pekster> Provided you're signing the CSR from the server (using your CA, which ideally is not the server system) using the 'TLS Server' attribute, you can protect that by using !mitm
02:36 < pekster> !mitm
02:36 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
02:36 < pekster> See (#3) above for the client-side protection to validate that cert attribute. This prevents a client from acting as a server since your CA should never issue client-certs with that bit in them
02:42 < leo2007> pekster: my server cert has these extensions: https://bpaste.net/show/60fbf2121e72
02:43 < leo2007> which seems not have the "TLS Server" bit.
02:43 < pekster> You either didn't show or don't have the X509v3 EKU for 'TLS Web Server Authentication'
02:44 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:44 < pekster> Verify with `openssl x509 -noout -text -in server.crt`
02:46 < pekster> You also might consider a certificate manager to act as your CA/PKI manager. There are several options, linked in !certman
02:46 < pekster> Those should all come ready out-of-the-box to add in the attributes openvpn utilizes
02:47 < pekster> (that's not required though: you're free to use whatever method you'd like to handle signing)
02:48 < leo2007> when generate the server cert req I have extendedKeyUsage = serverAuth,clientAuth but not when signing it with the CA.
02:48 < leo2007> I am still new to openssl.
02:48 < vegardx> Shame OpenCA is unmaintained.
02:49 < pekster> Yea, that eKu in the CSR is meaningless; it's just a hint to the CA, which (since you're acting as your own CA) ends up ignored
02:49 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:50 < pekster> You want both the kU and eKu set to utilize the more advanced MITM and role protection openvpn offers. Also consider carefully if you really want to mark a cert with both client & server attributes
02:51 < pekster> It's possible (though generally less useful) to have the server validate that the cert is a client, but this might change in meaning depending on eKu bits
02:52 < leo2007> pekster: thanks for the info.
02:52 < leo2007> Do I need the nsCertType for the server?
02:52 < pekster> Ugh, no. "Netscape" shit is long-deprecated
02:52 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
02:52 < leo2007> OK, thanks.
02:53 < pekster> easyrsa v3 does not even so nsCertType by default, as explained here: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc2/doc/EasyRSA-Upgrade-Notes.md#list-of-important-changes
02:53 <@vpnHelper> Title: easy-rsa/EasyRSA-Upgrade-Notes.md at v3.0.0-rc2 · OpenVPN/easy-rsa · GitHub (at github.com)
02:53 < pekster> --remote-cert-tls should be preferred unless you're stuck with a legacy setup (and remeber to pay your respects to Netscape Navigator of old when you do that :P )
03:38 -!- `hypermist` is now known as sleepypc
04:08 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
04:12 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:16 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
04:36 < leo2007> pekster: thanks a lot, I just finish revoking/resign the certs.
04:36 < leo2007> remote-cert-tls client only makes sense in a server config right?
04:43 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
04:44 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 255 seconds]
04:45 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 252 seconds]
04:46 < pekster> leo2007: Right, and that's only useful to the point you want to prohibit a server-issued cert from pretending to be a client
04:46 < pekster> That's still potentially useful, but not as likely as a client (by compromise or evil intent of the key holder) trying to hijack traffic from other clients
04:53 < leo2007> pekster: that's how I understand it ;)
04:54 < leo2007> pekster: any recommendation in distributing crl.pem? At the moment I just scp it to the server.
04:56 < pekster> If you control both the CA and all servers, that's fine since you'll obviously know if you make a revocation. Distribution (and surrounding policies) are more of an issue when the management of those 2 components are disparate, or you have so many servers that automation is desired
04:59 < pekster> You may mark your CRLs with a next-update field, but openvpn doesn't use that directly (and if you wish to deny all connections for an "outdated" CRL you'd need to script such logic.) OCSP is another option, but there again probably something you'd need to use a --tls-verify script for
05:00 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
05:01 < leo2007> pekster: thanks again!
05:08 < leo2007> when I have tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 in the server config
05:10 -!- toe [~toe@manitu.oepkes.net] has joined #openvpn
05:10 < leo2007> the server has error: TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
05:10 < leo2007> ideas?
05:11 < pekster> Sounds like lack of TLSv1.2 on one end. Read the info about tls-cipher here:
05:11 < pekster> !hardening
05:11 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
05:11 < pekster> Notably, use of all SHA-2 varients are not part of TLSv1.0
05:12 < pekster> Either use a TLSv1.2-supporting version, or accept at least one common TLSv1.0 cipher
05:12 < leo2007> pekster: yes, I picked up the list from the hardening guide.
05:12 < leo2007> the server is running 2.3.6 and the client tunnelblink with openvpn 2.3.6
05:12 < pekster> Your list omits _all_ TLSv1.0 options. Read the note about the version requirement for openvpn
05:13 < leo2007> should the client config also have the same tls-cipher setting?
05:13 < pekster> Then either the opposing side doesn't have any overlapping ciphers, or it might not be using the version you think (IIRC tunnelblick ships with multiple backend binaries in the .app package)
05:13 < pekster> Depends; the default is to accept everything openvpn accepts; a defined non-overlapping set will cause that error
05:18 < pekster> (or maybe your openssl doesn't support TLSv1.2?)
05:20 < leo2007> now I have tls-cipher set to the 1.0 list on both the server and client and I have another error: Authenticate/Decrypt packet error: packet HMAC authentication failed
05:20 < pekster> Probably mis-matched crypto settings
05:20 < pekster> (could be the auth or tls-auth, both of which must be agreed-upon by both ends)
05:21  * leo2007 brb
05:28 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
05:29 -!- jim87 [~jim87@2001:41d0:52:500::2a2] has joined #openvpn
05:30 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Ping timeout: 252 seconds]
05:30 < jim87> hello! I'd like to tunnel all the connections (TCP and UDP) via a VPN. I've configured the server with push "redirect-gateway def1 bypass-dhcp" and setting iptables with iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
05:30 < jim87> the problem is that when I try to connect to a website with the vpn, it will timeout
05:30 < jim87> while without it connects correctly. Any idea?
05:31 < pekster> Then you've more to do it seems. Read:
05:31 < pekster> !redirect
05:31 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
05:31 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
05:31 < pekster> flowchart is useful
05:32 < jim87> thanks pekster... how can I enable the redirect-gateway on the client?
05:33 < jim87> same option of the server?
05:38 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
05:39 < pekster> Read what --push does in the manpage
05:41 < jim87> ok just read - the configuration is pushed
05:41 < jim87> so server-only
05:41 < jim87> so I went up to "ping 8.8.8.8" - can't - ip forwarding is enabled by iptables, right?
05:42 < pekster> No, by enabling IP forwarding in your system
05:42 < pekster> The factoid gave you more !things to read
05:42 < pekster> !new
05:42 <@vpnHelper> "new" is (#1) New here? Start by reading the /TOPIC and looking at basic info in !welcome, !ask, and !howto or (#2) You can type each of the !commands in this chat and our bot will provide useful references and info or (#3) you can see the full factoids list at !factoids or (#4) Also new to IRC? Here's an intro: http://catb.org/~esr/faqs/smart-questions.html#intro
05:43 < pekster> OpenVPN is "just a security-related router" really. Routing, firewalling, and NAT are the same as for any RFC1918 router connecting a private LAN (your VPN) to the Internet
05:44 < jim87> ok actually IP forwarding is enabled
05:44 < jim87> (server side)
05:46 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
05:46 < pekster> And to be clear, you did successfully ping the server on the _inside_ (VPN-issued) network, from the client? (that was step 1 in the flowchart)
05:47 < jim87> I pinged from the server
05:47 < jim87> it's hard to ping from android
05:47 < jim87> :P
05:47 < pekster> To what, the client on its RFC1918 IP?
05:47 < jim87> yep I pinged the client's VPN IP
05:48 < jim87> I can install a TTY emulator on Android and check it
05:48 < pekster> I'm guessing firewall. Pastebin `iptables-save -c` somewhere
05:48 < pekster> since an ICMP echo-request is bi-directional, you know basic connectivity works
05:49 < jim87> for linux there's ix, right? don't remember, I used it on Arch, not sure there's for Debian too
05:50 < pekster> If you're using Netfilter on the server, that is the only acceptable way to show a complete ruleset
05:51 < jim87> this is the output: http://pastebin.com/jMkqpzWW
05:51 -!- Latrina [~Latrina@adsl-ull-61-223.50-151.net24.it] has quit [Ping timeout: 245 seconds]
05:52 < pekster> filter/FORWARD has hits, but not the SNAT (MASQUERADE) rule in nat
05:52 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 252 seconds]
05:52 < pekster> Probably bad matches on that rule on line 12
05:53 < jim87> 10.8.0.0/24 <-- maybe this setting?
05:53 < jim87> I didn't change that rule from the default config
05:53 < pekster> And at some point (once basic things work) you should run a default-drop stateful firewall on the server, otherwise next-hop (and possibly further with upstream router cooporation) can send into your VPN
05:53 < pekster> There are no default rules in Netfilter
05:53 < jim87> I mean openvpn's
05:55 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 264 seconds]
05:55 < pekster> Either 1) your traffic is not coming from 10.8.0.0/24 (in which case you'd correct it), 2) it's not going out eth0 (in which case you'd correct it), or 3) the forwarded traffic passing through that system is not VPN traffic at all, in which case you need to figure out what it is and fix your VPN
05:55 < jim87> I'm a little bit lost by now
05:55 -!- Latrina [~Latrina@adsl-ull-112-191.50-151.net24.it] has joined #openvpn
05:55 < jim87> openvpn runs on  10.8.0.0 with mask 255.255.255.0
05:55 < pekster> There are literally 2 matches in that rule; obviously you are not forwarding any packets through that system that are sourced from 10.8.0.0/24 that are leaving the eth0 device, since line 12 has a hitcount of zero
05:56 < pekster> `ip a` and `ip r` on your server may help
05:56 < pekster> Those are more basic networking commands you should be familiar with doing any routing on Linux, described in ip(8)
05:57 < pekster> Basic Netfilter matches such as -s and -o are in iptables(8) if you need a reminder on those
05:57 < jim87> http://pastebin.com/aXyGQEpe
05:58 < jim87> ip r shows: 10.8.0.0/24 via 10.8.0.2 dev tun0
05:59 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
05:59 < pekster> You have no eth0 device
05:59 < pekster> So obviously the rule on line 12 will never match any packets on that system unless you add a network device or rename one
05:59 < jim87> =\ you're right
05:59 < jim87> found the problem, silly me
05:59 < jim87> I'd point to venet0 right?
06:00 < pekster> Right. The "alias" is because some networking tool you're using is stuck on the old 2.4 Linux kernel way of doing things from yester-century
06:00 < jim87> should I reload the server or the connection? still not working =
06:00 < jim87> =\
06:01 < pekster> You'd need a fresh connection (the ICMP test) from the client as Netfilter nat is only consulted on the first packet in a session, but otherwise if that's the only change it'll take effect life
06:01 < pekster> live*
06:02 < jim87> k, do it in 30 minutes, have to go. Thank you VERY much for the help so far :) I really appreciate it
06:03 < pekster> Sure. And save those manpage references above for reading (they contain info you'll probably need at some point later)
06:28 < jim87> ok ping 8.8.8.8 works, seems to be a DNS problem now :D
06:29 < jim87> not either, it pings google.com
06:29 < jim87> reload the browser maybe?
06:33 -!- Eagleman [~Eagleman@546BC110.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
06:39 < leo2007> is it possible to have `crl-verify crl.pem' but don't complain if crl.pem is not found?
06:41 < pekster> No, but you can create a CRL without any revocations (as it's the signature stating that there are no revocation that's the important part)
06:42 < leo2007> ok, thanks.
06:43 < jim87> pekster: this is the updated iptables-save -c... I can ping 8.8.8.8 and google.com, but still not connecting to any website: http://pastebin.com/xnDHnssS any idea?
06:44 < jim87> pekster: openvpn is configured to use dev tun, but I see there are no packets for rule on line 39?
06:44 -!- benoliver999 [~ben@ben.baconseed.org] has joined #openvpn
06:45 -!- u0m3 [~u0m3@213.233.104.37] has joined #openvpn
06:49 -!- Eagleman7 [~Eagleman@546BC36B.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:59 -!- Eagleman7 [~Eagleman@546BC36B.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
07:00 < jim87> pekster: it seems either requests are not passed to the internet from the VPN or they're not returning back?!?
07:01 < jim87> pekster: strange though ping by IP and NS works
07:02 -!- u0m3 [~u0m3@213.233.104.37] has quit [Ping timeout: 264 seconds]
07:09 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
07:10 < leo2007> how to hide from deep packet inspection?
07:27 < jim87> what does it mean when I redirect the traffic via the VPN and ICMP packets pass, but not HTTP (for instance)?
07:29 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
07:29 < jim87> uhm... TCP packets between server and client work. It must be an iptables problem
07:38 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:42 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
07:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
07:45 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
07:48 < jim87> pekster: do you have any idea? The line of iptables was 0:0 because another rule was overriding it, so that's not the problem. I tried reaching the apache server on the VPN server and it works (not via public IP, but directly via VPN ip). So the problem seems to be to manage the traffic outside the VPN... do you have any idea? Thank you very much
07:48 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:56 -!- Latrina [~Latrina@adsl-ull-112-191.50-151.net24.it] has quit [Ping timeout: 264 seconds]
08:10 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
08:12 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
08:24 -!- jim87 [~jim87@2001:41d0:52:500::2a2] has quit [Remote host closed the connection]
08:25 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Remote host closed the connection]
08:26 -!- u0m3 [~u0m3@92.80.119.236] has joined #openvpn
08:33 -!- u0m3 [~u0m3@92.80.119.236] has quit [Ping timeout: 246 seconds]
09:06 -!- anthony25 [~anthony25@aruhier.fr] has quit [Ping timeout: 246 seconds]
09:12 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has joined #openvpn
09:16 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Ping timeout: 252 seconds]
09:17 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
09:17 < M4rc3l> !welcome
09:17 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
09:18 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:18 < M4rc3l> !howto
09:18 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
09:19 < M4rc3l> is openvpn meant to be installed as root? kind of silly question i know but im new
09:23 <+esde> it will run as root or as a non root user
09:24 <+esde> !noroot
09:24 <@vpnHelper> "noroot" is "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions.
09:24 <+esde> :)
09:25 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 246 seconds]
09:26 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
09:27 < M4rc3l> thanks
09:36 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:41 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 246 seconds]
09:41 -!- chocolate [~chocolate@187.181.99.77] has quit [Remote host closed the connection]
09:45 -!- kalken [~default@h-140-181.a336.priv.bahnhof.se] has joined #openvpn
09:46 < kalken> hey guys. I have a rather unusual problem it seems. I want to set up a vpn-client on a local server, and be able to use that vpn-connection with nated-clients behind the server
09:47 < kalken> i dont want the vpn-connection to "take over" the servers external ip, i just want it to be able to nat the vpn-connection to internal clients on the 172.16.3-network
09:48 < kalken> i have solved this with different routing tables in linux before, and that works. But now i'm on an osx-server here, and i dont even know where to start...
09:49 < kalken> is there some built in functionality in the openvpn-client settings to only route traffic from certain ip's through the vpn connection?
09:50 < kalken> the only thing i can see is the ability to route based on destination adress, but thats not what i want. i want all traffic from 172.16.3 network (to anywhere but local) to be routed through the vpn-connection
09:53 < kalken> i have the firewall and everything setup correctly with nat. I just need to figure out how to setup a vpn-connection that doesnt "take over" the servers traffic, and then find a way to route traffic from lan through vpn based on source adress
09:55 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:01 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
10:18 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
10:25 -!- nocturn [~nocturn@unaffiliated/nocturn] has quit [Ping timeout: 255 seconds]
10:27 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:31 -!- nocturn [~nocturn@unaffiliated/nocturn] has joined #openvpn
10:54 -!- hikenboot [~hikenboot@pool-71-174-171-244.bstnma.east.verizon.net] has quit [Ping timeout: 246 seconds]
10:55 -!- Latrina [~Latrina@adsl-ull-176-200.50-151.net24.it] has joined #openvpn
11:07 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:13 -!- fred`` [fred@earthli.ng] has joined #openvpn
11:15 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
11:19 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
11:27 -!- u0m3 [~u0m3@92.80.119.236] has joined #openvpn
11:28 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:41 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
11:54 < zoredache> I don't think there is any option for that on OSX.
11:55 < kalken> so you basically can not create a "custom" routing table?
11:56 < kalken> its interesting because the man page of pf.conf talks about the posibillity to use "rtable"
11:56 < kalken> but nobody mentions how to actually create these tables
11:56 < zoredache> Sure but the feature in the route command to create the table doesn't exist in OSX.
11:57 < zoredache> Theoretically OSX would have a route -T option.
11:57 < zoredache> but I think that is limited to bsd.
11:58 < zoredache> Apple  removed it or something.
11:58 < zoredache> So you probably need to consider setting up either a Linux or BSD system.
12:01 < kalken> ok :)
12:02 < kalken> and there is no way to solve this with openvpn
12:02 < kalken> e.g nopull and set up some custom rules
12:03 < kalken> *routing rules
12:03 < zoredache> OpenVPN just uses the standard routing of the operating systems it is running on.  If you can't configure the OS to do what you want manually, then there is no magic you can do in OpenVPN to make the OS somehow have more functionality.
12:04 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Ping timeout: 256 seconds]
12:05 < kalken> zoredache: what i really wonder is if there is a way to route all incoming traffic from 172.16.3.X through the vpn
12:06 < kalken> this is probably not a "route" command, but a pf-firewall command
12:06 < kalken> i have this: nat on $vpn_if from $vpn_lan to any -> ($vpn_if)
12:07 < kalken> and i guess i need a rule for routing traffic based on incoming ip through that interface too
12:07 < kalken> i tried something like: pass in quick  on $lan_if route-to ($vpn_if 10.10.10.161) from $vpn_lan to !<lan>
12:08 < kalken> but that does not work...
12:08 < zoredache> Well I am not an expert in OSX or PF.  You really might need to go look for a venue where you will find experts in OSX networking.
12:08 < kalken> ok thanks :D
12:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:23 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:48 -!- kalken [~default@h-140-181.a336.priv.bahnhof.se] has quit [Ping timeout: 245 seconds]
12:52 -!- rbxs [~rbxs@92.63.171.51] has joined #openvpn
13:01 -!- kalken [~default@h-140-181.a336.priv.bahnhof.se] has joined #openvpn
13:06 -!- kalken [~default@h-140-181.a336.priv.bahnhof.se] has quit [Ping timeout: 240 seconds]
13:08 -!- u0m3 [~u0m3@92.80.119.236] has quit [Ping timeout: 264 seconds]
13:20 -!- kalken [~default@h-140-181.a336.priv.bahnhof.se] has joined #openvpn
13:22 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
14:12 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
14:23 < M4rc3l> hi is it possible to run openvpn on 2 different ports at the same time? for example port 80 and 23434
14:24 <+esde> sure
14:24 <+esde> not with the same daemon though, afaik
14:24 <+esde> you'd need to run two separate instances, with each respective port defined
14:25 < M4rc3l> would i need two separate users also?
14:25 <+esde> why would you?
14:25 <+esde> mirror the config for each instance if you want, only changing the port number
14:26 <+esde> then you're using the same PKI without managing two different sets
14:26 < M4rc3l> ah this makes sense
14:26 < M4rc3l> thanks
14:26 <+esde> np
14:35 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
14:36 < Mutantx> Been working on a OPENVpn setup. Have generated all keys/certs and have successfully connected using OPENVPN on PC. Attempting to setup tomato shibby router(translate client.conf to Openvpn client settings) but just can't seem to get the right settings from the client.conf. Help?
14:37 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
14:46 <+esde> how can we help if we've nothing to go on
14:46 <+esde> !welcome
14:46 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
14:46 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:47 < Mutantx> Guess I'll throw it on here
14:48 < Mutantx> client
14:48 < Mutantx> ;remote 192.168.1.37 1194
14:48 < Mutantx> remote 192.168.2.105 1194
14:48 < Mutantx> ca ca.crt
14:48 < Mutantx> cert client.crt
14:48 < Mutantx> key client.key
14:48 < Mutantx> cipher AES-128-CBC
14:48 < Mutantx> ;cipher DES-EDE3-CBC
14:48 < Mutantx> comp-lzo yes
14:48 < Mutantx> dev tun
14:48 < Mutantx> proto udp
14:48 < Mutantx> tls-auth ta.key 1
14:48 < Mutantx> nobind
14:48 < Mutantx> auth-nocache
14:48 <+esde> no
14:48 <+esde> !pastebin
14:48 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
14:49 <+esde> Please do not flood. Please take time to read the factoids.
14:50 -!- atmosx [~bsd@convalesco.org] has joined #openvpn
14:50 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Ping timeout: 256 seconds]
14:58 < Mutantx> fair enough
14:58 < Mutantx> https://gist.github.com/anonymous/e1068d4402280a632c49
14:58 <@vpnHelper> Title: gist:e1068d4402280a632c49 (at gist.github.com)
15:01 < Mutantx> Tomato Shibby Config Screen capture : http://oi60.tinypic.com/dwtny1.jpg
15:03 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:03 -!- A_Pickle [~apickle@192.146.216.10] has joined #openvpn
15:04 < A_Pickle> So, quazchuns
15:04 < A_Pickle> Or rather, just one question:
15:04 < A_Pickle> If I password-protect my ca.key file...
15:04 < A_Pickle> ...how do I open that file for OpenVPN to start?  Is there a way to put the password in the config file, or...?
15:05 < Eugene> openvpn doesn't need the ca.key to start, only the cert's key
15:06 < Mutantx> I have since aligned the compression parameters on both server and client
15:08 < A_Pickle> The server cert's key?
15:08 < A_Pickle> What... if... I encrypted that one, then
15:08 < A_Pickle> ?
15:12 -!- atmosx [~bsd@convalesco.org] has left #openvpn ["WeeChat 0.4.4-dev"]
15:13 < zoredache> It needs access to the unecrypted key to start.
15:14 -!- anthony25 [~anthony25@ip-136.net-81-220-249.rev.numericable.fr] has quit [Ping timeout: 246 seconds]
15:15 < zoredache> I think it supports pkcs11, so maybe you could store it on a smart card somehow, and then only provide the smart card when OpenVPN is started.
15:16 < zoredache> It would be an unusual setup though.  Couldn't you just setup Full Disk encryption or something on your OpenVPN server?
15:21 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:32 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Ping timeout: 246 seconds]
15:32 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
15:34 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Max SendQ exceeded]
15:35 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
15:36 <+esde> Mutantx, your issue might be better serviced by tomato users.
15:36 <+esde> That gui doesnt mean much to me without being able to see the config it's generating.
15:48 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
15:50 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 245 seconds]
15:52 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 256 seconds]
15:53 < pekster> A_Pickle: You can see the management.txt documentation to have the management interface prompt for the password, but that'll still require manual intervention to start the server fully. Alternatively don't encrypt your private keys. Basically the same way you'd run a webserver, with the same 2 choices on handling it
15:57 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
16:04 -!- sleepypc is now known as `hypermist`
16:09 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
16:15 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
16:26 -!- mattock is now known as mattock_afk
16:27 -!- bonjurkes [~bonjurkes@104.224.146.249.16clouds.com] has joined #openvpn
16:28 < bonjurkes> ahoy
16:29 < bonjurkes> if I apply a rule on hosts file on openvpn server, would that effect to clients also? Like specifying ipaddresses manually etc.
16:29 < bonjurkes> I am using push dns option tho
16:29 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Remote host closed the connection]
16:31 < Eugene> No.
16:32 < bonjurkes> so I can't block access of client to some website over host file. Any possible way to do that by another method?
16:32 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
16:32 < Eugene> What you're describing is a proxy server
16:34 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Max SendQ exceeded]
16:34 < bonjurkes> well simply I am trying to block ads network access over vpn
16:34 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
17:04 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:07 -!- bonjurkes [~bonjurkes@104.224.146.249.16clouds.com] has left #openvpn ["Leaving"]
17:21 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
17:25 < A_Pickle> Thanks everyone.  I was just messing around with EasyRSA v3, and...
17:26 < A_Pickle> ...I like encrypting things, so I added a password.
17:26 < A_Pickle> I shall rebuild my PKI with an unencrypted server key.
17:33 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:33 -!- mode/#openvpn [+v s7r] by ChanServ
17:35 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
17:36 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
17:39 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:43 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
17:43 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
17:44 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
17:48 < pekster> A_Pickle: You can just modify the server key and save it unencrypted
17:50 < pekster> A_Pickle: If you're using esayrsaV3, see the 'set-rsa-pass' command which does just that (openssl is also able to do this itself, if you'd prefer.) This is intended to be done by the system that generated your keypair, which is also ideally not the CA itself for separation of duty (key escrow is best avoided unless you intended to do that)
18:04 -!- fred`` [fred@earthli.ng] has joined #openvpn
18:05 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Read error: Connection reset by peer]
18:07 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
18:09 -!- A_Pickle [~apickle@192.146.216.10] has quit [Quit: Leaving.]
18:18 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
18:20 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
18:28 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 250 seconds]
18:36 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
18:47 -!- FierceOmelette [~none@unaffiliated/bsdbeard] has joined #openvpn
18:48 -!- votlon [~votlon@66.214.191.162] has joined #openvpn
18:50 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Read error: Connection reset by peer]
18:51 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
18:55 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
18:55 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
19:07 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 272 seconds]
19:08 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has quit [Read error: Connection reset by peer]
19:09 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has joined #openvpn
19:15 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Read error: Connection reset by peer]
19:16 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
19:19 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
19:20 -!- kalken [~default@h-140-181.a336.priv.bahnhof.se] has left #openvpn ["WeeChat 1.1.1"]
19:20 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
19:40 < votlon> hello all
19:40 < votlon> i was wondering if someone had time to check out my config files
19:41 < votlon> i dont understand why i cant get this vpn server working :/
19:47 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Quit: Leaving]
19:51 -!- vegardx [~vegardx@176.111.205.230] has left #openvpn []
20:04 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Ping timeout: 246 seconds]
20:11 <+esde> votlon,
20:11 <+esde> !welcome
20:11 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
20:11 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:11 <+esde> !configs
20:11 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:11 <+esde> however, you could skip configs and review
20:11 <+esde> !howto
20:11 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
20:12 <+esde> first and see if it answers any questions you might have first
20:12 <+esde> -first :)
20:20 -!- derpingit [~ircap@209-203-71-82.static.twtelecom.net] has joined #openvpn
20:21 < derpingit> hi guys. i'm on an amazon firetv runnind angroid and i've isntalled the lastes openvpn.. i have a problem connecting to privateinternetaccces "RROR: depth=0, error=certificate signature fail
20:21 < derpingit> ure
20:21 < derpingit> i'm using certs provided by them
20:30 -!- FierceOmelette [~none@unaffiliated/bsdbeard] has quit [Quit: :wqa[ll]!]
20:31 <+esde> youll have to get support through them :)
20:31 < derpingit> so is something on their end?
20:32 <+esde> it's something they must be involved in troubleshooting
20:32 < derpingit> because those same certs work on windows :/
20:32 < derpingit> they won;'t support me
20:32 <+esde> we can't
20:32 <+esde> you dont have control over both ends
20:32 <+esde> all we can tell you is, follow their instructions to a tee
20:33 < derpingit> i was thinking it had something to do with the key and sha1.
20:33 < derpingit> do i need to install something to the os to read sha1 keys?
20:33 <+esde> feel free to post their support docs and your current configs and logs. if someone can offer advice, they may
20:33 <+esde> why wont they support you
20:36 < derpingit> one sec let me dig their official response
20:39 -!- votlon [~votlon@66.214.191.162] has quit [Quit: Lost terminal]
20:39 < derpingit> http://pastebin.com/vpjRF8yE
20:41 <+esde> !configs
20:41 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:42 < derpingit> ah sorry bout that
20:42 < derpingit> i have no idea hwo to do that on firetv android :/
20:44 <+esde> could be the openvpn version on the firetv is < the version needed for the configuration you're running, the certs could be mismatched, there are plenty of possibilities without all of the pieces
20:44 <+esde> which brings us to my earlier point
20:44 <+esde> youll have to get support through them :)
20:45 <+esde> or amazon perhaps
20:45 < derpingit> lol..
20:45 < derpingit> thanks, esde
20:45 <+esde> np
20:45 -!- derpingit [~ircap@209-203-71-82.static.twtelecom.net] has left #openvpn []
20:57 < leo2007> I have `push "redirect-gateway def1 bypass-dhcp"' on the server.conf. When a client connects to the openvpn server, I can no longer access the client (also remote from me) using its public IP. Did I miss something?
21:01 -!- Denial [~Denial@host31-52-126-43.range31-52.btcentralplus.com] has quit [Ping timeout: 252 seconds]
21:12 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
21:15 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
21:20 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:30 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 244 seconds]
21:38 -!- `hypermist` is now known as sleepypc
21:39 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
21:39 -!- mode/#openvpn [+v s7r] by ChanServ
21:49 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:02 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
22:30 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
22:31 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Max SendQ exceeded]
22:32 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
22:36 < Mutantx> I've been testing out my encryption settings on my OPENVPN server and when designating it as none I get "Assertion failed at crypto_openssl". I just set this OPENVPN server up yesterday so versions should be up to date but will check that now. Anyone run in to this before?
22:36 -!- sleepypc is now known as `hypermist`
22:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:50 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
22:52 < mnathani_> how can I use proxy arp to provide an IP address from my server pool over to a vpn client?
23:05 -!- ShadniX [dagger@p5481CB9C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:05 -!- ShadniX [dagger@p5DDFEA76.dip0.t-ipconnect.de] has joined #openvpn
23:12 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
23:30 -!- unicodesnowman [~unicodesn@unaffiliated/unicodesnowman] has joined #openvpn
23:32 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:32 < unicodesnowman> I'm starting a commercial VPN service. How do I isolate different clients so they can't access other clients?
23:37 -!- `hypermist` is now known as sleepypc
23:38 -!- sleepypc is now known as `hypermist`
23:44 < Mutantx> Running OpenVPN 2.3.6 with OpenSSL 1.0.2 *
23:48 < unicodesnowman> also, how can i limit the ma xnumber of concurrent connections?
--- Day changed Sat Feb 28 2015
00:01 -!- `hypermist` is now known as sleepypc
00:03 -!- ShadniX [dagger@p5DDFEA76.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:04 -!- ShadniX [dagger@p5DDFE23D.dip0.t-ipconnect.de] has joined #openvpn
00:05 < Mutantx> Error I was encountering relating to cipher is a bug that apparently didn't make it into 2.3.6 :\
00:06 < Mutantx> fix didn't*^
00:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:51 -!- sleepypc is now known as `hypermist`
00:57 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:31 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
01:33 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Remote host closed the connection]
01:35 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
01:35 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
01:43 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Excess Flood]
01:44 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
02:19 -!- mode/#openvpn [-b *!*@openvpn/user/hyper-ch] by ChanServ
02:29 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has quit [Ping timeout: 255 seconds]
02:38 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has joined #openvpn
02:51 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection reset by peer]
03:02 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has quit [Ping timeout: 244 seconds]
03:06 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has joined #openvpn
04:10 -!- Latrina [~Latrina@adsl-ull-176-200.50-151.net24.it] has quit [Ping timeout: 246 seconds]
04:12 -!- Latrina [~Latrina@adsl-ull-176-200.50-151.net24.it] has joined #openvpn
04:18 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:33 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
04:35 -!- tristan_c [~tristanc@81.141.95.107] has joined #openvpn
04:46 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
04:57 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:19 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Read error: Connection reset by peer]
05:20 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: really? must I leave? aw pls let me stay!]
05:20 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
05:38 < tristan_c> Anyone have experience of initiating OpenVPN over a tunnelled ssh connection using autossh?
05:40 < tristan_c> !staff
05:42 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
05:42 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
05:47 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
06:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
06:50 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:52 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Read error: Connection reset by peer]
06:56 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
06:58 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:59 <+esde> !welcome
06:59 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
06:59 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:59 <+esde> !ask
06:59 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
07:03 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 272 seconds]
07:16 < leo2007> why this error: Sat Feb 28 21:12:15 2015 us=209121 cambridge@vegas.duckdns.org/221.222.151.83:53896 MULTI: bad source address from client [192.168.1.147], packet dropped
07:16 < leo2007> the client on my ipad doesn't produce this error but tunnelblink on mac osx does
07:16 < leo2007> ideas?
07:51 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:54 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
07:59 < unicodesnowman> I'm starting a commercial VPN service. How do I isolate different clients so they can't access other clients?
07:59 < unicodesnowman> also, how can i limit the ma xnumber of concurrent connections?
08:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:52 -!- Azrael_- [~idjfiawej@adsl-84-226-228-96.adslplus.ch] has joined #openvpn
08:52 < Azrael_-> hi
08:53 < Azrael_-> i just installed openvpn and running into this error: Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)   the system/kernel was updated. can i fix this without rebooting?
09:01 < tristan_c> did you add the interface to your network config file?
09:02 < Azrael_-> tristan_c: i'm following this tutorial and i didn't see such a task there: https://wiki.debian.org/OpenVPN
09:02 <@vpnHelper> Title: OpenVPN - Debian Wiki (at wiki.debian.org)
09:03 < tristan_c> "On the client, copy /etc/openvpn/static.key from server and create a new /etc/openvpn/tun0.conf file and add the following:"
09:04 < Azrael_-> ok, didn't want to use static keys, used the wrong line for testing, thanks for the hint
09:08 -!- cultavix [~cultavix@unaffiliated/cultavix] has joined #openvpn
09:08 < cultavix> good afternoon :)
09:09 < cultavix> So I'm trying to setup an OpenVPN server. It needs to be TAP, because of the devices we're connecting to it. So currently, I've got a box with 3 adapters on it, external access, internal access and a third adapter to bridge, for the tap device. I've set everything up as instructed on the Openvpn Docs, and it all seems to work OK, exccept that clients cant ping the server, clients cant ping eachother and the server cant ping the clients.
09:10 < cultavix> I've put in the firewall rules as instructured, tried without the firewall
09:10 < cultavix> brctl show gives you the correct answer
09:10 < cultavix> I'm at a loss...
09:15 < Azrael_-> ok, a restart helped :)
09:17 -!- rich0_ is now known as rich0
09:17 < Azrael_-> tristan_c: any more ideas how this could be solved without a restart?
09:18 < tristan_c> Sorry, no expert myself...
09:23 < Azrael_-> k
09:23 < rob0> Azrael_-, "modprobe tun"
09:24 < Azrael_-> rob0: ok, will try it next time, thanks
09:24 < rob0> cultavix, do these devices not speak IP?
09:25 < cultavix> rob0, what do you mean?
09:25 < cultavix> they don't speak tun ;)
09:25 < cultavix> They are preconfigured to use only Tap
09:25 < cultavix> they are meant to be used with their own firewall solution
09:25 < cultavix> but they are expensive and shitty
09:28 < rob0> Only devices which are not IP-capable, like Windows 3.1(/Novell Netware) or Macs from the same era, need bridging.
09:29 < rob0> I think you're headed down the wrong path.
09:41 < cultavix> rob0, we have a VPN in place
09:41 < cultavix> it uses bridging
09:41 < cultavix> it has been working for years, I simply want to replace it with my own
09:41 < cultavix> the clients cannot be modified
09:41 < cultavix> they use a ca certificate, a username/password and they are tap (com-lzo)
09:42 < cultavix> I cannot change that
09:42 < cultavix> We basically have industrial devices which are put into wind-turbines, they have a little 3G router inside, called an eWon (they are about 900 Euros each)
09:43 < cultavix> I've got a bridged mode openvpn server running at home, no problem, but it's on Debian
09:43 < cultavix> The problem seems to be with CentOS
09:44 < cultavix> I guess I'm just annoyed now! :( I hate it when I dont know why something doesnt work
09:44 < Thermi> cultavix: Give yourself a break now and clear your head.
09:44 < cultavix> Thermi, thanks for the advice... I definately am haha
09:51 -!- UnixSage [~jplace@ip98-169-237-70.dc.dc.cox.net] has joined #openvpn
09:56 < Azrael_-> do i have to switch to a bridged vpn for setting up samba to listen only on the vpn-interface or is there any other option i don't know yet?
10:03 < rob0> oh certainly not
10:04 < rob0> I guess you'd look at smb.conf(5) options and maybe ask in #samba for Samba help?
10:04 < rob0> I vaguely recall some "interfaces" setting.
10:04 < Azrael_-> rob0: already did. seems like it fails because tun0 is special but i don't want to switch to bridge mode
10:05 < rob0> probably have to turn off the old legacy broadcast stuff
10:07 < Azrael_-> mind to give me a link or config-hints? i'm not that deep into openvpn yet
10:08 < rob0> there's nothing in openvpn to set, it's Samba, and I have not used Samba in many years.
10:08 < Azrael_-> ah, ok, thanks
10:08 < Azrael_-> will ask there and investigate
10:11 -!- esde [~esde@openvpn/user/esde] has quit [Quit: .]
10:16 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
10:23 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
10:29 -!- Tander1gi [Tander1gi@gateway/vpn/mullvad/x-ezmndmmnffjqsxfn] has joined #openvpn
10:45 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has joined #openvpn
10:45 < Dimik> client can't ping beyond server
10:45 -!- UnixSage [~jplace@ip98-169-237-70.dc.dc.cox.net] has quit [Quit: Leaving]
10:45 -!- `hypermist` is now known as sleepypc
10:46 < Dimik> http://tny.cz/d8706410 client config
10:46 <@vpnHelper> Title: client config - d8706410 (at tny.cz)
10:47 < Dimik> http://tny.cz/60a58b46 server config
10:47 <@vpnHelper> Title: server config - 60a58b46 (at tny.cz)
10:47 < Dimik> pls help
10:57 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
10:58 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
10:59 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
11:06 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
11:12 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
11:13 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
11:14 < tristan_c> I need to start autossh after openVPN loads. Currently trying to do this via a hotplug script and using up / down config options. Can anyone advise on why this might not work? https://forum.openwrt.org/viewtopic.php?pid=267176#p267176
11:15 <@vpnHelper> Title: Script help: launch OpenVPN from a ssh reverse tunnel (Page 1) — General Discussion — OpenWrt (at forum.openwrt.org)
11:29 < cultavix> I got it working in the end. It was fine. The idiots at my company put in place some new group policy that blocks outgoing ICMP (on non-domain networks)
11:31 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
11:33 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 255 seconds]
11:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 255 seconds]
11:42 < Eugene> lul
11:42 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
11:42 -!- mode/#openvpn [+v esde] by ChanServ
11:44 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
11:51 -!- esde [~esde@openvpn/user/esde] has quit [Quit: .]
11:52 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
11:52 -!- mode/#openvpn [+v esde] by ChanServ
11:56 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:58 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:59 < Dimik> can't ping beyond server
11:59 < Dimik> can some one take a look at my configs
12:00 < rob0> you'll need to be more specific -- ping hosts on server LAN, or to the Internet through --redirect-gateway?
12:09 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
12:11 <+esde> <Dimik> can some one take a look at my configs I love when people ask questions this way. Of course we can't look at them if you've yet to provide them.....
12:11 <+esde> !welcome
12:11 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
12:11 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:11 <+esde> !crystal
12:11 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
12:12 <+esde> also feels relevant :)
12:12 < rob0> esde, about 80 minutes ago, two pastebins.  Which brings up another point ...
12:12 <+esde> i check my scrollback
12:12 <+esde> :X
12:12 <+esde> even ctrl +f Dimik before, sorry
12:12 < rob0> ... make it easier for people to help.  Put all relevant information into a single pastebin.
12:13 < rob0> Dimik, anyway, the bot has factoids which will lead you to your answer, but we don't know which factoids you need.
12:14 <+esde> i mustve reconnected just after they were posted. can you repost the information that was already provided please??
12:14 < rob0> ah, yes you did.  16:46 < Dimik> http://tny.cz/d8706410 client config 16:47 < Dimik> http://tny.cz/60a58b46 server config
12:14 <@vpnHelper> Title: client config - d8706410 (at tny.cz)
12:15 <+esde> thank you rob0 Dimik we need your !goal
12:17 <+esde> though from your server config it looks like youre after !redirect
12:17 <+esde> !redirect
12:17 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
12:17 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
12:17 <+esde> check the handy flowchart
12:23 < Dimik> rob0, sorry was afk
12:23 < Dimik> rob0, what do you think about the configs ?
12:24 < rob0> I think you did not answer my question, nor did you consider esde's factoids.
12:31 < Dimik> rob0, sorry about that
12:31 < Dimik> !goal complete traffic redirect as well as accessing workstations on remote LAN via OpenVPN
12:32 < Dimik> ipforwarding is enabled on the server
12:32 <+esde> !ipforward
12:32 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
12:32 <+esde> !linipforward
12:32 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
12:32 <+esde> also review the flowchart in !redirect above
12:33 < Dimik> !redirect
12:33 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
12:33 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
12:33 < Dimik> and hi esde :)
12:35 -!- Latrina [~Latrina@adsl-ull-176-200.50-151.net24.it] has quit [Ping timeout: 272 seconds]
12:35 -!- Latrina [~Latrina@adsl-ull-60-211.50-151.net24.it] has joined #openvpn
12:35 < Dimik> !def1
12:35 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
12:35 < Dimik> !man --redirect-gateway
12:36 < Dimik> !man
12:36 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
12:36 -!- u0m3 [~u0m3@109.96.158.146] has joined #openvpn
12:39 < rob0> !serverlan
12:39 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
12:39 < rob0> ^^ flowchart
12:39 < rob0> also see the !redirect one
12:40 < Dimik> i admire the bots in this channel
12:41 < rob0> yes, it is almost a self-help place, if you know how to get started :)
12:42 < rob0> (which very few people figure out at first, but that's okay.)
12:42 < pekster> If you're doing !redirect, server-LAN access just-works so long as the remote LAN can route back to the VPN network
12:44 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 246 seconds]
12:45 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
12:45 < Dimik> what's weird is that same config works fine on windows 7
12:46 < Dimik> and no go on windows 8
12:47 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
12:47 < rob0> the server is Windows?
12:48 < Dimik> yes server is Windows
12:48 < Dimik> and Windows 7 x64 slows speed down dramatically
12:48 < Dimik> which is why i decided to try same setup on Windows 8 machine
12:49 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
12:50 <+esde> !winipforward
12:50 <@vpnHelper> "winipforward" is (#1) http://support.microsoft.com/kb/315236 to enable ip forwarding on windows or (#2) reboot after enabling it
12:53 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
12:53 < Dimik> :) thanks esde the ip forwarding is enabled
12:59 < Dimik> bbl
12:59 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has quit []
13:04 -!- pushpop [~marc@unaffiliated/pushpop] has joined #openvpn
13:12 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 264 seconds]
13:14 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 245 seconds]
13:16 -!- linuxgeek_ [linuxgeek_@nat/hp/x-tcwxklniqzgapsko] has joined #openvpn
13:17 < linuxgeek_> openvpn is stuck at "adding routes to each vpn server" and eventually disconnects
13:18 <@krzee> openvpn doesnt say "adding routes to each vpn server"  what are you looking at that actually says that?
13:20 < rob0> my toes
13:21 < linuxgeek_> i'm looking at the client
13:23 <@krzee> linuxgeek_, can you give me the url you downloaded this client from?
13:25 < linuxgeek_> krzee, it is an internal url and it says openvpn-connect 2.0.8.106
13:25 <@krzee> there we go
13:26 <@krzee> !as
13:26 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
13:27 < linuxgeek_> oh ok
13:27 < linuxgeek_> thanks
13:27 <@krzee> no problem
13:34 -!- tristan_c [~tristanc@81.141.95.107] has quit []
13:36 -!- linuxgeek_ [linuxgeek_@nat/hp/x-tcwxklniqzgapsko] has left #openvpn ["Leaving"]
13:49 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:50 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Remote host closed the connection]
13:52 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
13:54 < Azrael> Azrael_-: you keep following me
13:54 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Ping timeout: 252 seconds]
14:05 <@krzee> lol
14:14 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
14:16 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:20 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 244 seconds]
14:20 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
14:21 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
14:22 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has joined #openvpn
14:22 -!- soLucien [~Lu@90.202.26.144] has joined #openvpn
14:23 < M4rc3l> hi my openvpn works but i can only connect to websites by ip, what can be causing this?
14:23 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
14:24 -!- soLucien [~Lu@90.202.26.144] has quit [Read error: Connection reset by peer]
14:28 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 246 seconds]
14:31 < pekster> Sounds like you managed to break DNS
14:32 < pekster> You've expalined zero about what you're doing though, so it's really up to you to "undo that breakage." At a wild guess, you're using --redirect-gateway and the DNS server you're using refuses to talk to you after that process
14:32 < pekster> Go fix it by not using DNS servers you're not authorized to use from such a setup
14:33 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
14:35 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
14:47 < Azrael_-> Azrael: sure :)
14:47 < Azrael_-> should i change the default port of the openvpn server?
14:48 < Azrael> Azrael_-: whats the issue
14:49 < Azrael_-> i've just set up a new openvpn-server and about to connect the first fix clients. i don't wether i should change the default openvpn-port to a random one so attackers can't easily recognize it as vpn server.... what's your opionion?
14:50 < Azrael> ahh
14:50 < Azrael> well
14:50 < Azrael> if you're usind udp then use the ta-key
14:50 < Azrael> that should take care of things
14:50 < Azrael> and you can leave as default
14:50 < Azrael_-> ta-key?
14:51 < Azrael_-> i'm running a tls enabled vpn
14:51 < Azrael> # For extra security beyond that provided
14:51 < Azrael> # by SSL/TLS, create an "HMAC firewall"
14:51 < Azrael> # to help block DoS attacks and UDP port flooding.
14:51 < Azrael> that stuff
14:51 < Azrael> the tls-auth section
14:52 < Azrael> if you are really worried, no harm in changing the port
14:52 < Azrael> security through obscurity is not security ... but it sure does help a little bit sometimes :-)
14:52 < Azrael_-> thanks, didn't know about the ta-key
14:52 < Azrael> sure thing
14:53 < Azrael> everybody ... Azrael_- and myself are actually the same person and we have multiple personality disorder.  flip back and forth between two workstations.  ;-) ;-)
14:53 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:57 < pushpop> hi is there anyway to hide the actual OpenVPN server ip address to clients.  Like have a a client connect through a proxy to the server.  excuse my ignorance
14:58 < BtbN> What would be the point of that?
14:58 < pushpop> clients do not know where the server is located
14:58 < pekster> To what end?
14:58 < pekster> And what do these "servers" do?
14:59 < pekster> !goal
14:59 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:59 < pushpop> yea
14:59 < BtbN> Great, instead clients know where the proxy is.
14:59 < pushpop> let me think out to write it out clearly
14:59 < pushpop> BtbN yes
14:59 < pekster> And if you do !redirect for instance, this is 100% stupid
14:59 < pekster> Again with !goal
15:00 < pushpop> OK will be more clear
15:00 < pushpop> thanks
15:01 < pushpop> OK I run Pfsense as my router.  I configured OpenVPN on it.  I wan't to have a tunnel from my seedbox to my openvpn server but I don't want the seedbox to know my actual IP
15:02 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:02 < pushpop> I'm thinking I need an external VPN
15:02 < pushpop> to mine
15:03 < pekster> Sounds like you're trying to break the law and not cause compromize of your illegal activities to lead back to you (which is also a bit silly.) You shouldn't be using a VPN at all since it's 100% authenticated. Read about tor hidden services maybey
15:03 < pekster> VPN is the wrong tool for your illegal activities
15:04 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 272 seconds]
15:04 < pushpop> thanks
15:04 < pushpop> but not doing anything illegal
15:04 < pushpop> just curious mostly
15:05 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
15:05 < pekster> If that's the story, sure (might be, might not. Doesn't change my answer.) Plus tor avoids (or at least reduces) the effect of traffic analysis here
15:09 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
15:09 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
15:09 -!- mode/#openvpn [+v s7r] by ChanServ
15:11 < Gizmokid2005> !welcome
15:11 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
15:11 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:12 < Gizmokid2005> sad that vpnHelper doesn't respond to PMs. I'd rather not spam the chan with getting the links. :/
15:15 < pekster> It mostly does (although its search feature sucks in PMs and might return incorrect results. Otherwise it works okay(
15:15 < pekster> start with: factoids whatis #openvpn welcome
15:15 < pekster> !privmsg
15:15 < Gizmokid2005> Ah, I meant the commands in the topic. vpnHelper definitely doesn't reply to those.
15:15 < pekster> Yes, it does
15:15 < pekster> What I just pasted is what you get from !welcome here
15:16 < pekster> Did you try it? I just did and can assure you it works
15:16 < Gizmokid2005> I just tried it
15:16 < Gizmokid2005> I'm getting nothing
15:16 < Gizmokid2005> I'm not +R (though he's id'd so that shouldn't matter)
15:16 -!- hikenboot [~hikenboot@2601:6:7000:5b00::6120] has joined #openvpn
15:17 < pekster> Hmm, bot could possibly have the "ignore unregistered users" flag, dunno
15:17 < Gizmokid2005> I'm not unreg'd either. I'm ID and auth'd with an active account
15:17 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:17 < pekster> Odd. More reasons this bot backend is tempremental :\
15:18 < Gizmokid2005> yeah *shrugs* no big deal. Just odd for sure.
15:18 < hikenboot> dazo_afk, I hear your the author of eurephia  can you message me so i can ask you some questions?
15:21 < hikenboot> dazo_afk, please message me a time during the week when your likely to be around, thanks
15:23 < Azrael_-> Azrael: :D
15:26 < Gizmokid2005> So I'm trying to setup an OpenVPN server on my box at home so I can vpn from public places and get to my network as well as route all traffic through it. I can connect to the VPN fine (currently disabled Fedora 21's firewall on the server for troubleshooting) and I can ping the server's VPN IP as well as the server's local network IP, but no other hosts on the local network respond.
15:26 < Gizmokid2005> server config: http://ur1.ca/jtmar -- client config (ovpn - Also on Fedora 21): http://ur1.ca/jtmb3
15:26 <@vpnHelper> Title: #191810 Fedora Project Pastebin (at ur1.ca)
15:26 < Gizmokid2005> I'm sure I'm missing something stupid and small...but I can't figure it out.
15:28 < pekster> Gizmokid2005: See !serverlan -- I'm guessing you don't have the return-route for the VPN handled on that LAN
15:28 < Gizmokid2005> !serverlan
15:28 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
15:30 < Gizmokid2005> Hmm, ip_forward setting was removed on reboot it seems...
15:31 < Gizmokid2005> !route
15:31 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
15:31 <@vpnHelper> client
15:32 < pekster> You couldn't reach the LAN-side IP of the server from a client without routing enabled
15:33 < Gizmokid2005> In my current config I can. I just can't reach any other clients on the LAN-side
15:33 < pekster> Then routing being enabled isn't the issue. What did you learn from evaluating the return-route?
15:34 < pekster> Is the LAN's default gateway the VPN server (same box)? If not, did you evaluate its routing and firewall setup?
15:45 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
15:49 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
15:50 < Gizmokid2005> pekster: I'm not sure what you mean by evaluating the return-route. The default gateway on the local network is the router (.10.1)
15:50 < pekster> Is that the VPN server?
15:50 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
15:50 < Gizmokid2005> the vpn server is an actual box (.10.250).
15:51 < pekster> So why didn't you finish the flowchart?
15:51 < pekster> Did you get stuck or confused?
15:52 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 240 seconds]
15:53 < Gizmokid2005> I think it's understanding what to do in adding a route to the router. It's running dd-wrt but I'm not certain where to look.
15:53 < Gizmokid2005> I got sidetracked by the other links from !route
15:53 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 256 seconds]
15:54 < pekster> You'll need to be able to do basic routing and firewall configuration of your router to finish this; you should consult the distro docs for your platform for specifics
15:55 < Gizmokid2005> I'm certain that DD-WRT can do it
15:56 < pekster> I'd guess so too, but I've no clue how as I avoid horrible routing products
15:56 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
15:56 < Gizmokid2005> DD-WRT's built-in VPN support is overly complex which is why I decided to set this up on another box, but this is quickly turning into much of the same.
15:57 < pekster> OpenVPN is just a router: it's up to you to configure the rest of your network's routers and firewalls to inter-operate with it (same as with any router: if you buy a Cisco it requires the rest of your infra be configured to support it)
15:57 < Gizmokid2005> Right
15:58 < pekster> Right now you have VPN Client (C) -> VPN Server (S) -> Target-Host (T), but then things go bad when (T) -> LAN Gateway (G) -> [ISP] -> {INTERNET}
15:58 < Gizmokid2005> or when T isn't the LAN IP of S
15:58 < pekster> Right. (S) has routes alraedy
15:58 < pekster> Heither H or G do
15:59 < pekster> (hence the problem)
16:01 < pekster> Or, T & G, rather..
16:01 < Gizmokid2005> I figured that's what you meant :)
16:08 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
16:18 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-pkmgjqfwqqyaucxq] has quit [Quit: YourBNC - (https://yourbnc.co.uk)]
16:19 < Gizmokid2005> pekster: so, adding an iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE didn't help...or maybe it did? It still didn't work until I added an iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o p8p1 -j MASQUERADE to (S)
16:20 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-idlmtwcpgmavmzed] has joined #openvpn
16:20 < Gizmokid2005> Oh, I mean the first iptables was run on the router. Not sure how I didn't specify that.
16:20 < pekster> Why on earth would you NAT between RFC1918 you control?
16:20 < pekster> Do you control both the VPN server and the router? If so, NAT is very unwize here, and will break bi-directional communication potential
16:20 < pekster> unwise*
16:21 < Gizmokid2005> I do. It seems the nat on the server is what forced things to work.
16:21 < Gizmokid2005> I'm removing the router's nat now
16:21 < pekster> Better to fix your broken routing
16:21 < Gizmokid2005> Looking again at the source for that command it was because the information I was using was from someone using DD-WRT as the VPN Server rather than another box.
16:21 <@krzee> pekster, when you banned hyper_ch i dont think you read the whole conversation, he wasnt even recommending 8k keysize
16:21 < pekster> Your issue isn't NAT or the VPN, but inability to correctly configure your routers. Literally all you need is a router on your LAN-gateway to reach the VPN network range via its IP on the LAN, plus a firewall permitting it
16:22 < pekster> krzee: Yes, I noticed. His script sucked, and he's not banned anymore
16:22 < pekster> krzee: I warned him it would probably happen anyway, but naturally when I'm on an /ignore it goes unnoticed, so screw it
16:23 < pekster> His/her script has security problems, but being deaf to any problems and with no response (s)he got 24h to correct that
16:23 <@krzee> that what would probably happen anyway? what was his script doing?
16:23 <@krzee> all i saw was you saying not to recommend 8k keysize, didnt see anything regarding a script
16:24 < pekster> assuming everyone else wants his (rather bad) client configuration (--persist-* options, plus some other bogus junk) and worst was not setting umask right, making it world-readable on most systems
16:24 < pekster> "read all the keys" is bad security, and it's been given as "the solution" to several folks. Plus he was a small asshat to users telling them they were ignore requests for configs after they posted them. Meh
16:24 -!- sleepypc is now known as `hypermist`
16:25 < pekster> Been a pattern of shitty behavior for several weeks, no reply to my warnings, so 24h ban. That's gone, and I'm happy to fix the problems, if OP is going to stop being a net negative here
16:25  * pekster points to /mode here
16:25 < pekster> See the akick list too
16:25 <@krzee> ya i just saw what you said you banned him for when you banned him
16:25 <@krzee> but its irrelevant at this point anyways =]
16:26 < pekster> Apparently
16:26 < pekster> Oh, and auto-rejoin sucks too :P
16:26 <@krzee> i use those settings, pls dont try to ban me
16:26 <@krzee> :-p
16:26 < pekster> Well, you also listen :P
16:26 < pekster> Gotta start trolling and being a nusance here first ;)
16:27 <@krzee> !tell pekster *troll*troll*troll*
16:27 <@krzee> :D
16:27 < pekster> heh
16:28 <@krzee> ok ok im bored on an airplane =]
16:28 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Excess Flood]
16:29 < pekster> Also, <3 akick lists. The auto-undo of bans is pretty slick, actually
16:29 <@krzee> ya i found that pretty cool
16:29 <@krzee> that was a freenode setting?
16:30 < pekster> chanserv feature, ya
16:30 < pekster> basicaly auto-kickban with reason and optional timeout
16:30 <+esde> krzee, start unbuttoning your shirt and speaking in tongues
16:31 <+esde> your flight will get more exciting very quickly
16:31 <@krzee> well the free in-flight internet was pretty cool
16:31 <@krzee> was/is
16:32 <+esde> what kind of speed? curious what a speed test shows :)
16:32 <@krzee> dunno but they dont block vpn
16:32 <+esde> smart
16:33 <@krzee> i guess i can try a speedtest
16:33 <@krzee> i wish it luck finding a server "near" me
16:33 <@krzee> haha
16:34  * pekster just mentally reads that as "near m[y] PoP"
16:35 <@krzee> "near where you wanted us to think you are"
16:36 <@krzee> speedtest wont run, lemme run it over a vpn
16:36 <@krzee> i should note im not paying for the access that would let me download big files and such
16:36 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:36 <@krzee> im taking the free access thats made for web / email / basic stuff
16:37 < Gizmokid2005> krzee: I don't think I've ever had *free* in-flight wifi.
16:37 <+esde> me either
16:37 <@krzee> i fly very often, it is not very common
16:37 <@krzee> jetblue seems to be betatesting their system
16:37 <+esde> i've always managed to find a promo, but it's always been paid only on any flight iv'e seen it on
16:38 < pekster> Another reason to switch to git: you can code, commit, branch, and review history offline ;)
16:38 <@krzee> is there people still on cvs/svn?
16:39 < pekster> cvs at least doesn't have the performance overhead svn does, but yes, both are still in use places
16:41 <@krzee> .6 down .4 up, the download started looking like .2 but slowly and steadily rose to .6
16:42 < pekster> Oh, and I can assure you downloading tends of thousands of svn-revs from upstream mirrors can get fun (IIRC that took a few iterations due to timeouts, and something like 26 hours)
16:42 < pekster> tens*
16:43 <+esde> hell yeah, especially for free
16:43 <@krzee> i cant wait to feel my new 100mbit connection at home
16:43 < pekster> The literature actually mentions that larger installations of svn might not even be able to do a full remote sync (at all, ever) and need to load it via side-channels
16:43 < pekster> read: millions of revs
16:43 < pekster> Just bad design. It's bloated, slow, inefficient (both at storage and common operations) and for all the bloat can't even give you full history offline
16:44 <@krzee> esde, hah ya thats right it basically was free!
16:44 <@krzee> i actually SAVED some $ by going from 20mbit to 100mbit
16:44 <@krzee> gotta love competition!'
16:44 <+esde> i still cant enjoy my 100Mbit connection until i upgrade my hardware on both ends :( ~40-50Mb is my max
16:44 <@krzee> wifi g?
16:44 <+esde> wired
16:44 <@krzee> wtf?
16:44 <+esde> vpn
16:45 <@krzee> ahh
16:45 <@krzee> well ya im sure i wont get my 100mbit over vpn
16:45 <+esde> the vps im using is using all of its available cpu
16:45 < pekster> needs more aes-ni
16:45 <+esde> riiiiiight
16:45 <@krzee> but for things like streaming on kodi, torrents, etc which i dont tunnel, it'll be sweet
16:46 <+esde> aaand i cant torrent until i get my euro dedi
16:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:46 <+esde> comcast tends to bitch about it from what i've heard
16:46 <@krzee> must be fun living in usa
16:46 <@krzee> ;]
16:46  * esde holds up his toy flag
16:47 < pekster> I used to seed reasonably, but always adjusted it to send faster off-peak-hours
16:48 < pekster> No issues, but I'd never exceed 1 Mbps except for late/early at night
16:51 < pushpop> pekster you torrent - you don't seem like the type
16:52 <+esde> Only legal linux iso's im sure
16:52 <+esde> :P
16:52 < pushpop> heh
16:52 < pushpop> +esde are you in the states
16:53 <+esde> si'
16:53 < pushpop> staten island?
16:53 <+esde> nein
16:54 < pekster> There's plenty of content you don't need to steal from. Best part: I don't need to use "authenticated" methods to "hide" myself (do think about that for a moment)
16:54 < pushpop> yes, so your downloading linux iso's
16:54 < pushpop> nein?
16:55 < pekster> Among other things. There've been a number of legal projects that include hours of music, entire feature-length films, etc
16:55 < pekster> You won't find Disney, but honestly why steal if you don't thin it's worth paying for? You're going so far as admitting it has value when you do that, which is ironic after asserting it's not worth paying for
16:56 < pushpop> true indeed
16:56  * pekster does chuckle over people thinking using authenticated connectiosn to and endpoint is protection though. No clue what people think happens when enough angry men with guns $wherever demand things be reconfigured
16:57 < pekster> If you think the people you pay $5/mo (or whatever) are going to risk jail time (or worse, if $angry_men_with_guns are not wonderful people), they're not paying any attention at all
16:57 < pekster> But hey, I welcome busts that nail people doing stupid things in stupid ways; Darwinism works in many ways :P
16:57 < pushpop> your entirely right about that.
16:58 < pushpop> can't argue that
17:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:07 < pekster> Speaking of authentication: https://trac.torproject.org/projects/tor/ticket/15045
17:07 <@vpnHelper> Title: #15045 (Stress importance of checking 63fee659 signature on new signing key) – Tor Bug Tracker & Wiki (at trac.torproject.org)
17:09 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 245 seconds]
17:10 < pushpop> tor is compromised
17:13  * pekster makes popcorn for the FUD-train
17:14  * esde gets the sour-patch kids
17:17 < pekster> Also, "side channel attacks" != compromised. That, or every CPU ever sold on the planet is compromised, which is an insane notion. https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting . Of course, this assumes you're actually interested in reading more on the topic (some of the linked research papers are valuable reading)
17:18 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
17:20 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
17:40 <@krzee> lol pushpop you did a channel search for topics related to vpns?
17:40 < pushpop> i did
17:40 < pushpop> =D
17:40 <@krzee> :D
17:41 < pushpop> were you in one of those wierd channels I joined
17:41 <@krzee> yep
17:42 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Excess Flood]
17:42 <@krzee> you came in, said "cheap vpn accounts" and left
17:42 <@krzee> haha
17:42 < pushpop> lol
17:42 < pushpop> just bored
17:42 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
17:46 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:05 -!- `hypermist` is now known as sleepypc
18:17 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:31 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
18:31 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
18:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
18:36 -!- sleepypc is now known as `hypermist`
18:37 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
18:38 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 276 seconds]
18:41 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
18:43 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
19:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
19:35 -!- pushpop [~marc@unaffiliated/pushpop] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:36 -!- pushpop [~marc@unaffiliated/pushpop] has joined #openvpn
19:49 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
19:58 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
20:04 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 272 seconds]
20:53 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
21:13 -!- u0m3 [~u0m3@109.96.158.146] has quit [Ping timeout: 264 seconds]
21:14 -!- pushpop [~marc@unaffiliated/pushpop] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
21:32 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
21:38 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
21:53 -!- `hypermist` is now known as sleepypc
21:59 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:00 -!- sleepypc is now known as `hypermist`
22:09 -!- `hypermist` is now known as hypermist
22:10 -!- hypermist is now known as `hypermist`
22:22 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
22:24 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Remote host closed the connection]
22:26 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
22:28 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:02 -!- `hypermist` is now known as sleepypc
23:02 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
23:11 -!- sleepypc is now known as `hypermist`
23:12 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:14 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
23:22 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: No Ping reply in 180 seconds.]
23:23 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 250 seconds]
23:30 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
23:31 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
--- Day changed Sun Mar 01 2015
00:00 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
00:03 -!- ShadniX [dagger@p5DDFE23D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:04 -!- ShadniX [dagger@p5DDFEBD6.dip0.t-ipconnect.de] has joined #openvpn
00:06 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
00:18 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Remote host closed the connection]
00:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
00:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:00 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
01:01 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:10 -!- adaptr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 246 seconds]
01:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
01:11 -!- adaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
01:15 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
01:26 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
01:29 -!- cagedwisdom [~X@124-170-138-222.dyn.iinet.net.au] has joined #openvpn
01:52 < leo2007> could someone explain auth, cipher and tls-cipher?
01:58 < unicodesnowman> leo2007, this channel is dead sorry
02:02 < pekster> how un-helpful of an answer. 2/10 for trolling: improvement needed
02:03 < pekster> leo2007: On a more useful note, auth is the per-packet signature algorithm used, cipher is the symmetric data cipher used to encrypt data traffic, and tls-cipher is the traditional list of ciphers that are allowed to be used during TLS negotation
02:04 < leo2007> pekster: thanks.
02:08 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
02:12 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
02:13 < leo2007> should I place 'mode server' in the server config?
02:13 < pekster> That's required to act as a TLS server, though implied by --server (if you're using that helper-directive already)
02:14 < pekster> A server can also operate in --mode p2p, making it one of 2 peers in PSK, non-TLS setup
02:15 < leo2007> ok, thank you.
02:16 < leo2007> what is the solution to `bad source address from client'? at the moment I am using the `iroute' as suggested on the website. but that doesn't help if the client is mobile in different subnets.
02:17 < leo2007> the tunnelblink app on osx produces tons of log entries if no correct iroute setting.
02:17 < pekster> Don't use --iroute unless you actually wish to accept traffic sourced from a client-LAN. Unless you've expected to route from a network behind the client, the most common cause of that error are clients making poor source address select choices
02:18 < pekster> You can ignore those warnings in that case, and newer versions (I think that's in 2.3.6, but maybe that's still just in the development codebase) don't even print the error for link-local address space
02:18 < leo2007> my lan is in 192.168.x.x my vpn subnet is 10.0.x.x so there is no conflict.
02:18 < pekster> It's not a conflict so much as "the client should never send traffic from the LAN address to the VPN" kind of thing
02:18 < pekster> Again, don't add an --iroute unless you _want_ to route to that LAN. And if you do, read the flowchart and info at !clientlan to make that actually work
02:19 < leo2007> I see. thanks.
02:19 < pekster> Otherwise just ignore the log warnings, or fix the client's bad use of a bogus IP on the VPN (it's usually a malfunctioning application generating the traffic, and tcpdump might give you clues on that)
02:20 < leo2007> it seems tunnelblink is the only client that produces excessive such warnings.
02:20 < leo2007> on the sever.
02:20 < pekster> Windows does it frequently too, as a client
02:21 < pekster> fwiw, once your VPN is working and you don't need such verbose logs, decresing to log-level 3 (or lower) will hide those messages
02:22 < leo2007> I have verb set to 4
02:22 < leo2007> at the moment
02:23 < pekster> Right, and 4 (or sometimes 5) are good for identifying issues or verifying correct operation
02:23 < pekster> 3 can be useful to reduce excess noise if you don't need that extra info. More info:
02:23 < pekster> !verb
02:23 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only
02:24 < pekster> !forget verb 3
02:24 <@vpnHelper> Joo got it.
02:24 < pekster> !learn verb as Anything more than 5 is for developer debugging only (special debug build needed)
02:24 <@vpnHelper> Joo got it.
02:24 < leo2007> !verb
02:24 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only (special debug build needed)
02:25 < leo2007> ok, I am changing verb to 3
02:26 < pekster> 3 can be nice for "things are working and I don't need the extra noise in my logs" level. You can always bump it up again if you need to troubleshoot something
02:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:27 < leo2007> indeed
02:30 < unicodesnowman> How can I limit a user to a certain number of concurrent connections?
03:15 -!- cagedwisdom [~X@124-170-138-222.dyn.iinet.net.au] has quit [Ping timeout: 252 seconds]
03:22 < leo2007> pekster: I want to have a fallback in case of restrictive internconnect. is it necessary to stunnel or is openvpn capable of camouflage as https?
03:22 < leo2007> s/internconnect/internet/
03:50 -!- `hypermist` is now known as hypermistbot
03:50 -!- hypermistbot [hypermist@unaffiliated/hypermist] has quit [Changing host]
03:50 -!- hypermistbot [hypermist@unaffiliated/hypermist/bot/hypermistbot] has joined #openvpn
03:51 -!- hypermistbot is now known as extrememist
03:51 -!- extrememist is now known as `hypermist`
03:51 -!- `hypermist` [hypermist@unaffiliated/hypermist/bot/hypermistbot] has quit [Changing host]
03:51 -!- `hypermist` [hypermist@unaffiliated/hypermist] has joined #openvpn
03:56 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
04:07 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:45 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:54 < leo2007> !route
04:54 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
04:54 <@vpnHelper> client
04:59 < leo2007> after connection, the client cannot ping the vpn gateway, where is the problem?
05:13 -!- mattock_afk is now known as mattock
05:18 -!- mattock [~mattock@openvpn/corp/admin/mattock] has left #openvpn []
05:21 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
05:31 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:52 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 250 seconds]
05:59 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:17 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:32 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 246 seconds]
06:57 -!- pailaps [~pailaps@nyc.lovesexmoney.info] has left #openvpn ["Leaving"]
07:08 -!- tristan_c [~tristan_c@81.141.92.189] has joined #openvpn
07:40 -!- vegardx [~vegardx@176.111.205.230] has joined #openvpn
07:41 < vegardx> When you specify UDP as proto on the server and client there is nothing going over TCP right?
07:41 < vegardx> Seems like a bug in my firewall, as it won't allow TLS handshake unless I accept both UDP and TCP.
07:41 < vegardx> And even stranger, the same config with inline certs works on one client, but another client gets TLS handshake failure.
07:45 < unicodesnowman> <unicodesnowman> How can I limit a user to a certain number of concurrent connections?
07:46 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
07:48 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 276 seconds]
07:51 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-idlmtwcpgmavmzed] has quit [Ping timeout: 246 seconds]
09:07 -!- Exagone313 [~exa@elou.world] has joined #openvpn
09:14 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-zuhlougxgowagxvj] has joined #openvpn
09:23 -!- Exagone313 [~exa@elou.world] has quit [Ping timeout: 265 seconds]
09:52 -!- Exagone313 [~exa@elou.world] has joined #openvpn
09:55 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has quit [Remote host closed the connection]
10:13 -!- tristan_c [~tristan_c@81.141.92.189] has quit []
10:16 -!- Exagone313 [~exa@elou.world] has quit [Ping timeout: 246 seconds]
10:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:18 -!- Exagone313 [~exa@elou.world] has joined #openvpn
10:38 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-zuhlougxgowagxvj] has quit [Ping timeout: 264 seconds]
10:42 -!- unaM [~unaM@fullpower.lacavernedemanu.fr] has joined #openvpn
11:12 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-ajpjqzenznkacxsi] has joined #openvpn
11:27  * ecrist waves
11:27 <@ecrist> hello folks
11:35 -!- grosjean [~grosjean@unaffiliated/grosjean] has left #openvpn ["WeeChat 1.1-dev"]
12:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
12:16 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
12:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:47 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
12:56 -!- Daily [~Daily@loldaily.pw] has joined #openvpn
12:57 < Daily> Hey! I'm using a VPN for good practices, but I also play games on the side; is there any way using the admin GUI to exclude certain protocols/ports?
13:40 -!- Exagone313 [~exa@elou.world] has quit [Quit: see ya!]
13:40 -!- Exagone313 [exa@elou.world] has joined #openvpn
13:46 -!- pushpop [~marc@unaffiliated/pushpop] has joined #openvpn
13:51 -!- pushpop [~marc@unaffiliated/pushpop] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
13:56 < rob0> there is no admin gui
13:57 < rob0> !as
13:57 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
14:00 < Daily> ah, okay thanks rob0.
14:06 -!- germanstudent [6d5ae8bb@gateway/web/freenode/ip.109.90.232.187] has joined #openvpn
14:09 < germanstudent> I'm new to OpenVPN as a client with Linux (Ubuntu 14.04). I can establish the connection, but my real IPv6 address is still public, that doesn't happen with the official Windows client. How can I disable this?
14:09 -!- tristan_c [~tristan_c@81.141.92.189] has joined #openvpn
14:11 < tristan_c> Which hardware would I get better throughput over an OpenVPN connect; a raspberryPi or TP-Link MR3020?
14:11 < Eugene> Two tin cans and a string.
14:12 < tristan_c> ho ho. Never underestimate the bandwidth of a truck load of tapes racing down a highway etc...
14:14 < germanstudent> Does anyone know what's the difference between linux and Windows handling IPv4 and IPv6 addresses?
14:15 < Azrael_-> germanstudent: imho the ip is assigned by the server-side, you can't influence it from the client side
14:17 < Azrael_-> thus windows/linux should be irellevant
14:17 < Eugene> Both of those devices are ARM based crap. You might get a coupla mbps
14:17 < germanstudent> Azrael_-: the problem is, my internet provider just gives me an IPv6 address (carrier grade NAT). When I connect through linux my real IPv6 address still communicates with services
14:18 < Eugene> Best I can say is try it
14:18 < Azrael_-> germanstudent: the problem is not the ip but the routing, check the routes, i'm not really good at that part myself
14:19 < germanstudent> Azrael_-: okay. thanks
14:19 < tristan_c> Eugene: That's what I'm seeing. ~2mbps on the Pi. Hoping the MR3020 would give better throughput having an ethernet controller.
14:20 < tristan_c> Also, I'm not using encryption, so hope there's no CPU bottleneck.
14:25 -!- germanstudent [6d5ae8bb@gateway/web/freenode/ip.109.90.232.187] has quit [Quit: Page closed]
14:36 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
15:00 -!- pushpop [~marc@unaffiliated/pushpop] has joined #openvpn
15:06 -!- pushpop [~marc@unaffiliated/pushpop] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
15:07 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
15:08 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
15:09 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 245 seconds]
15:11 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
15:17 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:26 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:42 -!- tristan_c [~tristan_c@81.141.92.189] has quit []
15:45 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:48 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:6cb5:2b3c:5b29:b20] has joined #openvpn
15:48 < wiflix> n'evening
15:49 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
15:49 < wiflix> i am using --auth-user-pass-verify  to verify my users. is there some script run regulary throughout the session?
15:50 <@ecrist> no
15:51 <@ecrist> what are you trying to do?
15:51 < wiflix> i wanna disconnect my user as soon as his session expires :)
15:52 <@ecrist> how are you determining when his session expires?
15:52 < wiflix> there is a "valid_to" timestamp in the couchDB ...
15:52 < wiflix> i check for validity in the beginning, but see no possibility to check in the session ...
15:52 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 265 seconds]
15:53 <@ecrist> you need to run a cron job
15:53 <@ecrist> then that cron job can connect to the management interface and kill the user session
15:53 < wiflix> uh ... okey
15:53 <@ecrist> you sound confused
15:54 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Quit: Leaving]
15:55 < wiflix> not too much ... i know about the interface, i just thought there would be some script run regulary :) like freeradius gets updated mid-session
15:56 <@ecrist> nope
15:56 < wiflix> too bad ... ok, thanks a bunch
15:56 <@ecrist> would be a fairly easy thing to employ
15:56 <@ecrist> you could write a feature request, or even the patch itself, and send it in
15:58 < pekster> wiflix: You might also consider simply reducing the TLS renegotiation window to an acceptable window to check user validity (though I probably wouldn't reduce that to more than once every 15 minutes or so, but you could in theory.) All auth scripts run again, so presuming you check against your DB as part of your normal auth scripts, it'll reject an expired session
15:59 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
15:59 < wiflix> using --tls-verify ?
15:59 < wiflix> my window is already pretty small :)
16:00 < pekster> The rekey is adjusted by --reneg-sec, but --auth-user-pass-verify is executed on each re-negotiation (which is why handling OTP requires you only validate it on the first such connect when using that as the auth means)
16:01 < wiflix> lol
16:01 < wiflix> yeah, just seeing it in the logs
16:01 < wiflix> rhanks a bunch :D
16:01 < wiflix> so it's already happening
16:01 < pekster> Every hour, but only if you check session validity each hour
16:01 < wiflix> Mar  1 22:36:07 vpn-de-01 ovpn-udp[3332]: TLS: Username/Password authentication succeeded
16:01 < wiflix> Mar  1 22:56:07 vpn-de-01 ovpn-udp[3332]: TLS: Username/Password authentication succeeded
16:01 < pekster> Ah, using that hook I take it? Then yea, do nothing and it'll continue checking on each re-key
16:01 < wiflix> so it's a non-problem ...
16:02 < wiflix> ok, it's confusing :) it's called client-connect ... the client is already connected
16:02 < pekster> IIRC --client-connect is only executed once per connection
16:02 < pekster> It's --auth-user-pass-verify that's checked each time (and what that log message is telling you about)
16:03 < pekster> You can bump up to --verb 4 to see the script call itself
16:03 < wiflix> ah ... ouh boy :) long day ... thanks a bunch
16:03 < pekster> You can also see:
16:03 < pekster> !scripts
16:03 <@vpnHelper> "scripts" is "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
16:03 < pekster> (handy reference)
16:17 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Quit: Leaving]
16:19 -!- unaM [~unaM@fullpower.lacavernedemanu.fr] has quit [Quit: unaM]
16:25 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
16:29 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Read error: Connection reset by peer]
16:30 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:6cb5:2b3c:5b29:b20] has quit [Remote host closed the connection]
16:35 -!- Daily [~Daily@loldaily.pw] has quit [Ping timeout: 256 seconds]
16:36 -!- u0m3 [~u0m3@109.96.158.146] has joined #openvpn
16:41 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
16:49 -!- mojibake [~Thunderbi@unaffiliated/mojibake] has joined #openvpn
16:50 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has left #openvpn []
16:50 < mojibake> Installed openvpn on raspbeerypi(arch). I can't seem to get openvpn@client.service to execute route-up script when service comes up. openvpn client service starts fine, but not executing the route-up script.
16:50 < mojibake> I have
16:50 < mojibake> script-security 2
16:50 < mojibake> route-up "/etc/openvpn/route-up.sh"
16:50 < mojibake> in the client.conf. The script itself is fine if I execute by hand.
16:58 < happytoo> esde
16:59 < happytoo> esde: which build of openwrt are you using on your old desktop?
16:59 <+esde> dd-wrt on the wap, pfsense as the firewall
17:07 -!- pushpop [~marc@unaffiliated/pushpop] has joined #openvpn
17:07 -!- u0m3 [~u0m3@109.96.158.146] has quit [Ping timeout: 255 seconds]
17:11 -!- pushpop [~marc@unaffiliated/pushpop] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
17:14 < happytoo> esde: if i am going to run wireless over physical routers behind the "desktop turned wired router", then would i only be installing pfsense on the desktop?
17:15 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has joined #openvpn
17:16 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:19 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
17:20 < vegardx> wat
17:21 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
17:27 -!- u0m3 [~u0m3@109.96.158.146] has joined #openvpn
17:35 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
17:35 -!- BtbN [btbn@btbn.de] has joined #openvpn
17:38 -!- Irssi: #openvpn: Total of 213 nicks [6 ops, 0 halfops, 2 voices, 205 normal]
17:46 -!- tristan_c [~tristan_c@81.141.92.189] has joined #openvpn
18:00 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Quit: Leaving.]
18:05 -!- tristan_c [~tristan_c@81.141.92.189] has quit []
18:06 -!- GoldenGlovez [~GG@78.129.218.25] has quit [Ping timeout: 250 seconds]
18:09 -!- GoldenGlovez [~GG@78.129.218.25] has joined #openvpn
18:11 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
18:14 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
18:16 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
18:28 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:32 -!- mojibake [~Thunderbi@unaffiliated/mojibake] has quit [Quit: mojibake]
18:48 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
18:50 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 255 seconds]
18:59 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
19:14 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
19:16 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has quit [Quit: Leaving]
19:16 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has joined #openvpn
19:18 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Quit: Leaving.]
19:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
19:22 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has quit [Quit: Leaving]
19:24 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has joined #openvpn
19:26 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has quit [Client Quit]
19:26 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has joined #openvpn
19:27 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
19:30 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has quit [Client Quit]
19:33 -!- nocturn [~nocturn@unaffiliated/nocturn] has quit [Ping timeout: 244 seconds]
19:39 -!- nocturn [~nocturn@unaffiliated/nocturn] has joined #openvpn
20:09 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
20:09 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
20:45 -!- nicety [nicety@nicety.tk] has quit [K-Lined]
20:54 -!- saf1 [~sfn@41.141.60.32] has joined #openvpn
20:58 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
20:58 < saf1> Hi, some freevpn service provide a openvpn config file to clients that include a crt and key, is it safe that they expose the key to public like this? is the tunneling stil save?
21:01 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 252 seconds]
21:02 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:02 < saf1> is my question clear?
21:03 -!- badon_ is now known as badon
21:04 -!- saf1 [~sfn@41.141.60.32] has left #openvpn []
21:12 < Eugene> They really aren't, no.
21:14 < pekster> At the very least this is called "key escrow" where the key is generated by a 3rd party and provided to you. Even if it was done "correctly" it means they and you have the private key (this isn't how proper X.509 works -- it's "supposed" to be that only you have the key, and you give your CA a CSR to sign)
21:14 < pekster> Read !intro-to-pki for an introduction to the real way of doing things. "VPN proxies" are a bit like the low-end VPS market: they're both a dime a dozen, and tend to be pretty clueless overall
21:15 < Eugene> But at least its cheap!
21:43 -!- saf1 [~sfn@41.141.60.32] has joined #openvpn
21:48 -!- saf1 [~sfn@41.141.60.32] has quit [Ping timeout: 272 seconds]
22:07 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 252 seconds]
22:20 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
22:21 < Mutantx> !paste
22:21 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
22:22 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 240 seconds]
22:30 < Mutantx> I'm dealing with some painfully slow OPENVPn speeds. Any suggestions? Client can connect but is limited to less than 500kbps..
22:37 <+esde> !welcome
22:37 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
22:37 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
22:37 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
22:37 <+esde> !bottleneck
22:37 <@vpnHelper> "bottleneck" is (#1) OpenVPN uses userland crypto unless you have HW accel available (as shown with `openvpn --show-engines`.) This means the CPU is frequently the performance bottleneck; remember that OVPN is single-threaded or (#2) See also: !gigabit for ideas on advanced performance tuning options
22:39 < Mutantx> Here are my config files: https://gist.github.com/Mutantx/7d3dcb6e26f1faf778b9    |    https://gist.github.com/Mutantx/0d0d09604eb878448c37
22:39 <@vpnHelper> Title: gist:7d3dcb6e26f1faf778b9 (at gist.github.com)
22:40 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Remote host closed the connection]
22:40 < Mutantx> I've had isues with UDP only using TCP in uploaded config since some indicated improvement in speeds
22:41 < rob0> Captain, that is illogical.
22:41 < Mutantx> At this point if there is a chance of success I'll try it
22:46 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 245 seconds]
22:47 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
22:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
22:54 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
23:03 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Remote host closed the connection]
23:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:11 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
23:32 < unicodesnowman> How can I limit the number of concurrent connections per user?
23:39 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
23:57 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
--- Day changed Mon Mar 02 2015
00:02 -!- ShadniX [dagger@p5DDFEBD6.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:03 -!- ShadniX [dagger@p5DDFE2E6.dip0.t-ipconnect.de] has joined #openvpn
00:04 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
00:05 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
00:09 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Remote host closed the connection]
00:46 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 245 seconds]
00:47 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
00:56 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 252 seconds]
01:08 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:10 -!- u0m3 [~u0m3@109.96.158.146] has quit [Ping timeout: 246 seconds]
01:24 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:45 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
01:45 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has joined #openvpn
01:50 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
01:51 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:54 -!- deranged [Bit@lolnerd.net] has quit [Ping timeout: 252 seconds]
01:57 -!- deranged [Bit@lolnerd.net] has joined #openvpn
01:59 -!- elliotdenk [~elliotden@ip-109-91-237-192.hsi12.unitymediagroup.de] has quit [Ping timeout: 256 seconds]
02:15 -!- tristan_c [~tristan_c@81.141.92.189] has joined #openvpn
02:19 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:20 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
02:31 -!- flyingkiwi [~flyingkiw@nat.hamburg.contentfleet.com] has joined #openvpn
02:43 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:43 -!- mode/#openvpn [+o mattock] by ChanServ
02:54 -!- snooops is now known as sloth
02:54 -!- sloth is now known as snooops
02:56 -!- snooops is now known as slothrobot
02:56 -!- slothrobot is now known as snooops
03:04 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
03:12 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
03:17 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
03:18 < leo2007> my office has udp disabled. though I can use the tcp connection the performance is very bad i.e. far worse than using the ssh socks proxy.
03:20 < leo2007> so I am considering using openvpn+stunnel. so now the client can connect (authorised successfully) but it can not ping the vpn gateway. note the vpn gateway works nicely without stunnel.
03:21 < leo2007> can someone help me debug this problem? thanks.
03:21 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
03:22 < leo2007> on the server I have openvpn running on 1194/udp and 1194/tcp and have stunnel listen on 443 and connect to 1194
03:22 < leo2007> 1194/udp 1194/tcp and 433/tcp are open to public.
03:23 < leo2007> help?
03:35 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
03:37 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
03:37 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
03:38 -!- dazo_afk is now known as dazo
03:39 <@dazo> hikenboot: Yes, I'm the author of eurephia ... I'm curious what you're wondering about :)
03:45 < unicodesnowman> How can I limit the number of concurrent connections per user?
03:49 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
03:49 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:51 <@dazo> unicodesnowman: you probably want to add a --client-connect script which checks the tls_digest_0 env. variable against a tracking database ... and then a --client-disconnect script which updates the tracking database .... when too many connections happens, the --client-connect script can return a failure - which will reject the client
03:52 < unicodesnowman> dazo, thank you!
04:05 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has joined #openvpn
04:09 < tristan_c> OpenVPN on a VPS question: I want to use OpenVPN to get around CGNAT. I have 1 NIC on a VPS and 1 public IP. The client will be an openWRT router with LAN-connected devices. How do I access the VPS once the VPN is up if all traffic is forwarded to the client (the router)? i.e, ssh user@server.ip would surely go to the router, not the server?
04:20 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
04:21 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
04:23 < flyingkiwi> tristan_c, just add an exception for port 22
04:24 < tristan_c> flyingkiwi: ahh, so on the server alter the IP tables?
04:25 < tristan_c> This is such a basic question but I am struggling to find a solution
04:25 < flyingkiwi> correct
04:26 < flyingkiwi> you've something like "-t nat -A PREROUTING -d vps.ip.addr.ess -j DNAT ovpn.router.add.ress", right?
04:26 < flyingkiwi> + --to-destination
04:28 < tristan_c> The issue is I'm trying to replicate the service I have with StrongVPN on my own VPS - as I couldn't work out how to do this I've held off configuring it incase I got shut out of the server... The VPN client sits on a 4G connected router and I am having major issues keeping the connection live, so if my only access would have been through that I would be stuck.
04:29 -!- snooops is now known as sloff
04:29 -!- sloff is now known as snooops
04:29 < tristan_c> I guess that I could use a high random port number and use that on the router for direct ssh access?
04:48 < tristan_c> so something like this for the server to be reachable on port 22: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination vps.ip.addr.ess:22
04:49 < tristan_c> And this for the router with dropbear listening on 54321: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 54321 -j DNAT --to-destination ovpn.router.add.ress:54321
04:50 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
04:50 < tristan_c> and by extension, and web service running on the server should still work with iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination vps.ip.addr.ess:80
04:50 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
04:52 -!- `hypermist` is now known as willysaurus
04:52 -!- willysaurus is now known as `hypermist`
05:10 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
05:10 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
05:45 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
05:47 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
06:00 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has quit [Remote host closed the connection]
06:00 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has joined #openvpn
06:00 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
06:02 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
06:14 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:32 -!- rkhunter [~rkhunter@gateway/vpn/privateinternetaccess/rkhunter] has joined #openvpn
06:32 < rkhunter> hey
06:32 < rkhunter> I have a problem
06:33 < rkhunter> a VPN provider says they support OpenVPN connections at 3-4 ports on UDP and that they actually have AES-256-CBC support
06:33 < rkhunter> also it connects fully
06:33 < rkhunter> but no internet
06:36 < hikenboot> moring daz0 I am curious as to whether eurethia works with openvpn-as. IT seems to be installed but the directions don't match up with the directories and paths that exist (some do exist but are not populated)
06:45 < hikenboot> s/moring/morning
06:51 < hikenboot> too early in the morning that as for dazo not daz0, sorry for the typo
06:53 <@dazo> hikenboot: hmm ... good question!  I know openvpn-as has their own authentication stuff going on ... the core openvpn binary in openvpn-as should work with eurephia, but I don't know if config files will will overwritten by the openvpn-as management tools and such
06:58 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
07:02 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
07:02 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
07:03 -!- mattock is now known as mattock_afk
07:03 -!- bogie [bogie@mail.epow0.org] has quit [Ping timeout: 250 seconds]
07:05 < rob0> dazo, what I do with a Linux client: simply run "openvpn /path/to/AS/client.conf", so would eurephia work that way too?
07:05 <@dazo> rob0: yes
07:06 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-ajpjqzenznkacxsi] has quit [Ping timeout: 250 seconds]
07:06 -!- bogie [bogie@mail.epow0.org] has joined #openvpn
07:06 <@dazo> rob0: well, eurephia is only configured on the server, though
07:07 <@dazo> The only OpenVPN requirement eurephia have is to be able to see the tls_digest_* env. variables which is provided via the --plugin interface ... that env. varialbe  was officially added in the 2.2 release
07:12 < hikenboot> In that case, you were my last hope of figuring it out, guess I am forced into getting openvpn to work right on amazon cloud instance. So far I have had no luck. Is there an openvpn (not openvpn-as ) appliance on amazon cloud? I cant seem to find one
07:16 -!- texta [7c957057@pdpc/supporter/professional/texta] has joined #openvpn
07:16 -!- Tander1gi [Tander1gi@gateway/vpn/mullvad/x-ezmndmmnffjqsxfn] has quit [Quit: Leaving]
07:17 < texta> Hey guys, I use LDAP for authenticaton. Any way to assign IPs based on an attribute in LDAP?
07:17 < hikenboot> or the second possibility (that might work) is being able to convert openvpn-as instance to plain old openvpn) not sure this would correct all the paths and things though
07:18 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:20 -!- rkhunter [~rkhunter@gateway/vpn/privateinternetaccess/rkhunter] has quit [Ping timeout: 265 seconds]
07:22 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-ozsnqwhwxjbjhptk] has joined #openvpn
07:24 <@dazo> hikenboot: setting up openvpn from scratch is generally fairly simple ... grab a standard minimal base image (I prefer RHEL, Scientific Linux or CentOS), install the 'Fedora EPEL' repository and do 'yum install openvpn' ... then it's just to create a config under /etc/openvpn/ ... and do 'service openvpn start'
07:25 <@dazo> hikenboot: how you write the config file, completely depends on your needs for your VPN tunnel ... but Jan Just Keisers "OpenVPN 2 Cookbook" can give very good guidance here
07:25 <@dazo> !book
07:25 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2!
07:25 <@dazo> hikenboot: and then adding eurephia authentication comes on top of a working openvpn config ... which will then should be fairly easy to add as well
07:28 < hikenboot> ok, I will try again but had difficulty when it came to getting a working client config. But the issue seemed to have been with the server receiving the connections. I worked on it for hours with no luck..but will give it a second try
07:29 < hikenboot> also when i did this I noticed that the sample files seemed to be missing out of debian, are they in place in the fedora install?
07:31 <@dazo> hikenboot: don't use the sample configs ... they will generally just confuse you more .... a normal server config is something like 10-15 lines ... and which options you use, really depends on your needs .... openvpn is so flexible you can bend it almost to any need you have, but it makes it impossible to make "generic" sample configs
07:32 -!- m0hm0h [m0hm0h@kapsi.fi] has quit [Ping timeout: 250 seconds]
07:33 < hikenboot> to tell you my goal with eurephia, what I want to do is have like 100 clients connect but only clients in a group to be able to share a virtual network, Am I right in saying this should be easy for eurephia?
07:34 <@dazo> yes, that should work just fine
07:35 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 250 seconds]
07:35 <@dazo> hikenboot: then you would just need to setup a standard tun+routed setup with certificate authentication as the first step.  Ignore eurephia in this phase ... once that setup works, you can add eurephia to get a more fine-grained authentication and access control
07:36 < hikenboot> this should be doable with an adaptable 6 or so lines of firewall code that eurephia would automatically put in place, correct?
07:36  * dazo brb
07:37 < hikenboot> I would put the fireall lines in a config and then they would some how adapt for the different unspecified client connections ahead of time?
07:37 < hikenboot> no proble
07:38 <@dazo> hikenboot: you would need to define a few access profiles in iptables ... and then tell eurephia about them, and add those profiles to the corresponding 'usercerts' link
07:39 <@dazo> hikenboot: the firewall setup should be fairly well documented, at least I believe so :)  http://www.eurephia.net/documentation/eurephia/1.1/html/Administrators_Tutorial_and_Manual/chap-Administrators_Manual-FWintegration_Chapter.html
07:39 <@vpnHelper> Title: Chapter 5. Firewall integration (at www.eurephia.net)
07:41 <@dazo> hikenboot: if you encounter any bugs or issues with eurephia (when you get that far), let me know and I'll fix them instantly
07:42 < hikenboot> thanks dazo for the help
07:43 -!- FlashDel [~benedict@mail.galileo-press.de] has joined #openvpn
07:45 < FlashDel> hi folks, i got a question: I would like to setup an openvpn access server from scratch and the users should authenticate against my ldap server and google auth. Now my question is: Would a RADIUS server make sense or would it be sufficient to authenticate directly against ldap
07:45 <@dazo> !as
07:45 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
07:46 < FlashDel> oh, ok sorry..
08:01 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
08:03 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:12 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 245 seconds]
08:14 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:21 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:30 -!- germanstudent [~germanstu@unaffiliated/germanstudent] has joined #openvpn
08:38 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
08:41 < germanstudent> With the OpenVPN default configuration and Ubuntu 14.04 as a client with IPv4 and IPv6 addresses, the IPv6 traffic is not routed through the VPN-Server. Shouldn't this be default behaviour in order to avoid IPv6 address exposure?
08:43 < germanstudent> This doesn't happen with Mac or Windows.
08:48 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:55 < flyingkiwi> germanstudent, are you talking about that openvpn network-manager plugin?
08:56 -!- wallbroken [wallbroken@unaffiliated/wallbroken] has joined #openvpn
08:56 < wallbroken> hi
08:56 < wallbroken> why there is not openvpn for osx ?
08:56 < wallbroken> tunnelblick is shitty
08:57 < mutilator> s/tunnelblick/osx/
08:58 <@krzee> feel free to compile it for osx, or grab from one of the osx package managers
08:58 < germanstudent> flyingkiwi, no, the default configuration file (e.g. openvpn --config standard.ovpn
08:58 <@krzee> theres no default config file with openvpn, could be something your package manager did
08:59 < wallbroken> if i compile on osx, it will work?
08:59 < wallbroken> is there some gui for osx?
08:59 <@krzee> !osx
08:59 <@vpnHelper> "osx" is (#1) Tunnelblick includes everything you need to run OpenVPN on OS X. https://code.google.com/p/tunnelblick/ or (#2) Viscosity is another OpenVPN client for OS X, but it is commercial. http://www.thesparklabs.com/viscosity/
08:59 <@krzee> those are the gui options
09:00 < wallbroken> and why windows has an openvpn frontend?
09:00 < wallbroken> or also linux
09:00 <@krzee> cause windows is like that
09:00 <@krzee> linux doesnt
09:00 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:00 < flyingkiwi> germanstudent, even me can't find any configuration files in ubuntu's openvpn deb. so, where is your default config coming from?
09:00 < wallbroken> ok and if i want to install openvpn without frontend on osx?
09:01 <@krzee> like i said, compile it or use a package manager
09:01 < germanstudent> krzee, flyingkiwi  when you dpkg -i the current standard Access Server, it will offer a configuration file via web interface for clients (without having to configure anything). If you use this configuration with the windows client, all traffic is routed through this server. With Ubuntu 14.04 only IPv4 traffic goes through this sserver.
09:01 < wallbroken> krzee, package manager like macports?
09:01 <@krzee> yes, like macports
09:01 < wallbroken> o
09:01 < wallbroken> k
09:01 <@krzee> germanstudent,
09:01 <@krzee> !as
09:01 < flyingkiwi> germanstudent, #openvpn-as
09:01 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
09:01 < mutilator> the windows "gui" is nothing more than an icon that shows if you're connected or not
09:01 <@plaisthos> wallbroken: for windows the ui is maintained by oepnvpn core developer and for OS X the UI is developed and packaged by an external developer
09:02 <@plaisthos> mutilator: it does a bit more
09:02 < germanstudent> krzee, k
09:02 < mutilator> lets you select profiles from that icon
09:02 < mutilator> sure..
09:02 < wallbroken> plaisthos, why developer chosed to develop the ui for windows and not for osx/linux ?
09:02 <@plaisthos> wallbroken: why develop a second UI when there is a working alternative?
09:02 <@krzee> because windows needed it, osx has options already
09:03 <@krzee> and look at tunnelblick versus windows gui
09:03 <@krzee> its way more complete than openvpn itself would even attempt to be
09:04 < wallbroken> why windows needs it? is not possible to run openvpn from cmd.exe console?
09:04 <@plaisthos> wallbroken: tell that to average joe user
09:04 < wallbroken> the same thing should be about osx
09:04 <@plaisthos> do you have any question/point or do you just want to rant about uis?
09:04 <@krzee> osx has *2* currently working guis
09:05 <@plaisthos> wallbroken: yes, that is why average joe install tunnelblick
09:05 <@krzee> both of which are better than openvpn implimented in windows
09:05 < wallbroken> krzee, no, if you import a config from vpnbook to tunnelblick, it will not work becouse of dns address issue
09:06 < wallbroken> on windows it works normally
09:06 <@krzee> works for my many configs, you should probably be submitting a bug to the right people
09:06 < wallbroken> you have tunnelblick on osx?
09:06 <@krzee> !tunnelblick
09:06 <@vpnHelper> "tunnelblick" is http://www.tunnelblick.net - Free OpenVPN GUI Client for Mac OS X
09:06 <@krzee> yes
09:06 <@krzee> i do
09:07 < wallbroken> ok, to import certificates it's quite difficoult on yosemite
09:07 < wallbroken> ops
09:07 < wallbroken> configuration files *
09:07 <@krzee> currently connected to 5 of 12 of my vpns
09:07 < wallbroken> if you click on "+" on gui, it tells you to double click on .ovpn files, but it will not work
09:07 <@krzee> take that up with them
09:08 < wallbroken> you know how to import a configuration file with built in certificates to tunnelblick?
09:08 <@plaisthos> wallbroken: first you talked about broken and now certificates
09:08 <@krzee> !inline
09:08 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
09:09 < wallbroken> krzee, they are already built configuration files by vpnbook
09:09 <@plaisthos> last time I checked tunnelblick worked fine with inline certificates
09:09 <@krzee> ya which is it? dns or certs?
09:10 <@krzee> "wallbroken> krzee, no, if you import a config from vpnbook to tunnelblick, it will not work becouse of dns address issue"
09:10 <@krzee> then out of nowhere we're talking about inline certs
09:10 < wallbroken> wait, let me explain better
09:11 <@krzee> free pptp and openvpn accounts
09:11 <@krzee> seeing as they serve pptp i would NOT trust their openvpn
09:11 <@krzee> lol
09:11 <@krzee> !pptp
09:11 <@vpnHelper> "pptp" is (#1) PPTP is known to be a faulty protocol. The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks. Lots of people use PPTP anyway due to ease of use, but that doesn't mean it is any less hazardous. The maintainers of PPTP Client and Poptop recommend using OpenVPN (SSL based) or IPSec instead. http://pptpclient.sourceforge.net/protocol-security.phtml to
09:11 <@vpnHelper> read about why to not use pptp or (#2) Why not to use it: http://en.wikipedia.org/wiki/Pptp#Security or (#3) https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
09:13 <@krzee> i just imported a vpnbook config by double clicking it
09:13 <@krzee> worked fine
09:13 < wallbroken> some mounths ago i added .ovpn vpnbook files to tunnelblick(i don't remember how i done it). i connected to it but it was unable to ping google.it or the other dns, i solved adding dhcp-option to configuration file and then i solved the problem. on windows there is no need to add that line
09:14 < wallbroken> now i'm trying to add another .ovpn file to tunnelblick but i forgot how to. Somebody of you could remember to me how to do it?
09:14 <@plaisthos> so you config file is broken and you blame Tunnelblick for that?
09:14 < wallbroken> i don't think is broken. i downloaded from vpnbook.com
09:14 < wallbroken> http://www.vpnbook.com/free-openvpn-account/VPNBook.com-OpenVPN-Euro1.zip
09:15 <@krzee> works here
09:15 <@plaisthos> wallbroken: the console client under os x will do the same
09:15 <@krzee> that exact zip
09:15 < wallbroken> krzee, you simply double click on ovpn file?
09:15 <@krzee> yep
09:15  * dazo smells an ugly smell of pebkac
09:15 <@plaisthos> only because windows does slighly different routing and dns does not mean the config is working
09:15 <@krzee> Tunnelblick 3.4.3 (build 4055.4198)
09:15 <@plaisthos> I tell you what
09:16 <@krzee> dazo, your sniffer seems to be working well!
09:16 <@plaisthos> OpenVPN for Android is probably also broken with that config file
09:16 < wallbroken> krzee, it navigates?
09:16 <@krzee> wallbroken, no idea, im not going to connect and direct my traffic through it lol
09:16 <@krzee> no chance of that happening
09:16 < wallbroken> ok
09:16 <@krzee> but it asks me for the login/password
09:16 < wallbroken> so, maybe there will be some issue with osx yo
09:16 < wallbroken> yosemite
09:17 <@krzee> maybe, i choose not to use that
09:17 <@plaisthos> not specifiying a DNS server in an openvpn config is one of the most common causes for configs no to work
09:17 < wallbroken> Username: vpnbook
09:17 < wallbroken> Password: ch3pERuG
09:17 <@krzee> i know, i choose not to enter the vpn so i dont give it that
09:17 < wallbroken> ok
09:17 <@krzee> im just saying importing the config worked fine
09:17 < wallbroken> okok
09:18 < wallbroken> and linux has something like tunnelblick?
09:18 <@krzee> they have users that generally know how to do better than point and click
09:18 <@dazo> "What you can't do from the command line isn't worth doing."
09:19  * dazo is a Linux user
09:19 <@krzee> but yes, network manager exists for those grammas in the linux world who still need point and click
09:19 < wallbroken> also linux user do use GUI
09:19 <@plaisthos> really?
09:19 <@dazo> wallbroken: I let systemd manage my VPN connections these days
09:20 <@plaisthos> I thought they all stare at consoles all day long
09:20 <@krzee> i manager my vpn connections with butterfly wings
09:20 < wallbroken> this means that an openvpn gui would be more confortable, or not?
09:20 -!- mattock_afk is now known as mattock
09:20 <@krzee> wallbroken, if youd like to make one, see the notes on management interface
09:20 < wallbroken> krzee, you use osx, no point with that
09:20 <@krzee> !management
09:20 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read https://github.com/OpenVPN/openvpn/blob/release/2.3/doc/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN or (#3) Enable with `--management 127.0.0.1 1234` (adjust port to taste.) See the manpage for pw and socket options
09:21  * plaisthos will just go away
09:21  * plaisthos is still not sure if wallbroken is trolling or really does not understand what we are trying to tell him
09:21 <@dazo> krzee: a nice detail with systemd ... we have added a simple systemd unit file ("init script"), which allows you to control each config file independently .... and need logs?  journalctl -u openvpn-client@CONFIG_NAME ... and you get log data from only that single instance
09:21 <@krzee> plaisthos, hard to tell sometimes isnt it lol
09:22 <@dazo> plaisthos++
09:22 <@krzee> dazo, hey thats pretty cool
09:24 <@dazo> krzee: yeah ... and with simple modifications, systemd can actually restart openvpn configs automatically if they die ... systemd is actually far better than the rumour, that's my experience after having played with it for ~1 year or so
09:24 <@krzee> can it also notify of having restarted the dead proc?
09:25 <@krzee> cause id rather have it not come back than come back without letting me know
09:25 -!- texta [7c957057@pdpc/supporter/professional/texta] has quit [Ping timeout: 246 seconds]
09:25 <@dazo> krzee: yeah, should be doable ... you can even write your own tool using dbus to catch that, and not even just for openvpn, but for any types of services
09:26 <@krzee> ya i have my own solutions already was just curious :)
09:26 <@dazo> krzee: in fact, you can write your own tool using dbus to actually control when will be openvpn (or any other services) will be restarted
09:26 <@dazo> (dbus support exists also for Perl and Python scripts too)
09:28 <@krzee> snom discontinued their 821
09:28 <@dazo> krzee: it's a little side-track, but some guys wrote a webUI for system-management on systemd systems ... all the webUI does is, is to use dbus ... and you can see some pretty cool stuff in this presentation ... https://www.youtube.com/watch?v=97l1qf2sZtk
09:28 <@krzee> (voip phone)
09:28 <@vpnHelper> Title: Stef Walter - Cockpit: Modern Server User Interface - YouTube (at www.youtube.com)
09:28 <@krzee> sweet watching now
09:29 -!- mattock is now known as mattock_afk
09:29 <@dazo> (fast-forward the 3 first minutes ... they've forgotton to trim it)
09:29 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Remote host closed the connection]
09:30 <@krzee> now i have to re-dev for another voip phone
09:30 <@krzee> =/
09:30 <@krzee> damn you snom!
09:30 <@dazo> :(
09:30  * krzee shakes fist
09:31 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
09:36 < wallbroken> having tunnelblick means that i can also use "openvpn" command from the terminal ?
09:37 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 246 seconds]
09:37 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
09:39 -!- bogie [bogie@mail.epow0.org] has quit [Ping timeout: 250 seconds]
09:43 -!- bogie [bogie@mail.epow0.org] has joined #openvpn
09:43 <@krzee> tunnelblick does
09:43 <@krzee> heh
09:44 <@krzee> to be specific, /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
09:44 <@krzee> (in mine)
09:45 < wallbroken> from that folder i can run ./openvpn ?
09:45 <@krzee> it wasnt a "folder"
09:45 < wallbroken> ok, that's an executable
09:45 < wallbroken> sorry
09:46 <@krzee> also, files go in directories
09:46 <@krzee> =]
09:46 < wallbroken> yes, i'm a past Windows user, and we call them "folders"
09:47 <@krzee> right, because of the icon used for directories in windows, i'd like to note that in dos the command to see whats in the directory is 'dir'
09:48 <@krzee> but ya, some windows users see the icon and say "folder"
09:49 <@krzee> https://msdn.microsoft.com/en-us/library/windows/desktop/aa363946(v=vs.85).aspx
09:52 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
09:53 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
10:14 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
10:14 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Read error: Connection reset by peer]
10:24 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:34 -!- unaM [~unaM@2001:41d0:fe06:cf00:7218:8bff:fe6f:cb29] has quit [Quit: unaM]
11:00 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:05 -!- suexec [~suexec@voyage.vhost.usr.no] has joined #openvpn
11:05 < suexec> Are there any nice web guis for openvpn administration, that don't need licensing/cost money ?
11:07 <@krzee> none that i know of
11:09 < suexec> poo :(
11:10 < Eugene> butt-poop.
11:10  * Eugene giggles incessantly
11:33 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:35 -!- FlashDel [~benedict@mail.galileo-press.de] has quit [Ping timeout: 264 seconds]
11:37 -!- kimmr [kimmr@gateway/shell/yourbnc/x-tyngbkcxyxgtdvxi] has joined #openvpn
11:44 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
11:48 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Sleeping.]
11:54 -!- germanstudent [~germanstu@unaffiliated/germanstudent] has quit [Quit: Leaving]
12:05 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
12:06 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 246 seconds]
12:07 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Client Quit]
12:07 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
12:17 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
12:20 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
12:25 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
12:29 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
12:31 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
12:32 -!- wallbroken [wallbroken@unaffiliated/wallbroken] has quit [Ping timeout: 245 seconds]
12:50 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
12:53 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
12:53 -!- mode/#openvpn [+v s7r] by ChanServ
13:23 -!- khaldrogox [~anonymous@64.13.138.81] has left #openvpn []
13:26 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:26 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
13:26 < soLucien> join #hardware
13:31 <@dazo> suexec: what would you expect of such an admin tool?
13:35 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
13:48 -!- dazo is now known as dazo_afk
13:49 -!- tristan_c [~tristan_c@81.141.92.189] has quit [Remote host closed the connection]
13:53 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
13:54 -!- tristan_c [~tristan_c@81.141.92.189] has joined #openvpn
13:58 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Read error: Connection reset by peer]
13:59 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
14:06 -!- tristan_c [~tristan_c@81.141.92.189] has quit []
14:18 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Quit: Leaving]
14:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
14:32 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn ["Leaving"]
14:33 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
14:34 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn []
14:36 -!- mattock_afk is now known as mattock
14:37 -!- happytoo [~happyone@108.170.48.242] has joined #openvpn
14:42 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
14:53 -!- happyone [~happyone@108.170.48.242] has joined #openvpn
14:53 -!- happytoo [~happyone@108.170.48.242] has quit [Read error: Connection reset by peer]
15:02 -!- bynarie [bynarie@unaffiliated/bynarie] has joined #openvpn
15:03 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
15:26 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:28 -!- happyone [~happyone@108.170.48.242] has quit [Read error: Connection reset by peer]
15:28 -!- happytoo [~happyone@108.170.48.242] has joined #openvpn
15:40 -!- bynarie [bynarie@unaffiliated/bynarie] has quit [Quit: Be back later...]
15:43 -!- bynarie [bynarie@unaffiliated/bynarie] has joined #openvpn
15:44 -!- bynarie [bynarie@unaffiliated/bynarie] has left #openvpn []
15:52 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
16:05 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
16:06 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
16:08 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
16:11 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has joined #openvpn
16:30 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:39 -!- hotwings [hd@secksy.net] has joined #openvpn
16:40 < hotwings> getting "ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory" in debian linux. ip tunneling is enabled in my kernel. udev is supposed to create that right? any ideas?
17:03 < rob0> "modprobe tun"
17:10 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:19 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
17:19 < Azrael_-> hotwings: did it work now?
17:27 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
17:34 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has quit [Ping timeout: 250 seconds]
17:37 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has joined #openvpn
17:37 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
17:43 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
17:58 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:12 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
18:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
18:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
18:35 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
18:38 < hotwings> rob0 / Azrael - tun is built into the kernel, not as a module
18:38 <@ecrist> !logs
18:38 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
18:41 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
18:42 < rob0> hotwings, perhaps you need to try again, rebuild it?
18:43 < pekster> See also the kernel documentation on your tun device (the thing that's "missing" according to your error.) ~linux/Documentation/networking/tuntap.txt (under the heading: "2. Configuration" )
18:44 <+esde> hotwings sounds good
18:45 < Eugene> My local pizza joint does half-price wings on Wednesdays.
18:46 < Eugene> It's our regular night out
18:53 -!- justinzane [~justinzan@24.49.199.88] has quit []
19:03 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
19:05 < rob0> Eugene, sure, but don't they use a modular kernel?
19:28 -!- PryMar56 [~prymar@unaffiliated/prymar56] has joined #openvpn
19:36 -!- happytoo [~happyone@108.170.48.242] has quit [Read error: Connection reset by peer]
19:36 -!- happytoo [~happyone@108.170.48.242] has joined #openvpn
19:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
19:37 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
19:47 <@ecrist> anyone in here use tunnelblick?
19:47 -!- mode/#openvpn [-o ecrist] by ecrist
19:53 < mutilator> <-
19:57 < hotwings> rob0 - i didnt build openvpn, i apt-get installed it in debian testing
19:59 < rob0> you built a kernel, and in fact, the tun driver is part of Linux, not part of openvpn
19:59 < ecrist> mutilator: have you noticed that it doesn't cleanly disconnect from the server, and just drops the connection?
19:59 < hotwings> pekster - i already followed the kernel documention on creating the device node
20:00 < hotwings> rob0 - i just compiled the kernel after enabling tunneling. recompiling isnt going to do anything that wasnt done when i compiled it earlier
20:01 < rob0> yes yes.  You don't have the tun driver loaded.  Argue if you will, but it won't change anything.
20:14 < hotwings> i already told you i built tun into the kernel, not as a module
20:14 < hotwings> https://www.kernel.org/doc/Documentation/networking/tuntap.txt -> 2. Configuration -> Driver module autoloading
20:15 < hotwings> or are you saying tun should be a module for openvpn to work?
20:15 < rob0> okay
20:32 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 252 seconds]
20:32 -!- unicodesnowman [~unicodesn@unaffiliated/unicodesnowman] has quit [Ping timeout: 252 seconds]
20:34 -!- john-soda [~john-soda@dslb-188-106-024-051.188.106.pools.vodafone-ip.de] has quit [Quit: Leaving]
20:34 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:36 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
20:37 < pekster> You _do_ realize module autoloading is for.. modules.. yes?
20:38 < pekster> (which you've stated your're not using.) Go mknode your device. Or better yet, question why you're fighting so hard for a driver enabled in stock upstream kernels as a module, because that's what all the cool kids these-days do too
20:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:18 < hikenboot> rob0, do i use easy-rsa with eurephia?
21:25 < hotwings> pekster - wrong. drivers built into the kernel are still modules. they just arent stored as external files and dont require manual loading. autoloading external modules is the same thing the kernel does when theyre built in
21:27 < hotwings> there is no difference what-so-ever between a module stored externally or a module built into the kernel aside of one requires additional loading ... guess which one
21:42 < pekster> Not exactly. Take Netfilter: you can't "not have" the packets traversing the kernel, even if you clear out a ruleset
21:43 < pekster> But w/e, not really my problem. If you don't ahve the character devices you need, go craete it. If your kernel lacks support for it, go add it
21:43 < pekster> This really isn't that complicated
21:43 < pekster> Surely an `ls -l /dev/net/tun` isn't hard here
21:52 < hikenboot> rob0, you around?
21:56 < leo2007> I have problem connecting to openvpn gateway via stunnel.
21:57 < leo2007> I can connect successfully (auth'd successfully and assigned a vpn ip) but I cannot ping the gateway nor can the gateway ping the client.
21:57 < leo2007> ideas?
21:58 < pekster> Add --verb 5 and watch for transmitted inside packets received by the far end. And verify use of a sane --keepalive (or its --ping/--ping-restart) options
22:02 < leo2007> pekster: anything suspicious in this log https://bpaste.net/show/b1f9353c2c45
22:04 < leo2007> I have keepalive 10 120 in the server conf
22:31 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
22:31 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
23:04 -!- _snd [~alexh@login.boxed.no] has joined #openvpn
23:05 < _snd> morn. i just upgraded from 2.3.3 to 2.3.6 and suddenly openvpn dosn't want to accept my server side cert, and exists with "X509 name was missing in TLS mode (OpenSSL)" and google turns out pretty much nothing useful related to this. anyone here seen this happen?
23:55 -!- PryMar56 [~prymar@unaffiliated/prymar56] has quit [Quit: Leaving]
--- Day changed Tue Mar 03 2015
00:00 -!- grendal_prime [~sgraham@12.237.60.194] has joined #openvpn
00:01 -!- ShadniX [dagger@p5DDFE2E6.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:02 -!- ShadniX [dagger@p5481C735.dip0.t-ipconnect.de] has joined #openvpn
00:08 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Remote host closed the connection]
00:08 -!- mattock is now known as mattock_afk
00:14 < grendal_prime> ok im trying to remember how to do this. I have alinux router with openvpn server on it...the connecting client i can get to the network on the local lan.  But, i want a local lan user to get access to the network on the other side of the connected client.
00:14 < grendal_prime> i know i have done this in the past..i just cannot remember how to do that.
00:19 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
00:21 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
00:26 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
00:32 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 252 seconds]
00:43 -!- donnib [~donnib@152.115.31.4] has left #openvpn []
00:45 -!- grendal_prime [~sgraham@12.237.60.194] has quit [Ping timeout: 250 seconds]
00:46 -!- grendal_prime [~sgraham@12.237.60.194] has joined #openvpn
00:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
00:54 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 250 seconds]
00:59 -!- happytoo [~happyone@108.170.48.242] has quit [Read error: Connection reset by peer]
01:00 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
01:03 -!- happytoo [~happyone@108.170.48.242] has joined #openvpn
01:08 -!- grendal_prime [~sgraham@12.237.60.194] has quit [Quit: Ex-Chat]
01:24 -!- donnib [~donnib@152.115.31.4] has joined #openvpn
01:25 < donnib> hi
01:25 < donnib> i have a openvpn tunnel setup where i use client-cert-not-required and username-as-common-name
01:25 < donnib> and i can connect from tunelbrick and my iPhone
01:27 < donnib> now i want to setup VPN on Demand on my iPhone and i understand that i need to disable username/password authentication and only use client cert, how do i achieve that ? Should i make a separete instance with a different port for this or can the same instance support both methods ?
01:28 -!- mattock_afk is now known as mattock
01:49 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
01:54 -!- grendal_prime [~sgraham@173-166-255-77-stockton.hfc.comcastbusiness.net] has joined #openvpn
01:54 -!- havingFun is now known as xrosnight
01:54 < grendal_prime> grrr
01:55 < grendal_prime> going crazy...getting short on time...good thing there is plenty of liquer
01:56 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
01:58 < Mutantx> Is mtu-test client or server side?
02:03 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
02:05 < Mutantx> Putting it into the server conf. Any idea if the mtu-test is available for only measuring MTU or does it take it one step furthur after the test?
02:08 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
02:21 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:23 < grendal_prime> GRRRRR
02:24 -!- euphoria360 [~euphoria3@151.240.155.118] has joined #openvpn
02:25 < euphoria360> !welcome
02:25 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
02:25 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
02:26 < euphoria360> !howto
02:26 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
02:27 < grendal_prime> I would like to ping the network on the other side of the connected client.
02:27 < suexec> I am able to connect to my vpn server, but client side I am getting read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=113) and no network connectivity (the vpn connection stays up). What am I doing wrong ?
02:27 -!- mattock is now known as mattock_afk
02:27 < grendal_prime> can you ping the server ip?
02:28 < suexec> Nope
02:28 < grendal_prime> meaning the servers vpn ip.
02:28 < suexec> Nope. Can't ping gateway (vpn server) ip
02:28 < grendal_prime> you got the tun type?
02:28 < grendal_prime> tap or tun?
02:29 < suexec> tun
02:29 < grendal_prime> server is linux clien is...windows or linux?
02:29 < suexec> linux both ends
02:30 < grendal_prime> ok, so protocol is same, tun,
02:30 < suexec> Maybe I should make a tap instead. I suppose I would like direct access to my network at home. And if I made a tap service, would my home network dhcp server assign ips to connecting clients?
02:30 < grendal_prime> dont use tap.
02:30 < grendal_prime> its a fkn nightmare.
02:31 < suexec> alright,hehe
02:33 < grendal_prime> if you look on the server status...what does it say about connections
02:33 < euphoria360> i have similar issues too, initialization succeeds, no internet ping but can ping servers vpn ip address. I'll listen to your conversation
02:34 < grendal_prime> euphoria360, if you can see the vpn server ip and you want to get access to the network on the other side...you need to enable routing in the vpn server.
02:34 < euphoria360> damn, seems i cant even ping server
02:34 < grendal_prime> you do this by first telling the server you want to enable routing for a specific network...then pushing a route to your connected client.
02:34 < suexec> grendal_prime, looking at the server I see the connection working fine .. but then I get several read UDPv4 [ECONNREFUSED]: Connection refused (code=111) .
02:36 < grendal_prime> what protocol you using?
02:36 < grendal_prime> tcp or udp?
02:36 < grendal_prime> udp right...ya is that specified in both server and client config?
02:36 < euphoria360> gtg, will be back soon
02:37 < suexec> grendal_prime, yes, both client and server are set to udp. I guess that error is from when I disconnected my client. I haven't enforced disconnect notification.
02:40 < suexec> I'll try connecting one more time to gather some more data. brb.
02:42 < suexec> no dice :(
02:43 < suexec> I am wondering if I am getting the wrong ips. tun0 on client is inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255 . tun0 on server is inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
02:56 < euphoria360> guys, before i busy your time, it would be good to setup openvpn from ground up again (although I've done this few times). does https://www.webhostinghero.com/centos6-openvpn-setup/ seems a good tutorial?
02:56 <@vpnHelper> Title: How to Setup a VPN Server on CentOS 6.x (at www.webhostinghero.com)
02:56 < suexec> grendal_prime, My firewall wouldn't be blocking this subnet, would it? It gets transported in a tunnel so my firewall is oblivious to the network transported, right ?
02:57 < grendal_prime> your filrewall needs to have port 1194 open
02:57 < grendal_prime> thats on the server
02:57 < grendal_prime> if your outbound firewall is blocking it then ya that will be a problem
02:57 < grendal_prime> you can use like...443
02:58 < grendal_prime> just set your server to listen on that port.
02:58 < suexec> Yeah. 1194 is fine and all. The connection is made. I just can't get any data through after connecting.
02:59 < grendal_prime> i dont think you are connecting
02:59 < grendal_prime> if you were it would work.
02:59 < grendal_prime> im sorry dude im trying to work something out here as well..kinda a bitch
02:59 < grendal_prime> and im getting short on time
03:00 < euphoria360> !paste
03:00 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
03:00 < suexec> grendal_prime, no probs mate. I am 100% sure the connection is made. Logs on both ends confirm it :)
03:01 < euphoria360> !configs
03:01 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
03:01 < suexec> grendal_prime, fix your problem buddy. I'll keep messing about. I am sure it's just a minor mistake.
03:01 < grendal_prime> do you get assigend an ip on your client?
03:02 < euphoria360> !logs
03:02 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
03:02 < grendal_prime> ifconfig on your client whats the ip?
03:02 < grendal_prime> should be for the tun device
03:02 < grendal_prime> tun0 probably
03:03 < euphoria360> !logfile
03:03 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
03:09 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 265 seconds]
03:10 < grendal_prime> suexec, does the client get assigend an ip
03:11 < suexec> grendal_prime, yes. tun0 on client is inet addr:10.8.0.6
03:11 < grendal_prime> and the server is running on 10.8.0.1 correct
03:11 < suexec> grendal_prime, spot on
03:11 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
03:11 < grendal_prime> and you cannot ping that ip from the client
03:12 < grendal_prime> can you ping the client from the server?
03:16 < suexec> Not sure, I loose connectivity to server once I connect the vpn ;)
03:16 < suexec> And yes - client cannot ping server.
03:29 < suexec> Bloody strange this
03:35 -!- zaggynl [~zaggynl@4dafe030.ftth.telfortglasvezel.nl] has joined #openvpn
03:36 < zaggynl> !welcome
03:36 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:36 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:36 < zaggynl> !wiki mitm
03:36 < zaggynl> !mitm
03:36 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
03:36 -!- euphoria360 [~euphoria3@151.240.155.118] has quit [Ping timeout: 250 seconds]
03:42 < zaggynl> Question: this VPN provider appears to put the private key in their openvpn config, this is bad practice right?
03:42 < zaggynl> Config file: https://www.frootvpn.com/files/frootvpn.ovpn
03:46 < zaggynl> from what I understand this would make it really easy to mitm me if I would set up a connection to that VPN provider
03:50 < vegardx> How would it make it easier to do a mitm?
03:51 < vegardx> Putting certificates inline is perhaps not the very best practice as you cannot set more restrictive permissions, but not a glaring security hole.
03:52 < vegardx> But ideally you want to generate your own key and csr, then let them sign it. But I doubt you'll ever find a VPN provider that'll do that for you.
03:54 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Remote host closed the connection]
03:55 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
03:57 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
03:58 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Max SendQ exceeded]
03:59 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
03:59 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
04:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:13 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
04:19 -!- mattock_afk is now known as mattock
04:43 -!- tx [~texta@pdpc/supporter/professional/texta] has joined #openvpn
04:46 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 244 seconds]
05:14 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:16 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:17 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:17 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Client Quit]
05:19 -!- warehouse13 is now known as Left_Turn
05:27 -!- dazo_afk is now known as dazo
05:35 -!- happyone [~happyone@108.170.48.242] has joined #openvpn
05:36 -!- happytoo [~happyone@108.170.48.242] has quit [Read error: Connection reset by peer]
05:41 -!- euphoria360 [~euphoria3@151.240.155.118] has joined #openvpn
05:42 -!- rkhunter [~rkhunter@gateway/vpn/privateinternetaccess/rkhunter] has joined #openvpn
05:43 < rkhunter> would a configuration file with private key in it be secure ?
05:45 < txdv> can i create an interface without routing everything by default through it?
05:46 < rkhunter> https://defuse.ca/b/EhyqNxNS
05:46 <@vpnHelper> Title: Defuse Security's Encrypted Pastebin (at defuse.ca)
05:46 < rkhunter> https://www.frootvpn.com/files/frootvpn.ovpn
05:46 < rkhunter> is this VPN configuration secure ?
05:46 < rkhunter> they basically have Private key in the configuration file ?
05:50 -!- Chais [~Chais@unaffiliated/chais] has quit [Read error: Connection reset by peer]
05:59 < vegardx> You're using a VPN service, which by definition is not secure. Ask them, this channel is for the opensource implementation of OpenVPN, not support for frootvpn.
05:59 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:00 < vegardx> txdv: Naturally. Routing has nothing to do with interfaces.
06:09 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Read error: Connection reset by peer]
06:10 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
06:20 < tx> Hey guys, is there a way to statically assign certain clients with IPs?
06:20 < tx> via LDAP
06:22 < tx> or have addresses in a file statically mapped to the clients username
06:22 < rkhunter> vegardx, but I am asking if adding a private key in configuration file any secure ?
06:25 < rob0> I guess it depends on how securely that key is maintained.  And on what threat models concern you most.
06:26 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:28 < rkhunter> rob0, I don't know, I need to ask the VPN provider, do you suggest any VPN provider that has full openvpn support ?
06:28 < rkhunter> I want to use AES-256-CBC with SHA-512
06:29 < rob0> I don't use a VPN provider, can't suggest any.
06:30 < rkhunter> Ok
06:30 < rkhunter> lol
06:30  * plaisthos should join a affiliate program of some shady openvpn provider to gain money from people asking this question
06:30 < rkhunter> ok
06:31 < rkhunter> do it
06:34 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Quit: say wat]
06:37 < tx> Ah, you can assign static IPs using ccd/username.
06:37 < tx> Perhaps I need to write a script that syncs the contents of that folder with my LDAP directory.
06:37 < tx> (IPs are stored in LDAP)
06:38 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 244 seconds]
06:40 < euphoria360> hi. i have a problem in my openvpn server. i tried new installation and configing few times but no luck. confs and logs are ready to share. server is centos 6 on openvz vps
06:41 < euphoria360> i had it working for a long time but few days ago something went wrong and it doesnt work anymore.
06:42 < euphoria360> i get "initialization succeed too.
06:42 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:43 < euphoria360> but no ping, plus i get dc few seconds after
06:43 -!- rkhunter [~rkhunter@gateway/vpn/privateinternetaccess/rkhunter] has left #openvpn ["Leaving"]
06:50 < euphoria360> i cant even say if the problem is client side, server side, or something in middle of them (since I have a shitty government)
06:55 < euphoria360> !goal
06:55 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
06:55 < rob0> !openvz
06:55 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
06:57 < euphoria360> my goal of creating this openvpn server is to circumvent censorship applied to me.
06:57 < vegardx> Then get something other than openvz!
06:58 < euphoria360> vegardx: i had it working on openvz.
06:58 -!- suexec [~suexec@voyage.vhost.usr.no] has quit [Ping timeout: 250 seconds]
07:00 < euphoria360> tun is available and enabled.
07:03 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 246 seconds]
07:04 < euphoria360> here is my logs and configs: Server Conf:http://pastebin.com/EPepyhZS ,Client Conf: http://pastebin.com/BzTp47RD, iptables: http://pastebin.com/UQp0rBfF, Server log: http://pastebin.com/8ug5LAKC, Client log: http://pastebin.com/frMAaLcM
07:04 < vegardx> The connection is probably just being terminated by a third party.
07:05 < vegardx> It's kinda of obvious what you're trying to do if everything runs on standard ports, etc.
07:05 < euphoria360> 7657 is standard?
07:05 <+esde> euphoria360
07:05 < vegardx> Probably not. Are you able to access the machine via ssh or something similar?
07:05 <+esde> !obfs
07:05 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
07:05 < tx> Anyone able to help me with static IP allocation?
07:05 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
07:06 < euphoria360> yeah, logged in right now
07:06 <+esde> should be what you need
07:06 < euphoria360> first i need to be sure its the third party.
07:07 < euphoria360> is there anything in the logs which shows that?
07:07 <+esde> obfs just "scrambles" the data over the wire, so any other party but the server/client don't know what's going on
07:08 <+esde> also, there will not be a log entry "NATION-STATE ACTOR TERMINATED CONNECTION"
07:08 < euphoria360> i wish there was a way for me to test the connection on other client beyong here.
07:11 < euphoria360> do confs show anything wrong?
07:11 < euphoria360> or iptable rules?
07:11 -!- suexec [~suexec@voyage.vhost.usr.no] has joined #openvpn
07:16 < euphoria360> I just checked http://www.vpngate.net/en/do_openvpn.aspx?fqdn=vpn209406449.opengw.net&ip=121.166.254.92&tcp=1890&udp=1452&sid=1425388375260&hid=917213 from vpngate and similar things happened. can anyone here test it to see if it works on them or not?
07:16 <@vpnHelper> Title: VPN Gate - Download the OpenVPN Configuration File (.ovpn file) (at www.vpngate.net)
07:20 < suexec> Still stuck here. I have set up a fresh OpenVPN server. I can successfully connect to it with my client, and the client get's a tunnel ip from the server. Once that is up, everything dies. My client is throwing read UDPv4 [EHOSTUNREACH]: No route to host (code=113) . Server appears to be happy.
07:21 < suexec> Any ideas why I lose my connectivity after ips have been set up ?
07:22 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
07:22 < euphoria360> where do you live suexec?
07:22 < suexec> euphoria360, Norway - why? :)
07:23 < euphoria360> nevermind. i have a similar probem and guys here say its because of a third party!
07:24 <+esde> !flowchart
07:24 <+esde> !redirect
07:24 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
07:24 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
07:24 <+esde> check the flowchart
07:26 < euphoria360> i cant even ping server! :(
07:26 < suexec> euphoria360, Have you enabled lzo compression on server and client ?
07:27 < suexec> euphoria360, (or disabled)
07:27 < euphoria360> yes
07:27 < suexec> Didn't make a difference for me either :(
07:27 < euphoria360> how can i check if icmp echo is enabled or not
07:29 < euphoria360> i can ping my server on wan if that says it.
07:29 < suexec> What do you mean buddy?
07:30 < euphoria360> i cant ping my server in vpn subnet, but i can via wan.
07:30 < euphoria360> my iptables allows it.
07:31 < euphoria360> !nat
07:31 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
07:32 < euphoria360> damn. Ive done all this. still no luck.
07:33 < euphoria360> suexec: can you connect using this ovpn file from vpngate? :http://www.vpngate.net/en/do_openvpn.aspx?fqdn=vpn209406449.opengw.net&ip=121.166.254.92&tcp=1890&udp=1452&sid=1425388375260&hid=917213
07:33 <@vpnHelper> Title: VPN Gate - Download the OpenVPN Configuration File (.ovpn file) (at www.vpngate.net)
07:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:34 < suexec> euphoria360, I have other working vpn connections, yes
07:34 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:35 < euphoria360> even this one? .im trying to compare my internet connectivity with yours, if thats ok with you?
07:37 < euphoria360> if you have a working vpn with that ovpn file, it probably means some IPS is F&^ing me!
07:37 <+esde> euphoria360, don't get upset. take things slowly and you will solve your issue.
07:39 < euphoria360> esde: im not upset. things like this seem to happen alot here, though i was skipped from it for 2 years.
07:39 <+esde> what country
07:39 < euphoria360> Iran
07:40 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
07:40 <+esde> Damn
07:40 <+esde> This channel is where you need to be for help, that's for sure :D
07:41 < euphoria360> I must say stunnel+squid worked pretty well for me, since its pure ssl, not distinguishable from regular https traffic.
07:41 <+esde> Ok now stop there for a sec
07:41 <+esde> listen to what you just said
07:41 < euphoria360> through stunnel?
07:41 <+esde> That's similar to how obfs works
07:42 <+esde> it makes openvpn traffic unrecognizable
07:43 < euphoria360> doesnt it get mixed up on client side? since stunnel is an app too and after vpn connects some kinda loop occur?
07:43 <+esde> i dont suggest using stunnel+openvpn, sorry if you got that from what i said
07:43 <+esde> i was comparing your last working setup with openvpn+obfsproxy
07:44 <+esde> in that, obfsproxy might make your correctly configured openvpn work, since it will make the traffic look like a bunch of random bits and bytes to anyone watching it
07:44 <+esde> making it less likely they will terminated the connection :)
07:45 < euphoria360> even with obfsproxy. shouldnt i put the client side of it on other computer in clients network
07:45 <+esde> I've never used obfs myself, so i cant speak to its configuration in detail. all i know is that the proxy must be configured on the client too for it to work.
07:46 <+esde> maybe if you moved the port to 443, it may have a better chance
07:46 < euphoria360> port 443 is busy :)
07:46 < euphoria360> i tried 110
07:46 <+esde> --port-share
07:47 <+esde> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
07:47 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
07:47 <+esde> ctrl + f port-share
07:47 <+esde> :)
07:48 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
07:49 < euphoria360> let me disable webserver temporarily and check it out
07:49 <+esde> you dont have to
07:49 <+esde> you can leave it up and use port-share in your config(s)
07:50 <+esde> port-share specifically allows HTTPS and openvpn to run on the same port(443)
07:51 < euphoria360> all i need to do is add that to command?
07:51 <+esde> check the manpage for complete instructions
07:52 <+esde> the one time i used it, i added the directive to my server conf, as "port-share 443"
07:52 <+esde> oh crap
07:52 <+esde> it was the ip:port
07:52 <+esde> not just port number. (i only ran that config once to try it, but it did work)
07:54 < euphoria360> im gonna check it out. ill report back asap
07:55 < euphoria360> can u check my server and client conf too. i feel something may be wrong in them :)
07:55 <+esde> no problem 1 sec
07:55 < euphoria360> thanks.
07:57 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
07:58 <+esde> everything looks fine
07:58 < euphoria360> thankg god. phew
07:58 <+esde> once you get it working, check out !hardening though
07:59 < euphoria360> ok. i will
07:59 <+esde> tls-auth, tls-cipher, cipher and auth directives would be great
08:01 < suexec> esde, any idea what I could look for in regards to my problem? tun connection establishing perfectly, but as soon as it's connected and ips have been set, everything dies. Client can't ping server ip or any other ips.
08:01 <+esde> !welcome
08:01 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
08:01 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:01 <+esde> !logs
08:01 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
08:01 <+esde> !configs
08:01 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
08:02 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
08:02 <+esde> krzee, you aboooot?
08:03 < euphoria360> ok. server ready, lets change client port :)
08:03 <+esde> euphoria360, it could be your rules
08:03 <+esde> wait a sec
08:03 <+esde> http://pastebin.com/UQp0rBfF
08:03 <+esde> line 92
08:03 <+esde> is that supposed to be for openvpn?
08:04 < euphoria360> yes
08:04 <+esde> are you using ufw?
08:04 < euphoria360> what?
08:04 <+esde> uncomplicated firewall
08:04 <+esde> sudo ufw status
08:05 < euphoria360> -bash: ufw: command not found
08:05 < euphoria360> its iptables
08:05 <+esde> OK
08:05 <+esde> i see that euphoria360 I'm trying to understand your configuration is all :)
08:05 <+esde> if you had been using ufw, there is a default rule that would need to be changed :)
08:06 <+esde> i think that rule on line 92 is incomplete
08:06 < euphoria360> ive used these for iptables:
08:06 < euphoria360> # iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
08:06 < euphoria360> # iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
08:06 < euphoria360> # iptables -A FORWARD -j REJECT
08:06 < euphoria360> and
08:06 <+esde> destination should be the wan interface or interface ip
08:07 < euphoria360> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source main.ip.address
08:07 <+esde> right
08:07 <+esde> brb work stuff
08:08 < euphoria360> ok, good luck with that
08:10 <+esde> back
08:10 <+esde> yeah that SNAT rule with the wan ip, or a masquerade rule with the wan ip, either should work
08:11 <+esde> but i've never tried with 0.0.0.0/0
08:12 < euphoria360> why i cant see that snat in iptables?
08:13 < euphoria360> btw, same on 443 :(
08:13 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Read error: Connection reset by peer]
08:13 <+esde> what command are you using to show iptables?
08:14 <+esde> !netfilter
08:14 <@vpnHelper> "netfilter" is Under Linux, use `iptables-save` to show firewall rulesets (add -c to include counters.) Do not use iptables -L as it is incomplete & often lies. #netfilter is more on-topic for detailed help.
08:14 < euphoria360> iptables -vnL --line-numbers
08:14 <+esde> ahh that's why
08:14 <+esde> do iptables-save to a file, and pastebin the file
08:16 < euphoria360> http://pastebin.com/XhqMnxga
08:17 <+esde> does line 119 in this paste, correspond to line 92 in the earlier paste?
08:17 <+esde> if so, remove it
08:17 <+esde> (temporarily at least)
08:18 < euphoria360> i guess
08:18 < euphoria360> ok. brb
08:22 < euphoria360> new iptables: http://pastebin.com/5NDwP6wu
08:22 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Sleeping.]
08:22 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
08:22 <+esde> any luck?
08:24 <@krzee> esde, sup?
08:25 < euphoria360> no.
08:25 <+esde> euphoria360, our homie in Iran is having a hard time keeping an openvpn connection
08:26 < euphoria360> :)
08:26 <@krzee> sure, they use a firewall similar to china
08:26 <@krzee> !obfs
08:26 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
08:26 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
08:27 <+esde> That's what I recommended. His configs and routes seem okay to me. He'll gladly provide them if you don't have the scrollback. In the logs it shows the connection initiated, then almost immediately terminated :/
08:27 < euphoria360> that obfuscating will surely limit openvpn usage on android :(
08:27 <@krzee> no reason to see it, i know what it is
08:27 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:27 <@krzee> you said iran, i knew what it was
08:27 <+esde> :)
08:28 <@krzee> if nothing else gets the android client on, you could make a second instance of openvpn just for it, and use statickey there
08:28 <@krzee> statickey has no signature to detect
08:28 < euphoria360> krzee: but it happened recently, maybe a week. still same reason?
08:28 <+esde> in week they made changes that effected you, it seems
08:28 <+esde> they're constantly tweaking the great firewalls
08:28 <@krzee> euphoria360, i dont use internet in iran, it should be the problem.
08:28 < euphoria360> its very probable
08:29 <@krzee> put it this way, it *SHOULD* break openvpn
08:29 <@krzee> it breaks it based on the connection signature
08:29 <@krzee> (which statickey does not have)
08:30  * esde passes krzee a cup of coffee and a bowl
08:30 <@krzee> (but statickey only connects a single client)
08:30 < euphoria360> ok. i need to read about this static key then.
08:30 <@krzee> esde, good man!
08:30 <@krzee> !statickey
08:30 <@vpnHelper> "statickey" is (#1) you can use static keys by using --secret </path/to/key> or (#2) static keys only work for ptp links, not client/server. They also do not provide forward encryption. A forward-secure encryption scheme (such as openvpn uses with certs) protects secret keys from exposure by evolving the keys with time. or (#3) see !forwardsecurity for more info
08:30 < euphoria360> damn, my friends will be ditched then :D
08:30 <@krzee> !obfs
08:30 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
08:30 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
08:30 <@krzee> thats how id do it ^^
08:31 <+esde> Eugene, no no no
08:31 <+esde> ooops
08:31 <+esde> lol
08:31 <+esde> euphoria360, no
08:31 <@krzee> theres also an xor patch that you could use if you like, but ofbsproxy is the smarter way
08:31 <+esde> he's saying use different instances for your android
08:31 <+esde> and give them their own static keys
08:31 <@krzee> ya im saying that *can* be done
08:31 <+esde> openvpn is light and having multiple instances shouldnt be an issue
08:31 <@krzee> if you cant figure out how to get your android using a proxy
08:32 <@krzee> (although that should work just fine)
08:32 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
08:32 < euphoria360> its a wonder how this firewall made me learn such things!
08:35 < euphoria360> Ok. I'll try static key tonight. Thanks for your great efforts on helping me. Much appreciated seeing you guys helping!
08:36 <+esde> It's a wonder such firewalls exist. They are ineffective against determined users.
08:36 < euphoria360> Ill report back then
08:36 <+esde> euphoria360, no problem
08:36 <+esde> dont forget
08:36 <+esde> you removed the forward rule from before, if you try again later, play with adding it back in if everything doesnt work right the first time
08:36 < euphoria360> ok
08:36 <@krzee> esde, do you use passwords?
08:36 <+esde> no
08:37 <@krzee> nowhere!???
08:37 <@krzee> not even email?
08:37 <+esde> no?
08:37 <+esde> oh yeah
08:37 <+esde> i thought you meant for openvpn
08:37 <@krzee> They are ineffective against determined users.
08:37 <@krzee> :-p
08:37 < euphoria360> :)
08:37 <+esde> Well yeah, this is true
08:37 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:38 <@krzee> hell even iran's nuclear facility's air gap proved to be ineffective against determined users.
08:38 <+esde> BACK
08:38 <+esde> BACK
08:38 <+esde> IN
08:38 <+esde> BLACK
08:39 <@krzee> fact is, thats no reason to stop trying to impliment security
08:43 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
08:43 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
08:48 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
08:49 -!- happyone [~happyone@108.170.48.242] has quit [Ping timeout: 246 seconds]
09:05 -!- hotwings [hd@secksy.net] has left #openvpn []
09:08 -!- tx [~texta@pdpc/supporter/professional/texta] has quit [Remote host closed the connection]
09:11 -!- grendal_prime [~sgraham@173-166-255-77-stockton.hfc.comcastbusiness.net] has quit [Ping timeout: 255 seconds]
09:15 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 272 seconds]
09:16 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
09:22 -!- mattock is now known as mattock_afk
09:23 <+esde> hostip.info is showing my residential ip as CloudFlare. I think that's funny.
09:26 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
09:38 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:42 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
09:50 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
09:58 -!- euphoria360 [~euphoria3@151.240.155.118] has quit [Ping timeout: 256 seconds]
10:02 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: No Ping reply in 180 seconds.]
10:02 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has quit [Ping timeout: 250 seconds]
10:03 -!- K1rk [~Kirk@5.135.221.149] has quit [Ping timeout: 250 seconds]
10:03 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has joined #openvpn
10:06 < suexec> esde, I think I fixed my problem ..
10:06 <+esde> what was it?
10:07 -!- K1rk [~Kirk@5.135.221.149] has joined #openvpn
10:07 < suexec> esde, I think I had some junk static routing in my routing table, and it was forcing my vpn gateway traffic over the wrong interface
10:07 <+esde> ooops
10:09 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
10:09 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
10:10 < suexec> esde, at least I have managed to bring the connection up etc. Now I need to set up transportation so internet works through the vpn :)
10:11 < suexec> (and link in my home network so I can reach internal servers)
10:11 <+esde> !redirect
10:11 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
10:11 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
10:11 <+esde> should get ya going
10:11 <+esde> oh and
10:11 <+esde> !linipforward
10:11 < suexec> Yeah, I think I pretty much have it down what I need to do
10:11 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
10:12 <+esde> Sweet, any questions just ask! :)
10:12 < suexec> Cheers ! And sorry for wasting your time on a silly mistake :)
10:13 <+esde> the time would have been waste had you given up!
10:15 < suexec> OK, I've definitely tracked down what is happening.
10:15 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
10:17 < suexec> My setup here is a bit weird. I have a nic, eth0, with two virtual vlans, eth0.50 and eth0.60 . eth0 has a fake address, 1.1.1.1, netmask 255.255.255.255. OpenVPN, when connecting, creates correct tunnels etc, but also creates a static routing for my VPN ip, using 1.1.1.1 as GW... once I delete the 1.1.1.1 routing and add a proper one through vlan 60, everything works fine.
10:17 < suexec> Not quite sure if this is a problem that "just is" because my setup is so strange .. or if I have done something wrong in my configs..
10:17 <+esde> did i miss your logs aond configs somewhere?
10:30 -!- shio [marmot@145.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
10:36 < suexec> esde, nah, I didn't paste them. just a few snippets I figured might matter.
10:36 -!- grendal_prime [~sgraham@12.237.60.194] has joined #openvpn
10:39 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 255 seconds]
10:39 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:44 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
10:46 -!- shio [marmot@145.121.101.84.rev.sfr.net] has joined #openvpn
10:56 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Quit: Leaving]
10:57 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:01 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Ping timeout: 256 seconds]
11:08 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
11:25 < suexec> esde, openvpn is adding a static route to my.vpnserver.com on the wrong interface. Do you know where I can configure this? (on the client)
11:26 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:35 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
11:39 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Ping timeout: 252 seconds]
11:43 -!- grendal_prime [~sgraham@12.237.60.194] has quit [Ping timeout: 256 seconds]
11:47 -!- euphoria360 [~euphoria3@151.240.155.118] has joined #openvpn
11:47 < euphoria360> hi again :)
11:48 < euphoria360> i did the static key point to point config
11:49 < euphoria360> and i seem to have a stable connection. but my traffic is not routed through it.
11:52 < suexec> euphoria360, I managed to solve my problem :)
11:52 < euphoria360> oh! happy to hear it.
11:52 < euphoria360> what was it?
11:53 < suexec> My client was creating a static route to my vpn server on the wrong interface, so as soon as I connected all connectivity was lost.
11:54 < euphoria360> oh.
11:54 < euphoria360> Well, you now more about openvpn. thats for sure
11:55 < euphoria360> thanks to the problems.
11:55 -!- mattock_afk is now known as mattock
11:56 <+esde> euphoria360, nice!!
11:56 < euphoria360> Do you know what route should i use on client to redirect all traffic through openvpn?
11:56 < euphoria360> hi esde.
11:56 <+esde> see the factoid
11:56 <+esde> !redirect
11:56 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
11:56 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
11:56 < suexec> euphoria360, add a push directive to your server, and set up masquerading
11:57 < euphoria360> ok. but seems the sttatic mode doesnt like it
11:58 < suexec> euphoria360, somewhere along the lines of adding : push "redirect-gateway def1" : to your server config (that will override default gateway on client), add an iptables rules like this iptables -t nat -A POSTROUTING -s 10.1.0.0/24 -o eth0 -j MASQUERADE <- replace as necessary. And make sure /proc/sys/net/ipv4/ip_forward says "1" ;)
11:59 < suexec> I got to run. Let me know how you get on!
11:59 <+esde> oh yeah
12:00 < euphoria360> ÝÇÔÝäÓ ÓÚËØËÒ
12:00 < euphoria360> damn
12:00 < euphoria360> thanks suexec
12:00 < _snd> morn. i just upgraded from 2.3.3 to 2.3.6 and suddenly openvpn dosn't want to accept my server side cert, and exists with "X509 name was missing in TLS mode (OpenSSL)" and google turns out pretty much nothing useful related to this. anyone here seen this happen?
12:00 < euphoria360> i dont know why my lang changes everytime i fireup opvpn client :)
12:02 < euphoria360> since im on openvz and my public ip is on venet0:0, should i put it instead of eth0?
12:02 <+esde> i think so
12:03 <+esde> and dont forget to adjust the subnet
12:03 <+esde> 10.1.0.0 becomes 10.48.70.0 in your case, i think
12:08 < euphoria360> damn, it doesnt work
12:09 < euphoria360> i choosed other subnet for it. 10.49.0.1 10.49.0.2
12:09 < euphoria360> im gonna pastebin configs if thats ok
12:11 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
12:13 < euphoria360> http://pastebin.com/dJu7DmVV
12:15 < euphoria360> nice trick btw. I feel pretty close to the solution
12:16 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
12:17 < euphoria360> I added  "iptables -t nat -A POSTROUTING -s 10.49.0.0/24 -j SNAT --to-source 23.239.159.135" to iptables too
12:18 < euphoria360> but seems no thing is pushed to client: http://pastebin.com/f5rhgsEH
12:19 <+esde> two things
12:20 <+esde> line 7
12:20 <+esde> is already forwarding openvpn client traffic through your wan ip
12:20 <+esde> line 8 is trying to do the same thing but the subnet is defined wrong
12:22 < euphoria360> as i said i added it after pastebin
12:22 < euphoria360> its now like line 8 but with new subnet
12:22 <+esde> reading up now
12:22 <+esde> ok remove 7 then
12:23 < euphoria360> sorry line 7
12:23 < hikenboot> rob0, you around?
12:23 <+esde> looking at the bottom i see your configs
12:23 <+esde> line 8 reflects those configs
12:23 < euphoria360> yes
12:23 <+esde> line 7 does not
12:23 < euphoria360> let me paste new iptables
12:24 -!- mattock is now known as mattock_afk
12:24 <+esde> paste it all, client and server conf and iptables please
12:25 < euphoria360> http://pastebin.com/dJu7DmVV
12:25 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
12:25 <+esde> redundant rules are redundant
12:26 < hikenboot> bb in a few
12:26 <+esde> 7-10 are all trying to do the same thing, that's bad.
12:26 < euphoria360> ok ill delete all but last one
12:26 <+esde> Right
12:27 <+esde> and if that fails, remove that rule and replace it with it's SNAT equivalent
12:32 < euphoria360> esde: something weird! on client side (win8box) there is no default gateway or dns server on ovpn adapter
12:33 < euphoria360> although i pushed it via server, it didnt happen on client, no redirect gateway
12:34 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Quit: por que no los dos]
12:34 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:34 <+esde> im a little tied up at the moment :/
12:34 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
12:35 < euphoria360> ok. ill wait if thats ok/possible.
12:40 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 265 seconds]
12:41 -!- F-G0z [~G0z@ANantes-658-1-61-198.w83-204.abo.wanadoo.fr] has joined #openvpn
12:43 < F-G0z> Hello, I lost a certificate (I don't have any copies), what are my options (except restore my server) ?
12:44 < F-G0z> (a client certificate)
12:44 < euphoria360> you can create new one
12:45 < euphoria360> did you generate i useing easy-rsa in /etc/openvpn?
12:45 <@dazo> F-G0z: revoke your old certificate and generate a new one
12:46 <@dazo> euphoria360: shame on you ... never put easy-rsa CA files in such a directory  (I know a lot of blogs does that, but it is wrong, wrong, wrong!)
12:46 <@dazo> euphoria360: the CA files should ideally be on an offline medium, only to be be made available when you need to sign a new certificate
12:46 < euphoria360> :) sorry. im a noob, and thats what they all say
12:47 < euphoria360> i usually put them in /etc/pki
12:47 <@dazo> euphoria360: If I would get a cent each time someone read those erroneous blogs, I'd be a billionaire in a year
12:47 < F-G0z> Yes I generate it using easy-rsa, and I use the command ./clean-all, but I forgot to revoke one. It was a test.
12:47 <@dazo> F-G0z: if you did clean-all ... then you start from scratch
12:47 <@dazo> clean-all removes absolutely everything
12:47 < euphoria360> :) seems he had lost ca
12:48 <@dazo> yeah :)
12:48 <@dazo> There are one really important file which never ever must be lost ... the CA private key.  That is the one which used to sign certificate requests.  If that gets lost, you can't trust the CA any more
12:49 < F-G0z> Sry, I will be back in 40mins.
12:49 <@dazo> the openvpn server needs just these files:  ca.crt (the CA certificate, which is public), server.crt, server.key and dh*.pem
12:49 <@dazo> the openvpn clients only needs: ca.crt, client.crt and client.key
12:50 <@dazo> from that, the server can validate client certificates (because it has a copy of the CA certificate of the signing CA key) ... and same for the client, it can validate the server
12:51 <@dazo> and that's how the certificate authentication works .... well, there are a few more attributes inside the certificates which are used (expiry dates, server hostname/client name, etc)
12:52 < euphoria360> dazo: due to some circumstances i have to use openvpn with static key, so there is no fingerprint for IPS'es and I'm safe from Gov. It worked and i can connect/ping the vpn server. but no gateway redirect and client doesnt get any pushes.
12:52 <@dazo> euphoria360: in that case, you don't need easy-rsa at all ... as you only use --secret
12:52 < euphoria360> i did. easy rsa is dead now.
12:52 <@dazo> but yeah, I see the issue with such state-controlled firewalls
12:53 < euphoria360> here is my iptables and confs. http://pastebin.com/dJu7DmVV
12:54 < euphoria360> esde was helping me, but he is busy atm.
12:54 <@dazo>  10.49.0.0/24 is your VPN?
12:54 < euphoria360> internal vpn ip. yeah
12:54 <@dazo> good
12:54 <@dazo> -A FORWARD -j REJECT --reject-with icmp-port-unreachable
12:54 <@dazo> -A FORWARD -s 10.49.0.0/24 -j ACCEPT
12:55 <@dazo> those two lines needs to be swapped
12:55 <@dazo> you do a reject before you allow forwards from the VPN
12:55 < euphoria360> oh!
12:55  * esde takes notes
12:55 <@dazo> this is not related ... but you have a lot of duplicated "fail2ban" lines .... you can clean up that as well :)
12:57 <@dazo> (in fact the whole fail2ban setup seems broken :/)
12:58 < euphoria360> i did it. but still no luck
12:58 < euphoria360> nothing is pushed to client
12:58 <@dazo> please do another iptables-save and pastebin that
13:00 <+esde> tl;dr - euphoria360 is in Iran and has to work around the great firewall. The user (as you might have already noticed) is ready to put forth the time and effort to get it working. :)
13:00 < euphoria360> thanks esde
13:00 <@dazo> yeah :)
13:01 < euphoria360> you seem to encourage people like us
13:01 <+esde> Well yeah, you're being oppressed
13:01 <+esde> and thats fucked up
13:01 <+esde> so i try to help deliver freedom
13:01 <+esde> just not the kind that explodes on impact
13:01 <+esde> lmao
13:03 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
13:03 < euphoria360> thanks. i ddont beleive in exploding kind of freedom either
13:04 < euphoria360> this IP dont wanna change Errrrrr!
13:04 <+esde> Can you describe what's happening? How far down the flowchart do you make it?
13:05 <@dazo> euphoria360: I'd expect your firewall rules should look something like this ... I've cleaned up all the duplicated mess you had ... http://fpaste.org/192898/54094761/
13:05 < euphoria360> new iptables: http://pastebin.com/iP83FTDW
13:05 <+esde> wow
13:05 <+esde> such truncate
13:05 <+esde> many space
13:05 < euphoria360> thanks dazo, ill get at it after this mess
13:06 <+esde> euphoria360, his rules might make it work
13:06 <+esde> that was the idea
13:06 <+esde> s/might/"will likely"/
13:06 <@dazo> duh!  I did the same mistake you had in FORWARD ... so you need to flip those lines in my attempt here
13:07 <@dazo> euphoria360: I'd remove the  bypass-dhcp flag ... that's not relevant to your setup at all
13:07 < euphoria360> hehe, ok
13:07 <@dazo> (you use tun ... and tun can't tackle dhcp anyway)
13:08 <@dazo> euphoria360: so you have an established openvpn connection and can ping 10.49.0.1 from 10.49.0.2 and vice versa?
13:09 < euphoria360> yes
13:09 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:09 < euphoria360> let me check vice versa
13:10 <@dazo> good ... what does this command return on your openvpn server? sysctl net.ipv4.ip_forward
13:10 < euphoria360> 1
13:10 <@dazo> goodie!
13:10 <@dazo> can you pastebin the output of either 'route -n' or 'ip route show' on the client side?
13:10 < euphoria360> i cant ping back
13:11 <@dazo> goodie!  Then it's either firewall or routing
13:11 <+esde> gotta run again, good luck euphoria360!! :)
13:11 < euphoria360> thanks esde. you too :)
13:12 < euphoria360> do they work on win. u want trace route?
13:12 <@dazo> ahh ... windows .... try 'route print' there
13:13 <@dazo> I'm not a Windows user, but I'll do my best
13:13 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
13:13 < euphoria360> thanks i appreciate it.
13:13 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
13:14 < euphoria360> http://pastebin.com/mEbmjr88
13:14 <@dazo> looks good ...
13:15 < euphoria360> ah, so route works on winbox.
13:15 <@dazo> on VPN server ... I suspect you have the tun0 interface configured by openvpn ... try to run 'tcpdump -ni tun0'
13:15 <@dazo>           0.0.0.0        128.0.0.0      10.211.1.14        10.49.0.2     30
13:15 <@dazo>         128.0.0.0        128.0.0.0      10.211.1.14        10.49.0.2     30
13:16 <@dazo> that looks like the default route is configured to go via 10.49.0.2, which sounds reasonable
13:17 < euphoria360> on server it shows this:
13:17 < euphoria360> 22:43:03.749644 IP6 fe80::89f8:d7e3:82db:a26.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
13:17 <@dazo> I have to say, I'm surprised by the  10.211.1.14 ... but that might be Windows quircks I don't know about
13:17 <@dazo> euphoria360: okay ... with tcpdump running ... try to do 'ping google.com' from the client
13:18 < euphoria360> nothing on tcpdump
13:18 <@dazo> okay ... then windows is doing something really wrong with the routing after all :/
13:19 < euphoria360> :S
13:19 <@dazo> That I don't know how to fix :(
13:19 <@dazo> can you add 'verb 4' to your client config and pastebin your client log file?
13:19 < euphoria360> hehe. ok.
13:20 < euphoria360> right away
13:20 <@dazo> Just to see if there's something stupidly obvious ... but it's a far shot
13:20 < F-G0z> Dazo: Thank you for the explanation. :) I still have ca.crt, server.crt, server.key, dh1024.pem. I've just lost one client.crt and client.key. Am I wrong whether I say, it's not a "clean" to keep an used and lost certificate? Is there a way to reset the certificates "database"?
13:21 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
13:22 < euphoria360> http://pastebin.com/L0aLcmr1 . poor pastebin.
13:22 <@dazo> F-G0z: okay, you revoke certificates which are lost or compromised.  Then you get a CRL file (Certificate Revocation List) which you tell OpenVPN.  If a client tries to connect with a revoked certificate, it will reject the connection
13:23 <@dazo> F-G0z: when you do ./clean-all .... you invalidate your CA completely ... you can't sign new certificate, you can't produce CRL files .... and those are key features of a CA
13:23 < euphoria360> i guess similar ovpn file can be used on android too. right?
13:23 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 252 seconds]
13:24 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:24 <@dazo> euphoria360: duh!  I don't think you can use --push in p2p mode (--secret) .... you need to add 'redirect-gateway def1' directly in your client config
13:26 < euphoria360> i did and no luck.
13:27 <@dazo> F-G0z: If you do not revoke a lost certificate, if it is "stolen", "misplaced" or someone you don't know gets access to that client certificate .... that person can connect to your OpenVPN server without any issues ... that's why you should always revoke certificates (or invalidate your CA - which is a pain if you have more servers or users) in such cases
13:27 < euphoria360> plus on android polarssl complains of no client cert
13:27 <@dazo> euphoria360: can you pastebin the new log on the client?
13:28 <@dazo> euphoria360: I don't know if android supports p2p mode .... I'd probably expect plaisthos's version to support it though (OpenVPN for Android)
13:28 < euphoria360> http://pastebin.com/gAaGx8E6
13:28 < F-G0z> dazo: Ok, So what I have to do, it's simply to follow again the installation procedure of openvpn? When I executed ./clean-all, I removed all the certificates, no one will remained (a fresh install would be a great idea)?
13:29 < F-G0z> I mean to regenerate the *.ca, etc...
13:29 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:29 <@dazo> F-G0z: you need to regenerate the complete CA, and get rid of the old server and CA certificates you still have on your server
13:30 <@dazo> you don't need to change anything else than the CA key/cert and server key/Cert
13:30 <@dazo> euphoria360: this looks instantly more correct .... can you also do a 'route print' pastebin again?
13:32 -!- quup [~ppp@unaffiliated/quup] has left #openvpn []
13:33 < euphoria360> http://pastebin.com/VxDpHpQV finally pastebin captcha'ed me :D
13:34 <@dazo> heh
13:34 <@dazo> okay, I think we're spotting the real issue now
13:34 <@dazo>           0.0.0.0        128.0.0.0      10.211.1.14        10.49.0.2     30
13:34 <@dazo>           0.0.0.0        128.0.0.0        10.49.0.1        10.49.0.2     30
13:34 <@dazo>         128.0.0.0        128.0.0.0      10.211.1.14        10.49.0.2     30
13:34 <@dazo>         128.0.0.0        128.0.0.0        10.49.0.1        10.49.0.2     30
13:34 < F-G0z> dazo: I will do that, thanks for the help! :)
13:34 <@dazo> I don't know where the routes mentioning 10.211.1.14 comes from ... but you need to clean up that
13:35 <@dazo> euphoria360: ^
13:35 <@dazo> euphoria360: I believe the routing will work as expected once that is covered ... maybe you've setup some routes manually on the TAP adapter in Windows? or some other applications you run have done some ugly tweaks?
13:35 < euphoria360> ok. I guess i should put more efforts in tomorrow :)
13:36 < euphoria360> maybe. i have vmware too
13:36 < euphoria360> getting late here.
13:36 <@dazo> right ... I dunno what it is ... but I feel pretty confident it'll work when those routes go away :)
13:36 <@dazo> no prob ... enjoy your evening :)
13:37 < euphoria360> dazo: thank you so much for the time. im really grateful people like you exist and are here trying to help, with asking nothing in return.
13:38 < euphoria360> btw its 11 PM :D
13:38 <@dazo> euphoria360: oh, we haven't come to the "return" part yet ;-)  Hang out here and help others ;-)
13:39 < euphoria360> I will. for now have a good day.
13:39 <@dazo> u2
13:39 -!- euphoria360 [~euphoria3@151.240.155.118] has left #openvpn []
13:46 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
14:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
14:24 -!- F-G0z [~G0z@ANantes-658-1-61-198.w83-204.abo.wanadoo.fr] has quit [Quit: leaving]
14:25 < cultavix> I'd like to change easy-rsa'a default_md from sha256 to md5
14:26 < cultavix> simply changing it doesn't seem to work
14:30 -!- speaker1234 [~speaker12@73.38.247.110] has joined #openvpn
14:35 < speaker1234> have a problem with propagating the dns server info from the openvpn server.  on windows it work. I can lookup hostnames on the other side of the vpn.  linux and mac do not have the same behaviour.  on linux, I'm  using ubuntu 14.04 and the openvpn client.
14:36 < speaker1234> what should I look for/at?
14:36 -!- ment0s [~ment0s@cpc6-bahd4-2-0-cust97.14-2.cable.virginm.net] has joined #openvpn
14:38 < ment0s> How can I create bridged network but use client to do bridging ? I have a vpn server and client is connected to it. I want to use client to share this vpn connection in bridge mode so anything that connects to bridge on client will get IP from server is well.
14:39 < ment0s> or it could be even another nat behind clients tap/tun interface
14:42 <@dazo> cultavix: uhm ... that is the most stupid thing I've heard anyone trying in a long time
14:43 <@dazo> !dns
14:43 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
14:43 <@dazo> !pushdns
14:43 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
14:43 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
14:43 <@dazo> speaker1234: ^^^
14:43 <@dazo> ment0s: why do you want to bridge?
14:43 <@dazo> ment0s: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
14:44 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
14:45 < speaker1234> dazo, thanks.  checking..
14:45 < ment0s> hmm,  I basically want to create NAT behind tap or tun interface on client in simple words. Lets say you connect to wifi, you're getting IP from wifi box but traffic actually goes through vpn instead of raw wan
14:45 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has joined #openvpn
14:46 < rkhunter> if ovpn of a provider has <crt> <ca> <key> are they using Certificate (TLS) as Authentication ?
14:46 < ment0s> when wifi box is a VPN client on its own
14:46 <@dazo> ment0s: this is straight forward routing, using --redirect-gateway ... no need to mess around with briding
14:46 <@dazo> rkhunter: yes, at least that is one of their auth methods
14:47 < ment0s> dazo: can you point me into right direction a bit more ?
14:48 <@dazo> ment0s: scroll down on that URL I pointed you at ... to the "Using routing" section
14:48 < rkhunter> dazo, ok when I import it into Network Manager I see it like that it asks for <ca> <crt> <key> but Private Key password is missing. would they VPN provider provide it to me ?
14:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
14:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:49 < ment0s> dazo: ok thanks, gonna read up on that.
14:50 <@dazo> rkhunter: yeah, if they need that ... if that field is blank, NM will not activate that setting when kicking off openvpn (iirc)
14:52  * dazo need to run
14:53 < rkhunter> ok
14:53 -!- dazo is now known as dazo_afk
14:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
14:56 < cultavix> dazo_afk I know it sounds stupid
14:57 < cultavix> dazo_afk we've got these old industrial vpn routers that use really stupid configurations, which I can't change
14:57 < cultavix> dazo_afk they don't support SHA256
14:57 < cultavix> only HMAC-MD5
14:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:57 < cultavix> and BF-CBC
14:57 < cultavix> ciper/digest
14:58 < cultavix> or digest/cipher rather
14:58 < cultavix> anyway, I've figured out a temporary solution... thanks anyway ;)
15:07 < speaker1234> dazo_afk,  re: dns we use push "dhcp-option DNS  10.42.66.245"
15:09 < speaker1234> does not seem to work on ubuntu with the garden variety openvpn client
15:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
15:10 < rkhunter> has anyone come across a VPN that provides <crt> <ca> <key> ?
15:11 < rkhunter> all three? It ain't secure at all, it is just unsafe
15:11 < speaker1234> we do with a private, in house, CA
15:12 < rkhunter> this is totally insecure right ?
15:12 < speaker1234> no.
15:13 < speaker1234> every ssl environment has a CA file
15:14 < speaker1234> it is a reference to the root of the CA hierarchy
15:25 <@krzee> rkhunter, no less secure really, just remember to manage the permissions on your config accordingly
15:25 <@krzee> i mean dont they package the files with the config, all readable by the user?
15:27 <@krzee> encrypt the <key> and i say why not =]
15:28 <@krzee> the other 2 files are public anyways
15:30 -!- ment0s [~ment0s@cpc6-bahd4-2-0-cust97.14-2.cable.virginm.net] has quit [Ping timeout: 246 seconds]
15:30 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
15:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:38 -!- speaker1234 [~speaker12@73.38.247.110] has quit [Ping timeout: 252 seconds]
15:41 -!- ngharo [~ngharo@nexus.sypherz.com] has joined #openvpn
15:49 < ngharo> Hi, I'm trying to figure out why openvpn doesn't recover from temporary name resolution failure
15:49 < ngharo> http://paste.debian.net/hidden/e1253e80/
15:50 < ngharo> I even turned on glibc / nscd debugging but it seems like openvpn doesn't call gethostbyname() syscall or something
15:51 < ngharo> not really sure
15:52 < ngharo> i kind of feel like the problem is elsewhere (libresolv?).. looking for guidance
15:53 < pekster> nscd is a festering, smoldering pile of nuclear waste for DNS caching, and I'd strongly suggest you don't use it for that purpose. Ever.
15:53 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:53 < pekster> Try a caching DNS forwarder instead.
15:53 < ngharo> pekster: yeah, i wasn't using it.  i decided to use it to try and debug my problem
15:55 < ngharo> i have no dns forwarding or cacheing daemons running on the systems where I see this problem
15:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
15:56 < ngharo> i don't know if the kernel or libc (without nscd running) or what is caching
15:57 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 35.0.1/20150122214805]]
15:57 < pekster> Be sure you're connected to a nameserver that can resolve the 'foobar' tld. And probably stop using (or "pretending" to use) space that belongs to the APNIC Debgon Project
15:58 < pekster> Otherwise maybe watch for what should be DNS queries going out at the time of resolution, assuming that you're expecting resolv.conf to be called and a query to be made
16:03 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 252 seconds]
16:08 < ngharo> pekster: thanks.  I'll try to do that.  working on reproducing it on my test machines (only have a bunch of reports in the field).
16:08 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
16:09 < ngharo> i think it only happens when a client is shutdown and moved to a different physical network and whatever is in /etc/resolv.conf is no longer valid at the time openvpn is started
16:10 < ngharo> then some time later, the network configuration is setup for the new location (and /etc/resolv.conf now has correct, reachable, nameservers). but openvpn isn't using the new configuration
16:10 < ngharo> res_init() only called once.  Maybe networking scripts should restart openvpn in this case
16:10 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has quit [Remote host closed the connection]
16:11 < ngharo> ugh, scratch that, res_init() is called in the openvpn_getaddrinfo() call... so that shouldn't be the problem
16:11 < pekster> And IIRC, that's just a glorified proxy around getaddrinfo(3)
16:11 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
16:14 < pekster> Assuming that "Temprorary failure" is originally from getaddrinfo(3), it sounds like the resolver is returning EAI_AGAIN, suggesting that the OS is the one returning that info
16:21 < ngharo> pekster: ya know what, if resolv-retry is infinite i dont think we break out of the loop in openvpn_getaddrinfo()
16:21 < ngharo> meaning res_init() only gets called once
16:21 < ngharo> if im reading that right
16:33 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
16:33 -!- mode/#openvpn [+v s7r] by ChanServ
16:36 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
16:36 < ngharo> so anyways, i'm going to try to create a clear test case and reproduce it and maybe send a patch up to the list if i'm right
16:46 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:59 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
17:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:05 < ngharo> actually super simple to reproduce
17:06 < ngharo> 1) stop openvpn
17:06 < ngharo> 2) throw bogus nameservers in /etc/resolv.conf
17:06 < ngharo> 3) start openvpn
17:06 < ngharo> 4) tail openvpn log, observe resolution failures
17:07 < ngharo> 5) insert legit nameservers into /etc/resolv.conf
17:07 < ngharo> 6) openvpn still fails to resolve hostname
17:07 -!- Milos|Work [~Milos@pdpc/supporter/student/milos] has quit [Read error: Connection reset by peer]
17:10 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
17:11 -!- skbly7 [~Thunderbi@14.139.82.6] has joined #openvpn
17:12 < skbly7> hello, I need help in my openvpn setting. Is anyone free for a while ?
17:13 < skbly7> !welcome
17:13 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
17:13 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:13 < skbly7> !ask
17:13 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
17:14 < skbly7> my settings are working, login and all, but as soon as I add this line in my config 'tun-mtu 64800', it start showing AUTH_ERROR.
17:15 < pekster> ngharo: Thanks for the reproduction (simple enough, it seems.) If you haven't already, would you mind opening a bug if one doesn't exist on the tracker? That'll help ensure it doesn't get lost
17:16 < pekster> !bugs
17:16 <@vpnHelper> "bugs" is https://community.openvpn.net/openvpn if we tell you that you found a bug. go there, open an account, and file a bug report in trac (your forum login is good for the trac too)
17:18 -!- skbly8 [~Thunderbi@104.236.255.55] has joined #openvpn
17:19 < pekster> Don't abuse MTU like that unless you're 100% sure the network path between you is likely to send such insanely large packets without fragmentation
17:19 -!- skbly7 [~Thunderbi@14.139.82.6] has quit [Ping timeout: 246 seconds]
17:19 < pekster> It's a bit like wondering why 20 friends can't get in your car after seeing the clowns do it at the circus.
17:21 < ngharo> pekster: will do!
17:22 <@krzee> hahah
17:22 <@krzee> nice pekster i like the similie
17:23 < skbly8> here is my network speed results without openvpn :
17:23 < skbly8> http://www.speedtest.net/my-result/4186787431
17:23 < skbly8> and this with openvpn :
17:23 < skbly8> http://www.speedtest.net/my-result/4186790789
17:23 <@vpnHelper> Title: Speedtest.net by Ookla - My Results (at www.speedtest.net)
17:23 <@vpnHelper> Title: Speedtest.net by Ookla - My Results (at www.speedtest.net)
17:24 < pekster> And how have you concluded that your path over the Internet (or "wherever" you've send it) is ~64kB?
17:24 < skbly8> yes the path I feel is good enough, because through the same path using ssh tunnel I get same speed almost (not lowering) i.e. socks5
17:24 < skbly8> and when with openvpn it lowers down drastically
17:24 < pekster> No, you're not listening (or don't understand, in which case you need to ask for clarification)
17:25 < pekster> How have you tested and assured that your Path-MTU between your 2 VPN endpoints, over the natural routing path they take, is at least 64800 bytes?
17:25 < pekster> This is highly abnormal of a setup, hence my question
17:25 <@krzee> !mtu
17:25 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
17:26 <@krzee> skbly8, do you fully understand the link in #2
17:26 < skbly8> ok, telling results after testing once
17:26 < skbly8> reading it
17:26 < pekster> If you're going over the open Internet, you're almost surely doing this wrong from a setup standpoint. Normally you don't even want to mess with link-mtu, but if you do you never want it over your pMTU, less overhead
17:26 <@krzee> if testing did not tell you to raise the mtu, you never should have.
17:26 < skbly8> ok, but just one question
17:27 < skbly8> by increasing this, I should at max have more and more fragmentation resulting to more lower speed
17:27 < skbly8> but why am getting AUTH_ERROR ?
17:27 <@krzee> it shouldnt even send
17:27 <@krzee> because you never fill up your clown car and get it out the pipe
17:27 <@krzee> your isp laughs at it
17:27 < pekster> krzee: Nah, IIRC openvpn tries pretty hard to fragment things in the face of sheer stupidity
17:28 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:28 < pekster> skbly8: My guess is that both ends aren't agreeing on the MTU (probably spewing OCC warnings at you in the !logs.) But this is a silly thing to try because you can't magically make big packets go across the Internet that is <=1500 MTU*
17:29 < pekster> [*] (unless you're an expert who has configured a small part of the Internet in an advanced way and Know What You're Doing™. I don't think this describes your setup.)
17:29 <@krzee> if we were talking to jjk then yes
17:29 <@krzee> haha
17:29 < pekster> Maybe try `man tracepath` and read about how it can help you identify MTU
17:30 < pekster> krzee: Well, again I'm thinking WAN or other dedicated link (dark fibre anyone?) with a particularly large MTU, but then the admins would know what they've done and why
17:31 < pekster> 64k seems a bit excessive, but I'm not really up on bleeding edge high-capacity link theory (maybe it has merit in the >10Gbps realm, who knows)
17:32 <@krzee> yep, if jjk was adjusting his mtu that high i would know better than to question him ;]  most everybody else will be assumed that 64kb mtu over internet is foolish until they say they know better
17:32 < pekster> IPv6: making everyone re-learn the lessons that were identified in IPv4 and most folks ignored. :\
17:32 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:33 <@krzee> haha
17:34 <@krzee> https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux
17:34 <@vpnHelper> Title: Gigabit_Networks_Linux – OpenVPN Community (at community.openvpn.net)
17:34 <@krzee> seems to have merit over 10gbit
17:34 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
17:36 < pekster> But only if the actual link supports it
17:36 <@krzee> but over gigabit its too high
17:36 <@krzee> and yes ^
17:36 <@krzee> this is assuming you are both sides of the link
17:36 < pekster> Otherwise you just force the clown car into the rainwater runoff gutter :\
17:36 <@krzee> ^ lol!
17:36 < pekster> First the alternator. Then the gas cap..
17:37 <+s7r> !ssl3
17:37 <+s7r> is SSL v3.0 dropped by openvpn?
17:38 < pekster> s7r: Looking for !heartbleed maybe? SSLv3 has neven been used by OpenVPN
17:38 < pekster> It hasn't been cool for decades to use known flawed crypto
17:38 <@krzee> !poodle
17:38 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
17:39 <+s7r> heartbleed i guess it's unrelated to openvpn... it's related to openssl
17:39 <+s7r> and if i updated my openssl, server should be ok
17:39 <+esde> just caught up on the scrollback RE: euphoria360, good stuff.
17:39 -!- skbly8 [~Thunderbi@104.236.255.55] has quit [Ping timeout: 264 seconds]
17:39 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 244 seconds]
17:39 <+s7r> !heartbleed
17:39 <@vpnHelper> "heartbleed" is (#1) only affects OpenSSL 1.0.1 through 1.0.1f. Does not affect polarssl or (#2) if running vuln openssl then both client and server keys not protected by tls-auth should be considered compromised. or (#3) android 4.1.2_r1 is the first one to have -DOPENSSL_NO_HEARTBEATS and it is still in master. android 4.1 and 4.1.1 are probably affected. or (#4)
17:39 <@vpnHelper> https://community.openvpn.net/openvpn/wiki/heartbleed or (#5) http://xkcd.com/1354/
17:39 < pekster> Even if you hadn't, openvpn does not use sslv3, so it won't matter. It'll matter for other stuff though
17:39 <+esde> sslv3 suuuuuuuuucks
17:39 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 245 seconds]
17:39 <@krzee> it was poodle that didnt matter
17:39 < pekster> Yea, poodle for SSLv3; 2014 was a bad year for them
17:39 <@krzee> heartbleed did effect openvpn
17:41 -!- skbly7 [~Thunderbi@14.139.82.6] has joined #openvpn
17:42 < skbly7> thank you, I found out it to be, 1472
17:43 <@krzee> aka dont touch the default
17:44 <@krzee> which in general is true of link related settings until you know why you need to change it
17:44 <+s7r> heartbleed affected almost everything using ssl/tls
17:44 <@krzee> you just just randomly decide "hey my link is 64kb packetsize!"
17:44 <@krzee> dont just*
17:44 <@krzee> (in vuln versions of openssl)
17:45 <@krzee> it didnt actually effect me
17:45 < skbly7> yes sure, I would keep this in mind. Thanks once again..
17:46 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
17:46 <@krzee> np
17:46 <@krzee> pekster++
17:46 <@krzee> the clown car reference was epic
17:46 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:47 <@krzee> !karma
17:47 <@vpnHelper> "karma" is nick++ adds karma nick-- adds bad karma, as seen in !ircstats
17:47 <@krzee> !ircstats
17:47 <@vpnHelper> "ircstats" is (#1) See http://secure-computing.net/logs/openvpn.html for all-time IRC stats. or (#2) See http://secure-computing.net/logs/openvpn-devel.html for all-time dev channel IRC stats.
17:49 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
17:50 < redpill> redpill++ lol
17:50 < skbly7> pekster++
17:50 < skbly7> krzee++
17:50 <+esde> krzee++
17:50 <+esde> plaisthos++
17:51 < skbly7> :)
17:51 <@krzee> EugeneKay--
17:52 <+esde> lol
17:52 <@krzee> for giving me one :-p
17:52 <+esde> rob0++
17:52 <+esde> just cuz
17:53 <@krzee> vpnHelper++
17:53 <@krzee> that bot is a trooper
17:53 < rob0> esde++
17:53 < rob0> :)
17:53 <+esde> vpnHelper++
17:54 < pekster> C++
17:54 < rob0> haha
17:54 <@krzee> hah
18:01 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
18:01 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has quit [Remote host closed the connection]
18:09 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
18:11 -!- skbly7 [~Thunderbi@14.139.82.6] has quit [Ping timeout: 264 seconds]
18:20 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
18:22 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
18:24 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
18:25 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
18:26 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:37 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
19:01 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
19:17 -!- grendal_prime [~sgraham@173-166-255-77-stockton.hfc.comcastbusiness.net] has joined #openvpn
19:18 < grendal_prime> ok i have a graphic of what i want to do..
19:18 < grendal_prime> where shall i past this?
19:19 < grendal_prime> this seems like it should be doable..
19:20 -!- pushpop [~marc@unaffiliated/pushpop] has joined #openvpn
19:27 < grendal_prime> hmm
19:27 < grendal_prime> having a hard time explaining myself i guess
19:31 < grendal_prime> can sombody take a look at this see if im crazy or what
19:31 < grendal_prime> http://homeschool.booksnmore.com/webdev-basics/networks/basic-oenvpn-network.pdf
19:32 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 255 seconds]
19:33 < grendal_prime> in that scenario the clients are both on the same vpn instance, so i would think i could just add a route to each client that states the opposite network would be via..what ever ip the other vpn client has on the openvpn concentrator.
19:38 -!- saf1 [~sfn@105.157.211.74] has joined #openvpn
19:44 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:45 < hikenboot> rob0, can I use openssl instead of easy-rsa for a more robust and dynamic Certificate Authority. I am struggling to understand if using easy-rsa limits me in the dynamics of creating client connections on the fly.  Any thoughts?
19:45 -!- voidstar [~voidptr@unaffiliated/voidstar] has joined #openvpn
19:48 <@krzee> hikenboot, easy-rsa is a openssl wrapper
19:48 < rob0> um, not sure why you directed that at me ... anyway: ^^
19:48 <@krzee> look at the source, feel free to change as desired
19:48 < rob0> which is to say, krzee types faster
19:48 < grendal_prime> krzee what do you think is that network diagram possible?
19:49 < hikenboot> thanks, sorry for the miss direction
19:51 <@krzee> grendal_prime,
19:51 <@krzee> !route
19:51 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
19:51 <@krzee> read that well
19:51 <@krzee> it is exactly what you said, but also with a server lan
19:55 <@krzee> and next time jpg > pdf
19:56 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection reset by peer]
19:57 < grendal_prime> kewl..ya i figured it was possible, figured you would know as well.. I just wanted to make sure i was explaining it correctly, The problem i was having was i need the networks on the other side of the clients to see one another.
20:03 -!- pushpop [~marc@unaffiliated/pushpop] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
20:03 < grendal_prime> now does it matter what address i push to the connecting vpn clients?
20:03 < grendal_prime> thats where i get confused
20:06 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
20:11 <@krzee> what do you mean does it matter what address you push to connecting clients?
20:14 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:20 -!- Latrina [~Latrina@adsl-ull-60-211.50-151.net24.it] has quit [Ping timeout: 246 seconds]
20:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
20:22 -!- Latrina [~Latrina@ppp-108-53.26-151.libero.it] has joined #openvpn
20:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
20:34 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 255 seconds]
20:35 -!- saf1 [~sfn@105.157.211.74] has left #openvpn []
20:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:44 -!- bogie [bogie@mail.epow0.org] has quit [Ping timeout: 250 seconds]
20:46 -!- lxusrbin [~lxusrbin@han-solo.atw0rk.net] has quit [Ping timeout: 256 seconds]
20:47 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
20:58 -!- Fandekasp [~Fandekasp@p28147-ipngn100203kobeminato.hyogo.ocn.ne.jp] has joined #openvpn
21:02 -!- lxusrbin [~lxusrbin@han-solo.atw0rk.net] has joined #openvpn
21:03 -!- bogie [bogie@mail.epow0.org] has joined #openvpn
21:04 < Fandekasp> hi there. I tried to use easyrsa to generate a ca file, and a couple crt/key files, with `$ ./easyrsa --batch "--req-cn=kube.example.com@`date +%s`" build-ca nopass` and `$ ./easyrsa --subject-alt-name=DNS:kube.example.com build-server-full kubernetes-master nopass`. I stored them on the master and started my server with them, then copied them as well in my client, and tried to connect to the server wit
21:04 < Fandekasp> h it. Unfortunately, it fails with `F0304 11:51:40.556729   31187 get.go:166] Get https://kube.example.com/api/v1beta1/pods?namespace=default: x509: certificate signed by unknown authority`. did i made a mistake in my easyrsa commands ?
21:05 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
21:12 <+esde> !welcome
21:12 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
21:12 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:12 <+esde> !intro-to-pki
21:12 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
21:12 <+esde> !pki
21:12 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-pki
21:12 <+esde> !howto
21:12 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
21:18 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
21:21 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:23 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
21:27 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
21:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
21:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
22:10 < _snd> morn. i just upgraded from 2.3.3 to 2.3.6 and suddenly openvpn dosn't want to accept my server side cert, and exists with "X509 name was missing in TLS mode (OpenSSL)" and google turns out pretty much nothing useful related to this. anyone here seen this happen?
22:25 -!- hikenboot [~hikenboot@2601:6:7000:5b00::6120] has quit [Ping timeout: 265 seconds]
22:28 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has joined #openvpn
22:31 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
22:36 < rkhunter> who knows about Certificate (TLS) Authentication here ?
22:36 < rkhunter> I don't understand how is that secure ?
22:47 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
23:30 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
23:31 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
23:46 -!- jalcine [~jacky@unaffiliated/webjadmin] has joined #openvpn
23:47 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
23:59 -!- ShadniX [dagger@p5481C735.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
--- Day changed Wed Mar 04 2015
00:00 -!- ShadniX_ [dagger@p5481DD08.dip0.t-ipconnect.de] has joined #openvpn
00:00 -!- ShadniX_ is now known as ShadniX
00:25 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 255 seconds]
00:34 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has joined #openvpn
00:35 < {Civil}> Hey, anyone around atm?
00:35 < {Civil}> !goal
00:35 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
00:36 < {Civil}> Hey, I have setup OpenVPN on a VM behind a firewall, now accessing anything externally works OK, however within the same vLAN when accessing a website with nginx reverse proxy, it shows the user's true IP and not the VPN IP.
00:51 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 244 seconds]
00:54 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has left #openvpn ["Leaving"]
01:06 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
01:27 -!- mattock_afk is now known as mattock
01:30 -!- soLucien [~Lu@130.225.165.39] has quit [Ping timeout: 272 seconds]
01:42 -!- grendal_prime [~sgraham@173-166-255-77-stockton.hfc.comcastbusiness.net] has quit [Ping timeout: 252 seconds]
01:43 -!- grendal_prime [~sgraham@173-166-255-77-stockton.hfc.comcastbusiness.net] has joined #openvpn
01:50 < cultavix> good morning
01:50 < cultavix> I'm trying to setup an openvpn for some industrial routers that use an older version of openvpn
01:51 < cultavix> and you must use SHA1/BF-CBC
01:51 < cultavix> but on the latest version of CentOS, this doesn't seem possible
01:51 < cultavix> any keys I create, are SHA256
01:51 < cultavix> what can I do other than using CentOS 6.5 ?
01:53 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
01:59 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
02:15 -!- soLucien [~Lu@h179.natout.aau.dk] has joined #openvpn
02:16 < cultavix> got it, just copied over the entire easy-rsa folder from an older machine, that did the trick
02:16 < cultavix> these guys should really update their kit
02:16 < cultavix> devices are called "ewon"
02:18 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
02:20 < pekster> cultavix: FYI, if you really need to change the signature hashing in current easyrsa, that's trivial: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc2/easyrsa3/vars.example#L192
02:20 <@vpnHelper> Title: easy-rsa/vars.example at v3.0.0-rc2 · OpenVPN/easy-rsa · GitHub (at github.com)
02:21 < pekster> It's probably unwise to be running network security software on platforms the vendor has long since abandonded, but that's a different problem
02:24 < cultavix> pekster, I agree...
02:25 < cultavix> pekster, we've got systems which have these units embedded
02:25 < cultavix> I'm looking at alternatives at the moment.
02:27 < cultavix> vpnHelper, I was changing default_md
02:27 < cultavix> from sha256 to md5
02:29 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has quit [Ping timeout: 252 seconds]
02:29 < pekster> vpnHelper is a bot (hence the !things it can respond do. It's not going to reply to you unless asked though)
02:29 < cultavix> ah ok haha
02:30 < cultavix> so now I'm setting up static IP's for these things and then I need to setup routes
02:30 < cultavix> I'm using the ccd
02:30 < cultavix> do I put the routes that are behind the client there ?
02:30 < pekster> Is your openssl really so ancient is can't do SHA-2? `openssl dgst -` should show a list of digests it knows about
02:31 < cultavix> so if client is 10.1.0.100 and it has a network of 192.168.11.0/24
02:31 < cultavix> pekster, I don't have access to the client
02:31 < cultavix> it's simply a shitty gui
02:31 < cultavix> with a box for key, cert, and ca cert, hostname, tap/tun, tcp/udp
02:31 < cultavix> that's it
02:32 < pekster> Awesome. Well even openssl 0.9.8 does SHA-2 (has for quite a while) so you're undoubtly running insecure versions of things. Just keep that in mind (stuff like !heartbleed is very much a factor here, so I do hope you're hardening your setup to the extend its security is important. See !hardening for recommendations)
02:32 < pekster> If you want to route to the client-side-LAN, read: !clientlan
02:34 < cultavix> !clientlan
02:34 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
02:34 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
02:36 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
02:37 < cultavix> Yes, so I can ping things behind anything I want
02:37 < cultavix> it's just a case of setting up route
02:37 < cultavix> I think I'll just have all of my routes in the main server.conf
02:37 < cultavix> because we will have about 20-30 different client config files
02:38 < cultavix> will be a pain to have to add routes to every single config file, so I guess pushing them out globally is better in this case
02:40 -!- soLucien [~Lu@h179.natout.aau.dk] has quit [Quit: Leaving]
02:50 < pekster> That's fine, just be sure to set the --iroute right per-client (by ccd file or --client-connect script) or openvpn won't know about the route internally
02:50 < pekster> You could even push a supernet of the client-side routes
02:54 -!- Fandekasp [~Fandekasp@p28147-ipngn100203kobeminato.hyogo.ocn.ne.jp] has quit [Ping timeout: 252 seconds]
03:00 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
03:07 -!- flyingkiwi [~flyingkiw@nat.hamburg.contentfleet.com] has quit [Read error: Connection reset by peer]
03:16 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
03:41 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
03:42 -!- flyingkiwi [~flyingkiw@2a02:8108:600:3fd0:3520:ea01:fc6f:ba9e] has joined #openvpn
03:47 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
03:56 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
04:12 -!- mattock is now known as mattock_afk
04:12 -!- mattock_afk is now known as mattock
04:21 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 255 seconds]
04:29 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:30 -!- shio [marmot@145.121.101.84.rev.sfr.net] has quit [Ping timeout: 250 seconds]
04:36 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
04:44 -!- {Civil} [~Civil@2001:44b8:218d:a400:87a:ebe7:8239:9534] has joined #openvpn
04:49 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:09 -!- dazo_afk is now known as dazo
05:12 -!- {Civil} [~Civil@2001:44b8:218d:a400:87a:ebe7:8239:9534] has quit [Ping timeout: 265 seconds]
05:22 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
05:29 -!- {Civil} [~Civil@ppp118-208-42-40.lns20.bne7.internode.on.net] has joined #openvpn
05:34 -!- shio [marmot@145.121.101.84.rev.sfr.net] has joined #openvpn
05:35 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
05:36 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
05:37 -!- {Civil} [~Civil@ppp118-208-42-40.lns20.bne7.internode.on.net] has quit [Quit: {Civil}]
05:42 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
05:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
05:49 -!- AndrzejL [~AndrzejL@unaffiliated/andrzejl] has joined #openvpn
05:49 < AndrzejL> guys I am having a problem with fail2ban openvpn configuration
05:49 < AndrzejL> configparser.MissingSectionHeaderError: File contains no section headers.
05:49 < AndrzejL> file: '/etc/openvpn/openvpn.log', line: 1
05:49 < AndrzejL> 'Mon Mar  2 19:08:10 2015 OpenVPN 2.3.6 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec  2 2014\n'
05:50 < AndrzejL> how to get the openvpn log to have the section headers...
05:50 -!- mattock is now known as mattock_afk
05:51 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
05:52 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
05:57 < pekster> Sounds like you've misconfigured your log scraper. That's a normal looking openvpn log message to me, and there aren't any options to add "headers" do it, no
06:01 < AndrzejL> eh...
06:01 < AndrzejL> Will try to figure it out :D
06:12 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has joined #openvpn
06:16 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
06:19 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has quit [Quit: Leaving]
06:22 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
06:23 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
06:36 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:07 -!- grendal_prime [~sgraham@173-166-255-77-stockton.hfc.comcastbusiness.net] has quit [Ping timeout: 252 seconds]
07:23 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
07:23 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
07:24 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 255 seconds]
07:25 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
07:36 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:36 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
07:51 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
08:01 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:11 < leo2007> is openvpn affected by the latest SSL FREAK vulnerability?
08:11 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
08:12 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
08:12 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
08:12 <@plaisthos> depend ons the version
08:13 <@plaisthos> in -master the export and insecure ciphers are disabled by default, not sure if these patches are already in 2.3.x
08:14 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:16 < leo2007> plaisthos: thanks
08:19 <@plaisthos> only in -master so far unfortenately
08:19 <@plaisthos> but you can use tls-cipher
08:19 <@plaisthos> !freak
08:20 <@plaisthos> !tls-cipher
08:20 <@vpnHelper> "tls-cipher" is http://sourceforge.net/mailarchive/forum.php?thread_name=48B01B33.6030806%40usa.net&forum_name=openvpn-users
08:20 < leo2007> plaisthos: I cannot get tls-cipher to work.
08:20 <@plaisthos> !learn tls-cipher as To prevent the use of export ciphers or other insecure ciphers use tls-cipher "DEFAULT:!EXP:!PSK:!SRP:!kRSA"
08:20 <@vpnHelper> Joo got it.
08:21 <@plaisthos> leo2007: try that
08:21 <@plaisthos> that is the default in -master
08:22  * leo2007 is trying
08:27 < leo2007> plaisthos: that works great
08:28 < leo2007> plaisthos: I tried to use https://bpaste.net/show/50fb4db404fc
08:28 < leo2007> as recommended in the hardening guide, but it fails
08:29 -!- havingFun is now known as xrosnight
08:32 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 264 seconds]
08:39 <@plaisthos> leo2007: that cipherlist might need tls 1.2
08:39 <@plaisthos> at least the second
08:39 < leo2007> the first one is tls1.0 i think
08:39 < leo2007> Can I have two tls-cipher lines?
08:40 <@plaisthos> yes
08:40 <@plaisthos> but the first is ignored
08:40 < leo2007> do I need that line in the client's profile as well?
08:41 < leo2007> My client is also openvpn 3.6
08:41 < leo2007> 2.3.6
08:41 <@plaisthos> I did not understand the FREAK enough to be sure ...
08:42 <@plaisthos> but if I understand it correct the server needs to have export enabled to make the attack work
08:43 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
08:43 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
08:43 < leo2007> plaisthos: how to break the list into multiple lines so that it is easier to read?
08:43 -!- badon_ is now known as badon
08:44 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:44 <@plaisthos> leo2007: you don't
08:45 <@plaisthos> openvpns parser does not support that
08:45 < leo2007> plaisthos: ok, thanks.
08:47 -!- flyingkiwi [~flyingkiw@2a02:8108:600:3fd0:3520:ea01:fc6f:ba9e] has quit [Ping timeout: 252 seconds]
08:48 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
08:52 < pekster> plaisthos: fwiw, I think that is supported by default (ie: without a --tls-cipher option that excludes it implicitly.) `openvpn --show-tls` seems perfectly willing to use export-ciphers here. --tls-auth likely mitigates that (similar to benefits against heartbleed)
08:53 < pekster> mitigates*
08:53  * pekster was right the first time. Moar coffee.
08:57 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
08:57 < leo2007> I place this tls-cipher line (https://bpaste.net/show/a139b922d925) in my server config but it produces an error:
08:58 < leo2007> Options error: Unrecognized option or missing parameter(s) in common.conf:27: SA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 (2.3.6)
08:59 <@plaisthos> the line might be too long for the parser
08:59 <@plaisthos> dunno
09:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
09:06 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
09:09 -!- flyingkiwi [~flyingkiw@2a02:8108:600:3fd0:1895:3153:646d:a43a] has joined #openvpn
09:14 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:17 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 245 seconds]
09:22 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:23 -!- soLucien [~Lu@5.57.48.71] has joined #openvpn
09:25 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
09:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
09:30 < Schrottfresse> !management
09:30 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read https://github.com/OpenVPN/openvpn/blob/release/2.3/doc/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN or (#3) Enable with `--management 127.0.0.1 1234` (adjust port to taste.) See the manpage for pw and socket options
09:55 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
10:02 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
10:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:06 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 252 seconds]
10:08 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has joined #openvpn
10:08 < v0lZy> hi
10:08 < v0lZy> I'm having  a weird issue I dont know how to approach
10:08 <+esde> !welcome
10:08 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
10:08 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:08 < v0lZy> if I use ipconfig-push like so:
10:09 < v0lZy> ifconfig-push 10.100.200.81 10.100.200.82;push "route-metric 512";push "route 0.0.0.0 0.0.0.0"
10:09 < v0lZy> the client side TAP driver gets 10.100.200.81, and uses 10.100.200.82 as the gateway
10:10 < v0lZy> but all the routes I push as part of the server config, get applied to the base interface IP instead of 10.100.200.81
10:10 < v0lZy> if I dont use the ifconfig-push command to set a static ip, the server and client negotiate 10.100.200.6 for the client and 10.100.200.5 for the gateway
10:10 <+esde> !goal
10:10 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
10:10 < v0lZy> and the routes properly apply to 10.100.200.6
10:12 < v0lZy> the goal is to have the client use 10.100.200.81 for TAP, 10.100.200.82 for GW and push route for 10.100.1.0 - 255.255.255.0 GW 10.100.200.82 interface 10.100.200.82
10:13 < v0lZy> example from windows 'route print' command on the client pc
10:13 < v0lZy>  10.100.1.0    255.255.255.0    10.100.200.82    10.150.174.10    517
10:13 < v0lZy> and otherwise, if i dont use ipconfig-push
10:13 < v0lZy> 10.100.1.0    255.255.255.0     10.100.200.5     10.100.200.6    512
10:14 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:14 < v0lZy> any idea why the right most ip is not 10.100.200.81 in the first line I pasted?
10:14 < v0lZy> I have no clue as to why this happens... could it have to do anything with what permissions the client is running with?
10:18 < v0lZy> esde: the thing is the ipconfig-push command, just for this one client, massively screws up and uses the base interface IP instead of the TAP IP on top of that interface.
10:18 < leo2007> should I place different servers on the same machine in different subnets?
10:19 <@krzee> different openvpn servers?
10:19 <@krzee> you have to.
10:24 < v0lZy> krzee: any idea why ifconfig-push would make the client add routes on the wrong interface?
10:26 <@krzee> user error?
10:26 -!- ScRaMbLe [~S@unaffiliated/scramble] has joined #openvpn
10:26 <@krzee> im not sure what you're even trying to do
10:26 <@krzee> esde asked for your goal, i didnt understand your answer
10:28 < v0lZy> krzee I'm trying to get oen remote machine working with a static ip
10:28 < v0lZy> the server setup works for all the other machines
10:28 < v0lZy> except this one
10:28 < v0lZy> I narrowed the problem down to *why* it doesnt work
10:28 <@krzee> are you using topology net30 or subnet?
10:28 < v0lZy> (i need to rdp into the remote machien that is the vpn client)
10:28 < v0lZy> yes
10:28 < v0lZy> im using topology /30
10:28 <@krzee> thats not a yes/no question
10:28 <@krzee> ok, have you tried subnet?
10:29 < v0lZy> no, because this is not a server side issue..
10:29 <@krzee> !topology
10:29 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
10:29 <@krzee> ok so you're SURE you're picking the right ips?
10:29 <@krzee> because in /30 its very important
10:29 < v0lZy> yes
10:29 < v0lZy> [80 for network] 10.100.200.81 and 10.100.200.82 [83 for broadcast]
10:30 < v0lZy> its on the howto page... its a valid range
10:30 < v0lZy> the thing is
10:30 < v0lZy> the IPs do apply, the client does set 10.100.200.81
10:30 < v0lZy> and it uses 10.100.200.82 as the gateway
10:30 < v0lZy> BUT
10:30 < v0lZy> when i do route print
10:30 < v0lZy> all the routes are added on the wrong interface
10:30 < v0lZy> the route should be set on interface ip 10.100.200.81 (the TAP drivers IP i push from the server)
10:31 < v0lZy> instead, it doesnt set the interface to 10.100.200.81, but 10.150.blah.blah.blah
10:31 < v0lZy> the base ip configured on the network adapter used to connect the computer to the network
10:31 < leo2007> krzee: thanks
10:32 <@krzee> show me the configs (without comments)
10:32 < v0lZy> so its like if i did 'route add 10.100.1.0 mask 255.255.255.0 GW 10.100.200.82', it wouldn't assocciate 10.100.200.82 to being reachable over 10.100.200.81 ... but instead assocciated to 10.150.blah.blah .
10:33 <@krzee> !configs
10:33 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:34 < v0lZy> krzee: client side: https://bpaste.net/show/88141ddfd7b1
10:36 < v0lZy> let me dig up the server conf, hold on
10:39 <+esde> unrelated, but sha1 is broken fwiw
10:40 <@krzee> esde, you'll learn to ignore til they post the other config
10:40 <@krzee> dont get them talking before they do it, or they never will :D
10:40 <+esde> :)
10:40 <+esde> noted
10:40  * esde passes krzee his morning coffee and bowl
10:40 <@krzee> mmm
10:40 < v0lZy> server
10:40 <@krzee> good idea
10:40 < v0lZy> https://bpaste.net/show/44208606c44a
10:41 -!- ScRaMbLe [~S@unaffiliated/scramble] has quit [Quit: forlorn alchemy]
10:41 <+esde> uhm. tun-ipv6, tun, >the client side TAP drive
10:41 <+esde> wat
10:41 <@krzee> v0lZy, still need /var/etc/openvpn-csc/client
10:43 <@krzee> v0lZy, what are 10.100.1/24 10.100.2/24 10.100.3/24 10.100.5/24 ?
10:43 < v0lZy> from openvpnp-csc/client: https://bpaste.net/show/56d10541372d
10:44 < v0lZy> 10.100.[1, 2, 3 and 5].0/24 are other openvpn ranges from other openvpn servers
10:44 < v0lZy> its a bridge kinda thing
10:44 < v0lZy> servers in DC
10:44 <+esde> ...
10:44 <@krzee>  push "route 0.0.0.0 0.0.0.0"
10:44 <@krzee> noooo
10:44 < v0lZy> road warriro and office connect to them.
10:45 <@krzee> see --redirect-gateway
10:45 < v0lZy> krzee: its not there to redirect gateway, its a fake entry
10:45 < v0lZy> notice metric is 512
10:45 <+esde> also why were you mentioning tap driver earlier, when your configs are using tun??
10:45 <@krzee> well its bad.
10:45 < v0lZy> its a windows workaround
10:45 < v0lZy> so that it accepts the network as 'private' not 'public'.
10:46 <@krzee> now show me the client log
10:46 <@krzee> verb 4
10:46 < v0lZy> krzee: I can't show the client log, thats the problem.
10:46 < v0lZy> its executed from a service
10:46 < v0lZy> unless
10:46 <@krzee> why is that?  my answer is very close to being "then i cant bother trying to help"
10:46 <@krzee> !logfile
10:46 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
10:47 < v0lZy> is there a parameter that i can put into a bat script?
10:47 <@krzee> tell the config to log to a file
10:47 <+esde> i dont think there is help
10:48 < v0lZy> krzee: tell the config to log to file ->! yes, that would be helpful. what do i put in the .ovpn file for the client to do so? what is the parameter
10:48 <+esde> log
10:48 <@krzee> !logfile
10:48 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
10:48 < v0lZy> esde: im having problems because this is a machine im accessing remotely through the vpn im trying to troubleshoot
10:48 <@krzee> my bot already told you
10:48 <@krzee> just read what you're given!
10:48 <+esde> !effort
10:48 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
10:48 < v0lZy> let me add the log file
10:48 < v0lZy> and restart the whole thing
10:48 < v0lZy> this will take some minuts
10:49 <@krzee> if it takes longer than the time im waiting for this girl, then i'll be gone
10:49 <@krzee> you and her can race for my attention
10:50 <+esde> i have a feeling she'll win
10:51 < v0lZy> well i have to cycle it
10:51 < v0lZy> since i cant get into it when im using 10.100.200.81
10:51 < v0lZy> so it takes some time to come arround
10:51 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
10:51 -!- soLucien [~Lu@5.57.48.71] has quit [Quit: Leaving]
10:52 <@krzee> what is this some sort of vpn service?
10:54 < v0lZy> its kind of like an on demand vpn i trigger through a little service that runs on the windows box
10:54 < v0lZy> the service goes check a website, if the website raises a flag, the service launches the openvpn client
10:54 < v0lZy> once established, i can rdp into the machine
10:55 < v0lZy> problem is, i cant rdp into it when using 10.100.200.81 because it configures the routes on the wrong interface
10:55 < v0lZy> just for this one openvpn client.
10:57 <@krzee> cool, waiting on the logfile
10:58 < v0lZy> i got it to come up with 81 ip... cant do much wit it, now i removed the csc and booted it off the server... waiting for it to reistablish and grab the 10.100.200.6 ...
10:58 < v0lZy> ok
10:58 < v0lZy> now rdp back in..
10:59 < v0lZy> OK, got the log file
11:00 < v0lZy> let me just publish it online..
11:00 <@krzee> did i just hear correctly that your problem is with using .81 ip and the logfile you're about to give me doesnt use that ip?
11:02 < v0lZy> i didnt reboot the client,  i just terminated the connection on the openvpn server so it came back up using the same config without reloading it
11:02 < v0lZy> so the config would hold both cases.. with 81 and with 6... thats the only way i can do it
11:02 < v0lZy> anyway, from the log fil,e its obvious what the problem is
11:02 < v0lZy> Wed Mar 04 08:56:35 2015 Warning: route gateway is not reachable on any active network adapters: 10.100.200.82
11:02 < v0lZy> Wed Mar 04 08:56:35 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
11:03 <@krzee> you gunna post the config or not?
11:03 <@krzee> err
11:03 <@krzee> log
11:03 <@krzee> and btw, thats NOT the only way you can do it
11:03 < v0lZy> gimme a moment to redact out the ips etc before i post this
11:03 <@krzee> meh
11:03 <@krzee> im gunna go pick up that girl
11:03 <@krzee> took too long
11:03 <@krzee> later
11:04 < v0lZy> thanks for trying krzee
11:04 <@krzee> look into tools like teamviewer
11:04 < v0lZy> krzee: cant do teamviewer
11:04 < v0lZy> i can only load it from the RDP session
11:04 <@krzee> what you cant do is not giving proper logs.
11:04 < v0lZy> and if i clsoe the session, i lose V
11:04 < v0lZy> TV*
11:04 <@krzee> as is, you'll be ignored
11:04 < v0lZy> krzee: im giving you the proper log, i just have to remove some public ips etc from it
11:04 <@krzee> proper log would have the ifconfig-push in it
11:05 < v0lZy> and I *cant* do it otherwise because of the specific situation... i cant get into the remote client any other way than through the VPN which im troubleshooting
11:05 <@krzee> you already stated that wont be in it, and it has taken you like 20min to not post the wrong log
11:05 <@krzee> lol
11:05 < v0lZy> i stated both will be in it
11:05 < v0lZy> with and without ifconfig push
11:05 < v0lZy> with on top
11:05 < v0lZy> without on bottom
11:06 < v0lZy> theres no other way i can do it due to the machine eing remote to me ad only available over this vpn im troubleshooting
11:09 < v0lZy> ok
11:09 < v0lZy> got it
11:09 < v0lZy> krzee: still here?
11:14 <@krzee> i passed by, see its still not posted, and now that im clothed im leaving
11:15 < v0lZy> well
11:15 < v0lZy> if you are willing to take a look at it, ill post it now.
11:15 <@krzee> 30min, good job :D
11:15 <@krzee> bbl
11:15 < v0lZy> ok
11:15 < v0lZy> talk later
11:22 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:24 -!- mattock_afk is now known as mattock
11:40 -!- Mike-- [mad@mx.probie.nl] has quit []
11:50 -!- deever [~deever@yorval.fipscode.net] has joined #openvpn
11:50 < deever> hi
11:52 < deever> is there a way to use non-privileged ports on the client side?
11:54 < deever> or any other way making it possible not to configure all servers i potentially could connect to with different ports?
11:57 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
11:59 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:10 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Sleeping.]
12:14 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
12:23 -!- hikenboot [~hikenboot@2601:6:7000:5b00::6120] has joined #openvpn
12:24 <@dazo> deever: --nobind
12:25 < hikenboot> hi! I understand that eurephia works with freeradius. Is there directions on configuring this with freeradius, and secondly does using freeradius provide me with an advantage when it comes to central management of users for eurephia and also for management of the certificates? I havent found a good  introductory video on radius that can help me know for sure, thanks in advance for any information.
12:26 < v0lZy> krzee: seems the tap was shod... rebooting the server solved the problem.
12:27 <@dazo> hikenboot: ehm ... nobody have told me about a freeradius plug-in for eurephia ... so I dunno about that tbh
12:27 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Sleeping.]
12:28 < hikenboot> no not a plugin but the authentication module works with it....according to this doc http://sourceforge.net/p/eurephia/openvpn-eurephia/ci/official/tree/plugin/auth-pam/README
12:28 <@vpnHelper> Title: eurephia / openvpn-eurephia / [c20aec] /plugin/auth-pam/README (at sourceforge.net)
12:29 <@dazo> hikenboot: oh, I should remove those old releases .... that's just a fork of openvpn with the needed eurephia support patches ... this is no longer needed, as openvpn 2.2 and newer includes the needed bits
12:29 < xrosnight> open-vpn is blocked in China. How to bypass that???????????
12:29 <@dazo> hikenboot: eurephia is essentially an authentication plug-in, similar to auth-pam, auth-ldap and so on ... but with other aspects
12:30 <@dazo> xrosnight: use obfsproxy
12:30 <@dazo> !obfsproxy
12:30 <@vpnHelper> "obfsproxy" is (#1) For a writeup on using obfsproxy with OpenVPN see https://syria.hacktivist.me/?p=148 or (#2) See also !obfs. The link to TrafficObfuscation also contains a setup example
12:30 < hikenboot> I wanted to use eurephia because its firewall rule manipulation capability
12:30 < xrosnight> dazo: thanks!
12:31 -!- mattock is now known as mattock_afk
12:32 <@dazo> hikenboot: I understand that ... but adding more authentication plug-ins on-top of eurephia will become a mess ... so eurephia needs a auth-module for RADIUS in that case, so it proxies the username/password auth to radius and then gives you the firewall features too
12:32 -!- u0m3 [~u0m3@109.96.158.146] has joined #openvpn
12:32 < hikenboot> so your saying one makes the other redundant?
12:34 <@dazo> hikenboot: eurephia does certifcate+username/password authentication + firewall stuff .... auth-pam does only username/password authentication (using the PAM stack) ... and the RADIUS stuff, well, if using it via PAM - it's PAM ... otherwise there might be some auth-radius plugins too to openvpn which does only username/password auth directly against a RADIUS server
12:35 <@dazo> hikenboot: but you can't use eurephia without the username/password authentication ... and especially not when you want the firewall support, as the firewall support uses the combination of client certificate used + username to decide which access profile to use
12:36 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
12:36 < hikenboot> ok then, you know my intentions, (at least I think you do) so can you recommend the best combination I should use (hopefully I wont have to keep bugging you! ;-))
12:36 <@dazo> hikenboot: however, it is possible with the latest git master of eurephia to extend eurephia to proxy the username/password authentication to a third party (such as an RADIUS server) ... but that module needs to be written
12:37 <@dazo> hikenboot: if you need the firewall features, there's not many alternatives to eurephia (at least which I know about) .... but the username/password part is probably the most tricky thing here.
12:38 < hikenboot> yes and also managment and delivery of client certificates
12:38 <@dazo> hikenboot: as eurephia out-of-the-box uses a special SSHA512 algorithm where the password hashes are stored in the database ....
12:38 <@dazo> hikenboot: eurephia currently does not have a mechanism for client cert delivery
12:39 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has left #openvpn []
12:39 <@dazo> (I do have some drafts and plans for a webUI for eurephia, including a CA management module ... but I have not had enough time to poke on that)
12:40 < hikenboot> I might eventually (if this works out pay you to make those extensions) for now I am building a proof of concept hoping that it will look as close to the real thing as possible
12:41 <@dazo> hikenboot: I might be interested in doing that ... but I'll do my best to help you get a PoC running
12:42 <@dazo> hikenboot: I'd advice you then to setup a pretty standard openvpn+eurephia setup without external auth (use the built-in features in eurephia) ... and then, if you get a go and a budget, we can start looking into what kind of authentication modules you need in eurephia
12:43 <@dazo> or it is possible to add some ugly wrapper code in Python, using the "socket auth" example module in eurephia ... where that wrapper code makes a primitive glue between eurephia user/pass auth and RADIUS (or whaterver else is appropriate)
12:43 < hikenboot> thanks, then I will take your advice. Its appreciated
12:44 <@dazo> but I think it's best to get started with the simplest approach first, then extend it from there and see where you end up :)
12:45 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
12:45 -!- kexmex [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
12:45 < hikenboot> ok great (by the way I managed to get openvpn started on amazon cloud, which I was unable to do when I first tried, going to test basic authentication then add eurephia to it.  I almost have the working firewall rules already
12:46 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
12:46 <@dazo> hikenboot: cool!
12:48 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
12:49 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:58 < pekster> !factoids search dynamic
12:58 <@vpnHelper> "dynamicfirewall" is to learn how to modify the firewall based on which client has which ip, please read --learn-address in the manpage (!man)
12:59 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:59 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
13:00 < pekster> hikenboot: I'm sure this is much less polished than the eurephia stuff, but I had a basic framework for dyanmic Netfilter manipulation with atomic ruleset changes. Feel free to glance at it if it's helpful or offers any ideas for your setup: https://github.com/QueuingKoala/openvpn-dynamic
13:00 <@vpnHelper> Title: QueuingKoala/openvpn-dynamic · GitHub (at github.com)
13:00 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 246 seconds]
13:02 < hikenboot> thanks pekster
13:09 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Read error: Connection reset by peer]
13:11 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
13:12 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
13:15 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:26 -!- shio [marmot@145.121.101.84.rev.sfr.net] has quit [Ping timeout: 244 seconds]
13:27 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
14:11 -!- flyingkiwi [~flyingkiw@2a02:8108:600:3fd0:1895:3153:646d:a43a] has quit [Ping timeout: 252 seconds]
14:20 <@krzee> v0lZy, rebooting is basically always a good first thing to try in windows
14:20 <@krzee> not because of openvpn, because of windows :D
14:21 -!- Azrael_- [~idjfiawej@adsl-84-226-228-96.adslplus.ch] has quit []
14:21 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
14:23 < happytoo> guys, can i get your personal opinion? for use with openvpn on a router, what vpn provider would you recommend and why?
14:24 <+esde> Nope
14:24 <+esde> The best VPN provider is yourself :)
14:30 < happytoo> you're killin me, smalls
14:32 <+esde> !freevpn
14:32 <@vpnHelper> "freevpn" is http://www.vpnbook.com/ has free openvpn accounts. we can not speak for anything about them, but hey its free
14:32 -!- u0m3 [~u0m3@109.96.158.146] has quit [Quit: Leaving]
14:35 -!- flyingkiwi [~flyingkiw@95.91.226.32] has joined #openvpn
14:36 <+esde> Unsolicited PM's show poor form
14:37 <+esde> I don't worry about "anonymizing my traffic to and from the internet". I worry about my ISP monitoring activities over the line. With a VPN, all they see is an encrypted connection between my connection and some server in internet-land. With no knowledge of what's traveling over the connection.
14:40 <+esde> Right now I'm actually not using a VPN. But that's only so that I can enjoy my new internet speeds. Over VPN I was being limited to around 30-40Mbps by hardware limitations
14:40 <+esde> and with only 50Mbps to begin with, the bottleneck was negligible
14:41 -!- u0m3 [~u0m3@109.96.158.146] has joined #openvpn
14:43 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has joined #openvpn
14:46 -!- happytoo [~happyone@gateway/vpn/privateinternetaccess/happyone] has quit [Ping timeout: 264 seconds]
14:46 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:50 -!- dazo is now known as dazo_afk
14:52 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
14:54 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn []
14:57 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
15:00 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:11 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Read error: Connection reset by peer]
15:11 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
15:13 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
15:13 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:13 -!- badon_ is now known as badon
15:28 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
15:39 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
15:47 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
15:48 -!- Latrina [~Latrina@ppp-108-53.26-151.libero.it] has quit [Ping timeout: 256 seconds]
15:50 -!- Latrina [~Latrina@ppp-229-33.26-151.libero.it] has joined #openvpn
15:56 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 240 seconds]
15:57 -!- ledoktre [~ledoktre@216.51.224.229] has joined #openvpn
15:59 < ledoktre> greets.  I’ve got a seemingly simple question on tls-cipher.  I have a Debian box, openvpn installed from backports.  I list the supported tls ciphers, choose one by putting a tls-cipher directive in the conf file.  Okay so far.  Do the same on the client (Windows 7) - they both show on both sides, but I cannot connect with this directive set. It just complains about not comptible encryption methods available.  I am just copying the name from `openvpn
15:59 < ledoktre> -show-tls` output.   Am I doing something wrong?
16:01 -!- AndrzejL [~AndrzejL@unaffiliated/andrzejl] has left #openvpn []
16:04 < ledoktre> specifically “TLS_ERROR: BIO read tls_read_plaintext error: error: 140830B5:SSL routines: SSL3_CLIENT_HELLO:no ciphers available
16:05 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
16:06 -!- happyone [~happyone@gateway/vpn/privateinternetaccess/happyone] has left #openvpn ["Leaving"]
16:07 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
16:09 < ledoktre> got it.  I didn’t realize I was on 3.2.2, so I was using a tls cipher that was 3.2.3 only.
16:09 -!- ledoktre [~ledoktre@216.51.224.229] has quit [Quit: ledoktre]
16:12 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
16:16 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:23 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
16:31 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has joined #openvpn
16:40 -!- kimmr [kimmr@gateway/shell/yourbnc/x-tyngbkcxyxgtdvxi] has left #openvpn ["leaving"]
16:49 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has quit [Quit: Leaving]
16:49 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has joined #openvpn
16:57 -!- khaldrogox [~anonymous@50-204-203-130-static.hfc.comcastbusiness.net] has joined #openvpn
16:59 -!- khaldrogox [~anonymous@50-204-203-130-static.hfc.comcastbusiness.net] has quit [Client Quit]
17:02 -!- khaldrogox [~anonymous@50-204-203-130-static.hfc.comcastbusiness.net] has joined #openvpn
17:07 -!- flyingkiwi [~flyingkiw@95.91.226.32] has quit [Quit: Leaving]
17:10 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has joined #openvpn
17:23 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has quit [Ping timeout: 256 seconds]
17:33 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
17:35 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:37 -!- john-soda [~john-soda@179.43.151.228] has joined #openvpn
17:39 -!- john-soda [~john-soda@179.43.151.228] has quit [Client Quit]
17:39 -!- john-soda [~john-soda@179.43.151.228] has joined #openvpn
17:41 -!- john-soda [~john-soda@179.43.151.228] has quit [Remote host closed the connection]
17:44 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
18:08 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:11 -!- al_nz1 [~al@203.96.195.103] has joined #openvpn
18:12 < al_nz1> how would I watch for incoming vpn connections on 1194? netcat?
18:16 < rob0> !management
18:16 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read https://github.com/OpenVPN/openvpn/blob/release/2.3/doc/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN or (#3) Enable with `--management 127.0.0.1 1234` (adjust port to taste.) See the manpage for pw and socket options
18:16 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:16 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
18:16 -!- badon_ is now known as badon
18:17 < pekster> See also !scripts for script hooks
18:18 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
18:25 -!- u0m3 [~u0m3@109.96.158.146] has quit [Quit: Leaving]
18:25 -!- u0m3 [~u0m3@109.96.158.146] has joined #openvpn
18:25 < al_nz1> hey pekster - this is on a NAS type device so I am limited - probably need a command line tool
18:26 < pekster> openvpn *is* a command-line tool
18:28 < pekster> If it's configured in user-hostile way, why not ask the manufacturer how to access it? Or look at a platform that promotes open access (openwrt is nice if you want something embedded, or even a low-end PC works fine for casual use)
18:29 < al_nz1> pekster: I agree - but for various reasons - not options in this case. I think netstat -l is showing me that nothing is listening on 1194 which is probably my problem at the moment
18:29 < pekster> At they very least if it's software or hardware you purchased, the GPL requires that they provide sources for the parts they provided to you (though sometimes those are intentionally crappy and hard to read.) Depends a bit on the rest of the userland, but that's sometimes a place to start. I'd naturally recommend you don't buy shitty vendor lock-in products
18:30 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
18:30 < al_nz1> pekster: yes. indeed
18:31 < al_nz1> hmm - openvpn is showing as running as a service on the server, and configuered for 1194 - but netstat -tl is not showing anything listening on 1194 - might restart the service
18:37 -!- u0m3 [~u0m3@109.96.158.146] has quit [Quit: Leaving]
18:37 -!- u0m3 [~u0m3@109.96.158.146] has joined #openvpn
18:38 < pekster> That might work if openvpn used tcp
18:39 < pekster> You don't want to use tcp (as described in !tcp)
18:39 < al_nz1> my bad - i mean udp
18:42 < pekster> Read netstat(8). Review the options you're likely using incorrectly
18:51 < al_nz1> pekster: getting close - not running in daemon I can see errors logs and thus the error message - something to do with TLS...its enabled both ends....
18:57 -!- khaldrogox [~anonymous@50-204-203-130-static.hfc.comcastbusiness.net] has quit [Quit: khaldrogox]
19:07 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:11 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 246 seconds]
19:15 < al_nz1> pekster:  working now :-)
19:30 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 244 seconds]
19:35 < redpill> !tcp
19:35 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
19:47 < {Civil}> Hey guys, quick question. I have OpenVPN running well, when accessing apache sites and all, it's OK however through nginx reverse proxy it shows the user's real IP and not the VPN IP. THis is only the case with nginx servers though.
19:47 < {Civil}> Is anyone aware of this or has seen this before?
19:47 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:58 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:20 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
20:21 -!- kernal [~kernal@lavaboom.io] has quit [Ping timeout: 250 seconds]
20:21 -!- gardar [~gardar@bnc.giraffi.net] has quit [Ping timeout: 250 seconds]
20:21 -!- julie_harshaw [~julie@juliekoubova.net] has quit [Ping timeout: 250 seconds]
20:21 -!- kernal [~kernal@lavaboom.io] has joined #openvpn
20:27 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
20:28 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:29 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]
20:30 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:47 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
20:53 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has joined #openvpn
21:01 -!- Mutantx [~Carlo@46.166.190.167] has joined #openvpn
21:01 < Mutantx> Has anyone encountered random dramatic drops in Openvpn performance?
21:02 <+esde> !welcome
21:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
21:02 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:02 <+esde> !ask
21:02 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
21:02 <+esde> I realized you asked your question outright, but we need more details and information to go with it
21:04 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
21:11 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
21:14 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 246 seconds]
21:14 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has joined #openvpn
21:15 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has quit [Client Quit]
21:16 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has joined #openvpn
21:34 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:39 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
22:02 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
22:04 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
22:06 -!- euphoria360 [~euphoria3@151.241.47.147] has joined #openvpn
22:07 -!- euphoria360 [~euphoria3@151.241.47.147] has quit [Client Quit]
22:11 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
22:11 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
22:21 < {Civil}> Hey guys, quick question. I have OpenVPN running well, when accessing apache sites and all, it's OK however through nginx reverse proxy it shows the user's real IP and not the VPN IP. THis is only the case with nginx servers though. Is anyone aware of this and or seen this before?
22:21 < {Civil}> !config
22:21 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
22:22 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
22:28 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 256 seconds]
22:28 -!- `hypermist` is now known as sleepypc
22:40 -!- sleepypc is now known as `hypermist`
22:44 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Ping timeout: 265 seconds]
22:52 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
23:01 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 256 seconds]
23:08 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
23:19 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
23:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:39 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
23:48 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
23:53 -!- DrSnowMissle [~Thunderbi@2601:8:ac00:9c4:38aa:cbd2:e460:289c] has joined #openvpn
23:55 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:58 -!- ShadniX [dagger@p5481DD08.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:58 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-kmgcpzbxhaczyjjk] has joined #openvpn
--- Day changed Thu Mar 05 2015
00:00 -!- ShadniX [dagger@p5481D0EB.dip0.t-ipconnect.de] has joined #openvpn
00:08 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:09 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
00:11 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
00:28 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
00:29 < DrSnowMissle> does anyone know how to use autistici?
00:41 -!- mattock_afk is now known as mattock
00:47 < {Civil}> Hey guys, quick question. I have OpenVPN running well, when accessing apache sites and all, it's OK however through nginx reverse proxy it shows the user's real IP and not the VPN IP. THis is only the case with nginx servers though. Is anyone aware of this and or seen this before?
00:50 -!- mattock is now known as mattock_afk
00:52 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
00:57 -!- DrSnowMissle [~Thunderbi@2601:8:ac00:9c4:38aa:cbd2:e460:289c] has quit [Ping timeout: 256 seconds]
01:19 -!- donnib [~donnib@152.115.31.4] has quit [Quit: donnib]
01:33 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
01:37 -!- mattock_afk is now known as mattock
02:01 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
02:14 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]
02:22 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:23 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
02:38 < {Civil}> Hey guys, quick question. I have OpenVPN running well, when accessing apache sites and all, it's OK however through nginx reverse proxy it shows the user's real IP and not the VPN IP. THis is only the case with nginx servers though. Is anyone aware of this and or seen this before?
02:48 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:00 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
03:00 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:00 -!- badon_ is now known as badon
03:08 -!- flyingkiwi [~flyingkiw@nat.hamburg.contentfleet.com] has joined #openvpn
03:25 -!- _snd [~alexh@login.boxed.no] has left #openvpn []
03:45 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
04:01 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
04:04 <@plaisthos> !tls-cipher
04:04 <@vpnHelper> "tls-cipher" is (#1) http://sourceforge.net/mailarchive/forum.php?thread_name=48B01B33.6030806%40usa.net&forum_name=openvpn-users or (#2) To prevent the use of export ciphers or other insecure ciphers use tls-cipher DEFAULT:!EXP:!PSK:!SRP:!kRSA
04:24 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has quit [Ping timeout: 265 seconds]
04:26 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:44 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
04:47 -!- dazo_afk is now known as dazo
05:01 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
05:36 -!- thebloggu [~thebloggu@brg.eurotux.com] has joined #openvpn
05:44 < thebloggu> i'm developing a plugin for openvpn and I'd like to test it. what i'm trying to do in order to test it is setting up an openvpn connection between my computer and a virtual machine (with bridged networking. the virtual machine is the server for 10.0.100.0/24 internal network range. both the client and the server are on 10.10.10.0/24 and I don't know why but whenever i connect the client to the server i get lots of Ws and Rs written to stdout (using
05:44 < thebloggu>  verb 5). can someone help me set the vpn correctly?
05:47 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
05:50 -!- pushpop [~marc@unaffiliated/pushpop] has joined #openvpn
05:50 -!- Chais [~Chais@unaffiliated/chais] has quit [Read error: Connection reset by peer]
05:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
05:59 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:01 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:19 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Sleeping.]
06:20 -!- Eagleman [~Eagleman@546BC480.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]
06:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:31 -!- {Civil} [~Civil@ppp118-208-145-72.lns20.bne7.internode.on.net] has joined #openvpn
06:31 < {Civil}> Hey guys, quick question. I have OpenVPN running well, when accessing apache sites and all, it's OK however through nginx reverse proxy it shows the user's real IP and not the VPN IP. THis is only the case with nginx servers though. Is anyone aware of this and or seen this before?
06:40 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:48 < flyingkiwi> {Civil}, thats obviously a routing "problem". is the nginx in the same LAN as the openvpn clients?
06:48 < flyingkiwi> then nginx gets the "real" ip address and send it (in http headers) to the backend servers
07:07 < {Civil}> Hey flyingkiwi, yeah it is
07:08 < {Civil}> So basically, the setup is as follows: OpenVPN VM behind PFSense firewall, nginx/web servers on another server behind the PFSense server on the same 'lan'. Both servers public IPs are the same as they both go thru the PFSense server
07:08 < {Civil}> I just haven't been able to find any info out about it/how to 'fix' it really..
07:19 -!- FrEaKmAn_ [~erol@cpe-90-157-164-165.static.amis.net] has joined #openvpn
07:19 < FrEaKmAn_> hi all
07:19 < FrEaKmAn_> So, we have a device (some computer) which connects to internet thru GPRS router
07:19 < FrEaKmAn_> because we want to access the device and mobile networks are locked, we must use VPN, more specifically openvpn
07:19 < FrEaKmAn_> my question is: Can I connect the device with VPN to your network and then connect with my computer to your network to access the device?
07:20 < FrEaKmAn_> I was able to do this with out company network, but no VPN can't answer this question
07:20 < FrEaKmAn_> nobody can answer*
07:21 < flyingkiwi> {Civil}, check the file "proxy_params" in nginx conf dir. you'll find something like "proxy_set_header X-Forwarded-For ..."
07:26 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
07:30 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-kmgcpzbxhaczyjjk] has quit [Quit: Connection closed for inactivity]
07:34 < {Civil}> Hey flyingkiwi
07:34 < {Civil}> yeah, have that one set, however i also dropped using that and had same issue, it seems
07:36 -!- FrEaKmAn_ [~erol@cpe-90-157-164-165.static.amis.net] has quit [Quit: Leaving]
07:43 < {Civil}> Using these flyingkiwi
07:43 < {Civil}> proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;        proxy_set_header    X-Forwarded-Host    $host;        proxy_set_header    X-Forwarded-Server  $host;
07:44 <+esde> there is a #nginx channel also on freenode.
07:46 < {Civil}> It's in relation to OpenVPN, under nginx it shows as the user's IP and not the VPN IP when they're both on the same LAN.
07:57 < {Civil}> Hmmp, can't find anything on this though
07:59 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
07:59 -!- mode/#openvpn [+v s7r] by ChanServ
08:03 -!- {Civil} [~Civil@ppp118-208-145-72.lns20.bne7.internode.on.net] has quit [Ping timeout: 240 seconds]
08:12 -!- {Civil} [~Civil@180.214.90.54] has joined #openvpn
08:12 < {Civil}> uhh
08:12 < {Civil}> DC'd
08:12 < {Civil}> Anyway flyingkiwi yeah i have that in nginx config..
08:16 -!- hikenboot [~hikenboot@2601:6:7000:5b00::6120] has quit [Ping timeout: 265 seconds]
08:16 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
08:29 < flyingkiwi> {Civil}, lets say your nginx server is 10.0.0.1. and one of your LAN clients is 10.0.0.2. LAN clients VPN address ist 172.0.0.2. when LAN client tries to reach 10.0.0.1, then its not using the VPN, because the OS found a shorter path to 10.0.0.1
08:30 < {Civil}> ah
08:30 < {Civil}> Hmm, how would I force it to use it though?
08:30 < {Civil}> or rather, is it possible?
08:31 < {Civil}> So, here's the info atm, proxy server is on 192.168.2.239 and it's accessing 192.168.2.201, public IP is 180.*, so I'm OK with either the 192.168.2.239 coming up as the IP accessing it or 180.*
08:31 < flyingkiwi> it is possible. there are many ways. one of them is: push "route 10.0.0.1 255.255.255.255" (in server config)
08:32 < {Civil}> But instead it shows as their IP
08:32 < {Civil}> flyingkiwi already have that
08:33 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
08:33 < {Civil}> I haveee : push "route 10.8.0.0 255.255.255.0"
08:33 < flyingkiwi> thats not good enough
08:33 < flyingkiwi> because your LAN clients *also* have a route 10.8.0.0/24 to the LAN
08:34 < {Civil}> So, I assign users a 10.8.0.X address and on the LAN the LAN ips are 192.168.*
08:34 < flyingkiwi> you can give the route a higher metric.. gimme a second. have so search for it
08:34 < {Civil}> okay
08:35 < flyingkiwi> and whats the nginx' ip address?
08:35 < {Civil}> nginx server is @ 192.168.2.230
08:35 < {Civil}> and VPN @ 192.168.2.239
08:35 < flyingkiwi> push "route 192.168.2.230 255.255.255.255" should do the trick
08:36 < {Civil}> aka adding both what i have and that
08:36 < {Civil}> so push "route 10.8.0.0 255.255.255.0" & push "route 192.168.2.230 255.255.255.255"
08:37 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
08:38 < {Civil}> BRB, disconnecting from this VPN
08:41 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:42 -!- {Civil} [~Civil@180.214.90.54] has quit [Ping timeout: 245 seconds]
08:42 -!- lorens [~lorens@213.27.241.114] has quit [Ping timeout: 265 seconds]
08:44 -!- {Civil} [~Civil@ppp118-208-145-72.lns20.bne7.internode.on.net] has joined #openvpn
08:44 < {Civil}> hmmp flyingkiwi, didn't seem to do it.. strange stuff
09:07 -!- mattock is now known as mattock_afk
09:07 < {Civil}> hmmp flyingkiwi, didn't seem to do it.. strange stuff
09:07 < {Civil}> will look @ it in the morning anyway, 1am and gonna be up in ~5 hrs.
09:07 < {Civil}> Thanks anyway!
09:16 -!- pushpop [~marc@unaffiliated/pushpop] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:17 -!- sammi` [sammi@gateway/shell/devio.us/x-xaxuohhzgtgjddum] has joined #openvpn
09:35 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
09:48 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 256 seconds]
09:52 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
09:57 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:05 <@plaisthos> !tls-cipher
10:05 <@vpnHelper> "tls-cipher" is (#1) http://sourceforge.net/mailarchive/forum.php?thread_name=48B01B33.6030806%40usa.net&forum_name=openvpn-users or (#2) To prevent the use of export ciphers or other insecure ciphers use tls-cipher DEFAULT:!EXP:!PSK:!SRP:!kRSA
10:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
10:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:30 < pekster> That tls-list permits single-DES too :\
10:39 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
10:54 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 245 seconds]
10:55 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:58 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:59 -!- `hypermist` is now known as sleepypc
11:00 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:03 -!- al_nz1 [~al@203.96.195.103] has quit [Ping timeout: 256 seconds]
11:03 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 272 seconds]
11:11 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:16 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
11:24 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Remote host closed the connection]
11:38 -!- mattock_afk is now known as mattock
11:57 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
12:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 252 seconds]
12:02 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
12:04 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
12:06 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 252 seconds]
12:06 < havingFun> anyone's using openvpn in China??
12:06 <+esde> !welcome
12:06 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
12:06 <+esde> !ask
12:06 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:06 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
12:07 <+esde> nothing wrong with asking your question first-thing. but if youre going to ask a channel if X uses Y, you should include more details. That way if any X does use Y, they can immediately assist in a more concise fashion.
12:07 <+esde> instead of wasting time getting more information from you :)
12:09 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
12:15 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
12:20 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 244 seconds]
12:20 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:22 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has joined #openvpn
12:23 < Marc128000> Gents I'm having a problem and its probably something simple that I'm overlooking.
12:23 < Marc128000> General setup is: Client->ovpn->obfsproxy->~~~>obfsproxy->ovpn
12:24 <+esde> !obfs
12:24 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
12:24 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
12:24 <+esde> !configs
12:24 < Marc128000> Here is interesting part before any configs. Openvpn connects happily through the tunnel
12:24 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:24 <+esde> !logs
12:24 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
12:24 <+esde> !pastebin
12:24 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
12:25 < Marc128000> Before I bother anyone kind enough to read through logs and configs, I was wondering if there is a different route that should be added for this setup?
12:25 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
12:25 -!- mode/#openvpn [+v s7r] by ChanServ
12:25 < Marc128000> As soon as ovpn finishes its initilization, connection dies
12:25 < Marc128000> well
12:26 < Marc128000> packets stop routing correctly and everything times out
12:26 < Marc128000> With that I'll start with the configs
12:28 < Marc128000> !paste
12:28 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
12:30 <+esde> Are you just wanting to redirect traffic through the vpn?
12:32 < thebloggu> i'm creating a plugin for openvpn and I would like to run something when a user disconnects. i've tried subscribing to  the OPENVPN_PLUGIN_CLIENT_DISCONNECT callback but it's not working although I can subscribe to connect callbacks. can someone help me?
12:34 < Marc128000> Correct
12:34 -!- daflef [~daflef@unaffiliated/daflef] has joined #openvpn
12:35 < Marc128000> http://ur1.ca/jut0m
12:35 <@vpnHelper> Title: #193963 Fedora Project Pastebin (at ur1.ca)
12:36 < Marc128000> test
12:37 <+esde> !redirect
12:37 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
12:37 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
12:37 <+esde> the flowchart is very useful
12:37 < daflef> anyone else seeing a cert expiration on www.openvpn.net?
12:38 <+esde> not in chrome 1 sec
12:38 < daflef> DDG refers me to the https locations for whatever reason. otherwise I wouldn't have noticed.
12:38 <+esde> https://i.imgur.com/WHzdKow.png
12:38 <+esde> no problems here
12:38 <+esde> other than godaddy
12:39 < Marc128000> That is a nice flowchart, thanks. Sadly it points directly to fix vpn, lol. It was working without obfsproxy, and nothing changed. But to be sure I'll strip obfsproxy stuff out and make sure that is still true
12:40 <+esde> I'm not familiar with configuring obfsproxcy, firsthand, or i'd offer more specific help
12:40 <+esde> *-c
12:42 < daflef> thanks esde. not sure what is up with my connection.
12:42 < daflef> might be something fishy
12:42 <+esde> can i see a screenshot of the cert information?
12:42 < daflef> ahh I see. looks like they just update the cert.
12:42 < daflef> that screenshot shows it goes valid today at 1PM ishj
12:42 < daflef> mine said that it expired today at 12:45POM
12:42 < daflef> I will refresh whatever caches that.
12:43  * esde clow clap
12:43 <+esde> *s
12:43 < daflef> haha. so I suppose I just got in that lucky window.
12:43 <+esde> secure-computing took a little longer to get it's new cert :P
12:45 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has quit [Ping timeout: 240 seconds]
12:47 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:51 -!- mattock is now known as mattock_afk
12:52 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has joined #openvpn
12:53 < Marc128000> Hrm, still same result. Anybody know of a obfsproxy channel?
12:55 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:56 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has quit [Client Quit]
12:56 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
12:58 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 252 seconds]
13:01 -!- thebloggu [~thebloggu@brg.eurotux.com] has quit [Quit: Leaving]
13:39 -!- mattock_afk is now known as mattock
13:40 -!- dazo is now known as dazo_afk
13:51 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
13:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:56 -!- daflef [~daflef@unaffiliated/daflef] has quit [Quit: WeeChat 0.4.2]
13:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
13:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:02 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
14:08 -!- zaggynl [~zaggynl@4dafe030.ftth.telfortglasvezel.nl] has quit [Ping timeout: 246 seconds]
14:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
14:23 -!- pushpop [~marc@unaffiliated/pushpop] has joined #openvpn
14:28 -!- sartan [~sartan@unaffiliated/sartan] has joined #openvpn
14:29 < sartan> Hi fellas! I'm trying to be lazy for a small, small openvpn setup - I've got OpenVPN set up as 'run as a windows service', but i'm not sure how it discovers what .conf files to load when Windows starts or the Service starts.  There isn't much in the readmes about this type of config. I'm looking to avoid opening the openvpn gui or having to run openvpn --config <file>
14:32 -!- zaggynl_ [~zaggynl@4daecf3c.ftth.telfortglasvezel.nl] has joined #openvpn
14:37 <+esde> !effort
14:37 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
14:37 <+esde> you lost me at lazy.
14:42 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:47 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
15:03 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
15:17 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:20 -!- sleepypc is now known as `hypermist`
15:25 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:27 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
15:28 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
15:35 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:40 -!- {Civil} [~Civil@ppp118-208-145-72.lns20.bne7.internode.on.net] has quit [Ping timeout: 272 seconds]
15:42 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
15:53 <+s7r> !freak
15:56 -!- mattock is now known as mattock_afk
16:01 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:09 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:11 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 255 seconds]
16:15 < sartan> Are you fucking kidding me esde? I read the entire documentation, and explicitly pointed out that I _did_ read the documentation
16:15 < sartan> The lazy part is 'i dont want to have to open the gui client each time i reboot'
16:17 < DArqueBishop> sartan: if you run it as a service, it'll load every .ovpn file it finds in the config directory.
16:23 < sartan> Thanks, DArqueBishop. That's what I was looking for.
16:23 < sartan> Noting also that this was not in the documentation :)
16:24 < sartan> That seemed to work perfectly. Thank you very much!
16:25 -!- Mutantx [~Carlo@46.166.190.167] has quit [Quit: Leaving.]
16:36 < DArqueBishop> No problem.
16:36 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has joined #openvpn
16:48 < {Civil}> Hey
16:50 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Ping timeout: 256 seconds]
16:50 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:51 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:53 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
16:55 -!- `hypermist` is now known as sleepypc
16:59 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 252 seconds]
17:01 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
17:01 -!- u0m3 [~u0m3@109.96.158.146] has quit [Read error: Connection reset by peer]
17:02 -!- sartan [~sartan@unaffiliated/sartan] has left #openvpn ["Leaving"]
17:17 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
17:19 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 246 seconds]
17:24 -!- sleepypc is now known as `hypermist`
17:24 -!- u0m3 [~u0m3@109.96.158.146] has joined #openvpn
17:30 -!- FelixIR [~banjo@unaffiliated/felixir] has joined #openvpn
17:36 -!- FelixIR [~banjo@unaffiliated/felixir] has quit [Quit: Leaving]
17:47 < zoredache> Sartan: Did you see the `README.txt` file in the `C:\Program Files\OpenVPN\config`?  I would call that part of the docs...
18:00 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
18:31 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:36 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
18:53 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
19:52 -!- ice9 [~ice9@unaffiliated/ice9] has joined #openvpn
19:53 < ice9> is there better algorithm than comp-lzo?
19:59 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
20:09 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
20:14 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:16 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 244 seconds]
20:28 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
20:35 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:50 -!- ice9 [~ice9@unaffiliated/ice9] has left #openvpn []
21:04 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:28 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
21:43 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Quit: Leaving]
22:26 -!- Mutantx [~Carlo@46.166.190.174] has joined #openvpn
22:27 -!- g-maurizi [~g-maurizi@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has joined #openvpn
22:28 < g-maurizi> can some one please tell me what I am doing wrong here? I followed the official document to the letter and can not connect from openvpn-GUI on windows, here is the output of "openvpn --config /etc/openvpn/server.conf"  ---> http://pastebin.com/S0t7nRwf
22:37 <+esde> !welcome
22:37 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
22:37 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
22:37 <+esde> !configs
22:37 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
22:37 <+esde> !logs
22:37 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
23:07 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Ping timeout: 250 seconds]
23:35 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
23:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:58 -!- ShadniX [dagger@p5481D0EB.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
--- Day changed Fri Mar 06 2015
00:00 -!- ShadniX [dagger@p5481D0F8.dip0.t-ipconnect.de] has joined #openvpn
00:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:16 -!- KeatonT [~keatont@pool-173-71-13-111.dllstx.fios.verizon.net] has quit [Ping timeout: 252 seconds]
00:30 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 252 seconds]
00:33 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
00:35 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
00:37 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
00:37 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
00:38 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Excess Flood]
00:38 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
00:39 < ybgd> openvpn will not connect successfully... at first I got the following error:  "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)"
00:40 < ybgd> then I disabled windows firewall incase it was blocking access to openvpn.exe binary .. not sure if it was or not, but once I turned it off I get a new error
00:40 < ybgd> "read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)" ... repeatedly
00:46 -!- mattock_afk is now known as mattock
00:50 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
00:52 < ybgd> any ideas?
01:04 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
01:07 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
01:10 <@krzee> !timeout
01:10 <@vpnHelper> "timeout" is if you see TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) then your problem is likely one of the following: either the server isnt running, your client is connecting to the wrong ip/port/protocol, the server's firewall/nat has an issue, or one of the ISPs blocks it
01:12 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has quit [Ping timeout: 245 seconds]
01:23 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 255 seconds]
01:25 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
01:26 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
01:43 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
01:43 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:43 -!- badon_ is now known as badon
01:52 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
01:57 -!- Mutantx [~Carlo@46.166.190.174] has quit [Ping timeout: 256 seconds]
01:58 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 244 seconds]
02:11 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
02:46 -!- lorens [~lorens@213.27.241.114] has quit [Remote host closed the connection]
02:52 -!- mrtnt [~martint@martint.data.ee] has joined #openvpn
02:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
03:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:11 -!- tristan_c [~tristan_c@81.141.92.189] has joined #openvpn
03:37 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
03:58 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
04:06 -!- Henryabcd [~Henryabcd@p4FC42769.dip0.t-ipconnect.de] has joined #openvpn
04:06 -!- Henryabcd [~Henryabcd@p4FC42769.dip0.t-ipconnect.de] has quit [Remote host closed the connection]
04:12 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
04:20 -!- dazo_afk is now known as dazo
04:25 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:26 -!- g-maurizi [~g-maurizi@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has quit []
04:30 -!- zaggynl_ is now known as zaggynl
04:49 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:00 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
05:00 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
05:00 -!- badon_ is now known as badon
05:05 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
05:10 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
05:10 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
05:16 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
05:25 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 264 seconds]
05:33 -!- jackburke [~jackburke@remote.ripplecom.net] has joined #openvpn
05:53 -!- thebloggu [~thebloggu@brg.eurotux.com] has joined #openvpn
05:57 < thebloggu> i'm trying to make an openvpn plugin that does something when a user disconnects. i tried a simple log plugin which asks for all the callbacks (except the auth_verify) and it logs connections but doesn't logs nothing with user disconnections. in fact nothing is printed to stdout from openvpn when someone disconnects. can someone help me?
06:00 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:06 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 245 seconds]
06:07 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:11 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Excess Flood]
06:12 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:13 <@dazo> thebloggu: do you use UDP
06:13 < thebloggu> dazo, yes
06:14 <@dazo> thebloggu: add --explicit-exit-notify to the client config ... and ensure you use --keepalive on the server
06:14 <@dazo> thebloggu: UDP connections are stateless, so unless the client tells it exits, it waits for a timeout before openvpn considers the connection closed and calls that disconnect hook
06:19 < thebloggu> dazo, oh, ok, thank you :) . i'm going to test it again with these settings then
06:26 -!- dreamcat4^ [~dreamcat4@62.49.10.154] has joined #openvpn
06:27 -!- ice9 [~ice9@unaffiliated/ice9] has joined #openvpn
06:28 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 264 seconds]
06:28 -!- Bncbnc [~bncbnc83@188.228.19.134] has joined #openvpn
06:28 < ice9> is there a better compression algorithm than comp-lza?
06:29 < Bncbnc> Someone who can help me setup iptables ?. Cant access my openvpn server.
06:31 <@dazo> ice9: which openvpn version do you use in client and server?
06:31 -!- tristan_c [~tristan_c@81.141.92.189] has quit []
06:32 <@dazo> Bncbnc: pastebin the output of 'iptables-save' and explain your goal, I might be able to help then
06:35 < ice9> dazo:  server: 2.3.2 and client: 2.3.6
06:36 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:37 <@dazo> ice9: AFAIK, then you don't have any other compression choices ... if you upgrade to the latest 'git master' (which will be the next 2.4 release), then you'll have --compress where you can have other compression algorithms, like lz4 or snappy
06:38 -!- dreamcat4^ [~dreamcat4@62.49.10.154] has left #openvpn []
06:38 <@dazo> IIRC, snappy have better compression while lz4 gives a better performance:cpu-usage ratio
06:38 < Bncbnc> http://pastebin.com/rrL2hta4 - i just want to surf from that ip with openvpn
06:41 <@dazo> Bncbnc: Just to check I understood you correctly: You have a server with a public IP.  The client connects to that server and routes all Internet traffic via that server, in effect hiding your VPN clients public IP address
06:41 <@dazo> Bncbnc: I don't do hand-crafted iptables script ... I only do raw iptables-save outputs
06:42 <@dazo> Bncbnc: look at the iptables stuff described here ... you might get a clue here ... https://community.openvpn.net/openvpn/wiki/BridgingAndRouting#Usingrouting
06:42 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
06:43 <@dazo> (also check out the net.ipv4.ip_forward notes)
06:43 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
06:44 < Bncbnc> thank you i will look :-)
06:44 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
06:48 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:51 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
06:52 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Max SendQ exceeded]
06:53 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:53 -!- g-maurizi [~g-maurizi@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has joined #openvpn
06:55 -!- ice9 [~ice9@unaffiliated/ice9] has left #openvpn []
06:57 < g-maurizi> Hi #openvpn, simple question: I'm setting up a site-server layer 3 udp openvpn tunnel, I'm going to split-tunnel I have set "10.0.0.0 255.255.255.0 vpn_gateway" in the client file that I am going to configure a satellite office router with, I want that satellite office with the local ip range 10.0.1.0/24 to tunnel traffic for every private subnet (but its own) through the vpn, but nothing
06:57 < g-maurizi> more, could I only set "10.0.0.0 255.255.255.0 vpn_gateway" and then set the routes as regular routes in the asus router config , like outside of the openvpn client .ovpn file, just configure the router with a static route saying "192.168.0.0/24 gateway 10.0.0.254" since the .ovpn file already has a directive telling the client(router) to use the tonnel for 10.0.0.0/24 , if I set a static
06:57 < g-maurizi> route to use the 10.0.0.254 gateway for 192.168.0.0/24 will this work? or do I have to define every /24 CIDR in the ovpn file directly?
06:58 < g-maurizi> I do not have a spare router to test in my lab-setup therefore I must ask instead of try/test. I apologize.
07:00 < g-maurizi> if I tell the router to only tunnel 10.0.0.0/24 (this includes tunneling 10.0.0.254), and then I set a static route in asus router config (asuswrt) to use 10.0.0.254 as the gateway for RFC1918 addresses,, the router should push RFC1918 over the tunnel , is this correct?
07:02 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
07:04 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 265 seconds]
07:06 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
07:09 < pekster> g-maurizi: routes match most-specific-first, so if you push routes for the RFC1918 space (eg: 10/8) that's less specific than your LAN of 10.0.1.0/24, so the more-specific local network wins here
07:09 < pekster> That's normally what you want, and the concept of pushing a "supernet" works just fine like this
07:12 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 246 seconds]
07:13 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
07:17 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
07:20 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 265 seconds]
07:21 < g-maurizi> pekster.. im not sure I completely understand. I would like to just use "10.0.0.0 255.0.0.0" in the client .ovpn file but then I am afraid the client wont be able to connect to its own local subnet within that range (10.0.1.0/24) when the tunnel is up.. are you saying that because of the order the client matches routes, i do not have to worry about this?
07:23 < g-maurizi> I'm not 'pushing routes using server.conf' either I am commenting out redirect-gateway in server.conf and including "10.0.0.0 255.255.255.0 vpn_gateway" in the client-01.ovpn file.
07:24 < g-maurizi> should I instead push routes using server.conf? (and also curious about the previous questions answer).
07:24 < pekster> It works, yes. Push it or apply it locally; it makes no technical difference
07:24 < pekster> (only logistical)
07:25 < g-maurizi> Thats going to make life so much easier. thank you!. I am a little curious, though I do trust your knowledge base, but what is it that will prevent the pushed supernet route from conflicting with the routers local LAN subnet within the same range? some kind of route metric? the order it gets applied?
07:26 < pekster> Sounds like you need more reading on networking basics. It's the size of the mask
07:26 < pekster> /8 < /24
07:26 < g-maurizi> you don't understand what I am saying then.
07:26 < pekster> This is basic networking, and not really something we help with here
07:26 < pekster> !101
07:26 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
07:26 < pekster> Also, as for trust:
07:26 < pekster> !topsecret
07:26 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
07:28 < g-maurizi> I have a server at server A. a client router at site B, and desktops behind that client router at site B. site b uses the local subnet 10.0.1.0/24. I am setting up an openvpn connection in ddwrt on the router at site B. if I put in 10.0.0.0 255.0.0.0 vpn_gateway" on the router at site B, site B will have two routes for 10.0.1.0/24, one 'supernet route' to push all 10.x.x.x through the tunnel,
07:28 < g-maurizi> and it's own local route for 10.0.1.0/24 wouldn't it?
07:30 < g-maurizi> This is what confuses me.
07:30 < pekster> And a /24 matches first. Read basic networking introductions to find out why
07:31 < pekster> It's not magic, and no witchcraft is involved. It's basic math, testing the bits in the netmask. /24 = 24 bits in netmask. /8 = 8 bits in netmask. Largest wins. What's larger: 8 or 24?
07:31 < g-maurizi> interesting. I wasn't aware of this (that more specific match first rule in cidr prefix/routing)
07:31 < g-maurizi> that helps.
07:32 < g-maurizi> That's going to come in useful. I don't know how I have gone this long not knowing this
07:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
07:34 < g-maurizi> On another note, is it possible to have dhnsmasq or isc-dhcpd handle the address pool for openvpn?
07:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:35 < g-maurizi> (Thank You for your help, that really does help, with this, and a ton of other things I've run into in the past.)
07:40 < rob0> g-maurizi, it is possible if using tap, otherwise not really.
07:51 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
08:00 -!- thebloggu [~thebloggu@brg.eurotux.com] has quit [Ping timeout: 246 seconds]
08:06 -!- g-maurizi [~g-maurizi@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has quit [Ping timeout: 265 seconds]
08:08 -!- cali [~cali@unaffiliated/cali] has quit [Ping timeout: 276 seconds]
08:10 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
08:11 -!- FrEaKmAn_ [~erol@cpe-90-157-164-165.static.amis.net] has joined #openvpn
08:11 < FrEaKmAn_> hi all...
08:12 < FrEaKmAn_> https://openvpn.net/index.php/access-server/pricing.html is this meant for self hosting?
08:12 <@vpnHelper> Title: Pricing (at openvpn.net)
08:16 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 256 seconds]
08:17 -!- roadrunner|2 [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
08:20 -!- cali [~cali@unaffiliated/cali] has joined #openvpn
08:24 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:26 <@dazo> !as
08:26 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
08:26 <@dazo> FrEaKmAn_: ^^^
08:27 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:29 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
08:34 < FrEaKmAn_> thanks
08:34 -!- FrEaKmAn_ [~erol@cpe-90-157-164-165.static.amis.net] has quit [Quit: Leaving]
08:42 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
08:50 -!- dazo is now known as dazo_afk
08:50 -!- dazo_afk is now known as dazo
08:50 -!- jackburke [~jackburke@remote.ripplecom.net] has quit [Ping timeout: 252 seconds]
08:54 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
09:03 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 265 seconds]
09:07 -!- gchristensen [~gchristen@unaffiliated/grahamc] has joined #openvpn
09:08 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 264 seconds]
09:08 < gchristensen> I have an existing and working openvpn setup. I'm considering adding google auth as a second factor on login, but am curious what the workflow is for a user who is currently authenticating with certificates. is that possible? and, it looks like a user would have to then provider certificates, a user, a password, and the 2fa code. is that correct?
09:10 -!- hikenboot [~hikenboot@pool-71-174-163-14.bstnma.east.verizon.net] has joined #openvpn
09:10 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
09:10 -!- Bncbnc [~bncbnc83@188.228.19.134] has quit []
09:10 < hikenboot> hi I am wondering if anyone uses docker to deploy massive VPN farms? It seems like it might be the perfect platform for it (although I wonder about performance)
09:11 < hikenboot> combining minimal redhat, docker and amazon cloud
09:13 < hikenboot> oh and of course openvpn
09:14 < BtbN> Why would you need docker for that? It's not that you have tons of virtual VPN servers running
09:14 < BtbN> it's usualy just exactly one
09:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:17 < hikenboot> IC what your saying but in the instance of what I am doing, the vpn servers would have a large load on them (cant tell you the exact application ) but I think it would take a large farm of vpn servers to do what I am thinking (although I am not entirely sure, just speculating) I would have a large network I/O usage in my instance
09:18 < BtbN> So, if a single server per physical host already fully uses its capacity, why would you want to virtualize if even further?
09:18 < hikenboot> there is many reasons to virtualize but I am not sure they apply (security being one of them)
09:18 < gchristensen> hikenboot: if you're just speculating about the whole project,why not just do it the easy way, and then change what isn't effective enough?
09:19 < hikenboot> well in my case the test instance doesnt use virtualization it is the basic setup. But I am forward thinking to the issues i might have in expansion and deployment
09:20 < gchristensen> I'm going to go out on a limb here and say "it won't matter either way."
09:20 < hikenboot> thanks for the input
09:25 < hikenboot> with amazon cloud you have an elastic ip (which is the front end to a farm of servers I was just thinking using the redhat docker distribution might make it easier to expand and shrink on the fly
09:26 < gchristensen> elastic IPs don't point at multiple servers at a time
09:27 < hikenboot> hmm, thats counter to what I thought. I thought it was similar to the arp broadcast redirection cluster (guess I will have to look into it deeper)
09:27 < gchristensen> no
09:27 < gchristensen> an EIP points to one server at a time
09:27 < hikenboot> so what does it do for you?
09:27 < gchristensen> you can reassociate that IP to a different server any time you want
09:28 < gchristensen> vs. the default mode of IPs in AWS, where you lose the IP if you terminate the server, and you can't reassign teh IP.
09:28 < hikenboot> in my case that wouldnt be helpful except to avoid ip changes (but I can avoid that by telling  it not to terminate on shutdown
09:29 < gchristensen> well it means if you ever want to replace a server you can keep the IP
09:29 < hikenboot> right so the dns doesnt need to be changed
09:29 < gchristensen> sure
09:30 < hikenboot> I assume that someone has setup a cluster (arp broadcast or otherwise cluster on amazon cloud) I guess I will have to research and look for some docs on the matter
09:31 < hikenboot> if the networking doesnt expand beyond one virtual to physical interface on the amazon cloud then having a cluster wouldnt do you much good
09:32 < gchristensen> my searching hasn't turned up much on people using certificate auth + google auth, and I'm suspecting it just isn't possible. Any feedabck?
09:32 < gchristensen> hikenboot: sorry, I'm not prepared to help with general AWS or clustering issues in #openvpn, ##aws or ##linux or #networking might be more appropriate.
09:32 < hikenboot> I also havent found this however a quick setup of openvpn-as might tell you with options available whether its possible
09:33 < hikenboot> I remember when I had it that the google auth plugin was available but dont remember whether a CA was also available at the same time
09:34 < hikenboot> thanks gchristensen for those group pointers
09:35 < gchristensen> cheers
09:35 < hikenboot> It is greatly helpful because I was unaware of ##aws
09:35 < hikenboot> take care
09:36 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
09:37 -!- ozux [~root@unaffiliated/ozux] has joined #openvpn
09:38 < ozux> is there any configuration to give persistance name to tun device in ovpn client? I have three VPN servers and a Device to connect all of them, and tun0,1,2 are randomly assignes on each restart!
09:38 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
09:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
09:43 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
09:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:54 < deever> is there a way to use non-privileged ports on the client side?
09:54 < deever> or any other way making it possible not to configure all servers i potentially could connect to with different ports?
09:55 < deever> (ps: sorry for the one highlighting me...forgot to set my away status...! :) )
09:57 <@dazo> hikenboot: sounds like a good idea ... at least if you get the image updates and openvpn updates properly handled
10:00 <@dazo> BtbN: docker is not about virtualization, but container ... but can provide an easier way of massive deployment and manageability ... need more VPN power, add another VPN docker image ... as there is a higher probability that your OpenVPN server will be the performance bottleneck due to the amount of connecting clients and not the hardware itself
10:01 <@dazo> hikenboot: iirc, docker is in tech-review on RHEL7
10:01 < BtbN> And why not just use pre-made system images for that?
10:02 < BtbN> Specialy if you use virtual machines anyway. Just copy the image VM, change the configuration a bit, done.
10:03 <@dazo> gchristensen: it is possible to implement google auth ... you just need the proper plug-in for it ... openvpn is incredibly flexible, due to it's plug-in API
10:04 <@dazo> ozux: use --dev tunX ... or even --dev MyVPN --dev-type tun
10:05 <@dazo> BtbN: because there exist very simple tools for rolling new containers with docker
10:05 <@dazo> you basically can kick off new images, preconfigured in a minute
10:06 <@dazo> BtbN: https://www.docker.com/tryit/
10:09 < hikenboot> looks like i started a bad argument!
10:10 <@dazo> hikenboot: nah :)
10:13 < hikenboot> looks like it might be the route i use. Terrific! also Ubuntu has one and another company has one so redhat isnt the only game in town (see bottom) http://www.computerworld.com.au/article/569690/red-hat-strips-down-docker/
10:13 <@vpnHelper> Title: Red Hat strips down for Docker - Computerworld (at www.computerworld.com.au)
10:19 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
10:21 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 252 seconds]
10:21 < KaiForce> I'm upgrading a Leaf router running OpenVPN 2.1.3 to one running 2.3.6 (same configuration files in use).  On a client that still has 2.1.3, I'm getting this error:  TLS_ERROR: BIO read tls_read_plaintext error: error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet length
10:21 < hikenboot> dazo, I have 2 VPN sessions going (it sets up the tun0 interface on both. but to my surprise they both list the same ip address for the interface, is this correct and if so why (I was expecting a different ip for each on the "VPN" server lan subnet
10:22 < KaiForce> I presume this has to do with the SSL 3 vulnerability.  What should I do to disable that?
10:23 <@dazo> hikenboot: this might be correct behaviour, unless you use --duplicate-cn on the server side
10:23 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
10:23 < hikenboot> I assume if I want to use iptables to controll connectivity I should use different IP's for each client (yes/no?)
10:24 < hikenboot> I am doing client-to-client
10:24 <@dazo> hikenboot: yes, if you use TUN mode ... otherwise, in TAP mode (which has lower performance plus scales more poorly) eurephia will use the MAC address of the clients instead
10:25 < hikenboot> ok then I will figure out where i put this duplicate-cn (i assume it has a similar config entry!)
10:25 <@dazo> KaiForce: this is most likely due to some security fixes we've added to 2.3.x .... your 2.1.3 client really needs to be upgraded, esp. due to the vpnuke issue
10:25 <@dazo> !vpnuke
10:25 <@dazo> !ovpnuke
10:25 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
10:25 -!- euphoria360 [~euphoria3@151.241.22.225] has joined #openvpn
10:25 -!- KeyboardNotFound [~KeyboardN@unaffiliated/keyboardnotfound] has joined #openvpn
10:26 < KeyboardNotFound> I can't start the fresh installed openvpn server. I dont' see anything in /var/log/syslog, any idea to debug ?
10:26 < KaiForce> dazo: I intend to upgrade them all, but as I don't have enough hardware to do them simultaneously, I'll need these version to coexist temporarily.  Is that possible?
10:26 < euphoria360> hi everyone.
10:27 <@dazo> KaiForce: hard to say, but I doubt so ... syzzer, any thoughts?  (syzzer is our crypto expert)
10:27 -!- `hypermist` is now known as sleepypc
10:28 < KeyboardNotFound> !logs
10:28 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:28 < euphoria360> krzee, esde : Thanks for you great efforts and passionate helps
10:28 < euphoria360> I finally figured it out and it's working again.
10:28 < KaiForce> might be bad, I have about 20 systems with tunnels all over the place
10:29 < KaiForce> good to know about vpnnuke though.
10:30 <@dazo> KaiForce: upgrade clients first, and then servers ... I believe that might work better if it happens in a shorter time-window ... or try an earlier 2.3 release in the mean time
10:30 -!- Cydrobolt is now known as cy
10:31 -!- cy is now known as Cydrobolt
10:31 < KeyboardNotFound> !logs
10:31 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:31 < KeyboardNotFound> I can't start the fresh installed openvpn server. I dont' see anything in /var/log/syslog, any idea to debug ?
10:31 < KaiForce> dazo:  hmm, need to plan this out.  a few devices are both client and server
10:31 <@dazo> KeyboardNotFound: try to use --log in your openvpn config file
10:31 <@dazo> !--
10:31 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
10:32 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:33 < euphoria360> in case you forgot, I was the Iranian guy who came here 1,2 days ago and needed a way to bypass Government's new openvpn blocking which use packet signature to identify openvpn packets.
10:33 < sammi`> !route
10:33 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
10:33 <@vpnHelper> client
10:33 < KaiForce> euphoria360: were you successful?
10:34 < euphoria360> yes Kaiforce.
10:34 < KaiForce> excellent
10:35 < euphoria360> as stated by krzee and esde, static key doesnt have any signature.
10:36 < euphoria360> but the problem was, i couldnt push anything to clients via this method. so no rediret and dns.
10:36 < euphoria360> and my iptables was like amazon jungle, (which krzee noted)
10:37 < euphoria360> i take care of those 2 and viola!
10:38 < euphoria360> now a question arised in my mind: are there any other vpn protocols which are harder to find a signature for them
10:38 < euphoria360> and have customizable ports?
10:39 <@dazo> euphoria360: look at using obfsproxy ... that is a tool which is designed to circumvent such national firewalls ... and it can act as a socks proxy, so openvpn can use it really easily
10:40 <+esde> there are a few purpose built "things" to do this, but they are offered only by paid providers
10:40 <+esde> like this https://www.goldenfrog.com/vyprvpn/chameleon
10:40 <@dazo> in addition, obfsproxy has a modular "protocol" design ... so you can even write your own wire-protocol as a module, and it will be truly a unique signature on the wire traffic
10:40 <@vpnHelper> Title: Proprietary Chameleon Technology – VyprVPN | Golden Frog (at www.goldenfrog.com)
10:40 <@dazo> !obfs
10:40 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
10:40 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
10:40 < euphoria360> can the openvpn client and obfsproxy be on same system?
10:40 <+esde> like dazo (and myself) mentioned, pbfsproxy is going to be your best bet
10:41 <+esde> *o
10:41 < euphoria360> ive done that before for Tor. seems they created it.
10:41 <@dazo> euphoria360: probably something similar .... but as I trust the TOR community more, and they wrote obfsproxy to make TOR work in some countries
10:41 <+esde> and chameleon is likely obfsproxy at it's core anyway
10:42 < euphoria360> there was a time where even SSL was blocked by gov
10:42 <@dazo> maybe ... but we don't know, as it's a closed source product .... and I especially don't trust closed source security products
10:42 < euphoria360> after a few days i heard news about obfsproxy.
10:42 <+esde> i mentioned it more than a couple of times when you were here with the problem initially :)
10:43 <+esde> but basic connectivity was more important at the time, apparently :)
10:43 <@dazo> sometimes it's good to start as simple as possible, and then add more and more security layers, one step a time
10:44 < mutilator> is there an alternate iOS openvpn client from the official?
10:44 < mutilator> split-tunnel isnt working
10:44 < euphoria360> im surprised they even let openvpn!
10:44 <@dazo> mutilator: nope ... due to Apples restrictions
10:44 < mutilator> i can ping the device, but the device isnt talking back
10:44 <+esde> bitch at apple
10:44 < euphoria360> hehe
10:44 < mutilator> and dns isnt forwarding over it
10:45 < mutilator> is the only fix to redirect-gateway?
10:45 < euphoria360> can those ips'es do the same on udp?
10:45 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 35.0.1/20150122214805]]
10:45 <@dazo> mutilator: openvpn tech even had to add a special closed source license, as they did not permit the VPN layer to visible in open source products
10:45 <@dazo> otherwise, apple wouldn't allow OpenVPN to iOS at all
10:46 <+esde> apple is such a pile of shit
10:46 < mutilator> has anyone else run into this issue?
10:46 < euphoria360> security through obscurity! I hate that
10:46 < mutilator> the same config file/server works fine on osx, windows, linux, and android
10:46 < mutilator> but ios nothing goes over the tunnel..
10:47 <@dazo> their business model is truly crappy .... but I have to say that Apple have understood what is important for the average users user experience, and done that mostly correct
10:47 <+esde> wat part of the problem is with apple, arent you understanding?
10:47 <+esde> you're lucky it works at all given the circumstances
10:47 < mutilator> really? you're going with that?
10:47 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
10:47 <+esde> yes i am
10:47 <@dazo> mutilator: if it doesn't work on iOS but everywhere else ... then you need to file a bug with openvpn tech
10:48 <@dazo> we're not able to help with ios issues, especially not if there are some issues with on the lower levels
10:48 <+esde> im surprised openvpn has /any/ closed source licenses. not surprised they were forced to by apple though
10:48 < euphoria360> does openvpn-as initially create a static key kind of conf? since i tried that too and it worked.
10:48 < mutilator> ok
10:48 <+esde> !as
10:48 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
10:48 < mutilator> so no one has seen the issue here
10:48 <+esde> AS is a totally different beast
10:49 <+esde> "Unfortunately, due to VPN restrictions by iOS, Chameleon is not currently available for VyprVPN for iOS."
10:49 <@dazo> euphoria360: really hard to say ... quite few here use AS on a daily basis
10:49 <+esde> it's almost like apple hates people other than themselves developing vpn on ios
10:49 <+esde> how about that
10:50 < euphoria360> lol
10:50 < mutilator> yea i didnt want the conversation to degrade into apple hate, i was just asking if anyone had ever seen the issue and possibly had a solution
10:50 < mutilator> sorry
10:50 <@dazo> esde: how I read that:  Apple have not granted us documentation of the VPN API so we can't provide an iOS client
10:50 <+esde> mhm
10:51 <+esde> it's not so much apple hate, as it is calling their development policies for what they are. shit.
10:51 < euphoria360> can the government ips'es do the same blocking by signature on udp?
10:51 <@dazo> it is an excellent example of the problem with closed source software
10:51 <+esde> OpenVPN for iOS should be just as capable as OpenVPN for Android.
10:52 <@dazo> euphoria360: anyone can do that, if they implement deep packet inspection firewalling
10:52 <+esde> It's sad apple themselves are keeping that from happening
10:53 < euphoria360> seems they forgot that for now.
10:53 <@dazo> esde: to be honest, I doubt Microsoft is any better on the OSes ;-) .... but it's a paradox that Microsoft is somewhat more open and forth-coming
10:53 <+esde> Well, someone has to give Microsoft a gold star for opening up .NET core
10:53 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
10:53 <+esde> but yeah closed-source is the big picture problem
10:55 < euphoria360> is it normal to have venet0 and venet0:0 as interfaces. the latter one seem to be secondary and puzzled me .
10:55 < KaiForce> I don't know if syzzer responded to the question about running older (2.1.3) clients with the current release.  I had to drop my firewall to test something.
10:55 <+esde> thats how openvz does it
10:56 < KaiForce> I'm going to spin up 2.1.3 vm with a 2.3.6 server and see if I can work around it...  I really need that to work, at least short term.
10:56 <+esde> also are you using ifconfig?
10:56 < euphoria360> yeah
10:56 < euphoria360> public ip is on venet0:0
10:56 <+esde> !ifconfig
10:56 <@vpnHelper> "ifconfig" is usage: ifconfig l rn | Set TUN/TAP adapter parameters. l is the IP address of the local VPN endpoint. For TUN devices, rn is the IP address of the remote VPN endpoint. For TAP devices, rn is the subnet mask of the virtual ethernet segment which is being created or connected to.
10:57 <+esde> erm
10:58 <+esde> i was hoping that would explain why not to use ifconfig, and mention using ip instead
10:58 < euphoria360> :S
10:58 <+esde> !ifconfig-linux
10:58 <@vpnHelper> "ifconfig-linux" is Avoid use of 'ifconfig' and 'route' commands on modern Linux distros. It's old, deprecated, and often misleading/wrong. Use the 'ip a' and 'ip r' commands instead. More info: http://inai.de/2008/0219-ifconfig-sucks.php
10:58 <+esde> ^^^^
10:59 < euphoria360> ifconfig-sucks! hehe
10:59 < euphoria360> thanks for the info.
10:59 <+esde> np :)
11:00 < euphoria360> if it werent for you guys I've probably worn out by now.
11:00 <@dazo> KaiForce: no, no response yet ... he's in europe, it's friday, so hopefully he's in a pub with friends ;-)
11:00 <+esde> sounds nice
11:00 < KaiForce> that would be better than having this work ;)
11:01 < euphoria360> bye for now.
11:01 -!- euphoria360 [~euphoria3@151.241.22.225] has quit [Quit:  HydraIRC -> http://www.hydrairc.com <- Organize your IRC]
11:02 -!- Latrina [~Latrina@ppp-229-33.26-151.libero.it] has quit [Ping timeout: 244 seconds]
11:04 -!- Latrina [~Latrina@adsl-ull-238-181.50-151.net24.it] has joined #openvpn
11:13 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:15 -!- Latrina [~Latrina@adsl-ull-238-181.50-151.net24.it] has quit [Ping timeout: 244 seconds]
11:17 -!- Latrina [~Latrina@ppp-120-59.26-151.libero.it] has joined #openvpn
11:18 -!- Marc128000 [~quassel@nat-128-62-46-222.public.utexas.edu] has joined #openvpn
11:24 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
11:28 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
11:30 -!- Marc128000 [~quassel@nat-128-62-46-222.public.utexas.edu] has quit [Remote host closed the connection]
11:32 < hikenboot> dazo, sorry to bug you but i put he duplicate-cn line in the server config and restarted server. It is still handing out same ip address to both clients for tun-00 interface, do i also need something in the client configs?
11:34 <@dazo> hikenboot: I haven't seen your configs, so probably ... if you use ifconfig-pool-persist on the server, that might also be influential, as well as if you use --client-config-dir
11:35 < hikenboot> thanks
11:35 < hikenboot> I will look further, but later on I might post my configs, will try and figure this out first though
11:36 <@dazo> ccd will by default use CN for the config filename it includes, so if you provide fixed IP addresses this way, it will cause issues if you use the same CN for both connections
11:36 <@dazo> and similar, with --ifconfig-pool-persist
11:36 <@dazo> and this is why I initially started writing eurephia ... to avoid a need for fixed IP addresses :)
11:38 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
11:49 < hikenboot> can anyone look at this config and tell me why i am getting duplicate ip addresses on the tun-00 interfaces http://paste.debian.net/159955/
11:51 < hikenboot> note I changed the server ip addresses and the lan ip address range but kept the same subnet mask
11:52 <@dazo> hikenboot: can you test without username-as-common-name
12:00 -!- KeyboardNotFound [~KeyboardN@unaffiliated/keyboardnotfound] has quit [Quit: Leaving]
12:11 -!- tristan_c [~tristan_c@81.141.92.189] has joined #openvpn
12:31 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
12:48 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
13:02 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:04 < ozux> dazo: thanks, I'm trying to find some docs bades on the clue you gave, can I set this --dev inside config.ovpn? or I should pass on the command line, I have two config 1.ovpn and 2.ovpn and using debian to sutostart them in /etc/default/openvpn I put both to start, but still puzzeled how to assign a tun device to each of them to be persistance
13:04 <@dazo> !--
13:04 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
13:04 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
13:05 <@dazo> ozux: ^^^
13:05 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:07 < ozux> ooo
13:09 -!- sammi` [sammi@gateway/shell/devio.us/x-xaxuohhzgtgjddum] has quit [Quit: Lost terminal]
13:09 < ozux> tnx dazo it works :) been puzzeled for couple of hours now, working around iptables :P
13:09 <@dazo> good to hear it works!
13:10 <@dazo> ozux: you may also use 'config common.inc' inside a config file, which will then function like an include statement, so your two configs can have shared config settings too
13:10 <@dazo> in my example here, it will include a file named 'common.inc'
13:11 <@dazo> (I'd advice against using .conf extension, otherwise your distro might interpret it as a valid config file and try to start that one as well)
13:14 < ozux> dazo: neat
13:17 -!- mattock is now known as mattock_afk
13:52 -!- zaggynl_ [~zaggynl@linux-fenrir1.cryptostorm.net] has joined #openvpn
13:55 -!- zaggynl_ [~zaggynl@linux-fenrir1.cryptostorm.net] has quit [Read error: Connection reset by peer]
13:55 -!- zaggynl [~zaggynl@4daecf3c.ftth.telfortglasvezel.nl] has quit [Ping timeout: 246 seconds]
13:57 -!- zaggynl [~zaggynl@linux-fenrir1.cryptostorm.net] has joined #openvpn
14:05 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:05 < KaiForce> I spun up a test client/server to work on my issue.  Here is the relevant log from the client side:  http://pastebin.com/YKbXu5Nb
14:06 < KaiForce> if I update client, it is solved, but that will be impossible in my environment (too many clients to do simultaneously)
14:09 -!- zaggynl [~zaggynl@linux-fenrir1.cryptostorm.net] has quit [Read error: Connection reset by peer]
14:09 -!- zaggynl [~zaggynl@linux-fenrir1.cryptostorm.net] has joined #openvpn
14:10 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:11 <@krzee> <dazo> in addition, obfsproxy has a modular "protocol" design ... so you can even write your own wire-protocol as a module, and it will be truly a unique signature on the wire traffic
14:11 <@krzee> ^ that is a very important point!
14:11 <@dazo> yeah
14:11 <@krzee> as the game of cat and mouse continues with the "great firewalls"
14:12 <@krzee> this assures obfsproxy is the ultimate win
14:12 <@krzee> oh they stopped you?  *changes wire protocol*  *win*
14:12 <@dazo> it's not an easy task ... but it is possible for the brave ones :)
14:12 -!- zaggynl [~zaggynl@linux-fenrir1.cryptostorm.net] has quit [Read error: Connection reset by peer]
14:12 <@krzee> dont need to write your own
14:12 <@krzee> just change both sides and count it as a win
14:12 <@dazo> yeah
14:12 <@krzee> our side will always be ahead of the game with more plugins
14:13 <@krzee> maybe one day they'll even get a udp wire protocol (although openvpn would need new code to understand it)
14:14 <@dazo> An UDP based protocol would be good anyway ... but getting support for UDP over the SOCKS socket would be even more interesting
14:14 -!- zaggynl [~zaggynl@linux-fenrir1.cryptostorm.net] has joined #openvpn
14:15 <@krzee> i already send udp over socks, but the socks itself is a tcp port
14:15 <@dazo> because in worst case with TCP traffic through OpenVPN through obfsproxy gives you TCP over TCP over TCp
14:15 <@krzee> openssh socks server cannot, dante socks server can
14:15 <@dazo> hmmm can you use openvpn with that dante socks proxy?
14:15 <@krzee> i do
14:15 <@krzee> well
14:16 <@krzee> i dont use the --socks settings tho
14:16 <@krzee> i force connections where i want them with proxifier
14:16 -!- FrEaKmAn_ [~erol@93-103-137-127.dynamic.t-2.net] has joined #openvpn
14:16 <@krzee> and now that i think about it, im doing it backwards, so nevermind :/
14:16 <@dazo> I meant, openvpn + udp with --socks ... but I see
14:16 <@dazo> heh
14:16 <@krzee> i run the sockd inside the vpn, so irrelevant
14:16 <@dazo> right, that's a different setup :)
14:17 <@krzee> and now that i think of it, thats *because* you can only use --socks to tcp port
14:17 <@dazo> right! :)
14:17 <@krzee> i *think*
14:17 <@dazo> that's what I remember as well
14:17 <@krzee> i should test that again, but im pretty sure it was the case
14:17 <@krzee> even though i know my dante setup can connect to udp
14:17 <@krzee> iirc it was openvpn's fault
14:18 <@krzee> i dont have a public facing socks server but if theres interest i can toss one up and test again
14:19 <@krzee> it was years ago, and im pretty sure a TON of code has changed since then
14:19 <@krzee> never know, it might just magically work now
14:19 -!- zaggynl_ [~zaggynl@linux-cantus1.cryptostorm.net] has joined #openvpn
14:20  * dazo need to run
14:20 -!- zaggynl [~zaggynl@linux-fenrir1.cryptostorm.net] has quit [Read error: Connection reset by peer]
14:20 <@krzee> if i test it would you like to hear about it?
14:25 <@syzzer> KaiForce: still around?
14:26 <@syzzer> 2.1.3 + 2.3.6 *should* work
14:27 < KaiForce> still here.  If I update client to 2.3.6 or downgrade server to 2.1.3, it does.  But if I only upgrade server, I get the copied error
14:27 <@syzzer> hmm, unfortunately I don't have an immediate hunch on this
14:28 <@syzzer> can you perhaps show your configs? you can replace any private/senitive stuff like keys/ips/hostnames
14:29 <@krzee> trippy, this is the first i heard of a compat issue in those versions
14:30 <@syzzer> on what platform is this, btw?
14:30 <@krzee> the error makes me want to find a compression issue in the configs
14:30 <@krzee> but i cant see that getting magically fixed with an update
14:30 < KaiForce> Leaf Bering uClibc (client is 4.0.1, Server is 5.1.3
14:31 <@krzee> embedded linux
14:32 <@syzzer> krzee: but this is a TLS error, which has no configurable compression options in the openvpn config...
14:32 < KaiForce> yeah usually used on embedded systems, I'm using it on PCs and VMWare virtual machines.
14:32 <@krzee> !configs
14:32 < KaiForce> I can try the packages for Leaf that don't have compression support
14:32 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:32 -!- zaggynl [~zaggynl@4daecf3c.ftth.telfortglasvezel.nl] has joined #openvpn
14:33 <@krzee> feel free to hide ip if desired, irrelevant to your issue
14:33 < KaiForce> ok one sec
14:33 <@syzzer> KaiForce: you're just replacing up/downgrading openvpn, right? is it dynamically linking to openssl?
14:34 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
14:34 <@krzee> id bet on static links, it's embedded linux
14:34 <@krzee> http://sourceforge.net/projects/leaf/
14:34 <@vpnHelper> Title: LEAF Linux Embedded Appliance Framework | SourceForge.net (at sourceforge.net)
14:35 < KaiForce> I replace the package and reboot.  these are just test machines
14:35 < KaiForce> although there doesn't seem to be compatibility with packages between the older Leaf release and newer ones
14:35 -!- zaggynl_ [~zaggynl@linux-cantus1.cryptostorm.net] has quit [Ping timeout: 252 seconds]
14:36 -!- gchristensen [~gchristen@unaffiliated/grahamc] has left #openvpn ["WeeChat 0.4.2"]
14:36 <@krzee> better link: http://leaf.sourceforge.net/bering-uclibc/
14:36 <@vpnHelper> Title: Bering uClibc (at leaf.sourceforge.net)
14:38 <@syzzer> they do have separate libssl packages
14:38 < KaiForce> http://pastebin.com/nV5fd4kf
14:38 <@syzzer> but if that means openvpn is dynamically linked, it should even use the same ssl library, which makes this problem even weirder
14:40 <@krzee> same issue with comp-lzo no    on both sides, right?
14:40 < KaiForce> haven't tried that, let me see...
14:41 <@syzzer> I don't see anything suspicious in there either...
14:42 <@krzee> nah its a pretty basic config, im thinking this has to be something unique to his setup
14:43 < KaiForce> same issue
14:43 <@krzee> openvpn --version
14:43 <@krzee> on both clients
14:43 <@syzzer> yes, I suspect the compatibility issue is somewhere in the openssl versions
14:44 <@krzee> Client 2.1.3
14:44 <@krzee> Server 2.4.6   <--- 2.3.6 right?
14:44 <@krzee> hehe
14:44 <@krzee> cause if you got 2.4.6 i want a copy
14:44 <@krzee> :D
14:44 < KaiForce> http://pastebin.com/krrBxyTK
14:45 < KaiForce> Yes my memory is not the best
14:45 <@krzee> well its nice that in newer versions we get lib versions, unfortunately in 2.1.3 we dont
14:46 < KaiForce> let me see if I can tell what they are
14:46 <@krzee> maybe ldd /path/to/openvpn if you have that
14:47 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
14:47 < KaiForce> openssl 0.9.8r
14:47 < KaiForce> http://pastebin.com/yZtRXKHN
14:47 <@syzzer> wow, that is really old and very vulnerable...
14:47 <@krzee> 2.1.3 is very old but i cant think of anything that changed that should break such a normal config
14:48 <@krzee> KaiForce, syzzer has a strong point. this might be a good excuse to do what you REALLY need to do anyways
14:48 <@krzee> running openvpn with that version openssl is a bad idea anyways
14:48 <@krzee> breaks an otherwise good vpn
14:48 <@syzzer> you don't have tls-auth, so that means full heartbleed exposure
14:48 < KaiForce> Ok, I'll just have to come up with a plan
14:49 <@krzee> ^ also valid point, you really should add tls-auth when you do this much needed upgrade
14:49 < KaiForce> basically, I'm IT for a bunch of small firms and I have a lot of tunnels to client subnets.  Additionally, my clients have tunnels between different locations.  So I need to update everyone at once, but I don't have enough hardware to do a mass one-day swap.
14:50 <@krzee> KaiForce, make a script that logs in, updates, and sends to a newly configured server when done
14:50 <@krzee> then when done testing it, put it as an on-connect script on the vpn server
14:50 <@krzee> --client-connect
14:50 <@krzee> then watch clients connect to the new server when done
14:50 <@syzzer> you could do some tests, see if you can update openssl to a (slightly) newer version on the older boxes
14:51 <@krzee> could just be another openvpn instance running on the same hardware on another port
14:51 < KaiForce> the problem is I have to do a full Leaf upgrade to get the current package
14:51 <@krzee> probably something that really needs to be done anyways
14:51 <@syzzer> I am still suspecting some bug in openssl is causing this compatibility issue
14:51 <@krzee> using that version openssl is inexcusable
14:51 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:51 <@krzee> your clients need to understand how important this upgrade is
14:52 <@krzee> your vpn can literally be owned by anybody in the middle (exactly what a vpn is made to protect against)
14:52 < KaiForce> They'll be fine with it..  I only have one client that works on weekends, I'll have to schedule it on Saturday
14:52 < hikenboot> do i have to use absolute paths in the config file on clients or if will it assume i am in /etc/openvpn if i dont?
14:53 <@syzzer> hikenboot: depends on whether you use --daemon and/or --user/--group
14:53 <@krzee> "it" will never assume, unless you used a --chroot or --cd or similar
14:53 <@syzzer> also see --cd if you don't like full paths
14:53 <@krzee> although your OS init scripts *may* assume
14:54 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
14:54 <@krzee> openvpn will not
14:56 <@krzee> well openvpn in windows will assume the path actually
14:57 <@krzee> which can be configured in the registy iirc
14:57 < hikenboot> also ca.crt is unique to server not to clients right? Just want to be sure
14:57 <@krzee> (or overridden in the config)
14:57 < hikenboot> I am on linux anyways
14:57 <@krzee> ca.crt is needed on all sides with normal server/client setup
14:57 <@krzee> !pki
14:57 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-pki
14:57 < hikenboot> right but it is the public part of the server key correct?
14:58 < hikenboot> oh ok
14:58 <@krzee> its the public part of the CA
14:58 <@krzee> the public part of the server is the server.crt (or whatever you named it)
14:59 < hikenboot> thanks
14:59 <@krzee> you're welcome
15:01 -!- zaggynl_ [~zaggynl@linux-cantus1.cryptostorm.net] has joined #openvpn
15:01 <@syzzer> KaiForce: have to run now, good luck with the upgrade :)
15:01 -!- zaggynl_ [~zaggynl@linux-cantus1.cryptostorm.net] has quit [Client Quit]
15:04 -!- zaggynl [~zaggynl@4daecf3c.ftth.telfortglasvezel.nl] has quit [Ping timeout: 256 seconds]
15:04 < KaiForce> syzzer: thanks!
15:05 < KaiForce> krzee: thanks to you too
15:05 <@krzee> yw
15:06 <@krzee> KaiForce, also consider:
15:06 <@krzee> !hmac
15:06 <@vpnHelper> "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. or (#2) openvpn --genkey --secret ta.key to make the tls
15:06 <@vpnHelper> static key , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs
15:06 <@krzee> this would have at least mitigated your openssl issue, although your old openvpn version also had an issue that would leak tls-auth key
15:07 <@krzee> it would have at least required a little more skill to carry out the attack :D
15:08 < KaiForce> krzee: I will probably implement that, post upgrade
15:08 <@krzee> yep, sounds like part of the upgrade
15:08 <@krzee> good time to give your PKI a second look as well
15:09 <@krzee> maybe you can make it stronger? if so this is the time
15:09 < KaiForce> This is gonna be tough, I'm going to need off hours access to a lot of locations!
15:12 < KaiForce> I can pre-configure every machine though, and merely swap boot media when we get on-site.
15:13 < KaiForce> If I had a person at every location simultaneously, it would be a breeze.  Unfortunately, only two of us
15:19 -!- FrEaKmAn_ [~erol@93-103-137-127.dynamic.t-2.net] has quit [Ping timeout: 264 seconds]
15:22 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 35.0.1/20150122214805]]
15:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
15:34 <@dazo> krzee: if you're able to test --socks with --proto udp, I'd like to hear about it, yes!
15:34 <@dazo> in fact, could be good to share it on #openvpn-devel :)
15:37 <@krzee> cool ill give it another try, i know dante can connect to udp ports
15:38 <@dazo> that's a good starting point :)
15:38  * dazo need to log off
15:38 <@krzee> later!
15:39 -!- dazo is now known as dazo_afk
15:46 <@krzee> dazo_afk,
15:46 <@krzee> 2015-03-06 17:44:24 us=873140 Attempting to establish TCP connection with [AF_INET]10.8.12.1:1080 [nonblock]
15:46 <@krzee> 2015-03-06 17:44:24 us=873178 MANAGEMENT: >STATE:1425678264,TCP_CONNECT,,,
15:46 <@krzee> 2015-03-06 17:44:25 us=876388 TCP connection established with [AF_INET]10.8.12.1:1080
15:46 <@krzee> 2015-03-06 17:44:26 us=35250 UDPv4 link local: [undef]
15:46 <@krzee> works fine
15:50 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
15:50 -!- mode/#openvpn [+v s7r] by ChanServ
15:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 252 seconds]
16:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:08 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:14 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Remote host closed the connection]
16:17 -!- Exagone313_ [~exa@elou.world] has joined #openvpn
16:19 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
16:20 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 276 seconds]
16:26 -!- highbass [~highbass@surf6.net.rss.rogers.com] has joined #openvpn
16:27 < highbass> hey guys where do i set up DNS config for openvpn access server applicance
16:28 <@krzee> !as
16:28 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
16:30 < mutilator> anyone having issues with tunnelblick on yosemite? dns not routing thru the tunnel
16:30 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
16:44 -!- highbass [~highbass@surf6.net.rss.rogers.com] has quit [Ping timeout: 244 seconds]
16:46 < pekster> Not sure what a state park in the US has to do with your VPN, but remember that particular destinations (like a DNS server) only go over the VPN if the route for that destination is accessible over the VPN, and such a route exists for it (including a return path from the far side)
16:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:55 -!- sleepypc is now known as `hypermist`
16:58 <+esde> lol. but im guessing he meant the mac yosemite release
17:15 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 272 seconds]
17:40 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Ping timeout: 240 seconds]
17:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:01 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
18:03 -!- nullie [~nullie@linode.nullie.name] has quit [Quit: ZNC - http://znc.in]
18:13 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
18:16 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
18:27 < hikenboot> hey guys got the VPN tunnel ends to show different IP addresses. It had something to do with the certificates being in the path. It was drawing the same demo certificate from /home/user instead of the /home/user/vpn/key path that I wanted to because i used relative path that wasnt available...thanks
18:27 < hikenboot> now to install eurephia
18:27 < hikenboot> taking snapshot of the vm first though
18:28 < SupaYoshi> Hey
18:28 < SupaYoshi> What happened to openvpn-client.msi?
18:28 <@krzee> SupaYoshi, thats access-server
18:28 <@krzee> !as
18:28 < SupaYoshi> I can't find it nowhere on the OpenVPN website and I don't understand what else to use as just for client?
18:28 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
18:29 <@krzee> !download
18:29 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
18:29 < SupaYoshi> krzee, yeah. But what changed?
18:29 < SupaYoshi> I rememeber that it was a seperate download.
18:29 < SupaYoshi> Why did they change it like this?
18:29 <@krzee> dunno, its not the openvpn we support, ask them
18:30 <@krzee> thats what *didnt* change =]
18:30 < SupaYoshi> krzee, what do you use for access-server / client?
18:30 < SupaYoshi> for Windows.
18:30 < SupaYoshi> in case you even use Windows at all :P
18:31 <@krzee> i dont use or support access-server
18:31 <@krzee> if needing a client for my oss setup in windows i goto !download
18:34 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 252 seconds]
18:35 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
18:55 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
19:11 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
19:12 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
19:16 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
19:18 < hikenboot> getting error  ** - FATAL - **  [0] Could not open the eurephia database driver (/usr/lib/eurephia/edb-sqlite.so)
19:18 < hikenboot> is this because i dont have a package for sqlite3? cant seem to find a generic sqlite3 package in redhat
19:55 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
19:58 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
20:00 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
20:09 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
20:11 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
20:11 -!- pushpop [~marc@unaffiliated/pushpop] has quit [Read error: Connection reset by peer]
20:20 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
20:32 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:03 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 240 seconds]
21:12 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
21:28 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
22:03 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
22:47 -!- mattock_afk is now known as mattock
22:56 -!- mattock is now known as mattock_afk
23:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:09 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Remote host closed the connection]
23:13 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
23:30 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
23:33 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:47 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:58 -!- ShadniX [dagger@p5481D0F8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:59 -!- ShadniX [dagger@p5DDFFAFB.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Mar 07 2015
01:05 -!- nullie [~nullie@linode.nullie.name] has joined #openvpn
01:16 -!- Six6siX [~Devil@104.156.227.143] has joined #openvpn
01:56 -!- NChief_ [~nchief@unaffiliated/nchief] has joined #openvpn
02:06 -!- NChief_ [~nchief@unaffiliated/nchief] has quit [Read error: Connection reset by peer]
02:16 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
02:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
02:20 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Client Quit]
02:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:54 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Quit: ZNC - http://znc.in]
03:04 -!- Exagone313_ is now known as Exagone313
03:22 -!- `hypermist` is now known as sleepypc
03:28 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
03:29 -!- kexmex [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
03:31 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
03:35 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
03:36 -!- sleepypc is now known as `hypermist`
03:46 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:52 -!- mattock_afk is now known as mattock
03:59 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:19 -!- EI [6564a1af@gateway/web/freenode/ip.101.100.161.175] has joined #openvpn
04:20 < EI> is Arne Schwabe  around?
04:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
05:15 -!- EI [6564a1af@gateway/web/freenode/ip.101.100.161.175] has quit [Ping timeout: 246 seconds]
05:15 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:25 -!- pailaps [~pailaps@nyc.lovesexmoney.info] has joined #openvpn
05:31 -!- cultavix [~cultavix@unaffiliated/cultavix] has quit [Ping timeout: 265 seconds]
05:45 -!- shimano [shimano@c109-161.icpnet.pl] has quit [Quit: ZNC - http://znc.in]
05:49 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:54 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 264 seconds]
06:00 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:21 -!- cattune [~bryan110@unaffiliated/bryan110] has joined #openvpn
06:24 < cattune> Hi all...anyone using airvpn?....looks like things have changed a bit
06:27 -!- Vexena [~kevindefr@178-116-75-102.access.telenet.be] has joined #openvpn
06:27 < Vexena> Hello, What is the difference between the OpenVPN access server and the regular one?
06:28 < Vexena> easier to manage with the acces server?
06:28 -!- mattock is now known as mattock_afk
06:30 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
06:32 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
06:53 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
06:53 -!- tristan_c [~tristan_c@81.141.92.189] has quit [Ping timeout: 265 seconds]
06:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
07:01 -!- cattune [~bryan110@unaffiliated/bryan110] has left #openvpn []
07:28 < vegardx> Bah, I love when VPN clients don't really output anything to debug why things aren't working.
07:38 -!- tristan_c [~tristan_c@5.80.230.169] has joined #openvpn
07:43 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
07:51 < vegardx> I have two VPN-servers on the same machine, but start as they should, bind to respected interfaces, but one of the servers does not actually respond beyond being alive. It does not write to the logfile. They are both identical apart from certificates.
07:51 < vegardx> And interfaces.
07:58 -!- Vexena [~kevindefr@178-116-75-102.access.telenet.be] has quit [Ping timeout: 265 seconds]
07:59 -!- pailaps [~pailaps@nyc.lovesexmoney.info] has left #openvpn ["Leaving"]
08:09 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
08:09 -!- mode/#openvpn [+v s7r] by ChanServ
08:21 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
08:29 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
08:29 -!- mode/#openvpn [+v s7r] by ChanServ
08:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:59 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
09:04 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
09:47 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:43 < hydrajump> hi is openvpn 2.3.6 vulnerable to FREAK or is it only if weak ciphers are specified in the config?
10:45 <@syzzer> hydrajump: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-FREAK
10:45 <@vpnHelper> Title: SecurityAnnouncement-FREAK – OpenVPN Community (at community.openvpn.net)
10:51 < hydrajump> syzzer: thank you!
11:07 -!- apocr [~apoc@195.202.166.190] has joined #openvpn
11:08 < apocr> hello! I'm writing a paper on VPS and VPN. Can someone recommend a paper which focuses on the performance requirements of a common vpn (<5 users)??
11:08 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
11:09 < vegardx> wat?
11:10 < apocr> I'm looking for a reliable source, which discusses the system requirements of a vpn server.
11:11 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:16 -!- tristan_c [~tristan_c@5.80.230.169] has quit [Remote host closed the connection]
12:00 -!- tristan_c [~tristan_c@5.80.230.169] has joined #openvpn
12:01 -!- Neal_ [neal@felix.ineal.me] has quit [Quit: brb system upgrade]
12:24 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
12:31 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
12:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
12:38 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
12:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:48 -!- apocr [~apoc@195.202.166.190] has quit [Quit: Leaving]
12:53 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
12:53 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
12:53 -!- mode/#openvpn [+v s7r] by ChanServ
12:55 < elliotdenk> In a forum, I read that openvpn supports IPv6 (within the tunnel) only for /64 and /112 networks. Is that true and where do I find more information? Thx in advance.
12:56 -!- Corey84 [~Corey84@unaffiliated/corey84] has joined #openvpn
12:56 < Corey84> timing out issues using $(private tunnel.opvn ) on linux
12:56 < Corey84> System:    Host server.linuxnet Kernel 4.0.0-0.rc2.git1.2.fc23.x86_64 x86_64 (64 bit gcc 5.0.0)
12:56 < Corey84>            Desktop Xfce 4.12.0 (Gtk 2.24.26) Distro Fedora release 21 (Twenty One)
12:57 < pekster> elliotdenk: You can use any CIDR block between /64 and (IIRC) /126. However, be aware that if you use a smaller block than a /64, it will not be compatible with the earlier patches that debian applied to openvpn in the 2.2.x series when IPv6 was still in "preview" support
12:57 < pekster> elliotdenk: Realistically, there's no good reason you shouldn't use a /64 if that compatibiltiy is even remotely a possibility to be in use by your client; you should be given more than enough _routable_ IPv6 space anywy (ref: RFC6177)
12:58 < pekster> What's your concern/use-case here?
12:58 < pekster> Ah, /124 on the high end
13:00 < Corey84> !welcome
13:00 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:00 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:00 < Corey84> !goal  to debug this timeout error using private tuneel on fedora linux
13:00 < pekster> !both
13:00 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
13:00 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:01 < pekster> You can feel free to paste !logs of your problem, but realistically if you don't control both ends you'll be unable to identify problems on the far end
13:01 < pekster> Obviously we can't help with some other service you're using (you'd contact them for that…)
13:06 < Corey84> any ideas / tests for my issue
13:06 < pekster> Yes. Look at your logs
13:06 < pekster> !logs
13:06 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
13:06 < Corey84> !logfile
13:06 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
13:20 -!- mindmix [~mindmix@180.183.153.158] has joined #openvpn
13:20 -!- FrEaKmAn_ [~Erol@93-103-137-127.dynamic.t-2.net] has joined #openvpn
13:21 < mindmix> !welcome
13:21 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:21 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:21 < FrEaKmAn_> hi all.. I want to connect a multiple devices to a openvpn server... now each device should not see each other
13:21 < FrEaKmAn_> but I should be able to login to vpn and access each device
13:21 < FrEaKmAn_> how should I structure everything? any tips?
13:22 < mindmix> !paste
13:22 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
13:22 < mindmix> !config
13:22 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
13:22 < mindmix> !configs
13:22 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:22 < FrEaKmAn_> !test123
13:23 < FrEaKmAn_> there seems to be a bug :)
13:23 < pekster> FrEaKmAn_: Set up a standard openvpn server and do _not_ use --client-to-client (which specifically bypasses your OS firewall and routes client traffic to other clients without filtering)
13:23 < pekster> Then just configure your firewall to disallow it in the usual way for your platform
13:30 < mindmix> hi guys
13:30 < mindmix> https://gist.github.com/anonymous/aea31e1471243f339e25
13:30 <@vpnHelper> Title: client.conf (at gist.github.com)
13:31 < mindmix> i'm having throughput problems, is this normal, and what can i do to resolve it?
13:32 < mindmix> without vpn i get around 100Mbit/s and with i get only around 5Mbit/s
13:38 < pekster> Some common recommendations in:
13:38 < pekster> !speed
13:38 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
13:38 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or (#9)
13:38 <@vpnHelper> a user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
13:44 < FrEaKmAn_> pekster, firewall on the device?
13:44 < FrEaKmAn_> basically to filter everything else expect me?
13:45 < mindmix> !tunortap
13:45 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
13:45 <@vpnHelper> rooted/jailbroken) support only tun
13:45 < mindmix> !mtu
13:45 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
13:47 < pekster> FrEaKmAn_: Firewall on the router (since that's how you stop packets from getting forwarded)
13:47 < pekster> So, yes
13:48 < FrEaKmAn_> ok, thanks for info
13:52 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
13:55 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
13:56 -!- FrEaKmAn_ [~Erol@93-103-137-127.dynamic.t-2.net] has quit [Quit: Leaving]
13:57 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
13:59 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
14:00 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
14:00 -!- tristan_c [~tristan_c@5.80.230.169] has quit [Remote host closed the connection]
14:04 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
14:06 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
14:07 -!- mrtnt [~martint@martint.data.ee] has quit [Read error: Connection reset by peer]
14:08 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
14:08 < mindmix> right, increasing txqueuelen gets me 10% of the raw speed
14:09 < pekster> And you learned what from looking at the single-core CPU utlization? Mind the kernel processing times too as context switching can play a role too, depending on kernel layout
14:13 < mindmix> http://i.imgur.com/4vcXeIV.png
14:13 < mindmix> left is client, right is server
14:15 < mindmix> hmm i see the speed got up to almost 50 for a while there, but dropped again
14:16 < pekster> Sounds a bit as if it's something upstream (either generic throttling, of say UDP or udp/1194, or some DPI that doesn't like tunneled traffic)
14:16 < pekster> That's a possibility anyway
14:16 < pekster> Did turning off compression do anything?
14:16 < mindmix> i had it off to begin with
14:16 < mindmix> didn
14:16 < pekster> Or tuning down tunnelled MTU a bit? mssfix works well here since you seem to be using TCP as the throughput benchmark
14:17 < pekster> Outside of packet loss, I wouldn't expect MTU to play a huge role here, though
14:17 < mindmix> i'll try to change port and see if that does anything
14:17 < pekster> Even if max-mtu sized packets across the link are split into two, it's just wasted header space, fast-retransmit from PL notwithstanding
14:18 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:23 < mindmix> changing port didn't seem to have an effect, i'll try mssfix
14:25 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
14:26 < pekster> Also, be sure you're using --verb 4 at both ends to identify any replay notices, and see --replay-window in the manpage
14:35 -!- `Yoda is now known as Yoda
14:35 -!- Yoda is now known as ItsYoda
14:38 < mindmix> mssfix seems to have made the problem worse, only getting 3Mbit with periods of no traffic like so - https://gist.github.com/anonymous/d8217c3ed06e03955a67
14:38 <@vpnHelper> Title: gist:d8217c3ed06e03955a67 (at gist.github.com)
14:41 < pekster> That doesn't make much sense at all. You used what as a value there, something around 1100-1300?
14:41 < mindmix> 1200
14:41 < mindmix> then tried 1100
14:41 -!- tristan_c [~tristan_c@5.80.230.169] has joined #openvpn
14:41 < mindmix> both made it worse
14:44 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
14:53 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 252 seconds]
14:55 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:07 -!- Corey84 [~Corey84@unaffiliated/corey84] has quit [Ping timeout: 244 seconds]
15:14 -!- mindmix [~mindmix@180.183.153.158] has quit [Ping timeout: 255 seconds]
15:22 -!- Corey84 [~Corey84@unaffiliated/corey84] has joined #openvpn
15:23 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:34 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 246 seconds]
15:35 -!- mete [~mete@91.247.253.160] has joined #openvpn
15:36 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
15:43 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
15:55 < elliotdenk> I set up an openvpn server with IPv6 for the transport as well as inside the tunnel and want to route the client's IPv6 traffic through the tunnel. However, there seems to be no push "redirect-gateway" for IPv6 and if I push a route for all routable IPv6 traffic (as suggested in the documentation) the IPv6 traffic for the transport is not routed correctly anymore. Any ideas/solutions?
15:56 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Quit: reboot]
16:04 < pekster> elliotdenk: Use 2000::/3
16:06 < elliotdenk> pekster: I did
16:07 < pekster> That's all globally routed IPv6 address space
16:08 < elliotdenk> pekster: the problem is the following: the moment this route is pushed, the client cannot reach the openvpn server anymore since it is running on IPv6
16:09 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:09 < elliotdenk> I need to push a more specific route for the IPv6 transport but dont know how
16:10 < BtbN> Configure an explizit route to your server via your original default gateway.
16:10 < pekster> If you route it over the VPN, this does exactly what you want. Since your traffic "is not routed correctly anymore" it seems you're not yet using this
16:11 < BtbN> Well, it also routes the openvpn traffic through openvpn. Which obviously won't work.
16:12 < BtbN> There is no redirect-gateway def1 for ipv6, which automaticaly adds that route. So you have to do it manualy
16:12 < pekster> Use of /1 in v6 is a bit silly now because only 2000::/3 is globally routable. Plus you don't really want to redirect ULA space over the VPN
16:12 < BtbN> I'm not talking about that /1 default route override. But the route to the server it adds.
16:13 < pekster> That /1 is routed to the server when using --redirect gateway
16:13 < pekster> In fact this is exactly what happens with pushed routes that you can immitate excactly by expanding the directives
16:14 < pekster> 2000::/3 serves the same purpose as 0/1 and 128/1 in IPv4
16:14 < BtbN> Yes, but you still need a route to your VPN server via the original gateway...
16:15 < BtbN> There is no way to do that automaticaly for IPv6
16:15 < pekster> Right, you need to duplicate that too
16:15 < pekster> See the remote_host and net_gateway macros for use here
16:16 < BtbN> Last time i checked there was no ipv6 version of net_gateway.
16:16 -!- Corey84 [~Corey84@unaffiliated/corey84] has quit [Ping timeout: 265 seconds]
16:17 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection timed out]
16:18 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:20 < pekster> That could be; I'm not sure I've tried that. That might require use of connection profiles if there are >1 possible address resolutions for the remote VPN endpoint
16:21 < pekster> Or maybe not even that, since it looks like --route* options aren't allowed there
16:23 < BtbN> I remember having exactly that problem. There simply isn't a propper solution and i ended up just adding a hardcoded route to the OpenVPN server in some ifup script
16:25 < pekster> Are you using one of the scripting env-vars there? Otherwise there's no advnatage over using --route-ipv6 if you hardcode it by IP or hostname
16:25 < BtbN> Not in an openvpn script. Just the ifup script of the actual network interface.
16:26 < BtbN> Just a route to the OpenVPN Server address, targeted at the default gateway.
16:27 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
16:28 < pekster> Yea, and the code to do the preexisting route detection is a bit wimpy to begin with, even for IPv4 (under certain network setups is just won't work, and has to be told that information by other means)
16:30 < BtbN> I guess it just tries to get the default route, and uses the same destination?
16:36 < pekster> Yea, rgi.gateway.addr isn't set in the route_list struct in init_route_list() it looks like
16:37 < pekster> That's why at --verb 4 shows this at startup: route_default_gateway = '[UNDEF]'
16:39 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
16:41 < pekster> Much of that black magic is platform-specific, adding complication to the process
16:47 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
16:59 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
17:05 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 264 seconds]
17:13 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:13 -!- mode/#openvpn [+v s7r] by ChanServ
17:15 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
17:59 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:21 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
18:23 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
18:23 -!- mode/#openvpn [+v s7r] by ChanServ
18:33 <+s7r> ecrist, krzee who is the web admin for openvpn.net, forums.openvpn.net, community.openvpn.net? A redirect is needed, to force all the requests to 443 (SSL port) and the plaintext port (80) to show a 301 moved permanently. It's rather important, passwords are submitted on these pages for our user database.
18:33 <+s7r> right now I can access them in plain text too, http:// on port 80, but when I try to login like that, I get an error
18:33 <+s7r> Bad Request
18:33 <+s7r> Your browser sent a request that this server could not understand.
18:33 <+s7r> Reason: You're speaking plain HTTP to an SSL-enabled server port.
18:33 <+s7r> Instead use the HTTPS scheme to access this URL, please.
18:33 <+s7r> the damage is already done since this appears after I enter my password and click submit, in the plain text website
18:34 <+s7r> so I think it's better to have them only SSL enabled, and redirect all the requests on the plain text port to the SSL port? Do we have censored users somewhere who cannot reach these pages on SSL?
18:39 < pekster> The <a> tag for that "login" class <div> element tries to use http:// on port 443. That seems to be a bad URL-ref
18:39 < pekster> Cookies ought to be marked as secured too so the php session ID isn't leaked over non-https
18:39 < pekster> a la, Firesheep
18:42 -!- paule32 [~jens@dslb-178-000-067-153.178.000.pools.vodafone-ip.de] has joined #openvpn
18:42 < paule32> hello
18:43 < paule32> ther server runs, how can i now use openvpn for a vpn login?
18:44 < pekster> What are you trying to do? Just connect a client, or something else?
18:45 < paule32> yes, connect
18:46 < pekster> Then you start your client on a corresponding configuration that connects to your running server instance
18:46 < pekster> It's up to you to write such a config, but there's a good !howto with throughly-commented samples.
18:46 < paule32> i have a config
18:47 < pekster> You need two configs: one for your server, and one for the client
18:47 < paule32> it seems the client connects to the server
18:47 < pekster> Connecting your client is a matter of starting openvpn using that config after the server is running
18:47 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
18:47 < paule32> but i get a message
18:47 < paule32> OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
18:48 < pekster> 2.1 is very out of date: you should update
18:48 < pekster> Beyond that, yes, use of external scripts requires you set an appropriate security-security level; see --script-security in the manpage for a description of that directive
18:53 < paule32> i download the source from openvpn download site
18:54 < paule32> depack the tar
18:54 < paule32> try to configure
18:54 < paule32> configure: error: C compiler cannot create executables
18:54 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
18:54 < pekster> You'll need to fix your compiler then. Perhaps you want to use the version packaged by your distribution?
18:55 < pekster> Pretty much any modern OS/distro will have a reasonably up-to-date openvpn package. Or you can build it from source, but a working compiler and functional set of configuration options to support your compiler are required
18:55 < pekster> See also ./configure --help for some env-vars
18:58 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
19:04 -!- saf1 [~sfn@105.158.26.201] has joined #openvpn
19:05 -!- saf1 [~sfn@105.158.26.201] has left #openvpn []
19:15 -!- paule32 [~jens@dslb-178-000-067-153.178.000.pools.vodafone-ip.de] has quit [Ping timeout: 240 seconds]
19:29 < hikenboot> getting error  ** - FATAL - **  [0] Could not open the eurephia database driver (/usr/lib/eurephia/edb-sqlite.so) anyone know what it means?
19:59 < Thermi> Well, that what it says there.
20:02 < hikenboot> yes Thermi, I had to put a simlink in place. thanks
20:02 < hikenboot> symlink
20:02 < Thermi> So you do stuff with an sqlite database?
20:05 < pekster> Sounds to me like a plugin can't invoke a shared library from there, although that should have been correctly linked at build-time; maybe the build environment for the plugin isn't correct by whatever distribution (or maintainer) did the build
20:07 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:17 -!- syedomar [~so@183.171.181.34] has joined #openvpn
20:25 < syedomar> !welcome
20:25 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
20:25 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:26 < syedomar> !route
20:26 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
20:26 <@vpnHelper> client
20:27 < syedomar> !tcpip
20:27 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know
20:27 < syedomar> !clientlan
20:27 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
20:27 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
20:37 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Ping timeout: 250 seconds]
20:40 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
20:54 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:28 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 250 seconds]
21:30 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
21:37 -!- sudo_woodo [~nan@190.234.106.50] has joined #openvpn
21:37 < sudo_woodo> Hi.
21:38 < sudo_woodo> If I join to a VPN using the same certificate from diferent machines does it always gives me the same IP?
21:38 < rob0> !static
21:38 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
21:38 < rob0> basically, no
21:40 < sudo_woodo> rob0: Then it seems I have a problem. (first of all Im not very good at this) I've sat up a VPN server. When I join from my computer (linux) and in also and in the same time in a virtualbox VM (windows) I get same IP in both
21:41 < rob0> why are you using the same certificate for two clients?
21:42 < rob0> It doesn't cost you any more to generate another cert
21:42 < sudo_woodo> rob0: I was only testing, therefore I thought the same-ip-problem was generated by the same-ceritificate stuff
21:42 < sudo_woodo> (sorry for my bad english)
21:43 < rob0> By default (a default setting which you might have changed) the second connection from the same cert disconnects the first one.
21:43 < rob0> or, maybe you did not change it, and you did get disconnected
21:43 < rob0> that would explain the same IP address
21:44 < sudo_woodo> rob0: I didn't get disconnected. I still could ping the VPN server on both machines
21:49 < pekster> While both were connected? Unless you're using one fo the !static methods, you can't (by default) connect both clients at once that way
21:50 < pekster> Note that if you connect/ping from client-1, then do the same from cleint-2, it'll take the client the --ping-restart time to notice
22:00 -!- syedomar [~so@183.171.181.34] has quit [Ping timeout: 252 seconds]
22:27 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
22:34 <@krzee> s7r, mattock
22:36 <@krzee> sudo_woodo,
22:36 <@krzee> !configs
22:36 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
22:37 <@krzee> without seeing those your question can only be guessed at
22:37 < sudo_woodo> krzee: Ok. Just a sec.
22:37 <@krzee> you did have some good guessers taking guesses tho :D
22:41 < sudo_woodo> krzee: Here is it http://susepaste.org/56080b18
22:41 <@krzee> !ipp
22:41 <@vpnHelper> "ipp" is (#1) the option --ifconfig-pool-persist ipp.txt does NOT create static ips or (#2) Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, see !iporder and !static
22:42 <@krzee> what is 192.168.123.0?  the server lan?
22:42 <@krzee> also, you may not use 2 clients with the same certificate with this config
22:42 < sudo_woodo> krzee: yes
22:42 < sudo_woodo> krzee: ok
22:43 <@krzee> the second will boot the first, then will get booted by the first, and they will continuously battle for the connection
22:43 <@krzee> in time defined by your keepalive setting
22:43 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
22:43 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
22:51 < sudo_woodo> krzee how should i generate new certificates?
22:51 <@krzee> !easyrsa
22:51 <@vpnHelper> "easyrsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Source checkouts available from the github project; current official release download is 2.2.2 with 3.x code in git-master. or (#4) Helpful wiki info about easyrsa at: https://community.openvpn.net/openvpn/wiki/EasyRSA
23:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
23:52 -!- syedomar [~so@183.171.181.93] has joined #openvpn
23:58 -!- ShadniX [dagger@p5DDFFAFB.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:58 -!- ShadniX [dagger@p5DDFF08B.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Mar 08 2015
00:07 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
00:07 -!- syedomar [~so@183.171.181.93] has quit [Quit: leaving]
00:43 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:13 -!- nullsign [~nullsign@tyrion.nullsign.com] has quit [Remote host closed the connection]
01:16 -!- sudo_woodo [~nan@190.234.106.50] has quit [Quit: Saliendo]
01:53 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
01:58 -!- tristan_c [~tristan_c@5.80.230.169] has quit []
03:06 -!- tristan_c [~tristan_c@5.80.230.169] has joined #openvpn
03:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
03:13 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
03:15 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
03:18 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
03:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:20 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
03:54 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 246 seconds]
03:55 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
03:55 < leo2007> hello
03:55 < leo2007> I have MASQUERADE  all  --  10.0.0.0/16 anywhere in iptables
03:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:55 < leo2007> my openvpn subnet is 10.0.11.0/24
03:55 < leo2007> unfortunately the client can connect to public internet.
03:55 < leo2007> ideas?
03:56 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
04:07 -!- jalnt_ [~jalnt@115-64-76-214.static.tpgi.com.au] has joined #openvpn
04:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
04:10 -!- jalnt__ [~jalnt@115-64-76-214.static.tpgi.com.au] has joined #openvpn
04:12 < jalnt__> Hey has anyone here used FlyVPN? Is it any good?
04:13 -!- jalnt_ [~jalnt@115-64-76-214.static.tpgi.com.au] has quit [Ping timeout: 264 seconds]
04:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:28 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
04:28 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:28 -!- badon_ is now known as badon
04:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
04:44 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
05:17 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:44 < pekster> leo2007: iptables -L lies: don't use it (it omits information, shows it in a horrible "column" format, and only prints one out of 5 Netfilter tables at a time. In otherwords, it sucks.) Try `iptables-save -c` to get the full picture of your ruleset, and paste that if you require assistance. There's also #Netfilter for more in-depth ruleset help
05:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
05:47 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
05:48 < leo2007> pekster: this is the rules I currently have https://bpaste.net/show/50fa2d570f57
05:49 < pekster> That is a giant mess :\
05:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:49 < leo2007> pekster: might be; this is controlled by firewalld and I configured it via firewall-cmd.
05:49 < leo2007> fedora 20.
05:49 < pekster> But see line 35: your rules custom rule has 0 hits
05:50 < pekster> You can disable the default-trash and just apply your own ruleset on boot via iptables-restore(8)
05:50 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
05:51 < leo2007> no hit? does that mean the rule is wrong?
05:51 < pekster> It means no packets match the conditions that are reaching that chain
05:52 < pekster> More likely it menas the overall design of the complete ruleset isn't correct, or perhaps that you don't have IP forwarding enabled
05:52 < pekster> At the end of the day you really ought to be maintaining your own firewall ruleset, otherwise you need to learn to decode the speghetti mess of a ruleset you have
05:52 < leo2007> tcpdum shows me 18:52:35.278361 IP 10.0.101.1 > 10.0.101.2: ICMP host 8.8.8.8 unreachable - admin prohibited, length 79
05:53 < pekster> Presumably it's getting blocked somewhere, but you need to figure out where/why (I've little interested in decoding these awful "firewall ruleset builder" things)
05:53 < pekster> I do, however, maintain a project with some simple and well-commented firewall examples: https://github.com/QueuingKoala/netfilter-samples
05:53 <@vpnHelper> Title: QueuingKoala/netfilter-samples · GitHub (at github.com)
05:54 < leo2007>  /proc/sys/net/ipv4/ip_forward is definitely 1
05:54 < pekster> Right, admin-prohib is probably returned elsewhere by your firewall ruleset
05:54 < pekster> Stop rejecting packets if you want to forward them..
05:54 < pekster> And maybe stop using this "magic" firewall builder that is doing things you don't want and is painfully hard to debug
05:55 < pekster> See my edge-router for some examples of a generic stateful firewall that can do NAT-Overload
05:55 < pekster> It'll probably more or less be what you need once you add in support for a VPN
05:58 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:58 < pekster> In fact, it's pretty obvious you haven't bothered to accept anything on filter/FORWARD (hint: look at hitcounts on lines 137 vs 144)
05:58 < pekster> But then again, having 5 chains of bullshit in FORWARD isn't helping you figure out that it's doing "nothing"
05:59 < leo2007> pekster: let me think about this. this is a fedora/centos thing and certainly I can use iptables directly.
06:00 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Ping timeout: 264 seconds]
06:06 < pekster> Also, check out the TRACE target (ref: iptables-extensions(8)) to see what rules a particular packet is hitting
06:08 -!- jalnt__ [~jalnt@115-64-76-214.static.tpgi.com.au] has quit [Ping timeout: 245 seconds]
06:22 < tristan_c> Pre-setup advice: I'm looking to run OpenVPN server on a VPS with 1 NIC / 1 public IP to route traffic from a CGNATed home broadband connection. I have this set-up running using StrongVPN, but would like to use a VPS I have. What should be added to my iptables (if that is the correct place) to allow (1) ssh access to the VPS, and (2) ssh access to the OpenVPN client (in this case an OpenWRT router)?
06:23 < pekster> Treat your RFC1918 LAN like any other downstream privately-addressed LAN and set up the permits in the firewall, plus NAT-Overload
06:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:25 < pekster> You'll _also_ need to either 1) set up policy routing on the border of your downstream LAN such that return traffic to an initial request _initiated_ from across the VPN (ie: the public Internet) goes back over your VPN-link, _or_ blindly route everything (yes, everything) going from your RFC6598 (aka CGNAT) LAN to the Internet
06:27 < tristan_c> Thanks pekster, I think I have it set up currently as 'blindly routed'. If I ssh public.ip it goes straight to my router. Obviously, this shouldn't happen with the VPS or I'd be locked out.
06:28 < pekster> CGNAT does not have a public IP
06:28 < pekster> You need to blindly route the _downstream_ LAN via the VPN or you end up with a classic case of "triangle routing"
06:29 < pekster> ie: public ssh client (C) reaches your VPN Server (S) (on whatever port you're using here for the inbound NAT) and lands on VPN Client (C) inside your RFC6598 LAN, and possibly NAT'd further into the LAN from there, as required
06:29 < pekster> Oh, to (C)'s :(
06:29 < pekster> VPN client should be Vc now ;)
06:29 < tristan_c> Yes, I guess what I'm asking is this: if I follow the instructions to get OpenVPN setup and forwarding traffic to the client, will I be locked out of my VPS?
06:29 < pekster> So, you need to avoid the case where (Vc) tries to send to the GCNAT gateway (Gg) instead of (S)
06:30 < pekster> If you do not do that, you have this inbound: (C) -> (S) -> (Vc), but then this (incorrect) flow on the outbound: (Vc) -> (Gc) -> (C)
06:30 < pekster> When _that_ happens, (C) looks at the packet from (Gc) and says "wtf mate, I asked to talk to (S), not this unknown (Gc) host" and ignores it
06:30 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
06:30 < pekster> "triangle routing"
06:32 < pekster> Configuring a server won't "lock you out" of anything, no
06:32 < pekster> Something else you do might, but presumably you have console access to your server anyway
06:36 < tristan_c> OK, so I need to add something like iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 54321 -j DNAT --to-destination router.address:54321 with ssh listening on 54321 rather than 22?
06:38 < pekster> Nope, DNAT into 22
06:38 < pekster> But you're completely ignoring the requirement to handle your return routing. From your CGNAT network
06:38 < pekster> You _CANNOT_ send this to the ISP default gateway or things will not work.
06:43 < tristan_c> I think I have openwrt / the router set up correctly with StrongVPN. Traffic flows as it should (I think). All I was wanting was to replicate the StrongVPN setup on my own VPS but maintain ssh access to the server.
06:44 < pekster> So which method are you using currently? Are you redirecting all outbound traffic to every public IP destination across the VPN, or policy routing it?
06:44 < pekster> Or are you doing truely awful things like SNAT on the inbound let from the VPN server itself?
06:45 < tristan_c> All outbound traffic from the LAN goes over the VPN
06:46 < tristan_c> I assume the StrongVPN server setup forwards all traffic to the public IP to the VPN client. This isn't what I want on my own VPS as I need to get ssh access to the server.
06:47 < pekster> No idea how that's configured
06:48 < pekster> OpenVPN does nothing magic here: NAT is always left to _you_ to configure in the usual way in your firewal
06:48 < tristan_c> I've been looking for a tutorial / how-to on how to set up what I guess would be portforwarding to allow a ssh connection to a random high port to go straight to the VPN client (router).
06:49 < pekster> #Netfilter might be more on-topic for basic firewall help. I have some examples of basic Netfilter ruleset design for edge-routers here too: https://github.com/QueuingKoala/netfilter-samples
06:49 <@vpnHelper> Title: QueuingKoala/netfilter-samples · GitHub (at github.com)
06:50 < pekster> All you need to do the NAT is a DNAT rule, but you need to integreate that into a fully functional ruleset for it to do useful things
06:50 < tristan_c> Great - I'll take a look. But I can go ahead and install OpenVPN and get a gateway set up without fear of locking myself out!
06:51 < tristan_c> Then can work on getting the NAT / firewall set up as I want.
06:51 < pekster> The setup you want is basically that of the !howto, followed by !redirect (the latter of which sets up a configuration by which all of the VPN Client's outbound traffic to the Internet flows via the VPN)
06:53 < tristan_c> Yes - my concern was purely locking myself out - there is no issue ssh'ing in to the server then in to the router to gain access, and can always nc it on a dedicated login to jump the extra hop
06:54 < tristan_c> Thanks for the pointers.
06:55 < tristan_c> !howto
06:55 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
06:55 < tristan_c> !redirect
06:55 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
06:55 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
06:57 < tristan_c> !def1
06:57 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
06:58 < tristan_c> !nat
06:58 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
07:04 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:16 -!- _bt [~bt@unaffiliated/bt/x-192343] has quit [Quit: bye]
07:28 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
07:37 -!- mattock_afk is now known as mattock
07:48 <+s7r> thanks krzee -> left him a message ow on IRC.
07:54 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
07:55 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
08:00 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Quit: Quit]
08:00 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
08:01 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
08:33 -!- kexmex [~kexmex@78.111.190.230] has joined #openvpn
08:33 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
08:34 -!- kexmex [~kexmex@78.111.190.230] has quit [Client Quit]
08:39 <+s7r> is there a limit of max. concurrent connections an openvpn community edition server can handle ?
08:39 <+s7r> assuming server performance and bandwidth are very good
08:41 < pekster> Just resource limits (CPU, bandwidth, memory, etc)
08:41 < pekster> There are no technical limitations preventing you from running into such resource limits if that's what you're asking
08:48 <+s7r> yeah
08:48 <+s7r> that was what i was asking - thanks:)
08:50 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
08:54 -!- tristan_c [~tristan_c@5.80.230.169] has quit []
09:08 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
09:17 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
10:00 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
10:03 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:03 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-pkbforagbfdyfkeb] has joined #openvpn
10:05 < kwmiebach> Hi, I am migrating a p2p tunnel from ubuntu 12.04 do debian jessie. I cannot find the openvpn logfiles on jessie
10:06 < kwmiebach> in /var/log/syslog there is no entries form openvpn although I changed openvpn log level to 7
10:06 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
10:06 < kwmiebach> *from
10:08 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:10 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Quit: ZNC - http://znc.in]
10:11 < kwmiebach> I managed to start the connection manually, so I can see the logs in the terminal.
10:12 < kwmiebach> and everything is fine. tun interface works, connection works, tunneling is alive and working. But when I start the service nothing works anymore - so I was looking for the logfiles
10:13 <+s7r> p2p tunel?
10:13 <+s7r> define that
10:19 < kwmiebach> sorry if I used the wrong wording, english is not my mother language. I belive I have to get the logfiles out of systemd
10:19 < kwmiebach> I can also show you the config file
10:22 < kwmiebach> http://www.pastebin.ca/2952884
10:25 -!- rich0_ is now known as rich0
10:25 < pekster> !logfile
10:25 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
10:25 <+s7r> you mean http://wiki.openvpn.eu/index.php/Config_P2P ?
10:25 <@vpnHelper> Title: Config P2P – OpenVPN Wiki (at wiki.openvpn.eu)
10:28 < pekster> s7r: --mode p2p
10:28 < pekster> It's one of 2 basic operating modes openvpn has, contrast this with a P2MP setup
10:29 < kwmiebach> Is it possible systemd redirects the log to somehwere else, even if I put "log /my/logifile" in the config file?
10:30 <+s7r> pekster yeah didn't know. reading about it now. what are the other operating modes?
10:30 < pekster> That's it
10:31 < pekster> Ergo the "2"
10:31 < kwmiebach> When I start manually everything works
10:31 < kwmiebach> Even the logging to my defined logifle works
10:31 < pekster> Then your problem is systemd and/or the init wrapper you're using
10:31 < kwmiebach> When I start as a "service" I get no tun device, no tunnel and no logfiles
10:32 < kwmiebach> OK how do I get rid of systemd then? I dont need it and the last 10 years with linux were a beautiful time
10:32 < kwmiebach> sorry I was kidding
10:32 < pekster> So read the documentation on your distribution/service wrapper then? Or ask an appropriate user/mailing list?
10:32 < pekster> Chances are good it's "helpfully" adding in other options to magically do things for you
10:33 < kwmiebach> pekster ok thats a good idea
10:33 < pekster> If you want this magic it does, great, but if not you need to utilize this service / init wrapper to have it _not_ do the crap you don't want
10:33 < kwmiebach> can t I just use monit to start openvpn ?
10:34 < pekster> You can start openvpn however you want, via whatever means is appropriate to your usecase and needs
10:34 < kwmiebach> I will probably do that. thank you :)
10:41 < kwmiebach> I just found this discussion "Using OpenVPN with systemd" maybe it could also help me http://unix.stackexchange.com/a/149003/2418
10:41 <@vpnHelper> Title: debian - Using OpenVPN with systemd - Unix & Linux Stack Exchange (at unix.stackexchange.com)
10:44 -!- nickSwe [~quassel@2605:6000:9b86:c700:9ccf:8:4c86:98de] has joined #openvpn
10:54 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
10:56 < kwmiebach> Now I solved it: After installation of openvpn service in debian there is a setting in /etc/default/openvpn which I had to uncomment: #AUTOSTART="all"
10:57 < kwmiebach> What server os do you guys run openvpn on?
10:59 <+s7r> pekster but can you have mode p2p with more than 2 peers?
11:01 < Thermi> kwmiebach: Hey, I run OpenVPN on Arch, which uses systemd, too.
11:01 < Thermi> What problems do you have? What do you do?
11:02 < kwmiebach> Thermi: it runs fine now. I just had to enable all VPNs
11:02 < Thermi> Good
11:03 < kwmiebach> In debian's /etc/default/openvpn each VPN has to be enabled - I enabled all that exist.
11:03 < Thermi> That's interesting. I wrote my own systemd unit file, which works much nicer
11:03 -!- liriel [~liriel@asia.feralhosting.com] has quit [Ping timeout: 244 seconds]
11:03 < Thermi> It's called using systemctl enable openvpn@(profile name).service
11:04 < Thermi> It basicly enables the service to use the config files in /etc/openvpn/
11:04 < Thermi> and starts openvpn --config /etc/openvpn/(profile name).service
11:05 < pekster> s7r: No, p2p is just a point-to-point link between two endpoints. You can use TLS with that mode, though
11:05 < kwmiebach> Thermi I can paste the systemd unit file that is running here if you tell me where i find it?
11:05 -!- FrEaKmAn_ [~Erol@93-103-137-127.dynamic.t-2.net] has joined #openvpn
11:06 < kwmiebach> s7r I have a server and several clients with p2p - what I am doing is I create a VPN for each of them with a different port and different key and config
11:06 < kwmiebach> they cannot see each other but the server can talk to all of them
11:06 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
11:06 < pekster> P2MP is usually more appropriate for that, but it depends on your needs
11:07 -!- Denial [~Denial@5.80.233.145] has joined #openvpn
11:14 < kwmiebach> Thermi: https://gist.github.com/hbsdev/3fe80d2a4fcd770da9c1 this is the openvpn sysdtemd file on debian jessie
11:14 <@vpnHelper> Title: debian jessie openvpn systemd (at gist.github.com)
11:16 < Thermi> kwmiebach: What a nonesensical unit
11:17 < Thermi> It never calls openvpn
11:34 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: ["Textual IRC Client: www.textualapp.com"]]
11:42 -!- FrEaKmAn_ [~Erol@93-103-137-127.dynamic.t-2.net] has quit [Ping timeout: 252 seconds]
11:43 < kwmiebach> Thermi: so are you sharing your openvpn systemd script?
11:43 < kwmiebach> but I guess it has different paths on archlinux
11:43 < Thermi> kwmiebach: Sure: https://bpaste.net/show/a8ce90b5e202
11:47 < kwmiebach> thank you. looks very celan. So %i is the variable for the VPN, so each VPN has its own systemd service, nut how do you tell systemd about the services?
11:47 < kwmiebach> but
11:48 < Thermi> kwmiebach: The %i is a variable you use in calling the unit
11:48 < Thermi> systemctl start openvpn@myfirstprofile.service
11:48 < Thermi> The part between the @ and the .service is replacing the %i in the service file basicly
11:48 < kwmiebach> i see
11:50 < Thermi> I have second one
11:50 < Thermi> that is simpler
11:50 < Thermi> https://bpaste.net/show/38edd0b9e5b2
11:50 < Thermi> But you have to set the Require and After to the correct target for when the network is online
11:51 < Thermi> On my systems, I have my own service definitions to bring the network up
11:52 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:52 < Thermi> And those are set as requirement for network.target
11:53 < Thermi> So stuff works alright for me
11:55 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:59 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
11:59 < kwmiebach> thank you for sharing.
12:19 -!- mattock is now known as mattock_afk
12:32 -!- tristan_c [~tristan_c@5.80.230.169] has joined #openvpn
12:36 < tristan_c> Hello all - help needed. I have a physically remote router (connected over a 4G dongle) acting as the OpenVPN client. The server is a StrongVPN instance, so I have no access to their setup etc. Every so often the VPN goes down (presumably due to a network glitch over the 4G connection) and doesn't come back up. The 'down' script isn't run (which would run autossh to allow me to tunnel in via a remote server). Any idea why the down script w
12:36 < tristan_c> ouldn't be run or, indeed, why OpenVPN wouldn't try to reconnect?
12:36 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Quit: x]
12:37 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:46 -!- tristan_c [~tristan_c@5.80.230.169] has quit []
12:46 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
12:48 -!- kexmex [~kexmex@195.42.130.233] has quit [Client Quit]
12:52 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
13:01 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
13:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
13:31 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:41 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
14:00 -!- tristan_c [~tristan_c@5.80.230.169] has joined #openvpn
14:00 -!- nickSwe [~quassel@2605:6000:9b86:c700:9ccf:8:4c86:98de] has quit [Ping timeout: 256 seconds]
14:25 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
14:27 -!- _bt [~bt@unaffiliated/bt/x-192343] has joined #openvpn
14:41 < tristan_c> !paste
14:41 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
14:41 < tristan_c> !configs
14:41 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:00 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has joined #openvpn
15:01 < bandroidx> hi, i am trying to do realtime audio over openvpn where the latency needs to be as tiny as possible.  would it make sense to turn off compression and reduce encryption?  the traffic/data is not senstive in the slightest, I am only using openvpn to bridge 2 networks, ideally it would have no encryption
15:02 < bandroidx> i did some googling saw there is an option of auth none and cipher non
15:02 < bandroidx> none
15:17 < bandroidx> i disabled cipher and auth and increased my snd and rcv buf and it helped my packet loss immensly
15:17 < bandroidx> went from 3% loss to 0.03%
15:19 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
15:20 <@krzee> why would you bridge when just doing realtime audio?
15:20 <@krzee> should not be using tap at all
15:24 < Thermi> Do NOT bridge networks unless absolutely necessary (but even then, the network design that makes this necessary is still retarded)
15:24 < Thermi> You should route the networks and use TUN devices
15:25 < Thermi> Also, you should at least authenticate the traffic#
15:25 < bandroidx> because the program i am using will only allow clients a) on the same local subnet and b) that are in the same broadcast domain
15:25 < Thermi> Otherwise anyone can spoof traffic
15:25 < Thermi> That is silly.
15:25 < bandroidx> i didnt write it
15:25 < Thermi> Yes, still silly.
15:25 < Thermi> (The program, not you)
15:25 < bandroidx> trust me, i agree
15:26 <@krzee> id use a better program
15:26 < Thermi> Like I said, please authenticate the traffic
15:26 < Thermi> And make sure nothing confidential is going over the tunnel
15:26 <@krzee> ^ very true
15:26 < Thermi> you can use iptables for that
15:26 < bandroidx> krzee: its not possible
15:26 < bandroidx> its software designed for a specific piece of hardware
15:26 < bandroidx> http://www.flexradio.com/amateur-products/flex-6000-signature-series/smartsdr/
15:26 <@vpnHelper> Title: FlexRadio Systems SmartSDR for Windows (at www.flexradio.com)
15:26 <@krzee> bandroidx, as someone who uses realtime voice over openvpn for his business, im going to say it is possible without bridging.
15:27 < bandroidx> krzee: the program will only connect to radios that are on the same subnet and it finds the radios with broadcasts, i am open to better ideas
15:28 <@krzee> terrible
15:28 <@krzee> gunna go shower, i cosign everything thermi said above
15:29 < bandroidx> its stupid they dont want people using it unless on the same local lan until their wan support is included
15:29 < bandroidx> i have asked for the ability to just put in the radio ip and connect
15:29 < bandroidx> but they wont do it
15:29 < bandroidx> it would solve all my problems
15:30 < bandroidx> Thermi: if i auth none, its not using the certs at all?
15:30 < bandroidx> i must have read a forum post wrong
15:30 < bandroidx> i thought it would still require having a correct cert in the servers ca
15:30 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
15:31 < bandroidx> if someone wants to sniff my traffic i dont care, its all ham radio so its going over the open airways anyways
15:31 < bandroidx> but i dont want someone to be able to connect to my vpn just randomly
15:31 < Thermi> auth is not about ensuring confidentiality
15:31 < Thermi> it ensures authenticity
15:32 < Thermi> if you do not authenticate your traffic anyone with access to the tunnel (hops in between, guys who have access to the wires between the hops,....) can insert traffic into your tunnel and it will not be noticed
15:32 < bandroidx> so with auth none, any one could connect to the vpn server without a cert?
15:32 < Thermi> Basicly anyone with access to the data stream has access to your LAN
15:32 < bandroidx> ok i will add back auth
15:32 < Thermi> Read the man page
15:32 < bandroidx> and leave cipher off
15:32 < Thermi> That is okay
15:33 < bandroidx> i am guessing auth will add very little overhead anyways
15:33 < Thermi> Yes.
15:33 < Thermi> What CPUs do the endpoints have?
15:34 < bandroidx> Thermi: the client is an i7-2600k but in virtualbox, the server however is a raspberry pi
15:34 < Thermi> Hmh.
15:35 < Thermi> A RPI is really not very powerful
15:35 < bandroidx> i may upgrade the server to a raspberry pi 2
15:35 < bandroidx> i have a windows machine on the remote lan i could probably use, i just hate using windows as a server of just about anything
15:35 < Thermi> Correct.
15:35 < bandroidx> raspberry pi 2 would probably do the trick, they are quite powerful
15:36 < Thermi> compared to the RPI
15:36 < bandroidx> what seemed to make the biggest difference was adjusting the rcvbuf and sndbuf
15:36 < Thermi> That is probably.
15:36 < Thermi> *probable
15:36 < bandroidx> changing the 2 buf settings dropped the packet loss from 3% to basically 0
15:37 < Thermi> You can cut down on the bandwidth used by dropping packets which are not what you want
15:37 < bandroidx> well if enabling auth keeps things the way they are now then i am golden
15:37 < bandroidx> as its working perfectly right now
15:37 < Thermi> Yes.
15:37 < Thermi> However, you do not want unnecessary traffic to be forwarded over the tunnel
15:38 < Thermi> e.g. Windows discovery stuff
15:38 < bandroidx> yeah the client is virtualbox using nat so at least its not sending my entire local network over the wire
15:38 < bandroidx> i will need to block the remote lan crap though
15:38 < bandroidx> luckily there isnt much on the remote lan
15:40 < tristan_c> bandroidx: I switched from a RPi to a BananaPi - seems to cope with VPN traffic a lot better
15:43 < bandroidx> tristan_c: i havent seen one of those
15:45 < bandroidx> they seem similiar to a rpi 2
15:45 < bandroidx> they have gigabit nic though on the banana that is nice
15:55 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
16:00 -!- ausjke [~xxiao@li259-246.members.linode.com] has quit [Remote host closed the connection]
16:05 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
16:06 < tristan_c> yep, exactly - so all the traffic doesn't go on the USB interface
16:06 < tristan_c> I found it quite a bit faster when using a 4G dongle and a VPN
16:06 < tristan_c> Much less CPU load
16:18 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:32 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:49 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:6d8f:6ab6:9730:38be] has joined #openvpn
16:49 < wiflix> gnarf
16:49 < wiflix> mornin
16:51 < wiflix> my openvpn config using auth-user-pass-verify with via-env works when run standalone, but not when startes using service start
16:51 < wiflix> thought it would be script security, set it to "3" in the startup script
16:51 < wiflix> of no use
17:01 -!- tristan_c [~tristan_c@5.80.230.169] has quit []
17:01 -!- mattwj2002 [~Matt@wikisource/pdpc.active.mattwj2002] has joined #openvpn
17:02 < mattwj2002> hi all
17:02 < mattwj2002> :)
17:02 < mattwj2002> split tunnel with openvpn?
17:02 < mattwj2002> how the heck do you do that?
17:02 < mattwj2002> :)
17:06 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:6d8f:6ab6:9730:38be] has quit [Remote host closed the connection]
17:06 < bandroidx> is it normal to get a descent amount of fragmented ip protocol packets?
17:07 < bandroidx> decent
17:07 < bandroidx> i tried setting fragment 1460 as per some info i found on the forums but still getting them
17:08 < bandroidx> it appears the ones that are fragmented are all size 1514
17:08 < bandroidx> so i assume i have an mtu issue of some sort but i thought fragment 1460 would fix that
17:14 < mattwj2002> bandroidx: what is the maximum mtu on ethernet?
17:14 < bandroidx> mattwj2002: it should be 1500
17:14 < mattwj2002> i was thinking 1518
17:14 < mattwj2002> maybe I am wrong
17:15 < mattwj2002> sorry new to openvpn as well
17:15 < mattwj2002> :)
17:15 < bandroidx> well i know for sure on the openvpn server its 1500
17:15 < mattwj2002> bandroidx: do you know how to empty old configs in the android client?
17:15 < mattwj2002> oh okay
17:15 < mattwj2002> bandroidx: I think it varies
17:16 < bandroidx> mattwj2002: no ive never used the android client
17:16 < mattwj2002> ok np
17:16 < bandroidx> i would assume you wipe data for the app
17:17 < mattwj2002> oh yeah
17:17 < mattwj2002> good call
17:19 < mattwj2002> bandroidx: I am running openvpn on a raspberry pi with asterisk :P
17:19 < mattwj2002> bandroidx: what is your application?
17:20 < bandroidx> i'm also running on a raspberry pi
17:20 < mattwj2002> neato!
17:20 < bandroidx> and i have a feeling the pi is whats causing the fragments
17:20 < bandroidx> it probably cant keep up
17:20 < bandroidx> i plan on replacing it with a raspberry pi 2
17:20 < mattwj2002> nice
17:20 < mattwj2002> A, B, or B+ currently?
17:21 < bandroidx> old school B
17:21 < mattwj2002> :|
17:21 < mattwj2002> me too!
17:21 < mattwj2002> :D
17:21 < bandroidx> its years old
17:21 < bandroidx> the pi2 is so much nicer
17:21 < mattwj2002> indeed
17:21 < mattwj2002> pi2 is on my radar as well
17:22 < mattwj2002> quad core!
17:22 < mattwj2002> and better hardware too
17:22 < bandroidx> yeah i already have one its a huge improvement
17:23 < bandroidx> its actually usable in x windows compared to the original pi
17:23 < mattwj2002> neat
17:24 < mattwj2002> plus it'll running windows 10 if you are one of those people :)
17:24 < bandroidx> its nice you get that for free but i am not interested in that lol
17:25 < mattwj2002> I might try it out
17:25 < mattwj2002> but yeah
17:25 < mattwj2002> I perfer Linux
17:25 < mattwj2002> *prefer
17:28 < mattwj2002> bandroidx:
17:28 < mattwj2002> this I know for sure with my openvpn/asterisk combo....it always drops the first few seconds of my connection....I think it could be low cpu and/or memory
17:29 < mattwj2002> I literally see the packets dropping with my sip client
17:29 < mattwj2002> it shows packet drop and delay
17:29 < mattwj2002> delay aka latency
17:32 < bandroidx> yeah same thing here mattwj2002
17:33 < bandroidx> i always get dropped packets when i start
17:33 < mattwj2002> it has to be a pi issue
17:33 < bandroidx> but i am getting like 5% of my packets as reassembled fragments whose size are 1514 (UDP packets of the streaming audio)
17:33 < bandroidx> my guess is that something cant keep up
17:33 < bandroidx> most likely the pi
17:33 < bandroidx> i might try to over clock it for now to see if that might help
17:34 < bandroidx> i disabled SPI on my dd-wrt router to rule that out
17:34 < mattwj2002> how much are you thinking?
17:34 < bandroidx> just an extra 100mhz
17:34 < bandroidx> the pi is in a remote location so i cant easily switch to the pi 2
17:34 < mattwj2002> ah got ya
17:35 < bandroidx> its only using 36% of the pi cpu
17:35 < bandroidx> but it could be something else going on with the pi
17:35 < mattwj2002> what is memory up to?
17:36 < bandroidx> i have to double check but i dont think its using much at all
17:36 < bandroidx> yeah its like 80% free
17:36 < bandroidx> ps aux
17:36 < bandroidx> derp
17:38 < mattwj2002> bandroidx:
17:38 < mattwj2002> I just overclocked
17:38 < mattwj2002> I'll let you knwo
17:38 < bandroidx> cool thanks
17:38 < mattwj2002> 700 Mhz -> 800 Mhz
17:38 < mattwj2002> no problem
17:38 < mattwj2002> we are basically fighting the same issue
17:38 < mattwj2002> :)
17:38 < bandroidx> yeah i have run the pi at 900mhz no problem for ages
17:38 < bandroidx> well its possible my issue is a config issue
17:38 < mattwj2002> same here
17:39 < bandroidx> i tried everything i could find online
17:39 < bandroidx> mssfix
17:39 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:39 < bandroidx> fragment 1450
17:39 < mattwj2002> what is mssfix?
17:39 < mattwj2002> mtu setting?
17:39 < bandroidx> it was a waste for me, its only for tcp
17:39 < mattwj2002> oh
17:39 < bandroidx> my issue is with udp packets
17:39 < bandroidx> but yeah it fixes mtu for tcp stuff
17:39 < mattwj2002> brb
17:40 < bandroidx> you can see my issue here: http://i.imgur.com/fmj7TRQ.png
17:42 < mattwj2002> no change here
17:42 < mattwj2002> :(
17:42 < mattwj2002> bandroidx: wireshark nice
17:42 < bandroidx> yeah i figured it would be too little to do something
17:43 < mattwj2002> bandroidx: what about a buffering issue?
17:43 < bandroidx> well it was horrible at first
17:43 < bandroidx> like 4% packet loss
17:43 < bandroidx> then i changed the snd and rcvbuf and it massively improved
17:43 < mattwj2002> nice
17:43 < bandroidx> i set
17:43 < bandroidx> sndbuf 393216 rcvbuf 393216
17:44 < bandroidx> that made a massive improvement
17:44 < bandroidx> it was unusable before i did that
17:44 < bandroidx> perhaps the values are too high for the pi to support though
17:44 < bandroidx> default is around 64000 i think
17:44 < bandroidx> maybe i need to adjust somewhere in the middle
17:44 -!- jalnt [~jalnt@115-64-76-214.static.tpgi.com.au] has joined #openvpn
17:44 < bandroidx> Thermi: you still around?
17:45 < Thermi> Yes
17:45 < bandroidx> if you got a second, have a question about fragment/mtu issue
17:45 < Thermi> Go
17:45 < bandroidx> i am getting a lot of fragments of 1514 with udp as seen here: http://i.imgur.com/fmj7TRQ.png
17:46 < bandroidx> is that normal or indicates an issue with mtu?
17:46 < bandroidx> i tried adjusting fragment to 1450 on both sides with no change (tried that based on info i found online)
17:47 < Thermi> The reason thos are fragmented is simple
17:47 < Thermi> *those
17:47 < Thermi> the standard MTU for ethernet is 1500
17:47 < Thermi> Anything larger will be fragmanted
17:47 < Thermi> *fragmented
17:48 < mattwj2002> Thermi: on a cisco router isn't it 1518?
17:48 < mattwj2002> where the heck did I get that number from?
17:48 < Thermi> If you have links on the route between two hosts, where the MTU is even lower, it will be fragmented even further
17:48 < bandroidx> Thermi: well i know for sure the openvpn server is 1500
17:48 < Thermi> mattwj2002: The MTU on ethernet is standardized.
17:48 < mattwj2002> ok
17:48 < bandroidx> can i prevent the 1514 sized packets in openvpn config?
17:48 < Thermi> There are jumbo frames available, which have larger MTUs, but that is not the standard ethernet
17:49 < bandroidx> to avoid the fragments? i tried setting fragment 1450 with no luck
17:49 < Thermi> What port is your openvpn stuff running on?
17:49 < bandroidx> Thermi: 1194 on the server and 11194 on the router
17:49 < mattwj2002> Thermi: we were both right
17:49 < mattwj2002> "The MTU is the maximum payload length for a  particular transmission media. For example, the MTU for Ethernet is  typically 1500 bytes. (The maximum packet length for Ethernet is  typically 1518 bytes, but that includes 14 bytes of Ethernet header and 4 bytes of CRC, leaving 1500 bytes of payload.)"
17:49 < mattwj2002> http://wiki.wireshark.org/MTU
17:49 <@vpnHelper> Title: MTU - The Wireshark Wiki (at wiki.wireshark.org)
17:50 < bandroidx> Thermi: the router is translating from 11194 to 1194
17:50 < Thermi> Be aware that the MTU is the maximum transmission unit
17:50 < Thermi> and packets on layer two are actually called _frames_
17:50 < Thermi> So if you do anything network relevant over hops, the MTU is always your maximum packet length (1500 byte)
17:50 < mattwj2002> so true
17:50 < mattwj2002> :)
17:51 < Thermi> Any overhead you have because of either protocol headers or other stuff is subtracted from the maximum frame/packet length
17:51 < Thermi> So your 1518 byte effectively go down to 1500 byte which is also the MTU set on the interface and routes over ethernet
17:51 < mattwj2002> yup makes sense
17:51 < bandroidx> should i try setting tun-mtu to 1450? it said in the docs that it should be avoided messing with it
17:51 < Thermi> Unless you use jumbo frames
17:52 < mattwj2002> well guys
17:52 < mattwj2002> I need to fly
17:52 < mattwj2002> have a good one
17:52 < mattwj2002> nice chatting with you all bye! :D
17:52 < bandroidx> later mattwj2002 good luck
17:52 < Thermi> mattwj2002: bye
17:52 < mattwj2002> thanks you too
17:52 < mattwj2002> bye gentlemen
17:52 -!- mattwj2002 [~Matt@wikisource/pdpc.active.mattwj2002] has left #openvpn []
17:53 < Thermi> bandroidx: Interesting. The reassembled packets are smaller than the sum of the fragments
17:53 < Thermi> I assume the fragments are actually smaller than that
17:53 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 240 seconds]
17:53 < Thermi> the fragments aren't 1514 byte long each
17:53 < Thermi> I assume what is transmitted there are IP fragments which were fragmented somewhere on an earlier link on the route between your two hosts
17:54 < Thermi> Where do you get that capture?
17:54 < Thermi> Do you capture the openvpn tun/tap device?
17:54 < bandroidx> Thermi: yes, i am capturing the tap device
17:54 < bandroidx> on the windows client
17:54 < bandroidx> here is the full info on one of the frames: http://i.imgur.com/rpGQWTA.png
17:55 < bandroidx> are a certain amount of these fragments to be expected and normal in a good setup or does it idincate an issue?
17:55 < bandroidx> id say about 3-5% are these
17:55 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
17:55 < Thermi> That depends on the context you are using openvpn in. If you use it to route traffic between two networks, it can be that the traffic is _prefragmented_
17:55 < Thermi> Linux does not reassemble the IP packets, if it just routes them-
17:56 < bandroidx> its in bridged mode
17:56 < bandroidx> so yeah i guess so
17:56 < bandroidx> it wouldnt be at all related to the size of my buf's of 393216 right?
17:56 < Thermi> I do not know how Linux behaves if traffic needs to be fragmented on the bridge
17:57 < Thermi> No, the send and receive buffers are just how long the buffer of the socket is
17:57 < bandroidx> ok just double checking as i changed those
17:57 < Thermi> That means how much byte can be stored in the buffer until a packet is sent out
17:57 < bandroidx> ah ok
17:57 < Thermi> Or how much you can store in it, unless you are not allowed to store anymore byte in it.
17:57 < bandroidx> i am having an ew issue now too where i go from 4mbit to .5mbit for a few seconds and i lose all audio and then it comes back
17:58 < bandroidx> wasnt having that before i started messing with it, but i put everything back to the way it was and its still happening
17:58 < bandroidx> the raspberry pi i checked its never going over 40% cpu usage
17:58 < bandroidx> and the router has near 0% load average
17:58 < Thermi> what do thos 4 mbit and .5 mbit mean?
17:59 < bandroidx> just total bandwidth
17:59 < bandroidx> i am watching the bandwidth monitor in dd-wrt
17:59 < bandroidx> i dont know if this drop out is related to the fragments or not
18:00 < bandroidx> http://i.imgur.com/jTqpU5C.png
18:00 < bandroidx> that is what ia m talking about
18:00 < bandroidx> this is a new issue
18:01 < Thermi> That is interesting.
18:01 < bandroidx> that wasnt happening earlier
18:01 < Thermi> What is happening on the network?
18:01 < bandroidx> it doesnt lose connection, just the audio drops out
18:01 < bandroidx> perhaps its related more to the radio software or the radio itself
18:01 < Thermi> That can be.
18:02 < bandroidx> frames continue to come through via wireshark but none of the udp audio frames
18:03 < bandroidx> i thought at first the rpi was hitting 100% cpu but its not, its at 40% when it happens, drops to 20% while its happening and then bounces back to 40%
18:03 < bandroidx> perhaps something is being overwhelmed on the weak raspberry pi, idk
18:03 < Thermi> Try to capture on the PI
18:04 < bandroidx> yeah i could try that, not sure if it has enough juice left to handle it but i can try
18:04 < Thermi> You do not need to run tcpdump and write it somewhere
18:05 < Thermi> it is sufficient to look at the data you're interested in
18:05 < Thermi> tcpdump -s 0 -n -i bridge-device 'udp and port xxxx'
18:06 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-sztrmanusnepnbmg] has joined #openvpn
18:08 < bandroidx> so far they are all length 1052 and less
18:08 < bandroidx> waiting for a drop out
18:09 < bandroidx> ok had a drop out
18:09 < bandroidx> they slow down massively and are very small length
18:10 < bandroidx> you can see here they are coming in around length 1052 and then all of a sudden slow down to one or two a second and are less than 100 in length http://pastie.org/10010716
18:10 < bandroidx> interesting
18:11 < bandroidx> that is on port 4993
18:11 < bandroidx> it also uses 4994
18:11 < bandroidx> when it drops on 4994 they all go to size 31
18:11 < bandroidx> and port 4994 has lenghts of over 2000 regularly
18:11 < Thermi> I assume that's all audio data
18:11 < bandroidx> correct
18:11 < Thermi> And well, when there's not much data
18:11 < bandroidx> probably one way is rx and tx
18:11 < Thermi> or it's easily compressable
18:11 < Thermi> then the frames are very small
18:11 < Thermi> I suggest looking at your radio
18:12 < bandroidx> yeah it could very well be a bug with the radio, i may need to reboot it
18:12 < bandroidx> http://pastie.org/10010720
18:12 < bandroidx> that is where those fragments are coming from
18:12 < Thermi> Oh yes
18:12 < bandroidx> got some there over 6000
18:12 < Thermi> But those 2818 byte long UDP packets are surely fragmented
18:12 < Thermi> guaranteed
18:13 < bandroidx> 192.168.1.147 is the radio
18:13 < bandroidx> so that is coming from the radio
18:13 < Thermi> They're just reassembled there for some reason
18:13 < Thermi> maybe tcpdump fools you in that aspect
18:13 < Thermi> and there are actually giant fragments
18:13 < bandroidx> perhaps the pi cant keep up with reassmbling them all
18:14 < Thermi> I don't think so
18:14 < bandroidx> you mean you dont think that is the problem ?
18:14 < Thermi> I'm looking for BPF syntax
18:15 < Thermi> to find out what syntax I need to use to view IP fragments, too
18:15 < bandroidx> if i set tun-mtu to 1450 then it would prevent openvpn frrom sending through these 1514 fragments right?
18:16 < Thermi> Like I said, I do not think the fragments are 1514 byte each, as they would be fragmented on the VPN link
18:48 < bandroidx> well the drop outs stopped
18:49 < bandroidx> but the audio is still rough
18:49 < bandroidx> lots of micro drops
19:02 -!- droid909 [~droid909@unaffiliated/droid909] has joined #openvpn
19:02 < droid909> guys, what openvpn clinet for windows should i use?
19:02 < droid909> client*
19:03 < droid909> here installer https://openvpn.net/index.php/open-source/downloads.html ?
19:03 <@vpnHelper> Title: Downloads (at openvpn.net)
19:03 < droid909> like this one? openvpn-install-2.3.6-I602-x86_64.exe
19:03 < droid909> or is it a server and client with CLI interface?
19:07 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
19:09 <+esde> depends on your windows version but you will need a version of openvpn-install-*.exe
19:13 < droid909> esde: windows 7
19:13 < droid909> thanks
19:18 -!- Denial [~Denial@5.80.233.145] has quit [Ping timeout: 264 seconds]
19:19 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection timed out]
19:20 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:23 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn ["Leaving"]
19:27 -!- Denial [~Denial@81.141.9.229] has joined #openvpn
19:32 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
19:32 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:59 -!- crocket [~crocket@unaffiliated/crocket] has joined #openvpn
21:00 < crocket> Is it possible for torrent clients to leak traffic outside OpenVPN?
21:04 -!- Azrael [~azrael@terra.negativeblue.com] has quit [Ping timeout: 250 seconds]
21:29 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 255 seconds]
21:31 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
21:41 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 272 seconds]
21:43 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
22:27 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
22:29 -!- scientes [~scientes@unaffiliated/scientes] has joined #openvpn
22:30 < scientes> how do i run both nginx and openvpn on port 443 at the same time?
22:30 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
22:30 < scientes> and i want to use --float
22:30 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
22:31 < scientes> i've done it with ssh tunnels by hacking nginx source, but that doesn't support --float
22:31 < scientes> and I've been told it is possible with dpi in linux
22:37 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:42 < crocket> scientes, Why would you want to do that?
22:42 < crocket> That's very triciky even if it was possible.
22:42 < scientes> https://github.com/shawnl/multiplexd/blob/master/multiplexd.go
22:42 <@vpnHelper> Title: multiplexd/multiplexd.go at master · shawnl/multiplexd · GitHub (at github.com)
22:42 < scientes> its certainly possible
22:43 < scientes> well, i don't know how float differs
22:43 < scientes> because firewall admins are evil.....
22:43 < scientes> and i still want to host a web site
22:43 < scientes> the problem with that patch is that nginx doesn't know what it is listening to
22:43 < scientes> so it breaks some cgi stuff
22:45 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Quit: I Was Just De-c0ded!]
22:47 -!- crocket [~crocket@unaffiliated/crocket] has left #openvpn ["Leaving"]
22:49 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
22:51 < scientes> ahhh how about I just pass openvpn file descriptors over a unix domain socket?
22:54 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
22:56 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
23:16 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:22 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 250 seconds]
23:32 -!- `hypermist` is now known as sleepypc
23:35 -!- sleepypc is now known as `hypermist`
23:43 -!- `hypermist` is now known as sleepypc
--- Day changed Mon Mar 09 2015
00:56 -!- ShadniX [dagger@p5DDFF08B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:58 -!- ShadniX [dagger@p5DDFE533.dip0.t-ipconnect.de] has joined #openvpn
01:06 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:18 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
01:18 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
01:20 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-sztrmanusnepnbmg] has quit [Quit: Connection closed for inactivity]
01:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:29 -!- scientes [~scientes@unaffiliated/scientes] has quit [Ping timeout: 245 seconds]
02:00 -!- mattock_afk is now known as mattock
02:05 -!- sleepypc is now known as `hypermist`
02:17 -!- _bt [~bt@unaffiliated/bt/x-192343] has quit [Ping timeout: 246 seconds]
02:20 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 264 seconds]
02:21 -!- tessier [~treed@kernel-panic/copilotco] has joined #openvpn
02:24 < tessier> Hello all! I am planning to connect to datacenters via an OpenVPN tunnel. I want it to bridge so that nobody needs to know about any special routing to be able to talk to machines in the other datacenter. OpenVPN can do this, right? http://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html suggests that it can do what I have in mind. It would have to implement arp helper type functionality etc.
02:24 <@vpnHelper> Title: Ethernet Bridging (at openvpn.net)
02:36 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:44 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 256 seconds]
02:47 -!- mete [~mete@91.247.253.160] has joined #openvpn
03:19 < leo2007> can one use different tls-auth keys for server and client?
03:19 <@syzzer> leo2007: no, it is a shared key, both client and server need to have the same key
03:20 < leo2007> syzzer: thanks. that's what I thought.
03:23 -!- FrEaKmAn_ [~erol@cpe-90-157-164-165.static.amis.net] has joined #openvpn
03:24 < FrEaKmAn_> hi all.. I don't understand the following configuration
03:24 < FrEaKmAn_> ifconfig-push 10.9.0.1 10.9.0.2
03:24 < FrEaKmAn_> I want for my vpn clients to have static ips
03:24 < FrEaKmAn_> and this is in ccd/device1 ... so what should be settings for device2?
03:35 -!- mattock is now known as mattock_afk
03:50 -!- Cultist [~CultOfThe@67.175.170.187] has quit [Ping timeout: 245 seconds]
03:52 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
03:52 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
03:53 -!- mattock_afk is now known as mattock
04:00 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 245 seconds]
04:04 -!- Netsplit *.net <-> *.split quits: early
04:06 -!- Netsplit over, joins: early
04:09 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
04:14 -!- wiflix [~wiflix@ip1f100bd2.dynamic.kabel-deutschland.de] has joined #openvpn
04:14 < wiflix> hey guys.
04:15 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
04:16 < wiflix> what is the best way to bind users to outgoing ips? i have multiple ips on my server and want different openvpn instances to use different outgoing ips. as openvpn just gives the packets to the OS for routing, set up some iptables nat rules
04:16 < wiflix> would i just set up one rule per outgoing ip?
04:52 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
04:54 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:04 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:05 < vegardx> You can achieve that with postrouting in iptables.
05:05 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:06 < vegardx> In that traffic coming from CIDR will go to INTERFACE.
05:07 < wiflix> any docs on loadbalancing multiple instances via iptables DNAT?
05:09 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
05:18 -!- dazo_afk is now known as dazo
05:19 -!- FrEaKmAn_ [~erol@cpe-90-157-164-165.static.amis.net] has quit [Quit: Leaving]
05:20 -!- wiflix [~wiflix@ip1f100bd2.dynamic.kabel-deutschland.de] has quit [Ping timeout: 252 seconds]
05:20 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
05:28 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:30 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:33 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Client Quit]
05:35 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:35 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
05:38 -!- FrEaKmAn_ [~Erol@cpe-90-157-164-165.static.amis.net] has joined #openvpn
05:38 < FrEaKmAn_> hi all.. are there any additional settings for windows client?
05:39 < FrEaKmAn_> it connects to vpn but I cannot ping anything
05:48 -!- FrEaKmAn_ [~Erol@cpe-90-157-164-165.static.amis.net] has quit [Read error: Connection reset by peer]
05:55 -!- raj_ [~raj@163.47.13.248] has joined #openvpn
05:55 < raj_> what is default password for openvpnas in a newly done openvpn install?
05:58 < pekster> !as
05:58 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
06:01 < raj_> no users in chat
06:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:24 -!- {Civil} [~Civil@ppp118-208-55-243.lns20.bne7.internode.on.net] has joined #openvpn
06:27 -!- raj_ [~raj@163.47.13.248] has quit [Quit: Leaving]
06:33 < {Civil}> Hey guys, how would I use push to push a route to a client, e.g if you access a site running on the same LAN as the OpenVPN server it would push the route to 192.168.2.2 instead of what it is currently doing and going thru their non-VPN IP?
06:34 < {Civil}> route 192.168.2.2 255.255.255.0 ; push "route 192.168.2.2 255.255.255.0"
06:34 < {Civil}> Right?
06:39 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
06:43 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
06:43 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
06:52 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 256 seconds]
06:54 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 272 seconds]
07:00 -!- mete [~mete@91.247.253.160] has joined #openvpn
07:00 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
07:07 -!- mattock is now known as mattock_afk
07:07 -!- {Civil} [~Civil@ppp118-208-55-243.lns20.bne7.internode.on.net] has quit [Ping timeout: 245 seconds]
07:20 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
07:25 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
07:27 -!- thebloggu [~thebloggu@brg.eurotux.com] has joined #openvpn
07:34 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
07:37 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
07:38 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
07:38 < soLucien> hi guys !
07:38 < soLucien> I am having a issue connecting 2 clients on the same VPN
07:39 < soLucien> MULTI: bad source address from client [some-ipv6-address], packet dropped
07:40 < soLucien> any idea about what might be wrong? I can connect to the server
07:40 < soLucien> but notnable to ping between clients, they are not able to ping each other
07:41 < soLucien> would i need 2 tunnels in order to maintain 2 connections with 2 clients?
07:41 < soLucien> Should i read a book on openvpn? :)
07:44 -!- {Civil} [~Civil@ppp118-208-55-243.lns20.bne7.internode.on.net] has joined #openvpn
07:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:51 < {Civil}> Hey guys, how would I use push to push a route to a client, e.g if you access a site running on the same LAN as the OpenVPN server it would push the route to 192.168.2.2 instead of what it is currently doing and going thru their non-VPN IP?
07:51 < {Civil}> route 192.168.2.2 255.255.255.0 ; push "route 192.168.2.2 255.255.255.0"
07:51 < {Civil}> Right?
08:04 <@dazo> {Civil}: that looks right to me
08:05 <@dazo> {Civil}: or rather ... if you just want a single IP routed, the netmask must be 255.255.255.255
08:05 <@dazo> 192.168.2.2/255.255.255.0 translates to 192.168.2.0->192.168.2.255
08:05 <+esde> such addresses
08:10 < soLucien> {Civil} try looking into the openvpn 2 cookbook .. google it
08:10 < soLucien> that is what i am doing, and i solved few of my problems
08:11 < soLucien> If it helps you solve the issues, buy it :D
08:16 -!- jalnt [~jalnt@115-64-76-214.static.tpgi.com.au] has quit [Ping timeout: 256 seconds]
08:19 -!- soLucien [~Lu@130.225.165.39] has quit [Ping timeout: 255 seconds]
08:20 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:20 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
08:22 -!- mattock_afk is now known as mattock
08:37 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
08:51 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
08:51 -!- mode/#openvpn [+v s7r] by ChanServ
08:55 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
08:58 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
09:03 -!- soLucien [~Lu@130.225.165.39] has quit [Disconnected by services]
09:04 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
09:05 -!- sammm [~sammm@gateway/vpn/privateinternetaccess/sammm] has joined #openvpn
09:06 < sammm> hey, I have a VPN client running on my router which cocnnects me to my vpn service, the question I'm asking is, is there a way to exclude certain services/ports/ips from tunneling through the vpn? (eg. paypal)
09:09 < rob0> Policy routing to use alternate routes for specified IP addresses.  To do that by service/port would not be as easy, but it might be doable in some operating systems.
09:13 -!- daflef [~daflef@unaffiliated/daflef] has joined #openvpn
09:14 < daflef> the source code for linux/windows is the same, correct? in other words, the gnu gpl v2 license applies to the code behind the windows openvpn client?
09:30 -!- dazo is now known as dazo_afk
09:31 < txdv> yeap
09:33 -!- tristan_c [~tristan_c@host81-149-186-152.in-addr.btopenworld.com] has joined #openvpn
09:35 -!- TTimoNN [~TTimoNN@tt.cloud.tilaa.com] has joined #openvpn
09:37 -!- dazo_afk is now known as dazo
09:38 -!- tristan_c [~tristan_c@host81-149-186-152.in-addr.btopenworld.com] has quit []
09:49 -!- ciscam [~ciscam@aftr-88-153-7-157.unity-media.net] has joined #openvpn
09:51 < ciscam> Hi! How could I achieve that my ovpn client automatically connects to a local/public host depending on the network the pc is currently in?
09:51 < ciscam> I want it to automatically connect to the local host when I'm at home
09:52 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 256 seconds]
09:53 < thebloggu> I'm building an openvpn plugin and which uses a certain library. I can compile it successfully but I can't run it because it can't find a symbol in the library I use. can someone help me?
10:00 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
10:04 < soLucien> hi guys ! I am trying to connect my home PC located behind a nat to a VPN so that I can use it's resources using VMs . I habe a little question: In order for a second computer(my laptop) to connect to this network, would I have to create a second tunnel?
10:04 < soLucien> if i want to connect my laptop to the home PC using its virtual address
10:04 -!- {Civil} [~Civil@ppp118-208-55-243.lns20.bne7.internode.on.net] has quit [Ping timeout: 246 seconds]
10:08 < rob0> no, all you need is proper routes
10:08 < daflef> ty txdv
10:09 < rob0> (which might be difficult if you don't control routing on the other end of the tunnel)
10:10 -!- ciscam [~ciscam@aftr-88-153-7-157.unity-media.net] has quit [Ping timeout: 250 seconds]
10:17 -!- daflef [~daflef@unaffiliated/daflef] has quit [Ping timeout: 272 seconds]
10:19 -!- mattock is now known as mattock_afk
10:21 <@dazo> thebloggu: you must remember to link in the external library when you link the .so file
10:23 < soLucien> rob0: cool, i was able to make it work
10:23 < soLucien> rob0 do you have any experience with virtualization?
10:24 -!- sammm [~sammm@gateway/vpn/privateinternetaccess/sammm] has quit [Remote host closed the connection]
10:30 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
10:30 < soLucien> i got a VM network on one of my clients connected to the server
10:30 -!- mattock_afk is now known as mattock
10:31 < soLucien> can I somehow allow connections into the VM network?
10:32 -!- daflef [~daflef@unaffiliated/daflef] has joined #openvpn
10:32 < soLucien> or should i install openvpn on the VMs and use them to connect directly to the openVPN server
10:32 < soLucien> ?
10:33 < soLucien> so instead , they get each a openVPN virtual IP
10:33 < soLucien> instead of performing the routing on the client
10:33 < soLucien> i am kind of lost
10:35 <@dazo> soLucien: Try and see if this gives you some better clues ... https://community.openvpn.net/openvpn/wiki/BridgingAndRouting#Usingrouting
10:35 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
10:38 < soLucien> thanks dazo
10:43 <+s7r> any real advantage of SoftEther vs OpenVPN?
11:02 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
11:04 -!- ShadniX [dagger@p5DDFE533.dip0.t-ipconnect.de] has quit [Quit: Bye.]
11:05 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
11:05 -!- mode/#openvpn [+v s7r] by ChanServ
11:07 -!- ShadniX [~ShadniX@p5DDFE533.dip0.t-ipconnect.de] has joined #openvpn
11:18 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
11:19 < DzAirmaX> !welcome
11:19 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:19 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:19 < DzAirmaX> !configs
11:19 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:23 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
11:23 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
11:26 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 245 seconds]
11:34 -!- l30 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
11:40 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
11:51 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:01 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
12:02 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has joined #openvpn
12:23 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
12:26 -!- dazo is now known as dazo_afk
12:30 < soLucien> would someone be able to help me figure out what i need in my scenario?
12:31 < soLucien> I can say what my setup is, what I've done until now, and maybe get some suggestions from you awesome guys with far more experience :)
12:32 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
12:32 < soLucien> so my setup is something like this: I have a DigitalOcean Linux machine where i have set up a openVPN server.
12:33 < soLucien> On my home computer , i have set up a openVPN client, and was able to connect using a TUN
12:34 < soLucien> i have to correct myself
12:34 < soLucien> using a TAP-Windows
12:34 < soLucien> driver
12:35 < soLucien> now on my home PC I have a VMWare Workstation , running a number of VMs
12:35 < soLucien> i would like to be able to access them from any machine connected on this VPN network
12:36 < pekster> The VM guests directly, that is?
12:36 < soLucien> yes
12:36 < soLucien> the VMs have their own addresses
12:36 < pekster> You'll want routes to them, and windows makes a horrible routing platform
12:36 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
12:36 < soLucien> 192.168.xxxx
12:37 < soLucien> how do i set up routes?
12:37 < pekster> My suggestion would be to run the openpvn client on a Unix/Linux OS on one of the VMs which will probably be a much more plesant routing experience. This said, windows can route too if you really want to go down that road
12:37 < soLucien> it's my home computes
12:37 < soLucien> computer
12:37 < soLucien> so i use it for gaming
12:37 < soLucien> as well
12:37 < pekster> The routing itself needs to work correctly from whatever system runs openvpn, then you just follow:
12:37 < pekster> !clientlan
12:37 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
12:37 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
12:38 < soLucien> great
12:38 < soLucien> clientlan
12:38 < soLucien> seems like exactly what i need
12:38 < soLucien> also , pekster
12:39 < soLucien> is there any weg administration panel that i can install for openvpn?
12:39 < soLucien> kind of like phpmyadmin/pgsqladmin for sql databases?
12:40 < soLucien> web administration*
12:40 < pekster> None that I'm aware of, but I don't like/need such things. There a commercial (licensed) interface that's sold/supported/maintained by 'OpenVPN Technologies Inc.', but that's not a community-supported platform
12:40 < pekster> For info on that, see the webpages for their offerings, or:
12:40 < pekster> !as
12:40 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
12:41 < pekster> If you just have two clients (home-PC and laptop) plus a central server that sounds basic enough to set up. Either way isn't going to get you out of configuring your home device correctly as a router
12:41 < soLucien> ok, i am also alright with command line, but some of my colleagues from work would not be so familliar with unix environments
12:41 < soLucien> since we are doing dotnet programming
12:42 < soLucien> thanks a millopn pekster
12:42 < soLucien> million*
12:42 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
12:45 < soLucien> pekster: i have set up home-pc and laptop, am able to communicate between them. Now i want to share home-PC's virtual LAN to the laptop
12:45 < soLucien> since i'll be runnung a build server, a continuous integration server and few test servers on my home pc
12:49 < thebloggu> dazo_afk, how do you link in the external library? could you give me an example?
12:50 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
12:57 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
12:59 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:59 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
13:02 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
13:09 -!- Psi-Jack [~psi-jack@unaffiliated/psi-jack] has joined #openvpn
13:09 < Psi-Jack> Can openVPN 2.3.2 provide, over proto udp, IPv4 L2 with IPv6 as well at the same time?
13:13 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:18 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:18 -!- daflef [~daflef@unaffiliated/daflef] has quit [Quit: WeeChat 0.4.2]
13:18 < rob0> L2 (using tap rather than tun) has always been multi-protocol capable (even non-IP protocols.)
13:21 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
13:25 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 264 seconds]
13:25 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
13:26 < Psi-Jack> Hmm, okay, really then, how do I setup IPv6 stuff for that scenario? For IPv6 pushes, I'm using server-bridge.
13:31 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:36 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
13:50 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:59 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
14:01 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 252 seconds]
14:01 < zoredache> Just setup your RA on your network and let autoconfigure work?
14:13 < thebloggu> dazo_afk, nevermind, i got it, thank you anyway
14:14 -!- thebloggu [~thebloggu@brg.eurotux.com] has quit [Quit: Leaving]
14:14 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Remote host closed the connection]
14:22 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
14:28 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 256 seconds]
14:28 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
14:43 -!- justinzane [~justinzan@24.49.199.88] has quit []
14:44 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
14:48 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Remote host closed the connection]
14:50 -!- Poster|x [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
14:52 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:54 -!- tristan_c [~tristan_c@5.80.230.169] has joined #openvpn
14:58 -!- mattock is now known as mattock_afk
14:59 -!- mattock_afk is now known as mattock
15:00 -!- Poster|x [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 246 seconds]
15:02 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
15:08 -!- tristan_c [~tristan_c@5.80.230.169] has quit []
15:19 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has quit [Excess Flood]
15:20 -!- mattock is now known as mattock_afk
15:39 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
15:43 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:44 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:44 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
15:48 <+esde> !pki-basics
15:48 <+esde> !pki-basic
15:49 <+esde> !pki
15:49 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-pki
15:50 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Excess Flood]
15:51 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
15:57 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
16:00 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 246 seconds]
16:10 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
16:30 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Quit: LONGUE VIE À L'ORTIE]
16:33 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
16:34 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:36 < soLucien> ok i'm kind of lost.. been reading stuff for the last few hours but i still am unable to know which case i should use. So my problem is this: I have a Windows machine running VMWare Worsktation, and adding 2 more virtual machines to my LAN: 192.168.1.16, 192.168.1.20. They are bith accessible if i type in their IPs in my brosers. I am also using OpenVPN client on the VM host machine, and have a OpenVPN server configured on a DigitalOcean droplet. This also
16:36 < soLucien> works, and I am able to address both of these machines using the OpenVPN IP range 192.168.88.0/24 . I would like to be able to access the VMs using the connection that OpenVPN client uses in order to access there VMs remotely. What do I need to do?
16:36 < soLucien> should i a) run openVPN server instead of client on my home pc?
16:37 < soLucien> b) try to set up some kind of bridge outside of openVPN using my host OS (Windows 8.1)
16:38 <+s7r> b
16:38 < soLucien> c) use some settings that openVPN client provides in order to be able to register multiple IP addresses from the same client
16:38 < soLucien> d) the simplest one, but the hackyest - install openvpn client on all the VMs
16:39 < soLucien> i know how to do D, but it seems like the worst approach
16:39 <+s7r> b. d will work too, but it's not the pro way to do it
16:39 < soLucien> ok. Any resources on how to do this?
16:39 < soLucien> Or at least a name for this
16:39 < soLucien> so i can google it
16:40 < soLucien> pekster told me i can use this http://pekster.sdf.org/misc/clientlan.png
16:40 < soLucien> but i don't know where to start :)
16:41 <+s7r> https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html
16:41 <@vpnHelper> Title: Ethernet Bridging (at openvpn.net)
16:41 < soLucien> awesome
16:43 < pekster> You really don't want to bridge
16:43 < pekster> Route properly
16:44 < pekster> There's zero reason at all to bridge here unless you have a good reason (do you? Read the following resoures)
16:44 < pekster> !tunortap
16:44 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
16:44 <@vpnHelper> rooted/jailbroken) support only tun
16:44 < pekster> !whybridge
16:44 <@vpnHelper> "whybridge" is (#1) you only bridge if you want layer2 to the lan. if you want layer2 only between vpn nodes then routed tap is enough. if you only want layer3 use tun. or (#2) See this URL for a more in-depth discussion on bridging vs routing: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting or (#3) See also !tunortap
16:44 < pekster> soLucien: If you're sending non-IP traffic over your network I'm quite curious how you intend to cross a routing barrier later to reach your VMs
16:45 < soLucien> pekster all traffic is IP traffic
16:45 < pekster> Then you don't need to bridge ;)
16:45 < pekster> Also, beware network conflicts. It's unwise to use the #1 most common RFC1918 network on your far-side LAN as you can not connect a client from that same LAN to that network
16:46 < pekster> In other words, you _must_ gaurentee that your client will never be on its "own" 192.168.1/24 or you'll have issues reaching server resources
16:49 < soLucien> https://www.dropbox.com/s/166vq3wrt1rhpyi/Screenshot%202015-03-09%2022.48.18.png?dl=0
16:50 < soLucien> is it understandable?
16:51 < pekster> It doesn't provide any useful information
16:51 < soLucien> i tried to show the VM setup, the networks they create
16:51 < pekster> Yes, I got that when you said you had some vmware-managed networks
16:51 < soLucien> ok cool sorry then
16:52 < pekster> You want to _route_ to these networks (same as you would if you had a Cisco or something at each end of this setup)
16:52 < soLucien> so the idea is for me to find out how to provide iptables kind of functionality in Windows 8.1
16:52 < pekster> ..
16:52 < soLucien> then set up some rules
16:53 < pekster> You need to follow the directions you got before
16:53 < pekster> !clientlan
16:53 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
16:53 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
16:53 < pekster> Where did you end up?
16:53 < pekster> (and I'll re-iterate windows is a crappy router)
16:53 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:54 < soLucien> i can ping the server from the client
16:54 < soLucien> i cannot ping the client from the server, but i used nmap and port 1194 is reachable
16:54 < soLucien> pings prolly get rejected by windows firewall
16:54 < pekster> You need to ping between your road-worrior client and the client-LAN VPN endpoint
16:55 < pekster> If you can't do that, either your VPN isn't working, or you've firewalled something you shouldn't
16:55 < soLucien> it's working
16:55 < soLucien> i can ping 192.168.88.1 from my home pc
16:55 < pekster> Then proceed with the flowchart
16:57 < pekster> Really all you should need is the appropriate --route entries in the openvpn server (that's out in "the cloud", yes?), and a ccd file for the LAN-hosting-client with --iroute statements for the networks it owns
16:58 < pekster> Turn on ip routing on the client with backend LANs, and ensure the default gateway of those downstream LANs sends the openvpn-destined traffic to the VPN client acting as your gatewya
16:58 < pekster> That's it
16:59 < soLucien> pekster in my server.config i have added  route 192.168.88.0 255.255.255.0
16:59 < soLucien>    push "route 192.168.88.0 255.255.255.0"
16:59 < pekster> If that's the VPN network, you don't need that
16:59 < soLucien> how can i tell if this is working?
16:59 < pekster> (and should really be using --topology subnet anyway: read !topolgoy for details)
16:59 < pekster> You want to route to the _VM_ LANs
17:00 < soLucien> then it should be route 192.168.1.0 255.255.255.0
17:00 < soLucien>   push "route 192.168.1.0 255.255.255.0"
17:00 < soLucien> and it would be better to configure VMs to be on their own subnet
17:00 < pekster> If you need to reach that subnet, sure. (And remember, you cannot use that same network on your client. This includes from a wifi cafe, or friend's house that uses the same network)
17:00 < soLucien> riight?
17:00 < pekster> This is why it's horrible to route that netwnork over a VPN
17:01 < pekster> I thought you were trying to reach downsteam networks, not the "host" network (your home-vpn-client-server-router-thingy)
17:02 < pekster> For _that_ to work, not only should you (seriously) chagne your network numbering scheme there, but you also need the cooperation of the default gateway on that LAN
17:02 < soLucien> i want to be able to reach the VMs from any computer connected to the VPN
17:02 < pekster> Those are on separate networks, yes?
17:02 < soLucien> they are on my machine
17:02 < pekster> ...
17:03 < pekster> Are they on the same RFC1918 subnet as your host or not?
17:03 < pekster> _networks_ (not same physical processor)
17:03 < soLucien> VMs are on the same network, yes
17:04 < soLucien> they get their address assigned by my router's DHCP
17:05 < soLucien> they are on the same network (NAT)
17:05 < pekster> You have a few basic options. If you have control over your router, just add a static route to reach the VPN subnet via the gateway of your VPN client on that network (which should have its own static IP)
17:05 < pekster> You really need to change your network, unless you are 100% sure you will never (ever) connect your remote VPN client from the "same" 192.168.1/24 network (are you sure you never need to connect from such a network?)
17:06 < soLucien> I am in control of my router, but it is behind another NAT which I have no control over. It's the student dormitory network, so there's only so much I can do
17:06 < pekster> That doesn't matter
17:06 -!- droid909 [~droid909@unaffiliated/droid909] has left #openvpn []
17:06 < soLucien> well pekster, for local connections I have the VMware Workstation application running
17:07 < pekster> So 1) change your utterly likely to collide network, 2) add a static route for the VPN range (192.168.88/24 it sounds like) via wherever you want to run openvpn on that network (I'd suggest a VM, but windows might "work")
17:07 < pekster> No clue what this means
17:07 < pekster> VMware is a hypervisor, and I've zero clue what this means for "local connections". It's also not really relevant to a bridged networking setup
17:08 < pekster> 3) push the LAN network over the VPN to the clients, and have your other client get an --iroute for that network range
17:08 < pekster> 4) turn on IP routing, and things just work
17:09 < pekster> Or in theory you could decide to try bridging, which "might" simplify things a bit, at the expense of you figuring out how to bridge adapters on Windows, and you're _still_ going to have network conflicts unless you fix your awful numbering scheme
17:09 < pekster> And you also have to be careful not to collide the openvpn pool range with the DHCP server
17:09 < pekster> (don't be tempted to feed your road-worrior client via remote-DHCP: this will break pretty badly unless you're quite clever)
17:10 < soLucien> that sounds like a lot of work :D
17:10 < soLucien> pekster can i ask you some more things?
17:11 < pekster> bridging is usually best avoided (and more tempremental, and offers less L2 security
17:11 < soLucien> i will not bridge
17:11 < soLucien> rather route
17:11 < pekster> Put a better way: people think bridging makes things easier, but in reality is just makes other things more complicated
17:11 < soLucien> could you assess my plan?
17:12 < soLucien> I plan to change the openVPN assressing schema from 192.168.88/24 to something else that would be less conflicting
17:12 < soLucien> like 10.10.10/24
17:12 < pekster> !randomsubnet
17:12 <@vpnHelper> '"randomsubnet" is (#1) http://scarydevilmonastery.net/subnet.cgi for a random !1918 subnet or (#2) If your shell has $RANDOM support, perhaps try this: `echo 10.$((RANDOM%256)).$((RANDOM%256)).0/24 ` or (#3) Or try this perl oneliner: `perl -e \'printf 10.%d.%d.0/24\n , int(rand(256)), int(rand(256));\'`'
17:13 < pekster> That's far less likely to accidently collide with something
17:13 < soLucien> pekster : I also need to add it to iptables
17:13 < pekster> That said, 10.10.10/24 is still improved over your current network
17:13 < soLucien> yes , i agree what i have now is horrible.
17:14 < pekster> Only if you want to route to it ;)
17:15 < soLucien> the second thing i will do is assign a new subnet for all my VMs. They will be on a 192.168.99/24
17:16 < soLucien> so i clearly separate them from any other plug and play devices that might request IPs from the DHCP
17:16 < pekster> THat's not strictly required, but would give you more flexibility to do that
17:16 < pekster> VMware can "magically manage" downstream networks for you anyway
17:17 < pekster> In fact, if you do that you don't even need to expose the upstream LAN (192.168.1/24 in your current setup)
17:17 < soLucien> and i don't want to .. the VMs are the only ones that i care about
17:17 < pekster> Right, saves you trouble of re-numering the host network
17:18 < soLucien> then i have to "add a static route to 192.168.99/24"
17:19 < soLucien> as you said in number 2
17:19 < pekster> Not on your upstream router, no
17:19 < pekster> Again, taht's only to access the _host_ network
17:21 < DzAirmaX> hello all
17:22 < soLucien> so getting back to my problem ... I have VM1: 192.168.99.1 and VM2:192.168.99.2 . They are accessible from Home-PC:192.168.1.2 using the listed IP addresses. Home-PC is running openVPN client, and its address is 10.10.10.2 in this context. What do I do in order to connect to VM1 and VM2 from a address the form of 10.10.10/24?
17:22 < pekster> You don't need to do that
17:23 < pekster> Unless your goal is now different than "reach VM guests from the remote road-warrior VPN client"
17:23 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection timed out]
17:23 < pekster> Just route normally
17:23 < pekster> ie: !clientlan I keep asking you to follow. 192.168.99/24 is the "client LAN"
17:24 < pekster> Home-PC is your VPN client, and the laptop is another VPN client, both connected to your remote server
17:24 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:24 < soLucien> exactly
17:24 < pekster> Your VMs do _not_ end up "on" the VPN
17:24 < pekster> They're merely routable _across_ the VPN
17:24 < soLucien> ok .. How would a VM address look like?
17:24 < pekster> Dude, EXACTLY LIKE IT IS NOW
17:25 < soLucien> just 192.168.99.1 as on the LAN>
17:25 < pekster> 192.168.99.1, apparently
17:25 < soLucien> great
17:25 < soLucien> i understand
17:25 < soLucien> awesome
17:25 < pekster> Pretty sure VMware wants one of the low addresses, but you can probably configure it to use whatever you'd like
17:25 < soLucien> thanks pekster, thanks for your time..it all makes sense in my mind now
17:26 < soLucien> and sorry for taking this long, it's the first time i run into these kinds of issues
17:27 < pekster> You'll probably have an easier time of it if you learn a bit more about basic routing concepts
17:27 < pekster> OpenVPN is really "just a software router" with some nifty security concepts built-in
17:28 < soLucien> pekster i got maximum grade in this course last semester http://www.amazon.com/Computer-Networking-James-Kurose-Keith/dp/0273768964
17:28 < soLucien> but practice is a lot different
17:29 < soLucien> it's the first time i'm actually using the knowledge :D
17:31 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
17:31 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 265 seconds]
17:31 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:32 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
17:33 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:34 < DzAirmaX> is there a way to create a tap0 with a fixed HWaddr for a ubuntu client ?
17:34 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
17:35 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
17:38 < pekster> DzAirmaX: sure, use iproute2's `ip` program
17:38 < pekster> (that's the de-facto standard for Linux network & device control, been around since Linux 2.4)
17:38 < pekster> See the `ip tuntap` and `ip link` sub-commands
17:45 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:02 <+s7r> soLucien so it works for you now?
18:04 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
18:16 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 250 seconds]
18:18 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
18:21 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
18:30 < soLucien> s7r took a little break, i am setting up now
18:30 < soLucien> been trying to figure this out since morning
18:45 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has joined #openvpn
18:47 -!- jalnt [~jalnt@115-64-76-214.static.tpgi.com.au] has joined #openvpn
18:58 < {Civil}> Hey guys, how would I use push to push a route to a client, e.g if you access a site running on the same LAN as the OpenVPN server it would push the route to 192.168.2.2 instead of what it is currently doing and going thru their non-VPN IP?
18:58 < {Civil}> route 192.168.2.2 255.255.255.0 ; push "route 192.168.2.2 255.255.255.0"
18:58 < {Civil}> Right?
18:59 < {Civil}> But when I do that, traffic still is set to show the users 'real' IP and not the VPN or even VPN servers IP
19:22 < soLucien> !clientlan
19:22 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
19:22 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
19:23 < soLucien> !iroute
19:23 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
19:24 < soLucien> !route
19:24 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
19:24 < soLucien> !ccd
19:24 <@vpnHelper> client
19:24 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
19:25 < {Civil}> They can access anything on the LAN when connected, however I'd assume it's related to 'iroute' then since if I'm on the VPN i can get to a server on say 192.168.2.150 that's within the VPNs LAN
19:25 < {Civil}> But when I access 192.168.2.150 instead of showing as the WAN/OpenVPN IP/Tun IP it shows as my home connections IP.
19:33 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has quit [Ping timeout: 264 seconds]
19:33 -!- jalnt [~jalnt@115-64-76-214.static.tpgi.com.au] has quit [Ping timeout: 265 seconds]
19:38 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:45 < soLucien> s7r there?
19:51 -!- {Civil} [~Civil@180.214.90.54] has joined #openvpn
19:51 < {Civil}> ah
19:51 < {Civil}> connected to VPN and connection here died.
19:51 <+s7r> soLucien yeah
19:52 < soLucien> it almost worked
19:52 < soLucien> you asked me earlier
19:52 < soLucien> i feel i am really close
19:53 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
19:53 <+s7r> good good :D
19:54 < {Civil}> soLucien, i've added the ccd and all but still no dice, hmm
19:54 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
19:54 < soLucien> civil i am actually trying to do the same thing
19:55 < soLucien> pekster was giving me valuable advice
19:55 < soLucien> if you want me , i can pastebin the conversation
19:55 < {Civil}> That'd be great
19:56 < soLucien> but you might be ahead of me :D
19:56 < {Civil}> Yeah, issue is that openvpn is on same LAN as one of our webservers and the nginx server acts a reverse proxy and then sends info to the webserver, on the nginx server their IP comes up as 14.* not 180.* or 192.* or 10.*
19:57 < {Civil}> and since nginx server locks down IP access, if someone is @ home they can't access the webserver since it reports an IP that's not allowed. So I need to ensure all traffic comes from the VPN even when on the same LAN
19:57 < {Civil}> I wonder if I remove all routing to the LAN if it'll do anything... E.g it can't see it can access the other LAN IP
19:58 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 256 seconds]
19:58 < soLucien> http://pastebin.com/HJ5s6uq4
20:00 < soLucien> Civil so you kind of need to translate LAN IPs into VPN IPs?
20:00 < soLucien> i am very green to be honest
20:00 < soLucien> you are maybe far ahead of me
20:01 < {Civil}> Yeah, pretty much soLucien or even route them within LAN as 10.* or the OpenVPN's IP or anything but their home connection IP
20:03 < soLucien> i would need to do that too :D Now, once I connect to the VPN, i can't access 192.168.99.0/24 anymore
20:04 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
20:04 < soLucien> packets get stopped in the server, and I get  MULTI: bad source address from client [], packet dropped
20:04 < soLucien> so it must be a iptables thing
20:06 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
20:11 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:18 < soLucien> {Civil} figured out a way?
20:40 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
20:50 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
21:06 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
21:15 -!- Eagle11 [~Eagle11@unaffiliated/on-jtharpe/x-5590820] has joined #openvpn
21:16 < Eagle11> Howdy all
21:19 < Eagle11> I am trying to get a site to site tunnel working between two openVPN servers...  I am having issues that I believe are routing..  my server tun adapter ip is 10.100.100.1 and my client has 10.100.100.6 but the routes that are automatically added in my tables show 10.100.100.2 as the dest on the server side and 10.100.100.5 on the client side.  Is that normal?  I cant ping 10.100.100.2 or 10.100.100.6 but I CAN ping 10.100.100.1 from
21:19 < Eagle11>  the client and 10.100.100.6 from the server
21:21 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
21:31 <+esde> !clientlan
21:31 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
21:31 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
21:31 <+esde> or something like that, the flowchart is handy
21:37 < Eagle11> Thanks esde I do have those routes in there as well as the ccd folder and such I must be over looking something
21:38 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
21:42 -!- u0m3 [~u0m3@109.96.158.146] has quit [Read error: Connection reset by peer]
21:44 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
21:45 -!- u0m3 [~u0m3@109.96.158.146] has joined #openvpn
21:45 -!- {Civil} [~Civil@180.214.90.54] has quit [Ping timeout: 245 seconds]
22:14 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
22:16 -!- ljvb [~jason@us.vps.vanbrecht.com] has quit [Quit: BitchX-1.2-final -- just do it.]
22:19 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
22:21 -!- cagedwisdom [~X@58-7-244-129.dyn.iinet.net.au] has joined #openvpn
22:34 -!- cagedwisdom [~X@58-7-244-129.dyn.iinet.net.au] has quit [Ping timeout: 250 seconds]
22:36 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 264 seconds]
22:38 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has joined #openvpn
22:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
23:16 -!- cagedwisdom [~X@58-7-244-129.dyn.iinet.net.au] has joined #openvpn
23:21 -!- `hypermist` is now known as sleepypc
23:27 -!- sleepypc is now known as `hypermist`
23:32 -!- `hypermist` is now known as sleepypc
23:35 -!- sleepypc is now known as `hypermist`
23:38 -!- Temper [~Temper@199.168.142.171] has joined #openvpn
23:38 < Temper> hello
23:39 < Temper> !welcome
23:39 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
23:39 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
23:40 < Temper> I would like to increase throughput on an openvpn server running in a vm. I am trying to isolate the bottleneck. It is my understanding that if the cpu load is low the issue is not with openvpn. anyone agree?
23:41 < Temper> i am currently getting a ~10mbit throughput with a pretty standard udp setup with a 2048bit key.
23:55 -!- Temper [~Temper@199.168.142.171] has quit [Ping timeout: 272 seconds]
--- Day changed Tue Mar 10 2015
00:00 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
00:09 -!- cagedwisdom [~X@58-7-244-129.dyn.iinet.net.au] has quit [Ping timeout: 245 seconds]
00:57 -!- ShadniX [~ShadniX@p5DDFE533.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:57 -!- ShadniX [dagger@p5481C545.dip0.t-ipconnect.de] has joined #openvpn
00:59 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:10 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:11 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:04 -!- mattock_afk is now known as mattock
02:14 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
03:11 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
03:23 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
03:26 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:27 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 240 seconds]
03:37 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has joined #openvpn
03:48 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
03:53 -!- `hypermist` is now known as sleepypc
03:57 -!- sleepypc is now known as `hypermist`
03:59 -!- ago [~ago@gentoo/developer/ago] has joined #openvpn
03:59 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:33 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 244 seconds]
04:41 < awk> hi, is there a way to disable comp-lzo for 1 ccd?
04:41 < awk> com-lzo no in the ccd doesn't work?
04:43 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
04:44 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:49 < BtbN> No, the option has to match in all clients and the server config.
04:50 < awk> BtbN: the problem is mikrotik doesn't have comp-lzo support.. so i'm stuck in a rock and a hard place
04:51 < awk> unless I setup another openvpn server without comp-lzo just for mikrotik ?
04:51 < BtbN> It's not an important option to have anyway.
04:51 < BtbN> Most data streams are already compressed, so compressing it again is rarely worth it.
04:51 < BtbN> But what is mikrotik and how can it stop openvpn from supporting lzo?
04:52 < awk> mikrotik is a router, i'm using it to establish a openvpn connection...
04:53 < awk> I have many clients out there with comp-lzo set in their config file
04:53 < BtbN> Well, they should fix their openvpn then.
04:53 < awk> so I would have to update all clients to update their client and remove comp-lzo ?
04:53 < awk> BtbN: I agree
04:53 < BtbN> I'd guess they also ship an incredibly outdated version.
04:54 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
04:54 < awk> yup
05:07 -!- toe [~toe@manitu.oepkes.net] has quit [Quit: leaving]
05:45 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
05:47 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 250 seconds]
05:48 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 240 seconds]
05:54 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
06:05 -!- mattock is now known as mattock_afk
06:13 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:21 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 256 seconds]
06:23 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
06:33 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 240 seconds]
06:40 -!- mattock_afk is now known as mattock
06:44 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 252 seconds]
06:45 -!- mattock is now known as mattock_afk
06:50 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 240 seconds]
06:52 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
07:04 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 264 seconds]
07:13 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:23 -!- flyingkiwi [~flyingkiw@nat.hamburg.contentfleet.com] has quit [Ping timeout: 245 seconds]
07:24 -!- dazo_afk is now known as dazo
07:31 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
07:32 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
07:56 -!- dazo is now known as dazo_afk
08:10 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:19 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
08:25 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
08:34 < DzAirmaX> hi all
08:37 < DzAirmaX> I got a ubuntu client connected to a VPN : everything is working, execpt I want this client to use his eth0 for navigating on the web and use his tap0 for exchanging other the lan-to-lan openvpn, I dont want all his traffic going trough the vpn, is that possible to set up ?
08:52 -!- dazo_afk is now known as dazo
09:03 < BtbN> Don't put the config statement for redirecting all your traffic in the config
09:09 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 246 seconds]
09:10 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
09:10 < DzAirmaX> I didnt put any config statement for redirecting all my traffic. I am using tap and I have the feeling its dosnt create proper route when creating the tap0 interface...
09:11 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
09:15 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
09:16 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
09:16 -!- Olipro_ is now known as Olipro
09:23 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
09:30 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
09:33 < DzAirmaX> the best will be eth0 <=> Net only and tap0 <=> VPN Only
09:35 < rob0> why tap?
09:37 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 245 seconds]
09:47 < DzAirmaX> I am using a netgear router and it enforces it ... :(
09:47 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 252 seconds]
09:55 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
10:03 <+esde> I'll say it. This makes no sense. >I got a ubuntu client connected to a VPN. So we assume the VPN client is running on the ubuntu machine. Why are you telling us you're using a netgear router and it enforces it?? What does that even mean. Netgear shouldnt care whether you're using tun or tap on the ubuntu machine behind it.
10:04 <+esde> Unless you mean to say openvpn is running on the netgear router and it only supports tap adapter, which would make about the same amount of sense
10:05 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
10:05 < DzAirmaX> ok I am not really clear and I apologize for that
10:06 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
10:08 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:09 <+esde> np DzAirmaX, if you're running openvpn client on your desktop. and don't have redirect directives set, your connection to the internet will still follow the same route by default. and any resources you need to access through your openvpn connection will go through the openvpn adapter tun or tap
10:10 <+esde> as i understand it
10:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:20 < DzAirmaX> yeah, that's it!
10:21 <+esde> run openvpn on the desktop, and the router shouldnt care if you use tun or tap
10:21 <+esde> !tunortap
10:21 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
10:21 <@vpnHelper> rooted/jailbroken) support only tun
10:22 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 265 seconds]
10:23 < DzAirmaX> actually everything is working... But I notice my ping are different depending if I am connected to the vpn or not ...
10:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
10:31 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:35 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
10:35 -!- mode/#openvpn [+v s7r] by ChanServ
10:47 < DzAirmaX> ok my bad I found the pb, I was pinging google.com which gave me really bad results for whatever reason ... Thank you for your help
10:49 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 272 seconds]
10:49 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
10:54 <+s7r> !ovpnuke
10:54 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
10:54 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
11:29 -!- abradsha [~Ade@redhat/adeb] has joined #openvpn
11:30 -!- abradsha [~Ade@redhat/adeb] has quit [Read error: Connection reset by peer]
11:39 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
11:46 -!- bchapman6989 [~Blake@97.87.204.44] has joined #openvpn
11:50 < bchapman6989> Hello I am trying to configure one of our servers that is an openvpn client to act as a gateway for disconnected client servers, i added the clients subnet in the user permissions but cannot ping the server from OpenVpnas server
11:52 < pekster> !as
11:52 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
11:53 < bchapman6989> thank you!
11:54 -!- bchapman6989 [~Blake@97.87.204.44] has left #openvpn []
11:59 -!- Drexir [~Drexir@adsl-068-209-028-038.sip.asm.bellsouth.net] has joined #openvpn
11:59 < Drexir> !welcome
11:59 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:59 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:00 < Drexir> !ask
12:00 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
12:09 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:35 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
12:36 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Client Quit]
12:37 < soLucien> hi guys ! Could someone help me out with some (maybe) basics on outing? I'm trying to achieve something and i don't know if it is possible
12:37 <+esde> ...
12:37 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
12:37 <+esde> Not without providing said goal.
12:37 <+esde> !crystal
12:37 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
12:37 < soLucien> so i will explain the issue
12:37 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has joined #openvpn
12:39 < soLucien> I have 2 VMs running on my home PC  VM1:192.168.99.128 and VM2:192.168.99.129 . My PC is connected to a openVPN server which advertises the 192.168.99/24 subnet
12:39 < soLucien> now when I try to connect to them , the traffic is directed to the ovpn server, and comes back to my TAP adapter
12:40 < soLucien> i can see that because i have turned on wireshark
12:41 < soLucien> https://www.dropbox.com/s/rgyumwvg15mjv7u/Screenshot%202015-03-10%2018.41.26.png?dl=0
12:42 < soLucien> Now i am unable to reach these sites once connected to the VPN
12:42 < soLucien> because the traffic is not routed again once it reaches my machine
12:42 < soLucien> so i have 2 questions :
12:43 < soLucien> 1) How do i fix the routing in Windows?
12:43 < soLucien> 2) how do i make sure i don't advertise these routes to the client which has them?
12:43 < soLucien> or how do i use different routes to my LAN resources
12:44 < soLucien> so that i would not have to go through the VPN on LAN traffic
12:44 -!- Eagle11 [~Eagle11@unaffiliated/on-jtharpe/x-5590820] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
12:46 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
12:49 < DArqueBishop> soLucien: are you using tun or tap?
12:49 < DArqueBishop> !configs
12:49 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:50 < soLucien> tap it seems
12:50 < soLucien> should i switch to tun?
12:50 < DArqueBishop> Yes.
12:50 < DArqueBishop> !tunortap
12:50 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
12:50 <@vpnHelper> rooted/jailbroken) support only tun
12:51 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 256 seconds]
12:53 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Sleeping.]
12:56 < soLucien> DarqueBishop i am using tun, but the interface is talled tap
12:56 < soLucien> TAP-Windows Adapter V9
12:56 -!- l30 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:57 < soLucien> but in my client.conf i have "dev tun"
12:57 < soLucien> and i have the same on the server.conf
12:59 < DArqueBishop> Can you paste configs?
13:00 < soLucien> yep
13:04 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
13:04 < soLucien> DArqueBishop http://pastebin.com/EKEQezj3
13:04 -!- kexmex [~kexmex@195.42.130.233] has quit [Max SendQ exceeded]
13:06 < soLucien> included my iptables-save, maybe there's soemthing about it
13:07 < DArqueBishop> soLucien: what is your LAN subnet? 192.168.99.x or 10.10.10.x?
13:07 < soLucien> my lan is the 198
13:07 < soLucien> 10.10.10 is the vpn addreses
13:08 < soLucien> blana.me becomes 10.10.10.1 and my home pc is 10.10.10.6
13:09 < DArqueBishop> Is the OpenVPN server on your LAN?
13:11 < soLucien> no
13:11 < soLucien> the openVPN is on remote
13:11 < soLucien> but i want to share my LAN
13:12 < soLucien> at least the 192.168.99/24 part of my lan with all clients of the VPN
13:12 < soLucien> so i would need to somehow enable these routes in Windows
13:14 < DArqueBishop> Yeah, I don't think this is going to work how you want it to.
13:14 < DArqueBishop> (Someone else can correct me if I'm wrong.)
13:15 -!- kexmex [~kexmex@195.42.130.233] has joined #openvpn
13:17 < soLucien> what should i do?
13:18 < soLucien> i had a conversation with pekster yesterday
13:18 < soLucien> he said it is possible
13:18 < DArqueBishop> soLucien: read the following, especially the part titled "Including multiple machines on the client side when using a routed VPN (dev tun)".
13:18 < DArqueBishop> http://openvpn.net/index.php/open-source/documentation/howto.html#scope
13:18 <@vpnHelper> Title: HOWTO (at openvpn.net)
13:21 < soLucien> ok, i think i have been here before , let me do it again
13:21 < soLucien> thanks
13:30 -!- julius__ [~14354s@static.107.134.46.78.clients.your-server.de] has joined #openvpn
13:30 -!- julius__ [~14354s@static.107.134.46.78.clients.your-server.de] has quit [Quit: Verlassend]
13:31 -!- julius_ [~julius_@p3EE28D23.dip0.t-ipconnect.de] has joined #openvpn
13:31 < julius_> hi
13:33 -!- dazo is now known as dazo_afk
13:36 < soLucien> The last step, and one that is often forgotten, is to add a route to the server's LAN gateway which directs 192.168.4.0/24 to the OpenVPN server box (you won't need this if the OpenVPN server box is the gateway for the server LAN). Suppose you were missing this step and you tried to ping a machine (not the OpenVPN server itself) on the server LAN from 192.168.4.8? The outgoing ping would probably reach the machine, but then it wouldn't know how to route
13:36 < soLucien> the ping reply, because it would have no idea how to reach 192.168.4.0/24. The rule of thumb to use is that when routing entire LANs through the VPN (when the VPN server is not the same machine as the LAN gateway), make sure that the gateway for the LAN routes all VPN subnets to the VPN server machine.
13:36 < soLucien> Similarly, if the client machine running OpenVPN is not also the gateway for the client LAN, then the gateway for the client LAN must have a route which directs all subnets which should be reachable through the VPN to the OpenVPN client machine.
13:37 < soLucien> i dont get this part
13:37 < soLucien> would someone care to explain what i am supposed to do?
13:39 < soLucien> should i try add a rule saying that all packets from 192.168.99.0/24 should go to 10.10.10.1 ( which is my server)
13:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:45 -!- dazo_afk is now known as dazo
13:46 -!- ice9 [~ice9@unaffiliated/ice9] has joined #openvpn
13:54 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
13:54 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:54 -!- badon_ is now known as badon
13:57 -!- kexmex [~kexmex@195.42.130.233] has quit [Quit: Computer has gone to sleep.]
13:59 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
14:00 -!- ice9 [~ice9@unaffiliated/ice9] has quit [Ping timeout: 245 seconds]
14:02 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
14:02 -!- soLucien [~Lu@130.225.165.39] has quit [Disconnected by services]
14:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
14:05 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
14:05 < soLucien> join ##java
14:06 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:17 -!- deranged [Bit@lolnerd.net] has joined #openvpn
14:25 < julius_> you are using redirect-gateway?
14:26 < julius_> oh no, that would solve the problem i thought of
14:27 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 265 seconds]
14:30 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
14:57 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
14:58 -!- Drexir [~Drexir@adsl-068-209-028-038.sip.asm.bellsouth.net] has quit [Quit: Leaving]
15:00 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has joined #openvpn
15:02 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has joined #openvpn
15:06 < john-soda> Hello together I want to install the newest openvpn 2.3.6 in Linux Mint 17.1 like described on this page https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
15:06 <@vpnHelper> Title: OpenvpnSoftwareRepos – OpenVPN Community (at community.openvpn.net)
15:06 < john-soda> But when I want to add the public key I get following Error.
15:06 < john-soda> ERROR: cannot verify swupdate.openvpn.net's certificate, issued by ‘/C=US/ (...shortend) Issued certificate has expired.
15:06 < john-soda> Is this normal. Should I use it nevertheless?
15:16 -!- ice9 [~ice9@unaffiliated/ice9] has joined #openvpn
15:21 -!- colonolGron [4d3889c0@gateway/web/freenode/ip.77.56.137.192] has joined #openvpn
15:21 < colonolGron> hello
15:22 < colonolGron> i got a ca.crt, ta.key and myname.crt, myname.key and a up and down.sh shell script, which is for openvpn. along with it comes instructions for installation on linux. but unfortunately not on osx. i installed openvpn via homebrew, could somebody help me get it to work?
15:24 < ice9> colonolGron: are you installing it as client?
15:24 < colonolGron> ice9: yes
15:24 < ice9> colonolGron: did you try Tunnelbick?
15:24 < ice9> colonolGron: check this http://openvpn.net/index.php/access-server/docs/admin-guides/183-how-to-connect-to-access-server-from-a-mac.html
15:25 <@vpnHelper> Title: How to connect to Access Server from a Mac (at openvpn.net)
15:25 < colonolGron> ice9: i installed it but couldnt get it to work with this config
15:25 < colonolGron> i have only the files i mentioned above, so no "ovpn" file. is this okay?
15:26 -!- colinstgeorge [~colin@cloud.hwcdi.com] has quit [Ping timeout: 244 seconds]
15:28 < ice9> I don't remember the OSX configuration exactly but you should construct configuration file to be compatible with the server's configuration
15:29 < ice9> do you have access to the openvpn server configuration?
15:29 < colonolGron> ice9: so i placed these files in the folder, like it is said in the article. when startint tunnelblick it asks me whether i want to convert the config files. i said yes. give my root password, but then after some time the client crashes, but i cant read the warning because it goes away immediately
15:29 < colonolGron> ice9: no i dont, they just sent me those files
15:31 < ice9> colonolGron: can you open the Tunnelblick log window before you initiate the connection?
15:32 < ice9> also where did you place the configuration file?
15:33 < colonolGron> ice9: it seems i cant
15:33 < colonolGron> i placed them in ~/Library/Application Support/Tunnelblick/Configurations/
15:35 < ice9> colonolGron: I suggest running it from the command line as root like : # openvpn --config /path/to/conf/file
15:36 < colonolGron> okay, i did that. this gave no output, is that good?
15:37 < ice9> colonolGron: please paste any configuration files you got (not the certificates), http://gist.github.com
15:37 <@vpnHelper> Title: Gists (at gist.github.com)
15:37 < ice9> vpnHelper: paste
15:37 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
15:38 < colonolGron> ice9: https://gist.github.com/jubalh/af9adb9e291a3585aac6
15:38 <@vpnHelper> Title: gist:af9adb9e291a3585aac6 (at gist.github.com)
15:40 < colonolGron> ice9: i removed the "syslog openvpn" and then i get ouput
15:41 < colonolGron> but this is the result:
15:41 < colonolGron> Tue Mar 10 21:39:34 2015 Cannot allocate TUN/TAP dev dynamically Tue Mar 10 21:39:34 2015 Exiting due to fatal error
15:41 < ice9> colonolGron: so you don't have the TUN/TAP kernel module
15:41 < ice9> colonolGron: http://tuntaposx.sourceforge.net/download.xhtml
15:41 <@vpnHelper> Title: TunTap - Download (at tuntaposx.sourceforge.net)
15:42 < colonolGron> ice9: i installed tuntap from homebrew
15:42 < colonolGron> from homebrew cask
15:43 < colonolGron> oh not correctly it seems
15:43 < colonolGron> thanks for the hint, i will try again
15:44 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
15:44 < colonolGron> ice9: still same result. do i have to reboot?
15:44 < soLucien> hi guys ! Anyone good with iptables?
15:44 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:44 < ice9> colonolGron: can you verify that TUN kext is installed, can you load it manually?
15:44 < ice9> soLucien: #netfilter
15:44 < colonolGron> ice9: how is this to be done?
15:45 < ice9> colonolGron: #macosx
15:45 < colonolGron> i am not sure what to ask in there
15:46 < ice9> colonolGron: you can google how to load kext manually osx and check in that channel if you still stuck
15:47 < ice9> colonolGron: a tip,  in Tunnelblick, advanced settings, you can check Use Tunneblick tun/tap drivers"
15:48 < ice9> colonolGron: I see in the pasted conf file "dev vpn",  replace vpn with tap
15:50 < colonolGron> i am going to restart and see if that helps!
15:50 -!- colonolGron [4d3889c0@gateway/web/freenode/ip.77.56.137.192] has quit [Quit: Page closed]
16:01 -!- colonolGron [4d3889c0@gateway/web/freenode/ip.77.56.137.192] has joined #openvpn
16:01 < colonolGron> ice9: somehow i dont get it to work
16:02 < ice9> colonolGron: did you replace vpn with tap?
16:02 < colonolGron> yes
16:02 < ice9> still getting the same error?
16:02 < colonolGron> but when i run openvpn --config myconfig.conf. i get the same error
16:02 < colonolGron> i reinstalled tuntap too. but i dont see a /dev/tap and no /dev/tun
16:03 < ice9> set verbose to 9 and paste the log output
16:04 < ice9> colonolGron: then please google how to install TUN/TAP kext correctly and how to load them, it's not OpenVPN issue as it seems
16:04 < colonolGron> i think you are right. the output is that it tries to open /dev/tapX but device doesnt exist
16:04 < ice9> good
16:05 < colonolGron> oh wait.
16:05 < colonolGron> running openvpn with sudo, seems to work
16:05 < colonolGron> at least now i get output all the time
16:06 < ice9> :D I told you to run it as root
16:06 < colonolGron> now: how can i acces things using this vpn? will it just put everything through it?
16:06 < colonolGron> oh sorry, i didnt get that ice9
16:06 < colonolGron> my bad
16:07 < colonolGron> i tried to access a vpn internal wiki via chromium, but cant access it. so is there another step i have to do? to tell chrome to go through the vpn?
16:08 < ice9> how do you access it by hostname or ip?
16:08 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
16:08 < colonolGron> ice9: hostname
16:08 < ice9> ping this hostname, see if it resolves to ip
16:10 < colonolGron> it does. and then? can i just use this ip?
16:11 < ice9> you can try but it could an issue with the wiki itself or the webserver
16:13 < colonolGron> what about nameserver,is this to be set in the config too ice9 ?
16:14 < ice9> colonolGron: if the server push it to the clients
16:14 < colonolGron> its not like i can set the nameserver in the config?
16:15 < ice9> what does up.sh and down.sh scripts do?
16:17 < colonolGron> i just looked at them. this is quite funny. they seem to come from Gentoo
16:17 < colonolGron> what are they for normally?
16:19 < ice9> whatever, they can configure nameservers according to the pushed options from the server,  you can try nslookup or dig to see which nameserver is used,  also I suggest you read more about OpenVPN configuration, it will give better idea.
16:23 -!- Dimik [~Dimik@pool-173-68-183-137.nycmny.fios.verizon.net] has quit [Ping timeout: 246 seconds]
16:24 -!- colonolGron [4d3889c0@gateway/web/freenode/ip.77.56.137.192] has quit [Quit: Page closed]
16:34 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 252 seconds]
16:37 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
16:39 -!- dazo is now known as dazo_afk
16:51 -!- ice9 [~ice9@unaffiliated/ice9] has quit [Quit: Leaving.]
16:56 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: ["Textual IRC Client: www.textualapp.com"]]
16:58 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
17:05 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has quit [Ping timeout: 252 seconds]
17:07 -!- kexmex [~kexmex@178.136.234.6] has quit [Read error: Connection timed out]
17:09 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 252 seconds]
17:09 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
17:16 -!- ment0s [~ment0s@213.205.253.105] has joined #openvpn
17:17 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
17:19 -!- Six6siX [~Devil@104.156.227.143] has quit [Ping timeout: 252 seconds]
17:21 -!- ment0s [~ment0s@213.205.253.105] has quit [Ping timeout: 245 seconds]
17:24 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
17:31 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has quit [Ping timeout: 265 seconds]
17:37 -!- sudo_woodo [~nan@181.64.192.238] has joined #openvpn
17:38 < sudo_woodo> hi
17:39 < sudo_woodo> After joining a PC to a VPN I can't see other PC in the VPN.
17:46 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 256 seconds]
17:48 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
17:53 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 252 seconds]
17:53 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
17:59 < sudo_woodo> How I see other computers in the VPN?
18:24 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Ping timeout: 252 seconds]
18:39 < BtbN> see?
18:39 < BtbN> You mean, ping them, connect to them?
18:50 < sudo_woodo> BtbN, I mean to see them in the Network, in Windows
18:50 < sudo_woodo> BtbN, When you see all PC's
18:51 < sudo_woodo> BtbN, did you understand?
19:21 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
19:22 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Client Quit]
19:23 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has joined #openvpn
19:39 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 265 seconds]
19:41 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
20:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:19 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
20:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:24 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
20:28 -!- elliotdenk [~elliotden@ip-176-198-130-165.hsi05.unitymediagroup.de] has quit [Quit: Leaving.]
20:35 -!- jalnt [~jalnt@115-64-76-214.static.tpgi.com.au] has joined #openvpn
20:44 -!- ment0s [~ment0s@cpc16-bahd4-2-0-cust233.14-2.cable.virginm.net] has joined #openvpn
20:46 < ment0s> i have a server with no gateway redirect set, client does not have a internet connetion on his own gateway. Do I need to set something on server to allow this?
20:47 < ment0s> never mind, found it in client
21:27 -!- julius_ [~julius_@p3EE28D23.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]
21:28 -!- julius_ [~julius_@p3EE28E42.dip0.t-ipconnect.de] has joined #openvpn
21:31 -!- jalnt [~jalnt@115-64-76-214.static.tpgi.com.au] has quit [Ping timeout: 264 seconds]
21:32 -!- ment0s [~ment0s@cpc16-bahd4-2-0-cust233.14-2.cable.virginm.net] has quit [Quit: Lost terminal]
21:37 < ljvb> *sigh* still having performance issues :(
21:41 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
21:43 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 246 seconds]
22:09 < ljvb> *sigh*
22:10 < ljvb> getting 0.3Mbit down 7Mbit up.. should be around 30Mbit both ways
22:18 < ljvb> tcpdump showing a crapton of incorrect checksums
22:35 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:35 < ljvb> wtf... all traffic except the one speedtest host is routing across the gateway.. why is that one IP going through my isp gateway.. wtf
22:55 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
23:07 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
23:09 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:17 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
--- Day changed Wed Mar 11 2015
00:05 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
00:26 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
00:54 -!- ShadniX [dagger@p5481C545.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:56 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:56 -!- ShadniX [dagger@p579417C1.dip0.t-ipconnect.de] has joined #openvpn
00:59 -!- ljvb [~jason@us.vps.vanbrecht.com] has quit [Quit: BitchX-1.2-final -- just do it.]
01:16 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
01:44 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
02:28 -!- sudo_woodo [~nan@181.64.192.238] has quit [Quit: Saliendo]
02:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
02:38 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 256 seconds]
02:49 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
02:50 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
03:09 -!- choki [~choki@178.62.221.148] has joined #openvpn
03:09 < choki> !welcome
03:09 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:09 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:09 < choki> !howto
03:09 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
03:09 < choki> !route
03:10 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
03:10 < choki> !goal
03:10 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
03:23 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:29 -!- sammm_ [~sammm@gateway/vpn/privateinternetaccess/sammm] has joined #openvpn
03:29 < sammm_> hey
03:29 -!- sammm_ is now known as sammm
03:30 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
03:31 -!- sammm [~sammm@gateway/vpn/privateinternetaccess/sammm] has quit [Quit: Lost terminal]
03:44 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has quit [Ping timeout: 265 seconds]
03:46 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
03:46 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has joined #openvpn
03:51 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
03:51 -!- kexmex [~kexmex@178.136.234.6] has quit [Remote host closed the connection]
04:17 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 246 seconds]
04:21 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
04:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:38 -!- dazo_afk is now known as dazo
04:53 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
05:03 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
05:08 -!- dazo is now known as dazo_afk
05:08 -!- choki [~choki@178.62.221.148] has quit [Quit: WeeChat 1.1.1]
05:12 -!- choki [~choki@178.62.221.148] has joined #openvpn
05:38 -!- MaxFrames [~MaxFrames@unaffiliated/maxframes] has joined #openvpn
05:38 < MaxFrames> hello
05:38 < MaxFrames> I am running an openvpn server (in tun mode) on debian
05:38 < MaxFrames> what steps would be needed in order to enable vpn clients to send wake on lan packets to remote machines over the vpn?
05:39 < MaxFrames> without ssh/telnet'ing to the vpn router that is... directly from the client machines
05:48 < BtbN> wake on lan is layer2, you can't send that over a tun interface.
05:49 < MaxFrames> I can send a l3 packet with the wol packet as the payload, and then configure the router to send the l2 packet
05:50 < MaxFrames> I've done this in a wan situation, but not with openvpn so far
05:51 < MaxFrames> or anyway I could configure the openvpn server/router to forward broadcast packets
05:53 < MaxFrames> the idea is to create static arp entries on the openvpn router for the lan machines which need to be waked up
05:53 < MaxFrames> and then send a wol packet from the vpn client using a tool that allows to specify an ip address rather than a mac address (eg. powerwake on linux)
05:54 < MaxFrames> it should work, in theory
06:05 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
06:09 -!- choki [~choki@178.62.221.148] has quit [Quit: WeeChat 1.1.1]
06:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
06:22 -!- bongma2 [~bongma@49.146.219.182] has joined #openvpn
06:24 -!- nortel [~qssl_fnod@qw3rty-2-pt.tunnel.tserv5.lon1.ipv6.he.net] has joined #openvpn
06:26 < nortel> hello, iam accept openvpn clients from management interface, how iam can set client ip address and what is  auth-client {CID} {KID}  what place can ?  END
06:27 -!- bongma1 [~bongma@49.146.219.182] has joined #openvpn
06:31 -!- bongma1 is now known as phiona
06:32 -!- bongma2 [~bongma@49.146.219.182] has quit [Quit: Leaving]
06:32 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
06:34 -!- phiona [~bongma@49.146.219.182] has quit [Quit: Leaving]
06:34 -!- bongma [~bongma@49.146.219.182] has joined #openvpn
06:52 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:52 -!- bongma is now known as phiona
06:54 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 240 seconds]
06:56 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
06:57 -!- phiona [~bongma@49.146.219.182] has quit [Quit: Leaving]
06:57 -!- bongma [~bongma@49.146.219.182] has joined #openvpn
07:00 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
07:08 -!- bongma1 [~bongma@49.146.219.182] has joined #openvpn
07:09 -!- bongma [~bongma@49.146.219.182] has quit [Quit: Leaving]
07:12 -!- bongma1 [~bongma@49.146.219.182] has quit [Client Quit]
07:20 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:21 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Ping timeout: 240 seconds]
07:35 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
07:40 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:47 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-sdkackqolflnpdbm] has joined #openvpn
07:55 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:01 < NetworkingPro> Good morning everyone.
08:10 < M4rc3l> moaning pro
08:15 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 264 seconds]
08:15 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
08:16 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Read error: Connection reset by peer]
08:17 <+esde> whats so good about it
08:17 < M4rc3l> its not raining for starters
08:17 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
08:17 <+esde> 4 more hours of sleep, pls
08:42 -!- Poster|x [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
08:43 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 264 seconds]
08:46 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 256 seconds]
08:48 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 245 seconds]
08:50 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
09:05 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
09:10 < nortel> hello, help me what may write between "client-auth {cid} {kid}" and "END"
09:11 < nortel> variables ?
09:17 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 246 seconds]
09:25 -!- euphoria360 [~euphoria3@151.240.137.83] has joined #openvpn
09:27 <+esde> euphoria360, hi
09:27 < euphoria360> Hi esde. How are you?
09:27 <+esde> great, are things going well for you?
09:28 < euphoria360> I'm thrilled by the performence of this static-key signature less connection
09:28 < euphoria360> thanks for showing me that.
09:29 <+esde> that may have been dazo, but im glad it's working so well for you :D
09:30 < euphoria360> Today I was trying to setup  a user/pass authentication mechanism. since im already using squid with htpasswd, i thought it would be cool to use that user file in both.
09:30 <+esde> !authpass
09:30 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
09:31 < euphoria360> i saw that and found some plugins both third party and the one included in rpm
09:31 <+esde> ah
09:31 < euphoria360> but it throws me "Segmentation Error" along with others
09:32 <+esde> give some more details and people might be able to offer advice
09:32 <+esde> !logs
09:32 < euphoria360> Seems thats related to the software itself. coding and ...
09:32 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
09:32 <+esde> !configs
09:32 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
09:33 < euphoria360> No logs yet. I'm trying to test it via "/usr/lib64/openvpn/plugins/openvpn-plugin-auth-ncsa.so /etc/pki/htpasswd/my-clients.passwd /etc/openvpn/testhtpasswd"
09:33 < euphoria360> it should throw EXIT 0 or EXIT 1. but instead i get "Segmentation Error"
09:34 <+esde> ive never used what you've described
09:34 < euphoria360> only cert based authentication?
09:35 <+esde> pretty much
09:35 <+esde> i tried OTP+PKI once but it was just for shits and giggles
09:35 < euphoria360> hehe! OTP's.
09:35 < euphoria360> Have you used Authy ever?
09:35 <+esde> no
09:36 < euphoria360> Thank God!
09:36 -!- dazo_afk is now known as dazo
09:38 < euphoria360> They store your OTP Keys encrypted and let you restore them using your phone Number.
09:38 <+esde> wow
09:38 -!- suexec [~suexec@voyage.vhost.usr.no] has quit [Ping timeout: 252 seconds]
09:38 < euphoria360> some kinda OTP backup restore via phone number so you dont loose them.
09:38 < euphoria360> Android  app, chrome ext ...
09:39 < euphoria360> I've been using them for like 2 years, yet they suddenly decided Iran is bad and blocked the number without notice.
09:40 <+esde> fuck that too
09:40 < euphoria360> and i was blocked from the most important web logins i'd setup otp on :/
09:41 < euphoria360> I'm gonna screw them on every social shit they have
09:41 < euphoria360> assholes.
09:43 <+esde> https://imgur.com/a/psI0l
09:43 <@vpnHelper> Title: Iran 1960s-70s - Album on Imgur (at imgur.com)
09:43 <+esde> Looks very pretty from those photos
09:43 < julius_> hi
09:43 <+esde> (especially photo #13, lol)
09:45 < nortel> thanks everyone !
09:45 < nortel> =)
09:45 -!- nortel [~qssl_fnod@qw3rty-2-pt.tunnel.tserv5.lon1.ipv6.he.net] has left #openvpn []
09:46 -!- euphoria360 [~euphoria3@151.240.137.83] has quit [Ping timeout: 240 seconds]
09:46 < julius_> im using redirect-gateway on one of my clients.....running: ping -c 100 -i 0.2 -s 200 10.8.33.1     (pinging the server from the client while the client was downloading via http(line almost completely saturated)   on it gives me:   rtt min/avg/max/mdev = 80.607/92.251/103.602/4.819 ms      i was wondering why it didnt "spike", the max is about 20ms above the average
09:46 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
09:48 -!- euphoria360 [~euphoria3@151.240.137.83] has joined #openvpn
09:48 < julius_> shouldnt there be some pings go above 100ms?
09:48 < julius_> or is openvpn priorizing small packets?
09:49 < euphoria360> you mean here?
09:50 -!- suexec [~suexec@voyage.vhost.usr.no] has joined #openvpn
09:50 < euphoria360> without vpn its around 150 to 350, openvpn adds extra 50 to 100 to it.
09:52 < euphoria360> esde: Nowadays its almost the same, better looking but forced scarf and no one's chubby ;)
09:52 < julius_> well, thats bad
09:53 -!- nullsign [~nullsign@tyrion.nullsign.com] has quit [Max SendQ exceeded]
09:53 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
09:53 < euphoria360> I find them sexier than those old days.
09:53 < julius_> wiithout download and still redirect-gatway i get a average of 38
09:54 < euphoria360> wow! where is the server you ping?
09:54 -!- MaxFrames [~MaxFrames@unaffiliated/maxframes] has quit [Ping timeout: 246 seconds]
09:55 < julius_> im in germany, i use 1&1 as provider and my vps is from hetzner
09:55 < julius_> i know that they host in germany...dont know where
09:56 < euphoria360> so almost all are in germany
09:56 < euphoria360> none of mine are local.
09:57 < julius_> almost all? all of what?
10:01 < euphoria360> vps, the server i ping, web servers i usualy browse, ...
10:02 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
10:03 < euphoria360> may i ask, in your traceroutes to 8.8.8.8 for example, how many routers are in between?
10:04 < euphoria360> mine is 16 (without the local ones)!
10:06 < euphoria360> lots of DC's. gotta go. good luck
10:06 -!- euphoria360 [~euphoria3@151.240.137.83] has quit [Quit:  HydraIRC -> http://www.hydrairc.com <- In tests, 0x09 out of 0x0A l33t h4x0rz prefer it :)]
10:18 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Sleeping.]
10:30 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
10:34 -!- JoaoGraca [~JoaoGraca@193.137.26.160] has joined #openvpn
10:35 < JoaoGraca> hello guys
10:35 < JoaoGraca> can anyone help me with authentication agains forefront tmg with openvpn?
10:35 < JoaoGraca> it always gives me proxy authentication required
10:36 < JoaoGraca> i tryed to use auth file
10:36 < JoaoGraca> prompted from shell
10:36 < JoaoGraca> and nothing
10:37 < JoaoGraca> i've tested the credentials with ntlmaps and worked...
10:38 < JoaoGraca> from what i saw i need to put somewhere the domain name, i tryed a lot of combinations like domain\user, user@domain but nothing...
10:39 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
10:40 < JoaoGraca> can anyone help me with this?
10:42 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 264 seconds]
11:00 -!- jalnt [~jalnt@115-64-76-214.static.tpgi.com.au] has joined #openvpn
11:08 -!- f1n [~le0@unaffiliated/le0] has joined #openvpn
11:12 -!- l30 [~le0@unaffiliated/le0] has quit [Ping timeout: 264 seconds]
11:12 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
11:13 -!- kef [~kef@matrix.fullmotion.de] has quit [Ping timeout: 265 seconds]
11:13 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 265 seconds]
11:13 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Ping timeout: 265 seconds]
11:13 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 265 seconds]
11:14 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
11:14 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 265 seconds]
11:14 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 265 seconds]
11:14 -!- krzie [~k@openvpn/community/support/krzee] has joined #openvpn
11:14 -!- mode/#openvpn [+o krzie] by ChanServ
11:14 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 265 seconds]
11:14 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 265 seconds]
11:14 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Ping timeout: 265 seconds]
11:14 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 265 seconds]
11:14 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 265 seconds]
11:14 -!- TTimoNN [~TTimoNN@tt.cloud.tilaa.com] has quit [Ping timeout: 265 seconds]
11:14 -!- krzie is now known as krzee
11:15 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
11:15 -!- kef_ [~kef@matrix.fullmotion.de] has joined #openvpn
11:15 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
11:15 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
11:15 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
11:15 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
11:16 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
11:16 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
11:16 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
11:17 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
11:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:20 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
11:21 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
11:24 -!- f1n [~le0@unaffiliated/le0] has quit [Ping timeout: 256 seconds]
11:24 -!- jalnt [~jalnt@115-64-76-214.static.tpgi.com.au] has quit [Read error: Connection reset by peer]
11:29 -!- soLucien [~Lu@5.57.48.71] has joined #openvpn
11:29 < soLucien> hi guys ! Is it possible to proxy a openVPN connection using a proxy such as nginx?
11:30 < soLucien> I would like to use a web server with OpenVPN Server in order to access resources located on a OpenVPN client LAN
11:32 < soLucien> The resources are accessible from the ovpn server machine , so if i ping 192.168.99.128, i get a response. What i would like to do is set up a proxy saying that subdomain-name.myserver.com goes to 192.168.99.128
11:32 < soLucien> so that i can access the resources from anywhere on the net, using the ovpn tunnel to retrieve them
11:33 < soLucien> is this a possible scenario?
11:34 < DArqueBishop> Yes. It's no different than if the destination web server was on the same LAN as the reverse proxy.
11:35 < soLucien> my scenario is that i perform a GET request to subdomain.myserver.com->proxy performs a get request to 192.168.99.128-> response received by the proxy -> responds to initial GET request
11:35 < soLucien> ok . There's a catch
11:36 < soLucien> the lan resource is https://
11:37 < soLucien> http://vcenter.blana.me/
11:37 < DArqueBishop> Might be a catch with your reverse proxy, but it's not a catch with OpenVPN.
11:37 < soLucien> gives me 502 bad gateway
11:38 < DArqueBishop> Sounds like you need to go to an nginx channel.
11:38 < soLucien> ok, cool i will do that
11:39 < soLucien> the question was is it possible
11:39 < soLucien> if it is , i will fix it
11:39 < soLucien> thanks DArque
11:39 < DArqueBishop> And the answer is yes, because to the proxy it's no different than if it was connected via LAN.
11:39 < DArqueBishop> The proxy doesn't know or care HOW it can connect to the destination... just that it can. :-)
11:40 < soLucien> i will make a blog post about setting up this kind of environment , might help a lot of people
11:40 < soLucien> if i had to use Azure , i would pay 200 euro/month for the resources i can share by virtualizing my home PC
11:41 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
11:42 < soLucien> now i only have to pay 5-10$/month for a digitalocean droplet and i get the same resources, or more
11:44 -!- soLucien [~Lu@5.57.48.71] has quit [Read error: Connection reset by peer]
11:45 -!- kef_ is now known as kef
11:47 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
11:50 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Quit: Leaving]
11:53 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
11:53 -!- mode/#openvpn [+o raidz] by ChanServ
12:02 -!- l30 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:06 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
12:18 < julius_> im using redirect-gateway on one of my clients.....running: ping -c 100 -i 0.2 -s 200 10.8.33.1     (pinging the server from the client while the client was downloading via http(line almost completely saturated)   on it gives me:   rtt min/avg/max/mdev = 80.607/92.251/103.602/4.819 ms      i was wondering why it didnt "spike", the max is about 20ms above the average
12:27 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
12:28 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
12:31 -!- kexmex [~kexmex@78.111.190.82] has joined #openvpn
12:42 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
12:45 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:45 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 265 seconds]
12:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
13:04 -!- kexmex [~kexmex@78.111.190.82] has quit [Ping timeout: 256 seconds]
13:04 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 244 seconds]
13:05 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
13:06 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
13:11 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
13:13 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
13:14 -!- kexmex [~kexmex@178.212.242.26] has quit [Max SendQ exceeded]
13:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:15 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
13:26 -!- JoaoGraca [~JoaoGraca@193.137.26.160] has left #openvpn ["Leaving"]
13:28 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Excess Flood]
13:29 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
13:51 -!- kexmex [~kexmex@178.212.242.26] has quit [Quit: Computer has gone to sleep.]
14:09 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:13 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
14:19 -!- ljvb [~jason@us.vps.vanbrecht.com] has left #openvpn []
14:30 -!- m33x [~m33x@ip-176-198-206-109.hsi05.unitymediagroup.de] has joined #openvpn
14:30 -!- anthony25 [~anthony25@aruhier.fr] has quit [Ping timeout: 246 seconds]
14:30 < m33x> Hi just tried to download https://swupdate.openvpn.net/repos/repo-public.gpg however, the servers certificate expired 6 days ago?
14:31 < m33x> Any other secure way to receive the gpg key?
14:32 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
14:48 <@dazo> m33x: they're working on updating the certificate ... it's a known issue
14:48 <@dazo> mattock_afk: ^^^
14:55 < m33x> thanks
14:55 -!- m33x [~m33x@ip-176-198-206-109.hsi05.unitymediagroup.de] has quit [Quit: Leaving]
14:56 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:22 -!- keith4_ [~keith4@unaffiliated/keith4] has joined #openvpn
15:22 -!- keith4_ [~keith4@unaffiliated/keith4] has left #openvpn ["Client exiting"]
15:24 -!- kalebe [~kalebe@177.100.216.43] has joined #openvpn
15:25 < kalebe> hi, i have a problem. I'm using archlinux as nagios host and have a vpn setup working properlly. bt telnet command and nagios plugin like check_nrpe say that cant reach host ip over the vpn.
15:26 < kalebe> checked my route, ip , everything works fine, but those commands.
15:26 < kalebe> here's my log
15:26 < kalebe> http://pastebin.com/9YEm3m2R
15:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
15:28 < kalebe> i'm using almost the standard vpn server and client config...
15:28 < kalebe> what could it be?
15:28 < kalebe> also, firewall is flushed and all policies on accept on both sides.
15:30 < DArqueBishop> You're able to SSH into the host IP over the VPN?
15:31 < kalebe> yes
15:31 < kalebe> ssh, ping, and lots of other protocols
15:31 < DArqueBishop> Then whatever the problem you're having, it's not a VPN issue.
15:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:33 < kalebe> nothing about this on google i found too
15:33 < DArqueBishop> You should go to a Nagios channel if there is one and ask them.
15:34 < kalebe> came from there righ now
15:34 < kalebe> hehe
15:34 < DArqueBishop> !notopenvpn
15:34 <@vpnHelper> "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem
15:35 < kalebe> thx
15:35 -!- kalebe [~kalebe@177.100.216.43] has left #openvpn []
15:38 <@krzee> DArqueBishop++
15:38 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 250 seconds]
15:44 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:46 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
15:52 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 255 seconds]
15:55 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:58 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:59 -!- zozeer [~zozeer@192.222.104.1] has joined #openvpn
15:59 < zozeer> Hello.
16:00 < zozeer> I have some questions reguarding getting a bridge vpn setup.
16:00 < zozeer> The service is running correctly as near as I can tell.  But my clients can't get to anything on the server subnet.
16:02 < zozeer> I have googled this and found a lot of things to look at, but still no results.  Any ideas on what to look at?
16:05 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
16:05 < soLucien> hi guys
16:05 < soLucien> what are the benefits of using udp vs tcp?
16:07 -!- Poster|x is now known as Poster
16:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
16:11 -!- pythonsnake1 is now known as pythonsnake
16:13 <@dazo> !tcp
16:13 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
16:13 <@dazo> soLucien: ^^^
16:14 < soLucien> thx
16:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:22 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Leaving.]
16:28 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
16:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:31 -!- zozeer [~zozeer@192.222.104.1] has quit [Ping timeout: 245 seconds]
16:51 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
17:13 -!- FlashDel [~benedict@mail.galileo-press.de] has joined #openvpn
17:19 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:24 -!- FlashDel [~benedict@mail.galileo-press.de] has quit [Remote host closed the connection]
17:28 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
17:29 -!- FlashDel [~benedict@mail.galileo-press.de] has joined #openvpn
17:30 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
17:41 -!- FlashDel [~benedict@mail.galileo-press.de] has quit [Remote host closed the connection]
17:44 -!- FlashDel [~benedict@mail.galileo-press.de] has joined #openvpn
17:49 -!- FlashDel [~benedict@mail.galileo-press.de] has quit [Remote host closed the connection]
18:06 -!- dazo is now known as dazo_afk
18:26 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:35 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
18:37 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
18:39 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 256 seconds]
18:45 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [K-Lined]
18:45 -!- jalcine [~jacky@unaffiliated/webjadmin] has quit [K-Lined]
18:46 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has quit [Ping timeout: 240 seconds]
18:47 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
19:07 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
19:36 < soLucien> routing question
19:37 < soLucien> is this the right place? :D
19:58 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
20:13 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
20:16 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
20:18 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 256 seconds]
20:23 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 252 seconds]
20:24 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
20:33 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
20:42 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
20:42 -!- mode/#openvpn [+v s7r] by ChanServ
21:26 -!- julius_ [~julius_@p3EE28E42.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
21:27 -!- julius_ [~julius_@p3EE29226.dip0.t-ipconnect.de] has joined #openvpn
21:29 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Read error: Connection reset by peer]
21:31 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
21:57 <@krzee> soLucien, depends
21:57 <@krzee> theres some openvpn specific stuff, but if its like "how do i use ospf?" then no
21:57 <@krzee> feel free to ask
21:57 < soLucien> i fixed it
21:58 <@krzee> ahh nice
21:58 < soLucien> it was a routing/subnetting thing
21:58 < soLucien> buti eventually solved it using nat port forwarding
22:00 <@krzee> :/
22:00 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
22:00 <@krzee> wouldnt you prefer doing it right?
22:00 <@krzee> !route
22:00 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
22:01 < soLucien> been trying to do that for 2 days
22:01 <@krzee> took me longer than that to figure it out and write that doc
22:01 < soLucien> i don't even know if that was possible
22:01 <@krzee> of course the documentation on --iroute was not nearly as good back then
22:02 < soLucien> it was VMware network related
22:02 <@krzee> oh
22:02 <@krzee> !factoids search --values vmware
22:02 <@vpnHelper> "slowesxi" is pyther> seems as if there is some type of bug with the vmxnet3 network module, so I just switched to the e1000 module, the vpn box is a virtual machine on vmware esxi. http://nwsmith.blogspot.com/2010/07/patching-vmxnet-to-disable-lro.html <pyther> something about disabling LRO
22:03 < soLucien> the packets would get dropped on their way out of the vmware network
22:03 <@krzee> ahh vmware wasnt ip forwarding
22:03 <@krzee> sucks
22:03 <@krzee> unless theres an option somewhere you may have done the only thing that could work
22:03 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 250 seconds]
22:03 <@krzee> dunno
22:04 <@krzee> aka:
22:04 <@krzee> !nathack
22:04 <@vpnHelper> "nathack" is see https://community.openvpn.net/openvpn/wiki/NatHack for info on how to solve the problem when you need !route_outside_ovpn but cant add a route to the gateway or the lan machines
22:05 < soLucien> like this https://www.dropbox.com/s/04f2csw0vygy6j2/Screenshot%202015-03-11%2023.02.23.png?dl=0
22:06 < soLucien> it was never reaching 10.10.10.1
22:06 < soLucien> after 2 days of trying evrything else
22:08 < soLucien> i would advise anyone using VMware stuff to 1) add all VMs on a subnet 2) forward ports on the client machine
22:08 < soLucien> maybe you could make a vpnHelper thing
22:10 -!- rewozz [~root@unaffiliated/rewozz] has joined #openvpn
22:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
22:11 < rewozz> hey, just finished setting up openvpn on my synology box and when I try to run the init.d script I get this in /var/log
22:11 < rewozz> ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
22:12 < soLucien> synology=linux?
22:12 <@krzee> soLucien, i would but all you did was use the last case method (nathack) which is already the final option in !clientlan and !serverlan flowcharts
22:12 < rewozz> soLucien: yes
22:12 <@krzee> rewozz, you need to rebuild your kernel with tuntap support, or build and load the tuntap kernel
22:12 < rewozz> this is the script
22:12 < rewozz> http://hastebin.com/goqaqifuze.bash
22:12 <@vpnHelper> Title: hastebin (at hastebin.com)
22:13 < rewozz> well I'm a bit over my head already
22:13 <@krzee> well that means you should be using an OS you understand
22:13 <@krzee> !101
22:13 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
22:13 <@krzee> !bestos
22:13 <@vpnHelper> "bestos" is the best os for openvpn is the one you are most comfortable with
22:13 < rewozz> alright
22:14 <@krzee> you want to install tun in the kernel, that should help you google it or ask a channel related to it
22:16 < soLucien> krzee what I was saying is that if someone asks for advice on VMware client lan things, routing is not an option. As of now, the VMnet interfaces they supply do not route back outside
22:16 <@krzee> soLucien, yes, and that is one of the valid reasons to use the nathack
22:16 <@krzee> which is what you did.
22:17 <@krzee> good job =]
22:17 < soLucien> i didn't know that until an hour ago, when i stumbled across one of their KB articles
22:17 <@krzee> there may be a better way (figuring out how to enable ip forwarding in the virtualization software, if possible)
22:17 <@krzee> but if not possible you did what you had to do
22:18 < soLucien> and i spend around 20 hours trying to make it work
22:18 <@krzee> for me a lack of proper routing abilities would be enough for me to look for a better virtualization software
22:18 < soLucien> spent*
22:18 < soLucien> you can also install openvpn on one of the VMs
22:18 < soLucien> and that would allow you to route
22:19 <@krzee> only to that vm you mean?
22:19 < soLucien> only to one of the VMs located on the VM networks
22:19 < soLucien> network*
22:19 <@krzee> right
22:19 < soLucien> i have 3 of them
22:20 < soLucien> but my ovpn client was on the container
22:20 < soLucien> so they were on my lan
22:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
22:22 < soLucien> krzee are you one of the devs?
22:33 <@krzee> no
23:04 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
23:06 -!- Marc128000 [~quassel@104.131.64.75] has joined #openvpn
23:12 -!- Marc128000 [~quassel@104.131.64.75] has quit [Ping timeout: 264 seconds]
23:15 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has joined #openvpn
23:16 < Marc128000> Hello gents, I've got a firewall routing issue related to hiding OpenVPN with STunnel. Full Config and output here: http://pastebin.com/D982YzSv
23:16 < Marc128000> I think the only thing I need to do is add a route to make sure that tun0 is funneled through STunnel port
23:17 < Marc128000> But its been beating me all day
23:20 <@krzee> Marc128000, whats not working? looks like it connects
23:20 < Marc128000> Yes thats the frustrating part
23:20 < Marc128000> OpenVPN is happy. General network traffic grinds to a halt
23:20 <@krzee> you didnt show the test of what you are trying to do
23:21 <@krzee> can you ping 10.8.0.6 from the server?
23:21 < Marc128000> As soon as OpenVPN creates its routes, the traffic dies
23:21 <@krzee> can you ping 10.8.0.1 from the client?
23:21 < Marc128000> 10.8.0.1 works,
23:21 < Marc128000> Haven't tried from server side
23:21 <@krzee> !redirect
23:21 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
23:21 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
23:21 <@krzee> use the flowchart at #4
23:22 < Marc128000> Yes, I'm stuck at the firewall issue
23:22 <@krzee> so you *CAN* ping 8.8.8.8?
23:22 <@krzee> err *can not*
23:23 < Marc128000> If I don't let openvpn build route table, I can "ping -I tun0 <ip>" and it works
23:23 < Marc128000> So I'm sure its a firewall issue
23:23 <@krzee> show me iptables-save
23:23 <@krzee> or just fix your firewall
23:24 < Marc128000> I'm using iptables and firewall interchangably
23:24 <@krzee> huh?
23:24 <@krzee> show me iptables-save
23:24 < Marc128000> Okay
23:25 < Marc128000> All set to accept, all flushed
23:25 < Marc128000> To reduce complexity I flushed it hours ago
23:25 <@krzee> ill be ignoring everything you say that isnt a link to your iptables-save
23:25 < Marc128000> Haha, okay
23:26 < Marc128000> http://pastebin.com/AkbbuVh8
23:26 <@krzee> !linnat
23:26 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
23:27 <@krzee> you should never have made it that far down the flowchart
23:27 <@krzee> you lied at "is nat enabled?"
23:27 <@krzee> the vpn server must NAT the vpn subnet
23:27 < Marc128000> oh, the server does
23:27 < Marc128000> the client doesn't have it enabled
23:28 <@krzee> well show me the server iptables-save
23:28 < Marc128000> okay, one second
23:30 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
23:30 < Marc128000> Sorry, this is frustrating, now routing table is causing issues with ssh
23:31 < Marc128000> Think I need to reset my connection
23:31 -!- nickSwe [~quassel@2605:6000:9b86:c700:1164:cbd1:e4f0:682f] has joined #openvpn
23:31 < Marc128000> brb
23:31 <@krzee> sure, the client needs to kill openvpn
23:31 <@krzee> then it'll have an internet connection again
23:39 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
23:40 < Marc128000> http://pastebin.com/mbYcLam1
23:41 < Marc128000> It looks like its actually in there twice
23:44 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
23:47 -!- marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has joined #openvpn
23:47 < marc128000> http://pastebin.com/mbYcLam1 <-- Server iptables-save
23:58 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
--- Day changed Thu Mar 12 2015
00:05 <@krzee> on the server cat /proc/sys/net/ipv4/ip_forward
00:05 <@krzee> marc128000 ^
00:05 < marc128000> Okay
00:06 < marc128000> 1
00:06 < marc128000> kzree , I appreciate the help by the way
00:07 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
00:07 < marc128000> " cat /proc/sys/net/ipv4/ip_forward
00:07 < marc128000> 1"
00:07 <@krzee> iptables -I FORWARD -i tun+ -j ACCEPT
00:07 <@krzee> is the interface you use for internet eth0?
00:08 < marc128000> Client: wlan0   ;; Server: eth0
00:08 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
00:08 <@krzee> show me client log with verb 4
00:08 -!- afics_ [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
00:08 <@krzee> and server log with verb 4 as well
00:08 <@krzee> !logs
00:08 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
00:09 < marc128000> Alright, be back in 2 mins, logs are currently at 3
00:09 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 245 seconds]
00:09 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
00:09 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 245 seconds]
00:09 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 245 seconds]
00:09 -!- not_phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
00:09 -!- nullie [~nullie@linode.nullie.name] has quit [Ping timeout: 240 seconds]
00:09 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 240 seconds]
00:09 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Ping timeout: 240 seconds]
00:09 -!- typ [~quassel@unaffiliated/typ] has quit [Read error: Connection reset by peer]
00:09 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Excess Flood]
00:09 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
00:09 <@krzee> k
00:09 -!- marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
00:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
00:10 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
00:10 -!- not_phunyguy is now known as phunyguy
00:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:12 -!- afics_ is now known as afics
00:12 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
00:19 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has joined #openvpn
00:21 < Marc128000> Back, Client Side: http://pastebin.com/q2p0Rnkn
00:23 -!- rewozz [~root@unaffiliated/rewozz] has quit [Quit: WeeChat 1.1]
00:25 < Marc128000> Server Side: http://pastebin.com/iPKtuwaN
00:25 < Marc128000> It looks like local traffic is getting forced over to vpn side
00:28 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
00:31 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
00:33 < Marc128000> krzee , logs posted. Let me know when you get a chance to review them
00:34 <@krzee> ohhh
00:34 <@krzee> sure i get it
00:35 <@krzee> problem comes down to how --redirect-gateway works and you using 127.0.0.1
00:35 < Marc128000> It would be wonderful if you do. I know its a routing table issue. But I've been fumbling with it all day
00:36 <@krzee> yep it is a routing table issue
00:36 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Read error: Connection reset by peer]
00:36 < Marc128000> I tried (probably incorrectly) to add an exception, but to no avail
00:36 <@krzee> redirect-gateway def1 local
00:36 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
00:36 <@krzee> add local to that line
00:37 <@krzee> then you also need a route to replace that route that we are removing with the correct route
00:37 <@krzee> according to your stunnel config you are connecting to ***.***.***.***:443
00:37 <@krzee> so in that case your client config needs:
00:38 <@krzee> route ***.***.***.*** 255.255.255.255 net_gateway
00:39 < Marc128000> Hahahha, I was one argument off on that
00:39 < Marc128000> I wish I could gift you a beer sir
00:39 <@krzee> note, i did not say to replace net_gateway with something else
00:39 < Marc128000> or ma'am
00:39 <@krzee> sir :-p
00:39 <@krzee> !donate
00:39 <@vpnHelper> "donate" is (#1) send monetary donations to openvpn@secure-computing.net via paypal. All money donated goes to staff toward development of the community wiki, forum, and this IRC channel. or (#2) Contributions to this address do *NOT* directly benefit OpenVPN Technologies, Inc. or (#3) http://www.secure-computing.net/wiki/index.php/OpenVPN/Donations for Contribution totals and benefactors
00:39 <@krzee> and you may if you like
00:40 < Marc128000> I definitely will
00:40 < Marc128000> So is net_gateway a keyword that ovpn knows?
00:40 <@krzee> yep, as seen in the manual at --route
00:41 <@krzee> net_gateway -- The pre-existing IP default gateway, read from the routing table (not supported on all OSes).
00:41 < Marc128000> I'll take little victories. I don't even want to test on other OS yet
00:42 < Marc128000> It is my fantasy, that I'll fire this client config up in windows and it'll work flawlessly
00:43 <@krzee> so long as you remember to give the gui admin privs and comment out the up / down scripts
00:44 <@krzee> it pretty much will
00:44 < Marc128000> Fantastic
00:44 < Marc128000> But I'll still wait till the morning to try it out. The poor machine would be at risk of being subjected to percussive maintenance if it didn't work
00:44 <@krzee> i notice in your config you have:
00:44 <@krzee> #RUN WITH: sudo openvpn --script-security 2 --config client.ovpn
00:44 <@krzee> you can:
00:45 <@krzee> !--
00:45 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
00:45 <@krzee> any option can be --option or just a line in the config
00:45 < Marc128000> oh, nice
00:45 <@krzee> so a line which is a comment reminding you to add an option is kinda funny =]
00:46 <@krzee> everything on both sides of "script-security 2" is just extra
00:46 < Marc128000> Haha, I'm doing work for some folks. I don't typically personally need VPN. so when tech questions come in, I refer to my "notes"
00:47 < Marc128000> Generally, questions are very basic and windows based. But occasionally, they are linux folks who have obscure issues
00:47 <@krzee> i like your note to self that its for linux, so you comment it before windows
00:47 <@krzee> i dont like that its tcp over tcp
00:48 <@krzee> and if you tunnel tcp traffic (web for example) then its tcp over tcp over tcp
00:48 <@krzee> aka doing it WAY wrong
00:48 <@krzee> !tcp
00:48 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
00:48 < Marc128000> I don't either, tried sneaking it out over port 443 without it
00:48 < Marc128000> But DPI caught it and banned traffic
00:48 <@krzee> !obfs
00:48 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
00:48 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
00:48 <@krzee> same tcp issue, but better than stunnel
00:48 <@krzee> =]
00:48 < Marc128000> I got that up and running, but had some issues with users
00:49 < Marc128000> I might give it a go again. I saw they made some recent upgrades
00:49 <@krzee> do most users need the stunnel too or just 1?
00:49 < Marc128000> Most
00:49 < Marc128000> Its terribly inefficient
00:49 <@krzee> country or company doing dpi?
00:50 < Marc128000> country
00:50 <@krzee> gotchya
00:50 < Marc128000> Yeah
00:50 <@krzee> i hate that
00:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
00:50 < Marc128000> I had scramblesuit working, but it was processor/memory expensive
00:50 < Marc128000> And many users had issues with it
00:50 <@krzee> theres an xor patch floating around too
00:50 <@krzee> for sneaking past those firewalls
00:50 <@krzee> you seen that?
00:51 < Marc128000> Frustrating but real issue is that user ability is one of the biggest things I have to combat
00:51 < Marc128000> I have!
00:51 < Marc128000> Even tested it, but the thought of having to custom build and distribute clients worried me
00:51 <@krzee> ya i understand what you mean, thats why obfsproxy is hard
00:51 < Marc128000> Stunnel is inefficient, but it gets it done
00:51 <@krzee> in the end you will have to distribute anyways
00:51 <@krzee> keys and stuff at least, right?
00:51 < Marc128000> And the bar for quality of connection is low.
00:52 < Marc128000> Yeah, thats a challenege
00:52 < Marc128000> challenge*
00:52 <@krzee> so if you distribute 1 thing you can put as many things in that package as needed, custom client or obfsproxy included
00:52 < Marc128000> Yes, thats what I'll have to do now
00:52 <@krzee> hell you could even wrap up a custom installer if you wanted
00:52 <@krzee> !win_rollup
00:52 <@vpnHelper> "win_rollup" is please see http://www.secure-computing.net/wiki/index.php/OpenVPN/HowTo_for_Windows_2 for dazo's writeup on making unattended windows installers for openvpn
00:53 < Marc128000> I was actually considering running two proxies on server, so clients could use obfs first, and if fail, go to stunnel
00:53 < Marc128000> Ohh, didn't see that before, that'd save me a load of headache
00:54 -!- ShadniX [dagger@p579417C1.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:56 -!- ShadniX [dagger@p5DDFC464.dip0.t-ipconnect.de] has joined #openvpn
00:59 < Marc128000> Round 1,503,283,231 of testing a 'simple tunnel tool'. Krzee really appreciate your help
00:59 <@krzee> np, i wish you luck i hope you help everybody break through the firewall to a freer internet
01:07 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has quit [Ping timeout: 255 seconds]
01:12 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:22 -!- nickSwe [~quassel@2605:6000:9b86:c700:1164:cbd1:e4f0:682f] has quit [Remote host closed the connection]
01:25 < soLucien> krzee can you give me a hand?
01:25  * krzee claps
01:25 < soLucien> haha
01:26 <@krzee> sup?
01:26 < soLucien> ok, i'll just shoot the question
01:26 <@krzee> yep,
01:26 <@krzee> !ask
01:26 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
01:26 < soLucien> it's about your favourite chapter , routing
01:27 < soLucien> My pc's LAN IP is 192.168.1.178
01:27 < soLucien> for the VPN I am 10.10.10.6
01:29 < soLucien> i have a LAN where I have 3 VMs : VM1:192.168.99.128 , VM2:192.168.99.129, VM3:192.168.99.130
01:29 < soLucien> i can contact them normally from 192.168.1.178
01:30 < soLucien> however, through the VPN , packets coming from 10.10.10.1 do not get answered
01:31 < soLucien> is there any way of routing 10.10.10.6's traffic through 192.168.1.178 so that i don't have to use NATs and port forwarding?
01:31 < soLucien> i hope the question is kind of clear
01:32 < soLucien> it gets worse : I am using windows .. so route add ..
01:33 < soLucien> If it were a linux computer, I could always masquerade
01:33 < soLucien> and replace the source (10.10.10.1) with 192.168.1.178
01:35 < soLucien> krzee still there ? :D
01:36 <@krzee> well it sounded like your vm software was the reason you needed NAT
01:36 < soLucien> yes
01:36 <@krzee> and if the OS cant nat you can use the built in nat in openvpn
01:36 <@krzee> --client-nat  if i remember right, read it in the manuakl
01:36 <@krzee> manual*
01:38 <@krzee> ive never used it, but it exists
01:38 < soLucien> the issue is not openvpn
01:38 <@krzee> yep, but openvpn can NAT when your OS cannot
01:38 < soLucien> it's the damn VM virtual network
01:38 <@krzee> yep, i know
01:39 <@krzee> i dont support your VM software
01:39 < soLucien> i know man , it was more of a OS/routing question
01:39 <@krzee> but you say the problem is the VM virtual network
01:40 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
01:40 < soLucien> think about it as a hardware nat which my PC connects to from the outside :D
01:41 < soLucien> so i am not behind it , i am in front of it, and i want to route to and from machines behind it
01:41 <@krzee> if you cant get it to ip forward for you then you need to nat
01:41 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has joined #openvpn
01:41 <@krzee> if that means double natting, sucks for you but thats what you get for using crap vm stuff that cant ip forward
01:42 < Marc128000> kzree , for the record, those changes worked. Pushing to first user now for verification before wider release.
01:42 < Marc128000> Thanks again for your help
01:42 <@krzee> yw =]
01:43 <@krzee> down with the country internet filters!
01:43 < Marc128000> YUP
01:44 < soLucien> krzee packets from my computer don't get NATed
01:44 < soLucien> only packets coming from a virtual IP
01:45 < soLucien> it's probably got some settings saying "if the ip is not 192.168.0.0/16, NAT it"
01:46 <@krzee> are the packets passing over the vpn at all?
01:46 < soLucien> yes
01:46 <@krzee> openvpn can nat them!
01:47 <@krzee> oh hmm, i see now it cant be a 1:1 nat tho
01:47 < soLucien>  https://www.dropbox.com/s/04f2csw0vygy6j2/Screenshot%202015-03-11%2023.02.23.png?dl=0
01:47 <@krzee> must be many:1
01:47 < soLucien> this is a traceroute
01:47 < soLucien> yes
01:47 < soLucien> i need somekind of 1:1 rule
01:48 < soLucien> not a traceroute, it is a wireshark capture
01:48 < soLucien> but it shows the problem
01:49 <@krzee> i wish you could see me with my fat bowl of pineapple with honey on it
01:50 < soLucien> i wish you could see me with my red eyes
01:50 < soLucien> trying to do this for the last 10 hours
01:51 < soLucien> but hey, enjoy the pineapple
01:51 <@krzee> oh dude my eyes are red too :D
01:53 <@krzee> but ya, its a combo of !notovpn, and i would not use vm networking software that cannot ip forward
01:53 < soLucien> krzee i don't really have a choice
01:53 <@krzee> cool, but we do, we dont have to support the vm software stuff here, good luck tho
01:54 < soLucien> i am not expecting support man, i am really thankful for your help
01:55 <@krzee> sorry im not meaning to sound like a dick, just trying to say i cant help and you may find better help in a place geared towards the issue
01:57 < soLucien> Might found something https://www.quora.com/How-to-configure-IP-Masquerading-Network-address-translation-for-Windows
01:57 <@vpnHelper> Title: How to configure IP Masquerading(Network address translation) for Windows ? - Quora (at www.quora.com)
01:57 <@krzee> !winnat
01:57 <@vpnHelper> "winnat" is (#1) http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html for a guide on setting up NAT in windows or (#2) http://www.nanodocumet.com/?p=14 for windows XP or (#3) https://community.openvpn.net/openvpn/wiki/NatOverWindows2008 for 2k8
01:57 <@krzee> good luck
01:57 <@krzee> !notovpn
01:57 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
01:59 < soLucien> i will let you know how it goes
02:05 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
02:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
02:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
02:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
02:31 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
02:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
02:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
02:45 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
02:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
02:56 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:03 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
03:12 -!- mattock_afk is now known as mattock
03:46 -!- dazo_afk is now known as dazo
03:46 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Read error: Connection reset by peer]
03:51 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has joined #openvpn
03:51 < rkhunter> hey how much overhead does OpenVPN AES-256 brings?
03:51 < rkhunter> 30 percent of naked connection?
03:57 < leo2007> rkhunter: how do you know?
03:58 < rkhunter> leo2007, VPN provider told me so?
03:58 < rkhunter> they said if I use a VPN expect 30 percent drop in connection speed
03:58 < rkhunter> if not atleast 10 percent
04:00 < BtbN> It has no bandwidth overhead at all
04:00 < BtbN> It just needs more CPU
04:11 < rkhunter> ok
04:12 < rkhunter> BtbN, so I would get 2 Mbps with a 2 Mbps connection even if I use a AES-256 VPN ?
04:13 < BtbN> If your CPU and the CPU on the server is fast enough to encrypt at that speed, sure
04:13 < BtbN> and decrypt of course
04:25 < rkhunter> when it drops < 500 Kbps it hurts
04:26 < rkhunter> and then picks 2 Mbps and then drops to 700 Kbps
04:26 < rkhunter> I think Wireless sucks
04:26 < rkhunter> never buy AP based internet connections
04:27 < rkhunter> inference is just too much
04:27 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
04:29 < BtbN> 2Mbps is nearly nothing. Even some slow ARM can handle de/encrpyting that.
04:30 < rkhunter> i5-3rd gen is what I have
04:30 < BtbN> That even has native aes acceleration, and can easily handle at least 1gbit/s
04:32 < rkhunter> ok
04:32 < rkhunter> BtbN, does AP based wireless connections suck ?
04:32 < rkhunter> I think it really sucks
04:32 < BtbN> AP based?
04:33 < BtbN> So, just normal WLAN?
04:33 < BtbN> Or some UMTS/LTE stuff?
04:34 -!- f1n [~le0@unaffiliated/le0] has joined #openvpn
04:38 -!- l30 [~le0@unaffiliated/le0] has quit [Ping timeout: 264 seconds]
04:38 < rkhunter> BtbN, they installed a AP thing on the terrace and says it is connecting to our tower
04:38 < rkhunter> it has a cable running down into WAN port of my router
04:38 < rkhunter> this is how it works
04:39 < BtbN> Well, it's out of your control then. Sounds horrible though.
04:39 < rkhunter> ok
04:39 < rkhunter> it sucks
04:39 < rkhunter> connection is like
04:40 < rkhunter> 300 kbps - 200 - 900 - 1.5 Mbps - 2 Mbps - 400 Kbps - 1 Mbps
04:40 < rkhunter> it is so unstable
04:40 < rkhunter> if you monitor it using your router
04:41 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has quit [Quit: Leaving]
04:47 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
04:50 -!- f1n [~le0@unaffiliated/le0] has quit [Ping timeout: 264 seconds]
04:51 -!- f1n [~le0@unaffiliated/le0] has joined #openvpn
04:53 -!- l30 [~le0@unaffiliated/le0] has quit [Ping timeout: 272 seconds]
04:58 -!- some-random-dude [2ed61c9c@gateway/web/freenode/ip.46.214.28.156] has joined #openvpn
04:58 < some-random-dude> hai there guize!
04:59 < some-random-dude> i come with "yet another openvpn issue" type of problem
05:00 < some-random-dude> my server is a pfsense box, its local network is 192.168.10.0, its ptp ip is 192.168.8.1, the client setup is 192.168.30.0, with a ptp of 192.168.8.6; i can ping whatever the hell i want from the client network, but on the server side i can only reach 192.168.8.6, not 192.168.30.0; i even set up a manual route for 192.168.30.0 to be reachable via 192.168.8.1, but no dice
05:01 < some-random-dude> oh and on the 192.168.30.0 network the client is a wrt160nl router running openwrt and its ip is 192.168.30.1
05:04 < some-random-dude> !welcome
05:04 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
05:04 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
05:05 < some-random-dude> !goa
05:05 < some-random-dude> !goal
05:05 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
05:06 < zoobab> hi
05:06 < zoobab> is there a way to skip the tests/ in ./configure?
05:09 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:11 < some-random-dude> !howto
05:11 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
05:19 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
05:22 -!- f1n [~le0@unaffiliated/le0] has quit [Ping timeout: 240 seconds]
05:33 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
05:38 -!- Blinkiz [~blinkiz@unaffiliated/blinkiz] has joined #openvpn
05:41 < Blinkiz> Hello. I have a Ubuntu 14.04 server and client using openvpn 2.3.2. I have a working IPv4 tunnel but not IPv6. My server is not sending (forwarding) the IPv6 to my ISP. "net.ipv6.conf.all.forwarding=1" is set. I have tried adding the "ip neigh add proxy ..." but no success. Tried ip6tables forward rules but nothing. What am I missing here?
05:42 < Blinkiz> I can ping6 addresses on the server over the tunnel. But not ping6 anything beyond my server. With tcptump I can see that my server is not even trying to send the signal upstream, just destination not reachable..
05:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
05:46 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 272 seconds]
06:06 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
06:06 < soLucien> Hi guys! Does anyone understand what this is: PID_ERR replay [0] [TLS_AUTH-0]
06:37 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:44 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
06:44 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
06:45 -!- badon_ is now known as badon
06:58 -!- f1n [~le0@unaffiliated/le0] has joined #openvpn
07:01 -!- l30 [~le0@unaffiliated/le0] has quit [Ping timeout: 264 seconds]
07:02 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
07:05 -!- f1n [~le0@unaffiliated/le0] has quit [Ping timeout: 255 seconds]
07:07 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:30 < soLucien> anyone has some experience with Squid?
07:46 -!- some-random-dude [2ed61c9c@gateway/web/freenode/ip.46.214.28.156] has quit [Quit: Page closed]
07:51 < Blinkiz> soLucien, I have some experience with squid
07:51 < soLucien> Blinkiz is it possible to proxy all requests coming from a subnet going into another subnet?
07:52 < soLucien> also changing the IP
07:52 < soLucien> spoofing the ip
07:52 < soLucien> like Masquerade would do
07:53 < Blinkiz> soLucien, I do not know but I do not think so
08:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:24 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
08:42 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has quit [Quit: leaving]
08:45 -!- Henryabcd [~Henryabcd@p4FC42AD4.dip0.t-ipconnect.de] has joined #openvpn
08:45 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
08:45 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has joined #openvpn
08:48 -!- f1n [~le0@unaffiliated/le0] has joined #openvpn
08:48 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 256 seconds]
08:49 -!- Henryabcd [~Henryabcd@p4FC42AD4.dip0.t-ipconnect.de] has quit [Client Quit]
08:51 -!- l30 [~le0@unaffiliated/le0] has quit [Ping timeout: 252 seconds]
08:55 <@dazo> soLucien: you can use NAT rules to do that
08:56 <@dazo> but you need to NAT from and to IP address ranges you "own"
09:13 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
09:17 -!- f1n [~le0@unaffiliated/le0] has quit [Ping timeout: 264 seconds]
09:25 -!- rich0_ is now known as rich0
09:25 -!- Poster [~poster@74.140.100.29] has joined #openvpn
09:31 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
09:33 -!- l30 [~le0@unaffiliated/le0] has quit [Ping timeout: 246 seconds]
09:36 -!- soLucien [~Lu@130.225.165.39] has quit [Disconnected by services]
09:50 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:15 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
10:22 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
10:23 -!- deranged [Bit@lolnerd.net] has joined #openvpn
10:34 -!- Blinkiz [~blinkiz@unaffiliated/blinkiz] has quit [Remote host closed the connection]
10:40 -!- dazo is now known as dazo_afk
10:43 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
10:43 < _FBi> DAMN YOU __FBi LOL
10:43 < _FBi> oh, sorry about caps :D
10:43 < _FBi> how is everyone?
10:47 -!- apollo2k is now known as aPollO2k
10:57 < DArqueBishop> It's the feds! Quick, smash your drives!
10:57 -!- sudo_woodo [~nan@190.234.106.236] has joined #openvpn
10:57 < sudo_woodo> hi
10:59 < sudo_woodo> I need some help. I've joined a Windows domain using openvpn, but I can't browse any computer in the network window
11:07 < _FBi> I didn't realise I haven't been here in some time.  Horrible connections issues with my ISP :/
11:08 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
11:11 < sudo_woodo> _FBi, I had a similar problem previously, I solved it using sasl authentication
11:11 < _FBi> true
11:11 < _FBi> I think __FBi has it lol
11:11 < _FBi> I don't remember what server that even is lol
11:29 < sudo_woodo> I need some help. I've joined a Windows domain using openvpn, but I can't browse any computer in the network window
11:29 < sudo_woodo> from a computer that have joined to vpn
11:30 < _FBi> I think you would need to pastebin the server.conf and the clients
11:30 < sudo_woodo> sure, gimme a sec
11:34 < sudo_woodo> this is my server.conf http://susepaste.org/896ccc9a and client http://susepaste.org/5e7a13c9
11:35 < _FBi> push "redirect-gateway def1 bypass-dhcp"  is that correct?
11:36 < sudo_woodo> I think I put that for computers to have internet access
11:41 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
11:41 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:42 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
12:09 -!- cetex [~cetex@nadine.juza.se] has joined #openvpn
12:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
12:12 < cetex> hm. i'm using cadir, and i've revoked + renewed the client certificate. do i need to reload the openvpn server for the new cadir-files to be loaded?
12:12 < cetex> or are they loaded dynamically?
12:12 < cetex> on every login?
12:17 -!- kexmex [~kexmex@178.212.242.26] has quit [Quit: Computer has gone to sleep.]
12:20 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:20 < cetex> because, i can still connect with the old certificate..
12:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:40 < cetex> if it requires a reload it's an issue. we update the CRL on all servers in the cluster every 10 minutes and we may have connections running for days..
12:45 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:50 < pekster> cetex: If you had --crl-verify <file> when you launched your server instance, that CRL will be consulted each time a client connects, and on re-negotiations (determined by the --reneg-* options, which defaults to every hour)
12:50 < pekster> You only need a restart if you need to add new global server directives
12:51 < cetex> hm.
12:54 < cetex> so i can't verify the crl for every request?
12:54 < cetex> *verify the users certificate against all crl's?
12:54 < pekster> "request"? Every time a user is authenticated, that CRL-file is checked
12:55 < cetex> yeah. but i have a chain of ca's..
12:55 < pekster> You might be able to concatenate the PEM-encoded CRL files together; I haven't tried that
12:55 < cetex> ok. hm hm.
13:01 < cetex> hm. crl-verify seems to support dirs as well.
13:03 < pekster> That's just going to refer to certificates by serial (the contents are meaningless)
13:03 < pekster> That's probably a non-starter with a tiered-CA layout
13:04 < cetex> ah, yeah.
13:11 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
13:11 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
13:11 -!- mode/#openvpn [+v s7r] by ChanServ
13:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:23 < cetex> hm.
13:23 < cetex> seems it only works for the root ca?
13:24 < cetex> no.. just warnings. :>
13:24 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
13:28 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
13:30 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
13:37 -!- s7eele [~s7eele@108.59.12.84] has joined #openvpn
13:58 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
14:06 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
14:38 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 246 seconds]
14:39 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
14:43 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Leaving.]
14:44 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
15:00 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
15:08 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
15:11 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
15:13 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
15:21 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 244 seconds]
15:23 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
15:24 -!- zahna [~dude@75-48-218-248.lightspeed.gdrpmi.sbcglobal.net] has joined #openvpn
15:25 < zahna> is it possible to have a client push routes to a server, so that i can expose the client's subnet to the server?
15:35 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
15:39 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:45 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
16:03 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
16:04 -!- mattock is now known as mattock_afk
16:07 -!- rich0_ is now known as rich0
16:10 < zahna> i've looked in the documentation and i'm not seeing anything for pushing routes from client to server
16:12 -!- aPollO2k is now known as apollo2k
16:13 < BtbN> Would be kind of a security issue if that was possible.
16:27 < DArqueBishop> That's because there isn't anything.
16:27 < DArqueBishop> All routing is controlled by the server.
16:28 <+s7r> can we use ECDSA wit OpenVPN ?
16:28 <+s7r> !ecdsa
16:28 < DArqueBishop> Even if you need a route from the client side applying on the server (as in, destination behind the client available to VPN users), you still have to configure it on the server itself.
16:30 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
16:30 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
16:30 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
16:30 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Remote host closed the connection]
16:30 < DArqueBishop> zahna: http://openvpn.net/index.php/open-source/documentation/howto.html#scope
16:30 <@vpnHelper> Title: HOWTO (at openvpn.net)
16:32 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
16:34 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:02 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 36.0.1/20150305021524]]
17:49 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:50 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
17:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
18:22 < sudo_woodo> In a vpn client (windows) I can access other vpn clients sharings using \\VPN-IP-ADDRESS from windows file explorer location bar, but I cant see all windows clients from "Network" icon. How can I fix this?
18:24 -!- rewozz [~root@unaffiliated/rewozz] has joined #openvpn
18:25 < rewozz> Hello, I just finished setting up openvpn on my synology box and everything is working fine
18:25 < rewozz> but then I tried push "redirect-gateway def1" and I get no internet access
18:25 < rewozz> in the openvpn.conf
18:32 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
18:41 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:44 -!- grendal_prime [~sgraham@12.237.60.194] has joined #openvpn
18:45 < grendal_prime> ok following this howto here https://community.openvpn.net/openvpn/wiki/RoutedLans
18:45 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
18:45 < grendal_prime> but im ruing into an issue where the lan at the server cannot comunicate with the two vpns
18:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:46 < grendal_prime> all the devices on the two vpn routed networks can see each other just fine.  but in that example the lan has 10.10.2.0/24 subnet and thats the subnet that seems to be detached
18:47 < grendal_prime> krzee, any suggestions?
18:48 < grendal_prime> the server also acts a the router for the network. Do i need to add a route to the routing table of the physical server itself..i mean i would think i should
18:51 < pekster> redpill: See !redirect (especially the flowchart, and the other linked !things if you need them.) Also, IRC as root is usually a horrible idea
18:51 < pekster> rewozz: ^ that was for you (sorry redpill)
18:59 < rewozz> !redirect
18:59 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
18:59 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
19:01 < rewozz> thanks for the heads up
19:19 < zahna> DArqueBishop: sorry, i wasn't specific enough. i meant that the "client" itself is doing routing for a subnet. i wanted to automatically populate the openvpn server's routing table with a route from the client. also, i'd like to avoid using ccd in the config if i can. is this possible?
19:20 < pekster> You'll need either a ccd file or a --client-connect script for the --iroute directive. Read the info at !clientlan for LAN-behind-client routing
19:23 < zahna> hmm. ccd might work actually. ccd will work with username-as-common-name in server.conf, right?
19:23 < pekster> Yup
19:23 < zahna> excellent
19:24 -!- grendal_prime [~sgraham@12.237.60.194] has quit [Quit: Ex-Chat]
19:24 < zahna> thank you very much for your help
19:37 -!- rewozz [~root@unaffiliated/rewozz] has quit [Quit: WeeChat 1.1]
19:38 -!- Latrina [~Latrina@ppp-120-59.26-151.libero.it] has quit [Ping timeout: 256 seconds]
19:39 -!- Latrina [~Latrina@ppp-241-14.26-151.libero.it] has joined #openvpn
19:40 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
20:13 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Leaving.]
20:20 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
20:22 < zahna> win 1
20:26 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Remote host closed the connection]
20:27 -!- cwillu_at_work [~cwillu@cwillu.com] has joined #openvpn
20:39 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
20:42 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
20:53 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
21:06 -!- rewozz [~rewozz@unaffiliated/rewozz] has joined #openvpn
21:06 < rewozz> thanks whoever warned me about running IRC as root, fixed :)
21:07 < rewozz> now back to fixing openvpn, !redirect
21:07 < rewozz> !redirect
21:07 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
21:07 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
21:10 -!- deepopenvpn [704f2737@gateway/web/cgi-irc/kiwiirc.com/ip.112.79.39.55] has joined #openvpn
21:11 < deepopenvpn> Hi, was trying to connect to vpngate using OpenVPN from an OpenVZ VPS.  It did not work
21:11 < deepopenvpn> this is the second to last line
21:11 < deepopenvpn> NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
21:12 < deepopenvpn> any help would be highly appreciated . thanks
21:21 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:27 -!- julius_ [~julius_@p3EE29226.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]
21:28 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
21:29 -!- julius_ [~julius_@p3EE2895E.dip0.t-ipconnect.de] has joined #openvpn
21:34 < deepopenvpn> hi julius
21:36 -!- `hypermist` is now known as sleepypc
21:43 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:49 -!- sleepypc is now known as `hypermist`
22:04 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
22:42 -!- bongma [~bongma@49.147.176.88] has joined #openvpn
22:49 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
23:11 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
23:16 < ecrist> deepopenvpn: still here?
23:16 < ecrist> !openvz
23:16 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
23:18 < _FBi> hello ecrist !
23:22 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
23:22 < ljvb> morning
23:22 < ecrist> hey there __FBi 
23:22 < ecrist> or _FBi 
23:23  * _FBi shakes fist at __FBi 
23:23 < ecrist>  /kick __FBi 
23:23 < _FBi> heh
23:23 < _FBi> I could delete the account
23:24 < _FBi> I don't remember making it
23:24 < ecrist> buy why are you logged in twice?
23:24 < ecrist> huh huh?
23:25 < _FBi> I heard you liked logging.  So I put a log in your log, so you could log your loggings
23:25 < ecrist> oh, right, krzee wants that updated
23:25 < ljvb> ugg.. that meme is old
23:26 < ecrist> which meme?
23:26 < _FBi> it's okay ljvb, ecrist lives under a rock.  my jokes are all new to him
23:26 < ecrist> lately, I do live under a rock.
23:27 < ljvb> the xzibit one
23:27 < ecrist> $new_job actually makes me work.
23:27 < _FBi> bastards!!
23:28 < _FBi> http://weknowmemes.com/wp-content/uploads/2013/06/people-what-a-bunch-of-bastards-meme.jpg
23:28 < ljvb> I'm going to murder my iphone.. cannot get it to work.. everything else does (Mac, windows, fbsd servers, android).. but on the iphone I am getting tls fail handshake
23:28 < ecrist> To depart to the cute, I used to work from home most days, and my 5yo daughter grew up with me working from home with her, in lieu of day care.  With the new job, I have to go in to the office.  She gets up, completely on her own, at 0500 every day and follows me around the house while I get ready for the day, just hanging out and talking.
23:32 < _FBi> http://weknowmemes.com/wp-content/uploads/2014/11/the-most-canadian-sign-ever.jpg
23:32 < _FBi> and now?
23:34 < ljvb> heh
23:34 < ljvb> that one I'm okay with
23:37 -!- bongma [~bongma@49.147.176.88] has quit [Quit: Leaving]
23:42 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
--- Day changed Fri Mar 13 2015
00:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:50 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
00:52 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
00:53 -!- ShadniX [dagger@p5DDFC464.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:54 -!- ShadniX [dagger@p5DDFC61A.dip0.t-ipconnect.de] has joined #openvpn
00:55 -!- MogDog is now known as Laika
00:55 -!- Laika is now known as MogDog
00:57 -!- bongma [~bongma@49.147.176.88] has joined #openvpn
01:11 -!- Poster|x [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
01:12 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:12 -!- Poster [~poster@74.140.100.29] has quit [Ping timeout: 272 seconds]
01:13 -!- mattock_afk is now known as mattock
01:27 -!- sudo_woodo [~nan@190.234.106.236] has quit [Ping timeout: 272 seconds]
01:40 -!- sudo_woodo [~nan@190.234.105.231] has joined #openvpn
01:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
01:42 -!- bongma [~bongma@49.147.176.88] has quit [Quit: Leaving]
01:46 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 264 seconds]
01:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:49 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:49 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:49 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
01:55 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
02:00 -!- mattock is now known as mattock_afk
02:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
02:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:24 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
02:24 -!- lbft [~lbft@unaffiliated/lbft] has quit [Excess Flood]
02:24 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
02:25 -!- deepopenvpn [704f2737@gateway/web/cgi-irc/kiwiirc.com/ip.112.79.39.55] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
02:35 -!- Six6siX [~Devil@jasmine.sammybakar.com] has joined #openvpn
02:41 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:44 -!- Six6siX [~Devil@jasmine.sammybakar.com] has quit [Ping timeout: 255 seconds]
02:46 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has quit [Excess Flood]
02:47 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has joined #openvpn
03:09 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
03:12 -!- mattock_afk is now known as mattock
03:20 -!- YazzMatazz [5e3ba1df@gateway/web/freenode/ip.94.59.161.223] has joined #openvpn
03:21 -!- sudo_woodo [~nan@190.234.105.231] has quit [Quit: Saliendo]
03:21 < YazzMatazz> hey
03:23 < YazzMatazz> Any  particularly good OpenVPN resources that you recommend? what are the best books, tutorials, etc. Would be nice to learn from your experience. Thanks :)
03:25 <@krzee> !book
03:25 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2!
03:25 <@krzee> !factoids
03:25 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
03:25 <@krzee> other than that, depends on what you wanna do using openvpn
03:27 < YazzMatazz> factoids page is niiiice
03:27 < YazzMatazz> Thanks vpnhelper
03:27 < YazzMatazz> :)
03:27 <@krzee> !bot
03:27 <@vpnHelper> "bot" is I'm a bot.. just a bot. krzee and ecrist are my maintainers, and I haven't said anything, if you'd notice, the person who spoke just before me gave a !command to make me speak :P
03:28 < YazzMatazz> well, then, thanks krzee
03:28 < YazzMatazz> :)
03:28 <@krzee> np
03:28 < YazzMatazz> I just want to learn more about openvpn server administration and how to automate the process, yeah :)
03:31 < YazzMatazz> by the way, nice bot you've got there, :)  I like the sarcastic sense of humor, lol
03:54 -!- julius_ [~julius_@p3EE2895E.dip0.t-ipconnect.de] has left #openvpn ["Verlassend"]
03:55 -!- apollo2k is now known as aPollO2k
04:16 -!- _snd [~alexh@login.boxed.no] has joined #openvpn
04:17 < _snd> quick question: can i assign a user to a specific interface/access based on group membership looked up in LDAP?
04:22 -!- YazzMatazz [5e3ba1df@gateway/web/freenode/ip.94.59.161.223] has quit [Ping timeout: 246 seconds]
04:37 <@krzee> sure, if you can script it
04:37 <@krzee> !client-connect
04:37 <@vpnHelper> "client-connect" is --client-connect <script>, runs script on client connection. This can be useful for generating firewall rules dynamicly, or for assigning static ips. This can do anything that a ccd (see !ccd) entry can do, but dynamicly... to use it that way, you should write your dynamic ccd commands to the file named by $1.
04:38 <@krzee> i believe eurephia does this
04:38 <@krzee> !eurephia
04:38 <@vpnHelper> "eurephia" is http://www.eurephia.net/
04:39 < _snd> vpnHelper: but i would be baically limited to what i can do within the bridge itnerface i connect the openvpn tapX to, i can't do what i can currently do on my cisco asa, where i can assignt he user to a completely different ip pool and interface jsut based on what group it's in?
04:39 <@krzee> why you even bridging?
04:40 <@krzee> you can assign to different subnets based on whatever you want, but those subnets should not already be in use
04:40 -!- aPollO2k is now known as apollo2k
04:40 < _snd> krzee: that would work
04:40 <@krzee> you can do that in tun
04:41 < _snd> krzee: i use bridging a lot, im confortable with it and it's something i've done with openvpn for ages, ive just never before had this requirement to shunt users depending on their authentication
04:42 < zoobab> openvpn git rel23 branch still does not work for cipher null
04:43 <@krzee> cipher none you mean?
04:43 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has joined #openvpn
04:43 < zoobab> yo
04:43 < rkhunter> yo
04:43 < zoobab> I took sven-ola package for 2.3.6 instead works fine
04:43 <@krzee> !tunortap
04:43 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
04:43 <@vpnHelper> rooted/jailbroken) support only tun
04:43 <@krzee> zoobab, cipher none, not null
04:43 < zoobab> cipher none
04:43 < zoobab> sorry
04:44 <@krzee> that could be why
04:44 <@krzee> anyways why bother with openvpn if not needing enc, just use gre tunnels
04:45 < zoobab> I need a TCP tunnel
04:45 < zoobab> I also tried SSH-HPN tunnel with no cipher
04:46 < zoobab> I have seen UDP-FOU kernel module in 3.18, but it is for UDP only
04:46 < _snd> vpnHelper:  i'm aware of the differnece in tun and tap
04:47 -!- Denial [~Denial@81.141.9.229] has quit []
04:50 < _snd> vpnHelper: looks like --client-connect is the route to go
04:50 < _snd> vpnHelper: thanks for the input
04:52 -!- _snd [~alexh@login.boxed.no] has left #openvpn []
04:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:52 <@krzee> heh
04:52 -!- cetex [~cetex@nadine.juza.se] has left #openvpn []
04:55 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has quit [Quit: Leaving]
04:55 -!- mattock is now known as mattock_afk
05:11 -!- Denial [~Denial@81.141.9.229] has joined #openvpn
05:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
05:21 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 244 seconds]
05:23 -!- mattock_afk is now known as mattock
05:24 -!- dazo_afk is now known as dazo
05:28 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
05:28 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
05:38 -!- `hypermist` is now known as sleepypc
06:17 -!- julius_ [~julius_@p3EE2895E.dip0.t-ipconnect.de] has joined #openvpn
06:17 < julius_> hi
06:18 < julius_> traffic from my openvpn clients when clients talk to each other, that all goes trough FORWARD, right?
06:49 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:49 < Thermi> julius_: depends on the client-to-client setting
06:50 < julius_> that thing takes options?
06:50 < julius_> got none
06:50 < Thermi> Nopüe
06:50 < Thermi> Depends on if you set it or not
06:51 -!- Chais [~Chais@unaffiliated/chais] has quit [Read error: Connection reset by peer]
06:53 -!- mattock is now known as mattock_afk
07:00 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
07:05 < julius_> ok, assuming i got no arguments set
07:05 < Thermi> No
07:05 < Thermi> It depends on if it's there or not.
07:05 < Thermi> If you set "client-to-client" or not.
07:05 < Thermi> See the man page of openvpn
07:05 < julius_> ah, ok.you got me confiused there for a second
07:06 < julius_> i got it set...my clients can talk to each other
07:06 < Thermi> tun or tap?
07:06 < julius_> now, whats the way for packets from client1 to client2 trough the iptables rules?
07:06 < julius_> tun
07:07 < Thermi> If it is set, the packets go through openvpn. Only through openvpn, not through the stack.
07:07 < Thermi> Disable it and force it to go through the netfilter stack: http://inai.de/images/nf-packet-flow.png
07:11 < julius_> iptables -I FORWARD -j LOG -s 10.8.33.0/24 -d 10.8.33.0/24 --log-prefix FORWARDED:
07:11 < julius_>         <- so this should never  log packets ?   my vpn network is 10.8.33.0
07:13 < Thermi> Yes, I think so.
07:15 < julius_> nice to know
07:16 < julius_> and if i disable client-to-client how does this work?  i thought then the clients couldnt talk to each other
07:16 < Thermi> Through the network stack of the host
07:16 < Thermi> Over the forwarding chain
07:16 < Thermi> like all other routed traffic
07:18 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
07:41 < zahna> !clientlan
07:41 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
07:41 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
07:51 < julius_> ok, thx
07:53 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
08:29 -!- apollo2k is now known as aPollO2k
08:38 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Ping timeout: 250 seconds]
08:41 -!- aPollO2k is now known as apollo2k
08:47 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 245 seconds]
08:53 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
08:53 -!- mode/#openvpn [+v esde] by ChanServ
08:53 -!- ago [~ago@gentoo/developer/ago] has left #openvpn []
08:54 -!- y4h0 [~yavor@94.155.134.12] has joined #openvpn
08:55 < y4h0> hi all
08:56 -!- mattock_afk is now known as mattock
09:23 < y4h0> hi i am configuring openvpn with pam auth here are my configs http://pastie.org/10023165
09:24 < y4h0> the server log http://pastie.org/10023168
09:28 < y4h0> my openvpn server starts 2 processes
09:28 < y4h0> check the server log
09:28 < y4h0> can you tell me why is that ?
09:32 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 256 seconds]
09:34 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
09:37 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
09:43 -!- ozux [~root@unaffiliated/ozux] has quit [Ping timeout: 245 seconds]
09:43 -!- ozux [~root@unaffiliated/ozux] has joined #openvpn
09:43 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Ping timeout: 245 seconds]
09:44 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
09:47 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
09:49 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
10:00 -!- Bardamu [c06d8cbe@gateway/web/freenode/ip.192.109.140.190] has joined #openvpn
10:00 < Bardamu> Hi
10:00 < Bardamu> When I connect to a vpn I'm disconnected. I use  openvpn gui
10:01 < Bardamu> automaticly
10:02 < Bardamu> SIGUSR1[soft,connection-reset] received, process restarting
10:02 < Bardamu> I have this message in my log
10:04 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
10:04 -!- mode/#openvpn [+v s7r] by ChanServ
10:05 <+s7r> !tcp
10:05 <+s7r> !udp
10:05 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
10:05 <+s7r> will UDP over a TCP vpn be workable or will the latency be too high?
10:07 < Bardamu> s7r I have a problem with a vpn. I connect to it and one second after I'm disconnected
10:07 < Bardamu> SIGUSR1[soft,connection-reset] received, process restarting
10:07 < Bardamu> I have this message in my log
10:07 <+s7r> whats the os
10:08 <+s7r> did you configure you vpn?
10:08 <+s7r> you have the proper certs and credentials?
10:08 < DArqueBishop> !logs
10:08 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:08 < rob0> s7r, that's a definite maybe.  But if there is good speed and low latency on your TCP VPN, it should work fine with UDP inside the tunnel.
10:09 < rob0> It did not work well for me, when $dayjob had a TCP VPN.
10:10 <+s7r> basically i want the clients to be able to do low latency stuff
10:11 <+s7r> such as gaming and etc.
10:11 <+s7r> and yeah, tcp is the only option
10:11 <+s7r> and the tcp latency might be high
10:13 < rob0> it's going to depend on each end of the tunnel, as well as the backbone inbetween
10:13 -!- ghormoon [~ghormoon@ghorland.net] has quit [Quit: ZNC - http://znc.in]
10:14 < rob0> why can't you offer both TCP and UDP?
10:14 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
10:15 -!- Bardamu [c06d8cbe@gateway/web/freenode/ip.192.109.140.190] has quit [Quit: Page closed]
10:21 <+s7r> rob0 the tunnel are happening over Tor, which is TCP only anonymity network
10:21 <+s7r> so UDP is out of the question.
10:22 <+s7r> and imagine it's being relayed via 3 different hops/servers so the latency will increase little bit, that is why i wanted to know if UDP is still practical for a gaming connection or something like ethis
10:29 -!- zahna [~dude@75-48-218-248.lightspeed.gdrpmi.sbcglobal.net] has quit [Quit: leaving]
10:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:31 -!- mode/#openvpn [+o mattock1] by ChanServ
10:32 -!- mattock is now known as mattock_afk
10:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:41 -!- soLucien [~Lu@5.57.48.71] has joined #openvpn
10:46 -!- GENSTAAR [~GENSTAAR@unaffiliated/genstaar] has joined #openvpn
11:03 <@dazo> s7r: when involving TOR, you can generally forget about latency requirements ...
11:03 <+s7r> because it's too high for any requirements a?
11:04 <@dazo> s7r: my experience with tor is that it is is going to be too slow in general
11:04 <+s7r> it is faster now ... when have you used it last time?
11:04 <@dazo> try to do some pings through a TOR tunnel ... about a year ago last time I used it
11:04 <+s7r> its speed is higher now, there are more relays in the network with higher bandwidth capacity
11:04 <+s7r> I will do some tests tonight.
11:05 <+s7r> if it's more than 300 ms is not workable for me
11:05 <@dazo> it may also depend a lot on the routes you get ... but if the bandwidth has increased, that's great news!
11:05 <+s7r> yeah, if you have the bad luck to catch a slow relay in the middle
11:05 <+s7r> like the middle hop is 300KB/s it won't matter your guard is 100MB/s and your exit it 90 MB/s
11:06 <+s7r> the Tor connection is only as fast as the fastest hop in the circuit
11:06 <+s7r> this seams rational
11:07 <+s7r> do you happen to know if i can use ECDSA with OpenVPN instead of RSA?
11:07 <+s7r> ecdsa or eddsa
11:10 <@dazo> there are some partial support, iirc ... full support I believe is slated for the 2.4 release
11:11 <@dazo> iirc, there were some performance issues which needed to be ironed out before we see the patches on the -devel mailing list
11:13 <+s7r> but at a given time in the future it will eventually work
11:13 <+s7r> with full performance?
11:13 <@dazo> yeah, naturally ... we won't see any patches for review before the performance issues have been resolved
11:14 <@dazo> I might mix AEAD/GCM with full EC support (looking at the hackatahon 2014 minutes)
11:14 <@dazo> https://community.openvpn.net/openvpn/wiki/MunichHackathon2014
11:14 <@vpnHelper> Title: MunichHackathon2014 – OpenVPN Community (at community.openvpn.net)
11:15 <@dazo> but we're far away from a 2.4-RC ... just to have that clear!
11:19 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
11:26 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:29 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:43 -!- wmp [~wmp@sored/admin/wmp] has joined #openvpn
11:45 < wmp> hello, i want to redirect all trafic client over vpn, in server i have: push "redirect-gateway def1 bypass-dhcp" but dont works
11:46 < _FBi> that sucks
11:46 < _FBi> is iptables setup to your requests?
11:46 < wmp> _FBi: i dont change iptables settings on server
11:47 -!- apollo2k is now known as aPollO2k
11:47 < _FBi> tough to have your iptables forward your info without setting it up
11:47 < wmp> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE ?
11:48 < _FBi> if everything is correct to your system
11:49 < _FBi> I turn on ipv4.forward_ip = 1 too  (that's close to the line I need to change)
11:51 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
11:51 -!- mode/#openvpn [+v s7r] by ChanServ
11:51 <+s7r> sorry got DC.
11:52 <+s7r> I have tested it dazo, that is why I got DC. the average latency via Tor is 600 ms (sometimes 300, from time to time as high as 1100) but the average for 200 packets sent (icmp ping) shows little over 600 ms
11:52 <+s7r> can i increase the MTU or something, to transfer larger data packets and mitigate the high latency, so the connection will behave like one with 80ms latency ?
11:53 < wmp> _FBi: ok, thanks ;) After adding iptables rule all works good ;)
11:53 < wmp> thanks, bye
11:53 -!- wmp [~wmp@sored/admin/wmp] has left #openvpn ["Konversation terminated!"]
11:53 < _FBi> godspeed
11:53 < _FBi> damn it feels good to be a gangster
12:03 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
12:18 -!- Poster|x is now known as Poster
12:20 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:54 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:59 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:59 -!- mode/#openvpn [+o mattock] by ChanServ
13:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
13:03 -!- soLucien [~Lu@5.57.48.71] has quit [Ping timeout: 252 seconds]
13:05 < rewozz> the example openvpn.conf has ;cipher BF-CBC        # Blowfish (default)
13:05 < rewozz> ; indicates it is commented out, but it's still active right?
13:05 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:06 < rewozz> I'm ok with using blowfish, just want to know if I can leave it like that without having to change anything
13:07 < rewozz> the example client.conf has ;cipher x
13:11 -!- aPollO2k is now known as apollo2k
13:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:35 -!- dazo is now known as dazo_afk
13:43 -!- GENSTAAR [~GENSTAAR@unaffiliated/genstaar] has quit [Quit: Leaving]
13:47 -!- Protected [~Join@118.139.114.89.rev.vodafone.pt] has joined #openvpn
13:48 < Protected> Hey all. Simple question: Is it possible for the machine running my openvpn server to see a windows share (smb) from one of the clients, when running in tap mode?
13:49 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
13:51 < BtbN> smb even works fine in tun mode, if you access the server directly
13:51 < BtbN> only the auto discovery magic needs tap
13:58 -!- kexmex [~kexmex@178.212.242.26] has quit [Quit: Computer has gone to sleep.]
13:59 < ljvb> hrmm.. does does one get rid of the MULTI: bad source errors
13:59 < ljvb> for the external real IP
13:59 < ljvb> don't have any issues routing or antying, just filling the crap out of my logs
14:22 < Protected> Thanks, BtbN. So I take it you mean it works even better in tap, which is good because that's the setup I'm working with.
14:22 < BtbN> Well, it doesn't affect how well smb/cifs works at all.
14:22 < Protected> Unfortunately I can't see the share at all! (from the server; I see it from the clients)
14:23 < Protected> I'll be back after dinner with configs and stuff
14:23 < BtbN> It's just the auto discovery, which can even work with tun, if you setup wins/netbios stuff
14:23 -!- rewozz [~rewozz@unaffiliated/rewozz] has quit [Quit: WeeChat 1.1]
14:44 -!- Marc128000 [~quassel@cpe-66-68-87-18.austin.res.rr.com] has quit [Remote host closed the connection]
14:47 -!- sleepypc is now known as `hypermist`
14:49 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Ping timeout: 264 seconds]
15:29 -!- _bt [~bt@unaffiliated/bt/x-192343] has joined #openvpn
15:34 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
15:38 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
15:43 -!- s7eele [~s7eele@108.59.12.84] has quit [Remote host closed the connection]
15:45 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:49 -!- s7eele [~s7eele@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
15:50 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 244 seconds]
15:56 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:06 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
16:10 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
16:11 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:13 -!- s7eele [~s7eele@ip184-190-212-250.lf.br.cox.net] has quit [Quit: Bye]
16:40 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:45 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 264 seconds]
16:47 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
16:47 < pie_> hey guys
16:47 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
16:47 < pie_> why cant i connect to my vpn when im already connected to my vpn via my router?
16:48 < pie_> i get connection refused
16:49 < pie_> TCP: connect to [AF_INET]192.51.100.3:443 failed, will try again in 5 seconds: Connection refused
16:50 < pie_> ip is an example
16:54 < pie_> another separate issue is i get poll timeout on android when i connect to my vpn
16:54 < pie_> otherwise on other machines it works fine
16:57 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: Connection reset by peer]
16:57 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
17:02 < pie_> hm my net died
17:02 < pie_> did you guys get my questions?
17:16 < zoredache> Where is your server, what do you have set for the maximum number of clients? Are you sure the firewalling would be valid if you already have a connection via your router?
17:17 < zoredache> You have a unique cert for each one of these devices right?
17:18 < pie_> zoobab: my server is through the internet, what do you mean? im behind a router which is running my vpn which is connecting through another network to the internet to my vpn server
17:18 < pie_> yes i have a unique cert on each one
17:18 < pie_> oh hold on i should check the server logs
17:19 < pie_> hm, max clients should be in the vpn config right?
17:19 < pie_> well i dont have any special fw rules afaik
17:20 < zoredache> It would be a `max-clients` setting in the server config.
17:21 < pie_> well theres only one client connected and ive had mroe
17:21 < pie_> more
17:21 < zoredache> Think about your firewall though.. If you have a VPN enabled on your router, then your devices would probably be using a different path to get to your VPN server.  So you might have a rule to permit VPN connections on a INPUT chain, but have you also permitted traffic to be forwarded to the VPN port?
17:25 < pie_> zoredache: hm
17:25 < pie_> im running openwrt
17:26 < pie_> and i have my lan forwarded to the vpn interface whatever that means and my routing table moves things around
17:27 < pie_> i might be misunderstanding something
17:27 < zoredache> You say it works when your router isn't connected, and doesn't work when it is.  Try a traceroute from your client, with your router disconnected, and connected.
17:28 < zoredache> I am guessing they will be different.
17:28 < zoredache> It is that different path, that is likely to be your problem.
17:29 < zoredache> Something isn't routing right, or you are blockings somewhere with a firewall.
17:29 < pie_> hm sounds logical
17:29 < zoredache> Fire up tcpdump on either your VPN server or the router and watch for the vpn traffic.  It should be pretty obvious.
17:42 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
17:42 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: Connection reset by peer]
17:44 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: Connection reset by peer]
17:46 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
17:48 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:48 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:48 -!- badon_ is now known as badon
17:57 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 264 seconds]
18:02 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
18:04 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
18:05 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
18:18 < ljvb> one of my clients is sort of losing it's connection (if I ssh to the servers external interface and ping any of the internal clients network function is restored
18:19 < ljvb> but after waiting a few min of idle activity, none of the other clients nor the server can ping it
18:29 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
18:29 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Client Quit]
18:34 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:35 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
19:24 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 246 seconds]
19:27 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
19:29 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 246 seconds]
19:29 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
19:34 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
19:50 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 246 seconds]
20:01 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 246 seconds]
20:15 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
20:20 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
20:27 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 244 seconds]
20:28 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
20:35 -!- fred`` [fred@earthli.ng] has joined #openvpn
20:41 -!- thumbs [~frank@unaffiliated/thumbs] has joined #openvpn
21:23 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:25 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 245 seconds]
21:28 -!- julius_ [~julius_@p3EE2895E.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
21:29 -!- julius_ [~julius_@p3EE29D75.dip0.t-ipconnect.de] has joined #openvpn
21:34 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
21:46 < ecrist> good evening folks.
22:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:11 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
--- Day changed Sat Mar 14 2015
00:09 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
00:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
00:52 -!- ShadniX [dagger@p5DDFC61A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:53 -!- ShadniX [dagger@p5DDFC402.dip0.t-ipconnect.de] has joined #openvpn
00:59 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
01:00 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Client Quit]
02:02 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
02:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
03:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:45 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:45 -!- mode/#openvpn [+o mattock] by ChanServ
03:46 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
03:47 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:00 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 255 seconds]
04:03 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
04:04 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
04:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
04:24 -!- bongma [~bongma@49.147.176.88] has joined #openvpn
04:29 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:42 -!- apollo2k is now known as aPollO2k
04:42 -!- zoobab [~zoobab@ks3271128.kimsufi.com] has left #openvpn []
04:49 -!- bongma [~bongma@49.147.176.88] has quit [Quit: Leaving]
04:53 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:14 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
05:15 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:23 -!- kexmex_ [~kexmex@178.136.234.6] has joined #openvpn
05:24 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 252 seconds]
05:32 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
05:39 -!- `hypermist` is now known as sleepypc
06:08 -!- kexmex_ [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
06:11 -!- phiona [~bongma@49.147.176.88] has joined #openvpn
06:32 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
06:34 -!- phiona [~bongma@49.147.176.88] has quit [Changing host]
06:34 -!- phiona [~bongma@unaffiliated/bongma] has joined #openvpn
06:41 -!- bongma1 [~bongma@unaffiliated/bongma] has joined #openvpn
06:42 -!- phiona [~bongma@unaffiliated/bongma] has quit [Quit: Leaving]
06:43 -!- bongma1 [~bongma@unaffiliated/bongma] has quit [Client Quit]
06:43 -!- phiona [~bongma@unaffiliated/bongma] has joined #openvpn
06:46 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:49 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
06:53 -!- phiona [~bongma@unaffiliated/bongma] has quit [Quit: Leaving]
07:09 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:10 -!- aPollO2k is now known as apollo2k
07:29 -!- Latrina [~Latrina@ppp-241-14.26-151.libero.it] has quit [Ping timeout: 246 seconds]
07:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
07:35 -!- Latrina [~Latrina@adsl-ull-214-195.50-151.net24.it] has joined #openvpn
07:52 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
08:07 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:14 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
08:15 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 256 seconds]
08:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:43 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
08:43 -!- apollo2k is now known as aPollO2k
08:45 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 255 seconds]
08:50 -!- Latrina [~Latrina@adsl-ull-214-195.50-151.net24.it] has quit [Quit: ZNC - http://znc.in]
08:50 -!- Latrina [~Latrina@adsl-ull-214-195.50-151.net24.it] has joined #openvpn
09:20 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Sleeping.]
09:26 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Read error: Connection reset by peer]
09:30 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 244 seconds]
09:31 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
09:34 -!- trumee [~parul@2601:e:1580:799:624:5684:b42:5b00] has joined #openvpn
09:34 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
09:41 -!- trumee [~parul@2601:e:1580:799:624:5684:b42:5b00] has quit [Ping timeout: 265 seconds]
09:43 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 252 seconds]
09:47 -!- trumee [~parul@2601:e:15c0:1c:5591:5ebc:ca30:f2f4] has joined #openvpn
10:02 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:05 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
10:19 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
10:58 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
11:05 -!- idealist [~ajarara@pool-96-232-188-158.nycmny.fios.verizon.net] has joined #openvpn
11:05 < idealist> !welcome
11:05 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:05 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:07 -!- wnienhaus [~Thunderbi@209-203-191-90.dyn.estpak.ee] has joined #openvpn
11:08 -!- idealist [~ajarara@pool-96-232-188-158.nycmny.fios.verizon.net] has quit [Client Quit]
11:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
11:23 -!- nocturn [~nocturn@unaffiliated/nocturn] has quit [Quit: ZNC - http://znc.in]
11:26 -!- wnienhaus [~Thunderbi@209-203-191-90.dyn.estpak.ee] has quit [Quit: wnienhaus]
11:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:32 -!- kexmex [~kexmex@178.212.242.26] has quit [Quit: Computer has gone to sleep.]
11:35 -!- asifys [~idealist@pool-96-232-188-158.nycmny.fios.verizon.net] has joined #openvpn
11:37 < asifys> hey guys, I'm a little bit of a novice at this. I've got a VPS running softether, and I have some media hosted on the server. NFS isn't exactly perfect for streaming that content to this computer, but SMB doesn't look like it'll fare much better. What other options/configs are there?
11:39 < mutilator> get more bandwidth
11:44 < asifys> so there's nothing I can do software wise? i'm connecting wirelessly (uni limits bandwidth to 1.1 MBytes/s), is that the bottleneck?
11:49 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:49 -!- mode/#openvpn [+o mattock] by ChanServ
11:51 < pekster> You'll never be able to exceed upstream caps, and wireless can often deliver at under potential (for a variety of reasons.) You'd have to be on some pretty bad hardware to have openvpn be the bottleneck (CPU or context switches) at just ~8 Mbps
11:53 < asifys> alright, thx for the info.
11:53 -!- asifys [~idealist@pool-96-232-188-158.nycmny.fios.verizon.net] has quit [Quit: WeeChat 1.0]
12:01 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
12:03 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
12:12 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
12:12 -!- aPollO2k is now known as apollo2k
12:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
12:14 -!- trumee [~parul@2601:e:15c0:1c:5591:5ebc:ca30:f2f4] has quit [Ping timeout: 256 seconds]
12:21 -!- trumee [~parul@2601:e:1580:799:624:5684:b42:5b00] has joined #openvpn
12:24 -!- trumee [~parul@2601:e:1580:799:624:5684:b42:5b00] has quit [Client Quit]
12:27 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
12:27 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Remote host closed the connection]
12:28 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
12:28 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has quit [Excess Flood]
12:29 -!- justaguy [~justaguy@unaffiliated/justaguy] has joined #openvpn
12:32 < Protected> Hey all. I have some free time; would anyone be willing to lend me a hand in trying to figure out why I can't see smb shares in my openvpn clients from my openvpn server (running in tap mode)? And possibly in correcting the situation. I can provide all the information needed, I hope.
12:33 < Protected> The shares are in a windows 7 professional computer
12:33 < Protected> Probably important to note that other clients can see the shares; client-to-client is in use.
12:35 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 272 seconds]
12:35 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
12:37 < Protected> (Feel free to respond even if it has been a while since I talked; I'll check in regularly)
12:38 -!- Psi-Jack [~psi-jack@unaffiliated/psi-jack] has quit [Ping timeout: 244 seconds]
12:40 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Ping timeout: 244 seconds]
12:41 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has joined #openvpn
12:41 -!- apollo2k is now known as aPollO2k
12:46 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 256 seconds]
12:48 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
12:55 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Ping timeout: 265 seconds]
13:03 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:04 -!- Meth_Tical [~LBL@pool-71-184-206-248.bstnma.fios.verizon.net] has joined #openvpn
13:04 -!- Meth_Tical [~LBL@pool-71-184-206-248.bstnma.fios.verizon.net] has left #openvpn []
13:11 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
13:14 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
13:31 -!- notze [~georg@ip1f126505.dynamic.kabel-deutschland.de] has joined #openvpn
13:31 < notze> hey guys, i ihave my openvpn setup it working, so that i can connect, except one problem: if i ping into a subnet, it uses the vpn address, so the subnet doesnt know whom to respond
13:32 < notze> do i have to add a route on the subnet side
13:32 < Poster> Protected: My guess is that you may be battling the Windows firewall.  I think when it doesn't recognize a network, it (rightfully) treats it as public and filters most/all services.  I'd suggest you look to see if that is the case, temporarily disabling the firewall can help verify that is the case.
13:32 < notze> or can i translate the request from tun0 to eth0 into the eth0 interface address?
13:32 < pekster> notze: If you want symmetric routing, yes
13:32 < pekster> It's quite unwise to NAT between networks you control
13:33 < notze> so i add the virtual subnet .., righ
13:33 < pekster> Avoid NAT-Overload unless you're using it to get around the fac that your ISP didn't give you enough IPv4 space
13:33 < notze> ok:D
13:33 < notze> pekster, so best solution is to add subnet to router
13:33 < pekster> Yea, just a return-route on the gateway of the far-LAN so that it knows to send the VPN traffic to the managing router (ie: the VPN peer there)
13:33 < pekster> Right
13:34 < pekster> (plus permit it in the relevent firewalls)
13:34 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
13:45 -!- poisond [~poison@HSI-KBW-046-005-223-136.hsi8.kabel-badenwuerttemberg.de] has joined #openvpn
13:48 < poisond> hello :)
13:49 < Protected> Poster: Thanks for the help. I actually am always certain the network is set up as 'work', precisely because of the issues it often causes! I have checked the firewall and there are no rules on port 445.
13:50 < Protected> Since other vpn clients can see the share (just not the server) I'm thinking it's probably a server issue?
13:50 < Protected> But it could still be a firewall issue, as well as routing or vpn setup
13:50 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Quit: AF_INET -> AF_INET6]
13:50 < Protected> (on either server or client)
13:51 -!- pekster [~rewt@openvpn/community/support/pekster] has joined #openvpn
13:55 < poisond> I've joined some vpn service which provides openvpn support. They supply a openvpn configuration file, but that messes up my routing tables. I've followed some tutorials ending up add route-noexec. According to the tutroials I should now be able to use the tun0 interface created (ping -c 1 -I tun0 kernel.org), but I get 100% package loss. I'm kind of clueless and overwhelmed where to start reading ...
13:56 < poisond> messes up the routing tables on my router I meant
14:00 < notze> pekster, thx man
14:00 -!- justaguy [~justaguy@unaffiliated/justaguy] has left #openvpn []
14:00 < notze> is openvpn nsa proov?
14:01 -!- aPollO2k is now known as apollo2k
14:01 < pekster> Consider it "NSA resistent", and I'll heavily qualify that depending on how well you configure/use it
14:02 < pekster> If your $local_government wants your data badly enough they'll just break in with a special-ops team and bug your hardware
14:02 < pekster> See some security recommendations on the wiki (link at: !hardening )
14:03 < Protected> poisond: You need the proper routes for your traffic to be sent over the vpn. Can you provide the configuration file?
14:04 < poisond> Protected: http://pastie.org/10026187
14:04 < pekster> -I "should" make the route decision correctly, but you'd probably want to confirm that with a packet capture
14:04 < pekster> Could be the remote side is unwilling (or unable) to forward that for you, for some reason
14:05 < poisond> Protected: thats my routing table with route-noexec added
14:07 -!- kingler [~kingler@5.254.128.225] has joined #openvpn
14:07 < kingler> hi
14:07 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
14:08 < kingler> when I'm connected to an openvpn server and I listen on a port, then all inbound connections should be forwarded to me, right
14:08 < pekster> fwiw, route is rather dated (all of net-tools is.) I'd suggest `ip route show` instead, provided by iproute2 (see: ip(8) for details)
14:11 < poisond> I'll connect without route-noexec and paste you the route info, back in a bit
14:12 < pekster> poisond: Ah, here's your issue: RP filtering
14:12 < pekster> The return-route is _unexpected_ via the tun device, so the kernel drops it
14:12 < pekster> Set the interface of the unexpected return route to rp_filter=2
14:13 < pekster> See the rp_filter documentaion in the linux kernel source at ~linux/Documentation/networking/ip-sysctl.txt
14:16 < poisond> pekster: wow, that worked ^^
14:16 < poisond> pekster: thank you :)
14:17 < pekster> Keep in mind that issue goes away if you set routing tables as you want them; also note that not all applications expose knobs to set the source address and/or interface
14:18 < poisond> yes, I'm still confused how to set the routing tables
14:19 < poisond> be back right away
14:23 -!- poisond [~poison@HSI-KBW-046-005-223-136.hsi8.kabel-badenwuerttemberg.de] has quit [Ping timeout: 256 seconds]
14:27 -!- poisond [~poison@HSI-KBW-046-005-223-136.hsi8.kabel-badenwuerttemberg.de] has joined #openvpn
14:28 < poisond> ok, here's what it does to my routing table: http://pastie.org/10026243
14:28 < pekster> Read --redirect-gateway to see why
14:29 < pekster> And yes, that's expected if the far-side pushes that and you process it. It's also required if you want Internet-bound traffic to be routed via a different gateway than your LAN provides (more specific route matches notwithstanding, of course)
14:29 < pekster> !goal
14:29 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:30 < pekster> If you don't want routes pushed, don't accept them (--route-noexec.) Obviously then you don't get them in your routing table
14:32 < poisond> my goal is to establish the VPN connection on my router and have all internet traffic routed through the VPN
14:33 < pekster> Then you want exactly what is provided to you via the routing table you just showed
14:33 < pekster> Do _not_ use --route-noexec as it prevents the two /1 routes from getting applied (you read about def1 in the manage reference I gave you earlier, right?)
14:34 < pekster> That's all very normal and expected, and what you must do to avoid fighting with DHCP renewals
14:35 < poisond> status quo is that my client machines can't establish a connection. I'll keep reading.
14:36 < pekster> trace packets, then
14:36 < pekster> If both the egress packet is picked up and sent via the tun device, and the encapsulating packet is sent to the far side, you'd need to debug the VPN _server_ if you simply don't get a reply
14:47 -!- poisond [~poison@HSI-KBW-046-005-223-136.hsi8.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
14:50 -!- poisond [~poison@HSI-KBW-046-005-223-136.hsi8.kabel-badenwuerttemberg.de] has joined #openvpn
14:51 -!- notze [~georg@ip1f126505.dynamic.kabel-deutschland.de] has quit [Ping timeout: 245 seconds]
14:57 -!- Exagone313 [~exa@elou.world] has quit [Quit: see ya!]
14:58 -!- Exagone313 [exa@elou.world] has joined #openvpn
15:07 -!- pekster [~rewt@openvpn/community/support/pekster] has quit [Changing host]
15:07 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
15:07 -!- mode/#openvpn [+o pekster] by ChanServ
15:10 -!- mode/#openvpn [+v-o pekster pekster] by pekster
15:15 -!- mode/#openvpn [+o ecrist] by ChanServ
15:21 -!- wnienhaus [~Thunderbi@38-178-196-88.dyn.estpak.ee] has joined #openvpn
15:21 < poisond> the more I read the more confused I get ^^
15:23 <+pekster> About what, why two /1 routes are used instead of replacing 0/0 (the latter of which is the default gateway)
15:24 -!- wnienhaus1 [~Thunderbi@209-203-191-90.dyn.estpak.ee] has joined #openvpn
15:25 < poisond> Also have to correct a former statement, no internet at all, not even on the router
15:26 -!- wnienhaus [~Thunderbi@38-178-196-88.dyn.estpak.ee] has quit [Ping timeout: 264 seconds]
15:34 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
15:35 < Protected> You need to make sure traffic to your vpn is routed to the physical interface
15:36 < Protected> The rest of the traffic goes to the vpn interface
15:36 < Protected> Routing rules tell which interface is used for a range of IP addresses; either you use the metric to establish priorities or you use mutually exclusive ranges
15:37 < poisond> ok, doesn't 0.0.0.0/1 include everything?
15:37 < Protected> If you are not careful and set a rule that sends traffic going to your vpn's ip address into the vpn interface, nothing will work
15:37 < Protected> It includes half of the address space
15:38 < poisond> and 128.0.0.0/1 the other half ...
15:38 <+pekster> /0 is "all of the internet." /1 is half, /2 is a quarter, etc. Read up on CIDR if you need a refresher
15:39 < Protected> poisond that's the normal method used to override 0.0.0.0/0, just make sure you have a rule specifically routing traffic to your vpn's ip address through the physical interface
15:40 < Protected> Well it's a normal method used by openvpn at least
15:40 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
15:40 <+pekster> Or anything else that wants to avoid DHCP renewals from clobbering the override
15:40 < Protected> OSes can have special behavior pinned to the 0.0.0.0/0
15:40 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
15:40 < Protected> Or that
15:40 < Protected> I didn't know that. I don't use dhcp myself
15:40 <+pekster> In theory you could use four /2 routes to override openvpn's influence here too, etc
15:41 <+pekster> (not likely to be useful, the the concept remains the same)
15:42 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 252 seconds]
15:42 -!- kingler [~kingler@5.254.128.225] has quit []
16:05 -!- sleepypc is now known as `hypermist`
16:11 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
16:12 -!- DavEdward [~DavEdward@24.76.0.251] has joined #openvpn
16:12 < DavEdward> !welcome
16:12 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:12 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:13 < DavEdward> !goal
16:13 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
16:14 < DavEdward> !paste
16:14 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
16:14 < DavEdward> !configs
16:14 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
16:17 < DavEdward> Hi, I'm trying to make a split-tunnel VPN setup. I'm trying to use ForceBindIP to work with my VPN the same way people use ForceBindIP to work with Hamachi when playing on virtual LANs to force select applications to use the VPN adapter instead of the normal LAN. When I try to do this method with OpenVPN I can't seem to force traffic through the VPN using any method other than manual 'route add' by IP address or making a local Squid proxy server to for
16:17 < DavEdward> ce traffic. I'd prefer getting ForceBindIP to work.
16:17 < DavEdward> Client config: http://pastebin.com/GpH7HEad
16:22 <+pekster> You either need to set up routing to do what you want, or policy routing
16:23 <+pekster> Optionally, get the application you're using to bind explicitly to the IP you wish to use, and be careful with your RP Filter settings in your OS to permit the reply
16:23 < DavEdward> I've attempted to use ForceBindIP to bind to the IP I want, but applications seem to completely ignore it and use local anyways
16:23 < DavEdward> I'm unfamiliar with policy routing but I'll look that up too
16:24 < DavEdward> what is a RP Filter?
16:26 <+pekster> It's a protection applied to arriving packets after consluting the routing table
16:26 < DavEdward> eg. My primary gateway is 192.168.0.1 on Ethernet interface with IP 192.168.0.100 this is where normal traffic goes.  I have an active VPN connection going to 10.200.36.14 that is active but set as not the primary gateway.
16:27 < DavEdward> I'm using ForceBindIP this way: "C:\\Windows\\SysWOW64\\ForceBindIP.exe" 10.200.36.14 firefox.exe
16:27 <+pekster> So policy route to it then, if you're unable to set up an actual route
16:27 <+pekster> No idea what this does
16:27 < DavEdward> However Firefox still shows my local IP
16:27 <+pekster> Right, probably because you can't use this "magic, black-box program" to do what you want
16:28 <+pekster> What I do here (to use firefox at a wifi cafe via my own VPN I run at home) is a SOCKS proxy hosted on the VPN server
16:28 <+pekster> Simple and easy to set up, and you can even get a cute button in firefox to use the proxy on-demand (I use FoxyProxy for that)
16:28 < DavEdward> I'll look up policy routes, this might take a moment.  ForceBindIP works with generally any application to force them to use things like Hamachi. I'd use the same above command just with Hamachi's IP and the application sends all traffic to Hamachi as if it were my only gateway.
16:29 <+pekster> You're not going to be able to policy route on Windows
16:29 <+pekster> Windows makes a horrible router, and it's not designed to do advanced routing
16:29 < DavEdward> I attempted to set up a Squid server on the same box I'm using VPN on, but that yeilded a lot of other issues.
16:29 <+pekster> SOCKS-proxy is far easier (and can handle remote-DNS.) tinyproxy works well here.
16:29 < DavEdward> I'm trying to do this on the same box. I'm not trying to make the system a router.
16:30 < DavEdward> I don't want to waste a box just for routing VPN.
16:30 <+pekster> openvpn is a router, and you're trying to _selectivly_ route. THis means policy routing
16:30 <+pekster> Every single host that connects to any network has a routing table, and by making advanced decisions on "what" to route you need the ability to manipulate this decision
16:30 <+pekster> Windows flat out sucks for this, TBH.
16:31 <+pekster> Again, you really want an application-specific proxy here that you connect firefox to
16:31 < DavEdward> if I manually do:  route add <destination> gw <VPN address> in  windows it does work. But having to figure out every single IP address the application might use is horribly painful to deal with
16:31 <+pekster> Solve your problem at L7, not L3
16:31 <+pekster> Exactly
16:31 <+pekster> You have an application problem. Don't try to solve it at the IP layer (especially because Windows won't do what you require well, if at all)
16:32 < DavEdward> The major thing that confuses me is if this is the case, why does it work on Hamachi?
16:33 < DavEdward> Say we went old school and had Red Alert 2 running
16:33 < DavEdward> Hamachi IP is 10.10.10.113
16:33 <+pekster> What's this got to do with your browser using a proxy to take a different path to the Internet?
16:33 <+pekster> Sounds like a huge case of XY problem here
16:33 < DavEdward> RA2 tries to use Ethernet (192.168.0.x) network adapter and never sees any games.
16:33 < DavEdward> ForceBindIP forces the game to use Hamachi's adatper and suddenly it's looking on Hamachi (10.10.10.113)
16:33 <+pekster> If you want your browser to use the VPN, you have 3 options: 1) redirect ALL traffic via the VPN
16:34 <+pekster> 2) use a proxy (like a SOCKS proxy) and tell firefox about it
16:34 < DavEdward> I don't want just my browser. I want applications that do not offer proxy settings
16:34 <+pekster> Then configure the applications to use the correct interface
16:34 < DavEdward> Most don't offer the ability
16:34 <+pekster> If your application is unable to do this, you need to fix your routing
16:35 <+pekster> I've zero clue if you're "application" here (whatever RA2 is) uses broadcasts, unicast, DNS, IPs, IPX, etc, etc, etc
16:35 <+pekster> You need to go figure out the protocls in use here and set up your network/routing/DNS/firewalls properly to support it
16:35 < DavEdward> The example above the old video game 'red alert 2'
16:35 <+pekster> And what protocol does it us?
16:35 <+pekster> use*
16:35 < DavEdward> I have my network, firewall, DNS, and default routing configured correctly
16:35 < DavEdward> TCP/IP
16:36 <+pekster> That's an entire classification that describes hundreds of protocols and isn't useful
16:36 < DavEdward> TCP plain TCP
16:36 <+pekster> Then just point your game to an IP/port and it works
16:36 < DavEdward> I can't do that on most things
16:36 <+pekster> Configure your DNS to work right and you can use hostserver.yourdomain.net:1234 as well
16:36 <+pekster> Then it's obviously not usign just "plain TCP"
16:37 <+pekster> Go figure out what it is using and then you'll know what you need to support
16:37 <+pekster> !101
16:37 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
16:37 < DavEdward> Netflix app has no options at all, most video games do not give an interface nor IP option, VLC does not, etc.
16:37 <+pekster> Most games I've played very well support the "connect to a server" option
16:37 <+pekster> Maybe you have some horrible game that relies on broadcasts (or worse, IPX, which is even worse to support on Windows.)
16:37 < DavEdward> yes but that's external IP
16:37 <+pekster> !tap
16:37 <@vpnHelper> "tap" is (#1) "bridge" is (#1) http://openvpn.net/index.php/documentation/faq.html#bridge1, or (#2) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html, or (#3) Bridging looks like a good choice to people who don't know how to set up IP routing, but to learn routing is generally far better., or (#4) useful for windows sharing (without wins server) and LAN gaming,
16:37 <+pekster> !tunortap
16:38 <@vpnHelper> anything where the protocol uses MAC addresses instead of IP addresses. or (#2) For tun/tap and route/bridge comparing, see https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
16:38 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
16:38 <@vpnHelper> rooted/jailbroken) support only tun
16:38 < DavEdward> you can connect to say google, but you can't tell it what interface to use
16:38 <+pekster> I'm guessing there's some broadcast magic here, but since you don't konw what protocols are in use, that's hard to say
16:38 <+pekster> You need to do some more research and figure out what needs to be supported. Wireshark to dump traffic might offer clues
16:39 <+pekster> Time to get familiar with basic networking concepts and do a bit of research here.
16:39 < DavEdward> I have two different external IP addresses, and only one gateway can be my default gateway. OpenVPN will let me funnel *all* traffic through the VPN, but I don't want that. If I disable OpenVPN from funneling all traffic through VPN, it doesn't seem to let me selectively channel anything through the VPN connection minus flat out manual route add commands.
16:39 <+pekster> Naturally
16:39 < DavEdward> I have CCNA level 1 cert
16:39 <+pekster> This is called policy routing, which you can't do on Windows (AFAIK.) Your other option is application-level proxies
16:39 <+pekster> Yea, FOSS channels here don't really care about that.
16:40 < DavEdward> I attempted using Squid but it does a very poor job and most applications don't offer a proxy as an option.
16:40 <+pekster> So you've said
16:40 < DavEdward> just a second, let me pull up an article
16:40 <+pekster> I can't do anything more for you here
16:40 <+pekster> I use a SOCKS proxy in my browser over openvpn and it works wonderfully
16:41 <+pekster> (sure, even with Netflix, should I want that)
16:42 < DavEdward> I have my one Windows box. I have the VPN going. I set up a Squid server to run localhost. However doing so I either get the issue where it refuses to pick up DNS (using cygwin), or seems to take forever to load anything (using native windows compile of Squid), both terrible.  I don't know how I'd set up a SOCKs proxy on local host to funnel items through the VPN address
16:43 <+pekster> !google SOCKS proxy servers
16:43 <@vpnHelper> Socks proxy list: <http://sockslist.net/>; SOCKS - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/SOCKS>; Socks Proxy - Free Socks5 and Socks4 Proxy List: <http://www.socks-proxy.net/>
16:43 <+pekster> Start there, maybe?
16:43 <+pekster> Again, you need to do some basic research here
16:43 < DavEdward> I got that, I've been doing reserch for days
16:44 < DavEdward> Strong host, weak host, default gateway, gateway redirects, routes, setting interface metrics, I've been doing a LOT trying to make this work
16:44 <@krzee> i like dante
16:44 <@krzee> (as far as socks servers go)
16:45 < DavEdward> still trying to find that article that has everything in a neat little post
16:45 <@krzee> !routebyapp
16:45 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on defined
16:45 <@vpnHelper> policies you set. For Linux, read about !lartc
16:46 <@krzee> that your goal?
16:46 <@krzee> im still scrolling trying to figure that out :D
16:47 < DavEdward> okay this is the first (minus pekster) about using SOCKS. All my google results kept suggesting using Squid Proxy and using the TCP_OutBound_Address method which was *terrible*
16:47 <@krzee> !goal
16:47 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
16:47 < DavEdward> I stated my goal above
16:47 <+pekster> krzee: OP's trying to get a VPN up to use some unspecified protocols (super-mystery) via the VPN
16:48 <+pekster> Via applications that apparently support neither a host spec to connect to, nor proxy support
16:48 < DavEdward> Here's my post on the forums: https://forums.openvpn.net/topic18409.html
16:48 <@vpnHelper> Title: OpenVPN Support Forum Help: ForceBindIP + OpenVPN Fine App Connection Control : Access Server (at forums.openvpn.net)
16:48  * pekster guessed some broadcast support, and suggested tcpdumping to find out
16:48 < DavEdward> still struggling to find it, but on the forums someone posted doing the *opposite* and got it to work
16:48 < DavEdward> all traffic uses OpenVPN *except* select applications in windows using ForceBindIP
16:49 < DavEdward> I tried his method on the reverse with no luck
16:49 <+pekster> XY problem here: you're so focused on this windows.exe junk you're loosing site of getting your actual problem resolved
16:49 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
16:50 <+pekster> Leave the white whale be and identify what the protocols you're trying to connect to are using (no, TCP/IP is not a protocol, and "just TCP" obviously targets a host/port tupple to work)
16:50 <+pekster> If it _is_ a broadcast based protocol, go set up a tap VPN and verify broadcasts are going out the desired interfaces
16:50 < DavEdward> pekster, what I'm hung up about is it's the same thing. Why would it work one way but not the other? An interface is an interface
16:51 <+pekster> No clue. I don't care at all to learn how this windows program works
16:52 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:52 < DavEdward> not the one, but here's one guy that did it: https://forums.openvpn.net/topic14594.html
16:52 <@vpnHelper> Title: OpenVPN Support Forum torrent>VPN ; other software>normal DSL connection : Off Topic, Related (at forums.openvpn.net)
16:52 <+pekster> Presumably it's abusing whatever the windows API system abstraction of bind(2) is
16:52 < DavEdward> yes ForceBindIP intercepts applications hooks to bind to an adapter and redirects them to your desired adapter
16:52 < DavEdward> here's the details: http://old.r1ch.net/stuff/forcebindip/
16:52 <@vpnHelper> Title: ForceBindIP - Bind any Windows application to a specific interface (at old.r1ch.net)
16:53 <+pekster> Again, I don't really care and think that's the wrong solution here
16:53 <+pekster> And does you zero good for broadcast based protocls anyway
16:53 < DavEdward> I don't care about broadcasts. There's no peers on the VPN
16:53  * pekster sighs
16:53 <+pekster> WHatever, clearly you know what you want, so go do it
16:53 < DavEdward> My applictions shouldn't be looking for any peers via broadcast.
16:54 <+pekster> That's how nearly all "magic find games on my network" work
16:54 < DavEdward> pekster, I'm trying to answer you as best I can but it's hard to keep up and clearly answer.
16:54 <+pekster> Obviously the only way short of a game matchmaking or direct-connect service, and you've said as much that these dont' exist
16:54 < DavEdward> I don't want to 'find games on my netwkr'
16:54 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 246 seconds]
16:54 <+pekster> This leaves broadcasts.
16:54 <+pekster> Sure you do, because you can't connect by IP
16:54 <+pekster> Go learn to dump packets and learn a bit
16:54 <+pekster> https://www.wireshark.org/
16:55 < DavEdward> the VPN I'm connecting to is VPN Unlimited. It provides internet *only*
16:55 <@vpnHelper> Title: Wireshark · Go Deep. (at www.wireshark.org)
16:55 <+pekster> tshark.exe works just like tcpdump
16:55 < DavEdward> I have no virtual peers on that network
16:55 <+pekster> Then redirect your internet traffic
16:55 < DavEdward> I am not using it for the same purpose as Hamachi
16:55 <+pekster> I've already told you how to route by app
16:55 <+pekster> And you basically "can't do this" to a commercial VPN service
16:55 <+pekster> !provider
16:55 <@vpnHelper> "provider" is (#1) We are not your provider's free tech support. We support the free open source app OpenVPN, not your provider. Just because they run openvpn does not mean we are their support team. or (#2) Please contact their support team.
16:55 <+pekster> !both
16:55 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
16:56 < DavEdward> that's what I'm trying to do is redirect only internet path traffic. When I launch a steam game I don't want it looking out my 192.168.0.1 gateway, I want it to look out my 200.100.x.x gateway
16:56 <+pekster> You probably could set up a Unix-alike VM (Linux or BSD or similar) and policy route there, where the OS doesn't suck.
16:56 <+pekster> Yea, Windows won't really do that
16:56 <+pekster> Go ask the vendor of your thing.exe program if it's not working for you (we don't support that here)
16:56 <+pekster> !lartc
16:56 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
16:57 < DavEdward> I'm using OpenVPN to establish the VPN connection. Not any 3rd party software from the vendor
16:57 <@krzee> you definitely need policy routing for what you just said
16:58 < DavEdward> if I establish the VPN on my linux box I'll have the same problem all over again. I still have the problem on the Windows box directing the traffic to my linux box as the desired gateway for only some applications, and still need the linux server to *not* use the VPN as the default gateway
16:58 <+pekster> Here's what I'd do: install a Linux/Unix in a VM, and configure that as a router. Have that be the default gateway of your windows host, then policy route by identifying the traffic you _do_ want over the VPN
16:58 <+pekster> Problem solved.
16:58 <+pekster> Right. Policy routing lets you use the VPN for "some but not all" traffic
16:58 <+pekster> I gave you the LARTC link to read all about how to do that in a real OS
16:58 <+pekster> You could also read up on using PF and BSD to do this, should you prefer
16:59 < DavEdward> I have a notepate trying to keep up with all the things thrown at me from vpnhelper
16:59 < DavEdward> I use Debiant-based linux (eg. ubuntu) for my server. However this solution doesn't work for friends that have only a single Windows box
16:59 < DavEdward> I'll look at trying to make a localhost SOCKS server. Hopefully it's less a nightmare than Squid is
17:00 < DavEdward> I find it strage I can bind an application to one VPN system but not another though. More so that if I made the VPN my default gateway I have no trouble binding an application to use my local gateway instead of the default.
17:01 < DavEdward> Windows IP tables are terrible, I whole heartedly agree with that
17:01 < DavEdward> but it's what I'm stuck with
17:01 <+pekster> Not at all. VirtualBox and most Unix/Linux distros are free
17:02 <+pekster> "stuck with" is relative to how much effor you want to put into solving your problem
17:02 < DavEdward> I'd have to kill a ton of system resources to run a virtual box just for the luxery of choosing which IP an app uses.
17:02 <+pekster> krzee gave you an alternative SOCKS server option too (presumably that one works on windows, but I'm not familiar with dante more than by name)
17:02 < DavEdward> yes I have that in my notepad to research
17:02 <+pekster> Really? 64M of RAM and maybe 1G (or less, if you're skilled at culling thigns) is too much?
17:02 <+pekster> Amazing..
17:02 < DavEdward> I can't read it and keep up here
17:03 <+pekster> I've done routers in lab networks on less resources than that (32M was a nice point, for a stripped-down router)
17:03 < DavEdward> how can I make a VM that light without getting into Gentoo and building my own kernels?
17:03 < DavEdward> You're asking me to know far far too high level programming to make a VM that light
17:03 <+pekster> alpine Linux is designed to do just that
17:03 <+pekster> Worked wonderfully
17:03 <+pekster> In fact, it basically worked out of the box
17:03 < DavEdward> Alpine?
17:03 <+pekster> Set up some routing and network config, and you're in business
17:04 <+pekster> That's what I said. Pretty sure The Google can find it too
17:04 < DavEdward> I wrote it down
17:04 < DavEdward> I've only used Debian and Ubuntu distros, both are rather chunky
17:04 < DavEdward> even when headless
17:04 <+pekster> ubuntu server should run fine on something like 128-256M RAM too
17:05 <+pekster> Maybe turn off a bit of the crud, but it'll work fine here; routing doesn't take much resources for what you describe
17:05 <+pekster> Your problem is that you need policy routing, but lack an OS that can do it
17:05 < DavEdward> selectively turning off crud I find aweful difficult. I've far too many times found I turned off important things and couldn't figure out how to undo it
17:05 <+pekster> You can attempt to look into "magic programs" for your current OS, or learn to do real networking on an OS that supports such things
17:05 <+pekster> The good news is there is great documentation on most Unix-alikes
17:06 <+pekster> For ubuntu/debian, read update-rc.d(8)
17:06 < DavEdward> Ubuntu stopped using update-rc.d
17:06 <+pekster> Not as of 14.04 man
17:06 <+pekster> #ubuntu would be happy to answer your distro-specific questions too
17:06 < DavEdward> it gave me a bunch of stuff about not using init.d and having to use 'service' now and some other things I'm not too familar with yet
17:07 < DavEdward> I'll again, have to look into that later
17:07 <+pekster> All of this is really unrelated to openvpn at this point. Consider if you need a tap or tun VPN depending on the traffic involved (remember, tun can't do broadcasts or multicast)
17:07 <+pekster> Everything else you're struggling with is basic-to-advanced networking, not openvpn per se
17:07 < DavEdward> when you say 'a tap' what you referring to? Because I'm using OpenVPN TAP-Adapter
17:08 <+pekster> The mode of operation. tap is OSI L2, tun is L3
17:08 <+pekster> Read !tunortap again if you need a reminder.
17:09 < DavEdward> okay, let me ask a strictly OpenVPN question then as this confused the heck out of me
17:09 < DavEdward> I want to make sure I'm disabling redirect-gateway right
17:09 <+pekster> (this comes back to my insisting you figure out what protocol support you need, for which you descirbed some game, then turned around and said your problem had nothing to do with that. I gave up trying to offer specific advice for you then)
17:09 < DavEdward> should I be using 'route-nopull' or route 0.0.0.0 128.0.0.0 net_gateway
17:09 < DavEdward> route 128.0.0.0 128.0.0.0 net_gateway?
17:09 <+pekster> You probably want --route-noexec
17:09 <+pekster> Or better yet, just don't push --redirect-gateway from your VPN server
17:09 <+pekster> redirection is _not_ the default
17:09 < DavEdward> I tried --route-noexec but it still changed my default gateway on me
17:10 < DavEdward> I have no control over the VPN server side
17:10 <+pekster> Then you've done something else dumb in your client config
17:10 <+pekster> !configs
17:10 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:10 < DavEdward> I pasted my config to you already
17:10 < DavEdward> http://pastebin.com/GpH7HEad
17:11 < DavEdward> I had to resort to 'route-nopull' or the two route commands to stop it from funneling all traffic to the VPN
17:11 <+pekster> That config does not apply any routes to your system, as you noted
17:11 < DavEdward> if I leave them out and from the OpenVPN client itself add the argument --route-noexec it funnels everything to VPN anyways.
17:11 <+pekster> You _will_ naturally have a network corresponding to the IP/mask assigned for the VPn network itself, but taht'll be it
17:11 <+pekster> I'd need !logs to see why, but this is not the case with the config you showed
17:11 <+pekster> (at !verb 4, as !logs indicates)
17:12 < DavEdward> so route-nopull   or setting the two route commands is not the correct way to stop OpenVPN from funneling my traffic through the VPN?
17:12 <+pekster> It is
17:13 <+pekster> That avoids pulling _any_ routes the far side pushes
17:13 <+pekster> (which you'll see in the logs you should be looking at now)
17:14 <+pekster> Reviewing your logs is for your bennefit, not mine. What would you say to someone who had a problem with a Cisco device and refused to look at any messages it had?
17:14 < DavEdward> okay I'm trying to read them right now
17:14 <+pekster> You'll see some message to the effect that "route is not valid in this context", or similar
17:14 <+pekster> ie: your client has refused to apply any routes pushed, just as you requested
17:15 < DavEdward> http://pastebin.com/e9JBhgLM
17:15 <+pekster> This will _not_ adjust your routing table, including the 0/0 route
17:15 <@krzee>   <DavEdward> I have a notepate trying to keep up with all the things thrown at me from vpnhelper
17:15 <@krzee> !factoids
17:15 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
17:15 <+pekster> That's notably not --verb 4, as I asked for
17:15 <+pekster> none-the-less, see lines 6-10 there
17:16 < DavEdward> I only learned about basic routes yesterday. Would I want to pull any routes from the server? As if I use route-nopull it does work if I use a Squid server to force the traffic through the VPN's gateway, albite terribly slowly
17:16 <+pekster> That config basically does nothing but put you on the network shown on line 14
17:16 <+pekster> How on earth do you get a CCNA without knowing basic routing? :\
17:17 <+pekster> a proxy turns around and itself reaches out to the Internet
17:17 < DavEdward> CCNA L1 teaches packages, topographies, cabling, and *BASIC* routing
17:17 <@krzee> every time someone mentions a cert to prove their knowledge i facepalm ;]
17:17 <+pekster> What do you think happens when you use _your_ routing table to reach some destination, say 203.0.113.10
17:17 < DavEdward> they didn't cover VPN, virtual adatpers, or doing any kind of routes on an end system, only on a switch using CLI
17:18 <+pekster> squid isn't magic. It's an application-level proxy, and when it spits back out the request itself, it's obviously consulting the routing table on the system it runs on
17:18 < DavEdward> again your throwing stuff at me too fast here. Every time I try to answer one thing you guys throw me stuff to open up. Please let me catch up a bit here.
17:18 < DavEdward> !logs
17:18 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
17:18 < DavEdward> !verb
17:18 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only (special debug build needed)
17:19 < DavEdward> hang on, I got to bypass the services.msc server for OpenVPN if you want me to add additional arguements to the startup
17:20 < DavEdward> can I issue  openvpnserv -debug --verb 4    and it work?
17:22 <+pekster> !--
17:22 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
17:22 <+pekster> Just stick it in the config. It'll just spew more data, and you'll be able to verify that route.exe is not called at all
17:23 < DavEdward> reading up, isn't that the point of me needing to issue route-nopull is to stop the server from giving me routes that causes my default gateway to get switched to them?  I'll rerun with verb 4 in a moment
17:23 <+pekster> You might look at the --show-net-up option too
17:23 <+pekster> (that prints your routing table after networking and routing has been finished by openvpn)
17:23 <+pekster> It's useful as a debugging tool
17:24 < DavEdward> I'll add that in too then
17:25 < DavEdward> new log: http://pastebin.com/e9JBhgLM
17:26 <@krzee> you dont run your own server?
17:26 < DavEdward> not with my limited bandwith
17:26 <+pekster> Seems just fine to me; you only have a /30 route for the on-link VPN stuff
17:26 < DavEdward> I have an Ubuntu server but it's only for light use
17:26 <@krzee> ok
17:26 <+pekster> Notably, you do _not_ have a 0/1 and 128/1 route, and your default route remains pointed at your LAN gateway
17:27 <+pekster> So, your routing tables are not "screwed up" by connecting
17:27 <+pekster> See lines starting at 352
17:27 < DavEdward> that log is with the route-nopull still in there
17:27 <+pekster> Naturally
17:28 < DavEdward> are you saying my default route remains pointed at my LAN even without the 'route-nopull' issued?
17:28 <@krzee> theres also another way to not redirect-gateway
17:28 <+pekster> (line 126 says so, and this is why we like the extra logs to identify configuration options)
17:28 <+pekster> Technically yes, but see line 334
17:28 <+pekster> That applies to /1 routes (0/1 and 128/1) that override your default gateway. Again, read --redirect-gateway in the manpage
17:29 <@krzee> !redirect_ignore
17:29 < DavEdward> krzee besides issuing route-nopull, --route-noexec, or manually setting route 0.0.0.0 thing?
17:29 <@vpnHelper> "redirect_ignore" is you can ignore --redirect-gateway (because you do not run the server, and the server pushes it to you) by reading the info at this page: https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway
17:29 < DavEdward> I was following the instructions from that wiki post
17:29 < DavEdward> then elsewhere it was suggested I use route-nopull
17:29 <@krzee> so ya, method 2 is another way that doesnt ignore anything except the added routes
17:29 < DavEdward> for the longest time I had these lines in the config: route 0.0.0.0 128.0.0.0 net_gateway
17:29 < DavEdward> route 128.0.0.0 128.0.0.0 net_gateway
17:29 <+pekster> And again, you need to do some form of policy routing to get what you want; you can _either_ not redirect your gateway and policy route to do so, *OR* you can let the redirecrt stay and choose to _not_ route select traffic via the VPN (targeting your LAN gw)
17:30 <@krzee> whereas with method 1 i see reneg-sec ignored, you better set that manually if its not the default value the server is sending
17:30 <@krzee> yes, what pekster said ^
17:30 <+pekster> regen-sec? Nah, let that stay at 0
17:30 <+pekster> A reneg is triggered by _either_ side asking for it
17:30 <+pekster> reneg-sec also cannot be pushed ;)
17:30 <@krzee> oh i thought they HAD to match
17:31 <+pekster> No, in fact it's common to disable it on client side so you have server-side control to change it
17:31 <@krzee> interesting to know, thx
17:31 <+pekster> Yup, I'd recommend you do that everywhere (unless you want a client to override a server choice you can't control)
17:31 < DavEdward> okay, so I should remove route-nopull and put back route 0.0.0.0 128.0.0.0 net_gateway
17:31 < DavEdward> route 128.0.0.0 128.0.0.0 net_gateway
17:31 <+pekster> Why pull the routes at all?
17:31 <+pekster> You obviously don't want them
17:31 <+pekster> Just leave --route-nopull (or better: --route-noexec) in there?
17:31 < DavEdward> Krazee just said I wanted option 2 from Ignore redirect-gateway
17:31 <+pekster> You get the same thing without the stpuidity of re-applying routes to your default gateway
17:31 <@krzee> no i didnt
17:32 <@krzee> i said its another option
17:32 <@krzee> you must choose for yourself
17:32 <+pekster> Why would you add /1 routes to do the same thing your 0/0 route does?
17:32  * pekster doesn't understand
17:32 < DavEdward> ..?? okay now I'm confused about what is being suggested then
17:32 <+pekster> Actually, if you don't wnat your DNS server messed with, just leave --route-nopull
17:32 < DavEdward> my sub-goal here is to have the VPN in working order but just not redirect my gateway
17:33 <@krzee> pekster, def1 overrides /0 with 2 /1, i came up with the fact that you could just override those /1 with 4 /2
17:33 < DavEdward> so do I want option 1 or 2?
17:33 <+pekster> You won't be able to "do" anything with the VPN
17:33 <@krzee> DavEdward, you're a ccna, make your decision
17:33 <+pekster> (besides route to it, which you've now turned off)
17:33 <@krzee> neither solves your issue, like pekster said
17:33 <+pekster> You seem to have skipped the step where you need to set up routing correctly
17:33 <+pekster> Decide what you want, and go implemeent it
17:33 <@krzee> they're just 2 different ways to ignore the redirect-gateway
17:33 < DavEdward> which method gets along with your SOCKS suggestion?
17:34 <+pekster> SOCKS won't work unless _YOU_ control your server
17:34 <+pekster> !both
17:34 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
17:34 <+pekster> If you want to policy route, great, go do it
17:34 < DavEdward> so I was able to use a Squid proxy without controlling the server... but I can't do a SOCKS proxy?
17:34 <+pekster> (just don't ask anyone here to tell you how to do that on Windows, which will probably cost you a couple grand USD for their shitty router IAS platform. Might as well spend $40 for a low-end PC and install Linux on it at that point)
17:34 <+pekster> You can do a proxy
17:35 <@krzee> what you could do is run another server online running socks, then set your routes such that traffic to that server goes over the vpn
17:35 <+pekster> It's just fucking worthless here becuase it'll use YOUR ROUTING TABLE
17:35 <+pekster> Remember, the one that you _DISABLED_ the pushed route redirection
17:35 < DavEdward> the only experiance with SOCKS I have is using Putty to make a SOCKS VPN via SSH. That's where my experiance with SOCKS ends
17:35 <+pekster> Thus a proxy goes out your LAN anyway
17:36 < DavEdward> Squid Proxy worked, I had it working
17:36 < DavEdward> there's a tag called TCP_Outgoing
17:36 < DavEdward> I used it to make traffic go through the VPn earlier
17:36 < DavEdward> however DNS doesn't seem to work
17:36 <+pekster> SOCKS5 does remote-side DNS, but it'll probably use gethostbyname() on the socks-server side itself, IIRC
17:36 < DavEdward> I ran a localhost squid proxy and if I check what my IP is on whatismyipaddress.com through squid it gave me my VPN IP
17:37 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 272 seconds]
17:37 < DavEdward> http://www.squid-cache.org/Doc/config/tcp_outgoing_address/
17:37 <@vpnHelper> Title: squid : tcp_outgoing_address configuration directive (at www.squid-cache.org)
17:37 < DavEdward> I used that tag to make squid use VPN despite my default gateway being LAN
17:38 < DavEdward> only issue is my VPN address keeps changing, and I couldn't figure out how to make DNS work
17:38 <+pekster> DNS isn't http, so why would squid do anything here?
17:38 < DavEdward> squid has an option to set DNS to a desired host (eg. 8.8.8.8) but it wouldn't work
17:38 <+pekster> SOCKS5 does DNS, as I said. Or set your entire OS resolver to use a DNS accessible over the VPN network and _ROUTE_ it across that
17:38 <+pekster> Naturally
17:38 <+pekster> gethostbyname() is invoked by the CLIENT application
17:39 <+pekster> More !101 crap here, really
17:39 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
17:39 < DavEdward> pekster I was answering that I got squid to work in a way you said it couldn't
17:39 <+pekster> No, I said you could bind(2) to an address just fine
17:39 -!- ketas [~ketas@65-38-190-90.dyn.estpak.ee] has quit [Ping timeout: 240 seconds]
17:39 <+pekster> Then you went on a rant about how it dosen't work in RA2 or some such nonsense
17:39  * pekster gives up
17:40 <+pekster> You keep changing your needs every 30 minutes, then telling me how you can't use a real OS, or a real proxy protocol
17:40 < DavEdward> my topic way back with RA2 was how forcebindip worked with Hamachi
17:40 <+pekster> !xy
17:40 <@vpnHelper> "xy" is http://mywiki.wooledge.org/XyProblem -- I want to do X, but I'm asking how to do Y...
17:40 <+pekster> !101
17:40 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
17:40 < DavEdward> it's not an xy it's the same technique
17:40 <+pekster> You want to policy route, or use a fully encapsulating proxy protocol with DNS support
17:40 <+pekster> Go do one of those
17:40 <+pekster> It's up to you to research your solution to verify it does both.
17:41 < DavEdward> I came here hoping for answers better than my troublesome solution. The SOCKS solution sounds promising, but then you said it doesn't work anyways
17:41 -!- mode/#openvpn [-v pekster] by ChanServ
17:41 < pekster> Sure it does. You just need to run socks on the _SERVER_ side
17:41 < DavEdward> which I'm unable to do
17:41 < pekster> Because the DNS lookup will happen on the SOCKS SERVER
17:42 < pekster> So learn to policy route
17:42 < DavEdward> so squid HTTP proxy is my only working method thus far
17:42 < pekster> Not if you want remote DNS (which it won't give you, AFAIK)
17:42 < pekster> SO it's not really doing what you want, just redirecting the traffic you proxy (not your DNS query)
17:42 < DavEdward> DNS doesn't matter, it's going to 8.8.8.8 on either end
17:42 < pekster> No, it's going to 8.8.8.8 source from _your_ network
17:43 < pekster> If that's fine, great (but just half a page up you said it wasn't. Might consider policitcs at this rate)
17:43 < DavEdward> that is fine and I said it was fine up above too
17:44 < DavEdward> what I said didn't work was my squid config (other issue not openVPN) fails to do DNS
17:44 < DavEdward> and was looking for a better solution than my unstable squid method
17:44 < DavEdward> idealy I want to just outright bind applications to my desired interface but it seems I can't do that
17:44 < pekster> policy routing or a more reliable proxy setup
17:45 < DavEdward> any proxy you suggest over squid that's free that has the configs nessessary to run on the same machine that uses it?
17:46 < DavEdward> thus far squid is all I can get to work. I'll look into your policy routing using Alpine though
17:46 -!- wnienhaus1 [~Thunderbi@209-203-191-90.dyn.estpak.ee] has quit [Quit: wnienhaus1]
17:46 < pekster> tinyproxy, perhaps
17:46 < pekster> See its 'Bind' directive (though I don't think it does Windows)
17:46 -!- wnienhaus [~Thunderbi@209-203-191-90.dyn.estpak.ee] has joined #openvpn
17:47 < DavEdward> I'll check that one out, thanks
17:47 < pekster> krzee suggested dante too, although I have no experience with it beyond name awareness
17:47 < DavEdward> noted that down too
17:47 <@krzee> ya its a good socks server, does udp and ipv6 even
17:47 < pekster> (maybe it works on Windows?) If not, look for any reasonable SOCKS5-supporting proxy with address-binding support
17:47 <@krzee> udp inside the socks, not listening
17:48 < pekster> Or even SOCKS4 or such if remote-DNS isn't a priority
17:48 < DavEdward> oh danete is SOCKs, so won't work for me
17:48 < DavEdward> again don't control server end
17:48 < pekster> If you can bind(2) it won't matter
17:48  * pekster should stop providing unix man-refs for a clearly non-Unix implementation. Old habbits...
17:49 < DavEdward> wait.. so a SOCKS server can work on my end without server end of VPN control if it has the ability to bind?
17:49 < pekster> I'd expect so
17:50 < pekster> SOCKS just means your own applications need to speak socks to it
17:50 < pekster> (which wasn't going to work with your RA2 "requirement")
17:50 < DavEdward> that was my ideal was to bind any application to an interface
17:50 < pekster> My information is as accurate as the stated goals
17:51 < DavEdward> which is the RA2 thing you keep pulling up was my example to binding it to hamachi which you keep replying 'XY' but then keep bringing it up again after I say it's not relvent at this point
17:51 < pekster> Yup. Old news
17:52 < DavEdward> it was an example of the desired goal. Force application to bind to an interface as it worked with different VPN systems before. I hoped to replicate the result using OpenVPN which clearly doesn't seem to like to work that way
17:52 < pekster> Depends on what "an application" means
17:53 < DavEdward> any windows binary
17:53 < pekster> Firefox? Sure that does SOCKS. <arbitrary application>? Maybe, maybe not
17:53 < pekster> Then no, SOCKS is not an appropriate solution for you. It does not with with "any windows binary"
17:53 < pekster> Policy routing is your sole option at that point
17:53 < pekster> (for which you need a real OS)
17:54 < pekster> And some way to identify the traffic for each app (you'd need to know how it works, for that)
17:54 < DavEdward> I used to have a right-click context menu that simply ran ForceBindIP on the program in question to force it onto the interface Hamachi used. Basically made any game think the 'LAN' was Hamachi.  It worked great back then.  I wanted to do a similar solution of making any windows application bind to OpenVPN's TAP interface causing it to use VPN as it's gateway instead of my otherwise default LAN.  I hope that's clear this time.
17:54 < pekster> Then go ask the FOrceBindIP people..
17:54 < pekster> !notovpn
17:54 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
17:55 < DavEdward> I got that pekster, I'm trying to clarify
17:55 < pekster> It's probably attempting to act as a vector to offer some limited policy routing features, but I don't care one bit about how it works or helping you with it
17:55 < DavEdward> I wanted a similar result. Not the exact same procedure
17:55 < pekster> Right. And it's called policy routing
17:56 < DavEdward> With your policy routing I assume it works in this mannor:  Windows box all traffic points to linux box-> Linux box has policy routing rules applied. Judges to use LAN gateway for x things, and VPN gateway for y things
17:56 < DavEdward> correct?
17:56 < pekster> Yup
17:56 < pekster> You need to write the identification rule to distinguish the traffic, of course
17:57 < DavEdward> can the linux box's policy routing figure out what application on the Windows box traffic is comming from?
17:57 < pekster> Nope, not unless you can encode that into the IP traffic (such as a DSCP codepoint or similar)
17:57 < pekster> AFAIK windows has effectively no real tooling to help here
17:57 < DavEdward> that would be way over my head
17:57 < pekster> (becuase it's a horrible OS not designed to act as a router)
17:57 < pekster> multi-homing is a complex subject, as you're clearly learning
17:58 <@krzee> ya its advanced networking
17:58 <@krzee> i have a multi-home setup as well
17:58 < DavEdward> it doesn't sound like it's very easy to set policy routing to route desired applications any easier than me figuring out IP addresses on the windows box and doing route add commands
17:59 < pekster> domains can't be bound 1:1 to IPs
17:59 < pekster> CDNs, low TTLs, geo-IP distribution, and many other factors make that a non-starter
17:59 <@krzee> 2 uplinks and 1 openvpn instance listening on both, 2 lans as well, with each lan able to NAT out of the other sides gateway if needed
17:59 <@krzee> all done on an openwrt router
17:59 <@krzee> for the record, i got help from pekster when doing it :D
18:00 <@krzee> needed more eyes, and he definitely helped
18:00 < pekster> Rings a bell; that was some of the conntrack magic to bind flows to egress IPs, yes?
18:00 < pekster> (it's the RELATED flows you see people often forgetting, opting for "easier" solutions, heh)
18:01 <@krzee> actually it was some ninja additions to my MASQ rule
18:01 <@krzee> iirc
18:01 < pekster> Oh, yea, to get things bound to the IP they're supposed to be _after_ the routing decision is made
18:01 < pekster> (if you can do it before then you wouldn't need to SNAT on egress)
18:01 < pekster> Probably relate to UDP, that doesn't have a concept of connect(2)
18:03 < DavEdward> reading up on policy-routing and thus far can't find references about application routing, only things like routing based on source address or destination
18:03 < pekster> Right. You can't know the applicationa after it leaves that system
18:04 < pekster> And Windows is fully incapable of informing the router what application did something
18:04 <@krzee> http://pastebin.com/VitJFSkF
18:04 < DavEdward> then how is this going to help my any more than entering manual route add commands on the windows box?
18:04 <@krzee> iirc it was this ^
18:04 < pekster> Why do you think vendors like ZoneAlarm make such money selling their products?
18:04 < DavEdward> me*
18:04 < pekster> Becuase it's _your_ job to write rules to policy route
18:04 < pekster> I'm telling you the general solution you need to implement to get what you want
18:04 < DavEdward> no, I got that
18:05 < DavEdward> what I'm asking is how does me using policy-routing effectively make it any easier than me doing manual route adds on the windows box in the first place? Thus far it seems to essetically do the same thing
18:05 < pekster> Becuase it's not an _IP_ you route by
18:05 < pekster> If you read LARTC much, you can see you're able to write arbitrary _rules_ to route by
18:06 < DavEdward> okay I'll google LARTC
18:06 < pekster> That means you can do things like say "outbound traffic from this host bound for this TCP port get the entire connection flow tagged, and all related flows get routed via this gateway"
18:06 < pekster> !lartc
18:06 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
18:06 < pekster> Links there
18:06 < pekster> Read up on route-to in PF if you'd prefer a BSD solution
18:06 -!- poisond [~poison@HSI-KBW-046-005-223-136.hsi8.kabel-badenwuerttemberg.de] has quit [Quit: leaving]
18:06 < pekster> Both of which naturally require you know more about the traffic you're attempting to "route specially"
18:07 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
18:07 < DavEdward> oh I get it, so if an application tries to hit a site, I can tag the stream and direct all the stream?
18:07 < pekster> Wireshark can probably help you there
18:07 < pekster> Not a "site", no
18:07 < pekster> Remember, routing has zero (nothing at all) to do with domain names
18:07 <@krzee> if you do the BSD way you'll also wanna read up on routing FIBs and setfib command
18:07 < pekster> Well, setfib is worthless since it's the kernel doing the routing
18:07 < DavEdward> I rather stay debiant. BSD is a lot of re-learning for me
18:07 < pekster> BSD kernel has zero clue that foobar.exe on the windows client made the request
18:07 < DavEdward> debian*
18:08 <@krzee> pekster, its nice if you wanna start an app on fbsd forced to a fib
18:08 < pekster> Right, that I know, just doens't help OP
18:08 <@krzee> and i assume he'll run stuff on the box he sets up as well
18:08 < pekster> (unless we're migrating to wine, heh)
18:08 <@krzee> good to read up on if running freebsd for multihomed setups, even if only as a router
18:08 < pekster> Well, the latest !goal I saw was support "arbitrary windows exes"
18:09 < pekster> Pretty classic routing issue of identifying and tagging traffic
18:09 < DavEdward> by the way, posts I've made on the forum seem to take over 24 hours to be permitted including posts I've done to help other people. I figure moderators are dealign with a lot right now?
18:09 < pekster> I"m a fan of DSCP for intra-network (including corporate WAN) routing keying
18:11 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 240 seconds]
18:15 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
18:18 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has joined #openvpn
18:21 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:23 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
18:24 <@krzee> ya the forum stays really busy and many of us dont have time for it
18:24 <@krzee> i used to be an active mod back when it was slow enough that vpnHelper could keep me upto date on it
18:24 <@krzee> now vpnHelper will flood off if he tries to keep up with it
18:24 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Ping timeout: 265 seconds]
18:25 <@krzee> after a couple of approved posts you wont need approval anymore
18:26 < pekster> Ah, perfect. I just approved the pending ones
18:26 < pekster> Is that auto-post permision automatic?
18:32 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
18:37 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn ["Leaving"]
18:37 < DavEdward> good to know thanks
18:38 < DavEdward> pekster whenever I go to post it holds my post for approval yah. Only annoying part (besides waiting of course) is that I can't see my post in any way shape or form to cancel, read, or edit it
18:38 < DavEdward> so once that submit button is hit, as far as the end user (me) sees, the post doesn't exist
18:39 < DavEdward> if the moderators didn't already delete it, my first topic post I made twice because I missed the brief message that said it was pending moderator approval so I figured there was a error and retyped the post
18:42 -!- GoldenGlovez [~GG@78.129.218.25] has quit [Ping timeout: 252 seconds]
18:45 -!- GoldenGlovez [~GG@78.129.218.25] has joined #openvpn
18:46 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:59 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:07 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 245 seconds]
19:09 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
19:16 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 252 seconds]
19:18 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
20:05 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
20:06 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
20:26 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 276 seconds]
20:34 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
21:11 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
21:20 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:21 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Client Quit]
21:21 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:21 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Remote host closed the connection]
21:21 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
21:29 -!- julius_ [~julius_@p3EE29D75.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
21:30 -!- julius_ [~julius_@p3EE28CD7.dip0.t-ipconnect.de] has joined #openvpn
21:44 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:10 -!- s7eele [~s7eele@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
22:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
23:10 -!- `hypermist` is now known as sleepypc
23:17 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
23:46 -!- Sstrykerr [Sstrykerr@dhcp-48-f8-b3-6b-af-19.cpe.i-zoom.net] has joined #openvpn
23:50 < Sstrykerr> !ovpnuke
23:50 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
23:51 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:55 -!- Sstrykerr [Sstrykerr@dhcp-48-f8-b3-6b-af-19.cpe.i-zoom.net] has quit [Quit: Juxtiopose 3.3 1.0.33]
--- Day changed Sun Mar 15 2015
00:37 -!- sleepypc is now known as `hypermist`
00:47 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
00:52 -!- ShadniX [dagger@p5DDFC402.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:53 -!- ShadniX [dagger@p5DDFC98F.dip0.t-ipconnect.de] has joined #openvpn
00:54 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
00:56 -!- havingFun is now known as xrosnight
01:14 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
01:15 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:55 -!- DavEdward [~DavEdward@24.76.0.251] has quit [Quit: night]
02:07 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 265 seconds]
02:08 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:33 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
03:04 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:07 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
03:08 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 245 seconds]
03:09 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
03:16 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
03:25 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Remote host closed the connection]
03:50 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:50 -!- mode/#openvpn [+o mattock] by ChanServ
03:56 -!- pk12_ [~pk12@84.39.116.180] has joined #openvpn
04:10 -!- aftereyo [~mayor@brln-4d0c49d7.pool.mediaWays.net] has joined #openvpn
04:10 < aftereyo> hello
04:10 < aftereyo> !welcome
04:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:10 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:11 < aftereyo> I would like to connect to my vpn (btguard) using OpenVPN in ubuntu. I currently have trouble with the connection timing out
04:11 < aftereyo> When I press connect
04:11 < aftereyo> It does that loading thing
04:12 < aftereyo> and i wait about a minute
04:12 < aftereyo> The connection attempt to the VPN service times out.
04:12 < aftereyo> That's the only error message I get
04:13 < aftereyo> Any way I can get more info/fix this?
04:19 -!- MrVamps [~MrVamps@63.142.71.164] has joined #openvpn
04:20 -!- wnienhaus [~Thunderbi@209-203-191-90.dyn.estpak.ee] has quit [Quit: wnienhaus]
04:28 -!- aftereyo [~mayor@brln-4d0c49d7.pool.mediaWays.net] has quit [Ping timeout: 252 seconds]
04:29 -!- s7eele [~s7eele@ip184-190-212-250.lf.br.cox.net] has quit [Ping timeout: 256 seconds]
04:32 -!- aftereyo_ [~mayor@109.201.137.167] has joined #openvpn
04:42 -!- MrVamps [~MrVamps@63.142.71.164] has left #openvpn ["Leaving"]
04:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:59 -!- mode/#openvpn [+o mattock1] by ChanServ
05:02 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
05:07 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:07 -!- mode/#openvpn [+o mattock] by ChanServ
05:09 -!- kirin` [telex@gateway/shell/anapnea.net/x-ezlfcewnxmtdcdub] has joined #openvpn
05:11 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
05:12 -!- kirin` [telex@gateway/shell/anapnea.net/x-ezlfcewnxmtdcdub] has quit [Read error: Connection reset by peer]
05:17 -!- tristan_c [~tristan_c@109.70.141.242] has joined #openvpn
05:23 -!- aftereyo_ [~mayor@109.201.137.167] has quit [Remote host closed the connection]
05:47 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
06:04 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:11 -!- manitou [~manitou@unaffiliated/manitou] has quit [Read error: Connection reset by peer]
06:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:12 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
06:12 -!- tristan_c [~tristan_c@109.70.141.242] has quit [Ping timeout: 244 seconds]
06:12 -!- phiona [~bongma@unaffiliated/bongma] has joined #openvpn
06:16 -!- phiona [~bongma@unaffiliated/bongma] has left #openvpn []
06:17 -!- phiona [~bongma@unaffiliated/bongma] has joined #openvpn
06:24 -!- tristan_c [~tristan_c@213.205.251.171] has joined #openvpn
06:24 -!- tristan_c [~tristan_c@213.205.251.171] has quit []
06:29 -!- phiona [~bongma@unaffiliated/bongma] has left #openvpn ["Leaving"]
06:51 -!- Chais [~Chais@unaffiliated/chais] has quit [Read error: Connection reset by peer]
07:00 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
07:29 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
07:33 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
07:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:35 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
07:37 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has joined #openvpn
07:37 < rkhunter> do you guys suggest any OpenVPN provider?
07:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:53 <@ecrist> yourself
07:54 < rkhunter> lol
07:54 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has left #openvpn ["Leaving"]
07:55 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
08:13 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:20 -!- ShadniX [dagger@p5DDFC98F.dip0.t-ipconnect.de] has quit [Quit: Bye.]
08:21 -!- ShadniX [dagger@p5DDFC98F.dip0.t-ipconnect.de] has joined #openvpn
08:43 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
08:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:54 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:04 -!- tristan_c [~tristan_c@109.70.141.242] has joined #openvpn
09:06 -!- ATTWO [~Crackster@130.225.245.184] has joined #openvpn
09:07 -!- ATTWO [~Crackster@130.225.245.184] has left #openvpn []
09:26 -!- tristan_c [~tristan_c@109.70.141.242] has quit [Read error: Connection reset by peer]
09:29 -!- yeehi [~yeehi@unaffiliated/yeehi] has joined #openvpn
09:35 < yeehi> Imported OpenVPN certificate is failing to connect to VPN. Error Message in Logs: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
09:35 < yeehi> How do I resolve this issue?
09:35 < yeehi> The keys were downloaded with the certificate
09:37 < yeehi> Usually, this problem is the result of a blockage by router or something, it reads. However, it is possible to reach the VPN server from behind the router on a different machine running Windows.
09:44 <@ecrist> yeehi: that's a warning, not an error, per se
09:44 <@ecrist> what's your actual problem?
09:50 < yeehi> Thanks, ecrist: http://pastebin.com/pLq0YFM5
09:50 < yeehi> Problem is cannot make a vpn connection
09:50 < yeehi> ah, yes
09:51 < yeehi> I downloaded the OpenVPN certificates, unzipped, and imported using network-manager
09:51 < yeehi> i have checked with the VPN provider that the certificates are OK
09:53 < yeehi> the username and password for the certificates has been added, and I see that the ta key, certificate and ca file are listed with the vpn
09:54 < yeehi> previously, I have also trying to chmod the downloaded folder, as I thought the ca, ta etc might not have been accessible
09:55 < yeehi> I have also tried storing these files in the default folder. Nothing seems to work.
09:56 < yeehi> What is surprising is that from behind the same router on a windows machine using the client, it actually is possible to connect via openvpn.
09:57 < yeehi> I don't think the connection could be being blocked by a firewall on computer.
09:57 < yeehi> I really don't know what to do.
09:58 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:02 <@ecrist> !network-manager
10:02 <@ecrist> !ubuntu
10:02 <@vpnHelper> "ubuntu" is dont use network manager!
10:03 <@ecrist> yeehi: let's start simple, avoiding the devil that is network manager.
10:03 < yeehi> ecrist, thank you. Here is the certificate: http://pastebin.com/E4jdH3ij
10:03 <@ecrist> I don't want that
10:04 <@ecrist> create a directory in your home, ~/openvpn/
10:04 < yeehi> OK. What should I do? I have tried resolving this via command line. Will open now.
10:04 <@ecrist> put your certificate files in there, and put your openvpn config in there.
10:05 < yeehi> OK, will put in certs and config
10:05 < yeehi> openvpn config? Where do I find this file?
10:06 <@ecrist> it's the configuration file that your provider gave you.
10:06 <@ecrist> oh, that's what you call the certificate
10:06 <@ecrist> root@terrance:/usr/local/etc/openvpn-> sqlite3 /var/openvpn/movpn.sqlite3 "SELECT * FROM vpn_session ORDER BY session_id DESC LIMIT 3"
10:06 <@ecrist> 10|client1|1426430834||10.200.0.2||70.57.158.126
10:06 <@ecrist> 9|client1|1426430759|1426430759|10.200.0.2||70.57.158.126
10:07 <@ecrist> oops, didn't mean to paste that.
10:07 -!- ecrist was kicked from #openvpn by ecrist [what's wrong with you?  no pasting here]
--- Log closed Sun Mar 15 10:07:22 2015
--- Log opened Sun Mar 15 10:07:24 2015
10:07 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
10:07 -!- Irssi: #openvpn: Total of 219 nicks [8 ops, 0 halfops, 3 voices, 208 normal]
10:07 -!- mode/#openvpn [+o ecrist] by ChanServ
10:07 -!- Irssi: Join to #openvpn was synced in 4 secs
10:07 < yeehi> I have ca.cert client1.crt client1.key and manyvpn.conf
10:07 < yeehi> Ah
10:08 <@ecrist> manyvpn.conf is the configuration file.
10:08 < yeehi> OK
10:08 < yeehi> thank you v much, ecrist. I am very grateful for your help.
10:08 < yeehi> What now?
10:09 < yeehi> Will these files need to be chmod?
10:09 < yeehi> to become accessible?
10:09 <@ecrist> no, cd to that directory
10:09 <@ecrist> and run 
10:09 <@ecrist> sudo openvpn --config ./manyvpn.conf
10:10 <@ecrist> you should get output, paste that to pastebin
10:10 < yeehi> ok,am now in directory will do sudo
10:13 < yeehi> ecrist: http://pastebin.com/2YTu2ZE6
10:14 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
10:15 < LnxNoob> Hello everyone !
10:16 < LnxNoob> I have a "working" openvpn client setup, but http://ipleak.net is showing that ipv6 is leaking through bitorrent, how is that possible ?
10:16 <@vpnHelper> Title: IP/DNS Detect - What is your IP, what is your DNS, what informations you send to websites. (at ipleak.net)
10:17 < yeehi> Hello, LnxNoob
10:18 < yeehi> LnxNoob, you might need to configure your machine to use your VPN's DNS servers
10:18 < LnxNoob> yeehi, oh so it could leaks ? trough DNS, thanks I'm gonna try that !
10:19 < yeehi> Your VPN might have provided the IP addrress of their own DNS servers when you signed up.
10:21 < LnxNoob> I can't seems to find it out, shoudl'nt it be autoconfigured trough the .ovpn file ?
10:25 < yeehi> LnxNoob, did you try checking with the support staff at your VPN provider?
10:26 < LnxNoob> yeehi not yet, because I guess it is something wrong on my side, It did the same thing for several openvpn servers...
10:28 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
10:31 < yeehi> ecrist, It seems to be a handshake problem. Here is the output: http://pastebin.com/DQNdsPGv
10:33 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
10:36 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:37 <@ecrist> sorry yeehi I got distracted
10:38 <@ecrist> yeehi: are you obfuscating the IP on line 13?
10:39 <@ecrist> what's failing is your actual connection to their VPN server
10:39 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
10:39 < yeehi> THe VPN provider might be doing that
10:39 < yeehi> ecrist, I don't know how to answer that question
10:39 <@ecrist> what's the entry for remote say in your config?
10:40 < yeehi> Ah, yes, I obfusticated it in pastebin
10:40 <@ecrist> !secret
10:40 < yeehi> let me look at it. Do you need the actual numbers?
10:40 <@vpnHelper> "secret" is funny that people use free programs, consult free help for them, run a business with them, but are restricted to say what they do.
10:40 <@ecrist> yes, please
10:40 <@ecrist> !topsecret
10:40 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
10:42 <@ecrist> talk here, yeehi, your IP addresses aren't that sensitive.
10:44 < yeehi> OK
10:45 < yeehi> What should I do now?
10:45 <@ecrist> well, I port scanned the IP you gave me, and they're listening on both port 1194 and 2049
10:45 <@ecrist> try changing your remote line to 1194 instead
10:46 < yeehi> ah, how would I do that, ecrist? By editing the conf?
10:49 <@ecrist> yes
10:54 < yeehi> ecrist, I edited the certificate and changed the port to 1194. The handshake problem remained the same
10:54 < yeehi> after attempting to reconnect
10:55 < yeehi> TLS handshake failed
10:55 < yeehi> Sun Mar 15 15:54:00 2015 SIGUSR1[soft,tls-error] received,
10:56 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:02 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
11:19 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Read error: Connection reset by peer]
11:20 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
11:20 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
11:20 -!- mode/#openvpn [+v s7r] by ChanServ
11:33 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
11:36 -!- hive-mind [pranq@mail.bbis.us] has quit [Client Quit]
11:37 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
11:38 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:44 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
11:45 <@ecrist> yeehi: you must have some network connection issues, then.
11:45 <@ecrist> are you in china?
11:45 -!- AlwaysHigh [~AlwaysHig@104.131.156.164] has joined #openvpn
11:45 < AlwaysHigh> Hey could someone help me with this error using openvpn access server: ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
11:46 < AlwaysHigh> cat: /dev/net/tun: No such device
11:48 < yeehi> Thanks for trying, ecrist! I appreciate the help.
11:50 <@ecrist> AlwaysHigh: your kernel needs tun support
11:50 <@ecrist> usually that's a kernel module
11:50 < AlwaysHigh> how do i give it support
11:50 < AlwaysHigh> runing debian
11:50 < AlwaysHigh> 7
11:50 <@ecrist> kldload tun.ko maybe?
11:51 <@ecrist> are you on a VPS?
11:51 < AlwaysHigh> yep
11:51 <@ecrist> OpenVZ?
11:51 <@ecrist> !openvz
11:51 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
11:52 < AlwaysHigh> w/e digitalocean uses
11:52 <@ecrist> do you have CONFIG_TUN enabled in your kernel?
11:53 < AlwaysHigh> im not very savvy with this
11:53 < AlwaysHigh> so wouldnt know how to check sorry
11:54 < pekster> grep for CONFIG_TUN in your kernel config (or do a zgrep on /proc/config.gz if it's enabled, which is your running config)
11:54 < pekster> At the end of the day if it's a module you need to load it (on most Linuxes, with: modprobe tun) or if it's built-in (rather rare unless you built your own kernel that way) by creating the node as described in the kernel docs
11:54 < AlwaysHigh> cat /proc/misc?
11:55 < pekster> Nope
11:55 < AlwaysHigh> sudo modprobe tun
11:55 < AlwaysHigh> ERROR: could not insert 'tun': Unknown symbol in module, or unknown parameter (see dmesg)
11:55 < pekster> So see dmesg. Sounds like there's a problem with the way it was built.
11:56 < pekster> fwiw, debian should provide that module by default with their stock kernels; maybe the VPS you're using built their own an omitted it
11:56 < AlwaysHigh> tun: Unknown symbol ipv6_proxy_select_ident (err 0)
11:56 < AlwaysHigh> hmm
11:56 < pekster> You need to talk to the admin of your server, because "root" on openVZ isn't actually real root. You have zero control ove the kernel
11:56 < pekster> It's basically a cute container, where you're operating under the host kernel (think of it more like a BSD jail, if you're familiar with those)
11:56 < AlwaysHigh> Yeah was actually half way through writing to them but thoguth i would try here first
11:57 < pekster> Smells like they forgot to compile it against current kernel headers, but who knows. The VPS market is "bottem of the barrel" and you rarely find competent management, from what I've seen
11:58 < AlwaysHigh> Oh depends
11:58 < AlwaysHigh> I dont mind digital ocean overall
11:59 < pekster> You can also see the 'Configuration' section of the kernel tun driver from the kernel docs (should it be compiled in, for some strange reason.) That's available in the linux sources at: ~linux/Documentation/networking/tuntap.txt
11:59 -!- yeehi [~yeehi@unaffiliated/yeehi] has quit [Quit: Leaving]
11:59 < AlwaysHigh> I actually have a friend who wants to sell vps and hes exactly what u mentioned hes totally incompetent with linux/netowking etc
11:59 < pekster> But sounds like you have a module that's busted. You (or rather, the real owner of the system) need to recompile it
11:59 < AlwaysHigh> not sure how he will go lol
12:00 < AlwaysHigh> thanks for the help
12:00 < AlwaysHigh> Its now in the hands of admin :)
12:01 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
12:09 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:13 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
12:19 -!- hive-mind [pranq@mail.bbis.us] has quit [Quit: leaving]
12:19 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
12:23 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
12:32 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Read error: No route to host]
12:33 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
13:00 -!- wsky [~sexyboy@unaffiliated/sexyboy] has joined #openvpn
13:01 < wsky> hey can a tun client connect to a tap based server?
13:03 -!- Felden [~felden@unaffiliated/felden] has joined #openvpn
13:04 < Felden> !paste
13:04 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
13:04 < Felden> !configs
13:04 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:05 < Felden> !logs
13:05 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
13:06 < Felden> !logfile
13:06 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
13:06 < Felden> this works on private also ?
13:11 < pekster> wsky: No, tun & tap are mutually exclusive. tap operates on the Ethernet (OSI L2) layer, and tun transports IP (OSI L3) layer packets
13:12 < pekster> wsky: See the !tunortap factoid for an intro to them
13:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
13:16 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
13:17 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
13:22 -!- techevo [~techevo@178.32.57.190] has joined #openvpn
13:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:48 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
13:54 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:56 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
13:57 < wsky> pekster: understood, too bad that ios does not support tap ootb then
13:58 < pekster> You should avoid tap unless you have a need to transport non-IP, raw Ethernet frames:
13:58 < pekster> !tunortap
13:58 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
13:58 <@vpnHelper> rooted/jailbroken) support only tun
13:58 < pekster> It's less efficient (extra header overhead), and generally less secure since openvpn considers the IP payload in tap completely opaque
13:59 < wsky> ok i guess i'll migrate to tun then
13:59 < pekster> That'd be the recommendated path unless you needed a non-IP protocol support (or broadcast/multicas)
13:59 < wsky> thanks
14:10 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
14:12 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Sleeping.]
14:30 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
14:43 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
14:43 -!- pk12_ [~pk12@84.39.116.180] has quit [Ping timeout: 256 seconds]
14:48 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:50 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
14:59 -!- severnaya [~severnaya@unaffiliated/severnaya] has joined #openvpn
15:00 < severnaya> hi friends.  on my server i have "ifconfig 10.4.0.1 10.4.0.5" the the tunnel endpoint is always 10.4.0.5.  i want connecting clients to have the same tunnel endpoint ip, but my client is actually getting "ifconfig 10.4.0.10 10.4.0.9" pushed to it instead. how do i set the gateway ip on clients so it's static?
15:00 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
15:02 < pekster> Sounds like use of the net30 topology which (besides being effectively deprecated and not recommended unless you need it) won't let you to arbitrary PtP network allocations
15:02 < pekster> More info at:
15:02 < pekster> !topology
15:02 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
15:03 < pekster> Perhaps the subnet topology will work better for you? You can do p2p topology too, but this isn't supported on Windows
15:04 < severnaya> so would 10.4.0.4 be better?  the point is i just want a guaranteed tun0 gateway ip on client and server because i use it in iptables rules, i dont really care what the ip is as long as it's constant
15:06 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:06 < pekster> This is exactly why you should be using the 'subnet' topology
15:06 < pekster> It does just that, and is far less insane than net30. Did you read the link?
15:06 < pekster> !net30
15:06 <@vpnHelper> "net30" is "/30" is (#1) http://openvpn.net/index.php/documentation/faq.html#slash30 explains why routed clients each use 4 ips, or (#2) you can avoid this behavior with by reading !topology
15:06 < severnaya> im looking at it now
15:07 < pekster> Unless you have windows clients over 7 years old, you don't want net30. It's only the default in openvpn today for fear of breaking clients that _are_ that old and running Windows
15:07 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
15:08 < severnaya> if i put "topology subnet" in my server config that's fine. but how do i choose what ip the clients use as their tunnel
15:08 < pekster> The gateway will be that of the server in subnet topology
15:09 < pekster> Usually .1 (or the first IP in whatever subnet you're using) but you can naturally change that if you want
15:09 < pekster> Or do you mean the client's own IP?
15:12 < severnaya> pekster so on my client right now as it's connecting to runs this: "/usr/sbin/ip addr add dev tun_ramclient local 10.4.0.8 peer 10.4.0.2"  instead i want it to run this: "/usr/sbin/ip addr add dev tun_ramclient local 10.4.0.8 peer 10.4.0.5"
15:12 < severnaya> i just want to make the peer address something i choose myself
15:12 < pekster> You can't "just do that" without setting a topology that permits this
15:13 < pekster> Can you pate your server-config somewhere? Please see grep to remove the unnecessary blanks/comments at: !configs
15:13 < severnaya> ya 1 sec
15:13 < pekster> (this is why I linked you to the topology wiki page, because you need to either use p2p topology with will not work with Windows, or use a subnet topology where you use an IP+subnet, not a PtP peering IP)
15:14 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
15:15 < severnaya> http://paste.fedoraproject.org/198272/26450475/ i dont know much about networking just picked 10.4.0.5 because it was a nice round number
15:16 < pekster> Yea, that's silly. You've using the default (but unwise) net30 topology
15:16 < severnaya> ahh ok
15:16 < pekster> This is why clients get a /30 using a PtP segment in the middle; it's crappy and you shouldn't have any need to support Windows clients running version <= 2.0.9
15:16 < severnaya> ya i dont need to do that
15:16 < pekster> Just use a subnet; then you don't need to waste a "2nd" IP anywhere
15:17 < pekster> Server gets 10.4.0.1/24, and clients get 10.4.0.2/24 through 10.4.0.<whatever>/24
15:17 < pekster> (or any pool range you want; feel free to reduce this if you need support for some !static clients)
15:17 < severnaya> so i should just have: topology subnet ; server 10.4.0.0 255.255.255.0
15:17 < severnaya> and get rid of all the ifconfig stuff
15:18 < pekster> Sure. The --server is a helper-directive that takes care of --mode, --tls-server, --ifconfig, --ifconfig-pool for you for free
15:18 < pekster> Remove the --route then too; that's taken care of automatically as well (it's seen as on-link)
15:18 < pekster> And same for the push
15:19 < pekster> The most common reason to "break out" the --server helper-directive is when you need a reduced pool, which by default consumes the entire netblock you give it
15:21 < severnaya> ok im simplifying it now
15:27 < severnaya> im confused so the gateway ip is the same as the server ip itself
15:27 < pekster> In subnet topology, yes
15:28 < pekster> Not in net30 (which is why it's best avoided -- it's complex and solves a problem not present today)
15:28 < severnaya> so lets say i wanted to make it on the server so that ping 8.8.8.8 went over tun0. before i could say "ip route add 8.8.8.8 via 10.4.0.5".  what is the equivalent of that now?"
15:28 < pekster> 10.4.0.1
15:28 < severnaya> innnnnnnnnnteresting
15:28 < pekster> ie: the much more obvious "go send that traffic to the VPN server"
15:28 < severnaya> ya true
15:29 < pekster> Not the PITA "send this traffic to the peering IP in the /30 segment I've been allocated to support shitty windows clients that are out of date, which has nothing to do with the IP the server thinks it owns"
15:30 < severnaya> ok good i like this much better. so on the client if it has 10.4.0.2 then the gateway is the same. so if i want to "pick a number" for my iptables i can just assign the client a static ip with ccd
15:30 < pekster> Right, but don't assign static IPs out of your pool range. Here's why:
15:31 < pekster> !static
15:31 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
15:31 < pekster> Thus you need to _expand_ the --server directive, less you issue the same client IP to >1 client
15:31 < pekster> The !addressing wiki-ref is good too
15:32 < severnaya> since my server.conf now says: server 10.4.0.0 255.255.255.0, is it safe to put in a ccd: "ifconfig-push 10.4.0.10 255.255.255.0"
15:32 < severnaya> !addressing
15:32 <@vpnHelper> "addressing" is For information about IP addressing in OpenVPN, see: https://community.openvpn.net/openvpn/wiki/Concepts-Addressing
15:33 < severnaya> oh i see there are examples
15:33 < severnaya> perfect
15:33 < severnaya> thank you pekster you've been more than helpful
15:33 < severnaya> :)
15:38 < severnaya> quick question. in the "subnet example with static ccd" it has the server setting "ifconfig-pool 10.8.0.2 10.8.0.199 255.255.255.0", but then in client1 it has ifconfig-push 10.8.0.201.  isn't that outside of the ifconfig pool range?"
15:38 < pekster> It is, and that's crucial
15:38 < pekster> Same way a DHCP server operates really: you would hardly issue a staff PC an IP from a pool that includes the dedicated office printer
15:39 < pekster> pool is for clients that are _not_ explicitly assigned an IP
15:39 < severnaya> ahhhhh
15:39 < severnaya> ok
15:39 < severnaya> that makes perfect since
15:39 < pekster> static IP thus must *not* collide with the pool
15:39 < severnaya> sense*
15:39 < severnaya> got it thanks
15:40 < pekster> (much fun to go try that yourself and issue a static IP as the first pool IP, connect both clients, and watch the gates of hell open ;)
15:42 < severnaya> hahaa
15:43 < severnaya> no this makes perfect sense now if i think about it more like a home router. if the router itself has 192.168.1.1, on a dhcp client they will see a gateway of 192.168.1.1 which makes sense, not some random other ip like 192.168.1.5
15:43 < pekster> Nothing random about it, just obtuse
15:43 < severnaya> :)
15:44 < pekster> Although yes, you're correct that from a client's view, the VPN peer routable gateway IP is the odd-numbered usable IP in a random /30 from the pool range
15:44 < pekster> you can query it via script hooks (!scripts) if you need, but best not to need that at all
15:45 < severnaya> ya subnet is better
15:45 < pekster> See also some of the macros in the --route statement
15:45 < pekster> vpn_gateway is one such macro
16:02 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
16:31 -!- severnaya [~severnaya@unaffiliated/severnaya] has quit [Quit: Leaving]
16:44 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
16:45 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Client Quit]
17:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
17:29 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:46 -!- _-Jon-_ [~jon@CPE14cc20d4f9f7-CMbc4dfb2fd980.cpe.net.cable.rogers.com] has joined #openvpn
17:47 -!- _-Jon-_ [~jon@CPE14cc20d4f9f7-CMbc4dfb2fd980.cpe.net.cable.rogers.com] has quit [Client Quit]
17:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
17:53 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 244 seconds]
18:27 -!- cwillu_at_work [~cwillu@cwillu.com] has quit [Ping timeout: 252 seconds]
18:27 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
18:52 <@krzee> hey rob0 your dnsmasq writeup at !dnsmasq needs a new link to the dnsmasq manual
18:52 <@krzee> they moved it to docs/ inside the dir you had it in
18:52 <@krzee> so http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
18:52 <@vpnHelper> Title: Man page of DNSMASQ (at www.thekelleys.org.uk)
18:58 -!- Chaot_s [~me@d515324B5.access.telenet.be] has joined #openvpn
19:01 -!- wsky [~sexyboy@unaffiliated/sexyboy] has left #openvpn ["bai"]
19:02 < Chaot_s> how does one detect a disconnected tunnel (to remove routes running via that link and let higher metrics act as a backup route) when using tcp-server / tcp-client mode?
19:02 < Chaot_s> seems ping N is only for udp mode tunnels
19:06 < Chaot_s> manual seems so big, yet it didnt get me where i would like to be XD
19:08 < pekster> works fine over TCP; manual says so
19:08 < pekster> Specifically: --pint
19:08 < pekster> --ping
19:08 < pekster> !man
19:08 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
19:09 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
19:12 < Chaot_s> been reading those, (online and on cli) and still cant get it to work :)
19:12 < Chaot_s> i guess i'm going to make some pastebins XD
19:16 < pekster> Maybe you missed the --ping-exit or --ping-restart option?
19:20 < Chaot_s> must be something in combination with (i susspect) the persistant options
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:22 < pekster> Possibly; you never want a dynamic client (one that gets a dynamic IP) using either of the --persist-*-ip options, and frequently don't want --persist-tun either (I _think_ the latter prevents routes coming down too)
19:23 < Chaot_s> and the persist options are needed for --user / --chroot / --tmp-dir
19:23 < pekster> Right, and that's frequently fully incompatible with a dynamic server setup
19:23 < Chaot_s> and the indeed, the down script never gets executed.
19:23 < pekster> Are you using static IPs on the server?
19:23 < pekster> You _must_ do that if you want all the --persist crap
19:24 < pekster> IOW, you *cannot* properly support --user (and what it requires) unless you do that
19:24 < pekster> So don't, or handle static IPs, and reducing your pool range to support that
19:24 < Chaot_s> all static ip's,
19:24 < pekster> You're going to be unable to change routing on --ping-restart then unless you use a suid binary, or some sudo support for the --user in question
19:25 < pekster> You could use --ping-exit, but that probably won't do what you want (unless you just want it to die completely here)
19:25 < pekster> Read up on --up, --down, --up-pre, and --up-restart
19:25 < pekster> And consider if --user is really appropriate here
19:26 < Chaot_s> been doint that, up script gets triggerd, the down never gets triggerd
19:28 < Chaot_s> http://picpaste.com/failover_-_higher_metric_route_-_how_to_get_persistent_and_remove_route_done-oCZSuIuK.jpg
19:28 < Chaot_s> its an image, just to start with what i imagine this setup to go and be
19:28 < pekster> Sounds to me like lack of --up-restart
19:29 < pekster> (ergo the reference)
19:31 < Chaot_s> its in there :)
19:31 < Chaot_s> i even removed chroot and user settings to run as root
19:32 < pekster> Erm, probably --down-pre
19:32 < pekster> Unless --up is able to notice restarts and act correctly
19:32 < Chaot_s> and then use up-delay to hold back from adding the route again
19:32 < Chaot_s> up only gets the init command
19:33 < Chaot_s> not the restart (dumping the env vars to the log to check what gets sent to the up.sh script)
19:34 < pekster> Maybe it's not in the chroot
19:34 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:34 < pekster> You're using a lot of things that mess with both euid and pathing; be sure you're using absolute paths (that'll make debugging easier) and have things set with the right ownership and access
19:35 < Chaot_s> on start up runs fine, the tunnel connects and routes are set. then if i close the remote server, i would expect down to trigger, or up with script mode restart... that doesn't happen
19:35 < Chaot_s> so the down.sh never tears down the routes
19:36 < Chaot_s> i'm also monitoring selinux logs for avc deniels
19:36 < Chaot_s> the logs dont mention warnings for missing / unreadable files
19:37 < pekster> down.sh runs after (or before, with --down-pre) tun/tap close
19:37 < Chaot_s> and i guess in the end its just someting stuppid
19:37 < pekster> You're persisting that, thus it never closes, thus it never runs; you can't use that
19:37 < Chaot_s> and tun tap never closses due to persist
19:37 < pekster> Right. I'm not sure why you expect it to tear down routes here
19:38 < Chaot_s> to get a failover / backup route to become the next best metric route..
19:39 < Chaot_s> it tends to happen that the direct link fails, though that i can connect via the second link (routed)
19:39 < pekster> Don't persist, let the device go down
19:39 < pekster> As I said before, it's your insistence on keeping things _up_ you by definition do not want causing your problems
19:39 < Chaot_s> then i need to drop the user nobody too i guess
19:39 < pekster> Don't do that, and naturally this means you can't use --user because non-root can't add in routes. Or use --user and set some suid/sudo stuff up
19:40 < pekster> See sudo(8) and/or chmod(1)
19:40 < Chaot_s> been looking on the implications of running openvpn as a user and allowing that user to run a wrapper for /sbin/ip
19:41 < Chaot_s> though that sounds freaking wierd to do...
19:43 < Chaot_s> (been reading on this for 2 days, and it just seems a bit wierd to create a user and allow that user manage ip commands)
19:44 < Chaot_s> the persistent stuff i can circomvent by routing / forwarding / bridging traffic to a dummy interface, then bind the deamons on that instead of directly on the dev tun
19:48 < Chaot_s> seems i'll be redoing it all :)
19:58 < Chaot_s> pekster: thanks for thinking allong, going to try a whole new setup withouth the need for persistend stuff
20:01 < pekster> Some options/ideas anyway. My generic recommendation is not to use --user or --persist-* as a client, or be careful to vet the solution if you do
20:10 < Chaot_s> also have been thinking abbout combining the network with quagga
20:24 < pekster> Yea, doing some BGP/OSPF can simplify routing decisions. You might need to use tap for that (remember, tun won't support multicast/broadcasts)
20:24 < pekster> Well, it _might_ support some form of multicast with a routing daemon (pimd or such) but you have to be careful how you design that
20:26 < Chaot_s> if only i could just trigger a script that would trigger onec ping stopped recieving for a few minutes XD
20:28 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
20:32 < pekster> possibly --route-pre-down
20:32 < pekster> !scripts
20:32 <@vpnHelper> "scripts" is "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
20:53 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
20:54 -!- rich0_ is now known as rich0
21:17 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
21:17 <@krzee> if the user is only for openvpn, then having it have /sbin/ip privileges is still less than having it run as root
21:29 -!- julius_ [~julius_@p3EE28CD7.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
21:31 -!- julius_ [~julius_@p3EE29BE8.dip0.t-ipconnect.de] has joined #openvpn
22:25 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
23:12 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:54 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
--- Day changed Mon Mar 16 2015
00:07 -!- ser_berry is now known as agent_berry
00:18 -!- agent_berry is now known as ser_berry
00:50 -!- ShadniX [dagger@p5DDFC98F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:51 -!- ShadniX [dagger@p5DDFC837.dip0.t-ipconnect.de] has joined #openvpn
01:08 -!- mindmix [~mindmix@node-xna.pool-118-172.dynamic.totbb.net] has joined #openvpn
01:08 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
02:01 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 256 seconds]
02:03 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 252 seconds]
02:04 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
02:05 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
02:11 -!- mattock_afk is now known as mattock
02:32 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:33 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Max SendQ exceeded]
02:35 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:15 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
03:22 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Leaving.]
03:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:46 -!- alexises [lameire201@fedora/alexises] has joined #openvpn
03:47 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:47 -!- mode/#openvpn [+o mattock1] by ChanServ
03:56 -!- mindmix [~mindmix@node-xna.pool-118-172.dynamic.totbb.net] has quit [Ping timeout: 255 seconds]
03:58 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
04:08 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:11 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
04:13 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
04:13 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
04:21 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
04:21 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:21 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
04:22 -!- badon_ is now known as badon
04:24 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
04:24 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
04:24 -!- dazo_afk is now known as dazo
04:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:30 -!- apollo2k is now known as aPollO2k
04:32 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:44 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
04:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
04:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:59 -!- `hypermist` is now known as sleepypc
05:02 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 250 seconds]
05:02 -!- badon__ [~badon@pdpc/supporter/active/badon] has joined #openvpn
05:06 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 252 seconds]
05:06 -!- badon__ is now known as badon
05:10 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
05:12 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
05:15 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
05:50 < alexises> Hi
05:51 < alexises> I have some issue with windows 2012 r2
05:51 < alexises> with openvpn as a server
05:51 < alexises> I have set the topology subnet
05:51 < alexises> option, but when I restart the servvice openvpn stay wih his /30 submask
05:55 < pekster> If you're using --server, just --topology subnet will set that, and push it to clients
05:55 < pekster> Otherwise you generally need to --push it as well (or clients won't know to use it)
06:06 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 246 seconds]
06:08 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:08 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
06:08 < alexises> I just found ! I have previous configuration, the tap interface obtain his addresses via dhcp, I make a ipconfig /renew and it's okey
06:17 -!- AlwaysHigh [~AlwaysHig@104.131.156.164] has quit [Quit: ZNC - http://znc.in]
06:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
06:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:27 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has quit [Ping timeout: 256 seconds]
06:28 -!- Linmu [~Linmu@203.70.194.104] has joined #openvpn
06:32 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:51 -!- Linmu_ [~Linmu@220-128-210-232.HINET-IP.hinet.net] has joined #openvpn
06:54 -!- Denial [~Denial@81.141.9.229] has quit []
06:54 -!- Linmu [~Linmu@203.70.194.104] has quit [Ping timeout: 252 seconds]
06:59 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
06:59 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
06:59 -!- badon_ is now known as badon
07:00 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
07:06 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
07:21 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
07:26 -!- julius_ [~julius_@p3EE29BE8.dip0.t-ipconnect.de] has left #openvpn ["Leaving"]
07:32 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
07:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:12 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Quit: Leaving]
08:13 -!- Denial [~Denial@81.141.9.229] has joined #openvpn
08:18 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
08:27 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-sdkackqolflnpdbm] has left #openvpn []
08:40 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
08:50 -!- aPollO2k is now known as apollo2k
08:52 -!- apollo2k is now known as aPollO2k
08:59 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
09:22 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
09:24 -!- havingFun is now known as xrosnight
09:49 -!- mattock is now known as mattock_afk
09:56 -!- fixxxermet [~lopan@li656-138.members.linode.com] has joined #openvpn
09:58 -!- soLucien [~Lu@5.57.48.71] has joined #openvpn
10:01 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
10:07 -!- noecc [~irc@unaffiliated/noecc] has quit [Quit: pax]
10:08 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
10:12 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 246 seconds]
10:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
10:16 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
10:20 -!- fixxxermet [~lopan@li656-138.members.linode.com] has left #openvpn []
10:22 -!- _bt [~bt@unaffiliated/bt/x-192343] has quit [Quit: bye]
10:24 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
10:35 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
11:01 -!- _bt [~bt@unaffiliated/bt/x-192343] has joined #openvpn
11:10 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has quit [Quit: Tension, apprehension, and dissension have begun.]
11:14 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
11:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:33 -!- mattock_afk is now known as mattock
11:37 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
11:52 -!- aPollO2k is now known as apollo2k
12:00 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
12:01 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
12:07 -!- soLucien [~Lu@5.57.48.71] has quit [Ping timeout: 246 seconds]
12:11 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Read error: Connection reset by peer]
12:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:15 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
12:32 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
12:37 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
12:38 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
13:25 -!- t_dot_zilla [~vipkilla@unaffiliated/t-dot-zilla/x-2830497] has joined #openvpn
13:25 < t_dot_zilla> hi
13:26 < t_dot_zilla> my friend is going to china soon. i wanted to set him up with a vpn back in the states so he can get through the great firewall in china
13:26 < t_dot_zilla> could openvpn be used for such a scenario?
13:26 < t_dot_zilla> ihave a debian 7 server
13:27 -!- manitou [~manitou@unaffiliated/manitou] has quit [Ping timeout: 264 seconds]
13:37 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
13:39 -!- Olipro is now known as Guest9519
13:40 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 276 seconds]
13:41 -!- Olipro_ [~oliver.d@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
13:41 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
13:41 < Olipro_> so the documentation says that --client-config-dir uses the X509 CN - so how do I override what a client's CN is considered to be?
13:42 < Olipro_> specifically, I'm going to be doing user + pass based authentication, so I want the CN to take on a value from a script that will check a user's group membership
14:01 -!- kexmex [~kexmex@178.212.242.26] has quit [Quit: Computer has gone to sleep.]
14:24 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
14:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:30 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:31 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
14:32 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
14:34 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Client Quit]
14:37 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
14:38 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
14:39 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
14:39 -!- mode/#openvpn [+v s7r] by ChanServ
14:50 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
14:53 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
14:56 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:59 -!- manitou [~manitou@unaffiliated/manitou] has quit [Ping timeout: 246 seconds]
15:15 -!- Mutantx [48407867@gateway/web/freenode/ip.72.64.120.103] has joined #openvpn
15:15 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 240 seconds]
15:17 < Mutantx> Is there a direct correlation between OPENVPN dh key size and performance?
15:19 < Mutantx> Dealing with consumer grade CPU
15:22 <@syzzer> Mutantx: yes, but only between dh size and the time it takes to setup a connection, not between dh size and throughput (once a connections has been established)
15:25 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
15:26 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
15:29 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
15:30 -!- pk12_ [~pk12@84.39.116.180] has joined #openvpn
15:32 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:33 -!- mattock is now known as mattock_afk
15:34 -!- pk12 [~pk12@84.39.116.180] has quit [Ping timeout: 272 seconds]
15:36 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:36 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Excess Flood]
15:40 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:41 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Client Quit]
15:45 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
16:45 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
16:47 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
16:48 -!- manitou [~manitou@unaffiliated/manitou] has quit [Client Quit]
17:02 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Remote host closed the connection]
17:07 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:08 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:50 -!- dazo is now known as dazo_afk
17:50 -!- Mutantx [48407867@gateway/web/freenode/ip.72.64.120.103] has quit [Ping timeout: 246 seconds]
18:10 -!- Mutantx [48407867@gateway/web/freenode/ip.72.64.120.103] has joined #openvpn
18:10 < Mutantx> To configure my MTU on OPENVPN. I have tested the server and client side. Both come out to 1470 (any higher I get Packet needs fragment). Should I adjust the Server(router) to 1470 as well and server.conf(openvpn) or is the OPENVPN conf enough?
18:17 < hikenboot> hi I have gotten to the point where eurephia is installed and the clients are able to log into the vpn server. Now I have to setup firewall rules to get client to client working.  anyone around that I have spoken to on this matter?
18:20 -!- _FBi [B@Aircrack-NG/User] has quit [Ping timeout: 252 seconds]
18:22 -!- Guest9519 [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
18:23 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
18:26 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:47 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 252 seconds]
18:51 -!- JuanesPTY [~JuanesPTY@190.219.171.31] has joined #openvpn
18:51 < JuanesPTY> !welcome
18:51 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
18:51 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:52 < JuanesPTY> !goal
18:52 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
18:52 < JuanesPTY> !route
18:52 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
18:53 <@vpnHelper> client
18:54 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
19:00 -!- soLucien [~Lu@130.225.165.39] has quit [Disconnected by services]
19:00 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
19:03 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
19:15 -!- khaldrogox [~anonymous@66.87.119.138] has joined #openvpn
19:24 < JuanesPTY> !logs
19:24 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
19:25 < JuanesPTY> !interface
19:25 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For
19:25 <@vpnHelper> Linux: iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
19:36 -!- khaldrogox [~anonymous@66.87.119.138] has quit [Quit: khaldrogox]
19:50 -!- khaldrogox [~anonymous@66.87.119.138] has joined #openvpn
19:57 -!- Mutantx [48407867@gateway/web/freenode/ip.72.64.120.103] has quit [Ping timeout: 246 seconds]
20:02 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
20:07 -!- khaldrogox [~anonymous@66.87.119.138] has quit [Ping timeout: 245 seconds]
20:08 -!- khaldrogox [~anonymous@66.87.119.1] has joined #openvpn
20:17 -!- khaldrogox [~anonymous@66.87.119.1] has quit [Quit: khaldrogox]
20:32 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 264 seconds]
20:35 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
20:41 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:49 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
20:50 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
20:50 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:50 -!- badon_ is now known as badon
20:51 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Client Quit]
20:52 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
21:28 -!- sleepypc is now known as `hypermist`
21:39 < JuanesPTY> !ask
21:39 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
22:14 -!- _FBi [~B@Aircrack-NG/User] has joined #openvpn
22:14 < _FBi> bah
22:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:27 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
22:56 < JuanesPTY> !wiki
22:56 <@vpnHelper> "wiki" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN for the Unofficial wiki or (#2) https://community.openvpn.net/openvpn/wiki for the Official wiki
23:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
--- Day changed Tue Mar 17 2015
00:03 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
00:07 < leo2007> I have an exact issue as detailed in https://forums.openvpn.net/topic11925.html
00:07 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN and stunnel and redirect-gateway : Configuration (at forums.openvpn.net)
00:07 < leo2007> I wonder if anyone knows a fix?
00:26 -!- hikenboot [~hikenboot@pool-71-174-163-14.bstnma.east.verizon.net] has quit [Ping timeout: 264 seconds]
00:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
00:42 -!- darlinger [~jd@172.56.38.93] has joined #openvpn
00:42 < darlinger> do i need to setup symbolic links or anything to run multiple openvpn tunnels on the same machine?
00:42 < darlinger> i'd like their configs to be in different directories
00:42 < _FBi> ?
00:43 < _FBi> oh
00:43 < _FBi> it's almost 2 am, I had to re-read that
00:43 < _FBi> I know in windows I don't :SD
00:43 < darlinger> basic gist, i'd like to host multiple openvpn tunnels on a linode arch server
00:44 < _FBi> of
00:44 < darlinger> lol xD i'd just like to organize things better
00:44 < _FBi> oh
00:44 < _FBi> *
00:44 < darlinger> to have everything in separate folders
00:44 < _FBi> I think I have the dumb
00:44 < darlinger> also, do i need separate instances of easy-rsa set up?
00:44 < _FBi> unless you're using the same key to sign
00:45 < _FBi> when running a server you use the .conf file
00:45 < _FBi> \dirc1\server.cong   and \random2\server2.conf is fine
00:46 < darlinger> _FBi: but do i have to use direct paths and everything?
00:46 < _FBi> I would think so, unless you're using the same dh
00:46 < darlinger> i also would like something that i can automatically start with systemd
00:46 < _FBi> oh
00:46 < _FBi> direct path
00:47 < _FBi> I'm not good enough at linux to use symbolic
00:47 < _FBi> s
00:47 < _FBi> darlinger, you can.
00:47 < _FBi> err
00:47 < _FBi> you automatically start it.  simple bash script
00:47 < _FBi> I should step away from the keyboard
00:48 < darlinger> the issue is that we'd be using separate directories for configs, but if they're moved how do we automatically start and stop them with systemd?
00:48 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 272 seconds]
00:48 < _FBi> I use debian -- cron job -> script
00:48 < darlinger> hmmmm
00:49 < _FBi> your openvpn server config can use askpass  or w/e the command is to read your pass from a file
00:50 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
00:51 < darlinger> i don't need to have the pass pulled from a file
00:52 -!- ShadniX [dagger@p5DDFC837.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:52 -!- ShadniX [dagger@p5DDFC354.dip0.t-ipconnect.de] has joined #openvpn
00:54 < _FBi> you don't need a key to start your server?
00:54 < darlinger> oh yeah. i guess i do
00:54 < darlinger> so if i had all my configs in separate directories for each server under /etc/openvpn
00:55 < darlinger> would i need separate easy-rsa?
00:56 < _FBi> I think so
00:57 < _FBi> easy enough to do
00:57 < _FBi> mkdir easyRSA2 && cp /easyRSA /easyRSA2
00:57 < darlinger> how to i specify in the configs which easyrsa to point to?
00:58 < darlinger> oh wait
00:58 < darlinger> i just realized
00:58 < darlinger> openvpn doesn't read whatever goes on in the easy-rsa directory, does it o.o
00:58 < _FBi> negative
00:58 < darlinger> i think i just put the pieces together on that
00:58 < _FBi> two different things
00:58 < darlinger> ohhhhhhhh
00:59 < darlinger> it just matters that the keys are properly signed
00:59 < _FBi> correct
00:59 < darlinger> and to block certain keys/certs there's a file i could make
00:59 < darlinger> ohhhhhhhhhhhhhh
00:59 < darlinger> i get that
00:59 < _FBi> apt-get install openvpn-blacklist
00:59 < _FBi> I think
01:00 < darlinger> yeah arch doesn't have that as a package
01:00 -!- darlinger [~jd@172.56.38.93] has quit [Quit: Lost terminal]
01:02 -!- darlinger [~jd@172.56.38.93] has joined #openvpn
01:02 < darlinger> sorry for the dc >_> something weird went on with my terminal
01:02 < darlinger> anyways... i finally tracked down the systemd service file that's installed by the package
01:03 < darlinger> turns out that it's set up to cd to /etc/openvpn... so i'm going to have to use direct paths for everything... or at least paths with /etc/openvpn in mind for being the cwd
01:04 < darlinger> so basically ./tun1/blah.crt ./tun2/blah.crt and so on
01:04 < darlinger> this is just about making sense now o.o
01:04 < darlinger> thank god for coffee
01:08 < bandroidx> i am getting massive number of "Packet error: bad packet id (may be a replay) all of a sudden
01:08 < bandroidx> #30000 in about 1 minute
01:09 < bandroidx> its not a real replay attack, i am 99% sure
01:09 < bandroidx> the clocks on both machines are within 3 seconds
01:09 < _FBi> bandroidx, do you use TLS?
01:11 < bandroidx> _FBi: yes i use tls-verify
01:26 -!- darlinger [~jd@172.56.38.93] has left #openvpn []
01:46 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
01:56 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
01:56 < JuanesPTY> Hello. I'm having problems getting openvpn working.. I'm almost sure it's a minor detail in my firewall configuration, but have been poking with it for hours and can't find a solution.
01:56 < JuanesPTY> Network Diagram: http://postimg.org/image/h2bp482qb/   (The Main Routers and PBX are all running CentOS 7.)
01:56 < JuanesPTY> My current configuration has a router at each site, both with WAN Links (with Public IPv4 IPs), and acting as NAT/gateways/OpenVPN Server/Client for their LANs (this part works ok). In each LAN there's a PBX, which until now had been communicating with each other through the Sites Routers OpenVPN connection, which use the Main WAN Links.
01:56 < JuanesPTY> Since VOIP traffic is affected by network lag, we added a second WAN Link at each site (with Public IPv4 IPs), and connected it directly to the PBX's. The idea is that this Secondary PBX WAN Links are *only* used for the network traffic between PBX at each site. So any internet traffic for the PBX host would go through the Main Site WAN Link, but the communication between the PBX through the
01:56 < JuanesPTY> Secondary PBX WAN Link (e.g.: yum updates would use the Main Site WAN Links, but VOIP calls would go through the PBX WAN Link).
01:56 < JuanesPTY> At each PBX, I added a static route for the other PBX public WAN IP. If from a PBX I do traceroute Other_PBX_WAN_IP, it goes straight to that IP, and doesn't go through the Main Site WAN Link.. So this part is working fine..
01:56 < JuanesPTY> I started an OpenVPN Server on PBX Site A and a Client on PBX Site B. The client is connecting Ok to the server. The problem is that the client can ping the server fine, but the server cannot ping the client (times out). The strage thing is that tcpdump on the client shows the icmp request/reply when the server is doing ping, as if everything was ok.. But on the server side, it just times out.
01:56 <@vpnHelper> Title: View image: Network Diagram (at postimg.org)
01:56 < JuanesPTY> I already added the PBX Subnet at the Main Routers Routing tables to point to the PBXs (although I think this is not required in this case)..
01:56 < JuanesPTY> Config files can be found @ http://pastebin.com/b79q9VLn   Thanks!
02:02 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:02 -!- mode/#openvpn [+o mattock] by ChanServ
02:20 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
02:58 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:16 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 250 seconds]
03:19 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
03:21 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
03:29 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
03:35 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
03:37 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
03:42 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
03:43 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
03:44 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
03:49 -!- kexmex [~kexmex@178.136.234.6] has quit [Ping timeout: 264 seconds]
03:49 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 250 seconds]
03:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:17 -!- dazo_afk is now known as dazo
04:27 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
04:28 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
04:40 -!- shimano [shimano@c109-161.icpnet.pl] has joined #openvpn
04:42 < shimano> Is it possible to setup redundant ovpn servers? Or the only way is to monitor for failure main server and run daemon on second host when its needed?
04:54 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
04:55 < Keridos> Hi there, having an issue with openvpn gui on my windows 8.1 system. I installed openvpn via the windows vista or later x64 installer. PLaced a config file in the config folder in C:/program files/openvpn/config. Running the GUI as admin, but it does not detect the config file apparently
04:55 -!- nocturn [~nocturn@unaffiliated/nocturn] has joined #openvpn
04:55 < Keridos> and yes, the config ends in .ovpn, i can even rightclick it to run openvpn from the config
04:57 < Keridos> wow
04:57 < Keridos> ok this is weird
04:57 < Keridos> apparently it derped in the registry
04:58 < Keridos> ok got it working seems i had an old install on a different drive
04:59 < Keridos> and somehow the installer did not overwrite the registry keys in the new install
04:59 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:02 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
05:04 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:07 < txdv> :q
05:07 < txdv> ls
05:37 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 252 seconds]
05:38 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
05:41 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:43 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:45 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
05:57 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
05:57 -!- elliotde_ [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
05:58 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has joined #openvpn
06:00 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Ping timeout: 256 seconds]
06:05 -!- elliotde_ [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Leaving.]
06:06 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
06:23 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
06:25 -!- kernal [~kernal@lavaboom.io] has quit [Quit: ZNC - http://znc.in]
06:39 -!- rkhunter [~rkhunter@unaffiliated/rkhunter] has quit [Quit: Leaving]
07:15 -!- faye [~CRUNCH@unaffiliated/faye] has quit [Ping timeout: 246 seconds]
07:42 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
07:50 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
07:51 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
07:58 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
08:01 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
08:02 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
08:06 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
08:10 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
08:10 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
08:21 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
08:21 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
08:28 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
08:29 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
08:30 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
08:31 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
08:31 -!- ItsYoda [Yoda@gateway/shell/yourbnc/x-ozsnqwhwxjbjhptk] has quit [Ping timeout: 245 seconds]
08:31 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
08:34 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:34 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:34 -!- mode/#openvpn [+o mattock] by ChanServ
08:37 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:40 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
08:40 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
08:52 -!- jwww [~jmm@LAubervilliers-656-1-245-187.w82-127.abo.wanadoo.fr] has joined #openvpn
08:52 < jwww> Hello.
08:52 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
08:53 < jwww> is it possible to have an optional proxy in the client config ? I have a laptop that sometimes need to use the proxy, but sometimes not.
08:53 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
08:57 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
09:03 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
09:03 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
09:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
09:10 -!- wiflix [~wiflix@ip1f100bd2.dynamic.kabel-deutschland.de] has joined #openvpn
09:10 < wiflix> mornin. wondering if someone got a tip on how to distribute openvpn connections to different instances.
09:11 < wiflix> -A PREROUTING -i eth0 -p udp --dport 443 -j REDIRECT --to-ports 1930-1933 does not work as it allways redirects to the first port in the range
09:11 < wiflix> this is (to be) expected behaviour. it would map a range (e.g. 443-446) to another range (e.g. 1930-1933) respectively, but does not randomize the redirection
09:13 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
09:14 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
09:22 < t_dot_zilla> im trying to connect my openvpn client and i get this error: http://paste.debian.net/161728/
09:23 < t_dot_zilla> and im also getting this over and over on openvpn server log: ovpn-server[12990]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
09:23 < t_dot_zilla> i have the vpn port open
09:25 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
09:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:29 < t_dot_zilla> i think it's an issue with iptables
09:34 -!- u0m3_ [~u0m3@92.80.82.3] has joined #openvpn
09:35 -!- u0m3 [~u0m3@109.96.158.146] has quit [Ping timeout: 264 seconds]
09:36 < jwww> t_dot_zilla: hello, it seems you already have the route set
09:36 < t_dot_zilla> yeah, that may not be the actual issue here
09:37 < t_dot_zilla> the  Connection refused (code=111) on server may be the real problem
09:37 < t_dot_zilla> i followed this guide: https://wiki.debian.org/openvpn%20for%20server%20and%20client
09:37 <@vpnHelper> Title: openvpn for server and client - Debian Wiki (at wiki.debian.org)
09:37 < t_dot_zilla> both client and server are behind a router
09:41 < jwww> is your vpn connection working still ?
09:42 -!- wiflix [~wiflix@ip1f100bd2.dynamic.kabel-deutschland.de] has quit [Ping timeout: 256 seconds]
09:43 < t_dot_zilla> it doesn't mean to work at all
09:43 < t_dot_zilla> like it tries to connect and fails
09:44 < t_dot_zilla> oh wait, it works if i send the client command t background
09:44 < jwww> umm
09:44 < t_dot_zilla> openvpn --script-security 2 --config /etc/openvpn/client.conf &
09:44 < jwww> I think the problem is because you were already connected once,
09:44 < t_dot_zilla> i was not doing that
09:44 < t_dot_zilla> i was doing openvpn --script-security 2 --config /etc/openvpn/client.conf
09:44 < jwww> it's why you already had the route
09:44 < t_dot_zilla> and it would fail
09:45 < t_dot_zilla> yeah
09:45 < jwww> and the message you get were from the 1st connection
09:45 < t_dot_zilla> right, it's working if i send the client cmd to bg
09:45 < t_dot_zilla> strange
09:45 < jwww> https://forums.openvpn.net/topic10674.html
09:45 <@vpnHelper> Title: OpenVPN Support Forum [OK] read UDPv4 [ECONNREFUSED]: Connection refused (code=111 : Configuration (at forums.openvpn.net)
09:46 -!- wiflix [~wiflix@ip-2-204-88-93.web.vodafone.de] has joined #openvpn
09:46 -!- wiflix [~wiflix@ip-2-204-88-93.web.vodafone.de] has quit [Client Quit]
09:46 -!- y4h0 [~yavor@94.155.134.12] has quit [Ping timeout: 255 seconds]
09:46 -!- cm_ [cm@datura.ielf.org] has joined #openvpn
09:46 < t_dot_zilla> now i can't ssh in to the client on eth0 ip
09:47 < t_dot_zilla> but i can ssh from server to client's vpn IP
09:50 < jwww> t_dot_zilla: I guess you pushed some routes, maybe default gateway ?
09:51 < t_dot_zilla> jwww: http://paste.debian.net/161732/
09:51 < t_dot_zilla> that is on client
09:54 -!- nocturn [~nocturn@unaffiliated/nocturn] has left #openvpn ["Ex-Chat"]
09:55 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
09:56 < jwww> which networks are your lan / vpn ?
09:56 < jwww> bah I guess 0.0.0.0/1 via 10.8.0.5 dev tun0 is a problem ;)
10:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:10 < t_dot_zilla> how to fix that?
10:11 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
10:12 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Client Quit]
10:36 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
10:40 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
10:49 -!- t_dot_zilla [~vipkilla@unaffiliated/t-dot-zilla/x-2830497] has quit [Ping timeout: 245 seconds]
10:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
10:53 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
11:00 -!- kexmex [~kexmex@178.212.242.26] has quit [Quit: Computer has gone to sleep.]
11:14 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
11:15 -!- kexmex [~kexmex@178.212.242.26] has quit [Max SendQ exceeded]
11:19 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
11:21 -!- Chaot_s [~me@d515324B5.access.telenet.be] has quit []
11:24 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:30 -!- u0m3_ is now known as u0m3
11:30 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
11:41 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:45 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
11:51 -!- catsup [~d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
11:52 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
11:56 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:01 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
12:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
12:14 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:21 < Olipro_> is there a way to rewrite the common-name after doing LDAP verification of a user?
12:22 < Olipro_> the idea is to do LDAP auth and then rewrite the common-name to a specific value so that a particular CCD gets used to assign an IP
12:29 < pekster> If it's just for the purpose of pushing an IP, perhaps --client-connect could have the required logic/mapping of LDAP user to --ifconfig-push value?
12:30 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 256 seconds]
12:31 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
12:32 -!- QbY [~qby@2601:0:a700:e4f0:d8dd:d8e1:f487:bb73] has joined #openvpn
12:36 < QbY> So I'm stuck in a loop...  My client (TunnelBlick) is giving me this error: 2015-03-17 12:56:14 VERIFY ERROR: depth=0, error=unsupported certificate purpose: CN=590OpenVPN ... I'm reading this HOWTO about MITM and creating my server's cert with nsCertType or --remote-cert-tls using easyrsa, but doesn't seem to be working.  Does anyone have any updated docs or examples I can go from?
12:38 < pekster> avoid nsCertType if you can since it's been deprecated as the PKI way to mark certificate usage types. As far as easyrsa goes, it'll do the right thing when you sign as either a client or server type
12:39 < pekster> As long as the signed cert has the correct keyUsage (ku) and extendedKeyUsage (eKu) attributes marked, using `--remote-cert-tls server` on  your client is all you need
12:39 < pekster> !mitm
12:39 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
12:39 < QbY> https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto
12:39 <@vpnHelper> Title: EasyRSA3-OpenVPN-Howto – OpenVPN Community (at community.openvpn.net)
12:39 < QbY> i'm just finding these instructions which look a bit different
12:41 < pekster> easyrsa v3 offers a more traditional (and "correct") model to issue certificates. You normally want to generate each keypair on the VPN client/server system, send the CSR (the .req file) to your CA. Sign it there, then send the ca.crt and issued certificate back
12:41 < pekster> That's what the linked howto does
12:41 < Olipro_> pekster: in that case though - would I be able to set a fresh env var in my auth-user-pass-verify script for client-connect to use?
12:42 < pekster> Olipro_: Not as the $common_name, no. But if you just need to assure that LDAP user FooBar gets IP 203.0.113.123, you shouldn't need to "replace" the CN, just handle address assignment
12:43 < Olipro_> it doesn't need to overwrite CN, it could just be a fresh var
12:43 < Olipro_> the point is that when I do auth-user-pass-verify, I want to store a value that the client-connect script can make use of
12:45 < pekster> Oh I see, maybe keyed off an LDAP attribute or similar. Maybe using a disk dir (tmpfs works) to associate the connection, perhaps by IP/source-port tupple, then pick that up in --client-connect ?
12:48 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:01 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
13:03 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Remote host closed the connection]
13:06 -!- nullsign [~nullsign@tyrion.nullsign.com] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
13:10 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
13:24 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 245 seconds]
13:25 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
13:34 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:40 -!- Olipro_ [~oliver.d@uncyclopedia/pdpc.21for7.olipro] has quit [Read error: Connection reset by peer]
13:42 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
13:52 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:52 -!- elfixit [~Icedove@p5DC22384.dip0.t-ipconnect.de] has joined #openvpn
13:59 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
14:09 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:10 -!- kexmex [~kexmex@178.212.242.26] has quit [Quit: Computer has gone to sleep.]
14:10 -!- elfixit [~Icedove@p5DC22384.dip0.t-ipconnect.de] has quit [Ping timeout: 252 seconds]
14:14 -!- esde [~esde@openvpn/user/esde] has quit [Quit: .]
14:14 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
14:14 -!- mode/#openvpn [+v esde] by ChanServ
14:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
14:30 -!- dazo is now known as dazo_afk
14:32 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
14:37 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
14:38 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
14:47 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:58 -!- justinzane [~justinzan@24.49.199.88] has quit []
14:59 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
15:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
15:00 -!- jalcine [~jacky@unaffiliated/webjadmin] has joined #openvpn
15:01 -!- jalcine [~jacky@unaffiliated/webjadmin] has quit [Quit: Later]
15:01 -!- QbY [~qby@2601:0:a700:e4f0:d8dd:d8e1:f487:bb73] has quit []
15:01 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:18 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
15:19 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
15:28 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:34 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
15:38 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
15:46 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 36.0.1/20150305021524]]
15:47 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:49 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Ping timeout: 252 seconds]
15:54 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
15:55 -!- QbY [~qby@2601:0:a700:e4f0:d8dd:d8e1:f487:bb73] has joined #openvpn
15:56 < QbY> I'm able to connect to my VPN which I've configured in bridge mode.  But once connected, I can't reach anything on the LAN side, not even ping the IP attached to the bridge interface... If someone could take a peek and see if anything jumps out it'd be appreciated: https://gist.github.com/43544aa0a70bd24681bf
15:56 <@vpnHelper> Title: OpenVPN Troubles (at gist.github.com)
16:05 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:10 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:26 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:33 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:45 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:52 <@krzee> QbY, i dont support bridges, but can i ask why you are bridging
16:52 <@krzee> is it just so you can reach the lan behind it with ip traffic?
16:52 < QbY> yeah pretty much
16:52 <@krzee> !tunortap
16:52 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
16:52 <@vpnHelper> rooted/jailbroken) support only tun
16:52 < QbY> this is for my home network.
16:52 < QbY> and the craptastic Apple airport i have doesn't support sttatic routes
16:53 <@krzee> if you get a normal tun vpn up id be happy to help you get a routed setup working
16:53 < QbY> krzee: problem is i wouldn't be able to talk to anything behind the airport
16:53 <@krzee> if you cant put a static route on the router you can a) put the route on the target machine(s) if the lan isnt too big or b) use nathack
16:53 <@krzee> !nathack
16:53 <@vpnHelper> "nathack" is see https://community.openvpn.net/openvpn/wiki/NatHack for info on how to solve the problem when you need !route_outside_ovpn but cant add a route to the gateway or the lan machines
16:54 < QbY> now this is an idea
16:54 < QbY> let me try this config i just loaded
16:54 < QbY> (will probably get knocked offline)
17:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
17:05  * QbY throws thigns
17:09 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:12 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 252 seconds]
17:14 <@krzee> QbY, talk here not msg please
17:15 < QbY> oh, i was just saying, i'll take any advice you wanna throw out
17:15 <@krzee> get a tun setup going
17:15 <@krzee> then, is this a server lan or client lan?
17:16  * QbY is a tad confused..
17:16 <@krzee> the lan you wish to reach over the vpn
17:16 < QbY> i'm going to be working remotely...  i want to connect back to my home office, and be as if i'm sitting right here
17:16 < QbY> connect to the internet over the vpn and everything
17:16 <@krzee> is your home running a server or a client?
17:17 < QbY> home is running a server
17:17 <@krzee> ok
17:17 <@krzee> !serverlan
17:17 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
17:17 <@krzee> but first you go get that routed tun setup running
17:17 <@krzee> no bridging, no tap
17:17 <@krzee> unless of course you have a layer2 protocol (or bcast/multicast) that you need working over the vpn
17:18 < QbY> no all layer 3
17:18 <@krzee> cool
17:18 <@krzee> know what you need to do?
17:18 < QbY> well there's some layer 2 stuff i'm sure, but we can a work around it.
17:18 < QbY> what's that
17:18 <@krzee> in regards to getting onto a routed tun setup
17:19 < pekster> If your only L2 stuff is NBNS, I'd recommend a split-DNS setup, or just your own private subdomain (lan.whatever.net) and expose that over teh VPN
17:19 < pekster> Depends on what your needs are for services
17:19 < QbY> everything is Apple and Linux inside
17:20 < QbY> brb
17:24 <@krzee> pekster, sounds like a more well thought out solution than my normal "use wins"
17:24 <@krzee> lol
17:24 <@krzee> rob0 made a nice tutorial on it, in case you find someone who wants to do that
17:24 <@krzee> !dnsmasq
17:24 <@vpnHelper> "dnsmasq" is http://rob0.nodns4.us/dnsmasq.html for a writeup on how to handle DNS for lans shared with !route
17:25 <@krzee> !splitdns
17:25 <@vpnHelper> "splitdns" is (#1) see http://www.thekelleys.org.uk/dnsmasq/doc.html for dnsmasq, which will let you do split-dns setups or (#2) "dnsmasq" is http://rob0.nodns4.us/dnsmasq.html for a writeup on how to handle DNS for lans shared with !route
17:26 <@krzee> hey pekster i have a question you might be able to answer
17:27 <@krzee> im inside a "black box" voip phone as root, it has openvpn so i can see the configure options that were used
17:27 <@krzee> $ ./configure -enable-password-save --host=mips-linux --with-lzo-lib=/home/hd/prj/phones/scpp/repos/SnomINCA2/platforms/common/src/openvpn-2.2.2/../../../../dev/lib --with-lzo-headers=/home/hd/prj/phones/scpp/repos/SnomINCA2/platforms/common/src/openvpn-2.2.2/../../../../dev/include --with-ssl-headers=/home/hd/prj/phones/scpp/repos/SnomINCA2/platforms/common/src/openvpn-2.2.2/../../../../dev/include --with-ssl-lib=/home/hd/prj/phones/scpp/repos
17:27 <@krzee> /SnomINCA2/platforms/common/src/openvpn-2.2.2/../../../../dev/lib --prefix=/home/hd/prj/phones/scpp/repos/SnomINCA2/platforms/common/src/openvpn-2.2.2/../../../../rootfs
17:27  * rob0 waves :)
17:28 <@krzee> hey rob0! did you get my message about the dnsmasq manual link changing directories on their site?  you link to it in your writeup
17:29 <@krzee> so i installed a mips crosscompile toolchain, and i see theres MANY different mips targets i can build for… is there a better way that you know of for me to limit down and figure out which target im on?
17:31 < pekster> qemu might be a more straight-forward approach, otherwise you're still going to need all the platform headers for your target (or do you already have that?)
17:33 <@krzee> ouch, i do not
17:33 < pekster> That's what all that *-lib and *-headers options do
17:33 < pekster> Basically you need to link everything against what your target platform is going to have available (which is naturally different than ld, or the frontend the build relies on) on the build platform
17:34 <@krzee> just looks like lzo and ssl headers tho, i want to build a newer openssl as well and i dont need lzo
17:34 < rob0> krzee, oh, thanks
17:35 < pekster> So you'll actually need to link against those newer openssl headers too
17:37 <@krzee> rob0, np man
17:40 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:50 < pekster> krzee: This guide isn't a bad introduction to cross-dev stuff: http://wiki.osdev.org/GCC_Cross-Compiler
17:50 <@vpnHelper> Title: GCC Cross-Compiler - OSDev Wiki (at wiki.osdev.org)
17:53 < pekster> Well, except the bit about making a stupid compiler that doesn't do much useful. First few sections are decent though
17:55 <@krzee> thank you
17:56 < QbY> krzee: sorry, i had household crap.  so i'm going to have to rearchitect my network really fast so that the airport isn't the center of the universe anymore.
18:00 <@krzee> no problem QbY. thats a good solution, although if it were not an option theres ways to work around it without using layer2
18:14 <@krzee> pekster, looks like i skipped ahead a bit with:  https://sourcery.mentor.com/GNUToolchain/release2935
18:40 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
19:03 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
19:03 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
19:03 -!- mode/#openvpn [+v s7r] by ChanServ
19:22 -!- s7r_b [debian-tor@openvpn/user/s7r] has joined #openvpn
19:22 -!- mode/#openvpn [+v s7r_b] by ChanServ
19:24 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
19:29 -!- DavEdward [~DavEdward@24.76.0.251] has joined #openvpn
19:30 -!- s7r_b [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
19:31 < DavEdward> Hi again, I've installed OpenVPN on Ubuntu linux within a LXC container. The VPN tunnel works, but for no apparent reason my bandwith is extreamly crippled. If I use the same VPN service on my windows box using OpenVPN it works fine.  Config: http://pastebin.com/4wahiGZR
19:33 < DavEdward> Only unusual step in my install that is noteable is me doing this within a LXC using a bridged (br0) adapter and that I was getting a tun error which I resolved with sudo mkdir -p /dev/net
19:34 < DavEdward> sorry above paste is Verb 4 log
19:36 < DavEdward> config: http://pastebin.com/F8YuaLxF
19:37 <@krzee> sounds like you lose something in the virtualizing
19:37 <@krzee> instead of simply pushing bits you're processing them in virtual devices
19:37 < DavEdward> hi again Krzee
19:37 <@krzee> hi
19:38 < DavEdward> I hoped LXC would be light enough that it wouldn't have these sort of problems like a VM would
19:38 < DavEdward> the server isn't a beast, but it's not that weak either. It's a repurposed Dell Optiplex 790 with 8GB RAM
19:38 <@krzee> well what if its running on the host instead of vm?
19:38 <@krzee> same issue or not?
19:39 < DavEdward> at the moment the only activity is the VPN and LXC all other servers are off except Teamspeak with 5 users
19:39 <@krzee> my question remains
19:39 < DavEdward> I can't really test it on the host, it'll screw up all my servers quite badly which is why I'm using LXC
19:40 <@krzee> just testing the vpn connection will screw up all your servers?
19:40 <@krzee> why? addressing?
19:40 < DavEdward> most servers are hard bind to 192.168.0.254
19:40 <@krzee> o.O o…k…
19:40 <@krzee> and?
19:41 < DavEdward> wouldn't running the VPN, adding the TUN device and the steps involved mess up the interfaces?
19:41 <@krzee> only if you do extra stuff that messes up interfaces
19:42 <@krzee> but you dont need to do things like push routes and redirect-gateway and stuff to test your issue...
19:42 < DavEdward> okay. Just a minute then. Hopefully I won't fudge the system
19:42 < redpill> not if the ip range does not overlap and that you don't set the default route though the VPN etc
19:42 <@krzee> you can run the configs by me if you're remote and wanna be careful
19:42 < DavEdward> I'm using a clean .opvn (renamed to .conf) for this. None of the no-pull or such in there any more
19:42 <@krzee> yes, what redpill said ^
19:42 < DavEdward> my config is above Krzee minus the cert info
19:43 <@krzee> thats only 1 side
19:43 <@krzee> your server config?
19:43 < DavEdward> oh, I have no control over the server side
19:43 < DavEdward> VPN Unlimited is the host
19:43 <@krzee> oh ok, dont run the test
19:43 < DavEdward> no point?
19:43 <@krzee> no way to know what sort of crap you'll execute
19:44 < DavEdward> ah okay
19:44 <@krzee> could possibly break stuff, like you thought originally
19:44 <@krzee> like if it redirects gateway (likely) and then you cant get back in to disable it
19:44 < DavEdward> I know it's not as good of a test, but OpenVPN (vanillia) client on windows works fine with the same .ovpn file, but within the LXC it's terrible
19:45 <@krzee> that doesnt mean much since its a different machine all together, but either way im pretty sure its your lxc setup
19:45 <@krzee> sounds like you know that too tho
19:45 < DavEdward> Windows box with Vanilla OpenVPN: 26Mbps down     LXC Container on Ubuntu 14.xx using OpenVPN: 5Mbps
19:45 <@krzee> well things that are supposed to be kernel are now userspace
19:45 < DavEdward> it's a pretty clean LXC, may I run it by you?
19:45 <@krzee> virtualized to be in kernel
19:45 <@krzee> i dont use lxc, so its pointless
19:46 < DavEdward> okay. The only install issue I had was the TUN driver
19:46 <@krzee> i doubt this is from an install issue
19:46 < DavEdward> to make it work I had to enter the following 5 lines:
19:46 < DavEdward> sudo mkdir -p /dev/net
19:46 < DavEdward> sudo mknod /dev/net/tun c 10 200
19:46 < DavEdward> sudo chmod 600 /dev/net/tun
19:46 < DavEdward> sudo cat /dev/net/tun
19:46 < DavEdward> 4 lines sorry*
19:46 < DavEdward> last line just to test
19:47 <@krzee> ^ thats cause your system doesnt have udev   iirc
19:47 < DavEdward> ah okay. It's way above me. I googled the error and this was the purposed solution everywhere i looked. It did make it work, but something is seriously badly bottlenecking the connection
19:48 < DavEdward> I ran speedtest on the machine itself, not going through Squid or anything
19:48 <@krzee> you have a virtual device routing through another virtual device
19:48 < DavEdward> being VPN routing through LXC?
19:48 <@krzee> i dunno, sounds like it could be the problem to me
19:48 <@krzee> but you could always test other possibilities like mtu
19:48 <@krzee> !speed
19:48 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
19:49 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or (#9) a
19:49 <@vpnHelper> user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
19:49 < DavEdward> yikes, every time I think I got a grasp on some of this more alien things go my way. I know of MTU but not most of the rest
19:50 < DavEdward> Not sure if this is valid, but in my struggles I tried using PPTP-client in place of OpenVPN and I got an error that the kernal doesn't support PPP
19:50 <@krzee> http://heider.io/blog/2013/10/26/openvpn-in-a-lxc-container/   <-- theres the solution you found for getting it started in a lxc
19:50 <@vpnHelper> Title: OpenVPN in a lxc container - ah (at heider.io)
19:50 < DavEdward> OpenVPN doesn't seem bothered by this, but maybe it just doesn't complain.
19:51 <@krzee> irrelevant, and you DO NOT want pptp
19:51 < DavEdward> okay
19:51 < DavEdward> that page you gave me has more info that the last one I found
19:51 < DavEdward> Just a sec I'll try that out
19:52 <@krzee> try what out?
19:52 < DavEdward> that solution is very different
19:52 < DavEdward> URL you gave me
19:52 < DavEdward> heider.io
19:52 <@krzee> cant be that different
19:52 < DavEdward> small differences
19:53 < DavEdward> I was told:  chmod 600 /dev/net/tun
19:53 <@krzee> wont help you
19:53 < DavEdward> they say: chmod 0666 /net/tun
19:53 <@krzee> if it was a permission issue you wouldnt have a vpn
19:53 <@krzee> wouldnt change your speed :D
19:53 < DavEdward> is it possible packet routing is all weird and it's discarding tons of packets coming back on the wrong interface?
19:54 < DavEdward> that whole weak-host thing?
19:54 <@krzee> what weak-host thing?
19:54 < DavEdward> https://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx
19:54 <@vpnHelper> Title: The Cable Guy: Strong and Weak Host Models (at technet.microsoft.com)
19:55 < DavEdward> I imagine Linux has a similar modle
19:55 <@krzee> and its hard for me to say no without seeing anything, but packet sniffing should tell you if that is a valid thought or not
19:55 < DavEdward> very difficult to with a headless server
19:55 <@krzee> lol
19:55 < DavEdward> if push comes to shove I'll try though
19:55 <@krzee> i ONLY have headless servers
19:55 <@krzee> so im calling bullshit on that
19:55 <@krzee> tcpdump doesnt need a gui
19:55 <@krzee> hah
19:55 < DavEdward> you're far more experianced with this than I am
19:56 <@krzee> plus tcpdump can save to file, which you download and load into wireshark (which runs fine in linux,osx,windows
19:56 < DavEdward> I'm not a networking professional. Just a general hardware/software tech. I'm trying to learn more as I go
19:56 < DavEdward> tcpdump can make wireshark logs?
19:57 <@krzee> they both use pcap
19:57 < DavEdward> okay pcap and wireshark I know (some)
19:57 <@krzee> pcap is a filetype
19:57 <@krzee> tcpdump can read or write them, same with wireshark
19:57 < DavEdward> I figure I start tcpdump, connect to VPN, generate traffic, then take the log and feed it to wireshark and dig through it?
19:57 <@krzee> and if you find some other packet sniffing software, odds are it reads/writes pcap too
19:59 < DavEdward> okay
20:08 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:21 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
20:38 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
20:39 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
20:51 -!- LanDi [~LanDi@179.180.19.59] has quit [Max SendQ exceeded]
20:52 -!- LanDi [~LanDi@179.180.19.59] has joined #openvpn
20:53 -!- LanDi [~LanDi@179.180.19.59] has quit [Client Quit]
21:03 < DavEdward> strange, that solution from: http://heider.io/blog/2013/10/26/openvpn-in-a-lxc-container/    doesn't work. The TUN driver doesn't appear
21:03 <@vpnHelper> Title: OpenVPN in a lxc container - ah (at heider.io)
22:22 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:50 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:57 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 265 seconds]
23:07 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 264 seconds]
23:10 -!- DavEdward [~DavEdward@24.76.0.251] has quit [Quit: Leaving]
23:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
--- Day changed Wed Mar 18 2015
00:13 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
00:14 -!- JuanesPTY [~JuanesPTY@190.219.171.31] has quit [Ping timeout: 264 seconds]
00:24 -!- `hypermist` is now known as sleepypc
00:32 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
00:49 -!- ShadniX [dagger@p5DDFC354.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:51 -!- ShadniX [dagger@p57941C88.dip0.t-ipconnect.de] has joined #openvpn
00:51 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
01:08 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
01:20 -!- weykent [~weykent@unaffiliated/weykent] has joined #openvpn
01:21 < weykent> is there a particular scheme that's recommended for setting the subject of client certificates?
01:21 < weykent> i've been trying to decide what would be good for that
01:21 < weykent> specifically for users to connect to the vpn; not a server-to-server link
01:22 < weykent> maybe just /CN=username ?
01:26 -!- QbY [~qby@2601:0:a700:e4f0:d8dd:d8e1:f487:bb73] has quit [Remote host closed the connection]
02:00 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
02:00 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:00 -!- mode/#openvpn [+o mattock] by ChanServ
02:05 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
02:35 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
03:03 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 256 seconds]
03:35 -!- defswork [~andy@mailhost.mirrormail.co.uk] has joined #openvpn
04:02 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
04:02 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:02 -!- badon_ is now known as badon
04:08 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
04:15 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
04:37 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
04:37 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:38 -!- badon_ is now known as badon
05:06 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Sleeping.]
05:06 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
05:12 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Sleeping.]
05:12 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
05:17 -!- darlinger [~jd@mf30536d0.tmodns.net] has joined #openvpn
05:17 < darlinger> o/ does anyone use the openvpn connect app? i'm getting a "only supports topology subnet or net30" type of error even though i have "topology subnet" in my server config
05:27 < darlinger> hmmm the issue seems to be that the SENT CONTROL message is still sending "topology p2p" even though i explicitely declare topology to be subnet in the server config
05:37 < darlinger> if i try 'push "topology net30"' it will put it out earlier in the SENT CONTROL message, but at the end it will append "topology p2p"
05:55 < darlinger> found it. apparently ifconfig-pool-linear causes that to happen
06:04 < darlinger> because it implies that the topology is p2p, but i seem to still get the same desired effect of not having to make /30 subnets
06:30 -!- darlinger [~jd@mf30536d0.tmodns.net] has quit [Ping timeout: 252 seconds]
06:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:18 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
07:19 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
07:55 -!- elfixit [~Icedove@p5DC22384.dip0.t-ipconnect.de] has joined #openvpn
08:02 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Ping timeout: 252 seconds]
08:20 -!- elfixit [~Icedove@p5DC22384.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]
08:50 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
08:55 -!- lxusrbin [~lxusrbin@han-solo.atw0rk.net] has quit [Ping timeout: 272 seconds]
08:57 -!- lxusrbin [~lxusrbin@han-solo.atw0rk.net] has joined #openvpn
09:05 -!- apollo2k is now known as aPollO2k
09:25 -!- crised [~crised@186.67.181.203] has joined #openvpn
09:26 < crised> Debian Wheezy in one side with dynamic ip, need to connect to a static ip server that has linux as well
09:26 < crised> Could you guys guide me a bit?
09:55 -!- kernal [~kernal@cloudrack.io] has joined #openvpn
10:00 -!- aPollO2k is now known as apollo2k
10:01 < kernal> hey, I'm trying to reconfigure my vpn network
10:02 < kernal> previously i ran a tun-based network over internet and everything worked fine
10:02 < rob0> Hiya, http://pastebin.slackadelic.com/p/oWgBdh75.html : ssh attacks getting through a simple firewall, somehow.  Seems more like a #Netfilter issue, but I thought I should ask here too, because it's going through an openvpn with --redirect-gateway set.
10:02 < rob0> these are the attacks at the moment: Mar 18 09:59:43 tp sshd[2282]: Failed password for root from 117.239.190.203 port 26291 ssh2
10:02 < kernal> now i'm trying to bridge remote clients into my local network, here's the config https://gist.github.com/pzduniak/c52f3c4ebe327697b42e - I can't get from the windows client.conf to linux server.conf, connection timeouts
10:02 <@vpnHelper> Title: client.conf (at gist.github.com)
10:03 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
10:03 < rob0> why bridge, why not route?
10:04 < kernal> i have no idea what i'm doing
10:04 < kernal> i just want to know what I want to achieve
10:04 < rob0> then don't bridge
10:04 < kernal> so how do I route?
10:04 < kernal> i want to give remote clients two-way access into the network
10:04 < rob0> sounds like this:
10:04 < rob0> !serverlan
10:04 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
10:05 < rob0> or if your lan is behind a client, !clientlan
10:06 < kernal> can you ping the vpn ip of the server means whether i can ping its ip _inside_ the network, right?
10:06 < DArqueBishop> Essentially, unless you have a very specific need for bridging (like LAN gaming), you should stick with routing.
10:06 < kernal> oh wait nvm, it's over internet
10:06 < rob0> VPN IP means that ...
10:06 < rob0> VPN IP
10:06 < kernal> as later there's "lan ip"
10:07 < rob0> Basic network terms.
10:07 < kernal> so i can't ping the lan ip through the vpn
10:07 < kernal> ip forwarding is enabled
10:08 < kernal> there's an "accept all from anywhere to anywhere" record in forward chain in iptables
10:08 < kernal> I use bridging, so it might be something messed up with the bridge
10:09 < kernal> is there a tutorial on how to do that routing?
10:10 < kernal> should I remove the bridge and use tun?
10:12 < rob0> of course
10:18 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
10:18 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
10:22 -!- badon_ is now known as badon
10:24 < kernal> rob0, so i can connect to 172.16.0.1 now, but not to 172.16.0.2 (over the switch)
10:25 < kernal> from the chart it seems that i have to "add a route to the lan machine so it knows how to reach the vpn subnet"
10:27 < kernal> how do I do that?
10:29 < kernal> !route
10:29 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
10:29 <@vpnHelper> client
10:46 < kernal> yay
10:46 < kernal> i did it
10:46 < kernal> thanks
10:58 -!- cm_ [cm@datura.ielf.org] has quit [Remote host closed the connection]
11:00 -!- kokel [~quassel@kenneth.kokelnet.de] has left #openvpn []
11:19 < rob0> kernal, great! :)
11:19 < rob0> Even better that you mostly did it on your own, once pointed in the right direction.
11:41 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
11:46 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
11:49 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Ping timeout: 264 seconds]
11:52 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
11:58 < LnxNoob> !configs
11:58 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:58 < LnxNoob> :(
12:06 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
12:14 -!- marl_scot [~marl_scot@cpc2-dumb5-2-0-cust823.20-3.cable.virginm.net] has joined #openvpn
12:15 < LnxNoob> Hey guys, I have set up an openvpn client on my ubuntu home server (network-manager-openvpn) and everything seems to be working fine, except one thing : on ipmagnet and ipleak, I can see my isp ipv6 DNS. I have tried to use both google ipv4 and ipv6 dns, but nothing changes. I have even tried to use ufw to prevent any connection to eth0 except on lan and to connect to my VPN. Any idea of how I could fix that ?
12:16 < LnxNoob> !paste client
12:16 < LnxNoob> dev tun
12:16 < LnxNoob> proto udp
12:16 < LnxNoob> resolv-retry infinite
12:16 < LnxNoob> remote-random
12:16 < LnxNoob> ca ca.crt
12:16 < LnxNoob> cert user.crt
12:16 < LnxNoob> key user.key
12:16 < LnxNoob> nobind
12:16 < LnxNoob> persist-key
12:16 < LnxNoob> persist-tun
12:16 < LnxNoob> auth-user-pass auth.txt
12:16 < LnxNoob> ns-cert-type server
12:16 < LnxNoob> verb 3
12:16 < LnxNoob> remote xxx 1196
12:16 < LnxNoob> hu... that wasnt what I expected.
12:20 < marl_scot> hi folks, i am trying to get routing working over my ovpn. I am running my server on 192.168.8.252, my ovpn is 10.9.0.1, my client is 10.9.0.14 and 192.168.12.1.  I can ping 10.9.0.14 from the server, but cant ping the 192.168.12.1 ip i am unable to figure out how to enter my route command to allow access to the far ip address (192.168.12.1) or any of its attached computers
12:23 < rob0> Strange setup; what is the goal of this?  Anyway, your answer is probably found in the flowchart ...
12:23 < rob0> !clientlan
12:23 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
12:23 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
12:28 < marl_scot> rob0: i use a box on a remote site for development work, but i have had issues in the past with the isp hosting the box allowing some ports through to my box
12:29 < marl_scot> i presume you mean its starnge in that im going from server to client instead of the other way?
12:29 < rob0> The strangeness is the RFC 1918 addresses being external?
12:30 < rob0> Obviously !clientlan is not strange, because we have such nice factoids about it. :)
12:31 < marl_scot> none of the addresses are external the ones i listed are the ones for the server and the client.  the server routes to the internet via a gateway, and the client has a public ip address, but didnt see a reason to include these as i am just trying to route over the vpn
12:32 < rob0> oh, okay
12:33 < marl_scot> what would be ideal for the website is a form that you can enter addresses of your machines, and have it spit out the recomended configurations
12:35 < marl_scot> !ccd
12:35 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
12:38 < rob0> I think krzee has something like that
12:40 < marl_scot> dont suppose you would know where? or would you have any idea when he is likely back on?
12:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:43 < rob0> krzee is usually here between the hours of 00:00:00 and 23:59:59 UTC, give or take a second. :)
12:43 < rob0> That is to say, unpredictable.
12:43 < rob0> !factoids search config
12:43 <@vpnHelper> 'ifconfig', 'ifconfig-linux', and 'configs'
12:43 < marl_scot> lol, thanks rob0
12:43 < rob0> !configs
12:43 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:44 < rob0> !factoids search generat
12:44 <@vpnHelper> No keys matched that query.
12:45 < rob0> !factoids search confgen
12:45 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ or (#3) you must run this in bash
12:45 < rob0> whoa!
12:45 < marl_scot> thanks :)
12:45 < rob0> I figured that was a longshot, glad I tried it
12:49 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:53 < marl_scot> great script, but only prompts for server sharing its lan with the client and not the other way :(
13:08 < weykent> trying to figure out what subjects to use on openvpn client certs. maybe just /CN=username ?
13:12 < rob0> weykent, IIRC pekster has a little CA security writeup.
13:12 < weykent> rob0, where at?
13:13 < rob0> Basically you don't want to give away information to a potential attacker, and a lot of the stuff which might go into your openssl.cnf are not good to have.
13:13 < rob0> !factoids search secur
13:13 <@vpnHelper> 'secure', 'security', 'forwardsecurity', and 'howsecurityworks'
13:13 < rob0> !secure
13:13 <@vpnHelper> "secure" is (#1) http://openvpn.net/howto.html#security for hardening or (#2) http://openvpn.net/index.php/documentation/security-overview.html for security overview
13:14 < rob0> !security
13:14 <@vpnHelper> "security" is "secure" is (#1) http://openvpn.net/howto.html#security for hardening, or (#2) http://openvpn.net/index.php/documentation/security-overview.html for security overview
13:14 < weykent> i've successfully avoided using openssl for CA work, but i know what openssl.cnf is for in a CA context ;p
13:14 < rob0> !howsecurityworks
13:14 <@vpnHelper> "howsecurityworks" is security can be obtained by: something you have (certificates, usb tokens), something you know (passwords), something you are (biometrics). for best security use more than 1. if you save passwords to a file (!pwfile), you change them from something you know to something you have, which destroys the point of using passwords
13:14 < rob0> No idea where it is, sorry.
13:14 < weykent> ah, okay
13:15 < weykent> i'll search a bit
13:15 < weykent> oh, right, easy-rsa
13:15 < weykent> are the subjects that that uses not ideal?
13:16 < rob0> you probably don't want to have your locations and organization name, et c., in your certificates
13:16 < weykent> let me see what i have right now
13:17 < rob0> "maybe just /CN=username" sounds right
13:17 < weykent> okay
13:17 < weykent> the CA has C, O, OU, and CN, which do identify the organization
13:18 < weykent> so that's not recommended for issuing openvpn client certs?
13:18 < weykent> the server certs are just /CN=hostname, though
13:20 < rob0> You look at your threat model and decide what's appropriate.  Most folks are unlikely to be targeted by anything other than casual automated attackers (spammers & scammers.)
13:23 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
13:25 -!- cohn [noone@unaffiliated/cohn] has joined #openvpn
13:26 < cohn> hi, is it possible to route only certain clients' traffic completely through the VPN and not others?
13:26 < cohn> so, "redirect-gateway" for a specific client
13:31 < DArqueBishop> Yes, cohn.
13:31 < DArqueBishop> !ccd
13:31 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
13:33 < cohn> thanks! kinda thought that might be the case but can't hurt to ask
13:33 < cohn> :D
13:47 -!- cohn [noone@unaffiliated/cohn] has left #openvpn []
13:47 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Remote host closed the connection]
13:57 <@krzee> rob0, it was the confgen but i should REALLY change those configs before that program will be usable again, they are highliy outdated
13:58 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 255 seconds]
14:03 < rob0> krzee, hey, did you see my question earlier, about ssh getting through a very simple firewall which looks like it should be blocking it?
14:03 < rob0> re: issue earlier, http://pastebin.slackadelic.com/p/oWgBdh75.html , stray SSH attack bots continue to get through that very simple firewall.  And I tested it myself, can ssh in from the outside.
14:03 <@krzee> nah didnt see that
14:03 < rob0> I'm wondering if some quirk of tun is involved in this.
14:07 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:10 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Remote host closed the connection]
14:10 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
14:13 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
14:17 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
14:31 < rob0> Nope, just mental flatulence.  I put -d where I meant to put -s, sigh.
14:35 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Remote host closed the connection]
14:35 -!- sr_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
14:37 -!- sr_berry is now known as ser_berry
14:38 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
14:39 -!- weykent [~weykent@unaffiliated/weykent] has quit [Ping timeout: 265 seconds]
14:39 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has quit [Ping timeout: 265 seconds]
14:40 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
14:40 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
14:40 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has joined #openvpn
14:43 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Read error: Connection reset by peer]
14:44 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
14:58 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 256 seconds]
15:20 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
15:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:17 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:19 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
16:31 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
16:35 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
16:39 -!- crised [~crised@186.67.181.203] has quit [Quit: Leaving.]
16:42 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:50 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Ping timeout: 250 seconds]
16:51 -!- shimano [shimano@c109-161.icpnet.pl] has quit [Ping timeout: 250 seconds]
17:19 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:19 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:19 -!- badon_ is now known as badon
17:26 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
17:28 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
17:32 -!- weykent [~weykent@unaffiliated/weykent] has joined #openvpn
17:35 -!- HyP3r [~HyP3r@elektro-fendt.de] has quit [Quit: leaving]
17:54 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:57 -!- kernal is now known as zz_kernal
19:03 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:37 -!- tekzilla [~jon@217.147.92.57] has quit [Remote host closed the connection]
19:40 -!- terry_tse [~terry_tse@14.116.22.252] has joined #openvpn
19:59 -!- sleepypc is now known as `hypermist`
20:00 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
20:15 -!- terry_tse [~terry_tse@14.116.22.252] has left #openvpn ["Leaving"]
20:26 -!- deranged [Bit@lolnerd.net] has quit [Ping timeout: 272 seconds]
20:28 -!- _FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 265 seconds]
20:28 -!- deranged [Bit@lolnerd.net] has joined #openvpn
20:34 -!- FBi [B@Aircrack-NG/User] has joined #openvpn
20:34 -!- FBi is now known as Guest98431
21:01 -!- terry_t [~terry_tse@14.116.22.252] has joined #openvpn
21:01 -!- terry_t [~terry_tse@14.116.22.252] has quit [Client Quit]
21:02 -!- Mutantx [~Carlo@46.166.190.166] has joined #openvpn
21:27 -!- terry_t [~terry@183178242025.ctinets.com] has joined #openvpn
21:35 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 246 seconds]
21:37 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:43 -!- Denial [~Denial@81.141.9.229] has quit [Ping timeout: 246 seconds]
21:43 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
22:07 -!- nickSwe [~quassel@2605:6000:9b86:c700:a486:7d3f:1b8d:75d9] has joined #openvpn
22:08 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
22:26 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection reset by peer]
22:29 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
22:58 -!- nickSwe [~quassel@2605:6000:9b86:c700:a486:7d3f:1b8d:75d9] has quit [Remote host closed the connection]
23:00 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
23:03 -!- The_Ball [~ballen@c114-77-179-73.hillc3.qld.optusnet.com.au] has joined #openvpn
23:04 < The_Ball> Is it possible to push a route with a router IP? the syntax push "route 10.20.29.0 255.255.255.0"; is using the OpenVPN IP as the router, but I want to add a route to another network available through a router on the network served by OpenVPN
23:05 < The_Ball> So something like push "route 10.20.30.0 255.255.255.0 10.20.29.123"
23:06 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
23:06 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
23:13 -!- `hypermist` is now known as sleepypc
23:28 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 265 seconds]
23:32 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
23:37 < pekster> The_Ball: sounds like you want to read !clientlan for a routed setup to do that
23:38 < pekster> client-A still routes via the VPN server because that's the next-hop to reach another client LAN
--- Day changed Thu Mar 19 2015
00:02 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:16 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 265 seconds]
00:22 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
00:29 < terry_t> I am wondering if it's robust to run multiple instances of openvpn server in bridge mode. I've a theoretically 1G symmetrical connection which is used to service no more than 20 remote users. The application pumps out multicast packets that necessiates running openvpn in bridge mode. For reason unknown, when a single instance Openvpn hits about 8Mbytes/sec, remote clients start seeing dropped packets. I see from top that Openvpn is at 50% at that 
00:48 -!- ShadniX [dagger@p57941C88.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:48 -!- ShadniX [dagger@p57941996.dip0.t-ipconnect.de] has joined #openvpn
01:12 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
01:25 -!- havingFun is now known as xrosnight
01:38 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
02:01 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:01 -!- mode/#openvpn [+o mattock] by ChanServ
03:36 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:41 -!- dazo_afk is now known as dazo
03:43 -!- hieronemus001 [~hieronemu@82.117.202.34] has joined #openvpn
03:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:47 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 265 seconds]
03:48 < hieronemus001> hello - I did SSL VPN vulnerability check on my ASA firewall https://www.youtube.com/watch?v=rWtOLU-gNWo. I'm getting to the final step to reset security PIN. Am I in trouble?
03:48 <@vpnHelper> Title: Cisco SSL VPN Exploit - YouTube (at www.youtube.com)
04:17 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
04:18 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:19 -!- Felden [~felden@unaffiliated/felden] has left #openvpn []
04:24 -!- TXX [~TXX@nat.nordija.com] has joined #openvpn
04:24 < TXX> Hey
04:24 -!- Poster|x [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
04:24 < TXX> Is there any advantages to using a non-selfsigned/official CA ?
04:26 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 265 seconds]
04:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
04:50 -!- TXX [~TXX@nat.nordija.com] has quit [Ping timeout: 256 seconds]
05:08 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
05:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:50 <@dazo> hieronemus001: ehm .... that got nothing to do with openvpn at all, so we probably won't know here ... on the other hand, most people here will probably claim you are in trouble since you don't use openvpn ;-)
05:52 < hieronemus001> dazo: tbh I use openvpn as alternative vpn, asa is under datacenter ingerence - it's up to date but I'm still able to get to this point. It scares me to reset PIN
06:41 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Ping timeout: 272 seconds]
06:43 -!- pavetheway [~pavethewa@173.192.105.203] has joined #openvpn
06:47 -!- pavetheway [~pavethewa@173.192.105.203] has quit [Quit: Ex-Chat]
06:52 -!- Chais [~Chais@unaffiliated/chais] has quit [Read error: Connection reset by peer]
07:01 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
07:21 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
07:24 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
07:26 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 264 seconds]
07:27 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
07:28 -!- sammm_ [~sammm@108.61.228.170] has joined #openvpn
07:29 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:33 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 250 seconds]
07:34 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
07:59 -!- sammm_ [~sammm@108.61.228.170] has quit [Quit: Lost terminal]
08:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
08:41 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
08:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:46 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
08:50 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Quit: x]
09:08 -!- mirco [~mirco@ip-178-200-242-246.hsi07.unitymediagroup.de] has joined #openvpn
09:45 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 250 seconds]
09:46 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
09:46 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
09:52 -!- lasdam [~tom@95.141.33.20] has joined #openvpn
09:59 < lasdam> couple of questions: to connect to and through two different vpn servers, I need to use two vpn daemons, right? and can I somehow only use the first tunnel when connecting to some specific IP, e.g. using the linux route command?
09:59 -!- mirco [~mirco@ip-178-200-242-246.hsi07.unitymediagroup.de] has quit [Quit: mirco]
10:19 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 244 seconds]
10:25 -!- lasdam [~tom@95.141.33.20] has quit [Ping timeout: 244 seconds]
10:25 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 250 seconds]
10:27 -!- lasdam [~tom@95.141.33.20] has joined #openvpn
10:34 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
10:36 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
11:04 -!- hieronemus001 [~hieronemu@82.117.202.34] has quit [Quit: Leaving]
11:04 -!- Mutantx [~Carlo@46.166.190.166] has quit [Ping timeout: 256 seconds]
11:05 -!- dazo is now known as dazo_afk
11:11 -!- gchristensen [~gchristen@unaffiliated/grahamc] has joined #openvpn
11:41 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:53 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
11:54 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
11:54 -!- matt_ [~matt@ccpc-buzzer.bath.ac.uk] has joined #openvpn
11:56 -!- lasdam [~tom@95.141.33.20] has left #openvpn []
12:02 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Read error: Connection reset by peer]
12:02 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:02 -!- badon_ is now known as badon
12:03 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
12:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
12:25 -!- zz_kernal is now known as kernal
12:27 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
12:36 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
12:37 < Olipro_> what can I do from OPENVPN_PLUGIN_CLIENT_CONNECT_V2 in a plugin? I can't find any documentation
12:37 < Olipro_> I'm looking to tell OpenVPN to assign a user to a particular subnet
12:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
12:47 -!- YazzMatazz [b0cda9d4@gateway/web/freenode/ip.176.205.169.212] has joined #openvpn
12:49 < YazzMatazz> hi
12:50 < YazzMatazz> hello hello, is anybody in there, just nod if you can hear me
12:52 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
13:03 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
13:06 -!- BtbN [btbn@btbn.de] has joined #openvpn
13:07 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
13:07 -!- mode/#openvpn [+v s7r] by ChanServ
13:15 -!- kernal is now known as zz_kernal
13:19 -!- lovelytsui [~lovelytsu@n119236205173.netvigator.com] has joined #openvpn
13:19 < YazzMatazz> Hi, How many clients can OpenVPN handle in routing mode. What is the calculation based on?
13:19 < lovelytsui> I cant connect to vpn using .opvn file in mint 17.1, here's the screenshot: http://holland.pk/uptow/i4/bb7f7f015a197b462c5b8d2ea8c4f480.png
13:20 < lovelytsui> could anybody help me figuring out whats wrong?
13:20 < Olipro_> if I have a /16 - what directive can I use inside a client-config-dir to dynamically put a particular client on a particular /24
13:20 < Olipro_> e.g. i have 192.168.0.0/16 and I create a CCD for a new client whom I want to be given the next available address within 192.168.10.0/24
13:21 < YazzMatazz> hi lovelytsui, I think the .opvn  config file would be helpful
13:23 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:24 < YazzMatazz> I mean showing us the config info would be helpful
13:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:28 -!- lovelytsui [~lovelytsu@n119236205173.netvigator.com] has quit [Quit: Leaving]
13:30 -!- lovelytsui [~lovelytsu@n119236205173.netvigator.com] has joined #openvpn
13:31 -!- rob0 is now known as et_al
13:41 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
13:56 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
13:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:58 -!- bastione [~duckDuckG@c-24-22-85-110.hsd1.or.comcast.net] has joined #openvpn
14:00 < bastione> hey all, I have an openvpn client running in a freenas jail running transmission... it connects to server and works fine, but it throws up tons of errors like this:
14:00 < bastione> Mar 19 09:39:23 freenas kernel: <118>Mar 19 09:39:23 transmission_1 openvpn[30052]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1853316 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
14:01 < bastione> again, it is working... but should I be concerned about all these in the logs?
14:04 -!- lovelytsui [~lovelytsu@n119236205173.netvigator.com] has quit [Remote host closed the connection]
14:11 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
14:22 < Olipro_> what config var do I need to override in OPENVPN_PLUGIN_CLIENT_CONNECT_V2 to change the IP that will be assigned to the client?
14:25 -!- et_al is now known as rob0
14:37 -!- YazzMatazz [b0cda9d4@gateway/web/freenode/ip.176.205.169.212] has quit [Quit: Page closed]
14:40 < zoredache> Olipro you use ifconfig-push in a ccd file to specify an ip.
14:49 < Olipro_> zoredache: no, I'm talking about the plugin API
15:04 -!- zz_kernal is now known as kernal
15:09 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
15:10 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
15:10 -!- mode/#openvpn [+v s7r] by ChanServ
15:13 < Olipro_> ok, looks like the name member has to be "config"
15:13 < Olipro_> so, with that resolved - is there a way to use a specific IP pool for a given client
15:30 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:35 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
15:39 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
15:39 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
15:39 -!- mode/#openvpn [+v s7r] by ChanServ
15:41 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
15:41 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:41 -!- badon_ is now known as badon
15:54 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
16:00 -!- s7r_s [debian-tor@openvpn/user/s7r] has joined #openvpn
16:00 -!- mode/#openvpn [+v s7r_s] by ChanServ
16:00 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
16:03 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 250 seconds]
16:22 -!- Alissa [Alissa@vps.alissa.ml] has joined #openvpn
16:23 < Alissa> !welcome
16:23 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:23 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:23 -!- s7r_s [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
16:23 <@krzee> Olipro, sure you can make a --client-connect script and then assign as done in a ccd file
16:23 -!- s7r_s [debian-tor@openvpn/user/s7r] has joined #openvpn
16:23 -!- mode/#openvpn [+v s7r_s] by ChanServ
16:23 <@krzee> !client-connect
16:23 <@vpnHelper> "client-connect" is --client-connect <script>, runs script on client connection. This can be useful for generating firewall rules dynamicly, or for assigning static ips. This can do anything that a ccd (see !ccd) entry can do, but dynamicly... to use it that way, you should write your dynamic ccd commands to the file named by $1.
16:23 < Alissa> I'm trying to set up a one-client VPN and I've not much of an idea how to do it. I'm not really one for networking but I'd like a one-client one-server VPN.
16:24 < Alissa> Can someone give me some help in setting this up?
16:24 <@krzee> if you use a static key theres examples in the manual
16:24 <@krzee> !statickey
16:24 <@vpnHelper> "statickey" is (#1) you can use static keys by using --secret </path/to/key> or (#2) static keys only work for ptp links, not client/server. They also do not provide forward encryption. A forward-secure encryption scheme (such as openvpn uses with certs) protects secret keys from exposure by evolving the keys with time. or (#3) see !forwardsecurity for more info
16:25 <@krzee> ^ @ Alissa
16:25 < Alissa> Can you link me to the manual?
16:25 <@krzee> !man
16:25 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
16:25 < Alissa> Awesome, thanks.
16:26 <@krzee> yw
16:26 < Alissa> I'll go read through that for a bit.
16:31 < Alissa> Should I use a full location path for a file location or just leave it as static.key ?
16:31 <@krzee> !path
16:31 <@vpnHelper> "path" is (#1) use full paths in your config! or (#2) if you use windows, see !winpath
16:32 < Alissa> Another question, in the stiatic key mini-howto, it has a "remote" setting, would I set that to the location of the VPS I'm running the server on?
16:37 < Alissa> " changing myremote.mydomain in the client configuration to the domain name or public IP address of the server." whups. overlooked that.
16:39 < Alissa> It's all set up now. Kbai :D
16:39 -!- Alissa [Alissa@vps.alissa.ml] has left #openvpn ["WeeChat 1.2-dev"]
16:42 -!- `Yoda [Yoda@gateway/shell/yourbnc/x-tvbxksxymxgqrlyu] has joined #openvpn
16:52 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 264 seconds]
16:59 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
17:22 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:27 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Quit: I Was Just De-c0ded!]
17:31 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
17:33 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 252 seconds]
17:37 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Leaving.]
17:49 -!- Z-Chymera [~chymera@77-57-116-83.dclient.hispeed.ch] has joined #openvpn
17:49 < Z-Chymera> hi guys, I am trying to follow these instructions http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
17:49 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
17:49 < Z-Chymera> but I have no idea what to replace remote myremote.mydomain with
17:50 <@krzee> did you read about --remote in the manual?
17:50 <@krzee> !man
17:50 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
17:51 -!- r00t^2_ [~bts@g.rainwreck.com] has joined #openvpn
17:51 < Z-Chymera> krzee: thanks, but that does not really help me - the manual description says Remote host name or IP address as well
17:52 <@krzee> you dont know what the host name or ip of your server is?
17:52 < Z-Chymera> but I have no idea what my server's "remote host" is - nor does it have a fix IP address
17:52 < Z-Chymera> I thought that was the point of openvpn
17:52 < Z-Chymera> to connect to machines whichdo not have fixed IP addresses
17:52 < Z-Chymera> or at least that's why it was recommended for me
17:52 < Z-Chymera> * to me
17:53 <@krzee> that can be done, but it requires a dyndns
17:53 <@krzee> (or a machine in the middle acting as a server which is on a static ip)
17:54 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 250 seconds]
17:56 < Z-Chymera> krzee: ok.... is there an easy guide for the latter (machine in the middle) - I have some server space at dreamhost that is reachable at the same domain, will that do?
17:56 <@krzee> sure, once both clients are connected you could simply use:
17:56 <@krzee> !c2c
17:56 <@vpnHelper> "c2c" is "client-to-client" is with this option packets from 1 client to another are routed inside the server process. without it packets leave the server process, hit the kernel (firewall, routing table) and if allowed by firewall and routed back to server process, they go to the client. you use this option when you do not want to use selective firewall rules on what clients can access things behind
17:56 <@vpnHelper> other clients
17:57 <@krzee> then clients can access eachother by vpn address
17:57 <@krzee> then you probably also want:
17:57 <@krzee> !static
17:57 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
17:57 <@krzee> as well as:
17:57 <@krzee> !topology
17:57 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
17:57 < Z-Chymera> krzee: this sunds complicated - is there a guide for this like this one http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html ?
17:57 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
17:58 <@krzee> !howto
17:58 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
18:00 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 265 seconds]
18:01 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
18:02 < Z-Chymera> krzee: can you recommend any easier solutions for connecting from a machine with a dynamic ip to another one with a dynamic ip?
18:03 <@krzee> yes, dynamic dns with what you were already using
18:03 <@krzee> but since you asked for another solution, you get the second one
18:04 <@krzee> but ya those 2 are my only ideas for it
18:04 <@krzee> you can use dynamic dns on 1 side or both
18:04 <@krzee> gotta go, need to do work
18:18 -!- bastione [~duckDuckG@c-24-22-85-110.hsd1.or.comcast.net] has quit [Quit: leaving]
18:23 -!- kernal is now known as zz_kernal
18:29 -!- Z-Chymera [~chymera@77-57-116-83.dclient.hispeed.ch] has quit [Remote host closed the connection]
18:34 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
18:37 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 246 seconds]
18:39 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
19:00 -!- r00t^2_ is now known as r00t^2
19:01 -!- s7r_s is now known as s7r
19:26 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
19:29 < mnathani_> whats a decent guid on running ospf over openvpn?
19:33 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
19:43 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
19:46 -!- pk12_ [~pk12@84.39.116.180] has quit [Ping timeout: 256 seconds]
19:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:07 -!- Protected [~Join@118.139.114.89.rev.vodafone.pt] has quit [Disconnected by services]
20:18 -!- francisvgarcia [~francisvg@179.52.164.138] has joined #openvpn
20:24 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 256 seconds]
20:30 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
20:48 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
21:07 -!- dagnachewa [~dagnachew@bas1-montreal30-1177585814.dsl.bell.ca] has joined #openvpn
21:07 < dagnachewa> hi all
21:08 < dagnachewa> I am setting a vpn and I am using softether but am blocked on importing accountimport vpngate
21:09 < dagnachewa> what does it look like the .vpn from vpngate ? I could fill in my own info if I could see a samp[le .vpn from vpngate
21:15 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 252 seconds]
21:18 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
21:20 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:54 < dagnachewa> please anyone help
21:54 < dagnachewa> am following this tutorial http://lukeluo.blogspot.ca/2013/11/how-to-set-up-softehter-vpn-client.html
21:54 <@vpnHelper> Title: l think, therefore l am: How to set up Softehter VPN Client under Linux: Via vpngate.net (at lukeluo.blogspot.ca)
21:55 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has joined #openvpn
22:15 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has quit [Quit: khaldrogox]
22:18 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
22:19 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has joined #openvpn
22:19 -!- QbY [~qby@2601:0:a700:e4f0:c4c8:3453:788b:3093] has joined #openvpn
22:22 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
22:24 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has quit [Ping timeout: 244 seconds]
22:25 < QbY> So I have my OpenVPN working partially.  Not quite the way I want it.  What I'd like to do, without investing in new hardware is to get my box running OpenVPN to handle the rest of my network services (DHCP, NAT, Routing, Firewall, Port-Forwarding and of course VPN).  What's recommended?
22:25 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
22:26 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has joined #openvpn
22:30 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has quit [Client Quit]
22:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
22:32 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
22:38 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has joined #openvpn
22:39 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has quit [Client Quit]
22:39 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 246 seconds]
22:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:09 -!- francisvgarcia [~francisvg@179.52.164.138] has quit [Quit: Leaving]
23:14 -!- Blanc [~Blanc@irc.dagon.me] has joined #openvpn
23:15 < Blanc> hey so I just set up my openvpn server on centos 7, i currently have all firewalls disabled (that I know of) and I connect, can't get any traffic through
23:15 < Blanc> !configs
23:15 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
23:15 < Blanc> !logs
23:15 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
23:18 < Blanc> http://hastebin.com/uxuviwuheg.hs - config
23:18 <@vpnHelper> Title: hastebin (at hastebin.com)
23:18 < Blanc> ~logfile
23:18 < Blanc> !logfile
23:18 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
23:19 <@krzee> QbY, totally unrelated to openvpn.
23:19 <@krzee> Blanc,
23:19 <@krzee> !timeout
23:19 <@vpnHelper> "timeout" is if you see TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) then your problem is likely one of the following: either the server isnt running, your client is connecting to the wrong ip/port/protocol, the server's firewall/nat has an issue, or one of the ISPs blocks it
23:19 < Blanc> I enabled tun/tap with my server host
23:19 <@krzee> show logs from both sides
23:19 < Blanc> uhh
23:19 < Blanc> one sec.
23:20 < Blanc> brb gotta regen the tunnelblick logs
23:21 < Blanc> tunnelblick log
23:21 < Blanc> http://hastebin.com/koqotebudo.vhdl
23:21 <@vpnHelper> Title: hastebin (at hastebin.com)
23:22 <@krzee> both sides.
23:22 < Blanc> let me try to find my server side log
23:22 <@krzee> well
23:22 < Blanc> can you give me a quick pointer to the server side log on a defaulted install on centos 7
23:22 <@krzee> client config shows it did connect
23:22 <@krzee> !logfile
23:22 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
23:23 < Blanc> I'm having trouble understanding where to find my log on my server with that
23:23 < Blanc> is there a file called stdout somewhere?
23:23 <@krzee> =/
23:24 <@krzee> see #1
23:24 <@krzee> also, learn your os
23:24 <@krzee> !google stdout
23:24 <@vpnHelper> Standard streams - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Standard_streams>; stdout - C++ Reference - Cplusplus.com: <http://www.cplusplus.com/reference/cstdio/stdout/>; Standard Output Definition - The Linux Information Project: <http://www.linfo.org/standard_output.html>
23:24 < Blanc> should I edit server.conf to contain "log /etc/openvpn/log.txt"
23:24 < Blanc> then restart it?
23:24 <@krzee> yep
23:24 < Blanc> I'm sorry I've literally been using centos for ~1.5hrs
23:24 <@krzee> exactly
23:24 <@krzee> !bestos
23:24 <@vpnHelper> "bestos" is the best os for openvpn is the one you are most comfortable with
23:24 < Blanc> I used ubuntu before
23:25 < Blanc> just wanted an OS that ran slimmer so I could use less memory
23:25 <@krzee> stdout isnt exactly centos specific ;]
23:25 < Blanc> I know that :P
23:26 < Blanc> hmmm
23:27 < Blanc> server
23:27 < Blanc> http://hastebin.com/uvureqodij.coffee
23:27 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has joined #openvpn
23:27 <@vpnHelper> Title: hastebin (at hastebin.com)
23:27 <@krzee> definitely connected
23:28 <@krzee> not sure why you thought it wasnt
23:28 <@krzee> !redirect
23:28 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
23:28 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
23:28 < Blanc> I said I was able to connect, just no traffic.
23:28 <@krzee> if you meant your internet is not going through the vpn, follow the flowchart in #4
23:29 < Blanc> looking into it
23:30 <@krzee> i gotta go
23:30 <@krzee> good luck
23:30 < Blanc> !ipforward
23:31 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
23:31 < Blanc> ~linipforward
23:31 < Blanc> !linipforward
23:31 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
23:31 < Blanc> !nat
23:31 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
23:31 < Blanc> !linnat
23:31 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
23:32 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has quit [Quit: khaldrogox]
23:34 < Blanc> !def1
23:34 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
23:35 -!- dagnachewa [~dagnachew@bas1-montreal30-1177585814.dsl.bell.ca] has quit [Quit: WeeChat 1.1.1]
23:37 < Blanc> after following http://pekster.sdf.org/misc/redirect.png
23:37 < Blanc> "You likely have a firewall issue"
23:37 < Blanc> but I don't know how to fix that
23:43 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has joined #openvpn
23:51 -!- khaldrogox [~anonymous@c-50-131-37-33.hsd1.ca.comcast.net] has quit [Quit: khaldrogox]
--- Day changed Fri Mar 20 2015
00:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
00:18 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has joined #openvpn
00:25 -!- YazzMatazz [b0cda9d4@gateway/web/freenode/ip.176.205.169.212] has joined #openvpn
00:28 -!- YazzMatazz [b0cda9d4@gateway/web/freenode/ip.176.205.169.212] has quit [Client Quit]
00:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:49 -!- ShadniX [dagger@p57941996.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:49 -!- ShadniX_ [dagger@p5DDFC54F.dip0.t-ipconnect.de] has joined #openvpn
00:49 -!- ShadniX_ is now known as ShadniX
01:01 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has quit [Quit: leaving]
01:01 -!- Linmu_ [~Linmu@220-128-210-232.HINET-IP.hinet.net] has quit [Quit: leaving]
01:02 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:02 -!- mode/#openvpn [+o mattock] by ChanServ
01:08 -!- trumee [~parul@2601:e:1580:799::c64] has quit [Ping timeout: 256 seconds]
01:08 -!- sleepypc is now known as `hypermist`
01:13 -!- trumee [~parul@2601:e:1580:799::c64] has joined #openvpn
01:25 -!- lxusrbin [~lxusrbin@han-solo.atw0rk.net] has quit [Quit: leaving]
01:35 -!- Blanc is now known as Blanc|AFK
01:46 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
02:03 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Remote host closed the connection]
02:05 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:05 -!- mode/#openvpn [+o mattock] by ChanServ
02:06 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
02:09 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
02:14 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:14 -!- mode/#openvpn [+o mattock1] by ChanServ
02:16 -!- havingFun is now known as xrosnight
02:17 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
02:21 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Quit: No Ping reply in 180 seconds.]
02:21 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
02:23 -!- havingFun is now known as xrosnight
02:25 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
02:29 -!- lxusrbin [~lxusrbin@2a00:f826:3:2761::6667] has joined #openvpn
02:32 -!- `hypermist` is now known as sleepypc
02:41 -!- QbY [~qby@2601:0:a700:e4f0:c4c8:3453:788b:3093] has quit [Remote host closed the connection]
02:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
02:53 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:54 -!- mode/#openvpn [+o mattock] by ChanServ
03:08 -!- frerich [~frerich@kde/raabe] has joined #openvpn
03:09 < frerich> Hi, does anybody know whether there are logs of this IRC channel? I asked a question a couple of weeks ago in here, but then figured out the answer myself and also mentioned it. Now a colleague hits the same issue, but I cannot remember what I did to fix it. I hope I can find my own answer in the logs. :-)
03:17 -!- ShadniX [dagger@p5DDFC54F.dip0.t-ipconnect.de] has quit [Quit: Bye.]
03:17 -!- ShadniX [dagger@p5DDFC54F.dip0.t-ipconnect.de] has joined #openvpn
03:18 -!- ShadniX [dagger@p5DDFC54F.dip0.t-ipconnect.de] has quit [Client Quit]
03:19 -!- ShadniX [~ShadniX@p5DDFC54F.dip0.t-ipconnect.de] has joined #openvpn
03:20 -!- mikhael_k33hl [2be2071a@gateway/web/freenode/ip.43.226.7.26] has joined #openvpn
03:23 < mikhael_k33hl> Is it possible to give clients access to my server's local network via tun?
03:24 < jwww> Hello.
03:24 < jwww> mikhael_k33hl: yes seems possible,  I guess you have to forward the route to the client, maybe you'll need to nat too.
03:26 < mikhael_k33hl> jwww: what do you mean that i'll have to nat too?
03:28 < jwww> your server may have to translate your ip from the vpn to the lan. you do that with netfilter.
03:29 < jwww> mikhael_k33hl: look at http://serverfault.com/questions/418354/how-to-set-up-openvpn-to-let-the-vpn-clients-to-access-all-the-servers-inside-th
03:29 <@vpnHelper> Title: How to set up OpenVPN to let the VPN clients to access all the servers inside the server LAN? - Server Fault (at serverfault.com)
03:36 < mikhael_k33hl> jwww: thanks
03:39 -!- terry_t [~terry@183178242025.ctinets.com] has quit [Remote host closed the connection]
03:44 < jwww> yw.
04:06 -!- dazo_afk is now known as dazo
04:07 -!- mikhael_k33hl [2be2071a@gateway/web/freenode/ip.43.226.7.26] has quit [Ping timeout: 246 seconds]
04:10 -!- mikhael_k33hl [2be2071a@gateway/web/freenode/ip.43.226.7.26] has joined #openvpn
04:12 -!- mikhael_k33hl [2be2071a@gateway/web/freenode/ip.43.226.7.26] has quit [Client Quit]
04:59 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
05:14 < ghormoon> hi, what am I missing, even when cut down the config to this http://pastebin.com/vTnGE5ji I get no response from the server. I see the incoming traffic on the server in tcpdump, but it doesn't respond, nothing in server log ... I must be missing something trivial :) other vpn on 1194 works ok, so likely I've just broke something in this config :)
05:16 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
05:30 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
05:31 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
05:36 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
05:36 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
05:37 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
05:38 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Remote host closed the connection]
05:38 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
05:39 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn []
05:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:49 < jwww> with apache 2.4 is it possible to have multiple if condition like <If "%{REMOTE_ADDR} !=" 127.0.0.1" && "%{REMOTE_ADDR} !=" 128.0.0.1" > ... ?
05:50 -!- frerich [~frerich@kde/raabe] has left #openvpn []
05:51 < ghormoon> Nvm, it was firewall, as always, I forgot tcpdump is before iptables :/
05:51 < jwww> erm
05:52 < jwww> sorry dudes, wrong channel.
05:55 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
06:11 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
06:55 -!- lbft is now known as tractor
06:56 -!- tractor is now known as lbft
07:25 -!- Latrina [~Latrina@adsl-ull-214-195.50-151.net24.it] has quit [Ping timeout: 246 seconds]
07:26 -!- YazzMatazz [b0cda9d4@gateway/web/freenode/ip.176.205.169.212] has joined #openvpn
07:54 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
08:02 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
08:02 -!- BtbN [btbn@btbn.de] has joined #openvpn
08:05 -!- YazzMatazz [b0cda9d4@gateway/web/freenode/ip.176.205.169.212] has quit [Ping timeout: 246 seconds]
08:17 -!- architekt [archi@i.love.coding4.coffee] has joined #openvpn
08:23 -!- Protected [~Join@118.139.114.89.rev.vodafone.pt] has joined #openvpn
08:25 < Protected> Hey all... I'm having a bit of a problem. I recently moved and as such am using a new ISP and router (the router was provided by the ISP). So I get on the VPN and everything is fine, however at some point when I'm not looking a new route pops up which overrides the openvpn routes (by having a lower metric) and redirects everything back to the ISP's router. Any ideas? I'm on windows. I tried
08:25 < Protected> messing with the network types, changing how openvpn runs as an admin, enabling and disabling uac and all sorts of other windows voodoo, to no avail...
08:25 < Protected> This never happened before
08:27 < Protected> This is what my routing table currently looks like: http://pastebin.com/L5FvM5jM
08:27 < Protected> Please disregard my unsuccessful attempt to use non-overlapping routes to go around the problem, it just pushed all my routes to a higher metric when it happened
08:27 < Protected> .67 is the local router
08:28 < Protected> (The state depicted in that routing table is post-auto-override)
08:28 < Protected> Anyway, I'll be grateful for any help, I'll check this window on occasion
08:35 -!- dagnachewa [~dagnachew@bas1-montreal30-1177585814.dsl.bell.ca] has joined #openvpn
08:36 -!- dagnachewa [~dagnachew@bas1-montreal30-1177585814.dsl.bell.ca] has quit [Client Quit]
08:48 -!- Tausen [~Tausen@tausen.org] has joined #openvpn
08:50 -!- Protected [~Join@118.139.114.89.rev.vodafone.pt] has quit [Ping timeout: 252 seconds]
08:50 < Tausen> I'm using the NAT hack to work around a router that cannot handle static routes, but what do I do if I e.g. want to ping a VPN client from a machine on the VPN server LAN and not the other way around?
08:56 < rob0> You'll always have lots of issues with NAT hacks.  By definition, it cannot be perfect.
08:59 < Tausen> rob0, I suppose thats why they call it a hack :P I'm trying to get the router replaced with something that can handle static routes, but in the meantime I'd like things to at least workish
09:00 < Tausen> I suppose I could add a route on the LAN machine, but I'm a complete noob at all this and not really sure how I'm supposed to proceed
09:08 -!- dagnachewa [~dagnachew@bas1-montreal30-1177585814.dsl.bell.ca] has joined #openvpn
09:12 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
09:19 < Tausen> Hmm, I don't really understand why I'm not using bridging instead of the NAT hack. Would I not be able to access machines on the LAN of the VPN server from a VPN client (and vice versa) if I used openvpn bridging?
09:20 <@dazo> Tausen: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
09:20 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
09:20 <@dazo> Tausen: using bridging is the right solution in 1 of 1000 setups
09:21 <@dazo> I believe I have experienced 2-3 setups here since 2009 where bridging really has been the right solution
09:22 <@dazo> if you have issues with routing ... solve the routing issue, don't try to work around it with NAT or bridging
09:22 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 250 seconds]
09:23 < Tausen> Thanks, I'll try reading that. Just read through https://www.grc.com/vpn/routing.htm which gave me the impression that bridging would solve all my issues
09:23 <@vpnHelper> Title: GRC | OpenVPN HOWTO Guide: Routing vs Bridging (at www.grc.com)
09:27 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
09:28 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 264 seconds]
09:31 <@dazo> Tausen: when someone claims "Bridging, by comparison, is much simpler." ... then I'd question their knowledge
09:31 <@dazo> it can look like it's easier ... but in fact, you have so many other layers of issues hidden in bridging it's really not worth it
09:33 -!- Protected [~Join@atuin.discworld.eu] has joined #openvpn
09:33 < Protected> Still around
09:34  * dazo is still not a Windows user, so he wouldn't know
09:35 < Protected> That's fine, thanks anyway. I'm hoping someone will be able to help eventually
09:35 < Protected> I just ascertained that windows is flat out ignoring a permanent route with a lower metric
09:35 -!- MadTBone [~MadTBone@128.59.37.113] has joined #openvpn
09:35 -!- MadTBone [~MadTBone@128.59.37.113] has quit [Client Quit]
09:40 < Tausen> dazo, alright, thanks for the advice. Let me just get this straight, though - if I were to set up openvpn using bridging and somehow got it configured properly, would communication between vpn clients and machines on the server lan work without having to configure the LAN router etc? I'm trying to formulate an argument for why I have set up openvpn using routing rather than bridging, and so far my best argument is "smart people told me to" :P
09:42 <@dazo> If done properly, yes, it can of course work.  But you will get a lower performance, due to that the VPN tunnel transports more data for each packet (Ethernet headers).  In addition, it will be experienced as slowing down the network due to broadcast traffic from both networks being sent over the VPN to the "other" network
09:42 <@dazo> And that will really start to give you pain when you get enough users on the network complaining about poor network performance
09:43 <@dazo> using routing, with separate IP subnets on each remote net and the VPN tunnel ... only the traffic which needs to be transferred to the "other" network is being processed
09:43 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Sleeping.]
09:43 <@dazo> In addition, you can most likely use TUN instead of TAP, which takes out the Ethernet header from each packet, giving a smaller overhead
09:43 <@dazo> s/smaller/reduced/
09:45 <@dazo> also, when you do bridging, you can only have one DHCP server on both networks combined ... so if the VPN tunnels drops, the network side without a local DHCP server will suddenly be completely without a network
09:45 <@dazo> ... without a *functional* network, I meant
09:48 < Tausen> Aha, I see. That makes sense. All network traffic (e.g. access to the internet) of the vpn clients would be sent through the vpn server and router on the vpn server lan?
09:48 <@dazo> it is possible to add routes on each net to avoid that as well, but it can easily get a bit complicated to achieve that
09:49 <@dazo> "use the local router for Internet traffic"
09:49 <@dazo> or you need to tweak your DHCP server to provide the proper local gateway on DHCP requests, based on the network they belong to
09:51 < Tausen> Alright, thanks a million for the advice! :) I'll do what I can do dodge the bridging approach
09:52 < Tausen> much appreciated
09:52 <@dazo> you're welcome
09:56 < ghormoon> hi, did anyone try to setup openvpn client on ipad? is there any safe way to pull in the keys? it offers me mail or itunes ... just ... nope ...
09:56 <@dazo> Tausen: basic setup would be something like this once you have the VPN tunnel established:  http://fpaste.org/200562/42686337/raw/
09:57 <@dazo> (in addition comes firewall setup, to allow traffic to pass through the VPN servers)
09:57  * dazo goes for food
09:58 < rob0> Wow, I'm looking at that GRC page on bridging vs. routing, and the things he considers "good" are actually bad.
09:58 < rob0> bizarre!
10:00 -!- apollo2k is now known as aPollO2k
10:01 <@dazo> Tausen: oh, I forgot ... the fpaste is missing an iroute statement for the openvpn config, but that's basically it
10:02 < Tausen> dazo, I see, thanks. I think I follow :)
10:11 -!- havingFun is now known as xrosnight
10:16 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
10:18 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
10:20 -!- Latrina [~Latrina@adsl-ull-193-182.50-151.net24.it] has joined #openvpn
10:22 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 272 seconds]
10:24 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
10:27 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
10:33 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 264 seconds]
10:35 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
11:03 -!- zz_kernal is now known as kernal
11:04 -!- kernal is now known as zz_kernal
11:05 -!- aPollO2k is now known as apollo2k
11:07 -!- Blanc|AFK is now known as Blanc
11:14 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Sleeping.]
11:32 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
11:32 -!- Blanc is now known as Blanc|AFK
11:35 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
11:47 -!- dyce [62bd4908@gateway/web/freenode/ip.98.189.73.8] has joined #openvpn
11:50 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:03 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
12:03 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
12:09 < dyce> is it possible to make a tor like network by running both the ovpn client and server (server still open accessible by public ip) but the clients who connect will be routed to the server's client
12:15 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:25 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
12:25 -!- alexises [lameire201@fedora/alexises] has quit [Ping timeout: 250 seconds]
12:53 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Leaving.]
13:07 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
13:08 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
13:10 < zoredache> If you are asking if traffic can come in from one instance of VPN, and be routed through another instance of OpenVPN, then yes.
13:14 -!- dazo is now known as dazo_afk
13:22 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
13:35 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
13:37 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 256 seconds]
13:38 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
13:39 -!- jefferai [jefferai@kde/mitchell] has quit [Read error: Connection reset by peer]
13:46 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
13:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
13:52 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
13:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:10 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
14:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
14:18 -!- Protected [~Join@atuin.discworld.eu] has quit [Disconnected by services]
14:21 -!- Protected [~Join@atuin.discworld.eu] has joined #openvpn
14:24 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
14:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:26 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
14:46 -!- ozux [~root@unaffiliated/ozux] has quit [Ping timeout: 246 seconds]
14:48 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
14:49 -!- bigpic [~rmasse@s72-38-111-130.static.comm.cgocable.net] has joined #openvpn
15:07 -!- jakhead [~hexx@108-254-136-135.lightspeed.tulsok.sbcglobal.net] has joined #openvpn
15:09 < jakhead> if I have a functioning openvnp setup between a server and 3 unique clients, and want to connect a fourth client at another location to allow its LAN clients to connect to the vpn through it, what would that be called? I'm just looking for some search terms
15:20 -!- Latrina [~Latrina@adsl-ull-193-182.50-151.net24.it] has quit [Quit: ZNC - http://znc.in]
15:22 -!- pk12 [~pk12@84.39.116.180] has quit [Quit: Textual IRC Client]
15:24 -!- bigpic [~rmasse@s72-38-111-130.static.comm.cgocable.net] has quit [Quit: bigpic]
15:25 -!- Latrina [~Latrina@adsl-ull-193-182.50-151.net24.it] has joined #openvpn
15:45 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
16:15 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
16:31 < Protected> A client with some fancy iptables rules?
16:31 < Protected> Routing-wise it's the same thing you do with the server for the vpn clients to access the internet through it
16:32 < jakhead> ok cool thank you, that's what I suspected but was getting a little confused while googling
16:52 < rob0> !clientlan
16:52 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
16:52 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
16:52 < rob0> ^^ might help some
16:53 < rob0> But you might also have to have the server do NAT for that client LAN.
16:53 < jakhead> thank you
16:54 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:57 -!- micw [~micw@x4d0586f0.dyn.telefonica.de] has joined #openvpn
16:57 < micw> hi
16:59 < micw> I try to connect a "zeroshell" router distri with an openvpn server. i have a working configuration (ca, key,cert,config). if i run it on my computer, it connects. if i run the same on the zeroshell box, it fails.
16:59 < micw> on the server i see:
17:00 < micw> TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
17:01 < micw> client/server option hashes matches between client and server
17:11 < micw> seems to be a problem with the load balancer that spreads the udp traffic accross 2 lines...
17:13 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
17:14 < Olipro_> does openvpn also support CIDR syntax within the config file for IPv4?
17:23 -!- micw [~micw@x4d0586f0.dyn.telefonica.de] has quit [Read error: Connection reset by peer]
17:42 -!- Tausen [~Tausen@tausen.org] has left #openvpn ["Leaving"]
18:33 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:49 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 252 seconds]
18:58 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has quit [Remote host closed the connection]
19:14 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 245 seconds]
19:16 -!- _FBi [~B@Aircrack-NG/User] has joined #openvpn
19:24 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 245 seconds]
19:25 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
19:25 -!- mode/#openvpn [+v s7r] by ChanServ
19:26 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
19:42 -!- dagnachewa [~dagnachew@bas1-montreal30-1177585814.dsl.bell.ca] has left #openvpn ["WeeChat 1.1.1"]
20:17 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:19 -!- jakhead [~hexx@108-254-136-135.lightspeed.tulsok.sbcglobal.net] has quit [Remote host closed the connection]
20:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
20:30 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:51 -!- Blanc|AFK is now known as Blanc
21:00 -!- Blanc [~Blanc@irc.dagon.me] has quit [Quit: peacin']
21:04 -!- u0m3 [~u0m3@92.80.82.3] has quit [Read error: Connection reset by peer]
21:19 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
21:22 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Client Quit]
21:26 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
21:43 < Olipro_> does OpenVPN support CIDR notation for pushing routes?
21:43 < Olipro_> e.g. --push "route 192.0.2.0/24"
21:52 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
21:53 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
22:03 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
22:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:38 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
22:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:58 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
23:26 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
--- Day changed Sat Mar 21 2015
00:46 -!- ShadniX [~ShadniX@p5DDFC54F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:47 -!- ShadniX [dagger@p5DDFEA68.dip0.t-ipconnect.de] has joined #openvpn
01:35 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
01:40 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
01:47 -!- Malsasa [~Malsasa@36.81.104.71] has joined #openvpn
02:00 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
02:05 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 252 seconds]
02:10 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
02:37 -!- Malsasa [~Malsasa@36.81.104.71] has quit [Ping timeout: 264 seconds]
02:40 -!- Malsasa [~Malsasa@36.81.104.71] has joined #openvpn
02:46 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
02:47 -!- mattock_afk is now known as mattock
02:53 -!- mattock is now known as mattock_afk
02:56 -!- phantomcircuit [~phantomci@smartcontracts.us] has joined #openvpn
02:56 < phantomcircuit> the docs say that CBC is a reasonable bcm for ovpn
02:56 < phantomcircuit> but they dont explain why
02:56 < phantomcircuit> anybody know?
03:07 -!- mattock_afk is now known as mattock
03:09 -!- Malsasa [~Malsasa@36.81.104.71] has quit [Quit: No Ping reply in 180 seconds.]
03:10 -!- Malsasa [~Malsasa@36.81.104.71] has joined #openvpn
03:12 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 264 seconds]
03:36 -!- Malsasa [~Malsasa@36.81.104.71] has quit [Remote host closed the connection]
03:42 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
04:00 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
04:01 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
04:01 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
04:01 -!- mode/#openvpn [+v s7r] by ChanServ
04:11 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 264 seconds]
04:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
05:14 -!- `Yoda is now known as Yoda
05:19 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:22 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has joined #openvpn
05:26 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
05:30 -!- Yoda [Yoda@gateway/shell/yourbnc/x-tvbxksxymxgqrlyu] has quit [Changing host]
05:30 -!- Yoda [Yoda@unaffiliated/yoda] has joined #openvpn
05:30 -!- Yoda [Yoda@unaffiliated/yoda] has quit [Changing host]
05:30 -!- Yoda [Yoda@gateway/shell/yourbnc/x-tvbxksxymxgqrlyu] has joined #openvpn
05:31 -!- Yoda [Yoda@gateway/shell/yourbnc/x-tvbxksxymxgqrlyu] has quit [Quit: YourBNC - (https://yourbnc.co.uk)]
05:32 -!- `Yoda [Yoda@unaffiliated/yoda] has joined #openvpn
05:32 -!- `Yoda is now known as Yoda
05:32 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has joined #openvpn
05:53 -!- leo2007 [~leo2007@128.199.230.246] has quit [Remote host closed the connection]
06:01 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has quit [Quit: Lost terminal]
06:01 -!- tamazaki_ [~tamazaki@95.85.35.109] has joined #openvpn
06:03 < tamazaki_> Does anyone know when OpenVPN plan to release a new build containing the latest openssl libraries after the recent OpenSSL Security Advisory
06:09 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
06:22 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
06:31 -!- Chais [~Chais@unaffiliated/chais] has quit [Remote host closed the connection]
06:32 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 246 seconds]
06:34 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
06:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
07:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:16 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
07:17 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Remote host closed the connection]
07:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
07:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:24 < BtbN> tamazaki_, OpenVPN does not need an update for that, the distributions juse release new openssl packages.
07:24 < BtbN> *t
07:26 <@plaisthos> BtbN: under windows OpenSSL is part of the OpenVPN distribution
07:26 < BtbN> Update it yourself if you are in a hurry. I'm not even sure if OpenVPN is affected by any of the fixes. Most of them were for stuff like SSL2.
07:27 < pekster> The good news is the latest openssl advistory isn't a particular problem for openvpn since the latest installer doesn't use version 1.0.2 which whwere most of the problems were
07:28 < pekster> The export ciphersuite was one of the few that impacted most versions, but you already have control over not using horrible cipher-suites. Read !hardening for details
07:28 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
07:29 < pekster> tamazaki_: ^ see my comments above
07:30 < pekster> Looks like an ANS.1 crash might be possible too, although here again, --tls-auth provides mitigation against just this thing in openvpn
07:30 < pekster> ASN1*
07:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:05 <@plaisthos> !hardening
08:05 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
08:06 <@plaisthos> Today, OpenVPN does not support TLS-ECDHE-* or more exotic cipher-suites as there is no elliptic curve support currently.
08:06 <@plaisthos> in -master that is not true anymore :)
08:09 -!- ShadniX [dagger@p5DDFEA68.dip0.t-ipconnect.de] has quit [Quit: Bye.]
08:30 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
08:38 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:54 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
08:56 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
08:58 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
09:13 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
09:21 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
09:55 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
10:11 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
10:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:13 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 256 seconds]
10:18 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 256 seconds]
10:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:27 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has joined #openvpn
10:35 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Quit: Bye]
10:37 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
10:39 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
10:46 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:47 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:49 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:50 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:51 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:52 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:57 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
10:57 -!- bigpic [~rmasse@192.235.231.5] has joined #openvpn
11:09 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
11:13 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
11:30 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has joined #openvpn
11:34 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
11:37 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
11:39 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
11:46 -!- bigpic [~rmasse@192.235.231.5] has quit [Quit: bigpic]
11:50 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
12:04 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 264 seconds]
12:07 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
12:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
12:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
12:22 -!- ShadniX [dagger@p5DDFEA68.dip0.t-ipconnect.de] has joined #openvpn
12:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:32 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
12:42 -!- zz_kernal is now known as kernal
13:19 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
13:21 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
13:49 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
13:54 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:54 -!- mode/#openvpn [+o mattock1] by ChanServ
13:57 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:10 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
14:44 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:56 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 256 seconds]
15:03 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 252 seconds]
15:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
15:07 -!- highbass [~highbass@CPE602ad07a9c14-CM602ad07a9c11.cpe.net.cable.rogers.com] has joined #openvpn
15:09 -!- mattock is now known as mattock_afk
15:19 -!- grassass [slug@gateway/vpn/mullvad/x-zemxdhzowbzexsed] has joined #openvpn
15:20 < grassass> is it safe to check my everyday gmail account through my vpn and stay anonymous?
15:29 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
15:31 -!- james41382 [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
15:32 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn []
15:51 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
16:02 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
16:02 -!- mwc [~matt@gateway/vpn/privateinternetaccess/mwc] has joined #openvpn
16:03 < mwc> Why does openvpn create these two routes: 0.0.0.0/1 and 128.0.0.0/1 and not simply a default rule?
16:16 < rob0> !def1
16:16 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
16:25 < mwc> Presumably redirect-gateway is "pushed" from the server?
16:30 -!- mwc [~matt@gateway/vpn/privateinternetaccess/mwc] has quit [Ping timeout: 252 seconds]
16:46 -!- mwc [~matt@gateway/vpn/privateinternetaccess/mwc] has joined #openvpn
16:53 -!- jthunder [~jthunder@S0106d4ca6d1a04a4.vc.shawcable.net] has joined #openvpn
16:59 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
17:03 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
17:03 -!- zadock [~zadock@81.180.210.87] has quit [Client Quit]
17:06 -!- jthunder [~jthunder@S0106d4ca6d1a04a4.vc.shawcable.net] has quit [Ping timeout: 256 seconds]
17:09 -!- apollo2k is now known as aPollO2k
17:12 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
17:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
17:22 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
17:26 -!- jthunder [~jthunder@S0106d4ca6d1a04a4.vc.shawcable.net] has joined #openvpn
17:28 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
17:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
17:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Remote host closed the connection]
17:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
17:44 -!- CaTtleyA [~CaTtleyA@plb95-9-78-241-235-51.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
17:46 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
17:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
17:52 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
17:55 -!- aPollO2k is now known as apollo2k
18:00 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
18:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
18:03 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has quit [Remote host closed the connection]
18:08 -!- Blanc [~Blanc@irc.dagon.me] has joined #openvpn
18:18 -!- Blanc is now known as Blanc|AFK
18:20 < Exagone313> hello, I want to configure openvpn to have multiple users with username and password connection, using the same client configuration file. Users must have a static local ip address to be auth as their username. I am on Ubuntu 14.04 and I don't find updated and clear tutorials (i'm not an advanced user of openvpn). I used openvpn-as before but I want to stop. Can you help me please?
18:21 < Exagone313> And I want to route ipv4 internet obviously
18:23 < pekster> (that's not necessarily obvious, but it's good you stated that goal upfront)
18:23 < pekster> !userauth
18:23 < pekster> !authpass
18:23 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
18:23 < Exagone313> but it's not easy what you give to me
18:24 < pekster> ^ that's the user/pass auth script hook. You'll also need !redirect to do Internet redirection via the VPN server, and !static to issue static IPs to your clients
18:24 < Exagone313> !redirect
18:24 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
18:24 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
18:24 < Exagone313> !static
18:24 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
18:24 < pekster> You should _not_ use --server if you do static IP assignment, because otherwise you have no free non-pool (dynamic) VPN range
18:32 < Exagone313> ok thanks I will try to make it
18:44 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
18:46 -!- soLucien [~Lu@89.136.187.26] has joined #openvpn
18:54 -!- pantato [~pub@23.92.54.158] has joined #openvpn
18:55 < pantato> is tcp openvpn most definitely faster than udp?
18:55 < BtbN> tcp openvpn is bad
18:56 < pantato> oh
18:56 < BtbN> don't use it if you don't realy have to.
18:57 < pantato> but i set up a vpn server successfully and it connects and everything but is just slow as dirt
18:57 < pantato> torrents start to go then they slow down to nothing
18:59 < pantato> why do vpn servers behave this way? could it be a problem with my vps service?
19:02 < pantato> perhaps a poor choice in subnet?
19:03 < rob0> !tcp
19:03 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
19:05 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
19:12 < pantato> i put 10.50.0.0 as the network
19:12 < pantato> and 255.255.255.0 as the network interface
19:12 < pantato> could that option possibly by why it's not working properly?
19:13 < pantato> also i did it through webmin
19:13 < pantato> !welcome
19:13 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
19:13 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:13 < pantato> !howto
19:13 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
19:14 < pekster> You're presumably doing --redirect-gateway then?
19:16 < pantato> yes
19:17 < pantato> http://pastebin.com/S0pvUFmK
19:17 < pekster> The only other particularly relevant thing would be NAT on the expected communication port from the public IP to the client
19:17 < pekster> Probaly requring you to do !static, or otherwise keep the client the same all the time
19:17 < pekster> (same as with any RFC1918 NAT really)
19:20 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:33 -!- pantato [~pub@23.92.54.158] has quit [Remote host closed the connection]
19:36 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
19:38 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
19:45 -!- pantato [~pub@23.92.54.158] has joined #openvpn
19:46 < pantato> how would i go about finding out the ideal subnet to run my openvpn server on on my vps?
19:46 < pekster> What?
19:46 < pekster> You have all of RFC1918 to use
19:47 < pekster> Just don't collide with what your server and any clients you intend to connect are, and you'll be fine
19:47 -!- kernal is now known as zz_kernal
19:48 < pantato> so i see 10.50.0.1 in my ifconfig on my vps, that means i should definitely _not_ use 10.50.0.0 / 255.255.255.0 ?
19:48 < pantato> sorry i'm just trying to wrap my head around networking in general
19:48 < pekster> "in my ifconfig" <-- what does this mean
19:48 < pantato> my ifconfig output
19:49 < pekster> Linux? ifconfig sucks there (use ip. ifconfig is crap, has been for 10 years)
19:49 < pekster> And you'll obviously have the VPN network listed there. this is normal
19:49 < pekster> If this is also your physical connection on _another_ interface you can't use it. Thankfully RFC1918 is huge
19:49 < pekster> Do you have another non-tun interface with that same network?
19:51 < pantato> http://pastebin.com/fuJnVhVz
19:51 < pantato> ^ output of ifconfig -a
19:52 < pekster> In the future, use `ip addr show`
19:52 < pekster> ifconfig is a rotting pile of shit on Linux, unable to support networking advances in the last decade Linux has had
19:52 < pekster> !ifconfig_linux
19:52 <@vpnHelper> "ifconfig_linux" is Avoid use of 'ifconfig' and 'route' commands on modern Linux distros. It's old, deprecated, and often misleading/wrong. Use the 'ip a' and 'ip r' commands instead. More info: http://inai.de/2008/0219-ifconfig-sucks.php
19:52 < pekster> But your network is fine
19:53 < pekster> Obviously tun0 has the network you set. None of your other interfaces use the same address; so long as that's true of all clients, it's fine. That's unrelated to your problem
19:53 < pekster> Check that you've done DNAT for the port your application client is configured to use (you do know how Bittorrent works when 2 clients are both behind NAT, right? Namely that it doesn't work..)
19:54 < pekster> Or simply accept that it's going to suck if you don't do that, at least unless the swarm has so many non-firewalled peers, or peers not as poorly configured
19:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:07 < pantato> pekster done DNAT?
20:08 < pantato> can you phrase that a different way so I can translate
20:08 < pekster> If you do not expose the data port your application is listening for externally-initiated connections, bittorrent largely sucks
20:09 < pekster> It's assumed you can open up this port to use bittorrent well. If not, you can only ever connect to clients that are not as misconfigured
20:09 < pantato> my firewall is completely off on the client side
20:09 < pantato> but i'll double check
20:09 < pekster> But 10.50.0.0/24 is NOT "on the Internet"
20:10 < pekster> You treat this just like your home router, and forward a port from the gateway holding the public IP. With --redirect-gateway you do this port forward on the VPN server
20:10 < pekster> NAT in the usual way (that's DNAT in Netfilter, aka iptables. Pretty basic stuff, and it's not specific to OpenVPN
20:10 < pekster> You do this exactly like you would for any other Linux router with an RFC1918 LAN. It's just a private network, like any other
20:25 -!- chocolate [~chocolate@187.181.101.220] has joined #openvpn
20:26 < pantato> so i just need to make sure the torrent ports are forwarded on the vps since i'm using redirect gateway
20:26 < pantato> ?
20:26 < pekster> Right
20:27 < pekster> Think of your VPN server as your "home router" since that's basically what it is: your last-hop before packets arrive onto the actual Internet with a usable IP
20:27 < pantato> thank you for your patience. I think I'll be able to figure this out now
20:35 < pantato> cool I think i may have done it. Got a torrent going at about half a meg down..
20:35 < pantato> baby's first vpn
20:35 < pantato> cheers!
20:41 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 264 seconds]
20:46 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:48 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
20:51 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:55 < pantato> pekster: I am pretty sure I entered the right iptables commands to open up torrent ports, but when i run nmap it only should 22,80 and 10000 open
20:55 < pantato> before i play around with iptables more, is there anything in the openvpn server config i should re-examine?
20:55 < pekster> nope
20:56 < pekster> Mind that nmap usually needs to be told what ports to scan (or it'll only scan some "common" ones)
20:58 < rob0> and you have to use it from outside, usually
21:02 < pantato> http://pastebin.com/FLAxnNAQ
21:02 < pantato> ok i'll try from the outside
21:04 < pantato> yeah it says closed
21:05 < pekster> Sounds like lack of DNAT, or a firewall is actively rejecting it somewhere (or no application is really listening there)
21:17 < Protected> You probably want something like this on the server: iptables -t nat -A PREROUTING -p all --dport MY_PORT -j DNAT --to-destination MY_IP_ON_VPN:MY_PORT
21:18 < Protected> Check your other rules, try a different port, and check if you're being blocked outside the vpn
21:30 < mnathani_> how would I setup openvpn without a bunch of certs
21:30 < mnathani_> just using pre shared key
21:32 < pekster> !statickey
21:32 <@vpnHelper> "statickey" is (#1) you can use static keys by using --secret </path/to/key> or (#2) static keys only work for ptp links, not client/server. They also do not provide forward encryption. A forward-secure encryption scheme (such as openvpn uses with certs) protects secret keys from exposure by evolving the keys with time. or (#3) see !forwardsecurity for more info
21:32 < mnathani_> ahh, I need client / server
21:33 < pekster> At least your server needs a full keypair then, signed by a CA whose public component (the CA cert) is available to the clients
21:38 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
21:39 -!- Poster|x [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Quit: all through every forest, above the trees, within my stomach, scraped off my knees, i drink the honey, inside your hive, you are the reason, i stay alive]
21:41 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
21:55 -!- nickSwe [~quassel@2605:6000:9b86:c700:7dd2:5d5:769e:1707] has joined #openvpn
22:04 -!- pantato [~pub@23.92.54.158] has quit [Remote host closed the connection]
22:37 -!- mwc [~matt@gateway/vpn/privateinternetaccess/mwc] has quit [Quit: WeeChat 1.1.1]
22:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:57 -!- krzee [~k@openvpn/community/support/krzee] has quit [Read error: Connection reset by peer]
22:57 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
22:57 -!- mode/#openvpn [+o krzee] by ChanServ
22:58 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 245 seconds]
22:59 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 245 seconds]
22:59 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
22:59 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
23:14 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Ping timeout: 264 seconds]
23:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:52 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has joined #openvpn
23:52 -!- highbass [~highbass@CPE602ad07a9c14-CM602ad07a9c11.cpe.net.cable.rogers.com] has quit [Remote host closed the connection]
23:54 -!- nickSwe [~quassel@2605:6000:9b86:c700:7dd2:5d5:769e:1707] has quit [Remote host closed the connection]
--- Day changed Sun Mar 22 2015
00:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:19 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
00:20 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 256 seconds]
00:22 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
00:22 -!- mode/#openvpn [+o krzee] by ChanServ
00:27 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 245 seconds]
00:27 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 245 seconds]
00:28 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
00:29 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
00:46 -!- ShadniX [dagger@p5DDFEA68.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:47 -!- ShadniX [dagger@p5DDFF842.dip0.t-ipconnect.de] has joined #openvpn
01:21 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 256 seconds]
01:22 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
01:26 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
01:27 -!- Netsplit *.net <-> *.split quits: Chex, early, kossy
01:29 -!- Netsplit over, joins: early
01:38 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
01:38 -!- mode/#openvpn [+o krzee] by ChanServ
01:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
01:43 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
01:43 -!- kossy [a@2610:1a0:103:4a:dead:beef:0:cafe] has joined #openvpn
01:43 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Max SendQ exceeded]
01:43 -!- kossy [a@2610:1a0:103:4a:dead:beef:0:cafe] has quit [Max SendQ exceeded]
01:43 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
01:46 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
02:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:30 -!- jthunder [~jthunder@S0106d4ca6d1a04a4.vc.shawcable.net] has quit [Quit: jthunder]
03:23 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:30 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
03:31 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn []
03:53 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
03:58 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
04:02 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:18 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:22 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:33 -!- mattock_afk is now known as mattock
05:10 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 265 seconds]
05:14 -!- Exagone313 [~exa@elou.world] has joined #openvpn
05:25 -!- soLucien [~Lu@89.136.187.26] has quit [Read error: Connection reset by peer]
05:42 -!- zz_kernal is now known as kernal
06:09 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
06:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
06:37 -!- Exagone313 [~exa@elou.world] has quit [Quit: see ya!]
06:37 -!- Exagone313 [exa@elou.world] has joined #openvpn
06:42 < Exagone313> hello, i've 2 questions about auth-user-pass-verify. 1) Does the code have to be returned (0/1) in stdout? 2) Should I use duplicate-cn on the server if the clients use the same configuration and certifiles?
06:42 < Exagone313> certification files*
07:17 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 272 seconds]
07:22 -!- Exagone313 [exa@elou.world] has joined #openvpn
07:32 <@plaisthos> Exagone313: no as return code
07:32 <@plaisthos> exit 1 in bash
07:32 <@plaisthos> iirc
07:32 <@plaisthos> sys.exit(1) in python
07:32 <@plaisthos> etc.
07:33 <@plaisthos> !duplicate-cn
07:33 <@vpnHelper> "duplicate-cn" is "dupe" is (#1) see --duplicate-cn in the manual (!man) to see how to allow multiple clients to use the same key (NOT recommended) or (#2) instead, use !pki to make a cert for each user
07:34 < Exagone313> plaisthos: i'm using php
07:35 < Exagone313> I don't know if it is possible :s
07:35 < Exagone313> it seems to be fine accoriding to the doc
07:37 -!- julius_ [~14354s@dslb-178-003-134-192.178.003.pools.vodafone-ip.de] has joined #openvpn
07:37 < julius_> hi
07:43 < julius_> is there a way to have a vpn client route all its traffic over the server but still show up its ip on the other end?
07:50 < Exagone313> julius_: no it's not possible
07:51 < julius_> couldnt you use a proxy software inside the vpn tunnel somehow?
07:51 < Exagone313> yes you can
07:52 < Exagone313> for example a proxy setting in your navigator
07:52 < julius_> navigator?
07:52 < Exagone313> web navigator
07:52 < julius_> ah
07:52 < julius_> yeah, sure
07:53 < julius_> i really like to traffic shape all connnections, but also have clients use their own ip
07:53 < Exagone313> Why don't use a secured connection for a specific service?
07:54 < julius_> maybe, have to do something else right now. will come back later
07:54 < julius_> thx
07:57 < Exagone313> I followed a tutorial to set up the server configuration, but it does not talk about the client configuration -_- Here is my server config: http://ewd.xyz/xGpEAddoyorViPI (I added some things at the end) and the tutorial: http://www.slsmk.com/getting-started-with-openvpn/installing-openvpn-on-ubuntu-server-12-04-or-14-04-using-tap/ Can you help me please?
07:57 <@vpnHelper> Title: Elouworld File (at ewd.xyz)
08:03 < Exagone313> it's ok, I found the client sample, I will try with that
08:12 -!- havingFun is now known as xrosnight
08:24 < Exagone313> I'm unable to start the openvpn server with my config, i get this error: Options error: --auth-user-pass-verify script fails with '/home/openvpn/chroot/login.php': Permission denied
08:24 < Exagone313> oh i know
08:24 < Exagone313> sorry
08:34 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
08:37 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 245 seconds]
08:37 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
08:39 <@plaisthos> Exagone313: no idea on php, try #php or read the doc
08:43 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
08:44 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 265 seconds]
08:48 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
08:58 -!- jirib [jirib@nat/redhat/x-mpwlwsglgmpoglmt] has joined #openvpn
08:58 < jirib> hi all
08:59 < jirib> how can i "dump" dhcp-options of running openvpn client? i won't see it in status file, will i?
08:59 < jirib> i do not save them into resolv.conf...
08:59 < jirib> i do not want to restart as it requires new auth, my tunnel is working file
09:02 -!- Exagone313 [~exa@elou.world] has joined #openvpn
09:12 -!- Malsasa [~Malsasa@36.81.179.28] has joined #openvpn
09:22 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
09:23 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 264 seconds]
09:25 -!- havingFun is now known as xrosnight
09:28 -!- Exagone313 [~exa@elou.world] has quit [Ping timeout: 276 seconds]
09:31 -!- Exagone313 [~exa@elou.world] has joined #openvpn
09:31 -!- Malsasa [~Malsasa@36.81.179.28] has quit [Read error: Connection reset by peer]
09:32 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
09:34 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:47 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
09:47 -!- Exagone313_ [~exa@elou.world] has joined #openvpn
09:49 -!- Exagone313 [~exa@elou.world] has quit [Ping timeout: 276 seconds]
09:51 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Ping timeout: 244 seconds]
09:59 -!- derjanni [~jan@185.16.172.167] has joined #openvpn
10:08 < derjanni> Hello everybody! I have a vpn client tunnel tun1 and a server tunnel tun0. The clients can perfectly use the default routes through eth0 from tun0, but they cannot access the route set for tun1 although I am able to route packets through it from the server. Any ideas?
10:10 -!- Exagone313_ [~exa@elou.world] has quit [Quit: see ya!]
10:11 -!- Exagone313 [exa@elou.world] has joined #openvpn
10:18 < jirib> derjanni: forwarding enabled?
10:22 < derjanni> yes
10:22 < derjanni> As I said going from tun0 into eth0 works fine
10:22 < derjanni> Going from tun0 into tun1 only works on the server
10:22 < derjanni> not from the clients
10:24 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
10:24 < pekster> Likely the firewall there
10:25 < pekster> It's not really going "from tun0" if you actually mean you're pinging a client on the VPN network accessed via tun1
10:27 -!- james41382 [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Ping timeout: 256 seconds]
10:27 < derjanni> clients are coming in on a openvpn server on tun0, they use eth0 for default routes, but for specific ones I want them to go through tun1
10:27 < pekster> Right. Works from server != "getting forwarded from a client VPN network"
10:28 < derjanni> do I need to add the route into tun1 into the openvpn config for tun0 ?
10:28 -!- f0o [~f0o@46.246.25.86] has left #openvpn ["= "Cya!""]
10:28 < pekster> Routes do not go "into interfaces"
10:29 < pekster> Routes go into routing tables; usually there's just the main routing table, but policy routing allows you to create secondary routing tables that specified traffic should be looked up in instead
10:29 < derjanni> that's my current routing table: http://susepaste.org/12074839
10:30 < derjanni> Do you see any issues?
10:30 < pekster> First off, your use of 15-year old tools on Linux. In the future, use `ip route` for routing, `ip addr` for addressing
10:30 < pekster> !ifconfig_linux
10:30 <@vpnHelper> "ifconfig_linux" is Avoid use of 'ifconfig' and 'route' commands on modern Linux distros. It's old, deprecated, and often misleading/wrong. Use the 'ip a' and 'ip r' commands instead. More info: http://inai.de/2008/0219-ifconfig-sucks.php
10:31 < derjanni> ok thanks... here are my iptables commands in rc.local: http://susepaste.org/71244253
10:32 < pekster> That's utterly worthless. https://github.com/QueuingKoala/fn-netfilter/wiki#paste
10:33 < pekster> In order to correctly evaluate a Netfilter ruleset, it's necessary to have the complete ruleset used by the kernel; what you've provided is a shell script that does not provide that complete view
10:34 < derjanni> ok, here is the full save: http://susepaste.org/18532931
10:34 < pekster> good god
10:35 < derjanni> line 62-66 I just added out of frustration :\
10:35 < pekster> You control this "second" VPN server, right?
10:35 < pekster> You really should stop using crap like ufw and learn to design your own rulesets
10:35 < pekster> That is a mess of spaghetti
10:36 < derjanni> :\
10:36 < derjanni> No, the 2nd VPN server is from IPvanish (connected on tun1)
10:37 < pekster> Your lack of nag on the egress of the 2nd is a problem
10:37 < pekster> NAT*
10:38 < pekster> lines 62, 63, & 65 are of course worthless because that network will never appear as a souce arriving from tun1
10:39 < pekster> And line 68
10:39 < pekster> Lines 66 is a duplicate
10:39 < pekster> Basically that's just a horrible mess
10:39 < pekster> (mostly due to the ufw nonsense
10:39 < derjanni> Ok, the problem is my inability to understand iptables and I should probably invest time to learn it probably.
10:40 < derjanni> I was just  a lazy ass that went with ufw :\
10:40 < derjanni> So the problem is that I don't properly do NAT on the 2nd VPN connection?
10:40 < pekster> That's at least one of your problems
10:41 < pekster> RFC1918 is not globally routable. To route a client-side LAN to another server, you need cooperation from both ends (described in !clientlan)
10:41 < pekster> Your're using another VPN as an uplink, so you need to NAT in the usual way to an "ISP"
10:42 < pekster> (this "ISP" is providing you RFC1918 space, so it's not really "Internet access" as much as "RFC1918 guest NAT")
10:42 < pekster> How do you expect a network that doesn't know about your downstream LAN to route the reply back to a network it doesn't even know exists?
10:43 < derjanni> simply NAT on the 2nd VPN connection, I thought and that then goes through the NAT that the gateway in the 2nd VPN provides
10:43 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:44 < derjanni> That was at least my idea.
10:45 < pekster> Yes, you have 2 layers of NAT
10:46 < pekster> You have an RFC1918 network behind another, upstream-provided, RFC1918 network that you are also a guest on
10:57 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
11:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:10 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:28 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
11:28 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Max SendQ exceeded]
11:34 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
11:34 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 272 seconds]
11:34 -!- jthunder [~jthunder@S0106d4ca6d1a04a4.vc.shawcable.net] has joined #openvpn
11:42 -!- u0m3 [~u0m3@92.80.82.3] has joined #openvpn
11:42 -!- Exagone313 [exa@elou.world] has joined #openvpn
11:47 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
11:47 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Remote host closed the connection]
11:49 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
12:04 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Quit: LONGUE VIE À L'ORTIE]
12:08 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Remote host closed the connection]
12:18 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection timed out]
12:19 -!- jthunder [~jthunder@S0106d4ca6d1a04a4.vc.shawcable.net] has quit [Ping timeout: 256 seconds]
12:20 -!- jthunder [~jthunder@S0106d4ca6d1a04a4.vc.shawcable.net] has joined #openvpn
12:26 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Quit: and in a dream i'm a different me, with a perfect you, we fit perfectly, and for once in my life i feel complete- and i still want to ruin it, afraid to look, as clear as day, this plan has long been underway, i hear them call, i cannot stay, the voice i]
12:26 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
12:28 -!- jthunder [~jthunder@S0106d4ca6d1a04a4.vc.shawcable.net] has quit [Quit: jthunder]
12:28 -!- daemon [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has joined #openvpn
12:28 < daemon> hey all how do I disable encryption entirely in openvpn
12:28 < daemon> I simply do not need it for my needs
12:29 < daemon> !welcome
12:29 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:29 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:29 < daemon> !howto > daemon
12:29 < daemon> !howto @ daemon
12:30 < pekster> !privmsg
12:30 < pekster> !msg
12:30 <@vpnHelper> "msg" is (#1) to see vpnHelper's factoids in msg instead of the channel, /msg vpnHelper factoids whatis #openvpn <key> or (#2) so to see !configs in msg, you would type /msg vpnHelper factoids whatis #openvpn configs or (#3) you can also just see !factoids for a link to the full list of what the bot knows
12:31 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:31 < pekster> You probably want to look at the --cipher and --auth config directives
12:31 < pekster> Note that TLS is mandatory for P2MP (server/client) setups; it's optional in a pure p2p mode; either way that is fully independent of the data channel encryption options
12:31 < daemon> got it
12:32 -!- derjanni [~jan@185.16.172.167] has quit [Quit: Lost terminal]
12:41 -!- chocolate [~chocolate@187.181.101.220] has quit [Ping timeout: 264 seconds]
12:42 -!- chocolate [~chocolate@187.181.101.220] has joined #openvpn
12:56 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 256 seconds]
12:57 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
12:58 < daemon> pekster, excellent got it working (with encryption) I now seem to have multi route though, I wanted route my entire connection through the openvpn server
12:58 < daemon> what configurtaion options do I need to look at
12:58 < daemon> push default route or something rigns  bell
12:59 < pekster> !redirect
12:59 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
12:59 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
13:00 < pekster> You almost always want that 'def1' attribute
13:00 < daemon> yes I have nat and all the rest configured from another vpn solution, this windows gui client thing is a little odd though
13:00 < daemon> can I actually specify command line options
13:00 < pekster> !gui
13:00 <@vpnHelper> "gui" is (#1) The only official GUI is the OpenVPN-GUI for Windows (see https://community.openvpn.net/openvpn/wiki/OpenVPN-GUI .) While there are other 3rd party GUIs, they may cause unexpected issues or (#2) If you're having problems starting OpenVPN through an unoffiical GUI, try launching it on the command line; if that works, the GUI is your problem
13:00 < pekster> Yes, same as in non-windows; you use the config file
13:00 < daemon> cool ok
13:01 < pekster> The config file works the exact same way in all OpenVPN configurations. Be aware this is _not_ the same as the "connect" client that uses 0% of the OpenVPN codebase: it's not actually OpenVPN, but a poorly named product called "OpenVPN Connect" that is not community-maintained
13:02 < pekster> I've heard some people the commercial client with the open-source servers, but others seem to have problems. I wouldn't know about that kind of setup
13:03 < daemon> interesting
13:03 < daemon> it did work it overwritten the rule on the windows clients (using the fgui)
13:03 < daemon> but it did not push them a default route
13:03 < daemon> !defaultroute
13:05 < pekster> "fgui"?
13:05 < daemon> just to get this right in my mind ... server 10.8.1.0 255.255.255.0
13:05 < daemon>  (on the server) will mean 10.8.0.1 is the 'server' to all clients
13:05 < daemon> pekster, typo +f
13:06 < pekster> --redirect-gateway is what gets "pushed" -- you do _not_ want to actually overide 0/0 because of this:
13:06 < pekster> !def1
13:06 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
13:06 < pekster> IOW, if you actaully attempt to have the client side replace 0/0, next time your local DHCP process rewnews, it'll undo that
13:06 < pekster> OpenVPN and your OS will fight for control: this is why 0/1 and 128/1 are used instead
13:07 < daemon> indeed I stumbled across that last time with openvpn ./.... a few years ago :)
13:07 < pekster> --redirect-gateway has worked the same way for many years now
13:08 < pekster> Some of the bypass-* additions are a bit newer though
13:08 < daemon> indeed but my brain has lost some cohesion on that information in the mean time lol
13:08 < daemon> ok pushing dns now too, time to see if we are routed properly
13:08 < daemon> brb
13:10 -!- daemon [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has quit [Quit: Leaving]
13:10 -!- daemon [~paul@108.61.175.223] has joined #openvpn
13:10 < daemon> perfect
13:10 < daemon> thank you pekster
13:10 < daemon> now I just need to figure out howto drop the encryption
13:12 < daemon> pekster, say ... seem as the nameserver is always on hte vpn server could I get away with pushing: push "dhcp-option DNS def1"
13:12 < daemon> the way I have the dns configured is to listen on *:*, except the public interface
13:12 < pekster> Only if 'def1.' is a resolvable DNS entry
13:12 < pekster> So, "no"
13:12 < daemon> ah I see
13:12 < pekster> See --dhcp-option in the manpage
13:16 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 246 seconds]
13:26 -!- daemon [~paul@108.61.175.223] has quit [Ping timeout: 244 seconds]
13:28 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
13:29 -!- u0m3 [~u0m3@92.80.82.3] has quit [Ping timeout: 244 seconds]
13:34 -!- Alchemy [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has joined #openvpn
13:35 < Alchemy> hey all I have a working openvpn configuration with freebsd&windows, ping/traceroute etc are all very quick
13:35 < Alchemy> but web browsing is very slow
13:35 < Alchemy> there is no encryption in use, ad compression is in use
13:35 < Alchemy> what couyld I have got wrong
13:35 < Alchemy> I am using udp as a transport
13:36 < Alchemy> funnily enough I am using the vpn right now and IRC is fine also
13:38 < Alchemy> downloading an iso is around 15-17KBps
13:38 < Alchemy> ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.1/FreeBSD-10.1-RELEASE-amd64-bootonly.iso used as test
13:38 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Read error: Connection reset by peer]
13:38 < Alchemy> client is windows 7
13:39 < pekster> Could just be a dirt-slow mirror. I'd try a direct-download over the VPN (using the VPN server IP is best) and do an scp or something from the actual server
13:39 < pekster> filezilla or similar can act as an scp client (putty ships with an scp binary too)
13:40 < Alchemy> pekster, 67MBpds
13:40 < Alchemy> pekster, 67MBps *
13:40 < Alchemy> that mirror is in the same data house as the server :P
13:40 < Alchemy> thinks like speedtest.net and other sites are actually timing out loading too
13:41 < Alchemy> meanwhile ssh to other resources are perfectly fine
13:41 < Alchemy> dns lookups are quick too
13:41 < Alchemy> I am pushing googles public dns as the nameserver
13:42 < pekster> Have a server-config handy, sans blanks/comments? (!configs for some grep syntax to rip those out)
13:42 < Alchemy> !pastebin
13:42 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
13:42 < Alchemy> pekster, https://gist.github.com/PaulGWebster/77ecefc0cef39bd1bdda
13:42 <@vpnHelper> Title: gist:77ecefc0cef39bd1bdda (at gist.github.com)
13:43 -!- Latrina [~Latrina@adsl-ull-193-182.50-151.net24.it] has quit [Ping timeout: 246 seconds]
13:43 < Alchemy> nb the tun/mss lines where added adter this problem as a possible fix
13:43 < Alchemy> they made no difference at all
13:44 -!- Latrina [~Latrina@ppp-85-32.26-151.libero.it] has joined #openvpn
13:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:46 -!- mode/#openvpn [+o mattock1] by ChanServ
13:46 < pekster> Do web pages with some volume of data get returned correctly from the client? Something like: http://solarviews.com/raw/earth/bluemarblewest.jpg works as a reasonable test
13:46 < Alchemy> pekster, loading (very slowly)
13:47 < Alchemy> but it appears like it wil lcomplete succesfully
13:47 < Alchemy> www.speedtest.net however will not
13:47 < pekster> The typical symptom of MTU issues is pure hangs as no ICMP error is emitted to the far side
13:47 < Alchemy> pekster, even if it was mtu the speed is abysmal the server is on a gigabit link I my self am on p100mbit
13:47 -!- chocolate [~chocolate@187.181.101.220] has quit [Ping timeout: 255 seconds]
13:47 < Alchemy> that picture just finished loading now
13:48 < Alchemy> complete however
13:48 < Alchemy> let me see how fast the server actually can get that
13:48 < pekster> presumably doing something like: time wget -o /dev/null '
13:48 < pekster> Erm
13:48 < Alchemy> # fetch http://solarviews.com/raw/earth/bluemarblewest.jpg
13:48 < Alchemy> bluemarblewest.jpg                            100% of 1023 kB  282 kBps 00m04s
13:48 < Alchemy> 4 seconds
13:48 < pekster> Yea, from the server?
13:48 < Alchemy> yep
13:49 < Alchemy> as before as well:
13:49 < Alchemy> # fetch ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.1/FreeBSD-10.1-RELEASE-amd64-bootonly.iso
13:49 < Alchemy> FreeBSD-10.1-RELEASE-amd64-bootonly.iso        85% of  218 MB   57 MBps 00m03s^C
13:49 < Alchemy> I get that on the client at 15-17kbps
13:49 < pekster> Right, though remember those are geo-load-balancd DNS RRs
13:49 < Alchemy> not used like that they are not
13:49 < Alchemy> ah wait
13:49 < Alchemy> let me use a specific one
13:49 < Alchemy> one moment
13:49 < Alchemy> # fetch ftp://ftp.uk.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.1/FreeBSD-10.1-RELEASE-amd64-bootonly.iso
13:49 < Alchemy> FreeBSD-10.1-RELEASE-amd64-bootonly.iso       100% of  218 MB   79 MBps 00m03s
13:50 < pekster> I don't think that's your issue here though, yea
13:50 < Alchemy> I am getting that at 13kbps
13:50 < Alchemy> yes I am a little stumped too
13:51 < pekster> Almost sounds like some horrible QoS, or epicly misconfigured TCP window somewhere
13:51 < Alchemy> I tried poptop and mpd5 earlier (so I could use hte default windows vpn client)
13:51 < Alchemy> that had the EXACT same issue
13:51 < Alchemy> worked but mind boggling slow
13:51 < pekster> You can try turning compression off, but that shouldn't make one bit of difference (use `--comp-lzo no` on both sides)
13:51 < Alchemy> I actually do bandwidth balancing on my head gateway (on this network)
13:51 < Alchemy> but the very worst ruleset this can fall into is 33% of 100mbit
13:52 < pekster> Dual-uplinks? You might be experiencing this if you're not correctly binding session flows to a _single_ uplink
13:52 -!- u0m3 [~u0m3@92.80.82.3] has joined #openvpn
13:52 < pekster> full on TCP slow-restarts each time the flow "flips"
13:52 < Alchemy> let me just change my firewalls ruleset on my local network to be pass through
13:52 < Alchemy> unmanaged
13:53 < Alchemy> see if it makes any difference
13:53 < pekster> A tcpdump from the client might reveal interesting things
13:54 -!- Alchemy [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has quit [Read error: Connection reset by peer]
13:54 -!- prism [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has joined #openvpn
13:54 < prism> ok rules reset
13:54 < prism> lets see if anything happened
13:54 < prism> made no difference at all
13:55 < prism>  wonder if I can actually tcpdump windows ....
13:55 < prism> ah windump
13:55 < pekster> wireshark, and if you're used to tcpdump, there's a CLI tshark.ese that works mostly the same
13:55 < prism> it seems odd that multiple vpn software packages are showing the EXACT same issue
13:56 < pekster> You can put pcaps up on cloudshark.org too, if you'd prefer
13:56 < pekster> Right, that's why the upstream processing is suspect now
13:56 < pekster> A review of tcp traffic bound for whatever you're using to test (tcp port 80 doing the image load, for instance) will likely reveal some hints at to the cause
13:57 < prism> just to remove my ISP being a douche I am going to throw openvpn over port 443 see if anything happens
13:58 < pekster> What good will that do if the VPN server is on your link-local network?
13:58 < prism> oh my fault, my link local network has its own gateway, the vpn server is remote
13:58 < prism> the reason I removed encryption was simply because there is nothing sensitive across the link
13:59 < prism> made zero difference anyhow
13:59 < pekster> So you probably didn't do the scp over the _VPN_ link to your VPN server then
14:00 < pekster> Unless you really have a 67 Mbps link between the client & remote server
14:00 < prism> the download of: ftp://ftp.uk.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.1/FreeBSD-10.1-RELEASE-amd64-bootonly.iso
14:00 < prism> that went 67MBps was from the server over its connection
14:00 < prism> the oen that went 13kbps was done from the client (this machine)
14:00 < pekster> Before worrying about speed to the public Internet (involving your ISP, gateway, etc, etc) first test the speed over the VPN link (and nothing else)
14:00 < pekster> This is what I asked for earlier
14:01 < prism> the second test did that, ftp://ftp.uk.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.1/FreeBSD-10.1-RELEASE-amd64-bootonly.iso ~ 13 kbps
14:01 < pekster> No, not unless that is _YOUR_ VPN IP
14:01 < prism> oh test a transfer from the server its self to my machine
14:01 < pekster> Unless you're hosting your own uk.freebsd.org DNS zone, that is most certainly not you
14:01 < pekster> Yes, to the VPN server. On it's VPN IP
14:02 < pekster> pscp.exe you@10.8.1.1:whatever.dat ./
14:02 < pekster> Or your preferred transfer mechanism that doesn't suck (so, not CIFS)
14:02 < pekster> If that's fast, look into the pcap of your redirected traffic
14:03 < prism> 3100KB/ps
14:03 < prism> over scp
14:03 < pekster> Sounds reasonable to me; so the VPN isn't the issue
14:03 < prism> let me just double check that did not use the plain connection
14:04 < prism> just to be sure
14:04 < pekster> 10.8.1.1 should be link-local (on the client's routing table) into the tun device
14:04 < pekster> `route.exe print -4` should report that anyway
14:05 < prism> pekster, ok to 10.8.1.1 I am getting 400-500 KBps
14:05 < prism> which is slower admiteddly but reasonable
14:06 < prism> certainly much faster than general browsing is getting
14:06 < pekster> So it's not the raw-VPN introducing the far-slower speeds you're seeing. I'd dig into the IP & TCP info when you pull something basic like that .jpg file
14:06 < pekster> A capture of at least the IP & TCP headers should be useful
14:06 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
14:07 < prism> ok so on the vpn server, tcpdump the outgoing interface
14:07 < pekster> I'd actually do it on the client
14:07 < pekster> Or at least the VPN server's tun interface
14:07 -!- prism is now known as daemon
14:07 < daemon> any particular filters?
14:08 < pekster> Well, either should work (in theory you might see outbound ICMP problems on the uplink, come to think of it)
14:08 < pekster> perhaps start with: tcp port 80 or icmp
14:08 < daemon> ooh I see alot of incorrect checksums
14:09 < pekster> That's normal if you do TCO
14:10 < daemon> http://pastebin.com/raw.php?i=ztdqkWk3
14:10 < daemon> when downloading that iso
14:10 < daemon> dump taken from vpn server monitoring tun device
14:12 -!- Blanc|AFK is now known as Blanc
14:13 < pekster> It's a bit odd that you get incorrect checksums there as there's no TCO on a tun device
14:13 < daemon> I wonder what would happen if I make it use tap
14:14 < pekster> That's the TCP checksum; I wouldn't expect any difference, but feel free to try it if you'd like
14:14 < daemon> I takei t windows cannot use tap
14:15 < daemon> or its not as simple as changing the device
14:15 < pekster> A full header dump might be more useful That's not a singel TCP session flow
14:15 < pekster> You really ought to upload a _full_ header dump in pcap form of a download attempt to cloudshark.net
14:15 < pekster> THere's something really screwed up going on there
14:16 < pekster> Or are you using some odd ftp client that spawns multiple data sessions or something weird?
14:16 < daemon> ok reverted everything to tun/udp
14:16 < daemon> pekster, nope just chromes client
14:16 < daemon> clicked the link and off it went
14:16 < daemon> err
14:16 < daemon> I just had a little thought
14:16 < daemon> on the gateway (to this network)
14:16 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has joined #openvpn
14:16 < daemon> would: net.inet.ip.random_id=1
14:16 < daemon> affect anything
14:17 < daemon> mind you that should be irrelvent to the vpn connection
14:18 < pekster> Seemingly not: https://www.mail-archive.com/freebsd-questions@freebsd.org/msg221997.html
14:18 <@vpnHelper> Title: net.inet.ip.random_id possible ASA problems? (at www.mail-archive.com)
14:18 < pekster> At least not in other setups
14:18 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Remote host closed the connection]
14:19 < daemon> let me unset that
14:19 < pekster> At this point you know it's something on your gateway, or something done by the gateway that ends up causing problems further upstream
14:20 < daemon> appears to not be that sysctl
14:20 < daemon> I should force a reboot on it, to make sure its fully cleared all states
14:20 < daemon> brb
14:23 -!- daemon [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has quit [Read error: Connection reset by peer]
14:24 -!- Alchemy [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has joined #openvpn
14:24 < Alchemy> Ok that was not the issue
14:27 < Alchemy> running winpcap on the client and downloading that iso
14:28 < Alchemy> www.cloudshark.net
14:28 < Alchemy> pekster, is that the correct address ^?
14:31 -!- Blanc is now known as Blanc|AFK
14:31 -!- Alchemy [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has quit [Read error: Connection reset by peer]
14:32 -!- Alchemy [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has joined #openvpn
14:32 < Alchemy> ok its not the gateway
14:32 < Alchemy> or I seriously doubt it
14:32 < Alchemy> its got a pass through rulesets, no special handling at all
14:39 < pekster> And you've already shown it's not the VPN: VPN is delivering things fine from your client to your server
14:39 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
14:40 < pekster> Not sure how you think it's anything else at this point: VPN-server to the Internet is fine, and so is transport over TCP/ssh over the VPN & Internet link between your client & server
14:45 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 250 seconds]
14:47 < Alchemy> pekster, found the issue
14:48 < Alchemy> the vtnet driver for freebsd has issues with TCO frames and mangles them, notable the end server is using this driver
14:48 < Alchemy> net.inet.tcp.tso=0
14:48 < Alchemy> should fix the issue
14:48 < Alchemy> testing now
14:51 -!- socomm [~socomm@96-40-131-251.dhcp.mtpk.ca.charter.com] has joined #openvpn
14:51 -!- socomm [~socomm@96-40-131-251.dhcp.mtpk.ca.charter.com] has left #openvpn ["WeeChat 0.3.8"]
14:55 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
14:55 -!- mode/#openvpn [+o syzzer] by ChanServ
15:10 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
15:12 -!- havingFun is now known as xrosnight
15:18 < Alchemy> pekster, confirmed it is an issue with freebsd servers using the vnet drivers
15:18 < Alchemy> still cannot find the real reason though
15:18 < Alchemy> swapped that external server to debian quickly, identical config
15:18 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
15:18 < Alchemy> no issues at all
15:19 < Alchemy> also swapped the freebsd virtualized instance to use the em0/intel gigabit nicx
15:19 < Alchemy> no problems at all
15:19 < Alchemy> odd
15:28 -!- meepmeep [meepmeep@end.of.cylind.re] has quit [Quit: Yippee-kay-yay]
15:30 -!- Alchemy [~paul@cpc5-linc11-2-0-cust73.12-1.cable.virginm.net] has quit [Quit: Leaving]
15:30 -!- meepmeep [meepmeep@end.of.cylind.re] has joined #openvpn
15:50 -!- u0m3 [~u0m3@92.80.82.3] has quit [Ping timeout: 245 seconds]
16:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
16:05 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
16:08 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:8c43:9232:25c0:72c9] has joined #openvpn
16:08 < wiflix> hey. is there any way to debug --auth-user-pass-verify scripts?
16:08 < wiflix> i got: WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 1
16:09 < wiflix> i use it with via-env ... when i run username=foobar /absolute/path/copied/from/openvpn/conf/script.sh it exits with status 0
16:09 < wiflix> no idea what else to test ...
16:20 -!- mattock is now known as mattock_afk
16:22 -!- Hatcher [~Cortex@69.80.100.107] has joined #openvpn
16:26 < pekster> wiflix: Possibly not running as the same user your openvpn process is?
16:28 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
16:31 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:8c43:9232:25c0:72c9] has quit [Ping timeout: 252 seconds]
16:34 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:2441:270a:4fba:28b9] has joined #openvpn
16:34 < wiflix> pekster: good thinking :) thanks, will try that
16:38 -!- Hatcher [~Cortex@69.80.100.107] has left #openvpn ["Leaving"]
16:45 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:48 -!- wiflix [~wiflix@2a02:8108:9c0:1fe7:2441:270a:4fba:28b9] has quit [Quit: Leaving.]
17:02 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
17:08 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]
17:17 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
17:19 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
17:21 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
17:24 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
17:35 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
17:45 -!- julius_ [~14354s@dslb-178-003-134-192.178.003.pools.vodafone-ip.de] has quit [Ping timeout: 250 seconds]
18:00 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
18:08 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:08 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
18:09 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
18:19 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
18:24 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:31 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 255 seconds]
18:32 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:34 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
18:42 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 255 seconds]
18:43 -!- kernal is now known as zz_kernal
18:44 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:52 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
19:02 -!- nickSwe [~quassel@2605:6000:9b86:c700:7dd2:5d5:769e:1707] has joined #openvpn
19:05 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has quit [Quit: Leaving.]
19:08 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
20:12 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:12 -!- anadahz [~anadahz@217.160.18.45] has joined #openvpn
20:12 < anadahz> Hi everyone
20:13 < anadahz> I 'm looking for a way to verify that an OpenVPN is running but without authentication --via netcat or similar
20:14 < anadahz> * OpenVPN server
20:18 < pekster> You can't with UDP as openvpn will ignore non-openvpn traffic. Use of --tls-auth also causes packets to get dropped without a matching key used by the connecting device, also by design as a security measure
20:18 < pekster> So, in short, you can't do that. Not reliably
20:23 < anadahz> pekster: so how can I be sure that my connection is not blocked or that the openvpn server is running?
20:24 < pekster> Check your server
20:24 < pekster> It'll have a running openpvn process, and the network addressing it's configured to use will be set up
20:25 < anadahz> most users have not a personal openvpn server
20:25 < pekster> Standard traceroute tools can suggest if something en-route blocks it, although that won't distinguish between the host being down and the immediate next-hop gateway dropping it
20:25 < pekster> !both
20:25 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
20:25 < pekster> OpenVPN is free to use; setting up a server is a simple matter of configuring it
20:26 < anadahz> so let's say that I'm on a filtered network how can I be assured that the server is running and that my ISP or an intermediary is blocking my requests?
20:27 < pekster> Running? Ask them.
20:28 < pekster> Find a traceroute utility that can send a probe to the port in use on the IP and check that way
20:28 < pekster> It's not gaurenteed (as DPI won't be fooled) but it's a reasonable starting point
20:28 < anadahz> many users in different countries use OpenVPN as a censorship circumvention tool
20:29 < pekster> Used in TLS mode it is fairly trivial to identify traffic as OpenVPN (but not the traffic sent over it)
20:29 < pekster> There's statickey, but that comes with its own drawbacks:
20:29 < pekster> !statickey
20:29 <@vpnHelper> "statickey" is (#1) you can use static keys by using --secret </path/to/key> or (#2) static keys only work for ptp links, not client/server. They also do not provide forward encryption. A forward-secure encryption scheme (such as openvpn uses with certs) protects secret keys from exposure by evolving the keys with time. or (#3) see !forwardsecurity for more info
20:29 < pekster> If you want an obfuscation layer, look into:
20:29 < pekster> !obfs
20:29 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used.
20:29 <@vpnHelper> in static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
20:30 < pekster> OpenVPN makes no attempt to hide what it is
20:30 < pekster> (that's not its job)
20:33 < rob0> You can run a TLS tunnel inside a --secret (static key) tunnel, and openvpn is self-obfuscating.
20:33 < anadahz> how does the client identifies that the server is down or the authentication/key process failed?
20:33 < pekster> You'll get an active reject reply if the auth failed; if your --tls-auth key is wrong you will by design get no reply at all from the server
20:34 < pekster> rob0: Mostly true; traffic analysis is still quite likely to reveal that a TLS handshake has occurred without at least padding to normalize the data sequenced, and possibly cover traffic
20:34 < pekster> That's part of why obfs pluggable modules offer the most flexibility
20:52 -!- Blanc|AFK is now known as Blanc
21:22 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:30 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:46 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:55 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
22:17 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
22:19 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
22:20 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
22:20 -!- mode/#openvpn [+o krzee] by ChanServ
22:58 -!- Blanc is now known as Blanc|AFK
23:16 -!- GoldenGlovez [~GG@78.129.218.25] has quit [Ping timeout: 245 seconds]
23:21 -!- GoldenGlovez [~GG@78.129.218.25] has joined #openvpn
--- Day changed Mon Mar 23 2015
00:44 -!- ShadniX [dagger@p5DDFF842.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:45 -!- ShadniX_ [dagger@p5481C4D2.dip0.t-ipconnect.de] has joined #openvpn
00:45 -!- ShadniX_ is now known as ShadniX
01:06 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:24 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
01:26 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
01:52 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:52 -!- mode/#openvpn [+o mattock] by ChanServ
01:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:56 -!- mode/#openvpn [+o mattock1] by ChanServ
02:00 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
02:15 -!- soLucien [~Lu@178.62.252.248] has quit [Quit: Leaving]
02:19 -!- jirib [jirib@nat/redhat/x-mpwlwsglgmpoglmt] has left #openvpn []
02:47 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Read error: Connection reset by peer]
03:14 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:22 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
03:40 -!- dazo_afk is now known as dazo
03:41 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
04:05 -!- apollo2k is now known as aPollO2k
04:10 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Remote host closed the connection]
04:20 -!- floyd20183 [~tim@proxyjhb.internext.co.za] has joined #openvpn
04:20 -!- floyd20183 [~tim@proxyjhb.internext.co.za] has quit [Client Quit]
04:21 -!- floyd20183 [~tim@proxyjhb.internext.co.za] has joined #openvpn
04:22 < floyd20183> morning. Have a small issue that I hope can be resolved. When using multiple local values in the a client config how does OpenVPN decide which to use ?
04:23 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
04:23 < BtbN> multiple local values?
04:24 < floyd20183> in my client.conf file I have multiple ip addresses and ports that I want to bind to
04:24 < floyd20183> e.g. let it try the first and if fail then the second
04:25 < floyd20183> our server have multiple routes out to the internet and both may not always be up
04:25 < floyd20183> so the idea was to try binding to the first device/ip and if you cannot connect then try the second device/ip
04:25 < floyd20183> or have I misread the documentation ?
04:36 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
04:43 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 272 seconds]
04:44 -!- lxusrbin [~lxusrbin@2a00:f826:3:2761::6667] has quit [Ping timeout: 256 seconds]
04:45 -!- cali [~cali@unaffiliated/cali] has quit [Ping timeout: 272 seconds]
04:46 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
04:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:51 -!- cultavix [~cultavix@unaffiliated/cultavix] has joined #openvpn
04:53 -!- mete [~mete@91.247.253.160] has joined #openvpn
04:57 -!- aPollO2k is now known as apollo2k
05:01 -!- lxusrbin [~lxusrbin@2a00:f826:3:2761::6667] has joined #openvpn
05:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
05:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:43 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
06:00 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
06:11 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
06:34 < ghormoon> hi, ny idea why does "push route" apply too early, before I actually can add that one? even if I move it to the end of the file, I get http://pastebin.com/bLYc3e4v
06:36 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
06:39 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
06:55 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
06:56 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 245 seconds]
06:57 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
06:59 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
07:00 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
07:06 -!- anadahz [~anadahz@217.160.18.45] has quit [Changing host]
07:06 -!- anadahz [~anadahz@unaffiliated/anadahz] has joined #openvpn
07:10 -!- bigpic [~rmasse@s72-38-111-130.static.comm.cgocable.net] has joined #openvpn
07:11 < ghormoon> hm, I've just noticed it doesn't happen on my tap network, but hapens on tun one (I need tun for device which wouldn't do tap)
07:14 < bigpic> I’m having troubles setting up client/server where the client doesn’t have a certificate and only relies on a username/password
07:14 < bigpic> If I supply the client with cers, it works totally fine
07:14 < bigpic> If I comment out the certs it doesn’t connect
07:15 < bigpic> I’ve got “auth-user-pass” on the client and the appropriate pam plugin on the serve
07:15 < bigpic> is there any good tutorials out there that would walk me through this setup?
07:21 -!- nickSwe [~quassel@2605:6000:9b86:c700:7dd2:5d5:769e:1707] has quit [Remote host closed the connection]
07:22 < ghormoon> solved, I had 3 parameters (network, mask, gateway) instead of two :)
07:31 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:31 -!- mode/#openvpn [+o mattock] by ChanServ
07:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
07:36 < ghormoon> hm, but still dns doesn't get updated in resolv.conf :( I see the line in log that I got it pushed though
07:57 -!- rich0_ is now known as rich0
08:02 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 272 seconds]
08:06 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
08:08 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
08:10 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
08:10 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:12 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:12 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
08:13 -!- floyd20183 [~tim@proxyjhb.internext.co.za] has quit [Ping timeout: 256 seconds]
08:14 -!- rich0_ is now known as rich0
08:24 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
08:25 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Client Quit]
08:26 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
08:28 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
08:28 -!- bigpic [~rmasse@s72-38-111-130.static.comm.cgocable.net] has quit [Quit: bigpic]
08:35 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:37 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
08:38 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
08:38 -!- Malsasa [~Malsasa@36.73.235.241] has joined #openvpn
08:44 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 272 seconds]
08:46 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
08:51 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
08:51 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
08:51 -!- badon_ is now known as badon
08:56 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
08:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:11 -!- Blanc|AFK is now known as Blanc
09:13 -!- Blanc is now known as Blanc|AFK
09:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
09:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:26 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
09:37 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 272 seconds]
09:42 -!- LanDi [~LanDi@179.183.85.167] has joined #openvpn
10:12 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 272 seconds]
10:19 <@krzee> http://legbacore.com/Research_files/HowManyMillionBIOSWouldYouLikeToInfect_Full.pdf
10:20 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
10:52 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
10:56 -!- manitou [~manitou@unaffiliated/manitou] has joined #openvpn
10:57 -!- LanDi [~LanDi@179.183.85.167] has quit [Max SendQ exceeded]
10:57 -!- LanDi [~LanDi@179.183.85.167] has joined #openvpn
10:58 -!- LanDi [~LanDi@179.183.85.167] has quit [Client Quit]
11:03 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:06 -!- apollo2k is now known as aPollO2k
11:11 -!- pushpop [~marc@unaffiliated/pushpop] has joined #openvpn
11:17 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
11:20 -!- Malsasa [~Malsasa@36.73.235.241] has quit [Read error: Connection reset by peer]
11:33 -!- russoisraeli [~mila@47.23.123.70] has joined #openvpn
11:33 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
11:35 < russoisraeli> Hello folks. I am running OpenVPN 2.3.4. I am pushing DNS settings to the clients. For most of the time it works very well. However I've encountered a case on Windows 8, when my pushed DNS servers don't take priority over the local DNS servers. nslookup domain mydnsips works just fine, but nslookup domain uses the local DNS servers
11:35 < russoisraeli> the networks adapters order is correct - i.e the openvpn tap takes preference
11:36 < russoisraeli> does anyone have any idea what could the problem be?
11:54 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Quit: Leaving]
11:55 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
12:04 -!- dyce [62bd4908@gateway/web/freenode/ip.98.189.73.8] has quit [Quit: Page closed]
12:08 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
12:15 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 245 seconds]
12:15 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
12:18 -!- dubya [~dubya@92.40.248.183.threembb.co.uk] has joined #openvpn
12:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:34 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:35 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
12:36 -!- derjanni [~jan@185.16.172.167] has joined #openvpn
12:36 < derjanni> Good evening Genltemen and women.
12:36 < derjanni> I have two adapters tun1 and tun2 with the same IP address set by the server. Routing is defined by destination IP address on each connection, but OpenVPN sets the wrong interface in the routing table. Can I set the interface in the OpenVPN route config line?
12:42 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
12:43 < derjanni> :\ really confusing, also tried setting vpn_gateway - no effect. Do I need to set the route in the system - is that the only chance?
12:47 < rob0> hmm, you'll have to describe the situation and need better.
12:48 < derjanni> I have two vpn client connections and want to route based on destination IP address
12:48 < derjanni> Unfortunately both VPN connections through IPvanish are using the same IP addresses within the VPN
12:52 < rob0> and you can't change that?
12:52 < derjanni> Yes, I can't change it it comes from the VPN provider.
12:54 < rob0> Maybe someone else will have a suggestion, but I think your only option is to talk to the provider's support desk.
12:58 -!- rich0_ is now known as rich0
13:00 <@krzee> "Can I set the interface in the OpenVPN route config line?"
13:00 <@krzee> no, but you can in a --route-up script
13:02 <@krzee> err no, --up script i mean
13:02 < derjanni> ok, I'll try that
13:02 <@krzee> at least thats where i hook in when i do the same from one of my servers
13:03 <@krzee> (just checked for ya =] )
13:04 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:05 < derjanni> @krzee: thanks for the tip, I'll go with the up script
13:06 <@krzee> np
13:10 -!- aPollO2k is now known as apollo2k
13:13 -!- derjanni [~jan@185.16.172.167] has quit [Quit: Lost terminal]
13:14 -!- Latrina [~Latrina@ppp-85-32.26-151.libero.it] has quit [Ping timeout: 256 seconds]
13:14 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
13:15 -!- Latrina [~Latrina@ppp-203-12.26-151.libero.it] has joined #openvpn
13:29 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
13:29 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
13:34 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
13:45 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:48 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
13:48 -!- anthony25 [~anthony25@aruhier.fr] has quit [Quit: Quitte]
13:49 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
13:51 -!- anthony25 [~anthony25@aruhier.fr] has quit [Client Quit]
13:51 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
14:01 < russoisraeli> Hello folks. I am running OpenVPN 2.3.4. I am pushing DNS settings to the clients. For most of the time it works very well. However I've encountered a case on Windows 8, when my pushed DNS servers don't take priority over the local DNS servers. nslookup domain mydnsips works just fine, but nslookup domain uses the local DNS servers
14:01 < russoisraeli> the networks adapters order is correct - i.e the openvpn tap takes preference
14:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:01 -!- mode/#openvpn [+o mattock1] by ChanServ
14:01 < russoisraeli> does anyone have any idea what could the problem be?
14:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
14:04 -!- Netsplit *.net <-> *.split quits: +esde, jgeboski, varesa
14:04 -!- Netsplit over, joins: jgeboski
14:04 -!- Netsplit *.net <-> *.split quits: Magiobiwan, thumbs, zimboboyd
14:04 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
14:04 -!- Netsplit over, joins: zimboboyd
14:04 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
14:04 -!- Netsplit over, joins: esde, varesa
14:04 -!- mode/#openvpn [+v esde] by ChanServ
14:06 -!- anthony25 [~anthony25@aruhier.fr] has quit [Quit: Quitte]
14:06 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
14:08 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has joined #openvpn
14:19 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
14:20 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
14:26 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:27 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
14:29 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
14:43 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Remote host closed the connection]
14:43 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
14:44 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
14:46 -!- zz_kernal is now known as kernal
14:46 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
14:46 < kernal> !routeinfo
14:46 < kernal> !routing
14:46 < kernal> !route
14:46 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
14:46 < kernal> !welcome
14:46 <@vpnHelper> client
14:46 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:46 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:47 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
14:47 < kernal> sry for spamming
14:47 < kernal> !serverlan
14:47 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
14:47 < kernal> now this is weird
14:48 < kernal> so i have an openstack instance
14:48 < kernal> with openvpn installed there that uses serverlan setup
14:48 < kernal> i copied all settings from a previous openvpn setup, where i gave access to a physical lan network to vpn clients
14:48 < kernal> but now i'd like to give access to two vlans
14:49 < kernal> i can ping the vlan ip of the vpn server
14:49 < kernal> my vpn ip is 10.10.100.10
14:50 < kernal> and on the server in vlan that i'd linke to access, there's 10.10.100.0     10.10.20.12     255.255.255.0   UG    0      0        0 eth1
14:51 < kernal> i can ping 10.10.20.12 from the server
14:51 -!- khaldrogox [~anonymous@64.13.138.81] has left #openvpn []
14:52 < kernal> and 10.10.20.12 can ping 10.10.100.10
14:52 < kernal> so idk what's wrong
14:52 < kernal> 10.10.100.10 can't ping 10.10.20.10
14:54 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
14:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:59 -!- dazo is now known as dazo_afk
15:03 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
15:10 < kernal> nvm it works now wtf
15:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:16 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
15:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
15:23 -!- dyer [~dyer@unaffiliated/dyer] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
15:24 -!- pantato [~one@23.92.54.158] has joined #openvpn
15:29 -!- dubya [~dubya@92.40.248.183.threembb.co.uk] has quit [Ping timeout: 244 seconds]
15:29 -!- manitou [~manitou@unaffiliated/manitou] has quit [Quit: Konversation terminated!]
15:30 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
15:31 -!- pantato [~one@23.92.54.158] has quit [Quit: leaving]
15:34 -!- Exagone313 [exa@elou.world] has quit [Quit: see ya!]
15:34 -!- Exagone313 [exa@elou.world] has joined #openvpn
15:34 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
15:48 < Exagone313> hello, i've a problem with my server configuration, I think it comes from my /etc/network/interfaces file, it's not configured like it has to be. http://pastie.org/10048034 (em1 is my internet interface like eth0, and br0 is supposed to be my openvpn interface) - addresses have to be on 192.168.42.0 (subnet 255.255.255.0) and I want that the server has 192.168.42.2 - my server configuration...
15:48 < Exagone313> ...should be fine, I can link it if you want
15:49 < Exagone313> I followed a tutorial to set up openvpn, but after this, the server didn't have access to internet, so I asked on ##networking to edit this file
15:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:53 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 36.0.1/20150305021524]]
15:54 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 250 seconds]
16:04 < rob0> You're bridging, why?
16:09 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
16:11 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
16:24 < Exagone313> rob0: I don't know
16:24 < Exagone313> I just want to make it work
16:25 < Exagone313> do you want my server config?
16:37 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: ["Textual IRC Client: www.textualapp.com"]]
16:42 -!- Six6siX [~Devil@jasmine.sammybakar.com] has joined #openvpn
16:43 -!- Six6siX [~Devil@jasmine.sammybakar.com] has left #openvpn ["Palaver http://palaverapp.com/"]
16:46 -!- u0m3 [~u0m3@92.80.82.3] has joined #openvpn
16:46 -!- u0m3 [~u0m3@92.80.82.3] has quit [Remote host closed the connection]
16:47 -!- u0m3 [~u0m3@92.80.82.3] has joined #openvpn
16:52 -!- pk12_ [~pk12@84.39.116.180] has joined #openvpn
16:53 -!- pk12 [~pk12@84.39.116.180] has quit [Ping timeout: 255 seconds]
16:53 -!- imbezol [~imbezol@shire.bigfiber.net] has left #openvpn []
16:58 < Exagone313> rob0: are you still there?
17:04 -!- zadock [~zadock@81.180.210.87] has quit [Read error: Connection reset by peer]
17:12 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
17:16 -!- russoisraeli [~mila@47.23.123.70] has quit [Quit: Leaving]
17:21 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
17:21 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Read error: No route to host]
17:25 -!- pk12_ [~pk12@84.39.116.180] has quit [Ping timeout: 272 seconds]
17:27 -!- kernal is now known as zz_kernal
17:29 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
17:31 -!- pushpop [~marc@unaffiliated/pushpop] has quit [Ping timeout: 245 seconds]
17:32 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
17:35 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:40 -!- zz_kernal is now known as kernal
17:40 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
17:50 -!- kernal is now known as zz_kernal
17:52 -!- zz_kernal is now known as kernal
17:53 -!- kernal is now known as zz_kernal
18:16 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
18:50 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
18:51 -!- mutilator [muti@c-68-56-137-33.hsd1.fl.comcast.net] has quit []
18:59 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
19:01 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn []
19:43 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 256 seconds]
20:33 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Ping timeout: 244 seconds]
20:39 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 252 seconds]
20:46 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:59 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:04 -!- suexec [~suexec@voyage.vhost.usr.no] has quit [Ping timeout: 256 seconds]
21:12 -!- anadahz [~anadahz@unaffiliated/anadahz] has left #openvpn ["part"]
21:13 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has joined #openvpn
21:14 < cstk421> my vpn session has been started with no errors. however there is no TUN interface when i do an ifconfig.  I also have session showing on the server side (pfsense).  how can i find out what the status of my connection is ?
21:14 < cstk421> im on debian trying to make it an openvpn client
21:17 -!- Blanc|AFK is now known as Blanc
21:17 -!- gchristensen [~gchristen@unaffiliated/grahamc] has left #openvpn ["WeeChat 0.4.2"]
21:18 -!- trumee [~parul@2601:e:1580:799::c64] has left #openvpn ["Konversation terminated!"]
21:27 -!- weykent [~weykent@unaffiliated/weykent] has left #openvpn []
21:30 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
21:35 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has quit [Remote host closed the connection]
21:44 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has joined #openvpn
21:46 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
21:46 -!- mode/#openvpn [+v RBecker] by ChanServ
21:47 < cstk421> does openvpn create a tun interface when it connects ?
21:49 < rob0> If the driver is loaded, yes.  On Linux, "modprobe tun".
21:51 < cstk421> no output on that command
21:51 < cstk421> i cant even find a command to see the status of the tunnel if it is connected or not
22:08 < cstk421> seeing this in the logs on the pfsense openvpn server    Authenticate/Decrypt packet error: packet HMAC authentication failed  what does that indicate ?
22:17 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
22:26 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
22:45 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:52 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has quit [Remote host closed the connection]
22:56 -!- Blanc is now known as Blanc|AFK
23:24 -!- Blanc|AFK is now known as Blanc
23:33 -!- Blanc is now known as Blanc|AFK
23:37 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
23:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
23:50 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
23:51 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
23:52 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
--- Day changed Tue Mar 24 2015
00:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:44 -!- ShadniX [dagger@p5481C4D2.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:45 -!- ShadniX_ [dagger@p5481D8A3.dip0.t-ipconnect.de] has joined #openvpn
00:45 -!- ShadniX_ is now known as ShadniX
01:01 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:18 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
01:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
01:41 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
01:41 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
01:45 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
01:51 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:51 -!- mode/#openvpn [+o mattock] by ChanServ
02:31 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
02:35 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:35 -!- mode/#openvpn [+o mattock] by ChanServ
02:41 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 256 seconds]
02:50 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
03:00 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
03:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:10 -!- mode/#openvpn [+o mattock1] by ChanServ
03:11 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
03:13 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
03:26 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:55 -!- dazo_afk is now known as dazo
04:19 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
04:19 -!- elliotdenk is now known as aksdjhfakslhfdf
04:19 -!- aksdjhfakslhfdf is now known as elliotdenk
04:20 -!- elliotdenk is now known as edcetera
04:20 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 272 seconds]
04:20 -!- edcetera is now known as ed_cetera
04:20 -!- ed_cetera is now known as ed-cetera
04:39 -!- mattock_afk is now known as mattock
04:40 -!- mattock is now known as mattock_afk
04:52 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
04:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:13 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Remote host closed the connection]
05:15 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:16 -!- ed-cetera is now known as patrickrose
05:16 -!- patrickrose is now known as elliotdenk
05:17 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
05:26 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
05:43 -!- elliotdenk is now known as ed_cetera
06:04 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:04 -!- mode/#openvpn [+o mattock] by ChanServ
06:06 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
06:09 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Read error: Connection reset by peer]
06:09 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
06:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
06:17 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:39 -!- Tausen [~Tausen@tausen.org] has joined #openvpn
06:43 < Tausen> I've been having some issues with my rather poor router (which does not support static routes, so I'm using NAT hack to get access to the LAN behind the server) and just had a probably silly idea - would it be a horrible idea to deactivate DHCP in my router and set up a DHCP server on a virtual machine (maybe even the one that hosts openvpn) on the LAN? I'm guessing that should let me solve the routing issues?
06:44 < Tausen> I'm mostly a complete noob on how networks, please bear with me
06:44 < Tausen> *how network work
07:01 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 244 seconds]
07:45 <@dazo> Tausen: that doesn't sound too bad, if your DHCP server is what gives you pain in pushing out routes ... what kind of router is it?
07:45 <@dazo> but having DHCP in a VM can be tricky ... unless the VM has access to physical network adapter where it can listen for the DHCP broadcast requests
07:47 < Tausen> dazo, it is an Apple extreme router afaik
07:48 <@dazo> It's a long time since I've seen those boxes ... but they used to be fairly flexible in the routing setup
07:48 < Tausen> *apple airport extreme
07:49 <@dazo> I'm wondering if you maybe struggle to understand how to setup proper routes ... what do you know about TCP/IP based routing?
07:49 <@dazo> do you understand sub-netting and netmasks?
07:49 < Tausen> I'm a complete rookie
07:49 <@dazo> okay ... some reading is appropriate then :)
07:49 <@dazo> !tcpip
07:49 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know
07:50 < Tausen> I have a general idea of what goes on, but certainly not enough for what I'm doing :)
07:50 < Tausen> Thanks
07:50 <@dazo> right, have a look at chapter 3.1 ... it covers a bit more than just routing ... but it explains quite well the pieces you need to know
07:50 <@dazo> routing is fairly simple once you wrap your head around netmasks and subnets :)
07:52 < Tausen> Alright, thank you very much :) I figure most of what I'm trying to do is pretty basic
07:52 < Tausen> But not being able to just set up a static route kind of caught me off guard
07:53 <@dazo> it doesn't sound too bad what you're doing ... but if you're missing a few details on how routing works, it can feel quite horrible and difficult :)
08:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
08:34 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:54 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 256 seconds]
09:16 -!- Blanc|AFK is now known as Blanc
09:20 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
09:21 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
09:22 -!- Blanc is now known as Blanc|AFK
09:29 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:29 -!- mode/#openvpn [+o mattock] by ChanServ
09:30 -!- ed_cetera is now known as edcetera
09:30 -!- edcetera is now known as ed_cetera
09:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:31 -!- mode/#openvpn [+o mattock1] by ChanServ
09:34 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
10:01 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has joined #openvpn
10:02 < cstk421> what does this error mean ? Authenticate/Decrypt packet error: packet HMAC authentication failed
10:02 < cstk421> on my pfsense server
10:09 <+esde> data (the packet itself) that was sent or received was not properly handled by openvpn. with the limited information you provided, that's about all that can be gleaned
10:10 < cstk421> im trying to troubleshoot the connection but i have no way of checking the status of the vpn session from the debian client.  any suggestions ?
10:10 <+esde> ssh into the server and monitor the server-side logs
10:12 -!- tamazaki_ [~tamazaki@95.85.35.109] has quit [Ping timeout: 255 seconds]
10:13 < cstk421> ok ill look at that
10:15 < cstk421> would there be a reason for that error to show if there is no session being started ?
10:18 -!- jediUFO [~quassel@unaffiliated/xrosnight] has joined #openvpn
10:18 < jediUFO> hello guys
10:18 < jediUFO> hwo to connect to Tor?
10:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
10:58 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
11:05 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has joined #openvpn
11:07 -!- sebrk [~sebrk@c83-248-255-12.bredband.comhem.se] has joined #openvpn
11:07 < Entelin> having a strange issue i'm hoping someone could shed some light on. I have several users connected to my openvpn server and its working fine for them and myself. One user which is using an iphone hotspot on at&t, can connect to the openvpn server (via the windows openvpn gui client), but cannot transmit any data across at all, not even pings.
11:09 < Entelin> oh and this user was working like a week ago
11:09 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
11:12 < Entelin> her syslog messages look the same as mine also
11:15 -!- sebrk [~sebrk@c83-248-255-12.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
11:16 <@dazo> cstk421: sounds like --tls-auth keys are out-of-sync
11:16 < cstk421> dazo: when you say out of sync do you mean they dont match or is it a system timing issue ?
11:16 <@dazo> jediUFO: try asking #tor on OFTC instead
11:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:17 <@dazo> cstk421: if you use --tls-auth, that uses a static and shared secret; it must be identical on both sides ... and tls-auth adds an additional HMAC security layer
11:18 <@dazo> (but this is just a hunch ... you might have completely other issues, related to the PKI cert/keys or timing issues)
11:18 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
11:18 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Max SendQ exceeded]
11:20 < cstk421> dazo: is there any chance there is a guide you could share with me that i can follow.  i have been trying to get a vpn client setup going on the is debian box for 3 days from l2tp/ipsec and that was failing miserably and now openvpn is a no go.looking for any direction i can get
11:20 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:20 -!- mode/#openvpn [+o mattock] by ChanServ
11:21 <@dazo> cstk421: the really quickest way is probably to grab a copy of the openvpn 2 cookbook
11:21 <@dazo> !book
11:21 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2!
11:21 <@dazo> that explains very well a lot of different setups, with explanations
11:21 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
11:21 <@dazo> of the configs used
11:22 < cstk421> gotcha ok thanks
11:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
11:24 <@dazo> cstk421: otherwise, I can recommend the mini-static-howto to get you started ... and then move towards using both proper PKI (cert/keys) and tls-auth
11:24 <@dazo> http://community.openvpn.net/openvpn/wiki/StaticKeyMiniHowto
11:24 < cstk421> dazo: i would love anything that works i dont care what it is
11:24 <@vpnHelper> Title: StaticKeyMiniHowto – OpenVPN Community (at community.openvpn.net)
11:25 < cstk421> is that specific to an os as a client ?
11:25 <@dazo> once you get a grip of the easy steps, openvpn is easy to extend to a more flexible setup
11:25 <@dazo> nope
11:26 <@dazo> well, that static mini howto is not aiming at Android or iOS ... but it takes you nicely through several steps to give you an idea how it works
11:27 -!- u0m3 [~u0m3@92.80.82.3] has quit [Read error: Connection reset by peer]
11:27 < cstk421> understood thanks
11:27 <@dazo> but, the book is absolutely worth every penny (disclaimer: I helped out with technical preview, but I do not earn anything at all on the book) ... but I still use that book when I need to lookup some features I don't use so often
11:27 <@dazo> s/preview/review/
11:28 < cstk421> understood thank you again
11:28 <@dazo> you're welcome :)
11:29 -!- andi [~andi@unaffiliated/fr00d] has joined #openvpn
11:29 < andi> Hi
11:29 < andi> I do have a tunnelblick client which can connect to the vpn successfully but it neither can ping anything in the vpn nor its own vpn ip.
11:30 < andi> Does somebody know what's wrong here?
11:30 <@dazo> andi: sounds like firewalling
11:31  * dazo don't know OSX, so he is not going to be much helpful
11:33 < andi> Sounds like firewalling to me, too. But the firewall is off - I think.
11:45 < Entelin> If I use openvpn-connect iphone app, will laptops connected via the hotspot be able to connect to hosts behind the vpn?
11:54 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
11:54 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Max SendQ exceeded]
11:59 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
12:01 <@dazo> Entelin: hard to say, in theory it could work - but not without some configuration (iroute and route setups) ... but I don't know if iOS will provide IP forwarding easily, and also I don't know what kind of firewalling iOS does
12:01 <@dazo> !clientlan
12:01 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
12:01 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
12:03 < Entelin> ok, have any idea why a (windows) laptop behind an iphone hotspot, would be able to connect to the openvpn server, but not be able to communicate across it? theres no AV, no software firewalls, there are a handful of other users connected and working, and this particular laptop worked the last time the user tried it about a week ago.
12:04 <@dazo> Entelin: that sounds like either firewall issue on the openvpn server or that the VPN server doesn't have IP forwarding enabled
12:04 <@dazo> !serverlan
12:04 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
12:05 < Entelin> it has the route, and this server is in use by other clients successfully, ipforwarding is enabled
12:06 <@dazo> okay, does the Windows OpenVPN client run with admin privileges?
12:06 < Entelin> route print on the windows server shows the correct routes
12:06 <@dazo> okay, sounds reasonable
12:06 <@dazo> then you need to use tcpdump or wireshark on both client and server, to see that the traffic you expect over the tunnel really goes there ... and then you'll get a clue where it stops
12:07 <@dazo> your openvpn server, is it also the default gateway on your server-side lan?
12:08 < Entelin> i had installed wireshard on one of the internal servers i was trying to hit and recieved no incoming traffic on that ip
12:08 <@dazo> did you also check the traffic on the tun/tap interface?
12:08 < Entelin> vpn network is 10.8.0.0/24, internal network is 192.168.10.0/24
12:09 < Entelin> the vpn server is .10 on the internal network and .1 on the vpn network, but is not the default route for the internal network
12:09 < Entelin> theres a routing rule on the default router that points back to 10
12:10 < Entelin> the vpn network that is on .10
12:10 <@dazo> Entelin: is your VPN server side something like this?  https://community.openvpn.net/openvpn/wiki/BridgingAndRouting#Usingrouting   ... Or something like this: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting#UsingroutingandOpenVPNnotrunningonthedefaultgateway
12:10 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
12:11 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
12:12 < Entelin> the second one
12:12 < Entelin> its not the default gw
12:12 <@dazo> okay, good
12:13 <@plaisthos> cstk421, dazo: iirc OpenVPN Connect does not support static keys
12:13 <@plaisthos> so static keys and ios probably will not work
12:13 <@dazo> then you really need to have a look using tcpdump/wireshark on the tun/tap adapter ... do a ping from the client, on the openvpn server run 'tcpdump -i tun0 icmp' (replace tun0 with your proper tun/tap adapter name) ... and see if you see the ICMP packets flowing
12:14 <@dazo> Entelin: ^^
12:14 < Entelin> ok
12:14 < Entelin> I will do that next time I have access to the affected laptop
12:14 <@dazo> Entelin: if you see only the ping and not the pong ... then you need to replace tun0 with your physical eth interface you use and see if you have the response there
12:15 <@dazo> if you don't, then your return route is not functional ... so you need to double-check the default gateway, that it redirects 10.8.0.0/24 via the IP address of your OpenVPN server
12:16 <@dazo> If you don't see any ICMP packets at all on the tun interface on the server, then the openvpn client has the wrong routing
12:17 < Entelin> ok thanks for the direction
12:17 <@dazo> no prob!  Good luck!
12:19 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
12:34 -!- zz_kernal is now known as kernal
12:35 < andi> Ok, firewall is completely turned off and I'm still unable to ping my own ip. I'm using Tunnelblick 3.4.4.
12:37 <@krzee> andi,
12:37 <@krzee> !logs
12:37 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
12:37 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
12:38 < andi> http://pastebin.com/BpDN17ni This is what Tunnelblick is telling.
12:41 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Ping timeout: 272 seconds]
12:50 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
12:54 < andi> Now I simply made the connection via console with the openvpn binary, same error. It connects successfully but I cannot ping neither my ip nor the servers vpn ip.
12:55 < andi> http://pastebin.com/QCJig8vr netstat -r is showing these two entries for my utun0 interface, except the other networks which are not important at the moment.
12:56 < cstk421> dazo: you still arount ?
12:56 < cstk421> around *
12:56 <@dazo> cstk421: I am
12:56 < cstk421> well what took 3 days took 15 min after i went through the mini guide
12:57 < cstk421> thank you thank you thank you thank you thank you thank you
12:57 <@dazo> the mini guide is a good starting point, but not a good ending point ;-)
12:57 <@dazo> but it helps to have a place to start where things do work
12:57 < cstk421> understood
12:58 < cstk421> so quick question regarding that setup with the static key. i have 1 client connected and im confused about the ifconfig command in the config of the client.  i am specifying my ip and the server ip correct ?
12:58 < rob0> To be fair, threat models differ, and if you don't expect to be attacked by the likes of US NSA, static key might be good enough.
12:59 <@dazo> the static key mode, is also called peer-to-peer mode (or just p2p) .... so it means there are no real server and client ... it is "local" and "remote" ... so ifconfig option in p2p mode means "my VPN IP address" and "the other sides VPN IP address"
13:00 < cstk421> thx rob0
13:00 < cstk421> ok that makes senze
13:00 < cstk421> if that is true why with a second client am i not able to get connected using the same info but another ip in the scheme ? for example client1 has the config statement "ifconfig 10.0.8.1 10.0.8.2"  works fine while client2 has "ifconfig 10.0.8.1 10.0.8.3" and it connects but cant get network comm and the ip never gets assigned to the tun interface.
13:00 <@dazo> cstk421: that is correct ... p2p mode can only handle a single connection
13:01 < cstk421> ah hah
13:02 <@dazo> cstk421: things do get a little bit more complicated moving towards TLS/PKI ... as that introduces you to CA files, individual key and certificates ... and you can use the --server and --client options to get started fairly quickly
13:02 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
13:02 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
13:02 <@dazo> The --server and --client options are more like macros, so they do a lot of extra things for you
13:02 < cstk421> dazo: i have done that in the past without much trouble but for some reason with this environment its not working.
13:02 < cstk421> then again that was mostly windows and ios devices
13:03 < cstk421> so openvpn is incapable of doing user authentication via user and pass ?
13:03 <@dazo> right ... just switching your currently p2p working setup to TLS/PKI shouldn't really break your tunnel ... it just improves the security aspects and enables more clients to connect at the same time
13:04 < cstk421> copy that
13:04 <@dazo> Out of the box, yes ... but you can add this functionality, either via plugins or --verify-user-pass (iirc) script hooks
13:04 <@krzee> andi,
13:04 <@krzee> 2015-03-24 18:35:06 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1544', remote='link-mtu 1543'
13:04 <@krzee> 2015-03-24 18:35:06 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
13:05 <@krzee> !configs
13:05 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:05 < cstk421> dazo: gotcha
13:05 <@krzee> cstk421,
13:05 <@krzee> !authpass
13:05 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
13:06 < cstk421> krzee: thank you will do
13:06 <@dazo> cstk421: with username/password auth, you still need a TLS/PKI setup ... however, you can remove the need for client certificates, just using username/password auth.  But server needs key/cert and the client config does need a CA certificate
13:06 <@krzee> !pki
13:06 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-pki
13:06  * dazo realizes he hangs out too seldom here ... not remembering these factoids :)
13:07 < cstk421> ok got it
13:07  * krzee likes to talk in factoids
13:07  * dazo too ... if he just remembers the vast variety of them :)
13:08 <@krzee> ya theres many more than i even know now, !factoids is a good read
13:08 <@krzee> !factoids
13:08 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
13:08 <@dazo> yeah :)
13:14 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
13:31 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has quit [Remote host closed the connection]
13:36 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
13:49 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
14:06 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
14:23 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has joined #openvpn
14:28 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has quit [Ping timeout: 265 seconds]
14:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
14:31 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
14:42 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
14:44 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has joined #openvpn
14:45 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
15:02 -!- jediUFO [~quassel@unaffiliated/xrosnight] has quit [Remote host closed the connection]
15:26 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:28 -!- cstk421 [~cstk421@mobile-166-173-056-143.mycingular.net] has quit [Ping timeout: 250 seconds]
15:33 -!- rika [rika@trivialand/guesser/rika] has joined #openvpn
15:37 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
15:44 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
15:46 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
15:55 -!- hikenboot [~hikenboot@pool-71-174-159-16.bstnma.east.verizon.net] has joined #openvpn
15:55 < hikenboot> hi! is there a way to use self signed certificates with openvpn for demo purposes only
15:56 < hikenboot> perhaps an entry in the server config and client config that says to ignore the issues
16:15 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:28 < Entelin> you normally use self signed certs
16:28 < Entelin> what issues?
16:44 -!- ed_cetera is now known as elliotdenk
16:45 < hikenboot> VERIFY ERROR: depth=0, error=self signed certificate: CN=ip-172-31-56-206.ec2.internal, O=ip-172-31-56-206.ec2.internal, OU=ip-172-31-56-206.ec2.internal, C=US
16:48 -!- Netsplit *.net <-> *.split quits: cyberanger, Orbixx, marlinc, abbe, dupondje, codebam, DzAirmaX, D-Boy, Keridos
16:49 -!- Netsplit over, joins: DzAirmaX, Keridos, Orbixx, cyberanger, dupondje, marlinc, codebam, abbe
16:50 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Max SendQ exceeded]
16:50 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
16:54 -!- tessier [~treed@kernel-panic/copilotco] has quit [Ping timeout: 252 seconds]
16:59 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:04 -!- pk12_ [~pk12@84.39.116.180] has joined #openvpn
17:08 -!- pk12 [~pk12@84.39.116.180] has quit [Ping timeout: 264 seconds]
17:10 -!- techevo [~techevo@178.32.57.190] has quit [Read error: Connection reset by peer]
17:12 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Leaving.]
17:14 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:14 -!- mode/#openvpn [+v s7r] by ChanServ
17:22 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
17:23 < Entelin> is topology subnet a server or client config option, or both?
17:23 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
17:24 < Entelin> i specified it on both, but on the windows client in the logs it still says its using net30
17:25 -!- pk12_ [~pk12@84.39.116.180] has quit [Ping timeout: 264 seconds]
17:26 < Entelin> nm on that actually was just a permissions issue
17:53 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
17:55 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:55 -!- mode/#openvpn [+v s7r] by ChanServ
18:07 -!- The_Ball [~ballen@c114-77-179-73.hillc3.qld.optusnet.com.au] has quit [Remote host closed the connection]
18:19 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Quit: leaving]
18:20 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
18:22 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: slep]
18:30 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 256 seconds]
18:44 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
18:51 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has quit [Read error: Connection reset by peer]
18:55 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has joined #openvpn
18:55 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has quit [Client Quit]
19:00 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Quit: I Was Just De-c0ded!]
19:03 -!- Olipro is now known as Guest79063
19:04 -!- kernal is now known as zz_kernal
19:04 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
19:20 -!- cstk421_ [~cstk421@ip-64-134-159-63.public.wayport.net] has joined #openvpn
19:35 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 256 seconds]
19:41 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
19:41 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
19:43 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
19:44 -!- james41382__ [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
19:47 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
19:47 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Read error: Connection reset by peer]
19:47 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
19:50 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 244 seconds]
19:53 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
19:55 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
20:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:23 < hikenboot> VERIFY ERROR: depth=0, error=self signed certificate: anyone know how to fix. I believe I am using the proper components of the self signed certificate
20:33 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 256 seconds]
20:57 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:58 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
21:24 -!- lotharn [~kvirc@dynamic-acs-24-101-38-64.zoominternet.net] has joined #openvpn
21:40 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
21:41 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
21:41 -!- mode/#openvpn [+v RBecker] by ChanServ
22:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:28 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 246 seconds]
22:28 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 246 seconds]
22:28 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has quit [Ping timeout: 246 seconds]
22:30 -!- mete [~mete@91.247.253.160] has joined #openvpn
22:34 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
22:53 <@dazo> hikenboot: no, you cannot use self-signed certificates with openvpn ... only the CA certificate can be self-signed
22:54 -!- dazo is now known as dazo_afk
22:56 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 246 seconds]
22:58 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
22:59 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
23:03 -!- Guest79063 [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
23:06 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
23:07 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:15 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
23:16 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
23:43 -!- cstk421_ [~cstk421@ip-64-134-159-63.public.wayport.net] has quit [Remote host closed the connection]
23:46 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
23:48 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
--- Day changed Wed Mar 25 2015
00:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
00:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:12 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Client Quit]
00:43 -!- ShadniX [dagger@p5481D8A3.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:44 -!- ShadniX [dagger@p5794103A.dip0.t-ipconnect.de] has joined #openvpn
01:14 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:16 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 250 seconds]
01:16 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has quit [Excess Flood]
01:17 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has joined #openvpn
01:18 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
01:21 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:33 -!- lotharn [~kvirc@dynamic-acs-24-101-38-64.zoominternet.net] has quit [Ping timeout: 245 seconds]
01:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:34 -!- mode/#openvpn [+o mattock1] by ChanServ
01:40 -!- screenn [~screenn@5.248.32.145] has joined #openvpn
02:07 -!- Malsasa [~Malsasa@36.82.83.125] has joined #openvpn
02:08 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 264 seconds]
02:15 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
02:26 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
02:34 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Quit: WeeChat 1.0.1]
02:34 -!- marlinc [~marlinc@80.100.128.152] has joined #openvpn
02:39 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:39 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
02:40 -!- badon_ is now known as badon
02:57 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
03:04 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
03:17 -!- Malsasa [~Malsasa@36.82.83.125] has quit [Remote host closed the connection]
03:19 -!- Guest98431 [B@Aircrack-NG/User] has quit [Ping timeout: 252 seconds]
03:19 -!- FBi [B@Aircrack-NG/User] has joined #openvpn
03:20 -!- FBi is now known as Guest35325
03:32 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
03:32 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:00 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:05 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
04:21 -!- pk12_ [~pk12@84.39.116.180] has joined #openvpn
04:24 -!- pk12 [~pk12@84.39.116.180] has quit [Ping timeout: 250 seconds]
04:37 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:18 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Remote host closed the connection]
05:19 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
05:23 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
05:29 -!- james41382_ [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
05:30 -!- james41382__ [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Read error: Connection reset by peer]
05:58 -!- hikenboot [~hikenboot@pool-71-174-159-16.bstnma.east.verizon.net] has quit [Ping timeout: 252 seconds]
06:01 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
06:32 -!- pk12_ [~pk12@84.39.116.180] has quit [Quit: Textual IRC Client]
06:34 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
06:34 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
06:35 -!- badon_ is now known as badon
07:06 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Quit: WeeChat 1.1.1]
07:11 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
07:19 -!- dazo_afk is now known as dazo
07:25 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
07:26 -!- mattock_afk is now known as mattock
07:27 -!- mattock is now known as mattock_afk
07:31 -!- mattock_afk is now known as mattock
08:02 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
08:17 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
09:08 -!- txdv [~unreal@78-56-71-41.static.zebra.lt] has quit [Ping timeout: 265 seconds]
09:10 -!- mattock is now known as mattock_afk
09:19 -!- screenn [~screenn@5.248.32.145] has quit [Ping timeout: 252 seconds]
09:47 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:47 -!- mode/#openvpn [+o mattock] by ChanServ
09:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:51 -!- mode/#openvpn [+o mattock1] by ChanServ
09:55 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
09:56 -!- screenn [~screenn@5.248.32.145] has joined #openvpn
09:57 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
10:02 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
10:05 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
10:12 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
10:25 -!- justinzane [~justinzan@24.49.199.88] has quit []
10:25 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
10:46 -!- dimitry7 [dimitry7@26c-002.static.bnc4free.com] has joined #openvpn
10:47 -!- screenn [~screenn@5.248.32.145] has quit [Ping timeout: 246 seconds]
10:48 < dimitry7> Hello Guys, I often see this in my Ovpn Server, (ovpn-laredo[633]: TLS: tls_process: killed expiring key), is that normal? what does that mean? I've googled it and found many users have problem with that. My VPNs are all working good but I'm afraid they fail sometime because of this.
10:50 -!- mattock_afk is now known as mattock
11:11 < rob0> huh?  That is not an error.
11:14 -!- xMopxShell [~xMopxShel@davepedu.com] has quit [Ping timeout: 250 seconds]
11:25 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
11:34 -!- xMopxShell [~xMopxShel@davepedu.com] has joined #openvpn
12:02 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
12:04 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 250 seconds]
12:04 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
12:07 -!- screenn [~screenn@195.160.233.253] has joined #openvpn
12:15 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:22 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
12:25 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
12:46 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
12:51 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 246 seconds]
13:01 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
13:03 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 246 seconds]
13:16 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
13:19 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
13:24 -!- anthony25 [~anthony25@aruhier.fr] has quit [Ping timeout: 246 seconds]
13:25 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
13:25 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
13:31 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
13:36 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
13:41 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:47 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
13:47 -!- screenn [~screenn@195.160.233.253] has quit [Ping timeout: 256 seconds]
14:02 -!- grassass [slug@gateway/vpn/mullvad/x-zemxdhzowbzexsed] has quit [Read error: Connection reset by peer]
14:20 -!- monsterco [463336af@gateway/web/freenode/ip.70.51.54.175] has joined #openvpn
14:20 < monsterco> hi everyone - can I revoke and then re-enable certificate keys?
14:22 < monsterco> anyone can comment on above?
14:27 <+esde> !intro-to-pki
14:27 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
14:27 <+esde> !pki
14:27 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-pki
14:27 <+esde> monsterco, ^
14:27 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Quit: x]
14:28 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
14:29 < monsterco> +esde - so that mean it's optional and can be reversed?
14:29 -!- mattock is now known as mattock_afk
14:36 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
14:38 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
14:52 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
14:53 < zoredache> monsterco: see http://blog.abhijeetr.com/2012/06/revokeunrevoke-client-certificate-in.html
14:53 <@vpnHelper> Title: Blog: Revoke/Unrevoke a client certificate in OpenVPN (at blog.abhijeetr.com)
14:53 < zoredache> generally you shouldn't, but apparently you can if you do some unusual things on some CAs.
14:53 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
14:54 < monsterco> @vpnHelper - thanks - let me read
14:54 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
14:57 < monsterco> @vpnHelper - I prefer the tls script method but I am not sure if I use tls. Is this just a quick check and not really a revocation?
15:01 -!- dazo is now known as dazo_afk
15:20 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
15:24 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
15:31 <+esde> !vpnhelper
15:31 <@vpnHelper> "vpnhelper" is "bot" is I'm a bot.. just a bot. krzee and ecrist are my maintainers, and I haven't said anything, if you'd notice, the person who spoke just before me gave a !command to make me speak :P
15:37 -!- screenn [~screenn@5.248.32.145] has joined #openvpn
15:38 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
15:39 -!- zz_kernal is now known as kernal
15:42 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
15:44 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
15:48 < monsterco> @vpnHelper - I implemenented the bash script and added key names in the user list but I am not able to connect from any key now
15:53 -!- Mutantx [~Carlo@gateway/vpn/privateinternetaccess/mutantx] has quit [Ping timeout: 252 seconds]
15:54 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 250 seconds]
16:33 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
16:34 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:06 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:10 -!- monsterco [463336af@gateway/web/freenode/ip.70.51.54.175] has quit [Quit: Page closed]
17:49 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
17:49 -!- mode/#openvpn [+o pekster] by ChanServ
18:15 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Read error: Connection reset by peer]
18:17 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
18:27 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Quit: Reconnecting]
18:27 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
18:27 -!- mode/#openvpn [+o pekster] by ChanServ
18:29 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
18:29 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:29 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
18:34 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
18:40 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
18:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
18:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:57 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
18:59 -!- corretico [~luis@190.241.180.58] has joined #openvpn
19:01 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
19:05 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
19:10 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
19:17 -!- kernal is now known as zz_kernal
19:19 -!- Ademan [~dan@108-66-134-195.lightspeed.sntcca.sbcglobal.net] has joined #openvpn
19:20 < Ademan> This is going to sound ignorant, because it is, but most OpenVPN configuration examples use and recommend UDP, how does a client behind NAT receive any packets from the server?
19:27 -!- mode/#openvpn [+v-o pekster pekster] by pekster
19:27 <+pekster> Ademan: That's the magic of stateful firewalling, and also why keepalive packets are sent by UDP-based encapsulation protocols
19:27 <+pekster> Same way a client behind NAT gets packets from google when you visit it over http/s
19:33 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Ping timeout: 246 seconds]
19:40 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
19:40 < Ademan> pekster: thanks. I was under the impression that the reason it works for http/s was because TCP packets contain enough information to route "return" packets from the server correctly, but that UDP packets didn't.
19:41 < Ademan> I always sort of viewed it as "the TCP connection encapsulates this data, and the necessary parties along the way have gleaned this data, and can associate it with future packets that are part of this connection"
19:42 <+pekster> UDP can always "get back"
19:42 <+pekster> Routing happens at the IP layer, not the UDP layer
19:44 < Ademan> right, I suppose I should fully grok IP before I ask any more questions heh
19:55 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:05 -!- corretico [~luis@190.241.180.58] has quit [Ping timeout: 256 seconds]
20:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:17 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
20:29 -!- Ademan [~dan@108-66-134-195.lightspeed.sntcca.sbcglobal.net] has quit [Quit: leaving]
20:40 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 244 seconds]
20:41 < dimitry7> UDP is slow
20:42 < dimitry7> the purpose of TCP is for high performance, critical services, as VPN is
20:48 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 252 seconds]
20:48 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:54 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
21:07 <+pekster> dimitry7: That's completely backwards advice for openvpn: tcp performs *poorly* as an encapsulation protocol for IP (or Ethernet) traffic specifically because it's not the layer of lower-level protocols to deal with what TCP does, namely reliably and ordered delivery
21:07 <+pekster> See also:
21:07 <+pekster> !tcp
21:07 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
21:09 <+pekster> UDP is far faster than TCP: no handshaking, no sliding window, etc
21:13 < dimitry7> with UDP my VPN hangs
21:13 < dimitry7> and it gives an error, let me paste it
21:15 < dimitry7> TLS Error: local/remote TLS keys are out of sync
21:15 < dimitry7> ok I will change it to upd
21:15 < dimitry7> udp
21:16 < dimitry7> if it hangs, I will be complaining here haha
21:31 < dimitry7> if I dont specify
21:32 < dimitry7> by default is udp?
21:43 <+pekster> yup
21:45 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Ping timeout: 250 seconds]
21:53 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 250 seconds]
21:53 -!- Blanc|AFK is now known as Blanc
22:03 < dimitry7> pekster, okaay.. thanks!
22:13 -!- james41382_ is now known as james41382
22:14 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:44 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:31 -!- Blanc is now known as Blanc|AFK
--- Day changed Thu Mar 26 2015
00:42 -!- ShadniX [dagger@p5794103A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:42 -!- ShadniX_ [dagger@p5481DAD0.dip0.t-ipconnect.de] has joined #openvpn
00:43 -!- ShadniX_ is now known as ShadniX
00:49 < leo2007> if I run two openvpn servers on a machine can they share the same subnet?
01:16 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:24 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:24 -!- mode/#openvpn [+o mattock] by ChanServ
01:26 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:26 -!- mode/#openvpn [+o mattock1] by ChanServ
01:29 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
01:32 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
02:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
02:49 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 256 seconds]
02:58 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
02:59 -!- zz_kernal is now known as kernal
03:14 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Remote host closed the connection]
03:17 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
03:17 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
03:18 -!- kernal is now known as zz_kernal
03:19 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Client Quit]
03:24 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
03:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:26 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
03:31 -!- dazo_afk is now known as dazo
03:40 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
03:41 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
03:53 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:56 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
04:01 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
04:10 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:12 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
04:24 -!- apollo2k is now known as aPollO2k
04:57 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:01 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
06:07 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:11 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 250 seconds]
06:30 -!- Netsplit *.net <-> *.split quits: adaptr, novae, lev__, @krzee, Nothing4You, defswork, kef, moparisthebest, nsrafk, dupondje,  (+179 more, use /NETSPLIT to show all of them)
06:30 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Max SendQ exceeded]
06:34 -!- Netsplit over, joins: Orbixx, abbe, codebam, dupondje, cyberanger, DzAirmaX, _0x5eb_, xMopxShell
06:34 -!- varesa_ [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
06:34 -!- frank-- [1000@unaffiliated/thumbs] has joined #openvpn
06:34 -!- badaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
06:34 -!- Netsplit over, joins: funnel
06:34 -!- burp_ [~quassel@ns337126.ip-188-165-218.eu] has joined #openvpn
06:34 -!- Poster|x [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
06:34 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
06:34 -!- james41382_ [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
06:34 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
06:34 -!- Netsplit over, joins: +pekster, +esde, @krzee, @syzzer, roentgen, luckman212, shivanshu, raidz, rich0_, Left_Turn (+101 more)
06:34 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has joined #openvpn
06:34 -!- Netsplit over, joins: Eugene, liriel, kwmiebach, halothe23, Nothing4You, Gman32, Zimsky, someone, gardar
06:34 -!- ServerMode/#openvpn [+o raidz] by barjavel.freenode.net
06:34 -!- Netsplit over, joins: ngharo, @mattock_afk, ender|, @plaisthos, riddle, @dazo, Haigha, @vpnHelper, lev__, Fusl (+35 more)
06:34 -!- hive-mind [pranq@mail.bbis.us] has quit [Max SendQ exceeded]
06:35 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
06:37 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:37 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
06:45 -!- frank-- is now known as thumbs
06:55 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
06:55 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
06:59 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Quit: brb]
07:02 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
07:04 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has joined #openvpn
07:04 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Client Quit]
07:05 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
07:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:27 -!- Denial [~Denial@81.141.23.87] has joined #openvpn
07:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 252 seconds]
07:40 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
07:48 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:50 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Remote host closed the connection]
07:53 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
07:53 -!- mode/#openvpn [+o plaisthos] by ChanServ
07:53 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 255 seconds]
07:54 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
08:25 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
08:27 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:27 -!- mode/#openvpn [+o mattock] by ChanServ
08:27 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 255 seconds]
08:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
08:32 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
08:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
08:55 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
08:56 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:09 -!- LnxNoob [~LnxNoob@lpr83-1-88-168-110-81.fbx.proxad.net] has quit [Ping timeout: 250 seconds]
09:14 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
09:16 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 250 seconds]
09:21 -!- Blanc|AFK is now known as Blanc
09:24 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
09:24 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
09:29 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
09:32 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
09:43 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
09:44 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
09:49 -!- Blanc is now known as Blanc|AFK
09:52 -!- Blanc|AFK is now known as Blanc
09:59 -!- Blanc is now known as Blanc|AFK
09:59 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:02 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Remote host closed the connection]
10:03 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
10:03 < ValdikSS> krzee: hi! Paypal address is not working. How can I make donation?
10:10 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Read error: Connection reset by peer]
10:10 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
10:12 -!- aPollO2k is now known as apollo2k
10:16 -!- hasB4K [~hasB4K@unaffiliated/hasb4k] has joined #openvpn
10:18 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:18 <@plaisthos> ValdikSS: for openvpn?
10:18 < ValdikSS> plaisthos: yes
10:24 -!- sloshy [~user@2601:e:1380:14b2:ba27:ebff:fe99:ccb1] has joined #openvpn
10:31 -!- Malsasa [~Malsasa@36.81.98.242] has joined #openvpn
10:40 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
10:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
10:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:08 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:10 <@plaisthos> ValdikSS: I did not even know there is paypal addresse, where did you get that information?
11:12 -!- Malsasa [~Malsasa@36.81.98.242] has quit [Remote host closed the connection]
11:12 < ValdikSS> plaisthos: https://secure-computing.net/openvpn/openvpn.php
11:12 <@vpnHelper> Title: SCN: OpenVPN IRC Channel Policy (at secure-computing.net)
11:13 <@plaisthos> interesting :)
11:15 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
11:15 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:15 -!- mode/#openvpn [+o mattock] by ChanServ
11:21 -!- lxusrbin [~lxusrbin@2a00:f826:3:2761::6667] has quit [Quit: leaving]
11:26 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
11:27 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 255 seconds]
11:41 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
11:51 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
12:02 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
12:09 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
12:11 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
12:12 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
12:29 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has joined #openvpn
12:32 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 250 seconds]
12:34 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
12:35 -!- end2end [~end2end@91.214.70.206] has joined #openvpn
12:35 < end2end> TLS Protocol with 1024-bit key length and AES-256-CBC crypto-algorithm
12:35 < end2end> is this secure?
12:36 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Ping timeout: 250 seconds]
12:36 <+esde> not the most ideal
12:36 <+esde> <1024 is asking for trouble
12:37 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
12:37 < end2end> esde, ok thanks
12:38 < end2end> esde, do you recommend any OpenVPN providers?
12:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
12:39 <+esde> the only openvpn provider we recommend across the board, is the one you control and operate
12:40 < end2end> ah I get it
12:40 -!- end2end [~end2end@91.214.70.206] has left #openvpn ["Leaving"]
12:58 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Read error: Connection reset by peer]
12:59 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
13:04 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
13:14 -!- Blanc|AFK is now known as Blanc
13:15 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
13:16 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
13:18 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Quit: x]
13:19 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
13:20 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
13:24 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
13:28 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:29 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
13:31 -!- Blanc is now known as Blanc|AFK
13:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
13:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:53 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:59 -!- Blanc|AFK is now known as Blanc
14:05 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:06 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
14:08 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
14:28 -!- u0m3 [~u0m3@92.80.82.3] has joined #openvpn
14:40 -!- u0m3 [~u0m3@92.80.82.3] has quit [Ping timeout: 255 seconds]
14:41 -!- deranged [Bit@lolnerd.net] has joined #openvpn
14:41 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
14:56 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
14:56 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has left #openvpn []
14:56 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 248 seconds]
15:02 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
15:07 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 246 seconds]
15:15 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
15:21 -!- u0m3 [~u0m3@92.80.82.3] has joined #openvpn
15:30 -!- debian_noob [2e174053@gateway/web/freenode/ip.46.23.64.83] has joined #openvpn
15:33 < debian_noob> I have a CentOS VPS (OpenVZ) and am trying to configure OpenVPN on it but I am getting a weird error: http://pastebin.com/eZieQu4H
15:36 < debian_noob> !welcome
15:36 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
15:36 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:36 < debian_noob> !goal
15:36 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:37 < debian_noob> I would like to set up OpenVPN on my VPS (OpenVZ) running Centos 5.11 to securely access the internet from wherever I am.
15:39 < debian_noob> I have generated the keys and edited the configuration files but when I run service openvpn start, I get the following error: http://pastebin.com/eZieQu4H
15:40 < debian_noob> I believe it is some problem with the tun device
15:42 < debian_noob> This is the output of openvpn server.conf: http://pastebin.com/0Ec2b6qV
15:44 < Thermi> debian_noob: You need to be able to create tun devices to be able to use openvpn. Speak to your server hoster and try to get them to grant you the ability to do that
15:48 < debian_noob> I checked /dev/net/tun exists
15:53 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
15:55 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
15:57 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:58 < debian_noob> Thermi: any idea?
15:58 < Thermi> Access rights != existence of the file
15:59 < Thermi> what user do you run openvpn initially as?
15:59 < debian_noob> okay
15:59 < debian_noob> im running as root
15:59 < Thermi> And what are the access rights for the file?
15:59 < debian_noob> crw------- 1 root root 10, 200 Mar 16 21:46 /dev/net/tun
16:00 < Thermi> So only root (uid 0) can access it.
16:00 < Thermi> On my system, it's 666
16:00 < Thermi> you have 600
16:02 < debian_noob> Tried setting to 666
16:02 < debian_noob> No difference (as expected)
16:02 < Thermi> Hmh
16:02 < Thermi> then you are not allowed to create tun devices.
16:03 < Thermi> As I wrote before, contact your server provider.
16:03 < debian_noob> I'll have to contact the hoster?
16:03 < Thermi> Yes
16:03 < debian_noob> Would I be able to do it with tap?
16:03 < Thermi> tap is subject to the same restriction as tun.
16:06 -!- Blanc is now known as Blanc|AFK
16:12 -!- screenn [~screenn@5.248.32.145] has quit [Ping timeout: 248 seconds]
16:14 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
16:18 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
16:18 -!- mode/#openvpn [+v s7r] by ChanServ
16:21 < debian_noob> So there is no way to make a secure UDP connection from a computer to my VPS?
16:24 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
16:30 < Thermi> debian_noob: Not unless you talk to your server owner...
16:31 < debian_noob> Who does not reply to emails :/
16:31 < debian_noob> Okay I guess that's my last resort
16:34 -!- Blanc|AFK is now known as Blanc
16:34 < rob0> !tell debian_noob openvz
16:34 < rob0> !openvz
16:35 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
16:35 < debian_noob> I wish they used Xen
16:36 < debian_noob> I really want to know, why do they not allow this by default?
16:39 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 248 seconds]
16:48 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
16:49 -!- debian_noob [2e174053@gateway/web/freenode/ip.46.23.64.83] has quit [Ping timeout: 246 seconds]
16:50 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
16:54 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
16:58 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
16:59 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
17:06 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
17:08 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:08 -!- mode/#openvpn [+v s7r] by ChanServ
17:16 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
17:16 -!- mode/#openvpn [+o plaisthos] by ChanServ
17:26 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:26 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 246 seconds]
17:27 -!- darkhalo [~darkhalo@63-155-96-170.chyn.qwest.net] has joined #openvpn
17:29 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
17:29 -!- gffa [~unknown@unaffiliated/gffa] has quit [Remote host closed the connection]
17:30 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
17:41 -!- Blanc is now known as Blanc|AFK
17:57 -!- niseak [~niseak@162.222.47.218] has quit [Quit: Leaving...]
18:00 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
18:14 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
18:34 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Ping timeout: 246 seconds]
18:49 -!- _FBi [~B@Aircrack-NG/User] has quit [Disconnected by services]
18:49 -!- _FBi [~B@Aircrack-NG/User] has joined #openvpn
18:49 -!- Guest35325 [B@Aircrack-NG/User] has left #openvpn []
18:50 -!- _FBi [~B@Aircrack-NG/User] has quit [Disconnected by services]
18:50 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
18:50 < _FBi> that's better :D
18:50 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
18:55 -!- sloshy [~user@2601:e:1380:14b2:ba27:ebff:fe99:ccb1] has quit [Read error: No route to host]
19:03 < _FBi> you again...
20:38 <@ecrist> heh
20:56 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
21:03 -!- Malsasa [~Malsasa@36.81.106.173] has joined #openvpn
21:18 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 252 seconds]
21:22 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
21:31 -!- Malsasa [~Malsasa@36.81.106.173] has quit [Ping timeout: 264 seconds]
21:32 -!- Malsasa [~Malsasa@36.81.102.212] has joined #openvpn
21:35 -!- dazo is now known as dazo_afk
21:42 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
21:49 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
22:03 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
22:04 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
22:09 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has quit [Read error: Connection reset by peer]
22:09 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
22:13 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
22:26 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:39 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:41 -!- sleepypc is now known as `hypermist`
22:45 -!- Malsasa [~Malsasa@36.81.102.212] has quit [Remote host closed the connection]
22:50 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 256 seconds]
23:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:17 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has quit [Quit: Leaving.]
23:27 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
23:32 -!- james41382__ [~james4138@gateway/vpn/privateinternetaccess/james41382] has joined #openvpn
23:34 -!- james41382_ [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Read error: Connection reset by peer]
23:42 -!- soLucien [~Lu@130.225.165.39] has quit [Ping timeout: 255 seconds]
23:43 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
23:44 -!- `hypermist` is now known as sleepypc
23:59 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
--- Day changed Fri Mar 27 2015
00:03 -!- screenn [~screenn@5.248.32.145] has joined #openvpn
00:20 -!- sleepypc is now known as `hypermist`
00:43 -!- ShadniX [dagger@p5481DAD0.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:43 -!- ShadniX [dagger@p5DDFC0FE.dip0.t-ipconnect.de] has joined #openvpn
01:08 -!- `hypermist` is now known as sleepypc
01:09 -!- mattock_afk is now known as mattock
01:13 -!- mattock is now known as mattock_afk
01:18 -!- road|runner [~Rene@unaffiliated/roadrunner/x-9036369] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
01:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:43 -!- soLucien [~Lu@130.225.165.39] has quit [Disconnected by services]
02:02 -!- sleepypc is now known as `hypermist`
02:29 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has joined #openvpn
02:34 -!- deranged [Bit@lolnerd.net] has joined #openvpn
03:07 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
03:13 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
03:41 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
03:42 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 252 seconds]
03:48 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
03:55 -!- mattock_afk is now known as mattock
04:10 -!- benoliver999 [~ben@ben.baconseed.org] has quit [Ping timeout: 265 seconds]
04:11 -!- dazo_afk is now known as dazo
04:11 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 252 seconds]
04:15 -!- `hypermist` is now known as sleepypc
04:16 -!- apollo2k is now known as aPollO2k
04:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:53 -!- mattock is now known as mattock_afk
05:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
05:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
05:24 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:03 -!- benoliver999 [~ben@ben.baconseed.org] has joined #openvpn
06:12 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
06:39 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
06:39 -!- mode/#openvpn [+o plaisthos] by ChanServ
07:45 -!- james41382__ [~james4138@gateway/vpn/privateinternetaccess/james41382] has quit [Ping timeout: 265 seconds]
07:47 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 255 seconds]
07:53 -!- stur1 [~user@pD9E26E17.dip0.t-ipconnect.de] has joined #openvpn
07:54 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:54 -!- mode/#openvpn [+o mattock] by ChanServ
08:07 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 248 seconds]
08:09 < stur1> hay, my server is building diffie hellman for 2 hours now and in the meantime i googled for a gui/webinterface to manage my openvpn server  but im a bit stucked now, there are 2-3 projects trying to handle this but im not 100% satisfied about what i found (most seems a bit outdated) any recommendations from you, guys?
08:16 < BtbN> Don't use one?
08:17 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:24 <@plaisthos> stur1: your server is probably having problem generating entropy
08:24 <@plaisthos> just generate the dh file somewhere else
08:24 <@plaisthos> dh parameters are public anyways
08:24 <+pekster> That, or see if something doing disk I/O gives you more (like: find / -type f > /dev/null 2>&1   )
08:25 < BtbN> How big is the dh key you are generating?
08:25 <+pekster> And no real point to use larger than 2048 bits for DH keys (modern RSA crypto doesn't need it)
08:25 < BtbN> They get complex way faster than RSA keys
08:25 <+pekster> 4096 will take a long while, even on modern hardware
08:25 -!- mode/#openvpn [-v pekster] by ChanServ
08:27 < stur1> okay
08:27 < stur1> since its generating for 2-3hours now i will give find / -type f > /dev/null 2>&1 a try
08:29 -!- mode/#openvpn [-o plaisthos] by ChanServ
08:42 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
08:45 -!- elliotdenk [~elliotden@ip-37-201-5-169.hsi13.unitymediagroup.de] has quit [Quit: Leaving.]
09:01 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 246 seconds]
09:08 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
09:22 -!- stur1 [~user@pD9E26E17.dip0.t-ipconnect.de] has quit [Quit: Leaving.]
09:26 -!- Blanc|AFK is now known as Blanc
09:33 -!- u0m3 [~u0m3@92.80.82.3] has quit [Read error: Connection reset by peer]
09:47 -!- soLucien [~Lu@5.57.48.71] has joined #openvpn
09:48 -!- Blanc is now known as Blanc|AFK
10:13 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 264 seconds]
10:16 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
10:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
10:42 -!- meshelton [~user@45.55.160.218] has joined #openvpn
10:42 < meshelton> Hi, Everybody!
10:43 < meshelton> I was wondering if it was possible to route requests to a server running openvpn to a connected vpn client?
10:43 < meshelton> I'm basically trying to run a httpserver on my laptop and have it accessible to the outside world at the address that my openvpn server is sitting at.
10:45 -!- ACKNAK [~regolith@79.133.97.154] has joined #openvpn
10:48 < rob0> Are you already using --redirect-gateway?
10:49 < rob0> Much depends here on the server and client OSs.
10:49 -!- derjanni [~jan@185.16.172.167] has joined #openvpn
10:50 -!- meshelton [~user@45.55.160.218] has quit [Ping timeout: 252 seconds]
11:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:06 -!- Blanc|AFK is now known as Blanc
11:14 -!- soLucien [~Lu@5.57.48.71] has quit [Ping timeout: 246 seconds]
11:14 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
11:15 -!- ACKNAK [~regolith@79.133.97.154] has quit [Remote host closed the connection]
11:19 -!- Blanc is now known as Blanc|AFK
11:22 -!- derjanni [~jan@185.16.172.167] has quit [Quit: Lost terminal]
12:08 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
12:08 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Max SendQ exceeded]
12:14 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
12:30 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:32 -!- u0m3 [~u0m3@92.80.82.3] has joined #openvpn
12:32 -!- u0m3 [~u0m3@92.80.82.3] has quit [Client Quit]
12:35 -!- Sloppy [~sloppy@isls-105.isls.wmin.ac.uk] has joined #openvpn
12:36 -!- Sloppy [~sloppy@isls-105.isls.wmin.ac.uk] has left #openvpn ["Leaving"]
12:53 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 248 seconds]
13:06 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
13:10 -!- MalMen [~MalMen@xmr.link] has joined #openvpn
13:10 < MalMen> hello
13:11 < MalMen> i am trying to setup an openvpn tunnel to exchange services between my servers privatly, but i am with some issues connecting the client to server
13:11 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
13:11 < MalMen> i am getting this message
13:11 < MalMen> error 20 at 0 depth lookup:unable to get local issuer certificate
13:11 < MalMen> ups, not that error, that is caused when i try to verify the crs certeficate on client side
13:11 < MalMen> on cliente side when i try to connect the error is this
13:11 < MalMen> Fri Mar 27 14:09:42 2015 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=PT, ST=CA, L=LBR, O=Fort-Funston, OU=xmr.link, CN=Fort-Funston CA, name=server, emailAddress=admin@xmr.link
13:11 < MalMen> Fri Mar 27 14:09:42 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
13:12 < MalMen> i followed this tuturial,  https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
13:12 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Ubuntu 14.04 | DigitalOcean (at www.digitalocean.com)
13:12 < MalMen> dont know what i missed
13:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:22 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
13:27 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
13:40 <@krzee> !pki
13:40 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-pki
13:40 <@krzee> !certverify
13:40 <@vpnHelper> "certverify" is (#1) verify your certs are signed correctly by running `openssl verify -CAfile <ca.crt> <client.crt>` for client.crt and server.crt or (#2) also make sure you use the same ca.crt on both sides by checking their md5
13:44 -!- aPollO2k is now known as apollo2k
13:48 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
14:11 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Read error: Connection reset by peer]
14:18 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
14:19 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
14:22 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Quit: AF_INET -> AF_INET6]
14:23 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
14:23 -!- mode/#openvpn [+o pekster] by ChanServ
14:23 -!- mode/#openvpn [-o pekster] by pekster
14:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
14:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:32 -!- Denial [~Denial@81.141.23.87] has quit []
14:59 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
15:52 -!- Chais [~Chais@unaffiliated/chais] has quit [Quit: ZNC - http://znc.in]
15:54 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
15:57 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
16:05 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
16:06 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
16:08 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
16:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
16:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:42 -!- magnulu [~magnulu@46.246.20.130] has joined #openvpn
16:55 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
17:00 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:00 -!- mode/#openvpn [+v s7r] by ChanServ
17:05 -!- Tobinski [~tobinski@x2f5a5c0.dyn.telefonica.de] has joined #openvpn
17:52 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
18:07 -!- Tobinski [~tobinski@x2f5a5c0.dyn.telefonica.de] has quit [Quit: Leaving]
18:15 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
18:23 -!- sleepypc is now known as `hypermist`
18:36 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
19:09 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
19:21 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 0.4.3]
19:22 -!- justinzane [~justinzan@24.49.199.88] has quit [Read error: Connection reset by peer]
19:22 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
19:23 -!- justinzane [~justinzan@24.49.199.88] has quit [Read error: Connection reset by peer]
19:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Remote host closed the connection]
19:24 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
19:29 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has quit [Quit: Leaving.]
19:29 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
19:43 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
20:03 -!- dazo is now known as dazo_afk
20:03 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
20:13 -!- jnz [~jnz@unaffiliated/jnz] has joined #openvpn
20:13 < jnz> o/
20:14 < jnz> is there a way to use openvpn without TUN ?
20:20 < pekster> Nope, a tun/tap device is required
20:25 < jnz> damn
20:25 < jnz> bought a vps to find it wasn't enabled :'(
20:25 < jnz> and support is offline for weekend
20:26 < pekster> YOu'll need to ask those that have root to load the kernel module (real root, not the faked chroot "root" customers get.) Or use a real hypvervisor, not chroot-based offerings
20:26 < jnz> yeah :\
20:29 < jnz> how much specs would you need for openvpn?
20:30 < pekster> Depends on your needs; I've done deployments using embedded hardware where the CPU-bound crypto wasn't an important bottleneck for implementation
20:30 < pekster> really it boils down to bandwidth and CPU. The memory requirements of openvpn are very minimal, scaling about linearly by number of clients you connect
20:31 < jnz> ahh
20:31 < jnz> ok
20:39 < phantomcircuit> jnz, fyi https://openvz.org/VPN_via_the_TUN/TAP_device
20:39 <@vpnHelper> Title: VPN via the TUN/TAP device - OpenVZ Linux Containers Wiki (at openvz.org)
20:42 < jnz> yeah been looking
20:45 < jnz> :c
20:45 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
20:47 < jnz> DEDICATED CPU : 0.6 GHZ
20:47 < jnz> these providers are so cheap -.-
20:48 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 264 seconds]
20:50 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 246 seconds]
20:54 -!- justinzane [~justinzan@24.49.199.88] has quit []
20:56 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has quit [Quit: Leaving.]
20:56 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
20:58 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
21:00 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
21:04 -!- marlinc [~marlinc@80.100.128.152] has quit [Ping timeout: 264 seconds]
21:05 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 256 seconds]
21:05 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 250 seconds]
21:07 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
21:08 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
21:11 -!- marlinc [~marlinc@80.100.128.152] has joined #openvpn
21:15 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has quit [Quit: Leaving.]
21:30 -!- marlinc [~marlinc@80.100.128.152] has quit [Ping timeout: 252 seconds]
21:42 -!- marlinc [~marlinc@80.100.128.152] has joined #openvpn
21:46 -!- `hypermist` is now known as sleepypc
22:23 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
22:27 -!- sleepypc is now known as `hypermist`
22:27 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
22:38 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
23:19 -!- justinzane [~justinzan@24.49.199.88] has quit [Remote host closed the connection]
23:20 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
23:27 -!- `hypermist` is now known as sleepypc
23:34 -!- justinzane [~justinzan@24.49.199.88] has quit [Read error: Connection reset by peer]
23:47 -!- sleepypc is now known as `hypermist`
23:48 -!- k2gremlin [~Gremlin@50-201-7-90-static.hfc.comcastbusiness.net] has joined #openvpn
--- Day changed Sat Mar 28 2015
00:07 < k2gremlin> Anyone home?
00:11 < k2gremlin> Anyone ever see this error?
00:11 < k2gremlin> Fri Mar 27 23:10:12 2015 There is a problem in your selection of --ifconfig endpoints [local=192.168.2.100, remote=255.255.255.0]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver.  Try 'openvpn --show-valid-subnets' option for more info.
00:12 < k2gremlin> !paste
00:12 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
00:30 < k2gremlin> Looking for any help. I hope I provided everything that would be needed to diagnose.
00:30 < k2gremlin> http://pastebin.com/ALeniTeX
00:39 < k2gremlin> Anyone??
00:40 -!- ShadniX [dagger@p5DDFC0FE.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:41 -!- ShadniX [dagger@p5DDFF660.dip0.t-ipconnect.de] has joined #openvpn
01:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
02:04 -!- zadock [~zadock@81.180.210.87] has quit [Read error: Connection reset by peer]
02:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
02:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:34 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 265 seconds]
02:34 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Ping timeout: 256 seconds]
02:35 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has joined #openvpn
02:35 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
03:57 -!- k2gremlin [~Gremlin@50-201-7-90-static.hfc.comcastbusiness.net] has quit [Quit: Leaving]
04:23 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
04:26 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 246 seconds]
04:29 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
04:36 -!- apollo2k is now known as aPollO2k
04:37 < aPollO2k> oi
04:46 -!- aep [~aep@libqxt/developer/aep] has left #openvpn ["WeeChat 1.0.1"]
04:53 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:03 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:22 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
05:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
05:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:01 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 245 seconds]
06:04 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:09 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 245 seconds]
06:13 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:34 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 272 seconds]
06:59 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
07:30 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: "Buzzinga"]
07:49 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:06 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
08:47 -!- `hypermist` is now known as sleepypc
08:54 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
08:55 < _cmd_> !welcome
08:55 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:55 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:56 < _cmd_> !/30
08:56 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
08:56 < _cmd_> !topology
08:56 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
08:58 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has left #openvpn ["WeeChat 0.4.2"]
09:33 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
09:44 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
09:45 < _cmd_> !iporder
09:45 <@vpnHelper> "iporder" is (#1) OpenVPN's internal client IP address selection algorithm works as follows: 1 -- Use --client-connect script generated file for static IP (first choice). or (#2) Use --client-config-dir file for static IP (next choice) !static for more info or (#3) Use --ifconfig-pool allocation for dynamic IP (last choice) or (#4) if you use --ifconfig-pool-persist see !ipp
09:45 < _cmd_> !wiki
09:45 <@vpnHelper> "wiki" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN for the Unofficial wiki or (#2) https://community.openvpn.net/openvpn/wiki for the Official wiki
09:51 < matt_> does anybody know if there is any development work to get an openvpn compatiable client for windows phone?
09:53 < _cmd_> what would the optimal udp openvpn server/client mtu settings be with an apparent path mtu of 1460 (max ping size 1432)?
09:57 < matt_> _cmd_: 20 bytes for ip header, 8 bytes for udp header, so 1460 - 28?
09:58 < matt_> _cmd_: openvpn can split single frames / packets into multiple udp payloads so it shouldn't matter too much aslong as its small enough to fit down the link
09:59 < matt_> unlink gre which is a nightmare for fragmentation
09:59 < matt_> *unlike
10:01 < _cmd_> matt_: ok, so no additional overhead beyond the max ping size?
10:02 < matt_> _cmd_: i dont belive so, although icmp headers might be smaller than udp so might have a bigger payload avaliable
10:02 < matt_> ok, google seems to think icmp header is 8 bytes as well
10:04 < _cmd_> matt_: current (default?) mtu for the server is 1500, and i'm working around the issue with mssfix 1400 in the client config... would it be advisable to set the server max mtu to 1432 and then remove the mssfix directive from the client config? road warrior client, if it makes difference
10:05 < matt_> mssfix is different ... mssfix stamps over the mss value in the syn for the 3 way tcp handshake with the value specified
10:06 < matt_> so if you connect to a webserver over https in the tcp syn it will way mss 1400 so the server will know not to send any ip payloads larger than 1400
10:07 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:09 < _cmd_> right... is the "preferred" solution to set the tun-mtu to 1432 (or lower, to 1400) in the server config?
10:09 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 245 seconds]
10:10 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
10:11 < matt_> _cmd_: i would possiably look at --fragment
10:11 < matt_> from the man page: Enable internal datagram fragmentation so that no UDP datagrams are sent which are larger than max bytes.
10:12 < _cmd_> thats' where all the questions started...   ;)
10:12 < matt_> so openvpn will send two packets for a single encaptulated ip packet
10:12 < matt_> lol
10:12 < matt_> from the man page for mssfix: Announce to TCP sessions running over the tunnel that they should limit their send packet sizes such that after OpenVPN has encapsulated them, the resulting UDP packet size that OpenVPN sends to its peer will not exceed max bytes.
10:13 < matt_> as you have probuly seen, normally i see mssfix being used for tcp connections that are running over something like an adsl line were due to the ppp headers you have less than 1500 mtu
10:14 < matt_> if you can get a 1500 mtu tunnel running, even know the client it behind a smaller mtu it should be less of a headake
10:15 < matt_> _cmd_: looking at the config my servers generate I used to have mssfix max being supplied to clients but its commented out so it dosn't look like I need it
10:16 < matt_> and I defently have people connect over adsl lines on smaller mtu's
10:16 < matt_> i used to have fragment max as well but thats also commented
10:17 < _cmd_> yeah... docs seem to indicate mssfix would be optimally be used in conjunction with fragment...
10:17 < matt_> yea
10:18 < _cmd_> it's a somewhat annoying situation... i can connect with no "special" directives when i'm stateside, but from the europes, i apparetnly run into mtu issues
10:18 < matt_> humm ..
10:19 < matt_> are these tun's or tap's?
10:19 < _cmd_> tun
10:19 < matt_> ok
10:20 < matt_> what type of mtu issues?
10:20 < matt_> i have, in the past had vlan tag's over tap's running over adsl lines with smaller mtu's and everything worked ok, just always got one big packet followed by a smaller one
10:21 < matt_> outside the tunnel that it
10:21 < _cmd_> you know, the usual... openvpn client can connect to server, ssh sometimes works, intermittently able to connect to other internal services
10:21 < matt_> are pings intermittent?
10:22 < _cmd_> yup
10:22 < matt_> even smaller ones?
10:22 < _cmd_> client connects and reflects mtu set to 1500... mtu-test says "no go" max 140x on the remote side
10:22 < _cmd_> hence mssfix 1400.. and it's been rock solid with that setting on the client side
10:23 < _cmd_> and why i'm chasing the "preferred" solution
10:24 < matt_> ok
10:25 < matt_> try mssfix max
10:26 < matt_> not saying its the preferred option, tbh i dont know what a preferred option would be, just thats what I would try
10:27 < _cmd_> hehe.... well, i know it's "customary" to set max mtu to 1400 for ipsec
10:27 < _cmd_> i was curious of a similar practice was preferred for openvpn
10:28 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 272 seconds]
10:28 < matt_> _cmd_: ok, not sure
10:28 < matt_> lol
10:28 < matt_> see if, mssfix max and fragment max causes the same issues
10:29 < _cmd_> mssfix max seems to work.. i'll see how that goes or a bit
10:29 < matt_> ok cool
10:31 < matt_> i'm guessing it path mtu descovery is broken you will have to specify it but if thats the cause other things wont work like https traffic
10:31 < matt_> well it might but i find https is normally the first to break
10:33 < _cmd_> up...
10:33 < matt_> _cmd_: humm infact saying all that ... looking at my servers config i have ... push "mssfix 1300"
10:33 < _cmd_> mssfix max no worky connecting to pfsense webconfigurator... back to mssfix 1400
10:33 < matt_> lol
10:34 < _cmd_> hahahhaha
10:34 < matt_> sorry, i was looking at the scripts that generate client configs, thats why its commented out cus i moved to to a push statement
10:35 < _cmd_> yeah... iw as targeting this on the client side.. if it's a "global" fix, i'll push it from the server side
10:35 < matt_> means you can change it if you need to without changeing all the client configs
10:35 < matt_> ahh ok
10:35 < _cmd_> yeah... i just hate "Exceptions"
10:35 < _cmd_> =)
10:36 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
10:39 < matt_> intrestingly in my connection logs on the client i get ... Options error: option 'mssfix' cannot be used in this context ([PUSH-OPTIONS])
10:40 < matt_> but .. if i tcpdump i get ...  UDP, length 1293 as the maximum
10:40 < matt_> so it seems to be working ...
10:42 < matt_> i do have mssfix 1300 set on the server so its probuly just using that and ignoring the push option
10:44 -!- jnz [~jnz@unaffiliated/jnz] has quit [Ping timeout: 265 seconds]
11:10 < _cmd_> heheh
11:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:45 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
12:27 -!- aPollO2k is now known as apollo2k
13:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
13:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:07 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
13:08 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
13:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
13:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:01 -!- LocoMan [~locoman@62-210-236-193.rev.poneytelecom.eu] has joined #openvpn
14:02 < LocoMan> !welcome
14:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:02 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:02 < LocoMan> !goal
14:02 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:03 < LocoMan> !goal I would like to revoke a user from my openvpn server, but if I add the crl-verif line in the server.conf, no one can loggin
14:05 < pekster> You've been issuing unique certs to each distinct user, right?
14:05 < LocoMan> !welcomeyes
14:05 < LocoMan> yes*
14:05 < pekster> Or is your auth based on something else besides (or in addition to) certs?
14:06 < LocoMan> no, just a unique cert for each one
14:06 < pekster> You need a CRL signed by the issuing CA (the one that issued the client certs) and it'll contain an indication of each certificate you have revoked
14:06 -!- apollo2k is now known as aPollO2k
14:06 < pekster> openssl can verify an issued cert against both your CA cert and the crl; see the `openssl verify` command
14:06 < LocoMan> I think I have generated it, using ./revoke-full
14:07 < pekster> THat's from the same CA you signed the CSR with originally, right?
14:07 < LocoMan> I think yes
14:08 < pekster> And you have a copy of the issued cert on that CA system, right? (you should be keeping them for verification needs)
14:08 < LocoMan> yes the user's folder is there
14:08 < pekster> If so, just do this, where client.crt is the previously-issued cert you just revoked and generated the CRL from:
14:09 < pekster> cat path/to/the/crl.pem path/to/issued/client.crt > temp.pem; openssl verify -verbose -CApath path/to/the/ca.crt -crl_check temp.pem
14:10 < LocoMan> ok I try
14:10 < pekster> So you're appending the crl and client PEM data together, then verifying that against the CA checking the CRL
14:10 < pekster> That should fail due to revocation. Then repeat the process for an unrevoked cert (which should pass verification)
14:12 < LocoMan> "error 20 at 0 depth lookup:unable to get local issuer certificate"
14:14 < LocoMan> the same for an unrevoked cert
14:18 < LocoMan> so pekster ?
14:21 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
14:21 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
14:21 -!- badon_ is now known as badon
14:22 < pekster> Sounds to me like that's not the same CA that you used to sign the CSR
14:23 < pekster> Check the AKI of the client cert against the SKI of the CA you're attempting to use as the trust anchor
14:24 < LocoMan> AKI SKI ? I don't understand
14:25 < pekster> openssl x509 -noout -text -in your_cert.crt
14:26 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
14:26 < ShapeShifter499> !clientlan
14:26 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see
14:26 <@vpnHelper> !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
14:26 < ShapeShifter499> !ipforward
14:26 < pekster> It'll give you the SKI (Subject Key Identifier, ie that cert's fingerprint) and AKI (Authority Key Identifier, ie who signed that cert)
14:26 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
14:26 < ShapeShifter499> !linipforward
14:27 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
14:27 < LocoMan> oh ok
14:27 < pekster> LocoMan: Or just give me a pastebin including your ca.crt, unrevoked client cert, and CRL file (all of which is effectively public information.) Don't paste any private keys, obviously ;)
14:27 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 264 seconds]
14:27 < pekster> But yea, check out the bits I mentioned first; I can double-check if you're still confused
14:28 < pekster> If the AKI of your client cert does not match the SKI of the CA, it's not the issuing CA
14:28 -!- raeflondon [raeflondon@got.ourback.net] has joined #openvpn
14:28 < ShapeShifter499> someone might want to update this http://pekster.sdf.org/misc/clientlan.png
14:28 < ShapeShifter499> it'sdown
14:29 < ShapeShifter499> *it's down
14:29 < pekster> It's up here
14:30 < ShapeShifter499> hmm
14:30 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 256 seconds]
14:30 < ShapeShifter499> I think I killed ipv4 trying to openvpn on my router
14:33 < ShapeShifter499> pekster, why no ipv6 man (if you own that site)
14:33 < LocoMan> pekster: keep in mind, I'm a developer. I do system administration only to get what I need, and to do this I apply what's wrote on the tutorial... So, what I wanted to say is that I don't really know how to get AKI and SKI :/
14:34 < pekster> ShapeShifter499: Not mine, just a subdomain off of sdf (which does not get v6 from their network provider)
14:34 < pekster> Obviously only a "problem" if you're on a v6-only network, which realistically is not practical today
14:34 < pekster> s/if/unless/
14:34 < pekster> I might move the stuff hosted there someday, but it's not a priority
14:35 < pekster> If you broke v4, that sounds like your problem ;)
14:35 < pekster> LocoMan: Which is why I gave you the exact command to get it
14:35 < ShapeShifter499> well it seems like the VPN I use does not have ipv6 and I haven't routed ipv4 yet through it
14:35 < pekster> 14:25:50 < pekster> openssl x509 -noout -text -in your_cert.crt
14:35 < pekster> LocoMan: ^
14:36 < LocoMan> yes but how can I distinguish wich one is ?
14:36 < pekster> You mean the text in that output "X509v3 Subject Key Identifier:" isn't obvious enough?
14:36 < pekster> Obviously, that's the SKI
14:36 < pekster> You can probably figure out where the AKI is too ;)
14:37 < pekster> Or just give me the pastebin, as I also indicated above
14:37 < pekster> < pekster> LocoMan: Or just give me a pastebin including your ca.crt, unrevoked client cert, and CRL file (all of which is effectively public information.) Don't paste any private keys, obviously ;)
14:37 < LocoMan> oh shit I'm so noob :O I didn't seen it
14:37 < LocoMan> the AKI and SKI are the same
14:37 < pekster> On the CA? That's expected
14:38 < pekster> If that's true on your _client_ cert you can't do that
14:38 < pekster> (your client cannot be self-signed
14:38 < LocoMan> on the ca.crt
14:38 < pekster> Right. Now compare the AKI of the client to the SKI of the CA
14:39 < pekster> They _should_ match. If not, that is not the CA you used to sign that cert (which is a problem)
14:39 < LocoMan> the AKI of the client is the same as the SKI form CA
14:39 < LocoMan> from*
14:40 < raeflondon> I'm testing a client->server setup where only one user on the client actually has a default route out the VPN tun -- anyone here tried something like this?
14:40 < pekster> Then that should validate. Could you pastebin the PEM certs of the client & CA? The verify command from above should have reported success
14:40 < pekster> LocoMan: Oh, and also check that your server is really using that same CA cert as you just used to test. Things don't work well if the openvpn server process isn't using the same CA, heh
14:41 < LocoMan> I have crl.pem, is there any one else ?
14:41 < pekster> crl.pem, client.crt, and ca.crt
14:41 < pekster> (realy I'd only need the CRL to verify its validity and that the client cert isn't in that list)
14:41 < pekster> You can just paste all the base-64 encoded stuff one after the other
14:42 < LocoMan> ok
14:42 < pekster> (all the bits between the lines like -----BEGIN CERTIFICATE-----)
14:42 < pekster> well, including those ;)
14:44 < LocoMan> it's a bit brainfucking but I'll try
14:44 < LocoMan> applying the last command on crl.pem gave me "unable to load certificate
14:44 < LocoMan> 140604952069800:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
14:44 < LocoMan> "
14:44 < pekster> cat client.crt ca.crt crl.pem > file-to-patebin.pem
14:44 < pekster> Then pastebin that
14:44 < pekster> Should be easy
14:45 < pekster> You don't verify the crl.pem
14:45 < pekster> You _append_ the crl PEm file to the cert you're attempting to verify, then pass the -crl_check command to openssl
14:45 < pekster> (or you can omit that step and just not check to see if it's revoked)
14:45 < pekster> You have a different problem though if you get a validation error on the cert you think is valid
14:46 < pekster> It _should_ be verified by the CA since the AKI of the client matches the fingerprint of your CA
14:46 < pekster> The fact that is fails is interesting, but I can't tell you more without seeing the certs themselves
14:47 < LocoMan> ok, but, the crl.pem revoked the good cert, it's a fact
14:47 < pekster> That's got zero to do with the one you claim is unreovked failing to be verified WITHOUT consulting the CRL
14:47 < LocoMan> the problem is that when I add the crl-verif in server.conf the server start but users are not able to connect
14:47 < pekster> Yes. Sounds like a validation error
14:48 < pekster> You should fix that
14:48 < pekster> You said above you _failed_ a validation check of a cert you have _not_ revoked against your CA, doing the `openssl verify …` test. This should not happen
14:49 < pekster> I'd like to see your certs to give you more info. Or if you don't want to do that, you can determine the cause yourself too
14:51 < LocoMan> I don't know what could you do with them..
14:52 < pekster> Then fix your own problem
14:52 < pekster> I've told you want it is, so now you just need to fix it
14:52 < pekster> You clearly have all the information you think I can provide, so your next step is to correct the validation failure
14:52 < pekster> !topsecret
14:52 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
14:53 < pekster> (btw, every time you connect, you're spraying the certificate details in plaintext on the wire anyway. They're not a secret, and dozens of routers get access to that information. And the NSA, and any employees of those companies looking at traffic)
14:54 < LocoMan> yes but when I look at them, there is no interesting informations.
14:54 < pekster> The fact that it fails verificatin _IS_ interesting
14:54 < pekster> Go fix that
14:54 < LocoMan> I know that...
14:55 < pekster> It should never fail due to no issuing cert if the AKI matches the CA
14:55 < ShapeShifter499> I'm trying to set up my openwrt router to work with openvpn. I just want everything to go through the vpn from the lan
14:55 < pekster> "Something" is very wrong there. Go fix it (and you're obviously not interested in my opinion since you reefuse to provide what I need to dig into your problelm further.)
14:55 < pekster> Stop wasting my time if you want to "hide" your public (⁈) information
14:56 < pekster> ShapeShifter499: Sounds like a basic !redirect setup to me then
14:56 < pekster> !redirect
14:56 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
14:56 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
14:56 < pekster> With openwrt, I'd highly recommend you use the 'option config /path/to/your/ovpn.conf' option in the openwrt UCI config file
14:57 < pekster> If you try to do the config the "UCI way" then you need to ask #openwrt for help, because they do sillyness and "translate" every single openvpn option to their own syntax. It's a pain to maintain unless you're already bought into that appraoch
14:57 -!- raeflondon [raeflondon@got.ourback.net] has left #openvpn []
14:57 < pekster> With the 'option config' method, you just maintain traditional config files and treat your router like "any other openvpn client"
14:58 < pekster> You'll need to get your firewall configured properly to, but that's no different than any router
15:01 < ShapeShifter499> alright
15:02 < ShapeShifter499> !def1
15:02 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
15:02 < pekster> Most of the config happens on the server side (this is your server you'll be connecting to, yes?)
15:02 < ShapeShifter499> pekster, this is a paid vpn
15:02 < ShapeShifter499> I don't control what happens on their end
15:03 < pekster> Then don't worry about the pushed options unless you don't like them
15:03 < pekster> Surely they're already pushing all the relevant options (or aren't very good at what they do)
15:04 -!- Oku71 [~Adium@107.191.34.156] has joined #openvpn
15:04 < ShapeShifter499> pekster, this is the .ovpn config they gave me (with personal info deleted)     https://pastee.org/dbhb7
15:04 < pekster> !intro-to-pki
15:04 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
15:04 < pekster> LocoMan: ^
15:05 < ShapeShifter499> do I add the def1 flag to my ovpn config?
15:06 < pekster> Only if you're not pushed (or are ignoring) the --redirect-gateway option
15:06 < pekster> !logs
15:06 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:07 < pekster> Inspect your logs at --verb 4 to see what's *really* going on
15:07 < pekster> You're somewhat limited in help/advice since you don't control the server-end
15:09 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: "Buzzinga"]
15:11 < ShapeShifter499> pekster, this is what I get https://pastee.org/jwadj
15:11 < pekster> LocoMan: I made a small typo in the verify command: you needed -CAfile to point to your CA. That cert _does_ validate against your CA, but is in the CRL as revoked
15:12 < pekster> LocoMan: You can compare the serial number of the client cert (using openssl x509 ..) and see that the serial number is 0x3 (decimal 3.) The CRL indicates that you have revoked serial number 3, by doing: openssl crl -in crl.pem -noout -text
15:13 < pekster> ShapeShifter499: That's not verb 4. Your config must give a differnet verb level
15:13 < pekster> Oh, hmm, maybe it is (openwrt must omit a bunch of logs due to compile-flags)
15:13 < pekster> See line 21 for your pushed options
15:13 < pekster> In particular, note that def1 is already applied to --redirect-gateway
15:15 < pekster> Slightly amusing that they try to push the unpushable --reneg-sec option. It won't hurt, but it is pointless
15:16 < pekster> ShapeShifter499: But, everything appears to be in order. Routes seem to have been added without error, and so does the connection
15:16 < pekster> Anything else is probably your firewall
15:16 < LocoMan> pekster: the revoked cert is 3 and the one I wanted to revoke is effectively the number 3 (0x3)
15:17 < pekster> So that's fine. You said your problem was problems validation an _unrevoked_ cert. You should check that the same way I just did
15:17 < LocoMan> so we can admit that crl.pem is good ?
15:17 < ShapeShifter499> pekster, fixed it
15:18 < ShapeShifter499> pekster, whatsmyip reports a england ip
15:18 < ShapeShifter499> :D
15:18 < pekster> LocoMan: Right. You should validate the other cert agianst your CA, and check the CRL
15:18 < pekster> cat ca.crt crl.pem > ca-with-crl.pem; openssl verify -crl_check -CAfile ca-with-crl.pem -verbose unnrevoked-client.crt
15:19 < pekster> If _that_ reports a validation issue, you've got bigger problems. It _should_ report OK
15:19 < LocoMan> ok
15:20 < LocoMan> what do you mean by ca-with-crl.pem ?
15:20 < pekster> It's a filename
15:20 < pekster> You create it with the `cat` command. If you don't know about cat, try: man cat
15:21 < pekster> Call it jelly-beans.txt for all it matters
15:21 < LocoMan> oh yes I understand
15:22 < LocoMan> the command returns "OK"
15:22 < pekster> Then the cert is valid
15:22 < pekster> It shouldn't be getting rejected. Why do you think it is?
15:22 < pekster> That was your claim upfront, but I suspect that isn't correct. Check your logs on both ends, particularly the server if it's getting rejected there
15:22 < pekster> !logs
15:22 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:23 < LocoMan> I don't know, I chown it to the openvpn user and group, so it's might not be a permissions problem
15:23 < pekster> Your logs should say. Maybe your crl isn't readable by the unprivileged account?
15:25 < Oku71> I'm thinking about configuring my own openvpn server on a linode (or other cloudbased instance); and I'm wondering how the server's PKI infrastructure can be created without trusting the company that administers the server
15:25 < LocoMan> oh wait, I have a 3rd user, and when I test it with the last command it returns me unable to load certificate
15:25 < LocoMan> 139837739439784:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
15:26 < pekster> Sounds like it's not a certificate
15:26 < ShapeShifter499> pekster, I'm not wrong in thinking this vpn has no ipv6 support correct?
15:26 < pekster> The PEM header must read -----BEGIN CERTIFICATE-----
15:26 < pekster> ShapeShifter499: You're not pushed any v6 addressing, so nope
15:27 < ShapeShifter499> pekster, I'll close down the ipv6 support then
15:27 < Oku71> at the moment; (from what I understand), the PKI can either be generated on the server via an SSH terminal; or locally and then transfered to the server (far less secure).. however in both cases the server's CA remains unencrypted on the server
15:27 < pekster> From what I've seen, these "pay to use us as a proxy" style VPN "providers" are pretty bottom-end, so expecting them to offer IPv6, and do it correctly, is a tall order
15:27 < pekster> Oku71: You can encrypt the CA key, and should do so for increased security
15:28 < pekster> Oku71: What you _should_ do if you value security is NEVER transport private keys; you have your end-nodes (servers & clients) generate their _own_ keypairs, then send the CSR to the issuing CA
15:28 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
15:28 < LocoMan> pekster: oh, yes, the cert is empty
15:29 < pekster> Oku71: Put another way, if you don't completely trust the server, don't put the CA PKI on it. That's usually not recommended best practice, but you find people do it all the time due to convenience. It is a reduction in security to do that, yes
15:29 < Oku71> right; I know not to send private keys over the web for any reason.
15:32 < pekster> Oku71: Not my image, but here's a reasonable diagram: http://swift.siphos.be/aglara/images/04-ca_certificate.png
15:32 < pekster> You'll notice that the CA does _not_ need to be the entity requesting a certificate. Obviously you keep your CA PKI on a trusted system since its compromise will invalidate the entire PKI
15:33 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Bye bye ipv6 freenode! Sadly my vpn does not support. brb]
15:38 < Oku71> pekster:  thanks I'll look in that direction.  previously i was seeing if it was solvable by incorporating a one time password, with something like a yubikey to unlock the CA whenever the server needed it
15:40 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
15:40 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 252 seconds]
15:42 < pekster> wtf?
15:43 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
15:43 < pekster> Your server should _never_ EVER EVER have your CA.key
15:43 < pekster> Ever
15:43 < pekster> ca.crt is public
15:43 < pekster> Share it with the world, post it on your social media pages, etc
15:43 < LocoMan> lol
15:44 < pekster> Why are you even considering putting your ca.key on a server you already admitted you don't trust?
15:44 < pekster> THese links might help you:
15:44 < pekster> !hardening
15:44 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
15:44 < pekster> !intro-to-pki
15:44 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
15:44 < LocoMan> I'll write my cert on the back of my CV
15:44 < pekster> I put my GPG fingerprint on my business cards
15:44 < pekster> (great when you want to exchange fingerprints for signing/validation)
15:46 < LocoMan> pekster: I have an empty client.crt on one of my 3 users, it can be the problem ? (I don't know why it's empty, I share the server with a friend, he did his own user)
15:47 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
15:47 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 250 seconds]
15:48 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
15:48 -!- mode/#openvpn [+v RBecker] by ChanServ
15:51 < pekster> Certificats cannot be "empty"
15:52 < pekster> If you attempt to use one, the _client_ will fail with a very obvious messsage to that effect
15:52 < LocoMan> 0octet
15:52 < pekster> Again, go check your logs
15:52 < pekster> !logs
15:52 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:52 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
15:53 < LocoMan> yes i don't know if he uses his account, but it's a fact, the attached cert is blank
15:54 < pekster> Doesn't mean a valid cert wasn't one issued and then "erased"
15:54 < pekster> index.txt (with openssl) is the "database" of issued certs, but covering that fact up is as easy as removing a line from that file too
15:55 < LocoMan> ok
15:55 < pekster> It's horribly bad practice to not keep a copy of issued certs, in no small part because you can't revoke a cert without knowing its serial
15:55 < LocoMan> ok
15:56 < LocoMan> but, is there a possibility that it could corrupt the crl-verif ?
15:57 < pekster> Dude, you cannot assess the validay of a certificate without _having_ the certificate
15:57 < pekster> If I asked you to add the numbers 5 and ? together, what is the answer?
15:57 < LocoMan> SO THERE'S the probleme
15:57 < pekster> So yes, obviously you will get a failure when providing an "empty" file to be validated
15:57 < pekster> I've no clue how you'd expect any other result
15:57 < pekster> You want to validate "nothing" aginst a PKI?
15:58 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 256 seconds]
15:58 < LocoMan> but how to bypass this one....?
15:58 < pekster> You can't
15:58 < pekster> If you don't have the cert, it's game over
15:58 < pekster> It means you screwed up your PKI
15:58 < LocoMan> :'(
15:58 < pekster> If that cert was ever generated, you apparently have no record of it
15:58 < LocoMan> I can't rebuild this cert and I can't erase it
15:58 < pekster> This effectively means your PKI is (partially) compromised as you have no knowledge or control of how that issued (and presumably valid) cert is used, now or in the future
15:59 < pekster> You might be able to play detective and find the CN of the cert, then use the 'disable' command in a ccd file (see: !ccd) to reject that CN from ever connecting
15:59 < pekster> You could re-issue a cert with the _same_ serial and have openssl revoke it
16:00 < LocoMan> ok wait, I go struggle my friend
16:00 < pekster> But it _must_ have the same serial. If you don't know that (again, see index.txt, or the issued 04.pem file, or w/e the serial was) then you're basically SOL
16:00 < rob0> (or --ccd-exclusive and remove that CN's ccd file)
16:00 < LocoMan> I have the 01.pem that correspond
16:01 < pekster> So, 1) keep better backups. Your CA PKI is critical, and its loss/tampering/destriction is unrecoverable,) and 2) don't let untrusted parties have access to your critical data
16:01 < rob0> I like --ccd-exclusive because it gives you a nice way to have server-side access control.
16:01 < pekster> Oh, and 3) don't let end-users generate keys on your CA PKI. It's bad practice, not required, and exposes your ca.key to them
16:01 < pekster> "key escrow" always has been a horrible idea
16:02 < pekster> I guess I see the use in complex environments where  you need the intended user, and a responsible party to have access in the event it's required, but usually you need to build in access/auditing to such layouts
16:02 < pekster> That doesn't apply to openvpn though
16:03 < LocoMan> euh ok
16:06 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
16:10 -!- xxavi [xxavi@masterus.xshellz.com] has joined #openvpn
16:10 < xxavi> hi
16:11 < xxavi> I get this error: 'Options error: --txqueuelen not supported on this OS' with FreeBSD, somebody can help me ?
16:11 < LocoMan> so pekster y have opened index.txt, the cert is "V", and I have the CN, Name, email, etc correct. Can I rebuild the cert ?
16:13 < pekster> No. The cert is signed with bits of the _private_ key
16:14 < pekster> If you have 01.pem, that _is_ the cert
16:15 < LocoMan> so, can you please take my hand and guide me how can I have a correct client.crt with 01.pem and index.txt ?
16:19  * pekster sighs
16:19 < pekster> man cp
16:20 < pekster> If 01.pem is the cert, then you BLOODY COPY IT
16:20 < pekster> cp 01.pem client.crt
16:20 < pekster> Done
16:20 < pekster> There's your cert
16:20 < LocoMan> woot
16:20 < LocoMan> nice
16:20 < pekster> You really couldn't figure that out?
16:20 < LocoMan> thx
16:20 < pekster> !101
16:20 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
16:20 < LocoMan> ....you know, I'm tired, I'm developer
16:21 < LocoMan> Et to me it's to fool to have 2 files with the same content
16:21 < LocoMan> and*
16:21 < pekster> You really need to know Unix/Linux CLI basics if you've been given shell access
16:21 < pekster> In this case, you're quite lucky the certs are stored as both <serial>.pem and by name
16:22 < pekster> In the future, don't delete important files from your PKI
16:23 < LocoMan> .... I didn't deleted it
16:23 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:23 < LocoMan> We are two on this server
16:26 < LocoMan> so, the probleme where not here
16:27 < pekster> Whatever. How you manage your OS and filesystem is on you. If you want blank files all over the place: man touch
16:27 < pekster> That's utterly unrelated to openvpn and PKI management to the point that you know what's going on
16:30 -!- Netsplit *.net <-> *.split quits: shootbird, nomad_fr, nlb, luckman212, cellardoor, d10n, phantomcircuit, _cmd_, xTz
16:30 -!- Netsplit over, joins: phantomcircuit
16:31 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 245 seconds]
16:31 -!- Netsplit over, joins: shootbird, nomad_fr
16:31 -!- Netsplit over, joins: _cmd_
16:34 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
16:35 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
16:37 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
16:48 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
16:48 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:50 -!- badon__ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:51 -!- badon__ is now known as badon
16:52 -!- screenn [~screenn@5.248.32.145] has quit [Ping timeout: 265 seconds]
16:53 -!- badon_ [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 272 seconds]
17:07 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:07 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:07 -!- badon_ is now known as badon
17:08 -!- aPollO2k is now known as apollo2k
17:10 -!- Oku71 [~Adium@107.191.34.156] has left #openvpn []
17:13 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
17:19 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 248 seconds]
17:19 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
17:22 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:22 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:22 -!- badon_ is now known as badon
17:26 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
17:28 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 245 seconds]
17:30 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
17:37 -!- Raansu [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
17:37 -!- Raansu [~ShapeShif@unaffiliated/shapeshifter499] has quit [Client Quit]
17:40 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 252 seconds]
17:43 -!- MalMen [~MalMen@xmr.link] has quit [Ping timeout: 246 seconds]
17:50 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
18:03 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 256 seconds]
18:04 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
18:11 -!- sleepypc is now known as `hypermist`
18:15 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Read error: Connection reset by peer]
18:26 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 265 seconds]
18:27 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 248 seconds]
18:30 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
19:11 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: sleep or sleep?   yea I gotta sleep. bbl]
19:49 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
20:14 -!- raeflondon [raeflondon@got.ourback.net] has joined #openvpn
20:44 -!- xxavi [xxavi@masterus.xshellz.com] has quit [Remote host closed the connection]
20:51 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Ping timeout: 244 seconds]
20:51 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
20:53 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Excess Flood]
20:54 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
21:05 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
21:11 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
21:19 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
21:23 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Client Quit]
21:23 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
21:23 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Client Quit]
21:25 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
21:38 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Quit: x]
21:48 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
23:02 -!- cheesenbiscuits [~cheesenbi@124.13.88.116] has joined #openvpn
23:46 -!- ShadniX [dagger@p5DDFF660.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:47 -!- ShadniX [dagger@p5481C656.dip0.t-ipconnect.de] has joined #openvpn
23:52 -!- raeflondon [raeflondon@got.ourback.net] has quit [Quit: leaving]
--- Day changed Sun Mar 29 2015
00:05 -!- cheesenbiscuits [~cheesenbi@124.13.88.116] has quit [Ping timeout: 244 seconds]
00:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 250 seconds]
00:21 -!- screenn [~screenn@5.248.32.145] has joined #openvpn
00:32 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
00:53 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:02 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
01:30 -!- screenn [~screenn@5.248.32.145] has quit [Remote host closed the connection]
02:08 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 264 seconds]
02:33 -!- varesa_ is now known as varesa
03:06 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
03:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
03:42 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Remote host closed the connection]
03:44 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
03:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:11 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:22 -!- `hypermist` is now known as sleepypc
04:40 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Excess Flood]
04:40 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
04:40 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Client Quit]
04:40 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
04:44 -!- sleepypc is now known as `hypermist`
04:46 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
05:09 -!- `hypermist` is now known as sleepypc
05:11 -!- sleepypc is now known as `hypermist`
05:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
05:51 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:56 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
06:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:33 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:48 -!- funnel [~funnel@unaffiliated/espiral] has quit [Remote host closed the connection]
07:09 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
07:26 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: bbl]
07:50 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
08:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:13 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
08:14 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
08:15 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
08:15 -!- mode/#openvpn [+o plaisthos] by ChanServ
08:19 -!- yang [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
08:21 < yang> How secure is 2048bit p2p encryption, what is the maximum bit-size for the key to be created and what are the (bad) implications of having a larger key - in terms of probably higher CPU usage and maybe more traffic generated for encryption ?
08:41 < rob0> Encryption compresses raw data.  There should be no measurable difference regardless of key size.
08:57 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
09:18 -!- `hypermist` is now known as sleepypc
09:27 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
09:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
09:38 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
09:43 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:37 -!- rbxs [~rbxs@92.63.171.51] has quit [Quit: ZNC - http://znc.in]
10:47 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
10:51 < pekster> yang: Presumably you're referring to the asymmetric (X.509 keypair) sizes as openvpn's symmetric ciphers only go up to a max of 512 currently. Somewhere past 2048 and 3072 (give or take) both the initial keypair generation and TLS handshake will take much longer
10:52 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
10:52 -!- mode/#openvpn [+v RBecker] by ChanServ
10:52 < pekster> You'll also noticed significant delays on lower CPU environments, notably embedded (SOHO routers, mobile devices like phones/tablets, etc
10:52 < yang> ok
10:52 < pekster> This can also have a negative impact over lossy of latent links where you cannot even get a TLS handshake complete with, say, a 4096 bit key, where you might have been able to with a key that can negotiate faster
10:52 < pekster> Was that the info you were looking for?
10:53 < yang> yes
10:53 < yang> thank you
11:01 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
11:27 -!- n3ptun [~n3ptun@HSI-KBW-37-209-104-85.hsi15.kabel-badenwuerttemberg.de] has joined #openvpn
11:29 < n3ptun> hello all.I have two sites connected with openvpn, dev-tun. LAN1<-->LAN2. So far so good, now every host in LAN1 can connect to any host on LAN2 and vice-versa. But I would like to restrict access so only LAN1-hosts can connect to LAN2 hosts but NOT vice-versa. I want to block LAN2--to-->LAN1
11:30 < n3ptun> how can I do that with iptables? I tried something like "iptables -A forward -i tun+ -s 10.20.30.0/24 -j DROP" whereas 10.20.30.0/24 is the OpenVPN subnet on LAN2 side but that doesn't seem to take effect. I still can ping from LAN2 into LAN1
11:31 -!- Poster|x is now known as Poster
11:31 < pekster> -A appends; it's best to work on complete _rulesets_ of Netfilter rules, not blindly append to an existing ruleset. This said, that is surely not what you want to do before considering stateful replies because you _do_ need the return traffic to come back
11:33 < pekster> fwiw, there's #Netfilter as well (often more useful for purely Netfilter rule help.) In brief, you want to 1) correctly permit stateful traffic in any direction on filter/FORWARD, 2) permit the traffic you do want, and 3) use the recommended DROP policy to filter/FORWARD so you implicitly deny everything else
11:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:16 -!- gdot [~troete@p5491D6C1.dip0.t-ipconnect.de] has joined #openvpn
12:16 < gdot> !paste
12:16 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
12:18 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
12:27 < ljvb> freaking hell.. openvpn client on android is driving me nuts
12:28 < ljvb> HMAC issue that does nto appear on iphone or fbsd clients.. (just got a replacement nexus 6.. old one worked.. new one.. not so much)
12:31 < ljvb> hmm.. apparenlty bug 428.. but no resolution yet
12:40 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
12:40 < pekster> ljvb: Try the real openvpn codebase, not "Connect"
12:40 < pekster> !connect
12:40 <@vpnHelper> "connect" is (#1) OpenVPN Connect is part of the commercial, non-free (non-GPL) corporate offering; see #openvpn-as for help with these. For the community-maintained GPL OpenVPN, see !download for download links, !android for GPL-openvpn on Android, or !howto for the beginner how-to guide or (#2) https://forums.openvpn.net/post34969.html#p34969 or (#3) the source is here:
12:40 < pekster> !android
12:40 <@vpnHelper> http://staging.openvpn.net/openvpn3/ except for the portion that may not be released because of NDA with apple (for its vpn API)
12:40 <@vpnHelper> "android" is (#1) an open source OpenVPN client for ICS is available in Google Play, look for OpenVPN for Android. FAQ is here: http://code.google.com/p/ics-openvpn/wiki/FAQ or (#2) Direct Play link: https://play.google.com/store/apps/details?id=de.blinkt.openvpn or (#3) Old (pre-ICS) device? See: !android-old or (#4) You can get the apk directly from http://plai.de/android/ or (#5)
12:40 <@vpnHelper> https://code.google.com/p/ics-openvpn/wiki/FAQ
12:40 < pekster> For help with the commercial offerings, see:
12:40 < pekster> !as
12:40 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
12:41 < ljvb> thanks, I actually did fix it (very very stupid.. forgot AUTH statement in the client file
12:41 < pekster> That'll do it
12:41 < pekster> Remember that your --cihper, --auth, --tls-auth, --comp-*, and at least one overlapping TLS-cipher-suite via --tls-cipher must match between peers
12:42 < ljvb> yeah, it was a stupid mistake, used an older backup of my iphone config which predates a couple of changes I made server side
12:52 < ljvb> I actuallu have both clients installed and was having the same issue with both till I figured out my stupid mistake..
12:53 < ljvb> Another problem I am having.. Amazon streaming is sensitive to dropped packets, and I had to disable hardware interface acceleration due to serious performance issues (happens when your VPN server is a VPS)
12:54 < ljvb> getting a lot of dropped packets (would not be an issue except my 2.5 year olds Bubble Guppies... kmn.... keeps getting interupted and he freaks out lol)
12:54 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 265 seconds]
12:55 < pekster> openvpn can't really do much if you have packet loss over the transport layer you're using. given that tun is a software (kernel) emulated IP driver, there's no support AFAIK for hardware acceleration anywhere there
12:56 < pekster> Use of UDP is vastly preferred over TCP due to poor TCP performance in the face of latency or loss when it's stacked
12:56 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
12:56 < pekster> (both TCP layers think they should deal with fast/slow retransmits, and things begin to break down quickly with even minimal transport problems)
12:59 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:19 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
13:29 < pekster> !factoids search dd-wrt
13:29 <@vpnHelper> "dd-wrt" is (#1) While some users have success with dd-wrt, the build system isn't very accessible to users and there have been security issues with the distro. Consider carefully if this is the platform you want to use for OpenVPN or (#2) Firewall oopsie : http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783 or (#3) more issues: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=84536
13:49 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:13 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
14:24 -!- n3ptun [~n3ptun@HSI-KBW-37-209-104-85.hsi15.kabel-badenwuerttemberg.de] has left #openvpn []
14:59 -!- jnz [~jnz@unaffiliated/jnz] has joined #openvpn
14:59 < jnz> o/
14:59 < jnz> i am wanting to only route traffic from a specific port through the vpn, is this possible ?
15:34 < gdot> SPI-like behaviour despite no apparent SPI: WindowsA and DebianA are part of LAN_A. DebianA is an OpenVPN client (including an iroute-statement in its ccd-file for LAN_A) that connects to an OpenVPN server on my VPS. Now, when I connect to with ClientB to the VPS and ClientB gets the route for LAN_A via its ccd, WindowsA remains unpingable from ClientB...
15:35 < gdot> ...until WindowsA pings ClientB
15:37 < gdot> what could be the cause here? default gateway for WindowsA and DebianA is a TP-Link WDR3600 which has explicitly been told via a static route entry to route all traffic for $vpn_subnet to LAN IP of DebianA
15:48 -!- k2gremlin [~Gremlin@50-201-7-90-static.hfc.comcastbusiness.net] has joined #openvpn
15:52 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:55 -!- k2gremlin [~Gremlin@50-201-7-90-static.hfc.comcastbusiness.net] has quit [Quit: Leaving]
16:38 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Quit: ZNC - http://znc.in]
16:43 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:49 < matt_> jnz: you should be able to do that with an iptables mark, an iproute fwrule and a second routing table
17:10 -!- blackswan [~hermit@2601:a:8c0:95:ba76:3fff:feb9:3381] has joined #openvpn
17:10 < blackswan> hi. i'm trying to get the current version of openvpn from macports running on mac os yosemite.
17:11 < blackswan> i have this configuration working from an ipod and ipad and android phone with openvpn connect and from a debian box with the version of openvpn in jessie
17:11 < blackswan> so i am pretty sure it is not *completely* broken
17:11 < blackswan> the server is a d-link wifi router running openwrt
17:12 < pekster> tunnelblick is the popular openvpn choice on OS X
17:12 < blackswan> my problem is that the utun0 device isn't getting assigned an ip address
17:12 < blackswan> and therefore no routes
17:12 < blackswan> so, should i just dump the macports openvpn and use tunnelblick?
17:13 < pekster> That'd be my recommendation, unless you had exotic needs (need to apply your own source patches or something)
17:13 < blackswan> i might have exotic needs in the future. i'm the sort of person who develops exotic needs...
17:14 < blackswan> tunnelblick is open source though so i can apply my own patches if i need to
17:14 < pekster> Yea, they've got a 'cBuild' page on their wiki
17:15 < blackswan> i'd like not to need to, that gets old after a while
17:23 < blackswan> hmm. same problem with tunnelblick. i
17:23 < blackswan> 'll reboot and see if this is residue from my screwing around earlier.
17:23 < pekster> Check the logs at --verb 4
17:24 < pekster> That should also include the pushed addressing, provided that actually happened
17:24 <@plaisthos> blackswan: note that openvpn connect on ios/android are different implementation
17:24 < blackswan> i had already checked that with the macports openvpn and didn't see anything obvious about an address being assigned
17:24 < blackswan> plaisthos: yes, i know
17:24 <@plaisthos> try openvpn for android if you want an implementation that is similar to the mac version
17:24 <@plaisthos> blackswan: k
17:29 < pekster> Thekn check your --verb 4 logs from the server
17:30 < pekster> Maybe your pool is too small, or you're using static-only addressing and neglected to push one
17:46 < blackswan> the server seems to think it's assigning an address, it's just never getting set on the utun0 interface
17:46 < blackswan> and i must eat
17:48 < blackswan> if i set the address manually it works. *sigh*
17:49 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 244 seconds]
17:52 < pekster> You skipped the step where I asked you to verify it was getting pushed
17:53 < pekster> Actually *check* your PUSH_REPLY at --verb 4. On the *client*.
17:53 < pekster> You said earlier it wasn't, but then the server wouldn't think it was
17:54 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
17:58 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Client Quit]
18:02 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
18:14 -!- gdot [~troete@p5491D6C1.dip0.t-ipconnect.de] has quit [Remote host closed the connection]
18:33 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
18:42 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
18:50 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
18:51 -!- sleepypc is now known as `hypermist`
19:19 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
19:19 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
19:19 -!- mode/#openvpn [+v s7r] by ChanServ
19:28 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:40 -!- blackswan [~hermit@2601:a:8c0:95:ba76:3fff:feb9:3381] has quit [Ping timeout: 265 seconds]
19:56 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
20:40 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 264 seconds]
20:46 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:55 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:07 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
21:08 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
21:11 -!- james41382_ is now known as james41382
21:19 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
21:26 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 244 seconds]
21:46 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:04 -!- UserUS [~Client58@pool-173-61-27-143.cmdnnj.fios.verizon.net] has joined #openvpn
22:15 -!- UserUS [~Client58@pool-173-61-27-143.cmdnnj.fios.verizon.net] has quit []
22:36 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
22:36 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
22:54 -!- `hypermist` is now known as sleepypc
22:57 -!- sleepypc is now known as `hypermist`
22:59 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:16 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
23:26 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:45 -!- ShadniX [dagger@p5481C656.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:46 -!- ShadniX [dagger@p5481DA77.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Mar 30 2015
00:21 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
00:22 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 252 seconds]
00:23 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
00:30 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:41 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:41 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
01:06 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
01:22 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 250 seconds]
01:24 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
01:37 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 245 seconds]
01:39 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
01:46 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:46 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
02:04 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 245 seconds]
02:04 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:20 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:20 -!- mode/#openvpn [+o mattock] by ChanServ
02:21 -!- `hypermist` is now known as sleepypc
02:32 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
02:44 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Read error: Connection reset by peer]
02:44 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
02:46 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:46 -!- mode/#openvpn [+o mattock] by ChanServ
02:48 -!- sleepypc is now known as `hypermist`
02:51 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
03:00 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Read error: Connection reset by peer]
03:00 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
03:13 -!- cagedwisdom [~X@124-148-47-81.dyn.iinet.net.au] has joined #openvpn
03:19 < cagedwisdom> my openvpn isn't working. i think it's a routing issue. ive pasted my before and after route on my client here http://pastebin.com/xHHEufgu
03:19 < cagedwisdom> can anyone help
03:19 -!- soLucien [~Lu@5.57.48.71] has joined #openvpn
03:19 < cagedwisdom> I am using push "redirect-gateway def1 bypass-dhcp"
03:37 -!- dazo_afk is now known as dazo
04:00 -!- `hypermist` is now known as sleepypc
04:04 -!- MalMen [~MalMen@xmr.link] has joined #openvpn
04:08 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
04:09 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:09 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
04:09 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:10 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
04:22 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:45 -!- meepmeep [meepmeep@end.of.cylind.re] has left #openvpn ["WeeChat 1.1.1"]
04:48 -!- sleepypc is now known as `hypermist`
05:12 -!- marlinc [~marlinc@80.100.128.152] has quit [Ping timeout: 264 seconds]
05:12 -!- jnz [~jnz@unaffiliated/jnz] has quit [Ping timeout: 265 seconds]
05:18 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has joined #openvpn
05:58 -!- cagedwisdom [~X@124-148-47-81.dyn.iinet.net.au] has quit [Remote host closed the connection]
05:59 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
05:59 -!- mode/#openvpn [+o plaisthos] by ChanServ
06:38 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
06:39 -!- tsing [~tsing@gintama.tsing.org] has quit [Client Quit]
06:58 < leo2007> is there any reason to prefer `cipher AES-256-CBC` over `cipher AES-128-CBC`?
06:59 < BtbN> The one uses aes256?
07:01 < leo2007> what?
07:02 < BtbN> It's aes256 vs. aes128
07:07 < leo2007> BtbN: I searched the net and cannot get a clear picture which is better, aes256 vs aes128.
07:07 <+esde> well better is a poor standard
07:08 < BtbN> Well, one uses 256 bit for its keys, the other one just 128
07:08 <+esde> indeed
07:08 < BtbN> But 256 has some attacks that don't work for 128, but it's over all still more complex to attack than 128
07:12 < leo2007> BtbN: thanks for the info. but aes256 has 40% more cpu cost?
07:13 < BtbN> no idea, but modern CPUs have AES acceleration anyway.
07:16 -!- `hypermist` is now known as sleepypc
07:17 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
07:19 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: rebooting the router, brb]
07:20 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
07:20 -!- BtbN [btbn@btbn.de] has joined #openvpn
07:21 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
07:24 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
07:24 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
07:28 -!- _Cyclone_ [~Cyclone@66.129.241.12] has joined #openvpn
07:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:34 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
07:43 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
07:45 -!- s7eele [~s7eele@108.59.12.84] has joined #openvpn
08:00 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
08:05 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
08:20 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:27 -!- soLucien [~Lu@5.57.48.71] has quit [Disconnected by services]
08:51 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
08:55 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
09:02 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Remote host closed the connection]
09:03 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
09:13 < shootbird> hey guys keep getting unroutable control packet during TLS negotiation - I've verified both systems are set to timesync via ntp, and they match
09:13 < shootbird> any suggestions?
09:15 < MalMen> i am with a problem when i start the vpn, i lost all the other internet connections
09:15 < MalMen> i think it may be a route problems, but with no access to the server i cant check where is actualy the problem
09:16 < shootbird> here's a pastebin - http://pastebin.ca/2966471 - this config, worked perfect for a month standing.  Now getting these weird unroutable control packets
09:16 < shootbird> wondering if my ISP is messing around
09:17 < shootbird> server side reports: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
09:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: rebooting everything! brb]
09:23 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:25 < shootbird> server side also shows a lot of "new session incoming  connection from ..."
09:25 < shootbird> then cycles with TLS Handshake failed
09:25 -!- cassolas [~textual@181.41.205.206] has joined #openvpn
09:25 < cassolas> rails
09:25 < shootbird> yeah this is odd, the connection worked perfect for 2-3 months
09:25 < shootbird> with same config/boxes, ISP etc
09:27 < shootbird> hmm, changed server side port and same issue
09:33 < shootbird> odd....I've never seen an issue like this
09:45 < shootbird> how do I troubleshoot TLS negotiation issues like this?
09:46 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:46 -!- cassolas [~textual@181.41.205.206] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:49 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 245 seconds]
09:52 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 250 seconds]
09:52 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
10:01 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
10:02 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
10:06 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
10:06 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
10:09 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:16 -!- krphop [~krphop@watch.out.the.feds.are.rightbehind.us] has joined #openvpn
10:18 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Ping timeout: 265 seconds]
10:19 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
10:29 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 256 seconds]
10:31 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Quit: ZNC - http://znc.in]
10:33 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
10:36 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
10:39 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
10:43 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Quit: ZNC - http://znc.in]
10:43 <@dazo> !crystal
10:43 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
10:44 -!- marlinc [~marlinc@ip1.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
10:45 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
10:47 < shootbird> dazo: I pasted logs ^^^
10:48 <@dazo> shootbird: oh, that wasn't for you ... it was for something I needed to check
10:48 < shootbird> oh ok
10:48 < shootbird> k lol my bad
10:49 -!- marlinc [~marlinc@80.127.116.81] has joined #openvpn
11:04 -!- LocoMan [~locoman@62-210-236-193.rev.poneytelecom.eu] has quit [Quit: merci pekster]
11:06 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
11:27 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:35 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 246 seconds]
11:39 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:44 -!- mjkr_ [c7b4ffee@gateway/web/freenode/ip.199.180.255.238] has joined #openvpn
11:44 < mjkr_> can someone give a list of competitors against openvpn in the market of udp-based vpn solutions?
11:45 < rob0> did you look at wikipedia?
11:47 < mjkr_> from wikipedia there's juniper and cisco's ssl vpn
11:47 < mjkr_> but i want  a better list
11:50 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
11:51 < mjkr_> it's worth noting there though that dtls actually doesn't have authenticated disconnect
11:55 -!- danrogl [~d.park@94.31.52.82] has joined #openvpn
12:00 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
12:01 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
12:06 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 256 seconds]
12:17 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
12:19 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 245 seconds]
12:27 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
12:30 -!- Blanc|AFK is now known as Blanc
12:38 -!- hasB4K [~hasB4K@unaffiliated/hasb4k] has quit [Read error: Connection reset by peer]
12:45 -!- marlinc [~marlinc@80.127.116.81] has quit [Ping timeout: 264 seconds]
12:50 -!- marlinc [~marlinc@80.127.116.81] has joined #openvpn
12:57 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:03 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
13:04 -!- zadock [~zadock@81.180.210.87] has quit [Ping timeout: 265 seconds]
13:06 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
13:08 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:08 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Quit: x]
13:09 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
13:17 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
13:21 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
13:21 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:21 -!- badon_ is now known as badon
13:23 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Client Quit]
13:33 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Quit: Computer has gone to sleep.]
13:33 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has joined #openvpn
13:33 -!- kexmex [~kexmex@ool-43544c8c.dyn.optonline.net] has quit [Max SendQ exceeded]
13:35 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
13:46 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
14:00 -!- Blanc is now known as Blanc|AFK
14:15 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
14:18 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
14:25 -!- darkhalo [~darkhalo@63-155-96-170.chyn.qwest.net] has quit [Ping timeout: 272 seconds]
14:30 -!- s7eele [~s7eele@108.59.12.84] has quit [Ping timeout: 265 seconds]
14:34 -!- s7eele [~s7eele@108.59.12.84] has joined #openvpn
14:38 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
14:46 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
15:10 -!- marlinc [~marlinc@80.127.116.81] has quit [Quit: Byebye]
15:11 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
15:22 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
15:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:05 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:07 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
16:15 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
16:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
16:25 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 250 seconds]
16:32 -!- deranged [Bit@lolnerd.net] has joined #openvpn
16:39 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
16:39 -!- mode/#openvpn [+o dazo_afk] by ChanServ
16:40 -!- dazo_afk is now known as dazo
16:41 -!- oddroot [~oddroot@S0106525400a1452c.ok.shawcable.net] has joined #openvpn
16:45 < oddroot> there any good howtos on how to use a commercial cert with openvpn? few of the search i've done seems to figure it is either not worth the headache, or hard to pull off, as you have to use them to sign the client certs
16:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:55 -!- jnz [~jnz@unaffiliated/jnz] has joined #openvpn
16:55 < jnz> o/
16:55 < jnz> hello
17:01 < jnz> Getting some strange behavior from openvpn
17:01 < jnz> occationally it will prevent internet access
17:01 < jnz> but i can still do actions through ssh to the openvpn server
17:02 < jnz> it's just traffic outside of the vpn server gets blocked for 10seconds or so
17:02 < jnz> then comes back to normal
17:02 < jnz> logs don't state anything
17:03 < jnz> any ideas on how to troubleshoot ?
17:16 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
17:22 < oddroot> drop verb 9 into your server.conf and take a look at too much logging?
17:23 < rob0> could be lag?
17:23 < rob0> If you redirect-gateway and one pipe or the other is lacking, lag is not unusual.
17:24 < rob0> oddroot, why would you want a commercial cert?
17:25 < rob0> Do you want to allow other customers of that CA to have access to your VPN?
17:26 < oddroot> was just a requirement someone handed to me
17:26 < oddroot> said i had to use commercial certificates
17:26 < oddroot> we got a load balancer in front that is using them, to balance between two open vpn servers
17:27 < oddroot> i told them that it sort of sucked to use commercial certs, as we'd have to reissue yearly (only let us have 1 year certs)
17:27 < oddroot> and that the clients would need to grab new configs yearly, and that the only place those certs show up, is in the client for 3 seconds before it auto closes itself
17:27 < rob0> The person who set that requirement needs to understand more.
17:29 < oddroot> yeah and my overall understanding of PKI is pretty weak
17:29 < oddroot> i got my cert/key/ca bundle
17:29 < oddroot> but i dont' really see how i make my dh.pem and static.key
17:30 < rob0> The CA's signature is what authenticates clients to the server and vice versa.
17:30 < oddroot> doesn't seem like i can use a commercial cert and then sign my own client.crt?
17:30 < rob0> You *really* do not want the signer to be outside of your organization.
17:31 < rob0> easy-rsa is not that difficult
17:31 < oddroot> no it doesn't look that way, many howtos on how to quickly run through that part
17:41 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
18:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
18:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
18:34 -!- _Cyclone_ [~Cyclone@66.129.241.12] has quit [Ping timeout: 264 seconds]
18:39 -!- sleepypc is now known as `hypermist`
18:48 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
18:54 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
19:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 248 seconds]
19:07 -!- dazo is now known as dazo_afk
19:33 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
19:37 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
19:37 -!- mode/#openvpn [+v s7r] by ChanServ
19:50 -!- defswork [~andy@mailhost.mirrormail.co.uk] has quit [Ping timeout: 265 seconds]
20:03 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
20:34 -!- mjkr_ [c7b4ffee@gateway/web/freenode/ip.199.180.255.238] has quit [Ping timeout: 246 seconds]
20:37 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
20:39 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
20:44 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 246 seconds]
21:16 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:36 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
21:43 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 255 seconds]
21:44 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
21:44 -!- mode/#openvpn [+v s7r] by ChanServ
21:53 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:50 -!- `hypermist` is now known as sleepypc
23:11 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
23:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
23:12 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:30 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:32 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 256 seconds]
23:37 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 272 seconds]
23:43 -!- ShadniX [dagger@p5481DA77.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:44 -!- ShadniX [dagger@p5481D085.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Tue Mar 31 2015
00:14 -!- chocolate [~chocolate@187.181.101.220] has joined #openvpn
00:35 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 255 seconds]
00:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 248 seconds]
00:41 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:48 -!- sleepypc is now known as `hypermist`
00:51 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:51 -!- mode/#openvpn [+o mattock] by ChanServ
00:54 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
01:10 -!- Reaperblade [~reaperbla@202.45.126.66] has joined #openvpn
01:11 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Ping timeout: 264 seconds]
01:15 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
01:23 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:23 < leo2007> I have `replay-persist replay.txt` but I am not sure what it does. the file replay.txt is never created. Ideas? openvpn 2.3.6 here
01:33 -!- chocolate [~chocolate@187.181.101.220] has quit [Quit: chocolate]
02:01 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
02:04 -!- Reaperblade [~reaperbla@202.45.126.66] has quit [Remote host closed the connection]
02:20 -!- hojgaard [~dh@2001:470:5349::1000] has joined #openvpn
02:21 < hojgaard> Hello folks.. I have setup a VPS with openvpn and ipv6 support.. I correctly get an ipv6 address when i browse from my client..
02:22 < hojgaard> But i want to only browse with ipv6, not ipv4 (to be sure i only reach ipv6 enabled sites) - how can i do that?
02:22 -!- typ [~quassel@unaffiliated/typ] has quit [Read error: Connection reset by peer]
02:25 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
02:29 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
02:29 -!- mode/#openvpn [+o plaisthos] by ChanServ
02:30 -!- typ [~quassel@unaffiliated/typ] has quit [Remote host closed the connection]
02:44 < yang> hojgaard: there is a plugin "6to4" for mozilla
02:44 < yang> you can select there which protocol the browser will use for browsing
02:45 < yang> by default it browses v4+v6
02:55 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
02:55 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:55 -!- badon_ is now known as badon
02:58 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Excess Flood]
02:58 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
02:58 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:59 < hojgaard> yang - cool i will try it out..
03:00 < hojgaard> yang, cant seem to find it..
03:10 < yang> https://addons.mozilla.org/en-US/firefox/
03:10 <@vpnHelper> Title: Add-ons for Firefox (at addons.mozilla.org)
03:11 < yang> https://addons.mozilla.org/en-US/firefox/addon/ipv4-to-ipv6-converter/?src=search
03:11 <@vpnHelper> Title: IPv4 to IPv6 Converter :: Add-ons for Firefox (at addons.mozilla.org)
03:19 < hojgaard> yang, sorry, but you cant disable ipv4 with that plugin..
03:22 < yang> maybe look for some other plugin that does that...
03:22 < hojgaard> I dont think it exists
03:25 -!- jnz [~jnz@unaffiliated/jnz] has quit []
03:33 -!- hojgaard [~dh@2001:470:5349::1000] has quit [Ping timeout: 265 seconds]
03:48 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
03:48 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
03:51 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:57 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
04:05 -!- dazo_afk is now known as dazo
04:09 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
04:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
04:12 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
04:14 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:21 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
04:23 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
04:36 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:49 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:49 -!- ade_b [~Ade@redhat/adeb] has quit [Read error: Connection reset by peer]
05:05 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
05:08 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 252 seconds]
05:10 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
05:12 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
05:16 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 252 seconds]
05:18 -!- badon_ is now known as badon
05:20 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Quit: Lost terminal]
05:33 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
05:36 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Write error: Connection reset by peer]
05:36 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:43 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
05:43 -!- mode/#openvpn [+o plaisthos] by ChanServ
05:51 -!- `hypermist` is now known as sleepypc
05:55 -!- sleepypc is now known as `hypermist`
06:01 -!- s7eele [~s7eele@108.59.12.84] has quit [Ping timeout: 256 seconds]
06:08 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:10 -!- `hypermist` is now known as hyperbot
06:10 -!- hyperbot is now known as `hypermist`
06:11 -!- `hypermist` is now known as `hyperbot`
06:16 -!- `hyperbot` is now known as `hypermist`
06:39 -!- _Cyclone_ [~Cyclone@66.129.241.12] has joined #openvpn
06:41 -!- oddroot [~oddroot@S0106525400a1452c.ok.shawcable.net] has quit [Ping timeout: 272 seconds]
06:42 -!- mntmn [~mntmn@p5DDB9915.dip0.t-ipconnect.de] has joined #openvpn
06:44 < mntmn> hi, quick noob question: if a windows application vendor ships a modified openvpn tap driver with all copyrights+gpl removed, isnt that a gpl violation?
06:46 < pekster> Yup. The user performing the software install needs to be presented with the license, and by its nature an offer to get the source code should the user be so inclined. Do verify that it's the openvpn windows tap driver as a base though (in theory it could be a re-write, although I think that's rather unlikely)
06:47 < mntmn> pekster: it is 100% the openvpn-tap driver. the product is hotspot shield
06:48  * pekster pokes mattock ^. Is there a gpl violations address for copyright issues?
06:48 < mntmn> it even writes an openvpn.log file ;)
06:49 < pekster> Presumably it's using openvpn then too, not just the tap driver
06:49 < mntmn> yeah
06:49 < mntmn> it has files like openvpn_hssst.cfg
07:03 < pekster> Yup, complete gpl violation. Their "terms" they link during install assert that they are the copyright holders and grant the user no use of the software outside of their terms
07:06 < mntmn> pekster: thanks for checking. what would you suggest for reporting this?
07:08 < pekster> See what direction mattock can point you in (it might be something the copyright holders can deal with just knowing the vendor name/prodcut.) Feel free to drop him a memoserv note too, if you'd prefer
07:09 < pekster> I think that's all they'll need, and thanks for the report at any rate (much of it we don't know until people point it out)
07:10 < pekster> It's a bit sad too, because presumably openvpn is a decent tool for some of these goals, and nothing is wrong with selling a service that uses openvpn provided the license is properly followed :\
07:19 -!- cagedwisdom [~X@124-148-47-81.dyn.iinet.net.au] has joined #openvpn
07:21 < cagedwisdom> !welcome
07:21 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
07:21 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
07:27 -!- EXetoC [~exe@109-124-185-221.customer.t3.se] has joined #openvpn
07:27 < EXetoC> !welcome
07:27 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
07:27 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
07:28 < EXetoC> !goal
07:28 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
07:44 -!- `hypermist` is now known as sleepypc
07:52 < cagedwisdom> !goal I would like to access the internet over my vpn
07:54 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:01 -!- s7eele [~s7eele@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
08:03 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:05 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Quit: Exiting]
08:05 -!- s7eele [~s7eele@ip184-190-212-250.lf.br.cox.net] has quit [Quit: Bye]
08:06 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
08:09 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
08:10 < kill_switch> how can I know which TLS-cipher suit is being used by openvpn connection right?
08:10 < kill_switch> or can i find out tls-cipher from key itself?
08:13 < leo2007> kill_switch: check the log
08:14 < kill_switch> how to?
08:15 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Quit: Leaving]
08:16 -!- cagedwisdom [~X@124-148-47-81.dyn.iinet.net.au] has quit [Remote host closed the connection]
08:28 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
08:28 < kill_switch> leo2007, command?
08:32 < rob0> Sit!
08:32 < kill_switch> ?
08:43 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Quit: Leaving]
08:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
08:52 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
08:53 < kill_switch> how can I find out which tls-cipher algo is being used by my OpenVPN connection?
08:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:58 < EXetoC> I could access content that was only for people in certain countries on my stationary computer using vpn, but it just doesn't work for me on my laptop using wifi. it's very odd because the tunnel is being used according to whatismyip.com for example
09:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 248 seconds]
09:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:16 < kill_switch> hey how to find out which TLS-cipher suite is being used by current openvpn connection?
09:18 <@plaisthos> look in the log
09:19 <@plaisthos> there is something liek control connection establish with cipher ...
09:19 < EXetoC> maybe something else is wrong. I'll check some other things
09:20 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
09:30 < kill_switch> plaisthos, ok
09:30 < kill_switch> how do I watch those logs?
09:40 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:40 <@plaisthos> !logs
09:40 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
09:41 <@plaisthos> !logfile
09:41 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
09:41 <@plaisthos> kill_switch: see that
09:42 < kill_switch> how do I find out which cipher suites are supported by Openvpn client?
09:43 <@plaisthos> !tls-cipher
09:43 <@vpnHelper> "tls-cipher" is (#1) http://sourceforge.net/mailarchive/forum.php?thread_name=48B01B33.6030806%40usa.net&forum_name=openvpn-users or (#2) To prevent the use of export ciphers or other insecure ciphers use tls-cipher DEFAULT:!EXP:!PSK:!SRP:!kRSA
09:43 <@plaisthos> hm
09:44 <@plaisthos> openssl ciphers DEFAULT should work
09:44 <@plaisthos> or iirc there is also an openvpn option to list ciphers
09:52 <@plaisthos> kill_switch if you want a secure configuation use the tls-cipher  DEFAULT:!EXP:!PSK:!SRP:!kRSA
09:52 <@plaisthos> configuration
09:52 <@plaisthos> (which will be default on 2.4+)
09:54 < kill_switch> plaisthos, but what is default tls-cipher?
09:57 < kill_switch> plaisthos, so it is always good to mentioned the tls-cipher
09:57 < kill_switch> :)
09:59 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
10:04 <@plaisthos> kill_switch: in 2.3 the default tls-cipher is DEFAULT
10:06 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 265 seconds]
10:06 < kill_switch> plaisthos, what is that cipher?
10:06 < kill_switch> TLS_RSA?
10:06 < kill_switch> TLS_DHE?
10:06 <@plaisthos> kill_switch: ?!
10:07 < kill_switch> I am talking about exactly tls-cipher suite
10:07 < kill_switch> being used
10:07 <@plaisthos> kill_switch: check the log
10:07 < kill_switch> where in logs?
10:07 < kill_switch> kindly give me commands?
10:08 <@plaisthos> example log entry Mar 31 16:39:47 hermes ovpn-hd[1461]: mediacenter/79.205.152.219:40837 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA
10:38 -!- kexmex [~kexmex@80.64.90.167] has joined #openvpn
10:42 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
10:42 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Client Quit]
10:42 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
10:43 < shootbird> hey guys
10:43 < shootbird> getting unroutable control packets...both systems running ntp, so time is good
10:43 < shootbird> any suggestions on how to trouble shoot?
10:43 < shootbird> I can ssh to box just fine, do other services/etc...but for whatever reason openvpn keeps choking w/unroutable control packet
10:44 -!- u0m3 [~u0m3@92.80.82.3] has joined #openvpn
10:44 < shootbird> server is a VPS, not that it should/would matter
10:45 -!- kexmex [~kexmex@80.64.90.167] has quit [Quit: Computer has gone to sleep.]
10:57 < shootbird> looks like i found the issue
10:57 < shootbird> keepalive 1 3 was way too aggressive
10:57 < shootbird> would make sense I guess :)
10:59 -!- mntmn [~mntmn@p5DDB9915.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
11:16 <+esde> https://www.schneier.com/blog/archives/2015/03/australia_outla.html
11:16 <@vpnHelper> Title: Schneier on Security: Australia Outlaws Warrant Canaries (at www.schneier.com)
11:18 -!- u0m3 [~u0m3@92.80.82.3] has quit [Quit: Leaving]
11:19 < kill_switch> vpnHelper, can we use ECDHE with OpenVPN at all?
11:21 <+esde> !bot
11:21 <@vpnHelper> "bot" is I'm a bot.. just a bot. krzee and ecrist are my maintainers, and I haven't said anything, if you'd notice, the person who spoke just before me gave a !command to make me speak :P
11:22 <@dazo> kill_switch: ECDHE is only partly supported ... don't recall the details, but IIRC, EC related ciphers requires some OpenVPN code adaptations ... but I believe EC certificates can work
11:22 <@dazo> (so you can get EC on the control channel, where the encryption key for the data channel is exchanged)
11:23 <@dazo> (data channel == network traffic passing inside the VPN tunnel ... control channel == communication only between openvpn server/client)
11:27 < kill_switch> dazo, someone told me that use of ECDHE with Brain pools require OpenSSL 1.0.2 which not there in any Latest distro like Ubuntu 14 or Fedora 22
11:29 -!- EXetoC [~exe@109-124-185-221.customer.t3.se] has quit [Quit: WeeChat 1.1.1]
11:29 < kill_switch> dazo, I asked only because many of the VPN providers are supporting ECDHE ECDSA
11:29 < kill_switch> https://www.privateinternetaccess.com/pages/vpn-encryption#ephemeral_keys
11:30 <@vpnHelper> Title: VPN Encryption (at www.privateinternetaccess.com)
11:30 < kill_switch> but openvpn official page says it is not supported at all
11:41 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
11:41 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
11:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
12:06 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:11 <@plaisthos> kill_switch: yes
12:11 <@plaisthos> kill_switch: PIA has an alternative patch in their openvpn that enables TLS 1.2
12:14 <@plaisthos> and certificates that have ec enabled
12:18 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Quit: jthunder]
12:19 < kill_switch> plaisthos, ok so I use a VPN that support ECDHE and DHE both, but since OpenVPN natively don't support ECDHE, it would got pick the next best thing right? the best in DHE? that would be TLS-DHE-RSA-WITH-AES-256-GCM-SHA384?
12:20 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 250 seconds]
12:21 -!- kexmex [~kexmex@80.64.90.167] has joined #openvpn
12:22 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Remote host closed the connection]
12:24 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
12:25 < kill_switch> roentgen, hey
12:29 < roentgen> kill_switch: hi
12:30 < kill_switch> ok so I use a VPN that support ECDHE and DHE both, but since OpenVPN natively don't support ECDHE, it would go pick the next best thing right? the best in DHE? that would be TLS-DHE-RSA-WITH-AES-256-GCM-SHA384?
12:33 -!- kexmex [~kexmex@80.64.90.167] has quit [Quit: Computer has gone to sleep.]
12:34 <@plaisthos> kill_switch: openvpn 2.4+ has the same support
12:34 <@plaisthos> kill_switch: openvpn will automatically negioate the best cipher for the control channel
12:35 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
12:35 < kill_switch> so no ECDHE as of now? plaisthos
12:36 < kill_switch> plaisthos, so I need to get 2.3.6 from the repo since I have 2.3.2 from Ubuntu repo
13:04 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:19 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
13:19 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:19 -!- badon_ is now known as badon
13:24 -!- Denial [~Denial@81.141.23.87] has joined #openvpn
13:26 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 255 seconds]
13:43 < pekster> kill_switch: for security info see:
13:43 < pekster> !hardening
13:43 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
13:45 < kill_switch> pekster, I know I saw :0 thanks, do you suggest any VPN?
13:48 <@dazo> kill_switch: the 2.3.x releases doesn't have much new features ... 2.3 is the stable release which mostly gets bugfixes and minor improvements ... the current git master branch is what will become 2.4 in the future
13:48 <@dazo> having that said, there are some improvements in 2.3 in regards to the crypto layer, but not that big a difference
13:51 < kill_switch> dazo, but we need 2.3.3 for TLS 1.2
13:52 < kill_switch> and Ubuntu 14.04 is stuck at 2.3.2
13:52 < kill_switch> making it not usable with TLS 1.2 cipher suites
14:05 < pekster> Right. Building openvpn for a local system (or even a build for a site-wide distribution, shared via NFS or even tarballs into /usr/local) is pretty trivial
14:09 < kill_switch> I don't understand
14:09 < kill_switch> pekster, I am just saying I want 2.3.3+
14:09 < kill_switch> :p
14:09 < kill_switch> So that I get the benefits of TLS 1.2
14:12 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has quit [Remote host closed the connection]
14:13 < kill_switch> dazo, pekster plaisthos - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 is obviously better than TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
14:23 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 248 seconds]
14:35 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
14:39 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
14:47 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
14:50 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
14:56 -!- jthunder [~jthunder@70.28.245.42] has joined #openvpn
15:03 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
15:04 < linuxthefish> are there any known issues with openvpn and windows 7?
15:04 <@dazo> kill_switch: I wouldn't loose my nights sleep if it was between these two ciphers ... yes, one is better ... but unless you need to protect top-secret governmental or business secrets, you'll be safe anyhow
15:05 <@dazo> linuxthefish: I'm tempted to say one ... Windows7 is a big issue ..... but don't pay attention to me, I'm not a Windows user :)   But I have users on one of my VPNs with both Win7 and Win8
15:05 < linuxthefish> oh
15:05 < linuxthefish> i always seem to have problems with the route bits on windows :(
15:05 < rob0> One known issue: openvpn *never* works on Win7 if it's not configured properly.
15:05 <@dazo> ahh, routing is a mess ... first thing is to ensure the GUI is running with admin privileges
15:06 <@dazo> rob0++
15:06 <@plaisthos> kill_switch: yeah, so?
15:06 <@dazo> linuxthefish: I usually ensure both the shortcuts on desktop/start-menu have this hook marked saying "run as admin" ... and I also do the same for the executables
15:08 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
15:09 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
15:09 < kill_switch> plaisthos, I am just saying why won't Ubuntu/Debian let their user use good quality crypto then? TLS 1.2 is better any day, the most crypto we can use is better
15:10 <@plaisthos> kill_switch: your argument is nonsense
15:10 < kill_switch> why?
15:10 <@plaisthos> kill_switch: you are asking for newer software
15:10 < kill_switch> ya
15:10 < kill_switch> what is wrong?
15:11 <@plaisthos> and distributions provide new software with new releases
15:11 <@dazo> kill_switch: because upgrading to a newer SSL library can get really messy ... so distros stay as long as possible on what has been tested .... try to forcefully remove your openssl libs on your ubuntu box and install a newer version and see how nicely it'll explode
15:11 < kill_switch> if TLS 1.2 cipher suites won't work on older software, should I be deprived of it?
15:12 < kill_switch> I would add OpenVPN repo now
15:12 <@dazo> kill_switch: because upgrading to a newer openssl version brings in a lot more changes than just TLS 1.2 stuff
15:12 < kill_switch> just like I did for Tor
15:12 <@plaisthos> kill_switch: my software uses bleeding edge openssl and openvpn
15:12 < kill_switch> Tor is so outdated on these distros too
15:12 <@plaisthos> and there have been more than one breakage with older openvpn/openssl versions
15:13 <@dazo> latest and greatest isn't always the best .... the best tested releases are usually experienced as the best versions
15:13 <@plaisthos> e.g. the most recent upgrade brought this: https://code.google.com/p/ics-openvpn/wiki/FAQ#Connections_fails_with_SSL23_GET_SERVER_HELLO:sslv3_alert_handsh
15:13 <@vpnHelper> Title: FAQ - ics-openvpn - Openvpn for Android 4.0+ - Google Project Hosting (at code.google.com)
15:13 < linuxthefish> hi, why can't i ping 8.8.8.8 when connected to my openvpn server on windows 7? i'm running as admin....
15:13 < kill_switch> plaisthos, is there any openssl version requirement for TLS 1.2 to work? also does OpenVPN repo manage it?
15:14 <@dazo> !redirect
15:14 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
15:14 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
15:14 <@dazo> linuxthefish: ^^^
15:14 < linuxthefish> http://pastebin.com/raw.php?i=5WTiVASE is my server config, http://pastebin.com/raw.php?i=kMKf1pHg is my client config, http://pastebin.com/raw.php?i=nFxs1sQH is my server log and http://pastebin.com/raw.php?i=Zd4AMP34 is my client log
15:14 < linuxthefish> it works on other computers though :/
15:14 < linuxthefish> using the same config and server
15:14 <@plaisthos> kill_switch: iirc 1.0.1
15:14 <@dazo> linuxthefish: have a look at this one http://pekster.sdf.org/misc/redirect.png
15:14 <@plaisthos> kill_switch: not sure
15:14 < kill_switch> ok which is currrent stable version of OpenVPN client for GNU/Linux
15:15 < kill_switch> 2.3.6?
15:15 < linuxthefish> OpenVPN 2.2.1 x86_64-linux-gnu is what i'm using on linux
15:16 <@dazo> GNU/Linux is too vague ... you need to separate distros from upstream projects .... the latest one for the upstream openvpn project is 2.3.6 .... but distros may have an older version number, but with patches added which brings it closer to the latest upstream version
15:16 <@dazo> kill_switch: ^^
15:17 <@dazo> linuxthefish: I'd recommend you to upgrade to one of the later 2.3 releases (unless your distro have patched the 2.2 release) .... see !ovpnuke for more info
15:18 < linuxthefish> yeah it's the debian distro one
15:18 < linuxthefish> in secure
15:18 < linuxthefish> is there any way to see why opnvpn client on windows does not add the route things?
15:19 <@dazo> agi who maintain the debian releases are usually quite good at keeping it up-to-date
15:19 < kill_switch> dazo, ok, I would add your repo right away, I am tired of not being able to use what you develop, also I would like to know if we use TLS 1.2 cipher suite with 1024-bit key, how secure would it be?
15:20 <@dazo> linuxthefish: add 'verb 4' to the config file and look carefully for errors and warnings
15:20 <@dazo> in the log
15:21 < linuxthefish> ok thanks
15:21 < linuxthefish> is there any chance having a paid VPN solution that uses openvpn installed would break anything?
15:21 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Read error: Connection reset by peer]
15:22 <@dazo> linuxthefish: hard to say ... but usually not
15:22 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
15:23 -!- jthunder [~jthunder@70.28.245.42] has quit [Quit: jthunder]
15:24 <@dazo> linuxthefish: I just verified that openvpn 2.2.1-8+deb7u8 have the proper patch for ovpnuke included ... so you're safe in that regard
15:24 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
15:25 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
15:30 <@plaisthos> kill_switch: if you want to use what we develop you have to build openvpn from git anyway
15:31 <@plaisthos> and distros don't support that
15:41 -!- Denial [~Denial@81.141.23.87] has quit []
15:43 -!- Denial [~Denial@81.141.23.87] has joined #openvpn
15:53 -!- niseak [~niseak@162.222.47.218] has left #openvpn ["Leaving..."]
16:09 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
16:14 -!- Poster [~poster@cpe-74-140-100-29.swo.res.rr.com] has joined #openvpn
16:40 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
16:55 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has quit [Quit: Leaving.]
17:11 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Ping timeout: 252 seconds]
17:20 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
17:26 -!- swebb [~swebb@192.69.23.161] has quit [Quit: badcheese.com - where crap sometimes gets done]
17:30 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
18:04 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
18:13 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:14 -!- leo2007 [~leo2007@128.199.230.246] has quit [Ping timeout: 244 seconds]
18:18 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
18:22 -!- rich0__ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
18:44 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has quit [Ping timeout: 244 seconds]
18:53 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
19:01 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:20 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Remote host closed the connection]
19:26 -!- _Cyclone_ [~Cyclone@66.129.241.12] has quit [Ping timeout: 255 seconds]
19:29 -!- dazo is now known as dazo_afk
19:41 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
19:43 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
20:02 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:05 -!- sleepypc is now known as `hypermist`
20:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:14 < K1rk> Hey I'm looking to bounce some performance tuning ideas off somebody.
20:14 < K1rk> I am not sure what a sane value for OpenVPN MTU is?
20:15 < K1rk> Seems 1500 is default
20:15 < K1rk> Seems some people around the web suggest 6000 is a better value for performance
20:15 < K1rk> That kinda doesn't make sense to me because it's larger than the MTU on my LAN interface
20:15 < pekster> Right :P
20:15 < K1rk> I've got a somewhat mixed MTU network right nwo
20:16 < K1rk> And I'm getting really shitty performance from my 1500 MTU Windows boxes
20:16 < pekster> --mssfix is usually the first thing to look at
20:16 < K1rk> Most of my VPN clients are not Windows
20:16 < pekster> That's obviously only going to help for tcp traffic, but that tends to make up the majority of the bandwidth in modern applications
20:17 < K1rk> I suppose the best thing for me to do is to set up a test daemon
20:17 < K1rk> Test with different MTU and settings
20:17 < K1rk> See what I can do
20:17 < pekster> There's --mtu-test too
20:17 < K1rk> Unfortunately all my VPN daemons right now have multiple clients connected and I don't wanna be messing with settings too much for testing atm
20:17 < pekster> That'll test various sizes and attempt to determine the largest unfragment packet that can be sent across your link; keep in mind BGP and other routing changes (even hardware situations) can possibly change your pMTU at any point
20:18 < pekster> Yea, so you have a couple of options. First is figure out what the largest "reasonably expected" MTU is, taking into account the lower end of the majority of your user-base
20:18 < redpill> K1rk: you can find MTU with ping as well
20:18 < pekster> The other would be to run a couple of openvpn instances, one with a more typical MTU, and another with a much-reduced MTU (again, usually leveraging --mssfix and --fragment
20:18 < K1rk> On the Linux box I am sitting at right now, the MTU is 6000 on both sides of the tunnel
20:19 < K1rk> My 12/5 connection is testing around 6/3 speed over this link
20:19 < pekster> both sides != all the routers between each side
20:19 < pekster> Unless you KNOW every single router betwen point A & B supports an MTU of 6k, don't even think about telling openvpn to use that
20:19 < pekster> Try standard traceroute tools (mtr is pretty helpful, or a simple tracepath/traceroute if you give it the right options. Sure, ping to, with f.eg. '-M do' in the Linux ping)
20:20 < pekster> too*
20:20 < redpill> ping -M do -s 1500 iirc
20:20  * redpill is a bit late to the party
20:21 < K1rk> ping: local error: Message too long, mtu=1500
20:21 < pekster> Except an MTU won't account for your Ethernet/IP headers
20:21 < pekster> RIght
20:21 < pekster> 1472 is more common, if your MTU is 1500
20:21 < K1rk> That works
20:21 < K1rk> So my MTU of 6000 is stupid, all the packets are fragmenting
20:21 < pekster> So you very obviously do _not_ have a pMTU of 6k
20:21 < pekster> Right
20:21 < K1rk> haha
20:21 < K1rk> Thanks Internet
20:21 < pekster> And worse, if 4 of those packets make it, but the 5th gets lost, openvpn has to re-send ALL 5
20:22 < K1rk> Hmm
20:22 < K1rk> I am currently dealing with an issue where I am trying to do a site-to-site bridge
20:22 < K1rk> like
20:22 < K1rk> VPN Client -> VPN Server -> Other VPN Client
20:22 < K1rk> I am getting performance of only around 500kbit/sec
20:22 < pekster> Ugh. Rule #1 is don't bridge unless you actually need to send *non* IP traffic between your endpoints
20:22 < K1rk> Where the link should be capable of a bunch more
20:22 < pekster> !tunortap
20:22 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
20:22 <@vpnHelper> rooted/jailbroken) support only tun
20:22 < pekster> !whybridge
20:22 <@vpnHelper> "whybridge" is (#1) you only bridge if you want layer2 to the lan. if you want layer2 only between vpn nodes then routed tap is enough. if you only want layer3 use tun. or (#2) See this URL for a more in-depth discussion on bridging vs routing: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting or (#3) See also !tunortap
20:22 < pekster> ^ that's all useful information
20:23 < K1rk> OK so I am misusing the word bridge.
20:23 < K1rk> I apologize
20:23 < K1rk> What I mean to say is
20:23 < K1rk> I want to bring a local IP from one network to another
20:23 < K1rk> I am achieving this by an IP Alias, an iptables forward over VPN
20:23 < pekster> Just a NAT rule into RFC1918 space? Sure, that's possible
20:23 < pekster> The only catch there is that the return-route needs to match
20:24 < K1rk> Return route is fine because I am masquerading
20:24 < pekster> Make sure you don't accidently set up "triangle routing"
20:24 < pekster> Not if your default route is via the far end's ISP when the arriving packet comes via the VPN
20:24 < K1rk> What I am ending up with is a decent link with 0% packet loss
20:24 < K1rk> Around 200-250ms RTT
20:24 < K1rk> Yet with 12M down on this end, 20M up on the other end, I am getting 500kbit/sec throughput
20:25 < K1rk> I don't expect a full 12M
20:25 < K1rk> But it would be nice to have 1 or 2 meg
20:25 < pekster> If you're using a 6k mtu, that could be a big part of that
20:25 < K1rk> I am realizing my Windows daemon may be mtu mismatched
20:26 < K1rk> Because I think the server is set to 6000
20:26 < pekster> That, or tcp as a transport in the face of any of packet-loss, latency, or jitter
20:26 < K1rk> But the clients are probably doing 1500 because windows
20:27 < K1rk> Yea the MTU is 6000 on that tun interface on the server.
20:27 < pekster> Failing those obivous problems, check for the usual bottlenecks: CPU core usage or "system" processor time (sometimes indicated when context switching is the issue, often with too-low kernel ticks)
20:27 < K1rk> I doubt Windows is really doing a 6000 MTU interface on its end
20:27 < pekster> 6k mtu on tun? Yea, that's insane
20:27 < K1rk> The Windows boxes are on a dual QC Xeon box
20:27 < pekster> And obviously broken for you
20:27 < pekster> (you can't even send a 1538-byte packet, so 6k is nuts)
20:28 < pekster> 1528* (not that anyone cares)
20:29 < K1rk> Heh the MTU is 1500 on my VPN server eth0
20:29 < pekster> Right, but to ping's -s param you need to subtracted the Ethernet and ICMPv4 overheads (20 and 8 bytes, respectively, 22 bytes for 802.1Q)
20:29  * pekster sighs. 18 and 8.
20:29 < pekster> Another beer will make my math better. I swear!
20:30 < K1rk> Yea
20:30 < K1rk> And I am doing this over a somewhat high latency link as obvious by the 250ms RTT around the ring
20:30 < K1rk> It's about 100-150ms between each client and the server
20:30 < K1rk> Trying to go from client to client is double
20:30 < K1rk> For obvious reasons
20:31 < K1rk> Could definitely see some packet loss and jitter over a long latency link like this
20:31 < K1rk> I was not aware of the retransmission behavior you're describing
20:31 < K1rk> That may very well be part of the issue
20:31 -!- Latrina [~Latrina@ppp-203-12.26-151.libero.it] has quit [Ping timeout: 252 seconds]
20:31 < K1rk> 1 packet gets dropped and so 6 are retransmitted
20:31 < pekster> Be sure you run with --verb 4 as you could be running into --replay-window issues
20:31 < pekster> If you are, tune your openvpn window limits based on the dropped packet offets you get in the logs
20:32 < pekster> (you need that when the product of bandwidth * lattency is high, relatively speaking)
20:32 -!- Latrina [~Latrina@ppp-174-25.26-151.libero.it] has joined #openvpn
20:32 < K1rk> Oh how I wish I didn't have this MTU value manually set in a bunch of remote client files
20:33 < pekster> Gotta match MTU, and you can't exceed the pMTU you actual path has (or if you do and rely on IP fragmentation to save you, performance will suck)
20:35 < K1rk> That makes sense I am going to try some benching right now
20:36 < K1rk> So right now with my 6000 MTU
20:36 < K1rk> I am getting about 1.05Mbit/sec over Iperf
20:36 < K1rk> That is very poor for my 12 meg link.
20:37 < K1rk> Surprisingly I am getting better performance on TCP iperf than UDP iperf
20:37 < pekster> 6k is silly if you can't ping the endpoints (the IP the VPN traffic uses) is 1500 bytes. 1500 mtu on the physical link (and presumably the pMTU, although things like PPPoE reduce that further) means you only have a (1500-20-8, or 1472 byte) payload in UDP packets
20:38 < K1rk> [ ID] Interval       Transfer     Bandwidth        Jitter   Lost/Total Datagrams
20:38 < K1rk> [  3]  0.0-10.0 sec  11.8 MBytes  9.90 Mbits/sec   1.026 ms   79/ 8504 (0.93%)
20:38 < K1rk> Definitely seeing some loss
20:38 < K1rk> Probably wasted bandwidth, like you said.
20:39 < pekster> assuming zero openvpn overhead (obviously false, but nevermind that right now) and 0% compression, 6000/1474 ~ 4.07. 5 packets, the 5th of which is mostly empty. For every 6k "packet" you send
20:39 < pekster> "maybe" compression squishes that into 4 packets, after overhead, but that's largely misconfigured either way
20:41 < K1rk> I'm thinking about turning off comp-loz
20:41 < K1rk> *lzo
20:41 < K1rk> Wondering if that may be causing performance degradation as well
20:43 < pekster> It can, if the CPU is maxed out and bandwidth isn't
20:44 < pekster> The reverse is true too; if bandwidth is pegged but CPU is available (again, remember openvpn is only single-threaded) compression can help overall throughput
20:51 -!- cagedwisdom [~X@124-148-47-81.dyn.iinet.net.au] has joined #openvpn
20:54 < K1rk> I do feel like I'm getting better performance since fixing my MTU
20:54 < K1rk> Still not quite getting the speed I want to see though
20:56 < cagedwisdom> my openvpn-install (https://github.com/Nyr/openvpn-install) isn't working. i think it's a routing issue. ive pasted my before and after route on my client here http://pastebin.com/xHHEufgu
20:56 <@vpnHelper> Title: Nyr/openvpn-install · GitHub (at github.com)
20:56 < pekster> route is so 10 years ago on Linux. Try iproute2 ;)
20:57 < pekster> At any route you've obviously got the two /1 routes, presumably set via --redirect-gateway
20:58 < pekster> What exactly "isn't working"? What's your !goal, expected results, !configs, and the actual results?
20:58 < pekster> !new
20:58 <@vpnHelper> "new" is (#1) New here? Start by reading the /TOPIC and looking at basic info in !welcome, !ask, and !howto or (#2) You can type each of the !commands in this chat and our bot will provide useful references and info or (#3) you can see the full factoids list at !factoids or (#4) Also new to IRC? Here's an intro: http://catb.org/~esr/faqs/smart-questions.html#intro
20:58 < cagedwisdom> my goal: have all my internet go through my vpn server, expected results: not go through my regular isp
20:59 < pekster> Besides the mandatory /32 via the pre-existing uplink, plus your link-local, and RFC1918 space (a /16 for "docker0" 65,536 IPs? Okay..) that's what you have
20:59 < cagedwisdom> actual results: when the openvpn client is active, my network doesnt work, config is what Nyr/openvpn-install configures
20:59 < pekster> That's not an answer, and you didn't even read the material linked
20:59 < pekster> !configs
20:59 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
21:00 < pekster> cagedwisdom: Also, see the rather helpful flowcharts here: they tend to solve many problems:
21:00 < pekster> !redirect
21:00 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
21:00 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
21:00 < cagedwisdom> this is my config: http://pastebin.com/wdiJzV4u
21:01 < pekster> That's one of your configs. It seems to be in order, although be careful pushing arbitrary DNS servers until you've verified the client can reach them with the VPN up
21:02 < cagedwisdom> here is the other:http://pastebin.com/BV3jZp9E
21:02 < pekster> Where in the flowchart do things break down?
21:02 < cagedwisdom> testing 1 sec
21:04 < pekster> You've provided 2 server configs
21:04 < pekster> Obviously that doesn't work as two endpoints
21:04 < pekster> --server creates an OpenVPN server that can allow multiple clients to connect
21:04 < cagedwisdom> oh yeah I used another auto generator that also didn't work
21:05 < pekster> Apparently
21:05 < pekster> !howto
21:05 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
21:05 < cagedwisdom> which one should I remove? does openvpn use any .conf file?
21:05 < pekster> "remove"? If you're configuring a server+client pair, you can't configure both of them as servers
21:05 < pekster> It's like inviting two speakers to a conference, but no audience
21:06 < cagedwisdom> okay, so I have a server.conf and an openvpn.conf in my /etc/openvpn directory
21:06 < cagedwisdom> maybe i should delete both and try to run that script again?
21:06 < pekster> No clue
21:07 < pekster> I don't use "magic make my configs go" programs, so I'm unlikely to be of help suggesting remidies when they break
21:07 < pekster> The howto (linked above) is a good resource, along with the manpage (!man) to create your own configs, though
21:08 < cagedwisdom> ok, thanks for your help.
21:08 < cagedwisdom> i'll try my lazy man's way one more time and if i can't make it work I will try to use my brain and ask an informed question.
21:08 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has joined #openvpn
21:08 < {Civil}> Hey
21:10 < {Civil}> Been having issues with routing all data through openVPN for servers on the same LAN, WAN works 100%, but we have a webserver on the same LAN as the OpenVPN server and I need to either have the requests to the webserver come thru as the OpenVPN LAN IP or the OpenVPN WAN IP. Does anyone know anything on this? I've been running around in circles for a few weeks now trying to get this figured out it seems.
21:12 < pekster> That's not going to work due to how your 'local' routing table (for link-local destinations) work
21:12 < pekster> Try segregating your LAN into more than one network, where you have control across routing borders
21:12 < pekster> Or some split-DNS by which you send traffic to a gateway that can do whatever filtering/etc you need
21:13 < pekster> If this is Linux, try looking at your complete routing table to see what's going on with your local table, by doing this: ip route show table all
21:13 < pekster> That, and: ip route get <target_ip>   # tends to be useful
21:14 < {Civil}> Thanks, been fiddling with this for weeks it seems
21:16 < pekster> local routing tables are always consulted first
21:16 < pekster> You can show that (again, assuming Linux) with: ip rule show
21:16 < pekster> Rules define how to look up the various routing tables, and the way routes work is the "first" matching entry wins
21:17 < pekster> If any of that is news, a review of routing concepts might help a bit too
21:18 < K1rk> I have a lot more work to do, I am able to pull down 30Mbps from this server raw on my other link, but over VPN I am only getting 800KB/s from the server
21:18 < pekster> A laundry-list of places to look can also include this:
21:18 < pekster> !speed
21:18 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
21:18 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or (#9)
21:18 <@vpnHelper> a user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
21:19 < K1rk> So commenting out comp-lzo doesn't turn off compression huh?
21:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
21:19 < {Civil}> VPN server = linux and I'm also running linux, has proven to allow... better... debugging
21:19 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:19 < pekster> Nah,
21:19 < pekster> !bestos
21:19 <@vpnHelper> "bestos" is the best os for openvpn is the one you are most comfortable with
21:20 < K1rk> atm I'm testing with Linux on both sides anyways.  I am most comfortable with it.
21:20 -!- cagedwisdom [~X@124-148-47-81.dyn.iinet.net.au] has quit [Ping timeout: 246 seconds]
21:20 < pekster> K1rk: Nope. See --comp-lzo in the manpage. You'll need `--comp-lzo no` to remove it
21:23 < K1rk> wow
21:23 < K1rk> Setting txqueuelen to 200 seemed to make things 5 times worse.
21:23 < K1rk> heh
21:23 < K1rk> Now only getting like 100KB/s through the link
21:25 < K1rk> holy shit
21:25 < K1rk> Comp-lzo no
21:25 < K1rk> Getting 20Mbps now
21:26 < pekster> My personal recommendation is to set some --comp-lzo setting on clients, because then you can push it from the server and vary it (even per-client, if you have the need)
21:26 < pekster> Without any setting on the client, it won't be accepted when pushed (at least last I checked)
21:27 < K1rk> Can you mismatch?
21:27 < K1rk> I would assume comp-lzo would be required system wide on or off
21:28 < pekster> You shouldn't have settings different between peers, but that's the magic of pushing it from the server (they'll always match so long as the client takes it)
21:39 -!- cagedwisdom [~X@124-148-47-81.dyn.iinet.net.au] has joined #openvpn
21:42 -!- `hypermist` is now known as sleepypc
21:44 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
21:46 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
21:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
21:49 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
21:49 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 265 seconds]
22:02 -!- kexmex [~kexmex@80.64.90.167] has joined #openvpn
22:09 < K1rk> pekster, I am working on fixing my MTU on all my clients and disabling comp-lzo
22:09 < K1rk> Way better performance across the board
22:09 < K1rk> I previously could not watch Twitch.TV streams over the VPN link at all
22:09 < K1rk> Without setting to Medium or (sometimes) High would work
22:09 < K1rk> Now I can watch "source" quality 5-7Mb streams without buffering over VPN
22:09 < K1rk> This is working beautifully
22:30 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
22:33 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
22:34 -!- rich0__ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 248 seconds]
22:35 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
22:53 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:07 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
23:08 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
23:08 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
23:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
23:19 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
23:20 < kill_switch> I would like to know if we use TLS 1.2 cipher suite with 1024-bit key, how secure would it be?
23:44 -!- ShadniX [dagger@p5481D085.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:44 -!- ShadniX_ [dagger@p5DDFD6ED.dip0.t-ipconnect.de] has joined #openvpn
23:44 -!- ShadniX_ is now known as ShadniX
23:45 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
23:45 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
23:45 -!- badon_ is now known as badon
23:46 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
23:49 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
--- Day changed Wed Apr 01 2015
00:03 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
00:15 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 272 seconds]
00:23 -!- cagedwisdom [~X@124-148-47-81.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
00:30 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:30 -!- mode/#openvpn [+o mattock] by ChanServ
00:35 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 272 seconds]
00:41 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
00:50 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
00:52 -!- kexmex [~kexmex@80.64.90.167] has quit [Quit: Computer has gone to sleep.]
01:06 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:18 -!- sleepypc is now known as `hypermist`
01:47 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
01:49 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
01:53 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
01:57 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
02:38 -!- `hypermist` is now known as sleepypc
02:47 -!- sleepypc is now known as `hypermist`
03:06 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
03:11 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
03:11 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
03:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:37 -!- `hypermist` is now known as sleepypc
03:46 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 265 seconds]
03:55 -!- Henryabcd [~Henryabcd@p4FC42DD6.dip0.t-ipconnect.de] has joined #openvpn
03:58 -!- sleepypc is now known as `hypermist`
04:02 -!- catphish [~catphish@unaffiliated/catphish] has joined #openvpn
04:02 -!- catphish [~catphish@unaffiliated/catphish] has left #openvpn ["Leaving"]
04:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
04:30 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
04:30 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
04:33 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:33 -!- mode/#openvpn [+o mattock] by ChanServ
04:39 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
04:42 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
04:45 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has quit [Quit: {Civil}]
04:45 -!- Henryabcd [~Henryabcd@p4FC42DD6.dip0.t-ipconnect.de] has quit [Quit: Leaving]
04:57 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:29 -!- kexmex [~kexmex@80.64.90.167] has joined #openvpn
05:31 -!- kexmex [~kexmex@80.64.90.167] has quit [Client Quit]
05:57 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
06:05 -!- dazo_afk is now known as dazo
06:06 -!- kexmex [~kexmex@80.64.90.167] has joined #openvpn
06:10 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:24 -!- kexmex [~kexmex@80.64.90.167] has quit [Quit: Computer has gone to sleep.]
06:43 < awk> Hi, please can somebody check this and advise... http://pastebin.com/3qj3tmtN
06:46 <@dazo> kill_switch: that entirely depends on the cipher you use ... is it an EC based cipher, it is darn strong ... if it's an RSA based cipher, it's not much strong at all
06:47 < rob0> awk, you have a router at home and a VPS in France, and you want traffic which comes to the VPS to pass through VPN to the router, is that right so far?
06:47 < rob0> Basically you want to have that France IP address as if it's your home router's address?
06:48 < kill_switch> dazo, if I use the best TLS 1.2 that is supported which aint EC then? like TLS-DHE-RSA-AES256-GCM-SHA384
06:49 <@dazo> kill_switch: to my knowledge, that's an RSA based cipher
06:49 < kill_switch> dazo, but EC is not support!
06:49 < kill_switch> in OpenVPN
06:49 <@dazo> right, but that was not your question ... it was if a 1024 bits key was strong enough
06:50 < kill_switch> so it could only be strong if we use ECDHE-ECDSA?
06:51 < kill_switch> or could be considered strong even for 1 more year?
06:52 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Quit: Leaving]
06:52 <@dazo> kill_switch: basically all CA providers these days have told their customers to re-issue all their certificates from those signed with an 1024 bit RSA key ... and Google Chrome will start complaining when you visit sites using a weak RSA key (1024 bit)
06:52 <@dazo> To understand why EC is better .... http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
06:52 <@vpnHelper> Title: A (relatively easy to understand) primer on elliptic curve cryptography | Ars Technica (at arstechnica.com)
06:53 < Thermi> dazo: EC is not better per se
06:53 < Thermi> It depends highly on the curve that is used
06:53 <@dazo> Thermi: that's right
06:53 < Thermi> The official standard curve in use in ECDSA is basicly already broken.
06:53 <@dazo> Thermi: with the right curve, EC is much stronger than RSA, with far smaller keys
06:56 -!- soLucien [~Lu@178.62.252.248] has quit [Read error: Connection reset by peer]
06:59 < awk> rob0: no, the router is in a DC ... the router also houses a 192.168.0.0 range... I want the box in France to go through the OpenVPN tunnel to the Router 10.10.10.10 and then i'll add a forward on the router to 192.168.0.X ... my problem is how do I send the traffic to 192.168.0.0 up tun0 specificly to hit 10.10.10.10 which will then do a forward to 192.168.0.X ?
07:01 < awk> i've tried iptables -t nat -A PREROUTING -i tun0 -d 192.168.0.1 -j DNAT --to 10.10.10.10   ... ive also tried ip route add 192.168.0.1 dev tun0 .. but that won't inform all traffic to 192.168.0.1 to go to 10.10.10.10
07:04 < awk> I can easily do this if the router was hosting the openvpn enviroment and the clients where connecting to it... then I can just do an ip route add 192.168.0.0/24 via tun0 gateway and then do the forward on the router... my problem is getting my head around sending it up to the openvpn client and forward it from there
07:06 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
07:08 -!- apollo2k is now known as aPollO2k
07:20 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
07:22 -!- `hypermist` is now known as sleepypc
07:25 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Quit: Leaving]
07:26 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
07:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
07:33 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:36 < awk> anyone?
07:38 -!- s7eele [~s7eele@108.59.12.84] has joined #openvpn
07:41 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
07:50 < kill_switch> sup awk
07:50 < kill_switch> dazo, thanks for your reply
07:51 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
07:51 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
08:00 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:01 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
08:08 -!- Billy2 [~nwnkirc@pool-98-110-181-240.bstnma.fios.verizon.net] has joined #openvpn
08:10 < Billy2> quick question.. i have OpenVPN connect installed on my Windows 8 machine and successfully have it connected to one AS, now I have another AS I would like to load the profile for but can't find a way to do it in this client. If I connect using the browser it brings up that download page and says it will connect after installation completed which doesn't happen since it's already installed.
08:17 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
08:28 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
08:32 <+esde> !as
08:32 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
08:38 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
08:55 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
08:59 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
09:04 -!- hojgaard [~dh@78.156.117.236] has quit [Remote host closed the connection]
09:24 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
09:37 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has joined #openvpn
09:40 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 264 seconds]
09:41 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
09:47 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 244 seconds]
09:50 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
09:54 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: "Buzzinga"]
10:03 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:18 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
10:43 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
10:53 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
10:55 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
10:55 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
10:58 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:02 -!- filenox [~filenox@95.130.40.188] has joined #openvpn
11:04 -!- soLucien [~Lu@178.62.252.248] has quit [Quit: Leaving]
11:06 < filenox> is there a way to show all active tunnels for all interfaces on the server?
11:16 <@plaisthos> !status
11:16 <@vpnHelper> "status" is (#1) You can use the --status directive to write to a status file to show the list of currently connected clients. This list can be sent to stdout (or your defined !log mechanism) with a USR2 signal as well. or (#2) See also !management
11:32 -!- rika is now known as oqritwq
11:32 -!- oqritwq is now known as rika
11:35 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
11:38 -!- filenox [~filenox@95.130.40.188] has quit [Remote host closed the connection]
11:38 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has quit [Ping timeout: 256 seconds]
11:42 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
11:43 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
11:44 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:44 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 256 seconds]
11:45 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
12:04 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
12:09 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
12:13 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:21 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
12:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
12:44 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
13:01 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:05 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
13:43 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has joined #openvpn
13:43 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
13:44 -!- rich0_ is now known as rich0
13:46 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 272 seconds]
13:55 -!- plasma [plasma@antiquos.technopagans.com] has joined #openvpn
13:55 < plasma> hi
14:05 < redpill> high
14:36 -!- techevo [~techevo@178.32.57.190] has joined #openvpn
14:42 -!- tetsuo95 [~funyun@108.61.228.62] has joined #openvpn
14:43 < tetsuo95> if i set up a vpn on a vps and use the vpn to route all of my home traffic to, does the vps provider see my traffic? or is that encrypted?
14:43 -!- jivedude [~jivedude@c-75-67-255-157.hsd1.nh.comcast.net] has joined #openvpn
14:45 < rob0> In theory that might be possible, depends.
14:46 < rob0> If you know you can trust the openvpn and openssl installed there, probably not.
14:46 < rob0> (That is, they probably cannot see your traffic.)
14:47 < rob0> But if they have reason to want to see your traffic, such as a subpoena or court order, you should not feel very safe.
14:47 < Thermi> They theoretically could using some kernel root kit, if you share the kernel with your host system
14:47 < Thermi> What rob0 says.
14:48 < Thermi> If you are subject to subpoena or court order, you should probably leave that country any way or take strong measures to protect your privacy.
14:55 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
14:58 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has quit [Ping timeout: 264 seconds]
15:00 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:00 -!- mode/#openvpn [+o mattock] by ChanServ
15:09 -!- jivedude [~jivedude@c-75-67-255-157.hsd1.nh.comcast.net] has quit [Ping timeout: 264 seconds]
15:10  * redpill should leave Canada for Polynesia or something
15:16 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
15:21 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has joined #openvpn
15:24 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 272 seconds]
15:49 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
15:52 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 272 seconds]
15:58 < tetsuo95> thanks guys for the info
16:16 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
16:19 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has quit [Ping timeout: 256 seconds]
16:37 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:40 -!- funyuns [~funyun@cpe-74-141-27-123.neo.res.rr.com] has joined #openvpn
16:42 -!- tetsuo95 [~funyun@108.61.228.62] has quit [Ping timeout: 264 seconds]
16:42 -!- funyuns [~funyun@cpe-74-141-27-123.neo.res.rr.com] has left #openvpn []
16:57 -!- jnz [~jnz@unaffiliated/jnz] has joined #openvpn
16:57 < jnz> o/
16:57 < jnz> hello
16:57 < jnz> having an issue with openvpn
16:58 < jnz> it stops sending internet traffic through after a period of time
16:58 < jnz> with no logs i cannot troubleshoot this issue
16:58 < jnz> any ideas?
16:59 < jnz> and then it comes back on
16:59 < jnz> like it has intervals of no internet access
17:05 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 256 seconds]
17:06 < pekster> Thre are never "no logs"
17:06 < pekster> !logs
17:06 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
17:06 < pekster> You should also review the redirect flowchart to identify any issues in your configuration. For that, see:
17:06 < pekster> !redirect
17:06 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
17:06 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
17:11 < jnz> seems ok
17:11 < jnz> it's like when it reaches a certain bandwidth threshold it disables the connection, during the disconnection i can still ping the server
17:11 < jnz> but cannot access any websites
17:11 < jnz> or ping 8.8.8.8
17:11 < jnz> ip forwarding is enabled
17:11 < jnz> nat enabled
17:12 < pekster> You control both endpoints here, right?
17:12 < jnz> yes
17:12 < jnz> did you want ssh info to have a look?
17:12 < pekster> When you experience the issue, watch traffic on the tun device of the server as you ping from the client to an Internet resources
17:12 < pekster> No, but I'll offer troubleshooting steps for you
17:13 < jnz> ok
17:13 < jnz> what would be a good way to watch the traffic ?
17:13 < pekster> Seeing your configs might be useful too to identify any common misconfigurations. See:
17:13 < pekster> !configs
17:13 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:13 < pekster> tcpdump is popular:
17:13 < pekster> !tcpdump
17:13 <@vpnHelper> "tcpdump" is (#1) tcpdump is a great troubleshooting tool (Wireshark or the tshark.exe CLI tools for Windows.) To start, try a syntax like `tcpdump -pni ifWhatever` or (#2) You can also add filters to the command, like 'icmp' or 'udp port 1194' and the like. Consult the tcpdump docs for details.
17:14 -!- niseak [~niseak@162.222.47.218] has quit [Quit: Leaving...]
17:16 < jnz> config
17:16 < jnz> https://gist.github.com/thejhnz/35bcc885eee3acb067f6
17:16 <@vpnHelper> Title: gist:35bcc885eee3acb067f6 (at gist.github.com)
17:17 < jnz> https://gist.github.com/thejhnz/b5a84a5699c5deab48a7
17:17 <@vpnHelper> Title: gist:b5a84a5699c5deab48a7 (at gist.github.com)
17:17 < jnz> client
17:20 < pekster> avoid opendns: they're full of fail
17:20 < pekster> !opendns
17:20 <@vpnHelper> "opendns" is You should avoid using OpenDNS for pushed DNS servers as they violate spec and send you to ad/search domains for mistyped URLs. Use GoogleDNS instead. See !dns for more info.
17:20 -!- s7eele [~s7eele@108.59.12.84] has quit [Read error: Connection reset by peer]
17:21 < pekster> Also avoid using --persist-tun on your clients; that won't work (reliably) unless you're doing static address assignment (!static), and _that_ in turn can't work with --duplicate-cn that you're using
17:21 < jnz> ok
17:21 < pekster> You also probably want --verb 4 on your server, at least until you get any issues resolved (then it's fine to drop back to 3 everywhere)
17:22 < pekster> Start with a couple of those modifications, then when your configs are using that, continue down the packet capture on the server's tun device when you experience problems
17:22 < jnz> capturing with wireshark now
17:23 < jnz> not sure what to look for though
17:23 < jnz> will try make it disconnect
17:23 < jnz> and look for that log
17:23 < jnz> i removed persist tun
17:25 < jnz> ok
17:27 < jnz> tested it without persist tun and still same
17:28 < jnz> 154	21.796632000	10.8.0.6	8.8.8.8	ICMP	74	Echo (ping) request  id=0x0001, seq=3917/19727, ttl=128 (no response found!)
17:29 < pekster> So continue doing "the usual" diagnostic work on your server
17:29 < pekster> It arrives on the tun device, so it should be routed out your uplink on the server: have you checked that?
17:29 < pekster> Do you get a reply from the far end on that interface?
17:29 < pekster> Do you get related ICMP traffic on the uplink that is associated with the outbound request?
17:30 < pekster> etc, etc. Usual rules of routing still apply with openvpn
17:30 < jnz> so im loading a youtube video, and it causes it to disconnect
17:31 < jnz> Wed Apr  1 18:29:20 2015 us=740998 client1/111.69.118.209:59610 MULTI: bad source address from client [fe80::285c:                                                                        d4a7:f467:fc1a], packet dropped
17:31 < jnz> ipv6!
17:31 < jnz> thats the issue
17:31 < pekster> Not to reach 8.8.8.8 it's not
17:31 < jnz> hmm..
17:32 < pekster> You get that all the time, especially from brain-dead windows clients that are too stupid to realize they can't send to a network that's not on-link
17:32 < jnz> ahh ok lol
17:32 < jnz> will upload the log
17:32 -!- anthony25 [~anthony25@aruhier.fr] has quit [Ping timeout: 246 seconds]
17:33 < pekster> The server logs at --verb 4 might be useful to look at, but you're probably going to need to figure out why there's no reply to the icmp request in your packet dump
17:33 < jnz> https://gist.github.com/thejhnz/d173c860a3aa1fc4d8fe
17:33 <@vpnHelper> Title: gist:d173c860a3aa1fc4d8fe (at gist.github.com)
17:33 < pekster> You know you don't get an icmp echo-request sent out via the tun, but this isn't enough diagnostic info to mean much yet
17:33 < jnz> ok
17:34 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
17:34 < pekster> Yea, you can just ignore all that 'bad sources address' junk from IPv6 LL addressing
17:34 < pekster> Some application is misbehaving (if you care to look at the packet's contents you can identify the foul application, but it's far easier to ignore it)
17:35 -!- s7eele [~s7eele@108.59.12.84] has joined #openvpn
17:36 < jnz> alright
17:37 < jnz> https://gist.github.com/thejhnz/eaee9fdc6326033d27e8
17:37 <@vpnHelper> Title: gist:eaee9fdc6326033d27e8 (at gist.github.com)
17:37 < jnz> if you scroll down you can see it stops reading
17:38 < jnz> at the end i close the connection
17:39 -!- sleepypc is now known as `hypermist`
17:39 < jnz> oh i forgot to mention im using openvz vpsa
17:39 < jnz> vps*
17:40 < pekster> Still won't directly matter, although openvz has some implementation issues (usually dealing with Netfilter and other kernel support) stemming from the fact that you're basically in a fancy chroot (thus, root is not "real" root)
17:41 < pekster> Your problem is still as I stated a while back: no packets go out the tun device, thus none arrive on the client
17:41 < jnz> yeah
17:41 < pekster> You need to figure out where else they are going and identify the cause of that
17:41 < jnz> hmm
17:42 < jnz> its strange because it still allows me to maintain a ssh connection with the vpn server
17:42 < jnz> but everything else disconnects
17:42 < pekster> Nope
17:42 < pekster> Obviously "everything" is false because the echo-request arrived on the tun device on the server
17:42 < pekster> It's not "disconnected." That packet doesn't come back. For the 3rd time, you need to go figure out why
17:43 < pekster> I gave you several starting points to learn more about it. Utimately you need to treat your server as any other router that's not delivering traffic you expect and go through traditional network diagnostics
17:44 < jnz> alright cool, will give it a go
17:44 < jnz> quick question - for iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
17:44 < jnz> i dont have an eth0, so i put it on venet0 interface
17:44 < jnz> here are my options for interfaces: http://i.imgur.com/Oxovg63.png
17:44 < pekster> !learn follow-the-packet as Traffic not arriving where you expect? You'll need to figure out where it gets lost. Follow the packet at each "hop", including through each interface on routers. Tools like !tcpdump (Wireshark for Windows) are quite useful here
17:44 <@vpnHelper> Joo got it.
17:44 < jnz> maybe i set it on the wrong one ?
17:44 <+esde> !linux-ifconfig
17:44 <+esde> !ifconfig-linux
17:44 <@vpnHelper> "ifconfig-linux" is Avoid use of 'ifconfig' and 'route' commands on modern Linux distros. It's old, deprecated, and often misleading/wrong. Use the 'ip a' and 'ip r' commands instead. More info: http://inai.de/2008/0219-ifconfig-sucks.php
17:45 < pekster> If you have no eth0 device, obviously you cannot match traffic sent to/from that interface
17:46 < pekster> You'd be able to see that if showed your full Netfilter ruleset with hit counters, like this: iptables-save -c
17:47 < jnz> http://i.imgur.com/QLhppMN.png
17:47 < jnz> i have it in there
17:47 < jnz> ahh "OpenVZ doesn't do masquerade. You need SNAT."
17:47 < jnz> just did some more looking on the forums
17:54 < jnz> forums just went down o.o
17:54 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
17:55 <@ecrist> sup bitches?
17:55 < jnz> yo
17:55 <@ecrist> hi pekster?  how goes?
17:55 < pekster> Enjoying RFC7511
17:55 < pekster> I think the quote "Vintage IP" was a good touch
17:57 -!- mode/#openvpn [+o pekster] by ChanServ
17:57 -!- mode/#openvpn [-b *!d@ps38852.dreamhost.com$##fix_your_connection] by pekster
17:57 -!- mode/#openvpn [-o pekster] by ChanServ
18:08 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
18:15 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
18:26 -!- `hypermist` is now known as sleepypc
18:31 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Remote host closed the connection]
18:55 -!- RaptorJesus [~RaptorJes@unaffiliated/raptorjesus] has joined #openvpn
18:55 < RaptorJesus> hoi hoi
18:57 < RaptorJesus> ne1 have any examples of how to have a client computer bridge to the internal network on my dd-wrt with openvpn?
19:03 <@ecrist> did you try typing that into google?
19:03 <@ecrist> !route
19:03 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
19:03 <@ecrist> !iroute
19:03 <@vpnHelper> client
19:03 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
19:03 < RaptorJesus> i can only find instructions for router to router
19:06 -!- RaptorJesus_ [~RaptorJes@unaffiliated/raptorjesus] has joined #openvpn
19:09 -!- RaptorJesus [~RaptorJes@unaffiliated/raptorjesus] has quit [Ping timeout: 248 seconds]
19:10 -!- RaptorJesus_ is now known as RaptorJesus
19:15 < RaptorJesus> yay had to set auth to md5
19:25 -!- sleepypc is now known as `hypermist`
19:42 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
19:58 < RaptorJesus> dangit no tap on android?
20:04 <@ecrist> no
20:04 <@ecrist> or iOS
20:04 <@ecrist> use tun
20:04 <@ecrist> if you need tap, you're probably doing it wrong
20:14 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
20:15 <+esde> hey ecrist go long https://i.imgur.com/ENziLUz.gifv
20:15 <@vpnHelper> Title: 60 yard pass (at i.imgur.com)
20:17 <@ecrist> esde++
20:39 -!- Latrina [~Latrina@ppp-174-25.26-151.libero.it] has quit [Ping timeout: 245 seconds]
20:41 -!- soLucien [~Lu@178.62.252.248] has quit [Quit: Leaving]
20:45 -!- Latrina [~Latrina@ppp-213-55.26-151.libero.it] has joined #openvpn
20:51 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
20:59 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
21:01 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
21:02 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 250 seconds]
21:03 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
21:04 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
21:06 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
21:06 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
21:08 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
21:50 -!- `hypermist` is now known as sleepypc
22:11 -!- sleepypc is now known as `hypermist`
22:27 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 252 seconds]
22:30 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
22:55 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
22:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:36 < kill_switch> hi
23:39 -!- dazo is now known as dazo_afk
23:39 < RaptorJesus> some software I was using required the client and server to be on the same subnet, and you're the exact opposite of friendly and helpful escrist
23:42 -!- ShadniX [dagger@p5DDFD6ED.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:43 -!- ShadniX [dagger@p5481D5FB.dip0.t-ipconnect.de] has joined #openvpn
23:43 -!- RaptorJesus [~RaptorJes@unaffiliated/raptorjesus] has left #openvpn ["Leaving"]
23:45 < kill_switch> lol
--- Day changed Thu Apr 02 2015
00:12 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Quit: Leaving]
00:13 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
00:33 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:33 -!- mode/#openvpn [+o mattock] by ChanServ
00:35 -!- `hypermist` is now known as sleepypc
00:42 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 252 seconds]
00:44 -!- s7eele [~s7eele@108.59.12.84] has quit [Ping timeout: 265 seconds]
00:45 -!- sleepypc is now known as `hypermist`
01:00 -!- `hypermist` is now known as sleepypc
01:07 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
01:28 -!- s7eele [~s7eele@108.59.12.84] has joined #openvpn
01:49 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
02:00 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 272 seconds]
02:06 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
02:22 -!- sleepypc is now known as `hypermist`
02:31 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
02:38 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
03:04 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:17 -!- Protected [~Join@atuin.discworld.eu] has quit [Quit: Gone.]
03:23 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:45 -!- tristan_c [~tristan_c@81.141.91.188] has joined #openvpn
03:57 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
03:59 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Read error: Connection reset by peer]
04:01 -!- dimitry7 [dimitry7@26c-002.static.bnc4free.com] has quit [Read error: Connection reset by peer]
04:16 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:06 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 252 seconds]
05:09 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
05:16 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 255 seconds]
05:16 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
05:18 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:26 -!- rich0__ is now known as rich0
05:51 -!- Denial [~Denial@81.141.23.87] has quit [Read error: Connection reset by peer]
05:54 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
05:56 < Nik05> I got a setup with routers running openvpn and a server, which all have their own LAN. Its setup like this: https://community.openvpn.net/openvpn/wiki/RoutedLans
05:56 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
05:56 < Nik05> Is it easy to convert this to a TAP VPN and a subnet topology?
05:57 < Nik05> and still let the routers handle the NAT in their /24 subsubnet?
06:02 -!- Denial [~Denial@81.141.23.87] has joined #openvpn
06:05 -!- `hypermist` is now known as sleepypc
06:11 -!- Kim^J [~hagbard@ec2-54-76-36-83.eu-west-1.compute.amazonaws.com] has joined #openvpn
06:12 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 255 seconds]
06:17 -!- sleepypc is now known as `hypermist`
06:19 < Kim^J> Yo peeps! I'm currently setting up an VPN server on AWS and following this guide https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
06:19 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Ubuntu 14.04 | DigitalOcean (at www.digitalocean.com)
06:19 < Kim^J> What I'm wondering is, since I don't want to SSH to that box to generate stuff, can I simply generate the keys on another computer (My Mac OS X) and use Ansible to push the settings it needs?
06:23 <+esde> !walkthrough
06:23 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
06:23 <+esde> !howto
06:23 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
06:25 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:27 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Remote host closed the connection]
06:34 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
06:44 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 250 seconds]
06:45 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
06:47 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
06:49 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
06:54 -!- g-maurizi [~g-maurizi@108-201-232-2.lightspeed.irvnca.sbcglobal.net] has joined #openvpn
06:54 < Kim^J> esde: Yet it doesn't answer my question, can the certificates be generated on another computer than the one OpenVPN-server is running on?
06:55 < g-maurizi> I need someone to answer a simple question, I'm working on iptables rules to allow OpenVPN, on my ovpn server netstat -tulpn shows openvpn is indeed listening on udp/1194, however, a tcpdump on the same server shows random ports, what gives?
06:56 < g-maurizi> does the reply packet use randomized ports?
06:56 < g-maurizi> its "the same random port / 62379 currently" it changes each time the client re-establishes its connection.
06:58 < g-maurizi> The traffic going BACK to the client shows udp/1194, the traffic coming FROM the client shows the randomized port?
07:00 < Kim^J> g-maurizi: http://en.wikipedia.org/wiki/Ephemeral_port
07:00 <@vpnHelper> Title: Ephemeral port - Wikipedia, the free encyclopedia (at en.wikipedia.org)
07:02 < g-maurizi> Kim^J: because the traffic coming from the client to the server is an 'ephemeral port', the iptables rule -p udp --dport 1198 -m conntrack -ctstate NEW -j ACCEPT fails...
07:02 < g-maurizi> does the client have to use an ephemeral port? they are all in my control.
07:03 < g-maurizi> "NEW,RELATED,ESTABLISHED" does work to allow the randomized ephemeral port, but this can't be used in my scenario.
07:03 < Kim^J> No idea, I'm not that good with networking. :/
07:03 < g-maurizi> is there a way to force the client to use udp/1194?
07:04 < g-maurizi> the usage of an ephemeral port client-server makes it damn near impossible to allow ovpn IN when you dont use a state tracking firewall.
07:04 < g-maurizi> Seems pointless
07:08 -!- `hypermist` is now known as sleepypc
07:15 -!- cheesenbiscuits [~cheesenbi@124.13.88.116] has joined #openvpn
07:17 <@plaisthos> g-maurizi: bind
07:17 <@plaisthos> or just omit nobind
07:19 <@plaisthos> and you don't need state tracking
07:19 <@plaisthos> just allow everything going to server:1194
07:19 <@plaisthos> and allow everything coming from server:1149
07:30 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Remote host closed the connection]
07:32 -!- mattock_afk is now known as mattock
07:38 -!- mattock is now known as mattock_afk
07:44 -!- s7eele [~s7eele@108.59.12.84] has quit [Ping timeout: 252 seconds]
07:49 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
07:50 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:52 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
08:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
08:05 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 250 seconds]
08:09 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:49 -!- cheesenbiscuits [~cheesenbi@124.13.88.116] has quit []
08:53 -!- jnz [~jnz@unaffiliated/jnz] has quit [Ping timeout: 245 seconds]
09:05 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 265 seconds]
09:12 -!- edward [~edward@4angle.com] has left #openvpn ["Leaving"]
09:17 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
09:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:36 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
10:00 -!- plasma [plasma@antiquos.technopagans.com] has quit [Remote host closed the connection]
10:07 -!- aPollO2k is now known as apollo2k
10:07 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:08 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
10:10 -!- niseak_ [~niseak@162.222.47.218] has joined #openvpn
10:13 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 246 seconds]
10:17 < tristan_c> Is it possible to run apache, sshd and openvpn server on the same machine, whilst forwarding incoming traffic (expect ports 22, 80 etc) to the openvpn client?
10:24 < rob0> I don't see why not, but barring the use of alternate ports and/or another IP address, you might not get connections.
10:26 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
10:30 -!- u0m3 [~u0m3@92.80.82.3] has joined #openvpn
10:32 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
10:34 < tristan_c> Thanks @rob0, I'm trying to get round CGNAT. Currently I use StrongVPN and it works a charm. But trying to use my own server now whilst keeping apache and ssh access going.
10:36 < tristan_c> I had hoped by configuring iptables to 'notch' out certain ports I could replicate the StrongVPN functionality
10:40 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
10:43 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
10:44 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Client Quit]
10:45 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
10:47 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Read error: Connection reset by peer]
10:47 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
10:50 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
10:51 -!- niseak_ [~niseak@162.222.47.218] has quit [Remote host closed the connection]
10:52 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
11:01 -!- u0m3 [~u0m3@92.80.82.3] has quit [Ping timeout: 264 seconds]
11:01 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
11:02 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
11:04 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
11:04 -!- mode/#openvpn [+o pekster] by ChanServ
11:05 -!- mode/#openvpn [-o pekster] by pekster
11:20 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:28 -!- tristan_c [~tristan_c@81.141.91.188] has quit [Remote host closed the connection]
11:34 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
11:38 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:43 -!- tristan_c [~tristan_c@81.141.91.188] has joined #openvpn
11:55 -!- tristan_c [~tristan_c@81.141.91.188] has quit []
12:06 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
12:08 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Remote host closed the connection]
12:09 -!- g-maurizi [~g-maurizi@108-201-232-2.lightspeed.irvnca.sbcglobal.net] has quit [Ping timeout: 250 seconds]
12:20 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
12:34 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 272 seconds]
12:52 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
12:57 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:04 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:20 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:28 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
13:42 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 245 seconds]
13:47 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Quit: ZNC - http://znc.in]
14:00 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 252 seconds]
14:01 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
14:10 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 265 seconds]
14:29 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has joined #openvpn
14:32 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 264 seconds]
14:50 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 264 seconds]
15:08 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
15:29 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
15:29 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
16:32 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
16:34 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
16:34 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 256 seconds]
16:35 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has quit [Ping timeout: 256 seconds]
16:35 -!- Blanc|AFK [~Blanc@irc.dagon.me] has quit [Ping timeout: 256 seconds]
16:35 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 256 seconds]
16:35 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 256 seconds]
16:38 -!- MagiC3PO [IRC@unaffiliated/magiobiwan] has joined #openvpn
16:38 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 265 seconds]
16:38 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has quit [Ping timeout: 265 seconds]
16:38 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 265 seconds]
16:38 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 265 seconds]
16:38 -!- MagiC3PO is now known as Magiobiwan
16:39 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
16:39 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
16:39 -!- mode/#openvpn [+o pekster] by ChanServ
16:39 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
16:40 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
16:40 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has joined #openvpn
16:40 -!- Eugene [~eugene@jack.kashpureff.org] has joined #openvpn
16:47 -!- plasma [plasma@antiquos.technopagans.com] has joined #openvpn
17:06 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
17:06 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has quit [Quit: Leaving...]
17:15 -!- McJuicy [~McJuicy@c-67-160-230-254.hsd1.ca.comcast.net] has joined #openvpn
17:20 < McJuicy> Suppose I have two servers A and B with the same subnet net mask. I want to connect B to A's wireless AP and be able to route traffic from B's subnet to the internet and from A's subnet to B's subnet. Is this even possible using TUN? And, what sort of strategy would I use to do this on the fly without a configuration file?
17:40 < K1rk> McJuicy, I want to make sure everyone is on the same page of what you mean by "same subnet" - can you provide some sample IPs?
17:41 < K1rk> Are Server A and B for example both on 192.168.1.1/24 networks?
17:41 < McJuicy> yea they both distribute and run something similar like 192.168.1.0-255
17:42 < McJuicy> to their clients. The idea/problem is connecting these two subnets dynamically without prior configuration on an event (connecting B to A's AP).
17:43 < McJuicy> we can forget about authentication and encryption at this point
17:43 < K1rk> Okay so if you're sitting on a 192.168.1.1/24 network and try to access, for example, 192.168.1.105... you never go to a gateway\route, you simply make an ARP request and look for the IP on the LAN segment.
17:44 < McJuicy> yes I believe as much when you're sitting in one of the two subnets
17:45 < K1rk> It might be "easier" to use two different subnets.
17:45 < McJuicy> but is there a strategy for B to reorder its clients
17:45 < McJuicy> or give control to A
17:45 < K1rk> I'll be honest and say there's probably a better way to do what you're trying to do.
17:45 < McJuicy> ok, let's talk about mesh networking and openVPN :)
17:45 < McJuicy> yea I believe there is too
17:46 < McJuicy> maybe I'm approaching this from the wrong standpoint
17:46 < K1rk> So "Server B's" network has no Internet access, Server B will be its Internet gateway
17:46 < K1rk> ?
17:46 < McJuicy> yes.
17:47 < K1rk> How is Server B connecting to Server A as a VPN client then?
17:47 < K1rk> Or you just desire for privacy\other reasons to transport the Internet traffic over VPN?
17:47 < McJuicy> android will not let you route traffic
17:47 < McJuicy> to other interfaces
17:47 < McJuicy> without using a VPN
17:48 < K1rk> What does Android have to do with anything?
17:48 < McJuicy> Server B
17:48 < K1rk> Is an Android phone?
17:48 < McJuicy> we have bluetooth, GSM and wificards onboard
17:48 < McJuicy> yes
17:49 < McJuicy> restricted to TUN
17:49 < McJuicy> have to precompile iptables for routing
17:49 < K1rk> Okay so here's an issue for you to consider
17:49 < K1rk> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
17:49 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
17:49 < McJuicy> for sure
17:49 < K1rk> TUN can not be used for bridging
17:49 < McJuicy> read that guy
17:49 < McJuicy> yea need layer 3
17:50 < K1rk> It sounds like what you want is a bridge
17:50 < McJuicy> don't want to bridge anyway
17:50 < McJuicy> ah
17:50 < McJuicy> damn.
17:50 < K1rk> Well if you want to "combine" 2 LANs into 2 LAN
17:50 < K1rk> That's a bridge
17:50 < K1rk> I'm sorry I meant to say 2 LANs into 1 LAN lol
17:50 < McJuicy> it will be like a transparent gateway at that point
17:50 < K1rk> That's fine you can do it that way for sure
17:51 < McJuicy> I would still like the machine to be addressable
17:51 < K1rk> But you can't have both sides have the same IP space and expect to be able to talk to machines on the other side through the VPN server
17:51 < K1rk> Because you need a bridge for that
17:51 < McJuicy> yea
17:51 < McJuicy> that makes sense
17:51 < McJuicy> thanks for your help.
17:51 -!- Fun [~Fun@unaffiliated/fun] has joined #openvpn
17:51 < McJuicy> still wrapping my head around networking
17:51 < K1rk> You can probably do what you want through routing
17:51 < K1rk> But you can't route from the same subnet to the same subnet somewhere else
17:52 < Fun> is there some neat GUI open vpn client for linux?
17:52 < K1rk> Fun there used to be one that integrated with network-manager, not sure it's still around.  You on a debian flavor?
17:52 < Fun> yes ubuntu
17:52 < K1rk> If so check out network-manager-openvpn \ network-manager-openvpn-gnome
17:52 < K1rk> available in Apt
17:53 < Fun> cool
17:53 < K1rk> I used it for awhile but I prefer to make a config file and run it daemonized myself
17:53 < McJuicy> so B would connect to A's AP and A would give B an IP then an IP on the VPN
17:54 < McJuicy> but B would never be able to route to A's clients
17:54 < McJuicy> because it has those routes
17:54 < McJuicy> but could A provide B's subnet access to the internet?
17:54 < McJuicy> could B set up that route somehow?
17:58 < K1rk> There's no reason you couldn't do that.
17:58 < K1rk> I've done a lot crazier things
17:59 < McJuicy> hmm
18:00 < McJuicy> guess I would just have to wrap the VPN with a top layer state machine
18:00 < McJuicy> like does one of the clients on A's network have internet access
18:00 < McJuicy> and to route to it
18:02 < McJuicy> B would have to masque its clients
18:02 < McJuicy> masquerade
18:03 < Fun> K1rk: is it kinda wierd there is no irc room for softether/
18:03 < Fun> ?
18:13 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
18:21 <+esde> irc does not have rooms
18:22 < Fun> doors?
18:22 < Fun> :D
18:30 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
18:39 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
18:51 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 252 seconds]
19:13 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
19:14 -!- TDashDog1 [~TDashDog1@108.61.167.150] has joined #openvpn
19:14 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
19:15 < TDashDog1> Hey there! I'm just wondering if you can exclude a process from using the VPN.
19:19 < rob0> not easily, and that would depend greatly on your OS.
19:20 < TDashDog1> Oh. I'm running Windows.
19:27 < rob0> yeah, I'd have no idea if that's possible.  I suspect it is, but no one outside of Redmond would know how to do it.
19:28 < rob0> (and very few in Redmond!)
19:28 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
19:30 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 255 seconds]
19:32 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
19:35 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 250 seconds]
19:36 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 248 seconds]
19:38 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
19:38 -!- Fun [~Fun@unaffiliated/fun] has left #openvpn []
19:48 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
19:52 -!- TDashDog1 [~TDashDog1@108.61.167.150] has left #openvpn ["Leaving"]
19:57 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
20:02 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 250 seconds]
20:08 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
20:10 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 264 seconds]
20:10 < K1rk> Sup
20:15 -!- SpInNeR [~BiTchX@185.37-191-130.fiber.lynet.no] has joined #openvpn
20:20 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
20:23 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
20:24 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
20:25 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
20:41 -!- McJuicy [~McJuicy@c-67-160-230-254.hsd1.ca.comcast.net] has quit [Quit: This computer has gone to sleep]
20:41 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 252 seconds]
20:47 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
21:16 -!- Denial [~Denial@81.141.23.87] has quit [Read error: Connection reset by peer]
21:51 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
21:53 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
22:04 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:06 -!- Fun [~Fun@unaffiliated/fun] has joined #openvpn
22:07 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:09 < Fun> hi folks I have managed to run open vpn client from ubuntu, however yet to be able to connect to specific site behind firewall
22:09 < Fun> I wonder what could it be
22:13 < Fun> http://pastebin.com/jcLH3YcE
22:14 -!- theonlycow [~asker@c-75-72-179-227.hsd1.mn.comcast.net] has joined #openvpn
22:16 < theonlycow> Hey, I'm looking for help configuring my ubuntu machine's DNS server settings on the tun0 interface.
22:17 < theonlycow> I haven't messed with /etc/resolv.conf in a while and it looks like the way ubuntu handles that stuff has changed. I cant seem to figure out where I should change DNS settings for tun0
22:18 < theonlycow> !welcome
22:18 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
22:18 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
22:25 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
22:26 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
22:35 -!- theonlycow [~asker@c-75-72-179-227.hsd1.mn.comcast.net] has quit [Ping timeout: 256 seconds]
22:41 -!- phunyguy [~vortex@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
22:42 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
22:42 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
22:43 -!- Fun [~Fun@unaffiliated/fun] has quit [Remote host closed the connection]
23:26 -!- McJuicy [~McJuicy@c-67-160-230-254.hsd1.ca.comcast.net] has joined #openvpn
23:42 -!- ShadniX [dagger@p5481D5FB.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:43 -!- ShadniX [dagger@p5794188F.dip0.t-ipconnect.de] has joined #openvpn
23:46 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-cqdplbbbtpntybcw] has quit [Ping timeout: 252 seconds]
23:47 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-pkbforagbfdyfkeb] has quit [Ping timeout: 252 seconds]
23:49 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-arjwmpolcheherjz] has joined #openvpn
23:49 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-ytbzruuwhgehghit] has joined #openvpn
23:50 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
--- Day changed Fri Apr 03 2015
00:11 -!- Billy2 [~nwnkirc@pool-98-110-181-240.bstnma.fios.verizon.net] has quit [Ping timeout: 250 seconds]
00:13 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
00:24 -!- McJuicy [~McJuicy@c-67-160-230-254.hsd1.ca.comcast.net] has quit [Quit: This computer has gone to sleep]
00:44 -!- NBhosting [~nbhosting@D97BE3F1.cm-3-4d.dynamic.ziggo.nl] has joined #openvpn
01:03 -!- chocolate [~chocolate@187.181.101.220] has joined #openvpn
01:11 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:12 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Client Quit]
01:16 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
02:16 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
02:23 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 244 seconds]
02:27 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
02:33 -!- NBhosting [~nbhosting@D97BE3F1.cm-3-4d.dynamic.ziggo.nl] has quit []
02:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:50 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
03:15 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 245 seconds]
03:16 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
03:31 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
03:51 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
03:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
04:08 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:11 -!- magnulu [~magnulu@46.246.20.130] has quit [Ping timeout: 264 seconds]
04:13 -!- magnulu [~magnulu@46.246.20.131] has joined #openvpn
04:32 -!- magnulu [~magnulu@46.246.20.131] has quit [Ping timeout: 265 seconds]
04:33 -!- magnulu [~magnulu@46.246.20.34] has joined #openvpn
04:50 -!- magnulu [~magnulu@46.246.20.34] has quit [Ping timeout: 248 seconds]
04:52 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
04:52 -!- magnulu [~magnulu@46.246.20.35] has joined #openvpn
04:55 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 256 seconds]
05:11 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
05:15 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
05:34 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
05:34 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
05:35 -!- badon_ is now known as badon
05:45 -!- magnulu [~magnulu@46.246.20.35] has quit [Ping timeout: 250 seconds]
06:21 -!- sleepypc is now known as `hypermist`
06:22 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
06:30 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
06:32 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:16 -!- Denial [~Denial@81.141.23.87] has joined #openvpn
07:35 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Quit: say wat]
07:50 -!- pk12_ [~pk12@84.39.116.180] has joined #openvpn
07:51 -!- pk12 [~pk12@84.39.116.180] has quit [Ping timeout: 252 seconds]
08:00 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
08:04 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
08:05 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:13 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
08:20 -!- mete [~mete@91.247.253.160] has joined #openvpn
08:25 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:28 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
08:28 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 252 seconds]
08:43 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
08:44 -!- pk12_ [~pk12@84.39.116.180] has quit [Ping timeout: 272 seconds]
08:46 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer]
08:47 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has joined #openvpn
08:47 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
09:01 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
09:01 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
09:01 -!- badon_ is now known as badon
09:01 -!- ACKNAK [~regolith@79.133.97.154] has joined #openvpn
09:06 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 246 seconds]
09:08 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
09:09 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
09:09 -!- badon_ is now known as badon
09:10 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:19 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
09:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:37 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
09:40 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
09:50 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has quit [Remote host closed the connection]
09:50 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
09:50 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
09:50 -!- badon_ is now known as badon
10:07 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
10:07 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
10:07 -!- badon_ is now known as badon
10:09 -!- `hypermist` is now known as sleepypc
10:14 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Remote host closed the connection]
10:16 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
10:17 -!- jthunder [~jthunder@174.90.223.17] has joined #openvpn
10:32 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
10:35 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
10:47 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
10:49 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:00 -!- ACKNAK [~regolith@79.133.97.154] has quit [Quit: Leaving]
11:05 -!- ptgii [~p@71-223-211-135.phnx.qwest.net] has joined #openvpn
11:06 < ptgii> I am having some issues with packet loss on our openvpn server, any experts here want to make a quick couple bucks, and help me out?   I am getting to my desperate point :(
11:12 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
11:12 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
11:14 -!- badon_ is now known as badon
11:14 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Excess Flood]
11:15 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
11:16 -!- badon_ is now known as badon
11:20 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
11:29 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Remote host closed the connection]
11:36 -!- bogie [bogie@mail.epow0.org] has quit [Ping timeout: 256 seconds]
11:41 -!- bogie [bogie@mail.epow0.org] has joined #openvpn
11:46 -!- jthunder [~jthunder@174.90.223.17] has quit [Quit: jthunder]
11:50 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:56 < Eugene> !osx
11:56 <@vpnHelper> "osx" is (#1) Tunnelblick includes everything you need to run OpenVPN on OS X. https://code.google.com/p/tunnelblick/ or (#2) Viscosity is another OpenVPN client for OS X, but it is commercial. http://www.thesparklabs.com/viscosity/
12:05 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
12:09 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
12:09 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:10 -!- badon_ is now known as badon
12:17 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
12:28 < Eugene> !iline
12:28 < Eugene> !inline
12:28 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
12:35 -!- kexmex [~kexmex@178.212.242.26] has quit [Quit: Computer has gone to sleep.]
12:40 -!- kexmex [~kexmex@178.212.242.26] has joined #openvpn
12:41 -!- rich0__ is now known as rich0
12:43 -!- kexmex [~kexmex@178.212.242.26] has quit [Client Quit]
13:03 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 252 seconds]
13:05 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
13:06 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 276 seconds]
13:10 -!- JethroTux [~giuseppe@unaffiliated/jethrotux] has joined #openvpn
13:10 < JethroTux> hello everybody.
13:11 < JethroTux> I can't connect on freenode or any irc servers when running openvpn. Do I have to make any changes on client.conf file? Please help, thanks.
13:17 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
13:24 -!- JethroTux [~giuseppe@unaffiliated/jethrotux] has quit [Quit: brb]
13:29 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
13:29 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:30 -!- JethroTux [~giuseppe@unaffiliated/jethrotux] has joined #openvpn
13:30 -!- badon_ is now known as badon
13:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:35 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:36 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 256 seconds]
13:40 -!- JethroTux [~giuseppe@unaffiliated/jethrotux] has quit [Ping timeout: 250 seconds]
13:54 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
13:54 -!- Asharas [~asharas@AAmiens-652-1-172-83.w90-58.abo.wanadoo.fr] has joined #openvpn
13:55 < Asharas> Hi everyone!
13:55 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 245 seconds]
13:55 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:56 < Asharas> I've got a question: I have a client connected on 2 VPNs. When I traceroute something like 8.8.8.8 the traffic goes through the vpn
13:56 -!- badon_ is now known as badon
13:56 < Asharas> but when I traceroute one of my servers (with there WAN IP) the traffic does not go through VPN but through my local gateway
13:56 < Asharas> any idea why?
14:09 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 264 seconds]
14:12 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:23 < zoredache> Look at your route table.  You have a route that sends traffic that direction.
14:52 -!- ptgii [~p@71-223-211-135.phnx.qwest.net] has quit [Ping timeout: 255 seconds]
14:58 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
15:23 -!- deraps [~ubuntu@ec2-50-18-158-69.us-west-1.compute.amazonaws.com] has joined #openvpn
15:23 -!- deraps [~ubuntu@ec2-50-18-158-69.us-west-1.compute.amazonaws.com] has left #openvpn []
15:26 -!- lasdam [~tom@2a02:fe0:c620:8c80:dc8a:f0fe:5d06:d815] has joined #openvpn
15:27 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
15:30 < lasdam> how much does openvpn generally add to bandwidth usage using AES 256bit cypher and a 2kb vpn key?
15:30 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
15:35 -!- novaflash [~novaflash@openvpn/corp/support/novaflash] has joined #openvpn
15:35 -!- mode/#openvpn [+o novaflash] by ChanServ
15:36 -!- deraps [~ubuntu@ec2-50-18-158-69.us-west-1.compute.amazonaws.com] has joined #openvpn
15:40 < deraps> i know it might be a reach, but has anyone used yubikey via duo for 2FA on the linux client?
15:56 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
16:05 -!- niseak [~niseak@162.222.47.218] has quit [Remote host closed the connection]
16:07 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
16:30 -!- car [~chroiss@101.98.249.230] has joined #openvpn
16:32 -!- sleepypc is now known as `hypermist`
16:44 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
16:59 -!- niseak [~niseak@162.222.47.218] has quit [Quit: Leaving...]
17:08 -!- Tobinski [~tobinski@x2f58f23.dyn.telefonica.de] has joined #openvpn
17:13 -!- car [~chroiss@101.98.249.230] has quit [Ping timeout: 252 seconds]
17:14 -!- Tobinski [~tobinski@x2f58f23.dyn.telefonica.de] has quit [Quit: Leaving]
17:17 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 264 seconds]
17:18 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 248 seconds]
17:22 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
17:25 -!- `hypermist` is now known as sleepypc
17:27 -!- car [~chroiss@mail.itmania.de] has joined #openvpn
17:34 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:45 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
17:55 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 250 seconds]
17:56 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
18:02 -!- tar0__ [~taro@201.247.51.76] has quit [Ping timeout: 256 seconds]
18:04 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
18:12 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
18:13 -!- mode/#openvpn [+v s7r] by ChanServ
18:44 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
18:46 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
18:49 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Ping timeout: 250 seconds]
18:51 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
19:11 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 272 seconds]
19:28 -!- Fun [~Fun@unaffiliated/fun] has joined #openvpn
19:28 < Fun> hi folks
19:28 < Fun> can isp filter open vpn traffic or its impossible?
19:46 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
19:47 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
19:53 -!- Fun is now known as sir
19:53 -!- mode/#openvpn [-o pekster] by pekster
19:53 -!- sir is now known as Fun
19:54 < pekster> Fun/sir/whatever, openvpn makes no attempt to hide itself, at least in TLS mode. See the following reading material for details:
19:54 < pekster> !statickey
19:54 <@vpnHelper> "statickey" is (#1) you can use static keys by using --secret </path/to/key> or (#2) static keys only work for ptp links, not client/server. They also do not provide forward encryption. A forward-secure encryption scheme (such as openvpn uses with certs) protects secret keys from exposure by evolving the keys with time. or (#3) see !forwardsecurity for more info
19:54 < pekster> !obfs
19:54 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used.
19:54 <@vpnHelper> in static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
19:54 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
19:54 < Fun> pekster: what if I use random port
19:54 < Fun> will that help?
19:55 < pekster> Probably not, but it might fool stupid filters
19:55 < Fun> also what is static key and forward security?
19:55 < Fun> pekster: hehe
19:55 < pekster> !google forward secrecy
19:55 <@vpnHelper> Forward secrecy - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Forward_secrecy>; SSL Labs: Deploying Forward Secrecy - Qualys Community: <https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy>; SSL Enabling Forward Secrecy | DigiCert.com: <https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm>
19:56 < pekster> static key is an encryption method openvpn offers that does not use TLS, and you must share a symmetric key between peers before you can use openvpn. It's also only good for p2p mode, or 2 endpoints (not many clients)
19:56 < Fun> Forward secrecy is designed to prevent the compromise of a long-term  secret key from affecting the confidentiality of past conversations.
19:56 < pekster> Yes, exactly
19:57 < Fun> but how long term secret key can reveal past browsing habits?
19:58 < pekster> Sure. Say you use statickey (so it has no TLS fingerprint due to hostile ISP/government or whatever.) Then they save all your encrypted data. Later you (or your remote VPN endpoint) is compromised. Lack of forward secrecy means all the past traffic they saved can be decrypted
19:58 < pekster> If you want forward-secrecy _and_ need to evade hostile filtering, look at the obfs project I linked
20:01 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
20:01 -!- car [~chroiss@mail.itmania.de] has quit [Ping timeout: 245 seconds]
20:03 < Fun> neat
20:03 < Fun> and if I want to use static key
20:03 < Fun> how can I do it?
20:06 < Fun> pekster: atm I can connect to open vpn server and I get new IP via DHCP however sites filtered by ISP stay out of reach
20:06 < Fun> how they can even do it?
20:06 < Fun> they monitor all traffic that they think is open vpn?
20:06 < Fun> but it goes to server and from server to site
20:13 -!- Fun is now known as cheapgod
20:14 -!- cheapgod is now known as Fun
20:17 -!- u0m3 [~u0m3@92.80.85.34] has joined #openvpn
20:21 -!- lasdam [~tom@2a02:fe0:c620:8c80:dc8a:f0fe:5d06:d815] has quit [Ping timeout: 252 seconds]
20:33 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
20:35 -!- havingFun is now known as xrosnight
20:50 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
20:54 -!- Asharas [~asharas@AAmiens-652-1-172-83.w90-58.abo.wanadoo.fr] has quit [Quit: Quitte]
20:59 -!- u0m3 [~u0m3@92.80.85.34] has quit [Ping timeout: 256 seconds]
21:05 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
21:08 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:12 -!- deranged [Bit@lolnerd.net] has quit [Ping timeout: 272 seconds]
21:13 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Quit: No Ping reply in 180 seconds.]
21:14 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
21:14 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
21:18 -!- novae [~novae@unaffiliated/novae] has quit [Remote host closed the connection]
21:24 -!- deranged [Bit@lolnerd.net] has joined #openvpn
21:36 -!- Fun [~Fun@unaffiliated/fun] has quit [Ping timeout: 252 seconds]
21:37 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
21:42 -!- deranged [Bit@lolnerd.net] has quit [Ping timeout: 272 seconds]
21:43 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 246 seconds]
22:00 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
22:01 -!- deranged [Bit@lolnerd.net] has joined #openvpn
22:07 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
23:04 -!- sleepypc is now known as `hypermist`
23:06 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:22 -!- havingFun is now known as xrosnight
23:41 -!- ShadniX [dagger@p5794188F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:42 -!- ShadniX [dagger@p5481C604.dip0.t-ipconnect.de] has joined #openvpn
23:44 -!- tar0__ [~taro@201.247.51.76] has quit [Ping timeout: 255 seconds]
23:48 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
--- Day changed Sat Apr 04 2015
00:04 -!- tar0__ [~taro@201.247.51.76] has quit [Read error: Connection timed out]
00:09 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
00:10 -!- tar0__ [~taro@201.247.51.76] has quit [Max SendQ exceeded]
00:11 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
00:11 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
00:41 -!- tar0__ [~taro@201.247.51.76] has quit [Ping timeout: 252 seconds]
00:50 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
00:51 -!- tar0__ [~taro@201.247.51.76] has quit [Max SendQ exceeded]
00:51 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
02:11 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
02:24 -!- tar0__ [~taro@201.247.51.76] has quit [Read error: Connection timed out]
02:30 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
02:37 -!- tar0__ [~taro@201.247.51.76] has quit [Max SendQ exceeded]
02:37 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
02:37 -!- tar0__ [~taro@201.247.51.76] has quit [Max SendQ exceeded]
02:38 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
02:41 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:57 -!- seg [~seg@fsf/member/seg] has joined #openvpn
03:06 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
03:07 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
03:18 -!- tar0__ [~taro@201.247.51.76] has quit [Ping timeout: 250 seconds]
03:23 -!- Tobinski [~tobinski@x2f60ed4.dyn.telefonica.de] has joined #openvpn
03:23 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Quit: Leaving]
03:28 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
03:28 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
03:30 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
03:36 < kill_switch> is OpenVPN offered on Blackberry?
03:47 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
03:49 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:53 -!- tar0__ [~taro@201.247.51.76] has quit [Ping timeout: 250 seconds]
04:09 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
04:29 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
05:02 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Remote host closed the connection]
05:05 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
05:19 -!- bonjurkes [~bonjurkes@24.133.174.175] has joined #openvpn
05:20 < bonjurkes> !openvzlinnat
05:20 < bonjurkes> !linnat
05:20 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
05:20 < bonjurkes> !openvzlinnat
05:21 < bonjurkes> what happened to nat settings for openvz?
05:22 -!- tar0__ [~taro@201.247.51.76] has quit [Ping timeout: 255 seconds]
05:26 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
05:27 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
05:27 -!- tar0__ [~taro@201.247.51.76] has quit [Max SendQ exceeded]
05:29 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
05:35 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
05:37 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 256 seconds]
05:39 -!- bonjurkes [~bonjurkes@24.133.174.175] has left #openvpn ["Leaving"]
05:40 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
05:47 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
05:48 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 264 seconds]
06:07 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
06:30 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
07:03 -!- `hypermist` is now known as sleepypc
07:04 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: "Buzzinga"]
07:18 -!- julius_ [~julius_@p3EE296CF.dip0.t-ipconnect.de] has joined #openvpn
07:18 < julius_> hi
07:20 < julius_> ive got a server in a lan behind my openvpn client, i could  reach the server from the outside...but it stopped working.   i cant ping or ssh from outside. but now im locally connected to the server in my apartment, there ssh works.
07:21 < julius_>  ive got: route 192.168.1.0 255.255.255.0    push "route 192.168.1.0 255.255.255.0"    in my server.conf and  iroute 192.168.1.0 255.255.255.0        in the ccd file
07:21 < julius_> the openvpn client has ip forwarding activated
07:22 < julius_> what am i missing?
07:32 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has joined #openvpn
07:33 -!- tar0__ [~taro@201.247.51.76] has quit [Ping timeout: 246 seconds]
07:38 -!- rich0__ is now known as rich0
07:41 < julius_> lan behind the openvpn client is: 192.168.1.0
07:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
07:50 -!- tar0__ [~taro@201.247.51.76] has joined #openvpn
07:50 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
08:06 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:36 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
08:39 -!- quup [~u@unaffiliated/quup] has joined #openvpn
08:46 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
08:59 -!- quup [~u@unaffiliated/quup] has quit [Ping timeout: 252 seconds]
09:00 < julius_> ah...wierd...the vpn client didnt start. so its a openwrt issue
09:00 < julius_> thx
09:00 -!- julius_ [~julius_@p3EE296CF.dip0.t-ipconnect.de] has left #openvpn ["Leaving"]
09:07 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:10 -!- lasdam [~tom@2a02:fe0:c620:8c80:dc8a:f0fe:5d06:d815] has joined #openvpn
09:23 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
09:40 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
10:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
10:39 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
10:40 -!- chocolate [~chocolate@187.181.101.220] has quit [Ping timeout: 256 seconds]
10:44 -!- chocolate [~chocolate@187.181.101.220] has joined #openvpn
10:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:28 -!- raeflondon [raeflondon@got.ourback.net] has joined #openvpn
11:34 < raeflondon> Found this old post that has no responses on the mailing list and am wondering the same thing: http://openvpn.net/archive/openvpn-users/2005-07/msg00130.html
11:34 <@vpnHelper> Title: [Openvpn-users] iroutes of the same subnet to more than one client (at openvpn.net)
11:35 < raeflondon> Is there anyway to let an openvpn client advertise an iroute to the server?
11:35 < raeflondon> Or pass back a subnet so that a --client-connect script could handle it?
12:07 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
12:16 -!- lasdam [~tom@2a02:fe0:c620:8c80:dc8a:f0fe:5d06:d815] has quit [Quit: Leaving.]
12:18 -!- chocolate [~chocolate@187.181.101.220] has quit [Ping timeout: 250 seconds]
12:21 -!- chocolate [~chocolate@187.181.101.220] has joined #openvpn
12:22 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
12:22 < Cipher45> !poodle
12:22 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
12:23 < Cipher45> !welcome
12:23 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:23 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:31 -!- chocolate [~chocolate@187.181.101.220] has quit [Ping timeout: 255 seconds]
12:36 < raeflondon> !route
12:36 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:36 <@vpnHelper> client
12:43 -!- chocolate [~chocolate@187.181.101.220] has joined #openvpn
13:00 <@krzee> raeflondon, no
13:01 <@krzee> once upon a time i think there was a dynamic iroute patch but it did not get accepted iirc
13:02 <@krzee> raeflondon, you could use tap, in which case you wont need iroute… then you could use rip or ospf for routing
13:04 <@krzee> sorry disregard that, tap wouldnt help
13:04 <@krzee> !rip
13:04 <@vpnHelper> "rip" is http://www.secure-computing.net/wiki/index.php/OpenVPN/RIPRouting for a writeup on using RIP in openvpn
13:06 -!- linkedinyou [~Hasib@unaffiliated/linkedinyou] has joined #openvpn
13:07 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
13:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
13:07 <@krzee> http://sourceforge.net/p/openvpn/mailman/openvpn-devel/thread/201010011058.24902.sven-ola@gmx.de/
13:07 <@vpnHelper> Title: OpenVPN / Mailing Lists (at sourceforge.net)
13:08 -!- kill_switch [~kill_swit@unaffiliated/kill-switch/x-7306241] has quit [Read error: Connection reset by peer]
13:35 -!- Malsasa [~Malsasa@36.84.220.85] has joined #openvpn
13:35 -!- saraz3s [~saraz3s@122.167.22.168] has joined #openvpn
13:35 < saraz3s> Hey guys I just installed openvpn on ubuntu
13:36 < saraz3s> but how do I use after that
13:36 < saraz3s> I need certificates
13:36 < saraz3s> I tried cpn books
13:36 < saraz3s> but am not able to access the internet
13:36 < saraz3s> can someone help
13:36 < saraz3s> pls
13:37 < saraz3s> can someone help me set up openvpn on ubuntu pc?
13:38 < saraz3s> !heartbleed
13:38 <@vpnHelper> "heartbleed" is (#1) only affects OpenSSL 1.0.1 through 1.0.1f. Does not affect polarssl or (#2) if running vuln openssl then both client and server keys not protected by tls-auth should be considered compromised. or (#3) android 4.1.2_r1 is the first one to have -DOPENSSL_NO_HEARTBEATS and it is still in master. android 4.1 and 4.1.1 are probably affected. or (#4)
13:38 <@vpnHelper> https://community.openvpn.net/openvpn/wiki/heartbleed or (#5) http://xkcd.com/1354/
13:38 -!- saraz3s [~saraz3s@122.167.22.168] has quit [Quit: Leaving]
13:41 -!- Malsasa [~Malsasa@36.84.220.85] has quit [Remote host closed the connection]
13:41 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:49 -!- Tobinski [~tobinski@x2f60ed4.dyn.telefonica.de] has quit [Ping timeout: 248 seconds]
14:10 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has joined #openvpn
14:11 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Max SendQ exceeded]
14:14 < cagedwisdom> My openvpn setup has stopped working, shortly after I installed it. This is the second time it's happened, where it's appeared to spontaneously decay. How do I fix it?
14:15 < cagedwisdom> This is really odd because I verified it was working before by tracerouting my connection through openvpn. Has anyone else has a similar experience?
14:26 < raeflondon> Check the logs on both sides
14:28 < raeflondon> krzee: Thanks, I've done the bridge setup but would rather routing for scale
14:40 < raeflondon> krzee: You're right, dynamic-iroute patch: http://sourceforge.net/p/openvpn/mailman/openvpn-devel/thread/201010011058.24902.sven-ola@gmx.de/
14:40 <@vpnHelper> Title: OpenVPN / Mailing Lists (at sourceforge.net)
14:41 < raeflondon> Is there a way to dump the iroute table on a running openvpn instance?
15:25 -!- quup [~u@unaffiliated/quup] has joined #openvpn
15:26 < quup> Hi, any reason my openvpn client (sometimes) doesn't drop priviliges even though I have 'user nobody' and 'group nobody' in the config file?
15:26 < quup> It does say "NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay"
15:27 -!- linkedinyou [~Hasib@unaffiliated/linkedinyou] has quit [Ping timeout: 256 seconds]
15:28 < quup> I don't have up-delay or pull, but obviously client
15:47 -!- Orbixx [~orbixx@freenode/sponsor/orbixx] has left #openvpn ["Shall I compare thee to a summer's day? Riposte! Such a function dost call upon the necessity of typecasting!"]
16:00 < Thermi> quup: There is your reason.
16:23 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 264 seconds]
16:39 < mete> short question. my server config is here: http://pastebin.com/0WQsmitN   ifconfig on the server shows always "inet addr:172.16.250.1  P-t-P:172.16.250.2  Mask:255.255.255.255", is that right? my client gets an IP from the 172.16.250.0/24 pool assigned, but can't ping the server... strange
16:42 < Thermi> mete: You should find out if it's a firewall or routing problem and stop using net-tools.
16:43 < mete> what do you mean by "stop using net tools" ?
16:43 < Thermi> ifconfig is part of the old, deprecated and bad net-tools. route is another one of those.
16:43 < Thermi> use iproute2 instead.
16:43 < Thermi> ip {address, route, rule, ...}
16:44 < Thermi> "ip link"
16:45 < mete> but, I'm not a fan of installing thousand of packages :D like iproute2 isn't built in in debian... it is enough for such simple things I think... ;)
16:46 < Thermi> It's just a single package.
16:46 < Thermi> And it's a single binary.
16:46 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
16:46 < Thermi> And it's not broken. See http://inai.de/2008/02/19
16:46 <@vpnHelper> Title: j.eng's site: News, Notes, Quips, Tweets, Things to share. (at inai.de)
16:48 < mete> Thermi: ip addr shows exactly the same ;)
16:48 < mete> 6: tun250: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
16:48 < mete>     link/none
16:48 < mete>     inet 172.16.250.1 peer 172.16.250.2/32 scope global tun250
16:48 < Thermi> That is great. But now you're using a properly maintained tool and can continue using it. ;)
16:49 < Thermi> What are you pinging?
16:49 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
16:50 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 245 seconds]
16:50 < mete> and in this scope, the client isn't... I've specified in the server config 172.16.250.0/24, shouldn't it be /24 on the interface then?   I'm trying to ping 172.16.250.6... this client also got an 255.255.255.252 net through the openvpn dhcp assigned
16:50 < mete> no firewalls on both sides... client is windows 8.1 (openvpn started as admin)
16:50 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 245 seconds]
16:50 < Thermi> It's a point-to-point interface.
16:50 < Thermi> It connects two points (IP Addresses)
16:51 < Thermi> You need to route all other networks over the server's IP address (172.16.2150.2).
16:51 < Thermi> Well, all other networks, which you want to reach over that point-to-point interface
16:51 < mete> 172.16.250.0    172.16.250.2    255.255.255.0   UG    0      0        0 tun250
16:51 < Thermi> I think that the route you need is 172.16.250/24 dev tun250
16:52 < mete> yes I know, it's "route" :D
16:52 < mete> but I can't ping 176.16.250.2, is that normal?
16:52  * Thermi searches in his toolbox for a big hammer.
16:52 < Thermi> Check the interface stats
16:52 < Thermi> ip -s l show tun250
16:52 < Thermi> RX/TX bytes ?
16:52 < mete> RX 0 pkts, TX 4 pkts
16:53 < Thermi> Hmh. Bad.
16:53 < Thermi> What IP address does your server's TUN device have?
16:53 < mete> 172.16.250.1 it should have
16:54 < Thermi> Your current peer has 172.16.250.1, as shown in ifconfig and ip address
16:54 < Thermi> You need to fix your config to only give your other IPs to the clients.
16:55 < mete> it shows the exactly same, also when there is no client connected and openvn server restarted...
16:55 < mete> so no IP is given out
16:56 < Thermi> What you showed me with the output of "ip address" is the exact opposite of "no IP is given out".
16:56 < mete>     inet 172.16.250.1 peer 172.16.250.2/32 scope global tun250
16:56 < mete> no client is connected
16:56 < Thermi> You should not use "server" and "ifconfig"
16:56 < mete> and openvpn is restarted
16:57 < Thermi> Only use "server"
16:57 < Thermi> Do not use "ifconfig".
16:57 < mete> ok, done that and restarted openvpn
16:58 < mete> ip addr shows the same:     inet 172.16.250.1 peer 172.16.250.2/32 scope global tun250
16:58 < mete> and no no client is connected
16:58 < Thermi> Connect a client.
16:58 < mete> k mom
16:59 < Thermi> Btw, that is my config: https://bpaste.net/show/0ac62b69d478
17:00 < mete> ok now it seems to work, great, thank you :)
17:00 < Thermi> You're welcome. :)
17:01 < mete> looks like netcup ip?
17:01 < mete> :D
17:01 < Thermi> It is.
17:01 < mete> hah (Y)
17:01 < Thermi> Try to break in, if you dare.
17:01 < mete> I'm customer there, so I don't do such things :D
17:02 < Thermi> Same broadcast domain?
17:02 < mete> no
17:02 < mete> ;)
17:02 < Thermi> Sad.
17:02 < Thermi> Their customer service is interesting.
17:02 < mete> why?
17:02 < Thermi> My vserver there was impacted by them having problems with a vm host
17:02 < Thermi> they just shut it down
17:02 < Thermi> and my VM can't be migrated, as it's drive is encrypted
17:03 < Thermi> They never told me or contacted me that they had had that issue
17:03 < mete> :DD
17:03 < mete> that's normal there...
17:03 < Thermi> I actually had to call them the following day what was up
17:03 < mete> because of that I'm running out the contract with them
17:03 < Thermi> And one of them had no idea
17:03 < mete> had some network issues there
17:03 < Thermi> I had to turn the server on myself again
17:03 < mete> (loss)
17:03 < Thermi> Oh, bad.
17:03 < Thermi> What was it?
17:04 < Thermi> how long?
17:04 < mete> bad peering, there's no solution
17:04 < Thermi> Urgh. To what network?
17:04 < Thermi> They use hetzner hardware and networks
17:04 < mete> routing from germany to upc switzerland sometimes goes over the US
17:04 < Thermi> You can see it in traceroutes
17:04 < Thermi> Okay, I wouldn't wnat that.
17:04 < mete> latency ~130ms
17:05 < mete> I changed to another provider in germany
17:05 < mete> only have there a little vserver for external monitoring... I'm running the main server here on own hardware in a DC in switzerland
17:06 < mete> but loss and monitoring = bad
17:06 < Thermi> Why external monitoring?
17:06 < Thermi> Detecting ISP problems?
17:07 < mete> if the DC is down, so I haven't an alert when I'm only using internal monitoring... thus there is the availability of SMS gateways...
17:07 < mete> :D
17:07 < mete> but I'm not a fan of sms gateways xD
17:07 < mete> keep it simple
17:13 < mete> Thermi: you're also in #ntp :D (Y)
17:13 < Thermi> I am in a lot of channels. Do you require more assistance?
17:13 < mete> no - all good I think, will test now by myself, thanks
17:14 < Thermi> You're welcome.
17:29 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
17:42 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 244 seconds]
17:48 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:49 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
17:54 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: Computer has gone to sleep.]
18:17 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
18:18 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
18:31 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: ["Textual IRC Client: www.textualapp.com"]]
18:41 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
19:13 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Read error: Connection reset by peer]
19:30 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 252 seconds]
19:37 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 264 seconds]
19:42 -!- sleepypc is now known as `hypermist`
19:43 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
20:01 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
20:22 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
20:28 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
20:28 -!- mode/#openvpn [+v RBecker] by ChanServ
20:40 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 245 seconds]
20:47 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
21:15 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:30 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
21:49 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
22:51 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
22:53 -!- rich0__ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
22:57 < leo2007> clients can fail to connect due to this https://bpaste.net/show/8eb607a96134
22:57 < leo2007> is openvpn being over-protective?
23:02 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:40 -!- ShadniX [dagger@p5481C604.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:41 -!- ShadniX [dagger@p57941E85.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Apr 05 2015
00:01 -!- `hypermist` is now known as sleepypc
00:06 -!- tar0__ [~taro@201.247.51.76] has quit [Remote host closed the connection]
01:27 -!- TheM4ch1n3 [~appleseed@unaffiliated/them4ch1n3] has joined #openvpn
01:39 -!- TheM4ch1n3 [~appleseed@unaffiliated/them4ch1n3] has quit [Quit: bye]
01:59 -!- sleepypc is now known as `hypermist`
02:10 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:18 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 244 seconds]
02:35 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
02:39 -!- cultavix [~cultavix@unaffiliated/cultavix] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
02:39 -!- QuinnStorm [~rtmf@beautifulsunrise.org] has joined #openvpn
02:41 < QuinnStorm> so, i'm having an issue with lollipop where a dev tun topo subnet vpn is bailing somewhere around setting up the tun, it gets the subnet configured according to ip addr, but a lot of the routes bail that work on on the normal linux client, and I had it working with /30 so I'm not sure what's up.  I'm not using 'server' but that didn't help (I'm not using .1 for the endpoint) so...I'm kinda ...
02:41 < QuinnStorm> ... stumped.  seems to work okish so far on linux, major changes from last working config are move from /30 to subnet, and move to providing dns via dnsmasq, but the connection bails before there / dnsmasq works fine with the linux client (and even resolves my clients fine with a script to add them to an /etc/hosts.d type thing)
02:53 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
02:58 -!- Tausen [~Tausen@tausen.org] has quit [Ping timeout: 245 seconds]
02:59 -!- Tausen [~Tausen@tausen.org] has joined #openvpn
03:00 -!- codebam [codebam@gateway/shell/yourbnc/x-spzajmowgxnfjamu] has quit [Ping timeout: 276 seconds]
03:01 -!- codebam [codebam@gateway/shell/yourbnc/x-ejjjlnxlllihrgvv] has joined #openvpn
03:05 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has quit [Ping timeout: 276 seconds]
03:06 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
03:45 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 264 seconds]
04:06 -!- Tobinski [~tobinski@x2f6062a.dyn.telefonica.de] has joined #openvpn
04:06 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:28 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
04:28 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
04:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 248 seconds]
04:39 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:44 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
04:45 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
04:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:57 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
04:57 -!- apollo2k is now known as aPollO2k
04:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
05:03 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:07 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
05:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:14 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
05:14 -!- aPollO2k is now known as apollo2k
05:14 -!- `hypermist` is now known as sleepypc
05:14 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:18 -!- g-maurizi [~g-maurizi@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has joined #openvpn
05:19 < g-maurizi> anyone want to take a stab at reading this log and telling me why the heck my client wont connect? http://pastebin.com/EZnDxy2t I changed to a smaller footprint version of the SAME tomato router firmware build and using ALL of the same client settings the connection is refused...
05:19 < g-maurizi> the local and remote option strings appear identical to me
05:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
05:20 < g-maurizi> why am i seeing inactivity time-out?
05:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:21 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
05:25 < g-maurizi> please?
05:25 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
05:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:27 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has quit [Max SendQ exceeded]
05:27 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
05:28 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has quit [Max SendQ exceeded]
05:29 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:29 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
05:31 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
05:32 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:36 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
05:37 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:40 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:43 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
05:43 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:43 -!- g-maurizi [~g-maurizi@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has quit [Ping timeout: 264 seconds]
05:44 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
05:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:53 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
05:54 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:59 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
06:00 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:05 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
06:05 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:07 -!- tristan_c [~tristan_c@host86-178-185-158.range86-178.btcentralplus.com] has joined #openvpn
06:10 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 248 seconds]
06:11 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:13 -!- quup [~u@unaffiliated/quup] has quit [Ping timeout: 245 seconds]
06:16 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
06:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:21 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
06:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:27 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
06:28 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:34 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
06:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
06:39 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:43 -!- sleepypc is now known as `hypermist`
07:09 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:11 -!- rich0_ is now known as rich0
07:12 -!- kexmex [~kexmex@178.136.234.6] has quit [Client Quit]
07:12 -!- kexmex_ [~kexmex@178.136.234.6] has joined #openvpn
07:13 -!- kexmex_ [~kexmex@178.136.234.6] has quit [Max SendQ exceeded]
07:13 -!- kexmex [~kexmex@178.136.234.6] has joined #openvpn
07:24 < tristan_c> Any forum moderators online? Have tried to post but they need approved. Been a few days now.
07:35 -!- Malsasa [~Malsasa@114.79.45.192] has joined #openvpn
07:36 -!- tristan_c [~tristan_c@host86-178-185-158.range86-178.btcentralplus.com] has quit []
07:37 -!- Malsasa [~Malsasa@114.79.45.192] has quit [Remote host closed the connection]
07:40 -!- kexmex [~kexmex@178.136.234.6] has quit [Quit: ["Textual IRC Client: www.textualapp.com"]]
07:55 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
08:04 -!- `hypermist` is now known as sleepypc
08:04 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
08:07 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:18 < mete> is there a list of available options for ccd files?
08:20 < rob0> Basically anything that is a client-specific setting or one that CAN be set on a client instance.
08:26 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 245 seconds]
08:27 < mete> rob0: ok thanks, so push "dhcp-option PROXY_HTTP 10.144.5.14 3128"  should be available
08:34 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:37 -!- yandoogle [~yandoogle@93-81-160-75.broadband.corbina.ru] has joined #openvpn
08:46 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
08:51 -!- yandoogle [~yandoogle@93-81-160-75.broadband.corbina.ru] has quit [Ping timeout: 265 seconds]
09:08 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer]
09:09 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
09:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:27 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
09:31 -!- Tobinski [~tobinski@x2f6062a.dyn.telefonica.de] has quit [Ping timeout: 248 seconds]
09:51 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
09:52 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
09:55 -!- yandoogle [~yandoogle@93-81-160-75.broadband.corbina.ru] has joined #openvpn
09:55 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
09:56 -!- yandoogle [~yandoogle@93-81-160-75.broadband.corbina.ru] has quit [Client Quit]
09:57 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 255 seconds]
09:58 -!- rich0_ is now known as rich0
10:19 -!- tar0__ [~taro@179.5.41.30] has joined #openvpn
10:19 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
10:21 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
10:22 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has quit [Remote host closed the connection]
10:35 -!- Tobinski [~tobinski@x2f6062a.dyn.telefonica.de] has joined #openvpn
10:48 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
10:50 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
11:39 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has left #openvpn ["bye"]
11:52 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
11:57 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
12:04 -!- Tobinski [~tobinski@x2f6062a.dyn.telefonica.de] has quit [Read error: Connection reset by peer]
12:11 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
12:18 -!- tristan_c [~tristan_c@81.141.91.188] has joined #openvpn
12:40 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
12:57 -!- vegardx [~vegardx@176.111.205.230] has quit [Ping timeout: 252 seconds]
13:28 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
14:01 -!- Tobinski [~tobinski@x2f6062a.dyn.telefonica.de] has joined #openvpn
14:01 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:37 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Quit: jthunder]
15:51 < deranged> (linux) can I make an interface that (in the end) actually ends up going through eth0 but have openvpn affect the routing of traffic only going out of that new interface?
15:51 < deranged> so that programs can choose to use that interface instead of eth0 and have their traffic VPNd
15:54 < deranged> or, is this already achieved but by routing rules I've put in place ~somewhere~ between server and client, it just shoves all of eth0 down the interface?
16:20 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
16:27 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
16:28 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
16:31 -!- u0m3 [~u0m3@92.80.85.34] has joined #openvpn
16:39 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 272 seconds]
16:54 -!- Fun [~Fun@unaffiliated/fun] has joined #openvpn
16:55 < Fun> :)
16:55 < Fun> hi
17:02 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 265 seconds]
17:02 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
17:18 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
17:52 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
17:54 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Client Quit]
18:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:04 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:05 -!- Fun [~Fun@unaffiliated/fun] has quit [Ping timeout: 252 seconds]
18:06 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
18:11 < raeflondon> deranged: Not sure I understand the question -- what's your end goal? To have certain programs use the VPN and certain programs use the physical interface directly?
18:21 < raeflondon> deranged: You should already have an interface that is automatically "VPNd" -- the tun/tap adapter you setup
18:37 -!- Tobinski [~tobinski@x2f6062a.dyn.telefonica.de] has quit [Quit: Leaving]
18:51 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:54 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
19:17 -!- abbe [having@badti.me] has quit [Read error: Connection reset by peer]
19:17 -!- abbe [having@badti.me] has joined #openvpn
19:24 -!- tar0__ [~taro@179.5.41.30] has quit [Remote host closed the connection]
19:24 -!- Fun [~Fun@unaffiliated/fun] has joined #openvpn
19:25 -!- sleepypc is now known as `hypermist`
19:29 -!- soLucien [~Lu@130.225.165.39] has quit [Ping timeout: 272 seconds]
20:09 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
20:22 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
20:27 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
20:27 -!- mode/#openvpn [+v RBecker] by ChanServ
20:29 -!- `hypermist` is now known as sleepypc
20:31 -!- sleepypc is now known as `hypermist`
20:37 -!- ybgd_ [~ybgd@unaffiliated/ybgd] has joined #openvpn
20:40 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 272 seconds]
21:02 -!- Fun [~Fun@unaffiliated/fun] has left #openvpn []
21:04 -!- ybgd_ [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 264 seconds]
21:12 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
21:15 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
21:20 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:24 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has joined #openvpn
21:34 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:38 -!- yeehi_ [~yeehi@unaffiliated/yeehi] has joined #openvpn
21:40 < yeehi_> Is there a free, public, test openvpn server? The link to the server at https://gw2.plugthis.in/ in the openvpn documentation here https://docs.openvpn.net/under-the-hood/openvpn-access-server-test-server/ does not work.
21:40 <@vpnHelper> Title: OpenVPN Access Server Test Server | Documentation (at docs.openvpn.net)
22:00 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has quit [Quit: Leaving]
22:06 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
22:31 -!- u0m3 [~u0m3@92.80.85.34] has quit [Ping timeout: 256 seconds]
22:48 -!- ybgd_ [~ybgd@unaffiliated/ybgd] has joined #openvpn
22:51 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 244 seconds]
23:11 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
23:12 -!- `hypermist` is now known as sleepypc
23:27 -!- zmachine [uid53369@gateway/web/irccloud.com/x-vrombsurbjgxgftx] has joined #openvpn
23:40 -!- ShadniX [dagger@p57941E85.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:41 -!- ShadniX [dagger@p5DDFC054.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Apr 06 2015
00:25 -!- yeehi_ [~yeehi@unaffiliated/yeehi] has quit [Ping timeout: 264 seconds]
00:27 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 248 seconds]
00:30 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
00:47 -!- McJuicy [~McJuicy@c-73-189-29-80.hsd1.ca.comcast.net] has joined #openvpn
01:50 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
02:03 -!- ybgd` [~ybgd@unaffiliated/ybgd] has joined #openvpn
02:05 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
02:06 -!- ybgd_ [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 244 seconds]
02:08 -!- ybgd` [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 264 seconds]
02:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
02:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
02:39 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
02:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:53 -!- lfx [~lfx@self-aware.evilmachines.net] has joined #openvpn
02:56 -!- zmachine [uid53369@gateway/web/irccloud.com/x-vrombsurbjgxgftx] has quit [Quit: Connection closed for inactivity]
02:57 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Read error: Connection reset by peer]
02:57 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
03:11 -!- havingFun is now known as xrosnight
03:30 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 264 seconds]
03:43 -!- northway [~noway@port-20515.pppoe.wtnet.de] has joined #openvpn
03:57 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:58 -!- northway [~noway@port-20515.pppoe.wtnet.de] has quit [Quit: Leaving]
04:02 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 252 seconds]
04:19 -!- McJuicy [~McJuicy@c-73-189-29-80.hsd1.ca.comcast.net] has quit [Quit: This computer has gone to sleep]
04:44 -!- tristan_c [~tristan_c@81.141.91.188] has quit [Ping timeout: 252 seconds]
04:52 -!- tristan_c [~tristan_c@5.80.230.248] has joined #openvpn
04:57 -!- sleepypc is now known as `hypermist`
05:02 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:37 -!- tristan_c [~tristan_c@5.80.230.248] has quit [Ping timeout: 246 seconds]
05:43 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 255 seconds]
06:08 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 244 seconds]
06:09 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:11 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
06:19 -!- tristan_c [~tristan_c@5.80.230.248] has joined #openvpn
06:19 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
06:29 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
06:38 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
07:00 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
07:02 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 245 seconds]
07:08 -!- Reaperblade [~Reaperbla@120.146.30.6] has joined #openvpn
07:11 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:30 -!- rika [rika@trivialand/guesser/rika] has quit [Quit: oO]
07:31 -!- rika [rika@trivialand/guesser/rika] has joined #openvpn
07:31 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 245 seconds]
07:39 -!- `hypermist` is now known as sleepypc
07:39 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:44 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
07:45 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
07:56 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has joined #openvpn
08:01 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
08:01 -!- Reaperblade [~Reaperbla@120.146.30.6] has quit [Remote host closed the connection]
08:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:13 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 246 seconds]
08:17 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
08:19 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 245 seconds]
08:20 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
08:22 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
08:30 -!- yeehi [~yeehi@unaffiliated/yeehi] has joined #openvpn
08:46 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
08:53 -!- Netsplit *.net <-> *.split quits: SupaYoshi, Left_Turn, ratsupremacy, +hazardous, chocolate, varesa, Mike--, early, AsadH, funnel,  (+49 more, use /NETSPLIT to show all of them)
08:53 -!- Netsplit over, joins: Brando753
08:53 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
08:54 -!- Netsplit over, joins: jgeboski
08:54 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Quit: There is no knowledge that is not power.]
08:55 -!- Netsplit over, joins: JackWinter
08:55 -!- MalMen [~MalMen@xmr.link] has quit [Remote host closed the connection]
08:55 -!- Netsplit over, joins: ngharo, lev__, john-soda, MrSavage, abbe, Mike--, chocolate, zoredache, _0x5eb_, Kim^J (+11 more)
08:56 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
08:56 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
08:56 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
08:56 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
08:56 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
08:56 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
08:56 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
08:56 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
08:56 -!- ServerMode/#openvpn [+v hazardous] by barjavel.freenode.net
08:56 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:56 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
08:57 -!- MalMen [~MalMen@xmr.link] has joined #openvpn
08:58 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
08:58 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
08:58 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
08:58 -!- danrogl [~d.park@94.31.52.82] has joined #openvpn
08:58 -!- krphop [~krphop@watch.out.the.feds.are.rightbehind.us] has joined #openvpn
08:58 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
08:58 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
08:58 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
08:58 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
08:58 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
08:58 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
08:58 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
08:58 -!- awk [~awk@alpha.security.web.za] has joined #openvpn
08:58 -!- doop [~doop@colostomy.club] has joined #openvpn
08:58 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
08:58 -!- ServerMode/#openvpn [+oo raidz vpnHelper] by barjavel.freenode.net
08:58 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
08:58 -!- lfx [~lfx@self-aware.evilmachines.net] has joined #openvpn
08:58 -!- seg [~seg@fsf/member/seg] has joined #openvpn
08:58 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
08:58 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
08:58 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
08:58 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has joined #openvpn
08:58 -!- ender| [krneki@foo.eternallybored.org] has joined #openvpn
08:59 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
09:00 -!- Netsplit *.net <-> *.split quits: early, kossy, lbft
09:01 -!- Netsplit over, joins: lbft, early
09:02 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
09:07 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
09:07 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has joined #openvpn
09:09 -!- thiras [~Thiras@unaffiliated/thiras] has joined #openvpn
09:09 < thiras> hello
09:09 < thiras> i have a urgent problem
09:10 < thiras> turkey has just blocked twitter facebook youtube
09:10 < thiras> so i decided to run my own openvpn server
09:10 < thiras> but windows client doesn't tunnel all the trafic some how
09:11 < thiras> push "redirect-gateway def1 bypass-dhcp"
09:11 < thiras> push "route 192.168.88.1 255.255.255.0"
09:11 < thiras> push "dhcp-option DNS 8.8.8.8"
09:11 < thiras> push "dhcp-option DNS 8.8.4.4"
09:11 < thiras> i've add those lines into my server config but still no total tunneling on windows
09:14 < cagedwisdom> im also having massive problems with client side routing on fedora 20. here are my config files: http://www.pastekit.com/#!ViewPage;hash=kRgRzY
09:15 < thiras> my config files https://stavrovski.net/blog/how-to-install-and-set-up-openvpn-in-debian-7-wheezy
09:15 <@vpnHelper> Title: How to install and set-up OpenVPN in Debian 7 (Wheezy) | Stavrovski.Net (at stavrovski.net)
09:15 < thiras> exaclty the same
09:17 < DArqueBishop> !blog
09:17 <@vpnHelper> "blog" is Do not follow blog posts for openvpn. They are wrong, they are old, they are written by fools. We won't read them, or troubleshoot them.
09:17 < DArqueBishop> !howto
09:17 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
09:19 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
09:19 < cagedwisdom> DArqueBishop, can you help me figure out whats wrong with my routing?
09:19 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
09:20 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Client Quit]
09:21 < thiras> DArqueBishop, no time to read all documantation
09:22 < thiras> we lost all social medias right now
09:22 < thiras> it's emergency
09:22 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
09:23 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Client Quit]
09:24 < DArqueBishop> cagedwisdom: define "massive problems".
09:25 < cagedwisdom> DArqueBishop, well basically after the tunnel goes up I dont have any internet until after I kill the openvpn client
09:25 < DArqueBishop> Do you have IP forwarding enabled on the server?
09:25 < cagedwisdom> yep pretty sure but ill just double check now
09:25 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
09:25 < DArqueBishop> Also, do you have NAT set up on the server?
09:26 < cagedwisdom> yes to forwarding, no to NAT
09:26 < cagedwisdom> i didn;t think i would need NAT
09:26 < DArqueBishop> That's probably your problem.
09:27 < DArqueBishop> cagedwisdom: http://openvpn.net/index.php/open-source/documentation/howto.html#redirect
09:27 <@vpnHelper> Title: HOWTO (at openvpn.net)
09:27 < DArqueBishop> That gives sample iptables rules that you can use to get going.
09:28 < DArqueBishop> Essentially, while IP forwarding does need to be enabled, the iptables rules need to be in place so that the server knows how to properly forward and handle the packets from the VPN to the internet (and vice versa).
09:29 < cagedwisdom> okay testing
09:29 < cagedwisdom> brb
09:29 -!- yeehi [~yeehi@unaffiliated/yeehi] has quit [Ping timeout: 272 seconds]
09:31 < cagedwisdom> it didnt work :(
09:32 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
09:32 < cagedwisdom> im on a wireless connection but my vpn server isn't on the same network, so I have left out the "local" directive in my config
09:33 < cagedwisdom> DArqueBishop, any other thoughts?
09:33 < DArqueBishop> Hrm.
09:33 < DArqueBishop> !logs
09:33 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
09:35 < thiras> DArqueBishop, i've added redirect line to my client
09:35 < cagedwisdom> ok redoing with verb 4
09:36 < thiras> it's still not tunnelling
09:36 < thiras> is there a bug recent version of openvpn?
09:36 < DArqueBishop> thiras: redirect-gateway does nothing on the client, as it's a server-only directive.
09:37 < thiras> DArqueBishop, ok it's in server config too
09:37 < thiras> windows client has admin rights
09:38 < thiras> and windows log clean
09:39 < cagedwisdom> DArqueBishop, here it is: http://www.pastekit.com/#!ViewPage;hash=kR42JJ ( Server reports nothing in logfile at verb=4)
09:39 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
09:40 -!- tristan_c [~tristan_c@5.80.230.248] has joined #openvpn
09:42 < cagedwisdom> im just gonna try a smaller mss brb
09:43 < cagedwisdom> nup
09:48 < thiras> ah this is unbelivable
09:52 < thiras> aha i found the error
09:53 < thiras> windows client; ERROR: Windows route add command faild [adaptive]: returned error code 1
10:23 -!- zmachine [uid53369@gateway/web/irccloud.com/x-yonqgwsvqmciakou] has joined #openvpn
10:32 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
11:03 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has quit [Remote host closed the connection]
11:21 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 256 seconds]
11:32 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has quit [Quit: Leaving]
11:43 -!- yeehi [~yeehi@unaffiliated/yeehi] has joined #openvpn
11:44 <@krzee> damn, turkey has implimented a country firewall for social media now
11:44 <@krzee> i guess we'll be getting an influx of people in need of !obfs
11:44 <@krzee> thiras,
11:44 <@krzee> !winroute
11:44 <@vpnHelper> "winroute" is (#1) in windows if the route cannot be added, try route-method exe in your config file or (#2) many users also report it helps to add route-delay to give the interface extra time to get up or (#3) you may need to turn off routing and remote acess in administrative tools - routing and remote access or (#4) make sure you are running openvpn as admin or (#5) you might also want to see that
11:44 <@vpnHelper> and use trial and error with these solutions: http://openvpn.net/index.php/open-source/faq/79-client/259-tap-win32-adapter-is-not-coming-up-qinitialization-sequence-completed-with-errorsq.html
11:45 < rob0> saw one already, I think in #openvpn-as
11:45 <@krzee> i'll try to make time to be around more… i hate those country firewalls
11:45 < thiras> thank you krzee checking
11:47 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
11:48 < thiras> it's intresting i've never had this problem before
11:48 < thiras> krzee, something changed at new version?
11:49 <@krzee> not that i know of, but tbh i dont use windows
11:49 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:49 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 272 seconds]
11:54 < thiras> still not working :/
11:55 <@krzee> thiras,
11:55 <@krzee> !logs
11:55 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:55 <@krzee> just the side with the error, and verb 4 is fine
11:58 < thiras> krzee, http://fpaste.org/207650/83394991/
11:58 < thiras> sorry not verb 4
11:59 <@krzee> …ill wait
12:00 < thiras> krzee, http://fpaste.org/207651/39612142/
12:00 < thiras> this is client
12:00 < thiras> server is coming
12:01 <@krzee> ok so whats the problem?
12:01 <@krzee> looks fine to me...
12:01 < thiras> yeah but client is tunnelling all the connectiong
12:01 <@krzee> ya, thats what redirect-gateway does dude
12:01 < thiras> is not*
12:02 < thiras> i should drop irc connections
12:02 < thiras> it*
12:02 < thiras> but it didn't disconnect as you can see
12:02 <@krzee> does www.secure-computing.net/ip.php show your ip or your openvpn server ip?
12:02 < thiras> vpn's ip
12:02 < thiras> but then how irc works with the same ip?
12:03 <@krzee> reconnect to irc
12:03 < thiras> yes of course it's a way
12:03 < thiras> but it should drop
12:03 < thiras> it
12:03 < thiras> right?
12:04 <@krzee> depends on your os
12:04 <@krzee> not openvpn's job ;]
12:05 < thiras> it's weird because older versions of openvpn does that
12:06 < thiras> logically how can work with isp ip's when the real network adaptor tunneled to vpn
12:06 <@krzee> the connection is alive, your os may keep it going along the old orute
12:06 <@krzee> route*
12:06 <@krzee> totally not openvpn's job. thats up to your OS
12:07 <@krzee> openvpn just passes packets to and from a tap device, it does not replace how your OS handles routing :-p
12:07 <@krzee> tun/tap
12:08 < thiras> uhm ok thanks
12:08 <@krzee> in unix id tell you to just configure your firewall to do whatever you want
12:09 <@krzee> including killing those connections, initiated by openvpn with --up script if desired
12:09 <@krzee> but i dunno how to do that stuff in windows
12:15 -!- tristan_c [~tristan_c@5.80.230.248] has quit []
12:21 -!- sieve [~Adium@95.90.237.206] has joined #openvpn
12:27 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
12:27 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 244 seconds]
12:29 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
12:30 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 265 seconds]
12:32 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 272 seconds]
12:55 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Quit: x]
12:55 -!- sieve [~Adium@95.90.237.206] has quit [Ping timeout: 252 seconds]
12:55 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
12:59 -!- sieve [~Adium@95.90.237.206] has joined #openvpn
12:59 < sieve> Hello, I have set up openvpn on an AWS instance but I am finding the performance is very very low
13:00 < sieve> to the point where there must be packet loss somewhere.
13:00 < sieve> Its on Centos and the internet performance is terrible.
13:01 < sieve> That is, using the VPN as a gateway
13:02 < sieve> I am wondering if there is something funny with the routing
13:02 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
13:02 <@krzee> !speed
13:02 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
13:02 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or (#9) a
13:02 <@vpnHelper> user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
13:06 < sieve> krzee: nah, this routing is borked
13:07 < sieve> Whilst the client is up on my macbook here I seemingly cannot connect to a lot of the internet
13:07 < sieve> but my default route is set to that of my local router
13:08 < sieve> krzee: although ping always works....
13:08 < sieve> krzee: mtu...
13:13 < sieve> Just having the vpn connected seems to break the internet even though my routing table is not putting anything through the connection...
13:19 < Thermi> sieve: You ISP is a dickhead. Get your internet connection from some other company.
13:21 < sieve> Thermi: I wholeheartedly agree with that statement
13:21 < sieve> Thermi: but why?
13:21 < Thermi> Sometimes dicks are dicks.
13:21 < sieve> Strangely my internet connection only has an ipv6 address
13:21 < Thermi> You might want to try setting the destination port to port 443 tcp
13:21 < Thermi> to fool them
13:22 < sieve> Thermi: The vpn connection works. It is just broken in some way
13:22 < Thermi> Yes. Make them think it's HTTPS.
13:24 < sieve> Thermi: Im not sure its that
13:24 < sieve> I can only send frames with a max size of 1432
13:24 < Thermi> That is normal.
13:24 < Thermi> Maybe you should adjust your mtu settings then.
13:25 < sieve> 1472 is more traditional no?
13:25 < Thermi> I suspect your carrier employs dsl-lite
13:25 < Thermi> Sorry, dslite
13:26 -!- zmachine [uid53369@gateway/web/irccloud.com/x-yonqgwsvqmciakou] has quit [Quit: Connection closed for inactivity]
13:27 < sieve> Thermi: yes
13:27 < sieve> Thermi: it seems to suck quite badly
13:31 -!- sieve [~Adium@95.90.237.206] has quit [Read error: Connection reset by peer]
13:31 -!- niseak [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has joined #openvpn
13:41 -!- sieve [~Adium@95.90.237.206] has joined #openvpn
13:50 -!- sieve [~Adium@95.90.237.206] has quit [Ping timeout: 250 seconds]
14:35 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 264 seconds]
14:35 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
14:53 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:01 -!- sieve [~Adium@ec2-52-4-125-115.compute-1.amazonaws.com] has joined #openvpn
15:01 < sieve> Im finding that openvpn is setting up a route of 0/1 rather than 0/0
15:02 < sieve> I cant find anything in the config that does this
15:02 < sieve> I have the redirect-gateway option in my client config
15:04 < rob0> !def1
15:04 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
15:05 < sieve> rob0: I am very confused why it is setting up 0/1
15:05 < sieve> rob0: this is like half the internet right?
15:07 < rob0> correct
15:07 < rob0> it's also setting 128/1
15:07 < rob0> (that's the other half)
15:09 < sieve> rob0: oh......
15:09 < sieve> rob0: I see that its not setting 128/1
15:13 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
15:14 < moviuro> Hi all! can I redirect all my traffic through openvpn except one host (and the LAN)?
15:14 < moviuro> I'm reading --redirect-gateway ATM, but don't see anything like 'except'
15:24 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
15:25 -!- sieve [~Adium@ec2-52-4-125-115.compute-1.amazonaws.com] has quit [Read error: Connection reset by peer]
15:28 -!- sieve [~Adium@ec2-52-4-125-115.compute-1.amazonaws.com] has joined #openvpn
15:33 < moviuro> OK, I'm getting there, using the 'route' instruction
15:39 < moviuro> yeah ! done !
15:47 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has left #openvpn ["Konversation terminated!"]
15:50 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
16:28 -!- sieve [~Adium@ec2-52-4-125-115.compute-1.amazonaws.com] has quit [Read error: Connection reset by peer]
16:32 -!- sieve [~Adium@ec2-52-4-125-115.compute-1.amazonaws.com] has joined #openvpn
16:57 -!- sieve [~Adium@ec2-52-4-125-115.compute-1.amazonaws.com] has quit [Quit: Leaving.]
16:58 -!- sieve [~Adium@95.90.237.206] has joined #openvpn
17:02 -!- sieve [~Adium@95.90.237.206] has quit [Ping timeout: 248 seconds]
17:06 -!- niseak [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has quit [Quit: Leaving...]
17:23 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
17:48 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:11 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
18:41 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has quit [Quit: Leaving.]
19:35 -!- sleepypc is now known as `hypermist`
20:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
20:40 -!- thiras [~Thiras@unaffiliated/thiras] has quit [Ping timeout: 252 seconds]
20:42 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 248 seconds]
20:43 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 252 seconds]
20:46 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
20:47 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
21:37 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 245 seconds]
21:43 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
21:47 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
22:06 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
22:28 <@krzee> <sieve> krzee: nah, this routing is borked   <sieve> krzee: although ping always works....
22:28 <@krzee> lol lol
22:28 <@krzee> that's sad and funny
22:32 -!- Blanc [~Blanc@irc.dagon.me] has joined #openvpn
22:32 < Blanc> can't start on centos 7, getting the "Failed to start openvpn robust and highly flexible tunneling application on server"
22:37 <@krzee> openvpn doesnt say that
22:37 <@krzee> try starting openvpn, instead of your os startup scripts doing it
22:37 < Blanc> oh how do I directly start it? the tutorial I went through was OS based I think
22:37 <@krzee> hint: service openvpn start is NOT you starting openvpn, its you asking your OS to do it
22:37 <@krzee> with the openvpn command!
22:38 <@krzee> !man
22:38 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
22:38 <@krzee> !--
22:38 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
22:38 < Blanc> so.... "openvpn config"
22:38 <@krzee> if your config has every option, then its simple openvpn /path/to/config
22:38 <@krzee> simply*
22:38 < Blanc> ran it, no output
22:39 < Blanc> is there supposed to be?
22:39 <@krzee> depends on the config
22:39 <@krzee> you must be starting it with --daemon, so output goes to the log
22:39  * esde passes krzee a tall beer in a frosty mug
22:39 <@krzee> before you go ANY further, you need to do something important
22:39 < Blanc> openvpn isn't showing in htop
22:39 <@krzee> go to the manual and read EVERY config option from both your configs
22:40 <@krzee> !beer
22:40 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
22:40 <+esde> !krzee
22:40 <@vpnHelper> "krzee" is (#1) krzee says happy 4/20 or (#2) http://www.ircpimps.org/pics/krzee/blunt.jpg or (#3) location: moon base where he smokes moonajuana or (#4) takes bonghits on the freeswitch teleconference
22:40 <@krzee> esde, thanks thats a great idea!  im going to have my girlfriend carry out your idea!
22:40 <+esde> i want some mooonajuana
22:41 <@krzee> im puffing some killer hash :)
22:41 < Blanc> I'm just really really confused
22:41 <+esde> !howto
22:41 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
22:41 <@krzee> !logfile
22:41 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
22:42 <@krzee> !walkthrough
22:42 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
22:42 < Blanc> http://t.dagon.me/2322b13b2b.coffee
22:42 <@vpnHelper> Title: hastebin (at t.dagon.me)
22:42 -!- yeehi [~yeehi@unaffiliated/yeehi] has quit [Quit: Leaving]
22:43 <@krzee> you dont have tuntap in your kernel
22:43 <@krzee> this is a VPS im guessing?
22:43 < Blanc> yes
22:43 < Blanc> tuntap is enabled doe
22:43 <@krzee> no, its not.
22:43 <@krzee> you can try loading the kernel module
22:43 <@krzee> or whatev
22:43 < Blanc> I shall verify its enabled
22:43 <@krzee> what type of VPS? im guessing openvz?
22:43 < Blanc> yes
22:44 <@krzee> !openvz
22:44 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
23:09 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:12 -!- james41382 [~james4138@unaffiliated/james41382] has left #openvpn []
23:30 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
23:35 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
23:38 -!- ShadniX [dagger@p5DDFC054.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:40 -!- ShadniX [dagger@p5DDFC802.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Tue Apr 07 2015
00:30 -!- Blanc is now known as Blanc|AFK
00:49 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
01:00 -!- sieve [~Adium@95.90.237.206] has joined #openvpn
01:14 -!- Tobinski [~tobinski@x2f5e384.dyn.telefonica.de] has joined #openvpn
01:20 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:32 -!- sieve [~Adium@95.90.237.206] has quit [Quit: Leaving.]
01:42 -!- sieve [~Adium@95.90.237.206] has joined #openvpn
01:50 -!- mattock_afk is now known as mattock
02:32 -!- Blanc|AFK [~Blanc@irc.dagon.me] has quit [Ping timeout: 245 seconds]
02:35 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 252 seconds]
02:36 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:57 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
02:58 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:24 -!- sieve [~Adium@95.90.237.206] has quit [Quit: Leaving.]
03:43 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 264 seconds]
03:43 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 256 seconds]
03:46 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
03:48 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
04:38 -!- thiras [~Thiras@unaffiliated/thiras] has joined #openvpn
04:41 < Exagone313> hi, i've a problem, when I am connected to my server, nothing is routed, and I can't ping any local address
04:42 < Exagone313> it's a tap server
04:52 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
05:13 -!- thiras [~Thiras@unaffiliated/thiras] has left #openvpn ["Leaving"]
06:08 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
06:24 -!- sieve [~Adium@95.90.237.206] has joined #openvpn
06:28 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Read error: Connection reset by peer]
06:31 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
06:31 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has joined #openvpn
06:52 -!- `hypermist` is now known as sleepypc
06:53 -!- Latrina [~Latrina@ppp-213-55.26-151.libero.it] has quit [Ping timeout: 265 seconds]
06:55 -!- Latrina [~Latrina@adsl-ull-207-210.50-151.net24.it] has joined #openvpn
07:02 -!- Samouy [~sam@2001:67c:1350:106::16] has joined #openvpn
07:02 < Samouy> hello there I have this weird message , " Authenticate/Decrypt packet error: bad packet ID" ... Where does it come from ? thanks :-)
07:07 -!- magnulu [~magnulu@46.246.20.3] has joined #openvpn
07:11 <+esde> From openvpn
07:15 -!- Samouy [~sam@2001:67c:1350:106::16] has quit [Ping timeout: 250 seconds]
07:16 -!- Samouy [~sam@2001:67c:1350:100::11] has joined #openvpn
07:33 -!- benoliver999 [~ben@ben.baconseed.org] has left #openvpn ["WeeChat 1.1.1"]
07:33 -!- sleepypc is now known as `hypermist`
07:47 -!- Samouy [~sam@2001:67c:1350:100::11] has quit [Ping timeout: 250 seconds]
08:08 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:20 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:25 < Exagone313> Hi, I've a problem, when I am connected to my tap server, nothing is routed, and I can't ping any local address. What can I do?
08:33 <+esde> !tunortap
08:33 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
08:33 <@vpnHelper> rooted/jailbroken) support only tun
08:36 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
08:40 < SpInNeR> !wins
08:40 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba
08:46 <@krzee> Exagone313,
08:46 <@krzee> !goal
08:46 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
08:47 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
08:51 -!- magnulu [~magnulu@46.246.20.3] has quit [Ping timeout: 272 seconds]
08:53 -!- magnulu [~magnulu@46.246.20.2] has joined #openvpn
09:05 -!- hojgaard [~dh@78.156.117.236] has quit [Ping timeout: 240 seconds]
09:06 -!- sieve [~Adium@95.90.237.206] has quit [Quit: Leaving.]
09:07 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
09:11 -!- mattock is now known as mattock_afk
09:12 -!- soLucien [~Lu@178.62.252.248] has quit [Disconnected by services]
09:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:18 -!- magnulu [~magnulu@46.246.20.2] has quit [Ping timeout: 264 seconds]
09:19 -!- ifonly [~ifonly@unaffiliated/ifonly] has joined #openvpn
09:19 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Quit: There is no knowledge that is not power.]
09:25 -!- magnulu [~magnulu@46.246.20.2] has joined #openvpn
09:30 -!- deranged [Bit@lolnerd.net] has joined #openvpn
09:32 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
09:36 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
09:37 -!- deranged [Bit@lolnerd.net] has joined #openvpn
10:20 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
10:27 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
10:42 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
10:46 -!- Blanc [~Blanc@irc.dagon.me] has joined #openvpn
11:07 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has joined #openvpn
11:14 -!- alefauch [~alefauch@lulzbox.fr] has joined #openvpn
11:15 < vaskozl> Hey I've been spending the last day trying to configure things and am stuck with the error not being able to connect, giving me TLS handshake failed.. Could someone please assist?
11:15 < vaskozl> Server conf: http://sprunge.us/aDUi
11:16 < vaskozl> Client conf: http://sprunge.us/YiEZ
11:16 < vaskozl> Server output: http://sprunge.us/CThh
11:16 < vaskozl> Client output: http://sprunge.us/bKbe
11:16 < vaskozl> Client app addr show: http://sprunge.us/UffS
11:17 -!- u0m3 [~u0m3@92.80.85.34] has joined #openvpn
11:17 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
11:17 -!- mode/#openvpn [+v s7r] by ChanServ
11:19 < vaskozl> I really don't know what to do from now on, I've read many wiki's and articles... This is actually my second attempt after starting clean following another tutorial..
11:23 < vaskozl> I'm somewhat desperate at this point :/
11:36 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:46 < Eugene> vaskozl - you're using proto tcp on the server, and proto udp on the client.
11:49 -!- u0m3 [~u0m3@92.80.85.34] has quit [Read error: Connection reset by peer]
11:50 < vaskozl> Eugene: holy fuck, I can't believe I'm so fucking blind
11:51 < vaskozl> that was it, works perfect now
11:51 < Eugene> !next
11:51 < vaskozl> thank you so much
11:51 < Eugene> Hrm, wrong bot.
11:51 < Eugene> Sometimes a second pair of eyes is all that's needed
11:51 < Eugene> You're very welcome
12:07 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has quit [Ping timeout: 256 seconds]
12:09 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has joined #openvpn
12:09 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has quit [Read error: Connection reset by peer]
12:12 -!- sieve [~Adium@46.115.10.35] has joined #openvpn
12:14 -!- u0m3 [~u0m3@92.80.85.34] has joined #openvpn
12:22 -!- sieve [~Adium@46.115.10.35] has quit [Quit: Leaving.]
12:52 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
13:02 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
13:05 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 264 seconds]
13:12 -!- sieve [~Adium@95.90.237.206] has joined #openvpn
13:16 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
13:16 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
13:44 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 256 seconds]
13:52 -!- ifonly [~ifonly@unaffiliated/ifonly] has left #openvpn ["Leaving"]
13:56 < Exagone313> krzee: i want the third
13:56 < Exagone313> not third
13:56 < Exagone313> the three*
13:58 -!- niseak_ [~niseak@162.222.47.218] has joined #openvpn
14:02 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 245 seconds]
14:03 -!- niseak_ [~niseak@162.222.47.218] has quit [Client Quit]
14:04 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
14:04 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
14:07 < Exagone313> Helo again, I created a vpn to route internet traffic, but nothing is routed when I'm connected, and I can't ping my own local ip address. What can I do?
14:10 < Exagone313> I think the problem is due to a bad configuration in /etc/network/interfaces http://pastie.org/10078894
14:10 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
14:12 < Exagone313> my server config http://ewd.xyz/xGpEAddoyorViPI
14:12 <@vpnHelper> Title: Elouworld File (at ewd.xyz)
14:15 < Exagone313> Also: http://pastie.org/10078912
14:26 -!- niseak [~niseak@162.222.47.218] has quit [Remote host closed the connection]
14:26 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
14:38 -!- u0m3 [~u0m3@92.80.85.34] has quit [Ping timeout: 252 seconds]
14:45 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 256 seconds]
14:47 < dupondje> Some small question. I'm using a VPN tunnel to be able to connect to my pc @ work; Now when connected with the first tunnel, I connect with a second tunnel which is served by my local computer @ work. Now everything seems to work fine. But somehow SOME connections are crazy slow
14:47 < dupondje> slow to establish, but once running they are fine :s. Any idea's?
14:54 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 252 seconds]
15:00 < Exagone313> what is the best forum to ask for openvpn help?
15:00 < Exagone313> i asked for help multiple times and multiple days and I have nothing
15:04 < DArqueBishop> Exagone313, first suggestion: use tun, not tap.
15:04 < Exagone313> I just have to use dev tun and not dev tap, or something more?
15:05 < DArqueBishop> Well, you need to reconfigure your setup for tun, but in the end it'll be a less complex and more functional setup.
15:07 < Exagone313> what do I need to do?
15:07 < DArqueBishop> Also, make sure you've read this and followed all the steps in it:
15:07 < DArqueBishop> http://openvpn.net/index.php/open-source/documentation/howto.html#redirect
15:07 <@vpnHelper> Title: HOWTO (at openvpn.net)
15:09 < Exagone313> i don't understand this documentation sorry
15:10 < Exagone313> lol
15:12 < Exagone313> def1 is my br0 interface?
15:12 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
15:12 < Exagone313> or em1?
15:14 < Exagone313> DArqueBishop: I don't know what to remove and what to add exactly
15:22 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 252 seconds]
15:27 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
15:32 -!- anthony25 [~anthony25@aruhier.fr] has quit [Quit: Quitte]
15:35 -!- anthony25 [~anthony25@aruhier.fr] has joined #openvpn
15:35 < Exagone313> same problem with tap http://ewd.xyz/UKRkHfWMkCG2CAc
15:35 <@vpnHelper> Title: Elouworld File (at ewd.xyz)
15:36 < Exagone313> tun*
15:39 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:42 < Exagone313> or a simple thing, can you give me a configuration (server.conf + /etc/network/interfaces) that works, so I can work with this? thanks
15:42 -!- sieve [~Adium@95.90.237.206] has quit [Ping timeout: 255 seconds]
15:51 -!- Tobinski [~tobinski@x2f5e384.dyn.telefonica.de] has quit [Quit: Leaving]
15:55 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
15:57 -!- danrogl [~d.park@94.31.52.82] has quit [Ping timeout: 255 seconds]
16:07 -!- rika is now known as crika
16:11 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has joined #openvpn
16:22 -!- anthony25 [~anthony25@aruhier.fr] has quit [Quit: Quitte]
16:30 -!- SpInNeR [~BiTchX@185.37-191-130.fiber.lynet.no] has left #openvpn ["Closing Window"]
16:39 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
16:47 -!- crika is now known as rika
16:50 -!- zmachine [uid53369@gateway/web/irccloud.com/x-vpzrtksqxzsnyrqi] has joined #openvpn
16:58 -!- anthony25 [~anthony25@irc.aruhier.fr] has joined #openvpn
16:59 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:00 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
17:00 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
17:02 -!- niseak [~niseak@162.222.47.218] has quit [Quit: Leaving...]
17:11 -!- grassass [grass@gateway/vpn/mullvad/x-mzmhrblkgdtzwwfj] has joined #openvpn
17:12 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 250 seconds]
17:16 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
17:18 -!- anthony25 [~anthony25@irc.aruhier.fr] has quit [Quit: Quitte]
17:22 -!- anthony25 [~anthony25@2001:bc8:397f:100:b:1:0:107] has joined #openvpn
17:22 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
17:24 -!- anthony25 [~anthony25@2001:bc8:397f:100:b:1:0:107] has quit [Client Quit]
17:25 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Client Quit]
17:25 -!- anthony25 [~anthony25@irc.aruhier.fr] has joined #openvpn
17:30 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
17:41 -!- anthony25 [~anthony25@irc.aruhier.fr] has quit [Ping timeout: 252 seconds]
17:42 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
17:49 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
17:51 -!- grassass [grass@gateway/vpn/mullvad/x-mzmhrblkgdtzwwfj] has quit [Ping timeout: 245 seconds]
18:07 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 256 seconds]
18:11 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
18:11 -!- mode/#openvpn [+o syzzer] by ChanServ
18:25 -!- rinzes [~dutch@45.55.146.57] has joined #openvpn
18:29 < rinzes> I installed Openvpn 2.0.12 on Amazon cloud following the openvpn guide. When I do a connectivity test I get "Could not connect to the test server on the Internet." I'm a newbie to all this and I do not understand what the problem might be
18:29 < rinzes> no firewall installed at this point
18:29 < pekster> Either that's not OpenVPN (as our /TOPIC will explain) or you're using a version that's enormously out of date
18:29 < pekster> !as
18:29 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
18:29 < pekster> For the open-source OpenVPN product, you want:
18:29 < pekster> !download
18:29 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
18:35 -!- rinzes [~dutch@45.55.146.57] has left #openvpn ["Leaving"]
18:46 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:48 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
18:49 -!- james41382 [~james4138@unaffiliated/james41382] has left #openvpn []
18:49 -!- Pursuit [~Pursuit@cpe-104-35-53-192.socal.res.rr.com] has joined #openvpn
18:57 < Pursuit> is it possible to connect to multiple remote peers in p2p mode?
19:04 < pekster> Only with multiple instances
19:04 < pekster> p2p: one peer, connecting to one other peer
19:08 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:12 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
19:12 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
19:12 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Client Quit]
19:14 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 250 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:38 -!- u0m3 [~u0m3@92.80.85.34] has joined #openvpn
20:06 -!- zmachine [uid53369@gateway/web/irccloud.com/x-vpzrtksqxzsnyrqi] has quit [Quit: Connection closed for inactivity]
20:49 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
20:49 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Client Quit]
20:51 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
20:52 -!- james41382 [~james4138@unaffiliated/james41382] has left #openvpn []
20:59 -!- abbe_ [having@badti.me] has joined #openvpn
21:00 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 265 seconds]
21:00 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
21:01 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Ping timeout: 265 seconds]
21:01 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 265 seconds]
21:02 -!- abbe [having@badti.me] has quit [Ping timeout: 265 seconds]
21:02 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 265 seconds]
21:02 -!- kef [~kef@matrix.fullmotion.de] has quit [Ping timeout: 265 seconds]
21:03 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
21:05 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
21:07 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
21:08 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
21:08 -!- u0m3 [~u0m3@92.80.85.34] has quit [Ping timeout: 250 seconds]
21:09 -!- abbe_ is now known as abbe
21:25 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 248 seconds]
21:25 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
21:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
21:37 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 244 seconds]
21:37 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
21:40 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
21:45 -!- Blanc is now known as Blanc|AFK
21:52 -!- kef [~kef@matrix.fullmotion.de] has joined #openvpn
21:53 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:54 -!- james41382 [~james4138@unaffiliated/james41382] has left #openvpn []
21:59 -!- Malsasa [~Malsasa@36.81.177.250] has joined #openvpn
22:06 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 245 seconds]
22:14 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
22:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:22 < cagedwisdom> halp, I can't figure out what's wrong with my config: http://www.pastekit.com/#!ViewPage;hash=kRgRzY  Client side routing is totally not working
22:22 < cagedwisdom> I have ipfwding and NAT enabled on server
22:22 -!- Malsasa [~Malsasa@36.81.177.250] has quit [Read error: Connection reset by peer]
22:24 < cagedwisdom> This is my client side log at verb=4 http://www.pastekit.com/#!ViewPage;hash=kR42JJ  ...nothing in the server log
22:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:05 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
23:07 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:13 -!- chocolate [~chocolate@187.181.101.220] has quit [Ping timeout: 265 seconds]
23:23 -!- chocolate [~chocolate@187.181.101.220] has joined #openvpn
23:38 -!- ShadniX [dagger@p5DDFC802.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:40 -!- ShadniX [dagger@p5DDFE6CD.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Wed Apr 08 2015
00:04 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
00:19 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 252 seconds]
00:45 -!- mattock_afk is now known as mattock
01:08 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
01:15 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:51 -!- `hypermist` is now known as sleepypc
01:56 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
02:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Remote host closed the connection]
02:23 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:27 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
02:45 -!- hojgaard [~dh@78.156.117.236] has quit [Remote host closed the connection]
03:03 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Ping timeout: 252 seconds]
03:05 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
03:06 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
03:11 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
03:16 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
03:52 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 245 seconds]
03:57 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
04:04 -!- sleepypc is now known as `hypermist`
04:10 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Read error: Connection reset by peer]
04:15 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
04:16 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
04:18 -!- Blanc|AFK [~Blanc@irc.dagon.me] has quit [Ping timeout: 245 seconds]
04:18 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
04:38 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:04 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has quit [Ping timeout: 256 seconds]
05:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
05:06 -!- bandroidx [~bandroidx@unaffiliated/bandroid] has joined #openvpn
05:06 -!- syedomar [~so@175.136.94.164] has joined #openvpn
05:09 -!- antoniy [~kvirc@78.130.225.19] has joined #openvpn
05:12 < antoniy> Hello guys. My docker openvpn setup has client configuration that is used from a PC and mobile device. When using the same configuration though the IP address assigned to both devices is the same. Is this an expected behavior? Should I use different configurations for both devices or there is a way to configure the server to assigne different IPs to the same client connections?
05:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:23 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
05:32 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 264 seconds]
05:42 -!- Exagone313 [~exa@elou.world] has joined #openvpn
05:48 -!- khaldrogox [~anonymous@2601:9:1c82:5170:28fa:f928:6741:3430] has joined #openvpn
05:51 -!- khaldrogox [~anonymous@2601:9:1c82:5170:28fa:f928:6741:3430] has quit [Client Quit]
06:17 -!- dgeary2 [~portlandi@90.200.5.24] has joined #openvpn
06:18 < dgeary2> why does this channel not allow users which haven't identified to nickserv to join?
06:22 < dgeary2> am using openvpn on a raspberry pi with a 16384-bit RSA key which takes longer than 1 minute to complete a TLS handshake. Getting message on both the server and the client: 'TLS Error: TLS key negotiation failed to occur within 60 seconds'. how to extend the timeout to, eg 2 minutes?
06:24 <@plaisthos> dgeary2: any reason for a  16k rsa key?
06:25 <@plaisthos> keys larger than 4k or 2k do not give any real security benefit since the other parts of the the cipher suite are probably much weaker
06:25 <@plaisthos> like aes128/256
06:25 <@plaisthos> the option is iirc tls-timeout
06:25 <@plaisthos> you need it on both sides
06:44 < dgeary2> plaisthos, for fun. have read in various places that tls-timeout modifies retransmission timeout, not global timeout, eg https://openvpn.net/archive/openvpn-users/2006-04/msg00381.html
06:44 <@vpnHelper> Title: [Openvpn-users] Re: Can TLS key negotiation timeout be reduced? (at openvpn.net)
06:47 < dgeary2> read manual, option is 'hand-window'. thanks anyway.
06:48 <@plaisthos> dgeary2: hm okay, thought it was tls-timeout for both things
06:49 <@plaisthos> an option tls-timeout does not exist at all :)
06:50 <@plaisthos> then oh it does
06:50 <@plaisthos> but does something totaly different
06:55 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
06:56 < dgeary2> getting key usage error now. a gap in my knowledge of TLS.
06:57 < dgeary2> Certificate has key usage  00f0, expects 00a0
06:57 < dgeary2> Certificate has key usage  00f0, expects 0088
06:58 < dgeary2> where to look up what those numbers mean?
07:00 -!- dgeary2 [~portlandi@90.200.5.24] has quit [Quit: Ex-Chat]
07:03 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:40 -!- codebam [codebam@gateway/shell/yourbnc/x-ejjjlnxlllihrgvv] has quit [Quit: Seeya. Thanks :)]
07:41 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
07:43 -!- codebam_away [codebam@gateway/shell/yourbnc/x-wswskddscqtgboek] has joined #openvpn
07:44 -!- codebam_away is now known as codebam
08:05 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
08:07 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
08:09 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
08:10 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
08:10 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
08:12 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
08:12 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
08:13 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
08:13 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
08:14 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
08:23 -!- antoniy [~kvirc@78.130.225.19] has quit [Excess Flood]
08:26 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
08:39 -!- `hypermist` is now known as sleepypc
09:03 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
09:04 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
09:04 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
09:05 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
09:05 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
09:06 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
09:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
09:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
09:21 < andi> Hi
09:21 -!- syedomar [~so@175.136.94.164] has quit [Quit: leaving]
09:22 < andi> Can somebody tell me how to disable utun for Tunnelblick under Mac OS X? I can connect to my openvpn server but I cannot ping anything.
09:25 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 244 seconds]
09:25 -!- mattock is now known as mattock_afk
09:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
09:39 -!- antoniy [~kvirc@78.130.225.19] has joined #openvpn
09:57 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 248 seconds]
09:57 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:04 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 276 seconds]
10:04 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
10:08 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 265 seconds]
10:11 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
10:19 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:23 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
10:29 -!- niseak_ [~niseak@162.222.47.229] has joined #openvpn
10:32 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 264 seconds]
10:34 -!- niseak_ [~niseak@162.222.47.229] has quit [Ping timeout: 244 seconds]
10:36 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
10:50 -!- Denial [~Denial@81.141.23.87] has quit []
10:54 -!- Denial [~Denial@81.141.1.87] has joined #openvpn
10:56 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
10:57 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
10:57 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
10:58 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
10:59 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
11:01 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:01 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
11:03 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:04 -!- niseak [~niseak@162.222.47.218] has quit [Remote host closed the connection]
11:05 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
11:06 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
11:07 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:07 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
11:08 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:10 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
11:11 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:11 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has joined #openvpn
11:12 -!- subzero79 [~usuario@200-90-233-77.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:24 -!- u0m3 [~u0m3@92.80.85.34] has joined #openvpn
11:25 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has quit [Remote host closed the connection]
11:30 -!- Celsian [62b0a9ce@gateway/web/freenode/ip.98.176.169.206] has joined #openvpn
11:31 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has joined #openvpn
11:32 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:32 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has joined #openvpn
11:32 < Celsian> Good morning people, I recently setup an OpenVPN on a Debian box, it's working wonderfully except I cannot resolve my local domain properly. In order to access any server on the local network I have to use it's local ip address, my domain will not work. Any suggestions?
11:33 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:41 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has joined #openvpn
11:43 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:43 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has joined #openvpn
11:44 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:44 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has joined #openvpn
11:45 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:45 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
11:45 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has joined #openvpn
11:47 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:47 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has joined #openvpn
11:48 -!- subzero79 [~usuario@200-90-244-54.baf.movistar.cl] has quit [Read error: Connection reset by peer]
11:53 <@plaisthos> from a email "Sir i need a pc software which has all the abilities of "Open VPN for Android" app...all the same options from android to pc...It'll be helpful... Thanks"
11:55 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
11:56 < Thermi> Celsian: Fix your local DNS settings.
11:57 < rob0> !dnsmasq
11:57 <@vpnHelper> "dnsmasq" is http://rob0.nodns4.us/dnsmasq.html for a writeup on how to handle DNS for lans shared with !route
12:01 < Celsian> Thanks guys
12:09 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
12:15 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Remote host closed the connection]
12:15 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
12:19 -!- Celsian [62b0a9ce@gateway/web/freenode/ip.98.176.169.206] has quit [Quit: Page closed]
12:24 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
12:24 -!- mode/#openvpn [+v s7r] by ChanServ
12:31 -!- unicodesnowman [~unicodesn@wikipedia/unicodesnowman] has joined #openvpn
12:33 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Quit: reboot]
12:34 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 252 seconds]
12:35 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 250 seconds]
12:39 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
12:43 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
12:49 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
12:54 -!- gffa [~unknown@unaffiliated/gffa] has quit [Remote host closed the connection]
13:08 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:14 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
13:16 -!- mmp0028 [~mmp@business-176-094-042-173.static.arcor-ip.net] has joined #openvpn
13:18 < mmp0028> hey guys, i have a problem. with route i get a localhost route and with route -n i get 10.8.0.2. But this is not in /etc/hosts or bind. Where does it come from?
13:21 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
13:47 -!- monsterco [463336af@gateway/web/freenode/ip.70.51.54.175] has joined #openvpn
13:47 < monsterco> Hi everyone - what is the server side parameter for Local Network?
13:50 < monsterco> anyone can tell me the parameter for local network?
14:17 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
14:20 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
14:24 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:31 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has quit [Ping timeout: 244 seconds]
14:33 -!- nutron [~nutron@unaffiliated/nutron] has quit [Remote host closed the connection]
14:36 -!- u0m3 [~u0m3@92.80.85.34] has quit [Read error: Connection reset by peer]
14:39 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
14:57 -!- niseak_ [~niseak@162.222.47.218] has joined #openvpn
15:00 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 245 seconds]
15:04 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Ping timeout: 256 seconds]
15:05 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 256 seconds]
15:05 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
15:05 -!- mode/#openvpn [+v esde] by ChanServ
15:06 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
15:07 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
15:10 -!- mmp0028 [~mmp@business-176-094-042-173.static.arcor-ip.net] has quit []
15:13 < Thermi> monsterco: what do you want to do?`
15:14 -!- monsterco [463336af@gateway/web/freenode/ip.70.51.54.175] has quit [Quit: Page closed]
15:30 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Max SendQ exceeded]
15:33 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
15:38 -!- cryptfu [~cryptfu@pool-100-40-82-48.prvdri.fios.verizon.net] has joined #openvpn
15:39 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
15:44 -!- mattock_afk is now known as mattock
15:45 -!- chocolate_ [~chocolate@187.181.101.220] has joined #openvpn
15:46 -!- chocolate [~chocolate@187.181.101.220] has quit [Ping timeout: 245 seconds]
15:46 -!- chocolate_ is now known as chocolate
15:54 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
15:56 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
16:00 -!- mattock is now known as mattock_afk
16:05 -!- niseak_ [~niseak@162.222.47.218] has quit [Remote host closed the connection]
16:06 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
16:17 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:06 -!- niseak [~niseak@162.222.47.218] has quit [Quit: Leaving...]
17:12 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
17:15 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
17:21 -!- dupondje [~dupondje@artemis.dupie.be] has quit [Ping timeout: 276 seconds]
17:25 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
17:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:40 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
18:24 -!- ausjke [~xxiao@li259-246.members.linode.com] has joined #openvpn
18:29 < ausjke> what's the best method to force all network services on vpn server to go through the vpn channels solely, say my original IP is 192.168.1.1 and after vpn it adds 10.0.0.1, how can I guarantee only 10.0.0.1 provides network service(e.g. ssh,https,etc), but 192.168.1.1 is pretty much useless(other than providing vpn itself)
18:31 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
18:40 < ausjke> I assume it's a firewall thing on the server side
18:50 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
18:53 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has joined #openvpn
18:53 < cagedwisdom> I can't figure out what's wrong with my config: http://www.pastekit.com/#!ViewPage;hash=kRgRzY
18:54 < cagedwisdom> This is my client side log at verb=4 http://www.pastekit.com/#!ViewPage;hash=kR42JJ  .. There is.nothing in the server log
18:58 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 250 seconds]
19:12 -!- _FBi [B@Aircrack-NG/User] has quit [Ping timeout: 256 seconds]
19:13 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 264 seconds]
19:13 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 244 seconds]
19:14 -!- FBi [~B@Aircrack-NG/User] has joined #openvpn
19:14 -!- codebam [codebam@gateway/shell/yourbnc/x-wswskddscqtgboek] has quit [Ping timeout: 272 seconds]
19:14 -!- FBi is now known as Guest77843
19:14 -!- deranged [Bit@lolnerd.net] has quit [Ping timeout: 272 seconds]
19:15 -!- codebam_away [codebam@gateway/shell/yourbnc/x-bdxnrpfktplagblm] has joined #openvpn
19:15 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
19:15 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
19:15 -!- codebam_away is now known as codebam
19:16 -!- deranged [Bit@lolnerd.net] has joined #openvpn
19:33 -!- abbe_ [having@badti.me] has joined #openvpn
19:35 -!- abbe [having@badti.me] has quit [Ping timeout: 250 seconds]
19:35 -!- kef [~kef@matrix.fullmotion.de] has quit [Ping timeout: 265 seconds]
19:37 -!- kef [~kef@matrix.fullmotion.de] has joined #openvpn
19:42 -!- Guddu [~Guddu@unaffiliated/guddu] has joined #openvpn
19:42 < Guddu> Can Open VPN replace Cisco VPN Client?
19:43 -!- cryptfu [~cryptfu@pool-100-40-82-48.prvdri.fios.verizon.net] has quit [Quit: Leaving]
19:54 -!- syedomar [~so@175.136.94.164] has joined #openvpn
19:56 < syedomar> hi
19:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
19:57 -!- Guddu [~Guddu@unaffiliated/guddu] has quit [Ping timeout: 244 seconds]
19:57 -!- Guddu [~Guddu@unaffiliated/guddu] has joined #openvpn
19:58 < syedomar> after run "sudo systemctl start openvpn@myserver.service" it give me this 'Failed to start OpenVPN connection to myserver'
19:58 < syedomar> i have no clue whats the problem are
20:02 <@ecrist> ping krzee 
20:03 <@ecrist> Guddu: yes and no
20:03 <@ecrist> OpenVPN can only connect to openvpn server, not cisco
20:03 <@ecrist> syedomar: try running it directly like so:
20:03 <@ecrist> openvpn --config <path_to_config_file>
20:06 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:06 -!- Guddu [~Guddu@unaffiliated/guddu] has quit [Ping timeout: 272 seconds]
20:11 -!- pipeep [~pipeep@fsf/member/pipeep] has joined #openvpn
20:12 < syedomar> ok, 'cat /var/log/openvpn.log' http://pastebin.com/knx2eJwb
20:14 -!- sleepypc is now known as `hypermist`
20:16 < pipeep> I'm configuring an ovpn server with tun. I've got dnsmasq acting as the DNS server, and it should be able to handle dhcp requests. My first question is how is dhcp handled by openvpn? Does ovpn implement it itself (for tun)? Is it forwarding it to dnsmasq?
20:18 < pipeep> I'm essentially patching this existing config, if it helps: https://github.com/jlund/streisand/blob/master/playbooks/roles/openvpn/templates/etc_openvpn_server.conf.j2
20:18 <@vpnHelper> Title: streisand/etc_openvpn_server.conf.j2 at master · jlund/streisand · GitHub (at github.com)
20:31 < syedomar> ecrist: still failed to start
20:40 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 245 seconds]
20:45 -!- cryptfu [~cryptfu@pool-100-40-82-48.prvdri.fios.verizon.net] has joined #openvpn
20:45 < syedomar> ok its started, i managed to get connected from my phone.
20:47 < syedomar> but.. internet browsing is not working
20:47 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:54 -!- syedomar [~so@175.136.94.164] has quit [Quit: leaving]
21:26 -!- abby_a [~Unknown@d58-107-73-133.mit800.act.optusnet.com.au] has joined #openvpn
21:29 < abby_a> I have been trying to download openvpn however every link on their website doesnt seem to be working
21:32 < abby_a> anythoughts?????
21:33 < NP-Hardass> abby_a: what version/os/link?
21:34 -!- Guddu_ [~Guddu@unaffiliated/guddu] has joined #openvpn
21:34 < Guddu_> Is there a Client Software that can replace Cisco VPN Client? Can OpenVPN fit in?
21:35 < abby_a> sorry was trying the links off of https://openvpn.net/index.php/open-source/downloads.html
21:35 <@vpnHelper> Title: Downloads (at openvpn.net)
21:36 < abby_a> all version on all OS
21:36 < abby_a> nothing comes up
21:36 < NP-Hardass> abby_a: sure, but what are you trying to download, the source tarball, the windows binary?
21:36 < abby_a> think I may sorted it
21:36 < abby_a> http://build.openvpn.net/downloads/releases/latest/
21:36 <@vpnHelper> Title: Index of /downloads/releases/latest/ (at build.openvpn.net)
21:36 < NP-Hardass> abby_a: all the links work for me, so I'm trying to understand what you want so I can point you at another source
21:37 < NP-Hardass> abby_a: https://swupdate.openvpn.org/community/releases/
21:37 <@vpnHelper> Title: Index of /community/releases/ (at swupdate.openvpn.org)
21:37 -!- abbe_ is now known as abbe
21:38 < Guddu_> Please help
21:41 < abby_a> Guddu: should be able to depending on the server your trying to connect to
21:44 < Guddu_> abby_a, Thanks for your response. How can i validate that exactly? Would you have a minute in validating that with me?
21:45 < Guddu_> I am a newbie. Please don't mind
21:45 < Guddu_> My Current setting has a IP mentioned. And Group Authentication where there is a password
21:46 < Guddu_> Transprt is IPSEC over UDP
22:03 -!- Guddu__ [~Guddu@unaffiliated/guddu] has joined #openvpn
22:06 -!- Guddu_ [~Guddu@unaffiliated/guddu] has quit [Ping timeout: 250 seconds]
22:09 -!- abby_a [~Unknown@d58-107-73-133.mit800.act.optusnet.com.au] has quit [Ping timeout: 265 seconds]
22:42 -!- kontaxis [~kontaxis@dyn-160-39-57-56.dyn.columbia.edu] has joined #openvpn
22:47 < kontaxis> hi, anyone know the reasoning behind the default mssfix of 1450 bytes? E.g., assuming 1500 MTU and TCP/IP we need mssfix 1460. And for UDP/IP 1472. Even for PPPoE interfaces you don't need a value as low as 1450.
22:49 -!- Guddu__ [~Guddu@unaffiliated/guddu] has quit [Read error: Connection reset by peer]
22:55 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:05 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:07 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has quit [Ping timeout: 255 seconds]
23:10 -!- syedomar [~so@175.136.94.164] has joined #openvpn
23:10 < syedomar> hi
23:11 < syedomar> anyone can link me a good server and client conf for noob
23:12 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
23:37 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 256 seconds]
23:37 -!- ShadniX [dagger@p5DDFE6CD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:37 -!- ShadniX_ [dagger@p57941299.dip0.t-ipconnect.de] has joined #openvpn
23:38 -!- ShadniX_ is now known as ShadniX
23:41 -!- syedomar [~so@175.136.94.164] has quit [Quit: leaving]
23:51 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
23:51 -!- codebam is now known as codebam_away
--- Day changed Thu Apr 09 2015
00:01 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has quit [Ping timeout: 252 seconds]
00:05 -!- ifonly [~ifonly@unaffiliated/ifonly] has joined #openvpn
00:06 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
00:15 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 250 seconds]
00:25 -!- ifonly [~ifonly@unaffiliated/ifonly] has quit [Disconnected by services]
00:25 -!- ifonly [~ifonly@unaffiliated/ifonly] has joined #openvpn
00:28 -!- magnulu [~magnulu@46.246.20.2] has quit [Ping timeout: 252 seconds]
00:28 -!- magnulu [~magnulu@46.246.20.3] has joined #openvpn
00:31 -!- kontaxis [~kontaxis@dyn-160-39-57-56.dyn.columbia.edu] has quit [Quit: Leaving]
00:32 -!- ifonly [~ifonly@unaffiliated/ifonly] has quit [Read error: Connection reset by peer]
00:33 -!- ifonly [~ifonly@unaffiliated/ifonly] has joined #openvpn
00:44 -!- ifonly [~ifonly@unaffiliated/ifonly] has quit [Read error: Connection reset by peer]
00:45 -!- ifonly [~ifonly@unaffiliated/ifonly] has joined #openvpn
00:48 -!- ifonly [~ifonly@unaffiliated/ifonly] has quit [Read error: Connection reset by peer]
00:50 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
00:52 -!- ifonly [~ifonly@unaffiliated/ifonly] has joined #openvpn
00:56 -!- ifonly [~ifonly@unaffiliated/ifonly] has quit [Client Quit]
00:56 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
00:56 < Darkwell> Hello there
00:59 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
01:04 < Darkwell> I got a machine at home that I want to run an openvpn server on... I want to use this server when I am using my lapop a guest client at untrusted wifis etc... it seems that the examples I find seems to be about confin for clients behind your own router and not from arbitrary ips from internet.... which is what I seem to want to have... where to look for examples on my usecase ?
01:31 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
02:03 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
02:10 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Remote host closed the connection]
02:11 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
02:11 -!- mode/#openvpn [+o plaisthos] by ChanServ
02:17 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Read error: Connection reset by peer]
02:18 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
02:19 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
02:20 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
02:24 -!- preteXt [~preteXt@unaffiliated/ifonly] has joined #openvpn
02:34 -!- preteXt [~preteXt@unaffiliated/ifonly] has quit [Quit: Leaving]
02:55 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
03:04 -!- pipeep [~pipeep@fsf/member/pipeep] has quit [Ping timeout: 250 seconds]
03:26 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 244 seconds]
03:47 -!- albercuba [~albercuba@HSI-KBW-46-237-192-160.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
04:12 -!- mattock_afk is now known as mattock
04:16 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 272 seconds]
04:28 -!- dgeary2 [~portlandi@90.200.5.24] has joined #openvpn
04:40 < dgeary2> where to look up what the certificate key usage numbers mean? https://www.ietf.org/rfc/rfc3280.txt
04:43 < dgeary2> i've configured openvpn to expect certain key usage by setting 'remote-cert-ku', it now gives error 'Certificate does not have extended key usage extension'. the certificate indeed does not have any extended key usage. how to configure openvpn to expect that?
04:50 < albercuba> Hello everyone. Question: What is the advantage on using TAP over TUN?? I do not really understand what it says in the openvpn site
04:51 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has joined #openvpn
04:51 < vaskozl> On Linux what's the best way to have openvpn reconnect as wifi reconnects?
05:13 -!- mattock is now known as mattock_afk
05:14 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:21 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:22 -!- tristan_c [~tristan_c@5.80.230.248] has joined #openvpn
05:36 -!- seg [~seg@fsf/member/seg] has quit [Quit: !!]
05:36 -!- wolf1 [~trois@176.126.252.73] has joined #openvpn
05:40 -!- seg [~seg@fsf/member/seg] has joined #openvpn
05:47 -!- wolf1 [~trois@176.126.252.73] has left #openvpn ["Leaving"]
05:49 < albercuba> hello everyone. I have openvpn installed  in a virtual machine  as TAP and i can connect to it, i can ping the server, i can ping the internet but i cannot ping the network behind the vpn server. My question is. If I have it installed in a virtual machine, do i have to  configure the interface in the VM as promiscous?
05:54 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
06:02 < dgeary2> albercuba, can you ping the vpn server over the vpn?
06:03 < dgeary2> albercuba, have you configured the vpn server to route and/or masquerade as necessary
06:04 < dgeary2> albercuba, does the network behind the vpn server know to route the address you're pinging from back to the vpn server?
06:05 -!- dgeary2 [~portlandi@90.200.5.24] has quit [Quit: Ex-Chat]
06:08 -!- albercuba [~albercuba@HSI-KBW-46-237-192-160.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 240 seconds]
06:09 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has quit [Ping timeout: 240 seconds]
06:19 -!- yeehi [~yeehi@unaffiliated/yeehi] has joined #openvpn
06:20 < yeehi> Is there a test server to check if an openvpn implementation is working correctly? The one in the documentation wasn't online.
06:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:47 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 245 seconds]
06:48 -!- buq2 [~buq2@dsl-trebrasgw2-54f9ad-174.dhcp.inet.fi] has joined #openvpn
06:54 < unicodesnowman> I'm having the same issues that albercuda had
06:54 < unicodesnowman> I installed OpenVPN on a KVM VM, and I have enabled ipv4 forwarding, and set UFW to masquerade.
06:54 < unicodesnowman> I can't connect to the external network.
06:59 < buq2> I'm trying to figure out OpenVPN topology/configuration for remote access/debugging purposes
06:59 < buq2> Networking is not my strong suit and I'm little bit overwhelmed
07:00 < buq2> Here (http://imgur.com/I5IxbUW) is a network diagram which hopefully shows what I'm trying to accomplish
07:00 <@vpnHelper> Title: Imgur (at imgur.com)
07:00 < buq2> Could some give me few pointers how the OpenVPN should be configured such that the system would be relatively easy to maintain?
07:01 -!- syedomar [~so@175.136.94.164] has joined #openvpn
07:01 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:02 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
07:07 < syedomar> hi its me again. still didnt manage to get vpn working. maybe its a dns issue or something. here is my server n client conf. http://pastebin.com/yrp6RpBG. http://pastebin.com/GiXShKe3.
07:08 < unicodesnowman> syedomar, what issue are you having
07:09 < syedomar> unicodesnowman: i cant browse from my phone after openvpn connected
07:10 < unicodesnowman> syedomar, same here
07:10 < syedomar> heh
07:10 < unicodesnowman> which tutorial did you follow
07:10 < unicodesnowman> the one on digitalocean for ubuntu 14.04 is broken
07:10 < unicodesnowman> nobody can get it working
07:10 < unicodesnowman> i've already reported it
07:10 < syedomar> archlinux wiki and somewhere ( i lost track)
07:11 < unicodesnowman> damn
07:12 <+esde> !walkthrough
07:12 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
07:12 < syedomar> unicodesnowman: have you get it connected from phone?
07:12 < syedomar> most those docs about openvpn from google SUCK. haha
07:13 < syedomar> !google openvpn dns error
07:13 <@vpnHelper> OpenVPN - ArchWiki: <https://wiki.archlinux.org/index.php/OpenVPN>; vpn - DNS issues on Ubuntu 12.04 with OpenVPN - Ask Ubuntu: <http://askubuntu.com/questions/359299/dns-issues-on-ubuntu-12-04-with-openvpn>; Solving DNS problems with OpenVPN on Ubuntu box | Software ...: <http://www.softwarepassion.com/solving-dns-problems-with-openvpn-on-ubuntu-box/>
07:13 < unicodesnowman> syedomar, can you ping IPs?
07:13 < syedomar> yea
07:14 < unicodesnowman> damn
07:14 < unicodesnowman> syedomar, you made it further than me
07:14 < syedomar> haha
07:14 < syedomar> you got dynamic ip?
07:15 < unicodesnowman> dynamic IP where?
07:15 < unicodesnowman> syedomar, what iptables rule did you use for masquerading
07:16 < syedomar> i didnt touch iptables, so i got no clue
07:17 < syedomar> !howto dns
07:17 < syedomar> !howto
07:17 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
07:21 < unicodesnowman> esde, read howto
07:21 < unicodesnowman> followed 'Routing all client traffic (including web-traffic) through the VPN
07:21 < unicodesnowman> '
07:21 < unicodesnowman> no network connectivity.
07:24 -!- pk12 [~pk12@84.39.116.180] has quit [Quit: Textual IRC Client]
07:30 -!- f0o [~f0o@46.246.25.86] has joined #openvpn
07:30 < f0o> cheers
07:32 < f0o> got a quick question, I the tls-verify directive to selectively allow some certs and others not - is there a way to push routes to the client in the same step? - i.e. some users get routes XYZ and others dont or different ?
07:32 < f0o> if so, can somebody point me to the right aproach?
07:33 < unicodesnowman> how can I troubleshoot 'Routing all client traffic (including web-traffic) through the VPN' not working
07:33 < unicodesnowman> I've followed the steps, but no external network connectivity. how can i troubleshoot this.
07:33 < f0o> unicodesnowman: check the routing table of your client and check the forwarding-options (pf,iptables,kernel-opts) on the server
07:34 < f0o> on the client there should be a 'default' route to your openvpn-server's vpn-IP
07:35 < f0o> and on the server it should allow forwarding on tun*/tap* and the outgoing interface (i.e. eth0) + allow pkgs that get into the -t filter FORWARD chain (linux) and sometimes it requires you to have a NAT'ing
07:37 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
07:37 < unicodesnowman> f0o, I reconnected to the client to check the routing tables, and it suddenly worked o.o
07:37 < f0o> hehe that's good :D
07:38 < unicodesnowman> but I don't know what's broken with my setup script...
07:39 < unicodesnowman> www.dnsleaktest.com success, no leak!
07:39 < f0o> :)
07:40 < tristan_c> Guys, I've a related question on the server-side iptables setup
07:41 < tristan_c> I have: iptables -t nat -A POSTROUTING ! -d 172.19.233.0/24 -j SNAT --to-source xxx.xxx.xxx.xxx
07:41 < tristan_c> do I need a masquerading rule as well?
07:43 < unicodesnowman> tristan_c, no. SNAT *or* masquerade.
07:44 < tristan_c> ahh, thanks - I have both.
07:44 < tristan_c> for me this 'works' for devices connected to the client (they can get external access etc)
07:44 < tristan_c> but how do I get traffic from the internet through to the client?
07:45 < tristan_c> ie, upnpd opens port 4500 on my client, how can <externalIP>:4500 be routed to <clientIP>:4500?
07:47 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
07:49 < unicodesnowman> tristan_c, NAT
07:50 < unicodesnowman> should be done automatically.
07:51 < tristan_c> hmm, if I run nmap -p 4500 -sU <externalIP> I get 'closed'
07:52 -!- yeehi [~yeehi@unaffiliated/yeehi] has quit [Ping timeout: 276 seconds]
07:52 < tristan_c> If you've a moment, could you glance at my nat table? http://pastebin.com/LrLhgfds
07:53 < tristan_c> which has the 'duplicate' POSTROUTING
07:58 < unicodesnowman> OK. If my script works, I should be able to type ./deploy-server.sh [IP] [server name] and have a new OpenVPN server deployed automatically. let's see...
08:02 < unicodesnowman> well, it sets up a new server, but I get the same problem I used to have.. can't connect to the external itnernet.
08:07 < unicodesnowman> attempt #2
08:11 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
08:11 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:13 < f0o> How does Client-Config-Dir behave with CNs that have spaces? our CNs are in format "Name Surname", the file "/etc/vpn/ccd/Name Surname" gets ignored :/
08:15 < f0o> nevermind, was a typo
08:16 < unicodesnowman> IT WORKS!
08:16  * unicodesnowman hugs everyone, especially f0o 
08:16 < f0o> lol np
08:16 < f0o> :)
08:19 -!- apollo2k is now known as aPollO2k
08:23 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:24 -!- yeehi [~yeehi@unaffiliated/yeehi] has joined #openvpn
08:24 <@krzee> ecrist, pong
08:33 <+esde> krzee, https://i.imgur.com/bZL3tSo.jpg, good morning
08:34 <@krzee> good morning, looks like my morning minus the coffee (which im going out for in a sec)
08:35 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
08:36 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
08:38 -!- yeehi [~yeehi@unaffiliated/yeehi] has quit [Ping timeout: 250 seconds]
08:39 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:43 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
08:45 -!- f0o [~f0o@46.246.25.86] has left #openvpn ["= "Cya!""]
08:54 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer]
08:54 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
08:56 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
08:56 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
09:01 -!- yeehi [~yeehi@unaffiliated/yeehi] has joined #openvpn
09:12 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.1.1]
09:13 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has joined #openvpn
09:15 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
09:16 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 252 seconds]
09:22 -!- `hypermist` is now known as sleepypc
09:25 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
09:28 -!- mattock_afk is now known as mattock
09:30 -!- mattock is now known as mattock_afk
09:44 -!- bogie [bogie@mail.epow0.org] has quit [Ping timeout: 256 seconds]
09:50 -!- mattock_afk is now known as mattock
09:51 -!- bogie [bogie@mail.epow0.org] has joined #openvpn
09:52 -!- sleepypc is now known as `hypermist`
10:07 -!- aPollO2k is now known as apollo2k
10:35 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
10:39 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has quit [Remote host closed the connection]
10:40 -!- yeehi [~yeehi@unaffiliated/yeehi] has quit [Ping timeout: 252 seconds]
11:18 -!- `hypermist` is now known as sleepypc
11:21 -!- yeehi [~yeehi@unaffiliated/yeehi] has joined #openvpn
11:45 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
11:52 -!- liriel [~liriel@185.21.217.6] has quit [Quit: bye]
11:57 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has joined #openvpn
11:59 < vaskozl> How can I forward certain ports to specific ip's within the VPN?
12:00 < vaskozl> so if someone from the outside connets to the server it would redirect him depending on the port
12:01 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
12:10 < BtbN> iptables
12:12 -!- ross` [~ross@spam.im] has joined #openvpn
12:12 < ross`> is it possible to use the same openvpn client configuration on 2 clients live at the same time if the configuration doesn't use a static ip address
12:13 < ross`> or do i absolutely need a client configuration per node
12:15 < rob0> And the same client certificate?  You can, but you'll probably regret it later.
12:16 < ross`> rob0: can yo udescribe the downsides and the possible regrets?
12:16 < ross`> will it have issues with two active connections using the same certs
12:18 < pekster> !dupe
12:18 <@vpnHelper> "dupe" is (#1) see --duplicate-cn in the manual (!man) to see how to allow multiple clients to use the same key (NOT recommended) or (#2) instead, use !pki to make a cert for each user
12:18 < pekster> The big problems being that you can't tell connections apart any more by user, or revoke just one compromised client
12:21 < rob0> you lose the ability to control what happens for any given client
12:22 < rob0> you can search the mailing list for --duplicate-cn and find more
12:24 -!- RealKillaz [~RealKilla@sub-736ip3.rev.onenet.an] has joined #openvpn
12:24 < RealKillaz> !welcome
12:24 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:24 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:24 < RealKillaz> !goal
12:24 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
12:26 < RealKillaz> !howto
12:26 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
12:26 < RealKillaz> !route
12:26 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:26 <@vpnHelper> client
12:26 < RealKillaz> !man
12:26 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
12:26 < RealKillaz> I would like to connect to sites with each other. The first site is my own private network and the other one is a couple of instances in the cloud (AWS)
12:27 < RealKillaz> two*
12:27 < pekster> read up on !serverlan and !clientlan
12:28 < RealKillaz> In other words a site-to-site connection: I'm trying to understand this resource but havent figured it out yet: https://openvpn.net/index.php/access-server/section-faq-openvpn-as/server-configuration/209-how-do-i-setup-openvpn-access-server-to-use-site-to-site.html
12:28 <@vpnHelper> Title: How do I setup OpenVPN Access Server to use site-to-site? (at openvpn.net)
12:28 < RealKillaz> !serverlan
12:28 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
12:29 < RealKillaz> !clientlan
12:29 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
12:29 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
12:31 < pekster> RealKillaz: AS is not OpenVPN, but a commercial product wrapped around the former point-release
12:31 < pekster> !as
12:31 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
12:31 < RealKillaz> pekster, oh ok
12:31 < RealKillaz> pekster, so I should focus on OpenVPN
12:32 < pekster> Depends on your needs. OpenVPN is GPL and requires no fees or licensing; AS is a frontend designed to provide the usual features-as-a-service, supported by the company that sells it
12:33 < RealKillaz> pekster I understand. I think for now I will focus on OpenVPN to see whether this works.
12:33 < RealKillaz> pester if it does I will use the commercial one
12:34 < RealKillaz> pester thank you for the info
12:34 < RealKillaz> my bad autocorrection pekster
12:35 -!- buq2 [~buq2@dsl-trebrasgw2-54f9ad-174.dhcp.inet.fi] has quit [Ping timeout: 252 seconds]
12:37 < rob0> He likes being called "pest" for short.
12:42 < RealKillaz> :-)
12:42 < RealKillaz> pekster is that true?
12:42 < RealKillaz> about the serverlan vs clientlant, does it matter which site I make server or client one?
12:44 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
12:44 -!- mode/#openvpn [+v s7r] by ChanServ
12:55 < rob0> serverlan and clientlan are the same basic idea, as you probably already know from having looked at them.
13:03 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
13:08 -!- syedomar [~so@175.136.94.164] has quit [Quit: leaving]
13:09 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Read error: Connection reset by peer]
13:09 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
13:11 -!- octe [~octe@lucilla.fixme.se] has joined #openvpn
13:12 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Client Quit]
13:12 < octe> after running my openvpn client for a while it stops working, i see this repeated every minute in the logs: http://pastebin.com/YEiXnyLb
13:12 < octe> the process is also using 100% cpu
13:12 < octe> last time this happened i restarted it and it seemed to start working for a while
13:19 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
13:20 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
13:25 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
13:29 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:29 < RealKillaz> !serverlan
13:29 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
13:31 < RealKillaz> !clientlan
13:31 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
13:31 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
13:37 -!- tristan_c [~tristan_c@5.80.230.248] has quit []
13:42 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 250 seconds]
13:43 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
13:44 < RealKillaz> rob0, well what I find difficult to understand is that VPN is a client/server architecture and from what I read both serverlan and clientlan there is a openvpn daemon. What I'm missing in the whole picture is where does the client to connect the daemon comes into play
13:46 < rob0> You don't get to mess with routing on the tunnel before the tunnel is established.
13:48 < RealKillaz> rob0, ?
13:48 < RealKillaz> rob0, Is that message directed to me?
13:50 < RealKillaz> !route
13:50 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
13:50 <@vpnHelper> client
13:51 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
13:51 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
14:02 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
14:08 -!- niseak_ [~niseak@173-160-123-81-Minnesota.hfc.comcastbusiness.net] has quit [Ping timeout: 248 seconds]
14:08 -!- Celsian [62b0a9ce@gateway/web/freenode/ip.98.176.169.206] has joined #openvpn
14:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
14:12 < Celsian> OpenVPN on my Mac keeps adding the following route to my routing table: "98.176.169.206/32  10.108.1.1         UGSc            1        0     en0" which is trying to send all traffic to that ip through my local network (10.108.1.1) instead of my vpn connection. (10.8.0.1) The 98.X.X.X ip is my OpenVPN server. As such I cannot access any web resources by visiting my IP Address as the connection is not going through my VPN, but my lo
14:13 < Celsian> This same problem does not occur on my android device using OpenVPN Connect with the exact same config.
14:15 < vaskozl> BtbN: could you give me an example an example iptables command so I can get started?
14:17 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
14:20 < DArqueBishop> !configs
14:20 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:23 < Celsian> Server: http://pastebin.com/JpUUn712     Client: http://pastebin.com/ps45Zjx5
14:25 < rob0> vaskozl, you want to look up the DNAT target in the iptables-extensions(8) manual.  See also the frozentux iptables tutorial page on DNAT, for explanations and examples.  Also ...
14:25 < rob0> ... the Netfilter.org NAT HOWTO is mostly still relevant too.
14:25 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
14:26 < rob0> Outdated, but a good read.
14:34 < vaskozl> rob0: so I treat it as a completely normal forwarding?
14:35 < vaskozl> ok I got this thanks
14:39 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
14:41 -!- Celsian is now known as Celsian3
14:42 -!- Celsian [d142c21e@gateway/web/freenode/ip.209.66.194.30] has joined #openvpn
14:47 -!- Celsian3 [62b0a9ce@gateway/web/freenode/ip.98.176.169.206] has quit [Ping timeout: 246 seconds]
14:48 < Celsian> I believe it's a tunnelblick issue.
14:55 < Celsian> Apparently it is not a tunnelblick issue, as I get the same problem using Viscosity
14:58 < rob0> vaskozl, "maybe".  It works if using --redirect-gateway, otherwise you need policy routing on the host receiving the DNAT.
14:59 < rob0> Celsian, I don't understand what you're saying is not working?
15:00 < rob0> The VPN server is also a web server?
15:00 < Celsian> rob0: Everything is working flawlessly, except that I cannot connect my domain konvett.com nor my ip address from the VPN'd station.
15:00 < Celsian> Yes, it is also a webserver and hosts two other services as well.
15:00 < Celsian> Services I would like to be able to access via my domain instead of the server's local ip. For continuities sake.
15:15 -!- Celsian [d142c21e@gateway/web/freenode/ip.209.66.194.30] has quit [Ping timeout: 246 seconds]
15:15 -!- niseak [~niseak@162.222.47.218] has quit [Remote host closed the connection]
15:16 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
15:20 -!- Celsian [62b0a9ce@gateway/web/freenode/ip.98.176.169.206] has joined #openvpn
15:21 < Celsian> Apologies rob0, I missed anything you might have said. Disconnected.
15:31 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
15:33 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
15:37 -!- yeehi [~yeehi@unaffiliated/yeehi] has quit [Quit: Leaving]
15:51 < vaskozl> rob0: would using simply this work: iptables -t nat -A PREROUTING -p tcp --dport port -j DNAT --to-destination ip:port ?
15:52 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has joined #openvpn
15:53 < vaskozl> why is this so complicated..
15:53 < vaskozl> I don't even know what policy routing is :(
15:54 < rob0> are you using --redirect-gateway?
15:54 < vaskozl> that should go in the server.conf of openvpn right?
15:55 < rob0> you don't know if you're using --redirect-gateway?
15:55 < rob0> It's a client setting, typically pushed from the server.
15:56 < vaskozl> pushed from the server?
15:56 < rob0> I would think you'd know if you were using it.
15:56 < rob0> Do you run the server?
15:56 < vaskozl> I have this line in server.conf iiipush "redirect-gateway def1 bypass-dhcp"
15:56 < vaskozl> so I guess I do
15:57 < vaskozl> yes, I run the server
15:57 < rob0> so there you go.  Did it work?
15:58 < rob0> test it from outside the VPN somewhere.
15:58 < vaskozl> well I was waiting for you to confirm, didn't want to mess up something
16:00 < vaskozl> I get: iptables: No chain/target/match by that name.
16:00 < rob0> hmm
16:01 < rob0> so, this server, does it have a custom kernel?
16:01 < vaskozl> has the default arch one..
16:01 < vaskozl> this is the command I ran: https://skozl.com/eC9
16:02 < vaskozl> I have some iptables rules from a config I followed
16:02 < vaskozl> they are here: https://skozl.com/KfG
16:04 < vaskozl> this is the server.conf: https://skozl.com/APO
16:04 < rob0> I've never heard of a distro kernel which lacks conntrack or the nat table or the DNAT target.
16:05 < rob0> or maybe they did something to prevent iptables from loading modules, that's possible, but similarly bizarre.
16:05 < vaskozl> can I check?
16:05 < vaskozl> I'm running: Linux awry 3.19.2-1-ARCH #1 SMP PREEMPT Wed Mar 18 16:21:02 CET 2015 x86_64 GNU/Linux
16:06 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 265 seconds]
16:06 < vaskozl> this is all new stuff to me
16:07 < vaskozl> I've never messed with the networking side before..
16:07 -!- bootsWitDaFur [~Adium@cpe-68-173-46-105.nyc.res.rr.com] has left #openvpn []
16:11 < vaskozl> rob0: might it be any of the other iptable lines that are messing something up?
16:11 < rob0> you're missing one of the modules I mentioned
16:12 < vaskozl> uhm
16:12 < vaskozl> well, can I find out which one it is?
16:13 < vaskozl> why would I be missing it?
16:14 -!- greg___ [62b02652@gateway/web/freenode/ip.98.176.38.82] has joined #openvpn
16:14 < greg___> hi
16:14 < greg___> i'm trying to set up an openvpn server on a ubuntu 14.04 EC2 instance
16:15 < greg___> I'm able to connect to the server without issue but I'm trying to allow the client access to the entire VPC
16:15 < greg___> from what I'm reading, it seems like I have a routing issue but I haven't been able to pin down the exact problem yet... any suggestions would be appreciated
16:16 <@novaflash> hi greg___
16:16 <@novaflash> ha
16:16 <@novaflash> guess you made it
16:16 < vaskozl> rob0: I guess I could tunnel trough ssh..
16:16 <@novaflash> so the problem is likely that you're trying to route traffic but there's no return route to the vpn subnet in your vpc. either use NAT or set up static routes and relax some security settings on amazon to allow this.
16:17 < greg___> i set up one static route to route everything from the VPN ip pool through the gateway
16:18 <@novaflash> in routing mode, with ip forwarding enabled, packets from the vpn subnet should flow onto the vpc freely (provided source checking is disabled - an amazon feature)
16:18 <@novaflash> it's the return traffic that you need to be worried about i suspect
16:19 <@novaflash> from the vpc to the vpn subnet - should point to the ip of the server running the openvpn server software, using that as the gateway for the vpn subnet
16:19 <@novaflash> anyways, that's just my guess as to where the problem is
16:19 <@novaflash> NAT might be easier
16:19 < rob0> vaskozl, I don't know why these modules are missing or did not load.  Every other distro I know of gets this right.  Maybe they have split kernel modules into multiple packages, and you don't have them all?
16:19 <@novaflash> that way you just translate VPN subnet traffic to the local IP in the VPC and from there to the target computers. responses go back over the established translation tables and are translated back
16:20 < greg___> ok
16:20 < rob0> Really, you need to ask your Arch enemies.
16:20 <@novaflash> oohhhh
16:20 < vaskozl> rob0: which modules?
16:20 < greg___> do i set up NAT at machine level or at VPC level?
16:20 < rob0> err, channel
16:20 <@novaflash> nice one rob0
16:20 < vaskozl> how can I check which I'm missing..
16:20 < vaskozl> I don't even..
16:20 <@novaflash> rob0: vaskozl: i often see these modules missing on stripped down images for cheap VPS systems. could be that.
16:20 < vaskozl> no
16:20 < vaskozl> because I installed it by hand
16:21 < vaskozl> from the iso
16:21 <@novaflash> greg___: NAT is set up in the operating system using iptables. perhaps this channel has some help
16:21 <@novaflash> !nat
16:21 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
16:21 < rob0> "modprobe -v iptable_nat"
16:21 <@novaflash> !linnat
16:21 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
16:21 < rob0> I think there's also xt_nat
16:21 < vaskozl> rob0: https://skozl.com/Bh2 <-
16:22 < rob0> I don't know the names of all the modules you need.
16:22 < vaskozl> I'm not missing it am I?
16:22 < vaskozl> are you sure I'm missing modules?
16:24 < greg___> thanks novaflash... i'm going to stick around for a few minutes and check on a few things
16:24 < rob0> How would I know?  I know that in a sane distro, iptables loads the modules it needs.  If yours doesn't, talk to your Arch enemies!
16:24 < vaskozl> because I really doubt I am, I don't see how that could ever happen. Arch kernel is almost vanilla
16:24 < vaskozl> but..
16:25 < vaskozl> how did you know from the error that's the case?
16:25 < rob0> In a sane distro, you enter an iptables rule, and any/all modules needed are loaded for you.
16:25 < vaskozl> where does it say they are not  loadin?
16:28 <@novaflash> i'm just gonna go ahead and say; iptables works in pretty much every distro of linux. except this one. why? ask arch guys. ask them how to get iptables working. then when that's working, rejoice!
16:29 <@novaflash> iptables is hardly an openvpn problem
16:29 < vaskozl> just thought it might not be the distro
16:29 < vaskozl> because I looked trough the forums and no one had this error
16:29 <@novaflash> just check the documentation for getting iptables to work on arch
16:29 <@novaflash> it's probably something ridiculously simple
16:30 <@novaflash> like just having to install a simple packages
16:30 <@novaflash> package *
16:30 <@novaflash> according to arch wiki; The stock Arch Linux kernel is compiled with iptables support. You will only need to install the userland utilities, which are provided by the package iptables in the official repositories. (The iproute2 package from the base group depends on iptables, so the iptables package should be installed on your system by default.)
16:31 <@novaflash> iptables isn't just 1 thing though - it has modules too, for stuff like nat for example
16:31 < vaskozl> right
16:31 < vaskozl> I do have the iptables package
16:31 <@novaflash> might not be present by default, may need to be added, maybe it's possible to load it as a loadable module on arch, maybe it can only be added at compile time
16:31 <@novaflash> these are all very good questions and all very interesting but have zero to do with openvpn itself
16:31 <@novaflash> for this stuff you're better off talking to iptables guys or arch guys
16:31 <@novaflash> like hey i'm trying to do nat on arch, y it no work
16:32 < vaskozl> no it's just that you dismissed it as being the fault of the distro
16:32 <@novaflash> you're making a broad assumption there
16:32 < vaskozl> which I don't think it is, more likely I ran a incompatible iptables command or something
16:32 <@novaflash> okay, fine, that must be it :)
16:33 <@novaflash> well, i'm done wasting time on this box of technological marvels for today, i have to get to bed. take care guys.
16:33 < vaskozl> gnight
16:34 -!- codehero [codehero@i.have.ipv6.on.coding4coffee.org] has quit [Ping timeout: 252 seconds]
16:35 -!- kef [~kef@matrix.fullmotion.de] has quit [Ping timeout: 265 seconds]
16:36 < RealKillaz> I've read FAQ about the difference between bridging and routing. From an expert point of view which is better? I'm looking for long-term solution
16:37 < RealKillaz> ah ok I already found the answer to this "Determining whether to use a routed or bridged VPN"
16:37 < RealKillaz> Sorry guys
16:37 -!- codehero [codehero@i.have.ipv6.on.coding4coffee.org] has joined #openvpn
16:38 -!- kef [~kef@matrix.fullmotion.de] has joined #openvpn
16:38 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has quit [Read error: Connection reset by peer]
16:41 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has joined #openvpn
16:42 < vaskozl> I believe I resolved the issue.
16:42 < vaskozl> the update had pulled a new kernel and the machine had not been restarted
16:42 < vaskozl> and now it works
16:46 < greg___> I have another question... novaflash suspected my return traffic (from VPC to VPN server) wasn't routed correctly... what is the best way for me to monitor the traffic?
16:47 < greg___> right now i don't see anything in my syslog or auth log indicating that I'm even attempting to connect
17:03 -!- RealKillaz [~RealKilla@sub-736ip3.rev.onenet.an] has quit [Quit: This computer has gone to sleep]
17:16 -!- greg___ [62b02652@gateway/web/freenode/ip.98.176.38.82] has quit [Quit: Page closed]
17:57 -!- niseak [~niseak@162.222.47.218] has quit [Quit: Leaving...]
18:26 -!- Celsian [62b0a9ce@gateway/web/freenode/ip.98.176.169.206] has quit [Ping timeout: 246 seconds]
18:37 -!- dyce [~quassel@ns3290920.ip-5-135-184.eu] has joined #openvpn
18:39 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
18:39 < ybgd> i saw the following snippet code online.. im trying to do some ip port forwarding so that my openvpn allows incoming connections from outside network
18:40 < ybgd> "iptables -t nat -A PREROUTING -d x.x.x.x -p tcp --dport 6000 -j DNAT --to-dest y.y.y.100:6000" .. was the example listed... could someone give me a hint (or just tell me) which ip to place in x.x.x.x and which goes to y.y.y.y?
18:41 < ybgd> is x.x.x.x the ip of my linode (which im using), and the destination y.y.y.y is ip assigned by openvpn e.g. 10.0.8.5 or whatever?
18:48 < vaskozl> yes
19:01 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
19:02 < ybgd> great thanks ill try that.. how about post routing? e.g  "iptables -t nat -A POSTROUTING -d y.y.y.100 -p tcp --dport 6000 -j SNAT --to-source y.y.y.1" is the example I saw
19:05 < ybgd> plug my openvpn ip in there twice? forgive me im noob and the example doesnt provide much explanation (http://unix.stackexchange.com/questions/55791/port-forward-to-vpn-client)
19:05 <@vpnHelper> Title: iptables - Port forward to VPN Client? - Unix & Linux Stack Exchange (at unix.stackexchange.com)
19:06 < vaskozl> I'm also somewhat a noob, but I was quite successful with this setup: https://skozl.com/8Zd
19:07 < vaskozl> you can see 3 ranges which are forwarded to .15 .17 and .19
19:07 < vaskozl> the server being having the .91 (from the outside)
19:09 < ybgd> dude that rocks - thank you!
19:10 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
19:22 -!- unicodesnowman [~unicodesn@wikipedia/unicodesnowman] has quit [Ping timeout: 256 seconds]
19:26 -!- ybgd_ [~ybgd@unaffiliated/ybgd] has joined #openvpn
19:29 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 252 seconds]
19:33 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
19:34 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
19:36 -!- ybgd_ [~ybgd@unaffiliated/ybgd] has quit [Quit: Leaving]
19:37 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Client Quit]
19:37 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
19:40 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Client Quit]
19:40 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
19:43 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Client Quit]
19:44 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
19:51 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
20:44 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
20:46 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
21:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:34 -!- greg___ [~grego@ip98-176-38-82.sd.sd.cox.net] has joined #openvpn
21:35 < greg___> Hello again. I'm looking for some help with setting up an openvpn server on an ec2 instance
21:36 < greg___> right now i have the server running and I can connect to it
21:36 < greg___> the problem is that the clients cannot access the rest of the machines in the VPC
21:39 < pekster> IIRC, AWS comes with some pattently unhelpful "feature" by which they firewall RFC1918 traffic into a VPC; you may need to disable that to use OpenVPN usefully in that context
21:39 < greg___> i think i know what you're talking about, and it's disabled
21:39 < greg___> let me get their term
21:40 < greg___> "Change Source/Dest Check"
21:40 -!- codebam_away is now known as codebam
21:40 < pekster> I'm not that up on it; I've used AWS a bit over the years, but these-days about all I do on it is Route53 and the ocational Windows Server spot instance when I have a reason to need to vet my code against a "server" product
21:41 < greg___> ok, let's pretend this isn't on AWS
21:41 < pekster> This said, you'll have a better time of troubleshooting OpenVPN if you think of it as a glorified software router
21:41 < pekster> Right, already ahead of you there :P
21:41 < greg___> what traffic do I need to forward exactly
21:42 < greg___> this is where I sort of start to fall down with networking
21:42 < pekster> So, if you want to expose access to clients of your OpenVPN instance to a network (EC2/AWS or a "real" network on "real" switches) you treat the OpenVPN server connected to this network as any other router
21:42 < pekster> Namely, this:
21:42 < pekster> !serverlan
21:42 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
21:43 < pekster> Remember that your OpenVPN server has at least 2 interfaces: your NIC connected to the network (which you're trying to expose external access to) and the VPN device, which enumerates as a tun, or OSI L3 device
21:44 < greg___> ok
21:44 < greg___> so i definitely enabled ip forwarding
21:44 < greg___> i set the server topush a route for the lan to clients (this is the "push route blah blah" in server.conf, right?)
21:45 < pekster> The flowchart will be most helpful, especially if you're new to openvpn or routing in general
21:45 < greg___> ok, reviewing it now
21:45 < greg___> will likely have questions :)
21:45 < pekster> Right, assuming that the server network is unique across your infrastructure
21:45 < pekster> Common networks on the server-side should be avoided due to potential for conflict/overlap
21:46 < greg___> by that you mean don't have the vpn ip pool and the lan ip pool the same?
21:47 < pekster> Or the client's _local_ network
21:47 < greg___> ah
21:47 < greg___> yes, i'm good there
21:47 < pekster> For example, 192.168.1.0/24 is a horrible choice, for either your VPN subnet _OR_ or server-side LAN
21:47 < greg___> everybody is unique
21:47 < greg___> ok, your handy flowchart has pretty much confirmed what I thought
21:47 < greg___> and that is "add a route to the router so it knows how to reach the vpn subnet"
21:48 < pekster> Yup, if your server-side LAN cannot route "back" to your VPN subnet, you need to fix that (or do awful hacks to "fix" it)
21:48 < greg___> but i don't fully understand what that means
21:48 < pekster> So, how does your EC2 VPC system (not the VPn server, the actual endpoint) know how to reach the VPN network?
21:49 < pekster> It gets a packet from 10.8.0.2 (or w/e your client is) and looks that up in its own routing table
21:49 < greg___> ok
21:49 < pekster> That gateway in turn needs a route to the VPN network, routed via the OpenVPn gateway, not the global Internet (as RFC1918 is not valid on the public Internet)
21:50 < greg___> ok
21:50 < greg___> so does this mean i need to route all traffic on local lan to server ip?
21:51 < greg___> openvpn server ip
21:51 < greg___> sorry, i think i fully understand what you're saying
21:52 < greg___> i'm not just exaclty sure how to accomplish the fix
21:55 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:56 < pekster> ip route add 10.8.0.0/24 via IP_OF_OPENVPN_SERVER_ON_YOUR_AWS_EC2_NETWORK_THAT_THE_DEFAULT_ROUTER_IS_ALSO_ON
21:56 < pekster> Or whatever the syntax is for the gateway on your EC2 VPX
21:56 < pekster> VPS*
21:56 < pekster> NFI how you do that if the VPC "is" your default gateway (ie: consult AWS docs for the fix then)
22:00 < pekster> This might also help you:
22:00 < pekster> !route_outside_openvpn
22:00 <@vpnHelper> "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
22:00 < greg___> ok, let me dig
22:01 < greg___> i can define the gateway
22:01 < greg___> and i have access to a route table
22:01 < pekster> Of the default router for your LAN?
22:01 < greg___> although it seems to want me to add routes for entire blocks to certain device (e.g. the gateway)
22:02 < greg___> i believe its for the VPC which would be the LAN
22:02 < pekster> Presumably you're trying to reach the entire network, not just a single target on the network
22:03 < pekster> If 10.8.0.2 (or dot <whatever>) tries to reach a server-side IP of 172.18.19.20, either 172.18.19.20 needs to know itself how to route back to 10.8.0.0/24, OR the default router (perhaps 172.18.19.1) needs to know that same fact, and it must route back via the IP of the OpenVPN server on the 172.18.19.0/24 network
22:04 < pekster> Just great OpenVPN as you would any other routing engine (like a Cisco, F5, etc)
22:04 < pekster> treat*
22:04 < greg___> ok
22:04 < greg___> thanks for your help
22:05 < greg___> i'm sticking around but i'll be off trying to figure out the AWS equivalent
22:05 -!- sleepypc is now known as `hypermist`
22:06 < pekster> Presumably they have a routing section, but I try to use more tangable devices for my routers ;)
22:08 < greg___> so I'm looking at my route table for the VPC... and also the AWS doc and I see this
22:08 < greg___> Each route in a table specifies a destination CIDR and a target (for example, traffic destined for 172.16.0.0/12 is targeted for the virtual private gateway); we use the most specific route that matches the traffic to determine how to route the traffic.
22:09 -!- RealKillaz [~RealKilla@67-231-248-213.static.as40244.net] has joined #openvpn
22:10 < RealKillaz> !serverlan
22:10 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
22:20 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:29 -!- RealKillaz [~RealKilla@67-231-248-213.static.as40244.net] has quit [Quit: This computer has gone to sleep]
22:41 < greg___> hallelujah!
22:41 < greg___> ithink i got it
22:41 < greg___> thanks ya'll
22:42 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:43 -!- greg___ [~grego@ip98-176-38-82.sd.sd.cox.net] has quit []
22:53 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 255 seconds]
22:54 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
22:54 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:54 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
23:00 -!- badon_ [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 245 seconds]
23:02 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 256 seconds]
23:05 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
23:08 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
23:16 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
23:18 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 250 seconds]
23:18 -!- deranged [Bit@lolnerd.net] has quit [Ping timeout: 272 seconds]
23:20 -!- deranged [Bit@lolnerd.net] has joined #openvpn
23:28 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
23:38 -!- ShadniX [dagger@p57941299.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:38 -!- ShadniX_ [dagger@p5481CE76.dip0.t-ipconnect.de] has joined #openvpn
23:38 -!- ShadniX_ is now known as ShadniX
23:51 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
--- Day changed Fri Apr 10 2015
00:11 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
00:13 -!- havingFun is now known as xrosnight
00:21 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
00:24 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 250 seconds]
00:35 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Remote host closed the connection]
00:40 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
--- Log opened Mon Apr 13 10:39:33 2015
10:39 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
10:39 -!- Irssi: #openvpn: Total of 217 nicks [7 ops, 0 halfops, 4 voices, 206 normal]
10:39 -!- mode/#openvpn [+o ecrist] by ChanServ
10:39 -!- Irssi: Join to #openvpn was synced in 1 secs
10:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:09 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
11:20 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
11:20 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 246 seconds]
11:23 < Naypalm> it's been bookmarked!
11:25 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Quit: No Ping reply in 180 seconds.]
11:26 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 255 seconds]
11:26 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
11:29 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
11:29 -!- mode/#openvpn [+o raidz] by ChanServ
11:33 -!- `hypermist` is now known as sleepypc
11:36 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
11:38 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:39 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
11:44 -!- ratmav [~ratmav@208-104-234-136.rh4.cm.dyn.comporium.net] has joined #openvpn
11:44 < ratmav> hi!
11:44 < ratmav> i'm setting up a openvpn as failover pair
11:44 < ratmav> i've already got the keys, etc.
11:44 < ratmav> i was wondering: when i set up ssh keys, does the user have to be root?
11:44 < ratmav> i normally use an admin user/sudo for that
11:45 < ratmav> i already have my *license* keys
11:47 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
11:51 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Remote host closed the connection]
11:54 -!- BtbN [btbn@btbn.de] has joined #openvpn
11:57 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
11:59 < pekster> ratmav: license keys are not used/needed with OpenVPN, only acceptance of the GPL. Perhaps you're using:
11:59 < pekster> !as
12:00 < pekster> Oh, bot is gone. See /TOPIC
12:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
12:01 < ratmav> pekster: yes, i am using as
12:01 < pekster> #openvpn supports OpenVPN, not commercial frontends to OpenVPN, for which you need to contact your vendor
12:01 < ratmav> "openvpn AS failover pair"
12:01 < ratmav> so...you can't tell me if the ssh user needs root or not?
12:01 < ratmav> ok
12:01 -!- ratmav [~ratmav@208-104-234-136.rh4.cm.dyn.comporium.net] has quit [Quit: Leaving]
12:01 < pekster> NFI
12:02 < pekster> Reading are hard.
12:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:11 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
12:15 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
12:17 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 240 seconds]
12:21 -!- crayon [~user@unaffiliated/button] has joined #openvpn
12:22 < crayon> whats the most secure vpn authentication? ipsec hybrid rsa?
12:26 < Thermi> RSA, username + one time token.
12:27 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
12:28 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Client Quit]
12:37 < Eugene> At a certain point its just paranoia
12:41  * esde adjusts tin foil hat
13:19 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
13:21 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:31 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Max SendQ exceeded]
13:31 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
13:32 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
13:38 -!- warriorforGod [~warriorfo@unaffiliated/warriorforgod] has joined #openvpn
13:38 < warriorforGod> I have run into an issue where my OpenVPN CA certificate has expired.  Is there any way to generate a new ca cert for my OpenVPN server that will work without having to touch my OpenVPN clients?
13:43 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:44 -!- zmachine [uid53369@gateway/web/irccloud.com/x-codbvfjrhtrkwton] has joined #openvpn
13:45 -!- linuxgecko [~gecko@rrcs-67-78-114-58.sw.biz.rr.com] has quit [Ping timeout: 264 seconds]
13:45 < Thermi> warriorforGod: No.
13:49 <@dazo> warriorforGod: nope ... be clever this time and look into using a master CA with a very long expiry (20y ++) and have a sub-CA for openvpn with a shorter lifetime (5-10y++) ... then you can renew the sub-CA more easily.  But root CAs cannot be renewed
14:06 < mete> good evening. I'm trying to set-up a openvpn server (bridges interfaces) on a dedicated server, which has a /24 public ip subnet in front on eth0. I can connect with my windows client to the openvpn server (running on debian 7), the client gets the ip 91.235.xxx.240 with 255.255.255.0 netmask and as default gateway 91.235.xxx.24 on the tap interface. How can I push 91.235.xxx.1 as default GW
14:06 < mete> instead of the 24 to the client? my server config: http://pastebin.com/Mwx9tXE7   ccd of the test client: http://pastebin.com/mT9RDtE3  client config: http://pastebin.com/Jww2LuVb
14:14 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
14:18 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
14:19 -!- mykeylynx [~mykeylynx@pool-96-224-201-209.nycmny.fios.verizon.net] has joined #openvpn
14:19 < mykeylynx> Thank goodness for irc
14:20 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has joined #openvpn
14:21 < mete> ah, .24 works as gateway, needed to activate promisc on eth0... is that normal?
14:21 < mykeylynx> Can someone please help me. I am using OS X 10.9 I installed tunnel brick the VPN and openvpn but for the life of me I can't get it to connect. Do I have to mod anyfiles on the mac like the host file or deal with a gateway file? Or did tunnel and open VPN do that already? Thanks
14:22 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
14:30 < mykeylynx> Any hints on if I have to modify any files on the OS X?
14:31 < mete> what error you're getting?
14:32 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
14:33 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
14:36 -!- mykeylynx [~mykeylynx@pool-96-224-201-209.nycmny.fios.verizon.net] has quit [Quit: Colloquy for iPhone - http://colloquy.mobi]
14:37 -!- mykeylynx [~mykeylynx@pool-96-224-201-209.nycmny.fios.verizon.net] has joined #openvpn
14:38 < mykeylynx> Im not getting an error on the mac when i try to connect from my phone i get
14:39 < mykeylynx> I dont want to gonnuts a post the whole this here is the last few lines:
14:40 < mykeylynx> 2015-04-13 14:48:47 EVENT: WAIT
14:40 < mykeylynx> 1
14:40 < mykeylynx> v4
14:40 < mykeylynx> ...
14:40 < mykeylynx> TING
14:40 < mykeylynx> sym=0
14:40 < mykeylynx> ESOLVE
14:40 < mykeylynx> via UDP
14:40 < mykeylynx> NT: WAIT
14:40 < mykeylynx> eturned 1
14:40 < mykeylynx> via UDPv4
14:40 < mykeylynx> MEOUT [ERR]
14:40 < mykeylynx> DISCONNECTED
14:40 < mykeylynx> n disconnect:
14:40 < mykeylynx> YTES_OUT : 420
14:40 < mykeylynx> ACKETS_OUT : 30
14:40 < mykeylynx> TION_TIMEOUT : 1
14:40 < mykeylynx> N_RECONNECT : 5
14:40 < mykeylynx> ats on disconnect:
14:40 < mykeylynx> icroseconds): 53881
14:40 <+esde> STAHP
14:40 < mykeylynx> per CPU second: 7794
14:40 < mykeylynx> tes per CPU second: 0
14:40 < mykeylynx> NT: DISCONNECT_PENDING
14:40 <+esde> thank you
14:42 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
14:43 < mykeylynx> 2015-04-13 14:48:47 EVENT: WAIT
14:43 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
14:43 < mykeylynx> 1
14:43 < mykeylynx> v4
14:43 < mykeylynx> ...
14:43 < mykeylynx> TING
14:43 < mykeylynx> sym=0
14:43 < mykeylynx> ESOLVE
14:43 < mykeylynx> via UDP
14:43 < mykeylynx> NT: WAIT
14:43 < mykeylynx> eturned 1
14:43 < mykeylynx> via UDPv4
14:43 < mykeylynx> MEOUT [ERR]
14:44 < mykeylynx> DISCONNECTED
14:44 < mykeylynx> n disconnect:
14:44 < mykeylynx> YTES_OUT : 420
14:44 < mykeylynx> ACKETS_OUT : 30
14:44 < mykeylynx> TION_TIMEOUT : 1
14:44 < mykeylynx> N_RECONNECT : 5
14:44 < mykeylynx> ats on disconnect:
14:44 < mykeylynx> icroseconds): 53881
14:44 < mykeylynx> per CPU second: 7794
14:44 < mykeylynx> tes per CPU second: 0
14:44 < mykeylynx> NT: DISCONNECT_PENDING
14:44 < mykeylynx> Um im trying to paste the log do you see it
14:44 < mykeylynx> Im on colloquies mobile
14:44 <+esde> ?paste
14:44 < zoredache> Perhaps you were looking for pastebin?
14:44 < mykeylynx> Thank you
14:44 <+esde> ecrist, dazo can you swing zee banhammer please?
14:46 -!- mode/#openvpn [+b *!*@pool-96-224-201-209.nycmny.fios.verizon.net] by dazo
14:46 -!- mykeylynx was kicked from #openvpn by dazo [You've lost your chance by this abuse]
14:47 -!- mode/#openvpn [+b mykeylynx!*@*] by dazo
14:47  * esde passes dazo a cold beer
14:48 <@dazo> :)
14:50 -!- zadock [~zadock@5-13-165-241.residential.rdsnet.ro] has joined #openvpn
14:52 -!- sl01 [~sl01@li431-44.members.linode.com] has joined #openvpn
15:07 -!- zadock [~zadock@5-13-165-241.residential.rdsnet.ro] has quit [Ping timeout: 276 seconds]
15:20 -!- pk12 [~pk12@84.39.116.180] has quit [Ping timeout: 265 seconds]
15:23 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
15:36 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 272 seconds]
15:54 -!- warriorforGod [~warriorfo@unaffiliated/warriorforgod] has quit [Ping timeout: 256 seconds]
15:56 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:56 -!- zmachine [uid53369@gateway/web/irccloud.com/x-codbvfjrhtrkwton] has quit [Quit: Connection closed for inactivity]
15:58 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
16:27 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:32 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Quit: ZZZZZzzzz]
16:34 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
16:44 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
16:45 < Olipro_> I've written a plugin for OpenVPN that reads in routes to push on the fly from an LDAP server - however, if I add a subnet and a user reauthenticates, my plugin passes the correct string to OpenVPN but the client still receives the old one
16:49 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Remote host closed the connection]
16:58 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
17:05 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:10 -!- niseak [~niseak@162.222.47.218] has quit [Quit: Leaving...]
17:10 <+s7r> Olipro_ still there?
17:29 < Olipro_> yes
17:48 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 240 seconds]
17:57 <@dazo> Olipro_: could you provide some info to the -devel mailing list?  Not sure yet if it's a bug or a feature ... also, do you use the v2 or v3 plug-in API?
17:57 <@dazo> (I know a thing or two about the plug-in API, and was the one who implemented the v3 API)
17:58  * dazo is logging off now ... getting late here and got a long day tomorrow
17:59 -!- dazo is now known as dazo_afk
18:02 < cagedwisdom> I can't figure out what's wrong with my config: http://www.pastekit.com/#!ViewPage;hash=kRgRzY
18:02 < cagedwisdom> <cagedwisdom> This is my client side log at verb=4 http://www.pastekit.com/#!ViewPage;hash=kR42JJ  .. There is.nothing in the server log
18:06 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:12 < Olipro_> I'm using the v3 API
18:46 < pekster> Olipro_: By reauthenticate, do you mean the TLS re-key window (ie, one triggered by the --reneg-* options)? If so, you can't push updated routes, at least not through the normal PUSH method using the OpenVPN control channel because you can't gaurentee a client hasn't dropped root permission required to manipulate the routing table
18:46 < Olipro_> no, I mean if I fully disconnect and reconnect
18:47 < pekster> Yea, you'd expect that to work then. Not doing something like --user, --group, or --chroot on the client, right? Even on a reconnect I don't think that'll work unless you restart the client process, as root
18:47 < Olipro_> it's not the client
18:47 < pekster> Ah, not even getting pushed, right
18:47 < pekster> :\
18:47 < Olipro_> the string that gets sent over the wire isn't the one the plugin sent
18:47 < Olipro_> if I restart the daemon, problem solved
18:47 < Olipro_> but I shouldn't need to do that
18:48 < pekster> No nscd or other caching daemon on your server-side?
18:48 < Olipro_> here's how I setup the return: auto& ptr = ret.return_list[0]; ptr = new (malloc(sizeof(*ptr))) openvpn_plugin_string_list(); ptr->name = strdup("config"); ptr->value = strdup(routeStr.str().c_str());
18:49 < Olipro_> nscd can't have anything to do with it, this is internal to the plugin API
18:49 < Olipro_> there's no DNS here
18:49 < pekster> nscd can cache everything, from LDAP replies, to DNS, to services(5) queries. But if you've debugged what the plugin thinks it's sending, then that's moot to
18:50 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
18:50 -!- mode/#openvpn [+o vpnHelper] by ChanServ
18:50  * ecrist kicks vpnHelper
18:50 < pekster> !ping
18:51 <@vpnHelper> pong
18:53 < pekster> Smells like a bug in the API, but I'm not that familiar with that part of the codebase; see what dazo has to say about it, or toss it on the -dev ML (where he also subscribes)
19:18 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
19:46 -!- kash [~kash@unaffiliated/kash] has joined #openvpn
19:47 < kash> what are the best resources to read for setting up a multi-site VPN setup? i.e. i want a few different entry points to the VPN so that it doesn't go down
19:48 < kash> right now i've got one and when it goes down the whole subnet is unreachable, it'd be ideal if three servers allowed access to the same subnet
20:05 -!- crayon [~user@unaffiliated/button] has quit [Ping timeout: 250 seconds]
20:13 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 240 seconds]
20:16 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 246 seconds]
20:21 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
20:39 -!- havingFun is now known as xrosnight
20:41 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
20:45 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
20:48 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Quit: Turning IRC client off]
20:48 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
20:51 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
20:59 -!- u0m3 [~u0m3@109.96.156.18] has joined #openvpn
21:22 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 248 seconds]
21:23 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
21:41 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:43 -!- acoolguy [~A@ip-64-134-230-90.public.wayport.net] has joined #openvpn
21:47 < acoolguy> i have a webserver(1) on my computer and i have an ssh server(2), i want to use openvpn to create a vpn tunnel to serve the web server(1) that i have on my computer to use the ip on the ssh server(2),  how do i do this?
21:48 < kash> acoolguy: i do that. you'll need to set up a tun-style vpn
21:48 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 419 seconds]
21:48 -!- lfx [~lfx@self-aware.evilmachines.net] has quit [Ping timeout: 419 seconds]
21:48 < kash> acoolguy: use iptables rules as root on your ssh endpoint to create the redirect just like a normal linux port forward
21:48 < acoolguy> so how does openvpn read my apache server from my computer and use the ip on the ssh server?
21:48 -!- jeev_ [~j@unaffiliated/jeev] has joined #openvpn
21:49 < acoolguy> one problem is i'm at a cafe and behind a nat
21:49 < acoolguy> i'm basically trying to serve my web server that i have on my computer
21:49 < kash> not a problem. you need to have root access on your ssh server
21:49 < acoolguy> using an ssh server i have on google
21:49 < kash> you might not need OpenVPN if you just want a simple "ssh -R 9000:localhost:80 user@ssh.example.com"
21:50 < kash> then that will open port 9000 on remote server IP and forward to your laptop localhost:80
21:50 < acoolguy> so if i do
21:51 < kash> you can't do ssh -R 80:localhost:80
21:51 < acoolguy> that's all i have to do for port?
21:51 < acoolguy> use ssh not opevpn?
21:51 < acoolguy> why can't i do ssh -R 80:localhost:80 ?
21:51 < kash> also your remote host needs GatewayPorts Yes
21:51 < kash> because ports under 1024 are restricted to root user in Linux
21:51 < kash> you'll need to test to see if your ssh server allows you to listen on 0.0.0.0
21:51 < acoolguy> how can i remove the restriction?
21:52 < kash> ssh -R 0.0.0.0:9000:localhost:80
21:52 < kash> it may force you to listen on 127.0.0.1
21:52 < acoolguy> i want it to be port 80
21:52 < kash> so, edit /etc/ssh/sshd_config and change GatewayPorts Yes
21:52 < acoolguy> so i can do mydomain.com without mydomain.com:9000
21:52 < acoolguy> i can browse that way*
21:52 < acoolguy> so i can browse that way*
21:52 < kash> and you'll have to ssh to root user directly, i suggest using keys
21:53 < kash> otherwise google how to iptables forward to localhost:9000
21:53 < kash> ;)
21:53  * kash &
21:54 < acoolguy> ok thx
21:58 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 245 seconds]
21:59 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
22:02 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Remote host closed the connection]
22:06 -!- Netsplit *.net <-> *.split quits: SoreGums, flyingkiwi, jzaw, Naypalm, rika, DzAirmaX, marlinc, @syzzer, cyberanger, nsrafk
22:09 -!- sleepypc is now known as `hypermist`
22:13 -!- Netsplit over, joins: @syzzer, DzAirmaX, flyingkiwi, Naypalm, rika, SoreGums, marlinc, jzaw, nsrafk, cyberanger
22:13 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-pqpsewqmklqyovak] has quit [Max SendQ exceeded]
22:13 -!- rika [rika@trivialand/guesser/rika] has quit [Max SendQ exceeded]
22:13 -!- rika_ [rika@trivialand/guesser/rika] has joined #openvpn
22:14 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-zyynirnbxycfjrpz] has joined #openvpn
22:15 -!- acoolguy [~A@ip-64-134-230-90.public.wayport.net] has quit [Ping timeout: 256 seconds]
22:18 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
22:21 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Remote host closed the connection]
23:00 -!- pk12 [~pk12@84.39.116.180] has quit [Ping timeout: 250 seconds]
23:17 -!- greg___ [~grego@ip98-176-38-82.sd.sd.cox.net] has joined #openvpn
23:17 < greg___> hello again
23:17 < greg___> i was here last week trying to get an openvpn server setup working on an ec2 ubuntu instance
23:18 < greg___> my trouble is that clients cannot access the local lan
23:18 < greg___> last week i had it working, but at some point i restarted the server and now i'm back to the same thing
23:18 < greg___> i thought the missing piece to the puzzle was adding a new route at the vpc level
23:19 < greg___> i'm wondering if someone can give me some pointers on what I should be looking for
23:19 < greg___> e.g. - what should my route table on the server machine look like?
23:19 < kash> iptables rules?
23:19 < kash> did they disappear on reboot?
23:20 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
23:20 < greg___> it's possible, however, i thought i had reverted them all when it was working
23:20 < greg___> the problem is i had so much trial and error i'm unsure of what might have been in place at the time
23:20 -!- psykotik1 [~jon@unaffiliated/999/x-4697496] has joined #openvpn
23:21 < psykotik1> !welcome
23:21 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
23:21 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
23:22 < psykotik1> i'm trying to connect to a free vpn provider using gnome's NetworkManager, but im getting a timeout
23:22 < greg___> iptables was it
23:22 < greg___> thanks kash!
23:24 < psykotik1> !logs
23:24 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
23:24 < psykotik1> !logfile
23:24 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
23:25 < kash> awesome greg___
23:29 < psykotik1> !interface
23:29 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For
23:29 <@vpnHelper> Linux: iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
23:33 -!- ShadniX [dagger@p5DDFE1E0.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:35 < psykotik1> systemctl disable NetworkManager
23:35 < psykotik1> d'oh
23:35 -!- ShadniX [dagger@p5481DE4A.dip0.t-ipconnect.de] has joined #openvpn
23:35 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
23:36 < psykotik1> im getting timeout errors when i try to connect to the vpn providor, i have iptables and nftables disabled, can anyone help?
23:38 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:48 -!- `hypermist` is now known as sleepypc
23:54 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
23:56 < kash> psykotik1: nmap is your friend?
--- Day changed Tue Apr 14 2015
00:02 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
00:03 -!- sleepypc is now known as `hypermist`
00:10 -!- zadock [~zadock@5-13-165-241.residential.rdsnet.ro] has joined #openvpn
00:14 < psykotik1> you mean nmap the server?
00:18 -!- greg___ [~grego@ip98-176-38-82.sd.sd.cox.net] has quit [Ping timeout: 248 seconds]
00:21 < psykotik1> !howto
00:21 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
00:43 < psykotik1> ok, i;ve connected to my vpn provider, now what do i do?
00:45 -!- psykotik1 [~jon@unaffiliated/999/x-4697496] has quit [Quit: WeeChat 1.1.1]
00:46 -!- _FBi [~B@Aircrack-NG/User] has quit [Excess Flood]
00:47 -!- FBi [B@Aircrack-NG/User] has joined #openvpn
00:47 -!- FBi is now known as Guest24307
01:10 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 244 seconds]
01:11 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
01:11 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
01:12 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:15 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
01:21 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
01:25 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
01:49 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
01:51 < Olipro> anyone here familiar with the OpenVPN plugin API?
01:51 < Olipro> specifically, populating the *ret struct with push parameters
01:53 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
01:57 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: flashing routers again]
02:02 -!- havingFun is now known as xrosnight
02:03 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Quit: No Ping reply in 180 seconds.]
02:04 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
02:07 -!- havingFun is now known as xrosnight
02:44 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:47 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
03:00 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
03:07 < matt_> does anybody know if an openvpn client for windows that is 'easy' to use? e.g. import a profile by double clicking it without having to copy the profile to some location?
03:07 -!- rika_ is now known as rika
03:12 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
03:14 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:18 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
03:29 -!- zadock [~zadock@5-13-165-241.residential.rdsnet.ro] has quit [Ping timeout: 264 seconds]
03:39 -!- deranged [Bit@lolnerd.net] has quit [Quit: brb]
03:40 -!- deranged [Bit@lolpurr.net] has joined #openvpn
03:42 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
03:44 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
03:49 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
03:59 -!- dazo_afk is now known as dazo
04:20 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
04:31 -!- `hypermist` is now known as sleepypc
04:49 -!- sleepypc is now known as `hypermist`
05:02 -!- Netsplit *.net <-> *.split quits: snooops, ender|, seg, M4rc3l, hojgaard, u0m3
05:03 -!- Netsplit over, joins: M4rc3l
05:03 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has joined #openvpn
05:06 -!- seg [~seg@fsf/member/seg] has joined #openvpn
05:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:21 -!- mattock is now known as mattock_afk
05:23 -!- AlmogBaku [~AlmogBaku@bzq-79-180-131-236.red.bezeqint.net] has joined #openvpn
05:25 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
05:30 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
05:31 -!- Haxxa [~Harrison@168.1.75.47-static.reverse.softlayer.com] has joined #openvpn
05:38 -!- NoOova [~pavelpat@unaffiliated/nooova] has joined #openvpn
05:39 < NoOova> Hello
05:39 < NoOova> could i add toserver custom client certificate?
05:39 < NoOova> not generated with openvpn
05:42 -!- seg [~seg@fsf/member/seg] has quit [Quit: !!]
05:44 -!- NoOova [~pavelpat@unaffiliated/nooova] has quit [Quit: WeeChat 1.0.1]
05:52 -!- rich0_ is now known as rich0
05:52 -!- seg [~seg@fsf/member/seg] has joined #openvpn
05:55 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 256 seconds]
05:56 -!- soLucien [~Lu@178.62.252.248] has quit [Quit: Leaving]
06:05 -!- mattock_afk is now known as mattock
06:09 -!- Haxxa [~Harrison@168.1.75.47-static.reverse.softlayer.com] has quit [Ping timeout: 272 seconds]
06:15 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
06:21 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
06:37 -!- Naypalm [~naypam@unaffiliated/naypalm] has left #openvpn ["WeeChat 1.1.1"]
06:37 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-diqtwzxhycpnertm] has joined #openvpn
06:52 -!- zadock [~zadock@5-13-169-174.residential.rdsnet.ro] has joined #openvpn
06:54 < AlmogBaku> NoOova, just change the CA of your server to the CA of your cert.
06:54 -!- u0m3 [~u0m3@109.96.156.18] has joined #openvpn
07:13 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
07:13 -!- zadock [~zadock@5-13-169-174.residential.rdsnet.ro] has quit [Quit: Leaving]
07:24 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
07:35 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
07:42 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has quit [Remote host closed the connection]
07:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:54 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn
08:05 -!- AlmogBaku [~AlmogBaku@bzq-79-180-131-236.red.bezeqint.net] has quit [Remote host closed the connection]
08:07 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
08:07 -!- mode/#openvpn [+v s7r] by ChanServ
08:10 -!- mattock is now known as mattock_afk
08:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
08:32 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
08:33 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
08:34 -!- u0m3 [~u0m3@109.96.156.18] has quit [Ping timeout: 256 seconds]
08:43 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:47 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer]
08:47 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
08:54 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
08:57 -!- mattock_afk is now known as mattock
08:58 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
09:11 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
09:20 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
09:21 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
09:34 -!- droid909 [~droid909@unaffiliated/droid909] has joined #openvpn
09:35 < droid909> guys, i have client-to-client
09:35 < droid909> set in my server.conf
09:35 < droid909> it worked fine, i was able to connect from one client to another
09:35 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 264 seconds]
09:35 < droid909> but it stoped, i can't reach anothe client anymore
09:35 < droid909> how can i troubleshoot it
09:37 < droid909> both clients are connected
09:37 < droid909> and i can see them connected via telten console, status command
09:38 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
09:40 < droid909> looks like that is the client fault
09:40 < droid909> i have 3 clients in total
09:41 < droid909> and the one that is on windows is connected but can't connect to other
09:41 < droid909> but other two can connect to each other
09:41 < droid909> i was thinking that it is a routing fault so i did: netsh interface ip delete arpcache
09:43 < droid909> it flushed the routing cache but still no luck on connecting to other clients
09:44 < droid909> maybe i can add route?
09:44 < droid909> anyone?
09:57 -!- niseak [~niseak@162.222.47.218] has quit [Remote host closed the connection]
09:57 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
10:03 -!- `hypermist` is now known as sleepypc
10:14 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
10:27 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
10:48 -!- grammoboy [~derick@5ED69612.cm-7-7c.dynamic.ziggo.nl] has joined #openvpn
10:48 < grammoboy> should an vpn work the same on a cubietruck minipc, compared to desktop?
10:49 < grammoboy> same performance?
10:50 < grammoboy> it has 10/100/1000 RTL8211E Gigabit Ethernet
10:51 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 246 seconds]
10:53 < BtbN> Depends entirely on the CPU.
10:54 < BtbN> And network performance of course.
10:54 < grammoboy> Ah CPU is important too?
10:55 < grammoboy> CPU: ARM Cortex-A7 @ 1 GHz dual-core
10:55 < grammoboy> hm is that enough?
10:57 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Ping timeout: 256 seconds]
10:57 -!- u0m3 [~u0m3@109.96.156.18] has joined #openvpn
10:59 < grammoboy> BtbN, ^?
11:00 < BtbN> won't get too much de/encryption performance out of that.
11:01 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
11:03 < grammoboy> hm ok thanks.
11:03 < grammoboy> what is better hardware for it?
11:03 < grammoboy> a NAS server?
11:04 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
11:11 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:14 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
11:15 < Olipro_> it'll perform better once GCM becomes available in OpenVPN
11:15 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Ping timeout: 256 seconds]
11:15 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
11:16 < Olipro_> you could also try compiling OpenSSL/PolarSSL as Thumb code rather than ARM
11:16 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
11:18 -!- grammoboy [~derick@5ED69612.cm-7-7c.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
11:31 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:46 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
11:51 -!- soLucien [~Lu@178.62.252.248] has quit [Disconnected by services]
12:00 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
12:04 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has joined #openvpn
12:04 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
12:04 < coldstream> hello :)
12:08 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
12:09 < mete> I'm using tap to bridge the vpn traffic. If I install the openvpn server on a physical linux box, all works as expected. If I install the same openvpn config on a virtual linux box on vmware esx, I need to enable the promiscuous mode on the vSwitch. Is there another way to solve the problem instead of enabling the promiscuous mode?
12:13 < Thermi> mete: No.
12:13 < mete> Thermi: bad xD
12:14 < Thermi> Well, you could do some weird mac address nat with arptables, but that's stupid and breaks the bridginess of the bridge.
12:15 < mete> on this vswitch is so much traffic... this will "spam" the guest xD
12:15 < Thermi> Stop bridging and start routing then.
12:16 < coldstream> hey guys can anyone help me setting up openvpn on my router running openwrt. i have openvpn proper configured however i want the vpn only to run over one instance with its own ssid but i have no clue how to pull this off :(
12:16 < mete> I need the public IP on the client side - so bridging is right here
12:16 < Thermi> So what? NAT is your friend in this case.
12:17 < mete> create a ton of nat rules? not cool...
12:17 < mete> so a new server is cheaper xD
12:17 < Thermi> Describe your whole problem.,
12:19 < coldstream> i have my config files posted at the openwrt forum at https://forum.openwrt.org/viewtopic.php?id=56829 but i have no clue what i should be setting up. if any of you can point me in the right direction? ;)
12:19 <@vpnHelper> Title: Little help on VPN (Page 1) — General Discussion — OpenWrt (at forum.openwrt.org)
12:21 < mete> 200 clients behind restrective firewalls should get public IPs via openvpn, without any 1:1 nat. There should be as little ipv4 "waste" as possible. The clients will host a service on the public IP.
12:21 < Thermi> Route it then
12:21 < Thermi> Just route it
12:22 < Thermi> Or do you have the whole IPv4 subnet onlink on the openvpn box "outside"?
12:23 < mete> the whole subnet is on eth0 (a /24)
12:24 < Thermi> Urgh.
12:24 < Thermi> Just urgh.
12:24 < mete> I can also connect a second /24 to eth1 ;)
12:24 < Thermi> Do proxy arp on that openvpn box that is "outside" for your 200 IP adresses, then route the traffic for those IPs over the tunnel. Set up the IPs on the boxes in your own location and set their default route accordingly.
12:25 < mete> do you've any docs for proxy arp in this case?
12:25 < Thermi> Just stuff I googled
12:25 < mete> kk
12:25 < Thermi> google:"Linux proxy arp"
12:25 < mete> thx
12:26 < Thermi> I think you can figure the rest of the construction yourself. :)
12:26 < Thermi> That's your "homework".
12:26 < Thermi> coldstream: The key word is "policy based routing".
12:26 < mete> I hope so :)  not known that there's a arp proxy "function" available
12:26 < mete> thx
12:27 < coldstream> thanks i will have a look at that
12:29 < Thermi> coldstream: Somehow mark the clients, whose traffic you want to go over the tunnel. Might it be by assigning them IPs from a different subnet, or assigning their traffic marks in iptables.
12:31 < coldstream> i will look at using a different subnet
12:31 -!- kash [~kash@unaffiliated/kash] has quit [Remote host closed the connection]
12:33 -!- kash [~kash@unaffiliated/kash] has joined #openvpn
12:35 -!- u0m3 [~u0m3@109.96.156.18] has quit [Quit: Leaving]
12:42 < coldstream> so how do i let only this subnet go over the tunnel, also use iptables for this?
12:46 < Thermi> coldstream: Policy based routing. Look here: http://wiki.openwrt.org/doc/uci/network#ip_rules
12:46 < Thermi> Be aware: This breaks LUCI!
12:46 < Thermi> LUCI currently can not display rules that are defined in the network config and breaks, when it is told to view the network configuration sections!
12:48 < coldstream> alright well if i can configure it through uci its no problem, ill have a look thanks
12:50 < rob0> LUCI in the sky, with diamonds.
12:50 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-diqtwzxhycpnertm] has quit [Quit: Connection closed for inactivity]
12:52 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
12:52 -!- kash [~kash@unaffiliated/kash] has quit [Quit: ZNC - http://znc.in]
13:02 < mete> Thermi: there seems to be more than only the arp proxy problem :D but I will check that out ;)
13:05 < Thermi> Check if you actually have the proxy arp entries.
13:05 < Thermi> Maybe you also need to fake a dhcp lease for every box, but I do not know that.
13:05 < Thermi> It always worked with just the proxy arp and routing.
13:07 < mete> all boxes and gateways seems to see all the arp entries :D  but ping not working without prom. mode ... but I will check this in detail :)
13:08 < Thermi> What?
13:08 < Thermi> promisc where?
13:08 < mete> on the vswitch
13:08 < Thermi> Urgh
13:08 < Thermi> Did you change your setup to routing?
13:08 < Thermi> Completely?
13:08 < mete> then it works, otherwise not ;)  see my first line here :D
13:08 < Thermi> Even between the boxes?
13:08 < mete> no
13:08 < mete> nothing changed unless arp enabled
13:09 < Thermi> The tunnel?
13:09 < mete> arp proxy *
13:09 < Thermi> and s/unless/except/?
13:09 < mete> [19:09:13] <mete> I'm using tap to bridge the vpn traffic. If I install the openvpn server on a physical linux box, all works as expected. If I install the same openvpn config on a virtual linux box on vmware esx, I need to enable the promiscuous mode on the vSwitch. Is there another way to solve the problem instead of enabling the promiscuous mode?
13:09 < Thermi> Well, obviously you need to do more things to fix it
13:09 < mete> ;)
13:09 < mete> I'm on the way
13:09 < Thermi> 19:24 <Thermi> Do proxy arp on that openvpn box that is "outside" for your 200 IP adresses, then route the traffic for those IPs over the tunnel. Set up the IPs on the boxes in your own location and set their default route accordingly.
13:09 < Thermi> Route!
13:09 < Thermi> Not bridge!
13:10 < Thermi> Don't bridge the tap device to your ethernet interface.
13:10  * esde passes Thermi a cold beer
13:10 < Thermi> Route it on each box.
13:10 < Thermi> esde: What for?
13:10 < Thermi> But thanks
13:10 <+esde> your patience and sanity, lol
13:11 < Thermi> I'm just hardened
13:11 < coldstream> Thermi sorry for beeing such a noob but i cant make any soup of it so far lol
13:12 < Thermi> coldstream: Paste your config using a pastebin service, please.
13:12 < Thermi> and tell me your openwrt version.
13:12 < coldstream> i will do, give me a minute
13:12 < coldstream> what config files do you need? firewall, openvpn and network?
13:14 < Thermi> network
13:15 < coldstream> http://pastebin.com/fMpbZDvT
13:15 < coldstream> running CC build, latest trunk
13:16 < Thermi> Well, there are no rules setuo
13:16 < Thermi> setup
13:16 < Thermi> What interface is the stuff, that should be treated specially, on?
13:17 < coldstream> config interface 'vpntest'
13:17 < coldstream>         option _orig_ifname 'wlan0-1'  -> should go through openvpj
13:17 < coldstream> openvpn*
13:17 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
13:22 -!- pk12 [~pk12@84.39.116.180] has quit [Remote host closed the connection]
13:22 < Thermi> coldstream: Okay. By the way, you cannot bridge a tun device to an ethernet device
13:22 < Thermi> Fix that config piece, please.
13:22 < Thermi> In the mean time, I'm writing you a snippet for the routing.
13:23 < coldstream> ok thanks, and im not very good at advanced networking like this. ill fix ir
13:23 -!- mykeylyn [~mykeylynx@rrcs-50-74-238-62.nyc.biz.rr.com] has joined #openvpn
13:24 < mykeylyn> Can someone please have a look at my log and tell me what may be the issue. I would greatly appreciate it!  http://pastebin.com/3L2tgUhX
13:24 < Thermi> Try that: https://bpaste.net/show/39fa5051c160
13:25 < Thermi> 2015-04-14 14:18:02 EVENT: CONNECTION_TIMEOUT [ERR]
13:26 < Thermi> There is no response to your packets. It is likely that they are dropped.
13:26 < coldstream> thanks Thermi i will try it
13:26 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
13:26 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
13:29 < mete> Thermi: OpenVPN allocates one /30 subnet per client in order to provide compatibility with Windows clients due to the limitation of the TAP-Win32 driver's TUN emulation mode.
13:30 < mete> so I need now 800 IPs? :D
13:30 < Thermi> What relevance does that have?
13:30 < Thermi> No?
13:30 < mete> if I've 200 connected clients?
13:30 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
13:30 < Thermi> Well, even if
13:30 < mete> Then OpenVPN assigns a /30 subnet for each client that connets. The first available /30 subnet (after the one the server is using)
13:30 < Thermi> Why not use 10.0.0.0/8?
13:30 < Thermi> :D
13:31 < mete> because I don't want to use NAT as mentioned? :D
13:31 < Thermi> Well, crap.
13:31 < Thermi> And your clients are all in different locations?
13:32 < mete> unfortunately - yes
13:32 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
13:32 < Thermi> Aw, crap.
13:33 < Thermi> Then you can't use openvpn
13:33 < mete> now the big question ist, what's cheaper, /22 (1000 ips) or a dedi server for only the openvpn server :D
13:33 < Thermi> But I have another solution to your problem: Use strongswan. It has fake arp and dhcp plugin and can give clients IPs that way. ;)
13:33 < Thermi> It's a free IPsec daemon.
13:34 < mete> IPsec doesn't work unfortunately :S
13:34 < Thermi> Why?
13:34 < mete> no IKE allowed
13:34 < Thermi> That's stupid.
13:34 < mete> also no pptp
13:35 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 255 seconds]
13:35 -!- rich0_ is now known as rich0
13:35 < mete> I'm just figuring, how other vendors make this - in my eyes watchguard uses openvpn in the background for their sslvpn
13:36 < mete> ah - they use tap xD
13:37 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
13:39 < mete> The problem is that vmware ESX virtual switch will not "learn" new mac address by default, it just accept the VM mac address and nothing more.
13:39 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
13:39 < mete> there's the point
13:46 < mete> Thermi: there's a solution that the vSwitch can learn new mac addresses :)  will create a forum post if I've figured it out :p
13:46 -!- mattock is now known as mattock_afk
13:51 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Quit: jthunder]
13:53 -!- mykeylyn [~mykeylynx@rrcs-50-74-238-62.nyc.biz.rr.com] has quit [Quit: Colloquy for iPhone - http://colloquy.mobi]
14:04 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:22 -!- jthunder [~jthunder@174.90.222.71] has joined #openvpn
14:39 < BtbN> uhm, isn't the /30 limitation of win32 tun long gone?
14:43 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
14:46 -!- jthunder [~jthunder@174.90.222.71] has quit [Quit: jthunder]
14:47 < coldstream> Thermi are you still around? no results here so far :(
14:49 < Thermi> Yes
14:49 < Thermi> coldstream: Give "ip rule" and "ip route show table 512"
14:49 < Thermi> And "ip link"
14:49 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has quit [Read error: Connection reset by peer]
14:49 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
14:52 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has joined #openvpn
14:52 < coldstream> Thermi http://pastebin.com/SLBb0JsF
14:52 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
14:53 < coldstream> im sure i added "32765:  from 192.168.2.248 lookup vpn" earlier today when i was trying around
14:54 < Thermi> Did you reboot the router?
14:54 < coldstream> no, only restarted network
14:54 < Thermi> Did you fix your problems in your network config?
14:55 < Thermi> What did restarting the network give out on the console?
14:55 < coldstream> http://pastebin.com/MXTTFCHA my network config, i can reboot the router now
14:55 < coldstream> maybe that will make a difference
14:56 < coldstream> give me a minute or so
14:56 < Thermi> Is that "vpntest" interface correct?
14:56 < Thermi> With eth1 being a child of that bridge?
14:57 < Thermi> That can not be correct.
14:57 < Thermi> eth1 is already a child of "lan"
14:57 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has quit []
14:57 < Thermi> Let's hope it's not bricked.
14:58 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has joined #openvpn
14:58 < coldstream> back
14:58 < Thermi> Your config has that vpntest interface in it
14:58 < Thermi> that's broken.
14:58 < Thermi> Remove it.
15:00 < coldstream> right now i cant access the uci
15:01 < coldstream> one min
15:05 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has quit [Ping timeout: 250 seconds]
15:19 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
15:23 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
15:24 -!- mode/#openvpn [+v RBecker] by ChanServ
15:28 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
15:29 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has joined #openvpn
15:29 < coldstream> Thermi i have really made a mistake there as i just had to reflash my router lol
15:29 < coldstream> :(
15:29 < Thermi> That'S what I thought
15:30 < coldstream> haha i probably had something wrong
15:30 < coldstream> with the eth0 i guess
15:31 < Thermi> Yes.
15:31 < Thermi> So everything is gone?
15:31 < coldstream> im restoring my router now, at least my channel config
15:31 < coldstream> yes all clean, clean flash
15:33 < coldstream> need to reboot router again for my wifi settings one min
15:35 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has quit [Read error: Connection reset by peer]
15:35 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has joined #openvpn
15:35 < coldstream> alright, thats that :)
15:40 -!- Latrina [~Latrina@adsl-ull-207-210.50-151.net24.it] has quit [Ping timeout: 272 seconds]
15:40 < coldstream> i will restore my openvpn config file and reupload the keys
15:41 < coldstream> then, i should setup the interface again right?
15:44 < Thermi> Yes.
15:45 < Thermi> The openvpn interface.
15:50 -!- Latrina [~Latrina@adsl-ull-60-223.50-151.net24.it] has joined #openvpn
15:52 -!- wathek [84d255f4@gateway/web/freenode/ip.132.210.85.244] has joined #openvpn
15:52 < wathek> Hi everybody, I'm facing a really strange problem with openvpn. I've configured my server and everything is ok I'm able to connect to my VPN and can ping my server.
15:53 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
15:54 < coldstream> thermi does this /etc/network make sense? http://pastebin.com/qE6RnCDi
15:54 < Olipro_> dazo: so about the plugin API
15:54 < Olipro_> I am using the latest API function versions
15:54 < wathek> my problem is that I'm making my VPN server pushing a new route to 192.168.50.* and I've configured a DNS server to make things easier so from my client when I do dig client.mydomain.local it returns the right IP which is 192.168.50.1 but when I try to do a ping on client.mydomain.local it doesn't work meanwhile when I ping the IP 192.168.50.1 it DOES work
15:55 < Thermi> coldstream: Yes.
15:55 < Olipro_> dazo: I setup the push config like so: auto& ptr = ret.return_list[0]; ptr = new (malloc(sizeof(*ptr))) openvpn_plugin_string_list(); ptr->name = strdup("config"); ptr->value = strdup(routeStr.str().c_str());
15:56 < coldstream> Thermi now i should add the lines to the config you sent me before, right?
15:56 < Thermi> Yes.
15:57 < coldstream>         option 'target'         'myspecialsubnet' this will be         option 'target'         '192.168.2' ?
15:59 < Thermi> Urgh, forgot a parameter. Hold on.
15:59 < coldstream> ok
16:00 < Thermi> Okay, false alarm.
16:02 < coldstream> ok so the interface gives me an ip in the 192.168.0.x range, so i assume it will be
16:02 < coldstream>         option 'target'         '192.168.0.1'?
16:02 < coldstream> or just 192.168.0 ?
16:03 < Thermi> What subnet did you give your special people?
16:04 < coldstream> aperently it gives out ips in this range however the dhcp server is 192.168.2.1 and subnet is 255.255.0.0 hmm
16:04 < coldstream> one sec
16:05 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 256 seconds]
16:06 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
16:07 < coldstream> 192.168.0.248 is the ip the client connects, 255.255.0.0 is the subnetmask and 192.168.2.1 the ip of this second dhcp i have no idea why i cant give it just in the 192.168.2 range though
16:08 < coldstream> .1.1 is the "normal" traffic
16:08 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
16:08 < mete> BtbN: I don't know, but it is listed on: http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html
16:08 <@vpnHelper> Title: "ifconfig-pool" option use a /30 subnet (4 private IP addresses per client) when used in TUN mode? (at openvpn.net)
16:08 < Thermi> Your subnetmask is too large.
16:09 < Thermi> Set your subnetmask to the correct 255.255.255.0 for your /24s.
16:09 < BtbN> That sounds outdated. I'm quite sure windows can work perfectly fine with a subnet topology.
16:09 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
16:09 < coldstream> IPv4: 192.168.1.1/24 runs at that subnetmask
16:10 < mete> BtbN: why openvpn pool gives by defailt /30 to all clients? this is the standard behaviour I know...
16:10 < mete> BtbN: you think it's therefore safe to use ifconfig-pool-linear  ?
16:10 < coldstream> IPv4: 192.168.2.1/16  should i edit that subnetmask?
16:10 < BtbN> Because it uses to be that way, and the default was never changed.
16:10 < BtbN> *d
16:11 < BtbN> Prevents old config files from breaking though
16:11 < mete> ok, I will try this in another routed config to verivy BtbN :)
16:11 < BtbN> I have several windows clients with topology subnet. It works at least since 2.1
16:11 < Thermi> coldstream: As your broadcastdomain is now split, use 255.255.255.0 for both networks and adjust the DHCP scope, if necessary.
16:11 < mete> verify *
16:12 < mete> BtbN: will ckeck that tommorow, thank you for that input! :)
16:13 < coldstream> Thermi it gives me now an ip in the 192.168.2.x range
16:14 < Thermi> Good. Is the subnetmask correct?
16:15 < coldstream> both at 255.255.255.0
16:18 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
16:18 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:19 < Thermi> good.
16:19 < Thermi> Did you alter your network configuration to include the forward rules and restarted the networking?
16:20 < coldstream> i am looking at the networking rules, its like this now but not sure if its correct like this http://pastebin.com/inB3qiFe
16:20 < coldstream> if it is, i will apply and restart it
16:26 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has quit [Read error: Connection reset by peer]
16:30 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has joined #openvpn
16:31 < coldstream> no succes so far :(
16:40 < Thermi> I don't know then.
16:40 < Thermi> :<
16:43 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has quit [Read error: Connection reset by peer]
16:43 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has joined #openvpn
16:44 < coldstream> i might have set something wrong for myself, now looking at my firewall settings
16:44 < coldstream> but still thank you very much for the help, well apriciated :)
16:45 < Thermi> You're welcome.
16:52 -!- coldstream [~ok@4dae4741.ftth.telfortglasvezel.nl] has quit [Read error: Connection reset by peer]
17:01 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
17:01 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:01 -!- mode/#openvpn [+v s7r] by ChanServ
17:02 -!- droid909 [~droid909@unaffiliated/droid909] has left #openvpn []
17:06 -!- sleepypc is now known as `hypermist`
17:09 < matt_> hello, does anybody know what the license is on the connect client the access server supplies?
17:12 -!- niseak [~niseak@162.222.47.218] has quit [Quit: Leaving...]
17:16 < Thermi> !as
17:16 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
17:16 < matt_> ahh, ok cheers
17:19 -!- antoniy [~kvirc@78.130.225.19] has quit [Ping timeout: 256 seconds]
17:20 -!- codebam [codebam@gateway/shell/yourbnc/x-bdxnrpfktplagblm] has quit [Ping timeout: 272 seconds]
17:20 < rob0> matt_, BTW, you can use the open source openvpn as a client to AS.
17:22 < matt_> rob0: yea, its not that, atm i have servers (opensource version) that are setup and working without any issues, profiles are being generated by a web page i chucked together which does all the crt generation and signing
17:23 < matt_> so people just get a profile with everything bundled in which works with all clients, the only thing is, the windows client the file needs to be copied into the configs dir as you probuly know
17:24 < matt_> but because this is a manual, 'non user friendly' process i'm getting asked to try and making it easier
17:24 -!- cagedwisdom [~X@124-170-96-184.dyn.iinet.net.au] has joined #openvpn
17:25 < cagedwisdom>  I can't figure out what's wrong with my config: http://www.pastekit.com/#!ViewPage;hash=kRgRzY
17:25 < matt_> and the as client allows you to select a file containing a profile which works fine, connects and everything and the user just needs to click buttons and point to files but i'm not sure I can use it
17:25 < cagedwisdom> This is my client side log at verb=4 http://www.pastekit.com/#!ViewPage;hash=kR42JJ  .. There is.nothing in the server log
17:27 < matt_> i was thinking about putting together a quick C# app that accepts a login, downloads openvpn client and the profile, silently installs and copies the profile into place as a proof of concept
17:32 < matt_> cagedwisdom: you want the vpn but only have it used by a single sid?
17:32 -!- dazo is now known as dazo_afk
17:37 < cagedwisdom> matt_, i dont understand. what is a sid?
17:53 -!- codebam [codebam@gateway/shell/yourbnc/x-kmykoidoeqyxhptd] has joined #openvpn
18:17 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
18:18 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
18:19 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
18:29 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 265 seconds]
18:31 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Ping timeout: 265 seconds]
18:31 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
18:32 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
18:35 -!- alefauch [~alefauch@lulzbox.fr] has quit [Quit: leaving]
18:38 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
19:14 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 272 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:16 -!- MalMen [~MalMen@xmr.link] has quit [Ping timeout: 246 seconds]
19:16 -!- {Civil} [~Civil@180.214.90.54] has joined #openvpn
19:18 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:21 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Excess Flood]
19:25 -!- raeflondon [raeflondon@got.ourback.net] has quit [Read error: Connection reset by peer]
19:30 < {Civil}> Hey, i've had the same issue for a few weeks now, openVPN on one server and nginx on the other, nginx is acting as a reverse proxy to other web servers in the same LAN (both the webservers, nginx and openvpn share the same WAN). When I check all external sites/servers my IP shows as the openvpn IP however accessing the internal webservers via nginx it shows as the clients remote IP and not the openVPN IP. I've been looking into forcing static routes and al
19:30 < {Civil}> l that, but still getting no where it seems. The only time I can get the OpenVPN server's IP (internal IP) to show up is when I access the nginx reverse proxy's iternal IP from the VPN (192.168.2.230) i then go to 192.168.2.230 and i am redirected to 192.168.2.201 but once i am redirected it then show as my remote IP and not my VPN IP or even the internal VPN server's IP.
19:30 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:42 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 248 seconds]
20:48 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:59 -!- {Civil} [~Civil@180.214.90.54] has quit [Ping timeout: 264 seconds]
21:04 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
21:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:29 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:36 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
21:36 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Ping timeout: 244 seconds]
21:37 -!- havingFun [~quassel@unaffiliated/xrosnight] has quit [Remote host closed the connection]
21:38 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
21:39 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:47 -!- RealKillaz [~RealKilla@173.244.39.218] has joined #openvpn
21:47 < RealKillaz> !welcome
21:47 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
21:47 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:48 < RealKillaz> !logs
21:48 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
21:48 < RealKillaz> !interface
21:48 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For
21:48 <@vpnHelper> Linux: iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
21:48 < RealKillaz> !howto
21:48 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
21:57 -!- RealKillaz [~RealKilla@173.244.39.218] has quit [Quit: This computer has gone to sleep]
21:58 <@ecrist> lol
22:09 -!- RealKillaz [~RealKilla@173.244.39.218] has joined #openvpn
22:09 <@ecrist> wb
22:09 < RealKillaz> Hi there
22:09 <@ecrist> Hello
22:10 <@ecrist> I hope I'm wrong.
22:18 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
22:18 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Quit: jthunder]
22:19 -!- RealKillaz [~RealKilla@173.244.39.218] has quit [Quit: This computer has gone to sleep]
22:19 -!- {Civil} [~Civil@180.214.90.54] has joined #openvpn
22:19 < {Civil}> Hey, i've had the same issue for a few weeks now, openVPN on one server and nginx on the other, nginx is acting as a reverse proxy to other web servers in the same LAN (both the webservers, nginx and openvpn share the same WAN). When I check all external sites/servers my IP shows as the openvpn IP however accessing the internal webservers via nginx it shows as the clients remote IP and not the openVPN IP. I've been looking into forcing static routes and al
22:19 < {Civil}> l that, but still getting no where it seems. The only time I can get the OpenVPN server's IP (internal IP) to show up is when I access the nginx reverse proxy's iternal IP from the VPN (192.168.2.230) i then go to 192.168.2.230 and i am redirected to 192.168.2.201 but once i am redirected it then show as my remote IP and not my VPN IP or even the internal VPN server's IP.
22:21 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
22:21 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Client Quit]
22:23 -!- RealKillaz [~RealKilla@173.244.39.218] has joined #openvpn
22:24 < RealKillaz> Guys I'm stuck and looking for way to see where my problem is with the machines behind my client being able to communicate with the VPN. I already took care of the push rout, rout and route, but no luck
22:25 < RealKillaz> machine behind my client not* being able
22:25 < RealKillaz> to commuicate
22:25 < RealKillaz> I have access to all the gateway/routes/firewall
22:25 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
22:25 -!- mode/#openvpn [+v RBecker] by ChanServ
22:25 < RealKillaz> Meaning I can manage them
22:25 < RealKillaz> administrate
22:26 < RealKillaz> Can I share with you the server conf via pastebin so you can give me some help
22:29 < RealKillaz> !paste
22:29 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
22:29 < RealKillaz> !configs
22:29 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
22:30 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
22:33 < RealKillaz> moment I'm gathering all the configurations
22:34 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Read error: Connection reset by peer]
22:35 -!- RealKillaz [~RealKilla@173.244.39.218] has quit [Quit: This computer has gone to sleep]
22:36 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
22:38 -!- RealKillaz [~RealKilla@173.244.39.218] has joined #openvpn
22:39 < RealKillaz> !paste
22:39 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
22:43 < RealKillaz> This is the configuration files on the openvpn server: https://gist.github.com/anonymous/147259fe91fee4a884f6
22:43 <@vpnHelper> Title: client (at gist.github.com)
22:44 < RealKillaz> !logs
22:44 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
22:44 < RealKillaz> !logfile
22:45 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
22:54 -!- `hypermist` is now known as sleepypc
22:56 < RealKillaz> This is a gist with the logs and the configuration files: https://gist.github.com/anonymous/6879f5ec30866d3d2e84
22:56 <@vpnHelper> Title: OpenVPN server setup and logs (at gist.github.com)
22:58 < RealKillaz> Like I said already I'm unable to reach from the other machines (behind the client) on the 192.168.1.0 LAN the VPN server
22:58 < RealKillaz> Hopefully I gave enough information
23:07 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
23:10 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:19 < {Civil}> Hey, i've had the same issue for a few weeks now, openVPN on one server and nginx on the other, nginx is acting as a reverse proxy to other web servers in the same LAN (both the webservers, nginx and openvpn share the same WAN). When I check all external sites/servers my IP shows as the openvpn IP however accessing the internal webservers via nginx it shows as the clients remote IP and not the openVPN IP. I've been looking into forcing static routes and al
23:19 < {Civil}> l that, but still getting no where it seems. The only time I can get the OpenVPN server's IP (internal IP) to show up is when I access the nginx reverse proxy's iternal IP from the VPN (192.168.2.230) i then go to 192.168.2.230 and i am redirected to 192.168.2.201 but once i am redirected it then show as my remote IP and not my VPN IP or even the internal VPN server's IP.
23:20 -!- RealKillaz [~RealKilla@173.244.39.218] has quit [Quit: This computer has gone to sleep]
23:34 -!- ShadniX [dagger@p5481DE4A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:34 -!- ShadniX [dagger@p5481D807.dip0.t-ipconnect.de] has joined #openvpn
23:37 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:55 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Remote host closed the connection]
23:57 -!- RealKillaz [~RealKilla@173.244.39.218] has joined #openvpn
23:57 < RealKillaz> Do I need the client-to-client for the machines behind the VPN client to reach other?
23:58 -!- sr_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
23:58 -!- sr_berry is now known as ser_berry
--- Log closed Wed Apr 15 00:19:00 2015
--- Log opened Wed Apr 15 19:32:32 2015
19:32 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
19:32 -!- Irssi: #openvpn: Total of 220 nicks [9 ops, 0 halfops, 3 voices, 208 normal]
19:32 -!- mode/#openvpn [+o ecrist] by ChanServ
19:32 -!- Irssi: Join to #openvpn was synced in 1 secs
19:33 -!- ketas- [~ketas@97-39-190-90.dyn.estpak.ee] has joined #openvpn
19:34 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Ping timeout: 256 seconds]
19:35 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has quit [Ping timeout: 245 seconds]
19:35 -!- dyce [~quassel@ns3290920.ip-5-135-184.eu] has quit [Quit: No Ping reply in 180 seconds.]
19:36 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has quit [Ping timeout: 245 seconds]
19:38 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has joined #openvpn
19:58 < {Civil}> however, i did kind of get somewhere.... when i direct IP access the nginx reverse proxy (192.168.2.230) it shows the connection in the access log as 192.168.2.239 (openVPN server) but then when it redriects to our webserver on 192.168.2.201 it then shows the clients remote IP (Not openvpn LAN IP or WAN IP).
19:59 < {Civil}> Ah
19:59 < {Civil}> Hey, i've had the same issue for a few weeks now, openVPN on one server and nginx on the other, nginx is acting as a reverse proxy to other web servers in the same LAN (both the webservers, nginx and openvpn share the same WAN). When I check all external sites/servers my IP shows as the openvpn IP however accessing the internal webservers via nginx it shows as the clients remote IP and not the openVPN IP. I've been looking into forcing static
19:59 < {Civil}> routes and
19:59 < {Civil}> all that, but still getting no where it seems. The only time I can get the OpenVPN server's IP (internal IP) to show up is when I access the nginx reverse proxy's iternal IP from the VPN (192.168.2.230) i then go to 192.168.2.230 and i am redirected to 192.168.2.201 but once i am redirected it then show as my remote IP and not my VPN IP or even the internal VPN server's IP.
20:02 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 246 seconds]
20:10 <@ecrist> {Civil}: I don't know that I'm following exactly what you're trying to do.
20:25 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Read error: Connection reset by peer]
20:27 -!- Guest24307 [B@Aircrack-NG/User] has left #openvpn []
20:27 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
20:30 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:33 < {Civil}> hey ecrist
20:33 < {Civil}> So, I have OpenVPN, nginx and webservers setup on the same LAN behind PFsense with the WAN IP.
20:34 < {Civil}> When a user connects to OpenVPN server (192.168.2.239) when it tries to access a webserver all requests go via nginx (192.168.2.230) to various other servers (192.168.2.201, 192.168.2.210)
20:35 < {Civil}> and since nginx is set to deny all unless their IP is added to the allowed list, when it goes to nginx the user's home connection IP is shown instead of the OpenVPN IP due to them being all behind the same WAN IP.
20:36 < {Civil}> so I want to ensure that I can then forward from 192.168.2.239 and have the IP ending in 239 show on nginx by forcing it from the OpenVPN server i'd assume
20:38 -!- Droolio [~drool@host81-147-65-216.range81-147.btcentralplus.com] has joined #openvpn
20:48 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has quit [Ping timeout: 240 seconds]
21:09 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:23 -!- Droolio [~drool@host81-147-65-216.range81-147.btcentralplus.com] has quit [Quit: Money can't buy happiness, but allows a choice of misery.]
21:24 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Quit: I'm cursing, I'm searching, I'm giving up hoping, I'm losing, I'm drowning, In my shit, I'm floating, It's after, it's never, It's too late for reason, It's now or it's never, It's over it's pouring out]
21:29 -!- cryptfu [~cryptfu@pool-100-40-82-48.prvdri.fios.verizon.net] has quit [Remote host closed the connection]
21:40 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:02 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
22:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:31 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Remote host closed the connection]
22:34 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
23:23 -!- `hypermist` is now known as sleepypc
23:33 -!- ShadniX [dagger@p5481D807.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX [dagger@p5481D8B2.dip0.t-ipconnect.de] has joined #openvpn
23:35 -!- sleepypc is now known as `hypermist`
23:54 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has joined #openvpn
--- Day changed Thu Apr 16 2015
00:09 -!- mattsl [~user@68.169.165.200] has joined #openvpn
00:11 < mattsl> I have two OpenVPN server configurations running. One is a client-server for individual systems and the other is a site-site between two routers. I can connect from vpn.client>router1>router2>machine.on.lan.behind.router2
00:12 < mattsl> However, I can't connect from machine.on.lan.behind.router1>router1>router2>machine.on.lan.behind.router2
00:12 < mattsl> I can connect from machine.on.lan.behind.router2>router1>router2
00:13 < mattsl> So basically using the site to site the LANs can't see each other
00:13 < mattsl> Any ideas?
00:32 -!- mattock_afk is now known as mattock
00:49 -!- {Civil} [~Civil@14-203-114-126.tpgi.com.au] has quit [Ping timeout: 245 seconds]
00:51 -!- {Civil} [~Civil@180.214.90.54] has joined #openvpn
01:06 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
01:20 -!- {Civil} [~Civil@180.214.90.54] has quit [Ping timeout: 250 seconds]
01:29 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
01:29 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
01:40 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
01:44 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Ping timeout: 256 seconds]
01:47 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
02:28 -!- mattsl [~user@68.169.165.200] has quit [Read error: Connection reset by peer]
03:31 -!- riano [~quassel@unaffiliated/riano] has joined #openvpn
03:36 < riano> Howdy folks. I'm having trouble getting the routing to work. I've setup a number of VPN connections, had a lot of trouble with TLS handshakes.. eventually settled on a static key solution, which is fine. The VPN is just for me and only for me, I'm fine with that solution. However, the moment I start adding any kind of gateway related information to the configs I lose every and all connectivity that I had. I'm trying to get all traffic to route through a
03:36 < riano>  remote VPS, setting up the connection works, routing fails.. Is anyone available to walk me through what I need to do to get this working? -- to add, I've removed ufw from the server and there's a MASQUERADE (or whatever) rule in iptables
04:02 -!- Changer90 [~quassel@217.160.177.68] has joined #openvpn
04:03 -!- Changer90 [~quassel@217.160.177.68] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
04:17 -!- timvroom [~timvroom@195-241-246-125.ip.telfort.nl] has joined #openvpn
04:17 -!- timvroom [~timvroom@195-241-246-125.ip.telfort.nl] has left #openvpn []
04:57 < riano> anyone alive out there? :)
05:14 -!- riano [~quassel@unaffiliated/riano] has quit [Remote host closed the connection]
05:19 -!- dazo_afk is now known as dazo
05:31 -!- mattock is now known as mattock_afk
05:46 -!- pk12_ [~pk12@84.39.116.180] has joined #openvpn
05:47 -!- pk12 [~pk12@84.39.116.180] has quit [Ping timeout: 245 seconds]
05:50 -!- havingFun_ is now known as xrosnight
06:08 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Read error: Connection reset by peer]
06:08 -!- mattock_afk is now known as mattock
06:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:32 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
06:38 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
06:59 -!- mattock is now known as mattock_afk
07:06 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:14 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
07:28 -!- ketas- is now known as ketas
07:29 -!- mreithub [~mreithub@chello062178151029.7.14.vie.surfer.at] has joined #openvpn
07:30 < mreithub> Hi, I wanted to ask if it's possible to configure the openvpn server to drop old connections (e.g. older than 2 or 3 days) and therefore forcing the clients to reconnect?
07:32 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
07:34 < tomodachi> mreithub: why?
07:34 < tomodachi> you have performance problems?
07:34 < tomodachi> udp is stateless so the connection shouldnt really be an issue unless you think having many tun interfaces and routing entries to be a problem
07:36 -!- mattock_afk is now known as mattock
07:37 -!- mreithub [~mreithub@chello062178151029.7.14.vie.surfer.at] has quit [Quit: Leaving]
07:38 -!- kantlivelong [~kantlivel@home.kantlivelong.com] has quit [Ping timeout: 245 seconds]
07:39 -!- mattock is now known as mattock_afk
07:42 -!- riano [~quassel@unaffiliated/riano] has joined #openvpn
07:42 < riano> Howdy folks. I'm having trouble getting the routing to work. I've setup a number of VPN connections, had a lot of trouble with TLS handshakes.. eventually settled on a static key solution, which is fine. The VPN is just for me and only for me, I'm fine with that solution. However, the moment I start adding any kind of gateway related information to the configs I lose every and all connectivity that I had. I'm trying to get all traffic to route through a
07:42 < riano>  remote VPS, setting up the connection works, routing fails.. Is anyone available to walk me through what I need to do to get this working? -- to add, I've removed ufw from the server and there's a MASQUERADE (or whatever) rule in iptables
07:43 < tomodachi> are you trying to route all your traffic over the VPN?
07:43 < tomodachi> riano:
07:43 < riano> yes
07:43 < tomodachi> well if have site A and site B
07:44 < tomodachi> and specify for site A , that default gateway should be on the other end of the tunnel *on site B*
07:44 < tomodachi> then you will break your connection
07:44 < tomodachi> since all traffic will be routed over the tunnel
07:44 < riano> yeah, that's what I figured is happening
07:44 < tomodachi> but the tunnel itself cannot go over the tunnel , it has to go over the internet
07:44 < tomodachi> hence you have to specify a more explicit route that will match
07:44 < riano> tomodachi: so far, you're making me all warm and fuzzy inside. Saying all the right things
07:45 < tomodachi> that says traffic to IP OF openvpn server destination
07:45 < tomodachi> goes over your ISP gateway
07:45 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
07:45 < riano> The thing here is.. HOW do I tell it to set the proper routes?
07:47 < tomodachi> this is where  just stop responding....
07:49 < riano> tomodachi: how come?
07:49 < tomodachi> just kidding!
07:49 < riano> lol!
07:49 < tomodachi> just to lure you so close to your answer
07:49 < tomodachi> hmm let me check
07:50 < tomodachi> you need to do a static route
07:50 < tomodachi> basically saying traffic to ipOfVPNGW goes throughIPgateway outside of tunnel
07:50 < riano> tomodachi: http://pastebin.com/jBCvf9rC
07:50 <+esde> !redirect
07:50 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
07:50 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
07:51 < tomodachi> wow theres even an auto option for it
07:51 < tomodachi> even better
07:51 < tomodachi> follow that advice may it lead you to the path of glory
07:52 < riano> that's pretty good..
07:52 < riano> right, lets see
07:52 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
07:52 -!- deranged [Bit@lolpurr.net] has quit [Quit: sticks and stones may break my bones but words are magnitudes more damaging]
07:55 < riano> ehehh
07:56 < riano> "fix your vpn"
07:56 < riano> -_-; that's what I'm trying to do
07:57 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Ping timeout: 256 seconds]
07:58 -!- kantlivelong [~kantlivel@home.kantlivelong.com] has joined #openvpn
07:58 < tomodachi> vpns are cool
07:59 < riano> when they work
07:59 -!- mattock_afk is now known as mattock
08:00 < riano> not even seeing incoming connections on the server right now
08:00 <+esde> if the community version is beyond your skillset to administer, Access Server is free for two licenses. And it gives you a neat GUI and everything
08:00 <+esde> !AS
08:00 <@vpnHelper> "AS" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
08:01 < riano> does the AS setup all the tidbits left and right to make it work?
08:02 < awk> can I ask a routing question here ? nothing related to openvpn
08:02 <+esde> i've not used it, but my understand is that it is designed to be simpler
08:02 <+esde> you can ask, but i can't guarantee you'll get an answer, useful or otherwise :P
08:03 < awk> I have a Connection from a.a.a.a (router 1)  to b.b.b.b (router 2).. I then have a ipsec inside of that as 1.1.1.1 (router 1) -> 2.2.2.2 (router 2) ... so now I am wanting to get my QoS setup correctly.. should I have 'forward' source 2.2.2.2 (mangle) mark packet 'dc' and 'forward' destination 2.2.2.2 (mangle) mark packet 'dc' (router 1) ... and then have prerouting b.b.b.b (source) and b.b.b.b (destination) mark packet 'dc' ... then have prerouting ToS 38
08:03 < riano> suppose it's worth a try. It's so weird to me that everyone has working vpn config files and for me it just.. doesn't :P  I've been using linux on the desktop and server for the past decade and a half, I'm not entirely new to this
08:04 <+esde> awk a question that is much better suited for #networking
08:04 <+esde> *##
08:04 < awk> they can't answer me ;(
08:04 < tomodachi> riano: use tcpdump on your tun interfaces to see if stuff is coming through , you can also use mtr to trace where the packets go
08:04 < tomodachi> either its firewall related , routing related , or forwarding related
08:05 <+esde> !linipforward
08:05 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
08:05 <+esde> !def1
08:05 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
08:17 -!- riano [~quassel@unaffiliated/riano] has quit [Ping timeout: 265 seconds]
08:18 -!- riano [~quassel@unaffiliated/riano] has joined #openvpn
08:18 < riano> not sure if this got through.. it works :D   esde thanks so so much
08:26 <+esde> yay!
08:26 -!- riano [~quassel@unaffiliated/riano] has quit [Ping timeout: 255 seconds]
08:42 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
08:44 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
08:44 -!- `hypermist` is now known as sleepypc
08:52 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:55 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
09:08 -!- Ssquidly [~squidly@gate.nnx.com] has joined #openvpn
09:08 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 244 seconds]
09:42 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
09:43 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
09:44 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
09:49 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
09:51 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
10:23 -!- BigVent [~BigVent@unaffiliated/bigvent] has joined #openvpn
10:24 < BigVent> morning o/
10:25 < BigVent> quick question: I followed the guide here --> http://www.howtogeek.com/64433/how-to-install-and-configure-openvpn-on-your-dd-wrt-router/
10:25 <@vpnHelper> Title: How To Install and Configure OpenVPN On Your DD-WRT Router (at www.howtogeek.com)
10:25 < BigVent> for creating certs, however, my server.crt is blank (created from Win7 box)
10:27 < BigVent> I made it with the typical "build-key-server server" command & checked other various sources.
10:27 < BigVent> Any thoughts? Suggestions?
10:44 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
10:45 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer]
10:46 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
10:52 <+esde> !walkthrough
10:52 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
10:52 <+esde> !howto
10:52 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
10:52 <+esde> !intro-to-pki
10:52 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
11:08 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:54 -!- BigVent [~BigVent@unaffiliated/bigvent] has left #openvpn [""If A is a success in life, then A equals X plus Y plus Z. Work is X; Y is play; and Z is keeping your mouth shut.""]
11:55 -!- Keatont [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
11:58 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-manhrvijksqndcgn] has joined #openvpn
12:08 -!- dyce [~quassel@ns3290920.ip-5-135-184.eu] has joined #openvpn
12:10 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
12:29 -!- vrs [~vrs@unaffiliated/vrs] has left #openvpn []
12:31 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
12:37 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 264 seconds]
12:41 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:44 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Quit: jthunder]
13:03 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
13:05 -!- niseak [~niseak@162.222.47.218] has left #openvpn []
13:10 < hikenboot> anyone know what the error command whack not found
13:10 < hikenboot> means?
13:19 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:31 -!- JackWinter_ [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
13:37 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
13:42 -!- zadock [~zadock@5-13-166-44.residential.rdsnet.ro] has joined #openvpn
13:48 -!- zadock [~zadock@5-13-166-44.residential.rdsnet.ro] has quit [Max SendQ exceeded]
13:48 -!- zadock [~zadock@5-13-166-44.residential.rdsnet.ro] has joined #openvpn
13:54 -!- mattock is now known as mattock_afk
14:01 -!- zadock [~zadock@5-13-166-44.residential.rdsnet.ro] has quit [Quit: Leaving]
14:10 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-manhrvijksqndcgn] has quit [Quit: Connection closed for inactivity]
14:13 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 246 seconds]
14:14 -!- u0m3 [~u0m3@109.96.156.18] has joined #openvpn
14:19 -!- computron [~computron@50.243.44.170] has joined #openvpn
14:29 -!- dazo is now known as dazo_afk
14:42 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
14:57 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
15:02 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
15:04 -!- u0m3 [~u0m3@109.96.156.18] has quit [Ping timeout: 250 seconds]
15:14 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
15:14 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Client Quit]
15:17 -!- DrCode [~DrCode@5.28.134.3] has quit [Read error: Connection reset by peer]
15:36 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 36.0.4/20150320202338]]
15:37 -!- tms [~tms@fixed-169-229-248-3.IST.Berkeley.EDU] has joined #openvpn
15:40 -!- computron [~computron@50.243.44.170] has quit [Ping timeout: 276 seconds]
15:49 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
15:50 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Client Quit]
15:54 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
15:54 -!- s7eele [~AndChat52@208.167.254.224] has joined #openvpn
15:56 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
16:06 -!- SoWhat [~Karl@dslb-178-007-098-008.178.007.pools.vodafone-ip.de] has joined #openvpn
16:06 < SoWhat> hello
16:06 < SoWhat> is here anybody?
16:08 < SoWhat> I have a Raspberry PI router that works as a wifi repeater. I want to make it connect to VPN server and continue working as a repeater
16:09 < SoWhat> so all the clients that are connected through wifi are also in tunnel
16:10 < SoWhat> any idea how to achieve this?
16:10 -!- gms [~quassel@wikipedia/gms] has joined #openvpn
16:14 < gms> I've just installed openvpn on a server, the 'openvpn connect' app on android 5, configured the server, created an .ovpn profile and imported it via the sdcard - connection works fine so far - a perhaps simple question: is it safe to delete the .ovpn file in the sdcard directory on the android device after importing it?
16:19 -!- Raansu [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: oops]
16:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
16:20 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 246 seconds]
16:30 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:32 <@plai> gms: should be ...
16:32 <@plai> it is safe for OpenVPN for Android
16:32 < gms> ok
16:32 -!- SoWhat [~Karl@dslb-178-007-098-008.178.007.pools.vodafone-ip.de] has quit [Ping timeout: 255 seconds]
16:33 < gms> plai, btw, what is the advantage of 'OpenVPN for Android' over 'OpenVPN Connect' ?
16:46 -!- DCUser [~DCUser@93-81-169-90.broadband.corbina.ru] has joined #openvpn
16:54 -!- gms [~quassel@wikipedia/gms] has quit [Remote host closed the connection]
17:20 -!- DCUser [~DCUser@93-81-169-90.broadband.corbina.ru] has quit []
17:31 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
17:49 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
17:59 -!- jeev_ is now known as jeev
18:05 -!- Keatont [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 264 seconds]
18:07 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
18:20 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
18:28 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 255 seconds]
18:33 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
18:38 -!- deranged [Bit@lolpurr.net] has joined #openvpn
19:34 -!- sleepypc is now known as `hypermist`
19:34 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 252 seconds]
19:54 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-lemgamdowgvwxgnv] has joined #openvpn
19:57 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 245 seconds]
20:04 -!- syedomar [~so@175.142.191.21] has quit [Ping timeout: 264 seconds]
20:40 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 256 seconds]
20:58 -!- ShadniX [dagger@p5481D8B2.dip0.t-ipconnect.de] has quit [Quit: Bye.]
20:59 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
21:11 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
21:17 -!- ShadniX [~ShadniX@p5481D8B2.dip0.t-ipconnect.de] has joined #openvpn
21:33 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
21:40 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
21:42 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:00 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-lemgamdowgvwxgnv] has quit [Quit: Connection closed for inactivity]
22:01 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
22:05 -!- McJuicy [~McJuicy@50-202-37-130-static.hfc.comcastbusiness.net] has joined #openvpn
22:09 -!- McJuicy [~McJuicy@50-202-37-130-static.hfc.comcastbusiness.net] has quit [Client Quit]
22:19 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
22:26 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:29 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
22:33 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Remote host closed the connection]
22:36 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
22:52 -!- zadock [~zadock@5-13-166-44.residential.rdsnet.ro] has joined #openvpn
23:19 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
23:25 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Read error: Connection reset by peer]
23:27 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
23:32 -!- ShadniX [~ShadniX@p5481D8B2.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX [dagger@p5481D43F.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Fri Apr 17 2015
00:00 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Remote host closed the connection]
00:03 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
00:32 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:35 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:06 -!- `hypermist` is now known as sleepypc
01:15 -!- zadock [~zadock@5-13-166-44.residential.rdsnet.ro] has quit [Ping timeout: 265 seconds]
01:17 -!- zadock [~zadock@5-13-166-44.residential.rdsnet.ro] has joined #openvpn
01:18 -!- mattock_afk is now known as mattock
01:18 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
01:19 -!- apollo2k is now known as aPollO2k
01:20 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
01:34 -!- sleepypc is now known as `hypermist`
02:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: brb flashing routers]
02:44 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
03:09 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:21 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
03:32 -!- `hypermist` [hypermist@unaffiliated/hypermist] has left #openvpn ["Leaving"]
03:36 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
03:39 -!- havingFun [~quassel@unaffiliated/xrosnight] has joined #openvpn
03:41 -!- havingFun is now known as xrosnight
03:56 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
03:58 -!- zadock [~zadock@5-13-166-44.residential.rdsnet.ro] has quit [Ping timeout: 240 seconds]
04:00 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
04:12 -!- zadock [~zadock@5-13-177-180.residential.rdsnet.ro] has joined #openvpn
04:15 -!- marl_scot1 [~matt@pin-pai-fwo.pintelgrp.co.uk] has joined #openvpn
04:15 -!- zadock [~zadock@5-13-177-180.residential.rdsnet.ro] has quit [Read error: Connection reset by peer]
04:17 < marl_scot1> hi folks, not quite an ovpn question, but hoping someone has come accross this, I am trying to configure a snom phone to connect to my remote asterisk pbx over openvpn, phone connects to openvpn on pbx box fine, but i cant seam to get it to register with asterisk, what address should i use for my sip register? should it be the public ip that normal phones use, or should it be one of the ips from openvpn?
04:31 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:31 -!- zadock [~zadock@5-13-232-56.residential.rdsnet.ro] has joined #openvpn
04:40 -!- zadock [~zadock@5-13-232-56.residential.rdsnet.ro] has quit [Ping timeout: 245 seconds]
04:46 -!- mattock is now known as mattock_afk
04:47 -!- xrosnight [~quassel@unaffiliated/xrosnight] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
04:49 -!- havingFun [~YAIRCC@unaffiliated/xrosnight] has joined #openvpn
04:53 -!- havingFun [~YAIRCC@unaffiliated/xrosnight] has quit [Client Quit]
04:56 -!- havingFun [~YAIRCC@unaffiliated/xrosnight] has joined #openvpn
04:58 -!- havingFun [~YAIRCC@unaffiliated/xrosnight] has quit [Client Quit]
05:00 -!- SwimmerTheMaster [~YAIRCC@unaffiliated/xrosnight] has joined #openvpn
05:01 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
05:16 -!- SwimmerTheMaster is now known as xrosnight
05:22 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
05:25 <@plai> !hide
05:26 <@plai> !logs
05:26 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
05:26 <@plai> !logfile
05:26 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
05:46 < ValdikSS> krzee: hello! It seems that sometimes after network drop, client won't change DNS settings back on Windows. If the server pushed DNS settings to client which works only inside tunnel (internal address), client would try to resolve server address using this DNS after network drop, which fails all the time.
05:47 -!- xrosnight [~YAIRCC@unaffiliated/xrosnight] has quit [Ping timeout: 245 seconds]
06:15 -!- Ssquidly [~squidly@gate.nnx.com] has quit [Quit: WeeChat 0.4.3]
06:15 -!- mattock_afk is now known as mattock
06:54 <@pekster> ValdikSS: Using --persist-tun perhaps? That option is rarely appropriate on clients unless are sure you can leave it up
06:54 -!- mode/#openvpn [+v-o pekster pekster] by pekster
06:59 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: blowing up my network again, brb]
07:02 -!- enoch [~enoch@unaffiliated/enoch] has joined #openvpn
07:02 < enoch> hi all, i have a strange problem, im saving openvpn traffic for 10 clients using tcpdump: sudo tcpdump -i tun0 src host 10.8.0.14 -w /tmp/test-nuvo-17032015.pcap -s 0
07:03 < enoch> im using the same format for 10 clients.
07:03 < enoch> two of them are ok, but the other 8 are saving malformed output. Any idea?
07:05 -!- enoch [~enoch@unaffiliated/enoch] has quit [Quit: Leaving]
07:33 -!- hojgaard [~dh@78.156.117.236] has quit [Remote host closed the connection]
07:34 < ValdikSS> pekster: I see. I was in thoughs on this option. Thanks.
07:39 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
07:54 -!- dazo_afk is now known as dazo
08:00 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
08:07 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
08:08 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:11 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:20 -!- mattock is now known as mattock_afk
08:20 -!- niseak [~niseak@162.222.47.218] has joined #openvpn
08:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 272 seconds]
08:35 -!- Tobinski [~tobinski@x2f5fdec.dyn.telefonica.de] has joined #openvpn
08:35 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:38 -!- mattock_afk is now known as mattock
08:41 < hikenboot> nyone know what the error command whack not found
08:41 -!- hikenboot [~hikenboot@pool-98-118-20-118.bstnma.east.verizon.net] has quit [Quit: Leaving]
08:44 -!- hikenboot [~hikenboot@pool-98-118-20-118.bstnma.east.verizon.net] has joined #openvpn
08:44 < hikenboot> anyone know what the error "command whack not found" means
08:44 -!- mattock is now known as mattock_afk
08:46 <+esde> !google error "command whack not found"
08:46 <@vpnHelper> XCode 5.NEXT / Linker Errors · Issue #75 · specta/expecta · GitHub: <https://github.com/specta/expecta/issues/75>; JRE 8 Update 31 on a Windows 8 Machine "Java -version" not working ...: <https://community.oracle.com/thread/3677348>; Can't use laravel new app-name - Laracasts: <https://laracasts.com/discuss/channels/general-discussion/cant-use-laravel-new-app-name>
08:46 <+esde> nope
08:47 <+esde> doesnt sound to me like anything openvpn would spit out, either
08:50 < hikenboot> actually its the kvnpc client that is spitting it out, only vague reference indicated it might have something to do with a compile option on openvpn or the client, but it was very unspecific
08:50 <+esde> hey there's those details!
08:50 < hikenboot> this is on debian by the way
08:50 <+esde> now go ask whomever developed kvnpc client
08:50 < hikenboot> sorry I was just hoping someone might have encountered the error
08:51 < hikenboot> I am looking for a linux client that will work both with openvpn and softvpn, do you know of any?
08:52 <+esde> you are in #openvpn. as such most discussion will be limited to openvpn. softvpn is not supported in this channel
08:52 < hikenboot> right ok, next question, do you know of a channel for softvpn?
08:53 <+esde> you'd have to check with that project. again, this is not softvpn, and this channel has no affiliation with softvpn whatsoever
08:53 < hikenboot> ok thanks, have a great day, if i cant get softvpn working then I will have to go back to my original, openvpn with eurephia to do the job
08:53 < hikenboot> thanks
08:53 -!- hikenboot [~hikenboot@pool-98-118-20-118.bstnma.east.verizon.net] has quit [Quit: Leaving]
08:54 -!- niseak_ [~niseak@162.222.47.218] has joined #openvpn
08:57 -!- niseak [~niseak@162.222.47.218] has quit [Ping timeout: 264 seconds]
08:59 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
09:01 -!- niseak_ [~niseak@162.222.47.218] has quit [Quit: Leaving...]
09:03 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer]
09:04 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
09:08 -!- aPollO2k is now known as apollo2k
09:34 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:07 -!- SwimmerTheMaster [~YAIRCC@unaffiliated/xrosnight] has joined #openvpn
10:22 -!- syedomar [~so@175.136.89.190] has joined #openvpn
10:38 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
10:38 -!- mode/#openvpn [+v RBecker] by ChanServ
11:11 -!- SwimmerTheMaster [~YAIRCC@unaffiliated/xrosnight] has quit [Ping timeout: 256 seconds]
11:19 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:26 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
12:09 -!- crayon [~user@unaffiliated/button] has joined #openvpn
12:10 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 264 seconds]
12:10 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
12:11 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
12:24 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Read error: Connection reset by peer]
12:25 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
12:27 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Client Quit]
12:36 -!- Tobinski [~tobinski@x2f5fdec.dyn.telefonica.de] has quit [Quit: Leaving]
12:37 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
12:37 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Client Quit]
12:52 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has quit [Ping timeout: 252 seconds]
13:09 -!- colbyf [~colbyf@95.211.149.213] has joined #openvpn
13:10 < colbyf> !welcome
13:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:10 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:10 < colbyf> !howto
13:10 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:34 -!- dansanger [~vpnuser@190.72.186.103] has joined #openvpn
13:35 < dansanger> hello
13:36 < dansanger> Can anybody help me with mi openvpn running in Ubuntu?
13:40 <+esde> !welcome
13:40 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
13:40 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:40 <+esde> !info
13:40 <@vpnHelper> Error: The command "info" is available in the Factoids and RSS plugins.  Please specify the plugin whose command you wish to call by using its name as a command before "info".
13:45 -!- authorized [~authorize@unaffiliated/authorized] has joined #openvpn
13:45 < authorized> does anyone here know about a Swiss VPN?
13:46 <+esde> huh?
13:50 < rob0> We're not authorized to tell you.
13:53 < authorized> ok
13:53 < authorized> esde, I am asking about a Swiss OpenVPN provider
13:54 <+esde> google it?
13:54 -!- colbyf [~colbyf@95.211.149.213] has quit [Ping timeout: 272 seconds]
13:54 <+esde> we dont generally recommend commercial providers
13:57 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:58 -!- authorized [~authorize@unaffiliated/authorized] has quit [Quit: Leaving]
13:58 < rob0> hehe
14:08 -!- colbyf [~colbyf@85.210.209.47] has joined #openvpn
14:11 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Quit: Sto andando via]
14:37 -!- dazo is now known as dazo_afk
14:45 -!- Mike-- [mad@mx.probie.nl] has quit [Remote host closed the connection]
14:53 -!- DCUser [~DCUser@93-81-169-90.broadband.corbina.ru] has joined #openvpn
14:56 < thumbs> I like rob0 as a provider
15:02 -!- colbyf [~colbyf@85.210.209.47] has quit [Remote host closed the connection]
15:06 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
15:11 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
15:38 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
15:57 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 264 seconds]
16:01 -!- yang_ [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
16:03 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
16:03 -!- Poster|x [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
16:05 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
16:06 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 256 seconds]
16:08 -!- Poster|x is now known as Poster
16:19 -!- dansanger [~vpnuser@190.72.186.103] has quit [Ping timeout: 265 seconds]
16:21 -!- DCUser [~DCUser@93-81-169-90.broadband.corbina.ru] has quit []
16:30 -!- colbyf [~colbyf@46.246.124.91] has joined #openvpn
16:34 -!- colbyf [~colbyf@46.246.124.91] has quit [Ping timeout: 245 seconds]
16:45 -!- NetworkingPro [~Networkin@192.198.208.235] has joined #openvpn
16:45 < NetworkingPro> hey everyone
16:45 < NetworkingPro> Hows it going?
16:53 -!- dansanger [~vpnuser@190.72.186.103] has joined #openvpn
16:57 <+esde> !welcome
16:57 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
16:57 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:03 < NetworkingPro> Is there an all encompassing wiki or doc that explains what each config file variable is for?
17:03 < NetworkingPro> I have interited a broken OpenVPN project, and Im kinda swimming here.
17:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:03 < ser_berry> NetworkingPro: see config help configvar
17:03 <+esde> !wiki
17:03 <@vpnHelper> "wiki" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN for the Unofficial wiki or (#2) https://community.openvpn.net/openvpn/wiki for the Official wiki
17:03 <+esde> !howto
17:03 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
17:03 < ser_berry> oops wrong channel
17:04 < NetworkingPro> lol ser_berry  all good
17:04 < NetworkingPro> Yea, im just trying to figure out what all these pre-existing vars are...
17:04 < NetworkingPro> thnaks esde
17:04 < NetworkingPro> *thanks even
17:04 <+esde> np
17:06 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
17:12 -!- dansanger [~vpnuser@190.72.186.103] has quit [Quit: Leaving.]
17:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:30 -!- crayon [~user@unaffiliated/button] has quit [Ping timeout: 265 seconds]
18:44 < ser_berry> after I install the login page is missing styles and I can't get past the "accept" screen. what's going on?
18:46 <+esde> huh
18:48 < ser_berry> this is what I see: https://i.imgur.com/ZKaTyzE.jpg
18:55 <+esde> !as
18:55 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
18:57 < ser_berry> ty
18:57 <+esde> np
19:05 -!- tharkun [~0@unaffiliated/tharkun] has joined #openvpn
19:18 -!- zerobaud [bc41a685@gateway/web/freenode/ip.188.65.166.133] has joined #openvpn
19:19 < zerobaud> I need to setup a simple (no auth / encryption) connection from a SIEM appliances management iface which runs in vmware (bridged) to another computer with a virtual windows domain set to host only
19:19 < zerobaud> and also a bridged iface which acts as a router
19:20 < zerobaud> i specifiy --remote to have the bridged iface of the management interface of the SIEM appliance and --local to the routers interface in the windows domain?
19:21 < zerobaud> that should do the trcik right?
19:21 -!- linuxthefish [~ltf@unaffiliated/edmundf] has quit [Ping timeout: 252 seconds]
19:24 < zerobaud> does this means I dont have to specify a tun/tap device?
19:24 < zerobaud> or do i need to specify a tun/tap device and a bridge and put the network i want to connect to inside the bridge together with the tun/tap openvpn creates?
19:25 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:27 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
20:06 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 256 seconds]
20:17 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
20:18 < zerobaud> I cant get it fixed, I read the documentation and man pages a few times
20:18 < zerobaud> what am i supposed to put after --ifconfig??
20:18 < zerobaud> on both the client and server?
20:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
20:23 < zerobaud> why is route showing the ip address of the remote server?
20:23 < zerobaud> that is a stupid question i know, wait let me get details of everything and make a pastebin...
20:59 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Remote host closed the connection]
20:59 < zerobaud> http://pastebin.com/MF684ByK
20:59 < zerobaud> here...
21:00 < zerobaud> The best I could do I asked #networking aswell... but nobody who is watching replied so far
21:04 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
21:08 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Client Quit]
21:08 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
21:18 -!- wlarip [~wlarip@209.26.240.148] has quit [Ping timeout: 240 seconds]
21:21 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
21:36 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: Textual IRC Client: www.textualapp.com]
21:37 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
21:41 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Client Quit]
21:41 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
21:44 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Client Quit]
21:46 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
21:47 <+esde> paste expired, lol
21:47 < zerobaud> damn
21:47 < zerobaud> lemme repaste
21:48 <+esde> !howto
21:48 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
21:48 <+esde> !welcome
21:48 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
21:48 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:48 < zerobaud> http://pastebin.com/3LBxYQKS
21:48 <+esde> !tunortap
21:48 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
21:48 <@vpnHelper> rooted/jailbroken) support only tun
21:49 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Client Quit]
21:59 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:51 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 248 seconds]
23:06 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
23:09 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
23:30 -!- ShadniX [dagger@p5481D43F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX [dagger@p5DDFC06F.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Apr 18 2015
00:07 -!- zerobaud [bc41a685@gateway/web/freenode/ip.188.65.166.133] has quit [Ping timeout: 246 seconds]
00:17 -!- zorzevic [~unknown@ae204108.dynamic.ppp.asahi-net.or.jp] has joined #openvpn
00:17 < zorzevic> hi guys, I'm looking for a good VPN provider for using openVPN in japan...any advice?
00:19 < zorzevic> (am a VPN noob BTW)
00:28 < zorzevic> anybody here?
00:48 -!- zorzevic [~unknown@ae204108.dynamic.ppp.asahi-net.or.jp] has quit [Read error: Connection reset by peer]
01:02 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:22 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:02 -!- seeg [~seeg@li470-46.members.linode.com] has joined #openvpn
02:03 < seeg> hello -- I have a question, maybe dumb but didn't find an answer -- is the openvpn server also a client? in ipp.txt I do see 'client' connected but in no way I an ping it from other clients.
02:03 < seeg> When I explicitly connect client on server machine then I can ping the server via that client
02:04 < seeg> I do have client-to-client enabled
02:23 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:42 -!- mattock_afk is now known as mattock
02:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:08 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
03:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 265 seconds]
03:27 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
03:28 < Junka> !welcome
03:28 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:28 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:28 < Junka> !goal
03:28 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
03:31 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
04:01 -!- yang_ is now known as ang
04:01 -!- ang is now known as yang
04:04 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:39 -!- roentgen_ [~none@openvpn/community/support/roentgen] has quit [Remote host closed the connection]
04:52 -!- Junka [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
04:52 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
04:54 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
04:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:58 -!- SoWhat [~Karl@dslb-188-110-207-228.188.110.pools.vodafone-ip.de] has joined #openvpn
04:58 < SoWhat> how can I tell on debian if openvpn client is running?
05:08 < SoWhat> and how can I restart it?
05:14 -!- SoWhat [~Karl@dslb-188-110-207-228.188.110.pools.vodafone-ip.de] has quit [Ping timeout: 244 seconds]
05:15 -!- SoWhat [~Karl@dslb-188-110-207-228.188.110.pools.vodafone-ip.de] has joined #openvpn
05:20 -!- mattock is now known as mattock_afk
05:31 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
05:52 -!- gms [~quassel@wikipedia/gms] has joined #openvpn
06:10 -!- wrouesnel [~wrouesnel@14-200-69-67.static.tpgi.com.au] has joined #openvpn
06:11 < wrouesnel> two questions: (1) when using route no-pull, is it possible to get the routing information that would have been added, without actually adding it?
06:12 < wrouesnel> and (2) is it possible to get openvpn to create the tun device in a particular cgroup? i.e. I want my host to bring openvpn up, but i want the tunnel interface to be added to a container
06:18 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer]
06:18 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
06:19 -!- SoWhat [~Karl@dslb-188-110-207-228.188.110.pools.vodafone-ip.de] has quit [Ping timeout: 240 seconds]
06:20 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
06:22 -!- mattock_afk is now known as mattock
06:28 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:29 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
06:35 < Junka> does openvpn need sudo rights?
06:36 < Junka> in order to run
06:52 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
06:52 < Junka> pls
06:53 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:53 < Thermi> No, it needs to be started as the root user.
06:53 < Thermi> Or at lesat CAP_NET_ADMIN, I think.
06:58 < Junka> do i need to specify in the /etc/openvpn/client.conf that the ca.crt it's also in the /etc/openvpn/ca.crt or just ca.crt ?
07:03 < Thermi> Use the full path.
07:11 -!- dyce [~quassel@ns3290920.ip-5-135-184.eu] has quit [Ping timeout: 256 seconds]
07:30 -!- SwimmerTheMaster [~YAIRCC@unaffiliated/xrosnight] has joined #openvpn
07:32 -!- SwimmerTheMaster is now known as xrosnight
07:37 < Junka> how can i force all network data to go through the vpn?
07:40 < Junka> is it more secure to run openvpn in Unprivileged mode?
07:41 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
07:47 < Junka> where is the HMAC key generated? /etc/openvpn?
07:47 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
07:52 -!- mattock is now known as mattock_afk
08:13 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 250 seconds]
08:21 < Junka> ;tls-auth ta.key 0 # This file is secret
08:21 < Junka> what does it mean secret?
08:21 < deranged> may be a dumb question but is username/password auth done by like, real local users?
08:21 < deranged> if you get what I mean
08:23 -!- SoWhat [~Karl@dslb-188-110-207-228.188.110.pools.vodafone-ip.de] has joined #openvpn
08:23 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Quit: ZNC - http://znc.in]
08:30 -!- u0m3 [~u0m3@109.96.156.18] has joined #openvpn
09:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:13 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
09:13 -!- mode/#openvpn [+v s7r] by ChanServ
09:19 -!- SoWhat [~Karl@dslb-188-110-207-228.188.110.pools.vodafone-ip.de] has quit [Ping timeout: 255 seconds]
09:26 < Junka> i cant connect
09:26 < Junka> with a cipher other than the default BF-CBC
09:29 <+s7r> Junka you changed the cipher option on both server and client config?
09:30 < Junka> i get a warning that the remote cipher is BF
09:30 < Junka> but i have no access to the server
09:30 < Junka> i use PIA
09:32 < Junka> i tried to get help from them
09:32 < Junka> they dont know, they just tell me to use their app
09:32 < Junka> >_>
09:34 -!- SoWhat [~Karl@78.84.164.202] has joined #openvpn
09:35 < SoWhat> can you tell me how to start openvpn client on boot in debian linux?
09:36 < SoWhat> I see that it starts some service automatically, but I don´t understand what it does
09:44 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
09:50 -!- SoWhat [~Karl@78.84.164.202] has quit [Read error: Connection reset by peer]
10:01 -!- mreithub [~mreithub@chello062178151029.7.14.vie.surfer.at] has joined #openvpn
10:14 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
10:15 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
10:20 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 276 seconds]
10:25 < mreithub> hi, I have a VPN with a couple of clients who aren't supposed to see each other (so client-to-client is not set). That setup works quite well. But now I want to allow some clients to be able to connect to the others (i.e. our own computers should be able to reach our customers). Do I have to setup a second VPN (with its own CA) or can I do that with ccd rules (I was thinking about a separate subnet - either with or without NAT)?
10:27 -!- zmachine [uid53369@gateway/web/irccloud.com/x-hozgscmqnpqodpqr] has joined #openvpn
10:49 < Thermi> mreithub: As the network packets go through the netfilter part of the kernel, you can use it to filter traffic.
10:51 < mreithub> Thermi, so you suggest to enable client-to-client for all of them and block their traffic using iptables?
10:51 < Thermi> No.
10:51 < Thermi> client-to-client only tells openvpn to pass traffic from a client to another client inside itself and not give it to the kernel or push it out of the tap/tun interface to the kernel.
10:54 < mreithub> ah, I think I found a solution: I made a ccd, added ifconfig-push (with 10.11.0.x), push route (with 10.9.x.x) and then a masquerade rule from 10.11.0.x to 10.9.x.x
10:54 -!- u0m3 [~u0m3@109.96.156.18] has quit [Ping timeout: 264 seconds]
10:55 < mreithub> I've tried something like that before but stopped trying after I failed to reach the server itself for some reason (maybe a missing route statement for the 10.11.0.x network)
10:58 -!- mreithub [~mreithub@chello062178151029.7.14.vie.surfer.at] has quit [Quit: This computer has gone to sleep]
11:07 < Junka> Thermi; can you help me too?
11:08 < Thermi> Junka: As you already recognised, your problem is with the server administrator. Get them to fix your "problem".
11:09 < Junka> Thermi; whats the parament for Data Authentication
11:09 < Thermi> parament?
11:09 < Junka> like 'cipher' for encryption
11:10 < Thermi> "Parament" makes no sense in this context. Please use proper english words in your question.
11:11 < Junka> whats the algorithm for data auth
11:11 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
11:11 < Junka> no thats wrong again
11:12 < Junka> how do i enable data auth in the config file
11:12 < Thermi> That is already enabled by default.
11:13 < Thermi> The default for "auth" is sha1.
11:13 < Thermi> The default for "cipher" is BF-CBC
11:16 -!- rika is now known as notrika
11:23 < Junka> Thermi; isn't tls-auth ta.key 0 # This file is secret
11:23 < Junka> for data auth?
11:24 < Thermi> That is an additional HMAC setting. You can use it to set a static HMAC that envelopes the OpenVPN packets. OpenVPN uses TLS, which uses ciphers and hmacs already. It is difficult to describe it here to you. You are better of reading the docs about it.
11:24 < Thermi> Also, I'm lazy right now.
11:27 -!- notrika is now known as rika
11:32 -!- marl_scot1 [~matt@pin-pai-fwo.pintelgrp.co.uk] has quit [Ping timeout: 240 seconds]
12:18 < Junka> Thermi; thanks :)
12:18 < Junka> for your help
12:28 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
12:28 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
12:29 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
13:01 < Junka> do i need a cert for handshake encryption?
13:02 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
13:05 < Junka> ,g woman to man blowjob decreases depresion
13:05 < Junka> pls
13:05 < Junka> oh wrong channel
13:06 < supergauntlet> wat
13:17 -!- Eric-K [eric@188.226.225.197] has joined #openvpn
13:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:34 < Junka> well since i started it
13:34 < Junka> i better give the url too :P
13:34 < Junka> http://www.joe.ie/life-style/good-news-folks-blowjobs-help-reduce-depression-in-men-and-women/45754
13:34 <@vpnHelper> Title: Good news folks - blowjobs help reduce depression in men and women | JOE.ie (at www.joe.ie)
13:53 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
13:54 -!- gms [~quassel@wikipedia/gms] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
13:55 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Read error: Connection reset by peer]
13:55 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
13:56 -!- Junka [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
14:00 -!- roentgen [~none@openvpn/community/support/roentgen] has quit [Read error: Connection reset by peer]
14:02 -!- roentgen [~none@openvpn/community/support/roentgen] has joined #openvpn
14:35 -!- debbie10t [~debbie10t@unaffiliated/m10t] has joined #openvpn
14:36 -!- zmachine [uid53369@gateway/web/irccloud.com/x-hozgscmqnpqodpqr] has quit [Quit: Connection closed for inactivity]
14:38 < debbie10t> I have been looking at this problem: https://forums.openvpn.net/topic18671.html
14:38 <@vpnHelper> Title: OpenVPN Support Forum Expired CA - clients can't connect : Server Administration (at forums.openvpn.net)
14:40 < debbie10t> I have created a new ca.crt using the link provided there to serverfault but the resulting ca.crt is not suitable for openvpn as it is missing some details
14:41 < debbie10t> cutting to the chase: does anybody know the openssl commend line required to generate a ca.crt with all the details required for openvpn ?
14:41 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 255 seconds]
14:44 < debbie10t> I have tried to pick apart openssl-1.0.0.cnf and the older easy-rsa scripts and vars file but it is a bit too complicated
14:50 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
14:50 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
14:50 -!- mode/#openvpn [+v s7r] by ChanServ
14:51 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
14:54 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
15:17 -!- xrosnight [~YAIRCC@unaffiliated/xrosnight] has quit [Ping timeout: 256 seconds]
15:19 -!- Latrina [~Latrina@ppp-211-33.26-151.libero.it] has quit [Ping timeout: 245 seconds]
15:21 -!- wrouesnel [~wrouesnel@14-200-69-67.static.tpgi.com.au] has quit [Ping timeout: 265 seconds]
15:22 -!- Latrina [~Latrina@ppp-211-33.26-151.libero.it] has joined #openvpn
16:00 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:05 -!- mike_papa [~mike_papa@212.180.174.163] has joined #openvpn
16:09 < mike_papa> Good evening. I have openvpn running on router with dd-wrt. I did something, I don't really know what, to openvpn setting when I tried to upgrade dd-wrt. I had to revert it back to version I was using before, as it was unstable, and I recovered settings from backup. Since then I have a strange thing with VPN. From remote client I can ping all local clients. I can ssh router, I can visit it's web panel. Problem is with local clients, that I cannot ssh
16:09 < mike_papa> What can couse that?
16:27 < mike_papa> !paste
16:27 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
16:28 < mike_papa> !configs
16:28 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
16:38 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
16:45 < mike_papa> Firewall settings: Filter Proxy, Cookies, Java Applets, ActiveX, Block Anonymous WAN Requests (ping), Filter Multicast, FIlter IDENT (port 113), Block WAN SNMP access enabled, and Filter WAN NAT Redirection disabled. iptables: http://pastebin.com/vkuyvvYX server.conf: http://pastebin.com/HbYgF0Lg client.conf: http://pastebin.com/HGeQBdBn log: http://pastebin.com/hC9RvyEE
17:00 < debbie10t> mike_papa, is it just one client that has the problem ?
17:01 < mike_papa> No. I tried two phones (Android) and one Windows. All have the same problem with three different local clients (2 linux, 1 windows).
17:02 < debbie10t> are they att the same client site ?
17:02 < mike_papa> what do you mean?
17:02 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
17:02 < debbie10t> are the clients with the problem all in the same remote network
17:03 < debbie10t> just to save some time what is your server local LAN ip ?
17:04 < mike_papa> No. I've used cell network, network at my workplace, and even from my own net. My server local IP is 192.168.138.1
17:04 < debbie10t> ok
17:04 < debbie10t> at least it is not 192.168.0.0/24 :)
17:05 < debbie10t> when you say that you can not ss .. what do you mean ?
17:05 < mike_papa> hehe. I've read about possible conflicts with populat IPs.
17:05 < debbie10t> yep cool
17:05 < debbie10t> had to check tho
17:05 < debbie10t> when you say that you can not ss .. what do you mean ?
17:05 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
17:06 < mike_papa> That looks odd. When I try to login via ssh to local client it just stalls. SSH client doesn't say that it cannot reach server, it doesn't timeout, or anything. It just stalls.
17:06 < Eric-K> Are there any hardware requirements I should know of for a box connected to a Gbit uplink? Just one or two users will be connecting.
17:07 < debbie10t> sounds like routing
17:07 < mike_papa> No login prompt. Nothing.
17:07 < debbie10t> yes .. i can replicate that with bad roouting
17:07 < mike_papa> But ssh 192.168.138.1 works fine.
17:08 < debbie10t> so from the client you can ssh to your server
17:08 < mike_papa> Yes. But not to other clients on 192.168.138.0
17:09 < debbie10t> so the client can see the server but the client cannot see any other hosts on the server lan ?
17:09 < mike_papa> Haven't tried between clients on VPN (10.138.12.0). Can't really now.
17:10 < mike_papa> And here it becomes even stranger. Pings to any client on 192.168.138.0 from 10.138.12.0 work great. But only pings. Nothing else.
17:10 < mike_papa> So it's hard to say it cannot see.
17:10 < debbie10t> sound  like a firewall
17:10 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
17:10 < debbie10t> you use iptables ?
17:11 < mike_papa> Yes. DD-WRT use iptables.
17:12 < debbie10t> have you setup the NAT rule ?
17:12 < debbie10t> iptables -t nat -A POSTROUTING -s 10.138.12.0/24 -o eth0 -j MASQUERADE
17:13 < debbie10t> -o eth0 .. where eth0 must match your router LAN NIC
17:13 < mike_papa> Here is all I did with iptables: http://pastebin.com/vkuyvvYX
17:14 < debbie10t> ouch !
17:14 < debbie10t> do you need a bridge ?
17:14 < debbie10t> is your VPN tun or tap ?
17:15 < mike_papa> TUN
17:15 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:16 < debbie10t> I don't know much about DDwrt but i doubt you need a bridge
17:16 < debbie10t> your iptables has a br0
17:16 < debbie10t> br0=bridge
17:16 < mike_papa> I guess it's just the way dd-wrt is doing things on routers.
17:16 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
17:17 < mike_papa> Can't really see any option for changing it.
17:17 < debbie10t> look in interfaces tab
17:18 < mike_papa> Its Setup/Networking I belive. There is br0 listed, but it's not possible to remove it. I can add more of those ;)
17:20 < mike_papa> http://pastebin.com/pQWLtxDw here is ifconfig from router
17:21 < debbie10t> do you know what a bridge does ?
17:22 < debbie10t> i think you should try #dd-wrt
17:22 < mike_papa> I have no idea.
17:23 < debbie10t> i seriously doubt you need any bridge
17:24 < mike_papa> I get those on server log: marek-android/178.182.7.177:57169 MULTI: bad source address from client [100.84.123.134] packet dropped
17:24 < debbie10t> that is generally not a problem
17:25 < debbie10t> openvpn just needs --iroute (internal route) for clients lan
17:25 < mike_papa> I think br0 is standard in dd-wrt: http://www.dd-wrt.com/wiki/index.php/Default_Configuration_Overview
17:25 <@vpnHelper> Title: Default internal device network - DD-WRT Wiki (at www.dd-wrt.com)
17:26 < debbie10t> for openvpn it may help you to read this:http://openvpn.net/index.php/open-source/documentation/howto.html
17:26 <@vpnHelper> Title: HOWTO (at openvpn.net)
17:26 < debbie10t> see the section: expanding the scope ..
17:30 < debbie10t> about DD-WRT .. maybe you do need the bridge .. looks complicated and I don't know enough about dd-wrt
17:31 < mike_papa> I think I already have that route they talk about in expanding the scope: http://pastebin.com/Q0kM7XCf
17:32 < debbie10t> not --route but --iroute ..
17:32 < debbie10t> in your openvpn configuration
17:34 < mike_papa> that's on client side, right?
17:35 < debbie10t> no .. it is a server-side --client-config-dir/file option
17:35 < debbie10t> it tells the openvpn server the LAN of the client ..
17:39 < mike_papa> But isn't needed when VPN client is actually gateway to another LAN?
17:39 < debbie10t> that is why it is needed ..
17:39 < mike_papa> But my clients are sinle machines
17:39 < mike_papa> single machines*
17:41 < debbie10t> the --iroute statement will instruct the server how to deal with dropped packets .. but it not necessary if the client machine is not routing for the client LAN ..
17:41 < debbie10t> as you say "single machine"
17:42 < debbie10t> and so you can basically ignore those dropped packets
17:43 < mike_papa> Ok. Anyway I still can ping my print server but I can't ssh it, and I can't go to printer:631 page.
17:45 < debbie10t> do you have a ppc you can try to connect to ?
17:45 < debbie10t> *pc
17:46 < mike_papa> on local LAN? two linux boxes running ssh servers, and Windows with RDC.
17:46 < debbie10t> good .. use tcpdump on the linux machine and see if the ssh packets arrive
17:47 < debbie10t> BTW: does your printer have a static route for the VPN ?
17:51 < mike_papa> ssh packets are getting to print server from vpn client
17:51 < mike_papa> and it's answering
17:51 < mike_papa> It is actually getting it, and answering to router.
17:52 < mike_papa> router and/or ovpn server
17:52 < debbie10t> add a static route to the printer for the VPN ip 10.138.12.0/24
17:53 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
17:53 < debbie10t> or do nat on the vpn server correctly
17:55 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
17:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 246 seconds]
17:58 < mike_papa> Ok. I have static route to 10.138.12.0/24 via wlan0 (only device on print server). Nothing changed.
17:59 < debbie10t> route is via vpn server / dd-wrt router
18:00 < debbie10t> i think it was 192.168.137.1
18:00 < debbie10t> 138.1
18:01 < mike_papa> yes. so... ip route add 10.138.12.0/24 via 192.168.138.1?
18:02 < debbie10t> sounds good
18:02 < mike_papa> and nothing changed :(
18:03 < debbie10t> what client are you using ?
18:03 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
18:04 < mike_papa> At the moment android with OpenVPN Connect 1.1.16
18:05 < debbie10t> can you try ssh to the linux machine ?
18:08 < mike_papa> I do at the moment
18:08 < debbie10t> you can successfully connect to ssh over the vpn ?
18:08 < mike_papa> no timeout. ConnectBot just saying "Connecting..."
18:08 < debbie10t> ahh
18:09 < mike_papa> And after short while tcpdump (on print server) shows no traffic on 22
18:11 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: "Buzzinga"]
18:13 < mike_papa> http://pastebin.com/ctdLxU3e - tcpdump from print server
18:13 < mike_papa> and two more lines: 01:13:06.077301 IP 192.168.138.11.22 > 192.168.138.1.42400: Flags [P.], seq 0:39, ack 1, win 453, options [nop,nop,TS val 34734144 ecr 6831106], length 39
18:13 < mike_papa> 01:13:06.079310 IP 192.168.138.1.42400 > 192.168.138.11.22: Flags [R], seq 2223451181, win 0, length 0
18:15 < mike_papa> next 3 lines. seems like there is something now and then. Every 40-50 seconds couple of packets.
18:21 < debbie10t> according to your tcpdump .. it looks like your server is doing the right NAT .. so it looks to me like your server iptables is blocking the reply
18:22 < debbie10t> but that is wierd
18:24 < debbie10t> can you use tcpdump on the dd-wrt ?
18:25 < mike_papa> sure. What should I listen?
18:26 < debbie10t> look for ssh packets on the tunnel
18:26 < debbie10t> tcpdump -i tun0 port 22
18:26 < debbie10t> or whatever the tun interface is
18:27 < mike_papa> http://pastebin.com/e4WjKny7
18:28 < mike_papa> seems no inbound traffic
18:29 < debbie10t> now do: tcpdump -i br0 port 22
18:29 < mike_papa> Now it got some: http://pastebin.com/GsFwjh9q
18:30 < debbie10t> well .. it is your router that is dropping or blocking then
18:30 < debbie10t> most likely iptables
18:32 < mike_papa> how do I check what's present iptables setting? Maybe router is not doing those firewall scripts correctly?
18:32 < debbie10t> unless your printer refuses non-local connections .. but tcpdump on the printer showed that the the router NATted the packets
18:33 < mike_papa> here is on br0: http://pastebin.com/8yS7S9bs
18:33 < debbie10t> yep .. looks like nat is working
18:33 < debbie10t> i don't know enough about dd-wrt to help any more .. sorry
18:34 < mike_papa> and again right after I pasted another 2 lines with other way traffic: 01:33:05.573817 IP 192.168.138.11.22 > 192.168.138.1.49519: Flags [FP.], seq 40:1024, ack 30, win 453, options [nop,nop,TS val 34854095 ecr 6958320], length 984
18:34 < mike_papa> 01:33:05.632513 IP 192.168.138.1.49519 > 192.168.138.11.22: Flags [.], ack 1, win 685, options [nop,nop,TS val 6959579 ecr 34842085,nop,nop,sack 1 {40:1025}], length 0
18:34 < mike_papa> Ok. Thank you. I'll try on #dd-wrt. But it's always quiet channel.
18:36 < debbie10t> np
18:37 < debbie10t> just to be sure .. can you ssh to the printer from a local pc .. not over the vpn ?
18:38 < mike_papa> Yes. I can ssh if I connect directly to my network.
18:38 < debbie10t> ok .. so the printer ssh works .. i know ssh can be a bit fussy
18:42 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
18:42 -!- mode/#openvpn [+v s7r] by ChanServ
18:42 < mike_papa> Strangest thing is, that it has been working fine. I did full settings backup, upgraded, found it unstable, reverted to backed up version, and... that's what happend.
18:45 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has joined #openvpn
18:47 -!- carlcrac_ [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Ping timeout: 276 seconds]
19:01 -!- mike_papa [~mike_papa@212.180.174.163] has quit [Quit:  HydraIRC -> http://www.hydrairc.com <- The professional IRC Client :D]
19:20 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
19:25 -!- swebb [~swebb@192.69.23.161] has quit [Ping timeout: 245 seconds]
19:30 -!- swebb [~swebb@192.69.23.161] has joined #openvpn
19:40 -!- Denial [~Denial@81.141.6.77] has joined #openvpn
20:11 -!- debbie10t [~debbie10t@unaffiliated/m10t] has left #openvpn ["Leaving"]
20:43 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 255 seconds]
20:47 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
20:49 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
21:06 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
21:22 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:23 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
21:24 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
21:41 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
21:45 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
21:48 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
22:23 -!- jitterbug [jitterbug@142.167.108.163] has joined #openvpn
22:44 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
22:51 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
22:55 -!- deever [~deever@yorval.fipscode.net] has quit [Read error: Connection reset by peer]
22:56 -!- BtbN [btbn@btbn.de] has quit [Ping timeout: 276 seconds]
22:57 -!- jitterbug [jitterbug@142.167.108.163] has quit []
23:02 -!- BtbN [btbn@btbn.de] has joined #openvpn
23:02 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
23:10 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:29 -!- ShadniX [dagger@p5DDFC06F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:31 -!- ShadniX [dagger@p5481C7BE.dip0.t-ipconnect.de] has joined #openvpn
23:55 -!- wrouesnel1 [~wrouesnel@14-200-69-67.static.tpgi.com.au] has joined #openvpn
--- Day changed Sun Apr 19 2015
01:16 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
01:21 -!- mattock_afk is now known as mattock
01:45 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
02:11 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:12 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
02:14 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:16 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
02:17 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:20 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
02:20 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:20 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
02:21 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:32 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
02:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:54 -!- mattock is now known as mattock_afk
03:01 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
03:24 -!- mattock_afk is now known as mattock
03:24 -!- mattock is now known as mattock_afk
03:25 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:25 -!- mode/#openvpn [+o mattock] by ChanServ
03:26 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
03:26 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:26 -!- mode/#openvpn [+o mattock] by ChanServ
04:18 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
04:19 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
04:19 -!- mode/#openvpn [+v s7r] by ChanServ
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:36 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
04:39 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
04:40 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
04:54 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:09 -!- Denial [~Denial@81.141.6.77] has quit []
05:44 -!- mjkr [c7b4ffee@gateway/web/freenode/ip.199.180.255.238] has joined #openvpn
05:44 < mjkr> does openvpn support tcp fast open in tcp mode?
05:48 < tomodachi> mjkr: why would that matter?
05:48 < mjkr> just curious
05:48 < tomodachi> the idea of tcp fast open is to speed up successive tcp connections
05:49 < tomodachi> running two machines with openvpn will open up exactly one tcp connection
05:49 < tomodachi> once
05:49 < tomodachi> there is nothing that needs to speed up
05:49 < mjkr> so no ways of obfuscation through opening multiple ones?
05:49 < tomodachi> if you want speed , you should be running UDP anyway
05:50 < tomodachi> obfuscating what?
05:51 < mjkr> multiple tcp connections require multiple faked rst/fin packets to terminate
05:51 < mjkr> one tcp connection requires just one
05:53 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:04 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has joined #openvpn
06:05 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 250 seconds]
06:34 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
06:34 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
06:45 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
06:50 -!- crus [~crusader@124.171.59.35] has joined #openvpn
06:55 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:05 <+s7r> how is TLS implemented in OpenVPN when used via UDP? TLS isn't TCP only (for UDP we have DTLS)?/
07:09 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 252 seconds]
07:44 < mjkr> no
07:44 < mjkr> dtls isn't in openvpn
08:02 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
08:06 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 272 seconds]
08:21 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
08:32 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
08:56 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 246 seconds]
09:13 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
09:26 -!- stephan48 [stephan@opennic/stephan] has joined #openvpn
09:28 < stephan48> hi, is there an option to stop openvpn from automatically handing out ip addresses? i only want it to hand ip addresses if configured by a client config file. also i once read that there is a way to dynamically generate client specific config files. any idea what that option could have been?
09:34 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
09:36 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
10:19 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:46 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
10:48 -!- jitterbug [~jitterbug@142.167.108.163] has joined #openvpn
10:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:54 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
11:04 < mjkr> how does tinc compare with openvpn?
11:05 < mjkr> on debian tinc seems to have a hell fewer packages
11:05 < mjkr> s/packages/dependencies
11:07 -!- jitterbug [~jitterbug@142.167.108.163] has quit [Ping timeout: 248 seconds]
11:21 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
11:22 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
11:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
11:32 <@ecrist> mjkr: no idea what tinc is
11:32 < mjkr> ok...
11:33 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
11:34 <@ecrist> what are you trying to figure out?
11:35 <@ecrist> stephan48: you can dynamically generate config files with a --client-connect script
11:35 < stephan48> ah thanks for confirming that
11:35 < stephan48> i meanwhile found the option
11:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
11:36 <@ecrist> in the environment variables, a path name will be passed to the client connect script.  it can then generate a script and write it out to the file name openvpn set
11:36 <@ecrist> once the script exits, the generated config is used for the client, as if it had been in the client-config-dir
11:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
11:40 < stephan48> yup
11:41 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
11:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
12:01 -!- Turn_Left [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
12:02 -!- Turn_Left [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
12:07 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
12:53 -!- wrouesnel1 [~wrouesnel@14-200-69-67.static.tpgi.com.au] has quit [Ping timeout: 252 seconds]
13:45 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
13:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:56 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
13:56 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:28 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
14:32 -!- moviuro__ [~moviuro@37.162.56.240] has joined #openvpn
14:33 < moviuro__> Hi everyone! I'm having some very strange issues with my obsd server: it only answers to pings from clients if they ping an other adress than the one in the same network as they are
14:33 < moviuro__> ie client 10.3.16.201 can't ping 10.3.16.1 but can ping 10.3.15.1, which is the same machine : the openvpn server
14:34 < moviuro__> and by "can't ping", I mean "packet loos is through the roof"
14:41 <+pekster> Smells like firewall
14:41 <+pekster> Utilize tcpdump and see where exactly it gets lost, then dig into the firewall and routing table at that point
14:41 <+pekster> !tcpdump
14:41 <@vpnHelper> "tcpdump" is (#1) tcpdump is a great troubleshooting tool (Wireshark or the tshark.exe CLI tools for Windows.) To start, try a syntax like `tcpdump -pni ifWhatever` or (#2) You can also add filters to the command, like 'icmp' or 'udp port 1194' and the like. Consult the tcpdump docs for details.
14:42 -!- moviuro__ [~moviuro@37.162.56.240] has quit [Ping timeout: 252 seconds]
14:54 -!- moviuro__ [~moviuro@37.161.44.47] has joined #openvpn
14:54 < moviuro__> ok, So I lost my connexion right after asking
14:55 < moviuro__> if anyone answered, I ddin't get you
15:14 < Thermi> moviuro__: https://bpaste.net/show/ea36813f9552
15:15 < mete> is openvpn 2.2 able to use AES-NI on E5 xeon cpus?
15:16 < moviuro__> thanks Thermi
15:17 < moviuro__> pekster: no firewall involved. it used to work great. I also get answers from time to time
15:17 < moviuro__> also, because it is in the same subnet (10.3.16.0/24), I'm pretty sure it can't
15:17 < moviuro__> also, I have nothing in the pflog
15:17 < moviuro__> (tcpdump -tttnei pflog0)
15:20 <+pekster> fireall most certainlly applies for inbound traffic, and logs would only show up in PF if you have something like block log in on em0  # or a similar stanza
15:21 < moviuro__> pekster: the last line is block in drop log
15:21 <+pekster> And tcpdump showed you what? You should now know if the ICMP echo-request made it to your target, and if that target send back an echo-reply
15:23 < moviuro__> pekster: I see requests going in, but only very few replies
15:24 < moviuro__> http://sprunge.us/Dbji
15:25 < moviuro__> 171 packets transmitted, 8 packets received, 95.3% packet loss
15:29 <+pekster> You might check your other interfaces to verify routing (especially any dynamic routing) isn't doing unexpected things on you
15:30 <+pekster> Otherwise you should look at why replies don't get sent out (possibly some rate limiting in your rules, check the openvpn logs at --verb 5 to see if the server end even thinks it's sending into the tun device, etc)
15:30 -!- Chais [~Chais@unaffiliated/chais] has quit [Quit: ZNC - http://znc.in]
15:30 < moviuro__> pekster: no rate limit AFAIK
15:30 < moviuro__> I'll check at verb5
15:31 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
15:34 < moviuro__> pekster: what now with verb5.?
15:34 < moviuro__> I get stuff like WWWRwRwrWRwrWRwRwrWrWWWRwRwrWRwrWRwrWWWRwRwrWRwrWRwrWWWRwRwrWRwrWRwrWWWRwrWRwRwrWRwrWRwrWRwrWRwrWRwRwrWRwrWrWRwRwrWRwrWRwrWRwRwrWRwrWRRwrWrWRwRwRwrWRwrWRwrWrWRwRwRwrWRwrWRwrWrWRwRwRwrWRwrWrWRwRwrWRwRwrWrWWWRwrWRwRwRwrWRwrWWWRwrWrWRwRwRwrWRwrWRwWWrWRwrWRwrWRwRwrWRwrWWWrWRwRwrWRwRwrWRwRwrWRwRwrWRwrWWWrWrWRwRwrWRwrWRwrWRwRwrWRwrWrWRwRwrWrWRwrWRwrWrW
15:35 <+pekster> lowercase is reads/writes on the tun device packets, so if you see reads but no writes, that's a problem
15:36 <+pekster> upper-case is for the encapsulated UDP (or TCP, with that --proto enabled instead) packets that actually hit the wire
15:38 <+pekster> That more or elss seems expected, so assuming you're not doing "other" things over the connection (other clients, file sharing, ssh, etc) tcpdump should show you whatever is sent into the tun device
15:43 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
15:43 -!- mode/#openvpn [+v s7r] by ChanServ
16:01 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:01 < moviuro__> pekster: the issue seems to be with the tun device itself
16:01 < moviuro__> If I ping the tun's address without hitting the device (tcpdump -tttnei tun0 icmp stays blank), I get 0% packet loss
16:13 -!- moviuro__ [~moviuro@37.161.44.47] has quit [Ping timeout: 246 seconds]
16:13 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has quit [Ping timeout: 256 seconds]
16:15 < mete> 145mbit throughput via openvpn - that's ok :D
16:38 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
16:40 < NetworkingPro> Guess I made it...
17:05 <@ecrist> NetworkingPro: congrats?
17:15 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Quit: ZNC - http://znc.in]
17:17 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
18:06 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
18:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:18 -!- FlyingPersian [~Flying@p20030056CB6B3738BD3D9DFD6B57349E.dip0.t-ipconnect.de] has joined #openvpn
18:18 < FlyingPersian> hey
18:19 < FlyingPersian> I just created a openvpn TUN server on my FreeNAS machine according to a tutorial, but when I try to connect via windows I'm not getting any logs at all
18:19 < FlyingPersian> this is the tutorial: https://thealarmclocksixam.wordpress.com/2014/09/21/how-to-setup-a-vpn-server-in-a-freenas-jail/
18:19 <@vpnHelper> Title: How to setup a VPN server in a FreeNAS jail | thealarmclocksixam (at thealarmclocksixam.wordpress.com)
18:19 < FlyingPersian> ports are set, openvpn is running
18:22 < FlyingPersian> on my android phone I get the TLS error which is listed here, but none of the things mentioned helped: http://openvpn.net/index.php/open-source/documentation/howto.html#start
18:22 <@vpnHelper> Title: HOWTO (at openvpn.net)
18:33 -!- FlyingPersian [~Flying@p20030056CB6B3738BD3D9DFD6B57349E.dip0.t-ipconnect.de] has quit [Quit: Verlassend]
18:39 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
19:08 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
20:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:34 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
20:50 -!- Thominus [~Thominus@99.248.182.89] has joined #openvpn
20:51 < Thominus> !welcome
20:51 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
20:51 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:52 < Thominus> !topology
20:52 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
20:57 < Thominus> !route
20:57 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
20:57 <@vpnHelper> client
21:07 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 256 seconds]
21:08 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
21:09 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
21:09 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
21:09 -!- mode/#openvpn [+o krzee] by ChanServ
21:27 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:32 -!- Phagus [~Phagus@72-53-156-35.cpe.distributel.net] has joined #openvpn
21:32 < Phagus> When I tried to install OpenVPN server on my Windows 8.1 machine, it disconnected me from the Internet, and I have limited connectivity.
21:33 < Phagus> I tried restarting my machine, and the automated diagnosis tool. Other devices connected to the router have a conneciton to the Internet
21:40 <+pekster> There is no "automated diagnosis tool" in OpenVPN. Maybe you're using a commercial wrapper for which you should seek your vendor for support?
21:40 <+pekster> Perhaps:
21:40 <+pekster> !as
21:40 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
21:40 <+pekster> (which is also in our /TOPIC, by the way)
21:42 < Phagus> I should mention, I've uninstalled OpenVPN. The automated diagnosis tool is the one for the network.
21:42 < Phagus> This is now a Windows problem.
21:43 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
21:43 <+pekster> Then what is your goal?
21:43 <+pekster> !goal
21:43 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
21:48 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:05 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
22:06 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
22:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:29 -!- ShadniX [dagger@p5481C7BE.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:29 -!- ShadniX_ [dagger@p5481C7FC.dip0.t-ipconnect.de] has joined #openvpn
23:29 -!- ShadniX_ is now known as ShadniX
23:31 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 255 seconds]
23:47 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
23:48 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
--- Day changed Mon Apr 20 2015
00:05 -!- Phagus [~Phagus@72-53-156-35.cpe.distributel.net] has quit [Quit: leaving]
00:58 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
01:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:50 -!- mode/#openvpn [+o mattock1] by ChanServ
02:03 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
02:07 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:18 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
02:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:44 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
03:33 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
03:48 -!- Latrina [~Latrina@ppp-211-33.26-151.libero.it] has quit [Ping timeout: 256 seconds]
03:50 -!- Latrina [~Latrina@adsl-ull-96-184.50-151.net24.it] has joined #openvpn
04:40 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:25 -!- nice_ [~nice@unaffiliated/linkedinyou] has joined #openvpn
05:30 -!- nice_ [~nice@unaffiliated/linkedinyou] has quit [Read error: Connection reset by peer]
05:34 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
05:45 -!- wlarip [~wlarip@209.26.240.148] has quit [Quit: Leaving]
05:49 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
05:56 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
06:24 -!- u0m3 [~u0m3@109.96.156.18] has joined #openvpn
06:39 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
06:40 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:02 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 272 seconds]
07:04 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:05 -!- wrouesnel2 [~wrouesnel@14-200-69-67.static.tpgi.com.au] has joined #openvpn
07:09 -!- u0m3 [~u0m3@109.96.156.18] has quit [Ping timeout: 246 seconds]
07:13 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
07:27 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
07:41 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
07:43 -!- dazo_afk is now known as dazo
07:52 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
08:07 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:34 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
08:36 -!- FlyingPersian [~Flying@p20030056CB6B3738BD3D9DFD6B57349E.dip0.t-ipconnect.de] has joined #openvpn
08:37 < FlyingPersian> hi. I created a VPN server on my FreeNAS machine and it's up and running now. I managed to connect to it and get an IP in the subnet 10.8.0.0. I cannot ping anything in the network though
08:37 < FlyingPersian> I'm pushing the route of my homenetwork 192.168.1.0, but I can't ping any IP in there nor any IP in the 10.8.0.0 subnet (not even 10.8.0.1)
08:38 -!- dansanger [~vpnuser@190.72.186.103] has joined #openvpn
08:38 < FlyingPersian> push "route 192.168.1.0 255.255.255.0"
08:38 < FlyingPersian> this is what my config says
08:39 < FlyingPersian> I've disabled push "redirect-gateway"
08:39 < rob0> !clientlan
08:39 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
08:39 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
08:40 < rob0> or maybe !serverlan, I can't tell
08:40 < FlyingPersian> !route
08:40 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server
08:40 <@vpnHelper> or client
08:41 < FlyingPersian> !serverlan
08:41 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
08:41 < FlyingPersian> !ipforward
08:41 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
08:42 < FlyingPersian> !fbsdipforward
08:42 <@vpnHelper> "fbsdipforward" is is set gateway_enable="YES" in /etc/rc.conf to enable ip forwarding in freebsd
08:42 < FlyingPersian> okay I've done that
08:42 < FlyingPersian> !route_outside_openvpn
08:42 <@vpnHelper> "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
08:43 < FlyingPersian> hm none of this helps :D
08:43 < FlyingPersian> https://forums.freenas.org/index.php?threads/how-to-install-routed-openvpn-server-in-a-vimage-portjail.21856/
08:43 <@vpnHelper> Title: [HOW-TO] Install routed OpenVPN server in a VIMAGE portjail | FreeNAS Community (at forums.freenas.org)
08:53 < FlyingPersian> okay I somewhat found the issue
08:53 < FlyingPersian> but not a solution yet
08:54 < FlyingPersian> maybe somebody has an idea.. I've created a file with rules for the firewall:
08:54 < FlyingPersian> ipfw -q -f flush
08:54 < FlyingPersian> ipfw -q nat 1 config if epair0b
08:54 < FlyingPersian> ipfw -q add nat 1 all from 10.8.0.0/24 to any out via epair0b
08:54 < FlyingPersian> ipfw -q add nat 1 all from any to any in via epair0b
08:54 < FlyingPersian> when I do ipfw list it only gives me this:
08:54 < FlyingPersian> 65535 allow ip from any to any
08:54 < FlyingPersian> instead of
08:54 < FlyingPersian> 00100 nat 1 ip from 10.8.0.0/24 to any out via epair0b
08:54 < FlyingPersian> 00200 nat 1 ip from any to any in via epair0b
08:54 < FlyingPersian> 65535 allow ip from any to any
08:55 < FlyingPersian> all paths are correct, so I'm not sure what the issue is. I'm restarting the server now, maybe it helps
08:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
08:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:58 -!- mode/#openvpn [+o mattock1] by ChanServ
09:06 -!- dansanger [~vpnuser@190.72.186.103] has quit [Read error: Connection timed out]
09:09 < mete> are there any cons using 2048bit or even 4096bit keys with an CA? I know that the negotiation will need longer, but is there more cpu load during file transfer over openvpn when the key size is bigger?
09:20 -!- rich0_ is now known as rich0
09:21 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
09:25 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 240 seconds]
09:25 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 240 seconds]
09:27 -!- dansanger [~vpnuser@190.72.186.103] has joined #openvpn
09:28 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
09:28 -!- novae [~novae@unaffiliated/novae] has joined #openvpn
09:31 -!- dansanger [~vpnuser@190.72.186.103] has quit [Ping timeout: 250 seconds]
09:32 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
09:34 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Quit: No Ping reply in 180 seconds.]
09:36 -!- dansanger [~vpnuser@190.72.186.103] has joined #openvpn
09:37 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
09:41 -!- dansanger [~vpnuser@190.72.186.103] has quit [Ping timeout: 272 seconds]
09:47 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 240 seconds]
09:49 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
09:49 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 245 seconds]
09:54 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
10:05 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 276 seconds]
10:06 -!- albercuba [~albercuba@HSI-KBW-46-237-192-160.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
10:06 < albercuba> Hello everyone. Can someone tell me if there is an option to use vpn authentication with a mechanism similar to the TAN list from banks?
10:07 < tomodachi> albercuba: openvpn has auth hooks
10:07 < tomodachi> so you hook in any athentication mechanism you can think of
10:07 < tomodachi> if you can program it
10:08 < tomodachi> or script it
10:09 < albercuba> tomodachi, ok thanks, so the name is auth hoooks
10:15 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
10:31 <@ecrist> albercuba: check out the man page and look for plugins
10:32 <@ecrist> you can also write your own script and invoke the --client-connect option
10:51 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:09 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:26 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
11:36 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
11:39 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Client Quit]
11:42 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Excess Flood]
11:42 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
11:43 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
12:01 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
12:03 -!- Pursuit [~Pursuit@cpe-104-35-53-192.socal.res.rr.com] has left #openvpn ["WeeChat 1.1.1"]
12:06 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:09 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
12:15 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
12:20 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
12:49 -!- novae [~novae@unaffiliated/novae] has quit [Ping timeout: 240 seconds]
13:03 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
13:03 -!- mode/#openvpn [+v s7r] by ChanServ
13:10 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:11 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
13:22 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:22 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
13:25 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
13:26 -!- zmachine [uid53369@gateway/web/irccloud.com/x-gxwqflholuijkhfp] has joined #openvpn
13:28 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
13:28 -!- mode/#openvpn [+v s7r] by ChanServ
13:34 -!- wrouesnel2 [~wrouesnel@14-200-69-67.static.tpgi.com.au] has quit [Ping timeout: 264 seconds]
13:41 -!- FlyingPersian [~Flying@p20030056CB6B3738BD3D9DFD6B57349E.dip0.t-ipconnect.de] has quit [Quit: Verlassend]
13:58 -!- elfixit1 [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit1]
13:59 -!- s7r_w [~s7r@openvpn/user/s7r] has joined #openvpn
13:59 -!- mode/#openvpn [+v s7r_w] by ChanServ
14:01 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 248 seconds]
14:06 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
14:14 -!- diranged [~Adium@162.245.21.10] has joined #openvpn
14:14 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
14:15 < diranged> Hey if I have a specific group of users (in ldap) that we want to have limited access to a very specific IP range, can we do that in our openvpn config?
14:15 < diranged> ie.. all employees get access to 10.0.0.0/16, but contractors only get access to 10.0.1.0/24?
14:16 <+esde> !ldap
14:16 <+esde> !ad
14:16 <@vpnHelper> "ad" is see !activedirectory
14:16 <+esde> !activedirectory
14:16 <@vpnHelper> "activedirectory" is http://amigo4life.googlepages.com/openvpn for the guide of how to auth against AD
14:16 < diranged> We already have LDAP auth setup… but its basic. It lets all employee accounts in. Now we're trying to narrow it down for this one group of contractors
14:16 < diranged> (and its ldap, not ad)
14:17 <@dazo> diranged: openvpn has something called packet-filter built into it, but it requires quite some setup to make that work ... http://backreference.org/2010/06/18/openvpns-built-in-packet-filter/
14:18 <@dazo> otherwise, there is the plug-in I've written (eurephia) which provides more fine grained access control ... but LDAP support haven't been implemented yet
14:18 <@dazo> !eurephia
14:18 <@vpnHelper> "eurephia" is http://www.eurephia.net/
14:24 <@dazo> esde: I'd consider that !activedirectory stuff really nasty ... the zip file is a rar file, tells you to put scripts into a config dir, talks about the obsolete openvpn.se web-site ... and provides a download to an exe-file (Setup-OpenVPN-GUi.exe) without explaining what it really contains (most likely the outdated openvpn 2.0.6)
14:25 <@dazo> ecrist: krzee: Eugene: ^^^ what do you guys think?
14:25 <+esde> ew
14:26 < Eugene> I think I'm going to stab you in the face
14:26 < Eugene> But thats me.
14:26 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
14:26  * dazo raises his shields
14:36  * esde pokes Eugene with a reallllly long stick...... and hides behind dazo
14:36  * dazo jumps behind Eugene 
14:37 -!- chiefbodge [~chiefbodg@220-253-37-107.dyn.iinet.net.au] has joined #openvpn
14:40 -!- mode/#openvpn [+o Eugene] by ChanServ
14:41 < chiefbodge> Hey - just wondering if anyone has any ideas of what might be making my OpenVPN slow. PPTP to the same VPN server runs at about 200mbit but I can only get 60mbit max from openvpn even with multiple openvpn connections (using ip rules). Even with one connection to one server and another connection to a completely different server I seem to only ever be able to get 60mbit. It's a dual cpu server with 32GB of ram and there's no sig
14:41 < chiefbodge> nificant CPU load during openvpn downloads
14:42 < chiefbodge> I've tried with different ciphers and it doesn't seem to make a difference. I tried with cipher none and it makes openvpn crash unfortunately
14:50 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:00 <@ecrist> yuk
15:00 <@ecrist> dazo: ^^
15:00 -!- s7r_w [~s7r@openvpn/user/s7r] has quit [Ping timeout: 248 seconds]
15:01 <@dazo> So. I'd say we should just remove that factoid, to avoid misleading people?
15:01 -!- diranged [~Adium@162.245.21.10] has left #openvpn []
15:05 <@ecrist> yes
15:06 <@ecrist> the AD stuff can be done with LDAP integration
15:08 <@ecrist> feel free to do the honors, i've never bothered fixing my permissions on the bot
15:11 <@dazo> !forget activedirectory
15:11 <@vpnHelper> Joo got it.
15:11 <@dazo> !learn activedirectory Can be done using LDAP integration
15:11 <@vpnHelper> (learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
15:11 <@dazo> !learn activedirectory as Can be done using LDAP integration
15:11 <@vpnHelper> Joo got it.
15:11 <@dazo> damned pedantic vpnHelper
15:11 <@dazo> !activedirectory
15:11 <@vpnHelper> "activedirectory" is Can be done using LDAP integration
15:17 -!- Guest86751 [~s7r@openvpn/user/s7r] has joined #openvpn
15:17 -!- mode/#openvpn [+v Guest86751] by ChanServ
15:19 < ross`> Do i need to do anything special to get openvpn working for china?
15:19 < ross`> openvpn client
15:27 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 245 seconds]
15:30 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
15:30 <+esde> !obfs
15:30 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
15:30 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
15:30 <+esde> ross` ^
15:36 -!- makhmutov74 [~makhmutov@mahmutov-rg-unlim.vpn.mgn.ru] has joined #openvpn
15:37 < makhmutov74> My openvpn connection is so slow, Is there way to speed up?
15:40 -!- Guest86751 [~s7r@openvpn/user/s7r] has quit [Ping timeout: 248 seconds]
15:46 <+esde> probably
15:53 < rob0> Get out and help push?
15:54 <@dazo> untangle the Ethernet cables?
15:56 < _FBi> using your main finger turn the device clock wise
15:56 < _FBi> sup ninjas
15:58 <@dazo> http://dilbert.com/strip/1996-05-02
15:58 <@vpnHelper> Title: Dilbert Comic Strip on 1996-05-02 | Dilbert by Scott Adams (at dilbert.com)
15:59 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
16:00 < _FBi> times out for me dazo
16:01 < _FBi> heh
16:01 < _FBi> google cache
16:01 < rob0> You need a new token, then.
16:01 <@dazo> :)
16:01 < _FBi> ;)
16:02 < _FBi> I wonder is dazo has these cued up, or comes by them randomly
16:02 < rob0> krzee, happy 4-20!
16:02 <@dazo> _FBi: cued up on the dilbert search engine ;-)
16:02 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 250 seconds]
16:03 < _FBi> dazo, you're so gangster :D
16:06 -!- zmachine [uid53369@gateway/web/irccloud.com/x-gxwqflholuijkhfp] has quit [Quit: Connection closed for inactivity]
16:10 -!- dazo is now known as dazo_afk
16:11 -!- Linuxnet [~netas@unaffiliated/netas3k] has quit [Quit: ZNC - http://znc.in]
16:12 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:16 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 244 seconds]
16:16 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:22 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
16:37 -!- carlcrack [~carlcrack@gateway/vpn/privateinternetaccess/carlcrack] has quit [Quit: x]
16:38 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
16:42 -!- chiefbodge [~chiefbodg@220-253-37-107.dyn.iinet.net.au] has quit [Remote host closed the connection]
16:44 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
16:49 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:50 -!- BrazierCustoms [~braziercu@69.43.3.131] has joined #openvpn
16:50 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
16:51 < BrazierCustoms> errhum....   Hi.  I have a dedicated vpnbook server.  when my vpn is not enabled, I can connect to my box to ssh, and port 8080 for a config page.  However when I start the vpn, I cannot.  I would like to still be able to connect via the vpnserver public address, or any other way.  How can I achieve this?
16:51 < BrazierCustoms> I am running a mint 17 server with openvpn using a vpnbook private server
16:59 < Thermi> BrazierCustoms: Fix your iptables rules to allow access to ports on your public IP from the VPN device.
17:01 < BrazierCustoms>  Hi Thermi, I'm not sure how to do that :/
17:01 < Thermi> Then find out how to do that.
17:03 < BrazierCustoms> :( you got any examples? maybe a ling to point me in the right direction? I been trying to figure this out for a while.  When I start the vpn, it changes my subnet so it blocks connections thru my eth adapters.. and there are two.
17:03 < BrazierCustoms> link*
17:03 < _FBi> man, I thought I was in ##cars lol
17:04 < Thermi> BrazierCustoms: I do not know anything about vpnbook servers.
17:04 < _FBi> BrazierCustoms, IPTables are fairly straight forward
17:05 < BrazierCustoms> fbi, you can help me get it working? I feel like if I can get ssh working, then I can figure out 8080 :P
17:06 < BrazierCustoms> sorry _FBi
17:07 < _FBi> I'm actually about to go and work on my car :/
17:07 < BrazierCustoms> _FBi, RUN!!!!lol
17:08 < _FBi> I'm sure someone here would have a better soloution for you.
17:09 < BrazierCustoms> _FBi,  if I could just at least get ssh working, then I could at least make changes to it again :/
17:10 < _FBi> on my VPN boxes, I use ssh.  I don't see the need to VPN to them first
17:10 <+esde> go to vpnbook for support
17:11 < rob0> Turn off --redirect-gateway if you don't want to use it.
17:11 < _FBi> BrazierCustoms, there's also bridging
17:11 < _FBi> cheers guys
17:11 < BrazierCustoms> esde, I explained to them what I needed, and they came back and said "Here is a new config for vpn over port 22"
17:11 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Quit: elfixit]
17:12 <+esde> still, this is not support for your paid service.
17:12 < BrazierCustoms> rob0, I still want ALL other trAFFIC over vpn
17:12 <+esde> you have no control over the server side, we're of no help to you.
17:12 < rob0> Then learn about policy routing for your OS.
17:13 < BrazierCustoms> esde, so I cant even enable 22 or 8080 over my normal public IP while I am connected to the vpn?
17:14 <+esde> that's dependent on what your provider is willing to configure
17:14 < rob0> I would not expect a paid provider to want to walk you through policy routing, even if they have someone who knows how to do it.
17:14 <+esde> if they're opening the port, but you can't make use of it. it's not their fault.
17:14 <+esde> !101
17:14 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
17:15 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
17:17 < BrazierCustoms> :/ I wasn't trying to make it a replacement for other topics, I just figured someone with expierience with openvpn may be able to help me. because I know nothing about iptables, or policy routing.  but at least I know what to look for now. thanks guys.
17:18 < rob0> lartc.org (sounds like you must be on Linux)
17:18 <+esde> then stay here (idle), read up, and ask specific questions
17:19 < rob0> #Netfilter might be better for the details, but again, no one likely has the time to walk you through it all.
17:19 < BrazierCustoms> rob0, yes linux mint 17
17:29 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
17:36 < BrazierCustoms> :/ wow, I been reading this pdf at the link you gave me rob0, I dont even know where to start :/
17:47 < rob0> well, in a nutshell, you need one routing table per uplink.  Then you'll want something to put the desired traffic in the right routing table.
17:48 < rob0> Typically for what you describe, you have a mangle/PREROUTING rule which -j MARK to add a mark.
17:48 < rob0> Then an "ip rule add ... fwmark ..." rule sends it to the right table.
17:49 < rob0> It's advanced networking/routing, so if you're weak on the basics you will hurt a lot.
17:50 < BrazierCustoms> does the table changes have to be made by whatever is initializing the vpn? or is it something that will stay no matter what?
17:51 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
17:52 < rob0> it might possibly be done either way.
17:52 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:53 < BrazierCustoms> rob0 I guess thats why i'm so confused, on top of knowing very little about iptables.  I think if I saw someones example of how to redirect a port  icould probably figure it out.. maybe
17:54 < BrazierCustoms> especially if it was tailore to my setup
17:55 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
17:56 < BrazierCustoms> rob0, but i understand people dont have time for this..  I'm sure someone has a setup where they are using a vpn, but still have ssh or other port open, but I cant seem to find an example.
18:07 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:11 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 252 seconds]
18:12 < rob0> "VPN" does not necessarily mean "redirected gateway".
18:13 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
18:14 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
18:15 -!- mode/#openvpn [+v s7r] by ChanServ
18:18 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
18:18 -!- novaflash is now known as novaflash_away
18:20 < BrazierCustoms> rob0, I found this iptables -t nat -A POSTROUTING -i eth0 --dport 22 -j SNAT --to-source my.private.gateway.ip    but --dport does not seem to be a valid option
18:20 -!- shio [marmot@142.121.101.84.rev.sfr.net] has joined #openvpn
18:20 < BrazierCustoms> rob0, is this even the right direction?
18:20 < rob0> SNAT won't change/override the routing.  No.
18:21 < BrazierCustoms> rob0, ok, good to know
18:21 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
18:21 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Client Quit]
18:22 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
18:24 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 248 seconds]
18:31 < BrazierCustoms> :/ the more I read, the more I'm lost.  am I even close? I wish I had a working example to study :/
18:32 < BrazierCustoms> rob0, is the rest close? so I just need to change the snat to something else?
18:33 < rob0> https://www.google.com/search?q=ip+rule+fwmark+iptables+mangle+prerouting+-j+MARK
18:33 <@vpnHelper> Title: ip rule fwmark iptables mangle prerouting -j MARK - Google Search (at www.google.com)
18:33 < rob0> look for ones which say "solved" or similar
18:42 -!- novaflash_away is now known as novaflash
18:46 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
18:54 < BrazierCustoms> rob0, iptables -t mangle -A POSTROUTING -i eth0 --dport 22 -j [WHAT HERE?]--d 192.1691.1   closer? i'm looking at manpage for iptables but dont understand the jump target info
18:54 <+esde> >192.1691.1 looks way off
18:54 < BrazierCustoms> rob0, iptables -t mangle -A POSTROUTING -i eth0 --dport 22 -j [WHAT HERE?]--d 192.168.1.1    (OOPS) closer? i'm looking at manpage for iptables but dont understand the jump target info
18:54 < BrazierCustoms> esde, I need the actual target addy?
18:55 < BrazierCustoms> esde, iptables -t mangle -A POSTROUTING -i eth0 --dport 22 -j [WHAT HERE?]--d 192.168.1.44    (OOPS) closer? i'm looking at manpage for iptables but dont understand the jump target info
18:55 < rob0> did you set up the routing table yet?
18:56 < rob0> the iptables part (and I surely did tell you "-j MARK") is later
18:56 < BrazierCustoms> rob0, :/ I thought thats what I was working on omg
18:57 < BrazierCustoms> i'm going to end up having to go to work before I figure this out.
18:58 < Kerberos76> Would anyone be able to point me to a "HOWTO" on forwarding a specific port on a public IP to the IP of a OpenVPN client?
18:59 <+esde> https://superuser.com/questions/519268/allow-local-connection-to-client-running-openvpn
18:59 <@vpnHelper> Title: networking - Allow Local Connection to Client Running OpenVPN - Super User (at superuser.com)
18:59 < Kerberos76> i.e. 1.2.3.4:1000 -> 10.0.8.0:1000
18:59 <+esde> ^ Kerberos76
18:59 < Kerberos76> sorry, that was so fast, didn't even notice
18:59 < Kerberos76> thanks!
18:59 <+esde> the sauce i use iptables -t nat -A PREROUTING -p tcp --dport port -j DNAT --to-destination ip:port
19:00 <+esde> port=external port ip:port=openvpnclientip:internalport
19:02 < Kerberos76> ok, so the OpenVPN client has two internal IP's correct? i.e. 10.0.8.5 on one end of the tunnel and 10.0.8.6 on the other. ip:port is the 10.0.8.6 ip correct?
19:02 < Kerberos76> assuming .6 is assigned the actual machine. if this is making sense
19:02 <+esde> i think yes
19:03 <+esde> i usually use .6, but im my only client
19:03 < Kerberos76> ya, me as well
19:03 <+esde> (when im using port forwards)
19:03 < Kerberos76> I'm just setting it up for myself
19:04 <+esde> o/
19:05 < Kerberos76> thanks for your help esde
19:05 <+esde> np
19:05 < Kerberos76> will give it a shot
19:06 <+esde> BrazierCustoms, airvpn has a public knowledgebase and forums that are pretty active. they also offer port forwarding, check their (and other providers) docs and information to see if they have the solution for you somewhere
19:08 <+esde> for example https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/ might be useful, if you can make sense of it and modify or write your own rule as needed
19:08 <@vpnHelper> Title: How to forward ports in DD-WRT Tomato with iptables - How-To - AirVPN (at airvpn.org)
19:11 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
19:12 < rob0> esde, what BC wants is for the client IP to be able to answer on ssh *not* through the VPN.  Redirecting ports (DNAT) won't do that.
19:12 <+esde> ahh
19:12 <+esde> weird
19:12 < rob0> BrazierCustoms, that's correct, is it not?
19:17 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
19:19 < BrazierCustoms> rob0, its ok if it goes thru the vpn, whichever is easier, i just want access when vpn is running
19:20 < BrazierCustoms> I am currently working out of town, but when I start the vpn, I have to call my house and have someone stop it when i need access again... frustrating
19:22 < BrazierCustoms> esde, ^
19:22 < rob0> oh, then a server-side DNAT would work, if they will do that for you.
19:22 < rob0> much easier
19:22 < BrazierCustoms> but they have to do it?
19:22 < rob0> unless if they don't want to do it :)
19:25 < BrazierCustoms> rob0, so its not something I can specify in the server config?
19:25 < rob0> oh, I am confused, I thought you did not run the server
19:26 <+esde> same
19:26 < rob0> no, it's not an openvpn setting, it is iptables DNAT (or similar depending on server OS.)
19:28 < BrazierCustoms> ok, I will request from them, if not I am willing to paypal someone to help me figure it out :P I need it working, its driving me crazy.  and rob0 you are right, i do not run the vpnserver, its a vpnbook private server.
19:29 < BrazierCustoms> I have to go to work, i'm going to attempt to leave this up lol
19:30 < BrazierCustoms> & I will be working until 630 am est, thank you for your help ( all of you) I really apreciate it.
19:56 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
20:08 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
20:11 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Client Quit]
20:11 -!- s7eele [~AndChat52@208.167.254.224] has quit [Ping timeout: 265 seconds]
20:43 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 240 seconds]
20:49 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:53 -!- s7eele [~AndChat52@208.167.254.51] has joined #openvpn
21:09 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:49 -!- khaldrogox [~anonymous@66.87.118.114] has joined #openvpn
22:49 -!- khaldrogox [~anonymous@66.87.118.114] has quit [Client Quit]
23:22 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
23:29 -!- ShadniX [dagger@p5481C7FC.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:29 -!- ShadniX_ [dagger@p5481C7C6.dip0.t-ipconnect.de] has joined #openvpn
23:29 -!- ShadniX_ is now known as ShadniX
23:40 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
--- Day changed Tue Apr 21 2015
00:48 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:48 -!- mode/#openvpn [+o mattock] by ChanServ
00:53 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
00:53 < Junka> hello
00:53 < Junka> how do i set the connection to be done through port 443?
00:54 < Junka> i set a 'port 443' and tcp on my config
00:54 < Junka> but i still cant connect on a restricted network
00:55 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:03 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:10 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:20 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:25 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
01:29 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
01:33 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:35 -!- matt_ [~matt@ccpc-buzzer.bath.ac.uk] has quit [Ping timeout: 246 seconds]
01:38 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
01:38 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 265 seconds]
01:43 -!- matt_ [~matt@ccpc-buzzer.bath.ac.uk] has joined #openvpn
01:46 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
01:49 < Junka> pls
01:50 < Junka> this channel offers no support
01:57 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
02:16 -!- BrazierCustoms [~braziercu@69.43.3.131] has quit [Read error: Connection reset by peer]
02:23 -!- Junka [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
02:48 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:51 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
02:56 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:57 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
03:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:15 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
03:17 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
03:41 -!- dazo_afk is now known as dazo
03:53 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
04:24 -!- AlmogBaku [~AlmogBaku@bzq-79-180-131-236.red.bezeqint.net] has joined #openvpn
04:28 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
04:28 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Client Quit]
04:32 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
05:02 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
05:05 -!- NetworkingPro [~Networkin@192.198.208.235] has quit [Ping timeout: 256 seconds]
05:12 -!- deranged [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
05:14 -!- deranged [Bit@lolpurr.net] has joined #openvpn
06:04 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 256 seconds]
06:08 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
06:12 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 256 seconds]
06:53 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
06:56 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
07:15 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
07:15 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:17 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
07:23 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
07:38 -!- s7eele [~AndChat52@208.167.254.51] has quit [Remote host closed the connection]
07:38 -!- s7eele [~AndChat52@208.167.254.51] has joined #openvpn
07:39 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
07:39 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:41 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Client Quit]
07:42 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:43 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Client Quit]
07:46 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:47 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Client Quit]
07:47 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:00 -!- Junka [~Junkass@gateway/vpn/privateinternetaccess/junka] has joined #openvpn
08:00 < Junka> hello
08:00 < Junka> how do i temporary disable openvpn?
08:02 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 252 seconds]
08:07 -!- colo-work [~jt@78.142.138.4] has joined #openvpn
08:07 < colo-work> hey there
08:08 < colo-work> is it possible to have one openvpn server configuration for specify both a tcp and udp socket config?
08:08 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
08:09 <+esde> Junka, what
08:09 <+esde> colo-work, not with the same daemon, need one for tcp and one for udp
08:09 < Junka> esde; disable the openvpn connection temporary
08:10 < colo-work> esde, I see. it should be possible to just copy the UDP server's config, replace "proto udp" with "proto tcp-server", right?
08:10 <+esde> I need more details. By your hostname, it seems youre behind PIA. If that's the case, you can't control the server side, you can only disconnect
08:10 < colo-work> (we're having trouble with an exmployee ISP fubaring UDP traffic, and I'd like to try if falling back to TCP for affected users helps)
08:11 <+esde> colo-work, why "tcp-server"?
08:11 < Junka> esde; yes how2disconnect
08:11 < Junka> and then reconnect again
08:11 <+esde> Junka, you'd have to contact your paid provider for information
08:12 < Junka> wat, i think you misunderstand
08:12 <+esde> This is not a substitute for vendor support, I don't misunderstand.
08:12 < Junka> i want to use my real ip temporary
08:12 < colo-work> esde, I was under the impression the manpage was telling me that
08:12 < colo-work> might need to read that again ;)
08:12 < colo-work> dumb question maybe, but does the tcp server variant support multiple clients at once? i. e., does openvpn fork to handle tcp clients?
08:13 < Junka> what has my vendor anything to do with it
08:13 < Junka> lol
08:13 <+esde> can openvpn handle multiple clients when configured to use tcp? yes. AFAIK
08:13 <+esde> Junka, i doubt you're going to get any help from users in this channel. It's assumed you can figure out how to disconnect, if you were able to connect in the first place. This is not a place for spoon feeding.
08:14 <+esde> colo-work, from the !howto "If you want your OpenVPN server to listen on a TCP port instead of a UDP port, use proto tcp instead of proto udp (If you want OpenVPN to listen on both a UDP and TCP port, you must run two separate OpenVPN instances)."
08:15 < Junka> esde; i have created a openvpn@cleint.service to run at boot, i cant disable it and reboot and then enable it and then reboot again just to use my real ip for 5 mins
08:15 < colo-work> esde, thanks
08:15 < Junka> when i used networkmanager-openvpn, there was a nice gui option to disconnect
08:15 < Junka> and then connect
08:16 <+esde> colo-work, you can also use a port share option if you'd like to listen on port 443, but already have an HTTPS service listening on the port
08:16 < Junka> now im using the openvpn client itself
08:16 <+esde> Junka, please see !101
08:16 < Junka> !101
08:16 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
08:17 < Junka> BUT IM ASKING ABOUT THE OPENVPN CLIENT
08:17 <+esde> Stop the client
08:17 < rob0> Junka, I am so sorry that I did not wake up when you were here "help vampiring" earlier.  I know you are entitled to professional support at all hours, free of charge, but I was sleeping.  You're right, we are worthless.
08:18 < Junka> i did not speak to you by name
08:18 < Junka> there are over 200 people here
08:19 < Junka> and i get Failed to stop openvpn.service: Unit openvpn.service not loaded.
08:19 <+esde> ..
08:20 < Junka> which is clearly wrong
08:20 < Junka> cause i can see it in the bootsequence loading
08:20 < Junka> and im clearly using my vpn
08:20 <+esde> !google how to stop openvpn client
08:20 <@vpnHelper> vpn - How to disconnect from OpenVPN? - Ask Ubuntu: <http://askubuntu.com/questions/298419/how-to-disconnect-from-openvpn>; How to disable OpenVPN from autostarting at boot-up or reboot ...: <http://askubuntu.com/questions/302933/how-to-disable-openvpn-from-autostarting-at-boot-up-or-reboot>; How to start and stop openvpn through terminal for ubuntu 14.04 ...:
08:20 <@vpnHelper> <https://www.privateinternetaccess.com/forum/discussion/4173/how-to-start-and-stop-openvpn-through-terminal-for-ubuntu-14-04>
08:20 <+esde> Good luck!
08:24 < Junka> esde; ty
08:24 < Junka> so i just kill the process?
08:25 < Junka> that seems aggresive
08:29 -!- Junka [~Junkass@gateway/vpn/privateinternetaccess/junka] has quit [Quit: B-Bye!]
08:42 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
08:55 -!- mjkr [c7b4ffee@gateway/web/freenode/ip.199.180.255.238] has quit [Ping timeout: 246 seconds]
09:01 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has quit [Ping timeout: 276 seconds]
09:07 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
09:09 -!- lorens [~lorens@213.27.241.114] has quit [Read error: Connection reset by peer]
09:20 < stephan48> or you could actually use the correct servicename....
09:42 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:55 < matt_> does anybody know why the openvpn connect client in the apple app store now charges?
09:57 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 240 seconds]
10:02 < rob0> isn't that the AS client?
10:02 < matt_> rob0: it does say access server yea
10:02 < rob0> !as
10:02 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
10:02 < matt_> it was free a few days ago
10:02 < matt_> oh right, different channel .. ok thanks
10:02 < rob0> anyway, I doubt anyone there will know
10:03 < rob0> I think OpenVPN Tech. gives away the client.
10:03 <+esde> rob0, it's the app for AS, Private Tunnel VPN, and Community
10:03 <+esde> https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8
10:03 <@vpnHelper> Title: OpenVPN Connect on the App Store on iTunes (at itunes.apple.com)
10:03 <+esde> If this is the app the user is referring to
10:03 < rob0> so it was probably a decision made by someone at Apple
10:04 < rob0> Apple's always willing to take someone's money.
10:04 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
10:04 <+esde> i've never had an app on any app store, but i'd imagine it's up to the dev.
10:19 < matt_> yea thats the app I was referring to
10:21 < matt_> its going to be a problem as its not free at the point of use anymore for apple users and I bet will be a show stopper meaning we will have to setup l2tp or something instead :(
10:21 <+esde> ew
10:21 < matt_> and because apple have such a strict policy on software in their app store its the only client avaliable
10:23 <@Eugene> !download
10:23 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
10:23 <@Eugene> Weird, when did XP / Vista+ installers get separated
10:24 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
10:46 <@ecrist> Eugene: quite a while ago
10:47 <@ecrist> We don't update XP any more
10:59 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
11:23 < DArqueBishop> rob0: are you sure? I can't see Apple charging for an app just for the lulz of it.
11:29 <@ecrist> the company behind openvpn is who started charging for it.
11:30 <@ecrist> it wasn't a unilateral move on Apple's part.
11:30 < rob0> ah, sorry
11:31 < rob0> I just saw a chance to malign Apple, and that was hard to pass up.
11:33 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
11:35 < DArqueBishop> I'm glad I picked it up before they started charging.
11:38 < rob0> I just use my GPL openvpn as client to AS.
11:40 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 250 seconds]
11:54 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:36 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
12:37 -!- mode/#openvpn [+v s7r] by ChanServ
12:39 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 245 seconds]
12:43 -!- zmachine [uid53369@gateway/web/irccloud.com/x-tlwjebrdifatrtoi] has joined #openvpn
12:56 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 250 seconds]
13:23 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
13:29 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 244 seconds]
13:38 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
13:39 -!- Fuusko [~Fuusko@h-234-229.a216.priv.bahnhof.se] has joined #openvpn
13:49 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 256 seconds]
13:49 -!- makhmutov74 [~makhmutov@mahmutov-rg-unlim.vpn.mgn.ru] has quit [Remote host closed the connection]
13:50 -!- danbower [~bower@78.156.67.22] has joined #openvpn
13:50 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
13:54 < danbower> !paste
13:54 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
13:56 < danbower> hey guys. i've managed to connect to my workplace's VPN using openvpn. however i'm having issues with getting DNS requests to resolve. i've got the following config file, with my DNS entry at the end, and i'm curious if anyone has any pointers? http://fpaste.org/213989/96425101/
13:57 < rob0> A client can't push.
13:57 < rob0> Also, dhcp-option is Windows-only.
13:58 < danbower> oh right. excuse my ignorance :/
13:58 < danbower> i guess i just need openvpn to update /etc/resolv.conf
13:58 < rob0> !dnsmasq
13:58 <@vpnHelper> "dnsmasq" is http://rob0.nodns4.us/dnsmasq.html for a writeup on how to handle DNS for lans shared with !route
13:58 < rob0> nope
13:58 < rob0> (although that is a common choice)
14:06 < danbower> thanks. i'm not particularly familiar with the concepts and finding that link a bit confusing
14:08 < danbower> this used to be easy with the GUI in ubuntu until it stopped honouring DNS entries..
14:10 < rob0> The trick, from your perspective, is to run a local dnsmasq instance on your client.
14:11 < rob0> Then point whatever domain[s] at your VPN server (the *VPN* IP address, not the real one) that you need.
14:12 < rob0> dnsmasq is fairly easy to set up, the long man page notwithstanding.
14:13 < rob0> Another option is to hang around awhile; someone else can explain the resolvconf hacks.
14:13 < danbower> well your suggestion does sound the cleanest.
14:14 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
14:33 -!- CygniX [~CygniX@unaffiliated/twois10] has joined #openvpn
14:34 < danbower> thanks for the help rob0. kinda short of time to have a play with dnsmasq so i'll just pull down the code onto my own box. however i will get it working when i have time and have saved your link :)
14:36 -!- danbower [~bower@78.156.67.22] has quit [Remote host closed the connection]
14:41 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
14:57 -!- zmachine [uid53369@gateway/web/irccloud.com/x-tlwjebrdifatrtoi] has quit [Quit: Connection closed for inactivity]
15:12 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
15:14 -!- GNU\colossus [colo@truschnigg.info] has joined #openvpn
15:15 < GNU\colossus> hi. an openvpn client here resorts to using UDP, even when "proto" in the config has been set to "tcp" or "tcp-client". why? what am I doing wrong?
15:15 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:16 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
15:17 -!- claw [quassel@gateway/vpn/mullvad/x-wzldngukxkpvidoq] has joined #openvpn
15:17 < claw> hey there
15:17 < claw> i experiencing a problem with openvpn
15:18 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
15:18 < claw> i am connected to a openvpn server (2.3.4)
15:18 < claw> whenever i get a larger amount of data the connection drops
15:18 < claw> e.g. i am connected with ssh over the vpn
15:18 < claw> i can ls small directories
15:19 < claw> but when i cat /var/log/dmesg the connection stops on the output
15:19 < claw> any ideas why ?
15:20 < claw> notice: not the whole connection to the vpn but the ssh session
15:21 < claw> on different servers which work fine without vpn
15:22 < claw> openvpn logs nothing same for the client
15:27 < claw> using tcp instead of udp fixed it :)
15:29 -!- kantlivelong [~kantlivel@home.kantlivelong.com] has quit [Ping timeout: 248 seconds]
15:30 -!- soupmeister [~frad@24-107-129-82.dhcp.stls.mo.charter.com] has joined #openvpn
15:32 <@dazo> !udp
15:32 <@dazo> !tcp
15:32 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
15:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
15:32 < soupmeister> So, I'm using OpenVPN 2.2.1 and generating certs and keys with EasyRSA 3.0.0 rc2.  For the life of me I can't get EasyRSA to create a server cert with nsCertType=server.
15:33 -!- dazo is now known as dazo_afk
15:33 < soupmeister> I'm using: ./easyrsa build-server-full ServerName
15:33 <+pekster> soupmeister: Right, that legacy behavior was dropped, but you can re-activate it if you insist on the deprecated behavior should your infra need it
15:34 <+pekster> Better would be to fix your config to not require "Netscape" extensions; they've been disrecommended by standards documents for some years now. For info on that, see:
15:34 <+pekster> !mitm
15:34 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
15:34 < soupmeister> pekster:  nsCertType is legacy now?
15:34 < soupmeister> Oh...
15:34 < soupmeister> Hrmmm
15:34 <+pekster> Netscape shit has been deprecated for some time ;)
15:35 <+pekster> https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc2/doc/EasyRSA-Upgrade-Notes.md#list-of-important-changes
15:35 <@vpnHelper> Title: easy-rsa/EasyRSA-Upgrade-Notes.md at v3.0.0-rc2 · OpenVPN/easy-rsa · GitHub (at github.com)
15:36 < soupmeister> Well bugger, I looked over that earlier and read "remote-cert-tls" as "REMOVE-cert-tls" and assumed it was telling me to do something completely different.
15:37 <+pekster> tl;dr there is that --ns-cert-type should only be used when you cannot (1000's of configs you must still support have it) change. Otherwise, yea, just have your configs use the modern --remote-cer-tls <type-of-your-peer> option
15:38 < soupmeister> Any idea why the OpenVPN sample configs are still using the ns-cert-type instead?
15:38 <+pekster> Because they haven't been updated in some time, and probably should be
15:41 < soupmeister> Well that explains a lot then.  :)
15:42 < AlmogBaku> hi guy, how r u?
15:43 < AlmogBaku> I'm trying to understand why does connecting to other VPNs through Android connect quickly.. but to my OpenVPN server it takes about 20s...
15:43 < AlmogBaku> anyone have an idea?
15:44 < AlmogBaku> I take a long time also to connect through ubuntu
15:45 < soupmeister> Crank the logging level up and watch the console on the server, see where it pauses.
15:45 <+pekster> For "Connect" problems you need to seek out the vendor that provides you that software, because it contains 0% community-maintained code (it's not OpenVPN, but a client designed to pair with commercial AS products, per our /TOPIC.) OpenVPN proper will provide you with logs (see !logfile) and at --verb 4 (see: !verb) should be quite talkative
15:45 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
15:46 < moviuro> Hi everyone! I'm running a simple client/server setup but the server seems far less powerful than the client and has one CPU used to ~100% by openVPN: what can I do to "fix" it? I was thinking about downgrading encryption, will that be enough?
15:46 < AlmogBaku> I have the logs
15:47 < moviuro> Also, is there some kind of benchmark I can take to see what to choose ?
15:47 < AlmogBaku> what do you mean by benchmarks?
15:47 < moviuro> (I'm doing some HUGE transfers, so it's no bug or whatever ;) )
15:47 <+pekster> moviuro: Lacking AES-NI (hardware acceleration usable by openssl and openvpn, both in the processor and at compile-time) you'll almost always be better off with BF-CBC encryption, which is also the default
15:47 < moviuro> AlmogBaku: benchmark for encryption/decryption speed
15:47 < AlmogBaku> Im connecting with "OpenVPN for Andorid" and with the ubuntu..
15:48 < moviuro> pekster: any idea how I can test/see if those flags exist on openBSD ?
15:48 < AlmogBaku> how can I do benchmark for the encryption?
15:48 <+pekster> You should look at CPUs with AES-NI and use AES for the symmetric cipher, buy faster hardware, or disable encryption completely (with the usual loss in security that comes with) to get faster speeds if your bottleneck is symmetric encryption
15:48 <+pekster> moviuro: look at openvpn --show-engines
15:49 <+pekster> AlmogBaku: That's based on the open-source code then. Check the logs with reasonable verbosity and see where the hangup seems to be. Often you'll need logs from _both_ ends to get a proper evaluation
15:49 < moviuro> OpenSSL Crypto Engines & Dynamic engine loading support [dynamic]
15:50 <+pekster> So zero support for hardware acceleration; your SSL library has to do it all in userland on the CPU
15:50 < moviuro> ouch
15:50 -!- kantlivelong [~kantlivel@home.kantlivelong.com] has joined #openvpn
15:50 <+pekster> Stick with BF-CBC, or decide you don't need to secure your data (perhaps just sign it, so it can't be tampered with in transit) if that meets your needs. Otherwise, get better hardware ;)
15:51 < moviuro> I could do some no-encryption, since the connection requires a SSH tunnel anyway
15:52 <+pekster> Usually pointless to double-encrypt like that
15:52 < moviuro> err, actually, scratch that, it then goes through a network I absolutely don't control
15:52 < AlmogBaku> I have pretty good hardware.. at least I pay a lot for it ($200/m VM, lol)
15:53 < AlmogBaku> I'll check the logs.. a sec
15:57 < AlmogBaku> I found some points that feels (and looks) slow on the logs:
15:57 < AlmogBaku> 04-21 23:55:41.859    6277-6883/net.rimoto.wheninroam I/OpenVPN.VpnStatus﹕ VERIFY OK: depth=0, C=IL, ST=Merkaz, O=Rimoto, OU=Users, CN=node1.rimoto.net
15:58 < AlmogBaku> 04-21 23:55:44.880    6277-6883/net.rimoto.wheninroam I/OpenVPN.VpnStatus﹕ Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
16:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:01 -!- claw [quassel@gateway/vpn/mullvad/x-wzldngukxkpvidoq] has quit [Ping timeout: 245 seconds]
16:04 <+pekster> 3 seconds to negotiate a TLS channel and generate symmetric keys isn't unexpected
16:05 <+pekster> That's a one-time connect hit too, as future re-negotiations don't get in the way of data flow by default
16:05 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Ping timeout: 248 seconds]
16:15 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:16 < CygniX> !ipv6
16:16 <@vpnHelper> "ipv6" is (#1) The wiki has IPv6 details: https://community.openvpn.net/openvpn/wiki/IPv6 or (#2) The manpage contains info about IPv6 features present in 2.3+: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ
16:17 < CygniX> is there a sample ipv6 server.conf?
16:19 <+pekster> CygniX: See the addressing details here:
16:19 <+pekster> !addressing
16:19 <@vpnHelper> "addressing" is For information about IP addressing in OpenVPN, see: https://community.openvpn.net/openvpn/wiki/Concepts-Addressing
16:19 <+pekster> Or not
16:20 <+pekster> It was on the IPv6 wiki link you got first
16:20 < CygniX> that looks to only deal with tunneling.
16:21 <+pekster> That's what a VPN is: a tunnel
16:21 <+pekster> !goal
16:21 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
16:21 < CygniX> I am looking for native IPV6 client to IPV6 server type setup
16:21 <+pekster> You set up a /64 for use wtih openvpn, and it consumes it. This is the same as setting up an IPv4 /24
16:22 <+pekster> Do you mean over the transport?
16:22 <+pekster> You want the UDP packets between your VPN endpoints to use UDP-inside-IPv6? If so, use --proto udp6
16:23 < CygniX> I want the server to listen on ipv6
16:23 <+pekster> Yea, so just change --proto udp to --proto udp6
16:24 <+pekster> No release version today will dual-stack, so you'll need 2 instances if you want that (for now, anyway)
16:24 < CygniX> I do have two instance setup
16:26 < CygniX> I have local set to the ip6 address, and proto to udp6
16:26 < AlmogBaku> @pekster, sorry for the dealy.. you say 3s is normal?
16:27 <+pekster> Sure
16:28 < AlmogBaku> and there is also that
16:28 < AlmogBaku> 04-21 23:22:56.396  14159-26087/net.rimoto.openvpn_lib_example I/OpenVPN.VpnStatus﹕ OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
16:28 < AlmogBaku> 04-21 23:23:44.648  26486-27043/net.rimoto.openvpn_lib_example I/OpenVPN.VpnStatus﹕ sndbuf = 65536
16:28 < AlmogBaku> that's looks quite long
16:28 < CygniX> pekster: is thee similar option for ipv6: push "dhcp-option DNS 8.8.8.8"
16:30 <+pekster> Not really, since Windows doesn't use DHCPv6 to get its OpenVPN addressing (it'll be set based on the --ifconfig-push-ipv6 value, via netsh.exe)
16:30 < CygniX> I don't use windows :)
16:30 <+pekster> Then don't worry about it
16:31 <+pekster> Name it whatever you want since you need to write your own scripts to do Something Useful with it
16:31 <+pekster> !push-dns
16:31 <+pekster> !pushdns
16:31 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
16:31 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
16:31 <+pekster> Call it CygniX_DNS6 for all it matters
16:31 < CygniX> I thought the push "dhcp-option DNS x.x.x.x"  is to by pass the client's dns
16:31 <+pekster> Nope
16:31 <+pekster> Read teh manapge ref above
16:32 < CygniX> pekster: "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client
16:32 < AlmogBaku> @pekster what do you say about the log above (almost a minute)
16:33 < CygniX> and the dns set in there become the clients' dns
16:35 < CygniX> so my curiosity is, how do you push dns for ipv6 like you do for ipv4
16:36 <+pekster> AlmogBaku: Those are the defaults. There are hundreds of defaults printed; surely you don't want me to tell you that "yes, the defaults are the default and probably shouldn't be changed" for all 200 or so of them?
16:36 <+pekster> Generally speaking, don't tweak with advanced options unless you have a reason to; you're likely to be very unhappy with the results
16:37 -!- soupmeister [~frad@24-107-129-82.dhcp.stls.mo.charter.com] has quit [Ping timeout: 264 seconds]
16:38 < AlmogBaku> lol haha okay.. thanks
16:38 < AlmogBaku> I dunno 1minute to connect to the VPN looks pretty slow to me.. Im just trying to accelerate it
16:39 <+pekster> Read about socket(7) and SO_SNDBUF if you really think you want details; probably better taken to ##programming or ##networking at that point
16:40 <+pekster> Speed and TLS negotiation delays are not really related (though they could be if you have underlying problems, like a crappy connection with packet loss that might cause both)
16:40 <+pekster> !speed
16:40 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
16:40 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or (#9)
16:40 <@vpnHelper> a user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
16:40 <+pekster> If your CPU is pegged, you're SOL unless you can get a faster processor, use AES-NI, or turn off crypto
16:40 < AlmogBaku> thanks
16:40 < CygniX> !mtu
16:40 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
16:41 < AlmogBaku> And I already added the tweaks from this post
16:42 < AlmogBaku> i dunno, I guess Ill do that tomorrow or something.. thanks pal
16:59 -!- CygniX [~CygniX@unaffiliated/twois10] has left #openvpn ["Konversation terminated!"]
17:23 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
17:28 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:28 -!- soupmeister [~frad@24-107-129-82.dhcp.stls.mo.charter.com] has joined #openvpn
17:29 < soupmeister> OK, so I thought I had everything set up right, but I still can't ping anything other than my OpenVPN server.
17:29 < soupmeister> I have IP forwarding turned on and restarted network services.
17:30 < soupmeister> I have a route being pushed from the server to my home network, and I have a route configured in my router for the remote network.
17:31 < soupmeister> Here
17:31 < soupmeister> Here's the logging entry for the connection, everything looks right:  Tue Apr 21 17:24:55 2015 Keith1/166.175.188.255:54135 SENT CONTROL [Keith1]: 'PUSH_REPLY,route 10.10.20.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
17:32 < soupmeister> 10.10.20.x is my home network, 10.8.0.x is the remote.
17:32 -!- AlmogBaku [~AlmogBaku@bzq-79-180-131-236.red.bezeqint.net] has quit [Remote host closed the connection]
17:34 < soupmeister> And here's how the router is configured: Network: 10.8.0.0  Mask: 255.255.255.0  Gateway: 10.10.20.83  Metric: 0  Interface: LAN
17:36 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:52 < soupmeister> (The routing table, that is)
17:58 -!- Yoda [Yoda@unaffiliated/yoda] has quit [Ping timeout: 272 seconds]
18:00 -!- Yoda [Yoda@unaffiliated/yoda] has joined #openvpn
18:20 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 256 seconds]
18:21 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
18:22 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
18:22 -!- mode/#openvpn [+v Guest86751] by ChanServ
18:22 -!- typ [~quassel@unaffiliated/typ] has quit [Read error: Connection reset by peer]
18:23 -!- zmachine [uid53369@gateway/web/irccloud.com/x-dyxizsssciqtmnzw] has joined #openvpn
18:23 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
18:28 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
19:06 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Remote host closed the connection]
19:06 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
19:13 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 248 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:16 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:30 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
20:33 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
20:37 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
20:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
20:43 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
20:44 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
20:48 -!- thefinn93 [finn@unaffiliated/thefinn93] has joined #openvpn
20:50 < thefinn93> this is proly not ideal for this channel but i dont really know where to go: I'm trying to get an openvpn client running on debian jessie as a service. In wheezy, i could drop the conf file in /etc/openvpn then run service openvpn restart and it would work
20:50 < thefinn93> this appears to not be the case in wheezy
20:51 < thefinn93> has anyone seen this sort of thing?
20:51 < thefinn93> i assume this has something to do with the switch to systemd
20:57 < rob0> I would think that's a #debian question.  Did they document their service command?
21:01 < thefinn93> not really, all the docs are for wheezy
21:01 < thefinn93> #debian on freenode?
21:04 < rob0> well, it's more on topic there than here
21:06 < thefinn93> yeah, true
21:06 < thefinn93> mk
21:17 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:33 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:54 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 276 seconds]
21:56 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
22:04 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Quit: ZZZZZzzzz]
22:14 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Remote host closed the connection]
22:14 <+pekster> Document systemd? Why do that when upstream won't? :\
22:16 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
22:28 <+esde> thefinn93, still here?
22:28 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
22:31 < thefinn93> yup
22:39 <+esde> have you tried copying the /etc/init.d/openvpn file from openvpn installed by a package manager, set permissions and used update-rc.d openvpn defaults, to enable the service?
23:07 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
23:10 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:27 -!- ShadniX [dagger@p5481C7C6.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:28 -!- ShadniX [dagger@p5481D675.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- cyberjedi [48b9b871@gateway/web/cgi-irc/kiwiirc.com/ip.72.185.184.113] has joined #openvpn
23:32 -!- cyberjedi [48b9b871@gateway/web/cgi-irc/kiwiirc.com/ip.72.185.184.113] has left #openvpn []
23:36 -!- zmachine [uid53369@gateway/web/irccloud.com/x-dyxizsssciqtmnzw] has quit [Quit: Connection closed for inactivity]
23:37 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
23:51 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
--- Day changed Wed Apr 22 2015
00:03 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
00:19 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 252 seconds]
00:21 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
00:31 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:31 -!- mode/#openvpn [+o mattock] by ChanServ
00:45 -!- s7eele [~AndChat52@208.167.254.51] has quit [Ping timeout: 252 seconds]
00:49 -!- soupmeister [~frad@24-107-129-82.dhcp.stls.mo.charter.com] has quit [Ping timeout: 245 seconds]
00:49 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 245 seconds]
00:49 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
00:54 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
01:03 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 272 seconds]
01:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:10 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
01:14 -!- albercuba [~albercuba@HSI-KBW-46-237-192-160.hsi.kabel-badenwuerttemberg.de] has quit [Quit: Leaving]
01:14 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 256 seconds]
01:17 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 272 seconds]
01:18 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:24 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
01:31 -!- deranged [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
01:40 -!- deranged [Bit@lolpurr.net] has joined #openvpn
01:48 -!- torbjorn [~torbjorn@213.54.34.95.customer.cdi.no] has joined #openvpn
01:49 < torbjorn> im trying to set up vpn from a centos 7 client to a centos 6 server, but keep getting packet HMAC authentication failure
01:50 < torbjorn> with a near identical setup from a Fedora 21 client it works fine, from the same physical location (and network) as the centos 7 client
01:51 < torbjorn> centos 7 client has selinux disabaled and no rules in firewall. not sure hwo to debug
01:52 < torbjorn> I have a secret file as authentication, and shasum is identical on the openvpn server and both openvpn clients
01:55 -!- deranged [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
01:56 -!- deranged [Bit@lolnerd.net] has joined #openvpn
01:59 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Quit: Leaving]
02:22 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
02:25 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
02:30 -!- s7eele [~AndChat52@208.167.254.51] has joined #openvpn
02:43 -!- guite [~guite@vir91-16-83-156-184-252.fbx.proxad.net] has joined #openvpn
02:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:52 < guite> Hi everyone, I have trouble understanding behaviour of tcp/udp request when vpn is running : If the vpn is currently running, can I be absolutely sure that all packets that goes out or in my computer will pass through the vpn ? (I say “vpn” but I am using openvpn with a “password” configuration)
02:55 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
03:04 < tomodachi> guite: no you cannot
03:04 < tomodachi> to start with only trafic that is ROUTED over the VPN will be sent there
03:05 < tomodachi> if you want that you have an option in the vpn server for it
03:05 < tomodachi> push "redirect-gateway def1 bypass-dhcp"
03:05 < tomodachi> then all traffic will be sent over the VPN
03:08 -!- lorens [~lorens@213.27.241.114] has quit [Ping timeout: 250 seconds]
03:25 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
03:29 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
03:29 -!- lorens [~lorens@213.27.241.114] has quit [Read error: Connection reset by peer]
03:29 -!- Poster|x [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
03:29 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 255 seconds]
03:29 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
03:30 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
03:31 < guite> tomodachi: thank you :)
03:31 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 252 seconds]
03:32 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
03:32 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 264 seconds]
03:32 < guite> tomodachi: I just don’t know where this option can be defined… :s
03:32 < guite> my guess is /etc/NetworkManager/system-connections/vpn-connection
03:33 < guite> (in ubuntu)
03:34 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
03:34 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
03:35 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
03:35 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Remote host closed the connection]
03:36 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
03:40 < tomodachi>  guite its on the server
03:40 < tomodachi> the server will tell the openvpn client to route all traffic through the VPN
03:41 < tomodachi> i pasted that from my openvpn.conf for client to server vpn
03:41 < tomodachi> so its not in network manager on the client
03:42 < guite> hmmmm… sad :)
03:42 < guite> I do not own the vpn server
03:43 < tomodachi> you can add routing entries manually
03:44 < tomodachi> but first you have to add a route
03:44 < tomodachi> so that you make sure that the traffic that you send to keep the tunnel up
03:44 < tomodachi> goes over your internet
03:44 < tomodachi> then you can add another route for everything else to go over the tunnel interface
03:46 < guite> OK, this is all about routes :)
03:46 < guite> tomodachi: thanks :)
03:54 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:07 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
04:08 < tomodachi> guite: youre welcome, hope you manage to get it working
04:50 -!- Guest86751 is now known as s7r
04:53 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
05:01 -!- Fuusko [~Fuusko@h-234-229.a216.priv.bahnhof.se] has quit []
05:07 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:07 -!- torbjorn [~torbjorn@213.54.34.95.customer.cdi.no] has left #openvpn []
05:07 -!- dazo_afk is now known as dazo
05:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
05:20 -!- AlmogBaku [~AlmogBaku@bzq-79-180-131-236.red.bezeqint.net] has joined #openvpn
05:49 -!- two_oes [~orenoi@bzq-84-111-140-54.red.bezeqint.net] has joined #openvpn
05:49 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
05:58 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
06:05 < AlmogBaku> !speed
06:05 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad
06:05 <@vpnHelper> TCP window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or
06:05 <@vpnHelper> (#9) a user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
06:06 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
06:07 < AlmogBaku> someone knows how can I disable the encryption for the connection?
06:09 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds]
06:10 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
06:10 -!- mode/#openvpn [+o raidz] by ChanServ
06:24 -!- guite [~guite@vir91-16-83-156-184-252.fbx.proxad.net] has left #openvpn []
06:29 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
06:30 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
06:30 -!- pk12_ [~pk12@84.39.116.180] has quit [Ping timeout: 240 seconds]
06:31 <@plai> AlmogBaku: cipher none
06:31 <@plai> !none
06:31 <@plai> !cipher
06:31 < AlmogBaku> cool thanks
06:32 <@plai> maybe even --auth none
06:32 <@plai> Warnings about not encrypting/authenticating data apply
06:41 < AlmogBaku> why auth none?
06:42 < AlmogBaku> I just want to disable the encrypt. not the auth
06:42 <@plai> AlmogBaku: just in case, many people want "no security at all"
06:43 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
06:47 < AlmogBaku> :\ it doesnt feel like it accelerate the connecting process
06:47 <@plai> AlmogBaku: no
06:47 <@plai> AlmogBaku: it will not
06:48 <@plai> --auth/--cipher only specify the encryption/auth for data packets
06:49 <@plai> AlmogBaku: can you describe the problem you are trying to solve?
06:49 < AlmogBaku> :|
06:49 < AlmogBaku> i don't know why the connecting process taking me so long
06:49 < AlmogBaku> it something like 10s
06:49 <@plai> that is very long
06:49 < AlmogBaku> onavo takes a sec
06:50 < AlmogBaku> what it usually takes to connect to ovpn?
06:51 <@plai> 1-2s
06:51 <@plai> for me
06:51 <@plai> but it depends on the latency of the connection
06:51 <@plai> with a slow gprs connection it can also take like 10s
06:53 < AlmogBaku> im on lte
06:54 < AlmogBaku> can I ask what is your servers hw?
06:55 <@plai> i don't think this is server depend
06:55 <@plai> but it is some 4 year old opteron vm
06:57 -!- two_oes [~orenoi@bzq-84-111-140-54.red.bezeqint.net] has quit [Quit: Leaving]
07:03 < AlmogBaku> so dafuq?
07:03 < AlmogBaku> why my server is so fucked up
07:03 < AlmogBaku> I think I have good server... it cost me $200/m
07:04 <@plai> check via wifi
07:04 <@plai> check the latency
07:04 <@plai> do not use overly long rsa keys (like 4096)
07:10 < AlmogBaku> my CA is 4096
07:11 < AlmogBaku> the client is regular
07:12 < AlmogBaku> should I create shorter CA? or for the CA its okay?
07:22 <@plai> You should look at the timestamps in the logs of client/server and see what steps take so long
07:22 <@plai> also maybe look at the problem with wireshark
07:27 <@plai> before jumping to conclusions
07:31 < AlmogBaku> the client looks indicate of 10s to connect
07:32 < AlmogBaku> im trying it now on ubuntu fresh server
07:40 < AlmogBaku> interesting
07:40 < AlmogBaku> it seems like OpenVPN connect is much faster than OpenVPN for Android
07:47 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
08:11 -!- LanDi [~LanDi@187.58.107.82] has joined #openvpn
08:14 -!- deranged [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
08:26 -!- lorens [~lorens@213.27.241.114] has quit [Ping timeout: 250 seconds]
08:43 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has joined #openvpn
09:07 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has joined #openvpn
09:07 < v0lZy> hi everyone
09:08 < v0lZy> I have colliding subnets with one of our clients who can't routeback to me
09:08 < tomodachi> v0lZy:  either readress your network
09:08 < tomodachi> or do uggly & bad solutions like natting between the networks
09:08 < v0lZy> I have 6 VPNs to our datacenter, and we want to do site-to-site from the datacenter to the client
09:09 < v0lZy> Problem is, those 6 VPNs are VPNs on different ports so that our users can get to the servers in the datacenter from hotels, airports etc, where outgoing traffic is restricted.
09:09 < v0lZy> now we can connect a site-to-site ipsec tunnel, but they have to add routes to 6 of my networks
09:10 < v0lZy> and that as you say would require them to select an available /24 and  me to NAT it to my networks
09:10 < rob0> Too bad RFC 1918 wasn't big enough.
09:10 < rob0> Oh wait!  It is! ;)
09:10 < v0lZy> and add outgoing NAT rules
09:11 < tomodachi> use ipv6
09:11 < tomodachi> or public adresses
09:11 < tomodachi> headache gone
09:12 < v0lZy> I'm wondering if OpenVPN has any solutions for this in a sense that it can internally acommodate this somehow?
09:12 < rob0> no
09:12 < rob0> !nathack
09:12 <@vpnHelper> "nathack" is see https://community.openvpn.net/openvpn/wiki/NatHack for info on how to solve the problem when you need !route_outside_ovpn but cant add a route to the gateway or the lan machines
09:12 < v0lZy> for example, if my users that vpn into our datacenter can get 2 different ip ranges on the same vpn tunnel?
09:15 <@plai> AlmogBaku: If you can, you can send me a tcpdump of OpenVPN connect and OpenVPN for Android and I will take a look what is so different
09:15 < v0lZy> rob0: nathack seems an interesting thing
09:15 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
09:15 < v0lZy> But I guess I can't do it between 6 servers and an ipsec tunnel...
09:16 < v0lZy> client<---------ipsec------>DC<----6 openvpn networks--->my users
09:16 <@plai> v0lZy: client-connect and/or ccd
09:16 <@plai> !ccd
09:16 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
09:17 < v0lZy> plai: but can client specific configurations push more than 1 ip?
09:18 < v0lZy> I know I can push a static IP to one of my users which connects in via VPN
09:18 < v0lZy> but can I push 2 static ips to it?
09:18 <@plai> v0lZy: no
09:18 <@plai> (not without hacks like iroute and custom scripting)
09:24 < Thermi> v0lZy: NETMAP target in iptables.
09:25 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
09:31 < v0lZy> hm
09:31 < v0lZy> someone mentioned ipv6
09:36 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
09:51 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
09:55 < AlmogBaku> plai: thanks.. do you think tcpdump will help us to notice the difference in the connection process?
09:55 < AlmogBaku> following this: https://github.com/schwabe/ics-openvpn/issues/282
09:55 <@vpnHelper> Title: Slow to connect (compared to Openvpn Connect) - possibly due to UI messages · Issue #282 · schwabe/ics-openvpn · GitHub (at github.com)
09:55 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
09:55 < AlmogBaku> It looks like a bug in the openvpn C code
09:57 -!- LanDi [~LanDi@187.58.107.82] has quit [Quit: fui !]
10:21 < AlmogBaku> also, I can feel like the delays on these points(from server logs)
10:22 < AlmogBaku> >LOG:1429716019,,80.246.141.155:30223 PID_ERR replay-window backtrack occurred [3] [TLS_AUTH-0] [000_0] 1429716025:5 1429716025:2 t=1429716019[0] r=[0,64,15,3,1] sl=[59,5,64,528]
10:22 < AlmogBaku> >LOG:1429716022,,185.32.178.186:40628 SIGUSR1[soft,tls-error] received, client-instance restarting
10:22 < AlmogBaku> after this points
10:23 < AlmogBaku> (they not came one after each other)
10:25 -!- dbtid [~dbtid@unaffiliated/dbtid] has joined #openvpn
10:25 -!- dbtid [~dbtid@unaffiliated/dbtid] has left #openvpn []
10:28 < AlmogBaku> bang, found something @plai
10:28 < AlmogBaku> >LOG:1429716022,N,185.32.178.186:40628 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
10:28 < AlmogBaku> >LOG:1429716022,N,185.32.178.186:40628 TLS Error: TLS handshake failed
10:28 < AlmogBaku> >LOG:1429716022,,185.32.178.186:40628 SIGUSR1[soft,tls-error] received, client-instance restarting
10:29 < AlmogBaku> but the connection is still establish... so what is this error?
10:29 -!- dbtid [~dbtid@unaffiliated/dbtid] has joined #openvpn
10:31 < rob0> huh?  Why do you think the connection is established when the logs say it is not?
10:34 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 264 seconds]
10:37 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:45 -!- deranged [Bit@lolnerd.net] has joined #openvpn
11:01 -!- lorens [~lorens@213.27.241.114] has quit [Ping timeout: 245 seconds]
11:13 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
11:21 -!- soupmeister [~frad@24-107-128-120.dhcp.stls.mo.charter.com] has joined #openvpn
11:22 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
11:25 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
11:27 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:27 -!- mode/#openvpn [+o mattock] by ChanServ
11:37 -!- cuqa_ [leon@unaffiliated/cuqa] has joined #openvpn
11:37 < cuqa_> hello, I have used 'local 1.2.3.4' in my server.conf but the server's public IP address is still 1.2.3.5
11:38 < cuqa_> how do I modify the public IP address of openvpn?
11:52 < cuqa_> i changed the main ip of eth0 and changed 'local <ip>' in server.conf
11:52 < cuqa_> but nonetheless the external IP always stays the samwe
11:56 < Thermi> cuqa_: You're talking nonesense. OpenVPN does not have an IP, the host has. What is your problem?
12:01 < cuqa_> I have 2 ips on the openvpn server. I would like openvpn to listen on one specific ip
12:01 < cuqa_> the externally visible IP should also be the same like where Openvpn listens
12:02 < cuqa_> i just would like to separate some services by Ip addresses
12:02 < Thermi> Okay. Show your complete configuration file, maybe somebody can help you then.
12:04 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
12:04 < cuqa_> http://pastie.org/private/7rcxzckdqhq6xslfmfyrbw .. /etc/network/interfaces
12:06 < cuqa_> http://pastie.org/private/ajuzvqolafjdmru0hxxow .. /etc/openvpn/server.conf
12:07 < cuqa_> I would like to run openvpn on 2.2.102.147, but currently the externally visible ip address is 212.224.102.148
12:08 < cuqa_> or 2.2.102.148 :(
12:08 < rob0> haha
12:08 < cuqa_> hehe
12:10 < soupmeister> hoho
12:10 < rob0> So why is this a problem?
12:11 < cuqa_> I'd like to allow ssh access only from 2.2.102.147
12:11 < cuqa_> and then bind sshd on 2.2.102.148 ..
12:12 < cuqa_> problem is if openvpn and ssh are running on the same ip, then ssh connections are running over the normal client ip of my dsl
12:14 <@dazo> cuqa_: 'local' is the proper option to tell openvpn which IP to listen too ... however, openvpn and openssh can both use the same IP address, as they have different ports anyhow
12:14 < cuqa_> sure, thats not the problem
12:15 <@dazo> run 'netstat -lntpu' as root, and you'll see which process listens to which IP
12:15 < cuqa_> i want to limit ssh access to source ip 2.2.102.147 only
12:15 <@dazo> then you need to read up on the sshd_config man page ... that's not openvpn
12:15 <@dazo> !notovpn
12:15 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
12:16 < cuqa_> i want to control the publicly visible ip address of openvpn. I think that is openvpn .. sorry :(
12:17 <@dazo> <cuqa_> i want to limit ssh access to source ip 2.2.102.147 only    <<<<< that is an openssh issue, not openvpn, sorry :(
12:18 < cuqa_> i dont want to be a dick, but are you trying to troll me?
12:18 -!- cuqa_ was kicked from #openvpn by dazo [Pay some respect please!]
12:18 -!- cuqa_ [leon@unaffiliated/cuqa] has joined #openvpn
12:18 <+esde> lol
12:20 < cuqa_> i honor thee, but limiting access to ssh is only the overall goal
12:20 < cuqa_> before that I need to be able to properly change the publicly visible ip of openvpn
12:21 < cuqa_> because changing the ip for other services besides openvpn is not an option :( sorry
12:21 <@dazo> what you are saying does not make any sense at all
12:21 < cuqa_> what and why exactly?
12:21 <@dazo> cuqa_: how can I tell you in a way you will understand that limiting the access of ssh has nothing to do with openvpn at all
12:21 <@dazo> ?
12:22 <@dazo> what do you try to limit?  from where?  to where?
12:22 < cuqa_> ok let me explain again
12:23 <@dazo> it sounds actually far more that you need to look into sshd_config, to set up which IP address sshd should listen too, and use 'local' in openvpn to which IP address openvpn should listen too ... and then as a bonus, set up proper iptables rules to further enforce this setup
12:23 < cuqa_> if I have only one single ip binded to the server and run several services like ssh, http, smtp, etc..
12:23 <@dazo> and as I said, to see which process listens to which port ... you use the netstat command
12:24 < cuqa_> and I want to have one single source ip for ssh logins for example
12:24 < cuqa_>  then it is not possible to secure the ssh logins to only the publicly visible openvpn IP
12:25 <@dazo> so you want to allow ssh only via a VPN connection?
12:25 < cuqa_> because traffic will not go through the tunnel,
12:25 < cuqa_> yes, exactly
12:25 < cuqa_> so I wanted to separate the OpenVPN IP and the second IP for all other services
12:26 <@dazo> fine ... you use firewalls to enforce that.  Further you can use options in sshd_config to further enforce this
12:26 < cuqa_> i have set the second IP in sshd_config
12:26 < cuqa_> and I have also set 'local 2.2.102.147' in server.conf
12:26 <@dazo> and you need to remove the public ip address sshd_config
12:26 <@dazo> so 2.2.102.147 is your public IP address?
12:27 < cuqa_> sshd_config has 'ListenAddress 2.2.102.148'
12:27 <@dazo> that does not sound like an VPN address at all
12:27 < cuqa_> http://pastie.org/private/c6qveiakwsyz1d5ulwwixg
12:28 <@dazo> Do you understand the difference between public and private IP addresses?
12:28 < cuqa_> yes, sure
12:28 <@dazo> okay, so what is 2.2.102.148?
12:29 <@dazo> private or public?
12:29 < cuqa_> the public ip address bound to the host
12:29 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
12:29 < cuqa_> or more exactly one of 2 public addresses of the host system
12:29 <@dazo> right ... so a sanity check:  You want to restrict sshd connections to only listen to a private IP address, why do you list a public IP address there?
12:30 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has quit [Ping timeout: 250 seconds]
12:31 < cuqa_> the rules are not supposed to be implemented on the host.. i want to restrict on the router
12:32 < cuqa_> the the filter is like that: "discard if source ip not 2.2.102.147 and dst port 22"
12:32  * dazo give up and doesn't care any more
12:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:34 < cuqa_> ok, I must be the first person on this planet to ask for controling the externally visible IP address of openvpn
12:35 <@dazo> cuqa_: no, you are not ... but you are one of the few ones who have no clue what your doing and are clearly not able to see understand how wrong you are
12:38 < cuqa_> you are not even able to help me at all except for the most obvious "set local x.y.x.z in server.conf" and now you act like the openvpn guru himself?
12:39 -!- cuqa_ was kicked from #openvpn by dazo [Strike 2]
12:39 -!- cuqa_ [leon@unaffiliated/cuqa] has joined #openvpn
12:42 <@Eugene> I think we are openvpn gurus, somewhat by definition.
12:42 <@Eugene> But that's none of my business
12:43 <@dazo> cuqa_: FYI: quite some people in this channel do consider me an openvpn guru ... and I am among the top 5 contributors to the openvpn source code, with commit access to the source code repo ... other gurus in this channel have higher privileges in this channel as well, such as /kick and /ban
12:43 <+esde> we all know dazo is just winging it
12:43 <+esde> 9;
12:43 <+esde> (;
12:45 <@Eugene> Mmmmm chicken wings
12:45 < cuqa_> cool dazo, doesnt change a thing that you act like a 13 year old counterstrike kiddy with admin rights
12:45 -!- mode/#openvpn [+b *!*leon@*unaffiliated/cuqa] by Eugene
12:45 -!- cuqa_ was kicked from #openvpn by Eugene [Bye]
12:45 <@dazo> lol
12:46 <@Eugene> But I don't want to put on pants and go get wings :-(
12:46 -!- soupmeister [~frad@24-107-128-120.dhcp.stls.mo.charter.com] has quit [Ping timeout: 245 seconds]
12:46 <@Eugene> Do they make frozen ones?
12:47 <@dazo> Eugene: isn't this why restaurants provides home delivery of orders?
12:47 <+esde> they make "Wyngz"
12:47 <@Eugene> I live on an island nowadays. Nobody delivers.
12:47 <+esde> another reason we need commercial drones </s>
12:48 <@Eugene> No <s> involved
12:48 <@dazo> grab your shotgun and hope for something flying over you ;-)
12:48 <@Eugene> Hah!
12:49 < rob0> I am not sure, but I think the ip addr add command was the problem
12:49 < rob0> it should not have had the /28
12:50 <+esde> shotgun doesnt have enough reach, need something more suited to the task like a 30 cal belt-fed mounted on a tripod
12:50 < rob0> I think because it did, it changed the kernel route to that /28
12:51 < rob0> (could be wrong, and I lost interest early on.)
12:53 <@dazo> esde: right now, I'm very happy Eugene lives on an island .....
12:54 <@dazo> rob0: you might be right ... on the other hand, that guy didn't have a clue what he was doing and no courage to admit it
12:58 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
12:58 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 252 seconds]
13:03 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
13:06 -!- Aelius [~Aelius@unaffiliated/aelius] has joined #openvpn
13:12 -!- rika is now known as bernkastel
13:12 < Aelius> an acquaintance on freenode has offered to let me use their VPS, which I would like to use to host an openvpn server. What can I do to harden my config / setup for a host machine that is not completely my own? I know to keep the ca.key off and generate keys on my own machine, but what could potentially happen if my acquaintance decided to snoop around? I'll have my own user account, but root can chown and
13:13 < Aelius> look at anything, so...
13:13 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:14 < Aelius> Also, I set up a test TAP server. Does the server not have its own ip when under TAP? I've used TUN before and the server was visible as 10.8.0.1, but with TAP I've had to run a client on the same machine hosting the server, and that doesn't seem right to be
13:14 < Aelius> me*
13:15 <+esde> !hardening
13:15 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
13:15 < Aelius> I think I've read that and it would seem the general assumption is that you are the server admin
13:16 < Thermi> Yes. You need privileges to create tun/tap devices.
13:17 < Aelius> Then I would have to give him the config and certs so he could run the service, unless he gave my user special permissions
13:17 < Thermi> You are subject to the mercy of your acquintance.
13:18 < Thermi> Also, you need to adjust the firewall rules for openvpn.
13:19 -!- soupmeister [~frad@24-107-128-120.dhcp.stls.mo.charter.com] has joined #openvpn
13:20 < Aelius> Is that a general statement, or the answer to why my TAP server has no ip?
13:20 < soupmeister> OK, so after that bit of fun... I have an issue that doesn't seem to be with OpenVPN, but that my router isn't applying the static route I have set up.
13:20 < Thermi> A general statement.-
13:20 -!- dansanger [~vpnuser@190.72.186.103] has joined #openvpn
13:20 < Thermi> Aelius: You need to adjust your openvpn config to give the TAP device an IP.
13:21 < soupmeister> Can anyone recommend a good channel to maybe get some routing help in?
13:21 < Thermi> Also, using a TAP device is !bad!, unless you really need it.
13:21 < Thermi> soupmeister: Clear the routing cache?
13:21 <+esde> ##networking #netfilter are the first to come to mind
13:21 < Thermi> Maybe there is more than one routing table?
13:21 < Thermi> Any policy based routing?
13:21 < Thermi> What router? What brand? What OS?
13:21 <@dazo> Aelius: a shared system is never secure, by definition.  And especially if some of the shared users have root access.
13:22 < soupmeister> Unfortunately, it's just a home router, Asus RT-N66U.
13:22 < Aelius> I've used TUN before, but all of the clients are going to be Windows based and to my knowledge there is no way to get the TUN to work with Windows firewall, other than to just whitelist openvpns ip range
13:23 <+esde> whaaaaaaaaaaaaaat
13:23 <+esde> I've never had an issue with tun and windows clients.
13:23 < soupmeister> I have Wireshark on the tunnel and ethernet devices on my OpenVPN server.  I can ping from my remote machine to the server, and to the gateway.  But if I try to ping from the gateway to even the tunnel's virtual IP, the router just drops everything.
13:23 <@dazo> Aelius: what you can do to avoid your shared user to gain access to your VPN access, is to use TLS/PKI (--ca, --cert, --key, --dh) and ensure that the CA itself is not anywhere near the shared system.  However, if your shared user have root access, that user can do tcpdump on the tun/tap device and capture your traffic
13:24 < Thermi> dazo: In this case, Aelius IS the guest on the VPS. His acquintance is the owner/renter of the VPS.
13:24 < Aelius> It shows up as unidentified network, can't fix it unless you set a gateway, and i suppose i could try again but it just didn't work with TUN. always unidentified
13:25 < Aelius> last time i used ovpn
13:25 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
13:26 <@dazo> Aelius: I'd probably rather suggest that you get your own low budget VPS ... Hetzner have reasonable VPS boxes for €7/month ... which is generally fairly cheap I believe ... it might be even better offers other places as well, but beware of the VPS technology being used ... openVZ can be more tricky to make work, compared against KVM and Xen based virtualization
13:26 < Aelius> either that or the tun device changes an id or something so the "private" network is reset to public on every reboot
13:27 <@dazo> Aelius: regarding TUN/TAP ... I've seen plenty of users here use TUN on Windows without any issues.  In the old days (we're now talking about the good old OpenVPN 2.0-days), TUN was possible on Windows .... but that has been fixed long ago
13:27 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:27 -!- mode/#openvpn [+o mattock] by ChanServ
13:28 < Aelius> I'll try again with tun then, using the solution that i got working with tap last night
13:28 < Aelius> tun DOES work but last i tried i couldn't get it to play nice with firewall profiles. which appears to be a widespread issue online with no definitive solution
13:29 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:32 < Aelius> Appreciate the input, but my security concerns are mostly educational. I use the vpn as a vlan exclusively. I run an IRC server for a few friends and we share files over samba. maybe use a game that needs LAN once in a blue moon
13:32 < Aelius> i can encrypt the irc server traffic, samba shares are what they are, nothing here is particularly sensitive
13:33 < soupmeister> Thermi, to answer your questions regarding the routing table, here's what I've got:  http://imgur.com/a/9mute
13:33 <@vpnHelper> Title: Imgur (at imgur.com)
13:33 < soupmeister> BONUS:  Crappy network diagram.
13:33 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
13:34 < Aelius> this vps he's offering has insane bandwidth so I figured I'd take that opportunity to dump hamachi and return to openvpn
13:34 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
13:34 < Aelius> if the security concerns are too great I'll just stay with hamachi
13:34 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
13:35 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
13:35 < Thermi> soupmeister: Looks like crappy router.
13:35 < Thermi> Routes are fine.
13:35 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:35 < soupmeister> OK, so I'm not dumb, at least.
13:36 -!- dr1_ [~dr1@ip68-9-70-46.ri.ri.cox.net] has joined #openvpn
13:37 < Aelius> that is, unless there are vps services with bandwidth that exceeds my own that are $20 or cheaper
13:38 < Aelius> per yr
13:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
13:42 <@dazo> Aelius: hetzner has 100Mbit/s connection, and will cap the traffic to 10Mbit/s if you go higher than 2TB _outgoing_ per month ... and the price was wrong, it is €5.80/month for if you're outside Germany
13:42 <@dazo> https://www.hetzner.de/ot/hosting/produkte_vserver/vx6
13:42 <@vpnHelper> Title: Hetzner Online AG: vServer VX6 (at www.hetzner.de)
13:42 <@dazo> (click the globe or German flag to change region)
13:43 < Aelius> that is definitely something to consider, thank you
13:46 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Quit: ZNC - http://znc.in]
13:46 < Aelius> one more question: the ta.key needs to be there for tls, couldn't that just be used by an attacker to decrypt tls
13:47 -!- Linuxnet is now known as Netas3k
13:47 <@Eugene> !hmac
13:47 <@vpnHelper> "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. or (#2) openvpn --genkey --secret ta.key to make the tls
13:47 <@vpnHelper> static key , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs
13:48 <@Eugene> It's a pre-auth, in additional to TLS secret-key negotiation.
13:49 <@Eugene> You don't need it at all, really.
13:50 <@dazo> but having it, is an extra layer of security ... and can often even protect you against bugs in openssl (at least from users not having your ta.key)
13:52 < Aelius> I'll definitely use it, was just wondering if it would actually add any defense against the vps owner, who would have access to the key
13:53 <@dazo> no, it will defend against attack on the OpenVPN port
13:53 < Aelius> ok
13:54 <@dazo> but once a user have root access, openvpn cannot protect you against the root privileges on the server
13:59 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
14:50 < Aelius> understood
15:24 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Quit: Page closed]
15:25 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
15:29 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
15:36 -!- Vikinger [~ricardo@unaffiliated/vikinger] has joined #openvpn
15:50 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
15:52 < Vikinger> i cant connect to any website with https
15:52 < Vikinger> everything else works
15:56 <+esde> !welcome
15:56 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
15:57 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:57 <+esde> !logs
15:57 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:57 <+esde> !configs
15:57 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:59 -!- Vikinger [~ricardo@unaffiliated/vikinger] has left #openvpn []
16:01 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:02 -!- dazo is now known as dazo_afk
16:08 -!- deranged [Bit@lolnerd.net] has quit [Quit: brb!]
16:09 -!- deranged [Bit@lolpurr.net] has joined #openvpn
16:12 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 0.4.3]
16:13 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
16:20 -!- glphvgacs [~root@unaffiliated/glphvgacs] has joined #openvpn
16:21 < glphvgacs> can keys/CAs created by easy-rsa be used by other services? in parituclar kerberose/ssh/ldap and so on?
16:31 < BtbN> It's just a regular CA.
16:32 < glphvgacs> BtbN: meaning 'yes'?
16:33 < BtbN> If they depend on some special flags beeing set, you'd propably have to modify the scripts.
16:43 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
16:44 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
16:51 -!- soupmeister [~frad@24-107-128-120.dhcp.stls.mo.charter.com] has quit [Remote host closed the connection]
17:24 < Aelius> In order to fix the windows firewall issue on TAP, the openvpn adapter must have a default gateway that is pingable. It will then cease to be an "unidentified network" and all is well. I was able to acheive this by placing this in my server.conf: push route "0.0.0.0 0.0.0.0 10.8.0.1 999"
17:25 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:4451:ca27:7265:ab3e] has joined #openvpn
17:25 < Aelius> The TUN adapter, which I have just tested, remains unidentified.
17:27 < Aelius> For whatever reason, that line causes my actual internet adapter to add 10.8.0.1 under the list of gateways with TUN (this does not happen with TAP)
17:28 < Aelius> setting aside that issue, manually assigning the gateway to the TUN adapter does not fix it
17:28 < Aelius> and so... unless this can be resolved with a configuration tweak, I must use TAP
17:30 < Aelius> Any thoughts?
17:31 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 272 seconds]
17:33 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
17:33 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
17:34 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
17:34 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
17:34 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
17:34 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
17:35 -!- glphvgacs [~root@unaffiliated/glphvgacs] has quit [Ping timeout: 264 seconds]
17:35 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
17:35 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
17:36 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
17:36 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
17:36 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
17:36 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
17:37 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
18:09 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Ping timeout: 252 seconds]
18:35 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
18:48 -!- ReT123 [~JKDF2-COM@96.89.211.216] has joined #openvpn
18:50 < ReT123> Greetings OpenVPN friends. I would like to give my OpenVPN client a static IP, so that the client can host web-facing serves when connected over the internet to the VPN. My OpenVPN Virtual Appliance already has a static WAN IP assigned. I have additional addresses from a static IP block I can use. Suggestions?
18:54 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:57 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:4451:ca27:7265:ab3e] has quit [Remote host closed the connection]
19:01 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:2410:1d49:170e:8145] has joined #openvpn
19:01 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:2410:1d49:170e:8145] has quit [Remote host closed the connection]
19:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
19:04 < ReT123> No ideas folks?
19:04 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
19:06 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
19:31 < ReT123> Hello folks!?
19:31 < Thermi> !as
19:31 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
19:50 -!- bluestreeeeek [~bluestree@209.141.39.130] has joined #openvpn
20:00  * ecrist reads up
20:00 <@ecrist> hello ReT123 
20:00 <@ecrist> What you need to do is set up 1-to-1 NAT
20:01 <@ecrist> because you can't actually route IPs on the same block elsewhere, you still give your VPN clients private addresses
20:01 < ReT123> Within OpenVPN Access Server ?
20:01 <@ecrist> All traffic coming from them to the outside world would be natted to the external address.
20:01 <@ecrist> OpenVPN itself can't do the NAT part - a firewall daemon should be able to
20:01 <@ecrist> pf on FreeBSD is easy
20:16 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 245 seconds]
20:23 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: Leaving]
20:24 <@ecrist> ReT123: I didn't notice the part about access server.
20:24 <@ecrist> !as
20:24 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
20:24 <@ecrist> as Thermi pointed out
20:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
20:31 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:31 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Remote host closed the connection]
20:35 -!- xMopxShell [~xMopxShel@davepedu.com] has quit [Ping timeout: 272 seconds]
20:36 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 272 seconds]
20:37 -!- mattock_afk [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
20:37 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
20:37 -!- mode/#openvpn [+o mattock] by ChanServ
20:38 -!- xMopxShell [~xMopxShel@davepedu.com] has joined #openvpn
20:38 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
20:44 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 264 seconds]
20:48 < rob0> Proxy ARP can do that without routing.
20:48 < rob0> Just assign the real IP addresses to the clients and do no NAT.
20:48 <+pekster> It's not that simple if the clients aren't sending 100% of their public egress through the VPN though
20:49 < rob0> true
20:49 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:49 <+pekster> (policy routing would be the way to go there, moreso if the IP block in question is properly routed upstream, then you can do PtP /32's or /128's everywhere)
20:50 <+pekster> That has the lovely advantage of being able to policy route strictly by source IP, avoiding further mess
21:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:30 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
21:30 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Remote host closed the connection]
21:31 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:c118:a36f:ea20:92d1] has joined #openvpn
21:35 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:c118:a36f:ea20:92d1] has quit [Ping timeout: 245 seconds]
22:00 -!- s7eele [~AndChat52@208.167.254.51] has quit [Quit: Bye]
22:08 -!- bluestreeeeek [~bluestree@209.141.39.130] has quit [Read error: Connection reset by peer]
22:09 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
22:26 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
22:46 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:00 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Remote host closed the connection]
23:02 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:a474:4488:aada:530d] has joined #openvpn
23:06 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
23:06 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:a474:4488:aada:530d] has quit [Ping timeout: 245 seconds]
23:07 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
23:10 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:10 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Read error: Connection reset by peer]
23:16 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
23:26 -!- ShadniX [dagger@p5481D675.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:27 -!- ShadniX [dagger@p5481D311.dip0.t-ipconnect.de] has joined #openvpn
23:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:44 -!- zmachine [uid53369@gateway/web/irccloud.com/x-ljrntsqolfmcrokn] has joined #openvpn
--- Day changed Thu Apr 23 2015
00:18 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
00:21 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 244 seconds]
00:22 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
00:23 -!- avium is now known as foobar_
00:23 -!- foobar_ is now known as avium
00:32 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
00:35 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
00:36 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
01:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:18 -!- mode/#openvpn [+o mattock1] by ChanServ
01:23 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 244 seconds]
01:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit []
01:43 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
01:56 -!- zmachine [uid53369@gateway/web/irccloud.com/x-ljrntsqolfmcrokn] has quit [Quit: Connection closed for inactivity]
02:16 -!- rovnyart [~xtreme@195.88.208.147] has joined #openvpn
02:23 -!- rovnyart [~xtreme@195.88.208.147] has quit [Read error: Connection reset by peer]
02:24 -!- rovnyart [~xtreme@195.88.208.147] has joined #openvpn
02:25 < rovnyart> hi all! plz can you help me? i have all UDP traffic blocked in my network, so i installed openvpn to my linux VPS, it works fine, but only with TCP traffic (e.g. webpages). All UDP traffic is still blocked, and i have no idea how can i "tunnel it over TCP". when i use public vpn service - it works! what settings did miss? thank you very much for answer=) the server config file is:http://past
02:25 < rovnyart> ie.org/10108757, and the client is: http://pastie.org/10108758
02:35 -!- kubanc [563d4c96@gateway/web/freenode/ip.86.61.76.150] has joined #openvpn
02:36 < kubanc> Hello. I am reading this guide https://help.ubuntu.com/14.04/serverguide/openvpn.html. I am stuck here: "And you have to at least specify the OpenVPN server name or address. Make sure the keyword client is in the config. That's what enables client mode." Where can I find what is my openVPN server name or address?
02:39 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:52 < kubanc> I have connected to the VPN Server but the http is not working on the client mode...
02:54 -!- rovnyart [~xtreme@195.88.208.147] has quit [Remote host closed the connection]
02:57 < tomodachi> kubanc: its the ip or dns name of the openVPN server
03:08 -!- damr [c1375fd7@gateway/web/freenode/ip.193.55.95.215] has joined #openvpn
03:13 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Remote host closed the connection]
03:13 < damr> hi there, i am new to openvpn, i would like to configure a client with a bridged interface. i set up a bridge br0 with eth1 and tap0 and the address 192.168.100.5 on the client but the problem is that when i start the connection to the openvpn server, the server give me an address and set tap0 to up. Is it possible to disable this behaviour?
03:19 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
03:24 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
03:25 < kubanc> tomodachi: I have set openVPN server on Ubuntu 14.04. And I have set DNS in /etc/resolv.conf to 8.8.8.8 and 8.8.4.4
03:26 < kubanc> tomodachi: on the client side I can see that tun0-00 is setup and its IP address is 10.8.0.6
03:29 < tomodachi> kubanc: the tunnel has two ip adresses
03:29 < tomodachi> on for each end
03:29 < tomodachi> can you ping the opposite end of the tunnel?
03:29 < tomodachi> for example:
03:29 < tomodachi> inet addr:192.168.12.4  P-t-P:192.168.12.3  Mask:255.255.255.255
03:29 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
03:30 < tomodachi> so i would try to ping the remote end  192.168.12.3
03:30 < tomodachi> to verify that the tunnel is working
03:30 < kubanc> tomodachi: OK, this is what I have in ton0-00 inet addr:10.8.0.6 P-t-P: 10.8.0.5
03:31 < kubanc> ok, I cannot ping 10.8.0.5
03:31 < tomodachi> so your tunnel doesnt seem to be working properly
03:31 < kubanc> yes...
03:31 < tomodachi> start the openvpn tunenl with
03:31 < kubanc> I will check log files
03:31 < tomodachi> openvpn --config nameofyourconfig.conf
03:32 < tomodachi> in terminal
03:32 < tomodachi> as wroot
03:32 < tomodachi> as root
03:32 < tomodachi> then you can see the debug messages directly
03:36 < kubanc> tomodachi: --ca fails with 'ca.crt'. no such file or directory. and also for client1.crt and client1.key. It looks like the path for the files is not correct
03:38 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:40 < kubanc> tomodachi: This is what I got: ERROR: Linux route add command failed: external program exited with error status: 2
03:40 < tomodachi> good , so you have a theory of why its failing,   getting closer!
03:41 < tomodachi> start with the first error
03:54 -!- dazo_afk is now known as dazo
03:56 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
03:57 < damr> how can i setup a client to not have an address from the server? In my case i configured a bridge with tap0 and eth1 on the client and I just to use the address on the bridge?
03:58 < damr> *s/just/just want
03:58 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
04:03 -!- lorens [~lorens@213.27.241.114] has quit [Ping timeout: 264 seconds]
04:04 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:38 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
04:41 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
04:52 < kubanc> I have a question. I hav esuccesfully connecter to my VPN server, but when I chek my public IP (ip2location.com) it is not from the VPN Server. what should I do so that the cien't IP addresses would be the the same as the VPN server gave them?
04:53 < tomodachi> !help
04:53 <@vpnHelper> (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.
04:53 < tomodachi> !route
04:53 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
04:53 <@vpnHelper> client
05:01 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
05:03 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
05:20 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
05:21 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
05:32 -!- NetBilly [~pieter@105.210.149.136] has joined #openvpn
05:33 < damr> well the solution for my problem was to add 'iconfig-noexec' in client configuration
05:33 < NetBilly> I just fixed a problem with OpenVPN client on a few users on our network by changing the passwords. sigh. 3 weeks later, and the problem was caused by ! or ~ in the passwords
05:34 < NetBilly> Is there a list of characters not allowed in VPN passwords ?
05:34 < NetBilly> I want to apply this to our Active Directory password policies
05:37 -!- damr [c1375fd7@gateway/web/freenode/ip.193.55.95.215] has quit [Ping timeout: 246 seconds]
05:57 < kubanc> I get ip address (10.8.0.6) from VPN Server, but when I try to ping P-t-P:10.8.0.5 I get no response. any idea?
05:58 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
06:01 < rob0> One idea: please let /30 die off, there should be no need for that now.
06:01 < rob0> !/30
06:01 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
06:02 < rob0> !topology
06:02 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
06:02 < rob0> Another idea: a few gazillion things could cause no ping from the peer, including the suggestion in /topic
06:03 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: I'll brb comp reboot]
06:04 < kubanc> I can see that this can be donw with routing https://openvpn.net/index.php/open-source/documentation/howto.html#redirect
06:04 <@vpnHelper> Title: HOWTO (at openvpn.net)
06:05 -!- kantlivelong [~kantlivel@home.kantlivelong.com] has quit [Ping timeout: 245 seconds]
06:11 -!- kantlivelong [~kantlivel@home.kantlivelong.com] has joined #openvpn
06:13 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:27 -!- kubanc [563d4c96@gateway/web/freenode/ip.86.61.76.150] has quit [Quit: Page closed]
06:37 -!- damr [c1375fd7@gateway/web/freenode/ip.193.55.95.215] has joined #openvpn
06:38 < damr> !welcome
06:38 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
06:38 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:41 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 248 seconds]
06:47 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:21 -!- NetBilly [~pieter@105.210.149.136] has left #openvpn []
07:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:33 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 246 seconds]
07:38 -!- Hassenius [~hans@109.77.59.18] has joined #openvpn
07:40 < Hassenius> Hey, have an issue where I can't stop my OpenVPN server NATting my traffic through the tunnel.
07:41 <@dazo> Hassenius: don't use --redirect-gateway
07:41 <@dazo> !redirect
07:41 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
07:41 < Hassenius> I'm pretty sure it's not iptables doing the natting, so it seems like something OpenVPN does on it's own accord.
07:41 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
07:41 < BtbN> OpenVPN by itself doesn't do any NAT.
07:41 < rob0> no, openvpn does not do NAT natively, the OS does.
07:42 < BtbN> It changes the default route, but that's not NAT.
07:42 < rob0> How did you become so sure that iptables did not do it?
07:42 < Hassenius> dazo: Not using --redirect-gateway
07:43 < BtbN> And the server isn't pushing it?
07:43 <@plai> (OpenVPN can do NAT itself with client-nat on the client side)
07:43 <@dazo> Hassenius: then your server might push redirect-gateway to you ... remove that push from the server side
07:44 < Hassenius> wait a minute, I might be doing something silly
07:44 <@dazo> openvpn does not push everything through the tunnel by default.  In fact it doesn't push anything through the tunnel, it needs explicit routes to be configured ... if those routes defines "everything", then "everything" goes through the tunnel
07:46 < Hassenius> basically, what Io was doing was pinging a machine behind the client from the vpn server. when the traffic arrived to the VPN client it was originated from the servers tun0 address.
07:47 < Hassenius> let me try to make sure the ping can not originate from the tun address
07:47 -!- tristan_c [~tristan_c@81.141.87.197] has joined #openvpn
07:48 < rob0> How did you become so sure that iptables did not do it?
07:50 < Hassenius> iptables -L -n -t nat comes up empty
07:51 < Hassenius> but, I did find the answer... Once I pinged from a machine behind the server to a machine behind the client it works as expected (since all the routing rules are set up correctly)
07:51 < Hassenius> Originally I was silly and pinged from the server, without specifying where the ping should be originating from, and linux was friendly and suggested it should originate from tun0
07:52 < rob0> cool
07:52 < Hassenius> was just staring myself blind
07:52 < rob0> yes, ping would do a route table lookup before setting the source IP address.
07:53 < Hassenius> thanks for helping me see clearly again. ;)
08:23 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 264 seconds]
08:29 -!- studmuf [~studmuf@gateway/vpn/privateinternetaccess/studmuf] has joined #openvpn
08:43 -!- Hassenius [~hans@109.77.59.18] has quit [Quit: Leaving]
08:50 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
08:57 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Ping timeout: 250 seconds]
09:11 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:14 -!- unaM [~unaM@fullpower.lacavernedemanu.fr] has joined #openvpn
09:16 -!- unaM [~unaM@fullpower.lacavernedemanu.fr] has quit [Remote host closed the connection]
09:16 -!- unaM [~unaM@fullpower.lacavernedemanu.fr] has joined #openvpn
09:16 -!- unaM [~unaM@fullpower.lacavernedemanu.fr] has quit [Remote host closed the connection]
09:28 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
09:33 -!- dbtid [~dbtid@unaffiliated/dbtid] has left #openvpn []
10:13 < studmuf> Can anyone point me towards a tut on how to forward traffic on port 22 through eth0 and not the vpn tun0 using iptables?
10:13 < studmuf> I thought it would be as simple as iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 22 -j DNAT --to-destination 192.168.1.200:22
10:13 < studmuf> then doing
10:13 < studmuf> iptables -A FORWARD -p tcp -d 192.168.1.200 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
10:14 < studmuf> but so far no go...
10:15 < rob0> You'll have to be more specific in describing what you want to do.
10:17 -!- bernkastel is now known as rika
10:54 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:03 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 250 seconds]
11:06 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:23 -!- lorens [~lorens@213.27.241.114] has quit [Ping timeout: 252 seconds]
11:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
11:28 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:28 -!- mode/#openvpn [+o mattock1] by ChanServ
11:54 < studmuf> rob0: I want to run a vpn connection that I forward all traffic through except for traffic having to due with a specific port.
11:55 -!- damr [c1375fd7@gateway/web/freenode/ip.193.55.95.215] has quit [Ping timeout: 246 seconds]
11:56 < studmuf> I want to be able to ssh, and allow port specific programs to be reached through my eth connection
11:56 < rob0> You want to have your sshd still available as before, and redirect everything else.
11:57 < studmuf> yep
11:58 < rob0> The problem is the route table.  You'll need a second table for the non-VPN connections.  You cannot fix that with iptables.
11:59 < rob0> However, you can use iptables MARK to direct the desired packets to the alternate route table.
12:01 < studmuf> rob0: Ok. So I can setup a iptable MARK to direct packets to let say eth0 from tun0?
12:07 < studmuf> rob0: Found this link to what I think is exactly what I'm looking for. https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
12:07 <@vpnHelper> Title: Concepts-PolicyRouting-Linux – OpenVPN Community (at community.openvpn.net)
12:09 < rob0> by the URL I would say that looks promising.
12:10 < studmuf> haha
12:10 < rob0> and yes, "policy routing" is the term
12:10 < studmuf> Thanks for the help
12:11 < rob0> I don't have time to read and review it for you, but I think the wiki is vetted by competent folks.
12:14 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 246 seconds]
12:34 < Aelius> I used to use openvpn in the past on my windows laptop without issue, but my friend would have the issue where openvpn would just freeze after the laptop suspended. Now that I'm dabbling in openvpn again, I find my laptop having the same issue
12:34 < Aelius> The service needs to be manually restarted
12:34 < Aelius> every single time the laptop goes to sleep and wakes up :/
12:36 < rob0> Mine, a client, does not freeze, but usually when it wakes up and reconnects, the authentication has expired and I have to restart it to authenticate.
12:36 < Aelius> I found this https://openvpnwinsvc.codeplex.com/ but it either doesn't work or can't find the openvpn.exe
12:36 <@vpnHelper> Title: OpenVPN Service for Windows - Home (at openvpnwinsvc.codeplex.com)
12:36 -!- soupmeister [~frad@24-107-128-120.dhcp.stls.mo.charter.com] has joined #openvpn
12:36 < rob0> (the server obviously uses password auth)
12:37 < Aelius> I use keybased auth
12:38 < rob0> yeah, if mine did it would probably just reconnect fine
12:38 < Aelius> for testing purposes, I suspended the laptop and woke it up immediately, several times. each time openvpn fails
12:38 < Aelius> What's interesting is that the GUI doesnt have this issue
12:39 < Aelius> but the gui a) requires admin b) has that annoying popup
12:39 < Aelius> so it's not particularly a viable solution
12:45 < soupmeister> Am I misunderstanding something here...?  Why is OpenVPN providing the same IP address to two clients?
12:45 < soupmeister> 10.8.0.6
12:52 < AlmogBaku> it shouldn't
12:52 < AlmogBaku> why you suspect thats happening
12:53 < Aelius> Well I managed to work around it by forcibly restarting the service through taskscheduler every time the copmuter wakes up...
12:53 < soupmeister> I'm not sure but there's some weirdness happening on this client.  Going to reboot and try again.
12:54 < rob0> If two clients are sharing the same certificate, it's likely that the same address would be given.  But the existing connection is cut off when the second one connects.
12:57 < soupmeister> Ah, that's a possibility.
13:02 < soupmeister> That's got it.  The client is still acting janky, but at least it's getting its own IP now
13:07 < tristan_c> guys - I've a quick question on the use of 'route' in a server.conf. I've a simple ptp setup (very like this: http://goo.gl/9kFSWt). In this case 'route 192.168.5.0 255.255.255.0 10.8.0.2' is used.
13:07 <@vpnHelper> Title: Escaping (CG)NAT hell: tunnel your way out - Mathew McBride (at goo.gl)
13:07 < tristan_c> Is there a way to dynamically assign 192.168.50?
13:09 < tristan_c> *192.168.5.0*   ie, how can the server work out what the client network is? Why is this line even needed? Excuse the ignorance...
13:09 < Thermi> tristan_c: It can't.
13:10 < Thermi> Those iptables routes are wrong.
13:10 < Thermi> On the site.
13:11 < tristan_c> yeah, had a bit of bother with those: http://serverfault.com/questions/680702/iptables-rules-for-strongvpn-like-vpn-endpoint
13:11 <@vpnHelper> Title: openvpn - iptables rules for StrongVPN-like VPN endpoint - Server Fault (at serverfault.com)
13:12 < tristan_c> If I leave the route line out, nothing works from the client. But I don't understand why the server needs to know / cares about what network I have locally
13:12 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
13:14 < Thermi> tristan_c: That route is not for the local traffic of the client. It is the route for the subnet where the server resides.
13:14 < ReT123> Greetings OpenVPN friends. I would like to give my OpenVPN client a static IP, so that the client can host web-facing serves when connected over the internet to the VPN. My OpenVPN Virtual Appliance already has a static WAN IP assigned. I have additional addresses from a static IP block I can use. Suggestions?
13:15 < Thermi> !ccd
13:15 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
13:15 < tristan_c> Ahh, so it is still necessary? Is this related to using a p2p set-up?
13:16 < tristan_c> It's just using StrongVPN on a different machine doesn't require StrongVPN to know my local network is on 192.168.x.y
13:16 < Thermi> tristan_c: No, you need that to let the client know how to reach the local subnet of your server.
13:17 < tristan_c> Ah, so it sits on the server config, but is passed to the client
13:17 < Thermi> Not even
13:18 < Thermi> I think it's useless, because it's used locally and not pushed to the client
13:18 < Thermi> tristan_c: What are you trying to do?
13:19 < tristan_c> I've been trying to "replicate" a StrongVPN account I use, but on my own server - to allow the VPN client to use a public IP
13:19 < tristan_c> I've it close to working  - huge issue with iptables that is now resolved!
13:20 < tristan_c> But I'm not 100% sure what that route line in the server.conf was doing. Seemed strange to add the client network to the server iptable
13:21 -!- AlmogBaku [~AlmogBaku@bzq-79-180-131-236.red.bezeqint.net] has quit [Ping timeout: 252 seconds]
13:21 < Thermi> tristan_c: I understand what that is about now. What the how-to describes is a way to DNAT a public IP over an openvpn tunnel to the openvpn client.
13:21 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:21 -!- pailaps [~pailaps@nyc.lovesexmoney.info] has joined #openvpn
13:21 < Thermi> that 192.168.5.0/24 subnet is in fact on the client side and the traffic to the server's public IP address is DNATed to the client's adress given in ifconfig.
13:22 < Thermi> To let the client know how to reach the private address of the client, a route is installed in the routing table of the server.
13:22 < tristan_c> yes - ahhh, so the DNAT occurs, then the routing table sends it down the tunnel
13:23 < tristan_c> so I can ping the tunnel endpoint (10.8.0.2) and the router at the end of it (192.168.5.1) from the server
13:23 < tristan_c> they are one and the same
13:24 < Thermi> Of course, you have to adjust all entries (routes, iptables rules) where that private IP occurs with the address (range) that you use in your setup.
13:24 < tristan_c> Yes - think I have that. It really is a simple setup! One client (an OpenWrt router) and the server. So I thought p2p would be simpler.
13:25 < tristan_c> Would the route line still be needed if I switched to a conventional server / client config?
13:27 < Thermi> I do not know that, I do not deal with openvpn much anymore.
13:27 < rob0> --route is --route, regardless of --mode
13:27 < rob0> p2p usually is easier, yes
13:28 < tristan_c> OK - thanks. I wonder how StrongVPN set their routing tables if they don't know the client network?
13:28 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Excess Flood]
13:29 <+esde> huh
13:29 < tristan_c> Thanks rob0 - I guess it's the 'not broke don't fix it' saying
13:30 < soupmeister> OK so I can ping my home router from the client, but the client can't ping the home router.
13:31 < pailaps> tristan_c:wish i knew
13:31 < pailaps> would simplify my job
13:31 < pailaps> couldnt connect on schools wifi
13:31 < soupmeister> Wait, scratch that, reverse half.  I can ping my home router from the client, but I can't ping the client from the router.
13:32 < pailaps> not sure if its the fault of captive portal or something else
13:32 < pailaps> tunnel gets established but nothing goes through
13:32 < pailaps> works via tethered and home network
13:32 <+esde> probably DPI
13:33 <+esde> try with !obfs and see if you get different results
13:33 < pailaps> !obfs
13:33 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used.
13:33 <@vpnHelper> in static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
13:33 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
13:33 < pailaps> esde:weird thing is, i can open the schools home page, but nothing else
13:34 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:34 < rob0> sounds like hijacked DNS (such as a captive portal might do)
13:34 < rob0> it's not weird
13:34 < pailaps> how does one get around that?
13:35 < pailaps> running without openvpn is like having unprotected coitus
13:39 < Thermi> pailaps: Find out who's doing it and punch him/her in the face.
13:42 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
13:45 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
13:45 -!- tristan_c [~tristan_c@81.141.87.197] has quit []
13:51 -!- burp [~quassel@2001:41d0:2:a512::1] has left #openvpn []
13:51 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
13:59 -!- dazo is now known as dazo_afk
14:04 < soupmeister> So, still fighting with this weird routing issue.  After rebooting the router 3 times, I can now ping the clients from the router.  However, when I try to ping anything else on the network, the OpenVPN server sends the ping request (confirmed on eth0 from Wireshark) but nothing comes back.
14:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 276 seconds]
14:11 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 245 seconds]
14:17 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
14:18 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Client Quit]
14:18 -!- ReT123 [~JKDF2-COM@96.89.211.216] has quit []
14:44 -!- lfx [~lfx@self-aware.evilmachines.net] has joined #openvpn
15:23 < zoredache> Do the clients have routes to actually read the OpenVPN connected clients?
15:30 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
15:36 -!- studmuf [~studmuf@gateway/vpn/privateinternetaccess/studmuf] has quit []
15:58 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:07 -!- zmachine [uid53369@gateway/web/irccloud.com/x-hppywnzatqxsckdx] has joined #openvpn
17:21 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:36 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
17:37 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
17:37 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
17:38 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
17:45 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:45 -!- mode/#openvpn [+v s7r] by ChanServ
17:51 -!- soLucien [~Lu@130.225.165.39] has quit [Ping timeout: 240 seconds]
18:14 -!- pk12 [~pk12@84.39.116.180] has quit [Ping timeout: 250 seconds]
18:16 -!- kantlivelong [~kantlivel@home.kantlivelong.com] has quit [Ping timeout: 252 seconds]
18:22 -!- lbft [~lbft@unaffiliated/lbft] has quit [Excess Flood]
18:23 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
18:24 -!- pk12 [~pk12@84.39.116.180] has joined #openvpn
18:27 -!- ShadniX [dagger@p5481D311.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
18:33 -!- ShadniX [dagger@p5DDFF38B.dip0.t-ipconnect.de] has joined #openvpn
18:43 -!- ShadniX [dagger@p5DDFF38B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
18:47 -!- ShadniX [dagger@p5DDFEA34.dip0.t-ipconnect.de] has joined #openvpn
19:27 -!- wondeer [~usr@unaffiliated/sand3r] has joined #openvpn
19:27 < wondeer> hi
19:27 < wondeer> Ovpn TLS Error: local/remote TLS keys are out of sync
19:27 < wondeer> what does it mean?
19:28 < wondeer> is the encryption broken?
19:39 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
19:47 -!- kantlivelong [~kantlivel@home.kantlivelong.com] has joined #openvpn
20:04 < wondeer> hi anybody here?
20:05 -!- deranged [Bit@lolpurr.net] has quit [Ping timeout: 256 seconds]
20:06 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
20:09 -!- deranged [Bit@lolpurr.net] has joined #openvpn
20:27 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
20:27 -!- mode/#openvpn [+v Guest86751] by ChanServ
20:41 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
20:43 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
20:44 -!- crus [~crusader@124.171.59.35] has quit [Read error: Connection reset by peer]
20:45 -!- crus [~crusader@124-171-51-25.dyn.iinet.net.au] has joined #openvpn
20:54 -!- wondeer [~usr@unaffiliated/sand3r] has quit [Read error: Connection reset by peer]
21:07 -!- Guest86751 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
21:08 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
21:08 -!- mode/#openvpn [+v Guest86751] by ChanServ
21:08 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 276 seconds]
21:14 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:16 -!- zmachine [uid53369@gateway/web/irccloud.com/x-hppywnzatqxsckdx] has quit [Quit: Connection closed for inactivity]
21:23 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
21:24 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 250 seconds]
21:27 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
21:31 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
21:34 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:36 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 245 seconds]
21:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
21:47 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
21:48 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Excess Flood]
21:48 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
21:53 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 245 seconds]
21:58 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
22:00 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
22:14 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
22:16 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Excess Flood]
22:22 -!- mattsl [~user@68.169.165.200] has joined #openvpn
22:24 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
22:24 < mattsl> Could someone help me with a routing issue for a site to site connection?
22:26 < mattsl> I have a site to site connection and a client-server connection. I can reach the machines on the LAN of both sides from the client on the 2nd VPN network, but devices on the two LANs can't reach each other
22:27 < mattsl> I've double checked all my route and iroute settings as best as I know how and I have tried disabling the firewall on the two routers
22:33 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Excess Flood]
22:41 -!- Guest86751 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
22:41 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
22:42 -!- mode/#openvpn [+v Guest86751] by ChanServ
23:07 -!- Guest86751 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
23:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:28 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 248 seconds]
23:29 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
23:53 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
23:53 -!- mode/#openvpn [+v Guest86751] by ChanServ
23:54 -!- ShadniX [dagger@p5DDFEA34.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:54 -!- ShadniX_ [dagger@p5481DAB7.dip0.t-ipconnect.de] has joined #openvpn
23:55 -!- ShadniX_ is now known as ShadniX
23:57 -!- Guest86751 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
--- Day changed Fri Apr 24 2015
00:04 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
01:05 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:07 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:17 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Remote host closed the connection]
02:03 -!- novaflash is now known as novaflash_away
02:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:06 -!- mode/#openvpn [+o mattock1] by ChanServ
02:12 -!- l3archos [~Icedove@unaffiliated/l3archos] has joined #openvpn
02:13 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
02:13 < l3archos> hello folks. I am not sure which way is better to use for accessing some shares at my home network. I can reach them either through webdavs:// because I am running a webdavs server at home, or I could connect through OpenVPN to my network and access the shares through SMB/CIFS. Is there a way which I should prefer or doesn't that matter because both way are secure?
02:23 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:36 -!- lorens [~lorens@213.27.241.114] has quit [Remote host closed the connection]
02:43 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:50 -!- lorens [~lorens@213.27.241.114] has joined #openvpn
02:55 -!- pk12 [~pk12@84.39.116.180] has quit [Quit: Textual IRC Client]
02:57 -!- lorens [~lorens@213.27.241.114] has quit [Ping timeout: 248 seconds]
03:10 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
03:12 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
03:15 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
03:28 -!- Kim^J [~hagbard@ec2-54-76-36-83.eu-west-1.compute.amazonaws.com] has left #openvpn []
03:32 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:43 -!- obr7 [8d4a2104@gateway/web/freenode/ip.141.74.33.4] has joined #openvpn
03:43 < obr7> hi
03:46 < obr7> where to put proxy settings for private tunnel windows gui?
03:46 < tomodachi> proxy setting?!
03:47 < obr7> yes, my company http proxy
03:47 < obr7> cannot find client.ovpn
03:48 < obr7> only .conf files which gets overwritten at start
03:50 < obr7> can I add --http-proxy at windows shortcut?
03:55 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
04:00 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 240 seconds]
04:02 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
04:18 -!- dazo_afk is now known as dazo
04:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
04:40 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
05:01 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
05:01 -!- mode/#openvpn [+v Guest86751] by ChanServ
05:04 -!- Guest86751 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
05:05 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
05:05 -!- mode/#openvpn [+v Guest86751] by ChanServ
05:17 -!- Guest86751 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
05:29 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
06:27 -!- TyrfingMjolnir [~Tyrfing@58.182.44.225] has joined #openvpn
06:28 < TyrfingMjolnir> How can I run OpenVPN on port 53?
06:28 < TyrfingMjolnir> I have configured UDP 53
06:28 < TyrfingMjolnir> It works for the first user, but then the service is gone.
06:29 < TyrfingMjolnir> I will have to do /etc/init.d/openvpn restart for the service to reoccur on UDP 53 to ressurrect the service
06:29 < TyrfingMjolnir> But the problem is still the same, it only works for the first connection.
06:29 < tomodachi> it sounds like you are using your setup in site to site mode
06:30 < tomodachi> instead of client to server mode , or whatever it is called
06:30 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
06:49 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
06:49 -!- mode/#openvpn [+v s7r] by ChanServ
06:53 -!- obr7 [8d4a2104@gateway/web/freenode/ip.141.74.33.4] has quit [Ping timeout: 246 seconds]
07:04 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 256 seconds]
07:05 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
07:20 -!- ACKNAK [~regolith@79.133.97.154] has joined #openvpn
07:21 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
07:22 < ACKNAK> Hello! Anybody knows if I should increase sndbuf if I increased txqueuelen value?
07:24 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:7103:532b:682:be6f] has joined #openvpn
07:28 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:7103:532b:682:be6f] has quit [Ping timeout: 245 seconds]
07:39 -!- s7eele [~AndChat52@208.167.254.29] has joined #openvpn
07:50 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
07:50 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
07:50 -!- badon_ is now known as badon
08:09 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
08:12 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:13 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 240 seconds]
08:22 -!- donnib [~donnib@152.115.31.4] has joined #openvpn
08:22 < donnib> Hi
08:22 < donnib> i did a mtu-test and got following
08:22 < donnib> Apr 24 15:21:51	ubnt openvpn[3813]: mihai/152.115.31.4:61720 NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1557,1445] remote->local=[1557,1557]
08:22 < donnib> Apr 24 15:21:51	ubnt openvpn[3813]: mihai/152.115.31.4:61720 NOTE: This connection is unable to accommodate a UDP packet size of 1557. Consider using --fragment or --mssfix options as a workaround.
08:23 < donnib> how should i interpret this, does it say i should set 1557 on both sides ?
08:25 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 252 seconds]
08:40 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
08:54 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
08:56 -!- donnib [~donnib@152.115.31.4] has left #openvpn []
09:19 -!- l3archos [~Icedove@unaffiliated/l3archos] has quit [Quit: l3archos]
09:22 -!- Denial [~Denial@81.141.0.147] has joined #openvpn
09:29 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
09:31 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
09:31 -!- mode/#openvpn [+v s7r] by ChanServ
09:33 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
09:58 -!- ACKNAK [~regolith@79.133.97.154] has quit [Quit: Leaving]
10:12 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
10:20 -!- besson3c1 [~besson3c@76.9.221.218] has joined #openvpn
10:22 < besson3c1> Hey guys. I have two separate server environments I can VPN into to gain access to machines on these respective networks. I'm getting a little lost finding a way to bridge these networks together so that these two VLANs can speak to each other bi-directionally
10:23 < besson3c1> Would one of you be so kind as to point me in the right direction? I might not be Googling the right thing, I've gotten a number of differnet instructions
10:24 < besson3c1> As it stands, both networks are tap based, I have a client from one environment connecting to the other. This client is running on the gateway for the entire network, all traffic is routed to this IP.
10:25 < besson3c1> This client -> server connection works, but I can only access the machines on the remote network from the client connecting machine
10:25 < besson3c1> I think I just need a firewall rule to route from my gateway to my tap interface when a request for an IP on the remote subnet is requested
10:26 < besson3c1> I've been getting lost looking at bridge up/down scripts, I don't really know if I need a bridge?
10:27 -!- Ziber [~Liber@irssi.liber.in] has joined #openvpn
10:28 < mattsl> Could anyone help me with a routing issue for a site to site connection?
10:28 < Ziber> What's the proper way to generate a cert and a key for a new host?
10:28 < mattsl> I have a site to site connection and a client-server connection. I can reach the machines on the LAN of both sides from the client on the 2nd VPN network, but devices on the two LANs can't reach each other
10:35 -!- Poster|x is now known as Poster
10:35 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
10:36 < besson3c1> mattsl: I'm trying to accomplish the exact same thing
10:36 < besson3c1> mattsl: are you using tap or tun?
10:36 < Junka> hello, can i set openvpn to automatically connect to a x profile with wifi and a y profile with ethernet?
10:37 < Junka> (currently i connect auto on either eth or wlan)
10:42 < besson3c1> Junka: maybe you should separate the traffic so that they are on different subnets?
10:46 < Junka> no, that not what i'm trying to do
10:47 -!- firetoad [~Instantbi@97-118-23-87.hlrn.qwest.net] has joined #openvpn
10:49 < besson3c1> Junka: sorry, I misunderstood.
10:50 < Junka> besson3c1; what i mean is that for example i should connect to to openvpn always when i use ethernet but never when i use wlan
11:06 < Ziber> Could anyone help me?
11:08 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:36 -!- _Cyclone_ is now known as _Cyclone_[away]
11:38 -!- Junka [~Junkass@unaffiliated/junka] has quit [Ping timeout: 272 seconds]
11:45 < mattsl> besson3c1: I'm using TUN
11:48 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 256 seconds]
12:01 -!- shio [marmot@142.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
12:19 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:27 -!- tms [~tms@fixed-169-229-248-3.IST.Berkeley.EDU] has quit [Ping timeout: 240 seconds]
12:34 -!- shio [marmot@142.121.101.84.rev.sfr.net] has joined #openvpn
12:36 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 252 seconds]
13:29 -!- dazo is now known as dazo_afk
13:31 -!- besson3c1 [~besson3c@76.9.221.218] has quit [Remote host closed the connection]
13:52 -!- rika is now known as fool
14:00 -!- firetoad [~Instantbi@97-118-23-87.hlrn.qwest.net] has quit [Quit: Instantbird 1.5 -- http://www.instantbird.com]
14:02 -!- Rmarmorstein [~River@irc.riveris.sexy] has joined #openvpn
14:02 < Rmarmorstein> !welcome
14:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
14:02 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:02 < Rmarmorstein> !goal
14:02 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:14 -!- g-maurizi [~g-maurizi@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has joined #openvpn
14:15 < g-maurizi> I woke up from a barrage of employee compaints that their openvpn tunnel is getting disconnected, I need some help figuring this out. Here are the server and client logs: http://pastebin.com/rwqdXnmH here are the server and client config: http://pastebin.com/RUC1QtD0 the client is a an asus rt-n16 router running tomato shibby
14:16 < g-maurizi> it seems there are some mismatched config options, clearly, but why they dont exist in the openvpn config on tomato is beyond me.
14:22 -!- fool is now known as rika
14:22 < g-maurizi> do i need to correct these config mismatches, or are these just arbitrary warnings, and the tomato client config doesnt use them to save nvram space?
14:23 < g-maurizi> oh chrap one side is comp-lzo adaptive and one size is comp-lzo, theres a start.
14:24 <+esde> woo-hoo!
14:25 < g-maurizi> stupid tomato client. I hate when people fudge with openvpn client to make it work for their implementation, leave it the heck alone and fix your implementation! yes im talking to you shibby (scrolls through chanlist)
14:26 <+esde> lol
14:26 < g-maurizi> ill be back to talk at nothing.
14:26 < g-maurizi> brb
14:26 -!- g-maurizi [~g-maurizi@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has quit []
14:26  * esde waves goodbye
14:35 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
14:35 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
14:35 -!- badon_ is now known as badon
14:47 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
14:51 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
14:54 -!- tristan_c [~tristan_c@81.141.87.197] has joined #openvpn
15:03 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
15:30 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
15:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
15:43 -!- zlate [~pi@c-34a072d5.039-238-73746f34.cust.bredbandsbolaget.se] has joined #openvpn
15:52 -!- Work [~Work@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has joined #openvpn
15:52 -!- Work is now known as Guest4920
15:54 -!- Guest4920 [~Work@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has left #openvpn []
15:58 -!- g-maurizi [~Work@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has joined #openvpn
15:58 < g-maurizi> Hey guys, I could really use your help, a satellite office is dropping connection regularly, initially i had a mismatch between client-server config one was comp-lzo the other comp-lzo-adaptive, i corrected that, I'm wondering if anyone can scan over my logs and find anything else that would cause this? Any help is VERY much appreciated: http://pastebin.com/vdTPwASi
15:59 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:59 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
15:59 < g-maurizi> I don't understand the meaning behind the "bad source address from client error" the openvpn client is an asus rt-n16 router running tomato shibby. I can pastebin client and server config on demand.
16:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
16:01 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:04 < g-maurizi> I am geting the bad source address from client 24.43.143.198 which is the WAN ip of the openvpn client-router, so this makes zero sense? why would I include the wan IP of the client router in the /etc/openvpn/ccd/ configuration? the internal LAN CIDR subnets are correct in that configuration
16:04 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
16:04 < g-maurizi> connecting to clients behind the dialing client-router works fine.
16:07 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:07 -!- Rmarmorstein is now known as Rmar|Away
16:09 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
16:10 < g-maurizi> Im regards to the above error, I do not have the clients setup to use the internet through the tunnel, I am pushing routes (split-tunnel) so there should be no need for NAT.
16:15 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:17 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
16:17 -!- g-maurizi [~Work@108-201-232-1.lightspeed.irvnca.sbcglobal.net] has quit [Quit: Leaving]
16:21 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:23 -!- tristan_c [~tristan_c@81.141.87.197] has quit []
16:23 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
16:28 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:30 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
16:35 -!- g-maurizi [182b90c3@gateway/web/freenode/ip.24.43.144.195] has joined #openvpn
16:36 < g-maurizi> Can anyone tell me why my clients are getting an RDP remote desktop stream disconnected during tls renegotiation every time?
16:45 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:45 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
16:51 -!- g-maurizi [182b90c3@gateway/web/freenode/ip.24.43.144.195] has quit [Quit: Page closed]
16:52 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:54 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
16:55 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:55 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Max SendQ exceeded]
16:56 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
16:58 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:00 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:01 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
17:01 -!- mode/#openvpn [+v RBecker] by ChanServ
17:04 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 276 seconds]
17:05 -!- Maxels [~Maxel@24-159-215-210.static.roch.mn.charter.com] has joined #openvpn
17:08 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 245 seconds]
17:19 -!- cagedwisdom [~X@58-6-223-147.dyn.iinet.net.au] has joined #openvpn
17:30 -!- _Cyclone_[away] [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:31 -!- Maxels [~Maxel@24-159-215-210.static.roch.mn.charter.com] has quit [Ping timeout: 250 seconds]
17:49 -!- g-maurizi [6cc9e801@gateway/web/freenode/ip.108.201.232.1] has joined #openvpn
17:50 < g-maurizi> Hello again #openvpn, I really could use some help with these local/remote options string mismatches, I've included all of the missing options in the client config, but the server logs still say they are missing? http://pastebin.com/2H665gkc Also, my satellite office is disconnecting seemingly every hour, and after watching logs it appears its occuring during TLS renegotiation -- to be more specific, it's an RDP connection that is
17:51 < g-maurizi> Nothing should disconnect during TLS renegotiation -- why would this behaviour occur? anyone's guess?
17:53 < g-maurizi> I'm also seeing "comp-lzo" in sever.conf and "comp-lzo yes" in the client config, which one of these is correct? shouldn't they match exactly? is it with a "yes" or not?
17:58 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 248 seconds]
17:58 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:00 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:02 < g-maurizi> is there a better/more active server vs. freenode for openvpn help?
18:19 < g-maurizi> how about this -- can anyone tell me if "comp-lzo adaptive" is valid in server.conf? this is the default setting for tomato's openvpn client.
18:19 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 252 seconds]
18:24 < Thermi> g-maurizi: When did this problem start?
18:25 < g-maurizi> this is a new deployment. I'm guessing day 1, (were on day 4 of deployment), and I just didn't notice it.
18:25 < Thermi> Oh man.
18:25 < g-maurizi> I think it may be related partly to an MTU mismatch.. if you look in the logs, there's link-mtu 1542 on the server end which makes almost zero sense ?
18:26 < Thermi> Okay, check if the client uses the correct config and also check if you look at the logs of the correct client.
18:26 < g-maurizi> I have both logs and configs if you want to take a look.
18:27 < g-maurizi> http://pastebin.com/2H665gkc  that is the server log on top and the client config on bottom.
18:27 < g-maurizi> The first thing I need to figure out is why the server is reporting mismatch for settings that DO exist in the client config.
18:28 < g-maurizi> the server is reporting comp-lzo, auth, cipher, keysize, etc, missing from client.config... but they are all there.
18:29 < g-maurizi> These mismatches are all mostly harmless warnings, I understand, but it's still ideal to explitly define such things so openvpn doesn't have to guess.
18:31 < g-maurizi> I also need to understand/figure out why my CentOS 7 openvpn server has a LINK-MTU value of 1546 instead of 1500? I have not defined LINK-MTU in /etc/openvpn/server.conf ? :oX
18:32 < Thermi> g-maurizi: Insane defaults. Change it manually.
18:33 < g-maurizi> Thermi: TY, you're saying openvpn defaults to a LINK-MTU of 1546?
18:33 < Thermi> No, but it has to come from somewhere.
18:33 < g-maurizi> ah
18:33 < g-maurizi> must have taken it from a NIC or something
18:33 < Thermi> na
18:33 < Thermi> g-maurizi: Man page about openvpon
18:33 < Thermi> search for link-mtu
18:34 < Thermi> Fix the problem with the warnings first
18:34 < g-maurizi> So, other than the LINK-MTU issue, any guess why the server is reporting "mismatch" for things ive explicitly defined in the client config?
18:35 < Thermi> Like I wrote, check if your client uses the correct config and then check if you're looking at the correct logs.
18:35 < g-maurizi> it's a definite yes on both...
18:35 < g-maurizi> something strange is going on
18:35 < Thermi> Yes.
18:36 < Thermi> Reboot the server and client?
18:36 < g-maurizi> I'll pastebin both configs and logs, sec.
18:36 < g-maurizi> I will after business-hours.. the staff hate me enough today as is. :)
18:36 < g-maurizi> my main problem is that they are losing a streaming connection during TLS renegotiation
18:37 < g-maurizi> the renegotiation appears to happen okay, but RDP/Remote Desktop Protocol disconnects in the process.
18:37 < Thermi> Interesting.
18:37 < Thermi> Openvpn supports graceful reauthentication
18:37 < Thermi> and also rekeyingl
18:37 < g-maurizi> Exactly... shouldn't disconnect anything.
18:38 < g-maurizi> think the MTU mismatch could be the culprit?
18:38 < Thermi> Did you check if you run the latest OpenVPN version on both sides?
18:38 < Thermi> g-maurizi: No, because then nothing would work.
18:38 < g-maurizi> the client end-point is a tomato-shibby firmware router, so it's impossible to update the client
18:39 < g-maurizi> it also has an UNDEF version string
18:39 < Thermi> Vendor specific stuff.
18:39 < Thermi> Throw it away.
18:39 < g-maurizi> I feel ya
18:40 < g-maurizi> Hey, can you tell me, is "comp-lzo adaptive" valid for server.conf?
18:40 < g-maurizi> This is the tomato-firmware default for lzo compression
18:40 < g-maurizi> or should it be "comp-lzo yes"?
18:41 < Thermi> The man page says, "adaptive" is the default. It can be either "yes", "no" or "adaptive"
18:41 < g-maurizi> perfect. My server conf has "comp-lzo" without yes, no or adaptive.. so I need to change it to "comp-lzo adaptive" right?
18:42 < Thermi> No.
18:42 < Thermi> Because "adaptive" is the default.
18:42 < g-maurizi> OH.. that makes perfect sense. ty
18:43 < g-maurizi> Should I explicitly set LINK-MTU and TUN-MTU in server.conf just to be on the safe side?
18:44 < g-maurizi> its picking up that weird 1546 link-mtu from somewhere.
18:44 < Thermi> Not unless you can use "mtu-test".
18:44 < Thermi> For testing, set the tun-mtu to 1400
18:45 < g-maurizi> Just saw mtu-test in manual. TY. that is a good idea to check the for the largest MTU the client will take
18:46 < Thermi> g-maurizi: You mentioned that this is a new deployment, but your questions imply that you did not have problems like this before. May I know how many installations you already handled?
18:46 < g-maurizi> Four or five
18:46 < Thermi> Okay.
18:46 < g-maurizi> We have six other endpoints not having an issue
18:47 < g-maurizi> it's this tomato router
18:48 < g-maurizi> It generates the client config file from NVRAM settings and has a spot for "additional advanced config" variables, and it seems to not be reading some of the explicitly defined variables or something.. even though they do end up in the config file on the router.
18:49 < g-maurizi> Wish I could trade this consumer peice of junk for a pi or something
18:50 < Thermi> Get a Pi 2 and a normal hardware switch
18:50 < Thermi> Managed.
18:51 < g-maurizi> I might go that route after this horror story. I think I have a good idea on hw to proceed thanks to you! I'm going to play with mtu-test, and udp fragmentation-max when I am able to reload the server.
18:52 < g-maurizi> of all the warnings, that one seems to be the worst -- then I'll work on ironing out the local and remote string mismatches and pray the error resolves itself
18:53 < g-maurizi> would it be a bad idea, if -- worst case, the error proceeds, to up the TLS renogitiation time? to like 12 hours? instead of 1 hour?
18:53 < Thermi> No, I think that would be fine.
18:54 < Thermi> But that is the setting for one side only
18:54 < Thermi> The other side might have a lower renegotiation time set.
18:54 < Thermi> And then it rekeys first.
18:54 < g-maurizi> I'll have to set it on both client and server config. :)
18:54 < g-maurizi> do I open myself up to any serious security implications by using such a large TLS renegotiation window?
18:55 < Thermi> No.
18:55 < g-maurizi> Sweet. Thanks Thermi!
18:55 < Thermi> You're welcome.
18:58 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
19:07 -!- dimitry7 [~dimitry7@187.188.84.149] has joined #openvpn
19:07 < dimitry7> Hello Guys
19:07 < dimitry7> I am getting this: TLS Error: TLS handshake failed ... and this ... read UDPv4 [ECONNREFUSED]: Connection refused (code=111) ...
19:08 < dimitry7> but just when I work with UDP, if I change to TCP it works :S
19:08 < dimitry7> my firewall is set to UDP.
19:10 < g-maurizi> dimitry7: you will get better help if you paste the full log, client, server configs, and firewall configuration.
19:10 < g-maurizi> *pastebin
19:11 < dimitry7> g-maurizi, sure. Give me a sec plese
19:12 < dimitry7> g-maurizi, server: http://paste.debian.net/168744/
19:12 < g-maurizi> It appears you have an issue with your firewall, most likely.
19:12 < dimitry7> g-maurizi, Client: http://paste.debian.net/168745/
19:13 < dimitry7> Man
19:13 < dimitry7> solved
19:13 < dimitry7> you were right
19:13 < g-maurizi> What about the firewall on the server machine?
19:13 < dimitry7> I did iptables -F
19:13 < dimitry7> and problem solved
19:13 < g-maurizi> Yep
19:13 < dimitry7> let me check what the hell is there blocking me out
19:13 < g-maurizi> CONNREFUSED is a type of tcp-reject packet
19:13 < dimitry7> ohhh
19:13 < dimitry7> good!
19:14 < g-maurizi> its being REJECTED not DROPPED
19:14 < dimitry7> Rejected, exactly
19:14 < g-maurizi> if you want to show me your iptables rules I will take a look at that.
19:15 < dimitry7> sure
19:15 < dimitry7> let me paste
19:15 < g-maurizi> on the server "iptables -t fitler -A -p udp -m udp --m multiport --ports 1194 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT"
19:16 < dimitry7> g-maurizi, http://paste.debian.net/168747/
19:16 < dimitry7> those are my firewall riles
19:16 < dimitry7> ok
19:17 < dimitry7> port there is 1188
19:17 < dimitry7> and the public IP is my VPN server
19:17 < g-maurizi> are you running openvpn on udp/1188?
19:17 < g-maurizi> got it
19:18 < g-maurizi> is openvpn running on the same machine, or is it DNAT'd ?
19:18 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Excess Flood]
19:18 < dimitry7> yes
19:18 < dimitry7> oh
19:18 < dimitry7> that firewall's machine is the client
19:19 < dimitry7> is running on the remote end
19:20 < dimitry7> -m udp and --m multiport says cant coexist
19:20 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
19:20 -!- mode/#openvpn [+v RBecker] by ChanServ
19:20 < g-maurizi> dmitry7: the way you are writing your iptables ruleset is really very confusing to keep track of! :)
19:21 < g-maurizi> why are you blocking 172.16.0.0/12 on eth1 and then allowing it everywhere after blocking it on eth1?
19:21 < g-maurizi> you should try to be as descriptive as possible with your iptables rules
19:21 < g-maurizi> it will avoid alot of headache long-term
19:22 < g-maurizi> line 42: "-A INPUT -s 172.16.0.0/255.240.0.0 -i eth1 -j REJECT --reject-with icmp-port-unreachable"
19:24 < g-maurizi> dmitry7: what interface does openvpn come in on?
19:25 < g-maurizi> you should learn to use ! instead, you could use ! -i eth0 -j REJECT to reject on everything BUT eth0, ! invert the rule.
19:26 < dimitry7> g-maurizi, actually I didn't write the rules haha
19:26 < dimitry7> but I will order them
19:26 < dimitry7> interface?
19:26 < g-maurizi> Understood
19:26 < dimitry7> ammm eth1
19:26 < g-maurizi> Okay. One sec
19:27 < g-maurizi> dimitry7: shouldn't you be masquerading out of eth1 in your setup?
19:28 < g-maurizi> to allow VPN clients to access the internet you will have to masquerade out of eth1, but that is not the cause of THIS problem.
19:28 < dimitry7> g-maurizi, well, output is accepted as default
19:28 < g-maurizi> MASQUERADE is NAT not a filter rule.
19:29 < g-maurizi> iptables -t postrouting -A -i eth1 -j MASQUERADE"
19:29 < g-maurizi> you will have to add that eventually, but not now.
19:30 < g-maurizi> Try commenting out line 46 and see if you get the same error.
19:30 < dimitry7> oh, no, I can't maskerade all out
19:30 < dimitry7> 'cos I use a proxy
19:31 < dimitry7> for my users, I don't want them to have full internet access
19:31 < g-maurizi> dmitry7: what generated these iptables rules? what program?
19:31 < g-maurizi> Understood
19:32 < dimitry7> yeah same error
19:32 < g-maurizi> This is really bad practice -- you should set your default policies to REJECT and then explicitly ALLOW things one-by-one, you are ACCEPTING EVERYTHING and then only rejecting specific things.
19:32 < dimitry7> iptables-save but they were modified with time I guess
19:32 < g-maurizi> just a heads up. :)
19:32 < dimitry7> Isn't default set to REJECT gonna block you out?
19:33 < dimitry7> if I do iptables -F
19:33 < dimitry7> I will be blocked out, no?
19:33 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
19:33 < g-maurizi> That's the point... you need to REJECT all traffic, and then DEFINE what you want to allow, that is the point of a firewall.
19:33 < dimitry7> but that is rejected
19:33 < g-maurizi> if you don't ALLOW the traffic before changing your default policy, yes it will block you out
19:34 < g-maurizi> you don't understand.... your server is currently vulnerable to ANY type of attack from a non-spoofed IP
19:34 < dimitry7> really?
19:34 < g-maurizi> lines 35-47 are not needed
19:35 < dimitry7> but....
19:35 < dimitry7> I have configured like that all the firewalls
19:35 < g-maurizi> well... its beyond me to teach you iptables, but I would advise that you learn some before you deploy this server if you want to secure it.. as far as your current problem, I'm still looking :)
19:35 < dimitry7> and for example... if I try to connect to port 22, I cant if I am not allowed
19:35 < dimitry7> https://major.io/2010/04/12/best-practices-iptables/
19:36 <@vpnHelper> Title: Best practices: iptables - major.io (at major.io)
19:36 < g-maurizi> dimitry7 -- "INPUT: ACCEPT" you are ALLOWING EVERYTHING unless you EXPLICITLY reject it... do you think you know EVERY type of traffic POSSIBLE that you need to reject?
19:36 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 276 seconds]
19:36 < dimitry7> what if set my default policy to DROP
19:36 < dimitry7> and then do iptables -F ?
19:36 < g-maurizi> you will have to create a rule for every type of traffic to ALLOW
19:36 < g-maurizi> you will lose connection to your server
19:36 < dimitry7> yes
19:36 < dimitry7> how will I reconnect?
19:37 < g-maurizi> you need to create rules to "accept" traffic, and then set your default policy to reject.
19:37 < dimitry7> -A INPUT -j REJECT --reject-with icmp-host-prohibited
19:37 < g-maurizi> for example, create a rule for SSH "-A -p tcp --dport 22 -j ACCEPT" and then SSH will be accepted
19:38 < dimitry7> but if I get disconnected, how can I connect again?
19:38 < dimitry7> how can I load the rules again?
19:38 < g-maurizi> you first need to create rules to accept the traffic, before changing your default policy...
19:39 < g-maurizi> do you have OOB access to this server? is it a VPS?
19:39 < g-maurizi> you should access the server through Out Of Bands management, for example, AWS console, or something.. and then fix your iptables rules
19:40 < dimitry7> it is not virtual
19:40 < dimitry7> its physical
19:40 < dimitry7> I run DBs
19:40 < dimitry7> and a Web Site
19:40 < dimitry7> it is not in AWS
19:40 < dimitry7> the one in AWS is the VPN Server
19:40 < g-maurizi> dimitry7: understand this, EVERY "ACCEPT" rule that you have defined is pointless, as it is already accepted by default... I understand your logic, but it's not good practice.
19:41 < dimitry7> g-maurizi,
19:41 < dimitry7> ok hold on
19:41 < dimitry7> let me explain
19:41 < dimitry7> you say that
19:41 < dimitry7> every ACCEPT rule is pointless
19:41 < dimitry7> well, that means that if I do SSH to the public IP
19:41 < dimitry7> will I connect?
19:42 < dimitry7> what do you think?
19:43 < g-maurizi> I don't see why not based on the current ruleset
19:43 < g-maurizi> it should connect based on your current ruleset.
19:43 < dimitry7> ok im gonna paste to you another filter
19:43 < dimitry7> check this otu
19:43 < dimitry7> out, just maybe... Im right
19:44 < g-maurizi> dimitry7: listen.. change to your root directory. "cd /root" run "iptabes-save > old.firewall" then do "iptables -F" then do "iptables -X" then do "iptables-save > new,firewall" open "new.firewall" and begin re-writing your rules.
19:44 < g-maurizi> There is NEVER a setup where your default policy should be ACCEPT... ever, for any reason.
19:45 < g-maurizi> if your default policy is ACCEPT, your server is not secure, period.
19:45 < dimitry7> http://paste.debian.net/168750/
19:46 <+esde> then it's a honeypot
19:47 < g-maurizi> dmitry7: listen, line 91 "-A INPUT -j REJECT --reject-with icmp-host-prohibited"
19:47 < g-maurizi> see that line REJECTS ALL TRAFFIC on the input chain, after accepting traffic, understand?
19:47 < g-maurizi> This is bad practice.
19:48 < g-maurizi> Instead of having a default policy of "ACCEPT" and then having the last line "REJECT ALL" , you should have a default policy of "REJECT" and add only "ACCEPT" rules.
19:49 < dimitry7> g-maurizi, I agree on what you say
19:49 < dimitry7> the only point I don't get is that if in the end I am rejecting all incomming traffic, why am I succpetible to an attack?
19:49 < dimitry7> for example if I don't explicitly open SSH, I will not be able to connect
19:50 < g-maurizi> dimitry7: it would require ALOT of explaination, I just need you to take my word on this, I am a netfilter developer.
19:50 < dimitry7> g-maurizi, ok ok I got you
19:50 < dimitry7> just please give me some guides to check why this is a better practice
19:51 < g-maurizi> you are not "incorrect" in the way you are working.. its just not "best practice".. you know?
19:51 < dimitry7> yeah
19:51 < dimitry7> all right
19:51 < dimitry7> I will take your advice on practise
19:51 < g-maurizi> Well, FIRST OF ALL, you are REJECTING ALL TRAFFIC with ICMP rejected.. so you're basically ADVERTISING to every attacker that your firewall just blocked the traffic...
19:51 < g-maurizi> you should be using DROP
19:51 < dimitry7> I still need to understand why is it a better practice though
19:51 < g-maurizi> and not waste the bandiwdth or cycles to begin with
19:52 < dimitry7> so it means that
19:53 < dimitry7> the attack will be successfull
19:53 < dimitry7> in so many intents?
19:53 -!- Naypalm [~naypam@unaffiliated/naypalm] has joined #openvpn
19:53 < g-maurizi> dmitry7: http://www.cyberciti.biz/tips/linux-iptables-examples.html
19:53 <@vpnHelper> Title: Linux: 20 Iptables Examples For New SysAdmins - nixCraft (at www.cyberciti.biz)
19:53 < Naypalm> using tun do I want server or server-bridge considering I don't want a br0 bridge interface
19:53 < Naypalm> might be a silly question
19:55 < g-maurizi> dmitry7: how are you going to keep account of the amount of DROPPED packets with your current firewall?
19:56 < g-maurizi> EVERY dropped packet is going to tick that last rule, instead of the default policies packet counter..
19:56 < dimitry7> im checking that out
19:56 <+esde> Naypalm, what
19:56 < g-maurizi> that's one instance where you're using iptables in a way that is not intended.
19:57 < Naypalm> esde: if I'm using tun (not tap) do I want to use a server line or a server-bridge line in my config
19:57  * Naypalm 0/10 clever
19:57 -!- Rmar|Away is now known as Rmarmorstein
19:58 < dimitry7> will I see the difference on this using namp? I mean when I change my default policy
19:58 <+pekster> a bridge is an OSI L2 concept; tun is L3. There is no bridging in L3, only L2
19:58 <+pekster> Further, a tap device need not necessarily be bridged to be useful
19:58 <+pekster> !tunortap
19:58 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
19:58 <+pekster> !whybridge
19:58 <@vpnHelper> rooted/jailbroken) support only tun
19:58 <@vpnHelper> "whybridge" is (#1) you only bridge if you want layer2 to the lan. if you want layer2 only between vpn nodes then routed tap is enough. if you only want layer3 use tun. or (#2) See this URL for a more in-depth discussion on bridging vs routing: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting or (#3) See also !tunortap
19:58 <+pekster> Naypalm: ^
19:59 < g-maurizi> just avoid the headache and use TUN -- if you need do to any routing TUN is required.
19:59 < Naypalm> I  see
19:59 < Naypalm> I've always used tap!
19:59 < Naypalm> okay
19:59 < Naypalm> so tun it is
20:00 < Naypalm> thanks pekster, g-maurizi, vpnHelper, pekster and esde
20:00 < g-maurizi> TAP has a ton of verhead going through the tunnel
20:00 < g-maurizi> *overhead
20:01 < g-maurizi> anything below layer7 is going to have overhead.
20:01 < Naypalm> really even layer 6 has overhead?
20:01 < g-maurizi> multicast, i think? ends up going through a bridged-vpn, right?
20:01 < Naypalm> that's (if my brain remembers) like SSH overhead and such?
20:01 < g-maurizi> if its layer2 bridged it's literally on the same physical link.. for all intents and purposes
20:02 < dimitry7> g-maurizi, why is it better to stop the unallowed traffic in the default policy, than in the way I do it? why is it a better practice?
20:02 < Naypalm> okay
20:02 < g-maurizi> anything that would pass normally on the LAN will pass the TAP interface
20:02 < g-maurizi> if you need to pass multicast traffic and stuff like that over the tunnel, use tap.. if not, dont
20:02 <+pekster> g-maurizi: Not really, no. Firewall rules still apply for routing, and you can do filtering on OSI L2 too
20:02 <+pekster> "LAN" != "dumb switch"
20:03 < g-maurizi> true. you could use TAP and filer things
20:03 <+pekster> Routing and switching doesn't magically change just becuase you're using a VPN
20:03 < g-maurizi> but its added work
20:03 < dimitry7> g-maurizi, https://major.io/2010/04/12/best-practices-iptables/
20:03 <@vpnHelper> Title: Best practices: iptables - major.io (at major.io)
20:03 <+pekster> dimitry7: That's a shitty guide
20:03 <+pekster> default DROP is fine
20:03 < g-maurizi> dmitry7: he says DONT USE DROP, he doesnt say USE ACCEPT...
20:04 <+pekster> Also taht is full of bullshit by not using iptables-restore(8)
20:04 < g-maurizi> thank you pekster.. lol
20:04 < g-maurizi> yeah, that guide is a hunk of BS to begin with either way
20:04 <+pekster> The only note is to "distro" level knobs, which is really the wrong way to teach people to do it right
20:04 <+pekster> !netfilter
20:04 <@vpnHelper> "netfilter" is Under Linux, use `iptables-save` to show firewall rulesets (add -c to include counters.) Do not use iptables -L as it is incomplete & often lies. #netfilter is more on-topic for detailed help.
20:04 < dimitry7> haha
20:05 < g-maurizi> hes referring to not USING DROP in reference to how the client reacts to DROP VS REJECT, he doesnt mean "use accept"
20:05 < dimitry7> g-maurizi, I agree on everything. But I need to understand why is it a better practice?
20:05 < dimitry7> because of inner workings of Iptables?
20:05 <+pekster> It's not
20:05 < g-maurizi> dimitry7: you're better off asking in #netfilter, but be warned, they will rip you a new one.
20:05 <+pekster> That entire guide is crap; there is no "good practice" there at all
20:05 <+pekster> Go reaad the references in #netfilter, namely TPR and the /TOPIC URLS
20:06 <+pekster> And my netfilter-samples linked there too
20:06 <+pekster> _that_ is a best practice template
20:06 <+pekster> Use of distro-level knobs is about the only good advice there. They warn against -F, but for all the wrong reasons (loads need to be _atomic_ for proper operation, which that article's author obviously has no clue about)
20:07  * pekster shrugs
20:07 <+pekster> Lots of bad guides on the web
20:07 < dimitry7> g-maurizi, so it has to do with IPtables inner workings?
20:07 <+pekster> No
20:07 <+pekster> No it does not
20:07 < dimitry7> with what then?
20:07 < g-maurizi> pekster: The current #netfilter reference has this whole spcheel about using DROP/REJECT as your default policy as opposed to using ACCEPT and then ending your input chain with a reject all rule. He's asking why this is reccomended?
20:07 <+pekster> FFS, you can drop packets however the hell you want
20:08 <+pekster> THe author of the article you're reading has zero clue about Netfilter, so why the fuck would you think they know how it works "internally" ? If you want to drop packets, great, go drop them
20:08 <+pekster> Maybe read a refernece I gave you to see that this is in fact acceptecd
20:08 < dimitry7> pekster, forget the guide, I did
20:08 <+pekster> Like the 2 I gave you earlier: you've surely read them by now instead of asking me to explain things described there, right?
20:08 < dimitry7> g-maurizi, I appreciate all of what you have taught me
20:09 <+pekster> http://catb.org/~esr/faqs/smart-questions.html#lesser
20:09 <@vpnHelper> Title: How To Ask Questions The Smart Way (at catb.org)
20:09 <+pekster> Topic for #Netfilter: Netfilter, Xtables/iptables/nftables, Linux Network setup in general | READ http://inai.de/links/iptables/ | http://goo.gl/wzsul http://goo.gl/zi5V | https://github.com/QueuingKoala/netfilter-samples | http://sfvlug.editthis.info/wiki/Things_You_Should_Know_About_Netfilter
20:09 <@vpnHelper> Title: j.eng's site (at inai.de)
20:09 <+pekster> Go read them
20:10 <+pekster> netfilter-samples project shows you the non-shitty way to write rules. blogs with "scripts" will get you laughed at by anyone witih a clue. TPR will tell you why you'll get laughed at ofr it
20:11 <+pekster> tl;dr: no one can write firewall rules, and OpenVPN isn't itself a firewall. It's a router with built-in security
20:11 < dimitry7> http://wiki.centos.org/HowTos/Network/IPTables
20:11 <@vpnHelper> Title: HowTos/Network/IPTables - CentOS Wiki (at wiki.centos.org)
20:11 < dimitry7> I don't see why CentOS is wrong
20:11 <+pekster> !notovpn
20:11 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
20:12 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
20:12 <+pekster> They that guide is also retarted
20:12 <+pekster> And*
20:12 < dimitry7> pekster, why is it better practise to set a default policy as REJECT?
20:12 -!- mode/#openvpn [+o pekster] by ChanServ
20:12 <@pekster> Take it to #Netfilter, please
20:12 <@pekster> This is now wildly off-topic for here
20:12 < dimitry7> ok Im there now
20:13 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:14 < g-maurizi> eww.. use comments for obscure rules. who tf is that guy.
20:14 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
20:16 -!- s7eele [~AndChat52@208.167.254.29] has quit [Ping timeout: 265 seconds]
20:19 <+esde> Principal Architect at Rackspace
20:25 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
20:34 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
20:42 -!- s7eele [~AndChat52@208.167.254.29] has joined #openvpn
20:42 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 245 seconds]
20:46 -!- fred`` [fred@earthli.ng] has joined #openvpn
20:47 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:50 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:55 < mattsl> Could someone help me with a routing issue for a site to site connection?
20:56 < mattsl> I have a site to site connection and a client-server connection. I can reach the machines on the LAN of both sides from the client on the 2nd VPN network, but devices on the two LANs can't reach each other
20:56 -!- mode/#openvpn [-o pekster] by ChanServ
20:57 <+pekster> You basically need to follow these two flowcharts, each one at a time, to route between 2 LANs using OpenVPN as the connection:
20:57 <+pekster> !serverlan
20:57 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
20:57 <+pekster> !clientlan
20:57 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route
20:57 <@vpnHelper> for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
20:58 <+pekster> You can start with either one. This said, the most common causes of this kind of setup are forgetting to add routes to each LAN's default gateway to get to the opposite side's network, or a firewall problem on one of the 4 involved routers
20:58 <+pekster> Maybe your client-side LAN doesn't have return-routes for the server-side LAN or the VPN network itself? Or the firewall there won't permit traffic to flow
21:00 < mattsl> pekster: I'll go through the flowcharts, thanks. For the record, I may have explained it poorly, but it's only two routers involved as ovpn is running on the routers. I checked the routes of both and client machines on both LANs can talk to the ovpn IPs of both LANs but not the LAN IPs
21:01 < mattsl> but thanks for the charts, I'll check those and come back if I can't figure it out from there
21:01 <+pekster> Firewall is looking more suspect then
21:01 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 240 seconds]
21:01 < mattsl> I tried disabling the firewall temporarily on both boxes
21:01 <+pekster> if the client-side VPN/gateway device can reach server-sidei LAN hosts, you know routing is working. tcpdump can be useful too
21:01 < mattsl> (I actually read the topic text :-))
21:02 <+pekster> More or less, just tcpdump each hop along the way, starting with the lan-facing interface of the first-hop router
21:03 < mattsl> Yeah. I tried that and they get as far as the router/ovpn server on the other end, but don't get any response
21:03 <+pekster> That router has two interfaces: did you actually dump the egress onto the LAN?
21:04 <+pekster> No respons after that suggests the target host itself is what's dropping it
21:04 <+pekster> response*
21:05 <+pekster> (or it's getting mis-routed from that point. Bad static routes or something like that)
21:05 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
21:05 -!- mode/#openvpn [+v Guest86751] by ChanServ
21:06 -!- g-maurizi [6cc9e801@gateway/web/freenode/ip.108.201.232.1] has quit [Ping timeout: 246 seconds]
21:10 -!- Guest86751 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
21:10 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
21:13 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
21:14 < mattsl> pekster: I'm agreeing with you on the route being the issue, but the routing tables look correct to me
21:15 < mattsl> and I can ping the LAN IP of each router from the opposite router
21:15 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
21:16 <+pekster> But not LAN systems from either one?
21:16 <+pekster> (opposing LAN systems)
21:16 < mattsl> correct
21:17 -!- rich0_ is now known as rich0
21:17 <+pekster> So what did you see from a tcpdump doing that watching the LAN egress of the router with the target host?
21:18 < mattsl> nothing
21:18 <+pekster> Then your firewall on that router is doing things wrong
21:18 <+pekster> You should at least see the request traffic
21:18 < mattsl> I disabled the firewall
21:19 <+pekster> Apparently not, given your symptoms
21:19 < mattsl> Unless the firewall needs to be on to do the forwarding
21:19 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
21:19 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:19 -!- badon_ is now known as badon
21:19 <+pekster> What OS on the router?
21:19 < mattsl> I typed pfctl -d and it responded with pf disabled....
21:19 < mattsl> pfsense
21:19 < mattsl> so FreeBSD
21:20 <+pekster> You can check forwarding wtih the sysctl node net.inet.ip.forwarding
21:21 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
21:21 <+pekster> The rest just depends on the PF ruleset. This said, if you get packets in on the tun device, but _not_ send out to the LAN, it's got to be a firewall issue or routing problem (routing not enabled, or no route to the LAN, which should never be the case if you're connected directly to it)
21:24 < mattsl> I did pfctl -d on both routers, both LAN clients have static routes back to the opposing LAN with the router on their side set as the gateway, both routers can ping the LAN IP of the other
21:25 < mattsl> and net.inet.ip.forwarding: 1 on both
21:28 < mattsl> And if I tcpdump the LAN interface of the router I can see the pings when ping from the first router to a device on the remote LAN
21:29 <+pekster> That's what I asked earlier and you said you saw nothing
21:29 <+pekster> So if you see the egress request, but no replies, it's that host that's not replying
21:29 < mattsl> I see it from the router
21:29 < mattsl> but not from a client
21:30 < mattsl> I can successfully ping a client from the opposing router
21:31 <+pekster> So, {LAN-A} <-> {RTR-A} <-> [Internet] <-> {RTR-B} <-> {LAN-B}: you're saying RTR-A can ping, and get a reply from, LAN-B?
21:31 < mattsl> correct
21:31 < mattsl> On the client on LAN-B it's showing the source IP as the VPN IP of RTR-A
21:31 <+pekster> But not LAN-A to LAN-B, but you _do_ see that traffic arriving on tun0 of RTR-B?
21:32 <+pekster> Does RTR-B have a route for LAN-A?
21:32 < mattsl> yes
21:32 < mattsl> the client even has a specific router for LAN-A
21:32 < mattsl> *route
21:32 < mattsl> via the IP of RTR-B
21:33 <+pekster> That's your problem: don't do that
21:33 <+pekster> OpenVPN needs to suck in the route itself
21:33 <+pekster> Actually, can I see netstat -rn on the client-device? That might be okay depending on how it's configured
21:34 <+pekster> Normally you just push a route from the openvpn server to the client for your server-side LAN, via --push
21:34 <+pekster> openvpn figures it all out, and it magically works
21:34 < mattsl> I just deleted the route with no change
21:34 < mattsl> I can pastebin the before or after if you still want to see it though
21:35 <+pekster> Let's start with the openvpn configs actually
21:35 <+pekster> You really just want to use --push like the flowcharts indicated
21:35 <+pekster> !configs
21:35 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
21:36 < mattsl> And yes, I can see the icmp traffic on the vpn interface on RTR-B when pinging from LAN-A
21:36 < mattsl> (from LAN-A to LAN-B)
21:36 <+pekster> But not the downstream (em0, or whatever it is) device? That would be rather odd
21:36 < mattsl> correct
21:36 < mattsl> it doesn't go back out the LAN
21:37 < mattsl> even with the firewall disabled
21:37 -!- cagedwisdom [~X@58-6-223-147.dyn.iinet.net.au] has quit [Ping timeout: 250 seconds]
21:38 < mattsl> if I pfctl -d then tcpdump em1 on RTR-B, I get nothing when pinging LAN-B from LAN-A, but it works from RTR-A
21:39 <+pekster> If that traffic is arriving on tun0 but not going out em1, something screwy is up with the gateway itself, but short of a firewall problem I don't know where that leaves you
21:39 < mattsl> That's where I got stuck
21:40 < mattsl> And I would think that there shouldn't be any routing issue to route packets out on it's local subnet...
21:41 <+pekster> Right, and you know that bit is working since the far vpn node can reach it (not to mention the gateway itslef)
21:41 < mattsl> exactly
21:41 < mattsl> Which is why I kept thinking it was the firewall, but I'm really confused as to why it still doesn't work when I disable the firewall
21:58 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
22:10 -!- Aelius [~Aelius@unaffiliated/aelius] has left #openvpn []
22:11 -!- dimitry7 [~dimitry7@187.188.84.149] has quit [Quit: Leaving]
22:22 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
23:48 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
23:53 -!- ShadniX [dagger@p5481DAB7.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:54 -!- ShadniX [dagger@p5DDFDC2E.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Apr 25 2015
01:02 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
01:03 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:05 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:07 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
01:13 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
01:13 -!- mode/#openvpn [+v Guest86751] by ChanServ
01:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:16 -!- BtbN_ [btbn@btbn.de] has joined #openvpn
01:17 -!- XJR-9_ [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
01:17 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Killed (morgan.freenode.net (Nickname regained by services))]
01:17 -!- XJR-9_ is now known as XJR-9
01:19 -!- andi [~andi@unaffiliated/fr00d] has quit [Disconnected by services]
01:19 -!- Reventlo1 [~Reventlov@unaffiliated/reventlov] has joined #openvpn
01:19 -!- ketas- [~ketas@97-39-190-90.dyn.estpak.ee] has joined #openvpn
01:20 -!- BtbN [btbn@btbn.de] has quit [Ping timeout: 252 seconds]
01:20 -!- Zimsky-- [~alice@unaffiliated/zimsky] has quit [Ping timeout: 252 seconds]
01:20 -!- codebam [codebam@gateway/shell/yourbnc/x-vwzmpgdpoufbsgqs] has quit [Ping timeout: 252 seconds]
01:20 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-zyynirnbxycfjrpz] has quit [Ping timeout: 252 seconds]
01:20 -!- tomodachi [~tomodachi@s-000802a0bdd3.04-30-73746f34.cust.bredbandsbolaget.se] has quit [Ping timeout: 252 seconds]
01:20 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-ytbzruuwhgehghit] has quit [Ping timeout: 252 seconds]
01:20 -!- K1rk [~Kirk@5.135.221.149] has quit [Ping timeout: 252 seconds]
01:20 -!- riddle [riddle@us.yunix.net] has quit [Ping timeout: 252 seconds]
01:20 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has quit [Ping timeout: 252 seconds]
01:20 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has quit [Ping timeout: 252 seconds]
01:20 -!- Haigha [~root@dovahkiin.xomg.net] has quit [Ping timeout: 252 seconds]
01:20 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-arjwmpolcheherjz] has quit [Ping timeout: 252 seconds]
01:20 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
01:20 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 252 seconds]
01:20 -!- d10n [~d10n@unaffiliated/d10n] has quit [Ping timeout: 252 seconds]
01:20 -!- BtbN_ is now known as BtbN
01:20 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
01:20 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
01:21 -!- Haigha [~root@2001:41d0:1:d4e5:dead::42] has joined #openvpn
01:21 -!- codebam [codebam@gateway/shell/yourbnc/x-pmfctonrhdwdvejl] has joined #openvpn
01:21 -!- K1rk [~Kirk@5.135.221.149] has joined #openvpn
01:21 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-wzfybnzwsjsckkxp] has joined #openvpn
01:27 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-cxbpmuppfvzqtwsm] has joined #openvpn
01:28 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-dbidokmbxksardiu] has joined #openvpn
01:34 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
01:41 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
01:44 -!- Guest86751 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
01:47 -!- crus` [~crusader@124-171-51-25.dyn.iinet.net.au] has joined #openvpn
01:56 -!- FBi [B@Aircrack-NG/User] has joined #openvpn
01:57 -!- FBi is now known as Guest98262
01:57 -!- rika_ [rika@trivialand/guesser/rika] has joined #openvpn
01:58 -!- Netsplit *.net <-> *.split quits: flyingkiwi, jzaw, Naypalm, rika, crus, syedomar, tharkun, DzAirmaX, Haigha, Nothing4You,  (+6 more, use /NETSPLIT to show all of them)
01:58 -!- Netsplit over, joins: DzAirmaX
01:59 -!- Netsplit over, joins: xMopxShell
01:59 -!- Netsplit over, joins: BtbN
02:00 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
02:00 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
02:02 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 248 seconds]
02:03 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
02:04 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
02:04 -!- mode/#openvpn [+o syzzer] by ChanServ
02:04 -!- Haigha [~root@dovahkiin.xomg.net] has joined #openvpn
02:07 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:50 -!- s7eele [~AndChat52@208.167.254.29] has quit [Ping timeout: 256 seconds]
03:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:30 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:35 -!- tristan_c [~tristan_c@81.141.87.197] has joined #openvpn
03:40 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
03:50 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
04:09 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:11 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
04:11 -!- mode/#openvpn [+v s7r] by ChanServ
04:19 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:06 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Read error: Connection reset by peer]
05:09 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
05:25 -!- Reventlo1 is now known as Reventlov
05:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
05:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:38 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
05:40 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
06:02 -!- makhmutov74 [~makhmutov@mahmutov-rg-unlim.vpn.mgn.ru] has joined #openvpn
06:04 < makhmutov74> HI, In my ccd config file specified DNS server, but looks like it does not work.
06:54 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:11 -!- mjkr [c7b4ffee@gateway/web/freenode/ip.199.180.255.238] has joined #openvpn
07:12 < mjkr> when using udp, how does openvpn work if there is nat/loadbalancing involved?
07:12 < mjkr> or is openvpn with udp nat-unfriendly?
07:13 < mjkr> in particular, does openvpn w/ udp work with xinetd/linux virtual server/ipvs's udp load balancing/forwarding?
07:29 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:29 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has joined #openvpn
07:41 <+esde> makhmutov74
07:41 <+esde> !dns
07:41 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
07:41 <+esde> !pushdns
07:41 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
07:41 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
07:48 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: really? must I leave? aw pls let me stay!]
07:50 -!- zalami_ [~realnameo@unaffiliated/zalami] has joined #openvpn
07:50 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 245 seconds]
07:53 -!- shio [marmot@142.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
08:07 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
08:15 < rob0> There is no limitation on types of IP traffic which go through openvpn, no.
08:15 -!- shio [marmot@142.121.101.84.rev.sfr.net] has joined #openvpn
08:17 -!- ketas- is now known as ketas
08:38 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 245 seconds]
08:44 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 245 seconds]
08:52 -!- yang [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
08:57 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
09:06 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
09:23 -!- rika_ is now known as rika
09:49 -!- techevo [~techevo@178.32.57.190] has quit [Ping timeout: 265 seconds]
09:55 -!- tristan_c [~tristan_c@81.141.87.197] has quit []
10:24 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
10:28 -!- rika [rika@trivialand/guesser/rika] has quit [Quit: oO]
10:28 -!- rika [rika@trivialand/guesser/rika] has joined #openvpn
10:33 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
10:53 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 255 seconds]
11:08 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
11:16 -!- shio [marmot@142.121.101.84.rev.sfr.net] has quit [Ping timeout: 256 seconds]
11:18 -!- Gizmokid2010 [~Gizmokid2@dedi1.gizmokid2005.com] has joined #openvpn
11:19 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 246 seconds]
11:19 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has quit [Ping timeout: 246 seconds]
11:19 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
11:19 -!- _bt [~bt@unaffiliated/bt/x-192343] has quit [Ping timeout: 246 seconds]
11:19 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Ping timeout: 246 seconds]
11:19 -!- Rmarmorstein [~River@irc.riveris.sexy] has quit [Ping timeout: 246 seconds]
11:19 -!- Gizmokid2010 is now known as Gizmokid2005
11:19 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Read error: Connection reset by peer]
11:19 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
11:19 -!- NP-Compl1 [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
11:19 -!- kloeri_ [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
11:19 -!- Rmarmorstein [~River@irc.riveris.sexy] has joined #openvpn
11:20 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
11:20 -!- early` [~early@105.ip-167-114-152.net] has joined #openvpn
11:21 -!- luckman212_ [~luckman21@unaffiliated/luckman212] has joined #openvpn
11:23 -!- Netsplit *.net <-> *.split quits: troyt, jzaw, bandroidx, early, DArqueBishop, zoredache, +pekster, seg, someone, XJR-9,  (+13 more, use /NETSPLIT to show all of them)
11:23 -!- luckman212_ is now known as luckman212
11:23 -!- Eric-K [~eric@188.226.225.197] has joined #openvpn
11:23 -!- Netsplit over, joins: deranged
11:27 -!- kloeri_ is now known as kloeri
11:32 -!- kennyboy[wopr] [~ken@54.79.14.174] has joined #openvpn
11:32 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
11:32 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:33 -!- seeg [~seeg@li470-46.members.linode.com] has quit [Ping timeout: 246 seconds]
11:33 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 246 seconds]
11:33 -!- kennyboy [~ken@ec2-54-79-14-174.ap-southeast-2.compute.amazonaws.com] has quit [Ping timeout: 246 seconds]
11:33 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 246 seconds]
11:33 -!- kennyboy[wopr] is now known as kennyboy
11:34 -!- sh1rtybird [~quassel@beepbeep.serverpit.com] has joined #openvpn
11:34 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
11:46 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
11:46 -!- mode/#openvpn [+o plaisthos] by ChanServ
11:46 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
11:46 -!- mode/#openvpn [+o pekster] by ChanServ
11:46 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
11:46 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
11:46 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
11:46 -!- mode/#openvpn [+o krzee] by ChanServ
11:47 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
11:48 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
11:48 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
11:49 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
11:51 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
12:03 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: I'LL BE BACK WITH 10,000 DOGECOINS TO SOAK!!!!!!!!!!]
12:03 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
12:23 -!- Kev- [~Kev@2a03:f80:354:ffff:ffff:ffff:71b2:bd17] has joined #openvpn
12:23 < Kev-> I'm trying openvpn out, have 2 windows clients connected to a linux server. I cannot ping the computers (10.9.8.6), but both computers can ping the servers internal address (10.9.8.1)
12:24 < Kev-> I followed some debian guide when installing, but kind of stuck now :)
12:24 < Kev-> server cannot ping clients either
12:32 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 256 seconds]
12:34 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
12:37 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 272 seconds]
12:38 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 272 seconds]
12:45 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
12:46 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 276 seconds]
12:48 -!- jzaw [~jzaw@2001:8b0:7:0:5054:ff:fe8e:3b24] has joined #openvpn
12:49 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 265 seconds]
12:54 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
12:57 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
13:06 -!- superboot [~agentgasm@unaffiliated/superboot] has joined #openvpn
13:06 < superboot> !welcome
13:06 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:06 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:08 < superboot> !goal
13:08 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:10 < superboot> Hi all. I've got a Linksys router with builtin openvpn support. It generated a .ovpn file. Where should I place this file to automaticly connect on boot?
13:18 -!- Netsplit *.net <-> *.split quits: noodle
13:23 -!- NP-Compl1 is now known as NP-Completeass
13:25 -!- gffa [~unknown@unaffiliated/gffa] has quit [Read error: Connection reset by peer]
13:25 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
13:25 -!- Netsplit over, joins: noodle
13:31 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:43 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
13:49 -!- varazir [~mircwars@c-94-255-129-20.cust.bredband2.com] has joined #openvpn
13:49 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:1c8c:e4ba:eba9:e48b] has joined #openvpn
13:54 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:1c8c:e4ba:eba9:e48b] has quit [Ping timeout: 256 seconds]
13:56 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
13:57 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
13:59 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
14:00 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
14:01 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:08 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
14:10 < bdmc> Can somebody point me at documentation ( instructions ) on setting up openvpn to provide an IPv6 tunnel into a LAN?  I see it as two servers, but I don't think openvpn works that way.
14:20 -!- shio [marmot@142.121.101.84.rev.sfr.net] has joined #openvpn
14:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 248 seconds]
14:41 < M4rc3l> if openvpn fails to start whats the location of the log file i should look into?
14:43 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
14:46 < Kev-> check server.cfg
14:47 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
14:50 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:884d:71d4:4a04:fe2c] has joined #openvpn
14:52 < bdmc> !welcome
14:52 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
14:52 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:52 < bdmc> !route
14:52 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
14:53 < M4rc3l> i found the log file and im getting this error http://i.imgur.com/I1nZEBU.png
14:53 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
14:53 < M4rc3l> i checked permissions and they are ok idk what could be causing this
14:53 < M4rc3l> and the files exist
14:55 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:884d:71d4:4a04:fe2c] has quit [Ping timeout: 256 seconds]
15:18 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
15:31 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:33 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 248 seconds]
15:45 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:02 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
16:17 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
16:42 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:54 -!- dr1_ [~dr1@ip68-9-70-46.ri.ri.cox.net] has quit [Quit: Leaving]
17:06 -!- divansantana [~admin@105.210.159.94] has joined #openvpn
17:07 < divansantana> how does one connect to openvpn service, but (1) not make the connection default and (2) open up a local socks proxy port. So that any traffic I want to send over the vpn, I simply point to the local socks proxy.
17:10 < divansantana> !welcome
17:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
17:10 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:11 < divansantana> !goal
17:11 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
17:19 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 256 seconds]
17:22 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 255 seconds]
17:31 -!- s7eele [~AndChat52@208.167.254.202] has joined #openvpn
17:39 -!- _Cyclone_ is now known as _Cyclone_[away]
17:51 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:55 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:57 -!- LogicB [~essential@cabbage.whatbox.ca] has joined #openvpn
17:58 < LogicB> hi all, for some strange reason i can't my new openvpn server to push data faster than 500kB/sec(operating in UDP...TCP is ever slower..), just curious if anyone as ever seen this? the server is on 45mbit connection and client is on 20mbit... any ideas what i'm missing?
18:02 < LogicB> it's strange how it maxes out at a clean 500kB/sec, is there a throttle built into the free version of openvpn perhaps?
18:05 < Thermi> LogicB: No, your ISP is probably a d**k.
18:06 < Thermi> Or you have some traffic shaping in place, like most ISPS do.
18:08 < LogicB> i have a vpn running across the world(using openvpn) that can download at 4MB/sec, though... and the one I setup seems throttled at 500kB/sec, just doesn't make sense
18:08 < LogicB> must be something with my configuration
18:08 < LogicB> but no matter what i change or toggle, no luck
18:09 < LogicB> but im certain my isp isn't identifying or shaping the traffic
18:09 < LogicB> they're not asses like that but the old isp was heh
18:10 < LogicB> any tips at all for some things i could try/toggle? ive tried a lot already but open to any suggestions, i really like openvpn and i hope i can stick with it
18:19 < Thermi> Maybe use port 443, so it looks like https.
18:28 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
18:29 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
18:29 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:31 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
18:32 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 256 seconds]
19:00 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 244 seconds]
19:02 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
19:33 -!- zalami_ is now known as zalami
19:37 -!- cheesenbiscuits [~cheesenbi@110.159.10.170] has joined #openvpn
19:47 -!- prelude2004c [~Prelude20@dsl-67-55-28-3.acanac.net] has joined #openvpn
19:47 < prelude2004c> hi everyone
19:47 < prelude2004c> anyone familiar with pimd ?
19:48 < cheesenbiscuits> no?
19:48 -!- _Cyclone_[away] [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:49 -!- rich0_ is now known as rich0
19:50 < prelude2004c> no?
19:50 < prelude2004c> :)
19:51 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
19:54 < LogicB> arrg, why on earth cant i get windows openvpn server to allow for more than 500kB/sec transfer speeds via UDP? what am i missing?
19:54 < LogicB> this can't be right, both ends have so much more capacity available
19:54 < cheesenbiscuits> errr...
19:55 -!- kennyboy [~ken@54.79.14.174] has left #openvpn ["Leaving"]
19:55 < cheesenbiscuits> is it any better with tcp?
19:55 < LogicB> worse
19:55 < LogicB> 120-135kB/sec
19:55 < cheesenbiscuits> :/
19:55 < LogicB> what would cause this? its definitely not the isp shaping traffic, i know that
19:55 < cheesenbiscuits> cpu bottleneck?
19:55 < LogicB> im hosting it on an i7 hexacore :(
19:55 < cheesenbiscuits> :/
19:56 < LogicB> what else, what else
19:56 < cheesenbiscuits> err...
19:56 < LogicB> i just cant think of anything else hmm
19:56 < cheesenbiscuits> tried changing crypto?
19:56 < cheesenbiscuits> AES -> 3DES?
19:56 < LogicB> yeah i've tried that
19:56 < LogicB> no change at all
19:56 < cheesenbiscuits> wow...
19:57 < cheesenbiscuits> everything else works ya?
19:57 < LogicB> yeah
19:57 < cheesenbiscuits> nothing in the logs showing any errors?
19:57 < LogicB> nothing
19:57 < LogicB> and ive shifted the server to another pc, tried other ports, etc
19:57 < cheesenbiscuits> are both ends i7's?
19:58 < LogicB> the other end isnt, still moderately high powered, but not i7
19:58 < LogicB> would cpu have a big impact on kB/s over the vpn connection?
19:58 < cheesenbiscuits> ok... but it's not a little router your running open-wrt or dd-wrt on?
19:59 < cheesenbiscuits> it does when you're talking old routers like wrt54g's...
19:59 < cheesenbiscuits> with 200mhz cpu's.
19:59 < LogicB> i am running dd-wrt but its a half decent router as well, and its not hosting openvpn, simply forwarding a port to the openvpn server
19:59 < cheesenbiscuits> should be fine then... and a speed test confirms this?
20:00 < LogicB> yeah, and without vpn both ends are much faster (45 and 20mbps)
20:01 < cheesenbiscuits> ok.. so it's fair to say it's definatly the vpn causing the issue, not the associated hardware or internet connection.
20:01 < LogicB> i would say so
20:02 < cheesenbiscuits> "In practice speeds will top off at about 90 Mbps on Windows " - OpenVPN server.
20:02 < LogicB> i wish :(
20:03 < cheesenbiscuits> try this: http://winaero.com/blog/speed-up-openvpn-and-get-faster-speed-over-its-channel/
20:03 <@vpnHelper> Title: Speed up OpenVPN and get faster speed over its channel (at winaero.com)
20:03 < cheesenbiscuits> changing the buffer size...
20:04 < LogicB> thanks, trying now
20:04 < cheesenbiscuits> no worries...
20:09 < LogicB> no change, but this is good that we chatted, it helped me cross a few more things off my list
20:09 < LogicB> im going to setup a remote connection from my neighbors house and try from a different path onto the net (another isp)
20:10 < LogicB> appreciate it cheesenbiscuits
20:10 < LogicB> take care
20:10 < cheesenbiscuits> no worries mate... you too.
20:25 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
20:34 < prelude2004c> hey guys.. quick question.. so i am trying to push multicast through pimd which i have linked successfully..figured you can't run pim unles sits an interface that is local to each machine so i put openvpn running on the sytsem and it is connected and pinging on both sides.. the pimd , i see the group and mirror..
20:34 < prelude2004c> the multicast address it here..
20:34 < prelude2004c> when i run ffmpeg-i muciast .. i see the request on both servers light up
20:34 < prelude2004c> but i never get the data
20:34 < prelude2004c> rp_filter is off
20:34 < prelude2004c> ip forward is on
20:34 < prelude2004c> what am i missing here?
20:35 < prelude2004c> oh and the mulistcast route is being sent correctly via the interface
20:35 < prelude2004c> route 239.255.10.10 dev tap0
20:35 < prelude2004c> that is all going good
20:35 < prelude2004c> i dont get it.. been stuck for 2 hours
20:36 < prelude2004c> any ideas?
20:53 -!- phantomcircuit [~phantomci@smartcontracts.us] has quit [Ping timeout: 264 seconds]
20:57 -!- chantra [~chantra@unaffiliated/chantra] has quit [Ping timeout: 264 seconds]
20:57 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has quit [Ping timeout: 264 seconds]
20:57 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Ping timeout: 264 seconds]
20:57 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has quit [Ping timeout: 264 seconds]
--- Log closed Sat Apr 25 20:57:31 2015
--- Log opened Tue Apr 28 07:40:44 2015
07:40 -!- ecrist_ [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
07:40 -!- Irssi: #openvpn: Total of 216 nicks [10 ops, 0 halfops, 4 voices, 202 normal]
07:40 -!- Irssi: Join to #openvpn was synced in 0 secs
07:40 -!- mode/#openvpn [+o ecrist_] by ChanServ
07:41 -!- You're now known as ecrist
07:41 <@dazo> dimitryk: overlapping IP ranges will be a harder nut to crack ... but have a look at the --client-nat option in openvpn
07:41 < dimitryk> yeah i already found that one
07:42 < dimitryk> we have tons of ip space we can use for ourselves
07:42 <@dazo> you need also the stuff from !clientlan as well, though ... --client-nat is just trying to circumvent IP range issues
07:42 < dimitryk> so i was thinking of doing some full-cone nat
07:42 < dimitryk> but as i was quite overwhelmed by all the options, i thought it would be better to ask around :)
07:43 <@dazo> avoid NAT as much as possible ... narrow it down to only the areas where needed ... NAT is generally a bad idea, especially with VPNs
07:43 < dimitryk> i know
07:43 < dimitryk> i hate NAT
07:43 <@dazo> good, then we're on the same page :)
07:43 <@dazo> I think "ignoring" NAT and using the --client-nat feature will be a slicker and less intrusive workaround
07:43 < dimitryk> i even wake up at night fully bathed in sweat after a NAT nightmare
07:43 <@dazo> lol
07:45 < dimitryk> so combine this client-nat dnat 10.8.3.0 255.255.255.0 192.168.1.0 255.255.255.0
07:46 < dimitryk> with: client-nat snat
07:46 < dimitryk> should result in a full cone
07:47 <@dazo> I have only limited experience with client-nat, so you'll have to try and see what happens ... and see what happens with the addresses in the packets using tcpdump on both sides
07:47 <@dazo> (well, --verb 6 might help understand that better as well)
07:49 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:49 < dimitryk> I guess i´ll go and play around some more
07:49 < dimitryk> will let you know what kind of monster i have created
07:50 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
07:56 < kubanc> wehere can I find openvpn logs?
07:57 <@dazo> !logs
07:57 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
07:57 <@dazo> duh
07:57 -!- sysanthrope [~sysanthro@104.39.127.197] has joined #openvpn
07:57 <@dazo> !logfile
07:57 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
07:58 <@dazo> kubanc: ^^
08:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
08:03 -!- BtbN [btbn@btbn.de] has quit [Ping timeout: 276 seconds]
08:04 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
08:06 -!- BtbN [btbn@btbn.de] has joined #openvpn
08:07 -!- cylon512 [~cylon@2.92.148.155] has joined #openvpn
08:12 -!- RealKillaz [~RealKilla@sub-736ip3.rev.onenet.an] has joined #openvpn
08:29 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Read error: Connection reset by peer]
08:31 < borgfish> Q: i have the following setup: internet server, with br0, virbr0 with private ip space for mapping a kvm vm to "its public ip" i would like to add a vpn service there , no new public IP's but internet access using the given public ip and NAT, is there a readme somewhere ? thank you
08:33 < borgfish> i really dont want to interrupt the iptables or br config, maybe just add another private ip /net and use this for the vpn, the important part may be the iptables(?) nat rules ?
08:34 < RealKillaz> Question: I have a VPN that seems to have a problem with connection after a while. Looking at the logs I see this message which might indicate that there is something wrong: TLS: tls_process: killed expiring key
08:35 < RealKillaz> So the OpenVPN server is indicating that the client is unable to connect, because it just killed the expiring ey.
08:35 < RealKillaz> key*
08:35 < RealKillaz> How can I prevent this from happening?
08:37 < borgfish> http://openvpn.net/archive/openvpn-users/2007-07/msg00104.html
08:37 <@vpnHelper> Title: Re: [Openvpn-users] TLS: tls_process, killed expiring key - What does this mean? (at openvpn.net)
08:38 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
08:38 < borgfish> any 60 minutes ? you could prolong this time maybe
08:39 < dimitryk> borgfish, i have done such a thing
08:39 < dimitryk> iptables is the way to go
08:40 < borgfish> well i am no pro, would love to have a howto to compare, but research only shows other setups, maybe you got a link ?
08:40 < dimitryk> i´ll look something up
08:40 < dimitryk> one moment
08:40 < borgfish> that would be a great service ;) i dont want to disrupt my in place mappings, would be a hassle to put them together again
08:40 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:41 < borgfish> and i wont mention that this system also has 2 more bridges from vmware server drivers lol
08:42 < RealKillaz> borgfish, yes any 60 minutes
08:42 < borgfish> did you read the link ? i guess you can change that to like 12 hours ? given you are not that paranoid and suspect the nsa is cacking you
08:43 < RealKillaz> after restarting the client it works again
08:43 < borgfish> OpenVPN will renegotiate the static key every 60 minutes, although you can change the frequency by using the 3 --reneg-* options
08:43 < RealKillaz> borgfish, ok, I understand, but why is this preventing me to connect. This is a site-to-site VPN which should stay up 24/7
08:45 < RealKillaz> borgfish, if I understand the key stays valid for 60 minutes + 60 minutes after the key invalidates
08:45 -!- sysanthrope [~sysanthro@104.39.127.197] has quit [Ping timeout: 250 seconds]
08:45 < RealKillaz> so after 2 hours the client connection is invalidated and won't send any more data
08:45 < borgfish> ok sorry i am a noob , so you better dont listen to me, but the link indicates renegotiation may not be possible because the spawned openvpn server child process cannot read the client key's secret again
08:45 < borgfish> because of unprivileged account
08:46 < RealKillaz> but like I said this is a 24/7 VPN connection (site-to-site), which should stay up
08:46 < RealKillaz> what is the best practice in this case
08:46 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 256 seconds]
08:47 < borgfish> i would look which uid/gid the process on the server is running, and if that has access to the clients keys
08:47 < dimitryk> borgfish
08:47 < dimitryk> -A POSTROUTING -s 172.16.0.0/12 -o eth0 -j MASQUERADE
08:47 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:47 < dimitryk> something like that
08:47 < dimitryk> after routing you hide your traffic
08:48 < borgfish> thank you guess i can use this as a start for research
08:48 < dimitryk> replace the subnet for your subnet, and replace the egress interface
08:48 < dimitryk> then you´ll be all set
08:49 < dimitryk> reason why you filter on source is so that it doesn´t interfere with your current stuff
08:53 < dimitryk> and this will also help: https://wiki.debian.org/iptables
08:53 <@vpnHelper> Title: iptables - Debian Wiki (at wiki.debian.org)
08:58 -!- cylon512 [~cylon@2.92.148.155] has quit [Ping timeout: 248 seconds]
09:10 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
09:17 -!- Ruson [~MPHacker@213.57.66.12] has joined #openvpn
09:17 -!- kubanc [~kubanc@unaffiliated/kubanc] has quit [Quit: Leaving]
09:19 -!- dimitryk [~310194499@ineo-y1b.hightechcampus.nl] has quit [Ping timeout: 250 seconds]
09:22 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
09:22 < Ruson> I have a problem. A client of mine having an issue with OpenVPN connections (They use it for RDP). They complained that the connection via the VPN is extremely slow sometimes.
09:22 < Ruson> I narrowed down the problem to this: when I ping my VPN Client's IP from within the VPN with a large packet, let's say, 1800 bytes, the connection freezes for this period of time while its pinging.
09:22 < Ruson> Any idea on how to fix it?
09:28 <+esde> !welcome
09:28 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
09:28 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:28 <+esde> !logs
09:28 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
09:28 <+esde> !configs
09:28 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
09:32 -!- RealKillaz [~RealKilla@sub-736ip3.rev.onenet.an] has quit [Ping timeout: 240 seconds]
09:34 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
09:37 -!- Subo1977 [~quassel@unaffiliated/subo1978] has joined #openvpn
09:41 -!- Subo1977_ [~quassel@unaffiliated/subo1978] has quit [Ping timeout: 245 seconds]
09:46 -!- Ruson [~MPHacker@213.57.66.12] has quit [Quit: ircN 8.00 for mIRC (20100904) - www.ircN.org]
10:00 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 244 seconds]
10:08 -!- RealKillaz [~RealKilla@sub-736ip3.rev.onenet.an] has joined #openvpn
10:08 -!- esde [~esde@openvpn/user/esde] has quit [Quit: .]
10:09 < RealKillaz> Question: Is it a good idea to disable the renegotiate time setting reneg-sec for a site-to-site connection
10:09 < RealKillaz> where the client is a router connecting to another site
10:10 < RealKillaz> Because now after a certain time the server is expiring the key and the connection is killed
10:10 < RealKillaz> What is the best practice for this?
10:14 <@dazo> RealKillaz: the idea with reneg-* options is that the encryption key on the tunnel changes.  This gives the benefit of a tunnel which is far harder to bruteforce.  If that is a good idea, depends on how sensitive you consider the VPN tunnel data to be
10:15 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:15 <@dazo> RealKillaz: it is not a normal behavior that the connection dies on reneg-* situations.  But without !logs and !configs, it's hard to tell why that happens
10:19 < RealKillaz> dazo, I understand that, let me send you the logs.
10:19 < RealKillaz> !paste
10:19 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
10:19 < RealKillaz> !configs
10:19 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:21 < RealKillaz> !logs
10:21 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:23 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
10:23 -!- mode/#openvpn [+v esde] by ChanServ
10:28 < RealKillaz> find the configuration and logs here: https://gist.github.com/anonymous/2febe338724a2598bdda
10:28 <@vpnHelper> Title: LOGS killed expering key (at gist.github.com)
10:28 < RealKillaz> dazo, hopefully that can help you
10:29 < RealKillaz> dazo, help you help me :-)
10:29 < RealKillaz> dazo, my verb was on 4 for the server logs
10:29 < RealKillaz> I mean on 3
10:30 < RealKillaz> !logfile
10:30 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
10:30 < RealKillaz> the only issue I see is the expiry message of the key
10:31 <@dazo> RealKillaz: as far as I can tell, the dunnel doesn't die here ... it reconnects as expected
10:32 <@dazo> having that said, nothing in the configs explains to me why this happens this often ... by default --reneg-sec is 3600 (one hour)
10:33 <@dazo> you also use --client-config-dir, and we're missing the contents of the corresponding ccd file as well
10:33 < RealKillaz> dazo, that's true one moment
10:33 <@dazo> TLS: soft reset sec=0 bytes=36855/0 pkts=702/0   <<< this happens twice .... so there is something odd happening here.
10:34 <@dazo> reneg-bytes and reneg-pkts are disabled by default
10:34 < RealKillaz> I will post the client-confdir ccd for this client
10:35 <@dazo> and we do need --verb 4 from both client and server (as separate logs, not mixed please) from the moment openvpn starts
10:35 <@dazo> (unless the ccd config reveals what happens)
10:35 < RealKillaz> dazo, I'm only showing the logs of the server
10:35 < RealKillaz> in the ccd I only have the iroute
10:35 <@dazo> ovpn-yyyyyy-client .... what's that?
10:36 < RealKillaz> dazo, Ahh the server is also a client .... it is a site-to-site
10:36 <@dazo> then I insist on seeing --verb 4 from a fresh restart of both client and server ... complete logs, not mangled
10:36 <@dazo> ehm ... what!?
10:36 < RealKillaz> dazo, ok will do that
10:36 <@dazo> site-to-site ... to the same site?
10:37 < RealKillaz> yes so site A connects to B a B connects to A...
10:37 <@dazo> that's not needed
10:37 <@dazo> a tunnel is bi-directional
10:39 < RealKillaz> dazo, thought the site-to-site is needed for them both sites machines in each subnetmask to see each other
10:39 <@dazo> routing takes care of that
10:40 <@dazo> !clientlan
10:40 < RealKillaz> dazo, Ok let me first fix that
10:40 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
10:40 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
10:43 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 256 seconds]
10:43 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Ping timeout: 256 seconds]
10:43 -!- GNU\colossus [colo@truschnigg.info] has quit [Ping timeout: 256 seconds]
10:44 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 256 seconds]
10:44 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
10:44 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
10:46 < RealKillaz> dazo, hmm.. strange I read that for tis setup a site-to-site is needed
10:46 < RealKillaz> Let me try and do that
10:46 < RealKillaz> with only one site running a openvpn server
10:46 -!- Papey [~Papey@ks3364303.kimsufi.com] has joined #openvpn
10:49 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
10:49 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
10:51 -!- dimitryk [~310194499@neo-y112.ehv.campus.philips.com] has joined #openvpn
10:53 < RealKillaz> dazo, this is the problem that I see. The routing 10.2.0.0 (subnet of client) is not being routed trough the gateway of the tunnel on the server side
10:53 <@dazo> !serverlan
10:53 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
10:54 <@dazo> you might also find the "Using routing" information helpful ... https://community.openvpn.net/openvpn/wiki/BridgingAndRouting#Usingrouting
10:54 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
10:55 < RealKillaz> dazo, I've read those information, but the openvpn server is not routing the server trough its tunnel. and I've configured the route 10.2.0.0 255.255.0.0
10:55 < RealKillaz> like I pasted on gist
10:55 < RealKillaz> on the server.con
10:55 < RealKillaz> server.conf*
10:56 < dimitryk> do you also push the route to the client?
10:56 <@dazo> 'route 10.2.0.0 255.255.255.0' adds a route on the server ... if 10.2.0.0/24 is the lan behind the openvpn client, then that is correct
10:56 <@dazo> but you will also need to *push* a route to the client, with the server side LAN
10:57 < RealKillaz> push "route 192.168.0.0 255.255.0.0"
10:57 < RealKillaz> dazo, I'm doing that
10:57 <@dazo> is the client the default gateway on the client lan?
10:57 < dimitryk> maybe async routing?
10:58 < RealKillaz> on my server side the route is not showing me that 10.2.0.0 is being routed trough the 10.8.0.1 tun0
10:59 < RealKillaz> from the client is I can ping the server side
10:59 < RealKillaz> from the server side I can not
10:59 < RealKillaz> the client side
10:59 -!- Malsasa [~Malsasa@36.71.144.96] has joined #openvpn
10:59 <@dazo> RealKillaz: look at 'ip route show' on your server box when openvpn is running
11:00 <@dazo> openvpn should only add  that route to the OS routing table when starting (and removing it when stopping)
11:01 < RealKillaz> dazo, yup that should be happening if I add the route 10.2.0.0 255.255.0.0, right?
11:01 < RealKillaz> daze, route is not showing me this
11:01 < RealKillaz> dazo*
11:01 <@dazo> openvpn is started as root?
11:01 < RealKillaz> I only see 10.8.0.0 being routed trough the tun0
11:02 < RealKillaz> as nobody*
11:02 <@dazo> no, do you *start* openvpn as root?
11:02 <@dazo> if you do not do that ... openvpn is not allowed to modify the routing table (only root can do that)
11:02 < RealKillaz> yes from the init.d script
11:02 < RealKillaz> using sudo
11:03 <@dazo> okay, then it should have started with proper privileges
11:03 <@dazo> then I need to repeat the need for --verb 4 logs from openvpn starts
11:03 <@dazo> (the complete stuff, not mangled in any ways)
11:03 < RealKillaz> daze, it is modifying the route table since it is adding the 10.8.0.0 route
11:04 < RealKillaz> daze, I've stopped the site-to-site so I will send you the logs in verb 4
11:04 <@dazo> well, not really ... that route is on Linux added by default when you configure a new IP address on a device
11:07 -!- GNU\colossus [colo@truschnigg.info] has joined #openvpn
11:08 -!- novaflash_away is now known as novaflash
11:08 <@dazo> # ip route show | grep 10.8.0
11:08 <@dazo> # ip addr add 10.8.0.0/24 dev dummy0
11:08 <@dazo> # ip link dev dummy0 up
11:08 <@dazo> # ip link set dev dummy0 up
11:08 <@dazo> # ip route show | grep 10.8.0
11:08 <@dazo> 10.8.0.0/24 dev dummy0  proto kernel  scope link  src 10.8.0.0
11:08 < RealKillaz> dazo, working on the logs
11:11 < RealKillaz> https://gist.github.com/anonymous/a51f5088b31413bcfe51
11:11 <@vpnHelper> Title: server logs (at gist.github.com)
11:11 < RealKillaz> I see some error saying that there is no route
11:12 < RealKillaz> failed to parse/resolve route for host/network: 10.2.0.0
11:12 -!- Latrina [~Latrina@adsl-ull-96-184.50-151.net24.it] has quit [Ping timeout: 245 seconds]
11:13 -!- Latrina [~Latrina@adsl-ull-246-189.50-151.net24.it] has joined #openvpn
11:17 -!- gladiatr [~gladiatr@openvpn/community/support/gladiatr] has joined #openvpn
11:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:22 -!- ponyofdeath [~vladi@cpe-76-167-204-192.san.res.rr.com] has joined #openvpn
11:25 < ponyofdeath> hi, is it possible to use static key openvpn setup with multiple clients?
11:25 <@plaisthos> no
11:26 <@plaisthos> (you need one server per client in static key mode)
11:26 < ponyofdeath> so i need to set up PKI for multiple clients correct?
11:26 < ponyofdeath> or is there some other method that is less involved to do a simple vpn
11:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:33 -!- crayon [~user@unaffiliated/button] has joined #openvpn
11:33 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:34 < ponyofdeath> plaisthos: thanks for your help!
11:36 <@plaisthos> ponyofdeath: yeah you need a pki
11:37 <@plaisthos> you can use user+pass without client certificates though
11:37 <@plaisthos> but you still need the ca certificate of the server on the client
11:37 <@plaisthos> !userpass
11:37 <@plaisthos> !search user
11:37 <@vpnHelper> supybot.user, supybot.replies.noUser, supybot.plugins.User, supybot.plugins.User.public, supybot.databases.users, supybot.databases.users.filename, supybot.databases.users.timeoutIdentification, and supybot.databases.users.allowUnregistration
11:37 <@plaisthos> err
11:37 <@plaisthos> !user-pass
11:46 -!- Tokman [~Tokman@91.82.240.31.pool.invitel.hu] has joined #openvpn
11:46 -!- dimitryk [~310194499@neo-y112.ehv.campus.philips.com] has quit [Quit: Leaving]
11:48 -!- Malsasa [~Malsasa@36.71.144.96] has quit [Read error: Connection reset by peer]
11:55 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
12:01 -!- Denial [~Denial@81.141.0.147] has joined #openvpn
12:06 < RealKillaz> !log
12:06 <@vpnHelper> Error: You don't have the owner capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
12:10 < RealKillaz> I would appreciate if anyone can help me setup this configuration correctly: https://gist.github.com/anonymous/686c4cdc501fc424b65f
12:10 <@vpnHelper> Title: client.conf (at gist.github.com)
12:10 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has quit [Ping timeout: 265 seconds]
12:11 < RealKillaz> Right now I'm getting the error: Apr 28 13:05:49 gateway ovpn-server[22990]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
12:11 < RealKillaz> Apr 28 13:05:49 gateway ovpn-server[22990]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.2.0.0
12:12 <@ecrist> you should know how this works by now, RealKillaz 
12:12 <@ecrist> !configs
12:12 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:12 -!- roentgen [~roentgen@openvpn/community/support/roentgen] has quit [Quit: leaving]
12:12 <@ecrist> !logs
12:12 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
12:12 < RealKillaz> ecrist, already did that, right?
12:12 < RealKillaz> just passed everything
12:12 < RealKillaz> ecrist, https://gist.github.com/anonymous/686c4cdc501fc424b65f
12:12 <@vpnHelper> Title: client.conf (at gist.github.com)
12:13  * ecrist looks
12:13 < RealKillaz> server.con, client.con and the server.logs
12:13 <@ecrist> it was buried in all your pasted log lines. :P
12:13 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 248 seconds]
12:15 <@ecrist> where is openvpn supposed to route 10.2.0.0 subnet?
12:16 < RealKillaz> 10.2.0.0 I'm just adding this to the configuration so the whole 10.2.0.0 can be routed to one of the client subnet
12:16 <@ecrist> which client?
12:16 < RealKillaz> ecrist, so a client suubnet
12:16 <@ecrist> !iroute
12:16 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
12:16 <@ecrist> !route
12:16 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:16 <@vpnHelper> client
12:16 < RealKillaz> also have the route set for the client
12:16 < RealKillaz> iroute*
12:17 <@ecrist> so, 10.2.0.0/16 exists behind a client, right?
12:17 < RealKillaz> yes
12:17 <@ecrist> iroute is what you need, not route
12:17 <@ecrist> see the links above and you'll be on the right path
12:17 <@ecrist> heh, I'm punny
12:17 < RealKillaz> ecrist, already have this in the ccd of the client. Only forgot to paste it
12:18 < RealKillaz> iroute 10.2.0.0 255.255.0.0
12:18 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
12:18 <@ecrist> ok, then you need to change line 13 to push "route 10.2.0.0 255.255.0.0"
12:18 < RealKillaz> ecrist, where and I pushing this too?
12:19 < RealKillaz> the client already knows the route
12:19 <@ecrist> your other clients?
12:19 <@ecrist> so you only have one client?
12:19 < RealKillaz> yes
12:19 <@ecrist> then you just need the iroute
12:19 < RealKillaz> my server vpn is not routing if I do trace route
12:20 <@ecrist> you need to set sysctl net.inet.ip_forward to yes
12:20 < RealKillaz> ecrist, also have that
12:20 <@ecrist> or net.inet.ip_forwarding
12:20 < RealKillaz> covered
12:20 <@ecrist> and you need a KERNEL route that points to openvpn's IP
12:20 < RealKillaz> ecrist, ok. exactly and how do I do that last part?
12:21 <@ecrist> what OS?
12:21 <@ecrist> linux?
12:21 <@ecrist> route add 10.2.0.0/16 gateway <openvpn_ip>
12:21 <@ecrist> or something similar
12:21 < RealKillaz> add a kernel route to the OS of the openvpn server, that's what I'n trying to to do using the route command
12:21 < RealKillaz> which openvpn_ip?
12:22 < RealKillaz> 10.8.0.1? or 192.168.1.65 the lan ip?
12:23 < RealKillaz> in all the examples I see the route is beng used to do this for me using the openvpn configuration
12:25 <@ecrist> I see the problem.  give me a minute
12:26 -!- Malsasa [~Malsasa@125.164.129.4] has joined #openvpn
12:27 < RealKillaz> ecrist, OK, I'm very eager to see what find out what the problem is.
12:28 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has joined #openvpn
12:35 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has joined #openvpn
12:36 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 240 seconds]
12:36 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 256 seconds]
12:36 < RealKillaz> ecrist, what is the issue you found?
12:37 < RealKillaz> ecrist, or the problem
12:37 -!- Embalmed [~embalmed@unaffiliated/embalmed] has joined #openvpn
12:37 -!- Embalmed [~embalmed@unaffiliated/embalmed] has left #openvpn ["Leaving"]
12:39 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
12:39 <@dazo> ecrist: you need route as well as iroute, esp. if it's on a gateway
12:39 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
12:40 < RealKillaz> dazo, I've added this line: route 10.2.0.0 255.255.0.0 10.8.0.1 0
12:41 < RealKillaz> dazo, because 10.2.0.0 255.255.0.0 can not be route by the openvpn
12:41 < RealKillaz> with only this line: route 10.2.0.0 255.255.0.0
12:41 < RealKillaz> it won't work
12:42 <@dazo> so the VPN is 10.8.0.0/24, your client lan is 10.2.0.0/16 (?)
12:42 <@dazo> and your server lan is?
12:42 < RealKillaz> 192.168.0.0/16
12:42 < RealKillaz> VPN and client lang are OK
12:42 < RealKillaz> like you write above
12:43 <@dazo> so ... can you ping server LAN IPs from the VPN client?
12:43 -!- Malsasa [~Malsasa@125.164.129.4] has quit [Remote host closed the connection]
12:45 <@dazo> if no, can you ping server VPN IP address from the VPN client?
12:47 < RealKillaz> dazo, yes after adjusting the route it is working
12:47 <@dazo> good ... can the VPN server ping IP addresses on the client LAN?
12:47 < RealKillaz> I can ping from both side
12:47 <@dazo> and you ping IP addresses *behind* the server and client?
12:48 < RealKillaz> from behind the server I can .... let me check behind client
12:49 < RealKillaz> also
12:49 <@dazo> good!
12:49 < RealKillaz> so this works now
12:49 <@dazo> Now, can you from a computer on the client LAN ping a computer on the server LAN?
12:49 < RealKillaz> this was the reason why I thought there was a site-to-site needed because the routing was not being added properly by the openvpn server
12:49 <@dazo> (not on the VPN server or client)
12:50 < RealKillaz> yes
12:50 < RealKillaz> I can ping from both behind the server/client vpn
12:50 < RealKillaz> so 10.2.1.5 to 192.168.1.24 works perfect. from both side
12:50 <@dazo> then you should also be able to do the reverse ... ping a computer on the client LAN from a computer on the server LAN
12:51 < RealKillaz> yup
12:51 <@dazo> then you do have a fully functionally routing configured ... the rest is firewalling
12:51 < RealKillaz> hmm why is the route 10.2.0.0 255.25.0.0 is not working is still a mystery to me tough
12:52 <@dazo> why do you say it is not working?
12:52 < RealKillaz> well if I only do the route 10.2.0.0 255.255.0.0 it won't work
12:52 < RealKillaz> now I have the route 10.2.0.0 255.255.0.0 10.8.0.1 0
12:52 < RealKillaz> that is working
12:53 < RealKillaz> I would have thought that he routing should always goes trough the VPN server
12:53 < RealKillaz> by default
12:53 < RealKillaz> so the 10.8.0.1
12:53 < RealKillaz> right?
12:54 -!- rika is now known as furude_rika
12:54 -!- furude_rika is now known as rika
12:55 <@dazo> ahh, okay ... for some reason, the route-gateway is setup to be 192.168.1.2 ... I don't know why that happened ... but if you add 'route-gateway 10.8.0.1' in the config, you can remove the extra parameter ... but that doesn't really matter .... I'd leave it as it is
12:56 <@dazo> btw ... which distro do you use? ... please ensure that you're running the absolutely latest openvpn available
12:56 < RealKillaz> Ubuntu 14.04 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
12:57 <@dazo> which package revision is that?
12:57 < RealKillaz> you mean which Ubuntu package revision of openvpn?
12:58 <@dazo> yeah
12:58 <@dazo> Based on the build-date, I think it is safe ... but here's why I'm concerned ... https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
12:58 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has quit [Ping timeout: 250 seconds]
12:58 <@vpnHelper> Title: SecurityAnnouncement-97597e732b – OpenVPN Community (at community.openvpn.net)
12:59 <@dazo> (I know the Debian packager did backport a fix to an older openvpn release, so it is safe ... but I don't know where Ubuntu picks there packages from)
12:59 < RealKillaz> Version: 2.3.2-7ubuntu3.1
13:00 <@dazo> https://launchpad.net/ubuntu/+source/openvpn/2.3.2-7ubuntu3.1 ... okay, that's secure for the most critical issues
13:00 <@vpnHelper> Title: 2.3.2-7ubuntu3.1 : openvpn package : Ubuntu (at launchpad.net)
13:00 < RealKillaz> yup...
13:00 < RealKillaz> Strange tough... I was stuck with the gateway for longer than a week. I should have put verb 4 since day 1
13:01 <@dazo> other than that ... I do encourage you to make use of --tls-auth ... and also UDP if that works for you
13:01 < RealKillaz> ok let check those. I was uder
13:01 <@dazo> when combining tls-auth with UDP ... the openvpn port will not be discovered by port scans
13:01 < RealKillaz> I was under the impression that TCP will be better since we are for certain that the package will arrive
13:02 <@dazo> !tcp
13:02 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
13:02 < RealKillaz> OK
13:02 <@dazo> for VPNs, TCP is the worst you can do ... especially if there are some packet loss
13:03 < RealKillaz> exactly
13:04 < RealKillaz> So which one to chose... that's why I have TCP
13:04 < RealKillaz> but I will try UDP
13:05 <@dazo> You misread me ... TCP is the WORST you can use for VPN connections, especially if you have packet loss.  Because then you will have two levels doing package-resending, and the remote side will most likely spew out duplicated packets
13:06 <@dazo> while with UDP ... the packets are lost (the nature of UDP), but the TCP connection inside the VPN, will do the packet resending as expected anyway
13:10 -!- Malsasa [~Malsasa@125.164.129.4] has joined #openvpn
13:25 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has joined #openvpn
13:28 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:40 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
13:41 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 37.0.2/20150415140819]]
13:42 -!- cstk421 [~cstk421@24.114.59.38] has joined #openvpn
13:59 < RealKillaz> dazo, btw thans for your help
13:59 < RealKillaz> thanks*
14:00 <@dazo> you're welcome!
14:10 < RealKillaz> dazo, hopefully this will also fix the issue that I first thought that was due to the TLS expiration
14:25 -!- cstk421 [~cstk421@24.114.59.38] has quit [Remote host closed the connection]
14:26 -!- cstk421 [~cstk421@24.114.59.38] has joined #openvpn
14:31 -!- Kev- [~Kev@2a03:f80:354:ffff:ffff:ffff:71b2:bd17] has left #openvpn []
14:36 < Tokman> Hi! Is there a way to route 1935 UDP traffic through the default internet connection and everything else through the vpn adapter(tap/tun) in Windows8?
14:37 <@dazo> !routebyapp
14:37 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on defined
14:37 <@vpnHelper> policies you set. For Linux, read about !lartc
14:42 < Tokman> !sockd
14:42 <@vpnHelper> "sockd" is if you want !routebyapp you can use this dante config www.ircpimps.org/sockd.conf but BE SURE TO ONLY RUN THIS ON THE INTERNAL VPN IP! otherwise you will be an open proxy. that config has no security because its expected to run inside openvpn
14:42 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 256 seconds]
14:44 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:46 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
14:49 -!- dazo is now known as dazo_afk
14:53 -!- cstk421 [~cstk421@24.114.59.38] has quit [Remote host closed the connection]
15:02 -!- Malsasa [~Malsasa@125.164.129.4] has quit [Ping timeout: 245 seconds]
15:04 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
15:11 -!- RealKillaz [~RealKilla@sub-736ip3.rev.onenet.an] has quit [Ping timeout: 256 seconds]
15:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
15:33 -!- cstk421 [~cstk421@24.114.79.249] has joined #openvpn
15:45 -!- cstk421 [~cstk421@24.114.79.249] has quit [Remote host closed the connection]
15:49 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Ping timeout: 619 seconds]
15:50 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 244 seconds]
15:58 -!- cstk421 [~cstk421@24.114.79.249] has joined #openvpn
16:00 -!- cstk421 [~cstk421@24.114.79.249] has quit [Remote host closed the connection]
16:02 -!- cstk421 [~cstk421@24.114.79.249] has joined #openvpn
16:04 -!- GNU\colossus [colo@truschnigg.info] has quit [Remote host closed the connection]
16:05 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
16:08 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
16:08 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
16:08 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Remote host closed the connection]
16:09 -!- cstk421 [~cstk421@24.114.79.249] has quit [Ping timeout: 264 seconds]
16:10 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has quit [Quit: michaelhart]
16:12 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
16:14 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 255 seconds]
16:39 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
16:41 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Remote host closed the connection]
16:41 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
16:46 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
16:47 -!- cstk421 [~cstk421@24.114.72.187] has joined #openvpn
16:50 -!- warehouse13 is now known as Left_Turn
16:56 -!- cstk421 [~cstk421@24.114.72.187] has quit []
17:02 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:7c64:d202:e2cf:6ec5] has joined #openvpn
17:05 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:09 -!- Latrina [~Latrina@adsl-ull-246-189.50-151.net24.it] has quit [Ping timeout: 252 seconds]
17:10 -!- Latrina [~Latrina@ppp-10-35.26-151.libero.it] has joined #openvpn
17:12 -!- dansanger [~vpnuser@190.72.186.103] has quit [Ping timeout: 244 seconds]
17:21 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
17:27 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:39 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:7c64:d202:e2cf:6ec5] has quit [Remote host closed the connection]
17:40 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
17:42 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
18:06 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:19 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 272 seconds]
18:21 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:26 -!- Malsasa [~Malsasa@125.164.129.4] has joined #openvpn
18:33 -!- cm_ [cm@datura.ielf.org] has joined #openvpn
18:47 -!- lbft is now known as jigglypuff
19:04 -!- jigglypuff is now known as lbft
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:28 -!- crayon [~user@unaffiliated/button] has quit [Ping timeout: 250 seconds]
19:28 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has joined #openvpn
19:41 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:43 -!- zorzevic [~unknown@173.245.217.34] has joined #openvpn
19:44 -!- Malsasa [~Malsasa@125.164.129.4] has quit [Read error: Connection reset by peer]
19:45 < zorzevic> hi guys... I subscribed to IPvanish in order to uban from omegle but seems like this site is still able to locate me (I flushed everything and set the vpn through the ubuntu 14.04 openvn built-in GUI), any idea?
19:46 < zorzevic> when I look for my IP the change is indeed done... the support guy from IPVanish told me it might be a question of NAT-PMP, not sure
20:09 -!- RealKillaz [~RealKilla@205.185.222.71] has joined #openvpn
20:09 < RealKillaz> !configs
20:09 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:09 < RealKillaz> !serverlan
20:09 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
20:11 -!- Malsasa [~Malsasa@125.164.129.4] has joined #openvpn
20:16 -!- Tokman [~Tokman@91.82.240.31.pool.invitel.hu] has quit []
20:21 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
20:22 < zorzevic> the only server.conf I can locate is the /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz
20:22 < zorzevic> sry guys but I'm a noob
20:32 < Thermi> zorzevic: Then only show your client configuration. You only have a server configuration, if you run a server.
20:32 < zorzevic> zorzevic@apollo:~$ locate client.conf
20:32 < zorzevic> /etc/dbus-1/system.d/nm-dhcp-client.conf
20:32 < zorzevic> /etc/dhcp/dhclient.conf
20:32 < zorzevic> /etc/pulse/client.conf
20:32 < zorzevic> /usr/share/doc/libcups2/examples/client.conf
20:32 < zorzevic> /usr/share/doc/openvpn/examples/sample-config-files/client.conf
20:32 < zorzevic> /usr/share/man/de/man5/client.conf.5.gz
20:32 < zorzevic> /usr/share/man/fr/man5/client.conf.5.gz
20:32 < zorzevic> /usr/share/man/ja/man5/dhclient.conf.5.gz
20:32 < zorzevic> /usr/share/man/man5/client.conf.5.gz
20:32 < Thermi> Stop.
20:32 < zorzevic> /usr/share/man/man5/dhclient.conf.5.gz
20:32 < zorzevic> /usr/share/man/man5/pulse-client.conf.5.gz
20:32 < Thermi> Do not paste stuff in here.
20:32 < zorzevic> /var/lib/dpkg/info/isc-dhcp-client.conffiles
20:32 < zorzevic> /var/lib/dpkg/info/openssh-client.conffiles
20:32 < Thermi> Use a pastebin service.
20:32 < zorzevic> /var/lib/dpkg/info/python-ubuntu-sso-client.conffiles
20:33 < zorzevic> sry I didn't think.. waking up
20:33 < Thermi> Get yourself some coffee or similiar.
20:33 < zorzevic> haha I am
20:36 < zorzevic> so anyway do you mean a .ovpn
20:39 < zorzevic> http://pastebin.com/Gjhwcggh
20:39 -!- RealKillaz [~RealKilla@205.185.222.71] has quit [Quit: This computer has gone to sleep]
20:40 < zorzevic> this is one of the servers I'm using
20:40 < Thermi> What does your routing table look like, when you have the tunnel running=
20:40 < Thermi> *?
20:41 -!- Chais [~Chais@unaffiliated/chais] has quit [Read error: Connection reset by peer]
20:42 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
20:42 < zorzevic> http://pastebin.com/b7SERhcK
20:44 -!- ponyofdeath [~vladi@cpe-76-167-204-192.san.res.rr.com] has quit [Ping timeout: 255 seconds]
20:44 < Thermi> Looks okay.
20:44 < Thermi> Do you use a proxy?
20:44 < Thermi> Proxy software?
20:45 < zorzevic> nope... should I?
20:45 < Thermi> No.
20:45 < Thermi> Then omegle has ipvanish banned.
20:45 < Thermi> Or they use cookies.
20:45 < Thermi> Maybe something different. I do not know that.
20:46 < zorzevic> well... I'm pretty sure I flushed all the cookies... also I got this from the customer's service:
20:47 < zorzevic> http://pastebin.com/Js8FcttD
20:50 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
21:11 -!- hive-mind [pranq@mail.bbis.us] has quit [Remote host closed the connection]
21:12 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
21:16 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 264 seconds]
21:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:58 -!- Subo1977_ [~quassel@unaffiliated/subo1978] has joined #openvpn
22:01 -!- Subo1977 [~quassel@unaffiliated/subo1978] has quit [Ping timeout: 256 seconds]
22:26 -!- borgfish [~blubber@141.12.67.37] has quit [Read error: Connection reset by peer]
22:29 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Read error: Connection reset by peer]
22:30 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
22:30 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
22:50 -!- fred`` [fred@earthli.ng] has joined #openvpn
22:51 -!- yang_ [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
22:54 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 256 seconds]
23:27 -!- s7eele [~AndChat52@208.167.254.202] has quit [Ping timeout: 256 seconds]
23:28 -!- s7eele [~AndChat52@208.167.254.202] has joined #openvpn
23:45 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
23:50 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
23:50 -!- ShadniX [dagger@p5481D65C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:51 -!- ShadniX [dagger@p5481D6B9.dip0.t-ipconnect.de] has joined #openvpn
23:53 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
23:54 -!- Malsasa [~Malsasa@125.164.129.4] has quit [Killed (verne.freenode.net (Nickname regained by services))]
--- Day changed Wed Apr 29 2015
00:01 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 276 seconds]
00:09 -!- Malsasa [~Malsasa@180.251.88.143] has joined #openvpn
00:18 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
00:18 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
00:19 -!- badon_ is now known as badon
00:20 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
00:24 -!- Malsasa is now known as Guest71156
00:24 -!- Guest71156 [~Malsasa@180.251.88.143] has quit [Killed (weber.freenode.net (Nickname regained by services))]
00:26 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 272 seconds]
00:30 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:30 -!- mode/#openvpn [+o mattock1] by ChanServ
00:53 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
00:53 -!- mode/#openvpn [+o pekster] by ChanServ
00:56 -!- zorzevic [~unknown@173.245.217.34] has quit [Quit: Quitte]
01:08 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:03 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:03 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 264 seconds]
02:04 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
02:07 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
02:14 -!- albercuba [~albercuba@HSI-KBW-46-237-192-160.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
02:17 -!- Malsasa [~Malsasa@125.164.139.148] has joined #openvpn
02:17 < albercuba> Hello everyone. How can I set password requirements for VPN, So when a user wants to change his password through the GUI client, he needs to use capital letters, numbers and or special characters
02:46 < zoredache> I am guessing you must be asking about access server since the community software doesn't have any password change functionality in the client.  See the channel topic.
02:46 < albercuba> you can change your password trough the openvpn gui
02:46 < albercuba> i just did it
02:47 < albercuba> but i do not want the users to use small and easy passwords
02:48 < zoredache> and where did you download the client from?
02:48 < albercuba> i generate my own installer with nsis
02:49 < zoredache> Not sure what you are talking about then.
02:51 < albercuba> http://www.ubuntu-howtodoit.com/?p=47
02:51 < albercuba> there
02:51 <@vpnHelper> Title: Create an installer for your Windows VPN clients | Ubuntu How To Do It (at www.ubuntu-howtodoit.com)
02:53 < zoredache> no, I mean I have no idea what password you are talking about.
02:53 < albercuba> aaa the password for decrypting the key
02:54 < zoredache> eh?  Does the client let you change that?  Not sure how you could enforce anything about changing that.  The users could just fire open openssl and change it directly.
02:55 < albercuba> well i just tested it and i can chan ge that password with the gui while i am connected
02:56 < zoredache> well you aren't really changing anything by changing that.  Nothing is changed server side.
02:56 < zoredache> you are just re-encryping the private key.
02:56 < albercuba> but that info is also stored in the server
02:56 < albercuba> isnt it?
02:57 < zoredache> no, it shouldn't be.  The private keys should be on the client only.
02:57 < zoredache> the public key in a csr gets sent to the ca and signed and a cert is generated at sent to the client.
02:57 < albercuba> ok
02:59 < albercuba> but what i need is to set requirements so the user cannot set 123 as a password
02:59 -!- dimitryk [~310194499@neo-y112.ehv.campus.philips.com] has joined #openvpn
03:00 < zoredache> afaik no such requirement is possible.
03:00 < zoredache> in fact you can have the private key completely unecrypted.
03:01 < albercuba> i know, but my boss wants keys with passwords
03:01 < albercuba> and i have two options 1- i generate random passwords for the users and i do not let them change it or 2- i let them change i with requirements
03:03 < zoredache> Yes, but you are missing the point, or your boss is.  What to stop a user from simply closing the gui client and firing up openssl where there is absolutely nothing you can do to enforce anything.
03:03 < albercuba> that they do not know how to do it
03:04 < zoredache> I think you are looking for the wrong thing.
03:04 < zoredache> It is possible to setup openvpn to require a key/cert + authentication.
03:04 < zoredache> that may be what you really need.
03:04 < albercuba> i did that
03:04 < albercuba> that is working
03:05 < zoredache> so you are requiring them to provide the password for the key, and another password?
03:05 < dimitryk> so you can encrypt the private key
03:05 < dimitryk> and your boss is happy
03:06 < dimitryk> then he has a key with password
03:06 < dimitryk> ^^
03:06 < albercuba> actually i am only setting the PEM password, not the challenge password
03:17 < mrtnt> I would like to configure OpenVPN multi-client server in bridged mode(tap virtual interface). My server-side configuration is following: http://paste.debian.net/169518/ Now when I start the OpenVPN server I receive the "--mode server requires --tls-server" error message and server does not start. Is it mandatory to use TLS with multi-client bridged mode? For example it is possible to set up point-to-point L3(tun interface) VPN's without authentication and 
03:18 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 252 seconds]
03:23 < albercuba> that link returns an error
03:25 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
03:25 < albercuba> mrtnt, but anyway just follow this http://www.ubuntu-howtodoit.com/?p=20 i did it like that and it works
03:25 <@vpnHelper> Title: Install and Configure OpenVPN using a TAP interface | Ubuntu How To Do It (at www.ubuntu-howtodoit.com)
03:38 -!- willeponken [~willeponk@2a03:b0c0:2:d0::1c0:f003] has joined #openvpn
03:40 < willeponken> Hello, is there any good tutorial for routing all my VPN traffic through another one (Client --> VPN1 --> VPN2 --> Internet)? I'm able to ping both the VPN subnets, but unable to reach the Internet
03:42 < dimitryk> did you advertise a default route to the client?
03:43 < dimitryk> push "redirect-gateway def1"
03:43 < willeponken> Yes
03:43 < dimitryk> then also make sure that vpn1 has the same in the routing table
03:44 < dimitryk> then i would suggest a traceroute to see where your traffic flow stops
03:45 < willeponken> It stops directly at the first VPN1 if I ping 8.8.8.8 etc.
03:46 < dimitryk> you could have some quirks with that..
03:47 < willeponken> Do you mean that I should have the "push 'redirect-gateway def1'" on both? Because currently I'm using iptables to point VPN1 to VPN2
03:47 < dimitryk> because if you edit the default route towards vpn2, your client probably also connects through vpn2, and that´s not what you want
03:48 < dimitryk> if i am right you need to do some policy based routing mumbo jumbo in iptables
03:50 < dimitryk> i´d start with policy based routing the openvpn traffic on your normal internet uplink, and route the rest via vpn2, either manual or with redirected gateway
03:52 < willeponken> So routing the traffic to eth0, then have an iptable rule that points the VPN1 subnet traffic to VPN2?
03:52 < dimitryk> multiple ways of doing it
03:53 < dimitryk> let´s say that the default route is VPN1>VPN2
03:53 < willeponken> I don't really need VPN1 to be behind VPN2, but at least all the traffic coming from the client should go through VPN1 -> VPN2...
03:53 < dimitryk> right
03:54 < dimitryk> then you need to mark that traffic
03:54 < dimitryk> http://www.linuxhorizon.ro/iproute2.html
03:54 <@vpnHelper> Title: LiNUX Horizon - Linux Advanced Routing mini HOWTO (at www.linuxhorizon.ro)
03:54 < dimitryk> check this out
03:55 < dimitryk> if you mark on source=vpn1 client subnet
03:55 < willeponken> Aha, so the problem is propably that the origin is unknown?
03:55 < willeponken> Thanks!
03:55 < dimitryk> origin is known
03:55 < dimitryk> but you want traffic from and to the vpn1 to go over the normal internet
03:56 < dimitryk> but the encapsulated traffic to be redirected to vpn2
03:56 < dimitryk> so you need to have 2 ¨default¨ routes with different next-hops
03:57 < dimitryk> also, you probably need to do something with NAT on VPN2
03:58 < dimitryk> but that is the next step, first make sure that the traceroute ends at VPN2
04:00 < willeponken> Okay
04:01 < willeponken> I'll come back when I get some results ;)
04:15 -!- dazo_afk is now known as dazo
04:27 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
04:33 -!- albercuba [~albercuba@HSI-KBW-46-237-192-160.hsi.kabel-badenwuerttemberg.de] has left #openvpn ["Leaving"]
04:35 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:36 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:36 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:40 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:41 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:41 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:08 -!- yang_ [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 245 seconds]
05:15 -!- yang [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
06:08 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
06:09 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
06:10 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:11 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 245 seconds]
06:22 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
06:23 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has quit [Quit: michaelhart]
06:23 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 250 seconds]
06:27 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 252 seconds]
06:29 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
06:29 -!- mode/#openvpn [+o pekster] by ChanServ
07:01 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
07:02 -!- prelude2004c [~Prelude20@dsl-67-55-28-3.acanac.net] has quit [Ping timeout: 252 seconds]
07:03 -!- Tuju [~tuju@214.204.50.195.sta.estpak.ee] has joined #openvpn
07:09 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
07:09 -!- dimitryk [~310194499@neo-y112.ehv.campus.philips.com] has quit [Ping timeout: 248 seconds]
07:13 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has joined #openvpn
07:13 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
07:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:27 < Tuju> how do i disable the 'token-insertion-request' as it fails every time?
07:30 < Tuju> i also get CRK_FUNCTION_FAILED error every time.
07:32 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 255 seconds]
07:34 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:40 -!- yang [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
07:52 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 252 seconds]
07:53 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
07:53 < mrtnt> Am I correct that all that "--daemon" option does is to redirect logging messages to /var/log/messages in case there are no "--log*" options present?
07:54 < Tuju> mrtnt: i think so too, and recently i thought that you could actually put that log option into config too, no need to hack initscripts.
07:55 < Tuju> havent tried that yet but don't see why it wouldn't work.
07:59 -!- ponyofdeath [~vladi@cpe-76-167-204-192.san.res.rr.com] has joined #openvpn
08:01 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has quit [Ping timeout: 245 seconds]
08:04 < mrtnt> Tuju: ok, thanks!
08:17 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:31 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 276 seconds]
08:33 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has joined #openvpn
08:38 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
08:44 < Tuju> my tunnel works again.
08:45 < Tuju> opensc-0.13 sucks.
09:05 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
09:31 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Remote host closed the connection]
09:32 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
09:38 < Tuju> yep, it works, put "log /var/log/openvpn" into config.
10:11 -!- Subo1977 [~quassel@unaffiliated/subo1978] has joined #openvpn
10:13 -!- Subo1977_ [~quassel@unaffiliated/subo1978] has quit [Ping timeout: 245 seconds]
10:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
10:23 -!- funkenstrahlen [~pi@auriga.uberspace.de] has joined #openvpn
10:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:24 -!- mode/#openvpn [+o mattock1] by ChanServ
10:26 < funkenstrahlen> hey, I use this server.conf https://gist.github.com/i42n/ffd8e68f2e43c37c08d2. I also changed net.ipv4.ip_forward=1. Connection to my openvpn server works. However my traffic is not forwarded. I can ping the openvpn server ip after connection to the openvpn. But no traffic to "internet" goes through it. any tips?
10:26 < funkenstrahlen> I currently use viscosity on client side.
10:28 < funkenstrahlen> my viscosity network setup looks like this: http://postimg.org/image/gnbeevi45/
10:28 <@vpnHelper> Title: View image: Screen Shot 2015 04 29 at 17 27 32 (at postimg.org)
10:28 < funkenstrahlen> !welcome
10:28 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
10:28 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:29 < funkenstrahlen> !redirect
10:29 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
10:29 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
10:29 < funkenstrahlen> !def1
10:29 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
10:30 < funkenstrahlen> !ipforward
10:30 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
10:30 < funkenstrahlen> !linipforward
10:30 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
10:32 < funkenstrahlen> !nat
10:32 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
10:32 < funkenstrahlen> !linnat
10:32 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
10:34 < funkenstrahlen> Hm tried all that
10:34 < funkenstrahlen> still does not work
10:35 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
10:35 -!- mode/#openvpn [+v s7r] by ChanServ
10:38 < funkenstrahlen> I already did
10:38 < funkenstrahlen> set push "redirect-gateway def1 bypass-dhcp"
10:38 < funkenstrahlen> set net.ipv4.ip_forward = 1 in sysctl.conf
10:38 < funkenstrahlen> sudo iptables -I FORWARD -i tun+ -j ACCEPT
10:38 < funkenstrahlen> sudo iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
10:38 < funkenstrahlen> server.conf https://gist.github.com/i42n/ffd8e68f2e43c37c08d2
10:38 <@vpnHelper> Title: gist:ffd8e68f2e43c37c08d2 (at gist.github.com)
10:38 < funkenstrahlen> my viscosity network setup looks like this: http://postimg.org/image/gnbeevi45/
10:38 <@vpnHelper> Title: View image: Screen Shot 2015 04 29 at 17 27 32 (at postimg.org)
10:38 < funkenstrahlen> problem: no internet traffic tunneling works
10:39 < funkenstrahlen> I hope someone can help
10:42 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Read error: Connection reset by peer]
10:56 < Tuju> funkenstrahlen: have you set up your ip routing tables properly?
10:56 < Tuju> if you miss even one route somewhere, it wont work.
10:57 < funkenstrahlen> Tuju: how can I check?
10:57 < Tuju> ip route
10:57 < Tuju> ip route add <destination> via <gateway>
10:57 < funkenstrahlen> it says
10:57 < funkenstrahlen> 10.8.0.2 dev tun0  proto kernel  scope link  src 10.8.0.1
10:57 < funkenstrahlen> 10.8.0.0/24 via 10.8.0.2 dev tun0
10:57 < funkenstrahlen> default dev venet0  scope link
10:58 < Tuju> so you're not using your tunnel as default. it's okay as long as it's intetionally.
10:58 < Tuju> do you control the server side?
10:58 < Tuju> is that correctly set up?
10:58 < funkenstrahlen> I want: When a client connects to the openvpn, I want to tunnel all traffic to the internet
10:59 < Tuju> there you go, your default is not set.
10:59 < funkenstrahlen> this is the output of 'ip route' on the server
10:59 < funkenstrahlen> I control the server
10:59 < funkenstrahlen> I have done this on the server
10:59 < funkenstrahlen> sudo iptables -I FORWARD -i tun+ -j ACCEPT
10:59 < funkenstrahlen> sudo iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
10:59 < funkenstrahlen> shouldn't this setup the routes?
10:59 < funkenstrahlen> I am new to this
10:59 < Tuju> forget those iptables first.
11:00 < funkenstrahlen> ok.
11:00 < Tuju> if nothing works, say: iptables -F
11:00 < funkenstrahlen> so how do I setup the route on the server?
11:00 < Tuju> that disables all your firewalls.
11:00 < Tuju> wait a second
11:01 < Tuju> see https://openvpn.net/index.php/open-source/documentation/howto.html#redirect
11:01 <@vpnHelper> Title: HOWTO (at openvpn.net)
11:01 < funkenstrahlen> Tuju: I already have done all that.
11:01 < funkenstrahlen> see above
11:02 < Tuju> apparently it's not working if your default is not pointed to tun0
11:02 < Tuju> it should say 'default dev tun0'  in my opinion.
11:03 < Tuju> but you can try it manually.
11:03 < Tuju> ip route del default via <venet0 ip address>
11:03 < Tuju> ip route add default via 10.8.0.2
11:04 -!- Eric-K [~eric@188.226.225.197] has left #openvpn ["Bye!"]
11:04 < funkenstrahlen> So this setting 'push "redirect-gateway def1"' does not work correct?
11:05 < Tuju> apparently so.
11:05 < funkenstrahlen> but this is pretty default?
11:05 < Tuju> note that i have never used that myself, as i don't do that.
11:05 < Tuju> do you have 'def1' there?
11:05 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
11:06 < Tuju> as for my nose it smells.
11:06 < funkenstrahlen> server.conf https://gist.github.com/i42n/ffd8e68f2e43c37c08d2
11:06 <@vpnHelper> Title: gist:ffd8e68f2e43c37c08d2 (at gist.github.com)
11:06 < funkenstrahlen> I use basically the template. Only uncommented some lines
11:07 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn []
11:07 < Tuju> hmm....maybe it is supposed to be def1, it's not an interface name but a command of some sort.
11:07 < Tuju> are you using wifi?
11:07 < funkenstrahlen> Use this  flag  to  override  the  default  gateway  by  using  0.0.0.0/1  and
11:07 < funkenstrahlen>               128.0.0.0/1  rather than 0.0.0.0/0.  This has the benefit of overriding but not wiping
11:07 < funkenstrahlen>               out the original default gateway.
11:07 < funkenstrahlen> Tuju: no wifi
11:08 < Tuju> did you try it manually?
11:08 -!- dyce [~quassel@ns3290920.ip-5-135-184.eu] has joined #openvpn
11:09 < Tuju> it wont fix itself if you don't try different things. those give you more information and your brain can use more known factors to solve it.
11:10 < funkenstrahlen> true.
11:10 < funkenstrahlen> but right now there are a lot of new things to understand
11:10 < funkenstrahlen> I have never worked with iptables, routs and openvpn
11:11 < Tuju> that's why you must keep it simple. stop that firewall, it has nothing to do with basic routing.
11:11 < Tuju> tunnels are virtual network links. networks are ip addresses and routers connected with those links.
11:11 < funkenstrahlen> if I flush the iptables, how can I get it back to default later?
11:12 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
11:12 < Tuju> sure. it depends how those were set up.
11:12 < funkenstrahlen> Tuju: I know the basics. only the commands are new
11:12 < Tuju> if you use iptables, 'service iptables start' will do.
11:12 < funkenstrahlen> so service iptables stop instead of flushing
11:12 < Tuju> i just removed firewalld from my laptop, it's horribly complex and not for me.
11:12 < Tuju> funkenstrahlen: yes, that will do the same.
11:12 < Tuju> iptables -L -vn    will show the status.
11:13 < funkenstrahlen> this is a root server. I do not want to remove the firewall
11:13 < funkenstrahlen> just deactivate for now
11:13 < Tuju> if you run the firewalld, well - i don't want to know how it works. :)
11:13 < Tuju> well, yes, that might be a bad idea if there is others using it too.
11:13 < funkenstrahlen> no just me using it
11:13 < funkenstrahlen> just to learn stuff
11:14 < Tuju> if your firewall is set up properly, you should see it form logs if anything conflicts.
11:14 < Tuju> well then flush it.
11:14 < funkenstrahlen> ok done
11:15 < Tuju> so start tunnels, check routes and use it. that's it :)
11:16 < Tuju> https://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/sec-Disabling_firewalld.html i used that to get rid of firewalld
11:16 <@vpnHelper> Title: 3.8.9. Disabling firewalld (at docs.fedoraproject.org)
11:19 < funkenstrahlen> got it!
11:19 < funkenstrahlen> Tuju: thanks for your time!
11:19 < funkenstrahlen> it actually was the firewall
11:19 < funkenstrahlen> I fixed the rule
11:19 < funkenstrahlen> I did as said in the tutorial
11:19 < funkenstrahlen> sudo iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
11:20 < Tuju> great. And no need to thank me, "it's the channel", people have helped me too here.
11:20 < funkenstrahlen> but I had to use vnet0 instead of eth0
11:20 < Tuju> yep, i dont know why, but those eth interface names keeps turning kinker by every year.
11:21 < funkenstrahlen> I thinks that's because its a vserver
11:21 -!- Malsasa is now known as Guest99529
11:21 -!- Guest99529 [~Malsasa@125.164.139.148] has quit [Killed (hobana.freenode.net (Nickname regained by services))]
11:21 < Tuju> my laptop has long strings too.
11:22 < Tuju> imo you should'nt need NAT anyway if you're using tunnels.
11:22 < Tuju> that's the whole point of having tunnels, having own routing plan - out of the real addresses.
11:22 < funkenstrahlen> !nsat
11:22 < funkenstrahlen> !nat
11:22 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
11:23 < Tuju> NAT breaks applications, hence it sucks. it would need modules that would go deep into payloads and by experience we already know that those won't work.
11:23 < funkenstrahlen> I have to use it for my usecase
11:23 < funkenstrahlen> I just want to tunnel traffic
11:23 < Tuju> well, expect problems then.
11:23 < funkenstrahlen> I can not give my vpn clients "real" addresses
11:23 < Tuju> nobody does.
11:23 < Tuju> i've 10.x series too. but i still don't do nat.
11:24 < Tuju> the point is, that having a tunnel, you can bypass your ISP's routing rules - who don't route your 10.x addresses of course.
11:24 < funkenstrahlen> hm
11:24 < funkenstrahlen> its even in the docs with nat
11:24 < funkenstrahlen> https://openvpn.net/index.php/open-source/documentation/howto.html#redirect
11:24 <@vpnHelper> Title: HOWTO (at openvpn.net)
11:24 < Tuju> of course my horse, but how my cow?
11:25 < Tuju> again you make things more difficult to yourself than you should.
11:26 < Tuju> the whole point of vpn is to get around NAT and firewalls that break applications.
11:26 < Tuju> and you're building vpn using those both. :)
11:26 < Tuju> think about it.
11:31 < funkenstrahlen> I understand
11:32 -!- Ziber [~Liber@2600:3c03:e001:2e00::100] has joined #openvpn
11:32 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
11:33 < Ziber> !paste
11:33 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
11:33 < Ziber> !configs
11:33 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:33 -!- funkenstrahlen [~pi@auriga.uberspace.de] has left #openvpn ["WeeChat 1.1.1"]
11:33 -!- Ziber [~Liber@2600:3c03:e001:2e00::100] has left #openvpn []
11:34 -!- Ziber [~Liber@2600:3c03:e001:2e00::100] has joined #openvpn
11:34 < Ziber> !configs
11:34 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:37 -!- Ziber [~Liber@2600:3c03:e001:2e00::100] has left #openvpn []
11:38 < Tuju> well, of course you will have fw set up around your hosts once you're done. but typically that does not interfere traffic going and coming from tunnel interface.
11:56 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 256 seconds]
12:03 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
12:15 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
12:23 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
12:35 -!- jerng [~sijuendr@faui06a.informatik.uni-erlangen.de] has joined #openvpn
12:39 < jerng> hi all! Question about DNS in openVPN server config: as far as i understood, "push 'dhcp-option DNS x.x.x.x'" advises clients to use the DNS server x.x.x.x. For that case, are DNS queries also routed through the VPN?
12:54 < DArqueBishop> Yes.
12:57 < jerng> DArqueBishop: nice. thanks!
13:08 -!- gladiatr [~gladiatr@openvpn/community/support/gladiatr] has quit [Quit: gladiatr]
13:25 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
13:34 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
14:19 -!- rich0__ is now known as rich0
14:22 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
14:24 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
14:25 -!- bogie [bogie@mail.epow0.org] has joined #openvpn
14:27 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has quit [Quit: michaelhart]
14:30 < cm_> jerng: well, it is only if your DNS server IP is included in the subnet(s) you re pushing to VPN clients
14:34 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has joined #openvpn
14:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
15:00 < Cydrobolt> anyone here with experience on stunnel?
15:00 < jthunder> I have a bit
15:00 < Cydrobolt> I need to use openvpn behind a restrictive firewall on android
15:01 < Cydrobolt> jthunder, I haven't been able to make it work
15:01 < Cydrobolt> I installed SSLDroid on the android device
15:01 < Cydrobolt> and installed stunnel on the server (running fedora 20)
15:01 < jthunder> k
15:01 < Cydrobolt> the openvpn server is listening on port 1195 on server, routed through the stunnel which is listening on port 443
15:01 < Cydrobolt> SSLDroid's tunnel isn't working for some reason
15:02 < Cydrobolt> when openvpn connects to the local stunnel, an error about SSL Handshake exception occurs
15:02 < Cydrobolt> the error message suggests it is due to some kind of protocol error
15:02 < Cydrobolt> maybe i am doing it wrong
15:03 < jthunder> I’m not familiar with SSLdroid
15:04 < Cydrobolt> ah
15:04 < Cydrobolt> it should be an implementation of stunnel on android jthunder
15:19 < jthunder> can you see the stunnel server side of the logs?
15:25 -!- deranged is now known as deranged_r
15:30 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
15:58 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has quit [Quit: michaelhart]
16:07 -!- elfixit1 [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 248 seconds]
16:14 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:22 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
16:24 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
16:24 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
16:55 < Cydrobolt> jthunder, yes
16:55 < Cydrobolt> the client is not even connecting to the server because of the ssl error
16:56 < Cydrobolt> do you think it might be actually connecting but getting an error on connect?
16:56 < Cydrobolt> perhaps
16:56 < Cydrobolt> i can look
16:58 < Cydrobolt> yup, that is the case
16:58 < Cydrobolt> this is the connection error
16:58 < Cydrobolt> https://gist.github.com/Cydrobolt/1966998a7be833bd84ac
16:58 <@vpnHelper> Title: gist:1966998a7be833bd84ac (at gist.github.com)
17:00 < Cydrobolt> actually, https://gist.github.com/Cydrobolt/cbe3f6fca7fa576cb7a3
17:00 <@vpnHelper> Title: gist:cbe3f6fca7fa576cb7a3 (at gist.github.com)
17:18 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has quit [Quit: Tension, apprehension, and dissension have begun.]
17:19 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
17:37 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 256 seconds]
17:59 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
18:08 -!- dazo is now known as dazo_afk
18:09 -!- deranged_r [Bit@lolpurr.net] has quit [Ping timeout: 252 seconds]
18:10 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 272 seconds]
18:10 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 250 seconds]
18:10 -!- _FBi [B@Aircrack-NG/User] has quit [Ping timeout: 252 seconds]
18:10 -!- codebam [codebam@gateway/shell/yourbnc/x-pmfctonrhdwdvejl] has quit [Ping timeout: 244 seconds]
18:11 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 265 seconds]
18:12 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
18:12 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
18:13 -!- _FBi [~B@Aircrack-NG/User] has joined #openvpn
18:16 -!- codebam [~codebam@gateway/shell/yourbnc/x-rxrrrhvflrljdawf] has joined #openvpn
18:16 -!- deranged [Bit@lolpurr.net] has joined #openvpn
18:17 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
18:24 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
18:33 -!- LogicB [~essential@cabbage.whatbox.ca] has quit [Quit: ★]
18:34 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:42 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Remote host closed the connection]
18:42 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has joined #openvpn
18:55 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: bed time]
19:06 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has quit [Quit: michaelhart]
19:25 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 276 seconds]
19:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
19:49 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has joined #openvpn
20:12 < Cydrobolt> hello
20:13 < Cydrobolt> can anyone give me a hand with an openvpn server that's not sending packets back to an stunnel'ed client?
20:50 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Ping timeout: 272 seconds]
21:01 -!- mkaatman [~chatzilla@24-217-143-129.dhcp.stls.mo.charter.com] has joined #openvpn
21:03 < mkaatman> Hey Guys, Struggling with what seems to be the most common openvpn issue documented on the net. I can connect fine but I can't access anything on the other network. I've tried both bridged and routed modes. Is anyone up for coaching me through my mess? I'm using it through the context of a pfsense router. My IP gets assigned but I don't seem to have a gateway assigned.
21:04 < mkaatman> (with windows 7 as the client if it matters.)
21:04 < mkaatman> I'm almost sure it's the firewall.
21:05 < mkaatman> !welcome
21:05 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
21:05 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:05 < mkaatman> !goal
21:05 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
21:06 < mkaatman> My goal is to connect one windows 7 client from home to a pfsense server at work and access shared drives and servers.
21:07 < mkaatman> !configs
21:07 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
21:08 < mkaatman> !howto
21:08 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
21:10 < mkaatman> I'd also be interested in hiring someone if money is a motivator.
21:16 < mkaatman> I need to sleep but I'll be back tomorrow. Goodnight.
21:16 -!- mkaatman [~chatzilla@24-217-143-129.dhcp.stls.mo.charter.com] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 36.0/20150222232811]]
21:25 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
21:27 -!- s7eele [~AndChat52@208.167.254.202] has quit [Ping timeout: 240 seconds]
21:27 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:33 -!- Subo1977_ [~quassel@unaffiliated/subo1978] has joined #openvpn
21:34 -!- Subo1977 [~quassel@unaffiliated/subo1978] has quit [Ping timeout: 265 seconds]
21:38 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has quit [Quit: michaelhart]
21:39 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Ping timeout: 264 seconds]
21:40 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
21:47 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has quit [Remote host closed the connection]
21:48 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has joined #openvpn
22:13 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
22:14 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
22:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
22:20 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Remote host closed the connection]
22:24 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
23:49 -!- ShadniX [dagger@p5481D6B9.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:49 -!- ShadniX_ [dagger@p5481D788.dip0.t-ipconnect.de] has joined #openvpn
23:49 -!- ShadniX_ is now known as ShadniX
23:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
--- Day changed Thu Apr 30 2015
00:18 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
00:21 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
00:55 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Excess Flood]
00:55 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
00:59 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
01:09 -!- Malsasa [~Malsasa@36.73.226.235] has joined #openvpn
01:14 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:34 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 264 seconds]
01:36 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
01:39 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:39 -!- mode/#openvpn [+o mattock1] by ChanServ
01:52 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
01:53 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
01:57 -!- tsing [~tsing@gintama.tsing.org] has quit [Ping timeout: 250 seconds]
02:01 -!- BloqueNegro [~nothing@p54A20532.dip0.t-ipconnect.de] has joined #openvpn
02:07 -!- Malsasa [~Malsasa@36.73.226.235] has quit [Remote host closed the connection]
02:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:10 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 240 seconds]
02:13 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
02:16 -!- BloqueNegro [~nothing@p54A20532.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
02:29 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:40 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
02:55 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
03:05 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
03:06 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
03:07 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 250 seconds]
03:07 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
03:07 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
03:07 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
03:14 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
03:23 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
03:23 -!- mode/#openvpn [+o syzzer] by ChanServ
03:27 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
03:31 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 256 seconds]
03:39 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
03:49 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
03:52 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:21 -!- dazo_afk is now known as dazo
05:33 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Quit: kernel upgrade]
05:36 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
05:36 -!- mode/#openvpn [+o plaisthos] by ChanServ
05:38 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 256 seconds]
05:40 -!- seg [~seg@fsf/member/seg] has joined #openvpn
05:42 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
05:42 -!- mode/#openvpn [+o dazo] by ChanServ
06:20 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has joined #openvpn
06:21 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
06:44 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
06:48 -!- elfixit [~Icedove@77-58-253-51.dclient.hispeed.ch] has quit [Ping timeout: 265 seconds]
06:57 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
07:00 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:04 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
07:16 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
07:20 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
07:25 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has joined #openvpn
07:26 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
07:27 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
07:30 -!- someone [~someone@168.235.155.111] has quit [Ping timeout: 250 seconds]
07:33 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
07:57 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Quit: ZNC - http://znc.in]
07:58 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
08:02 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:03 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:05 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
08:11 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
08:46 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Quit: leaving]
08:47 -!- Strykar [~wakka@122.169.37.152] has joined #openvpn
08:48 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
09:14 < Strykar> ovpn works fine on the LAN, but when I connect to it via the WAN from my android phone, it's very flaky with replay errors: Authenticate/Decrypt packet error: bad packet ID (may be a replay)
09:18 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
09:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
09:38 -!- rulezzz [~rulezzz@189-212-141-193.static.axtel.net] has joined #openvpn
09:39 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 244 seconds]
09:43 <@dazo> Strykar: look at tuning the MTU (reducing it) or you might need to switch to TCP .... some ISPs (esp. mobile networks) can be flaky
09:50 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:53 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Max SendQ exceeded]
09:57 < rulezzz> Hi which tcp/udp port should I use for openvpn if I cant use the default 1194
10:28 -!- Subo1977 [~quassel@unaffiliated/subo1978] has joined #openvpn
10:29 <@ecrist> use the one you can use
10:31 -!- crus` [~crusader@124-171-51-25.dyn.iinet.net.au] has quit [Ping timeout: 250 seconds]
10:32 -!- Subo1977_ [~quassel@unaffiliated/subo1978] has quit [Ping timeout: 265 seconds]
10:49 -!- Malsasa [~Malsasa@125.164.129.84] has joined #openvpn
10:56 <@dazo> rulezzz: you can choose "freely" from 1 to 65535 .... so just pick your own lucky number :)
10:59 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:13 -!- chantra is now known as zz_chantra
11:29 -!- zz_chantra is now known as chantra
11:37 < Strykar> dazo, thanks
11:38 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
11:50 -!- Assid [~assid@unaffiliated/assid] has joined #openvpn
11:51 < Assid> can someone help me with this? i am setting up 2 seperate networks.. each netwrok has its own vpn gateway....if i enable both vpn networks.. 1 of them keeps crashing.. vbut if i enable1 at a time.. then it works fine...each one is trying to set its route as a primary route on on the router
11:51 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
11:51 < Assid> sometimes.. one of the default routes dont get setup for some reason.. any suggestions ?
11:52 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
11:53 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
11:56 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 256 seconds]
11:57 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:58 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
11:58 -!- mode/#openvpn [+o plaisthos] by ChanServ
11:59 < Strykar> Assid, pastebin your routing table
11:59 -!- chantra is now known as chantra_away
12:03 -!- Assid [~assid@unaffiliated/assid] has quit [Read error: Connection reset by peer]
12:03 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
12:04 -!- chantra_away is now known as chantra
12:09 -!- Assid [~assid@unaffiliated/assid] has joined #openvpn
12:09 < Assid> Strykar: pm ?
12:09 < Assid> i got cut
12:09 < Strykar> no, pastebin it
12:10 < Assid> http://pastebin.com/wk38TS00
12:10 < Assid> i have a valid route setup. so i think
12:11 < Assid> it gets pushed to me
12:11 < Assid> sometimes .. the routing table drops one of the default gateways
12:19 -!- Tuju [~tuju@214.204.50.195.sta.estpak.ee] has left #openvpn []
12:21 -!- Assid [~assid@unaffiliated/assid] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
12:23 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:28 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
12:37 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has joined #openvpn
12:38 -!- moviuro_ [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
12:39 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
12:40 -!- zalami_ [~realnameo@unaffiliated/zalami] has joined #openvpn
12:40 -!- chantra is now known as chantra_away
12:42 -!- kloeri_ [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
12:42 -!- Reventlo1 [~Reventlov@unaffiliated/reventlov] has joined #openvpn
12:45 -!- codebam_ [codebam@gateway/shell/yourbnc/x-jrtdmmslbxtsazmp] has joined #openvpn
12:45 -!- jgeboski- [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
12:47 -!- Netsplit *.net <-> *.split quits: mcp, zalami, Rmar|Away, codebam, +RBecker, zimboboyd, Reventlov, xeon-enouf, Slippern, phantomcircuit
12:47 -!- Netsplit *.net <-> *.split quits: kloeri, dyce, michaelhart, Poster, moviuro, matt_, phunyguy, jgeboski, Eagleman, Taftse|Mac,  (+3 more, use /NETSPLIT to show all of them)
12:47 -!- jgeboski- is now known as jgeboski
12:47 -!- codebam_ [codebam@gateway/shell/yourbnc/x-jrtdmmslbxtsazmp] has quit [Max SendQ exceeded]
12:47 -!- codebam [codebam@gateway/shell/yourbnc/x-jplgtowfzhcssfyz] has joined #openvpn
12:47 -!- phantomcircuit_ [~phantomci@66.175.221.254] has joined #openvpn
12:48 -!- Netsplit over, joins: phunyguy
12:48 -!- Malsasa [~Malsasa@125.164.129.84] has quit [Killed (asimov.freenode.net (Nickname regained by services))]
12:49 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has joined #openvpn
12:49 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
12:49 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:49 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
12:53 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
12:55 -!- ponyofdeath [~vladi@cpe-76-167-204-192.san.res.rr.com] has joined #openvpn
13:06 -!- chantra_away is now known as chantra
13:13 -!- Dropje [~yge@ip4da1148b.direct-adsl.nl] has joined #openvpn
13:16 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
13:27 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 255 seconds]
13:35 -!- yang [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
13:40 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 255 seconds]
13:40 -!- chantra [~chantra@unaffiliated/chantra] has quit [Ping timeout: 256 seconds]
13:41 -!- yang [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
13:48 < Cydrobolt> hey
13:49 < Cydrobolt> my openvpn instance broke after I started routing traffic through stunnel
13:49 < Cydrobolt> the stunnel is working properly
13:49 < Cydrobolt> i.e
13:49 < Cydrobolt> openvpn connects correctly through stunnel
13:49 < Cydrobolt> the openvpn port has changed from TCP 443 to TCP 1195 while implementing stunnel
13:49 < Cydrobolt> it now connects, but the openvpn client receives no packets after connection
13:50 < Cydrobolt> the only change to openvpn itself is that it is receiving traffic from 127.0.0.1 and the port has changed from 443 to 1195
13:53 -!- Sheraf [~Sheraf@ns507221.ip-192-99-1.net] has joined #openvpn
13:53 < Sheraf> Hi, not sure if it's the right place to ask, but any idea of how i can make a tunnel using dns or icmp protocol?
13:54 < Sheraf> !goal
13:54 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:55 < Sheraf> !goal build a tunnel using dns or icmp?
13:57 <@plaisthos> not with openvpn
13:58 <@plaisthos> there are other tools for it
13:58 <@plaisthos> google for dns tunnel
13:58 -!- ponyofdeath [~vladi@cpe-76-167-204-192.san.res.rr.com] has quit [Ping timeout: 264 seconds]
14:04 -!- srg [~srg@unaffiliated/srg] has joined #openvpn
14:05 -!- srg [~srg@unaffiliated/srg] has left #openvpn [":wq"]
14:06 -!- rulezzz [~rulezzz@189-212-141-193.static.axtel.net] has quit [Quit: Leaving]
14:15 -!- ponyofdeath [~vladi@cpe-76-172-86-115.socal.res.rr.com] has joined #openvpn
14:18 <@dazo> Sheraf: search for iodine IP over DNS
14:21 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Read error: Connection reset by peer]
14:22 < soLucien> Guys ! When a DLL is built, do some of the paths get included in the file?
14:23 < soLucien> I am a getting e pretty weird error
14:23 < soLucien> it's looking for some .cs files located on the build machine
14:23 < soLucien> when i run it on the server
14:23 < soLucien> damn
14:23 < soLucien> sorry
14:23 < soLucien> wrong channel
14:23 < soLucien> :)
14:26 <@dazo> happy you noticed! ;-)
14:26 <@plaisthos> hm iodine isn't yet ported to anroid
14:29 -!- phantomcircuit_ is now known as phantomcircuit
14:31 -!- xMopxShell [~xMopxShel@davepedu.com] has quit [Ping timeout: 256 seconds]
14:32 -!- xMopxShell [~xMopxShel@davepedu.com] has joined #openvpn
14:33 -!- mattsl [~user@68.169.165.200] has quit [Ping timeout: 256 seconds]
14:34 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 256 seconds]
14:34 -!- kloeri_ [~kloeri@freenode/staff/exherbo.kloeri] has quit [Read error: Connection reset by peer]
14:35 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
14:35 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
14:54 < Sheraf> plaisthos: yeah, i was looking for something on android at first, but it may be too much, will start with linux
14:55 < Sheraf> i'm doing some try to go over my ISP mobile data limitation
15:10 < Sheraf> it's not fast enough actually :/
15:17 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
15:17 -!- dazo is now known as dazo_afk
15:28 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 256 seconds]
15:43 < Cydrobolt> can anyone give me a hand with the stunnel issue?
15:43 < Cydrobolt> openvpn with stunnel isn't working, it connects correctly but does not receive any data
15:44 < Cydrobolt> I changed the openvpn server port from TCP 443 to TCP 1195 for stunnel
15:44 < Cydrobolt> everything else should be similar, but it won't connect now
15:44 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
15:47 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has quit [Quit: michaelhart]
15:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
16:13 <@plaisthos> Cydrobolt: are you trying to connect openvpn to stunnel?
16:13 < Cydrobolt> plaisthos, sort of
16:13 < Cydrobolt> trying to connect to openvpn through stunnel
16:14 <@plaisthos> just checking
16:25 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:34 -!- caliculk [~caliculk@unaffiliated/caliculk] has joined #openvpn
16:35 < caliculk> I seem to be having some issues. my VPN server is setup and running correctly (on the server itself that is) using port 31000, I have my gateway firewall port forwarding 29999 to port 31000. However, when I tell the client to connect to the server in question, the connection just sits there with a blank openvpn gui screen and nothing happens. :/
16:40 < caliculk> Here is my client.conf: http://pastebin.com/KAmKNGFd
16:44 -!- codebam_ [codebam@gateway/shell/yourbnc/x-lvmltyixiyrvijzy] has joined #openvpn
16:45 -!- codebam [codebam@gateway/shell/yourbnc/x-jplgtowfzhcssfyz] has quit [Quit: Seeya. Thanks :)]
16:45 -!- codebam_ is now known as codebam
16:47 -!- zmachine [uid53369@gateway/web/irccloud.com/x-cvujnzrxogddufcg] has joined #openvpn
16:52 < Sheraf> wow
16:52 < Sheraf> it actually worked
16:53 < Sheraf> ISP doesn't throttle the bandwith over dns tunnel
16:53 < Sheraf> 128ko/s => 2mo/s
16:55 < Cydrobolt> plaisthos, any ideas?
17:04 -!- Maxels [~Maxel@24-159-215-210.static.roch.mn.charter.com] has joined #openvpn
17:07 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 245 seconds]
17:34 -!- grache28 [~noodles@s178255151130.blix.com] has joined #openvpn
18:10 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
18:10 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
18:10 -!- mode/#openvpn [+v Guest86751] by ChanServ
18:21 -!- Latrina [~Latrina@ppp-10-35.26-151.libero.it] has quit [Ping timeout: 255 seconds]
18:23 < Sheraf> Hi, How can i add a "dns0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"? brctl addif br0 dns0 tells me invalid argument
18:23 < Sheraf> Can anyone help with this?
18:28 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:40 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
18:41 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:42 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
18:42 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:06 -!- zmachine [uid53369@gateway/web/irccloud.com/x-cvujnzrxogddufcg] has quit [Quit: Connection closed for inactivity]
19:10 -!- soLucien [~Lu@130.225.165.39] has quit [Disconnected by services]
19:35 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
19:47 -!- Guest86751 is now known as s7r
19:52 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
20:21 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
20:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
20:25 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
20:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:41 -!- Chais [~Chais@unaffiliated/chais] has quit [Read error: Connection reset by peer]
20:51 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:58 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
21:00 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 256 seconds]
21:00 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
21:18 -!- sameer-isa [~sameer@d27-96-224-49.nap.wideopenwest.com] has joined #openvpn
21:21 < sameer-isa> Hello.
21:21 < sameer-isa> I am using SSH forwarding to connect to my VPN.
21:21 < sameer-isa> However, I am getting a SOCKET_PROTECT error.
21:22 < sameer-isa> One second, let me post a screenshot of the logs.
21:28 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 252 seconds]
21:30 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
21:32 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
21:39 < sameer-isa> http://www.thanksmicrosoft.org/Screenshot_2015-04-30-22-20-39.png
21:50 -!- Subo1977_ [~quassel@unaffiliated/subo1978] has joined #openvpn
21:54 -!- Subo1977 [~quassel@unaffiliated/subo1978] has quit [Ping timeout: 256 seconds]
21:57 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
22:00 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
22:06 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
22:23 <@ecrist> sameer-isa: wtf are you connecting to 127.0.0.1?
22:24 < BtbN> That's how ssh tunnels work.
22:43 -!- Assid [~assid@unaffiliated/assid] has joined #openvpn
22:43 < Assid> heya
22:45 <@ecrist> ah, yes, it's not apparent in the log screenshot, but I see it above, now
22:45 < Assid> so i have 2 networks each with its own vpn connection / gateway. i noticed that which ever is the top most route in the routing table.. that connection works.. the other network doesnt. how do i get both networks to work fine ?
22:45 <@ecrist> sameer-isa: we need more logs, and your configs
22:45 <@Eugene> !lartc
22:45 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
22:45 <@ecrist> Assid: can you show us the routing table?
22:45 <@Eugene> Assid ^
22:46 <@Eugene> You need to configure policy-based routing in order to use multiple default routes
22:46 < Assid> sure.. will get disconnected though..
22:46 < Assid> anythihng i can do before that..
22:46 < Assid> im on openwrt
22:46 <@Eugene> You can't have multiple "defaults". You can say "use this route when these rules match"
22:47 < Assid> Eugene: ok.. what about situations where src ip varies.. would that be possible ? as each has its own network
22:48 <@Eugene> Sure, that's one of the rules you can set up
22:48 < Assid> im guessing that needs to be done by iptables ?
22:49 < Assid> i dont think route command allows source setting
22:51 < Assid> Eugene: how would i do this in the post-up script ?
22:51 <@Eugene> Read the lartc page
22:51 <@Eugene> It's a `tc` command
22:52 < Assid> checking.. thanks
22:55 < Assid> k .. im not sure im able to apply this
22:57 < Assid> http://lartc.org/howto/lartc.rpdb.multiple-links.html -- what about this.. can i just use   ip route add 10.8.0.1 dev tun-blah src 172.16.50.0/24
22:57 <@vpnHelper> Title: Routing for multiple uplinks/providers (at lartc.org)
23:01 < Assid> maybe i can get openwrt's multiwan page to do this for me
23:02 -!- Assid [~assid@unaffiliated/assid] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
23:47 -!- ShadniX [dagger@p5481D788.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:47 -!- ShadniX [dagger@p5481DB5C.dip0.t-ipconnect.de] has joined #openvpn
23:55 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
--- Day changed Fri May 01 2015
00:00 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
00:27 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Ping timeout: 252 seconds]
00:27 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
01:27 -!- cyberanger [~cyberange@swissknife/adak/infocop411] has joined #openvpn
01:28 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
01:34 -!- s7eele [~AndChat52@208.167.254.202] has joined #openvpn
01:39 -!- Thominus [~Thominus@99.248.182.89] has quit [Ping timeout: 272 seconds]
01:53 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:15 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:bd1a:7342:515f:43a8] has joined #openvpn
02:20 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:bd1a:7342:515f:43a8] has quit [Ping timeout: 256 seconds]
02:40 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
02:41 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
02:44 -!- Maxels [~Maxel@24-159-215-210.static.roch.mn.charter.com] has quit [Ping timeout: 264 seconds]
02:45 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:24 < caliculk> I seem to be having some issues. my VPN server is setup and running correctly (on the server itself that is) using port 31000, I have my gateway firewall port forwarding 29999 to port 31000. However, when I tell the client to connect to the server in question, the connection just sits there with a blank openvpn gui screen and nothing happens. :/ Here is my client.conf: http://pastebin.com/KAmKNGFd Server config: http://paste.ubuntu.com/10960121/
03:26 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 245 seconds]
03:31 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
03:32 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
03:35 -!- Latrina [~Latrina@ppp-116-41.26-151.libero.it] has joined #openvpn
03:55 -!- Junka [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
03:59 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
04:28 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
04:40 -!- zadock [~zadock@81.180.210.86] has joined #openvpn
04:44 -!- syedomar [~so@175.136.89.190] has left #openvpn []
04:52 -!- zadock [~zadock@81.180.210.86] has quit [Quit: Leaving]
04:54 -!- Reventlo1 is now known as Reventlov
05:00 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
05:06 -!- Strykar [~wakka@122.169.37.152] has quit [Read error: Connection reset by peer]
05:07 -!- Strykar [~wakka@122.169.9.82] has joined #openvpn
05:12 -!- Chais [~Chais@unaffiliated/chais] has quit [Quit: ZNC - http://znc.in]
05:14 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
05:18 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
05:19 < Junka> how do i include dns queries to go through openvpn?
05:37 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Read error: Connection reset by peer]
05:39 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
06:01 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:449c:d66e:7658:39a4] has joined #openvpn
06:02 -!- Junka [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
06:06 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:449c:d66e:7658:39a4] has quit [Ping timeout: 256 seconds]
06:10 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
06:11 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
06:11 -!- mode/#openvpn [+v Guest86751] by ChanServ
06:16 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
06:20 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
06:35 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
06:38 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
06:41 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: No route to host]
06:47 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has joined #openvpn
06:48 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has quit [Client Quit]
06:53 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has joined #openvpn
07:02 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:c1b:e26b:8b27:bcf8] has joined #openvpn
07:06 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:c1b:e26b:8b27:bcf8] has quit [Ping timeout: 256 seconds]
07:13 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
07:14 -!- Tokman [~Tokman@91.83.205.246.pool.invitel.hu] has joined #openvpn
07:18 < Tokman> Hello Everyone I have an issue how can I disconnect my openvpn connection (windows/tun). If I use killprocess the connection remains active for a while with the server and I have limitation how many connections I can have with the server and it says I'm using more connections. Is there a way to disconnect openvpn connections properly?
07:36 -!- Malsasa [~Malsasa@180.251.93.212] has joined #openvpn
07:40 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 272 seconds]
07:44 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:44 < caliculk> Right click the OpenVPN tray icon and click disconnect Tokman? That should be enough, or are you asking how to kill the connection on the server end and not the client?
07:45 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
07:55 -!- Strykar [~wakka@122.169.9.82] has quit [Read error: Connection reset by peer]
07:57 -!- Strykar [~wakka@122.179.144.86] has joined #openvpn
08:02 < Tokman> I'm asking the client and I join with command line
08:05 -!- Malsasa [~Malsasa@180.251.93.212] has quit [Read error: Connection reset by peer]
08:22 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
08:38 -!- DonRichie [~DonRichie@ricl.de] has quit [Read error: Connection reset by peer]
08:40 -!- two_oes [~oren@bzq-84-111-140-54.red.bezeqint.net] has joined #openvpn
08:40 -!- two_oes [~oren@bzq-84-111-140-54.red.bezeqint.net] has quit [Client Quit]
08:41 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
08:42 -!- jerng [~sijuendr@faui06a.informatik.uni-erlangen.de] has quit [Quit: leaving]
08:51 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
09:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:49 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
09:51 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
10:21 -!- Subo1977 [~quassel@unaffiliated/subo1978] has joined #openvpn
10:22 < caliculk> I seem to be having some issues. my VPN server is setup and running correctly (on the server itself that is) using port 31000, I have my gateway firewall port forwarding 29999 to port 31000. However, when I tell the client to connect to the server in question, the connection just sits there with a blank openvpn gui screen and nothing happens. :/ Here is my client.conf: http://pastebin.com/KAmKNGFd Server config: http://paste.ubuntu.com/10960121/
10:22 < caliculk>  I have verified the port forward in the router config, and it still is of not much help, the connection still does not go through.
10:24 -!- Subo1977_ [~quassel@unaffiliated/subo1978] has quit [Ping timeout: 265 seconds]
10:26 -!- moviuro_ is now known as moviuro
10:27 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
10:27 <+esde> !welcome
10:27 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
10:27 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:28 <+esde> !configs
10:28 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:28 <+esde> !logs
10:28 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:30 <+esde> !iptables-rules
10:30 <@vpnHelper> "iptables-rules" is When posting iptables rules, please use the `iptables-save` syntax as it is easiest to read. While we try to be helpful, #netfilter may be more appropriate for complex netfilter issues
10:30 <+esde> caliculk ^
10:30 < caliculk> Yep, giving everything in those right now...
10:36 -!- wathek [84d255f4@gateway/web/freenode/ip.132.210.85.244] has joined #openvpn
10:36 < wathek> Hi everybody
10:38 < wathek> I've configured an OpenVPN server but I'm wandering if there are any tool to manage user ? I mean like a web tool that let users change their passwords for example (I'm not using OpenVPN AS because I cannot buy it)
10:38 <+esde> !management
10:38 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read https://github.com/OpenVPN/openvpn/blob/release/2.3/doc/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN or (#3) Enable with `--management 127.0.0.1 1234` (adjust port to taste.) See the manpage for pw and socket options
10:39 < caliculk> Goal: OpenVPN Client is unable to access th OpenVPN server with proper portforwards and rules and such. At this point, my only goal is just to get it to connect. Server is Ubuntu 14.04, Client is Windows 8.1. Server and Client config & logs: http://pastebin.com/z2NV5eQB OpenVPN Server version:2.3.2-7ubuntu3.1 Client is GUIv5
10:39 < caliculk> At this point I have no iptables rules since I can't even get the client connect through the gateway but one second while I pull that up.
10:40 <+esde> caliculk, have you reviewed the !howto?
10:40 <+esde> Also I don't see the logs
10:40 < caliculk> There aren't any logs on either the server or client side. The server is running normally.
10:41 < caliculk> At least for the time frame of the client attempting to connect.
10:41 < caliculk> esde, it isn't my first time setting up an openvpn server. But I can review it again...
10:41 < caliculk> !howto
10:41 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
10:42 <+esde> it feels like it's a first time install.... you should have logs if verbosity is set to anything useful. even if only to say Initialization Sequence Completed
10:42 <+esde> belay my last
10:43 <+esde> you do not have a logging option set, only status
10:44 <+esde> you should have log and log-append set in the server conf to enable logging
10:44 < caliculk> One second, will switch to 9 and re-run the client
10:44 <+esde> ..
10:44 < caliculk> Isn't it enough to log to syslog?
10:45 <+esde> Make up your mind. If there are relevant logs in your syslog, pastebin them.
10:46 < caliculk> I am not changing my mind. My server config logs to syslog, but there are no logs in the syslog because the server daemon has been running for a full day, and when the client attempts to connect since it doesn't initiate a connectiono, there are no logs to report to syslog.
10:46 < caliculk> http://i.imgur.com/mMoCUbn.png
10:46 < caliculk> That is why I say there are no logs, it doesn't even attempt to connect using the client, what so ever.
10:47 <+esde> I don't know what to tell you. I told you how to configure logging.
10:49 <+esde> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage CTRL+F --log
10:49 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
10:53 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:55 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
10:58 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
10:58 < Junka> can someone help me pls?
11:03 < DArqueBishop> !ask
11:03 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
11:03 <@syzzer> 'quit
11:03 <@syzzer> nvm :')
11:05 < caliculk> esde, here you go: http://pastebin.com/TGx7ughE
11:06 <+esde> what is verb set to? literally 9??
11:07 <+esde> yup 9
11:07 <+esde> set it back to 4, 5 if you're still not seeing anything
11:10 < caliculk> esde, if you reload that page, it will have client logging set to 5.
11:11 < caliculk> (regardless of what the first bit says, the actual logging is set to 5)
11:11 < caliculk> bit = line
11:13 < caliculk> At this point it looks like this is the error:
11:13 < caliculk> Fri May 01 18:09:07 2015 us=294716 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
11:13 < caliculk> Fri May 01 18:09:07 2015 us=294716 TLS Error: TLS object -> incoming plaintext read error
11:15 <+esde> line 85, verbosity = 9
11:16 <+esde> I'm not trying to look through that mess of a log. Please post the logs with verbosity set lower (4 or 5)
11:16 <+esde> *going to
11:18 <@ecrist> !logs
11:18 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:18 -!- someone [~someone@168.235.155.111] has joined #openvpn
11:22 -!- wathek [84d255f4@gateway/web/freenode/ip.132.210.85.244] has quit [Quit: Page closed]
11:23 < caliculk> The logs of the events themselves were actually 5, even though the verbosity on line 85 said 9, it was easier to just replace the log contents and not all the extra information of the first several dozen lines or so. Here is the proper log files with everything stating 5 and everything fresh without editing besides the domain, and certificate paths.
11:23 < caliculk> http://pastebin.com/tdxdX9dh
11:28 -!- Tokman [~Tokman@91.83.205.246.pool.invitel.hu] has quit [Ping timeout: 252 seconds]
11:29 -!- someone [~someone@168.235.155.111] has quit [Quit: ZNC - http://znc.in]
11:35 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
11:46 -!- peder [~peder@rubin.ifi.uio.no] has joined #openvpn
11:48 < peder> seems like openvpn retries after an auth_fail due to opt-verify, instead of continuing to the next connection-block? is that correct?
11:59 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:00 < Junka> i use openvpn
12:00 < Junka> but i have dns leaks
12:00 < Junka> im using my isp's dns rather the vpn's
12:01 < Junka> on my phone with openvpn android, it works as expected
12:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:16 -!- RoyK [~roy@77.88.71.251] has joined #openvpn
12:25 <+esde> Junka, do you control your client and server?
12:25 < Junka> esde; only the client
12:26 <+esde> Then your options are more limited. If you had server control, you could push DNS settings
12:27 < DArqueBishop> !both
12:27 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
12:27 -!- Exagone313_ [~exa@elou.world] has joined #openvpn
12:27 < Junka> esde; i dont understand, i use the same app (openvpn) on both the pc and my phone, and mostly the same config settings
12:27 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 272 seconds]
12:27 < Junka> yet the result is not the same
12:34 <+esde> It's hard to help, beyond suggesting you set DNS servers other than those provided by your ISP for your client PC
12:35 <+esde> If a machine is configured with ISP DNS, why wouldnt it use them? ¯\_(ツ)_/¯
12:38 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
12:39 < Sheraf> any idea why i get onyl 0.05/mbs using iodine?
12:39 < Sheraf> in upload*
12:39 <+esde> ouch
12:39 <+esde> Not without more information! :P
12:40 <+esde> Please provide configs and logs, at least.
12:40 <+esde> see !configs and !logs for help
12:41 < Sheraf> so it's not a restriction because of the dns protocol used by iodine?
12:44 <+esde> is it tcp?
12:44 < Sheraf> udp
12:45 <+esde> tcp has speed pitfalls, that udp isn't susceptible to
12:45 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:53 < Sheraf> esde: is it possible to setup openvpn to work with udp?
12:54 -!- Guest86751 is now known as s7r
12:56 <+esde> yes
12:56 <+esde> that's generally the best way
12:57 -!- s7eele [~AndChat52@208.167.254.202] has quit [Ping timeout: 264 seconds]
12:57 <+esde> unless you require tcp for some reason
12:58 < Sheraf> ok
12:58 < Sheraf> i'm going to try over port 53
13:03 < Junka> esde; if i set dhcp-option will the dns queries use my vpn?
13:17 -!- s7eele [~AndChat52@208.167.254.99] has joined #openvpn
13:19 < Sheraf> any idea how i make the hotspot connection using openvpn on android?
13:19 <+esde> not off the top of my head
13:19 <+esde> why not run a client on the hotspot clients instead?
13:20 <+esde> are they "dumb devices" or what?
13:21 < Sheraf> cause i want my phone to use the vpn tunnel too
13:23 < Sheraf> looks like i have to mess with iptables on the android
13:25 <@plaisthos> Sheraf: yeah
13:26 <@plaisthos> see faq of openvpn for android :)
13:26 <@plaisthos> and ip rule
13:26 <@plaisthos> and multiple routing tables
13:27 <+esde> plaisthos++
13:32 -!- jonasdhaen [~jonasdhae@x590f1d51.dyn.telefonica.de] has joined #openvpn
13:32 < jonasdhaen> !welcome
13:33 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:33 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:33 < jonasdhaen> !howto
13:33 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:33 < jonasdhaen> !redirect
13:33 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
13:33 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
13:36 < jonasdhaen> !def1
13:36 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
13:40 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
13:50 -!- jonasdhaen_ [~jonasdhae@d5153412E.access.telenet.be] has joined #openvpn
13:51 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 272 seconds]
13:53 -!- jonasdhaen [~jonasdhae@x590f1d51.dyn.telefonica.de] has quit [Ping timeout: 265 seconds]
13:53 -!- jonasdhaen_ is now known as jonasdhaen
13:54 -!- Malsasa [~Malsasa@125.164.139.89] has joined #openvpn
13:54 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
13:55 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
13:57 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
13:57 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Read error: Connection reset by peer]
13:57 -!- s7eele [~AndChat52@208.167.254.99] has quit [Ping timeout: 256 seconds]
14:01 -!- OG_s7eele [~AndChat52@208.167.254.99] has joined #openvpn
14:01 -!- OG_s7eele [~AndChat52@208.167.254.99] has quit [Client Quit]
14:02 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has quit [Quit: michaelhart]
14:05 -!- s7eele [~AndChat52@208.167.254.99] has joined #openvpn
14:27 < Sheraf> can i use the builtin VPN system of android with openvpn server?
14:27 < Sheraf> then i don't have to have this vpn logo stuck in my notification bar
14:29 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
14:30 -!- BtbN [btbn@btbn.de] has joined #openvpn
14:31 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has joined #openvpn
14:35 < Junka> Sheraf; you mean the key logo?
14:36 < Junka> you wont get away from it one way or another :P
14:37 < Sheraf> Junka: what about the openvpn logo
14:37 < Sheraf> you add the adblock logo the the list and my notification bar looks more like a task manager
14:37 -!- Malsasa [~Malsasa@125.164.139.89] has quit [Ping timeout: 256 seconds]
14:37 < Junka> that disappears after a connection has been established
14:38 -!- Malsasa [~Malsasa@125.164.135.172] has joined #openvpn
14:46 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
14:49 <@plaisthos> Sheraf: no
14:49 <@plaisthos> as for the vpn icon, the faq explain the why
14:49 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
14:57 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:58 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
15:08 -!- Malsasa [~Malsasa@125.164.135.172] has quit [Ping timeout: 264 seconds]
15:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
15:11 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
15:11 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Excess Flood]
15:13 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
15:17 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 240 seconds]
15:20 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:21 -!- michaelhart [~michaelha@69-165-175-193.dsl.teksavvy.com] has quit [Quit: michaelhart]
15:28 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
15:33 -!- Junka [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
15:45 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:46 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
15:47 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:50 -!- jonasdhaen [~jonasdhae@d5153412E.access.telenet.be] has quit [Read error: Connection reset by peer]
15:51 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
15:52 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:56 -!- BloqueNegro [~nothing@p579E5525.dip0.t-ipconnect.de] has joined #openvpn
16:07 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
16:08 -!- zalami_ [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 265 seconds]
16:24 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:31 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Ping timeout: 256 seconds]
16:50 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
16:51 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Ping timeout: 245 seconds]
16:59 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 240 seconds]
17:04 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
17:05 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
17:31 < Sheraf> argg
17:31 < Sheraf> android doesn't do tap :/
17:33 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
17:37 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:38 -!- Malinux [~malin@unaffiliated/malin/x-8072090] has joined #openvpn
17:39 < Malinux> I am getting this error in /var/log/syslog when trying to connect my client to the openvpn server with network-manager in Ubuntu 14.04: ovpn-client[7032]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain:
17:41 -!- ShadniX [dagger@p5481DB5C.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
17:43 -!- ShadniX [dagger@p5481DB5C.dip0.t-ipconnect.de] has joined #openvpn
17:47 -!- Subo1977 [~quassel@unaffiliated/subo1978] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
17:52 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:58 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
18:00 -!- BloqueNegro [~nothing@p579E5525.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
18:08 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:2cb7:7bbc:12ad:6c0b] has joined #openvpn
18:18 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
18:22 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
18:23 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
18:24 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
18:38 -!- GRMrGecko [~GRMrGecko@user-24-96-62-208.knology.net] has joined #openvpn
18:39 < GRMrGecko> I'm trying to configure a VPN so that it does not override the default route, but allows connections to be made. I have tried adding route-noexec and route-nopull which just seems to disable the  VPN for internet connections
18:40 <@pekster> "Internet connections" ?
18:40 <@pekster> You mean the default router, it sounds like..
18:40 -!- mode/#openvpn [+v-o pekster pekster] by pekster
18:41 < GRMrGecko> I mean, I want to be able to do this curl --interface tun0 http://api.ipify.org/
18:41 < GRMrGecko> and have it go over the VPN
18:41 < GRMrGecko> but all other traffic does not
18:41 <+pekster> You're still free to do that, for any application that supports its own bind(2) calls
18:42 <+pekster> However, you still need your FIB to support routing based on that source address
18:42 <+pekster> Maybe you want a source-based route to route packets from that source via the VPN? That'll require some policy routing, whereby you declare anything from the source of the VPN to be routed via the VPN peer
18:43 <+pekster> See !lartc for linux, of PF's route-to target in PF
18:43 <+pekster> That's squarely advanced routing, FWIW
18:44 <+pekster> You'll probably need to script something out of --route-up to handle the dynamic routing table and rule additions into your routing/firewall subsystems, unless you're using a fully static OpenVPN setup, in which case you can likely code some of that into either --up or your OS startup firewall layout as needed
18:44 < GRMrGecko> I'm going to play around as it seems that you don't understand
18:45 <+pekster> I understand routing better than you think. Piss off, mate.
18:45 < GRMrGecko> I'm talking about understanding of my issue
18:46 < GRMrGecko> I'm thinking maybe my issue is that the traffic needs to be forwarded to 10.9.0.17 for it to work, and not just being placed on the net
18:46 < GRMrGecko> so I need to research how to have my router internally be the default route, and that be the default when going over tun0
18:47 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
18:47 <+pekster> Policy routing, like I just told you (and like you ignored, stating your own "advanced" understanding of routing, apparently)
18:48 < GRMrGecko> let me read through what you said.
18:48 <+pekster> Dunno how you think the FIB works, but it's consulted, in order, for every single packet that leaves your system
18:48 <+pekster> (strictly speaking, even the ones that don't leave your system too)
18:49 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 244 seconds]
18:49 < GRMrGecko> when you say source based route, I think IP source
18:49 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 255 seconds]
18:49 < GRMrGecko> is that correct?
18:50 <+pekster> Right; the FIB can make a decision on which routing rules to consult based on a variety of factors, and in your case the decision simply needs to be made on the source IP
18:50 <+pekster> That's since you're using an application that can bind(2) (that's a system call, as in "man 2 bind") to an explicit address at connect-time. Note that not all apps can do that
18:51 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
18:53 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
18:53 < GRMrGecko> pekster: so you're saying using curl --interface will not work
18:53 <+pekster> It will, if you set up your routing properly
18:54 <+pekster> I gave you references above to learn about policy routing based (yes, including based on source address) for both Linux and BSD-based (with PF) systems
18:54 < GRMrGecko> I don't know too much about linux routing.
18:54 <+pekster> !lartc
18:54 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
18:54 < GRMrGecko> I saw
18:54 < GRMrGecko> went to the site
18:55 < GRMrGecko> pekster: when you do --interface, does curl assume the IP address on that interface?
18:55 <+pekster> Your needs are fairly simple, really. Set up a secondary routing table, add a default route via the VPN device, and create a routing rule to send traffic sourced from the address on tun0 to that table
18:55 <+pekster> Yes, it looks up the primary IP on the interface and uses it in the bind(2) system call
18:55 < GRMrGecko> I'm wondering so I can put the puzzle together
18:56 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
18:56 < GRMrGecko> ok, that sounds like I can just say 10.0.0.0/24 go to 10.0.0.1 and 10.9.0.0/24 go to 10.9.0.1
18:57 < GRMrGecko> which I think is what you're saying now that I understand that
18:57 <+pekster> Not quite
18:58 < GRMrGecko> I know cisco stuff with routing, but that's about all.
18:58 <+pekster> You need a _secondary_ routing table. That tables is _just_ for the traffic _originating_ from the VPN device, routed _via_ the VPN endpoint (Linux lets you use the device itself as a target since it'll be a PtP device anyway.)
18:58 <+pekster> Then just add a routing rule using the source IP as the match, and send it to that table
18:58 <+pekster> That's literally it; a single routing entry on a new table, and 1 rule
18:59 <+pekster> LARTC has specifics if any of that is a new concept to you, for which you really need to read their literature to get your head wrapped around the concepts
18:59 <+pekster> There's also ip-route(8) and ip-rule(8) as handy references
19:00 < GRMrGecko> I'm currently at 10.9.0.17
19:00 < GRMrGecko> opps
19:00  * GRMrGecko http://lartc.org/howto/lartc.rpdb.html#LARTC.RPDB.SIMPLE
19:00 <@vpnHelper> Title: Rules - routing policy database (at lartc.org)
19:00 <+pekster> Yea, that
19:01 <+pekster> I tend to use numbered tables (and avoid all the "naming" nonsense) but some folks like pretty names in their output
19:02 < GRMrGecko> pekster: thanks, I'll read though this and see what I can come up with
19:03 <+pekster> Just remember to make it all dynamic via OpenVPN's !scripts, unless you're 100% sure the server will give you the same IP each time
19:11 < GRMrGecko> yeah, I need to lookup the command to give me the IP addresses from that interface.
19:12 <+pekster> env-vars
19:12 <+pekster> !scripts
19:12 <@vpnHelper> "scripts" is "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
19:13 < GRMrGecko> thanks pekster
19:13 < GRMrGecko> got it working using that guide
19:23 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
19:26 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
19:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
19:48 -!- Strykar [~wakka@122.179.144.86] has quit [Read error: Connection reset by peer]
19:55 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 246 seconds]
19:57 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
20:16 < GRMrGecko> pekster: everything is now configured, thank you for your help and patence.
20:18 -!- GRMrGecko [~GRMrGecko@user-24-96-62-208.knology.net] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
20:30 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
20:44 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 276 seconds]
20:46 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
21:05 -!- sheer [Username@gateway/vpn/mullvad/x-uevbsbmeioozkgto] has joined #openvpn
21:47 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
21:49 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 272 seconds]
21:51 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
22:00 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
22:00 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has joined #openvpn
22:02 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
22:03 < Entelin> I have a working openvpn server, I have created (and tested on windows) a unified .ovpn profile with all the needed keys included. I am trying to get this working on an ipad using OpenVPN Connect. However I get this error:  "Error loading profile: Inbox/test.ovpn option_error: option <ca> was not properly closed out"   Which seems clear enouph, except that <ca> is closed out, this same file works on win
22:03 < Entelin> dows.
22:04 < Entelin> I had the user try and reencode it to utf-8 as well just to be sure, but got the same issue
22:29 -!- sheer [Username@gateway/vpn/mullvad/x-uevbsbmeioozkgto] has left #openvpn ["Quitting."]
23:15 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
23:34 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Ping timeout: 264 seconds]
23:36 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Remote host closed the connection]
23:36 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
23:36 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 252 seconds]
23:44 -!- ShadniX_ [dagger@p5481DCCD.dip0.t-ipconnect.de] has joined #openvpn
23:44 -!- yang [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
23:47 -!- navs_ [~navs@freetheshellcodes.net] has joined #openvpn
23:47 < navs_> box has an eth1 with a 192.168.22.0/25 addy, want to ip route add 192.168.33.0/25 via 192.168.22.10; ip route add 192.168.77.0/25 via 192.168.33.2; ping -c 1 192.168.77.10 <-- what am i missing
23:48 < navs_> i know this isnt directly ovpn related but you guys prob know
23:48 -!- ShadniX [dagger@p5481DB5C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:48 -!- ShadniX_ is now known as ShadniX
23:53 < Entelin> 192.168.77.10 have a route that can make it back to 22 network?
23:53 < Entelin> does^
23:54 < navs_> yea
23:55 < navs_> someone else helped me turned out i just needed to route .77.0/25 to 22.10 also
23:55 < navs_> didnt need to specify the hop myself
23:55 < navs_> if anyone else runs into that, im using openvpn_as for a site to site
23:56 < navs_> didnt want a nat
23:56 < Entelin> yup sounds good
23:56 < Entelin> yeah naturally you need to make sure the routing is correct
23:59 -!- Malsasa [~Malsasa@36.73.230.38] has joined #openvpn
--- Day changed Sat May 02 2015
00:01 -!- navs_ [~navs@freetheshellcodes.net] has left #openvpn []
00:06 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
00:06 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
00:07 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
00:30 -!- zheng [~zheng@116.230.206.208] has quit [Read error: Connection timed out]
00:31 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
00:32 -!- zheng [~zheng@116.230.206.208] has quit [Max SendQ exceeded]
00:32 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
00:42 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection timed out]
00:57 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has quit [Quit: Leaving]
01:17 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Ping timeout: 240 seconds]
01:20 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
01:45 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
01:45 < c|oneman> can I setup an openvpn TAP server on a computer that is not also my main router?
01:46 < c|oneman> I want the external connected parties to appear on the same subnet where openvpn is
01:47 -!- Malsasa [~Malsasa@36.73.230.38] has quit [Read error: Connection reset by peer]
01:57 -!- cyberanger [~cyberange@swissknife/adak/infocop411] has quit [Ping timeout: 276 seconds]
02:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:50 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Read error: Connection reset by peer]
02:56 -!- Strykar [~wakka@122.179.144.86] has joined #openvpn
02:56 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
03:01 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 255 seconds]
03:10 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
03:29 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 256 seconds]
03:29 -!- Malinux [~malin@unaffiliated/malin/x-8072090] has quit [Ping timeout: 276 seconds]
03:31 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Quit: Leaving]
04:18 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
04:35 < Sheraf> c|oneman: bridge the real interface with the tap interface of vpn
04:35 < Sheraf> should do it
04:39 < Sheraf> how can i improve my latency ?
04:47 -!- ir2ivps4 [~ir2ivps4@169.53.134.171-static.reverse.softlayer.com] has quit [Ping timeout: 250 seconds]
04:55 -!- FreezingCold [~FreezingC@135.0.41.14] has joined #openvpn
04:55 < FreezingCold> !goal
04:55 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
05:01 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
05:03 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
05:10 < FreezingCold> https://i.imgur.com/k0yjlon.png
05:10 < FreezingCold> That's my goal. My first question at the moment is, can I use my IPv6 /64 block from my server to assign IPv6 addresses to things behind my IPv4 NAT and mobile devices?
05:13 < FreezingCold> So I assume my server will be using a tap
05:17 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
05:21 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
05:53 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
05:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:58 < FreezingCold> With OpenVPN Connect for Android, is it possible to ignore the VPN for certain networks?
06:00 <@plaisthos> FreezingCold: not that I am aware of
06:00 <@plaisthos> OpenVPN for Android does allow to do this on 5.0+
06:00 < FreezingCold> plaisthos: So... yes? I am running >5.0 :)
06:01 < FreezingCold> I didn't see where I would set it, though I haven't added my config yet.
06:02 <@plaisthos> FreezingCold: OpenVPN Connnect != OpenVPN for Android
06:02 < FreezingCold> Oh.
06:18 -!- jonasdhaen [~jonasdhae@x590fb1f8.dyn.telefonica.de] has joined #openvpn
06:40 -!- RoyK [~roy@77.88.71.251] has left #openvpn []
06:54 -!- seg [~seg@fsf/member/seg] has quit [Quit: !!]
06:54 -!- u0m3 [~u0m3@109.96.156.18] has joined #openvpn
06:55 -!- u0m3 [~u0m3@109.96.156.18] has quit [Remote host closed the connection]
07:00 -!- seg [~seg@fsf/member/seg] has joined #openvpn
07:15 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Excess Flood]
07:20 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
07:52 < Sheraf> I'm having such a bad upload when using the VPN :/
07:56 < Sheraf> 5kB/s
08:16 -!- antisaint [32aabb23@gateway/web/freenode/ip.50.170.187.35] has joined #openvpn
08:16 < antisaint> Somebody have some spare time to walk a noob thru vpn setup?
08:17 < antisaint> !welcome
08:17 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:17 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:18 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 245 seconds]
08:18 < antisaint> !topology
08:18 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
08:18 < antisaint> !goal
08:18 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
08:20 < antisaint> Alright, let me restate... I have a BananaPi and I would like to use that to secure my network traffic. I have heard of VPN with SSH reverse tunneling for a highly secure thruput... Assistance with all the above?
08:27 -!- zheng [~zheng@116.230.206.208] has quit [Remote host closed the connection]
08:27 < Sheraf> thru
08:32 < Thermi> !ovpnuke
08:32 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
08:34 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
08:51 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:52 -!- antisaint [32aabb23@gateway/web/freenode/ip.50.170.187.35] has left #openvpn []
09:15 -!- _Cyclone_ [~Cyclone@rrcs-98-101-102-196.midsouth.biz.rr.com] has joined #openvpn
09:16 -!- deranged is now known as jesopo
09:20 -!- _Cyclone_ [~Cyclone@rrcs-98-101-102-196.midsouth.biz.rr.com] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:32 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
09:33 -!- Malinux [~malin@unaffiliated/malin/x-8072090] has joined #openvpn
09:52 -!- elfixit [~Icedove@2001:1687:52dc:5563:5e51:4fff:fec8:5b90] has joined #openvpn
10:00 -!- jonasdhaen_ [~jonasdhae@d5153412E.access.telenet.be] has joined #openvpn
10:00 -!- jonasdhaen [~jonasdhae@x590fb1f8.dyn.telefonica.de] has quit [Ping timeout: 252 seconds]
10:00 -!- jonasdhaen_ is now known as jonasdhaen
10:03 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
10:03 -!- jonasdhaen [~jonasdhae@d5153412E.access.telenet.be] has quit [Read error: Connection reset by peer]
10:03 < NucWin> easy-rsa creates server certs (.crt) with X509v3 extensions (5KB file) but the ca.crt doesnt seem to have this extra info (2KB) is there anyway to get it to generate ca.crt with the extra info?
10:13 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 250 seconds]
10:16 -!- elfixit [~Icedove@2001:1687:52dc:5563:5e51:4fff:fec8:5b90] has quit [Ping timeout: 265 seconds]
10:16 -!- jonasdhaen [~jonasdhae@x590fb1f8.dyn.telefonica.de] has joined #openvpn
10:16 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
10:36 -!- riano [~quassel@unaffiliated/riano] has joined #openvpn
10:36 -!- riano [~quassel@unaffiliated/riano] has left #openvpn []
10:36 -!- riano [~quassel@unaffiliated/riano] has joined #openvpn
10:48 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
10:49 -!- jonasdhaen [~jonasdhae@x590fb1f8.dyn.telefonica.de] has quit [Quit: jonasdhaen]
10:49 -!- jonasdhaen [~jonasdhae@x590fb1f8.dyn.telefonica.de] has joined #openvpn
11:00 -!- Strykar [~wakka@122.179.144.86] has quit [Ping timeout: 256 seconds]
11:17 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: Leaving]
11:56 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:58 -!- IonCannon218 [~quassel@unaffiliated/ioncannon218] has joined #openvpn
11:58 < IonCannon218> I'm confused for which version to use for win 8
11:58 < IonCannon218> Installer (64-bit), Windows XP and later openvpn-install-2.3.6-I003-x86_64.exe
11:58 < IonCannon218> Installer (64-bit), Windows Vista and later openvpn-install-2.3.6-I603-x86_64.exe
12:07 < Sheraf> i'd say the last one
12:10 < Sheraf> i drop from 38 kB/s to 6kB/s when using openvpn :(
12:11 < Sheraf> is this supposed to happen?
12:23 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Quit: ZNC - http://znc.in]
12:25 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
12:35 -!- Tokman [~Tokman@91.83.33.101.pool.invitel.hu] has joined #openvpn
12:47 < Sheraf> that's what i get http://pastebin.com/HRFPLM7N
12:47 < Sheraf> would my upload drop that much because of the latency?
12:47 < Sheraf> my server is pretty far :/
12:49 -!- s7eele [~AndChat52@208.167.254.99] has quit [Quit: Bye]
12:50 -!- s7eele [~AndChat52@208.167.254.99] has joined #openvpn
13:02 -!- s7eele [~AndChat52@208.167.254.99] has quit [Quit: Bye]
13:04 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
13:05 < Junka> does openvpn overwrite /etc/resolve.conf ?
13:05 -!- Tokman [~Tokman@91.83.33.101.pool.invitel.hu] has quit []
13:07 < Sheraf> resolv.conf, not by default
13:08 < Sheraf> but you can create up and down script if you want to
13:12 -!- s7eele [~AndChat52@208.167.254.99] has joined #openvpn
13:13 < Junka> the openvpn-update-resolv-conf script?
13:14 < Junka> and then it's going to use the server's DNS while i use openvpn by overriding my resolv.conf right?
13:16 < Junka> or maybe it resolves it on the server's side?
13:16 -!- s7eele [~AndChat52@208.167.254.99] has quit [Ping timeout: 264 seconds]
13:17 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
13:32 -!- riano [~quassel@unaffiliated/riano] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
13:33 -!- riano [~quassel@unaffiliated/riano] has joined #openvpn
13:33 -!- riano [~quassel@unaffiliated/riano] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
13:36 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
13:59 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:02 -!- AlmogBaku [~AlmogBaku@109.65.136.84] has joined #openvpn
14:09 -!- Junka [~Junkass@unaffiliated/junka] has quit [Ping timeout: 240 seconds]
14:15 < Sheraf> so what's the legal point of view of using a VPN when "you're not suppose to have a full internet access"?
14:15 < Sheraf> like udp 53 vpn
14:26 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
14:29 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Client Quit]
14:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
15:06 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
15:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:20 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
15:20 < bruxC> Hi, I'm attempting to do setup a ubuntu server 14.04 but I'm falliing short on successful and I think it's because I dont appear to have a tun0 interface.. What step am I missing?
15:31 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
16:07 < bdmc> I am attempting to set up OpenWRT as an OpenVPN client, for an IPv6 tunnel, and need some help on the configuration. ( openvpn and network )
16:10 -!- pepperoni [~pepperoni@unaffiliated/pepperoni] has joined #openvpn
16:11 < pepperoni> !welcome
16:11 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:11 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:12 < pepperoni> !howto
16:12 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
16:20 -!- AlmogBaku [~AlmogBaku@109.65.136.84] has quit [Remote host closed the connection]
16:22 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
16:38 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 244 seconds]
16:49 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
17:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
17:21 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
17:27 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
17:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
17:41 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
17:46 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
17:51 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
18:05 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
18:38 -!- IonCannon218 [~quassel@unaffiliated/ioncannon218] has quit [Quit: IonCannon218]
18:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
19:08 -!- funnel [~funnel@unaffiliated/espiral] has quit [Quit: leaving]
19:09 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
19:30 -!- FreezingCold [~FreezingC@135.0.41.14] has quit [Ping timeout: 265 seconds]
19:52 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 276 seconds]
19:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:55 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
20:04 -!- jonasdhaen_ [~jonasdhae@x590f11f8.dyn.telefonica.de] has joined #openvpn
20:07 -!- jonasdhaen [~jonasdhae@x590fb1f8.dyn.telefonica.de] has quit [Ping timeout: 264 seconds]
20:07 -!- jonasdhaen_ is now known as jonasdhaen
20:10 -!- ghormoon [~ghormoon@ghorland.net] has quit [Read error: Connection reset by peer]
20:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
20:23 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
20:29 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
20:41 -!- Chais [~Chais@unaffiliated/chais] has quit [Read error: Connection reset by peer]
20:44 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
20:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 276 seconds]
20:50 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
22:22 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
22:36 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
22:47 -!- pepperoni [~pepperoni@unaffiliated/pepperoni] has left #openvpn []
23:47 -!- ShadniX [dagger@p5481DCCD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:47 -!- ShadniX_ [dagger@p5DDFF32C.dip0.t-ipconnect.de] has joined #openvpn
23:47 -!- ShadniX_ is now known as ShadniX
23:52 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
23:54 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
--- Day changed Sun May 03 2015
00:43 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Remote host closed the connection]
00:44 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
03:05 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:18 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
03:19 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
03:33 -!- jonasdhaen [~jonasdhae@x590f11f8.dyn.telefonica.de] has quit [Quit: jonasdhaen]
03:42 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
04:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:14 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:42 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Read error: Connection reset by peer]
04:42 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
04:45 -!- BloqueNegro [~nothing@p579E4C55.dip0.t-ipconnect.de] has joined #openvpn
04:45 -!- mattsl [~user@68.169.165.200] has joined #openvpn
04:53 -!- varazir [~mircwars@c-94-255-129-20.cust.bredband2.com] has quit [Quit: leaving]
05:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:31 -!- mode/#openvpn [+o mattock1] by ChanServ
05:34 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:45 -!- BloqueNegro [~nothing@p579E4C55.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
05:50 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has quit [Ping timeout: 260 seconds]
05:51 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
06:03 -!- jonasdhaen [~jonasdhae@x590f11f8.dyn.telefonica.de] has joined #openvpn
06:20 -!- BloqueNegro [~nothing@p579E4C55.dip0.t-ipconnect.de] has joined #openvpn
06:21 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
06:24 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:24 -!- mode/#openvpn [+o mattock2] by ChanServ
06:28 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
07:40 -!- jonasdhaen [~jonasdhae@x590f11f8.dyn.telefonica.de] has quit [Quit: jonasdhaen]
07:42 -!- FreezingCold [~FreezingC@135.0.41.14] has joined #openvpn
07:44 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Quit: say wat]
07:46 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has joined #openvpn
07:49 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:49 -!- BloqueNegro [~nothing@p579E4C55.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
07:56 -!- Eric-K [eric@188.226.225.197] has joined #openvpn
07:58 < Eric-K> Hi! OpenVPN server in data center installed on Ubuntu 14.04 using apt-get install. Works fantastic with my pfSense router at home as a client. Data center is gbit, home is 200 mbit. Reaching about 120 mbit with OpenVPN enabled. Found https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux and am wondering where do I set the tweaked options like fragment and mssfix since I don't manually start OpenVPN?
07:58 <@vpnHelper> Title: Gigabit_Networks_Linux – OpenVPN Community (at community.openvpn.net)
07:59 < Eric-K> Is there a script or should I include it in server.conf ?
07:59 < Eric-K> Also, both ends have a CPU with AES-NI.
07:59 -!- Tokman [~Tokman@91.83.33.101.pool.invitel.hu] has joined #openvpn
09:01 -!- jonasdhaen [~jonasdhae@x590f11f8.dyn.telefonica.de] has joined #openvpn
09:14 -!- IonCannon218 [~quassel@unaffiliated/ioncannon218] has joined #openvpn
09:14 -!- IonCannon218 [~quassel@unaffiliated/ioncannon218] has left #openvpn []
09:19 < NucWin> Eric-K my guess is they will work in your conf file withou the --
09:20 < Eric-K> ok
09:20 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 252 seconds]
09:24 -!- ir2ivps4 [~ir2ivps4@158.85.162.249-static.reverse.softlayer.com] has joined #openvpn
09:26 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
09:29 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
09:32 -!- james41382__ [~james4138@unaffiliated/james41382] has joined #openvpn
09:35 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
09:39 < Eric-K> Despite following up on https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux I can't seem to be able to push more than +- 156 Mbit/s. Wonder why.
09:39 <@vpnHelper> Title: Gigabit_Networks_Linux – OpenVPN Community (at community.openvpn.net)
09:42 < plasma> cpu power?
09:43 < plasma> ah cpu has aes
09:43 < plasma> hmm
09:43 < Eric-K> Yes both ends.
09:44 < Eric-K> Maybe pfSense is not accepting those switches. I'll look into that.
09:59 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
10:00 < Eric-K> nvm, found the explanation https://forums.openvpn.net/topic8723.html#p15123
10:00 <@vpnHelper> Title: OpenVPN Support Forum Gigabit Server but cannot exceed more than 160mbps : Server Administration (at forums.openvpn.net)
10:00 < Eric-K> I'm using the regular server/client setup :)
10:12 <@syzzer> Eric-K: try playing with --sndbuf and --rcvbuf
10:12 <@syzzer> depending on your setup, you might get better speed with larger buffers
10:12 < Eric-K> hm, sounds good
10:25 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Read error: Connection reset by peer]
10:27 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
10:29 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
10:43 -!- Malsasa [~Malsasa@36.84.69.160] has joined #openvpn
10:45 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
10:46 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:2cb7:7bbc:12ad:6c0b] has quit [Remote host closed the connection]
11:05 -!- AMERICAN_PSYCHO [~A_PSYCHO@99.sub-70-196-2.myvzw.com] has joined #openvpn
11:22 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:b057:245a:b5d8:e5fb] has joined #openvpn
11:22 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
11:26 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:b057:245a:b5d8:e5fb] has quit [Ping timeout: 256 seconds]
11:27 -!- Tokman [~Tokman@91.83.33.101.pool.invitel.hu] has quit [Ping timeout: 252 seconds]
11:40 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
11:53 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
11:55 < bruxC> Hi, I setup an openvpn server in ubuntu 14.04 server. I'm trying to test it on a ubuntu server 14.04 client setup... even after configuring the client.conf I still seem to be on the same IP.
11:55 < bruxC> Does anyone have a moment to help me go over where it is tthat I am failing?
11:59 < FreezingCold> So for turning off comp-lzo, do all I have to do is leave it out of my config file>?
12:04 < bruxC> I would assume that is the case FreezingCold
12:21 -!- AlmogBaku [~AlmogBaku@109.65.136.84] has joined #openvpn
12:22 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:60f8:d14b:cbb8:ead6] has joined #openvpn
12:23 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
12:28 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:60f8:d14b:cbb8:ead6] has quit [Ping timeout: 256 seconds]
12:42 -!- irgendwer4711 [~irgendwer@reactos/tester/irgendwer4711] has joined #openvpn
12:43 < irgendwer4711> hi, which is the right config for a tcp client? proto tcp-client? tls-client??
12:45 < irgendwer4711> http://pastebin.com/A2q7PGZi
12:45 < irgendwer4711> "Options error: --proto tcp is ambiguous in this context.  Please specify --proto tcp-server or --proto tcp-client"
12:46 -!- Malsasa [~Malsasa@36.84.69.160] has quit [Read error: Connection reset by peer]
12:50 <@plaisthos> tcp-cleint and tls-client are completly different options
12:51 < irgendwer4711> which option is correct for a tcp client?
12:52 <@plaisthos> just like the options says tcp-client
12:52 < irgendwer4711> this doesnt work
12:52 < irgendwer4711> plaisthos: " Unrecognized option or missing parameter(s)"
12:53 <@plaisthos> proto tcp-client
12:53 <@plaisthos> in a normal setup you usually use the client option
12:53 <@plaisthos> and proto tcp-client
12:53 < irgendwer4711> doesnt work " --proto tcp is ambiguous in this context"
12:53 <@plaisthos> but that depend on how you configured the server
12:54 < irgendwer4711> ah
12:54 <@plaisthos> with  the --client option proto tcp is interpretet as tcp-client
12:54 < irgendwer4711> plaisthos: its "proto tcp-server"
12:55 < irgendwer4711> this doenst work :-(
12:56 < irgendwer4711> btw there is no traffic
12:57 < irgendwer4711> lines later there was "proto tcp". I deleted it.
13:01 < irgendwer4711> better now, now I have to correct addresses for the subnet
13:05 < irgendwer4711> "ifconfig 192.168.112.201 192.168.112.200" this does not work for the client. serversettings is "ifconfig 192.168.112.200 192.168.112.201" what is wrong?
13:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
13:15 < bruxC> I was able to successfully add my windows laptop to my openvpn server configured in a cli ubuntu server 14.04 environment. IT states I have an IP address of 10.8.0.6. However, when I go to a "whats my ip" website, it picks up the same public ip address. Any reason why this is?
13:18 < DArqueBishop> You probably didn't configure OpenVPN to route all traffic through the VPN.
13:18 < DArqueBishop> !redirect
13:18 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
13:18 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
13:22 < bruxC> Thanks, i'll check it out.
13:27 <@plaisthos> irgendwer4711: looks right enough
13:27 <@plaisthos> irgendwer4711: try tcpdump on the tun interface of server and client to debug
13:27 < irgendwer4711> plaisthos: yes, now I try to convert to a tap network
13:28 <@plaisthos> irgendwer4711: it should not be tap vs tun
13:28 <@plaisthos> !tun
13:28 < irgendwer4711> both sides
13:28 <@plaisthos> !tun-vs-tap
13:28 <@plaisthos> irgendwer4711: yes
13:28 <@plaisthos> irgendwer4711: but your problem is probably not tun vs tap related
13:28 <@plaisthos> !tun
13:28 <@plaisthos> hm
13:28 < irgendwer4711> I already got a connection
13:28 <@plaisthos> the bot does not like me anymore
13:28 <@plaisthos> !flowchart
13:29 < irgendwer4711> !tun
13:29 < irgendwer4711> vpnHelper: !tun
13:29 < irgendwer4711> anyway...
13:29 <@plaisthos> !search tun
13:29 <@vpnHelper> There were no matching configuration variables.
13:30 < irgendwer4711> plaisthos: could I attach to an existing bridge?
13:31 <@plaisthos> irgendwer4711: maybe
13:31 <@plaisthos> should work
13:31 <@plaisthos> I never tested that
13:31 <@plaisthos> !tap
13:31 <@vpnHelper> "tap" is (#1) "bridge" is (#1) http://openvpn.net/index.php/documentation/faq.html#bridge1, or (#2) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html, or (#3) Bridging looks like a good choice to people who don't know how to set up IP routing, but to learn routing is generally far better., or (#4) useful for windows sharing (without wins server) and LAN gaming,
13:31 <@vpnHelper> anything where the protocol uses MAC addresses instead of IP addresses. or (#2) For tun/tap and route/bridge comparing, see https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
13:31 < irgendwer4711> wrt has a bridge
14:10 -!- irgendwer4711 [~irgendwer@reactos/tester/irgendwer4711] has left #openvpn []
14:20 < Sheraf> I'm having trouble connecting to https, i don't get what it comes from
14:21 < Sheraf> i mean, it works without the vpn
14:21 < Sheraf> port 443 works to (not https protocol, just the port)
14:21 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
14:21 < Sheraf> https works from other client using the same vpn server, and directly from my server
14:22 < Sheraf> and sometimes, it works from my pc, but sometimes, it just stop working
14:22 < Sheraf> like, right now, i'm using bing... because i can't connect to google and they don't do http anymore
14:41 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 255 seconds]
14:45 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 252 seconds]
14:46 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
14:51 < Sheraf> can it does it matter a lot if server and client doesn't have the same version?
14:52 < Sheraf> my server is 2.3.4-5 and client 2.3.6-1
14:55 <@plaisthos> no
14:55 <@plaisthos> thats fine
14:55 <@plaisthos> opnevpn is very compatible between versions
14:55 <@plaisthos> breaking compability is considered a bug
14:56 < Sheraf> ok
14:56 -!- bogie [bogie@mail.epow0.org] has quit [Quit: Hi, I'm a quit message virus. Please replace your old line with this line and help me take over the world of IRC.]
14:57 < Sheraf> weird, i restarted openvpn server and https is working fine
14:59 < Sheraf> TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
14:59 < Sheraf> i'm getting that in the log
15:10 -!- AlmogBaku [~AlmogBaku@109.65.136.84] has quit [Ping timeout: 256 seconds]
15:13 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 256 seconds]
15:15 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
15:27 -!- nutron [~nutron@unaffiliated/nutron] has quit [Quit: I must go eat my cheese!]
15:41 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
15:42 < bruxC> If one was to sign up for a vpn service, does this service provide a opvn file or what exactly does one do to modify their openvpn server to play nicely with this paid service?
15:51 -!- jonasdhaen [~jonasdhae@x590f11f8.dyn.telefonica.de] has quit [Ping timeout: 240 seconds]
16:00 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:29 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
16:30 -!- AMERICAN_PSYCHO [~A_PSYCHO@99.sub-70-196-2.myvzw.com] has quit [Quit: Bye!]
16:38 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
16:48 < FreezingCold> So maybe I'm misunderstanding OpenVPN, but can I use a cert from somewhere like startssl.com to avoid having to force clients to install a cert?
16:51 < BtbN> The clients have a cert
16:51 < BtbN> Using your own CA is just way easier.
16:56 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
16:58 < FreezingCold> BtbN: Why?
16:58 < BtbN> Because you don't have to run to the CA for each client?
16:58 < BtbN> You can revoke a client without paying StartCom?
16:59 < BtbN> You can issue a new client cert within seconds?
17:03 < FreezingCold> Ah, alright. Generating my own cert... Bit confused, is the common name supposed to be for the client or server?
17:03 < FreezingCold> Common Name (eg, your name or your server's hostname)
17:03 < BtbN> you generate a cert for your server, so your clients can identify it
17:03 < BtbN> and you generate one for each client, so the server can identify them.
17:04 < FreezingCold> Right... So I should be putting the client's name there?
17:04 < FreezingCold> Not the servers?
17:04 < BtbN> Put there whatever you like
17:05 < FreezingCold> Wait, don't I need a different common name for each client though?
17:05 < BtbN> I'm not even sure that's neccesary.
17:05 < BtbN> You should, so you can easy see who's connecting.
17:06 < FreezingCold> It doesn't make sense though, won't I end up writing over my own ca.crt here?
17:06 < FreezingCold> # You will also need to make sure your OpenVPN server config has the duplicate-cn option set
17:06 < BtbN> You use your own CA, sure.
17:07 < FreezingCold> It's implying that I need to somehow create multiple ca.crt, one for each client
17:07 < FreezingCold> ...that... doesn't sound right.
17:07 < BtbN> Every client needs your CAs public key.
17:07 < FreezingCold> "The client must have a unique Common Name in its certificate ("client2" in our example), and the duplicate-cn flag must not be used in the OpenVPN server configuration file."
17:07 < FreezingCold> Is it referring to ca.crt?
17:08 < BtbN> No, why would it?
17:08 < sameer-isa> No. It's referring to the client certificate.
17:08 < sameer-isa> So client2.crt in the example.
17:08 < FreezingCold> sameer-isa: Thanks, that's what I thought. It's just really confusing with how vague it is.
17:08 < BtbN> Don't see anything confusing there.
17:09 < BtbN> It's just a regular CA
17:09 < FreezingCold> Well, I'm going from socks proxies to OpenVPN and learning the basics of PKI at the same time.
17:25 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
17:28 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
17:36 < FreezingCold> BtbN: ahhh, so with OpenVPN multiple servers are common. Got it.
17:36 < BtbN> uhm, no?
17:45 < FreezingCold> =\
17:49 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
17:53 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
18:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 256 seconds]
18:42 -!- Isai [Agent_Isai@unaffiliated/agentisai] has joined #openvpn
18:44 < Isai> Hi, I reinstalled OpenVPN after it broke down (failed to load) but when I tried to do passwd openvpn it said "passwd: user 'openvpn' does not exist"
18:44 < Isai> I can't login to my VPN, any idea why this error is happening?
18:44 < Isai> s/why this error is happening/why user openvpn doesn't exist/
18:48 < Thermi> Isai: Because that user does not exist, obviously. Maybe a problem in the design of the package of your distro.
18:50 < Isai> Thermi: I installed it from the openvpn website, I used dpkg as needed and I'm using Debian so I don't know what is the problem
18:50 < Thermi> Isai: Why did you do that? Now you're on your own. There are a lot of things you could have done wrong.
18:50 < Thermi> Not using the stuff from your distro, to be starting with.
18:50 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Disconnected by services]
18:52 < Thermi> Like I said, the user openvpn does not exist. If you need it, create it as system user and lock it. Make sure to use that account for the openvon process then, as you already created it.
19:00 < FreezingCold> uh, what's my OpenVPN username...?
19:01 < FreezingCold> I don't ever remember setting one
19:07 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:25 < FreezingCold> Is it the literal client.key?
19:29 -!- AMERICAN_PSYCHO [~A_PSYCHO@c-98-239-0-248.hsd1.la.comcast.net] has joined #openvpn
19:59 -!- SubaruSVX [~SubaruSVX@unaffiliated/subarusvx] has joined #openvpn
19:59 < SubaruSVX> !ovpnuke
19:59 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
20:05 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 246 seconds]
20:13 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
20:30 -!- FreezingCold [~FreezingC@135.0.41.14] has quit [Ping timeout: 264 seconds]
20:32 -!- sameer-isa [~sameer@d27-96-224-49.nap.wideopenwest.com] has quit [Quit: ZNC - http://znc.in]
20:32 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
20:40 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
20:40 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:42 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
20:43 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:48 -!- anth0ny_ [~anth0ny@unaffiliated/anth0ny] has joined #openvpn
20:50 < anth0ny_> Can anyone help me troubleshoot some noob connection issues? I’m trying to connect to my Private Internet Access vpn server. I can connect, it creates a tun0 interface with an ip, i can ping 8.8.8.8 but can’t ping google.com. Any ideas?
20:52 < SubaruSVX> what do you have for dns settings?
20:52 < SubaruSVX> from a terminal type nslookup google.com
21:02 < anth0ny_> SubaruSVX: sorry, stepped away
21:03 < anth0ny_> SubaruSVX: http://paste.pound-python.org/show/Z7LXDVkcx6vPiPus8JWw/
21:03 < anth0ny_> oh wait
21:03 < anth0ny_> i’m sorry
21:03 < anth0ny_> that’s totally wrong
21:04 < anth0ny_> (wrong machine)
21:04 < anth0ny_> I’m running Raspian Wheezy, which appears not to have nslookup available in it’s package manager
21:04 < anth0ny_> any alternative ways to do that lookup?
21:21 < SubaruSVX> anth0ny_ it's in the dnsutils package
21:21 < anth0ny_> SubaruSVX: Alright, got it installed, the output is “;; connection timed out; no servers could be reached”
21:23 < SubaruSVX> okay so you need to set a dns server
21:23 < SubaruSVX> it's in /etc/resolv.conf
21:23 < SubaruSVX> nameserver
21:23 < SubaruSVX> and you want that to be 8.8.8.8
21:23 < SubaruSVX> and then you should be all set
21:27 < anth0ny_> SubaruSVX: giving that a try. But, would this only be affected when the VPN is connected?  I can ping google.com when the VPN is disconnected
21:32 < SubaruSVX> on you client's config add dhcp-option DNS 8.8.8.8
21:32 < SubaruSVX> anth0ny_
21:33 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
21:37 < anth0ny_> SubaruSVX: hmm… still no luck
21:37 < anth0ny_> tried both ‘add dhcp-option DNS 8.8.8.8’ and ‘push "dhcp-option DNS 8.8.8.8”’
21:38 -!- catsup [~d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
21:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
21:42 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Remote host closed the connection]
21:44 < anth0ny_> SubaruSVX: okay, I got it, just had to nuke the details from my resolve.conf as you suggested
21:44 < SubaruSVX> nice :D
21:44 < anth0ny_> and disable the network-manager service
21:44 < anth0ny_> thanks for holding my hand
21:44 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
21:44 < SubaruSVX> np
22:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
22:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
22:18 -!- mode/#openvpn [+o mattock1] by ChanServ
22:19 -!- zmachine [uid53369@gateway/web/irccloud.com/x-iouqccvxhajwpvwi] has joined #openvpn
22:34 -!- AMERICAN_PSYCHO [~A_PSYCHO@c-98-239-0-248.hsd1.la.comcast.net] has quit [Remote host closed the connection]
23:02 -!- AMERICAN_PSYCHO [~A_PSYCHO@162.sub-70-196-3.myvzw.com] has joined #openvpn
23:26 -!- james41382__ is now known as james41382
23:44 -!- ShadniX [dagger@p5DDFF32C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:46 -!- ShadniX [dagger@p5481D367.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon May 04 2015
00:01 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 264 seconds]
00:02 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
00:18 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 276 seconds]
00:19 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
00:23 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 240 seconds]
00:25 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
00:26 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:39 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
00:53 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 256 seconds]
00:54 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
01:04 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
01:14 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Quit: Leaving]
01:56 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 256 seconds]
02:03 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
02:10 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 265 seconds]
02:16 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
02:26 -!- zmachine [uid53369@gateway/web/irccloud.com/x-iouqccvxhajwpvwi] has quit [Quit: Connection closed for inactivity]
02:36 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Quit: i don’t know why i think pressing ctrl-c harder will help.]
02:37 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
02:39 -!- anth0ny_ [~anth0ny@unaffiliated/anth0ny] has quit [Quit: anth0ny_]
02:44 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
02:51 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Quit: No Ping reply in 180 seconds.]
02:51 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
02:57 -!- mrtnt [~martint@martint.data.ee] has quit [Quit: leaving]
03:09 -!- AMERICAN_PSYCHO [~A_PSYCHO@162.sub-70-196-3.myvzw.com] has quit [Quit: Bye!]
03:27 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
04:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:01 -!- mode/#openvpn [+o mattock1] by ChanServ
04:31 -!- AMERICAN_PSYCHO [~A_PSYCHO@162.sub-70-196-3.myvzw.com] has joined #openvpn
04:31 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:34 -!- Denial [~Denial@81.141.0.147] has quit []
04:40 -!- Denial [~Denial@81.141.0.147] has joined #openvpn
05:24 -!- Denial [~Denial@81.141.0.147] has quit []
05:27 -!- Denial [~Denial@81.141.0.147] has joined #openvpn
05:33 -!- Denial [~Denial@81.141.0.147] has quit []
05:34 -!- AMERICAN_PSYCHO [~A_PSYCHO@162.sub-70-196-3.myvzw.com] has quit [Quit: Bye!]
05:38 -!- Denial [~Denial@81.141.0.147] has joined #openvpn
05:53 -!- AMERICAN_PSYCHO [~A_PSYCHO@162.sub-70-196-3.myvzw.com] has joined #openvpn
06:03 -!- Denial is now known as Denial-
06:03 -!- Denial- is now known as Denial
06:07 -!- dazo_afk is now known as dazo
06:22 -!- crus [~crusader@124-171-51-25.dyn.iinet.net.au] has joined #openvpn
06:34 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 256 seconds]
06:36 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
06:51 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
07:00 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
07:40 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:51 -!- finnrobi_ [~robb@188.166.35.17] has joined #openvpn
08:02 -!- jesopo [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
08:03 -!- jesopo [Bit@lolpurr.net] has joined #openvpn
08:03 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
08:04 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 246 seconds]
08:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
08:08 -!- moparisthebest [~mitb@gateway/tor-sasl/moparisthebest] has joined #openvpn
08:09 -!- andreyst [~Adium@5.19.188.242] has joined #openvpn
08:24 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
08:32 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
08:47 -!- anth0ny_ [~anth0ny@unaffiliated/anth0ny] has joined #openvpn
09:05 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 252 seconds]
09:06 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
09:11 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:20 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 240 seconds]
09:22 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 252 seconds]
09:22 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
09:28 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
09:28 -!- FreezingCold [~FreezingC@135.0.41.14] has joined #openvpn
09:36 < avril> !welcome
09:36 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
09:36 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:37 < avril> !howto
09:37 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
09:39 -!- anth0ny_ [~anth0ny@unaffiliated/anth0ny] has quit [Quit: anth0ny_]
09:49 -!- cloclo [~clo@LNeuilly-152-22-3-232.w193-251.abo.wanadoo.fr] has joined #openvpn
09:53 -!- cloclo [~clo@LNeuilly-152-22-3-232.w193-251.abo.wanadoo.fr] has quit [Ping timeout: 256 seconds]
09:55 -!- cloclo [~clo@LPoitiers-656-1-54-141.w90-63.abo.wanadoo.fr] has joined #openvpn
09:55 < FreezingCold> er, what's an openvpn username? Just the key name?
09:58 <@plaisthos> --auth-user-pass perhaps?
09:58 < cloclo> hello OpenVpn !
09:59 < FreezingCold> plaisthos: I'm using certs though'
09:59 <@plaisthos> FreezingCold: you asked the strange question :p
09:59 < FreezingCold> plaisthos: I know =\  https://docs.google.com/document/d/18TU22gueH5OKYHZVJ5nXuqHnk2GN6nDvfu2Hbrb4YLE/pub#h.di54dkx8z7qc
09:59 <@vpnHelper> Title: OpenVPN on ChromeOS Documentation (publish) (at docs.google.com)
10:00 < FreezingCold> "USERNAME:  Is your username on the vpn server."
10:00 < cloclo> i got a small problem with on server side a DSR 500N using openVPN and other side a windows 8 , i can connect , but the of open VPN stay yellow :/ in the log all look oki for me http://pastebin.fr/39497. anyone got an idea please ?
10:03 < cloclo> i got this type of error : TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
10:04 < cloclo> i am not sure i have/need to active the TLS :/
10:04 <@plaisthos> FreezingCold: yes and I gave you the anwer
10:04 < FreezingCold> plaisthos: ...where do I even put that?
10:04 < FreezingCold> It doesn't match up with anything.
10:04 <@plaisthos> FreezingCold: just use dummy if you don't use that on your server and see what happens
10:04 < FreezingCold> Ah, alright
10:04 <@plaisthos> cloclo: check the log on the other side
10:05 < cloclo> i ll try add router log level :/
10:17 -!- cloclo [~clo@LPoitiers-656-1-54-141.w90-63.abo.wanadoo.fr] has quit [Ping timeout: 245 seconds]
10:19 -!- AMERICAN_PSYCHO [~A_PSYCHO@162.sub-70-196-3.myvzw.com] has quit [Quit: Bye!]
10:24 -!- Eugene [~eugene@jack.kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
10:24 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
10:26 -!- mode/#openvpn [+o Eugene] by ChanServ
10:30 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 256 seconds]
10:40 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
10:43 -!- andreyst [~Adium@5.19.188.242] has quit [Read error: Connection reset by peer]
10:51 -!- Tobinski [~tobinski@x2f5af51.dyn.telefonica.de] has joined #openvpn
11:00 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
11:04 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 255 seconds]
11:11 -!- _Cyclone_ is now known as _Cyclone_[away]
11:15 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
11:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:36 -!- Tobinski [~tobinski@x2f5af51.dyn.telefonica.de] has quit [Quit: Leaving]
11:49 -!- APTX [~APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer]
11:52 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
11:57 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
11:59 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
12:01 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
12:08 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
12:11 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
12:14 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has joined #openvpn
12:15 < dimitry7> Hi guys, I am connecting through openvpn to my servers. when I do # w, to see who's logged in, I see everybody's IP is the same than my Open VPN's IPs. What can I do to configure that the real connecting IP appears there?
12:19 <+pekster> You don't; that's the entire point of a VPN is that traffic will use the nearest interface to your target
12:20 <+pekster> Have you considered logging your VPN connections so you know "who" is doing it?
12:20 <+pekster> !factoids search logging
12:20 <@vpnHelper> No keys matched that query.
12:20 <+pekster> !factoids search logs
12:20 <@vpnHelper> 'irclogs' and 'logs'
12:20 <+pekster> !factoids search log
12:20 <@vpnHelper> 'irclogs', 'topology', 'blog', 'changelog', 'logs', and 'logfile'
12:21 <+pekster> See the --client-connect hook, or look at a more complete logging solution, such as this project I wrote that supports several popular RDBMS engines: https://github.com/QueuingKoala/openvpn-db-log
12:21 <@vpnHelper> Title: QueuingKoala/openvpn-db-log · GitHub (at github.com)
12:34 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
12:47 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
12:50 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
12:51 -!- zadock [~zadock@81.180.210.87] has quit [Remote host closed the connection]
12:52 -!- satdav [uid15780@firefox/community/satdav] has quit [Client Quit]
12:58 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
12:58 -!- julius__ [~julius@dslb-092-077-101-147.092.077.pools.vodafone-ip.de] has joined #openvpn
12:58 < julius__> hi
12:58 < dimitry7> pekster, okay man, Will log them in the VPN server instead
12:58 < dimitry7> thanks!!
12:59 < julius__> this;: openvpn --config quadcore.conf  --verb 9  gives me zero output, running the same command with strace i can see a lot of lines with "/etc/localtime"           how do i troubleshoot this problem?
13:37 -!- Fuusko [~Fuusko@h-234-229.a216.priv.bahnhof.se] has joined #openvpn
13:38 < Fuusko> I am using openvpn access server in esxi 5.5, when iperfing locally though the udp tunnel i get 250mbit/s, when iperfing from outside (both connections on 100/100mbit) i get 10mbit/s, anyone have any idea what I could be doing wrong?
13:39 < Fuusko> i am using pfsense as firewall/router
13:41 < DArqueBishop> !as
13:41 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
13:47 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:47 -!- mode/#openvpn [+o mattock2] by ChanServ
14:18 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
14:19 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
14:24 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 244 seconds]
14:35 -!- Uber-Ich [~drchroot@unaffiliated/uber-ich] has joined #openvpn
14:37 -!- julius__ [~julius@dslb-092-077-101-147.092.077.pools.vodafone-ip.de] has quit [Remote host closed the connection]
14:38 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
14:43 -!- NinjaBanjo [~NinjaBanj@unaffiliated/ninjabanjo] has joined #openvpn
14:43 < NinjaBanjo> ohai
14:44 < NinjaBanjo> why would I get mismatched client/server certs? I just did a mock setup and the certs didn't match..
14:45 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
15:00 -!- Uber-Ich [~drchroot@unaffiliated/uber-ich] has quit [Quit: WeeChat 1.1.1]
15:11 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has joined #openvpn
15:15 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 246 seconds]
15:15 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
15:15 -!- K1rk [~Kirk@5.135.221.149] has quit [Ping timeout: 246 seconds]
15:16 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
15:16 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
15:18 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has quit [Quit: elfixit]
15:19 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
15:21 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
15:21 -!- mode/#openvpn [+v hazardous] by ChanServ
15:23 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 265 seconds]
15:23 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-dbidokmbxksardiu] has quit [Ping timeout: 265 seconds]
15:24 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
15:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
15:25 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-mnzbvufvtzbgolud] has joined #openvpn
15:26 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 265 seconds]
15:26 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Ping timeout: 265 seconds]
15:26 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
15:27 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
15:27 -!- mode/#openvpn [+o krzee] by ChanServ
15:28 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
15:28 -!- mode/#openvpn [+o syzzer] by ChanServ
15:30 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
15:31 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
15:34 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
15:53 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
15:54 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
15:58 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 265 seconds]
15:58 -!- GoldenGlovez [~GG@78.129.218.25] has quit [Ping timeout: 265 seconds]
15:58 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 265 seconds]
15:58 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
15:58 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 265 seconds]
15:59 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
16:01 -!- GoldenGlovez [~GG@78.129.218.25] has joined #openvpn
16:03 -!- zadock [~zadock@81.180.210.87] has quit [Remote host closed the connection]
16:04 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
16:05 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
16:07 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Ping timeout: 255 seconds]
16:19 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 255 seconds]
16:30 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
16:36 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
16:38 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 240 seconds]
16:44 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
16:47 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
16:49 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 264 seconds]
16:57 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
17:12 -!- crus [~crusader@124-171-51-25.dyn.iinet.net.au] has quit [Quit: ( www.nnscript.com :: NoNameScript 4.22 :: www.esnation.com )]
17:13 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:13 -!- mode/#openvpn [+v s7r] by ChanServ
17:22 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 264 seconds]
17:24 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
17:25 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
17:31 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 264 seconds]
17:36 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
17:38 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:41 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 240 seconds]
17:43 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
17:46 -!- Netsplit *.net <-> *.split quits: moparisthebest
17:46 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
17:48 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 265 seconds]
17:52 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
17:55 -!- SubaruSVX [~SubaruSVX@unaffiliated/subarusvx] has quit [Remote host closed the connection]
17:56 -!- crus [~crusader@124-171-51-25.dyn.iinet.net.au] has joined #openvpn
18:02 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 250 seconds]
18:03 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:04 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
18:09 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 240 seconds]
18:14 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
18:17 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
18:18 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 256 seconds]
18:18 -!- unicodesnowman [~unicodesn@wikipedia/unicodesnowman] has joined #openvpn
18:22 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 244 seconds]
18:22 -!- _Cyclone_[away] [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:23 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
18:24 -!- AMERICA__ [~AMERICAN_@85.sub-166-139-79.myvzw.com] has joined #openvpn
18:25 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
18:28 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
18:31 < NinjaBanjo> I'm hoping someone can help me. I have generated certificates for openvpn, and I verified the client and the server .crt and it said OK, but when I try and connect, I get a certificate failure
18:35 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 272 seconds]
18:37 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Read error: Connection reset by peer]
18:39 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
18:44 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 256 seconds]
18:45 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
18:46 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:47 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
18:51 <+s7r> NinjaBanjo what is the error?
18:51 <+s7r> did you also include the ca certificate and dh ?
18:52 -!- greenstatic [~greenstat@89-212-222-204.dynamic.t-2.net] has joined #openvpn
18:52 -!- greenstatic [~greenstat@89-212-222-204.dynamic.t-2.net] has left #openvpn ["Leaving"]
18:52 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 272 seconds]
18:54 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
18:58 -!- AMERICA__ is now known as AMERICAN_PSYCHO
18:59 -!- dazo is now known as dazo_afk
19:00 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
19:01 < NinjaBanjo> s7r: 1 sec, i appreciate your time just have to take care of something quick
19:04 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 256 seconds]
19:05 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
19:08 < NinjaBanjo> s7r: I get certificate failed to verify, and I have done an openssl verify on the client and on the server. dh is on the server, not on client afaik
19:08 < NinjaBanjo> opensslverify was OK on both
19:09 < unicodesnowman> If anyone is interested in testing our vpn (I'm happy to give you a free subscription), let me know
19:10 < NinjaBanjo> info?
19:12 -!- AMERICAN_PSYCHO is now known as AMERICA__
19:13 < unicodesnowman> NinjaBanjo, I set up a vpn service (privacytoggle.com), looking for some testers. PM me and I'll give you a free sub.
19:14 < NinjaBanjo> oh okay, I'm just looking to get mine configured so I can access my proxmox server and vm's from outside my network
19:14 < NinjaBanjo> but I keep getting certificate failed to verify issues
19:14 < NinjaBanjo> eventhough the crt's match
19:16 -!- FreezingCold [~FreezingC@135.0.41.14] has quit [Ping timeout: 264 seconds]
19:17 <+s7r> you have the key and crt and ca on client side?
19:17 <+s7r> the config is propler?
19:17 <+s7r> do you use tls-auth?
19:17 < NinjaBanjo> yes]
19:17 < NinjaBanjo> lemme get you my client config, just a second
19:19 < NinjaBanjo> http://rocketb.in/paste/BXxdmXI cleaned up personal info, but here is the client config
19:19 < NinjaBanjo> I do have a ta.key as well there,
19:19 <+s7r> i get an error
19:20 <+s7r> can't read that page
19:20 <+s7r> 500 error
19:20 < NinjaBanjo> http://rocketb.in/paste/BR9L76
19:21 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
19:21 <+s7r> you have the ca.crt cand client.crt / client.key in the same folder?
19:22 <+s7r> with the config file?
19:22 < NinjaBanjo> I do
19:22 < NinjaBanjo> same as .conf
19:22 < NinjaBanjo> as well as the ta.key
19:22 <+s7r> the config is correct
19:22 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 240 seconds]
19:22 <+s7r> try downloading your cert and key again
19:23 < NinjaBanjo> okay
19:26 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
19:27 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
19:28 < NinjaBanjo> now I get a TCP_CONNECT failed on some random IP I've never seen
19:29 < NinjaBanjo> 1.193.74 something
19:29 < NinjaBanjo> oh nvm, its not conenting to the vpn now lul
19:29 < NinjaBanjo> we are moving backwards :p
19:30 -!- AMERICA__ [~AMERICAN_@85.sub-166-139-79.myvzw.com] has quit [Quit: Bye!]
19:31 < NinjaBanjo> s7r so now when I make the first connection to the vpn, the openvpn daemon stops running
19:32 < NinjaBanjo> and tun0 dissapears
19:33 < NinjaBanjo> I am getting a verifyOK on CA and key before openvpn dies.
19:34 < NinjaBanjo> lemme paste this to you quick
19:35 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
19:36 < NinjaBanjo> s7r http://rocketb.in/paste/76wZMX
19:36 < NinjaBanjo> thats what I get on the client
19:37 < NinjaBanjo> server log just says client-instance restarting
19:38 < NinjaBanjo> and then closes the socket
19:40 < NinjaBanjo> it looks like my openvpn version might be out of date?
19:40 < NinjaBanjo> I'm on 2.2.1
19:44 < NinjaBanjo> okay, updated the package, now I just get constand resets from the server and it never finishes connecting, certs and keys are all okay
19:45 < NinjaBanjo> I am using tunnelblick on OSX btw
19:46 < NinjaBanjo> "connection reset, restarting" thats the only client log item I get after all the cert and key checks come back OK
19:48 < NinjaBanjo> i got it working XD it was a permissions issue on crl.pem, thanks for being a rubber duck
19:49 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 272 seconds]
19:54 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:1110:6025:4952:a284] has joined #openvpn
20:05 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:11 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
20:17 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:21 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 245 seconds]
20:24 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:29 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 272 seconds]
20:30 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:37 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
20:42 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 245 seconds]
20:43 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:48 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
20:50 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
20:50 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Client Quit]
20:52 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 240 seconds]
20:55 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
21:01 -!- Tagor [~Tagor@5ED0716D.cm-7-1b.dynamic.ziggo.nl] has joined #openvpn
21:03 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 272 seconds]
21:05 < Tagor> I installed openvpn server on my rpi (which is directly connected to the internet) and want to use it with my android phone. I'm able to establish a connection with openvpn but cannot access the internet. DNS doesn't work and I can't ping any ip address. Anyone got an idea what's wrong? This is my config: http://pastebin.com/UvTj6j6h
21:06 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
21:11 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 245 seconds]
21:12 -!- Chais [~Chais@unaffiliated/chais] has joined #openvpn
21:17 -!- Chais [~Chais@unaffiliated/chais] has quit [Ping timeout: 244 seconds]
21:28 -!- anth0ny_ [~anth0ny@unaffiliated/anth0ny] has joined #openvpn
21:29 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:32 -!- Haxxa [~Harrison@CPE-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Excess Flood]
21:33 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
21:48 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
21:49 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
22:01 -!- anth0ny_ [~anth0ny@unaffiliated/anth0ny] has quit [Quit: anth0ny_]
22:01 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
22:02 -!- anth0ny_ [~anth0ny@unaffiliated/anth0ny] has joined #openvpn
22:07 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Max SendQ exceeded]
22:08 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
22:09 -!- anth0ny_ [~anth0ny@unaffiliated/anth0ny] has left #openvpn []
22:09 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 272 seconds]
22:32 -!- Fuusko [~Fuusko@h-234-229.a216.priv.bahnhof.se] has quit [Ping timeout: 256 seconds]
22:37 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
22:42 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Remote host closed the connection]
22:43 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
22:48 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has quit [Ping timeout: 265 seconds]
23:00 -!- Tagor [~Tagor@5ED0716D.cm-7-1b.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
23:26 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Read error: Connection reset by peer]
23:44 -!- ShadniX [dagger@p5481D367.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:45 -!- ShadniX [dagger@p5481D6FE.dip0.t-ipconnect.de] has joined #openvpn
23:45 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 255 seconds]
--- Day changed Tue May 05 2015
00:08 -!- AMERICAN_PSYCHO [~AMERICAN_@137.sub-70-196-11.myvzw.com] has joined #openvpn
00:42 -!- FreezingCold [~FreezingC@135.0.41.14] has joined #openvpn
00:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:46 -!- mode/#openvpn [+o mattock1] by ChanServ
00:47 < FreezingCold> Ugh, this is driving me crazy.
00:47 < FreezingCold> Chrome OS is prompting me for a fscking username and password with OpenVPN.
00:47 < FreezingCold> the hell am I suppose to enter?
00:57 < FreezingCold> heh, I entered random things and it connected..
00:57 < FreezingCold> No network connection though.
01:02 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
01:02 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:02 -!- badon_ is now known as badon
01:05 -!- FreezingCold [~FreezingC@135.0.41.14] has quit [Ping timeout: 264 seconds]
01:11 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
01:58 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
02:09 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:31 -!- surxenberg [~nigger@84-73-70-75.dclient.hispeed.ch] has joined #openvpn
02:31 < surxenberg> hello
02:31 < surxenberg> I have a small question
02:32 < surxenberg> I have an openvpn server on port 1197. The gateway is configured to forward the port 1197 to this machine and I can connect with vpn just fine, but only to this host. I cannot connect to any other machine in the network. I'm assuming some firewall settings are wrong, but I have no idea...
02:59 -!- julius__ [~julius@dslb-092-077-105-099.092.077.pools.vodafone-ip.de] has joined #openvpn
02:59 < julius__> hi
02:59 < julius__> !configs
02:59 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
03:04 < julius__> hey guys, just made a beautiful post with alle your favorite logs, configs and what have you not...could you please take a look?
03:04 < julius__> https://forums.openvpn.net/topic18781.html
03:04 <@vpnHelper> Title: OpenVPN Support Forum openvpn wont start, zero output : Configuration (at forums.openvpn.net)
03:15 -!- surxenberg [~nigger@84-73-70-75.dclient.hispeed.ch] has quit [Quit: leaving]
03:27 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
03:32 -!- defswork [~andy@mailhost.mirrormail.co.uk] has joined #openvpn
03:33 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
03:33 < defswork> with MULTI: bad source address from client [fe80::659f:3e6:9b35:21e9], packet dropped logs is there any significance of the hex number ?
03:33 -!- Ronanok [~ronan@149.11.36.238] has joined #openvpn
03:33 < Ronanok> !welcome
03:34 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:34 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:36 -!- Ronanok [~ronan@149.11.36.238] has left #openvpn []
03:37 -!- Ronanok [~ronan@149.11.36.238] has joined #openvpn
03:39 < Ronanok> !goal
03:39 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
04:03 -!- Ronanok [~ronan@149.11.36.238] has left #openvpn []
04:12 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
04:20 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 272 seconds]
04:20 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
04:51 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
05:03 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
05:14 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
05:19 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
05:21 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:36 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:40 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:47 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
05:48 -!- seg [~seg@fsf/member/seg] has quit [Remote host closed the connection]
05:50 -!- seg [~seg@fsf/member/seg] has joined #openvpn
05:51 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
05:53 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
05:54 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has joined #openvpn
06:03 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
06:10 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has joined #openvpn
06:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 276 seconds]
06:17 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has quit [Remote host closed the connection]
06:18 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
06:35 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has joined #openvpn
06:36 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
06:37 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
06:38 -!- Malinux [~malin@unaffiliated/malin/x-8072090] has quit [Quit: WeeChat 1.0.1]
06:51 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Read error: Connection reset by peer]
06:51 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
06:57 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 250 seconds]
07:00 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:18 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:1110:6025:4952:a284] has quit [Remote host closed the connection]
07:21 -!- dazo_afk is now known as dazo
07:40 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 240 seconds]
07:43 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
07:45 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
07:45 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
07:45 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:49 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Client Quit]
07:51 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
07:55 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
08:05 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
08:18 < Sheraf> Hi, can someone help me understand why my upload drop from 52kB/s to 6kB/s when i go though vpn?
08:20 -!- AMERICA__ [~AMERICAN_@137.sub-70-196-11.myvzw.com] has joined #openvpn
08:22 -!- AMERICAN_PSYCHO [~AMERICAN_@137.sub-70-196-11.myvzw.com] has quit [Ping timeout: 244 seconds]
08:33 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
08:41 <+esde> !crystal
08:41 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
08:41 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
08:42 -!- zheng [~zheng@116.230.206.208] has quit [Max SendQ exceeded]
08:42 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
08:57 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
08:58 -!- AMERICA__ [~AMERICAN_@137.sub-70-196-11.myvzw.com] has quit [Quit: Bye!]
09:03 -!- sh1rtybird [~quassel@beepbeep.serverpit.com] has quit [Remote host closed the connection]
09:04 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
09:06 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
09:06 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
09:06 -!- lophos [~lophos@unaffiliated/lophos] has joined #openvpn
09:07 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:07 < lophos> Please can you confirm that a client 3.2.1 can connect to server 2.2.1 ? (OpenVPN)
09:08 < lophos> I'm trying to set up a new machine and I can't find the problem. Is it possible for two machiens connect to the same servers using the same static key?
09:10 < DArqueBishop> At the same time? No.
09:11 < lophos> ok, and can I connect a client v. 3.2.1 to server version 2.2.1?
09:11 < lophos> (thanks)
09:12 < DArqueBishop> That I don't know the answer to.
09:13 < DArqueBishop> Wait a second.
09:13 < DArqueBishop> 3.2.1?
09:14 < DArqueBishop> The community version of OpenVPN is at version 2.3.6.
09:14 < lophos> I think I'm wrong, it should be 2.3.2
09:15 < lophos> (Slack 14.1)
09:15 < DArqueBishop> I'm pretty sure it will.
09:16 < lophos> thanks! just want to confirm before trying to configure, it's a bit tricky at first
09:28 < lophos> what is the best way to add access through static key to another server?
09:28 < lophos> 1 server - 2 clients
09:29 < DArqueBishop> Have a second server process running.
09:29 < lophos> another tun device?
09:29 < lophos> and port?
09:29 < DArqueBishop> If you're going to have multiple clients, your best bet is to drop the static key in favor of a PKI.
09:29 < DArqueBishop> !pki
09:29 <@vpnHelper> "pki" is (#1) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed specially as a server (see !servercert) or (#2) !certman for various PKI management tools or (#3) see !intro-to-
09:29 <@vpnHelper> pki
09:30 < lophos> thanks
09:30 < lophos> I'll read about pki
09:34 -!- zheng [~zheng@116.230.206.208] has quit [Remote host closed the connection]
09:43 -!- bbert [~bbert@unaffiliated/bbert] has joined #openvpn
09:46 -!- Droolio [~drool@host109-159-43-162.range109-159.btcentralplus.com] has joined #openvpn
09:56 <@ecrist> !ssl-admin
09:56 <@vpnHelper> "ssl-admin" is (#1) if you use freebsd, it is in ports or (#2) svn co https://www.secure-computing.net/svn/trunk/ssl-admin to grab it from svn or (#3) A perl script for managing SSL certificates (being a CA). Makes a good replacement for easy-rsa
09:59 -!- lophos [~lophos@unaffiliated/lophos] has left #openvpn ["Saliendo"]
10:05 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
10:05 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
10:06 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
10:08 -!- rulezzz [~rulezzz@189-212-141-193.static.axtel.net] has joined #openvpn
10:08 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 264 seconds]
10:11 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
10:13 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
10:15 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
10:18 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has joined #openvpn
10:20 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 272 seconds]
10:21 -!- AMERICAN_PSYCHO [~AMERICAN_@85.sub-166-139-79.myvzw.com] has joined #openvpn
10:34 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
10:53 -!- FreezingCold [~FreezingC@135.0.41.14] has joined #openvpn
10:54 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
10:57 < FreezingCold> INFO shill[992]: [INFO:service.cc(300)] Suppressed autoconnect to service 0 (no endpoints)
10:58 < FreezingCold> INFO shill[992]: [INFO:openvpn_management_server.cc(375)] OpenVPN state: CONNECTED
10:58 < FreezingCold> So I'm connected
10:58 < FreezingCold> Just getting an endpoint error.
11:15 < FreezingCold> Anyone?
11:15 <+esde> !logs
11:15 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:15 <+esde> !config
11:15 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
11:15 <+esde> !configs
11:15 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:15 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
11:15 -!- mode/#openvpn [+v s7r] by ChanServ
11:16 < FreezingCold> esde: Alright, one minute.
11:16 < FreezingCold> server.conf: http://ix.io/iit
11:17 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
11:19 <+esde> anything listening at 443?
11:19 <+esde> (other than openvpn)
11:19 -!- moriko [~moriko@141.8.29.164] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:19 < FreezingCold> OpenVPN process options: client,tls-client,remote removed.org,nobind,persist-key,persist-tun,dev tun0,dev-type tun,syslog,proto udp,port 443,tls-auth /tmp/.org.chromium.Chromium.Bvb6Ww,auth-retry interact,comp-lzo,server-poll-timeout 10,ca /var/run/shill/certificate_export/.org.chromium.Chromium.0JpFrM,auth-user-pass,pkcs11-providers libchaps.so,pkcs11-id B45C463BA0F17DE99C2891AEA7318FE8C8DD105D,remote-cert-tls server,key-direction
11:19 < FreezingCold> 1,remote-cert-eku "TLS Web Server Authentication",management 127.0.0.1 33833,management-client,management-hold,management-query-passwords,setenv SHILL_TASK_SERVICE :1.2,setenv SHILL_TASK_SERVICE :1.2,setenv SHILL_TASK_PATH /task/4,script-security 2,up /usr/lib/shill/shims/openvpn-script,up-restart,route-noexec,ifconfig-noexec,user openvpn,group openvpn
11:19 < FreezingCold> That's on the client side.
11:19 < FreezingCold> esde: Er, I don't think it's a firewall issue because I am successfully connecting.
11:20 <+esde> what the fuck is that unformatted mess of text?
11:20 < FreezingCold> But no, nothing else at 443.
11:20 < FreezingCold> heh, Chrome OS
11:20 <+esde> you're positive nothing else is listening on 443?
11:21 < FreezingCold> I can nmap myself if it's make you happy.
11:21 <+esde> No I just needed to confirm
11:21 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
11:21 < FreezingCold> Yeah, I'm 99% sure. Also, I don't think I'd even be able to connect if there was something else listening.
11:21 <+esde> Trying to figure out why you're attempting port 443/udp
11:22 < FreezingCold> If it bothers you I can change it, but it shouldn't make a difference.
11:23 < FreezingCold> Some networks blindly whitelist 80 and 443.
11:24 <+esde> got logs?
11:25 -!- NinjaBanjo [~NinjaBanj@unaffiliated/ninjabanjo] has left #openvpn []
11:28 < FreezingCold> esde: Yep. Want the client ones or server ones?
11:29 <+esde> both
11:29 < FreezingCold> Hold on, just cleaning up my client logs.
11:33 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 264 seconds]
11:39 < FreezingCold> esde: Sorry, had to answer the door. Back now.
11:39 < FreezingCold> esde: http://sprunge.us/XEiQ <- client log.
11:41 <+esde> and the server log is on the way?
11:41 < FreezingCold> esde: er, where the heck is the server log for Ubuntu?
11:42 <+esde> On your system, I don't know. I usually log to /etc/openvpn/openvpn.log
11:42 <+esde> should be defined in server.conf, else it defaults to ssylog IIRC
11:42 <+esde> *sys
11:43 < FreezingCold> status openvpn-status.log?
11:43 <@ecrist> no
11:43 <@ecrist> that's the status log
11:43 <+esde> no, that is just for connected clients
11:44 < FreezingCold> syslog doesn't have any vpn status things in it.
11:44 < FreezingCold> anyway, you can see in the client log that it is connecting.
11:45 <+esde> if openvpn.log (or something simliar) doesnt exist in /etc/openvpn, define it in server.conf, reload and check the logging
11:45 < FreezingCold> grep -i VPN /var/log/syslog
11:45 < FreezingCold> empty.
11:45 <+esde> ^
11:45 < FreezingCold> Alright, I'll do that... But this definitely seems to be client side =\
11:45 <+esde> could be
11:46 <+esde> but theres no way of telling for sure with only half the story
11:47 < FreezingCold> yep, it connects. Hold on, cleaning my server log.
11:49 -!- Droolio [~drool@host109-159-43-162.range109-159.btcentralplus.com] has quit [Quit: Electrons: What goes around comes around.]
11:51 < FreezingCold> esde: http://sprunge.us/Adhf
11:51 < FreezingCold> There's your server log.
11:51 <+esde> openvpn_management_server
11:51 <+esde> is this openvpn AS?
11:52 < FreezingCold> Are you confusing the client logs with the server logs? It's a stock Ubuntu Trusty OpenVPN install, nothing fancy.
11:52 <+esde> ok
11:54 <@ecrist> FreezingCold: no, we are not.
11:54 < FreezingCold> Alright.
11:54 <@ecrist> if you can't find the logs, add the line "log /tmp/openvpn.log" to your config
11:54 <@ecrist> also add "verb 4"
11:55 < FreezingCold> ecrist: What else are you expecting to see....? It's connected from the server's point of view.
11:55 <@ecrist> Also of note - we don't maintain various packages in the wild.  we don't know what the package maintainer for Ubuntu Trusty OpenVPN did.
11:55 <@ecrist> !logs
11:55 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:56 < FreezingCold> Fine, I will do it again.
11:56 <+esde> Is the client on wifi?
11:56 < FreezingCold> Yes.
11:57 < FreezingCold> No ethernet port.
11:57 < FreezingCold> Tue May  5 16:57:09 2015 us=727586 xxxx/xxxxx:48119 MULTI: bad source address from client [192.168.1.218], packet dropped
11:57 < FreezingCold> holy crap
11:57 < FreezingCold> verb 4 actually did give useful info
11:58 <+esde> Might have found a relevant bug report, but the message containing the same line from your client logs had been deleted
11:58 < FreezingCold> Huh? No, it hasn't. I didn't delete any lines.
11:59 <+esde> I never said you did.
12:00 < FreezingCold> Oh.
12:00 <+esde> anywho, may we see some more complete server logs now that verb is 4?
12:02 < FreezingCold> k, cleaning my log up.
12:02 <@ecrist> don't 
12:02 <@ecrist> don't clean it up, just pastebin it, please
12:03 < FreezingCold> ecrist: Excuse me for not wanting to print my real name on IRC.
12:03 <+esde> !topsecret
12:03 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
12:04 <+esde> That is not the only information you've removed from past posts
12:04 <+pekster> Kinda pointless anyway if you mean your certs, because all the fields in your X.509 CN are public by definition, so you're sharing them across the open Internet every time you connect
12:04 < FreezingCold> http://ix.io/iix
12:04 <+pekster> If that bugs you, I'd strongly suggest you don't put private information in fields exchanged in plaintext
12:04 < FreezingCold> pekster: I'm aware that it's public information.
12:05 -!- FreezingCold was kicked from #openvpn by ecrist [don't sanitize your logs]
12:05 -!- FreezingCold [~FreezingC@135.0.41.14] has joined #openvpn
12:06 < FreezingCold> Anyway, esde, see anything useful in there?
12:06 <@ecrist> It's not a complete log, FreezingCold 
12:06 <+esde> Someone in the office is emitting the most appetizing aroma, it's just wafting through the office.... that's natures way of telling me it's lunch time! :P
12:06 <+esde> *thing
12:08 < FreezingCold> ecrist: Okay, you're just complaining for the sake of complaining. I deleted the log and reconnected with my laptop and posted the log from that point.
12:08 < FreezingCold> Well, I could have left the 200 repeated lines of "Tue May  5 16:59:28 2015 us=427193 Laptop/999.999.999.99:48780 MULTI: bad source address from client [192.168.1.218], packet dropped"
12:08 <@ecrist> just because something doesn't appear useful to you, doesn't mean it isn't useful to a person who knows what they're looking for.
12:09 <@ecrist> I'm interested in seeing everything from when the daemon started to when your client connected.
12:09 <@ecrist> and seeing both the client and server logs from the same connection
12:09 < FreezingCold> ecrist: If I regenerate my certs with a different name, will you ban me for that?
12:10 <@ecrist> No.  But I'll ban you if you keep being a dick.
12:11 < FreezingCold> Fine, I'll recreate my logs in absolutely "perfect" condition for you. One minute.
12:11 <@ecrist> I didn't realize Canadian were so rude.
12:12 <@ecrist> They've always been nice when I was in Ottawa...
12:24 < FreezingCold> http://ix.io/iiz
12:24 < FreezingCold> that's with verb 4
12:24 < FreezingCold> server logs.
12:24 <@Eugene> !secret
12:24 <@vpnHelper> "secret" is funny that people use free programs, consult free help for them, run a business with them, but are restricted to say what they do.
12:24 <@Eugene> This is why we don't care about your problem after "cleaning up" your logs
12:24 <@Eugene> !topsecret
12:24 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
12:25 <@Eugene> It's damned infuriating when you have a problem that's caused by a typo, and then you hide the evidence of the typo from us
12:25 < FreezingCold> Eugene: I posted my full log.
12:25 < FreezingCold> [13:24:01] <FreezingCold> http://ix.io/iiz
12:25 <@Eugene> And yet, I still don't care
12:25 < FreezingCold> Well, kinda seems like you do?
12:25 -!- FreezingCold was kicked from #openvpn by Eugene [No, I don't.]
12:25 -!- FreezingCold [~FreezingC@135.0.41.14] has joined #openvpn
12:25 <@ecrist> FreezingCold: why are you using 2.3.2?
12:26 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 245 seconds]
12:26 < FreezingCold> It's currently the maintained package in Trusty. http://packages.ubuntu.com/trusty/openvpn
12:26 <@vpnHelper> Title: Ubuntu – Details of package openvpn in trusty (at packages.ubuntu.com)
12:26 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
12:26 < FreezingCold> Is that relevant, or just a comment?
12:27 <@ecrist> It's always relevant.  you're four minor revisions behind
12:27 <@ecrist> do you have your server and client configs, too, please?
12:29 < FreezingCold> [12:16:48] <FreezingCold> server.conf: http://ix.io/iit
12:29 < FreezingCold> I am pretty sure the issue lies within the client config, which is what I am here for help for.
12:29 < FreezingCold> [12:39:52] <FreezingCold> esde: http://sprunge.us/XEiQ <- client log.
12:29 < FreezingCold> 2015-05-05T01:52:03.961480-04:00 INFO shill[992]: [INFO:service.cc(300)] Suppressed autoconnect to service 9 (no endpoints)
12:31 <@ecrist> where's the client config?
12:31 -!- Malsasa [~Malsasa@36.73.226.141] has joined #openvpn
12:32 <@ecrist> what OS is the client?
12:32 < FreezingCold> ecrist: There is none in OpenVPN format. https://docs.google.com/document/d/18TU22gueH5OKYHZVJ5nXuqHnk2GN6nDvfu2Hbrb4YLE/pub#h.ggh5t9gwahkf
12:32 <@vpnHelper> Title: OpenVPN on ChromeOS Documentation (publish) (at docs.google.com)
12:32 < FreezingCold> Chrome OS.
12:33 < FreezingCold> brb washroom
12:35 <@ecrist> Chrome OS doesn't appear to have proper support for OpenVPN to really work well.
12:35 <@ecrist> https://forums.openvpn.net/topic14452.html
12:35 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN and Chromebook : Off Topic, Related (at forums.openvpn.net)
12:35 <@ecrist> Specifically, I see your default gateway on the server being rejected by the client, and from there, the VPN session is simply broken.
12:37 -!- rulezzz [~rulezzz@189-212-141-193.static.axtel.net] has quit [Ping timeout: 272 seconds]
12:40 < FreezingCold> Right, so I need to play with my gateway?
12:41 <+esde> If it were me, I would ditch the Chromebook. If that weren't an option, I'd configure the openvpn client on a host that has proper support, then use it as a gateway for the Chromebook.
12:42 < FreezingCold> Ditching an entire platform because of one incorrect setting seems a tad excessive.
12:42 <@ecrist> It's not an incorrect setting, according to that post.
12:42 <+esde> And your attitude sucks. Do you absorb any information?
12:43 <@ecrist> It's a lack of support in Chrome OS to import routes from OpenVPN
12:43 <+esde> and coming from ecrist, that comment carries weight
12:43 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
12:43 < FreezingCold> https://docs.google.com/document/d/18TU22gueH5OKYHZVJ5nXuqHnk2GN6nDvfu2Hbrb4YLE/pub#h.ggh5t9gwahkf <- This Google employee seemed to get it working, I spoke with him and he just said "yep,worked out of the box"
12:43 <@vpnHelper> Title: OpenVPN on ChromeOS Documentation (publish) (at docs.google.com)
12:45 < FreezingCold> esde: About 90% of this conversation has been over the format of my logs, I think it's a little understandable why I'm frustrated.
12:46 < FreezingCold> I stated right from the beginning that it was a issue on the client side and I was looking for troubleshooting help on the client side.
12:46 < FreezingCold> Instead you guys bitched for an hour, insisted I post more details servers logs, and then said "oh we give up on the client"
12:47 <+esde> !whining
12:47 <@vpnHelper> "whining" is < MacGyver> If somebody reads your question, and knows the answer, he'll answer it when and how he feels like it. This is IRC, not your company's paid tech support desk. Whining doesn't do any good except annoy the people who could help you.
12:47 <@ecrist> Despite the whining, I've tried to help.
12:47 <+esde> If you don't like the support you're getting from this channel, leave.
12:48 <@ecrist> Despite the accusatory private messages, I've tried to help.
12:48 <@ecrist> Despite you being Canadian, I've tried to help.
12:48 <+esde> Hell I have never, and likely never will, touch a Chromebook, but figured I'd give her a go.
12:48 < FreezingCold> ecrist: Okay, so what can I try aside from "give up"?
12:48 <@ecrist> FreezingCold: Chome OS is not supported.
12:48 <@ecrist> I don't know how more clear I can be.
12:48 <+esde> Go bug you buddy at Google
12:49 <+esde> he seems to have it working
12:49 < FreezingCold> Are you paid to work on OpenVPN?
12:49 < FreezingCold> If so, that explains a *lot*.
12:49 < FreezingCold> ecrist: In the open source community, we generally don't use "not supported" as a bitch out for considering any other platform.
12:49  * esde waves
12:50 <@ecrist> No, I'm not. I've been involved with the project since 2008, however.  krzee and myself built the community as it is today, with a lot of help from others.
12:50 <@ecrist> I *am* nearly done co-authoring a book on OpenVPN, including troubleshooting, config, and customization through scripts.
12:51 <@ecrist> FreezingCold: for quite some time, iOS (Apple's phone OS) was "not supported" because of limitations in the OS and Apple's policy.
12:51 <@ecrist> It's not a cop out.  Donate a few Chrombooks to the dev team and someone will work on it.
12:51 < FreezingCold> By "book", you mean something you're selling, right?
12:51 <@ecrist> Of course.
12:51 < DArqueBishop> "Not supported" generally means "unable" to fix, not "unwilling" to fix.
12:51 < FreezingCold> ecrist: [13:49:09] <FreezingCold> If so, that explains a *lot*.
12:52 < FreezingCold> So, you are indirectly supported by OpenVPN.
12:52 <+esde> Such angst
12:52 < FreezingCold> Which explains your unwillingness to look into anything.
12:52 -!- mode/#openvpn [+b *!*@135.0.41.14] by ecrist
12:52  * esde passes a beer to ecrist 
12:52 <+esde> you handled yourself very well
12:53 <@ecrist> 12:52:50 Ignoring ALL from FreezingCold
12:55 < DArqueBishop> Something tells me he's not as involved with the open source community as he would like to think he is.
12:56 <@ecrist> who?
12:56 < DArqueBishop> FreezingCold.
12:56 <+esde> I see what you did there.jpg
12:56 -!- Irssi: #openvpn: Total of 230 nicks [11 ops, 0 halfops, 4 voices, 215 normal]
12:56 <+esde> Using opensource and being involved in opensource are apples and oranges.
12:56 <@ecrist> very different things, for sure.
12:57 < DArqueBishop> Yup.
12:58 < ngharo> aww, i was just going to pastebin my chromeos openvpn config
12:58 < DArqueBishop> If I had thought to bring it up, I would have said something along the lines of, "Even if he's paid to work on $PROJECT doesn't mean he's paid to support you directly."
12:58 <+esde> I like that one
12:59 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
13:05 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
13:10 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Ping timeout: 250 seconds]
13:14 < julius__> crap...does "Traffic" from the forums show up here once in a while?
13:16 <@ecrist> it would appear so
13:16 <@ecrist> generally, lately, IRC has been pretty pleasant, though.
13:18 -!- Malsasa [~Malsasa@36.73.226.141] has quit [Read error: Connection reset by peer]
13:32 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 276 seconds]
13:37 -!- nutron [~nutron@unaffiliated/nutron] has quit [Ping timeout: 246 seconds]
13:51 -!- AMERICAN_PSYCHO [~AMERICAN_@85.sub-166-139-79.myvzw.com] has quit [Quit: Bye!]
14:07 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
14:11 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
14:12 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
14:14 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Remote host closed the connection]
14:24 -!- julius__ [~julius@dslb-092-077-105-099.092.077.pools.vodafone-ip.de] has quit [Ping timeout: 255 seconds]
14:31 -!- ret123 [JKDF2-COM@96.89.211.216] has joined #openvpn
14:32 <+esde> !welcome
14:32 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
14:32 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:32 <+esde> !howto
14:32 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
14:32 <+esde> !wiki
14:32 <@vpnHelper> "wiki" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN for the Unofficial wiki or (#2) https://community.openvpn.net/openvpn/wiki for the Official wiki
14:37 < ret123> How can I create a VPN where the client gets a EXTERNAL INTERNET STATIC IP. I own a internet static IP that is different than my VPN server IP.
14:37 < ret123> I do not want the client to have the SAME INTERNET STATIC IP as the VPN server
14:39 < DArqueBishop> ret123: let me see if I understand you correctly. Do you want all internet traffic to go through the VPN, but show as being from your static IP as opposed to the VPN server's IP?
14:40 < ret123> yeah
14:40 < ret123> is that possible?
14:41 < ret123> I want the VPN client to be able to host games at the VPN assigned external IP
14:41 < ret123> where all ports are open
14:41 < ret123> client has the game host ports blocked so I am trying to use VPN to solve this issue
14:43 < DArqueBishop> In short, the answer is no. You can't just assign an IP address to a machine that's not part of that subnet.
14:43 < DArqueBishop> (I'm assuming the VPN server and your static IP address are on different networks.)
14:43 < DArqueBishop> Are you the admin of the VPN server?
14:48 < ret123> yes
14:48 < ret123> no VPN server and static IP are on the same network
14:48 < ret123> VPN server is connected to a gateway/router that will accept the additional static ip
14:49 < ret123> actually my VPN client could use the SAME STATIC IP as the VPN server if the VPN server forwarded a specific port range to the client
14:50 < ret123> the VPN client could stay on the default subnet or whatever
14:50 < ret123> is there a way to port forward/DMZ from the VPN server to a vpn client?
14:51 <+esde> so that the VPN client is listening on a port, at the VPN client's external address?
14:51 < ret123> Exactly!
14:52 <+esde> yes
14:52 < ret123> Under user permissions in OpenVPN AS, there is a "DMZ settings" option
14:52 < ret123> I have OpenVPN AS running as a virtual appliance
14:52 <+esde> But there's a few things to do before that point.
14:52 < ret123> ok
14:53 < ret123> thanks for staying with me so far
14:53 <+esde> We are dealing strictly in openvpn community here, no AS support
14:54 < DArqueBishop> !as
14:54 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
14:54 <+esde> DArqueBishop, he came from there
14:54 < DArqueBishop> Oh.
14:54 <+esde> they couldn't satisfy his need for static external ip
14:54 < DArqueBishop> Oops.
14:54 < DArqueBishop> Carry on, then.
14:55 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
14:55 <+esde> Start with !howto, if you feel froggy look at !redirect, and configure your server. If you have any specific question, ask us in here (with whatever relevant details you have) and we will help.
14:56 <+esde> For starters you want to be able to connect to the server as a client, ping the openvpn server (generally 10.8.0.1), ping google.com, and the like. After that, you can start making changes to your configuration to accomplish your goal.
14:57 < ret123> Once I get that set up is my idea possible?
14:58 < DArqueBishop> I'd say your idea is possible.
14:58 < DArqueBishop> You'd have to do some futzing with iptables to get ports forwarded.
14:58 <+esde> I can't say yes. I have never attempted what your goal is. However, community is much more versatile than AS. Given the users idling in here, I see no reason why it couldn't be accomplished, if it is in fact possible. :)
14:58 < DArqueBishop> (Provided you're on Linux. Other OSes have their own tools.)
14:59 <+esde> Oh the vpn clients port forwarding is small potatoes
14:59 <+esde> it's the weird static ip configuration that is fringe
14:59 < DArqueBishop> esde: I'm pretty sure it's doable.
15:00 <+esde> the port forwarding is just an iptables rule that says if this port on external IP, forward to this internal ip at this port
15:00 <+esde> (on the server)
15:04 < ret123> Ok thank you, I figured this would come down to iptables at some point
15:04 < ret123> I'm going to ask a quick question about DMZ in AS before I try this
15:17 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has quit [Ping timeout: 272 seconds]
15:19 -!- AMERICAN_PSYCHO [~AMERICAN_@85.sub-166-139-79.myvzw.com] has joined #openvpn
15:21 -!- dazo is now known as dazo_afk
15:21 -!- AMERICAN_PSYCHO [~AMERICAN_@85.sub-166-139-79.myvzw.com] has quit [Max SendQ exceeded]
15:22 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
15:23 -!- AMERICAN_PSYCHO [~AMERICAN_@85.sub-166-139-79.myvzw.com] has joined #openvpn
15:24 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
15:31 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
15:31 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
15:35 -!- crus [~crusader@124-171-51-25.dyn.iinet.net.au] has quit [Remote host closed the connection]
15:38 -!- endzYme [~endzYme@ec2-52-10-45-178.us-west-2.compute.amazonaws.com] has joined #openvpn
15:41 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
15:41 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Ping timeout: 256 seconds]
15:41 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
15:45 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:47 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:53 -!- caliculk [~caliculk@unaffiliated/caliculk] has quit [Ping timeout: 244 seconds]
15:54 -!- caliculk [~caliculk@unaffiliated/caliculk] has joined #openvpn
16:04 -!- rika [rika@trivialand/guesser/rika] has quit [Quit: oO]
16:04 -!- rika [rika@trivialand/guesser/rika] has joined #openvpn
16:05 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has quit [Quit: ZNC - http://znc.in]
16:20 -!- AMERICA__ [~AMERICAN_@85.sub-166-139-79.myvzw.com] has joined #openvpn
16:22 -!- AMERICAN_PSYCHO [~AMERICAN_@85.sub-166-139-79.myvzw.com] has quit [Ping timeout: 244 seconds]
16:36 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
16:38 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
16:51 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:00 -!- fred`` [fred@earthli.ng] has quit [Quit: +++ATH0]
17:16 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 240 seconds]
17:17 -!- grache28 [~noodles@s178255151130.blix.com] has quit [Ping timeout: 256 seconds]
17:20 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has quit [Quit: Tension, apprehension, and dissension have begun.]
17:21 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Ping timeout: 255 seconds]
17:21 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
17:25 -!- fred`` [fred@earthli.ng] has joined #openvpn
17:28 -!- zalami_ [~realnameo@unaffiliated/zalami] has joined #openvpn
17:28 -!- JackWinter_ [~jack@vodsl-4965.vo.lu] has joined #openvpn
17:28 -!- Zimsky-- [~alice@unaffiliated/zimsky] has joined #openvpn
17:30 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 252 seconds]
17:30 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Ping timeout: 252 seconds]
17:30 -!- willeponken [~willeponk@2a03:b0c0:2:d0::1c0:f003] has quit [Ping timeout: 252 seconds]
17:30 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 252 seconds]
17:30 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 252 seconds]
17:30 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 252 seconds]
17:30 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 252 seconds]
17:30 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
17:31 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
17:31 -!- mete [~mete@91.247.253.160] has joined #openvpn
17:43 < endzYme> hi - quick question - so when setting up many point to points - for example between there datacenters - would it be correct that each datacenter only learns routes from it's client configurations to the other datacenters?
17:57 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:01 <@Eugene> That's correct
18:01 <@Eugene> For doing a multi-DC deployment you may want to use purely PtP tunnels and run a routing protocol(eg, OSPF) to provide resiliency against link failures
18:11 -!- AMERICA__ is now known as AMERICAN_PSYCHO
18:11 -!- AMERICAN_PSYCHO is now known as AMERICA__
18:36 -!- AMERICA__ [~AMERICAN_@85.sub-166-139-79.myvzw.com] has quit [Quit: Bye!]
18:47 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
18:54 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
19:16 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:30 -!- AMERICAN_PSYCHO [~AMERICAN_@82.sub-70-196-2.myvzw.com] has joined #openvpn
19:35 -!- Tagor [~Tagor@5ED0716D.cm-7-1b.dynamic.ziggo.nl] has joined #openvpn
19:35 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
19:36 < Tagor> I installed openvpn server on my rpi (which is directly connected to the internet) and want to use it with my android phone. I'm able to establish a connection with openvpn but cannot access the internet. DNS doesn't work and I can't ping any ip address. Anyone got an idea what's wrong? This is my config: http://pastebin.com/UvTj6j6h
19:37 <+esde> config looks sane
19:37 <+esde> what do logs show?
19:37 <+esde> !logs
19:37 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
19:38 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
19:38 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
19:42 -!- Isai [Agent_Isai@unaffiliated/agentisai] has quit [Quit: Logging Off...]
19:42 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 265 seconds]
19:42 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
19:44 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
19:46 -!- AMERICAN_PSYCHO [~AMERICAN_@82.sub-70-196-2.myvzw.com] has quit [Quit: Bye!]
19:51 -!- AMERICA__ [~AMERICAN_@82.sub-70-196-2.myvzw.com] has joined #openvpn
19:53 -!- AMERICA__ [~AMERICAN_@82.sub-70-196-2.myvzw.com] has quit [Max SendQ exceeded]
19:55 -!- Isai [Agent_Isai@unaffiliated/agentisai] has joined #openvpn
19:56 -!- AMERICAN_PSYCHO [~AMERICAN_@82.sub-70-196-2.myvzw.com] has joined #openvpn
19:58 < Tagor> esde: the logs don't give me much clue either: http://pastebin.com/gQprDFLC
20:00 <+esde> set verb 4
20:01 < Tagor> esde: does it actually log anything about the connections of the client to the internet?
20:01 <+esde> huh?
20:02 < Tagor> esde: the client is able to make a connection with the openvpn server. But I cannot access the internet on the client. DNS is not working nor can I ping a public ip address
20:03 <+esde> it logs the status (if configured), and details about the status of openvpn as it's running (debugging if verbosity is set high enough)
20:03 <+esde> !redirect
20:03 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
20:03 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
20:03 <+esde> is probably what you're after
20:03 <+esde> check the flowchart
20:09 < Tagor> !def1
20:09 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
20:17 -!- AMERICAN_PSYCHO [~AMERICAN_@82.sub-70-196-2.myvzw.com] has quit [Ping timeout: 244 seconds]
20:19 < Tagor> esde: I don't seem to be able to ping the local and public ip address of the vpn server. In the log of the openvpn server I get a lot of 'MULTI: bad source address from client [10.56.200.24], packet dropped' messages. I tried to use client-config-dir but that did not change anything
20:20 <+esde> stop and take a second
20:20 <+esde> please gather the client and server logs, and both configs, and post them for us to check out
20:21 <+esde> !configs
20:21 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:21 <+esde> and logs is above, dont worry about server conf if you've reverted it to what you posted earlier
20:21 <+esde> just make sure the logs you post match the configs you post
20:24 -!- AMERICAN_PSYCHO [~AMERICAN_@82.sub-70-196-2.myvzw.com] has joined #openvpn
20:25 -!- AMERICAN_PSYCHO [~AMERICAN_@82.sub-70-196-2.myvzw.com] has quit [Read error: Connection reset by peer]
20:36 <@ecrist> Tagor: did you get your stuff fixed?
20:37 <@ecrist> I'm guessing you're missing net.ip.forwarding->1
20:37 <@ecrist> and a way to NAT outbound traffic
20:38 <+esde> !linipforward
20:38 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
20:38 <+esde> and if you need help with the nat rule, just ask
20:41 < Sheraf> Any idea why my upload drop from 50ko/s to 6ko/s when i go through the vpn?
20:41 < Sheraf> it's pretty anoying :/
20:42 < Tagor> esde: thanks for your help. Here is my config: http://pastebin.com/RXLVySix and logs: http://pastebin.com/nsERCpfU
20:42 <+esde> !crystal
20:42 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
20:42 <+esde> Sheraf ^
20:42 < Tagor> ecrist: not yet: cat /proc/sys/net/ipv4/ip_forward: 1
20:42 <@ecrist> is your firewall blocking the vpn traffic?
20:42 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 265 seconds]
20:42 < Tagor> ecrist: I disabled my firewall and iptables --flush
20:43 < Sheraf> !configs
20:43 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
20:43 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:43 -!- freeroute [freeroute@gateway/vpn/mullvad/x-mbdsufwtxptovyhl] has joined #openvpn
20:43 < freeroute> !welcome
20:43 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
20:43 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:44 <+esde> Tagor, do you have ufw or similar package configured?
20:45 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
20:45 < Tagor> esde: APF firewall, but I disabled it and used the iptables commands that are listed after the config files
20:47 < freeroute> hi, I want to be able to securely connect using files provided by Mullvad VPN. You can get those files here - https://mullvad.net/en/setup/openvpn/ (temporary, lasts about 2 hours). My question would be: if someone else knows my account number, wouldn't he be able to get the same files as me and basically be able to MITM?
20:47 <@vpnHelper> Title: Mullvad - OpenVPN (at mullvad.net)
20:48 <+esde> !iptables-save
20:48 <+esde> !iptables-rules
20:48 <@vpnHelper> "iptables-rules" is When posting iptables rules, please use the `iptables-save` syntax as it is easiest to read. While we try to be helpful, #netfilter may be more appropriate for complex netfilter issues
20:48 <+esde> Tagor, ^
20:49 <+esde> freeroute, how would they do that?
20:51 < freeroute> esde: this is the contents of one of those zip files - http://kpaste.net/7cbc - if someone can get those files as well, he would be able to log in from my account, right?
20:52 < Tagor> esde: http://pastebin.com/ftXNUwWj this might be helpful as well: http://pastebin.com/nuXaA6BB
20:52 <+esde> question, did you obtain these files from an "account management" page or something that you had to login to?
20:52 <+esde> freeroute, ^
20:53 <+esde> Tagor, see the !iptables-save factoid please
20:53 <+esde> *rules, but the save command is what we need you to use
20:53 < freeroute> esde: no, those files were available to me after filling in the captcha (see the first link I provided). After that you can 'login' by filling in your account number in that field, after which you can download those zip files again.
20:54 <+esde> i am confused
20:55 <+esde> "You need to log in to download a configuration"
20:56 < Tagor> esde: I just sent you the iptables-save output. Is it something else you need?
20:56 <+esde> I saw iptables --list at the top...
20:57 <+esde> !ifconfig-linux
20:57 <@vpnHelper> "ifconfig-linux" is Avoid use of 'ifconfig' and 'route' commands on modern Linux distros. It's old, deprecated, and often misleading/wrong. Use the 'ip a' and 'ip r' commands instead. More info: http://inai.de/2008/0219-ifconfig-sucks.php
20:57 < freeroute> esde: just go to that page and fill in the captcha. After correct captcha it gives you an account number and the zip files you can download. That account number later on can be used to fill into that first field and pressing login.
20:57 < Tagor> esde: http://pastebin.com/ftXNUwWj
20:57 < freeroute> so my concern is if someone has that account number (which is basically a string of numbers) he can then fill them in that page and get the same zip files I got.
20:57 <+esde> freeroute, my guess is the account number makes something unique about the files you're downloading. if that's the case you're fine. if that's not the case, i am still confuse
20:58 < Tagor> esde: that was a second pastebin (http://pastebin.com/nuXaA6BB) that contained the output of iptables --list, route and ifconfig
20:58 <+esde> ah
20:58 <+esde> long day
21:00 <+esde> for shiggles, try this sudo sysctl -w net.ipv4.ip_forward=1
21:01 < Tagor> esde: net.ipv4.ip_forward = 1
21:02 <+esde> I get that it's set to 1
21:02 <+esde> however in some cases you may need to reboot for it to take effect, the command i provided avoids that
21:03 < Tagor> esde: I'll reboot and try again
21:03 <+esde> that's not what you need
21:04 <+esde> something else is causing it to fail
21:05 -!- AMERICAN_PSYCHO [~AMERICAN_@82.sub-70-196-2.myvzw.com] has joined #openvpn
21:06 <+esde> try getting rid of this line ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
21:08 -!- AMERICAN_PSYCHO [~AMERICAN_@82.sub-70-196-2.myvzw.com] has quit [Excess Flood]
21:08 < Tagor> esde: I just did, but it didn't change anything
21:10 < Sheraf> weird, if i change my openvpn port, i don't get the upload speed issue
21:10 < Sheraf> i actually get a better upload than my regular connection
21:11 < Sheraf> which mean my ISP is thorttling on the DNS port ...
21:11 < Sheraf> great
21:11 < Sheraf> only in upload though
21:11 <+esde> try iperf for throttling testing
21:12 <+esde> !iperf
21:12 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:15 < Tagor> esde: thanks for your help. I just imported the exact same config on my tablet. Guess what? It works perfectly on my tablet... I'm gonna solve the issue by throwing that stupid phone out of the window
21:15 <+esde> \m/
21:17 < Sheraf> yep iperf confirm
21:18 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
21:18 < Sheraf> would someone mind doing a iperf from there server? i wonder if it's my client ISP or my server ISP
21:19 <+esde> spin up a vps at some low-end host, if need be
21:20 < Sheraf> you know any free one?
21:20 < Sheraf> which is on DNS port
21:20 <+esde> http://iperf.scottlinux.com/
21:20 <@vpnHelper> Title: iperf.scottlinux.com | Public Ipv4 and IPv6 iperf server (at iperf.scottlinux.com)
21:20 <+esde> DNS is 53
21:26 < Sheraf> i get the same bandwith from both my client and server
21:26 < Sheraf> that's weird
21:28 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 265 seconds]
21:30 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
21:32 < Sheraf> openvpn can't listen on differents port at the same time? :(
21:32 <+esde> just use another daemon
21:32 <+esde> different private subnet though
21:33 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
21:33 < Sheraf> i want to keep the same subnet :/
21:33 < Sheraf> would it work with some iptables redirection?
21:33 <+esde> why?
21:33 <+esde> just play with iptables
21:33 < Sheraf> ok
21:34 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
21:37 <+esde> actually after checking, it might work with more than one port at once
21:37 <+esde> i've never tried it myself
21:37 <+esde> OK create a separate config for each port
21:38 <+esde> only change the port number
21:38 <+esde> then restart openvpn
21:38 -!- AMERICAN_PSYCHO [~AMERICAN_@95.sub-70-196-5.myvzw.com] has joined #openvpn
21:39 < Sheraf> works good with the iptables rule
21:39 <+esde> OK. just letting you know you can use multiple ports without a lot of extra work
21:39 <+esde> or messing with iptables even
21:41 < Sheraf> so i just copy the config a change the port and restart, ill try that then
21:44 < Sheraf> doesn't work
21:45 < Sheraf> iptables will do
21:45 < Sheraf> thanks
21:46 <+esde> np
22:42 -!- freeroute [freeroute@gateway/vpn/mullvad/x-mbdsufwtxptovyhl] has quit [Ping timeout: 256 seconds]
22:44 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Ping timeout: 272 seconds]
22:51 -!- Tagor [~Tagor@5ED0716D.cm-7-1b.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
22:59 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
23:11 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 248 seconds]
23:19 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
23:23 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
23:24 -!- zuron7 [~zuron7@122.172.175.98] has joined #openvpn
23:43 -!- ShadniX [dagger@p5481D6FE.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:45 -!- ShadniX [dagger@p5481D083.dip0.t-ipconnect.de] has joined #openvpn
23:57 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
23:59 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
23:59 -!- mode/#openvpn [+o krzee] by ChanServ
--- Day changed Wed May 06 2015
00:10 -!- Malsasa [~Malsasa@36.73.226.141] has joined #openvpn
00:16 -!- freeroute [freeroute@gateway/vpn/mullvad/x-ijffwiqujihqxqyk] has joined #openvpn
00:29 -!- Malsasa [~Malsasa@36.73.226.141] has quit [Remote host closed the connection]
00:30 -!- Malsasa [~Malsasa@36.73.226.141] has joined #openvpn
00:44 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
00:45 -!- zadock [~zadock@81.180.210.87] has quit [Max SendQ exceeded]
00:49 -!- early [~early@2607:5300:100:200::160d] has quit [Ping timeout: 256 seconds]
00:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:55 -!- mode/#openvpn [+o mattock1] by ChanServ
00:56 -!- hojgaard [~dh@78.156.117.236] has quit [Remote host closed the connection]
00:58 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
00:59 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
01:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
01:17 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
01:23 -!- zuron7 [~zuron7@122.172.175.98] has quit [Ping timeout: 272 seconds]
01:41 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
01:57 -!- Papey [~Papey@ks3364303.kimsufi.com] has quit [Quit: LONGUE VIE À L'ORTIE]
02:14 -!- AMERICA__ [~AMERICAN_@95.sub-70-196-5.myvzw.com] has joined #openvpn
02:16 -!- AMERICAN_PSYCHO [~AMERICAN_@95.sub-70-196-5.myvzw.com] has quit [Ping timeout: 244 seconds]
02:21 < freeroute> !howto
02:21 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
02:40 -!- finnrobi_ [~robb@188.166.35.17] has left #openvpn []
03:05 -!- freeroute [freeroute@gateway/vpn/mullvad/x-ijffwiqujihqxqyk] has quit [Ping timeout: 255 seconds]
03:10 -!- AMERICA__ [~AMERICAN_@95.sub-70-196-5.myvzw.com] has quit [Quit: Bye!]
03:18 -!- colo-work [~jt@78.142.138.4] has joined #openvpn
03:27 -!- AMERICAN_PSYCHO [~AMERICAN_@95.sub-70-196-5.myvzw.com] has joined #openvpn
03:49 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:56 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
03:58 -!- Netsplit *.net <-> *.split quits: seg, james41382_
04:00 -!- Netsplit over, joins: james41382_, seg
04:06 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
04:18 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
04:22 -!- Malsasa [~Malsasa@36.73.226.141] has quit [Read error: Connection reset by peer]
04:45 -!- AL13N_work [~alien@91.183.52.232] has joined #openvpn
04:45 < AL13N_work> is there a way to keep openvpn running with missing files?
04:46 < AL13N_work> so that i could generate certs later and then send SIGUSR1 ?
04:59 -!- RoyK [~roy@77.88.71.251] has joined #openvpn
05:00 -!- RoyK [~roy@77.88.71.251] has left #openvpn []
05:00 -!- RoyK [~roy@77.88.71.251] has joined #openvpn
05:01 < RoyK> hi all. anyone that knows if openvpn will perform better with jumboframes than with normal 1500b frames?
05:14 -!- testcase [5d735310@gateway/web/cgi-irc/kiwiirc.com/ip.93.115.83.16] has joined #openvpn
05:15 < testcase> hello, I have an issue with weechat that it doesn't connect to freenode unless I use the NetworkManager. Here is a bit more detail - http://paste2.org/v3a658jW
05:16 < testcase> eventually I want to connect using CLI only, but this seems to hurdle it
05:17 < testcase> over at #weechat they said that it was probably a VPN issue, so this is why I came here
05:24 -!- dazo_afk is now known as dazo
05:28 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
05:41 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
05:53 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
05:58 < testcase> I am sorry if I am doing something wrong, but do I have to provide any additional information next to this? I'm pretty new to openvpn
05:58 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
06:22 -!- freeroute [~weechat@gateway/vpn/privateinternetaccess/freeroute] has joined #openvpn
06:22 -!- freeroute [~weechat@gateway/vpn/privateinternetaccess/freeroute] has left #openvpn []
06:32 <@dazo> !notovpn
06:32 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
06:34 <@dazo> testcase: ^^^ ... This sounds like an issue with NetworkManager or weechat not registering that you are online .... the core openvpn (which support here primarily) doesn't depend on NM at all.  So it won't provide any indication if your online or not
06:35 <@dazo> so it's hard for us to help you further .... (btw. this time of day is a low-peak period here, so you'll have to hang around for some more hours to get more attention)
06:39 < testcase> dazo: ah I see, sorry in that case. It's just that I thought I was doing the "pure openvpn" when I issued that command. I'll ask over at #networkmanager or #gnome if it's an NM issue.
06:39 <@dazo> Your issue with weechat has nothing to do with openvpn, that's for sure
06:39 <@dazo> esp. if you use openvpn from the command line
06:40 <@dazo> so if weechat depends on NetworkManager to tell it if you're online or not ... you should be able to override that somehow, that's either a weechat or NM issue
06:42 < testcase> hmm, I don't think it depends on NM since it's basically a terminal application, although I'm not entirely sure. I'm not a developer or anything.
06:45 < testcase> #weechat says no. So I'll have to head over to NM related channels.
06:47 <@dazo> NM doesn't mean it's only gui ... NM is a system component, and applications can interact with NM regardless of being gui or console based
06:47 < testcase> heh, so it's more than meets the eye.
07:00 -!- teotwaki [~teotwaki@Maemo/community/contributor/crashanddie] has joined #openvpn
07:00 < teotwaki> Hi, is it possible to have the same port bound to a site-to-site VPN and a client-server VPN?
07:04 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
07:28 -!- Isai [Agent_Isai@unaffiliated/agentisai] has quit [Quit: Logging Off...]
07:35 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
07:44 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has joined #openvpn
07:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
07:53 -!- ausjke [~xxiao@li259-246.members.linode.com] has quit [Remote host closed the connection]
07:56 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Excess Flood]
07:56 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 240 seconds]
07:57 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
07:58 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
08:00 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
08:08 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 272 seconds]
08:14 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has quit [Read error: Connection reset by peer]
08:18 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 240 seconds]
08:18 -!- AMERICAN_PSYCHO [~AMERICAN_@95.sub-70-196-5.myvzw.com] has quit [Quit: Bye!]
08:24 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
09:17 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
09:18 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
09:40 -!- testcase [5d735310@gateway/web/cgi-irc/kiwiirc.com/ip.93.115.83.16] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
09:51 < endzYme> Eugene: when you mentioned a "purely PtP" tunnel scenario - does this imply only one client connects to one server? or if you have three DCs, each dc has two client configs and one server config.
10:12 <@Eugene> endzYme - the latter, with additionally only routes for the VPN link between the client and the server inside - no client-to-client stuff
10:30 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:39 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
10:50 < endzYme> Eugene: i see - so a separate network range per DC tunX. would they need to be 'bridged' connections for the ospf chatter/discovery?
10:51 <@Eugene> They need to be tap devices, but not bridged
10:51 < endzYme> actually instead of asking you about each ingredient - perhaps there's a doc or some article you have handy :]
10:52 < endzYme> so TAP basically means a "wan" of sorts, a single broadcast domain
10:52 < endzYme> TAP devices facilitate this intead of ptp
10:57 < endzYme> i see sorry - just reading more online
10:57 < endzYme> thanks again
10:58 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
11:01 -!- dyce [~quassel@ns3290920.ip-5-135-184.eu] has joined #openvpn
11:13 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 264 seconds]
11:15 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Quit: ZNC - http://znc.in]
11:16 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:17 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
11:42 < endzYme> does openvpn provide commercial support?
11:42 <+esde> !as
11:42 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
11:42 <+esde> yes ^
11:42 < endzYme> esde: thanks!
11:43 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
11:45 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
11:48 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
11:59 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
12:00 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
12:07 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 265 seconds]
12:08 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
12:13 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 240 seconds]
12:17 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
12:40 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
12:41 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Client Quit]
12:42 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
13:02 -!- OG_s7eele [~AndChat52@108.61.68.147] has joined #openvpn
13:02 -!- OG_s7eele [~AndChat52@108.61.68.147] has quit [Client Quit]
13:03 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 246 seconds]
13:05 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
13:16 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
13:17 -!- Guest86751 [debian-tor@openvpn/user/s7r] has joined #openvpn
13:17 -!- mode/#openvpn [+v Guest86751] by ChanServ
13:18 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Quit: ZNC - http://znc.in]
13:19 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
13:24 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
13:24 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
13:31 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has joined #openvpn
13:34 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:47 -!- billwat [~billwat@207.35.219.98] has joined #openvpn
13:47 -!- jgeboski- [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
13:48 -!- Netsplit *.net <-> *.split quits: c|oneman, early, Eagleman, shootbird, Haxxa, seg, kossy, mete, jgeboski, nsrafk,  (+4 more, use /NETSPLIT to show all of them)
13:49 -!- Netsplit over, joins: early, mete, Haxxa, shootbird, +hazardous, nsrafk, nullsign, c|oneman, Poster, Eagleman
13:49 -!- jgeboski- is now known as jgeboski
13:49 -!- Netsplit over, joins: FruitieX, seg
13:50 < billwat> Hi there. The apartment building I'm living in does URL logging on their internet and I'm wondering if using OpenVPN with a private VPN service would adequately prevent them from logging my URLs.
13:50 -!- Netsplit over, joins: kossy
13:53 < billwat> I believe I might need an HTTP proxy to prevent this but I'm just curious if someone can confirm that.
13:54 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Quit: ZNC - http://znc.in]
14:01 -!- Guest86751 is now known as s7r
14:06 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
14:18 -!- Netsplit *.net <-> *.split quits: Eagleman, shootbird, Haxxa, mete, Poster, nullsign, +hazardous
14:19 -!- Netsplit over, joins: mete, Haxxa, shootbird, +hazardous, nullsign, Poster, Eagleman
14:19 <+esde> billwat
14:20 <+esde> a private vpn service would achieve that.
14:20 <+esde> we cannot recommend paid providers, but we can provide assistance if you'd like to configure your own server :)
14:23 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
14:28 < billwat> Thanks, esde. That's all I needed to know. Much appreciated!
14:36 -!- s7eele [~AndChat52@108.61.68.161] has joined #openvpn
15:00 -!- billwat [~billwat@207.35.219.98] has quit [Ping timeout: 276 seconds]
15:01 -!- jesopo [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
15:06 < endzYme> is there any way to load in new configs into openvpn without disturbing existing tunnels/configs
15:07 < endzYme> SIGHUP apparently just loads the existing loaded files again
15:08 <@dazo> well, to avoid the URL logging ... using a paid vpn provider will just move logging to a potential service provider
15:09 <@dazo> having your own VPS with VPN can reduce that somewhat more
15:16 -!- dazo is now known as dazo_afk
15:44 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:58 -!- SAKUJ0 [~SAKUJ0@f049101166.adsl.alicedsl.de] has joined #openvpn
15:58 < SAKUJ0> Hey. Can someone give me a hint how I could make my (libvirt managed) VM get routed through my tun based openvpn tunnel alone?
15:59 < SAKUJ0> It's a dedicated server with an exposed IP4 address and I connect to a VPN (payed), with the default config being redirect-gateway def1 based
15:59 < SAKUJ0> When I locally connect, that setting overrides the default gateways with new routing settings, so all traffic is routed through the VPN
16:00 < SAKUJ0> If I ommit that setting no new routes are added
16:00 < SAKUJ0> So I want all traffic on wirbr0 to be routed through the VPN (tun0) instead of eth0
16:00 < SAKUJ0> s/wirbr0/virbr0
16:01 < SAKUJ0> I do not think I can use tap
16:04 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 276 seconds]
16:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
16:21 < mattsl> So I'm having a routing issue with a site to site VPN on two pfsense boxes that I can't seem to solve. Is anyone interested in helping me fix this? At this point I'll Paypal you some money to let me email you the whole config and you explain to me what's wrong.
16:49 < deraps> does anyone know if there is a CLI way in the mac openvpn connect, to import profiles?
17:02 -!- SAKUJ0 [~SAKUJ0@f049101166.adsl.alicedsl.de] has left #openvpn ["Leaving"]
17:04 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has joined #openvpn
17:05 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
17:07 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 264 seconds]
17:09 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 256 seconds]
17:11 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
17:17 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has joined #openvpn
17:20 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
17:26 -!- Isai [Agent_Isai@unaffiliated/agentisai] has joined #openvpn
17:27 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:29 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
17:31 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:31 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 250 seconds]
17:32 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
17:33 -!- K1rk [~Kirk@equinox.epecweb.com] has joined #openvpn
18:07 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:20 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
18:20 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
18:32 -!- Latrina [~Latrina@ppp-116-41.26-151.libero.it] has quit [Ping timeout: 264 seconds]
18:50 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has quit [Quit: Bye!]
18:56 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:25f0:7076:6914:273d] has joined #openvpn
18:57 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Ping timeout: 250 seconds]
19:00 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
19:12 -!- kash [~kash@unaffiliated/kash] has joined #openvpn
19:13 -!- mauricio_ [~mauricio@201-92-193-21.dsl.telesp.net.br] has joined #openvpn
19:14 < mauricio_> hi
19:15 < mauricio_> i can stabilish a vpn connection with server
19:15 < mauricio_> but i cant ping the other side of vpn
19:15 < mauricio_> ppp0      Link encap:Point-to-Point Protocol
19:15 < mauricio_>           inet addr:11.11.11.16  P-t-P:11.11.11.254  Mask:255.255.255.255
19:15 < mauricio_> i cant ping 11.11.11.254
19:16 < mauricio_> ip route
19:16 < mauricio_> default via 192.168.1.1 dev eth0  proto static
19:16 < mauricio_> 11.11.11.254 dev ppp0  proto kernel  scope link  src 11.11.11.16
19:16 < mauricio_> 177.206.87.195 via 192.168.1.1 dev eth0  proto static
19:16 < mauricio_> 177.206.87.195 via 192.168.1.1 dev eth0  src 192.168.1.34
19:16 < mauricio_> 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.34  metric 1
19:16 < mauricio_> can someone plz help me?
19:16 < mauricio_> i already flushed iptables
19:16 <+esde> #1 dont flood
19:16 <+esde> #2 please type welcome
19:17 <+esde> !welcome
19:17 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
19:17 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:17 < mauricio_> welcome
19:17 <+esde> ^
19:17 <+esde> !paste
19:17 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
19:18 <+esde> Please use the services above instead of pasting multiline messages into the channel
19:18 < mauricio_> !route
19:18 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
19:18 <@vpnHelper> client
19:27 -!- Haxxa [~Harrison@cpe-120-149-49-246.oirx3.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
19:28 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
19:53 < unicodesnowman> My openvPN server is disconnecting people with "Inactivity timeout (--ping-restart), restarting" randomly
19:53 < unicodesnowman> how can I fix this?
19:57 < unicodesnowman> I have 'duplicate-cn' enabled
20:11 -!- s7eele [~AndChat52@108.61.68.161] has quit [Remote host closed the connection]
20:12 -!- s7eele [~AndChat52@108.61.68.161] has joined #openvpn
20:14 -!- AMERICAN_PSYCHO [~AMERICAN_@203.sub-70-196-15.myvzw.com] has joined #openvpn
20:40 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
21:39 <@Eugene> Well, they're idle, so its disconnecting them
21:39 <@Eugene> That's exactly what --ping-restart does\
21:46 < unicodesnowman> Eugene, but they're not idle, they have active sockets on IRC
21:46 < unicodesnowman> people are getting disconnected from IRC networks.
21:50 <@Eugene> IRC can also time out, by not sending packets
21:50 <@Eugene> Read the man page around the --ping family of options
21:51 <@Eugene> You probably want to use "keepalive 10 60" or so in your server config
21:53 < unicodesnowman> Eugene, keepalive is at keepalive 10 120
21:57 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
22:03 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
22:03 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
22:05 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
22:06 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
22:34 < james41382> Hello. I made the mistake of deleting a set of client key/crt. I tried to create a new set with the same name and it failed to update the database. I tried to do revoke-full for the client, but that also generates an error.
22:40 -!- Latrina [~Latrina@ppp-138-34.26-151.libero.it] has joined #openvpn
23:18 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 272 seconds]
23:21 -!- AMERICAN_PSYCHO [~AMERICAN_@203.sub-70-196-15.myvzw.com] has quit [Ping timeout: 244 seconds]
23:42 -!- ShadniX [dagger@p5481D083.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:42 -!- ShadniX_ [dagger@p5481D3AA.dip0.t-ipconnect.de] has joined #openvpn
23:42 -!- ShadniX_ is now known as ShadniX
23:43 -!- ponyofdeath [~vladi@cpe-76-172-86-115.socal.res.rr.com] has quit [Ping timeout: 256 seconds]
23:45 -!- AMERICAN_PSYCHO [~AMERICAN_@148.sub-70-196-6.myvzw.com] has joined #openvpn
23:49 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Read error: Connection reset by peer]
--- Day changed Thu May 07 2015
00:00 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
00:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:33 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
00:35 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
00:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:46 -!- mode/#openvpn [+o mattock1] by ChanServ
01:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
01:11 -!- Haxxa [~Harrison@CPE-124-189-178-236.cxzr1.win.bigpond.net.au] has joined #openvpn
01:30 -!- jesopo [Bit@lolpurr.net] has joined #openvpn
01:48 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
01:53 -!- soLucien [~Lu@178.62.252.248] has quit [Quit: Leaving]
02:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:53 -!- kweeb [~kweeb@ip110-154-212-87.adsl2.static.versatel.nl] has joined #openvpn
03:09 -!- AMERICAN_PSYCHO [~AMERICAN_@148.sub-70-196-6.myvzw.com] has quit [Quit: Bye!]
03:20 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Remote host closed the connection]
03:21 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 264 seconds]
03:22 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
03:22 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
03:23 -!- mode/#openvpn [+o plaisthos] by ChanServ
03:32 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
03:40 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:50 -!- kweeb [~kweeb@ip110-154-212-87.adsl2.static.versatel.nl] has left #openvpn []
04:06 -!- T-virus [~T-virus@a89-154-56-208.cpe.netcabo.pt] has joined #openvpn
04:08 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has joined #openvpn
04:10 -!- snooops [~snooops@lvps92-51-130-196.dedicated.hosteurope.de] has left #openvpn []
04:11 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
04:15 < mauricio_> hi
04:15 < mauricio_> Im having trouble routing packets through vpn
04:15 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Client Quit]
04:15 < mauricio_> tried many things
04:15 < mauricio_> can someone help me?
04:21 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
04:42 -!- mauricio_ [~mauricio@201-92-193-21.dsl.telesp.net.br] has quit [Quit: Ex-Chat]
05:15 -!- zadock [~zadock@muscalu.tuiasi.ro] has joined #openvpn
05:30 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has joined #openvpn
05:33 -!- dupondje [~dupondje@artemis.dupie.be] has joined #openvpn
05:33 -!- dazo_afk is now known as dazo
06:04 < dupondje> Hi. I want some idea's on how to fix something. I want an OpenVPN server for remote clients to be able to connect to the Private LAN. Now there need to be multiple OpenVPN instances, with other limitations (only access to some servers in the LAN).
06:05 < dupondje> What would be the best way to do this? I was thinking to give each openvpn instance another ip-range, but then how to firewall it
06:06 < dupondje> cause it needs to be firewalled on a dedicated firewall (no iptables in the openvpn server)
06:21 -!- borgfish [~blubber@141.12.67.37] has joined #openvpn
06:21 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
06:22 < borgfish> hello, i have a bit of lagg while playing a tcp based game over a tcp based openvpn connection, any hints on debugging or making it "lightweight" (dont need ssl at all for this )
06:28 < borgfish> server is 1gbit, client 100mbit, pings from 6ms to 1300 ?! do i need some QOS ?
06:29 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
06:32 < borgfish> switch from tun to tap or something ?
06:36 < colo-work> use UDP instead of TCP for OpenVPN. this could fix your latency problems.
06:37 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
06:38 < borgfish> thats why i use tcp, because the network here has 2 firewalls they cannot flow control enable a udp stream
06:39 < borgfish> bad wording, but packets wont come into the intranet you know
06:39 < borgfish> doing a "speedtest" i get 50mbit down and 12mbit up, and no ping delay at all, but in my game, its up to 2300ms when a little bit of incoming traffic happens
06:40 < borgfish> switched off firewall and antivirus already no help
06:41 < borgfish> howto use -socket-flags TCP_NODELAY ? on the server on the client, cli or within config file ?
06:46 < borgfish> woohoo put it into /etc/default/openvpn startup option , works!
06:47 < borgfish> i googled alot of users maybe had this problem, you could erm, recommend this setting strongly in tcp mode maybe ? like expand this line a bit : # TCP or UDP server?
06:48 < borgfish> well ok, its a bit better
07:01 -!- AMERICAN_PSYCHO [~AMERICAN_@148.sub-70-196-6.myvzw.com] has joined #openvpn
07:01 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
07:13 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:25f0:7076:6914:273d] has quit [Remote host closed the connection]
07:25 -!- netan [~netan@176.10.248.200] has joined #openvpn
07:27 < netan> hi all,  how do I know if my VPN connection really are secure ?
07:28 < netan> if I make a change in the tls.key the connection are still working, is that normal?
07:28 < BtbN> The key is only read at startup.
07:33 < netan> BtbN, what does that mean ?  If I run "/etc/init.d/openvpn stop" and "/etc/init.d/openvpn start" after I made a change in the key the connection still works
07:34 < BtbN> Sounds like you're not editing the right file.
07:34 < BtbN> Or you made a change in the header or something
07:35 < netan> ok, wait I will check
07:39 -!- netan [~netan@176.10.248.200] has quit [Ping timeout: 245 seconds]
07:52 <@dazo> Netas3k: check this one: https://community.openvpn.net/openvpn/wiki/SecurityOverview
07:52 <@vpnHelper> Title: SecurityOverview – OpenVPN Community (at community.openvpn.net)
07:52 <@dazo> sorry!  wrong url
07:52  * dazo looks for the proper url
07:53 <@dazo> duh ... wrong nick even
07:53 <@dazo> BtbN: FYI ... https://community.openvpn.net/openvpn/wiki/327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key
07:53 <@vpnHelper> Title: 327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key – OpenVPN Community (at community.openvpn.net)
07:55 < BtbN> dazo, you should maybe have mentioned that you are using a static key...
07:55 < BtbN> *netan
07:56 < BtbN> Or aren't you?
07:56 < BtbN> If it's a ssl private key, changing random bytes should break it quite fast
07:56 <@dazo> I'm not netan :) .... [14:39:49] * netan has quit (Ping timeout: 245 seconds)
07:58 -!- netan [~netan@176.10.248.195] has joined #openvpn
08:00 < netan> I have now restarted the machine and are still able to connect using wrong tls.key
08:01 < netan> any ideas why ?
08:01 < netan> are there any tools to inspect if your connection are encrypted or not ?
08:16 <@plaisthos> wireshark?
08:16 -!- netan [~netan@176.10.248.195] has quit [Ping timeout: 240 seconds]
08:19 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
08:25 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
08:44 -!- AMERICAN_PSYCHO [~AMERICAN_@148.sub-70-196-6.myvzw.com] has quit [Quit: Bye!]
08:53 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:00 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 272 seconds]
09:03 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
10:04 -!- soupmeister [~frad@24-107-128-120.dhcp.stls.mo.charter.com] has quit [Remote host closed the connection]
10:05 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
10:56 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
10:58 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
11:00 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Client Quit]
11:01 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
11:01 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
11:01 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
11:01 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
11:04 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:39 -!- zadock [~zadock@muscalu.tuiasi.ro] has quit [Quit: Leaving]
11:44 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 244 seconds]
11:53 -!- blizzow [~jburns@2601:1:a682:cf00:7e7a:91ff:fe14:9b91] has joined #openvpn
12:03 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
12:03 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
12:36 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:45 -!- AMERICAN_PSYCHO [~AMERICAN_@adsl-98-80-0-139.shv.bellsouth.net] has joined #openvpn
13:05 -!- AMERICAN_PSYCHO [~AMERICAN_@adsl-98-80-0-139.shv.bellsouth.net] has quit [Quit: Bye!]
13:12 -!- elfixit [~Icedove@host213-120-143-78.in-addr.btopenworld.com] has quit [Quit: elfixit]
14:10 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
14:11 -!- Thominus [~Thominus@CPEf46d04cde326-CM84948cd740d0.cpe.net.cable.rogers.com] has joined #openvpn
14:13 -!- LedZeplin [~jeff@72.22.20.244] has joined #openvpn
14:21 -!- dazo is now known as dazo_afk
14:37 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
14:37 -!- mode/#openvpn [+v s7r] by ChanServ
14:48 < niel> whats a good way to figure out what is blocking openvpn?
14:51 -!- KNERD [~KNERD@198.12.96.132] has joined #openvpn
14:59 -!- almostworking is now known as almostwrkin_phon
14:59 -!- almostwrkin_phon is now known as almstwrkin_phone
15:01 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
15:04 <+esde> troubleshooting
15:05 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
15:05 < KNERD> Anyone know if Egypt is blockng VPN traffic?
15:05 < KNERD> maybe by port, or TCP flags?
15:07 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:11 <+esde> very likely
15:11 <+esde> try !obfs
15:11 <+esde> also, if and how are two different questions entirely
15:12 <+esde> further, don't try to outsmart how they are blocking openvpn. instead, read up on !obfs and learn how to configure it. Once you've got it configured properly, you should always be able to stay ahead of their blocking (or slightly behind) with just a few changes to your settings
15:15 < KNERD> lobfs? okay will read up on it..thanks
15:15 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
15:16 < bruxC> silly question but if I"m trying to troubleshoot why my linux client isn't connecting to websites, do i check the log on the client or the server?
15:16 < bruxC> I was going to check both but i could only find a log on my server. no log was present in /etc/openvpn on the client.
15:19 < DArqueBishop> !obfs
15:19 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being
15:19 <@vpnHelper> used. in static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
15:20 <+esde> KNERD.. .no not lobfs
15:20 <+esde> !obfs
15:20 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
15:20 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
15:20 <+esde> read more carefully
15:20 < KNERD> oh okay..thanks
15:21 <+esde> bruxC,
15:21 <+esde> !logs
15:21 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:21 <+esde> !configs
15:21 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:21 <+esde> we'll need both configs and logs to be helpful, if you need help locating that log file, we'll need the operating system and how you installed the package
15:22 < bruxC> Thanks esde, I'll be sure to follow those directions. Thank you.
15:24 <+esde> No worries, make sure you use pastebin (or pastebin-like site with no ads or BS) for the logs and configs, also what is the client OS and how did you install the package?
15:27 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Quit: Page closed]
15:30 < bruxC> I must go, unfortunately I didn't notice the time but I will return w/ the information.
15:36 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
15:40 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
15:44 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
15:51 -!- LedZeplin [~jeff@72.22.20.244] has quit [Ping timeout: 256 seconds]
16:20 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Ping timeout: 264 seconds]
16:38 -!- Isai [Agent_Isai@unaffiliated/agentisai] has quit [Remote host closed the connection]
17:00 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
17:02 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
17:04 -!- Slippern [~Slippern@76.109-247-208.customer.lyse.net] has quit [Ping timeout: 272 seconds]
17:13 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
17:22 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:30 -!- ContactLeft [~user@unaffiliated/contactleft] has joined #openvpn
17:56 < mattsl> Anyone want to look at my configs and try to help me figure out why I can't get traffic between LANs on my site to site VPN?
17:57 < mattsl> It's working from LAN-A to Server-B and vice versa, and obviously from Server-A to Server-B, but nada from LAN-A to LAN-B
18:36 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Quit: Leaving]
18:41 -!- Sheraf is now known as Sheraf_
18:42 -!- Sheraf_ is now known as Sheref
18:42 -!- Sheref is now known as Sheraf
18:52 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
18:52 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:53 -!- badon_ is now known as badon
18:59 < bdmc> mattsl: I won't be able to help, I am fighting the same battle, but IPv4 or IPv6, or both?
19:05 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
19:16 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
19:27 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
19:28 < mattsl> bdmc: just IPv4
19:36 -!- swebb [~swebb@192.69.23.161] has quit [Ping timeout: 272 seconds]
19:41 -!- almstwrkin_phone [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
19:44 -!- swebb [~swebb@209.131.238.250] has joined #openvpn
20:49 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
21:20 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 264 seconds]
21:29 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 264 seconds]
21:37 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
21:40 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
21:42 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
21:57 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
22:04 -!- AMERICAN_PSYCHO [~AMERICAN_@94.sub-70-196-7.myvzw.com] has joined #openvpn
22:06 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
22:12 < mattsl> Can anyone help me figure out the routing for my site to site vpn?
22:16 -!- stuff1 [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
22:19 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 244 seconds]
22:25 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Remote host closed the connection]
22:28 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:02 -!- idoit [~idiot41@d53-64-104-202.nap.wideopenwest.com] has joined #openvpn
23:05 -!- defswork [~andy@mailhost.mirrormail.co.uk] has quit [Ping timeout: 276 seconds]
23:28 -!- idoit [~idiot41@d53-64-104-202.nap.wideopenwest.com] has left #openvpn []
23:43 -!- ShadniX [dagger@p5481D3AA.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:43 -!- ShadniX_ [dagger@p5481CAF8.dip0.t-ipconnect.de] has joined #openvpn
23:43 -!- ShadniX_ is now known as ShadniX
23:49 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 248 seconds]
23:49 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 248 seconds]
23:50 <@Eugene> !fail2ban
23:50 <@vpnHelper> "fail2ban" is in linux you can replace fail2ban without the background process with something like: iptables -A INPUT -m tcp -p tcp --dport 22 -m hashlimit --hashlimit-name ssh --hashlimit-upto 5/minute --hashlimit-mode srcip --hashlimit-srcmask 24 -j ACCEPT
23:52 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:56 -!- c|oneman [~cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
23:56 -!- nsrafk [~whois@unaffiliated/nsrafk] has joined #openvpn
--- Day changed Fri May 08 2015
00:00 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
00:02 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:03 -!- AMERICAN_PSYCHO [~AMERICAN_@94.sub-70-196-7.myvzw.com] has quit [Read error: Connection reset by peer]
00:04 -!- AMERICAN_PSYCHO [~AMERICAN_@94.sub-70-196-7.myvzw.com] has joined #openvpn
00:26 -!- s7eele [~AndChat52@108.61.68.161] has quit [Quit: Bye]
00:26 -!- s7eele [~AndChat52@108.61.68.161] has joined #openvpn
00:30 -!- s7eele [~AndChat52@108.61.68.161] has quit [Client Quit]
00:34 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
00:37 -!- AMERICAN_PSYCHO [~AMERICAN_@94.sub-70-196-7.myvzw.com] has quit [Read error: Connection reset by peer]
00:38 -!- AMERICAN_PSYCHO [~AMERICAN_@94.sub-70-196-7.myvzw.com] has joined #openvpn
00:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
01:15 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:15 -!- mode/#openvpn [+o mattock1] by ChanServ
01:36 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
02:02 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
02:09 -!- AMERICA__ [~AMERICAN_@94.sub-70-196-7.myvzw.com] has joined #openvpn
02:10 -!- AMERICAN_PSYCHO [~AMERICAN_@94.sub-70-196-7.myvzw.com] has quit [Ping timeout: 244 seconds]
02:38 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
02:45 -!- AMERICA__ [~AMERICAN_@94.sub-70-196-7.myvzw.com] has quit [Quit: Bye!]
02:45 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
02:50 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
02:59 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
03:05 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
03:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:40 -!- defswork [~andy@mailhost.mirrormail.co.uk] has joined #openvpn
03:43 <@plaisthos> !android
03:43 <@vpnHelper> "android" is (#1) an open source OpenVPN client for ICS is available in Google Play, look for OpenVPN for Android. FAQ is here: http://code.google.com/p/ics-openvpn/wiki/FAQ or (#2) Direct Play link: https://play.google.com/store/apps/details?id=de.blinkt.openvpn or (#3) Old (pre-ICS) device? See: !android-old or (#4) You can get the apk directly from http://plai.de/android/ or (#5)
03:43 <@vpnHelper> https://code.google.com/p/ics-openvpn/wiki/FAQ
03:43 <@plaisthos> !forget android 5
03:43 <@vpnHelper> Joo got it.
03:43 <@plaisthos> !forget android 1
03:43 <@vpnHelper> Joo got it.
03:44 <@plaisthos> !android
03:44 <@vpnHelper> "android" is (#1) Direct Play link: https://play.google.com/store/apps/details?id=de.blinkt.openvpn or (#2) Old (pre-ICS) device? See: !android-old or (#3) You can get the apk directly from http://plai.de/android/
03:44 <@plaisthos> !forget android 1
03:44 <@vpnHelper> Joo got it.
03:44 <@plaisthos> !forget android 1
03:44 <@vpnHelper> Joo got it.
03:44 <@plaisthos> !forget android 1
03:44 <@plaisthos> !forget android 1
03:44 <@vpnHelper> Joo got it.
03:44 <@vpnHelper> Error: There is no such factoid.
03:46 <@plaisthos> !learn android  available as "OpenVPN for Android" as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html
03:46 <@vpnHelper> Joo got it.
03:47 <@plaisthos> !learn android Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android
03:47 <@vpnHelper> (learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
03:47 <@plaisthos> !learn android as Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android
03:47 <@vpnHelper> Joo got it.
03:48 <@plaisthos> !learn android as Old (pre-ICS) device? See !android-old
03:48 <@vpnHelper> Joo got it.
03:48 <@plaisthos> !android
03:48 <@vpnHelper> "android" is (#1) Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android or (#2) Old (pre-ICS) device? See !android-old
03:48 <@plaisthos> !forget android 1
03:48 <@vpnHelper> Joo got it.
03:48 <@plaisthos> !forget android 1
03:48 <@vpnHelper> Joo got it.
03:48 <@plaisthos> !avaailable
03:48 <@plaisthos> !available
03:49 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:49 <@plaisthos> !learn android as available as "OpenVPN for Android" as an open source OpenVPN client for Android 4.0+. FAQ:
03:49 <@vpnHelper> Joo got it.
03:49 <@plaisthos> !forget android
03:49 <@vpnHelper> Joo got it.
03:49 <@plaisthos> !learn android as available as "OpenVPN for Android" as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html
03:49 <@vpnHelper> Joo got it.
03:49 <@plaisthos> !learn android as Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android
03:49 <@vpnHelper> Joo got it.
03:49 <@plaisthos> !learn android as Old (pre-ICS) device? See !android-old
03:49 <@vpnHelper> Joo got it.
03:50 <@plaisthos> !android
03:50 <@vpnHelper> "android" is (#1) available as OpenVPN for Android as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html or (#2) Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android or (#3) Old (pre-ICS) device? See !android-old
03:50 <@plaisthos> !android-old
03:50 <@vpnHelper> "android-old" is If you do not have cyanogenmod or ICS, but your device is rooted, you can use android-openvpn-installer and openvpn-settings from the market
03:57 < colo-work> hmm, I see an IPv6 ll src address arriving from one (windows-based) client's connection, despite our server pushing IPv4 routes only: "Fri May  8 10:33:45 2015 us=909946 Some_user/62.x.y.z:49891 MULTI: bad source address from client [fe80::---], packet dropped"
03:57 < colo-work> what's causing that?
04:01 <@plaisthos> link local addresses
04:01 <@plaisthos> tldr jsut ignore these warnings
04:01 <@plaisthos> !factoids
04:01 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
04:08 -!- dazo_afk is now known as dazo
04:18 < colo-work> plaisthos, I'm aware that datagrams with that source address aren't of any value, the thing is, that client's VPN in fact simply does not work any more.
04:19 < colo-work> he's on a DS-Lite IPv6/IPv4 line that seems to break OpenVPN connectivity
04:19 < colo-work> I was chasing down MTU-related problem solution strategies, but to no avail as of now
04:19 < colo-work> so I wondered if the reason that warning apprears could be connected to why there's no meaningful post-auth traffic flowing over the link
04:25 <@plaisthos> colo-work: they are link local packets
04:25 <@plaisthos> you can safely ignore them
04:25 <@plaisthos> newer openvpn version will not even log these anymore because they lead to confusion
04:27 < colo-work> OK, understood.
04:34 -!- elfixit [~Icedove@213-152-55-225.dsl.eclipse.net.uk] has joined #openvpn
04:45 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
05:02 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Ping timeout: 276 seconds]
05:13 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 245 seconds]
05:13 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
05:20 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
05:23 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
05:24 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
05:25 -!- inad922 [~inad925@193.110.235.126] has joined #openvpn
05:25 < inad922> Hi
05:26 < inad922> From my company I've received an email with the details on how to connect to their network via the Shrewsoft client. Also a config file for that. Is there any easy way to turn this into an openvpn config file?
05:30 < inad922> Is there a list of possible options which I can use in the openvpn client configuration?
06:17 < borgfish> The Shrew Soft VPN Client for Windows is an IPsec Remote Access VPN Client ... openvpn is SSL
06:17 < borgfish> not compatible by far
06:27 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 255 seconds]
06:38 -!- killall [bc53faba@gateway/web/freenode/ip.188.83.250.186] has joined #openvpn
06:39 < killall> Hello i have an openvpnAS and i cannot login, i have configured it yesterday and now i cant login
06:41 -!- Exagone313_ is now known as Exagone313
06:43 -!- killall [bc53faba@gateway/web/freenode/ip.188.83.250.186] has quit [Quit: Page closed]
06:54 -!- inad922 [~inad925@193.110.235.126] has quit [Ping timeout: 252 seconds]
06:56 -!- inad922 [~inad925@193.110.235.126] has joined #openvpn
07:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
07:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:19 <+esde> http://www.duckware.com/blog/comcast-principal-engineer-gets-caught-intentionally-lying/index.html
07:19 <@vpnHelper> Title: Comcast "Principal Engineer" gets caught intentionally LYING about the cause of download problems (at www.duckware.com)
07:19 <+esde> fun read
07:25 < marl_scot> hi, I am trying to set only certain ip ranges being routed over my vpn, I put in a test push route and it worked, now i have 6 push routes in total, and i dont seam to be able to route now, should I be able to specify multiple routes from the server end?
07:26 < marl_scot> I should clarify that i can access the internet fine, just not anything within my ranges in the push route
07:26 <+esde> That might be !ccd
07:26 <+esde> !!ccd
07:26 <+esde> !ccd
07:26 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
07:27 <+esde> oh maybe not, common name
07:28 <+esde> ahhh factoids link appears to be down too :/
07:28 <+esde> !search route
07:28 <@vpnHelper> There were no matching configuration variables.
07:28 <+esde> !search
07:28 <@vpnHelper> (search <word>) -- Searches for <word> in the current configuration variables.
07:28 <+esde> !search routing
07:28 <@vpnHelper> There were no matching configuration variables.
07:28 <+esde> :| good luck
07:33 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
07:36 < marl_scot> i have no ccd's defined, all users connecting need to get the same routes just now, although that may change at a later date, if i can get this to run the way i need for a while
07:51 < T-virus> hi people !! i'm using openvpn client to conect to another lan. i can connect but can not reach the remote machines
07:52 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
07:54 <+esde> T-virus, welcome. Please type !welcome
07:57 < T-virus> !welcome
07:57 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
07:57 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
07:58 < T-virus> !ask
07:58 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
07:58 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:02 -!- lemonxah [~lemonxah@105-237-65-156.access.mtnbusiness.co.za] has joined #openvpn
08:02 < lemonxah> hello
08:03 < lemonxah> setup openvpn server according to this guide, https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
08:03 <@vpnHelper> Title: How To Setup and Configure an OpenVPN Server on CentOS 7 | DigitalOcean (at www.digitalocean.com)
08:03 < lemonxah> and then i connect to it with my client but after doing that i dont have internet access
08:03 < lemonxah> where would i start to debug this?
08:04 < lemonxah> is there something extra i have to do to get that openvpn server to "share" its internet?
08:12 <+esde> !walkthrough
08:12 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
08:12 <+esde> !howto
08:12 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
08:13 -!- lemonxah [~lemonxah@105-237-65-156.access.mtnbusiness.co.za] has quit [Ping timeout: 264 seconds]
08:16 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
08:16 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
08:17 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
08:30 < marl_scot> is there a way to push a route to a client to route a range over there default gateway instead of the vpn? eg. push a route for 43.43.43.0/19 to route via the vpn, and push a route 43.43.44.0/24 to route via the clients default gw?
08:32 -!- inad922 [~inad925@193.110.235.126] has quit [Ping timeout: 240 seconds]
08:33 -!- inad922 [~inad925@193.110.235.126] has joined #openvpn
08:49 < T-virus> !welcome
08:49 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:49 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:49 < T-virus> !configs
08:49 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
08:57 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
09:00 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 246 seconds]
09:05 -!- stuff1 is now known as bruxC
09:28 < bruxC> I'd like to pastebin my logs. where are the default locations of these logs.. I'm able to find my server's logs at /etc/openvpn/openvpn-status.log
09:28 < bruxC>  .. but I'm having issues finding any log files for my client.
09:30 <+esde> From yesterday....... >what is the client OS and how did you install the package?
09:31 < bruxC> Hi esde I've kept your directions.
09:31 < bruxC> I"m following them right now. I'm just having troubles finding the logs. I'm currently on ubuntu server 14.04 for both server & client.
09:32 < bruxC> Made sure to change the verb to 4.
09:32 <+esde> now that we know the OS, >how did you install the package?
09:32 < bruxC> apt-get install openvpn easy-rsa
09:32 <+esde> so from the stock ubuntu repos, no ppa or other external source?
09:33 < bruxC> none that I am aware of.
09:33 < bruxC> this is a brand new spun up ubuntu server 14.04 VM. I'm fairly confident there are no external sources.
09:33 < bruxC> same goes for the client..
09:35 <+esde> anything in syslog for the client?
09:36 < bruxC> may I ask where that is usually located? I'm not seeing it in /usr/share/openvpn or /usr/local/share/openvpn
09:36 <+esde>  /var/log/syslog.log
09:37 < bruxC> thank you. (new to *nix)
09:38 < bruxC> https://clbin.com/3r1gZ
09:39 < bruxC> rest assured this is merely a test environment so I have no issues with showing certificate information
09:39 <+esde> looks like the name lookup is failing
09:39 <+esde> i'd give line numbers but there's no markup... look for network unreachable
09:39 < bruxC> I see. I know that DNS lookup is garbage in my environment so I have to resort to IP lookup.
09:42 < bruxC> esde any way  that I can pastebin to help resolve the line number? I've been just doing cat {file} | curl -F 'clbin=<-' https://clbin.com
09:42 <@vpnHelper> Title: clbin: command line pastebin. (at clbin.com)
09:42 <+esde> we dont need line numbers, i was just trying to tell you where to look in the log
09:42 < bruxC> kk
09:42 <+esde> May  8 10:12:50 VPNclient named[957]: error
09:43 <+esde> seems to be the spot where it goes to hell
09:43 < bruxC> any ways, I see where you are referring to. That was when I was attempting to reach a website and it failed. I have sincce then "service openvpn stop"
09:43 < bruxC> It would trigger again if I were to restart the service and w3m www.google.com
09:46 < bruxC> would you like me to provide server/client.conf ?
09:46 <+esde> I dont see Initialization Sequence Completed, at all. That makes me think the connection never succeeded, but I could be wrong. Yes like I mentioned yesterday, we need both logs and configs from the client and server
09:49 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:50 -!- Denial [~Denial@81.141.0.147] has quit [Ping timeout: 244 seconds]
09:51 -!- Denial [~Denial@81.141.23.254] has joined #openvpn
09:52 < bruxC> Certainly.
09:52 < bruxC> Server: Ubuntu Server 14.04 - server.conf: https://clbin.com/JWiFN
09:52 < bruxC> Client: Ubuntu Server 14.04 - client.conf: https://clbin.com/XwF0j
09:53 < bruxC> Server openvpn-status.log:
09:53 < bruxC> https://clbin.com/nBLFF
09:57 <+esde> also openvpn.log from the server please
09:58 <+esde> Also if you use the grep command show in the !configs trigger, your configs would be much more pleasant to look at
09:59 <+esde> That said, I don't see the root cause of your problem yet
10:05 < bruxC> Server syslog: https://clbin.com/GfHvh
10:05 < bruxC> not exactly sure where openvpn.log is located, apologies.
10:06 < bruxC> !configs trigger
10:06 < bruxC> !cconfigs
10:06 < bruxC> !configs
10:06 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:07 < bruxC> grep: http://pastebin.com/mZ04bET4
10:20 < bruxC> Also, I made the following adjustments per a few guides to allow the client to route traffic to the server: http://pastebin.com/2Mee0e8D
10:21 < bruxC> I'm going to step away for just a moment but please let me knwo if there is any other information I can try or perhaps anything you would recommend me to do. I will gladly oblige. I just want to know how to get this up and running so I can start implementing an OpenVPN server for my FreeNAS environment.
10:22 <+esde> !iptables-save
10:22 <+esde> !search iptables
10:22 <@vpnHelper> There were no matching configuration variables.
10:22 <+esde> !iptables
10:23 <@vpnHelper> "iptables" is (#1) To test if netfilter ("iptables rules") are your problem, disable all rules with an ACCEPT policy. See https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules for a script to do this. or (#2) See also the manpage section on firewalls at this link: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbBG or (#3) These are just the basics to get you started
10:23 <@vpnHelper> as firewall design is beyond this channel's scope; you can also see #netfilter
10:23 <+esde> !iptables-show
10:23 <+esde> I can't get search right, and secure-computing is down. :(
10:24 < bruxC> I see, what is it you would like me to do? Post my iptables on server?
10:24 <+esde> iptables-save > iptables, then post the contents of iptables
10:27 < bruxC> http://pastebin.com/zsQxEN7D
10:28 <+esde> great, that's the complete iptables that will allow someone to help :)
10:29 < bruxC> THanks.
10:40 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
10:40 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
10:44 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
10:44 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
10:44 -!- inad922 [~inad925@193.110.235.126] has quit [Ping timeout: 272 seconds]
10:47 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:57 -!- inad922 [~inad925@193.110.235.116] has joined #openvpn
11:03 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
11:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
11:12 -!- inad922 [~inad925@193.110.235.116] has quit [Quit: Leaving]
11:45 -!- xTz [~xTz@103.246.92.158] has joined #openvpn
12:03 -!- xTz [~xTz@103.246.92.158] has quit [Quit: cu]
12:09 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
12:13 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:24 -!- Voyage [~Voy@182.189.56.101] has joined #openvpn
12:25 < Voyage> I started openvpn by service openvpn start on ubuntu but its not starting up. No errors shown. How can i debug?
12:27 < _FBi> turn on debugging
12:27 < Voyage> how?
12:29 < Voyage> _FBi
12:35 < Voyage> 2015 Socket Buffers: R=[30000000->131072] S=[30000000->131072]   _GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00    ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
12:39 <+esde> tun is not enabled
12:39  * esde "that was easy"
12:46 < Voyage> hm
12:48 <+esde> not sure who to ping but secure-computing.net is still down from here
12:49 <+esde> the host responds to pings, but will not load in the browser
12:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
12:51 < Voyage> esde how can I enable tun?
12:53 <+esde> is this openvz, kvm?
12:53 < Voyage> openvz
12:53 <+esde> ask your provider to enable it for you
12:53 <+esde> or enable it oyurself if you have access in SolusCP
12:53 <+esde> *your
12:55 <+esde> also
12:55 <+esde> !openvz
12:55 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
12:59 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
13:00 < bruxC> Hey esde, i'm new to this channel. do other people chime in for support often?
13:00 <+esde> yes
13:21 -!- Voyage [~Voy@182.189.56.101] has quit []
13:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:25 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 264 seconds]
13:36 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
13:37 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
13:39 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
13:40 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:46 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
13:47 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Remote host closed the connection]
14:02 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
14:07 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:08 -!- mode/#openvpn [+o mattock1] by ChanServ
14:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
14:21 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
14:26 <@dazo> esde: I believe ecrist and krzee are contact points for secure-computing.net
14:29 <+esde> ping ecrist krzee
14:30 <+esde> secure-computing.net seems to be up, but perhaps the webserver is down
14:32 <@krzee> really just ecrist
14:32 <+esde> noted
14:32 <@krzee> i just use his stuff :D
14:33 <@krzee> he let me get lazy ;]
14:33 <@krzee> lemme see tho, i may be on that box
14:34 <@krzee> oh the whole box is down
14:34 <+esde> it responds to pings :/
14:34 <+esde> or did
14:34 <@krzee> umm
14:34 <@krzee> PING www.secure-computing.net (199.102.77.86): 56 data bytes
14:34 <@krzee> Request timeout for icmp_seq 0
14:35 <+esde> yeah it's 100% down now
14:35 <+esde> earlier i couldnt load it in the browser but i still got icmp replies :/
14:35 <@krzee> how long has it been down?
14:35 <@krzee> that could mean hes doing stuff...
14:35 <+esde> 8:30am eastern
14:36 <@krzee> ahh
15:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
15:43 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Ping timeout: 255 seconds]
15:58 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
16:02 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
16:07 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
16:07 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:08 -!- badon_ is now known as badon
16:27 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
16:34 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
16:37 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has joined #openvpn
16:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 272 seconds]
16:44 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
16:48 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
16:57 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
17:12 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
17:13 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
17:17 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Client Quit]
17:18 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
17:20 -!- shio [marmot@142.121.101.84.rev.sfr.net] has quit [Ping timeout: 264 seconds]
17:22 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
17:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:38 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
17:40 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 272 seconds]
17:40 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
17:50 -!- ShadniX [dagger@p5481CAF8.dip0.t-ipconnect.de] has quit [Quit: Bye.]
17:59 -!- ShadniX [~ShadniX@p5481CAF8.dip0.t-ipconnect.de] has joined #openvpn
18:00 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
18:16 -!- ret123 [JKDF2-COM@96.89.211.216] has quit [Ping timeout: 250 seconds]
18:18 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 255 seconds]
18:18 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
18:20 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
18:22 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
18:22 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:22 -!- elfixit [~Icedove@213-152-55-225.dsl.eclipse.net.uk] has quit [Ping timeout: 255 seconds]
18:32 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
18:55 -!- dazo is now known as dazo_afk
19:01 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
19:07 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
19:42 -!- blizzow [~jburns@2601:1:a682:cf00:7e7a:91ff:fe14:9b91] has quit [Ping timeout: 265 seconds]
20:06 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
20:15 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
20:16 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
20:33 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
20:36 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
21:00 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 240 seconds]
21:26 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Ping timeout: 250 seconds]
21:39 -!- cryptfu [~cryptfu@pool-100-40-82-48.prvdri.fios.verizon.net] has joined #openvpn
21:41 -!- cryptfu [~cryptfu@pool-100-40-82-48.prvdri.fios.verizon.net] has quit [Quit: Leaving]
21:43 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
21:46 -!- cryptfu [~cryptfu@pool-100-40-82-48.prvdri.fios.verizon.net] has joined #openvpn
21:51 -!- chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
21:51 -!- chatterbox- [~Chatterbo@108.61.159.157] has quit [Client Quit]
21:52 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
22:12 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
22:29 -!- Sheraf [~Sheraf@ns507221.ip-192-99-1.net] has quit [Quit: WeeChat 1.0.1]
23:14 -!- idafyaid [~idafyaid@109.163.235.236.static-ro.twistednetworks.net] has joined #openvpn
23:32 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
23:33 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
23:42 -!- ShadniX [~ShadniX@p5481CAF8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:42 -!- ShadniX_ [dagger@p5481C551.dip0.t-ipconnect.de] has joined #openvpn
23:42 -!- ShadniX_ is now known as ShadniX
23:52 -!- james41382_ is now known as james41382
--- Day changed Sat May 09 2015
00:13 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 256 seconds]
00:15 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
00:25 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
01:05 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
01:08 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
01:08 -!- idafyaid [~idafyaid@109.163.235.236.static-ro.twistednetworks.net] has quit [Quit: idafyaid]
01:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:31 -!- mode/#openvpn [+o mattock1] by ChanServ
02:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
02:34 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Ping timeout: 276 seconds]
02:36 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
02:38 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:42 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Ping timeout: 276 seconds]
02:42 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
02:44 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
02:50 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Ping timeout: 272 seconds]
02:50 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
03:40 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:42 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:51 < unicodesnowman> my openvpn clients get Inactivity timeout (--ping restart) every few hours. keep-alive is set to 10 180. Users are using the same profiles, but duplicate-cn is enabled
04:51 < unicodesnowman> What could be the issue?
05:08 <@plaisthos> connection reset
05:09 <@plaisthos> nat timeouts
05:09 <@plaisthos> that kind of things
06:45 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:14 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
07:26 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
07:27 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
07:30 -!- crised_ [~crised@186.67.181.204] has joined #openvpn
07:31 < crised_> Hi I've made an openvpn connection between a server and a client
07:31 < crised_> problem is that not always I could ping the client, I feel that the problem is that the client connection is GPRS so it's not always online ,so is there a way to make the client send heartbeat messages in a periodic interval or something like this?
07:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
07:52 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
07:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:57 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 276 seconds]
08:01 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:19 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 264 seconds]
08:21 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
08:26 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
08:26 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Client Quit]
08:27 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
08:32 -!- Blok [~Blok@unaffiliated/blok] has joined #openvpn
08:39 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
08:41 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
08:43 -!- fred`` [fred@earthli.ng] has joined #openvpn
08:44 < Blok> I want to make an adjustment to my openvpn server. I want all traffic originating from the server to go to a specific gateway while all local takes the path of the default gateway. How would I do that?
10:08 -!- Isai [Agent_Isai@unaffiliated/agentisai] has joined #openvpn
10:57 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
11:00 -!- T-virus [~T-virus@a89-154-56-208.cpe.netcabo.pt] has quit []
11:15 -!- crised_ [~crised@186.67.181.204] has quit [Remote host closed the connection]
11:25 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
11:28 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:44 -!- KolK [~kacper@goldnet.4web.pl] has joined #openvpn
11:50 < KolK> Hi! Yesterday I configured OpenVPN on my Xen VPS. I can connect to my VPN server successfully, but the only IP I can reach through it is the IP of my VPN server. This is my server's config file: http://pastebin.com/fjymCg2x I'm new to OpenVPN so I probably made stupid mistake.
11:50 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
11:50 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
11:51 -!- badon_ is now known as badon
12:00 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
12:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
12:09 < mattsl> KolK: You see the part of the config that says: # Push routes to the client to allow it# to reach other private subnets behind?  Uncomment the push route statements and edit the subnets to match your network.
12:17 < KolK> mattsl: I cannot access Internet. I have no other *private subnets*. Did I misunderstand something?
12:20 < mattsl> You're saying that you are trying to access addresses on the LAN that your OpenVPN server is on from the VPN client, correct?
12:21 < mattsl> If so, you need the push route command
12:21 < mattsl> Otherwise the client has no idea how to route to that network.
12:22 < KolK> No. I would like to access any address in the Internet. E.g. 8.8.8.8. I can access only: my network in which computer I'm using is and VPN server maching (it's remote). I have no subnet connected to VPN.
12:22 < mattsl> Also, if you're wanting to access the internet through the OpenVPN tunnel (i.e. not only access sites on the LAN but route all traffic from the client through the server) you need to uncomment: ;push "redirect-gateway def1 bypass-dhcp"
12:23 < mattsl> Ok. So for what you want, you need to use: push "redirect-gateway def1 bypass-dhcp"
12:23 < mattsl> You probably should go through and read all the comments in the sample config file you're using. They will explain these things.
12:24 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
12:24 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Read error: Connection reset by peer]
12:26 < KolK> mattls: I've read it. Uncommenting that line, restarting server and reconnecting client with server didn't help. I have this line in server syslog: SENT CONTROL [-]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' (status=1)
12:31 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
12:33 < KolK> Maybe this: (The OpenVPN server machine may need to NAT
12:33 < KolK> # or bridge the TUN/TAP interface to the internet
12:33 < KolK> # in order for this to work properly).
12:33 < KolK> is a problem?
12:34 < KolK> How can I check if TUN is configured properly?
12:36 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
13:03 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 272 seconds]
13:38 -!- Blok [~Blok@unaffiliated/blok] has left #openvpn []
13:50 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:7df4:2fac:59af:7b65] has joined #openvpn
13:52 -!- zmachine [uid53369@gateway/web/irccloud.com/x-wrayebnervqdijnp] has joined #openvpn
14:27 -!- KolK [~kacper@goldnet.4web.pl] has quit [Quit: leaving]
14:30 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
14:30 -!- Isai [Agent_Isai@unaffiliated/agentisai] has quit [Remote host closed the connection]
15:14 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
15:41 -!- Isai [Agent_Isai@unaffiliated/agentisai] has joined #openvpn
16:13 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
16:30 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
16:30 -!- zpatten [~zpatten@unaffiliated/zpatten] has quit [Quit: SEGFAULT]
16:33 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
16:37 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 265 seconds]
16:38 -!- almost_android [~almostwor@unaffiliated/almostworking] has joined #openvpn
16:46 -!- zpatten [~zpatten@unaffiliated/zpatten] has quit [Ping timeout: 276 seconds]
16:46 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
16:58 -!- Thominus [~Thominus@CPEf46d04cde326-CM84948cd740d0.cpe.net.cable.rogers.com] has quit [Remote host closed the connection]
17:03 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:03 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:03 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:7df4:2fac:59af:7b65] has quit [Remote host closed the connection]
17:03 -!- badon_ is now known as badon
17:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:10 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
17:12 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
17:21 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
18:03 -!- Haxxa [~Harrison@CPE-124-189-178-236.cxzr1.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
18:33 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:c5f:663c:606b:db11] has joined #openvpn
18:39 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:c5f:663c:606b:db11] has quit [Ping timeout: 256 seconds]
18:55 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
18:59 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:a94f:2e0:6551:be06] has joined #openvpn
19:04 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
19:11 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
19:14 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
19:18 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
19:19 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:33 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
19:45 -!- mikeg3 [~mikeg3@68-191-58-53.dhcp.nwtn.ct.charter.com] has joined #openvpn
19:46 < mikeg3> !welcome
19:47 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
19:47 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:48 < mikeg3> !goal
19:48 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
19:51 < mikeg3> I would like to access the Internet using my VPN service (Private Internet Access) using OpenVPN in OS X Yosemite.  I know the issue is my firewall rules.  What ports/daemons/programs should I be allowing?
19:56 -!- mikeg3 [~mikeg3@68-191-58-53.dhcp.nwtn.ct.charter.com] has quit [Quit: Leaving]
19:56 -!- zmachine [uid53369@gateway/web/irccloud.com/x-wrayebnervqdijnp] has quit [Quit: Connection closed for inactivity]
20:14 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
20:29 -!- Thominus [~Thominus@CPEf46d04cde326-CM84948cd740d0.cpe.net.cable.rogers.com] has joined #openvpn
20:37 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
21:36 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:a94f:2e0:6551:be06] has quit [Remote host closed the connection]
21:39 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
22:13 < voidstar> !/30
22:13 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
22:15 < voidstar> ! Topology
22:15 <@vpnHelper> "Topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
23:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:10 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:11 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 256 seconds]
23:40 -!- ShadniX [dagger@p5481C551.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:41 -!- ShadniX [dagger@p5481CE23.dip0.t-ipconnect.de] has joined #openvpn
23:41 -!- jesopo [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
--- Day changed Sun May 10 2015
00:22 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:394e:ff6c:c556:88e6] has joined #openvpn
00:27 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:394e:ff6c:c556:88e6] has quit [Ping timeout: 256 seconds]
01:24 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:ec1e:cbb7:7b6c:bfa1] has joined #openvpn
02:04 -!- dupondje [~dupondje@artemis.dupie.be] has quit [Ping timeout: 256 seconds]
02:16 -!- sysanthrope [~sysanthro@2601:1:3982:4fca:ec1e:cbb7:7b6c:bfa1] has quit [Remote host closed the connection]
02:22 -!- jesopo [Bit@lolpurr.net] has joined #openvpn
03:11 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:31 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 272 seconds]
04:18 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:19 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:23 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
04:38 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
04:41 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:47 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
04:51 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
05:23 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: No route to host]
05:24 -!- swebb [~swebb@209.131.238.250] has quit [Ping timeout: 272 seconds]
05:28 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
05:35 -!- swebb [~swebb@192.69.22.173] has joined #openvpn
05:52 -!- syedomar [~so@115.134.214.8] has joined #openvpn
05:55 -!- ContactLeft [~user@unaffiliated/contactleft] has quit [Remote host closed the connection]
06:05 -!- sh00p [~sh00p@h149n9-asp-a13.ias.bredband.telia.com] has joined #openvpn
06:05 < sh00p> I have a server configuration with keepalive 10 120, I also have same setting in my client configuration
06:06 < sh00p> yet every 120 damn seconds I loose my connection
06:06 < sh00p> is it better to simply remove keepalive?
06:06 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:17 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:42 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
06:46 -!- Arc- [Arc@h-212-176.a259.priv.bahnhof.se] has joined #openvpn
06:47 < Arc-> !welcome
06:47 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
06:47 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:47 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
06:48 < Arc-> !logs
06:48 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
06:48 -!- kron4eg [~kron4eg@unaffiliated/kron4eg] has joined #openvpn
06:49 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
06:53 < Arc-> Hi, I have newly configured a openVPN tunnel. The OpenVPN server software is installed at location #1 connected directly to the internet (no firewall or router). The OpenVPN client software is installet at location #2 connected directly to the internet (no firewall or router between the devices). When I start the vpn server software, everything looks fine. The same to the client software when
06:53 < Arc-> i start it. My problem is: when i don't use the "redirect-gateway" line, everything works great except that when i run dnsleaktest.com I still have my own public IP-adress. And when I add the redirect-gateway line to the servers config file, I cant browse any website instead. Everything is almost dead. I can see in my network connection that the TAP adapter sends a lot of packets but there is
06:53 < Arc-> a lack of received packets so something seems to be wring with the routing? It's worth to mention that im running both server and client software on windows machines.
06:58 < Arc-> The configurations and status messages can be found here: http://pastebin.com/WsqFkzBY
07:04 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
07:05 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
07:06 -!- kron4eg [~kron4eg@unaffiliated/kron4eg] has left #openvpn ["quit"]
07:27 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:33 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
07:35 -!- JackWinter_ [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
07:44 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
08:00 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
08:09 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
08:09 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:10 -!- sh00p [~sh00p@h149n9-asp-a13.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
08:15 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
08:55 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
08:55 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
08:55 -!- badon_ is now known as badon
09:31 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
09:31 < Arc-> Anyone?
10:14 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
10:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:26 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
10:43 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:46 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
10:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
10:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:54 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
10:55 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
11:33 -!- julius__ [~julius@dslb-092-077-101-146.092.077.pools.vodafone-ip.de] has joined #openvpn
11:33 < julius__> hi
11:33 < julius__> if i have "comp-lzo" in the server config and client1 does NOT have it. it connects fine.  but my other client which wasnt compiled with "lzo" cant connect.
11:34 < julius__> seems kinda weird?
11:34 < julius__> other client has this option not enabled in config
11:47 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Quit: Leaving]
11:47 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
12:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
12:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
12:35 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
12:35 -!- mode/#openvpn [+v s7r] by ChanServ
12:53 -!- zmachine [uid53369@gateway/web/irccloud.com/x-riwxhidlbsfeeumk] has joined #openvpn
12:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
12:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
13:28 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
13:36 -!- YamakasY [57677@xs8.xs4all.nl] has joined #openvpn
13:36 < YamakasY> hi guys
13:37 < YamakasY> why do I need to add the ca to my ovpn file on android ? when I do that openvpn server says the client doesn't return a cert
13:39 -!- Guest86751 [~s7r@openvpn/user/s7r] has joined #openvpn
13:39 -!- mode/#openvpn [+v Guest86751] by ChanServ
13:39 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
13:43 -!- Guest86751 [~s7r@openvpn/user/s7r] has quit [Ping timeout: 272 seconds]
13:46 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
13:47 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
14:36 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
14:44 <+esde> what ca
14:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:58 -!- mode/#openvpn [+o mattock1] by ChanServ
15:03 -!- almost_android [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
15:16 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
15:26 -!- Rahoul [~nicolas@198.27.88.187] has joined #openvpn
15:35 -!- Rahoul [~nicolas@198.27.88.187] has quit [Quit: Konversation terminated!]
15:50 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Disconnected by services]
15:50 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
16:01 -!- Arc- [Arc@h-212-176.a259.priv.bahnhof.se] has quit []
16:04 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
16:06 -!- zmachine [uid53369@gateway/web/irccloud.com/x-riwxhidlbsfeeumk] has quit [Quit: Connection closed for inactivity]
16:08 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:19 -!- almost_android [~almostwor@unaffiliated/almostworking] has joined #openvpn
16:38 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
17:11 -!- julius__ [~julius@dslb-092-077-101-146.092.077.pools.vodafone-ip.de] has quit [Ping timeout: 245 seconds]
17:11 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
17:34 -!- esde [~esde@openvpn/user/esde] has quit [Max SendQ exceeded]
17:35 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
17:35 -!- mode/#openvpn [+v esde] by ChanServ
17:38 -!- esde [~esde@openvpn/user/esde] has quit [Max SendQ exceeded]
17:56 -!- syedomar [~so@115.134.214.8] has quit [Ping timeout: 255 seconds]
18:02 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:16 -!- adsjlkdk [~gentoo@cpe-76-168-27-154.socal.res.rr.com] has joined #openvpn
18:21 -!- mikeg3 [~mikeg3@68-191-58-53.dhcp.nwtn.ct.charter.com] has joined #openvpn
18:21 < mikeg3> !howto
18:21 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
18:33 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
18:40 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
18:44 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:53 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
18:58 -!- adsjlkdk [~gentoo@cpe-76-168-27-154.socal.res.rr.com] has quit [Quit: leaving]
19:03 -!- mikeg3 [~mikeg3@68-191-58-53.dhcp.nwtn.ct.charter.com] has quit [Ping timeout: 255 seconds]
19:25 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 276 seconds]
19:29 < unicodesnowman> So my openVPN clients report being disconnected due to the inactivity timeout sporadically
19:29 < unicodesnowman> I've increased the keepalive, doesn't work
19:30 < unicodesnowman> All the resources I can find online refers to people using the same profile multiple times, but I am using duplicate-CN
19:32 < unicodesnowman> how can i fix this :?
19:39 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
19:43 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
19:43 -!- mode/#openvpn [+v esde] by ChanServ
20:01 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
20:01 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
20:04 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Client Quit]
20:06 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
20:10 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Client Quit]
20:15 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
21:02 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 272 seconds]
21:31 -!- zmachine [uid53369@gateway/web/irccloud.com/x-excoqkwozicyhdpi] has joined #openvpn
21:51 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
22:13 -!- Isai [Agent_Isai@unaffiliated/agentisai] has quit [Read error: Connection reset by peer]
23:19 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
23:27 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:29 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 252 seconds]
23:40 -!- ShadniX [dagger@p5481CE23.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:41 -!- ShadniX [dagger@p5481DA39.dip0.t-ipconnect.de] has joined #openvpn
23:46 -!- zmachine [uid53369@gateway/web/irccloud.com/x-excoqkwozicyhdpi] has quit [Quit: Connection closed for inactivity]
23:48 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
--- Day changed Mon May 11 2015
00:09 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit []
00:17 -!- zalami_ [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 256 seconds]
00:21 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
01:28 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
01:30 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:46 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:46 -!- mode/#openvpn [+o mattock2] by ChanServ
01:51 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:06 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:10 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
02:12 -!- almost_android [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
02:12 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
02:30 -!- lemonxah [~lemonxah@5.175.146.142] has joined #openvpn
02:32 -!- lemonxah [~lemonxah@5.175.146.142] has quit [Read error: Connection reset by peer]
02:42 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:45 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
02:49 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:05 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 272 seconds]
03:07 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
03:07 -!- mode/#openvpn [+v esde] by ChanServ
03:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
03:34 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
03:39 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
03:44 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
03:50 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:53 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
03:53 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
03:53 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
03:54 -!- almost_android [~almostwor@unaffiliated/almostworking] has joined #openvpn
03:57 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:58 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
04:45 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 256 seconds]
05:02 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
05:18 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
05:20 -!- dazo_afk is now known as dazo
05:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
05:31 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
05:55 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
06:05 -!- almost_android is now known as almostworking
06:06 -!- mrtnt [~martint@martint.data.ee] has joined #openvpn
06:07 < mrtnt> Is it possible to create an OpenVPN tun connection between two hosts in the same LAN?
06:08 < mrtnt> I have two machines 192.168.1.34/24 and 192.168.1.111/24 and would like that all the traffic between those two hosts go through encrypted OpenVPN tunnel.
06:22 < cm_> mrtnt, AFAIK: no easy way to do that with OpenVPN, appart from creating VPN on another subnet for the vpn itself and communicating through thoses IP only. Easier with IPSEC as its a buildin feature. ("Oportunistic encryption")
06:47 <@plaisthos> yeah setup a VPN with a different IP and then add specific routes for that
06:48 <@plaisthos> like route add 192.168.0.77 10.0.0.2
06:48 <@plaisthos> (assuming 10.0.0.2 is the VPN and 192.168.0.77 the lan IP of the other host)
06:48 <@plaisthos> but yes IPSec was designed with a use case like that in mind
06:51 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Ping timeout: 276 seconds]
06:54 < mrtnt> cm_, plaisthos: thanks!
06:56 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
07:01 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
07:10 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
07:33 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has quit [Ping timeout: 256 seconds]
07:37 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has joined #openvpn
07:52 -!- jnz [~jnz@unaffiliated/jnz] has joined #openvpn
07:52 < jnz> o/
07:52 < jnz> hi!
07:56 <+esde> !welcome
07:56 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
07:56 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
07:56 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
07:57 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
08:02 < jnz> Having some issues with my openvpn: client config: https://gist.github.com/thejhnz/a68e8868ebf6f6df12c9
08:03 <@vpnHelper> Title: gist:a68e8868ebf6f6df12c9 (at gist.github.com)
08:03 < jnz> and ill get server conf just a sec
08:03 < jnz> issue is that i cannot access any sites once connected
08:04 < jnz> server conf: https://gist.github.com/thejhnz/15cabb67b698cfec8eb9
08:04 <@vpnHelper> Title: gist:15cabb67b698cfec8eb9 (at gist.github.com)
08:05 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
08:06 < jnz> cant ping IPs or anything
08:08 -!- moparisthebest [~mitb@unaffiliated/moparisthebest] has left #openvpn ["Parted"]
08:09 < jnz> any idea?
08:11 <@dazo> !logs
08:11 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
08:12 <@dazo> jnz: ^^ ... and please clean up your server config before re-pasting it .... all those comments gives us eye cancer
08:12 < jnz> haha sorry
08:15 < jnz> https://gist.github.com/thejhnz/156d1cf12724b678645b
08:15 <@vpnHelper> Title: gist:156d1cf12724b678645b (at gist.github.com)
08:15 < jnz> client log
08:16 <@dazo> yuck ... windows client :/ .... which windows version?
08:16 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
08:16 < jnz> https://gist.github.com/thejhnz/7c385d07483e7a136e64
08:16 <@vpnHelper> Title: gist:7c385d07483e7a136e64 (at gist.github.com)
08:16 < jnz> server
08:16 < jnz> windows 7
08:17 < jnz> "bad source address from client
08:17 <@dazo> so you cannot ping 10.8.0.1 from the windows client?
08:17 < jnz> ill try now
08:18 < jnz> when connected yes
08:18 < jnz> i can
08:18 <@dazo> good
08:18 <@dazo> those "bad source address from client [fe80::4057:5e1b:b1df:807a], packet dropped" can be ignored for now
08:18 < jnz> ok
08:19 <@dazo> that's Windows spewing out some IPv6 packets ... because Windows doesn't have native support for tun devices (only tap), so it believes it is a tap device (because OpenVPN emulates the tun mode)
08:19 <@dazo> !serverlan
08:19 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
08:20 < jnz> should i change it to tap ?
08:20 < jnz> the openvpn server
08:21 <@dazo> no, don't do that ... I believe there will come some fixes to not passing over this traffic on windows when being in tun mode
08:22 < jnz> hmm
08:22 <@dazo> the openvpn server just tells it ignores packets it doesn't know where belongs too ... which isn't odd, as particularly these packets from windows doesn't really belong on the tunnel ... disable IPv6 on the windows tap adapter (unless you need ipv6)
08:23 < jnz> dont need ipv6 disabled
08:25 <@dazo> jnz: so ... this vpn tunnel ... you want to reach the internet via this tunnel, or you want to access LAN behind a server?
08:25 < jnz> the internet
08:25 < jnz> dont need the lan
08:25 < jnz> it is a VPS
08:25 <@dazo> jnz: look at this one ... http://pekster.sdf.org/misc/redirect.png
08:26 < jnz> ok
08:26 < jnz> redirect is enabled
08:26 < jnz> cant ping 8.8.8
08:27 <@dazo> the only "trouble" with that flowchart ... is that the secure-computing.net it mentions at some point is down at the moment ... so when reaching there, use another service to identify your public IP
08:27 < jnz> i enabled ip forwarding
08:30 < jnz> ahh
08:30 < jnz> maybe iptables masquerade?
08:31 <@dazo> perhaps ... as well as proper rules in FORWARD
08:32 < jnz> need to find thread that had config for openvz
08:35 < jnz> that was issue
08:35 < jnz> :)
08:35 < jnz> ty for help
08:36 <@dazo> yw!
08:36 < jnz> is there a way to make the vpn only use specific ports?
08:36 < jnz> or forward specific ports
08:37 <@dazo> !byapp
08:37 <@dazo> !routebyapp
08:37 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on defined
08:37 <@vpnHelper> policies you set. For Linux, read about !lartc
08:37 < jnz> !sockd
08:37 <@vpnHelper> "sockd" is if you want !routebyapp you can use this dante config www.ircpimps.org/sockd.conf but BE SURE TO ONLY RUN THIS ON THE INTERNAL VPN IP! otherwise you will be an open proxy. that config has no security because its expected to run inside openvpn
08:44 -!- DonRichie [~DonRichie@ricl.de] has quit [Read error: Connection reset by peer]
08:47 -!- flyingkiwi [~flyingkiw@nat.hamburg.contentfleet.com] has joined #openvpn
08:49 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
08:49 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
08:54 < jnz> what does comp-lzo do?
08:55 -!- DonRichie [~DonRichie@ricl.de] has quit [Read error: Connection reset by peer]
08:55 <@dazo> !man
08:55 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
08:59 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
08:59 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
09:02 -!- DonRichie [~DonRichie@ricl.de] has quit [Read error: Connection reset by peer]
09:13 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 244 seconds]
09:13 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
09:35 -!- zheng [~zheng@116.230.206.208] has quit [Quit: Leaving]
09:39 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
09:39 -!- zheng [~zheng@116.230.206.208] has quit [Max SendQ exceeded]
09:39 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
09:51 -!- zheng [~zheng@116.230.206.208] has quit [Remote host closed the connection]
09:54 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Remote host closed the connection]
09:56 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
10:16 -!- kash [~kash@unaffiliated/kash] has quit [Ping timeout: 256 seconds]
10:17 -!- ValdikSS [~valdikss@92.42.31.58] has joined #openvpn
10:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:27 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has joined #openvpn
10:27 < dimitry7> Hello Guys, I am getting this error: May 11 03:03:39 localhost ovpn-laredo[1205]: TLS Error: local/remote TLS keys are out of sync: [AF_INET] X.X.X.X
10:27 < dimitry7> although my VPN connection is working good... that error appears like every 12 hours
10:28 < dimitry7> the connection drops like 3 minutes and then it's ok again... what can I do to correct it?
10:29 < dimitry7> Server Config: http://paste.incorrigible.me/xinafuyomu.hs
10:29 < dimitry7> Client Config: http://paste.incorrigible.me/ejowesanum.hs
10:31 <+esde> without looking at anything first, is the time accurate on each machine?
10:32 < dimitry7> esde, hi man! I've just executed $ date and yes, each is Mon May 11 10:31:34 CDT 2015
10:33 <+esde> set verb 4 at server, pastebin a more complete log once the changes have been reloaded
10:35 < dimitry7> esde, okay, I set verb 4, I will be logging everything and get back here man!
10:35 < dimitry7> Thank you!!!
10:37 < dimitry7> esde, I restarted both ends, this error appears first, but then it is able to connect: ovpn-laredo[28514]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
10:38 < dimitry7> esde, sounds like firewall right?
10:39 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
10:41 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 276 seconds]
10:42 < dimitry7> just double check my firewall rules in both ends and it is allowed both the traffic incoming from the LAN and the port open to the external IPs
10:44 <+esde> !iptables-show
10:44 <+esde> secure-computing.net still down..............
10:44 <+esde> !iptables-save
10:45 <+esde> !iptables
10:45 <@vpnHelper> "iptables" is (#1) To test if netfilter ("iptables rules") are your problem, disable all rules with an ACCEPT policy. See https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules for a script to do this. or (#2) See also the manpage section on firewalls at this link: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbBG or (#3) These are just the basics to get you started
10:45 <@vpnHelper> as firewall design is beyond this channel's scope; you can also see #netfilter
10:45 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
10:45 <+esde> I was hoping for the factoid explaining how to show us your iptables but I cant find it.
10:48 < dimitry7> esde, one of them is in Amazon
10:48 < dimitry7> EC2
10:48 -!- fred`` [fred@earthli.ng] has joined #openvpn
10:48 < dimitry7> no iptables there. the other end, it just has 2 input rules, one for the subnet 172.16.1.0/25
10:48 < dimitry7> the other for the UDP VPN port 1198
10:55 < dimitry7> when I restarted the openvpn service, every cliend showed the same error, but then all were able to connect
10:56 < dimitry7> * client
10:56 < dimitry7> I don't think it is my firewalls, I've checked all of them and every rules is OK, besides, if the rule wasn't ok, it just would never connect me, and it does
11:00 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:10 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Quit: Farewell.]
11:11 -!- Vercas_ [~Vercas@unaffiliated/vercas] has joined #openvpn
11:12 -!- Vercas_ [~Vercas@unaffiliated/vercas] has quit [Client Quit]
11:13 -!- Vercas_ [~Vercas@unaffiliated/vercas] has joined #openvpn
11:14 -!- Vercas_ [~Vercas@unaffiliated/vercas] has quit [Client Quit]
11:23 -!- Vercas_ [~Vercas@unaffiliated/vercas] has joined #openvpn
11:25 -!- jnz [~jnz@unaffiliated/jnz] has quit [Ping timeout: 265 seconds]
11:27 -!- Vercas_ is now known as Vercas
11:28 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 244 seconds]
11:29 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has quit [Ping timeout: 244 seconds]
11:32 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
11:35 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
11:42 <@krzee> esde,
11:42 <@krzee> !factoids
11:42 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
11:42 <+esde> except the doain is still down
11:42 <+esde> *m
11:42 <@krzee> !factoids search --values iptables-save
11:42 <@vpnHelper> 'iptables-rules' and 'netfilter'
11:42 <@krzee> oh right, ouch
11:42 <@krzee> ecrist, ping ^
11:43 <+esde> ahhh that's how you search
11:43 <@krzee> ill shoot him an sms
11:43 <@krzee> !iptables-rules
11:43 <@vpnHelper> "iptables-rules" is When posting iptables rules, please use the `iptables-save` syntax as it is easiest to read. While we try to be helpful, #netfilter may be more appropriate for complex netfilter issues
11:43 <+esde> !factoids search --values beer
11:43 <@vpnHelper> No keys matched that query.
11:43 <+esde> !beer
11:43 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
11:43 <@krzee> not in values
11:43 <@krzee> !factoids search beer
11:43 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
11:43 <@krzee> !factoids search be
11:43 <@vpnHelper> 'bestos', 'beer', and 'asbestos'
11:44 <+esde> !factoids search linip
11:44 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
11:44 <+esde> ooooh shiny!!!
11:45 <@krzee> !asbestos
11:45 <@vpnHelper> "asbestos" is as best os: freebsd sukka! (according to krzee)
11:45 <@krzee> lol
11:45 <@krzee> !bestos
11:46 <@vpnHelper> "bestos" is the best os for openvpn is the one you are most comfortable with
11:52 -!- ValdikSS [~valdikss@92.42.31.58] has quit [Ping timeout: 272 seconds]
12:21 -!- Patuck [~Patuck@unaffiliated/patuck] has joined #openvpn
12:27 < Patuck> Hi, I am trying to create a OpenVPN network (tap) of about 10 clients and 3 servers.
12:28 < Patuck> I want the servers to act as redundant failovers ie if server 1 fails 2 and 3 will take over.
12:28 < Patuck> I understand that defining multiple servers in the client config allows the client to connect to a server at random and try a different server if the connection fails.
12:28 < Patuck> My problem is my application requires all clients to be on the same broadcast domain.
12:29 < Patuck> Is it possible to setup OpenVPN in such a way that client x on server 1 sees client y on server 2 as being on the same broadcast domain.
12:29 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
12:57 -!- Janos [~cramos@190.113.106.60] has joined #openvpn
13:11 -!- Arc- [~Pickaboo@h-212-177.a259.priv.bahnhof.se] has joined #openvpn
13:11 < Arc-> !ovpnuke
13:11 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
13:12 < Arc-> Hi, I have newly configured a openVPN tunnel. The OpenVPN server software is installed at location #1 connected directly to the internet (no firewall or router). The OpenVPN client software is installed at location #2 connected directly to the internet (no firewall or router between the devices). When I start the vpn server software, everything looks fine. The same to the client software when
13:12 < Arc-> i start it. My problem is: when i don't use the "redirect-gateway" line, everything works great except that when i run dnsleaktest.com I still have my own public IP-adress. And when I add the redirect-gateway line to the servers config file, I cant browse any website instead. Everything is almost dead. I can see in my network connection that the TAP adapter sends a lot of packets but there is
13:12 < Arc-> a lack of received packets so something seems to be wring with the routing? It's worth to mention that im running both server and client software on windows machines.
13:13 <+esde> Why are you using tap?
13:13 < Arc-> What should I use?
13:13 <+esde> !tunortap
13:13 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
13:13 <@vpnHelper> rooted/jailbroken) support only tun
13:14 < Arc-> but im using tun
13:14 <+esde> >TAP adapter sends a lot of packet
13:14 <+esde> then why are you using a tap adapter?
13:15 < Arc-> My configs and status info can be found here: http://pastebin.com/WsqFkzBY
13:15 < Arc-> Well, the openvpn software installed the tap adapter ..
13:15 <+esde> !configs
13:15 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:15 <+esde> !logs
13:15 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
13:16 <+esde> please post the configs and logs as the factoids above describe.
13:16 <+esde> We will not read them with the commenting you provided
13:16 < Arc-> Ok, sure!
13:16 < Arc-> One moment
13:17 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has quit [Read error: Connection reset by peer]
13:19 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
13:20 < Arc-> Here: http://pastebin.com/yitw4VX6
13:21 <+esde> oh boy windows! /s
13:21 <+esde> !winipforward
13:21 <@vpnHelper> "winipforward" is (#1) http://support.microsoft.com/kb/315236 to enable ip forwarding on windows or (#2) reboot after enabling it
13:21 <+esde> !redirect
13:21 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
13:21 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
13:21 < Arc-> I know. My linux box died yestarday :/
13:26 -!- Denial [~Denial@81.141.23.254] has quit [Ping timeout: 244 seconds]
13:26 -!- Latrina [~Latrina@ppp-138-34.26-151.libero.it] has quit [Ping timeout: 244 seconds]
13:26 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 244 seconds]
13:26 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 244 seconds]
13:26 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 244 seconds]
13:26 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Ping timeout: 244 seconds]
13:26 -!- RoyK [~roy@77.88.71.251] has quit [Ping timeout: 244 seconds]
13:26 <+esde> what you need is more or less in the factoids i just used, if you have any specific questions, just ask!
13:26 -!- Denial- [~Denial@81.141.23.254] has joined #openvpn
13:26 < Arc-> Thank you!
13:26 < Arc-> !def1
13:26 < Arc-> hmm
13:26 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
13:26 < Arc-> !ipforward
13:26 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
13:26 <+esde> !def1
13:26 <+esde> !ipforward
13:26 < Arc-> But the TAP adapter in windows, can I just forget that one?
13:26 <+esde> peculiar
13:26 -!- crus` [~crusader@124-171-51-25.dyn.iinet.net.au] has joined #openvpn
13:26 -!- JordiGH [~jordi@octave/developer/JordiGH] has joined #openvpn
13:26 < Arc-> as I have enabled the TUN
13:26 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
13:26 <+esde> krzee, any idea why vpnHelper is being insubordinate?
13:26 < JordiGH> NetworkManager is not connecting to the VPN at all. I couldn't find instructions online on how to use OpenVPN from the CLI. What should I read?
13:26 -!- Netsplit *.net <-> *.split quits: NP-Hardass, moviuro, seg, Maxels
13:26 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
13:26 <@krzee> !ping
13:26 <@krzee> esde, netsplit ^
13:26 <+esde> JordiGH, !howto
13:26 < Arc-> Ah net split
13:26 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 256 seconds]
13:26 <+esde> when vpnHelper gets back
13:26 <+esde> thanks :/
13:26 < JordiGH> We're not netsplit from it.
13:26 < JordiGH> !howto
13:26 < Arc-> !def1
13:26 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
13:26 <+esde> It's netsplit from us dum-dum
13:26 <@vpnHelper> pong
13:26 <@krzee> its not seeing those, its either lagged or splitting
13:26 <@krzee> you see a ghost most likely
13:26 < Arc-> probablt lagged..
13:26 < Arc-> probably*
13:26 < JordiGH> esde: It doesn't seem to be netsplit from us, no.
13:26 < Patuck> Hi, is it possible to setup OpenVPN in such a way that client x on server 1 sees client y on server 2 as being on the same broadcast domain.
13:26 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:26 <+esde> I miss the great kazoo
13:26 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
13:26 <+esde> weeeeeeeeeeeee
13:26 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
13:27 < Arc-> Haha
13:27 < JordiGH> esde:  Was just lagged.
13:27 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
13:27 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
13:27 -!- Netsplit over, joins: moviuro, NP-Hardass, Maxels, seg
13:27 <+esde> the joke, btw https://www.youtube.com/watch?v=K9u7ZDLoH-I
13:27 < Janos> hello, got a question and google is not spitting anything out. Is there any way to tell OpenVPN to restrict connections based on a schedule ? For example user1 can only connect from 8am to 4pm ?
13:27 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
13:27 -!- mode/#openvpn [+o pekster] by ChanServ
13:27 -!- Latrina [~Latrina@ppp-138-34.26-151.libero.it] has joined #openvpn
13:28 <+esde> Janos, we need more information, see !welcome as the topic suggests, also  !configs and !logs
13:28 -!- x5eb is now known as _0x5eb_
13:29 <+esde> JordiGH, !howto
13:29 < Arc-> !nat
13:29 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
13:29 < JordiGH> Yeah, got it, great.
13:30 < JordiGH> Now... any clue wtf NetworkManager won't do openvpn at all right now?
13:30 <+esde> Network mangler sucks
13:30 < JordiGH> But yay, at least I'm VPN'ed now.
13:30 <+esde> dont use it
13:30 < JordiGH> So I take it you don't know.
13:30 < Janos> !welcome
13:30 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:30 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:30  * esde ignore list augmented
13:32 < Janos> !logs
13:32 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
13:32 < Janos> !configs
13:32 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:36 < Patuck> Hi, is it possible to setup OpenVPN in such a way that client x on server 1 sees client y on server 2 as being on the same broadcast domain.
13:36 -!- JordiGH [~jordi@octave/developer/JordiGH] has left #openvpn ["Leaving"]
13:38 < Janos> esde, well no idea what else i could add to my question, I would like to restrict access to my OpenVPN server based on access hours. So yes/no question, does OpenVPN provides any way to restrict access based on time of the day ?
13:40 < Patuck> Janos: a quick hack, but run a cron script to start/stop the server at appropriate times
13:42 -!- julius__ [~julius@dslb-092-077-101-146.092.077.pools.vodafone-ip.de] has joined #openvpn
13:42 < julius__> hi
13:44 < Janos> Patuck, thanks, that would certainly work if I had to restrict everyone. Any idea on how to achieve this on a per user basis ? I suppose this would go to the ccd
13:45 < Janos> or some kind of post-connection script maybe ?
13:46 < Janos> i think client-connect would work, just want to make sure i don't end up reinventing the wheel
13:46 -!- julius__ [~julius@dslb-092-077-101-146.092.077.pools.vodafone-ip.de] has quit [Read error: Connection reset by peer]
13:58 < Arc-> If I have activated tun, why does the system output of openVPN say: Mon May 11 20:57:02 2015 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{751C1EB0-09EE-41FF-B6C3-642BFB8937E2}.tap?
14:01 -!- passt_ [~passt@p5DC9F641.dip0.t-ipconnect.de] has joined #openvpn
14:02 < Arc-> !sample
14:02 <@vpnHelper> "sample" is (#1) http://www.ircpimps.org/openvpn.configs for a working sample config or (#2) DO NOT use these configs until you understand the commands in them, read up on each first column of the configs in the manpage (see !man) or (#3) these configs are for a basic multi-user vpn, which you can then build upon to add lans or internet redirecting
14:03 < Arc-> !howto
14:03 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
14:21 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 265 seconds]
14:29 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
14:32 -!- passt_ [~passt@p5DC9F641.dip0.t-ipconnect.de] has left #openvpn []
14:34 < Arc-> def1, winipforwarding and nat fixed, but I still cant browse the internet on my client ;/
14:35 < Arc-> No response to ping 8.8.8.8
14:35 <+esde> Janos, there is not out of the box way to do what you're asking. Openvpn does not have any time control to it. Patuck may be on to something with his suggestion
14:38 <+esde> Arc-, set verb to 4, restart openvpn and gather fresh logs pls
14:38 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
14:38 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
14:39 -!- badon_ is now known as badon
14:41 < Arc-> esde, Server status log with verb 4 --> http://pastebin.com/g9sYqXYg
14:43 < Arc-> and Client status log with verb 4 --> http://pastebin.com/zWpy1xs5
14:43 <+esde> let's see fresh configs too pls, the one's im seeing dont have def1 mentioned
14:43 < Arc-> Yes one sec
14:44 < Janos> esde, thanks a lot, I will investigate the connect-connect command which should do the trick
14:44 <+esde> !management
14:44 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read https://github.com/OpenVPN/openvpn/blob/release/2.3/doc/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN or (#3) Enable with `--management 127.0.0.1 1234` (adjust port to taste.) See the manpage for pw and socket options
14:45 < Arc-> esde, http://pastebin.com/J3FacPFS <-- client and server confs
14:46 <+esde> Why are you using mssfix and tun-mtu? Remove those for now
14:46 < Arc-> Okay.
14:46 <+esde> or comment them out
14:46 < Arc-> Done
14:48 <+esde> try it now
14:53 < Arc-> Still no response when I try to ping google or 8.8.8.8
14:54 < Arc-> But I can rdp to my win 2012 server, hmm
14:56 -!- dukebarman [~dukebarma@91.226.164.63] has joined #openvpn
14:56 <+esde> is that 2012 server machine local?
14:57 < Arc-> you mean in my private network at home? No its placed outside my network
14:58 < Arc-> And that's the server running the OpenVPN software
15:00 <+esde> the client can connect, can't ping google or 8.8.8.8, but can reach an outside machine through an rdp session.
15:02 < Arc-> Skype doesnt work either
15:03 < Arc-> Yes you are correct about that.
15:04 <+esde> You might need someone better acquainted with openvpn and windows to assist. openvpn as a server on windows is foreign to me
15:04 < Arc-> I see.
15:04 < Arc-> Can you see this?
15:05 < Arc-> I could connect to my ftp server on that server 2012 machine also
15:06 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 272 seconds]
15:09 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has joined #openvpn
15:09 < markkp> !welcome
15:09 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:09 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:09 < markkp> !goal
15:09 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:09 < Arc-> esde, thanks for your help anyway. But I assume that the OpenVPN setup is correct on my machines? I guess there's something related to the win 2012 server software..
15:10 <+esde> exactly what im thinking
15:10 <+esde> and i dont have enough experience troubleshooting openvpn as a server on windows, to be of any help
15:11 < Arc-> But what if I am behind a router now?
15:11 < markkp> Hi all - I'm having a bit of trouble with soring out port forwarding for my server. I'm using PIA who provide port forwarding if you do a thing. How would I check my port is actually open? I'm rather new to this. Cheers!
15:11 <+esde> http://canyouseeme.org
15:11 <@vpnHelper> Title: Open Port Check Tool (at canyouseeme.org)
15:11 <+esde> is a good tool markkp
15:11 < markkp> So I'm on a shell without a gui
15:11 <+esde> huh?
15:12 < markkp> I came across that site when I googled, but I don't have a web browser in the command line
15:12 < Arc-> I have forwarded the correct ports in my standalone router and in the server rules of the 2012 machine
15:12 <+esde> nmap?
15:12 < markkp> righto i'll check it out, cheers
15:12 <+esde> https://stackoverflow.com/questions/1168317/check-status-of-one-port-on-remote-host
15:12 <@vpnHelper> Title: command line - check status of one port on remote host - Stack Overflow (at stackoverflow.com)
15:13 <+esde> nmap -A 192.168.0.5/32 -p 23 (an example from the link)
15:13 < markkp> so I run that command on my mac, say, to check if the port is open on my server
15:13 < markkp> whilst the server is connected to the vpn
15:14 < markkp> i'll try it, thanks!
15:15 <+esde> Actually, you should be going to PIA for help
15:15 < markkp> I tried, they're useless
15:15 < markkp> it seems to work on their end, I tried it sucesfully using their mac client on my mac
15:16 < markkp> but i'm trying to get it working without a client on my server, so i guess it's my end of things that's misconfigured
15:16 <+esde> bingo
15:16 <+esde> it's all about how they have it configured
15:16 < markkp> yeah. i'm fairly experienced with *nix, but totally new with openvpn
15:17 <+esde> thankfully, openvpn is very well documented and actively developed
15:17 < markkp> :)
15:17 <+esde> if you controlled the server, your goal is trival
15:17 <+esde> *ia
15:17 <+esde> but without control, you're at their mercy
15:18 < markkp> one more question, is it necessary to port forward 1194 on my router to server?
15:18 < markkp> it seems like i'm getting some errors here
15:20 <+esde> no
15:21 <+esde> if you're only a client, and have no services you want to listen, you need no ports forwarded.
15:21 <+esde> the server needs the openvpn service port open but that's it
15:21 < markkp> iptables and so forth
15:22 <+esde> im strictly speaking in terms of openvpn
15:22 < markkp> right, i'm getting TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) which I assume is because a firewall is blocking me somewhere
15:22 < Arc-> Hm, esde, I browsed canyouseemee.org on my server and it wont access the port 1194. It may be something..
15:23 <+esde> Arc-, your connection per se is fine. It completes initialization on both ends if i read your logs correctly
15:23 <+esde> your issue is probably routing or firewall related
15:24 <+esde> could be markkp what is your client setup? (we know server is PIA, right)?
15:24 < Arc-> Okay.
15:24 < markkp> well i'm testing it on my rpi atm before I put it into production on my freebsd box
15:25 < markkp> i'll try and figure this one out, I don't want to burden you :)
15:25 <+esde> I dont mind
15:25 < markkp> oh well cheers :)
15:25 <+esde> I'm trying to figure out your setup. So the client is rpi?
15:26 < markkp> for now, yes
15:26 <+esde> Great, freebsd you mentioned?
15:26 < markkp> yes, that will be my acutal client, once I know it can work
15:27 <+esde> Any external firewalls?
15:27 < markkp> I'm using the RPI for testing it all out
15:27 <+esde> Did you check them to see if they're blocking the connection? Sometimes by filtering services become a bit overzealous
15:27 <+esde> *m
15:29 < markkp> I'm trying to see that now
15:29 < markkp> I did nmap 1194 to the rpi from my mac and it's closed
15:30 <+esde> so we're clear, our goal at this point is only to get the rpi connected to PIA as a client. Then we can proceed from there. Are we on the same page?
15:30 < markkp> Yep
15:30 <+esde> Then that port does not need to be open.
15:30 < markkp> I mean I can do that, but it reconnecst every 5 seconds
15:30 < markkp> or so
15:31 <+esde> Ok no we're cooking
15:31 <+esde> Can you set verb to 4 if it's not already and post some client logs?
15:32 < markkp> one sec
15:34 < markkp> yeah there we go
15:34 < markkp> http://pastebin.com/tkTXYC0E
15:35 <+esde> can we get a more complete portion, please?
15:36 < markkp> sure, you want like the whole thing?
15:37 <+esde> try this telnet 46.166.188.201 1194 on the rpi
15:37 < markkp> http://pastebin.com/bUEUh2ZM
15:37 <+esde> notice you get connection refused almost immediately?
15:37 < markkp> yeah
15:37 <+esde> now try telnet 8.8.8.8 3543 or some other random ip and port, and notice how it hangs
15:38 < markkp> oh wait one sec
15:38 <+esde> it's listening and ready for you to connect, something else is interfering
15:38 < markkp> I have to install telnet first ....
15:38 < markkp> hah
15:38 <+esde> ahhhhhhhhhhhhhhh
15:38 <+esde> rpi
15:38 <+esde> storage comes at a premium :P
15:38 < markkp> yep
15:39 < markkp> maybe we should just be doing this straight on my server hmm
15:39 < markkp> man I hate putting you through this!
15:40 <+esde> Whatever you'd like, i'll need to live within the half hour. Try the first telnet command first, if it does what i said, you know that openvpn /should/ work. if it hangs with the vps providers ip and port, something is wrong. hanging means there's nothing listening or accepting connections
15:41 <+esde> To be clear (to anyone following along at home), that telent command is not a clearcut command to prove openvpn is working. just that a port is open and something is listening on it.
15:42 < markkp> Ok thanks, I'm installing it all on the my bsd box now
15:42 < markkp> seeing as now apt-get install is just hanging
15:42 < markkp> lol
15:46 < markkp> gaaaah
15:46 < markkp> Mon May 11 21:45:56 2015 Sorry, 'Auth' password cannot be read from a file
15:47 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
15:49 -!- ShadniX_ [dagger@p5481DA39.dip0.t-ipconnect.de] has joined #openvpn
15:50 -!- Arc- [~Pickaboo@h-212-177.a259.priv.bahnhof.se] has quit []
15:50 -!- ShadniX [dagger@p5481DA39.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
15:50 -!- ShadniX_ is now known as ShadniX
15:52 < markkp> esde ok! I'm rocking it on my bsd box without problems it seems
15:52 <+esde> sweet
15:52 < markkp> the telnet thing like you said is true though still
15:52 < markkp> it refuses immediately on 1194
15:53 < markkp> and it's hanging on 3543
15:53 < markkp> I don't know if that's going to be a problem
15:54 -!- s7eele [~AndChat52@208.167.254.112] has joined #openvpn
15:54 <+esde> that was just an arbitrary port number, if it's refusing with telnet, it's listening. If you can't connect on the same port with openvpn, there's a problem.
15:55 -!- forgotten [~forgotten@wmfb.co] has joined #openvpn
15:55 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
15:55 < Abbott> I am trying to setup OpenVPN on my linux box in my apartment. I want it to be reachable from outside of my network. I am forwarding port 1194 to my server on my router and I am trying to setup the .confs now. I am using this: https://wiki.debian.org/OpenVPN#Installation to set it up and I have the confs set up like this: http://pastie.org/pastes/10183200/text?key=bm0athdvxagk9uuu2kqfa
15:55 <@vpnHelper> Title: OpenVPN - Debian Wiki (at wiki.debian.org)
15:55 < Abbott> but I think i need to change one of the IP's to make it reachable from outside the LAN, right?
15:56 <+esde> !walkthrough
15:56 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
15:56 <+esde> !welcome
15:56 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
15:56 <+esde> !howto
15:56 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:56 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
15:57 < forgotten> Hello all.  I recently upgraded my OpenBSD 5.6 server to OpenBSD 5.7.  Since then i am recieving the "MULTI: bad source address from client:  Packet Dropped" messages when attempting to utilze my VPN.  Nothing has changed on the client / server config.  Only difference is openvpn 2.3.2 package was upgraded to 2.3.6.   Any ideas what could be causing the bad source address problem from clients?   I attempted to fix with the ccd folder and creating file per cl
15:57 < Abbott> thank you esde lol
15:57 < markkp> Ok so esde, I've opened the port (or supposedly) on my server
15:58 < markkp> how do I test that it's actually open? nmapping to it shows that it's closed
15:58 <+esde> You don't need to "open" anything on your server if it's running openvpn as a client.
15:58 < markkp> nmap -A 192.168.1.108 -p 48814 = 48814/tcp closed unknown
15:58 < markkp> Oh no I meant
15:58 < markkp> port forwading
15:58 < markkp> like for a torrent client
15:58 <+esde> so openvpn is connected now?
15:59 < markkp> openvpn is connected yep
15:59 < markkp> that's all fine and dandy it seems
15:59 <+esde> GREAT that was my confusion
15:59 < markkp> aha sorry!
15:59 < markkp> my apoligies
15:59 <+esde> I have to run now unfortunately
16:00 <+esde> but i will be on later and should be able to help
16:00 < markkp> ok thanks
16:03 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
16:04 < pie_> !p2p
16:04 <@vpnHelper> "p2p" is "statickey" is (#1) you can use static keys by using --secret </path/to/key> or (#2) static keys only work for ptp links, not client/server. They also do not provide forward encryption. A forward-secure encryption scheme (such as openvpn uses with certs) protects secret keys from exposure by evolving the keys with time. or (#3) see !forwardsecurity for more info
16:04 < pie_> uh. so basically i want to have a p2p connection between 2 nodes, is there a good way to do that? i want to set up a 3way site-to-site vpn
16:05 < pie_> the 3rd node would need to act like a client since its behind nat
16:14 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
16:16 < forgotten> this is driving me batty
16:19 <@pekster> pie_: p2p topology (not to be confused with the p2p topology, see !topolgoy for reading on that) is strictly between 2 endpoints; there's no possibility for any more, and no support to push options from the "server" since there really isn't a defined server vs client
16:20 <@pekster> mode p2p, rather (verses the --topology p2p)
16:21 < pie_> i wasnt clear at all, basically i have 3 nodes that i want connected to eachother. I suppose that would require running 2 daemons on each :/ and routes and firewall rules would probably be able to handle the packet juggling
16:22 <@pekster> Or just run a TLS server and you can have your 2 other nodes act as clients to that endpoint
16:22 -!- mode/#openvpn [+v-o pekster pekster] by pekster
16:23 < pie_> it would be nice if two adjacent peers wouldnt need to route through a third
16:23 < pie_> but i guess i should try the client mode stuff and see what the latency is
16:24 <+pekster> Right, that's the trade off is if you have Clients C1 & C2, connected to Server S1, traffic across the VPN from C1 -> C2 is routed via S1. You could do 3 pairs of p2p tunnels too if you were going to do some dynamic routing on top of it, for instance
16:25 <+pekster> Or not even dynamic routing, just have each node know in advance the static routes for the other networks via the proper interfaces
16:27 <+pekster> Although sometimes you still want to use TLS, just a p2p topology as there are security benefits (!forwardsecrecy)
16:27 < pie_> yeah
16:28 < pie_> i dont understand why you couldnt use the normal crypto stuff with a p2p topology?
16:28 < pie_> or is it just not in the code?
16:44 < Abbott> I am running 'openvpn --dev tun1 --ifconfig 10.8.0.1 10.8.0.2' on my debian box and using the configs given here: https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html but with my server's external ip instead of myremote.mydomain. When I try connecting with the client PC, I can see activity in my ssh console running the openvpn command, but the
16:44 < Abbott> debug box on the client computer gives me "Authenticate/Decrypt packet error: missing authentication info" and the ssh console gives me "write to TUN/TAP : Invalid argument (code=22)"
16:44 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
17:00 <+pekster> pie_: You can. That is TLS mode, p2p topology. Not to be confused with p2p mode, p2p topolgoy
17:01 <+pekster> Ergo the difference
17:01 <+pekster> One is a TLS handshake, which also allows you to push options back and forth, and gives you forward-secrecy provided you limit your TLS cipher-suites to those that provide it (see: !hardening.) p2p encrypts only with a symmetric PSK, which offers no forward-secrecy as there's no DHE or ECDH handshake
17:03 < pie_> !hardening
17:03 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
17:03 < pie_> so to do what I want i would need to run two daemons each with a point to point link?
17:03 <+pekster> Yup. If you use TLS vs statickey is up to you as that will work either way
17:04 < pie_> well actually one p2p and one server mode, the 3rd node being client
17:04  * pie_ sighs
17:04 <+pekster> p2p topology works fine with a client behind RFC1918 NAT Overload
17:05 <+pekster> So does mode p2p for that matter; that's obviously going to initiate the connection, but it works just like any other outbound Internet with unroutable local address space does
17:05  * esde beers pekster 
17:06 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has quit [Ping timeout: 264 seconds]
17:06 < pie_> oh man im in no mood for this
17:06 < pie_> well here we go...
17:06  * esde gives pie_ a chill pill :)
17:07  * pie_ noms
17:08 -!- mikeg3 [~mikeg3@68-191-58-53.dhcp.nwtn.ct.charter.com] has joined #openvpn
17:09 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:11 < mikeg3> Hi I have ESET Cybersecurity Pro (Mac) and OpenVPN will not connect to my VPN service.  I know from testing that the firewall is at fault, my VPN rules are too restrictive.  What should I be allowing so that OpenVPN works?
17:12 <+pekster> The port you're using and all other traffic required by RFC792
17:12 <+pekster> That's it.
17:12 <+esde> But I thought macs don't need AV /s :P
17:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:13 < mikeg3> so probably UDP traffic in both directions on port 1194 should be allowed
17:14 <+esde> he quoted the RFC..
17:14 <+pekster> If that's what you use, sure. There's little reason client's shouldn't dynamically allocate an ephemeral port (read about --nobind in the manpage)
17:14 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has quit [Ping timeout: 256 seconds]
17:14 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has quit [Ping timeout: 264 seconds]
17:14 <+pekster> esde: That's for ICMP (and has more or less nothing to do with OpenVPN)
17:16 <+esde> dont open any ports for a client connection, clients shouldn't need to listen generally
17:16 <+pekster> Failure to follow RFC792 (for IPv4, or RFC4890 for IPv6) leads to much breakage, especially pMTUd
17:21 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has joined #openvpn
17:22 <+esde> mikeg3, just curious, did you mean to make those adjustments in ESET?
17:25 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 240 seconds]
17:26 < mikeg3> esde: Yes was going to make adjustments to ESET
17:26 <+esde> and you have something else, iptables, other firewall/router upstream handling the internet facing wan connection?
17:26 < mikeg3> The odd thing is that ESET autoconfigures for other VPN types, but not OpenVPN.
17:27 <+esde> so long as something else is blocking what would be incoming traffic on port 1194, and that's what ESET needs to work, hell yeah
17:27 < mikeg3> Yes I have a cable gateway, firewall off on the gateway
17:28 <+esde> sounds like an ISP provided hardware
17:28 < mikeg3> no I bought the gateway myself Motorola SBG6580
17:28 <+esde> Oh. Xfinity gateways suck  at "firewalling"
17:29 < forgotten> Hello all.  I recently upgraded my OpenBSD 5.6 server to OpenBSD 5.7.  Since then i am recieving the "MULTI: bad source address from client:  Packet Dropped" messages when attempting to utilze my VPN.  Nothing has changed on the client / server config.  Only difference is openvpn 2.3.2 package was upgraded to 2.3.6.   Any ideas what could be causing the bad source address problem from clients?   I attempted to fix with the ccd folder and creating file per cl
17:29 <+esde> If you open 1194 with ESET what is stopping traffic you dont want from coming in also, is my question
17:32 < mikeg3> I am using the ESET in Automatic Mode with Exceptions...OpenVPN is what I am trying to allow.  If I shut ESET firewall completely off, the VPN works, so I know I must be missing something in my rules...besides port 1194
17:33 <+esde> I have to run
17:39 -!- mikeg3 [~mikeg3@68-191-58-53.dhcp.nwtn.ct.charter.com] has quit [Quit: Leaving]
17:40 -!- Janos [~cramos@190.113.106.60] has quit [Quit: Ex-Chat]
17:46 -!- raidz [~raidz@openvpn/corp/admin/andrew] has left #openvpn []
17:46 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn
17:46 -!- mode/#openvpn [+o raidz] by ChanServ
17:48 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:52 <+pekster> forgotten: Usually that's the client being stupid and attempting to source from an address that it has not been assigned. Ideally fix your (broken) client's source-selection mechanism or neuter the offending program generating the invalid packets. Optionally just ignore it, perhaps by using --verb 3 (which IIRC hides the noise)
17:54 -!- dazo is now known as dazo_afk
17:59 < Abbott> I am connected to my VPN but when I check what my ip is with a whatismyip website, I still have my local IP. Is that supposed to happen? I'm trying to route all my traffic through my VPN
18:00 < forgotten> pekster: that would be great if internet access were actually being delivered to my clients.
18:00 < forgotten> pekster: this is happening on Android client, and windows client 7 client.
18:01 < forgotten> i wouldn't happily ignore the verb 5 messages
18:01 < forgotten> pekster: can you elaborate on my clients source selection mechanism and how i might fix it?
18:03 <+pekster> Basic rules of networking: you can't use an address that isn't on the link you're attempting to use
18:03 <+pekster> In tun mode with OpenVPN, it is a direct violation of a client to use anything besides the address it has been issued, or one covered by an --iroute
18:03 < forgotten> this only happened after upgrading OS version.
18:03 <+pekster> So, don't do that
18:03 < forgotten> configs haven't changed at all
18:04 < forgotten> everything used to work just fine with the server pushing DNS and default GW to the clients
18:04 <+pekster> What's "broken" exactly? Just the error messsage? That's good news since you can ignore it
18:04 < forgotten> nope
18:04 < forgotten> I HAVE NO INTERNET ACCESS WHEN CONNECTED TO VPN
18:04 < forgotten> is the problem.
18:05 <+pekster> Then say that, not some worthless diagnostic message
18:05 <+pekster> !redirect
18:05 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
18:05 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
18:05 <+pekster> Flowchart for you to fix your issue
18:05 < forgotten> i wouldn't have ever noticed the messages if everything was working as i usually keep the server config at a verb 3.
18:06 < forgotten> ya all that is good, nothing changed.
18:07 <+pekster> If it's all good then it works. Flowchart tells you where it's broken, if you follow it
18:07 <+pekster> "all good" on the flowchart means you have no problem, so you might want to try harder
18:07 < forgotten> heh
18:08 < forgotten> and your answer is, just ignore the logs, it's fine.
18:08 < forgotten> thanks for all the amazing help pekster
18:25 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
18:25 < fearnothing> why might I be getting constant repeated syslog events like so:
18:25 < fearnothing> openvpn[81405]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
18:26 < fearnothing> openvpn[81405]: MANAGEMENT: CMD 'status 2'
18:26 < fearnothing> openvpn[81405]: MANAGEMENT: CMD 'quit'
18:26 < fearnothing> openvpn[81405]: MANAGEMENT: Client disconnected
18:26 < fearnothing> just that ^ repeated over and over.
18:27 < fearnothing> as far as I can tell, everything else about my openvpn connection is working, but that message is spamming me constantly
18:27 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
18:27 <+pekster> Then go fix the API that's connecting to your socket and have it stop doing that
18:28 <+pekster> https://github.com/OpenVPN/openvpn/blob/v2.3.6/doc/management-notes.txt
18:28 <@vpnHelper> Title: openvpn/management-notes.txt at v2.3.6 · OpenVPN/openvpn · GitHub (at github.com)
18:28 -!- dukebarman [~dukebarma@91.226.164.63] has quit []
18:29 < fearnothing> ok so this will be something specific to pfsense I guess?
18:29 < fearnothing> since that's how I'm running it
18:29 <+pekster> Whatever the Unix-socket domain client you're using to ocnnect to "/var/etc/openvpn/server1.sock" is
18:29 <+pekster> That's not something OpenVPN ships with. The API is documented at the link I gave you, but the "client" "spamming" you is not
18:30 <+pekster> So yea, ask downstream
18:30 < fearnothing> well, the only client I've intentionally connected was a windows one
18:30 < fearnothing> and I know what the logs from that look like, this ain't it.
18:30 <+pekster> No, the API client
18:30 <+pekster> Unix domain sockets are only valid on the same host
18:30 < fearnothing> oh ok
18:30 < fearnothing> well then, gotta be pfsense.
18:30 < fearnothing> I'll post on the forums
18:30 < fearnothing> thanks :)
18:35 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
19:18 -!- s7eele [~AndChat52@208.167.254.112] has quit [Quit: Bye]
19:21 -!- s7eele [~AndChat52@208.167.254.112] has joined #openvpn
19:52 -!- forgotten [~forgotten@wmfb.co] has quit [Remote host closed the connection]
19:55 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:18 -!- docmur [~andrew@76.65.195.178] has joined #openvpn
20:19 < docmur> Hey guys, maybe a stupid question but lets say I give someone a client key to my openvpn, do they need anything else in order to "use" my network such as a user account, passwords and etc..?  Or would giving them a client key be an open door party invitation
20:21 <+esde> depends on the configuration, but it would be possible
20:23 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
20:26 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 252 seconds]
20:26 -!- ljvb [~jason@us.vps.vanbrecht.com] has quit [Ping timeout: 264 seconds]
20:32 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
20:52 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 252 seconds]
21:04 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
21:13 -!- docmur [~andrew@76.65.195.178] has quit [Quit: Lost terminal]
21:21 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Read error: Connection reset by peer]
21:21 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
21:28 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Quit: idafyaid]
21:49 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
21:50 < mumixam> is it possible to put the tls-auth key in the config?
21:50 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
21:50 < mumixam> like how <ca></ca> and <key></key> is done
21:50 <@Eugene> Yup. <tls-auth>
21:50 < mumixam> how do you do the 2nd parameter
21:50 <@Eugene> "INLINE FILE SUPPORT" in the man page says so, even
21:50 < mumixam> like 0 and 1 for server/client
21:51 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
21:51 <@Eugene> Direction is optional;' don't specify it on either end
21:51 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn []
21:51 < mumixam> hm ok
21:51 < mumixam> i gave it a try but it didnt want to work ill play some more thx
21:59 < Patuck> Hi, I am trying to create a OpenVPN network (tap) of about 10 clients and 3 servers.
21:59 < Patuck> I want the servers to act as redundant failovers ie if server 1 fails 2 and 3 will take over.
21:59 < Patuck> I understand that defining multiple servers in the client config allows the client to connect to a server at random and try a different server if the connection fails.
22:00 < Patuck> My problem is my application requires all clients to be on the same broadcast domain.
22:00 < Patuck> Is it possible to setup OpenVPN in such a way that client x on server 1 sees client y on server 2 as being on the same broadcast domain?
22:01 < Patuck> If so how would I go about setting something like this up?
22:07 -!- krthnz [~quassel@unaffiliated/krthnz] has joined #openvpn
22:17 -!- Dropje [~yge@ip4da1148b.direct-adsl.nl] has quit [Ping timeout: 264 seconds]
22:18 <+pekster> mumixam: --key-direction
22:20 < mumixam> ok thanks
22:30 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 256 seconds]
22:32 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
22:41 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Ping timeout: 240 seconds]
22:42 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
22:43 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
22:43 < TyrfingMjolnir> I openvpn client running, I also have a server.conf file in the same folder, how can I launch this server.conf file?
22:52 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 246 seconds]
22:55 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
23:14 < mumixam> openvpn --config server.conf
23:14 < mumixam> you trying to autostart it via initd?
23:14 < mumixam> depending on your distro you can edit /etc/default/openvpn and list which configs it should auto run
23:17 -!- Isai [Agent_Isai@unaffiliated/agentisai] has joined #openvpn
23:30 <@Eugene> !download
23:30 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
23:38 -!- ShadniX [dagger@p5481DA39.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:39 -!- ShadniX [dagger@p5481D552.dip0.t-ipconnect.de] has joined #openvpn
23:52 <@Eugene> Interesting bug in the openvpn installer: it fails to complete if the installer is called "openvpn.exe"
23:52 <@Eugene> I assume this is because of a naive check for running process names
23:52 <@Eugene> It claims that "Openvpn is currently running"
23:53 <@Eugene> Backstory: I'm installing on a Server 2012 R2 Core headless machine.... so `wget` and iexplore don't exist. I used `Invoke-WebRequest http://blahblahblah/openvpn-version.exe -OutFile c:\openvpn.exe`
23:53 <@Eugene> And then launched it appropriately
23:54 <@Eugene> Renaming to openvpn-installer.exe, everything is happy
--- Day changed Tue May 12 2015
00:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
00:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
00:28 < TyrfingMjolnir> mumixam: openvpn --config server.conf&
00:28 < TyrfingMjolnir> ?
00:30 < TyrfingMjolnir> Eugene: Will `Invoke-WebRequest http://blahblahblah/openvpn-version.exe -OutFile c:\openvpn-installer.exe` still have the same error?
00:30 <@Eugene> No, that saves it with a different URL
00:31 < TyrfingMjolnir> But will this give the same error?
00:31 < TyrfingMjolnir> Or is the error from something statically typed?
00:32 < TyrfingMjolnir> Or the cache of Invoke-WebRequest?
00:39 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Quit: Leaving]
00:50 <@Eugene> The error is from searching naively for "openvpn.exe"
00:50 <@Eugene> So it wont' matter, with any other file name
01:04 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:14 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
01:42 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
01:51 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
02:14 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
02:35 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
02:45 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:53 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
02:54 < colo-work> is it possible to set --fragment and --mssfix on ONE side of the connection only, and upgrade the client configs after that? (without breaking connectivity for clients that are presently in working condition?)
02:54 <@Eugene> That sounds like a recipe for brokenness
02:56 < colo-work> well, we won't be able to change ALL client configs in one big swoop...
02:59 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
02:59 -!- mode/#openvpn [+o plaisthos] by ChanServ
03:02 -!- plai [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
03:02 -!- mode/#openvpn [+o plai] by ChanServ
03:03 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Disconnected by services]
03:03 -!- plai is now known as plaisthos
03:15 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:18 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Ping timeout: 245 seconds]
03:18 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Quit: foo!]
03:18 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
03:18 -!- mode/#openvpn [+o plaisthos] by ChanServ
03:24 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
04:11 -!- jeroenimo [~jeroenimo@Aircrack-NG/Friend/jeroenimo] has joined #openvpn
04:28 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
04:39 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has joined #openvpn
04:43 -!- dazo_afk is now known as dazo
04:44 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 252 seconds]
04:45 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
04:49 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Max SendQ exceeded]
04:50 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
04:50 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
04:52 -!- fenixfunk5 [~fenix@mail.lbathivel.com] has joined #openvpn
04:52 -!- BtbN [btbn@btbn.de] has joined #openvpn
04:53 < fenixfunk5> !welcome
04:53 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:53 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:53 < fenixfunk5> !interface
04:53 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For
04:53 <@vpnHelper> Linux: iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
04:54 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 256 seconds]
04:55 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
05:20 -!- NuxRo [~nux@unaffiliated/nuxro] has joined #openvpn
05:21 < NuxRo> hi, is there a way to run a script on the server once a client connects (to set up some firewall rules)? can anyone point me in the right direction?
05:24 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 246 seconds]
05:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
05:50 < markkp> maybe this? https://openvpn.net/index.php/access-server/docs/admin-guides-sp-859543150/howto-commands/411-access-server-post-auth-script.html
05:50 <@vpnHelper> Title: Access Server Post-Auth Script/Host Checking (at openvpn.net)
05:50 < markkp> Nuxro
05:50 < markkp> NuxRo
05:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:58 -!- TyrfingMjolnir [~Tyrfing@bb219-74-193-117.singnet.com.sg] has joined #openvpn
06:02 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
06:03 -!- robert83a1 [~robert83a@gate.teutoglas.de] has joined #openvpn
06:04 < robert83a1> hi all, is it possible to connect to a IPV4 only openVPN server from a ipv6 only client ?
06:04 < robert83a1> (god I hate my isp...)
06:04 < ivali> Hello. I am currently trying to set up a scenario where multiple clients connect to the same openvpn server. Is there a parementer that i can send to the openvpn client to properly  set up the routes - so that 2 machines connected to the vpn could ping each other. Untill now, I was setting up routes (with ip route) manually.
06:07 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
06:08 < ivali> I think i found the answer - putting the route to the server.conf in the server.
06:12 <@dazo> robert83a1: that's like asking if you can get Ethernet access by plugging your cable into a phone socket .... ipv4 and ipv6 are completely different and protocols (which happens to share a lot of the way it works in practice)
06:12 <@dazo> robert83a1: it might be possible if you go through a IPv6 to IPv4 proxy service of some kind
06:13 <@dazo> (like ipv4-in-ipv6 tunneling)
06:13 < robert83a1> @dazo : I realized how stupid the question was, but was not able to undo it :D
06:13 < robert83a1> @dazo : the client is dual stacked
06:14 < robert83a1> @dazo : I have at home ipv4 ...isp stupid gateway system thing... and ipv6
06:14 < robert83a1> @dazo : if I disable ipv6 on client machine... and I install openvpn... it should work ?
06:14 < robert83a1> @dazo : I tried now...could be I am nervous...overlooked something but it's not connecting to the vpn...I can ping the machine ipv4
06:14 <@dazo> yeah, it should in theory work also if you don't disable ipv6 too
06:15 < robert83a1> @dazo : I come from ipv4 nating world... ipv6 freaks me out...
06:15 <@dazo> openvpn uses the protocol you tell it to use ... so for ipv4 ... using --proto tcp-client or --proto udp is enough
06:15 < robert83a1> @dazo : I will try to see if I can get it working
06:15 < robert83a1> I setup protocol tcp
06:16 < robert83a1> 10837 on the client and server tcp...
06:16 <@dazo> if you use tcp6-client or udp6 .... then openvpn will prefer IPv6, but will use IPv4 if IPv6 isn't possible
06:16 < robert83a1> I'lll try again
06:16 < robert83a1> client is proto tcp
06:16 < robert83a1> server is proto tcp-server
06:17 <@dazo> (regarding to to ipv6 ... I'm looking forward to the day we can go back to single-stack, and leave ipv4 behind)
06:17 < robert83a1> I wonder how the heck is the isp doing the ipv4 thing.... I can ping the server
06:17 < robert83a1> but it wont connect to the port...
06:18 <@dazo> it sounds like a firewall issue on the server
06:18 < robert83a1> I will check it with advanced port scanner
06:18 < robert83a1> the server I checked according to shieldsup the prt is open
06:19 <@dazo> robert83a1: run tcpdump on the server ... if you don't see the traffic appearing there, it's a firewall issue
06:19 < robert83a1> it is open
06:20 < robert83a1> I just checked from my windows 7 machine at home
06:20 <@dazo> what does your openvpn server log say then?
06:20 < robert83a1> which I am connected to with teamviewr
06:20 < robert83a1> port 10873 is OPEN
06:20 < robert83a1> its empty...pfff
06:20 < robert83a1> sorry no
06:20 < robert83a1> its not empty
06:20 < robert83a1> there is an ip from the ISP I have at home
06:20 < robert83a1> connection reset restarting
06:20 <@dazo> !logs
06:20 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
06:21 < robert83a1> the server log
06:21 < robert83a1> http://pastebin.com/fKdvgpL1
06:21 < robert83a1> the ip i did not hide, its the ISP gateway...
06:22 <@dazo> that's not verb 4
06:22 < robert83a1> I think OpenVPN tries to talk to ISP gateway...
06:22 < robert83a1> ok sorry I do again
06:22  * dazo brb
06:23 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Quit: Bye!]
06:23 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
06:33 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
06:34 < robert83a1> you are gith
06:34 < robert83a1> dazo
06:34 < robert83a1> I am overlooking something
06:34 < robert83a1> :)
06:34 < robert83a1> I remembered I have another company where I setup OpenVPN earlier
06:34 < robert83a1> they to use ipv4 only server
06:34 < robert83a1> and I connect there back to checking config files...
06:35 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
06:35 -!- fenixfunk5 [~fenix@mail.lbathivel.com] has quit [Ping timeout: 255 seconds]
06:39 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has quit [Read error: Connection reset by peer]
06:39 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has joined #openvpn
06:40  * dazo is curios what the issue was
06:40 < robert83a1> hi, I dont know what I am overlooking
06:41 < robert83a1> http://pastebin.com/2D6WD4bY
06:41 < robert83a1> now it is connecting every time... I enabled both tcp and udp on firewall
06:41 -!- le0 [~le0@unaffiliated/le0] has quit [K-Lined]
06:41 <@dazo> robert83a1: please remove the --mute statement in your config ... it cripples the log
06:42 <@dazo> robert83a1: and increase verb to 5 too
06:43 <@dazo> actually, verb 10 would be good
06:46 <@ecrist> krzee: I know, thanks. :\
06:46 <@dazo> you might also consider to upgrade openvpn to 2.3.6 ... it's not 2.2.2, which is showing its age
06:46 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
06:46 <@dazo> it's *now* 2.2.2
06:47 < robert83a1> http://pastebin.com/kGqsY5S5
06:49 <@dazo> robert83a1: still looks like a firewall issue ... looks like only the first packet gets through, but not the following ones - and then it times out
06:49 < robert83a1> I will check firewall again
06:49 <@dazo> robert83a1: please pastebin the output of iptables-save
06:49 < robert83a1> this is very strange config is almost identical with working server
06:49 < robert83a1> unfortunately it is gateprotect here :D
06:49 < robert83a1> fuck german sicherheit
06:50 <@dazo> heh
06:50 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has quit [Read error: Connection reset by peer]
06:50 < robert83a1> (me hates Gateprotect Firewall.... )
06:50 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has joined #openvpn
06:50 < robert83a1> I will re-check the firewall settings... it is GUI drag n drop
06:53 < robert83a1> crap
06:53 < robert83a1> CRAP!!!!!
06:53 < robert83a1> the client
06:53 < robert83a1> aaaaaaaa
06:53 < robert83a1> it works
06:53 < robert83a1> jfdklsajflaskjda
06:54 < robert83a1> I put the client ca files into a dir
06:54 < robert83a1> I specified the path
06:54 < robert83a1> but forgot ca.key ca.crt
06:54 < robert83a1> thank you anyway, this is what happens if you get nervous...
06:54 < robert83a1> back to the theme another question
06:55 < robert83a1> I dont understand
06:55 < robert83a1> why does OpenVPN work this way
06:55 <@dazo> the ca files, except ca.crt should never ever be located in any servers or clients (only where you do CA administration, like signing new certs)
06:55 < robert83a1> why does not PP2P work
06:55 < robert83a1> what is the difference
06:55 <@dazo> it's a completely different protocol
06:55 < robert83a1> this gateprotect device has a  VPN server as well... it wont allow connections...
06:56 < robert83a1> since I have ipv6 ipv4 (DS LIte ) at home...
06:56 < robert83a1> well this is also a solution
06:56 < robert83a1> if it works good
06:56 < robert83a1> I think the ISP is overreacting
06:56 < robert83a1> now I need to figure out how to firewall at home
06:56 < robert83a1> in ipv6 world the /128 address is the gateway ?
06:57 <@dazo> The /128 means a single IPv6 address
06:57 <@dazo> The /-notation is the netmask
06:57 < robert83a1> sorry wrongly formulated
06:57 < robert83a1> that means 128 is the gateway
06:57 <@dazo> nope
06:57 <@dazo> In IPv4 ... 192.168.0.0/255.255.255.0 == 192.168.0.0/24
06:57 < robert83a1> yep I get that one
06:58 <@dazo> so /128 means a single IPv6 address ... nothing more, nothing less
06:58 < robert83a1> you mean /128 is like /32 in ipv4
06:58 <@dazo> yeah
06:58 < robert83a1> wohooo :D
06:58 < robert83a1> I am learning
06:58 < robert83a1> sorry it is hard to find good material
06:58 < robert83a1> I am trying to figure out
06:58 < robert83a1> how can I somehow firewall my home network
06:58 < robert83a1> I dont like the idea of having all my devices unfiltered ipv6 addresses to the internet
06:59 < robert83a1> the horror
06:59 <@dazo> IPv6 is in fact much simpler than IPv4 on that part ... there is no network addres, there is no broadcast address ... just plain hosts
07:00 <@dazo> Automatic configuration is resolved by a broad variety of ICMPv6 packets ... which does much of what ARP does in IPv4
07:01 < robert83a1> that is the part which confused me on normal ipv4 network even without NAT
07:01 < robert83a1> there is a subnet 192.168.0.0
07:01 < robert83a1> 192.168.1.0
07:01 < robert83a1> to access 0.0 you need a gateway
07:01 < robert83a1> then you can on the router do iptables rules to block certain ports etc... or hosts
07:01 < robert83a1> if each computer is a host...without the need of a gateway
07:01 < robert83a1> how does one filter traffic ?
07:02 < robert83a1> (I though quick about putting  a bridge inbetween the local computers and the internet... )
07:02 <@dazo> In IPv4, the gateway doesn't have to be 0.1 ... 0.0 is the network address (if we're talking (/16 subnet)
07:02 < robert83a1> I am talking about /24 255.255.255.0
07:02 < robert83a1> then you need a gateway in each subnet
07:02 <@dazo> then you have just .0 which is the network address
07:03 <@dazo> and the gateway can be whichever between .1 and .254
07:03 < robert83a1> on ipv4 I understand, and I can set iptables rules on the router
07:03 <@dazo> most commonly it is .1 ... but it's no requirement
07:03 < robert83a1> in ipv6 network
07:03 < robert83a1> how do you do this
07:03 < robert83a1> if there are no routers...
07:04 <@dazo> there are routers there too
07:05 < robert83a1> ok I think I am total newbie with this...on my current router at home... following ipv6 address is listed
07:05 < robert83a1> fe80::5a23:8cff:fe14:XXX/64
07:05 <@dazo> the simplest setup is a stateless configuration .... which means each client will have an automated random IPv6 address .... in Linux, the "security bits" is turned off, so it consists of parts of the MAC address.  Windows (and probably OSX) have security bits turned on, which means it is more random
07:05 < robert83a1> 2a02:908:2200:1:d4b6:7b87:cbff:XXX/128
07:05 < robert83a1> and this one right bellow it
07:05 <@dazo> in addition, you have segments of IPv6 address
07:05 < robert83a1> what does it mean I have a subnet /64 for me
07:05 < robert83a1> and the 128 is the ISP side ?
07:05 < robert83a1> or the ROUTER side ?
07:06 < robert83a1> ( I cant help but talk in Gateways...)
07:06 <@dazo> fe80::5a23:8cff:fe14:XXX ... that is a link-local ... which is kind of a isolated IPv6 network which is not routeable ... here all the configuration stuff happens and often host-to-host communication in the same physical network
07:06 < robert83a1> oh that is like my local subnet ....
07:06 <@dazo> 2a02:908:2200:1:d4b6:7b87:cbff:XXX ... that is an global address, which is used when you go outside your own network
07:07 < robert83a1> (only it is still public)
07:07 < robert83a1> if one would put a firewall after this router (let it be linux )
07:07 < robert83a1> with 2 ethernet cards
07:08 < robert83a1> ethernet card for internet (router) side should have which ip ?
07:08 <@dazo> that's an easy task
07:08 < robert83a1> fe80 ?
07:08 < robert83a1> (think I am complicating this....)
07:08 <@dazo> All interfaces must have a link-local address
07:08 <@dazo> and then you segment the global IPv6 addresses
07:09 <@dazo> normally you get a /48 or /56 subnet ... and you provide each network zone with a /64
07:09 <@dazo> it's not really recommended to assign smaller subnets thant /64 ... as that will make stateless autoconfig disfunctional
07:10 < robert83a1> ohhhh ,... so I can internally segment the ipv6
07:10 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
07:10 < robert83a1> then I have my networks
07:10 <@dazo> yes
07:10 < robert83a1> ok tldp.org here I come
07:10 < robert83a1> the rest is a must learn definition...to understand more detaild
07:10 < robert83a1> I will then at home try it out with virtual machines :D
07:10 <@dazo> I just quickly looked through a few steps here .... looks reasonable http://www.tutorialspoint.com/ipv6/index.htm
07:10 <@vpnHelper> Title: IPv6 Tutorial (at www.tutorialspoint.com)
07:10 < robert83a1> thank you for explaining
07:11 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has quit [Ping timeout: 256 seconds]
07:11 < robert83a1> very much
07:11 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has joined #openvpn
07:11 < robert83a1> guess I should have started learning it sooner
07:11 < robert83a1> but it is never to late :)
07:12 <@dazo> When learning IPv6 ... don't do the mistake I did by trying to make IPv6 be like IPv4 .... try to clear your mind from IPv4 completely, then it goes fairly easy to learn
07:12 < robert83a1> yeah, that is the hard part
07:12 < robert83a1> I see subnets, gateways, NATING :D
07:13 < robert83a1> Ill try to give myself time
07:13 < robert83a1> my biggest problem is , that it is impossible to notice the numbers anymore
07:13 <@dazo> also check out https://www.tunnelbroker.net/ ... they have some awesome resources, and let you test what you've learned through the "certification"
07:13 <@vpnHelper> Title: Hurricane Electric Free IPv6 Tunnel Broker (at www.tunnelbroker.net)
07:13 < robert83a1> I am was accustomed to remembering the main ip addresses, ranges, I used... use
07:13 <@dazo> (nothing official, but they really test what you did the right things on your own stuff)
07:14 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
07:16 < robert83a1> thank you
07:17 <@dazo> with IPv6 ... you just need DNS ;-)
07:27 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
07:28  * esde still needs to get around to setting up ipv6 openvpn...
07:30 <@dazo> esde: once you have IPv6 running ... enabling IPv6 in openvpn is a breeze
07:36 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
07:47 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
07:48 -!- caliculk [~caliculk@unaffiliated/caliculk] has quit [Ping timeout: 265 seconds]
07:50 -!- TyrfingMjolnir [~Tyrfing@bb219-74-193-117.singnet.com.sg] has quit [Quit: Searching for Waimea]
07:53 -!- caliculk [~caliculk@unaffiliated/caliculk] has joined #openvpn
07:57 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has quit [Read error: Connection reset by peer]
07:57 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has joined #openvpn
07:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:01 < skyroveRR> Hello all, does the easy rsa script that ships with openvpn's source work only for openvpn or can it be used for creating CAs for just about any other TLS enabled server as well?
08:04 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
08:05 <@dazo> skyroveRR: it can be used for any CA stuff you'd like ... but I'd double-check the scripts, just to ensure it doesn't set some flags you don't want
08:05 <@dazo> easy-rsa 2.x scripts all build around the master pki-tool script ... which again uses openssl
08:06 <@dazo> that said ... checkout the next gen easy-rsa ... which is supposedly far better ... https://github.com/OpenVPN/easy-rsa/
08:06 <@vpnHelper> Title: OpenVPN/easy-rsa · GitHub (at github.com)
08:06 < skyroveRR> dazo: is the git repo stable enough?
08:06 <@dazo> pekster: ^^^   .... I'd say so, yes
08:07 <@dazo> skyroveRR: pekster is one of the maintainers/developers of the 3.x version
08:07 < skyroveRR> Ok :)
08:07 < skyroveRR> Thanks for replying, dazo
08:17 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Quit: Leaving]
08:28 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
08:33 < markkp> Hey fellas, I was on last night about some troubles I had with port forwading
08:33 < markkp> I've still got them, I believe esde was helping me
08:34 < markkp> Basically, how would I confirm that a port is "open" on my server?
08:41 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
08:41 -!- JordiGH [~jordi@octave/developer/JordiGH] has joined #openvpn
08:41 < JordiGH> I'm seeing the following when trying to connect: http://codepad.org/yfP1xk2Y
08:41 <@vpnHelper> Title: Plain Text code - 40 lines - codepad (at codepad.org)
08:42 < JordiGH> It just loops endlessly resetting the connection.
08:42 < JordiGH> I ran `openvpn myconfig.ovpn`.
08:43 < JordiGH> Shall I paste the config too?
08:49 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
08:50 < JordiGH> Does it have anything to do with the warning about server certificate verification methods?
08:53 < niel> with my vpn random processes loose connection like games teamspeak etc. * Disconnected (No such device or address) is the error I get on irc and it reconnects within a second
08:53 < niel> nothing shows in logs
09:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
09:01 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Quit: jthunder]
09:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:04 < JordiGH> Huh, I think I see the problem now. I have an existing tun0 network interface.
09:05 < JordiGH> Tue May 12 09:56:01 2015 /sbin/ip route add 192.168.10.0/24 via 192.168.30.1
09:05 < JordiGH> RTNETLINK answers: File exists
09:05 < JordiGH> But I can't just `ifdown tun0`: ifdown: interface tun0 not configured
09:07 -!- AxonetBE [~anonymous@81.83.15.153] has joined #openvpn
09:08 < AxonetBE> I have a file in my ccd folder with my computername : ex solidbot 9 where I put : iroute 10.1.9.0 255.255.255.0 / I have also a monitoring file there where I put iroute 10.1.0.0 255.255.0.0 to see all incoming connections
09:08 < AxonetBE> now when I check my logs I see  10.1.9.2 -> monitoring/5.196.95.92:xxxxx , why is it linked to the monitoring and not to solidbot9?
09:10 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 255 seconds]
09:11 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
09:13 <@krzee> esde, webservers back
09:13  * esde beer for all
09:14 < unicodesnowman> What gateway do I specify for the "default" gateway?
09:15 <@krzee> unicodesnowman,
09:15 < unicodesnowman> eg: I want all traffic BUT traffic for certain IPs to go through my VPN.
09:15 <@krzee> oh ok
09:15 <@krzee> was going to type !goal but now i see
09:15 <@krzee> first you setup like you want it all
09:15 <@krzee> then:
09:15 <@krzee> !route_override
09:15 <@vpnHelper> "route_override" is (#1) https://forums.openvpn.net/viewtopic.php?f=15&t=7161 for how to override --redirect-gateway for a certain subnet or (#2) to see how to make it so the client will still reply to requests to its public ip over the internet and not the vpn see !splitroute
09:15 < unicodesnowman> thank you!
09:15 <@krzee> yw
09:15 -!- JordiGH [~jordi@octave/developer/JordiGH] has quit [Quit: Jacking out]
09:15 <@krzee> basically the trick is net_gateway
09:17 <@krzee> can read about net_gateway variable in --route in the manual
09:17 <@krzee> !forget route_override 2
09:17 <@vpnHelper> Joo got it.
09:18 <@krzee> !learn route_override as you can read about the net_gateway variable in --route in the manual (!man)
09:18 <@vpnHelper> Joo got it.
09:18 <@krzee> !learn route_override as to see how to make it so the client will still reply to requests to its public ip over the internet and not the vpn see !splitroute
09:18 <@vpnHelper> Joo got it.
09:19 -!- AxonetBE_ [~anonymous@ptr-178-50-68-162.dyn.mobistar.be] has joined #openvpn
09:19 -!- AxonetBE [~anonymous@81.83.15.153] has quit [Ping timeout: 244 seconds]
09:19 -!- AxonetBE_ is now known as AxonetBE
09:21 < unicodesnowman> !route_override
09:21 <@vpnHelper> "route_override" is (#1) https://forums.openvpn.net/viewtopic.php?f=15&t=7161 for how to override --redirect-gateway for a certain subnet or (#2) you can read about the net_gateway variable in --route in the manual (!man) or (#3) to see how to make it so the client will still reply to requests to its public ip over the internet and not the vpn see !splitroute
09:21 -!- JordiGH [~jordi@octave/developer/JordiGH] has joined #openvpn
09:21 < JordiGH> Yay, rebooting worked.
09:22 < markkp> Hi guys, can anyone help me with checking if my port is "open"?
09:22 <@krzee> markkp,
09:22 <@krzee> !goal
09:22 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
09:23 -!- JordiGH [~jordi@octave/developer/JordiGH] has left #openvpn []
09:23 <@krzee> whats your actual goal that you think you'll solve by portscanning
09:23 < markkp> Ok so yesterday,  I had with port forwading which I discussed with esde here. He was helpful and we got some other things working, but i'm still not sure that the port is open on my computer
09:23 < markkp> I'm using PIA
09:24 <@krzee> so the vpn is working?
09:24 < markkp> and i'm using a http request which supposedly opens a port on their end for use
09:24 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:24 < markkp> openvpn is all connected up, yes, but how do I confirm openvpn is letting that port through?
09:24 <@krzee> openvpn doesnt block ports
09:24 <@krzee> your firewall would do that
09:24 < markkp> it works using PIA's OS X desktop client, so I know it theoretically works, I guess the problem is with my confirugration or something
09:25 < markkp> I'm doing it on my freebsd box
09:25 < unicodesnowman> markkp, what do yo mean by 'theoretically working'
09:25 <@krzee> if icmp works then openvpn isnt the problem
09:25 < markkp> as far as i'm aware, there's no firewall that I have installed which would block it
09:25 <@krzee> how do you do port forwarding without a firewall?
09:25 < markkp> as in, i'm trying to get transmission torrents working for forwarding the port which it listens on, but it claims the port is shut
09:26 < markkp> if I try it on my mac laptop with their VPN client, it works fine
09:26 < markkp> so I'm guessing the problem is with my config somehow?
09:26 < markkp> there's no firewall which is blocking it afaik, but how would I confirm that?
09:26 < unicodesnowman> the problem is with Transmission / your firewall, not your config.
09:26 <@krzee> the problem isnt openvpn
09:26 < markkp> nmap says it's shut
09:26 -!- AxonetBE [~anonymous@ptr-178-50-68-162.dyn.mobistar.be] has quit [Ping timeout: 256 seconds]
09:26 < unicodesnowman> for a port to be detected as open, something has to be listening on the port.
09:27 < unicodesnowman> are you sure transmission is open and listening on that port?
09:27 -!- robert83a1 [~robert83a@gate.teutoglas.de] has quit []
09:27 < markkp> hmm
09:27 < markkp> ok let me check that
09:29 < unicodesnowman> krzee: since you're an amazing expert: One of my clients report disconnecting sporadically due to 'Inactivity Timeout (--ping-restart)'. However, their connection is still active, they're actively using it. keepalive is set to 10 180.
09:30 < unicodesnowman> Other people having this problem seem to be using the same profile concurrently. I am doing that, but with 'duplicate-cn' enabled, so I don't think the problem is with that. Do you have any ideas on what might be causing it?
09:30 < unicodesnowman> I have been unable to replicate this personally.
09:30 <@krzee> never heard of any related bugs
09:31 < unicodesnowman> thanks, probably an oddity with their network then.
09:31 <@krzee> 180 the client should be waiting til 3mins goes by without a control channel ping
09:32 <@krzee> and 6 mins for the server to notice the client is gone
09:34 -!- AxonetBE [~anonymous@81.83.15.153] has joined #openvpn
09:39 -!- AxonetBE_ [~anonymous@ptr-178-50-68-128.dyn.mobistar.be] has joined #openvpn
09:41 < markkp> Yeah so even when transmission is open and listening on the port, it shows up as closed
09:41 -!- AxonetBE [~anonymous@81.83.15.153] has quit [Ping timeout: 256 seconds]
09:41 -!- AxonetBE_ is now known as AxonetBE
09:41 < markkp> but i haven't installed any firewall or anything, it's a fresh jail
09:42 < unicodesnowman> markkp, do you have a torrent open or anything? PIA would need to do NAT; they'll probably only assign that port to you after you make an outgoing packet from that port.
09:43 < markkp> Well there's an http request that you send to request them to open a port, and it retuns one back
09:43 < markkp> so that's the one i've entered into transmission
09:43 < markkp> but i'll try downolading an ISO, one sec i'll test that
09:44 < unicodesnowman> markkp, I would contact their support, it's not an openvpn issue. openvpn won't interfere with that.
09:45 < markkp> righto
09:45 < markkp> it's just that as I say, when I tried it on my mac it worked fine, so I just assumed that it was on my end
09:45 < markkp> cheers, i'll contact them again
09:46 -!- AxonetBE [~anonymous@ptr-178-50-68-128.dyn.mobistar.be] has quit [Ping timeout: 276 seconds]
09:47 -!- AxonetBE [~anonymous@ptr-178-50-68-128.dyn.mobistar.be] has joined #openvpn
09:47 -!- jthunder [~jthunder@184.151.222.113] has joined #openvpn
09:48 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
09:54 < markkp> Aha! Okay, I've got it working
09:54 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
09:55 < markkp> I'm not sure how many other people will run into this issue, but just incase - the guide for requesting the port is unclear
09:55 < markkp> I was sending the wrong IP.
09:56 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Remote host closed the connection]
09:56 < unicodesnowman> heh. glad it's solved :)
09:58 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
10:00 -!- AxonetBE [~anonymous@ptr-178-50-68-128.dyn.mobistar.be] has quit [Ping timeout: 240 seconds]
10:01 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 256 seconds]
10:01 -!- AxonetBE [~anonymous@81.83.15.153] has joined #openvpn
10:02 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
10:13 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:16 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has quit [Read error: Connection reset by peer]
10:16 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has joined #openvpn
10:17 -!- tdn [~tdn@syrah.adora.dk] has joined #openvpn
10:18 -!- NuxRo [~nux@unaffiliated/nuxro] has left #openvpn []
10:18 -!- jthunder [~jthunder@184.151.222.113] has quit [Quit: jthunder]
10:19 < tdn> Is there a way to force clients to use the VPN connection once it is set up? I have a problem, that when I establish the VPN connection all new connections are made through VPN, however, some connections go through the normal connection..
10:19 < tdn> I guess this is a routing problem really.
10:19 < tdn> I push the default gateway to the clients through dhcp.
10:19 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
10:38 <+pekster> skyroveRR: Yup, go for it. My intent is to have mostly-stable point-branches (like stable-3.0, stable-3.1) but until then, master should be plenty stable. Sketchy stuff is on isolated branches for now
10:40 -!- AxonetBE [~anonymous@81.83.15.153] has quit [Quit: AxonetBE]
10:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
10:49 -!- markkp [~markkp@host86-182-47-137.range86-182.btcentralplus.com] has left #openvpn []
10:56 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 264 seconds]
10:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:59 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
11:03 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 264 seconds]
11:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
11:05 < skyroveRR> pekster: thanks for the assurance :)
11:21 -!- sysanthrope [~sysanthro@67.22.16.130] has joined #openvpn
11:25 -!- idoit [~idiot41@d53-64-104-202.nap.wideopenwest.com] has joined #openvpn
11:31 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
11:39 -!- sysanthrope [~sysanthro@67.22.16.130] has quit [Remote host closed the connection]
11:52 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
12:02 -!- Netsplit *.net <-> *.split quits: shootbird, Denial-, mete, s7eele, Poster, Eagleman, nullsign, +hazardous
12:03 -!- Netsplit over, joins: Eagleman
12:05 -!- Netsplit over, joins: shootbird
12:06 -!- Netsplit over, joins: Poster
12:06 -!- Netsplit over, joins: mete, hazardous
12:06 -!- mode/#openvpn [+v hazardous] by ChanServ
12:07 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 252 seconds]
12:21 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
12:33 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 245 seconds]
12:39 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
12:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
13:01 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
13:05 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
13:05 -!- zmachine [uid53369@gateway/web/irccloud.com/x-ccsdsvakaypzbjqx] has joined #openvpn
13:15 -!- dazo is now known as dazo_afk
13:17 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
13:17 -!- mode/#openvpn [+v s7r] by ChanServ
13:49 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
13:49 -!- s7r_t [debian-tor@openvpn/user/s7r] has joined #openvpn
13:49 -!- mode/#openvpn [+v s7r_t] by ChanServ
13:51 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 265 seconds]
13:51 -!- s7r_t is now known as s7r
13:53 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
13:54 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
13:56 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
14:54 -!- elfixit [~Icedove@90.200.176.87] has joined #openvpn
14:55 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
14:59 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: Connection reset by peer]
15:02 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
15:12 -!- jnz [~jnz@unaffiliated/jnz] has joined #openvpn
15:12 < jnz> o/
15:14 < jnz> !sockd
15:14 <@vpnHelper> "sockd" is if you want !routebyapp you can use this dante config www.ircpimps.org/sockd.conf but BE SURE TO ONLY RUN THIS ON THE INTERNAL VPN IP! otherwise you will be an open proxy. that config has no security because its expected to run inside openvpn
15:14 < jnz> url isnt working :\
15:15 <+esde> ha ircpimps
15:16 -!- zmachine [uid53369@gateway/web/irccloud.com/x-ccsdsvakaypzbjqx] has quit [Quit: Connection closed for inactivity]
15:23 <@krzee> ya my servers been down hella long
15:23 <@krzee> you'll have to configure it yourself :-p
15:26 -!- jeroenim0 [~jeroenimo@Aircrack-NG/Friend/jeroenimo] has joined #openvpn
15:27 -!- jeroenimo [~jeroenimo@Aircrack-NG/Friend/jeroenimo] has quit [Ping timeout: 264 seconds]
15:27 -!- jeroenim0 is now known as jeroenimo
15:46 -!- greg___ [433494b6@gateway/web/freenode/ip.67.52.148.182] has joined #openvpn
15:48 -!- jeroenimo [~jeroenimo@Aircrack-NG/Friend/jeroenimo] has quit [Quit: jeroenimo]
15:48 < greg___> Hi, I have an OpenVPN server running on a Ubuntu EC2 instance. It is sitting in front of a webserver. Requests to the webserver without VPN take about 500ms, whereas when accessing through the VPN the same request is about 5 seconds. I'm basically using the default config with a few small changes so that clients can access all machines within the private network. Does anybody have any suggestions on config changes that may improve t
15:49 <+esde> No, we have no suggestions on how to improve t.
15:50 <+esde> also please see !welcome
15:50 < greg___> !welcome
15:50 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:50 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:51 <+esde> we'll need !configs and possibly !logs too, in order to assist
15:51 < greg___> I understand VPN is an additional layer and can be a bottleneck, but taken at face value... can you tell me if you can reasonably expect that it could be improved?
15:52 <+esde> No. not without the information I just requested
15:52 < greg___> !cnofigs
15:52 < greg___> !configs
15:52 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:55 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
15:55 -!- AxonetBE [~anonymous@81.83.15.153] has joined #openvpn
15:56 -!- jnz [~jnz@unaffiliated/jnz] has quit []
16:05 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
16:22 -!- jnz [~jnz@unaffiliated/jnz] has joined #openvpn
16:22 < jnz> o/
16:24 -!- niel [niel@om.nom.nom.coooki.es] has quit [Max SendQ exceeded]
16:27 -!- greg___ [433494b6@gateway/web/freenode/ip.67.52.148.182] has quit [Quit: Page closed]
16:27 -!- AxonetBE [~anonymous@81.83.15.153] has quit [Quit: AxonetBE]
16:37 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
16:39 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 272 seconds]
16:41 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
16:51 -!- pqatsi [~leonardo@unaffiliated/leleobhz] has joined #openvpn
16:51 < pqatsi> its possible a machine with server certificate to connect as client to a vpn?
16:52 < pqatsi> (easyrsa3 server-full)
16:53 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
16:58 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 264 seconds]
17:08 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Quit: Where am I going ?!?!]
17:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:11 -!- voidstar [~voidptr@unaffiliated/voidstar] has quit [Ping timeout: 256 seconds]
17:11 -!- voidstar [~voidptr@unaffiliated/voidstar] has joined #openvpn
17:22 -!- Isai [Agent_Isai@unaffiliated/agentisai] has quit [Quit: Logging Off...]
17:23 -!- Isai [Agent_Isai@unaffiliated/agentisai] has joined #openvpn
17:29 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:36 -!- nutron [~nutron@unaffiliated/nutron] has quit [Quit: I must go eat my cheese!]
17:37 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
17:41 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 252 seconds]
17:43 -!- Latrina [~Latrina@ppp-138-34.26-151.libero.it] has quit [Ping timeout: 272 seconds]
17:52 -!- jnz [~jnz@unaffiliated/jnz] has quit []
17:56 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
18:17 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
18:17 -!- mode/#openvpn [+v s7r] by ChanServ
18:23 < pie_> I can ping hosts on my vpn and I have routes set up properly afaict but i cant ping hosts on the remote side of my vpn, what could play a part?
18:23 < pie_> the firewall is permissive, do i need to enable something?
18:24 < pie_> forwarding is on
18:25 < pie_> what i find odd is i have 3 nodes, one is the vpn server C, two are clients A and B, hosts behind A can access hosts behind C, but B cannot
18:26 < pie_> ping 192.168.82.1 ;; PING 192.168.82.1 (192.168.82.1) 56(84) bytes of data. ;; From 10.0.90.1: icmp_seq=1 Redirect Host(New nexthop: 10.0.90.18)
18:26 < pie_> 192.168.82.1 is A, 10.0.90.1 is C
18:26 < pie_> this ping is being run on B
18:32 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
18:34 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:39 < pie_> im pretty sure C is at fault
18:40 < pie_> A dont get why A can go through C but B cant
18:46 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
18:51 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: Connection reset by peer]
19:08 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
19:12 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 240 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:23 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 256 seconds]
19:25 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
19:25 -!- elfixit [~Icedove@90.200.176.87] has quit [Ping timeout: 258 seconds]
19:34 -!- wiflix [~wiflix@ip1f113911.dynamic.kabel-deutschland.de] has joined #openvpn
19:34 < wiflix> hey
19:35 < wiflix> keep getting this:  TLS Error: TLS key negotiation failed to occur within 60 seconds :-/ on the server side it looks like this
19:35 < wiflix> TLS: Initial packet from [AF_INET]x.x.x.x:50, sid=a9bf0acd a19d7074
19:35 < wiflix> WRRWWWWRWRWRWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWR
19:37 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
19:37 <+pekster> pqatsi: Depends a bit on how you're enforcing verification on the server; most environments likely do not need to validate that a client isn't a server, though many do. IOW, just leave the --remote-cert-tls option off the server and it should work
19:38 <+pekster> pqatsi: Otherwise, you might need to set the EKU options to require a bit more directly rather than rely on the helper-option I noted above. easyrsa lets you configure your own extension files (so, instead of signing as a "server", you could make a "serverclient" extension with both of them, though you still need to enforce checks of them by EKU requirements correctly in OpenVPN)
19:40 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
19:41 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
19:43 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
19:47 < wiflix> tls timeout :-/ any ideas? http://pastebin.com/qMduEgQ4
19:54 -!- wiflix [~wiflix@ip1f113911.dynamic.kabel-deutschland.de] has quit [Ping timeout: 272 seconds]
20:06 -!- nandop [ad4ddd51@gateway/web/freenode/ip.173.77.221.81] has joined #openvpn
20:06 < nandop> hey anyone know how to use 2fa with openvpn client on linux (the way viscosity does it on osx/windoze)?
20:06 < nandop> google-authenticator
20:08 < nandop> ???
20:08 < nandop> no one around?
20:11 <@ecrist> what's up?
20:29 <@ecrist> nandop: You'll have to build it in yourself, I'm guessing.
20:30 <@ecrist> The concept sounds pretty neat, but I'm not sure anyone's done a detailed write-up or how-to on setting it up.
20:31 <+esde> !two-factor
20:31 <+esde> !googleauth
20:31 <@vpnHelper> "googleauth" is http://securityskittles.wordpress.com/2012/03/14/two-factor-authentication-for-openvpn-on-centos-using-google-authenticator/
20:31 <@ecrist> well then, there you go
20:37 <@ecrist> esde++
20:37 <+esde> :)
22:39 -!- idoit [~idiot41@d53-64-104-202.nap.wideopenwest.com] has left #openvpn []
22:50 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 255 seconds]
22:53 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
23:10 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
23:10 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 272 seconds]
23:38 -!- ShadniX [dagger@p5481D552.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:39 -!- ShadniX [dagger@p5481D236.dip0.t-ipconnect.de] has joined #openvpn
23:46 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
--- Day changed Wed May 13 2015
00:08 -!- ir2ivps4 [~ir2ivps4@158.85.162.249-static.reverse.softlayer.com] has quit [Remote host closed the connection]
00:17 -!- crus` [~crusader@124-171-51-25.dyn.iinet.net.au] has quit [Ping timeout: 264 seconds]
00:17 -!- Agent_Is- [Agent_Isai@unaffiliated/agentisai] has joined #openvpn
00:20 -!- kloeri_ [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
00:24 -!- hive-mind [pranq@mail.bbis.us] has quit [Disconnected by services]
00:25 -!- zmachine [uid53369@gateway/web/irccloud.com/x-tpwedrmnzoorjofc] has joined #openvpn
00:25 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
00:26 -!- ir2ivps4 [~ir2ivps4@158.85.162.249-static.reverse.softlayer.com] has joined #openvpn
00:27 -!- Netsplit *.net <-> *.split quits: kloeri, jthunder, someone, shio, dyce, Isai, cryptfu
00:41 -!- Netsplit over, joins: jthunder
01:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:31 -!- zalami_ [~realnameo@unaffiliated/zalami] has joined #openvpn
01:32 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 250 seconds]
01:44 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
01:45 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Read error: Connection reset by peer]
01:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:13 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:28 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:41 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
02:46 -!- dazo_afk is now known as dazo
02:46 -!- zmachine [uid53369@gateway/web/irccloud.com/x-tpwedrmnzoorjofc] has quit [Quit: Connection closed for inactivity]
02:55 -!- Sollidius [M@qls.lsh.uli.sollidi.us] has joined #openvpn
02:55 < Sollidius> hey guys. was trying to connect to my openvpn from school but got TSL handshake erros
02:56 < Sollidius> after looking at the logs it occured to me that the openvpn server send the packets to another IP address than my public IP
02:56 < Sollidius> any idea how to fix this ?
03:45 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
03:46 -!- sysanthrope [~sysanthro@209.37.255.2] has joined #openvpn
03:52 -!- sysanthrope [~sysanthro@209.37.255.2] has quit [Remote host closed the connection]
03:53 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
04:18 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
04:19 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
04:19 -!- mode/#openvpn [+v s7r] by ChanServ
04:29 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
04:44 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
05:03 <@dazo> Sollidius: well, use the right IP address .... openvpn doesn't decide to use unexpected ip addresses
05:04 < Sollidius> huh?
05:04 < Sollidius> it's NAT on client side dazo
05:05 <@dazo> that's not what you wrote initially .... "openvpn server send the packets to another IP address than my public IP"
05:05 < Sollidius> well that too
05:05 < Sollidius> if i search my IP via browser
05:05 < Sollidius> i get X
05:06  * dazo need to run ... lunch time
05:06 < Sollidius> but when i look at openVPN logs it tries a TSL handshake with Y
05:06 <@dazo> that's not an openvpn issue
05:06 < Sollidius> bonnen apetit dazo
05:06 <@dazo> that's a network/nat issue
05:06  * dazo really runs
05:08 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
05:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
05:24 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 245 seconds]
05:24 -!- swebb [~swebb@192.69.22.173] has quit [Ping timeout: 240 seconds]
05:25 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 244 seconds]
05:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
05:25 -!- Denial [~Denial@81.141.23.254] has joined #openvpn
05:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:26 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 276 seconds]
05:26 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 256 seconds]
05:26 -!- early [~early@2607:5300:100:200::160d] has quit [Ping timeout: 256 seconds]
05:26 -!- avium [~avium@2607:5300:60:40bf::1] has quit [Ping timeout: 256 seconds]
05:26 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
05:26 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 265 seconds]
05:27 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 272 seconds]
05:27 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 272 seconds]
05:27 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Ping timeout: 272 seconds]
05:27 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
05:27 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 256 seconds]
05:27 -!- YamakasY [57677@xs8.xs4all.nl] has quit [Ping timeout: 272 seconds]
05:27 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 245 seconds]
05:27 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
05:27 -!- badaptr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 256 seconds]
05:27 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 252 seconds]
05:28 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Remote host closed the connection]
05:28 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
05:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
05:28 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
05:28 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
05:28 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
05:28 -!- Sollidius [M@qls.lsh.uli.sollidi.us] has quit [Ping timeout: 252 seconds]
05:28 -!- yang [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
05:28 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 256 seconds]
05:28 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
05:28 -!- cyberspace- [~cyberspac@ninthfloor.org] has joined #openvpn
05:28 -!- nsrafk [~whois@unaffiliated/nsrafk] has quit [Ping timeout: 240 seconds]
05:28 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 240 seconds]
05:29 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
05:29 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Ping timeout: 250 seconds]
05:29 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 256 seconds]
05:29 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
05:30 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
05:30 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
05:30 -!- badaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
05:31 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
05:31 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
05:31 -!- novaflash is now known as novaflash_away
05:31 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
05:31 -!- avium [~avium@2607:5300:60:40bf::1] has joined #openvpn
05:31 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
05:32 -!- Haigha [~root@dovahkiin.xomg.net] has quit [Ping timeout: 256 seconds]
05:32 -!- ngharo [~ngharo@nexus.sypherz.com] has quit [Ping timeout: 265 seconds]
05:32 -!- K1rk [~Kirk@equinox.epecweb.com] has quit [Ping timeout: 252 seconds]
05:33 -!- K1rk [~Kirk@5.135.221.149] has joined #openvpn
05:33 -!- gffa [~unknown@unaffiliated/gffa] has quit [Ping timeout: 265 seconds]
05:33 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
05:33 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
05:34 -!- Sollidius [~M@qls.lsh.uli.sollidi.us] has joined #openvpn
05:34 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 264 seconds]
05:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:36 -!- mode/#openvpn [+o mattock1] by ChanServ
05:36 -!- jesopo [Bit@lolpurr.net] has quit [Ping timeout: 265 seconds]
05:36 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
05:36 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
05:36 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
05:36 -!- mode/#openvpn [+o syzzer] by ChanServ
05:36 -!- swebb [~swebb@192.69.22.173] has joined #openvpn
05:36 -!- jesopo [Bit@lolpurr.net] has joined #openvpn
05:37 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
05:37 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
05:37 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
05:38 -!- Haigha [~root@dovahkiin.xomg.net] has joined #openvpn
05:40 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:41 -!- novaflash_away is now known as novaflash
05:42 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
05:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
05:51 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Quit: May Pahana be with you]
05:54 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
06:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
06:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
06:03 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:07 -!- sysanthrope [~sysanthro@209.37.255.2] has joined #openvpn
06:13 -!- sysanthrope [~sysanthro@209.37.255.2] has quit [Ping timeout: 264 seconds]
06:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
06:25 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
06:28 -!- Junka [~Junkass@gateway/vpn/privateinternetaccess/junka] has joined #openvpn
06:30 < Junka> the unpriviliged user documentation on the website is for init systems, that's a bit obselete, shouldn't be there a systemd quide too pls?
06:30 < Junka> guide*
07:08 -!- sysanthrope [~sysanthro@209.37.255.2] has joined #openvpn
07:13 -!- sysanthrope [~sysanthro@209.37.255.2] has quit [Ping timeout: 240 seconds]
07:15 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-fnnxrskyvbgxohro] has joined #openvpn
07:20 -!- bmax [b0681c76@gateway/web/freenode/ip.176.104.28.118] has joined #openvpn
07:23 < bmax> Greetings. It's somewhat uncomfortable to ask you for help but I've been trying to implement the idea for like a week, and have no result. I hope my case is a trivial one for you, so here it goes...
07:26 < bmax> I manage two home LANs, connected with openvpn tun. On both sides Asus routers are gateways and OpenVPN-servers. Everything runs smoothly, I've added "route" and "iroute" parameters so all machines in both LANs can see each other. Internet traffic isn't forwarded, the purpose is only LAN merging. But...
07:30 < bmax> Provider on the client side has a great IPTV service. And I'm trying to access it from my LAN, which is behind VPN-server. I could run server on that side and connect to it from my router -- then this task would be trivial. But there is no real IP on that side, only I have it here, so only I can be a server. And in this scheme I'd like to route certain IP via VPN-client. This IP isn't in local IP range, it is external, but accessible 
07:31 < bmax> Sorry, on both sides there are asus routers, one of which is server (my apartment) and remote being client
07:32 -!- Junka [~Junkass@gateway/vpn/privateinternetaccess/junka] has quit [Quit: B-Bye!]
07:35 < bmax> I have set up simple "route 91.235.x.x 255.255.255.0 10.8.0.2" rule on server, where 91.235.x.x is IPTV server's IP. And "iroute 91.235.x.x 255.255.255.0" in ccd for that client. These rules do apply. But there is no backward-routing, as far as I can see -- when I ping 91.235.x.x from my router, while watching tcpdump on remote router, it shows both requests AND replies, but the latter never reach my router, which sends pings. Tracero
07:35 < bmax> ... only one hop -- VPN-client (10.8.0.2).
07:36 < bmax> I tried to disable firewalls on both routers -- nothing changes
07:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
07:36 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:36 -!- skyroveRR_ is now known as skyroveRR
07:38 < bmax> does anybody know how to fix this? What should be done to route traffic to specific external IP via a specific VPN-client?
07:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
07:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:55 -!- marl_scot1 [~matt@pin-pai-fwo.pintelgrp.co.uk] has joined #openvpn
08:00 < marl_scot1> hi, dont suppose someone could take a quick look at the following paste? http://pastebin.com/TcCSnQgX I am getting the error message at the top of the paste, and can't work out what i have done wrong
08:00 < marl_scot1> the client is a SNOM voip phone, so getting any logs from it is hard! :(
08:05 < marl_scot1> if i try and set 'verb 5' in the server.conf file, i get non ascii characters being logged to the openvpn.log file, is this correct? if so how best to read the output?
08:08 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Remote host closed the connection]
08:09 -!- sysanthrope [~sysanthro@209.37.255.2] has joined #openvpn
08:10 <@dazo> marl_scot1: CRL: cannot read CRL from file easy-rsa/keys/crl.pem .... that means that openvpn is not able to find or or access the crl file ... double check paths, and consider to use absolute paths, not relative
08:10 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
08:11 < marl_scot1> dazo, would that cause the tls error as well?
08:11 <@dazo> The next line is harder ... but it basically means the client didn't send a certificate the server could parse.  It might be related to the previous line, but I'm not sure ... I don't recall the code-paths related to the CRL parsing
08:13 < marl_scot1> thanks, have revoked
08:13 < marl_scot1> a dummy cert
08:13 < marl_scot1> that is it now working :)
08:13 < marl_scot1> Is there a way to create a 'dummy crl file'?
08:13 <@dazo> marl_scot1: nope, not really anything else than what you just did
08:14 < marl_scot1> otherwise, on install i have to create a certificate and then revoke it
08:14 < marl_scot1> ok, thanks :)
08:14 <@dazo> normally people add the --crl statement once they have a crl file
08:14 -!- sysanthrope [~sysanthro@209.37.255.2] has quit [Ping timeout: 256 seconds]
08:16 < marl_scot1> I am trying to build an auto deploy system for several servers, and dont want to rely on other admins changing any configs
08:17 <@dazo> ahh, I see ... well your CA can then have a default CRL file with a dummy cert revoked.  It can be the same cert, as long as the CA is the same
08:18 < marl_scot1> thanks, just editing my build script to create and revoke on build
08:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
08:27 <@dazo> marl_scot1: I don't know how you have planned this ... but you do not place the CA itself on the servers, do you?
08:28 < marl_scot1> I know they shouldnt be, but they are, as there are several servers spread over locations, and each one has its own vpn config
08:28 < marl_scot1> so each one has a differant ca
08:28 <@dazo> but why can't they have a shared CA?
08:28 <@dazo> (or, sub-CAs - but managed centrally)
08:29 < marl_scot1> differant customers, and a central ca, would involve a seperate box to manage it, and i have a hard enough time getting management to let me sneeze let alone dedicate a vm to that :(
08:30 <@dazo> different customers can be tackled nicely with sub-CAs .... but your management should then really know about the consequences if one of the CA keys for your customers VPNs gets lost
08:30 < marl_scot1> if im pushing a route to my client, is it posible to get the client to access the servers public ip, via the vpn after it has connected?
08:30 <@dazo> (it really means you can't trust the VPN)
08:31 < marl_scot1> lol, if someone gets into the box and obtains the server ca, then we are knackered anyway!
08:32 <@dazo> marl_scot1: yes, that should be possible ... it all depends on the route statement you push ... openvpn supports some keywords for the --route option, which can help you route things inside or outside the tunnel
08:32 < marl_scot1> I will take your advice though, and see if i can twist some arms to get a dedicated vm, central managemtn would be nice :)
08:33 < marl_scot1> ok, at the moment i have : push route "<SERVER_IP> 255.255.255.255"
08:33 <@dazo> Put the worst case scenario out ... CxOs knows fear, so scare them enough and they'll usually abide
08:33 < marl_scot1> and it isn't working, i think its posible the mask
08:34 < marl_scot1> dazo, thats whast im going to aim  for :D
08:35 <@dazo> marl_scot1: route statement looks fine ... if you want to route the traffic explicitly outside the VPN, add the string 'net_gateway' as the third argument .... or use 'vpn_gateway' to enforce it via the tunnel
08:36 < nandop> @vpnHelper, the instructions for using 2fa and openvpn you posted http://securityskittles.wordpress.com/2012/03/14/two-factor-authentication-for-openvpn-on-centos-using-google-authenticator/  ..... i am trying to get the openvpn *client* to work with 2fa.... similar to Viscosity software which works fine to connect, but doesnt have a linux version
08:36 <@vpnHelper> Title: Two Factor authentication for OpenVPN on CentOS using Google Authenticator | NSA.PW Blog (at securityskittles.wordpress.com)
08:36 <@dazo> (vpn_gateway usually uses the same IP as --route-gateway)
08:36 <@dazo> !vpnHelper
08:36 <@vpnHelper> "vpnHelper" is "bot" is I'm a bot.. just a bot. krzee and ecrist are my maintainers, and I haven't said anything, if you'd notice, the person who spoke just before me gave a !command to make me speak :P
08:36 <@dazo> nandop: ^^
08:36 < nandop> i have no access to server... please see details on http://serverfault.com/questions/691589/google-authenticator-for-2fa-support-with-openvpn-client-on-linux?noredirect=1
08:36 <@vpnHelper> Title: google-authenticator for 2fa support with openvpn client on linux - Server Fault (at serverfault.com)
08:37 < marl_scot1> ah, thanks dazo , you also solved another issue i was having on a seperate box, about routing outside the vpn :)
08:37 <@dazo> yw!
08:38 < nandop> oh... well can anyone suggest how to make the openvpn client prompt for 2fa token after user/password? (like Viscosity does) i assume this means recompiling openvpn client ?
08:38 <@dazo> nandop: if you have no access to the VPN server ...then you need to ask your VPN provider for support
08:38 <@dazo> we need to understand what happens on the server side to be able to help you out
08:39 < nandop> how comes?   i have no access to server, and connect just fine with Viscosity on OSX
08:39 < nandop> isnt anyone trying to make an opensource version of viscosity?
08:41 < nandop> (its just openvpn client, with added prompt for 2fa token.... couldnt how it works be seen with tcpdump, hex editor, etc....)? or is this just not something peoplw want?
08:41 <@dazo> When one client works one place and not another, even more we need to understand what happens on the server side
08:41 <@dazo> which vpn service do you use?
08:42 < nandop> the openvpn server i am connecting to is private and black boxed
08:42 <@dazo> Then I can just wish you good luck!
08:43 < nandop> all i know is that Viscosity, a closed source version of openvpn, works by prompting for 2fa google auth token after user/pass
08:43 <@plaisthos> It could be challenge response stuff
08:43 <@plaisthos> iirc Tunnelblick does not support that
08:43 < nandop> oh welll.... i guess im routing all my traffic thru osx laptop then... kinda sux
08:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:43 <@plaisthos> the OpenVPN Connect (also commercial) software should support that too
08:44 < nandop> right, no tunnelblick only Viscosity (but only windoze and osx)
08:44 < nandop> im pretty certail openvpn connect commercial is whats running, just no access to it
08:44 <@plaisthos> it is /probably/ the challenge response protocol which is also documented in doc/management.txt
08:45 < nandop> so assuming it is, how do we recompile openvpn client to support 2fa?
08:45 < nandop> aha thanks will read up on that
08:45 < nandop> cheers
08:45 <@plaisthos> nandop: openvpn client is unspecific
08:46 <@plaisthos> nandop: openvpn supports it out of the box
08:46 <@plaisthos> but (that is a big but) the management UI has to support it too
08:47 <@plaisthos> and for example OpenVPN for Android does not support 2FA but there has also no one aksing for the feature
08:47 < nandop> i am assuming i will need to recompile openvpn with https://github.com/google/google-authenticator/
08:47 <@vpnHelper> Title: google/google-authenticator · GitHub (at github.com)
08:48 <@plaisthos> nandop: no
08:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
08:48 < nandop> no one is asking for 2fa with their openvpn?  thats kinda wierd
08:48 <@plaisthos> nandop: because only OpenVPN Connect Server uses that feature
08:48 <@plaisthos> and people buying the commercial server also use the OpenVPN Connect Client
08:49 < nandop> no to recompile openvpn?  do i need to build a plugin then?
08:49 <@plaisthos> nandop: read again what I wrote
08:49 <@dazo> nandop: I'm using 2fa without any issues each day ... based on linotp which can use yubikey, soft-tokens and hard-tokens ... it just uses the password field - you type in your PIN/passcode and then the token code
08:49 <@dazo> no need to complicate it more than that
08:50 <@plaisthos> dazo: yes but OpenVPN Connect server uses the challenge response protocol
08:50 <@plaisthos> dazo: and does not reuse the password field
08:50 <@dazo> right, that's a different and more complex approach ... which requires far more implementation
08:51 <@dazo> the approach we use at work means any openvpn client which supports username/password auth can work
08:52 <@plaisthos> I don't even have a server to test the more complex 2FA against
09:00 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has joined #openvpn
09:07 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has left #openvpn []
09:20 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
09:20 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-fnnxrskyvbgxohro] has quit [Quit: Connection closed for inactivity]
09:22 -!- nandop [ad4ddd51@gateway/web/freenode/ip.173.77.221.81] has quit [Quit: Page closed]
09:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
09:24 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 255 seconds]
09:25 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has joined #openvpn
09:25 < vaskozl> I have a much faster connection on the vpn server then on the client.
09:26 < vaskozl> Would using comp-lzo increase or decrease speeds?
09:26 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
09:26 < BtbN> Most communication is already compressed anyway
09:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:31 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:31 -!- s7eele [~AndChat52@208.167.254.90] has joined #openvpn
09:31 < vaskozl> BtbN: So you say I should keep it off?
09:34 -!- rulezzz [~rulezzz@189-212-141-193.static.axtel.net] has joined #openvpn
09:39 < marl_scot1> vaskozl, best thing is to test it, if your client and server are decent specs then you might gain some speed, if one is an old box, then you could slow down by increasing compression
09:53 -!- bmax [b0681c76@gateway/web/freenode/ip.176.104.28.118] has quit [Quit: Page closed]
09:55 -!- sysanthrope [~sysanthro@209.37.255.2] has joined #openvpn
10:00 <@dazo> vaskozl: and it entirely depends on what kind of data you transport ... if the data mostly is already compressed, you'll just waste CPU cycles ... otherwise, openvpn usually uses an adaptive approach, compressing what is compressible
10:00 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: No Ping reply in 180 seconds.]
10:02 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: Connection reset by peer]
10:10 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
10:22 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
10:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:24 -!- mode/#openvpn [+o mattock1] by ChanServ
10:30 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:37 -!- sysanthrope [~sysanthro@209.37.255.2] has quit [Remote host closed the connection]
10:58 -!- AxonetBE [~anonymous@81.83.15.153] has joined #openvpn
11:03 -!- AxonetBE [~anonymous@81.83.15.153] has quit [Quit: AxonetBE]
11:21 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 264 seconds]
11:24 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
11:29 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
11:34 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Quit: idafyaid]
11:34 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
11:45 -!- AxonetBE [~anonymous@94-224-187-20.access.telenet.be] has joined #openvpn
11:47 < vaskozl> dazo: well I mean general consumer stuff
11:48 -!- AxonetBE [~anonymous@94-224-187-20.access.telenet.be] has quit [Client Quit]
12:07 -!- AxonetBE [~anonymous@94-224-187-20.access.telenet.be] has joined #openvpn
12:11 -!- AxonetBE [~anonymous@94-224-187-20.access.telenet.be] has quit [Ping timeout: 256 seconds]
12:15 -!- kloeri_ is now known as kloeri
12:16 -!- warehouse13 is now known as Left_Turn
12:24 -!- Arc- [~Pickaboo@h-212-177.a259.priv.bahnhof.se] has joined #openvpn
12:25 -!- octe [~octe@lucilla.fixme.se] has quit [Ping timeout: 272 seconds]
12:25 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:35 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
12:35 -!- octe [~octe@lucilla.fixme.se] has joined #openvpn
12:36 -!- octe [~octe@lucilla.fixme.se] has quit [Read error: Connection reset by peer]
12:52 -!- pqatsi [~leonardo@unaffiliated/leleobhz] has quit [Ping timeout: 246 seconds]
12:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:57 -!- AxonetBE [~anonymous@94-224-187-20.access.telenet.be] has joined #openvpn
13:01 -!- AxonetBE [~anonymous@94-224-187-20.access.telenet.be] has quit [Client Quit]
13:20 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
13:55 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Remote host closed the connection]
13:55 -!- zmachine [uid53369@gateway/web/irccloud.com/x-jfnbqzoxhqetsdth] has joined #openvpn
14:03 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
14:17 -!- capri [svedrin@elwing.funzt-halt.net] has joined #openvpn
14:26 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Read error: Connection reset by peer]
14:28 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Quit: haasn]
14:33 -!- rulezzz [~rulezzz@189-212-141-193.static.axtel.net] has quit [Quit: Leaving]
14:38 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
14:38 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
14:39 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has quit [Ping timeout: 240 seconds]
14:43 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
14:46 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Remote host closed the connection]
14:47 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: No Ping reply in 180 seconds.]
14:49 -!- johnlane [~john@johnlane.plus.com] has joined #openvpn
14:53 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
14:57 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
14:57 < pie_> Hey guys, I have the following network: https://awwapp.com/s/5d671dfd-2148-4a41-9873-2726e777d147/ Serv is a freebsd machine and these are the routes on it: http://pastebin.com/4eXmJiE5
14:57 <@vpnHelper> Title: A web whiteboard (at awwapp.com)
14:58 < pie_> im not sure if the routes are set up right but ive tried a bunch of different ways
14:59 < pie_> traceroute shows stars when i try 192.168.82.1 or 192.168.81.254 from serv. any ideas?
14:59 < pie_> ive been pulliny my hair on this for the past 3 days
15:01 -!- dan_j [sid21651@gateway/web/irccloud.com/x-pcusxtkscitqbxom] has joined #openvpn
15:03 < dan_j> Hi. I'm running openvpn as a server on windows. But when it's running, the server gets flooded with DHCP packets. Any idea what could be causing it?
15:03 < dan_j> http://imgbin.org/index.php?page=image&id=23735 Screenshot of wireshark
15:03 <@vpnHelper> Title: ImgBin.Org: The #1 site for free, fast image hosting (at imgbin.org)
15:04 -!- johnlane [~john@johnlane.plus.com] has left #openvpn []
15:05 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
15:07 -!- stephanj [stephan@opennic/stephan] has joined #openvpn
15:07 < stephanj> what is the smallest subnet size i can use with ifconfig-push?
15:07 < stephanj> oh nvm.
15:08 < stephanj> it seems to be /29... but if you specify the wrong subnet size in the ccd file it won't work correctly
15:10 < dan_j> Sorted it by upgrading to the latest version.
15:13 < pie_> the routes on k2 and pi are set up correctly afaict
15:17 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
15:17 < pie_> to start off, what should my routes on serv to the other networks be? :/
15:26 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
16:06 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
16:06 -!- zmachine [uid53369@gateway/web/irccloud.com/x-jfnbqzoxhqetsdth] has quit [Quit: Connection closed for inactivity]
16:07 -!- unixninja92_ [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
16:09 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 250 seconds]
16:09 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 250 seconds]
16:09 -!- Patuck [~Patuck@unaffiliated/patuck] has quit [Ping timeout: 250 seconds]
16:09 -!- Thominus [~Thominus@CPEf46d04cde326-CM84948cd740d0.cpe.net.cable.rogers.com] has quit [Ping timeout: 250 seconds]
16:09 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Ping timeout: 250 seconds]
16:09 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Ping timeout: 250 seconds]
16:11 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
16:11 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
16:29 -!- stephanj [stephan@opennic/stephan] has left #openvpn []
16:46 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 256 seconds]
16:59 -!- randoman [c606320f@gateway/web/freenode/ip.198.6.50.15] has joined #openvpn
17:01 < randoman> Hi Everyone, Question about Iptables and Openvpn. When I have " iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP" set I can not connect and is refused. But if I remove those and i can connect no problems and the traffic is routed properly.
17:01 < randoman> Any ideas?
17:02 < randoman> I know its probably just my lack of knowledge with iptables.  :P
17:05 -!- s7eele [~AndChat52@208.167.254.90] has quit [Ping timeout: 258 seconds]
17:06 -!- wathek [84d255f4@gateway/web/freenode/ip.132.210.85.244] has joined #openvpn
17:06 < wathek> Hi everybody
17:06 < wathek> I'm experiencing a really strange problem with my OpenVPN installation. So my client are able to connect to my VPN servers and I'm pushing routes that let them access my private server which is running Apache
17:08 < wathek> so when the client that is connected to my VPN want to access a static page of apache (only html) it does work correctly however when it's a PHP page nothing happen the browser still spin saying that it loads and nothing happens
17:08 < wathek> I have nothing in apache log
17:09 < wathek> any idea or hint ?
17:10 <@dazo> randoman: that's your lack of iptables knowledge ... -P INPUT DROP, means the default policy is to drop all packets - *unless* you have rules in the INPUT chain which does ACCEPT packets ... and the same for FORWARD and OUTPUT too.  FORWARD takes care of traffic passing through your iptables box, and OUTPUT are all the traffic initiated from your box and hitting some of the NICs you have configured (including tun/tap adapters OpenVPN use)
17:11 <@dazo> wathek: if http works over the tunnel ... php issues is related to your apache/php server
17:12 < wathek> dazo: ok
17:14 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:16 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
17:18 < randoman> Thanks dazo that is what I thought and I just need to keep going at it.
17:21 -!- s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Ping timeout: 244 seconds]
17:21 < wathek> dazo: is it normal that my PHP works when I access it from my OpenVPN server but not from my client ?
17:21 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
17:22 < wathek> dazo: my arch is like I have an OpenVPN Server + Apache/PHP server
17:23 < wathek> dazo: from my OpenVPN server when I access to the Apache/PHP server everything works well
17:23 < wathek> dazo: from a client connected to the OpenVPN only Apache with no PHP
17:23 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
17:27 -!- randoman [c606320f@gateway/web/freenode/ip.198.6.50.15] has quit [Quit: Page closed]
17:28 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has quit [Ping timeout: 265 seconds]
17:31 <@dazo> wathek: but from vpn client to a non-php URL (like a static html) works?
17:31 < wathek> dazo: yes
17:32 <@dazo> wathek: I have no idea how you have managed that ... the thing is that openvpn is kind of like a virtual network cable.  So if http to a static html file works, php should work just the same.  I suspect you have some oddities in your apache or php configuration ...
17:33 <@dazo> try to use tcpdump or wireshark on your vpn server and check out the requests which are passed over both the VPN and the DMZ of your apache server
17:33 < wathek> dazo: ok
17:34 <@dazo> that might give some clues what is happening
17:34 < wathek> I understand
17:34 <@dazo> have you tried to download a large static html file?  (or an mp3 file or similar)
17:34 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.41.219] has joined #openvpn
17:34 < wathek> nope
17:34 < wathek> I can try doing that
17:35 <@dazo> try that ... could be related to that the php page is larger and that the number of packets is what's triggering this
17:38 < _FBi> http://venom.crowdstrike.com/
17:38 <@vpnHelper> Title: VENOM Vulnerability (at venom.crowdstrike.com)
17:39 <@dazo> grmbl
17:40 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has joined #openvpn
17:44 -!- AL13N_work [~alien@91.183.52.232] has quit [Ping timeout: 264 seconds]
17:44 < wathek> dazo: very interesting
17:44 < wathek> dazo: I put a file of 155MB on my server and from the client I cannot download it
17:45 <@dazo> right, then it might be your firewall.   Try a file which is 1100 bytes and then one which is 1600 bytes
17:47 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:50 < wathek> dazo: a file of 1000 bytes can be downloaded but not of 1100 nor 1600
17:51 <@dazo> right ... that's the effective MTU limitation of the encrypted packets, I guess ... you use iptables for firewalling?
17:51 < wathek> dazo: yes but I don't have a firewall
17:51 < wathek> I have the default rules of accepting everything
17:52 <@dazo> just for a sanity check can you pastebin the output of iptables-save?
17:52 <@dazo> both on your web server and your openvpn server (unless it's the same box)
17:52 < wathek> yeah sure
17:53 < wathek> dazo: http://pastebin.com/yrbjHs4p
17:54 <@dazo> fair enough ... okay, then I guess you'll need to dig into tuning the MTU
17:54 <@dazo> !mtu
17:54 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
17:54 < wathek> ok great I'm looking at that
17:54 < wathek> thank you a lot dazo
17:55 < wathek> oh noo the link doesn't exist anymore !
17:55 <@dazo> unfortunately, the url doesn't work .... I believe ecrist have been doing some reinstall ... let me check if there's a mirror somewhere
17:58 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
17:58 <@dazo> wathek: try this one https://web.archive.org/web/20140910223926/http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
17:58 <@vpnHelper> Title: OpenVPN/Troubleshooting - Secure Computing Wiki (at web.archive.org)
17:58 < wathek> thank you man
18:01 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
18:07 -!- mikeg3 [~mikeg3@68-191-58-53.dhcp.nwtn.ct.charter.com] has joined #openvpn
18:13 < mikeg3> Hi...I am having difficulty with my firewall (Norton 360) interacting with my VPN service that uses OpenVPN (Private Internet Access).  The issues: (1) I can't go anywhere on the internet, and (2) cannot print on my own network.  I know the firewall is likely over-restrictive.  Is there any info on confinguring firewalls the right way so I do not have these issues?
18:18 < mikeg3> !welcome
18:18 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
18:18 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:18 < mikeg3> !goal
18:18 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
18:19 -!- wathek [84d255f4@gateway/web/freenode/ip.132.210.85.244] has quit [Quit: Page closed]
18:19 < mikeg3> !route
18:19 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
18:19 <@vpnHelper> client
18:23 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
18:24 -!- mikeg3 [~mikeg3@68-191-58-53.dhcp.nwtn.ct.charter.com] has quit [Quit: Leaving]
18:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
18:47 -!- Epakai [~coweater@pool-173-64-205-42.dllstx.fios.verizon.net] has joined #openvpn
18:50 -!- KNERD [~KNERD@198.12.96.132] has quit [Ping timeout: 246 seconds]
18:54 <@ecrist> dazo: is it still not online?
18:54 -!- raidz [~raidz@openvpn/corp/admin/andrew] has left #openvpn []
18:55 <@ecrist> oh, wiki
18:55 <@dazo> ecrist: it's online ... but mediawiki not
18:55 <@ecrist> fucking spammers
18:55 <@ecrist> let me fix it
18:55 <@dazo> :/
18:55 <@ecrist> should work now
18:56 <@ecrist> I've been fighting a battle
18:56 <@ecrist> turns out it was a crummy postfix release
18:56 <@dazo> oh?
18:56 <@dazo> (looking good now)
18:57 <@ecrist> yeah.  didn't change a thing with my config and did a pkg upgrade postfix and problems went away
18:57 <@dazo> ouch ... which version was troublesome?
18:57 <@ecrist> didn't catch it
18:57 <@ecrist> will do some post-mortem this weekend
18:58 <@dazo> okay ... I have a few postfix servers myself (on scientific linux, though) ... but nice to beware of such things
18:58 <@ecrist> serious enough my mail mx is RBL listed and my VPS was shutdown forcibly by my provider for about a week
18:58 <@dazo> ouch, that burns
18:58 <@ecrist> problem was, my VPS provider was trying to email me but I was queueing about 250,000 msgs/hr
18:59 <@ecrist> so postsuper -d ALL was used un-ceremoniously and lots of valid messages were lost
18:59 <@dazo> :(
18:59 <@ecrist> it's all good
19:00 <@ecrist> my domain is old, and I'm not un-findable on the web, so they all figured I wasn't a shit-poster. :)
19:00 <@dazo> fair enough
19:00 <@ecrist> turns out when you don't try to hide yourself, people assume you're responsible-ish
19:00 <@dazo> heh :)
19:00 <@ecrist> I'll be first to admin I'm a dick 
19:01 <@ecrist> but I'm not (usually) unreasonable.
19:01 <@ecrist> I'm moving away from RootBSD, though.
19:01 <@ecrist> I have 1GB at home and I'm working on an ESXi box now.
19:01 <@ecrist> 4TB local storage with 14TB via NFS
19:02 <@ecrist> 32GB RAM, i5 3.2GHz
19:02 <@dazo> nice!
19:02 <@ecrist> a /28 static, too
19:02 <@ecrist> we will still have the two free VPSes
19:03 <@ecrist> and I"ll have one backup MX/DNS
19:16 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Ping timeout: 256 seconds]
19:21 -!- dazo is now known as dazo_afk
19:21 -!- zalami_ [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 245 seconds]
19:24 -!- cyberspace- [~cyberspac@ninthfloor.org] has quit [Remote host closed the connection]
19:25 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
19:29 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
19:29 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
19:34 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 272 seconds]
19:44 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.41.219] has quit [Ping timeout: 244 seconds]
19:57 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:06 <@krzee> a bad postfix release resulted in a seperate webserver box going down.  THAT's a far reaching bug
20:06 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
20:07 < bruxC> Hi. I was hoping I could get some assistance with setting up routing. I've tried a couple of things but nothing seems to be enabling my client to change its IP address; only a tun0 address.
20:07 <@krzee> so you want to redirect your internet connection over the vpn?
20:08 <@krzee> !redirect
20:08 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
20:08 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
20:09 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:09 < bruxC> krzee, I believe that's right.
20:09 < bruxC> Thanks, I'll read up.
20:10 < bruxC> krzee, for --redirect-gateway is the gateway my internal gateway address or is that my external ip address?
20:10 <@krzee> you dont need to set a gateway
20:10 <@krzee> !man
20:10 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
20:13 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
20:15 < bruxC> I've made sure to enable ipforwarding and I believe I have setup nat settings already.
20:16 < bruxC> How about for the DNS servers. I was a bit confused on what DNS it wants.. my WAN's DNS, my internal gateway DNS, or a VPN's DNS. Sorry, I'm trying to learn this stuff but I'm falling short of absorbing all of it.
20:16 <@krzee> see the flowchart in !redirect #4
20:16 <@krzee> it will ask you the questions i would ask you
20:16 <@krzee> let me know where you get stuck
20:17  * esde beer and bud for all
20:17 < bruxC> THanks.
20:21 <@krzee> already ahead of you :D
20:21 <@krzee> !krzee
20:21 <@vpnHelper> "krzee" is (#1) krzee says happy 4/20 or (#2) http://www.ircpimps.org/pics/krzee/blunt.jpg or (#3) location: moon base where he smokes moonajuana or (#4) takes bonghits on the freeswitch teleconference
20:21 <+esde> moonajuana :D
20:23 -!- Arc- [~Pickaboo@h-212-177.a259.priv.bahnhof.se] has quit []
20:28 < bruxC> i'm attempting to start the client in ubuntu 14.04 server by using command: openvpn client.conf
20:28 < bruxC> is that the correct method?
20:30 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
20:31 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
20:44 <@krzee> bruxC, if you are root yes
20:45 < bruxC> if not?
20:45 <@krzee> sudo openvpn client.conf :D
20:45 <@krzee> there could be startup scripts installed if you used the package manager
20:46 < bruxC> :P aw, I thought it was something else.
20:46 <@krzee> but you dont have to use them, openvpn <config> is fine
20:46 < bruxC> thanks.
20:48 < bruxC> Made a change. Currently getting an error when relaunching client.conf: http://pastebin.com/9iKC5Lat
20:49 <@krzee> its already running
20:50 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 256 seconds]
20:50 < bruxC> dumb question: how do I stop? service openvpn stop/start doesn't seem to do it.
20:55 <@krzee> learn your os
20:55 <@krzee> the kill command
20:56 <@krzee> bbl, writing some scripts
20:56 <+esde> $ ps ax | grep openvpn  # kill <openvpn-pid> -9 (or whatever you want)
20:56 <+esde> or #killall openvpn
20:57 < bruxC> will do.
20:57 < bruxC> Thanks for being patient.
20:57 < bruxC> I'm definitely trying to pick up *nix and run with it the best I can.
20:57 <+esde> !basics
21:03 <+esde> http://www.tldp.org/LDP/intro-linux/intro-linux.pdf
21:04 <+esde> sorry for pdf, probably different versions
21:04 <+esde> also from 2008 it looks like, so some info may be dated
21:05 < bruxC> Thanks, I was able to kill the process and restart the client.conf. Is it normal that this comes up and doesn't allow me to continue unless CTRL+Cing? : http://pastebin.com/Fm6NMuyR
21:05 <+esde> what do you mean? it's running
21:05 < bruxC> btw, these are just vm test servers so i'm not all that concerned.
21:06 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
21:06 < bruxC> I made changes and was hoping to restart the client service
21:07 <+esde> then use the service commands and place the conf in the dir where your distro's configuration looks for openvpn conf files and adjust your conf if you need to
21:08 < bruxC> I'm that fat kid in gym class esde, I'm a little slow in linux, brother.
21:08 <+esde> then at least google it first
21:09 < bruxC> I shall.
21:09 -!- CharlesIC [~vvvv@213.169.128.50] has joined #openvpn
21:09 < CharlesIC> hi
21:09 < bruxC> But please understand this information that you think I should know isn't that obvious so googling it would not have crossed my mind as it's not something that I would have been aware of.
21:09 <+esde> !welcome
21:09 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
21:09 < bruxC> not have been*
21:09 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:09 <+esde> CharlesIC ^
21:10 < CharlesIC> im trying to get pptp working in fedora 21, but im not sure i can ask in here :/
21:10 <+esde> then seek help with pptp in a pptp channel
21:10 <+esde> this is openvpn
21:10 <+esde> also pptp is broken
21:10 <+esde> not secure
21:10 < CharlesIC> hmm
21:10 < CharlesIC> ok
21:10 < CharlesIC> ill try to do openvpn then
21:10 <+esde> !pptp
21:10 <@vpnHelper> "pptp" is (#1) PPTP is known to be a faulty protocol. The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks. Lots of people use PPTP anyway due to ease of use, but that doesn't mean it is any less hazardous. The maintainers of PPTP Client and Poptop recommend using OpenVPN (SSL based) or IPSec instead. http://pptpclient.sourceforge.net/protocol-security.phtml to
21:10 < CharlesIC> :)
21:10 <@vpnHelper> read about why to not use pptp or (#2) Why not to use it: http://en.wikipedia.org/wiki/Pptp#Security or (#3) https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
21:11 <+esde> !howto
21:11 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
21:11 <+esde> CharlesIC ^
21:11 < CharlesIC> i just remember it being more difficult =)
21:11 <+esde> !effort
21:11 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
21:11 < CharlesIC> esde, will you be my mother ? :)
21:12 <+esde> something like that. it's difficult if you don't put forth the effort to learn
21:12 <+esde> otherwise it's easy
21:12 <+esde> tons of documentation
21:12 < CharlesIC> esde, i had it working before i switched laptops
21:12 < CharlesIC> i just can't remember if i had it working as pptp or openvpn
21:12 <+esde> I will not be your mother
21:12 < CharlesIC> im going through the openvpn docs now
21:12 < bruxC> I think you're failing to comprehend what a learning curve is.
21:13 <+esde> http://www.techrepublic.com/blog/linux-and-open-source/how-to-set-up-a-linux-openvpn-client/
21:13 <@vpnHelper> Title: How to set up a Linux OpenVPN client - TechRepublic (at www.techrepublic.com)
21:13 <+esde> second result on google
21:13 < CharlesIC> bruxC, i think you're failing to comprehend that i had it working on a different machine
21:13 < bruxC> By the time I'm proficient at learning linux I probably wouldn't have needed to even drop into this IRC. I understand that doing your research is one thing. I have. I appreciate your help but developing a keen understanding when someone isn't proficient in something goes a long way.
21:13 < CharlesIC> esde, i think you're failing to comprehend that i already set it up
21:13 < CharlesIC> i have docs for my vpn server
21:13 < bruxC> CharlesIC, I'm not talking about your endeavor or you.
21:13 < CharlesIC> that's what i'm going through now
21:14 <+esde> CharlesIC state your goal, post some !configs and !logs pls
21:14 < CharlesIC> esde, im going through it now. ill let you know if i can't get it working
21:15 < CharlesIC> thanks
21:16 <+esde> CharlesIC We're here to answer questions and help, you just haven't really asked any :/ aside from if i'd be your mother..
21:16 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:16 < bruxC> eh..
21:19 -!- s7eele [~AndChat52@208.167.254.45] has joined #openvpn
21:22 < bruxC> Followed flow chart; last one "does http://www.secure-computing.net/ip.php show your vpn address?" that's a no to which the answer is your vpn did not add routes correctly.
21:22 <@vpnHelper> Title: SCN: SCN (at www.secure-computing.net)
21:22 < bruxC> What should I google in order to correct this.
21:22 < bruxC> ?*
21:23 <@krzee> bruxC,
21:23 <@krzee> !logs
21:23 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
21:23 < bruxC> do you mean /var/log/syslog?
21:24 <@krzee> depends on your setup
21:24 <@krzee> but see #4 ^ above
21:24 < bruxC> ubuntu 14.04 server --- apt-get install openvpn easy-rsa
21:24 < bruxC> !logfile
21:24 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
21:25 < bruxC> verb 3 is already set in client.conf. There's a log on my vpnserver but not on my vpnclient. this was an issue before. I'm not sure what else to provide other than the syslog.
21:26 <+esde> let's see the client conf
21:26 <+esde> !configs
21:26 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
21:26 < bruxC> https://clbin.com/X4u8p
21:26 -!- zmachine [uid53369@gateway/web/irccloud.com/x-rsumefptjrcneyoa] has joined #openvpn
21:26 < bruxC> esde ^
21:26 <+esde> that is a log file
21:27 < bruxC> client.conf https://clbin.com/dNWeC
21:27 < bruxC> log file was as requested.
21:27 <+esde> read the !logging factoid a little closer
21:28 <+esde> the key is in the beginning of the factoid
21:28 < bruxC> And I'm specifying that where, in the client.conf?
21:28 < CharlesIC> got it working, thanks
21:28 -!- CharlesIC [~vvvv@213.169.128.50] has left #openvpn ["Leaving"]
21:29 <+esde> yes
21:29 <+esde> full path
21:33 < bruxC> esde VPNclient.log: https://clbin.com/X3XJo
21:41 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
21:43 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Remote host closed the connection]
21:43 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
21:57 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
22:02 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:06 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
22:12 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
22:13 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
22:23 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
22:23 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Client Quit]
22:26 -!- s7eele [~AndChat52@208.167.254.45] has quit [Ping timeout: 276 seconds]
22:50 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 258 seconds]
23:01 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
23:12 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
23:12 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
23:13 -!- badon_ is now known as badon
23:13 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
23:15 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
23:23 -!- EmperorTom [~EmperorTo@boom.blissfulidiot.com] has joined #openvpn
23:38 -!- ShadniX [dagger@p5481D236.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:38 -!- ShadniX [dagger@p5481CD4A.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Thu May 14 2015
00:03 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 246 seconds]
00:29 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:16 -!- mattsl [~user@68.169.165.200] has left #openvpn []
01:25 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 256 seconds]
01:27 -!- tsing [~tsing@gintama.tsing.org] has quit [Ping timeout: 264 seconds]
01:37 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
01:56 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
01:58 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:05 -!- SaintMoriarty [~SaintMori@ip68-231-100-174.ph.ph.cox.net] has joined #openvpn
02:05 -!- johnlane [~john@212.159.104.145] has joined #openvpn
02:06 -!- johnlane [~john@212.159.104.145] has left #openvpn []
02:06 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:07 < SaintMoriarty> Hello, for some reason when I connect to my host and don't disconnect and just close my laptop when I open it and try to connect I'm blocked from the host.
02:19 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
02:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:38 <@krzee> SaintMoriarty, what do logs say
02:41 < SaintMoriarty> not sure
02:44 < Sollidius> then take a look SaintMoriarty  ?
02:44 < SaintMoriarty> can't connect at the moment
02:52 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:00 -!- SaintMoriarty [~SaintMori@ip68-231-100-174.ph.ph.cox.net] has quit [Quit: Leaving]
03:13 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
03:20 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Ping timeout: 255 seconds]
03:26 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
03:50 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
04:06 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Quit: Quit]
04:06 -!- zmachine [uid53369@gateway/web/irccloud.com/x-rsumefptjrcneyoa] has quit [Quit: Connection closed for inactivity]
04:09 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
04:36 -!- crus` [~crusader@124-149-37-47.dyn.iinet.net.au] has joined #openvpn
04:37 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
05:23 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 246 seconds]
05:24 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 256 seconds]
05:54 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Remote host closed the connection]
06:24 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 276 seconds]
06:27 -!- Malsasa [~Malsasa@36.82.80.64] has joined #openvpn
06:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
06:49 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
06:49 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:08 -!- mode/#openvpn [+o mattock1] by ChanServ
07:09 -!- Malsasa [~Malsasa@36.82.80.64] has quit [Read error: Connection reset by peer]
07:18 <@ecrist> krzee: I shutdown my apache process and moved my wiki path in case that was the attack vector.
07:22 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Quit: WeeChat 0.3.8]
07:30 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
07:43 -!- s7eele [~AndChat52@208.167.254.90] has joined #openvpn
07:43 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has joined #openvpn
08:49 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Remote host closed the connection]
09:17 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
09:18 < pie_> on a net30 topology, what kind of routes do i need to add on the server to be able to ping hosts behind the client given that the client has the proper routes?
09:18 < pie_> 10.0.90.0/24 is my vpn ip range, what do i need to add for the router to be able to access the 192.168.82.0/24 subnet behind 10.0.90.34?
09:19 < pie_> route add -net 192.168.82.0/24 10.0.90.34 doesnt work
09:19 -!- jackbrown [~se@93-44-68-248.ip96.fastwebnet.it] has quit [Ping timeout: 245 seconds]
09:19 < pie_> traceroute, shows stars all the way
09:20 -!- DonRichie [~DonRichie@ricl.de] has quit [Ping timeout: 256 seconds]
09:20 < pie_> these are my relevant server routes: http://pastebin.com/HknE4Xef
09:22 -!- Sollidius [~M@qls.lsh.uli.sollidi.us] has left #openvpn []
09:27 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
09:27 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
09:50 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
09:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:01 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Quit: jthunder]
10:02 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
10:03 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Client Quit]
10:10 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
10:12 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has left #openvpn []
10:20 < pie_> argh
10:21 < pie_> what the hell do i need to set as the gateway for route add -net 192.168.82.0/24 .. !?!?!?!
10:21  * pie_ pulls hair
10:21 < pie_> !ovpnuke
10:21 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
10:22 < pie_> !poodle
10:22 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
10:23 < pie_> here is my setup: https://awwapp.com/b/ufuj2dxgh/ the relevant routes on serv: http://pastebin.com/HknE4Xef
10:23 <@vpnHelper> Title: A web whiteboard (at awwapp.com)
10:38 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:41 < Exagone313> hello, i'm unable to install openvpn on one of my computer "An error occurred installing the TAP device driver." what can i do?
10:45 < Exagone313> on windows 8.1 64 bits, i tried both version I003 and I603
10:46 -!- lv_ [~ubuntu@ec2-52-17-180-161.eu-west-1.compute.amazonaws.com] has joined #openvpn
10:47 < lv_> how do I obtain a log of all dhcpd leases issued from openVPN sevrer
10:47 < lv_> server*
10:54 < Exagone313> note that i don't use mc afee
10:54 < Exagone313> i don't find any "solution" than remove this program i don't have
11:02 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:04 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
11:05 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:08 -!- linuxthefish [~ltf@unaffiliated/edmundf] has quit [Quit: ZNC - http://znc.in]
11:09 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
11:11 <+esde> pie_
11:11 <+esde> !whining
11:11 <@vpnHelper> "whining" is < MacGyver> If somebody reads your question, and knows the answer, he'll answer it when and how he feels like it. This is IRC, not your company's paid tech support desk. Whining doesn't do any good except annoy the people who could help you.
11:11 < pie_> yeah. sorry.
11:22 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: Connection reset by peer]
11:27 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
11:27 -!- linuxthefish [~ltf@unaffiliated/edmundf] has quit [Quit: ZNC - http://znc.in]
11:28 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:31 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
11:33 -!- adamjt [~adamjt@unaffiliated/adamjt] has joined #openvpn
11:38 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
11:40 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
12:06 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: ##vaperhangout Out I go! This ends my short smoking curiosity]
12:06 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
12:07 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
12:07 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
12:10 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
12:15 -!- Latrina [~Latrina@ppp-189-2.26-151.libero.it] has joined #openvpn
12:17 <@krzee> ecrist, oh i thought you meant the vps provider shut down your whole account in the interim which included webserver
12:20 < Exagone313> can someone send me a link to a working tun server-side configuration please? i'll use it to correct mine
12:20 < Exagone313> because for now it- floods "TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down"
12:22 <@krzee> how bout you just post yours lol
12:22 <@krzee> !configs
12:22 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:23 < Exagone313> ok..
12:24 <@krzee> oh i see, you're getting an error while installing
12:24 <@krzee> or did you fix that?
12:25 < Exagone313> http://ewd.xyz/7uVXCGLj139AHRL
12:25 <@vpnHelper> Title: Elouworld File (at ewd.xyz)
12:25 < Exagone313> no it's not while installing now
12:25 <@krzee> !configs
12:25 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:25 <@krzee> try reading that again
12:26 < Exagone313> my client config is fine
12:26 <@krzee> you posted like 300 lines of comments which i wont be digging through
12:27 < Exagone313> refresh the link
12:28 <@krzee> your server is on the local lan?
12:28 < Exagone313> no
12:28 < Exagone313> on a dedicated server
12:28 <@krzee> whats "redirect-gateway br0" supposed to do?
12:28 < Exagone313> i don't know
12:29 < Exagone313> i copied it from the documentation, but it is not clear to me
12:29 <@krzee> then whys it there?
12:29 <@krzee> !man
12:29 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
12:29 <@krzee> !howto
12:29 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
12:29 <@krzee> !walkthrough
12:29 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
12:29 < Exagone313> oh and, something important, i want to route internet
12:30 < Exagone313> krzee: it was the man page
12:30 <@krzee> oh really? so whats the br0 flag do in --redirect-gateway?
12:31 <@krzee> i dont see it in my manpage
12:31 < Exagone313> a second i've maybe edited my interfaces, i check that
12:31 < Exagone313> i have read both man and how to pages
12:31 <@krzee> redirect-gateway says it wants an interface?
12:31 < Exagone313> maybe
12:31 <@krzee> show me where it says that
12:32 < Exagone313> i don't remember, i gave up a month ago, but i really need it
12:32 <@krzee> well stop giving up and start reading the man page
12:32 <@krzee> we help people help themselves, im happy to take a look at help you fix it, i wont necessarily be fixing it for you
12:33 < Exagone313> it's why i asked a working cfg before...
12:33 <@krzee> so if you are still in give up mode, you should probably find someone and pay them to not give up
12:33 < Exagone313> to not cause a problem like this
12:33 <@krzee> a working config that exactly matches your goal?
12:33 <@krzee> aka:
12:33 <@krzee> !spoonfeeding
12:33 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html
12:34 <@krzee> also, dont start out with port-share
12:34 <@krzee> add it when you're done, so you can rule it out as an issue
12:35 < Exagone313> i've already read the man page lots of time please
12:35 < Exagone313> it won't help
12:35 <@krzee> read it again for --redirect-gateway
12:35 <@krzee> then tell me what br0 is doing there
12:35 <@krzee> if thats too much to ask, you're going on my /ignore
12:37 < Exagone313> http://pastie.org/private/udnmxeeb8kbatf6jsglhg
12:40  * krzee gives up
12:40 < Exagone313> i removed this line
12:40 < Exagone313> i copy my client log
12:40 <@krzee> redirect-gateway can take 6 flags, none of which are an interface. that is oh so clear in the manual which you clearly refuse to look at right now so good luck man
12:41 < Exagone313> i didn't know what was def1
12:41 <@krzee> maybe someone else will spoonfeed you, ill /ignore
12:41 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
12:41 < Exagone313> i don't remember why i added this line
12:41 <@krzee> it SAYS what def1 is in --redirect-gateway in the manual
12:41 <@krzee> which you refused to look at
12:41 <@krzee> *!*exa@elou.world added to ignore list. good luck with the spoonfeeding
12:42 < Exagone313> i don't refuse to look, i just don't understand it
12:43 -!- Exagone313 [~exa@elou.world] has quit [Quit: see ya!]
12:43 -!- Exagone313 [exagone@elou.world] has joined #openvpn
12:44 < Exagone313> i don't refuse to look, i just don't understand it
12:48 < Exagone313> krzee: my problem is finally client-side
12:48 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:59 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
13:00 < Exagone313> so, i've two problems with openvpn, one client-side, one server-side
13:00 < Exagone313> the serevr-side, i can access to the target computer, but i can't access to internet. i want to route internet over the vpn
13:02 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:03 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: must sleep, be back later]
13:06 <+esde> pastie. makes me think of boobies.
13:06 <+esde> also Exagone313, krzee has added you to his ignore list. for the uninitiated, that means he is not seeing your messages.
13:07 <@krzee> theres 222 more people though
13:07 <+esde> also ifconfig is old and at times inaccurate
13:07 <+esde> !ifconfig-linux
13:07 <@vpnHelper> "ifconfig-linux" is Avoid use of 'ifconfig' and 'route' commands on modern Linux distros. It's old, deprecated, and often misleading/wrong. Use the 'ip a' and 'ip r' commands instead. More info: http://inai.de/2008/0219-ifconfig-sucks.php
13:09 < Exagone313> i give you the result of ip a only?
13:09 < Exagone313> or both?
13:10 <+esde> Did you ever check the manpages for the configuration option krzee pointed out to you? if so, were you able to glean anything useful?
13:10 < Exagone313> http://pastie.org/private/bkslmpbicwfhqc3egmsg
13:11 <+esde> what is br0, where did it come from, how and why does it exist?
13:11 < Exagone313> the problem to read this is my bad english, and sometimes i can have an incorrect translation for myself
13:11 <+esde> If you're english as a second language (ESOL), you'd have better luck finding someone familiar with openvpn that also speaks your native tongue
13:12 < Exagone313> i think there is more helpers in english
13:12 < Exagone313> are*
13:13 <+esde> However, english speakers likely won't have the patience to walk you through every step.
13:16 <@krzee> !read
13:16 <@vpnHelper> "read" is <krzee> ive been known to overreact when people look for 2 minutes and ask me to explain it to them
13:17 <@krzee> had he responded with a question about the meaning of something in the manpage, that would be different… but he ignored it all together and took a random guess on how to change his config and just commented the line all together
13:17 <@krzee> thats when i knew my time would be better spent on some bash code i need to write
13:19 < Exagone313> a month ago, i followed a tutorial with tap bridging. it said to set up this br0. but i didn't removed this. if i edit my interfaces file, i don't like if the server looses the connection, etc... so maybe, i have to edit my interfaces file first. with a working cfg, i can read the doc for these particular points, and not all. the man page is too big
13:24 < Exagone313> i think i just have to use a iptables command to route the traffic
13:24 < Exagone313> actually i have this "iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o em1 -j MASQUERADE"
13:25 <+esde> If you'd like to simply redirect internet traffic through the server, you don't need "br0", or tap, or bridging whatsoever. !redirect is tun
13:27 <+esde> that is an iptables command. in order to show your iptables, please use !iptables-rules
13:27 < Exagone313> vpnHelper seems to be busy
13:28 < Exagone313> i try to erstart my server
13:28 < Exagone313> restart*
13:28 < Exagone313> see you
13:28 <+esde> restarting your server is not useful
13:28 -!- Exagone313 [exagone@elou.world] has quit [Quit: see ya!]
13:30 -!- Exagone313 [~exa@elou.world] has joined #openvpn
13:32 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:34 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
13:36 < Exagone313> so, i removed this interface br0, and i keep the same result, no internet routing and access to the server's local network. is my iptables command good, or i need to change this?
13:37 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
13:37 < dionysus69> hey guys
13:39 < dionysus69> I followed a tutorial on the site and forwarded port on router turned OFF firewalls on both machines just for testing purposes, and what i get is server is running fine it seems
13:39 < dionysus69> but the client is getting disconnected and trying to reconnect automatically
13:40 < dionysus69> the error contains  '--script-security 2' or higher to call user-defined scripts and executables' and many more lines ending with 'restart' and same is rewritten
13:42 -!- caliculk [~caliculk@unaffiliated/caliculk] has quit [Read error: Connection reset by peer]
13:54 <@krzee> dionysus69, are you using more than 1 client with the same certificate?
13:58 < dionysus69> krzee: nope, just one, I didnt even get time to test more, I was testing from my main pc to the server only
13:58 <@krzee> ok, set verb to 5 on both sides and post the logs
13:58 <@krzee> !logs
13:59 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
13:59 < dionysus69> krzee: wait I cannot test it right now, server and client are on same subnet, will test when i am at work tomorrow
14:00 < dionysus69> but what do you mean set verb to 5 ? in the config file?
14:00 <@krzee> yep
14:00 <@krzee> !verb
14:00 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only (special debug build needed)
14:02 < dionysus69> I will post logs tomorrow
14:02 < dionysus69> hopefully I will get input :)
14:13 < Exagone313> i've also another problem, client-side, on windows 8.1 (but on another Windows 8.1 I don't have this). here is a part of the log http://pastie.org/private/6e1hyvxiibwi0gmwglxbg
14:14 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 256 seconds]
14:18 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 272 seconds]
14:18 -!- cpt-oblivious [~quassel@freebsd/user/cpt-oblivious] has quit [Read error: Connection reset by peer]
15:06 -!- Agent_Is- [Agent_Isai@unaffiliated/agentisai] has quit [Read error: Connection reset by peer]
15:12 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:14 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
15:19 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
15:23 -!- KNERD [~KNERD@198.12.96.132] has joined #openvpn
15:25 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
15:30 -!- adamjt [~adamjt@unaffiliated/adamjt] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:33 < KNERD> Anyone tried  tunnelblick ?
15:33 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
15:33 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
15:52 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:07 <@krzee> KNERD, a few of us use it
16:09 <@krzee> it is nice, i gave it a try and never looked back (used openvpn direct from the shell for years before using tunnelblick)
16:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
16:24 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 265 seconds]
16:27 < KNERD> krzee: thanks for the feedback
16:27 <@krzee> np
16:29 < KNERD> My installaing of Obfsproxy has stalled since I leanr the non server side needs to be running a client
16:30 < KNERD> surely there is another way to get around ISP blockages
16:36 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:44 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has joined #openvpn
16:45 < KNERD> What about having openvpn listen on multiple ports. Was that implemented? I see people wanting it
16:45 < dimitry7> Hi guys, I've seen in the documentation that due to negotiation times it is advisable to use 2048 bit keys.
16:45 < dimitry7> What do you thinkg? I have my PKI build on 2048 but I'm in time to change it to 4096 bits
16:47 < dimitry7> My VPN server is in Amazon EC2
16:47 < KNERD> you can always test it
16:47 < dimitry7> so I don't want delays but I want security as weoll
16:58 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
16:59 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
16:59 < dimitry7> ?
16:59 < dimitry7> will follow the docs
17:01 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:01 -!- mode/#openvpn [+v s7r] by ChanServ
17:03 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:03 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:03 -!- jesopo [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
17:03 -!- badon_ is now known as badon
17:06 -!- s7eele [~AndChat52@208.167.254.90] has quit [Ping timeout: 272 seconds]
17:06 -!- jesopo [Bit@lolpurr.net] has joined #openvpn
17:21 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:26 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
17:27 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
17:36 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:52 -!- jesopo [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
17:54 -!- jesopo [Bit@lolpurr.net] has joined #openvpn
18:04 < dimitry7> I need a host route in another host in the same LAN
18:04 < dimitry7> what can I do?
18:04 < dimitry7> I have this: http://paste.incorrigible.me/nuconulize.hs
18:05 < dimitry7> actually is another LAN, but they are being routed, 172.16.11 is my VPN server, and I need to interconnect 172.16.5.0/25 with 192.168.1.0/24
18:06 < dimitry7> logs say: potential TUN/TAP adapter subnet conflict between local LAN [172.16.5.0/255.255.255.0] and remote VPN [172.16.5.10/255.255.255.255]
18:16 -!- Isai [Agent_Isai@unaffiliated/agentisai] has joined #openvpn
18:33 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
18:35 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
18:37 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 246 seconds]
18:48 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Disconnected by services]
18:49 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
18:55 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
18:57 <@ecrist> dimitry7: 
18:57 <@ecrist> !route
18:58 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
18:58 <@ecrist> !iroute
18:58 <@vpnHelper> client
18:58 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
18:58 -!- s7eele [~AndChat52@208.167.254.29] has joined #openvpn
18:59 < dimitry7> ecrist, I solved it
18:59 < dimitry7> i created a new VPN with remote PUBLICIP
18:59 < dimitry7> that's the only way. But I wanted to create a VPN between the internal IPs
19:00 < dimitry7> ecrist, have you ever done so?
19:06 <@krzee> !route
19:06 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
19:06 <@krzee> as he showed you =]
19:12 -!- idafyaid is now known as bebilonu
19:16 -!- sysanthrope [~sysanthro@209.37.255.2] has joined #openvpn
19:19 -!- s7eele [~AndChat52@208.167.254.29] has quit [Read error: Connection reset by peer]
19:41 < dimitry7> krzee, :S
19:41 < dimitry7> krzee, I don't understand
19:43 <@krzee> did you go to the link in #1?
19:43 <@krzee> and read it?
19:43 <@krzee> you are trying to connect 2 lans with a vpn, right?
19:43 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
19:43 < dimitry7> yup
19:44 < dimitry7> krthnz, I think I would have to send you my diagram
19:44 <@krzee> thats what the link in !route is for
19:44 <@krzee> it teaches you how to do that
19:45 <@krzee> theres even flowcharts for troubleshooting the setup in #4
19:45 < dimitry7> I dont have the iroute command
19:45 <@krzee> well any lan behind a client needs iroute
19:45 <@krzee> which i see ecrist showed you 45 mins ago
19:50 -!- sysanthrope [~sysanthro@209.37.255.2] has quit [Remote host closed the connection]
19:51 < dimitry7> krthnz, the thing is that in my 2 lans, I don't use vpn, they are connected through Amazon routers
19:51 < krthnz> wat
19:51 < dimitry7> sorry
19:51 < dimitry7> krzee,
19:51 < krthnz> ah :)
19:52 < dimitry7> :p
19:52 < dimitry7> krzee, the two lans already know each other by that Amazon router
19:53 < dimitry7> I want to include a third lan
19:56 < dimitry7> krzee, in that example every lan is connected throuhg the same VPN server
19:58 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
19:58 <@krzee> well 1 lan is behind the server, but ya
19:59 <@krzee> you connect in a client from the lan and then route to the lan over the vpn and visa versa
20:01 < dimitry7> krzee, yes, when the client from the LAN has a default route to the openvpn server
20:01 < dimitry7> or at least a common interface
20:02 <@krzee> huh?
20:02 <@krzee> my writeup h´as nothing about a default route
20:03 <@krzee> where did you get that idea
20:03 < dimitry7> krzee, how does the client send traffic to the VPN server? because they are in the same LAN
20:04 <@krzee> what do you mean they are in the same lan?
20:04 < dimitry7> I think I need the config
20:04 < dimitry7> to test it
20:05 <@krzee> the client and server are in the same lan before the vpn connection is made?
20:05 < dimitry7> clients in 10.10.2.0/24
20:05 < dimitry7> yes
20:05 <@krzee> is that the vpn subnet or lan subnet?
20:05 < dimitry7> and I am talking about a client in different subnet
20:05 < dimitry7> than the VPN server is
20:05 <@krzee> is english your first language?
20:05 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
20:06 < dimitry7> we have three LANs
20:06 < dimitry7> the VPN server is in one of them
20:06 <@krzee> thats EXACTLY the setup given in !route
20:06 <@krzee> you did read it, right?
20:07 < dimitry7> krzee, I don't have that setup,
20:07 <@krzee> what are you talking about
20:07 < dimitry7> My VPN client is in a different subnet other than the VPN Server
20:07 < dimitry7> and that client needs to route traffic to a subnet the VPN server knows
20:08 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:08 < dimitry7> the VPN client and the VPN server know each other by Amazon routing
20:09 < dimitry7> but the client can't see a Host route to the VPN Server
20:09 < dimitry7> because there are not in the same LAN, so I can't route traffic through the VPN Server
20:10 < dimitry7> I need to create a VPN between the client and the VPN Server to have a HOST route, which is gonna be given by a TUN interface
20:10 < dimitry7> LAN = I meant CIDR
20:11 <@krzee> omg, read !route
20:11 <@krzee> like 100 times
20:11 <@krzee> because it is EXACTLY your setup
20:12 <@krzee> you can tell me what you need as much as you want
20:12 <@krzee> that will not change the fact that i made an awesome writeup for you, which you have been told to read for a solid hour now
20:12 <@krzee> 80mins actually
20:13 < dimitry7> krzee, do you know how amazon EC2 instances work?
20:14 < dimitry7> in terms of networking
20:14 <@krzee> no but for this it does not matter
20:14 < dimitry7> btw I can't remake your example
20:15 <@krzee> well actually i guess it could
20:15 < dimitry7> I want to test, but how?
20:15 <@krzee> you might need the nathack
20:15 <@krzee> !nathack
20:15 <@vpnHelper> "nathack" is see https://community.openvpn.net/openvpn/wiki/NatHack for info on how to solve the problem when you need !route_outside_ovpn but cant add a route to the gateway or the lan machines
20:15 <@krzee> i dont play with ec2
20:15 <@krzee> start with server lan
20:15 <@krzee> !serverlan
20:15 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
20:15 <@krzee> if that is on ec2 and you get that working then you can get them all working
20:16 <@krzee> use the flowchart in #3
20:16 < dimitry7> krzee, I like the first link, let me see the other one
20:18 < dimitry7> krzee, I like both, but still I need some example config
20:19 < dimitry7> I'm trying to remake the example but I can't
20:19 <@krzee> !spoonfeeding
20:19 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html
20:19 <@krzee> im not making your config for you
20:19 <@krzee> go hire someone if thats what you're looking for
20:20 < dimitry7> krzee, I said example
20:20 <@krzee> lol ok
20:20 <@krzee> !man
20:20 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
20:20 <@krzee> ill paste from "EXAMPLES"
20:21 <@krzee> Example 1: A simple tunnel without security
20:21 <@krzee>  On may:
20:21 <@krzee> openvpn --remote june.kg --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --verb 9
20:21 <@krzee>  On june:
20:21 <@krzee> openvpn --remote may.kg --dev tun1 --ifconfig 10.4.0.2 10.4.0.1 --verb 9
20:21 <@krzee> there you go
20:21 < dimitry7> I made that before
20:21 < dimitry7> I got a LAN conflict error
20:22 < dimitry7> because of my desing, which was the first thing I described, dunno if I was clear though
20:22 <@krzee> very much not so
20:22 <@krzee> thats why i was asking if english is not your first language
20:22 <@krzee> because then ill try to go easy on translation issues
20:23 <@krzee> i dont know what you think is special about your design
20:23 < dimitry7> krzee, how many languages do you speak?
20:23 <@krzee> you described the exact setup i talk about in !route
20:23 <@krzee> 2
20:24 < dimitry7> the routing scheme
20:24 <@krzee> your routing scheme is simple
20:24 < dimitry7> it isn't
20:24 <@krzee> a server and 2 clients, all 3 with lans behind them
20:24 <@krzee> same as !route
20:24 < dimitry7> no
20:25 < dimitry7> I have VPC Peering
20:25 <@krzee> dunno what that means
20:26 < dimitry7> one LAN1 is 172.16.5.0/25
20:26 < dimitry7> LAN2 is 172.16.1.0/25
20:26 <@krzee> if you cant route foreign subnets to the lans then just use the nathack
20:26 <@krzee> i see nothing strange about this.
20:27 < dimitry7> what do you mean by foraign subnet?
20:27 <@krzee> do you do much networking?
20:27 <@krzee> why do you think you are doing something different than what is in !route
20:27 <@krzee> what do you think is strange about it?
20:31 < dimitry7> krzee, im gonna tell you
20:31 < dimitry7> I don't have ANY way to contact my VPN server other than the defaul route
20:31 < dimitry7> * default
20:31 < dimitry7> ok?
20:32 < dimitry7> and that default route is managed by Amazon
20:32 <@krzee> dude
20:32 <@krzee> routing a lan over the vpn has NOTHING to do with the default route
20:32 < dimitry7> http://paste.incorrigible.me/nizobowoqo.rb
20:33 <@krzee> that is why my writeup on lans behind openvpn does not talk about changing your default route
20:33 < dimitry7> krthnz, no, if you can reach the VPN over an interface
20:33 < dimitry7> but I can't do that
20:33 <@krzee> dude
20:33 < dimitry7> see my link
20:33 <@krzee> once you have the vpn connection made you route the new lan over that connection
20:33 <@krzee> you dont do networking do you
20:34 <@krzee> can the client make a vpn connection to the server?
20:34 <@krzee> if so, do not talk about your default routes anymore.
20:34 < dimitry7> I made the VPN connection, but it has conflict between my remote and ifconfig lines
20:34 <@krzee> !configs
20:34 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:34 <@krzee> read that carefully ^
20:35 < dimitry7> krzee, http://paste.incorrigible.me/niyunereqi.hs
20:35 < dimitry7> SERVER
20:36 <@krzee> ifconfig 172.16.1.11 192.168.90.254
20:36 <@krzee> hell no
20:36 < dimitry7> http://paste.incorrigible.me/uriboxixob.hs
20:36 < dimitry7> CLIENT
20:36 <@krzee> tell me a subnet that is not in use
20:36 <@krzee> !random
20:36 <@vpnHelper> "duplicate-cn": "dupe" is (#1) see --duplicate-cn in the manual (!man) to see how to allow multiple clients to use the same key (NOT recommended) or (#2) instead, use !pki to make a cert for each user; "dropje": Always listen to dropje; "certinfo": run `openssl x509 -in <file> -noout -text` for info from your cert file
20:36 <@krzee> !randomsubnet
20:36 <@vpnHelper> '"randomsubnet" is (#1) http://scarydevilmonastery.net/subnet.cgi for a random !1918 subnet or (#2) If your shell has $RANDOM support, perhaps try this: `echo 10.$((RANDOM%256)).$((RANDOM%256)).0/24 ` or (#3) Or try this perl oneliner: `perl -e \'printf 10.%d.%d.0/24\n , int(rand(256)), int(rand(256));\'`'
20:37 <@krzee> there, now your vpn subnet is 10.159.192.0/24
20:37 < dimitry7> NO
20:37 < dimitry7> is 172.16.5.0/25
20:37 <@krzee> NO
20:37 <@krzee> you're doing it wrong
20:38 < dimitry7> why?
20:38 <@krzee> vpn gets its own subnet
20:38 <+esde> :(
20:38 < dimitry7> krthnz, I am not using push
20:38 <@krzee> what is 192.168.90.0/24 ?
20:38 < krthnz> ffs!
20:38 < dimitry7> because I have static Ips
20:38 <@krzee> krthnz, lol :D
20:39 < krthnz> my phone always vibrates
20:39 < krthnz> :D
20:39 <@krzee> dimitry7, you will not be using those for the vpn
20:39 <@krzee> is 192.168.90.0 a lan?
20:39 < dimitry7> I need to connect to the 192.168.90.0/24
20:39 < dimitry7> yes
20:39 <@krzee> behind what
20:39 <@krzee> server?'
20:39 < dimitry7> yes
20:39 < dimitry7> VPN server
20:39 <@krzee> then the server config should NOT have a route entry for it lol
20:40 <@krzee> you told it to route itself over the vpn
20:40 <@krzee> http://paste.incorrigible.me/obiticecaw.hs
20:40 <@krzee> new server config
20:41 < dimitry7> ok let me put it
20:41 <@krzee> http://paste.incorrigible.me/tayigexamo.hs
20:41 < dimitry7> client?
20:41 <@krzee> ya
20:41 <@krzee> god why did i just do that
20:41 <@krzee> i guess i believed you read the docs and tried
20:42 < dimitry7> krzee, that is the point here... that I don't want to use the Public IP
20:42 <@krzee> wtf you talking about
20:43 < dimitry7> krzee, no, hold on, let me try this
20:45 < dimitry7> What is this IP for? : 10.159.192.0?
20:45 < dimitry7> can't I use my server private IP ?
20:46 -!- pipeep [~pipeep@fsf/member/pipeep] has joined #openvpn
20:46 < pipeep> I'm trying to connect my phone (via 3G) to an OpenVPN server I'm running, but it seems that every few UDP packets, the client's IP changes.
20:47 < pipeep> So it authenticates with one IP, but then a few seconds later, I get a message like: "pipeep-android.vpn.benjam.info/66.87.148.66:26968 MULTI: bad source address from client [51.235.46.66], packet dropped"
20:48 < pipeep> Is there a way to keep openvpn from checking the source IP?
20:48 < pipeep> Or am I doomed to TCP?
20:50 <@krzee> dimitry7, NO, you need to use a new unused subnet
20:50 <@krzee> and it ONLY exists inside the vpn
20:51 <@krzee> pipeep, see --float
20:51 < pipeep> krzee, That's it! Thanks.
20:51 <@krzee> np =]
20:53 < pipeep> Shit. OpenVPN 2.3.6 isn't in debian jessie, and that's when --float support was added for use with --server
20:55 < dimitry7> krzee, why a new unused subnet for the VPN server? I mean, its ok, but why is it good?
20:56 <@krzee> not going to explain routing
20:56 <@krzee> thats how it is.
20:57 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
20:57 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:57 -!- badon_ is now known as badon
20:59 < dimitry7> krzee, I will test it
20:59 < dimitry7> thanks a lot man!!!
20:59 <@krzee> yw
21:06 < pipeep> krzee, okay, updating to 2.3.6 (while a bit of a PITA) and setting float solved it!
21:06 <@krzee> \o/
21:07 < pipeep> Now I wonder if I could keep it from re-authing when I switch to-and-from wifi, since floating IPs are allowed...
21:17 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
22:22 -!- s7eele [~AndChat52@208.167.254.36] has joined #openvpn
22:22 -!- sysanthrope [~sysanthro@209.37.255.2] has joined #openvpn
22:36 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has quit [Ping timeout: 240 seconds]
23:13 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has joined #openvpn
23:13 -!- OG_s7eele [~AndChat52@ip184-190-212-250.lf.br.cox.net] has quit [Client Quit]
23:15 -!- s7eele [~AndChat52@208.167.254.36] has quit [Read error: Connection reset by peer]
23:30 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
23:36 -!- ShadniX [dagger@p5481CD4A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:36 -!- ShadniX_ [dagger@p5481CE2A.dip0.t-ipconnect.de] has joined #openvpn
23:36 -!- ShadniX_ is now known as ShadniX
23:43 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
--- Day changed Fri May 15 2015
00:43 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 264 seconds]
00:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:56 -!- mode/#openvpn [+o mattock1] by ChanServ
01:08 -!- hive-mind [~hivemind@mail.bbis.us] has joined #openvpn
01:09 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Ping timeout: 272 seconds]
01:15 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
01:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:51 -!- _Cyclone_ is now known as _Cyclone_[away]
01:59 -!- ivali [valentin@unaffiliated/ivali] has joined #openvpn
02:02 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
02:07 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:15 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:18 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:27 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
02:44 -!- colo-work [~jt@78.142.138.4] has quit [Read error: Connection reset by peer]
02:53 <@plaisthos> pipeep: float for server is only in -master
03:01 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:01 -!- mode/#openvpn [+o mattock2] by ChanServ
03:15 -!- johnlane [~john@212.159.104.145] has joined #openvpn
03:16 -!- johnlane [~john@212.159.104.145] has left #openvpn []
03:16 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
03:25 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 258 seconds]
03:29 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
03:39 < dionysus69> hello everyone
03:40 < dionysus69> I was yesterday told to put verbose to 5 and post
03:40 < dionysus69> I have a newly setup connection that is resetting itself
03:40 < dionysus69> should I post both client/server and how do I get the logs?
03:41 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:45 < dionysus69> krzee: hey :P I am the one who was posting an issue yesterday
03:49 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
03:54 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:57 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
04:09 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
04:41 -!- Latrina [~Latrina@ppp-189-2.26-151.libero.it] has quit [Ping timeout: 256 seconds]
04:41 -!- Latrina [~Latrina@ppp-243-51.26-151.libero.it] has joined #openvpn
05:23 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Quit: WeeChat 1.1.1]
05:24 -!- bebilonu [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 272 seconds]
05:25 -!- ivali [valentin@unaffiliated/ivali] has quit []
05:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
05:43 < dionysus69> is anyone here?
05:46 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
05:59 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
06:02 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
06:03 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
06:05 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: Lost terminal]
06:14 -!- apollo2k is now known as aPollO2k
06:16 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
06:17 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:18 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
06:19 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:21 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
06:47 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
06:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
07:06 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
07:15 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
07:19 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:43 -!- Kobaz [~kobaz@its.kobaz.net] has joined #openvpn
07:43 -!- _Cyclone_[away] [~Cyclone@72.11.34.69] has quit [Read error: Connection reset by peer]
07:49 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
07:56 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
08:02 -!- marl_scot1 [~matt@pin-pai-fwo.pintelgrp.co.uk] has quit [Remote host closed the connection]
08:07 -!- elfixit [~Icedove@178.162.199.90] has joined #openvpn
08:10 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
08:54 -!- eLBati [~elbati@dynamic-adsl-94-36-38-215.clienti.tiscali.it] has joined #openvpn
08:55 < eLBati> !welcome
08:55 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:55 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:59 -!- aPollO2k is now known as apollo2k
09:06 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
09:09 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
09:14 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 265 seconds]
09:19 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
09:19 -!- zheng [~zheng@116.230.206.208] has quit [Max SendQ exceeded]
09:20 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
09:32 < dionysus69> hello is anyone there?
09:33 -!- sysanthrope [~sysanthro@209.37.255.2] has quit [Remote host closed the connection]
09:34 -!- zheng [~zheng@116.230.206.208] has quit [Max SendQ exceeded]
09:34 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
09:35 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
09:35 -!- zheng [~zheng@116.230.206.208] has quit [Max SendQ exceeded]
09:36 <@krzee> !ask
09:36 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
09:36 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
09:36 -!- zheng [~zheng@116.230.206.208] has quit [Max SendQ exceeded]
09:37 < dionysus69> krzee: hi! I am the guy who said I would go to work tomorrow and post logs
09:37 <@krzee> yep
09:37 < dionysus69> I will post logs in a minute
09:37 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
09:37 <@krzee> ill be leaving soon too
09:37 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
09:37 <@krzee> but just post them and ask the question and if im not here theres plenty of others
09:38 < dionysus69> ok try your best :D
09:38 < dionysus69> here is the client http://pastebin.com/KCkYZZje
09:38 -!- zheng [~zheng@116.230.206.208] has quit [Max SendQ exceeded]
09:38 <@krzee> VERIFY ERROR
09:38 <@krzee> your certs are bad
09:38 <@krzee> !certverify
09:38 <@vpnHelper> "certverify" is (#1) verify your certs are signed correctly by running `openssl verify -CAfile <ca.crt> <client.crt>` for client.crt and server.crt or (#2) also make sure you use the same ca.crt on both sides by checking their md5
09:39 < dionysus69> http://pastebin.com/XGpjSsS9 server
09:39 < dionysus69> yes but
09:40 < dionysus69> i made certs exactly how the getting started tutorial told me to
09:40 < dionysus69> i didnt input anything extra
09:40 < dionysus69> and namings are consistent I checked, does it say which cert is bad? ca or server or client cert?
09:43 < dionysus69> you suggest recreating certificates the same way? I made certificates twice btw :\ I dont know what I am doing wrong with certificates :S
09:45 < _FBi> Sup krzee
09:45 <@krzee> dionysus69, did you just verify them as vpnHelper told you?
09:45 <@krzee> waddup _FBi
09:45 <@krzee> how you been
09:45 < dionysus69> krzee will do right now
09:46 < _FBi> Mia, lol
09:46 < _FBi> Hows you brother
09:47 <@krzee> good
09:47 <@krzee> also been mia
09:47 < dionysus69> krzee: I need a little backup on that one, first I do ca.crt client.crt and then ca.crt server.crt?
09:47 <@krzee> dionysus69, doesnt matter
09:48 < dionysus69> krzee ok i will do both
09:48 <@krzee> you're checking each side was signed by the same ca.key as the ca.crt on its same side
09:48 <@krzee> then you md5 the ca.crt on each side and make sure they are the same
09:49 < _FBi> I noticed you left.  I figure I'd stalk you haha
09:49 -!- jthunder_ [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
09:49 <@krzee> sweet, on your way to the caribbean?
09:50 <@krzee> or does your stalking end at the keyboard?
09:50 < dionysus69> krzee: client side told me crt ok
09:50 < _FBi> Emulated android keyboard
09:50 < _FBi> Visiting my mom.  Currently on my phone
09:50 <@krzee> _FBi, did you figure out what island im on?
09:51 < dionysus69> and server side told me its ok too
09:51 <@krzee> dionysus69, and you compared md5 hash of each sides ca.crt?
09:51 < dionysus69> how do I md5 check ? :S
09:51 < dionysus69> before i google :D
09:51 <@krzee> some distros come with md5sum
09:52 < dionysus69> krzee: i am on windows but ok i ll google, will post back results
09:52 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
09:52 <@krzee> theres windows md5 checksum tools
09:53 < _FBi> There's some awesome windows hash check tools
09:53 <@krzee> mmmm hash
09:53 < _FBi> Krzee, no.  Are you in the news?
09:53 <@krzee> _FBi, i wouldnt know, i dont check the news
09:53 < _FBi> Me either lol.
09:53 <@krzee> but for a cop named "fbi" who claims to be my stalker, i expected gps coordinates to my house
09:54 <@krzee> ;]
09:54 < _FBi> Oh. Lol. I think you've known me long enough to know better lol
09:55 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
09:55 <@krzee> ;]
09:55 <@krzee> just messin with ya
09:55 < _FBi> 5673°2472
09:56 <@krzee> 40.712784 | -74.005941
09:57 < dionysus69> yes I did check
09:57 < dionysus69> md5 is the same
09:57 < dionysus69> on both server & client
09:57 < dionysus69> ca.crt i mean
09:57 < dionysus69> now, what else can be an issue?
09:58 <@krzee> weird, check both sides are on the right timezone / time
09:58 < _FBi> I'm currently trying to change jobs
09:58 <@krzee> timezone doesnt matter, just that time is right for the timezone its in
09:58 < dionysus69> timezones are same so times are exact same too
09:59 < dionysus69> any other ideas ? :S
09:59 <@krzee> (also date)
09:59 <@krzee> were the certs made on one of those 2 machines? if not check the time/date of the machine that made the certs
09:59 < dionysus69> one is american version with month first, another is eu version, dont tell me that could be an issue?
09:59 <@krzee> nope
10:00 < dionysus69> yes all certs were made on the server
10:00 < dionysus69> then i just copied needed ones for client
10:01 < _FBi> Insecure to do that
10:01 <@krzee> sure, but its his first vpn
10:01 <@krzee> he can deal with opsec after dealing with how to setup a vpn
10:03 < _FBi> KCCO.  I'm out
10:03 < dionysus69> krzee: I have setup a built in pptp vpn but it sucks, i noticed udp port vpns have advantage of not so easily disconnecting
10:03 < dionysus69> so no more suggestions? times are same :S
10:03 <@krzee> now the pptp vpn, THATS insecure
10:03 <@krzee> i guess start over, which version easy-rsa are you using?
10:04 < dionysus69> haha ye i know so thats why I came here :P
10:04 <@krzee> !easy-rsa
10:04 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
10:04 <@krzee> you probably used version 2, which does work… but is quite old
10:04 <@krzee> i suggest version 3
10:04 <@krzee> (version 2 is in the howto, so you definitely dont get blamed for using that)
10:05 < dionysus69> krzee: so the bundle I downloaded was not the latest? :D
10:05 < dionysus69> why dont they put latest link in tutorial :S
10:06 < dionysus69> takes 1 second and doesnt repel newcomers for such stupid issues, I deeply hope its because of the version that I cant connect
10:07 <@krzee> dionysus69, 3 is still "beta"
10:07 <@krzee> but it is kind of stuck in perpetual beta
10:07 <@krzee> pekster, ^
10:07 < dionysus69> krzee: who cares, i trust the open community haha
10:07 <@krzee> dionysus69, well its on our wiki
10:07 <@krzee> community.openvpn.net
10:08 <@krzee> the open community is there
10:08 <@krzee> the rest of openvpn.net is managed by corp
10:09 <@krzee> (always working together though)
10:09 < dionysus69> krzee: ok then, thanks for support, I will post back results later, i will continue testing on monday
10:09 <@krzee> np
10:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:24 -!- elfixit1 [~Icedove@178.162.211.200] has joined #openvpn
10:25 -!- elfixit [~Icedove@178.162.199.90] has quit [Ping timeout: 256 seconds]
10:32 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
10:34 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
10:36 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:43 -!- r8b7xy [~weechat@gateway/vpn/privateinternetaccess/r8b7xy] has joined #openvpn
10:47 < r8b7xy> hi. Could you list me a link to any 'how-to' encrypt (GPG/pass) username and password defined in auth-user-pass. They are now stored as a plain text in separate file.
10:47 <@krzee> no howto, its up to you how you write the script
10:48 <@krzee> !authpass
10:48 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
10:49 < r8b7xy> thanks krzee!
10:51 < dionysus69> krzee cant seem to find version 3 beta
10:51 < dionysus69> can you shoot me a link ? :)
10:52 <@krzee> !easy-rsa
10:52 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
10:57 < dionysus69> thanks!
10:58 <@krzee> np
11:03 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:06 < dionysus69> krzee: so do I download a full easy-rsa dir on windows and run in it with cmd ?
11:08 <@krzee> i dont use windows, did you click the tutorial in #3?
11:09 < dionysus69> yes
11:12 < dionysus69> i downloaded private tunnel 2.4 installer
11:12 < dionysus69> i was using 2.1 before
11:13 < dionysus69> but the name was different, older one said openvpn while new one says private tunnel
11:14 < dionysus69> krzee this is the path it wants to install to, OpenVPN Technologies\PrivateTunnel , i have heard it is the corp version, do I use it ?
11:14 -!- Vndtta [~asdf@gateway/vpn/privateinternetaccess/vndtta] has joined #openvpn
11:14 <@krzee> nope
11:15 <@krzee> not if you're trying for community install
11:15 <@krzee> !install
11:15 <@krzee> !download
11:15 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
11:15 < Vndtta> Hi all, I've made an init script to start openvpn, but I don't like the idea of having the username and password as plaintext in a file. Has anyone managed to make an expect script to automate this?
11:16 < dionysus69> ok thanks allot I will try to bother you for more serious stuff :D i ll get to it now :P
11:16 <+esde> :|
11:16 < Vndtta> with gpg?
11:17 <+esde> when the hell did we suddenly become PIA's help desk?
11:19 -!- eLBati [~elbati@dynamic-adsl-94-36-38-215.clienti.tiscali.it] has quit [Quit: Ciao]
11:20 < dionysus69> esde meaning :P?
11:20 <+esde> That was not directed at you.
11:21 < Vndtta> Was it directed to me?
11:22 <+esde> Caribbean, eh krzee? How's the tan?
11:22 < Vndtta> it's an openvpn question no matter what server you use :/
11:22 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:32 -!- elfixit1 [~Icedove@178.162.211.200] has quit [Quit: elfixit1]
11:35 <+pekster> krzee: Well, RC. And I should have time this weekend (I'm hoping..) to fix that ;)
11:36 -!- elfixit [~Icedove@179.43.156.130] has joined #openvpn
11:36 <+pekster> dionysus69: The windows download package from github comes shipped with everything you need to start using easy-rsa v3, including a POSIX shell interperter (as the project complies with the POSIX shell standard)
11:37 <+pekster> Unix envnironments can use a checkout of master, but see the docs/ on how to build your own windows package (or poke me for details.) To use it, just download + unzip
11:37 <+esde> I wasn't aware you needed to provide a username and password in your upstart script
11:37 <+esde> *init
11:39 <+pekster> Not something in the project repo, I'd guess; maybe you're attempting to invoke openvpn in such a way that it is not provided a mandatory password?
11:39 <+pekster> (that's fixable by removing encryption passphrases from keying material, or using the !management API to provide it over another channel
11:39 < Vndtta> esde: to start openvpn I need the user and password, and I don't want to memorize them both, instead I'd like to have them stored in an encrypted file and use expect to input it when openvpn asks for user and password
11:40 <+pekster> Vndtta: RIght, doesn't work like that. See --auth-user-pass in the manpage, or better yet, read !management as I suggested above
11:40 <+esde> again not a problem for this channel. that falls outside the scope of things we support. if you'd like to create a solution and share it, great. currently, im not aware of any pre-packaged solution to point you towards
11:40 <+pekster> Obviously if things are encrypted, "someone" needs to decrypt it. A better solution IMO is to encrypt a volume you mount on-demand, then use a plaintext file from there, secured with good FS-level permissions
11:41 <+pekster> Pssh, use of !management API IS supported
11:41 < Vndtta> !management
11:41 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read https://github.com/OpenVPN/openvpn/blob/release/2.3/doc/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN or (#3) Enable with `--management 127.0.0.1 1234` (adjust port to taste.) See the manpage for pw and socket options
11:41 <+esde> Right
11:41 <+esde> But there's no script im aware of that would accomplish the user's goal
11:41 <+pekster> So suggest it, not "gtfo mate" ?
11:41 <+esde> > if you'd like to create a solution and share it, great.
11:41 <+esde> not exactly gtfo
11:42 <+pekster> It is a problem for this channel so far as the API is concerned. Not the solution per se
11:42 -!- elfixit [~Icedove@179.43.156.130] has quit [Ping timeout: 250 seconds]
11:42 <+pekster> And it is fully supported to have the user/pass in a file, of which thte problem of plaintext files and disk encryption is an issue for the implementor to fix
11:42 <+esde> Even with the API, that's not the end-all be-all, the user is still going to have to develop a solution
11:42 <+esde> exactly
11:43 <+pekster> Vndtta: So see either the API and script the input to the user/pass prompts per the API docs, or use a plaintext file with --auth-user-pass, and then you should take whatever protection you need on a volume-encryption and/or FS level to secure it
11:43 < Vndtta> I don't mind developing a solution, I am trying to write it myself, just wanted some help, there was no need to be so harsh ...
11:43 <+pekster> Well yes, that was my point ^
11:44 <+pekster> Vndtta: If you need help with the operation of the API or the CLI option I noted, that is very much on-topic here :)
11:46 < Vndtta> thanks
11:47 -!- sysanthrope [~sysanthro@2600:1010:b04b:b523:cc8b:6574:82fc:7c57] has joined #openvpn
11:48 < Vndtta> pekster: what do you use to protect the plaintext file?
11:49 <+pekster> Disk encryption
11:50 <+pekster> Read up on something like crypttab(5) if you're on a Linux
11:51 < r8b7xy> Vndtta: I've just asked similar question few minutes ago. In the man page find '--auth-user-pass-verify' I personally configured it with 'pass'.
11:52 -!- sysanthrope [~sysanthro@2600:1010:b04b:b523:cc8b:6574:82fc:7c57] has quit [Ping timeout: 256 seconds]
11:53 < r8b7xy> grab a link http://www.passwordstore.org/
11:53 <@vpnHelper> Title: Pass: The Standard Unix Password Manager (at www.passwordstore.org)
11:53 <+esde> also this https://forums.openvpn.net/topic9824.html
11:53 <@vpnHelper> Title: OpenVPN Support Forum Password Encrypt in OpenVpn : Off Topic, Related (at forums.openvpn.net)
11:54 <+esde> trying to find something useful, everything is either extremely convoluted or the solution is on windows, so far
11:55 <+esde> https://www.privateinternetaccess.com/forum/discussion/9093/pia-openvpn-client-encryption-patch
11:55 <@vpnHelper> Title: PIA OpenVPN Client Encryption Patch (at www.privateinternetaccess.com)
11:55 <+esde> winrar
11:55 < Vndtta> r8b7xy: I already use it ;)
11:55 < r8b7xy> :)
11:57 <+esde> there seems to be a switch for --enabled-password save. I don't use PIA, but I assume that is intended to accomplish your initial goal Vndtta
11:57 -!- Malsasa [~Malsasa@36.84.70.40] has joined #openvpn
11:57 < Vndtta> r8b7xy: but that option is in the server side...
11:59 <+esde> Most users seeking help in here, have access to server and client. He may not have noticed you do not have control over the server.
11:59 -!- Malsasa [~Malsasa@36.84.70.40] has quit [Remote host closed the connection]
12:02 <+pekster> fwiw, the "PIA client" is just a build of the GPLv2 OpenVPN; you should be able to use and/or compile any such version, including upstream's, without issue
12:03 < Vndtta> pekster: I prefer to use the default openvpn version
12:14 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
12:16 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
12:22 -!- Codmadnesspro [~Codmadnes@codmadnesspro.com] has joined #openvpn
12:22 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Read error: Connection reset by peer]
12:23 <+esde> https://i.imgur.com/QhYHlK5.png
12:24 <+esde> apparently PIA support is as bad as people have claimed.
12:24 < Codmadnesspro> Does anyone know what's wrong with my config? http://pastebin.com/FGKrB0KG
12:25 < Codmadnesspro> esde, what did they say after you said PIA is useless? :P
12:25 <+esde> I closed the window
12:25 <+esde> !configs
12:25 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:26 <+esde> we arent reading through all that commenting
12:27 < Codmadnesspro> !paste test
12:27 < Codmadnesspro> lolwat
12:27 < Codmadnesspro> !paste
12:27 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
12:27 < Codmadnesspro> Uhm i'm on windows 8.1, openvpn v5
12:28 < Codmadnesspro> thats for http://pastebin.com/FGKrB0KG
12:28 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
12:28 <+esde> gah.
12:28 < Codmadnesspro> When I try to connect it jsut says nothing then error "connecting to openvpn has failed"
12:34 -!- dirtbag_ [0cde8242@gateway/web/freenode/ip.12.222.130.66] has joined #openvpn
12:34 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Ping timeout: 264 seconds]
12:35 < dirtbag_> yo peeps! quick question.. in the openvpn config file, what is the  "2048 bit OpenVPN static key (Server Agent)" key used for?
12:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
12:36 <+esde> Codmadnesspro your conf http://pastebin.com/kJNSbRFg
12:47 -!- Vndtta [~asdf@gateway/vpn/privateinternetaccess/vndtta] has quit [Quit: Vndtta]
13:07 -!- yanf [8295d5bf@freenet/developer/gsoc2012/pausb] has joined #openvpn
13:13 -!- phunyguy is now known as phunygal
13:15 < dirtbag_> yes! I stumped the experts! ;)
13:16 <+esde> no you did not
13:18 <+esde> !hmac
13:18 <@vpnHelper> "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. or (#2) openvpn --genkey --secret ta.key to make the tls
13:18 <@vpnHelper> static key , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs
13:18 <+esde> dirtbag_ ^
13:20 -!- phunygal is now known as phunyguy
13:23 < dirtbag_> darn.. ;)
13:25 < dirtbag_> soo im trying to figure out what its used for.. i dont think ive ever used that before in a config.. but I see if in an exsting server config here..
13:33 -!- r8b7xy [~weechat@gateway/vpn/privateinternetaccess/r8b7xy] has quit [Ping timeout: 245 seconds]
13:39 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Quit: Leaving]
13:43 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:44 < dirtbag_> ok i finally got it i think.. thanks.
13:44 -!- dirtbag_ [0cde8242@gateway/web/freenode/ip.12.222.130.66] has quit [Quit: Page closed]
13:49 -!- r8b7xy [~weechat@92.55.243.41] has joined #openvpn
13:50 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Remote host closed the connection]
13:51 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
13:53 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
14:00 < Codmadnesspro> esde, nope doesnt work
14:01 <+esde> I didn't mean to imply it would. I just stripped the commenting from what you provided so that it might have had a chance of being seen by other users.
14:10 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
14:19 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
14:24 <+pekster> The config appears valid, but perhaps not correct. See the /TOPIC for pointers to telling us about your problem, perhaps !goal and !logs and your server !configs (this time without comments)
14:24 <+pekster> OpenVPN will give you at least several hundred lines if you read !logs correctly, not just "failed"
14:25 <+pekster> Codmadnesspro: ^
14:28 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
14:33 -!- Dropje [~yge@ip4da1148b.direct-adsl.nl] has joined #openvpn
14:36 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has joined #openvpn
14:45 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Ping timeout: 264 seconds]
14:48 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
14:50 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
14:57 < KNERD> There is no other method to get around SSL blockage besides obfsproxy?
14:59 <+esde> obfs is the preferred method
14:59 < KNERD> problem is the client side is a device and can't run a client
15:00 < KNERD> its firmware is not capable
15:00 < KNERD> though it has vpn client on it
15:01 <+esde> what is the device?
15:01 < KNERD> a voip phone
15:01 < KNERD> voip is also being blocked
15:02 < KNERD> hence the reason for trying to get around the voip blockage to only find out ssl is also blocked
15:03 <+esde> is this one case, or you need a solution for multiple clients
15:03 < KNERD> there are other voip devices using the openvpn solution, but only because of packet mangleing in the router
15:03 -!- crane [~crane@chat.craneworks.de] has joined #openvpn
15:04 < KNERD> this for this case there is only one phone in need of this
15:04 < crane> hey ho, how can i make my vpn server listen for ipv6 and ipv4?
15:04 <+esde> !ipv6
15:04 <@vpnHelper> "ipv6" is (#1) The wiki has IPv6 details: https://community.openvpn.net/openvpn/wiki/IPv6 or (#2) The manpage contains info about IPv6 features present in 2.3+: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ
15:05 -!- yanf [8295d5bf@freenet/developer/gsoc2012/pausb] has quit [Ping timeout: 246 seconds]
15:05 <+esde> I like VPN gateways, so if it were me, I'd provision a router to serve as an openvpn gateway (with obfs), and connect my devices through it
15:05 < KNERD> so the device would not need to use the openvpn client?
15:06 < crane> esde: i had already a look onto it. :) i'm just having problems to use a specific ip which he should bind on
15:06 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Ping timeout: 256 seconds]
15:06 < crane> local $IPv4 and local6 $IPv6 did not helped
15:06 <+esde> right, in my case it's usually pfsense connected to wan, running an openvpn client connection, with lan traffic going through the openvpn adapter
15:07 <+esde> crane i've still yet to tackle ipv6 and openvpn
15:07 <+esde> i've got ipv6 on my wan, but havent configured openvpn to use it yet
15:07 <+esde> more knowledgeable users have said the task is trivial FWIW
15:08 < KNERD> Any suggeestions on what to use to make a VPN gateway? A router with DD-Wrt?
15:09 <+esde> open wrt, dd-wrt, tomato, they should all work
15:10 < KNERD> oh thanks
15:10 <+esde> np
15:11 <+esde> only thing to consider with that embedded configuration is CPU bottleneck
15:12 -!- cagedwisdom [~X@124-150-79-204.dyn.iinet.net.au] has joined #openvpn
15:12 < KNERD> unless get the lastest ones with the quad core etc, if they exist
15:14 <+esde> openvpn runs single-threaded
15:14 <+esde> more powerful cores, not more cores, is what counts, unless you've got AES-NI
15:14 <+esde> AES-NI will also relieve cpu load
15:14 < KNERD> yeah that bottlenecks those embeeded cpus
15:18 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
15:19 <+esde> Can't see any residential routers featuring AES-NI, though.
15:19 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
15:23 < crane> hmm... i dont have a problem letting openvpn listen on v6. but i would like to run it on dual stack? not sure if this is possible because if i enable udp6 he is just listening on v6 and not on v4?
15:24 <+esde> i dont think dual stack is a feature yet. it might be in master
15:24 <+esde> maybe someone working on the project can confirm
15:28 <+esde> https://github.com/OpenVPN/openvpn/blob/669f898b8fcaf7a8d43825fa0255c2791cc0ef89/TODO.IPv6
15:28 <@vpnHelper> Title: openvpn/TODO.IPv6 at 669f898b8fcaf7a8d43825fa0255c2791cc0ef89 · OpenVPN/openvpn · GitHub (at github.com)
15:28 <+esde> looks like no
15:37 < crane> esde: fun fact, if you dont configure a local ip which should be used in dualstack he is actually doing dualstack.
15:51 -!- _Cyclone_ is now known as _Cyclone_[away]
16:00 -!- _Cyclone_[away] [~Cyclone@72.11.34.69] has quit [Ping timeout: 256 seconds]
16:02 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 37.0.2/20150415140819]]
16:03 -!- eLBati [~elbati@dynamic-adsl-94-36-38-215.clienti.tiscali.it] has joined #openvpn
16:05 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
16:11 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
16:17 < eLBati> I have a server with 2 VPNs: tap0 (192.168.170.1) and tap1 (192.168.180.1) . my local PC (192.168.170.3) can reach 192.168.170.1 and route -n gives http://pastie.org/10191139 . From server I can ping 192.168.180.2. From my PC I can ping 192.168.180.1, but can't ping 192.168.180.2
16:18 < eLBati> How could I reach 192.168.180.2 from my PC ?
16:44 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 264 seconds]
16:46 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
16:50 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Ping timeout: 256 seconds]
16:56 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
17:04 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:04 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:04 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:05 -!- badon_ is now known as badon
17:10 -!- eLBati [~elbati@dynamic-adsl-94-36-38-215.clienti.tiscali.it] has quit [Quit: Ciao]
17:15 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Ping timeout: 256 seconds]
17:20 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
17:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
17:40 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Ping timeout: 258 seconds]
17:47 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Quit: Leaving..]
17:48 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
17:49 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
17:52 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 272 seconds]
18:03 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
18:35 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 258 seconds]
18:36 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 252 seconds]
18:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:44 -!- idafyaid is now known as bebonu
18:45 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Ping timeout: 256 seconds]
18:47 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
18:50 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
18:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:03 -!- bebonu is now known as bejonu
19:07 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:16 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has quit [Ping timeout: 256 seconds]
19:20 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:27 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
19:44 -!- n13l [~Daniel@aaa.anect.cz] has joined #openvpn
19:44 -!- n13l [~Daniel@aaa.anect.cz] has left #openvpn []
19:48 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
19:48 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:49 -!- badon_ is now known as badon
19:58 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
20:18 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
20:48 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
20:48 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
20:57 -!- bejonu is now known as irobevjodu
20:57 -!- s7eele [~AndChat52@173.192.103.7-static.reverse.softlayer.com] has joined #openvpn
21:03 -!- Rahoul [~nicolas@186.23.63.156] has joined #openvpn
21:15 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
21:22 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
21:31 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
21:34 -!- s7eele [~AndChat52@173.192.103.7-static.reverse.softlayer.com] has quit [Remote host closed the connection]
21:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3082:df17:da31:fa68] has joined #openvpn
21:48 < Rahoul> exit
21:48 < Rahoul> exit
21:48 -!- Rahoul [~nicolas@186.23.63.156] has quit [Quit: leaving]
22:00 -!- irobevjodu [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 256 seconds]
22:08 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Ping timeout: 264 seconds]
22:14 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
22:16 -!- Isai [Agent_Isai@unaffiliated/agentisai] has quit [Ping timeout: 272 seconds]
22:49 -!- cagedwisdom [~X@124-150-79-204.dyn.iinet.net.au] has quit [Ping timeout: 244 seconds]
23:02 -!- cagedwisdom [~X@104.239.132.234] has joined #openvpn
23:07 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3082:df17:da31:fa68] has quit [Remote host closed the connection]
23:21 -!- zmachine [uid53369@gateway/web/irccloud.com/x-twdnghqmkvjcqxyv] has joined #openvpn
23:31 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
23:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1da4:c365:7047:6112] has joined #openvpn
23:34 -!- ShadniX [dagger@p5481CE2A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:36 -!- ShadniX [dagger@p57941C29.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat May 16 2015
00:31 -!- Denial [~Denial@81.141.23.254] has quit []
01:06 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1da4:c365:7047:6112] has quit [Remote host closed the connection]
01:14 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:38 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Quit: Leaving]
02:06 -!- zmachine [uid53369@gateway/web/irccloud.com/x-twdnghqmkvjcqxyv] has quit [Quit: Connection closed for inactivity]
02:08 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
02:26 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
02:36 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has joined #openvpn
02:36 < Billias> Hi all
02:36 < Billias> I am building an openvpn server farm
02:37 < Billias> I was thinking of using one hostname with multiple IPs behind it and an DNS load balancer (to balance the requests). The other choice is to add multiple openvpn servers on the client config (using remote-random)
02:37 < Billias> would both solutions work?
02:38 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
03:15 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
03:17 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 272 seconds]
03:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:24 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
03:26 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Client Quit]
03:40 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
03:44 -!- Thominus [~Thominus@CPEf46d04cde326-CM84948cd740d0.cpe.net.cable.rogers.com] has joined #openvpn
03:50 -!- johnlane [~john@johnlane.plus.com] has joined #openvpn
03:51 -!- johnlane [~john@johnlane.plus.com] has left #openvpn []
04:03 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:14 -!- cagedwisdom [~X@104.239.132.234] has quit [Ping timeout: 256 seconds]
04:16 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
04:16 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 256 seconds]
04:16 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 256 seconds]
04:16 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 256 seconds]
04:16 -!- yang [yang@freenode/sponsor/fsf.member.yang] has joined #openvpn
04:17 -!- MogDog [~MogDog@unaffiliated/mogdog66] has joined #openvpn
04:18 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a98d:5eaa:53dc:afd5] has joined #openvpn
04:19 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
04:23 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a98d:5eaa:53dc:afd5] has quit [Ping timeout: 256 seconds]
04:30 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
04:31 -!- Neal|ZNC [neal@felix.ineal.me] has joined #openvpn
04:31 -!- Matir_ [~matir@ubuntu/member/matir] has joined #openvpn
04:34 -!- BtbN_ [btbn@btbn.de] has joined #openvpn
04:35 -!- funnel_ [~funnel@unaffiliated/espiral] has joined #openvpn
04:35 -!- troyt_ [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
04:37 -!- Netsplit *.net <-> *.split quits: funnel, troyt, Billias, deraps, Eugene, Neal_, DArqueBishop, zoredache, Matir, @dazo_afk,  (+8 more, use /NETSPLIT to show all of them)
04:37 -!- BtbN_ is now known as BtbN
04:37 -!- funnel_ is now known as funnel
04:38 -!- Netsplit over, joins: mgorbach
04:38 -!- Eugene [~eugene@jack.kashpureff.org] has joined #openvpn
04:38 -!- Netsplit over, joins: pppingme
04:39 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:39 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has joined #openvpn
04:47 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
04:47 -!- mode/#openvpn [+o dazo_afk] by ChanServ
04:47 -!- dazo_afk is now known as dazo
04:48 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
04:48 -!- zoredache [~zoredache@2604:a880:1:20::80:b001] has joined #openvpn
04:50 -!- zoredache is now known as Guest83696
04:59 -!- r8b7xy [~weechat@92.55.243.41] has quit [Ping timeout: 256 seconds]
05:00 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
05:09 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:12 -!- r8b7xy [~weechat@gateway/vpn/privateinternetaccess/r8b7xy] has joined #openvpn
05:18 -!- Netsplit *.net <-> *.split quits: DArqueBishop, Guest83696
05:20 -!- Denial [~Denial@81.141.23.254] has joined #openvpn
05:24 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 245 seconds]
05:25 -!- zoredache [~zoredache@2604:a880:1:20::80:b001] has joined #openvpn
05:32 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
05:35 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
05:41 -!- Netsplit *.net <-> *.split quits: zoredache
05:45 -!- Netsplit over, joins: zoredache
05:46 -!- zoredache is now known as Guest85836
05:50 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
06:02 -!- zoredache_ [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
06:04 -!- Guest85836 [~zoredache@2604:a880:1:20::80:b001] has quit [Ping timeout: 256 seconds]
06:04 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a9f8:3aa3:a286:f111] has joined #openvpn
06:09 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a9f8:3aa3:a286:f111] has quit [Ping timeout: 265 seconds]
06:23 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
06:34 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
07:37 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:49 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
07:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4da:c910:8dd3:5614] has joined #openvpn
07:55 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4da:c910:8dd3:5614] has quit [Ping timeout: 265 seconds]
07:57 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
07:58 -!- Malsasa [~Malsasa@36.84.70.8] has joined #openvpn
08:02 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
08:25 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
08:35 -!- r8b7xy [~weechat@gateway/vpn/privateinternetaccess/r8b7xy] has quit [Ping timeout: 258 seconds]
08:38 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
08:42 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
08:48 -!- jzaw [~jzaw@2001:8b0:7:0:5054:ff:fe8e:3b24] has quit [Quit: really? must I leave? aw pls let me stay!]
08:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
09:02 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
09:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:08 -!- zheng [~zheng@116.230.206.208] has quit [Remote host closed the connection]
09:17 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-mzjalzimjdumcbsj] has joined #openvpn
09:23 < Billias> I am looking some answers on the multi remote part
09:25 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 276 seconds]
09:26 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Ping timeout: 276 seconds]
09:27 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
09:27 -!- mode/#openvpn [+o syzzer] by ChanServ
09:27 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
09:28 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 276 seconds]
09:28 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
09:28 -!- mode/#openvpn [+o pekster] by ChanServ
09:40 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has quit [Read error: Connection reset by peer]
09:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
09:46 -!- Malsasa [~Malsasa@36.84.70.8] has quit [Ping timeout: 272 seconds]
09:47 -!- zmachine [uid53369@gateway/web/irccloud.com/x-biuvflhszfgkyqog] has joined #openvpn
09:47 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has joined #openvpn
09:57 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Read error: Connection reset by peer]
09:57 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 276 seconds]
09:58 -!- sr_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
09:58 -!- sr_berry is now known as ser_berry
10:00 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
10:00 -!- teotwaki [~teotwaki@Maemo/community/contributor/crashanddie] has quit [Ping timeout: 265 seconds]
10:00 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
10:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:01 -!- avium [~avium@2607:5300:60:40bf::1] has quit [Ping timeout: 265 seconds]
10:01 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-mzjalzimjdumcbsj] has quit [Write error: Connection reset by peer]
10:01 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
10:01 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Remote host closed the connection]
10:01 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
10:02 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 265 seconds]
10:02 -!- troyt_ [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
10:02 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 265 seconds]
10:02 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
10:02 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
10:02 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 265 seconds]
10:03 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
10:03 -!- mode/#openvpn [+o syzzer] by ChanServ
10:03 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
10:03 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
10:03 -!- teotwaki [~teotwaki@Maemo/community/contributor/crashanddie] has joined #openvpn
10:03 -!- avium [~avium@2607:5300:60:40bf::1] has joined #openvpn
10:03 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
10:03 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
10:03 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
10:04 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
10:04 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
10:05 -!- mode/#openvpn [+o plaisthos] by ChanServ
10:05 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 272 seconds]
10:05 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
10:06 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4079:5b10:682a:bab7] has joined #openvpn
10:07 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-ejgtlqdvrtnsruru] has joined #openvpn
10:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:11 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4079:5b10:682a:bab7] has quit [Ping timeout: 265 seconds]
10:30 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 255 seconds]
10:33 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
10:39 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
10:39 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
10:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
10:56 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
11:14 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:21 -!- Tobinski [~tobinski@x2f56663.dyn.telefonica.de] has joined #openvpn
11:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
11:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Client Quit]
11:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:40 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-ejgtlqdvrtnsruru] has quit [Quit: Connection closed for inactivity]
11:47 -!- Tobinski [~tobinski@x2f56663.dyn.telefonica.de] has quit [Quit: Leaving]
11:53 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 255 seconds]
11:58 -!- Latrina [~Latrina@ppp-243-51.26-151.libero.it] has quit [Ping timeout: 258 seconds]
12:03 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
12:06 -!- zmachine [uid53369@gateway/web/irccloud.com/x-biuvflhszfgkyqog] has quit [Quit: Connection closed for inactivity]
12:18 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 256 seconds]
12:28 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
12:31 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
12:59 -!- pie__ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
13:09 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
13:09 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
13:21 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
13:36 -!- pie__ is now known as pie_
13:39 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has joined #openvpn
13:40 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
13:42 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 250 seconds]
13:56 -!- _Cyclone_ [~Cyclone@72.11.34.69] has joined #openvpn
14:14 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
14:38 -!- fuuu [~sijuendr@faui06a.informatik.uni-erlangen.de] has joined #openvpn
14:40 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 255 seconds]
14:49 < fuuu> hi all. i'm running an openvpn server to which i connect with a laptop client. IMO, the routing table of the client gets screwed up after connecting. Does it make sense to igore the pushed routes and set them up manually?
14:55 <+esde> !welcome
14:55 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
14:55 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:56 < fuuu> !route
14:56 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
14:57 < fuuu> !clientlan
14:57 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
14:57 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
15:00 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
15:03 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
15:09 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Ping timeout: 240 seconds]
15:11 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
15:21 -!- _Cyclone_ [~Cyclone@72.11.34.69] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:44 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
15:45 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:54 -!- s7eele [~AndChat52@108.61.68.155] has joined #openvpn
15:56 -!- s7eele [~AndChat52@108.61.68.155] has quit [Remote host closed the connection]
15:56 -!- s7eele [~AndChat52@108.61.68.155] has joined #openvpn
16:08 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
16:18 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Leaving]
16:24 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 256 seconds]
16:52 -!- s7eele [~AndChat52@108.61.68.155] has quit [Quit: Bye]
16:52 -!- s7eele [~AndChat52@108.61.68.155] has joined #openvpn
16:53 -!- s7eele [~AndChat52@108.61.68.155] has quit [Client Quit]
16:54 -!- s7eele [~AndChat52@108.61.68.155] has joined #openvpn
16:55 -!- s7eele [~AndChat52@108.61.68.155] has quit [Client Quit]
17:18 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
17:21 -!- filadome [~filadome_@pool-96-242-79-150.nwrknj.fios.verizon.net] has joined #openvpn
17:21 < filadome> does openvpn work with windows 10?
17:26 -!- Taftse|M_ [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:29 <+esde> try it
17:30 <+esde> right now it's only in tech preview
17:30 <+esde> windows 10 that is
17:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:32 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
18:37 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 255 seconds]
18:39 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
18:46 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:52 -!- elfixit [~Icedove@gateway/vpn/privateinternetaccess/elfixit] has joined #openvpn
18:55 < mete> filadome: openvpn should work without issues on win 10
19:03 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
19:07 < filadome> oh really
19:07 < filadome> when i tried it there was only a tray icon with settings and exit
19:08 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
19:09 < filadome> is there a trick to entering settings into the GUI?
19:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
19:13 <+esde> !sample
19:13 <@vpnHelper> "sample" is (#1) http://www.ircpimps.org/openvpn.configs for a working sample config or (#2) DO NOT use these configs until you understand the commands in them, read up on each first column of the configs in the manpage (see !man) or (#3) these configs are for a basic multi-user vpn, which you can then build upon to add lans or internet redirecting
19:13 <+esde> !howto
19:13 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
19:14 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
19:14 -!- mode/#openvpn [+v s7r] by ChanServ
19:15 < filadome> hmmmm
19:15 < filadome> so the gui is not used for configuration?
19:15 <+esde> the configuration file is used for configuration
19:15 < filadome> stone age
19:16 <+esde> if you don't like it don't use it
19:16 <+esde> or there is
19:16 <+esde> !as
19:16 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
19:16 < filadome> i will use it
19:17 < filadome> i have a pcf file from cisco, can i use it?
19:18 < filadome> i'm trying to use openvpn because cisco vpn 5 isn't working with windows 10
19:19 <+esde> no AFAIK pcf configs will not work
19:19 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
19:19 <+esde> if they're interchangeable, im unaware
19:20 < filadome> do i make a config file or get one from an administrator?
19:20 <+esde> either
19:21 < filadome> the readme file in the config folder
19:21 <+esde> but creating your own would require some knowledge of how the server is configured and possibly pki files
19:21 < filadome> hmmm...
19:21 <+esde> !howto
19:21 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
19:31 < filadome> so do i need to write a config file with a text editor?
19:31 < filadome> or will just creating a blank a file and filling it in with the GUI work?
19:31 <+esde> or modify an existing example config or use one provided by the administrator
19:31 < filadome> can you show me one for windows?
19:31 <+esde> no
19:31 < filadome> i read this page: https://community.openvpn.net/openvpn/wiki/OpenVPN-GUI#no1
19:31 <@vpnHelper> Title: OpenVPN-GUI – OpenVPN Community (at community.openvpn.net)
19:32 <+esde> !basics
19:32 < filadome> here are some: https://github.com/OpenVPN/openvpn/tree/master/sample/sample-config-files
19:33 <@vpnHelper> Title: openvpn/sample/sample-config-files at master · OpenVPN/openvpn · GitHub (at github.com)
19:33 <+esde> you need the client pki files, if applicable, shared key, if applicable, what ciipher to set, what tls cipher to set, what HMAC is being used if any (SHA/SHA1/SHA256/etc)
19:33 <+esde> no you cannot blindly "make it work" without knowing how it's supposed to work
19:33 < filadome> maybe i can get that from the pcf file, an administrator gave me the login/password
19:34 <+esde> you're completely misunderstanding
19:34 <+esde> unless the pcf is used by some client that conencts to an openvpn server
19:34 <+esde> in which case please post it
19:35 <+esde> but im unaware of pcf files or their being used to connect to an openvpn server
19:35 < filadome> hmmm
19:35 < filadome> i opened it in notepad
19:35 < filadome> it has a Host URL
19:35 < filadome> group name
19:35 <+esde> !paste
19:35 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
19:35 < filadome> i don't think i can share all the info
19:35 <+esde> !secret
19:35 <@vpnHelper> "secret" is funny that people use free programs, consult free help for them, run a business with them, but are restricted to say what they do.
19:36 < filadome> !lol
19:36 < filadome> vpnHelper, lol is :-)
19:36 <+esde> !bot
19:36 <@vpnHelper> "bot" is I'm a bot.. just a bot. krzee and ecrist are my maintainers, and I haven't said anything, if you'd notice, the person who spoke just before me gave a !command to make me speak :P
19:36 < filadome> !command
19:37 <+esde> !welcome
19:37 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
19:37 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:38 < filadome> i'm going to take a break from this, every answer is a question
19:38 < filadome> thanks for trying to help me though
19:38 <+esde> you havent provided much information pertaining to your goal
19:39 <+esde> !effort
19:39 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
19:39 < filadome> i just want to keep my home network traffic out of my work VPN
19:39 <+esde> what vpn are you using?
19:39 < filadome> i tried making a windows 10 Virtual machine and installing cisco vpn 5
19:39 < filadome> cisco vpn 5 refused to install
19:39 <+esde> openvpn=/=cisco vpn
19:39 < filadome> i chose windows 10 because it's free for preview
19:40 <+esde> it will not work AFAIK
19:40 < filadome> is vpn a standardized protocol?
19:40 <+esde> no
19:40 < filadome> so each group has their own version?
19:40 < filadome> cisco vpn client is not compatible with openvpn?
19:40 <+esde> not perse, thereare ipsec/opnvpn/ptpp (broken)
19:40 <+esde> no
19:40 <+esde> not AFAIK
19:40 < filadome> hmmm...
19:41 < filadome> i actually already pay for a VPN through Newshosting
19:41 < filadome> it came with it's own little program
19:43 -!- filadome_ [~filadome_@216.151.180.228] has joined #openvpn
19:43 < filadome_> i took a screenshot of my newshosting vpn and kicked myself
19:43 < filadome_> http://i.imgur.com/vF262mk.png
19:44 < filadome_> it can use the protocols: openvpn tcp, openvpn udp, l2tp, pp2p
19:44 <+esde> no not l2tp or pptp
19:44 <+esde> !pptp
19:44 <@vpnHelper> "pptp" is (#1) PPTP is known to be a faulty protocol. The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks. Lots of people use PPTP anyway due to ease of use, but that doesn't mean it is any less hazardous. The maintainers of PPTP Client and Poptop recommend using OpenVPN (SSL based) or IPSec instead. http://pptpclient.sourceforge.net/protocol-security.phtml to
19:44 <@vpnHelper> read about why to not use pptp or (#2) Why not to use it: http://en.wikipedia.org/wiki/Pptp#Security or (#3) https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
19:45 <+esde> only openvpn implementations
19:45 -!- filadome [~filadome_@pool-96-242-79-150.nwrknj.fios.verizon.net] has quit [Ping timeout: 255 seconds]
19:46 <+esde> dense like rock
19:47 < filadome_> my pcf file is similar to this: http://pastebin.com/vrQSxSX9
19:48 <+esde> if you're using an openvpn provider they should provide the configuration information and whatever files you need to connect
19:48 <+esde> i dont know why you're fixated on pcf files
19:48 < filadome_> for home use, i use newshosting vpn client
19:48 < filadome_> for work use, i want to run a VPN client within a windows virtual machine
19:48 <+esde> i don't understand why you don't understnad
19:48 <+esde> *and
19:49 <+esde> openvpn only works with openvpn, if you have an openvpn question, ask it
19:49 < filadome_> so openvpn client always requires an openvpn server?
19:49 <+esde> yes
19:49 < filadome_> do other clients use cisco's protocol?
19:50 <+esde> i would imagine the cisco vpn client would work for cisco vpn
19:50 <+esde> if you don't have a question about openvpn we can't help
19:50 < filadome_> ok fair enough
20:01 -!- idafyaid is now known as peskypokemon
20:07 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:09  * Anoniem4l test
20:09 <+esde> test failed
20:09 <+esde> :D
20:13 < Anoniem4l> Nem0 wut
20:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:35a4:b922:fe58:8fd9] has joined #openvpn
20:18 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:35a4:b922:fe58:8fd9] has quit [Ping timeout: 265 seconds]
20:32 -!- filadome_ [~filadome_@216.151.180.228] has quit [Quit: Leaving]
20:39 -!- s7eele [~AndChat52@208.167.254.200] has joined #openvpn
20:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:40 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
20:42 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
20:42 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Client Quit]
20:43 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
21:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
21:10 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
21:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b0e5:cbc2:f054:618e] has joined #openvpn
21:32 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
22:04 -!- Neal|ZNC is now known as Neal_
22:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b0e5:cbc2:f054:618e] has quit [Remote host closed the connection]
22:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:30 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has joined #openvpn
22:44 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:13 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 240 seconds]
23:15 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
23:34 -!- ShadniX [dagger@p57941C29.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:34 -!- ShadniX [dagger@p5DDFF138.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun May 17 2015
01:52 -!- Zimsky-- [~alice@unaffiliated/zimsky] has quit [Ping timeout: 255 seconds]
01:54 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
02:10 -!- pabed [~chatzilla@81.12.52.130] has joined #openvpn
02:32 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
02:39 -!- pabed [~chatzilla@81.12.52.130] has left #openvpn []
02:53 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:59 -!- funkenstrahlen [~pi@auriga.uberspace.de] has joined #openvpn
03:02 < funkenstrahlen> hey, I try to Routing all client traffic (including web-traffic) through the VPN. Connecting to openvpn works. However no traffic is routet. I have push "redirect-gateway def1" in my server conf. However I think 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE' did get lost after reboot. Because now routing traffic does not work any more. is that possible that this is the problem?
03:02 < funkenstrahlen> how can I make this permanent?
03:22 -!- Tobinski [~tobinski@x2f56ed9.dyn.telefonica.de] has joined #openvpn
03:24 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:47 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
03:56 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
04:04 -!- fuuu [~sijuendr@faui06a.informatik.uni-erlangen.de] has quit [Quit: leaving]
04:04 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:13 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:27 -!- peskypokemon [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 246 seconds]
04:27 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:36 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
04:36 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Client Quit]
04:36 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
04:38 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
04:50 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Remote host closed the connection]
04:51 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
04:53 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Remote host closed the connection]
04:54 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
05:02 -!- unixninja92_ [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Remote host closed the connection]
05:06 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
05:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
05:15 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:16 -!- skyroveRR_ is now known as skyroveRR
05:17 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
05:22 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
05:32 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
05:32 -!- mode/#openvpn [+v s7r] by ChanServ
05:45 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
05:48 -!- s7r_k [debian-tor@openvpn/user/s7r] has joined #openvpn
05:48 -!- mode/#openvpn [+v s7r_k] by ChanServ
05:48 -!- funkenstrahlen [~pi@auriga.uberspace.de] has left #openvpn ["WeeChat 1.1.1"]
05:49 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 272 seconds]
05:50 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 264 seconds]
05:53 -!- s7r_k is now known as s7r
06:13 -!- Far7ad [~Aghaeizad@93.115.85.174] has joined #openvpn
06:14 < Far7ad> hi
06:14 < Far7ad> i want to develope the openvpn client of android , can anybody help me ?
06:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
06:19 -!- yang [yang@freenode/sponsor/fsf.member.yang] has quit [Ping timeout: 256 seconds]
06:28 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 264 seconds]
06:31 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
06:31 -!- mode/#openvpn [+v s7r] by ChanServ
06:43 -!- Far7ad [~Aghaeizad@93.115.85.174] has quit [Ping timeout: 244 seconds]
06:53 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 244 seconds]
06:57 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
07:31 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
07:42 -!- Tobinski [~tobinski@x2f56ed9.dyn.telefonica.de] has quit [Quit: Leaving]
08:03 -!- Dropje [~yge@ip4da1148b.direct-adsl.nl] has quit [Ping timeout: 264 seconds]
08:08 -!- zalami_ [~realnameo@unaffiliated/zalami] has joined #openvpn
08:09 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 244 seconds]
08:36 -!- colbyftp [~colbyf@85.210.223.39] has joined #openvpn
08:37 < colbyftp> hi folks, I am using a scrip to connect to openVPN (provider). I don't know how to set the MTU to 1400
08:37 < colbyftp> # Run OpenVPN
08:37 < colbyftp> openvpn --config "$server" --config "auth/auth.ovpn"
08:37 < colbyftp> I am thinking I can add it to this line?
08:40 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
08:45 -!- wlarip_ [~wlarip@209.26.240.148] has joined #openvpn
08:45 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 255 seconds]
08:50 -!- wlarip_ [~wlarip@209.26.240.148] has quit [Ping timeout: 264 seconds]
08:52 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:03 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Remote host closed the connection]
09:05 -!- Latrina [~Latrina@adsl-ull-26-186.50-151.net24.it] has joined #openvpn
09:14 -!- Latrina [~Latrina@adsl-ull-26-186.50-151.net24.it] has quit [Ping timeout: 245 seconds]
09:25 -!- colbyftp [~colbyf@85.210.223.39] has quit [Quit: Leaving]
09:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:51 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
09:59 -!- Azrael_- [~aweoi@adsl-84-226-228-96.adslplus.ch] has joined #openvpn
09:59 < Azrael_-> hi
09:59 < Azrael_-> is it possible to use openvpn server without a dedicated windows client but the integrated vpn-client in windows?
10:01 <+esde> no, not that im aware of
10:02 < Azrael_-> is there any other free vpn-server for linux which could be used for this?
10:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has left #openvpn []
10:07 -!- james41382_ is now known as james41382
10:17 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
10:17 -!- mode/#openvpn [+v s7r] by ChanServ
10:31 -!- Latrina [~Latrina@adsl-ull-90-223.50-151.net24.it] has joined #openvpn
10:35 -!- julianoliver [~julian@202.66.238.89.in-addr.arpa.manitu.net] has joined #openvpn
10:42 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
10:44 -!- Latrina [~Latrina@adsl-ull-90-223.50-151.net24.it] has quit [Ping timeout: 245 seconds]
10:48 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
11:07 -!- Latrina [~Latrina@adsl-ull-215-215.50-151.net24.it] has joined #openvpn
11:19 -!- rich0__ is now known as rich0
11:20 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
11:21 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 265 seconds]
11:22 -!- zalami_ [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 264 seconds]
11:22 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
11:25 -!- Latrina [~Latrina@adsl-ull-215-215.50-151.net24.it] has quit [Ping timeout: 272 seconds]
11:28 -!- Latrina [~Latrina@ppp-210-27.26-151.libero.it] has joined #openvpn
11:51 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
11:51 -!- mode/#openvpn [+o krzee] by ChanServ
12:07 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Quit: There is no knowledge that is not power.]
12:08 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
12:21 -!- Latrina [~Latrina@ppp-210-27.26-151.libero.it] has quit [Read error: Connection reset by peer]
12:25 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
12:25 -!- Latrina [~Latrina@adsl-ull-177-203.50-151.net24.it] has joined #openvpn
12:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:40 -!- Latrina [~Latrina@adsl-ull-177-203.50-151.net24.it] has quit [Ping timeout: 245 seconds]
12:42 -!- Latrina [~Latrina@ppp-94-36.26-151.libero.it] has joined #openvpn
12:46 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Quit: There is no knowledge that is not power.]
12:49 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
12:52 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
13:05 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
13:18 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 245 seconds]
13:20 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
13:20 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
13:29 -!- Latrina [~Latrina@ppp-94-36.26-151.libero.it] has quit [Ping timeout: 264 seconds]
13:30 -!- Latrina [~Latrina@ppp-207-15.26-151.libero.it] has joined #openvpn
13:36 -!- Latrina [~Latrina@ppp-207-15.26-151.libero.it] has quit [Ping timeout: 276 seconds]
13:52 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Disconnected by services]
13:52 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
13:54 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Read error: Connection reset by peer]
13:55 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
14:00 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
14:01 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Ping timeout: 265 seconds]
14:09 -!- onr [5e36f101@gateway/web/freenode/ip.94.54.241.1] has joined #openvpn
14:12 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
14:23 -!- mumixam [~m@unaffiliated/mumixam] has quit [Remote host closed the connection]
14:28 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
14:29 -!- onr [5e36f101@gateway/web/freenode/ip.94.54.241.1] has quit [Quit: Page closed]
14:46 -!- mumixam [~m@unaffiliated/mumixam] has quit [Quit: mumixam]
14:48 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
15:04 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:22 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
15:23 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:28 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
15:29 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
15:33 -!- catsup [~d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
15:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 258 seconds]
15:40 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
15:44 -!- catsup [~d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
15:45 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Quit: ZNC - http://znc.in]
15:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:47 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
15:47 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
15:51 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
15:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:56 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
15:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
16:01 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
16:02 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
16:07 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
16:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
16:13 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
16:13 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
16:27 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:37 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:39 -!- Jeroen is now known as Jeroen52
16:39 -!- Jeroen52 is now known as Jeroen
16:39 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Quit: Quit]
16:41 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
16:46 -!- julianoliver [~julian@202.66.238.89.in-addr.arpa.manitu.net] has quit [Ping timeout: 265 seconds]
17:04 -!- shadok_ is now known as shadok
17:10 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
17:15 -!- aliendude5300 [~dtaylor@client-75-102-99-30.mobility-bd.psu.edu] has joined #openvpn
17:15 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:15 < aliendude5300> Hi, I'm having trouble getting an OpenVPN connection to work on Fedora. Network Manager just refuses to properly import my .ovpn file, and running  sudo openvpn --config [myvpn].ovpn disconnects me from the internet -- it says Sequence Complete but I have no network connection.
17:28 < Codmadnesspro> tip le fedora
17:31 < aliendude5300> No but seriously, can someone help me connect to my OpenVPN server? It works on Android with the official client
17:31  * aliendude5300 tips fedora
17:35  * pekster points to the /TOPIC
17:35 <@pekster> Also, this:
17:35 <@pekster> !n-m
17:35 -!- mode/#openvpn [+v-o pekster pekster] by pekster
17:35 <+pekster> !netman
17:35 <@vpnHelper> "netman" is (#1) if you are using network manager for linux to configure your vpn, dont! http://openvpn.net/archive/openvpn-users/2008-01/msg00046.html to read the same thing from the author of the openvpn 2 cookbook on the mail list or (#2) Have OpenVPN working but not NetworkManager? Ask the n-m folks for help: http://projects.gnome.org/NetworkManager/
17:37 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Remote host closed the connection]
17:37 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
17:43 -!- u0m3 [~u0m3@109.96.157.112] has joined #openvpn
17:45 -!- u0m3 [~u0m3@109.96.157.112] has quit [Client Quit]
17:50 -!- crus` [~crusader@124-149-37-47.dyn.iinet.net.au] has quit [Read error: Connection reset by peer]
17:50 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
17:52 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:01 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
18:06 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:24 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Quit: idafyaid]
18:25 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
18:27 -!- darlinger [~jd@c-67-181-116-118.hsd1.ca.comcast.net] has joined #openvpn
18:27 < darlinger> o/ hello everyone
18:37 < darlinger> all the setups for remotely bridged networks with openvpn show the server AT the desired lan that you want to connect into
18:38 < darlinger> is it possible to use an openvpn client as the gateway for the destination lan instead of the server?
18:39 < darlinger> the issue is that I don't have a static IP and would like to connect straight into my home lan remotely
18:39 < darlinger> and i don't want to use routing because i want broadcast and things like such available
18:47 -!- darlinger [~jd@c-67-181-116-118.hsd1.ca.comcast.net] has quit [Ping timeout: 272 seconds]
18:49 -!- darlinger [~jd@c-67-181-116-118.hsd1.ca.comcast.net] has joined #openvpn
18:49 -!- darlinger [~jd@c-67-181-116-118.hsd1.ca.comcast.net] has quit [Client Quit]
18:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
19:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
19:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
19:14 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Ping timeout: 244 seconds]
19:21 -!- zmachine [uid53369@gateway/web/irccloud.com/x-bufzvwfndrggqsum] has joined #openvpn
19:23 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 272 seconds]
19:28 -!- thedudez0r [~gt@unaffiliated/grullizzle] has joined #openvpn
19:29 < thedudez0r> hello, what are the common causes of exquisitely bad performance for a vpn?
19:29 < thedudez0r> the traffic through my vpn is slow
19:29 < thedudez0r> way slower than when I use my connection with no vpn
19:30 < thedudez0r> I'm using openvpn inside freebsd, pf is active but I don't think it should be the cause of the bad perf
19:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
19:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
19:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
19:47 -!- codehero [codehero@i.have.ipv6.on.coding4coffee.org] has left #openvpn []
20:03 -!- s7eele [~AndChat52@208.167.254.200] has quit [Remote host closed the connection]
20:08 <@krzee> !speed
20:08 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
20:08 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or (#9) a
20:08 <@vpnHelper> user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
20:12 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
20:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:27 -!- elfixit [~Icedove@gateway/vpn/privateinternetaccess/elfixit] has quit [Remote host closed the connection]
20:28 -!- elfixit [~Icedove@gateway/vpn/privateinternetaccess/elfixit] has joined #openvpn
20:30 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
20:30 -!- mode/#openvpn [+o pekster] by ChanServ
20:37 -!- Linuxnet is now known as Netas3k
20:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
20:50 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:57 -!- xMopxShell [~xMopxShel@davepedu.com] has quit [Quit: ZNC - http://znc.in]
21:11 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
21:17 -!- xMopxShell [~xMopxShel@n2.xmopx.net] has joined #openvpn
21:17 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Ping timeout: 246 seconds]
21:26 -!- zmachine [uid53369@gateway/web/irccloud.com/x-bufzvwfndrggqsum] has quit [Quit: Connection closed for inactivity]
21:40 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
21:43 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
21:54 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
21:59 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
21:59 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:59 -!- badon_ is now known as badon
22:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
22:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:32 -!- ShadniX [dagger@p5DDFF138.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:34 -!- ShadniX [dagger@p5481DD54.dip0.t-ipconnect.de] has joined #openvpn
23:57 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
--- Day changed Mon May 18 2015
00:21 -!- Epakai [~coweater@pool-173-64-205-42.dllstx.fios.verizon.net] has quit [Quit: Epakai]
00:46 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
00:58 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:40 -!- darlinger [~jd@23.246.221.116-static.reverse.softlayer.com] has joined #openvpn
01:41 < darlinger> o/ anybody awake?
01:43 -!- darlinger [~jd@23.246.221.116-static.reverse.softlayer.com] has quit [Client Quit]
01:47 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
01:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:50 -!- aliendude5300 [~dtaylor@client-75-102-99-30.mobility-bd.psu.edu] has quit [Ping timeout: 244 seconds]
01:57 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:20 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:20 -!- mode/#openvpn [+o mattock1] by ChanServ
02:49 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:53 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
03:03 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
03:21 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 264 seconds]
03:34 -!- pipeep [~pipeep@fsf/member/pipeep] has quit [Ping timeout: 248 seconds]
03:37 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
03:43 -!- dan_j [sid21651@gateway/web/irccloud.com/x-pcusxtkscitqbxom] has quit [Ping timeout: 276 seconds]
03:46 -!- dan_j [sid21651@gateway/web/irccloud.com/x-lipbufplzxggzwny] has joined #openvpn
03:46 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
03:50 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has quit [Ping timeout: 255 seconds]
03:52 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has joined #openvpn
03:59 -!- elfixit [~Icedove@gateway/vpn/privateinternetaccess/elfixit] has quit [Remote host closed the connection]
04:00 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: No Ping reply in 180 seconds.]
04:01 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
04:06 -!- novaflash is now known as novaflash_away
04:25 -!- crus [~crusader@124-149-37-47.dyn.iinet.net.au] has joined #openvpn
04:28 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 272 seconds]
04:30 -!- novaflash_away [~novaflash@openvpn/corp/support/novaflash] has quit [Quit: ABANDON SHIP! ABANDON SHIP!]
04:35 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
05:05 -!- mrtnt [~martint@martint.data.ee] has quit [Ping timeout: 255 seconds]
05:10 -!- sysanthrope [~sysanthro@ip-64-134-103-78.public.wayport.net] has joined #openvpn
05:24 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
05:26 -!- dionysus69_ [~chatzilla@178.134.100.122] has joined #openvpn
05:28 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Read error: Connection reset by peer]
05:29 -!- dionysus69_ is now known as dionysus69
05:30 -!- Kayra [~Kayra@dab-yat1-h-89-3.dab.02.net] has joined #openvpn
05:30 -!- sysanthrope [~sysanthro@ip-64-134-103-78.public.wayport.net] has quit []
05:31 < Kayra> Hi, I'm hosting OpenVPN on my vps and I'm having trouble connecting to it on my iPhone
05:31 < Kayra> I'm having trouble finding my shared secret
05:35 < dionysus69> what do I do with the set KEY_CN=changeme variable, what do I change it to ?
06:14 -!- Kayra [~Kayra@dab-yat1-h-89-3.dab.02.net] has quit [Ping timeout: 264 seconds]
06:18 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
06:20 < hays> is anyone around that can help me troubleshoot pushing a gateway to a client in openvpn? internet goes out when I do this so im thinking maybe my firewall is causing problems
06:21 < hays> here are my iptables http://dpaste.com/1VRFWFM
06:22 < hays> oh damnit wait. I think I see it
06:27 < hays> nope. I didn't see it.
06:28 < hays> i'm connecting, but internet goes away on the client
06:29 -!- dionysus69_ [~chatzilla@178.134.100.122] has joined #openvpn
06:30 -!- dionysus69__ [~chatzilla@178.134.100.122] has joined #openvpn
06:30 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Ping timeout: 244 seconds]
06:31 -!- dionysus69__ is now known as dionysus69
06:33 -!- dionysus69_ [~chatzilla@178.134.100.122] has quit [Read error: Connection reset by peer]
06:38 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
06:40 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
06:40 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:42 <@dazo> !redirect
06:42 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
06:42 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
06:42 <@dazo> hays: ^^
06:45 < hays> assuming im not out to lunch, that flowchart says i have a firewall issue http://dpaste.com/1VRFWFM
06:46 < hays> dazo: i've turned this off and it doesnt help the issue though
06:46 <@dazo> hays: did you see #4 in that factoid?
06:46 < Exagone313> hello, i've a problem with auth-user-pass-verify. It says that my program returns 1, but it is not executed because it is supposed to write a file and it does not return 1. what can I do ? " WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 1" It worked before, and I don't know what changed.
06:47 < hays> dazo: the flowchart?
06:47 <@dazo> ahh, saw your iptables dump related to the flowchart
06:48 < Exagone313> nevermind, it was a permission problem
06:48 < hays> dazo: do i need to make a bridge or something?
06:48 <@dazo> hays: no, not at all!
06:48 <@dazo> bridging is generally considered evil
06:49 <@dazo> (unless you know why you need to play with that devil)
06:50 <@dazo> hays: I don't spot anything obvious in your iptables rules ... I presume you push out a 10.7.0.0/24 address to your clients
06:51 < hays> http://dpaste.com/0CFZSZS
06:51 <@dazo> hays: try to do some stuff on your client while doing tcpdump -ni $TUN_DEVICE ... and see what happens
06:51 < hays> that's my server.conf
06:51 <@dazo> aaahhhh my eyes!
06:51 <@dazo> !logs
06:51 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
06:52 <@dazo> !configs
06:52 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
06:52 <@dazo> please note the 'grep' statement
06:52 < dionysus69> hey guys
06:53 < dionysus69> i connect successfully, but my default gateway is not of server neither I can see a server/local network
06:53 < hays> dazo: http://dpaste.com/0S2VBQQ
06:53 < dionysus69> i uncommented redirect default gateway line in the server config file but then I loose internet connection on the client
06:53 <@dazo> thx!
06:53 < hays> dazo: is that tcpump line on the server side?
06:53 <@dazo> yeah
06:54 <@dazo> hays: why do you add 'bypass-dhcp'?
06:54 < hays> bloort. hold on.
06:55  * dazo doubt it is causing issues, but it's seldom needed
06:56 < hays> tun0 is completely silent
06:57 <@dazo> okay, so your routes is not being accepted on your client
06:57 <@dazo> need complete client logs to be able to help further
06:57 < hays> i will go find these
06:59 < dionysus69> I uncomment this line: push "redirect-gateway def1 bypass-dhcp" and I cant access internet on client
06:59 < dionysus69> any ideas how should I configure the tap adapter on my server
07:00 <@dazo> !redirect
07:00 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
07:00 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
07:00 <@dazo> dionysus69: ^^
07:00 < hays> dazo: hmm.. i found them.. and despite a 'sucessful' connect, tunnelblick seems to be issuing some cipher errors
07:00 <@dazo> that's a good starting point :)
07:03 < hays> 2015-05-18 08:00:06 Authenticate/Decrypt packet error: cipher final failed
07:03 < hays> is it possible that tunnelblick doesn't like dh2048 parameters?
07:04 < hays> logs http://dpaste.com/17N5RM5
07:06 < dionysus69> hello
07:06 < hays> its kind of a vague error
07:06 < hays> maybe google will help with this
07:07 < dionysus69> this is weird, I will explain what is happening, I cannot connect to internet, I cannot ping 8.8.8.8 I cannot ping vpn ip address of the server but I can ping and remote desktop to my server right now, i have push "redirect-gateway def1 bypass-dhcp" enabled
07:07 < dionysus69> what could be the case here I am super confused
07:07 < dionysus69> and plus I can connect to here from client
07:08 < dionysus69> which has no access to browsing + cant ping 8.8.8.8, how can I chat here ?...
07:10 < dionysus69> client is only sending packets to server and not recieving, server is receiving packets but not sending also on the tap adapter
07:11 < dionysus69> !def1
07:11 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
07:12 < dionysus69> !ipforward
07:12 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
07:13 < hays> dazo: hell yeah. got it. thank you
07:13 < hays> dazo: cipher mismatch
07:14 < hays> i had AES 128 on server side but not client
07:14 < hays> so i think it was trying to use blowfish
07:16 < hays> dionysus69: I am a n00b, but someone showed me this:
07:16 < hays> !redirect
07:16 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
07:16 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
07:16 < hays> flowchart is helpful
07:16 < dionysus69> hays yes and I am stuck on the first step
07:16 < dionysus69> i cant ping the vpn network server ip
07:21 < dionysus69> ok now I am on second step
07:21 < dionysus69> how do I enable redirect gateway on client?
07:22 < Exagone313> Hello, I have a problem to configure OpenVPN. I can ping the server 192.168.42.1 from the client 192.168.42.6 and vice versa. I can access to the listening services on the server on 192.168.42.1 (http and dns). I can access to the server with its internet's IP but the connection is not routed in the VPN (I made a traceroute, it pass through my home router). I can't access to any other internet's IP (on a nmap traceroute, I see one line with 192.168.42.1!).
07:22 < Exagone313> Here is my server configuration: http://ewd.xyz/7uVXCGLj139AHRL (including iptables configuration). What can I do? Thanks for helping.
07:22 <@vpnHelper> Title: Elouworld File (at ewd.xyz)
07:26 -!- flyingkiwi [~flyingkiw@nat.hamburg.contentfleet.com] has quit [Read error: Connection reset by peer]
07:27 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has joined #openvpn
07:38 -!- dazo [~dazo@openvpn/community/developer/dazo] has left #openvpn []
07:38 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
07:38 -!- mode/#openvpn [+o dazo] by ChanServ
07:38 -!- dazo is now known as dazo_afk
07:44 -!- Junka [~Junkass@gateway/vpn/privateinternetaccess/junka] has joined #openvpn
07:44 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.1/20150513174244]]
07:44 < Junka> do i need to add a parament on the client's config to add eat handshake encryption?
07:45 -!- Latrina [~Latrina@ppp-96-16.26-151.libero.it] has joined #openvpn
07:52 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
07:57 -!- Junka [~Junkass@gateway/vpn/privateinternetaccess/junka] has quit [Quit: B-Bye!]
08:01 -!- dazo_afk is now known as dazo
08:03 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
08:20 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
08:33 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Ping timeout: 256 seconds]
08:36 < thedudez0r> !fbsdipforward
08:36 <@vpnHelper> "fbsdipforward" is is set gateway_enable="YES" in /etc/rc.conf to enable ip forwarding in freebsd
08:42 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:45 <@ecrist> that does it on a system reboot
08:45 <@ecrist> you can do it with a running system with:  sysctl net.inet.ip.forwarding=1; sysctl net.inet6.ip6.forwarding=1
08:45 <@ecrist> v4/v6 respectively
08:50 <@plaisthos> ecrist: you could add that to the bot :)
08:50 <@ecrist> !whoami
08:50 <@vpnHelper> ecrist
08:50 <@ecrist> see, the bot knows who I am, but I have no rights.
08:50 <@ecrist> :(
08:50 <@ecrist> !learn fbsdipfoward as you can do it with a running system with:  sysctl net.inet.ip.forwarding=1; sysctl net.inet6.ip6.forwarding=1
08:50 <@vpnHelper> Error: You don't have the factoids.learn capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
08:51 <@dazo> !learn fbsdipfoward as you can do it with a running system with:  sysctl net.inet.ip.forwarding=1; sysctl net.inet6.ip6.forwarding=1
08:51 <@vpnHelper> Joo got it.
08:51 <@ecrist> danke
08:51 <@dazo> yw!
08:51 <@ecrist> I could have just added it to the database, but that's quite a lot of work.
08:52 <@dazo> easier to hope someone here can act as a proxy ;-)
08:52 <@ecrist> indeed.
08:52 <@ecrist> I should try to fix it at some point.  the bot doesn't like my host mask
08:54 <@dazo> ecrist: is it the last openvpn.ecrist which is the issue maybe? ... shouldn't it be openvpn/ecrist?
08:55 < thedudez0r> ecrist: I already knew that, I've been a freebsd user/sysadmin for some years. I was just wondering what the info provided by the bot would be :)
08:55 < thedudez0r> now I'm probably going to mess a little bit more with net/tcp related sysctls
08:56 < thedudez0r> and play a little bit with the interface flags/options such as tso or txqueuelen
08:58 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 252 seconds]
09:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:30 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Remote host closed the connection]
09:36 <@ecrist> thedudez0r: gotcha  you can see a full list of the bot's knowledge here
09:36 <@ecrist> !factoids
09:36 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
09:37 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
09:38 -!- petan [~pidgeon@wikimedia/Petrb] has joined #openvpn
09:38 < petan> hi
09:38 < petan> one more question, openvpn has option to push DNS server, how do I push IPv6 DNS server? I am looking for IPv6 version of this:  push "dhcp-option DNS <some-IP>".
09:41 <@ecrist> dazo: yes, the openvpn.ecrist
09:42 <@ecrist> it's odd because I have a dual host mask (freebsd contributor and openvpn)
09:58 <@plaisthos> petan: it is not implemented yet iirc
09:59 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has joined #openvpn
10:02 < Moonlightning> I have a VPN set up, and a DNS server and a couple of search domains that I'd like VPN clients to use when they're connected. Is there a way I can have OpenVPN handle this rather than manually configuring each client? I found --dhcp-option, but it seems to be only for Windows clients—mine are Linux and OS X.
10:14 <@plaisthos> Tunnelblick might also interpret this options
10:14 <@plaisthos> !pushdns
10:14 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
10:14 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
10:22 < Moonlightning> And this applies to both setting the DNS server and the search domains?
10:23 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
10:24 -!- billy71 [~inoutput@unaffiliated/innocentus] has joined #openvpn
10:24 < billy71> hi
10:25 < billy71> Is there a vpn client for ikev2 for *nix(debian)? Can I use openvpn for that?
10:26 <@dazo> billy71: nope, openvpn is its own protocol, not ipsec related at all
10:26 < billy71> dazo: aha
10:26 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
10:26 < billy71> dazo: do you know an ikev2 compatible client? is ipsec the higher level protocol using it?
10:27 <@dazo> nope, I know primarly openvpn
10:27 <@ecrist> !notovpn
10:27 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
10:27 < billy71> dazo: what is #openvpn-as about btw? what means 'as' there?
10:28 <@dazo> "access server", it's a commercial and closed-source solution built on-top of the community edition of openvpn
10:28 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
10:29 <@dazo> basically adding a web based management interface on top of openvpn, including different and more enterprisy authentication and such things
10:33 -!- dazo is now known as dazo_afk
10:35 < billy71> aha, thanks
10:35 -!- billy71 [~inoutput@unaffiliated/innocentus] has left #openvpn []
10:36 < Exagone313> Hello again, my openvpn server works now, it routes internet trafic as excepted. Except when I want to access to the server's own internet IP address. This trafic is not routed inside the VPN. Why?
10:37 < Eugene> Exagone313 - traffic to the server's IP can't be routed over the tunnel, because then the tunnel would fall apart
10:38 < Exagone313> so, I need to edit my hosts file or my DNS daemon settings?
10:39 < Eugene> I'm guessing you mean to access services that are pointed at the server's external IP? Yes, if you want them to go via the tunnel then they need to resolve to the internal IP.
10:41 < Exagone313> ok thanks
10:52 -!- AL13N_work [~alien@91.183.52.232] has joined #openvpn
10:52 < AL13N_work> i have a very very strange issue...
10:52 < AL13N_work> http://pastebin.com/N5zZM2Wg
10:52 < AL13N_work> the client.crt seems to have problems loading, but i can't figure out what's wrong
10:53 < AL13N_work> openssl x509 -in vc/client.crt -text also shows normal output... comparable to others
10:53 < AL13N_work> openssl verify shows that the ca signed it correctly too
10:54 < AL13N_work> Cannot load certificate file vc/client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
10:56 < AL13N_work> hmm, wait, the regular crt files are not in PEM format, but full text output
10:56 < AL13N_work> maybe that'll work
10:58 < AL13N_work> damnit
10:58 < AL13N_work> ok, nvm
11:05 < Eugene> I was gonna say, pastebin your .crt, but you seme to have sorted it out
11:11 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
11:18 -!- aenertia [~aenertia@72.28.94.86] has joined #openvpn
11:19 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:25 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:31 -!- aenertia [~aenertia@72.28.94.86] has quit [Ping timeout: 264 seconds]
11:44 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
11:45 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 265 seconds]
11:47 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
12:00 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Ping timeout: 246 seconds]
12:08 -!- Thominus [~Thominus@CPEf46d04cde326-CM84948cd740d0.cpe.net.cable.rogers.com] has quit [Ping timeout: 245 seconds]
12:12 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
12:14 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 244 seconds]
12:14 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Remote host closed the connection]
12:15 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
12:16 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Remote host closed the connection]
12:17 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
12:19 -!- flyingkiwi [~flyingkiw@2a02:2028:1016::2] has quit [Read error: Connection reset by peer]
12:36 -!- Azrael_- [~aweoi@adsl-84-226-228-96.adslplus.ch] has left #openvpn []
12:44 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Remote host closed the connection]
13:29 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 255 seconds]
13:30 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
13:47 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.1/20150513174244]]
13:48 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Quit: leaving]
13:54 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
13:56 -!- wiflix [~wiflix@2a02:8108:2fc0:3f98:912b:617c:4a4c:6595] has joined #openvpn
13:56 < wiflix> hey, any idea why my tls handshake fails? :-/ http://pastebin.com/j1WueVna
13:56 < wiflix> > Mon May 18 20:56:01 2015 TLS Error: TLS key negotiation failed to occur within 37 seconds (check your network connectivity)
13:57 < Eugene> !logs
13:57 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
13:57 < Eugene> A single log snippet is pretty meaningless. If you want a random guess, iptables.
13:58 < wiflix> mh ... k, will log the server, just a sec
13:59 < wiflix> just give me 37 seconds for the timeout :)
14:03 < wiflix> server: http://pastebin.com/AJ55S087, client: http://pastebin.com/vki5xrU1
14:09 < wiflix> any ideas about tls timeout? :)
14:11 < Eugene> !configs
14:11 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:11 < Eugene> It looks like you're not doing x509 checks of the client(--client-cert-not-required). So this is probably an auth-fail
14:12 < Eugene> At (another random) guess, you're not verifying the user/pass, or not sending one
14:13 < wiflix> the username and password is asked for
14:13 < wiflix> Enter Auth Username: ***
14:13 < wiflix> Enter Auth Password: ***
14:14 < Eugene> Configs ;-)
14:14 <@krzee> the server log is incomplete
14:14 <@krzee> Mon May 18 20:59:08 2015 us=372044 95.1.1.1:2607 TLS: Initial packet from [AF_INET]95.1.1.1:2607, sid=df19940c 89ca4c24
14:14 <@krzee> that cant be the last line
14:14 <@krzee> im in suspense
14:15 < wiflix> client config: http://pastebin.com/Kg96119g
14:15 < Eugene> I believe that's the reconnect
14:15 < Eugene> After the failure
14:15 < Eugene> So, complete enough
14:16 <@krzee> Eugene, nope
14:16 < wiflix> server config: http://pastebin.com/eCpzQeJd
14:16 <@krzee> thats the only connection in the server log
14:16 < Eugene> I think you may have client/server swapped here....
14:16 <@krzee> server is the one that says
14:16 <@krzee>  IFCONFIG POOL: base=10.7.0.2 size=252, ipv6=0
14:16 <@krzee> maybe you have them backwards?
14:16 < Eugene> krzee - line 366 ;-)
14:17 <@krzee> im only reading the last attempt
14:17 <@krzee> i expect hes been trying to fix it, last attempt is the newest options (what we see in the posted configs)
14:18 <@krzee> so after line 626
14:18 < Eugene> aha, I see the split
14:18 < Eugene> I'm confused why you have <dh> in a client.conf
14:19 <@krzee> that should bread in 2.4 as per todays meeting currently openvpn is kind to the user when they have some invalid options)
14:19 < Eugene> That'll be nice
14:19 < Eugene> I always wanted bread
14:19 <@krzee> umm
14:19 <@krzee> 9mhnhu67
14:19 < wiflix> urgs ... i thought it's like the tls key ... k, i wil remove that
14:20 <@krzee> tell me you didnt accidentally give us a password
14:20 < Eugene> Yeah, that cert should end in a == or so
14:20 <@krzee> hand-window and mssfix?
14:20 <@krzee> please tell me why
14:21 < wiflix> krzee: where do you see a password? don't think i gave you one ... besides using foo:bar for testing anyways ;)
14:21 <@krzee> well 9mhnhu67 didnt quite belong, was just hoping that wasnt something that matters to you :D
14:21 <@krzee> (line 32 on the client pastebin)
14:22 < wiflix> it's the last line of the cert
14:22 <@krzee> why do you supply certs while having client-cert-not-required ?
14:22 <@krzee> and why would you want client-cert-not-required?
14:22 < wiflix> mh, it's the ca.crt ... i would like the client to check the servers certificate with that
14:23 < wiflix> the client should not need an own key pair
14:23 < wiflix> not quite sure why i anonimized the ca.crt though :D
14:23 <@krzee> meh we prefer not to wade through it anyways
14:24 <@krzee> so… your server log...
14:24 <@krzee> it ends right when the client is connecting
14:25 <@krzee> you need to repost the server log and let it finish not accepting the client
14:25 < wiflix> krzee: the connect is in line 366
14:25 < wiflix> it's the complete server log from one instance testing ...
14:25 <@krzee> no
14:25 <@krzee> thats the incomplete server log of 2 instances of testing
14:25 < wiflix> you are right :D
14:25 < wiflix> the timestamps don't even matc hm(
14:26 < wiflix> gimme a sec
14:26 < wiflix> removed hand-windows, so now waiting for 60 sec tls timeout
14:26 <@krzee> also, comment out hand-window, mssfix, tran-window
14:26 <@krzee> unless you can clearly explain why you need them
14:27 <@krzee> because that right there can cause your problem
14:27 <@krzee> and would be nearly impossible to detect from logs id expect
14:28 <@krzee> those comments are for both configs btw
14:28 < wiflix> k
14:28 < wiflix> will recheck
14:28 <@krzee> tran-window is fine i guess unless you have renegotiation issues
14:29 < wiflix> commented it
14:29 < wiflix> to make sure
14:29 <@krzee> not sure why you want to reneg every 20min instead of default hour, but thats upto you
14:29 <@krzee> did you make this config yourself?
14:29 < wiflix> yeah, i peeked into other provider's configs and picked the raisins :)
14:30 < wiflix> the timeout does not seem to appear on the server
14:30 < wiflix> that's odd
14:30 <@krzee> change to verb 5
14:30 <@krzee> on both sides
14:31 < wiflix> sigh ... k
14:31 < wiflix> gimme another 60 secs :D
14:31 <@krzee> then repost configs and logs
14:33 < wiflix> client config: http://pastebin.com/wGvL4jiK, server config: http://pastebin.com/KYiS2arb
14:33 < wiflix> verbose 5 gives an error
14:33 < wiflix> May 18 21:33:29 2015 us=685917 PID_ERR replay-window backtrack occurred [2] [TLS_AUTH-0]
14:34 < wiflix> will repost hole log after timeout appeared
14:36 < wiflix> client config: http://pastebin.com/Vx8jrYhs server config: http://pastebin.com/QLmRGw6S
14:36 < wiflix> args
14:36 < wiflix> s/config/logs/g
14:36 < wiflix> :-)
14:37 <@krzee> verbose 5 should give an error, change verb to 5
14:38 <@krzee> oh i see
14:38 < wiflix> i did
14:39 <@krzee> you can ignore the backtrack warning
14:39 <@krzee> whats the next line in the server log?
14:39 < wiflix> there are no new lines ...
14:40 < wiflix> just the WRRW get more :)
14:40 < wiflix> > WRRWWWWRWRRRWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWWWRRRWRWRWR
14:40 <@krzee> has to be eventually
14:40 < wiflix> nope ... still the same line
14:40 < wiflix> after quiet some retries from the client
14:41 <@krzee> why are you changing replay-window?
14:43 <@krzee> why does server have allow-pull-fqdn ? looks like a client only setting (and if so will break in openvpn 2.4 when we start erroring on invalid options)
14:56 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
14:57 < wiflix> mh ... i removed all of thos fancy extra options
14:57 < wiflix> config works on another server :-/ probably it's a problem with the VM's virtual network interface (kvm)
15:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
15:01 < wiflix> thanks a lot anyway
15:14 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:25 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
15:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
15:47 -!- Eugene [~eugene@jack.kashpureff.org] has quit [Ping timeout: 252 seconds]
15:47 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
15:48 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
15:55 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
15:57 -!- alsch [~alsch@66.172.235.26] has joined #openvpn
16:00 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
16:11 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:36 -!- wiflix [~wiflix@2a02:8108:2fc0:3f98:912b:617c:4a4c:6595] has quit [Quit: Leaving.]
16:41 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
16:47 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
16:48 -!- zoredache_ [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
16:48 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
16:49 < d10n> !welcome
16:49 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
16:49 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:49 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
16:49 < d10n> !route
16:49 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
16:50 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
16:50 < d10n> !clientlan
16:50 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
16:50 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
16:53 < hays> if I want a linux/freebsd machine to automatically connect to an openvpn server at startup, is that something that openvpn does out of the box, or is that another package for client-side?
16:53 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
16:56 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
17:00 < d10n> !serverlan
17:00 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
17:01 < hays> d10n: is that for me?
17:02 < d10n> no, that was for me
17:02 < zoredache> doubt it.  I don't know the freebsd packaging, but most Linux openvpn packages will include a startup script that will start start openvpn at boottime when you place a config in certain system folder
17:03 < hays> zoredache: but usually that starts a server not a client
17:03 < zoredache> either or.
17:03 < zoredache> a 'client' is just a daemon making a connection to another system.
17:04 < zoredache> Of course if your VPN requires some kind of interactive authentication it would be a bit trickier.
17:04 < hays> no.. it doesn't.. hmm
17:19 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 244 seconds]
17:25 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
17:28 < shio> can anyone tell me what i'm missing? i'm running an openvpn server on a small vps with this config: http://pastebin.com/2f8m5g2b
17:28 < shio> it works fine
17:28 < shio> now if i add "chroot /etc/openvpn/jail" to the serv config, i end with this: http://pastebin.com/Dd1ZeAbc
17:28 < shio> (the jail folder exists)
17:29 < shio> and i'm running on a debian 7 instance with openvpn v2.3.6
17:31 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
17:39 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
17:39 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:40 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
17:41 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
17:42 -!- khaldrogox [~anonymous@66.87.119.227] has joined #openvpn
17:46 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
17:54 -!- khaldrogox [~anonymous@66.87.119.227] has quit [Read error: Connection reset by peer]
17:57 -!- khaldrogox [~anonymous@66-87-119-227.pools.spcsdns.net] has joined #openvpn
18:06 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Read error: Connection reset by peer]
18:07 -!- khaldrogox [~anonymous@66-87-119-227.pools.spcsdns.net] has quit [Ping timeout: 264 seconds]
18:10 -!- hanlon2 [~hanlon2@bolt.sonic.net] has joined #openvpn
18:11 < hanlon2> I have a server<->client VPN config'd.  Server's got (A) internal IP = 192.168.1.1/24, (B) VPN endpt = 10.0.1.1. I'm config'ing this all server side -- client confs sre in ccd/client.conf.
18:11 < hanlon2>  Server's got (A) internal IP = 192.168.1.1/24, (B) VPN endpt = 10.0.1.1. All server -> client contact works.
18:11 < hanlon2> But, I can ping A->C, but not C->A, the reverse.  I need a route, iroute, push route, etc -- somwhere.
18:12 < hanlon2> What route do I need for that ^^, and where do I define it.
18:14 <+esde> !route
18:14 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
18:14 <+esde> !iroute
18:14 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
18:16 < hanlon2> esde: Right.  Read those to get it up and working this far.  Need help with my question, not a return to what's causing it.
18:17 <+esde> Also, your explanation is a little confusing. Can you give a simpler summation of what you're trying to accomplish. for example, i'd like to be able to access the server's local network from the client
18:17 <+esde> *?
18:18 < hanlon2> I'm trying to ping from the LAN on the client to the LAN on the server.  That doesn't work atm.  OTOH, I *can* (A) ping from the Server LAN to both the client VPN endpoint and LAN, and (B) ping from the client LAN to the Server VPN endpoint.
18:19 < hanlon2> Just not from Client LAN to Server LAN.
18:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:21 -!- mode/#openvpn [+v-o pekster pekster] by pekster
18:21 <+pekster> You're not using 192.168.1.0/24 on both sides, are you? That's generally a horrible network to use since it'll effectively break if any client ever uses it
18:23 < hanlon2> pekster: Nope.  Oops. missing from above: "Client's got (C) internal IP = 192.168.2.1/24, (D) VPN endpt = 10.0.2.1."
18:24 < hanlon2> sry bout that
18:28 <+pekster> Then you have a firewall problem
18:29 <+pekster> A successful echo-reply means the echo-request was received, responded to, and delivered. If you can't go the "other way" then it's a firewall problem on one of the 4 involved systems
18:30 < hanlon2> pekster: Hm, okay.  Thought I had that ironed out.   Clearly not.  Will look to both FWs again.
18:30 <+pekster> You have 4 systems, each of which could be at fault depending on its firewall
18:30 <+pekster> Unless the client is the VPN endpoint, then just 3
18:31 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
18:32 <+pekster> Or maybe I misread the labels; if it's just a direct connection between endpoints, you'd still need routing enabled on a request won't be delivered to the LAN-side of the far end. You'd need to enable routing or use the VPN addressing
18:32 < hanlon2> I have (2) systems.  ! server & 1 client.  Looking at FWs now ...
18:33 <+pekster> Then just use the VPN IPs; you shouldn't be connecting to the "inside" addresses at all here
18:36 < hanlon2> pekster: I have a service on the server listening at a 'dummy0' address (192.168.1.1/24).  I need to be able to get at it from the client side machine (and eventually the LAN behind it) at IP 192.168.2.1/24
18:40 -!- zmachine [uid53369@gateway/web/irccloud.com/x-onzncpqquudzukvh] has joined #openvpn
18:44 -!- hanlon2 [~hanlon2@bolt.sonic.net] has quit [Quit: hanlon2]
18:45 <+pekster> Flowcharts available for that at !clientlan and !serverlan. Though it sounds like a firewall/forwarding issue for you
18:55 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 244 seconds]
19:06 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 272 seconds]
19:14 -!- Fusl [~Fusl@unaffiliated/fusl] has joined #openvpn
19:23 -!- Fusl [~Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://hallowe.lt/]
19:23 -!- badaptr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 264 seconds]
19:25 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
19:32 -!- badaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
19:37 -!- ir2ivps4 [~ir2ivps4@158.85.162.249-static.reverse.softlayer.com] has quit [K-Lined]
19:42 -!- hiyo [~Puppy@unaffiliated/hiyo] has joined #openvpn
19:42 < hiyo> !welcome
19:42 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
19:42 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:43 < hiyo> !goal "connect to openvpn through stunnel on linux"
19:43 < hiyo> I setup a VPN that uses stunnel to connect to it so I can get around a firewall
19:44 < hiyo> and it works fine on windows, but doesn't work on linux
19:45 <+esde> !obfs
19:46 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
19:46 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
19:46 <+esde> is what you want
19:48 < hiyo> esde: well I already have it working on windows, and a lot of people are using it this way, I'm just looking for a way to include linux clients
20:56 -!- zmachine [uid53369@gateway/web/irccloud.com/x-onzncpqquudzukvh] has quit [Quit: Connection closed for inactivity]
21:04 < hiyo> never mind
21:04 < hiyo> it was a misocnfiguration on the openvpn end
21:08 < hiyo> '/part
21:08 -!- hiyo [~Puppy@unaffiliated/hiyo] has left #openvpn []
21:13 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Read error: Connection reset by peer]
21:14 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
21:20 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 272 seconds]
21:22 -!- Fusl [~Fusl@unaffiliated/fusl] has joined #openvpn
21:27 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
21:30 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
21:45 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
21:49 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
23:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:11 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
23:25 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:32 -!- ShadniX [dagger@p5481DD54.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX_ [dagger@p5481D20A.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- ShadniX_ is now known as ShadniX
23:34 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:49 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:52 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:53 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
23:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 256 seconds]
23:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
--- Day changed Tue May 19 2015
00:29 -!- DArqueBishop [~drkbish@2601:e:2480:7800:2e41:38ff:fe87:dd90] has quit [Ping timeout: 265 seconds]
00:34 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
00:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:37 -!- mode/#openvpn [+o mattock1] by ChanServ
00:55 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
01:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
01:26 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Excess Flood]
01:28 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
01:33 -!- Hanom1960 [~Hanom1960@unaffiliated/hanom1960] has joined #openvpn
01:34 < Hanom1960> Hello, someone know how solved it error of OpenVpn in Gnu/Linux Debian?
01:34 < Hanom1960> TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
01:36 <@krzee> !timeout
01:36 <@vpnHelper> "timeout" is if you see TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) then your problem is likely one of the following: either the server isnt running, your client is connecting to the wrong ip/port/protocol, the server's firewall/nat has an issue, or one of the ISPs blocks it
01:36 < Hanom1960> I try it but not solved
01:36 <@krzee> post logs with verb 5
01:36 <@krzee> !logs
01:36 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
01:37 < Hanom1960> https://ghostbin.com/paste/urkaq/raw
01:38 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Excess Flood]
01:38 <@krzee> thats not verb 5
01:39 < Hanom1960> How i make it¡
01:39 < Hanom1960> ?*
01:39 <@krzee> !verb
01:39 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only (special debug build needed)
01:39 <@krzee> but you need to do the server at verb 5 too
01:40 <@krzee> which will require restarting it before the client
01:40 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
01:40 < Hanom1960> What is the config file in Gnu/Linux?
01:41 <@krzee> totally up to you
01:41 <@krzee> didnt you put it there?
01:42 < Hanom1960> I dont know what is the config file
01:43 < Hanom1960> what is the command for make it?
01:45 <@krzee> !101
01:45 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
01:46 < Hanom1960> xD pendejo maricon
01:46 < Hanom1960> no sirves para una mierda
01:48 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
01:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:49 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Quit: Leaving]
02:11 -!- Hanom1960 [~Hanom1960@unaffiliated/hanom1960] has quit [Ping timeout: 250 seconds]
02:13 -!- dazo_afk is now known as dazo
02:27 -!- mode/#openvpn [+b *!*@unaffiliated/hanom1960] by krzee
02:50 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
03:14 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
03:14 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:15 -!- badon_ is now known as badon
03:19 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
03:29 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:29 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
03:30 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
03:31 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
03:34 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
03:34 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:47 -!- sppadic [~sppadic@90.216.134.198] has joined #openvpn
03:49 -!- Fusl [~Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://hallowe.lt/]
03:50 -!- swebb [~swebb@192.69.22.173] has quit [Ping timeout: 258 seconds]
03:51 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
04:30 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
04:37 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
04:47 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
04:47 -!- crane [~crane@chat.craneworks.de] has quit [Quit: ZNC - http://znc.in]
05:51 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:58 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
07:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
07:37 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
07:53 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
07:59 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
08:02 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
08:02 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
08:04 -!- badon__ [~badon@pdpc/supporter/active/badon] has joined #openvpn
08:05 -!- badon__ is now known as badon
08:07 -!- badon_ [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 256 seconds]
08:17 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 244 seconds]
08:17 -!- crane [~crane@chat.craneworks.de] has joined #openvpn
08:35 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:38 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
08:44 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
08:49 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
09:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:00 -!- mode/#openvpn [+o mattock1] by ChanServ
09:00 < Moonlightning> How do I set search domains on a client? `dhcp-option DOMAIN` sets the /actual/ domain, according to the manual.
09:10 < Moonlightning> Oh, wait, I misread that. `DOMAIN` /is/ for search domains.
09:17 -!- swebb [~swebb@192.69.22.173] has joined #openvpn
09:18 < Moonlightning> Okay. The `DNS` option is working on my Android client, but the `DOMAIN` option doesn't seem to be—`ping`ing an unqualified hostname returns an /unknown host/ error.
09:21 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Quit: Leaving]
09:22 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:25 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
09:26 -!- bbert [~bbert@unaffiliated/bbert] has quit [Quit: Leaving]
09:26 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:29 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
09:31 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
09:55 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:56 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
10:10 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:14 < Eugene> Android generally doesn't support use of a DNS search domain
10:14 < Eugene> So that's really not a surprise
10:15 < Eugene> You can modify /etc/hosts manually, but none of the Android tooling for networking respects it
10:15 -!- Gintaras [irc.omnite@77.241.206.82] has joined #openvpn
10:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
10:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:22 -!- mode/#openvpn [+o mattock1] by ChanServ
10:26 < Gintaras> Hello, How to configure openvpn as multi gateway ? I have openvpn server and hipervisor with openvz. Need one openvz container default gw one openvpn server, secondary container use secondary openvpn external IP as gw (10CT to one OVPN, 10ct to secondary OVPN).
10:30 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
10:31 <+esde> !openvz
10:31 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
10:44 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
10:45 < Junka> how do i enable the RSA encryption to the clients?
10:51 <+esde> !howto
10:51 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
10:52 < shio> ^ look for "cipher"
10:52 < shio> then u add the same line on the server config and on the client ones
10:55 -!- typ [~quassel@unaffiliated/typ] has quit [Ping timeout: 244 seconds]
10:57 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Remote host closed the connection]
10:58 < Gintaras> My problem is schematically http://www.part.lt/img/41df0fb32cd0178ad0ac33bea9705657913.png Only Centos / Debian root access
11:07 -!- Junka is now known as JunkVision
11:10 < thedudez0r> hello
11:10 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
11:10 < thedudez0r> is it possible for openvpn to route http traffic from the server/gateway to one of the clients if the openvpn protocol being used is udp?
11:11 < thedudez0r> the reason I ask is because I'm connected from my laptop. And when using udp, I can access non http services and resolve dns requests succesfully, but I never get the pages to load
11:12 < thedudez0r> it seems like http isn't working, whereas setting it to tcp it does work (albeit a bit slow but that's another prob)
11:12 < thedudez0r> but at least in tcp I do get http traffic incoming from the vpn so I can still open websites
11:12 < thedudez0r> is this true? or is my udp setup missing something important?
11:16 -!- dazo is now known as dazo_afk
11:18 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:19 < JunkVision> shio; was that about the cipher for me?
11:20 -!- swebb [~swebb@192.69.22.173] has quit [Ping timeout: 250 seconds]
11:26 -!- swebb [~swebb@192.69.22.173] has joined #openvpn
11:53 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
11:55 < dionysus69> hey guys, I am on windows and I bridged tap adapter to an ethernet adapter, how do i make it use the current network topology and not create a new one like 10.8.x.x? because I already have setup a "rare" topology that will not likely come up ever on a client network
11:57 <+esde> !iporder
11:57 <@vpnHelper> "iporder" is (#1) OpenVPN's internal client IP address selection algorithm works as follows: 1 -- Use --client-connect script generated file for static IP (first choice). or (#2) Use --client-config-dir file for static IP (next choice) !static for more info or (#3) Use --ifconfig-pool allocation for dynamic IP (last choice) or (#4) if you use --ifconfig-pool-persist see !ipp
12:04 < dionysus69> I dont understand the answer, I want to use this option push "redirect-gateway def1 bypass-dhcp" and I dont want to use this at all server 96.96.96.0 255.255.255.0
12:04 < dionysus69> so when a client connects to the vpn it uses the server network topology automatically as well as the server gateway
12:05 < dionysus69> !ipp
12:05 <@vpnHelper> "ipp" is (#1) the option --ifconfig-pool-persist ipp.txt does NOT create static ips or (#2) Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, see !iporder and !static
12:06 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 276 seconds]
12:08 < dionysus69> I also need to enable this line right ? ;server-bridge
12:10 <+esde> .!ircstats is staaaaaaaale
12:12 < dionysus69> ?
12:12 <+esde> not directed towards you
12:14 < shio> yeah JunkVision
12:16 < JunkVision> where is the openvpnlog located?
12:18 <+esde> syslog by default, unless you've set logging to a different location within your config
12:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
12:20 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
12:21 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:22 -!- mode/#openvpn [+o mattock1] by ChanServ
12:25 -!- Kunsi [kunsmannf@unaffiliated/kunsi] has joined #openvpn
12:25 < Kunsi> !welcome
12:25 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:25 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:28 < Gintaras> !route
12:28 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:28 <@vpnHelper> client
12:32 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 255 seconds]
12:36 < Kunsi> hm, having problems getting bridged networking to work, but i think i messed up something in configs, so i think i'll start over before asking for help :/
12:38 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
12:40 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
12:48 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
12:53 -!- Junka [~Junkass@unaffiliated/junka] has joined #openvpn
12:55 -!- JunkVision [~Junkass@unaffiliated/junka] has quit [Ping timeout: 250 seconds]
13:00 -!- darlinger [~jd@c-67-181-116-118.hsd1.ca.comcast.net] has joined #openvpn
13:00 < darlinger> o/ anyone active?
13:02 <+esde> !rocks
13:02 <@vpnHelper> "rocks" is Nobody around but us rocks! Please go ahead and ask your question, and be patient - somebody helpful will eventually perk up.
13:10 < darlinger> i just have one question: in all the setups i've seen for bridged networks, the openvpn server is located on the destination lan for the remote clients to bridge into. is it possible for the lan to be on a client instead of a server?
13:11 < darlinger> i don't want to do a routed connection, though that would be easy, because i want broadcast
13:11 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
13:11 < darlinger> basically i want to get into my home network as if i was actually there, but i don't have a static ip so i can't put the server there
13:11 < darlinger> so i was thinking of making the router the client in order to reach it.
13:12 < Kunsi> darlinger: how about dyndns?
13:12 < darlinger> Kunsi: dyndns?
13:12 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
13:12 < Kunsi> dyndns is a service you configure at your router, which gives you a static hostname for your router
13:13 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
13:13 < darlinger> Kunsi: hmmm i might do that
13:13 < darlinger> is there any way that doesn't require a third party though?
13:14 < Kunsi> so your router cold be openvpn server, and you use foo.dyndns.org as remote address
13:14 < darlinger> Kunsi: hmmmm that seems pretty simple
13:14 <+esde> darlinger there are methods of rolling your own dynamic dns service
13:14 < darlinger> esde: but without dns though? is it possible to bridge into a client's network instead of a servers?
13:15 < darlinger> i already have a vps with a routed openvpn instance on it. i was just thinking of adding another instance to listen on another port, connect the clients and be done with it
13:19 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has joined #openvpn
13:28 < darlinger> anyone? or is it really something that outlandish?
13:33 < darlinger> well thanks for your help. i'll take a look at dyndns
13:33 -!- darlinger [~jd@c-67-181-116-118.hsd1.ca.comcast.net] has quit [Quit: leaving]
13:34 -!- Daiyousei [~daiyousei@unaffiliated/daiyousei] has joined #openvpn
13:39 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
14:10 -!- elvey [18048cff@gateway/web/freenode/ip.24.4.140.255] has joined #openvpn
14:10 < elvey> !goal
14:10 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:10 < elvey> !welcome
14:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:10 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:14 < elvey> I'd like to install openvpn server on my (x86_64 GNU/Linux) web host so I can use it from my devices.  I don't have root.  I've tried installing from source.  (Can show where I'm stuck.)  I'd like to try installing from a binary RPM build but can't find one.
14:15 <+esde> !noroot
14:15 <@vpnHelper> "noroot" is "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions.
14:15 <+esde> for info on how to run openvpn without root
14:16 <+esde> but you will need root to install AFAIK
14:18 < elvey> Thanks, esde!
14:19 <+esde> np
14:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
14:21 < elvey> Thanks.  Makes sense.  Will have to pursue some other option.  Thinking about it, seems pretty obvious root is needed (for privileged port access, for example) so it's a nonstarter.
14:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:22 -!- mode/#openvpn [+o mattock1] by ChanServ
14:22 -!- elvey [18048cff@gateway/web/freenode/ip.24.4.140.255] has quit [Quit: Page closed]
14:25 -!- dazo_afk is now known as dazo
14:26 <@ecrist> we allow web clients again?
14:26 <@ecrist> wait, there's web client users that aren't shitheads?
14:27 <+esde> apparently
14:28 < Daiyousei> !logs
14:28 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
14:29 < Daiyousei> !configs
14:29 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
14:37 < Daiyousei> !paste
14:37 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
14:45 < Eugene> https://vomitb.in is best bin
14:47 < Daiyousei> Hello ! I want to acces LAN behind my VPN, and I want to acces Internet trough my VPN. Actualy, all is OK (connection OK, routing OK), but I want also use DNS in the lan behind the VPN. I use windows 8.1 Pro, I push the DNS config from the server. the OpenVPN interface have the DNS set, but nslookup (and others software) still use my home network resolver. conf and logs here : https://gist.github.com/Daiyousei/5d6dc97ab950115cd52f
14:47 <@vpnHelper> Title: Config and logs OpenVPN (at gist.github.com)
14:47 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 256 seconds]
14:52 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
15:04 < Daiyousei> hum .... fixed by myself :) I removed/added the TAP interface. and now the DNS used is the one from the WPN
15:36 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 265 seconds]
15:40 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
15:40 -!- mode/#openvpn [+o krzee] by ChanServ
15:43 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
16:07 <@plaisthos> n/lastlog -hi
16:15 -!- Daiyousei [~daiyousei@unaffiliated/daiyousei] has quit [Remote host closed the connection]
16:40 -!- Junka [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
16:56 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
17:02 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:11 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:23 -!- Denial [~Denial@81.141.23.254] has quit [Read error: Connection reset by peer]
17:24 -!- Denial [~Denial@81.141.23.254] has joined #openvpn
17:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:28 -!- alsch [~alsch@66.172.235.26] has quit []
17:45 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
17:59 -!- dazo is now known as dazo_afk
18:23 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
18:52 < Moonlightning> I have a VPN, and I'm trying to get name resolution set up. Currently, I'm pushing the `DNS` and `DOMAIN` `dhcp-option`s. `DNS` works on my Android client, but `DOMAIN` doesn't seem to be—`ping`ing an unqualified hostname returns an /unknown host/ error.
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:23 <+esde> !pushdns
19:23 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
19:23 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
19:24 <+esde> explain your goal pls
19:34 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 244 seconds]
20:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
20:16 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
20:17 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
20:23 -!- wlarip [~wlarip@209.26.240.148] has quit [Ping timeout: 252 seconds]
20:28 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
20:46 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:48 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
20:49 -!- wlarip [~wlarip@209.26.240.148] has quit [Ping timeout: 246 seconds]
21:59 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
21:59 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Max SendQ exceeded]
23:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:32 -!- ShadniX [dagger@p5481D20A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Ping timeout: 250 seconds]
23:33 -!- ShadniX_ [dagger@p5DDFF936.dip0.t-ipconnect.de] has joined #openvpn
23:33 -!- ShadniX_ is now known as ShadniX
23:43 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
23:46 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:48 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 245 seconds]
23:56 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
--- Day changed Wed May 20 2015
00:18 -!- joako [~joako@opensuse/member/joak0] has quit [Quit: quit]
00:18 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
00:22 -!- Gintaras [irc.omnite@77.241.206.82] has quit [Ping timeout: 256 seconds]
00:23 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
00:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:25 -!- mode/#openvpn [+o mattock1] by ChanServ
00:29 -!- BtbN [btbn@btbn.de] has quit [Quit: Bye]
00:30 -!- BtbN [btbn@btbn.de] has joined #openvpn
00:32 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Ping timeout: 255 seconds]
00:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
02:34 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Remote host closed the connection]
02:35 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
02:35 -!- mode/#openvpn [+o plaisthos] by ChanServ
02:59 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:41 -!- Latrina [~Latrina@ppp-96-16.26-151.libero.it] has quit [Ping timeout: 256 seconds]
03:48 -!- eike_52n [~eike@80.156.182.234] has joined #openvpn
03:50 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Ping timeout: 276 seconds]
03:50 -!- Latrina [~Latrina@adsl-ull-139-244.45-151.net24.it] has joined #openvpn
03:56 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:58 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
03:58 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Client Quit]
03:58 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
04:24 < dionysus69> hey guys I have a general question, last time I wrote here that I created certificates on one machine and then copied the client cert on the client, someone replied to me that it was unsafe, I didnt have time to ask why, could anyone tell me why? what could go wrong there ?
04:29 < Kunsi> dionysus69: if using an insecure way, for example, email, someone could do a man-in-the-middle-attach and get the key out of the mail. recommended way would be using an usb stick or such
04:31 < Kunsi> but, i need help, too. i created a bridged vpn server, i'm able to connect to it, get an ip address, but i can't send any data between my computer and vpn server. server.conf http://paste.debian.net/180936 - client.conf http://paste.debian.net/180938 - openvpn.log http://paste.debian.net/180939 - network topology http://paste.debian.net/180912
04:34 -!- antiatom_ [~biff@141.255.161.18] has joined #openvpn
04:34 < antiatom_> Hi, I run OpenVPN on Arch Linux, and when I return to my computer often the process has exited completely
04:35 < antiatom_> There are no logs in /var/log/ about this, but I start it normally with systemctl
04:35 < Kunsi> firewall should not be an issue, i tested that with using another (working) instance of openvpn, which also works fine when using port 1194 tcp
04:35 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
04:35 -!- mode/#openvpn [+v s7r] by ChanServ
04:39 -!- BloqueNegro [~nothing@88.128.83.94] has joined #openvpn
04:45 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Read error: Connection reset by peer]
04:46 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
04:49 < dionysus69> what is pull line in the client conf?
04:51 -!- BloqueNegro [~nothing@88.128.83.94] has quit [Ping timeout: 246 seconds]
05:06 -!- proshot [~agentsmit@217.68.49.72] has joined #openvpn
05:07 < proshot> i was wondering, when i have an openvpn network with for example a device with the ip of 10.25.25.38 and another device with 10.25.25.202 what happends if one of those devices is inside another private public wifi network wich is using the same ip range as i am
05:12 < proshot> so in essence my vpn network and the other network have the same address space
05:24 -!- Latrina [~Latrina@adsl-ull-139-244.45-151.net24.it] has quit [Ping timeout: 272 seconds]
05:25 < proshot> brb need to boot into other kernel
05:25 -!- proshot [~agentsmit@217.68.49.72] has quit [Quit: Leaving]
05:27 -!- dazo_afk is now known as dazo
05:37 -!- proshot [~agentsmit@217.68.49.72] has joined #openvpn
05:40 -!- crane [~crane@chat.craneworks.de] has quit [Quit: ZNC - http://znc.in]
05:55 -!- Latrina [~Latrina@adsl-ull-129-179.50-151.net24.it] has joined #openvpn
06:01 -!- crane [~crane@chat.craneworks.de] has joined #openvpn
06:12 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
06:22 -!- flyingkiwi [~flyingkiw@2a02:ce80:0:20::1] has joined #openvpn
06:25 -!- Latrina [~Latrina@adsl-ull-129-179.50-151.net24.it] has quit [Ping timeout: 246 seconds]
06:30 -!- Latrina [~Latrina@adsl-ull-88-245.45-151.net24.it] has joined #openvpn
06:52 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has joined #openvpn
06:52 < vaskozl> Is openvpn vulnerable to logjam?
06:55 <+esde> ?
06:55 -!- eike_52n [~eike@80.156.182.234] has quit [Ping timeout: 256 seconds]
06:56 < vaskozl> https://skozl.com/x73l
06:58 <+esde> no news yet, we will see
07:02 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
07:02 <+esde> actually, it seems openvpn is most likely not vulnerable. except under extenuating circumstances https://paste.debian.net/plain/181042
07:06 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
07:06 <@ecrist> FREAK caused the recommendation to remove export grade ciphers
07:06 <@ecrist> if you're not using those, it shouldn't be a problem.
07:07 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
07:07 -!- mode/#openvpn [+v s7r] by ChanServ
07:07 < proshot> who is speaking ecrist, is it realy you, or the NSA sussing us a sleep, so we won't path when a patch becomes available, ehm i think i need some coffee :)
07:08 <+esde> i think so too
07:08 -!- You're now known as nsa_spook
07:08 <@nsa_spook> dammit, you're on to us
07:08 < vaskozl> What about the Diffie-Hellman?
07:08  * proshot hides 
07:08 <@nsa_spook> never mind the vans rolling up outside.
07:09 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Remote host closed the connection]
07:09 -!- You're now known as ecrist
07:09 <@ecrist> from my reading, logjam is really only vulnerable with 512-bit DH keys
07:09 < vaskozl> Well it specifically says 1024 bit ones.
07:10 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 252 seconds]
07:10 <@ecrist> what is "it"
07:10 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
07:10 <@ecrist> the recommendation has been 2048 for quite some time.
07:10 < vaskozl> And what is the default?
07:10 <@ecrist> and many people use 4096 bit keys
07:11 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
07:11 <@ecrist> vaskozl: that would depend on what you're using to generate your DH keys
07:11 < vaskozl> I just generated one with openssl dhparam
07:12 <@ecrist> that depends on your openssl config
07:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
07:13 < vaskozl> I made a 4096 one.
07:13 <+esde> good
07:13 <@ecrist> if the openssl wiki is accurate, it appears the default is 2048
07:13 <@ecrist> why do people ask me what they did?
07:13 < vaskozl> Well my lighttpd server apparently has 1024
07:13 < vaskozl> which is insecure.
07:13 <+esde> not sure
07:14 < vaskozl> Using this to test: https://weakdh.org/sysadmin.html
07:14 <@vpnHelper> Title: Logjam: PFS Deployment Guide (at weakdh.org)
07:14 <+esde> naivety?
07:14 < vaskozl> Sorry?
07:15 <+esde> not directed towards you
07:18 <+esde> I also don't see the "big deal" with logjam. it seems the only systems effected are using shitty ciphers and tls implementation, which is asking to be pillaged.
07:18 <@ecrist> yeah, it's a non-issue
07:18 <@ecrist> if people patched for FREAK, they should be fine
07:18 <+esde> but the click-bait
07:18 < vaskozl> Well it clearly was an issue for me.
07:18 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:18 < vaskozl> I had no clue on my default lighttpd.
07:19 < vaskozl> And had all the weak ciphers supported.
07:19 <+esde> be more thorough during initial implementation
07:20 <@ecrist> the having no clue is the actual vulnerability
07:20 <@ecrist> there are mitigations for most other things
07:21 <+esde> *shrug* i test all my webservers before moving forward. A+ on everything im running according to ssllabs test, currently
07:21 < vaskozl> Well I typically read the archwiki when setting up something.
07:21 <+esde> so what if some users on windows 2000/nt/xp can't access, at least the users that can are secure :)
07:22 <@ecrist> you can usually run a current version of ssl3 and get support for them
07:22 <+esde> then it knocks my score down, i like A+
07:22 <@ecrist> Google patched their ssl3 stuff to maintain support for older browsers.
07:22 <@ecrist> indeed
07:23 <+esde> and older browsers need to be upgraded, not supported
07:24 <@ecrist> https://www.ssllabs.com/ssltest/analyze.html?d=secure-computing.net
07:24 <@vpnHelper> Title: SSL Server Test: securecomputingnet (Powered by Qualys SSL Labs) (at www.ssllabs.com)
07:24 < vaskozl> Any of you know how to check if the DH key is correctly set?
07:24 <+esde> in openvpn?
07:24 <+esde> !howto
07:24 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
07:25 < vaskozl> That's very specific, thanks.
07:26 <+esde> ctrl+f dhparam
07:26 <@ecrist> so far you've been unwilling to do any of the work yourself, vaskozl.  Even to the point of asking me what options you used on your own DH params.
07:26 <+esde> https://i.imgur.com/7Ij5zvD.png
07:26 <+esde> 100/100/100/90
07:27 <+esde> strill can't figure out 100/100/100/100
07:29 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:37 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 276 seconds]
07:42 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
07:47 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
07:47 <+esde> *still
07:50 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
07:50 -!- flyingkiwi [~flyingkiw@2a02:ce80:0:20::1] has quit [Quit: bye]
07:51 -!- flyingkiwi [~flyingkiw@manu.backend.hamburg] has joined #openvpn
08:00 < vaskozl> esde: https://blog.surfnet.nl/en/pimp-your-ssllabs-rating/
08:00 <@vpnHelper> Title: SSLLabs rating: pimp yours (at blog.surfnet.nl)
08:08 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:09 <+esde> nah i adjusted my config (nginx) to reflect the example shown and still was only able to get 100/100/100/90. but the guide was written in April 2014 so there may have been some changes to the scoring algorithm since then
08:10 < vaskozl> Well
08:10 < vaskozl> I got 100 on all
08:10 < vaskozl> but then you can't connect because
08:11 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
08:11 < vaskozl> for some reason in lighttpd you can't disable tlsv1.2 and therefore you have to only use ciphers that only support tlsv1.2 or something
08:11 < vaskozl> and while it gives you 4*100 neither firefox nor chrome connect :)
08:14 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Remote host closed the connection]
08:15 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
08:16 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has joined #openvpn
08:16 < vaskozl> Thanks for the help guys.
08:16 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has left #openvpn []
08:17 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Remote host closed the connection]
08:18 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
08:34 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Ping timeout: 264 seconds]
08:34 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
08:36 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
08:36 -!- mode/#openvpn [+o krzee] by ChanServ
08:41 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:41 -!- mode/#openvpn [+o mattock2] by ChanServ
08:46 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
08:51 -!- antiatom_ is now known as antiatom
09:03 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
09:03 -!- mode/#openvpn [+v s7r] by ChanServ
09:12 -!- HanSooloo [~HanSooloo@64-79-116-77.static.wiline.com] has joined #openvpn
09:13 -!- HanSooloo [~HanSooloo@64-79-116-77.static.wiline.com] has left #openvpn []
09:14 -!- HanSooloo [~HanSooloo@64-79-116-77.static.wiline.com] has joined #openvpn
09:19 -!- HanSooloo [~HanSooloo@64-79-116-77.static.wiline.com] has quit [Client Quit]
09:28 -!- rhollan [~rhollan@199.241.145.151] has joined #openvpn
09:28 < rhollan> I wonder if it is practical to run an  openvpn client on a machine in my DMZ for all client machines in my non-DMZ LAN
09:29 < rhollan> My WNDR3700-based openwrt router is not beefy enough to sustain 20 Mb/s of openvpn traffic but my Intel Atom D525 mail server is (and then some)
09:31 -!- rhollan [~rhollan@199.241.145.151] has quit [Quit: afk]
09:32 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:34 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
09:36 <+esde> hahahaha
09:36 <+esde> 2 minutes
09:42 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
09:42 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:50 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:52 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
09:59 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
10:00 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
10:02 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
10:23 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
10:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
10:30 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Read error: Connection reset by peer]
10:30 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has joined #openvpn
10:31 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
10:31 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
10:31 -!- mode/#openvpn [+v s7r] by ChanServ
10:40 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 258 seconds]
10:46 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
10:49 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
10:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:57 -!- flyingkiwi [~flyingkiw@manu.backend.hamburg] has quit [Quit: bye]
11:00 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
11:17 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
11:37 -!- proshot [~agentsmit@217.68.49.72] has quit [Remote host closed the connection]
11:42 -!- leo2007 [~leo2007@128.199.230.246] has left #openvpn ["rcirc on GNU Emacs 24.5.1"]
12:26 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
12:26 -!- Eugene [~eugene@jack.kashpureff.org] has joined #openvpn
12:40 -!- EmperorTom [~EmperorTo@boom.blissfulidiot.com] has quit [Quit: leaving]
12:44 -!- frank-- [1000@unaffiliated/thumbs] has joined #openvpn
12:46 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:47 -!- thumbs [1000@unaffiliated/thumbs] has quit [Quit: Reconnecting]
12:48 -!- frank-- is now known as thumbs
13:11 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 258 seconds]
13:18 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:18 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-wzfybnzwsjsckkxp] has quit []
13:18 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-qkehaarmahfnpons] has joined #openvpn
13:22 -!- misterpink [misterpink@ool-44c527c3.dyn.optonline.net] has joined #openvpn
13:30 -!- Paladine [~Paladine@secure.think-privacy.com] has joined #openvpn
13:30 < Paladine> hey peeps I have a question
13:30 < Paladine> why is it that services running on my openvpn server see my real IP address instead of my opebvpn IP address?
13:30 < Paladine> openvpn*
13:31 < Paladine> for example if I go to a remote site which checks $_SERVER['REMOTE_ADDR'] it gets my VPN IP but if I go to a site on my VPN server and check $_SERVER['REMOTE_ADDR'] it gets my real IP
13:42 -!- dgpalmer [~dgpalmer@206.214.35.235] has joined #openvpn
13:45 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:51 <@krzee> Paladine, because you are not going to the VPN ip of the server?
13:52 <@krzee> even if you route your entire internet connection through the openvpn server, your connections to the server itself MUST go without the vpn
13:52 <@krzee> otherwise you wont have a route to it FOR the vpn
13:52 <@krzee> so you need to contact that server at the VPN ip address, not the external internet routable ip
13:54 < Paladine> unfortunately the CMS I am using doesn't allow me to do that
13:54 -!- dgpalmer [~dgpalmer@206.214.35.235] has left #openvpn []
13:54 < Paladine> and yes I am going to the VPN's public IP
13:54 < Paladine> not the private IP
13:55 < Paladine> why, once the vpn connection is established can it not route various protocols via the VPN?
13:55 < Paladine> seems backwards to me
13:57 <@krzee> oh it can, just not to the server itself
13:57 < Paladine> but why not?
13:57 <@krzee> you see, if you set the route to the server to go over the vpn, which itself needs a route to the server over the normal isp to work, you create a routing loop
13:58 <@krzee> because of how routing works.
13:58 < Paladine> but I am not creating a route to the vpn daemon, I am creating a route to the httpd
13:58 <@krzee> ok you very much dont understand routing do you
13:58 <@krzee> its not based on what port you contact ;]
13:58 < Paladine> if I open lynx on the same server and go tot he same script I get the correct IP
13:59 <@krzee> on the SERVER yes
13:59 <@krzee> lol
13:59 < Paladine> but if all my traffic is tunneled through the server it is just the same as if I were on the server myself
13:59 <@krzee> no
13:59 <@krzee> thats not how that works
14:00 <@krzee> when you tunnel all traffic through the server you create 2 (minimum) routes
14:00 <@krzee> you add a host route to reach your server over your ISP gateway
14:00 < Paladine> ok so when I go to another server say microsoft.com why is that any different - the connection is made through the vpn which checks the dns and pushes the request to the microsoft server
14:00 <@krzee> you add a new default route to reach the internet over that vpn link
14:00 < Paladine> ok now that makes sense
14:00 <@krzee> because your vpn isnt on microsofts server you are contacting
14:01 <@krzee> go learn routing and it'll all make sense
14:02 < Paladine> no it makes sense now you mentioned the host route
14:02 <@krzee> well thats explained in the manual at --redirect-gateway
14:02 <@krzee> !man
14:02 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
14:02 <@krzee> if you have not read that yet, i strongly suggest reading on every option you use in your configs
14:04 -!- mutilator [muti@c-68-56-137-33.hsd1.mi.comcast.net] has joined #openvpn
14:05 < mutilator> does anyone know, is the only way to get openvpn working in ios to redirect-gateway? everything i read seems to say otherwise and split-tunnel works fine except... in practice it isnt
14:05 <@krzee> mutilator,
14:05 <@krzee> !goal
14:05 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:05 < mutilator> ..
14:05 < mutilator> is the only way to get openvpn working in ios to redirect-gateway?
14:05 < mutilator> ok.. maybe..
14:06 <@krzee> no, you can use openvpn in ios without redirect-gateway
14:06 < mutilator> is the only way to get traffic flowing over openvpn in ios to redirect-gateway?
14:06 <@krzee> that is *NOT* your real question / goal though
14:06 <@krzee> hella
14:06 <@krzee> !xy
14:06 <@vpnHelper> "xy" is http://mywiki.wooledge.org/XyProblem -- I want to do X, but I'm asking how to do Y...
14:06 <@krzee> no, you can pass traffic to the vpn ip of the server without redirect-gateway
14:06 < mutilator> do you really not understand what i asked or am i being that vague?
14:06 < mutilator> because it connects and no traffic will go over the tunnel
14:06 <@krzee> i understand what you're asking, but you are not asking the real question
14:07 <@krzee> you cant contact the vpn server by vpn ip without redirect-gateway?
14:07 < mutilator> the same config works in windows, linux, android, osx
14:07 <@krzee> for example, if you put a webserver listening on the server, listening on the servers VPN ip address (10.8.0.1 or whatever), you can reach it without redirect-gateway
14:07 <@krzee> so whats the real issue?
14:08 < mutilator> the split tunnel isnt working, no routes other than the vpn link, are being setup
14:09 <@krzee> see, whats this about a split tunnel now?
14:09 < mutilator> so yes i can talk to the vpn server it-self, but nothing else
14:09 <@krzee> that wasnt in your goal or your question
14:09 <@krzee> mutilator, exactly, thats how it works until you configure more than that. and if you read your question that *is* the answer to it
14:09 <@krzee> you need a better question
14:10 < mutilator> um what?
14:10 <@krzee> !xy
14:10 <@vpnHelper> "xy" is http://mywiki.wooledge.org/XyProblem -- I want to do X, but I'm asking how to do Y...
14:10 <@krzee> what are you really trying to do
14:10 < mutilator> a split-tunnel is setup, so anything it says to route should be routing over the tunnel and it isnt
14:10 < mutilator> i'm not asking how to setup a split tunnel
14:10 <@krzee> !configs
14:10 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:10 < mutilator> or how to route traffic
14:11 < mutilator> i'm saying the same setup that works in every other instance of openvpn (windows, linux, osx, android) is not working in ios
14:11 < mutilator> so it's not a configuration issue as far as i can tell because it works everywhere else
14:12 <@krzee> that means you wont be posting your configs?
14:15 < mutilator> so that means ios needs special settings to get it working?
14:20 -!- dazo is now known as dazo_afk
14:24 <+esde> >or am i being that vague? yes. yes you are. lets start with your goal, !logs, !configs pls
14:25  * esde passes the bowl to krzee 
14:26 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has left #openvpn []
14:29 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
14:31 -!- mutilator [muti@c-68-56-137-33.hsd1.mi.comcast.net] has left #openvpn []
14:31 <@krzee> esde, you would think people looking for support would give what you ask for
14:32 <@krzee> wouldnt you?
14:32 <+esde> I would
14:32 <@krzee> what he does not understand is the ios version *is* different
14:33 <@krzee> but oh well, i dont care
14:33 <@krzee> no reason to care to help people who dont care to post what is needed to help them
14:33 <+esde> *mumble-mumble* frickin closed-source *mumble-mumble*
14:33 <@krzee> actually the ios version is mostly open source
14:33 <+esde> why the nda then?
14:33 <@krzee> only the ios specific api stuff is closed (due to nda)
14:33 <+esde> right
14:33 <+esde> that's what im sayin'
14:34 <@krzee> thats not important for most of it
14:34 <+esde> but it's silly. software should be free
14:34 <+esde> and not is in free beer
14:34 <@krzee> the openvpn stuff is open
14:34 <+esde> *as
14:34 <+esde> i know i <3 openvpn
14:34 <@krzee> !ios
14:34 <+esde> and everyone who works on it :)
14:34 <@krzee> hmm
14:34 <@krzee> !connect
14:34 <@vpnHelper> "connect" is (#1) OpenVPN Connect is part of the commercial, non-free (non-GPL) corporate offering; see #openvpn-as for help with these. For the community-maintained GPL OpenVPN, see !download for download links, !android for GPL-openvpn on Android, or !howto for the beginner how-to guide or (#2) https://forums.openvpn.net/post34969.html#p34969 or (#3) the source is here:
14:34 <@vpnHelper> http://staging.openvpn.net/openvpn3/ except for the portion that may not be released because of NDA with apple (for its vpn API)
14:35 <@krzee> the openvpn parts:  https://staging.openvpn.net/openvpn3/openvpn3.tar.gz
14:35 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
14:38 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 258 seconds]
14:41 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
14:45 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
14:46 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
14:47 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
15:13 -!- cm_ [cm@datura.ielf.org] has quit [Quit: leaving]
15:27 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 37.0.2/20150415140819]]
15:27 -!- antiatom [~biff@141.255.161.18] has quit [Ping timeout: 240 seconds]
15:30 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 255 seconds]
15:33 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
15:52 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 276 seconds]
15:55 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
16:05 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
16:10 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 255 seconds]
16:12 -!- sysanthrope [~sysanthro@shelob.moc.psu.edu] has quit [Ping timeout: 264 seconds]
16:12 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:14 -!- rhollan [~rhollan@208.85.208.53] has joined #openvpn
16:15 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
16:16 < rhollan> Been running openvpn with openwrt on a WNDR3700. Getting about 10 Mb/s down and 6 Mb/s VPN traffic on a 50 Mb/s raw link.
16:17 < rhollan> Disappointing, but that's all that hardware can manage.
16:18 < rhollan> So, I looked at off-loading the VPN encryption to another box, and found an Intel Atom D525 (Zotac ZBOZ ID-81, IIRC) could do 40 Mb/s down and 15 Mb/s up. Sweet! Does anyone run such a configuration>?
16:22 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 250 seconds]
16:26 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
16:32 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
16:41 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
16:43 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
16:48 <+esde> rhollan AES-NI
16:48 <+esde> will be your bestie
16:50 < rhollan> yeah, I know. I was just surprised and pleased that the Atom D525 could do that well. I would have been happy with 25 Mb/s
16:50 < rhollan> And this is with AES-256-CBC
16:51 < rhollan> I was considering going with a beefier router that had good radio support, but openVPN specs for such things are hard to find.
16:51 < Eugene> I think my Atoms are a D525. Pretty beefy lil thing
16:52 < rhollan> Now, to figure out my routing since the Zotac box only has one GbE port (and at 40/15 Mb/s it should not be an issue for traffic to come in unencrypted and leave encrypted on the same port).
16:52 < Eugene> I've found it to pass GbE at linespeed with a fairly simple set of iptables, without any CPU usage at all
16:52 < rhollan> Yup. I bought it to use as a mail server.
16:52 < rhollan> Guess it's going to do double duty.
16:53 < Eugene> I really like the newer C2758 - they benchmark as good as my L5520, with 1/10th the TDP
16:53 < Eugene> Insanity
16:53 <+esde> it is pretty awesome :)
16:53 <+esde> havent had a chance to test openvpn with it, yet though.
16:54 < rhollan> I originally got the Zotac ZBOX to use as a mythtv client/server, leveraging the ION2 graphics. But, I am now using Amazon Fire boxes as XBMC clients with a MythTV backend
16:54 < rhollan> I slapped OpenVPN on the D525 just to see how well it could do on a 50/16 Mb/s link
16:55 < rhollan> wasn't even sweating at 26% CPU load
16:55 <+esde> https://store.pfsense.org/c2758/ beefy little machine
16:55 <@vpnHelper> Title: C2758 1U Rack Mount Network Firewall Router Appliance (at store.pfsense.org)
16:56 < rhollan> $pendy little machine. I'm partial to OpenWRT at home, for the radio support on commercial home routers.
16:56 <+esde> to each their own, pfSense fanboy here
16:57 < rhollan> Yeah, I looked at it. Is it as configurable as OpenWRT?
16:57 <+esde> only used dd-wrt, havent used open-wrt
16:58 < rhollan> Close enough
16:58 <+esde> but pfsense is insanely extensible
16:58  * rhollan is also partial to linux over BSD, though admits BSD is likely better hardened and a better choice for a router
16:58 <+esde> everything is kept in a neat config.xml that makes backup/restore a breeze
16:59 < rhollan> I've put OpenWRT on a WNDR3700 with OpenVPN, using the VPN for all traffic with some specific exceptions by IP range on the attached LANs (DMZ, Secure, LAN1, LAN2)
16:59 < rhollan> but OpenVPN performance was poor.
17:00 <+esde> same
17:00 <+esde> literally
17:00 <+esde> WNDR3700
17:01 <+esde> they work wonderfully as WAP
17:01 < rhollan> I'm a bit put off by the binary radio blob drivers and old kernel in DD-WRT, though it supports more HW than OpenWRT.
17:01 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: ciao]
17:01 <+esde> 's
17:01 <+esde> behind a firewall/router
17:01 < rhollan> Yeah, I also considered building out a beefier router, and just using the WNDR3700 as a WAP.
17:01 <+esde> but with AC, it's getting replaced soon
17:01 < rhollan> been thinking the same thing.
17:02 < rhollan> almost worth running stock FW on a WAP if you use a separate router.
17:02 <+esde> eeeeeeh
17:02 < rhollan> Also thinking of hanging the DMZ machines off the machine used as a WAP.
17:03 < rhollan> Why not stock FW if it's just used as a WAP? The stock radio drivers are usually better than the open ones... unless you don't trust them.
17:03 <+esde> plus pfSense has it's own package manager
17:03 < rhollan> So does OpenWRT
17:03 <+esde> the latter
17:03 < rhollan> fair enough.
17:04 < rhollan> I figure if the WAP is in the DMZ that matters little, though. As long as interesting traffic never really touches that box.
17:04 <+esde> like i said ive never tried openwrt, i use snort, squid, squidguard (proxy filter), and pfblockerNG (allows you to block whole continents, countries, and your own ip lists)
17:05 < rhollan> OpenWRT has a nice little GUI (LuCi) front end over iptables stuff, which I take the trouble to grok every 6 months and then prompty forget.
17:05 < rhollan> kind of like perl and python
17:05 <+esde> pfSense makes it much more approachable in my experience
17:06 < rhollan> more mature s/w anyway
17:06 < rhollan> Ah! Found this: https://calomel.org/aesni_ssl_performance.html
17:06 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:06 < rhollan> D525 supports AES-NI.
17:07 <+esde> the base is freeBSD 10.1 now, which is a huge upgrade over it's previous 8.1
17:07 < rhollan> last time I touch a *BSD, I worked for Chiaro in Texas. They had some monster optical routers.
17:08 < rhollan> running Ubuntu at home, and Centos at work
17:08 <+esde> i still can't quite grasp BSD, but i understand it's the de-facto operating system for networking
17:08 < rhollan> almost everywhere.
17:08 < rhollan> I guess CentOS is second behind that,.
17:08 <+esde> for stuff i work with, i prefer debian distros
17:08 <+esde> though learning BSD would be cool
17:09 < rhollan> that'd include Ubuntu, though I'm not sure I like systemd. *cough* trying to be polite *cough*
17:09 <+esde> try linux mint
17:09 < rhollan> BSD init and config is just in different places.
17:10 <+esde> i couldn't use ubuntu so it was a wonderful drop-in
17:10 < rhollan> So, Intel Atom D525 HAS AES-NI. Cool. Explains my results.
17:11 <+esde> :D
17:11 < rhollan> 20 MB/s, so 160 Mb/s AES-256-CBC. As I was seeing 40 Mb/s with around 25% CPU load, that makes sense.
17:13 < rhollan> it also makes sense to have my VPN box in my DMZ. Even though I'm using it as a client for my LANs, I could stick an OpenVPN server on it for remote access as well.
17:13 <+esde> http://www.newegg.com/Product/Product.aspx?Item=N82E16813182243
17:13 <@vpnHelper> Title: SUPERMICRO MBD-X7SPE-HF-D525-O Server Motherboard - Newegg.com (at www.newegg.com)
17:13 <+esde> nice
17:14 < rhollan> a little big.
17:14 < rhollan> but priced right
17:16 <+esde> it's using a proprietary board, though. but then again, if there were a plant in your machine now, how would you know? :P
17:17 < rhollan> http://www.fit-pc.com/web/products/specifications/fitlet-models-specifications/?model[]=FITLET-GX-C67-FLAN-W
17:17 <@vpnHelper> Title: fitlet models specifications (at www.fit-pc.com)
17:18 < rhollan> Has some unnecessary stuff, but 4 gBE ports and a nice CPU
17:18 < rhollan> and fanless
17:18 <+esde> Official Linux	Linux Mint 17 MATE (64-bit) :)
17:19 <+esde> i prefer intel, but AMD is almost always a deal compared to it's intel counterpart
17:19 < rhollan> only 802.11n, but I wouldn't use it's radio in AP mode anyway.
17:19 < rhollan> I used to like AMD but gravitated back to Intel with their Core i series
17:20 < rhollan> I have an i3 NUC and it's nice.
17:21 <+esde> ive got an i7 3rd gen and a 4th gen at the office, they're both wonderful
17:21 <+esde> what model, if you dont mind my asking?
17:21 < rhollan> I've got an i7 3rd gen at work too.
17:21 <+esde> SUCH CACHE
17:21 < rhollan> The NUC? The one with room for the 2.5" hard drive
17:22 <+esde> http://www.amazon.com/Intel-Computing-Gigabit-i3-3217U-DC3217IYE/dp/B0093LINVK
17:22 <+esde> that one?
17:22 < rhollan> http://www.bhphotovideo.com/bnh/controller/home?O=&sku=1038941&gclid=CNrq8uOt0cUCFUWVfgod74wAgg&Q=&is=REG&A=details
17:22 <@vpnHelper> Title: Intel D34010WYKH Mini PC NUC Kit BOXD34010WYKH1 B Photo Video (at www.bhphotovideo.com)
17:22 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
17:23 < rhollan> Although, I ended up putting a 64 GB mSATA drive in it.
17:25 <+esde> but that's the same machine?
17:25 < rhollan> MythTV could render "Big Buck Bunny" at 120 Mb/s MPEG2 with no trouble using the HD4400 graphics
17:25 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
17:25 < rhollan> No: yours is shorter. It does not have room for a 2.5" hard drive
17:25 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has joined #openvpn
17:26 <+esde> i dont have one, i was trying to find the one you're talking about
17:27 < rhollan> There are two models: WITH room for a 2.5" hard disk, and WITHOUT.
17:27 <+esde> thanks, i had no clue
17:27 < rhollan> I got the one WITH before I decided to put an mSATA flash drive inside instead.
17:28 -!- Paladine [~Paladine@secure.think-privacy.com] has quit [Ping timeout: 245 seconds]
17:31 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:33 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has quit [Ping timeout: 264 seconds]
17:33 < rhollan> I was going to use it for a mythTV client and repurpose my mythTV client/server as just a server (that's the D525 Atom), but the latter got repurposed as a mail server, the client is going to be the MythTV server instead (beefy enough for mild transcoding and commercial deletion), and three Amazon Fires as XBMC clients to the MythTV server. An HDRomerun Prime  and a 3 TB disk rounds out the video sources
17:34 <+esde> when will you watch it all?
17:35 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has joined #openvpn
17:36 < rhollan> Funny thing is I hardly do. My kids do, and I want to get rid of the @#$$#%@$#!@#$!@#$ rented cable boxes.
17:37 <+esde> i love X1
17:37 <+esde> i can watch whatever i want, wherever i want, live. Still aggravated i can't do more than schedule my DVR from the internet though :/
17:37 < rhollan> Comcast has an Android payTV client app that runs on the Amazon Fire, so I don't even need a cable box for PPV. $15/month for a damn HD cable box JUST for PPV is too much
17:38 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
17:38 < rhollan> I pay them $1.95 a month for a multi-tuner cable card that sits in my HD HomeRun and can tune three channels at once.
17:38 <+esde> But the only way I can watch every channel is with an ssh tunnel/vpn
17:39 <+esde> ours doys 4 dvr recording + 1 live
17:39 <+esde> *-e
17:39 < rhollan> Don't they rape you for the X1 main box, though?
17:39 <+esde> eh, 7.99 or something i think
17:39 < rhollan> WHAT?
17:39 < rhollan> That's cheaper then the $15 I pay for an old DCT6200 box
17:40  * rhollan curses under his breath
17:40 <+esde> im paying about 15-20 more than what i was before. i've got extreme 105/20 internet, and all the channels except the sports/showtime/cinemax
17:40 <+esde> before i only had the starter package, no hd, no X1, no DVR, 1 room, and the same internet
17:40 <+esde> now it's 2 rooms, hd, dvr, almost all the channels
17:41 < rhollan> I have 50/16 Business class internet since I run my own mail server. But that 50/16 is covered by an SLA. It's SOLID 50, no caps, no filters, no bitching.
17:41 <+esde> i was sad they dont have 4K yet though
17:41 < rhollan> *cough* Youtube *cough*
17:41 <+esde> and netflix and amazon prime
17:41 < rhollan> yeah, I have netflix and hulu and amazon prime
17:41 <+esde> but netflix is spotty since comcast can't figure out networking
17:42 <+esde> not sure if i'll continue this trial
17:42 < rhollan> Netflix over my biz connection is rock solid, but of course I pay $150/month for it.
17:42 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
17:42 <+esde> 720/1080/2160/480/buffering.....25%, STUCK.
17:42 <+esde> repeat
17:42 <+esde> that's my typical netflix experience
17:43 < rhollan> Only time I see that is when my son is downloading a torrent
17:43 <+esde> over vpn only makes things worse by increasing latency :/
17:43  * rhollan makes a note to self about traffic shaping
17:43 < rhollan> I wouldn't run pablum-traffic over the vpn.
17:43 < rhollan> Besides, the feds have to spy on SOMETHING.
17:44 <+esde> !google publum
17:44 <@vpnHelper> Massmördercorp. | CyberfArts: <http://www.cyberfarts.nl/archive-1989-2005/massmordercorp/>; FAQ's - Patriot Environmental Laboratory Services, Inc.: <http://www.patriotlab.com/resources/faqs>; Pseudosigmoidea ibarakiensis sp. nov., a Dark Septate Endophytic ...: <http://www.ncbi.nlm.nih.gov/pmc/articles/PMC4070967/>
17:44 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:480c:326f:bbb9:3f4f] has joined #openvpn
17:44 <+esde> erm
17:44 <+esde> oh thanks for the reminder! i need to setup a whitelist for the TV
17:44 < rhollan> pablum-traffic: Noun: mass-market media designed to keep people stupid. See "TV".
17:45 <+esde> i don't like the thought of it having access to anything more than what it needs
17:45 < rhollan> yup
17:47 < rhollan> I have several nets at home: DMZ for publicly accessible servers, SECure for machines not accessable from anywhere, client LAN for things that don't offer services, server LAN which hosts servers local to the household, and WiFi, which is peered with the internet at large and DMZ. OpenVPN server is planned for DMZ to allow tunneling to server LAN services.
17:48 < rhollan> client LAN is like SECure, except SECure machines are locked in my office.
17:48 < rhollan> TVs, gaming consoles, etc. are on client LAN.
17:49 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 255 seconds]
17:51 < rhollan> And, actually, with a good VPN, you only add 20ms latency.
17:55 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
18:14 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
18:15 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
18:17 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Excess Flood]
18:17 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
18:17 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 252 seconds]
18:18 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
18:19 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
18:27 -!- zheng [~zheng@116.230.206.208] has quit [Quit: Leaving]
18:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:480c:326f:bbb9:3f4f] has quit [Remote host closed the connection]
18:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e0a7:8186:7617:80e7] has joined #openvpn
18:56 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
19:29 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
20:15 -!- rhollan [~rhollan@208.85.208.53] has quit [Quit: Leaving]
20:26 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Quit: elfixit]
20:41 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
20:41 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
20:56 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
20:56 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
21:47 -!- james41382_ is now known as james41382
22:11 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 255 seconds]
22:27 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
22:41 -!- AMERICAN_PSYCHO [~AMERICAN_@44.sub-70-196-15.myvzw.com] has joined #openvpn
23:31 -!- ShadniX [dagger@p5DDFF936.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:31 -!- ShadniX_ [dagger@p57941185.dip0.t-ipconnect.de] has joined #openvpn
23:31 -!- ShadniX_ is now known as ShadniX
23:55 -!- Eugene [~eugene@jack.kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
23:55 -!- Eugene [~eugene@jack.kashpureff.org] has joined #openvpn
--- Day changed Thu May 21 2015
00:00 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
00:15 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:30 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 272 seconds]
00:35 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:42 < ayaz> Do we have any information anywhere about how the recent `Logjam` issue affects OpenVPN and how to go about configuring/securing it?
00:43 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Ping timeout: 265 seconds]
00:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:52 -!- mode/#openvpn [+o mattock1] by ChanServ
01:05 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
01:07 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has joined #openvpn
01:23 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:28 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
01:33 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 255 seconds]
01:43 -!- Netsplit *.net <-> *.split quits: moviuro, seg, swebb, Chatterbox-, krthnz
01:43 -!- Netsplit over, joins: moviuro
01:45 -!- seg [~seg@fsf/member/seg] has joined #openvpn
01:48 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Quit: ||||||||||||||||||||||||||||||||||||||||||||||| 99%]
01:49 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
01:50 -!- swebb [~swebb@192.69.22.173] has joined #openvpn
01:54 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
01:54 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:17 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:27 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
02:28 -!- r8b7xy [~weechat@46.166.190.192] has joined #openvpn
02:32 < r8b7xy> Hi. When my router reboots my openvpn client isn't restarting. This is my /usr/lib/systemd/.../openvpn@.service http://termbin.com/lilo
02:32 < r8b7xy> I'm on arch linux right now
02:32 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
02:39 -!- Gintaras [irc.omnite@77.241.206.82] has joined #openvpn
02:52 -!- r8b7xy [~weechat@46.166.190.192] has quit [Ping timeout: 255 seconds]
03:04 -!- crane [~crane@chat.craneworks.de] has quit [Quit: ZNC - http://znc.in]
03:06 -!- r8b7xy [~weechat@gateway/vpn/privateinternetaccess/r8b7xy] has joined #openvpn
03:12 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
03:19 < Thermi> r8b7xy: Use Restart=
03:27 -!- r8b7xy [~weechat@gateway/vpn/privateinternetaccess/r8b7xy] has quit [Ping timeout: 240 seconds]
03:33 -!- idafyaid [~idafyaid3@unaffiliated/idafyaid] has quit [Ping timeout: 256 seconds]
03:35 -!- r8b7xy_ [~weechat@92.55.243.41] has joined #openvpn
03:35 -!- dazo_afk is now known as dazo
03:35 < r8b7xy_> Thermi: http://termbin.com/8tqw I still have to manually pkill openvpn
03:36 < Thermi> I doubt that. Look at the complete log, not just the last portion.
03:37 < Thermi> Also, don't edit stuff in /usr/lib/ directly. Those are vendor provided and are overwritten when the package gets upgraded.
03:37 < Thermi> Put your own units in /etc/systemd/system/ or use dropins.
03:38 < Thermi> This is what I use: https://bpaste.net/show/1415fbd4ae82
03:42 < r8b7xy_> Is this will be a diffrence whether conf file will be in multi-user.target.wants or openvpn@pia.service.d
03:42 < r8b7xy_> ?
03:42 < r8b7xy_> I've already have openvpn@pia.serivce in multi-user*
03:44 < r8b7xy_> ah ok [Install]
03:44 < r8b7xy_> WantedBy=multi-user.target
03:48 -!- hojgaard [~dh@78.156.117.236] has quit [Remote host closed the connection]
03:50 -!- r8b7xy_ [~weechat@92.55.243.41] has quit [Read error: Connection reset by peer]
03:58 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
04:01 -!- r8b7xy [~weechat@46.166.190.181] has joined #openvpn
04:03 < r8b7xy> Thermi: I've changed config for the one you uploaded but problem still persist. Openvpn reconnect but I can't access the web. google dns's and url aren't pingable. I have to pkill openvpn and I can start it with systemctl start...
04:05 < r8b7xy> I've found similiar problem here https://wiki.archlinux.org/index.php/Openvpn#Client_daemon_not_restarting_after_suspend but this resolution handle suspend mode not connection loss
04:05 <@vpnHelper> Title: OpenVPN - ArchWiki (at wiki.archlinux.org)
04:19 -!- BloqueNegro [~nothing@88.128.80.209] has joined #openvpn
04:20 -!- crus [~crusader@124-149-37-47.dyn.iinet.net.au] has quit [Read error: Connection reset by peer]
04:21 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
04:23 -!- eike_52n [~eike@80.156.182.234] has joined #openvpn
04:24 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
04:24 -!- BloqueNegro [~nothing@88.128.80.209] has quit [Ping timeout: 246 seconds]
04:25 -!- BloqueNegro [~nothing@88.128.80.209] has joined #openvpn
04:29 -!- BloqueNegro [~nothing@88.128.80.209] has quit [Client Quit]
04:30 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
04:37 -!- BloqueNegro [~nothing@88.128.80.209] has joined #openvpn
04:39 -!- r8b7xy [~weechat@46.166.190.181] has quit [Ping timeout: 276 seconds]
04:41 -!- BloqueNegro [~nothing@88.128.80.209] has quit [Ping timeout: 246 seconds]
04:46 -!- r8b7xy [~weechat@46.166.188.229] has joined #openvpn
04:50 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
04:50 -!- mode/#openvpn [+v s7r] by ChanServ
04:52 -!- r8b7xy [~weechat@46.166.188.229] has quit [Ping timeout: 272 seconds]
04:54 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 256 seconds]
05:03 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
05:04 -!- r8b7xy [~weechat@46.166.188.230] has joined #openvpn
05:06 -!- DArqueBishop [~drkbish@tyrande.darquecathedral.org] has joined #openvpn
05:07 -!- krthnz [~krthnz@unaffiliated/krthnz] has joined #openvpn
05:08 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 255 seconds]
05:10 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Ping timeout: 276 seconds]
05:13 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
05:14 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 272 seconds]
05:28 -!- BloqueNegro [~nothing@88.128.80.209] has joined #openvpn
05:30 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
05:34 -!- Latrina [~Latrina@adsl-ull-88-245.45-151.net24.it] has quit [Ping timeout: 276 seconds]
05:37 -!- r8b7xy [~weechat@46.166.188.230] has quit [Ping timeout: 276 seconds]
05:39 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:39 -!- BloqueNegro [~nothing@88.128.80.209] has quit [Quit: Leaving]
05:39 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:40 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
05:40 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Client Quit]
05:40 -!- Latrina [~Latrina@adsl-ull-63-194.50-151.net24.it] has joined #openvpn
05:40 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:44 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Client Quit]
05:44 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:46 -!- seg [~seg@fsf/member/seg] has quit [Quit: !!]
05:50 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
05:50 -!- seg [~seg@fsf/member/seg] has joined #openvpn
06:02 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
06:03 -!- BloqueNegro [~nothing@88.128.80.209] has joined #openvpn
06:20 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
06:32 -!- crane [~crane@static.229.44.243.136.clients.your-server.de] has joined #openvpn
06:41 -!- JamesBelchamber [~root@bastion.james.belchamber.com] has joined #openvpn
06:42 < JamesBelchamber> Hey all. Does PROXY_AUTO_CONFIG_URL work everywhere? Is there something similar? I'm trying to get a proxy.pac to automatically apply to a device once connected to the VPN.
06:43 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Ping timeout: 246 seconds]
07:04 -!- BloqueNegro [~nothing@88.128.80.209] has quit [Ping timeout: 246 seconds]
07:07 -!- BloqueNegro [~nothing@88.128.80.209] has joined #openvpn
07:07 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
07:14 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:16 -!- BloqueNegro [~nothing@88.128.80.209] has quit [Read error: Connection reset by peer]
07:16 -!- BloqueNegro [~nothing@88.128.80.209] has joined #openvpn
07:17 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Quit: bye]
07:17 -!- flyingkiwi [~kiwi@2a02:ce80:0:20::2] has joined #openvpn
07:43 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 265 seconds]
07:43 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 265 seconds]
07:45 -!- misterpink [misterpink@ool-44c527c3.dyn.optonline.net] has quit [Read error: Connection reset by peer]
07:45 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
07:46 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
07:52 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
07:58 -!- JamesBelchamber [~root@bastion.james.belchamber.com] has quit [Quit: Lost terminal]
08:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
08:08 -!- NetworkingPro [~Networkin@192.198.208.235] has joined #openvpn
08:08 < NetworkingPro> howdy everyone
08:09 < NetworkingPro> I admittedly don't know OpenVPN well, so sorry if I come across as slow here.  I just inherited a technical issue on an OpenVPN server.  When a client tries to connect I get the following error on the server in the logs: Authenticate/Decrypt packet error: cipher final failed
08:09 < NetworkingPro> Any idea where to start looking for that?
08:11 -!- r8b7xy [~weechat@104.238.169.18] has joined #openvpn
08:13 -!- dansanger [~vpnuser@190.72.179.173] has joined #openvpn
08:13 < dansanger> Hello
08:15 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
08:16 -!- AL13N_work [~alien@91.183.52.232] has left #openvpn []
08:18 < NetworkingPro> Sup dansanger?
08:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:21 < dansanger> I am configuring a OpenVPN server on a computer with Win7 and I need connect a device based on Linux as a Client, the device connect good but the routing isn't working. In fact my device's LAN is disable when connect to the server. I am using: client-config-dir ccd and route 192.168.7.0 255.255.255.0, and iroute in my server like is described in some tutorials. I have used forwarding in my Windows PC
08:22 <+esde> what tutorials?
08:22 <+esde> !walkthrough
08:22 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
08:22 < dansanger> When I configure this Server from a computer on Ubuntu the routing working good
08:23 < dansanger> ok, let me search and post here
08:24 <+esde> but what is your !goal?
08:25 < dansanger> https://community.openvpn.net/openvpn/wiki/RoutedLans
08:25 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
08:26 < dansanger> I need that the Openvpn Server work in Windows too
08:26 <+esde> !goal
08:26 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
08:27 < dansanger> I need the OpenVPN make a routing from windows through to my device
08:27 < dansanger> ok
08:28 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
08:28 < dansanger> I wanna connect two or more clients to my server and access to client' LAN since each client
08:30 -!- r8b7xy [~weechat@104.238.169.18] has quit [Ping timeout: 245 seconds]
08:30 < dansanger> I posted the procedure that I am following
08:31 <+esde> !clientlan
08:31 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
08:31 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
08:31 <+esde> the flowchart will be very helpful
08:35 < dansanger> ok let me see the flowchart because my configuration is like is described for !clientlan. In fact that works very good with my server on Ubuntu... Let me
08:37 <+esde> you're saying the windows is playing the role of server?
08:40 < dansanger> yes, my OpenVPN server is running on Windows. I've tried WinXP and Win7
08:40 -!- tzafrir [~tzafrir@local.xorcom.com] has joined #openvpn
08:40 <+esde> !winipforward
08:40 <@vpnHelper> "winipforward" is (#1) http://support.microsoft.com/kb/315236 to enable ip forwarding on windows or (#2) reboot after enabling it
08:40 < tzafrir> A slightly off-topic question, regarding easy-rsa:
08:41 < tzafrir> What are the dhparams (generated with build-dh) used for?
08:41 <+esde> for HMAC, tls-auth
08:41 < tzafrir> Generating them takes long time. And I can't recall where they are used by a CA
08:42 <+esde> ok? they aren't supposed to be used by any ca
08:42 < tzafrir> (That works completely off-line)
08:42 < dansanger> Yes esde I've did that ipforward in my Windows
08:43 < tzafrir> So how come the easy-rsa README tells me I should run build-dh ?
08:43 -!- apollo2k is now known as aPollO2k
08:43 <+esde> wat
08:43 <+esde> !tls-auth
08:43 <@vpnHelper> "tls-auth" is "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS., or (#2) openvpn --genkey --secret ta.key to
08:43 <@vpnHelper> make the tls static key , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs
08:43 <+esde> that's all it is
08:44 -!- r8b7xy [~weechat@92.55.243.41] has joined #openvpn
08:44 < tzafrir> esde, was that a reposponse to me? If so, I refer to the easy-rsa scripts that are included with openvpn
08:44 <+esde> has nothing to do with client cert & key or ca.
08:45 <+esde> yes it was, you need to read the factoid vpnHelper provided
08:46 <@dazo> tzafrir: the dhparams is a prime number used in the key exchange negotiation between clients and the server ... you generally need to generate that once
08:47 <@dazo> tzafrir: for more info: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
08:47 <@vpnHelper> Title: Diffie–Hellman key exchange - Wikipedia, the free encyclopedia (at en.wikipedia.org)
08:51 -!- BloqueNegro [~nothing@88.128.80.209] has quit [Ping timeout: 246 seconds]
08:54 <+esde> !botsnack
08:54 <@vpnHelper> "botsnack" is Om nom nom!
08:57 -!- BloqueNegro [~nothing@88.128.80.209] has joined #openvpn
09:01 -!- aPollO2k is now known as apollo2k
09:04 -!- apollo2k is now known as aPollO2k
09:08 < tzafrir> I still don't follow. I asked about the dhparams file (e.g. keys/dh2048.pm) generated by the easy-rsa scripts.
09:09 < tzafrir> That is: about a CA used off-line. Not about the configuration item 'dh' of openvpn itself. If those answers were regarding easy-rsa,
09:09 < tzafrir> then I read them but failed to understand.
09:10 -!- r8b7xy [~weechat@92.55.243.41] has quit [Ping timeout: 256 seconds]
09:11 <@dazo> tzafrir: dhparams is used for client and servers to be able to securely agree upon a session key (== temporary encryption key) for the VPN tunnel
09:11 < tzafrir> (I know that)
09:12 <@dazo> tzafrir: openssl provides a functionality to generate the dhparams content ... so when easy-rsa was written, it was just a convenience to make a similar openssl wrapper for generating dhparams
09:12 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
09:12 <@dazo> easy-rsa is just a wrapper around a lot of complicated openssl operations
09:14 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
09:14 -!- mode/#openvpn [+v s7r] by ChanServ
09:14 <@dazo> the CA should as far as possible be offline ... because the CA signes server and client certificates using the CA private key.  When clients and servers have access to the (public) CA certificate, they can validate the remote's certificate and decide if it will choose to trust the certificate or not
09:14 -!- BloqueNegro [~nothing@88.128.80.209] has quit [Ping timeout: 246 seconds]
09:15 <@dazo> If the signature in the certificate doesn't compute against the CA public key inside the CA certificate, it's not a valid certificate
09:16 <@dazo> And that is why the CA key should be offline when you don't need to sign certificates ... if you loose control over your CA key, anyone who have access to that CA key can produce new certificates which will be valid
09:16 <@dazo> against your server
09:16 <@dazo> tzafrir: did that make sense?
09:17 < tzafrir> Yes. But I gather that it does not need a dh-params file, right?
09:17 <@dazo> esde: easy-rsa's build-dh does not have anything to do with --tls-auth or HMAC ... that is a misleading statement
09:18 < tzafrir> BTW: in my model, the server authenticates users by having keys. That is, those keys are only useful for that server.
09:18 <@dazo> tzafrir: the CA does not need the dhparams at all.  That is only needed on the server
09:18 < tzafrir> And thus the CA is on the server. No, not the classic CA model, but worksforme
09:19 <@dazo> tzafrir: keys?  If you use --key and --cert, the --cert file contains a public key which is derived from --key and has been signed by the --ca you provide on the server side
09:21 < Kunsi> hm, maybe someone is able to help me, too. i created a bridged vpn server, i'm able to connect to it, get an ip address, but i can't send any data between my computer and vpn server. server.conf http://paste.debian.net/180936 - client.conf http://paste.debian.net/180938 - openvpn.log http://paste.debian.net/180939 - network topology http://paste.debian.net/180912 - firewall is not an issue, routed vpn works
09:21 < Kunsi> fine on same port
09:21 <@dazo> Kunsi: why do you bridge?
09:21 < Kunsi> i need access to windows file shares in vpn servers lan
09:21 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
09:22 <@dazo> Kunsi: that's no reason to bridge ... https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
09:22 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
09:23 < Kunsi> connecting clients are mostly in servers lan and use hostnames for shares, would same be possible when using a routed vpn, or do they have to use ip addresses instead?
09:24 <@dazo> Kunsi: then you just push out a proper DNS server to your clients, and they'll still use hostname ... hostname maps to an IP address, and the rest is pure routing
09:24 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
09:24 -!- r8b7xy [~weechat@104.238.169.49] has joined #openvpn
09:26 < Kunsi> The next thing you need to do on the router is to add a route for your VPN subnet. In the routing table on your Router, add 10.8.0.0/24 to be sent via 192.168.0.10 <-- but i can't do that, since i only have access to the vpn box
09:27 < Kunsi> whole network is … interesting. it's a win 2008 server, used as router, firewall and vm host, and openvpn server is a vm guest
09:27 < Kunsi> maybe i should try to set up a vpn to the windows box
09:27 <@dazo> Kunsi: if that win2k8 server is used as a global router ... you add that route on that server
09:28 < Kunsi> i don't have access to it
09:28 <@dazo> if you're trying to VPN without having access to core network routers ... then you have a lot bigger troubles than just the VPN
09:29  * dazo need to run for some food
09:29 < Kunsi> that's how by boss wants it to be
09:29 < Kunsi> so i'll come up saying "Boss, it wont work this way!"
09:40 -!- r8b7xy [~weechat@104.238.169.49] has quit [Ping timeout: 264 seconds]
09:43 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
09:45 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:54 -!- r8b7xy [~weechat@104.238.169.111] has joined #openvpn
09:55 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: ciao]
10:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
10:17 -!- BloqueNegro [~nothing@88.128.80.209] has joined #openvpn
10:29 -!- eike_52n [~eike@80.156.182.234] has quit [Quit: Leaving]
10:35 -!- AMERICAN_PSYCHO [~AMERICAN_@44.sub-70-196-15.myvzw.com] has quit [Ping timeout: 244 seconds]
10:43 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
10:50 -!- r8b7xy [~weechat@104.238.169.111] has quit [Ping timeout: 255 seconds]
10:50 -!- jesopo [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
10:55 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
11:00 -!- BloqueNegro [~nothing@88.128.80.209] has quit [Read error: Connection reset by peer]
11:00 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e0a7:8186:7617:80e7] has quit [Remote host closed the connection]
11:03 -!- DeeJayTwo [~DeeJayTwo@unaffiliated/deejaytwo] has joined #openvpn
11:04 -!- r8b7xy [~weechat@92.55.243.41] has joined #openvpn
11:04 < DeeJayTwo> hi
11:04 < DeeJayTwo> I have an issue on pfsense but maybe someone could help here...     I have a site to site vpn with openvpn. Sometimes, When fragmented
11:05 < DeeJayTwo> packets are flowing thru openvpn, they get reassembled when they exit the openvpn interface on the remote end and they reach higher that then remote lan interface mtu so they get dropped...
11:05 < DeeJayTwo> why is pfsense/FreeBSD not fragmenting it again? or why is it reassembling it first anyway?
11:05  * esde points to ##pfsense
11:05 < DeeJayTwo> esde.. I already asked.. no answers yet
11:06 < DeeJayTwo> is it normal for openvpn to reassemble packets at remote end?
11:06 <+esde> i doubt you'll get a pfsense-specific answer here, either
11:06 < DeeJayTwo> shouldn't it just let it flow fragmented ?
11:07 < DeeJayTwo> hmm... I think I'm mixing things up.. sorry ;)
11:07 < DeeJayTwo> a tcpdump on the remote end openvpn interface shows the packets are still fragmented
11:07 < DeeJayTwo> so I guess the OS is reassembling it prior to forward it to the remote LAN interface...
11:08 < r8b7xy> after 1 hour connman drops my vpn connection due to the 'ERROR: could not read Auth username from stdin' log: http://termbin.com/o2qs connmanvpn config: http://termbin.com/rtgt Any idea how to solve this? Thanks in advance.
11:13 <+esde> what is a connman?
11:13 <+esde> other than the obvious answer
11:16 < r8b7xy> network manager for linux
11:17 <+esde> !networkmanager
11:17 < r8b7xy> does deletinf from config auth-nocache should do the thing? In openvpn config there are persist-key and persist-tun - maybe this is why connman drops connection.
11:17 <+esde> !netman
11:17 <@vpnHelper> "netman" is (#1) if you are using network manager for linux to configure your vpn, dont! http://openvpn.net/archive/openvpn-users/2008-01/msg00046.html to read the same thing from the author of the openvpn 2 cookbook on the mail list or (#2) Have OpenVPN working but not NetworkManager? Ask the n-m folks for help: http://projects.gnome.org/NetworkManager/
11:27 < r8b7xy> ok, thanks!
11:30 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:30 -!- aPollO2k is now known as apollo2k
11:33 -!- flyingkiwi [~kiwi@2a02:ce80:0:20::2] has quit [Quit: bye]
11:33 -!- flyingkiwi [~kiwi@2a02:ce80:0:20::2] has joined #openvpn
11:35 -!- linuxthefish [~ltf@unaffiliated/edmundf] has left #openvpn ["Leaving"]
11:38 -!- flyingkiwi [~kiwi@2a02:ce80:0:20::2] has quit [Ping timeout: 252 seconds]
11:39 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
11:40 <@dazo> r8b7xy: I don't know anything about connman's openvpn configuration (connman != NetworkManager, but is a different approach - probably more sane in many aspects) ... but you probably want to figure out how to pass the --persist-key and --persist-tun arguments to openvpn
11:43 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:43 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
11:43 < r8b7xy> I've found it: OpenVPN.ConfigFile     --config         OpenVPN config file that can contain
11:43 < r8b7xy>                                          extra options not supported by OpenVPN
11:43 < r8b7xy>                                          plugin (O)
11:44 <@dazo> r8b7xy: even better!
11:45 < r8b7xy> connmanvpn is kind of wrapper for openvpn. Still wonder is it worth to use it as vpn manager.
11:48 <@dazo> The jolla phone ships with connman (the core part), which does some clever things related to networks with pay-/registration walls ... it might do some clever tricks with VPNs too, as long as it stays away from killing the VPN when there is a connection drop
11:49 <@dazo> (OpenVPN is pretty good at session resume, if configured correctly ... as long as a management service don't kill it)
11:50 < r8b7xy> This is the thing - I can't make neither openvpn nor connmanvpn to resume connection after my router reboots/my connection is lost and resume. In openvpn I have to kill it and then systemctl start. In connman I have to reconnect to eth and vpn manually.
11:55 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Quit: Page closed]
11:56 < Billias> I would like to
11:56 < Billias> have an intermediate certificates
11:56 < Billias> CA root, Inter1, Inter2, Client cert
11:56 < Billias> and the server to have:
11:57 < Billias> CA root, srv-inter, server sign
11:57 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has joined #openvpn
11:57 < r8b7xy> I'll be back in the minute - I'd like to provide some logs and configs - you may know how to resolve my issue dazo.
11:58 < Billias> can i have some asymmetric certificate auth?
12:02 -!- r8b7xy [~weechat@92.55.243.41] has quit [Read error: Connection reset by peer]
12:15 -!- petan [~pidgeon@wikimedia/Petrb] has quit [Ping timeout: 258 seconds]
12:20 -!- jonasdhaen [~jonasdhae@x590fa399.dyn.telefonica.de] has joined #openvpn
12:40 -!- jthunder_ [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Quit: jthunder_]
12:41 -!- s7r [debian-tor@openvpn/user/s7r] has left #openvpn []
12:53 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: ciao]
12:55 -!- r8b7xy [~weechat@92.55.243.41] has joined #openvpn
12:57 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
12:59 -!- tzafrir [~tzafrir@local.xorcom.com] has quit [Ping timeout: 272 seconds]
13:01 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
13:08 < r8b7xy> dazo: re. Ok. this is my log http://pastebin.com/raw.php?i=UGrucvKJ I face two problems - I don't know is it ok to use network.target while I'm using connman as a prerequirement. openvpn still starts before I connect to the access point - can't resolve host error. Secondly - when I disconnect from AP and reconnect client daemon isn't starting/I don't have working internet connection. I have to pkill openvpn
13:08 < r8b7xy> and then reconnect to VPN with systemctl start openvpn@*. I dont know whether this solution for suspend mode could be tranfered to take care about killing openvpn when my connection drops https://wiki.archlinux.org/index.php/OpenVPN#Client_daemon_not_restarting_after_suspend
13:09 <@vpnHelper> Title: OpenVPN - ArchWiki (at wiki.archlinux.org)
13:09 <@dazo> r8b7xy: if you start openvpn via systemctl, I believe you override connman
13:10 <@dazo> r8b7xy: otherwise, I believe the OpenVPN unit file should have 'Wants = network-online.target' ... that way it will not start before you have an IP address
13:15 < r8b7xy> dazo: let me reconnect to see how it works.
13:20 -!- r8b7xy [~weechat@92.55.243.41] has quit [Ping timeout: 264 seconds]
13:24 -!- dazo is now known as dazo_afk
13:28 -!- lompik [~lompik@li970-99.members.linode.com] has joined #openvpn
13:29 < lompik> !ovpnuke
13:29 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
13:29 -!- jesopo [Bit@lolpurr.net] has joined #openvpn
13:38 < dansanger> esde I solve my problem with the VPN on Windows
13:39 <+esde> great what was the issue?
13:40 -!- r8b7xy [~weechat@104.238.169.52] has joined #openvpn
13:42 < r8b7xy> dazo_afk: hmmm... even with more strict requires http://termbin.com/mpiw openvpn starts before connman http://pastebin.com/raw.php?i=yNgvrFM6
13:45 < r8b7xy> but this is rather cosmetic then losing the connection after reconnection to access point which bothers me mostly. When i reconnect with connman to AP i have to manually systemctl restart openvpn otherwise it's in kind of suspend mode(?) - it doesn't print any logs to systemctl status.
13:47 -!- lompik [~lompik@li970-99.members.linode.com] has left #openvpn ["WeeChat 1.2"]
13:48 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
13:51 < dansanger> The file with the instruction iroute has not to be .txt. I just delete the file's extension and the routing work good!!:)
13:55 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: ciao]
13:56 <+esde> :)
13:58 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:10 < dansanger> Thank you for all esde
14:12 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
14:16 -!- r8b7xy [~weechat@104.238.169.52] has quit [Quit: WeeChat 1.2]
14:28 <+esde> np
14:29 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 272 seconds]
14:33 -!- r8b7xy [~weechat@104.238.169.107] has joined #openvpn
14:33 -!- rhollan [~rhollan@208.85.208.53] has joined #openvpn
14:46 -!- r8b7xy [~weechat@104.238.169.107] has quit [Ping timeout: 276 seconds]
15:00 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 250 seconds]
15:04 -!- r8b7xy [~weechat@104.238.169.127] has joined #openvpn
15:07 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
15:09 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
15:14 -!- r8b7xy [~weechat@104.238.169.127] has quit [Ping timeout: 255 seconds]
15:14 -!- MalMen [~MalMen@xmr.link] has joined #openvpn
15:14 < MalMen> hello
15:14 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
15:14 < MalMen> its possible to me to force one dns server after connected to openvpn ?
15:15 < MalMen> push "dhcp-option DNS 10.9.0.1"
15:15 < MalMen> i tryed this, but is not working
15:16 -!- r8b7xy [~weechat@104.238.169.94] has joined #openvpn
15:18 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 256 seconds]
15:24 -!- colbyftp [~colbyf@unaffiliated/colbyf] has joined #openvpn
15:26 < colbyftp> hi folks, I am connecting to a vpn and have 30 config files, I want to know can I set MTU globally  to 1400?
15:28 < colbyftp> or if I am barking up the wrong tree let me know please
15:29 -!- r8b7xy [~weechat@104.238.169.94] has quit [Ping timeout: 256 seconds]
15:32 -!- rwb [480f0338@gateway/web/freenode/ip.72.15.3.56] has quit [Ping timeout: 246 seconds]
15:37 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.1/20150513174244]]
15:44 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 258 seconds]
15:44 < MalMen> im sorry, i dont know if anyone replyed me, my connection dropped
15:44 -!- r8b7xy [~weechat@104.238.169.41] has joined #openvpn
15:48 -!- colbyftp [~colbyf@unaffiliated/colbyf] has quit [Ping timeout: 256 seconds]
15:49 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
15:52 -!- r8b7xy [~weechat@104.238.169.41] has quit [Ping timeout: 246 seconds]
15:58 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
16:06 -!- k2gremlin [~Gremlin@23-25-52-209-static.hfc.comcastbusiness.net] has joined #openvpn
16:06 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Ping timeout: 264 seconds]
16:06 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:06 < k2gremlin> Anyone here? Having some issues with OpenVPN
16:07 < Eugene> MalMen - dhcp-option is only respected by some clients, chiefly Windows
16:07 < Eugene> !to k2gremlin ask
16:07 < Eugene> Or maybe that doesn't work
16:07 < Eugene> !ask
16:07 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
16:08 < k2gremlin> Ubuntu Server with OpenVPN. PC is connecting over the WAN. OpenVPN fully connects but I can't pass any traffic. No pings either way
16:08 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
16:09 -!- DeeJayTwo [~DeeJayTwo@unaffiliated/deejaytwo] has left #openvpn []
16:09 < Eugene> "fully connects" meaning what? ;-)
16:09 < Eugene> !logs
16:09 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:11 < k2gremlin> !logfile
16:11 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
16:13 < k2gremlin> http://pastebin.com/dXZapDaS
16:16 -!- r8b7xy [~weechat@92.55.243.41] has joined #openvpn
16:19 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:21 < k2gremlin> Nvm, I fixed it. I had #push "redirect-gateway def1" turned on. COmmented it out and its working fine now :)
16:25 -!- k2gremlin [~Gremlin@23-25-52-209-static.hfc.comcastbusiness.net] has quit [Quit: Leaving]
16:26 -!- r8b7xy [~weechat@92.55.243.41] has quit [Ping timeout: 272 seconds]
16:38 -!- r8b7xy [~weechat@104.238.169.134] has joined #openvpn
16:50 -!- r8b7xy [~weechat@104.238.169.134] has quit [Ping timeout: 264 seconds]
17:05 -!- r8b7xy [~weechat@104.238.169.138] has joined #openvpn
17:39 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
17:41 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:57 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
17:58 -!- shadok_ is now known as shadok
18:04 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
18:10 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
18:15 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Max SendQ exceeded]
18:15 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
18:25 -!- u0m3 [~u0m3@92.80.75.14] has joined #openvpn
18:25 -!- u0m3 [~u0m3@92.80.75.14] has quit [Remote host closed the connection]
18:43 -!- zheng [~zheng@116.230.206.208] has quit [Quit: Leaving]
18:47 -!- fred`` [fred@earthli.ng] has joined #openvpn
18:56 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 256 seconds]
18:56 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has quit [Ping timeout: 244 seconds]
19:11 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 272 seconds]
19:14 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
19:26 -!- jonasdhaen_ [~jonasdhae@x590fba0f.dyn.telefonica.de] has joined #openvpn
19:28 -!- jonasdhaen [~jonasdhae@x590fa399.dyn.telefonica.de] has quit [Ping timeout: 258 seconds]
19:28 -!- jonasdhaen_ is now known as jonasdhaen
19:51 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has quit [Quit: irc panic]
19:55 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has joined #openvpn
20:02 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 250 seconds]
20:54 -!- GeorgeHahn_ [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
20:57 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Ping timeout: 264 seconds]
21:27 -!- Cultist [~CultOfThe@67.175.170.187] has joined #openvpn
22:23 -!- c2pLaY [~c2pLaY@unaffiliated/c2play] has joined #openvpn
22:56 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 255 seconds]
23:05 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
23:31 -!- ShadniX [dagger@p57941185.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:31 -!- ShadniX [dagger@p579412A8.dip0.t-ipconnect.de] has joined #openvpn
23:37 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
23:40 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
--- Day changed Fri May 22 2015
00:00 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
00:02 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Quit: leaving]
01:03 -!- tzafrir [~tzafrir@bzq-179-40-172.cust.bezeqint.net] has joined #openvpn
01:17 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:31 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
01:34 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Client Quit]
01:35 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
01:38 -!- Netsplit *.net <-> *.split quits: seg
01:49 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 272 seconds]
01:53 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
02:07 -!- ketas [~ketas@97-39-190-90.dyn.estpak.ee] has quit []
02:31 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
02:33 < Abbott> does the basic installation of openvpn on a linux machine include public key authentication
02:34 < Abbott> or do I have to build openvpn from source to use that
02:36 < CryptoSiD> when i have this in my server.conf push "redirect-gateway def1 bypass-dhcp", on the client side, it use the ip of the server, the problem is on the client side it ALWAYS use ipv4 even if the website or whatever host have an ipv6 also, id like to keep the ipv6 first, any way to do this?
02:36 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 245 seconds]
02:36 < CryptoSiD> (sorry for my bad english)
02:43 -!- Dat [dat@unaffiliated/dat] has joined #openvpn
02:44 < Dat> Hello I have a ddwrt linksys wrt54gl with openvpn client option after filling out all the information I am getting unroutable control packet received and the time appears to be correct on the router whatelse can I do?
02:44 -!- c2pLaY [~c2pLaY@unaffiliated/c2play] has quit [Ping timeout: 255 seconds]
02:44 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:48 -!- tdn [~tdn@syrah.adora.dk] has quit [Remote host closed the connection]
02:54 -!- dazo_afk is now known as dazo
03:24 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
03:24 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
03:44 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
03:44 < dEPy> Anyone can suggest MacOS client for OpenVPN?
03:48 < Dat> openvpn?
03:49 < Dat> cant you use theo openvpn cli?
03:49 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
03:50 < dEPy> I would like to use something more user friendly maybe... :D
03:50 < dEPy> So far I only found Tunnelblick for free.
03:51 < Kunsi> tunnelblick is very nice
03:52 < dEPy> Yea? Might try that then
03:57 < Dat> dEPy: tunnelblock is good
03:57 < Dat> or tunnelbrick whatever its called
03:58 -!- GeorgeHahn_ [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Read error: Connection reset by peer]
03:58 < dEPy> tnx
04:01 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Read error: Connection reset by peer]
04:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:20 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
05:01 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
05:06 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
05:07 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:08 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
05:09 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:14 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Client Quit]
05:16 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
05:16 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
06:10 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
07:03 -!- dan_j [sid21651@gateway/web/irccloud.com/x-lipbufplzxggzwny] has quit [Ping timeout: 256 seconds]
07:03 -!- dan_j [sid21651@gateway/web/irccloud.com/x-momdjepqqxjovaay] has joined #openvpn
07:08 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
07:11 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has joined #openvpn
07:26 <@plaisthos> can I somehow see if my account still has a warning (I got a one week warning from LHC)?
07:30 -!- sppadic [~sppadic@90.216.134.198] has quit [Read error: Connection reset by peer]
07:36 -!- gringao [~gringao@83.142.147.16] has joined #openvpn
07:36 <@plaisthos> rgh
07:36 <@plaisthos> completely wrong channel :D
07:47 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:50 -!- Caplain [~shayne@c-68-34-28-222.hsd1.mi.comcast.net] has joined #openvpn
07:50 < Caplain> does the client side need the .csr file?
07:51 < Kunsi> no
07:51 < BtbN> Neither the server nor the client needs the csr
07:59 <@dazo> only the CA needs .csr files ... csr + ca key (sign operation) => crt
08:21 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.1/20150513174244]]
08:25 -!- gringao [~gringao@83.142.147.16] has quit [Ping timeout: 272 seconds]
08:29 < Caplain> BtbN, dazo thank you :)
08:29 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 276 seconds]
08:33 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
08:37 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
08:45 -!- rsc_ [~robert@fedora/rsc] has joined #openvpn
08:46 < rsc_> Are issues with OpenVPN as client on Windows 2012 R2 (Terminal Server) known? Installing 2.3.6 as Administrator works, running as well. Setting "run as administrator" in the properties of openvpn.exe and openvpn-gui.exe is ticked. Does not work as regular terminal server user through.
08:46 < rsc_> Ideas? It worked however on Windows Server 2008 (Terminal Server).
08:47 <@plaisthos> !logs
08:48 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
08:48 < rsc_> What's the default "verb"?
08:51 <+esde> whatever you make it
08:52 <+esde> looks like 3 in the example confs
08:53 -!- shio [~marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
09:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
09:08 -!- rsc_ is now known as rsc
09:12 -!- Cultist [~CultOfThe@67.175.170.187] has quit [Quit: Tension, apprehension, and dissension have begun.]
09:21 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:27 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
09:30 -!- thomas_d [1f063aab@gateway/web/freenode/ip.31.6.58.171] has joined #openvpn
09:32 -!- mensvaga [~mensvaga@192.16.204.65] has joined #openvpn
09:32 < thomas_d> Hi I currently use the VPN provider Golden Frog (VyprVPN) which supports OpenVPN (their main protocol I think) but has only limited support for Linux. Nonetheless, I'm trying to get this service up-and-running on a distro which is not supported. They provide the .crt file for use with other distros, what I'm trying to work out is how I can derive the ca and the key to put in the client.conf
09:33 < thomas_d> I have the OpenVPN up-and-running on a Windows box and a Debian box currently, so is there some file I can look at in these instances which I could use for reference?
09:33 < thomas_d> I can't find any *.ovpn file or any client.conf file (apart from the sample) on either box
09:38 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 245 seconds]
09:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:52 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
09:56 -!- elfixit [~Icedove@2001:1620:2777:11:3e97:eff:fe7f:f3ad] has quit [Quit: elfixit]
10:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: ciao]
10:04 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
10:04 -!- wlarip [~wlarip@169.57.0.217-static.reverse.softlayer.com] has joined #openvpn
10:05 -!- Caplain [~shayne@c-68-34-28-222.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer]
10:09 -!- r8b7xy [~weechat@104.238.169.138] has quit [Quit: WeeChat 1.2]
10:21 -!- r8b7xy [~weechat@104.238.169.138] has joined #openvpn
10:21 -!- Denial- [~Denial@host81-155-43-93.range81-155.btcentralplus.com] has joined #openvpn
10:22 -!- Denial [~Denial@81.141.23.254] has quit [Ping timeout: 256 seconds]
10:25 -!- r8b7xy [~weechat@104.238.169.138] has quit [Client Quit]
10:31 -!- Caplain [~shayne@c-68-34-28-235.hsd1.mi.comcast.net] has joined #openvpn
10:37 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
10:48 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
10:48 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
10:49 < Caplain> https://blog.dlasley.net/2013/08/openvpn-server-configuration-script-ubiquiti-edgerouter-lite/
10:49 -!- badon_ is now known as badon
10:51 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:52 -!- Dat [dat@unaffiliated/dat] has left #openvpn []
11:06 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: reflashing routers, new update! be back in a while]
11:06 <@dazo> *sigh* yet another blog article which haven't fully understood how CAs work
11:08 <@dazo> if that guy had been clever ... the "setup script" for re-configuring the openvpn server would use a more static ca.crt and server.crt file ... the openvpn server only needs: ca.crt, server.key, server.crt and dh*.pem files
11:09 <@dazo> if you want to be strict, you replace the server.key/crt for each re-install.  If you're even more cautious, you also regenerate the dh*.pem file
11:09 < mensvaga> The magical CA angels don't ask Bruce Schnier for his metamorphic DNA and then impregnate the virgin Alice so Bob and her can raise the child?!
11:09 <@dazo> and the most important detail:  Never generate keying material on embedded devices ... the random generators there are usually just crap
11:10 < mensvaga> int random_dice_roll { return 4; // good 'nuf }
11:10 <@dazo> heh
11:10 < mensvaga> I'll credit XKCD for that one.
11:10 < mensvaga> "The Virgin Alice" - just made that up.
11:11 <+esde> for rooted android there is seeder, it can increase machine entropy pretty significantly. i havent run any entropy tests yet, but it looks good
11:11 <@dazo> Dilbert has a good one on random generator .... http://dilbert.com/strip/2001-10-25
11:11 <@vpnHelper> Title: Dilbert Comic Strip on 2001-10-25 | Dilbert by Scott Adams (at dilbert.com)
11:12 <@dazo> esde: if you have a decent computer, it will anyway go faster to generate keys there
11:12 <+esde> agreed, it's always nice to have as much entropy as possible on a system, android not excluded. i was excited to see it in the play store :)
11:13 <@dazo> is seeder open source?
11:15 <+esde> it's paid, so i dont think so. i have paid for it, i havent asked for the source though
11:15 <@dazo> then how can you verify that it works?
11:16 <+esde> ?
11:17 <@dazo> I'm a firm believer that security cannot be delivered in a black-box ... if it does, you cannot trust it.  The moment any third-parties evaluates the product and can confirm that it does what it is supposed and is able to look for weaknesses, then you can trust it
11:18 <@dazo> so if 'seeder' claims to provide more entropy for the random number generator ... how can you actually verify that it does exactly that if you can't look what seeder does?
11:18 <@dazo> (what if seeder actually weakens the RNG? ... you wouldn't really know unless the randomness is just too easy to spot)
11:19 <+esde> I agree, bringing it to the attention of a community with people who may be so interested as to attempt to obtain the source and vet it themselves, possibly opening the door to bugfixes and porting the app to an opensource offering. maybe im too optimistic.
11:19 < Eugene> Ah yes, the classic battle between the paranoid crypto nuts and the "good enough" executives
11:19 < Eugene> May the ciphers be ever in your favour
11:19 <@dazo> heh
11:21 <+esde> i have no clue if it works, or if it's malicious even. i do see it as something that could be useful if the developer were to put the project on github, for instance
11:21 <@dazo> that's a good idea to suggest ... security, and in particular crypto, must be transparent
11:25 < CryptoSiD>  when i have this in my server.conf push "redirect-gateway def1 bypass-dhcp", on the client side, it use the ip of the server, the problem is on the client side it ALWAYS use ipv4 even if the website or whatever host have an ipv6 also, id like to keep the ipv6 first, any way to do this?
11:26 < CryptoSiD> any idea? (and excuse my bad english)
11:28 <@dazo> CryptoSiD: why do you add bypass-dhcp?
11:28 <@dazo> (not related to you question, I've just seen more people adding that for odd reasons lately ... and I wonder why they do that)
11:28 < CryptoSiD> to use the IPV4 of the server
11:29 < CryptoSiD> but id like to still use the ipv6 FIRST (if dispo) on the client side
11:29 <@dazo> the VPN server?  nope, you don't need bypass-dhcp for that
11:29 <@dazo> (read the man page carefully, and you'll see that's very seldom needed)
11:29 <@dazo> IPv6 will usually be used first if it is available
11:30 <@dazo> Have you configured IPv6 for the VPN tunnel?
11:30 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
11:30 < CryptoSiD> nope, only ipv4 on the tunnel
11:30 <@dazo> that's the first issue
11:30 < CryptoSiD> and yes, if my vpn is off, ipv6 is first, but if the vpn is on, ipv4 is forced
11:30 < CryptoSiD> prolly cause of the bypass-dhcp
11:31 <@dazo> now you're guessing
11:31 < CryptoSiD> Well, could you give me a hint?:)
11:31 <@dazo> !man
11:31 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
11:31 < CryptoSiD> lol
11:31 <@dazo> !spoonfeeding
11:31 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html
11:33 <@dazo> CryptoSiD: do you have IPv6 available in the local net of the client? ... and does your VPN server side have IPv6 connectivity?
11:36 < CryptoSiD> they both have ipv6, but i only want a ipv4 vpn
11:36 <@dazo> fair enough, then your goal is settled
11:37 <@dazo> which OS is the client?
11:37 < CryptoSiD> windows
11:37 < CryptoSiD> server is ubuntun 15.04
11:38 <@dazo> okay, I honestly don't know how Windows behaves with dual stack and different default gateways
11:38 <@dazo> In Linux, it would behave as expected ... but I have no idea if Windows tries to be more clever
11:39 < CryptoSiD> but didnt you told me that I dont need the bypass-dhcp stuff?
11:39 <@dazo> Yeah, and I said that was probably unrelated to your question
11:40 <@dazo> I've just seen a trend lately that people add bypass-dhcp without knowing why they do it ... just trying to understand why people do that
11:42 < CryptoSiD> it was in the tutorial i used:D
11:43  * dazo need to head home anyway ...
11:44 < CryptoSiD> I cant find any other way to do it
11:44 < CryptoSiD> I mean, the man page is pretty big.
11:44 -!- dazo is now known as dazo_afk
11:46 -!- Eugene [~eugene@jack.kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
11:47 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
12:07 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
12:09 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has joined #openvpn
12:10 < stuartm_> the openvpn client in Mageia 5 seems unable to create the necessary routes even when it's run as root, there are no errors in the logs and I can manually create the same routes that it tries to create, any ideas?
12:11 < stuartm_> in fact it's not just the routes, but the interface configuration and dns (pushed) configuration, none of that actually happens even though the client logs show it executing the commands
12:29 < stuartm_> I'll be back later with configs and logs, sorry for the hit and run
12:29 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has quit [Quit: Arrividerci]
12:31 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
13:16 -!- dansanger [~vpnuser@190.72.179.173] has quit [Ping timeout: 245 seconds]
13:34 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
13:45 -!- dansanger [~vpnuser@190.72.179.173] has joined #openvpn
14:19 -!- r8b7xy_ [~weechat@104.238.169.75] has joined #openvpn
14:32 -!- thomas_d [1f063aab@gateway/web/freenode/ip.31.6.58.171] has quit [Quit: Page closed]
14:40 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has joined #openvpn
14:41 < stuartm_> !logs
14:41 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
14:44 < stuartm_> with apologies for repeating myself, but for the benefit of those who weren't here earlier:
14:45 < stuartm_> the openvpn client in Mageia 5 seems unable to create the necessary routes even when it's run as root, there are no errors in the logs and I can manually create the same routes that it tries to create
14:45 < stuartm_> http://www.fpaste.org/224795/14323237/
14:45 < stuartm_> as can be seen in the log, there are no errors reported when it executes the ifconfig/route commands
14:46 < stuartm_> but neither the interface configuration or route changes actually happen
14:53 < stuartm_> client config - http://fpaste.org/224806/32441114/
15:02 -!- r8b7xy_ [~weechat@104.238.169.75] has quit [Read error: Connection reset by peer]
15:02 -!- r8b7xy [~weechat@104.238.169.75] has joined #openvpn
15:09 -!- r8b7xy [~weechat@104.238.169.75] has quit [Quit: WeeChat 1.2]
15:09 -!- r8b7xy [~weechat@104.238.169.75] has joined #openvpn
15:10 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
15:11 -!- r8b7xy [~weechat@104.238.169.75] has quit [Client Quit]
15:11 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:12 -!- r8b7xy [~weechat@104.238.169.75] has joined #openvpn
15:12 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
15:12 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
15:13 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
15:13 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has joined #openvpn
15:13 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has quit [Remote host closed the connection]
15:14 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has joined #openvpn
15:18 -!- r8b7xy [~weechat@104.238.169.75] has quit [Quit: WeeChat 1.2]
15:18 -!- r8b7xy [~weechat@104.238.169.75] has joined #openvpn
15:20 -!- dansanger [~vpnuser@190.72.179.173] has quit [Ping timeout: 256 seconds]
15:26 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
15:29 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has quit [Remote host closed the connection]
15:29 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has joined #openvpn
15:31 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
15:37 -!- dansanger [~vpnuser@190.72.179.173] has joined #openvpn
15:39 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has quit [Ping timeout: 272 seconds]
15:39 -!- stuartm___ [~gbee@mythtv/developer/stuartm] has joined #openvpn
15:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 258 seconds]
15:42 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
15:42 < pie_> does openvpn actually not send any data over the tun device on the server?
15:42 < pie_> im trying to debug by tcpdumping but there is no traffic
15:43 < pie_> nvm i take that back
15:44 -!- stuartm___ [~gbee@mythtv/developer/stuartm] has quit [Ping timeout: 245 seconds]
15:45 -!- stuartm___ [~gbee@mythtv/developer/stuartm] has joined #openvpn
15:46 -!- stuartm___ is now known as stuartm_
15:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
15:53 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has quit [Ping timeout: 250 seconds]
15:54 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has joined #openvpn
15:55 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
15:55 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:56 -!- badon_ is now known as badon
15:56 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
16:00 -!- liriel [~liriel@185.21.217.6] has quit [Quit: bye]
16:01 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has quit [Remote host closed the connection]
16:01 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has joined #openvpn
16:09 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
16:11 -!- Six6siX [~Devil@jasmine.sammybakar.com] has joined #openvpn
16:15 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has quit [Remote host closed the connection]
16:15 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has joined #openvpn
16:25 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:30 -!- stuartm_ [~gbee@mythtv/developer/stuartm] has quit [Quit: Arrividerci]
16:46 -!- r8b7xy [~weechat@104.238.169.75] has quit [Quit: WeeChat 1.2]
16:46 -!- r8b7xy [~weechat@104.238.169.75] has joined #openvpn
16:48 -!- r8b7xy [~weechat@104.238.169.75] has quit [Client Quit]
16:48 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
16:48 -!- r8b7xy [~weechat@104.238.169.75] has joined #openvpn
16:54 -!- liriel [~liriel@185.21.217.6] has quit [Quit: bye]
17:01 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
17:03 -!- dansanger [~vpnuser@190.72.179.173] has quit [Ping timeout: 265 seconds]
17:03 < CryptoSiD> im having  a weird problem, im able to connect to my vpn, it give me an ip (10.8.0.6) but im unable to ping 10.8.0.1
17:03 < CryptoSiD> it was working fine for days
17:03 < CryptoSiD> no idea whats happening
17:04 < CryptoSiD> server cant ping client also, it was also working for days on both side
17:05 < CryptoSiD> I have no firewall at all on the server, server.conf http://paste.ubuntu.com/11293223/
17:06 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
17:06 -!- capri [svedrin@elwing.funzt-halt.net] has quit [Ping timeout: 276 seconds]
17:06 < CryptoSiD> client.ovpn : http://paste.ubuntu.com/11293266/
17:07 < CryptoSiD> if anyone have an idea whats wrong let me know:|
17:08 < CryptoSiD> and the client logs when connecting to the server: http://paste.ubuntu.com/11293291/
17:09 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
17:10 -!- capri [svedrin@elwing.funzt-halt.net] has joined #openvpn
17:13 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Quit: .]
17:15 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
17:16 < CryptoSiD> i dont get it:|
17:18 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
17:19 < CryptoSiD> 18:18:57.265933 IP 10.8.0.6 > 10.8.0.1: ICMP echo request, id 1, seq 651, length 40
17:19 < CryptoSiD> but the server cant reply to 10.8.0.6... it say host unreachable
17:22 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:32 < CryptoSiD> anyone?!
17:33 -!- Caplain [~shayne@c-68-34-28-235.hsd1.mi.comcast.net] has quit [Quit: Leaving]
17:34 < CryptoSiD> !goal
17:34 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
17:34 < CryptoSiD> !goal I would like to access the internet over my vpn
17:34 < CryptoSiD> !goal i would like to be able to ping my vpn server:D
17:36 < r8b7xy> simple question - have you rebooted vpn device? :)
17:37 < r8b7xy> few days ago i had similar problem and I had to comment out persist-tun from my config - this hang my vpn connection after reconnection to my AP
17:37 < CryptoSiD> i rebooted both, server and client
17:37 < r8b7xy> so persist-tun has nothing to do here
17:38 < CryptoSiD> client connect fine to the server, server assign an ip to the client, but i cant ping client from server not server from client
17:38 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
17:38 < CryptoSiD> it was working fine this morning and yesterday:|
17:39 -!- fred`` [fred@earthli.ng] has joined #openvpn
17:41 < CryptoSiD> all i did was remove that line "push "redirect-gateway def1 bypass-dhcp"", and i put it back like 5 min later
17:41 < CryptoSiD> since then, im unable to ping from both side
17:43 -!- r8b7xy [~weechat@104.238.169.75] has quit [Quit: WeeChat 1.2]
17:43 -!- r8b7xy [~weechat@104.238.169.75] has joined #openvpn
17:45 -!- jonasdhaen [~jonasdhae@x590fba0f.dyn.telefonica.de] has quit [Quit: jonasdhaen]
17:48 < CryptoSiD> my god.... im unable to fix this:(
17:49 < CryptoSiD> look like its a route problem... i did a traceroute to 10.8.0.6... it goes trough the wan
17:51 < CryptoSiD> i changed 10.0.8.0 to 10.10.20.0 and now it work fine...
17:52 < CryptoSiD> now... back to the original problem...
17:52 < CryptoSiD> when i have this in my server.conf push "redirect-gateway def1 bypass-dhcp", on the client side, it use the ip of the server, the problem is on the client side it ALWAYS use ipv4 even if the website or whatever host have an ipv6 also, id like to keep the ipv6 first, any way to do this?
17:59 < shio> to use ipv6 properly on both side, u need to have a specific ipv6 config on ur server
17:59 < shio> https://community.openvpn.net/openvpn/wiki/IPv6
17:59 <@vpnHelper> Title: IPv6 – OpenVPN Community (at community.openvpn.net)
18:00 < shio> as for the ping issue, does u server ip forward?
18:00 < CryptoSiD> i fixed the ping issue by changing the vpn /24
18:01 < CryptoSiD> no idea why 10.8.0.0/24 wasnt working anymore
18:01 < shio> that looks like a temporary config that was lost upon a restart
18:02 < shio> but i'm no guru so can't be sure
18:03 < CryptoSiD> traceroute to 10.10.20.6 (10.10.20.6), 30 hops max, 60 byte packets
18:03 < CryptoSiD>  1  68.168.121.13 (68.168.121.13)  0.671 ms  0.761 ms  0.808 ms
18:03 < CryptoSiD>  2  te4-2.csr1.mtl3.gtcomm.net (67.215.0.80)  0.608 ms  0.641 ms  0.860 ms
18:03 < CryptoSiD> here we go again
18:04 < CryptoSiD> its trying to route a rfc 1918 ip trough the internet... pretty stupid
18:06 < CryptoSiD> if i change to 10.10.30.0/24 it work fine again.
18:07 < CryptoSiD> about ipv6, can i have 1 server.conf doing both ipv4 and ipv6?
18:08 < CryptoSiD> I'd like to run the vpn ipv4 only, having the client use the server ipv4 on ipv4 only host, and still use the client ipv6 on host that have ipv6
18:09 < shio> proto udp6 will handle both v4 & v6 iirc
18:09 < CryptoSiD> but I'll have to set a ipv6 range for the vpn right?
18:11 < shio> that sounds correct, but i've never done that, so don't quote me on that lol
18:12 < shio> i just know udp6 can handle both protocol at the same time
18:12 < CryptoSiD> binding the vpn to an ipv4 fix this:)
18:12 < CryptoSiD> it does what i want!
18:14 < CryptoSiD> nevermind... i cant use the server ipv4 anymore on the client side
18:18 < CryptoSiD> well everything is fine!! (im happy again), sorry for "flooding the channel"
18:20 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:21 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-qkehaarmahfnpons] has quit [Ping timeout: 256 seconds]
18:21 < shio> not to mention u found ur issue urself :)
18:22 < CryptoSiD> I didnt found the issue but i found a way to dodge it lol
18:26 < CryptoSiD> i mean i found the issue, but not the fix (english issue there) :)
18:26 < CryptoSiD> thanks for the moral support tho:P
18:27 < CryptoSiD> Your browser has real working IPv6 address - but is avoiding using it. We're concerned about this
18:27 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-nvwdfqrxesnfilik] has joined #openvpn
18:27 < CryptoSiD> its forcing ipv4 again:|
18:28 < shio> u added udp6 on the client side too?
18:29 < CryptoSiD> I havent added udp6 on the server, i binded it to a ipv4 only
18:29 < CryptoSiD> but it dont do want i want it to do
18:29 < CryptoSiD> I'd like to run the vpn ipv4 only, having the client use the server ipv4 on ipv4 only host, and still use the client ipv6 on host that have ipv6
18:31 < shio> then u have to use udp6 if you want ipv6 clients to connect with ipv6
18:32 < shio> as udp6 can also handle ipv4, it'll work with ipv4 clients
18:32 < CryptoSiD> the client already have a ipv6, i want it to use its own ipv6, unrelated to the vpn
18:32 < shio> http://serverfault.com/questions/651832/openvpn-with-mixed-ipv4-and-ipv6-clients
18:32 <@vpnHelper> Title: OpenVPN with mixed ipv4 and ipv6 clients - Server Fault (at serverfault.com)
18:32 < CryptoSiD> but when i add push "redirect-gateway def1- bypass-dhcp" it force ipv4 everywhere, even if the host have ipv6
18:33 < CryptoSiD> I dont want to do ipv6 on the vpn, i only want to do ipv4 , but on the client side i want to still be able to use my ipv6 as priority, if the host have an ipv6
18:33 < shio> u need to add -ipv6 after gateway for the ipv6 part
18:34 < shio> "redirect-gateway-ipv6
18:34 < CryptoSiD> but the vpn dont have ipv6?
18:34 < CryptoSiD> and i dont want to do ipv6 on the vpn.
18:35 < Abbott> I can successfully connect to my VPN, but I get DNS errors whenever I try to access any webpages. Is this a common problem?
18:36 < shio> yeah so, the vpn shouldl browse with ipv4 but should connect with clients through ipv6 when available
18:36 < shio> well then i don't know
18:36 < shio> maybe u should try the openvpn forums, they're faster to answer
18:37 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
18:38 < CryptoSiD> [19:36:09] <shio> yeah so, the vpn shouldl browse with ipv4 but should connect with clients through ipv6 when available
18:38 < CryptoSiD> this is exactly what i want
18:38 < CryptoSiD> but right now its forcing ipv4 everywhere
18:38 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:40 < shio> also, i wonder if you shouldn't add ipv6 at the end of the remote line on the client side
18:40 < shio> i mean udp6
18:40 < shio> there's also a udp6 line on the client conf right?
18:42 < CryptoSiD> on the server its udp, not udp6
18:42 < CryptoSiD> i dont wanna use ipv6 on the vpn:)
18:43 < shio> u have to put udp6 for it to handle ipv6 connections with clients
18:43 < shio> unless u add gateway-ipv6, the vpn will browser with ipv4
18:43 < CryptoSiD> but i want the client to use its own ipv6, not the vpn ipv6
18:44 < shio> on the client side, there should be a proto udp6 and "maybe" a udp6 at the end of the "remote" line
18:44 < CryptoSiD> the client have its own ipv6, i want it to use it when a host have ipv6, but when its ipv4, i want the client to use the server ipv4 address, its already doing the ipv4 part, but its also forcing ipv4 everywhere, even if the host have ipv6
18:46 < shio> yeah, but in that case, the ipv6 will just be used to connect the client to the vpn, after that the vpn will browse through ipv4
18:47 < shio> everything in your config should use ipv6, apart from the gateway part
18:49 < CryptoSiD> mkk, I'll try that later I gotta leave to work now
18:49 < CryptoSiD> thanks for help:)
18:49 < shio> at least that's how i think it works
18:49 < shio> shouldn't hurt to try :)
18:49 < shio> u're welcome
18:52 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
18:52 -!- cylon512 [~cylon@93-80-24-80.broadband.corbina.ru] has quit [Ping timeout: 276 seconds]
18:54 -!- cylon512 [~cylon@2.92.130.73] has joined #openvpn
19:06 < Abbott> I am able to access Google via 74.125.228.232 when connected to my VPN but DNS isn't working
19:07 < Abbott> So I can't get to it with google.com
19:51 -!- c2pLaY [~c2pLaY@gateway/vpn/privateinternetaccess/c2play] has joined #openvpn
19:55 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
20:19 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:23 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Ping timeout: 258 seconds]
20:54 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 258 seconds]
21:07 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
21:13 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 256 seconds]
21:17 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
21:27 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
21:47 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
22:13 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
22:19 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
22:23 -!- c2pLaY [~c2pLaY@gateway/vpn/privateinternetaccess/c2play] has quit [Ping timeout: 272 seconds]
22:39 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 246 seconds]
23:03 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
23:05 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
23:05 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
23:05 -!- badon_ is now known as badon
23:10 < CryptoSiD> Abbott dhcp-options DNS
23:13 < CryptoSiD> why openvpn set dhcp server as 10.10.30.5 and not 10.10.30.1 if i use 10.10.30.0/24
23:13 < CryptoSiD> just wondering
23:29 -!- ShadniX [dagger@p579412A8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:29 -!- ShadniX_ [dagger@p5481DE62.dip0.t-ipconnect.de] has joined #openvpn
23:29 -!- ShadniX_ is now known as ShadniX
--- Day changed Sat May 23 2015
00:50 -!- sysanthrope [~sysanthro@ip174-70-126-20.no.no.cox.net] has joined #openvpn
00:52 -!- sysanthrope [~sysanthro@ip174-70-126-20.no.no.cox.net] has quit [Remote host closed the connection]
01:23 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:30 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
01:30 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:31 -!- badon_ is now known as badon
01:34 < Abbott> CryptoSiD is that I'm server.conf or client.conf
01:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:42 -!- mode/#openvpn [+o mattock1] by ChanServ
01:45 < Abbott> I have push `dhcp-options DNS default.dns.server.given.by.ovpn` but enabling that didn't help
01:54 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
01:56 -!- cylon512 [~cylon@2.92.130.73] has quit [Quit: leaving]
01:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
02:14 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
03:09 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:13 -!- jonasdhaen [~jonasdhae@x5ce2e483.dyn.telefonica.de] has joined #openvpn
03:59 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
04:05 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Quit: .]
04:06 -!- CryptoSiD [SiD@74.120.220.253] has joined #openvpn
04:06 -!- CryptoSiD [SiD@74.120.220.253] has quit [Client Quit]
04:07 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:07 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
04:13 -!- cheesenbiscuits [~cheesenbi@124.82.60.242] has joined #openvpn
04:13 < cheesenbiscuits> Hello All...
04:13 < cheesenbiscuits> I'm following a guide here on building an openvpn server on ubuntu 14.04 lts
04:14 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:14 < cheesenbiscuits> https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
04:14 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Ubuntu 14.04 | DigitalOcean (at www.digitalocean.com)
04:14 < cheesenbiscuits> The problem is that when I try to build my 'ca' using the command: ./build-ca
04:14 < cheesenbiscuits> I get an error in the script on line 198...
04:16 < cheesenbiscuits> I've found a couple of posts on the Ubuntu forms that say to add a line: export KEY_ALTNAMES="whatever"
04:16 < cheesenbiscuits> doesn't seem to work though. Any ideas?
04:18 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Quit: .]
04:18 -!- CryptoSiD [SiD@74.120.220.253] has joined #openvpn
04:21 -!- CryptoSiD [SiD@74.120.220.253] has quit [Client Quit]
04:21 -!- CryptoSiD [SiD@74.120.220.253] has joined #openvpn
04:27 -!- CryptoSiD [SiD@74.120.220.253] has quit [Quit: .]
04:27 -!- CryptoSiD [SiD@74.120.220.253] has joined #openvpn
04:30 -!- CryptoSiD [SiD@74.120.220.253] has quit [Client Quit]
04:31 -!- cheesenbiscuits [~cheesenbi@124.82.60.242] has quit [Ping timeout: 255 seconds]
04:31 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
04:32 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
04:33 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
04:34 -!- Wessix [~odroid@p5797C7BA.dip0.t-ipconnect.de] has joined #openvpn
04:36 -!- cheesenbiscuits [~cheesenbi@124.82.60.242] has joined #openvpn
04:37 < cheesenbiscuits> I'm back... anybody?
04:37 -!- jonasdhaen [~jonasdhae@x5ce2e483.dyn.telefonica.de] has quit [Quit: jonasdhaen]
04:39 -!- Wessix [~odroid@p5797C7BA.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
04:52 -!- AlmogBaku [~AlmogBaku@bzq-79-176-238-251.red.bezeqint.net] has joined #openvpn
04:52 < AlmogBaku> hi
04:53 -!- AlmogBaku [~AlmogBaku@bzq-79-176-238-251.red.bezeqint.net] has left #openvpn []
05:02 -!- AlmogBaku [~AlmogBaku@bzq-79-176-238-251.red.bezeqint.net] has joined #openvpn
05:03 < AlmogBaku> do you have an idea how can I count traffic per user?
05:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:04 -!- mode/#openvpn [+o mattock1] by ChanServ
05:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
05:10 -!- jonasdhaen [~jonasdhae@x5ce2e483.dyn.telefonica.de] has joined #openvpn
05:15 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has left #openvpn []
05:50 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
06:15 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:51 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
06:56 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
07:03 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
07:10 -!- cheesenbiscuits [~cheesenbi@124.82.60.242] has left #openvpn []
07:59 -!- sysanthrope [~sysanthro@ip174-70-126-20.no.no.cox.net] has joined #openvpn
08:01 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:12 -!- sysanthrope [~sysanthro@ip174-70-126-20.no.no.cox.net] has quit [Remote host closed the connection]
08:31 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 264 seconds]
08:33 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
08:50 -!- jonasdhaen [~jonasdhae@x5ce2e483.dyn.telefonica.de] has quit [Quit: jonasdhaen]
09:17 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
09:23 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
09:25 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
09:27 -!- jonasdhaen [~jonasdhae@x5ce2e483.dyn.telefonica.de] has joined #openvpn
09:27 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 250 seconds]
09:28 -!- alanjf [~ajf@unaffiliated/alanjf] has joined #openvpn
09:29 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
09:30 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
09:32 < alanjf> Does anyone know why `openssl dhparam -out dh3072.pem 3072` would take 45 min (which seems normal) but `openssl dhparam -out dh4096.pem 4096` has been going all night and still hasn't finished?
09:32 < alanjf> I mean 4096 isn't /that/ much higher than 3072, why would it take so much longer ?
09:36 < AlmogBaku> 45m???
09:36 < shio> what cpu are u generating it on?
09:36 < AlmogBaku> thats a lot
09:36 < AlmogBaku> what is your linux dist?
09:37 < alanjf> It's on a somewhat older server I had access to at the time. It's a P4 3gz 4GB ram Linux 3.1
09:37 < alanjf> The server otherwise runs great.
09:38 < AlmogBaku> :O
09:38 < AlmogBaku> well.. that really a old server
09:38 < alanjf> The question is why 45 min vs over 12 hours so far for 3072 vs 4096 bits, that's a usage descepency, regardless of CPU.
09:38 < AlmogBaku> 45m is also a lot..
09:39 < alanjf> It was slightly less than 45 min, but why would 4096 take so much longer?
09:39 < AlmogBaku> because it have to build a much more complex key.. and your server is...... not quite a server
09:39 < AlmogBaku> I guess
09:40 < AlmogBaku> It takes me to build 3072 less than a minute on my server
09:40 < alanjf> Yes but 4096 isn't that much more than 3072
09:40 < AlmogBaku> if you use fedora, there is a tool that can help you accelerate it(but it not needed in ubuntu for ex)
09:41 < alanjf> OpenSSL 1.0.1l 15 Jan 2015
09:41 < shio> https://openvpn.net/archive/openvpn-users/2006-03/msg00055.html
09:41 <@vpnHelper> Title: [Openvpn-users] Re: OpenVPN Server Performance (real experience) (at openvpn.net)
09:41 < alanjf> Like I said openvpn runs just fine on this box.
09:42 < shio> certainly, though 4096 is more than strong (and overkill for everyday usage lol)
09:42 < alanjf> I use 4096 keys for openvpn (when I first generated them it went very fast, like minutes if that) so I don't know why DH keys take so much longer.
09:42 -!- soLucien [~Lu@130.225.165.39] has quit [Disconnected by services]
09:43 < alanjf> And it doesn't slow anything down.
09:43 < alanjf> I guess I'll use 3072 for DH.
09:44 < alanjf> I just wanted to up DH from 2048 after reading a recent post in the OpenVPN mailing list.
09:44 -!- BigNasty [~Ooze@66-227-132-129.dhcp.trcy.mi.charter.com] has joined #openvpn
09:44 -!- cylon512 [~cylon@2.92.130.73] has joined #openvpn
09:44 < BigNasty> I'm having trouble connecting to the web UI on an external connection
09:45 < BigNasty> I forwarded ports 443, 943, and 1194
09:45 < BigNasty> I can use a port tester and it says they're open
09:45 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number]
09:45 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
09:45 < BigNasty> Is there some setting I have to change within the local web ui to allow external connections?
09:47 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number]
09:48 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
09:52 < BigNasty> Anyone awake?
09:55 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number]
09:55 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has joined #openvpn
09:57 -!- pie_ [~pie_@unaffiliated/pie-/x-0787662] has quit [Read error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number]
10:01 < alanjf> So is 3072 enough bits fopr DH in light of that new attack?
10:01 < alanjf> (https://weakdh.org/ is the link someone posted in the mailing list.)
10:01 <@vpnHelper> Title: Logjam: How Diffie-Hellman Fails in Practice (at weakdh.org)
10:01 < alanjf> Yeah that.
10:04 < BigNasty> Freenode channels are the best
10:10 -!- pk12 [~pk12@199.241.146.163] has joined #openvpn
10:12 < BigNasty> Does 1194 have to be open to connect to the web ui on an outside connection?
10:12 < BigNasty> That's the only one that it says isnt' open, but that could just be because something isn't running
10:40 -!- DArqueBishop [~drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 265 seconds]
10:41 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
10:43 < Codmadnesspro> BigNasty, sudo service openvpn status
11:06 -!- pk12 [~pk12@199.241.146.163] has quit [Quit: Textual IRC Client]
11:22 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
11:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:23 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
11:24 -!- AlmogBaku [~AlmogBaku@bzq-79-176-238-251.red.bezeqint.net] has quit [Ping timeout: 256 seconds]
11:52 -!- zmachine [uid53369@gateway/web/irccloud.com/x-oybkeavpzzmnvmnj] has joined #openvpn
11:59 < Abbott> Dns isn't working through my vpn. I have `push "dhcp-options DNS given.dns.server.here" in my server config but it still wouldn't work. I can go to resolved webpages, so I know it's only a dns problem
12:38 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
12:41 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
13:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:13 -!- mode/#openvpn [+o mattock1] by ChanServ
13:59 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
13:59 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
14:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
14:37 -!- zmachine [uid53369@gateway/web/irccloud.com/x-oybkeavpzzmnvmnj] has quit [Quit: Connection closed for inactivity]
14:51 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:51 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
14:54 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
14:56 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 265 seconds]
15:11 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
15:35 -!- gnerd [~gnerd@c-73-128-94-231.hsd1.md.comcast.net] has joined #openvpn
15:36 -!- LurkAshFlake [~lurk@unaffiliated/lurkashflake] has joined #openvpn
15:37 < LurkAshFlake> the server i want to connect to gave me all crt .key and .opvn file do i use all those?
15:40 <+esde> Please explain who "the server" is? Please post !configs.
15:40 -!- gnerd [~gnerd@c-73-128-94-231.hsd1.md.comcast.net] has quit [Ping timeout: 276 seconds]
15:41 <+esde> (.ovpn files are usually openvpn config files)
15:42 < BigNasty> Codmadnesspro, it doesn't print anything back
15:42 < LurkAshFlake> +esde someone who host an openvpn server
15:43 <+esde> BigNasty if you're using a web ui, you're probably using !as
15:43 <+esde> !as
15:43 < Codmadnesspro> BigNasty, sudo service openvpn start?
15:43 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
15:43 <+esde> LurkAshFlake thanks for the vague answer. Where is the !configs?
15:43 < BigNasty> Codmadnesspro, that doesn't print anything either
15:43 < Codmadnesspro> BigNasty, read what esde said
15:44 < Codmadnesspro> tbh I don't even know what AS is for
15:45 <+esde> there arent many details, so im inferring that he's using access server. he could also be asking how to allow local connection to clients, who knows!
15:46 < badon> I have strange situation where OpenVPN won't even log an error. The last log error information it produced was "Assertion failed at misc.c:785". Any ideas for debugging this further?
15:46 < LurkAshFlake> in /etc/openvpn i got a client.conf file is this the !configs you are referring to?
15:46 <+esde> !welcome
15:46 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
15:46 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:46 <+esde> badon ^
15:46 <+esde> we will need !logs and !configs for client and server
15:47 < badon> Right, I'm not asking for YOU to debug it further, I'm asking for advice for ME to debug it further.
15:47 < badon> I was planning on doing the debugging work, and then submitting a formal bug report.
15:47 <+esde> Then don't provide the information. Does not effect me either way.
15:47 <+esde> We're all trying to help each other here.
15:47 <+esde> !secret
15:47 <@vpnHelper> "secret" is funny that people use free programs, consult free help for them, run a business with them, but are restricted to say what they do.
15:48 < badon> Of course, if necessary, I can do the bug report now with the info I have, including logs and configs.
15:48 < LurkAshFlake> my secret is that the server come from hackforums.com
15:48 < LurkAshFlake> unsure if i can trust it though
15:49 <+esde> LurkAshFlake see !howto since you also seem to have some problem wiht providing the information i requested
15:49 <+esde> *th
15:49 < LurkAshFlake> !howto
15:49 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
15:50 < LurkAshFlake> is this how to for making my own server?
15:51 <+esde> it is a complete howto... you should only be concerned with the portion pertaining to client connections. it will explain what to do with the file and how it relates to the .ovpn (client config) you were provided
15:51 < Codmadnesspro> there's even digitalocean tutorials on how to set it up
15:51 < LurkAshFlake> ty kind sir
15:52 < Codmadnesspro> tbh i prefer the digitalocean openvpn tutorial
15:52 <+esde> however, it is up to you to figure it out. we will answer specific questions and may request additional information to do so. if you're not comfortable with that, or expect to be spoonfed, im sorry
15:52 <+esde> !walkthrough
15:52 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
15:52 < LurkAshFlake> :)
15:52 <+esde>  !howto is the only tutorial that matters in here
15:52 < LurkAshFlake> that's why i'm new to linux and installed arch anyway haha
16:00 < LurkAshFlake> ok my question might be clearer now, It says to generate the master Certificate Authority Ca and a key, those are provided already by the guy do i use what's provided?
16:01 <+esde> LurkAshFlake the config defines the path to the files it needs
16:01 <+esde> hope that helps
16:01 < LurkAshFlake> great!
16:02 <+esde> (see the note about windows paths)
16:02 <+esde> (if applicable)
16:02 < LurkAshFlake> arch linux
16:10 < LurkAshFlake> I properly configuer the client.conf to the path of the file. I don't know what to do with the .ovpn file. Do i need to specify it's path in the config file too?
16:11 < LurkAshFlake> esde
16:13 <+esde> you can place it wherever your distro/package/configuration looks for config files be default, or start openvpn on the command line with a config directive pointing to the location of the config file
16:15 < LurkAshFlake> i just read .ovpn is the .conf of windows do i need this file?
16:16 <+esde> you could rename it to .conf if you'd like
16:17 < LurkAshFlake> hmm
16:18 <+esde> what's their to hmm about? so long as the contents work with the server's configuration. that is what matters. you could call the file abc.123, so long as you called it by it's name on the command line, it would work.
16:19 -!- wlarip [~wlarip@169.57.0.217-static.reverse.softlayer.com] has quit [Ping timeout: 256 seconds]
16:19 < LurkAshFlake> the hmm was about if client.conf and the provided .ovpn would be of same use. but i think it's 2 seperate needed file
16:20 <+esde> think whatever you'd like, but i just explained what you need to know. pretty well, i think, at least.
16:20 <+esde> but since you have decided not to provide !configs, there's not much else we can say to help you.
16:21 < LurkAshFlake> !configs
16:21 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
16:21 -!- apollo13 [~apollo13@django/committer/apollo13] has joined #openvpn
16:23 <+esde> !paste
16:23 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
16:24 < apollo13> hi, can I use a tunnelnetwork /24 and assign part of that staically?
16:24 < apollo13> ie does openvpn parse the client config dirs on startapp and reserve statically specified ips there?
16:24 <+esde> !ccd
16:24 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
16:24 < apollo13> esde: yes, but that is not exactly my question
16:25 <+esde> then what is exactly your question?
16:25 < apollo13> esde: I am wondering if statically assigned ips can overlap with the dynamic pool
16:26 < apollo13> from the looks of it it seems to be a bad idea
16:26 <+esde> if you'd like it to
16:26 <+esde> it likely would
16:26 < apollo13> well but then if someone gets ip 100 and ccd for another client also pushes 100 -> fail
16:26 <+esde> hence it likely being a bad idea
16:27 < apollo13> currently I have /25 as tunnel network and I use the upper part of that with /30 for static client
16:27 < apollo13> sounds sane, right?
16:27 <+esde> someone more deft knowledgeable should answer that :)
16:27 <+esde> *-deft
16:28 < apollo13> well that part seems to work, though my routing seems to be broken :þ
16:29 <+esde> so fix your routing. there are better users for routing advice than myself in here
16:29 <+esde> but they all seem to be asleep
16:31 < apollo13> yeah, to be honest I am not sure if that is supposed to work at all
16:32 <+esde> if what is? assigning two of the same addresses to different clients that are connected at the same time is a bad idea mmmkay
16:34 < apollo13> esde: yes, but I now have a tunnel network .0.0/25 and assign a custom tunnel network to one client ala .0.128/30
16:34 < apollo13> so that one client gets .0.130 -- but that seriously breaks any routing
16:35 <+esde> im sure someone else can offer a solution, i lack the networking prowess
16:35 < apollo13> yeah, no worries, thanks for your help!
16:42 < LurkAshFlake> I don't have the file update-resolv-conf.sh in my computer what did i do wrong?
16:43 < apollo13> LurkAshFlake: which system?
16:43 <+esde> this may be what you're after https://github.com/masterkorp/openvpn-update-resolv-conf
16:43 <@vpnHelper> Title: masterkorp/openvpn-update-resolv-conf · GitHub (at github.com)
16:43 < LurkAshFlake> appolo13 arch linux
16:43 <+esde> but again, we don't know your config
16:44 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 248 seconds]
16:44 < LurkAshFlake> i can only use irssi on my laptop and i can't copy in vim on my computer, don't know why
16:44 <+esde> irssi and vim issues aren't problems for #openvpn
16:45 <+esde> if you can't produce the !configs, we can't be of much assistance, as i've said before
16:45 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has quit [Ping timeout: 256 seconds]
16:45 < apollo13> esde: aha, I think I can use ifconfig-pool to limit the tunnel network's dynamic assignment
16:46 <+esde> \m/
16:46 < apollo13> ah crap no
16:47 < apollo13> server is a shortcut for all of that
16:50 < LurkAshFlake> http://pastebin.com/u2KUCgzz here's my config sir
16:52 <+esde> so you need the files on lines 9, 10, 11, 47 & 48
16:52 <+esde> do you have them all?
16:52 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 264 seconds]
16:53 < LurkAshFlake> missing 46 & 48 I'm going to download it from your link
16:53 < LurkAshFlake> 47*
17:01 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
17:03 < LurkAshFlake> you got patience sir. it work
17:04 < LurkAshFlake> ty
17:09 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has joined #openvpn
17:16 -!- LurkAshFlake [~lurk@unaffiliated/lurkashflake] has left #openvpn []
17:22 < apollo13> esde: if you are interested, this is exactly what I wanted https://community.openvpn.net/openvpn/wiki/Concepts-Addressing#subnetExamplewithstaticccd (sadly this does not work with pfsense)
17:22 <@vpnHelper> Title: Concepts-Addressing – OpenVPN Community (at community.openvpn.net)
17:28 -!- Six6siX [~Devil@jasmine.sammybakar.com] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
17:36 < Codmadnesspro> esde, your head is shaped into a "m"?
17:36 < Codmadnesspro> ;o
17:54 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
17:55 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
17:55 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:55 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
17:56 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
18:03 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:15 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has joined #openvpn
18:18 -!- rsc [~robert@fedora/rsc] has left #openvpn ["Linux - The future has already started!"]
18:23 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:25 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
19:23 -!- jonasdhaen_ [~jonasdhae@x5ce2e238.dyn.telefonica.de] has joined #openvpn
19:23 -!- jonasdhaen [~jonasdhae@x5ce2e483.dyn.telefonica.de] has quit [Ping timeout: 276 seconds]
19:23 -!- jonasdhaen_ is now known as jonasdhaen
19:31 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
19:38 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
20:03 -!- wlarip_ [~wlarip@169.57.0.217-static.reverse.softlayer.com] has joined #openvpn
20:03 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has quit [Ping timeout: 244 seconds]
20:09 -!- zheng [~zheng@116.230.206.208] has quit [Remote host closed the connection]
20:13 -!- rtpada [~jgeilman@unaffiliated/adaptr] has joined #openvpn
20:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
20:14 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 264 seconds]
20:14 -!- badaptr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 264 seconds]
20:14 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
20:14 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Ping timeout: 264 seconds]
20:14 -!- crane [~crane@static.229.44.243.136.clients.your-server.de] has quit [Ping timeout: 264 seconds]
20:15 -!- crane [~crane@static.229.44.243.136.clients.your-server.de] has joined #openvpn
20:18 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
20:22 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
20:24 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
20:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:49 < Abbott> DNS isn't working when I'm connected to my VPN. Is this a common problem?
21:01 -!- wlarip [~wlarip@169.57.0.211-static.reverse.softlayer.com] has joined #openvpn
21:03 -!- wlarip_ [~wlarip@169.57.0.217-static.reverse.softlayer.com] has quit [Ping timeout: 265 seconds]
21:16 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
21:30 -!- AMERICAN_PSYCHO [~AMERICAN_@44.sub-70-196-17.myvzw.com] has joined #openvpn
21:31 -!- hive-mind [~hivemind@mail.bbis.us] has quit [Ping timeout: 272 seconds]
21:46 -!- hive-mind [~hivemind@mail.bbis.us] has joined #openvpn
21:58 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
22:02 -!- wlarip_ [~wlarip@169.57.0.219-static.reverse.softlayer.com] has joined #openvpn
22:03 -!- wlarip [~wlarip@169.57.0.211-static.reverse.softlayer.com] has quit [Ping timeout: 256 seconds]
22:05 -!- wlarip_ [~wlarip@169.57.0.219-static.reverse.softlayer.com] has quit [Client Quit]
22:05 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has joined #openvpn
22:12 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
22:16 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:30 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
23:03 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has quit [Ping timeout: 256 seconds]
23:26 -!- ShadniX [dagger@p5481DE62.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:27 -!- ShadniX_ [dagger@p5481D9EE.dip0.t-ipconnect.de] has joined #openvpn
23:27 -!- ShadniX_ is now known as ShadniX
23:32 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Ping timeout: 246 seconds]
23:35 < Abbott> esde do you know why DNS wouldn't work when I'm connected?
23:52 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has joined #openvpn
23:54 -!- zmachine [uid53369@gateway/web/irccloud.com/x-uyrrrfhyhonwpqgk] has joined #openvpn
--- Day changed Sun May 24 2015
00:02 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has joined #openvpn
00:05 -!- Froolap [~Froolap@pool-71-180-136-22.tampfl.fios.verizon.net] has joined #openvpn
00:06 -!- Froolap [~Froolap@pool-71-180-136-22.tampfl.fios.verizon.net] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"]
00:38 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has quit [Remote host closed the connection]
01:02 -!- wlarip_ [~wlarip@169.57.0.217-static.reverse.softlayer.com] has joined #openvpn
01:03 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has quit [Ping timeout: 244 seconds]
01:43 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
01:44 < CryptoSiD> how can i make identd (port 113) work on the clients? when using "push "redirect-gateway def1""
01:46 < CryptoSiD> on the server when i tcpdump i see its answering the auth request on port 113
01:46 < CryptoSiD> https://gist.github.com/anonymous/b09808650199bb2c69b7
01:46 <@vpnHelper> Title: identd openvpn (at gist.github.com)
01:47 < CryptoSiD> but the irc client say "no ident response"
01:59 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
02:01 -!- wlarip [~wlarip@169.57.0.210-static.reverse.softlayer.com] has joined #openvpn
02:04 -!- wlarip_ [~wlarip@169.57.0.217-static.reverse.softlayer.com] has quit [Ping timeout: 272 seconds]
02:09 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has joined #openvpn
02:09 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:13 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has quit [Ping timeout: 276 seconds]
02:23 -!- odroid [~odroid@p5B0A4A2B.dip0.t-ipconnect.de] has joined #openvpn
02:26 < odroid> Hi i have  question, probably  its more ubuntu related than openvpn but maybe someone here can help me
02:27 < odroid> i have a working .openvpn configuration file if i initiate the connection via console manually
02:27 < odroid> but i don't get it to work with lubuntu 14.04 andt the network manager
02:28 < CryptoSiD> you should ask in #ubuntu i think
02:29 < odroid> ok
02:29 < CryptoSiD> or #lubuntu
02:29 < odroid> thx anyway
02:32 -!- lbft [~lbft@unaffiliated/lbft] has quit [Quit: Bye]
02:33 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
02:36 < Abbott> CryptoSiD I'm still having dns problems even with `push 'dhcp-options DNS GIVEN.DNS.SERVER.HERE'`
02:36 < CryptoSiD> i removed the push dhcp-option dns from my conf
02:37 < CryptoSiD> so it still use my own dns
02:37 < CryptoSiD> try this
02:38 < CryptoSiD> what is your dns server?
02:39 < Abbott> I don't have my own dns I just use whatever default dns
02:42 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
02:43 < Abbott> I can't resolve urls when I'm connected to my vpn (but I can go to resolved ips to get to websites) and I just want that to work. Ideally I'd like to tunnel the dns through the vpn but if I have to use the client dns that's fine for now
02:44 < Abbott> I tried `push "redirect-gateway def1 bypass-dhcp"` too which I thought would tunnel the dns traffic but it still won't work
02:46 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
02:51 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
02:52 -!- r8b7xy [~weechat@104.238.169.75] has quit [Read error: Connection reset by peer]
02:57 -!- r8b7xy [~weechat@104.238.169.6] has joined #openvpn
02:59 -!- odroid [~odroid@p5B0A4A2B.dip0.t-ipconnect.de] has quit [Quit: Leaving]
02:59 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
03:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
03:01 -!- wlarip_ [~wlarip@169.57.0.216-static.reverse.softlayer.com] has joined #openvpn
03:04 -!- wlarip [~wlarip@169.57.0.210-static.reverse.softlayer.com] has quit [Ping timeout: 276 seconds]
03:09 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has joined #openvpn
03:14 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has quit [Ping timeout: 264 seconds]
03:15 < apollo13> Abbott: does your openvpn also push a dns server?
03:15 < TyrfingMjolnir> Which compression do you guys use in your settings?
03:15 < apollo13> if no you are still using your old one which you no longer reach after redirect-gateway…
03:16 < apollo13> TyrfingMjolnir: either nothing or comp-lzo
03:16 < TyrfingMjolnir> No xz option?
03:17 -!- zmachine [uid53369@gateway/web/irccloud.com/x-uyrrrfhyhonwpqgk] has quit [Quit: Connection closed for inactivity]
03:17 < TyrfingMjolnir> How do I log in to my VPN and then use that IP address regardless of where I'm located myself?
03:19 < Abbott> apollo13 I have tried commenting and uncommenting the push dhcp-options DNS x.x.x.x line. Which should it be on? I don't have my own dns I just want to use whatever default server a machine would use when pinging or whatever
03:23 < apollo13> Abbott: "would use" will not work with redirect-gateway
03:23 < apollo13> Abbott: configure your openvpn server to push a dns server which is reachable after redirect-gateway is sent
03:24 < apollo13> also make sure that your client config actually accepts those
03:24 < Abbott> So have `push "dhcp-options DNS 8.8.8.8"` in my server.conf for example? What do you mean by making sure my client config accepts them
03:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
03:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
03:39 < CryptoSiD> if you use openvpn-gui you have to run it as administrator
03:39 < CryptoSiD> else the client will reject push dhcp-option
03:43 < apollo13> Abbott: if you use linux you need to run a custom script (update-resolvconf or so on the client)
03:43 < Abbott> I'm using the openvpn android app as client and a debian Linux box as server
03:44 < apollo13> no idea about the android app
03:44 < apollo13> I'd use the native ipsec implemetation
03:45 < Abbott> I'm not sure what that is
03:45 < apollo13> ipsec is another type of vpn
03:47 < Abbott> Is there a way I can check with a terminal emulator once I'm connected with my phone to see if my phone is rejecting the options?
03:48 < apollo13> logfiles of openvpn usually, but dunno if you get access to that on non-rooted devices
03:48 < Abbott> I'm rooted
03:50 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
03:50 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
03:50 < Abbott> I can see the log files. It looks like it's picking up DNS servers
03:52 < Abbott> DNS servers: 8.8.8.8 8.8.4.4
03:53 < apollo13> well then check resolvconf if they are actually set
03:55 < Abbott> I also see sending push requests to server dhcp-options dns 10.8.0.1, which is just the address of the vpn
03:56 < Abbott> I will double check client config to make sure I'm not pushing anything in client cnf
04:01 -!- wlarip [~wlarip@169.57.0.214-static.reverse.softlayer.com] has joined #openvpn
04:04 -!- wlarip_ [~wlarip@169.57.0.216-static.reverse.softlayer.com] has quit [Ping timeout: 264 seconds]
04:04 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
04:05 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
04:08 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:19 -!- shio [~marmot@8.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:23 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:25 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has joined #openvpn
04:31 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has quit [Ping timeout: 272 seconds]
04:31 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
04:50 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
04:51 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
04:54 -!- crdil [~crdil@unaffiliated/cardiel] has joined #openvpn
04:55 < crdil> i configured openvpn with tun and udp on freebsd and when i connect the speeds are awful, i compared with a ssh socks connection and with openvpn i get around 50kb-100kb/s and with ssh-socks 5-10mb/s.. why is that?
05:01 -!- wlarip_ [~wlarip@169.57.0.214-static.reverse.softlayer.com] has joined #openvpn
05:01 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has quit [Ping timeout: 246 seconds]
05:01 < BtbN> Sounds like you're using a very weak CPU
05:01 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
05:02 < BtbN> Most performance is lost because openssl is more efficient encrypting large chunks of data, instead of small mtu sized blocks. So increasing the tun-mtu usual helps.
05:04 -!- wlarip [~wlarip@169.57.0.214-static.reverse.softlayer.com] has quit [Ping timeout: 265 seconds]
05:04 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
05:06 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:09 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
05:09 < crdil> BtbN, its very wierd behaviour.. download speed is only 0.5-1mbit and upload speed is 10mbit on speedtest.net..
05:10 < crdil> BtbN, its a kvm guest with 4 cpus, should be enough ?
05:14 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has quit [Quit: Searching for Waimea]
05:18 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
06:01 -!- wlarip [~wlarip@169.57.0.217-static.reverse.softlayer.com] has joined #openvpn
06:03 -!- wlarip_ [~wlarip@169.57.0.214-static.reverse.softlayer.com] has quit [Ping timeout: 244 seconds]
06:18 < CryptoSiD> how can i make identd (port 113) work on the clients? when using "push "redirect-gateway def1"", on the server when i tcpdump i see its answering the auth request on port 113: https://gist.github.com/anonymous/b09808650199bb2c69b7 but the irc client say "no ident response"
06:18 <@vpnHelper> Title: identd openvpn (at gist.github.com)
06:18 < CryptoSiD> if anyone have an idea:)
06:19 -!- Kunsi [kunsmannf@unaffiliated/kunsi] has left #openvpn []
06:26 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has joined #openvpn
06:26 -!- wlarip [~wlarip@169.57.0.217-static.reverse.softlayer.com] has quit [Ping timeout: 272 seconds]
06:28 -!- wlarip [~wlarip@169.57.0.211-static.reverse.softlayer.com] has joined #openvpn
06:31 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has quit [Ping timeout: 256 seconds]
06:35 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:38 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 272 seconds]
06:39 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
06:41 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 265 seconds]
07:01 -!- wlarip_ [~wlarip@169.57.0.212-static.reverse.softlayer.com] has joined #openvpn
07:04 -!- wlarip [~wlarip@169.57.0.211-static.reverse.softlayer.com] has quit [Ping timeout: 264 seconds]
07:08 -!- wlarip [~wlarip@169.57.0.214-static.reverse.softlayer.com] has joined #openvpn
07:11 -!- wlarip_ [~wlarip@169.57.0.212-static.reverse.softlayer.com] has quit [Ping timeout: 264 seconds]
07:21 -!- j4s0nmchr1st0s [~j4s0nmchr@96-35-189-12.static.stls.mo.charter.com] has joined #openvpn
07:22 < j4s0nmchr1st0s> Do you feel like setting up my vpn?
07:31 < apollo13> no
07:31 < j4s0nmchr1st0s> apollo13: why not?
07:32 < apollo13> j4s0nmchr1st0s: what are you paying
07:32 < j4s0nmchr1st0s> apollo13: In need of money?
07:33 < apollo13> no, but why should we do work for you
07:34 < j4s0nmchr1st0s> why test me
07:34 < j4s0nmchr1st0s> You know why
07:35 < apollo13> no, I do not
07:35 < j4s0nmchr1st0s> apollo13?
07:36 < j4s0nmchr1st0s> 13 is an interesting number
07:37 < j4s0nmchr1st0s> the only reference to this "I"
07:37 < j4s0nmchr1st0s> It is a chapter.
07:37 < j4s0nmchr1st0s> Chapter 13
07:39 < j4s0nmchr1st0s> we break the bank don't we?
07:40 < j4s0nmchr1st0s> since when does ignorance deserve a proper I?
07:42 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has joined #openvpn
07:47 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has quit [Ping timeout: 265 seconds]
08:01 -!- wlarip_ [~wlarip@169.57.0.215-static.reverse.softlayer.com] has joined #openvpn
08:02 -!- wlarip [~wlarip@169.57.0.214-static.reverse.softlayer.com] has quit [Ping timeout: 272 seconds]
08:04 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Ping timeout: 240 seconds]
08:05 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
08:14 -!- crdil [~crdil@unaffiliated/cardiel] has quit [Quit: WeeChat 1.1.1]
08:23 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
08:26 -!- crdil [~crdil@unaffiliated/cardiel] has joined #openvpn
08:44 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:49 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
08:49 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
08:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
08:50 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
08:55 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 258 seconds]
08:56 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:00 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
09:01 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has joined #openvpn
09:01 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has joined #openvpn
09:01 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
09:02 -!- Malsasa [~Malsasa@36.84.71.233] has joined #openvpn
09:04 -!- wlarip_ [~wlarip@169.57.0.215-static.reverse.softlayer.com] has quit [Ping timeout: 276 seconds]
09:21 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has quit [Remote host closed the connection]
09:36 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
09:48 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has joined #openvpn
09:56 <+esde> crdil probably like BtbN mentioned, CPU bottleneck on one end of the connection is a likely explanation. Also, that's about all we can recommend given we haven't seen your !configs or !logs. Provide those, and we might have more useful information.
09:56 <+esde> j4s0nmchr1st0s you may as well brush up on !howto. As I very highly doubt anyone in this room will do all your work for you.
10:01 -!- wlarip_ [~wlarip@169.57.0.218-static.reverse.softlayer.com] has joined #openvpn
10:03 < j4s0nmchr1st0s> calculating your calculations now?
10:03 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has quit [Ping timeout: 244 seconds]
10:03 < j4s0nmchr1st0s> rating your pro-babbly?
10:03  * esde ignore list augmented
10:05 < thumbs> j4s0nmchr1st0s: find something more productive to do.
10:16 -!- j4s0nmchr1st0s [~j4s0nmchr@96-35-189-12.static.stls.mo.charter.com] has quit [Read error: Connection reset by peer]
10:17 -!- sysanthrope [~sysanthro@97-80-63-110.static.slid.la.charter.com] has quit [Remote host closed the connection]
10:20 -!- mode/#openvpn [+o Eugene] by ChanServ
10:20 -!- mode/#openvpn [+q $a:j4s0nmchr1st0s] by Eugene
10:22 -!- zmachine [uid53369@gateway/web/irccloud.com/x-jqkhfmjlddumdtvs] has joined #openvpn
10:29 < crdil> esde, ok will paste them later
10:44 -!- Malsasa [~Malsasa@36.84.71.233] has quit [Remote host closed the connection]
10:45 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has quit [Ping timeout: 256 seconds]
10:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:51 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has joined #openvpn
10:59 -!- IronDev [~IronDev@unaffiliated/optrusty] has joined #openvpn
10:59 < IronDev> Hello whats the replacement for easy-rsa
11:00 < IronDev> Or where do I find easy-rsa
11:01 -!- wlarip [~wlarip@169.57.0.210-static.reverse.softlayer.com] has joined #openvpn
11:01 < apollo13> apt-file search easy-rsa
11:01 < apollo13> easy-rsa: /usr/share/doc/easy-rsa/README-2.0.gz
11:01 < apollo13> there  :þ
11:01 < apollo13> if you have debian
11:03 -!- wlarip_ [~wlarip@169.57.0.218-static.reverse.softlayer.com] has quit [Ping timeout: 252 seconds]
11:03 < IronDev> It only has the docs
11:04 < apollo13> no
11:04 < IronDev> apollo13 https://stavrovski.net/blog/how-to-install-and-set-up-openvpn-in-debian-7-wheezy
11:04 < apollo13> it also has /usr/share/easy-rsa/build-ca etc…
11:04 < apollo13> I just copied the first line
11:05 < apollo13> IronDev: well, get to know your system, all the needed things are still there :)
11:06 <+esde> !walkthrough
11:06 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
11:06 <+esde> !howto
11:06 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:06 <+esde> !download
11:06 < apollo13> ahaha
11:06 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
11:06 <+esde> !easy-rsa
11:06 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
11:07 < IronDev> esde I get the point
11:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:10 -!- mode/#openvpn [+o mattock1] by ChanServ
11:11 -!- AMERICAN_PSYCHO [~AMERICAN_@44.sub-70-196-17.myvzw.com] has quit [Quit: Goodbye!]
11:25 -!- wlarip [~wlarip@169.57.0.210-static.reverse.softlayer.com] has quit [Ping timeout: 246 seconds]
11:32 -!- wlarip [~wlarip@169.57.0.213-static.reverse.softlayer.com] has joined #openvpn
11:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 258 seconds]
11:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:51 -!- mode/#openvpn [+o mattock1] by ChanServ
11:52 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
11:53 < dionysus69> hello guys, I ran into a problem, I successfully setup my homeserver to forward udp 1194, I am trying to do the same at my work, I forwarded behind 2 routers, turned off all firewalls but still no luck, where could I be stuck?
11:56 < apollo13> everywhere along the way
11:56 < apollo13> figure out where you packets get lost
11:56 < apollo13> your*
11:57 < dionysus69> how do I do that? :S
11:57 < dionysus69> and the only tool I found online to check udp ports is this site https://pentest-tools.com/discovery-probing/udp-port-scanner-online-nmap
11:57 <@vpnHelper> Title: UDP Port Scan with Nmap :: Online Penetration Testing Tools | Ethical Hacking Tools (at pentest-tools.com)
11:58 -!- r8b7xy [~weechat@104.238.169.6] has quit [Ping timeout: 264 seconds]
11:58 < apollo13> tcpdump is your friend
11:58 < dionysus69> is it a web tool?
11:58 < apollo13> ugh
11:58 < dionysus69> never done it
12:01 -!- wlarip_ [~wlarip@169.57.0.210-static.reverse.softlayer.com] has joined #openvpn
12:01 -!- TyrfingMjolnir_ [~Tyrfing@90.149.171.52] has joined #openvpn
12:01 -!- TyrfingMjolnir_ is now known as TyrfingMjolnir
12:04 -!- wlarip [~wlarip@169.57.0.213-static.reverse.softlayer.com] has quit [Ping timeout: 264 seconds]
12:05 -!- r8b7xy [~weechat@104.238.169.83] has joined #openvpn
12:08 -!- IronDev [~IronDev@unaffiliated/optrusty] has quit [Quit: Lingo: www.lingoirc.com]
12:11 <+esde> dionysus69 we need your !goal
12:15 < dionysus69> esde goal is to make udp port available
12:16 -!- julius_ [~julius_@p3EE29F5A.dip0.t-ipconnect.de] has joined #openvpn
12:16 < julius_> hi
12:17 -!- gerchla [~sijuendr@faui06a.informatik.uni-erlangen.de] has joined #openvpn
12:17 < julius_> how do you tell a router that is also a vpn client to route all traffic over the vpn?          i tried adding:  push "redirect-gateway" to the clients ccd file. but still, i cant ping anything from my lan clients
12:17 <+esde> That's a goal ^
12:17 <+esde> !redirect
12:17 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
12:17 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
12:18 <+esde> julius_ ask specific questions, when and if you have them :)
12:18 < julius_> wasnt that a specific question?
12:18 <+esde> it /was/ and i pointed you to what should help you
12:18 < julius_> ah ok
12:19 < julius_> !ipforward
12:19 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
12:19 <+esde> if you have any /more/ specific questions, ask them as they come up and we'll try to help
12:19 < julius_> thx
12:19 < julius_> !linipforward
12:19 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
12:19 < gerchla> hey, what's the recommended solution if two host are within a DMZ, one hosts openvpn and the other a webserver. Cannot resolv websites from the webserver when connected to the vpn.
12:19 < julius_> !def1
12:19 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
12:19 <+esde> dionysus69 you should explain your complete goal. if making a udp port available to external hosts, you've come to the wrong place
12:20 <+esde> !101
12:20 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
12:20 <+esde> gerchla please explain your !goal and provide your !configs from each side
12:20 < gerchla> !goal
12:20 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
12:24 < dionysus69> esde: the client is unable to connect to the server because the port is blocked by something, what is an easy way to figure out what might be on the way " "
12:26 <+esde> so serverside, remove whatever is blocking the connection. if the serverside port is listening on the internet, and you still can't make connections from the client, troubleshoot whatever is filtering the client (restrictive firewall or something of the sort). if you can't create exceptions or resolve whats blocking the connection, attempt to subvert the filtering with !obfs and !obfsproxy so whatever is blocking the connection on the client side, won't be
12:26 <+esde>  able to tell the openvpn traffic from any other encrypted traffic
12:33 < Codmadnesspro> lol i remeber when I tried setting up openvpn for the first time and for over 15 days i couldn't get it to work because I forgot I hadn't of allowed port 1194 through the firewall :p
12:33 < dionysus69> esde, I feel like the problem is the udp port, because there is a second port 500 except of 1194 and they both dont respond to the udp port scanner online, while my home server responds ok with udp 1194, I have 2 routers in front of the work server and both are forwarding both 500 and 1194 port to the server :\ client has no problem connecting because the server has problem even though all...
12:33 < dionysus69> ...firewalls are down for testing purposes
12:34 <+esde> !double-nat
12:34 <+esde> !doublenat
12:34 <+esde> hmm
12:35 <+esde> it might be double-nat, why are you doing anything with port 500?
12:36 < Codmadnesspro> check what all application ports are running on
12:37 < dionysus69> esde: i have it from past, testing different vpn technologies before i stopped at openvpn, doublenat , that sounds scary, wait could running openvpn gui without admin rights be the problem? if not, how do I go "around" double nat if it is an issue?
12:38 <+esde> well it will need to run as admin at least once on windows iirc
12:38 <+esde> the only port the server needs open is the port defined in the server confi
12:38 <+esde> g
12:39 < dionysus69> esde yes and it is 1194, and what about nat? i know what nat is but I dont understand what connection does it have with this case :s
12:39 <+esde> http://www.netfilter.org/documentation/HOWTO/netfilter-double-nat-HOWTO-4.html
12:40 <@vpnHelper> Title: The Double NAT MINI-HOWTO: Second Attempt: Double NAT (at www.netfilter.org)
12:42 -!- zmachine [uid53369@gateway/web/irccloud.com/x-jqkhfmjlddumdtvs] has quit []
12:44 < dionysus69> esde I am sorry but my brain just got fried on that thing I am tired but even if I were rested... ugh I ll try reconnect computer to the first router so its behind one router...
12:45 < dionysus69> esde but wait a second though, how come tcp ports get forwarded successfully but the udps dont? I successfully forward rdp and pptp ports, I dont understand why udp would be exclusively vulnurable to double nat? could you assume something else might be the problem?
12:45 <+esde> you might be able to use a static route or something to assure the server behind two routers does not get nat'd twice, or removing one of the routers from the equation would also be great
12:46 <+esde> it's not an exclusive to udp issue
12:47 < dionysus69> esde it is quite a static route :S server has a static ip, and again tcp works only udp ports have trouble, how would you explain tcp working on the same setup and udp not willing to?
12:47 <+esde> if you remove a router, what happens?
12:48 < dionysus69> then it could work, but still why does tcp work behind two routers? I cant test removing router right now i am working with a remote location right now
12:48 <+esde> then use tcp if it works
12:49 < dionysus69> esde I have heard from reading udp is much better ? :S
12:49 <+esde> stop highlighting me on every line, it's apparent to whom you're speaking
12:49 <+esde> udp is preferable, but if it's not a viable option for you, then don't use it.
12:50 < dionysus69> haha sorry its a reflex, ok will try using tcp right now
12:56 -!- zmachine [~ROCK_@pool-173-58-228-34.lsanca.fios.verizon.net] has joined #openvpn
12:56 <+esde> im also not saying what you want to do can't be done, i just don't have the exact solution. so far as double-nat, it might not be your issue. however, with your server behind two routers, you need to configure them each to allow the traffic without interfering with it. it seems like that is what is happening now and blocking it. if it works with tcp, stick with it until you can make more changes and test them. or maybe someone else could offer some more in
12:56 <+esde> sight :D
13:00 < dionysus69> ok thanks allot esde, I changed the forwarded port types from udp to udp/tcp and now it works, will test some more tomorrow, since teamviewer got a stomach ache and lost connection with the second remote location xD
13:01 -!- wlarip [~wlarip@169.57.0.210-static.reverse.softlayer.com] has joined #openvpn
13:04 -!- wlarip_ [~wlarip@169.57.0.210-static.reverse.softlayer.com] has quit [Ping timeout: 265 seconds]
13:17 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has quit [Quit: Searching for Waimea]
14:01 -!- wlarip_ [~wlarip@169.57.0.219-static.reverse.softlayer.com] has joined #openvpn
14:03 -!- wlarip [~wlarip@169.57.0.210-static.reverse.softlayer.com] has quit [Ping timeout: 246 seconds]
14:07 -!- IronDev [~IronDev@unaffiliated/optrusty] has joined #openvpn
14:16 -!- IronDev [~IronDev@unaffiliated/optrusty] has quit [Quit: Lingo: www.lingoirc.com]
14:17 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 244 seconds]
14:23 -!- IronDev [~IronDev@unaffiliated/optrusty] has joined #openvpn
14:29 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
14:30 -!- IronDev [~IronDev@unaffiliated/optrusty] has quit [Quit: Be back later ...]
14:31 -!- IronDev [~IronDev@unaffiliated/optrusty] has joined #openvpn
14:59 -!- zmachine [~ROCK_@pool-173-58-228-34.lsanca.fios.verizon.net] has quit [Quit: Bye!]
15:01 -!- wlarip [~wlarip@169.57.0.217-static.reverse.softlayer.com] has joined #openvpn
15:04 -!- wlarip_ [~wlarip@169.57.0.219-static.reverse.softlayer.com] has quit [Ping timeout: 256 seconds]
15:04 -!- zmachine [~ROCK_@pool-173-58-228-34.lsanca.fios.verizon.net] has joined #openvpn
15:23 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 244 seconds]
15:35 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
15:36 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
15:57 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:01 -!- wlarip_ [~wlarip@169.57.0.215-static.reverse.softlayer.com] has joined #openvpn
16:04 -!- wlarip [~wlarip@169.57.0.217-static.reverse.softlayer.com] has quit [Ping timeout: 244 seconds]
16:22 < CryptoSiD> how can i make identd (port 113) work on the clients? when using "push "redirect-gateway def1"", on the server when i tcpdump i see its answering the auth request on port 113: https://gist.github.com/anonymous/b09808650199bb2c69b7 but the irc client say "no ident response"
16:22 <@vpnHelper> Title: identd openvpn (at gist.github.com)
16:23 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
16:26 -!- wlarip_ [~wlarip@169.57.0.215-static.reverse.softlayer.com] has quit [Quit: ciao]
16:26 -!- wlarip [~wlarip@169.57.0.215-static.reverse.softlayer.com] has joined #openvpn
16:26 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
16:32 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
16:53 -!- IronDev [~IronDev@unaffiliated/optrusty] has quit [Quit: Be back later ...]
16:53 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has quit [Ping timeout: 244 seconds]
16:53 -!- IronDev [~IronDev@unaffiliated/optrusty] has joined #openvpn
16:56 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
16:58 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
17:01 -!- wlarip_ [~wlarip@169.57.0.219-static.reverse.softlayer.com] has joined #openvpn
17:01 -!- toothe [~awiggin@unaffiliated/toothe] has joined #openvpn
17:04 < toothe> is it possible to tunnel ipv6 over a tunnel?
17:04 -!- wlarip [~wlarip@169.57.0.215-static.reverse.softlayer.com] has quit [Ping timeout: 256 seconds]
17:04 < toothe> i tried once a year or so back, coudln't get it working...
17:04 < apollo13> yes it is
17:04 <+esde> ?ipv6
17:05 <+esde> !ipv6
17:05 <@vpnHelper> "ipv6" is (#1) The wiki has IPv6 details: https://community.openvpn.net/openvpn/wiki/IPv6 or (#2) The manpage contains info about IPv6 features present in 2.3+: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ
17:05 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has quit [Ping timeout: 255 seconds]
17:06 < apollo13> "Otherwise, there is a way out. Typically /64 IPv6 netblocks are assigned, leaving a large address space." -- hu, is typical not 48 or so?
17:06 <+esde> comcrap gives a /64, my vps provider gives a /64
17:07 -!- Cultist [~CultOfThe@67.175.170.187] has joined #openvpn
17:07 < apollo13> This was replaced by RFC 6177, which "recommends giving home sites significantly more than a single /64, but does not recommend that every home site be given a /48 either". /56s are specifically considered. It remains to be seen if ISPs will honor this recommendation. For example, during initial trials, Comcast customers were given a single /64 network.[40
17:07 < apollo13> yeah but comcast sucks :þ
17:07 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 258 seconds]
17:08 < apollo13> /64 is just crap, no matter how you view it
17:08 <+esde> resi does but biz class has been okay so far
17:08 <+esde> ATT suuucks
17:09 < apollo13> well if you want any network segmentation /64 is just not enough
17:09  * toothe wonders if its possible to maintain am y ipv6 address, even while traveling
17:09 -!- IronDev [~IronDev@unaffiliated/optrusty] has left #openvpn ["Be back later ..."]
17:09 < apollo13> toothe: yes
17:09 < apollo13> it is called mobile ipv6 and uses a home agent and hand offs
17:09 <+esde> why wouldnt it be? ssh tunneling, vpn etc are all solutions
17:10 <+esde> or would that only work with ipv4? havent used ipv6 much
17:10 < apollo13> esde: what do you mean?
17:10 <+esde> ive been watching from afar
17:10 <+esde> just recently enabled ipv6 at home
17:11  * apollo13 has no ipv6, I am just talking from a theory point :)
17:11 <+esde> yeah should be doable
17:12 < CryptoSiD> any idea about my question guys?:D
17:13 <+esde> i dont understand your question
17:13 < apollo13> CryptoSiD: I still fail to see an actual concrete question
17:13 < apollo13> ie where is identd running, where does the irc server try to reach it etc…
17:13 < CryptoSiD> identd is running on server and on client, but the packet dont reach the client, so the irc client say no ident response
17:14 < apollo13> a tcpdump is all nice and good, but well… we need to know your network structure
17:14 < CryptoSiD> its answered from the server
17:14 -!- Cultist [~CultOfThe@67.175.170.187] has quit [Ping timeout: 248 seconds]
17:14 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
17:14 < apollo13> " but the packet dont reach the client," which packet
17:14 < CryptoSiD> the identd request packet
17:14 < apollo13> why would it reach the client?
17:14 < apollo13> the irc server would send it to the connecting ressource
17:14 < apollo13> ie the server you use
17:15 < CryptoSiD> yep... but the irc client cant see the packet since its on vpn server. so identd wont work
17:15 < apollo13> why would the irc client ever need to see those?
17:15 < CryptoSiD> [18:15:40] -irc.undernet.org- *** No ident response
17:16 < CryptoSiD> cause id like identd to work
17:16 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:16 < apollo13> to be honest, I only have a rough understanding of inetd, but I think you are confusing it even more than I do
17:16 < apollo13> CryptoSiD: see the thing is that the irc server sees you connecting from ip xxx.xxx.xxx.xx
17:16 < apollo13> then it asks xxx.xxx.xxx.xxx for identd confirmation
17:17 < apollo13> as long as your server runs a fake identd you are golden
17:17 < apollo13> but I do not think that identd has anything like forwarding identd request to your client in that case
17:17 < apollo13> would make no sense imo
17:17 < CryptoSiD> the server answer the identd confirmation, but the client dont know it?!
17:17 -!- sx3wiz [26724c47@gateway/web/cgi-irc/kiwiirc.com/ip.38.114.76.71] has joined #openvpn
17:17 < CryptoSiD> identd request *
17:17 < CryptoSiD> no idea why i said identd confirmation (sigh)
17:17 < apollo13> no, your client just says, "hey I am a stupid user"
17:18 < CryptoSiD> my irc client dont say nor dont see anything
17:18 < CryptoSiD> which is what im trying to fix.
17:18 < apollo13> and the irc server says: okay let's ask your ip if you are actually a stupid user
17:18 < apollo13> I do not think that identd has or should have __anything__ to do with your client
17:18 < CryptoSiD> yes it does.......
17:19 < apollo13> no, why?
17:19 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
17:19 < CryptoSiD> if the irc client dont see the identd request nor the answer, it'll just say no ident response.
17:19 < apollo13> an irc client __never__ answers identd request
17:19 < CryptoSiD> yes it does.
17:19 < apollo13> no, that is the job of an identd server
17:19 < CryptoSiD> ok so lets say the windows identd server then?
17:19 < CryptoSiD> doest change much, it dont reach the openvpn client.
17:20 < CryptoSiD> it only reach the openvpn server.
17:20 < apollo13> does not matter
17:20 < apollo13> yes, cause that is what the irc server sees as connecting up
17:20 < apollo13> ip*
17:20 < CryptoSiD> yep.. i understand this part.
17:20 < apollo13> there is no reason to route that further
17:20 < CryptoSiD> anyway, not that i really need to have it working
17:20 < CryptoSiD> so lets just forget this:D
17:20 < apollo13> the irc server say: hey server I have a connection coming from you on port xxxx claiming to be CryptoSiD, does this user actually exist on your server
17:21 < apollo13> ie read http://wiki.mibbit.com/index.php/Ident
17:21 <@vpnHelper> Title: Ident - Mibbit Wiki (at wiki.mibbit.com)
17:21 < CryptoSiD> i know how it work
17:21 < CryptoSiD> the server answer, but the client dont know the server answered
17:21 < apollo13> *sigh* you just have shown that you have no idea how it works
17:22 < apollo13> the identd is not a client thing, it is used by your server and the irc server to show your nick to others as ~nick or just nick
17:22 < apollo13> there is nothing your client can do to answer that
17:22 < apollo13> well in theory your client could play identd server and send fake answers or whatever, but…
17:22 < CryptoSiD> then the client wont be able to run identd
17:23 < CryptoSiD> whatever, just forget it.
17:23 < apollo13> given your scenario, no it cannot
17:23 < CryptoSiD> this guy.
17:23 < apollo13> you have to configure your __server__ to properly answer them
17:23 < CryptoSiD> the server answer them........ BUT THE CLIENT DONT KNOW ABOUT IT
17:23 < CryptoSiD> cant you fkn read?
17:23 < CryptoSiD> check the fkn tcpdump.
17:23 < CryptoSiD> its on the server side.
17:23 < apollo13> yes, screw your tcpdump
17:24 < CryptoSiD> but the client have no idea about this.
17:24 < CryptoSiD> screw your logic.
17:24 < apollo13> yes, the client needs no idea about it
17:24 < apollo13> lol, go and read what identd is and how it works
17:24 < CryptoSiD> the client sure need to know about it
17:24 < apollo13> NO
17:24 < CryptoSiD> [18:15:40] -irc.undernet.org- *** No ident response
17:24 < CryptoSiD> ELSE
17:24 < apollo13> that is a _
17:24 < CryptoSiD> ITLL SAY THIS
17:24 < apollo13> SERVER MESSAGE
17:24 < apollo13> it just tells you that YOUR SERVER DID NOT ANSWER
17:24 < CryptoSiD> my server answered
17:24 < CryptoSiD> but the client dont know the server answered
17:24 < CryptoSiD> cause the packet never reach the client
17:24 < apollo13> *sigh*
17:24 < CryptoSiD> it stay on the server.
17:25 < apollo13> you are a sad joke
17:25 < CryptoSiD> yes *sigh*
17:25 < CryptoSiD> totaly agree.
17:25 < CryptoSiD> now just shut up and forget this kid
17:25 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
17:26 < apollo13> well, if your logic is that good, please tell me how your server would know how to route arbritrary identd requests on to your openvpn client
17:26 < CryptoSiD> this is what i was asking for
17:26 < apollo13> and I will accept every sane answer which does not include pure magic or crystall balls
17:26 < CryptoSiD> since you know everything you prolly know this?
17:27 < CryptoSiD> you're about to be the first person i ignore on freenode
17:27 < apollo13> sure, technically this would be possible with a lot (really lot) of iptables magic and marking the fwmarking the packets properly and keeping state of openened ports so you know how to route back
17:27 < apollo13> but that is not how identd works or is supposed to work
17:28 < CryptoSiD> <CryptoSiD> but the client dont know the server answered
17:28 < CryptoSiD> so identd wont work on the client
17:28 < CryptoSiD> thats it.
17:28 < apollo13> seriously, if you think I'd care if you ignore me or not? you are coming in here for help and then just complain if people tell you that it is nonsense what you want
17:28 < apollo13> if the server properly answers, there is no need for the client to ever know about the identd request
17:28 < CryptoSiD> you're not "people", you seems more like an arrogant fuck
17:29 <+esde> that's not nice
17:29 <+esde> you need to play nice or leave
17:29 < CryptoSiD> I do play nice with those who play nice;p
17:30 < apollo13> well then start playing nice by yourself
17:30 <+esde> cursing and name calling is not how you should go it wither
17:30 <+esde> *e
17:35 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:36 < apollo13> anyways, what you want to do would be a fun project to implement
17:37 < apollo13> fwmark all the packages per user
17:37 < apollo13> and then write a custom identd which keeps tracks of those marks
17:37 < apollo13> iptables and whatnot will probably get your relatively far
17:37 < apollo13> (requires openvpn 2.3+ iirc)
17:39 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:01 -!- wlarip [~wlarip@169.57.0.212-static.reverse.softlayer.com] has joined #openvpn
18:04 -!- wlarip_ [~wlarip@169.57.0.219-static.reverse.softlayer.com] has quit [Ping timeout: 258 seconds]
18:11 -!- gnerd [49805ee7@gateway/web/freenode/ip.73.128.94.231] has joined #openvpn
18:12 -!- gnerd_ [~gnerd@c-73-128-94-231.hsd1.md.comcast.net] has joined #openvpn
18:13 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has joined #openvpn
18:14 < gnerd_> Hello, I have gotten my vpn working and it works on most wifi connections, but every now and then I come across a wifi network that will not let me connect to my vpn, anybody have an idea as to why?
18:16 < Codmadnesspro> gnerd_, the wifi network might have the port blocked
18:16 -!- gnerd [49805ee7@gateway/web/freenode/ip.73.128.94.231] has quit [Ping timeout: 246 seconds]
18:16 < gnerd_> Oh ok
18:16 < Codmadnesspro> This is so you can't bypass their session if I remeber
18:16 < Codmadnesspro> Such as the login stuff and that if it's paid
18:16 < gnerd_> Is there a way around that?
18:16 < Codmadnesspro> Nope
18:16 < gnerd_> Aww that's lame
18:16 < gnerd_> Thanks though
18:16 < Codmadnesspro> You could try changing the daemon port
18:17 < Codmadnesspro> though their system probs knows when its a vpn
18:17 < gnerd_> I figured
18:17 < gnerd_> Atleast it works on 95% networks I am on
18:18 < Codmadnesspro> yeah
18:18 -!- gnerd_ [~gnerd@c-73-128-94-231.hsd1.md.comcast.net] has left #openvpn []
18:28 -!- zheng [~zheng@116.230.206.208] has joined #openvpn
18:28 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:31 -!- cylon512 [~cylon@2.92.130.73] has quit [Quit: leaving]
18:33 -!- cylon512 [~cylon@2.92.130.73] has joined #openvpn
18:35 -!- zheng [~zheng@116.230.206.208] has quit [Remote host closed the connection]
18:38 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Read error: Connection reset by peer]
18:40 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
18:52 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
18:52 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
19:01 -!- wlarip_ [~wlarip@169.57.0.212-static.reverse.softlayer.com] has joined #openvpn
19:04 -!- wlarip [~wlarip@169.57.0.212-static.reverse.softlayer.com] has quit [Ping timeout: 258 seconds]
19:04 -!- hive-mind [~hivemind@mail.bbis.us] has quit [Remote host closed the connection]
19:06 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
19:21 -!- jonasdhaen_ [~jonasdhae@x590efdc8.dyn.telefonica.de] has joined #openvpn
19:23 -!- jonasdhaen [~jonasdhae@x5ce2e238.dyn.telefonica.de] has quit [Ping timeout: 256 seconds]
19:23 -!- jonasdhaen_ is now known as jonasdhaen
19:38 < hays_> is there a way to push specific dns entries to a machine connecting with openvpn?
19:39 < hays_> i'd like to push various local DNS entries when connection occurs
19:39 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Quit: ZZZZZzzzz]
19:39 < hays_> or is the best way to just have the openvpn server run a dns and push that as a dns to use
19:42 <@Eugene> !dns
19:42 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
19:42 <@Eugene> !pushdns
19:42 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
19:42 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
19:42 <@Eugene> You can push dns servers, but not individual entires
19:43 <@Eugene> The server you push, however, can be set up with locally-defined zones/entries(I hear dnsmasq is great for this; never used it myself), in addition to being a normal resolver
19:50 -!- Malsasa [~Malsasa@36.81.107.126] has joined #openvpn
19:51 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:55 -!- cylon512 [~cylon@2.92.130.73] has quit [Quit: Lost terminal]
19:56 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
20:01 -!- wlarip [~wlarip@169.57.0.212-static.reverse.softlayer.com] has joined #openvpn
20:03 -!- wlarip_ [~wlarip@169.57.0.212-static.reverse.softlayer.com] has quit [Ping timeout: 240 seconds]
20:13 -!- cylon512 [~cylon@2.92.130.73] has joined #openvpn
20:38 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 250 seconds]
20:56 -!- MogDog is now known as Laika
20:56 -!- Laika is now known as MogDog
21:01 -!- wlarip_ [~wlarip@169.57.0.210-static.reverse.softlayer.com] has joined #openvpn
21:01 -!- sx3wiz [26724c47@gateway/web/cgi-irc/kiwiirc.com/ip.38.114.76.71] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
21:03 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
21:04 -!- wlarip [~wlarip@169.57.0.212-static.reverse.softlayer.com] has quit [Ping timeout: 264 seconds]
21:13 -!- gnerd [~gnerd@c-73-128-94-231.hsd1.md.comcast.net] has joined #openvpn
21:16 -!- gnerd [~gnerd@c-73-128-94-231.hsd1.md.comcast.net] has quit [Remote host closed the connection]
21:19 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
22:01 -!- wlarip [~wlarip@169.57.0.218-static.reverse.softlayer.com] has joined #openvpn
22:04 -!- wlarip_ [~wlarip@169.57.0.210-static.reverse.softlayer.com] has quit [Ping timeout: 265 seconds]
22:42 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
22:47 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.1/20150513174244]]
22:58 < Abbott> When I run `sudo service openvpn start` I can see that the service is started, but when I run `ps aux | grep openvpn` I don't find an openvpn process running and I can't connect from any clients. If I run `sudo openvpn server.conf` I get a working openvpn process that I can connect to. "server.conf" is the only conf file in /etc/openvpn. Why won't the service start properly?
22:59 < CryptoSiD> os?
22:59 < CryptoSiD> i mean, distrib
22:59 < Abbott> debian linux
22:59 < Abbott> Jessie (testing)
22:59 < CryptoSiD> jessie?
22:59 < Abbott> Yeah
23:00 <@Eugene> Are you using the --log directive in your .conf? ;-)
23:01 -!- wlarip_ [~wlarip@169.57.0.217-static.reverse.softlayer.com] has joined #openvpn
23:03 -!- julius_ [~julius_@p3EE29F5A.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
23:03 < Abbott> I have `log openvpn.log` in my server.conf
23:03 < Abbott> Should I send my log?
23:04 -!- wlarip [~wlarip@169.57.0.218-static.reverse.softlayer.com] has quit [Ping timeout: 255 seconds]
23:05 -!- julius_ [~julius_@p3EE2913E.dip0.t-ipconnect.de] has joined #openvpn
23:13 < Abbott> When I try to run it as a service, no log is generated
23:13 < Abbott> There's no output to std out or anything either
23:27 -!- ShadniX [dagger@p5481D9EE.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:27 -!- ShadniX [dagger@p5481C9D1.dip0.t-ipconnect.de] has joined #openvpn
23:29 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
23:34 -!- cylon512 [~cylon@2.92.130.73] has quit [Quit: leaving]
23:36 < Abbott> Eugene do you know of any way to log what's happening if it doesn't log to the file I have in my conf?
23:36 <@Eugene> Usually you'd get an error on `service`, then
23:37 <@Eugene> I've no idea if Jessie is using systemd nowadays
23:37 <@Eugene> But that's where I'd look
23:56 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
--- Day changed Mon May 25 2015
00:00 -!- cylon512 [~cylon@2.92.130.73] has joined #openvpn
00:01 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 264 seconds]
00:01 < TyrfingMjolnir> Is EasyRSA the way to go making a tool for administering the OpenVPN identities?
00:01 -!- wlarip [~wlarip@169.57.0.210-static.reverse.softlayer.com] has joined #openvpn
00:01 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
00:04 -!- wlarip_ [~wlarip@169.57.0.217-static.reverse.softlayer.com] has quit [Ping timeout: 252 seconds]
00:07 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
00:12 -!- sysanthrope [~sysanthro@c-68-60-3-14.hsd1.tn.comcast.net] has joined #openvpn
00:32 <@krzee> TyrfingMjolnir, any CA software should be fine, easy-rsa is simply a frontend for calling openssl via commandline
00:32 <@krzee> but yes it is probably the most commonly used
00:32 <@krzee> !easy-rsa
00:32 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
00:35 < TyrfingMjolnir> What are the alternatives?
00:35 < TyrfingMjolnir> I'm building an intranet solution using AngularJS, NodeJS, and postgreSQL
00:54 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
01:01 -!- wlarip_ [~wlarip@169.57.0.210-static.reverse.softlayer.com] has joined #openvpn
01:03 -!- wlarip [~wlarip@169.57.0.210-static.reverse.softlayer.com] has quit [Ping timeout: 240 seconds]
01:05 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:13 -!- mode/#openvpn [+o mattock1] by ChanServ
01:15 -!- tzafrir [~tzafrir@bzq-179-40-172.cust.bezeqint.net] has quit [Ping timeout: 240 seconds]
01:19 -!- cylon512 [~cylon@2.92.130.73] has quit [Ping timeout: 272 seconds]
01:21 -!- cylon512 [~cylon@2.92.130.73] has joined #openvpn
01:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:44 -!- NoOova [~pavelpat@unaffiliated/nooova] has joined #openvpn
01:45 < NoOova> Hi guys!
01:45 < NoOova> I broke keys directory... there are no index.txt file
01:45 < NoOova> Could i regenerate it?
01:48 < NoOova> Currently i have an error: wrong number of fields on line 1 (looking for field 6, got 1, '' left)
01:51 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:00 -!- sysanthrope [~sysanthro@c-68-60-3-14.hsd1.tn.comcast.net] has quit [Read error: Connection reset by peer]
02:01 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has joined #openvpn
02:01 -!- sysanthrope [~sysanthro@c-68-60-3-14.hsd1.tn.comcast.net] has joined #openvpn
02:03 -!- wlarip_ [~wlarip@169.57.0.210-static.reverse.softlayer.com] has quit [Ping timeout: 244 seconds]
02:15 -!- NoOova [~pavelpat@unaffiliated/nooova] has quit [Ping timeout: 252 seconds]
02:23 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:23 -!- mode/#openvpn [+o mattock2] by ChanServ
02:32 -!- cylon512 [~cylon@2.92.130.73] has quit [Ping timeout: 272 seconds]
02:35 -!- NoOova [~pavelpat@unaffiliated/nooova] has joined #openvpn
02:40 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 264 seconds]
02:42 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
02:45 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
03:01 -!- wlarip_ [~wlarip@169.57.0.217-static.reverse.softlayer.com] has joined #openvpn
03:03 -!- wlarip [~wlarip@169.57.0.219-static.reverse.softlayer.com] has quit [Ping timeout: 256 seconds]
03:14 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has quit [Quit: Searching for Waimea]
03:19 -!- tzafrir [~tzafrir@local.xorcom.com] has joined #openvpn
03:26 -!- Malsasa is now known as Guest75602
03:26 -!- Guest75602 [~Malsasa@36.81.107.126] has quit [Killed (wilhelm.freenode.net (Nickname regained by services))]
03:41 -!- Malsasa [~Malsasa@36.82.83.20] has joined #openvpn
03:45 -!- bigeast [~bigeast@unaffiliated/bigeast] has joined #openvpn
03:49 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
04:01 -!- wlarip [~wlarip@169.57.0.214-static.reverse.softlayer.com] has joined #openvpn
04:04 -!- wlarip_ [~wlarip@169.57.0.217-static.reverse.softlayer.com] has quit [Ping timeout: 255 seconds]
04:04 -!- bigeast [~bigeast@unaffiliated/bigeast] has quit [Ping timeout: 250 seconds]
04:08 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:39 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:56 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
04:56 -!- jonasdhaen [~jonasdhae@x590efdc8.dyn.telefonica.de] has quit [Quit: jonasdhaen]
05:01 -!- wlarip_ [~wlarip@169.57.0.216-static.reverse.softlayer.com] has joined #openvpn
05:03 -!- wlarip [~wlarip@169.57.0.214-static.reverse.softlayer.com] has quit [Ping timeout: 240 seconds]
05:19 -!- zalami_ [~realnameo@unaffiliated/zalami] has joined #openvpn
05:20 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 272 seconds]
05:23 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has quit [Quit: Searching for Waimea]
05:31 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
05:38 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has joined #openvpn
05:50 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
05:54 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
06:01 -!- wlarip [~wlarip@169.57.0.213-static.reverse.softlayer.com] has joined #openvpn
06:04 -!- wlarip_ [~wlarip@169.57.0.216-static.reverse.softlayer.com] has quit [Ping timeout: 258 seconds]
06:23 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
06:57 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has quit [Quit: Searching for Waimea]
07:01 -!- wlarip_ [~wlarip@169.57.0.214-static.reverse.softlayer.com] has joined #openvpn
07:03 -!- wlarip [~wlarip@169.57.0.213-static.reverse.softlayer.com] has quit [Ping timeout: 245 seconds]
07:21 -!- wlarip_ [~wlarip@169.57.0.214-static.reverse.softlayer.com] has quit [Quit: ciao]
07:21 -!- wlarip [~wlarip@169.57.0.214-static.reverse.softlayer.com] has joined #openvpn
07:25 -!- Malsasa [~Malsasa@36.82.83.20] has quit [Ping timeout: 240 seconds]
07:30 -!- AMERICAN_PSYCHO [~AMERICAN_@223.sub-70-196-4.myvzw.com] has joined #openvpn
07:31 -!- Malsasa [~Malsasa@36.81.111.251] has joined #openvpn
07:37 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
07:39 -!- Malsasa [~Malsasa@36.81.111.251] has quit [Killed (orwell.freenode.net (Nickname regained by services))]
07:42 -!- teotwaki [~teotwaki@Maemo/community/contributor/crashanddie] has left #openvpn ["WeeChat 1.1.1"]
07:50 -!- dansanger [~vpnuser@190.72.179.173] has joined #openvpn
08:03 -!- wlarip_ [~wlarip@169.57.0.216-static.reverse.softlayer.com] has joined #openvpn
08:04 -!- wlarip [~wlarip@169.57.0.214-static.reverse.softlayer.com] has quit [Ping timeout: 256 seconds]
08:05 -!- wlarip_ [~wlarip@169.57.0.216-static.reverse.softlayer.com] has quit [Client Quit]
08:05 -!- wlarip [~wlarip@169.57.0.216-static.reverse.softlayer.com] has joined #openvpn
08:26 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.1/20150513174244]]
08:39 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
08:47 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-pawtfivhslxseswl] has joined #openvpn
08:55 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
09:01 -!- wlarip_ [~wlarip@169.57.0.212-static.reverse.softlayer.com] has joined #openvpn
09:04 -!- wlarip [~wlarip@169.57.0.216-static.reverse.softlayer.com] has quit [Ping timeout: 265 seconds]
09:14 -!- sysanthrope [~sysanthro@c-68-60-3-14.hsd1.tn.comcast.net] has quit [Remote host closed the connection]
09:18 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
09:20 -!- AMERICAN_PSYCHO [~AMERICAN_@223.sub-70-196-4.myvzw.com] has quit [Ping timeout: 255 seconds]
09:24 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
09:28 -!- wlarip_ [~wlarip@169.57.0.212-static.reverse.softlayer.com] has quit [Quit: ciao]
09:29 -!- wlarip [~wlarip@169.57.0.212-static.reverse.softlayer.com] has joined #openvpn
09:32 < ivali> I am new to networking. Can i force openvpn server to give /32 address to clients (so they could not ping each other) ?
09:34 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
09:35 < hid3> Hello everyone. How can I increase the speed of tun0 device on Windows 7? Currently it is shown as '10 Mbps" and it is limiting the bandwidth
09:35 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
09:37 <+esde> it is not
09:38 < hid3> Why? I have a network camera stream. If I switch the VPN off, the speed increases to around 4300 Kbps while with VPN it is no more than 1350 Kbps
09:38 <+esde> though it says 10Mb, that is not a limitation
09:38 <+esde> !bottlenck
09:38 <+esde> !bottleneck
09:38 <@vpnHelper> "bottleneck" is (#1) OpenVPN uses userland crypto unless you have HW accel available (as shown with `openvpn --show-engines`.) This means the CPU is frequently the performance bottleneck; remember that OVPN is single-threaded or (#2) See also: !gigabit for ideas on advanced performance tuning options
09:39 < hid3> strange, as CPU usage on both, client and the server is almost minimal
09:39 <+esde> https://openvpn.net/archive/openvpn-users/2004-02/msg00041.html
09:39 <@vpnHelper> Title: Re: [Openvpn-users] Win32 Tun/Tap adapter limited to 10Mbps??? (at openvpn.net)
09:40 <+esde> You haven't provided much in the way of useful information (!configs, !logs, !goal) for us to review. However, 10Mb is not a limitation at the adapter. Your slow speeds are due to something else.
09:44 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:46 < apollo13> ivali: just use proper firewall rules
09:46 -!- wlarip [~wlarip@169.57.0.212-static.reverse.softlayer.com] has quit [Quit: ciao]
09:46 < apollo13> also client-to-client is usually disabled, so they should not be able to reach each other
09:47 -!- wlarip [~wlarip@169.57.0.212-static.reverse.softlayer.com] has joined #openvpn
09:47 < apollo13> ivali: also the best you will get is probably a net30 topology, you need to reach the server after all ;)
09:48 <+esde> !/30
09:48 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
09:49 < apollo13> esde: what would I do without you ;)
09:52 < ivali> thanks!
09:54 < apollo13> is anyone using the management pf filter interface?
09:54 < apollo13> (just curious on how the experience with it is/waS)
10:00 -!- Malsasa [~Malsasa@36.82.84.194] has joined #openvpn
10:00 -!- wlarip_ [~wlarip@169.57.0.215-static.reverse.softlayer.com] has joined #openvpn
10:01 -!- wlarip_ [~wlarip@169.57.0.215-static.reverse.softlayer.com] has quit [Client Quit]
10:01 -!- wlarip_ [~wlarip@169.57.0.215-static.reverse.softlayer.com] has joined #openvpn
10:03 -!- satonio [~satonio@89.Red-2-139-223.staticIP.rima-tde.net] has joined #openvpn
10:03 < satonio> hi
10:03 < ivali> Hey, I changed my topology to net30 and my clients now get this type of configuration "tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  \n inet addr:172.16.0.6  P-t-P:172.16.0.5  Mask:255.255.255.255"
10:03 < ivali> shouldn't they get a 255.255.255.252 instead?
10:03 < satonio> i'm trying to setup a tap tunnel but i'm getting one-way traffic, any idea about what could be wrong?
10:04 -!- wlarip [~wlarip@169.57.0.212-static.reverse.softlayer.com] has quit [Ping timeout: 256 seconds]
10:04 < satonio> the packets from the client cannot be seen by the server (i have used tcpdump)
10:05 <@krzee> ivali, they are getting little mini .252 sized subnets, but with PTP topology
10:06 <@krzee> the .5 is an imaginary address internal to openvpn, .6 is the client address
10:06 <@krzee> you can use topology subnet to just use a single bigger subnet
10:06 <@krzee> !topology
10:06 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
10:07 -!- BtbN [btbn@btbn.de] has quit [Remote host closed the connection]
10:08 -!- BtbN [btbn@btbn.de] has joined #openvpn
10:08 < apollo13> but you should make extra sure to use a uncommon subnet for the vpn then
10:09 < apollo13> 172.16.0 is probably the least imaginative private network you can use^^
10:10 < ivali> my ISP gives me 10./8, and i am behind a router that gives me 192.168.0/24 :-)
10:11 < apollo13> your isp gives you 10./8? I doubt that
10:11 < ivali> cheap internet .. no external ip address. heh :-)
10:11 < apollo13> since when do ISPs "give"  ips at all? I mean from the one public for your modem maybe
10:13 -!- satonio [~satonio@89.Red-2-139-223.staticIP.rima-tde.net] has quit [Read error: No route to host]
10:14 -!- satonio [~satonio@89.Red-2-139-223.staticIP.rima-tde.net] has joined #openvpn
10:15 -!- BtbN [btbn@btbn.de] has quit [Remote host closed the connection]
10:15 -!- BtbN [btbn@btbn.de] has joined #openvpn
10:17 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
10:24 < ivali> if i put the cable that enters my home in my PC I get an 10./8 IP via dhcp :-)
10:25 <@krzee> apollo13, it is totally possible that his ISP uses 1918 ips internally
10:25 <@krzee> my ISP uses a ton of 1918 ips internally too
10:25 <@krzee> dont misunderstand him, when he hits the internet he has an internet routable IP
10:25 < apollo13> wow, we at least get public ips and then the local router uses 10.0.0/24 or so
10:26 < apollo13> krzee: sure sure
10:26 < apollo13> but that "isp grade natting" is not too common here yet
10:26 <@krzee> its more of a hack than 'doing it right (™)'
10:27 < apollo13> hehe
10:29 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
10:30 <@krzee> if i traceroute a server i have here on the same ISP in the same city, i go through 9 hops of 172.17.x hosts, 2 hops of internet routable IPs owned by my ISP, 2 hosts in 192.168.x, and then to my server
10:30 <@krzee> in that order
10:30 <@krzee> its fast cause both machines are on fiber, but it still makes me sad
10:30 <@krzee> lol
10:31 < apollo13> interesting, on my mobile network I somewhat have the same situation apparenbtly
10:31 < apollo13> at least 8 hops on 10.0
10:32 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
10:37 -!- satonio [~satonio@89.Red-2-139-223.staticIP.rima-tde.net] has quit [Ping timeout: 256 seconds]
10:38 -!- OG_s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
10:39 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 240 seconds]
10:39 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 250 seconds]
10:43 -!- OG_s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 272 seconds]
10:50 -!- leosw [~leo@193.48.172.23] has joined #openvpn
11:00 -!- wlarip [~wlarip@169.57.0.211-static.reverse.softlayer.com] has joined #openvpn
11:03 -!- wlarip_ [~wlarip@169.57.0.215-static.reverse.softlayer.com] has quit [Ping timeout: 240 seconds]
11:03 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 244 seconds]
11:10 -!- xorox90 [uid7069@gateway/web/irccloud.com/x-pawtfivhslxseswl] has quit [Quit: Connection closed for inactivity]
11:17 -!- Malsasa [~Malsasa@36.82.84.194] has quit [Remote host closed the connection]
11:22 -!- fishey2 [~ydoc@vcr.einic.org] has joined #openvpn
11:22 -!- fishey2 [~ydoc@vcr.einic.org] has left #openvpn ["WeeChat 1.1.1"]
11:24 < leosw> Hello world
11:24 < leosw> Each time I reboot my server I need to do that : http://askubuntu.com/a/278271/205239
11:24 <@vpnHelper> Title: 12.04 - OpenVPN on Ubuntu OpenVZ - Ask Ubuntu (at askubuntu.com)
11:24 < leosw> Is there a way to fix the bug or at least to automative the fix ?
11:26 < apollo13> sure, put it into an init script
11:29 < leosw> Ok, so the way is to cron that ?
11:32 < apollo13> init script!
11:34 -!- NoOova [~pavelpat@unaffiliated/nooova] has quit [Ping timeout: 272 seconds]
11:44 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
11:45 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
12:00 -!- wlarip_ [~wlarip@169.57.0.214-static.reverse.softlayer.com] has joined #openvpn
12:01 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:03 -!- jonasdhaen [~jonasdhae@x590efdc8.dyn.telefonica.de] has joined #openvpn
12:04 -!- wlarip [~wlarip@169.57.0.211-static.reverse.softlayer.com] has quit [Ping timeout: 265 seconds]
12:27 -!- wlarip_ is now known as wlarip
12:42 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 272 seconds]
12:44 -!- tzafrir [~tzafrir@local.xorcom.com] has left #openvpn ["Leaving"]
12:47 -!- NoOova [~pavelpat@unaffiliated/nooova] has joined #openvpn
12:50 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
13:00 -!- wlarip_ [~wlarip@169.57.0.216-static.reverse.softlayer.com] has joined #openvpn
13:02 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
13:04 -!- wlarip [~wlarip@169.57.0.214-static.reverse.softlayer.com] has quit [Ping timeout: 255 seconds]
13:14 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
13:53 -!- wlarip_ is now known as wlarip
13:55 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Read error: Connection reset by peer]
13:57 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
14:00 -!- Anoniem4l is now known as lamein
14:00 -!- wlarip_ [~wlarip@169.57.0.210-static.reverse.softlayer.com] has joined #openvpn
14:04 -!- wlarip [~wlarip@169.57.0.216-static.reverse.softlayer.com] has quit [Ping timeout: 265 seconds]
14:05 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
14:07 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 0.4.3]
14:10 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 258 seconds]
14:13 -!- wlarip_ is now known as wlarip
14:22 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
14:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
14:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:24 -!- mode/#openvpn [+o mattock1] by ChanServ
14:25 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:25 -!- mode/#openvpn [+o mattock2] by ChanServ
14:28 -!- shadok is now known as Muad`Dib
14:28 -!- Muad`Dib is now known as shadok
14:29 -!- GiftigerWunsch [~giftiger_@wikipedia/Giftiger-wunsch] has joined #openvpn
14:40 < GiftigerWunsch> I'm trying to set up an ethernet bridge on centos following the instructions at https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html#linuxscript but when I bring up the interface my server loses internet access, though retains access to the ethernet interface. ifconfig output = https://gist.github.com/anonymous/edda3c2fa0649ff0460f any idea what I could be doing wrong? Let me know if you need 
14:40 <@vpnHelper> Title: Ethernet Bridging (at openvpn.net)
14:41 <+esde> !bridging
14:41 <@vpnHelper> "bridging" is (#1) Using bridges is either completely stupid or clever. It is stupid if you do it because you think it is easier. It is clever if you're a network knowledgeable person who understands networking very well and knows why routing won't fit for you or (#2) See also https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
14:41 -!- GrantK [~GrantK@bolt.sonic.net] has joined #openvpn
14:42 < GrantK> I have a vpn client connecting to a remote server.  To date, the local IP's been a static IP.  Since the local machine is multihomed, I spec'd "local XX.XX.XX.XX" in the local config to bind only to that IP address.
14:42 < GrantK> The local IP's changing to a dynamic ISP-assigned address.  I can change to "local tracking.hostname.com", where 'local tracking.hostname.com' is an nsupdate-d bind9 host that tracks the dynamic IP.  Works well -- as long as the DNS server is up&available at the time openvpn starts.  Otherwise, the lookup fails.  This seems fragile.
14:42 < GrantK> What's the right way to deal with a dynamic IP on a multi-homed openvpn client, particularly in the case of DNS lookup failure?
14:42 < GiftigerWunsch> Routing won't work for me unless I want to reconfigure half a dozen things which run on my LAN at the moment
14:42 < GiftigerWunsch> (some of them quite fiddly)
14:50 -!- lamein is now known as Anoniem44l
14:50 -!- Anoniem44l is now known as Anoniem4l
14:52 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:57 -!- GiftigerWunsch [~giftiger_@wikipedia/Giftiger-wunsch] has left #openvpn []
15:00 -!- wlarip_ [~wlarip@169.57.0.218-static.reverse.softlayer.com] has joined #openvpn
15:01 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
15:01 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
15:03 -!- wlarip [~wlarip@169.57.0.210-static.reverse.softlayer.com] has quit [Ping timeout: 245 seconds]
15:04 -!- wlarip_ is now known as wlarip
15:07 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
15:18 -!- leosw [~leo@193.48.172.23] has quit [Quit: Leaving]
15:23 -!- NoOova [~pavelpat@unaffiliated/nooova] has quit [Ping timeout: 272 seconds]
15:30 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:41 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
15:49 -!- NoOova [~pavelpat@unaffiliated/nooova] has joined #openvpn
15:53 -!- dansanger [~vpnuser@190.72.179.173] has quit [Ping timeout: 246 seconds]
15:57 -!- GrantK [~GrantK@bolt.sonic.net] has quit [Quit: GrantK]
16:00 -!- wlarip_ [~wlarip@169.57.0.217-static.reverse.softlayer.com] has joined #openvpn
16:04 -!- wlarip [~wlarip@169.57.0.218-static.reverse.softlayer.com] has quit [Ping timeout: 252 seconds]
16:06 -!- wlarip_ is now known as wlarip
16:07 -!- Quobo_ [~textual@unaffiliated/quobo] has joined #openvpn
16:07 < Quobo_> Hello, everyone.
16:08 < Quobo_> Would anyone be willing to look over my logs to see where exactly I'm going wrong? I'm trying to set up a VPN on my RasPi.
16:17 -!- dansanger [~vpnuser@190.72.179.173] has joined #openvpn
16:34 <@Eugene> Only if you post them
16:34 <@Eugene> !logs
16:34 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:36 < Quobo_> Eugene, thanks, but it looks like I've solved the problem. :)
16:36 <@Eugene> Oh good
16:36 <@Eugene> !next
16:36 <@Eugene> Useless bot
16:39 -!- NoOova [~pavelpat@unaffiliated/nooova] has quit [Ping timeout: 246 seconds]
16:40 -!- dansanger [~vpnuser@190.72.179.173] has quit [Ping timeout: 256 seconds]
16:40 -!- Malsasa [~Malsasa@36.82.84.194] has joined #openvpn
16:41 -!- Malsasa [~Malsasa@36.82.84.194] has quit [Read error: Connection reset by peer]
16:45 -!- jonasdhaen [~jonasdhae@x590efdc8.dyn.telefonica.de] has quit [Quit: jonasdhaen]
17:00 -!- wlarip_ [~wlarip@169.57.0.216-static.reverse.softlayer.com] has joined #openvpn
17:03 -!- wlarip- [~wlarip@209.26.240.148] has joined #openvpn
17:04 -!- wlarip [~wlarip@169.57.0.217-static.reverse.softlayer.com] has quit [Ping timeout: 240 seconds]
17:05 -!- wlarip [~wlarip@108.61.123.89] has joined #openvpn
17:07 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has quit [Quit: Searching for Waimea]
17:07 -!- wlarip_ [~wlarip@169.57.0.216-static.reverse.softlayer.com] has quit [Ping timeout: 276 seconds]
17:08 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Read error: Connection reset by peer]
17:08 -!- wlarip- [~wlarip@209.26.240.148] has quit [Ping timeout: 276 seconds]
17:16 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
17:19 -!- Quobo_ [~textual@unaffiliated/quobo] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:19 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Read error: Connection reset by peer]
17:26 -!- Quobo [~textual@unaffiliated/quobo] has joined #openvpn
17:27 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
17:43 -!- zmachine [~ROCK_@pool-173-58-228-34.lsanca.fios.verizon.net] has quit [Ping timeout: 255 seconds]
17:46 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
17:46 -!- Quobo [~textual@unaffiliated/quobo] has quit [Read error: Connection reset by peer]
17:47 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
18:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:04 -!- wlarip [~wlarip@108.61.123.89] has quit [Ping timeout: 258 seconds]
18:14 -!- MadHatter42 [~MadHatter@unaffiliated/madhatter42] has joined #openvpn
18:14 < MadHatter42> anyone
18:14 < MadHatter42> ?
18:15 < MadHatter42> i'm getting a weird  TLS Error: TLS handshake failed
18:15 < MadHatter42> in my openvpn installation
18:16 < MadHatter42> !paste
18:16 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
18:16 < MadHatter42> !logs
18:16 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
18:24 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:42 -!- wlarip_ is now known as wlarip
18:52 -!- MadHatter42 [~MadHatter@unaffiliated/madhatter42] has quit [Ping timeout: 255 seconds]
19:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
19:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
19:09 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has quit [Ping timeout: 240 seconds]
19:09 -!- s7eele [~AndChat52@208.167.254.206] has joined #openvpn
19:17 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
19:18 -!- wlarip_ is now known as wlarip
20:00 -!- wlarip_ [~wlarip@108.61.123.89] has joined #openvpn
20:01 -!- plasma [plasma@antiquos.technopagans.com] has quit [Quit: leaving]
20:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
20:19 -!- Malsasa [~Malsasa@125.164.136.5] has joined #openvpn
20:30 -!- s7eele [~AndChat52@208.167.254.206] has quit [Remote host closed the connection]
20:30 -!- s7eele [~AndChat52@208.167.254.206] has joined #openvpn
20:30 -!- MogDog is now known as MogDog66
20:38 -!- plasma [plasma@antiquos.technopagans.com] has joined #openvpn
20:40 -!- toothe [~awiggin@unaffiliated/toothe] has left #openvpn []
21:00 -!- wlarip [~wlarip@108.61.123.88] has joined #openvpn
21:03 -!- wlarip_ [~wlarip@108.61.123.89] has quit [Ping timeout: 250 seconds]
21:06 <+esde> !configs
21:06 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
21:06 -!- MogDog66 is now known as MogDog
21:34 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
21:36 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
21:38 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
22:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:04 -!- wlarip [~wlarip@108.61.123.88] has quit [Ping timeout: 252 seconds]
22:58 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
23:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:00 -!- MalMen [~MalMen@xmr.link] has quit [Ping timeout: 246 seconds]
23:03 -!- julius_ [~julius_@p3EE2913E.dip0.t-ipconnect.de] has quit [Ping timeout: 265 seconds]
23:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
23:05 -!- julius_ [~julius_@p3EE28385.dip0.t-ipconnect.de] has joined #openvpn
23:22 -!- Malsasa [~Malsasa@125.164.136.5] has quit [Read error: Connection reset by peer]
23:25 -!- ShadniX [dagger@p5481C9D1.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:27 -!- ShadniX [dagger@p5481DC03.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Tue May 26 2015
00:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
00:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3de0:a377:4ce7:4b4c] has joined #openvpn
00:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
00:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3de0:a377:4ce7:4b4c] has quit [Remote host closed the connection]
00:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:fd67:fb21:aaa9:20a2] has joined #openvpn
01:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:01 < Abbott> Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client.log: Access is denied.   (errno=5)
01:01 < Abbott> I am getting this using the windows client, how would I fix this?
01:02 < Abbott> actually i think I got it by setting the program to run as an administrator
01:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
01:04 <@krzee> openvpn must run as admin for more reasons than just that
01:04 < Abbott> right, I would figure as much. I should have checked that first
01:22 < Abbott> I can access google and yahoo when connected to my server but everything else times out. I can't access anything when I VPN from my phone
01:22 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:23 -!- NetworkingPro [~Networkin@192.198.208.235] has left #openvpn []
01:30 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 256 seconds]
01:54 < Abbott> is there anything visibly off with these confs? http://pastie.org/pastes/10207555/text?key=xq95pz70hvdibydcbh5pq http://pastie.org/pastes/10207556/text?key=qmj6wekox3zeddqubi3isa
02:00 -!- wlarip_ [~wlarip@108.61.123.84] has joined #openvpn
02:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
02:29 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:fd67:fb21:aaa9:20a2] has quit [Ping timeout: 265 seconds]
02:36 -!- Malsasa [~Malsasa@125.164.136.5] has joined #openvpn
02:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:57 -!- ivali [valentin@unaffiliated/ivali] has joined #openvpn
03:00 -!- wlarip [~wlarip@108.61.123.75] has joined #openvpn
03:04 -!- wlarip_ [~wlarip@108.61.123.84] has quit [Ping timeout: 246 seconds]
03:08 -!- b1usky [~chatzilla@212.23.140.110] has joined #openvpn
03:08 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
03:08 < b1usky> !welcome
03:08 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:08 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:08 < b1usky> !goal
03:08 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
03:09 -!- b1usky [~chatzilla@212.23.140.110] has left #openvpn []
03:16 -!- ivali [valentin@unaffiliated/ivali] has quit []
03:19 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has quit [Quit: Searching for Waimea]
03:22 -!- k0rsan [~Mahmut.Al@212.23.140.110] has joined #openvpn
03:28 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 240 seconds]
03:30 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
03:32 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has joined #openvpn
03:33 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 272 seconds]
03:35 -!- k0rsan [~Mahmut.Al@212.23.140.110] has left #openvpn []
03:39 -!- MalMen [~MalMen@xmr.link] has joined #openvpn
03:44 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
03:54 < CryptoSiD> in ipp.txt it say: Home,10.10.30.4
03:54 < CryptoSiD> but Home have 10.10.30.6 ?
03:56 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Ping timeout: 246 seconds]
04:00 < CryptoSiD> the ipv6 tunnel is the right one but the ipv4 is .4 when it should be .6
04:00 < CryptoSiD> just wondering why
04:00 -!- wlarip_ [~wlarip@108.61.123.89] has joined #openvpn
04:04 -!- wlarip [~wlarip@108.61.123.75] has quit [Ping timeout: 265 seconds]
04:09 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:17 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:46 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
04:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:00 -!- wlarip [~wlarip@108.61.123.73] has joined #openvpn
05:04 -!- wlarip_ [~wlarip@108.61.123.89] has quit [Ping timeout: 264 seconds]
05:04 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
05:12 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
05:43 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
06:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:04 -!- wlarip [~wlarip@108.61.123.73] has quit [Ping timeout: 244 seconds]
06:16 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Read error: Connection reset by peer]
06:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
06:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:36 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 272 seconds]
06:38 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
06:38 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
06:38 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
06:40 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
--- Log closed Tue May 26 07:01:07 2015
--- Log opened Tue May 26 07:37:36 2015
07:37 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
07:37 -!- Irssi: #openvpn: Total of 225 nicks [7 ops, 0 halfops, 3 voices, 215 normal]
07:37 -!- mode/#openvpn [+o ecrist] by ChanServ
07:37 -!- Irssi: Join to #openvpn was synced in 3 secs
07:37 -!- mensvaga [~mensvaga@192.16.204.65] has left #openvpn []
07:45 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has joined #openvpn
08:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
08:15 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Ping timeout: 244 seconds]
08:15 -!- wlarip_ is now known as wlarip
08:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
08:23 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:25 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Read error: Connection reset by peer]
08:29 -!- Yoda [Yoda@unaffiliated/yoda] has quit [Ping timeout: 265 seconds]
08:34 -!- Yoda [Yoda@unaffiliated/yoda] has joined #openvpn
08:35 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Quit: leaving]
08:36 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
08:37 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Quit: elfixit]
08:38 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
08:49 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
08:52 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:57 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
08:57 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
08:58 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
08:58 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
09:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
09:27 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 276 seconds]
09:30 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
09:30 -!- mode/#openvpn [+v s7r] by ChanServ
09:35 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
09:36 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
09:52 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
09:52 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Ping timeout: 256 seconds]
10:00 -!- wlarip [~wlarip@108.61.123.85] has joined #openvpn
10:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
10:20 -!- jthunder [~jthunder@S010640167eeb5b41.ed.shawcable.net] has quit [Ping timeout: 272 seconds]
10:24 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
10:30 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Ping timeout: 246 seconds]
10:30 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
10:34 -!- jthunder_ [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
10:45 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
10:45 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:48 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:49 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
10:59 -!- unicodesnowman [~unicodesn@wikipedia/unicodesnowman] has quit [Ping timeout: 276 seconds]
11:00 -!- wlarip_ [~wlarip@108.61.123.74] has joined #openvpn
11:02 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
11:04 -!- wlarip [~wlarip@108.61.123.85] has quit [Ping timeout: 276 seconds]
11:07 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has joined #openvpn
11:22 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
11:22 -!- bruxC [~bruxC@66.63.84.178] has quit [Remote host closed the connection]
11:25 -!- wlarip_ [~wlarip@108.61.123.74] has quit [Ping timeout: 272 seconds]
11:25 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
11:25 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
11:26 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
11:26 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
11:29 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
11:29 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
11:32 -!- dionysus69_ [~chatzilla@178.134.212.77] has joined #openvpn
11:35 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 255 seconds]
11:35 -!- dionysus69_ is now known as dionysus69
11:38 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:42 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
11:51 -!- Malsasa [~Malsasa@125.164.136.5] has quit [Read error: Connection reset by peer]
12:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
12:04 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 272 seconds]
12:37 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
13:00 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 265 seconds]
13:00 -!- wlarip_ [~wlarip@108.61.123.82] has joined #openvpn
13:01 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
13:02 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
13:03 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
13:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
13:04 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
13:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
13:05 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
13:19 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
13:28 -!- jonasdhaen [~jonasdhae@x590efe30.dyn.telefonica.de] has joined #openvpn
13:34 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 272 seconds]
13:35 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
14:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:01 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 272 seconds]
14:04 -!- wlarip_ [~wlarip@108.61.123.82] has quit [Ping timeout: 256 seconds]
14:09 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 245 seconds]
14:12 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
14:15 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
14:16 -!- Mike-- [~Mike--@mx.probie.nl] has joined #openvpn
14:17 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
14:17 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 256 seconds]
14:18 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
14:30 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 256 seconds]
14:34 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
14:37 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Quit: Leaving]
14:38 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
14:42 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 256 seconds]
14:49 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
14:54 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 256 seconds]
15:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
15:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 255 seconds]
15:06 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Ping timeout: 265 seconds]
15:13 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
15:13 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: I'll be away for a while, cleaning up and re-installing my OS]
15:15 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
15:18 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:31 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
15:33 -!- wlarip_ is now known as wlarip
15:37 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 246 seconds]
15:38 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
16:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
16:03 -!- jonasdhaen_ [~jonasdhae@x590efe30.dyn.telefonica.de] has joined #openvpn
16:04 -!- jonasdhaen [~jonasdhae@x590efe30.dyn.telefonica.de] has quit [Ping timeout: 250 seconds]
16:04 -!- jonasdhaen_ is now known as jonasdhaen
16:04 -!- jonasdhaen [~jonasdhae@x590efe30.dyn.telefonica.de] has left #openvpn []
16:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
16:07 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has quit [Ping timeout: 246 seconds]
16:10 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
16:24 -!- Spec [~Spec@unaffiliated/spec] has joined #openvpn
16:33 < Spec> Hello. I added a "route blah blah" command to my openvpn's config file, but when I restart the vpn server the route does not show up in the Linux routing table. How can I troubleshoot this?
16:34 < Spec> Oh, I check the log file and it gives me the error. I see.
16:36 -!- Quobo [~textual@unaffiliated/quobo] has joined #openvpn
16:36 < Spec> So, it tells me: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
16:37 < Spec> I want the route I'm adding to point to the IP of a specific client -- to that end, I added the appropriate iroute in the ccd/ directory, I thought openvpn figured this stuff out?
16:41 -!- Quobo [~textual@unaffiliated/quobo] has quit [Ping timeout: 244 seconds]
16:46 -!- cylon512 [~cylon@2.92.156.101] has quit [Ping timeout: 265 seconds]
16:47 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
16:47 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has left #openvpn []
17:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
17:13 <+esde> "route blah blah blah" will definitely /not/ work. in order to figure out what will work, we will need your !goal, !configs, and !logs. Thank you
17:14 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.40.249] has joined #openvpn
17:18 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
17:18 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.40.249] has quit [Max SendQ exceeded]
17:20 < Spec> esde: okay. i was in the process of writing up a more thorough question when my working-configs stopped working
17:20 < Spec> i will try again tomorrow
17:26 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 272 seconds]
17:30 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
17:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:34 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
18:00 -!- wlarip_ [~wlarip@108.61.123.79] has joined #openvpn
18:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
18:05 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:10 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 264 seconds]
18:13 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
18:15 -!- dazo is now known as dazo_afk
18:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
18:24 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:34 <+esde> https://www.youtube.com/watch?v=zurrQiETDHA
18:34 <+esde> two years ago, at that
18:38 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 255 seconds]
18:39 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
18:53 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
19:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
19:03 -!- wlarip_ [~wlarip@108.61.123.79] has quit [Ping timeout: 240 seconds]
19:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:39 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
19:50 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has quit [Quit: Searching for Waimea]
19:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
20:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
20:10 -!- xMopxShell [~xMopxShel@n2.xmopx.net] has quit [Ping timeout: 245 seconds]
20:11 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
20:13 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
20:15 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 272 seconds]
20:18 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
20:19 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 272 seconds]
20:22 -!- fred`` [fred@earthli.ng] has joined #openvpn
20:23 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
20:59 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 276 seconds]
21:00 -!- wlarip [~wlarip@108.61.123.89] has joined #openvpn
21:01 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
21:01 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
21:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
21:04 -!- codebam [codebam@gateway/shell/yourbnc/x-lvmltyixiyrvijzy] has quit [Max SendQ exceeded]
21:04 -!- codebam [codebam@gateway/shell/yourbnc/x-gyspprojifmxzfxc] has joined #openvpn
21:06 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
21:11 -!- Cultist [~CultOfThe@c-67-175-170-187.hsd1.il.comcast.net] has quit [Quit: Tension, apprehension, and dissension have begun.]
21:12 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:43 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
21:47 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 252 seconds]
21:48 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
22:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:04 -!- wlarip [~wlarip@108.61.123.89] has quit [Ping timeout: 272 seconds]
22:12 -!- sambane [~twelfthni@unaffiliated/twelfthnight] has joined #openvpn
22:12 < sambane> .
22:12 -!- sambane [~twelfthni@unaffiliated/twelfthnight] has left #openvpn ["Leaving"]
22:25 -!- Latrina [~Latrina@adsl-ull-63-194.50-151.net24.it] has quit [Ping timeout: 264 seconds]
22:30 -!- Latrina [~Latrina@ppp-160-19.26-151.libero.it] has joined #openvpn
23:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:02 -!- julius_ [~julius_@p3EE28385.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
23:05 -!- julius_ [~julius_@p3EE289A3.dip0.t-ipconnect.de] has joined #openvpn
23:10 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
23:14 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:25 -!- ShadniX [dagger@p5481DC03.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:26 -!- ShadniX [dagger@p5794129F.dip0.t-ipconnect.de] has joined #openvpn
23:28 -!- DonRichie [~DonRichie@ricl.de] has left #openvpn ["Verlassend"]
23:34 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Ping timeout: 246 seconds]
23:51 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 255 seconds]
23:51 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
23:53 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has joined #openvpn
23:56 -!- jvelasquez [~jvelasque@haw25-75.hawcc.hawaii.edu] has joined #openvpn
--- Day changed Wed May 27 2015
00:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
00:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
00:06 -!- alanjf [~ajf@unaffiliated/alanjf] has quit [Read error: Connection reset by peer]
00:10 < jvelasquez> hi. it's my first time.  my client is connecting to my server ok,  but I can't get anything to ping anything.    http://pastebin.com/u8hvZ8Qq
00:11 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
00:13 < jvelasquez> I have services running on machines 10.10.10.1, 10.10.10.2, and 10.10.10.3,  that I want to access through a dedicated openvpn machine on 10.10.10.10.
00:19 < Raku_> I recently replaced the wireless adapter in my server, i was using a card and now its a usb, so i have two wireless interfaces, i have the other one(wlan0) disabled, but for some reason my vpn stopped working, i can connect but that's it, cant access any local resources, can't ssh in to the server, can't browse anything, i can only connect. Due to the timing i can only think it'd have to do with the
00:19 < Raku_> interface switch, i can't figure out what i'd need to change to make it work though.
00:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
00:39 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
00:40 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
00:46 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Quit: WeeChat 1.3-dev]
00:47 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
00:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
00:50 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Client Quit]
01:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:03 < jvelasquez> do eth0 and tun0 need to be on different IP's ?
01:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
01:05 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
01:15 < jvelasquez> ohh.  eth0 and tun0 need different subnets?    cause now I get something that pings.
01:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
01:24 < jvelasquez> but I still can't ping things beyond my server.
01:27 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:32 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 272 seconds]
01:34 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
01:36 < jvelasquez> nevermind. my serverside postrouting masqurading was going out the wrong interface.
01:36 < jvelasquez> i think it works now.
01:37 < jvelasquez> thanks you for the help.  would have never figured this thing out without you.  peace!
01:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
01:47 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 245 seconds]
01:48 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
01:51 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
01:54 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
01:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:00 -!- wlarip_ [~wlarip@108.61.123.85] has joined #openvpn
02:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
02:12 -!- neonixcoder [~surendra@59.167.66.240] has joined #openvpn
02:17 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
02:34 < neonixcoder> Hi team.. good day..
02:35 < neonixcoder> I know how a normal VPN works externally, but not sure how it works internally..
02:37 < neonixcoder> I am going through some doc which shows I have to created cert for CA, for VPN server and for vpn clients as well.. I am confused..
02:37 < neonixcoder> Is there any doc/link which explains these certs in detail like why we require them, and when they are going to use in the communication?
02:39 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:39 -!- tsing [~tsing@gintama.tsing.org] has quit [Client Quit]
02:51 -!- muh-die-kuh [~quassel@2001:41d0:51:1::ed7] has joined #openvpn
02:54 < muh-die-kuh> Hi
02:55 < muh-die-kuh> is it possible to seperate multiple clients into different networks that can't talk to each other with a single server?
02:55 < muh-die-kuh> If so: Whats the word that I have to type into google? :-)
03:00 -!- wlarip [~wlarip@108.61.123.87] has joined #openvpn
03:01 -!- neonixcoder [~surendra@59.167.66.240] has quit [Ping timeout: 258 seconds]
03:02 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
03:03 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
03:04 -!- wlarip_ [~wlarip@108.61.123.85] has quit [Ping timeout: 250 seconds]
03:04 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
03:06 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
03:10 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
03:11 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
03:16 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:18 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
03:27 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 256 seconds]
03:37 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:40 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:59 -!- dazo_afk is now known as dazo
04:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
04:01 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
04:04 -!- wlarip [~wlarip@108.61.123.87] has quit [Ping timeout: 276 seconds]
04:09 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:11 -!- BtbN [btbn@btbn.de] has quit [Changing host]
04:11 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
04:22 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Ping timeout: 255 seconds]
04:27 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
04:30 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
04:31 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 252 seconds]
04:31 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
04:31 -!- mode/#openvpn [+o pekster] by ChanServ
04:31 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 252 seconds]
04:31 < ivali> hello, i am using openvpn client to connect to a vpn network. i don't have any connectivity. the temporary solution found so far is chaning my IP addres on tun0 to a random on and then changing it back to what the openvpn server gave me. has anyone encountered this problem before?
04:31 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
04:32 < ivali> to a random one~
04:32 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
04:38 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:42 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:45 -!- mode/#openvpn [+o mattock1] by ChanServ
05:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
05:01 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
05:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
05:52 -!- drazoro [~drazoro@105-237-87-147.access.mtnbusiness.co.za] has joined #openvpn
05:53 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has joined #openvpn
05:56 < NTQ> Hi. It's my first try to setup an openvpn site-to-site tunnel with a PSK. We got protocol, encryption, hashing algorithm, PSK and Gateway IP from an other company. And now we have to connect to them via a site-to-site vpn.
05:57 < NTQ> I am running an Lubuntu 14.04 on a static IP. Is there a detailled tutorial for how to setup the VPN on one site, if you've got all information from the other site?
05:58 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
06:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:01 <+esde> NTQ
06:01 <+esde> !howto
06:01 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
06:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
06:14 < NTQ> Okay, thank you. A general question: Do both sides have to know the local IP domain to connect both servers? Or is it enough to know the gateway IP?
06:15 < NTQ> I know that I need to know the local IPs if I want to connect to clients between both sides.
06:23 -!- drazoro [~drazoro@105-237-87-147.access.mtnbusiness.co.za] has quit [Ping timeout: 255 seconds]
06:25 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Ping timeout: 244 seconds]
06:27 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
06:27 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
06:28 -!- Poster|x [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
06:28 -!- Gintaras [irc.omnite@77.241.206.82] has quit [Read error: Connection reset by peer]
06:31 -!- cyberspace- [20253@ninthfloor.org] has quit [Disconnected by services]
06:32 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
06:33 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
06:34 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
06:36 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 250 seconds]
06:36 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 250 seconds]
06:36 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 250 seconds]
06:36 -!- Latrina [~Latrina@ppp-160-19.26-151.libero.it] has quit [Ping timeout: 250 seconds]
06:36 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
06:36 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 250 seconds]
06:36 -!- Kobaz [~kobaz@its.kobaz.net] has quit [Ping timeout: 250 seconds]
06:37 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
06:38 -!- Latrina [~Latrina@ppp-160-19.26-151.libero.it] has joined #openvpn
06:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8981:fe0c:ef3:908c] has joined #openvpn
06:46 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
07:00 -!- wlarip [~wlarip@108.61.123.77] has joined #openvpn
07:02 -!- valentin- [valentin@unaffiliated/ivali] has joined #openvpn
07:03 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 265 seconds]
07:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
07:12 -!- s7eele [~AndChat52@208.167.254.206] has quit [Remote host closed the connection]
07:12 -!- s7eele [~AndChat52@208.167.254.206] has joined #openvpn
07:35 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:37 -!- wlarip- [~wlarip@209.26.240.148] has joined #openvpn
07:38 -!- wlarip [~wlarip@108.61.123.77] has quit [Ping timeout: 258 seconds]
07:39 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
07:40 -!- wlarip [~wlarip@108.61.123.66] has joined #openvpn
07:41 -!- wlarip- [~wlarip@209.26.240.148] has quit [Ping timeout: 265 seconds]
07:46 < TyrfingMjolnir> UDP or TCP?
07:46 < TyrfingMjolnir> Which public port?
07:47 < apollo13> ?
07:49 <+esde> por que?
07:53 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
07:54 < TyrfingMjolnir> UDP 443
07:54 < TyrfingMjolnir> A good option?
07:55 -!- valentin- [valentin@unaffiliated/ivali] has quit [Ping timeout: 264 seconds]
07:55 < apollo13> TyrfingMjolnir: why not just use the iana assigned port?
07:55 < apollo13> ie 1194 or whatever the default was
07:56 < TyrfingMjolnir> Blocked for too many public plases
07:56 < apollo13> lol
07:56 < apollo13> and you think udp 443 is not?
07:56 < apollo13> any sensible firewall will block udp 443
07:56 < TyrfingMjolnir> tcp 443 bettter?
07:56 < apollo13> as long as the firewall does not do deep packet inspection, yes
07:56 < apollo13> otherwise, you will still get blocked
07:56 < TyrfingMjolnir> Actually so far less places has blocked udp 443 than tcp 1194
07:57 < TyrfingMjolnir> I have been running openvpn since 2012
07:57 < TyrfingMjolnir> UDP 443 is the most problematic service yet
07:57 < TyrfingMjolnir> TCP 443 might be perfect
07:58 < apollo13> I am certainly running it longer than that, but most networks I am in either block everything aside from http/https or allow access to known VPN ports
07:58 < TyrfingMjolnir> TCP 1194 covers 80%
07:58 < apollo13> ie in university networks so you can connect to your home university
07:58 < apollo13> in that regard setting up ipsec might even be better
07:58 < TyrfingMjolnir> UDP 53 would be ideal from my perspective
07:58 < TyrfingMjolnir> ipsec?
07:58 < TyrfingMjolnir> Is that Cisco's VPN?
07:58 < apollo13> no, ipsec is ipsec
07:59 < apollo13> cisco has an implementation of it yes
07:59 < TyrfingMjolnir> AFAIK everything that has to do with timing works perfectly inside OpenVPN, while with ipsec, sync is off
07:59 < TyrfingMjolnir> In particular for FreeSWITCH
07:59 < apollo13> TyrfingMjolnir: not sure in which networks you are, but in my networks sending any traffic over udp port 53 which is not dns will get blocked
08:00 < apollo13> timing what? oO
08:00 < apollo13> I do not know freeswitch
08:00 < TyrfingMjolnir> video and sound
08:00 < TyrfingMjolnir> freeswitch is a SIP phone server
08:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:01 <+esde> TyrfingMjolnir are you up against a restrictive firewall (think great firewall of china/iran/etc)
08:01 < TyrfingMjolnir> I'd say out in the open
08:02 < TyrfingMjolnir> Schipol, O'Hara, LAX, Osaka, misc hotels
08:03 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Read error: Connection reset by peer]
08:04 < apollo13> doesn't anyconnect use https as transport layer?
08:04 -!- wlarip [~wlarip@108.61.123.66] has quit [Ping timeout: 265 seconds]
08:04 < apollo13> if yes that would be the most resiliant option
08:04 < apollo13> ah, it uses http connect later on *hmm*
08:05 < apollo13> probably also depends on the firewall then
08:06 < TyrfingMjolnir> There are many retarded Firewalls
08:06 -!- wlarip_ is now known as wlarip
08:07 < TyrfingMjolnir> Imagine a world without Windows, we would be able to focus on progress instead of baby sitting
08:16 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
08:18 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
08:18 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:20 <+esde> If a user were up against restrictive firewalls out of their control that consistently block their VPN connections, they could use !obfs and !obfsproxy to get around the firewall.
08:21 < apollo13> esde: doesn't that assume that tor will work? :þ
08:22 <+esde> not afaik
08:23 < apollo13> ah I see
08:25 <+esde> https://community.openvpn.net/openvpn/wiki/TrafficObfuscation
08:25 <@vpnHelper> Title: TrafficObfuscation – OpenVPN Community (at community.openvpn.net)
08:25 <+esde> of course the triggers i referenced will be as useful if not moreso than the link i just provided
08:27 < apollo13> yeah, just read up on the pluggable transport stuff from obsproxy
08:27 < apollo13> I mean the best thing would be to use https as transport, but many firewalls could long running requests fast
08:27 < apollo13> not sure how happy firewall admins are about websockets :þ
08:38 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Ping timeout: 244 seconds]
08:41 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
08:44 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:57 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has joined #openvpn
09:00 -!- wlarip_ [~wlarip@108.61.123.85] has joined #openvpn
09:02 -!- Poster|x is now known as Poster
09:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
09:09 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
09:10 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
09:11 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
09:12 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:16 -!- wlarip_ is now known as wlarip
09:17 -!- dionysus69 [~chatzilla@178.134.212.77] has joined #openvpn
09:22 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
09:24 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:46 -!- Socket- [~kerbooom@pool-96-255-103-79.washdc.fios.verizon.net] has joined #openvpn
09:47 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
09:48 < Socket-> Hello, I have the following config: http://pastebin.centos.org/27961/ and the 192.168.60.0/24 appears to still go through my tunnel. I would like this subnet to NOT go through the tunnel.
09:48 < Socket-> I have confirmed i can connect to devices on the 192.168.60.0/24 when i disconnect from the VPN, but while connected i can not. How do i configure this?
09:49 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
09:50 <@dazo> Socket-: can you provide the output of 'route -n' or 'ip route show'?
09:51 < Socket-> sure, http://pastebin.centos.org/27966/
09:55 < Socket-> looks like my client config is not sending the route, huh?
09:57 <@dazo> the client can't send routes ... only the server .... but your client may not pick up the pushed routes
09:57 < Socket-> Ohh, i put those in my client conf only
09:58 <@dazo> then remove the 'push'
09:59 <@dazo> just add 'route' directly in the client config
09:59 < Socket-> remove both from client?
10:00 < Socket-> Im getting lost.  Do i have to modify mt serverconf to define a route, or can i define it in the client conf?
10:00 -!- wlarip_ [~wlarip@108.61.123.83] has joined #openvpn
10:01 <@dazo> Socket-: push statements won't be handled on the client side.  Push from the server actually pushes options to the client ... so you can either use these 'push' lines in your server config *or* you can just use 'route 192.168.60.0 255.255.255.0 net_gateway' directly in the client config without the push
10:02 < Socket-> Ohh, awesome, thanks that works
10:03 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
10:04 -!- wlarip [~wlarip@108.61.123.85] has quit [Ping timeout: 250 seconds]
10:09 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
10:12 -!- gnerd [~gnerd@172.56.2.204] has joined #openvpn
10:28 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
10:29 -!- gnerd [~gnerd@172.56.2.204] has left #openvpn []
10:30 -!- l30 [~le0@unaffiliated/le0] has quit [Ping timeout: 258 seconds]
10:42 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
10:43 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has joined #openvpn
10:50 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
10:57 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 265 seconds]
11:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
11:04 -!- wlarip_ [~wlarip@108.61.123.83] has quit [Ping timeout: 252 seconds]
11:05 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
11:10 -!- barnex [~barnex@89-67-158-237.dynamic.chello.pl] has joined #openvpn
11:10 < barnex> !welcome
11:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:10 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:10 < barnex> !goal
11:10 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:11 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
11:15 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
11:21 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
11:21 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
11:24 -!- NTQ [~nicolas@p57BB9901.dip0.t-ipconnect.de] has joined #openvpn
11:24 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has quit [Read error: Connection reset by peer]
11:28 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has joined #openvpn
11:34 -!- Blanc [~Blanc@irc.dagon.me] has joined #openvpn
11:34 < Blanc> I just installed the turnkeylinux openvpn server on a VPS, anyone know the default root pass?
11:37 <+esde> consult your VPS provider or whomever put it together
11:38 < Blanc> checking with em now
11:38 <+esde> FYI turnkeylinux is not an official openvpn product (AFAIK)
11:39 <+esde> on the homepage it says "Credentials (passwords set at first boot):"
11:39 < Blanc> see
11:39 < Blanc> but VPS
11:39 < Blanc> so I don't get first boot
11:40 <+esde> see but it's not an official openvpn product, so none of us have any clue what the password is
11:41 < Blanc> right....sorry.
11:43 -!- NTQ [~nicolas@p57BB9901.dip0.t-ipconnect.de] has quit [Quit: Leaving.]
11:44 -!- NTQ [~nicolas@p57BB9901.dip0.t-ipconnect.de] has joined #openvpn
11:46 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:47 < barnex> Hello
11:47 < barnex> My goal is to get to the LAN that my vpn server is a part of.
11:48 <+esde> !serverlan
11:48 <+esde> i think
11:48 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
11:48 < barnex> oh
11:48 < barnex> you guys have everything automated
11:48 < barnex> thanks :-)
11:49 < barnex> !ipforward
11:49 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
11:49 < barnex> !linipforward
11:49 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
11:49 < barnex> btw, will openvpn work through ssh tunnel?
11:50 < barnex> not that it should, I just want to test it before I can get the port forwarded.
11:52 < barnex> !route
11:52 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
11:52 <@vpnHelper> client
11:52 -!- Blanc [~Blanc@irc.dagon.me] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
11:58 -!- Blanc [~Blanc@irc.dagon.me] has joined #openvpn
11:58 < Blanc> So I figured out the OS level crap
11:58 < Blanc> now openvpn isn't being nice
12:00 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
12:00 -!- wlarip_ [~wlarip@108.61.123.82] has joined #openvpn
12:00 -!- Blanc is now known as Blanc|AFK
12:01 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
12:01 -!- mode/#openvpn [+v s7r] by ChanServ
12:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 255 seconds]
12:05 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has quit [Ping timeout: 256 seconds]
12:06 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
12:08 -!- barnex [~barnex@89-67-158-237.dynamic.chello.pl] has quit [Ping timeout: 252 seconds]
12:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:18 -!- dionysus69 [~chatzilla@178.134.212.77] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.1/20150513174244]]
12:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
12:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:24 -!- mode/#openvpn [+o mattock1] by ChanServ
12:25 < Thermi> Hello, I'm trying to use client-config-dir, but openvpn always tells me that the files in the directory are inaccessible
12:25 < Thermi> https://bpaste.net/show/f431efe9cd8e
12:25 < Thermi> https://bpaste.net/show/d3f97669ad1c
12:26 < Thermi> I can't make any sense of it
12:27 < Thermi> Nvm, parent dir /etc/openvpn wasn't accessible
12:30 -!- Socket- [~kerbooom@pool-96-255-103-79.washdc.fios.verizon.net] has quit [Quit: Changing server]
12:36 -!- Blanc|AFK is now known as Blanc
12:36 -!- MrsSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
12:36 -!- MrSavage [~MrSavage@unaffiliated/mrsavage] has quit [Read error: Connection reset by peer]
12:38 < Thermi> I would like to route two subnets over an IP from the ip pool. OpenVPN tells me, that I cannot use route in that context. My goal is have roadwarriors and gateways on the same openvpn isntance.
12:38 < Thermi> *instance
12:38 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:40 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has quit [Ping timeout: 255 seconds]
12:40 <@dazo> !clientlan
12:40 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
12:40 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
12:41 <@dazo> Thermi: ^^
12:41 <@dazo> !serverlan
12:41 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
12:41 < Thermi> !iroute
12:41 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
12:43 -!- syedomar [~so@175.142.186.69] has joined #openvpn
12:43 < syedomar> hi. where do i go for question about openvpn-connect (android)
12:43 <+esde> !android
12:43 <@vpnHelper> "android" is (#1) available as OpenVPN for Android as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html or (#2) Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android or (#3) Old (pre-ICS) device? See !android-old
12:44 <+esde> s/openvpn-connect/openvpn for android
12:44 <+esde> then ask away! :D
12:45 < syedomar> err
12:45 -!- Blanc [~Blanc@irc.dagon.me] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
12:45 <+esde> http://cowboyjob.com/post/7450085/meh-we-prefer-not-to-wade-through-it-anyways
12:45 <@vpnHelper> Title: meh we prefer not to wade through it anyways | cowboyjob.com (at cowboyjob.com)
12:45 < syedomar> my phone is connected to the server, but there is no internet
12:45 <+esde> out of context quotes are great
12:46 <+esde> syedomar please see !welcome, will we need your !goal, !logs, and !configs to be helpful
12:46 <+esde> krzee ^
12:49 < syedomar> !welcome
12:49 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:49 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:49 < syedomar> !logs
12:49 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
12:53 < syedomar> esde: thank you so much
12:54 <+esde> for? you haven't provided anything for us to glean anything useful from, yet
12:55 < syedomar> ill search for it, and come back here
13:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
13:04 -!- wlarip_ [~wlarip@108.61.123.82] has quit [Ping timeout: 256 seconds]
13:12 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
13:15 < syedomar> logs on android > Connected via tun, EVENT: CONNECTED
13:16 <+esde> That does not count as "logs on android" we need the complete log, or a significant portion of it, up to the point of failure or bad behavior
13:16 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
13:16 <+esde> we will also need the server-side logs and !configs
13:27 < syedomar> server.conf http://pastebin.com/q6S8Cc0d
13:28 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
13:29 <+esde> We will not review configs without commenting removed. Please see !configs
13:30 < syedomar> oo
13:30 < syedomar> !configs
13:30 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:33 < syedomar> server > http://pastebin.com/VvnGBFKx client > http://pastebin.com/ntf5WY9E
13:33 < syedomar> OS archlinux
13:35 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Quit: Sto andando via]
13:37 <+esde> !linipforward
13:37 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
13:38 <+esde> !iptables-save
13:38 <+esde> !iptables-rules
13:38 <@vpnHelper> "iptables-rules" is When posting iptables rules, please use the `iptables-save` syntax as it is easiest to read. While we try to be helpful, #netfilter may be more appropriate for complex netfilter issues
13:38 <+esde> please check the !linipforward factoid, then post your output from iptables-save
13:40 < syedomar> net.ipv4.ip_forward = 1 < done
13:47 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:48 < syedomar> i never set iptables before
13:49 < syedomar> it wont affect others like ssh, rtorrent, right?
13:50 <+esde> !iptables
13:50 <@vpnHelper> "iptables" is (#1) To test if netfilter ("iptables rules") are your problem, disable all rules with an ACCEPT policy. See https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules for a script to do this. or (#2) See also the manpage section on firewalls at this link: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbBG or (#3) These are just the basics to get you started
13:50 <@vpnHelper> as firewall design is beyond this channel's scope; you can also see #netfilter
13:51 <+esde> it sounds like your missing a rule to route the openvpn traffic
13:51 < syedomar> ic
14:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
14:05 < syedomar> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
14:05 < syedomar> done it
14:05 < syedomar> esde: thank you
14:05 <+esde> great yw
14:12 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
14:14 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Read error: Connection reset by peer]
14:37 -!- dazo is now known as dazo_afk
14:47 -!- wlarip_ is now known as wlarip
14:54 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
14:54 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
14:54 -!- r8b7xy is now known as rafi
14:55 -!- rafi is now known as r8b7xy
15:00 -!- wlarip_ [~wlarip@108.61.123.89] has joined #openvpn
15:03 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
15:03 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
15:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
15:32 -!- Pyrogerg [~Gregory@192.67.133.200] has joined #openvpn
15:33 -!- Pyrogerg [~Gregory@192.67.133.200] has quit [Client Quit]
15:41 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 265 seconds]
15:47 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
15:47 -!- mode/#openvpn [+o syzzer] by ChanServ
15:47 -!- DelphiWorld [~HyperVoIp@openvpn/user/DelphiWorld] has joined #openvpn
15:48 -!- mode/#openvpn [+v DelphiWorld] by ChanServ
15:48 <+DelphiWorld> hey OpenVPNist
15:48 <+DelphiWorld> auth user pass
15:48 <+DelphiWorld> is there any way to save my user/pass into a file?
15:50 <+esde> !pwfile
15:50 <@vpnHelper> "pwfile" is (#1) OpenVPN will only read passwords from a file if it has been built with the --enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in config-win32.h or (#2) see --auth-user-pass in the manual (!man) for more info or (#3) if you're using this with the windows service, you will need --askpass
15:51 <+DelphiWorld> esde: lol:P
15:51 <+DelphiWorld> thank
15:51 <+DelphiWorld> i got it
15:55 -!- fixi [~fixi@unaffiliated/fixi] has joined #openvpn
15:59 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:00 -!- wlarip [~wlarip@108.61.123.85] has joined #openvpn
16:03 -!- wlarip_ [~wlarip@108.61.123.89] has quit [Ping timeout: 244 seconds]
16:09 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 252 seconds]
16:19 -!- syedomar [~so@175.142.186.69] has quit [Quit: leaving]
16:19 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:26 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has quit [Quit: Searching for Waimea]
16:27 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
16:34 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
16:34 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:35 -!- badon_ is now known as badon
16:35 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 265 seconds]
16:38 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
16:56 -!- TyrfingMjolnir_ [~Tyrfing@90.149.171.52] has joined #openvpn
16:57 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has quit [Ping timeout: 265 seconds]
16:57 -!- TyrfingMjolnir_ is now known as TyrfingMjolnir
17:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:01 -!- NTQ [~nicolas@p57BB9901.dip0.t-ipconnect.de] has quit [Quit: Leaving.]
17:04 -!- wlarip [~wlarip@108.61.123.85] has quit [Ping timeout: 256 seconds]
17:13 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
17:13 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
17:14 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
17:14 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
17:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:24 -!- DelphiWorld [~HyperVoIp@openvpn/user/DelphiWorld] has quit [Quit: if you think you can't do something then you're thinking it WRONG!]
17:25 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:27 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Ping timeout: 276 seconds]
17:39 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
17:54 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 240 seconds]
17:59 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
18:00 -!- neonixcoder [~surendra@59.167.66.240] has joined #openvpn
18:00 -!- wlarip [~wlarip@108.61.123.79] has joined #openvpn
18:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
18:27 <+esde> http://arstechnica.com/security/2015/05/the-moose-is-loose-linux-based-worm-turns-routers-into-social-network-bots/
18:27 <@vpnHelper> Title: The Moose is loose: Linux-based worm turns routers into social network bots | Ars Technica (at arstechnica.com)
18:28 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Ping timeout: 272 seconds]
18:41 < Spec> esde: good thing i protect my ...telnet accessible routers via rot13
18:46 < Spec> !route
18:46 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
18:48 <+esde> http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pdf technical paper for those interested beyond the article
18:48 < Spec> So I got the above RoutedLans working as I want with two caveats: 1.) I want to specify the IP a specific client gets (ie; client-configs/client1 has in it the ifconfig-push and appropriate iroute). And 2.) I had to set the gateway for the route with the IP provided to the client (in ifconfig-push)
18:49 < Spec> It's fine for me to keep this IP in two places in configs (in my server config, with "route network mask client1ip" and in client-configs/client1 for ifconfig-push,
18:49 < Spec> ...but I was wondering if there was a simpler way?
19:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
19:01 < Spec> Oh, i see: https://community.openvpn.net/openvpn/ticket/90
19:01 <@vpnHelper> Title: #90 (server side route statements are affected by 'topology subnet') – OpenVPN Community (at community.openvpn.net)
19:03 < Spec> and also this, which indicates it might be fixed maybe in 2.3.5 https://community.openvpn.net/openvpn/ticket/55
19:03 <@vpnHelper> Title: #55 (After enabling "topology subnet" no route settings for server) – OpenVPN Community (at community.openvpn.net)
19:04 -!- wlarip [~wlarip@108.61.123.79] has quit [Ping timeout: 272 seconds]
19:27 -!- wlarip_ is now known as wlarip
19:59 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
20:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
20:34 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 264 seconds]
20:37 -!- codebam [codebam@gateway/shell/yourbnc/x-gyspprojifmxzfxc] has quit [K-Lined]
20:38 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
20:38 -!- codebam [codebam@gateway/shell/yourbnc/x-agyoyzgyjtluvytq] has joined #openvpn
20:45 -!- cylon512 [~cylon@2.92.156.101] has quit [Read error: Connection reset by peer]
20:46 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
21:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
21:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
22:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
22:12 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 248 seconds]
22:24 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 264 seconds]
22:32 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Quit: o_O_o]
23:00 -!- wlarip [~wlarip@108.61.123.73] has joined #openvpn
23:03 -!- julius_ [~julius_@p3EE289A3.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]
23:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
23:04 -!- julius_ [~julius_@p3EE29CD7.dip0.t-ipconnect.de] has joined #openvpn
23:13 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:23 -!- ShadniX [dagger@p5794129F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:24 -!- ShadniX_ [dagger@p579413B9.dip0.t-ipconnect.de] has joined #openvpn
23:24 -!- ShadniX_ is now known as ShadniX
23:25 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
23:28 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
23:29 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
23:31 < Raku_> It would probably be more beneficial if it errored saying "you need x version of os_name" instead of complaining about the gnutls version, seeing as you cant even get the newer version of gnutls unless youre on the newer os version
23:32 < Raku_> Ack, oops wrong channel
23:37 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
23:37 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
23:49 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
--- Day changed Thu May 28 2015
00:00 -!- wlarip_ [~wlarip@108.61.123.88] has joined #openvpn
00:04 -!- wlarip [~wlarip@108.61.123.73] has quit [Ping timeout: 265 seconds]
00:35 -!- sppadic [~sppadic@90.216.134.198] has joined #openvpn
00:41 -!- pr0tlogic [~NoFace@96-40-118-157.dhcp.rvsd.ca.charter.com] has joined #openvpn
00:45 -!- pr0tlogic [~NoFace@96-40-118-157.dhcp.rvsd.ca.charter.com] has left #openvpn []
00:53 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:04 -!- wlarip_ [~wlarip@108.61.123.88] has quit [Ping timeout: 256 seconds]
01:35 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
01:54 -!- avril [~L@I.thought.this.was.dalnet.ca] has quit [Ping timeout: 252 seconds]
01:55 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
01:56 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 252 seconds]
01:57 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
02:00 -!- wlarip_ [~wlarip@108.61.123.87] has joined #openvpn
02:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
02:04 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:05 -!- wlarip_ is now known as wlarip
02:09 -!- hojgaard [~dh@78.156.117.236] has quit [Disconnected by services]
02:10 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
02:10 -!- hojgaard [~dh@78.156.117.236] has quit [Disconnected by services]
02:11 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
02:12 -!- hojgaard [~dh@78.156.117.236] has quit [Disconnected by services]
02:13 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
02:15 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
02:20 -!- hojgaard [~dh@78.156.117.236] has quit [Disconnected by services]
02:21 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
02:21 -!- hojgaard [~dh@78.156.117.236] has quit [Disconnected by services]
02:21 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
02:22 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
02:22 -!- hojgaard [~dh@78.156.117.236] has quit [Disconnected by services]
02:22 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
02:22 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
02:22 -!- hojgaard [~dh@78.156.117.236] has quit [Disconnected by services]
02:23 -!- sppadic [~sppadic@90.216.134.198] has quit [Read error: Connection reset by peer]
02:23 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
02:29 < Abbott> I am using the same client.cfg on both my android phone (with the openvpn app) and my windows laptop (using openvpn gui) and I am able to route traffic through the vpn on both, but I can only access other machines on my LAN with my phone. I am running a web application on 192.168.1.100:8081 on my VPN lan and when I try to access it on my laptop using chrome I get ERR_CONNECTION_REFUSED
02:29 < Abbott> Is this a windows or chrome problem or would there be any other reason this would happen?
02:38 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
02:40 -!- awk [~awk@alpha.security.web.za] has left #openvpn []
02:44 -!- jvelasquez [~jvelasque@haw25-75.hawcc.hawaii.edu] has quit [Quit: Leaving]
02:46 -!- neonixcoder [~surendra@59.167.66.240] has quit [Ping timeout: 258 seconds]
03:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
03:04 -!- wlarip [~wlarip@108.61.123.87] has quit [Ping timeout: 276 seconds]
03:14 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Quit: Leaving]
03:34 -!- julius_ [~julius_@p3EE29CD7.dip0.t-ipconnect.de] has left #openvpn ["Leaving"]
03:38 -!- cylon512 [~cylon@2.92.156.101] has quit [Ping timeout: 252 seconds]
03:38 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
03:39 -!- Gintaras [irc.omnite@77.241.206.82] has joined #openvpn
04:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
04:01 -!- cylon512 [~cylon@2.92.156.101] has quit [Quit: leaving]
04:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
04:13 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
04:16 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
04:22 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
04:43 -!- ozux [~root@unaffiliated/ozux] has joined #openvpn
05:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
05:01 -!- dazo_afk is now known as dazo
05:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
05:09 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has joined #openvpn
05:14 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
05:39 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
05:46 -!- early [~early@2607:5300:100:200::160d] has quit [Ping timeout: 272 seconds]
05:47 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
05:47 -!- avium [~avium@2607:5300:60:40bf::1] has quit [Ping timeout: 265 seconds]
05:47 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 272 seconds]
05:48 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 265 seconds]
05:52 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
05:52 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has quit [Ping timeout: 264 seconds]
05:52 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 272 seconds]
05:53 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
05:54 -!- cylon512 [~cylon@2.92.156.101] has quit [Client Quit]
05:54 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has joined #openvpn
05:55 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
05:59 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
06:00 -!- cluelessperson [~cluelessp@cpe-70-119-227-176.tx.res.rr.com] has joined #openvpn
06:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:00 < cluelessperson> hey guys, I'm having difficulty.  my clients can connect to the server and ping each other, but all internet traffic stops at the server.
06:00 < cluelessperson> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o p1p1 -j MASQUERADE
06:01 < cluelessperson> I just did that, same occurence.
06:01 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 256 seconds]
06:02 < cluelessperson> !welcome
06:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
06:02 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:02 < cluelessperson> !route
06:02 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server
06:02 <@vpnHelper> or client
06:02 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Quit: Sto andando via]
06:04 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Quit: elfixit]
06:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
06:05 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
06:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 265 seconds]
06:22 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 256 seconds]
06:22 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
06:25 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
06:36 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Ping timeout: 272 seconds]
06:36 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
06:45 -!- vargeux [~vargeux@modemcable068.192-81-70.mc.videotron.ca] has joined #openvpn
06:45 < vargeux> Hi
06:46 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 258 seconds]
06:46 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
06:47 < vargeux> is there a way for a client to connect to a failover server and connect back to the main server if available?.
06:49 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
06:49 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
06:52 -!- dionysus69 [~chatzilla@178.134.100.122] has joined #openvpn
06:54 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 272 seconds]
06:58 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
07:00 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
07:02 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:03 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
07:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8981:fe0c:ef3:908c] has quit [Remote host closed the connection]
07:26 -!- avium [~avium@2607:5300:60:40bf::1] has joined #openvpn
07:27 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
07:27 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
07:27 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
07:27 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:28 -!- mode/#openvpn [+o mattock] by ChanServ
07:41 -!- vargeux [~vargeux@modemcable068.192-81-70.mc.videotron.ca] has quit [Quit: leaving]
08:11 -!- dionysus69 [~chatzilla@178.134.100.122] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.1/20150513174244]]
08:12 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
08:13 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has joined #openvpn
08:20 -!- dazo is now known as dazo_afk
08:21 -!- Malsasa [~Malsasa@36.81.98.197] has joined #openvpn
08:29 -!- dazo_afk is now known as dazo
08:29 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has quit [Ping timeout: 258 seconds]
08:31 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has quit [Ping timeout: 255 seconds]
08:40 -!- crdil [~crdil@unaffiliated/cardiel] has quit [Quit: WeeChat 1.1.1]
08:47 -!- jthunder_ [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Ping timeout: 256 seconds]
08:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
08:53 -!- Malsasa [~Malsasa@36.81.98.197] has quit [Remote host closed the connection]
09:04 -!- wlarip [~wlarip@209.26.240.148] has quit [Ping timeout: 250 seconds]
09:09 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:10 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
09:39 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:39 -!- john-soda [~john-soda@178.162.199.66] has joined #openvpn
09:42 -!- sysanthrope [~sysanthro@130.203.77.216] has joined #openvpn
09:45 -!- bruxC [~bruxC@66.63.84.178] has quit [Ping timeout: 265 seconds]
09:54 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
10:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
10:07 -!- esde [~esde@openvpn/user/esde] has quit [Quit: .]
10:08 -!- Latrina [~Latrina@ppp-160-19.26-151.libero.it] has quit [Ping timeout: 244 seconds]
10:09 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
10:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:10 -!- mode/#openvpn [+o mattock1] by ChanServ
10:10 -!- Latrina [~Latrina@adsl-ull-15-203.50-151.net24.it] has joined #openvpn
10:11 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 276 seconds]
10:13 -!- Latrina [~Latrina@adsl-ull-15-203.50-151.net24.it] has quit [Client Quit]
10:21 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has quit [Ping timeout: 256 seconds]
10:21 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has joined #openvpn
10:39 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
10:39 -!- mode/#openvpn [+v esde] by ChanServ
10:40 -!- sysanthrope [~sysanthro@130.203.77.216] has quit [Remote host closed the connection]
10:45 -!- dazo is now known as dazo_afk
10:45 -!- john-soda [~john-soda@178.162.199.66] has quit [Quit: Leaving]
10:49 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
11:00 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
11:06 -!- Latrina [~Latrina@ppp-219-46.26-151.libero.it] has joined #openvpn
11:15 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
11:18 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 265 seconds]
11:30 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
11:35 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
11:38 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 240 seconds]
11:41 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
11:53 -!- sysanthrope [~sysanthro@ip-64-134-243-42.public.wayport.net] has joined #openvpn
12:06 -!- sysanthrope [~sysanthro@ip-64-134-243-42.public.wayport.net] has quit [Ping timeout: 256 seconds]
12:19 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
12:20 < cluelessperson> hey guys
12:34 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
12:38 -!- Latrina [~Latrina@ppp-219-46.26-151.libero.it] has quit [Ping timeout: 272 seconds]
12:38 -!- wlarip_ [~wlarip@108.61.123.85] has joined #openvpn
12:40 -!- Latrina [~Latrina@adsl-ull-126-217.50-151.net24.it] has joined #openvpn
12:41 -!- wlarip [~wlarip@209.26.240.148] has quit [Ping timeout: 265 seconds]
12:43 -!- Maxux [~Maxux@clea.maxux.net] has joined #openvpn
12:43 < Maxux> Hello world
12:43 < Maxux> I hit a problem with openvpn which flood my logs
12:44 -!- wlarip_ is now known as wlarip
12:44 < Maxux> When the network is unreachable, openvpn seems to try to reconnect with an infinite loop without sleep
12:44 < Maxux> And that's hurt my logs
12:44 < Maxux> effy log # grep openvpn messages | grep 'Network is unreachable' | wc -l
12:44 < Maxux> 23729422
12:45 < Maxux> Somebody already had this issue ?
12:45 < Maxux> openvpn-2.3.6-r2 on Gentoo
12:47 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
12:57 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:03 -!- Blanc [~Blanc@irc.dagon.me] has joined #openvpn
13:04 -!- wlarip [~wlarip@108.61.123.85] has quit [Ping timeout: 272 seconds]
13:09 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
13:12 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
13:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:18 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-65-104-122.hsd1.la.comcast.net] has joined #openvpn
13:20 -!- pedahzur [~jkugler@216-67-98-32.static.acsalaska.net] has joined #openvpn
13:23 < pedahzur> Howdy all! I think I've hit a bug.  If I use this command line:  sudo openvpn --config client.ovpn --auth-retry interact, I am prompted for my username, password, then when auth "fails" I am prompted for my second-factor key.  However, if I add this: "--auth-user-pass up" the first part of auth succeeds, but when it "fails" due to the second factor, instead of falling back to "interact" it just fails and trys to auth all over.  Does --
13:23 < pedahzur> auth-user-pass up "override" --auth-retry interact somehow?
13:23 < cluelessperson> Hey guys, I'm setting up an openvpn server.
13:24 <+esde> Congratulations
13:24 < cluelessperson> I've been having to do NAT routing via ip tables to enable client internet access
13:24 < cluelessperson> My understanding is that this is the incorrect way to handle it, can you inform me what the proper way would be?
13:24 < cluelessperson> rather than this "nat-hack" ?
13:26 < cluelessperson> iptables -t nat -I POSTROUTING -o p1p1 -s 10.8.0.0/24 -j MASQUERADE
13:26 < DArqueBishop> I've always understood that to be the correct way to handle it on Linux.
13:27 < cluelessperson> DArqueBishop:  ah.  I wound up also installing iptables-persistent  to retain the settings.  Feels hacky, but if it works. -0-
13:29 <+esde> allow me to make an ass of myself, but why does it feel hacky? how else would the system know how to route the traffic?
13:40 -!- wlarip_ [~wlarip@108.61.123.87] has joined #openvpn
13:44 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
13:55 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
13:56 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has joined #openvpn
14:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:04 -!- wlarip_ [~wlarip@108.61.123.87] has quit [Ping timeout: 256 seconds]
14:06 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 250 seconds]
14:08 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-65-104-122.hsd1.la.comcast.net] has quit [Ping timeout: 255 seconds]
14:08 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
14:14 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has joined #openvpn
14:24 -!- gerchla [~sijuendr@faui06a.informatik.uni-erlangen.de] has quit [Remote host closed the connection]
14:34 -!- Blanc is now known as Blanc|AFK
14:38 -!- pedahzur [~jkugler@216-67-98-32.static.acsalaska.net] has quit [Read error: Connection reset by peer]
14:45 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
14:46 -!- cluelessperson [~cluelessp@cpe-70-119-227-176.tx.res.rr.com] has quit [Ping timeout: 265 seconds]
14:48 -!- Blanc|AFK is now known as Blanc
14:54 -!- grendal_prime [~sgraham@99.22.153.166] has joined #openvpn
14:58 -!- Blanc is now known as Blanc|AFK
15:00 -!- wlarip_ [~wlarip@108.61.123.86] has joined #openvpn
15:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
15:04 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 265 seconds]
15:06 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
15:06 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 240 seconds]
15:06 < grendal_prime> on my openvpn server needs some routes added after the vpn is up and working. does anybody know the best way to add those routes to a linux server automatically?
15:07 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
15:09 -!- themayor_ [98b3383e@gateway/web/freenode/ip.152.179.56.62] has joined #openvpn
15:10 < themayor_> I have a quick question, do we absolutely need to buy license to let clients connect to an openvpn server or is that only a paid option and there is still a free option available?
15:12 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Read error: Connection reset by peer]
15:12 -!- pedahzur [~jkugler@216-67-98-32.static.acsalaska.net] has joined #openvpn
15:15 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 264 seconds]
15:15 < Spec> themayor_: i think the licensing is only for openvpn access server
15:16 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
15:16 < Spec> themayor_: https://openvpn.net/index.php/access-server/section-faq-openvpn-as/32-general/225-compare-openvpn-community-and-enterprise-editions-.html
15:16 <@vpnHelper> Title: OpenVPN Product Comparison (at openvpn.net)
15:16 < themayor_> Spec: ah thats the appliance with the gui on top of it or whatever, right?
15:16 < Spec> i suppose
15:17 < Spec> you get a lot of those enterprisey features by using puppet w/ openvpn though
15:17 < Spec> pre-configured client ovpn files, automated cert creation, easy deployments, etc ;)
15:17 < Spec> i've never used access server, so i wouldn't know
15:17 < themayor_> do you know if a standard non-access server openvpn can authenticate against active directory because part of the data is on a windows machine joined to domain?
15:18 < themayor_> meaning the app i need to access is running on windows machines and has users set up through active directory
15:19 < themayor_> essentially i just want to set up openvpn server inside the network and have it auth against AD and then just vpn in as that username from the outside location
15:19 < themayor_> or create a site-to-site vpn connection and leave the connection always open
15:19 < Spec> well, it does say ldap auth is an access server feature
15:19 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
15:19 < Spec> but i have no experience with that
15:20 < themayor_> its kind of crazy how they write all this closed source stuff on top of it
15:20 < themayor_> simple things like ldap auth shoudnt be closed
15:21 <+esde> grendal_prime what do you mean?
15:21 < themayor_> not trying to knock anyone just leaves a little but of a bad taste
15:21 <+esde> lol
15:21 <+esde> community and AS are apples and oranges
15:21 < Spec> themayor_: well, you're using AD
15:21 < Spec> so
15:22 < Spec> it appears there are free plugins for ldap authentication though
15:22 <+esde> Also, who is this "they" themayor_?
15:22 < Spec> https://github.com/chantra/openvpn-ldap-auth
15:22 <@vpnHelper> Title: chantra/openvpn-ldap-auth · GitHub (at github.com)
15:23 < grendal_prime> esde,  i guess what im really asking is can i add routes for a dev that doesnt yet exist. Its more a linux question than an openvpn question.
15:23 <+esde> maybe if you state your !goal, we can help more, but i'm still unsure of what you are asking
15:24 < grendal_prime> on my openvpn server needs some routes added after the vpn is up and working. does anybody know the best way to add those routes to a linux server automatically?
15:24 < themayor_> Spec: I didn't write the software that uses AD
15:24 < themayor_> Spec: nor did I install it
15:24 <+esde> please share the routes you're referring to grendal_prime
15:24 < themayor_> Spec: I just unfortunately have to deal with it nw
15:24 < themayor_> now
15:24 < Spec> themayor_: :)
15:25 < Spec> themayor_: google shows there are aways to do ldap authentication with community version
15:25 < Spec> but the complexities quickly increase
15:25 <+esde> themayor_ if you want AD, get AS and deal with the closed-source nature. If not, create your own solution or work with the ones that exist.
15:25 <+esde> No one is going to do it for you.
15:26 <+esde> there's a factoid vpnHelper could serve regarding AD auth, but it's hacky and very stale. There are much better solutions that you can find on your own.
15:27 < Spec> I would recommend AS since you're already invested in proprietary software
15:27 < Spec> and you support openvpn :)
15:28 <+esde> !iptables-route
15:29 <+esde> !iptables-rules
15:29 <@vpnHelper> "iptables-rules" is When posting iptables rules, please use the `iptables-save` syntax as it is easiest to read. While we try to be helpful, #netfilter may be more appropriate for complex netfilter issues
15:29 <+esde> !pastebin
15:29 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
15:29 <+esde> grendal_prime please use iptables-save and pastebin to share the routes you're asking about
15:32 < themayor_> well im off to play around. will respond back soon about the outcome
15:32 < themayor_> everything here is actually linux
15:33 < themayor_> just some old SAP piece of crap is running on windows server
15:33 < themayor_> but its critical to everyone here
15:33 <+esde> ok
15:37 -!- themayor_ [98b3383e@gateway/web/freenode/ip.152.179.56.62] has quit [Quit: Page closed]
15:45 -!- grendal_prime [~sgraham@99.22.153.166] has quit [Quit: Ex-Chat]
15:46 -!- grendal_prime [~sgraham@99.22.153.166] has joined #openvpn
15:46 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Quit: elfixit]
15:47 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
15:50 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 250 seconds]
15:51 < pedahzur> Anybody have any idea about my question above (
15:51 < pedahzur> (--auth-retry interact not working with --auth-user-pass up)
15:51 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
15:53 -!- grendal_prime [~sgraham@99.22.153.166] has quit [Ping timeout: 265 seconds]
15:54 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Quit: elfixit]
15:58 -!- grendal_prime [~sgraham@99.22.153.166] has joined #openvpn
16:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
16:03 -!- grendal_prime [~sgraham@99.22.153.166] has quit [Ping timeout: 265 seconds]
16:03 -!- wlarip_ [~wlarip@108.61.123.86] has quit [Ping timeout: 244 seconds]
16:10 < Codmadnesspro> When I access my openvpnas I get ERR_SSL_PROTOCOL_ERROR?
16:28 < DArqueBishop> !as
16:28 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
16:33 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:36 -!- s7eele [~AndChat52@208.167.254.206] has quit [Remote host closed the connection]
16:37 -!- s7eele [~AndChat52@208.167.254.206] has joined #openvpn
16:39 -!- s7eele [~AndChat52@208.167.254.206] has quit [Remote host closed the connection]
16:39 -!- s7eele [~AndChat52@208.167.254.206] has joined #openvpn
17:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
17:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:22 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
17:30 < NTQ> Hi there. I've installed and configured OpenVPN for the first time and it works. I was using the HOWTO. Now I want to establish a site-to-site connection to a foreign VPN-Server. This is the configuration I got from them: http://pastebin.com/hbiqbirD
17:30 < NTQ> Unfortunality I don't know where to begin.
17:30 < NTQ> I am Site B. They are Site A.
17:32 -!- cluelessperson [~cluelessp@cpe-70-119-227-176.tx.res.rr.com] has joined #openvpn
17:33 -!- cluelessperson [~cluelessp@cpe-70-119-227-176.tx.res.rr.com] has quit [Read error: Connection reset by peer]
17:33 -!- cluelessperson [~cluelessp@cpe-70-119-227-176.tx.res.rr.com] has joined #openvpn
17:34 -!- cluelessperson [~cluelessp@cpe-70-119-227-176.tx.res.rr.com] has quit [Max SendQ exceeded]
17:34 -!- cluelessperson [~cluelessp@cpe-70-119-227-176.tx.res.rr.com] has joined #openvpn
17:47 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
17:48 -!- cluelessperson [~cluelessp@cpe-70-119-227-176.tx.res.rr.com] has quit [Read error: Connection reset by peer]
17:49 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:58 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
18:00 -!- rhollan [~rhollan@208.85.208.53] has quit [Remote host closed the connection]
18:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
18:10 -!- neonixcoder [~surendra@59.167.66.240] has joined #openvpn
18:34 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: ciao]
18:34 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:37 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:39 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
18:43 -!- wlarip_ is now known as wlarip
19:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
19:03 -!- cylon512 [~cylon@2.92.156.101] has quit [Quit: leaving]
19:03 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 272 seconds]
19:04 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
19:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
19:35 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has joined #openvpn
19:38 -!- john-soda [~john-soda@chello080108021067.2.11.vie.surfer.at] has quit [Quit: Leaving]
19:50 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has quit [Quit: Searching for Waimea]
20:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:03 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has quit [Ping timeout: 264 seconds]
20:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
20:56 -!- Denial- [~Denial@host81-155-43-93.range81-155.btcentralplus.com] has quit [Ping timeout: 244 seconds]
20:56 -!- Denial [~Denial@81.141.4.244] has joined #openvpn
21:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
21:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
21:22 -!- Malsasa [~Malsasa@36.81.98.197] has joined #openvpn
21:29 -!- wlarip_ is now known as wlarip
21:49 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 240 seconds]
21:50 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
22:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
22:08 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
22:11 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
22:14 -!- jollyLibrtarian [~jollylibr@216-15-14-89.c3-0.161-ubr1.lnh-161.md.cable.rcn.com] has joined #openvpn
22:16 < jollyLibrtarian> I can't connect to the Internet when I edit my config file to use 256 bit AES. How do I fix this
22:16 < jollyLibrtarian> I don't want to use Blowfish.
22:17 -!- neonixcoder [~surendra@59.167.66.240] has left #openvpn []
22:22 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 258 seconds]
22:24 -!- jollyLibrtarian [~jollylibr@216-15-14-89.c3-0.161-ubr1.lnh-161.md.cable.rcn.com] has left #openvpn []
22:29 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
22:46 -!- wlarip_ is now known as wlarip
23:00 -!- wlarip_ [~wlarip@108.61.123.72] has joined #openvpn
23:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
23:24 -!- ShadniX [dagger@p579413B9.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:25 -!- ShadniX [dagger@p5481D8C3.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- elfixit [~Icedove@77-58-248-184.dclient.hispeed.ch] has quit [Remote host closed the connection]
23:56 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has joined #openvpn
--- Day changed Fri May 29 2015
00:00 -!- wlarip [~wlarip@108.61.123.85] has joined #openvpn
00:01 -!- hojgaard [~dh@78.156.117.236] has quit [Ping timeout: 276 seconds]
00:04 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
00:04 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
00:04 -!- wlarip_ [~wlarip@108.61.123.72] has quit [Ping timeout: 272 seconds]
00:04 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Read error: Connection reset by peer]
00:04 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
00:12 -!- hojgaard [~dh@78.156.117.236] has joined #openvpn
00:57 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:00 -!- zmachine [~ROCK_@pool-173-58-228-34.lsanca.fios.verizon.net] has joined #openvpn
01:02 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
01:03 -!- zmachine [~ROCK_@pool-173-58-228-34.lsanca.fios.verizon.net] has quit [Client Quit]
01:04 -!- wlarip [~wlarip@108.61.123.85] has quit [Ping timeout: 240 seconds]
01:18 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
01:18 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:18 -!- Gintaras [irc.omnite@77.241.206.82] has quit [Ping timeout: 265 seconds]
01:19 -!- badon_ is now known as badon
01:22 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Ping timeout: 250 seconds]
01:57 -!- r00t^2_ [~bts@g.rainwreck.com] has joined #openvpn
01:59 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:00 -!- wlarip [~wlarip@108.61.123.89] has joined #openvpn
02:00 -!- pedahzur [~jkugler@216-67-98-32.static.acsalaska.net] has quit []
02:01 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 264 seconds]
02:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
02:04 -!- r00t^2_ is now known as r00t^2
02:22 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:25 -!- mode/#openvpn [+o mattock1] by ChanServ
02:29 -!- ivali [valentin@unaffiliated/ivali] has joined #openvpn
02:36 -!- riaqn [~riaqn@unaffiliated/riaqn] has joined #openvpn
02:37 < riaqn> hello, is there any example config of site-to-site?
02:37 < riaqn> I used to use IPsec, but it's not quite good at unstable network.
03:00 -!- wlarip_ [~wlarip@108.61.123.69] has joined #openvpn
03:04 -!- wlarip [~wlarip@108.61.123.89] has quit [Ping timeout: 244 seconds]
03:04 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:10 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has joined #openvpn
03:18 -!- lordawe [~lordawe@229.211.broadband18.iol.cz] has joined #openvpn
03:29 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
03:29 -!- lordawe [~lordawe@229.211.broadband18.iol.cz] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.1/20150513174244]]
03:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
03:53 -!- ChrissKO [~ChrissKO@b2b-130-180-99-2.unitymedia.biz] has joined #openvpn
03:54 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
03:59 -!- julius_ [~julius_@p3EE29CE4.dip0.t-ipconnect.de] has joined #openvpn
04:00 -!- wlarip [~wlarip@108.61.123.71] has joined #openvpn
04:02 -!- Malsasa [~Malsasa@36.81.98.197] has quit [Ping timeout: 256 seconds]
04:04 -!- wlarip_ [~wlarip@108.61.123.69] has quit [Ping timeout: 272 seconds]
04:04 -!- Malsasa [~Malsasa@36.82.83.183] has joined #openvpn
04:13 -!- Malsasa [~Malsasa@36.82.83.183] has quit [Read error: Connection reset by peer]
04:27 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:39 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
04:51 -!- gardar [~gardar@bnc.giraffi.net] has quit [Quit: ZNC - http://znc.in]
04:54 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
04:55 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has joined #openvpn
04:56 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 256 seconds]
05:00 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
05:00 -!- wlarip_ [~wlarip@108.61.123.74] has joined #openvpn
05:04 -!- wlarip [~wlarip@108.61.123.71] has quit [Ping timeout: 252 seconds]
05:05 < NTQ> Hi there. I've installed and configured OpenVPN for the first time and it works. I was using the HOWTO. Now I want to establish a site-to-site connection to a foreign VPN-Server. This is the configuration I got from them: http://pastebin.com/hbiqbirD
05:05 < NTQ> Unfortunality I don't know where to begin. I am Site B. They are Site A.
05:05 -!- wlarip_ is now known as wlarip
05:11 < riaqn> NTQ: same here.. I 'm configuing site-to-site too.
05:11 < riaqn> NTQ: unfoutunately seems nobody will answer you..
05:13 < riaqn> NTQ: for you question, it seems that "they" are using IPsec, which openvpn does not support.
05:13 < riaqn> NTQ: you 'd better use something like strongswan
05:13 < NTQ> openvpn is not able to do ipsec? :(
05:14 < NTQ> I will take a look at strongswan, thank you.
05:16 -!- gardar [~gardar@bnc.giraffi.net] has quit [Quit: ZNC - http://znc.in]
05:19 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
05:26 < riaqn> NTQ: yes. OpenVPN is based on tcp/udp , while IPsec is based on ip. very different.
05:27 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 272 seconds]
05:28 < riaqn> I used to use IPsec, but found it not quite good under unstable networks. So I switched to openvpn.
05:28 < riaqn> but I 'm looking for instructions of site-to-site openvpn.
05:28 < NTQ> Where did you see that "they" want to have an IPSec connection?
05:29 < NTQ> The IKE phases?
05:29 < riaqn> NTQ: "IKE" "ESP", these 're all words in ipsec.
05:29 < NTQ> okay, thank you. It's the first time that I have to do with VPN/IPSec on the server side.
05:32 < riaqn> NTQ: follow this example: http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/ and you 'll find it very,very easy.
05:32 <@vpnHelper> Title: Test ikev2/net2net-psk (at www.strongswan.org)
05:32 -!- r8b7xy [~weechat@104.238.169.83] has quit [Ping timeout: 272 seconds]
05:34 < NTQ> Thank you. I will give it a try
05:34 -!- seba [~seba@kratzbaum.someserver.de] has quit [Excess Flood]
05:37 -!- seba [~seba@kratzbaum.someserver.de] has joined #openvpn
05:45 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
05:46 -!- r8b7xy [~weechat@104.238.169.95] has joined #openvpn
05:47 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Excess Flood]
05:59 -!- dazo_afk is now known as dazo
06:00 -!- wlarip_ [~wlarip@108.61.123.81] has joined #openvpn
06:00 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
06:03 -!- r8b7xy [~weechat@104.238.169.95] has quit [Ping timeout: 264 seconds]
06:04 -!- wlarip [~wlarip@108.61.123.74] has quit [Ping timeout: 252 seconds]
06:05 -!- wlarip_ [~wlarip@108.61.123.81] has quit [Ping timeout: 250 seconds]
06:08 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 255 seconds]
06:16 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
06:17 -!- wlarip [~wlarip@209.26.240.148] has quit [Client Quit]
06:17 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
06:19 -!- r8b7xy [~weechat@104.238.169.16] has joined #openvpn
06:19 -!- wlarip_ [~wlarip@108.61.123.70] has joined #openvpn
06:21 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has joined #openvpn
06:22 -!- wlarip [~wlarip@209.26.240.148] has quit [Ping timeout: 265 seconds]
06:23 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
06:33 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
06:38 -!- julius_ [~julius_@p3EE29CE4.dip0.t-ipconnect.de] has left #openvpn ["Leaving"]
06:46 -!- riaqn [~riaqn@unaffiliated/riaqn] has left #openvpn ["ERC (IRC client for Emacs 24.5.1)"]
06:55 -!- Protected [~Join@atuin.discworld.eu] has joined #openvpn
06:56 < Protected> Noob question: When I ping a host whose preferred route is over an openvpn tap connection, are the icmp packets being sent over the vpn?
06:57 -!- kamika [5f5d8074@gateway/web/freenode/ip.95.93.128.116] has joined #openvpn
06:59 < kamika> Hi
07:00 < kamika> Is it possible to develop you own OpenVPN Client? I making an App, and would like to integrate an OpenVPN client on it... Any help?
07:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:04 -!- wlarip_ [~wlarip@108.61.123.70] has quit [Ping timeout: 250 seconds]
07:12 -!- kamika [5f5d8074@gateway/web/freenode/ip.95.93.128.116] has quit [Ping timeout: 246 seconds]
07:14 -!- r8b7xy [~weechat@104.238.169.16] has quit [Ping timeout: 244 seconds]
07:25 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Read error: Connection reset by peer]
07:28 -!- r8b7xy [~weechat@104.238.169.57] has joined #openvpn
07:48 -!- r8b7xy [~weechat@104.238.169.57] has quit [Ping timeout: 264 seconds]
07:58 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Excess Flood]
08:00 -!- wlarip_ [~wlarip@108.61.123.89] has joined #openvpn
08:03 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
08:04 -!- hojgaard [~dh@78.156.117.236] has quit [Remote host closed the connection]
08:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
08:10 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has quit [Quit: Searching for Waimea]
08:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:37 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
08:43 -!- riaqn [~riaqn@unaffiliated/riaqn] has joined #openvpn
08:43 < riaqn> hmm, openvpn has utilized only 50% of my bandwidth.
08:44 < riaqn> downloading a 100mb file from the server on raw IP is about 1.5Mb/s, while downloaing on OpenVPN is 800kb/s
08:46 < BtbN> Increase your tun-mtu, by a lot
08:48 < riaqn> BtbN: I 've already has 'mtu-test', which says local->remote=[1541,1541] remote->local=[1541,1541]
08:48 < riaqn> BtbN: what should I do then?
08:49 <@dazo> !gigabit
08:49 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
08:50 < BtbN> riaqn, increase it, to something like 10000 or even more
08:50 < BtbN> i think the benchmarks use 90000 or something like that
08:50 <@dazo> riaqn: I don't recall exactly, but I believe those numbers reported there are related to --link-mtu
08:50 < riaqn> BtbN: are you serious? I was only told to decrease MTU when encouter problems.
08:50 < BtbN> the link mtu is fine at 1500, that's what ethernet does
08:51 < BtbN> But openvpn, or rather openssl crypto, get way more efficient at larget batches
08:51 < riaqn> BtbN: okay, where do I add the line? server or client?
08:51 < BtbN> same value on both ends idealy
08:51 < BtbN> tun-mtu sets the mtu value on the tun device
08:52 <@dazo> Look carefully at !gigabit ... it covers tuning quite fine ... there are also --fragment and --mssfix options too worth looking into (need to be added to both sides as well)
08:52 < riaqn> BtbN: okay, let me try..
08:55 < riaqn> BtbN: hmmm. seems no improve.
08:56 < BtbN> But you are using tun and udp? And use somewhat fast CPUs on both ends?
08:56 <@dazo> what kind of encryption?
09:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:01 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
09:01 -!- mode/#openvpn [+v hyper_ch] by ChanServ
09:01 <+hyper_ch> can't get down-root to work anymore on kubuntu 15.04 - not sure if that's related to systemd now....
09:02 <+hyper_ch> https://paste.debian.net/187297/
09:03 < riaqn> BtbN: yes, tun and udp. both cpu load is less then 10% when downloading
09:04 < riaqn> BtbN: how about the default MTU strategy in OpenVPN?
09:05 -!- wlarip_ [~wlarip@108.61.123.89] has quit [Ping timeout: 272 seconds]
09:05 < riaqn> I mean link-mtu. will it detect it or self-adjust?
09:05 <@dazo> hyper_ch: can you boost --verb and see if you get more info?
09:05 <+hyper_ch> dazo: verb 5 now
09:05 <+hyper_ch> set it to 7?
09:05 <@dazo> try 15
09:06 <+hyper_ch> that sounds crazy
09:06 <@dazo> or wait ... let me check the code
09:06 <+hyper_ch> setting it to 15
09:08 <+hyper_ch> dazo: https://paste.debian.net/hidden/ecd131cb/
09:08 <+hyper_ch> line 727 is first mention of down-root
09:09 <@dazo> eww ... you have a --mute which kills some lines :/
09:10 <@dazo> but I think I have something I can look at
09:12 <@dazo> hyper_ch: can you pastbin the openvpn@.service (systemd unit file for openvpn)
09:12 <@dazo> ?
09:12 <+hyper_ch> dazo: with mute commented out I have lots of weird stuff
09:12 <+hyper_ch> dazo: I have no idea where that file is
09:12 <@dazo> systemd status openvpn....whatever-you-do .... it should show the full path to the unit file
09:13 <@dazo> systemctl!  not systemd
09:13 <@dazo> (it's the "Loaded" line which show the unit file)
09:13 <+hyper_ch> dazo: there was some binary stuff in the beginning that I omitted https://paste.debian.net/hidden/f22ad3e0/
09:14 <+hyper_ch> dazo: http://paste.ubuntu.com/11433364/
09:14 <@dazo> hmm ... no capabilities restrictions :/
09:15 <+hyper_ch> the problem is I mount a vpn share in the fstab
09:15 <@dazo> but that file looks like completely wrong
09:15 <@dazo> it doesn't start openvpn at all
09:15 <+hyper_ch> (noauto because I mount it with my start script when I need it as well as my preferred apps)
09:15  * dazo brb
09:15 <+hyper_ch> and on shutdown, it closes openvpn before it umounts that share
09:15 <+hyper_ch> causing a 3-minute-timeout
09:17 -!- syedomar [~so@175.136.90.176] has joined #openvpn
09:17 < syedomar> !iptables
09:17 <@vpnHelper> "iptables" is (#1) To test if netfilter ("iptables rules") are your problem, disable all rules with an ACCEPT policy. See https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules for a script to do this. or (#2) See also the manpage section on firewalls at this link: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbBG or (#3) These are just the basics to get you
09:17 <@vpnHelper> started as firewall design is beyond this channel's scope; you can also see #netfilter
09:17 <+hyper_ch> dazo: tehre's still /etc/init.d/openvpn on the system
09:18 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
09:19 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
09:21 <@dazo> right ... It looks like systemd is not being fully utilized ... and sys-v init scripts are normally run before mount scripts on shutdown
09:21 <@dazo> hyper_ch:  this is a client config, right?
09:21 <+hyper_ch> dazo: yes.... but it seems I didn't uncomment mute before
09:22 <@dazo> that's okay
09:22 <+hyper_ch> let me redo it
09:22 <@dazo> no need
09:23 <@dazo> hyper_ch: try to install this unit file as /etc/systemd/system/openvpn-client@.service ... http://fpaste.org/226961/9381143/raw/
09:24 <+hyper_ch> well, my alternative would now have been to put the umount into the /etc/init.d/openvpn file
09:24 <+hyper_ch> just replace it?
09:24 <+hyper_ch> well, it's not in the path you said
09:25 <@dazo> do a systemctl daemon-reload ... the config file btw must be in /etc/openvpn/client/myconfig.conf ... and you can control the VPN using:  systemctl ... openvpn-client@myconfig
09:25 <+hyper_ch> the file I pastebinned is at /lib/systemd/system/openvpn.service
09:25 <@dazo> it's a different approach for a unit file, which I'm testing out (I'm using this myself) ... and I'll get those upstream openvpn
09:25 <+hyper_ch> so I need to restart that?
09:25 <+hyper_ch> I mean I need to replace that?
09:26 <@dazo> nope, just do as I said ... put my pastebin into /etc/systemd/system/openvpn-client@.service
09:26 <@dazo> the one you pasted did absolutely nothing (it ran /bin/true) ... so just that is odd
09:28 <+hyper_ch> put it into /etc/systemd/system/openvpn-client@.service
09:28 <+hyper_ch> what now?
09:28 <@dazo> systemctl daemon-reload
09:28 <+hyper_ch> wait... I also need to alter paths of the openvpn config files?
09:28 <@dazo> just move/copy the openvpn config file into /etc/openvpn/client
09:29 <@dazo> you might need to create /run/openvpn ... but we can fix that easily
09:30 <+hyper_ch> I did not systemctl daemon-reload
09:30 <+hyper_ch> what next?
09:30 <@dazo> you did not?
09:30 <+hyper_ch> s/not/now/
09:30 <@dazo> ahh :)
09:31 <+hyper_ch> I did create that @.service file and did then systemctl reload
09:31 <+hyper_ch> what next?
09:31 <@dazo> now start your tunnel using:  systemctl start openvpn-client@CONFIGNAME  .... if your openvpn config file is tun0.conf, use tun0 as CONFIGNAME
09:31 <+hyper_ch> openvpn is already running
09:31 <@dazo> you need to kill the old process and start this new one
09:32 <+hyper_ch> failed
09:32 <+hyper_ch> ah, need to symlink to /etc/openvpn/client
09:33 <@dazo> yeah
09:34 <+hyper_ch> still failing
09:34 <@dazo> okay, with the same error as "DOWN-ROOT: Error sending script execution signal to background process" ?
09:34 <+hyper_ch> https://paste.debian.net/hidden/8a191c6f/
09:35 <@dazo> eww ... dash is being translated by systemd into / ...
09:36 <@dazo> could you rename the config file without a dash?  (I'll figure out a fix for that)
09:36 <@dazo> it can't find the config file in /etc/openvpn/client/jus/law.conf.conf
09:36 <+hyper_ch> again failed  https://paste.debian.net/hidden/7bfdfbf7/
09:36 <@dazo> so you should also not add the extension
09:37 <@dazo> Error opening configuration file: jus-law.conf.conf
09:37 <@dazo> just: systemctl start openvpn-client@juslaw  ... not juslaw.conf
09:37 <+hyper_ch> that now worked systemctl start openvpn-client@juslaw
09:38 <+hyper_ch> I think
09:38 <+hyper_ch> no tunnel up
09:38 <@dazo> systemctl status openvpn-client@jus-law
09:38 <+hyper_ch> https://paste.debian.net/hidden/f8727120/
09:38 <+hyper_ch> ifconfig doesn't show a tunnel
09:39 <@dazo> and journal -b -u openvpn-client@jus-law ?
09:39 <+hyper_ch> stopp adding the dash ;)
09:39 <@dazo> sorry! :)
09:39 -!- riaqn [~riaqn@unaffiliated/riaqn] has left #openvpn ["ERC (IRC client for Emacs 24.5.1)"]
09:40 <+hyper_ch> command not found
09:40 <+hyper_ch> root@subi:/etc/openvpn/client# journal -b -u openvpn-client@juslaw
09:40 <+hyper_ch> Der Befehl »journal« wurde nicht gefunden, meinten Sie vielleicht:
09:40 <+hyper_ch>  Befehl »xournal« aus dem Paket »xournal« (universe)
09:40 <+hyper_ch> journal: Befehl nicht gefunden.
09:40 <@dazo> jounralctl
09:40 <@dazo> duh
09:40 <+hyper_ch> journalctl -b -u openvpn-client@juslaw
09:40 <+hyper_ch> -- Logs begin at Fre 2015-05-29 07:46:38 CEST, end at Fre 2015-05-29 16:40:01 CEST. --
09:40 <+hyper_ch> Mai 29 16:37:45 subi systemd[1]: Starting OpenVPN tunnel for juslaw...
09:40 <+hyper_ch> Mai 29 16:37:45 subi systemd[1]: Started OpenVPN tunnel for juslaw.
09:41 <+hyper_ch> still now tunnel with ifconfig
09:41 <@dazo> ahh, you probably log directly into a separate log file, not via syslog
09:41 <@dazo> check the openvpn log :)
09:42 <+hyper_ch> last entry is from 15min ago
09:42 <+hyper_ch> Fri May 29 16:23:23 2015 us=803822 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-plugin-down-root.so/PLUGIN_DOWN status=1
09:42 <+hyper_ch> Fri May 29 16:23:23 2015 us=803830 PLUGIN_CALL: plugin function PLUGIN_DOWN failed with status 1: /usr/lib/openvpn/openvpn-plugin-down-root.so
09:42 <+hyper_ch> Fri May 29 16:23:23 2015 us=803839 ERROR: up/down plugin call failed
09:42 <+hyper_ch> Fri May 29 16:23:23 2015 us=803852 Exiting due to fatal error
09:42 <+hyper_ch> well, 20min ago
09:43 <@dazo> that's too long ago :/
09:43 <+hyper_ch> yes
09:43 <@dazo> can you pastebin the openvpn config
09:44 <+hyper_ch> http://paste.ubuntu.com/11433821/
09:44 <+hyper_ch> pretty simple
09:44 <+hyper_ch> ah... I see the problem ;)
09:45 <@dazo> oh?
09:45 <+hyper_ch> I commented out logging again
09:45 <+hyper_ch> 27/28
09:45 <+hyper_ch> how do I restart it?
09:45 <@dazo> systemctl restart openvpn-client@juslaw
09:46 <@dazo> normally, the logging should then go to syslog, as openvpn is started with --daemon, which adds --syslog
09:46 <+hyper_ch> hasn't changed anything
09:46 <@dazo> hmmm ... do you have selinux, apparmor or anything like that?
09:47 <+hyper_ch> not that I konw of
09:47 <+hyper_ch> I use kubuntu
09:47 <+hyper_ch> no real idea about those things
09:47 <@dazo> do you have a command called 'getenforce' ?
09:48 <+hyper_ch> no selinux-utils not installed
09:48 <+hyper_ch> but I do have apparmor
09:49 <@dazo> okay ... might be apparmor then :/ ... something is restricting the plug-in from communicating with a forked out child
09:49 <+hyper_ch> worked all fine in 14.10
09:49 <+hyper_ch> and now I'm in systemd hell
09:49 <+hyper_ch> with good old upstart/systemvinit I could easily just run a script before shutting down openvpn
09:49 <@dazo> this isn't actually systemd's fault, to be honest
09:50 <@dazo> ahh, like that
09:50 <+hyper_ch> it's systemd's fault for not letting me create a simple Kxx.umount script
09:50 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:50 <@dazo> that is possible with systemd as well .... but let me just dig a little bit around the dependency tree
09:50 <+hyper_ch> I asked in #systemd ... the version I have is too old, otherwise I could add a fstab flag to it
09:51 <@dazo> systemd isn't upstart ... so it's not done the same way ... but it is possible to solve this in a few other different ways
09:51 <+hyper_ch> or I just modify /etc/init.d/openvpn -> stop()
09:51 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
09:51 <+hyper_ch> umount -f /mnt/jus-law
09:52 <@dazo> actually .... that script file isn't used at all with the unit file I gave you ... so just be patient and let me dig a little bit
09:52 <+hyper_ch> well, gotta go to the post office before they close and then home... should be back in about 30min
10:00 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
10:00 -!- wlarip_ [~wlarip@108.61.123.75] has joined #openvpn
10:02 <@dazo> hyper_ch: new unit file for you ... this one should actually do networked file systems after openvpn has started (and hopefully the reverse at shutdown, remote-fs tackled before openvpn is stopped) ... http://fpaste.org/226984/91166814/raw/
10:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
10:16 -!- ivali [valentin@unaffiliated/ivali] has quit [Ping timeout: 276 seconds]
10:30 <+hyper_ch> dazo: back home... it's way too hot to walk outside... but at home I could just stick my head under the cold shower... really refershing
10:30 <@dazo> :)
10:31 <+hyper_ch> ok, added new config
10:31 <@dazo> systemctl daemon-reload ... systemctl enable openvpn-client@juslaw ... and try a reboot and see how it behaves
10:32 <+hyper_ch> systemctl enable openvpn-client@juslaw
10:32 <+hyper_ch> Failed to execute operation: Bad message
10:32 <@dazo> bad message!?
10:33 <+hyper_ch> that's what it says
10:33 <@dazo> systemctl status openvpn-client@juslaw
10:33 <+hyper_ch> btw, openvpn was started through the /etc/init.d/openvpn script at bootup again
10:33 <+hyper_ch> before I run the systemctl daemon-reload I stopped it with   service openvpn stop
10:34 <+hyper_ch> https://paste.debian.net/187396/
10:35 <@dazo> odd
10:36 <+hyper_ch> that's what I think about systemd ;)
10:37 <@dazo> heh ... it's odd when you're not used to it ... but once you get used to it, you don't really want to go back :)
10:37 <@dazo> Can you double check that the unit file is intact with the latest pastebin?
10:37 <+hyper_ch> I can pastebin min
10:37 <+hyper_ch> e
10:38 <+hyper_ch> my mistake :)
10:38 <+hyper_ch> seems I accidentally pressed k before I paste stuff
10:38 <@dazo> ahh, sounds plausible :)
10:38 <+hyper_ch> systemctl enable openvpn-client@juslaw
10:38 <+hyper_ch> Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn-client@juslaw.service to /etc/systemd/system/openvpn-client@.service.
10:38 <@dazo> perfect!
10:39 <+hyper_ch> and now?
10:39 <@dazo> I'd also just move the /etc/init.d/openvpn somewhere else for now ... and see how things behave during a boot
10:39 <@dazo> both boot and shutdown
10:44 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Remote host closed the connection]
10:44 <+hyper_ch> dazo: vpn started ok, mounts are also fine
10:44 <+hyper_ch> now reboot again to see how it behaves on shutdown?
10:45 <@dazo> yeah!
10:49 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
10:49 <+hyper_ch> dazo: no, didn't work
10:50 <@dazo> *grmbl*
10:50 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
10:50 <@dazo> so it killed openvpn before unmounting the remote file systems?
10:50 <+hyper_ch> yes
10:50 <@dazo> maybe that's the version issue #systemd talked about :/
10:50 <+hyper_ch> uploading vid to youtube
10:50 <@dazo> thx!
10:51 <+hyper_ch> can't provide logs since they're tmpfs
10:51 <+hyper_ch> don't need to waste my precious ssd space and writes on logs ;)
10:52 <@dazo> well a simple workaround ... is to add a ExecStop=/usr/local/bin/stop-openvpn  ... and have that stop-openvpn script do the 'umount -t nfs -a' and then a 'kill -INT $(cat /run/openvpn_client_juslaw.pid)' ... or something like that
10:52 <@dazo> :)
10:52 <+hyper_ch> ?
10:53 <@dazo> that ExecStop goes into the unit file
10:53 <+hyper_ch> why not just edit the /etc/init.d/openvpn file?
10:53 <@dazo> you did remove that file from the init.d directory?
10:53 <+hyper_ch> I moved it to /
10:55 <+hyper_ch> that is ok, right?
10:55 <@dazo> okay ... the unit file I've provided you, and which you've used does not care about  /etc/init.d/openvpn ... and using that approach for openvpn isn't really recommended when you can have better control through systemd (better control except when shutting down with remote-fs around)
10:55 <@dazo> moving it to / is fine
10:55 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
10:55 <@dazo> the reason using /etc/init.d/openvpn isn't too good with systemd is that those scripts are run quite late in the boot process, and even earlier at the shutdown process
10:56 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:56 <@dazo> btw .. which systemd version do you run?
10:56 <+hyper_ch> dazo: https://www.youtube.com/watch?v=kdNqcHHshlU&feature=youtu.be
10:56 <+hyper_ch> 219
10:57 <+hyper_ch> but in that openvpn script I can just add:  umount -f /mnt/jus-law
10:57 <+hyper_ch> I fail to see the issue that they run late in the boot process and early in shutdown process
10:59 <@dazo> and that's what I suggested in the workaround ... just doing it the systemd way ... I just suggested 'umount -t nfs -a' instead of a particular directory with --force
11:00 <@dazo> but in addition, that stop script needs to signal openvpn to shutdown afterwards (the 'kill -INT' part)
11:00 -!- wlarip [~wlarip@108.61.123.66] has joined #openvpn
11:00 <+hyper_ch> it's not nfs
11:00 <+hyper_ch> it's cifs
11:00 <@dazo> ahh, that's a minor change :)
11:01 <@dazo> you've enabled more openvpn client configs too?
11:01 <+hyper_ch> what do you mean?
11:01 <@dazo> in your video I think I saw 3-4 openvpn connections being shut down
11:02 <+hyper_ch> yes, there's multiple vpns running
11:02 <+hyper_ch> but only one has mounts
11:02 <@dazo> fair enough ... just curious ... how did you start the other tunnels?
11:02 <+hyper_ch> they get autostarted somehow
11:03 <@dazo> hmm ... that shouldn't have happened, I believe ... uhm ... do a: systemctl status openvpn
11:03 <+hyper_ch> ● openvpn.service - OpenVPN service
11:03 <+hyper_ch>    Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
11:03 <+hyper_ch>    Active: active (exited) since Fre 2015-05-29 17:47:45 CEST; 15min ago
11:03 <+hyper_ch>   Process: 988 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
11:03 <+hyper_ch>  Main PID: 988 (code=exited, status=0/SUCCESS)
11:03 <+hyper_ch>    CGroup: /system.slice/openvpn.service
11:03 <+hyper_ch> Mai 29 17:47:45 subi systemd[1]: Starting OpenVPN service...
11:03 <+hyper_ch> Mai 29 17:47:45 subi systemd[1]: Started OpenVPN service.
11:03 <+hyper_ch> hyper@subi:/etc$
11:04 <@dazo> enabled .... okay, that has probably triggered something ... which may have stopped your config too
11:04 <+hyper_ch> hyper@subi:/etc$ ls -al /etc/init.d/openvpn
11:04 <+hyper_ch> ls: Zugriff auf /etc/init.d/openvpn nicht möglich: Datei oder Verzeichnis nicht gefunden
11:04 <@dazo> too early, that is
11:04 -!- wlarip_ [~wlarip@108.61.123.75] has quit [Ping timeout: 264 seconds]
11:04 <@dazo> just puzzled by  ExecStart=/bin/true
11:05 <@dazo> do a systemctl disable openvpn
11:05 <+hyper_ch> I don't think systemd did start that stuff
11:05 <@dazo> I know systemd did start this unit file (due to "Active: active")
11:05 <+hyper_ch> Removed symlink /etc/systemd/system/multi-user.target.wants/openvpn.service.
11:06 <+hyper_ch> reboot?
11:07 <@dazo> do a systemctl stop openvpn first ... just to be sure it is stopped
11:08 <@dazo> then a reboot
11:08 <+hyper_ch> that stopped all vpns
11:08 <@dazo> including juslaw?
11:08 <+hyper_ch> yes
11:09 <+hyper_ch> https://paste.debian.net/hidden/ec93946c/
11:09 <+hyper_ch> reboot?
11:09 <@dazo> okay ... then that one has been causing issues
11:09 <@dazo> do now: systemctl start openvpn-client@juslaw
11:10 <@dazo> that should start only that single vpn config
11:10 <@dazo> and then you can really tell systemd to ignore the 'openvpn' unit .... systemctl mask openvpn
11:10 <+hyper_ch> no, juslaw not started
11:11 <@dazo> w00t!? ... that's really odd
11:11 <+hyper_ch> we call this "Kubuntu"
11:11 <+hyper_ch> and not "odd"
11:11 <@dazo> heh
11:12 <@dazo> hmm ... I should probably download and test openvpn unit files on kubuntu then ... because it is really behaving odd
11:12 <@dazo> what does systemctl list-units | grep -i openvpn provide?
11:13 <+hyper_ch> systemctl list-units | grep -i openvpn
11:13 <+hyper_ch>   openvpn-client@juslaw.service                                                                                                                                 loaded active running   OpenVPN tunnel for juslaw
11:13 <+hyper_ch> ● openvpn@jus-law.service                                                                                                                                       loaded failed failed    OpenVPN connection to jus-law
11:13 <+hyper_ch>   system-openvpn.slice                                                                                                                                          loaded active active    system-openvpn.slice
11:13 <+hyper_ch>   system-openvpn\x2dclient.slice                                                                                                                                loaded active active    system-openvpn\x2dclient.slice
11:13 <+hyper_ch> https://paste.debian.net/hidden/d47a1aa3/
11:14 <@dazo> when you tried to start openvpn with juslaw ... did you use openvpn@juslaw or openvpn-client@juslaw when using systemctl start ?
11:15 <+hyper_ch> root@subi:~# systemctl start openvpn-client@juslaw
11:15 <@dazo> right ... then do: systemctl disable openvpn@jus-law ; systemctl mask openvpn@jus-law
11:16 <+hyper_ch> Created symlink from /etc/systemd/system/openvpn@jus-law.service to /dev/null.
11:16 <@dazo> (that's the wrong unit file which doesn't consider the remote-fs stuff at all)
11:16 <@dazo> good!
11:16 <@dazo> can you check ifconfig/ip  and see your juslaw tunnel is running or not?
11:17 <+hyper_ch> not running
11:17 <+hyper_ch> shouldn't I try to re-run juslaw first again?
11:17 <@dazo> try to do that
11:18 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:19 <+hyper_ch> systemctl restart yaddayadda
11:19 <+hyper_ch> didn't create a tunnel
11:19 <@dazo> can you check the log files and see what's happening ... oh, and please remote the down-root plugin (you shouldn't need that one if this all works out just fine)
11:19 <+hyper_ch> what do you mean with remote the down-root?
11:20 <@dazo> remove* :)
11:20 <+hyper_ch> last entry in openvpn log is from 15min ago
11:20 <@dazo> that sounds odd ... oh, where is your openvpn binary installed?
11:20 <+hyper_ch> which openvpn
11:21 <+hyper_ch> /usr/sbin/openvpn
11:21 <@dazo> good!
11:21 <@dazo> that's what the unit file uses too
11:21 <+hyper_ch> obviously it's not "good" because then you would know the issue if it was someplace else
11:21 <@dazo> yeah, that's true too :)
11:22 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
11:22 <@dazo> do you run any syslog service?
11:22 <+hyper_ch> yes
11:22 <@dazo> can you double check openvpn log data haven't appeared there somehow?
11:22 <+hyper_ch> root@subi:/etc/openvpn/jus-law# tail /var/log/syslog
11:22 <+hyper_ch> May 29 18:16:07 subi systemd[1]: Reloading.
11:22 <+hyper_ch> May 29 18:16:07 subi systemd[1]: Started CUPS Scheduler.
11:22 <+hyper_ch> May 29 18:17:01 subi CRON[6022]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
11:22 <+hyper_ch> May 29 18:17:45 subi smartd[874]: Device: /dev/sda [SAT], SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 71 to 70
11:22 <+hyper_ch> May 29 18:18:39 subi systemd[1]: Stopping OpenVPN tunnel for juslaw...
11:22 <+hyper_ch> May 29 18:18:39 subi systemd[1]: Starting OpenVPN tunnel for juslaw...
11:22 <+hyper_ch> May 29 18:18:39 subi systemd[1]: Started OpenVPN tunnel for juslaw.
11:22 <+hyper_ch> May 29 18:20:45 subi systemd[1]: Stopping OpenVPN tunnel for juslaw...
11:22 <+hyper_ch> May 29 18:20:45 subi systemd[1]: Starting OpenVPN tunnel for juslaw...
11:22 <+hyper_ch> May 29 18:20:45 subi systemd[1]: Started OpenVPN tunnel for juslaw.
11:23 <@dazo> hmm
11:23 <+hyper_ch> as I said, systemd is overly complicated ;)
11:23 <@dazo> not really ... but something is really messed up on your system ... and I don't understand what or why ...
11:23 <+hyper_ch> nothing is messed up
11:24 <+hyper_ch> I didn't even complile openvpn on my own - unlike I do on debian
11:24 <+hyper_ch> where I then have to edit /etc/init.d/openvpn to use /usr/local/sbin
11:25 <@dazo> well, the openvpn unit file which was originally on your system (in /usr/lib....) was really messed up and not even close to anything I've seen elsewhere
11:25 <+hyper_ch> maybe systemd is too sensitive and notices my negative thoughts towards it?
11:25 <@dazo> heh
11:25 <@dazo> do you have any /run/openvpn_client_* files?
11:25 <@Eugene> I don't have any problems at all with openvpn under systemd
11:25 <@Eugene> I'm sticking with "it hates you"
11:25 <+hyper_ch> dazo: openvpn_client_juslaw.pid
11:26 <+hyper_ch> Eugene: google hates me also :) nothing new there
11:26 <+hyper_ch> and don't even let me start on the man pages....
11:26 <+hyper_ch> maybe I should highlight jonathin riddell
11:26 <@dazo> that file should contain the pid of the openvpn process which should be running ... can you verify that that pid exists in ps or /proc/$PID
11:26 -!- ChrissKO [~ChrissKO@b2b-130-180-99-2.unitymedia.biz] has quit [Ping timeout: 272 seconds]
11:26 <@dazo> ?
11:27 <+hyper_ch> there's also a openvpn folder
11:27 <+hyper_ch> root@subi:/run# cat openvpn
11:27 <+hyper_ch> openvpn/                   openvpn_client_juslaw.pid
11:27 <+hyper_ch> root@subi:/run# cat openvpn_client_juslaw.pid
11:27 <@dazo> okay ... I did a slight modification ... as on RHEL7 /run is on tmpfs
11:27 <+hyper_ch> 6283
11:27 <+hyper_ch> root@subi:/run# ps aux | grep 6283
11:27 <+hyper_ch> root      6283  0.0  0.0  22664  4492 ?        Ss   18:20   0:00 /usr/sbin/openvpn --daemon --writepid /run/openvpn_client_juslaw.pid --cd /etc/openvpn/client --config juslaw.conf
11:27 <+hyper_ch> root      6562  0.0  0.0  11008  2464 pts/6    S+   18:27   0:00 grep --color=auto 6283
11:27 <+hyper_ch> the openvpn folder has a bunch of .status files
11:27 <+hyper_ch> incl. jus-law.status
11:28 <@Eugene> Something something !logs
11:28 <@dazo> okay, those status files are probably something else
11:28 <@Eugene> Also: systemctl status openvpn -l
11:28 <+hyper_ch> cat jus-law.status
11:28 <+hyper_ch> OpenVPN STATISTICS
11:28 <+hyper_ch> Updated,Fri May 29 18:07:49 2015
11:28 <+hyper_ch> TUN/TAP read bytes,6821
11:28 <+hyper_ch> TUN/TAP write bytes,5398
11:28 <+hyper_ch> TCP/UDP read bytes,26360
11:28 <+hyper_ch> TCP/UDP write bytes,28217
11:28 <+hyper_ch> Auth read bytes,7174
11:28 <+hyper_ch> pre-compress bytes,3823
11:28 <+hyper_ch> post-compress bytes,3682
11:28 <+hyper_ch> pre-decompress bytes,1977
11:28 <+hyper_ch> post-decompress bytes,2244
11:28 <+hyper_ch> END
11:28 <+hyper_ch> systemctl status openvpn -l
11:28 <+hyper_ch> ● openvpn.service - OpenVPN service
11:28 <+hyper_ch>    Loaded: loaded (/lib/systemd/system/openvpn.service; disabled; vendor preset: enabled)
11:28 <+hyper_ch>    Active: inactive (dead)
11:28 <+hyper_ch> Mai 29 17:47:45 subi systemd[1]: Starting OpenVPN service...
11:28 <+hyper_ch> Mai 29 17:47:45 subi systemd[1]: Started OpenVPN service.
11:28 <+hyper_ch> Mai 29 18:07:55 subi systemd[1]: Stopped OpenVPN service.
11:28 <+hyper_ch> Mai 29 18:07:55 subi systemd[1]: Stopping OpenVPN service...
11:28 <@dazo> jus-law is anyway wrong ... as we're now using juslaw ... so it's an old thing
11:29 <+hyper_ch> purge and reinstall openvpn?
11:29 <@dazo> Eugene: I've installed a new openvpn-client@.service file on his box ... which should be more clever ... but it starts but doesn't log
11:29 <@Eugene> Oh, you've broken it
11:29  * Eugene wanders away
11:29 <@dazo> hyper_ch: nah ...
11:29 <@dazo> Eugene: heh
11:29 <+hyper_ch> it was already broken....
11:29 <+hyper_ch> dazo just broke it more ;)
11:30 <@Eugene> I'm just holding you guys to the same support standards I do real users
11:30 <@dazo> hyper_ch: in the /etc/systemd/system/openvpn-client@.service .... comment out the CapabilityBoundingSet= line with a hash
11:30 <@dazo> and do the systemctl daemon-reload stuff again
11:30 <+hyper_ch> I still have the openvpn@jus-law.service file there as well... can I remove it?
11:31 <@dazo> yeah, do that
11:31 <@dazo> that might actually have caused some issue
11:31 <@dazo> Eugene: fair enough :)  But as I'm trying to improve the whole systemd support in openvpn ... so this helps understanding how other distros are broken :-p
11:32 <+hyper_ch> https://paste.debian.net/187466/
11:32 <@dazo> hyper_ch: do you still have the log entry enabled in /etc/openvpn/client/juslaw.conf ?
11:33 <+hyper_ch> yes
11:33 <@dazo> and that log files have not been updated?
11:33 -!- ChrissKO [~ChrissKO@b2b-130-180-99-2.unitymedia.biz] has joined #openvpn
11:33 <+hyper_ch> https://paste.debian.net/187467/
11:34 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
11:34 <+hyper_ch> wtf
11:34 <@dazo> !?
11:35 <+hyper_ch> I think I symlinked to the wrong config file
11:36 <@dazo> heh .. that can explain a few things why the tunnel didn't start
11:36  * dazo brb
11:38 <+hyper_ch> https://paste.debian.net/187469/
11:41 -!- r8b7xy_ [~weechat@104.238.169.7] has joined #openvpn
11:41 <@dazo> hyper_ch: what does 'systemctl status openvpn-client@juslaw' say?
11:42 <+hyper_ch> systemctl status openvpn-client@juslaw
11:42 <+hyper_ch> ● openvpn-client@juslaw.service - OpenVPN tunnel for juslaw
11:42 <+hyper_ch>    Loaded: loaded (/etc/systemd/system/openvpn-client@.service; enabled; vendor preset: enabled)
11:42 <+hyper_ch>    Active: failed (Result: exit-code) since Fre 2015-05-29 18:37:09 CEST; 5min ago
11:42 <+hyper_ch>      Docs: man:openvpn(8)
11:42 <+hyper_ch>            https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
11:42 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
11:42 <+hyper_ch>            https://community.openvpn.net/openvpn/wiki/HOWTO
11:42 <+hyper_ch>   Process: 7191 ExecStart=/usr/sbin/openvpn --daemon --writepid /run/openvpn_client_%i.pid --cd /etc/openvpn/client --config %i.conf (code=exited, status=1/FAILURE)
11:42 <+hyper_ch>  Main PID: 6827 (code=exited, status=0/SUCCESS)
11:42 <@vpnHelper> Title: HOWTO – OpenVPN Community (at community.openvpn.net)
11:42 <+hyper_ch> Mai 29 18:37:09 subi systemd[1]: Starting OpenVPN tunnel for juslaw...
11:42 <+hyper_ch> Mai 29 18:37:09 subi systemd[1]: openvpn-client@juslaw.service: control process exited, code=exited status=1
11:42 <+hyper_ch> Mai 29 18:37:09 subi systemd[1]: Failed to start OpenVPN tunnel for juslaw.
11:42 <+hyper_ch> Mai 29 18:37:09 subi systemd[1]: Unit openvpn-client@juslaw.service entered failed state.
11:42 <+hyper_ch> Mai 29 18:37:09 subi systemd[1]: openvpn-client@juslaw.service failed.
11:42 <+hyper_ch> root@subi:/etc/openvpn/client#
11:43 <@dazo> so openvpn died ... anything in the openvpn log file now?
11:43 <+hyper_ch> Fri May 29 18:07:55 2015 us=646181 /sbin/ip addr del dev jus-law 10.10.11.100/24
11:43 <+hyper_ch> DOWN-ROOT: Error sending script execution signal to background process
11:43 <+hyper_ch> Fri May 29 18:07:55 2015 us=677158 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-plugin-down-root.so/PLUGIN_DOWN status=1
11:43 <+hyper_ch> Fri May 29 18:07:55 2015 us=677184 PLUGIN_CALL: plugin function PLUGIN_DOWN failed with status 1: /usr/lib/openvpn/openvpn-plugin-down-root.so
11:43 <+hyper_ch> Fri May 29 18:07:55 2015 us=677195 ERROR: up/down plugin call failed
11:43 <+hyper_ch> Fri May 29 18:07:55 2015 us=677203 Exiting due to fatal error
11:43 <+hyper_ch> but that was half an hour ago
11:44 <@dazo> you have some mess with some your config files now .... I'm getting confused which is what
11:44 <+hyper_ch> bevcause you made me alter everything
11:45 <@dazo> can you pastebin the config file in /etc/openvpn/client again ... to see that it's the correct config?
11:45 <+hyper_ch> now it works
11:45 <@dazo> what works?
11:45 <+hyper_ch> I needed to give absolute path to the certs
11:45 <@dazo> ahh
11:45 <+hyper_ch> because I hvae multiple folders in /etc/openvpn/
11:45 <+hyper_ch> and this far I just symlinked the active ones into /etc/openvpn/some_client.conf
11:45 <@dazo> and the tunnel is up an running?
11:46 <+hyper_ch> it is
11:46 <@dazo> good!
11:46 <+hyper_ch> and mount also fine
11:46 <@dazo> perfect!
11:46 <+hyper_ch> reboot?
11:46 <@dazo> can you try a reboot now and see how it explodes?
11:46 <@dazo> yeah :)
11:51 <+hyper_ch> dazo: still same issue on shutdown
11:51 <+hyper_ch> only jus-law was established on reboot
11:51 <@dazo> perfect ... now we're getting in control :)
11:52 <@dazo> okay ... in the openvpn-client@.service file ... add this line: ExecStop=/usr/local/sbin/stop-openvpn %i
11:52 -!- r8b7xy_ [~weechat@104.238.169.7] has quit [Quit: WeeChat 1.2]
11:52 <@dazo> and then store this script as /usr/local/sbin/stop-openvpn ... http://fpaste.org/227013/15610143/raw/
11:53 <+hyper_ch> where to add this?
11:53 <@dazo> to /usr/local/sbin/stop-openvpn
11:53 <+hyper_ch> no, ExecStop=/usr/local/sbin/stop-openvpn %i  -->  where to add in the file?
11:53 <@dazo> the ExecStop= line goes after the ExecStart= line
11:53 <+hyper_ch> there are three sections
11:53 <@dazo> right ... sorry, forgot about those details
11:54 <+hyper_ch> uncomment the capabilitybounding again?
11:54 <@dazo> yeah, you can try to enable that one too
11:54 <@dazo> (that's actually a security hardening, limiting what the openvpn process can do)
11:55 -!- r8b7xy [~weechat@104.238.169.7] has joined #openvpn
11:55 <+hyper_ch> why umount -t cifs -a ?
11:55 <@dazo> remember to chmod +x on the stop-openvpn file
11:55 <+hyper_ch> done
11:55 <@dazo> it just takes all your cifs file systems ... but you may just do that single one you care about
11:56 <@dazo> (then without the -t cifs)
11:56 <+hyper_ch> ok, altered that to my liking
11:56 <@dazo> :)
11:56 <+hyper_ch> restart openvpn sysctl service thingy?
11:56 <+hyper_ch> or reload daemon?
11:57 <@dazo> you need to reload the daemon first (the unit file has changed)
11:57 <@dazo> and then you can try to stop the openvpn service and see that the cifs mount is umounted
11:58 <+hyper_ch> it hangs somewhere
11:58 <+hyper_ch> I guess it didn't umount it
11:58 <+hyper_ch> well, the df -h hangs
11:58 <@dazo> cat /proc/mounts ... do you see something there?
11:59 <+hyper_ch> it's still there
11:59 <@dazo> okay, then it wasn't unmounted
11:59 <+hyper_ch> I used again   umount -f /mnt/jus-law
11:59 <+hyper_ch> in that stop file thingy
11:59 <@dazo> have a look at journal -b -u openvpn-client@juslaw
12:00 <@dazo> see if there are some errors from the script
12:00 <+hyper_ch> no journal command
12:00 <@dazo> journalctl
12:00 <@dazo> *grmbl*
12:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
12:00 <+hyper_ch> Mai 29 18:58:04 subi systemd[3785]: Failed at step EXEC spawning /usr/local/sbin/stop-openvpn: Exec format error
12:00 <@dazo> tab-completion for command line doesn't work in hexchat :-p
12:00 <@dazo> ouch
12:01 <@dazo> duh!
12:01 <+hyper_ch> I made indents in the if clause
12:01 <@dazo> first line .... is #/bin/sh .... should be:    #!/bin/sh
12:01 <+hyper_ch> lol
12:01 <+hyper_ch> in #bash they say to use  #!/usr/bin/env bash  ;)
12:02 <@dazo> I didn't know if you had bash ... so I aimed for pure old sh which most have :)
12:02 <+hyper_ch> I only use bash
12:02 <+hyper_ch> I thought you went for sh because it's faster since on a lot of systems it's linked to dash
12:02 <@dazo> nah, just playing safe as I don't know kubuntu :)
12:03 <@dazo> can you retry to start and stop the tunnel again now?
12:04 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
12:04 -!- wlarip [~wlarip@108.61.123.66] has quit [Ping timeout: 272 seconds]
12:06 <+hyper_ch> had to reboot again
12:06 <+hyper_ch> btw, you use kde?
12:06 <@dazo> nope, gnome 3
12:06 <+hyper_ch> bad luck for you :)
12:07 <+hyper_ch> I wrote in bash a bunch of helper scripts to work with pdfs
12:07 <+hyper_ch> and added them as context menu in dolphin
12:07 <+hyper_ch> but still no luck
12:08 <@dazo> I'm actually quite happy with RHEL7 and gnome 3 ... it stays out of my way and works fairly decently these days
12:08 <@dazo> (I've tweaked gnome 3 though, to make it behave more like I like it .... but that's just a handful of extensions)
12:09 <+hyper_ch> Mai 29 19:07:37 subi stop-openvpn[3473]: umount: /mnt/jus-law: must be superuser to unmount
12:09 <@dazo> right ... so it's not running as root ...
12:09 <+hyper_ch> https://github.com/sjau/pdfForts/blob/master/servicemenu.png
12:09 <@dazo> that's interesting
12:09 <@vpnHelper> Title: pdfForts/servicemenu.png at master · sjau/pdfForts · GitHub (at github.com)
12:09 <+hyper_ch> that's why to use down-root :)
12:10 -!- TyrfingMjolnir [~Tyrfing@195.159.47.222] has joined #openvpn
12:10 <@dazo> hmm ... wondering if this is the CapabilityBoundingSet ... or some other stuff
12:10 <+hyper_ch> disabling that again?
12:10 <@dazo> can you add loggin of the output of 'id' ?
12:10 <@dazo> to the stop script
12:11 <+hyper_ch> I tend to think I'm capable of that
12:11 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
12:11 <@dazo> the proper way to do root stuff from such a script is probably using polkit and pkexec .... but that can be annoying to set up properly ... so thinking some sudo rules may be the solution
12:11 <@dazo> :)
12:12 <@dazo> But I honestly thought that systemd would run ExecStop as root
12:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
12:16 <+hyper_ch> wtf
12:16 <+hyper_ch> http://paste.ubuntu.com/11436111/
12:16 <+hyper_ch> but it does not produce that text file
12:18 <+hyper_ch>  stop-openvpn[4310]: umount: /mnt/jus-law: must be superuser to unmount
12:18 <+hyper_ch> http://paste.ubuntu.com/11436128/
12:19 <+hyper_ch> http://paste.ubuntu.com/11436132/
12:19 <+hyper_ch> why won't it create the textfile
12:19 <@dazo> hyper_ch: try such an approach ... or just remove the redirection all together, systemd may pick it up in the journal
12:19 <+hyper_ch> what approach?
12:20 <+hyper_ch> in the journal is just usuperuser must umount
12:21 <@dazo> just run 'id' and 'whoami' without pushing it into a file ... the journal should then capture the output
12:21 <+hyper_ch> ok
12:22 <@dazo> (hopefully it does that :))
12:23 <+hyper_ch> https://paste.debian.net/187501/
12:23 <+hyper_ch> it's root
12:23 -!- TyrfingMjolnir [~Tyrfing@195.159.47.222] has quit [Ping timeout: 240 seconds]
12:25 <@dazo> it is ... so there are some capabilities ... try to comment out that line with capabilities and then do the daemon-reload thingy
12:25 <@dazo> some issues with capabilities, I meant
12:26 <+hyper_ch> now it works
12:27 <@dazo> \o/
12:27 <+hyper_ch> let's reboot
12:27 <+hyper_ch> well, reboot twice
12:27 <@dazo> the capabilities are set before openvpn is started, so it actually makes sense
12:27 <@dazo> goodie!
12:30 <+hyper_ch> there were still issues at boot down
12:30 <+hyper_ch> just rebooted, trying again
12:34 <+hyper_ch> that was weird
12:34 <+hyper_ch> it did umount as it should I think
12:34 <+hyper_ch> but it didn't turn itself off
12:34 <+hyper_ch> I had said to shut down
12:35 <@dazo> that's something completely else ... as long as the cifs mount was unmounted and the openvpn process had stopped
12:35 <@dazo> you can test this more carefully by using 'systemctl stop openvpn-client@....' ... to see if it really stops
12:35 <@dazo> might be the -INT needs to be -TERM
12:36 <@dazo> and you might need a sleep or some kind of check to see if openvpn really dies
12:36  * dazo need to grab some food now
12:38 <+hyper_ch> dazo: no, it didn't work
12:43 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 265 seconds]
12:45 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
12:47 -!- r8b7xy [~weechat@104.238.169.7] has quit [Quit: WeeChat 1.2]
12:51 -!- r8b7xy [~weechat@104.238.169.7] has joined #openvpn
12:52 -!- r8b7xy_ [~weechat@104.238.169.125] has joined #openvpn
12:53 -!- TyrfingMjolnir [~Tyrfing@195.159.47.222] has joined #openvpn
12:56 -!- r8b7xy [~weechat@104.238.169.7] has quit [Ping timeout: 256 seconds]
13:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
13:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
13:08 <+hyper_ch> dazo: hmmm, really strange
13:13 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 250 seconds]
13:18 <+hyper_ch> dazo: weird... when I say poweroff it quickly seems to work everything except, the notebook doesn't power off but gets stuck here:  http://images.sjau.ch/img/751a7eff.jpg
13:18 <+hyper_ch> and when I say reboot, well, the usual thing happens
13:18 <+hyper_ch> and when start/stopping from the cli, the cifs drive gets properly umounted
13:19 <@dazo> okay, and that didn't happen before?  Or did this begin to happen after you started to play with openvpn ?
13:21 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
13:21 <+hyper_ch> dazo: https://youtu.be/nESwV5Sp6dA
13:21 <+hyper_ch> dazo: before all was fine
13:21 <+hyper_ch> it just took a while but then got powered off
13:22 <@dazo> can you try to remove the "Before=" line in the unit file, reload the daemon and see if that changes anything?
13:24 <+hyper_ch> trying to reboot first
13:25 -!- r8b7xy_ [~weechat@104.238.169.125] has quit [Ping timeout: 272 seconds]
13:25 <@dazo> Also see this one for some hints on how to debug shutdown issues (a bit down on the page)  https://wiki.freedesktop.org/www/Software/systemd/Debugging/
13:25 <@vpnHelper> Title: Debugging (at wiki.freedesktop.org)
13:33 <+hyper_ch> dazo: well, reboot still has that umount issue
13:33 <+hyper_ch> dazo: and poweroff has that umount issue again, but then it powers off
13:34 <@dazo> that is just insane ... but it might be because systemd actually shutsdown network before openvpn ... but I still don't understand why the shutdown order is so messed up
13:34 <+hyper_ch> it works fine when I do stop the vpn in the cli
13:35 <+hyper_ch> and I need to get the other vpns running again also
13:40 -!- r8b7xy_ [~weechat@104.238.169.119] has joined #openvpn
13:45 <@dazo> hyper_ch: for the other VPN tunnels ... copy the config files into /etc/openvpn/client ... and use the same syntax, just replace juslaw with the other config names
13:47 -!- TyrfingMjolnir [~Tyrfing@195.159.47.222] has quit [Quit: Searching for Waimea]
13:52 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has quit [Ping timeout: 240 seconds]
13:54 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 240 seconds]
13:55 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
13:55 <+hyper_ch> dazo: for other videos, I just need to copy the config files in there? not doign anything else?
13:57 <@dazo> hyper_ch: that's right ... if you look at the unit file, you see %i and %I ... that's the value which is given after the openvpn-client@ .... so openvpn-client@XYZ will put XYZ into %i/%I
13:58 <@dazo> well, you do need to use systemctl start openvpn-client@CONFIGNAME ... to start them ... or use systemctl enable openvpn-client@CONFIGNAME to start it automatically during boot
13:59 <+hyper_ch> before it was all automatic when you just added a new config file
13:59 <+hyper_ch> so much more work involved now ;)
13:59 <@dazo> right, and with systemd you get more fine grained control ;-)
14:00 <+hyper_ch> fine grained control isn't everything
14:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:00 <@dazo> the true advantage comes if you use syslog logging in openvpn, and journald can pick up the log data ... then you can do: journalctl -b -u openvpn-client@juslaw ... and you only get log data for that particular config .... and since I added -b, it is only log data since the last boot
14:01 <+hyper_ch> I fail to see what that's an adavantage
14:01 <+hyper_ch> before I just have in the config a seperate log file
14:01 <+hyper_ch> if I want a log
14:02 <@dazo> true ... but journald takes care of log rotation automatically, highlights error messages ... and you can also use --since and --until to restrict the log data further ...
14:03 <+hyper_ch> no more replies in #systemd
14:03 <@dazo> the advantage comes in that you don't need to explicit configure this ... it's "by default"
14:04 <@dazo> well, irc isn't instant answer ;-)
14:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 252 seconds]
14:05 <+hyper_ch> but semi instant
14:05 <+hyper_ch> and what's odd about the kill line?
14:06 <+hyper_ch> I removed quotes there
14:06 <+hyper_ch> but the script runs fine when using systemctl stop openvpn-client thingy
14:06 <@dazo> but does openvpn truly stop?
14:07 <@dazo> (have you double checked that the openvpn process really dies?)
14:08 <+hyper_ch> well, the execstop thing is disabled anyway now
14:08 <@dazo> yeah, but if you want to try that approach once again ... double check that
14:08 <+hyper_ch> waiting for timeout
14:10 <+hyper_ch> I hate the current state of Kubuntu
14:10 <@dazo> I can recommend RHEL7 or ScientificLinux 7 ;-)
14:11 <+hyper_ch> nah
14:11 <+hyper_ch> well, ubuntu (and debian) have issues with raid or rather when /boot is also raid
14:11 <+hyper_ch> giving some diskfilter error and causeing a 15 seconds or something timeout
14:12 <+hyper_ch> tehn since 15.04 I can't enter the lukspassword anymore from my external usb keyboard at home... the one at work works....
14:12 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has joined #openvpn
14:12 <+hyper_ch> then it takes like forever to load plasma when 2x 24" external screens are attached
14:12 <+hyper_ch> if it's just notebook display it's like instant... but with external screens you want another 10-15 second
14:12 <+hyper_ch> s
14:12 <+hyper_ch> now all that systemd thingy
14:13 <+hyper_ch> (and nother 19 open bug reports that I have on kubuntu)
14:14 <@dazo> for the usb keyboard thing ... I've had that one myself ... you most likely need to add the usb keyboard driver into a config in /etc/dracut.conf.d ... add a add_drivers+="$DRIVER_NAME" .... for me that was the hid_lenovo_tpkbd driver
14:14 <+hyper_ch> they're both logitech keyboards.... one at work works... one at home doesn't.....
14:14 <+hyper_ch> wouldn't even know which driver to add
14:14 <@dazo> yeah, and it might be driver related ... I'm pretty sure of that
14:15 -!- jthunder [~jthunder@208.93.129.90] has joined #openvpn
14:15 <+hyper_ch> rebooting again
14:16 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has quit [Excess Flood]
14:18 <+hyper_ch> got my vpns back but still the same issue with reboot
14:19 <@dazo> that is more or less a systemd issue right now ... so need to try to understand that better ... I'd seek help on #systemd for that, as they can provide more help how to debug that issue
14:21 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has joined #openvpn
14:23 <+hyper_ch> dazo: also, the umount of vpned shares should happen automagically
14:23 <+hyper_ch> IMHO
14:23 -!- jthunder [~jthunder@208.93.129.90] has quit [Quit: jthunder]
14:24 <@dazo> it should!  That's why #systemd needs to be involved ... so they can help figure out why the Before=remote-fs.target doesn't work ... because that is what that line is supposed to do
14:24 <@dazo> (which grawity confirmed)
14:25 <+hyper_ch> my bank account should also have like 6-7 more zeros before the decimal point ;)
14:27 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 246 seconds]
14:27 <+hyper_ch> the word "should" is really evil
14:28 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
14:29 <@dazo> anyhow ... a quick systemd crash course ... https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units
14:29 <@vpnHelper> Title: How To Use Systemctl to Manage Systemd Services and Units | DigitalOcean (at www.digitalocean.com)
14:30 <+hyper_ch> I just wonder when they really start forking linux and not just joking about it ;)
14:30 <+hyper_ch> thx though
14:32 <@Eugene> hyper_ch - 00000000.50 is still $0.50
14:32 <@dazo> hahaha
14:32  * Eugene badum-tish
14:32 <+hyper_ch> ;)
14:32 <+hyper_ch> but 50 cents has a really big bank account ;)
14:33 <+hyper_ch> 50 Cent's Net Worth: $140 Million in 2014
14:33  * dazo need to head home .... c'ya next week
14:33 <+hyper_ch> you won't be online during the whole weekend? oO
14:35 <@dazo> I probably will, but not available on irc ;-)
14:37 -!- dazo is now known as dazo_afk
14:53 -!- wlarip_ is now known as wlarip
14:57 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
15:04 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
15:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
15:04 -!- jthunder [~jthunder@ip68-110-126-89.ph.ph.cox.net] has joined #openvpn
15:11 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-ghyeqgcmszkvesak] has joined #openvpn
15:11 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 272 seconds]
15:11 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:13 < NetworkingPro> Hey everyone. I have somewhat inherited an OpenVPN project and am a little stuck. We have clients that are trying to connect via a remote config file/certificate combo. The server is failing to accept their incoming attempts to connect, and is throwing this error in the servers logs: Fri May 29 15:12:07 2015 us=812205 client/164.222.21.251:48694
15:13 < NetworkingPro> Authenticate/Decrypt packet error: cipher final failed
15:13 < NetworkingPro> anyone have any ideas on where to start with this?
15:15 <+esde> !logs
15:15 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:15 <+esde> !configs
15:15 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:15 <+esde> !pastebin
15:15 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
15:16 < NetworkingPro> thx esde  1 sec
15:16 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
15:21 < NetworkingPro> esde: http://2048-bit.com/?27d52e66a1d0b387#yqmxt3q3jJP1uWLeNYGfw/qL6spn77a43xxDp2njsvU=
15:21 <@vpnHelper> Title: 2048-Bit.com (at 2048-bit.com)
15:21 < NetworkingPro> Linux VPNV04 3.13.0-45-generic #74-Ubuntu SMP Tue Jan 13 19:36:28 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
15:22 < NetworkingPro> OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
15:23 < NetworkingPro> let me send the client config file/
15:24 <+esde> You provided one config, apparently the server config. You redacted information from your logs. However, even with only the one config, and the redacted logs, it seems like the issue is that your client config (assuming since I don't have the client config) has BF-CBC defined as its cipher. Since there is no cipher BF-CBC setting in the conf on the server side, you're getting a cipher error.
15:24 <+esde> Either remove the BF-CBC directive from the client config or add it to your server config. Then restart openvpn on the server and attempt to connect again.
15:28 < NetworkingPro> esde: http://2048-bit.com/?743e4c3e04331736#WfEh9Cyv4cqzabvftcx+I0UtiY5LiPJp6HRI9YwQxqc=
15:28 <@vpnHelper> Title: 2048-Bit.com (at 2048-bit.com)
15:28 < NetworkingPro> Theres the client and server..  let me look at client config real quick.
15:28 <+esde> Why do you have tap0 defined on the server and tun defined on the client?
15:28 <+esde> !tunortap
15:28 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
15:28 <@vpnHelper> rooted/jailbroken) support only tun
15:29 <+esde> "WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher [null-cipher]'"
15:29 <+esde> I doubt the config you provided is the one your client is using, according to the segment of the log above
15:29 < NetworkingPro> would the mismatch of the tun/tap cause that?
15:29 <+esde> Hard to tell as I've never mismatched my configs in that manner
15:30 < NetworkingPro> i cont see a cypher defined in either, you?  Ill try changing the mode first.
15:31 < NetworkingPro> *dont
15:31 <+esde> Perhaps your client is defaulting to BF-CBC for some reason when cipher is absent. Try uncommenting cipher and leaving it as just 'cipher'
15:31 <+esde> Hopefully the config will be read as cipher (none)
15:32 <+esde> But yes, matching the device (tun or tap) in each config will also be helpful.
15:34 < NetworkingPro> esde: part of my issue is that the client device is an embedded platform, that I dont have access to modify. For the sake of testing I could put the server in tun mode and do cipher BF-CBC?
15:34 <+esde> ah, try cipher none
15:34 <+esde> whichever
15:34 <+esde> they must match
15:34 < NetworkingPro> i didnt even see the mismatch in types... feel like a d-bag.
15:34 < NetworkingPro> sorry man
15:34 -!- jthunder [~jthunder@ip68-110-126-89.ph.ph.cox.net] has quit [Quit: jthunder]
15:35 -!- troyt [~troyt@2601:7:6200:69e1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 256 seconds]
15:35 <+esde> Do whatever you'd like. If it were me, I'd change what I could control to the best of my ability and hope for the best.
15:35 < NetworkingPro> so in the server.conf change dev tap0 to dev tun0?
15:35 <+esde> I can't tell you that.
15:35 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-65-104-122.hsd1.la.comcast.net] has joined #openvpn
15:35 <+esde> !ifconfig-linux
15:35 <@vpnHelper> "ifconfig-linux" is Avoid use of 'ifconfig' and 'route' commands on modern Linux distros. It's old, deprecated, and often misleading/wrong. Use the 'ip a' and 'ip r' commands instead. More info: http://inai.de/2008/0219-ifconfig-sucks.php
15:35 <+esde> try ip a to see all the available interfaces
15:37 <+esde> if your interface is tun0, you'll want tun
15:37 <+esde> if it's tap0, you'll want tap.
15:38 < NetworkingPro> yea its tap0
15:38 < NetworkingPro> well this sucks...
15:38 < NetworkingPro> this conundrum
15:38 <+esde> then tap is what your device is.
15:40 <+esde> Try adding cipher BF-CBC to your server config and restart the service, that may work. But mismatched dev directives is a bad time AFAIK
15:42 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
15:42 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:45 < NetworkingPro> esde: so, im sure you hear this all the time...
15:45 < NetworkingPro> you're right im wrong...
15:45 < NetworkingPro> the directives do match client and server
15:45 < NetworkingPro> i got in a hurry and sent you a basic sample config.
15:45 < NetworkingPro> sorry
15:46 < NetworkingPro> so they are both tap
15:46 < NetworkingPro> the only thing i see is
15:46 < NetworkingPro> # Select a cryptographic cipher.
15:46 < NetworkingPro> # If the cipher option is used on the server
15:46 < NetworkingPro> # then you must also specify it here.
15:46 < NetworkingPro> ;cipher x
15:46 < NetworkingPro> so im guessing the lack of directive for cipher is causing it to try BF-CBC
15:46 <+esde> right
15:47 <+esde> so override the default by setting 'cipher none' like i mentioned ealier
15:47 <+esde> *earlier
15:47 <+esde> or by matching the cipher at the server
15:47 < NetworkingPro> esde: I cant on the client, its an embedded (Firmware based) device.   On the server, is it a matter of adding "cipher BF-CBC" to a line in the config?
15:47 < NetworkingPro> seems too easy.  :)
15:48 <+esde> then restart openvpn
15:49 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:50 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
15:52 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 258 seconds]
15:55 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 244 seconds]
15:55 < NetworkingPro> esde: http://2048-bit.com/?cd3791ff8eff4a98#nhXqd//WEquCHDUl+ZVnBm5rlzXjeWROE9VOf/VbqVw=
15:55 <@vpnHelper> Title: 2048-Bit.com (at 2048-bit.com)
15:55 < NetworkingPro> so that directive for cipher looks right?
15:56 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
15:56 <+esde> Yes
15:57 < NetworkingPro> http://2048-bit.com/?3cfbf3c996817bcb#83E7rkPhf5AVTNHoWkfkpWdnSw8Sk4XeGeMXAReR1bc=
15:57 <@vpnHelper> Title: 2048-Bit.com (at 2048-bit.com)
15:57 < NetworkingPro> theres the correct client config, right off the device.
15:57 <+esde> ok?
15:57 < NetworkingPro> Adding the cipher to the server didnt seem to change anything...
15:57 < NetworkingPro> I dont see anything else that could be wrong or mismatched, you?
15:57 <+esde> and you restarted openvpn?
15:58 < NetworkingPro> yea
15:58 <+esde> I might be missing something through all the commenting in the client config
15:58 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
15:58 <+esde> but i've got to run in the next three minutes, anyway
15:58 < NetworkingPro> also, i noticed that ; and # are used
15:58 < NetworkingPro> are they both valid comments?
15:59 <+esde> !configs
15:59 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:59 <+esde> >with comments removed
16:00 <+esde> anywho, gotta run!
16:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
16:02 < NetworkingPro> thanks esde
16:02 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
16:12 -!- valentin- [valentin@unaffiliated/ivali] has joined #openvpn
16:29 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
16:29 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has joined #openvpn
16:57 -!- janicez [janicez@depressed.and.lonely.mycafe.ga] has joined #openvpn
16:57 < janicez> Hi
16:59 < janicez> !welcome
16:59 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:59 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:59 < janicez> !goal
16:59 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
17:00 < janicez> !ask
17:00 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
17:00 < janicez> -.-
17:00 < janicez> So, uh
17:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:00 < janicez> I have no idea how I set up OpenVPN a long long time back to let a client have a full /64
17:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
17:16 < janicez> Anyone?
17:19 <@krzee> im not sure how you did either
17:19 <@krzee> but assuming there was a question in there
17:19 <@krzee> !ipv6
17:19 <@vpnHelper> "ipv6" is (#1) The wiki has IPv6 details: https://community.openvpn.net/openvpn/wiki/IPv6 or (#2) The manpage contains info about IPv6 features present in 2.3+: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ
17:24 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has quit [Quit: Searching for Waimea]
17:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c57a:5dff:75d9:908f] has joined #openvpn
17:35 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has joined #openvpn
18:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c57a:5dff:75d9:908f] has quit [Remote host closed the connection]
18:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
18:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:24 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-65-104-122.hsd1.la.comcast.net] has quit [Ping timeout: 255 seconds]
18:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
18:53 < janicez> krzee: there certainly was.
18:54 <+esde> [05 29/18:16:31] <janicez> Anyone?
18:54 <+esde> he is right krzee
18:54 < janicez> esde: LOL
18:54 < janicez> ...
18:54 -!- janicez [janicez@depressed.and.lonely.mycafe.ga] has left #openvpn ["WeeChat 1.1.1"]
19:00 -!- wlarip_ [~wlarip@108.61.123.87] has joined #openvpn
19:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
19:18 <@Eugene> !ask
19:18 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
19:19 <@Eugene> Ooooh, he's getting snarkier. I like.
19:23 <+esde> vpnHelper++
20:00 -!- wlarip [~wlarip@108.61.123.87] has joined #openvpn
20:04 -!- wlarip_ [~wlarip@108.61.123.87] has quit [Ping timeout: 240 seconds]
20:15 -!- Cultist [~CultOfThe@cpe-76-177-240-182.natcky.res.rr.com] has joined #openvpn
20:19 -!- Cultist [~CultOfThe@cpe-76-177-240-182.natcky.res.rr.com] has quit [Client Quit]
20:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:25 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 255 seconds]
20:33 -!- sl01 [~sl01@li431-44.members.linode.com] has quit [Ping timeout: 245 seconds]
20:33 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 265 seconds]
20:34 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 265 seconds]
20:35 -!- phantomcircuit [~phantomci@66.175.221.254] has quit [Ping timeout: 276 seconds]
20:41 -!- Gunni [~gunni@kjarni/gunni] has joined #openvpn
20:42 < Gunni> is it possible to tunnel ipv6 only over an openvpn connection (which would go over an ipv4 connection)?
20:53 -!- hays_ [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
21:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
21:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
21:03 -!- zheng [~zheng@180.157.6.38] has joined #openvpn
21:04 -!- wlarip [~wlarip@108.61.123.87] has quit [Ping timeout: 250 seconds]
21:16 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
22:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:01 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:489e:1a53:f102:9681] has joined #openvpn
22:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
22:13 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
22:18 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
22:36 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
23:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:03 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
23:03 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
23:04 -!- badon_ is now known as badon
23:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
23:06 -!- showaz [~showaz@unaffiliated/showaz] has quit []
23:12 -!- zheng [~zheng@180.157.6.38] has quit [Ping timeout: 246 seconds]
23:16 -!- zheng [~zheng@180.157.6.38] has joined #openvpn
23:23 -!- ShadniX [dagger@p5481D8C3.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:23 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:489e:1a53:f102:9681] has quit [Remote host closed the connection]
23:24 -!- ShadniX_ [dagger@p5DDFFA08.dip0.t-ipconnect.de] has joined #openvpn
23:24 -!- ShadniX_ is now known as ShadniX
--- Day changed Sat May 30 2015
00:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
00:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 252 seconds]
00:12 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
00:28 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f4c5:2e04:dc13:517d] has joined #openvpn
00:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f4c5:2e04:dc13:517d] has quit [Ping timeout: 265 seconds]
01:00 -!- wlarip_ [~wlarip@108.61.123.66] has joined #openvpn
01:03 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
01:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
01:07 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:12 -!- zheng [~zheng@180.157.6.38] has quit [Quit: Leaving]
01:19 -!- tjt263 [~tjt263@114-30-113-125.ip.adam.com.au] has joined #openvpn
01:37 -!- OG_s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
01:37 -!- s7eele [~AndChat52@208.167.254.206] has quit [Ping timeout: 244 seconds]
01:37 -!- OG_s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Client Quit]
01:37 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
01:41 -!- Eugene [~eugene@jack.kashpureff.org] has joined #openvpn
01:43 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
01:44 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
02:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
02:04 -!- wlarip_ [~wlarip@108.61.123.66] has quit [Ping timeout: 244 seconds]
02:32 -!- KNERD [~KNERD@198.12.96.132] has quit [Ping timeout: 245 seconds]
02:37 <+hyper_ch> dazo_afk: hmmm, wouldn't it be wise to have a folder in /etc/openvpn/autostart and all configs in there will get auto-started?
02:37 <+hyper_ch> or autoclient
02:51 -!- syedomar [~so@175.136.90.176] has quit [Ping timeout: 265 seconds]
02:52 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
03:00 -!- wlarip_ [~wlarip@108.61.123.89] has joined #openvpn
03:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
03:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7880:f86b:6c62:7bf7] has joined #openvpn
03:29 < tjt263> hey guys im trying to connect to a vpn server but i keep getting "vpnc: no response from target"
03:29 < tjt263> but it is online
03:29 < tjt263> and i dropped the firewall on my router to see if it was the problem but it didnt help
03:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7880:f86b:6c62:7bf7] has quit [Ping timeout: 265 seconds]
03:31 <+hyper_ch> !logs
03:31 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
03:39 < tjt263> !welcome
03:40 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:40 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:41 < tjt263> !logfile
03:41 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
03:45 < tjt263> hyper_ch: im not sure exactly what it is you want me to show you, i dont think there are any logs yet
03:52 -!- r8b7xy_ is now known as r8b7xy
03:56 < tjt263> hyper_ch: any suggestions would be appreciated
03:56 <+hyper_ch> !configs
03:56 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
03:56 <+hyper_ch> !logs
03:56 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
04:00 -!- wlarip [~wlarip@108.61.123.80] has joined #openvpn
04:04 <+hyper_ch> I want logs and configs
04:05 -!- wlarip_ [~wlarip@108.61.123.89] has quit [Ping timeout: 272 seconds]
04:07 < tjt263> hyper_ch: basically this is the first time ive tried to use a vpn and it started with this script which i think creates the config
04:07 < tjt263> http://hack.thissystem.net/tunnel.sh
04:09 <+hyper_ch> that uses ipsec... not related to openvpn
04:09 <+hyper_ch> !howto
04:09 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
04:11 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:16 <+hyper_ch> tjt263: you sure you have openvpn?
04:17 < tjt263> hyper_ch: well i used openvpn to create the tun0 interface
04:18 <+hyper_ch> !confgen
04:18 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ or (#3) you must run this in bash
04:19 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:30 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:31 < tjt263> hyper_ch: i apologize for my poor form but can you just say what it is your trying to say without doing that?? you saw the script i used, can you tell me what went wrong? even if it isnt your usual protocol or whatever, you obviously have this vpn knowledge
04:31 <+hyper_ch> !howto
04:31 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
04:31 <+hyper_ch> read that
04:33 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:35 < tjt263> the first lnk
04:35 < tjt263> link?
04:52 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
04:52 < CryptoSiD> tun-mtu seems to change the ipv4 mtu only? at least on windows, i need to change the ipv6 mtu
04:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:00 -!- wlarip_ [~wlarip@108.61.123.85] has joined #openvpn
05:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 256 seconds]
05:04 -!- wlarip [~wlarip@108.61.123.80] has quit [Ping timeout: 272 seconds]
05:10 <+hyper_ch> CryptoSiD: I don't use windows
05:10 <+hyper_ch> tjt263: both links are the same
05:12 -!- AMERICAN_PSYCHO [~AMERICAN_@17.sub-70-196-1.myvzw.com] has joined #openvpn
05:17 < CryptoSiD> im having problem loading youtube vid, im pretty sure its a mtu/mss issue
05:17 < CryptoSiD> i dont have a linux client to test tho
05:17 < CryptoSiD> but same thing happened some month ago with my ipv6 tunnel, it was a mss issue on akamai side
05:19 < CryptoSiD> ive been playing with tun-mtu mssfix and fragment for hours nothing seems to fix it
05:27 -!- BloqueNegro [~nothing@p579E48B4.dip0.t-ipconnect.de] has joined #openvpn
05:31 -!- BloqueNegro [~nothing@p579E48B4.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
05:41 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has joined #openvpn
05:45 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:00 -!- wlarip [~wlarip@108.61.123.86] has joined #openvpn
06:04 -!- wlarip_ [~wlarip@108.61.123.85] has quit [Ping timeout: 244 seconds]
06:04 -!- seba [~seba@kratzbaum.someserver.de] has left #openvpn ["Ping timeout"]
06:12 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4d75:d2ea:f62d:f482] has joined #openvpn
06:14 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Excess Flood]
06:17 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4d75:d2ea:f62d:f482] has quit [Ping timeout: 265 seconds]
06:20 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
07:00 -!- wlarip_ [~wlarip@108.61.123.75] has joined #openvpn
07:04 -!- wlarip [~wlarip@108.61.123.86] has quit [Ping timeout: 265 seconds]
07:11 -!- elfixit [~Icedove@178.197.224.45] has joined #openvpn
07:15 -!- elfixit [~Icedove@178.197.224.45] has quit [Remote host closed the connection]
07:36 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
07:39 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
07:42 -!- elfixit [~Icedove@178.197.232.166] has joined #openvpn
07:48 -!- elfixit [~Icedove@178.197.232.166] has quit [Quit: elfixit]
07:57 -!- KamZou [~Kam@unaffiliated/kamzou] has joined #openvpn
07:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1c49:bced:5d90:2da8] has joined #openvpn
07:59 < KamZou> Hi, i've an issue setting a persistent tun interface. I used the command: openvpn --mktun --dev tun0 --dev-type tun   . I mounted this interface. I've added dev tun0 and dev-type tun in server.conf but now openVPN isn't starting anymore. I've this log only: "openvpn@server.service: control process exited, code=exited status=1" Could someone help me please ?
08:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1c49:bced:5d90:2da8] has quit [Ping timeout: 265 seconds]
08:05 -!- wlarip_ [~wlarip@108.61.123.75] has quit [Ping timeout: 272 seconds]
08:09 < Thermi> KamZou: systemctl show openvpn@server -n 200
08:11 < KamZou> Thermi you want the output ?
08:11 < Thermi> KamZou: Read it yourself and understand it
08:16 < KamZou> can't view any help with that :/
08:24 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 258 seconds]
08:28 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
08:42 -!- KamZou [~Kam@unaffiliated/kamzou] has quit []
08:46 -!- Eugene [~eugene@jack.kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
08:48 -!- Malsasa [~Malsasa@36.84.70.50] has joined #openvpn
08:52 -!- Eugene [~eugene@jack.kashpureff.org] has joined #openvpn
08:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:686f:a9a3:901a:c366] has joined #openvpn
09:00 -!- wlarip_ [~wlarip@108.61.123.78] has joined #openvpn
09:00 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Ping timeout: 252 seconds]
09:01 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
09:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:686f:a9a3:901a:c366] has quit [Ping timeout: 265 seconds]
09:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
09:06 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
09:09 -!- fred`` [~fred@earthli.ng] has joined #openvpn
09:21 -!- Eugene [~eugene@jack.kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
09:22 -!- Eugene [~eugene@jack.kashpureff.org] has joined #openvpn
09:33 -!- AMERICAN_PSYCHO [~AMERICAN_@17.sub-70-196-1.myvzw.com] has quit [Quit: Goodbye!]
10:00 -!- wlarip [~wlarip@108.61.123.72] has joined #openvpn
10:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:bd2f:df7b:f8c2:7a79] has joined #openvpn
10:04 -!- wlarip_ [~wlarip@108.61.123.78] has quit [Ping timeout: 250 seconds]
10:07 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:bd2f:df7b:f8c2:7a79] has quit [Ping timeout: 265 seconds]
10:10 -!- Malsasa [~Malsasa@36.84.70.50] has quit [Ping timeout: 256 seconds]
10:10 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-65-104-122.hsd1.la.comcast.net] has joined #openvpn
10:23 -!- Malsasa [~Malsasa@36.84.70.54] has joined #openvpn
10:41 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
10:43 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
10:53 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 272 seconds]
10:56 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
11:00 -!- wlarip_ [~wlarip@108.61.123.74] has joined #openvpn
11:03 -!- ChrissKO [~ChrissKO@b2b-130-180-99-2.unitymedia.biz] has quit [Remote host closed the connection]
11:04 -!- wlarip [~wlarip@108.61.123.72] has quit [Ping timeout: 256 seconds]
11:06 <+hyper_ch> dazo_afk: I guess I ended up on grawity's ignore list
11:12 < Eugene> Burp
11:17 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2042:9ff3:3278:4823] has joined #openvpn
11:22 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2042:9ff3:3278:4823] has quit [Ping timeout: 256 seconds]
11:45 -!- docmur [~docmur@135-23-136-247.cpe.pppoe.ca] has joined #openvpn
11:46 < docmur> How can I check my cli.conf on Linux using the command line? When I start openvpn, I'm getting OK but I don't see a tun0 interface and I get a TLS error in syslog
11:52 <+esde> >but I don't see a tun0 interface
11:52 <+esde> how are you checking?
11:52 <+esde> !logs
11:52 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:53 <+esde> !configs
11:53 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:53 < docmur> ifconfig -a
11:53 <+esde> !ifconfig-linux
11:53 <@vpnHelper> "ifconfig-linux" is Avoid use of 'ifconfig' and 'route' commands on modern Linux distros. It's old, deprecated, and often misleading/wrong. Use the 'ip a' and 'ip r' commands instead. More info: http://inai.de/2008/0219-ifconfig-sucks.php
11:54 <+esde> that's probably why
11:56 -!- Malsasa [~Malsasa@36.84.70.54] has quit [Read error: Connection reset by peer]
12:00 -!- vikaton [uid59278@gateway/web/irccloud.com/x-brgxuzgvkqtnarec] has joined #openvpn
12:00 < vikaton> Hi
12:00 -!- wlarip [~wlarip@108.61.123.79] has joined #openvpn
12:00 < vikaton> Where can I download openVPN client?
12:00 <+esde> !download
12:00 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
12:01 < vikaton> ohhh
12:03 < vikaton> esde, which option in the config is the openVPN client?
12:03 <+esde> !howto
12:03 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
12:04 -!- wlarip_ [~wlarip@108.61.123.74] has quit [Ping timeout: 258 seconds]
12:19 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
12:31 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Excess Flood]
12:36 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
12:36 -!- mode/#openvpn [+v s7r] by ChanServ
12:41 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
12:54 -!- lotuspsychje [~lotuspsyc@ip-83-134-95-21.dsl.scarlet.be] has joined #openvpn
12:56 < docmur> My openvpn client is trying to establish a connection to the server.  On the server when I tail -f /var/log/openvpn.log I see Connection Refused Code=111  would this be a server or client issue?  It looks liek a port is blocked or something
12:57 < CryptoSiD> server issue
12:58 < CryptoSiD> firewall issue
12:58 < CryptoSiD> anyone running a ipv6 vpn using he tunnel? im having mtu/mss problem
13:00 -!- wlarip_ [~wlarip@108.61.123.87] has joined #openvpn
13:04 -!- wlarip [~wlarip@108.61.123.79] has quit [Ping timeout: 240 seconds]
13:04 < lotuspsychje> docmur: have you read what CryptoSiD suggested
13:05 < docmur> when I nmap the ip of the server for port 1194, it's filtered and on the server when I do iptabnles -S if can see that 1194 is accepted on that IP, so it's not a port issue
13:05 < docmur> and yes
13:05 < lotuspsychje> kk :p
13:07 -!- tjt263 [~tjt263@114-30-113-125.ip.adam.com.au] has quit [Read error: Connection reset by peer]
13:07 < docmur> This is the openvpn.log http://pastie.org/10215391
13:08 < CryptoSiD> is your client firewall blocking outbound connection on port 1194?
13:08 < docmur> :)] # iptables -S | grep 1194
13:08 < docmur> -A INPUT -d 167.114.0.192/32 -p udp -m udp --dport 1194 -j ACCEPT
13:08 < docmur> -A INPUT -d 167.114.16.185/32 -p udp -m udp --dport 1194 -j ACCEPT
13:09 -!- lotuspsychje [~lotuspsyc@ip-83-134-95-21.dsl.scarlet.be] has left #openvpn ["Ik ga weg"]
13:09 < CryptoSiD> so maybe its your client that blocking outbound connection t o 1194
13:10 < CryptoSiD> or your router firewall
13:12 < Thermi> docmur: Make sure your permissive firewall rules are actually acted upon before other rules drop the traffic.
13:12 < Thermi> iptables rules are order dependent
13:18 < docmur> Well I did this on another server in our network and it was fine, it connected right way on reboot :S
13:19 < docmur> on the client I have no iptables rules
13:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:75e4:c9a6:276a:f181] has joined #openvpn
13:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:75e4:c9a6:276a:f181] has quit [Ping timeout: 256 seconds]
13:35 < docmur> It's a certifcate error
13:35 < docmur> :-)
13:35 -!- docmur [~docmur@135-23-136-247.cpe.pppoe.ca] has quit [Quit: Lost terminal]
13:39 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has left #openvpn []
13:42 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Quit: AAAGH!  IT BURNS!]
13:44 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
13:45 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has joined #openvpn
14:00 -!- wlarip [~wlarip@108.61.123.76] has joined #openvpn
14:03 -!- Tonux [~Tonux@host86-174-133-112.range86-174.btcentralplus.com] has joined #openvpn
14:04 -!- wlarip_ [~wlarip@108.61.123.87] has quit [Ping timeout: 246 seconds]
14:08 -!- nickSwe [~quassel@cpe-76-187-131-228.tx.res.rr.com] has joined #openvpn
14:09 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
14:15 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has joined #openvpn
14:25 -!- docmur [~docmur@135-23-136-247.cpe.pppoe.ca] has joined #openvpn
14:26 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
14:31 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 272 seconds]
14:34 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
14:39 < Raku_> I recently switched network adapters(wireless card to usb adapter) so my active interface is now wlan1, i did the proper iptable command to switch over and i can connect to my vpn but nothing works
14:39 < Raku_> I can't load any websites, ping any local resources, or even ssh to the server
14:41 < docmur> If I use easyrsa to generate a client certifcate on a server which serves multiple clients, do I also have to generate a server side cert?  This is how I generate the client: http://pastie.org/10215476  but it won't let me connect with that cient cert, so I must be missing something else
14:45 <+hyper_ch> !howto
14:45 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
14:45 <+hyper_ch> docmur: check the PKI section
14:45 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 272 seconds]
14:46 -!- troyt [~troyt@2601:7:6200:2991:44dd:acff:fe85:9c8e] has joined #openvpn
14:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:01 < docmur> fix it by changing the remote line
15:01 < docmur> which I should of had to, all the other clients use what I had originalyl
15:09 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 265 seconds]
15:11 -!- cagedwisdom [~X@203-206-28-74.dyn.iinet.net.au] has joined #openvpn
15:14 -!- nickSwe [~quassel@cpe-76-187-131-228.tx.res.rr.com] has quit [Read error: Connection reset by peer]
15:15 -!- nickSwe [~quassel@cpe-76-187-131-228.tx.res.rr.com] has joined #openvpn
15:20 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
15:47 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
15:47 -!- cagedwisdom [~X@203-206-28-74.dyn.iinet.net.au] has quit [Ping timeout: 264 seconds]
15:48 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
15:53 < CryptoSiD> anyone running a ipv6 vpn using he tunnel? im having mtu/mss problem (sometime youtube video never start)
15:53 < CryptoSiD> if i stop the vpn everything work fine
15:59 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 244 seconds]
15:59 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
16:10 -!- nickSwe [~quassel@cpe-76-187-131-228.tx.res.rr.com] has quit [Read error: Connection reset by peer]
16:30 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-65-104-122.hsd1.la.comcast.net] has quit [Quit: Goodbye!]
16:40 -!- stew-a [6d9d432a@gateway/web/freenode/ip.109.157.67.42] has joined #openvpn
16:43 < stew-a> hey, i'm trying to set up a routed vpn, it's sort of half working in that I can see TCP syn packets coming in on a particular machine, but the machine that's receiving them seems to be sending the ACKs back to it's default gateway and from there they are just disappearing, not showing up on the openvpn server via tcpdump, I'm out of ideas as to what to do about this
16:44 -!- ser_berry [~ser_pounc@unaffiliated/ser-berry/x-3954354] has left #openvpn ["I have to return some video tapes."]
16:44 < stew-a> Additionally, any traffic I send to the remote client is being received, but while it's routing table appears correct, wireshark on the TUN interface is catching the incoming SYNs but no outgoing ACKs, again I have no idea where to go with this
16:45 < stew-a> that's wireshark on the TUN interface on the remote client
16:48 < stew-a> Server config: http://pastebin.com/ZJZQ0PQX
16:50 -!- docmur [~docmur@135-23-136-247.cpe.pppoe.ca] has quit [Quit: Lost terminal]
16:51 < stew-a> Client config: http://pastebin.com/icLbzU3w
16:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:01 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:01 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:02 -!- badon_ is now known as badon
17:11 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has quit [Ping timeout: 272 seconds]
17:17 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 245 seconds]
17:20 < Eugene> It's usually "stop blocking ICMP"
17:20 < Eugene> I run it just fine on my tunnel, without anything besides the v6 options
17:21 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 256 seconds]
17:24 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has joined #openvpn
17:37 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
17:40 -!- Tonux [~Tonux@host86-174-133-112.range86-174.btcentralplus.com] has quit [Quit: Leaving]
17:40 < fred``> i think there's a error in gen-sample-keys.sh
17:41 -!- TyrfingMjolnir [~Tyrfing@90.149.171.52] has quit [Quit: Searching for Waimea]
17:41 < fred``> line 54 should end with -genkey - otherwise the ecparam-pem is always empty
17:42 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
17:45 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
18:08 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
18:08 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:10 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
18:10 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
18:20 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
18:20 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
18:25 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 255 seconds]
18:33 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
18:51 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
19:06 -!- stew-a [6d9d432a@gateway/web/freenode/ip.109.157.67.42] has quit [Quit: Page closed]
19:20 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
20:06 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 265 seconds]
20:14 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7940:c9c9:4229:b83b] has joined #openvpn
20:28 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
20:29 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 255 seconds]
20:40 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
20:53 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7940:c9c9:4229:b83b] has quit [Remote host closed the connection]
20:53 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7940:c9c9:4229:b83b] has joined #openvpn
20:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7940:c9c9:4229:b83b] has quit [Remote host closed the connection]
20:55 -!- zalami_ [~realnameo@unaffiliated/zalami] has quit [Remote host closed the connection]
20:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
21:04 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
21:05 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
21:20 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
21:24 -!- tjt263 [~tjt263@106-68-40-246.dyn.iinet.net.au] has joined #openvpn
21:25 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
21:42 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
21:49 < L0uk3> Is the openvpn-as "node name" stored in a config file or is it pulled from the hostname?
21:50 < L0uk3> I'd like to change the hostname of my server. The certs use CN="nodename" and I don't want to break the auth by changing the hostname.
21:51 <+hyper_ch> !as
21:51 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
21:54 < L0uk3> Same question for OpenVPN.
21:55 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
21:58 < L0uk3> I'll bounce to the other channel. Thank you.
22:00 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has left #openvpn ["bis später"]
22:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:04 -!- wlarip [~wlarip@108.61.123.76] has quit [Ping timeout: 256 seconds]
22:09 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
22:09 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
22:11 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
22:13 -!- wlarip_ is now known as wlarip
22:14 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
22:14 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
22:16 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
22:21 -!- zalami [~realnameo@unaffiliated/zalami] has joined #openvpn
22:35 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:35 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-ghyeqgcmszkvesak] has left #openvpn []
23:00 -!- wlarip_ [~wlarip@108.61.123.67] has joined #openvpn
23:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
23:08 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
23:14 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
23:22 -!- ShadniX [dagger@p5DDFFA08.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:22 -!- ShadniX [dagger@p5DDFC1F4.dip0.t-ipconnect.de] has joined #openvpn
23:26 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
23:48 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
--- Day changed Sun May 31 2015
00:00 -!- wlarip [~wlarip@108.61.123.89] has joined #openvpn
00:04 -!- wlarip_ [~wlarip@108.61.123.67] has quit [Ping timeout: 256 seconds]
00:05 -!- OG_s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
00:05 -!- OG_s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Client Quit]
00:06 -!- OG_s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
00:06 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 272 seconds]
00:06 -!- OG_s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Client Quit]
00:06 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
00:12 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has joined #openvpn
00:23 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
00:35 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
00:44 -!- zalami_ [~realnameo@unaffiliated/zalami] has joined #openvpn
00:45 -!- zalami [~realnameo@unaffiliated/zalami] has quit [Ping timeout: 250 seconds]
00:59 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
01:00 -!- wlarip_ [~wlarip@108.61.123.73] has joined #openvpn
01:04 -!- wlarip [~wlarip@108.61.123.89] has quit [Ping timeout: 264 seconds]
01:12 -!- Anakat [~anakat@195.210.182.66] has joined #openvpn
01:36 -!- zalami_ [~realnameo@unaffiliated/zalami] has quit [Quit: no i leave now yes]
02:00 -!- wlarip [~wlarip@108.61.123.77] has joined #openvpn
02:02 -!- Kesker [~Kesk@unaffiliated/kesker] has joined #openvpn
02:04 -!- wlarip_ [~wlarip@108.61.123.73] has quit [Ping timeout: 252 seconds]
02:04 -!- Kesker [~Kesk@unaffiliated/kesker] has left #openvpn []
02:12 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has joined #openvpn
02:21 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
02:38 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:53 -!- Anakat [~anakat@195.210.182.66] has quit []
02:58 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has quit [Ping timeout: 246 seconds]
02:58 -!- s7eele [~AndChat52@208.167.254.91] has joined #openvpn
03:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
03:04 -!- wlarip [~wlarip@108.61.123.77] has quit [Ping timeout: 256 seconds]
03:08 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Ping timeout: 272 seconds]
03:15 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 248 seconds]
03:23 -!- ChrissKO [~ChrissKO@b2b-130-180-99-2.unitymedia.biz] has joined #openvpn
03:51 -!- Junko [~Junkass@gateway/vpn/privateinternetaccess/junka] has joined #openvpn
03:54 < Junko> why doesnt openvpn have the up/down script for creating/restoring the dns ?
03:56 < Junko> seems that the windows version has it, if i am not mistaken
04:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
04:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
04:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:18 -!- Junko [~Junkass@gateway/vpn/privateinternetaccess/junka] has quit [Quit: B-Bye!]
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
05:00 -!- wlarip_ [~wlarip@108.61.123.67] has joined #openvpn
05:03 -!- soLucien [~Lu@130.225.165.39] has quit [Ping timeout: 256 seconds]
05:04 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 244 seconds]
05:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
05:08 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
05:23 -!- TyrfingMjolnir [~Tyrfing@52.90-149-171.nextgentel.com] has quit [Ping timeout: 252 seconds]
05:24 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:25 -!- ChrissKO [~ChrissKO@b2b-130-180-99-2.unitymedia.biz] has quit [Remote host closed the connection]
06:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:04 -!- wlarip_ [~wlarip@108.61.123.67] has quit [Ping timeout: 252 seconds]
06:05 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
06:28 -!- BloqueNegro [~nothing@p579E48B4.dip0.t-ipconnect.de] has joined #openvpn
06:42 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
06:44 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:47 -!- wlarip [~wlarip@209.26.240.148] has quit [Ping timeout: 265 seconds]
07:00 -!- wlarip [~wlarip@108.61.123.87] has joined #openvpn
07:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
07:07 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
07:07 -!- mode/#openvpn [+v hyper_ch] by ChanServ
07:08 <+hyper_ch> dazo_afk: why use ExecStop and not ExecStopPre? To my understanding the ExecStopPre would run before the vpn gets closed
07:58 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Quit: WeeChat 0.4.2]
07:58 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
08:00 -!- wlarip_ [~wlarip@108.61.123.66] has joined #openvpn
08:04 -!- wlarip [~wlarip@108.61.123.87] has quit [Ping timeout: 244 seconds]
08:15 -!- wlarip [~wlarip@108.61.123.75] has joined #openvpn
08:15 -!- wlarip_ [~wlarip@108.61.123.66] has quit [Ping timeout: 255 seconds]
08:26 -!- zheng [~zheng@180.157.6.38] has joined #openvpn
08:27 -!- zheng [~zheng@180.157.6.38] has quit [Remote host closed the connection]
08:28 -!- zheng [~zheng@180.157.6.38] has joined #openvpn
08:28 -!- zheng [~zheng@180.157.6.38] has quit [Max SendQ exceeded]
08:39 -!- zheng [~zheng@180.157.6.38] has joined #openvpn
08:41 -!- zheng [~zheng@180.157.6.38] has quit [Remote host closed the connection]
08:41 -!- zheng [~zheng@180.157.6.38] has joined #openvpn
08:44 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
08:45 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
08:45 -!- mode/#openvpn [+v s7r] by ChanServ
08:52 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
09:00 -!- cylon512 [~cylon@2.92.156.101] has quit [Quit: leaving]
09:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:03 -!- wlarip [~wlarip@108.61.123.75] has quit [Ping timeout: 265 seconds]
09:16 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 255 seconds]
09:17 -!- zheng [~zheng@180.157.6.38] has quit [Quit: Leaving]
09:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:53 -!- Malsasa [~Malsasa@36.84.70.12] has joined #openvpn
10:00 -!- wlarip [~wlarip@108.61.123.69] has joined #openvpn
10:03 -!- Malsasa [~Malsasa@36.84.70.12] has quit [Ping timeout: 252 seconds]
10:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
10:17 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Quit: Konversation terminated!]
10:17 -!- samopotamus [~seeder@ks4002259.ip-198-100-147.net] has joined #openvpn
10:20 -!- JackWinter [~jack@vodsl-4965.vo.lu] has joined #openvpn
10:21 -!- stemid [~avatar@vpn.sydit.se] has joined #openvpn
10:21 < stemid> anyone have any tips on running openvpn as an unprivilged user with selinux on fedora? I'm following this guide https://community.openvpn.net/openvpn/wiki/UnprivilegedUser but I get stopped trying to execute unpriv-ip and the selinux openvpn_unpriv_hack does not work.
10:21 <@vpnHelper> Title: UnprivilegedUser – OpenVPN Community (at community.openvpn.net)
10:22 < stemid> I've also tried extending that semodule with additional lines from audit.log that get generated, but it does not help.
10:25 < BtbN> I don't think that's possible, it has to start as root initialy, for the tun/tap device creation.
10:25 < BtbN> And routes and ips and stuff
10:26 < stemid> actually this is where I'm stuck now http://fpaste.org/227415/85981143/
10:26 < stemid> unpriv-ip error seems to have gone away
10:27 < stemid> I can't find this link call anywhere in /etc/openvpn
10:27 < stemid> but tun666 is my amusing name
10:27 < stemid> on the tun device
10:27 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
10:27 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
10:27 < stemid> BtbN: I assume it does start with root and then drops privileges to the openvpn user. I mean, there's a doc on using this method on the official openvpn.net website.
10:28 < stemid> no you're right "This is more secure than the built-in directives(--user and --group) because the openvpn process is never started with root permissions. "
10:28 < stemid> from the doc
10:29 < BtbN> stemid, yes, that's what the user/group options do
10:29 < BtbN> but you have to initialy launch it as root
10:29 < BtbN> it does what it needs to do, and then drops privileges
10:29 < BtbN> Some configurations require it to be running as root the whole time though
10:33 < stemid> hm I guess I'll have to rethink my approach here. I was actually never trying to launch openvpn with su as in that document I linked.
10:33 < stemid> I'm satisfied with standard systemd units and user/group directives.
10:37 -!- BloqueNegro [~nothing@p579E48B4.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
10:58 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
11:00 -!- wlarip_ [~wlarip@108.61.123.81] has joined #openvpn
11:03 -!- wlarip [~wlarip@108.61.123.69] has quit [Ping timeout: 252 seconds]
11:12 -!- Malsasa [~Malsasa@36.84.70.15] has joined #openvpn
11:28 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
11:28 -!- mode/#openvpn [+v s7r] by ChanServ
11:37 -!- wlarip_ is now known as wlarip
11:46 -!- james41382__ [~james4138@unaffiliated/james41382] has joined #openvpn
11:50 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
12:00 -!- wlarip_ [~wlarip@108.61.123.71] has joined #openvpn
12:02 -!- Malsasa [~Malsasa@36.84.70.15] has quit [Read error: Connection reset by peer]
12:03 -!- wlarip [~wlarip@108.61.123.81] has quit [Ping timeout: 250 seconds]
12:09 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
12:19 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
12:21 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
12:26 -!- james41382__ [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
12:45 -!- pk12 [~pk12@23.31.197.2] has joined #openvpn
12:52 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 244 seconds]
12:53 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
12:58 -!- pk12 [~pk12@23.31.197.2] has quit [Quit: Textual IRC Client]
13:00 -!- wlarip [~wlarip@108.61.123.82] has joined #openvpn
13:04 -!- wlarip_ [~wlarip@108.61.123.71] has quit [Ping timeout: 272 seconds]
13:11 -!- Eugene [~eugene@jack.kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
13:12 -!- Eugene [~eugene@jack.kashpureff.org] has joined #openvpn
13:18 -!- Eugene [~eugene@jack.kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
13:19 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
13:36 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 265 seconds]
13:38 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
13:55 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:03 -!- wlarip [~wlarip@108.61.123.82] has quit [Ping timeout: 246 seconds]
14:16 -!- barnex [~barnex@89-67-158-237.dynamic.chello.pl] has joined #openvpn
14:16 < barnex> Hey… I'm having some issues with openvpn install that was working fine a while ago.
14:17 < barnex> I think this error might have something to do with it: Sun May 31 21:14:20 2015 ERROR: Linux route add command failed: external program exited with error status: 2
14:17 < barnex> basically I can access the LAN behind the openvpn server, but I cannot access the web when connected to vpn anymore.
14:18 < barnex> here's the full log: http://paste.ubuntu.com/11479451/
14:21 < barnex> and I'm trying to delete the route with 'sudo route del -net 83-144-114-118. gw 192.168.13.1 netmask 255.255.255.255 dev p3p1', but I'm getting 'unknown host'
14:24 < barnex> well, it worked when I changed - in the address to ., it has solved the error, but still no net connection
14:27 < barnex> heh, nevermind I guess. I disabled route pulling on the client side and I'm using openvpn only for lan now and it sort of works and I don't care that much about routing all of my traffic.
14:36 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
14:54 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 246 seconds]
15:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
15:02 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
15:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
15:03 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
15:25 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
15:36 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
15:37 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Remote host closed the connection]
15:39 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
15:39 -!- ChrissKO [~ChrissKO@85.183.43.48] has joined #openvpn
15:42 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has quit [Read error: Connection reset by peer]
15:47 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has joined #openvpn
16:00 -!- wlarip_ [~wlarip@108.61.123.88] has joined #openvpn
16:00 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
16:18 -!- tjt263 [~tjt263@106-68-40-246.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
16:32 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
16:35 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
16:36 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
16:38 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
16:39 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 240 seconds]
16:40 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
16:47 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
16:53 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
17:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:04 -!- wlarip_ [~wlarip@108.61.123.88] has quit [Ping timeout: 265 seconds]
17:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:12 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
17:13 -!- s7eele [~AndChat52@208.167.254.91] has quit [Remote host closed the connection]
17:14 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:16 -!- Kobaz [~kobaz@its.kobaz.net] has joined #openvpn
17:18 -!- Latrina [~Latrina@adsl-ull-126-217.50-151.net24.it] has quit [Ping timeout: 265 seconds]
17:19 -!- Latrina [~Latrina@ppp-177-2.26-151.libero.it] has joined #openvpn
17:28 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 276 seconds]
17:30 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
17:40 -!- phantomcircuit [~phantomci@smartcontracts.us] has joined #openvpn
17:41 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 256 seconds]
18:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
18:33 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Quit: o_O_o]
18:38 < samopotamus> For some reason my client configuration isn't staying put after reboot when I use sudo openvpn --config /path/to/client.ovpn
18:38 < samopotamus> This is on a Raspbian client.
18:39 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
18:41 <+esde> wat
18:41 < samopotamus> Hmm?
18:42 -!- s7eele [~AndChat52@208.167.254.91] has joined #openvpn
18:44 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:588f:d660:b99f:378] has joined #openvpn
18:47 -!- r8b7xy [~weechat@104.238.169.119] has quit [Ping timeout: 276 seconds]
19:00 -!- wlarip [~wlarip@108.61.123.77] has joined #openvpn
19:02 -!- r8b7xy [~weechat@104.238.169.71] has joined #openvpn
19:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
19:11 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 246 seconds]
19:13 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
19:21 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has joined #openvpn
19:21 < Moonlightning> !windows
19:21 <@vpnHelper> "windows" is (#1) computers are like air conditioners, they work well until you open windows. or (#2) http://secure-computing.net/files/windows.jpg for funny or (#3) http://secure-computing.net/files/windows_2.jpg for more funny
19:22 < Moonlightning> > secure-computing.net
19:22 < Moonlightning> > link is HTTP not over TLS
19:23 <+esde> K
19:23 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
19:23 < Moonlightning> Anyway, I do have an actual question. Are there major restrictions involved with supporting Windows clients? I seem to remember reading something in the docs, but I don't remember it at all.
19:23 <+esde> huh?
19:24 < Moonlightning> Something about Windows not supporting TUN, or only being able to have a /22 or something?
19:25 <+esde> https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide
19:25 <@vpnHelper> Title: Easy_Windows_Guide – OpenVPN Community (at community.openvpn.net)
19:28 < Moonlightning> That doesn't mention anything about either.
19:28 <+esde> Yeah i don't know what you're talking about
19:29 -!- krav [~kravlin@unaffiliated/kravlin] has joined #openvpn
19:29 < krav> does anyone mind helping me update a config? i'm trying to have it not route any traffic on internal networks through the VPN
19:29 <+esde> !configs
19:29 <+esde> !logs
19:29 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
19:29 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
19:30 <+esde> !pastebin
19:30 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
19:30 < Moonlightning> If I want to support Windows clients on my VPN, are there any restrictions on the configuration of the network, or is it as flexible as supporting *nix clients?
19:30 < krav> but i'm having issues understanding the sytax.
19:30 < krav> esde, thanks, but i know that the route command is what I need. it's just the syntax that's a bit squrrly.
19:30 <+esde> krav if you don't share your configs in the manner prescribed above, we cna't help you
19:30 < krav> esde, ok
19:31 < krav> http://www.fpaste.org/227498/43311869/ <----config
19:33 < krav> what i'm trying to do, is split all traffic from 192.168.*.*
19:33 < krav> as it's my home network, and I'd like to be able to access my local network resources
19:33 <+esde> are you using 192.168.1.1 as the vpn's internal network?
19:34 < krav> i am not, the vpn internal network is 10
19:34 < krav> 10.0.0.0/24
19:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:588f:d660:b99f:378] has quit [Remote host closed the connection]
19:35 <+esde> you want to be able to access the client's lan? if so from where, the clients, server?
19:36 < krav> the client. so this is the config on the client, which has a local IP of 192.168.*.*, and a VPN ip of 10.0.0.*
19:36 <+esde> that does not answer my question
19:36 < krav> I want to be able to access the client's lan from the client.
19:38 <+esde> !clientlan
19:38 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
19:38 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
19:39 < krav> so. what you're saying, is that I can't actually do that without modifying the server.
19:40 <+esde> !both
19:40 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
19:40 < krav> sounds good. enjoy your botcommands.
19:40 < krav> and thanks
19:40 <+esde> np
19:45 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:48 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:01 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
20:01 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
20:02 -!- badon_ is now known as badon
20:03 -!- wlarip [~wlarip@108.61.123.77] has quit [Ping timeout: 244 seconds]
20:07 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 240 seconds]
20:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
20:15 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
20:21 -!- wlarip_ is now known as wlarip
20:22 -!- s7eele [~AndChat52@208.167.254.91] has quit [Quit: Bye]
20:23 -!- s7eele [~AndChat52@208.167.254.201] has joined #openvpn
20:49 -!- shadok_ [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 264 seconds]
20:54 -!- Malsasa [~Malsasa@202.154.56.138] has joined #openvpn
20:55 -!- mjkr [~textual@unaffiliated/mjkr] has joined #openvpn
20:55 < mjkr> how does UDP fragmentation affect network performance when I have OpenVPN over TCP? how does it compare with UDP sans fragmentation with OpenVPN over TCP?
20:57 < mjkr> does the UDP fragmentation in this case consumes the same CPU processing time that would take from the case of UDP fragmentation over IP (instead of over OpenVPN over TCP over IP)
20:58 < mjkr> moreover, when I have OpenVPN over TCP, how do I determine to right MTU to set on the tun device?
20:58 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
21:00 -!- fixi [~fixi@unaffiliated/fixi] has quit [Ping timeout: 265 seconds]
21:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
21:00 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.1.1]
21:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
21:05 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
21:05 -!- Malsasa [~Malsasa@202.154.56.138] has quit [Ping timeout: 264 seconds]
21:07 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
21:14 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
21:17 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
21:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
21:40 -!- xecycle [~user@202.120.55.140] has joined #openvpn
21:42 < xecycle> Hi; trying a simple setup, but the client is complaining unable to get certificate CRL.  Can I disable CRL verify?  I do not need the security features of CRL, and would like it to just "explode" if keys compromised.
21:45 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
21:45 -!- mode/#openvpn [+v RBecker] by ChanServ
21:46 -!- Malsasa [~Malsasa@125.164.135.71] has joined #openvpn
21:49 < xecycle> Huh changing capath to bundle ca fixed it, never mind.
22:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
22:10 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:14 -!- mjkr [~textual@unaffiliated/mjkr] has quit [Quit: Textual IRC Client: www.textualapp.com]
22:21 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
22:32 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
22:33 -!- vikaton [uid59278@gateway/web/irccloud.com/x-brgxuzgvkqtnarec] has quit [Quit: Connection closed for inactivity]
23:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
23:14 -!- xecycle [~user@202.120.55.140] has left #openvpn ["ERC (IRC client for Emacs 24.5.1)"]
23:21 -!- ShadniX [dagger@p5DDFC1F4.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:21 -!- ShadniX_ [dagger@p5481CEFE.dip0.t-ipconnect.de] has joined #openvpn
23:21 -!- ShadniX_ is now known as ShadniX
23:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d136:662d:9663:20d] has joined #openvpn
23:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d136:662d:9663:20d] has quit [Remote host closed the connection]
23:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d136:662d:9663:20d] has joined #openvpn
23:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d136:662d:9663:20d] has quit [Remote host closed the connection]
23:53 -!- ChrissKO [~ChrissKO@85.183.43.48] has quit [Remote host closed the connection]
23:57 -!- msn [~msn@182.72.55.194] has joined #openvpn
--- Day changed Mon Jun 01 2015
00:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
00:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
00:07 < Raku_> I recently switched network adapters, but i left the old one in and disabled, so my active interface is now wlan1, ever since I did that though my vpn has completely stopped functioning past my ability to connect to it, is there a setting somewhere for telling it which interface to use or something that i missed?
00:11 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:11 -!- zadock [~zadock@81.180.210.87] has joined #openvpn
00:13 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:20 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:23 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 264 seconds]
00:28 -!- msn [~msn@182.72.55.194] has quit [Ping timeout: 252 seconds]
00:40 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9c1e:51aa:3599:c201] has joined #openvpn
00:41 -!- msn [~msn@117.55.242.50] has joined #openvpn
00:42 -!- Malsasa [~Malsasa@125.164.135.71] has quit [Ping timeout: 272 seconds]
00:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9c1e:51aa:3599:c201] has quit [Ping timeout: 265 seconds]
01:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
01:07 -!- zadock [~zadock@81.180.210.87] has quit [Quit: Leaving]
01:14 -!- Malsasa [~Malsasa@125.164.136.74] has joined #openvpn
01:48 -!- AMERICAN_PSYCHO [~AMERICAN_@92.sub-70-196-0.myvzw.com] has joined #openvpn
01:48 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 265 seconds]
01:51 -!- msn [~msn@117.55.242.50] has quit [Ping timeout: 245 seconds]
01:54 -!- tjt263 [~tjt263@106-68-40-246.dyn.iinet.net.au] has joined #openvpn
01:55 -!- Malsasa [~Malsasa@125.164.136.74] has quit [Ping timeout: 258 seconds]
01:56 -!- Malsasa [~Malsasa@125.164.131.32] has joined #openvpn
01:56 -!- AMERICAN_PSYCHO [~AMERICAN_@92.sub-70-196-0.myvzw.com] has quit [Ping timeout: 255 seconds]
01:57 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
02:00 -!- tjt263 [~tjt263@106-68-40-246.dyn.iinet.net.au] has quit [Ping timeout: 265 seconds]
02:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
02:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
02:04 -!- msn [~msn@117.55.242.50] has joined #openvpn
02:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:28 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:31 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
02:31 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
02:53 -!- zadock [~zadock@cthulhu.tuiasi.ro] has joined #openvpn
02:54 -!- zadock [~zadock@cthulhu.tuiasi.ro] has quit [Remote host closed the connection]
03:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
03:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
03:10 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-nvwdfqrxesnfilik] has quit [Ping timeout: 256 seconds]
03:11 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-inpdyobppyulnhua] has joined #openvpn
03:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a536:beb5:73da:9f41] has joined #openvpn
03:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a536:beb5:73da:9f41] has quit [Ping timeout: 256 seconds]
03:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:35 -!- mode/#openvpn [+o mattock1] by ChanServ
03:50 -!- r8b7xy [~weechat@104.238.169.71] has quit [Ping timeout: 245 seconds]
04:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
04:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 255 seconds]
04:12 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:13 -!- dazo_afk is now known as dazo
04:18 <@dazo> !dd-wrt
04:18 <@vpnHelper> "dd-wrt" is (#1) While some users have success with dd-wrt, the build system isn't very accessible to users and there have been security issues with the distro. Consider carefully if this is the platform you want to use for OpenVPN or (#2) Firewall oopsie : http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783 or (#3) more issues: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=84536
04:27 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:54 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
05:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
05:02 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has quit [Ping timeout: 255 seconds]
05:02 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
05:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
05:17 -!- soLucien [~Lu@178.62.252.248] has quit [Disconnected by services]
05:21 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 250 seconds]
05:21 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Ping timeout: 250 seconds]
05:21 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Ping timeout: 250 seconds]
05:22 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
05:23 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
05:27 -!- RBecker [~RBecker@openvpn/user/RBecker] has joined #openvpn
05:27 -!- mode/#openvpn [+v RBecker] by ChanServ
05:34 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
05:38 -!- Muad`Dib [~muaddib@unaffiliated/shadok] has joined #openvpn
05:41 -!- Malsasa [~Malsasa@125.164.131.32] has quit [Killed (wilhelm.freenode.net (Nickname regained by services))]
05:43 < ShapeShifter499> dazo: wait why is this in here?   this is openwrt not dd-wrt
05:43 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 258 seconds]
05:43 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 258 seconds]
05:43 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Ping timeout: 258 seconds]
05:43 -!- shadok_ [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 258 seconds]
05:43 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 258 seconds]
05:44 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
05:44 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
05:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e14a:e35d:143c:7e9] has joined #openvpn
05:55 <@dazo> ShapeShifter499: this channel is openVPN ... neither openWRT nor dd-wrt, but OpenVPN is available on both of these
05:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 276 seconds]
05:56 < ShapeShifter499> dazo: sorry m8
05:57 < ShapeShifter499> dazo: it's late and I totally did not read the side bar full of irc channels
05:57 <@dazo> :)
06:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:02 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
06:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
06:16 < msn> is there a way to have openvpn authenticate a set of users with cert+user/pass and other set with just cert+static key without running 2 instances of openvpn
06:32 -!- Malsasa [~Malsasa@125.164.131.32] has joined #openvpn
06:41 -!- Caplain [~shayne@c-68-34-28-235.hsd1.mi.comcast.net] has joined #openvpn
06:42 <@dazo> msn: what do you mean with 'static key'?
06:42 < Caplain> my server is 125/25mbit and my client is 500/150mbit but i can't get anything faster than 500kBps via smb. im using tap0 tcp
06:42 -!- Malsasa [~Malsasa@125.164.131.32] has quit [Remote host closed the connection]
06:42 <@dazo> !gigabit
06:42 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
06:42 <@dazo> Caplain: ^^^^ some tuning tricks here
06:43 < Caplain> oh? tuning tricks? i think i need an overhaul. 500kBps != 100mbit!!!!!
06:43 <@dazo> Caplain: with that said ... tap + tcp is probably the worst combination too ... try tun + udp instead for lowest tunnel overhead
06:43 < Caplain> i heard tcp has nasty overhead, that's it so far
06:43 < Caplain> dazo, i couldn't get wins broadcasting working over multiple subnets with tun, though
06:44 < Caplain> at this point i need to write a provisioning script. i actually have 5 clients. this has been a fun project...BAR TENDER!!!!!
06:44 <@dazo> ouch ... because that will also give a nasty overhead, with all the broadcast traffic from the subnets going over the VPN tunnel too
06:45 < Caplain> dazo, i thought of that. doing bcrelay and such. instead i put samba on the edge router and had that manage the master browser list. voila! now only winxp doesn't show up half the time :P
06:46 <@dazo> if samba is running on the same server as openvpn ... tun shouldn't be that complicated either, using wins support in samba
06:46 <@dazo> but seriously, the first thing to look at is tcp+tap ... without changing that, you will have performance issues
06:47 < Caplain> yeah i got wins on full blast. works very well. hopefully, though, i'll be able to setup a dc on my .224.0/24 and still have the .225.0/24's join it
06:47 < Caplain> can i do udp tap?
06:47 <@dazo> yes, but tap is hurting more than tcp
06:47 < Caplain> i'd love if i could get wins broadcasting on udp tun, i also want a v12 mercedes
06:48 < Caplain> cause of layer 2?
06:48 <@dazo> especially if you have lots of broadcast happening
06:48 <@dazo> yeah
06:48 < Caplain> blankity blank
06:48 < Caplain> no bc relay, i got erl's lil gui up monitoring traffic, it doesn't go above 5mbit no matter what!!! lol
06:49 < Caplain> i think i should start a blog before i continue. no sense in all these hours going to almost nothing
06:49 < Caplain> i'll try udp/tun performance tests
06:50 < Caplain> the ERL needs to do decrypt on aes packets, would that slow it down, too?
06:50 <@dazo> if you're writing about openvpn ... please let us proof-read it (many good people can help out on this channel doing that - trust at least those with op mode)
06:51 <@dazo> because there are too many crappy, faulty and completely wrong openvpn blogs on the internet ... which we have to fight against way too often
06:51 <@dazo> (covering everything from causing bad performance, wrong routing and even decreased security)
06:53 <@dazo> and if your writing is good, we can help out making it more official too ... like the !gigabit wiki page
06:54 -!- AMERICAN_PSYCHO [~AMERICAN_@108.sub-70-195-198.myvzw.com] has joined #openvpn
07:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:01 < Caplain> dazo, i think that's something i should do. i've been looking for a job
07:01 < Caplain> i've been on freenode for over a decade. im quite aware that anyone can post anything online lol
07:01 <@dazo> if it's good and correct, you'll have our support :)
07:02 < Caplain> my docs will most likely come with a heads up that i do NOT do security. i make things do stuff they're not made to do, instead. security really borks with that...but it's a good start
07:02 < Caplain> yay :)
07:02 < Caplain> i just ran performance tests. 3mbit-6mbit over the pipes
07:02 < Caplain> i don't recall signing up for dsl :P
07:03 -!- r8b7xy [~weechat@104.238.169.134] has joined #openvpn
07:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
07:05 < Caplain> i suppose my page will be like the gigabit page but be catered to those who have a fat pipe that want to tune to that
07:05 < Caplain> half of my clients are on the other side of the country about 1k miles away. i do expect _some_ lag
07:10 -!- wlarip_ is now known as wlarip
07:13 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has quit [Remote host closed the connection]
07:13 < msn> dazo: i mean tls-auth only for hosts and user/password only for users and no vice versa possible
07:14 <@dazo> msn: tls-auth changes the wire-protocol somewhat, so you cannot have tls-auth for only some connections
07:15 <@dazo> msn: but I'd strongly recommend and encourage you to enable --tls-auth for *all* clients, no matter ... you can also embedd the tls-auth key inside the config file
07:15 <@dazo> the reason is that it has proven to provide an extra safety net against bugs in many (if not most) openssl bugs
07:16 < msn> hmm k thanks, so now how do i enable a different auth for hosts then users such that, in some bizzare case if a user gets hand on a server certificat (which will not happen) they should not be able to use it
07:17 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Read error: Connection reset by peer]
07:17 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
07:17 <@dazo> msn: you can provide user/auth authentication automated too ... by providing a filename to --auth-user-pass ... the first line in that file you point at contains the username, and the second one the password
07:17 < msn> hmm k i wanted to avoid that but I guess that's better then nothing
07:18 <@dazo> it is actually the simplest configuration you can have ... as when you start adding different authentication schemes, you'll have a completely different challenge in auditing the authentications which happens
07:19 < msn> right now i am using a very simple script to auth the host against AD
07:19 -!- Malsasa [~Malsasa@36.81.97.107] has joined #openvpn
07:20 <@dazo> msn: right, and that script can also check the client cert subject and go a different auth route for servers ... so all servers don't have to be in the AD (unless it's windows servers which are the clients - they are most likely already somehow in AD)
07:21 < msn> hmm thanks for the idea :) i would work on that
07:21 < msn> or maybe I would just add all hosts to my samba4 domain
07:21 < msn> which would be needed anyway since I am enabling GSSAPI on ssh
07:22 <@dazo> sounds reasonable
07:22 <@dazo> for a more integrated Linux/AD integration with Kerberos/GSSAPI ... have a look at FreeIPA
07:26 < msn> hmm i did look but didn't find anything useful
07:26 < msn> I mean its ldap+Kerberos already for samba4
07:26 < msn> and I am unifying all auth under it so adding another layer ...
07:28 <@dazo> msn: IPA provides a trust relation ship between AD and Linux boxes ... so user accounts works across both "domains"
07:29 <@dazo> and IPA provides support for centralized ssh public keys, sudo setups, automount, etc
07:29 <@dazo> (IPA == AD for Linux)
07:29 < msn> those could be done in samba4 too, I alrady modified the samba 4 ldap schema :)
07:29 < msn> so add sudo and ssh keys
07:30 < msn> but i will study it more
07:30 < msn> since my base system is not AD per say its slightly easier to modify the schema
07:30 <@dazo> fair enough ... just that IPA have done all the work for you ... and its really simple to get started ... in less than 2 days, I had about 25 Linux boxes added to a IPA setup, with 3 IPA servers doing master-master replication
07:32 <@dazo> IPA also takes advantage of sssd on the client side, so if the IPA server(s) is unavailable, if you have logged into that box at some earlier point - you can still get access
07:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e14a:e35d:143c:7e9] has quit [Remote host closed the connection]
07:35 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:37 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
07:38 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
07:39 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
07:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 240 seconds]
07:40 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 252 seconds]
07:44 -!- sppadic [~sppadic@90.216.134.198] has joined #openvpn
08:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
08:10 < Caplain> dazo, the gig page says to adjust the mtu and i was wondering if im pushing data over my modem would the mtu tweak still be relevant or should i set it to 1472+28?
08:15 < Caplain> i set my mtu to 48000 and it went from 4mbit to 10mbit using fragment 0 mssfix 0 aes256 udp tun
08:15 < Caplain> ...still not 100mbit
08:19 -!- vikaton [uid59278@gateway/web/irccloud.com/x-ygehygjdykukhtye] has joined #openvpn
08:21 < Caplain> i'll settle for 20mbit, too
08:35 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Max SendQ exceeded]
08:38 -!- sppadic [~sppadic@90.216.134.198] has quit [Remote host closed the connection]
08:40 -!- sppadic [~sppadic@90.216.134.198] has joined #openvpn
08:44 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has joined #openvpn
08:44 < schone> hello
08:45 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:45 <@dazo> Caplain: there are two MTUs ... so it depends on which MTU you mean ... link-mtu (the MTU on the link between openvpn instances) and tun-mtu (the MTU inside the tunnel)
08:46 < schone> im trying to setup openvpn server on an ERL (edgerouter lite) and when my client connects nothing seems to go through… the weird thing i see is that ifconfig utun device on his mac shows the same IP from —> to …. instead of client —> server…. i’m using “server 10.255.0.0 255.255.255.0” and the ifconfig shows 10.255.0.2 —> 10.255.0.2
08:46 < schone> why is that?
08:46 <@dazo> Caplain: also bear in mind that too big MTU may not be optimal in all cases either
08:46 <@dazo> it all depends on the traffic
08:46 <@dazo> !serverlan
08:46 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
08:46 <@dazo> schone: ^^
08:47 < schone> dazo: so basically follow that flow chart and report back my results?
08:48 <@dazo> schone: that's a good starting point :)
08:48 < schone> ok brb
08:49 -!- Malsasa [~Malsasa@36.81.97.107] has quit [Killed (cameron.freenode.net (Nickname regained by services))]
08:49 < schone> dazo: the vpn IP of server vs the lan IP of the server? can you explain the difference to me
08:50 < schone> the VPN IP is i assume the first IP openvpn daemon assumes from the “subnet X.X.X.X/24” given
08:50 < schone> ?
08:50 < Caplain> dazo, i been changing the mtu on server and client and running iperf. very interesting/annoying results so far. 60000 tun mtu gets me 12mbit but only one way whereas i get 10mbit both ways with 48000
08:50 <@dazo> When you have “server 10.255.0.0 255.255.255.0” ... the VPN IP address is 10.255.0.1 .... while you also have at least one Ethernet interface configured too, that's the server IP in this context
08:50 < Caplain> this isn't fun anymore lol
08:51 < schone> dazo: ok so my problem begins there i believe, at the top of the chart, i will confirm via an outside computer in 3 minutes but that seems to be the first problem
08:51 < schone> which coincides with the oddity of what ifconfig shows me on the client
08:51 < schone> utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
08:51 < schone> 	inet 10.255.0.2 --> 10.255.0.2 netmask 0xffffff00
08:52 < Caplain> schone, erl openvpn is super tricky. my current server is an erl so i may be able to help :)
08:52 < schone> Caplain: i’d appreciate any help you can give!
08:52 < Caplain> dude, preaching to the chior
08:52 < Caplain> utun0? i have vtun0
08:52 <@dazo> schone: you're running in TUN mode ... so unless you're also using --topology subnet, it looks very different (allocates a /30 net for each client)
08:53 < Caplain> ahhhh!!! lol well then nevermind. totally out of my league atm
08:53 < schone> utun0 is on the client macbook air
08:53 <@dazo> utun/vtun ... can be tun/tap related
08:53 < schone> vtun0 is on the ERL
08:53 <@dazo> okay
08:53 <@dazo> makes sense
08:54 < schone> dazo: i am using —topology subnet
08:54 < Caplain> when i get my setup working i'm gonna switch to subnet topology
08:54 < Caplain> then i'll be asking _you_ for help :P
08:54 < Caplain> dazo, erl does vtun0 for tun AND tap btw
08:55 < schone> dazo: do you want to see the result of ps aux so you can see what switches my openvpn daemon is running with?
08:55 <@dazo> schone: ahh, perfect ... I don't fully recognize the ERL ifconfig output ... but looks sane
08:55 <@dazo> nah
08:55 < schone> dazo: that ifconfig was on the client macbook air
08:55 < schone> it wasn’t ERL
08:55 <@dazo> if you cannot ping your server eth interface ... you have three things which can be wrong
08:55 < schone> ERL looks sane… the MBA doens’t look sane as it shows the same IP on both sides of the tunnel
08:55 < Caplain> schone, out of curiosity how many 'openvpn-option' lines did you use?
08:55 -!- r8b7xy [~weechat@104.238.169.134] has quit [Ping timeout: 258 seconds]
08:56 <@dazo> 1) sysctl net.ipv4.ip_forward is not set to 1 ... 2) routing is lacking on the VPN client .... 3) firewall is not letting traffic through
08:56 < Caplain> schone, pinging? does it ping?
08:56 < schone> Caplain: only one… the user nobody group nobody
08:56 < Caplain> really???
08:57 <@dazo> the options on the command line doesn't matter that much ... we prefer to see the log files with --verb 4 instead ... as options in a config file can be given on the command line ... or vise-versa
08:57 <@dazo> !--
08:57 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
08:57 < schone> yes, but i have the push-route option as part of the ERL syntactic sugar magic
08:57 < Caplain> i don't have that set at all schone
08:57 < Caplain> dazo, erl does FUN stuff with its configure interface as far as configuring a tunnel
08:57 < schone> dazo: would verb 4 show packets trying to come in and then get blocked by the firewall?
08:58 <@dazo> schone: nope, that's --verb 5
08:58 < schone> ok
08:58 <@dazo> I'd recommend tcpdump instead, to locate where the packets go
08:58 < schone> ok
08:58 <@dazo> (or wireshark)
08:58 < schone> dazo can i show u the routing gist and tell me if it looks right to you?
08:59 < Caplain> schone, set server push-route interfaces openvpn vtun0 server push-route
08:59 < schone> on the client that is
08:59 < Caplain> schone, set interfaces openvpn vtun0 server push-route
08:59 < Caplain> i mean
08:59 < Caplain> lol
08:59 < schone> i have
08:59  * dazo have no idea about the ERL config stuff ... so he backs off
08:59 < Caplain> schone, you should put all relevant data into a pastebin and post the link, that would be easier methinks
09:00 < schone> set interfaces openvpn vtun0 server push-route 172.20.0.0/24 (<- my local lan)
09:00 < Caplain> dazo, you and i have enough brainstuffs to tackle this :)
09:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:00 < Caplain> schone, yep yep. i was referring more to:  openvpn-option "push dhcp-option WINS 10.37.225.1"
09:00 <@dazo> I have no experience with ERL ... so I have no idea what it does ... in this channel we prefer pure openvpn config files
09:00 < Caplain> for instance
09:00 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Quit: Quit]
09:01 < schone> dazo: erl “translates” its own config ‘language’ to utilizing openvpn command line switches
09:01 < Caplain> dazo, erl is GREAT when it works. i'm surprised there isn't much support for it here...or anywhere for that matter
09:01 < schone> no config file used
09:01 < Caplain> translates is a super nice way to put it
09:01 < schone> Caplain: one sec ill make a big gist file
09:01 < Caplain> idk if that needs to be --push ... too
09:01 < Caplain> okey dokey
09:01 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
09:02 < Caplain> gonna run to the store brb 5 mins
09:03 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Remote host closed the connection]
09:03 < Caplain> dazo, do you know if the daemon would throw an error if i did "push" instead of "--push" or would it just say nothing? i'm gonna crank up the debug when i get back and get more info. oh snap! i should make an ERL wiki page!!! :D
09:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
09:05 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
09:05 <@dazo> Caplain: it should not be able to understand 'push' on the command line ... it would have to be '--push' ... normally it would not start in that case, as it's an invalid argument ... unless you have a file which is named 'push' and it's parsable by openvpn
09:06 < schone> dazo and Caplain: https://gist.github.com/danielschonfeld/1e66a7012851728823c3
09:06 <@vpnHelper> Title: gist:1e66a7012851728823c3 (at gist.github.com)
09:06  * dazo see a config format he is not going to try to learn
09:07 < schone> forget the format, look at the swtiches used on the command line, since thats what it all boils down to
09:08 <@dazo> nope
09:08 <@dazo> !configs
09:08 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
09:20 < Caplain> schone, http://pastebin.com/6n0DmfJQ if that helps at all
09:20 < Caplain> dazo, the formnat is super easy. all options are nested in catagories, it reminds me of json a little but much simpler
09:21 < Caplain> schone, the clients entry is the ccd :D
09:21 < schone> Caplain: thank you!
09:21 < schone> ill try to compare notes
09:21 < Caplain> im glad i can help. i pulled out hair ffs. i need a return on my balding investment!
09:22 < Caplain> that ip has 255 in it. that butters my bread
09:24 < Caplain> schone, my issue is, though, i don't understand your issue lol
09:24 < schone> lol ok i get it :)
09:24 < schone> ill try to hammer at it, it’ll be alright in the end
09:26 < Caplain> as dazo pointed out, the push lines shouldn't work. idk. i haven't been able to tell, yet. it's ridiculous the lack of documentation for the erl. whats worse is when you get caught on a vyatta conf doc and then get really frustrated
09:26 < Caplain> but if i figure anything out ill let you know
09:26 < Caplain> :)
09:35 -!- schone_ [~schone@207-237-84-130.c3-0.nyw-ubr1.nyr-nyw.ny.cable.rcn.com] has joined #openvpn
09:36 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has quit [Ping timeout: 256 seconds]
09:39 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has joined #openvpn
09:40 -!- schone_ [~schone@207-237-84-130.c3-0.nyw-ubr1.nyr-nyw.ny.cable.rcn.com] has quit [Ping timeout: 255 seconds]
09:40 < schone> so evidently the problem was that my server isnt doing comp-lzo and my client had that in their config
09:40 < schone> yikes
09:43 -!- Caplain [~shayne@c-68-34-28-235.hsd1.mi.comcast.net] has quit [Read error: No route to host]
10:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
10:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
10:25 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
10:31 -!- AMERICAN_PSYCHO [~AMERICAN_@108.sub-70-195-198.myvzw.com] has quit [Ping timeout: 255 seconds]
10:51 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
10:54 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
10:59 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
11:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
11:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
11:14 -!- FlyingPersian [~Flying@p20030056CB471CC0417322FC5F7D676A.dip0.t-ipconnect.de] has joined #openvpn
11:18 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
11:26 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
11:26 < FlyingPersian> hi. I need some help creating an additional set of client keys. I have a backup folder of the original keys (server + c lients) and I copied it into the easy-rsa folder, then ran . vars and ./build-key client. when I use the ta.key, ca.crt and new keys my client isn't connecting
11:27 < azizLIGHT> i had a problem with my router and i rebooted it, but it gave my openvpn box a new ip, and i adjusted port forwards to the new ip. but now my clients cant connect? nothing has changed in the config or clients configs
11:27 < azizLIGHT> excuse me, im able to connect, but no browsing is possible
11:27 < azizLIGHT> not even to the local openvpn box hosting a httpd
11:28 <@ecrist> is the ip forwarding sysctl enabled?
11:28 <@ecrist> !linipfoward
11:28 <@ecrist> !ipforward
11:28 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
11:28 <@ecrist> !linipforward
11:28 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
11:29 -!- FlyingPersian [~Flying@p20030056CB471CC0417322FC5F7D676A.dip0.t-ipconnect.de] has left #openvpn ["Verlassend"]
11:30 < azizLIGHT> ecrist: i have 1 in my /proc/sys/net/ipv4/ip_forward from before when it was working
11:30 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:37 -!- msn [~msn@117.55.242.50] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
11:38 -!- codebam [codebam@gateway/shell/yourbnc/x-agyoyzgyjtluvytq] has quit [Ping timeout: 256 seconds]
11:39 -!- codebam [codebam@gateway/shell/yourbnc/x-emtszydenyhxfxqz] has joined #openvpn
11:40 < azizLIGHT> heres my log: http://rpi.pwnz.org/public/paste/1433176795_stdout.txt
11:41 < azizLIGHT> as far as i know everything was working fine mid may
11:47 -!- Cultist [~CultOfThe@cpe-76-177-240-182.natcky.res.rr.com] has joined #openvpn
11:49 < azizLIGHT> my openvpn.conf: http://rpi.pwnz.org/public/paste/1433177320_stdout.txt
11:51 -!- Cultist [~CultOfThe@cpe-76-177-240-182.natcky.res.rr.com] has quit [Client Quit]
11:51 -!- RBecker [~RBecker@openvpn/user/RBecker] has quit [Quit: Quit]
11:52 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
11:52 < azizLIGHT> i portscanned myself and port 1194 isnt responding
11:53 < azizLIGHT> ive forwarded it... so i dont understand
11:55 < azizLIGHT> i did "sudo netstat -tulpn | grep 1194" and i see: udp        0      0 0.0.0.0:1194            0.0.0.0:*                           2135/openvpn
11:56 < azizLIGHT> is this correct
11:59 -!- Blanc|AFK is now known as Blanc
11:59 < Thermi> azizLIGHT: traffic from yourself to your public IP is likely handled differently than traffic from the outside.
12:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
12:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
12:06 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:06 -!- mode/#openvpn [+o mattock_] by ChanServ
12:15 -!- Protected [~Join@atuin.discworld.eu] has quit [Ping timeout: 245 seconds]
12:34 -!- krav [~kravlin@unaffiliated/kravlin] has left #openvpn ["WeeChat 1.1.1"]
12:36 -!- lv_ [~ubuntu@ec2-52-17-180-161.eu-west-1.compute.amazonaws.com] has quit [Quit: leaving]
12:38 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Remote host closed the connection]
12:39 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:39 -!- mode/#openvpn [+o mattock_] by ChanServ
12:43 -!- r8b7xy [~weechat@104.238.169.118] has joined #openvpn
12:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:48 -!- mode/#openvpn [+o mattock1] by ChanServ
12:50 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Quit: IRC for Sailfish 0.9]
12:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
12:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:56 -!- mode/#openvpn [+o mattock1] by ChanServ
12:59 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Quit: leaving]
13:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
13:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 252 seconds]
13:11 -!- dtrainor [~dtrainor@72.164.225.218] has joined #openvpn
13:15 -!- Blanc is now known as Blanc|AFK
13:35 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has joined #openvpn
13:35 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has left #openvpn []
13:35 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has quit [Read error: Connection reset by peer]
13:35 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has joined #openvpn
13:35 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has quit [Remote host closed the connection]
13:36 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has joined #openvpn
13:43 -!- Blanc|AFK is now known as Blanc
13:45 -!- r8b7xy [~weechat@104.238.169.118] has quit [Ping timeout: 272 seconds]
13:59 -!- r8b7xy [~weechat@104.238.169.87] has joined #openvpn
14:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
14:14 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 265 seconds]
14:16 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
14:33 -!- dazo is now known as dazo_afk
14:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
14:48 -!- Blanc is now known as Blanc|AFK
14:55 -!- c|oneman [~cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 248 seconds]
14:55 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 276 seconds]
15:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
15:00 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
15:01 -!- c|oneman [cloneman@1337.montrealdark.com] has joined #openvpn
15:02 -!- Blanc|AFK is now known as Blanc
15:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
15:14 -!- c|oneman [cloneman@1337.montrealdark.com] has quit [Quit: The Hero of EFnet must rest now.]
15:15 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
15:25 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
15:38 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 246 seconds]
15:38 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 246 seconds]
15:38 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
15:38 -!- K1rk [~Kirk@5.135.221.149] has quit [Ping timeout: 246 seconds]
15:39 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
15:40 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
15:41 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:41 -!- K1rk [~Kirk@equinox.epecweb.com] has joined #openvpn
15:42 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
15:48 -!- endzYme [~endzYme@ec2-52-10-45-178.us-west-2.compute.amazonaws.com] has left #openvpn []
16:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
16:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
16:10 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 255 seconds]
16:10 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
16:16 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has quit [Ping timeout: 265 seconds]
16:16 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
16:18 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
16:18 -!- Exagone313 [~exa@elou.world] has quit [Ping timeout: 276 seconds]
16:18 -!- Techman [sid11863@gateway/web/irccloud.com/x-ozvutuysjkyvpnhk] has quit [Ping timeout: 276 seconds]
16:19 -!- Techman [sid11863@gateway/web/irccloud.com/x-fsfmmjabcmvcxugx] has joined #openvpn
16:20 -!- Muad`Dib [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 276 seconds]
16:21 -!- Exagone313 [exa@elou.world] has joined #openvpn
16:29 -!- Blanc is now known as Blanc|AFK
16:31 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
16:37 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:38 < dtrainor> Hi.  Anyone have much experience with the RADIUS plugin?  Been reading about it for a bit here but it looks quite old.  I'm wondering how many people are actually using it, how well supported it might be etc.
16:41 -!- mode/#openvpn [+v-o pekster pekster] by pekster
16:41 <+pekster> Back when I did RADIUS, I found it more convenient to use freeradious and a ~20 line shell script. YMMV.
16:41 <+pekster> There's !scripts if you want auth hooks and just need a way to glue something together
16:41 <+pekster> freeradius*
16:42 < dtrainor> That's the conclusion that I'm coming to.  That's fine, too.
16:46 <+esde> pfsense does this https://doc.pfsense.org/index.php/Using_OpenVPN_With_FreeRADIUS
16:46 <@vpnHelper> Title: Using OpenVPN With FreeRADIUS - PFSenseDocs (at doc.pfsense.org)
17:00 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
17:05 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 256 seconds]
17:05 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 264 seconds]
17:07 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
17:08 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:08 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
17:11 -!- wlarip [~wlarip@209.26.240.148] has quit [Ping timeout: 256 seconds]
17:13 -!- wlarip_ is now known as wlarip
17:14 < dtrainor> it does, you're right
17:14 < dtrainor> but i don't want to use pfsense
17:23 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Ping timeout: 256 seconds]
17:23 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 246 seconds]
17:24 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
17:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
17:34 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
17:35 <+esde> i was providing the information to the community at large :)
17:45 -!- vikaton [uid59278@gateway/web/irccloud.com/x-ygehygjdykukhtye] has left #openvpn []
17:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d978:29b2:5aa0:697f] has joined #openvpn
17:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d978:29b2:5aa0:697f] has quit [Remote host closed the connection]
18:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
18:06 -!- DarkByD3sign [~Dark@2.123.141.96] has joined #openvpn
18:14 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 246 seconds]
18:16 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
18:18 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has joined #openvpn
18:18 < schone> hello
18:19 < schone> i have an odd problem… connecting to my openvpn server that is running on my edgerouter lite works fine from remote.  but when trying to connect to it from the local network it fails.  I thought initially it was a firewall rule but it appears the logs show a failed TLS handshake after 60 seconds.  I have added the --tls-auth /config/auth/ta.key 0 directive and did the the same in my client.ovpn with a key direciton of 1 and
18:19 < schone> nothing…
18:19 < schone> still same problem
18:21 <+pekster> That's unlikely to work unless you use the internal IP of the router to connect, or policy route
18:22 <+pekster> UDP is stateless, so the kernel looks up the "closest" IP, from the router's perspective, to send the reply. That's not going to be the external interface for a local client, breaking end-to-end connectivity
18:23 <+pekster> Your 3 options (the 4th being to leave it broken) are: 1) use the LAN IP of the server, 2) policy route to force a specific source address selection, 3) super-duper-ugly hairpin-NAT
18:26 < schone> pekster: im taking it all in and googling it cuz i dont quite understand it
18:26 < schone> pekster: but thank u
18:28 < Raku_> I did some hardware changed that cause my active interface to change (wlan0  to wlan1) and now my vpn doesn't work past being able to connect, am i missing a config somewhere that i need to change?
18:29 <+pekster> If it's connected (and you're using --keepalive and it's not disconnecting) then it is working.
18:30 < Raku_> I can connect, nothing loads, can't ping anything, cant see any local resources, can't ssh to the server
18:30 < Raku_> I wouldn't exactly call that "working"
18:30 <+pekster> It would help if you explained what you're trying to do, per our /TOPIC
18:30 <+pekster> !welcome
18:30 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
18:30 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:30 <+pekster> !goal
18:30 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
18:31 <+pekster> You might also read !configs, !logs, and !paste if you haven't seen them before
18:31 < Raku_> I would like it to work again lol, it used to work fine, i could connect and browse the internet and access local resources the server had access to and ssh into it, but since i changed active interfaces it no longer works
18:32 < Raku_> I'll try getting some configs momentarily
18:32 <+pekster> Sounds like you need to read !redirect
18:32 <+pekster> !redirect
18:32 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
18:32 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
18:33 <+pekster> Also note that if you expect to reach server-side resources, you need to either have the VPN gateway also be the LANs default gateway, or add a return-route to the LAN's gateway to route the VPN segment via the local VPN gateway
18:33 < Raku_> Yes, i'm aware, i had all this working fine
18:33 <+pekster> No clue what "active interface" means -- an interface is an interface
18:34 < schone> pekster: ok so you’re absolutely right replacing it to LAN IP works just fine
18:34 < Raku_> I changed nothing in any configs, the only change made between it working and then not working is a wireless adapter
18:34 <+pekster> If you changed routing, start by reviewing your routing tables for clues, perhaps. Firewalls are quite commonly an issue too, especially if you changed network topology
18:34 < Raku_> by interface i mean like eth0 and wlan0
18:34 < schone> pekster: if you have time, can you please explain to me what does adding a tls-auth directive do exactly? i’m not sure i understand it
18:34 <+pekster> schone: This:
18:34 <+pekster> !tlsauth
18:35 <+pekster> !tls-auth
18:35 < Raku_> My active interface(the one that is active and used for internet connection on the machine) is wlan1, it was previously wlan0 before i changed some hardware
18:35 <@vpnHelper> "tls-auth" is "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS., or (#2) openvpn --genkey --secret ta.key to
18:35 <@vpnHelper> make the tls static key , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs
18:35 <+pekster> Raku_: House money says you forgot to fix your firewall for any permit rules or NAT. But surely you're busy checking the firewall and routing after I suggested it the first time
18:36 < schone> pekster: thank u
18:36 < Raku_> I have the routing set right, what do you suggest checking in the firewall?
18:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:37 <+pekster> The rules.
18:37 <+pekster> Try `iptables-save -c` and ask #Netfilter if you need help
18:37 <+pekster> I even suggested you may have forgotten to update the interface on your permits or NAT targets (now for a 3rd time)
18:38 < schone> !ns-cert-type
18:38 <+pekster> And as a helpful clue, the !redirect info I gave you above even has !links to resources telling you how to do NAT on various platforms. You might consider using the references to learn more
18:39 <+pekster> schone: Nah, "Netscape" shit is deprecated; don't use it unless you're stuck maintaining systems from the 1990's and your boss likes living in yester-century
18:39 <+pekster> !mitm
18:39 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
18:40 <+pekster> I know Netscape Navigator was once the bee's knees, but.. :P
18:40 -!- krav [~kravlin@unaffiliated/kravlin] has joined #openvpn
18:40 < schone> is that what ns-cert-type server mean?
18:40 < schone> its an netscape thing?
18:40 <+pekster> Yup
18:40 < Eugene> ns-cert-type should just not be used anymore
18:41 <+pekster> Netscape extensions, since deprecated by RFC5280
18:41 <+pekster> Actually, deprecated even before that by RFC3280
18:41 < schone> ok
18:41 < schone> what does ‘nobind’ do
18:41 < schone> ?
18:42 -!- joren [~quassel@personaltelco-2-pt.tunnel.tserv14.sea1.ipv6.he.net] has joined #openvpn
18:42 <+pekster> That'll source from a dynamic (ephemeral) port on the client; it's generally a good idea to use on all clients
18:42 <+pekster> (same thing a web browser does, basically)
18:42 < Raku_> I've not finished completely looking, but so far it all looks correct
18:43 < schone> pekster: got ya
18:43 < schone> as opposed to using 1194 or 443
18:43 < schone> ?
18:43 <+pekster> Raku_: Then presumably you've gotten to a box on the !redirect flowchart where it explains your problem. You should take corrective action accordingly
18:44 <+pekster> schone: Yes, exactly. The destination will stay the same, but remember that UDP (and TCP) has a source port, and they don't usually match for client/server applications
18:44 < schone> got ya
18:44 < schone> thanks very much for the help pekster - appreciate it!
18:45 < schone> pekster: what you tried explaining to me earlier… is it the same problem as described in hairpin? meaning the response came back from the local IP of the openVPN server and my client was expect the source address to be that of my external interface and since it wasn’t it dropped those packets?
18:46 < schone> leading ultimately to TLS handshake timeout to elapse and for that error to be reported
18:47 < joren> Hey, I'm trying to add a route to send traffic trying to get to my vpn server's address through that vpn but it seems to be trying to send the vpn traffic over that too causing things to break. anyone know how I could get around that?
18:49 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
18:50 <+pekster> schone: You've got it
18:51 < Raku_> pekster: nope, not that i can tell
18:51 <+pekster> You could probaby set a policy routing rule such that anything leaving your LAN interface with a UDP source-port of 1194 should use the public IP as the source address, but that'll need extra magic to keep working if you're on a dynamic connection (where you need to fix that each DHCP renewal if the address changes)
18:51 <+pekster> Or just use the LAN IP of the server locally
18:52 <+pekster> Raku_: Then it works. That's the last box on the flowchart
18:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:85d4:bf11:c79e:c32d] has joined #openvpn
18:53 < Raku_> It doesn't work though
18:53 < schone> pekster: i think opt #2 in my case ;)
18:53 <+pekster> Then you didn't follow the flowchart properly :P
18:53 < Raku_> If it did work i wouldn't be here
18:53 < joren> Sounds like a pain. :) thanks though, I realized I had another public ip so I just opened openvpn up through that
18:54 <+pekster> Raku_: Follow EVERY step on this flowchart (same one you were linked earlier.) Every single box. Let me know where it stops working for you
18:54 <+pekster> !redirect
18:54 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
18:54 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
18:55 < Raku_> lets see, is redirect gateway enabled? Yes. Can you ping 8.8.8.8? No. Is ip forwarding enabled? Yes. Is nat enabled on the vpn subnet? Yes. Are the client and the server on the same lan? No.
18:55 < Raku_> Thats where i end up
18:55 < Raku_> I'm like 70% sure i don't have a firewall issue though
18:56 < schone> i have another question
18:56 < schone> probbaly been asked a million times before
18:56 <+pekster> Then you know you have a firewall issue
18:56 < schone> imessage doesn’t seem to work when on this openvpn conx from remote… but all other external traffic does.  is there some rule i need to enable in my firewall or openvpn to make that work
18:56 < schone> ?
18:57 <+pekster> Nope, the payload of the packet is 100% opaque to OpenVPN
18:57 <+pekster> Start tcpdumping on the egress of your server for clues, perhaps
18:57 < Raku_> How would i pinpoint the firewall issue, everything looks correct from what i've looked at
18:58 <+pekster> Dude, look at your rules
18:58  * pekster has now told you for the 4th time. If you're unable to configure your fireawll, OpenVPN is probably not the right tool for you
18:59 <+pekster> 2015-06-01 18:35<+pekster> Raku_: House money says you forgot to fix your firewall for any permit rules or NAT. Bu
18:59 <+pekster> t surely you're busy checking the firewall and routing after I suggested it the first time
18:59 <+pekster> 2015-06-01 18:37<+pekster> Try `iptables-save -c` and ask #Netfilter if you need help
18:59 <+pekster> Try that, perhaps?
18:59 < Raku_> I have
18:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:85d4:bf11:c79e:c32d] has quit [Remote host closed the connection]
18:59 <+pekster> Maybe using the copy-and-paste ready command to review them? Or post them somewhere rather than whining that "it doesn't work." My expert opinion about that is that something is preventing it from working.
19:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
19:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
19:04 < Raku_> http://paste.debian.net/193780/
19:04 < Raku_> Theres the result of iptables-save -c
19:04 <+pekster> Nothing has hit the rule on line 14
19:04 <+pekster> Perhaps you don't have IP forwarding enabled, or wlan1 is not the egress interface for that traffic
19:05 <+pekster> Alternatively, perhaps that's not the right network for your VPN, or no clients are attempting to send any data through that router
19:05 < Raku_> That's what i'm assuming
19:05 <+pekster> Then tcpdump the tun interface on the clients
19:06 < Raku_> All the vpn traffic is still going through wlan0 is my guess, i don't know where to change that though
19:06 <+pekster> Then why would you try and NAT on wlan1 ?!
19:06 < Raku_> Because i dont use wlan0
19:07 < Raku_> That's an inactive wireless card i haven't gotten around to removing
19:07 <+pekster> Output of `ip a s` and `ip r s t all` and your !configs would be helpful
19:07 < Raku_> I have the config link somewhere
19:07 < Raku_> Just a sec
19:08 < Raku_> http://paste.debian.net/193791/
19:08 <+pekster> Ugh, try a decomment tool next time
19:10 <+pekster> That would be 25% of what I asked for. No client config, no addressing on the server, and no routing
19:11 <+pekster> BBL, maybe. Got other stuff to get to yet tonight; maybe someone else can jump in (and be prepared to show !logs too)
19:11 < Raku_> I have the other stuff, i just didn't want to bombard you
19:12 < Raku_> result of ip a s
19:13 < Raku_> http://paste.debian.net/193792/
19:13 < Raku_> result of ip r s t all
19:13 < Raku_> http://paste.debian.net/193793/
19:14 < Raku_> I'll get the client config in a sec
19:15 -!- Malsasa [~Malsasa@36.73.244.119] has joined #openvpn
19:15 < Raku_> http://paste.debian.net/193794/
19:15 < Raku_> There, thats client config
19:26 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
19:28 -!- dtrainor [~dtrainor@72.164.225.218] has quit [Ping timeout: 252 seconds]
20:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
20:18 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has quit [Quit: schone]
20:35 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-mnzbvufvtzbgolud] has quit [Ping timeout: 272 seconds]
20:35 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 272 seconds]
20:36 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-cxbpmuppfvzqtwsm] has quit [Read error: Connection reset by peer]
20:42 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-tktohspvavziibhv] has joined #openvpn
20:42 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-cbnmbnttskyiijxx] has joined #openvpn
20:48 -!- XJR-9 [XJR-9@pdpc/supporter/active/xjr-9] has joined #openvpn
20:49 -!- miigotu [~miigotu@ip68-104-115-124.lv.lv.cox.net] has joined #openvpn
20:51 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
20:55 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
20:56 -!- miigotu [~miigotu@ip68-104-115-124.lv.lv.cox.net] has quit [Quit: Leaving]
21:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
21:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 250 seconds]
21:16 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 244 seconds]
21:21 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 240 seconds]
21:21 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 240 seconds]
21:21 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
21:24 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
21:30 -!- DarkByD3sign [~Dark@2.123.141.96] has quit [Read error: Connection reset by peer]
21:41 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 264 seconds]
21:42 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
21:57 -!- Malsasa [~Malsasa@36.73.244.119] has quit [Read error: Connection reset by peer]
22:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
22:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:435:5b90:2d9f:71c6] has joined #openvpn
22:31 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:32 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:435:5b90:2d9f:71c6] has quit [Ping timeout: 265 seconds]
22:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4cf1:30b3:15a4:a966] has joined #openvpn
22:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4cf1:30b3:15a4:a966] has quit [Remote host closed the connection]
22:52 < joren> Raku_: cat /proc/sys/net/ipv4/ip_forward
22:52 < joren> ?
22:52 < Raku_> Set to 1
22:52 < Raku_> Ive checked
22:53 < joren> I figured you probably had
22:56 < Raku_> I really think its just something somewhere thats set to have all the vpn traffic going through the old(wrong) interface, i just don't know where that would be
22:58 < joren> I mean, that all should be done via kernel, routes, iptables and things look right there from an imediate glance.
22:59 < Raku_> I really don't know then
22:59 < Raku_> That's the only thing that i personally have thought the issue is
23:00 < Raku_> I know it has to have something to do with switching from wlan0 to wlan1 because that's when it stopped working, that's the only thing that changed
23:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
23:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
23:07 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
23:09 < joren> Raku_: and you can for sure get to that 10. address of the server? what does "ip r" on the client show? the client is on a different network, correct?
23:11 < joren> Just trying to think of problems I've ran into, I guess I'm not really sure what's going on.
23:15 < Raku_> The what now?
23:15 < Raku_> the 10.9.8.1?
23:16 < joren> yeah
23:17 < Raku_> I haven't actually ever tried that
23:17 < Raku_> When i tested it it didn't matter if it was on a different network or not, the results were the same
23:18 < Raku_> I actually dont have a client right now to test with
23:18 < Raku_> I'll see if maybe i can get one, a little difficult to test though since when the vpn connect the connection pretty much drops
23:18 < joren> that was the first step in that flow chart that guy suggested earlier. ;) unless yours is setup like mine in which the server gives itself an ip dedicated to each client.
23:19 < Raku_> so like when i connect and the server assigns me 10.9.8.1
23:19 -!- ShadniX [dagger@p5481CEFE.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:19 < Raku_> I try to ping that?
23:19 < joren> having the client and server both on the same net has always broken things for me in the past. I like to teather to a phone when I'm testing
23:19 < Raku_> Just clarifying
23:19 < Raku_> That's what the client usually is
23:20 < Raku_> Is me on my phone
23:20 -!- ShadniX [dagger@p5481D77A.dip0.t-ipconnect.de] has joined #openvpn
23:20 < joren> yeah, unless "ip r" on the client shows an address that's one digit lower than the client's ip, if that makes sense
23:20 < Raku_> My phone is kind of bricked right now though, not really in a state to be useful for testing
23:21 < Raku_> I'm going to get a friend to help out
23:22 < joren> like, 10.9.8.19 if the client's ip is .20, I think it's some sort of isolation thing that's setup on my setup but I don't remember what turns that on
23:23 < Raku_> Well i dont see how it could be assigned something lower than 1 so i dont think that'll be an issue lol
23:27 < joren> well, I mean it might be that .19(or whatever it is for) address instead of .1
23:28 < Raku_> oh the 192
23:30 < joren> sorry, I might just be confusing things, just a sec
23:31 -!- msn [~msn@117.55.242.50] has joined #openvpn
23:32 < joren> so, I'd try pinging 10.9.8.1, and, whatever 10.9.8 ip address your client gets, ping the address right below that.
23:32 < Raku_> Alright
23:33 < Raku_> It usually just assigns 10.9.8.1, i've never seen it assign anything higher than that
23:33 < Eugene> !/30
23:34 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
23:37 < joren> your client getting an address of 10.9.8.1 sounds like a problem to me, since that's the ip of your server. That /30 link is a good explination of what I was trying to say :P
23:38 < joren> !topology
23:38 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
23:38 < joren> just curious what that says.
23:38 < Raku_> Idk dude, that's just how its been
23:38 < Raku_> I can
23:39 < Raku_> can't remember exactly
23:39 < Raku_> I haven't used my vpn in a while cause it's been broken ll
23:39 < Raku_> lol*
23:39 < Raku_> I'll let you know what i get when i get my buddy to connect for me
23:42 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
23:44 < joren> you could remove redirect-gateway from the client and server confs for testing purposes, so you don't break internet when you connect
23:45 < Raku_> Would i get the  same results with pinging and stuff as if i did have that there?
23:46 < joren> yeah, for pinging the 10.9.8 server address at least
23:47 < Raku_> Alright
23:47 < Raku_> What about the ip 3
23:47 < Raku_> ip r*
23:49 < joren> the ip r was just to reveal the server's address
23:49 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 256 seconds]
23:49 < joren> which I belive it should still work
23:51 < Raku_> Ah ok
23:53 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
23:59 < Raku_> They're having to do it on a windows box
--- Day changed Tue Jun 02 2015
00:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
00:01 < Raku_> Should i remove def1 bypass-dhcp too?
00:01 < joren> I'm not sure what those do to be honest.
00:02 < Raku_> I'll just leave it on and hope for the best lol
00:02 -!- s7eele [~AndChat52@208.167.254.201] has quit [Quit: Bye]
00:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
00:06 < joren> I don't think you have to worry about that /30 behaviour since you have topology subnet set. (I think your clients should  be able to ping 10.9.8.1)
00:09 < joren> ah, you do want to remove def1 and bypass-dhcp. those are options for redirect-gateway
00:19 < Raku_> Will do
00:29 < azizLIGHT> how do i disable ipv6?
00:46 < Raku_> joren: its getting a little late here, i'm going to head off for the ngiht
00:47 < Raku_> Thanks for the help :)
00:47 -!- yogg [5990edda@gateway/web/freenode/ip.89.144.237.218] has joined #openvpn
00:49 < yogg> Hi
00:50 < yogg> I have the following in my openvpn client config: verify-x509-name "C=AT, ST=Wien, L=Wien, O=MyCompany, OU=CA, CN=ovpn-srv01/emailAddress=ca@mycompany.com"
00:50 < yogg> This works fine on Linux clients, but on Windows the verify fails
00:52 < joren> no problem, hope it was actually helpfull :P
00:53 < yogg> Is there something special I have to set for Windows? And how can I get the config compatible for bith systems?
00:54 < yogg> Or is there the posibility that the client checks the server cert against the ca certificate? I deploy *.p12 files witch include user_cert, user_key and ca_cert
00:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:02 -!- yogg [5990edda@gateway/web/freenode/ip.89.144.237.218] has quit [Ping timeout: 246 seconds]
01:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
01:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:34 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Quit: ZNC - http://znc.in]
01:35 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
01:37 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Client Quit]
01:37 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
01:43 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:14f2:7cb:99a1:d183] has joined #openvpn
01:43 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
01:43 -!- mode/#openvpn [+v RBecker] by ChanServ
01:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:14f2:7cb:99a1:d183] has quit [Ping timeout: 256 seconds]
01:52 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 258 seconds]
02:00 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
02:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
02:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
02:17 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 258 seconds]
02:19 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
02:28 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
02:37 -!- krav [~kravlin@unaffiliated/kravlin] has left #openvpn ["Leaving"]
02:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:42 -!- mode/#openvpn [+o mattock1] by ChanServ
02:54 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
03:00 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:00 -!- wlarip [~wlarip@209.26.240.148] has joined #openvpn
03:01 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 244 seconds]
03:09 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
03:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:33 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 265 seconds]
03:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 255 seconds]
04:11 -!- javnut [~precise@CPEd43d7e92a144-CM0017ee42e040.cpe.net.cable.rogers.com] has joined #openvpn
04:13 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:21 -!- dazo_afk is now known as dazo
04:22 -!- yogg [3e63e7e3@gateway/web/freenode/ip.62.99.231.227] has joined #openvpn
04:23 < yogg> Hi
04:23 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 265 seconds]
04:25 -!- valentin- is now known as ivali
04:25 < yogg> If I use in my client a *.p12 file (pkcs12 mytest.p12). Will the client verify the server certificate against the ca?
04:27 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:29 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has quit [Ping timeout: 258 seconds]
04:30 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
04:31 < yogg> ok the manpage says so. But I think I will test it.
04:45 < javnut> how do I stop DNS leaks on windows?
04:48 < CryptoSiD> you cant in chrome, only in firefox
04:48 < CryptoSiD> as far as i know
04:48 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 252 seconds]
04:50 < CryptoSiD> https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html
04:50 <@vpnHelper> Title: DNS leak test (at www.dnsleaktest.com)
04:51 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
04:56 < yogg> Are there any benefits of using "--verify-x509-name" if I already use certificate/ca chains?
04:59 < javnut> CryptoSiD: WebRTC leaks can only be stopped in firefox
05:00 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a9db:e490:7424:63a7] has joined #openvpn
05:00 < javnut> and I have that done, but I still get DNS leaks
05:01 < javnut> CryptoSiD: oh, and I tried that, both solutions haven't worked
05:02 -!- msn [~msn@117.55.242.50] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
05:05 < CryptoSiD> same i just tryed
05:05 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a9db:e490:7424:63a7] has quit [Ping timeout: 265 seconds]
05:05 < CryptoSiD> the dnsfix.exe doesnt work
05:05 < CryptoSiD> look like its not calling the scripts
05:05 -!- matt_ [~matt@ccpc-buzzer.bath.ac.uk] has joined #openvpn
05:07 < javnut> so go to the scripts and execute them in cmd?
05:08 < javnut> I'm going to try that
05:10 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
05:10 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 264 seconds]
05:11 -!- msn [~msn@182.72.55.194] has joined #openvpn
05:15 < javnut> I can't even find the scripts though, wth
05:16 < CryptoSiD> its in openvpn/config
05:17 < javnut> yeah, I found it
05:17 < javnut> woah
05:17 < javnut> it worked
05:18 < CryptoSiD> so you run the pre script, than connect, then run the up script?
05:18 < javnut> yeah
05:18 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
05:18 < CryptoSiD> it should run auto when connecting to vpn
05:19 < javnut> should
05:19 < CryptoSiD> yeah should,  it dont:)
05:22 < javnut> getting some weird problems now though
05:23 -!- janjust [~janjust@openvpn/community/support/janjust] has joined #openvpn
05:24 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
05:25 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
05:38 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
05:40 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
05:52 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:00 -!- seg [~seg@fsf/member/seg] has joined #openvpn
06:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:05 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 240 seconds]
06:07 -!- Gintaras [Gintaras@77.241.206.82] has joined #openvpn
06:16 -!- JackWinter [~jack@vodsl-4965.vo.lu] has quit [Remote host closed the connection]
06:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
06:33 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 264 seconds]
06:34 -!- TyrfingMjolnir [~Tyrfing@bb219-74-193-117.singnet.com.sg] has joined #openvpn
06:37 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
06:41 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
06:43 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
06:43 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
06:47 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Client Quit]
06:47 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
06:50 < msn> how do get all the variables avalable in via-file option when i use auth-user-pass-verify with external script
06:55 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
06:57 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
06:59 -!- javnut [~precise@CPEd43d7e92a144-CM0017ee42e040.cpe.net.cable.rogers.com] has left #openvpn []
07:15 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:15 -!- mode/#openvpn [+o mattock1] by ChanServ
07:16 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 264 seconds]
07:16 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
07:16 <@dazo> msn: call 'printenv' in your script and see what it dumps out .... or read the "SCRIPTING AND ENVIRONMENTAL VARIABLES" section in the man page
07:17 < msn> I am using perl so and the variables are coming via-file not via-env
07:18 <@dazo> msn: to my knowledge, via-file only covers username/password ... nothing else
07:18 < msn> hmm so if i want to pass all 3 i have to use via-env
07:18 <@dazo> all 3?
07:19 <@dazo> you need to read the man page far more careful
07:19 <@dazo> !man
07:19 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
07:20 < msn> i want to pass username/password/common_name
07:20 <@dazo> from the --auth-user-pass-verify sectrion:    If method is set to "via-env", OpenVPN will call script with the environmental variables username and password set to the username/password strings provided by the client. Be aware that this method is insecure on some platforms which make the environment of a process publicly visible to other unprivileged processes.
07:20 < msn> and check common_name agsinst username
07:20 <@dazo> right ... and common_name is an environment variable regardless of via-env/via-file
07:20 < msn> yup read that
07:22 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
07:30 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
07:32 < janjust> msn: so if you user via-file then username+password are passed via file. all other settings are passed via env var
07:32 < msn> yup i got that
07:32 < msn> now i am exploring the perl Env function
07:33 < janjust> OK
07:35 < msn> thanks for the tip :)
07:47 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
08:01 -!- TyrfingMjolnir [~Tyrfing@bb219-74-193-117.singnet.com.sg] has quit [Quit: Searching for Waimea]
08:03 -!- janjust [~janjust@openvpn/community/support/janjust] has quit [Quit: Leaving]
08:11 -!- Blanc|AFK is now known as Blanc
08:13 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 264 seconds]
08:18 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
08:21 -!- Droolio [~drool@host81-147-71-192.range81-147.btcentralplus.com] has joined #openvpn
08:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:22 -!- mode/#openvpn [+o mattock1] by ChanServ
08:35 -!- sysanthrope [~sysanthro@dot1x-cb-2.aset.psu.edu] has joined #openvpn
08:37 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
08:47 -!- sysanthrope [~sysanthro@dot1x-cb-2.aset.psu.edu] has quit [Remote host closed the connection]
08:57 -!- yogg [3e63e7e3@gateway/web/freenode/ip.62.99.231.227] has quit [Quit: Page closed]
09:10 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
09:12 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:13 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
09:16 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 272 seconds]
09:16 -!- wlarip [~wlarip@209.26.240.148] has quit [Ping timeout: 276 seconds]
09:19 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
09:23 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 256 seconds]
09:27 -!- sysanthrope [~sysanthro@dot1x-cb-79.aset.psu.edu] has joined #openvpn
09:30 -!- sysanthrope [~sysanthro@dot1x-cb-79.aset.psu.edu] has quit [Remote host closed the connection]
09:35 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
09:45 -!- Malsasa [~Malsasa@36.71.144.57] has joined #openvpn
09:47 -!- rich0_ is now known as rich0
10:00 -!- Malsasa [~Malsasa@36.71.144.57] has quit [Killed (wolfe.freenode.net (Nickname regained by services))]
10:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
10:02 -!- Blanc is now known as Blanc|AFK
10:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
10:03 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
10:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:13 -!- Malsasa [~Malsasa@36.71.144.57] has joined #openvpn
10:15 -!- Blanc|AFK is now known as Blanc
10:23 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
10:27 -!- Blanc is now known as Blanc|AFK
10:52 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
10:55 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
10:56 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
10:59 -!- ivali [valentin@unaffiliated/ivali] has quit [Ping timeout: 246 seconds]
11:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
11:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
11:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
11:05 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Quit: leaving]
11:07 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
11:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
11:16 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
11:17 -!- Blanc|AFK is now known as Blanc
11:19 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
11:20 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
11:21 -!- Yoda [Yoda@unaffiliated/yoda] has quit [Ping timeout: 272 seconds]
11:31 -!- msn [~msn@182.72.55.194] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
11:39 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
11:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:39 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
11:41 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:44 < M4rc3l> hi im doing ./vars as root and i get permission denied
11:45 < M4rc3l> is that caused because im trying to do it while openvpn is running
11:45 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
11:45 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
11:46 < M4rc3l> nvm fixed
11:47 -!- Yoda [Yoda@unaffiliated/yoda] has joined #openvpn
11:50 -!- nullsign [~nullsign@tyrion.nullsign.com] has quit [Quit: ZNC - http://znc.in]
11:51 -!- Malsasa [~Malsasa@36.71.144.57] has quit [Read error: Connection reset by peer]
11:53 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
11:53 -!- nullsign [~nullsign@tyrion.nullsign.com] has left #openvpn []
11:54 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
11:56 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 252 seconds]
11:56 <@krzee> hhe
11:56 <@krzee> its because you forgot the leading .
11:56 <@krzee> and its not an executable
11:57 <@krzee> the leading . makes it source the file, very different than running it (which is what you did)
11:59 -!- Blanc is now known as Blanc|AFK
12:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
12:03 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
12:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
12:10 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
12:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:32 -!- Blanc|AFK is now known as Blanc
12:36 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:49 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 245 seconds]
12:52 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
12:52 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Remote host closed the connection]
12:58 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 246 seconds]
13:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
13:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
13:05 -!- dazo is now known as dazo_afk
13:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:06 -!- mode/#openvpn [+o mattock1] by ChanServ
13:10 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
13:15 -!- Denial [~Denial@81.141.4.244] has quit []
13:19 -!- Denial [~Denial@81.141.4.244] has joined #openvpn
13:21 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has quit [Ping timeout: 265 seconds]
13:28 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
13:28 -!- sysanthrope [~sysanthro@client-104-39-34-182.mobility-up.psu.edu] has joined #openvpn
13:30 -!- Droolio [~drool@host81-147-71-192.range81-147.btcentralplus.com] has quit [Quit: A chicken is an egg's way of producing more eggs.]
13:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
14:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:01 -!- Blanc is now known as Blanc|AFK
14:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
14:04 -!- sysanthrope [~sysanthro@client-104-39-34-182.mobility-up.psu.edu] has quit [Remote host closed the connection]
14:26 -!- gchristensen [~gchristen@unaffiliated/grahamc] has joined #openvpn
14:26 < gchristensen> !welcome
14:26 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
14:26 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:26 < gchristensen> !goal
14:26 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:28 < gchristensen> Hi, I'd like to use easy-rsa to manage my certificates for openvpn + other systems, and would like to have  a CA and a second level of certificates and then a third, so CA -> openvpn cert -> (server, clients) and CA -> oterproject -> (server, clients). is this a supported mechanism? is easy-rsa still maintained and recommended? am I barking up the wrong tree?
14:32 -!- aiena [~aiena@unaffiliated/aiena] has joined #openvpn
14:32 -!- r8b7xy [~weechat@104.238.169.87] has quit [Ping timeout: 244 seconds]
14:33 <+esde> !easy-rsa
14:33 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
14:34 < gchristensen> yeah, I use easy-rsa in other cases, but never in a multi-tiered way, is why I asked
14:34 <+esde> Im not familiar with what you're asking
14:36 < gchristensen> basically I want to  do the same most website ssl certs are, with multiple layers of certificates between the root and the domain: http://gsc.io/s/Screenshot_6_2_15__2_35_PM_1B1E3D22.png
14:36 <+esde> For openvpn?
14:37 < gchristensen> among other systems, yeah
14:37 <+esde> yeah I've never seen/heard of that
14:38 <+esde> Not to say it's not possible. All of the pki implementations I've seen with openvpn have been pretty straightforward, though.
14:47 -!- r8b7xy [~weechat@104.238.169.94] has joined #openvpn
14:48 -!- Blanc|AFK is now known as Blanc
14:49 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
14:56 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
15:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
15:03 < gchristensen> esde: https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Readme.md#signing-a-request "Subordinate CA" is the term I need to google :)
15:03 <@vpnHelper> Title: easy-rsa/EasyRSA-Readme.md at master · OpenVPN/easy-rsa · GitHub (at github.com)
15:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
15:32 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 272 seconds]
15:35 -!- tjt263 [~tjt263@106-68-40-246.dyn.iinet.net.au] has joined #openvpn
15:40 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
15:48 -!- Codmadnesspro [~Codmadnes@codmadnesspro.com] has left #openvpn ["Leaving"]
15:55 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
16:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
16:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
16:08 -!- aiena [~aiena@unaffiliated/aiena] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
16:14 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:18 -!- r8b7xy [~weechat@104.238.169.94] has quit [Ping timeout: 244 seconds]
16:29 -!- Blanc is now known as Blanc|AFK
16:33 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
16:37 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
16:53 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:56 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
16:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 258 seconds]
17:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
17:04 -!- Techman [sid11863@gateway/web/irccloud.com/x-fsfmmjabcmvcxugx] has quit [Ping timeout: 265 seconds]
17:04 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 272 seconds]
17:15 -!- Socket- [~kerbooom@pool-96-255-103-79.washdc.fios.verizon.net] has joined #openvpn
17:16 < Socket-> Hello all, I am not able to connect to the internet when i VPN. I am able to nslookup, and ping by IP, but not by dnsname, here is my route info
17:16 < Socket-> http://pastebin.centos.org/28151/
17:16 < Socket-> Any idea what could be going on?  This same VPN config works from my work location, but not my vacation spot
17:18 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-cbnmbnttskyiijxx] has quit [Ping timeout: 252 seconds]
17:21 <+esde> Welcome, check out !route. If you have any questions, see !goal. Once you've clearly stated your goal, please see !configs and !logs. Once you've posted your uncommented client/server configs and logs, if someone is able to help, they will.
17:26 < Socket-> great, i shared both my before route, and after route, as well as my config in the paste above. Looking forward to anyone who can assist.
17:28 <+esde> you misunderstand or mis-comprehend, but good luck nonetheless.
17:35 -!- Techman [sid11863@gateway/web/irccloud.com/x-exsszxpnldhorcgg] has joined #openvpn
17:37 -!- wlarip_ is now known as wlarip
17:42 -!- _bt [~bt@unaffiliated/bt/x-192343] has joined #openvpn
17:45 -!- Haigha [~root@dovahkiin.xomg.net] has quit [Quit: WeeChat 1.0.1]
17:47 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:bd4b:9d5f:e3b0:4ffa] has joined #openvpn
18:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:02 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-nenaobuojjapzeoc] has joined #openvpn
18:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
18:11 -!- rtpada [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 244 seconds]
18:11 -!- r8b7xy [~weechat@104.238.169.53] has joined #openvpn
18:15 -!- Haigha [~root@aela.xomg.net] has joined #openvpn
18:23 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:33 -!- r8b7xy [~weechat@104.238.169.53] has quit [Quit: WeeChat 1.2]
18:59 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
19:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
19:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:22 -!- satdav [uid15780@firefox/community/satdav] has quit []
19:24 <+pekster> gchristensen: Sure, sign your subordinate CAs using the "subca" type, and remember to set either the CN or the subjectAltName matching the domain on the entity certificates
19:25 <+pekster> You'll of course need to provide all intermediate certs from your TLS server (webserver, or w/e) to clients if they're to authenticate with just the root cert present in their trust chain
19:25 < gchristensen> pekster: entity certificates being the leaf nodes in the trust graph? and yeah, I suspect that would just be in the cert.pem or the ca.pem file
19:26 <+pekster> Right. v2 really sucks at doing sub-cas, but that's one of several things v3 is designed to handle
19:26 < gchristensen> so good to hear, because I got the 3.0.0-rc2 :)
19:26 < gchristensen> perfect, thank you so much pekster!
19:27 <+pekster> Feel free to ping me if you run into issues, but if you know the structure you want, just set up unique pki-dirs for each "layer" of CA and send the requests to the parent in the tree for signing
19:28 < gchristensen> is there an easy way to change the pki-dir? right now I have a <parent>/{EasyRSA,rootca,subca1,subca2}/ and in each rootca,subca1,subca2 is a symlink back to the openssl.cnf and the x509-types directory
19:28 <+esde> yes
19:28 <+esde> make a directory, copy the easy-rsa scripts, and work there
19:29 <+esde> repeat as needed
19:29 < gchristensen> yeah, that is essentially what I've done here
19:29 <+pekster> You don't need to copy the scripts, no
19:29 <+pekster> Just use a differnet --pki-dir for each
19:29 < gchristensen> great. thank you, pekster
19:29 <+pekster> Or you can do that if you want (you'd need to if they're kept on differnet hosts, obviously)
19:29 <+esde> see some bright folks here, my experience is still fairly limited
19:30 <+pekster> Or different users, like "secure-ca" user for the root-ca, and "sub-user1" or something, & manage the PKIs with FS permissions. Completely up to you how paranoid you want to get :P
19:30 < gchristensen> yeah, right now almost all our signing will just have to happen offline anyway
19:30 < gchristensen> some of the places we're deploying to doesn't even have external network ingress or egress to/from the datacenter
19:31 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
19:31 <+pekster> Yup, you'll want to use the keypair generate, send CSR, sign CSR, return cert workflow, and that's actually recommended as it improves security
19:32 < gchristensen> OK. I really appreciate your advice here.
19:58 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
20:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 252 seconds]
20:09 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Ping timeout: 256 seconds]
20:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:bd4b:9d5f:e3b0:4ffa] has quit [Remote host closed the connection]
20:18 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:21 -!- rtpada [~jgeilman@unaffiliated/adaptr] has joined #openvpn
20:27 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
20:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
20:42 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
21:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
21:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
21:11 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 272 seconds]
21:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
21:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:69e0:ecc4:785b:7468] has joined #openvpn
21:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:69e0:ecc4:785b:7468] has quit [Remote host closed the connection]
21:25 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
21:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
21:41 -!- gchristensen [~gchristen@unaffiliated/grahamc] has left #openvpn ["WeeChat 0.4.2"]
21:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
21:45 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
21:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 276 seconds]
21:56 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:99b5:de8f:3e9a:fd98] has joined #openvpn
21:56 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:99b5:de8f:3e9a:fd98] has quit [Remote host closed the connection]
22:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:02 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:03 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
22:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
22:03 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:07 -!- gchristensen [~gchristen@unaffiliated/grahamc] has joined #openvpn
22:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 256 seconds]
22:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:21 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
22:23 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
22:31 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
22:43 -!- ShadniX [dagger@p5481D77A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
22:49 -!- ShadniX [dagger@p5481D77A.dip0.t-ipconnect.de] has joined #openvpn
22:55 -!- Malsasa [~Malsasa@36.73.246.73] has joined #openvpn
23:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:01 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
23:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 255 seconds]
23:08 -!- wlarip is now known as wlarip_
23:18 -!- ShadniX [dagger@p5481D77A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:20 -!- ShadniX [dagger@p5481D533.dip0.t-ipconnect.de] has joined #openvpn
23:25 -!- juddyjacob [~androirc@unaffiliated/juddyjacob] has joined #openvpn
23:37 -!- Malsasa [~Malsasa@36.73.246.73] has quit [Ping timeout: 276 seconds]
23:53 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 265 seconds]
--- Day changed Wed Jun 03 2015
00:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
00:00 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
00:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 252 seconds]
00:04 -!- MogDog [~MogDog@unaffiliated/mogdog66] has quit [Read error: Connection reset by peer]
00:07 -!- MogDog [~MogDog@unaffiliated/mogdog66] has joined #openvpn
00:09 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
00:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:29 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 256 seconds]
00:38 -!- juddyjacob [~androirc@unaffiliated/juddyjacob] has quit [Quit: AndroIRC - Android IRC Client ( http://www.androirc.com )]
00:47 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
00:47 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has joined #openvpn
00:54 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
01:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
01:18 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
01:18 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:26 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
02:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
02:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
02:06 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
02:15 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has joined #openvpn
02:15 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 256 seconds]
02:20 -!- cmanns [475f84ff@gateway/web/freenode/ip.71.95.132.255] has joined #openvpn
02:21 < cmanns> Linux server, macos guest- best config?
02:26 < TyrfingMjolnir> openvpn server, Tunnelblick, OpenVPN Connect for iOS
02:48 -!- Malsasa [~Malsasa@36.73.224.213] has joined #openvpn
02:49 -!- borgfish [~blubber@141.12.67.37] has quit []
02:59 < cmanns> thanks
03:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
03:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
03:06 -!- xintron [~xintron@unaffiliated/xintron] has joined #openvpn
03:07 < xintron> I'm running dnsmasq locally to cache DNS queries and I wonder what's the easiest way to integrate the pushed DNS servers from VPN connections with dnsmasq. Custom script?
03:08 -!- dazo_afk is now known as dazo
03:08 < BtbN> resolvconf/openresolv
03:08 < BtbN> (same thing)
03:08 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
03:08 < BtbN> It generates a config file you can include into your dnsmasq conf, and automaticaly reloads dnsmasq when something changes
03:08 < xintron> BtbN, Got that and tried to get it setup but seems it won't help much :(
03:09 < BtbN> https://bpaste.net/show/4804dcf7076a
03:10 < BtbN> i'm using named instead of dnsmasq, but it also has those options for dnsmasq
03:11 < xintron> BtbN, This is mine: https://bpaste.net/show/d3167a9bb02a
03:11 < BtbN> you're missing the restart line.
03:11 < xintron> I've got dnsmasq listening over dbus to re-read the configs
03:11 < BtbN> doesn't seem to work too well
03:12 < xintron> But for some reason resolvconf is never updating my files accordingly
03:12 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 265 seconds]
03:13 < xintron> I'll go over the resolvconf manual one more time then I guess :)
03:13 < BtbN> If it doesn't update the config files, it doesn't get the right input
03:13 < BtbN> Not a configuration problem of resolvconf, but of the thing that tries to update the nameservers
03:14 < xintron> BtbN, And OpenVPN is not calling resolvconf by default, a script is needed, correct?
03:15 < BtbN> At least on gentoo it comes with an apropriate up.sh and down.sh
03:19 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
03:29 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:43 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:47 -!- Olipro_ is now known as Olipro
03:47 < xintron> BtbN, Managed to get it working now at least. Now if I only could get it to resolv in the correct order...
03:48 < BtbN> Well, how should it know the correct order?
03:52 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
03:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
04:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
04:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
04:07 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:14 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
04:14 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:25 -!- cmanns [475f84ff@gateway/web/freenode/ip.71.95.132.255] has quit [Quit: Page closed]
04:27 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:49 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 272 seconds]
05:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
05:01 -!- tjt263_ [~tjt263@58-7-139-145.dyn.iinet.net.au] has joined #openvpn
05:03 -!- tjt263 [~tjt263@106-68-40-246.dyn.iinet.net.au] has quit [Ping timeout: 245 seconds]
05:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
05:16 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 252 seconds]
05:19 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
05:22 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Client Quit]
05:23 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: potentially breaking my system, brb]
05:25 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
05:53 -!- r8b7xy [~weechat@104.238.169.130] has joined #openvpn
05:55 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 245 seconds]
05:59 -!- r8b7xy [~weechat@104.238.169.130] has quit [Ping timeout: 265 seconds]
05:59 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
06:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
06:45 -!- troyt [~troyt@2601:7:6200:2991:44dd:acff:fe85:9c8e] has quit [Ping timeout: 265 seconds]
06:47 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
06:55 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
07:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
07:09 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
07:19 -!- wlarip_ is now known as wlarip
07:21 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Quit: ciao]
07:21 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:26 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:30 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
07:39 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-ghyeqgcmszkvesak] has joined #openvpn
07:40 < NetworkingPro> sup everyone?
07:40 < NetworkingPro> Anyone alive and kicking today?
07:40 -!- NetworkingPro is now known as Tony_Stark
07:41 -!- Tony_Stark is now known as NetworkingPro
07:45 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Quit: say wat]
07:46 -!- stemid [~avatar@vpn.sydit.se] has left #openvpn []
07:50 <+esde> !rocks
07:50 <@vpnHelper> "rocks" is Nobody around but us rocks! Please go ahead and ask your question, and be patient - somebody helpful will eventually perk up.
07:51 < NetworkingPro> esde: good morning.
07:52 < NetworkingPro> Would you mind taking a peek at a log file for me real quick?
07:54 < NetworkingPro> http://2048-bit.com/?083e63e86735b5c7#U33xY1BSFB79gnDg3EaXORQQhrR5fEkqW6rcyRSUzh0=   looking at this little snippet of an openvpn log would you say this connection succeeded or failed?  I don't see any critical errors, but these lines are tripping me out:
07:54 <@vpnHelper> Title: 2048-Bit.com (at 2048-bit.com)
07:54 < NetworkingPro> Wed Jun  3 06:56:55 2015 us=959421 115.236.50.18:40988 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher [null-cipher]'
07:54 < NetworkingPro> Wed Jun  3 06:56:55 2015 us=959567 115.236.50.18:40988 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 0'
07:57 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
07:58 -!- Anoniem4l_ [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
07:59 -!- Anoniem4l_ is now known as Anoniem4l
08:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
08:13 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:16 <@dazo> gee ... 2048-bit.com "Secure Encrypted Pastebin" ... provides a service over http .....
08:19 <@dazo> in addition, when I can see decrypt the contents /without/ needing to provide a decryption key ... anyone can decrypt the contents
08:22 -!- Junko [~Junkass@unaffiliated/junka] has joined #openvpn
08:22 < Junko> hello
08:23 < Junko> does using chroot, criples scripts? if so how to make it work
08:28 < NetworkingPro> dazo: Yea not done yet. Need to add SSL
08:28 < NetworkingPro> just not putting highly secure stuff on it right now.
08:28 < NetworkingPro> So any useful feedback on the log?
08:28 <@dazo> NetworkingPro: that log says you have a successful connection established
08:29 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
08:29 <@dazo> however ... you have two warnings you need to fix
08:30 < NetworkingPro> Im not sure how, to be honest?  The client and server have matching configs in re: cipher and keysize.  Sounds like the client is the one not sending the correct values initially?
08:30 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:31 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Client Quit]
08:32 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:40 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:48 -!- Junko [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
08:48 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
08:52 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:58 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
09:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
09:08 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
09:14 <@dazo> NetworkingPro: double check that comp-lzo or other link related options are identical, that can also cause these kind of differences
09:25 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 252 seconds]
09:27 < NetworkingPro> thanks dazo  will do
09:27 -!- doertedev [~doertedev@HSI-KBW-46-223-129-44.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
09:28 < doertedev> ohai. somehow my $workstation cannot resolve the AAAA entry of my $domain. I get "Temporary failure in name resolution" as an error. Are there any "common issues" with AAAA record resolution a user should know about?
09:28 < doertedev> For some reason dig in AAAA $domain gives me the correct ipv6 address, but I can neither ping6 nor traceroute -6 the $domain
09:45 -!- Malsasa is now known as Guest29295
09:46 -!- Guest29295 [~Malsasa@36.73.224.213] has quit [Ping timeout: 256 seconds]
09:51 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
10:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
10:04 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
10:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
10:18 < doertedev> diff question: on server side logs it shows me UDPv6 link remote (and local): [undef]
10:18 < doertedev> this means he won't listen on any ipv6 port right?
10:21 -!- Blanc|AFK is now known as Blanc
10:27 < doertedev> Or even worse: when the client logs "Local Options String: blabla" << is the blabla the set of options he really assumed from the client config?
10:47 -!- r8b7xy [~weechat@104.238.169.59] has joined #openvpn
11:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
11:01 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 276 seconds]
11:04 -!- doertedev [~doertedev@HSI-KBW-46-223-129-44.hsi.kabel-badenwuerttemberg.de] has left #openvpn []
11:05 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
11:06 <+esde> https://imgur.com/gallery/9CAfo
11:06 <@vpnHelper> Title: FVX Research (alleged FBI front) is now denying any connection to the FBI/government. Its complete bullshit, and heres why... - Album on Imgur (at imgur.com)
11:15 < Eugene> Nobody cares.
11:18 < gchristensen> esde: interesting
11:32 < Spec> lol, ets2 reference
11:33 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:50  * esde pokes Eugene with the fun stick
11:51 < Eugene> Kinky
12:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
12:00 -!- Blanc is now known as Blanc|AFK
12:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 246 seconds]
12:11 -!- gffa [~unknown@unaffiliated/gffa] has quit [Read error: Connection reset by peer]
12:14 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has joined #openvpn
12:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:25 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:33 -!- Blanc|AFK is now known as Blanc
12:40 -!- ChipConnJohn [~chatzilla@75-9-154-176.lightspeed.milwwi.sbcglobal.net] has joined #openvpn
12:58 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
13:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
13:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
13:10 -!- roberth1990 [~roberth@57.237.251.212.customer.cdi.no] has joined #openvpn
13:11 < roberth1990> hello
13:11 < roberth1990> does firewalls in consumer grade routers stop openvpn completely?
13:12 < Gintaras> Hello, how to add tap device to bridge on client ? brctl addif tap0 br0 -> ping timeout from openvpn server
13:12 <@krzee> roberth1990, depends what they do
13:12 <@krzee> you did nothing to describe what you're talking about
13:13 <@krzee> but sure, if they block the port you cant run openvpn over it
13:13 <@krzee> so it can be done
13:13 < roberth1990> krzee: https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
13:13 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
13:13 <@krzee> if you want a more specific answer, ask a more specific querstion
13:14 < roberth1990> I dont really know what to ask about
13:14 <@krzee> !goal
13:14 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:16 <+esde> Gintaras, please see goal too. We need your goal in more clear terms
13:17 < roberth1990> I just want to have a vpn connection between my server and my desktop, so I can surf on the web through my server simply
13:17 <+esde> !redirect
13:17 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
13:17 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
13:17 <+esde> !howto
13:17 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:17 <+esde> !ipforward
13:17 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
13:17 <+esde> any specific questions, just ask
13:18 < roberth1990> what does endpoint meant?
13:18 <@krzee> a vpn has 2 endpoints
13:18 <+esde> if you find restrictive firewalls like the great firewall of china blocking your connections, see !obfs
13:18 < mete> !obfs
13:18 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
13:18 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
13:18 <@krzee> with client/server you know those as a server and many clients (all endpoints)
13:19 <@krzee> in statickey theres only 2 endpoints.
13:19 < roberth1990> there is no such between me and my server, other then the firewall in my router, I think I have opened up the needed port there
13:19 -!- Blanc [~Blanc@irc.dagon.me] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
13:19 < mete> !forwardsecurity
13:19 <@vpnHelper> "forwardsecurity" is (#1) in server/client mode with certs your key renegotiates (changes) every hour (by default), so if someone captures your traffic, and then gets your key, they can only decrypt the traffic within the timeframe since last renegotiation or (#2) in ptp mode (static key) you do not have this, so if someone gets your key they can decrypt ANY past traffic that they captured
13:19 <@krzee> roberth1990, is english your primary language?
13:20 < roberth1990> no, but doesnt help when unleash a flood of information upon me anyway
13:21 < roberth1990> is the endpoints the ip of my internet connection and my server ip?
13:21 <@krzee> the endpoints are 2 computers
13:21 <@krzee> both running openvpn
13:21 < roberth1990> okay
13:21 <@krzee> you never said your goal
13:21 <@krzee> !goal
13:21 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:21 < roberth1990> [20:17] <roberth1990> I just want to have a vpn connection between my server and my desktop, so I can surf on the web through my server simply
13:21 <@krzee> ahh ok
13:22 <@krzee> !howto
13:22 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:22 < roberth1990> I am allready looking at https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
13:22 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
13:22 <@krzee> once you get a vpn up and can ping the vpn address on both sides, then we can worry about routing the internet over it
13:22 <@krzee> the static key setup will have some caveats
13:22 <@krzee> !statickey
13:22 <@vpnHelper> "statickey" is (#1) you can use static keys by using --secret </path/to/key> or (#2) static keys only work for ptp links, not client/server. They also do not provide forward encryption. A forward-secure encryption scheme (such as openvpn uses with certs) protects secret keys from exposure by evolving the keys with time. or (#3) see !forwardsecurity for more info
13:22 <@krzee> !forwardsecurity
13:22 <@vpnHelper> "forwardsecurity" is (#1) in server/client mode with certs your key renegotiates (changes) every hour (by default), so if someone captures your traffic, and then gets your key, they can only decrypt the traffic within the timeframe since last renegotiation or (#2) in ptp mode (static key) you do not have this, so if someone gets your key they can decrypt ANY past traffic that they captured
13:22 < roberth1990> the problem is that my desktop, doesn't have a static ip, my isp never provides it
13:23 <@krzee> roberth1990, does your server have a static ip?
13:23 < roberth1990> yes
13:23 <@krzee> thats all that matters
13:23 < roberth1990> okay great
13:24 <@krzee> after you get your vpn connection working you can see !redirect
13:24 < roberth1990> so I put in the configuration file "ifconfig 62.210.207.236" and what next on that line?
13:25 <@krzee> you dont ifconfig an internet routable ip
13:25 <@krzee> !1918
13:25 <@vpnHelper> "1918" is (#1) RFC1918 makes three unique netblocks available for private use: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 or (#2) see also: http://en.wikipedia.org/wiki/Private_network or http://www.faqs.org/rfcs/rfc1918.html or (#3) Too lazy to find your own subnet? Try this one: http://scarydevilmonastery.net/subnet.cgi or (#4) See !5737 for addresses to use for examples and documentation
13:25 <@krzee> you need to use a RFC 1918 LAN ip for the vpn
13:25 <+esde> !rfc1918
13:25 <@vpnHelper> "rfc1918" is "1918" is (#1) RFC1918 makes three unique netblocks available for private use: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 or (#2) see also: http://en.wikipedia.org/wiki/Private_network or http://www.faqs.org/rfcs/rfc1918.html or (#3) Too lazy to find your own subnet? Try this one: http://scarydevilmonastery.net/subnet.cgi
13:26 <@krzee> esde, thanks, i got it :-p
13:26 <+esde> oh
13:26 <+esde> sorry didnt even look up :|
13:26 < roberth1990> uhhhh
13:27 <@krzee> roberth1990, where do you see internet routable ips used in ifconfig in the static key howto you sent me...?
13:27 <@krzee> if you literally use the IPs in the howto it works
13:27 <@krzee> lol
13:27 <@krzee> of course remote must be changed
13:27 < roberth1990> under "server conifiguration file"
13:27 <@krzee> no
13:27 <@krzee> ifconfig 10.8.0.1 10.8.0.2
13:28 <@krzee> THATS whats there
13:28 < roberth1990> yeah but arent those example ips?
13:28 <@krzee> see, private rfc 1918 ips, not internet routable
13:28 <@krzee> yes, you may use any rfc 1918 ips you want
13:28 <@krzee> lol
13:28 <@krzee> but the example works
13:29 < roberth1990> ah those are only for the vpn
13:29 < roberth1990> sorry I am just kind of overwhelmed
13:31 < roberth1990> what package on linux provides the openvpn command?
13:31 <+esde> you can install from your distros repo's or compile from source
13:32 <+esde> i.e. sudo aptitude install openvpn
13:32 < roberth1990> yes, but the package I installed called "openvpn" but it seems to only include the daemon, not the commend to generate the key
13:32 <+esde> !easy-rsa
13:32 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
13:32 <+esde> for pki stuff
13:33 < roberth1990> why can't I just use the openvpn cli tool?
13:33 < roberth1990> ahhh sorry
13:33 < roberth1990> this is very stressful for me
13:33 < gchristensen> PKI freaks people out
13:34 < roberth1990> what is PKI?
13:34 < gchristensen> keys and certificates :)
13:34 <+esde> public key infrastructure
13:34 <+esde> !intro-to-pki
13:34 <@vpnHelper> "intro-to-pki" is For an intro to PKI basics, see: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0-rc1/doc/Intro-To-PKI.md
13:35 < roberth1990> okay how do I use easy-rsa to create a static key?
13:35 -!- gchristensen [~gchristen@unaffiliated/grahamc] has left #openvpn ["WeeChat 0.4.2"]
13:35 <+esde> http://lmgtfy.com/?q=how+to+create+static+key+for+openvpn
13:35 <@vpnHelper> Title: Let me google that for you (at lmgtfy.com)
13:36 <+esde> the first result
13:37 < roberth1990> the first one is the one I tried first but the tool isn't on my system even though I installed the package openvpn!
13:37 <+esde> then your package maintainer has tampered with the original source in some way or the package was not installed correctly
13:38 <+esde> building from source would ensure what you're running, is what was released.
13:38 < roberth1990> well turns out the openvpn command doesnt exist for a normal user, but only for root, which the howto doesnt specify
13:39 <+esde> that's not something the !howto would specify.
13:39 <+esde> that happens to be how your OS is configured
13:39 <+esde> $ openvpn --genkey --secret test.key
13:39 <+esde> ran fine here
13:39 < roberth1990> well it should state that some distros require root to do it
13:39 < roberth1990> than I would try it as root in the first place
13:39 <+esde> no it should not. as it would be confusing to users whose systems do not require root
13:40 <+esde> best practice is not to work as root either
13:40 < roberth1990> but it is confusing now for people that run distros that does require root
13:41 <+esde> K
13:41 <@krzee> they dont
13:41 <@krzee> lol
13:41 < roberth1990> they dont what?
13:42 <@krzee> if you happen to generate it in a directory not writable by your user then it requires root
13:42 <@krzee> otherwise it does not
13:42 <@krzee> aka, learn your os.
13:42 <+esde> !101
13:42 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
13:42 <@krzee> they dont require root.
13:42 < roberth1990> I am in my users home directory, and had to use sudo to even be able to run openvpn at all
13:42 <@krzee> openvpn itself does, generating certificates does not
13:42 < roberth1990> learn what you are talking aboujt
13:43 <@krzee> me learn what im talking about? lol
13:43 <+esde> and it can be configured to run as non-root too, iirc, right krzee?
13:43 <+esde> SHOTS FIRED
13:43 <@krzee> esde, yep, openvpn can be run nonroot by the advanced user
13:43 < roberth1990> krzee: yeah you just spewed some plain bullshit regarding debian
13:43 <+esde> SHOTS FIRED
13:43 <@krzee> roberth1990, im not sure whether to ban you or add you to my ignore list
13:43 <@krzee> which do you think i should do?
13:43 <+esde> ban
13:43 < roberth1990> https://paste.debian.net/plain/197737
13:43 <+esde> then it's done with
13:44 <@krzee> LOL
13:44 -!- roberth1990 was kicked from #openvpn by krzee [fix your $PATH]
13:44 -!- roberth1990 [~roberth@57.237.251.212.customer.cdi.no] has joined #openvpn
13:44 -!- roberth1990 was kicked from #openvpn by krzee [then fix your attitude]
13:45 -!- mode/#openvpn [+b *!*@roberth@57.237.*.customer.cdi.no] by krzee
13:45 <@krzee> what an ass
13:45 <+esde> definitely uninformed
13:45 <@krzee>  how do people like that think thats the right way to come asking for help
13:47 <+esde> not sure, really
13:47 <+esde> krzee++
13:47 <+esde> !unpriv
13:47 <@vpnHelper> "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions.
13:47 <+esde> ahhh that's what i was thinking of
13:48 <@krzee> yep, it *can* be done by advanced users, but i wouldnt confuse a guy of his skilllevel with that, better to just say it needs root
13:48 < DArqueBishop> I admit, I was looking for a factoid I thought I remembered that said something along the lines of "we are not here to hold your hand".
13:48 <+esde> !spoonfeeding
13:48 <@krzee> DArqueBishop,
13:48 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html
13:48 <@krzee> !factoids
13:48 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
13:48 <+esde> that one?
13:48 < DArqueBishop> Yep, that one.
13:49 <+esde> it'd be cool if the factoids got updated on that site, even quarterly :P
13:49 < DArqueBishop> krzee, I was looking through the page, but didn't remember the exact wording.
13:49 < DArqueBishop> :-)
13:49 <@krzee> they dont get automated anymore esde?  it was automated last i looked but ecrist has migrated some things since
13:49 <+esde> !ircstats
13:49 <@vpnHelper> "ircstats" is (#1) See http://secure-computing.net/logs/openvpn.html for all-time IRC stats. or (#2) See http://secure-computing.net/logs/openvpn-devel.html for all-time dev channel IRC stats.
13:49 <@krzee> ircstats he does by hand though
13:49 <+esde> Page last updated Wednesday, 17 Dec 2014
13:49 <+esde> :/
13:50 <+esde> looks like both were updated at about the same time lol
13:50 <@krzee> hmm try
13:50 <@krzee> tru*
13:50 <@krzee> ecrist, ^^
13:50 <@krzee> :D
13:51  * esde watches ecrist walk over to the webserver and start hacking at the cabling
13:51 <+esde> muttering all the while
13:51 <@krzee> virtual server with virtual cabling ;]
13:51 <+esde> haha
13:51 <+esde> virtual hacking
13:51 <@krzee> bbl
13:52 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
13:58 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has quit [Quit: Goodbye!]
14:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:02 -!- Illya [~Illya@unaffiliated/illya] has joined #openvpn
14:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
14:22 < Illya> Hi, Im trying to route all connections to the internet through the vpn but it doesn't seem to work. server config & log: http://sprunge.us/aXgL client config: http://sprunge.us/HSca
14:28 < DArqueBishop> Do you have IP forwarding enabled on the server?
14:28 < DArqueBishop> !ipforward
14:28 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
14:28 < Illya> !linipforward
14:28 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
14:31 < Illya> DArqueBishop, I did #1 and #3 but I still have the same problem
14:33 <+esde> !config
14:33 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
14:33 <+esde> !logs
14:33 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
14:33 <+esde> follow the instructions in their entirety or we will not read them
14:33 <+esde> !configs
14:33 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:33 < Illya> I can read the topic.
14:33  * esde holds tongue
14:34 <+esde> >verb set to 4 is important
14:34 < Illya> my config hasn't changed since I last pasted it, nevertheless server config & log: http://sprunge.us/aXgL client config: http://sprunge.us/HSca
14:34 <+esde> and it's still not posted properly.
14:35 <+esde> remove all the junk and post what we asked for, please.
14:35 <+esde> also for the logs, set verb to 4 and recreate the issue before posting
14:46 < Illya> http://sprunge.us/dbSI http://sprunge.us/dbSI http://sprunge.us/dJSR
14:47 <+esde> Wed Jun  3 19:40:42 2015 us=166001 Initialization Sequence Completed
14:47 <+esde> that's a good sign
14:48 <+esde> please post the result of iptables-save
14:48 <+esde> !iptables-rules
14:48 <@vpnHelper> "iptables-rules" is When posting iptables rules, please use the `iptables-save` syntax as it is easiest to read. While we try to be helpful, #netfilter may be more appropriate for complex netfilter issues
14:49 <+esde> if ip forwarding is enabled, and your connection is succeeding, and youre not able to browse. it could be because youre missing some routing in your iptables
14:52 < Illya> http://sprunge.us/VEQG
14:55 <+esde> try this iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
14:55 -!- cmanns [475f84ff@gateway/web/freenode/ip.71.95.132.255] has joined #openvpn
14:57 < Illya> still getting problems, want me to post logs/configs again?
14:58 <+esde> remove that rule first
14:58 <+esde> what is server running on?
14:58 < Illya> ubuntu 15.04
14:58 <+esde> is it virtualized?
14:59 < Illya> yes it is
14:59 <+esde> with what virtualization? kvm zen openvz?
15:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
15:01 < Illya> xen xen-domU
15:01 < Illya> according to virt-what
15:02 <+esde> try this iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to (eth0 ip)
15:02 <+esde> that assumes eth0 is your wan interface, replace (eth0 ip) with the wan ip
15:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
15:06 < Illya> Just updating iptables,  connecting to vpn and pinging 8.8.8.8 should be adequate to see a difference, right?
15:09 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has joined #openvpn
15:09 < Illya> thats what I did, and there was no response to ping
15:12 <+esde> usually one of those two rules do it for me. what needs to happen is the vpn's local traffic 10.8.0.0 needs a route out to wan
15:12 <+esde> once the traffic is being routed properly, it will work
15:15 < cmanns> What about -j MASQUERADE ?
15:16 -!- FFes [~quassel@5ED1CC68.cm-7-2d.dynamic.ziggo.nl] has joined #openvpn
15:18 <+esde> that was the first one he tried IIRC
15:18 < Illya> yes
15:18 <+esde> run ip a and let's see what your adapters are called
15:19 <+esde> could be as simple as a miswritten rule
15:19 < Illya> ah. I think I got it
15:19 < Illya> 1 sec, gonna reboot my server
15:19 -!- Illya [~Illya@unaffiliated/illya] has quit [Quit: Byee~]
15:20 <+esde> i thought he said linux... :P
15:26 -!- tjt263_ [~tjt263@58-7-139-145.dyn.iinet.net.au] has quit [Ping timeout: 265 seconds]
15:34 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has joined #openvpn
15:39 < cmanns> I was wondering if you guys had any tips or articles on generating/storing the key files for openvpn server/clients
15:40 < cmanns> normally I make like client1-5 but I think I should be making them named after the system for easier remembering who's using what?
15:40 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
15:57 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has quit [Quit: Goodbye!]
16:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
16:02 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:04 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 240 seconds]
16:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 276 seconds]
16:12 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
16:12 -!- xattack [~mnegocio@200.77.224.239] has joined #openvpn
16:14 -!- xattack [~mnegocio@200.77.224.239] has quit [Quit: leaving]
16:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:43 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has joined #openvpn
17:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:01 -!- Malsasa [~Malsasa@36.82.83.28] has joined #openvpn
17:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
17:10 -!- FFes [~quassel@5ED1CC68.cm-7-2d.dynamic.ziggo.nl] has quit [Remote host closed the connection]
17:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
17:26 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has quit [Quit: Goodbye!]
17:47 -!- mattsl [~user@68.169.165.200] has joined #openvpn
17:50 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:54 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Ping timeout: 265 seconds]
17:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
18:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
18:27 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:43 -!- AMERICAN_PSYCHO [~AMERICAN_@255.sub-70-196-5.myvzw.com] has joined #openvpn
18:43 -!- dazo is now known as dazo_afk
18:44 <@ecrist> esde: I'll fix it in a bit.
19:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
19:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 252 seconds]
19:30 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 258 seconds]
19:38 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
19:55 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
20:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:00 -!- hays__ [~quassel@unaffiliated/hays] has joined #openvpn
20:02 -!- hays_ [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
20:03 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
20:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
20:05 -!- hays__ [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
20:20 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 264 seconds]
20:21 -!- shivanshu_ [~shivanshu@104.131.8.15] has joined #openvpn
20:22 -!- _cmd__ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
20:22 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Ping timeout: 250 seconds]
20:22 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Ping timeout: 250 seconds]
20:22 -!- K1rk [~Kirk@equinox.epecweb.com] has quit [Ping timeout: 250 seconds]
20:22 -!- shivanshu_ is now known as shivanshu
20:23 -!- K1rk [~Kirk@equinox.epecweb.com] has joined #openvpn
20:25 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
20:34 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
21:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
21:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
21:08 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
21:10 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:43 -!- cmanns [475f84ff@gateway/web/freenode/ip.71.95.132.255] has quit [Quit: Page closed]
22:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
22:15 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
22:16 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
22:20 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
22:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 272 seconds]
22:39 -!- MalMen [~MalMen@xmr.link] has quit [Ping timeout: 246 seconds]
22:47 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has quit [Remote host closed the connection]
22:55 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 265 seconds]
22:55 -!- Maxux [~Maxux@clea.maxux.net] has quit [Ping timeout: 256 seconds]
23:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:03 -!- Malsasa [~Malsasa@36.82.83.28] has quit [Ping timeout: 245 seconds]
23:04 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
23:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
23:04 -!- Malsasa [~Malsasa@36.81.182.106] has joined #openvpn
23:08 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
23:09 -!- Malsasa [~Malsasa@36.81.182.106] has quit [Remote host closed the connection]
23:11 -!- Malsasa [~Malsasa@36.81.182.106] has joined #openvpn
23:12 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
23:17 -!- Malsasa is now known as Guest73312
23:17 -!- Guest73312 [~Malsasa@36.81.182.106] has quit [Killed (kornbluth.freenode.net (Nickname regained by services))]
23:18 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:18 -!- ShadniX [dagger@p5481D533.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:19 -!- ShadniX [dagger@p5481D6AF.dip0.t-ipconnect.de] has joined #openvpn
23:51 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has quit [Quit: mirco]
23:52 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
23:59 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
--- Day changed Thu Jun 04 2015
00:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
00:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
00:16 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a57e:af58:ef1e:2251] has joined #openvpn
00:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a57e:af58:ef1e:2251] has quit [Remote host closed the connection]
00:26 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:28 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
00:28 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
00:30 -!- badon_ is now known as badon
00:34 -!- AMERICA__ [~AMERICAN_@255.sub-70-196-5.myvzw.com] has joined #openvpn
00:34 -!- AMERICAN_PSYCHO [~AMERICAN_@255.sub-70-196-5.myvzw.com] has quit [Ping timeout: 255 seconds]
01:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
01:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ddbc:acd9:96da:5c6] has joined #openvpn
01:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ddbc:acd9:96da:5c6] has quit [Ping timeout: 256 seconds]
01:34 -!- AMERICAN_PSYCHO [~AMERICAN_@255.sub-70-196-5.myvzw.com] has joined #openvpn
01:34 -!- AMERICA__ [~AMERICAN_@255.sub-70-196-5.myvzw.com] has quit [Ping timeout: 255 seconds]
02:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
02:02 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
02:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 255 seconds]
02:06 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:22 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has joined #openvpn
02:23 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 265 seconds]
02:23 -!- TyrfingMjolnir_ [~Tyrfing@118.189.1.18] has joined #openvpn
02:26 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has quit [Ping timeout: 250 seconds]
02:29 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:42 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
02:43 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
02:49 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
02:50 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
02:57 -!- TyrfingMjolnir_ [~Tyrfing@118.189.1.18] has quit [Ping timeout: 272 seconds]
02:58 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
02:59 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
03:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
03:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
03:06 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
03:08 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
03:08 -!- Junko [~Junkass@unaffiliated/junka] has joined #openvpn
03:09 < Junko> when i use chroot and start openvpn, i get tls fail and error that the crl.pem cant be read, i tried changing perms but nothing
03:16 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4025:c11b:8cb0:c49a] has joined #openvpn
03:21 -!- dazo_afk is now known as dazo
03:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4025:c11b:8cb0:c49a] has quit [Ping timeout: 256 seconds]
03:21 <@dazo> Junko: the CRL file needs to be located inside the chroot
03:22 < Junko> dazo; but it is
03:22 <@dazo> Junko: so if you have --chroot /var/chroot/openvpn ... and --crl /etc/openvpn/ovpn.crl .... the CRL file must be found in /var/chroot/openvpn/etc/openvpn/ovpn.crl
03:22 <@dazo> Junko: what does your --crl option say?
03:23 <@dazo> also ensure that the openvpn process can access all the directories below the crl file
03:30 < Junko> dazo; i have chroot /etc/openvpn/jail and inside there the crl.pem file, and i specify /crl.pem dir in the config iirc
03:31 < Junko> i cant test it right now though
03:31 <@dazo> what kind of distro do you use?
03:31 < Junko> debian
03:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:42 -!- mode/#openvpn [+o mattock1] by ChanServ
03:43 -!- alfon [~alfon@21.229.218.87.dynamic.jazztel.es] has joined #openvpn
03:47 <@dazo> Junko: using SELinux?
03:48 <@dazo> Junko: in general, /etc should be used for configuration files ... a chroot isn't a configuration ... so chroots usually go into /chroot or /var/...something...  And SELinux or similar security mechnisms /may/ restrict doing chroot outside the expected locations
03:48 -!- alfon [~alfon@21.229.218.87.dynamic.jazztel.es] has left #openvpn []
03:50 < Junko> dazo; i see, i will try with /var
03:50 <@dazo> don't just try ... just need to know these things
03:53 -!- shivanshu [~shivanshu@104.131.8.15] has quit [Changing host]
03:53 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
03:54 < Junko> dazo; most of the examples on the internet places the chroot inside /etc/openvpn
03:54 <@dazo> Junko: most of the blogs on the internet are written by "oh! Look!  It works!"-people ... who don't necessarily understand how Unix systems are supposed to be configured
03:55 <@dazo> and way too many of them are just plain wrong
03:55 <@dazo> All these people will cry in frustration when they hit SELinux .... but they usually just disable SELinux instead of trying to do things properly
03:57 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Remote host closed the connection]
03:58 < Junko> dazo; thanks for the enlightment :D
04:00 <@dazo> Junko: I wish I had gotten a dime each time someone used a poorly written blog about configuring OpenVPN ... I would be sooo rich ;-)
04:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
04:01 < Junko> dazo; it would help if it was mentioned on the wiki and man pages under chroot
04:01 <@dazo> which wiki do you mean?
04:01 < Junko> the openvpn one
04:01 <@dazo> URL?
04:02 <@dazo> for man pages ... that's a reference document, not a document which should teach you how to configure a system properly
04:02 <@dazo> (there are plans to update the man page, but it's a lot of work and will take some time)
04:02 < Junko> dazo; https://community.openvpn.net/openvpn/wiki/HOWTO#chrootnon-Windowsonly
04:03 <@vpnHelper> Title: HOWTO – OpenVPN Community (at community.openvpn.net)
04:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
04:04 <@dazo> yeah, I'll file a ticket for the official howto mentioning this
04:06 < Junko> that would be great
04:14 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:24 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has joined #openvpn
04:35 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
04:43 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:54 -!- Junko [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
05:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
05:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
05:09 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 272 seconds]
05:20 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
05:32 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f184:3f1f:7134:251] has joined #openvpn
05:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f184:3f1f:7134:251] has quit [Ping timeout: 256 seconds]
06:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
06:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
06:11 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Quit: No Ping reply in 180 seconds.]
06:11 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:11 -!- mode/#openvpn [+o mattock1] by ChanServ
06:13 -!- muh-die-kuh [~quassel@2001:41d0:51:1::ed7] has quit [Quit: No Ping reply in 180 seconds.]
06:13 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Quit: No Ping reply in 180 seconds.]
06:14 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
06:14 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
06:55 -!- Sheraf [~Sheraf@sheraf.wtf] has joined #openvpn
06:57 < Sheraf> Hi,
06:57 < Sheraf> 192.128.0.0     0.0.0.0         255.128.0.0     U     0      0        0 tap0
06:57 < Sheraf> what is this route for?
06:58 < Sheraf> for some reason, when i have my vpn UP (so i have this route) i can't reach some IP :(
06:58 < Sheraf> like this ip 192.185.35.90
07:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
07:15 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
07:16 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
07:45 <@krzee> first of all, why are you using tap?
07:45 <@krzee> Sheraf,
07:55 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
08:01 < Sheraf> krzee because i want my client to be on a bridge
08:01 < Sheraf> i have a bunch of VM running on my server and they are all on a bridge, so are all my vpn client
08:03 <+esde> !tunortap
08:03 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
08:03 <@vpnHelper> rooted/jailbroken) support only tun
08:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
08:04 < Sheraf> so it's tap
08:06 < Sheraf> i think the route that cause the issue is actually this one: 128.0.0.0       192.168.42.1    128.0.0.0       UG    0      0        0 tap0
08:06 < Sheraf> why do i need this?
08:07 <+esde> how should we know? lol
08:07 <+esde> you've yet to see !welcome or !goal. you're just sharing parts of your config and asking us why those parts or there.
08:07 < Sheraf> esde: well, that's openvpn doing this, not me
08:08 <+esde> s/or/are/
08:15 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:25 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has joined #openvpn
08:51 -!- AMERICAN_PSYCHO [~AMERICAN_@255.sub-70-196-5.myvzw.com] has quit [Quit: Goodbye!]
09:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
09:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
09:16 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:16 -!- mode/#openvpn [+o mattock2] by ChanServ
09:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
09:40 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:40 -!- mparisi [~mparisi@72.20.27.67] has joined #openvpn
09:41 < mparisi> I have two servers connected using OpenVPN. A is OpenVPN Server, B is OpenVPN Client. After the connection is established, I can ssh from B to A using VPN IP without problems. If I ssh from A to B using VPN IP, the VPN gets disconnected.
09:42 < mparisi> any thoughts?
09:42 < mparisi> no firewalls on both sides... i`ve done iptables -F
09:43 < mparisi> I`ve googled a little bit, and most of the stuff I found relates these kinda problems to MTU... can it be a mtu problem?
09:57 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 258 seconds]
10:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
10:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
10:16 <+esde> !iptables-rules
10:16 <@vpnHelper> "iptables-rules" is When posting iptables rules, please use the `iptables-save` syntax as it is easiest to read. While we try to be helpful, #netfilter may be more appropriate for complex netfilter issues
10:16 <+esde> !pastebin
10:16 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
10:33 -!- Blanc [~Blanc@irc.dagon.me] has joined #openvpn
10:59 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
11:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
11:02 -!- ChipConnJohn [~chatzilla@75-9-154-176.lightspeed.milwwi.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 37.0.2/20150415140819]]
11:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
11:03 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:12 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has joined #openvpn
11:17 -!- dazo is now known as dazo_afk
11:43 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
12:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 240 seconds]
12:10 < mparisi> noone?
12:16 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
12:23 -!- Blanc is now known as Blanc|AFK
12:27 -!- Illya [~Illya@unaffiliated/illya] has joined #openvpn
13:00 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 265 seconds]
13:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
13:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
13:05 -!- Haigha [~root@aela.xomg.net] has quit [Quit: WeeChat 1.0.1]
13:06 < mparisi> probably routing problem, but still strange
13:08 -!- Haigha [~root@aela.xomg.net] has joined #openvpn
13:17 -!- Haigha [~root@aela.xomg.net] has quit [Quit: WeeChat 1.0.1]
13:19 -!- Haigha [~root@aela.xomg.net] has joined #openvpn
13:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
13:21 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
13:22 < Illya> esde, my server didn't boot up after that. I bought another one now, hopefully this will work
13:33 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
13:38 -!- Junko [~Junkass@unaffiliated/junka] has joined #openvpn
13:39 -!- Illya [~Illya@unaffiliated/illya] has quit [Remote host closed the connection]
13:39 < BtbN> you bought another server because the first one doesn't come up anymore? oO
13:39 < BtbN> Wouldn't it be easier to just reset the first one? Or chroot in and fix the network?
13:49 -!- Junko [~Junkass@unaffiliated/junka] has quit [Quit: B-Bye!]
14:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
14:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 265 seconds]
14:15 -!- Illya [~Illya@unaffiliated/illya] has joined #openvpn
14:24 < Illya> !goal
14:24 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
15:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
15:09 -!- Illya [~Illya@unaffiliated/illya] has quit [Remote host closed the connection]
15:12 -!- ikkuplio [~IceChat77@ip25044cb8.dynamic.kabel-deutschland.de] has joined #openvpn
15:18 < ikkuplio> hello. i have manage to get my openvpn client to work on my router. is it possible to allow my pcs to use that vpn?
15:32 < NetworkingPro> hey everyone
15:34 -!- fakhir [~fakhir@unaffiliated/fakhir] has joined #openvpn
15:34 < NetworkingPro> I have a standard OpenVPN build. The ipp.txt file is not being populated with IP addresses.  I am using TAP mode. When Im in tunnel mode it writes IP addresses to the file. In tap it does not. Anyone seen that before?
15:36 < fakhir> hello. I have an OpenVPN server with "server 10.8.0.0 255.255.0.0". It seems OpenVPN is still limited to 10.8.1.* because it stops accepting new connections when it runs out of that address space.
15:40 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 265 seconds]
15:42 < NetworkingPro> Is there anyone in here that is an expert on OpenVPN that would be interested in consulting?
15:50 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
15:56 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:57 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
15:57 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has quit [Ping timeout: 256 seconds]
16:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
16:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
16:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 255 seconds]
16:05 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:20 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:21 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
16:30 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Ping timeout: 240 seconds]
16:57 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
17:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
17:06 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:22 -!- crane [~crane@static.229.44.243.136.clients.your-server.de] has quit [Ping timeout: 245 seconds]
17:23 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 245 seconds]
17:23 -!- crane [~crane@chat.craneworks.de] has joined #openvpn
17:23 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
17:24 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 245 seconds]
17:25 -!- Malsasa [~Malsasa@36.73.239.201] has joined #openvpn
17:27 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
17:28 -!- Spec [~Spec@unaffiliated/spec] has quit [Ping timeout: 245 seconds]
17:37 -!- fakhir [~fakhir@unaffiliated/fakhir] has quit [Ping timeout: 245 seconds]
17:39 -!- thedudez0r [~gt@unaffiliated/grullizzle] has quit [Ping timeout: 245 seconds]
17:39 -!- fakhir [~fakhir@unaffiliated/fakhir] has joined #openvpn
17:40 -!- thedudez0r [~gt@unaffiliated/grullizzle] has joined #openvpn
17:52 -!- ikkuplio [~IceChat77@ip25044cb8.dynamic.kabel-deutschland.de] has quit [Quit: I used to think I was indecisive, but now I'm not too sure.]
17:53 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
18:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
18:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
18:00 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 265 seconds]
18:02 -!- Malsasa [~Malsasa@36.73.239.201] has quit [Quit: No Ping reply in 180 seconds.]
18:02 -!- Malsasa [~Malsasa@36.73.239.201] has joined #openvpn
18:04 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
18:37 -!- Illya [~Illya@unaffiliated/illya] has joined #openvpn
18:41 -!- Illya [~Illya@unaffiliated/illya] has left #openvpn []
18:45 -!- AMERICAN_PSYCHO [~AMERICAN_@104-183-164-84.lightspeed.jcsnms.sbcglobal.net] has quit [Quit: Goodbye!]
18:59 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
18:59 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Client Quit]
19:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
19:00 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
19:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
19:23 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 256 seconds]
19:30 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
19:34 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 256 seconds]
19:40 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
19:42 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
19:43 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 246 seconds]
19:48 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:53 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has joined #openvpn
19:58 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 265 seconds]
20:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
20:01 -!- lotuspsychje [~lotuspsyc@ip-213-49-82-162.dsl.scarlet.be] has joined #openvpn
20:02 -!- samthewildone [~samthewil@unaffiliated/samthewildone] has joined #openvpn
20:02 < samthewildone> Hi
20:02 < samthewildone> !help
20:02 <@vpnHelper> (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.
20:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
20:03 < samthewildone> Hi I using privatetunnel service which was recommended from https://openvpn.net/
20:03 <@vpnHelper> Title: OpenVPN - Open Source VPN (at openvpn.net)
20:05 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
20:08 < samthewildone> brb booting into ubuntu
20:09 -!- lotuspsychje [~lotuspsyc@ip-213-49-82-162.dsl.scarlet.be] has left #openvpn ["Ik ga weg"]
20:09 -!- samthewildone [~samthewil@unaffiliated/samthewildone] has quit [Quit: Leaving]
20:11 -!- samthewildone [~samthewil@unaffiliated/samthewildone] has joined #openvpn
20:12 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 265 seconds]
20:17 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
20:18 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
20:31 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 256 seconds]
20:40 -!- samthewildone [~samthewil@unaffiliated/samthewildone] has quit [Quit: Leaving]
20:42 -!- vikaton [uid59278@gateway/web/irccloud.com/x-xuwpglbzlojkeqjw] has joined #openvpn
20:42 < vikaton> How can I use vpnbook with hexchat?
21:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
21:04 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
21:11 <+esde> whats a vpnbook
21:26 -!- Malsasa [~Malsasa@36.73.239.201] has quit [Remote host closed the connection]
22:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
22:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 255 seconds]
22:11 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
23:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
23:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 244 seconds]
23:17 -!- ShadniX [dagger@p5481D6AF.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:18 -!- ShadniX [dagger@p5481D739.dip0.t-ipconnect.de] has joined #openvpn
23:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:50 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
--- Day changed Fri Jun 05 2015
00:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
00:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
00:09 -!- darlinger [~jd@64.145.76.41] has joined #openvpn
00:11 < darlinger> openvpn isn't overwriting my /etc/resolv.conf and causing a dns leak
00:13 < darlinger> checked the logs and the server is trying to push dns settings but resolv.conf doesn't get changed
00:13 < Eugene> !pushdns
00:13 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
00:13 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
00:15 < Eugene> At a guess, see #3
00:15 < darlinger> Eugene: i'm looking at 4
00:15 < darlinger> what's frustrating is that it was working perfectly for a time and then just stopped
00:15 < darlinger> and i have no idea what changed it
00:16 < darlinger> using ipvanish
00:16 < Eugene> What's your OS
00:16 < darlinger> some of their settings seem weird
00:16 < darlinger> linux
00:16 < darlinger> arch linux exactly
00:17 < darlinger> want me to send a conf?
00:18 < darlinger> https://gist.github.com/1525feace02adb193dfd
00:18 <@vpnHelper> Title: ipvanish-US-San-Jose-sjc-a01.conf (at gist.github.com)
00:18 < Eugene> Interesting that it "worked"
00:18 < Eugene> Did you take an arch package upgrade recently
00:19 < Eugene> It could very well be that the package changed behaviour from calling an external --up script(in the init script) to not doing such
00:19 < darlinger> i basically have a large batch of configs that i manipulate through sed through cohesiveness
00:19 < darlinger> hmmmm did you see the gist
00:19 < Eugene> (I particularly dislike Arch, or really all versionless distros, for doing such things.)
00:19 < Eugene> I did
00:20 < Eugene> Oh god mass-sed
00:20 < Eugene> That's just nuts. Learn to do config management, please. ;-)
00:20 < darlinger> Eugene: lol what do you mean?
00:20 < darlinger> i just used it to add some lines and stuff
00:21 < darlinger> but no i did not update recently
00:23 < Eugene> I honestly don't know what to tell you
00:23 < Eugene> Besides "it shouldn't have worked, and this is how you make it work"
00:23 < darlinger> well like, i'm looking at the logs i get PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.20.32.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.20.35.178 255.255.252.0'
00:24 < darlinger> but changes don't show up in resolv the conf
00:24 < Eugene> `openvpn` on *nix platforms doesn't deal with dhcp-option in any way
00:24 < Eugene> It's ignored and left up to scripts to handle
00:26 < darlinger> Eugene: should i try #4 then?
00:26 < Eugene> Indeed
00:26 < darlinger> Eugene: i was not aware of that tbh
00:26 < Eugene> And now you are!
00:26 < Eugene> !beer
00:26 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
00:27 < darlinger> i would buy you a beer right now
00:28 < darlinger> so how do i add the resolv-conf script to all those config files?
00:32 < darlinger> !pushdns
00:32 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
00:32 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
00:33 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Read error: Connection reset by peer]
00:42 -!- darlinger [~jd@64.145.76.41] has quit [Ping timeout: 250 seconds]
00:43 -!- vikaton [uid59278@gateway/web/irccloud.com/x-xuwpglbzlojkeqjw] has quit [Quit: Connection closed for inactivity]
00:53 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
01:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 256 seconds]
01:04 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
01:04 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:05 -!- badon_ is now known as badon
01:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:50 -!- mode/#openvpn [+o mattock1] by ChanServ
01:55 -!- ivali [valentin@unaffiliated/ivali] has joined #openvpn
02:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
02:01 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has quit [Remote host closed the connection]
02:02 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has joined #openvpn
02:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 264 seconds]
02:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:13 < CryptoSiD> I'm running my openvpn server on a vps with like 200mbits/s bw..., all my vpn clients are at home where i have 30mbits/s... but when im connected to the vpn im only able to download at 10-15 mbits/s. Using the vpn as gateway, i tryed playing with MTU but its always stuck at 10-15 mbits sec, i also tryed proto tcp
02:13 < CryptoSiD> any idea how to fix this?
02:17 -!- fakhir [~fakhir@unaffiliated/fakhir] has quit [Quit: Leaving]
02:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
03:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
03:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 258 seconds]
03:22 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
03:58 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
04:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 252 seconds]
04:21 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:24 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:25 < BtbN> CryptoSiD, more CPU power on both ends, higher tun-mtu
04:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:36 < CryptoSiD> what you mean more cpu power ?
04:37 < CryptoSiD> tun-mtu doesnt seems to work on windows
04:45 < CryptoSiD> cpu power shouldnt be a problem
04:45 < BtbN> On a VPS?
04:45 < BtbN> If you to know how much of a problem it is, try disabling encryption
04:49 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
04:52 < CryptoSiD> same thing with "cipher none" in conf
04:58 < CryptoSiD> mmm back to proto udp now im getting 30 mbits!
04:58 < BtbN> Don't do tcp over tcp. Only use tcp if you realy have to
04:59 -!- dazo_afk is now known as dazo
04:59 < CryptoSiD> used it for testing only:)
05:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
05:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 252 seconds]
05:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:08 <@dazo> CryptoSiD: what kind of VPS do you have?  openVZ, KVM, Xen?  or something else?
05:10 < CryptoSiD> I'll look newb but its a VM made in vcenter6
05:10 < CryptoSiD> dont know what kind i should say:D
05:10 < CryptoSiD> seems to work fine with udp now
05:19 < BtbN> If you disabled encryption, I wouldn't call it "fine"
05:20 < CryptoSiD> i havent
05:20 < CryptoSiD> well i did, but its not disabled anymore
05:37 -!- r8b7xy [~weechat@104.238.169.59] has quit [Quit: WeeChat 1.2]
05:37 -!- r8b7xy [~weechat@104.238.169.59] has joined #openvpn
05:38 -!- r8b7xy [~weechat@104.238.169.59] has quit [Client Quit]
05:38 -!- r8b7xy [~weechat@104.238.169.59] has joined #openvpn
05:39 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
05:39 -!- r8b7xy [~weechat@104.238.169.59] has quit [Client Quit]
05:39 -!- r8b7xy [~weechat@104.238.169.59] has joined #openvpn
05:41 -!- r8b7xy [~weechat@104.238.169.59] has quit [Client Quit]
05:42 -!- r8b7xy [~weechat@104.238.169.59] has joined #openvpn
05:53 -!- wowbagger8851 [c1bfb408@gateway/web/freenode/ip.193.191.180.8] has joined #openvpn
05:54 < wowbagger8851> Hi! I was wondering if someone could tell me if socks support is going to be included in the ios openvpn app?
05:55 < wowbagger8851> I have it working by pushing a regular http_proxy but it seems email etc don't use that setting so they can't connect over the vpn
05:56 < wowbagger8851> when I connect over wifi (without vpn) etc the proxy is used by the email client on ios
05:56 < wowbagger8851> but when I connect over 4 (while pushing http_proxy) only web browsing through the proxy works, not the email
05:56 < wowbagger8851> is this some limitation on ios itself?
05:57 < wowbagger8851> over 4g
05:58 < BtbN> Why not just redirect all traffic through the vpn?
05:59 < wowbagger8851> that's what I do, but the vpn ends in a tor-only network and privoxy is listening on 8888 (and routes internally through to tor over socks)
05:59 < wowbagger8851> so pushing privoxy works for browsing, it gets routed through tor, but not the mail clients
06:00 < wowbagger8851> bit of a turnoff :( I thought pushing the http/https privoxy when connected over vpn would result in ios using them also for mail
06:00 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
06:00 < wowbagger8851> but only ios safari seems to use it
06:01 < BtbN> you could try pushing a proxy auto config url, which then sets a SOCKS proxy
06:01 < BtbN> but i don't think you can push a socks-proxy
06:01 <+esde> openvpn for android allows you to set a proxy from within the vpn app
06:01 <@plaisthos> esde: no it doesn't
06:01 < wowbagger8851> ah yes... the pac file. tried that but it didn't work for ios
06:01 <+esde> VPN Behaviour Use system proxy
06:01 <+esde> whats that?
06:02 <@plaisthos> esde: proxy for the vpn itself
06:02 <+esde> ah.
06:02 <@plaisthos> you cannot set the proxy
06:02 <@plaisthos> vpnservice does not allow to specify one
06:02 < wowbagger8851> yeah, it allows you to connect to the vpn over the specified proxy
06:02 < wowbagger8851> but not using a proxy to tunnel through once the vpn is established
06:03 < wowbagger8851> which works for safari when pushing http_proxy but not mail
06:03 < wowbagger8851> grlmb@#$! ios!
06:03 <+esde> jailbroken?
06:03 < wowbagger8851> no
06:03 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 245 seconds]
06:05 < wowbagger8851> hmm
06:06 < wowbagger8851> maybe there's a mailapp that allows setting a specific proxy
06:20 < wowbagger8851> Hmm, using Apple Configurator to mass configure/deploy iphone's it seems possible to set a global http proxy
06:20 < wowbagger8851> nice
06:20 < wowbagger8851> but to use it you need to first wipe & clean restore the device
06:21 < wowbagger8851> so that would work
06:22 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
06:22 < wowbagger8851> if any1 is interested: http://help.apple.com/configurator/mac/1.7.2/#/apd7BA46FCD-EEE0-4F14-8AC5-FD52CE0A0DD4
06:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
06:38 -!- vikaton [uid59278@gateway/web/irccloud.com/x-poyietssxylwjbli] has joined #openvpn
06:39 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
06:45 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 258 seconds]
07:00 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has joined #openvpn
07:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
07:03 -!- wlarip_ [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has quit [Ping timeout: 272 seconds]
07:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:40 -!- wlarip [~wlarip@gateway/vpn/privateinternetaccess/wlarip] has left #openvpn ["Leaving"]
08:04 -!- hojgaard [~hojgaard@78.156.117.236] has joined #openvpn
08:40 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
09:31 -!- mgorbach [~mgorbach@pool-100-0-124-207.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds]
09:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:41 -!- Blanc|AFK is now known as Blanc
09:51 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
09:59 -!- Blanc is now known as Blanc|AFK
10:02 -!- Blanc|AFK is now known as Blanc
10:05 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
10:08 -!- Blanc is now known as Blanc|AFK
10:11 -!- Blanc|AFK is now known as Blanc
10:17 -!- jesopo [Bit@lolpurr.net] has quit [Ping timeout: 256 seconds]
10:21 -!- Blanc is now known as Blanc|AFK
10:25 -!- jesopo [Bit@lolpurr.net] has joined #openvpn
10:30 -!- ivali [valentin@unaffiliated/ivali] has quit [Ping timeout: 252 seconds]
10:32 -!- wowbagger8851 [c1bfb408@gateway/web/freenode/ip.193.191.180.8] has quit [Ping timeout: 246 seconds]
10:38 -!- wathek [84d2ccf4@gateway/web/freenode/ip.132.210.204.244] has joined #openvpn
10:38 < wathek> Hi everybody
10:38 < wathek> is it possible to create a personnalized OpenVPN Client ? like a one bundle that includes what the client need ?
10:45 -!- wathek [84d2ccf4@gateway/web/freenode/ip.132.210.204.244] has quit [Quit: Page closed]
10:49 -!- Denial [~Denial@81.141.4.244] has quit [Ping timeout: 246 seconds]
10:50 -!- Denial [~Denial@81.141.17.48] has joined #openvpn
10:55 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has joined #openvpn
11:01 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:05 -!- r8b7xy [~weechat@104.238.169.59] has quit [Quit: WeeChat 1.2]
11:05 -!- r8b7xy [~weechat@104.238.169.59] has joined #openvpn
11:16 -!- r8b7xy [~weechat@104.238.169.59] has quit [Quit: WeeChat 1.2]
11:17 -!- r8b7xy [~weechat@104.238.169.16] has joined #openvpn
11:17 -!- r8b7xy [~weechat@104.238.169.16] has quit [Client Quit]
11:17 -!- r8b7xy [~weechat@104.238.169.16] has joined #openvpn
11:19 -!- defswork [~andy@mailhost.mirrormail.co.uk] has quit [Remote host closed the connection]
11:22 -!- Blanc|AFK is now known as Blanc
11:36 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Read error: Connection reset by peer]
11:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:13 -!- Blanc is now known as Blanc|AFK
12:18 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
12:24 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
12:43 -!- vikaton [uid59278@gateway/web/irccloud.com/x-poyietssxylwjbli] has quit [Quit: Connection closed for inactivity]
13:37 -!- jesopo [Bit@lolpurr.net] has quit [Ping timeout: 256 seconds]
13:39 -!- jesopo [Bit@lolpurr.net] has joined #openvpn
13:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
13:54 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-inpdyobppyulnhua] has quit [Remote host closed the connection]
13:54 -!- Yoda [Yoda@unaffiliated/yoda] has left #openvpn ["Wake me up.. when September ends"]
13:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:07 -!- combatwombat [~combat_wo@unaffiliated/dsquare27] has joined #openvpn
14:08 -!- Socket- [~kerbooom@pool-96-255-103-79.washdc.fios.verizon.net] has quit [Ping timeout: 244 seconds]
14:08 -!- Socket- [~kerbooom@pool-96-255-103-79.washdc.fios.verizon.net] has joined #openvpn
14:12 < combatwombat> So I'm trying to set a static ip address for my openvpn box. It no longer is getting an ip from dhcp but it certainly isn't the one I told it to use. Here is my config. Suggestions? Ideas? http://pastebin.com/S15HCEhe can anyone share their config if they are static?
14:12 < combatwombat> it is getting a 10.0.8.8 ip. the weird thing is, I haven't told it to do that, and dhcp range is 10.0.8.100-200
14:14 -!- vikaton [uid59278@gateway/web/irccloud.com/x-dzwcdxmfvpiyacrl] has joined #openvpn
14:18 < combatwombat> hello hello?
14:19 < CryptoSiD> your pastebin is not very usefull
14:21 < combatwombat> it is the output of /etc/network/interfaces, which, is what should be changed to set a static ip , so in that respect yes it is useful. If you want more CryptoSiD then it would be more usefull to tell me what you want.
14:24 < combatwombat> fixed it. looks like it didn't want 10.0.8.010 but wanted 10.0.8.10
14:25 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
14:27 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 240 seconds]
14:35 -!- combatwombat [~combat_wo@unaffiliated/dsquare27] has left #openvpn []
14:40 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
14:45 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
14:46 < CryptoSiD> the pastebin was: service /etc/init.d/openvpn restart
14:46 < CryptoSiD> not the output of network/interfaces :)
15:02 -!- jefferai [sid1300@kde/mitchell] has quit [Remote host closed the connection]
15:02 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-ghyeqgcmszkvesak] has quit [Remote host closed the connection]
15:02 -!- vikaton [uid59278@gateway/web/irccloud.com/x-dzwcdxmfvpiyacrl] has quit [Remote host closed the connection]
15:20 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
15:37 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-jtvhiutejedgfcqq] has joined #openvpn
15:58 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-dasbcwmhwsslivnu] has joined #openvpn
16:05 -!- vikaton [uid59278@gateway/web/irccloud.com/x-oxgyxbsdshjdmiqj] has joined #openvpn
16:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
16:39 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 245 seconds]
16:46 -!- vikaton [uid59278@gateway/web/irccloud.com/x-oxgyxbsdshjdmiqj] has quit []
16:52 -!- D-Boy is now known as D-Boy[CA]
16:59 -!- vikaton [uid59278@gateway/web/irccloud.com/x-erpnkmbhwgpoqgnp] has joined #openvpn
17:02 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
17:06 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
17:09 -!- D-Boy[CA] [~D-Boy@unaffiliated/cain] has quit [Quit: Sayônara]
17:13 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:15 -!- vikaton [uid59278@gateway/web/irccloud.com/x-erpnkmbhwgpoqgnp] has quit []
17:21 -!- vikaton [uid59278@gateway/web/irccloud.com/x-jyltubwsyibzcqhr] has joined #openvpn
17:32 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
17:52 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 258 seconds]
18:17 -!- cylon512 [~cylon@2.92.156.101] has quit [Ping timeout: 245 seconds]
18:19 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
18:19 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
18:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c877:b8e1:8d10:20fd] has joined #openvpn
18:33 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c877:b8e1:8d10:20fd] has quit [Remote host closed the connection]
18:35 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:39 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
18:43 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:44 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
18:54 -!- duelle [~duelle@unaffiliated/duelle] has joined #openvpn
18:55 < duelle> Hi, is there a way to "replace" dns entries for special hosts? In my case I have a dedicated server running openvpn and several other services. If my clients are within the vpn I would like them to be able to use the URLs without going "outside" the vpn.
18:59 < duelle> Do I have to set up a dns server on that machine or is it possible to replace this one entry with something simpler?
19:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
19:11 -!- duelle [~duelle@unaffiliated/duelle] has quit [Quit: Leaving]
19:27 -!- dazo is now known as dazo_afk
19:35 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
19:47 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
20:07 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
20:12 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 244 seconds]
20:24 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
20:46 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
20:58 < Haxxa> would this work for an .opvn file "route mirror.aarnet.edu.au 255.255.255.255 net_gateway"
20:58 < Haxxa> I want that to bypass the vpn
21:07 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 255 seconds]
21:08 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
21:17 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
21:30 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
21:35 -!- Haxxa [~Harrison@cpe-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
21:43 -!- Haxxa [~Harrison@cpe-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Ping timeout: 272 seconds]
21:43 -!- Espryon [~Espryon@24.246.251.55.res-cmts.mnh.ptd.net] has joined #openvpn
21:43 < Espryon> hey guys
21:44 < Espryon> having trouble connecting to my vpn getting an error
21:44 < Espryon> I'm on Fedora and this is the error, "Fri Jun  5 22:42:38 2015 ROUTE6: default_gateway=UNDEF
21:44 < Espryon> Fri Jun  5 22:42:38 2015 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
21:44 < Espryon> Fri Jun  5 22:42:38 2015 Exiting due to fatal error"
21:44 < Espryon> what exactly does that mean ^
21:45 < Espryon> do I have to run as root?
21:48 -!- Haxxa [~Harrison@168.1.75.18-static.reverse.softlayer.com] has joined #openvpn
21:49 < CryptoSiD> yes
21:50 < CryptoSiD> just add user nobody and group nogroup in the conf.
21:53 -!- Espryon [~Espryon@24.246.251.55.res-cmts.mnh.ptd.net] has quit [Ping timeout: 272 seconds]
22:03 -!- Haxxa [~Harrison@168.1.75.18-static.reverse.softlayer.com] has quit [Ping timeout: 272 seconds]
22:10 -!- Haxxa [~Harrison@cpe-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
22:25 -!- Sheraf [~Sheraf@sheraf.wtf] has quit [Quit: WeeChat 1.0.1]
22:45 -!- MarchHare [~Starwulf@mo-76-0-43-60.dhcp.embarqhsd.net] has joined #openvpn
22:47 < MarchHare> Common question, but I don't seem to be finding a good answer for it. I have openvpn working if I invoke it with sudo openvpn /etc/openvpn/openvpn.conf, but if I try to run it as a service with sudo service openvpn start, I get nothing. Not sure what's going on. It doesn't seem to generate any logs when I start it as a services. Running ubuntu 15.04 server
22:48 < MarchHare> Any thoughts on what I'm doing wrong here?
22:48 < MarchHare> It doesn't create a tun iface for the service, but it does if I invoke it directly.
22:49 < MarchHare> Not sure if this is an ubuntu problem or an openvpn one.
22:53 < CryptoSiD> it's a client?
22:55 < MarchHare> Server. Client is able to connect just fine if I invoke the openvpn server directly.
22:55 < MarchHare> Client times out if I try to connect to openvpn started as a service.
23:04 < MarchHare> The only thing that I found that really seemed applicable was to rename server.conf to openvpn.conf so that /etc/init.d/openvpn would find it. But that didn't seem to help, either.
23:15 -!- ShadniX [dagger@p5481D739.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:15 -!- ShadniX_ [dagger@p5481D232.dip0.t-ipconnect.de] has joined #openvpn
23:16 -!- ShadniX_ is now known as ShadniX
23:16 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 272 seconds]
23:27 -!- MarchHare [~Starwulf@mo-76-0-43-60.dhcp.embarqhsd.net] has quit [Quit: Leaving]
23:35 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 256 seconds]
23:58 -!- Entalyan [~Entalyan@unaffiliated/entalyan] has joined #openvpn
23:59 < Entalyan> !welcome
23:59 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
23:59 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
23:59 < Entalyan> !howto
23:59 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
--- Day changed Sat Jun 06 2015
00:04 -!- MogDog is now known as MogDog66
00:10 < Entalyan> So what is the difference between client and server? And, should I configure all my servers as both?
00:11 < Entalyan> Currently I have 1 server they all connect to, and the rest are only configured as client
00:20 < Entalyan> The guides suggest I *can* configure for both, but I'm not sure if I should. Related: Should all machines have their own CA, or should I use 1 to generate keys for the others?
00:29 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
00:45 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
00:54 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:57 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 272 seconds]
00:59 -!- vikaton [uid59278@gateway/web/irccloud.com/x-jyltubwsyibzcqhr] has quit [Quit: Connection closed for inactivity]
01:05 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Read error: Connection reset by peer]
01:05 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
01:07 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 276 seconds]
01:10 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
01:26 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
01:35 -!- MogDog66 is now known as MogDog
01:49 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:49 -!- mode/#openvpn [+o mattock1] by ChanServ
01:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
02:06 -!- zpatten [~zpatten@unaffiliated/zpatten] has quit [Ping timeout: 272 seconds]
02:08 -!- tjt263 [~tjt263@58-7-139-145.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
02:10 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
02:15 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Remote host closed the connection]
02:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:14 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
03:34 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:34 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
04:02 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:35 -!- MogDog [~MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 272 seconds]
04:39 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
04:55 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
05:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
07:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9993:4f9f:4042:6462] has joined #openvpn
07:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9993:4f9f:4042:6462] has quit [Ping timeout: 265 seconds]
08:03 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:03 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 255 seconds]
08:11 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
08:11 -!- fred`` [~fred@earthli.ng] has quit [Ping timeout: 252 seconds]
08:12 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
08:14 -!- fred`` [fred@earthli.ng] has joined #openvpn
08:15 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 276 seconds]
08:16 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
08:16 -!- _FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 276 seconds]
08:17 -!- _FBi [~B@Aircrack-NG/User] has joined #openvpn
08:17 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
08:43 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has joined #openvpn
09:01 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
09:33 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has quit [Ping timeout: 244 seconds]
09:35 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 255 seconds]
09:36 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has joined #openvpn
09:39 -!- freedim [uid92015@gateway/web/irccloud.com/x-vmktpcktubggiaig] has joined #openvpn
09:39 < freedim> hello room
09:39 < freedim> anyone have experience using ipfire's implementation of openvpn?
09:41 < freedim> im not very experienced with openvpn and its arguably the best solution for securing network to network communications
09:41 < freedim> !welcome
09:41 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
09:41 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:48 < freedim> so anyone interested in helping a noob configure ipfire with openvpn/
09:54 -!- vikaton [uid59278@gateway/web/irccloud.com/x-lnyfsedottvrathp] has joined #openvpn
10:05 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
10:06 < CryptoSiD> why no iptables
10:38 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a5cd:796c:17e1:6733] has joined #openvpn
11:24 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has joined #openvpn
11:27 < Moonlightning> I want to set up a VPN that'll be used primarily to facilitate gaming through firewalls. I'd prefer using usernames and passwords for authentication, so they don't all have to bother generating keypairs. I don't want them to be the same as for the server, though, so I'm thinking of just maintaining a simple shadow file—things like LDAP seem overkill for this.
11:27 < Moonlightning> I was looking at the --auth-user-pass-verify option, but then I noticed that there's a PAM module?
11:32 < Moonlightning> I'm wondering if I could use that, rather than writing a script. As far as I can tell, --auth-user-pass-verify doesn't let you specify any arguments to the script, so I'd have to hardcode a few things, and…yeah.
11:32 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a5cd:796c:17e1:6733] has quit [Remote host closed the connection]
11:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
11:34 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 265 seconds]
11:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 252 seconds]
11:41 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
11:48 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
11:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:29a1:bb62:8443:d862] has joined #openvpn
12:14 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
12:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:29a1:bb62:8443:d862] has quit [Remote host closed the connection]
12:40 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
12:42 -!- GLaDER [~GLaDER@gladernet.csbnet.se] has joined #openvpn
13:00 -!- dan_j [sid21651@gateway/web/irccloud.com/x-momdjepqqxjovaay] has quit [Remote host closed the connection]
13:00 -!- XJR-9 [XJR-9@pdpc/supporter/active/xjr-9] has quit [Remote host closed the connection]
13:00 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-tktohspvavziibhv] has quit [Remote host closed the connection]
13:00 -!- freedim [uid92015@gateway/web/irccloud.com/x-vmktpcktubggiaig] has quit [Remote host closed the connection]
13:15 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
13:16 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Ping timeout: 248 seconds]
13:17 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Ping timeout: 248 seconds]
13:17 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 248 seconds]
13:19 -!- nsrafk [~whois@unaffiliated/nsrafk] has joined #openvpn
13:19 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
13:19 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
13:26 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 248 seconds]
13:29 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
13:29 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
13:31 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
13:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 272 seconds]
13:38 -!- dan_j [sid21651@gateway/web/irccloud.com/x-rrjuvfqpgohnztzt] has joined #openvpn
13:39 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-pyxyudvvgcrinlnu] has joined #openvpn
13:39 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
13:51 -!- r8b7xy [~weechat@104.238.169.16] has quit [Quit: WeeChat 1.2]
13:53 -!- r8b7xy [~weechat@104.238.169.140] has joined #openvpn
13:54 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 256 seconds]
13:56 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
14:00 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 265 seconds]
14:02 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
14:02 -!- mode/#openvpn [+v esde] by ChanServ
14:10 -!- nutron [~nutron@unaffiliated/nutron] has quit [Ping timeout: 252 seconds]
14:11 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
14:11 -!- kuroro [~kuroro@24.114.65.36] has joined #openvpn
14:21 < kuroro> i have an openvpn connection from mac client to windows server. In that windows server, it runs a linux vm which i want to directly ssh into. how do i do this? is it possible at all?
14:22 < kuroro> currently what im doing is doing an ssh into windows server, then i ssh into vm afterwards.
14:24 -!- duelle [~duelle@unaffiliated/duelle] has joined #openvpn
14:24 < duelle> !welcome
14:24 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:24 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:26 < kuroro> im using a routed vpn via tun device
14:27 < kuroro> the goal is to access my windows server that's behind a NAT whenever im working outside from home
14:27 < duelle> Hi, I would like to set up a dns mapping for my vpn clients so they stay "inside" the host when accessing its services via url (e.g. server has IP 10.10.0.1 and has domain example.com I would like the clients to be redirected to 10.10.0.1 when using example.com). How can I reach this (set up own dns or are there any options)?
14:29 < kuroro> duelle: not sure myself, but i wonder whether changing /etc/hosts file would suffice
14:30 < duelle> kuroro, my point is, that this only should happen in case the clients are connected to the vpn. If not, they should use the "regular" way via internet.
14:31 < duelle> afaik the hosts entries are permanent - arent they?
14:31 < kuroro> ah ic
14:32 < duelle> Not sure whether I can "push" such rules in the way I can push the dns server IP or what the "recommended" way would be.
14:50 -!- Cydrobolt is now known as cydrobolt
14:51 -!- kuroro [~kuroro@24.114.65.36] has quit [Ping timeout: 256 seconds]
14:55 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
14:57 < duelle> I would like to have my clients use the services on the server directly without going out in the net and back in. So I need some kind of overlapping DNS for the server IP. Here is an example of what I would like to have: VPN-Server has the IP 10.10.0.1 and out in the net is reachable via its public ip with example.com. If a client is within the vpn, it should resolve the ip of example.com not to the public ip, but to the vpn ip (10.10.0.1). Is this
14:57 < duelle> possible - and if yes, how?
15:07 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 256 seconds]
15:20 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
15:23 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
15:34 -!- vikaton [uid59278@gateway/web/irccloud.com/x-lnyfsedottvrathp] has quit []
15:40 -!- digga1 [~digga1@89.248.160.156] has joined #openvpn
15:41 < digga1> hey folks, need some help with my openvpn
15:41 < digga1> would be nice if somebody could pm me
15:44 < digga1> please?
15:46 < digga1> wow really? isnt this... like ..THE openvpn support chan?
15:46 -!- digga1 [~digga1@89.248.160.156] has quit [Quit: Verlassend]
15:46 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
15:48 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:48 < CustosLimen> hi
15:49 < CustosLimen> I don't want vpn routes to get used by default
15:49 < CustosLimen> so I set route-metric 1000
15:49 < CustosLimen> but its only being used for one route
15:50 < CustosLimen> https://bpaste.net/show/3bfbe9319c65
15:51 < CustosLimen> https://bpaste.net/show/2b4e8f51e0a7
16:15 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
16:20 -!- vikaton [uid59278@gateway/web/irccloud.com/x-gjocknulcapwsumo] has joined #openvpn
16:27 -!- vikaton [uid59278@gateway/web/irccloud.com/x-gjocknulcapwsumo] has quit []
16:28 -!- vikaton [uid59278@gateway/web/irccloud.com/x-aupbpgkgkrhmgcvz] has joined #openvpn
16:40 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
16:45 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
16:46 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
16:46 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
16:47 -!- badon_ is now known as badon
16:47 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:41b0:fa91:28ab:bc22] has joined #openvpn
16:47 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
16:52 -!- duelle [~duelle@unaffiliated/duelle] has quit [Quit: Leaving]
16:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:41b0:fa91:28ab:bc22] has quit [Ping timeout: 256 seconds]
16:59 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:13 -!- darxun [~madcow@cpe.xe-2-0-0-619.sltnqu1.dk.customer.tdc.net] has joined #openvpn
17:15 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
17:17 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
17:17 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:21 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
17:29 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
17:30 -!- darxun [~madcow@cpe.xe-2-0-0-619.sltnqu1.dk.customer.tdc.net] has quit [Ping timeout: 256 seconds]
17:39 < bruxC> somewhat vpn related... if I was given a gift card that's exclusively for ca (amazon) but i live in outside of canada, could i spoof my address to a canadian one in order to use it? or is amazon a tad bit more intelligent than that?
17:39 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
17:39 < BtbN> Can't you just order there without a VPN?
17:40 < bruxC> Ofcourse
17:40 < bruxC> But essentially, I would love to take advantage of a gift card that was gifted to me. The issue is that it only works on amazon.ca
17:41 < bruxC> and if your public IP is not of ca then it will say..NNNOPE.
17:45 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:45 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:45 -!- badon_ is now known as badon
17:47 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
17:50 < BtbN> Well, i'd gueyy they also don't ship anywhere else then
17:50 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Excess Flood]
17:51 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c949:518f:c998:3e49] has joined #openvpn
17:57 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Read error: Connection reset by peer]
17:57 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:57 -!- badon_ is now known as badon
17:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c949:518f:c998:3e49] has quit [Ping timeout: 256 seconds]
18:21 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 265 seconds]
18:22 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:41 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 246 seconds]
18:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
19:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 250 seconds]
19:35 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
19:37 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Client Quit]
19:38 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
19:51 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 256 seconds]
20:45 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
20:46 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
20:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b1ff:1816:bae9:fbf6] has joined #openvpn
21:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b1ff:1816:bae9:fbf6] has quit [Ping timeout: 256 seconds]
21:22 -!- hays_ is now known as hays
21:27 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
21:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
22:13 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
22:17 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
22:27 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
22:32 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
22:50 -!- hays_ [~quassel@unaffiliated/hays] has quit [Remote host closed the connection]
23:15 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
23:16 -!- ShadniX [dagger@p5481D232.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:17 -!- ShadniX [dagger@p5481DA3C.dip0.t-ipconnect.de] has joined #openvpn
23:37 -!- hays_ [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
23:43 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Ping timeout: 272 seconds]
23:43 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
23:48 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
--- Day changed Sun Jun 07 2015
00:08 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:09 -!- vikaton [uid59278@gateway/web/irccloud.com/x-aupbpgkgkrhmgcvz] has quit [Quit: Connection closed for inactivity]
00:10 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
00:22 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
00:23 -!- hays_ is now known as hays
00:39 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has quit [Read error: Connection reset by peer]
00:40 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has joined #openvpn
00:53 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
00:57 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:01 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has quit [Read error: Connection reset by peer]
01:02 -!- Starthunder [~blackl@unaffiliated/moonlightning] has joined #openvpn
01:34 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 264 seconds]
02:42 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Remote host closed the connection]
02:44 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
02:47 -!- MasterCode [~mastercod@203.189.141.246] has joined #openvpn
02:48 < MasterCode> hello, i can ping fine from client to server subnet, but i cant ping from server to client subnet, any body up to help me over team veiwer ?
02:49 < MasterCode> route's, config and firewall looks fine.
03:11 -!- MasterCode [~mastercod@203.189.141.246] has quit [Read error: Connection reset by peer]
03:16 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
03:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:29 -!- r8b7xy [~weechat@104.238.169.140] has quit [Quit: WeeChat 1.2]
03:40 -!- r8b7xy [~weechat@104.238.169.89] has joined #openvpn
03:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
04:13 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
04:17 -!- AMERICAN_PSYCHO [~AMERICAN_@237.sub-70-196-16.myvzw.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:24 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
04:36 -!- r8b7xy [~weechat@104.238.169.89] has quit [Quit: WeeChat 1.2]
04:37 -!- r8b7xy [~weechat@104.238.169.81] has joined #openvpn
04:39 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:54 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:57 -!- MasterCode [~mastercod@203.189.141.246] has joined #openvpn
04:58 < MasterCode>  route add -net 10.0.0.0/24 gw 10.8.0.6 dev tun0 how come that does not work ?
05:03 -!- MasterCode [~mastercod@203.189.141.246] has quit [Ping timeout: 246 seconds]
05:04 -!- mastercode [~mastercod@203.189.141.246] has joined #openvpn
05:16 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
05:22 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:24 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
05:27 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:30 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
05:33 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 265 seconds]
05:36 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
05:37 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
06:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:54 -!- uuuppz [~kvirc@77.107.233.34] has joined #openvpn
08:03 -!- marl_scot [~marl_scot@cpc2-dumb5-2-0-cust823.20-3.cable.virginm.net] has quit [Remote host closed the connection]
08:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
08:26 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
08:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
08:44 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:10 -!- mastercode [~mastercod@203.189.141.246] has quit [Read error: Connection reset by peer]
09:20 -!- curmudgeon [~user@122-57-236-45.jetstream.xtra.co.nz] has joined #openvpn
09:25 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
09:30 < TyrfingMjolnir> I have setup a sparate node for being in a different country
09:30 < TyrfingMjolnir> and that node is in a the desired country
09:31 < TyrfingMjolnir> I have made this node the default gw for my AppleTV
09:31 < TyrfingMjolnir> How can I NAT or route or whatever it takes my AppleTV to through the VPN connection?
09:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:36 < curmudgeon> Hi. Just started today with openvpn. It is "working," but not quite doing what I want. :) The configuration file I received (I am running the client only, with no control over the server) is pretty basic: remote, auth-user-pass, client, redirect-gateway, remote-cert-tls, cipher, dev tun, nobind, and an inline certificate. The problem is that redirect-gateway redirects ALL network traffic, including a lot of stuff I don't want to go thr
09:37 < curmudgeon> I was looking at working with proxies in the documentation (particularly this: https://openvpn.net/index.php/open-source/documentation/howto.html#http), even though I know that I can't use an http proxy (the vpn server uses udp). I am afraid that section just confuses me. If I (hypothetically) have a proxy on another machine, what needs to be set up and configured on that machine, and how does the traffic flow? I see there is a socks p
09:37 <@vpnHelper> Title: HOWTO (at openvpn.net)
09:55 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
10:11 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
10:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:457:f44:acd8:a8ff] has joined #openvpn
10:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:457:f44:acd8:a8ff] has quit [Remote host closed the connection]
10:35 -!- vikaton [uid59278@gateway/web/irccloud.com/x-ydzbnutsejjuzpij] has joined #openvpn
10:38 -!- dw1 [~dw1@unaffiliated/dw1] has joined #openvpn
10:38 < dw1> how would i set the external IP for forwarded requests? iptables?
10:39 < dw1> /sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
10:39 < dw1> works good, but want to set external ip
10:39 < dw1> ahh
10:39 < dw1> eth0:2 maybe :p
10:40 < dw1> nope :{
10:44 < dw1> -j SNAT --to-source ipaddr didnt work either. weird.
10:50 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 272 seconds]
10:50 < Thermi> dw1: -j SNAT always works, if that IP is bound to the interface.
10:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Remote host closed the connection]
11:04 < dw1> i see i havent been flushing the routing rules properly :D
11:04 < Thermi> Why would you want to do that?
11:04 < Thermi> To loose all access to the machine?`
11:04 < dw1> just the ones i made for vpn
11:06 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
11:09 < dw1> finally
11:09 < Thermi> You surely use an iptables script to configure your firewall, right?
11:09 < dw1> yea
11:09 < Thermi> *shivers*
11:09 < dw1> :D
11:09 < Thermi> *pukes into a dark corner of the channel*
11:09 < dw1> you prefer what.. ufw ?
11:10 < Thermi> iptables-save
11:10 < dw1> ic
11:10 < Thermi> (and iptables-restore, obviously)
11:12 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
11:31 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
11:39 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 276 seconds]
11:41 -!- jesopo [Bit@lolpurr.net] has quit [Quit: et nos unum sumus]
11:41 -!- jesopo [Bit@lolnerd.net] has joined #openvpn
11:51 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:52 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
11:54 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
11:56 < fearnothing> why might I be getting a constant cycle of syslog messages "Client connected from /var/etc/openvpn/server1.sock", "CMD 'status 2'", "CMD 'quit'", "Client disconnected"?
11:56 < fearnothing> one set every minute
12:02 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
12:07 < Eugene> Because you set --status to be /var/log/messages
12:07 < Eugene> Instead of /var/run/openvpn/status or so
12:14 < fearnothing> hrm
12:14 < fearnothing> I'm doing this through pfsense so I didn't set it up via command line
12:15 < fearnothing> just trying to figure out where that option is controlled in pfsense
12:16 < Eugene> Oh, then no idea
12:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
12:21 < fearnothing> it has an option for verbosity
12:21 < fearnothing> bringing that down to 2 rather than default 3 seems to have worked...
12:22 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5822:fea9:7e3d:4608] has joined #openvpn
12:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5822:fea9:7e3d:4608] has quit [Remote host closed the connection]
12:33 < Raku_> Well it's still logging to the same directory, you just arent seeing the error aanymore
12:37 < dw1> tcp works fine, udp gets the first packet but then the TLS handshake fails. hrm
12:38 < dw1> (client+server modes)
12:41 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
12:47 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 276 seconds]
13:00 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
13:02 < Eugene> Firewall
13:07 < dw1> fixed it by adding multihome to server.conf
13:07 < dw1> ¯\_(ツ)_/¯
13:10 < dw1> setting local in server.conf also worked
13:10 < dw1> woot
13:10 -!- dw1 [~dw1@unaffiliated/dw1] has left #openvpn ["openvpn ftw"]
13:29 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
13:32 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
13:34 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
13:39 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:51 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 244 seconds]
13:54 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
14:02 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
14:08 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
14:08 -!- uuuppz [~kvirc@77.107.233.34] has quit [Ping timeout: 265 seconds]
14:23 -!- cylon512 [~cylon@2.92.156.101] has quit [Read error: Connection reset by peer]
14:24 -!- cylon512 [~cylon@2.92.156.101] has joined #openvpn
14:36 -!- heap_ [heap@localhost.sk] has joined #openvpn
14:37 < heap_> hi, i have openvpn connection. client has address 10.0.8.20, i can ping openvpn server address but nothing else. ip_forward is 1 and there is NAT also. Any idea?
14:50 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
14:53 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
15:10 -!- uuuppz [~kvirc@dsl-45-6.dsl.netsource.ie] has joined #openvpn
15:43 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
15:57 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:15 -!- peder [~peder@rubin.ifi.uio.no] has quit [Ping timeout: 265 seconds]
16:28 -!- AMERICAN_PSYCHO [~AMERICAN_@237.sub-70-196-16.myvzw.com] has quit [Ping timeout: 255 seconds]
16:40 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:01 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
17:07 -!- uuuppz [~kvirc@dsl-45-6.dsl.netsource.ie] has quit [Ping timeout: 258 seconds]
17:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:26 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
17:54 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 264 seconds]
18:00 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
18:03 < Poster> heap_: Be sure to have routes defined on your VPN client via the IP address of the OpenVPN server
18:28 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit []
18:32 -!- vikaton [uid59278@gateway/web/irccloud.com/x-ydzbnutsejjuzpij] has left #openvpn []
18:46 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
18:49 -!- ekleog [8168f702@gateway/web/freenode/ip.129.104.247.2] has joined #openvpn
18:49 < ekleog> !paste
18:49 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
18:49 < ekleog> !configs
18:49 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
18:49 < ekleog> !logs
18:49 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
18:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
18:55 -!- ekleog [8168f702@gateway/web/freenode/ip.129.104.247.2] has quit [Ping timeout: 246 seconds]
19:07 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 258 seconds]
19:10 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
19:13 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
20:28 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 276 seconds]
20:31 -!- paperziggurat [~paperzigg@108.61.228.164] has joined #openvpn
20:31 < paperziggurat> Hi, I attempted to install OpenVPN and use PrivateInternetAccess on Kubuntu, was unable to connect, and now can't get my connections back to defaut.
20:36 < CryptoSiD> what if you, apt-get remove --purge openvpn
20:38 < paperziggurat> CryptoSiD, should i need to reboot after doing that?  doesn't appear to have worked
20:39 -!- ekleog [8168f702@gateway/web/freenode/ip.129.104.247.2] has joined #openvpn
20:40 < CryptoSiD> I dont think so, as long as openvpn is wiped you should only have PrivateInternetAccess
20:40 < CryptoSiD> dont know how openvpn could broke privateinternetaccess tho
20:41 < paperziggurat> i am just unable to connect to any networks
20:41 < paperziggurat> it's so strange
20:43 -!- plum [~plum@unaffiliated/plum] has joined #openvpn
20:46 < paperziggurat> i guess i'm just going to have to wipe kubuntu and reinstall
20:46 < paperziggurat> and i can find almost no record of this problem
20:47 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
20:47 < plum> if i turn off redirect-gateway, will that be insecure?
20:47 < plum> in my server config to push to clients
20:47 < plum> i just don't want my clients to have to manually configure their gateways to go to the vpn every time they want to connect
20:53 < ekleog> Hello all! Trying to setup, I just found my client's tun iface is not assigned an IP address. Client log: http://www.pastebin.ca/3020960 ; server log: http://www.pastebin.ca/3020961 ; ip addr show returns no ip address assigned on client and correct ip on server; server conf: http://pastebin.ca/3020965 ; client conf: http://pastebin.ca/3020966 ; client is in server's openvpn-status.log
20:53 < ekleog> Any hint?
20:57 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
20:58 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
20:59 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
21:03 -!- paperzig_ [~paperzigg@2601:2:8180:6000:b172:62a4:7f0a:d00f] has joined #openvpn
21:03 < paperzig_> CryptoSiD, turned out to be PEBCAK
21:03 < paperzig_> i uh... was misremembering my wi-fi password
21:04 -!- paperziggurat [~paperzigg@108.61.228.164] has quit [Ping timeout: 256 seconds]
21:07 < ekleog> PS: I had no issue connecting an openvpn server and client when using a static key, in default topology
21:08 -!- paperzig_ [~paperzigg@2601:2:8180:6000:b172:62a4:7f0a:d00f] has quit [Ping timeout: 256 seconds]
21:10 < ekleog> And forgot : OpenVPN client version 2.3.6, server 2.2.1
21:15 < ekleog> !logs
21:15 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
21:22 -!- fakhir [~fakhir@unaffiliated/fakhir] has joined #openvpn
21:24 < ekleog> I must be lacking something stupid in configuration: even with verb 5, on the server there is no message stating the ip config is pushed. Besides, removing comp-lzo on client and adding push "comp-lzo" yields nothing either, and messages about corrupted LZO headers, so I guess it is unable to push anything to the client
21:25 -!- plum [~plum@unaffiliated/plum] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 37.0.2/20150415140819]]
21:25 < fakhir> hello. I have an OpenVPN server with "server 10.8.0.0 255.255.0.0". It seems OpenVPN is still limited to 10.8.1.* because it stops accepting new connections when it runs out of that address space. config -> http://pastebin.com/n0RxujhV
21:35 < Olipro> is it possible to have OpenVPN accept a third user-input parameter in addition to username and password?
21:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 272 seconds]
21:36 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 265 seconds]
21:37 < curmudgeon> Are there any (detailed) examples of using either the http-proxy or socks-proxy options? I read the howto section, but it seems quite incomplete.
21:43 < ekleog> Do I need to open some port on the client side to allow the server to push config to it? Client states "Initialization Sequence Completed", yet the server does not log any attempt to push to it, and states it lacks "comp-lzo" (which should be pushed)...
21:46 < ekleog> OMG
21:46 < ekleog> tls-client is *implied* by client, and not the opposite
21:46 < ekleog> So that's all, thanks
22:04 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
22:05 -!- ekleog [8168f702@gateway/web/freenode/ip.129.104.247.2] has quit [Ping timeout: 246 seconds]
22:27 -!- Netsplit *.net <-> *.split quits: kloeri, jgeboski, Matir_, Raku_
22:27 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
22:27 -!- Netsplit *.net <-> *.split quits: Netas3k, halothe23, julieeharshaw, Schrottfresse, Zimsky, nsrafk, crane, Eagleman, Mike--, rtpada
22:27 -!- Netsplit over, joins: jgeboski
22:27 -!- Netsplit over, joins: kloeri
22:28 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
22:28 -!- Netsplit over, joins: Zimsky
22:28 -!- Netsplit over, joins: halothe23
22:28 -!- Netsplit over, joins: julieeharshaw, crane
22:28 -!- Netsplit over, joins: Eagleman
22:29 -!- nsrafk [whois@unaffiliated/nsrafk] has joined #openvpn
22:29 -!- Netsplit over, joins: rtpada
22:31 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
22:39 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
22:42 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
22:49 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 265 seconds]
23:14 -!- ShadniX [dagger@p5481DA3C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:14 -!- ShadniX [dagger@p5DDFC099.dip0.t-ipconnect.de] has joined #openvpn
23:31 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
23:32 < Abbott> It looks like if I don't push a dns server in server.conf, the clients don't use dns at all. Is this supposed to function this way? Is there a way to push the local dns or a default dns?
23:33 < Raku_> Ya, with push dns lol
23:36 < Abbott> So I always have to be pushing a dns, I can't just let chrome pick one on it's own or whatever?
23:39 -!- Haxxa [~Harrison@cpe-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
23:42 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
23:43 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
23:46 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
23:49 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
23:49 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Client Quit]
23:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7516:8a8e:f5c3:9281] has joined #openvpn
23:53 -!- Haxxa [~Harrison@cpe-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
23:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7516:8a8e:f5c3:9281] has quit [Ping timeout: 256 seconds]
--- Day changed Mon Jun 08 2015
00:22 < Raku_> I don't believe chrome handles that
00:22 < Raku_> But yes, i think you need to be pushing a dns
00:41 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:44 -!- mode/#openvpn [+o mattock1] by ChanServ
00:48 < Abbott> Is there some way a client or server side firewall could be blocking dns? I can reach machines on my server lan and I have an active internet connection, but can't resolve domains. I am using `push "dhcp-option DNS 208.67.222.222"` on the server conf, which is the opendns address
00:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:395c:4276:532f:b6a8] has joined #openvpn
00:53 < Raku_> Check your iptable stuff
00:54 < Raku_> I know theres a couple rules you need to set or it doesnt work
00:55 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:395c:4276:532f:b6a8] has quit [Ping timeout: 256 seconds]
01:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:03 < Abbott> Even if I'm not routing traffic through the vpn?
01:03 < Raku_> I'm not sure then
01:04 < Raku_> You might want to wait for someone else who knows a little more than me
01:05 < Abbott> Thanks for your help so far
01:11 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 265 seconds]
01:12 < Raku_> no problem, sorry i couldnt be of more help
01:26 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Quit: Quit]
01:28 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
01:46 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
01:51 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
01:51 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:182:9013:af36:4227] has joined #openvpn
01:52 -!- Malsasa [~Malsasa@36.82.86.213] has joined #openvpn
01:56 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:182:9013:af36:4227] has quit [Ping timeout: 256 seconds]
02:02 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:15 -!- cylon512 [~cylon@2.92.156.101] has quit [Ping timeout: 272 seconds]
02:17 -!- cylon512 [~cylon@95-26-103-100.broadband.corbina.ru] has joined #openvpn
02:20 -!- peder [~peder@rubin.ifi.uio.no] has joined #openvpn
02:28 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
02:38 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 264 seconds]
02:41 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
02:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8082:7987:ca83:b968] has joined #openvpn
02:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8082:7987:ca83:b968] has quit [Ping timeout: 265 seconds]
03:00 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
03:04 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:14 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 256 seconds]
03:16 -!- dazo_afk is now known as dazo
03:17 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 255 seconds]
03:20 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
03:20 < barnex> Is there a way to change how ActiveRecord queries the database for specific column?
03:21 < barnex> I want select ... convert_from(msg, 'WIN1250') ...; instead of just select ... msg ...;
03:23 -!- cylon512 [~cylon@95-26-103-100.broadband.corbina.ru] has quit [Quit: leaving]
03:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9541:68e:a308:da49] has joined #openvpn
03:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9541:68e:a308:da49] has quit [Ping timeout: 265 seconds]
04:09 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Read error: No route to host]
04:15 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
04:27 -!- CryptoSiD is now known as Guest50128
04:28 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
04:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
04:29 -!- Guest50128 [SiD@CryptoSiD.DonSiD.net] has left #openvpn []
04:29 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
04:36 -!- llehmannschlegel [50968c04@gateway/web/freenode/ip.80.150.140.4] has joined #openvpn
04:49 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
04:53 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
04:53 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e97c:cc1b:290:d4bb] has joined #openvpn
04:58 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e97c:cc1b:290:d4bb] has quit [Ping timeout: 265 seconds]
04:59 <@dazo> barnex: wrong channel?
05:00 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
05:03 < llehmannschlegel> hello, is it possible to directly import a config file via uri, e.g. coming from a qr code?
05:05 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
05:06 < apollo13> depends on your client
05:07 < apollo13> but probably no
05:13 < llehmannschlegel> forget to say: on an android device, idea is to just get the qr code and the rest is done automatically
05:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:26 -!- jesopo [Bit@lolnerd.net] has quit [Quit: et nos unum sumus]
05:28 -!- jesopo [Bit@lolnerd.net] has joined #openvpn
05:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:52 -!- mode/#openvpn [+o mattock1] by ChanServ
05:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 276 seconds]
06:06 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
06:06 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
06:09 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:27 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
06:35 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
06:55 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d01:4349:6cd:6005] has joined #openvpn
07:00 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d01:4349:6cd:6005] has quit [Ping timeout: 256 seconds]
07:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:04 -!- mode/#openvpn [+o mattock1] by ChanServ
07:06 -!- Malsasa is now known as Guest55203
07:06 -!- Guest55203 [~Malsasa@36.82.86.213] has quit [Killed (hobana.freenode.net (Nickname regained by services))]
07:10 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
07:17 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 252 seconds]
07:22 -!- sppadic [~sppadic@90.216.134.198] has quit [Remote host closed the connection]
07:28 < Anoniem4l> Hello, I have a problem. I got a OpenVPN server setup on which I am trying to connect with 2 different machines which machines are using the same router to reach the server. Each time I am doing that the server gives the other machines' VPN subnet, which in this case is 10.8.0.6. So in the end, I can't have 2 machines using the same router and both using the VPN.
07:28 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
07:29 < Anoniem4l> Any ideas, anyone?
07:30 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
07:33 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
07:37 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
07:40 < Anoniem4l> I had to use the `duplicate-cn` option server-sidely to allow multiple users with the same key pair.
07:42 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
07:42 < CryptoSiD> or create different key for each user
07:43 < CryptoSiD> which is what you should do:)
07:45 -!- fakhir_ [~fakhir@unaffiliated/fakhir] has joined #openvpn
07:45 -!- fakhir [~fakhir@unaffiliated/fakhir] has quit [Ping timeout: 255 seconds]
07:46 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
07:48 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
07:49 -!- msn [~msn@117.55.242.50] has joined #openvpn
07:49 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:49 -!- fakhir [~fakhir@unaffiliated/fakhir] has joined #openvpn
07:50 < msn> I have the following Client config running but the iroute is not added any routes on the server side http://paste.debian.net/212271/
07:52 -!- fakhir_ [~fakhir@unaffiliated/fakhir] has quit [Ping timeout: 264 seconds]
08:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:10 -!- mode/#openvpn [+o mattock1] by ChanServ
08:11 <@dazo> msn: you don't see the iroute on the servers routing table.  It's an internal route inside the OpenVPN process.  However, you must add in through global server config a route for the system routing table as well, for the client LAN
08:17 < msn> i added route statements in server configuratin
08:17 < msn> and on server start openvpn adds those routes to the local routing table but uses a client IP chich cannot redirect it
08:23 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Remote host closed the connection]
08:24 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
08:32 -!- dougquaid [~root@unaffiliated/dougquaid] has joined #openvpn
08:33 < dougquaid> If I want to push a route down to a specific client in ccd, do I just add push "route 192.168.1.0 255.255.255.0" to that  client's ccd?
08:33 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
08:34 -!- llehmannschlegel [50968c04@gateway/web/freenode/ip.80.150.140.4] has quit [Quit: Page closed]
08:37 < msn> those are working
08:37 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:37 < msn> I have 3 networks connecting over vpn and clients which use vpn network so 4 networks
08:38 < msn> now each vpn endpoint needs 3 routes which are available perfectly fine, only the central vpn server creates routes for 2 subnets pointing to same endpoint instead of the correct end point
08:44 < msn> this is my server config http://paste.debian.net/212351/
08:44 < msn> this is a client config http://paste.debian.net/212271/
08:44 < msn> 2 problems iroute is not working  second
08:45 < msn> a dynamic client is being assigned an IP which is part of static clientconfig dir
08:45 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:59 -!- valentin- [valentin@unaffiliated/ivali] has joined #openvpn
09:01 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 276 seconds]
09:04 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
09:07 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
09:07 < msn> first time i hitting this issue how i deal with ipclash in openvpn
09:07 -!- Quobo [~textual@unaffiliated/quobo] has joined #openvpn
09:12 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
09:13 < troulouliou_dev> hi i have a server and client certificate that are at 3rd level in the certification chain ; what should be the value of ca parameter the main CA or the second ?
09:14 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 255 seconds]
09:15 -!- sysanthrope [~sysanthro@130.203.78.201] has joined #openvpn
09:25 -!- valentin- is now known as ivali
09:41 -!- sysanthrope [~sysanthro@130.203.78.201] has quit [Remote host closed the connection]
09:43 -!- sysanthrope [~sysanthro@130.203.78.201] has joined #openvpn
09:47 -!- ivali [valentin@unaffiliated/ivali] has quit [Ping timeout: 265 seconds]
09:47 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
09:47 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
09:48 -!- sysanthrope [~sysanthro@130.203.78.201] has quit [Ping timeout: 258 seconds]
09:57 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:57 -!- mode/#openvpn [+o mattock_] by ChanServ
10:00 -!- Quobo [~textual@unaffiliated/quobo] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
10:29 < Eugene> !chain
10:30 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Reboot, brb]
10:31 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 265 seconds]
10:32 -!- chrisb [~chrisb@li482-205.members.linode.com] has joined #openvpn
10:33 <@ecrist> !ping
10:33 <@vpnHelper> pong
10:34 -!- ikkuplio [~IceChat77@ip25044cb8.dynamic.kabel-deutschland.de] has joined #openvpn
10:34 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:36 < ikkuplio> hello there. i have a point-to-point vpn (tun client) to my employer. i would like to place that vpn on my router. is it possible to route all traffic for certain ips through that vpn *without* adjusting the server side? i helped myself using stunnel, but stunnel does not support unencrypted connections, from what i know (port 25)...
10:36 <@ecrist> Yes, and wtf?
10:37 <@ecrist> The last part doesn't make any sense.
10:37 <@ecrist> but, regardless, you can do what you're asking
10:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:38 <@ecrist> The problem, however, is you have to reverse-engineer what the server config is pushing and, if the server admin changes it, you might not be aware.
10:38 <@ecrist> My suggestion is to ask the server admin to update a CCD entry for you so the server is pushing the correct thing for your client connection
10:38 < ikkuplio> so could i just set up my vpn interface as the gateway for the ip inside the vpn?
10:39 < chrisb> i tried to configure --secret key (symmetric) with --user-pass-auth (--auth-tls..etc) and I failed...is there a way to get --user-pass-auth with symmetric keys?
10:54 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 264 seconds]
11:04 -!- ikkuplio [~IceChat77@ip25044cb8.dynamic.kabel-deutschland.de] has quit [Read error: Connection reset by peer]
11:11 < Eugene> No.
11:12 < Eugene> It's one mode or the other
11:13 < chrisb> Eugene: ok
11:20 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:33 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 245 seconds]
11:34 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
11:39 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:02 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Quit: IRC for Sailfish 0.9]
12:21 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
12:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
12:25 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1892:1b22:67df:d872] has joined #openvpn
12:57 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Quit: Leaving]
12:57 -!- chrisb [~chrisb@li482-205.members.linode.com] has quit [Remote host closed the connection]
13:03 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
13:04 < FlorianBd> Hi! I have gcc 4.8.0 and get :  configure:4015: error: C compiler cannot create executables
13:06 -!- fred`` [fred@earthli.ng] has joined #openvpn
13:07 -!- Sheraf [~Sheraf@sheraf.wtf] has joined #openvpn
13:10 < Eugene> !dev
13:10 <@vpnHelper> "dev" is https://lists.sourceforge.net/lists/listinfo/openvpn-devel to sign up for devel mail list
13:10 < Eugene> !devel
13:10 < Eugene> Useless bot.
13:10 < Eugene> FlorianBd - the channel you're looking for is either #openvpn-dev or -devel; I don't remember / am not in it.
13:11 < Eugene> That sounds like a gcc issue, but I hate compiling things so probably just ignore me ;-)
13:11 < FlorianBd> devel.  Thank you :)
13:13 -!- darxun [darxun@crew.of.the.worldwide.famous.micros0ft.dk] has joined #openvpn
13:20 < apollo13> FlorianBd: test with a simple int main() { return 1; } -- I doubt that has anything to do with openvpn
13:22 < FlorianBd> apollo13:  that's right, I get :   gcc: error trying to exec 'cc1': execvp: No such file or directory   But I can compile on another machine that does not have cc1 nor execvp
13:23 < apollo13> FlorianBd: sounds as if you have a somewhat broken gcc install or env variables messed up, your distribution channel should be able to help
13:32 -!- jobewan [~jobewan@spartan.centurytel.net] has joined #openvpn
13:38 -!- r8b7xy [~weechat@104.238.169.81] has quit [Quit: WeeChat 1.2]
13:38 -!- r8b7xy [~weechat@104.238.169.81] has joined #openvpn
13:40 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 258 seconds]
13:40 -!- rbxs [~rbxs@92.63.171.51] has joined #openvpn
13:45 < jobewan> I have an issue connecting to openvpn via the cli.  I can connect via gnome NetMan just fine, although when running openvpn --config <config>, my connection dies after about a 20 seconds.  I'm fairly certain the keepalive is failing, but I have no clue why it would work via NetMan and not via cli...  Here is the verb 6 log output and client config: http://pastebin.com/2inGfezD
13:45 < jobewan> any assistance is greatly appreciated...
13:46 <+esde> !stones
13:47 <+esde> !rocks
13:47 <@vpnHelper> "rocks" is Nobody around but us rocks! Please go ahead and ask your question, and be patient - somebody helpful will eventually perk up.
13:48 <+esde> where is server config and logs?
13:48 <+esde> !configs
13:48 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:49 <+esde> !logs
13:49 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
13:49 <+esde> also
13:49 <+esde> !redact
13:49 <@vpnHelper> "redact" is Please don't redact or change things(hostname, port, CNs, etc) when you !paste your !configs and !logs. It's a lot easier for us to debug if we're seeing the same thing you are.
13:49 <+esde> all those xxx's in your logs are extremely unhelpful
13:50 < jobewan> they are public IPs on our network, I have to sanitize things...
13:51 <+esde> !topsecret
13:51 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
13:51 <+esde> also, again >where is server config and logs?
13:54 < jobewan> considering that the connection works via network manager w/o issues, I didn't think it would be very pertinent.  The server logs actually represent the exact data with exact timestamps as the client logs.  Also, considering that NetMan works and cli doesn't... I would think that the xxx's wouldn't matter so much.  I did however disect both command calls and find that the only difference is that netman uses the nm-service-helper script and invokes
13:55 <+esde> then figure it out yourself. if you want help from the room, you'll need to provide the information we request. if that's not possible, it won't be possible for us to help you.
13:55 <+esde> *channel
14:08 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
14:15 -!- netwoodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has joined #openvpn
14:15 -!- voidstar [~voidptr@unaffiliated/voidstar] has quit [Ping timeout: 276 seconds]
14:15 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 276 seconds]
14:15 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has quit [Ping timeout: 276 seconds]
14:15 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 276 seconds]
14:15 -!- netwoodle is now known as noodle
14:15 -!- voidstar [~voidptr@unaffiliated/voidstar] has joined #openvpn
14:17 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
14:17 -!- mode/#openvpn [+v esde] by ChanServ
14:19 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
14:20 -!- codebam [codebam@gateway/shell/yourbnc/x-emtszydenyhxfxqz] has quit [Ping timeout: 276 seconds]
14:27 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 276 seconds]
14:30 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
14:35 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 258 seconds]
14:36 -!- codebam [codebam@gateway/shell/yourbnc/x-pucmzlfqvbfssatt] has joined #openvpn
14:40 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
14:48 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 258 seconds]
14:51 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
14:59 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 264 seconds]
15:01 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
15:10 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 276 seconds]
15:12 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
15:13 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:17 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 264 seconds]
15:22 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
15:29 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
15:30 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 252 seconds]
15:32 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
15:37 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 258 seconds]
15:42 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
15:43 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
15:46 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
15:46 -!- ZPKXTV [root@85.159.233.81] has joined #openvpn
15:46 -!- mode/#openvpn [+b *!root@*] by ChanServ
15:46 -!- ZPKXTV was kicked from #openvpn by ChanServ [Banned: We do not allow root users in IRC]
15:50 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 256 seconds]
16:08 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 256 seconds]
16:11 < fakhir> hello. I have an OpenVPN server with "server 10.8.0.0 255.255.0.0". It seems OpenVPN is still limited to 10.8.1.* because it stops accepting new connections when it runs out of that address space. config -> http://pastebin.com/n0RxujhV
16:12 -!- dazo is now known as dazo_afk
16:37 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
16:44 -!- tibaret [~citizen4@unaffiliated/terabit] has joined #openvpn
16:44 < tibaret> so guys ....
16:44 < tibaret> https://pastee.org/6ert2
16:44 -!- tibaret is now known as terabit
16:44 < terabit> whats up with that ?
16:45 < terabit> sslv3  being used to download .....a ssl vpn client ? (how to avoid that ?)
16:45 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:46 <@plaisthos> terabit: you are confusing openssl error codes with the actual protocol
16:47 <@plaisthos> see https://www.ssllabs.com/ssltest/analyze.html?d=swupdate.openvpn.org&hideResults=on
16:47 <@vpnHelper> Title: SSL Server Test: swupdateopenvpnorg (Powered by Qualys SSL Labs) (at www.ssllabs.com)
16:48 < terabit> thatpage is taking a while to load
16:49 < terabit> I mean it's stuck on "please wait..."
16:49 < terabit> either  way, wget errors out like that, are you saying it's an issue with my openssl library locally?
16:51 <@plaisthos> no I am saying that openssl is confusing :)
16:51 < Raku_> Lol
16:51 <@plaisthos> a lot of error codes are like SSL3 ....
16:51 <@plaisthos> and are named so because SSL3 came before tls
16:51 <@plaisthos> and nobody ever changed the names of the errors
16:52 <@plaisthos> it is like calling it HTTP10_404
16:52 < terabit> https://bpaste.net/show/c89633d9d8ac
16:52 <@plaisthos> and throwing that on HTTP 1/1
16:53 <@plaisthos> terabit: you are doing something wrong
16:53 < terabit> openssl s_client -connect swupdate.openvpn.org:443
16:53 < terabit> that's what i ran for that output
16:53 < terabit> plaisthos: I'm just trying to wget the tarball ...
16:54 < terabit> it looks like the project is putting this behind cloudflare
16:54 < terabit> plasma: can you wget a tarball and let me know if it works for you?
16:54 < terabit> any chance these tarballs can be found on github or something?
16:55 <@plaisthos> you can checkout the tag from git
16:55 <@plaisthos> but it is not exactly the same as the tarball
16:55 <@plaisthos> since you need to generate the configure script yourself
16:55 <@plaisthos> (autoconf -vif
16:55 <@plaisthos> )
16:56 <@plaisthos> no idea on the wget vs cloudfare stuff
16:56 < terabit> is the tarball download working for you (pls if you don't mind, i want to be sure it's not my host or anything)
16:57 <@plaisthos> yes
16:57 < terabit> what link did you use ?
16:57 <@plaisthos> wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.7.tar.xz
16:57 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
16:58 < terabit> what IP does that domain resolve for you ?
17:05 < terabit> so....the website is listening http on port 443 not https
17:05 < terabit> why not just link the tarballs to http:// url ?
17:12 < terabit> I can wget it using http://
17:15 < curmudgeon> Are there any (detailed) examples of using either the http-proxy or socks-proxy options? I read the howto section, but it seems quite incomplete.
17:24 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
17:24 -!- mode/#openvpn [+v s7r] by ChanServ
17:37 -!- seg [~seg@fsf/member/seg] has quit [Quit: !!]
17:47 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
17:51 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
17:54 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Client Quit]
17:57 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
18:05 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 276 seconds]
18:12 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
18:18 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 252 seconds]
18:21 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
18:24 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
18:26 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Client Quit]
18:26 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
18:29 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
18:30 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has left #openvpn []
18:30 -!- Socket- [~kerbooom@pool-96-255-103-79.washdc.fios.verizon.net] has quit [Ping timeout: 258 seconds]
18:32 -!- Socket- [~kerbooom@5.62.8.96] has joined #openvpn
18:36 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
18:38 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
18:38 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
18:52 -!- Jewls [~BestKorea@205.204.85.4] has joined #openvpn
18:53 < Jewls> openvpn is unreliably dropping root privilages for me
18:54 < Jewls> its not dependant... it is on multiple servers - without any configuration file changes
18:55 <+esde> !logs
18:55 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
18:55 <+esde> !configs
18:55 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
18:55 <+esde> !pastebin
18:55 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
18:55 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1892:1b22:67df:d872] has quit [Remote host closed the connection]
18:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
19:00 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:fd61:d571:de1f:f7df] has joined #openvpn
19:07 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
19:12 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
19:20 -!- Jewls is now known as Stallmen
19:23 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
19:25 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
19:28 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
19:29 -!- samopotamus [~seeder@ks4002259.ip-198-100-147.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
19:29 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:fd61:d571:de1f:f7df] has quit [Remote host closed the connection]
19:30 -!- codebam [codebam@gateway/shell/yourbnc/x-pucmzlfqvbfssatt] has quit [Ping timeout: 252 seconds]
19:31 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
19:34 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Client Quit]
19:36 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
19:49 -!- codebam [codebam@gateway/shell/yourbnc/x-pqblfozuedwaldqc] has joined #openvpn
19:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
19:58 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
20:15 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
20:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
20:17 -!- Malsasa [~Malsasa@36.73.240.70] has joined #openvpn
20:28 -!- Stallmen [~BestKorea@205.204.85.4] has quit [Ping timeout: 265 seconds]
20:33 -!- Socket- [~kerbooom@5.62.8.96] has quit [Ping timeout: 244 seconds]
20:56 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
21:15 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
21:34 -!- terabit [~citizen4@unaffiliated/terabit] has quit [Ping timeout: 256 seconds]
21:36 -!- terabit [~citizen4@unaffiliated/terabit] has joined #openvpn
21:53 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
22:03 -!- msn [~msn@117.55.242.50] has quit [Ping timeout: 256 seconds]
22:06 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-jtvhiutejedgfcqq] has quit [Remote host closed the connection]
22:07 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-nenaobuojjapzeoc] has quit [Remote host closed the connection]
22:07 -!- Techman [sid11863@gateway/web/irccloud.com/x-exsszxpnldhorcgg] has quit [Remote host closed the connection]
22:16 -!- msn [~msn@117.55.242.50] has joined #openvpn
22:36 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
22:41 -!- phantomcircuit [~phantomci@smartcontracts.us] has quit [Ping timeout: 264 seconds]
22:43 -!- phantomcircuit [~phantomci@smartcontracts.us] has joined #openvpn
23:14 -!- ShadniX [dagger@p5DDFC099.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:15 -!- ShadniX_ [dagger@p5481D435.dip0.t-ipconnect.de] has joined #openvpn
23:15 -!- ShadniX_ is now known as ShadniX
23:39 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
23:39 -!- msn [~msn@117.55.242.50] has quit [Ping timeout: 246 seconds]
23:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:43 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 244 seconds]
23:45 < GLaDER> Good morgon!
23:47 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
23:59 -!- msn [~msn@182.72.55.194] has joined #openvpn
--- Day changed Tue Jun 09 2015
00:19 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
00:21 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:32 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
00:35 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
00:38 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: No Ping reply in 180 seconds.]
00:38 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
00:41 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:42 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
01:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
01:05 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
01:14 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-wthpqtwmmxgkhamt] has joined #openvpn
01:15 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:23 -!- Techman [sid11863@gateway/web/irccloud.com/x-wvbmhrmntghmsvup] has joined #openvpn
01:23 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Quit: Leaving]
01:33 -!- jefferai [sid1300@kde/mitchell] has quit [Ping timeout: 272 seconds]
01:34 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-dasbcwmhwsslivnu] has quit [Ping timeout: 252 seconds]
01:35 -!- hojgaard [~hojgaard@78.156.117.236] has quit [Remote host closed the connection]
01:38 -!- terabit [~citizen4@unaffiliated/terabit] has quit [Ping timeout: 265 seconds]
01:38 -!- terabit [~citizen4@unaffiliated/terabit] has joined #openvpn
01:50 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:53 -!- dan_j [sid21651@gateway/web/irccloud.com/x-rrjuvfqpgohnztzt] has quit [Remote host closed the connection]
01:53 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Remote host closed the connection]
01:53 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-pyxyudvvgcrinlnu] has quit [Remote host closed the connection]
02:00 -!- BtbN [btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
02:02 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-fzhetcogldlwtdaw] has joined #openvpn
02:03 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 258 seconds]
02:03 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
02:06 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
02:06 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
02:18 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
02:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
02:23 -!- dan_j [sid21651@gateway/web/irccloud.com/x-kevzabzxeesguyjx] has joined #openvpn
02:24 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-luwcdshljcrwkhey] has joined #openvpn
02:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:35 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
02:43 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-gfuohbcgkekralkm] has joined #openvpn
03:51 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
04:04 -!- ivali [~valentin@unaffiliated/ivali] has quit [Remote host closed the connection]
04:17 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
04:17 -!- mode/#openvpn [+v Guest75263] by ChanServ
04:25 -!- Lovis [~Lovis@turandon.de] has joined #openvpn
04:25 < Lovis> !welcome
04:25 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:25 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:25 < Lovis> I would like to start openvpn with an pid file at a specific location.
04:25 < Lovis> at the moment none is generated
04:26 < Lovis> !route
04:26 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
04:28 < apollo13> Lovis: --writepid file
04:29 < Lovis> I tried making a alias with "alias openvpnpid="openvpn --writepid /var/run/openvpn/openvpn.pid", but this is not working in root and if i use the normal openvpn command with this switch openvpn asks me for an tun-device
04:29 < apollo13> oO, why would you use an alias?
04:29 < apollo13> fix your config file or startup script
04:30 < Lovis> i dont wont to write each time "--writepid path", but want it by default
04:30 < apollo13> so put it in the config file
04:30 < Lovis> can I place this option i each client-vpn-config file?
04:31 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
04:31 < apollo13> what is a client-vpn-config file?
04:31 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
04:31 -!- mode/#openvpn [+v Guest75263] by ChanServ
04:32 < Lovis> ok, I got it working, thanks
04:41 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
04:54 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
05:13 -!- ivali [~valentin@unaffiliated/ivali] has quit [Remote host closed the connection]
05:17 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
05:40 -!- dazo_afk is now known as dazo
05:43 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
05:43 -!- mode/#openvpn [+v Guest75263] by ChanServ
05:49 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 276 seconds]
05:53 -!- terabit [~citizen4@unaffiliated/terabit] has quit [Ping timeout: 258 seconds]
05:54 -!- terabit [~citizen4@unaffiliated/terabit] has joined #openvpn
05:57 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:00 -!- Latrina [~Latrina@ppp-177-2.26-151.libero.it] has quit [Ping timeout: 245 seconds]
06:08 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
06:14 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 264 seconds]
06:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
06:18 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
06:22 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
06:49 -!- terabit [~citizen4@unaffiliated/terabit] has quit [Ping timeout: 245 seconds]
06:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Max SendQ exceeded]
07:08 < CryptoSiD> update-resolv-conf dont update my /etc/resolv.conf how can i fix this?
07:09 < CryptoSiD> i have: up /etc/openvpn/update-resolv-conf
07:09 < CryptoSiD> down /etc/openvpn/update-resolv-conf
07:09 < CryptoSiD> in my client.conf
07:10 < CryptoSiD> its still using the system ns even when the vpn is up
07:11 -!- Muad`Dib [~muaddib@unaffiliated/shadok] has joined #openvpn
07:11 -!- Muad`Dib is now known as shadok
07:15 -!- shadok_ [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 246 seconds]
07:18 < CryptoSiD> kk missing script-security 2 :)
07:22 < CryptoSiD> well, when I stop openvpn it dont update the resolv.conf back to original:|
07:32 -!- nutron [~nutron@unaffiliated/nutron] has quit [Ping timeout: 250 seconds]
07:46 -!- r8b7xy [~weechat@104.238.169.81] has quit [Quit: WeeChat 1.2]
07:47 -!- r8b7xy [~weechat@104.238.169.81] has joined #openvpn
07:52 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Quit: ||||||||||||||||||||||||||||||||||||||||||||||| 99%]
07:53 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
07:54 <@dazo> CryptoSiD: if you use --user ... then you need to run the update-resolv-conf script via the down-root plugin ... otherwise openvpn won't have the privileges to update the resolv.conf file
07:54 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
07:54 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
07:54 -!- mode/#openvpn [+v Guest75263] by ChanServ
07:54 <@dazo> (down-root will fork out a root process, waiting for the main openvpn process to exit ... then it will run the script/process down-root has been told to run)
07:55 <+esde> putting together a new firewall, it will have an intel i7 4770, intel pro/1000 pt dual port pci-e x4 nic, 4gb ddr3 ram, 256gb ssd. any idea if it will be able to do openvpn with aes256-cbc at ~100Mb/s?
07:56 <@dazo> esde: yeah, without issues ... what may kill the performance is how many users you add to each openvpn process and the overall general network performance
07:56 < CryptoSiD> ho thanks:)
07:56 <+esde> thanks dazo
07:57 < CryptoSiD> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
07:57 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
07:57 < CryptoSiD> i cant find down-root on this page?:D
07:57 <@dazo> esde: openvpn doesn't require that much resources ... but it is a single threaded application, even with multiple users ... for network tuning, have a look at !gigabit ... but getting a good basic network connection is truly the biggest challenge
07:58 <@dazo> CryptoSiD: it's a plugin ... so look for --plugin in the man-page, and then you need to locate a file named *down-root* on your file system - wherever your distro packager placed that plugin
07:59 < CryptoSiD> /usr/lib/openvpn/openvpn-plugin-down-root.so
07:59 <@dazo> CryptoSiD: if you want to be awesome, you could write a simple man page for us, how to use the down-root plugin ... and we'll try to ship it with openvpn
07:59 <@dazo> CryptoSiD: sounds like the right file
08:00 < CryptoSiD> like this? plugin /usr/lib/openvpn/openvpn-plugin-down-root.so /etc/openvpn/update-resolv-conf
08:00 < CryptoSiD> well i'd like to write a manpage but my english is pretty limited:D
08:00 <@dazo> CryptoSiD: I don't recall exactly the syntax, but that sounds about right
08:01 <@dazo> CryptoSiD: that's why we would review it ... some text is better than no text ;-)
08:01 <@dazo> (unless the text is utterly wrong, of course! ;-) )
08:01 <+esde> CryptoSiD++
08:01 <+esde> dazo++
08:01 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 265 seconds]
08:02 < CryptoSiD> https://github.com/OpenVPN/openvpn/blob/master/src/plugins/down-root/README.down-root
08:02 < CryptoSiD> :P
08:02 <@vpnHelper> Title: openvpn/README.down-root at master · OpenVPN/openvpn · GitHub (at github.com)
08:03 < CryptoSiD> just need to locate the file first:)
08:03 < CryptoSiD> but it doesnt seems to work
08:03 < CryptoSiD> plugin /usr/lib/openvpn/openvpn-plugin-down-root.so "/etc/openvpn/update-resolv-conf"
08:03 < CryptoSiD> when i stop openvpn resolv.conf still use the vpn ns
08:04 <@dazo> huh!  I've reworked that code a bit and haven't noticed that file :-P
08:05 <@dazo> CryptoSiD: log files
08:06 -!- sysanthrope [~sysanthro@130.203.78.201] has joined #openvpn
08:08 < CryptoSiD> http://paste.debian.net/215798/
08:08 < CryptoSiD> it call the plugins tho, but resolv.conf dont move
08:09 <@dazo> maybe the script lacks some arguments
08:09  * dazo brb
08:10 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
08:14 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
08:17 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 272 seconds]
08:19 -!- sysanthrope [~sysanthro@130.203.78.201] has quit [Remote host closed the connection]
08:39 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:07 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 256 seconds]
09:08 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
09:08 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
09:19 -!- mparisi [~mparisi@72.20.27.67] has quit [Excess Flood]
09:20 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
09:58 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:35 -!- apollo13 [~apollo13@django/committer/apollo13] has quit [Quit: SIGILL]
10:57 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:05 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
11:12 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
11:18 -!- barnex [~barnex@89-67-158-237.dynamic.chello.pl] has quit [Read error: No route to host]
11:26 -!- Malsasa [~Malsasa@36.73.240.70] has quit [Read error: Connection reset by peer]
11:33 < CryptoSiD> the person who's managing the apt source http://swupdate.openvpn.net/apt should add stretch for debian and willy for ubuntu:)
11:33 <@vpnHelper> Title: Index of /apt/ (at swupdate.openvpn.net)
11:34 <+esde> !trac
11:34 <@vpnHelper> "trac" is (#1) see https://community.openvpn.net for development information and bug tracker. or (#2) if you have a forum login, use that for trac, its the same database.
11:35 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:03 < heap_> hi, whats the best solution to hid opevpn traffic into https? do i need to install hhtps proxy daemon?
12:06 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
12:12 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:14 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
12:14 -!- mode/#openvpn [+v Guest75263] by ChanServ
12:31 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:32 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
12:38 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
12:39 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
12:46 <+esde> !obfs
12:46 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
12:46 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
12:46 <+esde> !pbfsproxy
12:46 <+esde> !obfsproxy
12:46 <@vpnHelper> "obfsproxy" is (#1) For a writeup on using obfsproxy with OpenVPN see https://syria.hacktivist.me/?p=148 or (#2) See also !obfs. The link to TrafficObfuscation also contains a setup example
12:58 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:10 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
13:11 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
13:13 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
13:19 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 255 seconds]
13:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
13:21 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 256 seconds]
13:24 -!- AppError [~AppError@199.167.138.90] has joined #openvpn
13:24 -!- AppError [~AppError@199.167.138.90] has left #openvpn []
13:24 -!- AppError [~AppError@199.167.138.90] has joined #openvpn
13:24 < AppError> Hey guys :)
13:24 < AppError> Is there OpenVPN Connect (client) for Mac OS?
13:25 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
13:25 < AppError> I really can't seem to find the download link / location on the website. Grrr :)
13:26 <+esde> !download
13:26 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
13:26 <+esde> oh mac
13:26 <+esde> !tunnelblick
13:26 <@vpnHelper> "tunnelblick" is http://www.tunnelblick.net - Free OpenVPN GUI Client for Mac OS X
13:27 < AppError> Ah okay, so I got the right thing then.
13:27 < AppError> Okay, got that downloaded, but somebody told me that OpenVPN Connect is also on the Mac... hence my... confusion.
13:28 <+esde> connect is iOS
13:28 < AppError> Oh well. Clearly people aren't giving me clear info over here :) Thank you!!!!!
13:28 <+esde> tunnelblick is just a gui wrapper for the cli, you could have downloaded the linux source, built it on your system, and used it entirely from the command line if you felt like it
13:28 <+esde> completely eliminating the third party (tunnelblick)
13:29 < AppError> Aha, let's not do that... I'm just a designer who needs access to our dev environment. hehe
13:30 <+esde> that's your ticket, then :)
13:34 -!- tjt263 [~tjt263@58-7-63-45.dyn.iinet.net.au] has joined #openvpn
13:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:48 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 264 seconds]
13:55 -!- r8b7xy [~weechat@104.238.169.81] has quit [Remote host closed the connection]
13:56 < heap_> esde: https://syria.hacktivist.me/?p=148 is dead
13:56 <+esde> no it is not, the certificate is expired though
13:56 < heap_> but the link is down
13:57 <+esde> again, no, it is not
13:57 < heap_> 404 - Content Not Found
13:57 <+esde> oh
13:57 <+esde> yeah i didnt bypass the warning
13:57 <+esde> one moment
13:58 < heap_> ok
13:59 -!- r8b7xy [~weechat@104.238.169.46] has joined #openvpn
14:00 <+esde> this /might/ work https://www.ab9il.net/crypto/openvpn-cloaking.html
14:00 <@vpnHelper> Title: OpenVPN Cloaking (at www.ab9il.net)
14:01 < heap_> thank you
14:01 <+esde> the old tutorial was "recommended", but now that the content was removed it will need to be replaced. Please let us know if the link i provided is helpful, if you have any specific questions, ask them and someone will help when they can :)
14:02 <+esde> also, that is an or tutorial. you don't need to use stunnel and obfsproxy.
14:04 < heap_> so how you want to do it?
14:04 <+esde> i would use obfsproxy
14:04 <+esde> krzee ^
14:05 < heap_> ok
14:05 -!- sysanthrope [~sysanthro@130.203.78.201] has joined #openvpn
14:13 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:15 -!- sysanthrope [~sysanthro@130.203.78.201] has quit [Remote host closed the connection]
14:18 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:19 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 255 seconds]
14:21 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
14:21 -!- mode/#openvpn [+v Guest75263] by ChanServ
14:23 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
14:32 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
14:33 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
14:33 -!- mode/#openvpn [+v Guest75263] by ChanServ
14:33 -!- dazo is now known as dazo_afk
14:43 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
14:44 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
14:44 -!- mode/#openvpn [+v Guest75263] by ChanServ
14:50 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
15:01 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:15 -!- r8b7xy [~weechat@104.238.169.46] has quit [Remote host closed the connection]
15:19 -!- r8b7xy [~weechat@104.238.169.69] has joined #openvpn
15:21 -!- dan_j [sid21651@gateway/web/irccloud.com/x-kevzabzxeesguyjx] has quit [Ping timeout: 256 seconds]
15:21 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
15:22 -!- Techman [sid11863@gateway/web/irccloud.com/x-wvbmhrmntghmsvup] has quit [Ping timeout: 256 seconds]
15:23 -!- dan_j [sid21651@gateway/web/irccloud.com/x-xkanjlmgrihkrtkk] has joined #openvpn
15:23 -!- dougquaid [~root@unaffiliated/dougquaid] has quit [Ping timeout: 256 seconds]
15:24 -!- Techman [sid11863@gateway/web/irccloud.com/x-rskbzmtkmthkjwha] has joined #openvpn
15:24 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:25 -!- r8b7xy [~weechat@104.238.169.69] has quit [Ping timeout: 265 seconds]
15:25 -!- r8b7xy_ [~weechat@104.238.169.69] has joined #openvpn
15:41 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
15:43 -!- AppError [~AppError@199.167.138.90] has quit [Remote host closed the connection]
15:43 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
15:53 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
15:53 -!- mode/#openvpn [+v Guest75263] by ChanServ
15:58 -!- r8b7xy_ [~weechat@104.238.169.69] has quit [Quit: WeeChat 1.2]
16:00 -!- r8b7xy [~weechat@104.238.169.135] has joined #openvpn
16:04 -!- r8b7xy [~weechat@104.238.169.135] has quit [Ping timeout: 244 seconds]
16:06 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
16:07 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
16:07 -!- mode/#openvpn [+v Guest75263] by ChanServ
16:18 -!- r8b7xy [~weechat@104.238.169.135] has joined #openvpn
16:20 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
16:21 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
16:21 -!- mode/#openvpn [+v Guest75263] by ChanServ
16:21 -!- korps_ [~korps_@212.126.102.72] has joined #openvpn
16:27 -!- korps_ [~korps_@212.126.102.72] has left #openvpn []
16:30 -!- Guest75263 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
16:30 -!- Guest75263 [debian-tor@openvpn/user/s7r] has joined #openvpn
16:30 -!- mode/#openvpn [+v Guest75263] by ChanServ
16:46 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
16:46 < FlorianBd> Hi, in the howto https://openvpn.net/index.php/open-source/documentation/howto.html  the installation details don't match what I download from the tars. e.g. init-config does not exist. Is there any more up-to-date doc?
16:46 <@vpnHelper> Title: HOWTO (at openvpn.net)
16:55 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
16:59 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:04 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
17:08 -!- Guest75263 is now known as s7r
17:14 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:21 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
17:22 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
17:23 < FlorianBd> where is this  server.conf.gz   file ?  I cannot find it in the source nor in easy-rsa
17:23 < FlorianBd> (the examples)
17:47 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has quit [Ping timeout: 255 seconds]
17:48 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
17:49 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
17:50 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has joined #openvpn
17:51 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
17:51 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
17:57 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
18:03 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 250 seconds]
18:04 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:06 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
18:17 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 272 seconds]
18:21 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
18:24 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 265 seconds]
18:24 -!- madmattco [~matt@2602:ffea:1:4e8::389e] has joined #openvpn
18:26 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
18:27 -!- mode/#openvpn [+o syzzer] by ChanServ
18:33 < madmattco> I have a question for the experts out there. I currently have a load balanced connection at my house. 2 50/5 modems running into a mikrotik router and using connection marking to get combined speed. I have problems authenticating to some sites that use strict ip sessions since each packet is marked round robin from both of my ip addresses. is there a way I can setup openvpn in my router for both connections to connect to my openvpn server and have
18:33 < madmattco> all trafic appear from the one ip I have designated on my openvpn box?
19:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 276 seconds]
19:04 < fakhir> hello. I have an OpenVPN server with "server 10.8.0.0 255.255.0.0". It seems OpenVPN is still limited to 10.8.1.* because it stops accepting new connections when it runs out of that address space. config -> http://pastebin.com/n0RxujhV
19:06 < fakhir> If someone can provide a solution I can PayPal some money.
19:10 <+esde> heap_ did that resource provide you with the information you needed?
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:21 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
19:34 -!- fakhir_ [~fakhir@unaffiliated/fakhir] has joined #openvpn
19:36 -!- fakhir [~fakhir@unaffiliated/fakhir] has quit [Ping timeout: 246 seconds]
19:50 -!- khaldrogox [~anonymous@66.87.119.20] has joined #openvpn
20:06 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 256 seconds]
20:11 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
20:11 -!- mode/#openvpn [+o mattock1] by ChanServ
20:15 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
20:39 -!- khaldrogox [~anonymous@66.87.119.20] has quit [Quit: khaldrogox]
21:33 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Ping timeout: 272 seconds]
21:43 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
22:00 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 258 seconds]
22:27 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
22:44 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Quit: .]
22:48 -!- Guest43725 [debian-tor@openvpn/user/s7r] has joined #openvpn
22:48 -!- mode/#openvpn [+v Guest43725] by ChanServ
22:48 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
23:01 -!- Malsasa [~Malsasa@36.73.240.70] has joined #openvpn
23:02 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
23:07 -!- Guest43725 [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 265 seconds]
23:09 -!- Guest43725 [debian-tor@openvpn/user/s7r] has joined #openvpn
23:09 -!- mode/#openvpn [+v Guest43725] by ChanServ
23:13 -!- ShadniX [dagger@p5481D435.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:13 -!- ShadniX [dagger@p5481D79B.dip0.t-ipconnect.de] has joined #openvpn
23:19 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Quit: .]
23:20 -!- Malsasa [~Malsasa@36.73.240.70] has quit [Remote host closed the connection]
23:23 -!- Guest43725 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
23:25 -!- Guest43725 [debian-tor@openvpn/user/s7r] has joined #openvpn
23:25 -!- mode/#openvpn [+v Guest43725] by ChanServ
23:35 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:35 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Max SendQ exceeded]
23:37 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:37 -!- Guest43725 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
23:46 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
23:46 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
23:51 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
23:56 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
--- Day changed Wed Jun 10 2015
00:04 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
00:06 -!- msn [~msn@182.72.55.194] has quit [Ping timeout: 250 seconds]
00:19 -!- msn [~msn@117.55.242.50] has joined #openvpn
00:37 -!- Guest43725 [debian-tor@openvpn/user/s7r] has joined #openvpn
00:37 -!- mode/#openvpn [+v Guest43725] by ChanServ
01:00 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
01:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 272 seconds]
01:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
01:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:24 -!- mode/#openvpn [+o mattock1] by ChanServ
01:57 -!- Guest43725 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
01:57 -!- Guest43725 [debian-tor@openvpn/user/s7r] has joined #openvpn
01:58 -!- mode/#openvpn [+v Guest43725] by ChanServ
02:08 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 264 seconds]
02:10 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
02:13 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
02:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
02:24 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:26 -!- mattsl [~user@68.169.165.200] has quit [Read error: Connection reset by peer]
02:34 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:44 -!- dazo_afk is now known as dazo
02:45 -!- ayaz_ [~ayaz@linuxpakistan/ayaz] has joined #openvpn
02:54 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
02:54 -!- ivali [valentin@unaffiliated/ivali] has joined #openvpn
03:00 -!- Guest43725 is now known as s7r
03:38 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:40 -!- fakhir_ [~fakhir@unaffiliated/fakhir] has quit [Ping timeout: 265 seconds]
04:18 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Remote host closed the connection]
04:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:23 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
04:26 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Client Quit]
04:29 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Quit: Sto andando via]
04:31 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
04:53 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
04:53 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
04:53 -!- mode/#openvpn [+v s7r] by ChanServ
04:57 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
05:13 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:22 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 265 seconds]
05:32 -!- s7eele [~AndChat52@208.167.254.225] has joined #openvpn
05:34 -!- s7eele [~AndChat52@208.167.254.225] has quit [Client Quit]
05:43 -!- Malsasa [~Malsasa@36.81.97.161] has joined #openvpn
05:55 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 258 seconds]
06:02 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
06:03 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
06:10 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:11 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
06:22 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
06:22 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
06:22 -!- mode/#openvpn [+v s7r] by ChanServ
06:36 -!- Malsasa [~Malsasa@36.81.97.161] has quit [Ping timeout: 256 seconds]
07:03 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
07:03 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
07:03 -!- mode/#openvpn [+v s7r] by ChanServ
07:06 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:07 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Remote host closed the connection]
07:07 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Client Quit]
07:08 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:12 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
07:13 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
07:13 -!- mode/#openvpn [+v s7r] by ChanServ
07:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
07:14 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:84ae:b2a0:2205:862] has joined #openvpn
07:23 -!- Malsasa [~Malsasa@36.82.84.99] has joined #openvpn
07:30 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
07:31 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
07:31 -!- badon_ is now known as badon
07:43 -!- msn [~msn@117.55.242.50] has quit [Ping timeout: 244 seconds]
07:46 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
07:46 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
07:51 -!- Malsasa [~Malsasa@36.82.84.99] has quit [Remote host closed the connection]
07:56 -!- Malsasa [~Malsasa@36.82.84.99] has joined #openvpn
07:58 -!- Malsasa [~Malsasa@36.82.84.99] has quit [Read error: Connection reset by peer]
08:19 -!- ayaz_ [~ayaz@linuxpakistan/ayaz] has quit [Quit: leaving]
08:34 -!- Starthunder [~blackl@unaffiliated/moonlightning] has quit [Quit: The Nightmares will Collide. And become a Dream. <3]
08:39 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:51 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
09:02 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:15 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
09:21 -!- fredrico [~freddyl@li720-121.members.linode.com] has joined #openvpn
09:21 < fredrico> I am attempting to set up a persistent openvpn client on a number of windows laptops. It seems that when the computer looses it's internet connection, or hibernates, or moves to another connection openvpn does not reconnect.
09:22 < fredrico> Has anyone come across this? or has anyone a solution?
09:32 < Thermi> ping-restart
09:40 < fredrico> I have tried this alright but keep getting errors "Warning: route gateway is not reachable on any active network adapters"
09:41 < fredrico> after a reboot is fine.. but after hibernation or network change it doesn't come back
09:41 < fredrico> or suspend
09:42 < Thermi> Interpret the error message and investigate.
09:42 -!- korps_ [~korps_@212.126.102.72] has joined #openvpn
09:42 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
09:43 < fredrico> I have interpreted the error and am investigating
09:43 < fredrico> which has led me here to see if anyone has any experience of this previously
09:44 -!- fredrico [~freddyl@li720-121.members.linode.com] has quit [Quit: Leaving]
09:45 < Thermi> Your problem is that when openvpn tries to reconnect, Windows does not have a working network connection. OpenVPN can't do anything about that. You can only tell it to try again later when Windows hopefully did its job and the network settings are configured correctly.
09:45 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
09:50 <+esde> Thermi++
09:50 < Thermi> esde: ?
09:51 <+esde> !stats
09:51 <@vpnHelper> I have 5 registered users with 5 registered hostmasks; 1 owner and 0 admins.
09:51 <+esde> !ircstats
09:51 <@vpnHelper> "ircstats" is (#1) See http://secure-computing.net/logs/openvpn.html for all-time IRC stats. or (#2) See http://secure-computing.net/logs/openvpn-devel.html for all-time dev channel IRC stats.
09:51 <+esde> but hasnt been updated in about 6 months
09:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:84ae:b2a0:2205:862] has quit [Remote host closed the connection]
09:52 <+esde> the ++ or -- trailing a users nick gives positive or negative karma
09:52 < Thermi> Ah, okay.
09:52 < Thermi> Thanks.
09:52 <+esde> np, thank you for being helpful! :D
09:57 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:58 <@dazo> Thermi: esde: I believe you might have been too quick to judge fredrico's issue ... https://community.openvpn.net/openvpn/ticket/71
09:58 <@vpnHelper> Title: #71 (Windows 7 (and Vista) - tunnel fails after resume from Sleep/Standby) – OpenVPN Community (at community.openvpn.net)
09:59 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
10:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:04 -!- mode/#openvpn [+o mattock1] by ChanServ
10:05 <+esde> >opened 5 years ago 0_0
10:05 <+esde> !nssm
10:05 <+esde> !factoids
10:05 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
10:06 <+esde> now that you post the trac link, i thought there was a factoid to address that issue
10:06 <+esde> some third party service tool for windows i think
10:07 -!- dazo is now known as dazo_afk
10:08 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 245 seconds]
10:09 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
10:09 -!- mode/#openvpn [+v s7r] by ChanServ
10:17 -!- Malsasa [~Malsasa@36.82.84.99] has joined #openvpn
10:18 <+esde> fahk
10:18 <+esde> i missed the 2.3.7 release by two days
10:18 <+esde> :(
10:19 <+esde> glad to see the topic is still out of date, at least
10:19 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:33 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 265 seconds]
10:44 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
10:49 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
10:50 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
10:53 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Client Quit]
10:58 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 256 seconds]
10:59 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 265 seconds]
11:03 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 258 seconds]
11:05 -!- Malsasa [~Malsasa@36.82.84.99] has quit [Ping timeout: 252 seconds]
11:32 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 245 seconds]
11:34 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
11:34 -!- mode/#openvpn [+v s7r] by ChanServ
11:41 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
11:45 -!- korps_ [~korps_@212.126.102.72] has left #openvpn []
11:54 -!- doop [~doop@colostomy.club] has joined #openvpn
11:58 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
11:58 -!- dan89 [~dan89@mobile-166-173-062-064.mycingular.net] has joined #openvpn
12:00 < dan89> Hello, I work at an predominantly MS shop and we are in need of an VPN solution. I'm looking for white papers or case studies on open VPN and so far my Google fu is failing me. Anyone know where I might find some? We are in healthcare so any that talk about hipaa would be even better
12:01 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:06 -!- dan89 [~dan89@mobile-166-173-062-064.mycingular.net] has quit [Quit: Bye]
12:06 -!- dan89 [~dan89@mobile-166-173-062-064.mycingular.net] has joined #openvpn
12:08 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
12:19 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
12:19 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
12:20 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:41 -!- ozux [~root@unaffiliated/ozux] has quit [Quit: WeeChat 0.4.2]
12:41 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
12:43 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
12:52 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
12:52 -!- davidfetter_fbn [~chatzilla@2601:9:a81:4000:c5ff:96b4:e5e:d0d] has joined #openvpn
12:52 < davidfetter_fbn> hi
12:52 < davidfetter_fbn> !welcome
12:52 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
12:52 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:53 < davidfetter_fbn> !goal
12:53 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
12:53 < davidfetter_fbn> I'd like to route traffic to just one CIDR through the VPN. I'm using tunnelblick, if that matters.
13:09 -!- s7eele [~AndChat52@108.61.68.140] has joined #openvpn
13:10 -!- s7eele [~AndChat52@108.61.68.140] has quit [Client Quit]
13:19 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
13:19 -!- mode/#openvpn [+v s7r] by ChanServ
13:20 -!- fakhir_ [~fakhir@unaffiliated/fakhir] has joined #openvpn
13:40 -!- rika is now known as fool
13:42 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:48 -!- fool is now known as rika
13:55 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has joined #openvpn
13:56 -!- dan89 [~dan89@mobile-166-173-062-064.mycingular.net] has quit [Quit: Bye]
13:56 -!- dan89 [~dan89@214.sub-70-196-13.myvzw.com] has joined #openvpn
13:58 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
14:14 -!- GH0ST [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
14:15 -!- tjt263 [~tjt263@58-7-63-45.dyn.iinet.net.au] has quit [Ping timeout: 264 seconds]
14:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
14:25 -!- bimbo [~emerino@189.129.171.235] has joined #openvpn
14:27 -!- dan89-1 [~dan89@mobile-166-173-062-064.mycingular.net] has joined #openvpn
14:28 < bimbo> hello, I've noticed in my logs some entries coming from 127.0.0.1, today I enabled the management interface (telnet) for openvpn, and noticed this (output of status): https://pastebin.mozilla.org/8836434
14:29 < bimbo> in the client list, client UNDEF with IP 127.0.0.1 is listed
14:29 < bimbo> is this normal?
14:30 -!- dan89 [~dan89@214.sub-70-196-13.myvzw.com] has quit [Ping timeout: 255 seconds]
14:33 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
14:39 -!- korps_ [~korps_@212.126.102.72] has joined #openvpn
14:50 < CryptoSiD> I don't have this
14:54 <+esde> >today I enabled the management interface (telnet) for openvpn
14:54 <+esde> what is this
14:55 -!- rika [rika@trivialand/guesser/rika] has quit [Changing host]
14:55 -!- rika [rika@unaffiliated/rika/bot/filicia] has joined #openvpn
14:55 -!- rika [rika@unaffiliated/rika/bot/filicia] has quit [Changing host]
14:55 -!- rika [rika@trivialand/guesser/rika] has joined #openvpn
14:56 <+esde> did you add a management directive to the config? or are you using AS?
14:56 <+esde> IIRC that localhost /is/ the management interface you just added, in either event
14:59 < bimbo> esde: I added the management directive to the config
15:00 < bimbo> hmm CryptoSiD, management interface through telnet? or AS?
15:00 <+esde> then it's likely the management interface itself
15:01 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
15:02 < CryptoSiD> I have the managed interface enabled (connecting with telnet)
15:02 < CryptoSiD> and i dont have this undef 127.0.0.1 client
15:02 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
15:02 <+esde> ah, there ya go
15:02 < bimbo> hmm that's strange
15:02 <+esde> so please post your !configs and !logs
15:02 <+esde> and we might be able to glean some useful information :)
15:02 < bimbo> !configs
15:02 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:02 < bimbo> ok, just a second please
15:04 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Client Quit]
15:09 < bimbo> here's server.conf: https://pastebin.mozilla.org/8836442
15:09 < bimbo> here are the relevant log entries from /var/log/messages: https://pastebin.mozilla.org/8836443
15:10 < bimbo> the log entries contain the information regarding connections coming from 127.0.0.1...
15:10 < CryptoSiD> do you also run a client on the same box you run the server?
15:11 <+esde> do you have a client running on the server, as well?
15:11 <+esde> ps ax | grep openvpn, would be one way to check
15:12 < bimbo> esde: no, I have another openvpn server instance running (tcp, different port)
15:12 <+esde> port 35271?
15:12 < davidfetter_fbn> hi
15:12 < bimbo> esde: https://pastebin.mozilla.org/8836444
15:13 < bimbo> esde: no, 443
15:13 < davidfetter_fbn> I'd like to set my client so only 172.31.0.0/16 gets routed through the VPN
15:13 < davidfetter_fbn> !paste
15:13 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
15:15 < davidfetter_fbn> https://gist.github.com/davidfetter/6b2c141d9673d35bb2c7 <-- my config so far. Line 20 is my attempt to do this
15:15 <@vpnHelper> Title: gist:6b2c141d9673d35bb2c7 (at gist.github.com)
15:16 < davidfetter_fbn> the client i'm using is tunnelblick, if that makes any difference.
15:17 < davidfetter_fbn> hrm. looking at what i wrote, it's a bit ambiguous. i'd like traffic *going to* 172.31/16 to get routed through the VPN
15:17 < davidfetter_fbn> anybody?
15:18 <+esde> davidfetter_fbn please post serverside config, and client&server !logs
15:19 < davidfetter_fbn> i don't have it :/
15:19 < bimbo> davidfetter_fbn: I belive this has to be done from the server
15:19 < bimbo> the server needs to push routes to the client
15:19 <+esde> ah
15:19 <+esde> !both
15:19 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
15:19 < davidfetter_fbn> so i can't set routes on the client?
15:19 < bimbo> I've done what you want without messing with the server config, by using manual routes (linux, but mac os x shouldn't be a problem)
15:19 < davidfetter_fbn> bimbo, do tell. i'm happy to dive in :)
15:20 <+esde> iptables to save the day!
15:23 < bimbo> davidfetter_fbn: if the server allows to forward traffic, and the route in place to NAT traffic to 172.16.0.0/16, you just need to tell your OS (client side) to route traffic going to 172.16.0.0/16 through the openvpn gateway
15:24 < davidfetter_fbn> k
15:24 < davidfetter_fbn> how do i prevent the client side software from routing anything else?
15:24 < bimbo> iptables in case of a linux server
15:25 < davidfetter_fbn> um
15:25 < bimbo> sorry, that was server side
15:26 < bimbo> client side, just add a route for the specific network (linux again): route add -net 172.16.0.0/16 gw openvpn_gw_ip
15:26 < davidfetter_fbn> and to ensure that the default route doesn't get messed with?
15:28 < bimbo> can't really tell, maybe this is a setting pushed from the server, or it has to do with the client or the OS where the client runs, I'm sure someone else with more knowledge here can shed a light
15:28 < bimbo> our current server and client configuration doesn't route all traffic through the VPN, just the traffic that should go to through it
15:30 < shio> topic isn't up to date btw :D
15:31 < davidfetter_fbn> there's a newer version of openvpn?
15:31 < shio> yeah 2.3.7
15:32 -!- chrisb [~chrisb@li482-205.members.linode.com] has joined #openvpn
15:32 < davidfetter_fbn> i suppose anybody with ops could fix that
15:42 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
15:44 < bimbo> davidfetter_fbn: I'm sure you can work something out by using a hook in the client configuration of openvpn, if there's no other way you can still hook a script for when the connection gets setup to manually modify the routes through a script
15:44 < bimbo> http://askubuntu.com/questions/28733/how-do-i-run-a-script-after-openvpn-has-connected-successfully
15:44 <@vpnHelper> Title: vpn - How do I run a script after OpenVPN has connected successfully? - Ask Ubuntu (at askubuntu.com)
15:49 < davidfetter_fbn> bimbo, thanks :)
15:51 < korps_> question: what you think about generating a 8192 bits key size ?
16:22 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
16:23 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
16:28 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Quit: WeeChat 1.3-dev]
16:29 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
16:30 -!- korps_ [~korps_@212.126.102.72] has left #openvpn []
16:53 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:59 -!- chrisb [~chrisb@li482-205.members.linode.com] has quit [Ping timeout: 252 seconds]
17:10 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
17:17 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
17:22 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:38 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
17:48 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
18:04 -!- Guest5540 [debian-tor@openvpn/user/s7r] has joined #openvpn
18:04 -!- mode/#openvpn [+v Guest5540] by ChanServ
18:10 -!- Guest5540 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
18:11 -!- Guest5540 [debian-tor@openvpn/user/s7r] has joined #openvpn
18:11 -!- mode/#openvpn [+v Guest5540] by ChanServ
18:15 -!- Guest5540_p [debian-tor@openvpn/user/s7r] has joined #openvpn
18:15 -!- mode/#openvpn [+v Guest5540_p] by ChanServ
18:17 -!- Guest5540 [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 245 seconds]
18:36 -!- Guest5540_p [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
18:39 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
18:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:06 -!- dan89-1 [~dan89@mobile-166-173-062-064.mycingular.net] has quit [Quit: Bye]
19:28 -!- Malsasa [~Malsasa@125.164.138.228] has joined #openvpn
19:32 -!- Guest5540 [debian-tor@openvpn/user/s7r] has joined #openvpn
19:32 -!- mode/#openvpn [+v Guest5540] by ChanServ
19:57 -!- Guest5540 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
19:58 -!- Guest5540 [debian-tor@openvpn/user/s7r] has joined #openvpn
19:58 -!- mode/#openvpn [+v Guest5540] by ChanServ
20:03 -!- Guest5540 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
20:04 -!- Guest5540 [debian-tor@openvpn/user/s7r] has joined #openvpn
20:04 -!- mode/#openvpn [+v Guest5540] by ChanServ
20:28 -!- Guest5540 [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
20:33 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Ping timeout: 256 seconds]
20:45 <+esde> i mentioned the topic earlier but i see it's still out of date
20:45 <+esde> maybe plaisthos or syzzer could do a quick /topic :)
20:46 -!- Malsasa [~Malsasa@125.164.138.228] has quit [Ping timeout: 252 seconds]
21:42 -!- plum [~plum@unaffiliated/plum] has joined #openvpn
21:42 < plum> hi!
21:42 < plum> is it significantly less secure if i disable TLS auth?
22:35 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
22:39 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has quit [Ping timeout: 255 seconds]
22:44 -!- bytemeoftn [bitemeoftn@unaffiliated/bitemeoftn] has joined #openvpn
22:45 < bytemeoftn> how can i connect to irc while using my vpn?  right now it just keeps timing out on me
22:51 -!- fakhir_ [~fakhir@unaffiliated/fakhir] has quit [Quit: Leaving]
22:55 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has joined #openvpn
22:59 -!- bytemeoftn [bitemeoftn@unaffiliated/bitemeoftn] has quit [Ping timeout: 252 seconds]
23:02 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has quit [Ping timeout: 272 seconds]
23:04 -!- bitemeoftn [~bitemeoft@unaffiliated/bitemeoftn] has joined #openvpn
23:10 -!- bitemeoftn [~bitemeoft@unaffiliated/bitemeoftn] has quit [Remote host closed the connection]
23:10 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has joined #openvpn
23:11 -!- ShadniX [dagger@p5481D79B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:11 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
23:11 -!- ShadniX [dagger@p579411B9.dip0.t-ipconnect.de] has joined #openvpn
23:12 -!- bytemeoftn [~bitemeoft@unaffiliated/bitemeoftn] has joined #openvpn
23:17 < CGML> plum: Yes, hugely so, I'd say.
23:18 -!- bitemeoftn [bitemeoftn@unaffiliated/bitemeoftn] has joined #openvpn
23:18 -!- bitemeoftn [bitemeoftn@unaffiliated/bitemeoftn] has left #openvpn []
23:20 < plum> dang...
23:21 < plum> i've got one client that seems to be unable to use it
23:21 < bytemeoftn> sorry if this was answered and i missed it....my bnc took a dump, but i'm having some problems connecting to IRC (with or without BNC)
23:21 < bytemeoftn> while VPN is enabled
23:29 -!- msn [~msn@182.72.55.194] has joined #openvpn
23:32 < msn> when i add  "route 172.19.8.0 255.255.248.0" to my openvpn config openvpn creates this in routing table on the vpn serve "172.19.8.0/21 via 172.31.0.2 dev tun0" while the client config whcih has the network 172.19.8.0/21 behind it has a following config "iroute 172.19.8.0 255.255.248.0"
23:33 < msn> the client config also assigns 172.31.1.254 to the client which can route that network
--- Day changed Thu Jun 11 2015
00:04 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 264 seconds]
00:23 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
00:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1074:f5c:e18c:56c] has joined #openvpn
00:30 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Quit: .]
00:31 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:32 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
00:38 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Ping timeout: 255 seconds]
00:39 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Quit: .]
00:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1074:f5c:e18c:56c] has quit [Ping timeout: 256 seconds]
00:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:41 -!- mode/#openvpn [+o mattock1] by ChanServ
00:41 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
00:49 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has quit [Ping timeout: 252 seconds]
01:02 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
01:08 -!- Malsasa [~Malsasa@125.164.130.199] has joined #openvpn
01:09 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:13 -!- rika [rika@trivialand/guesser/rika] has quit [Ping timeout: 265 seconds]
01:33 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
01:34 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
01:41 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:09 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
02:11 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 244 seconds]
02:14 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
02:18 -!- bytemeoftn [~bitemeoft@unaffiliated/bitemeoftn] has quit [Remote host closed the connection]
02:40 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
02:55 -!- Guest5540 [debian-tor@openvpn/user/s7r] has joined #openvpn
02:55 -!- mode/#openvpn [+v Guest5540] by ChanServ
03:06 -!- plaisthos changed the topic of #openvpn to: OpenVPN Community Support Channel || PLEASE read entire topic || Current Release: 2.3.7 (8. June 2015) || First time? Use !welcome and !goal || Access-Server? /join #openvpn-as || We're not psychic - please !paste your !configs and !logs and a description of the issue  || Your problem is probably firewall, Really || Vulninfo: !heartbleed !poodle !ovpnuke
03:15 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
03:16 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
03:16 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:17 -!- badon_ is now known as badon
03:36 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
03:36 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
03:37 -!- badon_ is now known as badon
03:37 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Remote host closed the connection]
03:37 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
03:41 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Read error: Connection reset by peer]
03:42 -!- khaldrogox [~anonymous@66.87.118.66] has joined #openvpn
03:44 -!- otwieracz [~gonet9@v6.gen2.org] has joined #openvpn
03:45 < otwieracz> Hello.
03:45 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 276 seconds]
03:45 < otwieracz> I am trying to set up OpenVPN TAP + server-bridge on my OpenWRT router.
03:46 < otwieracz> I am able to connect, I receive IP from OpenVPN.
03:46 < otwieracz> However, I am not able to ping anywhere because of „Destination host unrechable”
03:46 < otwieracz> http://pastebin.com/bg8ynMLx that's my server config file.
03:47 < otwieracz> 10.9.8.0/24 is my br-pan network
03:47 < otwieracz> And after connecting to VPN I am not able to ping 10.9.8.1
03:48 < otwieracz> Any ideas why?
03:54 -!- dazo_afk is now known as dazo
03:57 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:03 -!- khaldrogox [~anonymous@66.87.118.66] has quit [Quit: khaldrogox]
04:06 -!- Guest5540 is now known as s7r
04:07 -!- fling [~fling@fsf/member/fling] has joined #openvpn
04:07 < fling> Hello.
04:07 < fling> Is it possible to run on two ports without running multiple daemons?
04:07 < fling> I want to be able to run the same daemon on udp/1194 and tcp/443
04:08 <+s7r> you need 2 daemons for that
04:08 <+s7r> and assign different subnets for both to avoid conflicts
04:09 < fling> ohh
04:19 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Quit: leaving]
04:25 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
04:36 -!- toli [~toli@ip-62-235-220-251.dsl.scarlet.be] has joined #openvpn
04:37 < toli> guys, how to remove client from index.txt when the certificates of the client in question are missing?
04:51 < toli> no one?
04:58 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 258 seconds]
05:33 -!- Malsasa [~Malsasa@125.164.130.199] has quit [Killed (hobana.freenode.net (Nickname regained by services))]
05:43 -!- bimbo [~emerino@189.129.171.235] has quit [Ping timeout: 256 seconds]
05:49 -!- Sheraf [~Sheraf@sheraf.wtf] has quit [Quit: WeeChat 1.0.1]
06:04 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has quit [Ping timeout: 248 seconds]
06:18 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
07:01 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
07:09 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:20 < otwieracz> No ideas? :(
07:31 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
07:49 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
07:50 -!- davidfetter_fbn [~chatzilla@2601:9:a81:4000:c5ff:96b4:e5e:d0d] has quit [Ping timeout: 256 seconds]
07:51 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
07:55 <@ecrist> otwieracz: why are you bridging?
07:56 < otwieracz> Because I want to access my LAN from outside.
07:56 < otwieracz> And have IP adress within it.
08:00 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Quit: Sto andando via]
08:02 < otwieracz> ecrist: ↑
08:02 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:05 <@dazo> otwieracz: that's no reason for bridging .... https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
08:05 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
08:06 < otwieracz> You want your LAN DHCP server to provide DHCP addresses to your VPN client  – that will be the ideal situation.
08:07 <@dazo> otwieracz: and why do you need that?
08:07 < otwieracz> To make my laptop accessible under the same IP wherever it is connected.
08:07 <@dazo> and what's the point of that?
08:08 < otwieracz> I have my main laptop, which is usually located in different locations.
08:09 < otwieracz> (and different networks)
08:09 < otwieracz> And I have second, smaller one.
08:09 < otwieracz> Which acts as terminal.
08:10 <@dazo> what I'm saying is:  If you depend on fixed IP addresses, you're doing it wrong
08:10 <@dazo> there's a reason DHCP came ... D = Dynamic ... and it is most suitable on LANs, not VPNs
08:10 <@ecrist> In most cases, people bridge when they don't need to
08:10 < otwieracz> That might be possible :)
08:11 < otwieracz> OK, I'll try to describe my case a little bit.
08:11 < otwieracz> As I told, I have main laptop.
08:11 < otwieracz> Sitting in one of few locations, with compltetly different networks.
08:11 < otwieracz> Few of those are not managed by me.
08:11 < otwieracz> I have one main location, wich OpenWRT router.
08:12 < otwieracz> If I am in this main location – my main laptop is connected physically to br-pan.
08:13 < otwieracz> If I am somewhere else – I want to connect to have access to br-pan and to be accessible from br-pan.
08:13 < otwieracz> And, from my second laptop, ideally I will want to access my laptop using exactly the same domain name.
08:14 < otwieracz> No matters if I am physically connected to br-pan too, like my main laptop.
08:14 < otwieracz> Or I am somewhere else and connecting through VPN.
08:14 < otwieracz> Or my main laptop is somewhere else with VPN, too.
08:15 < otwieracz> What I thought is that erasing the difference between connected physically or through VPN will met all those requirements.
08:15 <@dazo> otwieracz: what you describe can be solved by using VPN + DNS with dynamic updates ... so your main laptop updates dynamically the DNS with it's current IP address (can be done via an --up script on the openvpn client side + a dhclient tweak to only do dynamic updates when you're in the main location)
08:16 < otwieracz> So, ok.
08:16 < otwieracz> What do you think about:
08:16 <@dazo> from your mini-laptop, you connect using hostname ... and if you have a proper DNS setup, it will connect to the right IP
08:16 < otwieracz> 1) tun instead of tap, different subnet for VPN
08:17 <@dazo> Alternative 1) is the proper way ... routing does the rest
08:17 < otwieracz> Hmm. Is this available that openvpn will somehow interact with dnsmasq and update DNS>
08:17 < otwieracz> s/>/?/
08:17 < otwieracz> DNS server.
08:19 <@dazo> I dunno if dnsmasq supports dynamic updates ... but you can either put a simple script which does the magic of updating /etc/hosts .... or you can install bind on the openwrt router, that works also very well if you have enough of storage on your router
08:19 <@dazo> (I did that on an old TP-WR1043ND many years ago)
08:21 <@dazo> a simple update script can be a simple python or perl based web service ... and your clients just do a simple wget/curl without any particular data ... the remote address will be available on the server-side
08:22 -!- korps_ [~korps_@212.126.102.72] has joined #openvpn
08:22 < otwieracz> yeah
08:22 < otwieracz> Additionally I'll be able to connect from phone, too.
08:22 <@dazo> and it would generally just work
08:23 < otwieracz> Yeah, I was doing tun many times,
08:24 <@dazo> of course, this approach requires more tweaking and fiddling to get started ... but it'll give you far less issues than if you go for the fixed IP address and bridging
08:26 -!- korps_ [~korps_@212.126.102.72] has quit [Changing host]
08:26 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
08:32 < otwieracz> dazo: dnsmasq surely is able to query /etc/hosts (or other file)
08:32 < otwieracz> dazo: Am I able to configure openvpn server to actually append something to that file?
08:33 <@dazo> otwieracz: yeah, but bind supports the nsupdate protocol ... so on the client side, you have simple script which talks directly to the DNS server and does the update in the zone files directly .... I doubt dnsmasq supports that, so that would need some help from an additional service
08:33 < otwieracz> dazo: Ideally I'll want to keep everything server-side.
08:33 <@dazo> oh, yeah ... you can use --client-connect scripts on the server side
08:34 < otwieracz> dazo: so, for example, my phone will be able to do this too.
08:34 <@dazo> I didn't think of that, but that will require even less hacking
08:34 <@dazo> does your phone need be reachable by VPN/LAN clients?
08:34 < otwieracz> Sometimes, yes.
08:34 < otwieracz> Because of some fun p2p stuff in it for file synchronization.
08:35 <@dazo> okay ... then it would make even more sense to use --client-connect scripts
08:35 < otwieracz> That's awesome.
08:35 <@dazo> look at the SCRIPTING AND ENVIRONMENT section in the man page
08:35 < otwieracz> Thanks for leading me out of worse way.
08:36 <@dazo> no worries
08:44 <+esde> dazo++
09:03 -!- sysanthrope [~sysanthro@130.203.92.94] has joined #openvpn
09:10 -!- sysanthrope [~sysanthro@130.203.92.94] has quit [Read error: Connection reset by peer]
09:10 -!- sysanthrope [~sysanthro@130.203.92.94] has joined #openvpn
09:11 -!- sysanthrope [~sysanthro@130.203.92.94] has quit [Remote host closed the connection]
09:17 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
09:22 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
09:47 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Read error: Connection reset by peer]
10:23 < varesa> Has anyone encountered a problem with openvpn on android where there is no internet connectivity on the device when the VPN is up?
10:23 -!- ivali [valentin@unaffiliated/ivali] has quit [Ping timeout: 244 seconds]
10:23 < varesa> E.g. I'd like to route 192.168.0.0/24 over the VPN and everything else through the normal internet connection
10:27 <+esde> !configs
10:27 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:27 <+esde> !logs
10:27 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:27 <+esde> !pastebin
10:27 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
10:27 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
10:31 < varesa> my client config: http://fpaste.org/231157/40366661/ (noticed some extra lines at the end I'll remove)
10:33 <+esde> that's one out of for things
10:33 <+esde> *four
10:33 <+esde> damn this keyboard
10:33 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:33 < varesa> working on the rest
10:33 <+esde> oh perfect
10:35 < varesa> client log: http://fpaste.org/231161/40369051/
10:36 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has joined #openvpn
10:41 < varesa> server config: http://imgur.com/a/vB3Gh#2LfAHas (don't know where to find the generated config, this is on a pfsense fw/router)
10:41 <@vpnHelper> Title: - Album on Imgur (at imgur.com)
10:45 < varesa> last 50 server log entries: http://fpaste.org/231167/14340374/
10:45 <+esde> one sec i'll tell you where to look on pfsense
10:46 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:46 <+esde>  /var/etc/openvpn
10:46 <+esde> erm nope
10:49 < varesa> no?
10:49 <+esde> on mine it's empty
10:49 <+esde> but it seems like the right directory
10:49 < varesa> I have /var/etc/openvpn/server1.conf, ...
10:49 < varesa> a sec
10:49 <+esde> oh great
10:50 <+esde> dunno what happened to my configs, then :P
10:50 < varesa> server config: http://fpaste.org/231171/40378081/
10:50 <+esde> now someone might be able to provide some help :D
10:52 < varesa> I should add that it works on my laptop using a config like this: http://fpaste.org/231173/37895143/ so I don't think it's a server issue
10:59 -!- j00d [cf26a89e@gateway/web/freenode/ip.207.38.168.158] has joined #openvpn
11:00 < j00d> i just installed the AS appliance and when I went to log into the admin gui, it gave me an msi download for "openvpn-connect".  what's the diff between connect and the client download on the website?
11:03 <+esde> !as
11:03 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
11:04 <+esde> we don't support Access Server in here
11:25 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
11:38 -!- K0HAX [~K0HAX@c-75-72-143-131.hsd1.mn.comcast.net] has joined #openvpn
11:42 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
11:43 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
11:43 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 265 seconds]
11:50 -!- darxun [darxun@crew.of.the.worldwide.famous.micros0ft.dk] has left #openvpn []
12:20 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Quit: off to do some thoughtcrime]
12:35 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
12:35 < otwieracz> OK, I am still having issues. Now even with tun :(
12:38 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
12:39 < otwieracz> SENT CONTROL [curiosity.otwiera.cz]: 'PUSH_REPLY,route-gateway 10.9.7.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.9.7.2 255.255.255.0' (status=1)
12:39 < otwieracz> What might this mean?
12:39 < otwieracz> Oh, ok, nevermind :)
12:41 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:46 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
12:47 -!- j00d [cf26a89e@gateway/web/freenode/ip.207.38.168.158] has quit [Quit: Page closed]
12:55 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
13:01 -!- doop [~doop@colostomy.club] has joined #openvpn
13:21 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
13:22 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
13:34 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:41 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:46 -!- s7eele [~AndChat52@108.61.68.140] has joined #openvpn
13:48 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 245 seconds]
13:49 -!- n1md4 [~nimda@anion.cinosure.com] has joined #openvpn
13:50 < n1md4> hi, i have vpn on openwrt box.  i have an odd issue.   when connected to vpn whatismyip.com returns the vpn address, but when i access a web site i own, the log reports my external address and not the vpn.  any ideas?
13:56 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:05 -!- akamaru217 [~akamaru@2601:0:8a80:1210:b876:305b:3c5e:f25a] has joined #openvpn
14:11 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
14:45 < Eugene> n1md4 - is the website hosted on the same IP address as your vpn endpoint?
14:47 < Eugene> There's a special route added for the VPN server, bypassing the VPN. This is so that traffic inside the VPN can actually be encapsulated and sent down the tunnel
14:59 -!- GH0ST [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Remote host closed the connection]
15:08 -!- jefferai [sid1300@kde/mitchell] has quit [Ping timeout: 256 seconds]
15:09 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
15:30 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
15:38 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 276 seconds]
15:43 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:13 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
16:14 -!- s7eele [~AndChat52@108.61.68.140] has quit [Quit: Bye]
16:56 < FlorianBd> Hi, I got easyrsa from github and there 's no "vars" file to call, only vars.example - How can I generate the keys without it, or where to find it?
16:59 <+pekster> FlorianBd: Run the script; vars is _only_ required if you wish to change defaults, as the comments in vars.example, and the "what's new" document explains
17:00 <+pekster> Last bullet here: https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Readme.md#feature-highlights
17:00 <@vpnHelper> Title: easy-rsa/EasyRSA-Readme.md at master · OpenVPN/easy-rsa · GitHub (at github.com)
17:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
17:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:19 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Remote host closed the connection]
17:22 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
17:22 < FlorianBd> thank you pekster :)
17:37 -!- Ludo- [~Ludo@obelix.zoxx.net] has joined #openvpn
17:38 < Ludo-> Hi! trying to migrate my easy-rsa certificates to ejbca I have something wrong happening
17:38 < Ludo-> the client is showing "authorizing"
17:38 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
17:38 < Ludo-> and in the openvpn server logs
17:38 < Ludo-> Jun 11 22:37:20 vpn1 ovpn-server[2410]: 24.43.96.60:63920 TLS: Initial packet from [AF_INET]24.43.96.60:63920, sid=b0b100f1 361c4fa8
17:39 < Ludo-> I get these messages every seconds
17:39 < Ludo-> the issue seems to come from my certificates, but not sure how to troubleshoot it
17:52 -!- cylon512 [~cylon@93-80-3-38.broadband.corbina.ru] has joined #openvpn
17:53 < FlorianBd> hmmm I get this weird "memory corruption" crash :   https://florianbador.com/dl/openvpn-error   It seems my grsec is refusing something to openvpn (see syslog at the end)
17:54 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Quit: Goodbye!]
17:54 < FlorianBd> ah, in fact grsec is just refusing the core dump afterwards I think
17:56 < Ludo-> yes you can't coredump based on the limit you have
17:58 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
18:01 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 264 seconds]
18:13 < n1md4> Eugene: you got it!  it took a while to see it, but yes, routing was actually doing exactly what I was asking it to, and responding correctly :)
18:13 < FlorianBd> Ludo-: ok but any idea why openvpn would crash?
18:13 < Eugene> n1md4 - I love being right
18:14 < n1md4> the solution therefore is to change the reverse dns to point to the private ip
18:14 < n1md4> forward/reverse, whatever :)
18:23 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
18:35 < Ludo-> FlorianBd: which distribution, do you use the default distribution packages?
18:35 < Ludo-> actually no
18:36 < Ludo-> did you compile it yourself in /home/root?
18:36 < Ludo-> why do you compile it yourself? instead to use the packages from your OS?
18:40 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has left #openvpn []
18:41 -!- AMERICAN_PSYCHO [~AMERICAN_@212.sub-70-196-3.myvzw.com] has joined #openvpn
18:47 -!- joren [~quassel@personaltelco-2-pt.tunnel.tserv14.sea1.ipv6.he.net] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
18:48 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 246 seconds]
18:52 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
18:53 -!- dazo is now known as dazo_afk
19:02 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
19:40 < Ludo-> ok I solved my issue, it was the type of certificate generated by ejbca for the client was not "correct" according to openvpn for a client
20:09 < FlorianBd> Ludo-: I compiled it myself for many reasons, including there: 1- I want it optimized just like all the rest of the system.  2- I don't want it in /usr for some reasons.  3- I don't want it built w/ plugins.   My distribution was Zenwalk but there's not much left from it because most libs, bins, and the kernel were built natively.
20:09 < FlorianBd> hmm that one might be cut.   My distribution was Zenwalk but there's not much left from it because most libs, bins, and the kernel were built natively.
20:25 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
20:30 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
20:31 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 265 seconds]
20:33 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
20:41 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
20:43 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 265 seconds]
20:49 < Ludo-> FlorianBd: ok :) so good luck with that troubleshooting :)
20:49 -!- DArqueBishop [~drkbish@tyrande.darquecathedral.org] has joined #openvpn
20:59 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
21:40 -!- GH0ST [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
21:40 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:47 -!- showaz [~showaz@unaffiliated/showaz] has quit []
22:30 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Read error: Connection reset by peer]
22:38 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
22:39 -!- GH0ST [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Remote host closed the connection]
22:47 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
22:52 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 265 seconds]
22:55 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
23:07 -!- Malsasa [~Malsasa@125.164.130.106] has joined #openvpn
23:11 -!- ShadniX [dagger@p579411B9.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:12 -!- ShadniX_ [dagger@p5DDFFA09.dip0.t-ipconnect.de] has joined #openvpn
23:12 -!- ShadniX_ is now known as ShadniX
23:15 -!- Malsasa [~Malsasa@125.164.130.106] has quit [Read error: Connection reset by peer]
23:15 -!- Malsasa [~Malsasa@125.164.130.106] has joined #openvpn
23:17 -!- Malsasa [~Malsasa@125.164.130.106] has quit [Excess Flood]
23:17 -!- Malsasa [~Malsasa@125.164.130.106] has joined #openvpn
23:18 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Quit: WeeChat 1.1.1]
23:33 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Ping timeout: 272 seconds]
23:38 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has quit [Ping timeout: 250 seconds]
23:40 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has joined #openvpn
--- Day changed Fri Jun 12 2015
00:10 -!- AMERICAN_PSYCHO [~AMERICAN_@212.sub-70-196-3.myvzw.com] has quit [Quit: Goodbye!]
00:29 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
00:29 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
00:29 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
00:37 -!- Malsasa is now known as Guest91062
00:37 -!- Guest91062 [~Malsasa@125.164.130.106] has quit [Killed (sendak.freenode.net (Nickname regained by services))]
00:38 -!- toli [~toli@ip-62-235-220-251.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
00:39 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
00:41 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
00:42 -!- toli [~toli@ip-62-235-220-251.dsl.scarlet.be] has joined #openvpn
00:43 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 246 seconds]
00:45 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:53 -!- mode/#openvpn [+o mattock1] by ChanServ
00:54 -!- curmudgeon [~user@122-57-236-45.jetstream.xtra.co.nz] has quit [Quit: Leaving.]
00:57 -!- fred`` [fred@earthli.ng] has joined #openvpn
01:03 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
01:03 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
01:04 -!- Malsasa [~Malsasa@36.73.220.172] has joined #openvpn
01:06 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
01:14 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
01:14 -!- Malsasa [~Malsasa@36.73.220.172] has quit [Ping timeout: 256 seconds]
01:26 -!- Malsasa [~Malsasa@125.164.131.138] has joined #openvpn
01:28 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
01:31 -!- Malsasa [~Malsasa@125.164.131.138] has quit [Ping timeout: 276 seconds]
01:32 -!- Malsasa [~Malsasa@36.74.16.183] has joined #openvpn
01:35 -!- Malsasa [~Malsasa@36.74.16.183] has quit [Excess Flood]
01:36 -!- Malsasa [~Malsasa@36.74.16.183] has joined #openvpn
01:39 -!- Malsasa [~Malsasa@36.74.16.183] has quit [Read error: Connection reset by peer]
01:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
01:46 -!- plum [~plum@unaffiliated/plum] has quit [Quit: mulp]
01:46 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
01:47 -!- AMERICAN_PSYCHO [~AMERICAN_@212.sub-70-196-3.myvzw.com] has joined #openvpn
02:13 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
02:23 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
02:24 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
02:32 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 248 seconds]
02:32 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
02:50 -!- Malsasa [~Malsasa@36.73.225.204] has joined #openvpn
02:54 -!- Malsasa [~Malsasa@36.73.225.204] has quit [Excess Flood]
02:54 -!- Malsasa [~Malsasa@36.73.225.204] has joined #openvpn
03:10 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has quit [Read error: Connection reset by peer]
03:11 -!- Malsasa [~Malsasa@36.73.225.204] has quit [Read error: Connection reset by peer]
03:15 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has joined #openvpn
03:26 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
03:32 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 265 seconds]
03:47 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Disconnected by services]
03:48 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 244 seconds]
03:49 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 258 seconds]
03:49 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Ping timeout: 256 seconds]
03:49 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
03:49 -!- mode/#openvpn [+o vpnHelper] by ChanServ
03:52 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
03:57 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
03:59 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:11 -!- dazo_afk is now known as dazo
04:13 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
04:14 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Read error: Connection reset by peer]
04:14 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 252 seconds]
04:19 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
04:26 -!- ivali [valentin@unaffiliated/ivali] has joined #openvpn
04:31 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
04:34 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
04:34 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
04:36 -!- shadok_ [~muaddib@unaffiliated/shadok] has quit [Client Quit]
04:38 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 264 seconds]
04:42 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
05:04 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
05:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:24 -!- mode/#openvpn [+o mattock1] by ChanServ
05:33 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
05:34 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
05:50 -!- otwieracz [~gonet9@v6.gen2.org] has left #openvpn []
05:53 -!- Malsasa [~Malsasa@36.73.246.102] has joined #openvpn
06:16 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has quit [Remote host closed the connection]
06:16 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
06:19 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
06:22 -!- Malsasa [~Malsasa@36.73.246.102] has quit [Ping timeout: 246 seconds]
06:23 -!- Malsasa [~Malsasa@36.73.246.102] has joined #openvpn
06:27 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
06:28 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
06:29 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
06:31 -!- valentin- [valentin@unaffiliated/ivali] has joined #openvpn
06:31 -!- ivali [valentin@unaffiliated/ivali] has quit [Ping timeout: 265 seconds]
06:37 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
06:38 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
06:38 -!- Malsasa [~Malsasa@36.73.246.102] has quit [Ping timeout: 264 seconds]
06:46 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
06:46 -!- mode/#openvpn [+v s7r] by ChanServ
06:46 -!- cylon512 [~cylon@93-80-3-38.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
06:46 -!- cylon512 [~cylon@93-80-3-38.broadband.corbina.ru] has joined #openvpn
06:47 -!- ivali [valentin@unaffiliated/ivali] has joined #openvpn
06:48 -!- valentin- [valentin@unaffiliated/ivali] has quit [Ping timeout: 265 seconds]
06:54 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:55 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 265 seconds]
06:56 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
07:03 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has left #openvpn []
07:09 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
07:13 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:15 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Client Quit]
07:16 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:16 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Client Quit]
07:18 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
07:18 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:21 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
07:21 -!- tsing [~tsing@gintama.tsing.org] has quit [Client Quit]
07:22 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
07:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
07:28 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 244 seconds]
07:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:38 < ivali> !goal
07:38 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
07:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:02 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:19 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
08:21 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
08:31 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
09:36 < typ> hi there, i'm running openvpn access server and i'm looking for a way to push routes for specific public ips, but i don't want to route all traffic through the VPN, so just traffic to certain public IPs, how would i do that?
09:36 <+esde> Hi!
09:36 <+esde> !as
09:36 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
09:36 <+esde> we do not support access server in this channel
09:36 < typ> i see, thanks!
09:43 -!- davidfetter_fbn [~chatzilla@2601:9:a81:4000:8fc:363f:d870:6d2d] has joined #openvpn
09:43 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
09:44 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has left #openvpn []
09:49 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
10:04 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 245 seconds]
10:05 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
10:06 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
10:13 -!- AMERICAN_PSYCHO [~AMERICAN_@212.sub-70-196-3.myvzw.com] has quit [Ping timeout: 255 seconds]
10:23 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:32 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
10:42 -!- n1md4 [~nimda@anion.cinosure.com] has left #openvpn []
10:56 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
10:57 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
10:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
11:09 -!- ivali [valentin@unaffiliated/ivali] has quit [Ping timeout: 265 seconds]
11:10 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
11:28 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
11:29 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:53 -!- mnathani__ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
11:55 -!- dazo is now known as dazo_afk
11:58 -!- mnathani__ is now known as mnathani_
12:07 -!- dazo_afk is now known as dazo
12:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:08 -!- mode/#openvpn [+o mattock1] by ChanServ
12:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
12:12 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 264 seconds]
12:13 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 276 seconds]
12:13 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:18 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:18 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 264 seconds]
12:19 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Quit: off to do some thoughtcrime]
12:22 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:24 -!- badon_ is now known as badon
12:28 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
12:28 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:29 -!- badon_ is now known as badon
12:30 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Excess Flood]
12:30 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
12:32 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:33 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Excess Flood]
12:38 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:42 -!- supergauntlet is now known as xXxSuPeRgAuNtLeT
12:42 -!- xXxSuPeRgAuNtLeT is now known as supergauntlet
12:50 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
12:53 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
12:53 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
12:54 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
13:19 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
13:27 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
13:29 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 256 seconds]
13:29 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
13:32 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
13:33 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
13:34 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
13:34 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
13:38 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
13:41 -!- badon_ [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 265 seconds]
13:43 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
13:44 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
13:44 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
13:47 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
13:49 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
14:16 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
14:26 -!- doop [~doop@colostomy.club] has joined #openvpn
14:34 -!- dazo is now known as dazo_afk
15:07 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
15:07 -!- Netsplit *.net <-> *.split quits: Maxel, james41382, thedudez0r, Reventlov, nullsign, GLaDER, FruitieX, K0HAX, shadok
15:07 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
15:07 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
15:07 -!- Netsplit over, joins: nullsign
15:08 -!- Netsplit over, joins: Reventlov, K0HAX
15:08 -!- Netsplit over, joins: thedudez0r
15:09 -!- FruitieX [~FruitieX@qyr0.kyla.fi] has joined #openvpn
15:09 -!- FruitieX [~FruitieX@qyr0.kyla.fi] has quit [Changing host]
15:09 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
15:11 -!- GLaDER [~GLaDER@gladernet.csbnet.se] has joined #openvpn
15:24 -!- shadok_ is now known as shadok
15:28 -!- samopotamus [~seeder@ks4002259.ip-198-100-147.net] has joined #openvpn
15:29 -!- pissfrog [~chatzilla@S0106002401d09e7e.vs.shawcable.net] has joined #openvpn
15:30 < pissfrog> is there a reason why i can't surf the internet on my laptop when i connect via ovpn to my work network?
15:31 < pissfrog> that's a stupid question to ask, of course there's a reason. i just don't know what it is
15:38 <+esde> !welcome
15:38 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
15:38 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:38 <+esde> !goal
15:38 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:38 <+esde> !configs
15:38 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:38 <+esde> !logs
15:38 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:39 <+esde> After stating your goal, please post your configs and logs per the instructions above (both server and client). Then wait politely for assistance :)
15:39 < pissfrog> will do thanks
15:39 < pissfrog> the goal is the following:
15:40 < pissfrog> i have 2 ipFire machines that share a net-to-net tunnel but they also have clients setup to connect to the subnets behind them and be able to browse the network: i.e.: rdp, ssh to hosts on those respective LANs
15:42 < pissfrog> all of that works like magic. i can connect to either office via ovpn client on windows and browse the subnet behind the ipfire machines. but my laptop cannot surf the internet while tunneling to either office
15:42 < pissfrog> i'll paste config and logs in a second. i will replace actual ip addresses with x.x.x.x
15:42 <+esde> !redact
15:42 <@vpnHelper> "redact" is Please don't redact or change things(hostname, port, CNs, etc) when you !paste your !configs and !logs. It's a lot easier for us to debug if we're seeing the same thing you are.
15:44 < pissfrog> i see. well i was going to redact just the WAN ip addresses since they are static and i would like to avoid exposing those to the world. i will not redact the LAN, and ovpn ip addresses. how's that?
15:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
15:56 < pissfrog> ok, i have pasted the server.conf files: http://fpaste.org/231624/43414257/
15:57 < pissfrog> i have redacted our WAN IP address with the word "WAN IP" and our domain with "ourdomain.com"
15:57 < pissfrog> client config coming right up:
15:58 < pissfrog> this file is actually called: ovpnconfig
15:58 < pissfrog> http://fpaste.org/231625/14341426/
16:01 < pissfrog> my laptop client logs: http://fpaste.org/231626/14287914/
16:12 < pissfrog> server logs are as old as 29 May
16:12 < pissfrog> nothing new in them
16:13 < pissfrog> server logs: http://fpaste.org/231631/34143585/
16:17 -!- NoNamesLeft [~ChairmanM@cpc14-wake7-2-0-cust129.17-1.cable.virginm.net] has joined #openvpn
16:22 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 276 seconds]
16:34 -!- NoNamesLeft [~ChairmanM@cpc14-wake7-2-0-cust129.17-1.cable.virginm.net] has quit [Ping timeout: 244 seconds]
16:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8478:1646:ab5f:f189] has joined #openvpn
16:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8478:1646:ab5f:f189] has quit [Ping timeout: 256 seconds]
17:07 < mnathani_> is it possible to run IPSec over OpenVPN?
17:12 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:41 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
17:43 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
17:44 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
17:44 -!- akamaru217 [~akamaru@2601:0:8a80:1210:b876:305b:3c5e:f25a] has quit [Ping timeout: 272 seconds]
17:44 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
17:50 -!- akamaru217 [~akamaru@2601:0:8a80:1210:b876:305b:3c5e:f25a] has joined #openvpn
17:53 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
17:53 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
17:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:911:4b04:a97f:85f] has joined #openvpn
17:57 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
17:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:911:4b04:a97f:85f] has quit [Ping timeout: 256 seconds]
18:14 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 256 seconds]
18:17 -!- doop [~doop@colostomy.club] has joined #openvpn
18:18 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has quit [Quit: /quit]
18:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8cd5:19c6:592d:dc17] has joined #openvpn
18:19 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has joined #openvpn
18:30 -!- pissfrog [~chatzilla@S0106002401d09e7e.vs.shawcable.net] has quit [Ping timeout: 265 seconds]
18:35 -!- akamaru217 [~akamaru@2601:0:8a80:1210:b876:305b:3c5e:f25a] has quit [Ping timeout: 272 seconds]
18:38 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 256 seconds]
18:39 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
18:41 -!- james41382_ is now known as james41382
19:20 -!- djgera [~djgera@archlinux/developer/djgera] has joined #openvpn
19:31 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 256 seconds]
19:32 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
19:33 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
19:38 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
20:12 -!- funnel [~funnel@unaffiliated/espiral] has quit [Remote host closed the connection]
20:32 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
20:38 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
20:45 -!- r8b7xy [~weechat@104.238.169.135] has quit [Ping timeout: 252 seconds]
20:47 -!- HanSooloo_ [~HanSooloo@pool-71-163-41-230.washdc.fios.verizon.net] has joined #openvpn
20:51 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
20:58 -!- r8b7xy [~weechat@104.238.169.97] has joined #openvpn
22:32 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Read error: Connection reset by peer]
22:37 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:40 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
22:44 -!- HanSooloo_ is now known as HanSooloo
23:10 -!- ShadniX [dagger@p5DDFFA09.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:10 -!- ShadniX_ [dagger@p579413E4.dip0.t-ipconnect.de] has joined #openvpn
23:10 -!- ShadniX_ is now known as ShadniX
23:54 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
23:57 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
--- Day changed Sat Jun 13 2015
01:42 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 276 seconds]
01:44 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
03:15 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:26 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 276 seconds]
04:37 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has quit [Ping timeout: 255 seconds]
05:39 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
05:43 -!- Guest75531_n [debian-tor@openvpn/user/s7r] has joined #openvpn
05:43 -!- mode/#openvpn [+v Guest75531_n] by ChanServ
05:46 -!- Guest75531_n_i [debian-tor@openvpn/user/s7r] has joined #openvpn
05:47 -!- mode/#openvpn [+v Guest75531_n_i] by ChanServ
05:47 -!- Guest75531_n [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
05:50 -!- Guest75531_n_i [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
05:50 -!- Guest75531_n_i [debian-tor@openvpn/user/s7r] has joined #openvpn
05:50 -!- mode/#openvpn [+v Guest75531_n_i] by ChanServ
05:54 -!- Guest75531_n_i [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
05:58 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
06:00 -!- Guest75531_p [debian-tor@openvpn/user/s7r] has joined #openvpn
06:00 -!- mode/#openvpn [+v Guest75531_p] by ChanServ
06:01 -!- Guest75531_p_i [debian-tor@openvpn/user/s7r] has joined #openvpn
06:01 -!- mode/#openvpn [+v Guest75531_p_i] by ChanServ
06:04 -!- Guest75531_p [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
06:05 -!- Guest75531_p_i [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
06:15 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 272 seconds]
06:16 -!- Guest75531 [debian-tor@openvpn/user/s7r] has joined #openvpn
06:16 -!- mode/#openvpn [+v Guest75531] by ChanServ
06:17 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
06:21 -!- Guest75531 [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
07:02 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
07:13 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 276 seconds]
07:31 -!- r8b7xy [~weechat@104.238.169.97] has quit [Ping timeout: 276 seconds]
07:41 -!- rika_ [rika@trivialand/guesser/rika] has joined #openvpn
07:42 -!- rika_ is now known as rika
07:46 -!- r8b7xy [~weechat@104.238.169.100] has joined #openvpn
07:46 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
07:51 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
07:52 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:02 -!- r8b7xy [~weechat@104.238.169.100] has quit [Quit: WeeChat 1.2]
08:03 -!- r8b7xy [~weechat@104.238.169.154] has joined #openvpn
08:06 -!- r8b7xy [~weechat@104.238.169.154] has quit [Client Quit]
08:06 -!- r8b7xy [~weechat@104.238.169.154] has joined #openvpn
08:08 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
08:18 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
08:22 -!- antiatom [~ilse@46.19.137.116] has joined #openvpn
08:22 < antiatom> Hi all, I run OpenVPN on Debian and I would like to 1) make sure 100% of my traffic is routed over my VPN when I am connected, and
08:23 < antiatom> 2) Have a config where I can deny ALL applications network connectivity with a whitelist exception for maybe 1 browser to connect to captive portal hotspots unless the VPN is on
08:48 -!- pk12 [~pk12@173.44.55.179] has joined #openvpn
09:30 -!- NoNamesLeft [~ChairmanM@cpc14-wake7-2-0-cust129.17-1.cable.virginm.net] has joined #openvpn
09:31 -!- Denial- [~Denial@81.141.17.48] has joined #openvpn
09:31 < BtbN> Linux does not have an application level firewall.
09:31 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 264 seconds]
09:31 < BtbN> Also, you can't route 100% of your traffic through a VPN. At least the traffic to the VPN gateway itself will allways be routed natively
09:31 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
09:32 < BtbN> So if you plan to send anything unencrypted that way, make sure to send it to the servers IP inside of the VPN
09:32 -!- Denial [~Denial@81.141.17.48] has quit [Ping timeout: 264 seconds]
09:32 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Ping timeout: 264 seconds]
09:34 -!- Kobaz [~kobaz@its.kobaz.net] has quit [Excess Flood]
09:43 -!- davidfetter_fbn [~chatzilla@2601:9:a81:4000:8fc:363f:d870:6d2d] has quit [Ping timeout: 265 seconds]
09:51 -!- NoNamesLeft [~ChairmanM@cpc14-wake7-2-0-cust129.17-1.cable.virginm.net] has quit [Ping timeout: 272 seconds]
09:51 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
09:58 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:06 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
10:31 -!- Guest75531_c [debian-tor@openvpn/user/s7r] has joined #openvpn
10:31 -!- mode/#openvpn [+v Guest75531_c] by ChanServ
10:34 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:48 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 276 seconds]
10:55 -!- Guest75531_c is now known as s7r
11:16 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
11:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8cd5:19c6:592d:dc17] has quit [Remote host closed the connection]
11:35 -!- Malsasa [~Malsasa@36.84.69.241] has joined #openvpn
12:08 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Read error: Connection reset by peer]
12:15 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
12:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
12:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:31 -!- r8b7xy [~weechat@104.238.169.154] has quit [Quit: WeeChat 1.2]
12:32 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
12:34 -!- Malsasa [~Malsasa@36.84.69.241] has quit [Read error: Connection reset by peer]
12:39 -!- toli [~toli@ip-62-235-220-251.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
12:43 -!- toli [~toli@ip-62-235-220-251.dsl.scarlet.be] has joined #openvpn
13:22 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:99b:fbaa:c7fb:37b] has joined #openvpn
13:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
13:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:99b:fbaa:c7fb:37b] has quit [Ping timeout: 256 seconds]
13:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:46 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 252 seconds]
13:51 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
13:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
13:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
14:00 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b06b:4c69:c5c7:f88e] has joined #openvpn
14:18 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b06b:4c69:c5c7:f88e] has quit [Remote host closed the connection]
14:27 -!- r8b7xy [~weechat@104.238.169.110] has joined #openvpn
14:36 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 276 seconds]
14:39 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
14:52 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
14:58 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
15:00 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
15:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d8e1:be6b:9bc4:32d8] has joined #openvpn
15:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d8e1:be6b:9bc4:32d8] has quit [Ping timeout: 256 seconds]
15:29 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 265 seconds]
15:31 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has quit [Ping timeout: 248 seconds]
15:32 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
15:32 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
15:35 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has joined #openvpn
15:56 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 272 seconds]
15:58 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has left #openvpn ["Leaving"]
16:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7dd4:d44d:877f:af7d] has joined #openvpn
16:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7dd4:d44d:877f:af7d] has quit [Ping timeout: 256 seconds]
16:28 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 244 seconds]
16:30 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
16:51 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7da8:dc2f:524a:1014] has joined #openvpn
17:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7da8:dc2f:524a:1014] has quit [Ping timeout: 256 seconds]
17:28 -!- antiatom [~ilse@46.19.137.116] has quit [Ping timeout: 252 seconds]
17:52 -!- nsrafk [whois@unaffiliated/nsrafk] has quit [Read error: Connection reset by peer]
18:01 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:14 -!- djgera [~djgera@archlinux/developer/djgera] has quit [Quit: Zocalo]
18:21 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
18:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5531:d3ba:239b:88fa] has joined #openvpn
18:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
18:26 -!- chantra [~chantra@unaffiliated/chantra] has quit [Ping timeout: 256 seconds]
18:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5531:d3ba:239b:88fa] has quit [Ping timeout: 256 seconds]
18:26 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
18:29 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 264 seconds]
18:29 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 264 seconds]
18:29 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 264 seconds]
18:29 -!- Haigha [~root@aela.xomg.net] has quit [Ping timeout: 264 seconds]
18:29 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
18:30 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
18:30 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
18:30 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 264 seconds]
18:32 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
18:41 -!- pk12 [~pk12@173.44.55.179] has quit [Ping timeout: 265 seconds]
18:42 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
18:43 -!- cylon512 [~cylon@93-80-3-38.broadband.corbina.ru] has quit [Quit: leaving]
18:55 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
19:27 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
20:26 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:21 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
23:08 -!- ShadniX [dagger@p579413E4.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:09 -!- ShadniX [dagger@p5481C880.dip0.t-ipconnect.de] has joined #openvpn
23:23 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Remote host closed the connection]
23:25 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 256 seconds]
23:37 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
23:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:47 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
--- Day changed Sun Jun 14 2015
00:00 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
00:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
00:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
00:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 276 seconds]
00:30 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
00:36 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
00:38 -!- Haxxa [~Harrison@cpe-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
00:42 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
00:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:57 -!- mode/#openvpn [+o mattock1] by ChanServ
01:08 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 264 seconds]
01:11 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a8f7:4659:93f3:5231] has joined #openvpn
01:16 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a8f7:4659:93f3:5231] has quit [Ping timeout: 265 seconds]
01:17 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
01:39 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
01:46 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 252 seconds]
01:55 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 276 seconds]
01:55 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
01:56 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
02:08 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
02:10 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
02:11 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:641a:688f:9925:4746] has joined #openvpn
02:15 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:16 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:641a:688f:9925:4746] has quit [Ping timeout: 256 seconds]
02:25 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
02:30 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
02:41 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
02:43 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
02:49 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
02:56 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 250 seconds]
03:00 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
03:12 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:29ce:c3a0:7f03:ca77] has joined #openvpn
03:17 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:29ce:c3a0:7f03:ca77] has quit [Ping timeout: 265 seconds]
03:46 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
03:55 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 240 seconds]
04:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:653a:9df7:a624:d8c7] has joined #openvpn
04:16 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
04:18 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:653a:9df7:a624:d8c7] has quit [Ping timeout: 256 seconds]
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:24 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
04:35 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
04:38 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Client Quit]
04:53 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
04:56 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 244 seconds]
04:57 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
04:57 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Remote host closed the connection]
04:57 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
04:58 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
05:10 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has quit [Read error: Connection reset by peer]
05:13 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has joined #openvpn
05:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ec70:22d2:eb62:c2fa] has joined #openvpn
05:18 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ec70:22d2:eb62:c2fa] has quit [Ping timeout: 261 seconds]
05:39 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
05:52 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
05:53 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
06:04 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 246 seconds]
06:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:18 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 250 seconds]
06:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 250 seconds]
06:27 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
06:39 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
06:39 -!- mode/#openvpn [+o syzzer] by ChanServ
06:40 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
06:40 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
06:49 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has quit [Ping timeout: 264 seconds]
06:49 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 265 seconds]
06:50 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has joined #openvpn
07:03 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
07:03 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
07:10 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 265 seconds]
07:11 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
07:15 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:bc0d:c638:b040:dfc4] has joined #openvpn
07:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:bc0d:c638:b040:dfc4] has quit [Ping timeout: 265 seconds]
07:27 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
07:31 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
07:40 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
07:42 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:45 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 265 seconds]
07:50 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
07:54 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
08:01 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
08:16 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:205d:14a1:decc:3775] has joined #openvpn
08:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:205d:14a1:decc:3775] has quit [Ping timeout: 265 seconds]
08:29 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 246 seconds]
08:29 -!- HanSooloo [~HanSooloo@pool-71-163-41-230.washdc.fios.verizon.net] has quit [Ping timeout: 264 seconds]
08:34 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
08:44 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
08:51 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
09:04 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
09:09 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
09:15 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 250 seconds]
09:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 255 seconds]
09:44 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
09:49 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
09:59 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 245 seconds]
10:13 -!- r8b7xy [~weechat@104.238.169.110] has quit [Quit: WeeChat 1.2]
10:14 -!- r8b7xy [~weechat@104.238.169.110] has joined #openvpn
10:15 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
10:17 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c20:c8c9:505c:ac40] has joined #openvpn
10:21 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 252 seconds]
10:22 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c20:c8c9:505c:ac40] has quit [Ping timeout: 265 seconds]
10:30 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 240 seconds]
10:32 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
10:37 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
10:39 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
10:42 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
10:55 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has quit [Ping timeout: 264 seconds]
10:57 -!- r8b7xy [~weechat@104.238.169.110] has quit [Quit: WeeChat 1.2]
11:00 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds]
11:04 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has joined #openvpn
11:19 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
11:19 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Ping timeout: 272 seconds]
11:28 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
11:41 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:03 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
12:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:cc86:1216:78e1:3a6d] has joined #openvpn
12:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:cc86:1216:78e1:3a6d] has quit [Ping timeout: 256 seconds]
12:26 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
12:31 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
12:33 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
12:44 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 256 seconds]
12:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:55 -!- r8b7xy [~weechat@104.238.169.33] has joined #openvpn
12:59 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
13:00 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 265 seconds]
13:03 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
13:15 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
13:15 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Client Quit]
13:17 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
13:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6ce1:e12b:141d:6b06] has joined #openvpn
13:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6ce1:e12b:141d:6b06] has quit [Ping timeout: 265 seconds]
13:30 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
13:37 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
13:53 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
13:56 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
14:03 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:03 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Ping timeout: 245 seconds]
14:09 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has joined #openvpn
14:09 -!- obcecado [~ob@2001:1af8:feff::ff0b:ce:cad0] has joined #openvpn
14:10 < obcecado> !welcome
14:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:10 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:10 < obcecado> hi
14:12 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
14:19 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
14:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:706f:55a0:f3e5:3696] has joined #openvpn
14:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:706f:55a0:f3e5:3696] has quit [Ping timeout: 265 seconds]
14:30 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
14:34 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
14:43 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 265 seconds]
14:54 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
15:02 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
15:02 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 245 seconds]
15:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
15:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 276 seconds]
15:38 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:07 -!- jackbrown [~se@93-44-18-63.ip95.fastwebnet.it] has quit [Quit: Sto andando via]
16:22 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9819:335f:c3cb:656d] has joined #openvpn
16:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9819:335f:c3cb:656d] has quit [Ping timeout: 265 seconds]
16:32 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 246 seconds]
16:32 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 250 seconds]
16:38 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
16:38 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
16:42 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
16:49 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 250 seconds]
17:08 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:20 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
17:22 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
17:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 265 seconds]
17:46 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
17:48 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has quit [Ping timeout: 244 seconds]
17:51 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has joined #openvpn
17:54 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 252 seconds]
18:09 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
18:11 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
18:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:25 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
18:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 265 seconds]
18:52 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
18:57 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 250 seconds]
19:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
19:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 240 seconds]
19:55 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
19:59 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
20:01 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
20:02 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 245 seconds]
20:05 -!- cydrobolt [~cydrobolt@fedora/cydrobolt] has quit [Remote host closed the connection]
20:20 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
20:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4d3d:cd2e:78bb:e332] has joined #openvpn
20:29 -!- Cydrobolt is now known as cydrobolt
20:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4d3d:cd2e:78bb:e332] has quit [Ping timeout: 256 seconds]
20:33 -!- Kobaz [~kobaz@173.234.39.101] has joined #openvpn
20:48 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 245 seconds]
21:00 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
21:07 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
21:17 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
21:18 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
21:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c0ce:bbf9:dbbb:facc] has joined #openvpn
21:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c0ce:bbf9:dbbb:facc] has quit [Ping timeout: 265 seconds]
21:35 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
22:05 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
22:10 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 240 seconds]
22:14 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
22:17 -!- Max-P [~Max-P@vm0.max-p.me] has joined #openvpn
22:19 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
22:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:45d1:7ed6:d1fe:1cd9] has joined #openvpn
22:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
22:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:45d1:7ed6:d1fe:1cd9] has quit [Ping timeout: 256 seconds]
23:08 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
23:09 -!- ShadniX [dagger@p5481C880.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:09 -!- ShadniX_ [dagger@p5481C47B.dip0.t-ipconnect.de] has joined #openvpn
23:09 -!- ShadniX_ is now known as ShadniX
23:14 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
23:22 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Excess Flood]
23:24 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
23:30 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Max SendQ exceeded]
23:30 -!- Haxxa [~Harrison@cpe-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
23:58 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
23:59 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
--- Day changed Mon Jun 15 2015
00:12 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
00:13 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:17 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 240 seconds]
00:20 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:20 -!- mode/#openvpn [+o mattock1] by ChanServ
00:28 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e90a:7d3e:aa6:f65c] has joined #openvpn
00:32 -!- pissfrog [~chatzilla@S010690b134fb65db.vs.shawcable.net] has joined #openvpn
00:32 -!- pissfrog [~chatzilla@S010690b134fb65db.vs.shawcable.net] has quit [Client Quit]
00:33 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e90a:7d3e:aa6:f65c] has quit [Ping timeout: 265 seconds]
00:42 -!- toli [~toli@ip-62-235-220-251.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
00:43 -!- toli [~toli@ip-62-235-220-103.dsl.scarlet.be] has joined #openvpn
01:11 -!- fling [~fling@fsf/member/fling] has quit [Quit: ZNC - http://znc.in]
01:14 -!- fling [~fling@fsf/member/fling] has joined #openvpn
01:14 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
01:19 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:19 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 276 seconds]
01:24 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
01:26 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 244 seconds]
01:29 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b920:4561:d0cf:3f62] has joined #openvpn
01:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b920:4561:d0cf:3f62] has quit [Ping timeout: 265 seconds]
01:38 -!- ivali [~valentin@unaffiliated/ivali] has joined #openvpn
02:12 -!- sjums [~sjums@slothkrew.com] has joined #openvpn
02:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e196:fc04:f3ef:1579] has joined #openvpn
02:33 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Remote host closed the connection]
02:35 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
02:35 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e196:fc04:f3ef:1579] has quit [Ping timeout: 265 seconds]
02:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
02:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:59 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
03:04 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:04 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 255 seconds]
03:07 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
03:11 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 265 seconds]
03:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
03:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4c63:4e60:b3d9:114] has joined #openvpn
03:34 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
03:35 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4c63:4e60:b3d9:114] has quit [Ping timeout: 265 seconds]
03:43 < diytto> Hi, how can i generate .ovpn files for my server? Does the server have a command to do this, or do i just need to build it?
03:51 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 265 seconds]
03:56 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:06 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
04:08 -!- dazo_afk is now known as dazo
04:22 -!- MaxFrames [~MaxFrames@unaffiliated/maxframes] has joined #openvpn
04:22 < MaxFrames> hello
04:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:23 < MaxFrames> I am using the openvpn client+gui on a windows 7 x64 machine, on which vmware player is also installed
04:23 < MaxFrames> I have to use the windows xp x64 version, and not the vista-and-later x64 version, because the former does not play nice with vmware player
04:24 < MaxFrames> the latter, I mean, sorry
04:24 < MaxFrames> the vista+ version shows a "all tap-win32 adapters are currently in use" error upon trying to initiate a connection, the xp version works fine
04:25 < MaxFrames> I've determined this is a conflict between the tap driver and the virtual adapters installed by vmware
04:25 < MaxFrames> is there not a workaround to allow using both products?
04:28 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
04:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:98a2:5c05:efac:2e37] has joined #openvpn
04:33 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 255 seconds]
04:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:98a2:5c05:efac:2e37] has quit [Ping timeout: 256 seconds]
04:41 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Quit: WeeChat 1.1.1]
04:51 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
04:51 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:03 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
05:15 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
05:20 -!- MaxFrames [~MaxFrames@unaffiliated/maxframes] has left #openvpn ["Reality is that which, when you stop believing in it, doesn't go away"]
05:23 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
05:31 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
05:32 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1b5:4682:5431:b6f6] has joined #openvpn
05:34 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:34 < dionysus69> hello everyone I have an emergency
05:35 < dionysus69> I had openvpn working fine on windows clients
05:35 < dionysus69> but now I have to add one more key
05:35 < dionysus69> for client
05:36 < dionysus69> but it gives the error that it cant find ca, I copied ca files from config to the key folder in easy-rsa, same problem but it only works if I generate new CA, if I generate new CA then the old client will stop working wont it ???
05:37 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1b5:4682:5431:b6f6] has quit [Ping timeout: 265 seconds]
05:38 < dionysus69> I figured the problem, I have "lost" the ca.key file, how do I restore, is it impossible? do I have to regenerate every file from start ?
05:40 <@plaisthos> in short it is impossible
05:40 -!- D-Boy [~D-Boy@unaffiliated/cain] has quit [Excess Flood]
05:40 < dionysus69> so for future, if I want to add a new client to the current "setup" i need to keep files that are in easy-rsa/key folder?
05:41 < dionysus69> which I assume would hold that ca.key file because I assume I deleted it, I assumed I wouldnt need it anymore
05:41 <@plaisthos> but if you have few hundert years and few million of hardware you can factorize the key of your rsa cert and regenerate the private key file
05:41 <@plaisthos> Sounds like it
05:41 <@plaisthos> I have no experience with esay-rsa
05:41 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
05:41 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
05:42 < dionysus69> how do you do certificates other than that? also, is there a "password" option to authenticate because certificate way of authentication has limitations
05:42 < dionysus69> its quite insecure to drag certificates around
05:42 < dionysus69> and if anyone gets it anyone can access the server
05:43 < sjums> if anyone gets your password they can access the server
05:44 < dionysus69> well its not sitting anywhere at least, just your brain
05:44 < sjums> would you like a 12 char string or a 4096 bit prime number to secure your connection? :)
05:44 < dionysus69> yes but if that file is sitting on server and someone has physical access to it even for couple mins they can just copy the file
05:44 < sjums> That's true. On the other hand it will as well reside in your computers memory from time to time
05:45 < dionysus69> i guess this is over-concern haha
05:45 < sjums> I understand your concern though :)
05:45 < dionysus69> i ll be fine :D
05:45 < dionysus69> thanks anyway :P just wondered if openvpn had that other option :P
05:45 < sjums> I've never used anything else but certs, so I'm afraid I can't help you even if I wanted to :P
05:45 < dionysus69> i just find managing certificates tedious and very time consuming
05:45 < sjums> stick around, I'm sure some smart head will show up eventually :)
05:52 -!- D-Boy [~D-Boy@unaffiliated/cain] has joined #openvpn
06:01 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b560:5a57:c18a:417c] has joined #openvpn
06:05 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
06:14 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has quit [Ping timeout: 252 seconds]
06:16 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
06:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
06:37 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 256 seconds]
06:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:41 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
06:41 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
06:41 -!- mode/#openvpn [+o syzzer] by ChanServ
06:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
06:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:50 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 255 seconds]
07:03 -!- samopotamus [~seeder@ks4002259.ip-198-100-147.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
07:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
07:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
07:43 -!- _cmd__ is now known as _cmd_
07:48 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
07:55 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
08:03 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:15 -!- Malsasa [~Malsasa@114.79.45.245] has joined #openvpn
08:18 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:22 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Quit: WeeChat 1.1.1]
08:36 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
08:39 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
08:48 -!- frinnst [~misfit@unaffiliated/frinnst] has joined #openvpn
08:49 < frinnst> i have troubles importing user-locked profiles in the android client. The profile is generated by the AS server. file too large
08:49 < frinnst> seems im not the only one with this issue but in my case, manually editing the profile is not an option
08:50 < frinnst> how can I trim the client.ovpn file on the AS server?
08:50 < frinnst> oh, sorry. another channel for as
08:50 < frinnst> nevermind
08:53 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
08:58 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
08:58 -!- ivali [~valentin@unaffiliated/ivali] has quit [Ping timeout: 246 seconds]
09:04 <@plaisthos> frinnst: which android clinet?
09:04 <@plaisthos> OpenVPN Connect or OpenVPN for Android?
09:16 -!- msn [~msn@182.72.55.194] has quit [Remote host closed the connection]
09:20 < NucWin> any advantages to openvpn for android over openvpn connect?
09:28 < frinnst> OpenVPN Connect
09:28 < frinnst> more luck with openvpn for android and that was the client that my customer had tried
09:28 < frinnst> so all worked out in the end
09:33 <@plaisthos> NucWin: see the faq
09:33 <@plaisthos> !android
09:33 <@vpnHelper> "android" is (#1) available as OpenVPN for Android as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html or (#2) Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android or (#3) Old (pre-ICS) device? See !android-old
09:43 < NucWin> thanks i might have to give that a try
09:44 < NucWin> maybe even try the old root one to see if i can get tap working
09:46 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
09:47 <@plaisthos> yeah
09:47 <@plaisthos> as soon as someone pays me or I get extremely bored ics-openvpn will also get tap support :)
09:47 <@plaisthos> the first one is more realistic
09:48 < NucWin> do you happen to know if cyanogenmod kernel includes tap driver?
09:49 < NucWin> also do you know if its possible to force all data through tun client side rather than push from server side (so can have 1 client force and 1 not)
09:52 < NucWin> * me remembers reading lots of options in openvpn for android maybe one is force data through tun
09:53 -!- D-Boy [~D-Boy@unaffiliated/cain] has left #openvpn ["Leaving"]
09:55 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
09:56 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
10:00 < Reventlov> Yosh.
10:00 < Reventlov> I got a setup where my openvpn is behind a nat, and is acting like a gateway to the internet for the other machines of the vpn network. I'm using a tap network device, and masquerading.
10:00 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
10:01 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
10:01 < Reventlov> Still, I cannot access the internet with a machine connected to the vpn: the machine can ping the vpn server, the vpn server can ping the machine, the vpn server can ping the internet
10:01 < Reventlov> the machine cannot ping the internet
10:01 < Reventlov> whenever I want to ping something from the machine, I get that: https://i.imgur.com/7t7xP21.png
10:01 -!- Malsasa [~Malsasa@114.79.45.245] has quit [Read error: Connection reset by peer]
10:02 < Reventlov> (the machine has the 10.8.0.3 ip, the server the 172.16.17.3 ip)
10:02 < Reventlov> it seems machine -> vpn is ok, vpn -> internet is ok, internet -> vpn is ok, but the message don't go back from the vpn to the machine
10:03 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
10:03 < Reventlov> Any idea to fix that ?
10:03 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:18 <@plaisthos> NucWin: tap in cyanogenmod does not matter unless they also modify the VPNService API to include tap support which is very unlikely
10:18 <@plaisthos> NucWin: What do you mean with force all data through tun
10:20 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
10:30 < NucWin> push "redirect-gateway def1" <--- this on the server but client side so its not for all clients
10:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b560:5a57:c18a:417c] has quit [Remote host closed the connection]
10:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:57 < NucWin> nm that is just me being stupid. i just put it in the client config without the push
10:57 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
10:57 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
11:03 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 264 seconds]
11:10 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:19 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
11:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
11:31 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 255 seconds]
11:44 -!- haroldofurtado [~haroldofu@177.135.0.76.dynamic.adsl.gvt.net.br] has joined #openvpn
11:45 -!- haroldofurtado [~haroldofu@177.135.0.76.dynamic.adsl.gvt.net.br] has quit [Client Quit]
11:45 -!- haroldofurtado [~haroldofu@177.135.0.76.dynamic.adsl.gvt.net.br] has joined #openvpn
11:47 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 252 seconds]
11:49 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
11:53 -!- James_Epp [~james@216.36.146.9] has joined #openvpn
11:55 < James_Epp> Looking for some client configuration advice. Networking is not my background, so thanks for your patience with me. I have a NAS I need to connect to with SMB in a VPN tunnel. (I know, super bad idea, whatever). I want my client machines (windows) to go through the VPN to connect to the NAS, but all other traffic doesn't go through the VPN. What do I need to add to the config file? Assume I don't know the networking setup of the client. I want to 'extend' t
11:56 <@ecrist> you should push a route just for the IP of the NAS
11:57 <@ecrist> push "route <NAS_IP> 255.255.255.255"
11:57 < James_Epp> ecrist: And that won't take anything else?
11:57 <@ecrist> the NAS with either need to know how to route to your VPN, or your VPN server will need to NAT traffic to the LAN
11:58 <@ecrist> also, if you want to be able to "browse" for the NAS, you'll need to set up WINS 
11:58 <@ecrist> but, that's off-topic for this channel
11:58 < James_Epp> and a /32 means just that host, i assume. That works, I suppose. Give me a minute to try this out, ecrist.
11:59 <+esde> James_Epp do you control the openvpn server? It wasn't clear from your introduction
11:59 <@ecrist> it would appear he does, esde
12:00 < James_Epp> esde: ecrist, yes.
12:00 <+esde> cool, just checking :D
12:00 < James_Epp> a bit. The NAS is the openvpn server. Kinda crappy setup, but I really don't care.
12:00 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
12:01 < James_Epp> ecrist: Okay, so this is no different than before. I'll post my config in a minute.
12:01 <@ecrist> how are you testing?
12:01 < James_Epp> windows client.
12:01 <@ecrist> also, are you running the openvpn client as admin?
12:01 <@ecrist> and how are you trying to connect to the CIFS share?
12:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
12:01 < James_Epp> ecrist: https://bpaste.net/show/8c057a04a58b
12:02 < James_Epp> ecrist: client as admin, just using \\10.8.0.1
12:02 <@ecrist> is your VPN server the one hosting the CIFS share?
12:03 -!- haroldofurtado [~haroldofu@177.135.0.76.dynamic.adsl.gvt.net.br] has quit [Ping timeout: 256 seconds]
12:04 < James_Epp> yes, ecrist.
12:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:06 -!- haroldofurtado [~haroldofu@179.187.46.233.dynamic.adsl.gvt.net.br] has joined #openvpn
12:06 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
12:11 < James_Epp> ecrist: esde: Is route-nopull what I want perhaps?
12:13 < James_Epp> ughhh but then the push route conflicts. Why is this so difficult? I took a bit of cisco, the theory in this doesn't sound too complex.
12:21 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
12:21 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
12:24 -!- haroldof_ [~haroldofu@179.178.120.199] has joined #openvpn
12:25 < James_Epp> ecrist: esde: OOOOOOOH sh..... I get it now. push "$CONFIG" is for server-side configurations. I needed just the route command itself because this is from the perspective of the client. Derp. Thanks, guys.
12:27 < James_Epp> ^^that, and route-nopull
12:28 -!- haroldofurtado [~haroldofu@179.187.46.233.dynamic.adsl.gvt.net.br] has quit [Ping timeout: 264 seconds]
12:35 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:45 -!- haroldofurtado [~haroldofu@179.187.45.203.dynamic.adsl.gvt.net.br] has joined #openvpn
12:47 -!- haroldof_ [~haroldofu@179.178.120.199] has quit [Ping timeout: 252 seconds]
13:00 -!- ImDevinC [~ImDevinC@c-50-188-37-42.hsd1.mn.comcast.net] has joined #openvpn
13:01 -!- madmattco [~matt@2602:ffea:1:4e8::389e] has quit [Quit: ZNC - http://znc.in]
13:02 -!- haroldofurtado [~haroldofu@179.187.45.203.dynamic.adsl.gvt.net.br] has quit [Remote host closed the connection]
13:02 -!- haroldofurtado [~haroldofu@179.187.45.203.dynamic.adsl.gvt.net.br] has joined #openvpn
13:04 -!- haroldofurtado [~haroldofu@179.187.45.203.dynamic.adsl.gvt.net.br] has quit [Read error: Connection reset by peer]
13:09 < ImDevinC> Hey everyone! I have a server setup that runs great except for one small issue. Every couple minutes, the speeds from client machines drops to a few hundred bytes. It will stay that way for a couple seconds to a couple minutes, and the go back up to normal speeds. This process continously repeats. Any ideas?
13:10 < ImDevinC> Server is running on Windows Server 2012, clients range from phones, Windows 7 machines, and OSX (either Yosemite or MAvericks)
13:13 <@ecrist> sorry James, I had to step away for a bit.
13:13 <@ecrist> James_Epp: is your VPN server's CIFS daemon listening for connections on the VPN IP?
13:14 <@ecrist> if not, you'll need to enable that for it to work.
13:14 -!- haroldofurtado [~haroldofu@179.187.45.203.dynamic.adsl.gvt.net.br] has joined #openvpn
13:15 -!- madmattco [~quassel@i.am.madboxes.cc] has joined #openvpn
13:15 < James_Epp> ecrist: It just kinda handled it the exact way it needs to. I assume the 10.8.0.1 IP is the NAS itself, so any services running on that IP are fine for me to reach.
13:16 <@ecrist> well, your experience so far might tell you otherwise. ;)
13:16 <@ecrist> is it a Linux or Windows server?
13:16 < James_Epp> ecrist: What do you mean? Should I be worried about this breaking hardcore? Linux.
13:17 <@ecrist> run "netstat -ln | grep 445" on the linux system
13:18 < James_Epp> ecrist: Looks like it's trying ipv6. What's the switch for 4?
13:18 <@ecrist> what's trying IPv6?
13:18 <@ecrist> did you run the command I said, above?
13:18 < James_Epp> yes
13:19 <@ecrist> pastebin that for me
13:19 < James_Epp> trying atm
13:19 <@ecrist> if it's only a line, just paste it here
13:19 < James_Epp> https://bpaste.net/show/0f3beddfea07
13:19 < James_Epp> I assume that looks good though because of line 3
13:20 -!- haroldof_ [~haroldofu@177.159.23.157] has joined #openvpn
13:20 <@ecrist> yup, that looks good
13:20 < James_Epp> awesome. Thanks for the help, mate.
13:20 <@ecrist> heh
13:21 <@ecrist> line 14 of the client config you sent me is bogus
13:21 <@ecrist> that needs to go in the server config
13:21 <@ecrist> actually, it needs to go nowhere
13:21 <@ecrist> remove it
13:21 <@ecrist> and paste your server config and new client config
13:22 -!- ImDevinC [~ImDevinC@c-50-188-37-42.hsd1.mn.comcast.net] has quit [Quit: ImDevinC]
13:22 -!- haroldo__ [~haroldofu@177.159.20.76] has joined #openvpn
13:23 -!- haroldofurtado [~haroldofu@179.187.45.203.dynamic.adsl.gvt.net.br] has quit [Ping timeout: 246 seconds]
13:26 -!- haroldof_ [~haroldofu@177.159.23.157] has quit [Ping timeout: 264 seconds]
13:26 < James_Epp> https://bpaste.net/show/7627bf9cc8d9
13:26 < James_Epp> https://bpaste.net/show/f7c47d216673
13:27 < James_Epp> ecrist ^^. I appreciate your input.
13:32 <@ecrist> um
13:32 <@ecrist> Your server side config isn't
13:32 < James_Epp> how so?
13:32 <@ecrist> well, line 2 specifies client
13:33 <@ecrist> it doesn't set up the bits to be a server
13:33 < James_Epp> Well, here's my crappy theory
13:33 -!- haroldo__ [~haroldofu@177.159.20.76] has quit [Quit: Textual IRC Client: www.textualapp.com]
13:33 -!- haroldofurtado [~haroldofu@177.159.20.76] has joined #openvpn
13:34 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
13:34 < James_Epp> This is hosted on the NAS, right? All this junk is configured through a web interface, so I assume the NAS is designed (maybe oddly) to inject the dyndns address of the server before letting the sysadmin/user download the openvpn.zip package.
13:34 < James_Epp> (That's what I'm thinking, at least). Pfsense does the same thing. This may sound nuts, but I've actually never setup openvpn with just a terminal. I'm very comfortable in such situations, just never had to do it.
13:36 <@ecrist> here's what a good server config should look like
13:36 <@ecrist> http://pastebin.ca/3028869
13:37 < James_Epp> So is there any security risk? That's really all I'm concerned about. it's not like anyone can just access the server without credentials, or get through the encryption, right? This is a very small setup.
13:40 <@ecrist> If you properly control things, there shouldn't be much risk.
13:44 -!- haroldof_ [~haroldofu@191.250.196.237] has joined #openvpn
13:45 -!- haroldof_ [~haroldofu@191.250.196.237] has quit [Read error: Connection reset by peer]
13:45 -!- haroldo__ [~haroldofu@191.250.196.237] has joined #openvpn
13:46 -!- haroldofurtado [~haroldofu@177.159.20.76] has quit [Ping timeout: 245 seconds]
13:46 -!- haroldo__ [~haroldofu@191.250.196.237] has quit [Client Quit]
13:46 -!- haroldofurtado [~haroldofu@191.250.196.237] has joined #openvpn
13:49 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
13:51 -!- haroldof_ [~haroldofu@177.135.7.242.dynamic.adsl.gvt.net.br] has joined #openvpn
13:53 -!- haroldofurtado [~haroldofu@191.250.196.237] has quit [Ping timeout: 264 seconds]
13:55 < NucWin> anyone come across the erorr "Route rejected by Android10.8.12.6/30 Bad address"
13:55 < NucWin> android -> windows 2008r2 connection
13:55 < NucWin> but it does seem to be working ok
13:56 -!- haroldofurtado [~haroldofu@191.251.244.112] has joined #openvpn
13:58 -!- haroldof_ [~haroldofu@177.135.7.242.dynamic.adsl.gvt.net.br] has quit [Ping timeout: 264 seconds]
14:05 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
14:06 -!- haroldofurtado [~haroldofu@191.251.244.112] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
14:06 <@ecrist> NucWin: increase the verbosity and see what it does.
14:07 <@ecrist> it's possible there's more info to be had
14:08 < Thermi> NucWin: CHeck the syntax for route. I think you have to give the netmask, not use CIDR notation.
14:09 < NucWin> i do have the log from openvpn for android but doesnt seem to give any more info
14:10 < NucWin> the server uses netmask
14:10 < NucWin> almost the same config as my linux server and that doesnt have the same error
14:10 < NucWin> ecrist may i pm you a link to my log (so i dont have to redact most of it)
14:11 <@ecrist> no
14:11 <@ecrist> !topsecret
14:11 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
14:11 -!- haroldofurtado [~haroldofu@191.251.244.112] has joined #openvpn
14:12 < NucWin> gimmie few mins to clean it then
14:12 <+esde> !redact
14:12 <@vpnHelper> "redact" is Please don't redact or change things(hostname, port, CNs, etc) when you !paste your !configs and !logs. It's a lot easier for us to debug if we're seeing the same thing you are.
14:12 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 265 seconds]
14:12 < Thermi> NucWin: The only secret things are your credentials.
14:13 <+esde> including any in-line pki
14:13 -!- haroldof_ [~haroldofu@191.251.244.112] has joined #openvpn
14:16 -!- Yoda [Yoda@unaffiliated/yoda] has joined #openvpn
14:17 < NucWin> https://pste.me/#/WMUo2/4Wxf9KsKadkFBJxyu06nejbmTErNd9mJ
14:17 -!- haroldofurtado [~haroldofu@191.251.244.112] has quit [Ping timeout: 250 seconds]
14:18 < NucWin> ^^ error
14:18 < NucWin> https://pste.me/#/aIsNC/QwjjcAmYojX3QDG3jP6VzVQENd2VFQGs <--- server
14:19 -!- haroldofurtado [~haroldofu@179.187.42.115.dynamic.adsl.gvt.net.br] has joined #openvpn
14:20 < Thermi> NucWin: "Android10..." looks like a bad route for me
14:20 < Thermi> missing white space?
14:20 < NucWin> https://pste.me/#/gRX7Q/Nt4SG7n0mX7XJ3ngi2A2K5n4Cec7G53K <-- client
14:21 < NucWin> none of my configs mention Android
14:21 -!- haroldof_ [~haroldofu@191.251.244.112] has quit [Ping timeout: 256 seconds]
14:25 -!- Yoda [Yoda@unaffiliated/yoda] has left #openvpn ["Wake me up.. when September ends"]
14:27 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
14:29 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Excess Flood]
14:30 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
14:30 <@ecrist> NucWin: you have a typo in your server config
14:30 <@ecrist> or something
14:31 -!- haroldof_ [~haroldofu@179.178.122.169] has joined #openvpn
14:31 <@ecrist> 288.288.288.288 isn't a valid IP address
14:31 < NucWin> that is my public ip
14:32 < NucWin> i though the fact it was way way out of being a valid ip you would have guessed that
14:32 -!- haroldofurtado [~haroldofu@179.187.42.115.dynamic.adsl.gvt.net.br] has quit [Ping timeout: 244 seconds]
14:33 -!- haroldofurtado [~haroldofu@191.251.247.176] has joined #openvpn
14:35 < NucWin> oops i just read back to the bit about not redacting, i was too busy redacting at that point sorry
14:36 < NucWin> host and extrernal ip are incorrect everything else is untouched
14:36 -!- haroldof_ [~haroldofu@179.178.122.169] has quit [Ping timeout: 244 seconds]
14:38 < NucWin> its got to be a windows host thing
14:38 < NucWin> the config is mostly the same on my linux server and that one connects without error
14:41 -!- haroldofurtado [~haroldofu@191.251.247.176] has quit [Ping timeout: 246 seconds]
14:42 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
14:51 < NucWin> been playing spot the difference with the log from connecting to linux server and log from connecting to windows server
14:51 < NucWin> Routes: 0.0.0.0/0, 10.8.2.1/32, 10.8.2.10/30 <<-- linux
14:52 < NucWin> Routes: 10.8.12.1/32, 10.8.12.6/30 <<-- windows
14:52 < NucWin> VpnService routes installed: 0.0.0.0/0 <<-- linux
14:52 < NucWin> VpnService routes installed: 10.8.12.1/32, 10.8.12.6/30  <<-- windows
15:02 < NucWin> OpenVPNService.java 548:  VpnStatus.logError(getString(R.string.route_rejected) + route + " " + ia.getLocalizedMessage());
15:02 < NucWin> ^^^ thats why there is no space in the error
15:08 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Ping timeout: 272 seconds]
15:14 -!- dazo is now known as dazo_afk
15:18 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 265 seconds]
15:18 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
15:21 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:23 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
15:30 < obcecado> i guess that's related to the topology mode being used NucWin
15:41 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has left #openvpn []
15:44 -!- DancerInShadows [~dancer@ec2-54-186-18-47.us-west-2.compute.amazonaws.com] has joined #openvpn
15:45 < DancerInShadows> hello; I'm hoping this is a quick question, but does anyone know _why_ --port-share is not implemented on Windows builds?
15:46 < DancerInShadows> I tried searching the forums, but the forum search was unable to find "--port-share" even though I've stumbled across it in the forums a few times
15:48 < NucWin> the error seems to be the error its self. Because I'm not pushing any routes just using end to end the app is trying to set its self as a route to its self which is invalid
15:57 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
16:08 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
16:11 -!- polardroid [~chatzilla@46.17.63.169] has joined #openvpn
16:11 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
16:13 -!- r8b7xy [~weechat@104.238.169.33] has left #openvpn ["WeeChat 1.2"]
16:16 -!- polardroid [~chatzilla@46.17.63.169] has left #openvpn []
16:19 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 255 seconds]
16:24 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
16:29 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
16:34 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:36 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
16:44 -!- shadok_ is now known as shadok
16:45 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:45 < Eugene> DancerInShadows - You're looking for #openvpn-devel
16:47 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 244 seconds]
17:02 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
17:03 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 276 seconds]
17:08 < DancerInShadows> thanks Eugene
17:10 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
17:17 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
17:25 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 252 seconds]
17:29 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
17:30 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
17:34 < diytto> Hi, how can i generate .ovpn config files for my server? Is there a command to do it, or do I just need to build them manually?
17:38 -!- James_Epp [~james@216.36.146.9] has quit [Remote host closed the connection]
17:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:57 < NucWin> diytto: https://openvpn.net/index.php/open-source/documentation/howto.html#examples
17:57 <@vpnHelper> Title: HOWTO (at openvpn.net)
18:24 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
18:32 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 264 seconds]
18:40 -!- seg [~seg@fsf/member/seg] has joined #openvpn
19:00 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:04 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
19:30 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
19:36 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 245 seconds]
20:19 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 240 seconds]
20:34 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
20:44 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
20:49 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
21:03 -!- nutron [~nutron@unaffiliated/nutron] has quit [Remote host closed the connection]
21:08 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
21:12 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
21:30 -!- Malsasa [~Malsasa@202.154.56.138] has joined #openvpn
21:42 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
21:47 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 246 seconds]
21:48 -!- Malsasa [~Malsasa@202.154.56.138] has quit [Ping timeout: 276 seconds]
22:33 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
22:36 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
22:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
22:45 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
22:51 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 244 seconds]
23:07 -!- ShadniX [dagger@p5481C47B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:09 -!- ShadniX [dagger@p5481D124.dip0.t-ipconnect.de] has joined #openvpn
23:48 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
23:50 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
23:56 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:58 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 245 seconds]
--- Day changed Tue Jun 16 2015
00:08 -!- Malsasa [~Malsasa@125.164.135.64] has joined #openvpn
00:16 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
00:34 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
00:37 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:41 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
00:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:57 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
01:03 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 250 seconds]
01:09 -!- Malsasa [~Malsasa@125.164.135.64] has quit [Killed (barjavel.freenode.net (Nickname regained by services))]
01:14 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 246 seconds]
01:15 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
01:17 -!- fred`` [fred@earthli.ng] has joined #openvpn
01:21 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
01:27 -!- Telvana [~digits@cpe-66-61-62-36.neo.res.rr.com] has quit [Ping timeout: 265 seconds]
01:31 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:31 -!- mode/#openvpn [+o mattock2] by ChanServ
01:32 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
01:42 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:43 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:47 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 252 seconds]
01:51 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
02:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 256 seconds]
02:05 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
02:14 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 246 seconds]
02:22 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
02:25 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
02:31 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has quit [Quit: /quit]
02:37 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
02:38 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has joined #openvpn
02:38 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:43 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:914e:aa57:8110:2c0c] has joined #openvpn
02:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:914e:aa57:8110:2c0c] has quit [Ping timeout: 265 seconds]
02:48 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
03:11 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
03:17 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Ping timeout: 252 seconds]
03:18 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 252 seconds]
03:24 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
03:25 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
03:29 -!- plasma [plasma@antiquos.technopagans.com] has quit [Ping timeout: 272 seconds]
03:29 -!- pompato [~root@rttlm.dti.supsi.ch] has joined #openvpn
03:29 < pompato> hi
03:29 < pompato> can anyone please support me briefly? I have a clear situation and I don't understand what is happening
03:30 < pompato> We are using openvpn-2.2.2 for compatibility purposes in our project - I know it is quite old but it is a requirement...
03:31 < pompato> I admit that everything was working before, and now I can't figure out what is happening:
03:32 < pompato> My network scheme: [client]---LAN---[OpenVPN router]-------(Internet)----[OpenVPN server: Remote Gateway]------Internet
03:33 < pompato> on the OpenVPN local router, I have ip rules to mark packets for a certain destination, say mark 0x1. They are redirected to the according routing table, say TABLE0, containing a default route through the tunnel endpoint:
03:34 < pompato> table TABLE0: default via 10.0.1.5 dev tun0 <---- tun0 has IP: 10.0.1.1, P-t-P: 10.0.1.5
03:35 < pompato> ipv4.ip_forward is 1, and rp_filters (default.rp_filter, all.rp_filter) are 0
03:36 < pompato> from the client, I ping the destination for which I have the iptables mangle rules that MARK and ACCEPT the packets for that dest with 0x1, sending them to table TABLE0.
03:36 < pompato> The problem: tcpdump -i tun0 on the local OpenVPN router shows packets from: client_ip -> public-dest
03:37 < pompato> but on the server, tcpdump -i tun0 does not show activity: packets are dropped and don't reach the server's tunnel endpoint
03:37 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:39 < pompato> if however, on the local router, I add an explicit route through dev tun0 for the public-dest, I can ping it correctly from the local router, going through the tunnel and exiting through the remote openvpn server.
03:40 < pompato> it seems that forwarded packets coming from the client are dropped after they enter tun0. Iptables filter and all chains are clean, except for the needed mangling rules. I know no masquerade is needed for this
03:45 < BtbN> pompato, you should update to the latest version. 2.2.2 has a bunch of known vulnerabilities.
03:45 < BtbN> There was a 2.2.3 maintainance release not too long ago
03:46 < BtbN> If you realy have to stay on 2.2
03:46 < pompato> BtbN, we are away of this sadly: I reported this, but we have to..
03:46 < pompato> aware*
03:46 < BtbN> 2.2.3 contains only bugfixes
03:46 < BtbN> It does not breaky any compatiblity
03:46 < pompato> mh.. Ok, I will report this
03:47 < pompato> what do you think about the routing issue? I really can't figure it out... the default policies of iptables chains are ACCEPT
03:47 < pompato> could be something on the client ?
03:51 < BtbN> No idea, i don't think i even understand your setup.
03:51 < pompato> okk
03:51 < pompato> I know it is quite complex
03:59 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
04:11 -!- dazo_afk is now known as dazo
04:13 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:15 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
04:23 <@dazo> !configs
04:23 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
04:23 <@dazo> !logs
04:23 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
04:23 <@dazo> !serverlan
04:23 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
04:23 <@dazo> !clientlan
04:23 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
04:23 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
04:23 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 245 seconds]
04:24 <@dazo> pompato: ^^^ those for vpnHelper hints should provide a starting place to get help
04:25 <@dazo> pompato: from a 2.2 point of view, the 2.3 releases shouldn't cause any incompatibilities with 2.2 .... but 2.2.3 is really the minimum release you should be running ... please have these security issues in mind when running an outdated version: http://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
04:25 <@vpnHelper> Title: SecurityAnnouncements – OpenVPN Community (at community.openvpn.net)
04:27 <@dazo> (most of them are OpenSSL related, which OpenVPN depends on.  But there are a few OpenVPN related issues as well)
04:30 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
04:44 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:44 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b57b:a300:a8f1:98a7] has joined #openvpn
04:45 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
04:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b57b:a300:a8f1:98a7] has quit [Ping timeout: 265 seconds]
05:01 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:02 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has quit [Quit: Quit]
05:04 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has joined #openvpn
05:04 -!- SushiDude [~SushiDude@unaffiliated/sushidude] has left #openvpn []
05:19 -!- mah0-deh0 [028bce9e@gateway/web/freenode/ip.2.139.206.158] has joined #openvpn
05:20 < mah0-deh0> hello all
05:21 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
05:30 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 265 seconds]
05:36 < showaz> https://bpaste.net/show/50a61c06bf6f
05:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b445:372c:86d7:ba3f] has joined #openvpn
05:46 -!- seg [~seg@fsf/member/seg] has quit [Quit: !!]
05:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b445:372c:86d7:ba3f] has quit [Ping timeout: 256 seconds]
05:50 < sjums> holy f***, showaz ! Where'd you get that from?
05:50 -!- seg [~seg@fsf/member/seg] has joined #openvpn
05:54 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 272 seconds]
05:54 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
05:58 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
06:21 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
06:28 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
06:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
06:31 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
06:35 <@dazo> showaz: Do you know who wrote this piece?
06:36 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:39 < sjums> He must be out taking some... showaz !! :D *badum tschh*
06:40 <@dazo> showaz: I'm asking because I think it would be great if the author would join #openvpn-devel for a quick discussion on this topic, preferably during one of our developer meetings (semi-random/semi-regular every other Monday) ... and if we can get James Yonan or others understanding the network stack in OpenVPN better to verify these findings, it would be a great article on our community wiki
06:41 <@plaisthos> dazo: findings for tcp are spot on
06:41 <@dazo> I do know that we did speak briefly about the sndbuf and rcvbuf in the last openvpn hackathon last autumn, but nobody of us have had time to dive deeper
06:41 <@dazo> plaisthos: that's what I thought as well :)
06:42 <@dazo> plaisthos: but I wonder how this is supported in Windows, Android and iOS
06:42 <@plaisthos> dazo: buffer scaling or what?
06:42 <@plaisthos> dazo: ignore iOS :)
06:43 <@dazo> plaisthos: actually, do these options actually work on those platforms at all?  And do they have the same effect?
06:43 <@plaisthos> dazo: openvpn3 probably does not parse this option at all, so no effect
06:44 <@dazo> right
06:44 < sjums> dazo: I get 18/16mbit on my android with the settings and 13/16 without on the server. No big difference. But on windows I went from ~4 down to 45mbit down with the tweak
06:44 <@dazo> wow!
06:44 <@dazo> sjums: using openvpn over udp or tcp?
06:45 <@plaisthos> reading the source code we use os default on everything but windows
06:45 < sjums> udp
06:46 <@plaisthos> sjums: you should have a message like "Socket Buffers: R=[%d->%d] S=[%d->%d]" in your log
06:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:acf7:6814:4351:4ca4] has joined #openvpn
06:47 <@plaisthos> if you use --verb 3 or higher
06:47 <@plaisthos> can you paste what message you get there?
06:47  * dazo will try this at his home setup now
06:48 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:48 <@plaisthos> dazo: you will not see the message on !Windows unless you manually set sndbuf and/or recvbuf
06:48 < sjums> Socket Buffers: R=[8192->8192] S=[8192->8192]
06:49 <@plaisthos> hm
06:49 < showaz> sjums: UDP-Lite: http://www.ietf.org/rfc/rfc3828.txt / TCP opti http://simula.stanford.edu/~alizade/Site/DCTCP.html
06:49 <@vpnHelper> Title: Data Center TCP (at simula.stanford.edu)
06:49 -!- mah0-deh0 [028bce9e@gateway/web/freenode/ip.2.139.206.158] has quit [Quit: Page closed]
06:49 < sjums> with doesn't really match my config. Unless I'm missing something
06:49 <@plaisthos> :)
06:49 <@plaisthos> sjums: maybe windows just does not report it back probably
06:50 <@plaisthos> the code does  read buf size from os, set buf size, read buf size again
06:50 <@plaisthos> and then show first read => second read
06:51 < sjums> wait, there's more :)
06:51 <@plaisthos> :)
06:51 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:acf7:6814:4351:4ca4] has quit [Ping timeout: 265 seconds]
06:51 < sjums> https://bpaste.net/show/c64be1b953f5
06:52 <@plaisthos> ah there it really changes
06:52 < sjums> yup
06:52 <@plaisthos> 8k is a bit small
06:52 <@plaisthos> what OS is that running on?
06:52 < sjums> the server?
06:52 <@plaisthos> windows or something else?
06:53 <@plaisthos> where you got the 8192->8192 stuff
06:53 < sjums> windows 7 professional 64bit
06:53 <@plaisthos> strange
06:53 <@plaisthos> the default should be 64k in openvpn
06:53 <@plaisthos> /should/
06:53 < sjums> with the official OpenVPN software
06:54 < sjums> OpenVPN 2.3.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun  8 2015
06:55 < sjums> if that helps track anything down :)
06:56 <@dazo> Socket Buffers: R=[131072->425984] S=[131072->425984] ... looking promising
06:58 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
06:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
07:00 <@dazo> well, I can at least confirm that the nfs cache is working .... 755MiB/s .... copied ~530MB in less than a second the second time
07:01 <@plaisthos> dazo: yeah and the default is much bigger 131k
07:01 < sjums> are you saying I'm broken ? :(
07:02 <@plaisthos> sjums: no, windows has more much smaller default buffer than linux
07:02 <@plaisthos> it may be good to increase the default buffer size on Windows
07:04 <@plaisthos> it should set the default to 65k but for some reason that is not happening
07:05 < sjums> The technet article on TcpWindowSize says that the MSS is "up to a maximum size of 64 KB"
07:06 <@plaisthos> mss is something completely different
07:06 <@plaisthos> mss is the maximum size of a tcp segment, and specifices the maximal packet size for tcp
07:07 <@plaisthos> that is usually around 14xx
07:07 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://hallowe.lt/]
07:07 <@plaisthos> (1500 -ip headers)
07:08 < sjums> which is 40 bytes
07:08 < sjums> I misread that part before
07:09 -!- Fusl [~Fusl@unaffiliated/fusl] has joined #openvpn
07:09 <@plaisthos> no problem
07:09 <@dazo> plaisthos: with the values from that bpaste I had 3.13MiB/s on a file transfer of 535MB on an NFS share .... without setting sndbuf/rcvbuf I'm getting roughly 2.94Mbit/s ... however, the speed drops considerably after I get a replay-window backtrack, backtracks seem to happen twice in both configs  ... so we might have an issue here .... (server 2.3.7, client git master)
07:10 <@plaisthos> for a replay-window backtrack there needs to be some packet reordering or packet duplication
07:10 <@plaisthos> or the backtrack dection code is very broken
07:10 <@plaisthos> not sure which is more realisitic
07:12 <@dazo> yeah ... I believe the former .... the server side is not an efficient server, it is virtualized on a host which is currently a bit too weak
07:12 -!- mcp [~mcp@wolk-project.de] has quit [Quit: ZNC - http://znc.sourceforge.net]
07:12 <@dazo> it would not surprise me that it's the openvpn server side which doesn't respond quickly enough
07:14 <@dazo> but I also think there might be some issues with the code ... as it is a noticeable performance drop once it happens
07:14 <@plaisthos> dazo: yeah openvpn drops packets after that happens
07:14 <@plaisthos> so tcp scales back and so on
07:18 <@plaisthos> I am not sure how to read teh replay-window log message ...
07:21 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Quit: WeeChat 0.4.2]
07:44 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
08:17 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has joined #openvpn
08:29 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:34 -!- Malsasa [~Malsasa@36.84.69.204] has joined #openvpn
08:43 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:52 -!- showaz [~showaz@unaffiliated/showaz] has quit [Remote host closed the connection]
08:55 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
08:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
09:05 -!- pompato [~root@rttlm.dti.supsi.ch] has quit [Ping timeout: 255 seconds]
09:07 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
09:08 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Ping timeout: 246 seconds]
09:11 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
09:11 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
09:13 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
09:48 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:59 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
10:10 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
10:32 -!- Malsasa [~Malsasa@36.84.69.204] has quit [Read error: Connection reset by peer]
10:48 -!- Malsasa [~Malsasa@36.84.69.204] has joined #openvpn
10:54 -!- fixi [~fixi@unaffiliated/fixi] has joined #openvpn
10:54 < fixi> hey
10:54 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has quit [Ping timeout: 265 seconds]
10:54 < fixi> im rather sad to conclude that there is no openvpn client available for windows phone 8.1 right now. please prove me wrong
10:54 < fixi> ;).
10:55 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has quit [Ping timeout: 255 seconds]
10:58 < fixi> so my question would be for you if you could suggest another vpn server which i could install along openvpn and then route users into openvpns subnet somehow?
10:58 < fixi> something like strongswan?(their last exploit doesnt sell them tough..)
10:59 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:59 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has joined #openvpn
11:07 -!- Malsasa [~Malsasa@36.84.69.204] has quit [Ping timeout: 265 seconds]
11:07 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
11:23 <+esde> https://letsencrypt.org/2015/06/16/lets-encrypt-launch-schedule.html
11:23 <@vpnHelper> Title: Let's Encrypt Launch Schedule (at letsencrypt.org)
11:25 -!- Denial- [~Denial@81.141.17.48] has quit []
11:26 <+esde> I don't own any windows mobile devices, so i can't attest to this information, but it seems your options for any sort of VPN are extremely limited :( http://forums.windowscentral.com/windows-phone-8/295808-windows-phone-8-1-vpn-pptp-openvpn-l2tp-ipsec.html
11:26 <+esde> fixi ^
11:30 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:30 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:41 -!- Malsasa [~Malsasa@36.81.96.80] has joined #openvpn
11:50 -!- reith [~nil@unaffiliated/reith] has joined #openvpn
11:56 < reith> Can I make point to IP of server in openvpn's server config file? I want push DNS server to client but DNS server is running on server itself and we use same config file on several servers
11:57 -!- Malsasa [~Malsasa@36.81.96.80] has quit [Read error: Connection reset by peer]
11:59 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:09 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
12:11 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
12:12 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 272 seconds]
12:15 <+esde> !push-dns
12:15 <+esde> !pushdns
12:15 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
12:15 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
12:20 < reith> It's great that openvpn accept configuration directives with command line input, @esde thank you
12:23 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
12:24 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:42 -!- toli [~toli@ip-62-235-220-103.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
12:44 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Remote host closed the connection]
12:44 -!- toli [~toli@ip-62-235-241-91.dsl.scarlet.be] has joined #openvpn
12:44 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
12:46 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Client Quit]
12:46 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
12:54 -!- Malsasa [~Malsasa@36.81.96.80] has joined #openvpn
12:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:55 -!- mode/#openvpn [+o mattock1] by ChanServ
12:55 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Quit: Goodbye!]
13:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
13:12 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:14 -!- justinzane [~justinzan@24.49.199.88] has quit [Remote host closed the connection]
13:16 -!- ninjai [~ninjai@mail.speedlinesolutions.com] has joined #openvpn
13:16 < ninjai> does OVPN use a lot of bandwidth if it's always on?
13:19 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:19 -!- mode/#openvpn [+o mattock2] by ChanServ
13:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
13:23 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
13:30 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:30 -!- BtbN [btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
13:33 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
13:33 <+esde> i don't know how to answer that.
13:34 <+esde> if there's a negligible amount of bandwidth traveling over the connection, the consumption will be negligible.
13:35 <+esde> if there's an inordinate amount of bandwidth traveling over the connection, the consumption will be excessive.
13:46 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
13:50 -!- DancerInShadows [~dancer@ec2-54-186-18-47.us-west-2.compute.amazonaws.com] has left #openvpn []
13:58 <@dazo> ninjai: no, only a few bytes for the control channel ... but not something you'll really notice
13:58 < ninjai> ok
13:58 <@dazo> if you use --keepalive/--ping ... the control channel will be activated every now and then ... otherwise it is the --reneg-* options which will trigger some traffic
13:58 < ninjai> trying to figure out where my leaky faucet is
13:58 < ninjai> my bandwidth just gets eaten away each month
13:59 <@dazo> well, depends on what you tunnel ... when the tunnel is active, the packets do get bigger due to the nature of encryption
13:59 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
13:59 <@dazo> (active - meaning data is being transported)
13:59 < adraenwan> !welcome
14:00 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:00 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:16 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
14:30 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
14:32 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has left #openvpn ["Real otts run as root"]
14:34 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 265 seconds]
14:34 -!- dazo is now known as dazo_afk
14:35 -!- reith [~nil@unaffiliated/reith] has quit [Ping timeout: 250 seconds]
14:45 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
14:53 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
14:54 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:56 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Max SendQ exceeded]
14:57 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
15:04 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
15:13 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
15:18 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
15:32 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Quit: Goodbye!]
15:55 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 245 seconds]
15:56 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
16:00 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Max SendQ exceeded]
16:01 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
16:19 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
16:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:42 -!- MidnightCommand- is now known as MidnightCommande
16:42 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Quit: Goodbye!]
16:43 -!- MidnightCommande is now known as MidnightCommand-
16:58 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:03 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
17:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
17:13 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has quit [Ping timeout: 244 seconds]
17:16 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has joined #openvpn
17:22 < fixi> thanks esde
17:22 < fixi> thats a rather old thread
17:23 < fixi> there were 4 updates to the platform the last this march
17:23 < fixi> it even enabled ssl vpn possibility
17:24 <+esde> i have no idea, and i doubt the majority of users here do either
17:24 < fixi> however theyve limited access to the api that controls it. (i registered a developer account anyway already and tought id compile my own openvpn app but i dont have capital for 250$/ticket
17:24 <+esde> your best bet is asking in a windows-mobile-centric channel
17:24 < fixi> yea i see
17:25 < fixi> thx anyway just tought its always to ask the community if someone had already faced such problems as most problems arent new on face of the earth :)
17:26 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-fzhetcogldlwtdaw] has quit [Ping timeout: 276 seconds]
17:26 < fixi> finally: thanks for the suggestion ill check it out
17:26 < fixi> google searches showed a real demand for openvpn 4 wp
17:26 < fixi> even turned up results like "only reason for sticking with android is the lack of an openvpn client :D"
17:27 < fixi> (on WP)
17:28 -!- MalteJ [sid46380@gateway/web/irccloud.com/x-lgttjnakenqzxnrr] has joined #openvpn
17:31 <+pekster> Be wary the phrase "SSL VPN" as too many (ignorant) vendors use it to describe Application Layer Gateways (ALG) technology, like Citrix; that's not a VPN at all, but an application served over a TLS layer
17:32 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:32 <+pekster> This said, if you're seriously interseted in development efforts, you might look at an SDK for your target platform, and maybe see what modifications existing build systems require for it. OpenVPN is generally cross-compiled, so you might start by reviewing the options for mingw targeting WP
17:33 <+pekster> ML might be a good place to start, as would the vendor guidelines on an "actual app" for which you need to play in Microsoft's walled garden to get any non-developer build supported
17:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:16 -!- b4tm4n [~b4tm4n@gateway/vpn/privateinternetaccess/b4tm4n] has joined #openvpn
18:17 < b4tm4n> is there an accepted way to connect on boot to a vpn in ubuntu?
18:22 < b4tm4n> i know there's autostart, but i cannot find documentation on it and every forum suggests "ALL" ,but I want to start a single VPN
18:25 <+pekster> You'd need to read the documentation for your distro init framework
18:27 -!- AMERICAN_PSYCHO [~AMERICAN_@62.sub-70-196-2.myvzw.com] has joined #openvpn
18:29 < b4tm4n> pekster, i've searched the internet for the last 30 minutes and cannot find documentation on what AUTOSTART does
18:29 < b4tm4n> is the argument a file name?  is it a subset of string (all, none, etc) - i have no idea
18:29 <+pekster> !notovpn
18:29 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
18:29 <+pekster> Have you tried #yourdistro?
18:30 <+pekster> Or $YourDistro's mailing lists?
18:30 <+pekster> Perhaps $YourDistro's forums?
18:31 <+pekster> OpenVPN runs whatever config you give it as the argument to --config, or optionally as the sole argument to the `openvpn` binary invocation. If you want to do something "on startup" this is going to be after your 'init' program, which is generally controlled by a series of scripts and/or compiled programs installed by your distribution
18:32 <+pekster> If you wish to "run one" config, then simply launch one. How you do that depends on your distro. Gentoo and FreeBSD are symlink-friendly, so you merely symlink "another" instance to the master initscript. NFI how systemd abstracts that, but surely the service file tells you?
18:32 <+pekster> Maybe file a bug if it doesn't? Some minion on Lennart or Debian's team ought to get right on that :P
18:33 < b4tm4n> a simple, sorry, look elsewhere would have sufficed... :)
18:33 <+pekster> I told you that, then whined about "AUTOSTART" and such
18:33 < b4tm4n> and, yeah, i've been through that - can't find much info - i'll keep looking
18:34 < b4tm4n> pekster, true, you did
18:34 <+pekster> And in case you can't tell, I think systemd is a rotting pile of unsupported shit :P
18:37 <+pekster> Seems to me the comments in openvpn.init.d shipped with the debian sources are what you're looking for
18:37 <+pekster> No idea where that's "documented" in userland. As most things I've seen in systemd, there exists marginal-to-no user docs, and the dev docs aren't stable each time the API changes, if they're documented at all
18:38 <+pekster> https://packages.debian.org/sid/openvpn
18:38 <@vpnHelper> Title: Debian -- Details of package openvpn in sid (at packages.debian.org)
18:38 <+pekster> Read the stanza in that file under ### BEGIN INIT INFO
18:41 <+pekster> Ironically, the README.Debian file probably explains what you need too
18:58 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
18:59 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:34 -!- james41382_ is now known as james41382
19:52 -!- Max-P [~Max-P@vm0.max-p.me] has quit [Remote host closed the connection]
20:27 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 246 seconds]
20:31 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
21:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 276 seconds]
21:45 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:06 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
22:09 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
22:11 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Ping timeout: 264 seconds]
22:16 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
22:56 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
23:01 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
23:02 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
23:02 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
23:04 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 276 seconds]
23:06 -!- ShadniX [dagger@p5481D124.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:08 -!- ShadniX [dagger@p5481D4DE.dip0.t-ipconnect.de] has joined #openvpn
23:11 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 240 seconds]
23:16 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
23:41 -!- GLaDER [~GLaDER@gladernet.csbnet.se] has left #openvpn ["WeeChat 1.2"]
23:45 -!- b4tm4n [~b4tm4n@gateway/vpn/privateinternetaccess/b4tm4n] has quit [Quit: Leaving]
23:45 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
--- Day changed Wed Jun 17 2015
00:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
00:06 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
00:06 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
00:07 < Eugene> !conf
00:07 < Eugene> !configs
00:07 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
00:09 -!- AMERICAN_PSYCHO [~AMERICAN_@62.sub-70-196-2.myvzw.com] has quit [Quit: Goodbye!]
00:17 -!- Malsasa [~Malsasa@36.81.96.80] has quit [Remote host closed the connection]
00:46 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 256 seconds]
00:48 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
01:02 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:15 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:20 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
01:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
01:30 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
01:41 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 252 seconds]
01:44 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
01:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
02:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
02:47 -!- Malsasa [~Malsasa@36.71.144.3] has joined #openvpn
02:57 -!- Malsasa [~Malsasa@36.71.144.3] has quit [Remote host closed the connection]
03:00 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has quit [Remote host closed the connection]
03:00 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
03:06 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:06 -!- mode/#openvpn [+o mattock1] by ChanServ
03:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
03:09 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Ping timeout: 255 seconds]
03:10 -!- Haxxa [~Harrison@cpe-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Remote host closed the connection]
03:13 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
03:48 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
04:01 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:07 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8010:8ee2:e215:9c51] has joined #openvpn
04:12 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8010:8ee2:e215:9c51] has quit [Ping timeout: 272 seconds]
04:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
04:32 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:33 -!- dazo_afk is now known as dazo
04:50 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
04:52 -!- fixi [~fixi@unaffiliated/fixi] has left #openvpn []
05:03 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ed7f:e234:a926:fc8] has joined #openvpn
05:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ed7f:e234:a926:fc8] has quit [Ping timeout: 265 seconds]
05:14 -!- Malsasa [~Malsasa@36.82.82.114] has joined #openvpn
05:16 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
05:17 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
05:24 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Read error: Connection reset by peer]
05:25 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
05:25 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
05:25 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
05:42 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
05:48 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Ping timeout: 276 seconds]
05:49 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
05:52 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:55 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
05:59 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:03 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 265 seconds]
06:06 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
06:10 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
06:18 -!- TyrfingMjolnir [~Tyrfing@183.90.37.154] has joined #openvpn
06:20 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
06:25 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Ping timeout: 265 seconds]
06:31 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
06:32 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Client Quit]
06:32 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has joined #openvpn
06:49 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
06:51 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
07:01 -!- TyrfingMjolnir [~Tyrfing@183.90.37.154] has quit [Read error: Connection reset by peer]
07:02 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:12 -!- TyrfingMjolnir [~Tyrfing@183.90.37.154] has joined #openvpn
07:15 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:25 -!- TyrfingMjolnir [~Tyrfing@183.90.37.154] has quit [Read error: No route to host]
07:30 -!- MaxFrames [~MaxFrames@unaffiliated/maxframes] has joined #openvpn
07:31 -!- MaxFrames [~MaxFrames@unaffiliated/maxframes] has left #openvpn ["Reality is that which, when you stop believing in it, doesn't go away"]
07:36 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
07:55 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:57 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Ping timeout: 246 seconds]
08:01 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 265 seconds]
08:10 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
08:11 -!- Delfyn [~alexis@banana.rzg.mpg.de] has joined #openvpn
08:14 < Delfyn> on the vpn server, packages originating from *behind* the client have their source IP as their local LAN IP addresses, which doesn't necessitate clients behind the *server* from knowing anything about the tunnel IPs, but packages originating *on* the client have their source IP as the *tunnel end* IP, which *does* necessitate that the clients behind the server know about the tunnel IPs. To relieve them from needing to know this info, I thought it should 
08:16 < Delfyn> use SNAT on the VPN server, with something like "iptables -t nat -A POSTROUTING -s  <client-vpn-tunnel-ip> -j SNAT --to-source=<client-local-man-ip>" but this seems to always fail to match, even though tcpdump would indicate that it should work. has anybody tried this and got it working?
08:18 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:23 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
08:34 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:37 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
08:49 -!- pa [~pa@unaffiliated/pa] has quit [Read error: Connection timed out]
08:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
08:49 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
08:55 -!- ninjai [~ninjai@mail.speedlinesolutions.com] has quit [Read error: Connection reset by peer]
09:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:05 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Remote host closed the connection]
09:07 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
09:15 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
09:30 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has joined #openvpn
09:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:33 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
09:34 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Remote host closed the connection]
09:34 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
09:42 < Delfyn> doh ... i left one ping running and added and removed the iptables rule: no effect. stop the ping, apply the rule, restart ping: works as expected. perhaps iptables thinks that a ping packet with sequence number > 1 is related to an "established" connection and so it isn't subject to the nat table. anyway, solved.
09:44 -!- Delfyn [~alexis@banana.rzg.mpg.de] has left #openvpn []
09:59 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
10:07 -!- Malsasa [~Malsasa@36.82.82.114] has quit [Read error: Connection reset by peer]
10:08 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Remote host closed the connection]
10:09 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:16 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
10:21 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
10:21 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
10:22 -!- Malsasa [~Malsasa@36.82.82.114] has joined #openvpn
10:35 -!- Blanc|AFK is now known as Blanc
10:38 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
10:43 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
10:53 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
10:57 -!- pqatsi [~leonardo@unaffiliated/leleobhz] has joined #openvpn
10:58 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
10:58 < pqatsi> I'm running a net30 vpn and i see subnet is the new recommended default. But i must have control of IPs that can forward to other clients or not (and to others networks) and i need to enforce the ip in IPP file will be the only authorized (net30 does not allow, via CIDR, any other ip addr than ones assigned by server)
10:59 < pqatsi> What do you guys recommend to move to subnet layout?
10:59 -!- Blanc [~Blanc@irc.dagon.me] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
11:09 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
11:16 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
11:17 < Eugene> IPP is not an "enforce"
11:18 < Eugene> Subnet has the same restrictions on IP-client mappings - if the client tries to be a different IP, the server will just ignore it
11:18 < Eugene> !subnet
11:18 <@vpnHelper> "subnet" is (#1) http://www.subnet-calculator.com/ or http://en.wikipedia.org/wiki/Subnetwork or (#2) Want a random subnet generator? See: !randomsubnet or (#3) You may be looking for !toplogy
11:18 < Eugene> !topology
11:18 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
11:18 < Eugene> !ccd
11:18 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
11:18 < Eugene> Use ccd to enforce what IP a client gets, not IPP.
11:19 < Eugene> Don't use --client-to-client, forcing all intra-VPN traffic through iptables
11:19 < Eugene> And then use iptables to dis/allow clients talking to each other
11:19 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
11:20 < pqatsi> Eugene: in a p2p/net30 network style, if client try to "force" another IP addr, they will not be adderessable
11:20 < pqatsi> So its a "enforce" (Woth a lot of ")
11:20 < Eugene> No, you weren't listening
11:20 < Eugene> IPP isn't doing shit
11:20 < Eugene> It's a set of suggestions, not "give this IP to this client"
11:21 < pqatsi> Eugene: even when using ifconfig-pool-persist ipp.file 0
11:21 < pqatsi> ?
11:21 < Eugene> Yes, even when.
11:21 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 252 seconds]
11:21 < Eugene> If that file has an error in it, it'll just throw it out and start fresh
11:21 < Eugene> The only way to enforce that is with CCD
11:21 < pqatsi> mmm
11:22 < Eugene> The same IP-client restrictiosn from p2p work under subnet
11:22 < pqatsi> Eugene: and enforcing it via CCD and subnet config will both avoid the IP change and disallow forward?
11:22 < Eugene> No, disallow forward is by not using --client-to-client
11:22 < pqatsi> so, via CCD, if a client try to override in client config file, the ip will just not work for notthing
11:22 < pqatsi> ?
11:22 < Eugene> IPP or CCD has nothing to do with that part
11:23 < pqatsi> Eugene: right. this part is ok. c-t-c is disabled now
11:23 < pqatsi> so ok with fw part
11:23 < pqatsi> now i just need to really enforce IP addr to a certificate
11:23 < Eugene> Once the server has picked an IP for a client, no matter how it does it, traffic not from that IP will be ignored from that client
11:23 < pqatsi> even denying conectivity if client forces another ip.
11:23 < Eugene> (or covered by an iroute directive)
11:23 < pqatsi> nice!
11:24 < pqatsi> Eugene: so 'ill change from ipp to ccd profile
11:28 < pqatsi> Eugene: also, thanks!
11:29 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
11:30 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
11:34 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
11:42 -!- coob [5195f31d@gateway/web/freenode/ip.81.149.243.29] has joined #openvpn
11:42 < coob> hi there - I have an openwrt server (tun) set up with clients connecting to it fine. clients can ping the server's tun0 internal IP fine (10.8.0.1). the server can ping a client on OS X (10.8.0.10), but not clients on linux (10.8.0.6 and 10.8.0.14). all clients can ping each other fine.
11:42 < coob> no linux clients have firewalls
11:43 -!- cyberspace- [20253@ninthfloor.org] has quit [Disconnected by services]
11:43 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
11:43 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
11:44 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
11:44 -!- Maxels [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
11:45 -!- Netsplit *.net <-> *.split quits: Kephael, KeatonT, shio, FruitieX
11:46 -!- Netsplit over, joins: KeatonT
11:49 -!- Raijenki [~Raijenki@ks24199.kimsufi.com] has joined #openvpn
11:53 -!- coob [5195f31d@gateway/web/freenode/ip.81.149.243.29] has quit [Ping timeout: 246 seconds]
11:58 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 250 seconds]
12:03 -!- Malsasa [~Malsasa@36.82.82.114] has quit [Read error: Connection reset by peer]
12:11 -!- zamber [~zamber@89-78-251-59.dynamic.chello.pl] has joined #openvpn
12:12 -!- krav [~kravlin@unaffiliated/kravlin] has joined #openvpn
12:12 -!- krav [~kravlin@unaffiliated/kravlin] has left #openvpn ["WeeChat 1.1.1"]
12:12 < zamber> Hi people, I've got a OpenVPN server set up on my home network (RPi with Raspbian) and from what I can see the OpenVPN client fails to set up the route for the connection correctly. http://pastebin.com/fcHEWRcL RPi has a bound DHCP address of 89.78.251.59 in the home network. How to debug it further? I'm on Arch.
12:17 < zamber> server: http://pastebin.com/ZGfCfC2E, client: http://pastebin.com/c3Dx69SM
12:20 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
12:22 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
12:25 <@ecrist> What's the problem?
12:34 < zamber> well, I don't get any traffic forwarded
12:35 < zamber> wait, i'm stupib
12:35 < zamber> I assumed it failed but it actually works
12:35 < zamber> I can't believe it
12:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:45 -!- mode/#openvpn [+o mattock1] by ChanServ
12:58 -!- toli [~toli@ip-62-235-241-91.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
12:58 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:58 -!- GH0ST [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
12:59 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Read error: Connection reset by peer]
13:00 -!- toli [~toli@ip-62-235-222-75.dsl.scarlet.be] has joined #openvpn
14:01 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 265 seconds]
14:02 < sjums> ..and remember kids, if you ever make iptable rules for common ports, remove them again when you no longer need them!
14:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:25 -!- mode/#openvpn [+o mattock1] by ChanServ
14:30 -!- jobewan [~jobewan@spartan.centurytel.net] has quit [Remote host closed the connection]
14:46 -!- NP-Completeass [~NP-Hardas@unaffiliated/np-hardass] has quit [Changing host]
14:46 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:46 -!- NP-Hardass [~NP-Hardas@unaffiliated/np-hardass] has quit [Changing host]
14:46 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
15:28 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
15:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
15:33 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:45 -!- dazo is now known as dazo_afk
15:45 -!- Raijenki [~Raijenki@ks24199.kimsufi.com] has quit [Quit: Leaving]
15:47 -!- rtpada [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 250 seconds]
15:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
15:49 -!- rtpada [~jgeilman@unaffiliated/adaptr] has joined #openvpn
15:53 -!- a773326b [~a773326b@windows-onyx1.cryptostorm.net] has joined #openvpn
15:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:53 -!- mode/#openvpn [+o mattock1] by ChanServ
15:55 -!- a773326b [~a773326b@windows-onyx1.cryptostorm.net] has quit [Read error: Connection reset by peer]
16:10 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
16:15 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
16:31 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds]
16:34 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
16:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
16:50 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:54 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:00 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:01 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
17:03 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 255 seconds]
17:04 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
17:05 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:15 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 264 seconds]
17:19 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 256 seconds]
17:25 -!- u0m3 [~u0m3@92.80.90.64] has joined #openvpn
17:45 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
18:29 -!- Ahrotahntee [~ahrotahnt@unaffiliated/ahrotahntee] has joined #openvpn
18:30 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Ping timeout: 276 seconds]
18:31 < Ahrotahntee> Does anyone know if it is possible to have OpenVPN permit connections from a particular intermediary CA? eg: CA -> VPN Intermediate -> Users. I've found that I need to include both the CA and the Intermediate in the ca config parameter, which would mean OpenVPN trusts all certs signed by either of those certificates (in effect all certificates under any intermediary)
18:32 < Ahrotahntee> please let me know if that was cut off; I'm not sure if my client is echoing the line as longer than was accepted by the server
18:36 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
18:40 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
18:58 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Remote host closed the connection]
19:02 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
19:14 < Ahrotahntee> so it looks like that attempting to auth with a certificate that was not signed by the intermediary in the chain file results in a TLS error
20:13 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
20:14 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 272 seconds]
20:14 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
20:46 -!- u0m3 [~u0m3@92.80.90.64] has quit [Ping timeout: 256 seconds]
20:47 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:195e:59fd:8803:4cf9] has joined #openvpn
21:02 -!- kcaj [~kcaj@unaffiliated/kcaj] has joined #openvpn
21:11 -!- TyrfingMjolnir [~Tyrfing@218.186.117.225] has quit [Quit: Searching for Waimea]
21:45 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 276 seconds]
21:46 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
22:31 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 272 seconds]
22:39 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
22:43 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has quit [Ping timeout: 276 seconds]
22:44 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
22:49 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Remote host closed the connection]
22:51 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has joined #openvpn
23:05 -!- ShadniX [dagger@p5481D4DE.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:06 -!- ShadniX [dagger@p5481D982.dip0.t-ipconnect.de] has joined #openvpn
23:09 -!- Malsasa [~Malsasa@36.84.71.249] has joined #openvpn
23:12 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
23:13 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:37 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
23:38 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
23:38 -!- Malsasa [~Malsasa@36.84.71.249] has quit [Ping timeout: 256 seconds]
23:39 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
23:42 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Ping timeout: 265 seconds]
--- Day changed Thu Jun 18 2015
00:18 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
00:20 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
01:10 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
01:15 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
01:17 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 276 seconds]
01:20 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
01:31 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:34 -!- xintron [~xintron@unaffiliated/xintron] has quit [Quit: Bice bice bice]
01:46 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
01:48 < sjums> I can't answer your question, Ahrotahntee, but I can tell your question ends with "..intermediary)" :)
01:48 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
01:49 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
01:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:52 -!- mode/#openvpn [+o mattock1] by ChanServ
01:57 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:19 -!- Malsasa [~Malsasa@36.71.144.6] has joined #openvpn
02:24 -!- Delfyn [~alexis@banana.rzg.mpg.de] has joined #openvpn
02:24 -!- Delfyn [~alexis@banana.rzg.mpg.de] has left #openvpn []
02:36 -!- Malsasa [~Malsasa@36.71.144.6] has quit [Remote host closed the connection]
02:44 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Quit: No Ping reply in 90 seconds.]
02:45 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
02:47 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
02:57 -!- GH0ST [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Remote host closed the connection]
02:58 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
03:03 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 272 seconds]
03:05 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
03:08 -!- hojgaard [~hojgaard@78.156.117.236] has joined #openvpn
03:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:10 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 255 seconds]
03:33 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
03:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:42 -!- mode/#openvpn [+o mattock1] by ChanServ
03:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
04:11 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
04:37 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:39 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
04:51 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
04:52 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
04:52 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 250 seconds]
04:56 -!- dazo_afk is now known as dazo
04:58 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:14 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
05:16 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Ping timeout: 265 seconds]
05:35 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
06:16 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 264 seconds]
06:17 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:24 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
06:29 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
06:29 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:48 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 276 seconds]
06:52 < heap_> hi
06:52 < heap_> one more thing, i have smb server on 10.0.1.20 im connected to local network using vpn 10.0.8.x (as client) but i cant see any smb share via vpn, any idea? i can telnet smbd port from client
06:55 < heap_> but when i type it like that on client smb://workgroup;username@hostname/sharename it works
06:56 < heap_> but it says it cant find alarm.localhost ... without ip
06:56 < heap_> so some problems with dns or?
06:58 < Ahrotahntee> sjums: thank you
06:58 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:58 < Ahrotahntee> sjums: as it would turn out if it's not signed by the intermediary in the chain file, you get a TLS error - which works.
06:58 <@ecrist> heap
06:59 <@ecrist> SMB browsing requires either being on the same broadcast domain or a WINS server
06:59 <@ecrist> !wins
06:59 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba
06:59 <@ecrist> otherwise, you can connect to it via going to Start->Run and typing \\10.0.1.20
07:00 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
07:00 < heap_> ok so i need to install wins server on vpn server
07:02 < heap_> is there any other protocol better then samba?
07:02 < heap_> and simillar to samba
07:14 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Ping timeout: 264 seconds]
07:15 <@ecrist> you could use SCP
07:15 <@ecrist> it's part of SSH, and there are nice graphical utilities to transfer files
07:15 <@ecrist> it somewhat depends on how you're actually using it
07:20 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
07:26 < toli> guys what we do when I don't have the crt and key for a client in easy-rsa? I cannot delete the client anymore!
07:26 < toli> I there a workaround?
07:27 <@ecrist>  no workaround.
07:27 <@ecrist> you can disable a VPN client by created a CCD entry with the word "disable" in it
07:28 <@ecrist> for the user you want to disable
07:32 -!- coob [5195f31d@gateway/web/freenode/ip.81.149.243.29] has joined #openvpn
07:32 < coob> hi - I have an openvpn server running on ubuntu vi tun0. Clients can connect to it fine and ping it on the virtual IP (10.8.0.1) and receive responses back fine. OS X clients connect fine, and the server can ping them fine (10.8.0.3). When linux clients (10.8.0.4) connect, they can ping the server and other clients (10.8.0.1, 10.8.0.3) fine. However, the server cannot ping the Linux Clients.
07:33 < coob> the clients are all using exactly the same configuartion
07:33 < coob> and their routing tables are all identical
07:33 < coob> any reason why I can ping the OS X clients from the server but not Linux clients?
07:36 < coob> none of the Linux clients have their firewalls turn on - iptables -L is empty
07:37 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
07:38 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Ping timeout: 244 seconds]
07:41 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
07:42 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:45 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
07:45 < toli> ecrist, cant I put the client in disable mode in the index.txt, as this is the one I read for my interface, when I manually put the V in there it generates erros
07:46 <@ecrist> no, you can't just edit the index.txt file
07:46 <@ecrist> OpenVPN doesn't even reference that file
07:46 <@ecrist> part of revoking a certificate is generating a CRL (certificate revokation list).
07:47 <@ecrist> This is what OpenVPN would look at to determine which certificates are valid.
07:48 <@ecrist> coob: firewall on the linux clients, perhaps?
07:48 <@ecrist> RHEL7 uses firewalld, not iptables
07:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:50 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 276 seconds]
07:52 < heap_> ecrist: its not that integrated into OS as smb
07:58 <@ecrist> Well, you should have all the information you need to make it work.
07:59 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
07:59 < heap_> yeah
07:59 < heap_> im trying to fix smb over vpn with wins
08:02 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
08:10 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
08:18 < coob> echrist - there's no firewall running on it
08:18 < coob> (the linux client)
08:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:195e:59fd:8803:4cf9] has quit [Remote host closed the connection]
08:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
08:26 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:29 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Read error: Connection reset by peer]
08:31 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has joined #openvpn
08:42 <@dazo> toli: the CA files are only useful when doing CA operations.  And all these CA files should ideally be stored on an offline medium when you don't need to do any CA operations at all.  OpenVPN server must have 4 files (server.key, server.crt, ca.crt and dh*.pem) and the CRL file is optional.  But once you want to revoke access to a particular client, you need to go into your CA, revoke the certificate and produce a new CRL file.  Then you
08:42 <@dazo> upload that CRL file to your openvpn server, and ensure that the --crl-verify option is used in the server config.  If OpenVPN gets a connection from a client with a revoked client certificate (meaning: listed in the CRL file), OpenVPN will reject the connection
08:44 < toli> thanks dazo
08:46 <@dazo> toli: also have a look at certificates and CRL files using some openssl commands .... openssl x509 -noout -text -in $CERT_FILE      .... and ....    openssl crl -noout -text -in $CRL_FILE
08:50 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 272 seconds]
08:55 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
08:58 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
09:09 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 256 seconds]
09:10 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
09:15 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:15 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:23 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
09:23 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has joined #openvpn
09:26 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 245 seconds]
09:31 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has quit [Ping timeout: 245 seconds]
09:32 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
09:37 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has joined #openvpn
09:44 -!- coob [5195f31d@gateway/web/freenode/ip.81.149.243.29] has quit [Ping timeout: 246 seconds]
09:46 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
09:48 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:56 -!- mode/#openvpn [+o mattock1] by ChanServ
10:15 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
10:15 -!- mode/#openvpn [+v s7r] by ChanServ
10:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:52 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
10:53 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:15 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:41 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:46 -!- SebastianThorn [~Sebastian@95.85.49.170] has joined #openvpn
11:48 < SebastianThorn> hi guys, i'd like to have a setup like this, where the devices get an address from the vpn-server somehow. http://i.imgur.com/8K9gYD2.png what would a setup like this be called (so i know what to google for if it is possible)
11:49 < SebastianThorn> so the User can access the devices
11:52 < DArqueBishop> Provided the devices have OpenVPN support, any standard OpenVPN environment should work, provided client-to-client is set in the server's configuration.
11:52 < DArqueBishop> !howto
11:52 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:53 < SebastianThorn> DArqueBishop: the devices wont be able to install openvpn
11:53 < SebastianThorn> i was thinking if the RPI's could give the devices IP's from the server
11:54 < SebastianThorn> but that not how i works? (i'm very novice with vpn)
11:55 < DArqueBishop> RPIs?
11:56 < SebastianThorn> raspberry pi
11:56 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Read error: No route to host]
11:58 < DArqueBishop> Yeah, it's going to be a little more complex than that.
11:58 < DArqueBishop> !route
11:58 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
11:58 <@vpnHelper> client
11:58 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
11:59 < SebastianThorn> looks a bit like this? https://openvpn.net/index.php/access-server/section-faq-openvpn-as/server-configuration/209-how-do-i-setup-openvpn-access-server-to-use-site-to-site.html
11:59 <@vpnHelper> Title: How do I setup OpenVPN Access Server to use site-to-site? (at openvpn.net)
11:59 < SebastianThorn> DArqueBishop: thanks, will read the links now :)
12:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
12:08 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:09 -!- stomith [~sto-mith@128.120.233.16] has joined #openvpn
12:15 < stomith> apologies in advance; I'm new to openvpn. Is it possible to deploy a single openvpn remote access solution that services multiple natted networks?
12:16 -!- NTQ [~nicolas@ip5b43ae82.dynamic.kabel-deutschland.de] has quit [Ping timeout: 276 seconds]
12:17 < DArqueBishop> stomith:
12:17 < DArqueBishop> !route
12:17 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:17 <@vpnHelper> client
12:18 < stomith> thanks.
12:25 -!- cagedwisdom [~X@58-6-202-64.dyn.iinet.net.au] has joined #openvpn
12:30 -!- dougquaid [~dougquaid@unaffiliated/dougquaid] has joined #openvpn
12:30 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:31 < dougquaid> I have something wrong in my server but I'm not sure what. My config works fine on tcp but not udp. On udp the server log sees the client's initial connection attempt but then times out after 60 seconds
12:32 < dougquaid> on tcpdump I see the client's initial packet reach the server, then the server responds on udp port 1024 and that's it
12:40 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
12:44 -!- stemid [~avatar@vpn.sydit.se] has joined #openvpn
12:44 < stemid> has anyone here gotten openvpn working with selinux? I'm on fedora 22. I get some audit output that I could try to convert into a module using audit2allow but I had to check if this is even possible first.
12:45 < stemid> I think I've seen the docs mention that selinux is out of the question with openvpn
12:46 -!- Malsasa [~Malsasa@36.82.82.114] has joined #openvpn
12:49 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
12:49 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
12:49 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
12:49 -!- mode/#openvpn [+v s7r] by ChanServ
13:00 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:02 <+esde> !selinux
13:03 <+esde> eh, it was worth a shot
13:03 <+esde> https://fedoraproject.org/wiki/Openvpn
13:04 <@vpnHelper> Title: Openvpn - FedoraProject (at fedoraproject.org)
13:04 <+esde> 15. Fix selinux
13:04 <+esde> seems (at first glance) like it could be useful
13:08 -!- pqatsi [~leonardo@unaffiliated/leleobhz] has left #openvpn []
13:08 -!- Malsasa [~Malsasa@36.82.82.114] has quit [Remote host closed the connection]
13:13 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 264 seconds]
13:17 -!- stomith [~sto-mith@128.120.233.16] has left #openvpn ["Leaving"]
13:20 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
13:36 -!- cagedwisdom [~X@58-6-202-64.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
13:43 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
13:57 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
14:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
14:24 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
14:25 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
14:35 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Remote host closed the connection]
14:38 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Remote host closed the connection]
14:39 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
14:54 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
14:58 -!- FruitieX [~FruitieX@qyr0.kyla.fi] has joined #openvpn
14:58 -!- FruitieX [~FruitieX@qyr0.kyla.fi] has quit [Changing host]
14:58 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
15:05 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
15:22 <@dazo> stemid: I've used openvpn with SELinux in many Fedora, RHEL (including clones) ... I never disable SELinux
15:22 <@dazo> stemid: SELinux is very seldom a real problem these days ... but if you use openvpn on the non-standard port (1194), you might need to tell SELinux about it
15:25 <@dazo> esde: that restorecon command is seldom needed when you create files in the proper directory or use 'cp'.  If you use 'mv', then you might need to use restorecon (as mv preserves SELinux labels by default, while cp actually creates a new file in the destination directory and files gets labeled correctly instantly)
15:28 -!- codebam [codebam@gateway/shell/yourbnc/x-pqblfozuedwaldqc] has quit [Quit: Seeya. Thanks :)]
15:28  * esde copy pastes that into his notes
15:40 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
15:41 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
15:46 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 272 seconds]
15:49 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Max SendQ exceeded]
15:51 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
16:04 -!- MidnightCommand- is now known as MidnightCommande
16:04 -!- MidnightCommande is now known as MidnightCommand-
16:34 -!- tickletick [6377b8df@gateway/web/freenode/ip.99.119.184.223] has joined #openvpn
16:34 < tickletick> Hey guys, the mobile app is associated with this project and supported here right ?
16:35 < tickletick> I have 2 problems , the first one - even though I set it to continuously retry connection attempts ,it's always asking for my password
16:36 < tickletick> not always but after a while it asks for a password instead of keeping on trying the same thing
16:36 -!- codebam [~codebam@gateway/shell/yourbnc/x-bsipvwehdjlyrdhs] has joined #openvpn
16:37 < tickletick> the major problem is that it does not block non-vpn traffic. I mean on linux it's a simple as adding a default blackhole route with a high metric value and that's it, is that not possible on android ?
16:38 < tickletick> also the --route-up scripts , even an empty script with chmod 777 set does not execute
16:38 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
16:38 < tickletick> ^last one on linux
16:40 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
17:01 < tickletick> o/
17:01 < tickletick> do you guys know where i can file bug reports maybe about all this?
17:01 < tickletick> bbl
17:02 <+esde> OpenVPN for Android is supported here. Bug reports, see !trac
17:03 <+esde> !trac
17:03 <@vpnHelper> "trac" is (#1) see https://community.openvpn.net for development information and bug tracker. or (#2) if you have a forum login, use that for trac, its the same database.
17:03 <+esde> tickletick ^
17:09 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 245 seconds]
17:15 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
17:18 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:89dc:b458:986b:9cf2] has joined #openvpn
17:32 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:89dc:b458:986b:9cf2] has quit [Remote host closed the connection]
17:39 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
17:42 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
17:43 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has joined #openvpn
17:48 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 256 seconds]
17:48 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 272 seconds]
17:48 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:48 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
17:53 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
17:53 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 256 seconds]
17:55 -!- Netsplit *.net <-> *.split quits: jeev, Haxxa, mparisi, ribasushi, catsup, Entalyan, Kephael, phantomcircuit, Lovis, Abbott,  (+3 more, use /NETSPLIT to show all of them)
18:03 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
18:03 -!- mode/#openvpn [+v hazardous] by ChanServ
18:06 -!- Netsplit over, joins: @mattock, ribasushi, FruitieX, Kephael, Haxxa, seg, mparisi, catsup, jeev, Abbott (+2 more)
18:06 -!- dazo is now known as dazo_afk
18:07 -!- catsup [d@ps38852.dreamhost.com] has quit [Max SendQ exceeded]
18:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:12 < tickletick> esde: thank you,
18:12 < tickletick> but what i reported reagarding the app, is that expected behavior ?
18:23 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
18:39 -!- neonixcoder [~surendra@59.167.66.240] has joined #openvpn
18:39 -!- neonixcoder [~surendra@59.167.66.240] has left #openvpn []
18:44 < Ahrotahntee> can someone please take a look at this? I'm getting ping-restarts all the time on my VPN configuration: https://gist.github.com/Ahrotahntee/1fd9adf1ff5feea8df00
18:44 <@vpnHelper> Title: OpenVPN (at gist.github.com)
18:44 < Ahrotahntee> configs & log on gist
18:44 < Ahrotahntee> I'm overlooking something simple
18:45 < Ahrotahntee> I must be, I've been through it a dozen times
18:45 <+pekster> You're missing a --keepalive directive on the server
18:45 <+pekster> !keepalive
18:45 <@vpnHelper> "keepalive" is (#1) see --keepalive in the manual for how to make clients retry connecting if they get disconnected. or (#2) basically it is a wrapper for managing --ping and --ping-restart in server/client mode or (#3) if you use this, don't use --tls-exit and also avoid --single-session and --inactive or (#4) Also beware of --auth-nocache for automated reconnects
18:45 <+pekster> That, or add in --ping, and the a --push for both ping-restart and ping to send it to the client
18:46 <+pekster> You've got 25% of what's required for OpenVPN's bi-directional ping process
18:46 < Ahrotahntee> son of a bitch you're right
18:46 <+pekster> Replace line 18 on the server with: keepalive 10 60   # and things should get better
18:55 < Ahrotahntee> thanks pekster
19:01 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Quit: Lost terminal]
19:03 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-gfuohbcgkekralkm] has left #openvpn []
19:04 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
19:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
19:47 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
19:54 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 245 seconds]
19:54 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
20:12 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Quit: KVM]
20:21 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
20:26 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
20:59 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
21:05 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 276 seconds]
21:14 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:00 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:02 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:04 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
22:09 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 252 seconds]
22:27 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
22:34 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
22:38 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
22:47 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
22:49 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
23:01 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
23:04 -!- ShadniX [dagger@p5481D982.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:06 -!- ShadniX [dagger@p5481DD8A.dip0.t-ipconnect.de] has joined #openvpn
23:26 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
--- Day changed Fri Jun 19 2015
00:03 -!- ShadniX [dagger@p5481DD8A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:05 -!- ShadniX [dagger@p5DDFCB2C.dip0.t-ipconnect.de] has joined #openvpn
00:22 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
00:34 -!- seg [~seg@fsf/member/seg] has quit [Ping timeout: 265 seconds]
00:36 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
00:42 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
00:58 -!- toli [~toli@ip-62-235-222-75.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
01:00 -!- toli [~toli@ip-62-235-245-5.dsl.scarlet.be] has joined #openvpn
01:16 -!- Malsasa [~Malsasa@36.82.82.114] has joined #openvpn
01:17 -!- Triffid_Hunter [~Triffid_H@unaffiliated/triffid-hunter] has joined #openvpn
01:18 < Triffid_Hunter> hi all, is there a good tutorial on preventing openvpn trying to reconnect over its own tunnel? mine keeps messing the routing table.. currently I have a script that checks the table every 30s and fixes it if necessary, but that seems a bit daft
01:19 < Triffid_Hunter> it overrides the default route with a 0.0.0.0/1 and 128.0.0.0/1 route, but then if the link drops it tries to reconnect using these routes which are now dead. If I add a route for the server's ip range, openvpn will remove it, then choke. If I add routes to bypass the vpn for specific IPs, it removes them too
01:20 < Triffid_Hunter> so i suppose what I'm after is information on how to get it to leave the routing table alone as much as possible, since it makes a mess every time it tries to handle things itself
01:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8038:5fb1:8470:ff93] has joined #openvpn
01:44 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8038:5fb1:8470:ff93] has quit [Ping timeout: 265 seconds]
01:52 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
01:58 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
01:58 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
02:04 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:11 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
02:18 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
02:18 -!- dazo_afk is now known as dazo
02:21 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:23 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 246 seconds]
02:37 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 246 seconds]
02:39 -!- KeatonT [~keatont@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
02:51 -!- d0p [~d0p@unaffiliated/g0ts1ck] has joined #openvpn
02:54 < d0p> guys you alive ? :)
02:54 < Raku_> No
02:54 < Raku_> We're all dead
02:55 < Raku_> I'm messaging you from beyond the grave
02:56 < d0p> Mind giving your opnion on my project, I'm making a openvpn package loss simulator, currently bassed on handleing ip tables and tc. Thinking of developing a web interface for it.
03:21 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:49 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
03:52 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
04:00 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
04:07 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:12 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:15 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:22 < d0p> Anyone
04:22 < d0p> Mind giving your opnion on my project, I'm making a openvpn package loss simulator, currently bassed on handleing ip tables and tc. Thinking of developing a web interface for it.
04:27 -!- Gestahlt [~gestahlt@aftr-185-17-207-55.dynamic.mnet-online.de] has joined #openvpn
04:27 < Gestahlt> Hi!
04:27 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
04:28 < Gestahlt> Ive got a vpn tun working. I have lots of networks routed throu it which works just fine. Now i added a new Network (10.14.64.0 255.255.192.0)
04:28 < Gestahlt> It doesnt work
04:28 < Gestahlt> every other network i routed is a /24 netmask
04:29 < Gestahlt> is there an issue with using different netmasks=
04:29 < Gestahlt> ?
04:32 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 256 seconds]
04:38 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
04:44 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 276 seconds]
04:47 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
04:50 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
04:57 -!- nakomaso [4ebc55fa@gateway/web/freenode/ip.78.188.85.250] has joined #openvpn
04:57 < nakomaso> Hi all,
04:58 < nakomaso> I need to connect vpn server from iOS, is there any way to do this via some code?
04:58 < nakomaso> I mean import some openvn lib, init, connect and register the events to be triggered?
05:00 < nakomaso> is there any swift or objC sdk?
05:03 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:10 <@dazo> nakomaso: on iOS, not possible AFAIK .... Apple actually enforced OpenVPN Technologies (who is behind the OpenVPN iOS implementation) to close the source code to be able to get access to the VPN API in iOS and get the app out in the appstore
05:11 <@dazo> nakomaso: File a ticket in our bug tracker for a feature request, and see what happens ... unfortunately, the openvpn community can't provide any further information ... this must go directly via OpenVPN Technologies :(
05:13 <@dazo> <insert_random_rant_about_apple_ios_crappy_anti_opensource_attitude/>
05:13 -!- Gestahlt [~gestahlt@aftr-185-17-207-55.dynamic.mnet-online.de] has quit [Ping timeout: 265 seconds]
05:13 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
05:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:15 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
05:17 -!- dazo is now known as dazo_afk
05:22 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:55 < nakomaso> Thanks dazo
06:04 < Triffid_Hunter> nakomaso: easiest option is probably to set up an RPi in wireless AP mode and do openvpn on that
06:04 < Triffid_Hunter> .. or any other device with similar capabilities, I'm sure there's many
06:06 < nakomaso> Problem is our client telling us that they are using openvpn and tell us to connect from iphone via using openvpn which is not possible in ios
06:07 < nakomaso> we can connect over ipsec and the others but they told us that openvpn is using very different system and use openvpn
06:08 < nakomaso> we are developing an ios app which connects internet over their openvpn
06:09 < Triffid_Hunter> nakomaso: the reason I never use apple products if I can help it is that I'm at the utter mercy of apple's decision making process.. sounds like you just found the wrong end of the stick
06:09 <+esde> >they are using openvpn and tell us to connect from iphone via using openvpn which is not possible in ios
06:09 <+esde> am i missing something?
06:09 <+esde> openvpn connect is for ios and worked the few times i used it
06:10 < nakomaso> mobile app needs to be connect Openvpn server  , mobile app mean is a new product like openvpn's client app for ios
06:11 <+esde> ohhh to integrate into your own app. yeah, good luck with that considering it's apple, sucks but that's apple for ya
06:11 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Quit: foo!]
06:11 < nakomaso> :)
06:12 < nakomaso> thank friends for your helps and good news that apple does not suppot this kind of things
06:13 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has quit [Ping timeout: 256 seconds]
06:16 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has joined #openvpn
06:31 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has joined #openvpn
06:32 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
06:37 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 246 seconds]
06:39 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
06:39 -!- mode/#openvpn [+o plaisthos] by ChanServ
06:47 -!- nakomaso [4ebc55fa@gateway/web/freenode/ip.78.188.85.250] has quit [Quit: Page closed]
07:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 276 seconds]
07:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
07:59 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
08:09 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
08:23 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
08:23 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
08:29 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:40 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
08:44 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 252 seconds]
08:56 < NTQ> Is it possible to configure OpenVPN to use an external DHCP service to create new IPs for VPN clients?
08:59 < NTQ> There is an existing private network 192.168.1.0/24 with gateway 192.168.1.1. A Lubuntu with IP 192.168.1.152 (eth0) is connected to a second internet connection with a static IP (eth1). This Lubuntu should be the OpenVPN gateway.
09:00 < NTQ> If a client connects to that Lubuntu via eth1, he should get an IP from the gateway 192.168.1.1, and of course he should have access to the complete subnet 192.168.1.0/24
09:00 < DArqueBishop> Is there a particular reason you want to use bridging instead of routing?
09:01 -!- d0p [~d0p@unaffiliated/g0ts1ck] has quit [Quit: WeeChat 1.2]
09:03 < NTQ> Some servers in that subnet only accept connections from IPs in the same subnet. Is that a problem with routing? Sorry for these possibly dumb questions ;)
09:04 < DArqueBishop> Yeah, but the solution would be to configure the servers to accept connections from the VPN subnet.
09:05 < DArqueBishop> Generally, even though bridging sounds like it would be easier, in the long run it's less of a PITA to use routing.
09:05 < NTQ> Of course this is one solution. I thought it would be easier the other way. ;)
09:06 < NTQ> Thank you. I will try routing and changing the configuration of the servers.
09:06 < DArqueBishop> For reference:
09:06 < DArqueBishop> !tunortap
09:06 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
09:06 <@vpnHelper> rooted/jailbroken) support only tun
09:08 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:14 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
09:18 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
09:19 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:20 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
10:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
10:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:09 -!- Owner_ [~Owner@unaffiliated/owner] has joined #openvpn
10:09 < Owner_> is there a cli command to print last login time for a user?
10:09 < Owner_> or all users
10:23 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 252 seconds]
10:23 -!- Owner_ [~Owner@unaffiliated/owner] has left #openvpn ["Leaving"]
10:26 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.41.211] has joined #openvpn
10:29 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
10:31 -!- Malsasa [~Malsasa@36.82.82.114] has quit [Read error: Connection reset by peer]
10:41 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
10:58 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
10:59 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
11:03 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
11:05 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:12 < NTQ> Owner_: Try last
11:16 < NTQ> How can I create a user:password like file to give access onyl to them?
11:20 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:b876:305b:3c5e:f25a] has joined #openvpn
11:21 < NTQ> And what do I have to push to the clients that only some subnets go over the VPN and all other stuff over their default gateway?
11:22 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
11:23 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
11:24 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
11:24 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
11:27 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 248 seconds]
11:27 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 248 seconds]
11:28 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
11:35 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
11:51 <+pekster> NTQ: Read !route and !authpass
11:57 < NTQ> pekster: This is my server.conf. I thought the configuration is correct, because I only push one route, nothing else. http://pastebin.com/KKRaaaKH
12:01 < NTQ> But after connecting via the Android OpenVPN app it seems that surfing trough the internet is no working, but some applications like WhatsApp or Facebook are still working. Maybe a DNS problem or something like this?
12:02 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
12:03 <+pekster> Could be; if you redirect DNS, you usually need to provide new DNS systems. "OpenVPN for Android" magically takes care of that for you; the other app is not community maintained, and does whatever it was programmed to do there
12:03 <+pekster> You'd need to check your client config to be sure what it's doing; start there
12:04 <+pekster> Also, do avoid pushing common networks, like 192.168.1/24 (that's THE most popular RFC1918 LAN.) You'll run into problems at virtually ever hotspot you find
12:04 <+pekster> every*
12:07 < NTQ> The machines behind the OpenVPN Gateway are using 192.168.1.0/24, so there is not better solution.
12:07 -!- Malsasa [~Malsasa@202.154.56.138] has joined #openvpn
12:10 < NTQ> Fortunality here at home my fritz.box uses 192.168.178.0/24 ;)
12:13 < NTQ> !authpass
12:13 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
12:15 -!- Malsasa [~Malsasa@202.154.56.138] has quit [Read error: Connection reset by peer]
13:16 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
13:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:28 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
13:31 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Quit: Leaving]
13:36 -!- drellok [8d650bf5@gateway/web/freenode/ip.141.101.11.245] has joined #openvpn
13:37 < drellok> guys, is there a way to route traffic from one openvpn client through another?
13:43 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
13:44 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 244 seconds]
13:45 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
13:50 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
13:51 < NTQ> With 'plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login' I can login with system users, but I want a independent user:pass file for openvpn, like .htpasswd for http.
13:52 < NTQ> I did not find anything like this.
13:52 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
13:52 -!- drellok [8d650bf5@gateway/web/freenode/ip.141.101.11.245] has quit [Quit: Page closed]
13:53 <+esde> !authpass
13:53 <@vpnHelper> "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
13:54 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 272 seconds]
13:58 < NTQ> So I have to write my own script which checks if a given username-password combination is correct?
14:00 <+esde> RTM
14:02 < NTQ> I did
14:04 < NTQ> --auth-user-pass-verify will run a command  to validate the username/password provided by the client.
14:11 <+pekster> Right, you've got to cook up your own magic, which is effectively what the PAM plugin does (it's code, like anything else, that goes and talks to your local PAM subsystem and returns a pass/fail result)
14:12 <+esde> "For a sample script that performs PAM authentication, see sample-scripts/auth-pam.pl in the OpenVPN source distribution."
14:12 <+pekster> Since that's unacceptable for your needs, you need "different magic", but the effect to OpenVPN is all the same: it will "go run XYZ code, and use the return status as the authentication decision"
14:13 <+pekster> Plenty of authenticaiton frameworks out there too, in dozens of languages ranging from Python & Perl to Java
14:13 < NTQ> Okay, thanks.
14:17 -!- Blanc|AFK [~Blanc@irc.dagon.me] has joined #openvpn
14:17 -!- Blanc|AFK is now known as Blanc
14:23 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
15:02 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
15:06 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 256 seconds]
15:08 -!- dougquaid [~dougquaid@unaffiliated/dougquaid] has left #openvpn []
15:10 -!- Blanc is now known as Blanc|AFK
16:06 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 252 seconds]
16:16 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:35 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
16:49 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
16:53 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:54 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 255 seconds]
16:58 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
17:07 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
17:08 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
17:09 -!- tytan [~Terance@aftr-37-201-214-121.unity-media.net] has joined #openvpn
17:10 < tytan> Hello, everyone. I have a problem with connecting to my server using a Mac. If I use my PC I don't have problems at all
17:12 < tytan> Hello, everyone. I have a problem with connecting to my server using a Mac. If I use my PC I don't have problems at all
17:13 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 272 seconds]
17:16 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
17:25 -!- zoug [86d6ca6a@gateway/web/freenode/ip.134.214.202.106] has joined #openvpn
17:26 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 264 seconds]
17:31 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
17:31 < zoug> hey guys! newbie here.. I'm using Arch Linux and would want to setup a new connection with a given saved VPN configuration (.pem and .ovpn files)
17:32 < zoug> does someone know how I can add such a connection using NetworkManager? I'm having trouble finding useful resource on the internet
17:32 < zoug> thanks!
17:34 < tytan> sorry
17:35 < zoug> about?
17:35 <+esde> !netman
17:35 <@vpnHelper> "netman" is (#1) if you are using network manager for linux to configure your vpn, dont! http://openvpn.net/archive/openvpn-users/2008-01/msg00046.html to read the same thing from the author of the openvpn 2 cookbook on the mail list or (#2) Have OpenVPN working but not NetworkManager? Ask the n-m folks for help: http://projects.gnome.org/NetworkManager/
17:36 < zoug> outch
17:36 <+esde> >arch linux >wants to use network mangler
17:36 < zoug> well ok then
17:36 <+esde> wot
17:36 < zoug> network mangler?
17:36 < zoug> is that what I need to use with openvpn?
17:37 <+esde> ._.
17:37 < zoug> never heard of it haha
17:37 < zoug> sorry if I'm clueless
17:38 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
17:38 <+esde> https://openvpn.net/archive/openvpn-users/2008-01/msg00046.html
17:38 <@vpnHelper> Title: Re: [Openvpn-users] Importing an OpenVPN configuration file in Network Manager (at openvpn.net)
17:39 < zoug> mmh
17:39 <+esde> you'll find most advanced linux users loathe network mangler (aka network manager)
17:40 < zoug> my VPN provider says that I should use the network-manager-openvpn your post talks about so I guess it works
17:40 < zoug> but the instructions are for ubuntu and I don't have the graphical interface they do
17:40 < zoug> ok I'll try to look into that then, thanks!
17:40 <+esde> you don't need network-manager-openvpn
17:40 <+esde> all you need is the openvpn binary and the ability to change your systems routing
17:43 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 252 seconds]
17:43 <+esde> !logs
17:43 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
17:43 <+esde> !configs
17:43 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:43 <+esde> !pastebin
17:43 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
17:43 <+esde> tytan
17:43 <+esde> ^
17:45 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.41.211] has quit [Quit: Goodbye!]
18:06 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 276 seconds]
18:06 -!- codebam [~codebam@gateway/shell/yourbnc/x-bsipvwehdjlyrdhs] has quit [Ping timeout: 276 seconds]
18:07 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
18:07 -!- mode/#openvpn [+v hazardous] by ChanServ
18:08 -!- codebam [~codebam@gateway/shell/yourbnc/x-whxswjipmxpubtgs] has joined #openvpn
18:13 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:17 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 276 seconds]
18:19 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
18:21 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 256 seconds]
18:23 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 265 seconds]
18:25 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
18:34 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
18:39 -!- madmattco [~quassel@i.am.madboxes.cc] has quit [Remote host closed the connection]
18:42 -!- Entalyan [~Entalyan@unaffiliated/entalyan] has left #openvpn []
18:53 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Remote host closed the connection]
18:56 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
18:59 -!- zoug [86d6ca6a@gateway/web/freenode/ip.134.214.202.106] has quit [Quit: Page closed]
18:59 -!- madmattco [~quassel@i.am.madboxes.cc] has joined #openvpn
19:04 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e8cd:17f:6f2b:6322] has joined #openvpn
19:09 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e8cd:17f:6f2b:6322] has quit [Ping timeout: 256 seconds]
19:16 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
19:20 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
20:04 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
20:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
20:19 -!- AMERICAN_PSYCHO [~AMERICAN_@96.sub-70-196-0.myvzw.com] has joined #openvpn
20:37 -!- tytan [~Terance@aftr-37-201-214-121.unity-media.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:44 -!- Techman [sid11863@gateway/web/irccloud.com/x-rskbzmtkmthkjwha] has left #openvpn []
21:20 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
21:26 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Quit: AAAGH!  IT BURNS!]
21:28 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 265 seconds]
21:55 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
21:58 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
22:10 -!- fling [~fling@fsf/member/fling] has joined #openvpn
22:44 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
23:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:30 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
23:30 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
23:34 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 252 seconds]
23:58 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
--- Day changed Sat Jun 20 2015
00:02 -!- ShadniX [dagger@p5DDFCB2C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:03 -!- ShadniX [dagger@p5481D332.dip0.t-ipconnect.de] has joined #openvpn
00:07 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
00:09 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
00:38 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 265 seconds]
00:40 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
00:40 -!- mode/#openvpn [+v hazardous] by ChanServ
01:08 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has joined #openvpn
01:35 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
01:42 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 265 seconds]
02:18 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
02:30 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
02:31 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:42 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
02:46 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 252 seconds]
03:09 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
03:15 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has quit [Ping timeout: 255 seconds]
03:15 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has joined #openvpn
03:23 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:00 -!- DOngyancai [~logger@209.141.51.101] has joined #openvpn
04:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:05 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 246 seconds]
04:44 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
04:45 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:01 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c835:52bf:a131:a15d] has joined #openvpn
05:06 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c835:52bf:a131:a15d] has quit [Ping timeout: 265 seconds]
05:39 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 276 seconds]
05:51 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
05:56 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 244 seconds]
07:10 -!- f4th0m_ [~f4th0m@123.135.broadband2.iol.cz] has joined #openvpn
07:10 < f4th0m_> Hi!
07:10 -!- f4th0m_ is now known as f4th0m
07:11 < f4th0m> Maybe here someone will know the solution. I have an openvpn server on the local lan (it is not the router)
07:11 < f4th0m> It is NATed through, so cloents are able to connect
07:11 < f4th0m> And reach the server
07:11 < f4th0m> also the server reaches the cloents
07:12 < f4th0m> I have added route to the router (<openvpn lan> <openvpn netmask> via <openvpnserver on the local lan>)
07:13 < f4th0m> And enabledip forwarding on the server
07:13 < f4th0m> but still nothing
07:13 < f4th0m> the server is linux, the router is also (openwrt) and the client(s) are androids
07:14 < f4th0m> the routing on the clients are correct (at least as far as I know)
07:14 < f4th0m> the last thing I can see is tcpdump on the openvpn server shows the client requests are going to somewhere:)
07:15 < f4th0m> but for some reason does not reach that somewhere..
07:15 < f4th0m> which is the other local lan server...
07:15 < f4th0m> anyone any idea?
07:21 < f4th0m> !welcome
07:21 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
07:21 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
07:22 < f4th0m> !route
07:22 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
07:22 <@vpnHelper> client
07:24 < f4th0m> !ask
07:24 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
07:26 < f4th0m> !goal
07:26 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
07:29 < f4th0m> !ask Hi, I have a running openvpn server, behind the local lan router. Clients can connect and reach the server, however not the local lan. On the router a static route had been added (<vpn lan> <vpn netmask> via <vpn server>), and ip frwarding is enabled on the sever. The routing tables on the clients are fine (push routes are working)
07:30 < f4th0m> !goal get the other local lan servers connectable
07:36 < Eugene> You need to use the routing mechanisms within OpenVPN to get routing to work properly between LANS behind clients/server
07:36 < Eugene> Specifically, the iroute mechanism which allows the server to associate a given LAN subnet with the client which is responsible for it
07:38 < f4th0m> Eugene, I am not trying to reach a subnet behind the client. I
07:38 < f4th0m> want to access the lan, the server resides on
07:39 < Eugene> From where?
07:39 < f4th0m> from the client
07:39 < Eugene> In your server config: push "route 192.168.1.0 255.255.255.0"
07:40 < f4th0m> yes (but other ip range)
07:40 < Eugene> Right
07:40 < f4th0m> I can see the the client request on the server with tcpdump:
07:40 < f4th0m> 14:21:13.447263 IP 10.8.0.10.36632 > Zni.lan.http: Flags [S], seq 1307158411, win 65535, options [mss 1368,sackOK,TS val 39186024 ecr 0,nop,wscale 6], length 0
07:41 < f4th0m> But that's the last trace. It does not reach the other local lan server
07:41 < Eugene> Is your server acting as the router for the LAN?
07:41 < f4th0m> nope
07:41 < Eugene> !nathack
07:41 <@vpnHelper> "nathack" is see https://community.openvpn.net/openvpn/wiki/NatHack for info on how to solve the problem when you need !route_outside_ovpn but cant add a route to the gateway or the lan machines
07:41 < Eugene> !route_outside_ovpn
07:41 <@vpnHelper> "route_outside_ovpn" is "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
07:42 < Eugene> Also, is this a VPS?
07:44 < f4th0m> This is my home network:) The gateway router is an openwrt and there is a route for this set, here is it's routing: <vpn lan> <vpn server> 255.255.255.0 UG 0 0 0 br-lan
07:44 < Eugene> !linipforward
07:44 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
07:44 < Eugene> Did you turn that on for the server?
07:45 < f4th0m> yes
07:45 < Eugene> Annnnd do you have anything in the FORWARD chain before that which would drop it?
07:48 < f4th0m> no, but I am using shorewall, it logs if anything dropped/rejected and there is nothing in the logs
07:48 < Eugene> tcpdump the output interface, see if you get the HTTP traffic going out
07:50 < f4th0m> ugh.. Sorry, I have mistyped the command for ip forwarding, now it seems to do more, let me test it
07:51 < Eugene> Heh
07:55 < f4th0m> hmm. Now there is reply to the client, but it just tells the site is not available...
07:55 < f4th0m> On tcpdump I can see 4 packets for each try
07:55 < Eugene> That's a HTTP problem ;-)
07:56 < Eugene> Or do you mean, you get a RST?
07:56 < f4th0m> 14:55:50.396228 IP 10.8.0.10.36665 > Zni.lan.http: Flags [S], seq 3435120629, win 65535, options [mss 1368,sackOK,TS val 39245730 ecr 0,nop,wscale 6], length 0
07:56 < f4th0m> 14:55:50.396352 IP Zni.lan.http > 10.8.0.10.36665: Flags [R.], seq 0, ack 3435120630, win 0, length 0
07:56 < f4th0m> 14:55:50.406199 IP 10.8.0.10.36666 > Zni.lan.http: Flags [S], seq 2194831636, win 65535, options [mss 1368,sackOK,TS val 39245755 ecr 0,nop,wscale 6], length 0
07:56 < f4th0m> 14:55:50.406318 IP Zni.lan.http > 10.8.0.10.36666: Flags [R.], seq 0, ack 2194831637, win 0, length 0
07:56 < f4th0m> This...
07:57 < Eugene> Yup, that's a RST
07:57 < f4th0m> the strange is that I see nothing on the side which answers...
07:58 < f4th0m> not in apache log, not in tcpdump
07:58 < Eugene> Which interfface are you tcpdump'ing?
07:59 < f4th0m> it's only one
07:59 < Eugene> tun0? eth0?
07:59 < f4th0m> wlan0
08:00 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
08:05 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 244 seconds]
08:06 < f4th0m> ok, now this is on of the strangest things I have ever seen... tcpdump on vpnserver obviously shows that there is answer coming from the local server called zni. But this has absolutely no sign on the server called zni...
08:12 < f4th0m> hmmm it seems in this case the topic is right, firewall drops pkgs now
08:13 < f4th0m> Eugene, thanks for your help!
08:13 < Eugene> \o/
08:13 < Eugene> !beer
08:13 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
08:28 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
08:57 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
09:04 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:08 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Quit: Headin Out...]
09:13 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
09:16 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
09:19 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:26 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
09:32 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:40 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Read error: Connection reset by peer]
09:48 -!- S0-2 [~sgra@unaffiliated/sgra] has joined #openvpn
09:49 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
09:50 -!- S0-2 is now known as SgrA
09:50 < SgrA> Hi
09:50 < SgrA> Is something bad going on my OpenVPN server: https://gist.github.com/anonymous/034581d411e42c0becc0 ?
09:50 <@vpnHelper> Title: gist:034581d411e42c0becc0 (at gist.github.com)
09:53 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Remote host closed the connection]
09:57 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 264 seconds]
10:06 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has joined #openvpn
10:11 -!- tjt263 [~tjt263@14-203-185-81.static.tpgi.com.au] has quit [Ping timeout: 256 seconds]
10:12 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:fc87:5c54:7738:690f] has joined #openvpn
10:15 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:fc87:5c54:7738:690f] has quit [Remote host closed the connection]
10:21 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:36 -!- Gman32 [~Gman32@76.72.167.208] has joined #openvpn
11:37 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
11:42 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
11:43 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
11:48 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
11:52 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
11:59 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
12:20 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
12:53 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 250 seconds]
12:59 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
12:59 -!- toli [~toli@ip-62-235-245-5.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:01 -!- toli [~toli@ip-81-11-248-247.dsl.scarlet.be] has joined #openvpn
13:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
13:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:42 -!- PeterReid [~quassel@faraday.reidweb.com] has joined #openvpn
13:42 < PeterReid> Hello
13:42 < PeterReid> I am looking for some help getting OpenVPN AS working on debian 8
13:42 < PeterReid> it worked fine for over a year on Debian 7
13:42 <+pekster> That's not a community-maintained piece of softare. You want:
13:42 <+pekster> !as
13:42 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
13:43 < PeterReid> ah typ
13:43 < PeterReid> !as
13:43 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
13:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
13:49 -!- Gman32 [~Gman32@76.72.167.208] has quit [Quit: Headin Out...]
13:53 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
14:04 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 264 seconds]
14:06 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
14:06 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
14:20 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
14:21 < SJr> Every time I restart my server, it seems that the first attempt always has a TLS timeout before coming online for the second time.
14:26 < SJr> Even after I set tls-timeout 5 it still waits 60 seconds.
14:39 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:39 -!- mode/#openvpn [+o mattock1] by ChanServ
14:42 <+pekster> A server isn't connect to something, so why would a tls-timeout on your server matter for what your client is doing?
14:42 <+pekster> connecting*
14:43 <+pekster> You might also want to set --connect-timeout if your client is acting as a tcp-client
14:43 < SJr> sorry confused terminology, on the client and server I have tls-timeout 5, but it does seem like every time I restart I have to wait 60 seconds.
14:43 < SJr> It is udp
14:43 -!- f4th0m [~f4th0m@123.135.broadband2.iol.cz] has left #openvpn ["Leaving"]
14:44 <+pekster> --tls-timeout is 2 by default, so 5 is actually an _increase_
14:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
14:46 < SJr> Oh so then what timeout controls this message: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
14:46 <+pekster> I think you're looking for --hand-window
14:46 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
14:47 < SJr> okay lemme give that a try
14:48 < SJr> Although I'm still kind of curious as to why it fails the first time.
14:51 < SJr> Well that's way faster
15:00 -!- AMERICAN_PSYCHO [~AMERICAN_@96.sub-70-196-0.myvzw.com] has quit [Quit: Goodbye!]
15:04 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
--- Log closed Sat Jun 20 15:08:23 2015
--- Log opened Mon Jun 22 11:57:31 2015
11:57 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
11:57 -!- Irssi: #openvpn: Total of 195 nicks [6 ops, 0 halfops, 3 voices, 186 normal]
11:57 -!- mode/#openvpn [+o ecrist] by ChanServ
11:57 -!- Irssi: Join to #openvpn was synced in 2 secs
12:11 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
12:21 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 255 seconds]
12:21 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
12:27 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
12:36 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
12:36 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
12:38 -!- toli [~toli@109.129.132.208] has joined #openvpn
12:41 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
12:44 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has quit [Ping timeout: 256 seconds]
12:44 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 244 seconds]
12:45 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has joined #openvpn
12:51 -!- toli [~toli@109.129.132.208] has quit [Quit: ZNC - http://znc.in]
12:54 -!- toli [~toli@109.129.132.208] has joined #openvpn
12:56 -!- toli [~toli@109.129.132.208] has quit [Read error: Connection reset by peer]
13:04 -!- toli [~toli@109.129.132.208] has joined #openvpn
13:08 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:08 -!- danieli [~duniel@unaffiliated/danieli] has joined #openvpn
13:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:45 -!- mode/#openvpn [+o mattock1] by ChanServ
13:51 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
14:01 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
14:28 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:55 -!- Guest30394_c [debian-tor@openvpn/user/s7r] has joined #openvpn
14:55 -!- mode/#openvpn [+v Guest30394_c] by ChanServ
15:12 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
15:14 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 248 seconds]
15:15 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
15:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:32 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
16:19 -!- sjums [~sjums@slothkrew.com] has quit [Ping timeout: 256 seconds]
16:25 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 272 seconds]
16:34 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
16:40 -!- Guest30394_c is now known as s7r
16:41 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 246 seconds]
16:49 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
16:50 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
16:50 -!- fred`` [fred@earthli.ng] has joined #openvpn
16:51 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 252 seconds]
16:52 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 264 seconds]
16:53 -!- swebb [~swebb@192.69.22.173] has quit [Ping timeout: 256 seconds]
16:54 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 252 seconds]
16:56 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
17:00 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
17:05 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 276 seconds]
17:06 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
17:09 -!- swebb [~swebb@192.69.22.173] has joined #openvpn
17:12 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:19 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
17:25 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
18:10 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
18:32 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
18:44 -!- fred`` [fred@earthli.ng] has joined #openvpn
19:03 -!- iDanoo [~iDanoo@60-234-33-159.bng1.nct.orcon.net.nz] has joined #openvpn
19:04 < iDanoo> !welcome
19:04 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
19:04 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:04 < iDanoo> !goal
19:04 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
19:05 < iDanoo> !redirect
19:05 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
19:05 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
19:09 < iDanoo> Well, I don't even need to ask a question. That last diagram helped thanks anyway :)
19:09 -!- iDanoo [~iDanoo@60-234-33-159.bng1.nct.orcon.net.nz] has left #openvpn ["Leaving"]
19:10 -!- dazo is now known as dazo_afk
19:36 -!- noodle [~noodle@c-98-232-55-154.hsd1.wa.comcast.net] has quit [Quit: /quit]
20:28 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
20:37 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:14ff:1130:b207:15b3] has joined #openvpn
20:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:14ff:1130:b207:15b3] has quit [Remote host closed the connection]
20:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:14ff:1130:b207:15b3] has joined #openvpn
20:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:14ff:1130:b207:15b3] has quit [Ping timeout: 272 seconds]
21:13 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 252 seconds]
21:14 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
21:19 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 276 seconds]
22:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1c66:8d30:5d89:3d9e] has joined #openvpn
22:39 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
22:56 -!- S0-2 [~sgra@unaffiliated/sgra] has quit [Ping timeout: 252 seconds]
23:11 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
23:22 -!- tentacle_sex [47e64bd6@gateway/web/cgi-irc/kiwiirc.com/ip.71.230.75.214] has joined #openvpn
23:24 -!- tentacle_sex [47e64bd6@gateway/web/cgi-irc/kiwiirc.com/ip.71.230.75.214] has left #openvpn []
23:59 -!- ShadniX [dagger@p5481CD4C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
--- Day changed Tue Jun 23 2015
00:00 -!- ShadniX [dagger@p5DDFE922.dip0.t-ipconnect.de] has joined #openvpn
00:23 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 276 seconds]
00:35 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
00:38 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
00:42 -!- mikkel [~mikkel@mail.dlvs.dk] has joined #openvpn
00:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1c66:8d30:5d89:3d9e] has quit [Remote host closed the connection]
00:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1c66:8d30:5d89:3d9e] has joined #openvpn
00:56 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
00:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1c66:8d30:5d89:3d9e] has quit [Ping timeout: 248 seconds]
00:59 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Quit: ZNC - http://znc.sourceforge.net]
01:03 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
01:11 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 276 seconds]
01:14 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
01:19 -!- mikkel [~mikkel@mail.dlvs.dk] has quit [Ping timeout: 276 seconds]
01:20 -!- mikkel [~mikkel@mail.dlvs.dk] has joined #openvpn
01:21 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:25 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:25 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:29 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:29 -!- mode/#openvpn [+o mattock2] by ChanServ
01:39 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
02:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
02:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:22 -!- __john_doe__ [~john@213.42.105.250] has joined #openvpn
02:28 < __john_doe__> hey guys, I have problems connecting to server with ssh through vpn tunnel. I get ssh: connect to host [ip_address] port 22: No route to host. Any  suggestion?
02:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:33 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
02:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:45 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
02:47 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:47 -!- sammm [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has joined #openvpn
02:48 < sammm> Hi all. I recently updated my router to the latest version of openwrt and for some reason openvpn has stopped working. I am using it to connect to a vpn to shield my home network. The error it is giving me is that Auth couldn't be read from stdin. How can I go about fixing this?
02:48 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:49 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:50 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:51 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2193:8f08:83f9:688e] has joined #openvpn
02:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2193:8f08:83f9:688e] has quit [Ping timeout: 248 seconds]
03:02 -!- __john_doe__ [~john@213.42.105.250] has quit [Quit: leaving]
03:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1c46:3757:9615:73db] has joined #openvpn
03:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
03:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1c46:3757:9615:73db] has quit [Ping timeout: 248 seconds]
03:08 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 264 seconds]
03:09 -!- sammm_ [~sammm@204.152.214.242] has joined #openvpn
03:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:11 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
03:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:13 -!- sammm [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has quit [Ping timeout: 264 seconds]
03:14 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b00b:325c:875:2ef0] has joined #openvpn
03:19 -!- sammm_ [~sammm@204.152.214.242] has quit [Ping timeout: 246 seconds]
03:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b00b:325c:875:2ef0] has quit [Ping timeout: 248 seconds]
03:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:20 -!- sammm [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has joined #openvpn
03:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:23 -!- sammm [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has quit [Read error: Connection reset by peer]
03:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:107:96a8:d27d:8e64] has joined #openvpn
03:25 -!- sammm [~sammm@198.8.80.172] has joined #openvpn
03:26 -!- dazo_afk is now known as dazo
03:26 -!- __john_doe__ [~john@213.42.105.250] has joined #openvpn
03:27 < __john_doe__> any suggestion how to solve this?
03:27 < __john_doe__> https://bpaste.net/show/fa3900d4a1bc
03:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:107:96a8:d27d:8e64] has quit [Ping timeout: 248 seconds]
03:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:45 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8007:63e:5e74:de3b] has joined #openvpn
03:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8007:63e:5e74:de3b] has quit [Ping timeout: 248 seconds]
03:58 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
03:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:01 -!- Tausen [~Tausen@tausen.org] has quit [Quit: o/]
04:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:21f3:41fe:c4e8:217] has joined #openvpn
04:04 -!- sammm_ [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has joined #openvpn
04:07 -!- sammm [~sammm@198.8.80.172] has quit [Ping timeout: 244 seconds]
04:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:21f3:41fe:c4e8:217] has quit [Ping timeout: 248 seconds]
04:08 -!- sammm_ [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has quit [Read error: Connection reset by peer]
04:09 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
04:09 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:09 -!- sammm [~sammm@gateway/vpn/privateinternetaccess/sammm] has joined #openvpn
04:09 -!- Tausen [~Tausen@tausen.org] has joined #openvpn
04:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:11 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
04:17 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
04:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:25 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6cf7:c729:a92d:2586] has joined #openvpn
04:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6cf7:c729:a92d:2586] has quit [Ping timeout: 248 seconds]
04:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:34 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
04:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:35 -!- sammm_ [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has joined #openvpn
04:36 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
04:37 -!- sammm [~sammm@gateway/vpn/privateinternetaccess/sammm] has quit [Ping timeout: 250 seconds]
04:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e586:6746:a5aa:f0d2] has joined #openvpn
04:40 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Remote host closed the connection]
04:41 <@dazo> __john_doe__: the solution is presented *twice* in your pastebin with 4 lines ...
04:41  * dazo suggests doing what your log lines says
04:43 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e586:6746:a5aa:f0d2] has quit [Ping timeout: 248 seconds]
04:44 < __john_doe__> dazo: I've restarted openvpn server on server and problem was solved
04:44 -!- sammm_ [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has quit [Remote host closed the connection]
04:45 -!- sammm [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has joined #openvpn
04:45 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:47 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:49 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:01 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
05:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ec10:4a9:1df8:e146] has joined #openvpn
05:06 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ec10:4a9:1df8:e146] has quit [Ping timeout: 248 seconds]
05:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:08 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has joined #openvpn
05:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:11 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:12 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1575:9279:bb51:6041] has joined #openvpn
05:17 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1575:9279:bb51:6041] has quit [Ping timeout: 248 seconds]
05:19 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:10e4:e1ce:5ba9:cbb2] has joined #openvpn
05:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:10e4:e1ce:5ba9:cbb2] has quit [Ping timeout: 248 seconds]
05:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b881:7349:3053:3803] has joined #openvpn
05:41 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b881:7349:3053:3803] has quit [Ping timeout: 248 seconds]
05:47 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:907a:e69a:ea24:c973] has joined #openvpn
05:51 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:907a:e69a:ea24:c973] has quit [Ping timeout: 248 seconds]
05:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d5b0:4f83:9fa5:65fb] has joined #openvpn
06:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d5b0:4f83:9fa5:65fb] has quit [Ping timeout: 248 seconds]
06:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:09 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:10 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:18 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Quit: leaving]
06:20 -!- Tausen [~Tausen@tausen.org] has quit [Ping timeout: 248 seconds]
06:21 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
06:21 -!- Tausen [~Tausen@tausen.org] has joined #openvpn
06:25 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
06:31 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:35 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a4fc:ce6f:8319:f463] has joined #openvpn
06:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a4fc:ce6f:8319:f463] has quit [Ping timeout: 248 seconds]
06:41 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
06:45 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Max SendQ exceeded]
06:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3009:f81d:1503:de5e] has joined #openvpn
06:46 -!- unicodesnowman [~unicodesn@wikipedia/unicodesnowman] has joined #openvpn
06:47 < unicodesnowman> Can I only route outgoing traffic to certain IP addresses, enforced on the server site? My goal is to build a VPN service that will only route traffic over it, for certain pre-defined IP addresses.
06:49 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
06:50 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3009:f81d:1503:de5e] has quit [Ping timeout: 248 seconds]
06:52 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
06:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8831:e122:1db5:dd1a] has joined #openvpn
07:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8831:e122:1db5:dd1a] has quit [Ping timeout: 248 seconds]
07:03 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
07:10 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5436:cb29:3285:be97] has joined #openvpn
07:12 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:14 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5436:cb29:3285:be97] has quit [Ping timeout: 248 seconds]
07:16 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:18 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:21 -!- Denial [~Denial@81.141.5.39] has quit []
07:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:22 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:40cd:e62b:123b:cdf5] has joined #openvpn
07:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:40cd:e62b:123b:cdf5] has quit [Ping timeout: 248 seconds]
07:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:31 -!- Denial [~Denial@81.141.5.39] has joined #openvpn
07:31 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:33 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b80e:101f:fa85:a1c8] has joined #openvpn
07:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b80e:101f:fa85:a1c8] has quit [Ping timeout: 248 seconds]
08:32 -!- Teduardo [~Teduardo@57.0.be.static.xlhost.com] has joined #openvpn
08:37 -!- __john_doe__ [~john@213.42.105.250] has quit [Ping timeout: 272 seconds]
08:51 -!- sammm [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has quit [Read error: Connection reset by peer]
08:52 -!- sammm [~sammm@gateway/vpn/privateinternetaccess/sammm] has joined #openvpn
08:57 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
09:00 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
09:08 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:19 -!- mikkel [~mikkel@mail.dlvs.dk] has quit [Quit: Leaving]
09:24 -!- sammm_ [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has joined #openvpn
09:27 -!- sammm [~sammm@gateway/vpn/privateinternetaccess/sammm] has quit [Ping timeout: 252 seconds]
09:41 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:55 -!- sammm_ [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has quit [Remote host closed the connection]
09:58 -!- u0m3 [~u0m3@92.80.90.64] has joined #openvpn
10:01 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
10:02 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
10:05 -!- u0m3 [~u0m3@92.80.90.64] has quit [Quit: Leaving]
10:06 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
10:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:15 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:37 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:43 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
11:00 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
11:02 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
11:11 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
11:29 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 256 seconds]
11:29 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:50 -!- honigkuchen [~alex@ip92340fcf.dynamic.kabel-deutschland.de] has joined #openvpn
11:51 < honigkuchen> !welcome
11:51 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
11:51 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:52 < honigkuchen> !goal
11:52 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:52 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
11:52 < honigkuchen> hi#
11:53 < troulouliou_dev> hi i have added a ccd conf for client like 172.16.0.x 255.255.255.255; after succesfull connection i have to manually type "ip route add 172.16.0.1/32 dev tun0" to be able to reach the server
11:53 < troulouliou_dev> how can i push this route from the server config
11:57 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Remote host closed the connection]
11:57 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has joined #openvpn
12:03 < DArqueBishop> If you'
12:04 < DArqueBishop> troulouliou_dev, if you're trying to set a route for the 172.16.0.x network, the subnet needs to be 255.255.255.0.
12:04 < DArqueBishop> Also...
12:04 < DArqueBishop> !configs
12:04 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:04 < troulouliou_dev> DArqueBishop, i jsut want the client to be able to reach the server tun addres
12:05 < troulouliou_dev> DArqueBishop, 255.255.255.0 works
12:07 < DArqueBishop> troulouliou_dev, unless I'm mistaken (and some here would correct me if I am), if you can't reach your VPN server's VPN/tun IP from a client, then there's something borked with your firewall or VPN configuration.
12:08 < DArqueBishop> I'm connected to my VPN server now via OpenVPN, for example, and have no problem reaching services on the server's VPN/tun IP address.
12:09 < troulouliou_dev> DArqueBishop, withotu pushing a route ?
12:10 < DArqueBishop> Yes, because the route is already being pushed by default.
12:10 < troulouliou_dev> DArqueBishop, you just have a route like this : 172.16.120.1 via 172.16.120.1 dev tun0
12:11 < DArqueBishop> A route doesn't need to be pushed because the IP address provided to the VPN client is on the same subnet as the VPN server's tun IP address.
12:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:12 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 276 seconds]
12:14 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Excess Flood]
12:14 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
12:18 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
12:29 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:34 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 252 seconds]
12:36 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
12:46 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 264 seconds]
12:47 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:54 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
13:04 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 265 seconds]
13:06 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
13:09 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
13:13 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
13:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
13:24 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 276 seconds]
13:27 -!- Telvana [~digits@2605:a000:122d:c154:213:72ff:fefc:b034] has joined #openvpn
13:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 272 seconds]
13:31 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Remote host closed the connection]
13:38 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:50 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has joined #openvpn
13:50 < dyce> will some older routers not like multiple openvpn connections?
13:57 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
14:09 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:12 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
14:15 -!- tjt263 [~tjt263@106-68-168-237.dyn.iinet.net.au] has quit [Ping timeout: 252 seconds]
14:15 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:16 -!- tjt263 [~tjt263@106-68-22-102.dyn.iinet.net.au] has joined #openvpn
14:32 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has joined #openvpn
14:45 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
14:49 -!- madmattco [~quassel@i.am.madboxes.cc] has quit [Read error: Connection reset by peer]
14:55 -!- Payo [~quassel@pleaseplease.click] has joined #openvpn
14:55 < Payo> !paste
14:55 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
14:56 < Payo> hi, server.conf: https://gist.github.com/anonymous/86d89586daf505d50b74 when I run "sudo openvpn server.conf" my openvpn server works and I can connect to it. If I do "service openvpn start" on the other hand, it says the service is running (service openvpn status) but I can't connect to it
14:56 <@vpnHelper> Title: gist:86d89586daf505d50b74 (at gist.github.com)
14:56 < Payo> netstat -plunt doesn't show openvpn listening
14:57 < Payo> I'm on debian jessie
14:57 < Payo> it's like it doesn't read server.conf when I run it with service
15:01 < Payo> welp apparently editing /etc/default/openvpn did the trick
15:02 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
15:03 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
15:10 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
15:12 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
15:12 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Client Quit]
15:16 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
15:16 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Client Quit]
15:17 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:17 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
15:18 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Client Quit]
15:19 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
15:23 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Read error: Connection reset by peer]
15:24 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
15:28 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 252 seconds]
15:34 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
15:40 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
15:41 -!- danieli [~duniel@unaffiliated/danieli] has quit [Quit: Leaving]
15:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:89a9:beba:3636:716c] has joined #openvpn
15:56 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
15:56 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:00 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
16:10 < dyce> can i have openvpn client rquest an ip?
16:11 < dyce> or have the server map an ip by mac or something like that
16:32 < shio> either the client will pick the first free ip or the server can assign one to a specific client
16:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
16:47 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has left #openvpn []
16:57 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
16:57 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has quit [Ping timeout: 264 seconds]
17:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
17:11 -!- honigkuchen [~alex@ip92340fcf.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
17:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:30 -!- gffa [~unknown@unaffiliated/gffa] has quit [Remote host closed the connection]
17:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:02 <+esde> dyce
18:02 <+esde> !ccd
18:02 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
18:02 <+esde> might be what you're after
18:04 <+esde> erm
18:04 <+esde> !ifconfig
18:04 <@vpnHelper> "ifconfig" is usage: ifconfig l rn | Set TUN/TAP adapter parameters. l is the IP address of the local VPN endpoint. For TUN devices, rn is the IP address of the remote VPN endpoint. For TAP devices, rn is the subnet mask of the virtual ethernet segment which is being created or connected to.
18:04 <+esde> there we go
18:04 <+esde> It is possible to have the server allocate a static IP to a client based on its commonName. This is done by way of an --ifconfig-push command in either a ccd file or (as an advanced alternative) by --client-connect script.
18:04 <+esde> either one
18:42 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:89a9:beba:3636:716c] has quit [Remote host closed the connection]
19:05 -!- Telvana [~digits@2605:a000:122d:c154:213:72ff:fefc:b034] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:19 -!- Telvana [~digits@raven-security.com] has joined #openvpn
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:20 -!- Telvana [~digits@raven-security.com] has quit [Client Quit]
19:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d845:e4df:c964:a074] has joined #openvpn
19:22 -!- Telvana [~digits@raven-security.com] has joined #openvpn
19:55 -!- honigkuchen [~alex@ip92340fcf.dynamic.kabel-deutschland.de] has joined #openvpn
20:03 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
20:15 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
20:19 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:24 -!- dazo is now known as dazo_afk
20:43 -!- honigkuchen [~alex@ip92340fcf.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
21:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d845:e4df:c964:a074] has quit [Remote host closed the connection]
21:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
21:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
21:54 -!- SgrA [~sgra@unaffiliated/sgra] has joined #openvpn
22:02 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
22:41 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:55 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
23:13 -!- Buba1 [~Buba1@unaffiliated/buba1] has joined #openvpn
23:14 -!- Buba1 [~Buba1@unaffiliated/buba1] has quit [Client Quit]
23:33 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
23:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
23:55 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:642b:5a2:cb96:b6c6] has joined #openvpn
23:56 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:642b:5a2:cb96:b6c6] has quit [Remote host closed the connection]
23:58 -!- ShadniX [dagger@p5DDFE922.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
--- Day changed Wed Jun 24 2015
00:00 -!- ShadniX [dagger@p5481C412.dip0.t-ipconnect.de] has joined #openvpn
00:24 -!- toli [~toli@109.129.132.208] has quit [Read error: Connection reset by peer]
00:31 -!- justdave [~dave@unaffiliated/justdave] has joined #openvpn
00:33 < justdave> I'm trying to get my openvpn link (which uss tap, and dhcp seems to work fine over it) to pass ipv6 traffic as well (since the server's network has ipv6 available). I'm on OS X, and the tap0 interface doesn't seem to have ipv6 enabled. Anyone know how to enable it?
00:33 -!- toli [~toli@109.129.132.208] has joined #openvpn
00:33 < justdave> (it's enabled on the server end, it's the client end I'm having problems with)
00:43 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 250 seconds]
00:45 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has left #openvpn ["Killed buffer"]
00:48 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
00:54 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:54 -!- mode/#openvpn [+o mattock1] by ChanServ
01:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
01:34 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
01:36 -!- SgrA [~sgra@unaffiliated/sgra] has quit [Ping timeout: 276 seconds]
01:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:57 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
02:09 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:28b6:1a9:ea8f:a7b0] has joined #openvpn
02:09 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:28b6:1a9:ea8f:a7b0] has quit [Remote host closed the connection]
02:38 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 276 seconds]
02:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
02:40 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6047:917a:a76a:69f5] has joined #openvpn
02:41 -!- honigkuchen [~alex@ip92340fcf.dynamic.kabel-deutschland.de] has joined #openvpn
02:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6047:917a:a76a:69f5] has quit [Ping timeout: 248 seconds]
02:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:46 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:48 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:00 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has joined #openvpn
03:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:03 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dd21:5a02:3415:5226] has joined #openvpn
03:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dd21:5a02:3415:5226] has quit [Ping timeout: 272 seconds]
03:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:26 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3d4a:3118:77ad:fcc1] has joined #openvpn
03:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3d4a:3118:77ad:fcc1] has quit [Ping timeout: 248 seconds]
03:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3d0f:818c:e33:1094] has joined #openvpn
03:44 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3d0f:818c:e33:1094] has quit [Ping timeout: 248 seconds]
03:50 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:57 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 248 seconds]
03:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:59 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
04:05 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a87b:b506:c1c6:88f2] has joined #openvpn
04:10 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a87b:b506:c1c6:88f2] has quit [Ping timeout: 248 seconds]
04:11 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:16 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:18 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:283f:8fba:2b1e:85fa] has joined #openvpn
04:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:283f:8fba:2b1e:85fa] has quit [Ping timeout: 248 seconds]
04:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:35 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:38 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
04:41 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4444:dcc4:ac9e:c12f] has joined #openvpn
04:44 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
04:45 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4444:dcc4:ac9e:c12f] has quit [Ping timeout: 248 seconds]
04:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:48 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:49 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
04:50 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1dc8:bedc:821:6ff7] has joined #openvpn
04:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1dc8:bedc:821:6ff7] has quit [Ping timeout: 248 seconds]
04:57 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:05 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5c4d:f021:a2b4:64a] has joined #openvpn
05:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5c4d:f021:a2b4:64a] has quit [Ping timeout: 248 seconds]
05:16 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:18 < honigkuchen> I want to have internet with my android mobilephone when connecting to my vpn server. My VPN Server ist in my LAN at home. I can have internet, if I connect from outside, but not from the inside of my LAN. The problem is with android, but not with linux or windows, where it works.
05:18 < honigkuchen> and every 3 has the same config file
05:19 < BtbN> connecting to the same LAN from within that LAN won't work.
05:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2428:5c0c:103a:1399] has joined #openvpn
05:22 < honigkuchen> yes only with android
05:22 < honigkuchen> the problem is dns
05:23 < honigkuchen> ips can be reached by my android phone
05:23 < honigkuchen> but not domains
05:23 < honigkuchen> when I am in my lan to my vpn connected by the extern dyndns adress
05:23 < honigkuchen> the extern dyndns adress is the adress of my router at home
05:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2428:5c0c:103a:1399] has quit [Ping timeout: 248 seconds]
05:25 < honigkuchen> could there be a cache of old config data in my android phone, that has to be deleted?
05:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:37 < honigkuchen> how to solve a dns problem?
05:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:43 -!- lesyork [~oliver@host86-128-117-16.range86-128.btcentralplus.com] has joined #openvpn
05:43 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b1bf:f8de:f6ba:9161] has joined #openvpn
05:45 < lesyork> hi, Windows Server 2k12, got a metric of 1 for LAN, 50 for TAP, but still favouring VPN over vanilla?
05:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b1bf:f8de:f6ba:9161] has quit [Ping timeout: 248 seconds]
05:50 -!- Fusl [~Fusl@unaffiliated/fusl] has quit [Ping timeout: 252 seconds]
05:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d854:41cb:caa3:d5f2] has joined #openvpn
05:58 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
05:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d854:41cb:caa3:d5f2] has quit [Ping timeout: 248 seconds]
06:03 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:05 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:05 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:85d6:1742:aed4:4223] has joined #openvpn
06:08 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Remote host closed the connection]
06:09 -!- NTQ [~nicolas@ip5b43ab67.dynamic.kabel-deutschland.de] has left #openvpn []
06:10 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:85d6:1742:aed4:4223] has quit [Ping timeout: 248 seconds]
06:10 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6c67:b8b3:b6b6:874b] has joined #openvpn
06:15 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6c67:b8b3:b6b6:874b] has quit [Ping timeout: 256 seconds]
06:16 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c57c:3482:78a7:4128] has joined #openvpn
06:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c57c:3482:78a7:4128] has quit [Ping timeout: 248 seconds]
06:25 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:28 <@plaisthos> honigkuchen: do you have allow local lan access option on or off?
06:28 <@plaisthos> probably openvpn on android is doing more right than windows/linux
06:28 < honigkuchen> I switched it off
06:28 < honigkuchen> should I switch it on?
06:28 <@plaisthos> in default it routes even directly reachable IPs via VPN
06:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:29 <@plaisthos> which works from the client side but probably then goes wrong when the packets should go back
06:29 < honigkuchen> I switched it off, because windows becomes slow, when connected to the vpn
06:29 <@plaisthos> ?!
06:30 < honigkuchen> websites in windows OS become slow
06:30 <@plaisthos> honigkuchen: I meant the option in the android client
06:30 < honigkuchen> ah
06:30 < honigkuchen> ahm in the android config there is nothing about IPs or DNSs
06:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:30 <@plaisthos> what client are you using?
06:30 < honigkuchen> ahm
06:30 <@plaisthos> !android
06:30 <@vpnHelper> "android" is (#1) available as OpenVPN for Android as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html or (#2) Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android or (#3) Old (pre-ICS) device? See !android-old
06:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f03b:3101:620f:9b9d] has joined #openvpn
06:31 < honigkuchen> openvpn connect
06:31 <@plaisthos> there is OpenVPN connect and OpenVPN for Android
06:31 -!- lesyork [~oliver@host86-128-117-16.range86-128.btcentralplus.com] has quit [Quit: lesyork]
06:32 <@plaisthos> no idea about OpenVPN connect
06:32 <@plaisthos> try openvpn for android :)
06:32 < honigkuchen> before it worked
06:32 < honigkuchen> 2 weeks ago
06:32 < honigkuchen> I switched from ubuntu to debian (server)
06:32 < honigkuchen> and changed a bit in the config
06:33 < honigkuchen> removed push dns and removed push ip range
06:33 <@plaisthos> you remove push dns and wonder now that dns does not work anymore?!
06:33 < honigkuchen> in windows and linux it works
06:33 < honigkuchen> as clients
06:34 < honigkuchen> should I insert
06:34 < honigkuchen> push "dhcp-option DNS 8.8.8.8" ?
06:35 < honigkuchen> or my router instead of 8.8.8.8
06:35 <@plaisthos> as you just found out DNS handled a bit different under Android :)
06:35 < honigkuchen> :)
06:35 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f03b:3101:620f:9b9d] has quit [Ping timeout: 248 seconds]
06:35 <@plaisthos> OpenVPN for Android actually warns you about these configurations ...
06:36 < honigkuchen> push to 8.8.8.8 (google) didn't helped
06:38 < honigkuchen> about what particular configuration?
06:39 < honigkuchen> push dns to my router doesnt help
06:40 < honigkuchen> do I also need to push my lan Ip range?
06:40 < honigkuchen> or reboot my phone
06:41 < honigkuchen> maybe I would need if the dns source is in my lan
06:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:42 < honigkuchen> but if I do both in my config back to the state as befor 2 weeks, windows OS Computers will become slow again
06:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:43 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7132:ce51:8474:4da9] has joined #openvpn
06:45 <@plaisthos> you should probably do tcpdump on the tun interface to see what goes on
06:45 < honigkuchen> I rebooted my phone and openvpn connect tells me: possibly the tun.ko.kernel module is not loaded in your android kernel
06:45 <@plaisthos> if the dns queries from the telephone go over the tunnel etc.
06:46 <@plaisthos> Again, no idea about OpenVPN Connect
06:46 <@plaisthos> I can help you with OpenVPN for Android
06:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7132:ce51:8474:4da9] has quit [Ping timeout: 248 seconds]
06:49 <@plaisthos> If you post a log from the app I can tell you if that looks good or not
06:51 < honigkuchen> ok it works now on my phone
06:51 < honigkuchen> now I have to test wether windows internet is slow now
06:52 < honigkuchen> when connected to the vpn
06:52 < honigkuchen> so I need to reboot
06:52 < honigkuchen> c ya
06:52 -!- honigkuchen [~alex@ip92340fcf.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
06:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:56 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8526:2baf:8191:d934] has joined #openvpn
06:58 -!- honigkuchen [~alex@ip92340fcf.dynamic.kabel-deutschland.de] has joined #openvpn
06:58 < honigkuchen> re
06:58 < honigkuchen> why is push dns in the server config needed?
06:59 < Teduardo> is there a way to create a large scale mobile vpn system with OpenVPN that uses RADIUS or another form of central authentication but allows per user/per IP address access control?
06:59 < Teduardo> i.e. user1 is only allowed to access 10.0.1.1, 10.0.1.55, 10.0.1.92
07:01 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8526:2baf:8191:d934] has quit [Ping timeout: 248 seconds]
07:02 -!- apollo2k is now known as aPollO2k
07:04 -!- mator [~mator@u163.east.ru] has joined #openvpn
07:05 < mator> hello. is it possible to make openvpn client to use new ipv6 address from server ipv6 pool ?
07:06 < mator> currently it is reuses ipv6 address
07:07 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b0d7:f2e4:b028:6d12] has joined #openvpn
07:08 <@plaisthos> Teduardo: yes
07:11 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b0d7:f2e4:b028:6d12] has quit [Ping timeout: 248 seconds]
07:16 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:61bd:f1d:6f4b:fdb0] has joined #openvpn
07:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:61bd:f1d:6f4b:fdb0] has quit [Ping timeout: 248 seconds]
07:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b967:a189:bf2a:6aa7] has joined #openvpn
07:35 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b967:a189:bf2a:6aa7] has quit [Ping timeout: 248 seconds]
07:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ed1d:95a7:b486:2d23] has joined #openvpn
07:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ed1d:95a7:b486:2d23] has quit [Remote host closed the connection]
08:41 -!- themayor_ [~themayor@unaffiliated/themayor] has joined #openvpn
08:42 -!- themayor_ is now known as themayor
09:03 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
09:04 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
09:05 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
09:35 -!- antiatom [~ilse@91.214.169.69] has joined #openvpn
09:37 < antiatom> Hello all, I am running OpenVPN on a router with OpenWRT installed, and I added iptables rules to deny all traffic unless it goes thru tun0 device.  My computers will not access the Internet unless OpenVPN is running, which is great.
09:38 < antiatom> However, according to ipleak.net and dnsleaktest.com my DNS requests are leaking to my ISP
09:38 < antiatom> I am trying to troubleshoot HOW that is possible...
09:38 < antiatom> My clients have OpenNIC DNS servers hard-coded to their resolv.conf files, could that be the issue?
09:39 < antiatom> But if those requests are forced thru the OpenWRT device's OpenVPN tunnel, how could they end up hijacked by my ISP?
09:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Remote host closed the connection]
09:49 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
09:51 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:59 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
10:06 -!- msn [~msn@180.151.227.146] has joined #openvpn
10:07 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:201f:29d9:7e5f:cd9] has joined #openvpn
10:07 < msn> I am tring to connect to 2 seperate vpn networks at the same time 1 can start while other give "TCP/UDP: Socket bind failed on local address [undef]: Address already in use" even though both are using different tun devices and both are using different networks the destination port is same for both though
10:19 -!- aPollO2k is now known as apollo2k
10:25 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:28 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Excess Flood]
10:28 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
10:29 -!- mode/#openvpn [+v RBecker] by ChanServ
10:33 < Thermi> msn: Change the local ports.
10:41 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
10:43 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
10:43 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 248 seconds]
10:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
10:56 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:58 <+esde> shit man. msn. it's been a while since i used msn.
10:58 <+esde> chugging along at a blazing 24kbps
10:59 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:00 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
11:01 -!- mode/#openvpn [+v RBecker] by ChanServ
11:01 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
11:01 -!- dazo_afk is now known as dazo
11:07 < msn> Thermi: localports are not defined
11:12 < Thermi> msn: That's why they default to 1194 - the official port for openvpn.
11:12 < msn> hmmm okay thanks
11:13 < msn> now i am getting  Authenticate/Decrypt packet error: packet HMAC authentication failed
11:24 -!- honigkuchen [~alex@ip92340fcf.dynamic.kabel-deutschland.de] has left #openvpn []
11:25 -!- antiatom [~ilse@91.214.169.69] has quit [Ping timeout: 252 seconds]
11:43 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 276 seconds]
11:49 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 252 seconds]
11:51 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
12:32 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
12:34 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
12:34 -!- tjt263 [~tjt263@106-68-22-102.dyn.iinet.net.au] has quit []
12:36 < Cipher45> I'm currently running openvpn-as on a vps that only has 128mb ram and 64mb swap. It's working fine but both ram and swap are basically full all the time. I just want to know if this is okay.
12:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:37 < Cipher45> Or if someone could point me to a nice guide for setting up the openvpn package. The only ones I could find were either outdated or failed at the certificate authority stage (incorrect configurations)
12:44 <+esde> !howto
12:44 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
12:44 <+esde> !walkthrough
12:44 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
12:45 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:09 < Thermi> !as
13:09 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
13:09 < Thermi> msn: Fix your cipher settings and maybe TA key, too.
13:10 -!- toli [~toli@109.129.132.208] has quit [Ping timeout: 246 seconds]
13:11 -!- toli [~toli@109.129.132.208] has joined #openvpn
13:14 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
14:23 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:23 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:201f:29d9:7e5f:cd9] has quit [Read error: Connection reset by peer]
14:55 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has quit [Ping timeout: 276 seconds]
14:56 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 244 seconds]
14:57 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
15:30 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 248 seconds]
15:42 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has quit [Ping timeout: 276 seconds]
15:50 -!- justdave [~dave@unaffiliated/justdave] has quit [Read error: Connection reset by peer]
15:50 -!- justdave [~dave@unaffiliated/justdave] has joined #openvpn
15:58 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has joined #openvpn
15:59 < Entelin> what is considered the main openvpn client on mac (for non technical end users)? tunnelblick? Viscosity?
16:03 -!- vozz [2ea688a2@gateway/web/freenode/ip.46.166.136.162] has joined #openvpn
16:04 < vozz> How do I set up openvpn as a local proxy rather than automatically putting all my traffic through it?
16:05 < Entelin> what are you trying to accomplish specifically? openvpn isnt a proxy
16:09 < vozz> I want to be able to send just my browser traffic through openvpn, with everything else unaffected, so I was hoping I could set it so I could type something into my browser's proxy settings to send it through the VPN rather than sending all my traffic through it by default
16:11 -!- toli [~toli@109.129.132.208] has quit [Read error: Connection reset by peer]
16:13 < Entelin> you could do that two ways, setup a proxy on the remote side, or via routing using your operating system (like iptables in linux)
16:15 < Entelin> http://www.squid-cache.org/
16:15 <@vpnHelper> Title: squid : Optimising Web Delivery (at www.squid-cache.org)
16:20 -!- toli [~toli@109.129.132.208] has joined #openvpn
16:20 < vozz> Entelin: is that for the routing? The computer I'm trying to do this on is windows, the only software that seems to do what you said is forcebindip, which seems to be unmaintained old freeware.
16:21 < Entelin> i have no idea how to do that in windows outside of using a proxy,  squid is a proxy
16:22 < vozz> Where do I set up squid? Locally?
16:22 < Entelin> no at the remote side
16:22 < vozz> ah... I'm using a paid VPN host, so I can't do that
16:23 < DArqueBishop> vozz:
16:23 < DArqueBishop> !both
16:23 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
16:23 < vozz> welp, I guess I'm out of luck, thanks anyway
16:24 < DArqueBishop> I'm afraid so. All of the solutions I know of would require you to have control of the VPN server as well.
16:30 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 272 seconds]
16:49 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
17:00 -!- justinzane [~justinzan@24.49.199.88] has quit [Remote host closed the connection]
17:03 -!- vozz [2ea688a2@gateway/web/freenode/ip.46.166.136.162] has quit [Ping timeout: 246 seconds]
17:28 < Anoniem4l> Is it possible to generate the server and client certificates with openssl? (perhaps a dumb question, I know)
17:28 < Anoniem4l> CA certificates too
17:28 < Anoniem4l> certificate*
17:30 < Anoniem4l> Indeed dumb question, of course it's possible :).
17:30 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:39 -!- Ice_Strike [~none@84.92.51.164] has joined #openvpn
17:39 -!- toli [~toli@109.129.132.208] has quit [Ping timeout: 246 seconds]
17:39 < Ice_Strike> sudo openvpn --config /etc/openvpn/France.ovpn
17:40 < Ice_Strike> on Ubutu, how to setup it use that config all the time ?
17:40 -!- toli [~toli@109.129.132.208] has joined #openvpn
17:40 < Ice_Strike> Even when ubuntu booted
17:43 <@dazo> Anoniem4l: yes, it is ... but it's not an easy task ... have a look at easy-rsa to learn how to do that ... that's basically a shell wrapper around openssl
17:44 <@dazo> Ice_Strike: I dunno about ubuntu ... but usually it should be enough to move your config to /etc/openvpn ... might need a .conf extention ... and then use the openvpn init script to kick off openvpn
17:45 <@dazo> or systemd, if your ubuntu release uses systemd
17:45 < Ice_Strike> @dazo Ah I see,  I have France.ovpn in /etc/openvpn/
17:46 < Ice_Strike> Let me try to rename to France.conf if that work
17:47 < Ice_Strike>  *   Autostarting VPN 'France'
17:47 < Ice_Strike> Awesome!
17:47 < Ice_Strike> Thanks
17:47 < Ice_Strike> PrivateInternetAccess have all the config files in .ovpn
17:49 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has quit [Quit: Leaving]
17:51 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c29:501f:7644:de10] has joined #openvpn
18:09 -!- msn [~msn@180.151.227.146] has quit [Ping timeout: 248 seconds]
18:10 -!- msn [~msn@180.151.227.146] has joined #openvpn
18:15 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:201f:29d9:7e5f:cd9] has joined #openvpn
18:15 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c29:501f:7644:de10] has quit [Remote host closed the connection]
18:16 -!- Denial [~Denial@81.141.5.39] has quit [Ping timeout: 265 seconds]
18:17 -!- Denial [~Denial@81.141.20.188] has joined #openvpn
18:41 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
18:53 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
19:01 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
19:07 -!- Ice_Strike [~none@84.92.51.164] has quit []
19:14 -!- blistov [~bens@S0106e03f490494e9.vs.shawcable.net] has joined #openvpn
19:14 < blistov> Hey all, is there any way to configure a vpn client to re-resolve the remote host IP on EVERY re-attempt?
19:15 < blistov> Seems like it takes several minutes before the client finally retries the lookup.
19:41 -!- msn [~msn@180.151.227.146] has quit [Ping timeout: 250 seconds]
19:45 -!- msn [~msn@180.151.227.146] has joined #openvpn
19:57 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 250 seconds]
20:09 <@dazo> blistov: there's a trac bug ticket on this issue, I believe ... and I believe it has been patched and fixed ... but I don't recall which release this went or will go into
20:10 -!- dazo is now known as dazo_afk
20:35 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
20:45 -!- toli [~toli@109.129.132.208] has quit [Ping timeout: 246 seconds]
21:01 -!- toli [~toli@109.128.237.25] has joined #openvpn
21:01 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
21:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
21:38 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
22:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:39 -!- MogDog is now known as abc
22:39 -!- abc is now known as MogDog
22:40 -!- MogDog is now known as abc
22:40 -!- abc is now known as MogDog
23:57 -!- ShadniX [dagger@p5481C412.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:57 -!- ShadniX_ [dagger@p5481C688.dip0.t-ipconnect.de] has joined #openvpn
23:58 -!- ShadniX_ is now known as ShadniX
--- Day changed Thu Jun 25 2015
00:24 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Max SendQ exceeded]
00:27 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
00:28 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
00:37 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
00:40 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
00:41 -!- msn [~msn@180.151.227.146] has quit [Ping timeout: 256 seconds]
00:43 -!- stemid [~avatar@vpn.sydit.se] has joined #openvpn
00:48 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
01:15 -!- msn [~msn@182.72.55.194] has joined #openvpn
01:24 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
01:24 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:25 -!- badon_ is now known as badon
01:36 -!- tpanarch1st [~tpanarch1@unaffiliated/tpanarch1st] has joined #openvpn
01:36 < tpanarch1st> hello, if I change the IP address of a router, does that mean I need to change anything within openvpn - i'm running Openvpn on the Netgear N600 using Open WRT
01:44 -!- moezroy [~qq@d75-157-23-146.bchsia.telus.net] has joined #openvpn
01:45 < moezroy> !welcome
01:45 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
01:45 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
01:47 < moezroy> !route
01:47 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
01:47 <@vpnHelper> client
01:47 < tpanarch1st> hiii
01:47 < moezroy> hi
01:48 < tpanarch1st> my vpn already works
01:48 < tpanarch1st> i'm just checking that I don't break things :)
01:48 < tpanarch1st> end goal
01:48 < tpanarch1st> make sure that two locations subnet's do not collide with each other
01:48 < moezroy> you are using TAP or TUN?
01:48 < tpanarch1st> tun
01:48 < tpanarch1st> i believe..
01:48 < tpanarch1st> a friend set it up for me
01:48 < tpanarch1st> and ive seen tun0
01:48 < tpanarch1st> around
01:49 < moezroy> !redirect
01:49 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
01:49 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
01:49 < tpanarch1st> the simple question is
01:50 < tpanarch1st> will changing the IP subnet on the network the router is on require any changes in OpenVPN itself?
01:50 < tpanarch1st> or will OpenVPN just take it into account (OpenVPN runs on the router anyway)
01:50 < moezroy> !nat
01:50 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
01:50 < tpanarch1st> any chance of a yes or no please :)
02:10 -!- apollo2k is now known as aPollO2k
02:20 < moezroy> !winnat
02:20 <@vpnHelper> "winnat" is (#1) http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html for a guide on setting up NAT in windows or (#2) http://www.nanodocumet.com/?p=14 for windows XP or (#3) https://community.openvpn.net/openvpn/wiki/NatOverWindows2008 for 2k8
02:27 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
02:27 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:27 -!- badon_ is now known as badon
02:28 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Remote host closed the connection]
02:28 < moezroy> been trying to debug this for the past 3 days...using different options like push "redirect-gateway autolocal def1 bypass-dhcp bypass-dns" doesn't seem to help...clientpc cannot access window shares on serverpc...both are running win7...and dev tap
02:29 < moezroy> here is server config: https://paste.fedoraproject.org/236423/43521736/
02:31 < moezroy> here is my latest client conf: https://paste.fedoraproject.org/236424/21746614/
02:31 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 248 seconds]
02:32 < moezroy> I get the green box in the system tray which says all systems are go....ping works as expected...but I cannot access network shares
02:33 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
02:38 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
02:39 < moezroy> VM1 == W7 ClientPC (ip from DHCP 192.168.86.2)==> networked to centos VM1 (it has dhcpd and ospfd enabled) 10.10.10.2 & 192.168.86.1 ==> networked to centos VM2 (10.10.10.1 & 192.168.64.1) ==> W7 (openvpn server) (ip from DHCP 192.168.64.130 )
02:39 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 252 seconds]
02:58 -!- tpanarch1st is now known as M6LPJ
02:59 -!- M6LPJ is now known as tpanarch1st
03:03 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 248 seconds]
03:10 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
03:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
03:41 -!- Porkepix [~Porkepix@91.208.181.163] has joined #openvpn
03:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:05 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:29 -!- dazo_afk is now known as dazo
04:31 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has joined #openvpn
04:33 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Disconnected by services]
04:33 -!- badon_ [~badon@pdpc/supporter/active/badon] has joined #openvpn
04:34 -!- badon_ is now known as badon
04:39 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Excess Flood]
04:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:53 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
05:04 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
05:08 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Client Quit]
05:19 -!- husanu4 [~husanu@91.199.104.6] has joined #openvpn
05:25 -!- husanu4 [~husanu@91.199.104.6] has quit [Remote host closed the connection]
05:26 -!- husanu3 [~husanu@91.199.104.6] has joined #openvpn
05:28 -!- husanu3 [~husanu@91.199.104.6] has quit [Remote host closed the connection]
05:29 -!- husanu3 [~husanu@91.199.104.6] has joined #openvpn
05:30 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has quit [Quit: Tension, apprehension, and dissension have begun.]
05:31 -!- husanu3 [~husanu@91.199.104.6] has quit [Remote host closed the connection]
05:31 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has joined #openvpn
05:38 -!- moezroy [~qq@d75-157-23-146.bchsia.telus.net] has quit [Quit: Leaving]
05:43 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
05:45 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
05:45 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
05:59 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 272 seconds]
06:19 -!- swebb [~swebb@192.69.22.173] has quit [Ping timeout: 276 seconds]
06:24 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
06:28 -!- swebb [~swebb@8.36.226.83] has joined #openvpn
06:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:36 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
06:40 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
06:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:23 -!- Cultist [~CultOfThe@user-24-214-77-96.knology.net] has quit [Changing host]
07:23 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
07:24 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Quit: Tension, apprehension, and dissension have begun.]
07:26 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
08:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
08:12 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:32 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Remote host closed the connection]
08:42 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:201f:29d9:7e5f:cd9] has quit [Ping timeout: 248 seconds]
08:42 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
08:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
08:50 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:57 < Porkepix> Hi guys, a little question: is it possible, while connected with OpenVPN, to still use your usual DNS, but use the one from the VPN only for some domains? (Typically, *.local)
08:58 <+esde> tricky use-case
09:04 < Porkepix> esde : Yeah, I know, I tried many things, but it looks like it's quite difficult ;(
09:04 < BtbN> Not without a local intelligent resolver like dnsmasq
09:05 < Porkepix> :/
09:19 < mator> Porkepix, what wrong with local dnsmasq ? you can't install it ?
09:22 < Porkepix> mator : I don't know, but I would have hope for a simpler solution by only using openvpn configurations
09:23 < mator> Porkepix, what have vpn to do with dns? :) only to setup some dns, weither it vpn tunnel dns or your own
09:23 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
09:24 < mator> read about use case of dnsmasq, i.e. "Using special servers" on http://www.thekelleys.org.uk/dnsmasq/docs/setup.html
09:24 <@vpnHelper> Title: Configuring Dnsmasq. (at www.thekelleys.org.uk)
09:25 < Porkepix> mator : Server can push DNS, what it actually do if I don't override it, but I would prefer not to use pushed DNS if that's not for the VPN domains
09:29 < mator> Porkepix, well, seems there's no option for client to ignore some of dhcp-options... solution is probably depends on your OS, like settings read-only flag on /etc/resolv.conf or changing order of ethernet adapter list in windows
09:29 < mator> it's just my guest
09:30 < mator> i'm not a developer of openvpn
09:31 < Porkepix> mator : I tried some dhcp-options in the config file, but it rejected them
09:32 < mator> Porkepix, what side rejected? client or server? :)
09:36 < Porkepix> Well, client-side I guess: http://paste.leloop.org/?6384d75412007051#wMpeNv8I+zeQ+Iac2wBVs1+NDeL3xO1nUaQdGL4+Wd8=
09:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
09:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:45 -!- BtbN [~btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
09:45 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
09:52 -!- BtbN [btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
09:53 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
09:55 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
09:59 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
10:04 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
10:05 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
10:06 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
10:06 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
10:06 -!- mode/#openvpn [+v s7r] by ChanServ
10:10 -!- aPollO2k is now known as apollo2k
10:13 < Porkepix> mator : ^
10:15 < mator> Porkepix, i've nothing to add... =/
10:27 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
10:27 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
10:27 -!- mode/#openvpn [+v s7r] by ChanServ
10:29 < Porkepix> Anywayn I'll take a look at dnsmasq, thanks
10:31 < Porkepix> Anyway*
10:32 -!- akamaru217 [~akamaru@67.191.183.251] has joined #openvpn
10:43 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has joined #openvpn
10:52 -!- toli_ [~toli@ip-62-235-221-134.dsl.scarlet.be] has joined #openvpn
10:55 -!- toli [~toli@109.128.237.25] has quit [Ping timeout: 246 seconds]
10:55 -!- toli_ is now known as toli
10:59 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
11:34 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:05 -!- Porkepix [~Porkepix@91.208.181.163] has quit [Quit: My laptop has gone to sleep. ZZZzzz…]
12:41 -!- Porkepix [~Porkepix@178.20.51.132] has joined #openvpn
12:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
12:57 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
12:59 -!- msn [~msn@182.72.55.194] has quit [Ping timeout: 248 seconds]
13:02 -!- husanu7 [~husanu7@5-12-36-106.residential.rdsnet.ro] has joined #openvpn
13:11 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 256 seconds]
13:14 -!- husanu7 [~husanu7@5-12-36-106.residential.rdsnet.ro] has quit [Remote host closed the connection]
13:24 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 272 seconds]
13:25 -!- Porkepix_ [~Porkepix@178.20.51.132] has joined #openvpn
13:26 -!- Porkepix [~Porkepix@178.20.51.132] has quit [Ping timeout: 252 seconds]
13:38 -!- Caplain [~shayne@c-68-34-28-235.hsd1.mi.comcast.net] has joined #openvpn
13:39 < Caplain> for future reference, the edgerouter lite seems to gag on the aes-256 crypt and it's been reported that it can only max out at 15mbit. i'll be working on that. will report later :)
13:39 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has quit [Quit: mirco]
13:41 <+esde> not sure how far you're going to get. embedded devices can only do so much in the way of crypto
13:42 <+esde> !bottleneck
13:42 <@vpnHelper> "bottleneck" is (#1) OpenVPN uses userland crypto unless you have HW accel available (as shown with `openvpn --show-engines`.) This means the CPU is frequently the performance bottleneck; remember that OVPN is single-threaded or (#2) See also: !gigabit for ideas on advanced performance tuning options
13:43 <+esde> Dual-Core 1GHz, MIPS64. Yeah, no crypto offloading, you're not going to do much better than what you've got already, I'd bet.
13:58 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 252 seconds]
13:58 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
14:01 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
14:08 -!- Doyle [~Doyle@66.207.222.94] has joined #openvpn
14:10 < Doyle> Hello. When deleting a cert, then creating a new profile with the same CN, do you have to restart the service before the new cert will function?
14:21 < Eugene> Nope, the openvpn service has no direct knowledge of the cert database
14:21 < Eugene> You may need to restart the service for any changes to a ccd/ to take effect; those are cached.
14:24 -!- Porkepix_ [~Porkepix@178.20.51.132] has quit [Quit: My laptop has gone to sleep. ZZZzzz…]
14:27 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 276 seconds]
14:31 -!- tpanarch1st [~tpanarch1@unaffiliated/tpanarch1st] has quit [Ping timeout: 252 seconds]
14:35 -!- Ice_Strike [~none@84.92.51.164] has joined #openvpn
14:36 < Ice_Strike> Once VPN is connected to PrivateInternetAccess. I can no longer access to my server via SSH using my ISP IP.
14:37 < Ice_Strike> I have even added port on the router for port forwarding.
14:37 < Ice_Strike> How to make it to work?
14:44 -!- blistov [~bens@S0106e03f490494e9.vs.shawcable.net] has quit [Remote host closed the connection]
14:46 -!- tpanarch1st [~tpanarch1@unaffiliated/tpanarch1st] has joined #openvpn
14:51 -!- tpanarch1st [~tpanarch1@unaffiliated/tpanarch1st] has quit [Ping timeout: 252 seconds]
14:52 < _FBi> https://i.imgur.com/QqYOVZx.jpg
14:57 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
14:58 -!- tpanarch1st [~tpanarch1@unaffiliated/tpanarch1st] has joined #openvpn
15:11 -!- Doyle [~Doyle@66.207.222.94] has quit [Ping timeout: 264 seconds]
15:31 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
15:34 -!- tpanarch1st [~tpanarch1@unaffiliated/tpanarch1st] has quit [Ping timeout: 252 seconds]
15:35 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
15:37 -!- Doyle [~Doyle@66.207.222.94] has joined #openvpn
15:41 -!- Doyle [~Doyle@66.207.222.94] has quit [Ping timeout: 244 seconds]
15:46 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has joined #openvpn
15:51 -!- Doyle [~Doyle@66.207.222.94] has joined #openvpn
15:51 < Doyle> Thanks Eugene
16:01 -!- sysanthrope [~sysanthro@its-sas-tsb-23.physical.desktop.psu.edu] has quit [Ping timeout: 252 seconds]
16:10 -!- Doyle [~Doyle@66.207.222.94] has quit [Ping timeout: 256 seconds]
16:14 -!- Doyle [~Doyle@66.207.222.94] has joined #openvpn
16:16 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
16:17 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:34 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
16:57 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Ping timeout: 612 seconds]
17:05 < Caplain> esde, thank you :)
17:06 < Caplain> esde, there is accel for ipsec, does that help? i turned crypt off and it still crawls, btw
17:06 <+esde> !configs
17:06 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:06 <+esde> let's see the configs
17:06 < Caplain> root@lexington# openvpn --show-engines
17:06 < Caplain> OpenSSL Crypto Engines
17:06 < Caplain> Dynamic engine loading support [dynamic]
17:07 < Caplain> lol wow...
17:07 < Caplain> esde, the config is in erl format and i know you guys don't do erl
17:08 < Caplain> ill paste my confs anyway. the channel seems dead enough for what #ubuntu would call "off-topic" lol
17:09 < Caplain> http://pastebin.com/bTCeUBTX
17:09 <+esde>  tls {
17:09 <+esde> there is still crypto operation
17:10 < Caplain> frankly at this point i might designate a machine for openvpn and hopefully ip route add 10.37.227.0/24 via 10.37.224.87 works lol
17:10 < Caplain> wait, i can run it without certs at all???
17:10 < Caplain> haha
17:10 <+esde> i use pfsense as a firewall, and it can be configured as a vpn gateway without much effort
17:11 <+esde> it's not advised, as the encryption is what protects your data from manipulation, surveillance, tampering, etc
17:12 < Caplain> Options error: You must define CA file (--ca) or CA path (--capath)
17:12 < Caplain> Use --help for more information.
17:13 < Caplain> well right now im just testing stuff as the erl has a serious problem. idk why they included ovpn in erl considering it's...fault
17:13 < Caplain> i
17:13 < Caplain> i'll throw ovpn on my second gentoo box. should work okay. for now im using campagnol and even with that i get 11mbit from/to the erl...everything else is fine, btw
17:14 <+esde> i dont even know if it's possible to run openvpn without some sort of encryption. never tried
17:15 < Caplain> i'm gonna find out :) my biggest problem with having the ovpn gateway not on the router is data having to go over the same lines in both directions more than twice etc
17:16 <+esde> why not try pfsense? it's pretty user friendly and extensible
17:17 <+esde> or use whatever OS you'd like, but get something with crypto offloading
17:18 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 252 seconds]
17:19 < Caplain> i think the amd phenom has crypt support. either way, its benched 10 times faster than the erl anyway with openssl tests
17:19 -!- Doyle [~Doyle@66.207.222.94] has quit [Ping timeout: 255 seconds]
17:21 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
17:42 -!- Porkepix [~Porkepix@159.175.24.109.rev.sfr.net] has joined #openvpn
17:44 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
17:46 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:47 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 250 seconds]
18:04 -!- khaldrogox [~anonymous@public-wireless.sc.svcolo.com] has quit [Quit: khaldrogox]
18:08 < Caplain> esde, you cant go no-crypto. it refuses to let you with tons of funny errors :)
18:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f4a6:10bd:be8:e04e] has joined #openvpn
18:27 -!- khaldrogox [~anonymous@66-87-118-2.pools.spcsdns.net] has joined #openvpn
18:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f4a6:10bd:be8:e04e] has quit [Remote host closed the connection]
18:37 -!- Ice_Strike [~none@84.92.51.164] has quit []
18:40 -!- khaldrogox [~anonymous@66-87-118-2.pools.spcsdns.net] has quit [Read error: Connection reset by peer]
18:45 -!- khaldrogox [~anonymous@66-87-118-177.pools.spcsdns.net] has joined #openvpn
19:08 -!- khaldrogox [~anonymous@66-87-118-177.pools.spcsdns.net] has quit [Quit: khaldrogox]
19:18 -!- GabrialDestruir [cff442d1@gateway/web/freenode/ip.207.244.66.209] has joined #openvpn
19:19 < GabrialDestruir> !ovpnuke
19:19 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
19:27 -!- dazo is now known as dazo_afk
19:28 -!- miigotu [~miigotu@ip68-104-115-124.lv.lv.cox.net] has joined #openvpn
19:35 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
19:38 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
19:39 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
19:39 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
19:43 < GabrialDestruir> I seem to be able to find plenty of information on directing only specific traffic through a VPN route while making all other traffic bypass it. Is it possible to do the reverse? Have all traffic by default go through the VPN except for specific sites or clients?
19:49 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
19:52 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
20:17 -!- moezroy [~qq@d75-157-23-146.bchsia.telus.net] has joined #openvpn
20:19 < moezroy> !bridge
20:19 <@vpnHelper> "bridge" is (#1) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html for the doc or (#2) http://openvpn.net/index.php/documentation/faq.html#bridge1 for info from the FAQ or (#3) also see !tunortap and !layer2 and read --server-bridge in the manual (!man) or (#4) also see !whybridge
20:23 < GabrialDestruir> !welcome
20:23 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
20:23 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:23 < GabrialDestruir> !goal bypass vpn for specific sites
20:31 < moezroy> [root@localhost openvpn]# brctl delbr br0
20:31 < moezroy> bridge br0 is still up; can't delete it
20:31 < moezroy> this is hell
20:33 < moezroy> ah nvm...figured it out: [root@localhost openvpn]# ifconfig br0 down
20:33 < moezroy> [root@localhost openvpn]# ifconfig tap0 down
20:35 < moezroy> [root@localhost openvpn]# rmmod tun
20:35 < moezroy> ERROR: Module tun is in use
20:36 -!- GabrialDestruir [cff442d1@gateway/web/freenode/ip.207.244.66.209] has quit [Ping timeout: 246 seconds]
20:41 -!- khaldrogox [~anonymous@c-73-158-44-89.hsd1.ca.comcast.net] has joined #openvpn
20:44 -!- GabrialDestruir [cff442d1@gateway/web/freenode/ip.207.244.66.209] has joined #openvpn
20:45 < moezroy> Thu Jun 25 18:44:10 2015 us=488614 UDPv4 WRITE [14] to [AF_INET]10.10.1.3:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
20:45 < moezroy> Thu Jun 25 18:44:10 2015 us=488614 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
20:45 < moezroy> Thu Jun 25 18:44:10 2015 us=488614 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
20:51 < moezroy> nvm was connecting to the wrong vm
21:19 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Max SendQ exceeded]
21:20 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
21:21 -!- GabrialDestruir [cff442d1@gateway/web/freenode/ip.207.244.66.209] has quit [Ping timeout: 246 seconds]
21:29 -!- khaldrogox [~anonymous@c-73-158-44-89.hsd1.ca.comcast.net] has quit [Quit: khaldrogox]
21:45 -!- netwoodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
22:16 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
22:17 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
22:19 < moezroy> any way to make win7 a WINS server?
22:19 < moezroy> !wins
22:19 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba
22:21 < moezroy> any way to make win7 a WINS server *without* using samba?
22:22 < moezroy> From what I understand samba is just a way to share stuff, which is already being done naively by win7 right?
22:22 < moezroy> *natively
22:25 < moezroy> I put the IP addresses in the hosts file, as well as the lmhosts file like this 10.10.3.3 USER-PC. But still windows exploder cannot find these network shares.
22:27 < moezroy> I can ping it fine. All firewalls are disabled. Not sure what could be the issue?
23:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:23 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 255 seconds]
23:34 -!- james41382__ is now known as james41382
23:44 -!- msn [~msn@182.72.55.194] has joined #openvpn
23:51 -!- GabrialDestruir [a8010384@gateway/web/freenode/ip.168.1.3.132] has joined #openvpn
23:58 -!- ShadniX [dagger@p5481C688.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:58 -!- ShadniX_ [dagger@p5DDFF40A.dip0.t-ipconnect.de] has joined #openvpn
23:58 -!- ShadniX_ is now known as ShadniX
--- Day changed Fri Jun 26 2015
00:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
00:21 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
00:24 < GabrialDestruir> Is it possible to use the openvpn config to bypass VPN on a domain basis?
00:35 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
00:55 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 255 seconds]
00:59 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
01:00 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:03 < mator> GabrialDestruir, dnsmasq ?
01:04 -!- Tobinski [~tobinski@x2f54d1a.dyn.telefonica.de] has joined #openvpn
01:13 < GabrialDestruir> I'm not sure. I have a couple of websites that I visit that are anti-vpn yet I cannot find an easy to follow guide that I can actually understand in regards of bypassing openvpn.
01:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:16 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:16 < mator> GabrialDestruir, basically, if i understand you correctly, you have some sites, which are not resolved via vpn?
01:16 < mator> dns resolved
01:17 -!- GabrialDestruir_ [cff442d1@gateway/web/freenode/ip.207.244.66.209] has joined #openvpn
01:18 < GabrialDestruir_> No. It resolves, but they block access messages like "We detect you're using anonymizing software... etc.". So I need traffic for those sites to not go through the VPN.
01:20 -!- GabrialDestruir [a8010384@gateway/web/freenode/ip.168.1.3.132] has quit [Ping timeout: 246 seconds]
01:20 -!- GabrialDestruir_ is now known as GabrialDestruir
01:21 -!- msn [~msn@182.72.55.194] has quit [Ping timeout: 246 seconds]
01:22 < mator> GabrialDestruir, you can make a route to their network or ip directly on your computer
01:22 < mator> with "route add" command (depends on your OS)
01:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:24 -!- mode/#openvpn [+o mattock1] by ChanServ
01:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:29 < moezroy> any way to make win7 a WINS server?
01:31 < mator> no help from google ?
01:32 -!- FlorianBd [~FlorianBd@florianbador.com] has quit [Ping timeout: 255 seconds]
01:34 < moezroy> mator, it gives instructions for win server2008 instead of win7
01:35 -!- msn [~msn@117.55.242.50] has joined #openvpn
01:35 < moezroy> mator, couldn't find it in add programs/services... strange they offer IIS and FTP but no WINS
01:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3d46:a5b4:ed1a:cf27] has joined #openvpn
01:43 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3d46:a5b4:ed1a:cf27] has quit [Ping timeout: 248 seconds]
01:44 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2c46:a92f:c459:dc7c] has joined #openvpn
01:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2c46:a92f:c459:dc7c] has quit [Ping timeout: 248 seconds]
01:49 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 256 seconds]
01:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:58 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 246 seconds]
02:05 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
02:07 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e9ea:9c1d:181f:b788] has joined #openvpn
02:12 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e9ea:9c1d:181f:b788] has quit [Ping timeout: 248 seconds]
02:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:34d3:cdde:5c55:e8c] has joined #openvpn
02:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:34d3:cdde:5c55:e8c] has quit [Ping timeout: 248 seconds]
02:25 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 246 seconds]
02:27 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
02:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5000:31f0:8234:5e59] has joined #openvpn
02:33 -!- Porkepix [~Porkepix@159.175.24.109.rev.sfr.net] has quit [Quit: My laptop has gone to sleep. ZZZzzz…]
02:35 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5000:31f0:8234:5e59] has quit [Ping timeout: 248 seconds]
02:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:37 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
02:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:39 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
02:42 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:31d9:c73d:fcd7:346d] has joined #openvpn
02:45 -!- GabrialDestruir [cff442d1@gateway/web/freenode/ip.207.244.66.209] has quit [Ping timeout: 246 seconds]
02:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:31d9:c73d:fcd7:346d] has quit [Ping timeout: 248 seconds]
02:49 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:49 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 246 seconds]
02:50 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:53 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c8a3:696b:ad5e:7293] has joined #openvpn
02:56 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 272 seconds]
02:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c8a3:696b:ad5e:7293] has quit [Ping timeout: 248 seconds]
03:00 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
03:02 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:04 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:04 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dfa:1d82:de61:1f26] has joined #openvpn
03:05 -!- msn [~msn@117.55.242.50] has quit [Ping timeout: 256 seconds]
03:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dfa:1d82:de61:1f26] has quit [Ping timeout: 248 seconds]
03:15 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5809:ac19:1f84:f55f] has joined #openvpn
03:18 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
03:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5809:ac19:1f84:f55f] has quit [Ping timeout: 248 seconds]
03:22 -!- Porkepix [~Porkepix@91.208.181.163] has joined #openvpn
03:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:24 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
03:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:33 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
03:34 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
03:37 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Client Quit]
03:39 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
03:42 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 272 seconds]
03:43 -!- moezroy [~qq@d75-157-23-146.bchsia.telus.net] has quit [Quit: Leaving]
03:50 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:51 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:53 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1d40:f8ee:1341:5b05] has joined #openvpn
03:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1d40:f8ee:1341:5b05] has quit [Ping timeout: 248 seconds]
03:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
04:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:02 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:04 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:998c:82df:6e40:279] has joined #openvpn
04:09 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:998c:82df:6e40:279] has quit [Ping timeout: 248 seconds]
04:09 -!- husanu0 [~husanu0@91.199.104.6] has joined #openvpn
04:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:10 -!- apollo2k is now known as aPollO2k
04:11 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
04:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:13 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
04:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:15 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d09d:5ca0:291c:4904] has joined #openvpn
04:17 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
04:17 -!- mode/#openvpn [+v s7r] by ChanServ
04:18 -!- husanu0 [~husanu0@91.199.104.6] has quit [Remote host closed the connection]
04:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d09d:5ca0:291c:4904] has quit [Ping timeout: 248 seconds]
04:23 -!- husanu4 [~husanu4@91.199.104.6] has joined #openvpn
04:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:26 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6406:16e0:162a:69fc] has joined #openvpn
04:28 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 246 seconds]
04:28 -!- husanu4 [~husanu4@91.199.104.6] has quit [Killed (marienz (Drones are not welcome on freenode.))]
04:29 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
04:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6406:16e0:162a:69fc] has quit [Ping timeout: 248 seconds]
04:36 -!- dazo_afk is now known as dazo
04:37 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8de5:447a:6403:5617] has joined #openvpn
04:42 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8de5:447a:6403:5617] has quit [Ping timeout: 248 seconds]
04:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:02 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:11 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:17 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
05:20 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
05:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:26 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a8e6:3bba:64fa:9917] has joined #openvpn
05:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a8e6:3bba:64fa:9917] has quit [Ping timeout: 248 seconds]
05:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:33 -!- sammm [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has joined #openvpn
05:34 < sammm> hi alll
05:35 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:39 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
05:40 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
05:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:42 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:52 < toli> guys, somehow the easy-rsa didn't created the CRT file of one of the client, and now I cannot delete it anymore, even recreate it. I need to keep the ID because I creted a webbased manager, so it is important for me
05:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:56 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Quit: Quit]
05:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d7d:29c1:12ac:8e93] has joined #openvpn
06:04 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d7d:29c1:12ac:8e93] has quit [Ping timeout: 248 seconds]
06:07 -!- Tobinski [~tobinski@x2f54d1a.dyn.telefonica.de] has quit [Quit: Leaving]
06:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:14 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
06:15 < mator> toli, error message was ?
06:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:26 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:42 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:44 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c176:d29c:7da1:a77b] has joined #openvpn
06:46 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
06:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c176:d29c:7da1:a77b] has quit [Ping timeout: 248 seconds]
07:05 < toli> mator: unable to load certificate
07:05 < toli> 140469109913256:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
07:05 < toli> Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
07:05 < toli> unable to load certificate
07:05 < toli> 140205345670824:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
07:06 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
07:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:910e:fa1c:431f:f2cf] has joined #openvpn
07:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:910e:fa1c:431f:f2cf] has quit [Ping timeout: 248 seconds]
07:16 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
07:22 < mator> toli, can't you change id with web based manager ? check your index.txt with easy-rsa for keys it knows
07:24 < toli> mator, the ID is in the index.tst already. the ID I use coresponds to our ERP DB of clients :) maybe stupid but this is the reality
07:38 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
07:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:42 < mator> toli, so what the problem again? generate new cert/key with easy-rsa, it will add it to index.txt, change id after with edit file manually ?
07:43 < mator> sorry for delays, i'm a bit busy here
07:44 < toli> mator, Are you sure? I will try
07:45 < mator> make a backup first
07:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:494c:54b8:521a:fa08] has joined #openvpn
07:46 -!- tzica [~tzica@unaffiliated/tzica] has joined #openvpn
07:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:494c:54b8:521a:fa08] has quit [Ping timeout: 248 seconds]
07:50 < toli> mator, this worked -)
07:50 < toli> but when I remove a record from the index.txt it doesn't
07:50 < toli> renaming it works
08:04 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
08:08 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
08:09 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
08:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
08:50 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 246 seconds]
08:53 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
08:58 -!- aPollO2k is now known as apollo2k
09:10 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
09:12 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
09:16 -!- Doyle [~Doyle@66.207.222.94] has joined #openvpn
09:22 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 246 seconds]
09:29 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
09:38 -!- Cultist [~CultOfThe@unaffiliated/cultist] has left #openvpn ["Leaving"]
09:47 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 246 seconds]
09:53 <+esde> !bottleneck
09:53 <@vpnHelper> "bottleneck" is (#1) OpenVPN uses userland crypto unless you have HW accel available (as shown with `openvpn --show-engines`.) This means the CPU is frequently the performance bottleneck; remember that OVPN is single-threaded or (#2) See also: !gigabit for ideas on advanced performance tuning options
10:12 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 252 seconds]
10:17 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
10:19 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
10:22 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:33 -!- khaldrogox [~anonymous@c-73-158-44-89.hsd1.ca.comcast.net] has joined #openvpn
10:38 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:38 -!- Doyle [~Doyle@66.207.222.94] has quit [Ping timeout: 256 seconds]
10:44 -!- Doyle [~Doyle@66.207.222.94] has joined #openvpn
11:03 -!- khaldrogox [~anonymous@c-73-158-44-89.hsd1.ca.comcast.net] has quit [Ping timeout: 276 seconds]
11:18 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
11:23 -!- Porkepix [~Porkepix@91.208.181.163] has quit [Quit: My laptop has gone to sleep. ZZZzzz…]
11:41 -!- Doyle [~Doyle@66.207.222.94] has quit [Ping timeout: 264 seconds]
11:53 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
11:56 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Client Quit]
12:01 -!- Doyle [~Doyle@66.207.222.94] has joined #openvpn
12:16 -!- Doyle [~Doyle@66.207.222.94] has quit [Ping timeout: 276 seconds]
12:17 -!- mensvaga [~mensvaga@192.16.204.65] has joined #openvpn
12:19 < mensvaga> I'm running into a problem using a wildcard cert where (I think) the openvpn server thinks the client is named after the wildcard cert.
12:19 < mensvaga> openvpn-2.3.6-1.el6.x86_64
12:24 <+esde> !welcome
12:24 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
12:24 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:24 <+esde> !logs
12:24 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
12:27 < mensvaga> Hello.  I would like to use OpenVPN to get computers to talk to each other over an insecure network.  I am using a wildcard cert on the server.  It appears that the openvpn server thinks the client's name is "*.example.com".  I am running openvpn-2.3.6-1.el6.x86_64 .  According to this page, http://article.gmane.org/gmane.network.openvpn.devel/8538 , OpenVPN gets the client's names from the certificates.
12:27 <@vpnHelper> Title: Gmane -- PATCH Improve error reporting on file access to client config dir and ccd exclusive (at article.gmane.org)
12:28 < mensvaga> The side affect of the (potential) issue is that the client configuration files aren't loaded for a particular client.
12:29 < mensvaga> (where my org name has been changed to *.example.com)
12:30 < mensvaga> I am more interested in hearing if people have used wildcard certs on the server.  If not, then I need to look at the source to see why the client's name is showing up incorrectly.
12:34 <+esde> https://openvpn.net/archive/openvpn-users/2006-01/msg00361.html
12:34 <@vpnHelper> Title: [Openvpn-users] Wildcard certificates? (at openvpn.net)
12:34 < mensvaga> I too, can google.
12:34 < mensvaga> I believe he's complaining about the CA.
12:35 <+esde> Going to bother posting any useful information? The logs I asked for earlier, for example?
12:38 <+esde> back to work for me, good luck!
12:41 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
12:45 < Payo> I'm sorry for the dumb question but I'm having a really hard time finding stuff online. I'd like to bypass my vpn for youtube, is that possible or do they have a billion different cdns and stuff etc ?
12:46 < mensvaga> The easiest way (sadly) might be for you to set up a squid proxy, have all clients be configured to use it (with something like wpad)
12:47 < mensvaga> and then tell the proxy to ignore requests to youtube :-/
12:47 < Payo> i'll look into that thanks i'm not sure what those are
12:48 < Payo> youtube makes me go through a captcha when i'm on my vpn :(
12:48 < mensvaga> It's a lot of work even if you know what you're doin; but a proxy might be the only thing that gives you that level of control.
12:48 < Payo> even if it's only for 1 client ?
12:48 < Payo> forgot to say that
12:49 < mensvaga> You might be able to alter your system's routes manually, but I wouldn't be able to help you with that.
12:51 < DArqueBishop> I'm going to have to agree with mensvaga, with the additional caveat that you may be plain screwed if you're not the admin of your VPN server.
12:51 < Payo> I am it's on a vps
12:51 < mensvaga> Worst case he reboots ;)
12:52 < mensvaga> Unless he tries to make that shit permanent.  Then that would be funneh.
12:52 < Payo> yeah I was thinking of changing routes that's why I was asking if it's doable or if youtube has too many ips/domains
12:52 < mensvaga> I would actually focus on specifying routes for your work only
12:53 < Payo> what do you mean ?
12:53 < Payo> I want everything to go through the vpn
12:53 < mensvaga> Like if your work only uses 10.0.0.0 addresses
12:53 < Payo> It's not for a work environment
12:53 < mensvaga> But you have a router in 10.0.0.0 that is UG
12:53 < mensvaga> s/work/WHATEVAH/
12:53 < mensvaga> How many routes do you have right now?
12:53 < mensvaga> netstat -rn
12:54 < Payo> on my client ?
12:54 < mensvaga> Or, if you're on windows, you're on your own.
12:54 -!- HardWall [~HardWall@5-15-66-95.residential.rdsnet.ro] has joined #openvpn
12:54 < Payo> http://pastie.org/10260594
12:54 < Payo> i'm on debian testing
12:54 < mensvaga> plz run teh: netstat -rn
12:54 < Payo> that is what I ran
12:54 < mensvaga> ah.  I hadn't opened it yet.
12:55 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
12:55 < mensvaga> You see how 0.0.0.0's gateway is 10.8.0.5 ?
12:56 < Payo> yes
12:56 < Payo> (I suck at networking btw I never listened in class :p)
12:59 < mensvaga> Based off of your routing table, I would move entry 4 to entry 1, and remove entry 1.  But I have no idea if it would work for you.
12:59 < Payo> what would that do ?
13:00 < Payo> wouldn't everything go through my regular gateway and not the vpn ?
13:00 < mensvaga> Bah, that's even bad advice.
13:00 < Payo> I want everything to go through the vpn (except youtube ideally)
13:00 < mensvaga> You need to figure out what network 10.8.0.0 is.  If it's a /24, or what
13:01 < mensvaga> How about everything destined for 10.8.0.0 goes through the VPN, and everything else doesn't?
13:01 < Payo> 10.8 is the vpn network
13:01 < mensvaga> 10.8.0.0/?
13:01 < Payo> not sure
13:01 < Payo> where can I check ?
13:02 < mensvaga> It looks like it's a /16.
13:04 < mensvaga> Anyway, yeah.  Mess with your routes.
13:04 < Payo> :)
13:04 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
13:18 <@dazo> !tcpip
13:18 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know
13:19 <@dazo> Payo: please read that chapter ... because we usually don't do the "101 Basic networking" classes here
13:20 <@dazo> (The thing is if you don't know basic networking, including routing ... VPN, no matter how you configure it, will be hard.  And if you by luck manage to make it work, understanding why it works will just be as difficult)
13:21 < Payo> thanks :)
13:22 -!- botsdots [62b00525@gateway/web/freenode/ip.98.176.5.37] has joined #openvpn
13:23 -!- sammm [~sammm@c114-76-87-212.thoms3.vic.optusnet.com.au] has quit [Remote host closed the connection]
13:28 -!- Pwnna [~Pwnna@eggplant.thekks.net] has joined #openvpn
13:29 < Pwnna> for openvpn, is it by default configured such that it will authenticate and let any client with a certificate signed by the same CA go through?
13:29 < Pwnna> i followed the debian instructions to set it up with easy-rsa
13:29 < Pwnna> but i find it troubling that i do not see any option saying authenticate with certificate only.
13:30 < Pwnna> I'm using TLS mode
13:30 < Pwnna> ah i see
13:30 < Pwnna> When two OpenVPN peers connect, each presents its local certificate to the other. Each peer will then check that its partner peer presented a certificate which was signed by the master root certificate as specified in --ca.
13:30 < Pwnna> When two OpenVPN peers connect, each presents its local certificate to the other. Each peer will then check that its partner peer presented a certificate which was signed by the master root certificate as specified in --ca.
13:35 -!- Porkepix [~Porkepix@lima.brainstorm.fr] has joined #openvpn
13:36 -!- Porkepix [~Porkepix@lima.brainstorm.fr] has quit [Client Quit]
13:40 -!- stemid [~avatar@vpn.sydit.se] has left #openvpn []
13:46 <@dazo> Pwnna: there really isn't much "by default" in OpenVPN ... but the a stripped down basic setup (which many do use, and it can be safe too) does only do certificate based authentication, yes
13:47 <@dazo> but client certificates must be signed by a CA the openvpn server trusts
13:47 <@dazo> (and vice versa, the client authenticates the server(s) too)
13:57 < Pwnna> can you revoke easily?
14:06 < DArqueBishop> Pwnna: https://openvpn.net/index.php/open-source/documentation/howto.html#revoke
14:06 <@vpnHelper> Title: HOWTO (at openvpn.net)
14:06 < Pwnna> DArqueBishop: so tell me if i understand that wrong: you just revoke, and put the file on the server and tell it about that file
14:06 < Pwnna> right?
14:06 < Pwnna> that should be easy enough.
14:06 < DArqueBishop> Right.
14:06 < Pwnna> is there a whitelisting mechanism?
14:07 < DArqueBishop> Not really. The whitelisting is the existence of the signed certificate.
14:08 < Pwnna> yeah
14:08 < Pwnna> i wish of certificate pinning, tho
14:08 < Pwnna> this way you don't have to revoke, just copy the certs that you allow
14:08 < Pwnna> my provisioning already allows me to do this
14:08 < DArqueBishop> You shouldn't be generating certificates that you don't plan on being used for the clients.
14:08 <+esde> ^this
14:08 < Pwnna> it's more of revoking
14:08 < Pwnna> i do plan on using
14:08 < Pwnna> but then let's say if i sell that computer, or whatever
14:09 < Pwnna> i will secure erase + revoke
14:09 < DArqueBishop> Then you just revoke that certificate.
14:09 < Pwnna> yeah
14:09 < Pwnna> revoke is more work than just removing a line from my provisioning saying that cert is no longer valid
14:09 < Pwnna> overtime, the revokation file will be big
14:09 < Pwnna> whereas the valid client # will stay the same.
14:10 < Pwnna> imagine a company where people get openvpn access, when people leave you can either revoke them, adding to the revokation file, or remove them from the whitelist.
14:10 < Pwnna> not a big deal for me personally
14:10 <+esde> you use a lot of lines
14:10 < DArqueBishop> If you're dealing with a much larger company, I would be adding another factor such as a username/password.
14:11 < DArqueBishop> Once the account is disabled, the access is revoked.
14:11 < Pwnna> that's true. that works as well. two fac is definitely better.
14:12 < Pwnna> just that i've never typed a passphrase ever. they're always on disk and i just do askpass filename.
14:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
14:14 < DArqueBishop> https://openvpn.net/index.php/open-source/documentation/howto.html#auth
14:14 <@vpnHelper> Title: HOWTO (at openvpn.net)
14:14 < DArqueBishop> Really...
14:14 < DArqueBishop> !howto
14:14 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
14:16 < Pwnna> hmm?
14:23 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
14:23 -!- Pwnna [~Pwnna@eggplant.thekks.net] has left #openvpn ["Leaving"]
14:26 -!- Pwnna [~Pwnna@eggplant.thekks.net] has joined #openvpn
14:27 < Pwnna> misclicked.. does anyone know anything about openvpn on mac and why a i can't load webpages and connects to some services while traceroute shows me that i can connect through my VPN? I'm using openvpn from homebrew. The server configuration has all the routing setup. The same config works on my phone/other computer. And yes, I've disabled the other connections before trying with the same config
14:27 < Pwnna> in fact, i can even connect to IRC while on VPN... just not webpages, and some other stuff like adium => google talk
14:27 < Pwnna> this config works on all linux machines.. o.o
14:27 <+esde> !welcome
14:27 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
14:27 <+esde> !logs
14:28 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:28 <+esde> !configs
14:28 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
14:28 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:28 <+esde> !pastebin
14:28 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
14:28 <+esde> without the information defined above, no. we have no clue.
14:30 -!- Pwnna [~Pwnna@eggplant.thekks.net] has left #openvpn ["Leaving"]
14:33 -!- Pwnna [~Pwnna@eggplant.thekks.net] has joined #openvpn
14:37 < Pwnna> looks like DNS..
14:37 < Pwnna> sometimes i just want to find out where the logs are... because at that point i can figure it out
14:38 <+esde> >i just want to find out where the logs are...
14:38 <+esde> then read the f^&(&#$%ing factoid above
14:41 < Pwnna> except it doesn't really apply to me, because that assumes you're using tunnelblick, whereas i have just the homebrew version.
14:41 < Pwnna> also after viewing some other information i don't think this is even an openvpn issue >_>
14:41 < Pwnna> nevertheless.
14:41 <+esde> there's only two places it could be logging
14:42 <+esde> syslog, or wherever it's defined in your config. /which we can't tell you since we don't have your !configs/
14:46 < Pwnna> lol
14:46 < Pwnna> syslog on a mac. i wish
14:50 <+esde> not sure if serious or trolling
14:50  * DArqueBishop shakes his head.
14:50 < DArqueBishop> Just in case he's serious: http://stackoverflow.com/questions/380172/reading-syslog-output-on-a-mac
14:50 <@vpnHelper> Title: osx - Reading syslog output on a Mac - Stack Overflow (at stackoverflow.com)
14:59 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 248 seconds]
15:06 < Pwnna> hm i think it's because all dns request is getting routed to my regular eth interface whereas other is getting routed into my vpn routes?
15:07 <+esde> !crystal
15:07 <@vpnHelper> "crystal" is (#1) Our crystal ball is out of service. Try explaining your !goal, a description of your problem, and relevant !configs and !logs. See also: !welcome. or (#2) unless reiffert is here, his crystal ball is functional again
15:07 <+esde> !effort
15:07 <@vpnHelper> "effort" is If you are not willing to put the effort into gathering information and trying to figure out your problem we are not willing to help you with it
15:08 < Pwnna> sorry. i think i got the problem under control. used this more as a brain dump than anything else
15:08 < Pwnna> thanks all
15:08 -!- Pwnna [~Pwnna@eggplant.thekks.net] has left #openvpn ["Leaving"]
15:09 -!- Tausen [~Tausen@tausen.org] has quit [Ping timeout: 256 seconds]
15:12 -!- Tausen [~Tausen@tausen.org] has joined #openvpn
15:37 -!- Caplain [~shayne@c-68-34-28-235.hsd1.mi.comcast.net] has quit [Ping timeout: 252 seconds]
15:45 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 252 seconds]
15:48 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has joined #openvpn
15:50 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
15:50 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
15:57 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has quit [Quit: Leaving]
15:58 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has joined #openvpn
16:23 -!- ntio [~ntio@unaffiliated/ntio] has quit [Remote host closed the connection]
16:26 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:37 -!- dazo is now known as dazo_afk
16:38 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:42 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
16:42 -!- FierceDeityLink [~shayne@c-68-34-28-235.hsd1.mi.comcast.net] has joined #openvpn
16:51 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
17:02 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
17:04 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
17:18 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has quit [Quit: Leaving]
17:20 -!- RealityVoid [~HardWall@5-15-100-160.residential.rdsnet.ro] has joined #openvpn
17:24 -!- HardWall [~HardWall@5-15-66-95.residential.rdsnet.ro] has quit [Ping timeout: 244 seconds]
17:29 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has left #openvpn []
17:33 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:26 -!- RealityVoid [~HardWall@5-15-100-160.residential.rdsnet.ro] has quit [Read error: Connection reset by peer]
18:27 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Quit: Goodbye!]
18:41 -!- FlorianBd [~FlorianBd@servail.com] has joined #openvpn
19:50 -!- AMERICAN_PSYCHO [~AMERICAN_@15.sub-70-196-4.myvzw.com] has joined #openvpn
20:07 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
20:11 -!- AMERICAN_PSYCHO [~AMERICAN_@15.sub-70-196-4.myvzw.com] has quit [Quit: Goodbye!]
20:13 -!- Linuxnet [~netas@unaffiliated/netas3k] has quit [Ping timeout: 252 seconds]
20:18 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
20:28 -!- sfisque [~Adium@74-95-42-38-Oregon.hfc.comcastbusiness.net] has joined #openvpn
21:08 -!- miigotu [~miigotu@ip68-104-115-124.lv.lv.cox.net] has quit [Read error: Connection reset by peer]
21:23 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
21:24 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
21:41 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
21:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:05 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:26 -!- sfisque [~Adium@74-95-42-38-Oregon.hfc.comcastbusiness.net] has quit [Ping timeout: 244 seconds]
22:27 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 252 seconds]
22:41 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
22:42 -!- rich0__ is now known as rich0
22:54 -!- toli [~toli@ip-62-235-221-134.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
22:56 -!- toli [~toli@ip-62-235-196-131.dsl.scarlet.be] has joined #openvpn
23:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
23:30 -!- FlorianBd [~FlorianBd@servail.com] has quit [Ping timeout: 255 seconds]
23:37 -!- Porkepix [~Porkepix@159.175.24.109.rev.sfr.net] has joined #openvpn
23:37 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
23:44 -!- FlorianBd [~FlorianBd@servail.com] has joined #openvpn
23:56 -!- ShadniX [dagger@p5DDFF40A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:57 -!- ShadniX [dagger@p5DDFFB94.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Jun 27 2015
00:09 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
00:10 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:23 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
00:40 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
00:55 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
00:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:55 -!- mode/#openvpn [+o mattock1] by ChanServ
01:28 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:756a:473e:a56c:68e1] has joined #openvpn
02:12 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Quit: No Ping reply in 180 seconds.]
02:22 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
02:25 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
02:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:756a:473e:a56c:68e1] has quit [Remote host closed the connection]
03:12 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4dd5:eb61:107:e48e] has joined #openvpn
03:16 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
03:17 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4dd5:eb61:107:e48e] has quit [Remote host closed the connection]
03:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 248 seconds]
03:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c1da:f86e:7dea:934b] has joined #openvpn
03:53 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c1da:f86e:7dea:934b] has quit [Ping timeout: 248 seconds]
03:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:57 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
03:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f8b6:107b:40d2:67e] has joined #openvpn
04:02 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f8b6:107b:40d2:67e] has quit [Ping timeout: 248 seconds]
04:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:10 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:58e1:f2e6:4cd3:673c] has joined #openvpn
04:14 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:58e1:f2e6:4cd3:673c] has quit [Ping timeout: 248 seconds]
04:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:18 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:22 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:48be:cc44:e00a:b549] has joined #openvpn
04:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:48be:cc44:e00a:b549] has quit [Ping timeout: 248 seconds]
04:33 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c8e5:4f79:6d50:bbc4] has joined #openvpn
04:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c8e5:4f79:6d50:bbc4] has quit [Ping timeout: 248 seconds]
04:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:45 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:75cc:413c:a15f:ac60] has joined #openvpn
04:51 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:75cc:413c:a15f:ac60] has quit [Ping timeout: 248 seconds]
04:51 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:53 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
04:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:56 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
04:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3826:34e0:3ed8:5b78] has joined #openvpn
05:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3826:34e0:3ed8:5b78] has quit [Ping timeout: 248 seconds]
05:11 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:16 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
05:19 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
05:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a88d:1ca1:70a8:435b] has joined #openvpn
05:29 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a88d:1ca1:70a8:435b] has quit [Ping timeout: 248 seconds]
05:31 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:33 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d9e0:54c7:5a1b:5e12] has joined #openvpn
05:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d9e0:54c7:5a1b:5e12] has quit [Ping timeout: 248 seconds]
05:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5c32:d85f:9b17:ffe0] has joined #openvpn
05:51 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5c32:d85f:9b17:ffe0] has quit [Ping timeout: 248 seconds]
05:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5111:c7a3:6141:c4e0] has joined #openvpn
06:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5111:c7a3:6141:c4e0] has quit [Ping timeout: 248 seconds]
06:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a932:f587:d85:acaf] has joined #openvpn
06:22 -!- zoug [~zoug@2001:41d0:52:a00::d31] has joined #openvpn
06:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a932:f587:d85:acaf] has quit [Ping timeout: 248 seconds]
06:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:43 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6900:89d4:328:60e6] has joined #openvpn
06:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6900:89d4:328:60e6] has quit [Ping timeout: 248 seconds]
06:50 -!- zoug [~zoug@2001:41d0:52:a00::d31] has quit [Quit: WeeChat 1.0.1]
06:50 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:03 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:17 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Remote host closed the connection]
07:17 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
07:18 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8c17:e480:9f3f:aacd] has joined #openvpn
07:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8c17:e480:9f3f:aacd] has quit [Ping timeout: 248 seconds]
07:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:33 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Remote host closed the connection]
07:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:51d2:75a2:25d6:64a7] has joined #openvpn
07:42 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:51d2:75a2:25d6:64a7] has quit [Ping timeout: 248 seconds]
07:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:48 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 246 seconds]
07:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:150f:ebb9:525f:e6a6] has joined #openvpn
07:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:150f:ebb9:525f:e6a6] has quit [Ping timeout: 248 seconds]
07:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
08:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
08:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:643d:e89f:ec15:fe0d] has joined #openvpn
08:06 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:643d:e89f:ec15:fe0d] has quit [Ping timeout: 248 seconds]
08:09 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
08:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
08:14 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:81e7:d6d9:7ae:4846] has joined #openvpn
08:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:81e7:d6d9:7ae:4846] has quit [Ping timeout: 248 seconds]
08:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:25 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
08:34 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has quit [Remote host closed the connection]
08:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b989:829:2198:c19b] has joined #openvpn
08:39 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has joined #openvpn
08:41 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b989:829:2198:c19b] has quit [Ping timeout: 248 seconds]
08:45 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:47 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
08:47 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9951:64bc:d359:6f0d] has joined #openvpn
08:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9951:64bc:d359:6f0d] has quit [Ping timeout: 248 seconds]
08:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
08:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8100:a31e:5b8a:13c1] has joined #openvpn
09:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8100:a31e:5b8a:13c1] has quit [Ping timeout: 248 seconds]
09:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:09 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:09 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:cc29:9de8:28d9:a472] has joined #openvpn
09:12 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
09:14 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:cc29:9de8:28d9:a472] has quit [Ping timeout: 248 seconds]
09:18 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:98e6:c1b:d541:6339] has joined #openvpn
09:21 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:98e6:c1b:d541:6339] has quit [Ping timeout: 248 seconds]
09:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:45 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
09:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c48c:bded:d986:1620] has joined #openvpn
09:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c48c:bded:d986:1620] has quit [Ping timeout: 248 seconds]
09:51 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
10:00 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7067:11e6:25db:2776] has joined #openvpn
10:05 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7067:11e6:25db:2776] has quit [Ping timeout: 248 seconds]
10:19 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
10:41 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
10:47 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
10:50 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
10:52 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
11:01 -!- rich0_ is now known as rich0
11:06 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
11:19 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
11:24 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
11:47 -!- qwd [~qwd@unaffiliated/qwd] has joined #openvpn
11:49 < qwd> I've set up openvpn on my router and I want to use it from my phone. Does it matter at all which kind of certificate I choose? I see certificate, PKCS12, Android certificate and so on in the app. Do I just pick one?
12:30 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
12:31 -!- ade_b [~Ade@redhat/adeb] has quit [Client Quit]
12:58 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:59 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
13:00 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:02 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
13:03 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:05 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
13:12 < mator> probably for android phone you choose android certificate
13:38 -!- joako [~joako@opensuse/member/joak0] has quit [Read error: Connection reset by peer]
13:42 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9d46:c8f1:36ec:3357] has joined #openvpn
13:47 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9d46:c8f1:36ec:3357] has quit [Ping timeout: 248 seconds]
13:51 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
13:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
13:53 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4522:ac3c:e536:9e4f] has joined #openvpn
13:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4522:ac3c:e536:9e4f] has quit [Ping timeout: 248 seconds]
13:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
14:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
14:00 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
14:01 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
14:03 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
14:04 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1981:fae:ec9e:21fe] has joined #openvpn
14:09 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1981:fae:ec9e:21fe] has quit [Ping timeout: 248 seconds]
14:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
14:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
14:15 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c14b:b789:bc4e:cb1e] has joined #openvpn
14:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c14b:b789:bc4e:cb1e] has quit [Ping timeout: 248 seconds]
14:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
14:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
14:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d1dd:b8ef:c693:16a1] has joined #openvpn
14:26 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
14:26 -!- mode/#openvpn [+v hyper_ch] by ChanServ
14:27 <+hyper_ch> ecrist: so, I Btrfsed myself and upgraded ot Kubuntu 15.10 which has systemd 220.... so I can now try that other umount thingy
14:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d1dd:b8ef:c693:16a1] has quit [Ping timeout: 248 seconds]
14:38 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
14:42 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
14:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
14:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8d99:7477:b7f3:db9b] has joined #openvpn
14:50 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
14:51 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8d99:7477:b7f3:db9b] has quit [Ping timeout: 252 seconds]
14:51 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
14:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
14:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
14:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
14:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:01 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3575:e584:4c56:5bcb] has joined #openvpn
15:05 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:3575:e584:4c56:5bcb] has quit [Ping timeout: 248 seconds]
15:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:23 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:43e:ad3b:3b1d:d90e] has joined #openvpn
15:24 -!- HardWall [~HardWall@5-15-100-160.residential.rdsnet.ro] has joined #openvpn
15:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:43e:ad3b:3b1d:d90e] has quit [Ping timeout: 248 seconds]
15:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:37 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1503:8808:7840:3677] has joined #openvpn
15:39 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has joined #openvpn
15:40 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has quit [Max SendQ exceeded]
15:40 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has joined #openvpn
15:42 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1503:8808:7840:3677] has quit [Ping timeout: 248 seconds]
15:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:69c1:d527:82ed:1540] has joined #openvpn
15:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:69c1:d527:82ed:1540] has quit [Ping timeout: 256 seconds]
15:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f109:e988:e530:2375] has joined #openvpn
16:04 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f109:e988:e530:2375] has quit [Ping timeout: 248 seconds]
16:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:17 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 250 seconds]
16:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:298f:992d:5263:9fa1] has joined #openvpn
16:23 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Remote host closed the connection]
16:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:298f:992d:5263:9fa1] has quit [Ping timeout: 248 seconds]
16:26 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:28 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
16:29 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
16:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:41 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
16:44 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
16:52 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
16:59 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:04 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:14 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:18 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e5ab:8514:bf9e:699f] has joined #openvpn
17:20 -!- RealityVoid [~HardWall@5-15-70-194.residential.rdsnet.ro] has joined #openvpn
17:24 -!- HardWall [~HardWall@5-15-100-160.residential.rdsnet.ro] has quit [Ping timeout: 246 seconds]
17:33 -!- RealityVoid [~HardWall@5-15-70-194.residential.rdsnet.ro] has quit [Read error: Connection reset by peer]
17:52 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
18:00 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
18:01 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
18:01 -!- toli [~toli@ip-62-235-196-131.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
18:07 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has quit [Quit: Leaving]
18:10 -!- Porkepix [~Porkepix@159.175.24.109.rev.sfr.net] has quit [Remote host closed the connection]
20:39 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Read error: Connection reset by peer]
21:35 -!- justdave [~dave@unaffiliated/justdave] has quit [Read error: Connection reset by peer]
21:35 -!- justdave [~dave@unaffiliated/justdave] has joined #openvpn
21:46 -!- polardroid [~chatzilla@191.101.12.207] has joined #openvpn
21:50 -!- polardroid [~chatzilla@191.101.12.207] has left #openvpn []
21:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e5ab:8514:bf9e:699f] has quit [Remote host closed the connection]
22:29 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d508:a7a2:4688:2276] has joined #openvpn
22:33 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d508:a7a2:4688:2276] has quit [Ping timeout: 248 seconds]
22:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
22:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
22:42 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:41e6:d329:6d:693b] has joined #openvpn
22:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:41e6:d329:6d:693b] has quit [Ping timeout: 248 seconds]
22:47 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c5f4:2bfc:ff67:a78b] has joined #openvpn
22:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c5f4:2bfc:ff67:a78b] has quit [Ping timeout: 256 seconds]
22:53 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dc3d:5ae5:fb28:71fe] has joined #openvpn
22:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dc3d:5ae5:fb28:71fe] has quit [Ping timeout: 248 seconds]
23:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:03 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
23:04 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:19d6:e21a:c06c:cad0] has joined #openvpn
23:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:19d6:e21a:c06c:cad0] has quit [Ping timeout: 248 seconds]
23:11 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
23:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:16 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
23:17 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a1dd:a2e4:f7e6:fe6a] has joined #openvpn
23:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a1dd:a2e4:f7e6:fe6a] has quit [Ping timeout: 248 seconds]
23:25 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
23:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7c0f:7cc:9683:d105] has joined #openvpn
23:32 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:7c0f:7cc:9683:d105] has quit [Ping timeout: 248 seconds]
23:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:34 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
23:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
23:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:45b3:f1ac:ada1:602f] has joined #openvpn
23:42 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:45b3:f1ac:ada1:602f] has quit [Ping timeout: 248 seconds]
23:47 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
23:49 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
23:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:34fd:9b2e:9f9c:a054] has joined #openvpn
23:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:34fd:9b2e:9f9c:a054] has quit [Ping timeout: 248 seconds]
23:55 -!- ShadniX [dagger@p5DDFFB94.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:56 -!- ShadniX [dagger@p5DDFF192.dip0.t-ipconnect.de] has joined #openvpn
23:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e495:8f01:e08c:e741] has joined #openvpn
--- Day changed Sun Jun 28 2015
00:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:e495:8f01:e08c:e741] has quit [Ping timeout: 248 seconds]
00:04 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
00:05 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
00:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
00:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Ping timeout: 248 seconds]
00:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
00:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
00:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
00:25 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
00:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9124:5ee2:1dcc:1bbe] has joined #openvpn
00:30 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9124:5ee2:1dcc:1bbe] has quit [Ping timeout: 248 seconds]
00:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
00:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
00:42 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
00:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
00:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8435:1344:1383:67d6] has joined #openvpn
00:54 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8435:1344:1383:67d6] has quit [Ping timeout: 248 seconds]
00:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
00:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:02 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:191b:f4d5:2eab:723c] has joined #openvpn
01:07 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:191b:f4d5:2eab:723c] has quit [Ping timeout: 248 seconds]
01:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:11 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:16 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f4c7:f1e9:29d9:60b2] has joined #openvpn
01:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:f4c7:f1e9:29d9:60b2] has quit [Ping timeout: 248 seconds]
01:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:21 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:26 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c056:51d:68c6:68e0] has joined #openvpn
01:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c056:51d:68c6:68e0] has quit [Ping timeout: 248 seconds]
01:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:35 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b1e2:a628:f669:bd58] has joined #openvpn
01:41 -!- badon [~badon@pdpc/supporter/active/badon] has joined #openvpn
01:44 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b1e2:a628:f669:bd58] has quit [Ping timeout: 248 seconds]
01:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
01:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
01:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5188:e99a:b3ee:d809] has joined #openvpn
01:55 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5188:e99a:b3ee:d809] has quit [Ping timeout: 248 seconds]
02:01 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b51b:5ee1:a527:7d01] has joined #openvpn
02:03 -!- badon [~badon@pdpc/supporter/active/badon] has quit [Ping timeout: 248 seconds]
02:06 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b51b:5ee1:a527:7d01] has quit [Ping timeout: 248 seconds]
02:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
02:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:12 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:60c8:939:59b2:503f] has joined #openvpn
02:13 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
02:17 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:60c8:939:59b2:503f] has quit [Ping timeout: 248 seconds]
02:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:23 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b0b1:d07d:1fd1:b864] has joined #openvpn
02:28 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b0b1:d07d:1fd1:b864] has quit [Ping timeout: 248 seconds]
02:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b175:1019:be7a:2fc4] has joined #openvpn
02:39 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b175:1019:be7a:2fc4] has quit [Ping timeout: 248 seconds]
02:39 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
02:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dde3:3bba:f47:9b3e] has joined #openvpn
02:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dde3:3bba:f47:9b3e] has quit [Ping timeout: 248 seconds]
02:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
02:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
02:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a99b:eb77:f1cb:db25] has joined #openvpn
03:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a99b:eb77:f1cb:db25] has quit [Ping timeout: 248 seconds]
03:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:09 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dd65:7fd9:eea:fb6] has joined #openvpn
03:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dd65:7fd9:eea:fb6] has quit [Ping timeout: 248 seconds]
03:20 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:743e:3098:a79:6e3f] has joined #openvpn
03:24 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:743e:3098:a79:6e3f] has quit [Ping timeout: 248 seconds]
03:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:35 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:38 -!- mgorbach [~mgorbach@pool-100-0-62-237.bstnma.fios.verizon.net] has quit [Ping timeout: 246 seconds]
03:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:45 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:46 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9cb7:2405:a7b5:c4b2] has joined #openvpn
03:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:9cb7:2405:a7b5:c4b2] has quit [Ping timeout: 248 seconds]
03:51 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
03:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
03:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d0d4:84a1:2095:32e9] has joined #openvpn
04:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d0d4:84a1:2095:32e9] has quit [Ping timeout: 248 seconds]
04:11 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:31 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:35 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:98c0:a201:a437:5d22] has joined #openvpn
04:40 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:98c0:a201:a437:5d22] has quit [Ping timeout: 248 seconds]
04:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:42 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:48 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:206e:e099:1871:b277] has joined #openvpn
04:53 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:206e:e099:1871:b277] has quit [Ping timeout: 248 seconds]
04:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
04:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
04:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6c18:8408:86e4:16cd] has joined #openvpn
05:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6c18:8408:86e4:16cd] has quit [Ping timeout: 248 seconds]
05:10 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b84b:b733:7680:ea8d] has joined #openvpn
05:15 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b84b:b733:7680:ea8d] has quit [Ping timeout: 248 seconds]
05:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:23 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 272 seconds]
05:25 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
05:26 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:31 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:801d:2b19:36f3:47be] has joined #openvpn
05:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:801d:2b19:36f3:47be] has quit [Ping timeout: 248 seconds]
05:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8831:9053:fc4e:9619] has joined #openvpn
05:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8831:9053:fc4e:9619] has quit [Ping timeout: 248 seconds]
05:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
05:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
05:58 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8d05:f0c9:ca10:4cf] has joined #openvpn
06:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8d05:f0c9:ca10:4cf] has quit [Ping timeout: 248 seconds]
06:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
06:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:25a9:5ae0:e4b1:2d43] has joined #openvpn
06:13 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:25a9:5ae0:e4b1:2d43] has quit [Ping timeout: 248 seconds]
06:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:54b5:6e32:3a65:3813] has joined #openvpn
06:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:54b5:6e32:3a65:3813] has quit [Ping timeout: 248 seconds]
06:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
06:32 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:33 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8d35:b73f:8a1b:7690] has joined #openvpn
06:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:8d35:b73f:8a1b:7690] has quit [Ping timeout: 248 seconds]
06:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:98f1:a1ea:801e:7d74] has joined #openvpn
06:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:98f1:a1ea:801e:7d74] has quit [Ping timeout: 248 seconds]
06:50 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
06:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
06:55 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d8fa:77d4:1c3f:1768] has joined #openvpn
07:00 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d8fa:77d4:1c3f:1768] has quit [Ping timeout: 248 seconds]
07:05 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:07 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
07:07 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dc2:c4e2:a1d7:adb5] has joined #openvpn
07:11 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dc2:c4e2:a1d7:adb5] has quit [Ping timeout: 248 seconds]
07:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
07:18 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
07:26 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
07:27 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:29 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
07:41 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:00 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Ping timeout: 276 seconds]
08:11 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 0.4.3]
08:13 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
08:25 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d968:abef:89f:664d] has joined #openvpn
08:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:d968:abef:89f:664d] has quit [Ping timeout: 248 seconds]
08:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:70fb:39ad:f62d:e8bb] has joined #openvpn
08:41 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:70fb:39ad:f62d:e8bb] has quit [Ping timeout: 248 seconds]
08:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
08:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
08:47 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dcfe:d625:5a32:5fa4] has joined #openvpn
08:50 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
08:51 -!- dal2 [~dal@162.250.3.19] has joined #openvpn
08:52 < dal2> !welcome
08:52 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
08:52 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:dcfe:d625:5a32:5fa4] has quit [Ping timeout: 248 seconds]
08:52 -!- zamber [~zamber@89-78-251-59.dynamic.chello.pl] has quit [Ping timeout: 252 seconds]
08:52 < dal2> !goal
08:52 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
08:52 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
08:53 < dal2> DNSLeakTest.com says I'm leaking DNS. I'd like to find out if my VPN is at fault or if I'm using openvpn wrong
08:54 < dal2> I run openvpn by doing 'sudo openvpn foobar.ovpn' Is there more I should do or is it my VPN's fault?
08:54 < dal2> thanks in advance
08:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
08:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
08:59 <+hyper_ch> leaking dns?
08:59 <+hyper_ch> !dns
08:59 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
09:00 <+hyper_ch> !pushdns
09:00 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
09:00 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
09:03 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Remote host closed the connection]
09:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:11 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:13 < dal2> Am I correct in reading the man page that my VPN might be at fault and I should try --dhcp-option to set DNS addr?
09:14 < dal2> If so, what should I set the DNS address to? The VPN's IP?
09:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:20 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
09:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:24 <+hyper_ch> not sure what you're trying to do
09:26 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:27 -!- HardWall [~HardWall@5-15-70-194.residential.rdsnet.ro] has joined #openvpn
09:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:29 < dal2> hyper_ch: My setup is leaking DNS. I don't want it to do that
09:30 <+hyper_ch> https://forum.vpn.ac/discussion/13/running-openvpn-in-linux-terminal-with-no-dns-leaks
09:30 <@vpnHelper> Title: Running OpenVPN in Linux terminal with no DNS Leaks - VPN.AC Forum (at forum.vpn.ac)
09:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
09:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:41 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a4ae:fc2:5abe:4143] has joined #openvpn
09:44 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:a4ae:fc2:5abe:4143] has quit [Ping timeout: 248 seconds]
09:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:cd8f:32b1:1ecc:fcf6] has joined #openvpn
09:49 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:52 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:cd8f:32b1:1ecc:fcf6] has quit [Ping timeout: 246 seconds]
09:53 < dal2> hyper_ch: Thanks!
09:54 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
09:55 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
10:01 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
10:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2acf:e9ff:fe1a:ef61] has joined #openvpn
10:07 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2acf:e9ff:fe1a:ef61] has quit [Ping timeout: 246 seconds]
10:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
10:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
10:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
10:18 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
10:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
10:25 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
10:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
10:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
10:29 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
10:29 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5d93:b5c:6d7b:9649] has joined #openvpn
10:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5d93:b5c:6d7b:9649] has quit [Ping timeout: 248 seconds]
10:34 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:38 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:45e2:489e:df45:de00] has joined #openvpn
10:41 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
10:43 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:45e2:489e:df45:de00] has quit [Ping timeout: 256 seconds]
10:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
10:45 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 248 seconds]
10:46 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
10:49 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:50 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:21a2:3ab1:4491:b221] has joined #openvpn
11:12 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
11:12 -!- mode/#openvpn [+v s7r] by ChanServ
11:17 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:26 -!- RealityVoid [~HardWall@5-15-70-194.residential.rdsnet.ro] has joined #openvpn
11:30 -!- HardWall [~HardWall@5-15-70-194.residential.rdsnet.ro] has quit [Ping timeout: 246 seconds]
11:30 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
11:30 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: really? must I leave? aw pls let me stay!]
11:31 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
11:48 -!- Tausen [~Tausen@tausen.org] has left #openvpn ["Leaving"]
12:03 < hays_> is there a way to make it so clients can be seen on DNS when they connect
12:08 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 276 seconds]
12:10 -!- qwd [~qwd@unaffiliated/qwd] has left #openvpn ["WeeChat 1.1.1"]
12:46 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:57 -!- mode/#openvpn [+o mattock1] by ChanServ
13:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
13:31 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:00 < FierceDeityLink> hays_, you could script it on the server side to update your zone info when a client connects :)
14:01 < FierceDeityLink> anyone know of a patch that lets ovpn use hw crypt on an ERL?
14:12 < Thermi> FierceDeityLink: Crypto is done by the crypto library that openvpn is compiled against.
14:13 < FierceDeityLink> my roommate said there is an unofficial patch to allow ovpn to use hw crypt
14:13 < Thermi> FierceDeityLink: Patching OpenVPN is the completely wrong thing to do. Find out if your crypto library supports offloading crypto to the hardware and then make it do that. In OpenSSL, that's called the "engine".
14:13 < FierceDeityLink> but tbh i think he was trolling me
14:13 < FierceDeityLink> yeah, that's what i figured. thanks
14:13 < FierceDeityLink> i was half tempted to ship crypto off to another machine. i ran into too many google results saying the ERL can't do hw crypt for anything but ipsec
14:14 < Thermi> FierceDeityLink: What is "ERL"?
14:14 < FierceDeityLink> haha wow i guess that would help :)
14:14 < FierceDeityLink> edgerouter lite
14:14 < FierceDeityLink> cpu model               : Cavium Octeon+ V0.1
14:16 < Thermi> FierceDeityLink: IPsec is implemented in the kernel, and I can remember that Ubiquity ships a custom kernel for that model that supports hw crypto offloading in the kernel for the crypto that the hw supports.
14:16 < Thermi> FierceDeityLink: For the software in userspace, you need to get similiar support, too.
14:17 < Thermi> FierceDeityLink: There is a method of offloading crypto from userspace to kernelspace, called AF_ALG. Find out if you can do that with the crypto library.
14:17 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
14:19 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
14:21 < FierceDeityLink> Thermi, PERFECT OMG THANK YOU!!!!!!!!
14:21 < FierceDeityLink> <3
14:22 < FierceDeityLink> i <3 this channel :)
14:22 < Thermi> FierceDeityLink: yw
14:22 -!- FierceDeityLink is now known as Caplain
14:24 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
14:26 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:21a2:3ab1:4491:b221] has quit [Remote host closed the connection]
14:30 < Thermi> Caplain: Some things for you to read: http://carnivore.it/2011/04/23/openssl_-_af_alg
14:31 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:31 <@vpnHelper> Title: 2011:04:23:openssl_-_af_alg [carnivore news] (at carnivore.it)
14:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4170:4522:438:c58c] has joined #openvpn
14:31 < Caplain> Thermi, beat you to it :D
14:31 < Thermi> Caplain: Perfectly fine
14:32 < Caplain> oh wait i didn't see this page. i'll document my results, though
14:37 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4170:4522:438:c58c] has quit [Remote host closed the connection]
14:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
14:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
14:55 -!- stemid [~avatar@vpn.sydit.se] has joined #openvpn
14:56 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
15:14 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
15:15 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
15:16 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ad21:8c3d:e68:b25d] has joined #openvpn
15:21 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:ad21:8c3d:e68:b25d] has quit [Ping timeout: 248 seconds]
15:22 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
15:27 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
15:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:29 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c89e:107d:d42c:328b] has joined #openvpn
15:34 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:c89e:107d:d42c:328b] has quit [Ping timeout: 248 seconds]
15:36 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:40 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
15:40 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
15:41 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:44 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1dee:3123:5464:2af9] has joined #openvpn
15:47 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
15:48 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:1dee:3123:5464:2af9] has quit [Ping timeout: 248 seconds]
15:49 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
15:49 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:50 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
15:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
15:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:00 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:01 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Remote host closed the connection]
16:02 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:05 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2acf:e9ff:fe1a:ef61] has joined #openvpn
16:09 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
16:09 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
16:10 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2acf:e9ff:fe1a:ef61] has quit [Ping timeout: 246 seconds]
16:13 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:16 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:18 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:24 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
16:24 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:25 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:31 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:31 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:cff:446b:bb91:37a0] has joined #openvpn
16:34 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
16:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:cff:446b:bb91:37a0] has quit [Ping timeout: 248 seconds]
16:39 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:40 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
16:40 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:42 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:45 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:104e:ec47:9646:e0e1] has joined #openvpn
16:47 -!- RealityVoid [~HardWall@5-15-70-194.residential.rdsnet.ro] has quit [Read error: Connection reset by peer]
16:49 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:104e:ec47:9646:e0e1] has quit [Ping timeout: 248 seconds]
16:52 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:53 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
16:59 -!- dal2 [~dal@162.250.3.19] has quit [Ping timeout: 255 seconds]
16:59 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
16:59 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2c0a:5921:1a1f:276e] has joined #openvpn
17:03 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2c0a:5921:1a1f:276e] has quit [Ping timeout: 248 seconds]
17:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:07 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Ping timeout: 252 seconds]
17:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
17:08 -!- Schrotti [~quassel@schrottfresse.de] has quit [Read error: Connection reset by peer]
17:09 -!- Fusl_ [~Fusl@unaffiliated/fusl] has joined #openvpn
17:09 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 272 seconds]
17:09 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
17:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:11 -!- Fusl_ [~Fusl@unaffiliated/fusl] has quit [Read error: Connection reset by peer]
17:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
17:13 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
17:16 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Read error: Connection reset by peer]
17:17 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:19 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
17:19 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
17:23 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4c45:39da:df5b:502c] has joined #openvpn
17:27 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:4c45:39da:df5b:502c] has quit [Ping timeout: 248 seconds]
17:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
17:30 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:31 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
17:34 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:35 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
17:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2c5b:9117:51e:7dd2] has joined #openvpn
17:40 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:2c5b:9117:51e:7dd2] has quit [Ping timeout: 248 seconds]
17:43 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:44 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
17:48 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
17:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
17:58 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
17:58 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
18:00 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:55c5:9756:dca0:537e] has joined #openvpn
18:04 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:55c5:9756:dca0:537e] has quit [Ping timeout: 248 seconds]
18:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:08 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
18:09 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
18:10 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
18:12 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:13 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
18:14 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
18:14 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b534:810:2431:23f3] has joined #openvpn
18:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b534:810:2431:23f3] has quit [Ping timeout: 248 seconds]
18:21 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
18:23 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
18:28 -!- kontaxis [~kontaxis@c-73-53-51-103.hsd1.wa.comcast.net] has joined #openvpn
18:30 -!- kontaxis [~kontaxis@c-73-53-51-103.hsd1.wa.comcast.net] has quit [Client Quit]
18:39 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
18:40 -!- mator [~mator@u163.east.ru] has quit [Read error: Connection reset by peer]
18:41 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
18:41 -!- mode/#openvpn [+v s7r] by ChanServ
19:11 -!- SineLaptop [~sinedevia@static-207-93-21-82.earthlinkbusiness.net] has joined #openvpn
19:11 < SineLaptop> hi all! i am having a little issue here that I can't quite figure out
19:12 < SineLaptop> I have an openVPN server running, and I have successfully connected my laptop to it via the generated ovpn
19:12 < SineLaptop> however, now I am trying to also connect a raspberry pi to it, so that i can access the pi from the laptop on totally different networks
19:12 < SineLaptop> the pi fails with error 111, connection refused. google says this is a port issue
19:13 < SineLaptop> so, how can i allow the openvpn server to accept multiple client connections simultaneously?
19:24 -!- CosineLaptop [~sinedevia@2600:1004:b15b:2221:f022:1418:7a47:d163] has joined #openvpn
19:24 -!- CosineLaptop [~sinedevia@2600:1004:b15b:2221:f022:1418:7a47:d163] has quit [Client Quit]
19:27 -!- SineLaptop [~sinedevia@static-207-93-21-82.earthlinkbusiness.net] has quit [Ping timeout: 256 seconds]
19:35 -!- SineLaptop [~sinedevia@static-207-93-21-82.earthlinkbusiness.net] has joined #openvpn
19:41 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 276 seconds]
19:43 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
19:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
19:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
19:57 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5d58:24f:5026:b6a4] has joined #openvpn
19:57 <+esde> sysanthrope fix your connection man :D
19:58 < SineLaptop> okay, i am slowly going insane here
19:58 -!- syedomar [~so@175.136.89.160] has joined #openvpn
19:59 < SineLaptop> i have noticed that although the openvpn client on windows 7 seems to connect, i do not get assigned a gateway so i have no access to the internet or network resources on the VPN connection
20:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:5d58:24f:5026:b6a4] has quit [Ping timeout: 248 seconds]
20:02 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:04 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
20:06 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:07 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
20:08 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6c78:c145:4f2c:286b] has joined #openvpn
20:12 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:6c78:c145:4f2c:286b] has quit [Ping timeout: 248 seconds]
20:13 -!- SineLaptop [~sinedevia@static-207-93-21-82.earthlinkbusiness.net] has quit [Ping timeout: 252 seconds]
20:15 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:16 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
20:19 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b80b:c3a1:e7cd:ceb6] has joined #openvpn
20:23 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
20:23 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
20:23 -!- mode/#openvpn [+v s7r] by ChanServ
20:23 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b80b:c3a1:e7cd:ceb6] has quit [Ping timeout: 248 seconds]
20:28 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:29 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
20:31 -!- hays_ is now known as hays
20:32 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b539:57c1:cf7c:437c] has joined #openvpn
20:36 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:b539:57c1:cf7c:437c] has quit [Ping timeout: 248 seconds]
20:37 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:38 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
20:40 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
20:43 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:81b7:39fa:6740:fea5] has joined #openvpn
20:47 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:81b7:39fa:6740:fea5] has quit [Ping timeout: 248 seconds]
20:48 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:49 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
20:53 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
20:55 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
20:57 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
21:02 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:800c:b403:d17d:d830] has joined #openvpn
21:04 -!- schneider [gxzpu@unaffiliated/schneider] has joined #openvpn
21:53 < KeatonT> Question would a legit web ssl certificate work for openvpn connections.
21:53 < KeatonT> I can just create a subdomain for a unique common name.
22:06 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
22:07 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
22:17 -!- sysanthrope [~sysanthro@2601:98a:4202:cc77:800c:b403:d17d:d830] has quit [Remote host closed the connection]
22:32 -!- defswork [~andy@mailhost.mirrormail.co.uk] has quit [Ping timeout: 276 seconds]
22:37 -!- schneider [gxzpu@unaffiliated/schneider] has left #openvpn []
22:54 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has joined #openvpn
22:56 -!- sysanthrope [~sysanthro@c-73-187-102-98.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
22:58 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 248 seconds]
23:46 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
23:53 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:53 -!- ShadniX [dagger@p5DDFF192.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:54 -!- ShadniX [dagger@p5481DC1B.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Jun 29 2015
00:13 -!- tzica [~tzica@unaffiliated/tzica] has quit [Quit: Nettalk6 - www.ntalk.de]
00:43 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 272 seconds]
01:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:09 -!- mode/#openvpn [+o mattock1] by ChanServ
01:10 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:20 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 255 seconds]
01:55 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
02:25 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
02:45 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:49 -!- stemid [~avatar@vpn.sydit.se] has left #openvpn []
02:51 -!- defswork [~andy@mailhost.mirrormail.co.uk] has joined #openvpn
03:02 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 258 seconds]
03:03 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
03:04 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
03:30 -!- APTX_ [~APTX@unaffiliated/aptx] has quit [Ping timeout: 276 seconds]
03:31 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
03:33 -!- krphop [~krphop@watch.out.the.feds.are.rightbehind.us] has quit [Ping timeout: 250 seconds]
03:43 -!- AL13N_work [~alien@91.183.52.232] has joined #openvpn
03:43 < AL13N_work> the centos6 package needs more selinux tuning
03:44 < AL13N_work> the update didn't restart the server tunnel
03:44 < AL13N_work> writing to ipp.txt is denied in selinux, and also the management tcp socket has trouble
03:44 < AL13N_work> /var/log/audit/audit.log.4:type=AVC msg=audit(1435375157.139:3761496): avc:  denied  { write } for  pid=3924 comm="openvpn" name="ipp.txt" dev=sda3 ino=918645 scontext=unconfined_u:system_r:openvpn_t:s0 tcontext=unconfined_u:object_r:openvpn_etc_t:s0 tclass=file
03:44 < AL13N_work> /var/log/audit/audit.log.4:type=AVC msg=audit(1435375159.421:3761497): avc:  denied  { name_bind } for  pid=26792 comm="openvpn" src=7505 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
03:44 < AL13N_work> is the packager here?
04:43 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 252 seconds]
04:46 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
04:46 -!- mode/#openvpn [+v esde] by ChanServ
05:20 -!- mah0-deh0 [50278c0c@gateway/web/freenode/ip.80.39.140.12] has joined #openvpn
05:20 < mah0-deh0> hello all
05:21 < mah0-deh0> I've successfully have an openvpn server running, but after server restart it doesn't work anymore
05:21 < mah0-deh0> directly from cli, it doesn't output any error
05:22 < mah0-deh0> but it is not creating tap0 interface
05:22 < mah0-deh0> any hint?
05:29 <@plaisthos> !verb
05:29 <@vpnHelper> "verb" is (#1) verb command is for setting log verbosity, see --verb in the manual (!man) for more info or (#2) verb 5 is good for finding firewall problems, verb 4 for troubleshooting anything else, and 3 is good for every day usage. or (#3) Anything more than 5 is for developer debugging only (special debug build needed)
05:33 < mah0-deh0> i have verb set to 5, but it has no ERROR or WARNING messages... :S
05:39 < mah0-deh0> now i see there's a tap0 interface that just shows when -a argument is passed to ifconfig... the problem it has no ip address...
05:42 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:00 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:01 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:04 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
06:10 -!- mah0-deh0 [50278c0c@gateway/web/freenode/ip.80.39.140.12] has quit [Quit: Page closed]
06:37 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
07:10 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:17 -!- unicodesnowman [~unicodesn@wikipedia/unicodesnowman] has quit [Ping timeout: 244 seconds]
07:37 -!- Tenhi [~tenhi@178.18.241.180] has joined #openvpn
07:56 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
08:18 -!- rich0_ is now known as rich0
08:23 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
08:42 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
08:44 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:45 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:52 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Ping timeout: 246 seconds]
09:11 -!- pushpop [~pushpop@unaffiliated/pushpop] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
09:59 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
10:24 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Quit: No Ping reply in 180 seconds.]
10:24 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
10:25 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:25 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Quit: No Ping reply in 180 seconds.]
10:28 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
10:29 -!- Haseo [~Haseo@aufrinfo.net] has quit [Quit: Surement une maj, je reviens vite ...]
10:29 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
10:30 -!- FlorianBd [~FlorianBd@servail.com] has quit [Remote host closed the connection]
10:37 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 272 seconds]
10:39 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
10:42 -!- FlorianBd [~FlorianBd@servail.com] has joined #openvpn
10:44 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
10:47 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
10:58 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 272 seconds]
11:02 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
11:05 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: Going in work...]
11:08 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
11:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:23 -!- surf [~surf@37.227.75.149] has joined #openvpn
11:24 < surf> hi guys I'm trying to setup a vpn server on my rpi. I followed the https://www.raspberrypi.org/forums/viewtopic.php?t=81657 guide but now trying to connect from the client side I get a "TLS Error: TLS key negotiation failed" . What should I check? Service is running ok on port 1194 on the server
11:24 <@vpnHelper> Title: Raspberry Pi View topic - How to set up a Raspberry Pi VPN server (at www.raspberrypi.org)
11:35 <+esde> !welcome
11:35 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
11:35 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:35 <+esde> !howto
11:35 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:41 -!- surf [~surf@37.227.75.149] has quit [Ping timeout: 264 seconds]
11:53 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
11:56 -!- botsdots [62b00525@gateway/web/freenode/ip.98.176.5.37] has quit [Quit: Page closed]
12:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:23 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:28 -!- krphop [~krphop@watch.out.the.feds.are.rightbehind.us] has joined #openvpn
13:35 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
13:46 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 252 seconds]
13:48 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
13:49 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
14:01 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:29 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 276 seconds]
14:31 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
14:32 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
14:36 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
14:47 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:52 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has joined #openvpn
15:01 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has quit [Quit: Leaving]
15:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
15:09 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
15:09 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
15:09 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
15:17 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 248 seconds]
15:21 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 276 seconds]
15:22 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
15:23 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
15:35 -!- James2k [~James2k@cpc71441-mapp10-2-0-cust309.12-4.cable.virginm.net] has joined #openvpn
15:35 < James2k> Hey all. Anyone good with iptables?
15:39 < James2k> !welcome
15:39 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:39 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:41 <+esde> !iptables
15:41 <@vpnHelper> "iptables" is (#1) To test if netfilter ("iptables rules") are your problem, disable all rules with an ACCEPT policy. See https://github.com/QueuingKoala/netfilter-samples/tree/master/reset-rules for a script to do this. or (#2) See also the manpage section on firewalls at this link: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbBG or (#3) These are just the basics to get you started
15:41 <@vpnHelper> as firewall design is beyond this channel's scope; you can also see #netfilter
15:41 <+esde> :D
15:41 < James2k> :(
15:42 < James2k> Off to Server Fault then!
15:55 < James2k> Let me ask the question another way, is client-to-client possible using iptables rules without enabling it globally in server.conf
15:55 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:56 < DArqueBishop> James2k, I'm pretty sure the answer to that is "no".
15:56 < James2k> Not if both clients are in the same subnet?
15:57 < DArqueBishop> If you need specific clients to be able to talk to one another but not all of them, then you can put client-to-client in a ccd entry for each relevant client.
15:57 < DArqueBishop> !ccd
15:57 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
15:57 < James2k> Ah, I'm using that already for static IP's
15:58 < James2k> So just add it to the ccd client file already present?
15:58 < DArqueBishop> Yes.
15:58 < James2k> Ah!
15:59 < DArqueBishop> It doesn't matter what you do in iptables; if client-to-client is not enabled in the server itself, the server will just refuse to route the packets for other clients.
15:59 < James2k> I figured, but there were several references that said it was possible, but I really wasn't sure
16:01 < James2k> Hmm, just applied it to the ccd entries for the two clients, reloaded server daemon and clients and still nothing
16:02 < James2k> Will have to see if my firewall is now ironically getting in the way
16:08 < James2k> Mmm still no communication with client-to-client on in ccd
16:21 -!- James2k [~James2k@cpc71441-mapp10-2-0-cust309.12-4.cable.virginm.net] has quit [Ping timeout: 265 seconds]
16:22 < KeatonT> Hmm, so I'm having a hard time setting up the tls-verify option in vyatta
16:23 -!- James2k [~James2k@cpc71441-mapp10-2-0-cust309.12-4.cable.virginm.net] has joined #openvpn
16:24 < James2k> Managed to get it working! @DArqueBishop. I had to enable client-to-client on server and then added it to the two ccd files. As long as client-to-client isn't present in any other client config or ccd file, they won't see each other right?
16:24 < DArqueBishop> Uh, no. You need to remove it from the server configuration file. It should only be in the ccd files.
16:25 < DArqueBishop> (I could easily be wrong, but I'm pretty sure that is the case.)
16:25 < James2k> It didn't work without it not being in the server.conf
16:26 < DArqueBishop> Someone else might have a better idea, then.
16:26 < DArqueBishop> I'd continue helping but I have to go pick up my son from daycare.
16:27 < James2k> No problem. Thanks for your help!
16:46 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 264 seconds]
17:45 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
17:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:10 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
18:11 -!- James2k [~James2k@cpc71441-mapp10-2-0-cust309.12-4.cable.virginm.net] has quit [Ping timeout: 265 seconds]
18:22 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
18:27 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:42 < Caplain> KeatonT, hey, still having trouble with that lovely cavium powered devilbox? :)
18:43 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:06 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 276 seconds]
19:19 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
19:20 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:44 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
19:44 -!- mode/#openvpn [+o pekster] by ChanServ
19:44 -!- mode/#openvpn [+v-o pekster pekster] by pekster
19:52 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
19:52 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 265 seconds]
20:02 -!- moezroy [~qq@d108-180-99-187.bchsia.telus.net] has joined #openvpn
20:14 -!- ntio [~ntio@unaffiliated/ntio] has quit [Remote host closed the connection]
20:16 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:16 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:47 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Remote host closed the connection]
21:50 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
22:05 -!- moezroy [~qq@d108-180-99-187.bchsia.telus.net] has quit [Quit: Leaving]
22:49 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
22:49 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
22:49 -!- mode/#openvpn [+o krzee] by ChanServ
22:56 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
22:56 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
23:04 -!- Caplain [~shayne@c-68-34-28-235.hsd1.mi.comcast.net] has quit [Ping timeout: 244 seconds]
23:10 -!- tjt263 [~tjt263@106-68-22-102.dyn.iinet.net.au] has joined #openvpn
23:30 -!- fling [~fling@fsf/member/fling] has quit [Quit: ZNC - http://znc.in]
23:30 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
23:33 -!- fling [~fling@fsf/member/fling] has joined #openvpn
23:34 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
23:45 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
23:54 -!- ShadniX [dagger@p5481DC1B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:54 -!- ShadniX_ [dagger@p5481D26F.dip0.t-ipconnect.de] has joined #openvpn
23:54 -!- ShadniX_ is now known as ShadniX
--- Day changed Tue Jun 30 2015
00:06 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:06 -!- mode/#openvpn [+o mattock1] by ChanServ
00:30 -!- fling [~fling@fsf/member/fling] has quit [Quit: ZNC - http://znc.in]
00:32 -!- fling [~fling@fsf/member/fling] has joined #openvpn
00:34 -!- tjt263 [~tjt263@106-68-22-102.dyn.iinet.net.au] has quit []
00:59 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:34 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
01:42 -!- toli [~toli@ip-62-235-222-228.dsl.scarlet.be] has joined #openvpn
01:53 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:58 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
02:14 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:25 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 248 seconds]
02:52 -!- Haxxa [~Harrison@CPE-58-161-28-143.ebcz1.win.bigpond.net.au] has quit [Read error: Connection reset by peer]
03:48 -!- nemosphere [~nemospher@unaffiliated/nemosphere] has joined #openvpn
03:48 < nemosphere> !welcome
03:48 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:48 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:49 < nemosphere> !route
03:49 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
03:49 <@vpnHelper> client
03:53 < nemosphere> Hi people. I'll forward to use the !commands, for finding the help i require. But maybe someone knows exactly where is my howto, that's why i'll describe it quiicly here on the next line
03:55 < nemosphere> i got openvpn on a distant host. It works well for masquerading my whole traffic. But at home i got.. a box, on a local subnet called 0. On that 0 subnet, i got the other side an IPCOP host, and that's all. That ipcop host is protecting a second subnet called 1, where is my client-machine.
03:57 < nemosphere> I can access the net, but i can't access my ipcop-host, nor my box on the local subnet 0. I seen a lot of howtos. I think i have to use the mangle table for routing the packets from my client-machine throught the tun0 or the eth0
03:58 < nemosphere> all the howtos i seen are describing another topology. I trying to adapt one solution for me.
03:58 < nemosphere> thanks
04:00 < nemosphere> !topology
04:00 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
04:50 -!- debbie10t [~debbie10t@unaffiliated/m10t] has joined #openvpn
04:50 -!- debbie10t [~debbie10t@unaffiliated/m10t] has left #openvpn []
05:00 < nemosphere> !wiki
05:00 <@vpnHelper> "wiki" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN for the Unofficial wiki or (#2) https://community.openvpn.net/openvpn/wiki for the Official wiki
05:30 -!- debbie10t [~debbie10t@unaffiliated/m10t] has joined #openvpn
05:30 < debbie10t> Just so you know the download pages are OFFLINE
05:31 < debbie10t> this one is:
05:31 < debbie10t> https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.7-I602-x86_64.exe
05:57 -!- tsing [~tsing@gintama.tsing.org] has quit [Read error: Connection reset by peer]
05:57 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
06:00 -!- tjt263 [~tjt263@106-68-22-102.dyn.iinet.net.au] has joined #openvpn
06:09 -!- tsing [~tsing@gintama.tsing.org] has quit [Ping timeout: 265 seconds]
06:12 -!- tjt263 [~tjt263@106-68-22-102.dyn.iinet.net.au] has quit []
06:16 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:19 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:35 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
06:38 -!- moezroy [~qq@d108-180-99-187.bchsia.telus.net] has joined #openvpn
06:40 < moezroy> This openvpn thing is leaking all my requests all over the place in clearnet
06:41 < moezroy> server: port 1194; proto udp; dev tun; topology subnet; server 10.0.99.0 255.255.255.0; ca ca.crt; cert server.crt; key server.key ; dh dh2048.pem; push "redirect-gateway def1 bypass-dhcp"; keepalive 10 120 ; comp-lzo ; persist-key ; persist-tun; verb 6
06:41 < moezroy> client: client; pull; dev tun; proto udp; remote 200.200.0.3 1194; resolv-retry infinite; nobind; persist-key; persist-tun; ca ca.crt; cert client.crt; key client.key; remote-cert-tls server; comp-lzo; verb 6; explicit-exit-notify 2; ping 10; ping-restart 60; route-method exe; route-delay 2
06:43 < moezroy> so when I go to network places, I can see stuff like kernel: IN=eth6 OUT= MAC=ff:ff:ff:ff:ff:ff:08:00:27:d4:34:c6:08:00 SRC=3.3.0.3 DST=3.3.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=5604 PROTO=UDP SPT=137 DPT=137 LEN=76  which is being blocked by vm2's iptables
06:44 < moezroy> so it doesn't seem to be creating a tunnel but it just says green that the tunnel is created
06:46 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Excess Flood]
06:47 < moezroy> w7client(ip3.3.0.3)<==>centosVM1 running bgp to simulate real internet<==>centosVM2<==>w7(openvpn server 200.200.0.3)
06:49 < debbie10t> moezroy, check your client log for errors ...
06:53 < moezroy> debbie10t, I don't see anything out of the ordinary other than "Local Options hash (VER=V4): '41690919' ; Expected Remote Options hash (VER=V4): '530fdded' " Is that normal?
06:54 < debbie10t> probably best if you post your complete configs and logs here: https://forums.openvpn.net/configuration-f6.html
06:54 <@vpnHelper> Title: OpenVPN Support Forum Configuration (at forums.openvpn.net)
06:56 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
07:01 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
07:02 < moezroy> Client logs https://paste.fedoraproject.org/237982/35665697/
07:02 < moezroy> debbie10t, that forum is dead ;)
07:04 < debbie10t> looks like your client gateway is successfully redirected ..
07:05 < moezroy> debbie10t, If I try to access the server like this \\200.200.0.3\ I can see the traffic being blocked at centosVM1 because it is trying to connect via port 445
07:05 < debbie10t> you mean your firewall is blocking the connection ?
07:06 < moezroy> yes I have set it up that way...otherwise I would be able to access the files without openvpn
07:07 < moezroy> so instead of using the openvpn tunnel its using the regular routing over clearnet
07:09 -!- Droolio [~drool@host81-147-71-192.range81-147.btcentralplus.com] has joined #openvpn
07:09 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
07:10 < moezroy> Here are my iptable rules for the middle 2 VMs: https://paste.fedoraproject.org/237988/43566617/
07:13 < moezroy> Jun 30 04:58:36 localhost kernel: IN=eth6 OUT=eth5 SRC=3.3.0.3 DST=200.200.0.3 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=6126 PROTO=UDP SPT=137 DPT=137 LEN=58
07:13 < moezroy> Jun 30 04:58:36 localhost kernel: IN=eth6 OUT=eth5 SRC=10.0.99.2 DST=200.200.0.3 LEN=78 TOS=0x00 PREC=0x00 TTL=126 ID=14218 PROTO=UDP SPT=137 DPT=137 LEN=58
07:14 < moezroy> its even telling the middle 2 routers the ip address I am using for the VPN tunnel
07:14 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
07:15 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
07:16 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 272 seconds]
07:21 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 272 seconds]
07:22 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
07:22 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
07:23 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
07:23 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
07:23 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
07:23 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
07:24 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
07:24 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
07:24 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
07:24 -!- tapout [~tapout@unaffiliated/tapout] has quit [Max SendQ exceeded]
07:25 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
07:27 -!- nemosphere [~nemospher@unaffiliated/nemosphere] has left #openvpn ["Trop au lit pour être au net"]
07:41 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:04 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
08:04 -!- mode/#openvpn [+o dazo_afk] by ChanServ
08:04 -!- dazo_afk is now known as dazo
08:26 < DArqueBishop> !obfsproxy
08:26 <@vpnHelper> "obfsproxy" is (#1) For a writeup on using obfsproxy with OpenVPN see https://syria.hacktivist.me/?p=148 or (#2) See also !obfs. The link to TrafficObfuscation also contains a setup example
08:26 < DArqueBishop> !obfs
08:26 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being
08:26 <@vpnHelper> used. in static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
08:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
09:09 -!- utopiah [~utopiah@unaffiliated/utopiah] has joined #openvpn
09:15 -!- moezroy [~qq@d108-180-99-187.bchsia.telus.net] has quit [Ping timeout: 258 seconds]
09:31 -!- hyshai [~hyshai@66.45.253.197] has joined #openvpn
09:32 < hyshai> When's the ETA for OpenVPN Connect 1.0.6 for iOS? There's mentions of it already all the way back in 2014
09:33 <@plaisthos> !as
09:33 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access Server, Android Connect, etc. Access Server is a commercial product, different from open source OpenVPN
09:33 <@plaisthos> !forget as
09:33 <@vpnHelper> Joo got it.
09:34 <@plaisthos> !learn as as "Please go to #OpenVPN-AS for help with commercial  products from OpenVPN Technologies, including Access  Server, Android Connect, etc. Access Server is a  commercial product, different from open source OpenVPN
09:34 <@vpnHelper> Error: No closing quotation
09:34 <@plaisthos> !learn as as "Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN"
09:34 <@vpnHelper> Joo got it.
09:34 <@plaisthos> !as
09:34 <@plaisthos> hm
09:34 <@plaisthos> I broke the bot :(
09:35 <@plaisthos> !learn "as" as "Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN"
09:35 <@vpnHelper> Joo got it.
09:35 <@plaisthos> !as
09:35 <@plaisthos> !learn AS as "Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN"
09:35 <@vpnHelper> Joo got it.
09:35 <@plaisthos> !AS
09:35 <@plaisthos> !as
09:35 <@vpnHelper> "AS" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
09:35 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
09:35 <@plaisthos> !forget AS
09:35 <@vpnHelper> Joo got it.
09:35 <@plaisthos> !as
09:35 <@plaisthos> the bot is weird
09:36 <@plaisthos> !ios
09:36 <@plaisthos> !as
09:36 <@plaisthos> !help
09:36 <@vpnHelper> (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.
09:36 <@plaisthos> !help learn
09:36 <@vpnHelper> (learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
09:36 <@plaisthos> !forget as
09:36 <@vpnHelper> Error: There is no such factoid.
09:36 <@plaisthos> !learn AS as "Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN"
09:36 <@vpnHelper> Joo got it.
09:37 <@plaisthos> !as
09:37 <@plaisthos> !AS
09:37 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
09:37 <@vpnHelper> "AS" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
09:37 <@plaisthos> !forget as
09:37 <@vpnHelper> Joo got it.
09:37 <@plaisthos> !AS
09:37 <@plaisthos> !as
09:37 <@plaisthos> !learn AS as "Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN"
09:37 <@vpnHelper> Joo got it.
09:37 <@plaisthos> !as
09:37 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
09:37 <@plaisthos> !AS
09:37 <@vpnHelper> "AS" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
09:39 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
09:59 -!- farciarz84 [~farciarz@unaffiliated/farciarz84] has joined #openvpn
10:02 -!- HardWall [~HardWall@5-15-82-237.residential.rdsnet.ro] has joined #openvpn
10:08 < farciarz84> hi I hot an ip address conflict. Namely with vpn on: I cannot reach the private network, unless I set ( send all traffic through vpn ). But then, I cannot browse internet. Weird.
10:11 < debbie10t> farciarz84, http://openvpn.net/index.php/open-source/documentation/howto.html#redirect
10:11 <@vpnHelper> Title: HOWTO (at openvpn.net)
10:13 < farciarz84> debbie10t: I have pptp vpn :/
10:15 < DArqueBishop> farciarz84:
10:15 < DArqueBishop> !notovpn
10:15 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
10:16 < farciarz84> DArqueBishop: I think the problem is general and not related to the vpn at all. ip conflict
10:22 < DArqueBishop> The factoid still applies, then.
10:23 < debbie10t> also .. fix your ip conflict .. simples =]
10:24 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 252 seconds]
10:25 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:28 < debbie10t> if you /did/ have openvpn you /could/ use --client-nat : https://forums.openvpn.net/topic18888.html
10:28 <@vpnHelper> Title: OpenVPN Support Forum topology like a net29? : Configuration (at forums.openvpn.net)
10:39 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 256 seconds]
10:41 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 275 seconds]
10:43 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:44 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
10:44 -!- mode/#openvpn [+o dazo_afk] by ChanServ
10:44 -!- dazo_afk is now known as dazo
10:48 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Remote host closed the connection]
10:50 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
10:51 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 246 seconds]
10:57 -!- farciarz84 [~farciarz@unaffiliated/farciarz84] has quit [Quit: Lost terminal]
11:05 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
11:05 -!- mode/#openvpn [+o dazo_afk] by ChanServ
11:05 -!- dazo_afk is now known as dazo
11:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:13 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 256 seconds]
11:23 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
11:23 -!- mode/#openvpn [+o dazo] by ChanServ
11:24 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
11:24 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
11:25 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
11:25 -!- mode/#openvpn [+v s7r] by ChanServ
11:27 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 248 seconds]
11:30 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
11:30 -!- mode/#openvpn [+o dazo_afk] by ChanServ
11:31 -!- dazo_afk is now known as dazo
11:45 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 246 seconds]
11:47 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
11:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:56 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:06 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
12:16 -!- doogy2004 [~dougfultz@70.44.109.215.res-cmts.nbh.ptd.net] has joined #openvpn
12:17 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 264 seconds]
12:18 < doogy2004> Can anyone tell me where the OpenVPN Desktop client is located? Everything I find points to this page: https://openvpn.net/index.php/open-source/downloads.html  But the client seems to be missing.
12:18 <@vpnHelper> Title: Downloads (at openvpn.net)
12:19 < debbie10t> doogy2004, openvpn has one executable file which does both server and client .. dependant on your configuration file
12:19 < debbie10t> and a GUI which also comes with that dopwnload
12:20 < doogy2004> ok thanks, there used to be a separate download just for the desktop client.  Let me take another look
12:22 -!- Seven_Six_Two [~baba@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
12:25 < Seven_Six_Two> I think my problem is firewall. I'm using DD-WRT v24-sp2 (08/07/10) std - build 14896. I've generated required certs and keys using Linux Mint "Rebecca". When I try to connect, it times out. When I use web based port scanner to check 1194, I get "not responding".
12:25 < doogy2004> debbie, I don't see the client listed in the installer.  Any suggestions?
12:26 < debbie10t> doogy2004, what client do you mean ? e.g. what OS
12:26 < doogy2004> Windows Client
12:27 < debbie10t> then that is the download page for OpenVPN Community Edition ..
12:27 < Seven_Six_Two> I'm using the same desktop (mint rebecca) as client, and am connected to another internet connection.
12:28 < doogy2004> debbie10t, that download appears to be only the server installer for windows
12:28 < debbie10t> Seven_Six_Two, did you enable port forwarding of UDP:1194 ?
12:28 -!- d3lphi [~d3lphi@unaffiliated/d3lphi] has joined #openvpn
12:28 < debbie10t> doogy2004, openvpn has one executable file which does both server and client .. dependant on your configuration file
12:28 < doogy2004> the client i'm trying to download is pictured here: https://openvpn.net/index.php/access-server/docs/admin-guides-sp-859543150/howto-connect-client-configuration/385-how-to-import-profiles-with-the-openvpn-client.html
12:28 <@vpnHelper> Title: How to import profiles with the Desktop Client (at openvpn.net)
12:29 < debbie10t> doogy2004, that wld be !AS
12:29 < debbie10t> !AS
12:29 <@vpnHelper> "AS" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
12:29 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:29 < doogy2004> ok, thanks
12:29 < d3lphi> hello all. I have installed latest OpenVPN version on a Windows7 workstation, but when I connect to the desired OpenVPN server I see in log file that the routes couldn't be created due to missing permissions. On that workstation the employee is logged in with a "normal" windows account and no administrative privileges. How should I solve that?
12:30 < d3lphi> I cannot and won't assign administrative privileges to that user, that would be fatal. Is there anything I missed, any help appreciated. THanks in advance
12:30 < debbie10t> d3lphi, https://openvpn.net/index.php/open-source/documentation/howto.html#startup
12:30 <@vpnHelper> Title: HOWTO (at openvpn.net)
12:30 < Seven_Six_Two> debbie10t, yes. I did the iptables entries on "administration/commands/firewall" on dd-wrt, and I also enabled 1194 on NAT/QOS tab
12:34 < debbie10t> Seven_Six_Two, take the server down and then scan the port from the online scanner
12:35 < debbie10t> i think openvpn will stealth the port otherwise
12:35 < d3lphi> my configuration is http://paste.debian.net/270485/
12:35 -!- doogy2004 [~dougfultz@70.44.109.215.res-cmts.nbh.ptd.net] has left #openvpn []
12:36 < debbie10t> d3lphi, your "user" cannot run OpenVPN with admin privs .. so you must the start with the service wrapper
12:36 < Seven_Six_Two> debbie10t, oh maybe it was stealthed then. I'm not sure of the best place to scan. I found a port scanner on t1shopper.com. is there a better place?
12:36 < debbie10t> Seven_Six_Two, grc.com
12:37 < d3lphi> debbie10t: but even when I "start" the OpenVPN service within Windows Services it doesn't work. The routes are not created
12:37 < debbie10t> d3lphi, make sure the GUI is not running at the same time
12:38 < Seven_Six_Two> debbie10t, shieldsup?
12:38 < debbie10t> indeed
12:38 < d3lphi> debbie10t: it isn't !
12:39 < debbie10t> d3lphi, maybe your routing is wrong ...
12:40 < debbie10t> try a higher --verb setting on your logs ...
12:41 < Seven_Six_Two> even with the port open and iptables rule saved, grc.com reports that 1194 is stealth
12:41 < debbie10t> Seven_Six_Two, sounds like your firewall is droppping the incoming UDP:1194 packets
12:41 < d3lphi> debbie10t: LoL! There's nothing wrong on the routing as I am using the same config file on other (Linux) clients and Windows clients with administrator privileges.
12:41 < Seven_Six_Two> FYI here are the instructions that I've followed.
12:41 < Seven_Six_Two> http://www.dd-wrt.com/wiki/index.php/VPN_(the_easy_way)_v24%2B
12:41 <@vpnHelper> Title: VPN (the easy way - DD-WRT Wiki (at www.dd-wrt.com)
12:42 < debbie10t> d3lphi, you already made it clear your "user" does nmot have admin privs
12:43 < Seven_Six_Two> I have tcp and udp set as forwarded...saved and enabled. I also have a few others opened, like 80 and 25. They show as normal, and services are responding.
12:43 < debbie10t> so openvpn cannot add routes that way .. ie. using GUI
12:43 < debbie10t> use the service
12:43 < Seven_Six_Two> debbie10t, that's what the iptables rules are for.
12:43 < d3lphi> debbie10t: yes but don't tell me that my routig is wrong, because that's definitely not a helpful and related answert to the issue. As soon as I run OpenVPN GUI as "administrator" the connection is successfull and the routes are perfectly created. So this is a Windows7/Administrative/Root-Add Issue, point
12:44 < d3lphi> and as stated before, using the service does not solve the issue that's why I am here and asking
12:44 < Seven_Six_Two> debbie10t, iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
12:44 < Seven_Six_Two> debbie10t, iptables -I FORWARD 1 --source 192.168.186.0/24 -j ACCEPT
12:45 < debbie10t> back soon ...
12:46 -!- Guest27398_l [debian-tor@openvpn/user/s7r] has joined #openvpn
12:46 -!- mode/#openvpn [+v Guest27398_l] by ChanServ
12:48 < d3lphi> the solution is explained here "http://openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin.html" and "https://openvpn.net/index.php/open-source/documentation/install.html?start=1" under [Running OpenVPN as Window Service]
12:48 < d3lphi> thanks to myself
12:49 < d3lphi> :/
12:49  * d3lphi sighs
13:07 <+esde> !unpriv
13:07 <@vpnHelper> "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions.
13:07 <+esde> :D
13:08 < Eugene> who what
13:10 < Seven_Six_Two> ugh. now grc.com shows 1194 as closed, despite opening port in dd-wrt gui.
13:11 < debbie10t> Seven_Six_Two, now you need to start openvpn server ...
13:11 < Seven_Six_Two> debbie10t, I did.
13:11 < debbie10t> well .. at least your fgirewall is rejecting the packets not dropping them ..
13:11 < debbie10t> so yuou know they are getting there
13:12 < Seven_Six_Two> debbie10t, but now I don't know what to do. I can ssh in to router and list iptables entries, but I don't know how to tell what might be wrong.
13:12 < Seven_Six_Two> debbie10t, as I don't know what it should look like.
13:15 < debbie10t> i don't know what rules DD-WRT has by default but the only one you really need is:  iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
13:23 -!- Seven_Six_Two [~baba@unaffiliated/seven-six-two/x-9832417] has quit [Ping timeout: 250 seconds]
13:28 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 276 seconds]
13:35 -!- Seven_Six_Two [~baba@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
13:35 < Seven_Six_Two> sorry. connection dropped.
13:35 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:43 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:59 -!- phreakocious_ is now known as phreakocious
14:00 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
14:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:04 -!- Seven_Six_Two [~baba@unaffiliated/seven-six-two/x-9832417] has quit [Ping timeout: 264 seconds]
14:11 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:23 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 256 seconds]
14:30 -!- HardWall [~HardWall@5-15-82-237.residential.rdsnet.ro] has quit [Ping timeout: 248 seconds]
14:31 -!- HardWall [~HardWall@5-15-248-9.residential.rdsnet.ro] has joined #openvpn
14:51 -!- kennyjojo [kennyjojo@105.154.143.51] has joined #openvpn
14:56 -!- kennyjojo [kennyjojo@105.154.143.51] has left #openvpn []
15:36 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
15:45 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
15:46 -!- khaldrogox [~anonymous@64.13.138.81] has joined #openvpn
15:56 -!- HardWall [~HardWall@5-15-248-9.residential.rdsnet.ro] has quit [Read error: Connection reset by peer]
16:08 -!- Droolio [~drool@host81-147-71-192.range81-147.btcentralplus.com] has quit [Quit: Do dyslexic atheist insomniacs lay awake wondering if there's a dog?]
16:19 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:23 -!- Guest27398_l [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
16:24 -!- Guest27398_l [debian-tor@openvpn/user/s7r] has joined #openvpn
16:24 -!- mode/#openvpn [+v Guest27398_l] by ChanServ
16:40 -!- netwoodle is now known as noodle
16:50 -!- khaldrogox [~anonymous@64.13.138.81] has quit [Quit: khaldrogox]
17:22 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 250 seconds]
17:22 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
17:42 -!- Guest27398_l is now known as s7r
18:04 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 272 seconds]
18:07 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
18:14 -!- dazo is now known as dazo_afk
18:14 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 244 seconds]
18:17 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
18:23 < d3lphi> hey all. I have two script inside /config dir that is called  name_UP.bat and name_DOWN.bat . The up script is running fine after the tunnel has been established. But the DOWN script does NOT. Why? Did I miss anything here ?
18:24 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 256 seconds]
18:26 -!- d3lphi [~d3lphi@unaffiliated/d3lphi] has left #openvpn []
18:27 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has joined #openvpn
18:38 -!- ShadniX [dagger@p5481D26F.dip0.t-ipconnect.de] has quit [Quit: Bye.]
18:40 -!- ShadniX [~ShadniX@p5481D26F.dip0.t-ipconnect.de] has joined #openvpn
18:41 -!- ShadniX [~ShadniX@p5481D26F.dip0.t-ipconnect.de] has quit [Client Quit]
18:41 -!- ShadniX [dagger@p5481D26F.dip0.t-ipconnect.de] has joined #openvpn
19:10 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has quit [Ping timeout: 246 seconds]
19:12 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has joined #openvpn
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:28 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has quit [Ping timeout: 245 seconds]
19:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:27 -!- debbie10t [~debbie10t@unaffiliated/m10t] has quit [Ping timeout: 256 seconds]
21:04 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
21:16 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 244 seconds]
21:20 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
21:26 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
21:29 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 276 seconds]
22:04 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 248 seconds]
22:11 -!- AMERICAN_PSYCHO [~AMERICAN_@53.sub-70-196-0.myvzw.com] has joined #openvpn
22:20 -!- fling [~fling@fsf/member/fling] has joined #openvpn
23:14 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:17 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
23:17 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:20 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 272 seconds]
23:28 -!- justdave [~dave@unaffiliated/justdave] has quit [Read error: Connection reset by peer]
23:29 -!- justdave [~dave@unaffiliated/justdave] has joined #openvpn
23:31 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:35 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
23:46 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 264 seconds]
23:52 -!- AMERICAN_PSYCHO [~AMERICAN_@53.sub-70-196-0.myvzw.com] has quit [Ping timeout: 255 seconds]
23:53 -!- ShadniX [dagger@p5481D26F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:54 -!- ShadniX [dagger@p5DDFC093.dip0.t-ipconnect.de] has joined #openvpn
23:56 -!- utopiah [~utopiah@unaffiliated/utopiah] has left #openvpn []
--- Day changed Wed Jul 01 2015
00:06 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:07 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
00:27 -!- syedomar [~so@175.136.89.160] has quit [Read error: Connection reset by peer]
00:29 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
00:57 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has left #openvpn []
01:10 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
01:14 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:47 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:51 -!- syedomar [~so@175.136.89.160] has joined #openvpn
02:41 -!- reith [~nil@unaffiliated/reith] has joined #openvpn
02:42 < reith> anyone knows if `--redirect-gateway bypass-dns` works on android clients or not?
02:52 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:53 -!- reith [~nil@unaffiliated/reith] has quit [Quit: quited]
02:55 -!- pgicxplzs [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 252 seconds]
03:13 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:18 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:18 -!- tsing [~tsing@gintama.tsing.org] has quit [Read error: Connection reset by peer]
03:19 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
03:32 -!- rika [rika@trivialand/guesser/rika] has quit [Quit: I committed suicide.]
03:35 -!- Haigha [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
03:36 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
03:39 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
03:47 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
03:47 -!- mode/#openvpn [+v hyper_ch] by ChanServ
03:49 <+hyper_ch> hi there, I have strange issue with openvpn on my snom370. Netcat tells me that the openvpn server thinks the cert is not valid yet. However checking the .crt I have this:  https://paste.debian.net/273036/
03:56 <+hyper_ch> problem solved, thx
03:56 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
04:15 < shio> u're welcome.
04:30 -!- AlmogBaku [~AlmogBaku@bzq-79-176-166-157.red.bezeqint.net] has joined #openvpn
04:34 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
04:58 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
05:03 -!- debbie10t [~debbie10t@unaffiliated/m10t] has joined #openvpn
05:03 < debbie10t> https://forums.openvpn.net/topic19170.html
05:03 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN 2.3.7-I602-x86_64.exe download 404 Error : Forum & Website Support (at forums.openvpn.net)
05:11 -!- dazo_afk is now known as dazo
05:55 -!- goodnerd [~goodnerd@ppp-110-168-130-15.revip5.asianet.co.th] has joined #openvpn
05:55 < goodnerd> hello
05:56 < goodnerd> is there an easy fix for openvpn windows dns leak?
06:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:01 < debbie10t> https://forums.openvpn.net/topic19170.html
06:01 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN 2.3.7-I602-x86_64.exe download 404 Error : Forum & Website Support (at forums.openvpn.net)
06:02 < debbie10t> goodnerd, easy hmmm.. push "dhcp-option DNS 8.8.8.8" ...
06:03 -!- goodnerd [~goodnerd@ppp-110-168-130-15.revip5.asianet.co.th] has quit [Ping timeout: 264 seconds]
06:07 -!- AlmogBaku [~AlmogBaku@bzq-79-176-166-157.red.bezeqint.net] has quit [Ping timeout: 256 seconds]
06:21 -!- mah0-deh0 [50278c0c@gateway/web/freenode/ip.80.39.140.12] has joined #openvpn
06:21 < mah0-deh0> hello everybody
06:25 < mah0-deh0> i can't communicate between clients (i.e, ping server-client(s) is working but I can't ping between those clients)... I've resolved once with routes but I can't figure out what i did
06:27 < mah0-deh0> route 10.9.0.1 255.255.255.0 push "route 10.0.0.1 255.255.255.0"               is this ok in client.conf ?
06:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
06:40 < debbie10t> mah0-deh0, you cannot *push* anything FROM a client only TO a client ...
06:43 < mah0-deh0> debbie10t: sorry, I don't understand you
06:45 < debbie10t> mah0-deh0, mah0-deh0:  *** push "route 10.0.0.1 255.255.255.0" *** is this ok in client.conf ? (No)
06:46 < debbie10t> put in in the *Server config*
06:47 < mah0-deh0> oh, ok
06:51 < mah0-deh0> thanks
06:51 < mah0-deh0> :)
06:56 -!- TheAlien [~alien@d51538ac6.access.telenet.be] has joined #openvpn
06:56 < TheAlien> hiya, goin nuts tryin to get openvpn (installed in clearOS / centos) to successfully auth against ldap. i can see it search on my username, find 1 entry, then attempt to bind as the dn it pulled from that username, which always returns err 49 (invalid credentials) even though i put the correct one in. using commandline ldapsearch -D "found dn from logs" -W and entering pw there works great. wtf? could it be some pw hashing issue? any help deep
07:35 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Read error: Connection reset by peer]
07:39 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 276 seconds]
07:41 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:45 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:07 -!- mah0-deh0 [50278c0c@gateway/web/freenode/ip.80.39.140.12] has quit [Quit: Page closed]
08:31 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Remote host closed the connection]
09:16 -!- FlorianBd [~FlorianBd@servail.com] has quit [Ping timeout: 255 seconds]
09:33 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
09:34 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
09:37 -!- Muad`Dib [~muaddib@unaffiliated/shadok] has joined #openvpn
09:37 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:41 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Disconnected by services]
09:42 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
09:43 -!- plai [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
09:43 -!- mode/#openvpn [+o plai] by ChanServ
09:43 -!- abbe_ [having@badti.me] has joined #openvpn
09:45 -!- Exagone314 [exa@elou.world] has joined #openvpn
09:45 -!- Zimsky-- [~alice@unaffiliated/zimsky] has joined #openvpn
09:46 -!- halothe23_ [~halothe23@freenode/sponsor/halothe23] has joined #openvpn
09:46 -!- Fusl_ [~Fusl@unaffiliated/fusl] has joined #openvpn
09:46 -!- Netsplit *.net <-> *.split quits: Fusl, Telvana, tapout, avium, Kobaz, AlexRussia, jesopo, r00t^2, @plaisthos, kenyon,  (+10 more, use /NETSPLIT to show all of them)
09:46 -!- Netsplit *.net <-> *.split quits: XJR-9, Exagone313, deviantintegral, abbe, flyingkiwi, heap_, Zimsky, _bt, diytto, subzero79,  (+2 more, use /NETSPLIT to show all of them)
09:46 -!- Netsplit over, joins: deviantintegral
09:46 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
09:47 -!- halothe23_ is now known as halothe23
09:47 -!- phantomcircuit_ [~phantomci@smartcontracts.us] has joined #openvpn
09:48 -!- Fusl_ is now known as Fusl
09:48 -!- Netsplit over, joins: jesopo
09:48 -!- Netsplit over, joins: r00t^2
09:52 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:54 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
09:54 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
09:55 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
09:57 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
09:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:00 -!- Steven__ [~deepstar@pegasus.singularity.be] has joined #openvpn
10:01 < Steven__> !configs
10:01 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:04 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
10:06 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
10:06 < Steven__> hi folks, seems I have an issue... key generation: http://pastebin.com/dhtJaNNz server config: http://pastebin.com/US2ePscH client config: http://pastebin.com/rFVcapZ7 (port 11194 because of VirtualBox port forwarding, TCP connect works) server log: http://pastebin.com/TqM7GezU client log: http://pastebin.com/nimEBh0i
10:07 < Steven__> both client and server have uptodate clocks (ntpdate)
10:07 < Steven__> the client will connect to the server, and then nothing happens
10:07 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
10:08 < Steven__> server has version 2.3.2, client 2.3.6
10:08 < Steven__> server on ubuntu 14.10, client on MacOSX yosemite
10:09 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
10:14 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 264 seconds]
10:20 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
10:29 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:30 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Remote host closed the connection]
10:30 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
10:38 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
10:41 -!- mator [~mator@u163.east.ru] has joined #openvpn
10:41 -!- mator [~mator@u163.east.ru] has left #openvpn []
10:42 < debbie10t> Steven__, I have never seen --dev main used on linux ...
10:46 < Steven__> I renamed the device
10:46 < Steven__> there is also dev-type tun
10:47 < Steven__> I've deployed the same setup on another machine, and now everything works
10:47 < Steven__> I don't understand why it didn't work though
11:06 < debbie10t> same setup on another machine .. perhaps your firewall etc
11:09 < Steven__> if it was a firewall problem, the client would not able to connect to the server at all, right?
11:09 < Steven__> the logs clearly show this is not the case
11:20 -!- goodnerd [~goodnerd@ppp-110-168-130-15.revip5.asianet.co.th] has joined #openvpn
11:20 < goodnerd> hey is there a way to run openvpn without tun/tap ?
11:20 < goodnerd> also is there away to get tun/tap running if your vps company wouldn't open it for you
11:22 < debbie10t> goodnerd, run openvpn without tun/tap .. no ..
11:22 < goodnerd> gotcha
11:23 < debbie10t> goodnerd, hack VPS compay .. really No !
11:23 < goodnerd> and is asking the vps provider to turn it on the only way to get it
11:23 < goodnerd> is it common for a vps company to refuse to open tun/tap?
11:24 < debbie10t> if somebody ever finds a way to hack that then all those VPS providers that make it clear you cannot use tun/tap on their services will very quickly find a cure .. i expect ..
11:24 < goodnerd> =\
11:24 < goodnerd> i bought a vps for a year
11:24 < goodnerd> guess i should of asked them first
11:25 < debbie10t> i geuss ..
11:25 < debbie10t> maybe you can get a partial refund ...
11:25 < goodnerd> yea
11:32 -!- Matir [~matir@ubuntu/member/matir] has quit [Remote host closed the connection]
11:33 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
11:38 -!- abbe_ is now known as abbe
11:48 -!- HardWall [~HardWall@5-15-87-253.residential.rdsnet.ro] has joined #openvpn
12:20 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 255 seconds]
12:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:27 < dionysus69> hey guys I created several client keys while ago
12:28 < dionysus69> I wanted to add some now but i run build-key somename and it doesnt work
12:28 < dionysus69> do I need to recreate certificate authority from scratch as well as all other keys everytime I want to add new client key?
12:32 <+esde> source vars first
12:32 <+esde> but don't clean-all
12:32 < dionysus69> wait i am on windows
12:32 < debbie10t> dionysus69, no but you do need access to your ca.key ...
12:32 < dionysus69> there is no vars folder at all
12:32 <+esde> no clue then
12:33 < dionysus69> debbie10t: I have ca.key, so how do I run commands so create key command works :S
12:33 < debbie10t> what version of easyrsa are you using ?
12:34 < dionysus69> dunno it just came with 2.3.6 openvpn installer
12:35 < dionysus69> oh wait I think I figured, I think I need to run vars command first
12:35 < dionysus69> and then run build-key somename
12:35 < debbie10t> yes .. do *NOT* run clean-all ...
12:37 < dionysus69> ye I didnt, I assume it is a step I need to take only when I am getting started :D
12:38 < dionysus69> 32 bit - 64bit and windows/linux versions are compatible right? doesnt matter if I connect to linux server from windows client or vice versa?
12:38 < debbie10t> makes no diff ..
12:38 < debbie10t> or at least should not ...
12:39 <+esde> no
12:39 < debbie10t> new vs old versions can be problematique ..
12:40 < dionysus69> ok thanks guys :)
12:40 < dionysus69> I love you all!
12:42 < debbie10t> dionysus69, remember the "nopass" option ..
12:42 < dionysus69> wait, whats that?
12:44 < debbie10t> its probably ok .. the batch file you would use will be build-key.bat not build-key-pass.bat
12:45 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
12:47 -!- akamaru217 [~akamaru@67.191.183.251] has quit [Ping timeout: 244 seconds]
12:50 < dionysus69> ye i dont know whats build-key-pass but i have used build-key :)
12:51 < debbie10t> you have a fairly steep learning curve to look forward to ;)
12:52 < dionysus69> ugh ye but I am not planning to become vpn expert :P just want it to work :D
12:52 < dionysus69> we have limited time :P priorities ^.^
12:53 < DArqueBishop> !howto
12:53 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
12:54 -!- goodnerd [~goodnerd@ppp-110-168-130-15.revip5.asianet.co.th] has quit [Ping timeout: 244 seconds]
13:01 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:01 <+esde> that's a shit attitude to have. just my .02, though.
13:03 < debbie10t> esde, you can't fight priorities .. but they often change against your will ;)
13:11 < dionysus69> well you should familiarize with Nietzsche's three metamorphosis  :)
13:18 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 264 seconds]
13:19 < DArqueBishop> I tend to agree with esde. If you're going to run a service, it's in your best interests to learn as much as you can.
13:20 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
13:24 < dionysus69> well I guess I am partly into that since I am here to ask questions, and learn consequently ^.^
13:26 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:26 < dionysus69> btw, would version 2.3.6 work with 2.3.7, or theres no way to know until I try?
13:28 < DArqueBishop> Yes.
13:34 < dionysus69> well it worked so you guys know ^.^
13:36 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:38 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 255 seconds]
13:43 -!- Muad`Dib is now known as shadok
13:45 -!- toli [~toli@ip-62-235-222-228.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:47 -!- toli [~toli@ip-81-11-248-62.dsl.scarlet.be] has joined #openvpn
13:48 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
14:01 -!- jant [~jant@pavlov.tiddo.net] has joined #openvpn
14:04 < jant> is there any way to keep openvpn alive after OS EVENT: sleep on IOS?
14:05 < jant> i'd like to keep my sip connection alive via openvpn
14:11 <+esde> !keep-alive
14:11 <+esde> !keepalive
14:11 <@vpnHelper> "keepalive" is (#1) see --keepalive in the manual for how to make clients retry connecting if they get disconnected. or (#2) basically it is a wrapper for managing --ping and --ping-restart in server/client mode or (#3) if you use this, don't use --tls-exit and also avoid --single-session and --inactive or (#4) Also beware of --auth-nocache for automated reconnects
14:39 -!- corrideat [~riv@unaffiliated/corrideat] has joined #openvpn
14:40 < corrideat> Hello. I've compiled openvpn from source (latest git) and I'm running into issues with a ECDSA certificate. RSA certificates work just fine.
14:41 < corrideat> How can I debug this issue? The logs just say "Exiting due to fatal error"
14:42 < debbie10t> corrideat, try verb 4+ in yr config
14:43 < corrideat> debbie10t, I forgot to mention. I set it to 9
14:43 <+esde> set what to 9?
14:43 < corrideat> verbosity level
14:43 <+esde> holy shitballs
14:43 < debbie10t> verb 9 says way more than what you say ...
14:44 <+esde> anyway, it would be advantageous of you to check out the channel topic
14:49 < corrideat> Good point. Logs: http://pastebin.com/GaDr5zR8. Config: http://pastebin.com/L6qTZtWV
14:52 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
14:53 < corrideat> and just in case, this is the server certificate I'm trying to use: http://pastebin.com/0W7S0CaP
14:54 -!- HardWall [~HardWall@5-15-87-253.residential.rdsnet.ro] has quit [Ping timeout: 244 seconds]
15:00 < debbie10t> corrideat, well i admit for --verb 9 your logs don't show much !!
15:00 < corrideat> let me try disabling SELinux
15:01 < corrideat> nope, that didn't help either
15:03 < Thermi> corrideat: Get rid of that --mute
15:12 < corrideat> It's done, but I don't think there's anything useful in those lines: http://pastebin.com/HcQy0Wwt
15:13 < Thermi> corrideat: Wed Jul  1 20:07:05 2015 us=651505 Cannot load CA certificate file /etc/openvpn/ssl/ca.crt (no entries were read)
15:13 <+esde> DAMNIT Thermi
15:13 <+esde> such quick
15:13 < Thermi> esde: I'm sleepy.
15:13 < corrideat> Wow, how could I not see that
15:14 <+esde> overzealous attitude?
15:14 <+esde> :P
15:14 < Thermi> esde: Nah.
15:15 <+esde> that wasn't at you Thermi
15:15 < Thermi> esde: k
15:17 <+esde> !stats
15:17 <@vpnHelper> I have 5 registered users with 5 registered hostmasks; 1 owner and 0 admins.
15:17 <+esde> !ircstats
15:17 <@vpnHelper> "ircstats" is (#1) See http://secure-computing.net/logs/openvpn.html for all-time IRC stats. or (#2) See http://secure-computing.net/logs/openvpn-devel.html for all-time dev channel IRC stats.
15:17 <+esde> I was hoping it had been updated, but alas
15:22 < corrideat> sorry, that was some permissions issue by running openssl directly from the command line. The correct log is at http://pastebin.com/1aH7vs9y. The "fatal error" is there again.
15:22 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
15:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:24 < Thermi> corrideat: Well, then try a different format for the keys.
15:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
15:24 < Thermi> (And certificates, obviously)
15:25 < corrideat> Thermi, what do you mean by "format"? Algorithm?
15:25 < Thermi> corrideat: DER/PEM
15:26 < corrideat> I'll try that
15:32 -!- HardWall [~HardWall@5-15-87-253.residential.rdsnet.ro] has joined #openvpn
15:33 -!- jwhitmore [~jwhitmore@109.76.238.113] has joined #openvpn
15:34 -!- hololeap [~hololeap@unaffiliated/hololeap] has joined #openvpn
15:34 < jwhitmore> Hello openvpn. Trying to set up openvpn connection to my private server from an Android phone. Usually I use a Private Key and certificate to connect but the openvpn Android App is demanding a username and password. Does anybody know is there a way around that or do I have to create a user on my server for each android device
15:37 -!- HardWall [~HardWall@5-15-87-253.residential.rdsnet.ro] has quit [Read error: Connection reset by peer]
15:40 < hololeap> jwhitmore: i believe each client needs a unique key
15:43 < corrideat> Some black magic made it work and now the server is running. However, I am unable to connect now. This is from my server's logs: http://pastebin.com/snMfhwmr.
15:43 < corrideat> Any suggestions of what could be wrong now?
15:45 < corrideat> jwhitmore, which app are you using? Mine ("OpenVPN for Android") gives me the option to use certficates.
15:45 < corrideat> Thermi, thanks for the suggestion to reformat the keys/certificates
15:47 < jwhitmore> Sorry people I had a line "auth-user-pass" in my config file. Got that out and it's connected up on keys :-D
15:47 < jwhitmore> Sorry about the noise
15:53 < jwhitmore> Thinking about this how would you secure your files on an Android phone. If it gets nicked your files are sort of public. Hmmmm
15:56 <+esde> you could add another authentication, like OTP
15:58 < jwhitmore> Yeah it's going to be a trade off. I want the phone to connect automatically without user intervention. Have to accept that this will be a problem.
16:20 < DArqueBishop> jwhitmore, you would secure your files by enabling encryption on the device.
16:36 -!- JoeMerit [joe@unaffiliated/joemerit] has joined #openvpn
16:41 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 255 seconds]
16:43 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
16:45 -!- kenyon_ [kenyon@darwin.kenyonralph.com] has joined #openvpn
16:51 -!- jwhitmore [~jwhitmore@109.76.238.113] has quit [Ping timeout: 265 seconds]
16:53 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
17:02 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:05 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:05 -!- corrideat [~riv@unaffiliated/corrideat] has quit [Ping timeout: 244 seconds]
17:08 -!- toli [~toli@ip-81-11-248-62.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
17:11 -!- toli [~toli@ip-81-11-248-62.dsl.scarlet.be] has joined #openvpn
17:11 -!- debbie10t [~debbie10t@unaffiliated/m10t] has quit [Read error: Connection reset by peer]
17:19 -!- corrideat [~riv@unaffiliated/corrideat] has joined #openvpn
17:20 < corrideat> I seemed to have some connection issues, were my messages about client connectivity posted?
17:21 -!- JoeMerit [joe@unaffiliated/joemerit] has left #openvpn []
17:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
17:33 <+esde> [07 01/16:58:31] <jwhitmore> Yeah it's going to be a trade off. I want the phone to connect automatically without user intervention. Have to accept that this will be a problem.
17:34 <+esde> wrong user
17:34 <+esde> [07 01/16:45:54] <corrideat> Thermi, thanks for the suggestion to reformat the keys/certificates
17:34 -!- hololeap [~hololeap@unaffiliated/hololeap] has quit [Remote host closed the connection]
17:34 <+esde> that's the last thing i see from you corrideat
17:35 < corrideat> esde, thanks
17:35 < corrideat> I'm still unable to connect. I've tried disabling my firewall, changing the protocol to TCP, setting --auth to none and using the default cipher, all to no avail.
17:36 < corrideat> This is my client log: http://pastebin.com/fdLN3pSi and my client configuration: http://pastebin.com/5VWgiLqp
17:36 <+esde> and your !goal?
17:36 < corrideat> The error seems to be "TCP_CLIENT write returned 281"
17:36 < corrideat> !goal
17:36 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
17:36 < Thermi> corrideat: Wow, youreally have no clue what you're doing
17:36 <+esde> also do you control the server?
17:36 < Thermi> *you really
17:37 < Thermi> Changing the "auth" option surely isn't the right knob.
17:37 < corrideat> Thermi, I think I do. I had my server set up using RSA certs before, and I wanted to migrate to ECDSA because connecting was taking too long
17:37  * esde sneaks out the back door
17:37 < corrideat> Thermi, pretty sure. But then, converting my certs to DER and back to PEM solved my previous issue
17:38 < corrideat> esde, yes, I control both
17:38 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 264 seconds]
17:38 < Thermi> corrideat: Please read the manual before you change any settings. Thanks. And please show us the config of both sides.
17:39 < Thermi> corrideat: use tls-server and tls-client
17:40 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
17:41 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:42 < corrideat> server config: http://pastebin.com/3CgLPCpc
17:42 < corrideat> I'll use tls-server/tls-client now and see what happens
17:42 < Thermi> corrideat: Also, read what the "auth" option is.
17:44 < corrideat> Thermi, I read it. The reason I changed it was because it was set to RSA-SHA256 before. That RSA could have caused trouble
17:45 < Thermi> corrideat: Setting a non-hash function in --auth makes no sense at all.
17:45 <+esde> ^
17:45 < Thermi> I pray for better config validation, which screams at the user via the computer's loudspeakers if he does dumb things.
17:46 < corrideat> RSA-SHA1 *is* a hash function (SHA1 w/ RSA signature AFAIK)
17:46 < corrideat> s/SHA1/SHA256/, but the point holds
17:47 < Thermi> corrideat: Oh, interesting. You're right.
17:48 <+esde> i've not seen a *-$HMAC used in a config, before
17:48 < Thermi> esde: run openvpn --list-digests
17:48 <+esde> ooh a list
17:48 <+esde> such option
17:49 <+esde> and both ends support RSA-SHA512?
17:49 -!- phantomcircuit_ is now known as phantomcircuit
17:51 < corrideat> Thermi, I put tls-(client|server) at the end of the (client|server) side. It didn't make any difference.
17:52 < Thermi> corrideat: Test a minimal config.
17:52 <+esde> i was just about to ask, when you get rid of the extra settings, does it connect?
17:53 < corrideat> esde, which extra settings? I guess I can remove IPv6/LZO
17:53 < corrideat> but overall it looks like a TLS issue to me
17:54 <+esde> stahp
17:54 <+esde> if it works with a skeleton config, we can work from there
18:06 < corrideat> I believe I have something that is pretty minimal now: http://pastebin.com/9SW6xm6P
18:07 < Thermi> corrideat: What's the error now?
18:07 < corrideat> I still get the same error. At this point I'll attempt using the old RSA certs and see if it still works
18:13 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Remote host closed the connection]
18:14 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
18:15 < corrideat> Thermi, I'll post the log shortly. It's almost the same as before. Replacing the certs with RSA worked though, so I'm thinking it's not a config issue.
18:15 < Thermi> corrideat: Hmh. It's git then maybe.
18:15 < Thermi> (well, the fact that it's an unstable version)
18:16 < corrideat> I was using 2.3.6 before and I had the same problem
18:16 < Thermi> Okay.
18:16 < corrideat> But I can recompile and try again
18:16 < Thermi> Nah, report the problem.
18:20 -!- pierte [notso@gateway/shell/yourbnc/x-rvdwpunrdgfkjful] has joined #openvpn
18:20 < corrideat> ok, thanks
18:22 -!- papyrus [~papyrus@unaffiliated/epacs] has joined #openvpn
18:22 < papyrus> I'm getting this message when trying to connect to my openvpn server 2015-07-01 16:08:53 us=968674 MANAGEMENT: >STATE:1435792133,WAIT,,,
18:22 < papyrus> the config for the client and server both appear to be correct and I have 1194/udp open
18:23 -!- pierte [notso@gateway/shell/yourbnc/x-rvdwpunrdgfkjful] has left #openvpn ["Messaggio di chiusura"]
18:23 < Thermi> papyrus: That's a message that the client gets via the management port.
18:23 < papyrus> What do I have to do to get it to connect?
18:24 < Thermi> papyrus: That's not an error.
18:24 < papyrus> yes I'm aware of that
18:24 < Thermi> Well, I don't know what problem you have.
18:24 < papyrus> but it isn't connecting it eventually restarts the connection and continues to wait
18:24 < Thermi> You're neither showing your configs nor your logs.
18:24 < Thermi> What am I supposed to do? Use a magic crystall ball?
18:24 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 264 seconds]
18:24 < papyrus> yes?
18:25 < papyrus> it says UDPv4 link remote [AF_INET]ipaddress:1194
18:25 < papyrus> then the state wait message
18:25 < Thermi> Just paste your config and logs, please.
18:25 < Thermi> and use a pastebin.
18:26 < papyrus> http://paste.debian.net/275395/
18:26 < papyrus> yes of course
18:26 < papyrus> top config is the client
18:27 < Thermi> papyrus: Now please give me a complete log of both sides.
18:27 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Quit: Leaving..]
18:31 < papyrus> huh
18:32 < papyrus> it worked this time
18:32 < papyrus> wait
18:32 < papyrus> it says it established communication with openvpn
18:33 < papyrus> tls-error is what it's saying
18:33 < papyrus> 2015-07-01 16:32:48 us=39407 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
18:33 -!- octocpp [~octo@unaffiliated/octocpp] has joined #openvpn
18:34 < Thermi> Highlight me when you have the logs.
18:36 < papyrus> Thermi, I enabled the log-append openvpn.log in the server.conf
18:36 < papyrus> but it isn't creating the file
18:37 < Thermi> Check usual stuff (access rights, selinux, ...)
18:40 < papyrus> Thermi, it isn't even logging to the syslog
18:42 < Thermi> papyrus: Try just "log".
18:42 < papyrus> I have
18:43 < papyrus> still not logging to openvpn.log
18:43 < Thermi> papyrus: Make sure the unprivileged user can access the log file.
18:44 < papyrus> oh right
18:44 < papyrus> Thermi, it wouldn't log with syslog?
18:44 < papyrus> because that's the group it's in
18:44 <+esde> twat?
18:44 < Thermi> !gtfo
18:45 <+esde> whatever openvpn is running as, that's what user group is logging as
18:45 < papyrus> i'll just set the group to syslog for now
18:45 <+esde> if logging isnt set, it's logging to syslog so user group is irrelevant
18:46 < papyrus> that's the thing
18:46 < papyrus> I don't see anything in the syslog regarding openvpn
18:46 <+esde> so openvpn is going to run as syslog? odd
18:49 < papyrus> no
18:49 < papyrus> It's running as nogroup
18:49 < papyrus> but it isn't logging to the syslog...
18:50 <+esde> what distro is this? how was openvpn installed
18:50 < papyrus> using apt-get
18:50 < papyrus> it's ubuntu 15.04
18:50 <+esde> see where the package maintainer has logging set to
18:51 < papyrus> how can I check that?
18:51 < papyrus> I'm not familiar with ubuntu much
18:51 <+esde> !101
18:51 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
18:52 < papyrus> ubuntu says it should be in the syslog
18:52 <+esde> there you go
18:53 <+esde> so investigate syslog for issues, maybe
19:06 < papyrus> I don't know what to look for...
19:06 < Thermi> papyrus: 01:37 <Thermi> Check usual stuff (access rights, selinux, ...)
19:07 < papyrus> selinux isn't enabled
19:07 < papyrus> oh i guess it wouldn't log because of the permissions
19:08 < papyrus> still doesn't log even when i put openvpn in the syslog group
19:16 < papyrus> okay strange
19:16 < papyrus> I just installed syslog-ng
19:16 < papyrus> it actually connected...
19:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: COMCAST WANTS ME TO BUY A NEW ROUTER, BBL]
19:29 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
19:30 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
19:36 -!- altker128 [~vr@c-66-31-200-201.hsd1.ma.comcast.net] has joined #openvpn
19:37 < altker128> Quick question:  Is it possible in non-bridged mode to have OpenVPN clients pull an IP address in the same pool as the host?  i.e. my LAN DHCP server gives out 192.168.0.20 to 192.168.0.100,
19:37 < altker128> so have an OpenVPN client pull a 192.168.0.20x IP
19:38 <+esde> That's not advisable
19:38 <+esde> AFAIK
19:40 < altker128> Not that I disagree, bu why?
19:40 < altker128> *but
19:42 <@dazo> altker128: that will complicate your setup needlessly, as you need to play harder with extra routing
19:42 <@dazo> and those few times you really need to do that, you wouldn't really ask this question here - as you would be experienced enough to understand why and how to do that without asking
19:43 < altker128> Ah, yeah, I guess it all comes down to tun vs. tap
19:43 <@dazo> not necessarily, but it is a slightly related issue yes
19:44 <@dazo> if you do your VPN setup correctly, you very very seldom need to do such hacks
19:44 <@dazo> and I mean very very seldom ... something like 1:10000
19:44 < altker128> I'm exploring this issue to avoid having to have two separate IP ranges to think about
19:44 <@dazo> (and that might be exaggerating how often you need it)
19:45 <@dazo> I'm reading that as "I'm trying to avoid to do routing" ... but TCP/IP is built around routing, you can't escape it
19:46 <@dazo> well, you can try to escape it ... and with plenty of hacks, you might get something which might work .... but it is really not worth the hassle at all
19:47 < altker128> To be clear, I am using the "normal" setup where OpenVPN assigns IP addresses
19:47 < altker128> as well, and it's been working flawlessly
19:47 <@dazo> and that's good!  That is really one of those setup which is guaranteed to give you least troubles
19:53 -!- ghormoon [~ghormoon@ghorland.net] has quit [Remote host closed the connection]
20:08 -!- dazo is now known as dazo_afk
20:09 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
20:09 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
20:59 -!- papyrus [~papyrus@unaffiliated/epacs] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
21:05 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Read error: Connection reset by peer]
21:52 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 256 seconds]
21:55 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
22:06 -!- octocpp [~octo@unaffiliated/octocpp] has quit [Ping timeout: 265 seconds]
22:13 -!- fling [~fling@fsf/member/fling] has joined #openvpn
22:18 -!- octocpp [~octo@unaffiliated/octocpp] has joined #openvpn
22:59 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
23:29 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 276 seconds]
23:34 -!- AMERICAN_PSYCHO [~AMERICAN_@248.sub-70-196-14.myvzw.com] has joined #openvpn
23:46 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
23:52 -!- ShadniX [dagger@p5DDFC093.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:52 -!- ShadniX [dagger@p5DDFFBA6.dip0.t-ipconnect.de] has joined #openvpn
23:55 -!- early [~early@105.ip-167-114-152.net] has quit [Quit: Leaving]
--- Day changed Thu Jul 02 2015
00:02 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
00:24 -!- Dat [dat@unaffiliated/dat] has joined #openvpn
00:26 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
00:27 < Dat> question i have a strange problem, when connected to the vpn via openvpn client to a openvpn server I am able to surf the web and ping but unable to use "ssh user@host" it simply hangs but I can do "telnet host 22" and get a version reply from ssh and this happens to any server I try to connect to via ssh anyone know what could be going on?
00:36 -!- octocpp [~octo@unaffiliated/octocpp] has quit [Ping timeout: 256 seconds]
01:00 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
01:03 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 248 seconds]
01:04 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
01:04 -!- mode/#openvpn [+o krzee] by ChanServ
01:28 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
01:29 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
01:38 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
01:38 < Dat> ahh bug in mtu
01:39 -!- Dat [dat@unaffiliated/dat] has left #openvpn []
01:40 -!- themayor [~themayor@unaffiliated/themayor] has quit [Quit: ZNC - http://znc.in]
02:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
02:17 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Read error: Connection reset by peer]
02:18 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
02:34 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:48 -!- Haigha [~root@2001:bc8:348c:100::1] has quit [Quit: WeeChat 1.0.1]
02:48 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
03:01 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
03:26 -!- jwhitmore [~jwhitmore@88.151.80.134] has joined #openvpn
03:43 -!- bumbar_ [~bumbar@unaffiliated/bumbar] has joined #openvpn
03:46 < bumbar_> i've set up openvpn server (on debian, following the guide on their wiki site) and downloaded an android client. the client manages to connect, gets the ip, but can't load any pages. i have redirect gateway and dhcp-option dns push commands on the server, https://dpaste.de/rtvM
03:47 < bumbar_> i've also forwarded the port on the router
03:47 < bumbar_> and i can ping the device from the server
03:48 <@plai> !nat
03:48 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
03:48 <@plai> !flowchart
03:50 -!- Matir [~matir@ubuntu/member/matir] has quit [Ping timeout: 246 seconds]
03:50 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
03:56 < bumbar_> seems i've forgot to add iptables rules
04:40 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
04:42 -!- gypsymauro [~colorioma@84.18.151.73] has joined #openvpn
04:42 < gypsymauro> hi
04:43 < gypsymauro> I've installed openvpn on debian 8 configured a RoadWarrior.conf file in /etc/openvpn/ but still starting the service nothing happens.. and no info in log files any hint?
04:47 -!- jwhitmore [~jwhitmore@88.151.80.134] has quit [Ping timeout: 250 seconds]
04:58 -!- dazo_afk is now known as dazo
05:14 < TheAlien> question i have a strange problem, when connected to the vpn via openvpn client to a openvpn server I am able to surf the web and ping but unable to use "ssh user@host" it simply hangs but I can do "telnet host 22" and get a version reply from ssh and this happens to any server I try to connect to via ssh anyone know what could be going on?
06:04 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 248 seconds]
06:07 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
06:30 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
06:30 -!- mode/#openvpn [+v s7r] by ChanServ
06:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:36 -!- mode/#openvpn [+o mattock1] by ChanServ
06:41 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
06:45 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
07:08 -!- AMERICAN_PSYCHO [~AMERICAN_@248.sub-70-196-14.myvzw.com] has quit [Ping timeout: 255 seconds]
07:08 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
07:14 < dvl> Overnight, this one client started having connection issues.  Not sure why yet. "TLS key negotiation failed to occur within 60 seconds".  I don'tknow what 'network connectivity' to check.  Other clients are OK.  Ideas please? http://dpaste.com/15SQZMM.txt
07:16 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
07:19 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
07:32 -!- BtbN [btbn@unaffiliated/btbn] has quit [Ping timeout: 275 seconds]
07:32 -!- BtbN_ [btbn@unaffiliated/btbn] has joined #openvpn
07:33 -!- BtbN_ is now known as BtbN
07:46 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Ping timeout: 244 seconds]
08:06 -!- gypsymauro [~colorioma@84.18.151.73] has quit [Quit: leaving]
08:26 -!- Droolio [~drool@host81-147-71-192.range81-147.btcentralplus.com] has joined #openvpn
08:34 -!- octocpp [~octo@unaffiliated/octocpp] has joined #openvpn
08:43 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
08:45 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
09:28 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 276 seconds]
09:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
09:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:40 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
09:49 -!- quitobro [~quitobro@2604:2000:f8a7:1d00:a1ca:d43c:26af:3a5e] has joined #openvpn
10:06 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Remote host closed the connection]
10:27 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
10:43 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Remote host closed the connection]
10:47 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:19 < dvl> and, without knowing, it's fixed itself... humpf
11:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
11:36 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
11:39 < altker128> dvl: Problems that go away by themselves come back by themselves too :/
11:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
11:59 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:38 -!- s7r_w [debian-tor@openvpn/user/s7r] has joined #openvpn
12:38 -!- mode/#openvpn [+v s7r_w] by ChanServ
12:40 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
12:54 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has quit [Remote host closed the connection]
12:54 < dvl> altker128: Yes, I agree.
12:55 -!- s7r_w [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
12:55 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has joined #openvpn
12:55 < MadFunk> !welcome
12:55 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:55 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:56 < MadFunk> !route
12:56 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:56 <@vpnHelper> client
12:56 < dvl> altker128: and it's back after restarting OpenVPN...
13:00 < altker128> dvl: Could be a firewall issue
13:01 < altker128> dvl: Some firewalls are aggressive about closing UDP ports
13:01 < dvl> altker128: Both server and client are mine.  Let me check though
13:04 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
13:05 < MadFunk> I have a private cloud network and I want to allow my users to connect to an OpenVPN server living on that network such that they can then access hosts on the same LAN as the OpenVPN server. I do -not- want any other network traffic routed through the VPN. On linux (Fedora Core 21) I can use a setting in the Network Manager for the VPN to "Use this connection only for resources on this network", which does -exactly- what I want, b
13:05 < MadFunk> ut most of my users will not be on Linux and I would like to have the same setting for them without requring different client configs per platform, i.e. I'd like to push the relevant settings from the server.
13:05 < altker128> MadFunk: You could just set up some entries in their hosts file
13:06 < MadFunk> altker128: I'd like to avoid per-client configuration.
13:06 < MadFunk> Though I appreciate the suggestion.
13:07 < altker128> Usually there's a setting on the client side to route all traffic or not
13:07 -!- goodnerd [~goodnerd@ppp-110-168-130-49.revip5.asianet.co.th] has joined #openvpn
13:08 < altker128> MadFunk: Also, you can setup an ipchains/iptables rule on the Fedora machine to reject traffic not destined for any of the local machines
13:08 < goodnerd> so i got openvpn setup and i can connect, but i can only ping my the vpn ip or connect to the vpn ip via ssh
13:08 < goodnerd> anything else seems to not work
13:10 < MadFunk> altker128: I feel like there must be a way to use the "push" feature in the server configuration to tell the clients "Hey, don't route any traffic through me-- unless it's going to these destinations"
13:10 < goodnerd> any ideas?
13:11 < dvl> altker128: restarted firewall on server.  Restart openvpn on client.  restarted firewall on client. works.
13:18 < MadFunk> altker128: "Usually there's a setting on the client side to route all traffic or not": Are you referring to an entry in the client's OpenVPN config file, or a setting available to the user through client application?
13:23 < MadFunk> I feel like this is a perfect use case for a VPN and yet I can't find a solution. Is it not possible?
13:25 < MadFunk> I'm in one of those situations where I've been "googling for days"
13:35 < MadFunk> !serverlan
13:35 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
13:50 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has quit [Ping timeout: 255 seconds]
13:54 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:01 -!- mutilator [muti@c-68-56-137-33.hsd1.mi.comcast.net] has joined #openvpn
14:04 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has joined #openvpn
14:05 < MadFunk> altker128: I got disconnected there-- not sure if you replied.
14:22 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has quit [Ping timeout: 248 seconds]
14:29 < DArqueBishop> !ipforward
14:29 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
14:29 < DArqueBishop> !linipforward
14:29 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
14:29 < DArqueBishop> (I'm too lazy to Google.)
14:30 -!- Guest28115 [debian-tor@openvpn/user/s7r] has joined #openvpn
14:30 -!- mode/#openvpn [+v Guest28115] by ChanServ
14:36 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has joined #openvpn
14:43 < MadFunk> I'm having an issue setting up a simple VPN for my users to be able to see hosts on a remote network as though they were local. I have described my problem here: http://pastebin.com/raw.php?i=NLB6EHBA
14:43 < MadFunk> I don't want to route all traffic, just specific traffic. If anyone can assist or point me in the right direction I would appreciate it. Thank you.
14:57 < DArqueBishop> MadFunk, if you don't want to route all traffic, just make sure 'push "redirect-gateway def1"' or similar is not in your server config file.
14:57 < DArqueBishop> OpenVPN doesn't tunnel all network traffic unless you specifically tell it to.
14:59 -!- bumbar_ [~bumbar@unaffiliated/bumbar] has quit [Ping timeout: 250 seconds]
15:01 < MadFunk> DArqueBishop: I've removed the "redirect-gateway def1" parameter from my server .conf already
15:01 < DArqueBishop> Did you restart OpenVPN?
15:02 < MadFunk> Yes
15:02 < DArqueBishop> !configs
15:02 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:02 < DArqueBishop> !logs
15:02 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:02 -!- mutilator [muti@c-68-56-137-33.hsd1.mi.comcast.net] has left #openvpn []
15:04 < MadFunk> DArqueBishop: I have to go shortly-- I'll be back on later this evening. Do you mind if I send you a tell in a few hours? I appreciate your help, and I'll make sure to have my logs/configs then.
15:04 < DArqueBishop> I can't guarantee I'll be online, but someone here may be able to help you.
15:04 < MadFunk> Roger. Thank you.
15:10 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has quit [Quit: MadFunk]
15:11 -!- Guest28115 is now known as s7r
15:16 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 276 seconds]
15:34 -!- goodnerd [~goodnerd@ppp-110-168-130-49.revip5.asianet.co.th] has quit [Quit: goodnerd]
15:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 248 seconds]
16:25 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
16:59 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has joined #openvpn
17:05 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has quit [Quit: ZNC - http://znc.in]
17:18 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
17:27 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has joined #openvpn
17:43 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
17:43 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Ping timeout: 252 seconds]
17:43 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 252 seconds]
17:43 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 252 seconds]
17:44 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
17:44 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
17:50 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
17:51 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 248 seconds]
17:53 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
17:53 -!- mode/#openvpn [+o dazo] by ChanServ
17:58 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has quit [Quit: ZNC - http://znc.in]
18:05 -!- Droolio [~drool@host81-147-71-192.range81-147.btcentralplus.com] has quit [Quit: The more people I meet, the more I like my dog.]
18:14 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 244 seconds]
18:16 -!- troyt [~troyt@2601:681:4602:d6f1:44dd:acff:fe85:9c8e] has joined #openvpn
18:28 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
18:36 -!- octocpp [~octo@unaffiliated/octocpp] has quit [Ping timeout: 256 seconds]
18:44 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
18:57 -!- dazo is now known as dazo_afk
19:26 -!- quitobro [~quitobro@2604:2000:f8a7:1d00:a1ca:d43c:26af:3a5e] has quit [Remote host closed the connection]
19:27 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
19:31 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
19:35 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
19:43 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Read error: Connection reset by peer]
19:45 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
20:17 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Ping timeout: 256 seconds]
20:18 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
20:20 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 256 seconds]
20:20 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Ping timeout: 264 seconds]
20:21 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 256 seconds]
20:22 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
20:22 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
20:24 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
20:34 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:59 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
21:59 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
21:59 -!- mode/#openvpn [+o krzee] by ChanServ
22:09 -!- teksimian [~chatzilla@23-91-226-215.cpe.distributel.net] has joined #openvpn
22:50 <@krzee> werd
23:14 < teksimian> I'm interested in running both a tun and a tap version of openvpn on the same server. do i have to run multiple separate instances or can this be accomplished via configuration options?
23:17 <@krzee> teksimian, multiple separate instances
23:17 <@krzee> using a different port or protocol or ip
23:17 < teksimian> yup, okay, thank you.
23:17 <@krzee> np
23:17 <@krzee> what do you plan on using tap for?
23:18 <@krzee> out of curiousity
23:18 < teksimian> iwindows file sharing continues working on my home lan.
23:18 < teksimian> *windows
23:19 <@krzee> you dont need tap for windows file sharing
23:19 <@krzee> you can mount the share by ip, or properly use dns, or properly use wins
23:20 <@krzee> netbios resolution via layer2 is actually the last effort to resolv cifs addresses
23:20 < teksimian> ... interesting I'll give it a shot.
23:20 <@krzee> !wins
23:20 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba
23:21 <@krzee> (if you happen to use samba)
23:21 < teksimian> one host has samba, yes.
23:22 <@krzee> and that host is on the lan that has windows sharing?
23:23 < teksimian> yes
23:23 <@krzee> sweet
23:23 <@krzee> already got the lan sharing stuff handled?
23:23 -!- teksimian [~chatzilla@23-91-226-215.cpe.distributel.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.5/20150525141253]]
23:23 <@krzee> guess so :D
23:24 -!- teksimian [~chatzilla@23-91-226-215.cpe.distributel.net] has joined #openvpn
23:24 < teksimian> yes, im pretty happy with it. i didnt want to have to configure WINS
23:25 <@krzee> theres no configuring really
23:25 <@krzee> just wins support = yes
23:25 <@krzee> haha
23:26 < teksimian> interesting, so just enable it.  i thought it would be more involved.
23:26 <@krzee> nope
23:26 <@krzee> let it resolve from layer2 bcast and serve via layer3 wins
23:26 <@krzee> if you read the link it shows you
23:27 <@krzee> "The  wins  support option turns Samba into a WINS server. Believe it or not, that's all you need to do! Samba handles the rest of the details behind the scenes, leaving you a relaxed administrator."
23:27 < teksimian> awesome, im all about relaxing.
23:28 <@krzee> good call, i should roll another blunt =]
23:30 < teksimian> have fun :)
23:32 <@krzee> back with blunt, did you get wins up yet?
23:34 <@krzee> if you happen to run an internal dns server you can have samba act as a wins dns proxy as well, but thats in the wins link above
23:47 < teksimian> just adding the WINS information to the dns server right now :)
23:48 < teksimian> er dhcp server
23:51 -!- ShadniX [dagger@p5DDFFBA6.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:52 -!- ShadniX [dagger@p5481C11C.dip0.t-ipconnect.de] has joined #openvpn
23:54 -!- teksimian [~chatzilla@23-91-226-215.cpe.distributel.net] has quit [Ping timeout: 276 seconds]
--- Day changed Fri Jul 03 2015
00:16 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 252 seconds]
00:16 < hid3> Hello everyone. Each time after I connect to my openvpn server, I need to restart the 'DNS service' on Windows 7 to get the name resolution working. Why is it so? How can I fix this problem so that the DNS would work straight after connecting to vpn?
00:27 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 256 seconds]
00:27 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
00:35 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
00:44 -!- gardar [~gardar@bnc.giraffi.net] has quit [Ping timeout: 264 seconds]
00:47 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
00:56 -!- gardar [~gardar@bnc.giraffi.net] has quit [Ping timeout: 264 seconds]
00:58 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
01:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:04 -!- mode/#openvpn [+o mattock1] by ChanServ
01:07 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
01:46 -!- toli [~toli@ip-81-11-248-62.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:47 -!- toli [~toli@ip-83-134-72-189.dsl.scarlet.be] has joined #openvpn
02:10 -!- funnel_ [~funnel@unaffiliated/espiral] has joined #openvpn
02:11 -!- voidstar [~voidptr@unaffiliated/voidstar] has quit [Ping timeout: 250 seconds]
02:11 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 250 seconds]
02:11 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Ping timeout: 250 seconds]
02:11 -!- AL13N_work [~alien@91.183.52.232] has quit [Ping timeout: 250 seconds]
02:11 -!- Gunni [~gunni@kjarni/gunni] has quit [Ping timeout: 250 seconds]
02:11 -!- funnel_ is now known as funnel
02:11 -!- voidstar [~imnotf@unaffiliated/voidstar] has joined #openvpn
02:11 -!- Gunni [~gunni@kjarni/gunni] has joined #openvpn
02:13 -!- AL13N_work [~alien@91.183.52.232] has joined #openvpn
02:23 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
02:27 -!- TheAlien [~alien@d51538ac6.access.telenet.be] has quit [Read error: Connection reset by peer]
02:33 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 276 seconds]
02:33 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 250 seconds]
02:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:22 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 252 seconds]
03:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
03:37 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:38 -!- mete [~mete@91.247.253.160] has joined #openvpn
03:43 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
03:43 -!- mode/#openvpn [+v s7r] by ChanServ
03:44 <+s7r> hello
03:45 <+s7r> face something weird. I can connect to openvpn server just fine, but can't ping,tracert or browse any page (in udp mode).
03:45 <+s7r> in TCP mode I am able to do everything just fine
03:45 <+s7r> OS on client is Windows 8.1
03:45 <+s7r> looking at the TAP adapter properties,when in udp mode, i see it sends A LOT of packets but receives 50-60 only
03:45 <+s7r> what could be the issue?
03:46 <+s7r> the problem is not server side. i have checked on another computer in the same lan, it works on udp fine. router / something upstream client is also not the issue since it works on udp on any othe computer
04:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
04:18 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn []
04:29 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
04:34 -!- stack [~urb@unaffiliated/stack] has joined #openvpn
04:35 < stack> hello, does anyone knows tunnelbrick and also knows how to respec the push dns setting from the server when dns are setted manually in network config?
04:52 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 248 seconds]
05:03 -!- dazo_afk is now known as dazo
05:06 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Excess Flood]
05:06 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 264 seconds]
05:07 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
05:10 -!- Eric-K [eric@188.226.225.197] has quit [Ping timeout: 256 seconds]
05:13 -!- Eric-K [eric@188.226.225.197] has joined #openvpn
05:16 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
05:22 -!- Eric-K [eric@188.226.225.197] has quit [Ping timeout: 250 seconds]
05:22 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 250 seconds]
05:22 -!- crane [~crane@chat.craneworks.de] has quit [Ping timeout: 250 seconds]
05:22 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
05:23 -!- Eric-K [eric@188.226.225.197] has joined #openvpn
05:31 -!- Exagone314 is now known as Exagone313
05:35 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit [Ping timeout: 265 seconds]
05:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.2-dev]
05:55 -!- shio [marmot@8.121.101.84.rev.sfr.net] has joined #openvpn
06:07 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:07 -!- mode/#openvpn [+o mattock1] by ChanServ
06:26 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:27 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Remote host closed the connection]
06:31 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:31 -!- AlexRussia_ is now known as AlexRussia
06:41 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
06:44 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
06:59 -!- Netsplit *.net <-> *.split quits: RaiNerTsuFal
07:00 -!- Netsplit over, joins: RaiNerTsuFal
07:11 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
07:11 -!- mode/#openvpn [+v s7r] by ChanServ
07:14 <+s7r> !udp
07:24 -!- Payo [~quassel@pleaseplease.click] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
07:37 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Quit: say wat]
07:57 -!- Anoniem4l_ [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
08:00 -!- ploynog [~ploynog@pd95c890f.dip0.t-ipconnect.de] has joined #openvpn
08:03 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
08:06 -!- Anoniem4l_ is now known as Anoniem4l
08:19 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-msppsyvhkswyleru] has quit []
08:19 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-cugvnrqytgzmuzqj] has joined #openvpn
08:34 -!- gardar [~gardar@bnc.giraffi.net] has quit [Ping timeout: 256 seconds]
08:39 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
08:42 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
08:51 -!- s7r_x [debian-tor@openvpn/user/s7r] has joined #openvpn
08:51 -!- mode/#openvpn [+v s7r_x] by ChanServ
08:51 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
08:55 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
09:27 -!- frank-- [1000@unaffiliated/thumbs] has joined #openvpn
09:27 -!- thumbs is now known as Guest54436
09:27 -!- Guest54436 [1000@unaffiliated/thumbs] has quit [Killed (morgan.freenode.net (Nickname regained by services))]
09:27 -!- frank-- is now known as thumbs
09:36 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
09:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:52 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
11:25 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
11:32 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has joined #openvpn
11:39 -!- s7r_x_r [debian-tor@openvpn/user/s7r] has joined #openvpn
11:39 -!- mode/#openvpn [+v s7r_x_r] by ChanServ
11:40 -!- s7r_x [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
11:43 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:44 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
11:48 -!- Denial [~Denial@81.141.20.188] has quit [Ping timeout: 252 seconds]
11:48 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
11:49 -!- Denial [~Denial@81.141.9.110] has joined #openvpn
12:04 -!- octocpp [~octo@unaffiliated/octocpp] has joined #openvpn
12:06 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:21 -!- s7r_x_r is now known as s7r
12:24 -!- Teduardo [~Teduardo@57.0.be.static.xlhost.com] has quit [Ping timeout: 255 seconds]
12:25 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has joined #openvpn
12:38 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:06 -!- ploynog [~ploynog@pd95c890f.dip0.t-ipconnect.de] has quit []
13:10 -!- kcaj [~kcaj@unaffiliated/kcaj] has quit [Quit: bleh]
13:11 -!- kcaj [kcaj@unaffiliated/kcaj] has joined #openvpn
13:11 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has quit [Quit: MadFunk]
13:16 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 246 seconds]
13:20 -!- fred`` [fred@earthli.ng] has joined #openvpn
13:22 -!- octocpp [~octo@unaffiliated/octocpp] has quit [Remote host closed the connection]
13:23 -!- octocpp [~octo@unaffiliated/octocpp] has joined #openvpn
13:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
13:29 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has quit [Quit: ZNC - http://znc.in]
13:31 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:34 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has joined #openvpn
14:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 276 seconds]
14:54 -!- octocpp [~octo@unaffiliated/octocpp] has quit [Quit: Konversation terminated!]
15:02 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Quit: Bye]
15:08 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
15:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:34 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
15:38 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
15:39 -!- rbxs [~rbxs@92.63.171.51] has joined #openvpn
15:41 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has left #openvpn []
15:46 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
15:50 -!- kcaj [kcaj@unaffiliated/kcaj] has quit [Ping timeout: 252 seconds]
15:53 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:56 -!- kcaj [kcaj@unaffiliated/kcaj] has joined #openvpn
16:47 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
16:47 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
16:51 -!- fred`` [fred@2001:6f8:10c0:0:2010:abec:24d:2500] has joined #openvpn
16:56 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
17:01 -!- corrideat [~riv@unaffiliated/corrideat] has quit [Ping timeout: 276 seconds]
17:31 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
17:34 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
17:35 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 248 seconds]
17:48 -!- altker128 [~vr@c-66-31-200-201.hsd1.ma.comcast.net] has quit [Quit: Konversation terminated!]
18:02 <@ecrist> sup bitches?
18:16 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
18:16 -!- mode/#openvpn [+v s7r] by ChanServ
18:22 -!- dazo is now known as dazo_afk
18:26 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 248 seconds]
18:28 -!- codebam [~codebam@gateway/shell/yourbnc/x-vokcuvtnjzulhehg] has quit [Ping timeout: 252 seconds]
18:30 -!- codebam [~codebam@gateway/shell/yourbnc/x-roaihjlbnraclptp] has joined #openvpn
18:54 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
18:54 -!- mode/#openvpn [+o dazo_afk] by ChanServ
18:55 -!- dazo_afk is now known as dazo
19:13 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 256 seconds]
19:18 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 255 seconds]
19:23 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
19:23 -!- mode/#openvpn [+o dazo_afk] by ChanServ
19:24 -!- dazo_afk is now known as dazo
19:33 -!- BtbN [btbn@unaffiliated/btbn] has quit [Ping timeout: 248 seconds]
19:35 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
19:47 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
19:50 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection reset by peer]
19:51 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 256 seconds]
19:53 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
19:53 -!- mode/#openvpn [+o dazo_afk] by ChanServ
19:54 -!- dazo_afk is now known as dazo
20:19 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Read error: Connection reset by peer]
21:08 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 264 seconds]
21:14 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
21:50 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 276 seconds]
21:55 -!- Guest67282_k [debian-tor@openvpn/user/s7r] has joined #openvpn
21:55 -!- mode/#openvpn [+v Guest67282_k] by ChanServ
21:57 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
22:07 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Read error: Connection reset by peer]
22:34 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
22:35 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 276 seconds]
23:03 -!- Guest67282_k_z [debian-tor@openvpn/user/s7r] has joined #openvpn
23:03 -!- mode/#openvpn [+v Guest67282_k_z] by ChanServ
23:05 -!- Guest67282_k [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
23:08 -!- Guest67282_k_z [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
23:13 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:31 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:34 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
23:49 -!- ShadniX [dagger@p5481C11C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:50 -!- ShadniX [dagger@p5DDFC8BB.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Jul 04 2015
00:18 -!- NP-Harda1 [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
00:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
00:30 -!- NP-Harda1 is now known as NP-Hardass
00:45 -!- Guest67282_p [debian-tor@openvpn/user/s7r] has joined #openvpn
00:45 -!- mode/#openvpn [+v Guest67282_p] by ChanServ
00:53 -!- azizLIGHT is now known as Guest61933
00:53 -!- Guest61933 [~azizLIGHT@unaffiliated/azizlight] has quit [Killed (weber.freenode.net (Nickname regained by services))]
00:54 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
01:10 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 264 seconds]
01:17 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:25 -!- ntio [~ntio@gateway/vpn/privateinternetaccess/ntio] has joined #openvpn
01:25 -!- Belliash [znc@asiotec/constitutive/belliash] has joined #openvpn
01:25 < Belliash> hello everyone
01:25 < Belliash> !config
01:25 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
01:27 < Belliash> I got the followning server configuration: http://wklej.org/hash/007c270a926/ and all I get is max 1.5MB/s. Is it possible to get higher transfers over VPN?
01:47 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Read error: Connection reset by peer]
01:49 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
02:04 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:10 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 248 seconds]
02:34 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
02:35 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:35 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
02:48 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 264 seconds]
03:36 -!- Guest67282_p is now known as s7r
04:39 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
04:48 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Ping timeout: 252 seconds]
05:01 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:28 -!- shio [marmot@8.121.101.84.rev.sfr.net] has quit []
05:32 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
05:34 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has joined #openvpn
05:40 < cybrNaut> recv_socks_reply: TCP port read timeout expired: Operation now in progress (errno=115)
05:40 < cybrNaut> ^ i get that immediately, even when i have: connect-timeout 30
05:40 < cybrNaut> why doesn't it wait 30 seconds?
06:15 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:17 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
06:17 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has joined #openvpn
06:28 < cybrNaut> join #lynx
07:19 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
07:21 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:22 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
08:31 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:34 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Ping timeout: 264 seconds]
08:35 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
08:52 -!- Tuju [~tuju@214.204.50.195.sta.estpak.ee] has joined #openvpn
08:53 < Tuju> i keep getting CKR_FUNCTION_FAILED error with --show-pkcs11-ids
08:53 < Tuju> on windows 7
08:54 < Tuju> apparently that is architecture 32 vs 64 error, just can't figure out a combination that would work.
08:57 <@ecrist> what version of openssl?
09:02 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
09:04 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:16 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
09:17 < Tuju> mmm....lemme check that
09:17 -!- shio [~shio@8.121.101.84.rev.sfr.net] has joined #openvpn
09:18 < Tuju> ecrist: i've no idea.
09:18 < Tuju> i installed it via openvpn windows package.
09:19 <@ecrist> What version of openvpn?
09:21 < Tuju> hmmm
09:22 < Tuju> crap, my gui doesn't start anymore from icon
09:23 < Tuju> i need to attempt reinstall openvpn and opensc again
09:31 < Tuju> hmpfh, now i installed cygwin. with its file command i was able to track down that C:\Windows\System32\opensc-pkcs11.dll   is 64bit like my openvpn. But i still get CKR error
09:34 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:36 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
09:39 < Tuju> i'm able to find both 32 and 64 bit binaries for opensc-pkcs11.dll - but both give CKR-error
09:45 < Tuju> well, opensc-tool --list-readers doesn't work either. :-/
09:50 -!- mete [~mete@91.247.253.160] has joined #openvpn
09:57 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
10:09 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
10:16 < cybrNaut> anyone successfully run openvpn over tor?
10:20 <@ecrist> cybrNaut: I think it's possible.
10:20 <@ecrist> I didn't know anyone still used tor
10:23 < cybrNaut> ecrist: what are people using instead of tor?
10:23 < cybrNaut> i'm not married to tor
10:24 < cybrNaut> gnunet is on the horizon, but it's still experimental
10:24 < cybrNaut> so AFAIK, tor is the only game in town
10:28 < cybrNaut> i'm open to suggestions, but i think gnunet is still a long way off from being usable
10:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:55 < ValdikSS> cybrNaut: why not i2p?
10:58 < cybrNaut> ValdikSS: never heard of it.  i'll check it out
10:59 < ValdikSS> cybrNaut: there is also cjdns but it's a bit different
10:59 -!- Guest67282_p [debian-tor@openvpn/user/s7r] has joined #openvpn
10:59 -!- mode/#openvpn [+v Guest67282_p] by ChanServ
11:00 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
11:04 -!- Guest67282_p [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
11:05 -!- Guest67282_p [debian-tor@openvpn/user/s7r] has joined #openvpn
11:05 -!- mode/#openvpn [+v Guest67282_p] by ChanServ
11:09 -!- Guest67282_p [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
11:15 -!- alecsandro [ale@unaffiliated/alecsandro] has joined #openvpn
11:20 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:45 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
11:59 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:07 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
12:16 -!- James2k [~James2k@cpc71441-mapp10-2-0-cust309.12-4.cable.virginm.net] has joined #openvpn
12:17 < James2k> Hi. I have a server that's redirects both the IPv4 and IPv6 gateway, on a specific client I want to ignore this. I found https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway and can use method 2, but it only works for IPv4, what route rules would work for IPv6/
12:17 <@vpnHelper> Title: IgnoreRedirectGateway – OpenVPN Community (at community.openvpn.net)
12:21 < James2k> Or if there is an alternative way of ignoring the IPv6 routes I'd be happy to implement that
12:23 < James2k> I still need to be able to ping/access the OpenVPN server however, so method 1 wouldn't work
12:24 < James2k> Anyone that could provide some pointers on this would be most helpful, thanks!
12:39 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
12:40 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
12:42 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Client Quit]
12:43 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
12:48 < Tuju> ecrist: i finally figured that out. You cannot access local hw devices if you're logged in via remote session.
12:48 < Tuju> http://digisaatio.fi/wiki/OpenVPN#CKR_FUNCTION_FAILED
12:48 <@vpnHelper> Title: OpenVPN – DigiWiki (at digisaatio.fi)
12:51 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
12:52 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
12:52 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Client Quit]
12:53 < Tuju> i need to figure out some proper pin-helper and how it works.
12:54 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
12:55 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Client Quit]
12:57 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
12:59 < Tuju> is it possible to bind users using certificate serial number instead of Common Name (CN) ?
12:59 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Client Quit]
13:00 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
13:15 < James2k> How can I override redirect-gateway for IPv6 with a specific route directive on the client side?
13:33 < BtbN> There's no real redirect-gateway for IPv6
13:33 < BtbN> best you can do is set a new default route
13:36 -!- theoka [~theoka@c-68-34-182-54.hsd1.va.comcast.net] has joined #openvpn
13:36 < theoka> !welcome
13:36 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:36 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:38 < theoka> Hi everyone. I'm a Private Internet Access vpn service user
13:39 < theoka> on Arch, Debian and Windows. I've connected to the service using NetworkManager in Arch and the app in Windows, but for Debian
13:39 < theoka> I'd like to set it up manually, and be able to use it without starting my X server
13:42 < theoka> There's an AUR package for Arch that does this pretty easily, but with things a bit more hands on in Debian, I'm not sure where to start aside from spending an evening reading ovpn docs
13:47 -!- toli [~toli@ip-83-134-72-189.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:48 -!- toli [~toli@ip-62-235-240-126.dsl.scarlet.be] has joined #openvpn
13:51 < James2k> @BtbN I was trying to mimic the IPv4 format here: https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway. Would this work?
13:53 < James2k> As I'm using push "route-ipv6 2000::/3" on the server, I need to overwrite it, any ideas how I can do that? All my attempts throw errors with syntax
13:56 < James2k> I assume I have to use route-ipv6, but after that I'm not sure how the format should be
14:04 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 248 seconds]
14:12 < James2k> Got it, I've decided to use route-nopull and just add the IPv4 subnet manually. That removes the IPv6 routes being pushed
14:17 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:22 -!- James2k [~James2k@cpc71441-mapp10-2-0-cust309.12-4.cable.virginm.net] has quit [Ping timeout: 248 seconds]
14:23 -!- theoka [~theoka@c-68-34-182-54.hsd1.va.comcast.net] has quit [Quit: #openvpn]
14:23 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
14:24 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
14:25 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
14:31 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
14:40 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
14:46 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
14:49 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
15:05 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
15:10 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
15:13 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
15:15 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
15:20 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
15:27 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
15:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:31 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
15:38 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
16:07 -!- Guest67282_p_w [debian-tor@openvpn/user/s7r] has joined #openvpn
16:07 -!- mode/#openvpn [+v Guest67282_p_w] by ChanServ
16:35 -!- Guest67282_p_w is now known as s7r
16:48 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:09 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
17:09 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
17:22 -!- Guest67282_p_w [debian-tor@openvpn/user/s7r] has joined #openvpn
17:22 -!- mode/#openvpn [+v Guest67282_p_w] by ChanServ
17:22 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
17:37 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
17:39 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
17:40 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:50 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Quit: ZNC - http://znc.in]
17:53 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
18:17 -!- Guest67282_p_w is now known as s7r
18:28 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Remote host closed the connection]
18:28 -!- Guest67282_p_w [debian-tor@openvpn/user/s7r] has joined #openvpn
18:28 -!- mode/#openvpn [+v Guest67282_p_w] by ChanServ
18:39 -!- Guest67282_p_w is now known as s7r
19:11 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has quit [Ping timeout: 276 seconds]
19:20 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Remote host closed the connection]
19:43 -!- toli [~toli@ip-62-235-240-126.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
19:51 -!- toli [~toli@ip-62-235-240-126.dsl.scarlet.be] has joined #openvpn
19:53 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
20:00 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Ping timeout: 244 seconds]
20:00 -!- cheesenbiscuits [~cheesenbi@210.186.163.135] has joined #openvpn
20:05 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
20:05 -!- Anoniem4l_ [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
20:15 -!- cheesenbiscuits [~cheesenbi@210.186.163.135] has quit [Ping timeout: 256 seconds]
20:16 -!- Anoniem4l_ is now known as Anoniem4l
20:55 -!- ShadniX [dagger@p5DDFC8BB.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
21:34 -!- kuroro [~kuroro@CPEbcc810102c4e-CMbcc810102c4b.cpe.net.cable.rogers.com] has joined #openvpn
21:39 < kuroro> i can connect to my bridged openvpn server when i use my phone's tethered internet connection. however, when i use a coffee shop's internet, it no longer works (i still see the "Initialization Sequence Completed" msg  when doing "sudo openvpn client.ovpn", but i can't ping any host on the openvpn server's gateway).
21:39 < kuroro> how should i troubleshoot this?
21:40 < kuroro> not sure where to start
21:40 < kuroro> when i try to ssh into server's host, it gets stuck at "connecting to ip xxxxxx port 22" - http://pastie.org/pastes/10273516/text
21:48 < kuroro> client conf - http://pastie.org/pastes/10273522/text
21:54 < kuroro> server conf - http://pastie.org/pastes/10273530/text
21:56 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
21:59 < kuroro> i host the openvpn server btw, so i can debug things on the server side as well
21:59 < kuroro> just not sure what to look for
22:03 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
22:05 < kuroro> im thinking maybe related to firewall on the coffee shop side
22:06 < kuroro> but how do i test this?
22:13 -!- kuroro [~kuroro@CPEbcc810102c4e-CMbcc810102c4b.cpe.net.cable.rogers.com] has quit [Quit: This computer has gone to sleep]
22:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
22:31 -!- kuroro [~kuroro@135-23-100-123.cpe.pppoe.ca] has joined #openvpn
23:47 -!- alecsandro [ale@unaffiliated/alecsandro] has quit [Ping timeout: 248 seconds]
--- Day changed Sun Jul 05 2015
00:55 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:19 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 248 seconds]
01:28 -!- Fusl [~Fusl@unaffiliated/fusl] has quit [Ping timeout: 252 seconds]
01:28 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:02 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 252 seconds]
02:05 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
02:11 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 248 seconds]
02:43 -!- hylas [~hylas@unaffiliated/hylas] has joined #openvpn
03:01 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
03:17 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:28 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
03:35 -!- kuroro [~kuroro@135-23-100-123.cpe.pppoe.ca] has quit [Quit: This computer has gone to sleep]
03:36 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
04:11 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:18 -!- catsup [~d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:19 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:21 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:02 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
05:04 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:07 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
06:18 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
06:21 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:41 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
07:01 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
07:01 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
07:19 -!- water_bulb [a@gateway/shell/yourbnc/x-whomuzjzurflgplx] has joined #openvpn
07:21 < water_bulb> hi friends. may i ask noobish question ?  i don't trust paid VPN services, so i wondered i make my own VPN in form of raspberry pi based on OpenVPN.  will it hide my real IP ? thanks
07:26 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:29 < Tuju> water_bulb: vpn is tunnel solution, it's up to you do you use nat or not.
07:30 < water_bulb> Tuju: yes i want it, but i'm not sure if i understand it correctly.  i connect my pc to rasp pi then it to router. so before internet i have rasp. pi as something with different IP. right ?
07:30 < water_bulb> OpenVPN connects my pc to rasp. pi, which connects to internet
07:33 < Tuju> think vpn as cable that is virtual. it's up to you where you connect it and what do you do with it.
07:48 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
07:52 < water_bulb> Tuju: we misunderstand each other. I'm not technically educated, so I don't know whether raspberry pi is enough alone to hide my IP and stuff
07:53 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:55 < water_bulb> got disconn
07:56 < water_bulb> Tuju: you meant, for anonymizing me, do I need  something more than just rasp pi ?
08:16 -!- Raveman_ [~Raveman_@95.140.36.45] has joined #openvpn
08:16 < Raveman_> hi
08:21 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
08:24 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:26 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
08:29 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:33 -!- Raveman_ [~Raveman_@95.140.36.45] has quit [Ping timeout: 244 seconds]
08:35 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
08:39 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:43 -!- fred`` [fred@2001:6f8:10c0:0:2010:abec:24d:2500] has quit [Ping timeout: 258 seconds]
08:48 -!- fred`` [fred@earthli.ng] has joined #openvpn
09:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:09 -!- mode/#openvpn [+o mattock1] by ChanServ
09:55 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:01 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.2]
10:07 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
10:12 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
10:29 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.2]
10:35 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Read error: Connection reset by peer]
10:35 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
10:36 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 256 seconds]
10:39 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
10:57 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
11:00 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:10 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
11:39 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 248 seconds]
11:55 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:26 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
12:30 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
12:51 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
12:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:58 -!- arlion [~arlion@unaffiliated/arlion] has joined #openvpn
13:32 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
13:32 < Seven_Six_Two> !paste
13:32 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
13:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
13:45 < Seven_Six_Two> I'm running a server on Ubuntu server. Here's server's config:  http://paste.ubuntu.com/11827297/     I'm connecting from Linux Mint, and Android. Both connect, and are assigned ip addresses. Neither can access vpn subnet, and internet traffic is not routing. Here is sanitized .ovpn file used on Android.  http://paste.ubuntu.com/11827328/
13:46 < Seven_Six_Two> I can ssh from android, but not from Mint. I'm guessing because I'm setting up vpn on mint manually, using nm-applet
13:50 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 276 seconds]
13:50 < Seven_Six_Two> what I mean is that I can ssh in to the server running openvpn, using that subnet's ip (192.168.168.)
13:59 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:29 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:34 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
14:37 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:53 < arlion> Seven_Six_Two: Canyou please post your access vpn logs.
14:54 < arlion> The file I request is /var/log/openvpn/server.log
15:10 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
15:12 -!- ntio [~ntio@gateway/vpn/privateinternetaccess/ntio] has quit [Ping timeout: 264 seconds]
15:20 < Seven_Six_Two> arlion, sorry for the delay. sure, one moment. I have to log back in to server.
15:21 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
15:23 -!- arlion [~arlion@unaffiliated/arlion] has quit [Disconnected by services]
15:24 -!- arlion [~arlion@unaffiliated/arlion] has joined #openvpn
15:24 < arlion> did someone say my name, my irssi client just bombed out
15:24 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
15:25 < Seven_Six_Two> arlion, I did. I'm trying to log in to my server, but I'm getting "connection timed out". Working on posting that log for you.
15:26 < arlion> Cool thank you
15:39 < Seven_Six_Two> I don't seem to have that log, arlion !
15:40 < arlion> okay.. Do you know where your logs are being stored?
15:41 < arlion> which OS are you using
15:41 -!- ntio [~ntio@gateway/vpn/privateinternetaccess/ntio] has joined #openvpn
15:41 < Seven_Six_Two> arlion, no. I'm going to try to log in with my phone. I was getting that timeout, so I deleted my vpn settings on my dekstop and imported the ovpn file. I can log in now with my desktop, but can't chat with you at the same time.
15:42 < Seven_Six_Two> I'm using ubuntu server for the server. Mint Rebecca and Android for clients.
15:42 < Seven_Six_Two> server 14.04
15:43 < arlion> do you have a file /var/log/openvpn.log?
15:43 < arlion> else you will have to:
15:43 < arlion> grep VPN /var/log/syslog
15:43 < Seven_Six_Two> I'm in using phone. I'll check.
15:43 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:44 -!- arlion [~arlion@unaffiliated/arlion] has quit [Quit: Lost terminal]
15:47 -!- arlion [~arlion@unaffiliated/arlion] has joined #openvpn
15:47 < Seven_Six_Two> nothing...
15:47 < Seven_Six_Two> that's interesting.
15:48 < Seven_Six_Two> I'll be back in a minute. I want to make sure that the vpn server on my router isn't enabled, so i'm going to enable vpn on desktop and ssh -X to get a server browser to check router settings.
15:48 < Seven_Six_Two> unless there's somewhere else for a log to be?
15:51 < Seven_Six_Two> actually nevermind. I don't need to. Before diabling openvpn on ddwrt, I was using 192.168.186.0 and not 10.0.8.0
15:51 < Seven_Six_Two> but I still don't know why there is no log.
15:51 < arlion> ddwrt the host openvpn server or is the ubuntu server?
15:52 < Seven_Six_Two> it's ubuntu.
15:54 < arlion> Okay, just wanted to make sure I wasn't confusing the too.,
15:54 < arlion> *two
15:54 < Seven_Six_Two> I'm doing updatedb on server, and will search for log
15:54 < arlion> find / -name .log
15:55 < Seven_Six_Two> oh too late.  updating slocate's db now
15:55 < arlion> lol
15:56 < Seven_Six_Two> I need to find a keyboard for my phone. Bash on a phone kbd is bollocks
15:57 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has joined #openvpn
15:58 < samopotamus> Is there a tool out there that automates certificate generation?
16:00 < arlion> You mean outside of the included certificate generation script provided with the openvpn package?
16:02 < arlion> I have not used any of these before, check one of them out and see how they work for you.
16:02 < arlion> But as they are not maintained by openvpn the documentation you will find is low.
16:02 < arlion> https://github.com/search?utf8=%E2%9C%93&q=openvpn+certificate
16:02 <@vpnHelper> Title: Search · openvpn certificate · GitHub (at github.com)
16:03 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
16:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
16:05 -!- ntio [~ntio@gateway/vpn/privateinternetaccess/ntio] has quit [Quit: WeeChat 1.2]
16:05 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
16:09 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has joined #openvpn
16:31 -!- mapps [~mapps@2.192.208.178.dsl.dynamic.gibconnect.com] has joined #openvpn
16:31 < mapps> hola
16:31 < mapps> can someone maybe help me:D
16:31 < mapps> my vpn wont start sayin cant bind to addrss
16:31 < mapps> ;(
16:31 < mapps> but i had it working before fine
16:32 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has quit [Ping timeout: 265 seconds]
16:36 < arlion> bind to address problems are most likely an issue with openvpn running mutiple instances at once
16:37 < arlion> mapps: ps aux www | grep -i openvpn
16:37 < arlion> killall openvpn
16:37 < arlion> then restart openvpn
16:38 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 248 seconds]
16:39 < mapps> aha fixed it
16:39 < mapps> :D
16:39 < mapps> but now a strane issue
16:39 < mapps> it's on 192.168.1.78 and i forwarded to that ip on router
16:39 < mapps> but cant access it externally?
16:42 < mapps> could someone try my ip:1194
16:42 < mapps> this is weird
16:43 < arlion> What is your external IP address?
16:43 < arlion> And is it TCP or UDP?
16:43 < arlion> actually, best you don't post your IP here.
16:44 < mapps> 178.208.192.2:1194
16:44 < arlion> you can use this resource to test for you.
16:44 -!- yoavz [~yoavz@yoavz.net] has joined #openvpn
16:44 < mapps> its the ip im ircing from arlion
16:44 < mapps> :D
16:44 < arlion> It's easy enough to mask that
16:44 < mapps> i cant see what ive done to mess it up
16:44 < mapps> this all worked before
16:44 < arlion> for example, you can't pull my ip
16:45 < mapps> on router port forwardin
16:45 < mapps> OpenVPN	raspberrypi	Off	UDP	1194 - 1194	1194 - 1194	-	-
16:45 < mapps> OpenVPN	raspberrypi	Off	TCP	1194 - 1194	1194 - 1194	-
16:45 < mapps> so why wont it work
16:45 < mapps> arghhhh
16:45 < arlion> telnet 178.208.192.2 1194
16:45 < arlion> Trying 178.208.192.2...
16:45 < arlion> telnet: connect to address 178.208.192.2: Connection refused
16:45 < mapps> hm
16:45 < mapps> it says it's running i did ps aux | grep openvpn
16:45 < arlion> tail -f /var/log/openvpn.log
16:46 < mapps> i dont have a fw or anything running ..
16:46 < mapps> Sun Jul  5 21:46:00 2015 TLS Error: incoming packet authentication failed from [AF_INET]195.244.214.14:47083
16:46 < mapps> oh
16:46 < arlion> That's not me
16:46 < mapps> could be me from my phone
16:47 < arlion> I have a 162. IP address.
16:47 < mapps> let see where it resolves to
16:47 < mapps> ya its me
16:47 < mapps> gibtelecom
16:48 < arlion> post more of that log.
16:48 < mapps> Sun Jul  5 21:47:03 2015 TLS Error: incoming packet authentication failed from [AF_INET]195.244.214.14:60072
16:48 < mapps> Sun Jul  5 21:47:10 2015 Authenticate/Decrypt packet error: packet HMAC authentication failed
16:48 < mapps> Sun Jul  5 21:47:10 2015 TLS Error: incoming packet authentication failed from [AF_INET]195.244.214.14:60072
16:48 < mapps> Sun Jul  5 21:47:36 2015 Authenticate/Decrypt packet error: packet HMAC authentication failed
16:48 < mapps> Sun Jul  5 21:47:36 2015 TLS Error: incoming packet authentication failed from [AF_INET]195.244.214.14:60072
16:49 < arlion> post your client logs.
16:49 < mapps> err
16:49 < mapps> wait  a sec
16:49 < mapps> the server keys are gone
16:49 < mapps> thats weird?
16:49 < arlion> Hmm. that would do it.
16:50 < mapps> ah no
16:50 < mapps> my error
16:56 < samopotamus> Does OpenVPN have some other integrated way of making sure that it has gotten all packets when using UDP?  I just see that UDP is usually chosen over TCP
16:57 < arlion> sampotamus: By design, UDP does not have the ability to tell if all packets are not recieved.
16:58 < arlion> If you are concerned about packets being lost, use TCP. TCP has built in retransmission and checksum protocls for such occasions.
16:58 < samopotamus> Yeah, that's why I was asking.  By default my OpenVPN server uses UDP, I was wondering why.
16:59 < samopotamus> Like, maybe it has its own checks or something so it's just going for speed during the transmission
16:59 < arlion> It is a more lightweight protocal that is less bandwith intensive.
16:59 < samopotamus> I know all of that, I'm trying to find out if UDP is the tendency with OpenVPN
17:00 < arlion> tendency?
17:00 < samopotamus> The most frequent practice
17:00 < arlion> Honestly, it all depends on what works best for you.
17:01 < arlion> Let's talk networking for a moment.
17:01 < arlion> Consider you have to communicate with an Openvpn server located in USA while I am located in Germany.
17:02 < arlion> Long transmission times coupled with the fact we are going international couple present with some packet loss and high transmission times means latency.
17:02 < arlion> Consider if I am now in India where the prevelence of Internet Buinsess and contacting is booming.
17:03 < arlion> Again, long tranmission times and high latency would make me weigh more toward UDP.
17:03 < arlion> in both cases,.
17:03 < arlion> Now consider I am in USA talking to a USA server.
17:04 < arlion> Probally a good chance you would have the ability to choose between TCP and UDP as connection conditions are better locally than creating a internation connection.
17:04 < arlion> *international
17:05 < arlion> But in all three cases. UDP is the lowest common denominator and thus become the default standard.
17:12 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
17:39 -!- ShadniX [~ShadniX@p5DDFDF5F.dip0.t-ipconnect.de] has joined #openvpn
17:41 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has quit [Ping timeout: 256 seconds]
18:16 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
18:17 < Seven_Six_Two> arlion, still around?
18:18 < arlion> yes
18:19 < Seven_Six_Two> that's my openvpn log
18:20 < Seven_Six_Two> server conf and network info:  http://paste.ubuntu.com/11828418/
18:21 < arlion> that is a succesfully connection.
18:21 < arlion> push routes went through
18:22 < Seven_Six_Two> yes. and i can ssh in to the server. but no internets
18:22 < arlion> I see you obtain an IP so authentication was succesful.
18:22 < arlion> do you have a SNAT rule on the server host server?
18:22 < arlion> iptables -t nat -nvL
18:22 < arlion> Do you have a firewall rule allowing outbound access?
18:22 < Seven_Six_Two> that will list all rules?
18:22 < arlion> yes
18:22 < arlion> **all nat rules
18:22 < arlion> this is the command to list all firewall rules:"
18:22 < arlion> iptables -nvL
18:23 < Seven_Six_Two> arlion, there's a line in my interfaces file. that's the paste.ubuntu.com link
18:24 < arlion> you wouldn't happen to have a post to reddit.com/r/openvpn open right now?
18:25 < Seven_Six_Two> no
18:25 < arlion> Similar issue I was assiting this morning.
18:25 < arlion> okay.
18:25 < arlion> Seven_Six_Two: you are not wrong.
18:26 < arlion> but your solution is not scalable and is by no means recommended practice.
18:26 < arlion> in fact, I would say to never input your firewall rules like this.
18:26 < arlion> The beauty in Linux is that there are many ways to do something.
18:27 < arlion> remove your firewall rules from there.
18:27 < arlion> we are going to set you up right.
18:29 < Seven_Six_Two> http://paste.ubuntu.com/11828465/
18:30 < arlion> Empty
18:30 < Seven_Six_Two> remove the entry from /etc/network/interfaces?
18:30 < arlion> so its likely that your script isn't even working.
18:30 < arlion> yes
18:30 < arlion> but added it straight to the CLI
18:30 < arlion> iptables -t nat -A POSTROUTING -o eth1 -s 10.8.0.1/24 -j MASQUERADE
18:31 < arlion> whcih doesn't look right
18:31 < Seven_Six_Two> ok. I rebooted after adding that too.. What about the other post-up for ip_forward?
18:31 < arlion> remove it
18:31 < arlion> that belongs in /etc/sysctl.conf
18:33 < Seven_Six_Two> ok. Its there. one sec, and I'll do that iptables
18:35 < arlion> remeber to do a sysctl -w after you have added the changes to /etc/sysctl
18:36 < Seven_Six_Two> did you say that the above iptables command doesn't look right?
18:36 < Seven_Six_Two> iptables -t nat -A POSTROUTING -o eth1 -s 10.8.0.1/24 -j MASQUERADE
18:37 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
18:37 < Seven_Six_Two> I'm prepending it with sudo
18:37 < arlion> yeah
18:37 < arlion> of a ip addr and tell me which one is WAN facing (internet facing)
18:37 < arlion> *do a
18:39 < Seven_Six_Two> my vpn server's public ip, or my current clients' wan ip?
18:41 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
18:43 < arlion> neither.
18:43 < Seven_Six_Two> http://paste.ubuntu.com/11828538/
18:44 < arlion> iptables is still blank
18:44 < arlion> we will fix that in a moment
18:44 < arlion> so look at your interfaces
18:44 < Seven_Six_Two> ok.
18:44 < arlion> "ifconfig"
18:44 < arlion> which one goes out to the internet
18:44 < arlion> the IP doesn't matter
18:44 < arlion> which one is your default route out to the internet
18:45 < Seven_Six_Two> http://paste.ubuntu.com/11828547/
18:45 < Seven_Six_Two> eth0 is the default route
18:49 < arlion> Nice
18:49 < arlion> this is exactly why I had you do this
18:50 < arlion> iptables -t nat -A POSTROUTING -o eth1 -s 10.8.0.1/24 -j MASQUERADE
18:50 < arlion> is incorrect
18:50 < arlion> iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.1/24 -j MASQUERADE
18:50 < arlion> is what you want
18:50 < arlion> then add the following firewall rules:
18:50 < arlion> iptables -I FORWARD -s 10.8.0.1/24 -j ACCEPT
18:50 < arlion> iptables -I FORWARD -o eth0 -m state --state NEW -j ACCE[T
18:51 < arlion> iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
18:51 < arlion> iptables-save > /etc/iptables.rules
18:51 < Seven_Six_Two> Will those stay, or be gone upon reboot?
18:51 < Seven_Six_Two> oh cool...
18:51 < arlion> the final line "iptables-save > /etc/iptables.rules" will save the rules
18:52 < Seven_Six_Two> this is going to take a minute to type.
18:52 < arlion> lol
18:52 < arlion> no worries
18:54 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:55 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:56 -!- dal2 [~dal@162.250.3.19] has joined #openvpn
18:57 < dal2> Question. On GNU/Linux, what is the advantage to launching with "sudo service openvpn start" versus "sudo openvpn foobar.ovpn"?
18:57 < dal2> Would it help the VPN fail closed instead of fail open?
18:58 < Seven_Six_Two> I get permission denied for the redirect to iptables.rules
18:58 < arlion> use sudo
18:58 < arlion> lol, that answers both of your questions
18:59 < arlion> Seven_Six_Two: you might need to use sudo to make that write
18:59 < arlion> del2: sudo privledges are required to restart the openvpn service. Regular user permissions are not enough.
18:59 < Seven_Six_Two> how do I sudo a redirect? I used it before iptables-save
18:59 < Seven_Six_Two> oh su -i
18:59 < arlion> sudo iptables-save > /etc/iptables.rules
19:00 < Seven_Six_Two> arlion, that didn't work
19:00 < Seven_Six_Two> I've got it though
19:00 < arlion> okay
19:01 -!- hive-mind [pranq@mail.bbis.us] has quit [Remote host closed the connection]
19:02 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
19:02 < Seven_Six_Two> http://paste.ubuntu.com/11828619/
19:02 < arlion> dal2: Do you have any further questions?
19:03 < arlion> Niiicceee
19:03 < arlion> look at those hit counters!
19:03 < arlion> Looks like your firewall rules are working well.
19:04 < Seven_Six_Two> Oh Arlion. You're my hero.
19:05 < Seven_Six_Two> If this was more than text, I'd emoji you. A big animated gif.
19:07 -!- _______________- [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
19:08 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has quit [Disconnected by services]
19:08 -!- _______________- is now known as Seven_Six_Two
19:08 < Seven_Six_Two> Ah-Maze-ing
19:09 < arlion> lol <3
19:11 < Seven_Six_Two> So, I can now work on my server, and use the web. Now... is there a way to only route some things through the tunnel? I am considering just using a vm for tunnel stuff and host for non-tunneled, but I don't know if there's another easy way
19:11 < Seven_Six_Two> I want to be able to use skype or hangouts without the tunnel
19:11 < arlion> That is called split tunneling.
19:12 < Seven_Six_Two> thanks. reading now.
19:13 < arlion> Essentially, all web traffic will go out the normal way but anything that is on your 10.8.0.0 network will go through the tunnel.
19:13 < arlion> is that what you want?
19:14 < Seven_Six_Two> When my vpn is enabled on my client, I would like the default to be to go through the tunnel.
19:16 < Seven_Six_Two> I have internal-only web services that I want to access. Oh, I guess I can't just have hangouts unrouted, cuz it's web...forgot about that. Maybe pidgin or kopete will do hangouts, so I can still
19:16 < Seven_Six_Two> web tunnel, but IM not tunnel
19:16 < arlion> hmmm.. you lost me there but I'm leaning towards not possible.
19:17 < arlion> It's a black and white thing
19:17 < arlion> either everything goes through the tunnel or all web access doesn't go through the tunnel.
19:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
19:22 < Seven_Six_Two> Oh I see. But I could add a route entry for any specific ip or range to un-route?
19:24 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:27 < dal2> arlion: Not sure I understand. What does "sudo service openvpn start" do that "sudo openvpn foobar.ovpn" doesn't?
19:27 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Excess Flood]
19:27 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
19:28 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
19:28 -!- mapps [~mapps@2.192.208.178.dsl.dynamic.gibconnect.com] has quit [Ping timeout: 256 seconds]
19:28 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-lkbcrhawfmqmwvca] has quit [Ping timeout: 256 seconds]
19:29 < arlion> openvpn foobar.ovpn opens the client configuration. service openvpn start is for the actual dameon.
19:29 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-vtkodonzomwlohvq] has joined #openvpn
19:31 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 265 seconds]
19:32 < dal2> arlion: 'sudo openvpn foobar.ovpn' is what I'm doing now. The VPN connection seems to restart itself periodically
19:33 < dal2> arlion: Which of the two should I do and why? Does running the actual daemon give me benefits?
19:33 < dal2> arlion: thanks for the help :)
19:33 < Seven_Six_Two> the server daemon, not the client.
19:34 < Seven_Six_Two> sudo service openvpn start   is how you start the openvpn server (in ubuntu).    sudo openvpn foobar.ovpn  is how you start the client, using the client config.
19:34 < arlion> if your VPN connection dorps periodically I would ask for your client logs to see what occurs when you need to renegoitate. Regular key re-negoition is normal depening on what you hve your lifetime set as.
19:35 < arlion> Seven_Six_Two hit it on the head.
19:36 < Seven_Six_Two> You only need the "service" if you're not connecting to a paid (or free) service that is run by others, and you run your own server.
19:40 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
19:40 < dal2> Okay, I understand now about the server daemon. thanks
19:40 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
19:46 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
19:46 -!- mode/#openvpn [+v s7r] by ChanServ
20:04 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has quit [Ping timeout: 256 seconds]
20:20 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
21:24 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
21:25 -!- dal2 [~dal@162.250.3.19] has quit [Ping timeout: 248 seconds]
21:30 < arlion> fucking 13 mil;lion hours done.
21:30 < arlion> let's go drink some whiskey!
21:30 < arlion> .kick arlion
21:30 -!- arlion [~arlion@unaffiliated/arlion] has quit [Quit: leaving]
21:31 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 248 seconds]
21:32 -!- Tuju [~tuju@214.204.50.195.sta.estpak.ee] has quit [Ping timeout: 255 seconds]
21:32 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:dc78:1849:b130:db5a] has joined #openvpn
21:37 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
21:44 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
21:56 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 255 seconds]
21:58 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has quit [Quit: Bye]
22:01 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 265 seconds]
22:08 -!- Kobaz [~kobaz@its.kobaz.net] has joined #openvpn
22:12 -!- syedomar [~so@175.136.89.160] has quit [Ping timeout: 248 seconds]
22:15 -!- syedomar [~so@175.136.89.160] has joined #openvpn
22:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
22:53 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
23:05 -!- ljvb [~jason@us.vps.vanbrecht.com] has quit [Quit: BitchX-1.2.1 -- just do it.]
23:49 -!- ShadniX [~ShadniX@p5DDFDF5F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:49 -!- ShadniX [dagger@p5481CD24.dip0.t-ipconnect.de] has joined #openvpn
23:57 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Mon Jul 06 2015
00:31 -!- janicez [janicez@depressed.and.lonely.mycafe.ga] has joined #openvpn
00:31 < janicez> hi
00:32 < janicez> I've modified the openvpn source for SCTP's sake. Is this a good idea?
01:12 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:46 -!- toli [~toli@ip-62-235-240-126.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:48 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 248 seconds]
01:49 -!- toli [~toli@ip-62-235-222-131.dsl.scarlet.be] has joined #openvpn
01:52 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
02:02 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:26 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:09 <@plai> janicez: could be :)
04:09 <@plai> janicez: depens on what you are trying to achieve
04:10 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
04:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
04:53 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:03 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Quit: say wat]
05:03 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
05:21 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
05:41 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:03 -!- tjt263 [~tjt263@115-166-24-54.ip.adam.com.au] has joined #openvpn
06:07 -!- tjt263 [~tjt263@115-166-24-54.ip.adam.com.au] has quit [Excess Flood]
06:08 -!- tjt263 [~tjt263@115-166-24-54.ip.adam.com.au] has joined #openvpn
06:08 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
06:18 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:20 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
06:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:26 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:49 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:49 -!- mode/#openvpn [+o mattock1] by ChanServ
06:51 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:56 -!- BtbN [btbn@unaffiliated/btbn] has quit [Ping timeout: 276 seconds]
06:57 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
07:02 -!- Tuju [~tuju@214.204.50.195.sta.estpak.ee] has joined #openvpn
07:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 250 seconds]
07:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
07:21 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-cugvnrqytgzmuzqj] has quit []
07:22 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-eorgcdhcrcwglabc] has joined #openvpn
07:22 -!- tjt263 [~tjt263@115-166-24-54.ip.adam.com.au] has quit [Read error: Connection reset by peer]
07:27 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
07:31 -!- tjt263 [~tjt263@106-68-22-102.dyn.iinet.net.au] has joined #openvpn
07:32 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:37 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
07:44 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
07:46 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:02 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 256 seconds]
08:06 -!- tjt263 [~tjt263@106-68-22-102.dyn.iinet.net.au] has quit []
08:08 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
08:33 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:46 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
09:21 <@dazo> janicez: could be a good idea, especially if it can take advantage of the SCTP features ... would be interesting see your patches though
09:23 <@dazo> janicez: if you're keen on trying to get them into the official OpenVPN, that is quite possible to achieve if your patches really provides features making OpenVPN better (that is, using features unique to SCTP and beneficial for users/admins) ... but it probably will be a few rounds on the mailing lists where your patches will be reviewed before they can be fully accepted and merged in.
09:40 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
09:44 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
09:45 -!- Mike-- [~Mike--@mx.probie.nl] has joined #openvpn
09:57 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has joined #openvpn
09:59 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
10:03 < MadFunk> Hello all. I am trying to configure an OpenVPN server on a private network so that my users can connect to it from any platform (Linux, Mac, Windows or Android*) and have only traffic that is destined for hosts on the private network be routed through the VPN. All other traffic should be left untouched and should route normally (i.e. checking one's IP address should show their regular IP, not the IP of the OpenVPN server). I've pu
10:03 < MadFunk> t together a rough outline of the challenge here: http://pastebin.com/raw.php?i=NLB6EHBA
10:04 < MadFunk> I've had some issues getting this to work, and my current thinking is that I should be able to provide a minimal .ovpn configuration file to each user, and be able to set most of these configuration details in the server's .ovpn file and have those settings pushed out to clients.
10:04 < MadFunk> Any help would be appreciated. Thank you.
10:13 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:16 <@dazo> MadFunk: what you describe here is basically what most users do ... this isn't much rocket science at all ... Let me recommend you to grab a copy of JJK's excellent book which should get you started quickly
10:16 <@dazo> !book
10:16 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2!
10:17 <@dazo> MadFunk: generally what you need is a UDP+TUN based routing setup .... and as long as you don't provide --redirect-gateway, the Internet traffic of the clients will *not* be routed via the VPN
10:17 < MadFunk> dazo: That's reassuring to hear. I've been googling this for about a week on and off, and I've been surprised at how little success I've had getting it to work as desired. I figured what I'm trying to do must not be that uncommon.
10:22 < water_bulb> hi ! raspberry pi itself alone, has not different IP as my pc, when i will go through it to the internet ? do i still need some VPN service ?
10:22 <@dazo> water_bulb: ehm ... your question does not parse
10:23 <@dazo> VPN doesn't have anything to do with which IP addresses you use on the Internet
10:24 < water_bulb> dazo: i'm tech noob. i just don't trust VPN services, just because they say on their websites: we don't store logs.  therefore I want make my own anonymize tool. I saw on web, people are doing it via rasp.pi, but I'm not sure I understand how it works in real traffic
10:25 <@dazo> water_bulb: you don't want VPN in that case ... you want Tor .... Public VPN providers does not give you any security, it only a way to hide your IP address or escape some country firewalls (like what China and Iran got)
10:26 <@dazo> I would generally trust my ISP far more than a random public VPN provider, to be honest
10:27 <@dazo> The reason is that when you route all your Internet traffic through a public VPN provider, that provider doesn't need to store any logs ... the provider just do basic network sniffing on the traffic they tunnel for you and they see exactly what you do on the Internet
10:28 <@dazo> (which is basically what you ISP can do now, when you don't use VPN or Tor)
10:28 <@dazo> to become anonymous on the Internet, Tor is the only solution which will work reasonably well
10:29 <@dazo> http://torproject.org/
10:33 < water_bulb> tor is dead i heard from weeks ago. nodes has been overcomed. now people use https://geti2p.net/en/. i installed it, but have no idea how to set it, run it
10:34 <@vpnHelper> Title: I2P Anonymous Network (at geti2p.net)
10:34 <@dazo> water_bulb: that's bullshit
10:34 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
10:36 <@dazo> water_bulb: in fact, I used Tor a bit a week or two ago ... and it has never worked so well as it did then ... Had minimum 8Mbit/s downstream and 1.5Mbit/s upstream ... which is very reasonable speeds compared to earlier days (where it was below 800kbit/s downstream)
10:36 < water_bulb> i was googling a lot, only best resource of infos , i may have from this article(about vpn providers): https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/.        But when raspberry pi alone does not anonymize me, why do people use it as a gateway for VPN ? I dont get it.  one can easily run vpn directly from windows...
10:37 <@dazo> water_bulb: just the headline have one massive misunderstanding ... VPN does not provide anonymity at all
10:37 <@dazo> it cannot by design
10:38 <@dazo> water_bulb: here's a research article about VPN, privacy and anonymity and the leaks which can happen when using VPN ... http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf
10:39 < water_bulb> i mean in my country will be a law soon, when it's not allowed to download data by breaking copyright laws. like movies, music, porn, warez programs.... i dont want get rich penalty or something. i want bypass it through VPN as everybody uses it, in for example Britain, Germany, ....
10:41 <@ecrist> so much activity today
10:41 <@dazo> bottom line is: VPN does not provide you any anonymity.  End of discussion.  Any public VPN provider who claims to they provide anonymity or privacy are lying
10:43 <@dazo> oh my .... reading through the VPN provider responses on that torrentfreak article .... PrivateVPN: We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user of our service .... We operate in Swedish jurisdiction.
10:43 < water_bulb> dazo: ok. but how else, would you protect yourself from getting caught by government for downloading stuff with breaking copyright laws ?
10:43 <@dazo> Swedish law enforces them to do have logs of who is using their services
10:43 < DArqueBishop> water_bulb, simple. I don't.
10:43 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has left #openvpn ["Good Bye"]
10:43 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has joined #openvpn
10:44 <@ecrist> water_bulb: to quote Jim Carrey in "Liar Liar," "Stop breaking the law, asshole."
10:45 <@dazo> water_bulb: I wouldn't download illegal material, especially when it is copyrighted material.  Period.  Somebody needs to earn money to make that material, so by doing that you just rip the income they deserve.  Would you go into a shop an start stealing candy?  Because that's what you are doing in reality.
10:47 < DArqueBishop> I used to help run a popular Mortal Kombat fan site. Back in 2002, when the series had its first new entry in five or six years, there was a LOT of people bitching that there wasn't a PC version coming out.
10:47 < DArqueBishop> On the other hand, Midway pointed out that they weren't making a PC version because they never made money off the PC versions before. In other words, the people bitching were likely pirates who were mad they couldn't steal the latest game, and denied because of their own actions.
10:48 < water_bulb> if not use a VPN service, then why is good for your service ? OpenVPN ? (no offense, i just dont know)
10:48 <@plai> OpenVPN is a VPN
10:48 <@plai> not more, not less
10:48 <@dazo> water_bulb: VPN in general is to have a secure communication between two or more networks over an insecure link (the public Internet)
10:49 < DArqueBishop> I personally use OpenVPN to have a secure connection to my home network. I don't use it for routing any network traffic except that meant for that network.
10:49 <@dazo> VPN can provide privacy and anonymity *only* if you you control both the server and client side .... OpenVPN itself isn't a service, it's a software which is run on both server and client
10:50 <@ecrist> corporate adoes have that Private Tunnel thing
10:50 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
10:51 <@dazo> fair enough, but that's not something we support here
10:51 <@ecrist> right - I only mention as he may be referring to that service
10:52 <@dazo> yeah, I didn't think of it ... as I've never used it and neither have needed it
10:53 < water_bulb> you meant this ? https://www.privatetunnel.com/index.php/referrer.html   is that a regular VPN service or...
10:53 <@vpnHelper> Title: Private Tunnel - Your Private Tunnel to the Internet (at www.privatetunnel.com)
10:53 <@ecrist> It's a for-pay VPN service
10:53 <@dazo> yes, it's a public VPN provider
10:53 < water_bulb> ah like those in torrentfreak article, right ?
10:53 <@dazo> yeah
10:53 <@ecrist> It doesn't provide you an anonymous internet connection, but it allows you to get out of a potentially hostile network to the internet at large
10:53 <@ecrist> not that the internet isn't hostile
10:55 <@dazo> Hahaha .... "Anonymizer Inc. operates under US jurisdiction. The US is still one of the best countries to operate privacy services out of due to a lack of mandatory data retention laws." .... NSA anyone?  I'm sure they keep logs somewhere :-P
10:56 <@plai> :)
10:56 < water_bulb> i read in months ago, or weeks maybe, that there is common exploit in public connections.  hotels wifi, cable,,,  cafeteria's wifi...    that they see your traffic and exploit it. or they send you a malware which will camouflage as driver updates.      how to protect myself when i will go on vacation abroad and use laptop there,  or smartphone on airport or in city pub please ?
10:56 <@dazo> you don't do any OS updates when you are on a network you don't trust
10:56 <@plai> water_bulb: We do not sell OpenVPN.
10:57 <@dazo> I usually connect to my own managed OpenVPN server, and do all the updates through that tunnel
10:57 <@plai> the whole VPN is needed vs not is an important discussion but slightly off topic here
10:57 < water_bulb> plai: i know, i just have to figure  out, what to use at all. i'm not educated in this area
10:57 < water_bulb> ok then i stop. sorry
10:57 < water_bulb> nvm
10:57 < DArqueBishop> This may sound like me being a dick (and it probably is), but...
10:57 < DArqueBishop> !notovpn
10:57 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
10:57 <@dazo> :)
10:58 <@plai> water_bulb: if you use a VPN you basically use the VPN net instead of your local network
10:58 <@plai> if you trust that VPN more than your local network, good
10:58 <@plai> but with some VPN providers I would feel less secure than without them
10:59 <@plai> that is what VPN usage basically boils down to
10:59 <@dazo> +1
10:59 <@plai> hope that helps
11:01 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has quit [Ping timeout: 264 seconds]
11:04 < water_bulb> yes thanks.  a last note to end this topic, to make sure i understand it correctly.  1, when I'm connected in local network through my VPN service, that means local network may still try sniff traffic, but it won't figure out anything, because my VPN uses encryption. correct ?          2, why people use raspberry pi + OpenVPN as a gateway for their VPN services, when they can do it easier
11:04 < water_bulb> without it ?
11:06 <@plai> 1. yes
11:07 <@plai> 2. rpi + OpenVPN for a home network is a nice way to do it
11:07 <@plai> there are also other ways
11:13 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 276 seconds]
11:13 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
11:23 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:24 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Quit: say wat]
11:24 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
11:32 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:53 < Anoniem4l> Say I have 2 OpenVPN servers and they push "route ..." to each other. Server A has an iptables rule to MASQUERADE traffic to eth0. How is it possible to access B through A but still being able to access the internet through A?
11:53 < Anoniem4l> s/being/be/
11:55 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has joined #openvpn
12:11 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Quit: say wat]
12:11 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
12:16 < zoredache> I suspect you are going to need to be posting a diagram, and your configs for something like that...
12:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:18 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
12:21 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Remote host closed the connection]
12:22 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
12:24 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Remote host closed the connection]
12:34 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:44 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has quit [Quit: MadFunk]
12:44 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
13:16 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has joined #openvpn
13:17 -!- MadFunk [~ksutton@216-13-105-194.dedicated.allstream.net] has left #openvpn []
13:18 -!- MadFunk [~madfunk@216-13-105-194.dedicated.allstream.net] has joined #openvpn
13:18 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Remote host closed the connection]
13:20 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
13:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
13:35 -!- AlmogBaku [~AlmogBaku@bzq-79-176-166-157.red.bezeqint.net] has joined #openvpn
13:40 -!- dal2 [~dal@82.221.107.179.adsl.inet-telecom.org] has joined #openvpn
13:43 < dal2> Hi, when I run "sudo openvpn foobar.conf" I am told my 'pass' file and two '.key' files are "group or others accessible"
13:43 < dal2> That doesn't sound good, what should I do?
13:45 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
13:52 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
13:55 < DArqueBishop> dal2, set their mode 600.
13:58 -!- dal2 [~dal@82.221.107.179.adsl.inet-telecom.org] has quit [Quit: Leaving]
13:59 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:00 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
14:00 -!- mode/#openvpn [+v s7r] by ChanServ
14:03 < MadFunk> dazo: It looks like my config uses udp/tun but when I connect to my openvpn server it's redirecting all traffic via the VPN anyway.
14:05 < MadFunk> dazo: Hang on.. I'm getting something different now. Maybe I've got this. If I haven't, I've got my configs ready to link on pastebin.
14:05 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
14:05 -!- dal2 [~dal@82.221.107.179.adsl.inet-telecom.org] has joined #openvpn
14:06 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 255 seconds]
14:11 -!- MadFunk [~madfunk@216-13-105-194.dedicated.allstream.net] has quit [Remote host closed the connection]
14:17 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
14:20 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:38 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has joined #openvpn
14:42 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
14:54 -!- MadFunk [~madfunk@216-13-105-194.dedicated.allstream.net] has joined #openvpn
15:14 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
15:17 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has joined #openvpn
15:24 <@dazo> MadFunk: if will redirect the traffic *only* if you either push redirect-gateway from the server or use redirect-gateway in the client config.  Only when that option is used, Internet traffic will be redirected via the tunnel
15:30 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
15:31 -!- MadFunk [~madfunk@216-13-105-194.dedicated.allstream.net] has quit [Quit: Leaving]
15:32 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has joined #openvpn
15:36 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has quit [Client Quit]
16:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:31 -!- dal2 [~dal@82.221.107.179.adsl.inet-telecom.org] has quit [Read error: Connection reset by peer]
16:33 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
16:46 -!- cylon512 [~cylon@2.92.151.47] has joined #openvpn
17:02 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has joined #openvpn
17:09 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
17:25 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
17:37 -!- djcoder [~rosario@rrcs-74-218-228-50.se.biz.rr.com] has joined #openvpn
17:48 -!- djcoder [~rosario@rrcs-74-218-228-50.se.biz.rr.com] has quit [Quit: djcoder]
17:54 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Remote host closed the connection]
17:55 -!- crised [~crised@186.67.181.203] has joined #openvpn
17:55 < crised> trying to make a server based on amazon linux to tunnel all my traffic from a remote with dynamic ip
17:55 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
17:56 < crised> made a manual vpn following this and succeded
17:56 < crised>    Konsole output     Mon Jul  6 22:56:29 2015 Initialization Sequence Completed
17:56 < crised>    
17:56 < crised> However the Ip from the openvpn client is the same as the original ip
17:57 < crised> it's not using the remote server IP
17:57 < crised> what am I doing wrong?
18:04 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
18:08 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:09 <@dazo> !redirect
18:09 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
18:09 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
18:10 <@dazo> crised: ^^^
18:12 < crised> dazo: thanks
18:12 < crised> !def1
18:12 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
18:13 < crised> dazo: this is my config: https://gist.github.com/crised/ef1a335d8bdaf8de4ac8
18:13 <@vpnHelper> Title: gist:ef1a335d8bdaf8de4ac8 (at gist.github.com)
18:13 < crised> I added push redirect-gateway def1
18:13 < crised> also net.ipv4.ip_forward = 1
18:14 < crised> dazo: that was the server config
18:15 <@dazo> crised: did you see the flowchart at the end?
18:16 <@dazo> http://pekster.sdf.org/misc/redirect.png
18:16 < crised> dazo: trying to picture it
18:16 < crised> dazo: should I add    Konsole output     push "redirect-gateway def1" on the client?
18:16 <@dazo> look at the flow chart
18:16 < crised> How do I enable redirect-gateway on the client?
18:17 <@dazo> push "redirect-gateway def1" in the server config is the same as adding 'redirect-gateway def1' on the client
18:17 <@dazo> however ... I see you use static encryption ... that might not work with push
18:18 < crised> dazo: this are my updated files
18:18 < crised> https://gist.github.com/crised/ef1a335d8bdaf8de4ac8
18:18 <@vpnHelper> Title: gist:ef1a335d8bdaf8de4ac8 (at gist.github.com)
18:18 < crised> dazo: How can I tell if the redirect gateway is enabled on the client
18:18 <@dazo> move the "push" lines to the client config ... and remove the "push" keyword
18:18 <@dazo> !logs
18:18 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
18:19 <@dazo> !logfile
18:19 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
18:19 <@dazo> for this case, --verb 4 is more than enough
18:20 <@dazo> I also see that --secret is missing in the client config as well
18:20 <@dazo> the static key needs to be identical on both client and server for static encryption to work
18:21 < crised> dazo: what is verb 4?
18:22 <@dazo> !man
18:22 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
18:22 < crised> dazo: I'm lost with "push" keyword https://gist.github.com/crised/ef1a335d8bdaf8de4ac8
18:22 <@vpnHelper> Title: gist:ef1a335d8bdaf8de4ac8 (at gist.github.com)
18:22 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:22 <@dazo> also remove the " marks
18:23 <@dazo> crised: you really need to look at the man page ... each option you use here is very well explained in the man page
18:23 <@dazo> you don't have to read the complete man page, just search for the options
18:23 <@dazo> also beware of --
18:23 <@dazo> !--
18:23 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
18:24 < crised> dazo: ok, now I'm just testing to see if I can do this
18:24 < crised> dazo:    Konsole output     Mon Jul  6 20:23:49 2015 Initialization Sequence Completed
18:25 < crised> dazo: I can't ping google.com
18:25 <@dazo> that's usually a good sign ... now follow the flow-chart further.  That line only indicates the VPN tunnel is established.  If you route any traffic over the tunnel is a completely different question
18:26 < crised> dazo: I can ping 8.8.8.8 from the client
18:26 <@dazo> !spoonfeeding
18:26 < crised> dazo: this is my config https://gist.github.com/crised/ef1a335d8bdaf8de4ac8
18:26 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html
18:26 <@vpnHelper> Title: gist:ef1a335d8bdaf8de4ac8 (at gist.github.com)
18:26 < crised> dazo: lol
18:27 < crised> dazo: could you spoon fed me a little bit more?
18:27 <@dazo> three times I've pointed you at the flow chart, two times I've mentioned the man page .... It's 1:30 at night where I am, and I intend to logout very soon
18:27 -!- crised was kicked from #openvpn by dazo [go do some homework first]
18:29 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
18:42 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:57 -!- syedomar [~so@175.136.89.160] has quit [Quit: leaving]
19:06 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 276 seconds]
19:09 -!- s7r [debian-tor@openvpn/user/s7r] has joined #openvpn
19:10 -!- mode/#openvpn [+v s7r] by ChanServ
19:10 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
19:15 -!- cylon512 [~cylon@2.92.151.47] has quit [Quit: leaving]
19:20 < Seven_Six_Two> What is the best way to copy files to and from a remote server through a tunnel? Do all of the options (NFS, SAMBA, FTP, SCP) have equivalent network overhead and connection stability?
19:21 < Seven_Six_Two> I use nfs when at home, so there are already shares available, but I have no ftp server, nor use for windows sharing.
19:25 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has joined #openvpn
19:34 <@dazo> Seven_Six_Two: if you already have NFS working, I would use that
19:35 <@dazo> Seven_Six_Two: I have NFS, CIFS and SSH available on my network, but I generally use NFS first of all ... as that gives me possibilities with autofs/automount
19:35 <@dazo> (If I'm at home or connected, NFS shares gets automatically mounted on request)
19:36 <@dazo> ... err .... or connected via VPN, I meant
19:39 -!- dazo is now known as dazo_afk
20:12 < Seven_Six_Two> no problems with lag or disconnects?
20:13 < Seven_Six_Two> I'm currently restricting mounts by ip, so it should work, I was just worried about overhead mostly. My vpn upload speed tops out at 80KB/s
20:46 -!- xTz [~xTz@DeathStar.Techn0.eu] has joined #openvpn
21:00 -!- Jeroen is now known as Jeroen52
21:00 -!- Jeroen52 is now known as Jeroen
21:02 -!- Jeroen is now known as Jeroen52
21:03 -!- Jeroen52 is now known as Jeroen
21:13 -!- tsing [~tsing@arale.tsing.org] has joined #openvpn
21:56 -!- s7r_c [debian-tor@openvpn/user/s7r] has joined #openvpn
21:56 -!- mode/#openvpn [+v s7r_c] by ChanServ
21:57 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Ping timeout: 255 seconds]
22:21 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has quit [Ping timeout: 256 seconds]
22:35 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
22:55 -!- BDigits [~BDigits@ip70-188-158-72.ri.ri.cox.net] has joined #openvpn
23:02 -!- BDigits [~BDigits@ip70-188-158-72.ri.ri.cox.net] has left #openvpn ["Leaving"]
23:10 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
23:11 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:14 < mnathani_> how would I proxy arp an address on my dedicated server, public IP over to my client machine to present that IP as its own, using OpenVPN
23:17 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
23:17 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has quit [Ping timeout: 246 seconds]
23:23 -!- janicez is now known as [132]
23:26 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:31 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
23:37 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:47 -!- ShadniX [dagger@p5481CD24.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:47 -!- ShadniX_ [dagger@p5DDFEF96.dip0.t-ipconnect.de] has joined #openvpn
23:47 -!- ShadniX_ is now known as ShadniX
--- Day changed Tue Jul 07 2015
00:00 -!- [132] is now known as janicez
00:08 -!- Tenhi [~tenhi@178.18.241.180] has quit [Ping timeout: 244 seconds]
00:35 -!- tsing [~tsing@arale.tsing.org] has quit [Remote host closed the connection]
00:47 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:dc78:1849:b130:db5a] has quit [Ping timeout: 248 seconds]
00:49 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:49 -!- mode/#openvpn [+o mattock1] by ChanServ
00:57 -!- tsing [~tsing@arale.tsing.org] has joined #openvpn
01:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
01:15 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:15 -!- mode/#openvpn [+o mattock1] by ChanServ
01:35 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:36 -!- r00t^2_ [~bts@g.rainwreck.com] has joined #openvpn
01:36 -!- r00t^2_ [~bts@g.rainwreck.com] has quit [Client Quit]
01:37 -!- r00t^2_ [~bts@g.rainwreck.com] has joined #openvpn
01:39 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 264 seconds]
01:41 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
01:42 -!- r00t^2_ is now known as r00t^2
01:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 248 seconds]
01:44 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 252 seconds]
02:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:03 -!- mode/#openvpn [+o mattock1] by ChanServ
02:19 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:27 -!- tsing [~tsing@arale.tsing.org] has quit [Remote host closed the connection]
02:30 -!- tsing [~tsing@arale.tsing.org] has joined #openvpn
03:04 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
03:10 -!- _Timon [~Timon@tt.cloud.tilaa.com] has joined #openvpn
03:18 < _Timon> How come that openvpn times out all external ip's when streaming audio but is fine when downloading huge files....
03:19 < _Timon> the external audio keeps streaming but nothing else gets through the line, except for pings towards the openvpn server
03:20 < janicez> huh
03:20 < _Timon> thats my reaction aswell
03:20 < _Timon> sidenote, this only happens on one clients out of the 5 that are connected to the openvpn server
03:21 < _Timon> so my guesses are it's something wrong in the client, nothing shows up in the client log/server log
03:22 < _Timon> maybe something with verb 9 will show up
03:24 < _Timon> nothing unusual... so far
03:30 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:31 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
03:32 -!- s7r_c is now known as s7r
03:42 < _Timon> im pretty much out of ideas
03:45 -!- Tenhi [~tenhi@178.18.241.180] has joined #openvpn
03:51 < _Timon> tried some other openvpn servers all the same issue
04:55 -!- dazo_afk is now known as dazo
05:11 -!- tsing [~tsing@arale.tsing.org] has quit [Read error: Connection reset by peer]
05:11 -!- tsing [~tsing@arale.tsing.org] has joined #openvpn
05:31 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has joined #openvpn
05:34 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Remote host closed the connection]
05:37 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
05:55 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:10 -!- tsing [~tsing@arale.tsing.org] has quit [Quit: Leaving...]
06:47 -!- AlmogBaku [~AlmogBaku@bzq-79-176-166-157.red.bezeqint.net] has quit [Remote host closed the connection]
06:48 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
06:56 < defswork> _Timon, sounds like a flood/shaping issue
06:56 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
06:56 < defswork> streaming audio is udp, downloading huge files tcp
06:57 < defswork> _Timon, tcp windows fill and ack/naks end up being waited for
06:57 < defswork> maybe your udp is basically spewing as fast as it can
06:58 < _Timon> hm okay
06:59 < _Timon> anything i can do about that?
07:01 < _Timon> I don't really recall changing any tcp sockets on this specific installation of win7
07:08 < _Timon> I just moved the vpn connection to UDP instead of TCP and changed the client config. problem still exists.
07:18 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
07:28 -!- michele [eraser@unaffiliated/michele] has joined #openvpn
07:29 < michele> hi!
07:29 < michele> is it possible to use a udp tunnel (server and client) while connecting from the client using an http proxy?
07:39 -!- michele [eraser@unaffiliated/michele] has left #openvpn ["WeeChat 1.2"]
07:53 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:59 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:03 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 256 seconds]
08:08 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
08:09 -!- water_bulb [a@gateway/shell/yourbnc/x-whomuzjzurflgplx] has left #openvpn []
08:23 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
08:23 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:42 -!- alecsandro [ale@unaffiliated/alecsandro] has joined #openvpn
08:46 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
08:49 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
09:08 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
09:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
09:28 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:38 -!- shio [~shio@8.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
09:44 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has joined #openvpn
09:47 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has quit [Client Quit]
09:47 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has joined #openvpn
09:54 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
09:57 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:03 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:15 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
10:22 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
10:32 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
10:36 -!- bruxC [~bruxC@66.63.84.178] has quit [Client Quit]
10:52 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
10:57 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
11:42 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:48 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
11:48 < linuxthefish> hi, how can i 'route' a /24 over tun0 using a Linux server and client? right now i can only use a single address, as the subnet mask is 255.255.255.255!
11:49 < linuxthefish> client to client is enabled, and i've bridged tun0 with my local network
11:51 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
11:54 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has quit [Quit: Bye]
12:03 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
12:04 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:04 -!- mode/#openvpn [+o mattock2] by ChanServ
12:18 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
12:18 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
12:19 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:26 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:27 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:32 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
12:39 -!- s7r [debian-tor@openvpn/user/s7r] has quit [Quit: Leaving]
12:41 < BtbN> linuxthefish, you can't bridge tun devices, they operate on layer 3. Just set a route to the other end for the network.
12:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
13:01 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:07 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
13:14 <@dazo> linuxthefish: look at the --route and --push options in the man page .... that's how you control the routing, including setting the proper netmask
13:14 <@dazo> !man
13:14 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
13:15 <@dazo> linuxthefish: in regards to bridging .... don't do that, you most likely don't need bridging at all (and BtbN is right, tun devices cannot be bridged)
13:16 <@dazo> For more info ... see also this one: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
13:16 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
13:20 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
13:20 -!- mode/#openvpn [+v s7r] by ChanServ
13:20 < linuxthefish> ah whoops wrong interface
13:20 < linuxthefish> it works thanks!
13:26 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
13:28 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:29 < Belliash> hello
13:29 < Belliash> any ideas why i cannot reach higher transfer than 1,5MB/s over VPN?
13:31 <+esde> !bottleneck
13:31 <@vpnHelper> "bottleneck" is (#1) OpenVPN uses userland crypto unless you have HW accel available (as shown with `openvpn --show-engines`.) This means the CPU is frequently the performance bottleneck; remember that OVPN is single-threaded or (#2) See also: !gigabit for ideas on advanced performance tuning options
13:32 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has quit [Ping timeout: 265 seconds]
13:33 < Belliash> esde: core i7 and xeon on 2 sides....
13:33 < Belliash> symmetrical 100mbps on both sides
13:33 < Belliash> and 1.5MB/s max :(
13:34 <+esde> Check the topic and you might find users are more helpful
13:34 < Thermi> !gigabit
13:34 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
13:35 < Thermi> Belliash: Well, then something on the network is throttling your throughput.
13:39 -!- Linuxnet is now known as Netas3k
13:40 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 250 seconds]
13:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
13:47 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Read error: Connection reset by peer]
13:48 -!- toli [~toli@ip-62-235-222-131.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:49 < Belliash> Thermi: w/o vpn i can exhaust whole bandwidth (100mbps), and even changing ciphers does not make any difference
13:49 -!- toli [~toli@ip-62-235-222-132.dsl.scarlet.be] has joined #openvpn
13:49 <@dazo> !gigabit
13:49 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
13:49 < Thermi> Belliash: I can only repeat myself. Something on the network is throttling you.
13:52 -!- darxun [~darxun@crew.of.the.worldwide.famous.micros0ft.dk] has joined #openvpn
14:07 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
14:18 -!- Belliash [znc@asiotec/constitutive/belliash] has left #openvpn ["No boundaries on the net!"]
14:29 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
14:33 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:35 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
15:38 -!- alecsandro [ale@unaffiliated/alecsandro] has quit [Ping timeout: 256 seconds]
15:44 -!- janicez [janicez@depressed.and.lonely.mycafe.ga] has quit [Ping timeout: 256 seconds]
15:59 -!- kadafi [kadafi@trap.mss.ca.gov] has joined #openvpn
16:53 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
17:01 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:06 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
17:42 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:55 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
18:11 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
18:13 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has joined #openvpn
18:43 -!- dazo is now known as dazo_afk
18:46 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
19:03 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
19:03 -!- mode/#openvpn [+v s7r] by ChanServ
19:10 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 256 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:15 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:20 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
19:21 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
19:22 -!- Linuxnet [~netas@unaffiliated/netas3k] has quit [Excess Flood]
19:26 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
19:55 -!- teksimian [~chatzilla@174-138-208-140.cpe.distributel.net] has joined #openvpn
20:18 < teksimian> i have 192.168.255.0/24   192.168.254.18     UGS        tun0 in my routing table and want to use .18 as a gw to 192.168.255.0/24.  .18 is an openvpn virtual ip which i can ping and connect to.  when i try to ping 192.168.255.XYZ ping comes back with ping: sendto: Network is unreachable. i dont understand why... it's in the routing table, yet after looking at it with tcpdump ping isnt writing...
20:18 < teksimian> ...anything to tun0 interface
21:24 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 250 seconds]
21:43 -!- SineDeviance [~quassel@2602:306:3908:8eb0:801d:5ca5:2746:320c] has joined #openvpn
21:43 < SineDeviance> hey guys! i really need some help, i've been banging my head against this problem for almost a week
21:44 < SineDeviance> okay, so we're trying to run openVPN on a ramnode VPS. ramnode is a known good openVPN host
21:44 < SineDeviance> i have tried both building an openVPN stack from scratch, and also deploying turnkey openvpn
21:45 < SineDeviance> in both cases the server seems to run okay, but the issue we are having is that our clients cannot get a gateway address and are not given an endpoint inside our private network
21:45 < SineDeviance> clients do connect, and if i manually enter a DNS on a client it CAN recieve internet through the tunnel
21:46 < SineDeviance> we just can't get them to properly connect to the internal subnet, and thus we cannot access services like ssh on the clients (which is what we need this for - remote admin)
21:47 < SineDeviance> TAP/TUN and PTP are both enabled in our VPS's SolusVM panel
21:47 < SineDeviance> PPP* even
21:47 < SineDeviance> i think it's a routing issue, maybe the internal firewall is not following my iptable rules or something, but i don't know how to diagnose that
21:49 < SineDeviance> ip for tun0 and venet0 are both set, tun0 is on 10.10.0.1, venet0 is on 127.0.0.2
21:51 < subzero79> SineDeviance: I have ramnode also running openvpn but just to access the internal not def redirection
21:52 < SineDeviance> subzero79: hmm ... well, i have redirect-gateway def1 set in the config
21:52 < subzero79> I will have to try it later, since I am on the phone now
21:53 < SineDeviance> as i understand it that prevents openvpn clients from using the vpn's gateway, and allows them to keep their local gateway? but i've tried it without that option and same result, no gateway address is assigned
21:53 < subzero79> You want to redirect clients internet through ramnode?
21:53 < subzero79> You also want each remote client to reach each other ?
21:54 < SineDeviance> i just want each remote client to be able to reach each other, yeah. they don't need to be totally redirected through the VPN
21:54 < SineDeviance> i only need to access services on each client
21:54 < SineDeviance> specifically, ssh
21:54 < SineDeviance> that's literally the only thing
21:54 < SineDeviance> if we can get this working so that we can ssh into each client, that will work
21:55 < subzero79> Well I have a constant link to ramnode in my home server
21:55 < SineDeviance> these clients don't even need internet access, they are embedded devices
21:55 < SineDeviance> they only perform one function
21:55 < subzero79> I'll fire openvpn in my phone to see if I can reach my home server
21:57 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
21:58 < subzero79> Don't think is working. I didnt put client to client directive
21:58 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
22:00 -!- james41382_ is now known as james41382
22:00 < subzero79> Mm I do have the directive. Then I am missing the push route in the server
22:01 < SineDeviance> i do have client to client directive i think
22:01 < SineDeviance> yeah
22:08 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
22:09 -!- Mike-- [~Mike--@mx.probie.nl] has quit [Read error: Connection reset by peer]
22:11 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:13 < subzero79> SineDeviance: sorry is not working now for me now. I have to check later bringing down the firewall. Hard to do it from the phone
22:13 < SineDeviance> subzero79: it's all good, thanks
22:13 < subzero79> Is working now ?
22:13 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
22:14 < SineDeviance> no :D
22:14 < subzero79> Let you know later
22:18 < subzero79> Also it could be that I am trying with a phone device
22:38 < SineDeviance> ugh, what am i doing wrong here
22:38 < SineDeviance> why won't this server freaking work
22:47 < SineDeviance> omg i am about to lose my mind here
23:12 -!- teksimian [~chatzilla@174-138-208-140.cpe.distributel.net] has quit [Ping timeout: 240 seconds]
23:34 < SineDeviance> i got it working!
23:34 < SineDeviance> the problem is that openVPN client was not being run as admin on my windows 7 and 8 machines
23:34 < SineDeviance> a week lost over that one little thing
23:34 < SineDeviance> isn't life grand?
23:34 < SineDeviance> anyways, i was just able to RDP into my laptop from my phone over cellular, so the VPN is working now
23:47 -!- ShadniX [dagger@p5DDFEF96.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:47 -!- ShadniX_ [dagger@p5481D26D.dip0.t-ipconnect.de] has joined #openvpn
23:47 -!- ShadniX_ is now known as ShadniX
--- Day changed Wed Jul 08 2015
00:12 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:29 -!- mode/#openvpn [+o mattock1] by ChanServ
00:33 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 256 seconds]
00:33 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
01:31 -!- tessier [~treed@kernel-panic/copilotco] has joined #openvpn
01:38 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
01:39 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:49 -!- mystica555 [~mystica55@38.75.196.67] has joined #openvpn
02:02 -!- SineDeviance [~quassel@2602:306:3908:8eb0:801d:5ca5:2746:320c] has quit [Ping timeout: 248 seconds]
02:02 -!- SineDeviance [~quassel@2602:306:3908:8eb0:882b:9b42:3ca4:9881] has joined #openvpn
02:39 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
02:44 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:14 -!- hylas [~hylas@unaffiliated/hylas] has left #openvpn ["WeeChat 1.2"]
03:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
03:38 -!- yuvadm [~yuvadm@y3xz.com] has joined #openvpn
03:39 < yuvadm> when using basic L3 IP rounting, what config do i need so that two clients can ping each other?
03:39 < yuvadm> server on 10.8.0.1 can ping both .2 and .3
03:39 < yuvadm> but .2 and .3 can't ping each other
03:43 < subzero79> SineDeviance, good to know, my phone routing wasn't working when i was talking to you. I added some optimizations last week that were compatible with the iOS
03:43 < subzero79> when i got back home i checked and all my other devices could reach each other
03:43 < subzero79> that weren't compatible*
03:44 < subzero79> yuvadm, you usually have to put client-to-client in the server
03:45 < yuvadm> subzero79: ah, found it! thanks :)
03:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
04:16 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Remote host closed the connection]
04:21 -!- pehlert [~pascal@aftr-37-201-212-186.unity-media.net] has joined #openvpn
04:24 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
04:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:25 -!- dazo_afk is now known as dazo
04:30 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:33 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
04:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
04:46 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:03 -!- Denial- [~Denial@81.141.9.110] has joined #openvpn
05:03 -!- Denial [~Denial@81.141.9.110] has quit [Ping timeout: 265 seconds]
05:08 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
05:21 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
05:59 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:15 -!- pehlert [~pascal@aftr-37-201-212-186.unity-media.net] has quit [Ping timeout: 265 seconds]
06:35 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
06:47 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:51 <@ecrist> !roadmap
06:51 <@vpnHelper> "roadmap" is https://community.openvpn.net/openvpn/wiki/RoadMap for the roadmap for OpenVPN 3
06:53 -!- Jesterboxboy [~Thunderbi@chello080109194026.3.graz.surfer.at] has joined #openvpn
06:55 < Jesterboxboy> i have an openvpn server configured on openwrt 14.07
06:55 < Jesterboxboy> the configuration of the interface looks like this
06:55 < Jesterboxboy> http://pastebin.com/bQgURw1S
06:55 < Jesterboxboy> Do i even need this statically configured ip address? my understanding is taht upon connection openvpn uses a /32 network for p-t-p, but if dont assign a static ip to the vpn interface i cant get traffic through
06:56 <@ecrist> what are you trying to send over the VPN?
06:58 < Jesterboxboy> the whole client traffic
06:59 < Jesterboxboy> it works at the moment, i just  wwant to understand why i need to configure a static address to the interface for it to do
07:00 <@ecrist> well, you need to have an IP address for layer three traffic
07:01 <@ecrist> so, the server will require an IP, and each client requires one in order to talk to the server.
07:01 -!- Jesterboxboy [~Thunderbi@chello080109194026.3.graz.surfer.at] has quit [Quit: Jesterboxboy]
07:08 -!- pehlert [~pascal@aftr-37-201-215-163.unity-media.net] has joined #openvpn
07:14 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
07:57 -!- kcaj [kcaj@unaffiliated/kcaj] has quit [Ping timeout: 248 seconds]
07:59 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 248 seconds]
07:59 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 248 seconds]
07:59 -!- mystica555 [~mystica55@38.75.196.67] has quit [Ping timeout: 240 seconds]
08:01 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
08:01 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
08:01 -!- kcaj [kcaj@unaffiliated/kcaj] has joined #openvpn
08:01 -!- mystica555 [~mystica55@38.75.196.67] has joined #openvpn
08:06 -!- pehlert [~pascal@aftr-37-201-215-163.unity-media.net] has quit [Ping timeout: 264 seconds]
08:09 -!- pehlert [~pascal@aftr-37-201-215-163.unity-media.net] has joined #openvpn
08:09 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Remote host closed the connection]
08:12 -!- pehlert [~pascal@aftr-37-201-215-163.unity-media.net] has quit [Read error: Connection reset by peer]
08:13 -!- pehlert [~pascal@aftr-37-201-215-163.unity-media.net] has joined #openvpn
08:14 -!- mparisi [~mparisi@72.20.27.67] has joined #openvpn
08:26 -!- pehlert [~pascal@aftr-37-201-215-163.unity-media.net] has quit [Ping timeout: 256 seconds]
08:33 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
08:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
08:34 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
08:34 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Client Quit]
08:34 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
08:37 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
08:44 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
09:04 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
09:08 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
09:13 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
09:16 -!- yuvadm [~yuvadm@y3xz.com] has left #openvpn []
09:21 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
09:40 < _Timon> is there anything to do to stop my tcp windows from filling up while listening to an udp audio stream?
09:45 <@plai> _Timon: what do you mean?
09:45 < _Timon> when I stream audio through the vpn everything times out
09:45 < _Timon> except for the audio stream
09:46 < _Timon> someone concluded that my tcp windows are being flooded, but I have yet to detect that
09:46 <@plai> well udp does not do rate control
09:46 <@plai> so it will just the datarate of the stream
09:46 <@plai> your stream might just be to high data rate for your vpn to support
09:47 < _Timon> both clients are on gigabit
09:47 < _Timon> audio stream is 96kbps
09:47 < _Timon> both client &server*
09:48 < _Timon> when I start the audio streams pings start with ~3000ms and then after a few seconds time out. stream keeps playing.
09:48 <@plai> and what is the connection beween client and server?
09:48 < _Timon> pings between the client and server stay normal
09:48 < _Timon> ~5ms
09:49 <@plai> in term of datarate
09:49 <@plai> same LAN?
09:49 < _Timon> nope
09:49 <@plai> dsl connection between?
09:49 <@plai> dialup between them?
09:49 < _Timon> I guess dsl
09:50 <@plai> so the gigabit argument is not valid
09:50 < _Timon> yeah dsl is copper so nvm
09:50 <@plai> try iperf or some speed benchmark to see what the availabe datarate between server and client is
09:50 < _Timon> client > cat6 > router > (stuff ) > fiber
09:51 < _Timon> ok on it
09:51 <@plai> I bet it is something like 128 kB/its and ~100 kBit/s and the udp stream fills that 100 KBit/s
09:52 < _Timon> does it have a single benchmark command?
09:53 <@plai> try iperf
09:53 <@plai> !iperf
09:53 < _Timon> !iperf
09:53 <@plai> hm no luck
09:53 < _Timon> just iperf -s ?
09:54 <@plai> iperf -s one side
09:54 < _Timon> ok
09:54 <@plai> and iperf -c ip on the other
09:54 <@plai> iperf -r -c ip on the client
09:54 <@plai> to get both directions
09:56 < _Timon> internal openvpn ip?
09:56 <@plai> _Timon: for iperf you need to run iperf on both client and server
09:56 <@plai> otherwise if the vpn is your default gw just use something like speedtest.net for an approximation
09:57 < _Timon> cli only
09:57 < _Timon> wgets get around 90MB/s
09:57 <@plai> hm
09:57 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
09:57 <@plai> log for strange log messages on server and client
09:57 <@plai> look
09:58 < _Timon> already done, got nothing
09:58 < _Timon> with verboose 9
09:58 <@plai> but an udp stream should not break the vpn
09:58 < _Timon> I think that the issue is on this single client
09:58 < _Timon> could there be a windows adapter setting that is broken?
09:58 <@plai> no idea
09:59 < _Timon> reinstalled openvpn client couple of times
09:59 <@plai> I am not a Windows expert
09:59 < _Timon> udp streams work fine on other windows clients with the same vpn server :/
10:00 < _Timon> brb 1 hour, ill keep digging after that, thanks for the help so far :)
10:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:46 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
10:46 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 255 seconds]
11:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:33 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
12:02 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:11 -!- Telvana [~digits@2605:a000:122d:c154:213:72ff:fefc:b034] has joined #openvpn
12:23 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 248 seconds]
12:44 -!- pehlert [~pascal@aftr-37-201-212-21.unity-media.net] has joined #openvpn
12:46 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:00 -!- KaiForce [~chatzilla@107-223-70-11.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 38.0.5/20150525141253]]
13:06 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:11 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
13:24 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
13:28 -!- fxhound [~fxhound@cpc11-ely05-2-0-cust23.5-1.cable.virginm.net] has joined #openvpn
13:33 -!- Seven_Six_Two [~Seven_Six@unaffiliated/seven-six-two/x-9832417] has quit [Quit: Leaving]
13:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:57 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:57 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
14:07 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
14:12 -!- themapplz [~themapplz@0119600834.0.fullrate.dk] has joined #openvpn
14:14 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 256 seconds]
14:14 < themapplz> hello gentlemen - i have a short question i was hoping to get some help with. generating client keys with ./build-key gives me "CA certificate and CA private key do not match"
14:15 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 256 seconds]
14:15 < themapplz> it seems my ca.crt is missing or is corrupt
14:15 < themapplz> is it possible to just make a new set?
14:16 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
14:16 -!- mete [~mete@91.247.253.160] has joined #openvpn
14:17 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:17 <@dazo> themapplz: if you create a new set, you need to issue new certificates to all servers and clients
14:17 < themapplz> ok
14:17 < themapplz> so there's no way around that
14:17 <@dazo> if you have the correct CA private key, it should be possible to recreate the certificate ... but if you have messed up the private key, you're in trouble
14:18 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 246 seconds]
14:18 <@dazo> private CA key, that is
14:18 < themapplz> i have 8 clients running perfectly but now i'm trying to add more and it burps this annoying error
14:18 < themapplz> how can i find out if it's correct?
14:19 < themapplz> i have ca.key and ca.crt
14:19 <@dazo> check the ca.crt file on your server against the ca certificate inside the easy-rsa dir ... if they match, you have trouble ... if they are different, it's worth trying to copy the CA cert from the server
14:19 -!- shadok_ is now known as shadok
14:19 <@dazo> to the easy-rsa directory
14:20 <@dazo> (but whatever you do ... be sure you have a backup!)
14:20 < themapplz> right
14:20 <@dazo> anyhow ... with 8 clients, it's not that bad to recreate certs and keys .... annoying and time consuming, but not as bad as if you had 50 or 200 certs
14:21 < themapplz> i've been trying copy them back and forth.. i have the original old ca.crt - can perhaps make a new pair from that?
14:21 < themapplz> right
14:21 <@dazo> you can only create a new pair if you have the ca.key .... ca.crt is based on the key
14:22 <@dazo> certificates are basically public keys, which contains a signature and some info about who this key belongs to as well as who did the signing
14:23 < themapplz> ah ok
14:23 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 248 seconds]
14:24 < themapplz> i appreciate your help! all the best!
14:24 <@dazo> themapplz: if you need to redo things ... consider testing out xca .... it's a gui app which is probably easier to use and it is harder to do ugly mistakes (plus everything is in a single data file, so it's easy to backup)
14:25 < themapplz> xca?
14:25 < themapplz> ah cool
14:25 <@dazo> yeah ... http://sourceforge.net/projects/xca/
14:25 <@vpnHelper> Title: xca download | SourceForge.net (at sourceforge.net)
14:26 <@dazo> easy-rsa is just a CA tool, which xca also is .... tinyCA can also be an alternative, even though I find xca to be the most easy to work with
14:27 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
14:30 <@dazo> and just to be clear ... any CA tool which produce proper X.509 certificates can be used with OpenVPN.   In fact all these tools can also produce certificates and keys for web or mail servers, or any server or client supporting X.509 certificates (which is used by the SSL/TLS protocol)
14:33 -!- dazo is now known as dazo_afk
14:34 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.2]
14:36 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
14:36 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
14:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
14:38 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:38 -!- mode/#openvpn [+o mattock1] by ChanServ
14:41 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:42 -!- Telvana [~digits@2605:a000:122d:c154:213:72ff:fefc:b034] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
14:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
14:42 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: be back, router upgrade.]
14:43 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
14:46 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
14:53 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:58 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:01 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
15:07 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
15:08 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
15:09 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
15:10 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
15:11 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
15:14 -!- orion44 [~orion44@unaffiliated/orion44] has joined #openvpn
15:16 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
15:19 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
15:20 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
15:24 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection reset by peer]
15:29 < themapplz> xca rocks - thanks again!
15:29 -!- themapplz [~themapplz@0119600834.0.fullrate.dk] has quit []
15:44 -!- SoWhat [~Karl@dslb-094-217-059-074.094.217.pools.vodafone-ip.de] has joined #openvpn
15:44 < SoWhat> hey! Can somebody tell me what should I write as a second parameter in static client config file ?
15:45 < SoWhat> ifconfig-push 10.8.0.10 <what should I write here?>
15:48 < SoWhat> if I write VPN servers IP address there, then it complains about subnet mask mismatch
15:57 -!- fxhound [~fxhound@cpc11-ely05-2-0-cust23.5-1.cable.virginm.net] has quit [Ping timeout: 265 seconds]
15:57 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: be back, router upgrade.]
16:05 < SoWhat> hey! I don´t believe that non of you are using static IP address for vpn clients
16:26 < DArqueBishop> !whining
16:26 <@vpnHelper> "whining" is < MacGyver> If somebody reads your question, and knows the answer, he'll answer it when and how he feels like it. This is IRC, not your company's paid tech support desk. Whining doesn't do any good except annoy the people who could help you.
16:27 < MacGyver> You know, on the one hand I'm flattered that that comment made it to regular use. On the other I sometimes wonder whether people assume that I'm telling them off directly and they hate me for it. :P
16:27  * DArqueBishop laughs.
16:31 < MacGyver> SoWhat: The short answer is "it depends". The long answer is "it depends on your topology choice". See https://community.openvpn.net/openvpn/wiki/Topology. If we assume topology subnet, then the second part of ifconfig-push should contain the subnet mask in dot-decimal notation.
16:32 < MacGyver> SoWhat: But that's just from checking documentation, I don't run this setup myself.
16:34 < SoWhat> thanks
16:34 < SoWhat> I don´t have any topology set
16:36 < SoWhat> I´ll try to set ¨subnet¨ and see what happens
16:39 < SoWhat> looks like it worked! :)
17:05 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
17:12 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 256 seconds]
17:22 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
17:29 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:33 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
17:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:56 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 248 seconds]
17:58 -!- SoWhat [~Karl@dslb-094-217-059-074.094.217.pools.vodafone-ip.de] has quit [Quit: Leaving]
17:58 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
18:13 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
18:17 -!- pehlert [~pascal@aftr-37-201-212-21.unity-media.net] has quit [Ping timeout: 264 seconds]
18:28 -!- SineDeviance [~quassel@2602:306:3908:8eb0:882b:9b42:3ca4:9881] has quit [Ping timeout: 248 seconds]
18:29 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has joined #openvpn
18:31 -!- SineDeviance [~quassel@2602:306:3908:8eb0:4ea:9e6a:2d4e:4352] has joined #openvpn
18:33 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
18:39 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 244 seconds]
18:45 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
18:47 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:53 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
18:55 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
19:00 -!- SineDeviance [~quassel@2602:306:3908:8eb0:4ea:9e6a:2d4e:4352] has quit [Ping timeout: 248 seconds]
19:05 -!- SineDeviance [~quassel@2602:306:3908:8eb0:4ea:9e6a:2d4e:4352] has joined #openvpn
19:11 -!- SineDeviance is now known as CosineDeviance
19:11 -!- CosineDeviance is now known as SineDeviance
19:12 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:21 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
19:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:39 < orion44> WebRTC exploit renders client-side VPNs useless
19:39 < orion44> tell all your friends
19:56 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:16 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 256 seconds]
20:17 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
20:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
20:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:31 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:43 -!- _Timon [~Timon@tt.cloud.tilaa.com] has quit [Ping timeout: 252 seconds]
21:43 -!- orion44 [~orion44@unaffiliated/orion44] has left #openvpn ["Leaving"]
21:44 -!- orion44 [~orion44@unaffiliated/orion44] has joined #openvpn
22:03 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
22:08 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Read error: Connection reset by peer]
22:12 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
22:18 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
22:33 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
22:35 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:40 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
22:58 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
23:00 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:09 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 265 seconds]
23:13 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:35 -!- hyshai [~hyshai@66.45.253.197] has quit [Quit: tata!]
23:35 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:47 -!- ShadniX [dagger@p5481D26D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:47 -!- ShadniX [dagger@p5DDFD637.dip0.t-ipconnect.de] has joined #openvpn
23:55 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
23:59 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
--- Day changed Thu Jul 09 2015
00:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
00:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
00:42 -!- Steven__ [~deepstar@pegasus.singularity.be] has quit [Remote host closed the connection]
00:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:42 -!- mode/#openvpn [+o mattock1] by ChanServ
01:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
01:18 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 248 seconds]
01:20 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:20 -!- mode/#openvpn [+o mattock1] by ChanServ
01:23 -!- yogg [506e998f@gateway/web/freenode/ip.80.110.153.143] has joined #openvpn
01:23 < yogg> Hi
01:26 < yogg> I build up a openvpn tunnel between several vpn devices (net2net with tun interfaces). In my push script I send "iroute 172.16.3.0/24 255.255.255.0" to the client, but in the server logs I see this: "RESOLVE: Cannot parse IP address: 172.16.3.0/24"
01:28 < yogg> Has someone an idea why this happens? In the manpage I find this: "--iroute network [netmask]" so i think my iroute statement is correct.
01:29 -!- pehlert [~pascal@aftr-37-201-212-21.unity-media.net] has joined #openvpn
01:41 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 252 seconds]
01:48 -!- toli [~toli@ip-62-235-222-132.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:49 -!- toli [~toli@ip-62-235-222-25.dsl.scarlet.be] has joined #openvpn
01:55 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:01 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
02:02 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
02:05 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 265 seconds]
02:13 < yogg> found it "iroute 172.16.3.0 255.255.255.0" and not "iroute 172.16.3.0/24 255.255.255.0" (on older openvpn releases the second version also works :/ )
02:14 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 248 seconds]
02:18 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:21 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
02:22 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
02:22 -!- mode/#openvpn [+o krzee] by ChanServ
02:28 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
02:35 -!- pehlert [~pascal@aftr-37-201-212-21.unity-media.net] has quit [Ping timeout: 246 seconds]
02:38 -!- yogg [506e998f@gateway/web/freenode/ip.80.110.153.143] has quit [Quit: Page closed]
02:47 -!- pehlert [~pascal@aftr-37-201-212-21.unity-media.net] has joined #openvpn
02:48 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
02:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:06 -!- pehlert [~pascal@aftr-37-201-212-21.unity-media.net] has quit [Ping timeout: 264 seconds]
03:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
03:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 256 seconds]
03:33 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
03:42 -!- sep [~sep@2a04:2740:1:0:52e5:49ff:feeb:32] has joined #openvpn
03:45 -!- sep [~sep@2a04:2740:1:0:52e5:49ff:feeb:32] has left #openvpn ["Leaving"]
03:45 -!- cydrobolt [~cydrobolt@fedora/cydrobolt] has quit [Ping timeout: 250 seconds]
03:46 -!- pehlert [~pascal@aftr-37-201-214-214.unity-media.net] has joined #openvpn
03:54 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
03:59 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
04:01 -!- pehlert [~pascal@aftr-37-201-214-214.unity-media.net] has quit [Ping timeout: 250 seconds]
04:06 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:14 -!- pehlert [~pascal@eduroamerw-244-138.uni-paderborn.de] has joined #openvpn
04:20 -!- pehlert [~pascal@eduroamerw-244-138.uni-paderborn.de] has quit [Ping timeout: 240 seconds]
04:21 -!- _Timon [~Timon@tt.cloud.tilaa.com] has joined #openvpn
04:42 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 255 seconds]
04:47 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
05:03 -!- dazo_afk is now known as dazo
06:01 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
06:13 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 252 seconds]
06:16 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:25 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:26 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
06:30 -!- sidcode [~sidcode@59.89.17.12] has joined #openvpn
06:31 < sidcode> !welcome
06:31 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
06:31 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:31 < sidcode> !goal
06:31 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
06:31 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has joined #openvpn
06:32 < sidcode> Hi, my public external IP got changed by my ISP in the last few hours. Should I proceed by manually editing the .ovpn files and adding a remote entry to the new public IP?
06:36 < _Timon> if your openvpn server is hosted on the place that the ip was changed then yes
06:58 < sidcode> thanks
06:59 < _Timon> if it happens often you could look into using dns
06:59 <@plai> consider dns
06:59 <@plai> or dynamic dns
06:59 -!- pehlert [~pascal@eduroamerw-244-138.uni-paderborn.de] has joined #openvpn
06:59 <@plai> !dyndns
06:59 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has quit [Ping timeout: 248 seconds]
06:59 <@plai> !dns
06:59 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
06:59 <@plai> errr
07:00 < _Timon> lol
07:03 < sidcode> sure, i'll look into it. I am hosting it from my home PC to connect some people around the world for remote experiments.
07:07 <@plai> sidcode: still
07:07 <@plai> add a hostname at something like http://www.noip.com/
07:07 <@vpnHelper> Title: Free Dynamic DNS - Managed DNS - Managed Email - Domain Registration - No-IP (at www.noip.com)
07:07 <@plai> like sicode.no-ip.org
07:07 <@plai> than then add remote sicode.no-ip.org in the config
07:08 <@plai> and if your ip changes to you change it in the webintf
07:08 <@plai> most home dsl router can also automatically update the dns record
07:08 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
07:11 < sidcode> Thanks, http://noip.com seems to be a good solution for my situation.
07:11 <@vpnHelper> Title: Free Dynamic DNS - Managed DNS - Managed Email - Domain Registration - No-IP (at noip.com)
07:14 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
07:23 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:28 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has joined #openvpn
07:29 -!- pehlert [~pascal@eduroamerw-244-138.uni-paderborn.de] has quit [Read error: Connection reset by peer]
07:30 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
07:37 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:37 -!- pehlert [~pascal@eduroamerw-244-138.uni-paderborn.de] has joined #openvpn
07:42 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
07:45 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:45 -!- AlmogBaku [~AlmogBaku@bzq-79-176-166-157.red.bezeqint.net] has joined #openvpn
07:45 < AlmogBaku> hi
07:45 < AlmogBaku> I have "learn-address" script on "/opt/" with root group and user
07:46 < AlmogBaku> in my server.conf i have `user root` and `group root`
07:47 < AlmogBaku> why doesn't it works? (it worked on other instance)
07:47 < AlmogBaku> (the files have +x chmod)
07:48 < AlmogBaku> ovpn-server[5098]: 2/79.176.166.157:26510 WARNING: Failed running command (--learn-address): could not execute external program
07:49 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:50 -!- _FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 252 seconds]
07:51 < Thermi> AlmogBaku: Is /opt mounted noexec? Can the user you use for openvpn traverse the path to the executable?
07:52 < AlmogBaku> As far as I know ubuntu use to run openvpn as root by default
07:52 < Thermi> Check it.
07:52 < Thermi> Also, apparmor.
07:52 < AlmogBaku> oh, i remember something about it
07:53 < AlmogBaku> can you give me a hint what should i look in the apparmor?
07:53 < Thermi> Find out the cause first.
07:54 < Thermi> Find out what exactly is the problem.
07:54 < AlmogBaku> thank you
07:55 -!- pehlert [~pascal@eduroamerw-244-138.uni-paderborn.de] has quit [Read error: Connection reset by peer]
07:56 -!- rich0_ is now known as rich0
08:01 -!- pehlert [~pascal@eduroamerw-244-138.uni-paderborn.de] has joined #openvpn
08:05 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
08:09 < AlmogBaku> oh
08:09 < AlmogBaku> when I run the server directly from the cli using `openvpn --config /etc/openvpn/server.conf`
08:09 < AlmogBaku> it works..
08:09 < AlmogBaku> so I guess the service is not runniong by root?
08:09 -!- sidcode [~sidcode@59.89.17.12] has quit [Read error: Connection reset by peer]
08:10 -!- bakhtiya [~me@office.addictivemobility.com] has quit []
08:11 < AlmogBaku> by bad, I connected to another server
08:12 < AlmogBaku> lol! I found it:
08:12 < AlmogBaku> MULTI_sva: pool returned IPv4=10.50.0.6, IPv6=(Not enabled) /usr/bin/env: node: No such file or directory
08:12 -!- pehlert [~pascal@eduroamerw-244-138.uni-paderborn.de] has quit [Read error: Connection reset by peer]
08:12 < AlmogBaku> I skiped some step on my doc, lol! I just removed the step to create the symlink cause it looks reduant
08:14 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:21 -!- AlmogBaku [~AlmogBaku@bzq-79-176-166-157.red.bezeqint.net] has quit [Ping timeout: 248 seconds]
08:31 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
08:32 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:36 -!- __john_doe__ [~john@213.42.105.250] has joined #openvpn
08:37 < __john_doe__> hey guys, Im getting this error with openvpn from time to time
08:37 < __john_doe__> OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
08:37 < __john_doe__> what can be the cause?
08:42 <+esde> read the topic
08:47 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
08:47 -!- mensvaga [~mensvaga@192.16.204.65] has left #openvpn []
09:03 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
09:13 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
09:13 -!- pehlert [~pascal@aftr-37-201-213-129.unity-media.net] has joined #openvpn
09:14 < rrr_> there are tcp443.conf and service.conf under /etc/openvpn. which is used upon service openvpn restart?
09:15 < rrr_> *service.conf*server.conf*
09:32 <@plai> alle of them
09:40 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
09:48 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
09:49 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
09:53 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
09:54 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
10:03 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
10:04 -!- orion4444 [~orion44@unaffiliated/orion44] has joined #openvpn
10:04 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
10:08 -!- orion44 [~orion44@unaffiliated/orion44] has quit [Ping timeout: 264 seconds]
10:19 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:20 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
10:20 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
10:21 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
10:30 -!- Tachikomas [~tachikoma@AMontsouris-654-1-128-229.w90-2.abo.wanadoo.fr] has joined #openvpn
10:32 < rrr_> how do i identify the openvpn process id?
10:33 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
10:34 -!- stack [~urb@unaffiliated/stack] has quit [Ping timeout: 252 seconds]
10:35 < supergauntlet> if only he waited another 5 minutes
10:35 -!- stack [~urb@unaffiliated/stack] has joined #openvpn
10:39 -!- Tachikomas [~tachikoma@AMontsouris-654-1-128-229.w90-2.abo.wanadoo.fr] has quit [Remote host closed the connection]
10:39 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
10:41 < rrr_> why openvpn keep looking for tcp443.conf, even I removed tcp443.conf?
10:43 < rrr_> where to modify the default config file?
10:43 < rrr_> *modify*change*
10:44 < DArqueBishop> It depends on what platform you're running OpenVPN on.
10:44 < rrr_> ubuntu
10:44 < DArqueBishop> It's probably in /etc/openvpn.
10:44 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
10:44 < rrr_> yes but i removed tcp443.conf
10:45 < rrr_> from /etc/openvpn
10:45 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
10:46  * DArqueBishop shrugs.
10:46 < rrr_> DArqueBishop: there must be somewhere setting the default config file name
10:46 < DArqueBishop> Maybe the systemd launcher for OpenVPN references it.
10:47 < rrr_> how to reset that?
10:47 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
10:47  * DArqueBishop shrugs.
10:48 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
10:48 < rrr_> systemd sucks
10:49 < DArqueBishop> Maybe someone here more familiar with Ubuntu would know. I've never used that distribution.
10:50 -!- __john_doe__ [~john@213.42.105.250] has quit [Quit: leaving]
11:04 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
11:05 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
11:05 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
11:06 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
11:07 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
11:08 -!- pehlert [~pascal@aftr-37-201-213-129.unity-media.net] has quit [Ping timeout: 240 seconds]
11:08 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
11:09 -!- pehlert [~pascal@aftr-37-201-213-129.unity-media.net] has joined #openvpn
11:18 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:57 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
12:10 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
12:10 -!- rrr_ [~chatzilla@183.131.105.175] has joined #openvpn
12:12 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
12:14 -!- rrr__ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
12:15 -!- rrr_ [~chatzilla@183.131.105.175] has quit [Ping timeout: 250 seconds]
12:15 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
12:16 -!- rrr__ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
12:17 -!- rrr_ [~chatzilla@118.187.21.36] has joined #openvpn
12:19 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
12:22 -!- rrr_ [~chatzilla@118.187.21.36] has quit [Ping timeout: 252 seconds]
12:22 -!- rrr__ is now known as rrr_
12:27 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:32 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
12:35 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
12:38 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
12:39 -!- rrr_ [~chatzilla@183.131.105.175] has joined #openvpn
12:43 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 264 seconds]
12:45 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:57 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
12:58 -!- rrr_ [~chatzilla@183.131.105.175] has quit [Ping timeout: 250 seconds]
12:58 < moviuro> hi all! I have a very weird issue: I have a layer 2 VPN (tap) between a FreeBSD server and clients are OpenBSD and archlinux. Both clients connect OK but the openbsd host can't ping the server
12:58 -!- rrr__ is now known as rrr_
13:00 < moviuro> oooooh, what's that? : Jul  9 19:59:41 popho openvpn[85938]: deadman-wonderland/156.18.26.78:9550 IP packet with unknown IP version=0 seen
13:05 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
13:07 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
13:22 -!- JoeMerit [joe@unaffiliated/joemerit] has joined #openvpn
13:30 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
13:30 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
13:32 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
13:33 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
13:35 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
13:38 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
13:39 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
13:42 -!- pehlert [~pascal@aftr-37-201-213-129.unity-media.net] has quit [Quit: leaving]
13:42 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
13:42 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
13:43 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
13:45 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
13:51 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
14:07 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
14:09 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
14:10 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
14:12 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
14:13 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
14:25 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
14:31 -!- prometheanfire [~promethea@gentoo/developer/prometheanfire] has joined #openvpn
14:31 < prometheanfire> so... newest vuln?
14:32 < prometheanfire> haven't found anything stating ovpn is not vuln to the newest openssl vuln
14:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
14:40 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
14:41 -!- SoWhat [~Karl@87.110.167.15] has joined #openvpn
14:43 < SoWhat> do you know what could be the reason that VPN client disconnects after few minutes and cannot reconnect back only when I set a static IP address? With dinamic IP everything is fine?
14:44 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 240 seconds]
14:49 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
14:50 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
14:51 < prometheanfire> ah, looks like it (depending on ovpn version installed
14:55 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:56 -!- SoWhat [~Karl@87.110.167.15] has quit [Ping timeout: 256 seconds]
14:56 -!- piroko [~jeremy@191.237.75.246] has joined #openvpn
14:57 < piroko> Hi! I have an openvpn tunnel running on tun0 (through eth1), and a client has a route to send traffic destined to the eth1 network through the openvpn tunnel
14:58 < piroko> eth1 sees the traffic destined for a host on the network, but it isn't getting forwarded at all (with ip_forward enabled)
14:58 -!- SoWhat [~Karl@87.110.167.15] has joined #openvpn
14:58 < piroko> So basically, this is a case of trying to send traffic to eth1 through the tunnel, and then it should go back out eth1 to the client
14:59 < SoWhat> did I miss something? I was disconnected
14:59 < piroko> The openvpn machine itself can ping the intended target on the eth1 network, and tcpdump shows the decrypted packet on tun0 destined for the target's IP
14:59 < piroko> but it never hits the forward chain
15:01 < piroko> I should rephrase my 2nd statement. tun0 sees the traffic destined for a host on eth1. eth1 never sees the decrypted packet. It goes encrypted tunnel packet->eth1->decrypted tunnel packet to tun0->dopped
15:07 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
15:07 < piroko> hmm I should add the the source IP is being snat'd before it hits the openvpn interface. ugh this is really hard to explain
15:08 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
15:08 < moviuro> no SoWhat , didn't miss anything
15:08 < SoWhat> goos :)
15:08 < SoWhat> good
15:11 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 250 seconds]
15:18 -!- SoWhat [~Karl@87.110.167.15] has quit [Ping timeout: 246 seconds]
15:19 <@dazo> piroko: is eth1 an internal LAN, or does it have your public IP address?
15:26 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has joined #openvpn
15:26 < troulouliou_dev> hi when using openvpn with pkcs11 and a smartcard; is it the smartcard that is in charge of signing and encrypting ?
15:28 < prometheanfire> privkey doesn't leave the smartcard
15:29 < piroko> eth1 is internal. The whole communication is a->b->openvpnA, which SNAT's the packet and sends it across the tunnel to openvpnB, which then drops it instead of passing it to a client on openvpnB's network. Figured out if we don't SNAT it before sending it though, everything works fine
15:30 < troulouliou_dev> prometheanfire, ok then why is smart card generated data copatible with an openvpn server using openssl or software rsa implementation
15:31 < troulouliou_dev> prometheanfire, it can be several rsa implementatio no ?
15:31 < prometheanfire> copatible?
15:32 < prometheanfire> using a card, you send data to the card to be munged with the privatekey, you then get that munged data back
15:33 < troulouliou_dev> prometheanfire, yes but on the other side ; the data will always be correctly decrypted by openssl software implementation ?
15:35 < prometheanfire> it should be,
15:35 < prometheanfire> if you are asking if using a card protects you against the CVE
15:35 < prometheanfire> it does not
15:37 < troulouliou_dev> prometheanfire, ha got it :) it is the key generation implementation that differ between libs; but the crypt / decrypt part is totally easy and alxways the same
15:37 < piroko> nvm we got it working. we're doing some wonky crap. there is no god for us
15:38 < troulouliou_dev> prometheanfire, thanks
15:39 < prometheanfire> :D
15:39 < piroko> part
15:39 < piroko> awkward
15:39 -!- piroko [~jeremy@191.237.75.246] has left #openvpn []
15:39 -!- prometheanfire [~promethea@gentoo/developer/prometheanfire] has left #openvpn []
15:42 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:49 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
16:03 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
16:11 <@dazo> troulouliou_dev: with pkcs#11, it is openssl + the pkcs11-helper libraries which does the hard core crypto stuff ... but prometheanfire is right, the private keys never leave the card
16:12 <@dazo> openvpn, when using the pkcs11 features, will just pass on the RSA work to pkcs11-helper/openssl, which takes it further on behalf of openvpn
16:23 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
16:27 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
16:30 -!- orion4444 is now known as orion44
16:30 -!- ade_b [~Ade@redhat/adeb] has quit [Client Quit]
16:36 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
16:50 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
16:53 < shio> new builds for 2.3.7 that fix the last openssl vulnerability
16:57 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
17:01 -!- orion44 is now known as orion4444
17:02 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:02 -!- orion4444 is now known as orion44
17:07 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:14 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
17:18 < JoeMerit> awesome
17:19 < JoeMerit> i need to grab some sort of update for jessie
17:21 < JoeMerit> no repo for jessie ?
17:22 < JoeMerit> what am I gonna do
17:22 < JoeMerit> this is a disaster
17:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
17:33 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:35 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
17:36 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:59 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has quit [Read error: Connection reset by peer]
18:00 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has joined #openvpn
18:03 -!- kenyon_ is now known as kenyon
18:08 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
18:10 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
18:10 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
18:12 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
18:13 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
18:38 <@dazo> shio: that's only the windows package, which includes openssl ... openvpn itself shouldn't be vulnerable, but it depends on openssl to do its job
18:38 <@dazo> JoeMerit: ^^^
18:39 < JoeMerit> i was having a fake meltdown there
18:39 < JoeMerit> i installed the latest client today with the updated ssl
18:39 <@dazo> JoeMerit: The openvpn package maintainer is pretty good at keep debian openvpn builds safe, despite not being the same bleeding version number
18:39 <@dazo> but he does backport security fixes to debian packages
18:39 < JoeMerit> i found i had some ancient version of openssl in my windows system folder
18:40 <@dazo> that's a far more serious concern
18:40 < JoeMerit> gotta shutdown mirc which I believe is the only piece of software using it
18:40 < JoeMerit> and update
18:40 < JoeMerit> brb
18:41 -!- dazo is now known as dazo_afk
18:48 < JoeMerit> its all good now
18:49 -!- JoeMerit [joe@unaffiliated/joemerit] has left #openvpn []
18:49 -!- JoeMerit [joe@unaffiliated/joemerit] has joined #openvpn
18:49 < JoeMerit> oops
18:49 < JoeMerit> https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos I was pretending to panic about following these directions for adding a repo
18:49 <@vpnHelper> Title: OpenvpnSoftwareRepos – OpenVPN Community (at community.openvpn.net)
18:49 < JoeMerit> and finding out there isnt a jessie one
18:50 -!- Seven_Six_Two [~AndChat17@unaffiliated/seven-six-two/x-9832417] has joined #openvpn
18:51 < Seven_Six_Two> I was helped a few days ago with my tunnel. I can still connect to VPN, ssh in to server, ping from server to google. I can't pull up a Web page on client. Both are linux. Ubuntu for server,  mint for client.
18:52 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:1426:fba2:bc14:3661] has joined #openvpn
18:53 < Seven_Six_Two> It looks like iptables-save didn't work.
18:54 < Seven_Six_Two> I still have the file, but it isn't being loaded upon reboot.
19:02 < JoeMerit> did you tell it to be loaded somewhere
19:03 < JoeMerit> like in /etc/network/interfaces
19:03 < JoeMerit> or something
19:04 < JoeMerit> maybe a file in /etc/network/if-pre-up.d
19:05 -!- Seven_Six_Two [~AndChat17@unaffiliated/seven-six-two/x-9832417] has quit [Read error: Connection reset by peer]
19:18 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:20 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
19:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:26 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
19:46 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
19:48 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
20:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
20:09 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
20:12 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
21:06 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
21:09 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:48 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
21:50 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
21:54 -!- Grobo [~grobbs@c-73-53-36-84.hsd1.wa.comcast.net] has joined #openvpn
21:55 < Grobo> Hi. How can I change the speed of the Tap adapter under FreeBSD?
21:55 < Eugene> You don't need to. The 10mbps that it reports is lying.
21:55 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:55 < Grobo> Hmm... It seems to be limited to exactly 10Mbps, though.
21:56 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
21:56 < Grobo> at least, the clients all seem to max at ~1MB/s
21:56 < Grobo> I'd better test the connection here
21:56 < Grobo> I read that in Linux it was actually limited to 10
21:56 < Grobo> but not in Win32. Is that inaccurate?
21:56 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
22:24 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
22:24 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
22:24 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
22:26 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
22:29 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
22:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:37 -!- Grobo [~grobbs@c-73-53-36-84.hsd1.wa.comcast.net] has quit []
22:39 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
22:42 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
22:44 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 252 seconds]
22:55 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
22:57 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:06 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
23:07 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
23:12 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has quit [Quit: Leaving]
23:13 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has joined #openvpn
23:21 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
23:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:34 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
23:35 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
23:38 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
23:39 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
23:41 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
23:44 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:45 -!- ShadniX [dagger@p5DDFD637.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:46 -!- ShadniX [dagger@p5DDFEAF6.dip0.t-ipconnect.de] has joined #openvpn
23:50 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
23:51 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
23:54 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
23:56 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
23:59 -!- jgeboski [~jgeboski@unaffiliated/jgeboski] has left #openvpn ["Leaving"]
--- Day changed Fri Jul 10 2015
00:02 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
00:19 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
00:21 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
00:22 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
00:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:24 -!- mode/#openvpn [+o mattock1] by ChanServ
00:45 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
00:46 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
00:47 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
00:50 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
01:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
01:13 -!- samopotamus [~seeder@ks4002259.ip-198-100-147.net] has joined #openvpn
01:14 -!- troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] has quit [Quit: Leaving]
01:29 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
01:31 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
01:35 -!- dazo_afk is now known as dazo
01:37 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
01:38 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
01:45 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
01:46 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
01:47 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
01:53 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
01:55 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
01:57 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
02:00 -!- rrr__ is now known as rrr_
02:35 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 246 seconds]
02:39 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
02:40 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
02:56 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
02:57 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
03:13 -!- swebb [~swebb@8.36.226.83] has quit [Ping timeout: 248 seconds]
03:16 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:23 -!- swebb [~swebb@8.36.226.83] has joined #openvpn
03:29 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
03:30 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
03:36 -!- Gisleh [~Gisle@80.203.117.205] has joined #openvpn
03:39 < Gisleh> Hey. Is it possible for openvpn to allocate a /30 subnet per client? I feel that would simplify routing instead of having the underlying routing throw a "ICMP new next hop" message.
03:42 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:49 < BtbN> That's the default behaviour, but basicaly deprecated.
03:49 < BtbN> And it makes routing way more complicated
03:49 < BtbN> as you have tons of networks
03:50 < Raku_> I'm having issues getting my setup working, it all was working, then i switched wireless adapters and the active interface changed from wlan0 to wlan1, thats where I've narrowed it down. The iptables rule is already set to masquerade, and its set to the proper interface(wlan1), i can connect and the log shows no errors, but i cant ping the box's local ip(192.168.1.10), the router ip(192.168.1.50),  or
03:50 < Raku_> anything else.
03:52 < Gisleh> But right now, the underlying routing thinks two clients can reach each other faster and throws an ICMP redirect | new next-hop.
03:53 < Raku_> Just tested, i can ping other addresses on the subnet(10.9.8.2,.3,.4 ETC), i cant ping my own(10.9.8.1) or the broadcast address(10.9.8.0)
03:58 < Raku_> http://paste.debian.net/280990/
03:58 < Raku_> Server conf
03:59 < Raku_> http://paste.debian.net/280991/
03:59 < Raku_> Client conf
04:01 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
04:02 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
04:04 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 248 seconds]
04:16 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
04:17 -!- rrr_ [~chatzilla@183.131.105.173] has joined #openvpn
04:19 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
04:21 -!- dazo is now known as dazo_afk
04:22 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
04:23 -!- rrr_ [~chatzilla@183.131.105.173] has quit [Ping timeout: 264 seconds]
04:23 -!- rrr__ is now known as rrr_
04:24 -!- dazo_afk is now known as dazo
04:28 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:34 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:34 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
04:37 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
05:10 -!- orion4444 [~orion44@unaffiliated/orion44] has joined #openvpn
05:12 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 244 seconds]
05:13 -!- orion44 [~orion44@unaffiliated/orion44] has quit [Ping timeout: 240 seconds]
05:14 -!- mete [~mete@91.247.253.160] has joined #openvpn
05:17 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
05:19 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
05:23 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
05:24 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
05:26 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
05:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
05:29 -!- rrr__ is now known as rrr_
05:31 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
05:32 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
05:32 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
05:34 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
05:38 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
05:39 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
05:52 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
05:52 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
05:53 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
05:54 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
06:01 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
06:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:11 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
06:26 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
06:50 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
06:51 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
07:14 < rrr_> how does openvpn server verify the signed client certificate without knowing ca-key?
07:17 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Quit: ZNC - http://znc.in]
07:18 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
07:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
07:30 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:41 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
07:48 <@plai> rrr_: basic rsa cryptography
07:48 <@plai> read wikipedia or other docu
07:49 <@plai> but tl;dr is using the public key of the ca cert to decrypt to signing info of the client cert and see if the result matches the fingerprint of the cert
07:53 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Quit: ZNC - http://znc.in]
07:55 < rrr_> plai: so basically the client cert is signed with ca private key and sent to the server which uses ca public key to decrypt and see if the result matches the client cert?
07:57 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
08:15 -!- orion4444 is now known as orion44
08:24 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has joined #openvpn
08:24 < v0lZy> hi everyone
08:24 < v0lZy> i have strange issue i somehow encounter at our client
08:24 < v0lZy> VPN tunnel is established, but for some reason, routes are added to the physical interface rather than the tap adapter
08:25 < v0lZy> client side is using windows 8
08:25 < v0lZy> (they road-warrior to us)
08:25 < v0lZy> anyone ever encountered anything similar or has any idea why this happens?
08:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
08:29 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:42 -!- dazo is now known as dazo_afk
08:48 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
08:51 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
09:00 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
09:04 -!- AWeSomeAo [~bock@p4FFB1C67.dip0.t-ipconnect.de] has joined #openvpn
09:05 -!- rrr_ [~chatzilla@61.164.211.212] has joined #openvpn
09:05 < AWeSomeAo> is there a way to tell openvpn via the config file not to connect to a vpn if you are already in a certain network?
09:05 < AWeSomeAo> Background: I have a router that does opnvpn. I want to be connected to that network automatically wherever I am, but when I am at home, it is causing issues and has to be disabled
09:05 < AWeSomeAo> I looked at the manpages and googled a little but didn't find any poitners
09:06 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 250 seconds]
09:13 < v0lZy> AweSomeAo: maybe approach the problem differently
09:13 < v0lZy> AweSomeAo: what issues is it causing exactly?
09:14 -!- sheepman [~sheepman@unaffiliated/sheepman] has joined #openvpn
09:14 < AWeSomeAo> well, I am in the network I am connecting to via openvpn. the route to that network is pushed
09:14 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
09:14 < AWeSomeAo> so basically I lose access to devices in that network
09:14 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
09:15 < AWeSomeAo> I guess I should just create a cronjob that enables/disables this connection according to whether my ip is the local one or not
09:15 < v0lZy> you could also just kick out those routes
09:16 < v0lZy> or
09:16 < v0lZy> better yet
09:16 < v0lZy> whatever you use for starting the VPN, wrap it in a shell script
09:16 < v0lZy> prevent vpn config file form pulling routes
09:17 < v0lZy> then add those routes after the vpn is established within the wrapping shell script
09:17 < sheepman> On Debian 7 I'm struggling to get multiple servers running on different ports, I've seen guides that suggest i should use server01.conf, server02.conf but if i rename the server.conf to anything else openvpn fails to start... any pointers anyone?
09:17 < AWeSomeAo> I think debian is using systemd
09:17 < sheepman> not 7
09:17 < sheepman> 8 is
09:17 < v0lZy> AWeSomeAo: well, u probably have a service file then that runs the client vpn
09:18 < v0lZy> AWeSomeAo: modify the service client to run a script, then with that script launch the vpn client
09:18 < AWeSomeAo> v0lZy: can I add "execute after establish"?
09:18 < v0lZy> then handle the logic in the bsh script
09:18 < v0lZy> sorry, I have to run now
09:18 < v0lZy> lunch waiting
09:18 < AWeSomeAo> okay, but thanks a lot for your pointers
09:18 < v0lZy> but maybe we catch up on it some other time
09:18 < v0lZy> byes
09:18 < AWeSomeAo> it will help me for sure
09:19 < AWeSomeAo> I will use script-security and up in config file to modify routing after establishing connection
09:22 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has quit [Ping timeout: 246 seconds]
09:30 -!- rrr__ [~chatzilla@114.111.166.46] has joined #openvpn
09:31 -!- rrr_ [~chatzilla@61.164.211.212] has quit [Ping timeout: 240 seconds]
09:31 -!- rrr__ is now known as rrr_
09:40 -!- rrr_ [~chatzilla@114.111.166.46] has quit [Ping timeout: 256 seconds]
09:41 < JoeMerit> guys
09:41 < JoeMerit> can the NSA decrypt BF-CBC in real time ?
09:42 < sheepman> really? surely you need people inside the NSA to confirm that
09:46 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
09:51 < Thermi> If they have the key, surely...
09:51 -!- rrr_ [~chatzilla@118.187.21.39] has joined #openvpn
09:54 -!- diwowo [~diwowo@gamers-pub.de] has joined #openvpn
09:55 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
09:56 -!- rrr_ [~chatzilla@118.187.21.39] has quit [Ping timeout: 250 seconds]
09:57 -!- rrr__ is now known as rrr_
09:59 < samopotamus> The NSA doesn't care about you JoeMerit
10:02 < orion44> Joe, yes we can
10:03 < orion44> Also be aware that VPNs are obselete now with WebRTC enabled.  We can see your real IP address.
10:05 -!- halothe23 [~halothe23@freenode/sponsor/halothe23] has quit [Quit: Quit]
10:06 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
10:09 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 248 seconds]
10:10 -!- samopotamus [~seeder@ks4002259.ip-198-100-147.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
10:11 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has joined #openvpn
10:12 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
10:13 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
10:13 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
10:14 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
10:23 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
10:23 -!- mode/#openvpn [+v s7r] by ChanServ
10:23 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
10:23 -!- mode/#openvpn [+o krzee] by ChanServ
10:23 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Ping timeout: 256 seconds]
10:27 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.41.37] has joined #openvpn
10:31 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
10:33 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
10:35 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
10:36 -!- rrr_ [~chatzilla@114.111.166.46] has joined #openvpn
10:37 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
10:38 < Gisleh> orion44: Not obsolete. They could still be used to make a virtual star-network to breach NAT/similarly-functioning firewalls (although cjdns can do that just as well for ipv6 enabled applications), or do site-to-site tunneling. Besides, giving WebRTC the finger was easy enough until they fix it.
10:39 < orion44> Yeah or just setup the VPN at the router level and not the client
10:40 -!- rrr_ [~chatzilla@114.111.166.46] has quit [Ping timeout: 256 seconds]
10:40 -!- rrr__ is now known as rrr_
10:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
10:45 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
10:46 -!- rrr_ [~chatzilla@114.111.166.46] has joined #openvpn
10:49 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 256 seconds]
10:52 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
10:52 -!- mode/#openvpn [+o dazo_afk] by ChanServ
10:53 -!- dazo_afk is now known as dazo
10:54 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:54 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
10:55 -!- rrr_ [~chatzilla@114.111.166.46] has quit [Ping timeout: 244 seconds]
10:55 -!- rrr__ is now known as rrr_
11:01 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
11:03 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:03 < rrr_> can openvpn be both server and client?
11:08 <+esde> Is that a serious question or a weak attempt at trolling?
11:10 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:10 < Gisleh> You can start two separate openvpn instances, yes, one server and one client.
11:16 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
11:17 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
11:19 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
11:22 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
11:25 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
11:26 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.41.37] has quit [Ping timeout: 255 seconds]
11:28 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
11:34 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.41.37] has joined #openvpn
11:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:42 -!- mode/#openvpn [+o mattock1] by ChanServ
11:45 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
11:46 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
11:49 -!- orion44 [~orion44@unaffiliated/orion44] has quit [Quit: Leaving]
11:50 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
11:51 -!- rrr_ [~chatzilla@61.164.211.212] has joined #openvpn
11:53 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:58 < JoeMerit> im using AES-2048-CBC now
12:03 -!- AMERICAN_PSYCHO [~AMERICAN_@173.219.41.37] has quit [Quit: Goodbye!]
12:06 < BtbN> Uhm, no, you don't oO
12:16 < Thermi> I'm using AES-RSA-4096
12:17 < Thermi> I'm doing a seperate RSA key exchange for every packet over the control channel. works fine.
12:36 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
12:37 -!- rrr_ [~chatzilla@61.164.211.212] has quit [Ping timeout: 264 seconds]
12:37 -!- rrr__ is now known as rrr_
12:42 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
12:44 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
12:44 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
12:46 -!- rrr_ [~chatzilla@183.131.105.173] has joined #openvpn
12:54 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
12:59 -!- rrr_ [~chatzilla@183.131.105.173] has quit [Ping timeout: 248 seconds]
13:03 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 248 seconds]
13:06 -!- rrr_ [~chatzilla@114.111.166.46] has joined #openvpn
13:15 -!- rrr_ [~chatzilla@114.111.166.46] has quit [Ping timeout: 256 seconds]
13:21 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:24 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
13:26 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
13:35 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
13:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
13:41 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
13:41 -!- samopotamus [~seeder@2607:5300:60:a0d::1] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
13:45 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
13:46 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
13:47 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
13:48 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Read error: Connection reset by peer]
13:48 -!- toli [~toli@ip-62-235-222-25.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:50 -!- toli [~toli@ip-62-235-222-21.dsl.scarlet.be] has joined #openvpn
14:01 -!- deny[all] [~pdiablo@unaffiliated/denyall/x-000001] has joined #openvpn
14:02 < deny[all]> hi all!, it is possible to use google OAuth 2.0 with OpenVPN?
14:28 < DArqueBishop> Not sure if this is what you mean, but...
14:28 < DArqueBishop> !googleauth
14:28 <@vpnHelper> "googleauth" is http://securityskittles.wordpress.com/2012/03/14/two-factor-authentication-for-openvpn-on-centos-using-google-authenticator/
14:36 < mystica555> SLASH PART .
14:36 -!- deny[all] [~pdiablo@unaffiliated/denyall/x-000001] has quit [Ping timeout: 252 seconds]
14:36 < mystica555> oh wait im not that dude from last night
15:06 < Raku_> Hmmm, seems the client is having trouble with dns as well, ive gotten things to ping but i found those were just leaked connections
15:14 -!- samopotamus [~samopotam@2607:5300:60:a0d::1] has joined #openvpn
15:34 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
15:43 -!- crised [~crised@186.67.181.203] has joined #openvpn
15:43 < crised> Hi, Can you suggest OpenVPN providers?
15:44 <+esde> no
15:45 < crised> esde: why not?
15:45 < mystica555> we have likely no experience
15:45 < crised> Is PureVPN a good service for OpenVPN?
15:45 < mystica555> the fact we are here is very likely indication we run our own openvpn networks privately
15:45 < crised> mystica555: probably more than I
15:45 <+esde> it would be poor form for the community to suggest a commercial vpn provider of a community product
15:45 <+esde> dont you agree?
15:45 < mystica555> that as well
15:45 < mystica555> :)
15:45 < mystica555> i simply have no experience
15:45 < crised> esde: I would run my own openvpn server, but it's more expensive
15:46 < mystica555> but have run openvpn between friends, and am doing a network now for work
15:46 < crised> because I need many locations
15:46 <+esde> !provider
15:46 <@vpnHelper> "provider" is (#1) We are not your provider's free tech support. We support the free open source app OpenVPN, not your provider. Just because they run openvpn does not mean we are their support team. or (#2) Please contact their support team.
15:46 <+esde> wrong one
15:46 <+esde> !providers
15:46 < mystica555> crised: look for vps providers that let you spin up cheap nodes
15:46 <+esde> Digital Ocean is $5 and has datacenters all over
15:46 <+esde> im not endorsing them, just using them as an example
15:47 < crised> mystica555: yes, I know some of them, but the price is $5/mo at least
15:47 < crised> if I need 3 countries, then I would pay $15/mo, instead of purevpn that's less than $4 per mo.
15:47 <+esde> we wouldnt recommend a provider cheaper than that, even if we did have providers to recommend
15:47 < crised> esde: so yyou advice against purevpn?
15:47 <+esde> $5 is for the month, for one vps, you can have it wherever you want.
15:48 <+esde> I'm must be missing something
15:48 < crised> esde: I know...
15:48 <+esde> !wisdom
15:48 < mystica555> he wants über cheap
15:48 <@vpnHelper> "wisdom" is We can only provide you with the information. We are not, unfortunately, able to make you understand it.
15:48 < mystica555> and that's likely not quite so useful for many thigns
15:48 < mystica555> wisdom is always useful however :)
15:49 < crised> mystica555: I like to DIY, but in this case it wouldn't be economical
15:49 <+esde> you keep saying that like it's true
15:49 < mystica555> then i suggest looking in forums for such online; im sure theres treasure troves of data about them
15:49  * mystica555 gets back to modifying openwrt vms
15:50 < crised> esde: purevpn is $50 / year, that's $4 per mo.
15:50 <+esde> !will
15:50 <@vpnHelper> "will" is Where there's a will, there's /away
15:50 < crised> esde: a VPS is $5 / mo only allows one country
15:50 < crised> tunneling
15:50 <+esde> no no it does not
15:50 < crised> esde: are you suggesting me to change the vps location?
15:51 <+esde> indeed.
15:51 <+esde> you can even move the vps with some providers
15:51 < crised> esde: so in amazon I could stop the vps when I'm not using it
15:51 < crised> esde: it's doable, but not very practical
15:51 <+esde> im not familiar with amazon and that wasnt the example i used
15:52 <+esde> but, sure, if you wanted
15:53 < crised> esde: ok
15:53 <+esde> tl;dr - we will not endorse a commercial provider in here
15:54 < crised> esde: ok
15:54 < mystica555> we will help you setup your own stuff :)
15:54 < crised> mystica555: it's not that easy
15:55 < crised> I was kick off by dazo
15:55 < crised> when I tried
15:55 < DArqueBishop> Like mystica555 said, this is more a channel for OpenVPN admins, not users. After all, you can't troubleshoot the problems with the service without having admin access to the server.
15:55 <+esde> !read
15:55 <@vpnHelper> "read" is <krzee> ive been known to overreact when people look for 2 minutes and ask me to explain it to them
15:55 <+esde> could have had something to do with it
15:55 < crised> esde: indeed
15:56 < DArqueBishop> !spoonfeeding
15:56 <@vpnHelper> "spoonfeeding" is http://www.mp3car.com/the-faq-emporium/53368-faq-what-is-spoon-feeding.html
15:56 < DArqueBishop> That might have something to do with it too.
15:56 < mystica555> mp3car; i loved that thing; i wanted one so bad...but no car to put it in, so it went the way of the dodo in my dreams.
15:56 < crised> Here is the situation, I have Kodi on one side and I want openvpn to bypass country restriction
15:57 < crised> Which Linux Distro would you advice to achieve this easily?
15:57 < mystica555> find friends to setup a network with in said countries
15:57 < mystica555> any of them that you can configure routing in with reasonable ease
15:57 < mystica555> i tend to like bird4 and bgp for my networks
15:57 <+esde> !bestos
15:57 < crised> mystica555: I don't have friends
15:57 <@vpnHelper> "bestos" is the best os for openvpn is the one you are most comfortable with
15:57 < crised> esde: is that available on aws?
15:58 <+esde> fuck if i know
15:58 < crised> esde: lol
15:58  * mystica555 is facepalming now :) 
15:58 < crised> ;-)
15:59 < mystica555> pick one:  http://futurist.se/gldt/wp-content/uploads/12.10/gldt1210.png
15:59 < mystica555> the one i like is a bit above the middle on the right
16:00 < crised> mystica555: cool pic
16:00 < mystica555> svg http://futurist.se/gldt/wp-content/uploads/12.10/gldt1210.svg  ; linked, clickable, searchable
16:00 <@vpnHelper> Title: GNU/Linux Distribution Timeline (at futurist.se)
16:01  * mystica555 likes svg
16:03 < crised> is there a printable version of openvpn manpage?
16:13 < mystica555> man openvpn | lpr ?
16:18 < Tuju> i started with SLS.
16:21 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
16:21 < DArqueBishop> I run my OpenVPN server off a Slackware box.
16:22 < crised> ok, my server is up and running with fixed IP and it's a debian OS
16:22 < crised> my client has dynamic ip
16:22 < crised> I want that my client uses server public ip to surf the web
16:22 < crised> how do I achieve this?
16:24 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:25 < DArqueBishop> !howto
16:25 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
16:25 < crised>      Fri Jul 10 18:25:44 2015 Initialization Sequence Completed
16:25 < crised>    
16:26 < crised> ok, both server & clients are connected
16:26 < crised> Folllowing this: https://wiki.debian.org/OpenVPN
16:26 <@vpnHelper> Title: OpenVPN - Debian Wiki (at wiki.debian.org)
16:27 < crised> Can I use a static key instead of TLS-enabled VPN?
16:30 < crised> It seems that I need to do a redirect gateway?
16:30 < crised> !redirect
16:30 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
16:30 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
16:30 < crised> !def1
16:30 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
16:31 < crised> !ipforward
16:31 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
16:31 < crised> !linipforward
16:31 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
16:33 < stack> can the server execute script on client connection?
16:36 < crised> !nat
16:36 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
16:36 < crised> !linnat
16:36 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
16:36 < crised> mystica555: hello??
16:36 < crised> mystica555: this is very difficult
16:38 < mystica555> there are simple ways to do this; i use openwrt to manage different vpn zones vs the wan and lan zones
16:39 < mystica555> you enable masquerading, and forwarding between the tunnel interface and the wan interface in very simple steps
16:40 < mystica555> http://www.tldp.org/HOWTO/archived/BTI-PPP/x374.html
16:40 <@vpnHelper> Title: Simple IP Masquerading (at www.tldp.org)
16:41 < mystica555> iptables -t nat -A POSTROUTING -o ppp0 -s 10.0.0.0/16 -j MASQUERADE
16:41 < mystica555> you set the -s to whatever subnet your vpn will use
16:41 < mystica555> -o ppp0 will likely be -o eth0 for your server
16:41 < mystica555> or -o (your servers main interface)
16:42 < mystica555> everything in the world linux-based, starts with that at a simple level
16:42 < mystica555> every linux based router in your home, or office, or ..
16:46 < crised> mystica555: ok, following debian wiki at the moment
16:46 < mystica555> just understand the basics, and then see how they fit into your particular distro's stuff
16:46 < mystica555> thats my view on things
16:48 < crised> in the client:    Konsole output     ip route change default via 10.9.8.5 dev tun0  proto static  ip: RTNETLINK answers: Network is unreachable
16:48 < crised>    
16:51 < mystica555> then we'd need to see your client's routing tables at that point
16:51 < crised> mystica555: https://gist.github.com/crised/f585ef0e9d8fe6b16beb
16:51 <@vpnHelper> Title: gist:f585ef0e9d8fe6b16beb (at gist.github.com)
16:53 < mystica555> 10.9.8.1 dev tun0  src 10.9.8.2
16:53 < mystica555> this is a /30 and won't give you .5 as a route point..
16:53 < mystica555> try 10.9.8.1
16:53 < crised> mystica555: that did something
16:54 < mystica555> or from openvpn server "push route 10.9.8.1 255.255.255.0"
16:54 < mystica555> or so
16:54 < mystica555> and then push def1 i think
16:55 < crised> mystica555: oh.. I have the new public IP!
16:55 < crised> from the server in the client!
16:55 < mystica555> bingo
16:55 < crised> :):)
16:55 < crised> mystica555: I will try somethings first
16:55 < mystica555> now carry this knowledge on in future endeavors of routing and masquerading :)
16:55 < crised> mystica555: don't leave please
16:55 < crised> :)
17:00 < mystica555> im not leaving, just saying, that's one nugget, build upon it :)
17:00 < mystica555> motivational crap or something ;)
17:03 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
17:03 < crised> mystica555: can't do streaming though :(
17:03 < mystica555> you might not be forwarding dns thru the tunnel
17:03 < mystica555> notice the 2 routes to google dns
17:03 < mystica555> thats a common point of failure
17:03 < crised>    Konsole output     8.8.4.4 via 192.168.1.1 dev eth0
17:03 < crised>    
17:04 < crised> mystica555: how do I change that?
17:04 < mystica555> remove those dns routes
17:04 < crised> mystica555: how?
17:06 < crised> What's the role of DNS here?
17:06 < mystica555> now this is where you get friendly with the ip route subcommand
17:06 < crised> What happens if DNS goes outside of the tunnel?
17:06 < mystica555> dns comes from your geolocale and the replies given will not be to those servers in the proper area
17:07 < crised> mystica555: so these guys also block dns queries?
17:07 < mystica555> if you ask 8.8.8.8 via the tunnel, and the tunnel exists in new york city, google.com should resolve to a new york IP verified by tracing from the tunnel
17:07 < Reventlov> yosh.
17:07 < mystica555> if you ask the same 8.8.8.8, from a denver gelocale, you'll get a denver ip
17:07 < mystica555> that i trace to in 6 hops and 3ms or less
17:07 < Reventlov> So my vpn configuration doesn't allow me anymore to make all my traffic pass through my vpn server.
17:08 < crised> mystica555: so if provider wants to mess around, dns resolves from denver will resolv to  a crap server?
17:08 < mystica555> if the provider wants to mess around? which provider?
17:08 < Reventlov> Server configuration: http://sprunge.us/YEQZ
17:08 < mystica555> the isp? the dns server? (if you arent using isp provided dns) ?
17:08 < crised> mystica555: the destination server, if they don't want to be found
17:08 < Reventlov> i can reach the server from the client, the client from the server, but my traffic is stuck.
17:09 < crised> mystica555: ok deleted those 8.8.8.x lines
17:09 < Reventlov> iptables rules: http://sprunge.us/ggUf
17:10 < Reventlov> (ipv4.ip_forward activated)
17:10 < Reventlov> routes on the client: http://sprunge.us/AZAO
17:10 < Reventlov> What am I doing wrong ?
17:11 < crised> mystica555: deleted those rules now what?
17:11 < crised> mystica555: still does not work either
17:12 < crised> mystica555:    Konsole output     curl https://secure-computing.net/ip.php gives the server ip, so it should be fine
17:12 <@vpnHelper> Title: SCN: SCN (at secure-computing.net)
17:13 < mystica555> crised: you might be caching dns queries, or server responses somewhere.  otherwise, there may be other geolocating bits there..
17:14 < mystica555>                 <span>You're using IPv4 from: 38.75.196.67 (Reverse resolution failed.)</span>
17:14  * mystica555 wishes his isp would add some reverse-dns to their ips
17:14 < mystica555> get more publicity that way; not just via people randomly getting flyers, and seeing SSIDs on cellphones ..
17:19 < mystica555> best one can do now is do a whois on the ip, or ask bgp about its AS number, and research from there
17:20 < Reventlov> (still searching for help)
17:22 -!- codebam [~codebam@gateway/shell/yourbnc/x-roaihjlbnraclptp] has quit [Read error: Connection reset by peer]
17:27 -!- codebam [~codebam@gateway/shell/yourbnc/x-ztzhqbssnnxdkxka] has joined #openvpn
17:38 < crised> mystica555: I was picking the wrong links to stream
17:39 < crised> now works, awesome
17:39 < mystica555> aha!
17:39 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 256 seconds]
17:39 < mystica555> sweet
17:49 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
17:49 -!- mode/#openvpn [+o dazo_afk] by ChanServ
17:49 -!- dazo_afk is now known as dazo
17:52 -!- Ludo- [~Ludo@obelix.zoxx.net] has quit [Ping timeout: 256 seconds]
17:53 -!- darxun [~darxun@crew.of.the.worldwide.famous.micros0ft.dk] has quit [Ping timeout: 276 seconds]
17:54 -!- Gisleh [~Gisle@80.203.117.205] has quit []
17:54 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
17:54 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has quit [Ping timeout: 276 seconds]
17:54 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Ping timeout: 276 seconds]
17:54 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
17:56 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
17:57 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
17:58 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has joined #openvpn
18:09 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:17 -!- tck9 [~MAKAVELI@69.172.162.13] has joined #openvpn
18:18 < tck9> is it possible for an openvpn client to seamlessly failover between 2 openvpn servers if one of them goes down?
18:18 <@plai> no
18:19 <@plai> not really as far as I know
18:20 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
18:22 <@plai> system_profiler SPHardwareDataType
18:22 <@plai> (wrong channel)
18:22 < JoeMerit> guys
18:22 < JoeMerit> is OpenVPN the shit?
18:23 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:23 < mystica555> tck9: no, youd have to have 2 tunnels up and a redundant route
18:24 < mystica555> possibly vrrp to keep the routing thru 1 ip
18:34 <@plai> JoeMerit: are you a troll?
18:35 < JoeMerit> not at all, i'm a huge fan of OpenVPN
18:35 < JoeMerit> I love it
18:36 < crised> mystica555: trying this again in another pc
18:37 < crised> mystica555: sudo ip route change default via 10.9.8.1 dev tun0  proto static  RTNETLINK answers: No such file or directory
18:47 -!- crised [~crised@186.67.181.203] has quit [Ping timeout: 250 seconds]
18:49 -!- rrr_ [~chatzilla@183.131.105.165] has joined #openvpn
18:55 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
18:55 < mystica555> check its routing table
18:56 < JoeMerit> why am I accused of being a troll anyways
18:56 < JoeMerit> thats hardly fair
18:57 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
18:59 -!- rrr_ [~chatzilla@183.131.105.165] has quit [Ping timeout: 265 seconds]
18:59 -!- rrr__ is now known as rrr_
18:59 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:05 -!- crised [~crised@ec2-52-28-153-31.eu-central-1.compute.amazonaws.com] has joined #openvpn
19:09 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
19:13 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
19:16 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
19:16 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
19:18 -!- rrr__ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
19:19 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
19:19 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:21 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 252 seconds]
19:21 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 265 seconds]
19:22 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
19:25 -!- crised [~crised@ec2-52-28-153-31.eu-central-1.compute.amazonaws.com] has quit [Ping timeout: 256 seconds]
19:27 -!- jesopo [jess@lolnerd.net] has joined #openvpn
19:59 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
20:01 -!- rrr_ [~chatzilla@114.111.166.44] has joined #openvpn
20:12 -!- rrr__ [~chatzilla@61.164.211.214] has joined #openvpn
20:14 -!- rrr_ [~chatzilla@114.111.166.44] has quit [Ping timeout: 264 seconds]
20:15 -!- rrr__ is now known as rrr_
20:23 -!- codebam [~codebam@gateway/shell/yourbnc/x-ztzhqbssnnxdkxka] has quit [Remote host closed the connection]
20:28 -!- codebam [~codebam@gateway/shell/yourbnc/x-zvbxlsdereaaifdj] has joined #openvpn
20:38 -!- rrr_ [~chatzilla@61.164.211.214] has quit [Ping timeout: 244 seconds]
20:44 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has quit [Read error: Connection reset by peer]
21:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
21:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:23 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
21:26 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
21:30 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
23:04 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
23:25 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
23:32 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
23:44 -!- ShadniX [dagger@p5DDFEAF6.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:44 -!- ShadniX_ [dagger@p5DDFC5B8.dip0.t-ipconnect.de] has joined #openvpn
23:44 -!- ShadniX_ is now known as ShadniX
23:47 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
23:47 -!- james41382_ is now known as james41382
23:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
--- Day changed Sat Jul 11 2015
00:03 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Quit: ZNC - http://znc.sourceforge.net]
00:05 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
00:09 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
00:10 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
00:10 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
00:19 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Quit: ZNC - http://znc.sourceforge.net]
00:22 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:22 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:24 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Remote host closed the connection]
00:24 -!- james41382_ is now known as james41382
00:24 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
00:28 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
00:53 < Raku_> Is there any place i can find a list of configurations that need to be done that involve having to select your active interface, such as with the iptables masqurade setting that is required
01:18 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
01:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
01:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
01:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:21 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
02:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:31 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
02:34 -!- Tenhi [~tenhi@178.18.241.180] has quit [Remote host closed the connection]
02:43 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:48 -!- Tenhi [~tenhi@static.100.25.4.46.clients.your-server.de] has joined #openvpn
02:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:57 -!- mode/#openvpn [+o mattock1] by ChanServ
03:05 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
03:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:17 -!- gallatin [~gallatin@2001:4dd0:ff00:9ce5::1] has joined #openvpn
03:20 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
03:21 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:56 -!- hays_ [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
03:56 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
04:08 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
04:09 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:13 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
04:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
04:20 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:25 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:01 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
05:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
05:15 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
05:29 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
05:29 -!- codebam [~codebam@gateway/shell/yourbnc/x-zvbxlsdereaaifdj] has quit [Remote host closed the connection]
05:35 -!- codebam [~codebam@gateway/shell/yourbnc/x-jgiugqqybcaehtgo] has joined #openvpn
05:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
05:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:04 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 250 seconds]
06:25 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has joined #openvpn
06:26 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
06:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:45 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
06:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
06:57 -!- codebam [~codebam@gateway/shell/yourbnc/x-jgiugqqybcaehtgo] has quit [Quit: Seeya. Thanks :)]
07:00 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
07:00 -!- mode/#openvpn [+o syzzer] by ChanServ
07:09 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:40 -!- gallatin [~gallatin@2001:4dd0:ff00:9ce5::1] has quit [Ping timeout: 256 seconds]
07:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
07:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
07:58 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
07:59 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:17 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 256 seconds]
08:27 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
08:27 -!- mode/#openvpn [+v s7r] by ChanServ
09:42 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
09:57 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:1426:fba2:bc14:3661] has quit [Quit: Leaving]
10:06 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:b876:305b:3c5e:f25a] has joined #openvpn
10:06 -!- diwowo [~diwowo@gamers-pub.de] has left #openvpn ["Verlassend"]
10:13 -!- JoeMerit [joe@unaffiliated/joemerit] has quit [Read error: Connection reset by peer]
10:15 -!- JoeMerit [joe@unaffiliated/joemerit] has joined #openvpn
10:43 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
10:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
10:48 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has quit [Ping timeout: 256 seconds]
10:50 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:50 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
10:53 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:03 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:29 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
11:39 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
11:40 -!- mete [~mete@91.247.253.160] has quit [Read error: Connection reset by peer]
11:41 -!- mete [~mete@91.247.253.160] has joined #openvpn
11:43 < samopotamus> I can't find a whole lot of discussion out there on using OpenVPN as a TAP device.  I have a remote server that I would like to mount as a network drive on my TomatoUSB router, and send notifications to a couple of Kodi devices.  It's going to regularly sync files primarily from the server to a local NAS.  Is TAP my best option?
12:38 < Raku_> I'm having issues getting my vpn working, it worked previously then i changed wirless adapters causing my active inteeface to switch from wlan0 to wlan1, everything ive checked leads me to believe it should work but when i connect nothing loads, i cant ping anything except my own ip on the subnet(10.9.8.2)
12:49 < Poster> samopotamus: How are the notifications to Kodi sent?
12:50 < Poster> Raku_: there may be something in your configuration which is looking for the device name, you should be able to remove the old wireless adapter by cleaning up udev rules, this can vary by distribution but you should see something in /etc pertaining to udev you can edit and reboot to apply
12:52 < samopotamus> Poster, from sickrage to the IP and port of the Kodi machine.
12:52 < samopotamus> Poster, screenshot of the setup: http://puu.sh/iVqMW/82e3b72ad8.png
12:52 < Raku_> That is what i assumed, ive been looking evrywhere for something though, i'll check that though
12:53 < Raku_> Is there a way to apply without a reboot?
12:53 < samopotamus> I could do this, I know, by just forwarding ports, but it would need to be sent through a tunnel (or VPN) to remain secure.
12:54 < samopotamus> All the things I want to do seem like they would work out better if my router just considered my server part of the local network (or the server considered the router part of its local network).
12:55 < Raku_> I do have the old wireless adapter still installed phsyically, as its a caed and i havent gotten around to taking it out, i have disabled it on the software level though
13:06 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:06 -!- mode/#openvpn [+o mattock1] by ChanServ
13:43 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
13:57 -!- eb0t [~ebot@unaffiliated/eblip] has joined #openvpn
13:58 < eb0t> hey its my first time trying openvpn
13:58 < eb0t> i have installed it on centos and am trying to connect to it from anohter linux machine on the same subnet
13:58 < eb0t> i am getting errror Unrecognized option or missing parameter(s) in /home/eb0t/vpnkeys/client.ovpn:1: gentoo-main (2.3.6)
13:58 < eb0t> Use --help for more information.
13:59 < eb0t> any ideas
13:59 < eb0t> im not even sure if it will be possible to connect to openvpn accross the same network
14:00 < eb0t> i dont know if it expects to nat something or something complex like that
14:15 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
14:21 < eb0t> will open vpn work across the lan
14:22 < eb0t> i have one client on the subnet and anohter openvpn server on the same subnet
14:22 < eb0t> i know it defeats the object ...but i need to test it somehow
14:29 -!- eb0t [~ebot@unaffiliated/eblip] has quit [Quit: WeeChat 1.1.1]
15:03 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Quit: There is nothing like the laughter of a baby. Unless it's 1 AM and you're home alone.]
15:05 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
15:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:19 -!- xTz [~xTz@DeathStar.Techn0.eu] has quit [Remote host closed the connection]
15:33 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
15:39 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
16:06 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
16:06 -!- mode/#openvpn [+v s7r] by ChanServ
16:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
16:15 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
16:34 -!- c0deweaver [~c0deweave@unaffiliated/c0deweaver] has joined #openvpn
16:44 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 258 seconds]
16:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
16:53 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
16:57 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
17:03 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
17:17 < Raku_> Idont understand, it should work, ive gone through the routing tutorial and all is set, poster do you knowwhich configs somewherw, anything having to do with setting up openvpn or anything that would involve selectinf the active interface?
17:25 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
17:35 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 256 seconds]
17:36 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
17:37 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
17:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
17:45 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:12 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 248 seconds]
18:27 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
18:35 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
18:35 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
18:38 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has quit [Ping timeout: 256 seconds]
18:39 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:41 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
18:50 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
18:58 -!- zheng [~zheng@180.157.6.38] has joined #openvpn
18:58 -!- zheng_ [~zheng@180.157.6.38] has joined #openvpn
18:59 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:15 -!- gnerd [~gnerd@172.56.0.40] has joined #openvpn
19:18 < gnerd> Hey I have no problem connecting to my Vpn and most of the time staying connected, but it does seem to lose connection more than usual and I have to actually go to the openvpn client and it then it connects back usually instantly but usually have to repeat the same process multiple times per session, any ideas why I sometimes get the timeout?
19:26 -!- gnerd [~gnerd@172.56.0.40] has quit [Remote host closed the connection]
19:29 < fred``> any ideas - as soon as i activate 'crl-verify crl.pem' in the conf openvpn doesnt start anymore - the crl.pem is in the right place
19:31 < JoeMerit> what does the log file say
19:40 -!- zheng [~zheng@180.157.6.38] has quit [Quit: Leaving]
19:45 -!- eb0t [~ebot@unaffiliated/eblip] has joined #openvpn
19:46 < eb0t> hey i have installed openvpn and when i ip addr show
19:46 < eb0t> it show tun0 has the same ip address as my default gateway ..surely that is wrong
20:00 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
20:01 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
20:36 < subzero79> eb0t, why is wrong ? if the vpn server is configured to redirect all internet traffic with push def1, then it will become the default gateway
20:37 < eb0t> hmm ok
20:37 < eb0t> i didnt think i configured it to do that
20:38 < eb0t> i think i have a lot of reading to do
20:41 < subzero79> who's controlling the server?
20:41 < subzero79> you?
20:54 < eb0t> yes me
20:54 < eb0t> well i will be once i get this thing configured properly
20:55 < eb0t> i think i misinterpreted some fo the information i have read...now im looking on hte openvpn site and it basically says leave the network 10.0.8.0 in the config file and it will assign to virtual interfaces
20:55 < eb0t> i actually changed these on my server to be the same subnet as the lan onto which the vpn server is going to be connected
20:55 < eb0t> so it shouldnt have the ip address of my default gateway
20:55 < eb0t> that is wrong ..plain and simple
21:17 < fred``> JoeMerit : sry - did forget to mention - it only fails on 'proto tcp' - same config with 'proto udp'and 'crl-verify crl.pem' works
21:18 < fred``> i have no real log entries - already have 'verb 9'
21:31 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 246 seconds]
21:46 < c0deweaver> Is there any guide online to configure OpenVPN from the command line in linux in routed form? aka I have a VPS I want to run OVPN and it only has one ipv4.
21:46 -!- fred`` [fred@earthli.ng] has joined #openvpn
22:11 -!- zheng_ [~zheng@180.157.6.38] has quit [Read error: Connection timed out]
22:13 -!- zheng_ [~zheng@180.157.6.38] has joined #openvpn
22:13 -!- zheng_ [~zheng@180.157.6.38] has quit [Max SendQ exceeded]
22:15 -!- zheng [~zheng@180.157.6.38] has joined #openvpn
22:24 < subzero79> c0deweaver, i have a smal vps openvz, running openvpn
22:25 < subzero79> the confirguration is just as described in the openvpn website for generating the certs and keys
22:43 < Raku_> Hmm, found some iptable rules i didnt know about and changed them, still a no go, something critical somewhere has to be on wlan0 still and stopping it from working
23:04 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has left #openvpn ["rcirc on GNU Emacs 24.5.1"]
23:11 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 252 seconds]
23:18 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
23:43 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
23:44 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
23:44 -!- mode/#openvpn [+o krzee] by ChanServ
23:44 -!- ShadniX [dagger@p5DDFC5B8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:45 -!- ShadniX [dagger@p5481C052.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Jul 12 2015
00:09 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
00:25 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
00:26 -!- Takyoji [~Takyoji@2602:100:18b1:6429:8cb2:6607:a707:9b37] has joined #openvpn
00:34 < Takyoji> So, I'd like to be able to encrypt remote desktop traffic, of connecting to someone behind NAT. Mainly where a customer behind NAT connects to a VPN server, with some pre-shared config of what server key fingerprint to trust (or whichever), and where people can connect without any authentication. Would this be practical with OpenVPN, or would there be a more sane approach?
00:56 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Ping timeout: 252 seconds]
00:58 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
00:59 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:13 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:b876:305b:3c5e:f25a] has quit [Read error: Connection reset by peer]
01:13 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:b876:305b:3c5e:f25a] has joined #openvpn
01:14 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 252 seconds]
01:14 -!- fling [~fling@fsf/member/fling] has joined #openvpn
01:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:19 -!- mode/#openvpn [+o mattock1] by ChanServ
01:43 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Max SendQ exceeded]
01:46 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
01:47 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:49 -!- toli [~toli@ip-62-235-222-21.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:51 -!- toli [~toli@ip-62-235-222-199.dsl.scarlet.be] has joined #openvpn
02:00 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
02:14 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:06 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
03:12 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:13 -!- zheng [~zheng@180.157.6.38] has quit [Quit: Leaving]
03:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 256 seconds]
03:23 -!- mystica555 [~mystica55@38.75.196.67] has quit [Read error: Connection reset by peer]
03:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
03:31 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
03:31 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:55 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:19 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:21 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
04:27 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:32 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
04:33 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:33 -!- Takyoji [~Takyoji@2602:100:18b1:6429:8cb2:6607:a707:9b37] has quit [Remote host closed the connection]
04:38 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
04:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:41 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
04:43 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:44 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:49 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
04:50 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:50 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:51 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
04:55 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
04:56 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:01 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
05:02 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:07 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
05:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:13 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
05:14 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:18 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
05:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:23 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:25 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
05:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:29 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:31 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
05:32 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:37 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
05:37 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:42 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 248 seconds]
05:43 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:46 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
05:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:54 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
05:54 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
05:54 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:59 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
06:00 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
06:05 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
06:06 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:11 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
06:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
06:12 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:14 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:14 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
06:17 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
06:18 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
06:24 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:29 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
06:30 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:34 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
06:34 -!- akamaru217 [~akamaru@2601:cd:4000:a6cc:b876:305b:3c5e:f25a] has quit [Quit: Leaving]
06:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
06:41 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:46 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
06:47 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:51 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
06:52 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:55 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 248 seconds]
06:56 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
06:57 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
07:01 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
07:35 -!- GrayTShirt [~dan@funtoo/core/GrayTShirt] has joined #openvpn
08:14 -!- GrayTShirt [~dan@funtoo/core/GrayTShirt] has quit [Quit: Leaving.]
08:30 -!- eb0t [~ebot@unaffiliated/eblip] has quit [Quit: WeeChat 1.1.1]
08:45 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 252 seconds]
08:47 -!- fling [~fling@fsf/member/fling] has joined #openvpn
09:16 < Raku_> Is there any configuration other than iptables that requires you to set your active interface?
09:24 -!- HanSooloo_ [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
09:25 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Ping timeout: 246 seconds]
09:25 -!- HanSooloo_ is now known as HanSooloo
09:36 -!- tessier [~treed@kernel-panic/copilotco] has quit [Read error: Connection reset by peer]
09:40 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
09:51 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
09:52 -!- rrr_ [~chatzilla@104.131.149.70] has joined #openvpn
09:53 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
09:58 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
10:00 -!- rrr__ is now known as rrr_
10:20 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
10:22 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
10:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:26 -!- rrr__ is now known as rrr_
10:28 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:55 -!- rrr_ [~chatzilla@104.131.149.70] has quit [Remote host closed the connection]
10:55 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
10:55 -!- rrr_ [~chatzilla@114.111.166.44] has joined #openvpn
10:56 -!- rrr__ [~chatzilla@104.131.149.70] has joined #openvpn
10:57 -!- rrr__ [~chatzilla@104.131.149.70] has quit [Client Quit]
10:59 -!- rrr_ [~chatzilla@114.111.166.44] has quit [Ping timeout: 252 seconds]
11:06 < moviuro> Hi all, how do I manage IPv6 on the tap interfaces? I want my client to have an IPv6 adress
11:07 -!- Billias [~MrV@2001:980:ab33:101::dead:beef] has left #openvpn []
11:07 < moviuro> the VPN itself uses IPv4 but I want IPv6 inside it
11:07 < moviuro> so far, my client has its final IPv6 adress and can send a ping6 that gets caught on the tap interface on the server; however, no response
11:13 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:19 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
11:19 < AlmogBaku> how can I retrieve IP from DN?
11:19 < AlmogBaku> after connect phase?
11:36 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Ping timeout: 256 seconds]
11:51 -!- moviuro [~moviuro@ginfo.ext.ec-m.fr] has quit [Ping timeout: 265 seconds]
12:20 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
12:25 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 248 seconds]
12:26 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
12:54 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:40 -!- mnathani_ [~zeshoem@192.0.149.228] has joined #openvpn
13:50 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
14:09 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:36 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
14:39 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
14:39 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:44 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
14:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:05 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:12 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
15:31 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Quit: #define sizeof(x) ((rand() % 100 == 42) ? sizeof(x)-1 : sizeof(x))]
15:32 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
15:47 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Quit: typeof(string).GetField("Empty").SetValue(null, "Empty");]
15:48 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
15:48 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
16:16 -!- mystica555 [~mystica55@38.75.196.67] has joined #openvpn
16:26 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
16:52 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:15 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Excess Flood]
17:20 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:10 -!- eb0t [~ebot@unaffiliated/eblip] has joined #openvpn
18:10 < eb0t> hey i just created my first vpn
18:10 < eb0t> tun0 was created and i can ping both ends of the tunnel
18:11 < eb0t> i started the vpn client and server using # openvpn --config  client.conf   ...and # openvpn --config server.conf
18:11 < eb0t> but on the command lines where i started the connection
18:11 < eb0t> i keep getting lots of messages
18:12 < eb0t> and once connected although i can ping each end
18:12 < eb0t> i cant access the internet
18:12 < eb0t> any ideas
18:12 < eb0t> the vpn is between gentoo and centos
18:13 < JoeMerit> needs some iptables rules probably
18:13 < JoeMerit> for routing the traffic
18:13 < Thermi> You don't route with iptables. You route with routes.
18:13 < eb0t> ah ok..i can look into that
18:13 < Thermi> You only masquerade the traffic with iptables.
18:13 < Thermi> Look at the openvpn site.
18:13 < eb0t> the ping works
18:13 < JoeMerit> wow thanks for correcting me pal
18:14 -!- jant [~jant@pavlov.tiddo.net] has quit [Remote host closed the connection]
18:27 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 276 seconds]
18:36 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Excess Flood]
18:36 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
18:48 < Raku_> I just grepped all files on my system for wlan0 and couldnt find anything other than some logs, i really dont know what i'm missing here
18:53 < Raku_> My config hasnt changed, i updated iptables, my ip route is corrrect,  is there anything else i should be changing after my active interface has changed
19:36 < Triffid_Hunter> Raku_: what's an "active interface"?
19:53 < Raku_> As in eth0, eth1, wlan0, wlan1
19:54 < Raku_> In ny case ny active interface(the one that is being used)  is wlan1
19:56 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Quit: HanSooloo]
20:06 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
20:15 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
20:24 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
20:36 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 248 seconds]
20:43 -!- eb0t [~ebot@unaffiliated/eblip] has quit [Ping timeout: 264 seconds]
20:43 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 240 seconds]
20:44 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Quit: HanSooloo]
20:48 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
20:49 -!- caa24893 [~caa24893@nc6527d0a.cns.vt.edu] has joined #openvpn
20:49 < caa24893> my college uses junos pulse for its vpn but i would like to use openvpn. i tried searching online to see if there was a way to do this but i didn't find anything clear on the matter. is this possible?
20:52 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection timed out]
20:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
20:55 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 248 seconds]
20:56 -!- eb0t [~ebot@unaffiliated/eblip] has joined #openvpn
21:00 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
21:12 -!- ValdikSS [~valdikss@2002:b93d:9579:1::1067] has joined #openvpn
21:21 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
21:40 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
21:46 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
22:28 -!- justdave [~dave@unaffiliated/justdave] has left #openvpn []
23:19 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:23 -!- SineDeviance [~quassel@2602:306:3908:8eb0:4ea:9e6a:2d4e:4352] has quit [Ping timeout: 248 seconds]
23:24 -!- SineDeviance [~quassel@2602:306:3908:8eb0:bddc:b79d:78a2:235a] has joined #openvpn
23:40 -!- tsing [~tsing@gintama.tsing.org] has quit [Ping timeout: 264 seconds]
23:40 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
23:42 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
23:43 -!- ShadniX [dagger@p5481C052.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:43 -!- ShadniX [dagger@p5481CC4C.dip0.t-ipconnect.de] has joined #openvpn
23:51 -!- c0deweaver [~c0deweave@unaffiliated/c0deweaver] has left #openvpn ["WeeChat 1.2"]
--- Day changed Mon Jul 13 2015
00:01 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
00:33 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
01:09 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
01:21 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:21 -!- mode/#openvpn [+o mattock1] by ChanServ
01:24 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
01:26 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
01:36 -!- tsing [~tsing@gintama.tsing.org] has quit [Remote host closed the connection]
01:40 < subzero79> I am trying to put a cifs mount script in route-up....so far nothing gets executed, network isn't available until Initialization Sequence Completed msg appears
01:41 < subzero79> I've added sleep 20 in the script but still no joy...
01:41 < subzero79> i am wondering if I am missing something
01:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:52 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:00 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:00 -!- mode/#openvpn [+o mattock2] by ChanServ
02:10 -!- tsing [~tsing@gintama.tsing.org] has quit [Ping timeout: 248 seconds]
02:27 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
02:46 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:56 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
02:56 < TyrfingMjolnir> How do I change from buildkey to easyrsa?
03:30 -!- tsing [~tsing@gintama.tsing.org] has quit [Ping timeout: 246 seconds]
03:31 -!- nohitall [~nohitall@unaffiliated/nohitall] has joined #openvpn
03:31 < nohitall> hi, I have some issue, I get "failed to find GID for group nogroup", debian jessie, client and server config use nobody/nogroup, all other options are stock
03:32 < nohitall> I tried google but nothing helpful so far
03:36 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
03:38 < nohitall> ok I just found in auth.log (USING PAM for clients): Bad protocol version identification...
03:41 -!- nohitall [~nohitall@unaffiliated/nohitall] has left #openvpn []
03:56 < TyrfingMjolnir> Write out database with 1 new entries
03:56 < TyrfingMjolnir> Data Base Updated
03:56 < TyrfingMjolnir> How can I list the entries in the Data Base?
03:56 < TyrfingMjolnir> mentioned
03:57 -!- tsing [~tsing@gintama.tsing.org] has quit [Read error: Connection reset by peer]
04:04 < Raku_> Well i found one issue, seems to be dns is failing, and any requests to ip addresses go straight around the vpn
04:04 < Raku_> Even with the log verbosity on 9 though nothing sticks out, to me at least
04:08 < Raku_> Oh, that was an easy fix for that part, forgot to add dhcp-options when i rewrote the ovpn
04:13 < Raku_> Iam extremely lost, i added the options back and now somehow it works
04:13 < Raku_> I have no idea what i did
04:20 < TyrfingMjolnir> How can I list the entries in the Data Base mentioned?
04:21 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
04:26 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 264 seconds]
04:37 -!- nohitall [~nohitall@unaffiliated/nohitall] has joined #openvpn
04:38 < nohitall> ok I have a totally different issue...Jessie, fresh install openvpn,if I try to run openvpn all I get is active(exited) from systemctl, no error messages or anything
04:38 < nohitall> server.conf is default
04:42 < nohitall> I only created the pem and server key for testing purposes
04:42 < nohitall> but I get absolutely nothing in logs, it just doesnt startup o.O
04:49 < nohitall> ok so it starts only with systemctl start openvpn.service, service openvpn start or via init.d doesnt do it
04:50 -!- apollo2k is now known as aPollO2k
05:01 -!- nohitall [~nohitall@unaffiliated/nohitall] has left #openvpn []
05:04 -!- Raku_ [josh@user-105n21p.cable.mindspring.com] has left #openvpn ["Run it as root"]
05:50 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:55 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 240 seconds]
05:56 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 240 seconds]
05:58 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 244 seconds]
06:27 -!- tsing [~tsing@gintama.tsing.org] has quit [Read error: Connection reset by peer]
06:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
06:27 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:43 -!- tsing [~tsing@gintama.tsing.org] has joined #openvpn
06:57 -!- tsing [~tsing@gintama.tsing.org] has quit [Quit: Leaving...]
07:01 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
07:04 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Client Quit]
07:04 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
07:13 -!- Tuju [~tuju@214.204.50.195.sta.estpak.ee] has quit [Read error: Connection reset by peer]
07:14 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:26 -!- Gman32 is now known as SleepyOwl
07:36 -!- stack [~urb@unaffiliated/stack] has quit [Ping timeout: 264 seconds]
07:36 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
07:55 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
08:00 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:14 -!- Tenhi [~tenhi@static.100.25.4.46.clients.your-server.de] has quit [Remote host closed the connection]
08:14 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:17 -!- Tenhi [~tenhi@178.18.241.180] has joined #openvpn
08:17 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 244 seconds]
08:19 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
08:24 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:27 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 246 seconds]
08:28 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:34 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
08:48 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 265 seconds]
08:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:58 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
08:58 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
09:03 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Quit: leaving]
09:03 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
09:04 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
09:14 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
09:24 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:30 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
09:40 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
09:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
10:03 < AWeSomeAo> !seen v0lZy
10:03 <@vpnHelper> v0lZy was last seen in #openvpn 3 days, 0 hours, 45 minutes, and 16 seconds ago: <v0lZy> byes
10:05 -!- fareak [b219681d@gateway/web/freenode/ip.178.25.104.29] has joined #openvpn
10:06 < AWeSomeAo> is there a way to leave a message for someone on a bot?
10:09 < fareak> Good evening. I am running an OpenVPN server on Debian 8, with a client on Debian 8 as well. Connecting to OpenVPN works well, the tunnel is stable and fast. However, when I mount my NFS shares over OpenVPN, I often get timeouts, it takes several tries to mount.
10:09 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has joined #openvpn
10:10 < fareak> I mount via "mount -t nfs -o tcp 192.168.2.1:/share/ /share/", or via fstab with "192.168.2.3:/share/ /share/ nfs noauto,user,noacl,nocto,noatime,nodiratime,soft,timeo=10,intr,bg,rsize=1048576,wsize=1048576,tcp 0 0 "
10:11 < fareak> The internet and google seem to insist I am the first person with this behavior? It was the same with Debain 7, by the way. Any ideas?
10:11 < AWeSomeAo> u're only configured in apt for testing
10:11 < AWeSomeAo> sorry, wrong paste
10:11 < AWeSomeAo> http://ftp.lyx.org/pub/sgml-tools/website/HOWTO/NFS-HOWTO/t1166.html <-- suggests not to use soft
10:11 <@vpnHelper> Title: NFS over slow lines (at ftp.lyx.org)
10:12 < fareak> Should I consider OpenVPN in a LAN to be equivalent to a slow connection?
10:12 < AWeSomeAo> what is the ping of your nfs server via openvpn?
10:14 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:14 < fareak> direct connection: 0.16ms, Ovpn: 0.6ms
10:14 < AWeSomeAo> Okay, I wouldn't call that slow
10:15 < fareak> I'll try over wifi and ethernet next time I'm in the bureau, if you want slow ;-)
10:15 < AWeSomeAo> nono
10:15 < fareak> *wifi and internet
10:15 < AWeSomeAo> my first suspicion is that it might be a mtu problem
10:16 < AWeSomeAo> but without tcpdump there is really no way of telling I guess
10:16 < fareak> I did play with MTU, to make better use of the gigabit connection here, yes
10:17 < fareak> no, wait, that's rsize and wsize in the fstab options. I'll check if I indeed messed with the MTU, or only planned to do so
10:18 < AWeSomeAo> check the link-mtu and maybe try to change / remove rsize/wsize. moutn with minimal optimizations for speed and work your way from there
10:18 < fareak> This can't be good: eth0 MTU 1500, TUN MTU 6000
10:19 < AWeSomeAo> are you using jumbo frames?
10:19 < AWeSomeAo> and yes, this might be the problem
10:20 < fareak> apparently I either didn't change those settings, or they were reset with the recent OS upgrade. How can I check for jumboframes?
10:23 < fareak> Jumboframes are simply packets with a very large MTU?
10:27 < fareak> How much smaller shall the TUN MTU size be, than the link MTU? For the packet overhead? something like "link: 1500" "TUN: 1450" and "link: 9000" "TUN: 8950"? I would start small, and work my way up observing throughput
10:36 -!- Netsplit *.net <-> *.split quits: AlexRussia, NucWin, Triffid_Hunter, nullsign, Matir, zpatten, d10n, dan_j, defswork
10:37 -!- Netsplit *.net <-> *.split quits: hid3, yoavz, CGML, peder, Gizmokid2005, Zimsky--, sphinxter, phantomcircuit, AL13N_work, chantra,  (+1 more, use /NETSPLIT to show all of them)
10:37 -!- Netsplit over, joins: Matir
10:37 -!- Netsplit over, joins: d10n
10:37 -!- Netsplit over, joins: peder
10:37 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
10:37 -!- Netsplit over, joins: CGML, Triffid_Hunter
10:37 -!- Netsplit over, joins: zpatten, NucWin
10:37 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
10:37 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
10:37 -!- Netsplit over, joins: hid3, chantra
10:37 -!- Netsplit over, joins: AlexRussia
10:38 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
10:38 -!- Netsplit over, joins: sphinxter
10:38 -!- Netsplit over, joins: Gizmokid2005, AL13N_work
10:38 -!- Netsplit over, joins: phantomcircuit
10:41 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:49 -!- dan_j [sid21651@gateway/web/irccloud.com/x-tbpibeowpzuxyunn] has joined #openvpn
10:49 -!- aPollO2k is now known as apollo2k
10:56 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has quit [Quit: Searching for Waimea]
10:57 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
10:59 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
11:14 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
11:15 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has joined #openvpn
11:21 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:24 -!- bakhtiya [~me@office.addictivemobility.com] has quit []
11:27 -!- Maxels_ [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Quit: Leaving]
11:40 -!- CGML [~CGML@unaffiliated/cgml] has quit [Quit: CGML]
12:06 -!- cstk421 [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has joined #openvpn
12:46 < fareak> So far: changing the MTU helps with throughput, got +30% more with an MTU of 9000 (link). No matter what, the mounting takes 10s and umount 5s over openvpn. Over lan it both is around 0.05s. This can't be a mountoption neither, as the same options are active at the lan and openvpn mounts.
12:48 < Thermi> fareak: Check firewall rules.
12:51 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
12:52 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
12:52 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
13:23 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
13:23 -!- janjust [~janjust@openvpn/community/support/janjust] has joined #openvpn
13:30 -!- cstk421 [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has quit [Remote host closed the connection]
13:40 -!- SineDeviance [~quassel@2602:306:3908:8eb0:bddc:b79d:78a2:235a] has quit [Ping timeout: 248 seconds]
13:41 -!- SineDeviance [~quassel@99-144-136-235.lightspeed.chrlnc.sbcglobal.net] has joined #openvpn
13:44 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
13:49 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: rebooting!]
13:49 -!- toli [~toli@ip-62-235-222-199.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:50 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
13:51 -!- toli [~toli@ip-62-235-222-195.dsl.scarlet.be] has joined #openvpn
13:54 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
13:57 -!- cstk421 [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has joined #openvpn
14:06 -!- Kobaz [~kobaz@its.kobaz.net] has left #openvpn []
14:06 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
14:06 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
14:07 -!- cstk421 [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has quit []
14:11 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 246 seconds]
14:26 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:28 -!- janjust [~janjust@openvpn/community/support/janjust] has left #openvpn ["Leaving"]
14:35 -!- JordiGH [~jordi@octave/developer/JordiGH] has joined #openvpn
14:36 -!- votlon [~votlon@66.214.191.162] has joined #openvpn
14:37 < votlon> hey any have time to help a noob connect to an ipsec firewall?
14:37 < JordiGH> I connect to my vpn with "openvpn someconfig.ovpn". This usually worked well, but since a while ago, it resulted in me not being able to resolve hostnames on the VPN. If I manually go and put the IP of the DNS server on the VPN network's inside my resolv.conf, then I can work. This started happening, I think, after a Debian upgrade, so, new versions of Debian, networkmanager, and openvpn. So I think there's a bug somewhere. How does setting a ne
14:37 < JordiGH> w DNS server work normally with openvpn?
14:37 < JordiGH> does openvpn normally mess around with resolv.conf?
14:38 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 256 seconds]
14:39 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
14:41 < DArqueBishop> JordiGH, the server has to be configured to push the DNS server information.
14:41 < DArqueBishop> !pushdns
14:41 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN
14:41 <@vpnHelper> for Android and OpenVPN Connect will happily accept push dhcp-option
14:42 < DArqueBishop> votlon,
14:42 < DArqueBishop> !notovpn
14:42 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
14:43 < JordiGH> DArqueBishop: Hm... A colleague on Mac OS X says that he has no problems with the VPN from home. Could the server have pushdns but the openvpn client is ignoring it?
14:43 < DArqueBishop> It's possible.
14:43 -!- JoeMerit [joe@unaffiliated/joemerit] has left #openvpn []
14:44 -!- tck9 [~MAKAVELI@69.172.162.13] has quit [Quit: Leaving]
14:46 < JordiGH> DArqueBishop: I see that my openvpn client does get the pushdns command: http://codepad.org/rt16XRYV
14:46 <@vpnHelper> Title: Plain Text code - 37 lines - codepad (at codepad.org)
14:46 < JordiGH> 172.16.1.5 is the right IP address.
14:46 < JordiGH> For the DNS server.
14:47 -!- liriel [~liriel@185.21.217.6] has quit [Excess Flood]
14:47 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
14:48 < JordiGH> Should the client be doing/saying anything more? Should it be setting up resolv.conf ?
14:49 < DArqueBishop> I don't know, honestly. It probably should.
14:49 < DArqueBishop> I personally don't push DNS server settings on my VPN, so it's not something I'm an expert in. :-)
14:50 < DArqueBishop> You might want to try using the dig command on your VPN client (if it's available) to see if it can actually connect to the internal DNS server and get a proper response to a DNS query.
14:50 < JordiGH> Oh, yes, it does.
14:51 < JordiGH> I can resolve internal hosts.
14:51 < JordiGH> No other DNS server would know these names.
14:51 -!- votlon [~votlon@66.214.191.162] has quit [Ping timeout: 256 seconds]
14:51 < JordiGH> Huh, I wonder if systemd is to blame.
15:02  * JordiGH discovers /etc/openvpn/update-resolv-conf
15:03 <@dazo> JordiGH: if you have NetworkManager installed ... try using that from a GUI, and poke at the 'ps faxuw' output, looking for OpenVPN .... pick-up the option where it uses a NetworkManager plug-in .... you should be able to use the same plug-in, and thus get the network setup properly
15:04 <@dazo> (including DNS resolving)
15:05 <@dazo> using that plug-in, I suspect you won't have as much issues with the systemd/NetworkManager integration .... where also the /etc/resolv.conf have some quirks with the systemd resolver
15:05 < JordiGH> NetworkManager's OpenVPN has gotten buggy for me.
15:05 < JordiGH> It doesn't show all of my VPN connections and if I try to import a new config, it doesn't show up.
15:06 < JordiGH> dazo: So normally it's not the openvpn client that sets up resolv.conf, but some wrapper around it?
15:06 <@dazo> JordiGH: correct
15:07 < JordiGH> I see.
15:07 < JordiGH> Well, I can be that wrapper for now.
15:10 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
15:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
15:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:16 -!- mode/#openvpn [+o mattock1] by ChanServ
15:21 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
15:22 -!- JordiGH [~jordi@octave/developer/JordiGH] has quit [Remote host closed the connection]
15:25 -!- brooksgarrett [~smuxi@173-31-41-191.client.mchsi.com] has joined #openvpn
15:25 < brooksgarrett> Hello all
15:26 < brooksgarrett> I'm stumped and could use some help. Server can ping both peers. But peers can't communicate
15:26 < brooksgarrett> TCPDump on each endpoint shows the traffic reaches the target server, but the server simply doesn't respond
15:27 < brooksgarrett> It's not an async route. the end server just doesn't even reply
15:27 < brooksgarrett> Anyone seen similar?
15:29 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
15:39 < brooksgarrett> Woot. I've found the first ever case of "server says go away."
15:39 < brooksgarrett> !welcome
15:39 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
15:39 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:44 -!- brooksgarrett [~smuxi@173-31-41-191.client.mchsi.com] has quit [Ping timeout: 256 seconds]
15:59 -!- JordiGH [~jordi@octave/developer/JordiGH] has joined #openvpn
15:59 < JordiGH> Where should this last step be? https://forums.openvpn.net/topic16047.html
15:59 <@vpnHelper> Title: OpenVPN Support Forum changing resolv.conf - update-resolv-conf script : Configuration (at forums.openvpn.net)
15:59 < JordiGH> about calling update-resolve-conf ?
16:00 < JordiGH> In some-config.ovpn? That looks like an ini-file, not a script.
16:05 -!- JordiGH [~jordi@octave/developer/JordiGH] has quit [Quit: Jacking out]
16:09 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 246 seconds]
16:28 -!- c0deweaver [~c0deweave@unaffiliated/c0deweaver] has joined #openvpn
16:33 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Ping timeout: 252 seconds]
16:45 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
16:50 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
16:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
16:55 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:02 -!- Kobaz [~kobaz@its.kobaz.net] has joined #openvpn
17:06 -!- fred`` is now known as fred`
17:06 -!- fred` is now known as fred``
17:07 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
17:12 -!- eb0t [~ebot@unaffiliated/eblip] has quit [Ping timeout: 252 seconds]
17:14 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
17:15 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
17:26 -!- eb0t [~ebot@unaffiliated/eblip] has joined #openvpn
17:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:40 -!- eb0t [~ebot@unaffiliated/eblip] has quit [Ping timeout: 246 seconds]
17:47 -!- liriel [~liriel@185.21.217.6] has quit [Quit: bye]
17:53 -!- eb0t [~ebot@unaffiliated/eblip] has joined #openvpn
17:54 < eb0t> i have a server on the 10.0.0.0 network onto which i have installed openvpn
17:54 < eb0t> i have a linux pc on network 192.168.0.0 which i have connected to the vpn server
17:54 < eb0t> when i look at the ifconfig
17:55 < eb0t> i now have a tun0 device that is connected to subnet 172.22.33.0 network on both devices
17:55 < eb0t> how can i tell if my traffic to the internet from the pc is being routed through the vpn server
17:55 < eb0t> here is my routing table from my linux pc ..first is when i am connected to the vpn
17:56 < eb0t> second part is when i break down the connection
17:56 < eb0t> http://lpaste.net/136537
17:56 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
17:57 < eb0t> i just cant tell if my pc traffic is being routed through my vpn to the internet
18:00 -!- rocker [be88adaa@gateway/web/freenode/ip.190.136.173.170] has joined #openvpn
18:00 -!- eblip [~eb0t@unaffiliated/eblip] has joined #openvpn
18:02 < rocker> hi, i want to use the pw-file function to enable a basic authentication over the console management interface, but i can't find examples on the CONSUMER side. i'm serving the pw-file in the command line arguments, but how should i validate against it in the from my custom ui? i just throw the auth key without prefix and it works? redis, for example, require a "AUTH" prefix for it to work, but i can't find any example about it on th
18:05 -!- haroldofurtado [~textual@191.251.241.148] has joined #openvpn
18:08 -!- haroldofurtado [~textual@191.251.241.148] has quit [Client Quit]
18:08 -!- haroldofurtado [~textual@191.251.241.148] has joined #openvpn
18:09 -!- haroldofurtado [~textual@191.251.241.148] has left #openvpn []
18:11 -!- haroldofurtado [~textual@191.251.241.148] has joined #openvpn
18:12 -!- haroldofurtado [~textual@191.251.241.148] has quit [Client Quit]
18:27 -!- dazo is now known as dazo_afk
18:29 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
18:56 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
18:58 -!- seoner [~usr@gateway/vpn/privateinternetaccess/sand3r] has joined #openvpn
18:58 < seoner> hi
18:58 < seoner> ERROR: Linux route add command failed: external program exited with error status: 7
18:58 < seoner> what is this about
18:58 < seoner> ?
18:58 < seoner> anybody here?
19:09 -!- fareak [b219681d@gateway/web/freenode/ip.178.25.104.29] has quit [Quit: Page closed]
21:00 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
21:00 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
21:05 -!- Muad`Dib [~muaddib@unaffiliated/shadok] has joined #openvpn
21:08 -!- shadok_ [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 256 seconds]
21:38 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has quit [Quit: Searching for Waimea]
21:47 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has joined #openvpn
21:54 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
22:23 -!- seoner [~usr@gateway/vpn/privateinternetaccess/sand3r] has quit [Ping timeout: 264 seconds]
22:26 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has quit [Quit: Searching for Waimea]
22:28 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has joined #openvpn
22:40 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 248 seconds]
22:41 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has quit [Quit: Searching for Waimea]
22:43 < mnathani_> can an openvpn tunnel be terminated on a Mikrotik routers?
22:52 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
23:21 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit []
23:43 -!- ShadniX [dagger@p5481CC4C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:44 -!- ShadniX [dagger@p57941BAD.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Tue Jul 14 2015
00:12 -!- wowaname [h@love.wowana.me] has joined #openvpn
00:13 < wowaname> i'm only allowing openvpn access through a tor hiden service; is there a way i can disable tls in the configuration?
00:13 < wowaname> hidden*
00:14 < wowaname> plus this is for personal use so i'm not worried about losing an extra layer of encryption
00:16 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
00:20 < wowaname> im pretty sure i remember this place being more active
00:23 < mnathani_> wowaname: I asked a question back at 11:43 PM Eastern - still no response
00:23 < Eugene> mnathani_ - openvpn will run on anything, generally speaking. I'm not familiar with Mikrotik anything
00:23 < mnathani_> I too remember this place being more active
00:24 < mnathani_> Eugene: thanks
00:24 < mnathani_> Mikrotik makes routers running RouterOS operating system
00:24 < Eugene> wowaname - yes, you can run in static-key mode
00:24 < Eugene> mnathani_ - never heard of it. If you can get openvpn to compile, oughta work
00:25 < wowaname> Eugene in the man page i thought i saw completely plain authentication
00:25 < Eugene> wowaname - sure, you can do --cipher none
00:25 < Eugene> And --auth none
00:25 < Eugene> But that's really a terrible idea
00:25 < wowaname> yeah "a simple tunnel without security"
00:26 < wowaname> Eugene in an ovpn config?
00:26 < wowaname> without the -- i guess
00:26 < wowaname> ill try
00:26 < Eugene> !--
00:26 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
00:26 < Eugene> Really though, you should use a static key. Tor is a nasty place
00:26 < wowaname> ok
00:27 < wowaname> <Eugene> But that's really a terrible idea
00:27 < wowaname> like i said im fully aware but im using it through a hidden service which already provides security
00:27 < Eugene> Just because your address isn't published doesn't mean you can't be found
00:27 < Eugene> That's.... not really true.
00:27 < wowaname> lol
00:28 < wowaname> hidservauth cookies man
00:28 < wowaname> ive used tor long enough to understand hsdir scraping and whatnot
00:28 < wowaname> and how to prevent it
00:29 < Eugene> Good for you! But I still don't recommend running something without a key
00:29 -!- mystica555 [~mystica55@38.75.196.67] has quit [Ping timeout: 256 seconds]
00:29 < wowaname> :p
00:29 < wowaname> anyway thanks
00:30 < wowaname> i suppose plain user/pass auth is also possible, but i think i saw that somewhere so if i wanted to do that it wouldnt be hard
00:30 < wowaname> idk ill play with it
00:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:44 -!- mode/#openvpn [+o mattock1] by ChanServ
01:01 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:17 -!- izhak [c1c8156a@gateway/web/freenode/ip.193.200.21.106] has joined #openvpn
01:17 < izhak> Hi, guys! I need to setup a vpn connection to a server using openvpn on linux. The connection is certificateless (I mean no client's certificate). What option do I need to to specify in conf to make openvpn ask for username/password only?
01:18 < wowaname> wew, similar to my question
01:18 < wowaname> lol
01:20 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
01:20 -!- mode/#openvpn [+v hyper_ch] by ChanServ
01:20 <+hyper_ch> hi there, how can I include again another file in the config file?
01:25 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
01:26 < eb0t> its a bit worrying this channel...if you have questions and ask in say centos or linux about openvpn ..they send you to this channel....if you ask in here ....you definitely wont find your answer...so its catch 22 situation
01:26 <+hyper_ch> you get answers in here also
01:41 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:49 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:52 -!- mystica555 [~mystica55@38.75.196.67] has joined #openvpn
01:53 <+hyper_ch> ah... found it :)    config /path/to/file
01:53 <+hyper_ch> this allows me now to use https://paste.debian.net/282165/ in nixos :)
01:57 -!- apollo2k is now known as aPollO2k
02:06 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
02:12 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
02:15 -!- moviuro__ [~moviuro@ginfo.ext.ec-m.fr] has joined #openvpn
02:18 < moviuro__> Hi all, my OpenBSD client using tun + link0 can't ping my FreeBSD that has a tap interface. However, I can ping the server from my linux clients. Please, do NOT tell me to use tap on OpenBSD as it does NOT exist. The equivalent is tun + link0
02:20 < moviuro__> To further prove this, I have an other VPN with an OpenBSD server with tun+link0 and linux clients with tap and it works
02:43 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
02:55 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:25 < AWeSomeAo> !seen v0lZy
03:25 <@vpnHelper> v0lZy was last seen in #openvpn 3 days, 18 hours, 7 minutes, and 18 seconds ago: <v0lZy> byes
03:29 < moviuro__> I get this kind of messages (3 lines incoming) :
03:30 < moviuro__> Jul 14 10:29:25 popho openvpn[1072]: deadman-wonderland/156.18.26.78:20012 IP packet with unknown IP version=0 seen
03:30 < moviuro__> Jul 14 10:29:25 popho openvpn[1072]: deadman-wonderland/156.18.26.78:20012 MULTI: Learn: d6:f5:08:06:00:01 -> deadman-wonderland/156.18.26.78:20012
03:30 < moviuro__> Jul 14 10:29:26 popho openvpn[1072]: deadman-wonderland/156.18.26.78:20012 IP packet with unknown IP version=0 seen
03:37 < moviuro__> I'm also seeing this when trying to ping
03:37 < moviuro__> Tue Jul 14 10:36:48 2015 us=1494 TUN READ [38]
03:37 < moviuro__> Tue Jul 14 10:36:48 2015 us=1533 TLS: tls_pre_encrypt: key_id=0
03:37 < moviuro__> Tue Jul 14 10:36:48 2015 us=1593 UDPv4 WRITE [77] to [AF_INET]151.80.43.167:1718: P_DATA_V1 kid=0 DATA len=76
03:37 < moviuro__> Tue Jul 14 10:36:50 2015 us=140533 UDPv4 READ [53] from [AF_INET]151.80.43.167:1718: P_DATA_V1 kid=0 DATA len=52
03:37 < moviuro__> Tue Jul 14 10:36:50 2015 us=140915 TLS: tls_pre_decrypt, key_id=0, IP=[AF_INET]151.80.43.167:1718
03:37 < moviuro__> Tue Jul 14 10:36:50 2015 us=140988 PID_TEST [0] [SSL-0] [>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:55 0:56 t=1436863010[0] r=[0,64,15,0,1] sl=[9,55,64,528]
03:37 < moviuro__> Tue Jul 14 10:36:50 2015 us=141007 RECEIVED PING PACKET
03:37 < moviuro__> Tue Jul 14 10:36:54 2015 us=850000 UDPv4 READ [141] from [AF_INET]151.80.43.167:1718: P_DATA_V1 kid=0 DATA len=140
03:37 < moviuro__> Tue Jul 14 10:36:54 2015 us=850395 TLS: tls_pre_decrypt, key_id=0, IP=[AF_INET]151.80.43.167:1718
03:37 < moviuro__> Tue Jul 14 10:36:54 2015 us=850486 PID_TEST [0] [SSL-0] [4>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:56 0:57 t=1436863014[0] r=[-4,64,15,0,1] sl=[8,56,64,528]
03:37 < moviuro__> Tue Jul 14 10:36:54 2015 us=850517 TUN WRITE [110]
03:37 < moviuro__> Tue Jul 14 10:36:58 2015 us=56844 TLS: tls_pre_encrypt: key_id=0
03:37 < moviuro__> Tue Jul 14 10:36:58 2015 us=70796 SENT PING
03:37 < moviuro__> Tue Jul 14 10:36:58 2015 us=70878 UDPv4 WRITE [53] to [AF_INET]151.80.43.167:1718: P_DATA_V1 kid=0 DATA len=52
03:44 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
03:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:51 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:03 -!- plasma [plasma@antiquos.technopagans.com] has joined #openvpn
04:11 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
04:12 < Reventlov> >3 lines incoming
04:12 < Reventlov> lies
04:15 < moviuro__> *3 lines at first
04:17 < Reventlov> Well, try to be more precise: configuration on the openbsd client, on the server, routes on the client, routes on the server, logs on the client, logs on the server (when reading what you pasted I do not know at all of which logs you are talking of)
04:18 < Reventlov> (not saying i can help, just saying it's messy)
04:20 < moviuro__> server conf: http://ix.io/jIL ; obsd client conf: http://ix.io/jIM ; linux client conf: http://ix.io/jIO
04:20 < moviuro__> no IP is set though the fbsd does router advertizing (IPv6)
04:21 < moviuro__> if I manually setup IPv4 on the tap & tuns interfaces, I can ping the fbsd serv from linux clients, just not from obsd client
04:21 < moviuro__> my linux clients also get IPv6
04:23 < Reventlov> why are you not using dev-type tap on the openbsd client ?
04:23 < Reventlov> (with dev tun1)
04:23 < moviuro__> [09:18] <moviuro__> Hi all, my OpenBSD client using tun + link0 can't ping my FreeBSD that has a tap interface. However, I can ping the server from my linux clients. Please, do NOT tell me to use tap on OpenBSD as it does NOT exist. The equivalent is tun + link0
04:23 < Reventlov> well, read again.
04:23 < moviuro__> you too, Reventlov
04:24 < Reventlov> use dev tun1, and dev-type tap.
04:24 < moviuro__> I can't believe it actually worked
04:24 < moviuro__> this is so stupid
04:25 < moviuro__> like, tap doesn't exist on obsd
04:25 < moviuro__> but thanks, Reventlov
04:25 < Reventlov> yup, but you can specify a "dev-type"
04:25 -!- izhak [c1c8156a@gateway/web/freenode/ip.193.200.21.106] has quit [Ping timeout: 246 seconds]
04:28 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:28 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 248 seconds]
04:32 -!- Muad`Dib is now known as shadok
04:33 < moviuro__> dev-type tap didn't make sense to me though, thanks for pointing it out
04:42 < Reventlov> well, openvpn use the name of the interface to find out which kind of interface it is
04:43 < Reventlov> tun* -> tun, tap* -> tap
04:43 < Reventlov> when you use tun + link0, you are using a tap interface named tun*
04:43 < Reventlov> so you have to force the type of the interface in the openvpn configuration
04:44 < Reventlov> (when I mean kind of interface, I mean the layer: tap = 2, tun = 3)
04:46 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Quit: Konversation terminated!]
04:50 -!- JackWinter [~jack@vodsl-9583.vo.lu] has joined #openvpn
04:52 < moviuro__> thanks for the explanation, Reventlov
05:01 -!- mnathani_ [~zeshoem@192.0.149.228] has quit [Ping timeout: 250 seconds]
05:01 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
05:10 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
05:16 -!- dazo_afk is now known as dazo
05:17 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:58 -!- peder [~peder@rubin.ifi.uio.no] has quit [Ping timeout: 240 seconds]
05:59 -!- peder [~peder@rubin.ifi.uio.no] has joined #openvpn
06:09 -!- moviuro__ [~moviuro@ginfo.ext.ec-m.fr] has quit [Ping timeout: 256 seconds]
06:09 < ValdikSS> Hi! How can I see all the TLS ciphers server accepts?
06:10 < ValdikSS> Not --show-tls, but if they are configured and I want to see it with client.
06:10 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
06:11 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 264 seconds]
06:17 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:35 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
06:51 -!- fred`` [fred@earthli.ng] has quit [Quit: +++ATH0]
06:52 <@dazo> ValdikSS: --show-ciphers?
06:52 < ValdikSS> dazo: I need TLS ciphers
06:53 < ValdikSS> dazo: I want to get TLS ciphers list from the client side if I don't have access to the server.
06:54 <@dazo> There is no way to see from a client's perspective which ciphers the server accepts ... it supports only the cipher configured, where blowfish is the default unless otherwise confgirured
06:54 <@dazo> for the tls-ciphers, I don't recall the defaults
06:55 <@dazo> ValdikSS: seems to be set to: DEFAULT:!EXP:!PSK:!SRP:!kRSA  by default ... if that has been modified, then you do need to see the server config
06:56 < ValdikSS> dazo: I'm walking about TLS ciphers. Client can surely see them all.
06:56 < ValdikSS> talking*
06:56 < ValdikSS> dazo: if it's not implemented, I'll do it.
06:58 -!- fred`` [fred@earthli.ng] has joined #openvpn
06:58 <@dazo> syzzer knows the code paths in these areas far better, so he might be able to provide better information
07:01 < subzero79> hi there is it possible to fire mount nfs at route-up? all my tests fail, the openvpn network is only available after the "initialization sequence completed" appears
07:01 < subzero79> i had to use script inside the script to send the mount to the bg
07:02 <@dazo> subzero79: yes, that should be doable ... I used to do that earlier, and I used --route-pre-down to unmount the NFS share when openvpn shuts down
07:02 <@dazo> but you do need to use a mount script to make it work
07:03 < subzero79> i use
07:03 < subzero79> a script
07:03 < subzero79> with the mount command inside
07:03 <@dazo> good
07:04 <@dazo> route-up should be started after the tunnel is established and routes have been set.  Routes cannot be set before the tunnel is established
07:04 <@dazo> The route-up script, that is
07:04 <@dazo> you might need to use --route-delay though
07:05 < subzero79> it gets stalled /sbin/ip route add 172.25.0.0/24 via 172.25.0.6
07:05 <@dazo> if it stalls when adding routes, then it's a different issue
07:05 < subzero79> i can ping the remote server
07:05 < subzero79> inside the vpn link
07:06 <@dazo> !logs
07:06 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
07:06 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
07:08 < subzero79> ok, let me increase verb
07:13 < subzero79> nothing is the same, stops at ip route add, only way it works putting another script inside like "sh /etc/openvpn/nfs-in &"
07:14 < subzero79> but with the route-up script and the mount command inside stops, like it never reaches the remote network
07:14 < subzero79> dazo, how much delay you reckon?
07:15 <@dazo> if your route setup halts, I do indeed expect mounts to halt as well
07:15 <@dazo> !logs
07:15 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
07:21 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has joined #openvpn
07:31 < subzero79> dazo, i was pasting and cleaning the logs
07:32 < subzero79> the initialization sequence completed but the nfs mount timed out
07:32 < subzero79> this is the client http://pastebin.com/6jV4Qwfj
07:32 < subzero79> i'll give it a go with route delay
07:34 <@dazo> okay, so it's not the 'ip route add' which times out ... it is just the mount
07:34 <@dazo> how does your mount script look like?
07:34 <@dazo> need to see server logs too, to compare a few things
07:35 < subzero79> server http://pastebin.com/nLDnsPqh
07:36 < subzero79> the mount script is as simple as mount http://paste.debian.net/plain/282259
07:37 <@dazo> begins to smell like a firewall issue
07:37 < subzero79> ok
07:37 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 246 seconds]
07:38 < subzero79> at server or client?
07:38 <@dazo> most likely server
07:38 <@dazo> but NFS over VPN isn't a fun challenge ... I am right that the NFS server is the same box as the VPN server?
07:39 < subzero79> yes
07:39 < subzero79> and if i run manually the script after ovpn is up the share mount
07:39 < subzero79> mounts
07:39 <@dazo> okay, that takes some extra routing challenges off the table
07:39 < subzero79> thing is i can the see the ip add route there
07:39 <@dazo> which distro is this?
07:39 < subzero79> ip r s displays the route
07:40 < subzero79> but i still can't ping the server
07:40 < subzero79> debian wheezy remote and local
07:40 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
07:40 < subzero79> remote and client, the client is using the backport openvpn
07:40 < subzero79> can't remember if i changed the server
07:41 <@dazo> okay .... please pastebin iptables-save on both server and client
07:41 < subzero79> the server is bpo also
07:42 -!- rich0_ is now known as rich0
07:44 < subzero79> this is server http://pastebin.com/K6zvmEX1
07:46 < subzero79> this is client http://pastebin.com/01jZ95a5
07:46 <@dazo> running openvpn inside a docker container?
07:46 < subzero79> no
07:46 <@dazo> okay, good
07:48 < subzero79> had the same fun yesterday with samba, i still had to use a wrapper
07:48 <@dazo> I'd try to add a -j LOG at the end if the INPUT chain, to see what gets blocked .... nothing should really block your openvpn tunnel ... and the FORWARD chain is also completely open
07:49 <@dazo> yes, openvpn's script hooks adds a some arguments when it calls those scripts, which most likely is not understood by any mount command
07:51 < subzero79> are you referring to the env vars?
07:51 <@dazo> nope, env vars is in addition to the arguments
07:52 <@dazo> (those args are actually poorly documented, when I think about it)
07:53 < subzero79>  i have an issue with server logs, is an openvz instance
07:53 < subzero79> iptables logs go to kern.log?
07:53 <@dazo> well, openvz can often be more troublesome
07:53 <@dazo> yes, you should see them in 'dmesg' though
07:54 <@dazo> try adding --route-delay 5 ... and see if 5 seconds delay is enough, if it is, you can try to reduce it to 3
07:54 < subzero79> let me flush the firewall shortly and try
07:59 < subzero79> still the same
07:59 < subzero79> the ps ax | grep mount doesn't show any strange arguments pass to the commmand
07:59 < subzero79> during the ip route add stall
08:00 <@dazo> no, ip route add does not stall ... it is the mount which stalls
08:00 <@dazo> when the log line stating the ip route add does not have any error or warnings, then it completed successfully
08:02 <@dazo> hmmm ... I noticed you have a restart going on, when i look further down the client logs
08:02 <@dazo> are the clocks in sync?
08:03  * dazo compares timestamps between client and server logs
08:03 < subzero79> ok, i;ve put them in the same TZ, but date shows 3 minutes
08:04 <@dazo> well, run ntpdate -bu pool.ntp.org on both boxes
08:04 < subzero79> ok
08:04 < subzero79> don't have that command
08:05 <@dazo> you need to install some ntp packages then
08:05 <@dazo> those clocks needs to be in sync, 3 minutes may be just too much
08:05 < subzero79> now is 14 sec
08:06 < subzero79> sorry 1 sec
08:06 <@dazo> that's okay
08:06 <@dazo> please provide complete logs again .... and I noticed you have a restart going on on the client, so I need the same time window on both client and server
08:09 < subzero79> okay
08:09 <@dazo> please let the restart happen too
08:09 <@dazo> that provides useful information
08:10 < subzero79> the restart option i put that for the daemon, i am running the tests openvpn client.conf in terminal
08:11 <@dazo> you don't need to add any options ... use the same config ... the restart happens automatically
08:11 < subzero79> damn, my server shuts down at this time, give me some minutes
08:11 <@dazo> that's not a good sign either
08:12 < subzero79> the client is a house nas
08:15 < subzero79> don't see the restart directive
08:16 <@dazo> I said: Do NOT add arguments .... restarts happen automatically, you already have this configured
08:16  * dazo need to run for a meeting
08:17 < subzero79> we can talk tomorrow, is 11PM here
08:18 < subzero79> i can live with the wrapper script for now, i'll compare the timestamps
08:27 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
08:33 -!- zamber [~zamber@dynamic-78-8-247-162.ssp.dialog.net.pl] has quit [Ping timeout: 256 seconds]
08:35 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
08:38 -!- zamber [~zamber@dynamic-78-8-43-223.ssp.dialog.net.pl] has joined #openvpn
08:57 -!- TorCa [~pdiablo@unaffiliated/denyall/x-000001] has joined #openvpn
09:00 -!- JackWinter_ [~jack@vodsl-10287.vo.lu] has joined #openvpn
09:00 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 256 seconds]
09:02 -!- JackWinter [~jack@vodsl-9583.vo.lu] has quit [Ping timeout: 256 seconds]
09:08 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
09:18 -!- rich0_ is now known as rich0
09:29 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has joined #openvpn
09:33 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
09:33 -!- mode/#openvpn [+v s7r] by ChanServ
09:47 <@syzzer> ValdikSS: no, iirc the client can not see the TLS ciphers supported by the server (without 'brute-forcing' connections), because TLS specs that the client advertises a list of supported ciphers, and then the server picks one and tells the client which it picked
09:48 <@syzzer> (and besides that, OpenSSL does not really help you with getting this information out of the library)
09:49 <@syzzer> that said, if you manage to implement such a thing (either serverside, or clientside if I'm mistaken about TLS), without adding a lot of code, that would be a very welcome patch
09:49 < ValdikSS> syzzer: Hrmm. I see. Another question then: is it possible to use OpenSSL cipher list for OpenVPN? Like DEFAULT:!MD5 ?
09:50 <@syzzer> yes. see --tls-cipher
09:51 < ValdikSS> syzzer: Doesn't work for me
09:51 < ValdikSS> syzzer: openvpn --tls-cipher 'DEFAULT:!aNULL:!eNULL' --show-tls
09:51 < ValdikSS> syzzer:
09:51 < ValdikSS> Tue Jul 14 17:51:28 2015 No valid translation found for TLS cipher '!aNULL'
09:51 < ValdikSS> Tue Jul 14 17:51:28 2015 No valid translation found for TLS cipher '!eNULL'
09:52 <@syzzer> yes, you can ignore those
09:52 < ValdikSS> syzzer: oh, it really works. Thanks!
09:54 <@syzzer> yw :)
09:56 <@syzzer> I know you're not a novice user, but I still want to give you a fair warning: it is quite easy to break your setup or reduce the security with --tls-ciper
09:56 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
09:56 <@syzzer> so use with care ;)
10:04 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
10:08 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has quit [Quit: Searching for Waimea]
10:09 -!- aPollO2k is now known as apollo2k
10:10 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:11 < ValdikSS> syzzer: sure, thanks. I though server sends all supported ciphers to client, just like in HTTPS, and that list could be long.
10:11 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has joined #openvpn
10:14 < ValdikSS> syzzer: so I just wanted to optimize it.
10:14 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:16 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
10:20 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 264 seconds]
10:20 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Quit: HanSooloo]
10:23 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 264 seconds]
10:24 <@syzzer> ValdikSS: HTTPS uses TLS, so that part should indeed be the same as with HTTPS
10:25 <@syzzer> the ciphers are however sent as a list of 32-bit integers, where each integer represents a cipher
10:25 <@syzzer> so even a long list is not that long in terms of bytes :)
10:57 -!- rocker [be88adaa@gateway/web/freenode/ip.190.136.173.170] has quit [Quit: Page closed]
11:04 < mystica555> for the love of god, why is iptables giving me 'invalid opcode' when i march=nocona mtune=atom
11:04  * mystica555 yanks his hair out, and tries mtune generic\
11:04 < mystica555> piece of @#%@#^$Q$W^%*(#
11:06 -!- cstk421 [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has joined #openvpn
11:14 < mystica555> should mention, virtualbox
11:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
11:22 < Thermi> mystica555: make sure you clean the source directory before you compile anew.
11:22 < mystica555> i've made clean about 8 times in the past week
11:22 < Thermi> invalid opcode means that the binary contains an instruction which the current CPU does not understand.
11:22 < mystica555> yes
11:23 < Thermi> Are you cross compiling?
11:23 < mystica555> and i cannot understand how this happens with march=nocona (first 64bit cpu) and virtualbox
11:23 -!- TorCa [~pdiablo@unaffiliated/denyall/x-000001] has quit [Read error: Connection reset by peer]
11:23 < mystica555> oh derp. i'm not in #openwrt.
11:23 < Thermi> Compil explicitely for 64 bit, not nocona.
11:24 < Thermi> march=x86-64, if you want to compile for x86 architecture with 64 bit.
11:25 < mystica555> that march= doesn't exist in gcc 4.8..
11:25 < mystica555> https://gcc.gnu.org/onlinedocs/gcc-4.8.2/gcc/i386-and-x86-64-Options.html#i386-and-x86-64-Options
11:25 <@vpnHelper> Title: i386 and x86-64 Options - Using the GNU Compiler Collection (GCC) (at gcc.gnu.org)
11:27 < Thermi> That value is set in makepkg.conf or Arch by default as part of the CFLAGS and CXXFLAGS, so I doubt that they not exist.
11:28 -!- anoopcs [anoopcs@gateway/shell/firrre/x-xrhbuheozncfangk] has joined #openvpn
11:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
11:30 < anoopcs> I had my VPN network connection configured way back. Recently I renamed by local user account name and after a restart I could no longer see the VPN network in the list. I'm on fedora22 gnome 3.16
11:30 < Thermi> mystica555: https://stackoverflow.com/questions/16273561/gcc-generic-march-for-all-the-x64-platforms
11:30 <@vpnHelper> Title: 64bit - gcc generic march for all the x64 platforms - Stack Overflow (at stackoverflow.com)
11:31 < anoopcs> How can I verify whether my previous settings are still present or not?
12:02 < anoopcs> I got the following error on running vpnc
12:02 < anoopcs> vpnc: Error binding to source port. Try '--local-port 0'
12:02 < anoopcs> Failed to bind to 0.0.0.0:500: Permission denied
12:09 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 240 seconds]
12:13 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
12:19 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
12:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:34 < ValdikSS> syzzer: there is a parameter length limit in the config file.
12:35 < ValdikSS> syzzer: it's pretty small and it's not allowed to break the line with backslash
12:38 <@syzzer> ValdikSS: yes, I ran into that before indeed. Should probably be increased.
12:38 <@syzzer> temporary workaround: you're allowed to supply longer arguments on the command line
12:39 < ValdikSS> syzzer: and it seems that OpenSSL ciphers are not allowed in the configuration file
12:39 < ValdikSS> syzzer:
12:39 < ValdikSS> Tue Jul 14 20:38:40 2015 Failed to set restricted TLS cipher list: ECDHE+AESGCM:ECDHE+AES:DHE+AESGCM:DHE+AES:!ECDSA:!DSS:!PSK:!SRP:!EXP: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match
12:39 < ValdikSS> Tue Jul 14 20:38:40 2015 Exiting due to fatal error
12:40 <@syzzer> there is no difference in parsing the lists from the command line or config file, apart from the code reading the config file line-by-line (which has the line length limit)
12:40 < ValdikSS> syzzer: hrmm that's strange. It works in OpenVPN 2.3.6 on ArchLinux (OpenSSL) but doesn't work on Fedora 22 with 2.3.7 (also OpenSSL)
12:41 <@syzzer> hmm, but you're supplying an empty list
12:42 <@syzzer> you specify two ECDHE cipher, and then disable stuff, amongst which all ECDHE suites ('!ECDHE')
12:42 < eb0t> test
12:42 < eb0t> how can i tell if my vpn tunnel is used
12:42 <@syzzer> tcpdump -i tun0
12:42 < ValdikSS> syzzer: no, I disable ECDSA
12:42 < ValdikSS> syzzer: https://gist.github.com/ValdikSS/994ddb2e63348b2347be archlinux, 2.3.6
12:42 <@vpnHelper> Title: gist:994ddb2e63348b2347be (at gist.github.com)
12:43 < ValdikSS> syzzer: https://gist.github.com/ValdikSS/a75b0bf91a65e1e1cef7 Fedora 22, 2.3.7
12:43 <@vpnHelper> Title: gist:a75b0bf91a65e1e1cef7 (at gist.github.com)
12:43 < ValdikSS> syzzer: I'll compile git master to check if it is indeed broken after 2.3.6
12:44 <@syzzer> ValdikSS: I guess the DHE+AES notation is not supported by the openssl on fedora 22
12:45 <@syzzer> try 'openssl ciphers DHE+AES' on both systems to check
12:45 <@syzzer> this what I meant when I said it is easy to break stuff with --tls-cipher ;)
12:51 < ValdikSS> syzzer: you're right. Strange.
12:51 < ValdikSS> ECDHE doesn't work but EECDH works
12:52 < ValdikSS> They dropped synonyms
12:52 -!- moviuro__ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
12:53 < ValdikSS> syzzer: DHE → EDH, ECDHE → EECDH
12:53 < moviuro__> Hi all! Does openvpn block any kind of packet, like, say, default route pushes?
12:55 < ValdikSS> moviuro__: from the LAN? Yes it can
12:55 < ValdikSS> syzzer: EECDH+AESGCM:EECDH+AES:EDH+AESGCM:EDH+AES:!ECDSA:!DSS:!PSK:!SRP:!EXP this works on both OSes
12:57 -!- eb0t [~ebot@unaffiliated/eblip] has quit [Ping timeout: 256 seconds]
12:57 < moviuro__> ValdikSS: and in a default configuration?
12:58 < moviuro__> because my DHCP server is on the other end of my VPN and I wish to get its packets unharmed
12:59 < ValdikSS> moviuro__: Do you have two DHCP servers on the network?
12:59 < moviuro__> no
12:59 < moviuro__> (of course not ^_^)
13:00 < moviuro__> I have [Openvpn server, DHCP server] -VPN-> (tap)-bridge-(eth) -> DHCP client
13:07 < DArqueBishop> Just out of curiosity, why are you bridging?
13:07 < moviuro__> DArqueBishop: because it's easy
13:07 < moviuro__> my clients are things like my phone and my laptops
13:07 < moviuro__> the bridge is the only VPN client
13:10 -!- eb0t [~ebot@unaffiliated/eblip] has joined #openvpn
13:12 < DArqueBishop> !tunortap
13:12 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
13:12 <@vpnHelper> rooted/jailbroken) support only tun
13:14 < moviuro__> openvpn eats away the option 3 of the DHCP reply
13:15 < moviuro__> it's the only explanation I can give
13:16 < moviuro__> DArqueBishop: can I do DHCP over tun?
13:20 < DArqueBishop> moviuro__, the OpenVPN server gives clients their IP addresses.
13:21 < moviuro__> DArqueBishop: can it give my phone an IP address if it isn't a VPN client?
13:23 < DArqueBishop> ... okay, wait.
13:23  * DArqueBishop looks at the setup a little more closely.
13:23 < DArqueBishop> ... why do you have it set up like that?
13:23 < moviuro__> because I want my local network to go out from my server that sits in OVH's datacenter
13:26 < moviuro__> (this includes my phone, my laptops, and my gf's stuff as well)
13:26 < moviuro__> so here, I have a little fella that creates a link to my server
13:26 < DArqueBishop> So you have a local gateway that connects to your VPN server at the datacenter, and want all of your traffic to go out that way?
13:26 < moviuro__> and it bridges its second eth to its tap interface
13:27 < moviuro__> and on that tap interface, I have put a "wifi router" in bridge mode
13:27 < moviuro__> so everything connecting to the wifi goes to the bridging machine, then to the server, then out
13:28 < DArqueBishop> Not how I would have done it, but that's just me.
13:28 < moviuro__> I also want IPv6 at home
13:28 < moviuro__> that seemed like the simplest way to do it
13:29 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
13:29 -!- Gman32 [~Gman32@76.72.167.208] has joined #openvpn
13:29 -!- RBecker_ [~Ryan@openvpn/user/RBecker] has joined #openvpn
13:29 -!- mode/#openvpn [+v RBecker_] by ChanServ
13:30 -!- varesa_ [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
13:30 -!- EugeneKay [eugene@kashpureff.org] has joined #openvpn
13:30 -!- Netsplit *.net <-> *.split quits: themayor, pppingme, varesa, AWeSomeAo, kwmiebach, zamber, Haseo, SJr, Haigha, zamba,  (+11 more, use /NETSPLIT to show all of them)
13:31 -!- Netsplit over, joins: SJr
13:31 -!- EugeneKay is now known as Eugene
13:31 -!- x5eb is now known as _0x5eb_
13:31 -!- RBecker_ is now known as RBecker
13:31 -!- Netsplit over, joins: Haseo
13:32 -!- Netsplit over, joins: bakhtiya
13:34 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
13:34 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
13:35 -!- zamber [~zamber@dynamic-78-8-43-223.ssp.dialog.net.pl] has joined #openvpn
13:46 < moviuro__> so ? I want my default route pushed!
13:47 -!- kubanc [59d49979@gateway/web/freenode/ip.89.212.153.121] has joined #openvpn
13:47 < kubanc> hello, any idea what is this error: Cannot load certificate file alen.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
13:48 < kubanc> in my client.ovpn I have set "key alen.key"
13:48 < moviuro__> kubanc: use an absolute path
13:48 < moviuro__> openvpn can't open it
13:49 -!- kcaj [kcaj@unaffiliated/kcaj] has joined #openvpn
13:49 < DArqueBishop> kubanc, you have a reference to a file called alen.crt.
13:49 < DArqueBishop> !configs
13:49 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:52 < moviuro__> https://community.openvpn.net/openvpn/ticket/312#comment:3
13:52 <@vpnHelper> Title: #312 (default gw gets stripped from dhcp packets that go over a openvpn bridge) – OpenVPN Community (at community.openvpn.net)
13:52 < moviuro__> I don't get the meaning of it: I get the DHCP router stripped from my answers when I need it
13:52 < eb0t> hey in my configs i stated UDP...how does this work as my tunnel seems to be handlng tcp traffic
13:52 < eb0t> is there something i am missing
13:52 < moviuro__> eb0t: UDP is for OpenVPN itself, it encapsulate your traffic in UDP
13:53 < eb0t> ah ok
13:53 < eb0t> by the way i didnt select aes or 3 des  in the config
13:53 < eb0t> does that mean my traffic is unencrypted
13:54 < eb0t> on teh openvpn website it shows you how to configure vpntunnel but doesnt mention selecting aes or 3des
13:54 -!- cstk421_ [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has joined #openvpn
13:55 < moviuro__> eb0t: it tells you to generate a Certificate Authority with dh and stuff. AFAICT, it's encrypted
13:56 < moviuro__> (IIRC)
13:56 < eb0t> yes the cert and dh keys are just for authentication
13:56 < DArqueBishop> eb0t, from the OpenVPN HOWTO:
13:56 < DArqueBishop> "By default OpenVPN uses Blowfish, a 128 bit symmetrical cipher."
13:56 < DArqueBishop> !howto
13:56 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:56 < eb0t> ah there is a default
13:56 -!- kubanc [59d49979@gateway/web/freenode/ip.89.212.153.121] has quit [Quit: Page closed]
13:56 < eb0t> ok i want to use aes
13:56 < eb0t> thats the ticket
13:57 -!- cstk421 [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has quit [Ping timeout: 248 seconds]
13:57 < moviuro__> how do I get openvpn to NOT strip the DHCP reply from the packets it gets?
13:59 < eb0t> what do you mean strip the dhcp reply
13:59 -!- shovel_boss [~shovel_bo@unaffiliated/shovel-boss/x-4881665] has joined #openvpn
14:00 -!- shovel_boss [~shovel_bo@unaffiliated/shovel-boss/x-4881665] has left #openvpn ["Leaving"]
14:00 < eb0t> i think you set up the network that you want to offer the client the dhcp address from
14:00 < eb0t> and the it just works
14:01 < moviuro__> eb0t: I have a bit more complex setup
14:01 < eb0t> oh sorry
14:01  * mystica555 shoves openwrt build_dir out the window, and hopefully gets a glibc without movbe instructions :\
14:01 < moviuro__> I have DHCP clients that use the VPN client to get their DHCP reply from a remote server
14:01 < moviuro__> and this answer is stripped
14:02 < eb0t> ah i see ..so your using the dhcp server as a relay agent
14:02 -!- _Timon [~Timon@tt.cloud.tilaa.com] has quit [Quit: _Timon]
14:03 < moviuro__> sort of
14:06 < moviuro__> I'm gonna drop OpenVPN, I think
14:06 < moviuro__> I'll use L2TP or similar
14:10 -!- eb0t [~ebot@unaffiliated/eblip] has quit [Ping timeout: 246 seconds]
14:24 < mystica555> moviuro__: this relevant at all? https://forums.openvpn.net/topic11907.html
14:24 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN Clients don't get IP via DHCP Server : Configuration (at forums.openvpn.net)
14:26 -!- eb0t [~ebot@unaffiliated/eblip] has joined #openvpn
14:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:31 < DArqueBishop> moviuro__, personally what I would do is have the DHCP server on your local network and use routing/tun to route all internet traffic through the VPN.
14:33 < DArqueBishop> That's just from my experience, though. I don't see any reason, though, why your setup wouldn't work.
14:34 -!- ShadniX [dagger@p57941BAD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
14:34 -!- ShadniX_ [dagger@p5DDFFC30.dip0.t-ipconnect.de] has joined #openvpn
14:35 -!- ShadniX_ is now known as ShadniX
14:38 -!- caa24893 [~caa24893@nc6527d0a.cns.vt.edu] has quit [Quit: leaving]
14:45 -!- cstk421 [~cstk421@99-49-103-51.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
14:47 -!- cstk421__ [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has joined #openvpn
14:49 -!- cstk421_ [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has quit [Ping timeout: 244 seconds]
14:49 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:49 -!- mode/#openvpn [+o mattock1] by ChanServ
14:49 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
14:50 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:50 -!- cstk421__ [~cstk421@108-245-48-145.lightspeed.livnmi.sbcglobal.net] has quit [Remote host closed the connection]
14:51 -!- cstk421 [~cstk421@99-49-103-51.lightspeed.brhmmi.sbcglobal.net] has quit [Ping timeout: 244 seconds]
14:52 -!- zamba [marius@flage.org] has joined #openvpn
14:53 -!- zamba [marius@flage.org] has quit [Max SendQ exceeded]
14:54 -!- zamba [marius@flage.org] has joined #openvpn
14:57 -!- TheAlien [~alien@94-226-70-159.access.telenet.be] has joined #openvpn
14:57 < TheAlien> !welcome
14:57 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:57 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:57 < TheAlien> !goal
14:57 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:02 < TheAlien> hi, i am using clearos where openvpn and openldap are on the same machine. openvpn should authenticate using ldap to verify username-password, user exists and password correct should pass back a success to openvpn which should let user connect. however this isnt happening. at client computer i always got 'authorization failed'. logs used to show an err=49 invalid credentials but somehow i got rid of that and it STILL doesnt work. http://pa
15:02 < TheAlien> hi, i am using clearos where openvpn and openldap are on the same machine. openvpn should authenticate using ldap to verify username-password, user exists and password correct should pass back a success to openvpn which should let user connect. however this isnt happening. at client computer i always got 'authorization failed'. logs used to show an err=49 invalid credentials but somehow i got rid of that and it STILL doesnt work. http://pa
15:02 < TheAlien> im at the end of my rope, thanks!!
15:03 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-bpfwjdljomsuyyfh] has joined #openvpn
15:03 < DArqueBishop> TheAlien, your pastebin link (I assume that's what it is) gets cut off.
15:03 < TheAlien> should also be noted that ldapsearch and local login using ldap are WORKING with this dn and password
15:04 < TheAlien> i see, sorry, http://pastebin.com/gPkdfScu is the full link, has relative ldap-log and syslog sections
15:05 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
15:22 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
15:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
15:24 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
15:26 -!- dazo is now known as dazo_afk
15:26 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
15:31 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
15:32 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
15:33 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
15:33 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-bpfwjdljomsuyyfh] has quit []
15:36 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
15:44 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
15:46 -!- eb0t [~ebot@unaffiliated/eblip] has quit [Ping timeout: 250 seconds]
15:51 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
15:52 -!- eb0t [~ebot@unaffiliated/eblip] has joined #openvpn
16:00 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-oftezmdyjtqeeokm] has joined #openvpn
16:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
16:07 -!- ValdikSS [~valdikss@2002:b93d:9579:1::1067] has quit [Ping timeout: 240 seconds]
16:08 < eb0t> test
16:09 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 256 seconds]
16:11 < eb0t> hey with open vpn on linux....will i be able to make  a connection with the server ...then get onto another pc and have the full windows experience from pc 1
16:11 < eb0t> im not sure if i have to put a vnc client on the vpn server
16:11 < eb0t> whihc is the best way to do it
16:11 < eb0t> i have seen that there is something called client to client
16:11 < eb0t> but i think that makes a vpn between clients
16:11 < eb0t> what i am after is a vpn to the server ..then from the server i want to vnc or rdp onto a client
16:12 < eb0t> is that possible and what is the best way
16:12 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:17 < DArqueBishop> eb0t, if both machines are connected to the VPN, then you just connect to the VPN, and then from one client you can RDP/VNC into the second machine.
16:17 < eb0t> ah ok....but what if machine 2 is on the same network as the vpn
16:18 < DArqueBishop> (That is, provided clienttoclient is set in the VPN server's config file.)
16:18 < eb0t> can i ssh to the vpn then rdp to the second machine
16:18 < DArqueBishop> eb0t:
16:18 < DArqueBishop> !route
16:18 < eb0t> you see i want im not bothered abut the traffic between machine 2 and the vpn server beng encrypted
16:18 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
16:18 <@vpnHelper> client
16:20 < eb0t> ill take a look see if that helps...reason is ...i knew a pc support guy and he said he could get onto the client site via ssh
16:21 < eb0t> and from there he could remotely support anyones pc on the network
16:21 < DArqueBishop> eb0t, it'll work provided it's configured correctly.
16:21 < eb0t> by then using rdp or vnc
16:21 < eb0t> so he supported like 100 users inside te network and they were not vpn' to the server
16:21 < eb0t> only he was
16:22 < eb0t> right as long as i know its possible then i can keep trying
16:22 < DArqueBishop> I used to have a similar setup. I would connect to the VPN from my client PC, and then RDP into the machine on the LAN from my client PC.
16:22 < eb0t> bingo that is EXACTLY WHAT I WANT to do
16:22 < DArqueBishop> The only reason I stopped using that setup was because there was an issue with the second network card on my VPN server.
16:22 < eb0t> ah ok
16:23 < DArqueBishop> So, yeah, look at those links. Those will guide you in what you need to do.
16:23 < eb0t> i think thats an amazing set up
16:23 < eb0t> to be honest i cant believe i have actually managed to pull off this vpn thing and that it works
16:24 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
16:27 < eb0t> after i get this thing singing and dancing ...im going to attempt to get it working on windows
16:28 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
16:28 < eb0t> which i know is just gonna mess up big time
16:30 < DArqueBishop> What, OpenVPN?
16:32 < eb0t> yes i mean attempt to get the windows open vpn client to work with my linux boxes
16:32 < eb0t> and the centos openvpn server
16:33 < DArqueBishop> It
16:33 < DArqueBishop> Er, it's not that hard.
16:35 < eb0t> windows just sends me into panick mode..as only the stuff you buy seems to work well.
16:35 < DArqueBishop> Install OpenVPN, dump config and certs/keys in Program Files\OpenVPN\config, and launch OpenVPN-GUI as administrator.
16:36 < eb0t> ah ok
16:38 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
16:38 -!- mode/#openvpn [+v s7r] by ChanServ
16:40 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
16:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
17:17 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
17:21 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit [Ping timeout: 240 seconds]
17:23 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:41 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 252 seconds]
17:48 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
17:57 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
17:57 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
18:34 -!- TheAlien [~alien@94-226-70-159.access.telenet.be] has quit [Read error: Connection reset by peer]
18:37 -!- eblip [~eb0t@unaffiliated/eblip] has quit [Ping timeout: 252 seconds]
18:37 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 252 seconds]
18:38 -!- eblip [~eb0t@unaffiliated/eblip] has joined #openvpn
18:43 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
18:56 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has quit [Ping timeout: 246 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:17 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
19:18 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has joined #openvpn
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:38 -!- pitastrudl [~quassel@unaffiliated/pitastrudl] has joined #openvpn
19:39 < pitastrudl> !welsomce
19:39 < pitastrudl> !welcome
19:39 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
19:39 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:39 < pitastrudl> hm
19:39 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
19:40 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
19:40 < pitastrudl> nice
19:40 < pitastrudl> fml, too sleepy to even think
19:41 -!- ngenen [be134ece@gateway/web/freenode/ip.190.19.78.206] has joined #openvpn
19:41 < ngenen> anyone there?
19:41 < ngenen> here*
19:41 < ngenen> sorry, any developer
19:42 < ngenen> would be interesting if the windows installation, made the openvpn shortcut be forced to run as admin
19:42 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
19:43 -!- kcaj [kcaj@unaffiliated/kcaj] has quit [Ping timeout: 256 seconds]
19:43 < ngenen> since that, when a server specify that clients can see eachother it needs admin rights to insert new routes
19:45 -!- kcaj [kcaj@unaffiliated/kcaj] has joined #openvpn
19:46 -!- ngenen [be134ece@gateway/web/freenode/ip.190.19.78.206] has quit [Quit: Page closed]
19:51 < pitastrudl> !logs
19:51 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
19:53 < pitastrudl> !logfile
19:53 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
19:55 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has quit [Quit: Searching for Waimea]
19:56 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
19:58 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
20:13 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 255 seconds]
20:16 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit [Remote host closed the connection]
20:25 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 250 seconds]
20:27 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
20:29 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
20:29 -!- mode/#openvpn [+v RBecker] by ChanServ
20:39 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
20:41 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
20:42 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
20:46 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 246 seconds]
20:52 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 252 seconds]
21:00 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
21:17 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
21:22 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
21:26 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
21:37 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
21:42 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
21:46 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
21:52 -!- TyrfingMjolnir [~Tyrfing@183.90.36.14] has joined #openvpn
22:07 -!- TyrfingMjolnir [~Tyrfing@183.90.36.14] has quit [Quit: For Valhall!]
22:14 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
22:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:35 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
22:35 -!- mode/#openvpn [+v RBecker] by ChanServ
23:09 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 264 seconds]
23:11 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
23:14 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
23:40 -!- ShadniX [dagger@p5DDFFC30.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:41 -!- ShadniX [dagger@p57941A54.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Wed Jul 15 2015
00:08 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:09 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit []
00:31 -!- moviuro__ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Ping timeout: 256 seconds]
00:44 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
01:01 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Max SendQ exceeded]
01:02 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
01:11 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Read error: Connection timed out]
01:15 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
01:25 -!- cyberspace- [20253@ninthfloor.org] has quit [Read error: Connection reset by peer]
01:30 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
01:40 -!- themayor [~themayor@unaffiliated/themayor] has quit [Quit: ZNC - http://znc.in]
01:45 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:50 -!- toli [~toli@ip-62-235-222-195.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:52 -!- toli [~toli@ip-62-235-221-146.dsl.scarlet.be] has joined #openvpn
01:54 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:23 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Ping timeout: 265 seconds]
02:25 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
02:32 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:33 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
02:33 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Quit: No Ping reply in 180 seconds.]
02:58 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has quit [Ping timeout: 250 seconds]
03:04 -!- _KaszpiR__ is now known as _KaszpiR_
03:18 -!- moviuro [~tbe@mail2.xs-polesecurite.fr] has joined #openvpn
03:18 < moviuro> Hi all, I'd like someone to explain what happens in this file, https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/dhcp.c and more precisely the part where openvpn drops the router address
03:18 <@vpnHelper> Title: openvpn/dhcp.c at master · OpenVPN/openvpn · GitHub (at github.com)
03:19 < moviuro> (I'm trying to understand what it does so I can ask for a proper fix for an issue I'm running into)
03:19 < moviuro> (I know 0 to little C)
03:24 < moviuro> L89 looks like the reason I'm getting issues: openvpn does not check the DHCP packet's destination and stoopidly removes the routers option
03:25 < moviuro> I'd like this to be changed to "If the package is destined to me ; then do what I currently do ; else let the packet pass unharmed"
03:25 < moviuro> isn't this reasonable?
03:39 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:48 -!- dazo_afk is now known as dazo
03:55 < moviuro> So yeah, that's it: the functions I pointed to simply always scrap the router option, which is not desirable. I'd like openvpn to check firsthand that the packet's destination is the openvpn client
04:26 -!- anoopcs [anoopcs@gateway/shell/firrre/x-xrhbuheozncfangk] has left #openvpn ["Leaving now . . ."]
04:29 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
04:38 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 248 seconds]
04:40 -!- thumbs [~frank@unaffiliated/thumbs] has joined #openvpn
04:50 -!- thumbs [~frank@unaffiliated/thumbs] has quit [Ping timeout: 264 seconds]
04:59 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 248 seconds]
05:14 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
06:10 < moviuro> 'k that's it: https://community.openvpn.net/openvpn/ticket/580#ticket
06:10 <@vpnHelper> Title: #580 (DHCP option ROUTERS gets dropped on packets not targetting the OpenVPN client) – OpenVPN Community (at community.openvpn.net)
06:12 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
06:19 <@dazo> moviuro: you do run openvpn with admin rights?
06:19 < moviuro> dazo: absolutely
06:20 <@dazo> just one control question ... why do you need to bridge?
06:20 < moviuro> because bridging is easy
06:21 < moviuro> and I don't want to run many services at home
06:21 <@dazo> no it is not
06:21 <@dazo> routing is easy, bridging is a can of worm who will really make you suffer
06:21 < moviuro> then, please, tell me what to do
06:21 <@dazo> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
06:21 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
06:22 <@dazo> moviuro: I've been hanging out here in this channel since 2009-ish ... And I believe I have experienced 2 or 3 times where bridging was the right solution .... for everyone else, routing has been the right solution
06:23 < moviuro> heh, but only tap does what I want
06:23 <@dazo> what do you want?
06:23 < moviuro> I want the client (the one at the bottom) to be openvpn free
06:23 < moviuro> ie, my phone, my gf's laptop
06:23 <@dazo> routing is still the answer
06:24 <@dazo> I have a setup where my wife's laptop accesses a server on a completely different network, which involves two different OpenVPN connections
06:24 <@dazo> she doesn't know what really happens ... she is just happy she can access her files on the remote server
06:25 <@dazo> Look at the "Using routing" section
06:25 < moviuro> does DHCP still work over this OpenVPN connection? How many DHCP servers do you have?
06:25 <@dazo> I have one DHCP server, which serves the local network
06:25 < BtbN> OpenVPN assigns IPs itself.
06:25 < BtbN> No need for a dhcp server.
06:25 <@dazo> BtbN++
06:26 < moviuro> BtbN: did you read the bug report ?
06:26 <@dazo> moviuro: involving DHCP will just make things unnecessarily harder for you
06:26 < moviuro> I want my home network to have IPv6, delivered from my remote server and use this server as GW
06:26 < moviuro> now what?
06:26 <@dazo> I do that as well
06:27 <@dazo> OpenVPN 2.3 provides excellent IPv6 supported, routed
06:27 <@dazo> --server-ipv6 and --push "route-ipv6"  are all you need
06:28 <@dazo> (--route-ipv6 is the IPv6 variant of the the --route option for IPv4)
06:28 <@dazo> s/variant/equivalent/
06:28 < moviuro> dazo: I still don't get it (scratch the technical stuff for the moment)
06:28 <@dazo> !tcpip
06:28 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know
06:28 < moviuro> thanks, I think I know this
06:29 < moviuro> DHCP runs on your local network, dazo, right?
06:29 <@dazo> moviuro: you do need to get basic understanding of TCP/IP primers then .... if you do not grasp routing, even bridging will make you fail
06:29 <@dazo> yes
06:29 <@dazo> which takes care of my local clients there
06:29 < moviuro> is there nat-ing involved?
06:29 <@dazo> when I connect via OpenVPN ... OpenVPN provides my clients with IP addresses
06:30 -!- elfixit1 [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
06:30 <@dazo> only for IPv4 traffic when I want to use the Internet via the VPN ... otherwise, pure basic TCP/IP routing
06:30 <@dazo> For IPv6, there is no need for NAT at all
06:30 < moviuro> yes, I get that
06:31 < moviuro> does your DHCP deliver adresses in the same space as your OpenVPN ?
06:31 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 264 seconds]
06:31 <@dazo> nope, OpenVPN is its own subnet, which is needed to make routing work
06:31 <@dazo> (this is Networking 101 knowledge)
06:32 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:32 < moviuro> so you just tell the server that the 192.168.home/24 is behind 10.op.en.vpn.client ?
06:32 <@dazo> yeah
06:33 < moviuro> what do you send to your DHCP clients, then ?
06:33 <@dazo> for access to LAN behind a client, you will need to use --client-config-dir and --iroute in addition
06:33 < moviuro> default via 192.168.home.1
06:33 <@dazo> I don't care about DHCP .... DHCP is completely irrelevant
06:33 < moviuro> and on the firewall,...?
06:34 <@dazo> firewall allows forwarding from the different networks over the VPN tunnel
06:34 <@dazo> DHCP is only needed in the local LAN to get Internet access in that LAN .... for VPN clients or servers, they don't simply care at all
06:35 <@dazo> mixing DHCP over VPN will really make things difficult
06:35 < moviuro> what is the fw's configuration on your openvpn client/dhcp server?
06:36 <@dazo> now, read that wiki page ... start with the Using Routing section ... it basically tells how to setup a pretty standard LAN behind server setup .... and from there, you can easily expand it to LAN behind client if needed
06:36 -!- APTX_ [~APTX@unaffiliated/aptx] has joined #openvpn
06:36 <@dazo> Do yourself a favor .... FORGET ABOUT DHCP
06:37 <@dazo> stop asking questions and start reading and learn to do things properly
06:37 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Ping timeout: 250 seconds]
06:37 -!- typ [~quassel@unaffiliated/typ] has quit [Ping timeout: 250 seconds]
06:37 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 250 seconds]
06:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
06:37 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 250 seconds]
06:37 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:42 < moviuro> dazo: I'll switch to routing, then
06:43 <@dazo> good!  the most clever thing I've heard today!
06:45 < moviuro> Still, I don't get all this hate about bridging: why is it wrong?
06:47 <@dazo> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
06:47 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
06:49 <@dazo> Bridging is not always wrong, but when routing does the job bridging will always be wrong ... as it increases the overhead on the VPN tunnel, it slows down the VPN tunnel due to the need to transfer broadcast traffic, way harder to debug (which you have experiences) and you basically need to be a network guru to really understand how use bridges properly
06:49 -!- pitastrudl [~quassel@unaffiliated/pitastrudl] has quit [Remote host closed the connection]
06:49 <@dazo> when you want to connect two single hosts together .... do you go out and buy a switch when a back-to-back connection is enough?
06:50 -!- pitastrudl [~quassel@unaffiliated/pitastrudl] has joined #openvpn
06:50 < moviuro> dazo: obviously, the answer is "back-to-back".
06:50 <@dazo> right ... and that's the case with bridging .... keep it simple
06:51 < BtbN> The only reason for bridging i can think of is for gaming, as some stupid games only work by broadcasting for other clients.
06:51 < moviuro> ifconfig bridge0 add tap0 rl0 # that was easy ;)
06:51 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Quit: Bye]
06:51 <@dazo> Bridging is for the professionals who understands when it is truly needed .... yes, bridging can work too, but it is not easier, it just look easier until you plant your feet into that salad
06:52 < moviuro> BtbN: still, you usually can specify an IP address
06:52 <@dazo> BtbN: correct ... where broadcast traffic is needed across the VPN, you need bridging
06:53 <@dazo> I mean ... even Windows got this right with WINS .... with WINS you don't need the same broadcast domain any more, and I believe they've deprecated WINS for proper DNS in later versions too
06:53 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
06:53 < BtbN> If you know the Hostname/IP of the target machine, there is no issue with samba.
06:53 < BtbN> Only the auto discovery might not work.
06:54 <@dazo> BtbN: yeah, I was thinking of auto discovery
06:54 < moviuro> good to know. Also, does samba use random ports? Or can I use it on my internet-facing server with some port redirections?
06:54 <@dazo> port redirection?
06:55 < BtbN> samba over the internet is usualy a bad idea
06:55 <@dazo> you don't need to do any magic with proper routing
06:55 < moviuro> PAT
06:55 < moviuro> dazo: I only have one /32 IPv4
06:55 < BtbN> Not like it doesn't work, but it's not designed for that usecase.
06:55 <@dazo> moviuro: with VPN + routing .... you don't need to think about PAT/PNAT/NAT at all on the traffic going on your private LANs and VPNs
06:56 < moviuro> oh, sorry, I'm on #openvpn, i thought I was on ##networking
06:56 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
06:57 < moviuro> (samba was meant to be used by authorized users even outside the VPN, that's why I asked. But sure, with routing and proper firewalling, inside my local network, I should have no issues)
06:59 <@dazo> seriously, moviuro, read the related chapters in the IBM Redbook mentioned in !tcpip .... I know it's boring and you might know some of it.  But do read it, you seem to have some glaring gaps in your networking knowledge ... once you get a grip of that, setting up the VPN properly is drop-dead-easy
07:05 -!- is-mw [~mw@f051003243.adsl.alicedsl.de] has joined #openvpn
07:29 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 246 seconds]
07:30 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
07:35 < is-mw> hi.. I try to setup a vpn gateway between my home office and the central office. Therefor I setup a raspberry pi with raspbian, installed openvpn, configured the vpn access and started the service. the vpn connection is successful and I can ping a pc in central office on the raspberry.
07:37 <@ecrist> congrats
07:39 < is-mw> Now I need to setup the routing on the raspberry.. but I'm not that familar with linux routing.. I switched the default gw of my pc to the address of the rapsberry. Now I want to route the 192.168.10.0 subnet through the tun0. the normal internet access (e.g. google.com) should be routed via my internet gateway 192.168.1.1 while some static ips should be routed via 192.168.160.1. Have sb. an idea or could help me with the routing?
07:40 < is-mw> sorry.. tap0 instead of tun0
07:42 < is-mw> I already enabled ip4 forwarding and I guess that I need to add some iptable roules
07:44 < is-mw> In the tutorial i read there are added the following roules:
07:44 < is-mw> ~# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
07:44 < is-mw> ~# iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
07:45 < is-mw> but then a) the internet access is routed through vpn and b) I cannot access the 192.168.10.0 network
07:46 < is-mw> my current routing table is:
07:46 < is-mw> Kernel IP routing table
07:46 < is-mw> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
07:46 < is-mw> 0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
07:46 < is-mw> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
07:46 < is-mw> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
07:46 < is-mw> 192.168.10.0    192.168.160.1   255.255.255.0   UG    0      0        0 tap0
07:46 < is-mw> 192.168.160.0   0.0.0.0         255.255.255.0   U     0      0        0 tap0
07:52 < moviuro> GW is 0.0.0.0 ? that's not right.
07:56 < is-mw> moviuro, no gateway should be 192.168.1.1
08:10 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
08:19 -!- TheAlien [~alien@94-226-70-159.access.telenet.be] has joined #openvpn
08:21 < TheAlien> hi, i am using clearos where openvpn and openldap are on the same machine. openvpn should authenticate using ldap to verify username-password, user exists and password correct should pass back a success to openvpn which should let user connect. however this isnt happening. at client computer i always got 'authorization failed'. logs used to show an err=49 invalid credentials but somehow i got rid of that and it STILL doesnt work
08:21 < TheAlien> http://pastebin.com/gPkdfScu has relavent ldap-log and sys-log sections. ideas?? at end of rope.. thanks :)
08:22 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
08:27 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
08:47 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
09:11 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
09:13 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:16 -!- is-mw [~mw@f051003243.adsl.alicedsl.de] has quit [Quit: Verlassend]
09:20 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
09:28 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
09:47 -!- crised [~crised@186.67.181.203] has joined #openvpn
09:50 < crised> Can my router have 2 or 3 simultaneous VPN tunnel connections, so for example when internal ip 192.168.1.10 browses internet through VPN tunnel 1, 192.168.1.20 through tunnel VPN 2... and so  on If I need to have 3 VPNs is it a good idea to change my pc IP in order to change tunnel? Is it a good idea to this at router level instead of pc level?
09:51 < DArqueBishop> Using 192.168.1.0/24 and 192.168.0.0/24 is always a bad idea.
09:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:52 -!- mode/#openvpn [+o mattock1] by ChanServ
09:53 < DArqueBishop> Anyway, there's no reason why you can't have multiple clients running. You'll run into problems if they're all on the same subnet.
09:53 < DArqueBishop> Each separate network should have its own subnet.
09:54 < crised> DArqueBishop: could you give me a numeric example for that?
09:55 < DArqueBishop> ... why would you need multiple VPN tunnels?
09:56 < crised> DArqueBishop: Becuase if I have a VPN server in Germany, and one in UK
09:56 < DArqueBishop> Personally, if your PC is the only one that's going to be doing that, I would simply do it on the PC and not the router.
09:56 < crised> DArqueBishop: ok
09:57 < crised> DArqueBishop: If more PCs would do this...
09:58 < crised> DArqueBishop: I mean more pc would do this
10:00 < DArqueBishop> Honestly, I don't think it's going to work like you think it will.
10:03 < DArqueBishop> I don't know what router you're working with, but from what little you're telling me, it's sounding like the router will have a brain freeze because it'll have multiple VPN connections, all of which are telling it to redirect its gateway.
10:05 < crised> DArqueBishop: I was thinking in an x86 OpenBSD router
10:05 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:06 < DArqueBishop> Your best bet? If you want to do it on the router level, then just have one VPN connection open at a time and all of your clients will go through that particular VPN. If your clients need to use different VPN connections, then do it on a PC level.
10:07 < crised> DArqueBishop: Why can't I make in the router that a given IP address go trough a partivular VPN?
10:07 < crised> DArqueBishop: isn't these routing tables?
10:07 -!- elfixit1 [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit1]
10:11 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 255 seconds]
10:11 < DArqueBishop> Yeah, but routing typically happens at a subnet level, not an individual IP address level.
10:12 < DArqueBishop> No offense, but you should really do some more research in regards to network routing.
10:12 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
10:13 < crised> DArqueBishop: yes I know I'm just asking at the moment
10:13 < DArqueBishop> !basic
10:13 <@vpnHelper> "basic" is if you do not understand basic networking, you probably should not be administrating a vpn... you should understand the basics of routing / firewalls first
10:14 < crised> DArqueBishop: ok, so PC would have to change different subnet, in order to the router redirects into appropiate tunnel, Does this sound better?
10:16 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
10:17 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
10:22 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
10:28 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
10:37 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
10:38 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Client Quit]
10:43 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has joined #openvpn
10:43 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has joined #openvpn
10:56 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
10:59 -!- Chex [sss@swampjax.northnook.ca] has joined #openvpn
11:20 -!- Netsplit *.net <-> *.split quits: Cust0sLim3n, dvl, Haseo
11:20 -!- Netsplit over, joins: dvl
11:20 -!- Netsplit over, joins: Haseo, Cust0sLim3n
11:20 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 240 seconds]
11:32 -!- wowaname [h@love.wowana.me] has joined #openvpn
11:47 -!- seoner [~usr@unaffiliated/sand3r] has joined #openvpn
11:47 < seoner> hi
11:47 < seoner> 1678 ?        Ss     0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd - 1679 ?        S      0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd
11:47 < seoner> how do i remove this?
12:22 <+esde> !welcome
12:22 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
12:22 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:24 -!- ikkuplio [~IceChat77@dslc-082-083-071-230.pools.arcor-ip.net] has joined #openvpn
12:25 < ikkuplio> hello. i have a tricky probly. i would like to connect through my openvpn client to the ssl server. since the ssl server is the address of the vpn server i guewss that is a tricky problem
12:26 < ikkuplio> i've tried to seolve this using apache but having the same vhost to listen on 2 ips is a problem from what i understand-..
12:27 < ikkuplio> so my vpn gw is 10.0.1.1. officially 201.10.1.12. so i need to get my client 10.0.1.5 to go through the vpn to connect to 201.10.1.12...
12:53 -!- ikkuplio [~IceChat77@dslc-082-083-071-230.pools.arcor-ip.net] has quit [Quit: Now if you will excuse me, I have a giant ball of oil to throw out my window]
12:57 < crised> How much do non techie users value navigating encrypted over the internet_
13:00 <@dazo> seoner: uhm ... I presume you'd get a better answer in #cyrus ... as that's not related to OpenVPN at all, but is most likely a cyrus-sasl service running (often used for authenticating email users)
13:00 <@dazo> (but not restricted to e-mail)
13:00 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
13:04 < crised> dazo: Hi again, I ended up doing the vpn tunnel
13:04 < crised> dazo: It was a routing problem
13:04 < crised> dazo: route table problem
13:04  * dazo have lost overview
13:05 < crised> dazo: How much regular people, value the idea of navigating encrypted?
13:06  * dazo shrugs
13:06 < crised> dazo: it's a simple question :)
13:06 <@dazo> ehm ... yes?
13:07  * dazo don't understand the question neither the context it was asked
13:07 <@dazo> crised: do you mistake me for DArqueBishop?
13:08 < DArqueBishop> It's quite possible he has.
13:08 < crised> dazo: To average John Doe... who doesn't know much about PCs and informatics, Does he values the idea of surfing the web encrypted?
13:08 < crised> dazo: nope, I spoke with you 4, 5 days ago
13:08 < DArqueBishop> The average Joe User doesn't care about encryption, in the sense of he doesn't understand what it means.
13:09 < crised> DArqueBishop: yes I know, but he doesn't understand internet too, but he values deeply
13:10 <@dazo> well, I've been working on a couple of OpenVPN patches, helped a handful of people here and on other IRC channels, installed installed sssd on 15-20 servers, hacked on a couple of scsi tools ... I honestly don't remember what I spoke about and with whom even 2 days ago
13:11 < DArqueBishop> The internet is something Joe User can see and directly use. Encryption is one of the backend behind the scenes items that he might hear about, or might notice the lock icon on the web browser toolbar... but it won't enter his everyday mind.
13:11 <@dazo> DArqueBishop++
13:11 <@dazo> And average user Joe gets scared when a warning about a perfectly sane SSL certificate pops up ... because the CA is unknown or the cert is self-signed
13:12 < DArqueBishop> As long as the internet works, Joe User doesn't care.
13:12 < crised> DArqueBishop: mm so average Joe won't value too much surfing the web thorugh a vpn
13:12 < DArqueBishop> Not in the slightest.
13:13 < crised> DArqueBishop: unless he wants do something anonymously
13:13 <@dazo> and in that case VPN is not the right solution even
13:13 < crised> dazo: why not?
13:13 < DArqueBishop> dazo, I remember the previous convo now.
13:13 < DArqueBishop> I think you recommended Tor to him.
13:14 <@dazo> Ahh!  I begin to have vague memories appearing
13:14 <@dazo> yes, Tor is the proper solution to anonymity
13:14 < crised> dazo: ok
13:14 < DArqueBishop> crised, if you use a VPN solution, your traffic still goes through a single endpoint that can be tracked and logged.
13:15 <@dazo> because with VPN, either the VPS hosting your own VPN server can figure out who you are and where you connect from .... or if you buy a public VPN access, that provider will also know or be able to figure out who you are
13:15 < crised> ok... so you won't be able to hide completely with VPN
13:16 <@dazo> If the intention is to avoid certain region blocks, VPN can be the right solution.  But VPN will never ever provide anonymity.  VPN isn't designed for that
13:16 < DArqueBishop> The purpose of a VPN is to create a virtual local network that connects through tunnels over the public network. That's it.
13:17 < crised> dazo: ok. On another subject, if I want to have 3 VPN connections in different countries. And I want every PC in my house being able to use them whenever I want. How would you achieve this on router level?
13:17 < crised> let's assume we have a good router, like  a OpenBSD router or Linux Router
13:17 < crised> DArqueBishop: ok
13:18 <@dazo> You can do this in multiple ways ... you can have a redundant setup, where it doesn't matter which of these three VPN servers you connect to ... and routing tables would chose the best route to where you want to go
13:19 < crised> dazo: it matters which of those 3 servers I connect to, I want to chooose among them
13:19 <@dazo> such a setup means that all VPN servers are connected to each other ... plus your home router connects to this cluster
13:19 < crised> dazo: Routing Tables in the router ok... How will the router know to which VPN tunnel to redirect
13:19 < crised> ?
13:19 < crised> dazo: Will the router discriminate from the internal local IP which tunnel to use?
13:19 < DArqueBishop> dazo, essentially he wants the user to be able to route through any given VPN connection at his choosing.
13:19 <@dazo> this is basic routing rules ... which can include metrics as well
13:20 < DArqueBishop> My response was essentially, "Either do it at the PC level or do a lot of studying about routing."
13:20 < crised> dazo: so all these  3 servers should have vpn connections among them?
13:21 < crised> dazo: How do I make this VPN cluster?
13:21 <@dazo> yes, and each of the external clients (home router, road warriors, etc) connect to the closest VPN server .... and the VPN cluster routes the traffic to the best way
13:21 < crised> dazo: awesome solution
13:22  * dazo double checks the OpenVPN 2 Cookbook
13:22 < crised> dazo: but... What if I want to access an IP from my country, I won't be needing VPN there, I want that VPN works only when a given IP is not reacheable i.e. oustide my country with country restriction
13:24 <@dazo> that's again routing ... you need to figure out which IP ranges you want to place in which country, based on where you are and where each of the VPN servers resides
13:25 <@dazo> so if you have one VPN server in the US, one in Germany and one in Russia and you are located in the UK ... you can have all local UK traffic go locally (outside the VPN), all traffic to Russian IP ranges exit on the Russian VPN host, and similar for Germany and US
13:26 <@dazo> and that is without the user doing anything else than to ensure it got a connection to either one of your VPN servers or is in your local UK LAN
13:26 <@dazo> !book
13:26 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2!
13:26 < crised> dazo: ok I got it, but why do VPN servers wouldned to be connected between them?
13:26 <@dazo> crised: ^^^ Grab a copy of that book ... there is a chapter ("recipe") which is called 3-way routing, which covers this topic
13:27 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
13:27 <@dazo> redundancy ... so if one of them goes down, it can route around it for traffic not related to the VPN server which is down
13:27  * DArqueBishop takes notes.
13:27 <@dazo> but, this is pretty hard-code routing setup ... if you're not well experienced with network routing, you do need to get a firm grip on that ... and you will truly learn a lot about routing doing this
13:27 < crised> dazo: routing question again: How can I tell the router that only internal IP 192.168.1.20 is allow to access the VPN tunnel?
13:28 < crised> dazo: which router would you advice for this? OpenBSD?
13:28 <@dazo> doesn't matter ... BSD or Linux can all manage very well
13:28 < crised> dazo: any specific linux distro?
13:29 <@dazo> I prefer RHEL, ScientificLinux or CentOS ... enterprise distros which have a long life-time (up to 10 years these days from first major release) ... they are rock solid and you don't need to worry much about updates breaking things
13:30 <@dazo> (SL and CentOS are based on RHEL source code, so they're basically the same)
13:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
13:30 < crised> dazo: why do OpenBSD guys claim that they are best when it comes to firewalling?
13:30 < crised> dazo: no Debian in your choices?
13:31 <@dazo> crised: Why do Microsoft claim Windows is the best OS in the world?
13:31 < crised> dazo: lol
13:33 <@dazo> I prefer RHEL based distros, because that's what I've become used to and it is very enterprise focused.  Debian is also a good distro, but I have never really played with it.  I had a Ubuntu laptop for a year or so, but got fed up that each update broke something and when I needed to manually decrypt /home before I could log in I had enough of it
13:34 <@dazo> I've also used Fedora a lot ... and it's good bleeding edge distro, but if you aim for stability (something I consider important on servers and infrastructure components), I choose the enterprise way
13:34 <@dazo> But I'm also brainwashed, as I work for Red Hat ;-)
13:36 <@dazo> (I've also used Crux, RootLinux, Slackware and Gentoo ... but wouldn't really recommend that for production at all, but fun to play with and you learn a lot about how a distro is put together with Gentoo)
13:37 < crised> dazo: you work for RedHat?
13:38 <@dazo> I do
13:38 < crised> Did you went to a JudCon in Brazil?
13:38 <@dazo> Nope, I'm located in Europe ... but I've been working in the same team as a couple of Brazilians
13:39 < crised> dazo: I recall your nick, maybe from CentOs
13:40 <@dazo> haven't been active there in many years ... but SL maybe
13:40 < crised> dazo: ok
13:46 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
14:00 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:09 < crised> dazo: what about a book about routing in this specific case?
14:09 <@dazo> !book
14:09 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2!
14:11 < crised> dazo: I'm talking abour *routing*
14:11 <@dazo> !tcpip
14:11 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know
14:12 < crised> dazo: thanks
14:27 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
14:50 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
15:04 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
15:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
15:30 < crised> when having an openvpn .ovpn file, how can I enter user & password
15:30 < crised> before it's prompted to me
15:30 < crised>    Konsole output     Enter Auth Username:
15:30 < crised>    
15:31 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:40 -!- a773326b [~a773326b@91.214.70.207] has joined #openvpn
15:42 -!- seoner [~usr@unaffiliated/sand3r] has quit [Ping timeout: 240 seconds]
15:59 -!- a773326b [~a773326b@91.214.70.207] has quit [Quit: exit]
16:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:05 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:21 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
16:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
16:29 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:36 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
16:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
17:00 -!- crised [~crised@186.67.181.203] has quit [Ping timeout: 256 seconds]
17:06 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
17:06 -!- s7r_q [~s7r@openvpn/user/s7r] has joined #openvpn
17:06 -!- mode/#openvpn [+v s7r_q] by ChanServ
17:12 -!- crised [~crised@ec2-52-28-5-212.eu-central-1.compute.amazonaws.com] has joined #openvpn
17:26 -!- s7r_q is now known as s7r
17:33 <+s7r> my vpn server also has ipv6
17:33 <+s7r> would like to use that as well
17:34 <+s7r> is it possible? at client end there is no native ipv6
17:51 -!- crised [~crised@ec2-52-28-5-212.eu-central-1.compute.amazonaws.com] has quit [Ping timeout: 246 seconds]
17:53 -!- TyrfingMjolnir [~Tyrfing@218.186.116.70] has quit [Ping timeout: 255 seconds]
18:06 -!- Denial- [~Denial@81.141.9.110] has quit [Ping timeout: 248 seconds]
18:08 -!- eb0t [~ebot@unaffiliated/eblip] has quit [Quit: WeeChat 1.1.1]
18:14 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
18:44 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 240 seconds]
18:49 -!- dazo is now known as dazo_afk
18:53 -!- wowaname [h@love.wowana.me] has joined #openvpn
18:53 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
19:08 -!- entourage [uid92165@gateway/web/irccloud.com/x-hwsjsmkmsqajnhvb] has joined #openvpn
19:10 < subzero79> Hello there, the --down argument has to point to a script, if i want the script before the tun closes then i need to use --down-pre, so we put the line down script.sh then another line down-pre without the script?
19:10 < subzero79> or is down script.sh down-pre script.sh
19:11 < entourage> I have downloaded a .ovpn file from my vpn provider how do I use it to configure openvpn i Ubuntu?
19:13 < subzero79> entourage, i think the network manager in ubuntu can import those files
19:14 < subzero79> in most default configurations the openvpn extension for the network manager doesn't come preinstalled
19:14 < subzero79> i can't remember the exact name, but if you search in synaptic you should find the reference by searching openvpn
19:19 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
19:23 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:26 <+esde> !network-manager
19:26 <+esde> !netmanager
19:27 <+esde> !netman
19:27 <@vpnHelper> "netman" is (#1) if you are using network manager for linux to configure your vpn, dont! http://openvpn.net/archive/openvpn-users/2008-01/msg00046.html to read the same thing from the author of the openvpn 2 cookbook on the mail list or (#2) Have OpenVPN working but not NetworkManager? Ask the n-m folks for help: http://projects.gnome.org/NetworkManager/
19:37 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
20:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:14 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
20:17 -!- Denial- [~Denial@81.141.9.110] has joined #openvpn
20:18 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 248 seconds]
20:21 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 250 seconds]
20:25 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
20:43 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-vffagixiychgtbkn] has joined #openvpn
20:43 < wallbroken> hi
20:44 < wallbroken> the final version of easyrsa3 has been released?
20:44 < wallbroken> i used it 1 year ago and there was this: https://github.com/OpenVPN/easy-rsa/releases
20:44 <@vpnHelper> Title: Releases · OpenVPN/easy-rsa · GitHub (at github.com)
20:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
21:31 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
21:34 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
21:36 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Ping timeout: 264 seconds]
21:38 -!- akamaru217 [~akamaru@2601:cd:4001:b705:140:d4bb:4603:8377] has joined #openvpn
21:41 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has joined #openvpn
21:47 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
21:53 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
21:54 < ghostboarder> hey guys probably an easy question, something i missed
21:55 < ghostboarder> connecting to vpn service using openvpn client on tomato router. Connects fine, data exchanged, but no DNS. Cant hit websites, not even icmp
21:56 < ghostboarder> hmmm wonder if i should try UDP instead
21:56 < ghostboarder> brb peeps
21:56 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
21:57 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
22:06 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
22:06 < ghostboarder> hm. no dice
22:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
22:13 -!- entourage [uid92165@gateway/web/irccloud.com/x-hwsjsmkmsqajnhvb] has quit [Quit: Connection closed for inactivity]
22:15 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
22:18 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 256 seconds]
22:20 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
22:27 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 256 seconds]
22:31 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
22:32 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Client Quit]
22:46 -!- dan_j [sid21651@gateway/web/irccloud.com/x-tbpibeowpzuxyunn] has quit [Ping timeout: 248 seconds]
22:47 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 256 seconds]
22:50 -!- Epakai [~coweater@pool-71-96-122-126.dfw.dsl-w.verizon.net] has joined #openvpn
22:51 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 246 seconds]
23:06 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit [Remote host closed the connection]
23:15 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
23:18 -!- TyrfingMjolnir [~Tyrfing@118.189.1.18] has quit [Quit: There is no cloud, there is just someone else's computer]
23:37 -!- dan_j [sid21651@gateway/web/irccloud.com/x-notzzxhxbnniyozr] has joined #openvpn
23:37 -!- kubanc [~kubanc@unaffiliated/kubanc] has joined #openvpn
23:38 -!- ShadniX [dagger@p57941A54.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:39 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
23:40 -!- ShadniX [dagger@p57941453.dip0.t-ipconnect.de] has joined #openvpn
23:58 < kubanc> Hello. I would like to redirect client's traffic throigh VPN server (I have installed dd-wrt with OpenCPN). I've added the command push "redirect-gateway def1" on the dd-wrt "open VPN config". In the VPN tutorial https://openvpn.net/index.php/open-source/documentation/howto.html#redirect I also need to do iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE and push "dhcp-option DNS 10.8.0.1" command. Where do I put them?
23:58 <@vpnHelper> Title: HOWTO (at openvpn.net)
--- Day changed Thu Jul 16 2015
00:05 -!- kubanc [~kubanc@unaffiliated/kubanc] has quit [Quit: Leaving]
00:13 -!- AMERICAN_PSYCHO [~AMERICAN_@147.sub-70-196-5.myvzw.com] has joined #openvpn
01:17 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:17 -!- mode/#openvpn [+o mattock1] by ChanServ
01:32 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 248 seconds]
01:32 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:36 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Read error: Connection reset by peer]
01:46 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
01:48 -!- vlt [~nobody@lvps87-230-93-209.dedicated.hosteurope.de] has joined #openvpn
01:50 < vlt> Hello. Is it possible to use a key and certificate built by ./build-key-server in cases where this machine (that is an openvpn server usually) connects as client to another one?
01:50 < vlt> (that is another server)
01:53 < vlt> Or should I better generate a second key using "./build-key machine_asclient"?
02:02 < moviuro> vlt: use another key
02:02 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
02:02 < moviuro> you don't use the same key for garage and car, it's almost the same here ;)
02:10 < ghostboarder> hey guys i asked this earlier but as a result of testing i may have missed helpful comments.....i am using openvpn on a tomato router and basically dont get dns resolution
02:10 < ghostboarder> ie no websites, even icmp doesnt work
02:11 -!- moviuro [~tbe@mail2.xs-polesecurite.fr] has quit [Ping timeout: 256 seconds]
02:11 < ghostboarder> set up exactly as the walkthrough on the vpn provider's site specifies
02:19 -!- moviuro [~tbe@mail2.xs-polesecurite.fr] has joined #openvpn
02:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
02:25 -!- voidstar [~imnotf@unaffiliated/voidstar] has quit [Ping timeout: 264 seconds]
02:25 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Remote host closed the connection]
02:26 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 248 seconds]
02:26 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
02:27 -!- voidstar [~imnotf@unaffiliated/voidstar] has joined #openvpn
02:30 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 256 seconds]
02:36 < vlt> moviuro: Ok, thank you :-D
02:37 -!- ghostboarder [~johngalt@151.236.14.155] has joined #openvpn
02:37 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
02:42 -!- kubanc [~kubanc@unaffiliated/kubanc] has joined #openvpn
02:42 -!- ghostboarder [~johngalt@151.236.14.155] has quit []
03:06 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
03:08 -!- linuxthefish [~ltf@unaffiliated/edmundf] has quit [Ping timeout: 255 seconds]
03:10 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
03:10 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
03:10 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Remote host closed the connection]
03:11 < moviuro> hmmm, I can't seem to ping the other end of my tun interface. The server shows no IP on the tun interface. I'm pretty sure something is wrong ^^
03:11 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit [Ping timeout: 265 seconds]
03:12 < kubanc> Hello. I need help. I have added this commands to dd-wrt command shell:http://paste.ubuntu.com/11886620/ and this are my server settings on the dd-wrt:http://paste.ubuntu.com/11886625/. If I enable firewall on dd-wrt I cannot connect to VPN but if I disable firewall the connection starts to process. What is wrong with the commands that I have putten inside command shell
03:18 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
03:29 < moviuro> (my issue was a stupid remnant of an old configuration with ifconfig-noexec
03:54 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-vffagixiychgtbkn] has left #openvpn []
03:54 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-vffagixiychgtbkn] has joined #openvpn
04:05 -!- dazo_afk is now known as dazo
04:23 < moviuro> !ipv6
04:23 <@vpnHelper> "ipv6" is (#1) The wiki has IPv6 details: https://community.openvpn.net/openvpn/wiki/IPv6 or (#2) The manpage contains info about IPv6 features present in 2.3+: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ
04:24 < moviuro> !fixed
04:25 < moviuro> i'd like to fix my clients' address for IPv4 as well as IPv6. Any pointers?
04:37 -!- Bruce_ [~bruce@2001:41d0:1:dd35::1] has joined #openvpn
04:39 < Bruce_> Hello, I have a little problem. I have a openvpn server that works perfectly when I assign an IP manually for a client, but I need to use a DHCP server for my clients, I tried to do bridging but that was not successful, am I in the wrong direction ?
04:39 < moviuro> !tunortap
04:39 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
04:39 <@vpnHelper> rooted/jailbroken) support only tun
05:01 < moviuro> dazo: so yes, indeed, tun is much faster than tap (42 Mbps vs 22 Mbps in the same conditions). thanks again for the help yesterday
05:04 <@dazo> moviuro: for static IP addresses ... use --client-config-dir ... and place a file for each client, using the certificate CN as filename ... inside that file, you do ifconfig-push and/or ifconfig-ipv6-push to provide the static IP address
05:04 <@dazo> moviuro: good to hear it performs better too!  That is not really unexpected, but doubling the speed is quite a bit higher than I'd expect ... that might be due to Windows bridging stack, though
05:05 <@dazo> Bruce_: why do you need the DHCP server to provide the IP addresses?
05:06 <@dazo> OpenVPN is fully capable of doing that ... and with some clever nsupdate hacks, OpenVPN can even update your DNS server
05:06 < moviuro> thanks, dazo, I was reading https://community.openvpn.net/openvpn/wiki/Concepts-Addressing . Also, I didn't use Windows in any of my devices. I'll retry the speed perf though
05:06 <@vpnHelper> Title: Concepts-Addressing – OpenVPN Community (at community.openvpn.net)
05:07 <@dazo> moviuro: but do beware that bridging can cause sever performance penalty ... it really depends on the amount of broadcast traffic in the LANs being bridged
05:09 <@dazo> moviuro: that "Addressing" page can be fairly well trusted, afaik JoshC knows his stuff
05:10 <@dazo> !redirect
05:10 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
05:10 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
05:10 <@dazo> !serverlan
05:10 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
05:10 <@dazo> meh .... ghostboarder was no longer online
05:10 < moviuro> tap: ~21Mbps, tun: ~24Mbps
05:10 <@dazo> that's a more expected difference
05:11 < moviuro> I was actully using tun inside the (don't hit me) tap network that "works"
05:11 < moviuro> this time though, it's the real thing
05:11 < moviuro> so I suppose compression came into play and achieved the huge previous speed diff
05:12 <@dazo> In addition to broadcast ... packets transported with TAP have Ethernet header with MAC addresses and other layer 2 stuff, which TUN don't need ... so the packets being encrypted, transferred and then decrypted are smaller with tun
05:13 <@dazo> compression can boost the experienced speed .... but will fool netperf and similar tools, as the data is often easily compressible
05:13 < moviuro> gotta run, dazo
05:13 < moviuro> see you later, perhaps
05:13 -!- moviuro [~tbe@mail2.xs-polesecurite.fr] has left #openvpn []
05:16 -!- kubanc [~kubanc@unaffiliated/kubanc] has quit [Ping timeout: 248 seconds]
05:59 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
06:23 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has quit [Ping timeout: 256 seconds]
06:25 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:25 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has joined #openvpn
06:29 -!- rbxs [~rbxs@92.63.171.51] has quit [Ping timeout: 264 seconds]
07:00 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
07:35 -!- moviuro [~tbe@mail2.xs-polesecurite.fr] has joined #openvpn
07:43 < moviuro> I'm trying to setup a fixed IP VPN, but so far, openvpn seems to ignore the files I gave it
07:43 < moviuro> (I'm looking if I typo-ed or whatever, still any other pointers are welcome)
07:55 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
07:56 < moviuro> hmmm, didn' typo anything, and the ssl cert's CN corresponds to the filename inside the client config dir
07:58 -!- Bruce_ [~bruce@2001:41d0:1:dd35::1] has left #openvpn ["WeeChat 1.0.1"]
08:05 < moviuro> oh no, the CN is 'hostname/name=pretty hostname'
08:05 < moviuro> this sucks
08:07 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
08:13 -!- AMERICAN_PSYCHO [~AMERICAN_@147.sub-70-196-5.myvzw.com] has quit [Quit: Goodbye!]
08:15 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has joined #openvpn
08:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:30 -!- crised [~crised@186.67.181.204] has joined #openvpn
08:30 < crised> hi, I had setup a debian VPS, I have downloaded OPenVPN client in android
08:30 < crised> I want to make  a VPN tunnel, between android device and this server
08:31 < crised> Any tutorial?
08:34 < crised>  First trying in my linux home box:    Thu Jul 16 10:34:35 2015 Initialization Sequence Completed
08:34 < crised>    
08:36 -!- speedytux [~speedytux@79.119.153.124] has joined #openvpn
08:36 < moviuro> could someone tell me what the filename for my client needs to be if I send you my .crt ?
08:37 < speedytux> !welcome
08:37 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:37 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:37 < speedytux> !howto
08:37 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
08:40 -!- speedytux [~speedytux@79.119.153.124] has quit [Quit: Konversation terminated!]
08:48 -!- EvilMachine [~evi1m4chi@xdsl-87-78-77-103.netcologne.de] has joined #openvpn
08:49 < EvilMachine> Hi, can someone help me with the MTU/mss/fragment settings? I find them horribly ambiguous and misleading, and can’t make sense of what does what.
08:51 < EvilMachine> I want openvpn, to always use the biggest available payload size, avoid any packets that are too big, and fragment if it can’t.
08:52 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
08:52 < EvilMachine> My DSL connection apparently loses packets > 1492 (according to ping, and i have set my network device mtu to that value
08:52 < EvilMachine> But I need it to work over 3G phone network links too.
08:52 < EvilMachine> Preferably without fragmenting everything in the worst possible way.
08:59 < crised> Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2
08:59 < crised>    
09:05 -!- EvilMachine [~evi1m4chi@xdsl-87-78-77-103.netcologne.de] has left #openvpn []
09:06 -!- EvilMachine [~evi1m4chi@xdsl-87-78-77-103.netcologne.de] has joined #openvpn
09:08 -!- AMERICAN_PSYCHO [~AMERICAN_@147.sub-70-196-5.myvzw.com] has joined #openvpn
09:08 -!- AMERICAN_PSYCHO [~AMERICAN_@147.sub-70-196-5.myvzw.com] has quit [Excess Flood]
09:15 < moviuro> crised: start over if you didn't already distribute certificates and stuff
09:16 < moviuro> crised: else, it should mean that your DB is broken
09:31 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
09:32 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
09:32 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 265 seconds]
09:32 -!- mparisi [~mparisi@72.20.27.67] has quit [Remote host closed the connection]
09:34 -!- cstk421 [~cstk421@50.153.109.45] has joined #openvpn
09:34 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:36 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:37 -!- mparisi [~mparisi@186.226.60.210] has joined #openvpn
09:38 < crised> moviuro: changed common name
09:38 < crised> Do android devices need proto tcp instead of udp?
09:39 < moviuro> I don't think so, crised
09:39 < moviuro> it should be able to do both
09:39 < EvilMachine> crised: I don’t think proto tcp even works.
09:39 < moviuro> it does on rooted android ;)
09:39 < EvilMachine> crised: I use proto udp and it works. Well, apart from the mtu options being a horrible mess due to ambiguous and lacking documentation.
09:40 -!- cstk421_ [~cstk421@50.153.110.180] has joined #openvpn
09:41 < EvilMachine> moviuro: That’s a given. There are those who think for themselves, root and use VPNs. And those who let others think for them and don’t need root. :)
09:41 < moviuro> I didn't have the opportunity to test on "standard" android ;)
09:42 -!- cstk421 [~cstk421@50.153.109.45] has quit [Ping timeout: 246 seconds]
09:43 < EvilMachine> moviuro: :)
09:44 < moviuro> I could abuse my GF's phone, though. Not sure she'll appreciate it
09:44 < DArqueBishop> If you mean OpenVPN Connect, then if it's anything like OpenVPN Connect for iOS, it'll accept udp.
09:44 -!- crised [~crised@186.67.181.204] has quit [Ping timeout: 255 seconds]
09:46 < moviuro> hm. I have no clue how to produce a .ovpn file x)
09:46 < moviuro> !.ovpn
09:47 < moviuro> !ovpn
09:47 <@vpnHelper> "ovpn" is (#1) OpenVPN GUI will load config files with a .ovpn extension when double-clicked. or (#2) this is the same config file format as the standard .conf, just renamed to allow Windows to associate it with the openvpn program
09:49 -!- cstk421_ [~cstk421@50.153.110.180] has quit [Read error: Connection reset by peer]
09:49 -!- crised [~crised@104.238.185.64] has joined #openvpn
09:50 -!- cstk421 [~cstk421@50.153.111.25] has joined #openvpn
09:55 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
09:56 -!- cstk421_ [~cstk421@50.153.109.21] has joined #openvpn
09:58 -!- cstk421_ [~cstk421@50.153.109.21] has quit [Remote host closed the connection]
09:59 -!- cstk421 [~cstk421@50.153.111.25] has quit [Ping timeout: 248 seconds]
10:09 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 264 seconds]
10:09 -!- moviuro [~tbe@mail2.xs-polesecurite.fr] has left #openvpn []
10:11 -!- EvilMachine [~evi1m4chi@xdsl-87-78-77-103.netcologne.de] has quit [Quit: EvilMachine]
10:13 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
10:17 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
10:19 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
10:25 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Quit: Goodbye!]
10:33 -!- Tagor [~Tagor@5ED0716D.cm-7-1b.dynamic.ziggo.nl] has joined #openvpn
10:34 < Tagor> what's the best port to run openvpn on when using openvpn on 3g/lte?
10:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
10:42 < DArqueBishop> Tagor, as a client or server?
10:43 < DArqueBishop> Either way, there shouldn't be an issue with the default 1194/udp.
10:43 < Tagor> DArqueBishop: both, I have trouble with the connection on 3g/lte. It works fine on wifi
10:50 -!- crised [~crised@104.238.185.64] has quit [Ping timeout: 244 seconds]
10:58 -!- crised [~crised@46.101.31.159] has joined #openvpn
11:06 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
11:13 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
11:14 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:16 < moviuro_> well, so here's my issue: I hace a client-config-dir that exists and that contains a file named "schizophrenia"; on the "schizophrenia" host, I have the following certificate http://ix.io/jLy . However, the server does not apply the good configuration (I don't get the fixed IP I whished for in the server's schizophrenia file)
11:16 < moviuro_> what went wrong?
11:34 < Eugene> Did the schizophrenia client connect prior to creating the ccd file?
11:34 < Eugene> If so, it's cached. Restart the openvpn daemon and try again.
11:34 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
11:35 < moviuro_> Eugene: yes, I stop/start/wipe the tun
11:35 < moviuro_> I'm in the process of setting everything up ATM
11:36 < Eugene> !configs
11:36 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:37 < moviuro_> http://ix.io/jLE client
11:37 < moviuro_> http://ix.io/jLC server
11:37 < moviuro_> http://ix.io/jLD ccd-dir/schizophrenia
11:38 < Eugene> Looks good.
11:38 < moviuro_> client is archlinux x86_64 with latest stable
11:38 < Eugene> !logs
11:38 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:38 < moviuro_> server is FreeBSD 10.1 amd64
11:39 < moviuro_> Thu Jul 16 18:35:23 2015 schizophrenia/10.20.0.107:34751 Could not access file '/usr/local/etc/openvpn/pophobe.new/ccd-dir/schizophrenia': Permission denied (errno=13)
11:39  * moviuro_ commits suicide
11:39 < Eugene> Tada
11:39 < Eugene> !next
11:39  * moviuro_ resurrects
11:39 < moviuro_> damn
11:39 < moviuro_> that was stoopid
11:39 < Eugene> Sometimes all it takes is a second pair of eyes
11:41 < moviuro_> okay, now next thing, IPv6
11:41 -!- crised [~crised@46.101.31.159] has quit [Read error: Connection reset by peer]
11:42 < moviuro_> have decided to use a /64 for my VPN hosts: does it sound like a good idea or should I do something broader?
11:42 < moviuro_> (e.g. 2001:0:0:7670::/64 is the subnet (?) containing all my VPN hosts
11:42 < moviuro_> is that good?
11:43 < Eugene> A /64 is the only size you should have for a given subnet. Typically you ask your provider for a /56 or /48 so that you can have multiple subnets(VPN links or otherwise), and then split it up into /64s for usage
11:44 < moviuro_> ok, so Hurricane Electric gave me a /48
11:44 < moviuro_> so /64 for my VPN hosts sounds good, right?
11:45 < Eugene> Yup.
11:45 < moviuro_> \o/
11:45 < Eugene> Are you a colo or tunnel broker customer?
11:45 < moviuro_> tunnelbroker.net customer
11:45 < Eugene> Gotcha
11:45 < moviuro_> OVH offers a tiny /64
11:45 < Eugene> Yup, they suck.
11:45 < moviuro_> but their setup sucks
11:45 < moviuro_> even my gateway is not in that /64
11:45 < Eugene> Also, I doubt you're under 2001:0:0.... HE is all 2001:470::/32 ;-)
11:46 < moviuro_> Eugene: yeah, that's it
11:46 < moviuro_> I just didn't have the numbers memerized
11:46 < Eugene> Give it a while, you will.
11:46 < moviuro_> Eugene: drill psycho.popho.be AAAA
11:46 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:46 < Eugene> Effort / should be doing dayjob
11:48 -!- crised [~crised@46.101.31.159] has joined #openvpn
11:55 -!- akamaru217 [~akamaru@2601:cd:4001:b705:140:d4bb:4603:8377] has quit [Read error: Connection reset by peer]
11:56 -!- akamaru217 [~akamaru@2601:cd:4001:b705:140:d4bb:4603:8377] has joined #openvpn
11:56 < moviuro_> Hey, with just the "push" option on the server, I could potentially reduce the client's config to a bare minimum, right?
11:57 < wallbroken> easyrsa 3 is still a release candidate?
11:57 < moviuro_> like, client\nproto udp\nport XYZ\nkeys,certificates and stuff
12:06 < crised> is proto tcp needed for android devices?
12:08 <@ecrist> wallbroken: yeah, I'll get off my ass and release it this week.
12:08 <@ecrist> pekster's been gun-shy it seems
12:09 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Ping timeout: 264 seconds]
12:10 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
12:15 <@dazo> crised: you should generally avoid tcp .... android should support both tcp and udp, but udp is in most cases far better
12:16 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 265 seconds]
12:17 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 264 seconds]
12:18 -!- swebb [~swebb@8.36.226.83] has quit [Ping timeout: 264 seconds]
12:18 < crised> dazo: makes sense
12:18 < crised> dazo: I just created ovpn file
12:19 < crised> How can I use this in an android phone??
12:19 -!- phantomcircuit [~phantomci@smartcontracts.us] has quit [Ping timeout: 252 seconds]
12:19 <@dazo> crised: with the "OpenVPN for Android" app ... I believe I used some import function .... or I actually mailed the ovpn file to myself and installed it from there
12:20 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 240 seconds]
12:20 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
12:21 -!- phantomcircuit [~phantomci@smartcontracts.us] has joined #openvpn
12:23 -!- crised [~crised@46.101.31.159] has quit [Ping timeout: 256 seconds]
12:24 -!- swebb [~swebb@8.36.226.83] has joined #openvpn
12:36 -!- crised [~crised@186.67.181.204] has joined #openvpn
12:44 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
12:44 -!- mode/#openvpn [+v s7r] by ChanServ
12:44 -!- crised [~crised@186.67.181.204] has quit [Ping timeout: 260 seconds]
12:45 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
12:48 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
12:55 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
12:59 -!- crised [~crised@186.67.181.204] has joined #openvpn
12:59 < crised> dazo: following debian wiki android vpn worked, I'm happy as hell
12:59 < crised> thanks
13:00 <@dazo> happy as hell .... well, that's also an expression .... ;-)   Good to hear it worked out!
13:07 < ghostboarder> hey guys, need some help here. Openvpn setup on a linksys e4200 w/tomato running at defaults. followed vpn provider's walkthrough for setting up. Results, cant get to websites, IRC mysteriously works, ping and traceroute broken
13:12 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
13:14 -!- crised [~crised@186.67.181.204] has quit [Ping timeout: 256 seconds]
13:15 -!- crised [~crised@186.67.181.204] has joined #openvpn
13:19 < crised> :-D
13:22 -!- crised [~crised@186.67.181.204] has quit [Remote host closed the connection]
13:39 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
13:40 < moviuro_> ok, I have the following client file. the client is the router of the 10.30.0.0/24 network. I get told: Thu Jul 16 20:37:08 2015 deadman-wonderland/156.18.26.78:42109 Options error: option 'route' cannot be used in this context (/usr/local/etc/openvpn/pophobe.new/ccd-dir/deadman-wonderland) http://ix.io/jLO
13:41 < moviuro_> what is the correct syntax?
13:41 <+esde> !route
13:41 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
13:42 < moviuro_> (the server's routing tables do not get the 10.30.0.0/24 subnet added if "deadman-wonderland connects)
13:42 < moviuro_> and this is the true issue
13:46 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
13:48 < moviuro_> ah, so it's not as smart as I thought it would
13:48 < moviuro_> I had hoped the subnet would be magically added/deleted from the routing tables if the client with LAN (dis)connects
13:51 -!- toli [~toli@ip-62-235-221-146.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:51 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Konversation terminated!]
13:52 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
13:52 -!- toli [~toli@ip-81-11-248-9.dsl.scarlet.be] has joined #openvpn
13:52 < moviuro_> OK, esde fixed it :)
13:52 < moviuro_> thanks
13:54 < moviuro_> !up
13:59 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Konversation terminated!]
13:59 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
14:17 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Konversation terminated!]
14:31 < ghostboarder> !clientlan
14:31 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see
14:31 <@vpnHelper> !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
14:31 < ghostboarder> !clientlan
14:31 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see
14:31 <@vpnHelper> !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
14:32 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
14:46 -!- apollo2k is now known as aPollO2k
15:00 -!- JackWinter_ [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
15:00 -!- Maxel [~Maxel@24-159-207-34.static.roch.mn.charter.com] has quit [Quit: Leaving]
15:01 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
15:05 < ghostboarder> !route
15:05 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
15:05 <@vpnHelper> client
15:06 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
15:08 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
15:09 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Max SendQ exceeded]
15:10 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
15:14 -!- aPollO2k is now known as apollo2k
15:15 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
15:20 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
15:21 < moviuro_> OK, my VPN is up and running and stuff is all right :D
15:21 < moviuro_> now, I'd like to generate a .ovpn file for my phone, how do I do this?
15:21 < ghostboarder> moviuro_: are you running it on a router?
15:22 < ghostboarder> wondering if i can learn anything from you ;)
15:22 < moviuro_> ghostboarder: don't do tap, read the docs
15:22 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
15:22 < moviuro_> if it fails, read the docs again
15:22 < ghostboarder> lol
15:22 < ghostboarder> ok where are the official docs?
15:22 < moviuro_> (I just finished setting everything up, and the docs are top notch)
15:22 < ghostboarder> i was just using info from my vpn provider
15:22 < moviuro_> !howto
15:22 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
15:22 < moviuro_> !tunortap
15:22 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
15:23 <@vpnHelper> rooted/jailbroken) support only tun
15:23 < moviuro_> !routing
15:23 < moviuro_> !route
15:23 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
15:23 <@vpnHelper> client
15:37 < ghostboarder> hmm
15:41 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
15:42 -!- dazo is now known as dazo_afk
15:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Client Quit]
15:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:48 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 248 seconds]
15:49 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
15:54 < moviuro_> ghostboarder: still alive?
15:59 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 244 seconds]
16:00 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
16:04 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 240 seconds]
16:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
16:05 -!- ghostboarder [~johngalt@151.236.14.155] has joined #openvpn
16:05 < ghostboarder> moviuro_: yep im here. think i just figured it out
16:05 < moviuro_> cool :)
16:06 < ghostboarder> accept dns config was set to 'disabled' as per vpn provider's instructions. set it to 'strict' and t3h workz!
16:07 < ghostboarder> tracert takes a nice long leisurely stroll around the world before resolving my isp's dns :P
16:08 < ghostboarder> hmm although i wouldnt call my connection 'blazing fast' as they put it
16:09 < ghostboarder> 1.5 down
16:09 -!- lfx [~lfx@self-aware.evilmachines.net] has joined #openvpn
16:10 < ghostboarder> ahh thats better. 13mbit
16:10 < moviuro_> http://www.speedtest.net/my-result/4510434491
16:10 <@vpnHelper> Title: Speedtest.net by Ookla - My Results (at www.speedtest.net)
16:11 < moviuro_> openvpn adds routes without a metric. This sounds terrible, because, well it breaks my clients when they are in an other client's LAN
16:12 < moviuro_> should I set it by hand?
16:12 < moviuro_> 10.30.0.0/24 via 10.21.0.1 dev tun0
16:12 < moviuro_> 10.30.0.0/24 dev enx00269eae61f9  proto kernel  scope link  src 10.30.0.10  metric 202
16:18 < ghostboarder> yeah i noticed that too. why so high though?
16:22 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
16:30 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Konversation terminated!]
16:39 -!- SineDeviance [~quassel@99-144-136-235.lightspeed.chrlnc.sbcglobal.net] has quit [Remote host closed the connection]
16:40 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 240 seconds]
16:41 -!- SineDeviance [~quassel@2602:306:3908:8eb0:808d:8ed9:2c6e:6e8] has joined #openvpn
16:43 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
16:44 -!- SineDeviance [~quassel@2602:306:3908:8eb0:808d:8ed9:2c6e:6e8] has quit [Remote host closed the connection]
16:45 -!- SineDeviance [~quassel@2602:306:3908:8eb0:31f1:5185:d678:fc9b] has joined #openvpn
16:47 -!- wowaname [h@love.wowana.me] has joined #openvpn
17:41 -!- Tagor [~Tagor@5ED0716D.cm-7-1b.dynamic.ziggo.nl] has quit []
17:45 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
17:46 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Quit: Goodbye!]
17:47 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has quit [Ping timeout: 256 seconds]
17:49 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
17:54 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
17:57 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
18:00 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:07 -!- varesa_ is now known as varesa
18:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
18:12 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 246 seconds]
18:15 -!- mete [~mete@91.247.253.160] has joined #openvpn
18:15 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:16 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Remote host closed the connection]
18:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:21 -!- abbe [having@badti.me] has quit [Ping timeout: 258 seconds]
18:22 -!- abbe [having@badti.me] has joined #openvpn
18:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
18:44 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:53 -!- eblip [~eb0t@unaffiliated/eblip] has quit [Ping timeout: 264 seconds]
19:03 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:37 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
19:41 -!- pav5088 [~markp@ppp118-208-144-29.lns20.bne7.internode.on.net] has joined #openvpn
19:44 < pav5088> Hi...  I'm after a web gui for OpenVPN which is capable of enabling/disabling the client end of a connection.  Unfortunately the dd-wrt version for my router is buggy for this functionality, so I could eg. set up a Raspberry Pi router running the required software bridged to my modem.
19:45 < pav5088> ie. I want the router to connect to remote server, and route all devices on my network through the VPN...  all controlled remotely (perhaps via the web).
19:45 < pav5088> (...or rather a web interface)
19:49 < pav5088> Any options you could suggest?
20:04 -!- oighto [~oighto@cpe-67-242-213-106.rochester.res.rr.com] has joined #openvpn
20:05 -!- eblip [~eb0t@unaffiliated/eblip] has joined #openvpn
20:07 < oighto> dd-wrt openvpn client seems to indicate that a need a enryption cipher however i do not have one uncommented in my /etc/openvpn/server.conf and i have already created my CA Cert, Public Key Cert, Private Key Cert, and have the openvpnn server running,, somewhat confused in regards to what to tell my dd-wrt client here as "none" is not an option?
20:12 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
20:12 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit [Client Quit]
20:16 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
20:19 < subzero79> oighto, you can specify the cipher at the server and the client, it has nothing to do with the certificates
20:19 < subzero79> at server "cipher AES-128-CBC" idem at client
20:22 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:24 -!- oighto [~oighto@cpe-67-242-213-106.rochester.res.rr.com] has quit [Ping timeout: 248 seconds]
20:32 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
20:33 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:33 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Client Quit]
20:36 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
20:40 -!- AMERICAN_PSYCHO [~AMERICAN_@66.sub-70-196-1.myvzw.com] has joined #openvpn
20:45 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
20:58 -!- Asara [~Asara@unaffiliated/asara] has joined #openvpn
20:58 < Asara> hey guys, i am trying to set up a freebsd server with an openvpn client
20:58 < Asara> I have a slightly silly question
20:59 < Asara> i'm watching the /var/log/messages
20:59 < Asara> and a route gets added
20:59 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
20:59 < Asara> once the vpn connection is made.  I need to do route-noexec because I want to only forward stuff from a single jail to the vpn
21:00 < Asara> my question is, when the route gets added, it seems like the remote address is used
21:00 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
21:00 < Asara> example: /sbin/route add -net 209.95.50.106 192.168.1.1 255.255.255.255
21:00 < Asara> how the actual hell do i find out what that remote address is
21:00 < Asara> in a route-up script...
21:07 < whfsdude> Does anyone know if "redirect-gateway" in IPv6 sets up a local static route to the openvpn server?
21:08 < whfsdude> Having an issue where using IPv6 transport and redirecting all/pushing a default route for v6.
21:20 < whfsdude> looks like it might not be fixed :( https://github.com/OpenVPN/openvpn/blob/60fd44e501f2002459a49c6c9bc64370ea26ca87/src/openvpn/route.c#L679
21:20 <@vpnHelper> Title: openvpn/route.c at 60fd44e501f2002459a49c6c9bc64370ea26ca87 · OpenVPN/openvpn · GitHub (at github.com)
21:22 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:23 -!- Asara [~Asara@unaffiliated/asara] has left #openvpn []
21:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:34 -!- supergauntlet is now known as boypussy
22:41 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
22:44 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:51 -!- ghostboarder [~johngalt@151.236.14.155] has quit [Read error: Connection reset by peer]
22:52 -!- ghostboarder [~johngalt@151.236.14.155] has joined #openvpn
22:52 -!- ghostboarder [~johngalt@151.236.14.155] has quit [Read error: Connection reset by peer]
22:52 -!- ghostboarder [~johngalt@151.236.14.155] has joined #openvpn
23:04 -!- anoopcs9 [~anoopcs9@103.16.70.143] has joined #openvpn
23:06 -!- anoopcs [anoopcs@gateway/shell/firrre/x-xrhbuheozncfangk] has joined #openvpn
23:08 -!- anoopcs9 [~anoopcs9@103.16.70.143] has left #openvpn ["undefined"]
23:20 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
23:23 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:27 -!- AMERICAN_PSYCHO [~AMERICAN_@66.sub-70-196-1.myvzw.com] has quit [Quit: Goodbye!]
23:37 -!- ShadniX [dagger@p57941453.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:38 -!- ShadniX_ [dagger@p579417BD.dip0.t-ipconnect.de] has joined #openvpn
23:38 -!- ShadniX_ is now known as ShadniX
23:59 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
--- Day changed Fri Jul 17 2015
00:00 -!- anoopcs [anoopcs@gateway/shell/firrre/x-xrhbuheozncfangk] has left #openvpn ["Leaving now . . ."]
00:00 < Tykling> hello guys, I had a firewall die on me yesterday and replaced it with another, copied the openvpn config from the "other end" of the site-to-site tunnel that was running, changed the config appropriately, and installed openvpn again on the new firewall
00:02 < Tykling> openvpn in my end of the tunnel says "initialization sequence completed" but the other end doesn't get further than "UDPv4 link remote: ..."
00:02 < Tykling> what could be the reason that the other end (where no changed have been made to configs or firewalls at all) never gets as far as "Peer Connection Initiated with ..."?
00:03 < Tykling> thanks!
00:23 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 252 seconds]
00:23 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Ping timeout: 252 seconds]
00:23 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-vtkodonzomwlohvq] has quit [Ping timeout: 252 seconds]
00:23 -!- K1rk [~Kirk@5.135.221.149] has quit [Ping timeout: 252 seconds]
00:23 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 252 seconds]
00:23 -!- swebb [~swebb@8.36.226.83] has quit [Ping timeout: 252 seconds]
00:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
00:23 -!- Anoniem4l_ [~Anoniem4l@unaffiliated/anoniem4l] has joined #openvpn
00:23 -!- fling [~fling@fsf/member/fling] has joined #openvpn
00:27 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-zhsnowzosnostzdz] has joined #openvpn
00:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:29 -!- mode/#openvpn [+o mattock1] by ChanServ
00:35 -!- swebb [~swebb@8.36.226.83] has joined #openvpn
00:48 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
00:48 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
00:48 -!- mode/#openvpn [+v s7r] by ChanServ
01:14 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:18 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
01:23 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
01:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
01:29 -!- AMERICAN_PSYCHO [~AMERICAN_@66.sub-70-196-1.myvzw.com] has joined #openvpn
01:33 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:42 -!- apollo2k is now known as aPollO2k
01:50 -!- mbay_ [~mbay@87.230.111.19] has joined #openvpn
02:06 < mbay_> hi, i have a problem with a fresh install of win2k12 r2 (kvm) and openvpn. once the machine is installed, VPN is working fine, once i did a reboot, vpn is no longer working. (timeout everytime) config: http://pastebin.com/aAQQTtqH log server: http://pastebin.com/m4iYghUx - also ive the problem, that the openvpn process will hang up if i stop the service. i have to reboot then
02:09 < mbay_> any ideas? thanks
02:27 -!- kubanc [~kubanc@unaffiliated/kubanc] has joined #openvpn
02:32 < kubanc> Hello. I always get disconnected when I connect to VPn server. I am getting "restart pause, 5 second(s)" text in log file. Is this perhaps because of this warning? http://paste.ubuntu.com/11891641/
02:32 -!- aPollO2k is now known as apollo2k
02:34 -!- ghostboarder [~johngalt@151.236.14.155] has quit [Ping timeout: 244 seconds]
02:41 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Read error: Connection reset by peer]
02:44 -!- apollo2k is now known as aPollO2k
02:46 < mbay_> maybe the connection breaks if the internet connection of the client has high load, but this is only a supposition, maybe it has smt. to do with the MTU?
02:47 < mbay_> another discovery is: on the client side i dont have a timeout, only on the server side
02:47 < mbay_> every 3 or 4 minutes
02:48 < mbay_> a second tunnel on the server is working fine.
02:52 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
03:14 -!- dazo_afk is now known as dazo
03:14 -!- moviuro [~tbe@mail2.xs-polesecurite.fr] has joined #openvpn
03:14 < moviuro> !dns
03:14 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
03:14 < moviuro> !pushdns
03:14 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
03:14 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
03:17 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Max SendQ exceeded]
03:17 < moviuro> !reload
03:17 <@vpnHelper> Error: You don't have the owner capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
03:17 < moviuro> !restart
03:18 < moviuro> I have an openvpn daemon up and running somewhere: can I have it reload its configuration? (namely if I add the push dns option)
03:18 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
03:20 -!- aPollO2k is now known as apollo2k
03:23 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:25 -!- kubanc [~kubanc@unaffiliated/kubanc] has quit [Read error: Connection reset by peer]
03:30 -!- akamaru217 [~akamaru@2601:cd:4001:b705:140:d4bb:4603:8377] has quit [Read error: Connection timed out]
03:32 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b876:305b:3c5e:f25a] has joined #openvpn
03:36 -!- apollo2k is now known as aPollO2k
03:47 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has quit [Quit: ZNC - http://znc.in]
03:59 < moviuro> !mobile
04:00 < moviuro> Which application would you recommend on Android? ATM, I have OpenVPN connect and "OpenVPN for android" (the second is much nicer thatn Connect, integrates better with Lollipop, etc.)
04:01 < BtbN> The official one.
04:06 < moviuro> BtbN: the official one being "Connect", I assume?
04:06 < moviuro> !ovpnuke
04:06 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
04:14 <@dazo> moviuro: OpenVPN for Android is "proper" open source .... plai in this channel is the developer of it
04:15 <@dazo> moviuro: OpenVPN Connect is closed source at the moment, but is the official app from OpenVPN Technologies, which open sourced the openvpn core in the very beginning
04:16 < moviuro> okay, and it's also the only one supporting AS, AFAICT?
04:16 <@dazo> I personally avoid using closed source software
04:17 <@dazo> I believe you can use any OpenVPN version against AS servers .... but OpenVPN AS server is based on the open sourced openvpn core + a web based management tool which is closed source
04:17 < moviuro> yeah, well for this kind of stuff, I bet OpenVPN technologies wouldn't jeopardize their entire business if they did some strange things with their app
04:17 -!- AWeSomeAo [~bock@p4FFB1C67.dip0.t-ipconnect.de] has joined #openvpn
04:17 <@dazo> nah ... I know James Yonan (the guy who started it all) wants to open up the Connect app .... but it just takes a lot of time before they get that far
04:19 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
04:19 < moviuro> what's really too bad IMO is that openvpn didn't get integrated in Android
04:19 <@dazo> but having a business based upon F/OSS is very different and requires a different model .... and I have a feeling OpenVPN Tech struggles to that balance right .... but I don't blame them, it is hard to get that right
04:19 -!- adac [~adac@chello080109174123.tirol.surfer.at] has joined #openvpn
04:20 < moviuro> dazo: I must confess I don't know much of F/OSS business models
04:20 < adac> Guys, I can connect to more then one openvpn servers from the same client, right?
04:20 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
04:20 < moviuro> adac: sure
04:20 <@dazo> Why should it be integrated?  Android provides an API especially designed for VPNs, which OpenVPN Connect and OpenVPN for Android makes use of
04:20 < moviuro> ah, dazo, I was thinking about the Settings>VPN>New thing.
04:20 <@dazo> adac: I quite often have 2-4 OpenVPN connections opened at the same tmie
04:21 < moviuro> it's good if these apps use Android's API ^_^
04:22 <@dazo> It has to, otherwise you need a rooted Android device
04:22 < moviuro> but damn, I forgot to add the IPv6 DNS server option to my Ovpn server
04:22 < moviuro> so my phone still uses IPv4
04:22 <@dazo> I used IPv4 DNS ... but have IPv6 connectivity
04:23 <@dazo> (unless something have changed lately ... it's a while since last time I had to use it)
04:23 < moviuro> (my laptops have their own DNS recursor and don't use the ones provided by the DHCP server/whatever)
04:23 < moviuro> dazo: ipv6.icanhazip.com to check
04:23 < moviuro> or just icanhazip.com
04:25 <@dazo> The DHCP DNS option just tells the device which DNS server to go to for resolving IPs ... the DNS server can provide both A and AAAA records, regardless of IPv4 or IPv6 transport between client and DNS server
04:25 -!- mbay_ [~mbay@87.230.111.19] has quit []
04:30 <@dazo> moviuro: seems Android is not capable of setting IPv6 default gateway now ... It gets the proper PUSH_REPLY from server, using IPv4 DNS ... it resolves both IPv4 and IPv6 IP addresses (checked with google.com) ... but ping6 returns "network not available" and the default IPv6 gw is missing
04:30 <@dazo> plai: ^^^ I guess you'
04:30 <@dazo> plai: ^^^ I guess you're aware of this+
04:30 <@dazo> ?
04:31 < moviuro> dazo: actually, I'm not even sure I pushed the DNS setting altogether
04:32 <@dazo> moviuro: if it's a public site, it will still resolve both A and AAAA records
04:32 <@dazo> moviuro: but look at the Android OpenVPN log ... look for the "DNS Server" line
04:32 < moviuro> weird, because right now on my phone, I can't go to ipv6.icanhazip.com
04:33 <@dazo> that's because ipv6.icanhazip.com is an IPv6 only address
04:33 <@dazo> if the Android OpenVPN client haven't managed to configure a proper route ... it fails
04:34 < moviuro> DNS Server:, Domain: null
04:34 < moviuro> ooops
04:34 <@dazo> And I do know that plai have been swearing and cursing at Android for the ugliness of route setups via the the VPN API .... it is not anything like on normal Linux boxes
04:35 < moviuro> that's sad
04:35 < moviuro> "ip ro" in a terminal emulator doesn't show a default route
04:35 <@dazo> you need 'ip -6 r s'
04:35 <@dazo> (-6 is the key option)
04:36 < moviuro> nope, nothing
04:36 <@dazo> well ... I do understand it, from a security perspective .... on Linux OpenVPN needs to start with root privileges .... on Android, OpenVPN runs completely without privileges, and the API takes care of setting up the routes on behalf of the app
04:37 < moviuro> also, can I have the openvpn server runs as unpriviledged?
04:37 <@dazo> if you root your device
04:37 <@dazo> it did set a few IPv6 routes in my case, but only to my own IPv6 nets
04:38 < moviuro> errr, I meant in a completely different context. Can an openvpn server run unprivileged if it has to take care of client's LANs too? (e.g. adding 10.30.0.0/24 via 10.21.0.20)
04:38 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:40 <@dazo> I doubt so ... as it also needs privileges to configure the tun device
04:41 <@dazo> But using a VPN tunnel without IP addresses on the tunnel itself (using device routing instead of IP address routing) and creating the tun adapter (using persistent mode) it should be possible to start OpenVPN unprivileged
04:41 < moviuro> hmmm... I'll try that, then
04:42 < moviuro> I'll just see if it all breaks down to hell or not
04:42 <@dazo> openvpn --mktun is helpful in this context .... but tunctl is needed to set the right privileges on the tun device
04:42 <@dazo> but I'm not sure how well it will work
04:43 < moviuro> perhaps I'll try to put openvpn in a virtual machine
04:43 <@dazo> that's more likely to be easier
04:43 < moviuro> meh, port redirection, tun access and stuff... sounds horrid
04:43 < moviuro> I'll see how well it goes
04:46 < moviuro> https://forums.freebsd.org/threads/openvpn-server-in-jail-using-a-tun-device.22143/
04:46 < moviuro> sounds like it
05:02 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
05:02 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
05:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
05:06 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
05:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:58 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:20 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
06:25 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 244 seconds]
06:33 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:36 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:53 -!- Jutoms [~me@203.128.242.91] has joined #openvpn
07:07 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 248 seconds]
07:12 -!- Jutoms [~me@203.128.242.91] has quit [Ping timeout: 252 seconds]
07:14 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:15 -!- mode/#openvpn [+o mattock1] by ChanServ
07:26 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Max SendQ exceeded]
07:28 -!- mutsx [~mutsx@546B8949.cm-12-4c.dynamic.ziggo.nl] has joined #openvpn
07:28 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
07:28 < mutsx> how do I get the ca.crt, key.crt and cert.crt files? ;/
07:30 -!- mutsx [~mutsx@546B8949.cm-12-4c.dynamic.ziggo.nl] has left #openvpn ["WeeChat 1.2"]
07:39 < adac> What is the easiest way to set a static IP to a client guys?
07:40 < moviuro> adac: client-config-dir
07:40 < adac> moviuro, thanks for the hint!
07:41 < moviuro> yw
07:42 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:45 < moviuro> adac: it's a one-liner in a file named after your client, basically
07:45 < adac> moviuro, could it be that  OpenVPN 2.3.7 does not yet offer that? I know its an old version but I'm currently somehow bound to that
07:45 <@ecrist> umm
07:45 <@ecrist> 2.3.7 was just released.
07:46 < moviuro> 2.3.7 is the latest release, according to topic
07:46 < adac> oh right true. I read the wrong line:
07:46 <@ecrist> and the option was offered all the way back in 2.0.1
07:46 < adac> OpenVPN 2.3.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun  9 2015
07:46 < adac> library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
07:46 < adac> i read the second line version :D
07:46 <@ecrist> you should probably compile against a newer version of openssl, though.
07:47 < adac> ecrist, yeah, soon we will do an upgrade of all our machines.
07:48 < adac>  client-config-dir is a binary, right? I cannot find it on my machine
07:48 <@ecrist> !man
07:48 <@ecrist> !ccd
07:48 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
07:48 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
07:48 < adac> ah yeah so I probably can set this also in the server.conf
07:48 < adac> thanks guys!
07:50 < moviuro> no adac, you can't set it up in server.conf without doing some scripting in it. ccd looks like the easiest solution
07:50 <@ecrist> !static
07:50 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
07:50 < moviuro> (if you run RHEL, I take it you're in a corporate env, which means that you want to KISS)
07:51 < adac> alright then! Yeah I'm on centos 6.6
07:53 -!- Anoniem4l_ is now known as Anoniem4l
07:54 < moviuro> !wins
07:54 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba
--- Log opened Fri Jul 17 08:43:54 2015
08:43 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
08:43 -!- Irssi: #openvpn: Total of 205 nicks [6 ops, 0 halfops, 4 voices, 195 normal]
08:43 -!- Irssi: Join to #openvpn was synced in 0 secs
08:43 -!- mode/#openvpn [+o ecrist] by ChanServ
08:46 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
08:47 -!- soLucien [~Lu@5.57.50.64] has quit [Ping timeout: 244 seconds]
08:59 < moviuro> does PXE boot work over VPN?
09:09 <@ecrist> yuck
09:09 <@ecrist> yes, but you  need to use a bridged VPN
09:10 < moviuro> ecrist: really? oh, I thought it would be enough to have the local DHCP push the "next-server" and then 'tada'
09:10 < moviuro> hm, that's sad :'(
09:13 <@ecrist> You could do that, I suppose.  I haven't tried it.
09:37 <@dazo> depends on what you pass over the tunnel
09:37 < moviuro> dazo: it's routed tun, as *suggested* yesterday ;)
09:37 <@dazo> if you have a local DHCP which points to a tftp server on the other side of the tunnel ... it should work with routed
09:38 <@dazo> tftp should be plain 69/udp packets
09:41 <@dazo> moviuro: install a local tftp client and try to connect to your tftp server over the VPN and see what happens .... that should really work
09:44 < moviuro> dazo: I'll try that
10:18 -!- eblip [~eb0t@unaffiliated/eblip] has quit [Ping timeout: 256 seconds]
10:22 -!- aPollO2k is now known as apollo2k
10:37 < adac> In the ccd directory, what needs to be the filename for a certain client? The common name in the certificate?
10:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:40 <@ecrist> yes
10:45 < moviuro> adac: make sure that if your server drops privileges, those files stay readable ;)
10:45 < moviuro> (I had a "permission denied" issue just yesterday when doing this)
10:49 < adac> ecrist, moviuro thanks!
11:19 < moviuro> ecrist: so, is it working ? :)
11:23 -!- hydralisk [~hydra@unaffiliated/hydralisk] has joined #openvpn
11:30 -!- moviuro [~tbe@mail2.xs-polesecurite.fr] has left #openvpn []
11:43 -!- crised [~crised@186.67.181.204] has quit [Quit: Leaving.]
12:01 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:01 -!- Volsus [~mata@2601:1c1:c100:ac22:4075:2f41:c13c:bc4c] has joined #openvpn
12:04 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:08 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
12:13 -!- Denial- [~Denial@81.141.9.110] has quit [Ping timeout: 246 seconds]
12:14 < moviuro_> !pushdns
12:15 -!- Denial- [~Denial@host86-134-56-17.range86-134.btcentralplus.com] has joined #openvpn
12:15 < moviuro_> push "dhcp-option DNS my.dns.serv.addr" ?
12:22 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
12:29 <@ecrist> moviuro_: is what working?
12:30 < moviuro_> ecrist: no idea, I'm asking :)
12:30 < moviuro_> what you were setting up
12:39 <+s7r> I see by default openvpn will still use Blowfish with RSA DH and SHA1. can i switch to ecdh and ecc crypto?
12:39 <+s7r> instead of rsa?
12:40 <+s7r> !ecc
12:40 <+s7r> !ecdh
12:40 < moviuro_> s7r: the bot is broken
12:42 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:46 <@dazo> adac: also beware that the ccd directory is relative to any --chroot
12:46 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
12:52 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
12:58 < moviuro_> \o/ got a fully functionnal IPv6 & 4 VPN connection on my phone!
12:58 < moviuro_> round-trip min/avg/max/stddev = 45.691/470.458/2149.633/616.203 ms
12:59 < moviuro_> IPv6: round-trip min/avg/max/std-dev = 86.659/2399.591/8146.834/2783.993 ms
13:09 < Volsus> cool
13:14 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:15 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
13:24 -!- boypussy [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
13:24 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
14:04 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
14:16 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
14:18 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:21 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:23 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Read error: Connection reset by peer]
14:24 < moviuro_> can I use easy-rsa to generate certificates and stuff for my websites?
14:34 < Eugene> You could. You'll be better off using a commercial CA, from a usability perspective
14:34 < Eugene> In that your users will actually trust the resultant certs
14:36 < moviuro_> Eugene: it's for my personnal use
14:37 < Eugene> In that case, go for it
14:37 < moviuro_> Eugene: however, I'm having troubles with chrome....
14:37 < moviuro_> that's for an other topic, but let's go for it :)
14:42 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
14:48 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
14:50 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has joined #openvpn
14:51 < monsterco> If I remove a cable on my router (to break the openvpn connection) how long should it take to come back online? I mean at what point does the handshake happen again? Because OpenVPN probably doesn't know WAN is disconnected
15:04 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
15:13 -!- adac [~adac@chello080109174123.tirol.surfer.at] has quit [Ping timeout: 244 seconds]
15:22 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
15:23 < moviuro_> monsterco: there is an option IIRC
15:24 < moviuro_> monsterco: --ping
15:25 < monsterco> moviuro - what is the default time? I haven't set any
15:33 < moviuro_> monsterco: no idea
15:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
15:39 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has joined #openvpn
15:56 -!- Volsus [~mata@2601:1c1:c100:ac22:4075:2f41:c13c:bc4c] has quit [Ping timeout: 248 seconds]
16:01 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
16:49 -!- Codmadnesspro [~Codmadnes@codmadnesspro.com] has joined #openvpn
16:50 < Codmadnesspro> Is there a way I can do like a dual connect openvpn such as this format, home pc > first vps openvpn server > final vps openvpn server > destination?
16:58 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has quit [Remote host closed the connection]
16:58 < moviuro_> Codmadnesspro: why not? :)
16:58 < moviuro_> the joys of routing ;)
16:58 < Codmadnesspro> moviuro_, I can't find a way to do it though
16:59 < Codmadnesspro> Sort of like tor if you know what I mean.
16:59 < moviuro_> meh, have your client: "route DESTINATION/32 INTERMEDIATESERVER"
16:59 < moviuro_> tadam, boom
16:59 < moviuro_> done
17:02 < Codmadnesspro> boom, bam bap, bada ba boom pow
17:02 < moviuro_> Codmadnesspro: is it ok, then? :v)
17:02 < Codmadnesspro> no ive given up now :)
17:03 < moviuro_> Codmadnesspro: nah, you can do it
17:03 < moviuro_> it's totally possible
17:06 < Codmadnesspro> moviuro_, would I input that onto the server machine or the client?
17:07 < Codmadnesspro> wait no, if you mean client then how would it work like the way i said
17:08 < Codmadnesspro> Basically I want my pc to go though one vps then using that ip connect to the last vps to then the destination
17:09 < Codmadnesspro> I want to do that so it leaves no traces of my ip on the last vps
17:21 < moviuro_> Codmadnesspro: then you need to setup your CLIENT with redirect-gateway def1 (or at least the "route DESTINATION/32 INTERMEDIATE")
17:21 < moviuro_> and then use NAT on the INTERMEDIATE to forward to the next VPS which should then too NAT to your destination
17:22 < moviuro_> you 10.0.0.1 ---> 10.0.0.2 intermediate 10.1.0.1 ---> 10.1.0.2 serv 1.2.3.4 ---> out
17:37 -!- Farshid [Farshid@gateway/shell/elitebnc/x-pvxmnnqapaigosyt] has joined #openvpn
17:38 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:48 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
18:07 -!- Magiobiwan [IRC@unaffiliated/magiobiwan] has quit [Quit: ZOMBIES!]
18:12 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Ping timeout: 260 seconds]
18:16 -!- Farshid is now known as Farshid|Away
18:20 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has joined #openvpn
18:24 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:33 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
18:52 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
18:57 -!- Haseo [~Haseo@aufrinfo.net] has quit [Remote host closed the connection]
18:59 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
19:25 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
19:49 -!- dazo is now known as dazo_afk
20:05 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
20:06 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
20:14 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
20:57 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has joined #openvpn
21:15 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
21:22 -!- Chatterbox- [~Chatterbo@108.61.159.157] has joined #openvpn
21:29 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has joined #openvpn
21:36 -!- mumixam [~m@unaffiliated/mumixam] has quit [Quit: mumixam]
21:36 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
21:47 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:48 -!- coyo [~unf@unaffiliated/bandu] has joined #openvpn
22:02 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
22:27 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Quit: reboot]
22:29 < c0deweaver> I could use some help. I believe my server is setup correctly but I can't figure out what files I need and what ones need generated to add a user for the client.
22:43 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
22:44 -!- coyo [~unf@unaffiliated/bandu] has quit [Ping timeout: 255 seconds]
23:16 -!- Volsus [~mata@2601:1c1:c100:ac22:4075:2f41:c13c:bc4c] has joined #openvpn
23:20 -!- [666] [~666@pdpc/supporter/active/busdrivertom] has joined #openvpn
23:27 -!- [666] [~666@pdpc/supporter/active/busdrivertom] has quit [Ping timeout: 244 seconds]
23:38 -!- ShadniX [dagger@p579417BD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:38 -!- ShadniX_ [dagger@p5DDFD409.dip0.t-ipconnect.de] has joined #openvpn
23:38 -!- ShadniX_ is now known as ShadniX
23:45 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Ping timeout: 246 seconds]
--- Day changed Sat Jul 18 2015
00:38 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
01:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:13 -!- mode/#openvpn [+o mattock1] by ChanServ
01:49 -!- toli [~toli@ip-81-11-248-9.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
01:52 -!- toli [~toli@ip-81-11-248-9.dsl.scarlet.be] has joined #openvpn
01:58 -!- shio [marmottin@8.121.101.84.rev.sfr.net] has quit [Ping timeout: 246 seconds]
02:20 -!- Epakai [~coweater@pool-71-96-122-126.dfw.dsl-w.verizon.net] has quit [Quit: Epakai]
02:40 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
02:43 -!- shio [shio@8.121.101.84.rev.sfr.net] has joined #openvpn
02:43 -!- Volsus [~mata@2601:1c1:c100:ac22:4075:2f41:c13c:bc4c] has quit [Quit: Leaving]
02:54 -!- Chatterbox- [~Chatterbo@108.61.159.157] has quit [Read error: Connection reset by peer]
02:56 -!- Farshid|Away is now known as Farshid
03:07 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:34 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
03:47 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:59 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:38 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
04:48 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
04:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:04 -!- Envil [~envil@f055075119.adsl.alicedsl.de] has joined #openvpn
05:14 < moviuro_> Codmadnesspro: so, did you try what I told you?
05:31 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
05:35 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
05:36 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:40 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:59 -!- Farshid is now known as Farshid|Away
06:03 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
06:20 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Konversation terminated!]
06:32 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:36 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:36 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 248 seconds]
06:36 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has quit [Quit: Conversation terminated!]
06:37 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
06:40 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:41 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
06:45 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
06:46 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:47 -!- Denial- [~Denial@host86-134-56-17.range86-134.btcentralplus.com] has quit []
06:50 -!- Denial [~Denial@host86-134-56-17.range86-134.btcentralplus.com] has joined #openvpn
06:51 -!- rich0__ is now known as rich0
06:58 -!- Denial- [~Denial@213.205.252.55] has joined #openvpn
06:59 -!- Denial [~Denial@host86-134-56-17.range86-134.btcentralplus.com] has quit [Ping timeout: 250 seconds]
07:20 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
07:21 -!- Denial [~Denial@213.205.252.55] has joined #openvpn
07:22 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 246 seconds]
07:23 -!- Denial- [~Denial@213.205.252.55] has quit [Ping timeout: 256 seconds]
07:23 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
07:34 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:47 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 248 seconds]
07:53 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
08:21 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:40 -!- Denial [~Denial@213.205.252.55] has quit [Ping timeout: 264 seconds]
08:41 -!- Denial [~Denial@81.141.5.123] has joined #openvpn
08:45 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
08:48 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
08:49 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 240 seconds]
08:49 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 240 seconds]
09:23 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:37 -!- Farshid|Away is now known as Farshid
09:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
10:12 -!- rich0__ is now known as rich0
10:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
11:16 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has joined #openvpn
11:17 -!- Farshid is now known as Farshid|Away
11:24 -!- HardWall [~HardWall@188.24.41.41] has joined #openvpn
11:28 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
11:29 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
11:30 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:54 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
12:31 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
12:37 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has joined #openvpn
12:43 -!- pk12 [~pk12@pool-72-83-187-203.washdc.fios.verizon.net] has joined #openvpn
12:46 -!- pk12 [~pk12@pool-72-83-187-203.washdc.fios.verizon.net] has quit [Client Quit]
12:46 -!- Farshid|Away is now known as Farshid
13:01 -!- HardWall [~HardWall@188.24.41.41] has quit [Read error: Connection reset by peer]
13:22 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
13:23 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
13:26 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:55 -!- Farshid is now known as Farshid|Away
14:07 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
14:28 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
14:32 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has joined #openvpn
14:33 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
14:36 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
15:01 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
15:39 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
15:40 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
15:41 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
15:41 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
15:44 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
15:45 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
15:53 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
16:00 -!- monsterco [~monsterco@PCNGON6232W-LP140-05-1279545196.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
16:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
16:04 -!- mode/#openvpn [+o mattock1] by ChanServ
16:31 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:43 -!- tekk [~me@185.17.149.149] has joined #openvpn
16:49 -!- HardWall [~HardWall@188.24.41.41] has joined #openvpn
17:18 -!- Envil [~envil@f055075119.adsl.alicedsl.de] has quit [Remote host closed the connection]
17:20 -!- RealityVoid [~HardWall@188.24.108.51] has joined #openvpn
17:23 -!- HardWall [~HardWall@188.24.41.41] has quit [Ping timeout: 244 seconds]
17:24 -!- RealityVoid [~HardWall@188.24.108.51] has quit [Client Quit]
17:25 -!- HardWall [~HardWall@188.24.108.51] has joined #openvpn
18:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
18:20 -!- HardWall [~HardWall@188.24.108.51] has quit [Read error: Connection reset by peer]
18:20 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:42 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
18:42 < moviuro_> Hi all, the metrics I get on my routes sound off
18:42 < moviuro_> http://ix.io/jOG
18:43 < moviuro_> !metric
19:07 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Ping timeout: 246 seconds]
19:14 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b876:305b:3c5e:f25a] has quit [Quit: Leaving]
19:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:20 -!- akamaru217 [~akamaru@2601:cd:4001:b705:cd3d:31a9:16e2:2a0c] has joined #openvpn
19:25 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
19:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:41 -!- toli [~toli@ip-81-11-248-9.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
19:43 -!- toli [~toli@ip-81-11-248-9.dsl.scarlet.be] has joined #openvpn
20:17 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Read error: Connection reset by peer]
20:17 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
21:14 < pppingme> which android client should I be using?  If I'm understanding, the one distributed by openvpn is only for AS?  so I should be using the one from Arne Schwabe?  or am I mis-understanding?
21:19 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
21:19 < bluenemo> Hi guys. I'm using easy-rsa and cant get rid of   routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:537  when running ./pkitool --server foo.example.com   I've googled for an hour and tried to edit stuff that seemed related in the openvpn.cnf and edited the vars file, nothin works so far :( Here the output of `env`, the ./pkitool debug output and my openssl.cnf: http://paste.debian.net/hidden/46609e73/
21:25 < mystica555> pppingme: im fairly sure the one distributed by openvpn should be fine with the community server
21:29 -!- leo2007 [~leo2007@128.199.230.246] has quit [Quit: happy hacking]
21:32 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 252 seconds]
21:34 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 246 seconds]
21:35 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
21:45 < pppingme> ok, will try..
21:49 -!- bluenemo_ [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
22:17 -!- bluenemo_ [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
22:21 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
22:24 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 246 seconds]
22:30 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Remote host closed the connection]
22:33 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
22:45 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Remote host closed the connection]
22:51 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Quit: leaving]
22:55 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
23:33 -!- shio [shio@8.121.101.84.rev.sfr.net] has quit [Ping timeout: 260 seconds]
23:35 -!- ShadniX [dagger@p5DDFD409.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:37 -!- ShadniX [dagger@p5DDFCF6D.dip0.t-ipconnect.de] has joined #openvpn
23:47 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
--- Day changed Sun Jul 19 2015
00:21 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:35 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Ping timeout: 260 seconds]
00:36 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
00:53 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:07 -!- swebb [~swebb@8.36.226.83] has quit [Excess Flood]
01:10 -!- swebb [~swebb@8.36.226.83] has joined #openvpn
01:10 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
01:44 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 240 seconds]
01:46 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:52 -!- wowaname [h@love.wowana.me] has joined #openvpn
01:56 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 240 seconds]
02:03 -!- wowaname [h@love.wowana.me] has joined #openvpn
02:03 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
02:10 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 240 seconds]
02:13 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has joined #openvpn
02:13 -!- shivanshu [~shivanshu@unaffiliated/shivanshu] has left #openvpn []
02:16 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
02:20 -!- wowaname [h@love.wowana.me] has joined #openvpn
02:24 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
02:25 < moviuro_> Hi all! My routes' metrics seem off, making it impossible to connect over ssh IPv6: http://ix.io/jOG
02:42 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
02:59 -!- Farshid|Away is now known as Farshid
03:13 -!- Farshid is now known as Farshid|Away
03:17 -!- HardWall [~HardWall@188.24.108.51] has joined #openvpn
03:23 -!- HardWall [~HardWall@188.24.108.51] has quit [Read error: Connection reset by peer]
03:30 -!- Farshid|Away is now known as Farshid
03:33 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
03:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:46 -!- mode/#openvpn [+o mattock1] by ChanServ
03:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
03:48 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Remote host closed the connection]
03:49 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
04:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:17 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:18 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
04:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:39 -!- krphop [~krphop@watch.out.the.feds.are.rightbehind.us] has quit [Ping timeout: 244 seconds]
04:46 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
05:11 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:27 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Ping timeout: 244 seconds]
05:28 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
05:42 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
05:44 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
05:45 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
05:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:56 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
05:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
06:02 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:04 -!- ltd_ [z@tyl.wires.net.au] has joined #openvpn
06:07 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
06:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:13 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
06:14 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:14 < ltd_> Hi guys, trying to sort out a roadwarrior tap based config but having issues with more than 1 client connected.  When two clients are connected they seem to knock eachother out.  It was my understanding that when using different PKI certs for each client that I could have multiple clients connected to the same server, is that right?
06:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
06:19 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
06:19 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
06:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:21 -!- Farshid is now known as Farshid|Away
06:22 < subzero79> ltd_, you're right
06:23 < subzero79> you can allow the same certificate to be used by multiple clients but you have to put the directive that allows that in the server
06:25 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 248 seconds]
06:25 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:27 < subzero79> ltd_, i have to go now, see you later
06:28 < ltd_> subzero79: they seem to knock eachother out though
06:29 < ltd_> subzero79: does it need to be tcp?  i'm using UDP.  I basically see them ping pong initializing with a bunch of "local/remote TLS key are out of sync" in between
06:29 < ltd_> subzero79: seems as if one initializes of the top of the existing session, then the other, as ping timeout on the client expires
06:30 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
06:31 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
06:31 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:31 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
06:36 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
06:37 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:38 < moviuro_> ltd_: this shouldn't happen
06:38 < moviuro_> make sure you have different certificates on the different clients
06:38 < ltd_> they're different
06:38 < ltd_> different CN
06:39 < moviuro_> protocol doesn't matter (I have tcp and udp running ATM)
06:39 < moviuro_> ltd_: paste your logs someplace
06:39 < moviuro_> curl -F 'f:1=<-' ix.io
06:40 < ltd_> server logs?
06:40 < ltd_> want me to turn up the debugging a bit?  it's pretty terse atm
06:41 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
06:42 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:42 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:43 < moviuro_> ltd_: yup, as well as your clients'
06:43 < moviuro_> see what happens on either sides
06:45 < ltd_> serve r- http://ix.io/jPe
06:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
06:50 < ltd_> client - http://ix.io/jPf
06:50 < moviuro_> ltd_: stupid question: clocks?
06:51 < ltd_> elaborate?
06:51 < moviuro_> are they synced? is $(date -u) the same across all machines?
06:51 < ltd_> the one client i have access to and the server are within 2 secs
06:52 < ltd_> other client, i would have to check tomorrow
06:52 < moviuro_> https://openvpn.net/archive/openvpn-users/2004-12/msg00022.html
06:54 < moviuro_> ltd_: also, paste the configs
06:55 < ltd_> client config - http://ix.io/jPg
06:56 < ltd_> server config - http://ix.io/jPh
06:57 < ltd_> so in reading above msg, i'm not sure that elaborated on this particular scenario...  that is more if you're getting keys out of sync in a single session scenario?
06:57 < moviuro_> route 27.113.240.14 255.255.255.255 net_gateway
06:57 < moviuro_> that's the default behavior IIRC
06:58 < ltd_> i omitted some routes from the config
06:59 < ltd_> i'm not sure it is default behavior though, at least i needed that
07:00 < ltd_> perhaps it changed in some version? maybe you're right
07:02 < ltd_> i just tested and no, i don't get the /32 route
07:02 < ltd_> and i have a static route via the vpn that captures that address
07:02 < ltd_> hence having that there
07:03 < ltd_> the tls messages are occurring because the tls keys are being replaced by the other client, then it's receiving pkts with the old keys
07:03 < ltd_> so it's kinda expected
07:03 < ltd_> what's not expected is why it's not starting the second client as a second session
07:04 < ltd_> unless openvpn is incapable of doing it with udp as it assumes any udp pkts received on a particular port are for one particular client
07:05 < ltd_> unclear... someone with a deeper knowledge of internals should know something hopefully
07:09 < moviuro_> ltd_: I have > 2 clients on my UDP server, so far all OK
07:09 < moviuro_> so that's not the issue
07:15 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:15 < bluenemo> Hi guys. I'm using easy-rsa and cant get rid of   routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:537  when running ./pkitool --server foo.example.com   I've googled for an hour and tried to edit stuff that seemed related in the openvpn.cnf and edited the vars file, nothin works so far :( Here the output of `env`, the ./pkitool debug output and my openssl.cnf: http://paste.debian.net/hidden/46609e7
07:16 < bluenemo> 3/
07:17 < moviuro_> bluenemo: what are you trying to do?
07:17 < moviuro_> easy-rsa comes with a script to create the server keys: ./build-key-server
07:18 < moviuro_> errr, append the server name at the end
07:19 < bluenemo> moviuro_, yes, ./pkitool --server is basically that script, except for the --interact. I'm trying to write a few functions for an orchestration tool called saltstack, so I can automatically create those files
07:19 < moviuro_> missing value sounds like there is a parameter missing
07:19 < bluenemo> I did such an automatiion with bash and it worked lovely, I cant seem to find my problem here now. tried everything google said for that error.. maybe sth in the env is missing?
07:20 < bluenemo> yeah, but I cant find it :( i thought it would be KEY_ALTNAMES but it isnt
07:20 < bluenemo> Also, If I do this in BASH it works perfectly. It has to be an ENV issue
07:20 < bluenemo> as in if i manually source vars, build-key-whatever and so on
07:20 < moviuro_> meh, bash
07:20 < moviuro_> easy-rsa is full sh
07:20 < moviuro_> weird
07:21 < moviuro_> perhaps ask on #bash too, bluenemo?
07:21 < bluenemo> in py I use subprocess and run this with all ENV variables exported
07:21 < bluenemo> ah sry, in py subprocess I use sh
07:21 < bluenemo> it works on the "command line" - which is a bash
07:21 < bluenemo> as in when I login via  ssh and do it "by hand"
07:22 < bluenemo> I might have to read the code :) do you guys know if build-key-server requires anything that is not set in the vars file?
07:25 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
07:29 < bluenemo> so this here: Error Loading extension section server   means that the section server in the ssl conf is faulty right? if so, it contains   subjectAltName=$ENV::KEY_ALTNAMES    but i've set KEY_ALTNAMES as ENV Variable. Any ideas?
07:31 < moviuro_> missing '$' ?
07:31 < bluenemo> $ENV::$KEY_ALTNAMES?
07:31 < bluenemo> I didnt change that, its as the file came
07:34 < bluenemo> ah no it does work to resolve that to the var I set:   routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=subjectAltName, value=ubuntu.test.giant-unicorn.org    otherwise the unicorn fqdn wouldnt show up. seems he does not like the url somehow..
07:40 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Konversation terminated!]
07:51 -!- mystica555 [~mystica55@38.75.196.67] has quit [Remote host closed the connection]
08:59 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
09:22 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has joined #openvpn
09:48 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:48 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:50 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
09:53 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
10:37 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
11:28 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
11:28 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:34 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
11:34 -!- hydralisk [~hydra@unaffiliated/hydralisk] has quit [Quit: Out hunting Terrans.]
12:13 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
12:13 -!- mode/#openvpn [+v s7r] by ChanServ
12:55 -!- rbxs [~rbxs@92.63.171.51] has joined #openvpn
13:01 -!- HardWall [~HardWall@188.24.108.51] has joined #openvpn
13:04 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
13:08 -!- mystica555 [~mystica55@38.75.196.67] has joined #openvpn
13:13 -!- fred`` [fred@earthli.ng] has quit [Ping timeout: 252 seconds]
13:15 -!- Chex [sss@swampjax.northnook.ca] has quit [Ping timeout: 252 seconds]
13:16 -!- Chex [sss@swampjax.northnook.ca] has joined #openvpn
13:19 -!- fred`` [fred@earthli.ng] has joined #openvpn
13:20 < ValdikSS> Hi! Can I find people from China here, or someone familiar with GFW?
13:45 -!- Farshid|Away is now known as Farshid
13:49 -!- toli [~toli@ip-81-11-248-9.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
13:53 -!- mete [~mete@91.247.253.160] has quit [Quit: .]
13:53 -!- mete [~mete@91.247.253.160] has joined #openvpn
13:54 -!- blueyed [~daniel@hahler.de] has joined #openvpn
13:54 -!- toli [~toli@ip-81-11-248-9.dsl.scarlet.be] has joined #openvpn
13:54 < blueyed> I am trying to use the down-root plugin, but it fails with "openvpn: DOWN-ROOT: Error sending script execution signal to background process: Connection refused"
13:55 < blueyed> This is on Ubuntu/Debian, and seems to be related to systemd and the --daemon option being used for it - running it manually appears to work.
14:09 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 248 seconds]
14:13 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
14:22 -!- Volsus [~mata@2601:1c1:c100:ac22:5dc2:e75d:14c5:f94c] has joined #openvpn
14:35 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
14:39 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
14:40 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:48 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
14:49 < ghoti> So...  I've got these two unix routers at our co-lo, which both make an OpenVPN connection back to our office.  The routers are set up with CARP for hot failover, but each maintains its own VPN connection. From the office, I can reach hosts on our co-lo network which get routed through whichever VPN connection was established *first*, as it seems that the second router's connection can't overwrite identical
14:50 < ghoti>  routing table entries.
14:50 < ghoti> In the even that the "active" router goes offline, I'll still have the VPN connection to the second router, but how might I change the routing table at our office automatically so that requests to the internal hosts at the co-lo go through the back-up VPN connection?
14:50 < blueyed> https://community.openvpn.net/openvpn/ticket/557 / 3d6a4cded breaks the down-root plugin, because it won't allow to pass an argument to it.
14:50 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
14:51 < ghoti> Do I need to set up OSPF over the VPN connections, or does OpenVPN have some facility for heartbeat or healthchecks like this?
14:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:56 -!- ig0r_ [~ig0r@unaffiliated/ig0r/x-4476876] has joined #openvpn
14:58 < ig0r_> I'm configuring OpenVPN in Linux and the VPN privider is letting me choose between TUN and TAP but I'm not sure what the difference is between the two. Is one of them more secure than the other?
15:04 -!- zamber [~zamber@dynamic-78-8-43-223.ssp.dialog.net.pl] has quit [Ping timeout: 246 seconds]
15:05 -!- Farshid is now known as Farshid|Away
15:06 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has quit [Remote host closed the connection]
15:24 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 256 seconds]
15:29 < ghoti> ig0r_: http://serverfault.com/q/21157
15:41 < pppingme> ig0r_ one is routed (tun), the other is more like ethernet (tap) and is typially bridged..  unless you have a good reason to bridge (you don't, if you think you do, fix your app), you should be routing.
15:42 < pppingme> ghoti you have multiple subnets?  multiple connections to each site?  What would be your goal in using ospf?
15:44 < blueyed> Reported my issue at: https://community.openvpn.net/openvpn/ticket/581
15:45 < ghoti> pppingme: the goal would be to allow our office router to send re-route traffic destined for the co-lo servers through the other VPN connection if the first co-lo router goes down.
15:46 < ghoti> pppingme: there's a /24 at the co-lo, another at our office, and we're using other IPs for the cross-connects.
15:46 < ghoti> the tun interfaces that is.
15:55 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
15:56 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has joined #openvpn
16:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:05 -!- ig0r_ [~ig0r@unaffiliated/ig0r/x-4476876] has left #openvpn []
16:14 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
16:15 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:35 -!- zamber [~zamber@78-8-38-190.static.ip.netia.com.pl] has joined #openvpn
16:46 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
17:02 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-vffagixiychgtbkn] has quit [Remote host closed the connection]
17:06 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has joined #openvpn
17:09 < mrtee> hey guys i want vpn to tunnel only one of my network cards. I tried openvpn —local ipadr but got an error Options error: You must define TUN/TAP device (--dev) as an result. Can anybody shed some light on this?
17:09 < mrtee> !welcome
17:09 < mrtee> !goal
17:10 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has left #openvpn []
17:11 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has joined #openvpn
17:15 -!- shadok_ [~muaddib@unaffiliated/shadok] has quit [Read error: Connection reset by peer]
17:16 -!- shadok_ [~muaddib@unaffiliated/shadok] has joined #openvpn
17:17 -!- Gunni [~gunni@kjarni/gunni] has quit [Ping timeout: 246 seconds]
17:17 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 255 seconds]
17:18 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 246 seconds]
17:19 -!- linuxthefish [~ltf@unaffiliated/edmundf] has quit [Ping timeout: 246 seconds]
17:19 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
17:19 -!- mode/#openvpn [+v s7r] by ChanServ
17:20 -!- RealityVoid [~HardWall@79.119.96.108] has joined #openvpn
17:21 -!- Gunni [~gunni@kjarni/gunni] has joined #openvpn
17:21 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
17:21 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
17:23 -!- HardWall [~HardWall@188.24.108.51] has quit [Ping timeout: 244 seconds]
17:27 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
17:37 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
17:37 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has left #openvpn []
17:39 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
17:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:43 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
17:54 -!- phormulate [~phormulat@unaffiliated/phormulate] has joined #openvpn
17:55 < phormulate> Hi all, I'm trying to use a local ssh tunnel proxy (it works fine) on the lan router to traverse an untrusted interface rather than the default routing over a vpn client bridge using packet marking... all modules required are accounted for... can someone shed some light as to why it isn't working? here is the snippet http://pastebin.com/RrUfDjPe
17:57 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
17:59 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
18:01 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has joined #openvpn
18:01 -!- phormulate [~phormulat@unaffiliated/phormulate] has quit [Remote host closed the connection]
18:01 -!- phormulate [~phormulat@unaffiliated/phormulate] has joined #openvpn
18:04 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:17 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
18:19 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
18:21 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
18:24 -!- RealityVoid [~HardWall@79.119.96.108] has quit [Read error: Connection reset by peer]
18:39 -!- phormulate [~phormulat@unaffiliated/phormulate] has left #openvpn ["Leaving"]
19:37 -!- Volsus [~mata@2601:1c1:c100:ac22:5dc2:e75d:14c5:f94c] has quit [Ping timeout: 248 seconds]
20:14 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
20:49 -!- Volsus [~mata@2601:1c1:c100:ac22:5dc2:e75d:14c5:f94c] has joined #openvpn
20:57 -!- Volsus [~mata@2601:1c1:c100:ac22:5dc2:e75d:14c5:f94c] has quit [Ping timeout: 248 seconds]
21:20 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 265 seconds]
21:20 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
21:24 -!- Volsus [~mata@2601:1c1:c100:ac22:5dc2:e75d:14c5:f94c] has joined #openvpn
21:31 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 264 seconds]
21:39 -!- Volsus [~mata@2601:1c1:c100:ac22:5dc2:e75d:14c5:f94c] has quit [Ping timeout: 248 seconds]
22:04 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:15 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
22:47 -!- Volsus [~mata@2601:1c1:c100:ac22:5dc2:e75d:14c5:f94c] has joined #openvpn
23:29 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
23:35 -!- ShadniX [dagger@p5DDFCF6D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:35 -!- ShadniX_ [dagger@p57941D16.dip0.t-ipconnect.de] has joined #openvpn
23:35 -!- ShadniX_ is now known as ShadniX
23:38 -!- Volsus [~mata@2601:1c1:c100:ac22:5dc2:e75d:14c5:f94c] has quit [Quit: Leaving]
23:55 -!- monsterco [~monsterco@70.50.209.119] has joined #openvpn
--- Day changed Mon Jul 20 2015
00:00 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Read error: Connection reset by peer]
00:00 -!- HanSooloo_ [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
00:03 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-zhsnowzosnostzdz] has quit [Ping timeout: 240 seconds]
00:18 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-zxnveeijumtrdubj] has joined #openvpn
00:30 -!- monsterco [~monsterco@70.50.209.119] has quit [Ping timeout: 264 seconds]
00:35 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-zxnveeijumtrdubj] has quit [Ping timeout: 248 seconds]
00:35 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-oftezmdyjtqeeokm] has quit [Ping timeout: 248 seconds]
00:36 -!- jefferai [sid1300@kde/mitchell] has quit [Ping timeout: 248 seconds]
00:37 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
00:39 -!- mystica555 [~mystica55@38.75.196.67] has quit [Ping timeout: 246 seconds]
00:40 -!- mystica555 [~mystica55@38.75.196.67] has joined #openvpn
00:41 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-urrpgplazyfvdofz] has joined #openvpn
00:41 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-slvfznfmbdfgttrb] has joined #openvpn
00:54 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
01:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:02 -!- mode/#openvpn [+o mattock1] by ChanServ
01:14 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 244 seconds]
01:16 -!- zamber [~zamber@78-8-38-190.static.ip.netia.com.pl] has quit [Ping timeout: 244 seconds]
01:16 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
01:17 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
01:18 -!- zamber [~zamber@78-8-38-190.static.ip.netia.com.pl] has joined #openvpn
01:20 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:31 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:43 -!- akamaru217 [~akamaru@2601:cd:4001:b705:cd3d:31a9:16e2:2a0c] has quit [Read error: Connection reset by peer]
01:51 -!- cmanns [475f84ff@gateway/web/freenode/ip.71.95.132.255] has joined #openvpn
01:52 < cmanns> To utilize different IP's (to simulate static IP) I should run multiple openvpn server instances for each client that needs its own?
01:58 < subzero79> cmanns, one openvpn server can serve many clients
01:58 < cmanns> Yeah I was just reading I can static assign, but the traffic will route out of the servers static public IP?
01:58 < cmanns> In past I always used a shared static IP for all openvpn clients
02:00 < subzero79> you can define clients openvpn ip address using ccd directories. The configs will be pushed accordingly to their common name in their certifcates
02:01 < subzero79> sorry using the ccd directory*
02:01 < subzero79> the traffic you mean internet traffic?
02:03 < subzero79> that's optional some openvpn servers are configured to allow clients to access server resources, others to redirect internet traffic, etc
02:04 < cmanns> Yeah I was to redirect certain openvpn clients traffic in/out of certain public IP's
02:05 < subzero79> ok...so if is configured in the server properly it can automatically be the default gateway for clients
02:09 < subzero79> be right back
02:22 -!- TheAlien [~alien@94-226-70-159.access.telenet.be] has quit [Ping timeout: 256 seconds]
02:31 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:31 -!- jefferai [jefferai@kde/mitchell] has quit [Write error: Connection reset by peer]
02:33 < subzero79> cmanns, so you want to configure your server to redirect traffic but only certain clients to access to have that option?
02:33 < cmanns> I was more so wanting to use one public IP on the openvpn server, per client. However the cloud vm so cheap I may as well buy multiple and setup failover
02:34 < subzero79> ahh ok..
02:34 < subzero79> seems more complicated than the common setups i've done
02:34 < cmanns> Yeah I could instead just give each VM it's own openvpn server if it needs its own full IP
02:35 < subzero79> i don't if that possible, but there are other people here that might help you to know if that's possible with a single vpn server
02:36 < cmanns> We'll see, they yet to deliver vm yet and I'm probably heading off soon- will dig in tomorrow probably
03:06 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
03:07 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 244 seconds]
03:09 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:13 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
03:17 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
03:17 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
03:25 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
03:25 -!- AL13N_work [~alien@91.183.52.232] has quit [Quit: Leaving.]
03:31 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 256 seconds]
03:33 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
03:51 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
03:52 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:05 -!- dazo_afk is now known as dazo
04:05 -!- ade_ [~Ade@redhat/adeb] has joined #openvpn
04:07 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 244 seconds]
04:12 -!- ade_ [~Ade@redhat/adeb] has quit [Remote host closed the connection]
04:12 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Read error: No route to host]
04:13 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:15 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
04:37 -!- cmanns [475f84ff@gateway/web/freenode/ip.71.95.132.255] has quit [Quit: Page closed]
04:42 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-aofvdzrxapwgsnkw] has joined #openvpn
04:58 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
05:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:15 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:23 < dionysus69> hey guys I am using dh1024, what is the reason to use dh2048, i understand it is more secure but is dh1024 "easy to hack"? also is connection slower with dh2048? I am trying to weigh pros and cons
05:38 < BtbN> it takes longer to generate the secret.
05:38 < BtbN> And is in turn way harder to guess.
05:39 -!- apollo2k is now known as aPollO2k
05:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
05:52 -!- aPollO2k is now known as apollo2k
05:56 -!- apollo2k is now known as aPollO2k
06:08 <@dazo> dionysus69: the DH parameter is a unique prime number, which isn't really a secret at all.  However, the size of the DH parameter helps creating stronger keys, as the keys are using the prime as an input
06:09 <@dazo> For more info https://security.stackexchange.com/questions/47204/dh-parameters-recommended-size
06:10 <@dazo> dionysus69: whatever you do, do not ever go below 1024 bits for DH.  I personally have chosen 4096 bits for DH as well, just because.  It can sometimes take quite a while, but you don't do this operation that often.
06:11 <@dazo> In general, I would not recommend going below 2048bits ... and iirc, we fairly recently updated the sample keys in the source tree to a 2048 bits DH.
06:12 <@dazo> Also more info about some DH weaknesses: https://weakdh.org/
06:15 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
06:22 -!- zamber [~zamber@78-8-38-190.static.ip.netia.com.pl] has quit [Ping timeout: 244 seconds]
06:22 -!- plai [~arne@openvpn/community/developer/plaisthos] has quit [Remote host closed the connection]
06:23 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
06:23 -!- mode/#openvpn [+o plaisthos] by ChanServ
06:25 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
06:25 < dionysus69> dazo: thanks allot: )
06:30 -!- Tuju [~tuju@214.204.50.195.sta.estpak.ee] has joined #openvpn
06:31 -!- zamber [~zamber@78.10.86.90] has joined #openvpn
06:35 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:00 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
07:01 -!- P4k3 [~P4k3@hydrogen.frostis.se] has joined #openvpn
07:03 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
07:03 < P4k3> Anyone with any experience on setting up an openvpn-server on mikrotik? I have two mikrotik routers and have set one up as a server, the other one as a client. They are connecting fine, I can ping on both the vpn-ip and the lan ip from the terminal on the routers. I can also ping devices on the remote lan from the router.
07:04 < P4k3> On clients on the lan I can ping the remote mikrotiks lan ip, but no other devices on the remote lan.
07:05 < P4k3> oh.. nice.. there is a mikrotik-channel also.. maybe better to ask there ^^
07:19 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
07:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
07:31 -!- aPollO2k is now known as apollo2k
07:32 -!- mattsl [~user@68.169.165.200] has joined #openvpn
07:35 -!- HanSooloo_ [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Read error: Connection reset by peer]
07:35 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
07:36 < mattsl> I have just set up an  OpenVPN server on a DD-WRT router, but I get no connectivity between them. I can't even ping the router/server from the client nor client form the server.
07:36 < mattsl> And that's even on the VPN network, not even on their regular IPs
07:37 < mattsl> Is there something obvious I'm probably missing?
07:40 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
07:45 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
07:47 -!- apollo2k is now known as aPollO2k
07:49 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Remote host closed the connection]
07:51 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
07:59 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:05 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
08:13 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has joined #openvpn
08:23 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
08:27 < ghoti> What's the best way to handle either load balancing or fail-over with openvpn?  I've got a pair of routers at our co-lo that each make a connection back to our office, with a static route at the office for for the colo's internal network. If the "live" colo router goes down, how might I move the route over to the other openvpn connection from the other router?
08:27 < ghoti> Or is there a better way to architect this?
08:32 < Thermi> mark, policy based routing, dynamic routing
08:37 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
08:39 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Client Quit]
08:42 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
08:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
08:46 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:48 -!- Haxxa [~Harrison@cpe-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
08:53 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
08:53 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
08:53 -!- mode/#openvpn [+v s7r] by ChanServ
08:56 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
09:06 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:18 -!- Farshid|Away is now known as Farshid
09:35 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Bye bye]
09:35 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
09:38 -!- adraenwan_ [~quassel@vanguard.tfnux.org] has joined #openvpn
09:39 -!- ltd [z@tyl.wires.net.au] has joined #openvpn
09:39 -!- pekster_ [~rewt@openvpn/community/developer/pekster] has joined #openvpn
09:39 -!- mode/#openvpn [+o pekster_] by ChanServ
09:39 -!- CosineDeviance [~quassel@2602:306:3908:8eb0:c1ea:546d:7b63:b1e2] has joined #openvpn
09:39 -!- troyt_ [~troyt@2601:681:4602:d6f1:44dd:acff:fe85:9c8e] has joined #openvpn
09:40 -!- batrick_ [batrick@nmap/developer/batrick] has joined #openvpn
09:42 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 248 seconds]
09:42 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 248 seconds]
09:42 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 248 seconds]
09:42 -!- troyt [~troyt@2601:681:4602:d6f1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 248 seconds]
09:42 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 248 seconds]
09:42 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 248 seconds]
09:42 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 248 seconds]
09:42 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 248 seconds]
09:42 -!- ltd_ [z@tyl.wires.net.au] has quit [Ping timeout: 248 seconds]
09:42 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 248 seconds]
09:42 -!- avril [~L@I.thought.this.was.dalnet.ca] has quit [Ping timeout: 248 seconds]
09:42 -!- jefferai [jefferai@kde/mitchell] has quit [Ping timeout: 248 seconds]
09:42 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 248 seconds]
09:42 -!- SineDeviance [~quassel@2602:306:3908:8eb0:31f1:5185:d678:fc9b] has quit [Ping timeout: 248 seconds]
09:42 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 248 seconds]
09:42 -!- samopotamus [~samopotam@2607:5300:60:a0d::1] has quit [Ping timeout: 248 seconds]
09:42 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 248 seconds]
09:42 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 248 seconds]
09:42 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 248 seconds]
09:42 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Ping timeout: 248 seconds]
09:42 -!- rbxs [~rbxs@92.63.171.51] has quit [Ping timeout: 248 seconds]
09:42 -!- d10n [~d10n@unaffiliated/d10n] has quit [Ping timeout: 248 seconds]
09:42 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 248 seconds]
09:42 -!- Kobaz [~kobaz@its.kobaz.net] has quit [Ping timeout: 248 seconds]
09:42 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 248 seconds]
09:42 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 248 seconds]
09:42 -!- Farshid [Farshid@gateway/shell/elitebnc/x-pvxmnnqapaigosyt] has quit [Ping timeout: 248 seconds]
09:42 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
09:42 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
09:42 -!- Neal_ [neal@2600:3c00::f03c:91ff:fe69:a26e] has joined #openvpn
09:42 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:42 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
09:42 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
09:42 -!- mode/#openvpn [+o dazo] by ChanServ
09:42 -!- samopotamus [~samopotam@2607:5300:60:a0d::1] has joined #openvpn
09:42 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
09:42 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
09:43 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
09:43 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
09:44 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
09:47 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
09:52 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
09:53 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
09:58 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
10:00 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
10:02 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:15 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
10:23 < mattsl> So I just set up a simple server on a DDWRT router. It connects fine, but no traffic is passing properly. Is there something obvious I'm missing? I can't ping from the client to server or vice versa, even on the VPN IPs.
10:25 < Bitxlove> what u mean by no traffic is passing properly ?
10:25 < mattsl> I can't ping anything
10:25 < Bitxlove> localy ?
10:25 < mattsl> On the VPN subnet
10:26 < mattsl> The server and client can ping their own IPs, that's it
10:26 < mattsl> (And can still communication properly on their respective non-VPN LANs)
10:36 <@dazo> ecrist: where's vpnHelper these days?
10:37 <@dazo> mattsl: For OpenVPN usage, I'd advice you to use OpenWRT over dd-wrt ... the reason is that dd-wrt guys don't give a shit about security
10:37 < Eugene> Dead, in a corner.
10:38 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
10:38 <@dazo> mattsl: anyone can extract the encryption keys used for ssh and https on an dd-wrt router by downloading the dd-wrt image.  It is static across all installations.  And a fun fact:  dd-wrt developers don't see that as a problem
10:38 <@dazo> "Nobody should administer their router from the Internet" is their answer
10:39 <@plaisthos> dazo: wtf?!
10:39 <@dazo> yeah ... littleblackbox
10:39 <@dazo> that's where this was revealed
10:39 <@plaisthos> maybe they should switch to telnet and http then
10:39 <@dazo> hehe
10:39 <@dazo> https://www.dd-wrt.com/phpBB2/viewtopic.php?t=84536
10:40 <@dazo> " I can't imagine any situation where an attacker would be able to capture the encrypted traffic and expect to get anyone to login to their router via HTTPS. "
10:40 <@dazo> those guys are quite misguided
10:43 < Bitxlove> mattsl thanks , think going to change my firm
10:45 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
10:45 < Bitxlove> on the other hand do you know something about tomato by shibby ?
10:45 < Bitxlove> tomato.groov.pl
10:49 -!- batrick_ is now known as batrick
10:49 -!- aPollO2k is now known as apollo2k
10:49 <@dazo> Bitxlove: I dunno ... but it is hard to get any worse than dd-wrt
10:52 < Bitxlove> lolz , now i feel bad going to make some changes here
10:53 <@dazo> Bitxlove: one thing to check if Tomato is better ... log into a freshly flashed router with ssh, and it ssh would tell you something about unknown ssh fingerprint.  Re-flash the device with the same firmware.  If the warning about unknown or mismatching fingerprint appears, it is reasons to believe keys are generated on fresh flashes
10:53 <@dazo> You can also do a similar check with https too
10:54 < Bitxlove> nice tip thanks
10:56 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has joined #openvpn
10:58 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
11:00 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
11:12 -!- synthnassizer [~synthnass@143.233.242.130] has joined #openvpn
11:13 -!- synthnassizer [~synthnass@143.233.242.130] has quit [Quit: Leaving]
11:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:13 -!- synthnassizer [~synthnass@143.233.242.130] has joined #openvpn
11:14 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
11:15 < synthnassizer> hi all I have , a TLS error with my openvpn setup. It's been bugging me for a while now. The past couple of weeks I've been trying intensively to solve it. I may (or may not have pin pointed the problem, but can't seem to find a solution yet.
11:16 < synthnassizer> May I draw your attention to this thread in the forums (last post sums up the problem at packet level)  https://forums.openvpn.net/topic19241.html
11:17 < synthnassizer> if needed instead of reading through the posts, read the summary of what has been tried here http://serverfault.com/questions/705984/tls-error-handshake-failed-openvpn-server-is-behind-nat-on-dynamic-ip
11:19 < synthnassizer> the key points are: the openvpn server is on dynamic ip. when the ip changes, clients cannot reconnect. due to some NAT'ing (or otherwise) the server's packet response to a ping from the client is sent at a different port, so the firewall at the client drops the packet. Thus I get TLS errors.
11:20 < synthnassizer> I have tcpdumps from server and client.
11:21 < synthnassizer> I appreciate the time and effort you'll put in it. even some guide as to which way should I go next and what to check next would be helpful. thank you all!
11:22 -!- Farshid [Farshid@gateway/shell/elitebnc/x-uptldexiijcymfjh] has joined #openvpn
11:27 <@plaisthos> synthnassizer: reconnect should not fail
11:27 < synthnassizer> what do you mean? which reconnect?
11:27 <@plaisthos> synthnassizer: what is your definition of reconnect is this scenario?
11:28 < synthnassizer> @plaisthos well after the dynamic ip changes  , I expect the clients to reconnect to the openvpn server automatically
11:28 <@plaisthos> synthnassizer: reconnect as in tls timeout and client opens a new connection or reconnect as in the "server ip changes and clients automatically continue to work"
11:31 <@plaisthos> for the second you need -master on the server and 2.3.6+ on the clients
11:31 <@plaisthos> and --float on the clients
11:34 < synthnassizer> @plaisthos since when is "master" a keyword for openvpn_server.conf ? and also, I have been used openvpn server for almost 10 years - I did not used to have these problems for most of the 10 years.
11:34 <@plaisthos> synthnassizer: you still do not answer what you meant with reconnect
11:34 <@plaisthos> synthnassizer: -master as in OpenVPN master version
11:35 < synthnassizer> @plaisthos. I already use "float" in my clients" , but none is version 2.3.6+. The server is version 2.2.2 as well (on a slackware system, so no frequent updates)
11:35 < synthnassizer> @plaisthos well after the dynamic ip changes  , I expect the clients to reconnect to the openvpn server automatically
11:35 <@plaisthos> synthnassizer: define reconnect in that scenario please
11:35 < synthnassizer> so reconnect would be clients reconnecting to the server
11:36 < synthnassizer> after a server ip change
11:36 <@plaisthos> synthnassizer: argh!
11:36 < synthnassizer> @plaisthos what?
11:36 <@plaisthos> synthnassizer: what do you consider reconnect?
11:37 <@plaisthos> reconnect is reconnecting is not helpful at all
11:37 <@plaisthos> reconect could something like floating to the new connnection or ping-timeout, sigusr1, new connection
11:38 < synthnassizer> @plaisthos   : floating to the new connection
11:39 <@plaisthos> synthnassizer: if you NAT does NOT preserve port numbers you need -master on the server and 2.3.6+
11:39 <@plaisthos> if it does preserve port numbers and the connection looks the same as before from the server side, it should work
11:41 < synthnassizer> 2.3.6+ on server, too ? NAT seems to not be preserving source port numbers. is it something on the server firewall level? on the servers modem?
11:43 < synthnassizer> also, I am fuzzy about this "-master" clause. I cannot find it in openvpn 2.3 manual page : https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage Is there somewhere I can read and understand how it would affect the connection?
11:45 <@plaisthos> master as in
11:45 <@plaisthos> !git
11:46 <@plaisthos> google peer id openvpn
11:49 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 252 seconds]
11:50 < synthnassizer> @plaisthos done. This does not seems like my problem. server ip is the one that changes in my case, not client one. plus I don't reconnect even. not after ping-timeout nor after ping-restart. https://community.openvpn.net/openvpn/ticket/49
11:51 <@plaisthos> then your fw is seriously broken
11:51 <@plaisthos> !notovpn
11:51 < synthnassizer> ok about git master branch . still this seems like a problem that should have popped up 20years ago and solved 19years ago.
11:51 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
11:51 <@plaisthos> nobody runs vpn on dynamic servers
11:51 <@plaisthos> so no
11:52 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
11:53 < synthnassizer> very possibly fw fuck up. still what could change the source port (have you seen the tcpdumps?)
11:54 < synthnassizer> the community has repeatedly stated that they run openvpn servers on dynamic ip. So I keep on thinging There is some screw up at the ovpn or fw level that I can solve....
11:54 -!- Netsplit *.net <-> *.split quits: Chex, RaiNerTsuFal, Olipro
11:55 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
11:56 < synthnassizer> both tcpdumo on server and on client get a packet and the response is done on same ports. yet when a packet from server reaches the client (and vice versa) the source port is nolonger the same. so the client drops the packet. could the fuck up be in the modems?
11:57 < synthnassizer> because from the fw " -t nat " I do not do much more other than masquerading.
12:02 < synthnassizer> it is not true that ppl do not run openvpn servers from dynamic ip. I for one have been using for more than 10 years
12:03 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
12:09 < synthnassizer> @plaisthos have you seen something in the fw to say that it is broken? Generalisastions do not help. I assume it might be so, but if you can pinpoint a reason that would be a +
12:22 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:25 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has joined #openvpn
12:26 -!- synthnassizer [~synthnass@143.233.242.130] has left #openvpn ["Leaving"]
12:32 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
12:34 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
12:36 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
12:36 -!- Tuju [~tuju@214.204.50.195.sta.estpak.ee] has quit [Ping timeout: 255 seconds]
12:46 -!- cato [cato@i.xnis.de] has joined #openvpn
12:46 -!- kazoo [brandon@unaffiliated/kazoo] has joined #openvpn
12:46 < cato> Hello,
12:47 < kazoo> !welcome
12:47 < kazoo> !goal
12:47 < kazoo> !paste
12:47 < kazoo> !configd
12:47 < kazoo> !configs
12:47 < kazoo> :(
12:47 < kazoo> Oh well I guess I'll wing ot
12:47 < kazoo> It*
12:47 < cato> I have isolated bridges on two linux servers for lxc-containers, now I want to brige the two bridges into one. Any hints or links for this?
12:48 -!- Olipro_ is now known as Olipro
12:48 < kazoo> I'm using OpenVPN for Android and I'm using a pkcs12 file and this error is stopping me http://www.pastebin.ca/3068409
12:50 < kazoo> IPTables and IP6Tables are not running as well
12:52 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
12:53 -!- zishbu [~zishbu@unaffiliated/zishbu] has joined #openvpn
12:57 -!- _2E0PGS [~2E0PGS@cpc4-aztw26-2-0-cust849.18-1.cable.virginm.net] has joined #openvpn
12:57 -!- _2E0PGS [~2E0PGS@cpc4-aztw26-2-0-cust849.18-1.cable.virginm.net] has left #openvpn ["Leaving"]
12:58 < kazoo> I can't seem to get past that TLS Handshake Failure issue
13:03 < kazoo> http://www.pastebin.ca/3068429
13:03 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has joined #openvpn
13:04 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has left #openvpn []
13:04 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has joined #openvpn
13:04 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has left #openvpn []
13:04 < kazoo> http://www.pastebin.ca/3068430
13:05 < kazoo> http://www.pastebin.ca/3068432
13:05 < kazoo> There's 3 diffrent logs as well as my openvpn.conf file
13:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
13:14 < mystica555> whats the client's config?
13:16 < mystica555> you might actually need to set tunnel mtu slightly lower as well, i believe ive had some issues with that..
13:20 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Ping timeout: 250 seconds]
13:21 < kazoo> Mystica555 I actually haven't created a client config
13:21 < kazoo> It doesn't ask for a .opvn file
13:23 < mystica555> hm
13:23 < mystica555> im pretty sure you still need a client config..somewhere..
13:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:23 < DArqueBishop> You do.
13:24 < DArqueBishop> I use OpenVPN Connect for iOS with a PKCS12, and still need to use a configuration file with it.
13:26 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
13:32 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:35 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
13:36 < kazoo> OpenVPN for Android and OpenVPN Connect are 2 separate Applications
13:38 < DArqueBishop> Granted, but the core point remains.
13:38 < kazoo> I have OpenVPN Connect now, My apologies but how can I create a .opvn file
13:38 < DArqueBishop> The PKCS12 keyfile won't contain configuration info.
13:39 < DArqueBishop> An .ovpn file is simply a .conf file. the .ovpn extension is used so that Windows will recognize the configuration file as an OpenVPN file.
13:43 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
13:43 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
13:46 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
13:54 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:54 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
13:57 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
13:59 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
14:02 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
14:03 -!- monsterco [~monsterco@TOROON474AW-LP130-01-1177674788.dsl.bell.ca] has left #openvpn ["Closing Window"]
14:11 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
14:17 -!- shadok_ [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
14:17 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has joined #openvpn
14:18 -!- zishbu [~zishbu@unaffiliated/zishbu] has quit []
14:18 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
14:19 < mrtee> Im trying to bind openvpn to my second interface with sudo openvpn --local 192.168.1.62 --dev tun1 . When i then try to see with curl --interface 192.168.1.62 ifconfig.co what my outside ip is, i am not getting one from the vpn server but my local one again. Anybody know why?
14:20 <+esde> !welcome
14:20 <+esde> oh, right.
14:21 < kazoo> DArqueBishop: Error reading multiple files referenced by profile: client.crt, client.key
14:22 <+esde> Any idea if/when vpnHelper may return?
14:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
14:40 -!- mrtee [~mrtee@p57A3DC10.dip0.t-ipconnect.de] has left #openvpn []
14:40 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
14:41 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
14:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
14:54 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 244 seconds]
15:12 -!- Farshid is now known as Farshid|Away
15:44 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:46 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Quit: HanSooloo]
15:48 <@plaisthos> kazoo: check conectivity
15:49 < kazoo> Plaisthos I figured it out
15:49 <@plaisthos> kazoo: kk
15:49 < kazoo> Now it just says connecting
15:49 < kazoo> Connection timed out
15:49 <@plaisthos> check connection
15:49 <@plaisthos> try wifi vs mobile
15:55 < kazoo> I'm on wifi
15:57 < kazoo> Plaisthos http://www.pastebin.ca/3069108
15:59 <@plaisthos> kazoo: if that is the server log it looks like a connection problem between client and server
16:00 < kazoo> Plaisthos Which I can't figure out why there's an issue, I'm on my wifi and have 20Mb/s and my servers 100MB/s
16:00 <@plaisthos> kazoo: did you try from a non android client?
16:00 < kazoo> Don't have access to a non android client
16:01 <@plaisthos> like a pc or something
16:01 -!- zishbu [~zishbu@unaffiliated/zishbu] has joined #openvpn
16:04 < kazoo> My PC broke
16:04 < kazoo> So no Desktop/Laptop support
16:09 < kazoo> Plaisthos: I figured it out
16:11 < kazoo> SSL Read Error possessing of the certificate handshake message faild
16:14 -!- sheepman [~sheepman@unaffiliated/sheepman] has quit [Ping timeout: 245 seconds]
16:16 -!- sheepman [~sheepman@unaffiliated/sheepman] has joined #openvpn
16:17 < kazoo> Well shot
16:17 < kazoo> Shit*
16:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
16:21 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
16:34 -!- dazo is now known as dazo_afk
16:39 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Remote host closed the connection]
16:41 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
16:42 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
16:44 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
16:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:02 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
17:03 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Quit: leaving]
17:03 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:03 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
17:09 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:19 -!- RaiNerTsuFal [~RaiNerTsu@akita.vtlx.cn] has joined #openvpn
17:21 -!- Chex [sss@swampjax.northnook.ca] has joined #openvpn
17:22 -!- Volsus [~mata@2601:1c1:c100:ac22:1435:ce8c:a53f:b74a] has joined #openvpn
17:33 -!- alec-b [~alec@184.181.54.77.rev.vodafone.pt] has joined #openvpn
17:36 < alec-b> Hi all. I want a vpn client to route certain packages via another client (use it as a gateway). I can do this easilly by setting up a different routing table, that has a default route using said client's IP as the gw. This works only on tap mode, given that for the tun interface, I suspect because the network itself already uses the other point as a gateway, I keep getting "Network in unreachable" when I t
17:36 < alec-b> ry to do the same approach. How can I work arround this? Thank you.
17:42 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:57 -!- strungout [odussomai@unaffiliated/suffer] has joined #openvpn
18:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
18:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:37 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
18:38 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
18:39 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:48 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Quit: WeeChat 0.4.2]
18:56 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
18:56 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
18:58 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:59 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
19:04 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 240 seconds]
19:05 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
19:49 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
19:56 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has joined #openvpn
20:01 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
20:04 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Client Quit]
20:11 -!- Telvana [~digits@2605:a000:122d:c154:213:72ff:fefc:b034] has joined #openvpn
20:34 -!- bruxC [~bruxC@c-76-118-3-138.hsd1.nh.comcast.net] has quit [Quit: Leaving]
21:00 -!- fling [~fling@fsf/member/fling] has joined #openvpn
21:21 -!- alec-b [~alec@184.181.54.77.rev.vodafone.pt] has quit [Ping timeout: 244 seconds]
21:21 -!- alec-b [~alec@184.181.54.77.rev.vodafone.pt] has joined #openvpn
21:52 -!- thumbs is now known as httpd
21:52 -!- httpd is now known as thumbs
22:04 -!- AMERICAN_PSYCHO [~AMERICAN_@216.sub-70-196-1.myvzw.com] has joined #openvpn
22:52 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
22:53 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Max SendQ exceeded]
23:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
23:26 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:26 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
23:33 -!- ShadniX [dagger@p57941D16.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX [dagger@p57941D88.dip0.t-ipconnect.de] has joined #openvpn
23:51 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
23:51 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
--- Day changed Tue Jul 21 2015
00:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:10 -!- mode/#openvpn [+o mattock1] by ChanServ
00:48 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 246 seconds]
01:21 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Quit: Lost terminal]
01:27 -!- wowaname is now known as gidgud
01:28 -!- gidgud is now known as wowaname
01:51 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
01:53 -!- toli [~toli@ip-81-11-248-9.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:54 -!- toli [~toli@ip-81-11-248-94.dsl.scarlet.be] has joined #openvpn
01:59 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:10 -!- Farshid|Away is now known as Farshid
02:15 -!- mattsl [~user@68.169.165.200] has quit [Read error: Connection reset by peer]
02:15 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Remote host closed the connection]
02:23 -!- kubanc [~kubanc@unaffiliated/kubanc] has joined #openvpn
02:25 < kubanc> Hello. I ahve a little problem with dd-srt and OpenVPN. I have managed to connect to openVPN, as you can see xchat client is working but I cannot browse the internet and I cannot get external IP from openVPN
02:29 < subzero79> seems like a dns problem
02:29 < subzero79> kubanc, can you ping 8.8.8.8
02:29 < subzero79> ?
02:31 < kubanc> subzero79, no
02:31 < kubanc> subzero79, i did ping from client
02:32 < subzero79> is the client a windows compter?
02:32 < kubanc> in the openvpn.config is this correct: push "dhcp-option DNS 10.8.0.1" or should I put push "dhcp-option DNS 8.8.8.8"
02:33 < kubanc> subzero79, yes, it is windows 7, and I have started the openVPN GUI with the administrative privilegies
02:33 < subzero79> ok
02:34 -!- kubanc [~kubanc@unaffiliated/kubanc] has quit [Read error: Connection reset by peer]
02:35 < subzero79> the first option i am not sure if it would work, because i don't know if ddwrt would allow dnsmasq to listen at tun. So i would prefere the second one. But thing is you're not allowed to ping internet
02:36 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
02:37 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
02:39 -!- kubanc [~kubanc@unaffiliated/kubanc] has joined #openvpn
02:39 < kubanc> subzero79, it looks like I am getting disconnected from schat also
02:39 < kubanc> schat=schat
02:39 < kubanc> schat=xchat
02:39 -!- Telvana [~digits@2605:a000:122d:c154:213:72ff:fefc:b034] has quit [Ping timeout: 248 seconds]
02:40 < subzero79> i see
02:41 < kubanc> but my remote connection to the client is working OK if I am connected through VPN
02:41 -!- kubanc [~kubanc@unaffiliated/kubanc] has quit [Client Quit]
02:42 -!- kubanc [563d4c96@gateway/web/freenode/ip.86.61.76.150] has joined #openvpn
02:44 < kubanc> subzero79: and I can also connect to dd-wrt administrator GUI
02:49 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
02:49 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
02:50 < subzero79> when you connect in windows can you check with route print if the default gateway has been set to point to openvpn?
03:00 < subzero79> kubanc, i'll have to leave you for a moment, dinner time
03:00 < kubanc> ok subzero79
03:03 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
03:05 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 246 seconds]
03:06 < kubanc> subzero79: I have a route with network desination that is the IP of the server, netmask is 255.255.255.255, gateway=On-link interface=192.168.10.6 metric=286
03:06 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:19 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
03:38 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:48 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
03:54 < subzero79> kubanc, is this bridge (tap) setup? also can you ping the remote server through the vpn link?
03:59 < kubanc> I probably cannot ping it because of the firewall in the dd-wrt. On the client I've set "dev tun0" if this is what you are referring with "is this bridge (tap) setup?"
04:01 < subzero79> no... tun is routed
04:01 < subzero79> is ok
04:02 < subzero79> can you ping back? from ddwrt to the client?
04:13 < kubanc> subzero79: well the problem as I see now is, that when I click save configuration I cannot access administrator GUI from internet as I did now. The page keeps on refreshing.. Perhaps there is something worng with dd-wrt
04:13 < subzero79> dd-wrt is not a good device for running a openvpn server is much prefered openwrt,
04:20 < kubanc> subzero79: ok administrator GUI is back, I will try and disable firewall and see if I can ping router.
04:22 < kubanc> subzero79: If I disable firewall everything is working well
04:22 < kubanc> subzero79: and the client gets the VPN server's address
04:24 -!- mrtee [~mrtee@p57A3D683.dip0.t-ipconnect.de] has joined #openvpn
04:24 -!- mrtee [~mrtee@p57A3D683.dip0.t-ipconnect.de] has left #openvpn []
04:24 < kubanc> subzero79: this are my command settings in the dd-wrt: http://paste.ubuntu.com/11913503/
04:27 -!- Farshid is now known as Farshid|Away
04:38 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 244 seconds]
04:40 < subzero79> kubanc, did you put those rules?
04:44 < kubanc> yes, I've copied them from web sites. Right now I see that one command was wrong:"iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT" I have changed it to iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
04:47 < subzero79> the first one seems unnecessary. I would expect ddwrt to open the port auto
04:47 < subzero79> but i haven't use it in many years...so maybe i am wront
04:47 < subzero79> wrong
04:51 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
04:53 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:03 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
05:04 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:05 < kubanc> subzero79: are the other commands OK?
05:06 < subzero79> You mentioned that you disabled those rules and everything worked as expected?
05:07 < kubanc> subzero79: at the moment I have disabled the firewall on dd-wrt and openvpn is working fine.
05:09 -!- pekster_ [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 246 seconds]
05:10 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
05:10 -!- mode/#openvpn [+o pekster] by ChanServ
05:11 < subzero79> i am reading through their wiki for openvpn. Some wiki indicates the usual openvpn iptables ruleset for openvpn
05:11 < subzero79> the other wiki doesn't say anything
05:12 < subzero79> by disabled the firewall you mean you took your rules out?
05:17 < kubanc> subzero79: It is working now
05:17 < kubanc> I had a mistake iptables -I FORWARD 1 --source 192.168.1.0/24 -j ACCEPT" I have changed it to iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
05:18 < kubanc> 192.168.1.0/24 is the LAN network
05:18 < subzero79> ok good to hear
05:20 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
05:22 < kubanc> subzero79: yes, I agree :D
05:23 < subzero79> If i recall tomato adds the routes automatically...and in openwrt (my case) you create forwarding zones, very easy to setup
05:23 < subzero79> add the rules automatically*
05:24 < kubanc> subzero79: so, you are using openwrt?
05:24 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:25 < subzero79> yes, i used dd-wrt many many years ago, then i discovered tomato, never went back, a year ago i stumbled with openwrt, left tomato behind
05:26 < subzero79> i've tried once with pfsense in a thin client (those little HP ones) but it wasn't very stable
05:38 < kubanc> subzero79: on which router did you install openwrt?
05:38 < subzero79> wndr3800
05:38 < subzero79> netgear
05:40 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
05:43 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:45 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 246 seconds]
05:55 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
06:02 -!- dazo_afk is now known as dazo
06:03 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
06:04 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:14 -!- Farshid|Away is now known as Farshid
06:18 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:35 -!- kubanc [563d4c96@gateway/web/freenode/ip.86.61.76.150] has quit [Quit: Page closed]
06:35 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 248 seconds]
06:36 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
06:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:39 < pitastrudl> so why does dnsleak test show some opendns servers , says that i DO have a dns leak, the fix offers to set them to 0, what will that affect?
06:47 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 260 seconds]
06:48 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:08 -!- Farshid is now known as Farshid|Away
07:16 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
07:48 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
07:56 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
07:58 < ValdikSS> Hi! I'm using networkmanager 1.0.4 and kdeplasma-applets-plasma-nm 0.9.3.6 (KDE4). Networkmanager sets MTU of my wireless adapter to 1280 when I connect to OpenVPN server. Could anyone confirm?
08:16 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
08:18 <@plaisthos> !networkmanager
08:21 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
08:29 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Read error: Connection reset by peer]
08:31 < cato> Hi, I have isolated bridges on two linux servers for lxc-containers, now I want to brige the two bridges into one. Any hints or links for this?
08:46 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
08:50 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
08:54 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
09:23 <@plaisthos> cato: wrong channel for that
09:23 <@plaisthos> but normally use use gre, vlan or vpn
09:23 <@plaisthos> e.g. openvpn with tap on both sides
09:30 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-aofvdzrxapwgsnkw] has quit [Excess Flood]
09:30 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-tpyceodbbzyiijtj] has joined #openvpn
09:49 -!- AMERICAN_PSYCHO [~AMERICAN_@216.sub-70-196-1.myvzw.com] has quit [Read error: Connection reset by peer]
09:50 -!- AMERICAN_PSYCHO [~AMERICAN_@216.sub-70-196-1.myvzw.com] has joined #openvpn
10:05 -!- AMERICAN_PSYCHO [~AMERICAN_@216.sub-70-196-1.myvzw.com] has quit [Ping timeout: 255 seconds]
10:08 -!- EugeneKay [eugene@kashpureff.org] has joined #openvpn
10:09 -!- zoredache_ [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
10:09 -!- Netsplit *.net <-> *.split quits: @krzee, samopotamus, kossy, Poster, DrCode, Eugene, ShapeShifter499, c|oneman, DArqueBishop, zoredache,  (+7 more, use /NETSPLIT to show all of them)
10:09 -!- EugeneKay is now known as Eugene
10:10 -!- Netsplit over, joins: Poster
10:10 -!- Netsplit over, joins: dazo
10:10 -!- mode/#openvpn [+o dazo] by ChanServ
10:16 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
10:18 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:18 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
10:18 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
10:32 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
10:40 -!- Qantourisc [~Qantouris@cable-213-34-255-70.zeelandnet.nl] has joined #openvpn
10:40 < Qantourisc> Ok this is weird: Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/openvpn.conf:4: ca (2.3.6)
10:41 < Qantourisc> Line 4 == ca /etc/ca/certs/ca.cert.pem
10:42 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
10:51 -!- novaflash [~novaflash@openvpn/corp/support/novaflash] has joined #openvpn
10:51 -!- mode/#openvpn [+o novaflash] by ChanServ
10:51 <@novaflash> !ovpnuke
10:51  * novaflash prods bot
10:55 <+esde> ..
10:59 <+esde> [07 20/11:36:21] <dazo> ecrist: where's vpnHelper these days?
10:59 <+esde> [07 20/11:37:30] <Eugene> Dead, in a corner.
11:02 -!- CosineDeviance is now known as SineDeviance
11:03 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
11:04 < Qantourisc> hell even tls-server is invalid
11:06 < Qantourisc> even mode server is invalid :/
11:06 < Qantourisc> what is going on ?
11:06 <@dazo> which openvpn version do you run?
11:07 < Qantourisc> ooow this build is borked: it doesn't had ssl
11:07  * Qantourisc tries one with ssl
11:08 < Qantourisc> ok better
11:08 < Qantourisc> sstill not working, but other issues
11:08 <@dazo> novaflash: http://www.secure-computing.net/factoids.php
11:08 < Qantourisc> note to self: when programming always include all config features, even when compiled out, but warn :D
11:09 <@novaflash> thank you dazo :)
11:09 <@novaflash> oh that vuln, now i recognize it
11:11 < Qantourisc> hmmm !ad could probably use an alternative method with pam+krb5
11:11 < Qantourisc> but have no website i can publish atm :p
11:21 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
11:21 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
11:21 < _FBi> !seen crazy
11:21 < _FBi> hello all :F
11:24 -!- dazo is now known as dazo_afk
11:27 -!- tharkun [~0@unaffiliated/tharkun] has joined #openvpn
11:28 < tharkun> I allways forget the parameters I need to tweak for openvpn to work on a network to network config. Can someone slap me in the right direction?
11:28 < _FBi> !howto
11:29 < _FBi> no bot?
11:29 <+esde> [07 20/11:36:21] <dazo> ecrist: where's vpnHelper these days?
11:29 <+esde> [07 20/11:37:30] <Eugene> Dead, in a corner.
11:29 < _FBi> heh
11:29 < _FBi> morning esde
11:29 <+esde> hi
11:30 <+esde> https://secure-computing.net/factoids.php tharkun
11:30 <+esde> Now I see why the factoids page hasn't been updated in so long.
11:30 <+esde> >420 keys
11:31 < _FBi> if anyone has the factoid file, I'll bring a supy bot in here for it
11:33 < _FBi> kreezy isn't around either.  I wonder if it's his bo
11:33 < _FBi> bot
11:33 < _FBi> FBi: krzee was last seen in ##unrelated 22 weeks, 1 day, 12 hours, 28 minutes, and 16 seconds ago: <krzee> muahaha
11:33 < _FBi> lol
11:46 <@novaflash> haha great last words
11:51 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has joined #openvpn
11:58 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
11:58 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
12:27 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
12:27 -!- Slashman [~Slash@cosium-152-18.fib.nerim.net] has joined #openvpn
12:30 < Slashman> hello, is it possible to get the common-name of the certificate used to use it with "auth-user-pass-verif" ? I want to verify that the username and the common-name is the same string before allowing auth (to prevent someone with access to use its account with an other certificate)
12:30 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
12:30 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:37 < tharkun> esde: Thanks reading now :)
12:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
13:02 -!- evident [~florian@h2392507.stratoserver.net] has joined #openvpn
13:03 < evident> hi everybody... I have OpenVPN running on my vserver and connect to it via the Tunnelblick App on my Mac... it works fine and I can get into the internet from there...
13:04 < evident> but now I need to connect to another VPN inside a virtual Windows machine using Cisco AnyConnect... so I need to tunnel the traffic to my server and from there to the company network I am trying to access
13:05 < evident> when connecting AnyConnect, it gets a response from the server, but then fails because it can't load the configuration... Can I somehow find out if ALL traffic is send trhogu the OpenVPN server or if it blocks something so AnyConnect can't get the necessary stuff?
13:11 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
13:11 -!- mode/#openvpn [+o krzee] by ChanServ
13:11 < evident> anybpdy an idea?
13:13 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
13:15 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
13:22 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
13:25 < Qantourisc> evident: "tun" vpn or "tap" vpn ?
13:28 -!- Slashman [~Slash@cosium-152-18.fib.nerim.net] has quit [Quit: Leaving]
13:33 -!- zishbu [~zishbu@unaffiliated/zishbu] has left #openvpn []
13:34 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
13:37 -!- Volsus [~mata@2601:1c1:c100:ac22:1435:ce8c:a53f:b74a] has joined #openvpn
13:38 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
13:39 -!- bruxC [~bruxC@66.63.84.178] has quit [Client Quit]
13:48 < evident> Qantourisc: it uses "dev tun" in the confic
13:48 < evident> g
13:49 < Qantourisc> evident: and the vpn you want to  use over that vpn, what protocol does it use ?
13:51 < evident> Qantourisc: afaik it's ipsec with XAUTH
13:52 < Qantourisc> yea ... not gonne happen without some sort of socks proxy then if i'm not mistaking
13:53 < Qantourisc> openvpn tun router IP
13:53 < Qantourisc> *routes
13:53 < Qantourisc> let me get my network stack image, so i'm sure
13:54 < Qantourisc> evident: yep 1 below in the osi layer of what openvpn routes
13:54 < Qantourisc> (in tun mode)
13:58 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:58 < evident> Qantourisc: ahh ok... that sucks, but thx anyways... then I'll have to go to the office and access from there... :D There it works
13:59 < Qantourisc> evident: well if you can setup a tap tunnel that would also work
13:59 < Qantourisc> tap is like a network plug
13:59 < Qantourisc> tun is like a router
14:00 -!- hrnshn [~hrnshn.gb@88.128.80.113] has joined #openvpn
14:00 < Qantourisc> wait what am i saying?
14:00 < Qantourisc> somethig is a-miss
14:00 < Qantourisc> evident: let me take a look at that again
14:02 < Qantourisc> evident: no it could work my bad
14:02 < Qantourisc> evident: time for tcpdump/wireshark
14:02 < Qantourisc> got time ? :D
14:09 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
14:09 < Qantourisc> evident: first quetion you have to ask: is your routing going to send stuff trough the vpn ?
14:09 < Qantourisc> evident: second one is your client letting the os route ?
14:10 < Qantourisc> and finally what is the receiving point doing with it ? (openvpn server)
14:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
15:05 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:32 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
15:33 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:39 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
15:40 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
15:40 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
15:42 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
15:55 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Ping timeout: 250 seconds]
15:56 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
15:58 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
16:04 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
16:09 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
16:28 -!- Volsus [~mata@2601:1c1:c100:ac22:1435:ce8c:a53f:b74a] has quit [Quit: Leaving]
16:43 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:47 -!- evident is now known as evident_away
16:57 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 264 seconds]
16:58 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
16:58 -!- mode/#openvpn [+v s7r] by ChanServ
17:04 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 246 seconds]
17:11 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 240 seconds]
17:12 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 255 seconds]
17:14 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
17:17 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
17:18 -!- BtbN [btbn@unaffiliated/btbn] has quit [Ping timeout: 255 seconds]
17:18 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
17:33 -!- Qantourisc [~Qantouris@cable-213-34-255-70.zeelandnet.nl] has quit [Ping timeout: 240 seconds]
17:33 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 246 seconds]
17:49 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:54 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
18:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
18:08 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:10 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
18:12 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Client Quit]
18:18 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
18:19 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Remote host closed the connection]
18:21 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
18:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:35 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
18:36 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
18:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:08 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
19:13 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
19:15 -!- alec-b [~alec@184.181.54.77.rev.vodafone.pt] has quit [Remote host closed the connection]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:17 -!- Netsplit *.net <-> *.split quits: Chex, RaiNerTsuFal
19:18 -!- mrtee [~mrtee@p57A3C727.dip0.t-ipconnect.de] has joined #openvpn
19:19 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Quit: WeeChat 0.4.2]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:20 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Remote host closed the connection]
19:21 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
19:22 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Remote host closed the connection]
19:22 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
19:23 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
19:26 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Client Quit]
19:27 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
19:28 -!- alec-b [~alec@184.181.54.77.rev.vodafone.pt] has joined #openvpn
19:40 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 244 seconds]
20:02 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
20:07 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
20:08 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
20:13 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
20:15 -!- zzookk [~zzookk@188.227.78.144] has joined #openvpn
20:16 < zzookk> !welcome
20:17 < zzookk> Hello guys. Have smbd experience with routing vpn traffic through proxy before clearnet? :)
20:50 -!- hrnshn [~hrnshn.gb@88.128.80.113] has quit [Ping timeout: 265 seconds]
20:59 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
21:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
21:05 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 255 seconds]
21:32 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:39 -!- mparisi [~mparisi@186.226.60.210] has quit [Ping timeout: 246 seconds]
21:40 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b876:305b:3c5e:f25a] has joined #openvpn
21:41 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has quit [Ping timeout: 255 seconds]
21:41 -!- doop [~doop@colostomy.club] has quit [Excess Flood]
21:41 -!- doop [~doop@colostomy.club] has joined #openvpn
21:42 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has joined #openvpn
21:48 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
22:08 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
22:27 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
22:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
22:31 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:38 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
22:45 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
22:45 -!- mode/#openvpn [+o vpnHelper] by ChanServ
22:45 <@ecrist> esde: he's back
22:46 -!- jnz [~jnz@unaffiliated/jnz] has joined #openvpn
22:46 < jnz> o/
22:46 <@ecrist> hi
22:47 < jnz> i am looking for any configuration optimising guides?
22:48 < jnz> i am seeing some packet loss when multiple users are connected, so i would like to try optimising some thing
22:48 < jnz> I am unsure where to start though
22:55 < jnz> ._.
22:55 <@ecrist> packet loss isn't likely a user count issue
22:55 <@ecrist> it's a network connectivity issue
22:55 <@ecrist> I'd start with a better network connection
22:55 <@ecrist> also, if you're using TCP, don't.
22:56 < jnz> yes, well the VPN's location is thailand which has limited international traffic capacity
22:56 < jnz> where the users are outside of thailand
22:57 < jnz> I am trying to make OpenVPN optimised as possible for low latency
22:57 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
23:05 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
23:07 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 265 seconds]
23:09 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
23:12 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
23:21 < jnz> ecrist: do you think i might have better luck with socks5 ?
23:24 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
23:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:34 -!- ShadniX [dagger@p57941D88.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:34 -!- ShadniX [dagger@p57941FE3.dip0.t-ipconnect.de] has joined #openvpn
23:39 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
23:42 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
23:47 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
23:55 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
--- Day changed Wed Jul 22 2015
00:02 <@ecrist> jnz: I suggest UDP.
00:03 <@ecrist> much of your traffic is going to be TCP, and tunneling TCP within TCP can amplify packet loss
00:03 <@ecrist> !tcp
00:03 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
00:03 < jnz> the game uses UDP
00:03 < jnz> so maybe i should change to tcp ?
00:03 <@ecrist> try that, for sure
00:04 < jnz> whats the main bad thing about using tcp ?
00:04 <@ecrist> the problem you're going to see, though, is that 1) with udp, packet loss is meant to be ignored and 2) games are simply going to blow goats on shitty connections
00:04 <@ecrist> openvpn isn't a magic bullet
00:04 <@ecrist> read the links about tcp posted by vpnhelper, above.
00:04 < jnz> hmm
00:06  * ecrist poofs for the night.
00:06 < jnz> bye
00:06 < jnz> ty
00:26 -!- tharkun [~0@unaffiliated/tharkun] has quit [Ping timeout: 244 seconds]
00:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:35 -!- mode/#openvpn [+o mattock1] by ChanServ
00:42 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 240 seconds]
00:43 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
00:50 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 255 seconds]
00:51 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
00:54 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
01:08 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Quit: ZOMBIES!]
01:09 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
01:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
01:19 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
01:25 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 258 seconds]
01:30 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 256 seconds]
01:32 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
01:39 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
01:40 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:40 -!- mode/#openvpn [+o mattock] by ChanServ
01:47 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
01:47 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
01:48 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 240 seconds]
01:50 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:51 -!- mode/#openvpn [+o mattock] by ChanServ
01:51 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Read error: Connection reset by peer]
01:52 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
01:54 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
01:56 -!- BtbN [btbn@unaffiliated/btbn] has quit [Ping timeout: 256 seconds]
01:56 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
01:57 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
01:57 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
02:01 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
02:04 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
02:08 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 240 seconds]
02:10 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
02:12 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:12 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 258 seconds]
02:13 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
02:17 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:17 -!- mode/#openvpn [+o mattock] by ChanServ
02:18 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
02:25 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:29 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 240 seconds]
02:31 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
02:47 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
02:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
02:52 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:53 -!- LnxBil [~LnxBil@p5099afb6.dip0.t-ipconnect.de] has joined #openvpn
02:53 < LnxBil> Hi!
03:01 -!- mrtee [~mrtee@p57A3C727.dip0.t-ipconnect.de] has quit [Quit: mrtee]
03:06 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has quit [Quit: No Ping reply in 180 seconds.]
03:08 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has joined #openvpn
03:10 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
03:34 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
03:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
03:45 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:46 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:49 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
04:01 -!- jnz [~jnz@unaffiliated/jnz] has quit [Ping timeout: 240 seconds]
04:01 < LnxBil> I have a OpenVPN connecting two identitcal subnets A and B and I'm netmapping the ips such that A can access IPs on B and vice versa. My problem is that this works for the client, such that the client can reach ips on the master network, but not the other way around. I can see the packages going into the server tun with tcpdump, but nothing is comming out on the client. The packages have source ip of the server openvpn ip and netmapped dst ip
04:16 -!- hrnshn [~hrnshn.gb@2a02:8108:1a80:2c0:f4b8:2e33:2380:9a11] has joined #openvpn
04:17 <@plaisthos> LnxBil: do you have iroutes set?
04:22 < LnxBil> plaisthos: Not intentionally
04:23 <@plaisthos> LnxBil: then lookup iroute in the man page :)
04:23 <@plaisthos> you probably need it
04:23 < LnxBil> Just did
04:24 < LnxBil> still thinking about it
04:25 < LnxBil> iroute refers to 'route a fixed subnet from the server to a particular client'. I can access the whole network as a client
04:25 < LnxBil> problem is that the server cant access the net behind the client
04:25 <@plaisthos> what the network is from the server perspective
04:26 <@plaisthos> in a non natted setup with net A (server) <-> client <-> net B
04:26 < LnxBil> So, setting iroute to 255.255.255.0 instead of 255.255.255.255 could work?
04:27 <@plaisthos> you would specify a iroute for net B to the client
04:27 <@plaisthos> don't know where you are doing your remapping
04:30 <@plaisthos> and how
04:31 < LnxBil> Network 10.192/16 -> .254.253 (OpenVPN) -> GW -> Internet -> .254.253 (OpenVPN) -> 10.192/16
04:32 < LnxBil> I'm running IP Aliases on the OpenVPN-boxes and dnat to a netmapped addres 10.193/16 and 10.194/16 and renetmap on the other side and masquerade eventually
04:33 <@plaisthos> so add an iroute to 10.194/16
04:33 <@plaisthos> since that is was the server believes the ips behind the clients are
04:35 < LnxBil> WOW!! Thank you
04:35 < LnxBil> that works
05:09 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 264 seconds]
05:12 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has quit [Quit: No Ping reply in 180 seconds.]
05:27 -!- ade_b [Ade@redhat/adeb] has joined #openvpn
05:39 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
06:05 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
06:11 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Ping timeout: 264 seconds]
06:14 -!- LnxBil [~LnxBil@p5099afb6.dip0.t-ipconnect.de] has quit [Quit: leaving]
06:21 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-vvhibalbjlncdonm] has joined #openvpn
06:22 < NetworkingPro> Good morning, everyone!
06:26 -!- alec-b [~alec@184.181.54.77.rev.vodafone.pt] has quit [Ping timeout: 256 seconds]
06:28 -!- alec-b [~alec@97.175.54.77.rev.vodafone.pt] has joined #openvpn
06:29 -!- sheepman [~sheepman@unaffiliated/sheepman] has left #openvpn []
06:31 -!- Linuxnet [~netas@unaffiliated/netas3k] has quit [Ping timeout: 244 seconds]
06:31 < zzookk> Hello guys. Have smbd experience with routing vpn traffic through proxy before clearnet? :)
06:40 -!- phlegx [~phlegx@84.18.138.130] has joined #openvpn
06:40 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
06:41 < phlegx> Hi! I have VPN server installed on the same machine with another service. How can I access the service from VPN with my client? What I need to configure?
07:09 <+esde> ecrist++
07:10 <+esde> !beer
07:10 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
07:31 -!- hrnshn [~hrnshn.gb@2a02:8108:1a80:2c0:f4b8:2e33:2380:9a11] has quit [Remote host closed the connection]
07:33 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:41 -!- phlegx [~phlegx@84.18.138.130] has quit [Ping timeout: 244 seconds]
07:44 -!- plasma [plasma@antiquos.technopagans.com] has quit [Quit: brb]
07:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
07:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
07:57 -!- Farshid [Farshid@gateway/shell/elitebnc/x-duvaojdskjosmjkw] has joined #openvpn
08:00 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Ping timeout: 246 seconds]
08:00 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
08:01 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 252 seconds]
08:06 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
08:08 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
08:23 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:29 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Ping timeout: 264 seconds]
08:34 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 244 seconds]
08:38 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
08:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
09:14 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
09:23 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
09:30 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
09:35 -!- Farshid is now known as Farshid|Away
09:39 -!- masterkorp [~masterkor@gohan.masterkorp.net] has joined #openvpn
09:39 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
09:40 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-tpyceodbbzyiijtj] has left #openvpn []
09:40 < masterkorp> Hello
09:41 < masterkorp> on the vpn server, is possible to push the roytes with the subnet topology instead of the ip and the submask ?
10:02 < zzookk> if smb will help me routing traffic from vpn to socks - ill pay 25$ on hackhands dot com)
10:07 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
10:15 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 244 seconds]
10:18 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:19 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
10:22 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Ping timeout: 255 seconds]
10:22 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
10:24 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
10:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:29 -!- xofer [~quassel@va-67-233-120-65.dhcp.embarqhsd.net] has joined #openvpn
10:33 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-vbxkjsrhcorgqdks] has joined #openvpn
10:33 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-vbxkjsrhcorgqdks] has quit []
10:33 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-sagiwypvliljcsxh] has joined #openvpn
10:35 -!- dregan [cebc5fb7@gateway/web/freenode/ip.206.188.95.183] has joined #openvpn
10:35 < xofer> hello, i'm having a problem where the connection is broken during tls renegotiation. After the learn phase, i get "bad source address from client" until an inactivity timeout triggers a client restart. Any ideas? Thanks!
10:36 < dregan> Hello guys, how to disable "Auth PAM BACKGROUND: user .................. Failed to authenticate, authentication failure" from filling up my window every time a wrong password is entered?
10:38 -!- Despruk [uid55403@gateway/web/irccloud.com/x-blkrrhudodunqkyp] has joined #openvpn
10:39 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
10:44 -!- dregan [cebc5fb7@gateway/web/freenode/ip.206.188.95.183] has quit [Quit: Page closed]
10:44 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Ping timeout: 255 seconds]
10:45 < Despruk> Hello, I have problem using openvpn L2 server-client setup. Client is able to reach anything on server lan by ip, but it is unable to reach other ips which are reachable from server lan. From trace capture I can see that remote IP arp requests are sent on server lan, but there is no reply. Server is able to ping this IP without problems.
10:47 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Excess Flood]
10:47 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
10:48 -!- mode/#openvpn [+v RBecker] by ChanServ
10:56 -!- ade_b [Ade@redhat/adeb] has quit [Ping timeout: 246 seconds]
10:57 -!- c0deweaver [~c0deweave@unaffiliated/c0deweaver] has quit [Ping timeout: 264 seconds]
10:57 < Despruk> Manually adding arp entries on client side solves the problem
11:00 -!- strungout [odussomai@unaffiliated/suffer] has quit [Ping timeout: 255 seconds]
11:04 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
11:05 -!- c0deweaver [~c0deweave@unaffiliated/c0deweaver] has joined #openvpn
11:09 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
11:19 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
11:32 -!- swebb [~swebb@8.36.226.83] has quit [Quit: badcheese.com - where crap sometimes gets done]
11:33 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
11:58 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
12:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
12:05 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
12:15 -!- swebb [~swebb@8.36.226.83] has joined #openvpn
12:24 -!- Farshid|Away is now known as Farshid
12:24 -!- gammaray67 [~debian@178.62.63.42] has joined #openvpn
12:41 -!- zzookk [~zzookk@188.227.78.144] has quit [Ping timeout: 256 seconds]
12:41 < gammaray67> Hi, when openvpn client receives traffic it injects it back into the tun0 device..... correct?
12:47 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
12:53 -!- doop [~doop@colostomy.club] has joined #openvpn
12:56 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
13:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
13:06 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Ping timeout: 246 seconds]
13:08 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
13:33 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
13:53 -!- toli [~toli@ip-81-11-248-94.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:55 -!- toli [~toli@ip-62-235-216-168.dsl.scarlet.be] has joined #openvpn
13:57 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
13:59 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
14:01 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
14:05 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
14:06 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
14:16 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
14:23 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:26 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
14:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
14:45 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:09 -!- alsch [~alsch@66.172.235.26] has joined #openvpn
15:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Read error: Connection reset by peer]
15:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:12 -!- alsch [~alsch@66.172.235.26] has quit []
15:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
15:40 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:48 -!- wowaname is now known as kush
16:13 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
16:16 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:27 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:32 -!- fm75 [~fm@111.45.8.109.rev.sfr.net] has joined #openvpn
16:32 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
16:33 < fm75> Hi
16:34 < fm75> !welcome
16:34 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
16:34 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:35 < fm75> !goal I would like to make the hosts of two different private subnets to communicate via a VPN
16:37 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
16:48 < fm75> I have the following setup http://hastebin.com/udobudizat.coffee and I am banging the head against a wall because I cannot reach Host1 neither from S nor from Host2... Any hint?
16:48 <@vpnHelper> Title: hastebin (at hastebin.com)
16:50 -!- Farshid is now known as Farshid|Away
16:57 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
16:57 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
17:27 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:27 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
17:34 -!- fm75 [~fm@111.45.8.109.rev.sfr.net] has quit [Ping timeout: 240 seconds]
18:34 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
18:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
18:52 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
19:13 -!- FlipBill [~bill@smtpv3.cosi.net] has joined #openvpn
19:17 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
19:32 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
19:33 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
20:24 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
20:25 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
20:36 -!- xofer [~quassel@va-67-233-120-65.dhcp.embarqhsd.net] has quit [Remote host closed the connection]
20:44 -!- suffer [odussomai@unaffiliated/suffer] has joined #openvpn
20:50 < Eugene> !rout
20:50 < Eugene> !route
20:50 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
20:50 <@vpnHelper> client
20:51 < Eugene> !clientlan
20:52 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
20:52 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
20:57 -!- Kobaz [~kobaz@its.kobaz.net] has joined #openvpn
20:57 -!- kush is now known as wowaname
21:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
21:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:30 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:16 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
22:19 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
22:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:27 -!- c0deweaver [~c0deweave@unaffiliated/c0deweaver] has left #openvpn ["WeeChat 1.2"]
22:39 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
22:43 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
22:47 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
23:29 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
23:31 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
23:32 -!- ShadniX [dagger@p57941FE3.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX [dagger@p5DDFC1DD.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Thu Jul 23 2015
01:06 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:54 -!- mode/#openvpn [+o mattock1] by ChanServ
01:59 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:03 -!- Haigha [~root@2001:bc8:348c:100::1] has quit [Ping timeout: 240 seconds]
02:04 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
02:10 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Ping timeout: 244 seconds]
02:10 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
02:12 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 240 seconds]
02:18 -!- Haigha [~root@aela.xomg.net] has joined #openvpn
02:19 -!- ade_b [Ade@redhat/adeb] has joined #openvpn
03:00 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
03:00 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Ping timeout: 240 seconds]
03:12 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
03:26 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
03:29 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
03:30 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
03:37 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:37 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Remote host closed the connection]
03:54 -!- Farshid|Away is now known as Farshid
04:00 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:02 < ValdikSS> Hi guys! Could I ask users with any VPN connection to connect to se1.valvpn.valdikss.org.ru (it won't open)? If you do, please write your VPN type (OpenVPN, PPTP, L2TP, IPsec, etc) and your last IP octet. Thanks a lot!
04:04 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
04:06 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has joined #openvpn
04:06 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
04:16 -!- AWeSomeAo [~bock@p4FFB1C67.dip0.t-ipconnect.de] has quit [Remote host closed the connection]
04:17 -!- moviuro [25a3f04b@gateway/web/freenode/ip.37.163.240.75] has joined #openvpn
04:18 < moviuro> Hi all, found a bug (it seems ?) with "OpenVPN for Android": portable tethering does not redirect trafic inside the VPN
04:18 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:19 < moviuro> VPN <-> android <-> machine : instead of machine -NAT-> phone -VPN-> out, it goes machine -NAT-> out
04:21 -!- adac [~adac@chello080109174123.tirol.surfer.at] has joined #openvpn
04:23 < adac> Even though i completely purged openvpn via apt-get and manually deleted the /etc/openvpn configuration directory, a "/etc/init.d/openvpn restart" gives me the following error:
04:23 < adac> Jul 23 11:21:07 pi ovpn-001_projectx[8406]: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/001_project.conf
04:24 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
04:24 < adac> any ideas what might wrong here? How can I tell openvpn to NOT use that file anymore?
04:25 -!- Haigha [~root@aela.xomg.net] has quit [Remote host closed the connection]
04:26 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
04:30 < moviuro> adac: which distro is that? O_O
04:30 < moviuro> if you purged openvpn, /etc/init.d/openvpn shouldn't even exist!
04:32 < adac> moviuro, I purged, delteted the directory  and reinstalled. It is a raspbian jessy
04:37 < moviuro> check the init script
04:37 < moviuro> or, paste it even
04:37 < moviuro> !paste
04:37 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
04:38 -!- Haigha [~root@2001:bc8:348c:100::1] has quit [Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac]
04:39 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
04:41 -!- mnathani__ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
04:41 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 260 seconds]
04:44 < adac> moviuro, I had to restart the raspberry pi. then it worked. It also worken wenn starting openvpn directly and passing the correct config file
04:51 < moviuro> weird
04:51 < moviuro> perhaps some tings were "cached" or whatever
04:53 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
04:56 < adac> moviuro, yeah looks like a cache
04:56 -!- BloqueNegro [~nothing@static.185.34.76.144.clients.your-server.de] has quit [Ping timeout: 264 seconds]
04:56 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
04:59 < moviuro> so, no one has an idea about my Android issue?
04:59 < moviuro> My tethered devices don't use the VPN link
05:00 < moviuro> (even though my phone told me it would route 0/0 through the VPN
05:13 -!- moviuro [25a3f04b@gateway/web/freenode/ip.37.163.240.75] has quit [Ping timeout: 246 seconds]
05:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
05:31 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 246 seconds]
05:39 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
05:43 -!- Despruk [uid55403@gateway/web/irccloud.com/x-blkrrhudodunqkyp] has quit [Quit: Connection closed for inactivity]
05:45 -!- apollo2k is now known as aPollO2k
05:45 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
06:29 <@plaisthos> if moviuro comes back tell him to read the FAQ of the app
06:38 -!- moviuro [25a545e1@gateway/web/freenode/ip.37.165.69.225] has joined #openvpn
06:39 < moviuro> Hi all! so no idea for my android/VPN/tether issue?
06:49 <@plaisthos> moviuro: see the FAQ
06:55 < moviuro> !android
06:55 <@vpnHelper> "android" is (#1) available as OpenVPN for Android as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html or (#2) Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android or (#3) Old (pre-ICS) device? See !android-old
06:56 < moviuro> !mobile
06:58 < moviuro> thanks, plaisthos
07:01 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
07:01 -!- Farshid is now known as Farshid|Away
07:02 -!- moviuro [25a545e1@gateway/web/freenode/ip.37.165.69.225] has quit [Ping timeout: 246 seconds]
07:07 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Ping timeout: 264 seconds]
07:10 -!- masterkorp [~masterkor@gohan.masterkorp.net] has left #openvpn ["WeeChat 1.0.1"]
07:16 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
07:17 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
07:17 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
07:19 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
07:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:46 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
07:57 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
07:58 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 252 seconds]
08:01 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Ping timeout: 264 seconds]
08:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:17 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
08:19 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
08:20 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
08:26 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
08:27 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
08:28 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:30 -!- mluser [~mluser@ip72-222-116-15.tu.ok.cox.net] has joined #openvpn
09:06 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:18 -!- ade_b [Ade@redhat/adeb] has quit [Ping timeout: 255 seconds]
09:20 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Ping timeout: 264 seconds]
09:31 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Ping timeout: 264 seconds]
09:48 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Quit: jthunder]
09:48 <@plaisthos> !android-old
09:48 <@vpnHelper> "android-old" is If you do not have cyanogenmod or ICS, but your device is rooted, you can use android-openvpn-installer and openvpn-settings from the market
09:49 <@plaisthos> !learn android-old as Standalone OpenVPN binaries (expert users only) for Android are also available at http://plai.de/android/standalone-binaries.tar
09:49 <@vpnHelper> Joo got it.
09:52 -!- EmperorTom [~EmperorTo@oreo.blissfulidiot.com] has joined #openvpn
09:55 < EmperorTom> Anyone know why OpenVPN Connect doesn't pass traffic on Cyanogenmod 12. It connects, but tunneled traffic seems to get dropped on the floor somewhere between the tap and the kernel?
09:55 < EmperorTom> Working fine on other/older android devices.
09:57 -!- EmperorTom is now known as _quadDamage
09:58 < _quadDamage> oh s/tap/tun/
10:01 -!- Farshid|Away is now known as Farshid
10:24 -!- bakhtiya [~me@office.addictivemobility.com] has quit []
10:25 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
10:37 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
10:38 -!- Circuitsoft [ad0b3a51@gateway/web/freenode/ip.173.11.58.81] has joined #openvpn
10:43 -!- jthunder [~jthunder@184.151.222.27] has joined #openvpn
10:48 < Circuitsoft> Hello. I'm trying to use OpenVPN to bridge two computers over the internet without any interference.
10:49 < Circuitsoft> At this point I've determined that I need a tap interface, but I haven't determined exactly what the config file needs to look like for that to work.
10:49 < Circuitsoft> I don't want it to do any ip address assignments, just connect to a bridge device.
10:49 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
10:50 < KakuRoze> Hi, since I cant find any info on it and is running OpenVPN on windows (without man-pages), how do I manually add per-ip routes instead of using the pushed gateway routes from the server?
10:51 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:51 < KakuRoze> If I use route-nopull I cant tell what gateway to use when adding the routes, and when using the route-command, it always adds the routes to the physical interface, not the TUN adapter
10:56 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
10:57 -!- Farshid is now known as Farshid|Away
11:13 -!- mnathani__ is now known as mnathani_
11:35 <@plaisthos> KakuRoze: route 1.2.3.4 2.3.4.5 vpn_gateway iirc
11:35 < KakuRoze> ty
11:35 <@plaisthos> see the man page for the special keywords
11:36 <@plaisthos> remote_host instead of vpn_gateway
11:54 -!- bf_ [~bf_@xdsl-89-0-123-235.netcologne.de] has joined #openvpn
11:56 < bf_> Hello everyone. Is the following error a sign of an intrusion or ongoing attack? " PID_ERR replay-window backtrack occurred [2] [SSL-0] [0__2222222222222222222222222222222222222222222222222222222223333] 0:4763 0:4761 t=1437670183[0] r=[-4,64,15,2,1] sl=[37,64,64,528]"
11:56 < bf_> I see it in my logs with always the same number (222...333) with different hosts
12:02 -!- suffer [odussomai@unaffiliated/suffer] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
12:03 -!- suffer [odussomai@unaffiliated/suffer] has joined #openvpn
12:10 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:17 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-urrpgplazyfvdofz] has quit []
12:18 < Circuitsoft> So, how do I set up an OpenVPN tunnel that just creates a tun device on each end and doesn't do any other network setup?
12:18 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-xqgxjwqqxlatxfjn] has joined #openvpn
12:36 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:39 <@plaisthos> Circuitsoft: normally openvpn also calls ifconfig etc.
12:48 < Circuitsoft> In this case I don't want it to.
12:49 < Circuitsoft> I'm trying to give someone outside access to a protected network inside mine.
12:49 < Circuitsoft> I just want to bridge it into that network, and do no further setup at all.
12:49 < Circuitsoft> Sorry, I mistyped. I want a tap device, not a tun device.
13:06 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
13:06 -!- Haigha [~root@2001:bc8:348c:100::1] has quit [Ping timeout: 240 seconds]
13:08 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 240 seconds]
13:09 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
13:13 <@plaisthos> Circuitsoft: see the man page
13:13 <@plaisthos> Circuitsoft: ifconfig-no-exec, route-no-exec
13:15 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
13:21 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
13:21 -!- Haigha [~root@aela.xomg.net] has joined #openvpn
13:28 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
13:40 -!- Circuitsoft [ad0b3a51@gateway/web/freenode/ip.173.11.58.81] has quit [Ping timeout: 246 seconds]
13:48 -!- scrimple [~ryder@p549F481B.dip0.t-ipconnect.de] has joined #openvpn
14:01 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
14:11 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
14:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
14:21 < _quadDamage> plaisthos: It was suggested that you might have some insight into OpenVPN issues on CM12? Both with your app, and the official one. Apps make connection to the server, but packets seem to get lost between the app and the kernel?
14:30 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Read error: Connection reset by peer]
14:32 -!- fulanito [~fulanito@189.208.208.24] has joined #openvpn
14:33 < fulanito> hello
14:34 < fulanito> I have some issues routting traffic through tan interfaces
14:35 -!- noecc [~irc@unaffiliated/noecc] has quit [Remote host closed the connection]
14:37 <@plaisthos> _quadDamage: no idea what CM12 borke there
14:41 <@plaisthos> _quadDamage: android's routing in 5.0 quite complex and even I do not fully understand it
14:41 <@plaisthos> and CM likes to fiddle with networking
14:47 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:57 -!- hyperspace4000 [~hyperspac@li499-8.members.linode.com] has joined #openvpn
14:59 < hyperspace4000> Hi all, can anyone guide me to some high peformance (10Gbps) tunning howto for OpenVPN? Is it possible for OpenVPN to use multiple CPU cores?
15:08 -!- scrimple_ [~ryder@p549F484C.dip0.t-ipconnect.de] has joined #openvpn
15:12 -!- scrimple [~ryder@p549F481B.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
15:12 -!- scrimple_ is now known as scrimple
15:18 -!- scrimple [~ryder@p549F484C.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
15:27 -!- jthunder [~jthunder@184.151.222.27] has quit [Ping timeout: 244 seconds]
15:29 -!- toothe [~awiggin@unaffiliated/toothe] has joined #openvpn
15:30 < toothe> I can't seem to get a default route push working.
15:30 < toothe> specifcally, the default rule of pushing 2000::/3 through the tunnel.
15:34 < toothe> yeah, I dunno why I can't get a default route working.
15:39 <+esde> hyperspace4000
15:39 <+esde> !gigabit
15:39 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
15:40 <+esde> No, OpenVPN cannot use multiple threads as it is currently single-threaded
15:40 <+esde> s/threads/cores/
15:40 < toothe> yeah, what the hell
15:40 < toothe> why can't I get a default IPv6 route pushed.
15:40 < toothe> I've tried several variations of push-ipv6
15:41 < toothe> push "redirect-gateway-ipv6 def1"
15:41 < toothe> i've put that, i've put push "route-ipv6 2000::/3"
15:41 < toothe> what M ai doing wrong?
16:31 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Ping timeout: 264 seconds]
16:38 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 250 seconds]
16:41 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
16:42 < Thermi> toothe: Does the other side have the line "pull2"?
16:42 < Thermi> Did you tell openvpn to create a tun device that is capable of forwarding IPV6 traffic?
16:48 -!- bf_ [~bf_@xdsl-89-0-123-235.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
17:00 -!- ki7rw [~ki7rw@190.241.118.29] has joined #openvpn
17:02 < ki7rw> i can see how the server gets its ip address but how does the client obtain an address? (trying to figure out why the client doesn't work)
17:10 -!- Circuitsoft [ad0b3a51@gateway/web/freenode/ip.173.11.58.81] has joined #openvpn
17:12 -!- adac [~adac@chello080109174123.tirol.surfer.at] has quit [Ping timeout: 260 seconds]
17:15 -!- alec-b [~alec@97.175.54.77.rev.vodafone.pt] has quit [Remote host closed the connection]
17:15 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:19 < ki7rw> turned off the firewall on both routers and both hosts but still get this on the client: tun0: error fetching interface information: Device not found
17:27 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
17:43 < toothe> Thermi: No, I don't believe so.
17:49 -!- alec-b [~alec@97.175.54.77.rev.vodafone.pt] has joined #openvpn
17:52 -!- fulanito [~fulanito@189.208.208.24] has quit [Quit: fulanito]
17:53 -!- fulanito [~fulanito@189.208.208.24] has joined #openvpn
18:03 < vlt> Hello. I'm setting up a new Debian based openvpn server. Has something changed with the configuration? A `service openvpn start` doesn't run my /etc/openvpn/tun0.server.conf file. OpenVPN works if I run it manually `openvpn --config /etc/openvpn/tun0.server.conf`. Any idea?
18:06 < Thermi> vlt: Read the documentation that Debian provides for openvpn on Debian.
18:07 -!- jefferai [jefferai@kde/mitchell] has quit []
18:08 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
18:08 -!- Denial [~Denial@81.141.5.123] has quit []
18:17 -!- fulanito [~fulanito@189.208.208.24] has quit [Quit: fulanito]
18:18 -!- fulanito [~fulanito@189.208.208.24] has joined #openvpn
18:21 -!- fulanito [~fulanito@189.208.208.24] has quit [Client Quit]
18:25 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
18:31 < Abbott> !configs
18:31 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
18:32 -!- vlt [~nobody@lvps87-230-93-209.dedicated.hosteurope.de] has quit [Ping timeout: 256 seconds]
18:33 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 264 seconds]
18:34 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
18:46 < Abbott> I am able to connect to my VPN fine, and I can connect to other machines on the VPN LAN, but I can't resolve domains. Here are my configs: http://pastebin.com/raw.php?i=Lfm8y898 and this is a log of my recent connection to the VPN: http://pastebin.com/raw.php?i=RFduVbpY
18:50 < ki7rw> http://pastebin.com/1kCnFC56
18:51 < ki7rw> ubuntu 14.04 64 bit
18:53 < ki7rw> openvpn 2.3.2-7ubuntu3.1
19:01 < ki7rw> i followed instructions at http://www.thegeekstuff.com/2013/09/openvpn-setup/ and https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
19:01 <@vpnHelper> Title: How to Setup Linux VPN Server and Client using OpenVPN (at www.thegeekstuff.com)
19:03 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
19:04 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
19:04 -!- soLucien [~Lu@130.225.165.39] has quit [Client Quit]
19:05 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
19:21 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
19:31 -!- Circuitsoft [ad0b3a51@gateway/web/freenode/ip.173.11.58.81] has quit [Quit: Page closed]
19:34 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
19:40 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Read error: Connection reset by peer]
20:00 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
20:19 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
20:25 -!- suffer [odussomai@unaffiliated/suffer] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
20:26 -!- suffer [odussomai@unaffiliated/suffer] has joined #openvpn
20:27 -!- suffer [odussomai@unaffiliated/suffer] has quit [Client Quit]
20:34 -!- mystica555 [~mystica55@38.75.196.67] has quit [Remote host closed the connection]
20:44 -!- mystica555 [~mystica55@38.75.196.67] has joined #openvpn
20:58 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Quit: ZOMBIES!]
20:58 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
21:45 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-vvhibalbjlncdonm] has quit []
21:45 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-qzmmilltdecsqiyj] has joined #openvpn
21:46 -!- ki7rw [~ki7rw@190.241.118.29] has quit [Quit: Leaving]
22:01 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Ping timeout: 256 seconds]
22:11 -!- mluser [~mluser@ip72-222-116-15.tu.ok.cox.net] has quit [Quit: blah]
23:07 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 246 seconds]
23:18 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
23:26 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:26 -!- mode/#openvpn [+o mattock1] by ChanServ
23:30 -!- ShadniX [dagger@p5DDFC1DD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
23:32 -!- ShadniX [dagger@p5DDFDEE8.dip0.t-ipconnect.de] has joined #openvpn
23:49 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:49 -!- mode/#openvpn [+o mattock1] by ChanServ
--- Day changed Fri Jul 24 2015
00:01 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:11 -!- soLucien [~Lu@130.225.165.39] has quit [Ping timeout: 244 seconds]
00:22 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:37 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:54 -!- toli [~toli@ip-62-235-216-168.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:55 -!- toli [~toli@ip-81-11-248-103.dsl.scarlet.be] has joined #openvpn
02:03 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has quit [Ping timeout: 246 seconds]
02:10 -!- suexec [~suexec@voyage.vhost.usr.no] has joined #openvpn
02:10 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
02:11 < suexec> I'm about to set up a new VPN server @ my home for easy access. Are there any web-guis or something that you would recommend, that would lighten the process of making certs etc, or should I just do it all from scratch?
02:25 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
02:52 -!- Denial [~Denial@81.141.5.123] has joined #openvpn
03:02 -!- troyt_ [~troyt@2601:681:4602:d6f1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 252 seconds]
03:04 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 256 seconds]
03:06 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
03:08 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
03:09 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Excess Flood]
03:11 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
03:42 -!- Farshid|Away is now known as Farshid
04:02 -!- showaz [~showaz@unaffiliated/showaz] has quit []
04:13 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Ping timeout: 265 seconds]
04:14 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
04:16 < hyperspace4000> esde: thank you
04:28 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
04:40 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: No Ping reply in 180 seconds.]
04:42 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
04:43 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
04:50 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
04:56 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: No Ping reply in 180 seconds.]
04:58 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
05:19 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit []
05:20 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
05:32 -!- alec-b [~alec@97.175.54.77.rev.vodafone.pt] has quit [Ping timeout: 244 seconds]
05:34 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has joined #openvpn
05:36 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 265 seconds]
05:40 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
05:42 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
05:43 <+esde> np
06:08 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
06:21 -!- Farshid is now known as Farshid|Away
06:44 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
06:53 -!- dan_j [sid21651@gateway/web/irccloud.com/x-notzzxhxbnniyozr] has quit []
06:53 -!- dan_j [sid21651@gateway/web/irccloud.com/x-ocfjoiglvtmbvwcy] has joined #openvpn
06:56 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-slvfznfmbdfgttrb] has quit []
06:56 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-azhhnivgxuoujkgr] has joined #openvpn
07:13 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
07:31 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
07:45 < suexec> I'm about to set up a new VPN server @ my home for easy access. Are there any web-guis or something that you would recommend, that would lighten the process of making certs etc, or should I just do it all from scratch?
07:46 -!- apocr [~apoc@host240-20-dynamic.4-87-r.retail.telecomitalia.it] has joined #openvpn
07:46 < apocr> I
07:48 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Read error: Connection reset by peer]
07:50 < apocr> I've setup an openvpn server, but my client doesn't have internet connection.. I assume that I have a routing problem, but I just can't pin it down. Here my config and routes: http://pastebin.com/FiwBW74A
08:07 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Read error: Connection reset by peer]
08:15 -!- novaflash is now known as novaflash_away
08:20 -!- novaflash_away is now known as novaflash
08:20 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
08:35 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:47 <@ecrist> suexec: I'm fond of both ssl-admin and easy-rsa
08:47 < suexec> ecrist, Ill check them out - cheers
08:48 <@ecrist> fwiw, I wrote ssl-admin and am one of two maintainers for easy-rsa
08:50 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
09:05 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:26 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
09:56 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:04 < KakuRoze> Is there any way to run a .ps1 script when a vpn has successfully connected?
10:04 < KakuRoze> (powershell, win7)
10:22 -!- aPollO2k is now known as apollo2k
10:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
10:47 -!- apocr [~apoc@host240-20-dynamic.4-87-r.retail.telecomitalia.it] has quit [Quit: leaving]
11:03 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
11:05 -!- Phagus [~Phage@209.195.114.239] has joined #openvpn
11:05 < Phagus> Wheneer I connect to a VPN, all of my connections work only for hte first minute or so
11:05 < Phagus> After that, my internet disconnects, I can't access anything, including hosts on the VPN
11:07 < Phagus> This connection  makes a tun0
11:13 -!- haasn [~haasn@static.102.126.46.78.clients.your-server.de] has joined #openvpn
11:14 < haasn> Would it technically be possible to have OpenVPN piggy-back on top of IP directly, rather than having to go through the UDP layer as well?
11:15 < haasn> This would potentially save a bit of overhead caused by the UDP port numbers, in exchange for only allowing a single OpenVPN Connection per pair of hosts
11:16 -!- Kyrotomia [~Kyrotomia@modemcable066.114-160-184.mc.videotron.ca] has joined #openvpn
11:16 < Kyrotomia> !welcome
11:16 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:16 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:17 < Kyrotomia> !paste
11:17 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
11:18 < Kyrotomia> !logs
11:18 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:20 < Kyrotomia> !ask
11:20 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
11:21 -!- Phagus [~Phage@209.195.114.239] has quit [Quit: leaving]
11:22 < Kyrotomia> !howto
11:22 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:26 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
11:26 -!- mode/#openvpn [+v s7r] by ChanServ
11:26 < Kyrotomia> I am trying to setup a site to site vpn between my home and my work office, but keep receive errors when the clients connect. Office log : https://gist.github.com/anonymous/292886a4e77c4610a735      HOME LOG : https://gist.github.com/anonymous/e2753fdf3703ba83d674
11:26 <@vpnHelper> Title: OFFICE.log · GitHub (at gist.github.com)
11:29 -!- Exagone313 [exa@elou.world] has quit [Quit: see ya!]
11:33 -!- Exagone313 [exa@elou.world] has joined #openvpn
11:39 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
11:45 -!- masterkorp [~masterkor@gohan.masterkorp.net] has joined #openvpn
11:45 < masterkorp> hello
11:46 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
11:48 < masterkorp> Can anyome point me to information on the static rules that usually reside on /etc/openvpn/static ?
11:57 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
12:00 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:02 -!- Exagone313 [exa@elou.world] has quit [Quit: see ya!]
12:06 -!- Exagone313 [exa@elou.world] has joined #openvpn
12:07 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
12:29 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
12:29 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 244 seconds]
12:37 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
12:42 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
12:46 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 244 seconds]
13:05 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:05 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:14 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
13:24 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
13:24 -!- mumixam [~m@unaffiliated/mumixam] has quit [Max SendQ exceeded]
13:46 -!- Benjamin__ [~Benjamin@61.173.73.94] has joined #openvpn
13:47 < Benjamin__> http://www.pastebin.ca/3073590
13:47 < Benjamin__> service openvpn start doesnt work
13:48 -!- cato [cato@i.xnis.de] has quit [Ping timeout: 256 seconds]
13:53 < Thermi> Benjamin__: What distro?
14:00 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
14:02 -!- mumixam [~m@unaffiliated/mumixam] has quit [Max SendQ exceeded]
14:03 < Benjamin__> Thermi: centos 7
14:03 < Benjamin__> but this seemed to work
14:03 < Benjamin__> systemctl start openvpn@server.service
14:03 < Benjamin__> how do i put openvpn in a jail? i know the chroot jail option but do i need to create a directory called jail on the server?
14:06 < Thermi> Benjamin__: Yes, and provide any necessary device files in the jail.
14:07 < Benjamin__> ive got it all setup now, openvpn is running on server, when i try connect from pc its just blank
14:08 < Benjamin__> ive been using openvpn for years so im quite sure my client and server conf's match
14:09 < Thermi> "blank"?
14:10 < Benjamin__> yea in the openvpn gui log screen, nothing showing up on the server openvpn.log either
14:10 < Benjamin__> Options error: --ca fails with 'ca.crt': No such file or directory
14:10 < Benjamin__> Options error: Please correct these errors.
14:10 < Benjamin__> Use --help for more information.
14:10 < Thermi> The problem is obvious.
14:11 < Benjamin__> yea sory its 3am here
14:11 < Benjamin__> fixed that, now it just shows:
14:11 < Benjamin__> http://www.pastebin.ca/3073614
14:11 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
14:12 < Benjamin__> http://www.pastebin.ca/3073615
14:12 < Benjamin__> and that repeats for infinity
14:12 < Thermi> "(check your network connectivity)"
14:12 < Thermi> Benjamin__: Go to bed.
14:13 < Benjamin__> apart from the fact that i'm in china there's nothing wrong with my network
14:13 < Benjamin__> should i maybe try a different port?
14:14 < Thermi> Check if a firewall rule on any side drops the packet.
14:15 < Benjamin__> windows firewall is off on the client machine, and doesnt have any 3rd party firewall
14:15 < Benjamin__> iptables on the server is wide open
14:16 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 258 seconds]
14:17 < Benjamin__> maybe i should try port 80
14:17 < Benjamin__> that's never blocked in china
14:18 < Benjamin__> even 443 doesn't work
14:19 < Benjamin__> nor 80
14:19 < Benjamin__> im using udp
14:21 < Thermi> Try hosting a simple weg page on port 80 using some lightweight web server and try to reach it
14:23 < Benjamin__> well i can ssh into the server using port 22
14:23 < Benjamin__> so should i try openvpn with tcp and port 22?
14:23 < Benjamin__> surely that should work
14:23 < Thermi> You can
14:23 < Thermi> use port-share
14:24 < Benjamin__> hmm
14:24 < Benjamin__> what is port-share?
14:24 < Benjamin__> after chaging to tcp 22 on server and restarting openvpn, i get this:
14:24 < Benjamin__> [root@seven openvpn]# systemctl start openvpn@server.service
14:24 < Benjamin__> Job for openvpn@server.service failed. See 'systemctl status openvpn@server.service' and 'journalctl -xn' for details.
14:25 < Thermi> Of course. It's used by sshd.
14:25 < Thermi> read the man page for openvpn and search for port-share.
14:25 < Thermi> take care - you can lock yourself out of the server
14:25 < Benjamin__> i can't reach the openvpn man page without a vpn
14:26 < Benjamin__> its blocked in china
14:26 < Thermi> Benjamin__: "man openvpn" ?
14:26 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
14:31 < Benjamin__> --port-share host port [dir]
14:31 < Benjamin__> if i want to share port 443 tcp, what would the full syntax be?
14:31 < Benjamin__> man page has no example
14:33 < Thermi> Benjamin__: You make openvpn listen on port 443 like you already know. Then set port-share to the host and port you want to forward non-openvpn traffic to. E.g.: For a webserver listening on 127.0.0.1:443: port-share 127.0.0.1 443
14:34 < Thermi> Take care - there's no magic protocol traversal. If you listen on udp port 443, you can not forward any non-openvpn traffic to a webserver listening on 127.0.0.1 443, because a webserver uses tcp.
14:36 < Benjamin__> ah
14:36 < Benjamin__> port-share 127.0.0.1 22
14:37 < Benjamin__> then i change ssh on server to use a different port than 22
14:44 < Thermi> Benjamin__: No, you tell the ssh daemon to listen on 127.0.0.1:22
14:44 < Thermi> After you told it to do that, you restart the sshd daemon AND KEEP THE CURRENT SSH CONNECTION OPEN
14:47 -!- Brownout [~brownout@unaffiliated/brownout] has joined #openvpn
14:48 < Kyrotomia> I am trying to setup a site to site vpn between my home and my work office, but keep receive errors when the clients connect. Office log : https://gist.github.com/anonymous/292886a4e77c4610a735      HOME LOG : https://gist.github.com/anonymous/e2753fdf3703ba83d674
14:48 <@vpnHelper> Title: OFFICE.log · GitHub (at gist.github.com)
14:52 < Brownout> hello, I was experimenting with --port-share and I noticed that obviously the proxied non openvpn connections are presented as coming from the openvpn server, this is quite a security risk since it would allow bypassing ACLs and firewalls. I don't see that easy to preserve the original IP addresses, stateful packet filtering would complaint, but the risk should be noted in the documentation
14:52 < Brownout> *complain
14:55 < Thermi> Benjamin__: I just read that port-share is only designed to work with HTTP/HTTPS, not ssh
14:55 < Thermi> Brownout: Well, it says that it proxies it. How should it preserve the IP? raw socket?
14:56 < Brownout> Thermi: was the reply to Benjamin__ for me?
14:56 < Thermi> Brownout: No, to Benjamin
14:56 < Brownout> I didn't say it should preserve the IP
14:56 < Thermi> Because he wanted to port share with sshd
14:56 < Brownout> I see, nice timing then
14:56 < Thermi> Brownout: Yes, it was a question for a solution.
14:57 < Thermi> Brownout: a solution would be to use a raw socket and then fake the packets, but that's ugly
14:57 < Thermi> And opens up openvpn to abuse
14:57 < Brownout> it wouldn't work anyway
14:58 < Thermi> Brownout: Yes. A way would be to use an nfqueue on Linux and pass the traffic to openvpn through the queue, where it can then look at the packets and pick out what it wants - but then the socket implementation needed to be changed to the queue - still ugly.
14:59 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
14:59 < Brownout> Thermi: no, really, it would not work, incoming traffic trough the openvpn server and outgoing directly
14:59 < Thermi> Brownout: Why would that not work?
14:59 < Brownout> because stateful firewalls
15:00 < Thermi> Brownout: The packets would all hit the normal conntrack hooks
15:00 < Brownout> the proxied host would not send the return traffic trough the openvpn server
15:00 < Thermi> proxied host? I think of this all happening on one single host
15:00 < Thermi> What do you think port-share does?
15:00 < Brownout> you can proxy to anything
15:00 < Thermi> Ah, you mean if I proxied to another host.
15:00 < Brownout> doesn't need to be something on localhost
15:01 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
15:01 < Thermi> Brownout: Why do you care about the return traffic for a connection of that we already know does not want to connect the local openvpn server?
15:01 < Thermi> Why do you want that to go though openvpn?
15:02 < Thermi> OpenVPN would get all packets through the nfqueue. If a packet is for another packet, it would be sent through the queue again and go through all other filters, including all remaining tables and conntrack hooks
15:03 < Brownout> because maybe there is some web server I do want to share the port with, but I could have configured a relaxed acl (e.g.: no auth required) for those coming from the local network
15:04 < Thermi> Brownout: Well, then don't send the traffic into the nfqueue?
15:04 < Brownout> we're talking about two different things
15:04 < Thermi> Brownout: Possibly
15:05 < Brownout> since it is supposed to work with http/s only, openvpn could terminate the traffic and add a x-forwarded-for header, web servers would honour it
15:05 < Brownout> but it would introduce a lot of unneded complexity
15:06 < Brownout> anyway, my initial suggestion was to note this risk in the documentation
15:06 < Brownout> since users might not realize this traffic would appear as local
15:16 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
15:31 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
15:37 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
15:37 < ValdikSS> Hi guys! Look what I have for you: http://witch.valdikss.org.ru/
15:37 <@vpnHelper> Title: ＷＩＴＣＨ？ (at witch.valdikss.org.ru)
15:37 < ValdikSS> Works with mssfix 1450 (default), 1400 and 1350.
15:45 -!- Kyrotomia [~Kyrotomia@modemcable066.114-160-184.mc.videotron.ca] has quit [Read error: Connection reset by peer]
15:51 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 256 seconds]
15:51 < Benjamin__> where are the sample configs located on a linux install of openvpn
15:51 < Benjamin__> can't find anywhere
15:51 < Brownout> are there sample configs?
15:53 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
15:56 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
16:06 < Benjamin__> this isn't work
16:06 < Benjamin__> http://www.pastebin.ca/3073684
16:06 < Benjamin__> am i typing the user and pass in the wrong place/format
16:13 -!- Janos [~cramos@190.113.108.117] has joined #openvpn
16:15 < Janos> hey there, got a quick question, is there any way tell restrict client connection base on certificate data, for example only allow to connect of the certificate Organization matches some text ?
16:25 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has joined #openvpn
16:34 < Brownout> Janos: wouldn't it be easy to fake? I guess --verify-x509-name is what you're looking for
16:47 -!- masterkorp [~masterkor@gohan.masterkorp.net] has left #openvpn ["WeeChat 1.0.1"]
16:55 < Janos> Brownout, thanks a lot, how could it be faked if I control the CA and whatever gets signed by it ? I'm I missing something here ?
16:57 < Brownout> ah, ok, if you control the ca
16:57 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Quit: jthunder]
16:59 < Janos> Brownout, correct
17:06 < Janos> Brownout, --verify-x509-name is exactly what I need, but the man only mentions the CN field or the entire subject, do you know if it's possible to match against other fields like organization or OU ? for example will '--verify-x509-name MyOrg Organization' validate the text in the Organization field instead of the CN field ?
17:11 < Brownout> Janos: I guess you could experiment with the type argument
17:12 < Janos> Brownout, thanks a lot, will do
17:13 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
17:14 <+esde> !configs
17:14 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:17 -!- Benjamin__ [~Benjamin@61.173.73.94] has quit [Quit: Leaving]
17:49 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Remote host closed the connection]
17:59 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
18:09 -!- szronik [~szronik@109.76.29.113] has joined #openvpn
18:10 < szronik> !welcome
18:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
18:10 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:10 < szronik> !route
18:10 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
18:10 <@vpnHelper> client
18:12 < szronik> I managed to get the OpenVPN server running. I managed to connect to the server from a client. Problem is, it changed the routing table on the client so that all requests that are not for 192.168.0.0 go through the tunnel and then nothing. Firewall is off.
18:15 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has joined #openvpn
18:33 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
18:35 -!- Fusl [Fusl@unaffiliated/fusl] has quit [K-Lined]
18:36 -!- Fusl_ [Fusl@unaffiliated/fusl] has joined #openvpn
18:39 -!- Fusl_ is now known as Fusl
18:44 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:47 -!- BloqueNegro [~nothing@HSI-KBW-134-3-109-88.hsi14.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
18:52 -!- jefferai_ [sid1300@kde/mitchell] has joined #openvpn
18:53 -!- troyt_ [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
18:54 -!- jefferai [sid1300@kde/mitchell] has quit [Ping timeout: 240 seconds]
18:54 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 240 seconds]
18:55 -!- jefferai_ is now known as jefferai
19:11 -!- UberGoat [UberGoat@2600:3c03::f03c:91ff:fee4:3981] has joined #openvpn
19:12 -!- UberGoat [UberGoat@2600:3c03::f03c:91ff:fee4:3981] has left #openvpn ["Leaving"]
19:25 -!- szronik [~szronik@109.76.29.113] has quit [Ping timeout: 244 seconds]
19:26 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 244 seconds]
19:31 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has joined #openvpn
19:36 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 246 seconds]
19:48 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has joined #openvpn
19:49 -!- Janos [~cramos@190.113.108.117] has quit [Quit: Ex-Chat]
19:52 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
19:53 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has joined #openvpn
20:03 -!- alec-b [~alec@205.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 265 seconds]
20:42 -!- ki7rw [~ki7rw@190.241.118.29] has joined #openvpn
21:04 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Ping timeout: 244 seconds]
21:39 -!- ki7rw [~ki7rw@190.241.118.29] has quit [Quit: Leaving]
22:03 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
22:59 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
22:59 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Client Quit]
23:00 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
23:10 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Remote host closed the connection]
23:10 -!- s7r_w [~s7r@openvpn/user/s7r] has joined #openvpn
23:10 -!- mode/#openvpn [+v s7r_w] by ChanServ
23:12 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 272 seconds]
23:29 -!- ShadniX [dagger@p5DDFDEE8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:30 -!- ShadniX_ [dagger@p5DDFE9F4.dip0.t-ipconnect.de] has joined #openvpn
23:30 -!- ShadniX_ is now known as ShadniX
--- Day changed Sat Jul 25 2015
00:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
00:40 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:41 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
01:46 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has quit [Quit: ZNC - http://znc.in]
02:11 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b876:305b:3c5e:f25a] has quit [Read error: Connection reset by peer]
02:37 -!- Denial [~Denial@81.141.5.123] has quit [Read error: Connection reset by peer]
02:37 -!- Denial [~Denial@81.141.5.123] has joined #openvpn
02:38 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:39 -!- Kobaz [~kobaz@its.kobaz.net] has quit [Ping timeout: 244 seconds]
03:00 -!- Gman32 [~Gman32@76.72.167.208] has quit [Ping timeout: 255 seconds]
03:01 -!- s7r_w [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
03:01 -!- s7r_w [~s7r@openvpn/user/s7r] has joined #openvpn
03:01 -!- mode/#openvpn [+v s7r_w] by ChanServ
03:02 -!- Gman32 [~Gman32@76.72.167.208] has joined #openvpn
04:28 -!- s7r_w [~s7r@openvpn/user/s7r] has quit [Ping timeout: 250 seconds]
04:29 -!- zamber [~zamber@78.10.86.90] has quit [Ping timeout: 244 seconds]
04:32 -!- zamber [~zamber@78.10.86.90] has joined #openvpn
05:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:01 -!- mode/#openvpn [+o mattock1] by ChanServ
05:05 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
05:05 -!- mode/#openvpn [+v s7r] by ChanServ
05:40 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
05:49 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
06:16 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
06:27 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
06:37 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:47 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
06:47 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
07:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
07:11 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
07:25 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has joined #openvpn
08:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:22 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 244 seconds]
09:21 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
09:29 -!- fulanito [~fulanito@177.224.28.239] has joined #openvpn
09:48 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
09:52 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Client Quit]
09:53 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
09:56 -!- fulanito [~fulanito@177.224.28.239] has quit [Quit: fulanito]
10:45 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
11:00 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
11:11 -!- Farshid|Away is now known as Farshid
11:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 252 seconds]
11:30 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
11:32 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:34 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:46 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b876:305b:3c5e:f25a] has joined #openvpn
11:54 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
12:31 -!- u0m3 [~u0m3@92.80.73.226] has joined #openvpn
12:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 246 seconds]
12:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
13:07 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
13:10 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:11 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
13:20 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
13:39 -!- Farshid is now known as Farshid|Away
13:54 -!- toli [~toli@ip-81-11-248-103.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:55 -!- toli [~toli@ip-62-235-216-109.dsl.scarlet.be] has joined #openvpn
14:07 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
14:34 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
14:49 -!- u0m3 [~u0m3@92.80.73.226] has quit [Quit: Leaving]
14:55 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
14:56 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Client Quit]
15:11 < DzAirmaX> Hi guyz
15:12 < DzAirmaX> Is there a way to simulate an attack on my openvpn server ?
15:54 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
15:57 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Client Quit]
16:06 -!- alec-b [~alec@28.104.103.87.rev.vodafone.pt] has joined #openvpn
16:07 < _FBi> is it true OpenVPN is on computers?
16:09 < Reventlov> DzAirmaX: what do you mean by « attack » ?
16:14 -!- alec-b [~alec@28.104.103.87.rev.vodafone.pt] has quit [Ping timeout: 264 seconds]
16:16 -!- alec-b [~alec@113.44.54.77.rev.vodafone.pt] has joined #openvpn
16:23 < DzAirmaX> Reventlov : brute force attack on the open port
16:24 < Reventlov> DzAirmaX: well, why would you do that ? Do you use your vpn with a weak password ?
16:24 < Reventlov> and weak username ?
16:25 < DzAirmaX> Reventlov: nope, I want to use fail2ban with it
16:25 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
16:25 < Reventlov> then you may want to check thc-hydra.
16:26 < Reventlov> also kali linux comes with a lot of tools that can help you to mimick some attack patterns.
16:28 < DzAirmaX> is versbose 3 enough for logging the attacks ?
16:34 < mystica555> DzAirmaX: you should be able to figure that out by figuring out what logging in (or attempting to) does at each level
16:38 < _FBi> if you like Kali, you should check out Pentoo
16:39 < _FBi> hard to use fail2ban, unless they have your TLS key
16:53 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
16:59 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
17:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
17:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:35 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
17:35 -!- mode/#openvpn [+v s7r] by ChanServ
17:37 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:38 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
17:43 < ValdikSS> https://medium.com/@ValdikSS/detecting-vpn-and-its-configuration-and-proxy-users-on-the-server-side-1bcc59742413
17:43 <@vpnHelper> Title: Detecting VPN (and its configuration!) and proxy users on the server side — Medium (at medium.com)
17:50 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
17:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:55 < _FBi> phishing 101?
17:57 < mystica555> fun
17:58 < mystica555> so what about if you have mtu 1492 from PPPoE, and then you decide to do transfer tests, and find a different mtu of 1454 is ideal for throughput; how does that skew your tests"
18:02 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
18:05 < ValdikSS> mystica555: yes it does. It works only with mssfix 1450 (default), 1400 and 1350
18:05 < ValdikSS> mystica555: it also can detect "generic" values like 1400 and 1280, but that's not very reliable.
18:06 < mystica555> another simple thing that might indicate this, is the TTL value of the packets. but that would require a reverse traceroute back to the IP that the packets came from, and then a fuzz amount of perhaps 5-10 hops to account for different forward vs reverse paths...
18:07 < mystica555> ive heard of ISPs that in the past, limited use of home broadband routers, by rejecting packets with the wrong ttl, ie, one decremented from the usual that the packet should have
18:11 < ValdikSS> mystica555: I heard of that too in Russia. Detecting by TTL could be wrong, it would produce false positives when for example you share mobile internet via wifi.
18:22 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 244 seconds]
18:31 < mystica555> mobile internet in and of itself has a lot of random internal hops..
18:31 < mystica555> so that method would fail in just about all cases
18:31 < mystica555> heh
18:34 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Quit: jthunder]
18:35 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
18:43 -!- kazoo [brandon@unaffiliated/kazoo] has quit [Ping timeout: 265 seconds]
18:46 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Ping timeout: 256 seconds]
18:59 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
19:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
19:16 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:33 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
19:35 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
19:35 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
20:05 -!- rich0_ is now known as rich0
20:05 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
20:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
20:16 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
20:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
20:40 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
20:57 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Quit: jthunder]
21:06 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
21:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:20 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
21:24 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:34 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
21:37 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-sagiwypvliljcsxh] has quit []
21:37 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-zlrbqoxyooynwyaj] has joined #openvpn
21:40 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
21:46 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:57 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
21:59 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 244 seconds]
22:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
22:19 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:26 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
22:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
22:53 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:29 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:30 -!- ShadniX [dagger@p5DDFE9F4.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:30 -!- ShadniX [dagger@p57941AD1.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Jul 26 2015
00:02 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
00:02 < boneskull> !welcome
00:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
00:02 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
00:03 < boneskull> !redirect
00:03 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
00:03 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
00:06 < boneskull> !paste
00:06 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
00:15 < boneskull> Hi, I have two problems. 1. Error while connecting to VPN (though it doesn't seem severe), and 2. I have to manually tell the VPN to route internet traffic (not LAN) thru the VPN after it connects.  All the info I know how to provide is here:  https://gist.github.com/boneskull/d92a0da033a1c0fad78e  happy to provide more information.  thanks!
00:15 <@vpnHelper> Title: openvpn errors · GitHub (at gist.github.com)
00:15 < boneskull> I do not have control over the server
00:23 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
00:23 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 265 seconds]
00:32 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:06 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
01:09 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:30 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
01:57 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Bye bye]
02:00 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
02:03 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
02:27 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:46 -!- Haxxa [~Harrison@cpe-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Quit: ZNC - http://znc.in]
02:48 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
02:50 -!- boneskull [~boneskull@63.142.161.4] has joined #openvpn
03:13 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Remote host closed the connection]
03:16 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
03:26 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
03:30 -!- boneskull [~boneskull@63.142.161.4] has quit []
03:32 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
03:42 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:05 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
04:08 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
04:11 -!- fugyk [~fugyk@ec2-52-74-78-173.ap-southeast-1.compute.amazonaws.com] has joined #openvpn
04:11 -!- moviuro__ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
04:12 < moviuro__> http://witch.valdikss.org.ru/ and https://medium.com/@ValdikSS/detecting-vpn-and-its-configuration-and-proxy-users-on-the-server-side-1bcc59742413 << ought to be interesting for people here
04:12 <@vpnHelper> Title: ＷＩＴＣＨ？ (at witch.valdikss.org.ru)
04:16 -!- chimpinspace [~chimpinsp@49.202.231.172] has joined #openvpn
04:16 < chimpinspace> Hi, my college has cyberoam firewall which is blocking openvpn(not port blocking) connections. Is there any way to bypass it?
04:16 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:20 < chimpinspace> !logs
04:20 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
04:27 < chimpinspace> Also I want to use UDP as it seems to be not accounted in total bandwidth. So is there something like obfsproxy for UDP.
04:27 < chimpinspace> Anyone please help me...
04:34 -!- chimpinspace [~chimpinsp@49.202.231.172] has quit [Remote host closed the connection]
04:37 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
04:38 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:40 < moviuro__> hit'n'run?...
04:41 -!- chimpinspace [~chimpinsp@49.202.231.172] has joined #openvpn
04:41 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:42 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:42 < chimpinspace> moviuro__: ha
04:43 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:44 < moviuro__> so the FW does some packet inspection, that's it?
04:44 < moviuro__> did you try port {domain, ntp} which are UDP?
04:47 < chimpinspace> moviuro__: I have tried to use different ports(eg 53) with no success. What are domain, ntp?
04:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
04:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:50 < moviuro__> chimpinspace: stfw
04:50 < moviuro__> ports for the NTP protocol and DNS requests
04:50 < moviuro__> I don't remember their numbers
04:51 < chimpinspace> Yes I have tried dns port 53
04:52 < chimpinspace> and also some other which didnt work.
04:53 < chimpinspace> moviuro__: Is there any other way to bypass it.
04:54 < moviuro__> I don't know, then. FW that do deep packet inspection are usually a PITA
04:54 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
04:55 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:55 < moviuro__> https://support.nvpn.net/index.php?/Knowledgebase/Article/View/416/0/how-to-bypass-dpi-deep-packet-inspection
04:55 <@vpnHelper> Title: How to bypass DPI (Deep Packet Inspection) - Powered by nVpn.net since 2010© (at support.nvpn.net)
04:59 < chimpinspace> moviuro__: Thanks, I think xorpatched VPN might work.
05:00 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
05:01 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:02 -!- xyb00l [~ment0s@cpc13-bahd4-2-0-cust185.14-2.cable.virginm.net] has joined #openvpn
05:02 < xyb00l> Hi
05:02 -!- chimpinspace [~chimpinsp@49.202.231.172] has quit [Remote host closed the connection]
05:02 < xyb00l> is there a way to have standard box openvpn server with just login and password authentication ?
05:06 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
05:07 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:07 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
05:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:09 -!- mode/#openvpn [+o mattock1] by ChanServ
05:12 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
05:13 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:18 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
05:19 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:24 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
05:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
05:25 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:29 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
05:30 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:35 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
05:36 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:37 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:41 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
05:42 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:47 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
05:59 -!- angular_mike__ [sid45533@gateway/web/irccloud.com/x-aicsumbhzghkpwxo] has joined #openvpn
05:59 -!- dan_j_ [sid21651@gateway/web/irccloud.com/x-newxbhdybhdcwyir] has joined #openvpn
06:00 -!- lxusrbin_ [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
06:00 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Disconnected by services]
06:00 -!- lxusrbin_ is now known as lxusrbin
06:01 -!- gffa_ [~unknown@unaffiliated/gffa] has joined #openvpn
06:04 -!- MarcoSlater_ [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
06:04 -!- early` [~early@2607:5300:100:200::160d] has joined #openvpn
06:05 -!- mgorbach_ [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
06:05 -!- Netsplit *.net <-> *.split quits: early, kwmiebach, tapout, angular_mike_, _FBi, ender|, @syzzer, kcaj, MarcoSlater, dan_j,  (+5 more, use /NETSPLIT to show all of them)
06:05 -!- mgorbach_ is now known as mgorbach
06:05 -!- MarcoSlater_ is now known as MarcoSlater
06:06 -!- Netsplit over, joins: novaflash
06:06 -!- mode/#openvpn [+o novaflash] by ChanServ
06:06 -!- Netsplit over, joins: deviantintegral
06:08 -!- dan_j_ is now known as dan_j
06:09 -!- angular_mike__ is now known as angular_mike_
06:10 -!- kcaj_ [kcaj@unaffiliated/kcaj] has joined #openvpn
06:10 -!- kcaj_ is now known as kcaj
06:11 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
06:13 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-rdpwbczlrlnabqbc] has joined #openvpn
06:17 -!- wowaname [h@love.wowana.me] has joined #openvpn
06:31 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
06:31 -!- mode/#openvpn [+o syzzer] by ChanServ
06:45 -!- BtbN [btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
06:45 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
06:47 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
06:49 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
06:54 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
06:55 -!- moriko [~moriko@141.8.29.164] has quit [Client Quit]
06:58 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
07:12 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:24 -!- xyb00l [~ment0s@cpc13-bahd4-2-0-cust185.14-2.cable.virginm.net] has quit [Quit: leaving]
07:43 -!- JohnKerr [~JohnKerr@unaffiliated/johnkerr] has joined #openvpn
07:43 < JohnKerr> Hello
07:44 < JohnKerr> I am wondering why someone would want to use stunnel with openvpn if open vpn already uses SSL?
07:51 <@syzzer> JohnKerr: stunnel looks much more like 'browser ssl' than openvpn does. that makes is possible to bypass more firewalls (if they inspect packets, they might see the difference between openvpn and browser traffic on pore 443, but not between stunnel and browser ssl)
07:52 <@syzzer> the downside is that stunnel introduces more overhead
07:52 < JohnKerr> that was going to be my next 2 questions
07:52 < JohnKerr> thanks
07:53 <@syzzer> yw
07:54 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
08:00 < JohnKerr> glad I didnt setup stunnel for nothing
08:09 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
08:20 -!- frafra [~frafra@fedora/frafra] has joined #openvpn
08:20 < frafra> hi
08:20 -!- Bl4ckD34Th [Elite13526@gateway/shell/elitebnc/x-xyterejhkjwcilfv] has joined #openvpn
08:21 < frafra> I'm trying to configure openvpn in tap/bridged mode, but connections stops when this happens: 'PUSH_REPLY,route-gateway dhcp,ping 10,ping-restart 120' (status=1)
08:21 < frafra> btw, I don't need dhcp, dns or an ip for openvpn server
08:21 < frafra> what it could be?
08:26 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:55 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
09:25 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
09:56 < frafra> is it possible to avoid dhcp?
10:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:00 -!- mode/#openvpn [+o mattock1] by ChanServ
10:02 -!- Farshid|Away is now known as Farshid
10:20 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 252 seconds]
10:23 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
10:23 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Excess Flood]
10:25 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
10:25 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Excess Flood]
10:27 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
10:27 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
10:32 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:34 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
10:44 -!- frafra [~frafra@fedora/frafra] has quit [Ping timeout: 240 seconds]
10:52 -!- HardWall [~HardWall@188.24.100.190] has joined #openvpn
10:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
10:57 -!- HardWall [~HardWall@188.24.100.190] has quit [Read error: Connection reset by peer]
10:59 -!- frafra [~frafra@fedora/frafra] has joined #openvpn
11:02 -!- Farshid is now known as Farshid|Away
11:04 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Quit: jthunder]
11:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
11:46 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:01 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 255 seconds]
12:05 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:31 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Remote host closed the connection]
12:32 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
12:33 -!- Denial- [~Denial@213.205.194.189] has joined #openvpn
12:34 -!- Denial [~Denial@81.141.5.123] has quit [Ping timeout: 250 seconds]
12:37 -!- Denial [~Denial@81.141.23.56] has joined #openvpn
12:38 -!- Denial- [~Denial@213.205.194.189] has quit [Ping timeout: 272 seconds]
12:57 -!- u0m3 [~u0m3@92.80.102.166] has joined #openvpn
13:05 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
13:19 -!- Farshid|Away is now known as Farshid
13:31 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
13:36 -!- grit [~grit@unaffiliated/grit] has joined #openvpn
13:37 < grit> hello, i might be retarded, but can't figure out how to tell openvpn to "use remote dns"?
13:38 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:41 < mystica555> push a dhcp option stating the dns servers to use
13:42 < mystica555> and also perhaps do a gateway def1 push as well so that all requests regardless go over the vpn
13:43 < Fusl> does someone know what could be the reason why openvpn client does not add the 0.0.0.0/1 route but ONLY the 128.0.0.0/1 route when using push "redirect-gateway def1 bypass-dhcp" on the server and pull on the client side?
13:44 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
13:45 < grit> mystica555: can i see an example config file?
13:45 < grit> for these options
13:45 < grit> or better said - with these options
13:46 < mystica555> https://openvpn.net/index.php/open-source/documentation/howto.html     '
13:46 < mystica555>     push "redirect-gateway def1"
13:46 < mystica555> '    '
13:46 < mystica555>     push "dhcp-option DNS 10.8.0.1"
13:46 < mystica555> '
13:46 <@vpnHelper> Title: HOWTO (at openvpn.net)
13:47 < grit> thanks a lot
14:04 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
14:08 -!- soLucien [~Lu@178.62.252.248] has joined #openvpn
14:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:37 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
14:39 -!- frafra [~frafra@fedora/frafra] has quit [Ping timeout: 260 seconds]
14:54 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:58 -!- james41382_ is now known as james41382
14:58 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
14:59 -!- blurider [~mark@cpe-69-203-11-147.nyc.res.rr.com] has joined #openvpn
14:59 < blurider> I'm using redirect-gateway def1 on my openvpn system and I'm finding that my DNS server is still my current hotspot's and not my vpn's
15:00 -!- bocephus [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
15:00 < blurider> When I try to resolve a url with firefox, I get the hotspot DNS query (website) vs. my vpn's DNS query (also a website).
15:00 < blurider> However, checking the ip address indicates that at least the http traffic is being redirected.
15:02 < blurider> Is there an additional option I need to push my DNS queries through my VPN?
15:06 < blurider> Now similarly, pushing via openssh socks with firefox set to redirect dns queries doesn't go through my hotspot's DNS
15:08 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
15:10 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
15:13 < mystica555> blurider:  push "dhcp-option DNS 10.8.0.1"
15:13 < mystica555> ish
15:13 < blurider> mystica555: that's for openvpn runningon 10.8.0.0 ips
15:13 < blurider> ight?
15:21 < mystica555> that's an example you can modify to fit -your own- dns servers
15:23 -!- blurider [~mark@cpe-69-203-11-147.nyc.res.rr.com] has quit [Ping timeout: 240 seconds]
15:27 -!- Farshid is now known as Farshid|Away
15:32 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
15:39 -!- JohnKerr [~JohnKerr@unaffiliated/johnkerr] has quit [Ping timeout: 265 seconds]
15:44 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 252 seconds]
15:44 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Ping timeout: 252 seconds]
15:45 -!- gffa_ [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:47 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
15:47 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
16:04 -!- cmanns [4b8c9e1c@gateway/web/freenode/ip.75.140.158.28] has joined #openvpn
16:05 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
16:05 -!- mode/#openvpn [+v s7r] by ChanServ
16:05 < cmanns> What OS would you guys suggest for OpenVPN server... lastly and for managing the client/server keys (I used to just copy the directory but often get confused who has what key)
16:12 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn []
16:15 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
16:15 -!- mode/#openvpn [+v s7r] by ChanServ
16:16 <+s7r> if my openvpn server has ipv6, can I enable that as well?
16:16 < Poster> I think the majority of OpenVPN server systems are Linux based.  I am unaware of an advantage to one distribution over another, though you normally land in either the RedHat/RPM or Debian/DPKG camps
16:16 <+s7r> client doesn't have ipv6, only v4
16:17 < Poster> CentOS, Fedora, SuSE are RPM based, Debian, Ubuntu are DPKG based
16:17 < mystica555> Poster: i like openwrt as it can be controlled easier with regard to firewalling and separation of interests
16:17 < mystica555> :)
16:17 < Poster> if it is for a commercial installation, I would suggest something that has longer support, such as RedHat/Ubuntu LTS
16:18 < Poster> well that is another way yes
16:18 -!- SineDeviance [~quassel@2602:306:3908:8eb0:c1ea:546d:7b63:b1e2] has quit [Quit: No Ping reply in 180 seconds.]
16:18 < mystica555> this is true; however, your mileage may vary with how well things work on the geriatric 'still supported' releases
16:18 < cmanns> Is CentOS 7 play noice with openvpn
16:18 < mystica555> rhel5 is still supported (god help us all)
16:18 < Poster> with age comes stability, which is generally king unless you have the desire for bleeding edge
16:19 < mystica555> centos7 should be fine
16:19 < mystica555> Poster: i've found 'with rhel5 comes SNMPd that crashes and stops responding even when this bug has been fixed long ago'
16:19 -!- SineDeviance [~quassel@2602:306:3908:8eb0:1c07:3004:f2c:c076] has joined #openvpn
16:19 < Poster> alrighty
16:19 < mystica555> ive found 'with rhel6 intel e1000e never works right';
16:19 < mystica555> so im forced into newer kernels
16:19 < mystica555> and newer distros due to old long forgotton bugs
16:20 < mystica555> i ran funtoo and sabayon both with up-to-date kernels on my workstation at work, one with a flaky Supermicro e1000e chip that would go sideways a lot on other oses
16:20 < mystica555> -never- had a problem
16:20 < mystica555> -every- other person trying fedora, ubuntu, debian proper, all on similar hardware, had ethernet problems
16:21 < Poster> Well, part of it may be hardware selection
16:21 < mystica555> (this was at a datacenter NOC; i we all had similar X7 series supermicro hardware)
16:21 < Poster> I currently maintain around 600 Linux hosts, none of which are "bleeding" edge but are all supported for many years and have none of the issues you describe
16:21 < mystica555> im certain most of it was hardware selection; but this indicates just how varied the same hardware can work on individual oses and newer vs older drivers
16:22 < mystica555> Poster: any of those 600 supermicro X7-X9 series boards ?
16:22 < Poster> none, all server class hardware from HP and Cisco
16:22 < mystica555> which precise ethernet chipset was used in the hp stuff?
16:22 < mystica555> e1000e? newer? non-intel?
16:22 < Poster> Majority is within VMware
16:22 < mystica555> on the hypervisors?
16:23 < Poster> vmxnet3
16:23 < mystica555> theres gotta be a physical ethernet chip on the box
16:23 < mystica555> what is it
16:23 < Poster> I'm fairly sure it's either broadcom or intel. regardless the guests don't see it, only the hypervisor does
16:23 < mystica555> and we had hypervisors going down
16:23 < mystica555> due to their physical nics going sideways
16:24 < mystica555> inaccessible to the world
16:24 < mystica555> reboot fixed it
16:24 < mystica555> or a newer kernel module for e1000e
16:24 < mystica555> 82579LM chipset had flaws
16:24 < mystica555> oh another fun one
16:24 < mystica555> adaptec 2405 and anything centos6 or newer
16:24 < Poster> well you can run with bleeding edge, it generally doesn't have a place in medium to large organizations though
16:24 < mystica555> RAID driver in kernel vs RAID driver expectations in firmware, never matched, and caused many kernel panicking errors
16:25 < mystica555> generally; but somtimes there are very critical bugs that get fixed (such as the 'instead of passing the error one layer up in the call stack, where it can get handled gracefully, instead KERNEL PANIC cos the raid driver is dumb, and won't ever be fixed in this version of CentOS as the GIT repository only fixed it a year ago'
16:25 < mystica555> bug)
16:26 < Poster> most of those are backported, but I think we'll have to agree to disagree
16:26 < mystica555> most
16:26 < mystica555> that one wasnt,after waiting an entire year for either adaptec to release a driver on their site, let alone waiting for centos to adopt it
16:26 < Poster> a 6-9 month life cycle of a non LTS supported distribution would create a full time job of upgrading servers when there are hundreds
16:26 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
16:27 < mystica555> im a great believer in rolling releases; like windows update, every week
16:27 < mystica555> as long as thyre tested, its great
16:27 < mystica555> thats the problem though...testing
16:27 < mystica555> so i will agree 100% with you on using LTS / stable stuff, provided your hardware is also stable
16:28 < mystica555> but have found too many personal corner cases that would have been avoided by just running the newest driver/kernel
16:28 < Poster> in larger scales that testing can comsume many people many hours, ultimately costing an organization a lot of money to stay bleeding edge
16:28 < mystica555> and ive been 100% turned off of adaptec hardware entirely
16:29 < cmanns> I ran cPanel on unsupported FreeBSD version because needed ethernet driver if recall. It was an adventure leading to full on rhel based use with cPanel there on after lolol
16:30 < mystica555> cmanns: i've done the rhel and centos+cpanel stuff
16:30 < mystica555> and this is where i've found many of my corner cases of driver issues
16:30 < Poster> I'm sure there will always be fringe cases of driver support, but things like RedHat (and their CentOS clones) are targeted for larger stable environments and likely have a hardware compatability list, I am not familiar with what you were running there but am curious if the interfaces were on the RHEL HCL
16:31 < mystica555> (ive also seen no less than 5 different hypervisors crash repeatedly due to adaptec2405+centos6 ; and no less than 2 different raid arrays -entirely eat themselves for dinner- after replacing a disk in the array and choosing the only option it presents, and welp, its the wrong one'
16:31 < mystica555> )
16:31 < cmanns> Yeah I often run newer stuff myself- were actually looking at a new alternative to cPanel / traditional "lamp" maybe docker instances behind load balancer or freebsd jails hue hue
16:32 < Poster> mystica555: Did you use these? http://www.adaptec.com/en-us/downloads/rh/rhel_6/productid=sas-2405&dn=adaptec+raid+2405.html
16:32 <@vpnHelper> Title: Adaptec - Red Hat Enterprise Linux 6 (at www.adaptec.com)
16:34 < mystica555> Poster: YEP i tried those
16:34 < mystica555> 2012 is too old for the bugfix
16:35 < Poster> ok so if the drivers by the manufacturer, for the OS do not work, is it really the OSes fault?
16:36 < mystica555> its 'stable' vs 'actually available' 's fault
16:36 < mystica555> above and beyond any one entity, but the practice
16:37 < Poster> alrighty, well, I hope you have good luck with running new versions of everything
16:39 < mystica555> https://bugzilla.kernel.org/show_bug.cgi?id=31212  < different, but also seen, issue
16:39 <@vpnHelper> Title: Bug 31212 aacraid is generally unstable with newer kernels (at bugzilla.kernel.org)
16:40 < Poster> It's nice to think that everything can smoothly go to the latest, but in reality it just is not true, sure CentOS 7 may have an updated driver to work with that adaptec controller, but good luck getting support from Oracle to run a RAC or something
16:40 < Poster> as far as I know Oracle only supports RHEL5/OEL5 for things like Oracle 10
16:40 < mystica555> heh
16:41 < mystica555> good thing i never plan to do business with oracle, or companies that have oracle
16:41 < mystica555> and fwiw, rhel5 was entirely stable on these
16:41 < mystica555> but rhel6/cent6 were the troublemakers
16:41 < Poster> well that's just one example, my point is that compatability and support with newest is not all that common
16:42 < Poster> yes you can choose not to run those, but in some cases you do not have a choice
16:42 < mystica555> yep
16:42 < mystica555> in our case, rhel5 was too old for php to work properly
16:42 < mystica555> and be updated, etc
16:42 < mystica555> sooo rhel/cent6 = hay all these hardware bugs are exposing themselves now. die evildoer!
16:46 < Poster> hopefully avoiding those vendors allows you to be successful in whatever you do
16:46 < Poster> It's just a tough sell to a business to avoid something that does what is needed due to needing some hardware support
16:47 < mystica555> avoiding oracle is a life desicion (same reason i cant work -for- microsoft or apple directly) ; adaptec is a 'i'll work around it, but never buy it or recommend it new'
16:48 < mystica555> unless, and this would be a game-changer, if pmc-sierra were to come up with a fully-realized ZFS-on-a-PCIe-card
16:48 < Poster> in the grand scheme of things, a hardware purchase is significantly less than what would be lost by refusing to use something like an Oracle
16:48 < mystica555> Poster: and im sure i could make tons of money repairing shit iphone screens and windows stuff that breaks all the time
16:48 < mystica555> i choose not to
16:48 < Poster> so in the case of those massive Oracle systems, hardware is purchased which is certified to run with OEL5 and life is good
16:49 < mystica555> so far, its worked
16:49 < mystica555> *knock on melamine desk*
16:49 < mystica555> i just rather despise microsoft, apple, and oracle, as corporate entities
16:49 < mystica555> and refuse to associate with them if possible
16:49 < mystica555> company i work for uses them? great, if they don't expect me to admin the thing.
16:49 < Poster> certainly your choice, but it will close a lot of doors in the business world
16:49 < mystica555> they expect me to admin the thing? i get a new job.l
16:50 < mystica555> im one for burning bridges and locking doors before even opening them
16:50 < mystica555> so its par for the course >.>
16:53 < Poster> Don't get me wrong, I have my own personal preferences, but I've never landed a job by telling a potential employer I refuse to support X, Y and Z
16:54 < moviuro__> mystica555: try the education sector. e.g. my school runs most entirely off FreeBSD and Debian
16:54 < mystica555> moviuro__: i'm doing webhosting stuff now
16:54 < moviuro__> with some *eek* redhat in a crappy VM
16:55 < moviuro__> (and oracle, and catia)
16:55 < mystica555> education sector might not like the fact i never actually completed a few things in school
16:55 < moviuro__> my sysadmin does not have anything really brilliant in his resume either
16:56 < moviuro__> he's just goddam good at what he does
16:56 < mystica555> well when i'd have to lie to state ive completed high school and college.. or just omit the fact i never completed either, but simply attended...
16:56 < moviuro__> (and also a bit of the sysadmin guru of the digital society)
16:56 < Poster> formal education isn't always important in IT, a lot of it has to do with aptitude to an extent but primarily attitude
16:57 < moviuro__> mystica555: I'm not sure it's relevant if you already have "real-world" experience
16:57 <+s7r> any tutorial somewhere about how I can tunnel ipv6 over an ipv4 vpn? server has native ipv6
16:57 < mystica555> moviuro__: for all 'educational' located positions (in a school or facility that supports schools) they -require- a 4 year college degree
16:57 < moviuro__> s7r: man 1 openvpn
16:57 < moviuro__> ouch mystica555, I'm sorry
16:58 <+s7r> moviuro__ I want something eaiser. I have a /128 on the server and I don't know what that is (probably just one ipv6) so need to NAT?
16:58 < moviuro__> s7r: it's basically the same as the ipv4 options but with a "ipv6" attached somewhere
16:58 < moviuro__> O_O
16:58 < mystica555> likely as a matter of 'keeping up with the joneses' and 'we wouldn't want anyone who hasnt passed this sort of school to work here'
16:58 < moviuro__> s7r: if you only have a /128, stop right here
16:58 < mystica555> mentality
16:58 <+s7r> the ip classes are others, ip6tables and so on
16:59 < moviuro__> meh, I know nothing of iptables, so won't be able to help
16:59 <+s7r> moviuro__ ok. I realize
16:59 < moviuro__> s7r: get yourself a /48 : https://tunnelbroker.net
16:59 <@vpnHelper> Title: Hurricane Electric Free IPv6 Tunnel Broker (at tunnelbroker.net)
16:59 <+s7r> moviuro__ and I assign one of those IPs to the VPN?
16:59 < moviuro__> then you can attribute a whole /64 to your VPN, and tada
17:00 < moviuro__> yeah, I do this in the client config file: http://ix.io/jWw
17:01 < moviuro__> but, do keep a /64 at minimum
17:01 < moviuro__> (should be more than enough anyway)
17:01 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
17:01 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
17:01 -!- mode/#openvpn [+v s7r] by ChanServ
17:01 <+s7r> moviuro__ thanks. nothing special in server config ?
17:03 < moviuro__> server-ipv6 ip:6:add::ress/bits
17:03 < moviuro__> and some ip forwarding
17:03 < moviuro__> and some in/out rules for the FW
17:03 < moviuro__> and good to go
17:05 < moviuro__> mystica555: that's a shame. my college simply didn't care. some of the IT team began to work at age 18 with no real diploma
17:05 < moviuro__> s7r: still alive?
17:05 <+s7r> y4e
17:05 <+s7r> yes
17:05 <+s7r> just configured the server
17:06 <+s7r> the tunnel with HE
17:06 <+s7r> I got a /64
17:06 <+s7r> I need also to enable ipv6 forwarding
17:06 <+s7r> what iptables rules?
17:08 < moviuro__> you normally got a /48
17:08 < moviuro__> (it'll help for your virtual machines/containers if you run this kind of thing)
17:09 < moviuro__> told you, I got 0 clue of how iptables works. I only know BSD pf
17:09 <+s7r> oh, ok.
17:10 <+s7r> i will google osme more then :)
17:10 <+s7r> thank you!
17:10 <+s7r> i thought it would work only with a /128
17:10 < moviuro__> no, /128 is a single adress
17:10 < moviuro__> using /128 only makes sense in a FW rule
17:12 < moviuro__> your server should use and push /64
17:12 < moviuro__> (yes, it IS weird, but that's how it works)
17:14 < cmanns> HE Tunnels are great
17:14 < moviuro__> that they are
17:14 < moviuro__> too bad they aren't encrypted, though
17:15 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
17:15 < cmanns> Agreed
17:15 < cmanns> We mostly used the IPv6 for websites/apps and would use VPN for private stuff on ipv4
17:16 < moviuro__> cmanns: the fact that it is private still is an issue though
17:16 <+s7r> basically you get a v6 in tokyo for free?
17:16 <+s7r> with their tunnels ?
17:16 < moviuro__> some of my hosts do have a public IPv6 but nothing can reach them
17:16 < cmanns> no these were public websites, but for sshing etc wasnt over HE
17:17 < moviuro__> haaaa, ok
17:17 < moviuro__> s7r: why tokyo? HE builds a tunnel to your IP wherever it is
17:17 <+s7r> no i meant the ip they assign you
17:18 < moviuro__> oh, that's weird
17:18 -!- wsky [~sexyboy@unaffiliated/sexyboy] has joined #openvpn
17:18 < moviuro__> I didn't pay attention
17:18 < moviuro__> 2001:470:xxxx::/48, right?
17:18 < wsky> hey, anyone having issue with openvpn client not reconnecting on windows?
17:18 <+s7r> yes
17:19 < wsky> i have to restrt the service manually to make it reconnect
17:19 < moviuro__> wsky: that's not an issue. state the problem
17:19 <+s7r> wsky what windows?
17:19 < moviuro__> !paste
17:19 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
17:19 < moviuro__> !logs
17:19 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
17:19 < wsky> s7r: 7
17:19 <+s7r> wsky do you use some activators, such as KMS pico or whatever?
17:20 < wsky> no, just sore openvpn
17:20 < wsky> uhm not sore, raw
17:20 < wsky> let me rephrase, only basic openvpn software out of the openvpn site
17:20 <+s7r> that i understand. and I am asking, do you have installed on that computer separately any kind of activator for windows?
17:21 < wsky> what activator?
17:21 <+s7r> activator for licenses
17:21 < wsky> no and what it has to do with anything?
17:22 <+s7r> because it uses the tap adapter.. and openvpn would need another one
17:22 <+s7r> and it's very common problem, that is why I asked. but sorry, looks like it's not the case
17:22 < wsky> an activator uses a tap adapter??
17:22 <+s7r> most of them do yes.
17:23 < wsky> but arent they programs for pirating windows?
17:23 < wsky> what they have to do with tun/tap?
17:23 <+s7r> i don't know they use it to create some false positives
17:24 < moviuro__> !tunortap
17:24 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
17:24 <@vpnHelper> rooted/jailbroken) support only tun
17:24 < moviuro__> s7r: you should use tun
17:24  * wsky suspects that s7r is checking am i a pirate
17:25 <+s7r> wsky that is wrong. I couldn't care less if you were a pirate or not
17:25 < wsky> well you know, this sounds odd enough to me to suspect that
17:27 < wsky> well it's almost obvious
17:29 < moviuro__> wsky if you want any help, past your logs
17:29 -!- wsky [~sexyboy@unaffiliated/sexyboy] has left #openvpn []
17:52 -!- alec-b [~alec@113.44.54.77.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
17:57 -!- alec-b [~alec@113.44.54.77.rev.vodafone.pt] has joined #openvpn
18:15 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:16 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 264 seconds]
18:16 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Ping timeout: 264 seconds]
18:17 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
18:21 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
18:56 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Quit: leaving]
19:04 -!- alec-b [~alec@113.44.54.77.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
19:07 -!- alec-b [~alec@113.44.54.77.rev.vodafone.pt] has joined #openvpn
19:08 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has quit [Ping timeout: 246 seconds]
19:10 -!- alec-b [~alec@113.44.54.77.rev.vodafone.pt] has quit [Client Quit]
19:18 -!- _quadDamage [~EmperorTo@oreo.blissfulidiot.com] has quit [Remote host closed the connection]
19:20 -!- alec-b [~alec@113.44.54.77.rev.vodafone.pt] has joined #openvpn
20:04 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has quit [Quit: ZNC - http://znc.in]
20:56 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
21:05 -!- cmanns [4b8c9e1c@gateway/web/freenode/ip.75.140.158.28] has quit [Quit: Page closed]
22:04 -!- sillysausage [~sillysaus@37.48.80.94] has joined #openvpn
22:05 < sillysausage> is there a way to pull the ${IPLOCAL} ${IPREMOTE} values from the tun0 interface in ip-up
22:05 < sillysausage> basically i want to use the PPP hooks, for my routing script but i do not want to statically state the addresses
22:06 < sillysausage> if i use those values it pulls the values from my ppp0 interface
22:06 < sillysausage> for example
22:06 < sillysausage> #fill the routing tables
22:06 < sillysausage> ip route add 0/0 via 172.16.32.1 dev tun0 table VPN
22:06 < sillysausage> ip rule add from 172.16.39.64 lookup VPN pref 110
22:07 -!- kcaj [kcaj@unaffiliated/kcaj] has quit [Ping timeout: 252 seconds]
22:07 < sillysausage> basically, I have a raspberry pi, and I've set it up so 192.168.1.0/24 is directly routed out through ppp0
22:08 < sillysausage> and 192.168.2.0/24 is routed out through tun0
22:08 < sillysausage> this way systems on the network do not need openvpn, they just have to be in the correct VLAN
22:08 < sillysausage> (or subnet)
22:08 < sillysausage> for testing purpose
22:08 < sillysausage> http://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#VPN_Tunnel_on_specific_subnet
22:08 <@vpnHelper> Title: Linux Router with VPN on a Raspberry Pi - Alpine Linux (at wiki.alpinelinux.org)
22:09 < sillysausage> that's how i had set it up, (i wrote that article)
22:09 < sillysausage> the thing I discovered though is, and someone said to me that using interface names like export VPN_VIRT_IF=eth0:2 would not be respected
22:09 < sillysausage> so it was better to fwmark and route fwmarked packets
22:09 < sillysausage> as well as use separate chains, eg https://dpaste.de/ANi2
22:10 < sillysausage> which is much cleaner
22:10 < sillysausage> the routing rules I created: https://dpaste.de/MoZJ
22:10 < sillysausage> under "What I have now"
22:10 < sillysausage> note that my openvpn configuration is set to not pull routes from the server
22:11 < sillysausage> because if i did that, it would change my routing tables to route everything through the VPN, which would be not what I want.
22:11 < sillysausage> i suspect there's something awry with my routing https://dpaste.de/9xYr
22:12 < sillysausage> "Old setup, currently works" is what is in that wiki article
22:12 < sillysausage> where as just above it, you can see 13-16 the tables are empty :(
22:14 -!- kcaj [kcaj@unaffiliated/kcaj] has joined #openvpn
22:15 < sillysausage> oh actually, it could be that I didn't change
22:15 < sillysausage> /sbin/ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table vpn $ROUTE; done
22:33 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 252 seconds]
22:34 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
22:44 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:50 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
22:53 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
23:15 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has joined #openvpn
23:26 < boneskull> I apologize for asking my question again; I may have been offline earlier if there was a reply.  I have two problems. 1. Error while connecting to VPN (though it doesn't seem severe), and 2. I have to manually tell the VPN to route internet traffic (not LAN) thru the VPN after it connects.  All the info I know how to provide is here:  https://gist.github.com/boneskull/d92a0da033a1c0fad78e  also, I do not have control over the
23:26 < boneskull>  server. thanks!
23:26 <@vpnHelper> Title: openvpn errors · GitHub (at gist.github.com)
23:28 -!- ShadniX [dagger@p57941AD1.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:28 -!- wowaname [h@love.wowana.me] has joined #openvpn
23:29 -!- ShadniX_ [dagger@p57941344.dip0.t-ipconnect.de] has joined #openvpn
23:29 -!- ShadniX_ is now known as ShadniX
23:46 -!- AMERICAN_PSYCHO [~AMERICAN_@149.sub-70-196-11.myvzw.com] has joined #openvpn
--- Day changed Mon Jul 27 2015
00:05 -!- Peppi [~Peppi@S010600089be80c8d.ed.shawcable.net] has joined #openvpn
00:05 < Peppi> hello
00:25 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:41 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
00:41 -!- AMERICAN_PSYCHO [~AMERICAN_@149.sub-70-196-11.myvzw.com] has quit [Read error: Connection reset by peer]
00:42 -!- AMERICAN_PSYCHO [~AMERICAN_@149.sub-70-196-11.myvzw.com] has joined #openvpn
00:50 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
00:57 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:17 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
01:28 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
01:31 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 246 seconds]
01:40 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 252 seconds]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
01:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:54 -!- toli [~toli@ip-62-235-216-109.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:57 -!- toli [~toli@ip-62-235-221-97.dsl.scarlet.be] has joined #openvpn
01:59 -!- wowaname [h@love.wowana.me] has joined #openvpn
02:05 -!- soLucien [~Lu@178.62.252.248] has quit [Quit: Leaving]
02:45 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection reset by peer]
02:51 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:55 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
03:06 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:26 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
03:37 -!- evident_away [~florian@h2392507.stratoserver.net] has quit [Remote host closed the connection]
03:44 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:10 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
04:11 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
04:11 -!- mode/#openvpn [+v s7r] by ChanServ
04:19 -!- sillysausage [~sillysaus@37.48.80.94] has quit [Ping timeout: 240 seconds]
04:20 -!- sillysausage [~sillysaus@37.48.80.94] has joined #openvpn
04:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
04:36 -!- Farshid|Away is now known as Farshid
04:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:37 -!- mode/#openvpn [+o mattock1] by ChanServ
04:57 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:19 -!- dan_j_ [sid21651@gateway/web/irccloud.com/x-sbkeyhexfoipntvf] has joined #openvpn
05:21 -!- lxusrbin_ [~lxusrbin@coffee.atw0rk.net] has joined #openvpn
05:21 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Disconnected by services]
05:21 -!- lxusrbin_ is now known as lxusrbin
05:21 -!- dan_j [sid21651@gateway/web/irccloud.com/x-newxbhdybhdcwyir] has quit [Ping timeout: 240 seconds]
05:21 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds]
05:21 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
05:22 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
05:22 -!- dan_j_ is now known as dan_j
05:22 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
05:23 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
05:56 -!- Farshid is now known as Farshid|Away
05:57 -!- adraenwan_ [~quassel@vanguard.tfnux.org] has quit [Ping timeout: 246 seconds]
06:04 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
06:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
06:41 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
06:41 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 265 seconds]
06:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
06:48 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:56 -!- sillysau1 [~sillysaus@ppp14-2-110-9.lns21.adl6.internode.on.net] has joined #openvpn
06:58 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 246 seconds]
06:58 -!- Farshid|Away is now known as Farshid
06:59 -!- sillysausage [~sillysaus@37.48.80.94] has quit [Ping timeout: 246 seconds]
07:05 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:07 -!- sillysau1 [~sillysaus@ppp14-2-110-9.lns21.adl6.internode.on.net] has quit [Ping timeout: 240 seconds]
07:11 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:18 <@ecrist> boneskull: you shouldn't be setting the default route like that
07:18 <@ecrist> !def1
07:18 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
07:45 -!- _Cyclone_ [~Cyclone@66.129.241.10] has joined #openvpn
07:53 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
07:57 -!- BloqueNegro [~nothing@195.243.47.70] has joined #openvpn
08:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
08:14 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
08:16 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
08:20 -!- Farshid is now known as Farshid|Away
08:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
08:25 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Max SendQ exceeded]
08:25 -!- BloqueNegro [~nothing@195.243.47.70] has quit [Read error: Connection reset by peer]
08:28 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
08:30 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:48 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
08:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
09:00 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:12 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
09:13 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
09:16 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 256 seconds]
09:18 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
09:19 < Gwoplock> how do i create the .opvn file for the openvpn app on iphone?
09:20 -!- wsky [~sexyboy@unaffiliated/sexyboy] has joined #openvpn
09:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
09:20 < wsky> so anyways, i've downgraded openvpn on my windows cient and it reconnects now
09:20 < wsky> it seems that 2.3 has a new functionality that i was not aware of
09:21 < wsky> so i reverted to 2.2 b/c having 2.3 has no point since the server runs 2.2 anyways
09:31 < Gwoplock> how do i create the .opvn file for the openvpn app on iphone?
09:35 < DArqueBishop> Gwoplock, an .ovpn file is just a standard .conf file. The .ovpn extension is so that OSes like Windows and iOS will recognize it as an OpenVPN configuration file.
09:35 < Gwoplock> ok. what do i do with the .crt / .key files?
09:35 < DArqueBishop> Personally, I uploaded them to the phone using iTunes.
09:35 < Gwoplock> ok. thanks.
09:38 -!- FrozenPigs [~FrozenPig@unaffiliated/frozenpigs] has joined #openvpn
09:39 < FrozenPigs> !welcome
09:39 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
09:39 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:39 -!- wsky [~sexyboy@unaffiliated/sexyboy] has left #openvpn []
09:42 < FrozenPigs> !howto
09:42 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
09:42 < FrozenPigs> !route
09:42 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
09:43 <@vpnHelper> client
09:49 < FrozenPigs> i am trying to connect to the internet through this vpn, it will start and i can ping the ip thats on a new interface but thats about it do i need to do some magic with ip tables or something? im in linux
09:49 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:53 < DArqueBishop> !logs
09:53 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
09:53 -!- Kobaz [~kobaz@its.kobaz.net] has joined #openvpn
09:53 < DArqueBishop> !configs
09:53 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:07 -!- Farshid|Away is now known as Farshid
10:09 -!- FrozenPigs [~FrozenPig@unaffiliated/frozenpigs] has quit [Ping timeout: 272 seconds]
10:12 -!- AMERICAN_PSYCHO [~AMERICAN_@149.sub-70-196-11.myvzw.com] has quit [Ping timeout: 255 seconds]
10:12 -!- FrozenPigs [~FrozenPig@unaffiliated/frozenpigs] has joined #openvpn
10:17 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
10:20 < FrozenPigs> well looks to me like this vpn isnt going to work for me anytime today
10:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:29 -!- early` [~early@2607:5300:100:200::160d] has quit [K-Lined]
10:32 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
10:33 -!- krzee [9467582b@openvpn/community/support/krzee] has joined #openvpn
10:33 -!- mode/#openvpn [+o krzee] by ChanServ
10:34 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
10:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:35 -!- mode/#openvpn [+o mattock1] by ChanServ
10:35 <@krzee> weird i wonder where my screen went
10:36 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
10:36 <@plaisthos> I stole it!
10:36 <@krzee> ahh that explains it
10:37 <@krzee> well ill be back soon, got my new alienware laptop now i just need to get wifi working in linux
10:37 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Ping timeout: 246 seconds]
10:37 <@krzee> after that happens i can start rebuilding my setup
10:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
10:37 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
10:38 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:38 -!- mode/#openvpn [+o mattock1] by ChanServ
10:38 <@krzee> how you been?
10:39 -!- Farshid is now known as Farshid|Away
10:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:49 -!- HardWall [~HardWall@188.24.49.122] has joined #openvpn
10:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:59 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
11:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
11:09 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 265 seconds]
11:27 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 255 seconds]
11:30 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:30 -!- mode/#openvpn [+o mattock1] by ChanServ
11:31 -!- alec-b [~alec@113.44.54.77.rev.vodafone.pt] has quit [Ping timeout: 250 seconds]
11:33 -!- alec-b [~alec@211.52.54.77.rev.vodafone.pt] has joined #openvpn
11:34 -!- krzee [9467582b@openvpn/community/support/krzee] has quit [Quit: Page closed]
11:35 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
11:41 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:52 -!- Farshid|Away is now known as Farshid
11:52 -!- wowaname [h@love.wowana.me] has quit [Quit: <3]
11:57 -!- Farshid is now known as Farshid|Away
12:00 -!- wowaname [h@love.wowana.me] has joined #openvpn
12:18 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
12:38 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:39 -!- FrozenPigs [~FrozenPig@unaffiliated/frozenpigs] has quit [Quit: whoops]
12:40 -!- HardWall [~HardWall@188.24.49.122] has quit [Ping timeout: 244 seconds]
12:44 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
12:46 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
12:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
12:49 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:49 -!- mode/#openvpn [+o mattock1] by ChanServ
12:52 < boneskull> ecrist: thanks.  I have read that man page, but I'm unclear how to modify my conf file to use --redirect-gateway
12:55 -!- Farshid|Away is now known as Farshid
12:59 -!- HardWall [~HardWall@188.24.49.122] has joined #openvpn
13:19 -!- HardWall [~HardWall@188.24.49.122] has quit [Ping timeout: 244 seconds]
13:19 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Quit: jthunder]
13:22 -!- Brownout [~brownout@unaffiliated/brownout] has quit [Read error: Connection reset by peer]
13:23 -!- Brownout [~brownout@unaffiliated/brownout] has joined #openvpn
13:32 -!- HardWall [~HardWall@188.24.49.122] has joined #openvpn
13:50 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
13:50 -!- mode/#openvpn [+v s7r] by ChanServ
14:00 -!- svriommu [~svriommu@bzq-109-67-193-182.red.bezeqint.net] has joined #openvpn
14:00 < svriommu> is it possible to generate a server-based DSA key instead of an RSA one ? i didn't see it in the documentation and wondered about it
14:03 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 255 seconds]
14:03 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
14:08 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
14:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:15 < svriommu> !welcome
14:15 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:15 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:16 < svriommu> !howto
14:16 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
14:17 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 252 seconds]
14:33 -!- Farshid is now known as Farshid|Away
14:41 -!- Farshid|Away is now known as Farshid
15:12 < svriommu> !paste
15:12 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
15:13 < svriommu> !configs
15:13 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:15 < svriommu> !interface
15:15 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For Linux:
15:15 <@vpnHelper> iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
15:15 < svriommu> hm
15:27 -!- jthunder [~jthunder@174.90.222.196] has joined #openvpn
15:27 < svriommu> i'm having some difficulties getting internet connection once I eastibled a full openvpn connection, I manage to connect to my ovpn server, but for some reason I can't connect to any host outside (google.com/etc) nor DNS or direct IP, (however I can resolve them), here's my config: (debian)  https://gist.github.com/anonymous/17c4a35812c063ce2a3a and here's the openvpn server log: https://gist.github.com/anonymous/98d5a3f2345190ce9cf
15:27 <@vpnHelper> Title: gist:17c4a35812c063ce2a3a · GitHub (at gist.github.com)
15:28 < svriommu> established*
15:32 < svriommu> weird or not, but now DNS works
15:33 < svriommu> oh, that's just me being silly. :/ can anyone hint about this?
15:35 -!- jthunder [~jthunder@174.90.222.196] has quit [Ping timeout: 255 seconds]
15:36 -!- jthunder [~jthunder@184.151.222.167] has joined #openvpn
15:56 -!- fugyk [~fugyk@ec2-52-74-78-173.ap-southeast-1.compute.amazonaws.com] has quit [Quit: ZNC - http://znc.in]
15:57 -!- fugyk [~fugyk@ec2-52-74-78-173.ap-southeast-1.compute.amazonaws.com] has joined #openvpn
16:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
16:16 -!- wowaname is now known as kush
16:18 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
16:19 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
16:20 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
16:25 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has joined #openvpn
16:26 -!- Tenhi [~tenhi@178.18.241.180] has quit [Ping timeout: 264 seconds]
16:27 -!- jthunder [~jthunder@184.151.222.167] has quit [Quit: jthunder]
16:32 -!- Tenhi [~tenhi@178.18.241.180] has joined #openvpn
17:02 < moviuro__> svriommu: push "remote-gateway-ip some-real-ip-address-here-which-i-removed"
17:02 < moviuro__> this doesn't make sense to me if you plan on using more than one client at more than one place
17:02 < moviuro__> put it in your client config dir
17:03 < moviuro__> read the man to learn about it
17:03 < svriommu> moviuro__, what do you mean ? i only need it for p2p now
17:03 < moviuro__> svriommu: print routes on the client
17:03 < svriommu> i plan to make the vpn 3 clients in the future, and one server
17:03 < moviuro__> svriommu: your two machines are absolutely fixed and won't ever move in their entire life ?
17:03 < svriommu> moviuro__, the server won't move
17:03 < moviuro__> the clients will
17:04 < svriommu> the client, sure - too many times.
17:04 < moviuro__> don't push things you don't control
17:04 < svriommu> ok
17:04 < svriommu> i'll remove it
17:04 < moviuro__> I don't even push that
17:04 < moviuro__> it doesn't even exist in the man
17:05 < moviuro__> svriommu: $ ip ro # one the client
17:05 < moviuro__> you should see things like
17:05 < moviuro__> SERVER.IP via default.gw
17:06 < moviuro__> 0/1 via SERVER.IP
17:06 < moviuro__> 128/1 via SERVER.IP
17:06 < moviuro__> gotta go to sleep though
17:06 < moviuro__> I wish you luck, svriommu
17:07 < svriommu> moviuro__, let me see, second
17:07 < moviuro__> no svriommu, check the routes on both ends, make sure they make sense
17:07 < moviuro__> sniff packets on the server on the tun interface and see if things happen there
17:08 < moviuro__> tcpdump -tttnei tun0
17:08 < svriommu> moviuro__, i can see my ping requests, i can reach both internal (10.8. .. and external 1.. ips) but not outside
17:09 -!- HardWall [~HardWall@188.24.49.122] has quit [Read error: Connection reset by peer]
17:10 < svriommu> outside = the internet, outside my vpn server
17:15 < svriommu> i think i'm missing some route
17:20 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 246 seconds]
17:23 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
17:26 -!- fling [~fling@fsf/member/fling] has joined #openvpn
17:26 < svriommu> ok, so these are my routes on my client - tinyurl.com/nnehq3 , and these are the ones in my server -
17:26 < svriommu> https://gist.github.com/anonymous/4e554285b6cbb8b95f50
17:26 <@vpnHelper> Title: gist:4e554285b6cbb8b95f50 · GitHub (at gist.github.com)
17:27 < svriommu> oh, ops
17:28 < svriommu> *these* are the client routes :) https://gist.github.com/anonymous/2a350b41e09d33de5edf
17:28 <@vpnHelper> Title: gist:2a350b41e09d33de5edf · GitHub (at gist.github.com)
17:49 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
17:54 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 244 seconds]
17:58 -!- fling [~fling@fsf/member/fling] has joined #openvpn
18:36 -!- _Cyclone_ [~Cyclone@66.129.241.10] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:38 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Quit: leaving]
18:42 -!- svriommu [~svriommu@bzq-109-67-193-182.red.bezeqint.net] has quit [Ping timeout: 255 seconds]
18:44 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
18:46 < trumee> My openvpn server is on 10.8.0.0/24 with remote sip client.  I am running a PBX (freeswitch) behind the vpn server. Should my vpn address be defined as local network for the PBX and not natted or should it be natted?
18:48 -!- ponyofdeath [~vladi@cpe-76-172-86-115.socal.res.rr.com] has joined #openvpn
18:50 < ponyofdeath> hi, so if i have two servers and i am tring to expose each of their back end networks to each other, I am trying with two server configs and two clients configs pushing eachother's routes to each client. for some reason or another I am able to ping the network on the other side only from the hosts tho not from other hosts on the same networks. any ideas what I could be missing
18:50 -!- jokker [~the@blacklung.jokker.org] has joined #openvpn
18:51 < jokker> I have had OpenVPN running as a daemon for quite some time. After a system lockup OpenVPN will not run with the --daemon switch, but will run fine without it. Any Ideas?
18:57 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
18:59 < trumee> ponyofdeath, you need to setup a static route on the router
19:00 < ponyofdeath> trumee: i have on each router i have set it up to go to the openvpn box
19:00 < ponyofdeath> respectively
19:03 -!- u0m3_ [~u0m3@92.80.102.166] has joined #openvpn
19:09 < ponyofdeath> trumee: i see it going to the vpn server on the network i am initiating the ping on but do not see it on the other endpoing of the vpn client
19:09 < ponyofdeath> so its not making it accross
19:13 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
19:13 < trumee> ponyofdeath, is there forwarding enable on the vpn server?
19:13 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
19:14 < trumee> ponyofdeath, net.ipv4.ip_forward
19:15 < ponyofdeath> yeah sure is
19:15 < ponyofdeath> net.ipv4.ip_forward = 1
19:27 < ponyofdeath> trumee: do i need a iroute
19:27 < ponyofdeath> on each client ccd
19:27 < trumee> ponyofdeath, yes
19:28 < ponyofdeath> ahh ok let me try that
19:28 < ponyofdeath> is that allow access from those subnets to the vpn tunnel
19:34 < ponyofdeath> trumee: ok now i see the ping request coming to the vpn server but not out its eth0 interface to the actual backend server
19:37 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b876:305b:3c5e:f25a] has quit [Ping timeout: 244 seconds]
19:37 < ponyofdeath> trumee: do i need a client per each side or just one client and use iroute to expose the routes from the other side that way
19:39 < trumee> ponyofdeath, you need 1 vpn server and 1 remote client. On the vpn server you need to set iroute. On the vpn server router and remote client route you need to set static routes.
19:40 < ponyofdeath> https://bpaste.net/show/c9b3bc9dc834
19:40 < ponyofdeath> is what i have in my client ccd file
19:42 < ponyofdeath> trumee: do i also need to add route statements there so the server gets the backend network routes?
19:43 < ponyofdeath> ie add https://bpaste.net/show/0ad9cddc0cf3
19:52 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
19:53 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit [Read error: Connection reset by peer]
19:53 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
19:54 -!- kush [h@love.wowana.me] has quit [Ping timeout: 252 seconds]
19:56 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 240 seconds]
20:02 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
20:07 -!- kush [h@love.wowana.me] has joined #openvpn
20:25 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 255 seconds]
20:28 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
20:50 -!- CaTtleyA [~CaTtleyA@put92-2-82-66-41-53.fbx.proxad.net] has quit [Ping timeout: 272 seconds]
20:52 -!- Peppi [~Peppi@S010600089be80c8d.ed.shawcable.net] has quit [Read error: Connection reset by peer]
20:53 -!- kush is now known as wowaname
20:58 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 265 seconds]
20:59 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
20:59 -!- mode/#openvpn [+v s7r] by ChanServ
21:37 -!- u0m3 [~u0m3@92.80.102.166] has quit [Remote host closed the connection]
21:42 -!- u0m3 [~u0m3@92.80.102.166] has joined #openvpn
22:10 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
22:50 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
23:26 -!- ShadniX [dagger@p57941344.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:27 -!- ShadniX [dagger@p5DDFC827.dip0.t-ipconnect.de] has joined #openvpn
23:51 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Ping timeout: 265 seconds]
23:52 -!- Gwoplock [~quassel@104.56.172.189] has quit [Remote host closed the connection]
--- Day changed Tue Jul 28 2015
00:00 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
00:05 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
00:37 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
00:38 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:38 -!- ketas [~ketas@226-209-191-90.dyn.estpak.ee] has quit [Ping timeout: 256 seconds]
01:07 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
01:22 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 246 seconds]
01:31 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:33 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
01:35 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
01:51 -!- al_nz1 [~al@118-93-210-193.dsl.dyn.ihug.co.nz] has joined #openvpn
01:52 < al_nz1> Evening all
01:55 < al_nz1> I have a question about accessing computers behind the server, from a VPN client. The setup is a VPN server, behind a modem/router. I have entered a route in the modem/router so that return traffic destined for the VPN client has a return path - this works - but is there a way to do it without a return path in modem/router - like a Iptables NAT rule?
02:45 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 246 seconds]
03:00 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
03:02 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has joined #openvpn
03:16 -!- Denial [~Denial@81.141.23.56] has quit []
03:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:16 -!- mode/#openvpn [+o mattock1] by ChanServ
03:21 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
03:34 -!- al_nz1 [~al@118-93-210-193.dsl.dyn.ihug.co.nz] has quit [Quit: Konversation terminated!]
03:35 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:57 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
03:58 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:58 -!- ade_b [~Ade@redhat/adeb] has quit [Read error: Connection reset by peer]
04:14 -!- soLucien [~Lu@130.225.165.39] has quit [Quit: Leaving]
04:41 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:05 -!- Denial [~Denial@81.141.23.56] has joined #openvpn
05:06 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
05:07 -!- FemaleAnon [~FemaleAno@vm460.sakuraserver.co] has joined #openvpn
05:08 < FemaleAnon> ok... i run multiple instances of openvpn chained together on the same system
05:10 < FemaleAnon> (debian linux) the problem that I get is that when I open up a new layer in my chain, I can no longer make connections on the lower layers. the existing connections are fine, because I account for them in my routing table, but how can I allow applications to make requests on *any* of the tun adapters I have? i think redirect-gateway def1 might be the problem
05:20 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
05:22 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
05:28 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
05:28 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 244 seconds]
05:28 < FemaleAnon> ***also, second issue***
05:29 < FemaleAnon> i am trying to ./configure openvpn2.3.7 (latest) and it is telling me that I don't have SSL instealled. but I do. I have openssl 1.0.2d
05:31 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
05:39 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 244 seconds]
05:43 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
05:50 -!- bruxC [~bruxC@c-73-159-146-116.hsd1.nh.comcast.net] has joined #openvpn
05:51 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 256 seconds]
05:54 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
05:59 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 272 seconds]
06:00 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 255 seconds]
06:06 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
06:12 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
06:14 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 252 seconds]
06:17 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
06:20 -!- bruxC [~bruxC@c-73-159-146-116.hsd1.nh.comcast.net] has quit [Ping timeout: 244 seconds]
06:21 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:21 -!- ade_b [~Ade@redhat/adeb] has quit [Client Quit]
06:25 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 246 seconds]
06:27 -!- FemaleAnon [~FemaleAno@vm460.sakuraserver.co] has quit [Ping timeout: 246 seconds]
06:29 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
06:31 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 246 seconds]
06:34 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 240 seconds]
06:35 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:40 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
06:48 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
06:48 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 244 seconds]
06:51 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
06:59 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 244 seconds]
07:02 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
07:07 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
07:08 -!- bruxC [~bruxC@66.63.84.178] has quit [Read error: Connection reset by peer]
07:08 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
07:10 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 240 seconds]
07:13 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
07:22 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 272 seconds]
07:22 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
07:24 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
07:28 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 240 seconds]
07:29 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 252 seconds]
07:35 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
07:43 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 260 seconds]
07:43 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
07:44 -!- _Cyclone_ [~Cyclone@66.129.241.10] has joined #openvpn
07:45 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
07:54 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 265 seconds]
07:56 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
07:56 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
07:59  * Bl4ckD34Th hello
08:03 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 246 seconds]
08:04 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 252 seconds]
08:04 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Read error: Connection reset by peer]
08:05 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
08:07 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
08:10 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
08:15 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 246 seconds]
08:19 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
08:23 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Ping timeout: 255 seconds]
08:23 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 252 seconds]
08:28 -!- FemaleAnon [~FemaleAno@142.4.197.159] has joined #openvpn
08:28 -!- Denial [~Denial@81.141.23.56] has quit []
08:31 -!- Denial [~Denial@81.141.23.56] has joined #openvpn
08:40 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:45 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:47 -!- Denial [~Denial@81.141.23.56] has quit [Ping timeout: 244 seconds]
08:49 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
09:00 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 272 seconds]
09:06 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
09:11 -!- Brownout [~brownout@unaffiliated/brownout] has left #openvpn []
09:11 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
09:14 -!- svriommu [~svriommu@bzq-109-67-193-182.red.bezeqint.net] has joined #openvpn
09:17 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 260 seconds]
09:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
09:19 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
09:21 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:26 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
09:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
09:31 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:42 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Remote host closed the connection]
09:45 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
09:48 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
10:08 -!- Gwoplock [~quassel@2602:306:838a:cbd0::3d] has joined #openvpn
10:13 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has quit [Quit: Lost terminal]
10:15 -!- santi1970 [~santiago@186.4.162.206] has joined #openvpn
10:16 < santi1970> !welcome
10:16 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
10:16 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:16 < santi1970> !route
10:16 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
10:16 <@vpnHelper> client
10:18 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 265 seconds]
10:20 -!- u0m3_ [~u0m3@92.80.102.166] has quit [Ping timeout: 244 seconds]
10:27 -!- santi1970 [~santiago@186.4.162.206] has quit [Quit: Leaving]
10:28 -!- pav5088 [~markp@ppp118-208-144-29.lns20.bne7.internode.on.net] has quit [Ping timeout: 272 seconds]
10:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
10:42 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
10:44 -!- svriommu [~svriommu@bzq-109-67-193-182.red.bezeqint.net] has quit [Ping timeout: 265 seconds]
10:48 -!- FemaleAnon [~FemaleAno@142.4.197.159] has left #openvpn ["Leaving"]
10:51 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
10:57 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
11:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:14 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 265 seconds]
11:18 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:24 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:26 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 246 seconds]
11:35 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
11:43 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
12:04 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has quit []
12:05 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
12:07 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
12:09 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
12:20 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
12:22 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
12:22 -!- mode/#openvpn [+v s7r] by ChanServ
12:24 -!- Netsplit *.net <-> *.split quits: tapout
12:27 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
12:29 -!- Netsplit over, joins: tapout
12:31 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 260 seconds]
12:39 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
12:47 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Ping timeout: 265 seconds]
12:54 -!- AMERICAN_PSYCHO [~AMERICAN_@149.sub-70-196-11.myvzw.com] has joined #openvpn
13:06 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has joined #openvpn
13:09 -!- jacekowski [jacekowski@jacekowski.org] has joined #openvpn
13:09 < jacekowski> hi people
13:11 -!- alec-b [~alec@211.52.54.77.rev.vodafone.pt] has quit [Ping timeout: 272 seconds]
13:12 -!- azizLIGHT [~azizLIGHT@unaffiliated/azizlight] has quit [Quit: leaving]
13:27 -!- alec-b [~alec@211.52.54.77.rev.vodafone.pt] has joined #openvpn
13:56 -!- toli [~toli@ip-62-235-221-97.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:57 -!- toli [~toli@ip-81-11-248-233.dsl.scarlet.be] has joined #openvpn
13:58 -!- Owner [~Owner@unaffiliated/owner] has joined #openvpn
14:05 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:14 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 260 seconds]
14:17 -!- _Cyclone_ [~Cyclone@66.129.241.10] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:27 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:30 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
14:53 -!- Owner_ [~Owner@unaffiliated/owner] has joined #openvpn
14:57 -!- Owner [~Owner@unaffiliated/owner] has quit [Ping timeout: 255 seconds]
14:59 < dan_j> Hi. It appears that there is something wrong with TLS Handshake within the pfsense version of OpenVPN. Is TLS highly recommended, or is it a must?
15:12 -!- zoredache_ [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
15:14 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
15:15 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
15:20 < moviuro__> dan_j: no, it's not recommended
15:20 < moviuro__> dan_j: I'd wager that it isn't because TCP over TCP is bad
15:21 < dan_j> Ive found the line on the config that it doesnt like, and it appears to be a bug related to pfsense rather than openvpn.
15:21 < dan_j> removing this line causes things to work
15:21 < dan_j> tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'vpnserver1.keshercommunications.com' 2 "
15:21 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
15:21 < dan_j> any ideas why that would help and if it's safe to use?
15:21 < dan_j> *remove
15:22 < moviuro__> oh damn, I must be pretty much exhausted, I read TCP instead of TLS ><" sorry dan_j
15:22 < dan_j> np
15:24 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
15:24 -!- toothe [~awiggin@unaffiliated/toothe] has quit [Ping timeout: 264 seconds]
15:24 < moviuro__> dan_j: read the man
15:24 < moviuro__>  /tls-verify
15:31 -!- krzee [ba95f387@openvpn/community/support/krzee] has joined #openvpn
15:31 -!- mode/#openvpn [+o krzee] by ChanServ
15:37 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
15:50 -!- EmperorTom [~EmperorTo@oreo.blissfulidiot.com] has joined #openvpn
15:59 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:32 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:32 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Remote host closed the connection]
16:35 -!- AMERICAN_PSYCHO [~AMERICAN_@149.sub-70-196-11.myvzw.com] has quit [Ping timeout: 255 seconds]
16:36 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
17:41 -!- u0m3_ [~u0m3@92.80.102.166] has joined #openvpn
17:43 -!- s7eele [~AndChat52@108.59.12.84] has joined #openvpn
17:57 -!- Owner_ [~Owner@unaffiliated/owner] has quit [Ping timeout: 255 seconds]
18:02 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Quit: leaving]
18:34 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:35 -!- szronik [szronik@109.76.53.23] has joined #openvpn
18:36 < szronik> I almost have OpenVPN working. I can connect to the server but I am unable to ping any of the clients on the LAN. I've been unable to complete one last step "Add a route to the server side gateway gateway1 so that all VPN traffic is sent back to the VPN server." They're asking me to set up a route on the gateway - I can't. What should I do?
18:37 <@krzee> so its:
18:38 <@krzee> !serverlan
18:38 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
18:38 <@krzee> ??
18:38 <@krzee> or is the lan behind the client
18:39 <@krzee> !route_outside_ovpn
18:39 <@vpnHelper> "route_outside_ovpn" is "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
18:39 < szronik> <client/192.168.200.4> -> router -> [LAN <server/192.168.200.1 tun0 /192.168.1.2 eth0> ... ]
18:40 < szronik> and when I connect, it won't let me ping any of the clients on the LAN
18:40 <@krzee> ahh ok, so ya its the link i gave above
18:41 < szronik> so it looks like it won't be possible
18:41 < szronik> I can't add routes to the gateway
18:41 <@krzee> the graphs explain it, and my section "routes to add outside openvpn" explains it here:
18:41 <@krzee> !route
18:41 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
18:41 <@krzee> szronik: why cant you add routes to the gateway?
18:41 < szronik> there are no configuration options for the route on my gateway
18:41 <@krzee> you dont have permission to share the lan over the vpn?
18:43 < szronik> krzee: It's a Huawei Vodafone-branded router with a lot of options disabled.
18:43 < szronik> I'd have to figure out how to hack it to open up some of the other options
18:44 < szronik> So is that the problem then?
18:44 < szronik> krzee you there?
18:48 <@krzee> !route
18:48 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
18:48 <@krzee> the info is there, including the workaround for your issue
18:48 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
18:49 < szronik> okay, moving on to read it
18:52 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:02 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
19:09 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 244 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:24 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:45 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
19:51 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:59 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
20:00 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
20:03 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has joined #openvpn
20:34 -!- wowaname [h@love.wowana.me] has quit [Changing host]
20:34 -!- wowaname [h@unaffiliated/wowaname/bot/bubblebass] has joined #openvpn
20:37 -!- wowaname [h@unaffiliated/wowaname/bot/bubblebass] has quit [Quit: <3]
20:39 -!- wowaname [h@love.wowana.me] has joined #openvpn
20:40 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
20:42 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
20:43 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
21:15 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
21:35 -!- s7eele [~AndChat52@108.59.12.84] has quit [Remote host closed the connection]
21:45 -!- s7eele [~AndChat52@108.59.12.84] has joined #openvpn
21:50 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 246 seconds]
21:50 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
21:50 -!- mode/#openvpn [+o syzzer] by ChanServ
21:56 -!- szronik [szronik@109.76.53.23] has quit [Ping timeout: 272 seconds]
22:09 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 244 seconds]
22:12 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
22:25 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
22:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
22:37 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 252 seconds]
22:42 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:46 -!- gammaray67 [~debian@178.62.63.42] has left #openvpn []
22:59 -!- Gman32 [~Gman32@76.72.167.208] has quit [Quit: Headin out...]
23:02 -!- wowaname [h@love.wowana.me] has joined #openvpn
23:13 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
23:21 -!- SineDeviance [~quassel@2602:306:3908:8eb0:1c07:3004:f2c:c076] has quit [Ping timeout: 244 seconds]
23:24 -!- s7eele [~AndChat52@108.59.12.84] has quit [Remote host closed the connection]
23:27 -!- ShadniX [dagger@p5DDFC827.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:28 -!- ShadniX [dagger@p57941374.dip0.t-ipconnect.de] has joined #openvpn
23:31 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 256 seconds]
23:40 -!- SineDeviance [~quassel@2602:306:3908:8eb0:1c16:f809:6c5c:763f] has joined #openvpn
23:44 -!- s7eele [~AndChat52@108.59.12.84] has joined #openvpn
23:53 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 252 seconds]
23:57 -!- wowaname [h@love.wowana.me] has joined #openvpn
23:57 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Wed Jul 29 2015
01:13 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
01:53 < suexec> I used the debian howto when I set up my VPN server. When I connect, my server gives my client ip 10.9.8.6 and P-t-P 10.9.8.5, but my server is 10.9.8.1 ? What have I configured wrong ?
02:15 < suexec> I can ping 10.9.8.1, but I cannot ping 10.9.8.5.
02:15 < suexec> And default route gets set to 10.9.8.5.
02:20 < suexec> nvm - I fixed it. Set topology to subnet and voila
02:28 -!- hrnshn [~hrnshn@2a02:8108:1a80:2c0:f4b8:2e33:2380:9a11] has joined #openvpn
02:29 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
02:35 -!- s7eele [~AndChat52@108.59.12.84] has quit [Remote host closed the connection]
02:48 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
02:58 -!- s7eele [~AndChat52@108.59.12.84] has joined #openvpn
03:11 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:21 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
03:50 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:11 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
04:13 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
04:19 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Quit: Headin out...]
04:20 < jacekowski> hi openvpn people
04:21 < jacekowski> i've got a weird thing going on with my very simple openvpn setup, if i have one client connected to it it works fine
04:21 < jacekowski> the moment i get more than one client connected, one of the clients can't stay connected for more than few seconds
04:22 < jacekowski> i've set up a different openvpn instance on another port for it and bridged the two together on the server
04:22 < jacekowski> and that seems to keep it happy
04:41 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
04:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:54 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Ping timeout: 246 seconds]
04:55 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has joined #openvpn
05:00 -!- Netsplit *.net <-> *.split quits: FruitieX, NP-Hardass, NucWin, zamber, jareth_, d10n
05:01 -!- Netsplit over, joins: NucWin, d10n
05:01 -!- Netsplit over, joins: NP-Hardass
05:01 -!- Netsplit over, joins: jareth_
05:05 -!- alec-b [~alec@211.52.54.77.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
05:05 -!- _FBi [B@Aircrack-NG/User] has quit [Ping timeout: 240 seconds]
05:08 -!- zamber [~zamber@78.10.86.90] has joined #openvpn
05:15 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
05:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
05:18 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
06:00 -!- damjan [~damjan@unaffiliated/damjan] has joined #openvpn
06:07 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
06:10 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
07:06 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:11 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 250 seconds]
07:12 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 244 seconds]
07:15 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
07:31 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:39 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:45 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-qzmmilltdecsqiyj] has quit [Quit: Connection closed for inactivity]
07:47 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
07:50 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]
07:52 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:56 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:10 -!- hrnshn [~hrnshn@2a02:8108:1a80:2c0:f4b8:2e33:2380:9a11] has quit [Quit: Leaving]
08:51 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 260 seconds]
08:55 -!- SineDeviance [~quassel@2602:306:3908:8eb0:1c16:f809:6c5c:763f] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
08:56 -!- MrKB [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has joined #openvpn
08:57 < MrKB> !welcome
08:57 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
08:57 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
08:57 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:57 < MrKB> !goal
08:57 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
08:58 < MrKB> !paste
08:58 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
08:58 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
08:58 < MrKB> !logs
08:58 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
08:58 < MrKB> !configs
08:58 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
08:59 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
09:01 < MrKB> What I want to do is be able to play LAN games with a few friends, more specifically StarCraft. I've set up an OpenVPN 2.3.7 server on my Windows 8.1 machine, and I'm using it bridge mode. I've turned off my firewall and opened my 1194 UDP port. I remoted into my friend's computer via TeamViewer and I was successfully able to connect to my server. I can even see the LAN game I'm hosting on her computer.
09:02 < MrKB> For some reason I can't connect to it though, it says "Unable to join game". This has happened before and it's usually a firewall problem, but I've turned both of our firewalls off.
09:02 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
09:02 < MrKB> I believe it might be a conflict of some sort since my OpenVPN server is using 192.168.1.x, but I don't know how to change that in the bridged connection. That's where I'm looking for help.
09:02 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
09:02 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
09:03 < MrKB> In this guide, https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html, it says to change my bridge adapter to an IP of 192.168.8.4 and a subnet mask of 255.255.255.0. It doesn
09:03 <@vpnHelper> Title: Ethernet Bridging (at openvpn.net)
09:03 < MrKB> It doesn't say what to do for gateway though*
09:04 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 250 seconds]
09:04 -!- jacekowski [jacekowski@jacekowski.org] has quit [Ping timeout: 252 seconds]
09:04 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
09:04 -!- Owner [~Owner@unaffiliated/owner] has joined #openvpn
09:04 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 246 seconds]
09:05 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 258 seconds]
09:05 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
09:05 -!- mode/#openvpn [+v s7r] by ChanServ
09:05 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Quit: No Ping reply in 180 seconds.]
09:05 -!- fred`` [fred@earthli.ng] has quit [Quit: +++ATH0]
09:05 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Quit: No Ping reply in 120 seconds.]
09:05 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 256 seconds]
09:05 -!- K1rk [~Kirk@equinox.epecweb.com] has joined #openvpn
09:05 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:06 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
09:06 -!- moviuro__ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Ping timeout: 250 seconds]
09:07 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
09:08 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
09:08 -!- shio [~shio@245.121.101.84.rev.sfr.net] has joined #openvpn
09:10 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
09:10 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
09:16 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
09:18 -!- fred`` [fred@earthli.ng] has joined #openvpn
09:18 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
09:19 -!- MrKB2 [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has joined #openvpn
09:19 -!- MrKB [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has quit [Read error: Connection reset by peer]
09:19 -!- MrKB2 is now known as MrKB
09:20 < MrKB> I tried changing my bridge adapter settings by setting the gateway to be 10.8.0.4, subnet mask to 255.255.255.0 and IP to 10.8.0.50 (so it matches the values in the config) and all that did was cause me to not have any internet.
09:21 < MrKB> I must be doing something wrong.
09:21 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
09:22 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:22 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
09:22 < MrKB> This is the line I'm talking about:
09:22 < MrKB> Wed Jul 29 10:22:06 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet
09:23 < MrKB> That's why I think that might be the issue with StarCraft
09:23 < DArqueBishop> MrKB, which side hosts the server? Yours or your friend's?
09:23 < MrKB> Mine
09:24 < DArqueBishop> This may sound like a stupid/elementary question, but does your local LAN subnet match the bridge settings on your config?
09:24 < MrKB> Also if you need me to paste a config, I'd appreciate a link to instructions on how to remove comments since I don't have grep.
09:24 < MrKB> Are these the bridge settings on my config? server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
09:25 < MrKB> (sorry, I'm new to all this)
09:25 < DArqueBishop> What's your local subnet?
09:25 < MrKB> 192.168.1.x
09:25 < DArqueBishop> That's your problem.
09:25 < MrKB> Yeah that's what I thought
09:25 < DArqueBishop> The bridge has to match the local subnet.
09:26 < MrKB> Gotcha. So do I change that line in the config? The one I pasted above?
09:26 < DArqueBishop> Yes, but I would also change the local subnet as well. For all you know the other person is using 192.168.1.0/24 as well.
09:26 < DArqueBishop> (It's VERY common.)
09:27 < DArqueBishop> !rfc1918
09:27 < MrKB> She is.
09:27 <@vpnHelper> "rfc1918" is "1918" is (#1) RFC1918 makes three unique netblocks available for private use: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 or (#2) see also: http://en.wikipedia.org/wiki/Private_network or http://www.faqs.org/rfcs/rfc1918.html or (#3) Too lazy to find your own subnet? Try this one: http://scarydevilmonastery.net/subnet.cgi
09:27 -!- jacekowski [jacekowski@jacekowski.org] has joined #openvpn
09:27 < DArqueBishop> Yeah, then it's not going to work.
09:27 < DArqueBishop> You need to change your local subnet.
09:28 < MrKB> I think I read somewhere in the config that I can set up OpenVPN to be a DHCP server. Would that solve my problem? I'd really like not to change my subnet. I'm fond of my IPs :3
09:28 < DArqueBishop> No, it'
09:28 < DArqueBishop> It's not going to fix your problem.
09:28 < MrKB> Alright
09:28 < MrKB> I'll change her subnet mask. She doesn't care :P
09:29 < MrKB> -mask
09:29 < MrKB> So is this an issue only in bridge mode?
09:29 < MrKB> I'm guessing route mode hands out IPs?
09:29 < DArqueBishop> The issue is that if your friend's local subnet is the same as yours, then her system won't know to send traffic over the bridge. It'll just figure that all taffic for that subnet needs to go over the local connection.
09:30 <@plaisthos> DArqueBishop: wait
09:30 < MrKB> OK now I'm confused. How is it she can see the game I'm hosting then?
09:30 <@plaisthos> DArqueBishop: for bridged config, both subnet have to use the same IP config
09:30 <@plaisthos> if you bridge the two networks
09:31 <@plaisthos> or is this just tap instead tun remote access?
09:31 < DArqueBishop> plaisthos, I was under the impression his friend was running OpenVPN on her workstation.
09:31 < DArqueBishop> Am I wrong, MrKB?
09:31 < MrKB> She is, yes.
09:31 < MrKB> No, you're correct.
09:32 < MrKB> I installed OpenVPN on her computer and I sent over the keys/certs she needed, along with a client.ovpn file I made.
09:32 < MrKB> And she's able to connect to my server fine, StarCraft can even see any game I'm hosting and vice versa.
09:32 -!- u0m3_ [~u0m3@92.80.102.166] has quit [Ping timeout: 264 seconds]
09:33 < MrKB> The problem is we can't join each other games, we get an error in-game. I've seen the error before and it's usually a firewall thing but both of our firewalls are off.
09:33 < MrKB> So I was thinking it was the subnet conflict thing.
09:33 < DArqueBishop> Well, I've been going off old knowledge (I haven't needed a bridged VPN in a decade or so), so maybe plaisthos has a better idea of what's going on.
09:33 < MrKB> But if I'm understanding correctly, if she can connect to my server and can see my game, doesn't that mean everything on OpenVPN's side is working correctly and the matching subnets are not an issue?
09:38 < MrKB> plaisthos: In my config I have it set to dev tap instead of dev tun and I also have server-bridge instead of server.
09:38 < MrKB> I don't know if that helps.
09:52 -!- Gwoplock [~quassel@2602:306:838a:cbd0::3d] has quit [Ping timeout: 244 seconds]
09:53 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:00 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
10:02 -!- jefferai [sid1300@kde/mitchell] has quit [Remote host closed the connection]
10:04 -!- chrisb [~chrisb@li482-205.members.linode.com] has joined #openvpn
10:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
10:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:20 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
10:45 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
10:49 -!- chrisb [~chrisb@li482-205.members.linode.com] has quit [Ping timeout: 246 seconds]
11:13 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-rdpwbczlrlnabqbc] has quit [Remote host closed the connection]
11:15 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
11:21 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
11:24 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-tzhkvouptwnthzhc] has joined #openvpn
11:56 -!- _Cyclone_ [~Cyclone@66.129.241.12] has joined #openvpn
12:00 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 244 seconds]
12:02 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
12:04 -!- ketas- [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
12:07 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
12:07 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
12:07 -!- mode/#openvpn [+v s7r] by ChanServ
12:25 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:28 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:30 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 244 seconds]
12:36 -!- ketas- [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 244 seconds]
12:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:42 -!- ketas- [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
12:48 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 246 seconds]
12:50 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
13:08 < dan_j> Hi. I'm trying to establish a site-to-site vpn. So far, server1 can ping all machines behind server2. But no machines can ping across the vpn. I've set up the routes and can see the pings from the local machine hitting the local openvpn server, but they dont seem to be passed over the vpn.
13:09 < dan_j> Please could someone check my conf files to ensure nothing is missing?
13:09 < dan_j> http://pastebin.com/Q43rPpfF
13:09 < dan_j> It's greatly appreciated.
13:09 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
13:11 < damjan> forwarding enabled on both?
13:12 < dan_j> I believe so. It's openvpn that's built into pfsense which is already forwarding since it's a router/firewall.
13:12 < dan_j> I've set everything to allow all to ensure pfsense isn't getting in the way.
13:14 < damjan> are server1 and server2 the corresponding default gateways on both LANs ?
13:14 < dan_j> server2 is the gateway on that lan. server1 is not the gateway but routing has been set up on the local machine i'm testing with and on server1 I can see the pings going from the local machine to server1.
13:17 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
13:18 < damjan> you can run tcpdump on the tun interface on server2
13:18 < dan_j> while pinging from the machine behind server1?
13:18 < damjan> yes
13:19 < dan_j> ok, doing it now
13:19 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 272 seconds]
13:20 < dan_j> All I see are pings between the openvpn servers. Are they supposed to be there?
13:20 < dan_j> keepalives?
13:20 < damjan> afaik the keepalives are on the protocol level, you shouldn't see them on the tun
13:21 < damjan> is NAT enabled on the outogind of tun on server1?
13:21 < damjan> outgoing*
13:23 < dan_j> No. It shouldn't need NAT, should it?
13:23 < damjan> it shouldn't
13:23 < dan_j> each network has it's own internal ip range.
13:28 < dan_j> Does openvpn have nat settings itself?
13:28 < damjan> no
13:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:31 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
13:31 < dan_j> Ok. Thanks for your help. I think this is a pfsense issue. I'll try there.
13:36 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 246 seconds]
13:42 -!- chrisb [~chrisb@li482-205.members.linode.com] has joined #openvpn
13:42 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has quit [Quit: pipeworkin' it]
13:46 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
13:46 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
13:49 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
13:51 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
13:56 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
14:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
14:01 -!- wCPO [~kristian@unaffiliated/wcpo] has joined #openvpn
14:02 < wCPO> Do anyone know how to install openvpn server on Windows 2012? I installed it and can connect.. But cant connect to anything else.
14:02 < wCPO> I use tap
14:03 -!- Gwoplock [~quassel@2602:306:838a:cbd0::3d] has joined #openvpn
14:12 -!- wCPO [~kristian@unaffiliated/wcpo] has quit [Ping timeout: 252 seconds]
14:13 -!- samopotamus [~samopotam@2607:5300:60:a0d::1] has joined #openvpn
14:13 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
14:13 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
14:16 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
14:19 -!- Netsplit *.net <-> *.split quits: c|oneman, kossy, samopotamus
14:19 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:25 -!- ketas- is now known as ketas
14:27 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
14:41 < chrisb> what are some considerations for setting --prng <alg> <nsl>  ?
15:00 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 250 seconds]
15:06 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:07 -!- chrisb [~chrisb@li482-205.members.linode.com] has quit [Ping timeout: 240 seconds]
15:09 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
15:18 -!- chrisb [~chrisb@pool-71-175-244-74.phlapa.east.verizon.net] has joined #openvpn
15:33 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
15:34 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
15:36 -!- u0m3 [~u0m3@92.80.102.166] has quit [Ping timeout: 244 seconds]
15:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:37 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
15:43 -!- chrisb [~chrisb@pool-71-175-244-74.phlapa.east.verizon.net] has quit [Ping timeout: 240 seconds]
15:48 -!- u0m3 [~u0m3@92.80.102.166] has joined #openvpn
15:55 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:00 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:20 -!- chrisb [~chrisb@li482-205.members.linode.com] has joined #openvpn
16:40 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
16:40 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
16:44 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
17:00 -!- zheng [~zheng@180.157.0.23] has joined #openvpn
17:00 -!- Owner [~Owner@unaffiliated/owner] has quit [Ping timeout: 256 seconds]
17:40 -!- akamaru217 [~akamaru@2601:cd:4001:b705:bd73:aab5:6945:579a] has joined #openvpn
17:48 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:37 -!- chrisb [~chrisb@li482-205.members.linode.com] has quit [Ping timeout: 264 seconds]
18:40 -!- zheng [~zheng@180.157.0.23] has quit [Remote host closed the connection]
19:07 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Quit: Headin out...]
19:13 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
19:14 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
19:14 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
19:15 -!- _Cyclone_ [~Cyclone@66.129.241.12] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:01 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has quit [Quit: Headin out...]
20:15 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Quit: leaving]
20:26 -!- Algebr [~user@38.99.37.132] has joined #openvpn
20:28 < Algebr> I'm a programmer using openvpn for the first time and having an issue getting my client side to work. In my conf, I'm using auth-user-pass for my username/password and I also have my certificate inlined with <ca>. When I try to get the service to run, In the logs I get SENT CONTROL [...]: 'PUSH_REQUEST' (status=1), then an AUTH_FAILED message. Okay, so does that mean that the certificate is incorrect or the username/password?
20:37 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
20:45 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
20:47 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
20:48 < Algebr> After some searching I see that this error means that the username/password is incorrect
22:11 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:14 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:45 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
22:52 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Quit: Bye]
22:55 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
23:19 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
23:25 -!- ShadniX [dagger@p57941374.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:27 -!- ShadniX [dagger@p57941694.dip0.t-ipconnect.de] has joined #openvpn
23:49 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
23:51 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
--- Day changed Thu Jul 30 2015
00:35 -!- Gman32 [~Gman32@76.72.167.208] has joined #openvpn
01:15 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
01:19 -!- pitastrudl [~quassel@unaffiliated/pitastrudl] has quit [Remote host closed the connection]
01:20 -!- pitastrudl [~quassel@unaffiliated/pitastrudl] has joined #openvpn
01:29 -!- echo083 [~adam@unaffiliated/echo083] has joined #openvpn
01:30 < echo083> hello i was wondering what are the risk to connect with openvpn to a free vpn ? what are the security risk excepted maybe the could monitor my network activity ?
01:30 < mystica555> they could entirely monitor all of your vpn activity
01:31 < mystica555> but not particularly that of other connections you make outside of the vpn - unless somehow your system was exploited in the process of visiting some site whereby a malicious bit of code was injected
01:32 < mystica555> so yes, the vpn provider -can- see all of your traffic on the vpn; -shouldnt- be able to see the rest of you talking to the internet, unless you're compromised somehow.  openvpn isn't a tunnel into everything, just another (virtual) ethernet adapter connected to your computer
01:32 < echo083> mystica555, i was using the vpn in a virtual machine
01:33 < echo083> mystica555, so i think the risk are zero ?
01:33 < mystica555> the risk is never zero
01:34 < mystica555> hypervisor escape bugs have been found in just about every hypervisor
01:34 < mystica555> you can add another layer, mitigate some risk, but never think you are 100% unaffected; nothing is ever 100%
01:34 < echo083> mystica555, latest openvpn in windows xp sp3 there are security vulnerabilities known ?
01:36 < mystica555> tons, in windows xp sp3
01:36 < mystica555> and probably even more tons that will never be known now that microsoft is not patching it
01:37 < mystica555> does openvpn itself add to them? likely not
01:37 < echo083> mystica555, i'll just stop using free vpn then thanks :p
01:37 < mystica555> just remember; any endpoint into the internet is potential for an adversary to sniff, if the adversary controls the up-stream network
01:39 < echo083> mystica555, but with a paying vpn the risk is the same so no thirdparty vpn is safe it's sad
01:40 < mystica555> this is 100% true
01:40 < mystica555> 'how much do i trust the person/company providing this to me'
01:40 < mystica555> same could be said for your local isp, telco, cable company...
01:41 < mystica555> or even datacenter if you got your own hardware and plugged it in. datacenters can easily mirror switchports if they wanted (common code of ethics is not to, but then again, some other third parties such as governmental entities might just come visiting one day, if they are investigating something, and boom, all your packets go into their capture device)
01:41 < echo083> mystica555, with my isp i can always encrypt my connection with the maximum
01:42 < mystica555> encrypt it to where though?
01:42 < echo083> mystica555, if i have a personal vpn
01:42 < echo083> mystica555, hosted on my computer and i want to connect to that vpn
01:42 < mystica555> ok, so youre vpning only between your own boxes, and not to use as a gateway to the isp to mask your normal IP/
01:42 < mystica555> ?
01:42 < echo083> mystica555, no i don't do it it's an idea
01:42 < mystica555> ok right
01:43 < echo083> mystica555, so in this case there are no security risk ?
01:43 < mystica555> if you control all the hardware and software that is part of the vpn, itd be pretty secure
01:43 < echo083> mystica555, finally an almost safe solution :p
01:43 < mystica555> as long as you use high quality encryption methods, and dont have a trojan that leaks a private key for example
01:44 < mystica555> (in that case, you wouldn't 100% control all the software, itd be that 0.01% that'd bite you)
01:44 < echo083> mystica555, hum indeed
01:44 < echo083> mystica555, thanks for the info
01:44 < mystica555> security is sadly a many-faceted thing, with many potential pitfalls
01:44 < mystica555> :(
01:44 < echo083> mystica555, i understand that now
01:44 < mystica555> you're welcome however, and i hope that you are able to make what you want to work, work :)
01:45 < echo083> mystica555, thanks
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
01:56 -!- toli [~toli@ip-81-11-248-233.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:57 -!- toli [~toli@ip-62-235-242-88.dsl.scarlet.be] has joined #openvpn
02:00 -!- echo083 [~adam@unaffiliated/echo083] has quit [Quit: Quit]
02:29 -!- faern [~faern@irc.jagochmittmoln.se] has joined #openvpn
02:36 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
02:38 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
03:27 -!- d3lphi [~d3lphi@unaffiliated/d3lphi] has joined #openvpn
03:28 < d3lphi> hello all. When I have a myconfig_UP.bat and myconfig_DOWN.bat within the OpenVPN config folder in Windows, it is executed after the VPN conenction is established or disconnected. Does that work also for the Windows Service when using in "Automatic" mode and not using OpenVPN GUI at all ?
03:35 -!- IwishIcanFLighT [5fd33c0b@gateway/web/freenode/ip.95.211.60.11] has joined #openvpn
03:35 < IwishIcanFLighT> Hi there :)
03:40 < IwishIcanFLighT> I have a question concerning OpenVPN connect app on Android. If I activate the Battery Saver option which pauses the VPN when my phone screen is blanked, and say I receive an email while my phone is blanked. Does the vpn unpause itself to receive the email and notify me?
03:55 <@plaisthos> sorry no idea about how connect is implemented
03:56 <@plaisthos> but OpenVPN for Android gets a screen unblank event when the lockscreen is shown
03:59 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 256 seconds]
04:21 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
04:22 -!- apocr [~apoc@host83-111-dynamic.5-87-r.retail.telecomitalia.it] has joined #openvpn
04:23 < apocr> Openvpn automatically connects on boot using /etc/openal/client.conf, right?
04:25 -!- IwishIcanFLighT [5fd33c0b@gateway/web/freenode/ip.95.211.60.11] has quit [Quit: Page closed]
04:27 <@plaisthos> I am not sure what openal is
04:27 <@plaisthos> but on Ubuntu/debian system a config in /etc/openvpn/ is automatically started
04:28 -!- apocr [~apoc@host83-111-dynamic.5-87-r.retail.telecomitalia.it] has quit [Ping timeout: 244 seconds]
04:31 -!- apocr [~apoc@192.71.218.191] has joined #openvpn
04:31 < apocr> sorry I disconnected..
04:34 < apocr> How is the auto-connect on boot handeled if my private key is password encrypted? Can I somewhere define what connection file is used for this?
04:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:48 < damjan> on Debian? (you really lack the context in your question)
04:48 < damjan> on Debian the behaviour of the init script is configured in /etc/default/openvpn
04:48 < damjan> #AUTOSTART="all" is the default
04:48 < apocr> damjan: sorry, yes. On Debian, thank you!
04:50 < apocr> damjan: How does the autostart work, when I have a password protected private key?
04:51 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
04:52 < damjan> it doesn't
04:54 < apocr> damjan: so no autostart with a password protected private key? thanks for the info!
05:11 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
05:12 -!- apocr [~apoc@192.71.218.191] has quit [Quit: leaving]
05:14 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
05:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
05:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:40 -!- kwmiebach [sid16855@gateway/web/irccloud.com/x-tzhkvouptwnthzhc] has left #openvpn []
05:45 -!- Visual` [~visualsta@unaffiliated/visualstation] has joined #openvpn
05:53 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
06:08 -!- FemaleAnon [~FemaleAno@185.47.200.130] has joined #openvpn
06:08 < FemaleAnon> i have a bug to report
06:09 < FemaleAnon> the linux version is not detecting openssl
06:09 < FemaleAnon> anyone have a work around?
06:10 < damjan> FemaleAnon: what exactly are you doing, what's the expected output and what you get instead? also, more context
06:11 < FemaleAnon> trying to ./configure ----- I get "configure: error: ssl is required but missing"
06:12 < FemaleAnon> openssl version 1.0.1k-3+deb8u1 is installed according to dpkg -l
06:13 < FemaleAnon> in the ./configure log, it says "OPENSSL_SSL... no" and "OPENSSL_CRYPTO... no"
06:13 < FemaleAnon> anything else?
06:17 < damjan> Debian? Ubuntu?
06:17 < FemaleAnon> debian
06:19 < damjan> FemaleAnon: did you also install the -devel package?
06:19 < damjan> libssl-dev
06:20 < FemaleAnon> not knowingly. will do.
06:21 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-cvtccyrzlninzhwg] has joined #openvpn
06:22 -!- d3lphi [~d3lphi@unaffiliated/d3lphi] has left #openvpn []
06:22 < etherealmktg1> hello room, using linuxmint here, installed openvpn, didnt have easy-rsa samples with it, so installed easy-rsa, wondering if there is something im missing because im cant seem to find the samples...
06:40 < FemaleAnon> damjan, the libssl-dev fixed it
06:46 < FemaleAnon> is there a "best practices" way to run openvpn in linux? i sometimes have issues with dropping root privileges in 2.3.6 using the "user" line in the config files... would running openvpn with the --user <user> option be any more consistant? or is it possible to set things up so openvpn can be run as a lowly privileged user?
06:48 < FemaleAnon> i suppose I could set the routing settings and such as root and then run it with --script-security 0
06:54 < damjan> you could set sudo
06:55 < damjan> or alternatively http://sourceforge.net/p/openvpn/openvpn-testing/ci/master/tree/src/plugins/down-root/README.down-root
06:55 <@vpnHelper> Title: OpenVPN / openvpn-testing / [710c43] /src/plugins/down-root/README.down-root (at sourceforge.net)
06:56 < damjan> I actually configured a tap interface with systemd-networkd, owned by user nobody and start openvpn as nobody in the first place
06:56 < damjan> but all networking is configured with networkd
07:02 < FemaleAnon> much appreciated
07:16 <+esde> FemaleAnon
07:16 <+esde> ?unpriv
07:16 <+esde> !unpriv
07:16 <@vpnHelper> "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions.
07:17 < FemaleAnon> esde, thanks. will read.
07:19 <+esde> Some light reading http://www.breitbart.com/national-security/2015/07/29/china-wants-to-set-the-rules-for-the-global-internet/
07:19 <@vpnHelper> Title: China Wants to Set the Rules for the Global Internet - Breitbart (at www.breitbart.com)
07:22 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Remote host closed the connection]
07:23 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Quit: Bye]
07:26 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
07:27 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
07:32 -!- FemaleAnon [~FemaleAno@185.47.200.130] has quit [Quit: Leaving]
07:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:35 -!- mode/#openvpn [+o mattock1] by ChanServ
07:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
07:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:51 -!- mode/#openvpn [+o mattock1] by ChanServ
07:59 -!- SineDeviance [~quassel@2602:306:3908:8eb0:208c:12fc:e200:83b1] has joined #openvpn
08:16 -!- krthnz [~krthnz@unaffiliated/krthnz] has quit [Remote host closed the connection]
08:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
08:25 -!- BtbN [btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
08:33 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
08:41 -!- Owner [~Owner@unaffiliated/owner] has joined #openvpn
09:00 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Quit: jthunder]
09:08 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:11 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
09:11 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
09:13 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Remote host closed the connection]
09:35 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has quit []
09:37 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
09:41 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-cvtccyrzlninzhwg] has quit [Quit: Connection closed for inactivity]
09:43 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:48 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
10:11 < haasn> I'm setting up a simple personal-use VPN, mainly so I can network together different machines that I own which are all behind NAT
10:13 < haasn> This is what my config looks like right now: https://0x0.st/sBj.conf The question I have: Right now, IP addresses within the subnet (10.60.0.0/24) are assigned pretty much in the order clients connect. Instead, I want OpenVPN to remember which local IP gets mapped to which client, preferably based on the client certificate
10:13 < haasn> Or, well, the client certificate's public key hash
10:14 < haasn> Is something like that possible? Failing that, what's the next-best alternative? I'm trying to avoid having to manually hard-code the assignments on the server. I just want the ability to have add a new host to the VPN by generating a valid cert for that host, and have OpenVPN automatically pick a new/free address for this cert. (I'm also trying to avoid the IPs changing if I revoke and regenerate the cert
10:14 < haasn> with the same public/private key pair)
10:15 -!- HardWall [~HardWall@188.24.91.234] has joined #openvpn
10:20 -!- hid3 [~arnoldas@78.157.71.116] has left #openvpn []
10:29 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-aicsumbhzghkpwxo] has quit [Remote host closed the connection]
10:36 < damjan> haasn: persistent something, see the man page
10:36 < damjan> --ifconfig-pool-persist
10:37 -!- shio [~shio@245.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
10:38 -!- jthunder [~jthunder@70.28.245.65] has joined #openvpn
10:41 < haasn> damjan: ah, perfect. thanks!
10:51 -!- txdv [~unreal@78-56-71-41.static.zebra.lt] has joined #openvpn
10:51 < txdv> is there a dev channel for this?
10:52 <@plaisthos> txdv: openvpn-devel
10:52 < txdv> -j openvpnßdevel
10:52 -!- jthunder [~jthunder@70.28.245.65] has quit [Ping timeout: 244 seconds]
10:55 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-azhhnivgxuoujkgr] has quit [Remote host closed the connection]
10:55 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Remote host closed the connection]
10:55 -!- dan_j [sid21651@gateway/web/irccloud.com/x-sbkeyhexfoipntvf] has quit [Remote host closed the connection]
11:03 -!- novaflash is now known as novaflash_away
11:09 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
11:13 -!- novaflash_away is now known as novaflash
11:19 -!- novaflash is now known as novaflash_away
11:24 -!- dan_j [sid21651@gateway/web/irccloud.com/x-qapnvtcuqjtfxxmv] has joined #openvpn
11:24 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:24 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-mnfiwvlwdnuizcgn] has joined #openvpn
11:24 -!- novaflash_away is now known as novaflash
11:29 -!- weems2 [~hagrid@71-14-62-161.dhcp.stls.mo.charter.com] has joined #openvpn
11:29 < weems2> is there a way to change tblk files to ovpn
11:29 < weems2> I change them and they only become a folder
11:29 < weems2> not a ovpn file
11:29 < weems2> I can rename the zip they came in but that is not accepted by the openvpn client
11:35 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-adelzpkjavedkzrr] has joined #openvpn
11:46 -!- Gwoplock [~quassel@2602:306:838a:cbd0::3d] has quit [Ping timeout: 246 seconds]
12:11 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:14 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
12:24 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:28 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
12:34 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:35 -!- weems2 [~hagrid@71-14-62-161.dhcp.stls.mo.charter.com] has quit [Read error: Connection reset by peer]
12:40 -!- akamaru217 [~akamaru@2601:cd:4001:b705:bd73:aab5:6945:579a] has quit [Quit: Leaving]
13:00 -!- Algebr [~user@38.99.37.132] has quit [Remote host closed the connection]
13:06 -!- HardWall [~HardWall@188.24.91.234] has quit [Quit: Leaving]
13:08 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has joined #openvpn
13:09 -!- HardWall [~HardWall@188.24.91.234] has joined #openvpn
13:10 -!- HardWall [~HardWall@188.24.91.234] has quit [Max SendQ exceeded]
13:11 -!- HardWall [~HardWall@188.24.91.234] has joined #openvpn
13:14 -!- HardWall [~HardWall@188.24.91.234] has quit [Remote host closed the connection]
13:20 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
13:21 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 252 seconds]
13:22 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
13:22 -!- HardWall [~HardWall@188.24.91.234] has joined #openvpn
13:24 -!- shivaya [~root@vpnclient-25.es.net] has joined #openvpn
13:24 -!- chrisb [~chrisb@li482-205.members.linode.com] has joined #openvpn
13:25 -!- shivaya [~root@vpnclient-25.es.net] has quit [Client Quit]
13:26 -!- shivaya [~root@vpnclient-25.es.net] has joined #openvpn
13:26 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
13:29 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
13:29 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
13:33 -!- jacekows1i [jacekowski@jacekowski.org] has joined #openvpn
13:33 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:34 -!- jacekowski [jacekowski@jacekowski.org] has quit [Ping timeout: 240 seconds]
13:34 -!- u0m3 [~u0m3@92.80.102.166] has quit [Ping timeout: 240 seconds]
13:35 -!- u0m3 [~u0m3@92.80.102.166] has joined #openvpn
13:55 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
14:04 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
14:08 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
14:17 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
14:21 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
14:25 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:42 -!- apollo2k is now known as aPollO2k
14:45 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:04 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has joined #openvpn
15:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:16 -!- aPollO2k is now known as apollo2k
15:42 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:45 -!- s7eele [~AndChat52@108.59.12.84] has quit [Remote host closed the connection]
16:02 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
16:03 -!- julie_harshaw [~julie@juliekoubova.net] has joined #openvpn
16:04 -!- ghoti_ [~paul@hq.experiencepoint.com] has joined #openvpn
16:05 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
16:05 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 250 seconds]
16:05 -!- shivaya [~root@vpnclient-25.es.net] has quit [Ping timeout: 250 seconds]
16:05 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 250 seconds]
16:05 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 250 seconds]
16:05 -!- K1rk [~Kirk@equinox.epecweb.com] has quit [Ping timeout: 250 seconds]
16:05 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 250 seconds]
16:05 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 250 seconds]
16:05 -!- voidstar [~imnotf@unaffiliated/voidstar] has quit [Ping timeout: 250 seconds]
16:05 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
16:05 -!- mode/#openvpn [+o mattock] by ChanServ
16:06 -!- K1rk [~Kirk@5.135.221.149] has joined #openvpn
16:06 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
16:09 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
16:09 -!- akamaru217 [~akamaru@2601:cd:4001:b705:719b:5233:4970:a501] has joined #openvpn
16:11 -!- voidstar [~imnotf@unaffiliated/voidstar] has joined #openvpn
16:22 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has quit [Ping timeout: 255 seconds]
16:29 -!- akamaru217 [~akamaru@2601:cd:4001:b705:719b:5233:4970:a501] has quit [Read error: Connection reset by peer]
16:34 -!- Owner [~Owner@unaffiliated/owner] has quit [Ping timeout: 264 seconds]
16:44 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
17:08 < DzAirmaX> hi all
17:09 < DzAirmaX> is that possible to use openvpn with a dh4096 key ?
17:13 < DzAirmaX> ok its working xD
17:20 -!- RealityVoid [~HardWall@188.24.84.163] has joined #openvpn
17:20 -!- HardWall [~HardWall@188.24.91.234] has quit [Read error: Connection reset by peer]
17:29 -!- akamaru217 [~akamaru@2601:cd:4001:b705:598f:2fb5:6266:31ef] has joined #openvpn
17:32 -!- s7eele [~AndChat52@108.59.12.84] has joined #openvpn
17:41 -!- RealityVoid is now known as HardWall
17:42 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
17:43 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
18:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:22 -!- u0m3 [~u0m3@92.80.102.166] has quit [Ping timeout: 244 seconds]
18:32 -!- HardWall [~HardWall@188.24.84.163] has quit [Read error: Connection reset by peer]
19:09 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 255 seconds]
19:10 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
19:33 -!- fred`` [fred@earthli.ng] has quit [Quit: +++ATH0]
19:41 -!- fred`` [fred@earthli.ng] has joined #openvpn
19:45 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
19:47 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
20:07 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has joined #openvpn
20:10 -!- tekk [~me@185.17.149.149] has quit [Ping timeout: 260 seconds]
20:17 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
20:39 -!- u0m3 [~u0m3@92.80.125.120] has joined #openvpn
21:18 < MrKB> Hey guys. I've set up an OpenVPN 2.3.7 server on my Windows 8.1 machine, and I'm using it in bridge mode. What I want to do is be able to play LAN games with a few friends, more specifically StarCraft.  I've turned off my firewall and opened my 1194 UDP port. I sent my friend the required files (ca.crt, client1.crt & client1.key) and he was successfully able to connect to my server. I can even see the LAN game he's hosting on his computer.
21:18 < MrKB> For some reason I can't connect to it though, it says "Unable to join game". This has happened before and it's usually a firewall problem, but I've turned both of our firewalls off.
21:19 < MrKB> I believe it might be a conflict of some sort since my OpenVPN server says this: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
21:19 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Quit: leaving]
21:19 < MrKB> Any help would be appreciated it.
21:19 < MrKB> I also sent him client1.ovpn, forgot to mention that part.
21:21 < MrKB> Another thing to note: My OpenVPN server seems to have given him the IP 10.8.0.4. I tried pinging that IP and I can't ping it.
21:36 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 244 seconds]
21:39 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
22:06 -!- MrKB2 [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has joined #openvpn
22:07 -!- MrKB [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has quit [Ping timeout: 265 seconds]
22:10 -!- MrKB2 [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has quit [Ping timeout: 244 seconds]
22:12 -!- MrKB [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has joined #openvpn
22:30 < MrKB> Just ran into this: "The addresses used for local and remote should not be part of the bridged subnet -- otherwise you will end up with a routing loop."
22:30 < MrKB> Could that be my issue?
22:30 < MrKB> My local directive is commented out though
22:42 < MrKB> Some info on how LAN games work on StarCraft, which is why I think I need bridged mode instead of routed mode: http://www.s-softs.com/Projects/SoV/index.html#tech
22:42 <@vpnHelper> Title: S-Softs.com StarCraft Over VPN (SoV) (at www.s-softs.com)
22:50 < Eugene> MrKB - if the game only supports "local" multiplayer, then yes, you need a TAP device. YOu don't necessarily need a Bridge, however.
22:50 < Eugene> I'm not familiar with Starcrack; ideally it would let you enter an IP address to connect to; is this the case?
22:54 < MrKB> nope
22:54 < MrKB> Only works through UDP discovery
22:57 < MrKB> Eugene: ^
22:57 < MrKB> Sorry forgot to highlight you
22:58 < Eugene> Fun. Do you need to involve a computer other than the ones running OpenVPN?
22:58 < MrKB> Nope
22:59 < Eugene> Then you want just regular ol' routing, but with --dev tap
22:59 < MrKB> I've gotten it to work via Windows's built-in PPTP VPN and with Tunngle as well. But Tunngle looks like it'll give my computer cancer (ad-riden) and Windows limits it to one user only
22:59 < MrKB> I want to be able to play with 2-3 people
22:59 < Eugene> This will let you pass arbitrary L2 traffic through the tunnel
22:59 < MrKB> I see
22:59 < Eugene> (which is what UDP multicast is)
23:00 < MrKB> So what kind of LAN games would need bridging?
23:00 < MrKB> The HOWTO guide mentions needing it.
23:00 < Eugene> The HOWTO is subtly wrong ;-)
23:00 < MrKB> well technically the bridging page
23:00 < MrKB> https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html
23:00 <@vpnHelper> Title: Ethernet Bridging (at openvpn.net)
23:00 < Eugene> If you were trying to connect two Xboxes, for example
23:00 < MrKB> wait no, wrong page XD
23:00 < MrKB> Just...I saw it somewhere lol
23:01 < Eugene> I believe you; I've seen it.
23:01 < MrKB> Oh yeah, it was on the HOWTO
23:01 < MrKB> you are running applications over the VPN which rely on network broadcasts (such as LAN games), or
23:01 < Eugene> Yah; that's wrong. You only need a TAP device(which is a requirement of bridging, but optional for routing) for those
23:01 < MrKB> I got it working BTW. Looks like the issue might have been that my friend wasn't running the OpenVPN GUI as admin
23:01 < Eugene> Surprise!
23:02 < MrKB> So it was giving him a message about failing to flush something or other.
23:02 < MrKB> I should do routing though, right? It's more robust and/or secure?
23:02 < Eugene> Yup, the device won't come up because Normal User doesn't have permissiosn to modify network settings
23:02 < MrKB> I see, I see.
23:02 < MrKB> Damnit friend -_-
23:02 < Eugene> Bridging is like a long ethernet cable from your switch to your buddy's switch
23:02 < MrKB> yeah
23:02 < Eugene> Routing-over-TAP is a cable, but from your computer to your budyd's computer
23:03 < Eugene> Bridging two LANs is generally slow, inefficient, and will let anything on the two networks talk to each other, unsecured. Not usually a good idea.
23:03 < MrKB> Right, OK. That's the impression I got from this page: https://community.openvpn.net/openvpn/wiki/309-what-is-the-difference-between-bridging-and-routing
23:03 <@vpnHelper> Title: 309-what-is-the-difference-between-bridging-and-routing – OpenVPN Community (at community.openvpn.net)
23:04 < Eugene> Yup.
23:04 < MrKB> but if I wanna steal my buddy's porn..
23:04 < MrKB> bridging
23:04 < Eugene> So long as you're only dealing with games ON the machines running OpenVPN, routing-with-TAP is the way to go
23:04 < Eugene> Just ask him for it; usually easier.
23:04 < MrKB> :P
23:04 < MrKB> Yeah it's gaming on the machines with OpenVPN
23:05 < MrKB> Oh see, look. From that same page I just linked: "Software that depends on broadcasts will not "see" machines on the other side of the VPN."
23:05 < MrKB> That made me think I needed it for StarCraft
23:05 < MrKB> but I guess StarCraft just needs to see the UDP packet, not the machine.
23:05 < Eugene> It should say "on the other end of the network"
23:05 < MrKB> I fail to see the difference between those two phrases in this case though
23:06 < MrKB> The bridging mini guide seems a bit dated BTW. Who do I poke about that
23:06 < Eugene> It is. Beats me, probably pekster or somebody.
23:06 < Eugene> I'm far too lazy to submit a rewrite; I have a dayjob
23:06 < MrKB> :D
23:07 < Eugene> In bridging: the two ends can talk to each other, as well as anything on the network behind them
23:07 < Eugene> In routing-with-tap: the two ends can talk to each other
23:07 < Eugene> In routing-with-tun: the two ends can talk L3 protocols to each other
23:07 < MrKB> Oh OK so what that sentence means is that I won't be able to see the other machines in my buddy's network
23:07 < Eugene> Correct.
23:07 < MrKB> But I should be able to see his regardless
23:07 < MrKB> Got it
23:08 < MrKB> Thanks for clarifying all this stuff Eugene.
23:09 < Eugene> Sure
23:09 < MrKB> I'm gonna try switching to routing now
23:09 < MrKB> I might ping you for some more help if I get stuck XD
23:18 -!- MrKB2 [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has joined #openvpn
23:19 -!- MrKB [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has quit [Ping timeout: 244 seconds]
23:25 -!- ShadniX [dagger@p57941694.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:25 -!- ShadniX_ [dagger@p5481DE4F.dip0.t-ipconnect.de] has joined #openvpn
23:25 -!- ShadniX_ is now known as ShadniX
23:29 -!- MrKB2 is now known as MrKB
23:29 < MrKB> Eugene: It worked :D
23:29 < Eugene> !next
23:29 < MrKB> I can't believe it was that easy
23:29 < MrKB> lol
23:29 < MrKB> I spent hours trying shit and all it was was that my friend needed to elevate the GUI
23:29 < MrKB> GRRR
23:31 < MrKB> I could have set up the OpenVPN server in minutes and we could have played that same night.
23:31 < MrKB> Just wow XD
23:31 < MrKB> Eugene: Will it work if we turn on our firewalls?
23:31 < Eugene> Beats me. Windows firewall sucks.
23:32 < MrKB> True XD
--- Day changed Fri Jul 31 2015
00:27 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
00:50 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
00:55 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
00:55 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 250 seconds]
00:57 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
01:04 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
01:04 < Tools> !welcome
01:04 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
01:04 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
01:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:20 -!- s7eele [~AndChat52@108.59.12.84] has quit [Remote host closed the connection]
01:32 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:32 -!- mode/#openvpn [+o mattock1] by ChanServ
01:40 -!- themayor [~themayor@unaffiliated/themayor] has quit [Quit: ZNC - http://znc.in]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
01:51 < Tools> Good morning, I have a working openvpn config, and routing works perfectly fine. Now I wanted to add IPv6, which works lan-wise, but I can't seem to access any IPv6 addresses. Do I need to use the ip6tables equivalent of the postrouting/masquerade to get this to work maybe? (As I can't use ip6tables on my VPS, I can't test this..)
01:51 < pipework> They really should add 10.0.0.0/24 and maybe 10.0.1.0/24 to that too.
01:52 < pipework> I've had routers that use those by default.
02:13 < Tools> The very first router I remember we had used the 10.0.0.0/24 range.. And default gateway 10.0.0.138, made no sense. :p
02:16 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
02:21 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:27 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
02:47 < Tools> !goal
02:47 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
03:04 -!- damjan [~damjan@unaffiliated/damjan] has left #openvpn ["Konversation terminated!"]
03:23 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
03:24 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
03:34 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
04:15 < Tools> Or does maybe someone know if my ipv6 tunnel doesn't work because I use openVZ instead of KVM (My ovz has kernel 2.6.32 iirc)
04:17 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
04:23 -!- JohnElbaz [~John@41.240.99.80] has joined #openvpn
04:24 < JohnElbaz> I faced this error in centos server TLS Error: TLS handshake failed
04:27 < JohnElbaz> how can i show u the log
04:30 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:30 < JohnElbaz>  !staff
04:34 < JohnElbaz> ??
04:50 -!- JohnElbaz [~John@41.240.99.80] has left #openvpn []
04:51 -!- JohnElbaz [~John@41.240.99.80] has joined #openvpn
05:14 -!- Jason_weileilei [~jason_wei@180.168.194.102] has joined #openvpn
05:20 -!- Jason_weileilei [~jason_wei@180.168.194.102] has quit [Quit: Leaving]
05:30 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:35 < JohnElbaz> I faced this error in centos server TLS Error: TLS handshake failed
05:49 < faern> JohnElbaz: Maybe you can include the full log? Paste on some pastebin site.
05:54 -!- soLucien [~Lu@130.225.165.39] has joined #openvpn
06:06 -!- JohnElbaz [~John@41.240.99.80] has quit [Ping timeout: 240 seconds]
06:17 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
06:26 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-zfoscmabbmneduvw] has joined #openvpn
06:26 -!- soLucien [~Lu@130.225.165.39] has quit [Read error: Connection reset by peer]
06:26 < etherealmktg1> hello is anyone around, i have some linux routing issues, wondering if someone could lend a guiding hand
06:28 < Tools> So... I got myself a small KVM VPS, and still can't get IPv6 working. So I doubt I'm having an issue that has to do with KVM/OVZ... :(
06:43 <@plaisthos> !ask
06:43 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
06:45 < Tools> !routing
06:45 < Tools> !route
06:45 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
06:45 < Tools> Oops :p
06:53 < Tools> I've tried so many things now, but IPv6 just won't work... Anyone here that does have ipv6 routing working and maybe able to help..?
06:54 <@plaisthos> Tools: ipv6 routing does not work, what did I wrong is not a good question
06:54 <@plaisthos> describe what works/does not work in detail
06:54 <@plaisthos> e.g. ping6 from client to server works
06:55 < Tools> plaisthos, it just doesn't work...? I thought it did work.. :o
06:55 < Tools> Oh, but getting IPv6 internet through openvpn is simply not possible?
06:55 <@plaisthos> do client and server  have a configured ipv6 addresse on their tun interface
06:55 <@plaisthos> etc.
06:56 <@plaisthos> Tools: ipv6 with openvpn surely works
06:56 < Tools> Server and client both have IPv6 address configured on their interfaces, and they're able to ping each other (and others on the OpenVPN lan).
06:56 <@plaisthos> OpenVPN lan?
06:56 <@plaisthos> other clients?
06:57 <@plaisthos> !ipforward
06:57 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
06:57 <@plaisthos> !linipforward
06:57 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
06:57 <@plaisthos> hm
06:57 <@plaisthos> not what I was looking for
06:57 <@plaisthos> but you also need to enable ipv6 forwarding
06:57 <@plaisthos> !flowchart
06:58 < Tools> net.ipv6.conf.all.forwarding = 1 <- Right?
06:58 <@plaisthos> yes
06:58 < Tools> Even with that enabled it doesn't work sadly..
06:58 <@plaisthos> Then juste tcpdump on the server to see where the packet get lost
06:58 <@plaisthos> that would be my solution
06:59 < Tools> I've never used tcpdump before, time to do some research. :)
06:59 <@plaisthos> or wireshark
06:59 <@plaisthos> it captures everything on a interface
07:02 < Tools> When capturing, I have no idea what to look for... So many packets...
07:03 <@plaisthos> make something like
07:03 <@plaisthos> tcpdump -i eth0 host hostyouarepinging
07:03 <@plaisthos> then try first from the host itself to see how it should look like
07:04 <@plaisthos> and then from the vpn client
07:04 <@plaisthos> !tcpdump
07:04 <@vpnHelper> "tcpdump" is (#1) tcpdump is a great troubleshooting tool (Wireshark or the tshark.exe CLI tools for Windows.) To start, try a syntax like `tcpdump -pni ifWhatever` or (#2) You can also add filters to the command, like 'icmp' or 'udp port 1194' and the like. Consult the tcpdump docs for details.
07:04 <@plaisthos> (that !tcpdump is not as helpful as I thought)
07:05 < Tools> It appears I also get to see packets from other VPSes, makes it even worse... (Also, the client we're currently talking about is an Android phone)
07:06 <@plaisthos> try -p for not promisc mode
07:06 <@plaisthos> that may hide other VPNs packets
07:06 < Tools> Still does. :(
07:16 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
07:16 -!- mode/#openvpn [+v s7r] by ChanServ
07:16 < Tools> p.s. Can you maybe check my server.conf if at least that is correct..? :) https://static.casmo.nl/server.conf.txt
07:16 <@plaisthos> server-ipv6 2xxx:xxxx:x:x::/65
07:16 <@plaisthos> looks questionable
07:17 <@plaisthos> why would you use a /65 instead of /64?
07:18 < Tools> Because I have a /64 assigned to my VPS, and I've read that I can't use the lower part of it if I use that part for normal traffic as well.
07:18 < Tools> I don't have a /48, sadly. :(
07:18 <@plaisthos> then you probably need to some hackish routing anyway
07:18 <@plaisthos> like proxy ndp
07:18 < Tools> Oh, I was trying to avoid any hacks.. :p
07:19 < Tools> First stop: VPS ticket, asking for a /48, and lets hope they allow it.
07:19 <@plaisthos> or /56
07:20 <@plaisthos> or a second /64 routed to your main ipv6
07:22 < Tools> Requested a /48, and if not possible, asked if they can route a second /64. Now to await their reply...
07:22 < Tools> Also, are there any preferences for OpenVPN to be running on an OpenVZ or a KVM container, or should that not matter?
07:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
07:27 <@plaisthos> Tools: no idea
07:27 <@plaisthos> !openvz
07:27 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
07:28 < Tools> It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen <- So, KVM is preferred over OpenVZ :p
07:29 <@plaisthos> Tools: I have only firsthand experience with kvm
07:29 <@plaisthos> and that works
07:30 <@plaisthos> but in my case the dc router has a /56 route to the ipv6 of the openvpn vm
07:30 <@plaisthos> so just normal routing :)
07:31 < Tools> I got myself a 1gb OpenVZ to test with OpenVPN, and this morning got a 256mb KVM one to see if KVM got my IPv6 to work.. But it didn't, so far.. :p
07:31 < Tools> So, if OpenVZ works (with a second routed /64), I might stick to OpenVZ, as I've never had any trouble with it.
07:32 < Tools> And if it requires me to switch to KVM, I'd still do it, and just move all the services from the OVZ to KVM. :)
07:32 < Tools> Too bad I can't upgrade my OVZ to a KVM VPS, that would make it much easier, heh.
07:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:40 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
07:51 < chrisb> AEAD support yet? https://community.openvpn.net/openvpn/ticket/301
07:51 <@vpnHelper> Title: #301 (Support AEAD cipher modes) – OpenVPN Community (at community.openvpn.net)
07:57 < Tools> plaisthos, do you know how to change this into a /48 subnet? :P https://static.casmo.nl/interfaces.txt (Is it as simple as changing that /64 to /48, or is there a new line to add?)
07:58 < Tools> (And they will not allow a full /48 to be routed to my VPS, they can add a second /64 to my vps though. But I think I'll try this first... :p)
08:01 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
08:04 -!- JohnElbaz [~John@41.240.99.80] has joined #openvpn
08:05 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
08:05 < JohnElbaz> i will attach the log now
08:07 < JohnElbaz> here is it >> http://pastebin.com/hjN0PAdp
08:07 < JohnElbaz> faern
08:15 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
08:18 <@plaisthos> Tools: err
08:19 <@plaisthos> Tools: a /48 on an interface is almost always wrong
08:21 < JohnElbaz> plaisthos
08:21 <@plaisthos> JohnElbaz: ?
08:25 -!- JohnElbaz [~John@41.240.99.80] has quit [Ping timeout: 250 seconds]
08:26 -!- JohnElbaz [~John@41.240.99.80] has joined #openvpn
08:26 < JohnElbaz> sorry D/C
08:26 < Tools> plaisthos, I get this from support: You will also need to set the netmask to 48 and your gateway and default route to the gateway IP listed in SolusVM. <- So, they're telling me to do something wrong? :P
08:27 < JohnElbaz>  plaisthos please see this  http://pastebin.com/hjN0PAdp and advice me
08:28 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:29 <@plaisthos> Tools: err, that is not common pratice
08:29 <@plaisthos> but then again I have no idea of OpenVZ
08:30 <@plaisthos> JohnElbaz: that is a random openvpn log, so?
08:30 < Tools> plaisthos, that was for KVM, not for OpenVZ. :P
08:31 <@plaisthos> Tools: then still
08:31 < Tools> Also, I just requested the 2nd /64 for my OpenVZ VPS, lets hope that works.
08:31 <@plaisthos> in Ipv6 you normally configure always /64 on interfaces
08:31 <@plaisthos> and route larger networks to ip addresses
08:31 <@plaisthos> like in ipv4 where you also would not add a /16 to an interface
08:32 <@plaisthos> but that is only common pratice and not mean that your hosting provider doesn't do anything strange
08:32 <@plaisthos> that you can see trafic for other virtual hosts does not bode well ...
08:33 < Tools> No I agree on that.. I'll just ignore that, and hope that a 2nd /64 subnet does the trick in what I want.. :p
08:34 <@plaisthos> maybe you now have a /48 where you need to do proxy ndp instead of a /64 where you need to do proxy ndp :p
08:35 < JohnElbaz> plaisthos : did u saw the log?
08:36 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:37 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
08:38 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
08:38 <@plaisthos> JohnElbaz: you just spammed me with log and expect me to guess what your problem is?
08:40 < JohnElbaz> sorry,  I faced this error in centos server TLS Error: TLS handshake failed
08:42 < JohnElbaz> am trying to connect to server[centos] using openVPN 2.2.2 in both server and local machine used same version.
08:42 < JohnElbaz> I tried to open the port in server iptables -I INPUT -p udp -m udp --dport 11194 -j ACCEPT no thing new ...
08:43 -!- Owner [~Owner@unaffiliated/owner] has joined #openvpn
08:44 <@plaisthos> JohnElbaz: there should another error/warning before that line
08:44 <@plaisthos> in the server log
08:45 <@plaisthos> your client log looks fine
08:47 < JohnElbaz> okay 1 min
08:50 < JohnElbaz> here is server log : http://pastebin.com/gA3cFuES
08:57 < JohnElbaz> i stop openvpn the start and I got : http://pastebin.com/zATAWwcX
08:59 < Tools> SSL3_GET_CLIENT_CERTIFICATE:no certificate returned <- Did you set the certificates?
08:59 <@plaisthos> Jul 31 09:56:22 2015 us=368107 105.239.18.98:35926 VERIFY ERROR: depth=0, error=unsupported certificate purpose: /C=SA/ST=CA/L=Jedda/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain
08:59 <@plaisthos> never seen that before
09:00 -!- JohnElbaz [~John@41.240.99.80] has quit [Read error: Connection reset by peer]
09:00 <@plaisthos> there might have something gone wrong when you created the client certificate
09:04 -!- JohnElbaz [~John@41.240.134.141] has joined #openvpn
09:04 < JohnElbaz> sorry D/C
09:04 < JohnElbaz> @plaisthos
09:06 <@plaisthos> 15:59:47 <@plaisthos> Jul 31 09:56:22 2015 us=368107 105.239.18.98:35926 VERIFY ERROR: depth=0, error=unsupported certificate purpose: /C=SA/ST=CA/L=Jedda/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain
09:06 <@plaisthos> 16:00:46 <@plaisthos> there might have something gone wrong when you created the client certificate
09:09 < JohnElbaz> I created the certs more than time without any errors
09:10 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
09:11 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:14 < JohnElbaz> [root@manofdark openvpn]# openssl verify -CAfile /etc/openvpn/easy-rsa/2.0/keys/ca.crt  /etc/openvpn/easy-rsa/2.0/keys/server.crt
09:14 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 260 seconds]
09:16 < Tools> plaisthos, got the 2nd /64. :D
09:16 < JohnElbaz>  plaisthos : /etc/openvpn/easy-rsa/2.0/keys/server.crt: OK
09:16 <@plaisthos> JohnElbaz: *client certificate*
09:17 <@plaisthos> the server is complaining about the cerificate of the client
09:20 < JohnElbaz> what I should to do now
09:20 <@plaisthos> JohnElbaz: check that hte client certificate is okay, regenerate the client certificate
09:20 <@plaisthos> something like this
09:20 < JohnElbaz> okay
09:22 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 264 seconds]
09:22 < JohnElbaz> it also /etc/openvpn/sub/keys/server.crt: OK
09:22 < Tools> plaisthos, so, I changed the config to the new /64 subnet, and it still is not working... Do I need to add anything with iptables/ip6tables?
09:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:28 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:51 < JohnElbaz> I delete all cer. in both boxies recreated it again ... i got the same error
09:54 < Tools> JohnElbaz, server.crt and client.crt are both OK?
09:58 -!- matt_ [~matt@ccpc-buzzer.bath.ac.uk] has quit [Ping timeout: 246 seconds]
10:01 -!- JohnElbaz [~John@41.240.134.141] has quit [Read error: Connection reset by peer]
10:02 -!- JohnElbaz [~John@154.98.45.226] has joined #openvpn
10:03 < JohnElbaz> @plaisthos r u with me
10:26 < etherealmktg1> anyone have experience with squid reverse proxy?
10:48 -!- MrKB [~MrKB@c-73-5-198-94.hsd1.fl.comcast.net] has quit [Read error: Connection reset by peer]
11:02 < JohnElbaz> tools yes they r okay
11:03 -!- ghoti_ is now known as ghoti
11:14 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
11:16 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
11:26 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:38 < JohnElbaz> tools
11:38 < JohnElbaz> plaisthos
11:40 -!- samopotamus [~samopotam@ks4002259.ip-198-100-147.net] has joined #openvpn
11:40 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
11:40 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
11:51 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-dezkdptmennczvte] has joined #openvpn
11:57 -!- JohnElbaz [~John@154.98.45.226] has quit []
12:14 -!- HardWall [~HardWall@188.24.84.163] has joined #openvpn
12:15 < Tools> So far; DNS and default gateway aren't being set... What options should I use for that, or is there a different setting for it..?
12:22 -!- JohnElbaz [~John@154.98.45.226] has joined #openvpn
12:24 < JohnElbaz> openvpn killed me
12:36 -!- akamaru217 [~akamaru@2601:cd:4001:b705:598f:2fb5:6266:31ef] has quit [Ping timeout: 246 seconds]
12:36 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
12:38 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 252 seconds]
12:42 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:45 -!- akamaru217 [~akamaru@2601:cd:4001:b705:ed7d:97ba:7798:75db] has joined #openvpn
12:52 -!- jacekows1i is now known as jacekowski
12:53 -!- JohnElbaz [~John@154.98.45.226] has quit [Ping timeout: 240 seconds]
13:12 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
13:12 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:17 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
13:24 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:50 -!- RealityVoid [~HardWall@188.24.84.163] has joined #openvpn
13:51 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
13:52 -!- HardWall [~HardWall@188.24.84.163] has quit [Ping timeout: 244 seconds]
13:56 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Read error: Connection reset by peer]
13:56 -!- toli [~toli@ip-62-235-242-88.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:58 -!- toli [~toli@ip-83-134-64-119.dsl.scarlet.be] has joined #openvpn
13:58 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:00 -!- AMERICAN_PSYCHO [~AMERICAN_@173-217-247-55-bssr.mid.dyn.suddenlink.net] has joined #openvpn
14:17 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
14:19 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
14:38 -!- s7eele [~AndChat52@108.59.12.84] has joined #openvpn
14:50 -!- EmptySpace [~EmptySpac@unaffiliated/emptyspace] has joined #openvpn
14:51 < EmptySpace> "If you are running 2 or more OpenVPN instances on the same machine, you will need a separate virtual TUN/TAP adapter and a separate port (using the port directive) for each instance."
14:51 < EmptySpace> Can someone link a guide how to accomplish this on an Ubuntu machine?
14:51 <+esde> !walkthroughs
14:52 <+esde> !walkthrough
14:52 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
14:52 <+esde> !howto
14:52 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
14:52 <+esde> !howto is the just about only supported documentation within this channel
14:52 < EmptySpace> ty will have a look :)
15:01 -!- Steven_ [~deepstar@82.196.7.53] has joined #openvpn
15:03 < Steven_> hello folks, I'm wondering if it is possible to create a VPN which allows IP address spoofing, but with a tun device? I'm trying to setup an environment where users can experiment with spoofing IP traffic
15:11 <+esde> not sure what is meant by IP address spoofing, but with a tun device.
15:13 < Steven_> ip address spoofing -> specify an IP address that is not routed to you, as the source of a packet
15:28 < Thermi> Steven_: Yes. Just do it (route the traffic over the tun device)
15:28 < Thermi> But you need to disable the rp_filter for the interface(s).
15:30 < Steven_> oh, openvpn allows ip spoofing?
15:30 < Steven_> that sounds interesting
15:38 -!- AMERICAN_PSYCHO [~AMERICAN_@173-217-247-55-bssr.mid.dyn.suddenlink.net] has quit [Quit: Goodbye!]
15:39 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
15:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
15:53 -!- vilaix [~vilaix@162.252.172.52] has joined #openvpn
15:54 -!- vilaix [~vilaix@162.252.172.52] has quit [Quit: Leaving]
16:11 < Steven_> Thermi: when I try to spoof a packet, I get this on the server-side: MULTI: bad source address from client [66.66.66.66], packet dropped
16:11 < Steven_> even with rp_filter switched off
16:12 < Thermi> Steven_: What kind of setup do you have?
16:13 < Thermi> Steven_: https://openvpn.net/index.php/open-source/faq/79-client/317-qmulti-bad-source-address-from-client--packet-droppedq-or-qget-inst-by-virt-failedq.html
16:13 <@vpnHelper> Title: "MULTI: bad source address from client , packet dropped" or "GET INST BY VIRT: [failed]"? (at openvpn.net)
16:14 < Steven_> I have a vanilla tun setup and I want to spoof a source IP address from the client
16:14 < Thermi> Seems my knowledge about openvpn was incomplete.
16:14 < Steven_> the packet makes its way to the server, but then gets dropped
16:15 < Thermi> Sure. Add an iroute and you can do that.
16:15 < Steven_> if I add iroute, then it wouldn't be spoofing
16:15 -!- EmptySpace [~EmptySpac@unaffiliated/emptyspace] has quit [Remote host closed the connection]
16:15 < Thermi> Not for OpenVPN, but for your own host.
16:16 < Steven_> for the client?
16:17 < Steven_> iroute is an openvpn directive, I'm not sure what you mean
16:17 < Thermi> OpenVPN obviously needs to know what to do with the packet. For spoofing, that packet should be delivered to the local host. OpenVPN will do that. Now the packet passed through the tun device into the netfilter stack and into the routing table. Now the routing table needs to deal with it.
16:17 < Thermi> the iroute is supposed to be run on the server.
16:18 < Thermi> Alternatively, don't spoof over openvpn, but over an ipip tunnel inside openvpn.
16:18 < Steven_> right, so I should configure a route for 66.66.66.66 back to the client?
16:18 < Steven_> yeah, ipip is plan B :/
16:19 < Thermi> Yes
16:19 < Steven_> I was hopeful when you said I could just route over the tun device and send packets with any source address
16:19 < Steven_> but without an iroute back to the client, openvpn will drop the packet
16:20 < Thermi> 23:18 <Steven_> right, so I should configure a route for 66.66.66.66 back to the client? <- YES
16:20 < Thermi> s/route/iroute/
16:20 < Thermi> read about ccd and add an iroute for that IP in the client's ccd directory
16:22 < Steven_> that's not what I want to do ;)
16:22 < Steven_> but thx for the advice
16:22 < Steven_> ipip is plan B
16:23 < Steven_> patching openvpn will be plan C
16:25 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
17:06 -!- chrisb [~chrisb@li482-205.members.linode.com] has left #openvpn ["rcirc on GNU Emacs 25.0.50.1"]
17:08 -!- Owner [~Owner@unaffiliated/owner] has quit [Ping timeout: 240 seconds]
17:08 -!- RealityVoid [~HardWall@188.24.84.163] has quit [Ping timeout: 244 seconds]
17:10 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
17:10 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
17:11 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:12 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
17:12 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:12 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
17:13 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
17:14 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:15 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has joined #openvpn
17:15 -!- RealityVoid [~HardWall@188.24.84.163] has joined #openvpn
17:17 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
17:17 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
17:18 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
17:18 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-dezkdptmennczvte] has quit [Quit: Connection closed for inactivity]
17:18 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:20 -!- Eos [~HardWall@188.24.96.132] has joined #openvpn
17:21 -!- RealityVoid [~HardWall@188.24.84.163] has quit [Read error: Connection reset by peer]
17:23 -!- Eos is now known as HardWall
17:24 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
17:25 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:30 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
17:32 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:34 -!- s7eele [~AndChat52@108.59.12.84] has quit [Quit: Bye]
17:37 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
17:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:02 -!- HardWall [~HardWall@188.24.96.132] has quit [Read error: Connection reset by peer]
18:11 -!- AMERICAN_PSYCHO [~AMERICAN_@c-75-66-8-113.hsd1.la.comcast.net] has quit [Quit: Goodbye!]
18:20 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 240 seconds]
18:40 -!- s7eele [~AndChat52@208.167.254.200] has joined #openvpn
19:54 -!- AMERICAN_PSYCHO [~AMERICAN_@131.sub-70-196-11.myvzw.com] has joined #openvpn
20:06 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
20:14 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
20:27 -!- Ryan_Lane [~Ryan_Lane@wikimedia/Ryan-lane] has joined #openvpn
20:28 < Ryan_Lane> howdy. I'm having some issues with password lengths for openvpn on os x. it seems my password is being limited to 128 bytes, though the openvpn client says enable-pkcs11 is enabled when I run --version
20:29 < Ryan_Lane> we ran the binary through a decompiler and it's indeed compiled with that option. I'm a bit confused as to what's going on
20:36 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Ping timeout: 255 seconds]
20:37 -!- AMERICAN_PSYCHO [~AMERICAN_@131.sub-70-196-11.myvzw.com] has quit [Quit: Goodbye!]
20:51 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-zfoscmabbmneduvw] has quit [Quit: Connection closed for inactivity]
20:57 -!- AMERICAN_PSYCHO [~AMERICAN_@131.sub-70-196-11.myvzw.com] has joined #openvpn
21:15 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Remote host closed the connection]
21:22 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
21:32 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
21:47 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 255 seconds]
22:02 -!- AMERICAN_PSYCHO [~AMERICAN_@131.sub-70-196-11.myvzw.com] has quit [Quit: Goodbye!]
22:17 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Quit: leaving]
22:40 -!- sinshiva [~sinshiva@2002:d1d0:41dd::] has joined #openvpn
22:41 < sinshiva> tls key negotiation failed with my old config, is it me or windows 10?
22:54 < sinshiva> bah
22:54 < sinshiva> stupid windows firewall
22:54 -!- sinshiva [~sinshiva@2002:d1d0:41dd::] has left #openvpn ["Leaving"]
23:12 -!- wowaname is now known as yolo
23:13 -!- yolo is now known as wowaname
23:23 -!- ShadniX [dagger@p5481DE4F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:23 -!- ShadniX_ [dagger@p57941A4C.dip0.t-ipconnect.de] has joined #openvpn
23:23 -!- ShadniX_ is now known as ShadniX
23:36 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Sat Aug 01 2015
00:08 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-uwedictjalwubrgm] has joined #openvpn
00:40 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has joined #openvpn
00:40 < eliasp> hi
00:41 < eliasp> what's the right place to propose patches for OpenVPN? It looks like all PRs on https://github.com/OpenVPN/openvpn/pulls are more or less ignored…
00:41 <@vpnHelper> Title: Pull Requests · OpenVPN/openvpn · GitHub (at github.com)
00:52 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:58 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:40 -!- HardWall [~HardWall@188.24.96.132] has joined #openvpn
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
01:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
01:49 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
01:59 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
02:45 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 244 seconds]
02:58 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has joined #openvpn
03:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:12 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
03:27 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
03:32 -!- anu2014 [8e04cee4@gateway/web/freenode/ip.142.4.206.228] has joined #openvpn
03:55 -!- anu2014 [8e04cee4@gateway/web/freenode/ip.142.4.206.228] has quit [Ping timeout: 246 seconds]
04:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:22 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Quit: leaving]
04:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:24 -!- mode/#openvpn [+o mattock1] by ChanServ
04:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
04:38 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
04:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
04:50 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:08 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 244 seconds]
05:16 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
05:22 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
06:02 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 252 seconds]
06:07 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
06:07 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Excess Flood]
06:09 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
06:09 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Excess Flood]
06:09 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
06:11 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
06:22 < Tools> plaisthos, all that was wrong was me not being able to set ip6tables in OpenVZ.... So, KVM will be to way to go from now on for me.. :P
06:29 < Tools> (And it did work with the /65 subnet ;))
06:53 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:54 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:54 -!- mode/#openvpn [+o mattock1] by ChanServ
07:01 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 244 seconds]
07:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
07:05 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
07:23 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
07:26 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
07:57 -!- EmperorTom [~EmperorTo@oreo.blissfulidiot.com] has joined #openvpn
08:13 -!- novaflash is now known as novaflash_away
08:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:41 -!- u0m3 [~u0m3@92.80.125.120] has quit [Remote host closed the connection]
08:44 -!- u0m3 [~u0m3@92.80.125.120] has joined #openvpn
08:55 -!- novaflash_away is now known as novaflash
09:21 -!- kcaj [kcaj@unaffiliated/kcaj] has quit [Quit: bleh]
09:26 -!- kcaj [kcaj@unaffiliated/kcaj] has joined #openvpn
09:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
09:54 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
10:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:12 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
10:33 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:53 -!- HardWall [~HardWall@188.24.96.132] has quit [Ping timeout: 255 seconds]
10:53 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
11:01 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
11:50 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
12:03 -!- boneskul_ is now known as boneskull
12:13 -!- DArqueBishop [~drkbish@2601:2c6:8100:2400:2e41:38ff:fe87:dd90] has quit [Quit: End of line.]
12:59 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
13:24 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
13:39 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:40 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 265 seconds]
13:41 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
13:49 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 244 seconds]
13:51 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
13:57 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
14:06 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 240 seconds]
14:28 -!- HardWall [~HardWall@188.24.96.132] has joined #openvpn
14:36 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 252 seconds]
14:37 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
14:40 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
14:44 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Quit: So long and thankful is the fish...]
15:02 -!- pipework is now known as Spacedroid
15:02 -!- Spacedroid is now known as pipework
15:06 -!- pipework is now known as pipedroid
15:06 -!- pipedroid is now known as pipework
15:11 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
15:12 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
15:36 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds]
15:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
15:56 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
16:02 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 265 seconds]
16:03 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
16:12 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
16:12 -!- kcaj [kcaj@unaffiliated/kcaj] has quit [Ping timeout: 252 seconds]
16:15 -!- kcaj [kcaj@unaffiliated/kcaj] has joined #openvpn
16:17 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
16:22 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:37 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has joined #openvpn
16:52 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:02 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 265 seconds]
17:20 -!- RealityVoid [~HardWall@188.24.120.58] has joined #openvpn
17:23 -!- akamaru217 [~akamaru@2601:cd:4001:b705:ed7d:97ba:7798:75db] has quit [Read error: Connection reset by peer]
17:23 -!- HardWall [~HardWall@188.24.96.132] has quit [Ping timeout: 244 seconds]
17:24 -!- RealityVoid [~HardWall@188.24.120.58] has quit [Read error: Connection reset by peer]
17:31 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
17:34 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 256 seconds]
17:34 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
17:51 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-uwedictjalwubrgm] has quit [Quit: Connection closed for inactivity]
18:05 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
18:06 -!- FlipBill [~bill@smtpv3.cosi.net] has quit [Ping timeout: 265 seconds]
18:23 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
18:26 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-kokhgzmnorhymdhc] has joined #openvpn
18:30 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:43 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 255 seconds]
18:46 -!- kcaj [kcaj@unaffiliated/kcaj] has quit [Quit: bleh]
18:46 -!- kcaj [~kcaj@unaffiliated/kcaj] has joined #openvpn
18:52 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has quit [Quit: Bye bye]
19:01 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
19:03 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
19:11 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-kokhgzmnorhymdhc] has quit []
19:14 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
19:15 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
19:32 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 255 seconds]
19:34 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
19:40 -!- fling [~fling@fsf/member/fling] has joined #openvpn
19:42 -!- toli [~toli@ip-83-134-64-119.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
19:44 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Read error: Connection reset by peer]
19:44 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has joined #openvpn
19:49 -!- toli [~toli@ip-83-134-64-119.dsl.scarlet.be] has joined #openvpn
20:24 -!- wowaname is now known as kush
20:56 -!- kush is now known as wowaname
21:06 -!- synthnassizer [~synthnass@adsl-40.79.107.12.tellas.gr] has joined #openvpn
21:07 -!- synthnassizer [~synthnass@adsl-40.79.107.12.tellas.gr] has left #openvpn ["WeeChat 0.4.1"]
21:35 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
21:36 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
21:41 -!- hive-mind [pranq@mail.bbis.us] has quit [Remote host closed the connection]
21:42 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
21:48 -!- wowaname is now known as opal
21:48 -!- opal is now known as wowaname_
21:57 -!- wowaname_ is now known as wowaname
22:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
22:37 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
22:43 -!- akamaru217 [~akamaru@2601:cd:4001:b705:d096:4f64:84cb:5dd8] has joined #openvpn
22:45 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 246 seconds]
22:47 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
22:51 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
23:12 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 260 seconds]
23:21 -!- ShadniX [dagger@p57941A4C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:22 -!- ShadniX [dagger@p57941576.dip0.t-ipconnect.de] has joined #openvpn
23:25 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
23:31 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 244 seconds]
23:33 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
23:38 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 244 seconds]
23:46 -!- allenp [~allen@sea.savenet.org] has joined #openvpn
23:48 < allenp> question about the client for windows
23:48 < allenp> is this old style no longer available? https://i.imgur.com/yAHnMhB.jpg
23:48 < allenp> downloaded this latest gui thing, and it keeps attaching to the vpn when I boot the laptop
23:50 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
--- Day changed Sun Aug 02 2015
00:02 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:13 -!- allenp [~allen@sea.savenet.org] has left #openvpn []
00:42 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
00:47 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 244 seconds]
00:50 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
00:51 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
00:55 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
01:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:17 < skyroveRR> I'm hoping for an opinion; is it preferable to host a VPN to access an IRC server or an IRC bouncer? One of my users has no intention of providing the nickserv details to me... also, if I run a VPN server using openvpn, will it be possible to allow ONLY IRC access and block all the other protocols?
01:20 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:46 < suexec> skyroveRR, Use a bouncer .. Setting up a VPN server simply to give your friend irc access is a bit overkill
01:56 -!- toli [~toli@ip-83-134-64-119.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:56 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
01:59 -!- toli [~toli@ip-62-235-221-82.dsl.scarlet.be] has joined #openvpn
02:12 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has quit [Quit: Leaving.]
02:18 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
02:19 < Tools> skyroveRR, why would they have to provide you with nickserv details...? If you set up an IRC Bouncer, they can identify with nickserv themselves after connecting..
02:19 < skyroveRR> Tools: I've actually never tried it before for the IRC bouncer except for my account.. so it's a first for me.
02:21 < Tools> Ah, for example if you were to use ZNC as bouncer, you can setup an account for anyone (username/network:password), give them those details, and then they can configure it all for the rest (including nickserv identifies, on connects, etc)
02:21 < skyroveRR> Tools: I'm really glad you told me that. :)
02:21 < skyroveRR> Thank you.
02:22 < Tools> skyroveRR, no problem. :) If you need any help with znc, feel free to ask. (or join #znc here on freenode)
02:27 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:31 -!- Kobaz [~kobaz@its.kobaz.net] has quit [Ping timeout: 240 seconds]
02:32 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 265 seconds]
02:33 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
02:35 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 252 seconds]
02:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:42 -!- wowaname [h@love.wowana.me] has joined #openvpn
02:50 -!- HardWall [~HardWall@188.24.120.58] has joined #openvpn
02:50 -!- RealityVoid [~HardWall@188.24.120.58] has joined #openvpn
02:54 -!- RealityVoid [~HardWall@188.24.120.58] has quit [Client Quit]
03:12 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 256 seconds]
03:16 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 260 seconds]
03:18 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:21 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 244 seconds]
03:25 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
03:44 -!- ghostboarder [~johngalt@S010600219113eeb0.vs.shawcable.net] has joined #openvpn
03:49 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
03:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
03:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:59 -!- mode/#openvpn [+o mattock1] by ChanServ
04:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:20 -!- ghostboarder [~johngalt@S010600219113eeb0.vs.shawcable.net] has quit [Ping timeout: 244 seconds]
04:22 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
04:26 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Read error: Connection reset by peer]
04:34 -!- master_of_master [~master_of@p4FD7B690.dip0.t-ipconnect.de] has joined #openvpn
04:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
04:45 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
04:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:45 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
04:47 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:03 -!- s7eele [~AndChat52@208.167.254.200] has quit [Remote host closed the connection]
05:13 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:35 < pitastrudl> IRRUMINATI
05:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
05:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
06:09 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
06:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:20 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has left #openvpn []
06:56 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
07:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
07:36 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
07:41 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
07:48 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:51 -!- DArqueBishop [~drkbish@tyrande.darquecathedral.org] has joined #openvpn
07:52 -!- RealityVoid [~HardWall@79.119.99.43] has joined #openvpn
07:55 -!- HardWall [~HardWall@188.24.120.58] has quit [Ping timeout: 255 seconds]
08:10 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-gspyvndfvqbdohhm] has joined #openvpn
08:11 < wallbroken> https://social.technet.microsoft.com/Forums/en-US/261392a2-3914-4518-acb4-065a0a635f58/build-10049-breaks-openvpn-there-are-no-tapwindows-adapters-on-this-system?forum=WinPreview2014General
08:11 <@vpnHelper> Title: build 10049 breaks openvpn: "There are no TAP-Windows adapters on this system" (at social.technet.microsoft.com)
08:11 < wallbroken> windows 10 does not support TAP interface?
08:34 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
08:53 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:54 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 260 seconds]
09:08 -!- paraatha [65dedfda@gateway/web/cgi-irc/kiwiirc.com/ip.101.222.223.218] has joined #openvpn
09:08 < paraatha> So, as the topic states, my problem is firewall
09:08 < paraatha> No matter what I do, I can't get it to forward 1194
09:09 < paraatha> I've tried Ubuntu/ufw, Ubuntu/iptables and CentOS/iptables
09:09 < paraatha> Can someone help me out?
09:11 < paraatha> !welcome
09:11 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
09:11 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:11 < paraatha> !goal
09:11 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
09:17 < paraatha> I guess no one's around :(
09:18 -!- paraatha [65dedfda@gateway/web/cgi-irc/kiwiirc.com/ip.101.222.223.218] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
09:19 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
09:20 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
09:20 < kexmex> hi
09:20 < kexmex> i want to make a secure virtual network of several machines. what if the openvpn server goes down?
09:23 -!- Eos [~HardWall@188.24.117.189] has joined #openvpn
09:26 -!- RealityVoid [~HardWall@79.119.99.43] has quit [Ping timeout: 244 seconds]
09:31 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Read error: Connection reset by peer]
09:32 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
09:32 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
09:34 -!- DArqueBishop [~drkbish@tyrande.darquecathedral.org] has quit [Quit: End of line.]
09:35 -!- DArqueBishop [1000@tyrande.darquecathedral.org] has joined #openvpn
09:35 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
09:35 -!- DArqueBishop [1000@tyrande.darquecathedral.org] has quit [Client Quit]
09:36 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
09:37 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has joined #openvpn
09:38 -!- DArqueBishop [1000@tyrande.darquecathedral.org] has joined #openvpn
09:40 -!- DArqueBishop [1000@tyrande.darquecathedral.org] has quit [Client Quit]
09:41 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
09:43 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
09:44 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
09:45 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
09:45 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:47 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:56 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
09:57 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
10:00 -!- apollo2k is now known as aPollO2k
10:03 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
10:04 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
10:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:27 -!- Eos is now known as HardWall
10:32 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
10:32 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 265 seconds]
10:34 -!- KeatonT [~KeatonT@pool-173-64-210-22.dllstx.fios.verizon.net] has left #openvpn []
10:46 -!- kcaj [~kcaj@unaffiliated/kcaj] has quit [Ping timeout: 240 seconds]
10:48 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:52 -!- kcaj [~kcaj@unaffiliated/kcaj] has joined #openvpn
11:11 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
11:15 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
11:16 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
11:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
11:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
11:30 -!- ciscam [~Anon@b2b-130-180-90-98.unitymedia.biz] has joined #openvpn
11:30 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:31 < ciscam> what distribution is the openvpn-as based on and what architecture should I choose for importing the .vhd into my virtualbox?
11:33 < ciscam> and how much ram will it need for one concurrent user?
11:33 < ciscam> I can't seem to find any details about this on the OpenVPN website
11:33 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
11:33 -!- mode/#openvpn [+v s7r] by ChanServ
11:35 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 240 seconds]
11:35 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 240 seconds]
11:35 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 240 seconds]
11:37 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
11:37 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
11:44 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 240 seconds]
11:45 < wallbroken> windows 10 has a built in VPN switch in control center, is it compliant also with openvpn?
11:45 < wallbroken> or only with windows supported vpn?
11:46 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 240 seconds]
11:48 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
11:49 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
11:51 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
12:16 -!- seoner [~usr@gateway/vpn/privateinternetaccess/sand3r] has joined #openvpn
12:16 < seoner> hi should i run openvpn as root? i am using linux debian 7
12:20 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 260 seconds]
12:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
12:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:36 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
12:42 -!- akamaru217 [~akamaru@2601:cd:4001:b705:d096:4f64:84cb:5dd8] has quit [Quit: Leaving]
12:49 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:57 -!- vilaix [~vilaix@181.41.210.93] has joined #openvpn
13:00 < vilaix> hello, does anyone know why my IP is leaking when i'm using virtualbox with "brigded adapter" on ? Im connected to vpn through openvpn on linux.
13:01 < Thermi> vilaix: Because the bridge driver doesn't use any routing or netfilter code on the host. It goes to directly to the wire.
13:03 < vilaix> but my host is connected to vpn and i'm making connection through virtualized OS on VB, how come that virtualization can pass through my vpn host ip and discover original one ?
13:04 < Thermi> It goes directly from the VM's virtualized NIC to the physical NIC.
13:04 < vilaix> so this s not a bug then ?
13:04 < Thermi> It doesn'T pass through any IP. It goes directly to the hardware and bypasses the netfilter code and routing.
13:04 < Thermi> Of course not. That's how VirtualBox does bridging.
13:05 < vilaix> wow thank you Thermi
13:05 < vilaix> great to know
13:07 < vilaix> thank you hava a great day or night
13:07 -!- vilaix [~vilaix@181.41.210.93] has quit [Quit: Leaving]
13:13 -!- Haigha [~root@aela.xomg.net] has quit [Remote host closed the connection]
13:14 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
13:16 -!- seoner [~usr@gateway/vpn/privateinternetaccess/sand3r] has quit [Quit: Lost terminal]
13:31 -!- aPollO2k is now known as apollo2k
13:45 -!- apollo2k is now known as aPollO2k
13:48 -!- Owner [~Owner@unaffiliated/owner] has joined #openvpn
13:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
13:51 -!- linuxthefish [~ltf@unaffiliated/edmundf] has quit [Quit: ZNC - http://znc.in]
13:53 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
13:56 -!- Netsplit *.net <-> *.split quits: funnel, zpatten, Tykling, peder, Eric-K
13:56 -!- Netsplit over, joins: peder
13:56 -!- Netsplit over, joins: funnel
13:57 -!- Netsplit over, joins: zpatten
13:57 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:58 -!- Eric-K [eric@188.226.225.197] has joined #openvpn
13:58 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
14:10 -!- Netsplit *.net <-> *.split quits: KakuRoze, infernix, zimboboyd, Ryan_Lane, Darkwell
14:11 -!- Netsplit over, joins: zimboboyd
14:13 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
14:13 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
14:15 -!- master_o1_master [~master_of@p4FD7B6AC.dip0.t-ipconnect.de] has joined #openvpn
14:15 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 260 seconds]
14:18 -!- master_of_master [~master_of@p4FD7B690.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
14:21 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has quit [Ping timeout: 246 seconds]
14:23 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
14:24 -!- s7eele [~AndChat52@208.167.254.200] has joined #openvpn
14:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 256 seconds]
14:52 -!- s7eele [~AndChat52@208.167.254.200] has quit [Remote host closed the connection]
15:05 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has joined #openvpn
15:12 -!- zpatten [~zpatten@unaffiliated/zpatten] has quit [Ping timeout: 240 seconds]
15:17 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
15:25 -!- s7eele [~AndChat52@208.167.254.200] has joined #openvpn
15:28 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
15:29 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
15:29 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
15:31 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 252 seconds]
15:52 -!- s7eele [~AndChat52@208.167.254.200] has quit [Remote host closed the connection]
15:54 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Remote host closed the connection]
15:54 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
16:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:24 -!- krzie [~k@openvpn/community/support/krzee] has joined #openvpn
16:24 -!- mode/#openvpn [+o krzie] by ChanServ
16:25 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
16:28 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
16:28 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 255 seconds]
16:29 -!- tpw_rules [~tpw_rules@li242-215.members.linode.com] has joined #openvpn
16:30 -!- Owner [~Owner@unaffiliated/owner] has quit [Ping timeout: 244 seconds]
16:30 < tpw_rules> hi. i'm having openvpn performance problems
16:32 < tpw_rules> http://pastie.org/10326469 server conf. http://pastie.org/private/u85mzgwohldfelus6apog client conf. my computer at my house is getting 2MB/s over a vpn to my VPS. without the vpn, it gets ~12MB/s. another computer at my house gets 8MB/s to the vpn
16:32 < tpw_rules> over*
16:32 < tpw_rules> tried lots of mtu settings but no dice
16:32 < tpw_rules> for kicks i tried switching to tcp and tunneling over SSH. this brings performance to 9MB/s on the computer only getting 2
16:33 < tpw_rules> but that would be tcp over tcp over tcp and people tell me that's a bad idea
16:33 < tpw_rules> server has 2.2.1-8+deb7u3 and client has 2.3.6-1
16:33 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
16:33 < tpw_rules> both clients have that version
16:34 <@krzie> well the tcp in tcp meltdown will happen once theres something to kick it off
16:34 <@krzie> have you tried playing with the mtu?
16:34 <@krzie> !speed
16:34 < tpw_rules> a loit
16:34 <@vpnHelper> "speed" is (#1) Having speed problems? The following suggestions may help. or (#2) OpenVPN is often CPU bound; check utilization, and remember it only uses 1 core (single-threaded) or (#3) MTU issues? Send max-size DF packets and watch for fragmentation/delivery issues (see !mtu) or (#4) iface txqueuelen often needs to be >100 on fast and/or latent links or (#5) less likely are issues with bad TCP
16:34 <@vpnHelper> window scaling or the sliding window; generally, don't 2nd guess TCP (in openvpn or your OS knobs) or (#6) prefer tun over tap (see !tunortap and !whybridge) and UDP over TCP (see !tcp) or (#7) if iperf on public ip is also bad, dont expect openvpn to magically make your connection to the server better. or (#8) also consider testing without compression (on _both_ sides, try: --comp-lzo no) or (#9) a
16:34 <@vpnHelper> user reported that http://lowendtalk.com/discussion/comment/843711/ helped them.
16:34 < tpw_rules> yes i did all of those
16:35 < tpw_rules> let me try the socket buffer thing
16:35 <@krzie> you said without the vpn you get 12MB/s, is that using iperf over udp?
16:35 < tpw_rules> that's just downloading a file
16:35 <@krzie> oh so tcp
16:35 < tpw_rules> yes
16:36 < tpw_rules> that socket size sounds good though
16:36 <@krzie> aka, unrelated to the vpn in udp mode, but matching results to the vpn in tcp mode
16:36 < tpw_rules> in tcp mode i can only get 1MB/s through it
16:36 <@krzie> oh i misunderstood
16:38 < tpw_rules> setting snd/rcvbuf maybe got us half a meg per second
16:38 < tpw_rules> byte that is
16:39 < tpw_rules> oh bingo. i put in a big number and now things are looking almost perfect
16:40 < tpw_rules> thank you so so much
16:40 <@krzie> ooo sweet! glad to hear it
16:40 <@krzie> \o/
16:41 <@krzie> ValdikSS++
16:41 < tpw_rules> honestly. been trying to fuck with this shit for a week
16:42 <@krzie> in your defense, thats a common issue with many common solutions
16:42 -!- zpatten [~zpatten@unaffiliated/zpatten] has quit [Ping timeout: 246 seconds]
16:42 < tpw_rules> well nobody else thought of it
16:42 <@krzie> the next person with that same issue probably wont have the same solution
16:42 < tpw_rules> they were all blaming MTUs
16:43 <@krzie> ya, they probably often find people who that helps too
16:43 <@krzie> hehe
16:44 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
16:50 -!- zpatten [~zpatten@unaffiliated/zpatten] has quit [Ping timeout: 252 seconds]
16:51 -!- tpw_rules [~tpw_rules@li242-215.members.linode.com] has left #openvpn ["Evil will always triumph, because good is dumb."]
16:51 -!- tpw_rules [~tpw_rules@li242-215.members.linode.com] has joined #openvpn
16:54 -!- HardWall [~HardWall@188.24.117.189] has quit [Read error: Connection reset by peer]
16:56 -!- aPollO2k is now known as apollo2k
17:00 -!- cylon512 [~cylon@37-144-29-21.broadband.corbina.ru] has quit [Quit: leaving]
17:01 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
17:03 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 260 seconds]
17:06 < tpw_rules> krzie: okay it seems that only worked once
17:06 < tpw_rules> rebooted and now it sucks again
17:07 < tpw_rules> iface txqueuelen is fine
17:07 < tpw_rules> not running out of cpu. iperf is good. using tun. not using tcp. comp-lzo disabled
17:07 < tpw_rules> oh wait i lookged back and suddenly it jumped to peak speed. and now it's slowing down again
17:11 < tpw_rules> yeah there is still a hangup somewhere
17:11 < tpw_rules> right now it's downloading at 2.2MB/s through the vpn
17:13 < tpw_rules> restart the download, now it's 8MB/s
17:14 < tpw_rules> a connection around the vpn is sustained perfectly. none of this randomly dropping
17:15 < tpw_rules> 1GB file with wget: 13.3MB/s, min of around 10MB/s
17:15 < tpw_rules> average 11.6MB/s
17:19 < tpw_rules> nope i don't think changing the buffer size did anything krzie. just an assholish coincidence
17:20 < tpw_rules> any suggestions?
17:22 < tpw_rules> now i'm getting 6MB/s
17:22 < tpw_rules> oops it went up to 7 and is now back down to 2
17:23 < tpw_rules> ping is 54ms from client to server btw
17:30 -!- zpatten [~zpatten@unaffiliated/zpatten] has quit [Quit: SEGFAULT]
17:38 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 256 seconds]
17:41 -!- jafa [~jafa@2001:470:80ca:2000:9c0b:a155:1f10:aa94] has joined #openvpn
17:43 < jafa> hi guys, what mss/mtu settings should I configure when using OpenVPN over udp6?
17:44 < jafa> or does openvpn auto-clamp the mss?
18:04 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
18:05 < trumee> i have two linux systems connected through openvpn. The remote system is on a crappy DSL connection. What is the quickest way to transfer a file across?
18:12 < wallbroken> windows 10 has a built in VPN switch in control center, is it compliant also with openvpn?
18:23 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
18:47 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:08 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
19:09 -!- krzie [~k@openvpn/community/support/krzee] has quit [Read error: Connection reset by peer]
19:10 < tpw_rules> wallbroken: i don't think so. i looked and it gives a list of options but iirc none are openvpn
19:10 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 246 seconds]
19:41 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
19:41 -!- grit [~grit@unaffiliated/grit] has quit [Ping timeout: 244 seconds]
19:42 -!- grit [~grit@unaffiliated/grit] has joined #openvpn
19:57 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
20:12 < tpw_rules> krzee: you here?
20:31 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 260 seconds]
20:32 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
21:35 -!- EmperorTom [~EmperorTo@oreo.blissfulidiot.com] has quit [Read error: Connection reset by peer]
21:35 -!- EmperorTom [~EmperorTo@oreo.blissfulidiot.com] has joined #openvpn
21:48 -!- boneskul_ [~boneskull@63.142.161.2] has joined #openvpn
21:51 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 256 seconds]
22:25 -!- akamaru217 [~akamaru@2601:cd:4001:b705:195:2981:8120:b619] has joined #openvpn
22:41 -!- boneskul_ [~boneskull@63.142.161.2] has quit []
23:22 -!- ShadniX [dagger@p57941576.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:22 -!- ShadniX_ [dagger@p5481C2FE.dip0.t-ipconnect.de] has joined #openvpn
23:22 -!- ShadniX_ is now known as ShadniX
23:45 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:47 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
--- Day changed Mon Aug 03 2015
00:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
00:17 -!- s7eele [~AndChat52@208.167.254.200] has joined #openvpn
00:22 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
00:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:12 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:12 -!- mode/#openvpn [+o mattock1] by ChanServ
01:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
01:22 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
01:38 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
01:39 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
01:39 < Steven_> trumee: netcat
01:50 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:55 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
02:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
02:15 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
02:15 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
02:19 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:20 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
02:35 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
02:42 -!- u0m3 [~u0m3@92.80.125.120] has quit [Ping timeout: 246 seconds]
02:45 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
02:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
02:59 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
03:14 -!- apollo2k is now known as aPollO2k
03:25 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Remote host closed the connection]
03:29 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
03:34 -!- apocr [~apoc@192.71.218.191] has joined #openvpn
03:36 < apocr> hi. I've started my server openvpn with --verb 4, to find the cause of a random disconnect, now I face numerous lines of "Mon Aug  3 08:29:49 2015 us=90580 rytlock/<public-ip (whois told me its my provider)>:62809 MULTI: bad source address from client [<private-ip of my wifi>], packet dropped".. what does this mean?"
03:39 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 244 seconds]
03:47 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 252 seconds]
03:55 -!- ghormoon [~ghormoon@ghorland.net] has quit [Quit: ZNC - http://znc.in]
03:57 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
04:39 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
04:39 -!- mode/#openvpn [+o dazo_afk] by ChanServ
04:40 -!- dazo_afk is now known as dazo
04:41 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:06 -!- Tyklol [tykling@gibfest.dk] has joined #openvpn
05:07 -!- cyberspace- [20253@ninthfloor.org] has quit [Disconnected by services]
05:07 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 240 seconds]
05:08 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Ping timeout: 240 seconds]
05:08 -!- fred`` [fred@earthli.ng] has quit [Quit: +++ATH0]
05:08 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 240 seconds]
05:08 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 240 seconds]
05:08 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
05:08 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 240 seconds]
05:08 -!- funnel_ [~funnel@unaffiliated/espiral] has joined #openvpn
05:08 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 240 seconds]
05:08 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
05:08 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
05:08 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
05:08 -!- funnel_ is now known as funnel
05:09 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 244 seconds]
05:09 -!- fred`` [fred@2001:6f8:10c0:0:2010:abec:24d:2500] has joined #openvpn
05:09 < apocr> are occasional "replay-window backtrack occured"'s ok or should I look into it?
05:10 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
05:13 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
05:13 -!- mode/#openvpn [+o dazo] by ChanServ
05:16 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
05:17 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
05:27 -!- apocr [~apoc@192.71.218.191] has quit [Ping timeout: 246 seconds]
05:34 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:35 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:46 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
05:55 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
06:13 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
06:26 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:27 -!- Tyklol is now known as Tykling
06:57 -!- seoner [~usr@gateway/vpn/privateinternetaccess/sand3r] has joined #openvpn
06:57 < seoner> hi. should i run openvpn as root? i am using linux debian 7
06:59 < seoner> this channel is dead
07:04 < seoner> hello
07:04 < seoner> ??????????
07:04 < seoner> anybody+
07:04 < seoner> ?
07:04 < seoner> ?
07:04 < seoner> ??
07:04 < seoner> ????
07:04 < seoner> ????
07:04 < seoner> only bots?
07:04 < seoner> 221 bots
07:04 < seoner> should i run openvpn client as root?
07:07 < Mike--> that depends if you need to something with routing/dns/whatever
07:07 < Mike--> but mostly yes
07:09 < seoner> Mike--: what are you mean?
07:10 < seoner> i am going to use openvpn as client
07:10 < seoner> do i need to run it as root?
07:10 < seoner> Mike--: openvpn is changing your IP and forward traffic truth it
07:11 < seoner> so why are you asking questions like? what openvpn does?
07:11 < seoner> again. the question was, if i should run it as root or not?
07:16 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
07:28 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:31 < Tools> seoner, spamming will get you nowhere.. But you can always run it as root, and use the user/group parameters to drop to a lower user after it's running.
07:33 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
07:37 -!- Anoniem4l [~Anoniem4l@unaffiliated/anoniem4l] has quit [Quit: say wat]
07:42 < clu5ter> :)
07:52 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:54 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Client Quit]
07:54 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has joined #openvpn
07:55 < schone> hello
07:56 < schone> does openvpn have any concept of maximum packet size? i have these two web services on my internal network that when they return a larger return openvpn doens’t relay it back to the client (when I say larger we’re talking about 9000 BYTES
07:56 < schone> i did tcpdump on the tun0 device and saw the response so i know its openpvpn thats not relaying it and not the web service itself
08:06 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:10 < tpw_rules> tun0 device on which side?
08:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:15 < schone> tpw_rules: tun0 on the server side
08:15 < schone> and utun0 on the client side (osx)
08:16 < schone> tpw_rules: mind you a lot of traffic does pass thru… but there are some responses from two differetn web services (have nothing to do with one another) that wont come back and by looking at tcpdump i verified it atleast gets back to the openvpn server
08:17 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
08:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:35 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
08:35 -!- Owner [~Owner@unaffiliated/owner] has joined #openvpn
08:46 -!- seoner [~usr@gateway/vpn/privateinternetaccess/sand3r] has quit [Ping timeout: 250 seconds]
08:52 -!- tpw_rules [~tpw_rules@li242-215.members.linode.com] has left #openvpn ["Evil will always triumph, because good is dumb."]
08:57 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:10 < schone> i have even further insight now
09:10 < schone> i ran tcpdump on the client and it indeed gets the result of the HTTP request, but when it sensds back an ACK i think that ACK isnt making it back to the server which doesnt send the FIN so the “curl” program just hangs indefenitely not showing the data received even tho it did come across the wire
09:14 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
09:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
09:41 < schone> and here’s another highlight… when I enable ‘comp-lzo’ in both server and client some of those hung http requests work suddenly, but some continue to not work
09:41 -!- ciscam [~Anon@b2b-130-180-90-98.unitymedia.biz] has quit [Ping timeout: 250 seconds]
09:41 < schone> does that tell you guys anything? cuz i’m lost and it’s over my head
09:47 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has quit [Quit: schone]
09:49 < toli> hey, I have about 50 clients connected to the VPN network using TCP 1194, but it seems some of the clients behind proxy cannot connect - is there a workaround on this?
09:50 < toli> can I configure the client to use proxy?
09:50 <@plaisthos> yes
09:50 <@plaisthos> see the manpage for http-proxy
09:50 < toli> thanks plaisthos
09:55 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has joined #openvpn
10:00 -!- vrs [~vrs@unaffiliated/vrs] has joined #openvpn
10:00 < vrs> is there a way to allow only one command in the management interface?
10:01 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
10:01 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
10:05 <@plaisthos> vrs: no
10:06 < vrs> hm shame, I had looked for an easy way to get the connection status
10:08 -!- aPollO2k is now known as apollo2k
10:08 -!- master_o1_master [~master_of@p4FD7B6AC.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
10:09 -!- master_of_master [~master_of@p4FF242C6.dip0.t-ipconnect.de] has joined #openvpn
10:15 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
10:19 < toli> plaisthos, tried the config for the proxy: us=938935 HTTP proxy returned: 'HTTP/1.0 403 Forbidden'
10:23 <@plaisthos> toli: then the proxy does not allow a connect to a non 443 port
10:24 < toli> plaisthos, it allows port 80 and 443 for sure. in this case, can I allow 2 ports on the server side?
10:26 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
10:32 < toli> when I make second config on the server it gives already used IP's from the first config! and I want them to be accesible via both
10:34 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:35 <@plaisthos> toli: redirect via iptables
10:35 < toli> plaisthos, the second config redistributes already given IP's !
10:35 < toli> plaisthos, this is strange!
10:36 <@plaisthos> toli: no it is not strange
10:36 <@plaisthos> you set up two server told them both to give out the same IP addresses
10:36 < toli> yes
10:37 < toli> I understand this is true, but then I will need to make diferent subnet for the second connection
10:38 <@plaisthos> yes
10:39 <@plaisthos> use tcp redirect of iptables
10:39 <@plaisthos> and redirect 443 to 1194
11:17 -!- Owner [~Owner@unaffiliated/owner] has quit [Quit: Leaving]
11:24 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:52 -!- fear-sleep [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
11:53 < fear-sleep> question about openvpn (or possibly vpns in general) since I'm a bit new to them
11:53 < fear-sleep> if I'm ssh-ing into a client and running openvpn on the client, will that cause any issues with the ssh session?
11:54 < DArqueBishop> No.
11:54 < DArqueBishop> Well, not unless the client's OpenVPN configuration requires it to push all network traffic elsewhere, I'd imagine.
11:55 <@plaisthos> well starting openvpn can change your routing and break your existing ssh session
11:56 < fear-sleep> @plaisthos - that's what I was concerned about. How can I ensure that I don't break the ssh?
11:57 -!- fear-sleep is now known as fearnothing
11:57 < schone> hi guys
11:57 < schone> question
11:58 < schone> i just realized my connection problems were because i was using UDP vs the TCP based server… why does UDP have these odd problems where big response would jam the line and stop everything else?
11:58 < schone> and by big i mean less thank <14kb
11:58 < schone> than*
11:58 < BtbN> tcp has a huge bunch of problems, udp is the prefered protocol.
11:59 <@plaisthos> !tcp
11:59 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
12:00 <@plaisthos> tcp works but udp not you likely to have mtu problems
12:00 <@plaisthos> !mtu
12:00 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
12:01 < schone> plaisthos: im following the guide
12:01 < schone> report back shortly
12:04 < fearnothing> plaisthos - any tips?
12:11 < schone> plaisthos: so i figured my max packet size is 1372 or an MTU of 1410
12:11 < schone> what do I do next with that information?
12:17 < schone> do i set tun-mtu? or frag
12:17 < schone> or what
12:21 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:21 < schone> or do I hcange mssfix and fragment?… and if its the latter, then what do I put into those? 1372?
12:21 < schone> i meant 1382* sorry
12:27 < schone> nvm i figured it out…. “fragment 1382” and then line below “mssfix"
12:44 < schone> does fragment directive work in ios8 ?
12:45 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
12:49 -!- vrs [~vrs@unaffiliated/vrs] has left #openvpn []
13:08 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 265 seconds]
13:22 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:23 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
13:35 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
13:57 -!- toli [~toli@ip-62-235-221-82.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:59 -!- toli [~toli@ip-81-11-248-5.dsl.scarlet.be] has joined #openvpn
14:01 -!- HardWall [~HardWall@86.122.174.23] has joined #openvpn
14:08 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has quit [Quit: schone]
14:09 < fearnothing> anyone around who can tell me how I avoid messing up an ssh session by starting an openvpn connection?
14:11 < fearnothing> connections would look something like this: windows ---putty----> ubuntu ----openvpn---> destination
14:14 < DArqueBishop> Like plaisthos mentioned, it depends on how the OpenVPN server forces routing on the client.
14:34 -!- k3y [~k3y@50-47-10-150.evrt.wa.frontiernet.net] has joined #openvpn
14:45 < fearnothing> oh right so it's not under my control
14:45 < DArqueBishop> !both
14:45 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
14:46 < fearnothing> he said that it could cause problems but it wasn't clear that was dependent on the server from what he said :P
14:55 < DArqueBishop> It is. The OpenVPN server is what controls the routes pushed to the client. The question is if the traffic between you and the Ubuntu box is in a route that would be affected.
14:55 < DArqueBishop> For example, if he pushes redirect-gateway and you're not on the same subnet as the Ubuntu box, it would be affected.
14:56 < DArqueBishop> (It should be noted that I am an admin and not necessarily an expert. Take what I say with a grain of salt.)
15:05 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:08 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:13 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 240 seconds]
15:33 <@krzee> fearnothing:, i can tell you how
15:33 <@krzee> before you start the vpn, make a host route to the host you are ssh'ing to, making i t use your current default gateway
15:34 <@krzee> then when you start the vpn your route to the host will be unaffected
15:35 < wallbroken> krzee, windows 10 has a control center with a vpn switch, it also affects openvpn?
15:35 <@krzee> no idea, i havnt used windows since xp
15:35 <@krzee> but probably not
15:35 < wallbroken> ok
15:49 -!- krzee [ba95f387@openvpn/community/support/krzee] has quit [Quit: Page closed]
15:55 < fearnothing> krzee - thanks, I really appreciate that
15:55 < fearnothing> now I just have to figure out -how- to do that :)
15:57 < fearnothing> does it make a difference if the host I'm ssh-ing to is on my local subnet?
15:57 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:57 < DArqueBishop> I would imagine that if it's on your local subnet that it won't be affected.
16:03 < fearnothing> okay... here goes nothin'
16:05 < fearnothing> hrm, I seem to have forgotten the username my boss gave me, and it wasn't my normal one >_<
16:06 < fearnothing> guess I'll have to wait until tomorrow
16:08 -!- hyperspace4000 [~hyperspac@li499-8.members.linode.com] has quit [Remote host closed the connection]
16:09 -!- illu_ [~illu@45.52.239.140] has joined #openvpn
16:10 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
16:10 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
16:10 < illu_> I'm completely new to OpenVPN, and i'm trying to connect to a server on Arch Linux. I've got the TCP and UDP .ovpn files. I've got a couple questions.
16:11 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
16:11 -!- mode/#openvpn [+v s7r] by ChanServ
16:11 < illu_> 1. when trying to connect to the TCP server using 'openvpn --config (name).ovpn', it's saying connection refused
16:12 < illu_> Is it possible that the server has stopped using TCP?
16:12 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 244 seconds]
16:13 < illu_> 2. How could I convert the .ovpn files to .conf files?
16:15 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
16:15 <@plaisthos> illu_: just rename them :)
16:16 < illu_> plaisthos: oh, cool. okay
16:16 <@plaisthos> illu_: for tcp not working anymore
16:16 <@plaisthos> contact your server admin
16:16 <@plaisthos> !both
16:16 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
16:16 < illu_> okay
16:17 < illu_> how do I tell if it connects?
16:17 < illu_> (super noob question, sorry)
16:19 < illu_> bleh, this vpn seems to not work
16:21 < fearnothing> is the destination port open?
16:22 < illu_> i'm not sure
16:23 < fearnothing> well then. That's a good demonstration of the !both thing that plaisthos just pointed out :)
16:24 < fearnothing> how do you tell if it connects... well you won't get a message like "connection refused" for a start :P
16:25 < illu_> heh.. obviously
16:25 < illu_> I was just wondering becasue the UDP one stagnated on "Link remote:"
16:25 < illu_> but then it showed that the handshake had an error
16:29 < fearnothing> are you on windows or 'nix?
16:31 < illu_> Linux
16:31 < fearnothing> command line?
16:32 < illu_> Hm?
16:32 < illu_> Oh, yes
16:32 < fearnothing> GUI or cli?
16:32 < illu_> cli
16:33 < fearnothing> you'll probably see the prompt change, but if you're not sure, do ifconfig
16:33 < illu_> ah, okay
16:34 < fearnothing> s/change/message/
16:35 < illu_> well
16:36 < illu_> I was planning on paying for a vpn, but saw http://freevpn.me/ and figured "oh, might as well try this one"
16:36 <@vpnHelper> Title: Free VPN - Free Anonymous OpenVPN Service (at freevpn.me)
16:36 < illu_> went in figuring it wouldn't work
16:36 < illu_> Doesn't seem to work
16:37 < fearnothing> you're not going to get much in the way of support from there
16:38 < illu_> Seems so
16:38 < illu_> Do you know of any actually decent free vpns that are mostly anonymous?
16:38 < illu_> If not, then i'll probably have to buy one
16:38 < fearnothing> no
16:38 < fearnothing> 'anonymous' to whom?
16:39 < illu_> Anonymous to where nobody can see my traffic, or tie it to me
16:39 < fearnothing> do you care about them snarfing all of your data on the way through and doing man in the middle ads from questionable ad networks?
16:39 < illu_> Sure
16:39 < fearnothing> then don't go with a free one.
16:40 < fearnothing> because that's how free ones make their money.
16:40 < illu_> Ah, what would be a good paid one that isn't too expensive
16:40 < illu_> i.e under 9-10 USD
16:40 < fearnothing> per year?
16:40 < fearnothing> or per month
16:40 < illu_> a month
16:40 < fearnothing> oh, plenty I would think, but I don't know much about USD outfits, I'm in the UK
16:41 < illu_> they're roughly similar
16:41 < illu_> in value
16:41 < fearnothing> but based on what I've seen, that's about the right price for a reasonable offering
16:41 < illu_> the pound and the usd
16:41 < illu_> 10$ might be like 11-12 pounds i believe
16:41 < fearnothing> mm, from what I've seen if something's offered for $55 USD, in the UK it will be £55.
16:42 < fearnothing> $10 is about £6.
16:42 < fearnothing> so we're getting stiffed :P
16:43 < illu_> ah
16:44 < illu_> anyways, what would you recommend?
16:53 < fearnothing> I don't know, there's a lot more choice in the states
16:56 < illu_> i might just get pia's vpn
16:56 < illu_> thanks for all the help m8s
16:56 -!- illu_ [~illu@45.52.239.140] has quit [Quit: WeeChat 1.1.1]
17:13 -!- schone [~schone@cpe-66-108-173-39.nyc.res.rr.com] has joined #openvpn
17:13 < schone> hello
17:14 < schone> I have a max mtu problem and have solved it following the manual and using both fragmant and mssfix but those two directives are not compatible with iOS so my iOS devices are not working.  What other directives can I use that will be compatible with both iOS and the PCs?
17:30 < k3y> damnit why isn't tap compatible with android?!!? so annoying...
17:51 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:05 -!- schone [~schone@cpe-66-108-173-39.nyc.res.rr.com] has quit [Quit: schone]
18:30 < k3y> pkcs12 or pkcs11...hrmmmm
18:35 -!- CaTtleyA [~CaTtleyA@79.202.154.77.rev.sfr.net] has joined #openvpn
19:06 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 272 seconds]
19:07 -!- Straa [~Straa@unaffiliated/straa] has joined #openvpn
19:21 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
19:33 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has joined #openvpn
19:41 -!- CaTtleyA [~CaTtleyA@79.202.154.77.rev.sfr.net] has quit [Ping timeout: 272 seconds]
20:15 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
20:31 < schone> is anybody around?
20:32 < _FBi> some are just round
20:32 < _FBi> or around what?
20:34 < schone> lol
20:34 < schone> _FBi: would you be able to help me with some max MTU and the iOS app limitations?
20:35 < _FBi> negative, what the issue?
20:39 < schone> i had a max MTU isssue, i followed the guide, solved it with setting fragmant and mssfix
20:40 < schone> only to realize that while my desktop/laptop works great now, the iOS app doesn’t support the above mentioned directives
20:40 < schone> so my question is what can I set to make everybody play nicely together?
20:41 < _FBi> can you not change the MTU in your conf?
20:44 < schone> i can
20:44 < schone> _FBi: what do you have in mind?
20:59 < Eugene> Alcohol
21:00 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
21:05 < Eugene> !download
21:05 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
21:10 < schone> am i missing something?
21:10 < Eugene> !inline
21:10 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
21:10 < Eugene> No, this is for me.
21:14 < schone> _FBi: ?
21:28 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Excess Flood]
21:28 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
21:32 -!- HardWall [~HardWall@86.122.174.23] has quit [Ping timeout: 244 seconds]
21:43 -!- schone [~schone@pool-71-167-107-232.nycmny.fios.verizon.net] has quit [Quit: schone]
21:52 -!- Gwoplock [~quassel@2602:306:838a:cbd0:922b:34ff:fea1:efa1] has joined #openvpn
22:02 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
22:17 -!- Gwoplock [~quassel@2602:306:838a:cbd0:922b:34ff:fea1:efa1] has quit [Ping timeout: 244 seconds]
23:20 -!- ShadniX [dagger@p5481C2FE.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:20 -!- ShadniX_ [dagger@p57941949.dip0.t-ipconnect.de] has joined #openvpn
23:20 -!- ShadniX_ is now known as ShadniX
23:24 -!- khaldrogox [got@c-73-158-44-89.hsd1.ca.comcast.net] has joined #openvpn
23:36 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Tue Aug 04 2015
00:27 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
00:32 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has joined #openvpn
00:36 -!- lauri [~lauri@shell.stipit.com] has joined #openvpn
00:36 < lauri> Hi guys
00:36 < lauri> Does OpenVPN have something like CMP (Certificate Management Prtocol)?
00:37 < lauri> For automagically submitting CSR and waiting for certiifcate
01:21 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Read error: Connection reset by peer]
01:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
01:41 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:16 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
02:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:25 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
02:38 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:12 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
03:35 -!- Netsplit *.net <-> *.split quits: catsup, james41382, Zimsky, phreakocious, _0x5eb_, someone, r00t^2, @mattock1, liriel, jokker,  (+2 more, use /NETSPLIT to show all of them)
03:37 -!- Netsplit over, joins: _0x5eb_, @mattock1, catsup, liriel, james41382, jokker, phreakocious, NP-Completeass, someone, Kerberos76 (+2 more)
03:52 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
04:27 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
04:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:48 -!- pppingme is now known as Cruz4prez
05:12 -!- hydralisk [~hydra@unaffiliated/hydralisk] has joined #openvpn
05:57 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
05:59 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
06:12 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:14 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:22 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has quit [Quit: Tata.]
07:22 -!- funkenstrahlen [~pi@auriga.uberspace.de] has joined #openvpn
07:23 < funkenstrahlen> Hey, I try to run easy-rsa, but always get this error: https://gist.github.com/funkenstrahlen/e60f7e103c2f697c44c6
07:23 <@vpnHelper> Title: easy-rsa · GitHub (at gist.github.com)
07:23 < funkenstrahlen> any help?
07:27 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-akpxvpaspduuxoab] has joined #openvpn
07:32 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
07:36 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
08:01  * Bl4ckD34Th Hello.
08:10 <@plaisthos> funkenstrahlen: sudo is your problem
08:10 <@plaisthos> either no sudo at all
08:10 <@plaisthos> or sudo -s and then source ./var; ./clean-all
08:11 <@plaisthos> environemnt variables (which source ... sets) do not cross sudo calls
08:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:35 -!- svanheulen [~svanheule@c-174-56-174-204.hsd1.ga.comcast.net] has joined #openvpn
08:43 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
08:44 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 240 seconds]
08:46 < svanheulen> How would I handle a situation where the local and remote network both use the same subnet? I've got a working setup that I can connect with but when I try pinging an IP that's on the remote side it only tries within my local network
08:50 <@plaisthos> recent openvpn (2.3 or -master) has client-nat
08:51 <@plaisthos> or the OS nat capabilities
08:53 -!- Kobaz [~kobaz@its.kobaz.net] has joined #openvpn
08:54 < BtbN> svanheulen, there is no way to handle that.
08:56 < svanheulen> super
08:56 < BtbN> the best you can do is forward single ports, so you target packages to the local endpoint, and it forwards it to the other side, which then redirects it to an IP on that ends network.
08:56 < Tykling> svanheulen: you can handle it by nat'ing on one of the sides of the tunnel, it ain
08:56 < Tykling> 't pretty but it works
08:56 < Tykling> 1:1 nat on the firewall in one of the ends, not in openvpn ofcourse :)
09:18 -!- svanheulen [~svanheule@c-174-56-174-204.hsd1.ga.comcast.net] has left #openvpn ["leaving"]
09:23 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
09:25 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
09:26 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has quit [Ping timeout: 240 seconds]
09:27 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has joined #openvpn
09:45 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:52 -!- troyt_ [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 246 seconds]
09:58 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-akpxvpaspduuxoab] has quit [Quit: Connection closed for inactivity]
10:04 -!- funkenstrahlen [~pi@auriga.uberspace.de] has left #openvpn ["WeeChat 1.1.1"]
10:09 -!- master_o1_master [~master_of@p4FD7BF87.dip0.t-ipconnect.de] has joined #openvpn
10:12 -!- master_of_master [~master_of@p4FF242C6.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
10:13 -!- schone [uid104419@gateway/web/irccloud.com/x-cfvxnirvwxqhnvzl] has joined #openvpn
10:13 < schone> Hello
10:14 < schone> _FBi: are you around?
10:14 < schone> I was trying to ask yesterday what do people who need to use fragment/mssfix do if they want iOS users to be able to connect to their VPN?
10:16 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
10:43 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
10:43 -!- HardWall [~HardWall@86.122.174.23] has joined #openvpn
10:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
10:58 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
11:05 < Tools> Hello, is it possible for every user to get a public IP routed with just 1 openvpn instance? i.e. user 1 has 2001:db8::1 external and 2001:db8::2:1 internal and user 2 has ::2 and ::2:2.
11:15 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
12:20 -!- RealityVoid [~HardWall@86.122.174.23] has joined #openvpn
12:23 -!- HardWall [~HardWall@86.122.174.23] has quit [Ping timeout: 244 seconds]
12:23 -!- AlmogBaku [~AlmogBaku@bzq-79-176-166-157.red.bezeqint.net] has joined #openvpn
12:24 < BtbN> yes.
12:28 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
12:32 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 246 seconds]
12:35 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
12:35 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-gspyvndfvqbdohhm] has left #openvpn []
12:41 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
12:45 -!- AlmogBaku [~AlmogBaku@bzq-79-176-166-157.red.bezeqint.net] has quit [Remote host closed the connection]
13:05 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:09 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 260 seconds]
13:12 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
13:16 -!- SineDeviance [~quassel@2602:306:3908:8eb0:208c:12fc:e200:83b1] has quit [Ping timeout: 246 seconds]
13:17 -!- SineDeviance [~quassel@2602:306:3908:8eb0:cc3b:d6cf:f5dd:3a63] has joined #openvpn
13:30 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 252 seconds]
13:33 -!- wowaname [h@love.wowana.me] has joined #openvpn
14:01 -!- Nik05_ [~Nik05@unaffiliated/nik05] has joined #openvpn
14:02 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Ping timeout: 264 seconds]
14:12 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:12 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection reset by peer]
14:18 -!- k3y [~k3y@50-47-10-150.evrt.wa.frontiernet.net] has quit [Read error: Connection reset by peer]
14:22 -!- apocr [~apoc@84.18.148.158] has joined #openvpn
14:32 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
14:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
14:33 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
14:43 < DzAirmaX> hi guyz
14:46 < DzAirmaX> is it possible to get decent speed on ovpenvpn with a celeron ?
14:46 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:49 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:55 < DzAirmaX> I cant get faster than 10 mb/s no matter how I try :(
14:56 -!- akamaru217 [~akamaru@2601:cd:4001:b705:195:2981:8120:b619] has quit [Ping timeout: 244 seconds]
15:00 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
15:10 < apocr> I'm experiencing random disconnects from my client and found this when checking the logs.. https://paste.debian.net/hidden/8a7d72f8/  can someone give me a hint how to fix this?
15:43 -!- failshell [~failshell@phantom.failshell.io] has joined #openvpn
15:45 < failshell> so i have a client connecting to a server. i can from the client ping any machine on the server's subnet. but i can't ping machines on the client subnet from the server. how would i achieve that?
15:47 < failshell> i could always open a connection from the client to the server, and that would work
15:47 < failshell> dunno if that's the best way to do it
15:47 < DzAirmaX> ok found the solution
15:47 < DzAirmaX> I needed to change my cpu governors
15:54 -!- Straa is now known as bodey
15:55 < DArqueBishop> failshell:
15:55 < DArqueBishop> !clientlan
15:55 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see
15:55 <@vpnHelper> !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
15:55 -!- Eos [~HardWall@86.122.174.23] has joined #openvpn
15:56 < failshell> DArqueBishop: thanks. im definetly missing a few things
15:58 -!- RealityVoid [~HardWall@86.122.174.23] has quit [Ping timeout: 244 seconds]
16:05 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 39.0/20150630154324]]
16:07 -!- bodey is now known as Straa
16:15 -!- tpw_rules [~tpw_rules@li242-215.members.linode.com] has joined #openvpn
16:15 < tpw_rules> is there any way to increase openvpn performance given that encryption and authentication is turned off?
16:16 -!- failshell [~failshell@phantom.failshell.io] has quit []
16:19 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
16:29 -!- Eos is now known as HardWall
16:29 -!- jafa [~jafa@2001:470:80ca:2000:9c0b:a155:1f10:aa94] has quit [Ping timeout: 244 seconds]
16:31 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:46 < apocr> I'm experiencing random disconnects from my client and found this when checking the logs.. https://paste.debian.net/hidden/8a7d72f8/  can someone give me a hint how to fix this?
16:53 < _FBi> no idea, how's your wifi connectivity
16:56 < apocr> it cuts off from time to time, but the iwlwifi guys found no clues about wifi problems in my logs
17:04 < _FBi> I have horrible internet at my place.  I wasn't sure if these happened while your AP was trying to require internet
17:13 < apocr> _FBi: these what? sorry if I don't understand you
17:20 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
17:47 -!- apocr [~apoc@84.18.148.158] has quit [Quit: leaving]
17:55 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
17:56 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
18:05 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 240 seconds]
18:40 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 246 seconds]
19:03 -!- Nik05_ is now known as Nik05
19:12 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Ping timeout: 264 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:40 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:01 -!- fluter [~fluter@fedora/fluter] has joined #openvpn
20:03 < fluter> hello
20:15 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
20:49 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 250 seconds]
20:51 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:59 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 272 seconds]
21:35 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Remote host closed the connection]
21:39 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
21:50 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
22:51 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Read error: Connection reset by peer]
23:20 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Read error: Connection reset by peer]
23:20 -!- ShadniX [dagger@p57941949.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:21 -!- ShadniX [dagger@p5DDFC963.dip0.t-ipconnect.de] has joined #openvpn
23:36 -!- fluter_ [~fluter@fedora/fluter] has joined #openvpn
23:38 -!- fluter_ [~fluter@fedora/fluter] has quit [Max SendQ exceeded]
23:38 -!- fluter_ [~fluter@fedora/fluter] has joined #openvpn
23:39 -!- fluter [~fluter@fedora/fluter] has quit [Ping timeout: 250 seconds]
23:42 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Wed Aug 05 2015
00:10 -!- mnathani_ [~zeshoem@192-0-149-228.cpe.teksavvy.com] has quit []
00:19 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
00:19 -!- mode/#openvpn [+o krzee] by ChanServ
00:48 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
00:57 -!- HardWall [~HardWall@86.122.174.23] has quit [Ping timeout: 244 seconds]
00:59 -!- HardWall [~HardWall@86.122.174.23] has joined #openvpn
01:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:01 -!- openvpn12345 [774d160f@gateway/web/freenode/ip.119.77.22.15] has joined #openvpn
01:02 < openvpn12345> Hey Hey
01:02 < openvpn12345> Anybody about ?
01:02 < openvpn12345> !welcome
01:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
01:02 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
01:03 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:03 < openvpn12345> !goal
01:03 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
01:04 < openvpn12345> I am just looking for some more information about external key management has anyone used these directives before ?
01:08 < subzero79> openvpn12345, the other day i was reading the cookbook openvpn book, inside is mentioned a program called xca for key management. You can sign certificates, create certs, export them, revoke certs, export CRL, etc
01:08 < subzero79> is in sourceforge
01:09 < subzero79> don't really know if that what you're looking for
01:09 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
01:09 <@krzee> !ssl-admin
01:09 <@vpnHelper> "ssl-admin" is (#1) if you use freebsd, it is in ports or (#2) svn co https://www.secure-computing.net/svn/trunk/ssl-admin to grab it from svn or (#3) A perl script for managing SSL certificates (being a CA). Makes a good replacement for easy-rsa
01:09 <@krzee> !easy-rsa
01:09 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
01:09 <@krzee> !xca
01:09 <@vpnHelper> "xca" is (#1) XCA is a GUI to create/manage a PKI, much more user-friendly than easy-rsa. or (#2) Example XCA PKI for OpenVPN(writeup pending): https://community.openvpn.net/openvpn/wiki/XCA
01:10 < openvpn12345> more looking at the rsa-sig and certificate so that keys and certificates can be hosted on a remote server
01:10 < openvpn12345> There is very little documented about it
01:12 < openvpn12345> COMMAND -- rsa-sig (OpenVPN 2.3 or higher) ------------------------------------------ Provides support for external storage of the private key. Requires the --management-external-key option. This option can be used instead of "key" in client mode, and allows the client to run without the need to load the actual private key. When the SSL protocol needs to perform an RSA sign operation, the data to be signed will be sent to the ma
01:12 < openvpn12345> COMMAND -- certificate (OpenVPN 2.4 or higher) ---------------------------------------------- Provides support for external storage of the certificate. Requires the --management-external-cert option. This option can be used instead of "cert" in client mode. On SSL protocol initialization a notification will be sent to the management interface with a hint as follows:
01:14 < openvpn12345> That is all i can find about these commands and Thanks subzero will look into that and see if it is what i am looking for.
01:35 -!- fluter_ is now known as fluter
01:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
01:56 -!- openvpn12345 [774d160f@gateway/web/freenode/ip.119.77.22.15] has quit [Ping timeout: 246 seconds]
01:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:56 -!- mode/#openvpn [+o mattock1] by ChanServ
01:58 -!- toli [~toli@ip-81-11-248-5.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:59 -!- toli [~toli@ip-62-235-154-178.dsl.scarlet.be] has joined #openvpn
02:03 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
02:04 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
02:23 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:25 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:49 -!- fluter [~fluter@fedora/fluter] has quit [Ping timeout: 240 seconds]
02:50 -!- fluter [~fluter@fedora/fluter] has joined #openvpn
02:54 -!- fluter_ [~fluter@fedora/fluter] has joined #openvpn
02:56 -!- fluter [~fluter@fedora/fluter] has quit [Ping timeout: 264 seconds]
02:56 -!- fluter_ [~fluter@fedora/fluter] has quit [Max SendQ exceeded]
03:03 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
03:05 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
03:09 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
03:13 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:25 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
03:57 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 256 seconds]
04:00 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 264 seconds]
04:37 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 246 seconds]
04:40 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
04:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:13 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
05:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:54 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Remote host closed the connection]
05:56 -!- HardWall [~HardWall@86.122.174.23] has quit [Ping timeout: 244 seconds]
05:56 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
05:59 -!- HardWall [~HardWall@86.122.174.23] has joined #openvpn
06:10 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Quit: Quit.]
06:12 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
06:28 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
06:31 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
06:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:38 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
06:49 -!- M4rc3l [~user@unaffiliated/m4rc3l] has quit [Ping timeout: 256 seconds]
06:52 -!- M4rc3l [~user@unaffiliated/m4rc3l] has joined #openvpn
07:24 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:25 -!- funkenstrahlen [~pi@auriga.uberspace.de] has joined #openvpn
07:26 < funkenstrahlen> hey, I followed these steps to setup an openvpn server: https://gist.github.com/funkenstrahlen/8be52fe925e0f0cf36f9 I can connect perfectly. However I want to route my whole traffic via the openvpn server. This does not work yet. It is not a dns issue. I can not ping 8.8.8.8 for example from my client machine.
07:26 <@vpnHelper> Title: OpenVPN on Ubuntu 12.10 at DigitalOcean · GitHub (at gist.github.com)
07:27 < funkenstrahlen> Ping to 10.0.0.0/24 network works
07:27 < funkenstrahlen> sorry 10.8.0.0/24
07:27 < Tools> funkenstrahlen, iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to $(curl whatismyip.akamai.com) <- Did you use this command (with modifications where needed?)
07:28 < funkenstrahlen> Tools: yes. the snat route exists. see https://gist.github.com/funkenstrahlen/1a9efbb02ff9a530de33
07:28 <@vpnHelper> Title: gist:1a9efbb02ff9a530de33 · GitHub (at gist.github.com)
07:29 < funkenstrahlen> Tools: I changed eth0 to venet0:0 as this is a vserver
07:29 < funkenstrahlen> I also did echo 1 > /proc/sys/net/ipv4/ip_forward
07:29 <@plaisthos> !vserver
07:29 <@plaisthos> hm
07:29 <@plaisthos> nothing on that
07:29 < Tools> It's in there twice... And does your venet0:0 have the public IPv6, or venet0?
07:30 < funkenstrahlen> there is venet0 and venet0:0
07:30 < funkenstrahlen> I have no ipv6 on the server
07:30 < funkenstrahlen> venet0:0 has the public ipv4
07:30 < Tools> Ah, I was confused with IPv6, as I was working with that a lot lately... Hah :D
07:30 <@plaisthos> instead of $(curl whatismyip.akamai.com) you should probably use the public ip directly
07:30 < funkenstrahlen> plaisthos: I did actually
07:31 < Tools> And maybe try venet0 as well, as it worked for me with venet0, and I don't think my public IP was showing on there either...
07:31 < Tools> So, clear the iptables rule, and try venet0, and hopefully that works. :p
07:31 < funkenstrahlen> Tools: so both? or is vnet0 just the right thing to do
07:32 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:32 < Tools> Try with just venet0 first. As you shouldn't have double rules for outgoing I think.
07:33 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
07:34 < funkenstrahlen> Tools: ok I will try. give me a second
07:37 < funkenstrahlen> Tools: perfect! that solved it :)
07:37 < funkenstrahlen> always the small details ;)
07:37 < funkenstrahlen> thanks a lot guys!
07:37 < funkenstrahlen> have a nice day
07:40 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
07:41 < Tools> funkenstrahlen, no problem. I don't know the specifics behind it, but I've never did that with a :0 adapter. So I'm glad it helped. :)
07:42 -!- funkenstrahlen [~pi@auriga.uberspace.de] has left #openvpn ["WeeChat 1.1.1"]
07:47 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
07:50 -!- master_o1_master [~master_of@p4FD7BF87.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
08:03 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
08:07 <@plaisthos> yeah these :0 alias stuff on Linux is weird
08:11 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
08:13 < DzAirmaX> hi guyz
08:13 < DzAirmaX> is there a ubuntu ppa with the last version of openvpn ?
08:14 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
08:15 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:20 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
08:24 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Remote host closed the connection]
08:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
08:45 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 244 seconds]
08:49 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
08:49 < Tools> plaisthos, I think I played with the :0 once, to get multiple LAN IPs.. :p
08:49 < Tools> DzAirmaX, I think there is...
08:50 < Tools> https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
08:50 <@vpnHelper> Title: OpenvpnSoftwareRepos – OpenVPN Community (at community.openvpn.net)
08:50 < Tools> Last is trusty though.
08:50 < Tools> But for Jessie I used Wheezy for Debian, and that worked as well. :p
08:52 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 240 seconds]
08:52 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 240 seconds]
08:52 -!- samopotamus [~samopotam@ks4002259.ip-198-100-147.net] has quit [Ping timeout: 240 seconds]
08:52 -!- samopotamus [~samopotam@ks4002259.ip-198-100-147.net] has joined #openvpn
08:53 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
08:54 -!- c|oneman [cloneman@209.141.58.70] has joined #openvpn
08:54 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
08:54 -!- mode/#openvpn [+o krzee] by ChanServ
08:56 <@plaisthos> Tools: your use of :p is strange
09:02 -!- c|oneman [cloneman@209.141.58.70] has quit [Quit: The Hero of EFnet must rest now.]
09:02 -!- c|oneman [cloneman@1337.montrealdark.com] has joined #openvpn
09:04 -!- Denial- [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
09:04 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has quit [Ping timeout: 240 seconds]
09:04 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
09:08 < DzAirmaX> Tools : ok thank you gonna try that
09:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
09:22 -!- xmodr [~bottleofw@unaffiliated/xmodr] has joined #openvpn
09:32 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
09:36 < xmodr> Hi, when running build-ca, is there any problem with leaving the defaults? for example if the CN for each was Fort Funston?
09:47 < tpw_rules> no. it's just informational, and is written with every certificate
09:49 < tpw_rules> i put real ones because it feels right. i don't think they're transmitted over the wire when authenticating, but i could be very wrong
09:51 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:51 -!- endzYme [~endzYme@ec2-52-10-45-178.us-west-2.compute.amazonaws.com] has joined #openvpn
09:53 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:53 < xmodr> hmm OK - I see that  Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA/emailAddress=me@myhost.mydomain is fairly common online
09:53 < endzYme> I am currently having problems with packet loss during renegotion. Is there a way to limit the amount of loss during a reneg? I am using all defaults for reneg-sec, tran-window and hand-window
09:53 < endzYme> Certificate quth
09:53 < endzYme> auth*
09:54 < xmodr> but was curious to know if there is a security issue with it
09:54 < xmodr> since some documentation seems to mention that you should choose a unique CN
09:56 < endzYme> I also guess i should ask is Packet Loss expected during Reneg?
09:59 < tpw_rules> xmodr: i dunno, put it on the moon?
10:04 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 258 seconds]
10:04 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 258 seconds]
10:04 -!- fred`` [fred@2001:6f8:10c0:0:2010:abec:24d:2500] has quit [Ping timeout: 258 seconds]
10:06 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
10:06 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
10:06 -!- mode/#openvpn [+v s7r] by ChanServ
10:11 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
10:12 < xmodr> tpw_rules: the moon?
10:13 < tpw_rules> like make your country US and state Moon and location DarkSide
10:13 < tpw_rules> that's probably relatively unique
10:13 < Tools> plaisthos, I am aware... I don't know why, but I overuse it... =þ
10:14 < Tools> Anyways, off home.
10:19 < xmodr> tpw_rules: haha, that would hopefully be a unique location :) however I was mostly curious if the Common Name used for anything important
10:20 < tpw_rules> i'm honestly not sure
10:20 < xmodr> tpw_rules: thanks anyway
10:21 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
10:21 -!- akamaru217 [~akamaru@2601:cd:4001:b705:d82a:d8e3:5f31:b27c] has joined #openvpn
10:22 -!- ratsupremacy [~antihero@37.139.5.204] has quit [Remote host closed the connection]
10:23 -!- ratsupremacy [~antihero@37.139.5.204] has joined #openvpn
10:25 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
10:32 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 252 seconds]
10:50 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Remote host closed the connection]
10:53 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
11:12 -!- cybrNaut [~cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
11:20 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
11:24 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
11:42 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
11:59 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:23 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
12:24 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
12:24 -!- mode/#openvpn [+o krzee] by ChanServ
12:30 -!- xmodr [~bottleofw@unaffiliated/xmodr] has quit [Quit: leaving]
12:31 -!- xmodr [~bottleofw@unaffiliated/xmodr] has joined #openvpn
12:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:58 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
12:59 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:04 -!- master_of_master [~master_of@p4FD7B838.dip0.t-ipconnect.de] has joined #openvpn
13:04 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 244 seconds]
13:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
13:06 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
13:06 -!- mode/#openvpn [+v s7r] by ChanServ
13:17 -!- SineDeviance [~quassel@2602:306:3908:8eb0:cc3b:d6cf:f5dd:3a63] has quit [Ping timeout: 244 seconds]
13:17 -!- SineDeviance [~quassel@2602:306:3908:8eb0:c0a7:ad01:6f85:7029] has joined #openvpn
14:05 <@krzee> tpw_rules, the location doesnt need to be unique
14:05 <@krzee> just the common-name
14:06 <@krzee> xmodr, you get your question answered?
14:07 <@krzee> endzYme, yes i also get packetloss during reneg, i have found i cut it down by using stronger cpus
14:13 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
14:15 <@krzee> (which isnt always easy to do since i use voip desk phones)
14:20 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Read error: Connection reset by peer]
14:34 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
14:44 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
14:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:49 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 260 seconds]
14:51 <@krzee> !factoids search manager
14:51 <@vpnHelper> No keys matched that query.
14:51 <@krzee> !factoids search --values manager
14:51 <@vpnHelper> 'ubuntu', 'netman', 'win2k8', and 'netman'
14:51 <@krzee> !ubuntu
14:51 <@vpnHelper> "ubuntu" is dont use network manager!
14:51 <@krzee> !forget ubuntu
14:51 <@vpnHelper> Joo got it.
14:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
14:52 <@krzee> !learn ubuntu as dont use network manager to configure your vpns! get it working via commandline and then import to network manager if you want to use it.
14:52 <@vpnHelper> Joo got it.
14:52 <@krzee> !netman
14:52 <@vpnHelper> "netman" is (#1) if you are using network manager for linux to configure your vpn, dont! http://openvpn.net/archive/openvpn-users/2008-01/msg00046.html to read the same thing from the author of the openvpn 2 cookbook on the mail list or (#2) Have OpenVPN working but not NetworkManager? Ask the n-m folks for help: http://projects.gnome.org/NetworkManager/
14:52 <@krzee> !win2k8
14:52 <@vpnHelper> "win2k8" is Server 2008 assigns the OpenVPN TAP Adapter v9 as an Unidentified network which the default Local Security Policy of Server 2008 assigns as being a Public Interface with restricted access. To fix it do this: Go into Control Panel / Administrative Tools / Local Security Policy / Network List Manager Policies / Unidentified Networks. Set Location Type to Private.
15:51 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
15:57 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:57 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
16:23 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-chatqpfyclbimkvo] has joined #openvpn
16:24 < NetworkingPro> hey everyone
16:27 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:28 -!- HardWall [~HardWall@86.122.174.23] has quit [Read error: Connection reset by peer]
16:29 -!- kcaj [~kcaj@unaffiliated/kcaj] has left #openvpn []
16:36 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 245 seconds]
16:39 -!- Tykling [tykling@gibfest.dk] has quit [Read error: Connection reset by peer]
16:42 -!- KakuRoze [~RozeD@83.250.143.139] has joined #openvpn
16:46 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
16:47 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 260 seconds]
16:52 -!- wtheaker [~willie@fsf/staff/wtheaker] has joined #openvpn
16:52 < wtheaker> anyone had any luck using 4096 bit keys on an iOS device?
17:04 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
17:12 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 260 seconds]
17:24 -!- blueyed [~daniel@hahler.de] has quit [Quit: WeeChat 1.2-dev]
17:34 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 245 seconds]
17:34 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
17:42 -!- Gwoplock [~quassel@104.56.172.189] has quit [Ping timeout: 264 seconds]
17:46 -!- KakuRoze [~RozeD@83.250.143.139] has quit [Ping timeout: 245 seconds]
17:46 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
17:59 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:19 -!- kexmex_ [~kexmex@unaffiliated/kexmex] has joined #openvpn
18:21 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 255 seconds]
18:22 -!- mescon [~mescon@unaffiliated/mescon] has joined #openvpn
18:24 < mescon> hey everyone! i've got my router at home setup with openvpn, doing site-to-site to an offsite machine. from my LAN clients I can contact the offsite machine by pinging 10.8.0.1 (goes from LAN to my router which has the VPN-link). Now I'm trying to say to my router that "Everything from 10.9.0.80/32 should be routed via 10.8.0.1"... any suggestions?
18:24 < mescon> ip route add 10.9.0.80/32 via 10.8.0.1 dev tun0 just gives me "RTNETLINK answers: No such process"
18:30 < mescon> should I perhaps have my LAN router do route-nopull and then route 10.9.0.80 255.255.255.255 ?
18:31 -!- wtheaker [~willie@fsf/staff/wtheaker] has quit [Quit: Leaving.]
18:31 -!- wtheaker [~willie@fsf/staff/wtheaker] has joined #openvpn
18:35 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
18:36 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
18:36 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
18:38 < mescon> !welcome
18:38 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
18:38 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:39 < mescon> !route
18:39 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
18:39 <@vpnHelper> client
18:53 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 244 seconds]
18:55 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: Leaving]
19:08 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-chatqpfyclbimkvo] has quit [Quit: Connection closed for inactivity]
19:11 -!- fearnothing is now known as fear-sleep
19:36 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
19:42 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
19:47 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
19:50 -!- kexmex_ [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 265 seconds]
20:24 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-rbsnaqlcpxdqejtd] has joined #openvpn
20:34 -!- wtheaker [~willie@fsf/staff/wtheaker] has quit [Quit: Leaving.]
21:13 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 265 seconds]
21:17 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
21:18 -!- KeatonT [~KeatonT@pool-96-226-72-164.dllstx.fios.verizon.net] has joined #openvpn
21:20 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 256 seconds]
21:22 -!- Gwoplock [~quassel@2602:306:838a:cbd0:922b:34ff:fea1:efa1] has joined #openvpn
21:27 -!- pppingme is now known as Cruz4prez
21:55 < s7eele> !howto
21:55 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
22:36 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:55 -!- s7eele [~AndChat52@208.167.254.200] has quit [Quit: Bye]
22:56 -!- s7eele [~AndChat52@208.167.254.200] has joined #openvpn
22:56 -!- KeatonT [~KeatonT@pool-96-226-72-164.dllstx.fios.verizon.net] has left #openvpn []
23:02 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
23:16 -!- early [~early@2607:5300:100:200::160d] has quit [K-Lined]
23:18 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-rbsnaqlcpxdqejtd] has quit [Quit: Connection closed for inactivity]
23:19 -!- ShadniX [dagger@p5DDFC963.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:20 -!- ShadniX_ [dagger@p5794154E.dip0.t-ipconnect.de] has joined #openvpn
23:20 -!- ShadniX_ is now known as ShadniX
23:20 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
23:22 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
23:42 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Thu Aug 06 2015
00:13 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 244 seconds]
00:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:03 -!- mode/#openvpn [+o mattock1] by ChanServ
01:26 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
02:00 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
02:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:08 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:11 < Tools> Hello, is it possible for every user to get a public IP routed with just 1 openvpn instance? i.e. user 1 has 2001:db8::1 external and 2001:db8::2:1 internal and user 2 has ::2 and ::2:2.
02:28 -!- Knaldgas [~pdj@dhcp-5-103-109-134.seas-nve.net] has joined #openvpn
03:01 -!- korps_ [~korps_@unaffiliated/korps/x-6603488] has quit [Ping timeout: 244 seconds]
03:03 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
03:06 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 240 seconds]
03:07 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
03:17 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
03:18 -!- moviuro___ [~tbe@mail2.xs-polesecurite.fr] has joined #openvpn
03:19 < moviuro___> hi all, quick question, can I use many ports at once for openvpn?
03:19 < moviuro___> (likes, 1194 and an other one that is not blocked on my current network)
03:35 <@plaisthos> only with iptables rules
03:35 <@plaisthos> openvpn itself does not allow listening to multiple ports
03:35 < moviuro___> plaisthos: ah yeah, really good point !
03:36 < moviuro___> redirect port 4444 to 1194
03:36  * moviuro___ feels stupid
03:37 < moviuro___> also, can I run the openvpn server process as not root?
03:40 < moviuro___> (routed setup)
03:46 <@plaisthos> iirc yes
03:46 <@plaisthos> see the user and group option
03:46 < moviuro___> plaisthos: won't this pose problems for return packets? they will flow out of the 1194 port, which is unexpected if I got it correctly
03:47 <@plaisthos> moviuro___: iptables with the right options should redirect the return path too
03:47 < moviuro___> hmm, I don't use iptables but BSD pf. Hope it'll do that cleanly too
03:50 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
03:53 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:59 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
04:10 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
04:15 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 244 seconds]
04:17 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
04:18 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
04:22 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 272 seconds]
04:25 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
04:41 -!- Denial- [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has quit []
04:43 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
04:45 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has quit [Client Quit]
04:54 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 260 seconds]
05:09 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
05:13 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has quit [Client Quit]
05:15 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
05:15 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
05:16 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
05:23 -!- foofoobar [~foofoobar@88.128.80.127] has joined #openvpn
05:24 < foofoobar> Hi. Just set up my openvpn server. I then connected from OSX (successfull). Ping/traceroute works, and also curl —interface tun0 checkip.dyndns.org works.
05:24 < foofoobar> But when I try to access a webpage with my browser, I just get a timeout..
05:24 < foofoobar> What can be the cause for this?
05:33 < foofoobar> This is my log: http://hastebin.com/ekohorevim.log
05:33 <@vpnHelper> Title: hastebin (at hastebin.com)
05:34 < foofoobar> I disabled ufw to see if this is the cause (it’s not)
05:36 < foofoobar> Okay, I think I found the problem, it’s the DNS. If I try to access by DNS, it works.
05:40 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 244 seconds]
05:42 < foofoobar> Any hints why?
05:49 -!- foofoobar [~foofoobar@88.128.80.127] has left #openvpn []
06:04 <@plaisthos> and he left ...
06:27 -!- Knaldgas [~pdj@dhcp-5-103-109-134.seas-nve.net] has quit [Quit: Leaving]
06:32 < mescon> !goal
06:32 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
06:33 < mescon> My home router is acting as a VPN-client to an offsite VPN-server. My workstation has IP 10.9.0.2 with a default gateway of 10.9.0.1 (the IP of my home router). The VPN network is 10.8.0.0/24 (with 10.8.0.1 being the server itself). I have added a virtual adapter on my Windows machine that has the IP 10.9.0.3 (on my local LAN that is). On my home router, I'm trying to route everything with source-address 10.9.0.3 via the VPN gateway (which has
06:33 < mescon> ip_forwarding on).... my idea is to make sure that everything from a specific interface gets routed via the VPN, without the workstation having to have OpenVPN installed itself. I don't want everything from my home network to be routed via the offsite gateway - and I don't want everything from a specific machine to be routed via the VPN - only things from a couple of services that I'd bind to my virtual adapter.
07:01 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 260 seconds]
07:24 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
07:25 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-docmtayysetigasm] has joined #openvpn
07:32 < moviuro___> mescon: use your firewall on the router to do this
07:33 < moviuro___> or use 2 subnets on your LAN: one for the 'true' interface, with adress 10.8.0/24 and an other one with 10.9.0/24
07:33 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
07:33 < moviuro___> then your router has 2 addresses 10.8.0.1 and 10.9.0.1
07:33 -!- mode/#openvpn [+v s7r] by ChanServ
07:34 < moviuro___> and your router forwards 10.9.0/24 queries to outside to the VPN server
07:34 < moviuro___> and NATs 10.8.0/24 to the outside world
07:35 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
07:36 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:37 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
07:39 < mescon> moviuro___, thanks! my LAN is 10.9.0.0/24 and the VPN network is called 10.8.0.0/24
07:39 < mescon> you wouldn't happen to have any idea how to do this with iptables?
07:40 < moviuro___> mescon: absolutely not! ^_^
07:40 < mescon> dangit :P
07:41 < moviuro___> but that's an interesting issue though mescon, I hope you'll write about it
07:41 < mescon> but yeah, it seems people ive been asking has been saying to use the firewall instead of doing workaround on "hot potato routing" (http://www.rjsystems.nl/en/2100-adv-routing.php)
07:41 <@vpnHelper> Title: Two default routes (at www.rjsystems.nl)
07:43 < moviuro___> mescon: *PERHAPS* try that:
07:43 < moviuro___> ip ro a default via VPNserver dev virtueldevice
07:44 < moviuro___> I'm aboslutely NOT sure about what it'll do
07:44 < mescon> wouldn't that just make EVERYTHING go via the VPN interface?...
07:44 < mescon> i wish I had listened up properly during networking classes... or that I actually went to any :)
07:46 < moviuro___> i don't have access to my Linux machines just now, the ones in your particular case
07:46 < moviuro___> also, is there a rationale for not wanting everything into the VPN?
07:48 < mescon> yeah, the VPN is a bit slow and I have some offsite backups (for real!) going from that machine to another machine via rsync+ssh... with a VPN, my ssh and rsync session would be routed via the VPN-gateway which is limited to 10mbps whereas I have 1gbps at home
07:48 < moviuro___> oh, yeah, indeed
07:49 < moviuro___> well I don't have such issues since everything here is capped at 100Mbps
07:49 < moviuro___> but yeah, firewalling it is
07:49 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
07:50 < mescon> all i really wanna do is have some automated programs that live on a specific host on my lan to route via the vpn... the programs themselves could be patched to allow me to configure a socks proxy and just install a socks proxy offsite (the socks proxy can live on the vpn network and I could connect to that)
07:50 < mescon> but the programs i use don't have support to input a specific proxy - only to "use the global proxy in the windows config".... and if I enabled a global proxy, im back at square one where all traffic is routed through the proxy anyway
07:51 < mescon> actually, this article seems to be describing the solution im looking for: http://www.rjsystems.nl/en/2100-adv-routing.php
07:51 <@vpnHelper> Title: Two default routes (at www.rjsystems.nl)
07:51 < mescon> however, iproute2 isn't installed on my asus rt-n56u router.... yet :)
07:55 < moviuro___> mescon: get yourself a cheap machine with 2 NICs and make it your own router, transform your asus thing into a stupid L2 bridge and voilà
07:56 < mescon> yeah i used to do that.... 1997 to 2010 or so, then decided i wanted to get rid of all of my server racks and hobo-diy machines laying around
07:57 < moviuro___> too bad for you :P
07:57 < moviuro___> but I'm sure you can have different routes per interface
07:57 < mescon> so now i have a couple of synology boxes, a mediacenter pc, some chromecasts and my workstation at home... the rest of the stuff i fiddle with is at the office :)
07:57 < mescon> yeah
07:59 < mescon> ill try and follow that guide once i get iproute2 setup on the asus router
08:02 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:36 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
08:46 < moviuro___> mescon: still alive?
08:54 < mescon> yeah
08:55 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
08:55 < mescon> though im at the office, so im on and off
08:56 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
09:09 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
09:37 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has joined #openvpn
09:39 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
09:40 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
09:43 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 256 seconds]
09:51 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:58 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
09:58 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
10:09 -!- master_o1_master [~master_of@p4FD7B67F.dip0.t-ipconnect.de] has joined #openvpn
10:12 -!- master_of_master [~master_of@p4FD7B838.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
10:25 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Remote host closed the connection]
10:26 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
10:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:02 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
11:12 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:38 -!- Doyle [~doyle@66.207.222.94] has joined #openvpn
11:38 < Doyle> Hey, just a quick check. Does service openvpn reload drop existing sessions?
11:39 < xMopxShell> hi, can I put 'push "route 1.2.3.4 255.255.255.0"' statements in client-config-dir files?
11:39 < xMopxShell> ex, if i only want certain clients to have that route added by default?
11:42 < DArqueBishop> xMopxShell, yes.
11:48 < xMopxShell> DArqueBishop: ok, thanks!~
11:49 < Doyle> I'm assuming reload won't interrupt the service as is the typical scenario with reloads.
11:50 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:59 < BtbN> even a restart won't be noticed by most users
11:59 < BtbN> stuff just reconnects imediately
12:02 < Eugene> !download
12:02 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
12:04 -!- jrgcombr [~jrocha@177.148.152.3] has joined #openvpn
12:06 < jrgcombr> Hi, I would like to contribute to the project. What´s the best way to get started?
12:08 < jrgcombr> !welcome
12:08 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:08 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:48 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-docmtayysetigasm] has quit [Quit: Connection closed for inactivity]
12:50 -!- phx [~phoemix@freebsd/op/phx] has joined #openvpn
12:50 < phx> good morning, any developer around?
12:56 -!- toli [~toli@ip-62-235-154-178.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
12:58 -!- toli [~toli@ip-62-235-216-28.dsl.scarlet.be] has joined #openvpn
12:58 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 256 seconds]
12:59 -!- xmodr [~bottleofw@unaffiliated/xmodr] has quit [Quit: leaving]
13:00 < Eugene> !devel
13:00 < Eugene> !dev
13:00 <@vpnHelper> "dev" is https://lists.sourceforge.net/lists/listinfo/openvpn-devel to sign up for devel mail list
13:00 < Eugene> See also the #openvpn-devel channel
13:00 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
13:04 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.2]
13:07 < phx> Eugene, thanks. i'm just checking the source to see whether i can easily add SRV record handling
13:08 < phx> and probably i will have questions like, how can i look up a few things from the config, like what's the expected protocol and so
13:08 < Eugene> Easily? Probably not.
13:08 < Eugene> It's an interesting idea, though. I wish more things would support SRV
13:08 < Eugene> You'll want to look into the <connection> mechanism
13:08 < phx> i do
13:08 < phx> right now i'm at resolve_remote in socket.c
13:08 < Eugene> Then you're two steps ahead of me ;-)
13:09 < phx> the thing is i need the hostname and the actual protocol to forge the SRV string, and resolve seems to be one of the points, however it lacks the protocol
13:10 < Eugene> UDP is the default
13:10 < phx> i'm afraid that's not helping much
13:16 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
13:16 < phx> i will drop a mail to the list, that might save me some time and errors
13:16 < phx> is the devel list subscribe-only?
13:22 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 256 seconds]
13:24 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:25 -!- Benjamin__ [~Ben@192.73.244.253] has joined #openvpn
13:31 -!- toli [~toli@ip-62-235-216-28.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
13:34 -!- Benjamin__ [~Ben@192.73.244.253] has quit [Read error: Connection reset by peer]
13:36 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
13:36 -!- toli [~toli@ip-62-235-216-28.dsl.scarlet.be] has joined #openvpn
13:44 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
13:46 -!- toli [~toli@ip-62-235-216-28.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
13:51 -!- toli [~toli@ip-62-235-216-28.dsl.scarlet.be] has joined #openvpn
14:06 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-uwfehkihxzhpplgl] has joined #openvpn
14:23 -!- SineDeviance [~quassel@2602:306:3908:8eb0:c0a7:ad01:6f85:7029] has quit [Ping timeout: 244 seconds]
14:24 -!- fear-sleep is now known as fearnothing
14:25 -!- SineDeviance [~quassel@2602:306:3908:8eb0:28f6:855b:cd4b:f808] has joined #openvpn
14:26 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
14:47 < dvl> One client started having connection issues last night. I don't know why.  http://dpaste.com/2YEE55D.txt
14:47 < dvl> The server logs show it connecting, but both client and server report: TLS Error: TLS key negotiation failed to occur within 60 seconds
14:53 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has quit []
14:55 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
14:59 -!- septopus [~septopus@2604:a880:800:10::98:9001] has joined #openvpn
15:00 < septopus> !welcome
15:00 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:00 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:00 < septopus> !redirect
15:00 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
15:00 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
15:01 < jrgcombr> dvl, I get those errors when I'm suffering packet loss
15:02 < dvl> jrgcombr: Oh... let me try...
15:02 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
15:02 < jrgcombr> can you try a TCP connection?
15:02 < dvl> jrgcombr: For example?
15:03 < jrgcombr> change the configs on both client and server to use proto tcp
15:03 < dvl> If I did that on the server, all the other clients would disconnect?
15:03 < jrgcombr> sure
15:03 -!- wlan2 [~lua@unaffiliated/wlan2] has joined #openvpn
15:04 < dvl> just tried a ping, server to client, 0 % but client to server, 2.8%
15:04 < dvl> ^ packet losss
15:05 < dvl> Plus... I'm remote at present, changing my VPN server is rather higher risk than I like.
15:06 < dvl> I might get locked out of my network, instead of just one host.
15:06 < jrgcombr> I agree, can't you just create another config using TCP?
15:06 -!- sheilong [~felipe@unaffiliated/sheilong] has joined #openvpn
15:06 < sheilong> wlan2: Hi
15:06 < dvl> jrgcombr: Run on a different port... I see what you mean.
15:07 < dvl>  I have four functional clients and one acting up...
15:07 < jrgcombr> dvl, I don't know how complex is your envirionment, if are going to deal with routing, firewall, etc...
15:08 < dvl> jrgcombr: I'd have to add some more firewall rules... openvpn is running on pfsense...
15:08 < dvl> running a second instance there would be from the command line, and I am not sure about doing that from here.
15:08 < wlan2> Well, I invited sheilong here because he/she/it wants to configure a client/server infrastructure so its android phone can access home network with exit to internet. That would be openvn as server.  Client would be an android in "public" wi-fis.
15:09 < sheilong> I use fedora 22. and I have no idea how to configure the openvpn for that
15:09 < wlan2> So, could you suggest configurations for server side?
15:10 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 245 seconds]
15:11 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 245 seconds]
15:12 -!- Tykling [tykling@gibfest.dk] has quit [Read error: Connection reset by peer]
15:12 < jrgcombr> wlan2, sheilong , I think the sample config from the docs are fine
15:13 -!- toli [~toli@ip-62-235-216-28.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
15:13 < sheilong> jrgcombr: where do I find these docs?
15:14 -!- Tyklol [tykling@gibfest.dk] has joined #openvpn
15:14 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
15:14 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
15:15 -!- toli [~toli@ip-62-235-221-157.dsl.scarlet.be] has joined #openvpn
15:20 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 245 seconds]
15:27 < jrgcombr> sheilong, https://openvpn.net/index.php/open-source/documentation/howto.html
15:27 <@vpnHelper> Title: HOWTO (at openvpn.net)
15:29 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
15:36 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Remote host closed the connection]
15:42 < sheilong> what is a good openvpn client for android 4.4.4?
15:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
15:47 < septopus> sheilong: on f-droid: openvpn for android
15:48 < sheilong> ok
15:55 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:59 -!- toli [~toli@ip-62-235-221-157.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
16:00 < septopus> using route-nopull establishes the VPN connection but i can't send packets over the tunnel. Is there a way to selectively ignore routes?
16:01 -!- toli [~toli@ip-62-235-237-62.dsl.scarlet.be] has joined #openvpn
16:02 < septopus> to clarify I don't want to use the tunnel for everything, and would prefer just that the tunnel be established and ready to use for any programs that may need it.
16:04 -!- toli [~toli@ip-62-235-237-62.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
16:06 -!- sheilong [~felipe@unaffiliated/sheilong] has quit [Ping timeout: 246 seconds]
16:06 < septopus> plus it would be cool if I could designate the server running openvpn as a gateway for people to point their traffic at for easy pseudo anonymity.
16:06 < septopus> without giving them log in info for the vpn provider
16:09 -!- sheilong [~felipe@unaffiliated/sheilong] has joined #openvpn
16:09 -!- toli [~toli@ip-62-235-237-62.dsl.scarlet.be] has joined #openvpn
16:24 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has quit [Quit: oooh...what does THIS button do?]
16:26 -!- TylerDurden [~felipe@unaffiliated/sheilong] has joined #openvpn
16:27 -!- sheilong [~felipe@unaffiliated/sheilong] has quit [Ping timeout: 264 seconds]
16:28 < septopus> route-noexec was what I needed, can be used with "up /path/to/script.sh" which will pass it the interface name, the MTU, some number I don't recognize, the local address, the peer address, followed by "init"
16:29 -!- wlan2 [~lua@unaffiliated/wlan2] has left #openvpn ["kill-buffer"]
16:29 < septopus> used that along with some ip route commands and got it working. a lot easier than messing around with other solutions I found on the internet which were far too involved/messy (as iptables often is)
16:30 < septopus> i should write a blog post...
16:31 -!- TylerDurden [~felipe@unaffiliated/sheilong] has quit [Ping timeout: 240 seconds]
16:37 -!- TylerDurden [~felipe@unaffiliated/sheilong] has joined #openvpn
16:44 -!- TylerDurden [~felipe@unaffiliated/sheilong] has quit [Ping timeout: 240 seconds]
16:45 -!- sheilong [~felipe@unaffiliated/sheilong] has joined #openvpn
16:54 -!- sheilong [~felipe@unaffiliated/sheilong] has quit [Ping timeout: 265 seconds]
16:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:56 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
16:56 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
16:57 -!- sheilong [~felipe@unaffiliated/sheilong] has joined #openvpn
17:07 -!- Cydrobolt [~cydrobolt@fedora/cydrobolt] has joined #openvpn
17:09 -!- sheilong [~felipe@unaffiliated/sheilong] has quit [Ping timeout: 250 seconds]
17:11 -!- sheilong [~felipe@unaffiliated/sheilong] has joined #openvpn
17:15 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 240 seconds]
17:19 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
17:20 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
17:31 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
17:32 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
17:33 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Client Quit]
17:34 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
17:35 < NetworkingPro> When is a 360 degree fisheye, & I think I have a dome camera
17:40 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
17:41 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
17:48 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has quit []
17:49 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
17:49 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
17:51 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
17:53 -!- sphinxter [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 264 seconds]
17:56 -!- sphinxter [~jgeilman@unaffiliated/adaptr] has joined #openvpn
18:04 -!- zheng [~zheng@180.157.0.23] has joined #openvpn
18:24 -!- zheng [~zheng@180.157.0.23] has quit [Remote host closed the connection]
18:25 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 256 seconds]
18:26 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
18:32 -!- GeorgeHahn [~GeorgeHah@c-69-141-92-254.hsd1.nj.comcast.net] has quit [Read error: Connection reset by peer]
18:35 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
18:53 -!- Doyle [~doyle@66.207.222.94] has quit [Remote host closed the connection]
18:59 -!- s7r [~s7r@openvpn/user/s7r] has quit [Remote host closed the connection]
19:02 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
19:02 -!- mode/#openvpn [+v s7r] by ChanServ
19:04 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
19:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:27 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has quit [Read error: Connection reset by peer]
19:27 -!- Denial [~Denial@host81-157-22-43.range81-157.btcentralplus.com] has joined #openvpn
19:41 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 272 seconds]
19:48 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 265 seconds]
19:49 -!- tpw_rules [~tpw_rules@li242-215.members.linode.com] has left #openvpn ["Evil will always triumph, because good is dumb."]
20:01 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
20:05 -!- SineDeviance [~quassel@2602:306:3908:8eb0:28f6:855b:cd4b:f808] has quit [Ping timeout: 246 seconds]
20:07 -!- SineDeviance [~quassel@2602:306:3908:8eb0:28f6:855b:cd4b:f808] has joined #openvpn
20:31 -!- wowaname is now known as kush
20:43 -!- kush is now known as wowaname
21:02 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
22:08 -!- Gman32 [~Gman32@76.72.167.208] has quit [Ping timeout: 244 seconds]
22:25 -!- Gman32 [~Gman32@2607:2200:0:3400::5616:cdbc] has joined #openvpn
22:45 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:46 -!- tsing [~tsing@tyrell.tsing.org] has joined #openvpn
23:17 -!- ShadniX [dagger@p5794154E.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:20 -!- ShadniX [dagger@p5481D099.dip0.t-ipconnect.de] has joined #openvpn
23:33 -!- tsing [~tsing@tyrell.tsing.org] has quit [Ping timeout: 244 seconds]
23:35 -!- sheilong [~felipe@unaffiliated/sheilong] has quit [Quit: WeeChat 1.2]
23:51 -!- tsing [~tsing@tyrell.tsing.org] has joined #openvpn
23:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Fri Aug 07 2015
00:29 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
00:34 -!- tsing [~tsing@tyrell.tsing.org] has quit [Remote host closed the connection]
00:40 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
00:55 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:37 -!- mode/#openvpn [+o mattock1] by ChanServ
01:46 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
01:49 -!- toli [~toli@ip-62-235-237-62.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
01:51 -!- toli [~toli@ip-62-235-241-137.dsl.scarlet.be] has joined #openvpn
02:12 -!- Peppi [~Peppi^^^@S010600089be80c8d.ed.shawcable.net] has joined #openvpn
02:12 < Peppi> hello
02:12 < Peppi> trying to get openVPN workin on a PI. Did this manually https://github.com/qbwaggle/vpnkillswitch/wiki/OpenVPN-with-PIA-VPN
02:12 <@vpnHelper> Title: OpenVPN with PIA VPN · qbwaggle/vpnkillswitch Wiki · GitHub (at github.com)
02:13 < Peppi> when I try to run openvpn start I get this error: Options error: In [CMD-LINE]:1: Error opening configuration file: start
02:19 -!- vaporshmuck [~vaporshmu@unaffiliated/vaporshmuck] has joined #openvpn
02:24 < moviuro___> Peppi: you certainly want to understand what you're doing
02:24 < moviuro___> Peppi: # openvpn start # this tells openvpn to open the config file './start'
02:25 < moviuro___> read man 8 openvpn
02:25 < Peppi> ok
02:26 < Peppi> ohh ok
02:26 < Peppi> got it working
02:26 < moviuro___> Peppi: make sure you understand whatever is in your config file
02:27 < vaporshmuck> i apologize in advance because this is most likely the symptom of followin a script, however in my defense the script had been praised by others of the community... anyways long story short i follow the script (giving it more than one try whilst do a completely fresh install on my vps between tries), and the problem I encounter is that the port I have designated for openvpn to listen on is not being listened on and this obviously makes it 
02:28 < moviuro___> !paste
02:28 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
02:28 < moviuro___> !config
02:28 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
02:28 < Peppi> moviuro___: yup I understan
02:28 < moviuro___> vaporshmuck: ^^^^
02:28 < moviuro___> !configs
02:28 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
02:29 < moviuro___> that's the good one, vaporshmuck
02:30 < vaporshmuck> moviuro___: movario, thanks i def would like help so following the rules/standards here is certainly my paramount effort in achieving my goal and i appreciate you helping me toward that
02:31 < moviuro___> vaporshmuck: then, baby steps and try to understand what you're doing. see !howto for kickoff
02:32 < vaporshmuck> for the sake of brevity/readability would it be helpful for me to remove the commented-out lines of the config before putting them in the pastebin or is that a mostly futile exercise?
02:34 < moviuro___> vaporshmuck: look for the grep invokation in !configs
02:34 < moviuro___> grep -vE '^#|^;|^$'
02:34 < Peppi> vaporshmuck: your English is very interesting
02:34 < vaporshmuck> can i take that command and pipe it into a new file?
02:35 < moviuro___> vaporshmuck: < /etc/your/config/file | grep [...] | curl -F 'f:1=<-' http://ix.io
02:36 < moviuro___> or even : # grep -vE '^#|^;|^$' /etc/your/file | curl [...]
02:36 < moviuro___> make sure there are no keys in the fil /!\
02:36 < moviuro___> *file
02:37 < vaporshmuck> [OT]  Peppi: i'm american however i studied english literature, have an affinity for english/irish/jewish writers, and i taught business english adult germans in my former career
02:37 < vaporshmuck> to adult*
02:38 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
02:38 < Peppi> I guess IC where the shmuck comes from. Your english is very formal. But nice to read
02:39 < Peppi> everyone have a good night. Thanks for all the help
02:39 < vaporshmuck> yeah as far as i know shmuck is derogatory yiddish not-unsimilar to the conemporary "bling" of black-american culture
02:40 < vaporshmuck> contemporary*
02:40 < vaporshmuck> good night Peppi
02:51 -!- moviuro___ [~tbe@mail2.xs-polesecurite.fr] has quit [Ping timeout: 265 seconds]
02:56 < vaporshmuck> !welcome
02:56 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
02:56 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
02:56 < vaporshmuck> !route
02:56 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
02:56 <@vpnHelper> client
03:08 < vaporshmuck> https://gist.github.com/0f93f365d0678e5d1165.git
03:09 < vaporshmuck> not sure if i did that right, used the bot's first suggestion for pastebin (https://gist.github.com/)
03:09 <@vpnHelper> Title: Create a new Gist · GitHub (at gist.github.com)
03:24 -!- tsing [~tsing@tyrell.tsing.org] has joined #openvpn
03:30 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has joined #openvpn
03:46 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has quit [Quit: Bye bye]
03:46 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Ping timeout: 256 seconds]
03:51 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
04:11 -!- tsing [~tsing@tyrell.tsing.org] has quit [Read error: Connection reset by peer]
04:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
04:46 -!- shio [marmottin@245.121.101.84.rev.sfr.net] has quit [Ping timeout: 255 seconds]
04:48 -!- tsing [~tsing@tyrell.tsing.org] has joined #openvpn
04:49 < vaporshmuck> i'll be back ... attempting to add an additional router to my home network
04:49 -!- vaporshmuck [~vaporshmu@unaffiliated/vaporshmuck] has left #openvpn []
05:13 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Ping timeout: 244 seconds]
--- Log closed Fri Aug 07 05:18:51 2015
--- Log opened Tue Aug 11 11:26:03 2015
11:26 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
11:26 -!- Irssi: #openvpn: Total of 230 nicks [9 ops, 0 halfops, 3 voices, 218 normal]
11:26 -!- mode/#openvpn [+o ecrist] by ChanServ
11:26 -!- Irssi: Join to #openvpn was synced in 1 secs
11:26 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Remote host closed the connection]
11:37 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
11:41 -!- sillysau1 [~sillysaus@195.230.24.186] has joined #openvpn
11:43 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
11:44 < jrgcombr> phunyguy, I don´t know if its possible, but I already needed it.
11:48 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zvujhgzhbmohgzbb] has joined #openvpn
12:19 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
12:19 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:33 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
12:33 <@krzee> TenFingersOfBang, if looking at the eth device you'll simply see a openvpn connection (encrypted). if looking at the tun device you will see all the traffic flowing over the vpn unencrypted
12:37 < ValdikSS> phunyguy: you can add routes to your network interface
12:40 <@krzee> phunyguy,
12:40 <@krzee> !route_bypass
12:40 <@krzee> hmm
12:40 <@krzee> !factoids search route
12:40 <@vpnHelper> 'winroute', 'iroute', 'router', 'dlink_static_route', 'external_routes', 'route_override', 'splitroute', 'route_outside_openvpn', 'route_outside_ovpn', 'routebyapp', 'route', 'ppp_defaultroute', and 'route-nopull'
12:40 <@krzee> !route_override
12:40 <@vpnHelper> "route_override" is (#1) https://forums.openvpn.net/viewtopic.php?f=15&t=7161 for how to override --redirect-gateway for a certain subnet or (#2) you can read about the net_gateway variable in --route in the manual (!man) or (#3) to see how to make it so the client will still reply to requests to its public ip over the internet and not the vpn see !splitroute
12:41 <@krzee> check out the net_gateway variable in --route in the manual (!man)
12:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
13:02 -!- sillysau1 [~sillysaus@195.230.24.186] has quit [Ping timeout: 240 seconds]
13:03 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 250 seconds]
13:03 -!- sillysau1 [~sillysaus@195.230.24.186] has joined #openvpn
13:26 -!- toli [~toli@ip-83-134-64-11.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:27 -!- toli [~toli@ip-62-235-222-134.dsl.scarlet.be] has joined #openvpn
13:27 -!- jrgcombr [~jrocha@177.148.152.3] has quit [Ping timeout: 265 seconds]
13:42 -!- jrgcombr [~jrocha@177.148.152.3] has joined #openvpn
13:45 -!- jimmann [~jimmann@067-060.static.dsl.fonira.net] has quit [Ping timeout: 244 seconds]
13:47 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:47 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 240 seconds]
13:51 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
13:55 -!- dazo is now known as dazo_afk
13:59 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
14:00 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
14:02 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
14:02 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
14:12 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 265 seconds]
14:13 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
14:13 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
14:15 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
14:31 -!- Buff|Away is now known as Buffman
14:33 -!- matt_ [~matt@ccpc-buzzer.bath.ac.uk] has joined #openvpn
14:35 < matt_> hello, incase anybody is inrtested I setup some vpn links using the passtos 8021q patch (feat_passtos) a few years back and there hasn't been any issues yet
14:36 < matt_> i was just about to use it on an existing setup and noticed the NOTE on the newsgroup posting
14:39 -!- sillysau1 [~sillysaus@195.230.24.186] has quit [Quit: WeeChat 1.2]
14:41 < phunyguy> thanks krzee!  Might be exactly what I am looking for.
14:42 -!- Buffman is now known as Buff|Away
14:45 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:52 < TenFingersOfBang> hey everyone
14:53 < jrgcombr> Hi guys, Yesterday I came up with a problem related to asymmetric routing. I think I didn´t make myself clear, so I decided to write blog post about it.
14:53 < jrgcombr> http://blog.jrg.com.br/asymmetric-routing/
14:53 <@vpnHelper> Title: Asymmetric Routing | blog.jrg.com.br (at blog.jrg.com.br)
14:55 < jrgcombr> I think it´s a common ovpn deploy, I think it´s worth to get it weel docummented.
14:56 < jrgcombr> If someone like to have more details, I´ll be happy to get it updated.
14:58 < TenFingersOfBang> Ive noticed tthat when the time on my os changes that openvpn breaks down and reconnects.
14:58 < TenFingersOfBang> is that expected?
14:58 < TenFingersOfBang> is the current date/time/zone somehow related to the encryption?
15:02 < jrgcombr> TenFingersOfBang, I don´t know, but what does it say in the logs?
15:03 < TenFingersOfBang> jrgcombr: it doesnt have logs :/
15:04 < jrgcombr> are the logs disabled?
15:04 < matt_> jrgcombr: if you really want it to go through the gateway at site a you could just add a source route
15:07 < jrgcombr> matt_, I´m just looking for the right way. With the workaroung I´m using today I get lots of ICMP redirects
15:07 < matt_> jrgcombr: I would normally just trust everything inside the vpn's tho, but then I also normally use vlan tags inside the vpns so it wouldn't need to 'route' through the gateway
15:07 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
15:08 < matt_> jrgcombr: yea, the redirects are because the host thats getting the traffic dosn't think it should, as its routing table is saying go out the same interface if came in on
15:08 < matt_> jrgcombr: a redirect will tell the source to go directly to the dest as they are on the same interface, (from a layer2 view_
15:10 < TenFingersOfBang> jrgcombr: yea, and unable to be enabled.
15:11 < jrgcombr> matt_, I didn´t get what you do with vlan tags, but I need to get vpn traffic firewalled due to customer policies.
15:11 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 264 seconds]
15:11 < jrgcombr> I thought about creating a vlan to create a WAN between default gw and openvpn gw.
15:13 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
15:13 < matt_> jrgcombr: yea that would work, as long as you drop the 10.1.0.0/24 network off the default gateway
15:13 < matt_> otherwise you will still have the same problem
15:17 < jrgcombr> I´ll get the post updated with source routing alternative. May I quote you in the post?
15:18 < jrgcombr> TenFingersOfBang, I´ve a Win10 client to test right now. What should I do to reproduce the problem?
15:19 < matt_> jrgcombr: yea sure
15:20 < ValdikSS> jrgcombr: it should be sufficient to bind OpenVPN to exact interface or source IP address. Use bind and local options.
15:25 < matt_> jrgcombr: althought that might work you will probuly get the same icmp redirect issue for traffic from site b to a
15:25 < matt_> jrgcombr: the openvpn gateway will try n tell the default gateway to go direct
15:25 < matt_> to the client
15:26 < jrgcombr> ValdikSS, it´s already binded. my problem is with packts inside the VPN.
15:28 < jrgcombr> matt_, I think I can get rid of ICMP redirects with net.ipv4.conf.all.send_redirects. what do you think?
15:29 < matt_> jrgcombr: yea you can turn them off
15:29 < matt_> i'm guessing they arn't doing anything anyway
15:29 < matt_> i think it was implmented to same traffic going through a hop that it dosn't have to
15:29 < matt_> *save
15:32 < TenFingersOfBang> jrgcombr: you likely cant amigo.  It really was just a general question. This is regrettably my monkey on my back  haha
15:40 < matt_> jrgcombr: your blog post about zero'ed crc's leaving host A1??
15:41 < matt_> jrgcombr: TCP checksum offloading will have that effect, as the network card does the crc calc, and when you look at it on the machine before its left the network card hasn't seen it yet
15:42 < matt_> jrgcombr: it might not be the case, but just though I would say
15:42 < jrgcombr> matt_, I need to get this post updated. It was a problemn related to xen
15:43 < matt_> ahh ok, cool
15:43 -!- Sling [~Sling@freenode/sponsor/about.security.contributor.sling] has left #openvpn []
15:44 < jrgcombr> matt_, when xen detects it is send packts to another VM in the same host it simple don`t do CRC!
15:45 < matt_> humm... intresting
15:45 < jrgcombr> matt_, the receiving NIC is ok with that, but when the packet gets forwarded outside xen the next host doesn´t accept it.
15:46 < matt_> jrgcombr: is that a xen bodge gone wrong? I dont know too much about xen
15:51 < jrgcombr> matt_, It´s like a ¨feature¨. To get things working I`ve set an option called ¨Correct TCP/UDP Checksum Value¨ to true in the virtual NIC driver.
15:51 < matt_> ahh cool
15:52 < jrgcombr> I`ve spent a lot of time before find this...
16:03 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:07 < zChris> Hey, ive been following this guide https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guidehttps://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide , but when i try to connect on a client i get this error Cannot load private key file : error:02001000:system library:fopen:system library: error:20074002:BIO routines:FILE_CTRL:system lib: error:140B0002:SSL
16:07 < zChris> And google doesnt give much information :(
16:07 < zChris> Any suggestion on what can cause the error ?
16:10 < jrgcombr> matt_, I´ve updated the post ¨the broken VPN¨ with solution.
16:11 < jrgcombr> zChris, file permission?
16:11 < zChris> jrgcombr, couldnt be, i open openvpn with admin rights
16:13 < matt_> zChris: what do you have for the key line in the config file?
16:13 < matt_> on the client
16:13 -!- Kireji [~nospam@unaffiliated/kireji] has joined #openvpn
16:14 < matt_> or, whatever you get the error on
16:14 -!- Kireji [~nospam@unaffiliated/kireji] has left #openvpn []
16:17 < zChris> matt_, thanks ! that i had a " too much in the conf
16:17 < zChris> now it complains on self signed certifacte in chain
16:31 < zChris> there we go
16:31 < zChris> thanks all!
16:31 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zvujhgzhbmohgzbb] has quit [Quit: Connection closed for inactivity]
16:32 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
16:43 < zChris> do openvpn take care of routing? So if i VPN in to a computer on 192.168.1.x network, can i automatically use it ? Or do i have to enable push route or something ?
16:45 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:58 < ValdikSS> krzee: https://community.openvpn.net/openvpn/ticket/594
16:58 <@vpnHelper> Title: #594 (HTTPS (SSL) proxy support) – OpenVPN Community (at community.openvpn.net)
17:21 -!- s7eele [~AndChat52@108.61.68.157] has quit [Ping timeout: 260 seconds]
17:21 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 260 seconds]
17:22 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 245 seconds]
17:22 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
17:23 -!- s7eele [~AndChat52@108.61.68.157] has joined #openvpn
17:24 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
18:03 -!- esde is now known as Guest44432
18:05 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
18:05 -!- mode/#openvpn [+v esde] by ChanServ
18:08 -!- Guest44432 [~esde@openvpn/user/esde] has quit [Remote host closed the connection]
18:11 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 240 seconds]
18:23 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
18:27 -!- Buff|Away is now known as Buffman
18:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
18:44 -!- Buffman is now known as Buff|Away
18:46 -!- shio [marmottin@228.188.103.84.rev.sfr.net] has quit [Ping timeout: 244 seconds]
19:15 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 246 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:34 -!- Buff|Away is now known as Buffman
19:48 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
20:09 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
20:14 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 240 seconds]
20:14 -!- TenFingersOfBang is now known as NetworkingPro
20:16 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:22 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 272 seconds]
20:46 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:47 -!- doop [~doop@colostomy.club] has joined #openvpn
21:26 -!- pr4g0 [~pyrobotto@pool-72-66-74-149.washdc.fios.verizon.net] has joined #openvpn
21:34 -!- dranix [~dranix@103.20.170.81] has joined #openvpn
21:35 < dranix> hi everyone
21:35 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
21:46 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 244 seconds]
21:51 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
22:06 -!- SineDeviance [~quassel@2602:306:3908:8eb0:d04:3df4:852f:a922] has quit [Ping timeout: 244 seconds]
22:11 -!- SineDeviance [~quassel@2602:306:3908:8eb0:6d07:5bfe:ce7e:d6d] has joined #openvpn
22:20 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:21 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
22:26 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 246 seconds]
22:28 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
22:28 -!- mode/#openvpn [+v RBecker] by ChanServ
22:29 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Read error: Connection reset by peer]
22:29 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
22:35 -!- pr4g0 [~pyrobotto@pool-72-66-74-149.washdc.fios.verizon.net] has quit []
22:43 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has joined #openvpn
22:44 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:07 -!- Buffman is now known as Buff|Away
23:09 -!- james41382_ is now known as james41382
23:14 -!- ShadniX [dagger@p5DDFCE13.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:16 -!- ShadniX [dagger@p5DDFCAC2.dip0.t-ipconnect.de] has joined #openvpn
23:30 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has quit [Remote host closed the connection]
23:30 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has joined #openvpn
23:31 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has quit [Remote host closed the connection]
23:37 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
23:48 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lihyotlukzmooirl] has joined #openvpn
23:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Wed Aug 12 2015
00:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:25 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 255 seconds]
00:31 < zChris> Anyone alive? I seem to have some unstable issues on my openvpn. Im copying a 100mb file from the vpn server to the client. And it goes like in bursts.. first it maybe downloads 3 mb then it takes a time where it doesnt download anything it just sits and wait then it start agaim. What can cause this?
00:32 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
00:44 < subzero79> zChris, i am no expert, but i would start inspecting the server log if there is any errors there. After that mabe simultaneous tcpdump (client and server) to watch any packet loss or retransmissions
00:45 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
00:45 < zChris> subzero79, alright, have to take a look. tcpdump can be used on windows? or is there a better software?
00:46 < subzero79> wireshark
00:46 < subzero79> also what protocol are you using to download the file?
00:46 < subzero79> samba, nfs, ?
00:47 < zChris> subzero79, think it is samba, its a windows share
00:47 < subzero79> ok, maybe try a simple http server on the server side, with the 100 mm file to check if it suffers from the same
00:47 < zChris> 100mm or mb?
00:48 < subzero79> mb
00:48 < subzero79> if the server is linux you can start a simple http server going to the folder where the file is and python –m SimpleHTTPServer
00:49 < zChris> subzero79, found one thing "Need IPv6 code in mroute_extract_addr_from_packet"
00:50 < subzero79> Do you have ipv6 networks ?
00:51 < zChris> nope
00:52 < subzero79> Don't think is a problem, but you can try an uncheck the ipv6 in windows,
00:52 < zChris> yeah i did that, gonna recopy and see if it is "smoother"
01:10 < zChris> hm
01:10 < zChris> a software have trouble it seems oh well
01:11 < subzero79> what software
01:11 < subzero79> ?
01:12 < zChris> swedish made so it is not wellknown. Not free too :P
01:12 < zChris> It collects data over VPN from a database
01:12 < zChris> takes 1.5 minutes for it to show the results
01:23 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
01:38 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
01:39 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:39 -!- mode/#openvpn [+o mattock2] by ChanServ
01:41 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
02:03 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
02:14 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:16 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
02:36 -!- shio [~shio@122.188.103.84.rev.sfr.net] has joined #openvpn
02:44  * Bl4ckD34Th I`m zback
02:56 < ValdikSS> zChris: could be an MTU issue
03:01 < zChris> ValdikSS, on what device? Router or VPN config ?
03:03 < ValdikSS> zChris: not sure, you should investigate it
03:03 < zChris> ValdikSS, yeah, but im too novice on networks though. Can you point in a direction?
03:04 < ValdikSS> zChris: try adding mssfix 1300 in your client or server config (or both)
03:04 < ValdikSS> zChris: if this helps, this is definitely an mtu issue.
03:04 < zChris> alright i give it a try
03:13 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
03:14 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
03:14 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
03:15 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
03:20 -!- rtb [~rtb@unaffiliated/rtb] has joined #openvpn
03:22 < rtb> hello all! i specify the credentials in a plain text file and provide its path to auth-user-pass as in auth-user-pass /home/user/foo.txt  in the .ovpn file .... but the client asks for the credentials again on the command line after some itme of using and my connection gets dropped if i don't
03:22 < rtb> what is the way out?
03:35 -!- ayaka [~ayaka@121.204.58.68] has left #openvpn ["离开"]
03:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
03:43 -!- eugenmayer [~EugenMaye@HSI-KBW-046-005-180-218.hsi8.kabel-badenwuerttemberg.de] has joined #openvpn
03:43 < eugenmayer> Good moring/whatever. Is it possible to effectivly stop broadcasting on bridged networks on the vpn server?
03:46 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 264 seconds]
03:55 -!- ValdikSS [~valdikss@92.42.31.8] has joined #openvpn
03:56 < ValdikSS> Did anyone have a deal with this problem? http://serverfault.com/questions/639590/gateway-pushed-by-openvpn-is-automatically-replaced
03:56 <@vpnHelper> Title: Gateway pushed by OpenVPN is automatically replaced - Server Fault (at serverfault.com)
03:56 < ValdikSS> krzee: please take a look at it in your spare time.
04:03 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
04:03 -!- suexec [~suexec@voyage.vhost.usr.no] has quit [Ping timeout: 244 seconds]
04:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
04:22 -!- ValdikSS [~valdikss@92.42.31.8] has quit [Ping timeout: 245 seconds]
04:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:45 -!- dazo_afk is now known as dazo
04:51 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:51 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Client Quit]
05:00 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
05:04 -!- jimmann [~jimmann@067-060.static.dsl.fonira.net] has joined #openvpn
05:10 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:29 < ValdikSS> UPD: earlier I recommended to use redirect-gateway option without def1 parameter for OpenVPN. It seems that Windows reverts default route back on every DHCP renew and all your traffic would bypass VPN connection after some time after connect. There is no good fix for OpenVPN yet.
05:31 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Quit: off to do some thoughtcrime]
05:42 < BtbN> There is no good fix for windows.
05:52 < ValdikSS> well it seems that if you use built-in windows things to connect to VPN (like IPsec IKEv2) it works fine
05:53 < ValdikSS> Windows changes metrics for all interfaces to very high values and VPN interface gets low metric
05:53 < ValdikSS> Maybe we should do the same for openvpn, or just to low tap adapter metric?
05:53 < ValdikSS> This could be done with netsh command
06:05 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
06:08 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:10 -!- apollo2k is now known as aPollO2k
06:15 -!- txdv [~unreal@78-56-71-41.static.zebra.lt] has quit [Ping timeout: 240 seconds]
06:24 -!- eugenmayer [~EugenMaye@HSI-KBW-046-005-180-218.hsi8.kabel-badenwuerttemberg.de] has left #openvpn []
06:36 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
06:41 -!- js_ [~js@js.madepeople.se] has joined #openvpn
06:41 < js_> hi, it seems like https communication with apache over the openvpn breaks its connection, and i have no idea why this happens
06:42 < js_> how can i even debug it? it seems so strange that it could be a problem
06:42 -!- jrgcombr [~jrocha@177.148.152.3] has quit [Ping timeout: 265 seconds]
06:43 < js_> but nonetheless, everytime apache (https) over openvpn responds, the openvpn breaks down
06:44 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
06:46 < matt_> js_: if http works but https dosn't and just times out, in my experiance it could be an mtu issue
06:48 < js_> matt_: do you have any more information on that?
06:48 < matt_> but that isn't openvpn specific, although openvpn is quite good at splitting up the larger frames / packets into smaller ones
06:49 < matt_> so the client thinks it can run with an mtu of 1500 as its local network interface is 1500, sends a syn to the server, the mss for the syn is set to 1500
06:50 < matt_> the server looks at this and sends a reply, now in http this would be quite small as it may just be a few headers or something
06:51 < matt_> but in https the server attempts to send a certificate and a bunch of other stuff which are 1500 in size, the packet gets to the far end of the smaller link (with lower mtu) and gets dropped because they dont fit
06:52 < matt_> this normally happens on adsl lines and the adsl modems stamp over the MSS value in the syn packets but can also happen when an extra header is added
06:53 < matt_> so you start with a frame of 1500, add a ip header and another frame over the top and get more than 1500
06:53 <@ecrist> js_: can you share your server and client configs?
06:54 < matt_> js_: I would look at the tun-mtu and link-mtu options
06:54 <@ecrist> matt_: I don't know that I've ever seen MTU break HTTPS
06:55 < js_> ecrist: yes, one second. the problem is that it seems like HTTPS breaks the VPN connection
06:55 <@ecrist> I don't know what that means.
06:56 < js_> matt_: thanks a lot for your explanation, i will look into that. but how do that relate to an MSS value?
06:56 < matt_> ecrist: I have, but only behind an adsl modem, its possiable that this server just happen to have a large cert chain and was the first I noticed it
06:57 < js_> ecrist: a client does a HTTPS request to an apache server running on the openvpn server, and if i for instance have ping running from the client to the server, it suddenly stops pinging. apache says there was an error communicating and the openvpn connection has to be restarted by the client
06:57 < matt_> js_: mss = max segment size, i wouldn't worry about it tho, i would get openvpn to fragment the outer traffic
06:57 < js_> it happens almost instantly as soon as i run the HTTPS request
06:57 < matt_> humm ..
06:58 <@ecrist> sounds odd
06:58 <@ecrist> you're pinging outside the VPN tunnel, or within?
06:58 < js_> very odd, i'm clueless
06:58 < js_> pinging within it
06:58 <@ecrist> and your https request is within the tunnel or outside?
06:58  * ecrist still wants configs
06:58 < js_> also within
06:58 < js_> oh yeah :) sorry
07:02 < js_> server: https://gist.github.com/jonathanselander/2cc5a94656fd0c97b659
07:02 <@vpnHelper> Title: server.conf · GitHub (at gist.github.com)
07:02 < js_> client: https://gist.github.com/jonathanselander/46de0b8ef4f08f17f1cc
07:02 <@vpnHelper> Title: client.conf · GitHub (at gist.github.com)
07:02 < js_> ecrist & matt_  ^
07:04 <@ecrist> contents of the client ccd and the up script, too, please
07:04 <@ecrist> also, A clean log output
07:05 <@ecrist> if you can, shutdown the server daemon, start it up, then connect the client.
07:05 <@ecrist> verb 4
07:07 < matt_> js_: whats the latency like over this link? just out of intrest
07:07 < js_> ecrist: ccd is empty, the other one coming up
07:07 < js_> matt_: ~45 ms
07:08 < js_> ecrist: for the log, do you want us to have crashed the connection as well?
07:08 <@ecrist> yes
07:08 <@ecrist> generally, it's bad practice to use a /16 subnet as a single broadcast domain
07:08 <@ecrist> (line 8 of your server.conf paste)
07:12 < js_> ecrist: log: https://gist.github.com/jonathanselander/2c20cf059f6a1d94b13c
07:12 <@vpnHelper> Title: log · GitHub (at gist.github.com)
07:12 <@ecrist> your log is missing some things from the top
07:13 <@ecrist> lines 239 through 249 are indicative of a firewall issue
07:14 < js_> ecrist: up script: https://gist.github.com/jonathanselander/477ab516c45cd55042b1
07:14 <@vpnHelper> Title: scripts.conf.sh · GitHub (at gist.github.com)
07:15 < matt_> js_: you restarting dns masq?
07:15 < matt_> is that on the client?
07:15 < js_> on the server
07:15 < matt_> humm..
07:15 <@ecrist> what version of openvpn?
07:16 <@ecrist> on client and on server
07:17 <@ecrist> I suspect those ECONNREFUSED errors are your problem
07:18 < js_> ecrist: exactly, and those occur when the https is made
07:18 < js_> it can be running for hours, until the https request is made
07:18 <@ecrist> to what address is the https connection made?
07:18 < matt_> js_: the link-mtu is 1542
07:18 < js_> ecrist: 10.9.0.1
07:18 <@ecrist> are you allowing that in your firewall?
07:19 < matt_> js_: 1542 wont make it over some internet hops
07:19 < js_> ecrist: yes
07:20 <@ecrist> can you share the firewall rules on the openvpn serveR?
07:20 <@ecrist> and what version of openvpn on the client and server?
07:21 < js_> https://gist.github.com/jonathanselander/ef8f1853f50b47439b64
07:21 <@vpnHelper> Title: Openvpn on client, ubuntu 12.04 LTS 64 bit · GitHub (at gist.github.com)
07:21 < js_> https://gist.github.com/jonathanselander/0c5dc33299e7428bcabe
07:21 <@vpnHelper> Title: openvpn on server, debian 7.8 64 bit · GitHub (at gist.github.com)
07:22 <@ecrist> your client config is missing the remote line
07:22 < matt_> js_: would you be able to try setting link-mtu 1400 on both the client and server, n see what happens?
07:22 < js_> ecrist: https://gist.github.com/jonathanselander/77d7fac1341b33827d56
07:22 <@vpnHelper> Title: openvpn server iptables · GitHub (at gist.github.com)
07:22 < js_> ecrist: yes, we removed that
07:22 <@ecrist> why?
07:22 < js_> for the sake of the paste (a colleague sent it to me)
07:23 <@ecrist> we already know the server address...
07:23 < matt_> ecrist: removed it from the git post, so its not public
07:23 < js_> i know, i made the other paste :)
07:23 < js_> matt_: i will try that
07:24 <@ecrist> js_: the problem with changing configs and such for the sake of a paste is that you might not think what you're removing is part of the problem, when in reality it can actually be the problem.  Same goes for configs, logs, firewall rules, etc.
07:24 <@ecrist> !topsecret
07:24 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
07:25 <@ecrist> and, for the love of god, update your version of openvpn
07:25 <@ecrist> I won't help you futher until you do
07:26 < js_> ecrist: 1. i know, 2. ok
07:26 <@ecrist> 2.2.1 was released in July 2011
07:26 <@ecrist> it's ancient
07:30 < js_> matt_: trying link-mtu 1400 gave us progress! we get a 403 from our web server (unrelated to the connection) and our ping is still active
07:30 < matt_> js_: ok, somewhere along that path PMTU discovery is broken
07:32 < matt_> erm.. pmtu uses icmp, its possiable a remote host along that hop is sending a icmp message back to the client or server which says it cant delivery the message as it was too big
07:33 < matt_> so the (im guessing) server dosn't recv it and openvpn uses a link-mtu thats too large
07:33 <@ecrist> !mtu
07:33 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
07:33 < matt_> try, temp, allowing icmp from anything on the server
07:33 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
07:34 < matt_> js_: infact, the 'problems' section on Path_MTU_Discovery wikipedia page says about alloing icmp type 3
07:35 < matt_> js_: but I would test with just allowing all icmp messages, take out the link-mtu statement in the configs and see if it still works
07:36 -!- jimmann [~jimmann@067-060.static.dsl.fonira.net] has quit [Ping timeout: 252 seconds]
07:39 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:44 < zChris> Is there something i should think of when im using openvpn and remote desktop ?
07:48 < matt_> zChris: tcp over tcp can cause slow display updates
07:48 < matt_> if the outer tcp gets dropped the inner tcp will struggle
07:49 < zChris> matt_, this is not about udp tcp in server/client conf?
07:49 < zChris> becouse i have UDP there
07:49 < matt_> zChris: ok, i'm not aware of anything else that could be a problem
07:49 < zChris> matt_, great :D
07:52 -!- welling [~welling@vh0st.tk] has joined #openvpn
07:53 < js_> matt_: the 1400 settings made everything work, thanks a lot for helping out
07:54 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
07:57 <@ecrist> js_: glad you have it working.  I still strongly suggest you upgrade openvpn
07:57 < js_> ecrist: noted
07:59 < zChris> perhaps mtu on 1400 is sometthing everyone should try ?
08:02 < matt_> js_: np, but I wouldn't rely on it, I would try to fix pmtu discovery
08:03 < matt_> js_: openvpn should figure that value out for itself, theres a reason why its not, but then its your system, so your choice
08:03 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
08:11 < zChris> how can i see what mtu openvpn currenly is using?
08:15 < matt_> zChris: it will be in the log, i'm not sure what verb level tho
08:15 < zChris> matt_, client log ?
08:15 < matt_> zChris: there should be a line like:  213.113.129.60:47460 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
08:17 < zChris> nothing on the client side
08:17 < zChris> checking server side
08:17 < matt_> zChris: humm, I would of thought it would be on both
08:17 < matt_> zChris: you might need verb 4
08:18 < zChris> matt_, mtu seems to be 1500
08:19 < matt_> zChris: cool, thats good, thats the default used for most things
08:20 < zChris> matt_, im looking here https://secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting and the command for windows i try -l 1500, then i get fragmented is needed, should i lower it to 1450 ? (1450 works)
08:20 <@vpnHelper> Title: OpenVPN/Troubleshooting - Secure Computing Wiki (at secure-computing.net)
08:20 -!- jrgcombr [~jrocha@177.148.152.3] has joined #openvpn
08:23 < matt_> zChris: I would, personally let openvpn figure it out for itself and fix the links if it cant, but it sounds like if you have a link-mtu of 1500 and you add stuff on it will be larger than 1500 and wont fit
08:23 < matt_> if you start with 1500 and add on an ip header and then an ethernet frame header it will grow
08:24 < matt_> so the software, and your math if your doing it will need to pick a size that will create a 1500 frame after the additional headers have been added on
08:24 < zChris> matt_, on the server side it says "Tue Aug 11 10:47:49 2015 /sbin/ip link set dev tun0 up  mtu 1500", and then when i on the client (windows) try to -l 1500 fragmented is needed (1450 does not though)
08:25 < matt_> zChris: i'm not sure what -l is but i'm guessing -l is link-mtu which is the max size for packets carrying the openvpn traffic
08:25 < matt_> so the ones sent over the internet, directly
08:26 < zChris> Question is if the ping on windows machine is 1500 RAW and then it adds the headers. Then i passes over 1500
08:26 < matt_> the ip mtu setting is the max mtu of the encap'ed traffic
08:26 < matt_> yea, a ping of 1500 create a larger IP packet
08:27 < matt_> unless the ping software your using takes that into account
08:27 < matt_> .. and takes it off
08:28 < matt_> zChris: what are you using to ping? windows ping?
08:29 < zChris> matt_, yeah at  first, now i tried with linux ping which seems more accurate in displaying info. On the server side it works okey with a mtu 1500
08:29 < zChris> since i do a ping 1472 it shows the actually package size in () which equals to 1500
08:30 < matt_> cool
08:33 < zChris> good then i dont have to worry about that :D
08:45 -!- jrgcombr [~jrocha@177.148.152.3] has quit [Ping timeout: 246 seconds]
08:49 -!- jrgcombr [~jrocha@179.34.154.138] has joined #openvpn
08:50 -!- kuahara [~kuahara@cpe-66-69-147-81.sw.res.rr.com] has quit [Read error: Connection reset by peer]
08:55 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
08:57 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
09:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
09:12 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
09:21 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
09:23 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has joined #openvpn
09:25 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:26 -!- aPollO2k is now known as apollo2k
09:28 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
09:29 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
09:31 -!- ayaka [~ayaka@121.204.58.68] has joined #openvpn
09:32 < ayaka> I add some obfuscation to openvpn protocol, like xor, but I find only openvpn worked in tcp, it will works
09:33 < ayaka> in the udp protocol, the GFW in China will disturb it
09:33 < ayaka> but I wonder whether the GFW cause it or just network traffic jam problem?
09:37 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 272 seconds]
09:54 < mescon> I'm trying to do port forwarding from my router to a service on a machine inside my network. The machine inside my network has an openvpn client running with redirect-gateway def1 set... (i want services running on that machine to use the vpn tunnel to download stuff)... however, when I try open that service from my LAN things work fine - but when trying to access them from my external IP it doesnt work... is there some way to make the openvpn
09:54 < mescon> client route requests originating from my router/forwarded by my router to go back the same way?
09:54 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:55 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:55 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
10:02 <@ecrist> not with def1
10:02 <@ecrist> unless you nat that traffic from your router to your other machine, and provide a static route
10:05 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-ecyswvbfthjvuwio] has quit [Ping timeout: 244 seconds]
10:05 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 244 seconds]
10:06 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Ping timeout: 244 seconds]
10:07 < mescon> ecrist, any pointers?
10:07 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-lzmcwbtusktlaxkw] has joined #openvpn
10:07 < mescon> what i should use instead? or should I look to policy based routing (rt_tables)?
10:08 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
10:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:14 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
10:33 < mescon> ecrist, please... any pointers in the right direction would be much appreciated - im pulling my hair here :(
10:33 -!- esde is now known as esde1
10:36 -!- Buff|Away is now known as Buffman
10:39 -!- mescalito [~mescalito@unaffiliated/mescal] has quit [Quit: mescalito]
10:51 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lihyotlukzmooirl] has quit [Quit: Connection closed for inactivity]
10:51 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 245 seconds]
10:51 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
10:52 -!- rtb [~rtb@unaffiliated/rtb] has quit [Quit: Leaving]
10:54 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
10:56 -!- Buffman is now known as Buff|Away
10:56 -!- Buff|Away is now known as Buffman
11:02 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
11:03 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:03 -!- Telvana [~digits@185.21.217.27] has joined #openvpn
11:06 -!- Buffman is now known as Buff|Away
11:18 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
11:29 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:49 -!- Buff|Away is now known as Buffman
12:06 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has quit [Remote host closed the connection]
12:07 -!- Buffman is now known as Buff|Away
12:07 -!- Buff|Away is now known as Buffman
12:13 -!- Buffman is now known as Buff|Away
12:16 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
12:17 -!- Buff|Away is now known as Buffman
12:27 -!- Buffman is now known as Buff|Away
12:29 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has joined #openvpn
12:35 < jrgcombr> mescon, ping
12:43 -!- esde1 is now known as esde
13:00 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 256 seconds]
13:04 -!- dazo is now known as dazo_afk
13:06 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
13:09 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:18 < ValdikSS> krzee: please also take a look at https://community.openvpn.net/openvpn/ticket/594
13:18 <@vpnHelper> Title: #594 (HTTPS (SSL) proxy support) – OpenVPN Community (at community.openvpn.net)
13:18 < mescon> jrgcombr, i got some help over at #networking and https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System did the trick for me :)
13:18 <@vpnHelper> Title: Two Default Gateways on One System - Thomas-Krenn-Wiki (at www.thomas-krenn.com)
13:18 -!- Buff|Away is now known as Buffman
13:18 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
13:28 -!- Buffman is now known as Buff|Away
13:28 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
13:29 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-goasmjokxhwuvasb] has joined #openvpn
13:33 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
13:49 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has quit [Remote host closed the connection]
13:55 -!- Buff|Away is now known as Buffman
14:01 -!- Buffman is now known as Buff|Away
14:06 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
14:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
14:08 -!- Buff|Away is now known as Buffman
14:13 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Remote host closed the connection]
14:13 -!- Buffman is now known as Buff|Away
14:16 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:18 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
14:18 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
14:26 -!- toli [~toli@ip-62-235-222-134.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
14:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 272 seconds]
14:27 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has joined #openvpn
14:29 -!- Buff|Away is now known as Buffman
14:36 -!- k0nsl [~k0nsl@209.141.39.33] has quit [Quit: “If we don't believe in freedom of expression for people we despise, we don't believe in it at all — Noam Chomsky”]
14:36 -!- Buffman is now known as Buff|Away
14:37 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
14:37 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Client Quit]
14:37 -!- k0nsl [~k0nsl@209.141.39.33] has joined #openvpn
14:37 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
14:37 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Client Quit]
14:38 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
14:41 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
14:47 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:51 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
14:52 -!- toli [~toli@ip-62-235-222-134.dsl.scarlet.be] has joined #openvpn
14:53 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
14:56 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:56 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
15:00 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
15:01 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
15:03 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
15:15 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
15:16 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
15:17 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:20 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Reboot? Or did my jail(8) just die?]
15:21 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has joined #openvpn
15:25 -!- Buff|Away is now known as Buffman
15:25 -!- SineDeviance [~quassel@2602:306:3908:8eb0:6d07:5bfe:ce7e:d6d] has quit [Ping timeout: 244 seconds]
15:26 -!- SineDeviance [~quassel@2602:306:3908:8eb0:b943:abaf:af45:3e87] has joined #openvpn
15:37 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 265 seconds]
15:45 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:51 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has quit [Remote host closed the connection]
15:53 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has joined #openvpn
16:10 -!- pr4g0 [~pr4g0@pool-72-66-74-149.washdc.fios.verizon.net] has quit []
16:13 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has quit [Remote host closed the connection]
16:14 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has joined #openvpn
16:17 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
16:25 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has quit [Ping timeout: 244 seconds]
16:47 -!- toli [~toli@ip-62-235-222-134.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
16:48 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
16:51 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
16:56 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
16:57 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:59 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
17:02 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has joined #openvpn
17:07 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
17:07 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has quit [Remote host closed the connection]
17:10 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has joined #openvpn
17:27 -!- toli [~toli@ip-62-235-214-167.dsl.scarlet.be] has joined #openvpn
17:28 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has quit [Remote host closed the connection]
17:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 244 seconds]
17:53 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
18:01 -!- Buffman is now known as Buff|Away
18:01 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-goasmjokxhwuvasb] has quit [Quit: Connection closed for inactivity]
18:02 -!- Buff|Away is now known as Buffman
18:46 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:02 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
19:07 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Read error: Connection reset by peer]
19:07 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
19:34 -!- Deg2 is now known as degs
19:34 -!- degs is now known as deg2
20:10 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
20:14 -!- Buffman is now known as Buff|Away
20:34 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
21:19 -!- Buff|Away is now known as Buffman
21:24 -!- Buffman is now known as Buff|Away
21:35 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
21:43 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 246 seconds]
21:46 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
21:46 -!- SineDeviance [~quassel@2602:306:3908:8eb0:b943:abaf:af45:3e87] has quit [Ping timeout: 244 seconds]
21:46 -!- Buff|Away is now known as Buffman
21:47 -!- SineDeviance [~quassel@2602:306:3908:8eb0:b943:abaf:af45:3e87] has joined #openvpn
21:54 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
22:06 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 272 seconds]
22:13 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
22:18 -!- shio [~shio@122.188.103.84.rev.sfr.net] has quit [Quit: Leaving]
23:09 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 240 seconds]
23:13 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
23:14 -!- ShadniX [dagger@p5DDFCAC2.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:14 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
23:14 -!- ShadniX_ [dagger@p5DDFCE33.dip0.t-ipconnect.de] has joined #openvpn
23:14 -!- ShadniX_ is now known as ShadniX
23:18 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
23:28 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-uwtorygyixvkknbq] has joined #openvpn
23:42 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:49 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
23:57 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
--- Day changed Thu Aug 13 2015
00:16 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [K-Lined]
00:18 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:43 -!- Buffman is now known as Buff|Away
00:50 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:51 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
00:52 -!- AMERICAN_PSYCHO [~AMERICAN_@212.sub-70-196-16.myvzw.com] has joined #openvpn
01:00 -!- wowaname is now known as woanamee
01:00 -!- woanamee is now known as woaname
01:00 -!- woaname is now known as wowaname
01:17 -!- apollo2k is now known as aPollO2k
01:37 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 260 seconds]
01:43 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:57 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
01:59 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
01:59 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:04 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
02:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:23 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
02:24 -!- pfeyz [~pfeyz@web200.webfaction.com] has quit [Ping timeout: 246 seconds]
02:25 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
02:26 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Remote host closed the connection]
02:31 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has joined #openvpn
02:34 -!- SineDeviance [~quassel@2602:306:3908:8eb0:b943:abaf:af45:3e87] has quit [Ping timeout: 246 seconds]
02:35 -!- SineDeviance [~quassel@2602:306:3908:8eb0:b943:abaf:af45:3e87] has joined #openvpn
02:36 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Remote host closed the connection]
02:39 -!- moriko [~moriko@c186-45.i02-7.onvol.net] has joined #openvpn
02:41 -!- Netsplit *.net <-> *.split quits: liriel, someone, r00t^2, Kerberos76, phreakocious, Zimsky
02:43 -!- Netsplit over, joins: liriel, phreakocious, someone, Kerberos76, Zimsky, r00t^2
02:43 -!- infernix [nix@unaffiliated/infernix] has quit [Max SendQ exceeded]
02:44 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Max SendQ exceeded]
02:45 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 265 seconds]
02:45 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 265 seconds]
02:45 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 265 seconds]
02:46 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 256 seconds]
02:46 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 256 seconds]
02:47 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
02:52 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
02:52 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
02:53 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
02:54 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
02:56 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
03:12 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
03:13 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
03:26 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has quit [Remote host closed the connection]
03:33 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has joined #openvpn
03:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:53 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
04:06 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:43 -!- dazo_afk is now known as dazo
04:45 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
04:47 -!- jimmann [~jimmann@067-060.static.dsl.fonira.net] has joined #openvpn
04:48 < jimmann> if i setup a client server openvpn instance, with a server A and two clients B and C. Will all traffic from B to C traverse through A ?
04:53 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Remote host closed the connection]
04:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
05:09 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Quit: leaving]
05:09 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
05:18 -!- mungustas [~arnas@ns37306.ip-91-121-4.eu] has joined #openvpn
05:19 -!- moriko [~moriko@c186-45.i02-7.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:20 < mungustas> hi, when connected to a VPN I cannot access ip's on server's local network, how do I fix, debug it ?
05:24 < Tools> I think there's something with routes to be added. I've never used, so I'm not that known in that area..
05:26 < jimmann> mungustas: you will need to set up routing. try looking at the bottom of the page here: https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
05:26 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
05:35 < mungustas> server 192.168.87.0 255.255.255.0
05:35 < mungustas> push "route 192.168.53.0 255.255.255.0"
05:36 < mungustas> in openvpn/server.conf I guess I am pushing the route
06:03 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
06:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
06:17 -!- moriko [~moriko@c186-45.i02-7.onvol.net] has joined #openvpn
06:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:37 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 240 seconds]
06:38 -!- tparcina [~tomo@212.92.200.41] has joined #openvpn
06:38 < tparcina> How can a user change his passphrase?
06:40 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
06:41 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has quit [Remote host closed the connection]
06:44 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has joined #openvpn
06:48 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has quit [Remote host closed the connection]
06:50 -!- Ischabaha [~Ischabaha@104.167.116.212] has joined #openvpn
06:51 -!- Ischabaha [~Ischabaha@104.167.116.212] has left #openvpn []
07:02 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
07:07 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
07:09 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
07:10 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
07:12 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has joined #openvpn
07:16 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:20 -!- moviuro [~moviuro@2001:41d0:e:10a7::7a:6e63] has quit [Remote host closed the connection]
07:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:36 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
07:38 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:02 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
08:04 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
08:04 -!- moriko [~moriko@c186-45.i02-7.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:10 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
08:12 -!- NetworkingPro is now known as ArgghThePornPira
08:12 -!- ArgghThePornPira is now known as PornPirate
08:15 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:24 <+esde> I love the image at the top of calomel.org today
08:26 -!- bchlr [~irc@giskard.bchlr.de] has joined #openvpn
08:26 -!- brain0 [~brain0@archlinux/developer/brain0] has joined #openvpn
08:29 < brain0> I have a private key protected with a passphrase
08:29 < brain0> whenever I want to start openvpn via systemd, since version 2.3.8, I get the message: neither stdin nor stderr are a tty device, can't ask for Private Key password.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
08:30 < brain0> I added askpass to the configuration file, but that didn't change anything
08:30 < brain0> it seems to me that systemd-ask-password is no longer called
08:31 < brain0> or, the check whether stdin is a tty is performed and aborts, even though systemd-ask-password would still work
08:31 < brain0> last version that worked for me was 2.3.6, tried to upgrade vom 2.3.6 to 2.3.8 today
08:31 <@plaisthos> brain0: oh yeah
08:32 <@plaisthos> brain0: we had a couple of problem with that patch
08:32 < brain0> is a solution commited already?
08:33 < brain0> or is there some configuration I am missing?
08:33 <@plaisthos> brain0: no and no
08:33 <@plaisthos> we had a similar problem on windows which is patched now
08:34 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:35 -!- AMERICAN_PSYCHO [~AMERICAN_@212.sub-70-196-16.myvzw.com] has quit [Ping timeout: 255 seconds]
08:36 < brain0> is anyone working on this problem?
08:36 < brain0> some bug I could track?
08:37 <@plaisthos> brain0: did you try using the option askpass?
08:37 < brain0> yes
08:37 < brain0> did not change anything
08:37 < brain0> (I put it into the configuration file)
08:38 <@plaisthos> best way of action is describe your setup on #openvpn-devel (proably need to idle a few hours there before someone answers) or write an email to the openvpn-devel mailing list
08:40 -!- mungustas [~arnas@ns37306.ip-91-121-4.eu] has quit [Quit: Lost terminal]
08:42 < brain0> I'll write to the list (at least I'll put it on the todo list)
08:43 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
09:02 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
09:09 -!- tparcina [~tomo@212.92.200.41] has quit [Ping timeout: 246 seconds]
09:10 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
09:13 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
09:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
09:21 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
09:22 -!- tparcina [~tomo@212.92.200.41] has joined #openvpn
09:22 -!- tparcina [~tomo@212.92.200.41] has left #openvpn []
09:25 -!- mikhael_k33hl [2be2071a@gateway/web/freenode/ip.43.226.7.26] has joined #openvpn
09:25 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:25 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:25 < mikhael_k33hl> My client can ping the OpenVPN server but not other clients, how do I make sure that the other clients have a route back to the client?
09:25 -!- bbert [~bbert@unaffiliated/bbert] has joined #openvpn
09:46 < moviuro> mikhael_k33hl read the manual, it's client-to-client IIRC
09:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
09:51 < mikhael_k33hl> moviuro: Nah, stikll can't ping other clients on other subnets even if I already pushed them
09:55 -!- Buff|Away is now known as Buffman
10:00 -!- Buffman is now known as Buff|Away
10:01 < DArqueBishop> mikhael_k33hl, do you have IP forwarding enabled on the OpenVPN server? If so, do the other subnets' gateways (provided they're not OpenVPN clients) have routing information for the OpenVPN subnet in them>
10:05 < mikhael_k33hl> DArqueBishop: The making sure that other clients have routing information for the OpenVPN subnet in them is what I'm confused about, I'm doing an OpenVPN setup in AWS. Do you happen to be familiar with it?
10:05 -!- Buff|Away is now known as Buffman
10:07 -!- mikhael_k33hl [2be2071a@gateway/web/freenode/ip.43.226.7.26] has quit [Quit: Page closed]
10:27 -!- aPollO2k is now known as apollo2k
10:33 -!- Buffman is now known as Buff|Away
10:43 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
10:52 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
10:54 -!- PornPirate is now known as NetworkingPro
10:56 -!- Buff|Away is now known as Buffman
10:57 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
11:04 -!- bbert [~bbert@unaffiliated/bbert] has quit [Quit: Leaving]
11:16 -!- r00t^2 is now known as soandso
11:16 -!- soandso is now known as r00t^2
11:23 -!- Buffman is now known as Buff|Away
11:24 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
11:29 -!- Buff|Away is now known as Buffman
11:37 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
11:42 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:44 -!- shio [marmottin@122.188.103.84.rev.sfr.net] has joined #openvpn
11:53 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:27 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 244 seconds]
12:28 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 260 seconds]
12:41 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
12:44 -!- wowaname is now known as kush
12:45 -!- Codmadnesspro [~Codmadnes@codmadnesspro.com] has quit [Ping timeout: 256 seconds]
12:49 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
12:58 -!- dym [~patrick@unaffiliated/dym] has joined #openvpn
12:59 < dym> Hey! Im running a vpn server with p2p clients that get assigned public ip adresses from the server and are then reachable via those. Now i was wondering if it may be possible to spawn a vpn server on one of those clients, that would enable me to connect to said client via the public ip address mentioned, so i can access the private network the client is connected to (with a private ip too)
13:01 -!- Buffman is now known as Buff|Away
13:01 -!- kush is now known as wowaname
13:02 -!- Buff|Away is now known as Buffman
13:05 < Chex> Hello: I am trying to setup a IPv6 tunnel from a remote VPS with OpenVPN server, to my Tomato-USB V6 enabled router/client at home to use a configured /64 network, and I cannot seem to get the routing configs correct on the router end..
13:05 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 260 seconds]
13:05 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:06 < Chex> I have server-ipv6 2600:3c03:e001:3800::/64 as my server side network, and the network I am trying to push over to my home LAN on the router is 2600:3c03:e001:3801::/64.  But OpenVPN keeps trying to assign 3800::1 on the remote end tun11 interface, and I cannot figure out why. I assume it should be 3800::2 , yes?
13:07 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
13:11 < dym> https://docs.google.com/drawings/d/1rk5BUmphoVy7x_pJFMfWDz5J5aSXaBjKJUuz7U1f8i4/edit?usp=sharing
13:11 <@vpnHelper> Title: VPN Schematic - Google Drawings (at docs.google.com)
13:11 < dym> Something like this
13:11 < dym> Possible?
13:12 -!- dazo is now known as dazo_afk
13:14 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
13:16 < Chex> dym: just looking at that, it seems doable, yes
13:17 < dym> Chex: but i need to spawn the VPN Server ontop of an established tunnel
13:17 < DArqueBishop> It does seem a bit overcomplicated, though.
13:17 < dym> DArqueBishop: I need to access a remote network and dont have public ip addresses there
13:17 < dym> other ideas?
13:17 < dym> i already have the vpn server with public ip clients
13:18 < dym> i want to be able to snap a raspberry pi (or similar) to a foreign network, grab a dhcp ip via eth0 and then fire up the tunnels
13:18 < dym> so in the end i can simply connect to the box remotely via it's public ip
13:19 < dym> Problem i see is that the server needs to be spawned ontop of an existing tunnel
13:19 < dym> how do i make sure the tunnel is there, before spawning the server?
13:20 < dym> i know clients will constantly retry connect
13:20 < dym> but do servers respawn if their IF is missing?
13:22 < dym> im also open for ideas
13:32 < Chex> dym: yeah, not really sure, never tried to set that up before
13:32 < dym> cheers anyways :D
13:40 -!- mcp [~mcp@wolk-project.de] has quit [Remote host closed the connection]
13:43 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
13:43 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
13:56 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
14:04 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
14:05 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:05 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:09 -!- wowaname is now known as grinchier
14:10 -!- grinchier is now known as wowaname
14:10 -!- Cosmoe [~Freenode@5.135.158.60] has joined #openvpn
14:11 -!- Buffman is now known as Buff|Away
14:11 < Cosmoe> alright chaps ...
14:11 < Cosmoe> any chance anyone has had any experience with pushing per user traffic through an openvpn connection using secondary routing tables?
14:16 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
14:19 -!- Buff|Away is now known as Buffman
14:28 -!- pppingme is now known as Cruz4prez
14:36 -!- Buffman is now known as Buff|Away
14:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:37 -!- s7eele [~AndChat52@108.61.68.157] has quit [Quit: Bye]
14:43 < mystica555> Cosmoe: im pretty sure there's a chance... what do you want to do exactly?
14:44 < Cosmoe> well, I actually had this working
14:44 < Cosmoe> I've set up an openvpn tunnel, which connects fine, then I've set up iptables to mangle packets based on a user id and then push them through a second routing table which goes out through the tunnel
14:45 < Cosmoe> I then needed to set rf_filter to 2 for that interface
14:45 < Cosmoe> this worked some time ago, though for some reason I've returned to it today and it's not quite working as I expect
14:45 < Cosmoe> the second user's packets are clearly being filtered through the second routing table, they just don't seem to be going anywhere
14:45 < mystica555> hm
14:45 < Cosmoe> bit stumped as to where to start troubleshooting
14:46 < mystica555> ive not explicitly done that myself, but does sound like what i need to do at somepoint here..
14:46 < mystica555> the multiple user mangling/routing
14:46 < Cosmoe> yeah, now the bit that confuses me is why it's stopped working
14:46 < mystica555> any upgrades of your distro or openvpn itself?
14:46 < Cosmoe> no, I've not done an upgrade since then
14:46 < mystica555> hm
14:47 < mystica555> have you filled conntrack tables or something of that nature?
14:47 < Cosmoe> one silly thing is that I haven't actually rebooted the machine in a while
14:47 < Cosmoe> nah, I've not
14:47 < Cosmoe> let me just give the machine a quick reboot, it'll drop my bnc so I'll be back in a sec ...
14:47 < mystica555> ok
14:47 < mystica555> i might go across the room and grab something to eat
14:48 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 260 seconds]
14:49 -!- Cosmoe [~Freenode@5.135.158.60] has quit [Read error: Connection reset by peer]
14:51 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
14:51 -!- Cosmoe [~Freenode@ks3301831.kimsufi.com] has joined #openvpn
14:51 < Cosmoe> alrighty, at least the machine still exists, that's a good sign
14:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
14:53 < Cosmoe> yeah, looks like it's still dead, but the second routing table is definitely there
14:53 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
14:55 < Cosmoe> the weird thing is that it's able, somehow, to do DNS resolution and ping
14:55 < Cosmoe> I'm using 'proto tcp' in the config so I guess it's pushing udp over the standard route
15:01 < mystica555> not sure.. :\
15:02 -!- mescalito [~mescalito@unaffiliated/mescal] has quit [Quit: mescalito]
15:02 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
15:05 < Cosmoe> the biggest problem here mystica555 is that it's hard to troubleshoot whether it's an issue with the openvpn tunnel or the iptables rules
15:05 < Cosmoe> because it's a remote machine, if I just connect the tunnel and let it set it up as the default root, I can no longer talk to the machine
15:07 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
15:12 < Chex> 223
15:12 < mystica555> not sure myself
15:14 < endzYme> thanks krzee
15:18 -!- Buff|Away is now known as Buffman
15:48 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
15:53 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Remote host closed the connection]
15:55 -!- Buffman is now known as Buff|Away
15:57 -!- Buff|Away is now known as Buffman
15:59 -!- master_of_master [~master_of@p4FD7B07A.dip0.t-ipconnect.de] has joined #openvpn
16:03 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
16:06 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:10 -!- mescalito [~mescalito@unaffiliated/mescal] has quit [Quit: mescalito]
16:12 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
16:15 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
16:20 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
16:23 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 250 seconds]
16:37 -!- s34n [~chatzilla@104.152.131.130] has joined #openvpn
16:38 < s34n> I just shutdown my openvpn server, changed the ca and server certs and tried to restart. It won't start.
16:41 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-uwtorygyixvkknbq] has quit [Quit: Connection closed for inactivity]
16:44 < Thermi> What a descriptive error message, wow.#
17:08 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Read error: Connection reset by peer]
17:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
17:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
17:08 -!- mode/#openvpn [+o mattock1] by ChanServ
17:11 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
17:14 -!- wowaname is now known as UncleTom
17:20 < Chex> s34n: something wrong with the new cerst then
17:20 < Chex> s34n: put the old ones back, fire it up and try them again
17:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
17:44 -!- akkad [akkad@166.84.6.60] has joined #openvpn
17:45 < akkad> which one is more critical to secure the user.crt or the user.key?
17:48 -!- Buffman is now known as Buff|Away
17:54 -!- Buff|Away is now known as Buffman
17:59 -!- s34n [~chatzilla@104.152.131.130] has quit [Ping timeout: 260 seconds]
18:01 -!- Buffman is now known as Buff|Away
18:07 -!- Buff|Away is now known as Buffman
18:12 -!- adraenwan [~quassel@vanguard.tfnux.org] has quit [Remote host closed the connection]
18:14 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
18:17 -!- adraenwan [~quassel@vanguard.tfnux.org] has joined #openvpn
18:20 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:27 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
18:27 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
18:28 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
18:32 -!- brain0 [~brain0@archlinux/developer/brain0] has quit [Quit: leaving]
18:55 -!- Codmadnesspro [~Codmadnes@codmadnesspro.com] has joined #openvpn
18:58 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Ping timeout: 244 seconds]
19:04 -!- SineDeviance [~quassel@2602:306:3908:8eb0:b943:abaf:af45:3e87] has quit [Ping timeout: 246 seconds]
19:06 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 245 seconds]
19:07 -!- SineDeviance [~quassel@2602:306:3908:8eb0:649f:1732:c70e:ae1b] has joined #openvpn
19:09 -!- Gwoplock [~quassel@2602:306:838a:cbd0:922b:34ff:fea1:efa1] has quit [Ping timeout: 246 seconds]
19:19 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
19:23 -!- Buffman is now known as Buff|Away
19:27 -!- RandomName12345 [~TikityTik@162.223.44.49] has joined #openvpn
19:27 -!- RandomName12345 [~TikityTik@162.223.44.49] has quit [Remote host closed the connection]
19:29 -!- Buff|Away is now known as Buffman
19:32 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Ping timeout: 256 seconds]
19:35 -!- Buffman is now known as Buff|Away
19:41 -!- SineDeviance [~quassel@2602:306:3908:8eb0:649f:1732:c70e:ae1b] has quit [Ping timeout: 244 seconds]
19:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
19:42 -!- SineDeviance [~quassel@2602:306:3908:8eb0:649f:1732:c70e:ae1b] has joined #openvpn
19:43 -!- Buff|Away is now known as Buffman
19:49 -!- Buffman is now known as Buff|Away
19:52 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 240 seconds]
19:54 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
20:06 -!- Buff|Away is now known as Buffman
20:25 -!- SineDeviance [~quassel@2602:306:3908:8eb0:649f:1732:c70e:ae1b] has quit [Ping timeout: 246 seconds]
20:26 -!- SineDeviance [~quassel@2602:306:3908:8eb0:649f:1732:c70e:ae1b] has joined #openvpn
20:36 -!- UncleTom is now known as wowaname
20:42 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 264 seconds]
20:44 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
20:51 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
20:56 -!- shio [marmottin@122.188.103.84.rev.sfr.net] has quit [Quit: Leaving]
21:06 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has quit [Ping timeout: 272 seconds]
21:07 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
21:08 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has joined #openvpn
21:37 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:50 -!- Buffman is now known as Buff|Away
22:15 -!- SineDeviance [~quassel@2602:306:3908:8eb0:649f:1732:c70e:ae1b] has quit [Ping timeout: 244 seconds]
22:15 -!- SineDeviance [~quassel@2602:306:3908:8eb0:649f:1732:c70e:ae1b] has joined #openvpn
22:42 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Read error: Connection reset by peer]
22:43 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
22:56 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ezathybzgxrjevax] has joined #openvpn
23:12 -!- ShadniX [dagger@p5DDFCE33.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:12 -!- ShadniX_ [dagger@p5DDFCB13.dip0.t-ipconnect.de] has joined #openvpn
23:12 -!- ShadniX_ is now known as ShadniX
23:20 -!- JHartig [~JHartig@64.238.189.157] has joined #openvpn
23:21 < JHartig> I'm having trouble with clients talking between 2 subnets
23:21 < JHartig> I have 2 openvpn servers, one on 10.42.x.x and another 10.43.x.x and theres a openvpn client connection between them
23:22 < JHartig> 10.42.0.1 (server) can talk to 10.43.0.1 and all the clients under 43
23:22 < JHartig> but clients under 42 can't talk to clients under 43 and vice versa
23:42 -!- early [~early@105.ip-167-114-152.net] has quit [Quit: Leaving]
23:43 -!- wowaname [h@mous.pw] has quit [Killed (Sigyn (Spam is off topic on freenode.))]
23:46 -!- wowaname [h@2602:ffb0:4:2:666:1337:dead:beef] has joined #openvpn
--- Day changed Fri Aug 14 2015
00:00 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
00:02 -!- zChris is now known as Christoffer
00:02 -!- Christoffer is now known as zChris
00:05 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
00:16 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
00:17 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
00:37 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
00:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:48 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
01:21 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ezathybzgxrjevax] has quit [Quit: Connection closed for inactivity]
01:41 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 240 seconds]
01:42 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
01:49 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 255 seconds]
01:52 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
01:53 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
01:55 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
01:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
01:59 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Client Quit]
02:00 -!- JHartig [~JHartig@64.238.189.157] has quit [Quit: Bye!]
02:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:01 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
02:02 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
02:02 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
02:05 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Client Quit]
02:08 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
02:11 -!- zChris [~zChris@unaffiliated/zchris] has quit [Ping timeout: 246 seconds]
02:12 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
02:15 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
02:17 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
02:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:24 -!- mode/#openvpn [+o mattock1] by ChanServ
02:49 -!- shio [marmottin@43.188.103.84.rev.sfr.net] has joined #openvpn
03:42 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:45 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
03:55 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:10 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 244 seconds]
04:20 -!- sysrex [~sysrex@78-33-179-130.static.enta.net] has joined #openvpn
04:22 < sysrex> hi guys, I have a question, I am using a vpn server just to connect several other linux servers and clients in one network client-to-client without pushing the routes, just to access the lan resources however even with no-pull option on the client whenever I connect I still the the internal ip routes on the clients
04:41 -!- dazo_afk is now known as dazo
04:50 -!- mescalito [~mescalito@unaffiliated/mescal] has quit [Quit: mescalito]
04:53 -!- sysrex [~sysrex@78-33-179-130.static.enta.net] has quit [Ping timeout: 256 seconds]
04:55 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
04:58 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
04:58 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Remote host closed the connection]
04:59 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
05:04 -!- funkenstrahlen [~pi@auriga.uberspace.de] has quit [Quit: WeeChat 1.1.1]
05:05 -!- bddy [~artemfn@2a02:6b8:0:408:f21f:afff:fe5f:aa6a] has joined #openvpn
05:05 < jimmann> JHartig: i believe you need to push a route to the clients. try looking at the bottom of this page: https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
05:05 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
05:07 < bddy> Hello. I have 2 machines A and B. A is openvpn client, B is openvpn server. There is an IP accessible only from B. When I ping that IP from A, I see that traffic goes to A's tun0 through tcpdump. But on B I don't see that anything is sent to tun0. So packets are lost somewhere between openvpn processing them and tun0. I tcpdump-ed eth0 on B and saw udp packets coming, but openvpn is not injecting them into
05:07 < bddy> tun0. What could be the deal here?
05:10 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
05:10 -!- sysrex [~sysrex@78-33-179-130.static.enta.net] has joined #openvpn
05:12 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
05:24 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lreyfshpzrjkmicn] has joined #openvpn
05:26 -!- toli [~toli@ip-62-235-214-167.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:29 -!- toli [~toli@ip-62-235-242-228.dsl.scarlet.be] has joined #openvpn
05:30 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
05:32 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has quit [Ping timeout: 260 seconds]
05:53 -!- sysrex [~sysrex@78-33-179-130.static.enta.net] has quit [Ping timeout: 264 seconds]
06:07 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
06:18 -!- sysrex [~sysrex@78-33-179-130.static.enta.net] has joined #openvpn
07:06 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:06 -!- mode/#openvpn [+o mattock2] by ChanServ
07:21 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
07:51 -!- pitastrudl [~quassel@unaffiliated/pitastrudl] has left #openvpn ["Bye"]
08:26 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
08:33 -!- Buff|Away is now known as Buffman
08:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
08:42 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:19 -!- tobinski [~tobinski@x2f563e3.dyn.telefonica.de] has joined #openvpn
09:19 -!- tobinski [~tobinski@x2f563e3.dyn.telefonica.de] has quit [Read error: Connection reset by peer]
09:25 -!- Buffman is now known as Buff|Away
09:32 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 245 seconds]
09:32 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 255 seconds]
09:35 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has joined #openvpn
09:35 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Read error: Connection reset by peer]
09:37 -!- sysrex [~sysrex@78-33-179-130.static.enta.net] has quit [Quit: Leaving]
09:39 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has quit [Client Quit]
09:45 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:45 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:50 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
09:53 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
10:00 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
10:02 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has joined #openvpn
10:05 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has quit [Client Quit]
10:06 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
10:06 -!- sysrex [~sysrex@cloud.sysrex.com] has joined #openvpn
10:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:11 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
10:13 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has joined #openvpn
10:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:25 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has quit [Quit: mirco]
10:34 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has joined #openvpn
10:45 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
10:47 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Read error: Connection reset by peer]
10:50 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
10:50 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Read error: Connection reset by peer]
10:51 -!- jimmann [~jimmann@067-060.static.dsl.fonira.net] has quit [Remote host closed the connection]
10:55 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
10:56 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Read error: Connection reset by peer]
10:59 -!- Buff|Away is now known as Buffman
11:01 -!- mirco [~mirco@ip-95-222-250-240.hsi15.unitymediagroup.de] has quit [Quit: mirco]
11:15 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:20 -!- ghoti_ [~paul@hq.experiencepoint.com] has joined #openvpn
11:25 -!- ghoti_ [~paul@hq.experiencepoint.com] has quit [Read error: Connection reset by peer]
11:28 -!- Buffman is now known as Buff|Away
11:44 -!- Buff|Away is now known as Buffman
11:49 -!- Buffman is now known as Buff|Away
12:07 -!- Buff|Away is now known as Buffman
12:13 -!- Buffman is now known as Buff|Away
12:17 -!- dmangot [~dmangot@64-71-13-98.static.wiline.com] has joined #openvpn
12:18 < dmangot> if someone has time, I need a little help connecting to hosts behind the OpenVPN access server I setup on my VPC
12:18 < dmangot> I can ssh/telnet to ports/ping etc from the Access Server to the VPC host
12:18 < dmangot> I can ping the VPC address of the Access Server
12:18 < _FBi> || Access-Server? /join #openvpn-as ||
12:19 < dmangot> sorry, will do
12:19 < _FBi> no worries
12:19 -!- dmangot [~dmangot@64-71-13-98.static.wiline.com] has left #openvpn []
12:32 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
12:39 -!- Buff|Away is now known as Buffman
12:44 -!- Buffman is now known as Buff|Away
12:57 -!- master_o1_master [~master_of@p4FD7B625.dip0.t-ipconnect.de] has joined #openvpn
13:00 -!- master_of_master [~master_of@p4FD7B07A.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
13:11 -!- jge [~jge@unaffiliated/bitfury] has joined #openvpn
13:12 < jge> hey guys, what cert and key is used in openvpn client configs if the server authenticates users only by username/password and not cert/key user pair?
13:13 < jge> would it be the server's cert and key?
13:20 -!- ghoti_ [~paul@hq.experiencepoint.com] has joined #openvpn
13:21 -!- ghoti_ [~paul@hq.experiencepoint.com] has quit [Read error: Connection reset by peer]
13:21 < jge> never mind, you just dont use them.. duh
13:32 -!- jge [~jge@unaffiliated/bitfury] has left #openvpn ["WeeChat 1.0.1"]
13:37 < ayaka> I want to use patch to xor all the openvpn packages, https://github.com/hizukiayaka/openvpn/commit/a38081fcfe0acb39fe841c5ff80cee3adeca3a9e
13:38 <@vpnHelper> Title: the xor obfuscated · hizukiayaka/openvpn@a38081f · GitHub (at github.com)
13:38 < ayaka> but I find the package which will send the sid won't be encrypted
13:39 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
13:39 < ayaka> what make the packages which send sid won't be processed by link_socket_write
13:47 <@ecrist> what?
13:50 -!- dazo is now known as dazo_afk
13:58 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
14:00 -!- bddy [~artemfn@2a02:6b8:0:408:f21f:afff:fe5f:aa6a] has quit [Quit: WeeChat 1.2]
14:04 < ayaka> I use wireshake to capture the packages
14:04 < ayaka> the patch I used won't xor encrypt the packages which sent sid
14:04 <@ecrist> Is that the dance all the kids were doing a couple years ago?
14:04 < ayaka> session id
14:05 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
14:08 < ayaka> sorry, it is not the package send session id
14:13 < ayaka> let me send a snapshot of wireshake
14:20 < ayaka> https://imgur.com/ZwMszMI
14:20 <@vpnHelper> Title: Imgur (at imgur.com)
14:20 -!- jrgcombr [~jrocha@179.34.154.138] has quit [Quit: Leaving]
14:29 <@krzee> does anybody actually use network manager to manage openvpn connections
14:29 <@krzee> ?
14:30 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
14:39 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: leaving]
14:41 <@krzee> i configured a bunch of vpns with it, and used it a little, but now for some reason when i enable one the others are greyed out and cannot be started, then when i use nmcli to start them it kills the first vpn and starts the new one
14:46 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
14:53 -!- bddy [~artemfn@broadband-90-154-64-191.nationalcablenetworks.ru] has joined #openvpn
14:55 < bddy> Hi. I'm trying to have multiple openvpn clients with the same certificate and key. I add duplicate-cn to server config. Also my client-config-dir has iroute abcd::/16 to allow routing everyone. However, when client A connects and then client B connects, client A get disconnected with the following error: MULTI: bad source address from client [here goes A ip]. The error happens when B connects. A and B get
14:55 < bddy> different IPs for their tun0
14:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
15:04 -!- Buff|Away is now known as Buffman
15:04 -!- Buffman is now known as Buff|Away
15:04 -!- Buff|Away is now known as Buffman
15:07 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
16:10 -!- akamaru217 [~akamaru@2601:cd:4001:b705:d404:962a:e988:8211] has quit [Quit: Leaving]
16:13 -!- occupant [~null@207.173.20.37] has joined #openvpn
16:14 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
16:16 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
16:17 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
16:28 < Chex> Hello: I am trying to setup a IPv6 tunnel from a remote VPS with OpenVPN server, to my  Tomato-USB V6 enabled  router/client at home to use a configured /64 network, and I cannot  seem to get the routing configs correct on the router end..
16:28 < Chex> I have server-ipv6 2600:3c03:e001:3800::/64 as my server side network, and the network I  am trying to push over to my  home LAN on the router is 2600:3c03:e001:3801::/64.  But  OpenVPN keeps trying to assign 3800::1 on the remote end tun11 interface,  and I cannot  figure out why. I assume it should be 3800::2 , yes?
17:19 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-cqwddeyupaxupyry] has joined #openvpn
17:21 -!- bddy [~artemfn@broadband-90-154-64-191.nationalcablenetworks.ru] has quit [Quit: WeeChat 1.2]
17:27 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 250 seconds]
17:46 -!- Buffman is now known as Buff|Away
17:46 -!- Buff|Away is now known as Buffman
17:49 -!- toli [~toli@ip-62-235-242-228.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
17:51 -!- toli [~toli@ip-62-235-242-228.dsl.scarlet.be] has joined #openvpn
18:05 -!- Buffman is now known as Buff|Away
18:13 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
18:53 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
19:17 -!- akkad [akkad@166.84.6.60] has quit [Excess Flood]
19:38 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
19:46 -!- wowaname [h@2602:ffb0:4:2:666:1337:dead:beef] has quit [Quit: <3]
19:48 -!- wowaname [h@2602:ffb0:4:2:666:1337:dead:beef] has joined #openvpn
20:17 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 264 seconds]
20:18 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
20:57 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
21:04 -!- lv_ [~lv_@tok.moammo.com] has joined #openvpn
21:04 < lv_> is there anyway to have a client file attempt to connect via udp first and then tcp if fails
21:31 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 246 seconds]
21:31 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
21:33 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
22:05 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Ping timeout: 255 seconds]
22:17 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
22:18 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
23:13 -!- ShadniX [dagger@p5DDFCB13.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:13 -!- ShadniX_ [dagger@p5DDFCBB2.dip0.t-ipconnect.de] has joined #openvpn
23:13 -!- ShadniX_ is now known as ShadniX
23:18 <@krzee> lv_, look into connection blocks
23:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
23:20 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
23:21 <@krzee> in the manual look for <connection>
23:22 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:28 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
--- Day changed Sat Aug 15 2015
00:09 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:55 -!- pepperoni [~pepperoni@unaffiliated/pepperoni] has joined #openvpn
00:57 < pepperoni> just upgraded and openvpn no longer connects, unable to enter user/pass ... http://pastebin.com/TkTTdVqt
00:57 < pepperoni> ideas?
01:00 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
01:30 -!- k0nsl [~k0nsl@209.141.39.33] has quit [Quit: “If we don't believe in freedom of expression for people we despise, we don't believe in it at all — Noam Chomsky”]
01:30 -!- k0nsl [~k0nsl@209.141.39.33] has joined #openvpn
01:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:52 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
02:42 -!- Guest39757 [~hippobott@cpe-76-186-205-111.tx.res.rr.com] has joined #openvpn
03:23 -!- tobinski [~tobinski@x2f5fae5.dyn.telefonica.de] has joined #openvpn
03:23 -!- tobinski [~tobinski@x2f5fae5.dyn.telefonica.de] has quit [Read error: Connection reset by peer]
03:25 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
03:30 -!- tobinski [~tobinski@x2f5fae5.dyn.telefonica.de] has joined #openvpn
03:30 -!- tobinski [~tobinski@x2f5fae5.dyn.telefonica.de] has quit [Read error: Connection reset by peer]
03:30 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:36 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-lzmcwbtusktlaxkw] has quit [Quit: Connection closed for inactivity]
03:49 -!- Cybertinus [~Cybertinu@cybertinus.customer.cloud.nl] has joined #openvpn
03:50 < Cybertinus> !welcome
03:50 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:50 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:50 < Cybertinus> !goal
03:50 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
03:51 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:51 < Cybertinus> ok, clear :). I've got 2 questions:
03:52 < Cybertinus> 1. How important is the index.txt in my keys directory? Because it is a mess atm on my OpenVPN server :P. I've got keys in my keys directory which aren't in the index and I've got keys in de index which aren't in the keys directory :p
03:55 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
03:55 < Cybertinus> 2. I've got 6 servers distributed over 5 datacenters. I want to build 1 OpenVPN network between them, so I can connect from alll servers to all servers :). I've got client-to-client enabled offcourse. But when server 1 is my OpenVPN server and I make a connection from server 2 to server 3, over OpenVPN, how is the trafficflow? Is this directly between server 2 and 3? Or sends server 2 everything to server 1 and server 1 sends it again
03:55 < Cybertinus> to server 3?
03:56 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
04:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
04:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:40 < Cybertinus> !/30
04:40 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
04:40 < Cybertinus> !topology
04:40 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
05:11 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lreyfshpzrjkmicn] has quit [Quit: Connection closed for inactivity]
05:36 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
06:03 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
06:22 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 255 seconds]
06:34 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Remote host closed the connection]
06:36 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
06:37 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
06:39 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
07:00 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
07:02 -!- Tinyyy [d2c108d2@gateway/web/cgi-irc/kiwiirc.com/ip.210.193.8.210] has joined #openvpn
07:03 < Tinyyy> Hey guys, just a question about android OpenVPN clients - there are 2 https://play.google.com/store/apps/details?id=net.openvpn.openvpn and https://play.google.com/store/apps/details?id=de.blinkt.openvpn
07:03 < Tinyyy> Both of them seem to be endorsed by OpenVPN, so what’s the difference between them and which one should I get?
07:04 < Tinyyy> !android
07:05 <@vpnHelper> "android" is (#1) available as OpenVPN for Android as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html or (#2) Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android or (#3) Old (pre-ICS) device? See !android-old
07:05 < Tinyyy> !android-old
07:05 <@vpnHelper> "android-old" is (#1) If you do not have cyanogenmod or ICS, but your device is rooted, you can use android-openvpn-installer and openvpn-settings from the market or (#2) Standalone OpenVPN binaries (expert users only) for Android are also available at http://plai.de/android/standalone-binaries.tar
07:07 < Tinyyy> sorry, I still can’t tell the difference
07:27 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ozhvmyldbcavcxqk] has joined #openvpn
07:27 -!- GLaDER [~GLaDER@gladernet.csbnet.se] has joined #openvpn
07:28 < GLaDER> I'm having issues connectiong to my OpenVPN-server. It seems to be the TSL-handshake that's the problem but I am unable to find additional things to try. Suggestions?
07:58 -!- Tinyyy [d2c108d2@gateway/web/cgi-irc/kiwiirc.com/ip.210.193.8.210] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
08:07 -!- SineDeviance [~quassel@2602:306:3908:8eb0:649f:1732:c70e:ae1b] has quit [Ping timeout: 246 seconds]
08:09 -!- SineDeviance [~quassel@2602:306:3908:8eb0:c981:1918:db2b:ed5] has joined #openvpn
08:59 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
08:59 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:39 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:40 -!- Tinyyy [8a4bb86e@gateway/web/cgi-irc/kiwiirc.com/ip.138.75.184.110] has joined #openvpn
09:41 -!- Tinyyy [8a4bb86e@gateway/web/cgi-irc/kiwiirc.com/ip.138.75.184.110] has quit [Client Quit]
09:42 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
09:45 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
10:01 -!- zeroZshadow [~quassel@unaffiliated/zerozshadow] has joined #openvpn
10:01 < zeroZshadow> !welcome
10:01 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
10:01 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:02 < zeroZshadow> Hi there
10:02 < zeroZshadow> I would love some advice for using TAP from C++
10:02 < zeroZshadow> if this is the right channel for that
10:06 -!- sklv [~sklv@80.229.16.48] has joined #openvpn
10:16 -!- akamaru217 [~akamaru@2601:cd:4001:b705:95b3:7111:f882:1da7] has joined #openvpn
10:59 < ayaka> I use the wireshake to capture the packages of openvpn, https://imgur.com/ZwMszMI I would see the message fo0...1409091221 every time
10:59 <@vpnHelper> Title: Imgur (at imgur.com)
10:59 < ayaka> what is it, does some verify information about ssl?
11:13 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
11:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:06 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
12:15 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Ping timeout: 240 seconds]
12:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
12:21 -!- netprince_ [~chatzilla@ip70-188-61-95.rn.hr.cox.net] has joined #openvpn
12:24 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
12:25 < netprince_> Can anyone give me a clue what to check with this error?  I've been stuck on this for a couple days now: http://pastebin.com/AyxmnUbu
12:25 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
12:25 < netprince_> Its got to be an openssl compatibility issue is my best guess
12:32 < netprince_> dont know what steps to take next
12:35 < netprince_> certs verify OK, but TLS communication fails
12:53 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
12:58 -!- master_of_master [~master_of@p4FF24348.dip0.t-ipconnect.de] has joined #openvpn
13:01 -!- master_o1_master [~master_of@p4FD7B625.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
13:17 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 256 seconds]
13:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
13:22 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
13:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:57 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:11 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
14:18 < netprince_> head hurts, need a break
14:40 -!- zeroZshadow [~quassel@unaffiliated/zerozshadow] has left #openvpn ["part"]
14:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
14:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
15:02 < Eugene> ayaka - what's your CRT look like?
15:09 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
15:16 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-cunimeucvnkjkrel] has joined #openvpn
15:33 < ayaka> Eugene, http://paste.fedoraproject.org/255513/14396707
15:38 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:40 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:42 < Eugene> See kozue.soulik.info? THat's the cert going across is all
15:52 < ayaka> Eugene, so it is just the whole cert file?
16:03 -!- netprince_ [~chatzilla@ip70-188-61-95.rn.hr.cox.net] has quit [Ping timeout: 255 seconds]
16:06 -!- ayaka [~ayaka@121.204.58.68] has quit [Ping timeout: 244 seconds]
16:08 -!- u0m3 [~u0m3@92.80.98.39] has joined #openvpn
16:14 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
16:21 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
16:24 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
16:32 -!- netprince_ [~chatzilla@ip70-188-61-95.rn.hr.cox.net] has joined #openvpn
16:34 -!- u0m3 [~u0m3@92.80.98.39] has quit [Quit: Leaving]
16:36 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:38 < DzAirmaX> hey guyz
16:41 -!- novaflash is now known as novaflash_away
16:41 < DzAirmaX> I have a pb, I want all the traffic going to 127.0.0.1 not redirected on the openvpn server
16:41 < DzAirmaX> how can I do that ?
16:49 -!- akamaru217 [~akamaru@2601:cd:4001:b705:95b3:7111:f882:1da7] has quit [Ping timeout: 246 seconds]
16:58 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 246 seconds]
16:58 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
17:00 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Client Quit]
17:00 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
17:11 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 260 seconds]
17:17 < DzAirmaX> no one around ?
17:22 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
17:27 -!- toli [~toli@ip-62-235-242-228.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:29 -!- toli [~toli@ip-62-235-241-125.dsl.scarlet.be] has joined #openvpn
17:33 < Chex> DzAirmaX: not really
17:35 -!- fryguy [~fryguy@bryanalves-1-pt.tunnel.tserv4.nyc4.ipv6.he.net] has joined #openvpn
17:40 < DzAirmaX> route 127.0.0.1 255.255.255.255 net_gateway
17:40 < DzAirmaX> is that good ?
17:46 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: leaving]
18:06 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b4f5:adcf:8d4f:b2d6] has joined #openvpn
18:29 < DzAirmaX> still nobody ?
18:31 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-cqwddeyupaxupyry] has quit [Quit: Connection closed for inactivity]
18:45 < netprince_> 127.0.0.1 is localhost only, sounds like something isn't setup right
19:01 -!- eblip [~ebot@unaffiliated/eblip] has joined #openvpn
19:01 < eblip> hey i made some simple mods forget what they were but now my server has tun 0 ip address of 172.22.33.1  but also states destination 172.22.33.2
19:01 < eblip> my client has tun 0 172.22.33.6
19:02 < eblip> how can that be
19:02 < eblip> i expected the client to have 172.22.33.2
19:17 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
19:32 < DzAirmaX> netprince_ : hmmm, the packets are not going to 127.0.0.1 when openvpn lcient is up on the machine
19:33 < DzAirmaX> netprince_ : when I stop it everything works ...
20:02 < eblip> this is hard work in here ..not much action
20:02 < eblip> does anyone know how to get rid of any persistent dhcp ip addresses used by openvpn
20:03 < eblip> ls
20:05 -!- netprince_ [~chatzilla@ip70-188-61-95.rn.hr.cox.net] has quit [Ping timeout: 265 seconds]
20:07 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has quit [Ping timeout: 256 seconds]
20:15 -!- eblip [~ebot@unaffiliated/eblip] has left #openvpn ["WeeChat 1.1.1"]
20:42 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
21:04 -!- mickeys [~methods@2601:547:f02:ad30:e206:e6ff:fec9:e2b9] has joined #openvpn
21:20 -!- Buff|Away is now known as Buffman
21:26 -!- Buffman is now known as Buff|Away
21:28 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
21:41 -!- AMERICAN_PSYCHO [~AMERICAN_@173.sub-70-196-6.myvzw.com] has joined #openvpn
22:02 -!- Guest39757 [~hippobott@cpe-76-186-205-111.tx.res.rr.com] has quit [Ping timeout: 246 seconds]
22:08 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
22:26 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-cunimeucvnkjkrel] has quit [Quit: Connection closed for inactivity]
22:31 -!- mickeys [~methods@2601:547:f02:ad30:e206:e6ff:fec9:e2b9] has quit [Remote host closed the connection]
22:33 -!- pepperoni [~pepperoni@unaffiliated/pepperoni] has quit [Quit: leaving]
23:11 -!- ShadniX [dagger@p5DDFCBB2.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:11 -!- ShadniX [dagger@p5DDFDB2B.dip0.t-ipconnect.de] has joined #openvpn
23:14 -!- AMERICA__ [~AMERICAN_@94.sub-70-196-1.myvzw.com] has joined #openvpn
23:14 -!- AMERICAN_PSYCHO [~AMERICAN_@173.sub-70-196-6.myvzw.com] has quit [Ping timeout: 255 seconds]
23:16 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
23:17 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 250 seconds]
23:35 -!- wowaname is now known as freebsdgirl
23:51 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
23:51 -!- eliasp [~quassel@HSI-KBW-078-043-113-201.hsi4.kabel-badenwuerttemberg.de] has quit [Ping timeout: 260 seconds]
--- Day changed Sun Aug 16 2015
00:10 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:48 -!- Sevalecan [~sevalecan@allegro/user/Sevalecan] has joined #openvpn
01:13 < Sevalecan> alright, apparently I can never google the right words for what I want... I have a server, I use openvpn for outgoing connections sometimes. However, once OpenVPN is running, I can no longer complete an incoming connection via my port forwards from the WAN to my LAN ip... And there are threads talking about routing that just confuse me, because I don't think they're talking about the same thing.
01:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:20 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:20 -!- mode/#openvpn [+o mattock1] by ChanServ
01:33 < Sevalecan> oh, I see.. the VPN server is pushing the config that screws me up I bet :P
01:35 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
01:37 -!- freebsdgirl is now known as wowaname
01:56 < Sevalecan> oh god I got it working
02:01 -!- RandomName12345 [~TikityTik@162.223.44.49] has joined #openvpn
02:03 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Disconnected by services]
02:04 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
02:05 -!- mode/#openvpn [+o vpnHelper] by ChanServ
02:05 -!- Matir_ [~matir@ubuntu/member/matir] has joined #openvpn
02:05 -!- jeev_ [~j@unaffiliated/jeev] has joined #openvpn
02:05 -!- lbft_ [~lbft@unaffiliated/lbft] has joined #openvpn
02:06 -!- ltd_ [z@tyl.wires.net.au] has joined #openvpn
02:06 -!- ntio1 [~ntio@unaffiliated/ntio] has joined #openvpn
02:06 -!- afics_ [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
02:06 -!- cyberspace- [20253@ninthfloor.org] has quit [Disconnected by services]
02:06 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
02:06 -!- c|oneman [cloneman@1337.montrealdark.com] has quit [Ping timeout: 255 seconds]
02:06 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 255 seconds]
02:06 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 255 seconds]
02:06 -!- phantomcircuit [~phantomci@smartcontracts.us] has quit [Ping timeout: 255 seconds]
02:06 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 255 seconds]
02:06 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 255 seconds]
02:06 -!- ltd [z@tyl.wires.net.au] has quit [Ping timeout: 255 seconds]
02:06 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has quit [Ping timeout: 255 seconds]
02:06 -!- AMERICA__ [~AMERICAN_@94.sub-70-196-1.myvzw.com] has quit [Ping timeout: 255 seconds]
02:06 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Ping timeout: 255 seconds]
02:06 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
02:06 -!- zpatten [~zpatten@unaffiliated/zpatten] has quit [Ping timeout: 255 seconds]
02:06 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 255 seconds]
02:06 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 255 seconds]
02:06 -!- nullsign [~nullsign@tyrion.nullsign.com] has quit [Ping timeout: 255 seconds]
02:06 -!- Matir [~matir@ubuntu/member/matir] has quit [Ping timeout: 255 seconds]
02:06 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Ping timeout: 255 seconds]
02:06 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Ping timeout: 255 seconds]
02:06 -!- lbft_ is now known as lbft
02:07 -!- phantomcircuit_ [~phantomci@smartcontracts.us] has joined #openvpn
02:07 -!- doop [~doop@colostomy.club] has joined #openvpn
02:07 -!- RandomName12345 [~TikityTik@162.223.44.49] has quit [Quit: Turning IRC client off]
02:07 -!- RandomName12345 [~TikityTik@162.223.44.49] has joined #openvpn
02:07 -!- RandomName12345 is now known as TikityTik
02:07 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
02:08 < Sevalecan> so basically, as I understand it, the way PIA sets up routes, if I get an incoming connection from the internet through my WAN and not the VPN, it tries to route a response through the VPN? Which seems stupid and I'm open to the idea of saying I don't understand what the hell's going on
02:08 < Sevalecan> but I made a separate routing table and that works :P
02:08 -!- afics_ is now known as afics
02:09 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
02:19 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: leaving]
02:30 -!- wowaname is now known as kraken
02:30 -!- kraken is now known as wowaname
02:59 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
03:45 -!- lamppid [~lammpid@25.24.38.86.mobile.mezon.lt] has joined #openvpn
03:45 < lamppid> Maybe anyone know free working vpn ?
03:53 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Quit: Turning IRC client off]
03:54 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
04:03 -!- lamppid [~lammpid@25.24.38.86.mobile.mezon.lt] has quit [Ping timeout: 240 seconds]
04:12 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:23 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
04:51 < wowaname> lol
05:01 -!- wowaname is now known as freebsdgirl
05:03 -!- freebsdgirl is now known as wowaname
05:10 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
05:10 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
05:12 < ender|> Sevalecan: don't use redirect gateway function in openvpn
05:12 < ender|> just route the subnets you need
05:20 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
05:22 -!- apollo2k is now known as aPollO2k
05:44 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Quit: Quit.]
05:45 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
05:58 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:02 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b4f5:adcf:8d4f:b2d6] has quit [Quit: Leaving]
06:11 -!- wowaname is now known as garyniger
06:12 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 240 seconds]
06:13 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
06:15 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
06:15 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Excess Flood]
06:15 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
06:15 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Excess Flood]
06:17 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
06:44 -!- aPollO2k is now known as apollo2k
07:50 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-opiovgeeqzuuhxqz] has joined #openvpn
08:19 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
08:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:02  * Bl4ckD34Th Z`back
10:04 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
11:04 -!- nemo_fish [~inzanez@dslb-094-219-007-084.094.219.pools.vodafone-ip.de] has joined #openvpn
11:05 -!- nemo_fish [~inzanez@dslb-094-219-007-084.094.219.pools.vodafone-ip.de] has quit [Client Quit]
11:21 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
11:25 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
11:27 < sklv> hi, how can i generate an intermediate certificate with easyrsa3? the build-inter option doesn't seem to be there
11:27 < sklv> i am referring to https://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html
11:27 <@vpnHelper> Title: RSA Key Management (at openvpn.net)
11:33 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:00 -!- novaflash_away is now known as novaflash
12:27 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
12:56 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 240 seconds]
12:56 -!- mumixam [~m@unaffiliated/mumixam] has quit [Remote host closed the connection]
12:57 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
12:58 -!- master_o1_master [~master_of@p4FD7B0B0.dip0.t-ipconnect.de] has joined #openvpn
13:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:00 -!- mode/#openvpn [+o mattock1] by ChanServ
13:01 -!- master_of_master [~master_of@p4FF24348.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
13:08 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
13:11 -!- ayaka [~ayaka@110.80.164.12] has joined #openvpn
13:12 -!- Buff|Away is now known as Buffman
13:12 -!- Buffman is now known as Buff|Away
13:12 -!- Buff|Away is now known as Buffman
13:20 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: leaving]
13:23 -!- Buffman is now known as Buff|Away
13:39 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
13:39 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
13:41 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
13:48 -!- FreezingAlt is now known as [nickser
13:49 -!- [nickser is now known as nlckserv]
13:50 -!- nlckserv] is now known as FreezingAlt
13:56 < Eugene> Sevalecan - that's exactly what is happening; by default everything uses the "default" routing table
13:57 < Eugene> If you want to do split routing you need to set up a rule that says "respond to traffic on interface X by using this routing table"; that routing table should say to use only interface X
13:59 -!- dimm0k_ [6c060b2b@gateway/web/freenode/ip.108.6.11.43] has joined #openvpn
13:59 < dimm0k_> hi guys
14:00 < dimm0k_> whenever i start the openvpn server, i get the following messages at the console... any ideas why?
14:00 < dimm0k_> TLS Error: incoming packet authentication failed from xxx.xxx.xxx.xxx:XXX Authenticate/Decrypt packet error: packet HMAC authentication failed
14:00 < dimm0k_> no clients have even connected yet...
14:14 < Thermi> dimm0k_: Isn't it obvious from the message?
14:15 < dimm0k_> Thermi: not to me... i thought this message only occurs when a client attempts to connect?
14:16 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:16 < Thermi> It occurs every time a packet without a correct HMAC is received.
14:17 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 0.4.3]
14:17 < dimm0k_> Thermi: is this something i can fix on the server end?
14:25 < Thermi> dimm0k_: I don't understand what you want to achieve or if you have a concrete problem with connecting clients to the server, that you want to "fix" this?
14:29 < dimm0k_> Thermi: i'm just getting these messages on the console after starting openvpn... apparently not logged anywhere else
14:29 < dimm0k_> no clients have tried connecting to this server yet... so i'm curious as to why these messages are showing...
14:30 < Thermi> Because something tried to connect otthe openvpn server, but it didn't have a correct hmac. Is that difficult to understand?
14:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
14:48 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
15:01 -!- ev0r [~ev0r@148.0.59.204] has joined #openvpn
15:02 < ev0r> !welcome
15:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
15:02 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:02 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
15:03 < ev0r> !howto
15:03 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
15:10 -!- ev0r [~ev0r@148.0.59.204] has quit [Quit: brb]
15:23 -!- Buff|Away is now known as Buffman
15:27 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
15:30 -!- Buffman is now known as Buff|Away
15:30 -!- dimm0k_ [6c060b2b@gateway/web/freenode/ip.108.6.11.43] has quit [Quit: Page closed]
15:41 < Sevalecan> Eugene: yep, that is what I managed to do
15:41 < Sevalecan> so I'm happy
15:41 < Sevalecan> but cool, thanks for confirming my theory
15:53 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Quit: ZNC - http://znc.in]
16:01 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
16:08 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:10 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 260 seconds]
16:13 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Remote host closed the connection]
16:19 -!- IamError is now known as justbidness
16:20 -!- justbidness is now known as IamError
16:20 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
16:22 -!- Gwoplock [~quassel@104.56.172.189] has quit [Ping timeout: 252 seconds]
16:24 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 250 seconds]
16:25 -!- tristan_c [~tristan_c@host86-153-121-172.range86-153.btcentralplus.com] has joined #openvpn
16:35 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Reboot? Or did my jail(8) just die?]
16:36 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
16:36 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
16:36 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
16:38 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
16:40 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 244 seconds]
16:46 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
17:13 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
17:21 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
17:30 -!- toli [~toli@ip-62-235-241-125.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:34 < DzAirmaX> hi guys
17:35 < DzAirmaX> one question about the AES-NI capable hardware
17:35 <+esde> ask it
17:35 < DzAirmaX> is it necessary to add the --engine aesni line with OpenSSL > 1.0.0 ?
17:37 <+esde> reminder, this is openvpn not openssl
17:37 < DzAirmaX> =>> https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux ?
17:37 <@vpnHelper> Title: Gigabit_Networks_Linux – OpenVPN Community (at community.openvpn.net)
17:37 < DzAirmaX> when I add the line in the server.conf it can start
17:38 < DzAirmaX> cannot start*
17:38  * esde shrugs
17:38 -!- toli [~toli@ip-62-235-197-96.dsl.scarlet.be] has joined #openvpn
17:39 < DzAirmaX> because AES-NI dosnt show up in openssl engine since patch 1.0.1
17:39 < DzAirmaX> even if activated ...
17:45 < DzAirmaX> ?
17:56 -!- SineDeviance [~quassel@2602:306:3908:8eb0:c981:1918:db2b:ed5] has quit [Ping timeout: 244 seconds]
17:57 -!- SineDeviance [~quassel@2602:306:3908:8eb0:104d:f2c2:43e9:8306] has joined #openvpn
17:59 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
18:15 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
18:20 -!- phantomcircuit_ is now known as phantomcircuit
18:29 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 240 seconds]
18:45 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
18:52 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
19:22 -!- nutron [~nutron@unaffiliated/nutron] has quit [Read error: Connection reset by peer]
19:31 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:39 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
19:40 < ki7rw> http://ubuntuforums.org/showthread.php?t=1660520&page=4&p=13339625#post13339625
19:40 -!- Buff|Away is now known as Buffman
19:40 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.2]
19:41 -!- Buffman is now known as Buff|Away
19:41 -!- Buff|Away is now known as Buffman
19:43 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
19:44 -!- Buffman is now known as Buff|Away
19:54 -!- dimm0k [~dimm0k@unaffiliated/dimm0k] has joined #openvpn
19:56 < DzAirmaX> esde : found the solution xD
19:56 < dimm0k> i have an openvpn server set up using key auth... client set up as well, and while the client can connect to the server, i'm having difficulties authenticating...
19:56 < DzAirmaX> esde : I guess the command --engine aesni is obsolete
19:56 < dimm0k> i'm getting the following on the client end
19:57 < dimm0k> Sun Aug 16 20:33:35 2015 SENT CONTROL [quadrant]: 'PUSH_REQUEST' (status=1)
19:57 < dimm0k> Sun Aug 16 20:33:35 2015 AUTH: Received control message: AUTH_FAILED
19:57 < dimm0k> Sun Aug 16 20:33:35 2015 SIGTERM[soft,auth-failure] received, process exiting
19:57 < dimm0k> any suggestions on what might be wrong here?
19:57 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
19:59 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 244 seconds]
19:59 -!- trumee_ is now known as trumee
20:02 -!- SineDeviance [~quassel@2602:306:3908:8eb0:104d:f2c2:43e9:8306] has quit [Ping timeout: 244 seconds]
20:03 -!- SineDeviance [~quassel@2602:306:3908:8eb0:104d:f2c2:43e9:8306] has joined #openvpn
20:07 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 260 seconds]
20:28 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
20:30 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
20:31 < n-st> !welcome
20:31 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
20:31 < n-st> !goal
20:31 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:31 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
20:33 < n-st> hmm, i was hoping i could query vpnHelper without spamming the channel…
20:34 < n-st> oh well…
20:34 < n-st> !route
20:34 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
20:34 < n-st> !redirect
20:34 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
20:34 < n-st> !man
20:34 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
20:34 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
20:34 < n-st> !/30
20:34 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
20:34 < n-st> !topology
20:34 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
20:34 < n-st> !iporder
20:34 <@vpnHelper> "iporder" is (#1) OpenVPN's internal client IP address selection algorithm works as follows: 1 -- Use --client-connect script generated file for static IP (first choice). or (#2) Use --client-config-dir file for static IP (next choice) !static for more info or (#3) Use --ifconfig-pool allocation for dynamic IP (last choice) or (#4) if you use --ifconfig-pool-persist see !ipp
20:35 < n-st> !clientlan
20:35 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
20:35 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
20:35 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
20:36 < dimm0k> any of this for me??
20:36 < n-st> dimm0k: huh?
20:38 < n-st> alright, those factoids should come in handy
20:40 < n-st> one thing i still can't wrap my head around: https://community.openvpn.net/openvpn/wiki/IPv6 says you need a "routed IPv6 network block" to provide ipv6 addresses to the clients -- what exactly is a *routed* block?
20:40 <@vpnHelper> Title: IPv6 – OpenVPN Community (at community.openvpn.net)
20:42 < n-st> i would guess that "routed" in this context means that everything addressed to the block is sent to a certain address (possibly outside the block) even if it hasn't advertised the specific addresses inside the routed block. does that about cover it?
20:43 < dimm0k> n-st: i'm having difficulties connecting to my openvpn... not sure if it's the server keys are fucked or the client or if i missed a step and they're both wrong
20:45 < n-st> dimm0k: i guess there should be something useful somewhere in the logs, but i've spent less than a day with openvpn so far, so i might be the wrong person to ask ;)
20:47 -!- SineDeviance [~quassel@2602:306:3908:8eb0:104d:f2c2:43e9:8306] has quit [Ping timeout: 246 seconds]
20:48 < dimm0k> =(
20:49 -!- SineDeviance [~quassel@2602:306:3908:8eb0:104d:f2c2:43e9:8306] has joined #openvpn
20:50 < dimm0k> interesting... if i remove ccd-exclusive on the server, it works
20:51 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
20:51 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
21:03 -!- ev0r [~ev0r@184.170.129.124] has joined #openvpn
21:08 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
21:09 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 245 seconds]
21:09 -!- trumee_ is now known as trumee
21:19 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
21:25 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
21:34 -!- jeev_ is now known as jeev
21:53 < ev0r> quick question, how often does the data cap on PrivateTunnel regenerates?
21:54 < _FBi> no idea
21:54 -!- ev0r [~ev0r@184.170.129.124] has quit [Quit: brb]
21:55 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
21:55 -!- ev0r [~ev0r@184.170.129.124] has joined #openvpn
22:06 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 260 seconds]
22:06 -!- Buff|Away is now known as Buffman
22:07 -!- Buffman is now known as Buff|Away
22:07 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
22:11 < dimm0k> where should the ccd folder be located exactly, when chroot is enabled on the server config?
22:13 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:14 < dimm0k> i've always had it in /etc/openvpn/jail/ccd
22:14 < dimm0k> but with chroot enabled, it can't find ccd anymore
22:15 -!- ev0r [~ev0r@184.170.129.124] has quit [Changing host]
22:15 -!- ev0r [~ev0r@unaffiliated/ev0r] has joined #openvpn
22:19 -!- ev0r [~ev0r@unaffiliated/ev0r] has quit [Quit: brb]
22:25 -!- phantomcircuit [~phantomci@smartcontracts.us] has quit [Ping timeout: 244 seconds]
22:30 -!- phantomcircuit [~phantomci@smartcontracts.us] has joined #openvpn
22:49 -!- dimm0k [~dimm0k@unaffiliated/dimm0k] has quit [Ping timeout: 260 seconds]
22:52 -!- dimm0k [~dimm0k@unaffiliated/dimm0k] has joined #openvpn
22:53 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Leaving]
23:04 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
23:04 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Read error: Connection reset by peer]
23:06 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
23:11 -!- ShadniX [dagger@p5DDFDB2B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:12 -!- ShadniX_ [dagger@p5DDFD666.dip0.t-ipconnect.de] has joined #openvpn
23:12 -!- ShadniX_ is now known as ShadniX
23:18 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 246 seconds]
23:25 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
23:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:54 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 246 seconds]
23:57 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Mon Aug 17 2015
00:29 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
00:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:35 -!- mode/#openvpn [+o mattock1] by ChanServ
01:34 -!- garyniger is now known as wowaname
01:37 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
01:43 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
01:52 -!- tristan_c [~tristan_c@host86-153-121-172.range86-153.btcentralplus.com] has quit []
01:56 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-opiovgeeqzuuhxqz] has quit [Quit: Connection closed for inactivity]
01:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:11 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
02:27 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:32 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
02:43 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
02:44 -!- wowaname [h@2602:ffb0:4:2:666:1337:dead:beef] has quit [Quit: <3]
02:46 -!- wowaname [h@love.wowana.me] has joined #openvpn
02:54 -!- Fiacha [6d47db37@gateway/web/freenode/ip.109.71.219.55] has joined #openvpn
02:59 < Fiacha> Hi! I have a open vpn client setup such that it automatically connects to a server. It currently routes all traffic through the tunnel (which I wanted previously) . However, now i don't want it to be the (default?) gateway. How can i set that? I remember the setting the server to push the gateway? I dont' want to change the server settings since i want to use it for other clients as is. Is there a way to disable being main gateway vi
03:00 < Fiacha> --route-nopull
03:00 < Fiacha> oh wow, why can i only find stuff after i ask here >_<
03:17 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
03:20 -!- nemo_fish [~nemo_fish@tmo-113-69.customers.d1-online.com] has joined #openvpn
03:20 < nemo_fish> helo
03:22 < nemo_fish> I just installed OpenVPN one week ago to replace our existing Fortinet VPN. Now, we're having internal DNS servers inside the network the VPN connects to, which resolves internal DNS names. That DNS Server is not allowed to resolve public names, so no connection to the internet. The issues I have now: When resolving an external address like "google.com", query goes to internal DNS first, so it takes quite a long time resolve the
03:22 < nemo_fish> address on the client...
03:23 -!- Fiacha [6d47db37@gateway/web/freenode/ip.109.71.219.55] has quit [Quit: Page closed]
03:23 < nemo_fish> Is there anything else than allowing the internal DNS servers to forward the query to a public one that would resolve this issue?...
03:32 <@plaisthos> nemo_fish: for most client OS, no
03:32 <@plaisthos> but that is indepent of your VPN solution
03:32 < nemo_fish> plaisthos: Hm,...I wonder why this was never an issue when we were using Forti,...:-/
03:32 <@plaisthos> nemo_fish: did the fortinet also set a client DNS server?
03:33 < nemo_fish> plaisthos, yes, the same I'm using now with OpenVPN, at least that's what I've been told :-)
03:34 < nemo_fish> plaisthos, I already thought about opening the internal DNS servers to the internet, but I'd like to minimize the risk of DNS tunnels to the outside, so...easiest way would be just to deny DNS traffic :-)
04:27 -!- apollo2k is now known as aPollO2k
04:29 -!- nemo_fish [~nemo_fish@tmo-113-69.customers.d1-online.com] has quit [Ping timeout: 256 seconds]
04:33 -!- Changer90 [~quassel@217.160.177.68] has joined #openvpn
04:34 -!- Changer90 [~quassel@217.160.177.68] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
04:54 -!- Haigha [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
04:55 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
04:55 -!- Haigha [~root@2001:bc8:348c:100::1] has quit [Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac]
04:55 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
05:09 -!- loeken [~lknfree@u.internetz.me] has joined #openvpn
05:14 -!- dazo_afk is now known as dazo
05:19 -!- steveeJ [~steveeJ@virthost3.stefanjunker.de] has joined #openvpn
05:21 < steveeJ> hey there, seems like openvpn service on windows ignores my config, as the management port is not listed with netstat
05:21 < steveeJ> do I have to point the service to *.ovpn files when they're in subdirs of the config dir?
05:23 < steveeJ> indeed, moving them to config/ directly works as intended
05:31 -!- aPollO2k is now known as apollo2k
06:08 -!- apollo2k is now known as aPollO2k
06:23 < dimm0k> hrmm, i'm having difficulties seeing the connecting client from the server LAN... any suggestions?
06:23 -!- frank_zhou [PUYLEI@175.162.172.181] has joined #openvpn
06:23 < dimm0k> client can see the server LAN... but not vice versa
06:26 <@plaisthos> !iroute
06:26 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
06:26 <@plaisthos> hm no wrong
06:26 <@plaisthos> but you need to make sure that routes are set correctly
06:36 < dimm0k> so it's not iroute related?
06:41 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-vkasfftnzzsjoyfu] has joined #openvpn
06:46 -!- frank_zhou [PUYLEI@175.162.172.181] has quit [Quit: Leaving]
06:51 < dimm0k> !route
06:51 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
06:51 <@vpnHelper> client
07:21 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
07:22 <@ecrist> nemo_fish's DNS setup souds odd
07:22 <@ecrist> those internal servers should at least have forwarders
07:31 <@plaisthos> Windows hosts are somehow able to have internal+external dns work with that
07:37 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
07:38 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
07:46 < toli> guys, am having issues with three of my windows 7 clients, passing thru a proxy. whenever they loose connection, they never reconnect, here is the config http://dpaste.com/323J27S
07:46 < toli> those are the only ones not reconnecting after connection loos
07:46 < toli> and the only ones uses proxy!
07:47 < toli> is there a  bug if we use a proxy?
07:51 -!- john_jjj [5983701d@gateway/web/freenode/ip.89.131.112.29] has joined #openvpn
07:52 < john_jjj> Hi. I'm having issues using the 'auto-nct' auth param for setting an http-proxy in OpenVPN 2.3.8. The server complains that the authentication method doesn't exist - anyone have any ideas ?
07:53 < toli> john_jjj, show your config
07:55 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
07:57 < john_jjj> toli: http://pastebin.com/ZPP17yFG
07:59 < toli> did you tried to use (ntlm)? --> http-proxy 10.10.10.10 8080 /tmp/proxypass ntlm
08:03 < toli> my problem is solved after adding the line "http-proxy-retry"
08:04 < john_jjj> toli: havnt tried yet - i want the auto-nct functionality though. any ideas why that isnt working ?
08:23 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
08:32 < john_jjj> toli - both auto and auto-nct don't work, ntlm does
08:34 -!- steveeJ [~steveeJ@virthost3.stefanjunker.de] has left #openvpn ["Leaving"]
08:42 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
08:45 -!- Buff|Away is now known as Buffman
08:46 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-vkasfftnzzsjoyfu] has quit [Quit: Connection closed for inactivity]
08:48 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
08:49 -!- Buffman is now known as Buff|Away
08:49 -!- Buff|Away is now known as Buffman
08:51 -!- Buffman is now known as Buff|Away
09:03 -!- tumeric [~j@62.210.109.186] has joined #openvpn
09:03 < tumeric> Hi guys :)
09:03 < tumeric> I have a VPS with only one IP and a few VMS inside, NATTED
09:04 < tumeric> I want to install open on one of the natted vms and i want to forward all the traffic coming from outside (vpn client) on openvpn default port to this vm
09:04 < tumeric> what is the best way to do this?
09:05 -!- jrgcombr [~jrgcombr@179.34.154.138] has joined #openvpn
09:05 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:05 -!- Buff|Away is now known as Buffman
09:06 -!- Buffman is now known as Buff|Away
09:06 < tumeric> !welcome
09:06 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
09:06 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:07 < tumeric> !route
09:07 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
09:07 <@vpnHelper> client
09:11 -!- jrgcombr_ [~jrgcombr@179.34.154.138] has joined #openvpn
09:11 -!- jrgcombr_ [~jrgcombr@179.34.154.138] has quit [Client Quit]
09:11 -!- jrgcombr [~jrgcombr@179.34.154.138] has quit [Quit: Leaving]
09:11 -!- jrgcombr [~jrgcombr@179.34.154.138] has joined #openvpn
09:20 -!- tristan_c [~tristan_c@host86-153-121-172.range86-153.btcentralplus.com] has joined #openvpn
09:33 -!- tristan_c [~tristan_c@host86-153-121-172.range86-153.btcentralplus.com] has quit []
09:54 -!- aPollO2k is now known as apollo2k
10:08 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
10:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:51 -!- tumeric [~j@62.210.109.186] has quit [Quit: WeeChat 1.2]
10:54 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:55 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
10:59 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
11:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:05 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:07 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
11:08 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
11:13 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
11:23 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
11:25 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Remote host closed the connection]
11:27 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:30 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
11:30 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
11:36 -!- dvlwrk [~ryand@50-204-243-38-static.hfc.comcastbusiness.net] has joined #openvpn
11:47 -!- FreezingAlt [uid105316@gateway/web/irccloud.com/x-rjrzpmsvcdqgkmcd] has joined #openvpn
11:49 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:53 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
11:53 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
12:00 -!- dimmATwerk [~dimm0k@unaffiliated/dimm0k] has joined #openvpn
12:00 < dimmATwerk> !route
12:00 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:00 <@vpnHelper> client
12:11 < dimmATwerk> !serverlan
12:11 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
12:17 -!- _cmd__ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
12:27 -!- john_jjj [5983701d@gateway/web/freenode/ip.89.131.112.29] has quit [Ping timeout: 246 seconds]
12:30 -!- _cmd__ is now known as _cmd_
12:31 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:32 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:32 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
12:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:35 -!- mode/#openvpn [+o mattock1] by ChanServ
12:36 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has joined #openvpn
12:36 -!- jrgcombr__ [~jrgcombr@179.34.154.138] has joined #openvpn
12:38 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
12:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:39 -!- jrgcombr [~jrgcombr@179.34.154.138] has quit [Ping timeout: 265 seconds]
12:40 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has quit [Ping timeout: 265 seconds]
12:43 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
12:44 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:45 < dimmATwerk> !ccd
12:45 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
12:49 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
12:50 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:52 < dimmATwerk> where should the ccd folder actually be located if one were to use chroot?
12:53 < dimmATwerk> originally i had it in /etc/openvpn/jail/ccd, chroot'd /etc/openvpn/jail in the server.conf, but doing so blocks off access to the ccd folder unless i also have a copy of the ccd folder in /etc/openvpn
12:54 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
12:55 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
12:56 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 265 seconds]
12:56 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:59 -!- master_of_master [~master_of@p4FD7B731.dip0.t-ipconnect.de] has joined #openvpn
13:01 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
13:02 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:02 -!- master_o1_master [~master_of@p4FD7B0B0.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
13:05 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
13:06 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
13:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:13 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
13:14 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
13:19 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:25 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
13:25 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:28 -!- ka24 [~ka24@gwdt10r1.uptel.com] has joined #openvpn
13:29 -!- ka24 is now known as Guest78344
13:30 -!- ka24 [~ka24@gwdt10r1.uptel.com] has joined #openvpn
13:30 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
13:32 -!- Guest78344 [~ka24@gwdt10r1.uptel.com] has quit [Ping timeout: 272 seconds]
13:33 -!- john_jjj [5983701d@gateway/web/freenode/ip.89.131.112.29] has joined #openvpn
13:34 < john_jjj> Hi. I'm having some trouble with the auth-nct and auto authentication parameters in my client.conf for ovpn 2.8.3. Claims these are unknown auth types. Anyone ? http://pastebin.com/ZPP17yFG
13:34 < john_jjj> Sorry, that's auto-nct
13:35 < ka24> i'm sure i'm doing something dumb, but if ya have a minute please check out http://pastebin.com/wwHgXEmZ . i'm getting ping times all over the place while connected to the vpn, but normal ping times off the vpn to a subnet i can connect to both on and off my vpn
13:37 < ka24> freebsd server, pf.conf is open with a simple nat rule
13:43 -!- john_jjj [5983701d@gateway/web/freenode/ip.89.131.112.29] has quit [Ping timeout: 246 seconds]
14:12 -!- ka24 [~ka24@gwdt10r1.uptel.com] has quit [Read error: Connection reset by peer]
14:14 <+esde> and?
14:15 -!- ka24 [~ka24@gwdt10r1.uptel.com] has joined #openvpn
14:15 < ka24> !welcome
14:15 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
14:15 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:15 <+esde> !download
14:15 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
14:15 < ka24> !route
14:15 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
14:15 <+esde> you're welcome
14:27 -!- Tobinski [~tobinski@x2f544a6.dyn.telefonica.de] has joined #openvpn
14:28 -!- Tobinski [~tobinski@x2f544a6.dyn.telefonica.de] has quit [Remote host closed the connection]
14:29 -!- showaz [~showaz@unaffiliated/showaz] has quit []
14:29 -!- KNERD [~KNERD@netservisity.com] has joined #openvpn
14:38 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection reset by peer]
14:45 < KNERD> What is error code 146?
14:46 < ka24> google says connection refused. is your server actually running?
14:47 < _FBi> !firewall
14:47 <@vpnHelper> "firewall" is (#1) please see https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbBG for more info or (#2) see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for brief notes on disabling firewall rulesets. or (#3) Please see this for a better method to unloading netfilter (aka iptables ) rules: https://gist.github.com/QueuingKoala/6350127
14:50 < KNERD> Google showed me nothing
14:51 < KNERD> the actual OpenVPN windows client can connect..but a device client is getting that error
14:51 < KNERD> i did run these during set up
14:51 < KNERD> iptables -I INPUT -p udp -m udp --dport 1194 -j ACCEPT
14:52 < KNERD> iptables -t nat -A POSTROUTING -s 10.8.0.1/24 -o eth0 -j MASQUERADE
14:52 < ka24> i'd say there must be some firewall between your device and the openvpn server
14:52 < KNERD> service iptables save
14:52 < KNERD> yeah what I amn thinking..
14:52 < KNERD> thanks for th einput
15:18 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:18 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has joined #openvpn
15:20 -!- jrgcombr__ [~jrgcombr@179.34.154.138] has quit [Ping timeout: 265 seconds]
15:25 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:26 -!- ka24 [~ka24@gwdt10r1.uptel.com] has quit [Quit: Leaving]
15:28 -!- bbert [~bbert@unaffiliated/bbert] has joined #openvpn
15:35 -!- chiiph [~chiiph@unaffiliated/chiiph] has joined #openvpn
15:36 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
15:38 < chiiph> hi, I'm using the easy-rsa that is packaged for ubuntu 14.04. Is it possible to set subjectAltName? exporting KEY_ALTNAMES doesn't do the trick for ./build-key somename
15:38 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
15:39 -!- djiboutiii [~chrisp@static-50-125-99-242.rdmd.wa.frontiernet.net] has joined #openvpn
15:40 < DzAirmaX> hi guys
15:41 < djiboutiii> Hello. I have an openvpn server sitting in the same network as a subnet 192.168.167.*, when I connect to the vpn, I'd like to be able to access this subnet as well. I've pushed the route to the client using a file in the ccd directory. It appears to work, I can see "192.168.167.0/24 via 10.148.0.1 dev tun0" in my client-side routing table, however I can't hit anything in that subnet. Any ideas?
15:41 < DzAirmaX> is it possible to use autossh and openvpn client on the same mahcine ? I want to use the vpn for redirecting all the data except for the ssh link
15:48 < KNERD> DzAirmaX: of course it is
15:48 < djiboutiii> !welcome
15:48 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:48 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:48 < djiboutiii> !route
15:48 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
15:48 <@vpnHelper> client
15:58 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
16:02 < DArqueBishop> djiboutiii, have you configured the gateway for the 192.168.167.0 subnet how to pass traffic for the VPN?
16:02 < DzAirmaX> KNERD
16:03 < DzAirmaX> KNERD : I am using the push "route xxx.xxx.xxx.xxxx 255.255.255.255 net_gateway" command, but it dosnt seems to work ...
16:05 < djiboutiii> @DArqueBishop, I don't think I have.
16:05 < djiboutiii> In fact, I haven't. Just to clear up any confusion.
16:06 < DArqueBishop> You need to do that, because while the OpenVPN server is pushing out the packets from the VPN subnet to the local one... the local subnet has no idea how to send them back without a route in the local gateway/router.
16:07 < DArqueBishop> Unless, of course, you only want to reach specific computers and set the routes up in those.
16:07 < djiboutiii> I may just want to reach specific computers. Depending on what my boss asks me to do
16:08 < djiboutiii> In that case I'd need to add something to the destination computer's routing table to let it know of my vpn network?
16:09 < DArqueBishop> Yes.
16:09 < djiboutiii> Thank you, really appreciate your time.
16:10 < DArqueBishop> No problem.
16:21 -!- septopus [~septopus@2604:a880:800:10::98:9001] has joined #openvpn
16:22 -!- septopus [~septopus@2604:a880:800:10::98:9001] has left #openvpn ["WeeChat 1.2"]
16:30 < DzAirmaX> hey DArqueBishop, can you help me setting my ssh tunne and my vpn client on the same machine ?
16:31 < DzAirmaX> I am pretty sure its a routing pb but I can't find the solution online
16:38 <+s7r> what do you want to do exactly ?
17:02 < DzAirmaX> I got a vpn server which is configurated for pushing all the traffic (push "redirect-gateway def1 bypass-dhcp")
17:03 < DzAirmaX> on the client side everything is OK, except I want to bypass one ip adress for connecting the client to a ssh tunnel
17:03 < DzAirmaX> I used the command 'push "route xxx.xxx.xxx.xxx 255.255.255.255 net_gateway"' for creating a route on the client side
17:10 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
17:10 <+s7r> DzAirmaX: you want to connect to ssh using a certain ip address?
17:11 < DzAirmaX> yeah the certain ip adress is the one I pushed trough the command 'push "route xxx.xxx.xxx.xxx 255.255.255.255 net_gateway"' on the client side
17:11 < DzAirmaX> like that the traffic wont go trough the VPN for this address
17:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 245 seconds]
17:16 -!- dazo is now known as dazo_afk
17:20 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
17:20 <+s7r> oh, right
17:20 <+s7r> and it's still using the vpn?
17:24 -!- djiboutiii [~chrisp@static-50-125-99-242.rdmd.wa.frontiernet.net] has left #openvpn []
17:25 < DzAirmaX> yep
17:26 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 252 seconds]
17:27 <+s7r> and does it appear in the routing table?
17:27 < DzAirmaX> yeah
17:31 <+s7r> your setting should be correct.
17:31 <+s7r> if it also appears in the routing table there is no sense in entering it manually again
17:31 < DzAirmaX> ok so this is the good way to do it right ?
17:41 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
17:57 -!- ShadniX [dagger@p5DDFD666.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
17:57 -!- ShadniX_ [dagger@p5481C6CD.dip0.t-ipconnect.de] has joined #openvpn
17:57 -!- ShadniX_ is now known as ShadniX
18:00 -!- pipework is now known as |work
18:02 -!- |work is now known as pipework
18:04 -!- jrgcombr__ [~jrgcombr@179.34.169.111] has joined #openvpn
18:07 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has quit [Ping timeout: 245 seconds]
18:08 -!- Buff|Away is now known as Buffman
18:14 -!- Buffman is now known as Buff|Away
18:32 -!- rooth_ [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
19:10 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:10 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:32 < DzAirmaX> s7r : ok working br0, thank you for your help
19:45 -!- wowaname is now known as FartGoblin
19:45 -!- FartGoblin is now known as wowaname
19:52 -!- SineDeviance [~quassel@2602:306:3908:8eb0:104d:f2c2:43e9:8306] has quit [Ping timeout: 246 seconds]
19:54 -!- SineDeviance [~quassel@2602:306:3908:8eb0:a4cc:db0b:9a06:c083] has joined #openvpn
19:55 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
19:57 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
20:22 -!- Buff|Away is now known as Buffman
20:22 -!- Buffman is now known as Buff|Away
20:22 -!- Buff|Away is now known as Buffman
20:48 -!- Buffman is now known as Buff|Away
20:48 -!- Buff|Away is now known as Buffman
20:59 -!- Buffman is now known as Buff|Away
21:40 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
21:46 -!- mi100hael_ [~michael@71-14-78-20.dhcp.stls.mo.charter.com] has joined #openvpn
22:02 -!- mi100hael_ is now known as mi100hael
22:18 -!- mi100hael [~michael@71-14-78-20.dhcp.stls.mo.charter.com] has quit [Changing host]
22:18 -!- mi100hael [~michael@unaffiliated/oakdog8] has joined #openvpn
22:19 -!- mi100hael [~michael@unaffiliated/oakdog8] has quit [Changing host]
22:19 -!- mi100hael [~michael@unaffiliated/mi100hael] has joined #openvpn
23:05 -!- ShadniX [dagger@p5481C6CD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:05 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:07 -!- ShadniX [dagger@p5DDFC9BD.dip0.t-ipconnect.de] has joined #openvpn
23:18 -!- Buff|Away is now known as Buffman
23:18 -!- Buffman is now known as Buff|Away
23:20 -!- Buff|Away is now known as Buffman
23:21 -!- Buffman is now known as Buff|Away
23:29 -!- wowaname is now known as horse_ebooks
23:59 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Tue Aug 18 2015
00:07 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 244 seconds]
00:11 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:37 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
00:37 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
01:14 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:30 -!- jrgcombr__ [~jrgcombr@179.34.169.111] has quit [Read error: Connection reset by peer]
02:01 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:10 -!- occupant [~null@207.173.20.37] has quit [Ping timeout: 244 seconds]
02:12 -!- lev__ [~lev@stipakov.fi] has joined #openvpn
02:21 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ozhvmyldbcavcxqk] has quit [Quit: Connection closed for inactivity]
02:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
02:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:26 -!- Gwoplock [~quassel@104.56.172.189] has quit [Ping timeout: 265 seconds]
02:36 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
02:39 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
02:55 -!- apollo2k is now known as aPollO2k
03:01 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
03:02 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
03:10 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:21 -!- bchlr [~irc@giskard.bchlr.de] has quit [Ping timeout: 256 seconds]
03:28 -!- bchlr [~irc@giskard.bchlr.de] has joined #openvpn
03:51 -!- n-st [~n-st@unaffiliated/n-st] has quit [Quit: ZNC - http://znc.in]
03:52 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
04:10 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
04:28 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:32 -!- dazo_afk is now known as dazo
04:45 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
04:54 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:54 -!- mode/#openvpn [+o mattock2] by ChanServ
04:55 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
04:56 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:56 -!- mode/#openvpn [+o mattock2] by ChanServ
05:10 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
05:15 -!- aPollO2k is now known as apollo2k
05:23 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Ping timeout: 272 seconds]
05:39 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:41 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
05:41 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
05:41 -!- toli [~toli@ip-62-235-197-96.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:42 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:43 -!- toli [~toli@ip-62-235-197-114.dsl.scarlet.be] has joined #openvpn
05:47 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
05:55 -!- apollo2k is now known as aPollO2k
06:05 -!- moriko [~moriko@141.8.29.164] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:17 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 256 seconds]
06:30 -!- moriko [~moriko@141.8.29.164] has joined #openvpn
06:38 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 256 seconds]
06:38 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-mnfiwvlwdnuizcgn] has quit [Ping timeout: 252 seconds]
06:39 -!- dan_j [sid21651@gateway/web/irccloud.com/x-qapnvtcuqjtfxxmv] has quit [Ping timeout: 256 seconds]
06:42 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:14 -!- aPollO2k is now known as apollo2k
07:17 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
07:29 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
07:31 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 256 seconds]
07:34 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
07:36 -!- dan_j [sid21651@gateway/web/irccloud.com/x-gszpchryurexhnvh] has joined #openvpn
07:37 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-amkdzjvytbarcsnk] has joined #openvpn
07:46 -!- apollo2k is now known as aPollO2k
07:46 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has joined #openvpn
07:46 < v0lZy> Hi everyone
07:46 < v0lZy> Any ideas on how to get 1 openvpn server to listen on both TCP and UDP?
07:47 < v0lZy> failing that, two openvpn server instances giving out ips for the same subnet?
07:47 < v0lZy> (Other than dividing a /24 between them for example)
07:47 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 252 seconds]
07:48 -!- dan_j [sid21651@gateway/web/irccloud.com/x-gszpchryurexhnvh] has quit [Ping timeout: 246 seconds]
07:49 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-amkdzjvytbarcsnk] has quit [Ping timeout: 252 seconds]
07:58 -!- esde [~esde@openvpn/user/esde] has quit [Quit: .]
08:03 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
08:03 -!- mode/#openvpn [+v esde] by ChanServ
08:13 -!- moriko [~moriko@141.8.29.164] has quit [Ping timeout: 272 seconds]
08:19 -!- bbert [~bbert@unaffiliated/bbert] has quit [Quit: Leaving]
08:21 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
08:21 <@dazo> v0lZy: openvpn does not support listening to several protocols or ports, you need separate openvpn configs .... so for the same subnet, make each of them provide IPs in the same subnet, you need to split it up to make it work more flawlessly
08:21 <@dazo> two /25 subnets would normally work
08:22 < v0lZy> No other way apart from splitting the subnets?
08:22 <@dazo> nope
08:23 <@dazo> well, you can play with bridging .... *BUT* you very seldom want to do that, it usually complicates things far more than what it really solves
08:23 <@ecrist> you can also just push proper routes for each VPN
08:23 <@dazo> and in addition, bridging will hurt the VPN performance .... so don't go that path
08:23 < v0lZy> Is anything like this functionalit yplanned for the future? Thing is, when you put your servers in a DC and VPN from laptop to the DC environment, then for example have a site-to-site from the DC to a client... if your road warriors go around a lot, they get to sometimes have to use port 443, and other times, when they can, they want to use UDP 1194 for example
08:23 < v0lZy> and then you have your admins and non-admins ...
08:23 <@ecrist> no plans
08:24 <@dazo> v0lZy: it is on our todo list .... but when it will eventually happens .... nobody knows
08:24 < v0lZy> and then its like 5 subnets you're asking them to be able to route through the site-to-site tunnel
08:24 <@dazo> or rather, wish list
08:24 <@ecrist> it's really just as simple as setting up different instances.
08:24 <@ecrist> push the right routes for each VPN subnet, and things will work.
08:25 < v0lZy> ecrist: I know how to do all that, but the problem I have is with networks outside of my control
08:25 <@ecrist> I'm not sure how that's a problem?
08:26 < v0lZy> example... several developers in my country work as roadwarriors and they need access to a client's server.... my company reaches the client's server via a site-to-site VPN
08:26 < v0lZy> no issue in terms of routing
08:26 <@ecrist> ok
08:26 < v0lZy> but with my developers and admins and everyone being roadwarriors
08:26 < v0lZy> and each having different levels of access to our network
08:26 < v0lZy> but more or less the same level of access to the client's server
08:27 <@ecrist> ok
08:27 < v0lZy> we get into a situation where we have like 5 subnets the other side needs to have pushed to them
08:27 < v0lZy> becomes a problem when they are using those subnets
08:27 < v0lZy> overlapping stuff...
08:27 <@ecrist> there's enought RFC 1918 space to work around that
08:27 <@ecrist> enough*
08:27 < v0lZy> well.. not really
08:28 < v0lZy> when you are working with large corporations that merge etc
08:28 <@ecrist> generally, stay away from 10.x and 192.168.0.0/23
08:28 < v0lZy> ecrist: well that just leaves 172.16.x.x then..
08:28 <@ecrist> your 172.16/x seems to be safe in my experience, particularly if you avoid that base.
08:28 < v0lZy> and people segment their networks without burning up all the ips...
08:29 <@ecrist> v0lZy: 172.16 goes all the way to 172.31
08:29 < v0lZy> either way its a game of chance.. what I'm thinking is if there's other way around this.... like NAT within open VPN etc
08:29 <@ecrist> openvpn doesn't do nat
08:29 < v0lZy> ecrist: yeah, my bad, sorry.
08:30 < v0lZy> ecrist: would be useful if it had the options to do so...
08:30 <@ecrist> you can use a kernel packet filter to do the translation, though.
08:30 <@dazo> NAT is again just a workaround ... should also be avoided as much as possible
08:30 < v0lZy> for situations when u have several clients and then one can't route the IPs back to you ..
08:30 <@ecrist> v0lZy: so go buy an IP range and push that to your VPN users.
08:30 < v0lZy> would be easier to have a type of NAT so that you could give them whatever they can route, and then NAT it back and forth.
08:30 <@ecrist> proxy a DHCP server and push that range to all your openvpn instances
08:31 <@ecrist> I get the feeling your the type of person that stares to hard at a problem and isn't willing to see the solution.
08:31 < v0lZy> well I guess buying a subnet would work
08:31 < v0lZy> but would still need to NAT that somehow i assume
08:31 < v0lZy> I can't give everyone in the company a public IP...
08:31 <@ecrist> why?
08:31 <@ecrist> sure you can
08:32 < v0lZy>  there's 50 people so thats not that many ips
08:32 <@ecrist> A /24 is 255 IPs
08:32 <@ecrist> last I checked, 255 > 50
08:32 < v0lZy> but having to have an IP for every vpn user in the company...
08:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
08:33 -!- dazo is now known as dazo_afk
08:33 <@ecrist> I'm still not seeing an issue.
08:34 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
08:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:34 -!- mode/#openvpn [+o mattock1] by ChanServ
08:35 < v0lZy> well i could solve the problem by having 1 vpn server for my users and another vpn server for my site-to-site tunnels, then NAT in between
08:35 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
08:35 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:35 <@ecrist> you don't need to use NAT
08:36 < v0lZy> well its either that or renting IPs...
08:36 <@ecrist> no, it's not
08:36 < v0lZy> ...
08:36 <@ecrist> use proper routing, you'll be fine
08:37 < v0lZy> ecrist: We don't have just one big client, we have like 10 of them that have very big networks and have a very limited range of ips they can use on their side.... buying our own set of public ips would solve this in the easiest way possibl eI think
08:37 < v0lZy> i can't reenumerate my user's to fit one clients need cause that interfears with another client..
08:38 <@ecrist> you don't really need to, but what do I know?
08:41 < v0lZy> ecrist: I'm not sure we're talking about the same thing. I'm talking about them having a problem as to what IP networks they can route back to me.... I have 50 users, and 8x /24 vpn networks (tcp 993, 443, 80, UDP 1194 for admins on WAN1, TCP 993, 443, 80, UDP 1194 for users on WAN2). When I do a site to site tunnel with someone, these are these  /24 subnets is what i need their servers to route back through the site-to-site tunnel
08:42 < v0lZy> problem is, they are in some cases already using some or all of these ranges on their internal network
08:43 < v0lZy> I can't tell which of these 8x /24 networks my roadwarriors will be using at any time.. all of them, since they are moving around, working from airports, hotels etc
08:44 < v0lZy> so I need all my clients to have their servers route back to my users so that when my users connect to our DC, they get access to our clients via the site-to-site VPNs that are held open
08:44 < v0lZy> between the dc and the client
08:44 <@ecrist> ok
08:44 <@ecrist> you can do it all with a single /24
08:44 < v0lZy> using public ips for my users would be one way to solve this
08:45 < v0lZy> ecrist: how?
08:45 <@ecrist> put a DHCP server behind the VPN, proxy the DHCP server to your VPN users, and let it assign IPs
08:46 < v0lZy> ecrist: so basically when my users connect to my openvpn, they use the DHCP server to get an IP, rather than openvpn's internal dhcp?
08:46 < v0lZy> I see.
08:46 <@ecrist> yes
08:46 <@ecrist> I said that 15 minutes ago, too
08:47 -!- dan_j [sid21651@gateway/web/irccloud.com/x-bkuxbdxnjgelgoez] has joined #openvpn
08:47 < v0lZy> ecrist: yes, i saw, it just didnt resonate with me, didnt grasp it at first
08:47 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-wpvlwwdqvrfhfzet] has joined #openvpn
08:48 < v0lZy> though in this scenario, say I have two openvpn server instances running
08:48 < v0lZy> and use the same DHCP server to dish out ips
08:49 <@ecrist> that's what I'm suggesting
08:49 < v0lZy> but it would still require splitting the /24 into two networks, due to gateways, wouldnt it?
08:49 <@ecrist> I don't think so
08:50 < v0lZy> ...
08:51 < v0lZy> 10.10.10.55 sends to 192.168.1.44 ... 192.168.1.44 want's to send something back, which openvpn instance does it use as the gateway?
08:53 <@ecrist> well, in order to use the dhcp proxy feature, you have to use a bridged VPN setup.
08:53 <@ecrist> so, your tap adapters would all be part of that same broadcast domain
08:53 <@ecrist> and, thus, a single gateway IP
08:55 < v0lZy> I see, so in essence, OpenVPN servers would be, at least as far as inward facing side goes, without an IP?
08:56 <@ecrist> yes
08:57 < v0lZy> so if my DHCP is running on a separate machine, id have to further bridge the OpenVPN server instances to network ports and link those to a switch that connects the DHCP server .. hmm
08:58 <@ecrist> no
08:58 <@ecrist> run dhcp on the machine that is the VPN server
08:58 < v0lZy> ... or that, yeah...
08:58 < v0lZy> or some kind of proxy at least
09:02 < v0lZy> but as this is TAP based
09:02 < v0lZy> wouldnt that mean that there's no isolation between the clients?
09:03 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Ping timeout: 256 seconds]
09:05 <@ecrist> I'd suggest reading the man page.
09:06 <@ecrist> look for client-to-client
09:18 < v0lZy> ecrist: man page suggest using --client-to-client puts all of them into the same subnet so they can talk to eachother
09:19 < v0lZy> but when using tap and pushing IPs to them via dhcp, even when not using --client-to-client parameter, wouldn't that allow clients to talk to eachother
09:19 < v0lZy> ?
09:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:22 < v0lZy> google throws up an old article from 2010
09:22 < v0lZy> says that its possible to control even in tap mode
09:22 < v0lZy> although not straight forward
09:22 <@ecrist> The openvpn process prevents clients from talking to eachother unless client-to-client is enabled
09:23 <@ecrist> even if they are on the same subnet.
09:23 -!- Buff|Away is now known as Buffman
09:23 < v0lZy> interesting
09:23 < v0lZy> i guess it just looks at the ethernet frames and implements a filter there what mac can address what other mac
09:23 < v0lZy> thats pretty neat
09:23 -!- Buffman is now known as Buff|Away
09:24 < v0lZy> im thinking i might actually go that way then
09:27 < v0lZy> i could then maybe set up a separate NAT server with several IP aliases on its WAN side, hookup WAN to the LAN of the box doing site-to-site VPNS and on the NAT box do outbount NAD based on destination IP
09:27 < v0lZy> nat*
09:29 < v0lZy> that way I could add any IP they wanted as long as it wasnt one I was already using internally... could have just 1 public IP really.
09:31 < v0lZy> well... 2 actually since need something on the LAN of the other box as well, eheh
09:31 < v0lZy> that would work I guess
09:35 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
09:35 -!- shio [marmottin@43.188.103.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
09:35 -!- shio [shio@43.188.103.84.rev.sfr.net] has joined #openvpn
09:35 -!- Buff|Away is now known as Buffman
09:36 -!- Buffman is now known as Buff|Away
09:37 -!- n-st [~n-st@unaffiliated/n-st] has quit [Ping timeout: 245 seconds]
09:38 -!- Buff|Away is now known as Buffman
09:39 -!- horse_ebooks [h@love.wowana.me] has quit [Ping timeout: 245 seconds]
09:39 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 245 seconds]
09:40 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
09:41 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
09:41 -!- horse_ebooks [h@love.wowana.me] has joined #openvpn
09:52 -!- chiiph [~chiiph@unaffiliated/chiiph] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
09:55 -!- unixninja92_ [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
09:57 -!- mi100hael is now known as mi100hael_
09:57 -!- mi100hael_ is now known as mi100hael
09:59 -!- Netsplit *.net <-> *.split quits: unixninja92, early, CGML, ghormoon, phreakocious, KakuRoze, zimboboyd, Tykling, liriel, Matir_,  (+3 more, use /NETSPLIT to show all of them)
09:59 -!- phreakocious_ [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
10:01 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
10:03 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
10:05 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
10:05 -!- fling [~fling@fsf/member/fling] has joined #openvpn
10:06 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
10:06 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
10:12 -!- Darkwell [~Darkwell@h-168-149.a192.priv.bahnhof.se] has joined #openvpn
10:12 -!- Matir [~matir@192.73.232.209] has joined #openvpn
10:12 -!- Matir [~matir@192.73.232.209] has quit [Changing host]
10:12 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
10:12 -!- Darkwell [~Darkwell@h-168-149.a192.priv.bahnhof.se] has quit [Changing host]
10:12 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
10:13 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
10:14 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
10:19 -!- Buffman is now known as Buff|Away
10:19 -!- Buff|Away is now known as Buffman
10:22 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
10:30 -!- Buffman is now known as Buff|Away
10:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
10:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:34 -!- mode/#openvpn [+o mattock1] by ChanServ
10:36 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Remote host closed the connection]
10:36 -!- dan_j [sid21651@gateway/web/irccloud.com/x-bkuxbdxnjgelgoez] has quit [Remote host closed the connection]
10:36 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-wpvlwwdqvrfhfzet] has quit [Remote host closed the connection]
10:45 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
10:57 -!- dan_j [sid21651@gateway/web/irccloud.com/x-pxfngwlhkfpfhjrc] has joined #openvpn
10:57 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-askifadshwovfhee] has joined #openvpn
10:59 -!- ratmav [~ratmav@208-104-234-136.rh4.cm.dyn.comporium.net] has joined #openvpn
10:59 < ratmav> hi ya'll
10:59 < ratmav> i'm on openvpnas
10:59 < ratmav> renewing license keys
10:59 < ratmav> i have a failover pair. do i only need to update the one key on the primary node via the web ui?
10:59 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
11:00 -!- dazo_afk is now known as dazo
11:01 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bkbnrbkcfjfmfgra] has joined #openvpn
11:03 < ratmav> nm. just clicked the "get renewal keys" button. nice and easy. anything else i need to do?
11:03 <@dazo> !as
11:03 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
11:03 < ratmav> ah, ok
11:03 < ratmav> thanks
11:04 -!- ratmav [~ratmav@208-104-234-136.rh4.cm.dyn.comporium.net] has left #openvpn ["Leaving"]
11:06 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 240 seconds]
11:10 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
11:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:24 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
11:30 -!- djiboutiii [~chrisp@static-50-125-99-242.rdmd.wa.frontiernet.net] has joined #openvpn
11:31 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
11:33 < djiboutiii> Hello. I've read through the guides posted here and am still unable to route from my vpn client to a lan behind the openvpn server. When I attempt to ssh into the subnet I need, I don't get any errors and it eventually times out. All I get is a log just like this: Aug 18 09:30:48 aIJnne ovpn-server[11214]: home-client/64.172.11.149:59007 MULTI: Learn: 192.168.146.10 -> home-client/64.172.11.149:59007
11:33 < djiboutiii> Would anyone have some advice for me?>
11:34 < djiboutiii> Where i want to reach = 192.168.146.10
11:34 < djiboutiii> openvpn network is 10.150.0.0
11:34 <@dazo> !server_lan
11:34 <@dazo> !serverlan
11:34 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
11:35 < djiboutiii> Thanks, missed that irc help guide when i tried this earlier.
11:35 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
11:38 < djiboutiii> So I can't ping the lan IP of the server, I'm stuck at that point on the flowchart. Here's the IP table rule I have: iptables -A FORWARD -i tun0 -s 10.50.0.0/24 -d 192.168.146.0/24 -j ACCEPT
11:38 <@dazo> djiboutiii: which server?  the openvpn server or the server behind the VPN server?
11:39 < djiboutiii> So the openvpn server IP i can ping. The openvpn is also on the network I want to reach: 192.168.146.0/24 with ip 192.168.146.230
11:39 <@dazo> okay ... do you have IP forwarding enabled?
11:39 < djiboutiii> and that 230 ip is the one i cant hit
11:39 < djiboutiii> I believe so, here's the rule in iptables
11:40 <@dazo> sysctl net.ipv4.ip_forward
11:40 < djiboutiii> ACCEPT     all  --  10.150.0.0/24        192.168.146.0/24
11:40 < djiboutiii> under "Chain FORWARD"
11:40 <@dazo> that's firewalling ... that comes next ... ip forwarding is a kernel parameter which enables passing packets between interfaces
11:41 < djiboutiii> Oh! sorry for the confusion
11:41 <@dazo> If net.ipv4.ip_forward = 0 ... your box can't work as router .... it needs to be 1
11:41 < djiboutiii> okay let me check
11:42 < djiboutiii> do i need to restart a service for that to take effect? edited that in to sysctl.conf
11:43 <@dazo> if you edited sysctl, you need to reload the sysctl.conf file .... 'sysctl -p' iirc
11:43 < djiboutiii> perfect. Okay reloaded it.
11:43 -!- Sollidius [lets@killababywith.science] has joined #openvpn
11:44 <@dazo> then try to do: sysctl net.ipv4.ip_forward .... what does it say?   You can also double check by doing: cat /proc/sys/net/ipv4/ip_forward
11:44 < Sollidius> Hello guys. Little problem over here. I'm currently connected to OpenVPN instance, but the DNS doesn't work. Can't even ping 8.8.8.8
11:44 < djiboutiii> output of cat /proc/sys/net/ipv4/ip_forward = 1
11:45 <@dazo> djiboutiii: goodie!  now, what happens when you ping the internal LAN IP of your openvpn server?
11:46 < djiboutiii> still no response unfortunately
11:47 <@dazo> please pastebin the output of 'iptables-save' and /complete/ log files from last openvpn restart - both server and client, with --verb 4 in the configs
11:47 < djiboutiii> you got it
11:49 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
11:57 -!- robert83a1 [~robert83a@aftr-37-201-214-65.unity-media.net] has joined #openvpn
11:58 < robert83a1> hi all, have two locations connected trough a backbone via VPN tunnel , right now it's routing on both ends , I was wondering since it would make the network a lot easier to remove the vpn routing, and instead use VPN bridge. So that the remote end subnet A would go trough the VPN tunnel right into the local Router from where it would go to the internet, and local subnet etc...
11:58 < djiboutiii> dazo, Here's the pastebin: http://pastebin.com/wUuauTQA
11:58 <@dazo> djiboutiii: those server/client logs are without --verb 4
11:59 < djiboutiii> Ah, I'm sorry. Should have reread. One moment.
12:03 < zoredache> !factoids
12:03 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
12:06 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Quit: Turning IRC client off]
12:07 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
12:07 < djiboutiii> dazo: Let's try it again, http://pastebin.com/wUuauTQA
12:08 < djiboutiii> Sorry it takes a while to send that. I'm replacing some company details just as a precaution. Not because of you or anything, just better safe than sorry with pastebin :)
12:09 <@dazo> djiboutiii: do you happen to use 'mute' in your configs?  it shows 1/3 of what I'm expecting
12:09 <@dazo> can you pastebin configs?
12:09 <@dazo> !configs
12:09 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:09 <@dazo> do READ this one carefully
12:10 <@dazo> Aug 18 10:03:56 home-server ovpn-server[16035]: 260 variation(s) on previous 20 message(s) suppressed by --mute
12:10 < djiboutiii> Will do. reading it now. And yes, mute is set to 20. Sorry, didn't notice that. This is a vpn server I inherited
12:10 <@dazo> yes, mute is active
12:10 <@dazo> you need to disable the mute
12:10 < djiboutiii> Doing so now and rerunning logs
12:19 -!- dazo is now known as dazo_afk
12:24 -!- dazo_afk is now known as dazo
12:26 < djiboutiii> dazo: Let's hope third time's a charm :) http://pastebin.com/wUuauTQA
12:29 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 264 seconds]
12:33 -!- Sollidius [lets@killababywith.science] has left #openvpn []
12:34 <@dazo> djiboutiii: so ... what's the purpose of your vpn_routes.sh --up script?
12:40 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
12:41 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has quit [Ping timeout: 265 seconds]
12:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:52 < djiboutiii> Sorry was called away from my desk
12:52 < djiboutiii> Let me take a quick look
12:53 < djiboutiii> dazo: I'm embarrassed to say that I don't really know. Here's the script: if [ "$6" == "init" ] ; then \ 	/sbin/ip route add 10.192.0.0/10 dev $1; \ fi
12:54 <@dazo> djiboutiii: I suggest scrapping down the config to the bare minimum and start from there
12:54 < djiboutiii> Sounds good. I will start fresh. Thanks for your patience with me, I really do appreciate it.
12:54 <@dazo> so take out the --up, --client-to-client and --client-config-dir options ... those can distract you for sure
12:56 < djiboutiii> will do
12:56 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
12:57 <@dazo> djiboutiii: also look at all the warnings you have in the logs, try to sort out those ... including the " OpenVPN ROUTE: OpenVPN needs a gateway parameter ..." message
12:57 < djiboutiii> Great, that one certainly seems promising.
12:57 <@dazo> with minimal config ... I mean a server config which is not much more than 10 lines, that usually covers most scenarios
12:59 -!- master_o1_master [~master_of@p4FF24010.dip0.t-ipconnect.de] has joined #openvpn
12:59 < djiboutiii> Gotcha
13:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
13:00 <@dazo> and if you are very new to OpenVPN and VPNs ... I'd recommend to grab a copy of the OpenVPN 2 Cookbook
13:00 <@dazo> !book
13:00 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2!
13:01 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
13:02 -!- master_of_master [~master_of@p4FD7B731.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
13:06 < sklv>  hi, am I correct in thinking that with ecdsa-SHA512 certs and ECDHE-ECDSA-AES256-GCM-SHA384 there should be no need for dhparams?
13:07 <@dazo> syzzer: ^^^
13:09 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-qlpkdaktdneszqeh] has joined #openvpn
13:14 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
13:16 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
13:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:23 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
13:28 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:28 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
13:38 -!- djiboutiii [~chrisp@static-50-125-99-242.rdmd.wa.frontiernet.net] has quit [Quit: Leaving.]
13:50 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
13:53 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
13:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 245 seconds]
13:58 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 246 seconds]
14:00 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
14:09 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
14:11 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
14:20 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
14:21 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
14:27 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
14:28 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
14:34 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
14:42 -!- Denial- [~Denial@81.141.22.152] has quit []
14:45 -!- Denial [~Denial@81.141.22.152] has joined #openvpn
14:46 -!- lmkone_ [6df3dbe8@gateway/web/freenode/ip.109.243.219.232] has joined #openvpn
14:46 < lmkone_> hi there
14:51 < lmkone_> is there a way to prevent users from changing virtual ip after connecting to openvpn server - I have sereval firewall rules that are applied to different ip addresses from the pool, but after i get connected as one user (get assigned specific configured ip address)  I can easily change it to a differnet one (tap connection properties) and able to access other resources
14:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
14:51 <@dazo> lmkone_: if you use TUN instead, such attempts shouldn't work
14:53 < lmkone_> but that would mean reconfiguring alot of clients I have got already - is it possible with tap?
14:53 <@dazo> lmkone_: then you should probably have a look at !eurephia to get some ideas
14:54 <@dazo> !eurephia
14:54 <@vpnHelper> "eurephia" is http://www.eurephia.net/
14:54 < lmkone_> thanks dazo - will have a look
14:55 <@dazo> That plug-in will also require username/password auth in addition to certificates ... but based on that combo, a firewall profile is dynamically enabled for that connection ... if the user tries something wonky, the firewall will block it
15:04 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
15:13 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:16 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
15:17 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
15:18 -!- robert83a1 [~robert83a@aftr-37-201-214-65.unity-media.net] has quit []
15:28 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
15:29 -!- hennes [~midas8@167.160.44.237] has joined #openvpn
15:29 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Client Quit]
15:35 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
15:40 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 250 seconds]
15:45 -!- aPollO2k is now known as apollo2k
15:58 -!- Tasqa [915a43c1@gateway/web/freenode/ip.145.90.67.193] has joined #openvpn
15:59 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
16:00 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
16:01 < Tasqa> I'm having trouble making openvpn server listen on both ipv4 and ipv6 adresses
16:02 < Tasqa> switching between udp & udp6 seems to work. But is it possible to listen on both at the same time?
16:03 -!- HardWall [~HardWall@86.122.174.23] has joined #openvpn
16:03 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 244 seconds]
16:03 < ValdikSS> Tasqa: you can use udp6 and set net.ipv6.bindv6only=0 (set by default) and it should accept ipv4.
16:05 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
16:06 < Tasqa> is that a sysctl switch?
16:19 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
16:24 < ValdikSS> Tasqa: yes
16:30 -!- lmkone_ [6df3dbe8@gateway/web/freenode/ip.109.243.219.232] has quit [Ping timeout: 246 seconds]
16:34 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:35 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
16:38 -!- Tasqa [915a43c1@gateway/web/freenode/ip.145.90.67.193] has quit []
16:45 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
16:46 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:51 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
17:14 -!- fugyk [~fugyk@ec2-52-74-78-173.ap-southeast-1.compute.amazonaws.com] has left #openvpn []
17:23 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
17:31 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
17:31 -!- alec-b [~alec@72.50.43.5.rev.vodafone.pt] has joined #openvpn
17:32 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
17:40 -!- alec-b [~alec@72.50.43.5.rev.vodafone.pt] has quit [Ping timeout: 250 seconds]
17:40 -!- dazo is now known as dazo_afk
17:43 -!- HardWall [~HardWall@86.122.174.23] has quit [Read error: Connection reset by peer]
17:48 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 272 seconds]
18:00 -!- alec-b [~alec@72.50.43.5.rev.vodafone.pt] has joined #openvpn
18:00 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has joined #openvpn
18:06 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
18:13 -!- fugyk [~fugyk@ec2-52-74-78-173.ap-southeast-1.compute.amazonaws.com] has joined #openvpn
18:51 -!- horse_ebooks is now known as wownaame
18:51 -!- wownaame is now known as wowaname
18:58 -!- alec-b [~alec@72.50.43.5.rev.vodafone.pt] has quit [Ping timeout: 272 seconds]
18:59 -!- alec-b [~alec@72.50.43.5.rev.vodafone.pt] has joined #openvpn
19:07 -!- wowaname is now known as claus
19:08 -!- claus is now known as wowaname
19:08 -!- PGNd [~PGNd@unaffiliated/pgngw] has joined #openvpn
19:12 < PGNd> I'm working on routing IPv6 traffic over an existing IPv4 tunnel, following the 'Providing IPv6 inside the tunnel' docs.  What qualifies as a "valid" IPv6 address when config'ing address pools with 'ifconfig-ipv6' directive?  An existing/working IPv6 address doesn't appear to be sufficient ... fires an error.
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:18 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
19:18 < xMopxShell> does anyone use Tunnelblick? it doesn't seem to honor dns/domain settings pushed by an openvpn server
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:38 -!- alec-b [~alec@72.50.43.5.rev.vodafone.pt] has quit [Ping timeout: 250 seconds]
19:54 < Eugene> xMopxShell - the ddns-options are only handled/parsed by the Windows client. You need to use an --up script to handle them on other systems.
19:54 < Eugene> dhcp-options*
19:54 < xMopxShell> Eugene: right, that is what Tunnelblick handles
19:54 < Eugene> iDont' own a mac, but IIRC it doesn't.
19:54 < Eugene> So..... meh?
19:58 -!- PGNd [~PGNd@unaffiliated/pgngw] has quit [Remote host closed the connection]
19:59 < xMopxShell> It handles them, but they revert a few seconds later
20:06 -!- septopus [~septopus@2604:a880:800:10::98:9001] has joined #openvpn
20:07 < septopus> !configs
20:07 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:38 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
20:52 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:02 -!- Buff|Away is now known as Buffman
21:05 -!- Free99 [~Free99@ool-18ba587d.dyn.optonline.net] has joined #openvpn
21:29 -!- Free99 [~Free99@ool-18ba587d.dyn.optonline.net] has quit [Ping timeout: 264 seconds]
21:30 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
21:30 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
21:39 -!- hennes [~midas8@167.160.44.237] has quit [Quit: Leaving]
21:40 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
21:40 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
21:44 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:51 -!- Buffman is now known as Buff|Away
22:00 -!- Buff|Away is now known as Buffman
22:05 -!- shio [shio@43.188.103.84.rev.sfr.net] has quit [Ping timeout: 252 seconds]
22:06 -!- zero_64 [~GhostReco@192.99.170.5] has joined #openvpn
22:12 -!- Buffman is now known as Buff|Away
22:14 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 244 seconds]
22:16 -!- septopus [~septopus@2604:a880:800:10::98:9001] has quit [Ping timeout: 246 seconds]
22:17 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Ping timeout: 250 seconds]
22:18 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 255 seconds]
22:21 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
22:22 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
22:22 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
22:22 -!- mode/#openvpn [+v esde] by ChanServ
22:26 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 240 seconds]
22:26 -!- EmperorTom [~EmperorTo@oreo.blissfulidiot.com] has quit [Read error: Connection reset by peer]
22:26 -!- EmperorTom [~EmperorTo@oreo.blissfulidiot.com] has joined #openvpn
22:27 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 240 seconds]
22:27 -!- HardWall [~HardWall@86.122.174.23] has joined #openvpn
22:31 -!- etherealmktg1 [uid90796@gateway/web/irccloud.com/x-qlpkdaktdneszqeh] has quit [Quit: Connection closed for inactivity]
22:31 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
22:32 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
22:32 -!- mode/#openvpn [+v esde] by ChanServ
22:34 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
22:37 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
22:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:41 -!- Buff|Away is now known as Buffman
22:46 -!- Buffman is now known as Buff|Away
22:53 -!- welling [~welling@vh0st.tk] has quit [Ping timeout: 246 seconds]
22:54 -!- jnewt [~jnewt@2602:306:37fe:8330:cc03:80da:ca52:6b28] has joined #openvpn
22:59 -!- HardWall [~HardWall@86.122.174.23] has quit [Read error: Connection reset by peer]
23:04 -!- ShadniX [dagger@p5DDFC9BD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:05 -!- ShadniX [dagger@p5DDFCD3C.dip0.t-ipconnect.de] has joined #openvpn
23:08 < jnewt> http://pastebin.com/KnZX46vm
23:09 < jnewt> ok, there's the config and logs, (with ip and keys removed)  from what i can tell, i am connected.
23:10 < jnewt> my problem is that nothing seems to work as i expected.  i cannot ping the remote lan computers, cannot nslookup, no mapped network drives or locations work.
23:10 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 265 seconds]
23:12 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 255 seconds]
23:12 < zero_64> hey
23:12 < zero_64> did you create a tun interface
23:13 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Ping timeout: 240 seconds]
23:13 < zero_64> config interface 'OPENVPN'
23:13 < zero_64> 	option proto 'none'
23:13 < zero_64> 	option ifname 'tun0'
23:13 < zero_64> 	option auto '1'
23:13 < zero_64> 	option delegate '0'
23:13 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
23:15 < jnewt> zero_64, i did not.
23:16 < jnewt> is that server or client side?
23:16 < zero_64> client
23:16 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
23:17 < zero_64> I use my router in client mode
23:17 < zero_64> I wll show you my openvpn onfig
23:17 < zero_64> config
23:19 < jnewt> i have a couple of tunnel adapters in ipconfig, but i'm thinking that might be from my vbox clients
23:20 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
23:20 -!- mode/#openvpn [+v esde] by ChanServ
23:20 < zero_64> jnewt
23:20 < zero_64> ignore my last
23:20 < zero_64> I thught I was on the openwrt channel
23:26 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
23:43 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
23:43 -!- mode/#openvpn [+v hyper_ch] by ChanServ
23:44 <+hyper_ch> hi there, I just tested openvpn in a win10 VM and I noticed something. Current installer for Win works fine and connection gets established. However sometimes the redirect def1 kicks in fine - all traffic is routed through the vpn... sometimes it does not kick in fine but the vpn gets connected anyway, just not everything being routed through the vpn..... any idea?
23:49 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 255 seconds]
23:49 < zero_64> how did you test this
23:49 < zero_64> arew you talking about DNS issues ..
23:49 < zero_64> what do you mean by some traffic /
23:49 < zero_64> ?
23:50 -!- esde [~esde@openvpn/user/esde] has quit [Ping timeout: 256 seconds]
23:50 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
23:54 <+hyper_ch> zero_64: simply real: check the ip of remote_addr on a server you own
23:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:55 -!- esde [~esde@openvpn/user/esde] has joined #openvpn
23:56 -!- mode/#openvpn [+v esde] by ChanServ
23:56 < zero_64> like whatismyip.com
23:56 < zero_64> and it gave your local ISp IP ..
23:56 < zero_64> hummm ....
23:57 < zero_64> split tunnel option ..
23:57 < zero_64> insure thats not enabled.
23:57 < jnewt> ok, so i can get to the point where i can ping the remote router / openvpn server by name (dns working?), but can't access the network beyond that.
23:57 <+hyper_ch> split tunnel option?
23:57 < jnewt> ?
23:58 <+hyper_ch> jnewt: ip forwarding and masquerading enabled on the server?
23:59 < jnewt> don't know.  i'll look for either of those terms in the router setup.
--- Day changed Wed Aug 19 2015
00:02 -!- ShadniX [dagger@p5DDFCD3C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:03 -!- ShadniX [dagger@p5481DC2E.dip0.t-ipconnect.de] has joined #openvpn
00:15 < jnewt> i can't find anything about that.  also, i just noticed that my auto-generated config and certs says tun , but my adapter says tap.
00:17 < jnewt> config second line says: dev tun, but connection log shows: TAP-WIN32 device [Ethernet 2] opened
00:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:33 -!- mode/#openvpn [+o mattock1] by ChanServ
00:43 < jnewt> got it working, just needed to switch over to tap from tun and everything started working!
00:47 -!- jnewt [~jnewt@2602:306:37fe:8330:cc03:80da:ca52:6b28] has quit [Quit: Leaving]
00:54 <+hyper_ch> !tunortap
00:54 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
00:54 <@vpnHelper> rooted/jailbroken) support only tun
01:15 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
01:15 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
01:29 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
01:29 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
01:29 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
01:30 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
01:31 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:35 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
01:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:49 -!- wowaname is now known as j4jackj
01:54 -!- j4jackj is now known as wowaname
02:03 -!- dimm0k [~dimm0k@unaffiliated/dimm0k] has quit [Ping timeout: 244 seconds]
02:11 -!- apollo2k is now known as aPollO2k
02:20 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Read error: Connection reset by peer]
02:33 -!- juboba [~juboba@185.11.116.66] has joined #openvpn
02:33 < juboba> hey, I'm trying to connect to a VPN, with no success. No errors are shown, but a new device is not 'created'
02:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
02:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:35 -!- mode/#openvpn [+o mattock1] by ChanServ
02:42 < juboba> any ideas on how to check this out?
02:42 < juboba> it works (same config) in my Slackware machine, but not in my Ubuntu live session
02:53 -!- shio [shio@43.188.103.84.rev.sfr.net] has joined #openvpn
02:58 < juboba> Wed Aug 19 09:51:48 2015 us=616010 Need hold release from management interface, waiting...
02:58 < juboba> it's stuck there
02:58 < juboba> this happens in both
02:58 < juboba> I have a new interface but no IPv4 address in Slackware
03:02 -!- Neytiri [~The_Acid_@2001:470:860d:127::219] has joined #openvpn
03:03 < Neytiri> does anyone have any advice on where to find a good example/starting place for a server config file that will allow multiple clients to connect and communicate over a vpn
03:09 < juboba> Neytiri: don't you have the one in /etc?
03:10 < Neytiri>  nope
03:10 < Neytiri> fresh install
03:10 < Neytiri> i have done point to point but never a setup like this
03:14 < juboba> Neytiri: what OS is this?
03:15 < Neytiri> debian 8
03:16 < Neytiri> clinets are gonna be majoritally windows
03:17 < juboba> Neytiri: you should have a config packaged with openvpn
03:17 < juboba> let me check mine (I'm not using it currently, so it will be clean)
03:18 < juboba> mine is in /etc/openvpn/openvpn.conf.sample
03:22 < Neytiri> when did things become so complicated
03:33 -!- ayaka [~ayaka@110.80.164.12] has quit [Ping timeout: 246 seconds]
03:36 -!- wowaname is now known as ^[op]^
03:40 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
03:44 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:55 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
04:11 -!- ^[op]^ is now known as wowaname
04:12 -!- dazo_afk is now known as dazo
04:13 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
04:20 < Neytiri> i am getting a error with ./build-ca     140432793335440:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 198
04:20 < Neytiri> debain 8 x64
04:21 -!- GLaDER [~GLaDER@gladernet.csbnet.se] has left #openvpn ["WeeChat 1.2"]
04:21 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bkbnrbkcfjfmfgra] has quit [Quit: Connection closed for inactivity]
04:32 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-qrzkvnxbjorkgxps] has joined #openvpn
04:40 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 245 seconds]
04:45 -!- Donillo [~irssi@ppp91-109-135-30.tis-dialog.ru] has joined #openvpn
04:45 < Donillo> !ovpnuke
04:45 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
04:46 < Donillo> !welcome
04:46 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:46 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:47 < Donillo> !goal
04:47 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
04:48 < Donillo> Hello. I would like to find way to reliably automatically start and keep running OpenVPN under Windows 7 and Windows 8. 'OpenVPN Service' is not reliable enough. What options I have?
04:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
05:06 -!- deg2 [Deg@gateway/shell/panicbnc/x-xvykreekyjjxbugr] has quit [Ping timeout: 244 seconds]
05:06 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 246 seconds]
05:09 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
05:09 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
05:09 -!- mode/#openvpn [+o krzee] by ChanServ
05:09 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 246 seconds]
05:11 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
05:11 -!- dan_j [sid21651@gateway/web/irccloud.com/x-pxfngwlhkfpfhjrc] has quit [Ping timeout: 246 seconds]
05:13 -!- dan_j [sid21651@gateway/web/irccloud.com/x-lcqzahhtgoqqlnrw] has joined #openvpn
05:18 -!- Neytiri [~The_Acid_@2001:470:860d:127::219] has quit [Ping timeout: 246 seconds]
05:36 -!- juboba [~juboba@185.11.116.66] has quit [Ping timeout: 260 seconds]
06:00 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
06:16 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
06:21 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
06:22 < Donillo> Hello. I would like to find way to reliably automatically start and keep running OpenVPN under Windows 7 and Windows 8. 'OpenVPN Service' is not reliable enough. What options I have?
06:23 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 240 seconds]
06:24 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
06:27 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
06:37 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
06:37 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:41 -!- mi100hael [~michael@unaffiliated/mi100hael] has quit [Read error: Connection reset by peer]
06:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
06:50 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
06:57 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
07:12 -!- cannesahs [~jjmaline@kekkonen.niksula.hut.fi] has joined #openvpn
07:14 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has joined #openvpn
07:15 -!- aPollO2k is now known as apollo2k
07:18 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
07:23 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has quit [Ping timeout: 272 seconds]
07:26 < cannesahs> I'm trying to limit client's outgoing bandwith with shaper option. It seems to work okeyish with value of 100'000, but if I raise it to 200'000 it doesn't limit at all anymore, jumps to full bandwith 10Mbps. Should it work?
07:29 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has joined #openvpn
07:33 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:33 < cannesahs> Hmm, it works with tcp tunnel, but bugs with udp.
07:36 -!- bchlr [~irc@giskard.bchlr.de] has quit [Quit: leaving]
07:43 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has quit [Ping timeout: 272 seconds]
07:43 -!- showaz [~showaz@unaffiliated/showaz] has quit []
07:46 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:06 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
08:14 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
08:18 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:18 -!- Buff|Away is now known as Buffman
08:23 -!- Buffman is now known as Buff|Away
08:24 -!- Buff|Away is now known as Buffman
08:27 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
08:29 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 256 seconds]
08:33 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:46 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
09:06 -!- Buffman is now known as Buff|Away
09:12 -!- septopus [~septopus@2604:a880:800:10::98:9001] has joined #openvpn
09:14 -!- Donillo [~irssi@ppp91-109-135-30.tis-dialog.ru] has left #openvpn ["Why this channel even exists? Anyway, thanks for great software!"]
10:13 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Ping timeout: 256 seconds]
10:14 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 250 seconds]
10:22 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:28 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
10:29 -!- lmaoayy [~lmaoayy@85.159.237.72] has joined #openvpn
10:30 < lmaoayy> Hello, I have a noobish question. I have the next interfaces: eth0 eth1 and tun0. The eth0 connects to a vpn, and by doing that it uses tun0. eth1 "is" running a dhcpd server to forward traffic for client in a lan network.
10:30 < lmaoayy> How can I achive this?
10:32 < DArqueBishop> lmaoayy, your question isn't very clear. Are you saying you want the LAN connected to eth1 on the OpenVPN server available to the clients connecting to the VPN via tun0?
10:34 < lmaoayy> DArqueBishop: Thanks for answer. I want to forward the VPN traffic from tun0 (the openvpn is connecting via eth0) forwarded to eth1, so the LAN clients can connect
10:35 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 250 seconds]
10:35 < lmaoayy> eth0--> openvpn
10:36 < lmaoayy> openvpn ---> eth0
10:36 < lmaoayy> now forwad that to eth1
10:42 < lmaoayy> hello?
10:43 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
10:44 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:46 < DArqueBishop> lmaoayy, if the server is the gateway for your network, I'd imagine you just set iptables (if it's Linux) where NAT traffic goes out through tun0 instead of eth0.
10:47 < lmaoayy> DArqueBishop: I don't know how...
10:47 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
10:55 -!- toli [~toli@ip-62-235-197-114.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
10:58 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
10:59 -!- toli [~toli@ip-62-235-197-114.dsl.scarlet.be] has joined #openvpn
11:05 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
11:19 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
11:41 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-qrzkvnxbjorkgxps] has quit [Quit: Connection closed for inactivity]
12:02 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 255 seconds]
12:13 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
12:17 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
12:18 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
12:20 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
12:20 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:24 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:25 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
12:33 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
12:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
12:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:34 -!- mode/#openvpn [+o mattock1] by ChanServ
12:46 -!- sleepster [6cb90c94@gateway/web/freenode/ip.108.185.12.148] has joined #openvpn
12:46 < sleepster> is anyone here familiar with the licensing of openvpn?
12:47 < sleepster> I thought openvpn was GPL but I notice quite a bit of android apps that use openvpn
12:47 < sleepster> but are not opensourcing their code
12:48 < sleepster> just wondering how they are getting around it
12:49 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:50 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
12:59 -!- master_of_master [~master_of@p4FD7BCFC.dip0.t-ipconnect.de] has joined #openvpn
13:01 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 252 seconds]
13:02 -!- master_o1_master [~master_of@p4FF24010.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
13:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:12 -!- sleepster [6cb90c94@gateway/web/freenode/ip.108.185.12.148] has quit [Quit: Page closed]
13:15 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
13:41 -!- catalase [~catalase@unaffiliated/catalase] has joined #openvpn
13:41 < catalase> hello, i have run: openssl dhparam -out /etc/openvpn/dh2048.pem 2048 on ubuntu server 14.04.3 lts with older hardware
13:41 < catalase> how long will this take to complete
13:41 < catalase> it has been roughly 10 minutes lol
13:42 <+esde> we cant tell you specifically
13:42 <+esde> it depends on the resources being used and amount of entropy available
13:46 < catalase> ./build-ca returns a request to edit the vars script to reflect the configuration
13:46 < catalase> but it seems correct
13:46 <+esde> that's not very helpful
13:46 <+esde> please provide exact errors or warnings
13:47 < catalase> http://pastebin.com/YCPZERm7
13:47 <+esde> thank you
13:47 <+esde> you could create without editing the file
13:47 < catalase> how can i do that
13:47 <+esde> however, it's a good idea to modify the file to reflect your organizational information, increase key size, etc
13:48 <+esde> open the file with a text editor
13:48 < catalase> the organizational information is correct
13:48 < catalase> and key size desired is also specified
13:48 <+esde> great
13:48 <+esde> then you've done what you need to.
13:49 < catalase> right, but now i need to generate the certificates
13:49 <+esde> and what's the problem?
13:49 < catalase> i have navigated to the /etc/openvpn/easy-rsa directory, specified the source (current working directory)
13:49 < catalase> it will not build the certs
13:50 <+esde> it won't build certs, or it won't build them quickly enough for you to wait for?
13:50 < catalase> it will not build the certificates, i will show you
13:50 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
13:51 <+esde> that would be great
13:51 < catalase> catalase@SERVER2:/etc/openvpn/easy-rsa$ sudo rm -rf on /etc/openvpn/easy-rsa/keys
13:51 < catalase> catalase@SERVER2:/etc/openvpn/easy-rsa$ ./build-ca
13:51 < catalase>   Please edit the vars script to reflect your configuration,
13:51 < catalase>   then source it with "source ./vars".
13:51 < catalase>   Next, to start with a fresh PKI configuration and to delete any
13:51 -!- catalase [~catalase@unaffiliated/catalase] has quit [Excess Flood]
13:51 <+esde> !pastebin
13:51 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
13:52 -!- catalase [~catalase@unaffiliated/catalase] has joined #openvpn
13:52 <+esde> even though that was exactly five lines, any more than that should be pastebin'd
13:52 < catalase> oh that was unfortunate
13:52 < catalase> i meant to send it into pastebin
13:52 < catalase> http://pastebin.com/uvVpyhbf
13:52 < catalase> i do apologize
13:52 <+esde> shere did you souce vars?
13:52 <+esde> *source
13:52 <+esde> *where
13:52 <+esde> oic now
13:53 <+esde> permissions
13:53 <+esde> fix them
13:53 <+esde> line 47& 49
13:53 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
13:53 < catalase> what should they be
13:53 <+esde> something that a non-root user can read/access/modify
13:54 <+esde> specifically, the user you're using to perform the commands
13:54 <+esde> the executable scripts are executing, but they lack permission to make the changes they need to in ../easy-rsa/
13:55 < catalase> i set 755 -R to /etc/openvpn/easy-rsa and i still get the same result
13:56 < catalase> "please edit the vars script, etc"
13:56 <+esde> you will
13:56 <+esde> until you source vars
13:57 < catalase> well i have navigated to the directory and run . ./vars
13:57 < catalase> that should work correct?
13:57 <+esde> no
13:57 <+esde> source vars
13:57 <+esde> that's literally the command to run
13:57 < catalase> ok
13:57 < catalase> catalase@SERVER2:/etc/openvpn/easy-rsa$ ./clean-all ---> mkdir: cannot create directory ‘/etc/openvpn/easy-rsa/keys’: Permission denied
13:58 < catalase> even after the permission change
13:58 <+esde> who is the owner of ../easy-rsa/?
13:58 < catalase> me
13:58 <+esde> are you certain?
13:59 < catalase> ok you are correct
13:59 < catalase> i have generated the certificates now, thank you
13:59 <+esde> np
14:01 < catalase> with server key generation, "unable to write 'random state'" is this going to cause issues
14:02 <+esde> sudo rm ~/.rnd
14:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
14:03 < catalase> "failed to update database TXT_DB error number 2" after re-running the server certificate generation
14:04 < catalase> i suppose i need to revoke the certificate by its index number
14:04 < catalase> and then regenerate
14:04 <+esde> yup
14:05 <+esde> also this https://community.openvpn.net/openvpn/ticket/229
14:05 <@vpnHelper> Title: #229 (easy-rsa: failed to update database > TXT_DB error number 2) – OpenVPN Community (at community.openvpn.net)
14:05 <+esde> "easy-rsa 2.x is effectively unmaintained -> closing as "wontfix". Please use easy-rsa 3.x instead:"
14:05 <+esde> though that's windows
14:06 <+esde> also this http://blog.kenyap.com.au/2012/07/txtdb-error-number-2-when-generating.html
14:07 <@vpnHelper> Title: Greenpossum today: TXT_DB error number 2 when generating openvpn client certificates (at blog.kenyap.com.au)
14:07 <+esde> could be you're using the same common name and using a unique common name may also resolve the issue
14:10 < catalase> yes
14:30 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Ping timeout: 272 seconds]
14:38 < catalase> esde still there?
14:39 <+esde> whats up
14:40 < catalase> which ports need to be forwarded if the vpn box is behind a router?
14:40 < catalase> 1194?
14:40 < catalase> to tcp right?
14:40 <+esde> if it's configured to 1194, and is using tcp, then yes
14:41 <+esde> but it could be whatever port you chose, and udp or tcp
14:42 < catalase> still with me?
14:43 < catalase> it looks like it connected
14:43 <+esde> did you not see my messages above?
14:43 < catalase> Wed Aug 19 15:42:15 2015 MANAGEMENT: >STATE:1440013335,CONNECTED,SUCCESS,
14:44 < catalase> not sure if i am still connected or not
14:45 < catalase> it looks like i have lost internet on my client device, but it works nicely on the lan
14:45 <+esde> assuming you have status set to log in your server config, sudo tail /etc/openvpn/openvpn-status.log
14:46 <+esde> -f for realtime
14:46 < catalase> it does show a client
14:46 <+esde> then it's connected
14:46 <+esde> !forward
14:46 < catalase> i can't quite connect to the internet from my device however
14:47 <+esde> !ipforward
14:47 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
14:47 <+esde> !linipforward
14:47 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
14:48 < catalase> with the temp solution it shows permission denied
14:48 <+esde> !101
14:48 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
14:48 < catalase> ok
14:49 < catalase> well i do appreciate your help on this
14:49 < catalase> thank you
14:49 <+esde> you need to run that command as root
14:49 <+esde> or use sudo
14:49 < catalase> indeed, i have tried sudo echo <parameters here>
14:50 <+esde> and?
14:50 < catalase> result is still permission denied
14:50 <+esde> pastebin pls
14:50 < catalase> http://pastebin.com/Fd8Fjbnx
14:51 -!- wilburrr [6c3dc172@gateway/web/freenode/ip.108.61.193.114] has joined #openvpn
14:51 <+esde> sudo sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf
14:52 < wilburrr> any idea why i need to do "ip route del 0.0.0.0/1" to get my vpn client working? it still tunnels everything through the vpn after i do that
14:52 <+esde> ten sudo sysctl -w net.ipv4.ip_forward=1
14:52 <+esde> *then
14:52 < wilburrr> if i dont delete the route all my traffic goes nowhere
14:52 <+esde> !welcome
14:52 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
14:52 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:52 <+esde> wilburrr ^
14:52 < catalase> esde, thank you very much it worked
14:52 <+esde> np
14:52 < catalase> esde, do you take donations
14:53 <+esde> pm?
14:53 < wilburrr> !redirect
14:53 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
14:53 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
14:56 < wilburrr> !pushdns
14:56 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
14:56 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
15:02 < wilburrr> esde: thx for the help but my issue is when i add the redirect-gateway option it is adding a bad route and i have to delete it manually on the client vpn for it to work
15:03 <+esde> that's really odd. provide some logs and someone better with routing can assist as possible
15:09 -!- wilburrr [6c3dc172@gateway/web/freenode/ip.108.61.193.114] has quit [Ping timeout: 246 seconds]
15:10 <+esde> Or quit
15:14 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
15:18 -!- dazo is now known as dazo_afk
15:24 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Remote host closed the connection]
15:28 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
15:37 -!- jbyte [jbyte@gateway/shell/blinkenshell.org/x-xdfpfmjdrbpkrflj] has joined #openvpn
15:46 < catalase> sudo sysctl -w net.ipv4.ip_forward=1
15:49 -!- Arrakeen [~arrakeen@vh0st.tk] has joined #openvpn
15:50 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 240 seconds]
15:56 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
16:03 -!- hennes [~midas8@167.160.44.237] has joined #openvpn
16:12 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:17 < catalase> esde do you know if enabling ipv4 disables the lan routing as well?
16:18 < catalase> i should still be able to see my devices on the network even though ipforward was enabled
16:19 < catalase> but instead, i see devices on the network at the office network
16:23 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has joined #openvpn
16:25 < dyce> i am trying to play a game over lan via vpn, windows can see the linux host but if windows host, linux cannot see the windows host, any ideas? does it have to do with metric priority on the linux box?
16:27 < cannesahs> Could anyone confirm that shaper is not working properly at windows client with over 200000 values? Atleast udp seems to broken for me.
16:44 <+esde> catalase no
16:58 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
17:05 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
17:24 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:43 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has joined #openvpn
17:51 -!- Buff|Away is now known as Buffman
18:14 -!- Buffman is now known as Buff|Away
18:15 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 265 seconds]
18:20 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has quit [Quit: Leaving]
18:24 -!- fabio [~fabio@94.60.163.3] has joined #openvpn
18:24 < fabio> Hi guys!
18:24 < mumixam> hello
18:25 < fabio> Can i download a certificate from server if not exists? I mean i want to start openvpn and if a certificate doesn't exists, make openvpn connect to the server and grab one certificate
18:25 < fabio> im doing it right now by a custom bash script that tests if the certificate exists on the openvpn directory
18:55 -!- lmaoayy [~lmaoayy@85.159.237.72] has left #openvpn []
19:09 -!- fabio [~fabio@94.60.163.3] has quit [Remote host closed the connection]
20:46 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Read error: Connection reset by peer]
20:47 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
20:50 -!- Buff|Away is now known as Buffman
20:55 -!- Buffman is now known as Buff|Away
21:07 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Remote host closed the connection]
21:07 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has quit [Ping timeout: 246 seconds]
21:22 -!- hennes [~midas8@167.160.44.237] has quit [Quit: Leaving]
21:38 -!- catalase [~catalase@unaffiliated/catalase] has quit [Read error: Connection reset by peer]
21:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
21:52 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
22:09 -!- Buff|Away is now known as Buffman
22:11 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:14 -!- Buffman is now known as Buff|Away
22:16 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:21 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
22:29 -!- Buff|Away is now known as Buffman
22:48 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
22:57 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:04 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
23:12 -!- Buffman is now known as Buff|Away
23:18 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
23:21 -!- Buff|Away is now known as Buffman
23:46 -!- Buffman is now known as Buff|Away
23:49 -!- Buff|Away is now known as Buffman
23:52 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:54 -!- djiboutiii [~djiboutii@c-67-171-9-140.hsd1.wa.comcast.net] has joined #openvpn
23:56 -!- Buffman is now known as Buff|Away
--- Day changed Thu Aug 20 2015
00:01 -!- ShadniX [dagger@p5481DC2E.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:01 -!- ShadniX [dagger@p579418F8.dip0.t-ipconnect.de] has joined #openvpn
00:22 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:27 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:46 -!- mode/#openvpn [+o mattock1] by ChanServ
01:03 -!- djiboutiii [~djiboutii@c-67-171-9-140.hsd1.wa.comcast.net] has quit [Quit: Leaving]
01:20 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
01:31 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 250 seconds]
01:40 -!- themayor [~themayor@unaffiliated/themayor] has quit [Quit: ZNC - http://znc.in]
01:50 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 265 seconds]
02:07 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-djyxtsigqhhoswqb] has joined #openvpn
02:10 -!- hojgaard [~hojgaard@78.156.117.236] has joined #openvpn
02:15 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
02:16 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:24 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
02:34 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 272 seconds]
02:36 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:37 -!- OG_s7eele [~AndChat52@2600:100d:b111:fb44:4f38:886c:1db5:12c9] has joined #openvpn
02:39 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 245 seconds]
02:44 -!- OG_s7eele [~AndChat52@2600:100d:b111:fb44:4f38:886c:1db5:12c9] has quit [Quit: Bye]
02:46 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
02:55 -!- shio [shio@43.188.103.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
03:03 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has joined #openvpn
03:08 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Remote host closed the connection]
03:12 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
03:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:43 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
03:51 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
04:28 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 240 seconds]
04:51 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
04:55 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 246 seconds]
04:58 -!- dazo_afk is now known as dazo
05:01 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
05:07 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
05:16 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
05:21 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
05:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:42 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
05:52 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:00 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 260 seconds]
06:27 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
06:28 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
07:12 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 250 seconds]
07:19 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
07:57 -!- moviuro_ [~tbe@mail2.xs-polesecurite.fr] has joined #openvpn
07:57 < moviuro_> !tunortap
07:57 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
07:57 <@vpnHelper> rooted/jailbroken) support only tun
07:57 -!- moviuro_ [~tbe@mail2.xs-polesecurite.fr] has left #openvpn []
08:01 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-djyxtsigqhhoswqb] has quit [Quit: Connection closed for inactivity]
08:07 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
08:30 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
09:03 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 244 seconds]
09:10 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
09:14 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:19 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:42 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
09:58 -!- hennos [~midas8@167.160.44.246] has joined #openvpn
11:06 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:13 -!- catalase [~catalase@unaffiliated/catalase] has joined #openvpn
11:13 < catalase> hi esde
11:14 < catalase> i am connected to the vpn, with ipforward set to 1, however, the ip address remains the same
11:14 < catalase> not sure why it has changed since i have not touched it when it was working yesterday
11:18 < catalase> turns out that i was not running it with elevated priveleges
11:18 < catalase> that fixed the issue
11:21 -!- Buff|Away is now known as Buffman
11:32 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
11:32 -!- mode/#openvpn [+v hyper_ch] by ChanServ
11:33 <+hyper_ch> Hi there, I have a strange issue with Win10 in a VM that I setup for testing purposes. For some reason the def1 doesn't seem to work properly. The routes are being added from what I can see from the routing table but not all traffic is routed through the vpn
11:40 -!- Joe_CoT [~joe@pdpc/supporter/professional/joecot] has joined #openvpn
11:40 < Joe_CoT> !configs
11:41 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:43 -!- sieve [~Adium@ip5f5aefa4.dynamic.kabel-deutschland.de] has joined #openvpn
11:44 < sieve> Hi, my openvpn installation does not seem to be pushing routes to the clients
11:44 < sieve> push "route 10.101.10.0 255.255.255.0"
11:44 < sieve> is not working
11:45 < sieve> When I add the route manually on the client then its working ok
11:45 < sieve> I can ping the openvpn networks fine
11:49 < sieve> When I add the route "route add 10.141.10.0/24 10.8.0.6"
11:49 < sieve> it works
11:50 < sieve> I am on OSX
11:53 -!- OG_s7eele [~AndChat52@2600:100d:b10c:828a:de62:20ac:b2fb:fe94] has joined #openvpn
11:56 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 244 seconds]
11:58 -!- u0m3 [~u0m3@92.80.98.39] has joined #openvpn
12:00 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
12:01 -!- OG_s7eele [~AndChat52@2600:100d:b10c:828a:de62:20ac:b2fb:fe94] has quit [Quit: Bye]
12:02 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
12:02 < sieve> Hmm, it seems to work if I add the routes to the client config :(
12:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:14 -!- sieve [~Adium@ip5f5aefa4.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
12:22 -!- Buffman is now known as Buff|Away
12:29 -!- Buff|Away is now known as Buffman
12:42 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 250 seconds]
12:48 <+esde> glad you got it sorted! :)
12:52 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Quit: /quit]
12:57 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
12:57 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
12:58 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
12:59 -!- master_o1_master [~master_of@p4FD7BBBD.dip0.t-ipconnect.de] has joined #openvpn
13:02 -!- master_of_master [~master_of@p4FD7BCFC.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
13:14 -!- fryguy [~fryguy@bryanalves-1-pt.tunnel.tserv4.nyc4.ipv6.he.net] has left #openvpn []
13:37 -!- septopus [~septopus@2604:a880:800:10::98:9001] has quit [Ping timeout: 246 seconds]
14:02 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
14:03 < Cultist> Hi, on a Fedora client machine, when I connect to my openvpn server I do it from command line, with openvpn file.ovpn
14:04 < Cultist> it works fine, but when I terminate the connection, I can't reconnect without first logging out or rebooting and then logging in again
14:04 < Cultist> I wondered if there was some command to clear any vpn settings that might carry over or something that prevent me from reconnecting.
14:08 <@dazo> Cultist: try adding --explicit-exit-notify to your client config
14:09 < Cultist> I'll do that
14:09 < Cultist> also, is there a cleaner way to terminate the connection than just ctrl+z?
14:09 < Cultist> I feel like that contributes somehow
14:09 <+esde> ctrl+c?
14:09 < Cultist> er, c, yeah
14:09 <@dazo> Cultist: this could also happen occasionally on some older openvpn servers ... so upgrading the server to the latest 2.3 is also a good idea (client also, for that matter)
14:10 <+esde> or use management to close the connection?
14:10 < Cultist> management?
14:10 <+esde> https://openvpn.net/index.php/open-source/documentation/miscellaneous/79-management-interface.html
14:10 <@vpnHelper> Title: Management Interface (at openvpn.net)
14:10 <@dazo> Cultist: openvpn responds properly to SIGTERM and SIGINT (ctrl-c)
14:10 <@dazo> Cultist: which fedora release are you on?
14:11 < Cultist> 22
14:11 <@dazo> Cultist: you could also use systemd to manage your openvpn connection ... there are some fairly updated unit files in the git repo too, which makes this really slick
14:12 < Cultist> That's beyond what I'd be comfortable with
14:12 <@dazo> it is really easy ... just a sec
14:13 <@dazo> Cultist: http://fpaste.org/257306/97970144/raw/ ... copy that into to /etc/systemd/system/openvpn-client@.service    (yes, with the @)
14:13 <+esde> dazo++
14:14 <@dazo> Cultist: run 'systemctl daemon-reload' .... now create /etc/openvpn/client ... and put your client configs here
14:14 <@dazo> Cultist: to start a connection:  systemctl start openvpn-client@CONFIG-NAME
14:14 <@dazo> so if your config name is 'tun0.conf' .... it will be:  systemctl start openvpn-client@tun0
14:15 <@dazo> Cultist: to stop it, you use 'systemctl stop' instead of 'systemctl start' .... and you can use 'systemctl status' to see the situation for this particular connection
14:15 <@dazo> Cultist: and log files are easy to extract ... journalctl -b -u openvpn-client@tun0
14:16 <@dazo> (the -b option will only list log files for this connection since the last time you booted)
14:16 < Cultist> I'll give it a shot
14:16 < Cultist> looks like it would be easy enough to reverse if I messed something up
14:16 <@dazo> Absolutely!
14:17 <@dazo> Cultist: there are many systemd haters in the world ... but most of them hate it because they haven't been willing to see all the good things systemd actually do bring to a system
14:17 <@dazo> you need to learn new tricks ... but once you've done that, you most likely won't like to go back
14:20 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 244 seconds]
14:20 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
14:21 < Cultist> personally I've had a lot of trouble getting openvpn to work in linux at all. My current setup, which is just me using an ovpn config file and connecting in a terminal, isn't exactly what I'd want, but I've felt like it was best to leave well enough alone
14:22 <+esde> working with command line is the preferred method (when compared with Network Mangler, for instance)
14:23 <+esde> what dazo's attempting to introduce you to would simplify what you're already doing and improve it's reliability, i'd imagine
14:23 <@dazo> +1
14:27 < Cultist> reviewing your directions above, the .conf file you refer to would be my .ovpn file, correct? Or some other .conf?
14:27 <+esde> can be .ovpn or .conf iirc, so long as you call it by it's absolute name
14:27 <+esde> (i.e. - with the file extension)
14:27 < Cultist> to be clear, I'm just using my router's built-in openvpn server function and the config it generates for me. I've never been able to successfully work with openvpn on my home server
14:27 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 244 seconds]
14:27 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
14:28 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 244 seconds]
14:28 < Cultist> Okay, going to try this now and see if it works.
14:28 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 244 seconds]
14:28 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 244 seconds]
14:28 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 244 seconds]
14:28 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 244 seconds]
14:28 -!- Visual` [~visualsta@unaffiliated/visualstation] has quit [Ping timeout: 244 seconds]
14:28 -!- Farshid [Farshid@gateway/shell/elitebnc/x-duvaojdskjosmjkw] has quit [Ping timeout: 244 seconds]
14:28 <+esde> weeee
14:29  * Bl4ckD34Th Good morning dear friends
14:29 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 244 seconds]
14:30 -!- Visual` [~visualsta@unaffiliated/visualstation] has joined #openvpn
14:30 < sklv> hi, I'm trying to configure a client and server with certs signed by an intermediate ca, and I'm stuck
14:30  * Bl4ckD34Th Good morning dear friends
14:30 < sklv> I've summarised my setup in this pastie http://pastie.org/private/vrf3tksati337vulgbia
14:31 <+esde> !howto
14:31 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
14:31 < sklv> so as to not spam the channel, could someone have a look please,
14:31 <+esde> refer to the bit about configuring pki
14:32 < sklv> I followed https://community.openvpn.net/openvpn/wiki/Using_Certificate_Chains
14:32 <@vpnHelper> Title: Using_Certificate_Chains – OpenVPN Community (at community.openvpn.net)
14:32 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
14:32 -!- mode/#openvpn [+o krzee] by ChanServ
14:32 <+esde> oooh you paid for the sertc
14:32 <+esde> *certs
14:32 < sklv> no
14:32 < sklv> i made my own ca
14:33 < Cultist> this is kinda weird.
14:33 < Cultist> I exited openvpn and yet I still appear to be here.
14:34 <+esde> exited openvpn?
14:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
14:34 <+esde> what command was used?
14:34 -!- Joe_CoT [~joe@pdpc/supporter/professional/joecot] has quit [Quit: Leaving]
14:34 < Cultist> ctrl+c
14:34 <+esde> the idea of configuring a system service was to negate the ctrl+c exit method
14:34 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
14:34 -!- mode/#openvpn [+o dazo_afk] by ChanServ
14:34 < sklv> basically what I don't get is that the page i linked above clearly states 'Imporant notice: All certificates which are signed by any of the CA certificates found in the 'stacked.crt' file are considered valid. Thus, be very careful when adding CA certificates to a stacked certificate.'
14:34 < Cultist> I terminated it in order to try out the systemctl command
14:35 < Cultist> which failed, but I'm still connected. Which may be why it failed.
14:35 < sklv> and my server cert is very clearly signed by my client's CA file
14:35 -!- dazo_afk is now known as dazo
14:35 <+esde> OK
14:35 <+esde> ps ax | grep openvpn
14:35 <+esde> get the pid and kill the process, it's not pretty, but it should work
14:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:36 -!- mode/#openvpn [+o mattock1] by ChanServ
14:37 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
14:38 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
14:39 < Cultist> meh, it isn't liking that change
14:40 < Cultist> but on the other hand, I think that resolved the reconnection issue I came in here in the first place for
14:40 <+esde> :D
14:40 < Cultist> there were like 10 openvpn processes running. Was able to kill most of them
14:41 < Cultist> that was what was blocking me from reconnecting I think.
14:41 < Cultist> at least, by killing them I was able to connect again without logging out
14:42 < Cultist> the systemctl thing I'll have to play with some more. It didn't like my file
14:42 <+esde> care to share it with us?
14:42 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
14:42 <+esde> !paste
14:42 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
14:42 <+esde> !config
14:42 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
14:42 <+esde> !configs
14:42 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:43 <+esde> that grep command will clean it up for you
14:45 < Cultist> http://pastebin.com/spR3CdJE
14:45 < Cultist> pretty basic config file I think.
14:48 < Cultist> it's not something I'm *particularly* concerned about though, don't go to any trouble over this
14:48 < Cultist> my reconnection issue is fixed and that's the thing I was mostly concerned about
14:51 <+esde> try renaming it to foo.conf and see if that does the trick
14:51 < Cultist> I did
14:51 <+esde> ah
14:51 < Cultist> foo.conf, foo.ovpn, and just foo
14:51 < Cultist> with no change
14:51 <+esde> ah :\
14:52 <+esde> I'm glad the initial issue is resolved, does ctrl+c work to disconnect, and can you subsequently reconnect?
14:53 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
14:57 < Cultist> yeah I don't even know what's going on. It did once, then it didn't
14:57 < Cultist> and now I'm connected and I don't even have any open terminals
14:58 <+esde> if i were you, i'd kill openvpn manually, go grab a drink and snack, and come back with a fresh head :)
14:58 < Cultist> heh, yeah that might be a plan
14:59 < Cultist> I suppose it's okay to lurk around here?
14:59 < Cultist> (I use znc for all my IRC, so I tend to idle in channels that I use)
15:00 <+esde> yes
15:03 -!- supergauntlet is now known as Misabr||AFK
15:04 -!- Misabr||AFK is now known as supergauntlet
15:04 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 246 seconds]
15:07 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 246 seconds]
15:07 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 246 seconds]
15:08 -!- jesopo [jess@lolnerd.net] has joined #openvpn
15:09 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
15:09 -!- mode/#openvpn [+o krzee] by ChanServ
15:09 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
15:34 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:39 <@krzee> Cultist, we do the same ;]
15:40 -!- Farshid [Farshid@gateway/shell/elitebnc/x-aygoqmvxagzniwcf] has joined #openvpn
15:45 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
15:50 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 246 seconds]
16:06 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:17 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Excess Flood]
16:18 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
16:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
16:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
16:37 -!- mode/#openvpn [+o mattock1] by ChanServ
17:00 <@krzee> !openwrt
17:00 <@vpnHelper> "openwrt" is In OpenWRT, the easiest way to supply configs with the stock init is to use the `option config /path/to/your/openvpn.conf` in your UCI stanza. This allows you to maintain a standard config file that OpenWRT can launch for you.
17:08 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 245 seconds]
17:08 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
17:29 -!- bluepill [~redpill@unaffiliated/redpill] has joined #openvpn
17:31 -!- nrgdrnk [~nrgdrnk@bolt.sonic.net] has joined #openvpn
17:32 -!- nrgdrnk [~nrgdrnk@bolt.sonic.net] has quit [Client Quit]
18:06 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:08 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
18:18  * esde passes the bong to krzee 
18:26 -!- Sevalecan [~sevalecan@allegro/user/Sevalecan] has quit [K-Lined]
18:31 -!- bluepill [~redpill@unaffiliated/redpill] has quit [Quit: bluepill]
18:57 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 255 seconds]
19:12 -!- satdav [uid15780@firefox/community/satdav] has quit []
19:16 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
19:30 -!- lfx [~lfx@self-aware.evilmachines.net] has quit [Ping timeout: 264 seconds]
19:34 -!- coded-dude [~smuxi@ip72-198-13-26.ok.ok.cox.net] has joined #openvpn
19:35 < coded-dude> having trouble registering an account on the community forums....
19:36 < coded-dude> HTTP Status 500 - 5053 ERROR_PWM_UNAVAILABLE (unable to initialize pwm due to configuration related error: access denied ("java.io.FilePermission" "/var/lib/tomcat6/staging/pwm.war.d/WEB-INF/logs/PWM.log.50" "delete"))
19:37 < coded-dude> that is the error i get when I click register.  any !staff here?
19:39 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Ping timeout: 264 seconds]
19:40 < coded-dude> anybody in here?
19:51 < coded-dude> !hours
19:55 -!- coded-dude [~smuxi@ip72-198-13-26.ok.ok.cox.net] has quit [Remote host closed the connection]
20:03 -!- IamError [~tom@unaffiliated/iamerror] has quit [Quit: Bye!]
20:04 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
20:05 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]
20:06 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
20:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:10 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
20:35 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
20:45 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
20:48 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
20:50 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
20:54 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
20:54 -!- cumswaplollypop [~cumswaplo@2600:1011:b05e:f3c7:6aa3:c4ff:fe8c:add8] has joined #openvpn
20:55 < cumswaplollypop> hi everyone
20:55 < cumswaplollypop> hey so dnstestleak says im leaking...my VPN provider says i should use their DNS servers
20:56 < cumswaplollypop> but I cant use their DNS till I connect my VPN right? No internet and cant connect with openvpn if i use their DNS server
20:56 <+esde> !stones
20:56 <+esde> !stone
20:58 <+esde> !rocks
20:58 <@vpnHelper> "rocks" is Nobody around but us rocks! Please go ahead and ask your question, and be patient - somebody helpful will eventually perk up.
20:58 < cumswaplollypop> heh
20:59 < cumswaplollypop> come back in 30 then
20:59 -!- cumswaplollypop [~cumswaplo@2600:1011:b05e:f3c7:6aa3:c4ff:fe8c:add8] has quit [Quit: Leaving for IRL funsociety]
21:03 -!- IamError [~tom@unaffiliated/iamerror] has quit [Quit: Bye!]
21:04 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
21:04 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
21:05 -!- Gwoplock [~quassel@104.56.172.189] has quit [Read error: Connection reset by peer]
21:07 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
21:19 -!- pdtodd [~qperfect@72.10.28.146] has joined #openvpn
21:22 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
21:27 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
21:32 -!- cumswaplollypop [~cumswaplo@70.32.34.122] has joined #openvpn
21:40 < cumswaplollypop> Im concerned about privacy. I use openvpn. DNS leak tests say im leaking google DNS. Should i have major concerns with this?
21:44 -!- u0m3 [~u0m3@92.80.98.39] has quit [Read error: Connection reset by peer]
21:45 < skyroveRR> cumswaplollypop: your ISP should be your "concern" in the first place. Everything passes through it.
21:47 < cumswaplollypop> skyroveRR, how do I connect to the internet without my ISP? you mean I should select one that respects privacy? I dont think i have too many options. Can you elaborate?
21:50 < skyroveRR> cumswaplollypop: I meant to say that before you can even talk about "privacy", you need to think about what has already been known about you by your ISP.. all these years, you most likely transmitted everything in the clear, and your ISP was basically your entry to the "internet", so getting concerned about "privacy" isn't gonna help much now. You'll have to start about how you choose to use the internet
21:50 < skyroveRR> then. And the internet was never meant to be "privacy-friendly".
21:54 < cumswaplollypop> so does installing linux live on a usb with persistence and using a openvpn when it boots doing anything for me?
21:56 < cumswaplollypop> it is at least masking my ISPs IP from freenode and websites
21:56 < skyroveRR> cumswaplollypop: That alone doesn't help. Any dumbass can use a VPN and claim to be "private" or "anonymous". It's how you USE IT that's of importance. And to answer your earlier question about DNS, if you don't want google DNS, openvpn allows you to freely select any DNS provider.
21:57 < skyroveRR> But DNS leaks are gonna happen one way or the other.
21:57 < cumswaplollypop> right. im not claiming im anonymous. Im asking questions so i now how to USE IT right and apparently im not
21:58 < cumswaplollypop> but i thought i set DNS editing resolv.conf or the network manager changes it
21:58 < cumswaplollypop> im using TorGuard and they have a DNS server but if I set that as my DNS it doesnt work
21:58 < cumswaplollypop> it makes me think i have to be connected to the VPN service first, after that set it to their DNS
21:59 < skyroveRR> If you use network manager, editing resolv.conf won't help. Network manager will override it every time. You'll have to prevent it from editing it. And there's a solution for that. Just google.
21:59 < cumswaplollypop> I did...that i overcame
21:59 < skyroveRR> Ok :)
21:59 < cumswaplollypop> but the VPN provider says to use their DNS... but when i do nothing works
22:00 -!- hennos [~midas8@167.160.44.246] has quit [Quit: Leaving]
22:00 < cumswaplollypop> !ovpnuke
22:00 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
22:01 < skyroveRR> You don't need to follow every word about your VPN provider.. just use whichever DNS you like.
22:02 < cumswaplollypop> skyroveRR, yeah...thats what i was thinking. I was going to rotate a few. I just didnt know if DNS leaks are major concerns...obviously if the server is set to my ISP's yes but otherwise not so much
22:03 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
22:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
22:08 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
22:12 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
22:21 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Quit: Textual IRC Client: www.textualapp.com]
22:29 -!- bjhaid [49b001ef@gateway/web/freenode/ip.73.176.1.239] has joined #openvpn
22:29 < bjhaid> hi
22:29 < bjhaid> so I have openvpn setup on a server
22:29 < bjhaid> and I have tested client connections
22:30 < bjhaid> however I set it up on my android device
22:30 < bjhaid> with openvpn connect
22:30 < bjhaid> everything works opevpn connect shows connected
22:30 < bjhaid> however I can't seem to get to connect to the internet via the VPN as expected
22:32 < cumswaplollypop> did you set dns in your server.conf ?
22:35 < bjhaid> I figured it out
22:35 < bjhaid> didn't have push redirect-gateway def1 in my server.conf
22:35 < bjhaid> thanks
22:35 -!- fling [~fling@fsf/member/fling] has joined #openvpn
22:49 -!- cumswaplollypop [~cumswaplo@70.32.34.122] has quit [Quit: Leaving for IRL funsociety]
22:57 -!- toli [~toli@ip-62-235-197-114.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
22:58 -!- Sevalecan [~sevalecan@allegro/user/Sevalecan] has joined #openvpn
23:00 -!- toli [~toli@ip-62-235-216-11.dsl.scarlet.be] has joined #openvpn
23:07 -!- bjhaid [49b001ef@gateway/web/freenode/ip.73.176.1.239] has quit [Quit: Page closed]
23:22 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:25 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 256 seconds]
23:28 -!- krzee [~k@openvpn/community/support/krzee] has quit [Quit: your mom - its whats for breakfast]
--- Day changed Fri Aug 21 2015
00:01 -!- ShadniX [dagger@p579418F8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
00:02 -!- ShadniX [dagger@p579411D1.dip0.t-ipconnect.de] has joined #openvpn
00:03 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
00:07 -!- Buffman is now known as Buff|Away
00:07 -!- Buff|Away is now known as Buffman
00:07 -!- Buffman is now known as Buff|Away
00:48 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
00:52 -!- hojgaard [~hojgaard@78.156.117.236] has quit [Remote host closed the connection]
00:55 -!- catalase [~catalase@unaffiliated/catalase] has quit [Read error: Connection reset by peer]
00:56 -!- pdtodd [~qperfect@72.10.28.146] has quit [Quit: Leaving]
00:57 < pepee> hi. I'm connecting to the internet through a VPN to some random VPS, and when I download some files, I get disconnected with this error message:  Authenticate/Decrypt packet error: bad packet ID (may be a replay)
00:57 < pepee> is that just because the connection is terrible?
00:57 < pepee> I also get: 'link-mtu' is used inconsistently
01:03 -!- CGML [~CGML@unaffiliated/cgml] has quit [Remote host closed the connection]
01:04 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 250 seconds]
01:21 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Quit: sudo killall -9 -1]
01:26 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
01:26 -!- mode/#openvpn [+o pekster] by ChanServ
01:34 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
01:34 -!- mode/#openvpn [+v hyper_ch] by ChanServ
01:35 <+hyper_ch> hmmm, could there be an issue with redirect def1 if the client (Win10) is in a VM and uses NAT there? I'm experiencing problems there. However when I switch to bridged all seems to work fine
01:37 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Ping timeout: 252 seconds]
01:42 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 250 seconds]
01:44 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
01:44 -!- mode/#openvpn [+o pekster] by ChanServ
01:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:59 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-dbhdldgbexfoqbhr] has joined #openvpn
02:01 -!- wowaname [h@love.wowana.me] has quit [K-Lined]
02:02 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
02:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:29 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
02:49 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Remote host closed the connection]
02:49 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
02:51 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 260 seconds]
02:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:01 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:34 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
03:45 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
03:50 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
03:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
03:52 -!- hojgaard [~hojgaard@78.156.117.236] has joined #openvpn
04:16 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
04:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:26 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
04:28 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:29 -!- AxonetBE [~anonymous@81.83.15.153] has joined #openvpn
04:29 < AxonetBE> If I have a vpn connection to my servers, how can I know the incomming ip?
04:30 < AxonetBE> last time it was for example 10.1.10.18 but now it seems to be 10.1.10.10
04:48 -!- AxonetBE [~anonymous@81.83.15.153] has quit [Quit: AxonetBE]
04:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
05:33 -!- dvlwrk [~ryand@50-204-243-38-static.hfc.comcastbusiness.net] has quit [Read error: Connection reset by peer]
05:40 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
06:01 -!- hennos [~midas8@167.160.44.246] has joined #openvpn
06:10 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
06:32 -!- ValdikSS [~valdikss@95.215.45.133] has joined #openvpn
06:37 -!- fugyk [~fugyk@ec2-52-74-78-173.ap-southeast-1.compute.amazonaws.com] has quit [Quit: ZNC - http://znc.in]
06:38 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:50 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
07:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:11 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
07:13 -!- zamber [~zamber@78.10.86.90] has quit [Ping timeout: 244 seconds]
07:19 -!- zamber [~zamber@78.10.90.243] has joined #openvpn
07:21 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
07:23 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:24 -!- AxonetBE [~anonymous@94-225-248-47.access.telenet.be] has joined #openvpn
07:27 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 246 seconds]
07:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
07:37 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
07:37 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
07:39 -!- Netsplit *.net <-> *.split quits: lev__, abbe, Nothing4You
07:39 -!- Netsplit over, joins: abbe
07:40 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
07:48 -!- dazo is now known as dazo_afk
07:54 -!- Raansu [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
07:55 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
07:57 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 272 seconds]
07:59 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 240 seconds]
08:02 -!- Raansu [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
08:07 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
08:07 -!- dazo_afk is now known as dazo
08:08 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
08:10 -!- Raansu [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
08:12 -!- Raansu [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
08:13 -!- AxonetBE_ [~anonymous@ns3373594.ip-94-23-20.eu] has joined #openvpn
08:13 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:14 -!- AxonetBE [~anonymous@94-225-248-47.access.telenet.be] has quit [Ping timeout: 245 seconds]
08:14 -!- AxonetBE_ is now known as AxonetBE
08:14 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:15 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 272 seconds]
08:21 -!- dimmATwerk [~dimm0k@unaffiliated/dimm0k] has quit [Ping timeout: 250 seconds]
08:25 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
08:28 -!- dvlwrk [~ryand@50-204-243-38-static.hfc.comcastbusiness.net] has joined #openvpn
08:35 -!- lxusrbin [~lxusrbin@coffee.atw0rk.net] has quit [Quit: leaving]
08:40 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
08:41 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
08:52 -!- hojgaard [~hojgaard@78.156.117.236] has quit [Ping timeout: 250 seconds]
08:58 -!- jge [~jge@unaffiliated/bitfury] has joined #openvpn
09:00 < jge> good morning all, is it necessary for both remote and local networks to be on different subnets when routes to certain resources on the remote network are specified on the cleint's config?
09:01 < jge> this is a routed tun config btw
09:19 < Poster> So are you referring to a client being on say 192.168.1.0/24 and the remote network they're connecting to also being 192.168.1.0/24 ?
09:23 < jge> Poster: yep
09:24 < DArqueBishop> jge: the answer in that case is yes.
09:24 < Poster> yeah it gets tricky, I would recommend changing the remote network to something less common if you can
09:24 < DArqueBishop> Or change your local network, if you don't control the remote side.
09:25 < Poster> several jobs ago I had a similar situation, I ended up using netfilter's -j NETMAP option to renumber everything 192.168.x.x became 10.168.x.x
09:25 < Poster> it also took some work on the DNS side, I think dnsmasq has an actual function for it, at the time I was doing zone transfers and a small bash script to mangle the records
09:25 < Poster> but yes renumbering is certainly the cleanest method
09:26 < Poster> in practice 192.168.0/1/2 and sometimes 3.x are widely popular
09:26 < DArqueBishop> Yeah, you don't really want to use 192.168.1.0/24 or 192.168.0.0/24 because of how common they are.
09:26 < Poster> something in the middle of 10.0.0.0/8 or 172.16.0.0/12 is good
09:27 < jge> Yeah so right now I have a working config, it connects fine and both networks are on the same subnet. However, I'm speficing the remote routes on my client's config, so I'm guessing that works beause only that route gets to be put into my client's routing table
09:28 < Poster> you can try to use the metric to superceed it
09:28 < Poster> you can also try to slice it into smaller pieces
09:28 < Poster> eg; if you want to route 192.168.1.0/24, try routing 192.168.1.0/25 and 192.168.1.128/25
09:28 < Poster> it might break your local gateway though
09:29 < Poster> the default route system is similar, instead of routing 0.0.0.0/0, they route 0.0.0.0/1 and 128.0.0.0/1
09:29 < jge> right, this work for me now but if I ever grow to more than x amount of routes - I will need to consider changing subnets as managing routes on a local config seems like it could become a headache later on
09:30 < Poster> changing subnets is no fun but in my experience it's generally the sooner the better
09:30 < Poster> unless you're in one of those unique situations where the number of devices on a subnet actually gets smaller
09:30 < Poster> in my case I was stuck on that network, we were part of a larger organization which had several other networks that had static routing that could not be changed
09:31 < Poster> so I fell back onto netfilter+bind to help
09:31 < Poster> wasn't clean, but worked
09:32 < jge> bind as dns server?
09:32 < Poster> yeah, so internally we had some active directory domain controllers on the 192.168.1.x space
09:33 < Poster> so every 10 minutes, I executed a zone transfer and mangled all records
09:33 < Poster> foo.domain.lan -> 192.168.1.100 became foo.domain.lan -> 10.168.1.100
09:33 < jge> oh i see
09:33 < Poster> I pushed a route to the clients of 10.168.1.0/24 (which did not overlap with 192.168.1.0/24)
09:34 < jge> yeah, my network is really small right now - about 10 hosts
09:34 < Poster> I then had to NAT the traffic which sourced from the VPN networks on the 192.168.1.0/24 network, so it was really kinda messy
09:34 < Poster> but it kept the employees working
09:34 < Poster> I would really consider renumbering
09:35 -!- jrgcombr [~jrgcombr@179.34.146.19] has joined #openvpn
09:35 -!- jrgcombr [~jrgcombr@179.34.146.19] has quit [Client Quit]
09:35 -!- jrgcombr [~jrgcombr@179.34.146.19] has joined #openvpn
09:35 < jge> I also need to change to a push set up instead of hard-coding routes on client'
09:35 < jge> s config
09:35 < Poster> yeah, originally I did hard coding
09:35 < Poster> but it was a trainwreck to scale
09:36 < Poster> I collapsed what I think was 25 or 30 instances down to 5 or 6 from what I remember
09:36 < jge> I could imagine
09:37 -!- AxonetBE [~anonymous@ns3373594.ip-94-23-20.eu] has left #openvpn []
09:37 < jge> I'm using a synology NAS as my OVPN server.. not sure it allows me to push to clients
09:38 < Poster> not familiar with that system, I generally run general purpose OSes, mainly OpenBSD or Linux on the OpenVPN server systems
09:38 < Poster> I have done a little work with DD-WRT
09:39 < Poster> from what I recall there was an option somewhere that you could paste in raw config options
09:39 < jge> just checked and it's very limited, would probably need to migrate this over to its own hardware later on too
09:40 < jge> will start thinking about all this asap
09:40 < Poster> you can also consider something like a raspberry pi
09:40 < Poster> I have helped friends use those as low power/cost VPN systems in small/home environments
09:42 < jge> hmm, not a bad idea
09:43 < jge> I was thinking of an intel NUC
09:55 -!- catalase [~catalase@unaffiliated/catalase] has joined #openvpn
09:57 < Poster> sure anything that can run Linux or BSD should be good
10:08 -!- AxonetBE_ [~anonymous@94-225-248-47.access.telenet.be] has joined #openvpn
10:09 < AxonetBE_> how to setup a route on the client ?
10:09 < AxonetBE_> I activate my openvpn client to the server but can't ping any address behind the vpn, probably my client is not setup to use the vpn for specific range
10:10 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
10:13 < Poster> ok do you have the route defined?
10:15 < AxonetBE_> Poster: in the client conf?
10:15 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 272 seconds]
10:16 < AxonetBE_> Poster: in the client.conf I put route 10.1.0.0/16
10:19 < Poster> ok and does the OpenVPN server system have an address in the 10.1.0.0/16 subnet?
10:19 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
10:24 -!- AxonetBE_ [~anonymous@94-225-248-47.access.telenet.be] has quit [Read error: Connection reset by peer]
10:24 -!- cumswaplollypop [~cumswaplo@2600:1011:b061:81f6:6aa3:c4ff:fe8c:add8] has joined #openvpn
10:24 -!- AxonetBE [~anonymous@94-225-248-47.access.telenet.be] has joined #openvpn
10:25 < AxonetBE> Poster: sorry my internet connection got interupted
10:25 < AxonetBE> my server is external ip is not on the 10.1.0.0 range but I have some devices after vpn that are on this range
10:25 < AxonetBE> when I localy on my MBP with viscocity chose to send all trafic over VPN it works fine
10:26 < AxonetBE> but now I want to connect one of my server to this vpn also but can't get any device after the vpn
10:26 < AxonetBE> all the devices have addresses like 10.1.2.2, 10.1.3.2, 10.1.4.2, ...
10:37 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:37 < AxonetBE> ok I changed format and now it's ok
10:38 < AxonetBE> seems that you cant say route 10.1.0.0/16 but you need to specify route 10.1.0.0 255.255.0.0
10:44 -!- ExoUNX [~ExoUNX__@rrcs-70-60-17-150.central.biz.rr.com] has joined #openvpn
10:45 < ExoUNX> when is openvpn getting support for AEAD and forward secrecy
10:46 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
10:47 -!- ValdikSS [~valdikss@95.215.45.133] has quit [Quit: Konversation terminated!]
10:51 < BtbN> It's already using DH key exchange, for quite a long time.
10:53 < ExoUNX> yah my bad, was thinking of something else
10:53 < ExoUNX> but it doesn't support GCM as far as I know
10:53 < ExoUNX> I think it's in the beta atm, not quite sure
10:54 -!- jge [~jge@unaffiliated/bitfury] has left #openvpn ["WeeChat 1.0.1"]
11:00 < pepee>  hi. I'm connecting to the internet through a VPN to some random VPS, and when I download some files, I get disconnected with this error message:  "Authenticate/Decrypt packet error: bad packet ID (may be a replay)". is that just because the connection is terrible? I also get: 'link-mtu' is used inconsistently... I tried fixing it, but I get complains about mssfix, or something
11:01 < pepee> is this because the server is badly configured/not powerful enough?
11:11 < ExoUNX> pepee, seems like a resource issue
11:19 -!- Buff|Away is now known as Buffman
11:21 -!- cumswaplollypop [~cumswaplo@2600:1011:b061:81f6:6aa3:c4ff:fe8c:add8] has quit [Read error: Connection timed out]
11:25 -!- zamber [~zamber@78.10.90.243] has quit [Ping timeout: 244 seconds]
11:30 -!- OG_s7eele [~AndChat52@2600:100d:b103:ded0:998e:88ee:570b:9f32] has joined #openvpn
11:34 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 244 seconds]
11:36 < catalase> anyone know how to allow multiple users to connect with the same credentials?
11:38 -!- supergauntlet is now known as misabr||afk
11:38 -!- OG_s7eele [~AndChat52@2600:100d:b103:ded0:998e:88ee:570b:9f32] has quit [Quit: Bye]
11:38 -!- misabr||afk is now known as supergauntlet
11:39 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
11:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:53 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
11:56 -!- ExoUNX [~ExoUNX__@rrcs-70-60-17-150.central.biz.rr.com] has quit [Ping timeout: 272 seconds]
12:12 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
12:16 -!- coded-dude [~coded-dud@ip72-198-13-26.ok.ok.cox.net] has joined #openvpn
12:16 < ki7rw> is it normal for  a moderator to take more than a couple of days to approve/reject a post to forums.openvpn.net? i replied to a post on the 17th but it still hasn't shown up and i haven't received anything that says it was rejected.
12:16 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 260 seconds]
12:17 < coded-dude> has anyone else reported issues of not being able to register at the forums?
12:17 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
12:18 < coded-dude> when I go to https://forums.openvpn.net/ and lcick register at the top right i get this: HTTP Status 500 - 5053 ERROR_PWM_UNAVAILABLE
12:18 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN Support Forum (at forums.openvpn.net)
12:20 < coded-dude> i have tried on two different machines with two different browsers just to make sure it wasn't me.
12:20 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 250 seconds]
12:24 -!- pepee_ is now known as pepee
12:26 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
12:30 < coded-dude> can someone not logged in verify the error and possibly post it in the forums?
12:32 < pepee> same here
12:32 < pepee> (unable to initialize pwm due to configuration related error: access denied ("java.io.FilePermission" "/var/lib/tomcat6/staging/pwm.war.d/WEB-INF/logs/PWM.log.50" "delete"))
12:33 < coded-dude> thanks for verifying pepee
12:33 < pepee> if I understand correctly, it's trying to delete a file but it has no permissions to do so
12:39 -!- Gman32 [~Gman32@76.72.167.208] has quit [Quit: Headin out...]
12:41  * ecrist looks
12:41 < coded-dude> I sent an email to help@openvpn.net last night, but that is the only recourse i have of notifying a mod/admin besides posting in here.
12:42 <@ecrist> that's fine
12:42 <@ecrist> I'm one of the admins.
12:42 <@ecrist> i don't get email sent to help@, though.
12:42 -!- Gman32 [~Gman32@76.72.167.208] has joined #openvpn
12:45 <@ecrist> coded-dude: I'm told the goons will look into it.
12:46 < coded-dude> awesome! thanks for your help guys.  much appreciated.
12:51 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
12:52 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
12:52 -!- pepee_ is now known as pepee
12:56 <@ecrist> coded-dude: it's working now
12:59 < coded-dude> man you guys are fast! thanks again!
13:00 -!- master_of_master [~master_of@79.242.77.214] has joined #openvpn
13:00 < ki7rw> ecrist, if you're an admin then can you tell me why my post still hasn't shown up? i sent the post twice and it still hasn't shown up
13:01 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
13:02 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
13:02 -!- pepee_ is now known as pepee
13:03 -!- master_o1_master [~master_of@p4FD7BBBD.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
13:05 <@ecrist> what's your forum username?
13:08 < ki7rw> ki7rw4
13:18 <@ecrist> both posts have been approved.
13:28 < ki7rw> ok. thanks.
13:29 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 260 seconds]
13:29 < ki7rw> https://forums.openvpn.net/topic19497.html in case anyone can help
13:29 <@vpnHelper> Title: OpenVPN Support Forum can ping server but no internet : OpenVPN Connect (iOS) (at forums.openvpn.net)
13:31 <@ecrist> ki7rw: why not tell us here what you're having problems with
13:33 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:52 -!- fugyk [~fugyk@ec2-52-74-78-173.ap-southeast-1.compute.amazonaws.com] has joined #openvpn
13:56 < AxonetBE> Hi, I connect to a server trough openvpn server but the outgoing ip address is always different going from 10.0.1.14 to 10.0.1.10
13:57 < AxonetBE> Can I change this and give it always the same ip to go out?
13:59 <+esde> !static
13:59 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
14:08 -!- Buffman is now known as Buff|Away
14:08 -!- Buff|Away is now known as Buffman
14:08 -!- Buffman is now known as Buff|Away
14:11 -!- Gman32 [~Gman32@76.72.167.208] has quit [Quit: Headin out...]
14:19 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
14:33 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
14:35 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 240 seconds]
14:36 -!- pepee_ is now known as pepee
14:44 < ki7rw> ecrist, the problem is that i can connect to the server but can't get routed to the internet - my post at openvpn shows the config files
14:49 -!- AxonetBE [~anonymous@94-225-248-47.access.telenet.be] has left #openvpn []
14:53 <@ecrist> you didn't strip the comments from your config like the forum rules suggests
14:53 <@ecrist> !configs
14:54 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:54 <@ecrist> I'm guessing you don't have sysctl net.inet.forward enabled and you may not have the needed firewall rule that provides the outbound nat that is required
14:59 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Ping timeout: 265 seconds]
15:02 < ki7rw> ecrist, sorry about that - i'll repost
15:05 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
15:05 -!- bluepill [~redpill@unaffiliated/redpill] has joined #openvpn
15:18 < ki7rw> hopefully this is easier to read: http://pastebin.com/dB1a3s6y
15:23  * ecrist reads
15:25 <@ecrist> pastebin doesn't want to load for me
15:26 -!- dazo is now known as dazo_afk
15:28 < ki7rw> ecrist, i justed posted the edited config files to openvpn.net (https://forums.openvpn.net/post54192.html#p54192)
15:28 <@vpnHelper> Title: OpenVPN Support Forum can ping server but no internet : OpenVPN Connect (iOS) (at forums.openvpn.net)
15:35 < ki7rw> cat /proc/sys/net/ipv4/ip_forward returns 1 so that's enabled
15:38 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:40 < ki7rw> not sure if i need to use this iptables NAT stuff since the server box doesn't have a firewall running (it's behind a linksys router running a firewall)
15:51 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 272 seconds]
15:55 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
15:57 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
15:57 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 265 seconds]
16:05 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
16:05 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
16:08 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Client Quit]
16:08 -!- AnGrYfUrBy [~AnGrYfUrB@pdpc/supporter/active/angryfurby] has joined #openvpn
16:09 < AnGrYfUrBy> !welcome
16:09 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:09 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:14 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
16:16 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 244 seconds]
16:17 -!- n1cky [~sielicki@nicky.io] has joined #openvpn
16:17 < n1cky> is it possible for me to get a range of ip addresses that a openvpn server may lease to clients?
16:18 < n1cky> trying to restrict ssh on a server to ip's of my vpn provider, but they do not have ranges listed online.
16:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
16:20 < DArqueBishop> n1cky, sure, by asking them.
16:20 -!- AnGrYfUrBy [~AnGrYfUrB@pdpc/supporter/active/angryfurby] has quit [Ping timeout: 260 seconds]
16:22 < n1cky> DArqueBishop: it may depend on provider to provider, but can you please explain how they might be leasing IP's? is my computer interacting only with the host in my /etc/openvpn/client.conf and then they further route my packets through another host?
16:22 < n1cky> or is it that the further host is negotiated at the time of connection?
16:23 < n1cky> please let me know if i'm being unclear.
16:24 -!- pepee_ is now known as pepee
16:24 < n1cky> i'm just trying to understand the protocol
16:26 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
16:26 < DArqueBishop> n1cky, in a normal tunneled setup (aka, your client.conf holds "dev tun"), the VPN server assigns the IP address to you. The IP range available for distribution is noted in the server's conf file.
16:26 < n1cky> and then all packets from my computer are talking with that host, yes?
16:27 < DArqueBishop> Yes.
16:27 < n1cky> Thank you! makes sense.
16:27 < DArqueBishop> Well, all VPN packets are, yes.
16:27 < n1cky> ofc, yeah.
16:28 -!- unixninja92_ [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Ping timeout: 240 seconds]
16:31 < n1cky> DArqueBishop: is there a better way for this to be implemented? I'm just thinking that I have 10 hosts in my openvpn conf for the various servers my VPN provider offers.
16:32 < n1cky> but the reason they have different providers is only to discern between the location of the connection
16:33 < n1cky> why not send a bit of metadata to their router instead? It allows for much more interesting configurations.
16:34 -!- zero_64 [~GhostReco@192.99.170.5] has quit [Remote host closed the connection]
16:51 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
16:52 -!- hennos [~midas8@167.160.44.246] has quit [Quit: Leaving]
16:53 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 272 seconds]
16:53 -!- pepee_ is now known as pepee
17:02 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: time to go now]
17:06 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:08 -!- arlen [~arlen@jarvis.arlen.io] has left #openvpn []
17:13 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
17:22 -!- hennos [~midas8@178.162.209.138] has joined #openvpn
17:32 -!- Haigha [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
17:37 -!- hennos [~midas8@178.162.209.138] has quit [Ping timeout: 250 seconds]
17:43 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
17:43 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
17:49 < coded-dude> doh! just realized I submitted a thread(waiting for approval) that has the wrong output.  i changed config to verb 4 and ran the connection again only it was an auth failure, and not the actual error(after a successful auth).
18:06 -!- hennos [~midas8@167.160.44.251] has joined #openvpn
18:07 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 250 seconds]
18:11 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
18:13 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
18:13 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
18:14 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
18:14 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
18:16 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
18:19 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 252 seconds]
18:19 -!- pepee_ is now known as pepee
18:32 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
18:43 -!- Gunni [~gunni@kjarni/gunni] has left #openvpn ["Leaving"]
18:51 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-dbhdldgbexfoqbhr] has quit [Quit: Connection closed for inactivity]
19:27 -!- EmanuelNJ [~emanuel@ool-18b99a93.dyn.optonline.net] has joined #openvpn
19:27 < EmanuelNJ> !welcome
19:27 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
19:27 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:27 < EmanuelNJ> !goal
19:27 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
19:27 <+esde> whats up EmanuelNJ?
19:28 < EmanuelNJ> Goal: Access some servers running in my home remotely. I have a Ubuntu system with calibre on it and I need to access the server remotley with an IP on the same network
19:29 < EmanuelNJ> I followed some how-to's last night but I can't get the server to work
19:29 <+esde> Can you install openvpn on a machine within the remote network?
19:29 < EmanuelNJ> esde, Yes I can install it on the ubuntu system but I am confuised by the guides I found
19:30 <+esde> !walkthroughs
19:30 <+esde> !walkthrough
19:30 <@vpnHelper> "walkthrough" is if you are using some walkthrough and now you are here cause you have problems and dont understand your setup, type !howto and !man and try to actually learn what you're doing. most those docs about openvpn from google SUCK.
19:30 <+esde> because they stink
19:30 <+esde> what you want to go off of is the official documentation
19:30 <+esde> !howto
19:30 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
19:30 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
19:30 <+esde> that's a pretty good primer for openvpn, covering how to configure it as a server, client or otherwise
19:31 <+esde> To accomplish your specific goal,
19:31 <+esde> !serverlan
19:31 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
19:31 <+esde> If you have any specific questions along the way feel free to ask! :D
19:31 < EmanuelNJ> esde, thank you I will look at the howto
19:31 <+esde> np
19:32 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
19:32 -!- pepee_ is now known as pepee
19:32 < EmanuelNJ> esde, I do know my router will give out 192.168.1.2 through 192.168.1.149 so I assume I can use .150 through .254 for the VPN ip's?
19:32 <+esde> no
19:32 <+esde> 1s
19:33 <+esde> (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:33 <+esde> !/30
19:33 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
19:34 <+esde> but 10.0.8/24 is a pretty good choice
19:37 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
19:37 <+esde> on second thought, it maybe with some sort of manual addressing like !static or !ccd
19:38 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
19:39 <+esde> one other thing to bear in mind
19:39 <+esde> !tunortap
19:39 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
19:39 <@vpnHelper> rooted/jailbroken) support only tun
19:40 <+esde> if you need anything below layer 3, you'll want tap
19:43 < EmanuelNJ> esde, I just looked over the howto and my eyes glazed over
19:45 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:03 -!- Bl4ckD34Th is now known as Bl4ckAWAY
20:03 -!- Bl4ckAWAY is now known as Bl4ckD34Th
20:03 -!- Bl4ckD34Th is now known as Bl4ckAWAY
20:04 -!- Bl4ckAWAY is now known as Bl4ckD34Th
20:09 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
20:18 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:22 -!- Bl4ckD34Th is now known as Bl4ckAWAY
20:24 -!- hennos [~midas8@167.160.44.251] has quit [Read error: Connection reset by peer]
20:28 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
20:30 -!- Bl4ckAWAY is now known as Bl4ckD34Th
20:31 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 265 seconds]
20:33 -!- EmanuelNJ [~emanuel@ool-18b99a93.dyn.optonline.net] has left #openvpn ["Leaving"]
20:40 -!- pepee_ is now known as pepee
21:18 -!- jrgcombr_ [~jrgcombr@177.148.147.234] has joined #openvpn
21:21 -!- jrgcombr [~jrgcombr@179.34.146.19] has quit [Ping timeout: 244 seconds]
21:34 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Quit: End of line.]
21:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:36 -!- coded-dude [~coded-dud@ip72-198-13-26.ok.ok.cox.net] has quit [Remote host closed the connection]
21:39 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
21:41 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
21:55 -!- RandomName12345 [~TikityTik@162.223.44.49] has joined #openvpn
21:55 -!- RandomName12347 [~TikityTik@162.223.44.49] has joined #openvpn
21:56 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Ping timeout: 250 seconds]
21:57 -!- RandomName12347 [~TikityTik@162.223.44.49] has quit [Remote host closed the connection]
21:58 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
21:59 -!- RandomName12345 [~TikityTik@162.223.44.49] has quit [Client Quit]
21:59 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Remote host closed the connection]
22:05 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has joined #openvpn
22:07 -!- coded-dude [~coded-dud@ip72-198-13-26.ok.ok.cox.net] has joined #openvpn
22:12 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
22:12 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
22:12 -!- pepee_ is now known as pepee
22:42 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
22:47 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 265 seconds]
23:04 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Excess Flood]
23:11 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Ping timeout: 240 seconds]
23:21 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 265 seconds]
23:34 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
23:40 -!- s7eele [~AndChat52@208.167.254.221] has joined #openvpn
23:50 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-pvbezxnjvrmeruat] has joined #openvpn
23:59 -!- ShadniX [dagger@p579411D1.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
--- Day changed Sat Aug 22 2015
00:00 -!- ShadniX [dagger@p57941512.dip0.t-ipconnect.de] has joined #openvpn
00:31 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
00:32 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
00:32 -!- pepee_ is now known as pepee
00:38 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
00:39 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
00:39 -!- pepee_ is now known as pepee
00:49 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
00:50 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 244 seconds]
00:54 -!- pepee_ [~qzerty@unaffiliated/pepee] has quit [Client Quit]
00:56 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:21 -!- s7eele [~AndChat52@208.167.254.221] has quit [Quit: Bye]
01:52 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:05 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
02:16 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 255 seconds]
02:18 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: time to go now]
02:21 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
02:23 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
02:23 -!- mode/#openvpn [+v RBecker] by ChanServ
02:26 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
02:37 -!- coded-dude [~coded-dud@ip72-198-13-26.ok.ok.cox.net] has quit [Ping timeout: 250 seconds]
02:41 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
03:35 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
03:46 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:49 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
04:03 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
04:28 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
04:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:56 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
05:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:27 -!- benjamin__ [~benjamin_@192.73.244.253] has joined #openvpn
05:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:27 -!- Tinyyy [~textual@128.199.100.211] has joined #openvpn
06:27 < Tinyyy> Hey guys I have a question / problem with OpenVPN and Stunnel. I have a Digital Ocean server and I’m trying to route all my traffic through it. Currently, I have it configured client OpenVPN(TunnelBlick) -> 127.0.0.1:6969(Client Stunnel listens on) -> IP.TO.MY.SERVER:443(Server Stunnel listens on) -> IP.TO.MY.SERVER:1194 (Server OpenVPN listens on). This means that I can also initiate a non-stunnel connection to my server. The weird little problem
06:27 < Tinyyy>  I’ve experienced is that after a fresh reboot, when I try to connect via Stunnel immediately, I am able to authenticate and all that, and TunnelBlick reports ‘connected’, but I do not receive any traffic in (0B/s). However, if I connect using the non-stunnel way after that, I receive full traffic. Also, after connecting, if I go back to use Stunnel to connect, I am then able to receive full traffic on the Stunnel connection. Does anyone have any
06:27 < Tinyyy>  idea what’s the problem? Thank you.
06:42 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
06:43 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
06:45 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
06:47 -!- Tinyyy [~textual@128.199.100.211] has quit [Read error: Connection reset by peer]
06:51 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-pvbezxnjvrmeruat] has quit [Quit: Connection closed for inactivity]
06:53 -!- Tinyyy [~textual@128.199.100.211] has joined #openvpn
07:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
07:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:10 -!- Bl4ckD34Th is now known as Bl4ckAWAY
07:10 -!- Bl4ckAWAY is now known as Bl4ckD34Th
07:11 -!- Bl4ckD34Th is now known as Bl4ckAWAY
07:11 -!- Bl4ckAWAY is now known as Bl4ckD34Th
07:17 -!- Tinyyy [~textual@128.199.100.211] has quit [Ping timeout: 272 seconds]
07:26 -!- Tinyyy [~textual@138.75.148.120] has joined #openvpn
07:28 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:29 -!- Bl4ckD34Th is now known as Bl4ckAWAY
07:30 -!- Bl4ckAWAY is now known as Guest34023
07:59 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
08:18 -!- Tinyyy [~textual@138.75.148.120] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:08 -!- FreezingCold_ [uid105316@gateway/web/irccloud.com/x-uojmwkkcywsaqqcc] has joined #openvpn
09:11 -!- BtbN [btbn@unaffiliated/btbn] has quit [Ping timeout: 240 seconds]
09:11 -!- phantomcircuit [~phantomci@smartcontracts.us] has quit [Ping timeout: 240 seconds]
09:11 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 240 seconds]
09:11 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
09:11 -!- Savemech [Savemech@gateway/shell/firrre/x-likeoicmsaxxfepq] has quit [Ping timeout: 240 seconds]
09:11 -!- Cybertinus [~Cybertinu@cybertinus.customer.cloud.nl] has quit [Ping timeout: 240 seconds]
09:11 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 240 seconds]
09:11 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 240 seconds]
09:11 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 240 seconds]
09:11 -!- kenyon [kenyon@darwin.kenyonralph.com] has quit [Ping timeout: 240 seconds]
09:11 -!- jesopo [jess@lolnerd.net] has joined #openvpn
09:11 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
09:12 -!- phantomcircuit_ [~phantomci@smartcontracts.us] has joined #openvpn
09:13 -!- hennos [~midas8@167.160.44.242] has joined #openvpn
09:13 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
09:13 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
09:14 -!- hennos [~midas8@167.160.44.242] has quit [Client Quit]
09:21 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
09:21 -!- bluepill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 245 seconds]
09:21 -!- hennos [~midas8@167.160.44.242] has joined #openvpn
09:22 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
09:22 -!- bluepill [~redpill@unaffiliated/redpill] has joined #openvpn
09:23 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:42 -!- Savemech [Savemech@gateway/shell/firrre/x-jrmosgpeucikyzba] has joined #openvpn
09:42 -!- bluepill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
09:44 -!- bluepill [~redpill@unaffiliated/redpill] has joined #openvpn
10:10 -!- bluepill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
10:13 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:15 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:16 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:59 -!- toli [~toli@ip-62-235-216-11.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
10:59 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
11:00 -!- mode/#openvpn [+o krzee] by ChanServ
11:00 -!- toli [~toli@ip-62-235-239-83.dsl.scarlet.be] has joined #openvpn
11:01 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-joaabuadexbjcyxr] has joined #openvpn
12:41 -!- phantomcircuit_ [~phantomci@smartcontracts.us] has quit [Ping timeout: 246 seconds]
12:45 -!- phantomcircuit [~phantomci@smartcontracts.us] has joined #openvpn
12:46 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
12:47 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:59 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
13:00 -!- master_o1_master [~master_of@p4FF24E7C.dip0.t-ipconnect.de] has joined #openvpn
13:00 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:03 -!- master_of_master [~master_of@79.242.77.214] has quit [Ping timeout: 272 seconds]
13:29 -!- arlen [~arlen@jarvis.arlen.io] has left #openvpn []
13:30 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
14:02 -!- coded-dude [~coded-dud@ip72-198-13-26.ok.ok.cox.net] has joined #openvpn
14:04 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
14:06 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
14:08 < ki7rw> i've managed to get 2 laptops to use openvpn but i'm still having trouble with openvpn connect for my android phone (samasung galaxy s4) running lollipop - i believe all i had to do was create a .ovpn file and import it to openvpn connect but i can't get a connection - any ideas of what could be causing my problem?
14:09 < ki7rw> i followed the instructions at https://forums.openvpn.net/topic14629.html
14:09 <@vpnHelper> Title: OpenVPN Support Forum How do I create an OpenVPN profile for Android? : OpenVPN Connect (Android) (at forums.openvpn.net)
14:12 < ki7rw> near as i can tell there shouldn't be a firewall issue - if it is, i also have the understanding that the firewall on the smartphone can't be adjusted unless the phone is rooted
14:14 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 246 seconds]
14:15 -!- benjamin__ [~benjamin_@192.73.244.253] has quit [Ping timeout: 244 seconds]
14:19 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
14:19 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
14:50 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
14:51 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-joaabuadexbjcyxr] has quit [Quit: Connection closed for inactivity]
15:01 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
15:15 -!- coded-dude [~coded-dud@ip72-198-13-26.ok.ok.cox.net] has quit [Ping timeout: 244 seconds]
15:20 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zvwvcswmzrjvjbou] has joined #openvpn
15:30 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
15:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:40 -!- rbxs [~rbxs@92.63.171.51] has joined #openvpn
15:46 -!- MTecknology [~Mike@nginx/adept/mtecknology] has joined #openvpn
15:48 < MTecknology> When I connect using openvpn, usually I only want to work on things in that network. This time, I want to route web traffic through it. How can I make that happen?
15:48 < MTecknology> If it becomes an all or nothing thing, that's fine...
15:49 < MTecknology> I tried  ip route del default via <here_gw>; ip route add default via <home_gw>  but that doesn't work because I just removed the route that lets me get to <home_gw>...
15:49 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 255 seconds]
15:51 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
15:58 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
16:09 -!- james41382_ is now known as james41382
16:39 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 265 seconds]
16:40 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:44 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
16:50 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
16:51 < Takumo> Hi all, not sure if this is an #openvpn question, a ##linux question or even an #archlinux question
16:51 < Takumo> but how would I ensure that traffic for 10.0.0.0/8 is routed via a vpn connection
16:51 < Takumo> and all other traffic is routed as normal (not via a vpn)
16:51 < Takumo> is there some way to do this in the config file?
16:54 < Takumo> never mind, looks like its a server config issue that's preventing me accessing the lan :)
17:09 -!- Guest34023 [Elite13526@gateway/shell/elitebnc/x-xyterejhkjwcilfv] has left #openvpn []
17:24 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Read error: Connection reset by peer]
17:31 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zvwvcswmzrjvjbou] has quit [Quit: Connection closed for inactivity]
17:40 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 255 seconds]
17:42 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
17:51 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 256 seconds]
17:53 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
18:06 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
18:06 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
18:09 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds]
18:10 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
18:21 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
18:46 -!- MTecknology [~Mike@nginx/adept/mtecknology] has left #openvpn ["You saw me, but now you don't."]
18:53 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Quit: sudo killall -9 -1]
19:07 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:25 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 256 seconds]
19:25 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 246 seconds]
19:26 -!- Exagone313 [exa@elou.world] has joined #openvpn
19:26 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
19:35 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
19:37 < ki7rw> i tried using duplicate-cn in my sever config but i still get the same address to every client
19:38 <@krzee> ki7rw, are you also using static ips or ipp?
19:38 <@krzee> !ipp
19:38 <@vpnHelper> "ipp" is (#1) the option --ifconfig-pool-persist ipp.txt does NOT create static ips or (#2) Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, see !iporder and !static
19:39 < ki7rw> ipp
19:39 <@krzee> comment that out, should fix it
19:40 <@krzee> you're associating an ip with a user, then connecting the same user many times
19:43 -!- toli [~toli@ip-62-235-239-83.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
19:43 < ki7rw> each client has it's own cert
19:43 < ki7rw> same user though
19:43 <@krzee> Takumo, !serverlan should help ya if you still need help
19:44 <@krzee> then why do you need duplicate-cn?
19:44 <@krzee> just dont use --username-as-common-name
19:45 < ki7rw> because i'm getting the same ip on all clients and a couple of websites said that'll fix it
19:45 <@krzee> only when they are all using the same common-name
19:46 <@krzee> and really if that was happening you wouldnt just get the same ip, youd get booted every time another client copnnected with your cn, and then according to keepalive settings youd probably battle back and forth for the connection
19:46 <@krzee> !configs
19:46 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
19:49 -!- toli [~toli@ip-62-235-239-83.dsl.scarlet.be] has joined #openvpn
19:49 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
19:51 <@krzee> just reattached, if you posted configs post them again
19:52 <@krzee> cause i didnt see it if you did it
19:52 <@krzee> im leaving in about 15mins so you probably want to hurry
20:18 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
21:12 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
21:26 -!- hennos [~midas8@167.160.44.242] has quit [Quit: Leaving]
22:01 -!- OG_s7eele [~AndChat52@2600:100d:b105:a673:20b0:18d8:8283:92db] has joined #openvpn
22:04 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 240 seconds]
22:09 -!- OG_s7eele [~AndChat52@2600:100d:b105:a673:20b0:18d8:8283:92db] has quit [Quit: Bye]
22:09 -!- s7eele [~AndChat52@2600:100d:b105:a673:20b0:18d8:8283:92db] has joined #openvpn
22:12 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Leaving]
22:13 -!- s7eele [~AndChat52@2600:100d:b105:a673:20b0:18d8:8283:92db] has quit [Client Quit]
22:15 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
22:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:00 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
23:17 -!- krzee [~k@openvpn/community/support/krzee] has quit [Quit: your mom - its whats for breakfast]
23:31 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
23:58 -!- ShadniX [dagger@p57941512.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:58 -!- ShadniX [dagger@p5DDFF914.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Aug 23 2015
00:27 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 246 seconds]
00:27 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:481b:ac86] has quit [Ping timeout: 246 seconds]
00:47 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:48 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
01:22 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-inyesndmfrbnwyts] has joined #openvpn
02:26 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
02:35 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
02:41 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
03:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:34 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:56 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
04:00 -!- blindbox [~blindbox@175.142.227.212] has joined #openvpn
04:00 < blindbox> !welcome
04:00 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:00 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:01 < blindbox> hello. i wanted to acces my work network using openvpn
04:01 < blindbox> i have a openvpn server settings that goes like this. http://pastebin.com/Mef30w4v . my problem is that I can access 192.168.0.254 (the openvpn server), but i couldn't access the rest of the network
04:01 < blindbox> i've done all sorts of firewall configs, like so : http://pastebin.com/9nQ8G90K (openwrt, mind you), and i still can't access the network
04:03 < blindbox> my client is Windows 7
04:03 < blindbox> now that i think about it, that might be related
04:06 < blindbox> !paste
04:06 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
04:06 < blindbox> !configs
04:06 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
04:09 -!- hennos [~midas8@167.160.44.242] has joined #openvpn
04:10 < blindbox> oh, right. here's the client file. https://gist.github.com/blindbox/a7bcd62d6857b49cbb93
04:10 <@vpnHelper> Title: client.ovpn · GitHub (at gist.github.com)
04:18 < blindbox> i did a tracert 192.168.0.30 (a known ip that's always up, and i confirmed it's up), and i found out it jumped to 10.0.0.1 first before being lost. that possibly indicaters a firewall issue on my server. any idea on how to check, or what to look for?
04:21 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:22 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:31 -!- OG_s7eele [~AndChat52@2600:100d:b12b:a5e7:a4d0:542f:a8b8:1eeb] has joined #openvpn
04:33 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 252 seconds]
04:39 -!- OG_s7eele [~AndChat52@2600:100d:b12b:a5e7:a4d0:542f:a8b8:1eeb] has quit [Quit: Bye]
04:39 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
04:45 < blindbox> all right
04:45 < blindbox> managed to solve this problem
04:45 < blindbox> remove the line 'route 192.168.0.0 255.255.255.0' off the server config. then restart the server to reset all route configs. that's not supposed to exist in the server conf
04:47 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
05:08 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Read error: Connection reset by peer]
05:19 -!- OG_s7eele [~AndChat52@2600:100d:b102:4a0d:5103:5e6e:6488:6aef] has joined #openvpn
05:23 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 245 seconds]
05:27 -!- OG_s7eele [~AndChat52@2600:100d:b102:4a0d:5103:5e6e:6488:6aef] has quit [Quit: Bye]
05:28 -!- s7eele [~AndChat52@2600:100d:b102:4a0d:5103:5e6e:6488:6aef] has joined #openvpn
05:35 -!- s7eele [~AndChat52@2600:100d:b102:4a0d:5103:5e6e:6488:6aef] has quit [Quit: Bye]
05:37 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
06:23 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
06:23 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
06:41 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit [Ping timeout: 265 seconds]
06:42 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
07:26 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
07:28 -!- shiriru_ [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
07:28 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Client Quit]
07:29 -!- shiriru_ [~shiriru@95-42-18-158.btc-net.bg] has quit [Remote host closed the connection]
07:29 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
07:41 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
08:01 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
08:17 -!- xxavi [~xxavi@46.246.49.254] has joined #openvpn
08:17 < xxavi> hi
08:18 < xxavi> how can I check if my openvpn is built with interactive passwords may be read from a file ?
08:19 < skyroveRR> xxavi: the configuration files. server.conf/client.conf/openvpn.conf/whatever..
08:21 < xxavi> skyroveRR: ok, thanks
08:28 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:35 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
08:46 -!- blindbox [~blindbox@175.142.227.212] has quit [Ping timeout: 260 seconds]
08:58 -!- catalase [~catalase@unaffiliated/catalase] has quit []
09:16 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
09:19 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
09:21 -!- Malsasa [~Malsasa@114.79.28.78] has joined #openvpn
09:21 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
09:21 < _cmd_> i'm working on tuning my road warrior openvpn config to work better at one of my work locations with a 6to4 tunnel. wan mtu / maximum segement size to my vpn server is 1432. using "mssfix 1392" mostly works, but still seems a little flaky and pings to the inside internal interface of the vpn server show dropped responses. what is the "optimal" method for handling this situation?
09:21 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
09:31 < _cmd_> client config:  http://pastebin.com/AQEz6H6v
09:52 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:12 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
10:14 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
10:18 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
10:29 < _cmd_> .
10:30 -!- rich0__ is now known as rich0
10:33 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Quit: WeeChat 0.4.2]
10:36 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
10:37 < _cmd_> !goal i'm working on tuning my road warrior openvpn config to work better at one of my work locations with a 6to4 tunnel. wan mtu / maximum segement size to my vpn server is 1432. using "mssfix 1392" mostly works, but still seems a little flaky and pings to the internal interface of the vpn server show dropped responses. what is the "optimal" method for handling this situation? client config:
10:37 < _cmd_> http://pastebin.com/AQEz6H6v
10:41 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
10:49 -!- doop [~doop@colostomy.club] has joined #openvpn
10:58 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Quit: WeeChat 0.4.2]
10:59 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
10:59 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
11:03 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
11:08 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:14 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Remote host closed the connection]
11:15 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
11:17 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 272 seconds]
11:17 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Client Quit]
11:19 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
11:21 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
11:26 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
11:40 < _cmd_> ok, let's try this again....
11:40 < _cmd_> !goal i'm working on tuning my road warrior openvpn config to work better at one of my work locations with a 6to4 tunnel. wan mtu / maximum segement size to my vpn server is 1432. using "mssfix 1392" mostly works, but still seems a little flaky and pings to the internal interface of the vpn server show dropped responses. what is the "optimal" method for handling this situation? client config:
11:40 < _cmd_> http://pastebin.com/AQEz6H6v
11:49 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
11:55 -!- capri [svedrin@elwing.funzt-halt.net] has joined #openvpn
11:58 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
12:06 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:25 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 250 seconds]
12:27 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
12:36 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:40 -!- xxavi [~xxavi@46.246.49.254] has quit [Ping timeout: 260 seconds]
13:00 -!- master_of_master [~master_of@p4FD7BED1.dip0.t-ipconnect.de] has joined #openvpn
13:04 -!- master_o1_master [~master_of@p4FF24E7C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
13:12 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
13:19 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has joined #openvpn
13:21 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:22 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
13:32 < pepee> I'm connecting to the internet in my laptop through the VPN client in my phone... how come I can download a file through http+ssl just fine but a file download through http can make the client reconnect?
13:33 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
13:34 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
13:35 < bluenemo> hi guys. I just moved my vpn server to another server instance with a new ip. In the client configs, I changed the old DNS hostname for the new one and restarted all clients. It seems now, that not all clients are getting the IPs that I set in staticclients, but are connected to the VPN. Is there some KILL Signal or sth I can send via the VPN Server to force all clients to reconnect and get the proper defined IP?
13:36 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has quit [Quit: Leaving]
13:51 -!- Malsasa [~Malsasa@114.79.28.78] has quit [Ping timeout: 255 seconds]
14:00 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Remote host closed the connection]
14:01 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has joined #openvpn
14:02 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
14:07 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
14:09 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has quit [Ping timeout: 246 seconds]
14:10 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
14:15 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
14:57 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
14:58 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 246 seconds]
14:59 -!- pepee_ is now known as pepee
15:06 -!- john-soda [~john-soda@77.119.130.16.wireless.dyn.drei.com] has joined #openvpn
15:10 -!- john-soda [~john-soda@77.119.130.16.wireless.dyn.drei.com] has quit [Client Quit]
15:19 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
15:20 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Remote host closed the connection]
15:22 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
15:25 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 272 seconds]
15:30 -!- dranix [~dranix@103.20.170.81] has quit [Ping timeout: 256 seconds]
15:33 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 244 seconds]
15:39 -!- pepee_ is now known as pepee
15:57 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
15:57 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:12 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
16:13 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
16:13 -!- pepee_ is now known as pepee
16:36 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 240 seconds]
16:37 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
16:38 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
16:38 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
16:38 -!- pepee_ is now known as pepee
17:10 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
17:21 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
17:23 < ki7rw> Windows 10 Home - OpenVPN GUI isn't visible when launched - i tried a solution that someone had for Win7 but that didn't fix the problem
17:29 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 255 seconds]
17:50 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
17:54 -!- Sevalecan [~sevalecan@allegro/user/Sevalecan] has left #openvpn ["Leaving"]
17:54 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 264 seconds]
18:09 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
18:35 -!- esde [~esde@openvpn/user/esde] has quit [Quit: .]
18:36 -!- esde [~something@openvpn/user/esde] has joined #openvpn
18:36 -!- mode/#openvpn [+v esde] by ChanServ
18:45 < _cmd_> !goal i'm working on tuning my road warrior openvpn config to work better at one of my work locations with a 6to4 tunnel. wan mtu / maximum segement size to my vpn server is 1432. using "mssfix 1392" mostly works, but still seems a little flaky and pings to the internal interface of the vpn server show dropped responses. what is the "optimal" method for handling this situation? client confi -
18:45 < _cmd_> http://pastebin.com/AQEz6H6v
18:51 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 265 seconds]
18:55 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
19:05 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 256 seconds]
19:37 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
19:38 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
19:38 -!- pepee_ is now known as pepee
19:59 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
20:00 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
20:00 -!- pepee_ is now known as pepee
20:05 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 265 seconds]
20:20 -!- pepee_ [~qzerty@unaffiliated/pepee] has joined #openvpn
20:21 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Disconnected by services]
20:21 -!- pepee_ is now known as pepee
20:22 -!- hennos [~midas8@167.160.44.242] has quit [Quit: Leaving]
20:32 -!- Olipro- [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
20:32 < Olipro-> is CIDR notation allowed for the "route" command?
20:38 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
20:43 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 246 seconds]
20:49 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
21:11 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
21:13 < ki7rw> when i create a certificate, it first asks for a Common Name (CN) followed by Name - when i look at the resulting certificate i'm see the "Name" as the CN - since i leave Name as the default EasyRSA on all certs, is that why only one client can connect?
21:15 < ki7rw> openvpn 2.3.2
21:27 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 265 seconds]
21:47 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
22:06 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
22:11 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Quit: sudo killall -9 -1]
22:44 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Leaving]
22:49 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
22:58 -!- toli [~toli@ip-62-235-239-83.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
23:00 -!- doop [~doop@colostomy.club] has joined #openvpn
23:01 -!- toli [~toli@ip-62-235-239-85.dsl.scarlet.be] has joined #openvpn
23:05 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
23:07 -!- doop [~doop@colostomy.club] has joined #openvpn
23:08 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:15 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
23:17 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
23:19 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 272 seconds]
23:19 -!- trumee_ is now known as trumee
23:45 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
23:46 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
23:49 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 265 seconds]
23:49 -!- trumee_ is now known as trumee
23:58 -!- ShadniX [dagger@p5DDFF914.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:59 -!- ShadniX [dagger@p5794153E.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Aug 24 2015
00:01 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
00:14 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
00:15 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
00:25 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
00:27 -!- Malsasa [~Malsasa@114.79.28.73] has joined #openvpn
00:40 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:16 -!- hojgaard [~hojgaard@78.156.117.236] has joined #openvpn
01:20 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
01:21 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Remote host closed the connection]
01:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:40 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
01:46 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
01:47 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Remote host closed the connection]
01:47 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
01:49 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Remote host closed the connection]
01:55 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 245 seconds]
01:56 -!- jesopo [jess@lolnerd.net] has joined #openvpn
02:03 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
02:04 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
02:05 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
02:23 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
02:23 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
02:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:45 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
04:12 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 252 seconds]
04:22 -!- Malsasa [~Malsasa@114.79.28.73] has quit [Ping timeout: 265 seconds]
04:24 -!- Malsasa [~Malsasa@114.79.28.10] has joined #openvpn
04:39 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:659e:a51a] has joined #openvpn
04:40 -!- Malsasa [~Malsasa@114.79.28.10] has quit [Killed (barjavel.freenode.net (Nickname regained by services))]
04:55 -!- Malsasa [~Malsasa@114.79.28.10] has joined #openvpn
05:04 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:14 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
05:37 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
05:42 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:51 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 246 seconds]
05:51 -!- js_ [~js@js.madepeople.se] has quit [Ping timeout: 246 seconds]
05:51 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
05:52 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:659e:a51a] has quit [Ping timeout: 246 seconds]
05:55 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:659e:a51a] has joined #openvpn
05:55 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Ping timeout: 246 seconds]
05:55 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 246 seconds]
05:56 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-adelzpkjavedkzrr] has quit [Ping timeout: 246 seconds]
05:58 -!- peder [~peder@rubin.ifi.uio.no] has quit [Ping timeout: 246 seconds]
05:58 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-pnkulpbmbgtyhjst] has joined #openvpn
05:58 -!- zamba [marius@flage.org] has quit [Ping timeout: 246 seconds]
05:58 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
06:01 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
06:01 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
06:02 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
06:04 -!- zamba [marius@flage.org] has joined #openvpn
06:07 -!- peder [~peder@rubin.ifi.uio.no] has joined #openvpn
06:21 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:21 -!- mode/#openvpn [+o mattock_] by ChanServ
06:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
06:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:43 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:43 -!- mode/#openvpn [+o mattock1] by ChanServ
07:01 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:01 -!- mode/#openvpn [+o mattock2] by ChanServ
07:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
07:03 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
07:06 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
07:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:13 -!- mode/#openvpn [+o mattock1] by ChanServ
07:18 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 260 seconds]
07:20 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
07:25 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
07:28 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
07:53 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
07:55 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:56 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
07:57 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
08:01 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
08:04 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
08:07 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 250 seconds]
08:07 -!- trumee_ is now known as trumee
08:13 -!- Malsasa [~Malsasa@114.79.28.10] has quit [Ping timeout: 250 seconds]
08:18 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:18 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
08:22 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 246 seconds]
08:26 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
08:27 -!- dazo_afk is now known as dazo
08:27 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
08:28 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:36 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
08:59 -!- abbe [having@badti.me] has quit [Ping timeout: 246 seconds]
09:00 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Ping timeout: 246 seconds]
09:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:00 -!- mode/#openvpn [+o mattock1] by ChanServ
09:00 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 246 seconds]
09:01 -!- wsherwin [~wgs3@unaffiliated/wgs3] has joined #openvpn
09:02 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
09:02 -!- abbe [having@badti.me] has joined #openvpn
09:06 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
09:07 -!- wsherwin [~wgs3@unaffiliated/wgs3] has quit [Quit: leaving]
09:13 -!- wdn [~textual@200.175.156.55.static.gvt.net.br] has joined #openvpn
09:13 -!- k0nsl [~k0nsl@209.141.39.33] has quit [Changing host]
09:13 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
09:15 -!- wdn [~textual@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:17 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
09:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
09:30 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
09:45 < _cmd_> i'm working on tuning my road warrior openvpn config to work better at one of my work locations with a 6to4 tunnel. wan mtu / maximum segement size to my vpn server is 1432. using "mssfix 1392" mostly works, but still seems a little flaky and pings to the internal interface of the vpn server show dropped responses. what is the "optimal" method for handling this situation? client config:
09:45 < _cmd_> http://pastebin.com/AQEz6H6v
09:52 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
09:55 < ki7rw> this is weird, one of my machines on the LAN can connect to the vpn server using the LAN address (19#.###.###.1) for the vpn server while all other clients have to use my domain name (whatever.com) to connect
09:56 < ki7rw> all clients are on the LAN right now, BTW, for testing
09:57 < ki7rw> why can't i connect to the vpn server's LAN address with all clients on the LAN?
09:57 < ki7rw> am i making any sense?
09:58 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:00 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
10:17 -!- wowaname [h@love.wowana.me] has joined #openvpn
10:19 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
10:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:22 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:23 -!- septopus [~septopus@2604:a880:800:10::98:9001] has joined #openvpn
10:23 < ki7rw> i don't know what's going on with the openvpn forum but when i search for info about windows 10 i get an error message about my search words being common words
10:24 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:27 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
10:28 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:30 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 265 seconds]
10:31 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
10:33 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:34 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
10:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:39 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
10:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:41 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:44 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
10:45 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:47 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:48  * ki7rw guesses everyone is at work
10:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
10:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:56 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
10:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
11:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
11:24 < skyroveRR> o/ ki7rw
11:27 -!- SineDeviance [~quassel@2602:306:3908:8eb0:a4cc:db0b:9a06:c083] has quit [Quit: No Ping reply in 180 seconds.]
11:28 -!- SineDeviance [~quassel@2602:306:3908:8eb0:6dec:4053:573c:fc7c] has joined #openvpn
11:29 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:32 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
12:01 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
12:36 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
12:40 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Leaving]
12:45 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
12:49 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Remote host closed the connection]
12:50 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
12:50 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
13:00 -!- master_o1_master [~master_of@p4FF24FBB.dip0.t-ipconnect.de] has joined #openvpn
13:03 -!- master_of_master [~master_of@p4FD7BED1.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
13:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:05 -!- mode/#openvpn [+o mattock1] by ChanServ
13:07 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:11 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:19 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
13:21 -!- Buff|Away is now known as Buffman
13:27 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:27 -!- hennos [~midas8@167.160.44.242] has joined #openvpn
13:42 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has joined #openvpn
13:45 -!- dazo is now known as dazo_afk
13:50 -!- sklv [~sklv@80.229.16.48] has quit [Remote host closed the connection]
13:55 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
14:07 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 260 seconds]
14:16 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:22 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:22 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Remote host closed the connection]
14:25 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:30 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
14:36 -!- janjust [~janjust@openvpn/community/support/janjust] has joined #openvpn
14:50 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: leaving]
14:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
15:01 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
15:22 -!- jrgcombr [~jrgcombr@177.148.147.234] has joined #openvpn
15:23 -!- jrgcombr_ [~jrgcombr@177.148.147.234] has quit [Read error: Connection reset by peer]
15:23 -!- jrgcombr [~jrgcombr@177.148.147.234] has quit [Read error: Connection reset by peer]
15:32 -!- bruxC [~bruxC@66.63.84.178] has quit [Ping timeout: 246 seconds]
15:54 -!- hennos [~midas8@167.160.44.242] has quit [Quit: Leaving]
15:58 -!- hennos [~midas8@167.160.44.239] has joined #openvpn
15:58 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:19 -!- hennos [~midas8@167.160.44.239] has quit [Quit: Leaving]
16:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
16:26 < _cmd_> doobie doobie doo.....
16:28 -!- hennos [~midas8@167.160.44.237] has joined #openvpn
16:38 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
16:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:39 -!- janjust [~janjust@openvpn/community/support/janjust] has quit [Quit: Leaving]
16:48 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
16:53 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Client Quit]
17:02 -!- toli [~toli@ip-62-235-239-85.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
17:06 -!- toli [~toli@ip-62-235-239-85.dsl.scarlet.be] has joined #openvpn
17:09 -!- Olipro- [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 250 seconds]
17:10 < _cmd_> i'm working on tuning my road warrior openvpn config to work better at one of my work locations with a 6to4 tunnel. wan mtu / maximum segement size to my vpn server is 1432. using "mssfix 1392" mostly works, but still seems a little flaky and pings to the internal interface of the vpn server show dropped responses. what is the "optimal" method for handling this situation? client config:
17:10 < _cmd_> http://pastebin.com/iSwrGxFG
17:11 -!- toli [~toli@ip-62-235-239-85.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:15 -!- toli_ [~toli@62.235.148.230] has joined #openvpn
17:17 -!- toli_ is now known as toli
17:25 -!- jrgcombr [~jrgcombr@177.148.168.218] has joined #openvpn
17:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
17:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
17:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
17:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
18:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
18:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
18:33 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
18:33 -!- Cosmoe [~Freenode@ks3301831.kimsufi.com] has quit [Ping timeout: 256 seconds]
18:34 -!- typ [~quassel@unaffiliated/typ] has quit [Ping timeout: 256 seconds]
18:35 -!- sysrex [~sysrex@cloud.sysrex.com] has quit [Ping timeout: 246 seconds]
18:35 -!- sysrex [~sysrex@2001:41d0:a:6a5c::1] has joined #openvpn
18:37 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-inyesndmfrbnwyts] has quit [Ping timeout: 250 seconds]
18:38 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-askifadshwovfhee] has quit [Ping timeout: 250 seconds]
18:38 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-dmkcjkbotfjpwsby] has joined #openvpn
18:39 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-yjzdxakxadnearib] has joined #openvpn
18:44 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
18:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
18:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
19:01 -!- endzYme [~endzYme@ec2-52-10-45-178.us-west-2.compute.amazonaws.com] has left #openvpn []
19:09 -!- s7eele [~AndChat52@ip184-187-146-111.lf.br.cox.net] has quit [Quit: Bye]
19:11 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
19:30 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
19:41 -!- s7eele [~AndChat52@208.167.254.85] has joined #openvpn
19:50 -!- s7eele [~AndChat52@208.167.254.85] has quit [Remote host closed the connection]
19:53 -!- losted [~losted@209.171.129.222] has joined #openvpn
19:54 < losted> !welcome
19:54 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
19:54 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:54 < losted> !he
19:58 < losted> Hello all, I followed this tutorial to install openvpn and everything went smooth but when I try to connect to it with tunnelblick I get error like “Options error: Unrecognized option or missing parameter(s) in /Library/Application Support/Tunnelblick/Users/losted/losted.tblk/Contents/Resources/config.ovpn:1”, “OpenVPN returned with status 1, errno = 13” and “Permission denied”… (tutorial :
19:58 < losted> https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7) (full log file : http://pastebin.com/zBXH6UCF) .. any help is appreciated thanks!
19:58 <@vpnHelper> Title: How To Setup and Configure an OpenVPN Server on CentOS 7 | DigitalOcean (at www.digitalocean.com)
20:14 -!- r00t^2 is now known as ALT_F4
20:15 -!- ALT_F4 is now known as r00t^2
20:29 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:30 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
20:30 -!- trumee_ is now known as trumee
20:35 -!- losted [~losted@209.171.129.222] has quit [Quit: losted]
20:39 -!- losted [~losted@209.171.129.222] has joined #openvpn
20:40 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
20:40 < losted> I’m back!
21:07 -!- Malsasa [~Malsasa@114.79.29.109] has joined #openvpn
21:28 -!- losted [~losted@209.171.129.222] has quit [Quit: losted]
21:30 -!- losted [~losted@209.171.129.222] has joined #openvpn
21:39 -!- Malsasa [~Malsasa@114.79.29.109] has quit [Read error: Connection reset by peer]
21:48 -!- hennos [~midas8@167.160.44.237] has quit [Quit: Leaving]
22:10 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
22:27 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:42 -!- Techjar [~Techjar@23-122-2-120.lightspeed.dybhfl.sbcglobal.net] has joined #openvpn
22:44 < Techjar> Is there any way to work around the issue of windows being basically retarded with network to have "no internet access"? Whenever I'm connected to the VPN it seems to choose between my real network adapter and the OpenVPN one at random, for connections to the internet.
22:48 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
22:50 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
23:08 -!- losted [~losted@209.171.129.222] has quit [Quit: losted]
23:11 -!- Techjar [~Techjar@23-122-2-120.lightspeed.dybhfl.sbcglobal.net] has quit [Disconnected by services]
23:11 -!- Techjar [~Techjar@23-122-2-120.lightspeed.dybhfl.sbcglobal.net] has joined #openvpn
23:14 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
23:15 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 256 seconds]
23:15 -!- trumee_ is now known as trumee
23:51 -!- korrosive [~unknownso@c-24-13-157-73.hsd1.il.comcast.net] has joined #openvpn
23:56 -!- ShadniX [dagger@p5794153E.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:57 -!- ShadniX [dagger@p579417CD.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Tue Aug 25 2015
00:02 -!- korrosive [~unknownso@c-24-13-157-73.hsd1.il.comcast.net] has quit []
00:04 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
00:08 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:15 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 246 seconds]
00:18 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 252 seconds]
00:19 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
00:21 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
00:22 -!- mode/#openvpn [+o dazo_afk] by ChanServ
00:22 -!- dazo_afk is now known as dazo
00:32 -!- Malsasa [~Malsasa@cpe-76-170-191-60.socal.res.rr.com] has joined #openvpn
00:46 -!- Malsasa is now known as Guest12573
00:46 -!- Guest12573 [~Malsasa@cpe-76-170-191-60.socal.res.rr.com] has quit [Killed (sinisalo.freenode.net (Nickname regained by services))]
00:50 -!- thomas_d [5cec8361@gateway/web/freenode/ip.92.236.131.97] has joined #openvpn
00:50 < thomas_d> when stopping/starting openvpn I'm not getting the expected output of "add net 10.8.0.0: gateway 10.8.0.2"
00:51 < thomas_d> netstat -r shows a route of "10.8.0.0           10.8.0.2           UGS        tun0" in there though?
00:51 < thomas_d> In any case, the client cannot reach the internet at the moment. I'm pretty sure it's a routing problem.
00:52 < thomas_d> From the server, ifconfig shows the tun0 to be "10.8.0.1 --> 10.8.0.2" - can ping 10.8.0.1, canNOT ping 10.8.0.2
00:53 < thomas_d> From the client, "inet addr:10.8.0.6  P-t-P:10.8.0.5", canNOT ping 10.8.0.5 or 10.8.0.2, CAN ping 10.8.0.1, canNOT ping internet...
00:53 < thomas_d> From the server I can ping the internet.
00:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:59 -!- mode/#openvpn [+o mattock1] by ChanServ
01:13 -!- dan_j [sid21651@gateway/web/irccloud.com/x-lcqzahhtgoqqlnrw] has quit [Ping timeout: 245 seconds]
01:13 -!- Eneerge [eneergealt@unaffiliated/eneerge] has quit [Ping timeout: 272 seconds]
01:13 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 244 seconds]
01:16 -!- dan_j [sid21651@gateway/web/irccloud.com/x-mxqsletyidgtlnpz] has joined #openvpn
01:18 -!- Eneerge [eneergealt@unaffiliated/eneerge] has joined #openvpn
01:19 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
01:30 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 252 seconds]
01:32 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
01:36 -!- Eneerge [eneergealt@unaffiliated/eneerge] has quit [Ping timeout: 272 seconds]
01:39 < subzero79> Thomas_d: .5 and .2 are placeholders. They don't responds
01:41 < subzero79> From the client you should be able to ping .1 and from the server  ping .5
01:42 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Max SendQ exceeded]
01:42 < subzero79> To redirect traffic through the server you need to push def1 and enable forwarding on the server
01:43 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
01:49 < thomas_d> subzero79: thank you, yes, it's a firewall problem :D
01:57 -!- Eneerge [eneergealt@unaffiliated/eneerge] has joined #openvpn
02:15 < skyroveRR> Why does http-proxy require openvpn to run on TCP rather than UDP?
02:16 < skyroveRR> Can't it somehow spoof the proxy into believing it's TCP even on UDP?
02:16 < skyroveRR> s/spoof/fool.
02:35 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
02:39 -!- lev__ [~lev@stipakov.fi] has joined #openvpn
02:39 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:57 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:41 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
03:45 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
04:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:25 -!- jrgcombr [~jrgcombr@177.148.168.218] has quit [Ping timeout: 260 seconds]
04:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:30 -!- jrgcombr [~jrgcombr@179.34.152.212] has joined #openvpn
04:33 -!- ratsupremacy [~antihero@37.139.5.204] has left #openvpn []
04:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:10 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
05:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:23 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has quit [Quit: irc panic]
05:24 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has joined #openvpn
05:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:44 -!- AlexRussia_ [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
05:44 -!- wRabbit_ [~luis@178235004062.warszawa.vectranet.pl] has joined #openvpn
05:44 < wRabbit_> Hi guys, I'm trying to configure openvpn on gentoo (as server). Im not sure where i should paste client certyficates on server, any idea ?
05:54 < sysrex> wRabbit_, , the client certificates?
05:54 < wRabbit_> sysrex yes
05:54 < sysrex> the client certificates are built on the server with build-key <name>
05:55 < sysrex> I just setupped my OpenVPN server but I did not paste any certs on the server
05:55 < wRabbit_> But i dont have to put somewhere on server client files ?
05:55 < sysrex> from server you put files to the client
05:55 < sysrex> those used by the clients to connect
05:56 < wRabbit_> I got error on client: openvpn incoming plaintext read error, I found in google that can be problem with cert on server :/
05:56 < sysrex> that could be, specially if you use duplicate-cn option commented out
05:56 < sysrex> which means each client needs his own certificate
05:57 < wRabbit_> Im testing it on single machine now
05:57 < sysrex> ok, how did you build the certificates
05:57 -!- hennos [~midas8@167.160.44.237] has joined #openvpn
05:58 < sysrex> ca.crt and client.crt
05:58 < sysrex> ?
05:58 < sysrex> with the easy-rsa scripts?
05:59 < wRabbit_> First i did source ./vars than ./clean-all and ./build-ca. After that ./build-key-server example and ./build-dh
05:59 < wRabbit_> than i build a client cert ./build-key
06:00 < sysrex> seems that you did it right then
06:00 < sysrex> maybe not the right order
06:00 < wRabbit_> I was following guide from gentoo wiki
06:04 < wRabbit_> got error :D checking now again :)
06:06 < wRabbit_> wow i connected :) thank you for help
06:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
06:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:09 < sysrex> wRabbit_, , well I didn't do anything actully
06:10 < wRabbit_> sysrex: yes but you was trying to help :)
06:11 < sysrex> oh well, I had a small problem myself and this room seems to be sleeping
06:11 < sysrex> I couldn't figure out how to assign static ip's to my clients
06:11 < sysrex> took me a while
06:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
06:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:15 < wRabbit_> sysrex true, this channel looks like dead one
06:15 < sysrex> I just think people are busy
06:15 < sysrex> :)
06:15 < wRabbit_> Or sleep ;)
06:16 < sysrex> we grow old, and change priorities
06:16 < wRabbit_> if you say so :) i still prefer whisky on first place ;)
06:18 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:18 < wRabbit_> damn, problems and problems vpn connect but now i cannot connect with vnc ehh
06:21 < sysrex> you should check the firewall
06:21 < sysrex> and see if you have access to the 5900 and 5901 ports
06:23 < wRabbit_> right good point with ports i need to setup port forwarding
06:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
06:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:31 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-yjzdxakxadnearib] has quit [Quit: Connection closed for inactivity]
06:32 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-rksshgrnlizpmlpb] has joined #openvpn
06:38 -!- yogg [506e998f@gateway/web/freenode/ip.80.110.153.143] has joined #openvpn
06:38 < yogg> Hi
06:38 -!- mighq [~mighq@2001:67c:284:16:bb9c:29ea:957:6f48] has joined #openvpn
06:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
06:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:41 < yogg> I have a debian client and I wan't to send multiple dns search suffixes. I have testet 'push "dhcp-option DOMAIN myfirst.local mysec.local"' multible DOMAIN entrys, single SEARCH and multible SEARCH entrys nothing seems to work :(
06:42 < yogg> I have not tested it with an Windows or MAC client, but what would be the correct way to send multible dns search suffixes to an client?
07:06 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: updating router firmware, BRB!!!!]
07:07 -!- ShiroNeko [~akuusagi@ip-176-199-221-203.hsi06.unitymediagroup.de] has joined #openvpn
07:08 < ShiroNeko> hello, can i use the wheezy packages from swupdate.openvpn.net for debian jessie too, or will the repository be updated in the future?
07:10 -!- jrgcombr_ [~jrgcombr@179.34.167.44] has joined #openvpn
07:12 -!- jrgcombr [~jrgcombr@179.34.152.212] has quit [Ping timeout: 252 seconds]
07:25 < yogg> Same results on a Windows box. Seems it is not possible to push multible DNS suffixes to an client :(
07:34 -!- yogg [506e998f@gateway/web/freenode/ip.80.110.153.143] has quit [Quit: Page closed]
07:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
07:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:53 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
08:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: updating router firmware, BRB!!!!]
08:06 -!- ShiroNeko [~akuusagi@ip-176-199-221-203.hsi06.unitymediagroup.de] has quit [Quit: Lost terminal]
08:17 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
08:20 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:32 -!- jrgcombr_ is now known as jrgcombr
08:34 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
08:36 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
08:37 <+esde> https://www.youtube.com/watch?v=PFsC1puqhA4
08:37 -!- dym [~patrick@unaffiliated/dym] has left #openvpn []
08:37 <+esde> "How to Destroy a Laptop with Top Secrets [cccamp15]"
08:39 -!- hennos [~midas8@167.160.44.237] has quit [Quit: Leaving]
08:45 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: router issues]
08:47 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:04 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:17 -!- losted [~losted@209.171.129.222] has joined #openvpn
09:20 -!- wRabbit_ [~luis@178235004062.warszawa.vectranet.pl] has quit [Quit: Konversation terminated!]
09:37 -!- Denial- [~Denial@81.141.4.104] has joined #openvpn
09:37 -!- Denial [~Denial@81.141.22.152] has quit [Ping timeout: 244 seconds]
09:46 -!- Denial- [~Denial@81.141.4.104] has quit []
09:55 -!- losted [~losted@209.171.129.222] has quit [Quit: losted]
10:04 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Router firmware upgrades...... BRB AGAIN!!!]
10:15 -!- Malsasa [~Malsasa@114.79.28.230] has joined #openvpn
10:21 -!- mighq [~mighq@2001:67c:284:16:bb9c:29ea:957:6f48] has quit [Quit: Leaving.]
10:41 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-rksshgrnlizpmlpb] has quit [Quit: Connection closed for inactivity]
11:10 < skyroveRR> Hello all, is it ok to run two instances of openvpn, one instance implementing TCP, and the other implementing UDP on the SAME port?
11:17 -!- janjust [~janjust@openvpn/community/support/janjust] has joined #openvpn
11:19 -!- janjust [~janjust@openvpn/community/support/janjust] has quit [Quit: Leaving]
11:25 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:25 -!- hennos [~midas8@167.160.44.237] has joined #openvpn
11:25 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:36 < jrgcombr> skyroveRR, yes.
11:37 < skyroveRR> jrgcombr: I'm concerned about the TLS authentication handshake, would it interfere with the TCP instance when run from a UDP client?
11:39 < jrgcombr> skyroveRR, no, I don´t any issues related with that. I have two instances because sometimes the client is connected to a poor ISP that drops too many UDP pkts
11:44 < skyroveRR> Ok.
11:58 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
12:29 -!- jrgcombr [~jrgcombr@179.34.167.44] has quit [Ping timeout: 252 seconds]
12:34 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lkffsdiincbsuhqr] has joined #openvpn
12:43 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
12:45 -!- master_o1_master [~master_of@p4FF24FBB.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
12:55 -!- Malsasa [~Malsasa@114.79.28.230] has quit [Ping timeout: 250 seconds]
12:57 -!- pepee [~qzerty@unaffiliated/pepee] has joined #openvpn
12:58 < pepee> I'm connecting to the internet in my laptop through the VPN client in my phone. I can download a file through http+ssl just fine but a file download through http can make the client reconnect. what could be the problem?
13:15 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Read error: Connection reset by peer]
13:15 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lkffsdiincbsuhqr] has quit [Ping timeout: 244 seconds]
13:16 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 244 seconds]
13:17 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-xcxwoqzinvnkithp] has left #openvpn []
13:17 -!- dvl_ [~dvl@freebsd/developer/dvl] has joined #openvpn
13:17 -!- dvl_ is now known as dvl
13:19 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-kvnubolpskwaxtmk] has joined #openvpn
13:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
13:21 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
13:23 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
13:26 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:31 -!- Denial [~Denial@81.141.4.104] has joined #openvpn
13:32 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
13:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:39 -!- wowaname [h@love.wowana.me] has quit [Ping timeout: 260 seconds]
13:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
13:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:45 -!- pepee [~qzerty@unaffiliated/pepee] has quit [Ping timeout: 250 seconds]
13:46 -!- master_of_master [~master_of@p4FF24B78.dip0.t-ipconnect.de] has joined #openvpn
13:47 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
13:58 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
14:10 -!- dazo is now known as dazo_afk
14:17 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Ping timeout: 272 seconds]
14:17 -!- doop [~doop@colostomy.club] has joined #openvpn
14:27 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
14:27 -!- jrgcombr [~jrgcombr@177.139.245.237] has joined #openvpn
14:32 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: router issues again brb]
14:51 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
14:56 -!- jacekowski [jacekowski@jacekowski.org] has joined #openvpn
14:56 < jacekowski> hi people
14:56 < jacekowski> i'm trying to use openvpn connect on android but it's complaining about TLS version too low
14:56 < jacekowski> but i can't find any information anywhere about actual TLS version used
14:56 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
14:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
14:59 < jacekowski> what version does openvpn connect require?
15:00 < ki7rw> i'm using 2.3.2
15:03 < jacekowski> anything fancy in your config files?
15:17 -!- zamber [~zamber@78.10.90.243] has joined #openvpn
15:34 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Remote host closed the connection]
15:50 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
16:01 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:01 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
16:07 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: router issues, brb]
16:09 -!- losted [~losted@209.171.129.222] has joined #openvpn
16:13 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
16:23 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:28 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
16:42 -!- janjust [~janjust@openvpn/community/support/janjust] has joined #openvpn
16:43 < janjust> !book
16:44 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2!
16:44 < janjust> *grin* we need to update that. who has power to do so?
16:44 < janjust> ecrist - can you handle this?
16:49 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
16:57 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
17:11 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:12 -!- janjust [~janjust@openvpn/community/support/janjust] has quit [Ping timeout: 246 seconds]
17:28 -!- losted [~losted@209.171.129.222] has quit [Quit: losted]
17:41 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
18:20 -!- losted [~losted@209.171.129.222] has joined #openvpn
18:31 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 246 seconds]
18:37 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
18:39 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has joined #openvpn
18:44 < Entelin> I do consulting for small/medium size businesses, I've been deplying openvpn at most sites (I have about 15 so far) for various uses and it works great. Many clients however tend to have very common ip addressing (ie 192.168.1.x or 0, etc), and it's not uncommon in these cases that home users will wind up with the same scheme. For smaller businesses I've been just trying to change their ip addressing sc
18:44 < Entelin> heme, however for larger clients this becomes a pain, is there any workable way around this?
18:58 -!- IamError [~tom@unaffiliated/iamerror] has quit [Quit: Bye!]
18:58 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
19:03 -!- HM [~HM@81.4.101.225] has joined #openvpn
19:08 -!- losted [~losted@209.171.129.222] has quit [Quit: losted]
19:15 -!- hennos [~midas8@167.160.44.237] has quit [Quit: Leaving]
19:15 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 244 seconds]
19:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:16 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 260 seconds]
19:17 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
19:19 -!- hennos [~midas8@70.38.6.187] has joined #openvpn
19:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:25 -!- Gwoplock [~quassel@104.56.172.189] has quit [Ping timeout: 245 seconds]
19:32 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
19:37 < Thermi> Entelin: client-snat/dnat
19:45 -!- jrgcombr_ [~jrgcombr@179.34.131.41] has joined #openvpn
19:46 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
19:46 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 246 seconds]
19:47 -!- trumee_ is now known as trumee
19:48 -!- jrgcombr [~jrgcombr@177.139.245.237] has quit [Ping timeout: 255 seconds]
20:15 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:15 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 252 seconds]
20:15 -!- trumee_ is now known as trumee
20:25 -!- hennos [~midas8@70.38.6.187] has quit [Quit: Leaving]
20:25 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 265 seconds]
20:26 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:26 -!- trumee_ is now known as trumee
20:32 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Read error: Connection reset by peer]
20:32 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:33 -!- trumee_ is now known as trumee
21:03 -!- thomas_d [5cec8361@gateway/web/freenode/ip.92.236.131.97] has quit [Ping timeout: 246 seconds]
22:20 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:24 -!- Malsasa [~Malsasa@114.79.29.129] has joined #openvpn
22:27 -!- Malsasa [~Malsasa@114.79.29.129] has quit [Read error: Connection reset by peer]
23:36 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
23:42 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has quit [Quit: Leaving]
23:55 -!- ShadniX [dagger@p579417CD.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:55 -!- ShadniX [dagger@p57941531.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Wed Aug 26 2015
00:01 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
00:01 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
00:03 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 245 seconds]
00:05 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
00:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:19 -!- mode/#openvpn [+o mattock1] by ChanServ
00:52 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 252 seconds]
01:00 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
01:07 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 245 seconds]
01:09 -!- hojgaard [~hojgaard@78.156.117.236] has quit [Remote host closed the connection]
01:14 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
01:18 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 240 seconds]
01:42 -!- Malsasa [~Malsasa@114.79.29.195] has joined #openvpn
02:30 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
02:46 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 260 seconds]
02:53 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
03:12 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 244 seconds]
03:24 -!- reith [~nil@unaffiliated/reith] has joined #openvpn
03:45 -!- dazo_afk is now known as dazo
03:46 -!- Malsasa [~Malsasa@114.79.29.195] has quit [Remote host closed the connection]
04:24 -!- lykinsbd_ [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
04:25 -!- SoreGums_ [sid22927@gateway/web/irccloud.com/x-jribonzbsunvtwnp] has joined #openvpn
04:26 -!- abbe_ [having@badti.me] has joined #openvpn
04:27 -!- Olipro- [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
04:28 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-dmkcjkbotfjpwsby] has quit [Ping timeout: 241 seconds]
04:28 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
04:28 -!- sysrex [~sysrex@2001:41d0:a:6a5c::1] has quit [Ping timeout: 240 seconds]
04:28 -!- abbe [having@badti.me] has quit [Ping timeout: 240 seconds]
04:28 -!- Savemech [Savemech@gateway/shell/firrre/x-jrmosgpeucikyzba] has quit [Ping timeout: 259 seconds]
04:28 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Ping timeout: 240 seconds]
04:29 -!- Olipro- is now known as Olipro
04:29 -!- SoreGums_ is now known as SoreGums
04:30 -!- sysrex [~sysrex@cloud.sysrex.com] has joined #openvpn
04:35 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has joined #openvpn
04:45 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:16 -!- toli [~toli@62.235.148.230] has quit [Ping timeout: 246 seconds]
05:19 -!- toli [~toli@ip-62-235-243-160.dsl.scarlet.be] has joined #openvpn
05:29 -!- Savemech [Savemech@gateway/shell/firrre/x-vpazkzkudddemzec] has joined #openvpn
05:36 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [K-Lined]
05:45 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has joined #openvpn
05:50 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
05:52 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:23 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
06:29 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 256 seconds]
06:39 -!- toli [~toli@ip-62-235-243-160.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
06:41 -!- toli [~toli@ip-62-235-243-160.dsl.scarlet.be] has joined #openvpn
06:42 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Read error: Connection reset by peer]
06:59 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:04 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
07:13 -!- Malsasa [~Malsasa@36.71.144.66] has joined #openvpn
07:17 -!- dEPy [~dEPy@46-150-61-158.cable.teleing.net] has quit [Quit: (null)]
07:18 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
07:33 <@ecrist> janjust, I can.
07:36 <@ecrist> !learn book as Jan and Eric's Mastering OpenVPN: https://www.packtpub.com/networking-and-servers/mastering-openvpn
07:36 <@vpnHelper> Error: You don't have the factoids.learn capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
07:36 <@ecrist> stupid bot
07:36 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Quit: Ctrl-C at console.]
07:39 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
07:39 -!- mode/#openvpn [+o vpnHelper] by ChanServ
07:39 <@ecrist> !learn book as Jan and Eric's Mastering OpenVPN: https://www.packtpub.com/networking-and-servers/mastering-openvpn
07:39 <@vpnHelper> Error: You don't have the factoids.learn capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
07:59 -!- cron2 [~gert@openvpn/community/developer/cron2] has joined #openvpn
08:00 -!- mode/#openvpn [+o cron2] by ChanServ
08:00 <@cron2> !learn book as Jan and Eric's Mastering OpenVPN: https://www.packtpub.com/networking-and-servers/mastering-openvpn
08:00 <@vpnHelper> Joo got it.
08:00 <@ecrist> thanks
08:00 -!- cron2 [~gert@openvpn/community/developer/cron2] has left #openvpn []
08:05 -!- Malsasa is now known as Guest24664
08:05 -!- Guest24664 [~Malsasa@36.71.144.66] has quit [Killed (leguin.freenode.net (Nickname regained by services))]
08:32 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:42 -!- jrgcombr [~jrgcombr@179.34.131.41] has joined #openvpn
08:44 -!- jrgcombr_ [~jrgcombr@179.34.131.41] has quit [Ping timeout: 260 seconds]
08:46 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
09:18 -!- reith [~nil@unaffiliated/reith] has quit [Ping timeout: 264 seconds]
09:23 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
09:26 < ki7rw> i don't know if this is OT but i'll ask anyway - is it really necessary to use vpn when making SSL (https) connections? or does SSL connections bypass the vpn?
09:43 <+esde> huh
09:43 < DArqueBishop> ki7rw, uh... heh.
09:44 < DArqueBishop> You're comparing apples to oranges.
09:44 < ki7rw> i'm asking if ssl connections go thru the vpn tunnel
09:45 < ki7rw> and if they are routed thru the vpn tunnel then is there any benefit to doing that
09:46 < DArqueBishop> If the https server is on the other end of the VPN tunnel, then yes, it'll go through the VPN tunnel.
09:48 < ki7rw> i just want to understand the security issues - if an ssl connection is secure then why would you want to route it thru the tunnel - also, on a wifi network using wpa2, is it necessary to use a vpn?
09:49 < ki7rw> i've read some articles that say if you do online banking at a hotspot then you should use vpn even though you have an ssl connection - just wondering why a vpn would be necessary
09:51 < DArqueBishop> I think I'm understanding the disconnect here. While they are being used for "secrecy" and "private browsing", that isn't what VPNs were originally designed for.
09:51 < ki7rw> i guess i'll just have to go buy a book on security or take a few classes at the local college
09:53 < ki7rw> oh well, you can't expect privacy anymore with all the hacks occurring anyway
09:53 < DArqueBishop> OpenVPN (and by default any VPN) exists at a completely different OSI connection layer than https.
09:56 < DArqueBishop> In the case you describe, https goes through the VPN because ALL traffic is going through the VPN. If you want to pick and choose protocols that go through the VPN, that requires some routing and firewall rules (and maybe a proxy).
09:57 -!- doop [~doop@colostomy.club] has joined #openvpn
09:58 < DArqueBishop> !routebyapp
09:58 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on
09:58 <@vpnHelper> defined policies you set. For Linux, read about !lartc
10:00 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:00 -!- bf_ [~bf_@xdsl-81-173-236-49.netcologne.de] has joined #openvpn
10:01 < bf_> hey I have sudden openvpn problems in our company
10:01 < bf_> "TLS Error: TLS key negotiation failed to occur within 60 seconds"
10:01 < bf_> all systems affected o.o
10:01 < DArqueBishop> bf_: https://openvpn.net/index.php/open-source/faq/79-client/253-tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity.html
10:01 <@vpnHelper> Title: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) (at openvpn.net)
10:02 < bf_> DArqueBishop: it affects both server-to-server connections as our offices
10:02 < bf_> FW hasnt been changed
10:02 < bf_> could it be some cert expiry problem?
10:03 < bf_> openvpn restart didn't help
10:06 -!- phreakocious_ is now known as phreakocious
10:09 < bf_> DArqueBishop: ??
10:10 < bf_> any other ideas? the url provides no info
10:10 < DArqueBishop> !logs
10:10 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:10 < bf_> !pastebin
10:10 <@vpnHelper> "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
10:11 < bf_> DArqueBishop: https://gist.github.com/bf/360541252c2a24a41e50
10:11 <@vpnHelper> Title: OpenVPN Log · GitHub (at gist.github.com)
10:11 < bf_> It repeats over and over, I have no idea why
10:12 < bf_> Can I stop it from "Re-using SSL/TLS context" ?
10:15 <@dazo> bf_: If it worked and suddenly started failing like this and you have absolutely not changed anything ... I would guess some clock being out of sync or an expired certificate ... look carefully at server logs, and at least increase --verb to 3 or 4.
10:15 < bf_> In https://forums.openvpn.net/topic12938.html they say it "The problem is solved, When i created the certs one of them failed by the file keys/index.txt"
10:15 <@vpnHelper> Title: OpenVPN Support Forum [SOLVED] TLS Error: TLS key negotiation failed : Installation Help (at forums.openvpn.net)
10:15  * dazo reads pastbins now
10:15 < bf_> thank you very much
10:15 < bf_> I'll increase verb
10:16 < bf_> but certificate expiry will give a real error, right?
10:16 < bf_> I mean an error message that points it out?
10:16 <@dazo> bf_: the paste bin, that's the server or client log?
10:16 < bf_> serve rlog
10:16 <@dazo> bf_: in the server log should report expired certificate, in the client log it can go into such a look with "negotiation failed"
10:17 < bf_> dazo verb is already set to 4
10:17 < bf_> I'll get some client logs
10:17 <@dazo> and double check that clocks are in sync, that is often more critical than you might expect
10:18 -!- Filystyn [~piotr@ip-5-172-247-198.free.aero2.net.pl] has joined #openvpn
10:18 <@dazo> if that is in order ... it is probably a firewall or ISP issue
10:18 < Filystyn> guys
10:18 < Filystyn> i just wanted to brows net using vpn
10:18 < Filystyn> yet the example is about two computers dfq
10:18 < Filystyn> how can i simply use openvpn ?
10:18 < Filystyn> any examples?????
10:18 < Filystyn> demito!
10:19 <@dazo> !redirect
10:19 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
10:19 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
10:19 <@dazo> Filystyn: ^^
10:19 <@dazo> !book
10:19 <@vpnHelper> "book" is (#1) http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2! or (#2) Jan and Eric's Mastering OpenVPN: https://www.packtpub.com/networking-and-servers/mastering-openvpn
10:19 <@dazo> Filystyn: ^^
10:19 < bf_> dazo: with clocks in sync  you mean the date + time are the same? Or microsec level? Because time, timezone etc are in sync
10:20 <@dazo> bf_: as long as just time zone differences ... it can tackle some minutes differences, but you might get odd issues 33 minutes out of sync
10:20 < bf_> dazo: no I think we can rule that cause out
10:20 <@dazo> good!
10:21 < Filystyn> thak you guys
10:21 < Filystyn> ;-)
10:21 < Filystyn> you realy helped ;)
10:21 < Filystyn> I MEAN IT
10:21 < Filystyn> thx
10:22 < Filystyn> im downloading the books
10:22 <@dazo> bf_: but that leaves you to a harder debugging session ... double check firewalls, check traffic flow with tcpdump on the eth interface which openvpn uses ... to ensure there is nothing blocking the traffic
10:23 < Filystyn> but
10:23 < Filystyn> I WANTED ONLY TO fucking brows the net
10:23 -!- Filystyn was kicked from #openvpn by dazo [You get better response here if you behave better ... first warning]
10:23 < bf_> dazo: aggred! there are 20 clients trying to connect simultaneously, so tcpdump will be hard :X
10:24 <@dazo> bf_: oh ... do you use --tls-auth?  double check that key as well
10:24 <@dazo> bf_: try tcpdump on the client side first, that should make it easier
10:24 <@dazo> bf_: if you know the public IP of your failing client, you can easy filter that out with tcpdump too
10:29 < bf_> dazo: why double check the key?
10:29 < bf_> I dont have additional tls auth activated
10:30 <@dazo> bf_: double check it *if* you use it ;-) ... if you don't use it, it's okay no need to check further
10:32 < bf_> oh boy what did i do wrong
10:32 < bf_> I really have no idea
10:33 < bf_> they can communicate and I have not changed a setting.. why does it start to be a problem at 4 in the afternoon?
10:33 <@dazo> bf_: some times, the internet can be unpredictable ... but usually it happens due to some changes, even just some package updates or a reboot
10:34 <@dazo> bf_: if you can ensure that the client and server are capable of passing data outside the tunnel, then it eliminates a few potential issues
10:35 < bf_> I upgraded yesterday maybe i should restart the box?
10:35 < bf_> but not openvpn
10:37 < bf_> "switch it off and on again"
10:38 <@dazo> bf_: well, that is definitely a change ...
10:38 <@dazo> a reboot makes somewhat sense ... but ensure firewall rules are as expected
10:38 <@dazo> what kind of distro?
10:39 < bf_> same prob after restart
10:39 <@dazo> !serverlan
10:39 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
10:40 < bf_> ubuntu 14.04 server with clients being debian + ubuntu server, and arch / ubuntu laptops
10:40 < bf_> v2.3.2-7ubuntu3.1
10:40 <@dazo> okay ... any apparmor or selinux enabled?
10:41 < bf_> never touched these, how can they impact openvpn?
10:41 < bf_> I use docker extensively
10:41 < bf_> vpnserver can also ping its own tun0 addr, but that might be expected
10:42 <@dazo> they are security layers ... I don't know much about apparmor ... but usually if you use openvpn on a box with SELinux and use a non-standard port, you need to tell SELinux about it .... some times an update may remove such modifications (not common, but it has happened once or twice for me)
10:42 <@dazo> yeah, that is expected
10:43 < bf_> ok dazo are you really sure the expiry stuff would be shown on the server logs?
10:43 < bf_> because the "-rw-r--r-- 1 root root 1.5K Aug 27  2014 ca.pem"....
10:43 <@dazo> yes ... but you can double check that with ... openssl x509 -dates -in $CERT
10:43 < bf_> (i know it should be 600)
10:44 < bf_> notafter 2024..
10:44 < bf_> can it be the client certs are limited for 1 yr?
10:44 < bf_> but this cant be as client cerst have been issued with weeks inbetween
10:44 <@dazo> yes, that is possible ... depends on what you did when you created the certs
10:44 < bf_> notAfter=Aug 26 13:13:35 2015 GMT
10:44 < bf_> server.pem
10:45 < bf_> o.o
10:45 < bf_> here is our culprit
10:45 <@dazo> ahh!  There you have it!
10:45 < bf_> thank you for the handy command
10:45 <@dazo> that's right ... server certificate expiry is not reported in the server log
10:45 < bf_> wow why isnt it
10:45 < bf_> It always feels so arcane when I am using any crypto stuff
10:46 <@dazo> because!? .... well, openssl errors are tricky
10:46 <@dazo> and to develop an application with openssl is trickier
10:46 <@dazo> It makes a lot of sense to capture such errors ... but it is far from easy to do it properly
10:46 <@dazo> when openssl is involved
10:47 < bf_> but is there something hindering us from adding the "if (openssl x509 -dates -in server.pem) > now() then error(expired)" to openvpn?
10:47 < bf_> I mean I can volunteer to add it :P
10:47 <@dazo> bf_: Have you tried to restart the openvpn server process when you started seeing these issues?
10:48 < bf_> dazo: multiple times, the log I gave you was after fresh restart
10:48 <@dazo> okay
10:48 < bf_> first thing I did
10:48 < bf_> because i expected that error is thrown when expiries are hit
10:48 <@dazo> It really doesn't check the local expiry ... and it surely doesn't check it on a long running server
10:48 <@dazo> so then openssl says "Fail"   ... and openvpn logs "Failed"
10:49 <@dazo> what you suggest is the right principle ... but doing it correctly in the openvpn source code (written in C), is a tad harder
10:49 <@dazo> but please feel free to look into this!
10:50 < bf_> I can imagine that with all the developments around crypto libs
10:50 < bf_> do you have by chance in mind how i can create the new server key?
10:51 <@dazo> bf_: how do you create your client keys?
10:51 < bf_> CSR -> openssl ca -config openssl.conf -out certs/aaron.pem -infiles newcerts/aaron.csr
10:51 < bf_> so same with server key?
10:51 < bf_> *server pem?
10:51 <@dazo> yeah, basically ... just ensure you have some server flags set .... just a sec, I'll check what I do
10:52 < bf_> thanks a lot
10:55 <@dazo> I have these X509v3 extensions set:
10:55 <@dazo>         X509v3 extensions:
10:55 <@dazo>             X509v3 Basic Constraints: critical
10:55 <@dazo>                 CA:FALSE
10:55 <@dazo>             X509v3 Key Usage:
10:55 <@dazo>                 Digital Signature, Non Repudiation, Key Encipherment
10:55 <@dazo>             X509v3 Extended Key Usage:
10:55 <@dazo>                 TLS Web Server Authentication, TLS Web Client Authentication
10:55 <@dazo>             Netscape Cert Type:
10:55 <@dazo>                 SSL Server
10:56 <@dazo> I use XCA for key management, so not sure how to set this with openssl.cnf
10:56 < bf_> never heard of XCA, an old coworker set up the vpn once :P
10:57 <@dazo> xca is just a fairly straight forward CA utility, graphical ... not the best if you are more people doing CA stuff ... but otherwise really nice
10:58 < bf_> thank god something like that exists
10:58 <@dazo> Just as references ... my client certs have these flags:
10:58 <@dazo>             X509v3 Key Usage:
10:58 <@dazo>                 Digital Signature, Key Encipherment, Data Encipherment
10:58 <@dazo>             X509v3 Extended Key Usage:
10:58 <@dazo>                 TLS Web Client Authentication
10:58 < bf_> but i am in command line of server right now :)
10:58 <@dazo>             Netscape Cert Type:
10:58 <@dazo>                 SSL Client
10:58 <@dazo> you have the CA on the openvpn server!?
10:59 < bf_> No first I want to create a CSR from server.key right??
10:59 < bf_> I know how to sign it by CA on my local machine
10:59 <@dazo> ahh, right!
11:00 <@dazo> good!  that makes sense :)
11:00 < bf_> oh I dont understand all these things it really makes me sad
11:00 < bf_> why does it have to be so complicated
11:00 < bf_> why do i have to look up all this stuff every single time
11:01 <@dazo> I feel your pain ...
11:01 <@dazo> that's why there are projects like easy-rsa, xca and tinyca
11:01 < bf_> I cannot figure out how to create a csr from existing key for my situation :X
11:02 < bf_> openssl req -out server.csr -key server.key is not working
11:02 <@dazo> actually, do you have the old csr?
11:03 < bf_> nope
11:03 <@dazo> what error do you get?
11:03 < bf_> I can also just generate a new server.key right? or will it break stuff
11:03 < bf_> dazo: it just hangs
11:03 <@dazo> it waits for stdin input then ... so it expects more parameters probably
11:03  * dazo runs a check
11:06 <@dazo> bf_: missing -config?
11:06 <@dazo> ahh!  add -new
11:09 < bf_> but the openssl.conf is only on my client
11:09 < bf_> it is not on the server
11:09 < bf_> crazy times
11:09 <@dazo> right ... you don't need -config ... my fault
11:09 <@dazo> you need -new, I believe
11:09 < bf_> i can move it :D
11:09 <@dazo> no need :)
11:09 < bf_> ok that worked
11:09 <@dazo> openssl req -new -out server.csr -key server.key
11:09 <@dazo> that worked for me
11:12 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit []
11:13 < bf_> YOU ARE MY HERO dazo !!!
11:13 < bf_> Thank you so much for helping me
11:17 < bf_> dazo: I am documenting everything now
11:17 < bf_> but a tool to keep an eye on cert expiries would come very handy
11:21 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
11:23 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
11:23 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has joined #openvpn
11:25 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has quit [Client Quit]
11:27 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has joined #openvpn
11:27 < ki7rw> !lartc
11:27 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
11:28 < bf_> ki7rw: ?
11:28 < bf_> was this meant for me?
11:29 < ki7rw> no
11:34 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
11:37 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
11:50 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
12:00 < skyroveRR> I'd like to suggest that the easyrsa howto on this link https://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html needs to be updated. The new easyrsa package from github no longer supports the commands mentioned in that howto. :)
12:00 <@vpnHelper> Title: RSA Key Management (at openvpn.net)
12:01 < skyroveRR> And this one also https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto
12:01 <@vpnHelper> Title: EasyRSA3-OpenVPN-Howto – OpenVPN Community (at community.openvpn.net)
12:02 <@dazo> skyroveRR: Feel free to contribute on our community wiki!  It's just to get an account and start editing ... there are quite few people involved, so they focus on the coding primarily
12:02 < skyroveRR> :(
12:02 <@dazo> that's the wrong response .... "Cool!  Great, I'll help out"  would be much better!
12:03 <@dazo> That's what open source is all about ... contributing
12:03 <@dazo> Don't forget that others will be thankful for your contributions!
12:03 <@dazo> Just as you are thankful for those who have contributed so far
12:04 < skyroveRR> I'm not actually much into "contributing"...
12:04 <@dazo> well, then we definitely don't care about you at all ;/
12:04 < skyroveRR> I actually find most wikis difficult to edit... I'm not familiar with those editing tools.
12:04 <@dazo> I mean, give us a reason why we should bother helping you then?
12:05 < skyroveRR> And that's the reason I don't edit them.
12:05 <@dazo> => lazy
12:05 < skyroveRR> Hell, I find even wikipedia hard to edit, although there are loads of articles I want to contribute to.
12:06 < skyroveRR> It's not that I'm AGAINST contributing... I just find it hard to "use the tools".
12:06 <@dazo> Well, if you don't start, you won't get to learn the tools ... and then you'll just sit there and complain
12:06 < skyroveRR> Yeah, there's that.
12:06 <@dazo> https://www.youtube.com/watch?v=ySyPIoyXJ-k
12:07 < skyroveRR> Hmm.
12:12 < skyroveRR> dazo: ok. I guess I might contribute in the near future. :)
12:12 < skyroveRR> dazo: thanks for the motivation.
12:13 <@dazo> skyroveRR: I don't mean to be nasty to you ... but remember that when you contribute, you build your credibility and more people start to trust you even more ... and then you can start influencing the project, heck even suggest and help implement better tools
12:13 < skyroveRR> I understand.
12:14 <@dazo> best wishes :)  And I really do hope to see you grow in the OpenVPN community! :)
12:23 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
12:29 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
13:06 -!- master_of_master [~master_of@p4FF24B78.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
13:10 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:10 -!- abbe_ is now known as abbe
13:16 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
13:16 -!- mode/#openvpn [+o krzee] by ChanServ
13:19 <@krzee> !welcome
13:19 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:19 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:19 <@krzee> !ask
13:19 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
13:19 <@krzee> !factoids
13:19 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
13:20 < Eugene> !beer
13:20 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
13:21 <@krzee> lol nice
13:22 < Eugene> Ended up with a cider this morning, but hey
13:23 <@krzee> !krzee
13:23 <@vpnHelper> "krzee" is (#1) krzee says happy 4/20 or (#2) http://www.ircpimps.org/pics/krzee/blunt.jpg or (#3) location: moon base where he smokes moonajuana or (#4) takes bonghits on the freeswitch teleconference
13:24 <@krzee> !route
13:24 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
13:25 < Eugene> GF(now fiancee) bought us a Ploom Pax when we moved to Ballard(oh yeah, I moved to an apartment with Gigabit, and got engaged). It's revolutionized my evenings.
13:29 <@krzee> oh shit
13:29 <@krzee> gigabit for the win!
13:31 < DArqueBishop> I wonder if it might be worth adding a factoid that says something along the lines of, "Though VPN providers can be used for semi-anonymous internet usage, that is not OpenVPN's intended or even most common application."
13:33 <@krzee> why not intended?
13:33 <@krzee> and it actually might be the most common application :-p
13:33 <@krzee> just not in here
13:34 < DArqueBishop> I was under the impression the intended usage was to access private networks. :-)
13:35 < Eugene> Yeah, I'm never going back
13:35 <@krzee> really it just makes a connection between 2 machines
13:35 < DArqueBishop> And I'll happily concede being wrong on the most common application part.
13:36 <@krzee> whether you want to access a private network or access the internet through it is up to you
13:36 <@krzee> i have 100mbit now Eugene
13:36 <@krzee> nothing compared to your gigabit, but the jitter is super low so im happy
13:37 < Eugene> Unlimited Transfer and symmetrical is really what does it for me
13:37 < Eugene> I could live just fine with 100mbit
13:38 < DArqueBishop> I am jealous of the net speeds. :-(
13:46 <@krzee> symmetric!?
13:46 <@krzee> i get 2mbit up lol
13:50 < Eugene> Yup!
13:51 < DArqueBishop> Now I'm even more jealous.
13:51 < Eugene> http://www.speedtest.net/result/4613320074.png
13:52 < Eugene> They will only do a single static IP, so I can't host things out of here effectively
14:16 < ki7rw> for some reason i can't get openvpn gui to be visible in either winXP or win10
14:31 -!- hennos [~midas8@167.160.44.251] has joined #openvpn
14:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:51 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Ping timeout: 272 seconds]
15:17 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
15:18 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
15:46 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
15:49 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 244 seconds]
15:58 -!- HardWall [~HardWall@188.24.94.229] has joined #openvpn
16:03 -!- HardWall [~HardWall@188.24.94.229] has quit [Max SendQ exceeded]
16:03 -!- HardWall [~HardWall@188.24.94.229] has joined #openvpn
16:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
16:03 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
16:03 -!- dazo is now known as dazo_afk
16:07 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:10 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:24 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
16:29 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 246 seconds]
16:31 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
16:39 -!- HardWall [~HardWall@188.24.94.229] has quit [Read error: Connection reset by peer]
16:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
17:03 -!- Ryan_Lane [~Ryan_Lane@wikimedia/Ryan-lane] has joined #openvpn
17:03 < Ryan_Lane> hi there. I'm having an issue where when I switch from wireless to a wired connection on my vpn client node communication to the server doesn't work unless I disconnect and reconnect to the server
17:03 < Ryan_Lane> any ideas on how to make this work without restarts?
17:11 -!- bf_ [~bf_@xdsl-81-173-236-49.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
17:13 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 272 seconds]
17:14 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
17:35 -!- Denial [~Denial@81.141.4.104] has quit [Ping timeout: 252 seconds]
17:38 -!- Denial [~Denial@81.141.6.38] has joined #openvpn
17:59 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:04 < Eugene> Ryan_Lane - can't, sorry
18:05 < Eugene> When you switch wireless<-->wired you're changing network devices(and thus, MAC addresses)
18:05 < Eugene> Your laptop thus gets a differnet IP from the LAN's DHCP server
18:06 < Eugene> This new IP won't have the same UDP sessions memorized in the NAT table as the original, so it drops
18:21 < Ryan_Lane> Eugene: strangely enough when I tcpdump both sides I see traffic going back and forth between the server and the client
18:22 < Eugene> What happens to the client's source port, as perceived by the server?
18:22 < Ryan_Lane> checking.
18:26 < Ryan_Lane> looks like it's the same from what I can tell
18:29 < Ryan_Lane> the odd thing is that traffic continues going through the tunnel, but packets are being reset as they come back into the client
18:30 < Ryan_Lane> it takes the client a very long time to notice it's no longer connected, even though my ping/ping-reset is set to 10/30
18:30 < Ryan_Lane> takes minutes
18:30 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
18:47 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:53 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit []
20:09 -!- lykinsbd_ [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:20 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
20:27 -!- ablest1980 [~ablest198@unaffiliated/ablest1980] has joined #openvpn
20:28 < ablest1980> hello
20:28 < ablest1980> how do i use openvpn?
20:42 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
20:53 -!- ablest1980 [~ablest198@unaffiliated/ablest1980] has left #openvpn ["Leaving"]
20:54 -!- toothe [~awiggin@unaffiliated/toothe] has joined #openvpn
20:55 < toothe> Hi! I'm looking for some documentation on OpenVPN. I feel like the variants of the documentation I'm finding are old.
20:55 < toothe> is there is a current version?
21:11 < Eugene> !man
21:11 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
21:11 < Eugene> toothe ^
21:32 -!- hehh [heh@2a00:d880:6:5fa::dead] has joined #openvpn
21:34 < toothe> the manually is most certainly not what i need.
21:34 < toothe> a tutorial si what I need.
21:34 < toothe> the manual assumes you already understand it - well, I largely do, but the PKI aspects get confusing.
21:42 -!- hennos [~midas8@167.160.44.251] has quit [Quit: Leaving]
21:45 -!- SineDeviance [~quassel@2602:306:3908:8eb0:6dec:4053:573c:fc7c] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
22:05 < toothe> i found the documentation I needed.
22:05 < toothe> thanks!
22:05 -!- toothe [~awiggin@unaffiliated/toothe] has left #openvpn []
22:47 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:48 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 246 seconds]
22:55 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
23:11 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
23:14 -!- reith [~nil@unaffiliated/reith] has joined #openvpn
23:32 -!- muffdiverr [d0a7fe14@gateway/web/freenode/ip.208.167.254.20] has joined #openvpn
23:32 < muffdiverr> hi got a question
23:33 < muffdiverr> is anyone aware of a way to nest VPNs without employing a NATd vm ?
23:33 < muffdiverr> i have searched the internet far and wide
23:34 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has joined #openvpn
23:38 -!- jrgcombr [~jrgcombr@179.34.131.41] has quit [Ping timeout: 260 seconds]
23:46 -!- jrgcombr__ [~jrgcombr@189.40.62.114] has joined #openvpn
23:49 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has quit [Ping timeout: 255 seconds]
23:50 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
23:56 -!- ShadniX [dagger@p57941531.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:56 -!- ShadniX_ [dagger@p57941117.dip0.t-ipconnect.de] has joined #openvpn
23:56 -!- ShadniX_ is now known as ShadniX
--- Day changed Thu Aug 27 2015
00:15 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
00:32 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 244 seconds]
00:39 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
00:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:59 -!- mode/#openvpn [+o mattock1] by ChanServ
01:06 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:15 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 240 seconds]
01:21 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
01:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:26 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 265 seconds]
01:27 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
01:29 -!- reith [~nil@unaffiliated/reith] has quit [Ping timeout: 272 seconds]
01:34 -!- reith [~nil@unaffiliated/reith] has joined #openvpn
01:42 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
01:44 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:09 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
02:33 -!- Ssquidly [~squidly@buttle.nnx.com] has joined #openvpn
02:33 -!- horihel [~hel@mail.head.de] has joined #openvpn
02:35 < horihel> Hi guys - I have a (probably known) problem with openvpn and Win10 - Win10 is leaking DNS queries and I didn't find a practical way (yet) to prevent that. Is there an easy way (or script) to force Win10 to only use the DNS of the VPN connection?
02:39 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
02:39 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
02:40 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:41 < Ssquidly> Hi , I can't seem to find a way to run a openvpn client as a deamon...
02:42 < Ssquidly> I'm runing debian and I have multiple vpn config in subfolders of /etc/openvpn/
02:42 < Ssquidly> any hint ? ( I don't know why but google wasn't my friend on this )
02:44 < sysrex> Ssquidly, you are trying to run the client from the cli?
02:45 < Ssquidly> yep
02:46 < sysrex> this is what I use - https://gist.github.com/dasgoll/4f0c8db8de9629b35b44
02:46 <@vpnHelper> Title: OpenVPN client init script · GitHub (at gist.github.com)
02:46 < sysrex> edit it after your own heart and you are ready to go
02:50 < Ssquidly> sysrex: thank I was not using the --config option correctly
02:50 < sysrex> uh
02:50 < Ssquidly>  openvpn --daemon --config /etc/openvpn/clientX/config.ovpn works
02:50 < sysrex> just sudo openvpn --config file.ovpn
02:50 < sysrex> yeap
02:55 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:55 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
02:55 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
03:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
03:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:32 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has joined #openvpn
03:49 -!- BtbN [btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
03:50 < Neighbour> what am I doing wrong when an iroute-directive in the ccd directory is (apparently) not processed?
03:50 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
03:57 -!- BtbN [btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
03:57 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
03:58 -!- Eagleman [~Eagleman@546BC449.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 260 seconds]
04:02 -!- kexmex [~kexmex@unaffiliated/kexmex] has joined #openvpn
04:04 -!- dazo_afk is now known as dazo
04:05 < Neighbour> the expected "MULTI: Internal route..." does not appear in the server logfile, even though the iroute command is present in the ccd client file
04:25 -!- dmilith [~dmilith@verknowsys.com] has joined #openvpn
04:35 -!- thomas_d [~thomas_d@unaffiliated/thomas-d/x-6984210] has joined #openvpn
04:36 < thomas_d> Looking in /var/log/syslog, client is attempting to connect to an OLD vpn server address which is certainly nowhere to be found in any current configuration file I'm using
04:36 < thomas_d> I've deleted /etc/openvpn/ from this client machine which did have an old client.conf file in with this old VPN server IP in
04:36 < thomas_d> still having the same problem though
04:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
04:40 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:40 -!- mode/#openvpn [+o mattock1] by ChanServ
04:41 < thomas_d> http://pastebin.com/hN4ejc4a see the 119.191 IP is the one I actually need to connect to. Yet, ovpn-client takes over on line 5 and decides to try to connect to the 111.222 address
04:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:51 < Neighbour> thomas_d: try using strace when starting the client openvpn to see which configfiles are being read
04:52 < Neighbour> In the meantime I'm stuck at: open("/etc/openvpn/ccd/thr-eco", O_RDONLY) = -1 ENOENT (No such file or directory)
04:52 < Neighbour> while the file does indeed exist, all directories to there have perms 755, and the file itself has 644
04:58 < thomas_d> gah, I start the client from damn network manager in debian jessie lol
04:59 -!- kexmex [~kexmex@unaffiliated/kexmex] has quit [Ping timeout: 256 seconds]
04:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:00 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Quit: Tension, apprehension, and dissension have begun.]
05:01 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
05:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:02 < Neighbour> when setting the option 'ccd-exclusive' in the server.conf, the client can't connect due to "client-config-dir authentication failed for common name 'thr-eco' file='/etc/openvpn/ccd/thr-eco'" even though the file exists and should be readable...
05:02 < Neighbour> so that seems to confirm my suspicion that openvpn can't/doesn't read the ccd
05:04 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
05:15 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 260 seconds]
05:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:17 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
05:45 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 246 seconds]
05:45 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 260 seconds]
05:46 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
05:47 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
05:52 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 246 seconds]
05:54 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
05:54 -!- NetworkMan [~Scott.Coa@nc-184-0-139-46.dhcp.embarqhsd.net] has joined #openvpn
05:57 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
05:58 -!- NetworkMan [~Scott.Coa@nc-184-0-139-46.dhcp.embarqhsd.net] has quit [Quit: Leaving]
06:36 <@dazo> krzee: no matter how you twist it, VPN can never ever provide anonymity once it exits a private network ... unless you implement some random routing via more VPN nodes, kind of what Tor does
06:37 <@dazo> your public IP will always be tied to your account, wherever you have that ... so actually, even random routing with multiple VPNs may still point back at you
06:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
06:39 <@dazo> Eugene: did you move into a data center and got engaged with a router? ;-)
06:39 <@dazo> Congrats anyhow! :)
06:40 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:40 -!- mode/#openvpn [+o mattock1] by ChanServ
06:40 <@dazo> Ryan_Lane: We have patches in git master which should allow you to float between IP addresses on the client side far more smoothly without needing to re-establish the connection
06:41 <@dazo> Ryan_Lane: it is even on the old versions possible to setup a somewhat quicker re-negotiation, but that implies that the crypto-layer in OpenVPN is renegotiatied (which implies new session keys) - which takes longer ... the float patches allows to keep the session keys when your IP changes
06:43 <@dazo> Neighbour: can you provide !configs?
06:43 <@dazo> !configs
06:43 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
06:46 < Neighbour> !paste
06:47 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
06:48 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Quit: Tension, apprehension, and dissension have begun.]
06:54 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
07:03 < Neighbour> dazo: Server config: http://pastebin.com/bnGATQbz client config: http://pastebin.com/wex1BPkK openvpn version 2.2.1-8+deb7u3
07:05 < Neighbour> OS is: Debian GNU/Linux 7.8 (wheezy)
07:05 < Neighbour> for both client and server
07:06 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
07:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
07:11 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:21 < Neighbour> dazo: Server lan is 10.10/16, client lan is 10.15/16
07:22 <@dazo> Neighbour: okay, a first guess .... I see you use this: chroot /etc/openvpn/easy-rsa/keys/crl.jail
07:22 <@dazo> so the ccd files must reside inside /etc/openvpn/easy-rsa/keys/crl.jail/etc/openvpn/ccd
07:23 <@dazo> also ensure that the the openvpn user have at least r-x access to all directories in all levels of the path ... plus r-- access to the ccd files
07:24 <@dazo> I'd also advice you to move the chroot out of /etc .... /var or /srv are usually far better places
07:26 <@dazo> Neighbour: in fact when I see your chroot path ... I really wonder how you ended up with that path ....
07:27 <@dazo> I also see that you have easy-rsa in /etc/openvpn on a server .... if you have your CA files on the openvpn server, that is not recommended at all.
07:27 <@dazo> (server only needs ca.crt, server.crt, server.key and dh*.pem)
07:27 <@dazo> (plus a CRL file, if you use that)
07:29 < Neighbour> dazo: this was based on turnkey openvpn https://www.turnkeylinux.org/openvpn
07:29 < thumbs> 26
07:29 < Neighbour> so it's the chroot causing the issues...that sounds logical :)
07:30 <@dazo> which is exactly why we never recommend anything else than our own wiki/howtos ... as all those "external" blog posts have very seldom been reviewed by us
07:30 < Neighbour> it's not just a blog post...it's an iso or vm-image with debian+openvpn and an easy-configuration-script
07:30 < Neighbour> which needs tweaking apparently :)
07:30 <@dazo> I'll have to admit I've never heard of Turnkey Linux before
07:31 <@dazo> (but that can just as well be my own ignorance)
07:31 < Neighbour> me neither, but if you want a (somewhat) working openvpn (or other appliance) out of the box, it seems like a nice option
07:32 < Neighbour> unless you want to do more than the basic functionality, so it would seem
07:32 <@dazo> if done right, that is ;-)
07:32 < Neighbour> yea
07:33 <@dazo> that is one of the biggest OpenVPN problems ... there are just so many projects/blogs/wikis/howtos which implements OpenVPN in a poor way ... which actually can hurt the security of the VPN pretty bad
07:36 < Neighbour> btw, in order to check file and directory rights, i found `namei -l /path/to/file` to be quite useful (never knew about namei before)
07:39 <@dazo> cool!
07:39 < Neighbour> hmm, might get rid of that jail altogether...openvpn can't access /sbin/route or /sbin/ifconfig
07:40 <@dazo> hmmm ... that should actually be called before openvpn does the chroot
07:40 <@dazo> the chroot() call happens once the system is prepared and openvpn can drop its privileges
07:40 < horihel> doesn't openvpn need to call route again on shutdown?
07:41 < Neighbour> horihel: that too
07:41 < horihel> but the chroot would prevent that
07:44 < Neighbour> dazo: server log: http://pastebin.com/VvcHuJJX
07:44 <@dazo> horihel: not really, as when openvpn destroys the tun/tap adapter it used, those routes will be removed automatically by the (Linux) kernel
07:45 < Neighbour> hmm, now where'd those errors go...?
07:45 <@dazo> anyhow ... if you want to do allow route to be run on exit, you can't use --user/--group either ... as you need root privileges to modify the routing table
07:45 <@dazo> I highly recommend using --chroot/--user/--group
07:46 <@dazo> Neighbour: in your config, most likely /var/log/messages ... or some other syslog destination
07:46 -!- reith [~nil@unaffiliated/reith] has quit [Ping timeout: 244 seconds]
07:46 <@dazo> you use --verb 4, so you should have plenty of log data
07:47 -!- reith [~nil@unaffiliated/reith] has joined #openvpn
07:48 -!- jrgcombr__ [~jrgcombr@189.40.62.114] has quit [Ping timeout: 255 seconds]
07:48 < Neighbour> yes, and I recall having seen errors about not being able to access /sbin/route and /sbin/ifconfig, but I can't find them again (after noticing they're not in the log I pasted ^^;)
07:51 < horihel> dazo, i'm using user/group be default, but chroot won't work with auth-pam-ldap :)
07:52 <@dazo> horihel: ahh, well that's a bummer by the the auth-pam-ldap plugin ... the plug-in should take that into consideration that openvpn might be chroot()ed
07:53 < horihel> dazo, PAM is a complicated beast...
07:53 <@dazo> I know
07:53 -!- reith [~nil@unaffiliated/reith] has quit [Quit: quited]
07:53 <@dazo> but it's still the responsibility of the plug-in writer ;-)
07:54 < horihel> i don't think it's actually possible. PAM does lots of dynamic loading of plugins. All of those AND the configuration will have to be copied/hardlinked to the chroot.
07:54 < Neighbour> dazo: which dir does openvpn expect crl.pem to be? The wiki says the keys-dir (assumed /etc/openvpn/easyrsa/keys), but strace shows openvpn opening it without path (and failing)
07:55 <@dazo> horihel: it is possible, the plug-in can fork out a process which does that magic before openvpn drops privileges and chroots
07:56 <@dazo> Neighbour: It is wherever you point it to be, through the --crl option ... iirc, your original config had --crl wihtout any path, so it would be in the root of the --chroot
07:57 < Neighbour> ah, that explains it, thanks :)
07:57  * dazo heads for food
07:59 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Quit: Bye]
08:00 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
08:02 -!- Starsaa [~Stars@96.39.139.222] has joined #openvpn
08:03 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
08:04 < Starsaa> Win 10 and VPN V238. Any work arounds yet to keep it up? Any ideas?
08:05 < horihel> I've seen openvpn working with Win10 except DNS is wonky
08:06 -!- Malsasa [~Malsasa@36.71.144.74] has joined #openvpn
08:06 < Neighbour> ok, all is working....except the "route" directive in the server.conf. For some reason the route doesn't get added to the kernel routes (not completely unexpected, because the directive is only useful *after* the client where it should be routed to connects, but the server.conf route directive gets parsed before any client connects)
08:07 < Starsaa> Mine get a disconect order and is not able to reconnect. I need to exit and wait a few minutes then I can restart.
08:14 -!- Tinyyy [~textual@128.199.100.211] has joined #openvpn
08:15 -!- Malsasa [~Malsasa@36.71.144.74] has quit [Quit: http://radiorasyid.com >>  Ayo mengaji!]
08:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
08:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:18 -!- Tinyyy [~textual@128.199.100.211] has quit [Client Quit]
08:20 -!- Malsasa [~Malsasa@36.71.144.74] has joined #openvpn
08:22 -!- horihel [~hel@mail.head.de] has quit [Quit: Verlassend]
08:26 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
08:26 -!- Malsasa [~Malsasa@36.71.144.74] has quit [Read error: Connection reset by peer]
08:35 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:37 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
08:45 -!- jge [~jge@unaffiliated/bitfury] has joined #openvpn
08:47 < jge> Good morning all, I would like to know if OpenVPN provides a way to restrict remote clients to a specific network, I know this could be done by only pushing a /32 or network to them but if they have access the config file then they could add routes in there, is the only way with iptables?
08:56 < DArqueBishop> jge, yes.
08:57 < DArqueBishop> https://openvpn.net/index.php/open-source/documentation/howto.html#policy
08:57 <@vpnHelper> Title: HOWTO (at openvpn.net)
08:58 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 240 seconds]
08:59 < jge> DArqueBishop: ok, thank you
08:59 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
09:01 -!- negev [~mark@88.97.100.192] has joined #openvpn
09:03 <@dazo> jge: also have a look at !eurephia
09:03 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:03 <@dazo> !eurephia
09:03 <@vpnHelper> "eurephia" is http://www.eurephia.net/
09:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
09:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:04 < jge> dazo: will do, thanks
09:05 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Ping timeout: 252 seconds]
09:07 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:13 < negev> hi, using the same crt, key and ca.crt, on linux with openvpn 2.3.2 it connects and works fine. on macos with 2.3.4 from macports it fails with this: http://pastebin.com/09u4uXPQ
09:13 < negev> i have verified with openssl that the key doesn't have a password
09:13 < negev> is there any difference in the requirements for the cert/key pair between 2.3.2 and 2.3.4?
09:20 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:32 -!- jge [~jge@unaffiliated/bitfury] has left #openvpn ["WeeChat 1.0.1"]
09:35 -!- bAz- [~BAZ@95.211.155.225] has joined #openvpn
09:35 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 265 seconds]
09:35 < bAz-> Hi,
09:35 < bAz-> Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #74573 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
09:35 < bAz-> Wondering what started this error on my logs. Any1 know to tell ? Thanks
09:45 -!- jrgcombr [~jrgcombr@189.40.62.114] has joined #openvpn
09:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
09:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:57 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:04 <+esde> !welcome
10:04 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
10:04 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:11 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
10:19 -!- adamjt [~adamjt@unaffiliated/adamjt] has joined #openvpn
10:20 -!- adamjt [~adamjt@unaffiliated/adamjt] has quit [Client Quit]
10:21 -!- adamjt [~adamjt@unaffiliated/adamjt] has joined #openvpn
10:22 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
10:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
10:26 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Read error: Connection reset by peer]
10:29 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
10:30 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
10:34 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
10:39 -!- Malsasa [~Malsasa@36.84.71.139] has joined #openvpn
10:49 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
10:49 -!- adamjt [~adamjt@unaffiliated/adamjt] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:52 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Max SendQ exceeded]
10:53 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
10:55 -!- Malsasa [~Malsasa@36.84.71.139] has quit [Ping timeout: 240 seconds]
11:02 -!- Malsasa [~Malsasa@36.71.144.75] has joined #openvpn
11:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
11:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:10 -!- dazo is now known as dazo_afk
11:25 -!- thomas_d [~thomas_d@unaffiliated/thomas-d/x-6984210] has quit [Remote host closed the connection]
11:31 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
11:35 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:45 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection reset by peer]
12:03 -!- negev [~mark@88.97.100.192] has quit [Ping timeout: 255 seconds]
12:07 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
12:15 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
12:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:37 -!- toothe [~awiggin@unaffiliated/toothe] has joined #openvpn
12:38 < toothe> I'm a little confused about the tun interface that openvpn creates. Namely, I noticed that it will set the ip as 10.8.0.6 --> 10.8.0.5
12:38 < toothe> What does the arrow mean?
12:38 < toothe> and the server's ip is 10.8.0.1 --> 10.8.0.2
12:38 < toothe> the two are able to ping each other, but I"m not sure why the IP address is set as-is
12:55 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
12:57 < toothe> there...i think I got it working
12:57 < toothe> now its just a question of getting it working on my chormebook.
13:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
13:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:08 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
13:09 -!- Malsasa [~Malsasa@36.71.144.75] has quit [Read error: Connection reset by peer]
13:11 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-kvnubolpskwaxtmk] has quit [Quit: Connection closed for inactivity]
13:13 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-kmhpqmcwcokzhpif] has joined #openvpn
13:13 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
13:15 -!- Telvana is now known as |digits|
13:28 -!- APTX [~APTX@unaffiliated/aptx] has quit [Quit: No Ping reply in 180 seconds.]
13:31 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
13:32 -!- clyons [~kvirc@cpc14-mort6-2-0-cust204.19-2.cable.virginm.net] has joined #openvpn
13:33 -!- peder [~peder@rubin.ifi.uio.no] has quit [Ping timeout: 264 seconds]
13:34 < ki7rw> even though i checked the box to re-connect on reboot, openvpn connect does not auto reconnect - instead i get a pop-up window asking me if i want openvpn to connect - how do i eliminate this "problem"?
13:36 -!- peder [~peder@rubin.ifi.uio.no] has joined #openvpn
13:39 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:41 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 246 seconds]
13:41 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
13:50 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:50 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
13:51 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
13:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:56 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:01 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
14:10 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
14:11 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Max SendQ exceeded]
14:13 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
14:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
14:16 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:26 -!- Techjar [~Techjar@23-122-2-120.lightspeed.dybhfl.sbcglobal.net] has quit [Quit: (╯°□°）╯︵ ┻━┻]
14:29 -!- bAz- [~BAZ@95.211.155.225] has quit [Quit: Life is life.]
14:32 -!- bAz- [~BAZ@95.211.155.225] has joined #openvpn
14:33 < Starsaa> Win 10 and 2.3.8. Keeps getting a shut down order and does not restart. I need to shut down VPN then wait few minutes before I can restart it. Anyideas on a fix? Going back to Win 7 is an option. I may do that anyhow.
14:46 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
14:52 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:53 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
14:57 -!- loeken [~lknfree@u.internetz.me] has quit [Ping timeout: 246 seconds]
14:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Client Quit]
14:57 -!- hennes [~midas8@167.160.44.251] has joined #openvpn
15:06 -!- losted [~losted@c207.134.130-137.clta.globetrotter.net] has joined #openvpn
15:06 -!- losted [~losted@c207.134.130-137.clta.globetrotter.net] has quit [Client Quit]
15:09 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 245 seconds]
15:17 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:20 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:36 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
15:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
15:46 -!- Starsaa [~Stars@96.39.139.222] has quit [Read error: Connection reset by peer]
15:57 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:16 -!- ghostboarder [~johngalt@37.48.80.165] has joined #openvpn
16:19 -!- ghostboarder [~johngalt@37.48.80.165] has quit [Read error: Connection reset by peer]
16:19 -!- ghostboarder [~johngalt@37.48.80.165] has joined #openvpn
16:25 -!- hennes [~midas8@167.160.44.251] has quit [Ping timeout: 250 seconds]
16:25 < ghostboarder> hey guys, got a head scratcher for yall
16:26 < ghostboarder> using a vpn service, running openvpn on tomato at site, and using ddns service for static hostname. i want to be able to connect to a server at the site over regular wan, say on a cell phone
16:27 < ghostboarder> also the ddns client is running on the tomato, and open vpn is also running on the tomato
16:28 < ghostboarder> so.....cell phone or laptop ->assigned public ip by vpn service ->assigned public ip of our isp ->rdp server
16:28 < ghostboarder> OR
16:28 < ghostboarder> cell phone/laptop ->assigned public ip of our isp -> rdp server
16:29 < ghostboarder> i dont have control over routing and port forwarding with the VPN service
16:38 < ghostboarder> hmm maybe i just answered my own question. I just chatted with their teech support and they said no go to pforwarding
16:41 < ghostboarder> !welcome
16:41 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
16:41 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:42 < ghostboarder> ok just read the rules as well, ill be back with more detail
16:44 -!- clyons [~kvirc@cpc14-mort6-2-0-cust204.19-2.cable.virginm.net] has quit [Quit: KVIrc 4.3.1 Aria http://www.kvirc.net/]
16:44 -!- hennes [~midas8@167.160.44.253] has joined #openvpn
17:07 < toothe> hm..openvpn is a little challenging on a chromebook.
17:16 -!- toli_ [~toli@ip-62-235-241-96.dsl.scarlet.be] has joined #openvpn
17:18 -!- toli [~toli@ip-62-235-243-160.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:18 -!- toli_ is now known as toli
17:27 -!- ghostboarder [~johngalt@37.48.80.165] has quit []
17:36 -!- bAz- [~BAZ@95.211.155.225] has quit [Quit: Life is life.]
17:44 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
17:44 < fearnothing> is it possible to SSH/RDP in to a box whilst that box is connected to a vpn?
17:44 < fearnothing> if so how?
17:44 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
17:46 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
17:49 < Thermi> fearnothing: Just do it?!
17:51 < Thermi> A VPN is not a "cloak" of some sorts
17:54 < fearnothing> ah, it may be pertinent that the target subnet of the VPN is the same as the subnet that I am trying to connect from
17:54 < fearnothing> but they are not the same network.
17:54 < fearnothing> that's probably what's causing the issue
18:00 -!- hennes [~midas8@167.160.44.253] has quit [Quit: Leaving]
18:04 -!- hennes [~midas8@67.205.112.74] has joined #openvpn
18:04 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has quit [Remote host closed the connection]
18:11 -!- bAz- [~BAZ@95.211.155.225] has joined #openvpn
18:18 < Thermi> fearnothing: Solve it with NAT or something.
18:22 < fearnothing> I'll take a look at that
18:22 < fearnothing> thanks
18:30 -!- bAz- [~BAZ@95.211.155.225] has left #openvpn []
19:01 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
19:22 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
20:05 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
20:08 -!- Domii [~user@96-35-11-155.dhcp.stls.mo.charter.com] has joined #openvpn
20:10 < Domii> Can someone answer a question about openvpn set up
20:12 < Domii> .ping
20:15 -!- Domii [~user@96-35-11-155.dhcp.stls.mo.charter.com] has left #openvpn ["Leaving"]
20:15 -!- Domii [~user@96-35-11-155.dhcp.stls.mo.charter.com] has joined #openvpn
20:17 < Domii> When initially setting up purevpn openvpn, the username and password part, do I create that or am I suppose to get that somehwere??
20:25 < Domii> nevermind, foud the answer
20:25 -!- Domii [~user@96-35-11-155.dhcp.stls.mo.charter.com] has left #openvpn ["Leaving"]
20:27 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 250 seconds]
20:33 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
20:35 -!- Domii [~user@96-35-11-155.dhcp.stls.mo.charter.com] has joined #openvpn
20:36 -!- help [uid105316@gateway/web/irccloud.com/x-lwgqgqwvnbplpejr] has joined #openvpn
20:36 -!- help is now known as Guest88316
20:37 -!- Guest88316 [uid105316@gateway/web/irccloud.com/x-lwgqgqwvnbplpejr] has left #openvpn []
20:44 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
20:45 -!- hennes [~midas8@67.205.112.74] has quit [Quit: Leaving]
21:00 -!- Domii [~user@96-35-11-155.dhcp.stls.mo.charter.com] has quit [Ping timeout: 260 seconds]
21:24 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Ping timeout: 246 seconds]
21:41 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
21:43 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
21:59 -!- toothe [~awiggin@unaffiliated/toothe] has left #openvpn []
22:27 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-jribonzbsunvtwnp] has quit [Ping timeout: 246 seconds]
22:28 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-kolifsyonemztznp] has joined #openvpn
22:28 -!- septopus [~septopus@2604:a880:800:10::98:9001] has quit [Ping timeout: 246 seconds]
22:28 -!- Farshid [Farshid@gateway/shell/elitebnc/x-aygoqmvxagzniwcf] has quit [Ping timeout: 246 seconds]
22:28 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 246 seconds]
22:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
22:29 -!- muffdiverr [d0a7fe14@gateway/web/freenode/ip.208.167.254.20] has quit [Quit: Page closed]
22:31 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
22:32 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:59 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 250 seconds]
23:31 -!- haasn [~haasn@static.102.126.46.78.clients.your-server.de] has quit [Quit: haasn]
23:31 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has quit [Ping timeout: 240 seconds]
23:36 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
23:39 -!- korrosive [~unknownso@c-24-13-157-73.hsd1.il.comcast.net] has joined #openvpn
23:41 < korrosive> I have done the basic setup and can connect to the VPN, but I can't figure out how to set up Remote Desktop. How do I do that?
23:42 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:42 < korrosive> I would also like to access shared folders remotely over the VPN.
23:54 -!- ShadniX [dagger@p57941117.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:54 -!- ShadniX_ [dagger@p5481D4EF.dip0.t-ipconnect.de] has joined #openvpn
23:54 -!- ShadniX_ is now known as ShadniX
23:56 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
--- Day changed Fri Aug 28 2015
00:48 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Quit: Bye]
00:51 -!- showaz [~showaz@unaffiliated/showaz] has quit []
01:39 -!- ketas [~ketas@123-88-235-80.dyn.estpak.ee] has joined #openvpn
01:59 -!- hojgaard [~hojgaard@78.156.117.236] has joined #openvpn
02:07 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 240 seconds]
02:20 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
02:22 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
02:30 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
02:41 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 256 seconds]
02:44 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
02:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:56 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:07 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
03:14 -!- satdav [uid15780@firefox/community/satdav] has quit []
03:22 -!- ketas- [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
03:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:42 -!- Savemech [Savemech@gateway/shell/firrre/x-vpazkzkudddemzec] has quit [Max SendQ exceeded]
03:44 -!- dazo_afk is now known as dazo
03:46 -!- Savemech [Savemech@gateway/shell/firrre/x-faijnsrzniauzbfz] has joined #openvpn
03:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:47 -!- madmattco [~quassel@2607:5300:60:69b1:dead:beef:659e:a51a] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
03:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:54 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
03:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:57 -!- mode/#openvpn [+o mattock1] by ChanServ
04:06 -!- madmattco [~quassel@198.251.81.102] has joined #openvpn
04:07 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
--- Log opened Fri Aug 28 19:34:51 2015
19:34 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
19:34 -!- Irssi: #openvpn: Total of 223 nicks [7 ops, 0 halfops, 3 voices, 213 normal]
19:34 -!- mode/#openvpn [+o ecrist] by ChanServ
19:34 -!- Irssi: Join to #openvpn was synced in 1 secs
19:40 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
19:40 <@ecrist> the bot will be back shortly
19:43 < Eugene> korrosive - I've never used Windows in --server mode, nope.
19:43 < Eugene> It ought to Just Work once you've got the tunnel up
19:43 < Eugene> Probably firewall rule needs to be set on the OpenVPN tunnel interface
19:47 < korrosive> I've tried it with the windows firewall disabled.
19:48 < korrosive> what address do I use to connect to the VPN? The PCs LAN address?
19:48 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has quit [Ping timeout: 264 seconds]
19:49 < korrosive> I've tried that and localhost
19:52 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
19:52 -!- mode/#openvpn [+o vpnHelper] by ChanServ
19:52 <@ecrist> !as
19:53 <@ecrist> !welcome
19:53 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Client Quit]
19:54 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
20:06 -!- Intensity [u4ETvVRtRD@unaffiliated/intensity] has joined #openvpn
20:11 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
20:11 -!- mode/#openvpn [+o vpnHelper] by ChanServ
20:12 <@ecrist> !as
20:12 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Client Quit]
20:21 <@ecrist> raar
20:31 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
20:31 -!- mode/#openvpn [+o vpnHelper] by ChanServ
20:32 <@ecrist> !as
20:33 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Client Quit]
20:36 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
20:37 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
20:37 -!- mode/#openvpn [+o vpnHelper] by ChanServ
20:37 <@ecrist> !as
20:37 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Client Quit]
20:38 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
20:38 -!- mode/#openvpn [+o vpnHelper] by ChanServ
20:38 <@ecrist> !as
20:39 <@ecrist> fuck you, vpnHelper
20:45 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Quit: Ctrl-C at console.]
20:46 <@ecrist> our little guy might not come back today
20:46 <@ecrist> friggin' legacy software
20:49 -!- hennos [~midas8@167.160.44.218] has quit [Quit: Leaving]
21:02 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 244 seconds]
22:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Killed (Sigyn (Spam is off topic on freenode.))]
22:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:19 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:17 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
23:34 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:53 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:54 -!- ShadniX [dagger@p5481D4EF.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:55 -!- ShadniX_ [dagger@p5481DC1D.dip0.t-ipconnect.de] has joined #openvpn
23:55 -!- ShadniX_ is now known as ShadniX
--- Day changed Sat Aug 29 2015
00:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:19 -!- mode/#openvpn [+o mattock1] by ChanServ
01:23 -!- hehh [heh@2a00:d880:6:5fa::dead] has quit [Ping timeout: 245 seconds]
01:25 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 252 seconds]
01:27 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
01:41 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has quit [Ping timeout: 256 seconds]
01:47 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
01:51 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 246 seconds]
01:54 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
01:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:05 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
02:30 -!- catalase [~catalase@unaffiliated/catalase] has quit [Read error: Connection reset by peer]
02:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
02:54 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:03 -!- korrosive [~unknownso@c-24-13-157-73.hsd1.il.comcast.net] has quit [Ping timeout: 260 seconds]
03:39 < Neighbour> ecrist: infobot? :)
03:41 -!- korrosive [~unknownso@c-24-13-157-73.hsd1.il.comcast.net] has joined #openvpn
03:47 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
04:34 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 244 seconds]
04:39 -!- hennos [~midas8@167.160.44.218] has joined #openvpn
05:06 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:19 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
06:21 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:39 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Remote host closed the connection]
06:44 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
07:13 -!- jwhitmore [~jwhitmore@host213-122-246-19.range213-122.btcentralplus.com] has quit [Ping timeout: 245 seconds]
07:16 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
07:25 -!- HardWall [~HardWall@188.24.159.180] has joined #openvpn
07:35 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:56 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
08:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
08:19 -!- toli [~toli@ip-62-235-241-96.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
08:20 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
08:24 -!- Netsplit *.net <-> *.split quits: madmattco, Mike--, peder, cylon512, Matir
08:24 -!- Netsplit over, joins: peder, cylon512
08:25 -!- Netsplit over, joins: madmattco
08:25 -!- Netsplit *.net <-> *.split quits: Meow-J, Darkwell, @krzee, Tykling, Eugene, c|oneman, Nothing4You, Keridos, Olipro, KakuRoze
08:25 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
08:25 -!- Netsplit over, joins: Olipro, krzee
08:25 -!- mode/#openvpn [+o krzee] by ChanServ
08:26 -!- Netsplit over, joins: c|oneman
08:28 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
08:30 -!- jbyte [jbyte@gateway/shell/blinkenshell.org/x-xdfpfmjdrbpkrflj] has quit [Ping timeout: 252 seconds]
08:31 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-omhodufnmarjyzps] has joined #openvpn
08:35 -!- toli [~toli@ip-62-235-240-236.dsl.scarlet.be] has joined #openvpn
09:21 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
09:22 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
09:22 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Remote host closed the connection]
09:38 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
09:51 < korrosive> !goal connect to Remote Desktop on my Windows OpenVPN server. I've done the basic setup in the how-to. Do I need to config routing or something?
09:57 -!- toli [~toli@ip-62-235-240-236.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
09:59 -!- toli [~toli@ip-83-134-72-64.dsl.scarlet.be] has joined #openvpn
09:59 -!- HM [~HM@81.4.101.225] has quit [Quit: Segmentation fault]
10:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
10:12 -!- HM [~HM@81.4.101.225] has joined #openvpn
10:13 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has joined #openvpn
10:13 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has quit [Remote host closed the connection]
10:31 -!- lhunath [nobody@unaffiliated/lhunath] has joined #openvpn
10:33 < lhunath> redirect-gateway takes the option def1 which creates a route for 0/1 to "override the default gateway", but am I wrong in thinking that this route only works for destinations with an even first byte?
10:33 < lhunath> eg. it won't route destinations such as 193.1.1.1
10:33 < lhunath> (while the default route would)
10:58 -!- IronY [~IronY@unaffiliated/irony] has joined #openvpn
10:59 < IronY> Hey guys, Would anyone happen to have a link on how I could gateway a openvpn connection on a ubuntu box to the rest of the gateway. I want to be able to for example be able to change my gateway from 192.168.0.1 to 192.168.0.3 and have that computer go through the ubuntu box to the vpn to the internets
10:59 < IronY> rest of the network*
11:15 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
11:20 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
11:22 -!- hays_ is now known as hays
11:34 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 244 seconds]
11:37 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
11:43 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
12:02 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Quit: ||||||||||||||||||||||||||||||||||||||||||||||| 99%]
12:09 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
12:13 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
12:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:24 -!- rmk0 [~rmk0@unaffiliated/rothwell] has joined #openvpn
12:25 < rmk0> 'lo. i appreciate this question may get me dragged out and shot, but is openvpn known to be broken on windows 10? i run a small server for some friends and one of them has said that it now no longer works after moving to 10
12:26 < rmk0> i've not gotten a chance to debug with him yet, and i don't see anything much in the server logs
12:27 < rmk0> i've just discovered this: https://community.openvpn.net/openvpn/ticket/592
12:27 < rmk0> so maybe that answers my question
12:31 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
12:33 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
12:34 < ki7rw> can anyone tell me how to make openvpn startup on reboot or startup on a nabi 2 tablet? i can't seem to find info on this
12:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
12:56 < ki7rw> heh, it turns out that i have the same issue with my android phone also.
12:58 < ki7rw> there's a VPN setup in the Settings menu for both the Nabi and the Samsung but they don't provide an openvpn option
12:59 < ki7rw> gotta use the openvpn app
13:08 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:23 -!- lukethedrifter [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
13:42 -!- lukethedrifter [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
13:45 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
13:46 -!- rmk0 [~rmk0@unaffiliated/rothwell] has quit [Ping timeout: 252 seconds]
13:48 -!- lukethedrifter [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
13:49 -!- lukethedrifter [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
13:50 -!- lukethedrifter [~bocephus@unaffiliated/lukethedrifter] has joined #openvpn
13:51 -!- lukethedrifter [~bocephus@unaffiliated/lukethedrifter] has quit [Client Quit]
13:52 -!- lukethedrifter [~bocephus@unaffiliated/lukethedrifter] has joined #openvpn
13:54 -!- lukethedrifter [~bocephus@unaffiliated/lukethedrifter] has quit [Client Quit]
13:54 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
13:55 -!- lukethedrifter [~bocephus@unaffiliated/lukethedrifter] has joined #openvpn
13:55 -!- lukethedrifter [~bocephus@unaffiliated/lukethedrifter] has quit [Client Quit]
13:55 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
13:57 -!- L0uk3 is now known as lukethedrifter
14:03 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
14:17 -!- toli [~toli@ip-83-134-72-64.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
14:19 -!- toli [~toli@ip-62-235-214-143.dsl.scarlet.be] has joined #openvpn
14:24 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
14:25 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
14:31 -!- One3yed [46757444@gateway/web/cgi-irc/kiwiirc.com/ip.70.117.116.68] has joined #openvpn
14:35 -!- akamaru217 [~akamaru@2601:cd:4001:b705:34dc:b766:b4d1:67cc] has joined #openvpn
14:39 -!- lukethedrifter [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
15:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
15:09 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
15:11 -!- lhunath [nobody@unaffiliated/lhunath] has left #openvpn ["WeeChat 0.4.3"]
15:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
15:22 -!- speeddra_ [~speeddrag@22.19.103.87.rev.vodafone.pt] has joined #openvpn
15:23 < speeddra_> I'm having a problem accessing the network that a server is connected to. The server runs OpenVPN, can i can connect to it, but not to the other computers in the network.
15:23 < speeddra_> I've think I need to use a new "route", but I can't understand how i should setup :\
15:31 < Neighbour> do you use NAT on the server?
15:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
15:34 < speeddra_> I don't thing so
15:35 < speeddra_> I was trying to setup OpenVPN on ddwrt, but for some reason the openvpn server there never starts
15:35 < Neighbour> do the other computers know how to reach the ip of your client?
15:35 < speeddra_> So I install on a server inside my network, that then it worked, but i can only access to the server, and not all the machines inside the network
15:35 < speeddra_> I've add a static route on DDWRT
15:35 < speeddra_> but isn't working very good i think
15:36 < speeddra_> Destination Lan: 192.168.3.0 | Subnet: 255.255.255.0 | Gateway: 192.168.1.50 (server ip that runs OpenVPN)
15:36 < speeddra_> that should be it, right ?
15:36 < Neighbour> I dunno, what's the IP/subnet of your client?
15:37 < speeddra_> the openvpn is running on 192.168.3.0/24
15:37 < speeddra_> and the normal network is running on 192.168.1.0/24
15:37 < Neighbour> so your pc is in the 192.168.3/24 subnet?
15:37 < speeddra_> the openvpn server ?
15:37 < Neighbour> no, the one where you want to do the accessing other machines from
15:38 < speeddra_> is on the normal network, 192.168.1.0/24
15:38 < speeddra_> I've add a push "route 192.168.1.0 255.255.255.0 192.168.3.1" to the server config
15:39 < speeddra_> but i think i probably need to add more route options
15:39 < Neighbour> i'm not quite clear on your setup yet
15:39 < Neighbour> your pc is in 192.168.1/24, and you run the openvpn client locally?
15:40 < speeddra_> on a server, inside the 192.168.1/24 network
15:40 < Neighbour> so there's an openvpn client in the 192.168.1/24, which connects to the openvpn server in 192.168.3/24
15:40 < Neighbour> is that right?
15:40 < speeddra_> the client is outside the network, is on the internet
15:41 -!- fearnothing is now known as nothing
15:41 -!- nothing is now known as fearnothing
15:42 < speeddra_> and wants to connect to the network, to be able to access to the machines without any restrictions
15:43 < Neighbour> so you'd need to have a "push route 192.168.1.0 255.255.255.0" in your server's config
15:43 < Neighbour> in order for the client to know that all 192.168.1/24 is accessible through the vpn link
15:44 < speeddra_> I've already tried that, without any success.
15:44 < Neighbour> there's more
15:44 < speeddra_> The only difference, is taht i can access the server ip on the network (192.168.1.50) but not the others machiens
15:45 < Neighbour> if you don't do any NAT on the vpn server, the packets enter the 192.168.1-network with the source address of the openvpn client
15:45 < speeddra_> so, i should enable iptables and configure the NAT ?
15:46 < Neighbour> so you'd need to have an entry in the default gateway of the 192.168.1/24 network routing all traffic to <ip of openvpn client..192.168.3/24?> to 192.168.1.50 (the openvpn server)
15:47 < speeddra_> That i've already add to the network router (192.168.1.1)
15:47 < speeddra_> but i can't reach the openvpn client
15:47 < Neighbour> how do you mean that? From where are you trying?
15:48 < speeddra_> A pc inside the network ...
15:48 < speeddra_> I think i made some progress
15:49 < speeddra_> Wait a second
15:50 < speeddra_> https://serverfault.com/questions/418354/how-to-set-up-openvpn-to-let-the-vpn-clients-to-access-all-the-servers-inside-th
15:51 < speeddra_> I've add the 3 iptables rules
15:51 < speeddra_> And I can now access from the OpenVPN network (192.168.3.0/24) to the home network (192.168.1.0/24)
15:52 < speeddra_> and vice-versa also works
15:52 < speeddra_> :D
15:52 < Neighbour> ah, well done
15:52 < speeddra_> The only thing left i need to check, is routing the Internet traffic to the OpenVPN
15:52 < speeddra_> but i think that could be an option on the client, right ?
15:53 < Neighbour> i think you should push out the default route from the server config
15:53 < Neighbour> but i'm not quite sure on the exact syntax
15:54 < speeddra_> Ok, I will look better how to do that :)
15:54 < speeddra_> Thanks for all the help! :)
15:54 < Neighbour> yw
15:55 -!- kaeline [kvirc@a88-85-146-57.mpynet.fi] has joined #openvpn
16:00 < kaeline> hi guys! I have a question about openvpn performance testing, anyone here?
16:00 < Thermi> It's single threated. End of story.
16:00 < speeddra_> redirect-gateway def1 on both server and client config worked :)
16:00 < kaeline> hi guys I have a question about measuring vpn performance, anyone here?
16:01 < Thermi> kaeline: Dependent on CPU and network performance. Whatever max out first
16:01 -!- kaeline [kvirc@a88-85-146-57.mpynet.fi] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
16:07 -!- speeddra_ [~speeddrag@22.19.103.87.rev.vodafone.pt] has quit [Ping timeout: 246 seconds]
16:11 -!- HardWall [~HardWall@188.24.159.180] has quit [Read error: Connection reset by peer]
16:11 -!- HardWall [~HardWall@86.121.42.228] has joined #openvpn
16:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
16:24 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.92 [Firefox 39.0/20150630154324]]
16:32 -!- HardWall [~HardWall@86.121.42.228] has quit [Read error: Connection reset by peer]
16:52 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
17:18 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:22 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
17:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:55 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Ping timeout: 272 seconds]
18:00 -!- toli [~toli@ip-62-235-214-143.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
18:03 -!- toli [~toli@ip-83-134-71-109.dsl.scarlet.be] has joined #openvpn
18:25 -!- madmandb [~debbie10t@unaffiliated/m10t] has joined #openvpn
18:36 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
18:36 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
18:36 -!- madmandb [~debbie10t@unaffiliated/m10t] has left #openvpn ["Leaving"]
18:37 < Gaffel> What's the difference between using "dev tap" and "dev tap0" in the server config? Will "dev tap" just pick the first availible number and "dev tap0" will only try to grab tap2?
18:37 < Gaffel> *tap0
18:41 < Gaffel> I guess so. Just want to make sure. :)
19:10 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:19 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
20:01 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
20:01 < boboysdadda> evening all. trying to get openvpn running on dd-wrt and i'm getting this error. NOTE: unable to redirect default gateway -- Cannot read current default gateway from system . does anyone have any ideas on how to fix?
20:11 < Gaffel> What does your redirect line look like?
20:13 < boboysdadda> Gaffel, what redirect line?
20:14 < boboysdadda> followed these instructions. https://www.privateinternetaccess.com/pages/client-support/dd-wrt-openvpn
20:15 < Gaffel> oh, okay. I'm not familiar with that interface.
20:17 < Gaffel> In the .conf, this is how you redirect: push "redirect-gateway def1 bypass-dhcp"
20:18 < boboysdadda> do i want to use def1 if my vpn interface is tun1?
20:18 < Gaffel> Try it.
20:18 < boboysdadda> with quotes and all?
20:19 < Gaffel> I don't know where you put it
20:19 < Gaffel> push "redirect-gateway def1 bypass-dhcp"
20:19 < boboysdadda> i know where to put it. just verifying the quotes
20:19 < Gaffel> That's the full line for pushing a gateway through-.
20:19 < Gaffel> Not sure how that DD-WRT interace does it
20:20 < Gaffel> But if it's in that "Additional config" then, yes.
20:20 < Gaffel> The whole line with quotes and everything
20:21 < boboysdadda> gotta reboot the router. bbiam. thanks
20:22 -!- boboysdadda2 [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
20:23 < Gaffel> I get the impression that the example you showed me is for a OpenVPN client.
20:23 < Gaffel> Is DD-WRT running as a server or a client?
20:24 < boboysdadda2> client
20:24 < Gaffel> Clients don't push gateway, do they?
20:24 < boboysdadda2> its the client to connecto PIA which is the server
20:24 < boboysdadda2> well a router is the gateway for the lan
20:25 < Gaffel> But the router gets the gateway from the VPN server.
20:25 < Gaffel> Only servers push gateways.
20:25 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 265 seconds]
20:26 < boboysdadda2> correct
20:26 < Gaffel> Your router needs a gateway to access the VPN server.
20:27 < boboysdadda2> isn't that what the server ip/name is?
20:28 < Gaffel> No
20:28 < boboysdadda2> this is the config
20:28 < boboysdadda2> ca /tmp/openvpncl/ca.crt management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto tcp-client cipher bf-cbc auth sha1 auth-user-pass /tmp/openvpncl/credentials remote 162.216.46.85 110 comp-lzo yes tun-mtu 1500 mtu-disc yes ns-cert-type server tun-ipv6 passtos persist-key persist-tun tls-client
20:28 < boboysdadda2> remote-cert-tls server push "redirect-gateway def1 bypass-dhcp"
20:28 < Gaffel> Paste somewhere else such as pastebin
20:29 < boboysdadda2> i didn't consider that to be long enough
20:29 < Gaffel> I get no linebreaks.
20:29 < boboysdadda2> there were none in the log from the router
20:30 < Gaffel> server should be: server a.b.c.d xxxx
20:30 < Gaffel> Just IP/host and the port.
20:30 < Gaffel> That push is for servers.
20:30 < Gaffel> I mean
20:30 < Gaffel> remote a.b.c.d xxxx
20:30 < Gaffel> That's how you specify server
20:30 < boboysdadda2> yeah thats in there
20:31 < Gaffel> Remove the whole server push "redirect-gateway def1 bypass-dhcp"
20:31 < boboysdadda2> done
20:32 < Gaffel> Okay, so you've specified the IP/hostname and port?
20:32 < boboysdadda2> though server is part of "remote-cert-tls server"
20:32 < Gaffel> oh
20:32 < boboysdadda2> -""
20:32 < Gaffel> Keep that then
20:32 < boboysdadda2> i did
20:32 < boboysdadda2> full log
20:32 < boboysdadda2> http://pastebin.com/QV0QUfCt
20:33 < Gaffel> Are you controlling the VPN server yourself too?
20:33 < boboysdadda2> no
20:33 < boboysdadda2> its provided by privateinternetaccess.com
20:34 < Gaffel> Okay
20:36 < boboysdadda2> line 21 shows the redirect
20:37 < boboysdadda2> line 29 shows the error
20:37 < Gaffel> Aye
20:37 < Gaffel> Maybe openvpn client is running as a user that's not allowed to read or write the default gateway.
20:38 < korrosive> !goal connect to Remote Desktop on my Windows OpenVPN server. I've done the basic setup in the how-to. Do I need to config routing or something?
20:39 < boboysdadda2> my users are root nobody and zabbix
20:39 < boboysdadda2> zabbix and nobody are for other services
20:40 < Gaffel> The OpenVPN client is complaining about your system.
20:42 < Gaffel> Are you leaving gateway as 0.0.0.0 in the UI?
20:43 < boboysdadda2> it was 192.168.1.1
20:43 < boboysdadda2> changed it to what is hopefully the gateway for my isp
20:43 < boboysdadda2> gonna reboot the router again bbiam
20:43 < Gaffel> It should obtain the correct gateway automatically.
20:44 < Gaffel> Do you have "redirect-gateway" in your client config somewhere?
20:45 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
20:45 < Gaffel> korrosive: Your firewall need to let the packets through.
20:45 < Gaffel> boboysdadda: Do you have "redirect-gateway" in your client config somewhere?
20:46 < boboysdadda> 20150829 19:44:29 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS
20:46 < korrosive> Gaffel, I tried disabling the WIndows firewall and it still doesn't work.
20:46 < boboysdadda> thats the only redirect gateway i have
20:46 < boboysdadda> that is pushed from the server
20:46 < Gaffel> That's the log
20:46 < Gaffel> I'm talking about your config
20:46 < boboysdadda> there is no config file. its all gui
20:46 < Gaffel> The text boxes and stuff
20:46 < Gaffel> Yeah, the GUI
20:47 < korrosive> Gaffel, which address am I supposed to use? My PCs LAN address, locahost, or what?
20:47 < korrosive> * address for RDP
20:47 < boboysdadda> no that option is not there
20:47 < korrosive> I can connect to the VPN
20:47 < Gaffel> boboysdadda: Then I don't know.
20:48 -!- boboysdadda2 [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 265 seconds]
20:48 < Gaffel> boboysdadda: http://superuser.com/questions/434741/openvpn-on-ubuntu-11-10-unable-to-redirect-default-gateway
20:48 -!- Franktech [~Unistar@ool-4570d1d3.dyn.optonline.net] has joined #openvpn
20:49 < Gaffel> If you have terminal access.
20:49 < Gaffel> korrosive: I don't know where the machines are.
20:49 < Franktech> Hi i'm having trouble with my OpenVPN server
20:49 < Gaffel> Franktech: State your problems.
20:49 < korrosive> I want to RDP in to the machine that hosts the VPN server I'm connecting to.
20:50 < Franktech> My friend has an issue reaching my server via VPN
20:50 < Gaffel> Franktech: Can you connect to it yourself?
20:50 < Gaffel> korrosive: Use the LAN address for that machine.
20:50 < Franktech> he can connect to the VPN but when he tries to RDP/Map a drive he's not able to get to it
20:51 < Franktech> and yes I can connect to it and map the drive/rdp
20:51 < Gaffel> Then it's something other than the VPN.
20:52 < korrosive> Gaffel, OK. That's what I've been trying. Windows firewall is currently disabled. RDP app says it can'
20:52 < Gaffel> Can you connect externaly? Like, a mobile device?
20:52 < korrosive> yes
20:52 -!- boboysdadda2 [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
20:53 < Gaffel> Did you give him your client configs?
20:53 < korrosive> who?
20:53 < Gaffel> I'm asking Franktech.
20:53 < korrosive> sorry
20:54 < Gaffel> You two have similar problems. :P
20:54 < Franktech> Yeah I gave him the client config fule
20:54 < Franktech> file*
20:54 < korrosive> So there should be no extra config beyond the basic setup needed for RDP to work?
20:54 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 244 seconds]
20:55 < Gaffel> If the VPN works then it's no the VPN.
20:55 < Gaffel> If you can access other things through the VPN then the VPN is fine.
20:56 < korrosive> Thing like SMB will use the LAN address as well?
20:56 < korrosive> basically, I act as if I am on my LAN?
20:56 < Gaffel> Windows networking is a bit more complex.
20:56 < Gaffel> korrosive: Yes
20:56 < Gaffel> Once you're connected, you're part of the LAN.
20:57 < Franktech> i'm able to connect to VPN in from my phone
20:57 < Gaffel> Can you access network resources from your phone?
20:57 < Franktech> yeah
20:58 < korrosive> but my network is 192.x.x.x and when I connect ot my VPN I am given a 10.x.x.x
20:58 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
20:58 < Gaffel> korrosive: OpenVPN hands out IPs like that by default.
20:59 < korrosive> doesn't that mean I need to route something or bridge?
20:59 < Franktech> and when he did a tracert to the server while connected to the VPN it loops between two Time Warner IPs
20:59 < Gaffel> My LAN is 192.168.0.0 and my VPN server hands out 192.168.1.0
20:59 < Gaffel> You need to push correct routes
20:59 < Franktech> and it says TTL has expired in transit
20:59 < korrosive> OK. How do I do that, Gaffel?
20:59 < Gaffel> korrosive: Do you have VPN server access?
21:00 < korrosive> I'm sitting at the machine now
21:00 < Gaffel> I do this in the conf:
21:00 < Gaffel> push "route 192.168.0.0 255.255.255.0"
21:00 -!- boboysdadda2 [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 244 seconds]
21:00 < Gaffel> Then the client will get the route for my LAN despite being on a different subnet.
21:00 < korrosive> server.ovpn ?
21:00 < Gaffel> Aye
21:01 < Gaffel> push "route 192.168.0.0 255.255.255.0"
21:01 < Gaffel> push "route 192.168.1.0 255.255.255.0"
21:01 < Gaffel> Those are the ones I push.
21:02 < Gaffel> My .0.0 is my LAN and .1.0 is the address range used by my VPN server.
21:02 -!- boboysdadda2 [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
21:03 < Franktech> Do I have to change my netmask and subnet mask?
21:03 < Gaffel> korrosive: Do you intend on using the VPN as a tunnel or just connect to a network?
21:03 < Gaffel> Franktech: Depends on your network.
21:04 < korrosive> Just to access RDP and SMB on the server. I may want to tunnel in the future.
21:04 < Franktech> mine is a 192.168.1.1 network
21:04 < Franktech> oops
21:04 < Franktech> I mean that's for my LAN
21:05 < Franktech> the VPN is 10.8.0.0
21:05 < Gaffel> Okay, push those routes then
21:05 < Gaffel> 192.168.1.0 and 10.8.0.0
21:05 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 244 seconds]
21:05 < korrosive> I added push "route 192.168.0.0 255.255.255.0 to the config, restarted the service, and it is still giving my client 10.8.0.6
21:05 < Gaffel> The masks I use above.
21:06 < Gaffel> korrosive: That route is just how your client can find that 192.168.0.0 network
21:06 < Gaffel> The 10.8.0.0 is specified somewhere else in the config.
21:06 < korrosive> ah
21:06 < korrosive> RDP still fails to connect
21:07 < Gaffel> Make sure that you have: topology subnet
21:07 < Gaffel> It's not enabled by default
21:09 < Gaffel> No need to push the route for the VPN address range
21:09 < Franktech> Could my issue be related to Time Warner?
21:09 < Gaffel> Franktech: Shouldn't be, if you connect the right way
21:10 < korrosive> enabled topolgy subnet, RDP still fails
21:10 < Franktech> i mean he connected the right way
21:10 < korrosive> did I need to add push "route 192.168.0.0 255.255.255.0" and push "route 192.168.1.0 255.255.255.0"?
21:11 < korrosive> or just push "route 192.168.0.0 255.255.255.0"?
21:11 < Gaffel> Just that one
21:11 < korrosive> ok
21:11 < korrosive> any other ideas?
21:11 < Gaffel> The knows where to find 192.168.1.0 since it's talk to it.
21:11 < Gaffel> I'm looking at some configs.
21:11 < Franktech> but when he tried to do a tracert, the packets bounce between two TW ips
21:12 < Franktech> http://pastebin.com/CCDUtCDi
21:12 < Gaffel> Then it's not using the VPN.
21:13 < Gaffel> The VPN is virtual and the WAN will be transparent if you go through the internet.
21:13 < Gaffel> The VPN is virtual and the WAN will be transparent if you go through the VPN.
21:14 < Gaffel> The tracert program will only see your VPN server's IP and then the WAN.
21:14 < Gaffel> I just ran tracert to something on the WAN and it jumps to my VPN and then straight out on the WAN.
21:15 < boboysdadda2> Gaffel, i don't get it. reflashed router and only did settings for the vpn. still same error.
21:15 < Gaffel> I see :/
21:16 < Gaffel> I don't get it either. I have no experience with that DD-WRT stuff.
21:17 < korrosive> I gave up on OpenVPN on DDWRT. I couldn't get it to output logs so I couldn't figure out why I couldn't connect to the VPN.
21:17 < Gaffel> :/
21:18 < korrosive> Now I'm happy to have it connectable on Windows, but I still can't do anything I want to do. :(
21:18 < Gaffel> What OS is the OpenVPN server running?
21:18 < korrosive> Windows 7 Pro
21:19 < korrosive> x64
21:20 < Gaffel> Can you post the server.ovpn on Pastebin?
21:21 < Franktech> who me?
21:21 < Gaffel> Both :P
21:21 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
21:21 < Gaffel> ...I guess. :)
21:22 < korrosive> http://pastebin.com/FsLazZYu
21:23 -!- boboysdadda2 [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 244 seconds]
21:25 < Gaffel> korrosive: And client config? :)
21:26 < korrosive> http://pastebin.com/t5NLa2mg
21:30 < Gaffel> I can't see anything wrong with them.
21:31 < Gaffel> Can you ping the VPN server from the client?
21:31 < korrosive> Client connects to the VPN fine.
21:32 < Gaffel> It's something on the Windows machine. :/
21:32 < Gaffel> I don't know anything about Windows OpenVPN server in L3 tunneling.
21:33 < korrosive> OK thanks for your help.
21:33 < korrosive> I have to go. If you have any other ideas later, please share. I'll stay connected here and will be back on later tonight or tomorrow.
21:33 < Gaffel> I don't know why RDP won't hear your clients over the VPN tunnel. :(
21:37 < Gaffel> Try to use TAP instead of TUN.
21:40 < Gaffel> Windows should show a virtual network device that's used as the exit for the tunneled traffic.
21:40 < Gaffel> Check that device's settings such as networking sharing etc
21:43 < Gaffel> My guess that it has to do with that stuff.
21:43 < Gaffel> Specific to Windows.
21:43 < Gaffel> I had some troubles with my OpenVPN until I changed the firewall rules but I run Linux.
22:16 -!- hennos [~midas8@167.160.44.218] has quit [Quit: Leaving]
22:27 < Franktech> odd, the problem seemed to have fixed itself
22:38 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Remote host closed the connection]
22:58 -!- arlen [~arlen@jarvis.arlen.io] has left #openvpn []
23:04 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
23:50 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:53 -!- ShadniX [dagger@p5481DC1D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:55 -!- ShadniX [dagger@p5DDFE161.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Aug 30 2015
00:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:25 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
00:58 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Quit: Oops, my ZNC appears to have died!]
01:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
01:26 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
01:28 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
01:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:50 -!- HardWall [~HardWall@86.121.42.228] has joined #openvpn
02:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:09 -!- mode/#openvpn [+o mattock1] by ChanServ
02:11 -!- korrosive [~unknownso@c-24-13-157-73.hsd1.il.comcast.net] has quit [Ping timeout: 244 seconds]
02:15 -!- HardWall [~HardWall@86.121.42.228] has quit [Read error: Connection reset by peer]
02:28 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 244 seconds]
02:28 -!- jeev_ [~j@unaffiliated/jeev] has joined #openvpn
02:29 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 244 seconds]
02:30 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
02:30 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 244 seconds]
02:30 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 244 seconds]
02:31 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
02:32 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
02:37 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
02:50 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Reboot? Or did my jail(8) just die?]
03:01 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
03:04 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:17 -!- HardWall [~HardWall@86.121.42.228] has joined #openvpn
03:18 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
03:19 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has joined #openvpn
03:39 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
04:02 -!- korrosive [~unknownso@50.151.181.21] has joined #openvpn
04:19 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:57 -!- albech [~Thunderbi@188-179-157-194-static.dk.customer.tdc.net] has joined #openvpn
04:58 < albech> since customers are upgrading to win10 they are having problems with host resolution order. where the vpn dns are not prioritized correctly.. any suggestions beside staying on win 7 ;)
05:36 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
05:39 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:05 -!- madmattco [~quassel@198.251.81.102] has quit [Ping timeout: 250 seconds]
06:06 -!- madmattco [~quassel@198.251.81.102] has joined #openvpn
06:26 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
06:33 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Read error: Connection reset by peer]
06:33 -!- esde [~something@openvpn/user/esde] has quit [Ping timeout: 260 seconds]
06:34 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
06:36 -!- esde [~something@openvpn/user/esde] has joined #openvpn
06:36 -!- mode/#openvpn [+v esde] by ChanServ
06:46 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
07:12 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-omhodufnmarjyzps] has quit [Quit: Connection closed for inactivity]
07:14 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
07:29 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: brb, rebooting for kernel upgrade]
07:29 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
07:29 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
07:32 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
07:40 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:41 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
07:41 -!- dionysus70 is now known as dionysus69
07:48 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
07:49 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-qyyalhshufqufckl] has joined #openvpn
07:52 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
07:52 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
07:52 -!- trumee_ is now known as trumee
08:18 -!- Franktech [~Unistar@ool-4570d1d3.dyn.optonline.net] has quit [Ping timeout: 255 seconds]
08:27 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
08:38 < jzaw> albech it's cos of changes in win10 ... this occurse when the dns server doesnt reply or doesnt reply in a timely manner
08:38 < jzaw> i take it they are vpn'ing in rather than being on your network and vpn'ing out?
08:41 < albech> jzaw: correct. they are vpn'ing in.
08:42 < jzaw> what are the problems exhibited?
08:43 < albech> jzaw: the reason people vpn into the network is to access internal hosts over encrypted connection. the internal dns should handle all lookups while on the vpn even external lookups
08:43 < albech> but for whatever reason the dns (vpn adapter) is never queued
08:44 < jzaw> im not a windows user
08:44 < albech> basically overriding all dns with the vpn dns would work
08:44 < jzaw> but was reading about it yesterday
08:44 < albech> same here..
08:45 < albech> but many of my clients use that crap ;)
08:45 < jzaw> windows behaviour has changed in 10 aiui ... and the time out is short before it sends all queries to all interfaces (thus non vpn iface)
08:46 < jzaw> trying to find the article ... it had some mitigating schemes
08:46 < albech> when doing ipconfig /all the correct dns shows on the TAP (vpn) adapter/interface, but the main interface always seems to answer first.
08:47 < albech> manually adding the vpn dns to the main interface solves the problem, but it is hardly a solution for average users
08:48 -!- satdav [uid15780@firefox/community/satdav] has quit []
08:50 < jzaw> this isnt the article ... but it might help
08:50 < jzaw> https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html
08:50 < albech> thx.. will look
08:51 < jzaw> there's an app there that might do that manual add of dns for you
08:51 < jzaw> i glanced at the text but youd need to digest it properly
08:51 < jzaw> i may have mis read it
08:52 < jzaw> also i have no idea if it works in win10
09:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
09:46 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
09:52 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-qyyalhshufqufckl] has quit [Quit: Connection closed for inactivity]
09:55 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 244 seconds]
09:56 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
10:01 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 255 seconds]
10:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
10:07 -!- albech [~Thunderbi@188-179-157-194-static.dk.customer.tdc.net] has quit [Remote host closed the connection]
10:12 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
10:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:23 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
10:31 -!- cannesahs [~jjmaline@kekkonen.niksula.hut.fi] has quit [Remote host closed the connection]
10:42 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
10:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
10:49 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
10:59 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
11:09 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 272 seconds]
11:11 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
11:21 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
11:38 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
11:40 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:27 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 260 seconds]
12:30 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
12:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:55 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ujrzqopbjglhitkw] has joined #openvpn
13:07 -!- blokc [~Thunderbi@2601:2c4:0:d03a:b8de:b410:899d:a9b3] has joined #openvpn
13:25 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Quit: I will be back later! :-)]
13:25 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
13:31 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
13:37 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 265 seconds]
13:39 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
13:57 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
14:05 -!- blokc [~Thunderbi@2601:2c4:0:d03a:b8de:b410:899d:a9b3] has quit [Quit: blokc]
14:17 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
14:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:30 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
14:31 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:43 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
14:52 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Quit: Quit]
15:03 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
15:09 -!- hennos [~midas8@167.160.44.218] has joined #openvpn
15:31 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
15:51 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:56 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:01 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]
16:06 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:11 -!- RealityVoid [~HardWall@79.116.231.133] has joined #openvpn
16:14 -!- HardWall [~HardWall@86.121.42.228] has quit [Ping timeout: 244 seconds]
16:15 -!- boboysdadda2 [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
16:18 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 246 seconds]
16:27 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
16:27 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
16:28 -!- RealityVoid [~HardWall@79.116.231.133] has quit [Read error: Connection reset by peer]
16:39 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
16:41 -!- boboysdadda2 [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 244 seconds]
16:43 -!- toli_ [~toli@ip-62-235-44-195.dial.scarlet.be] has joined #openvpn
16:45 -!- toli [~toli@ip-83-134-71-109.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
16:45 -!- toli_ is now known as toli
16:47 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has quit [Read error: Connection reset by peer]
16:47 -!- toli [~toli@ip-62-235-44-195.dial.scarlet.be] has quit [Read error: Connection reset by peer]
16:47 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has joined #openvpn
16:52 -!- toli [~toli@ip-62-235-44-195.dial.scarlet.be] has joined #openvpn
17:12 -!- boboysdadda [~boboysdad@unaffiliated/boboysdadda] has quit [Ping timeout: 244 seconds]
17:13 -!- One3yed [46757444@gateway/web/cgi-irc/kiwiirc.com/ip.70.117.116.68] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
17:42 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Ping timeout: 246 seconds]
17:44 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
18:00 -!- b0br [~b0br@cpc5-macc3-2-0-cust215.1-3.cable.virginm.net] has joined #openvpn
18:06 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:12 -!- toli [~toli@ip-62-235-44-195.dial.scarlet.be] has quit [Ping timeout: 246 seconds]
18:15 -!- toli [~toli@ip-83-134-72-70.dsl.scarlet.be] has joined #openvpn
18:25 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
18:29 -!- DarkSector [~DarkSecto@unaffiliated/darthsector] has joined #openvpn
18:30 < DarkSector> I have a open config that includes the certificates
18:30 < DarkSector> openvpn on ubuntu requires the key the cert and everything else in the open
18:30 < DarkSector> the ovpn config
18:33 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
18:34 < Gaffel> ...and your problem is?
18:36 < Gaffel> DarkSector...
18:37 < DarkSector> Uh, sorry I just figured it out. I removed the cert and other stuff and copied it into a separate file and used that
18:37 < Gaffel> Okay
18:59 -!- akamaru217 [~akamaru@2601:cd:4001:b705:34dc:b766:b4d1:67cc] has quit [Quit: Leaving]
19:08 -!- akamaru217 [~akamaru@2601:cd:4001:b705:fc2f:eaf3:befe:2dbd] has joined #openvpn
19:33 -!- phantomcircuit [~phantomci@smartcontracts.us] has quit [Quit: quit]
19:36 -!- phantomcircuit [~phantomci@smartcontracts.us] has joined #openvpn
19:37 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
19:39 -!- phantomcircuit [~phantomci@smartcontracts.us] has quit [Client Quit]
20:07 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [K-Lined]
20:17 -!- b0br [~b0br@cpc5-macc3-2-0-cust215.1-3.cable.virginm.net] has quit [Changing host]
20:17 -!- b0br [~b0br@unaffiliated/b0br] has joined #openvpn
20:21 -!- phantomcircuit [~phantomci@smartcontracts.us] has joined #openvpn
20:35 <@ecrist> sup peeps
20:35 <@ecrist> I'm working on getting vpnHelper back online.
20:35 <@ecrist> there's an issue getting the sqlite library the Factoids plugin uses with the current version of python
20:36 -!- Tenhi [~tenhi@178.18.241.180] has quit [Ping timeout: 240 seconds]
20:37 -!- peder [~peder@rubin.ifi.uio.no] has quit [Ping timeout: 240 seconds]
20:38 -!- Linmu_ [~Linmu@220-128-210-232.HINET-IP.hinet.net] has joined #openvpn
20:38 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 240 seconds]
20:38 -!- Linmu [~Linmu@220-128-210-232.HINET-IP.hinet.net] has quit [Ping timeout: 240 seconds]
20:39 -!- Tenhi [~tenhi@178.18.241.180] has joined #openvpn
20:40 -!- peder [~peder@rubin.ifi.uio.no] has joined #openvpn
21:05 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
21:06 -!- hennos [~midas8@167.160.44.218] has quit [Quit: Leaving]
21:09 -!- mystica555 [~mystica55@38.75.196.67] has quit [Ping timeout: 246 seconds]
21:16 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
21:16 -!- mode/#openvpn [+o vpnHelper] by ChanServ
21:16 <@ecrist> !as
21:16 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
21:16 <@ecrist> fuck yes
21:17 <@ecrist> Neighbour: boom! goes the dynamite
21:17 -!- DarkSector [~DarkSecto@unaffiliated/darthsector] has left #openvpn ["Leaving"]
21:55 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:09 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
22:29 -!- Farshid [Farshid@gateway/shell/elitebnc/x-vwwddhzazzfbedru] has quit [Ping timeout: 244 seconds]
22:36 -!- korrosive [~unknownso@50.151.181.21] has quit []
22:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:17 -!- blackjack [~BJ@unaffiliated/blackjack] has joined #openvpn
23:17 < blackjack> guys
23:17 < blackjack> can you help me with openvpn in wheezy debian?
23:18 < blackjack> i have this configuration file already but it wont work. is there something i needed to do after installing openvpn via apt-get ?
23:18 < blackjack> it is a TLS-enabled openVPN configuration
23:20 < blackjack> do i need to generate a key first, before using any configuration files?
23:20 < blackjack> hello can someone help
23:44 < subzero79> blackjack, you need to generate the keys first
23:44 < subzero79> the client certificates
23:47 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 240 seconds]
23:48 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
23:52 -!- ShadniX [dagger@p5DDFE161.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:53 -!- ShadniX [dagger@p579416E1.dip0.t-ipconnect.de] has joined #openvpn
23:56 < blackjack> hwo do i do that subzero79
23:56 < blackjack> but i started openvpn, and it did not ask for it
23:56 < subzero79> in the easy-rsa folder
23:56 < blackjack> ok
23:56 < subzero79> or copy the easy-rsa folder
23:57 < blackjack> i havent generated any of that
23:57 < subzero79> to location you wish to operate and keep the keys and certificates
23:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Mon Aug 31 2015
00:00 < subzero79> blackjack, i am just looking in my wheezy install the location of easy-rsa default but i can't seem to find it
00:00 < subzero79> though it came bundled with the deb
00:01 < subzero79> ok, the default openvpn of wheezy comes with easy-rsa
00:01 < subzero79> i have the backport one, where ther package easy-rsa is taken to a different package
00:02 < subzero79> but in your case you should find it at /usr/share/doc/openvpn/examples/easy-rsa/2.0/
00:07 < blackjack> actuall subzero79, they just told me this -->
00:07 < blackjack> gdi@deathstar:/etc/openvpn$ sudo openvpn --config config_respi.ovpn
00:07 < blackjack> Options error: Unrecognized option or missing parameter(s) in config_respi.ovpn:7: tls-version-min (2.3.2)
00:07 < blackjack> Use --help for more information.
00:07 < blackjack> thats my error
00:08 < blackjack> but it should ask me to login
00:08 < blackjack> but it doesnt do that
00:08 < subzero79> for login you need to specify the pam module if recall, don't use that option but i did some testing some time ago
00:09 < subzero79> you want client certificate plus login right?
00:11 < subzero79> blackjack, i miss your goal are you trying to run a server or connect to a server?
00:11 < blackjack> yes
00:11 < blackjack> connect to a server
00:11 < blackjack> i want to connect to a server
00:11 < blackjack> which has openvpn settings
00:11 < subzero79> you run that server?
00:11 < subzero79> or is a provier?
00:12 < subzero79> vpn provider?
00:12 < blackjack> i want to use http://respiratio.net/config_respi.ovpn
00:12 < blackjack> its is free vpn provider
00:12 < blackjack> and free shell
00:12 < blackjack> but the supports staffs are offline i think
00:12 < blackjack> they have their channel too, and im also there:)
00:12 < subzero79> ok i understand
00:13 < blackjack> they did not said anything about creating a certificate
00:13 < blackjack> i really just need the login
00:13 < subzero79> no is fine
00:13 < blackjack> how do i do that?
00:13 < subzero79> though you wanted to run a server
00:13 < subzero79> you don't need certs
00:14 < blackjack> errr no
00:14 < subzero79> they are embedded in the ovpn file
00:14 < blackjack> i just wanted to run openvpn. so that i can securely browse w/ a different ip
00:14 < blackjack> the ip that the openvpn provides
00:14 < subzero79> yes i know
00:14 < blackjack> yes
00:15 < blackjack> some other chatter told me, im using an old version
00:15 < blackjack> of openvpn
00:15 < blackjack> because im still using debian 7 (wheezy)
00:15 < subzero79> the default wheezy is 2.2
00:15 < subzero79> you can use the backport one
00:15 < subzero79> a little bit more up to date
00:15 < blackjack> yeah im using the backport now
00:16 < subzero79> does it sill complain about tls?
00:16 < blackjack> maybe the server certificates is different now
00:16 < blackjack> yes
00:16 < blackjack> same as the old
00:16 < blackjack> bot backport and non backport complain on it
00:16 < blackjack> both*
00:17 < subzero79> let me try here
00:18 < subzero79> it referes to this proably https://community.openvpn.net/openvpn/ticket/401
00:18 <@vpnHelper> Title: #401 (OpenVPN 2.3.4 client fails when server uses tls-version-minimum 1.2 when 2.3.3 works fine) – OpenVPN Community (at community.openvpn.net)
00:18 < blackjack> hmmm
00:18 < blackjack> OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  2 2014
00:18 < blackjack> is what im using now
00:19 < subzero79> same as mine, it still complains
00:19 < blackjack> you trying too?
00:19 < subzero79> remove the tls-min line
00:19 < blackjack> you should atleast have a login
00:19 < subzero79> or coment it with ;
00:19 < blackjack> for user/pass (if you had one) :)
00:19 < subzero79> then run it again
00:19 < blackjack> errr
00:19 < blackjack> you suggest that i edit that opvn file
00:20 < subzero79> yes
00:20 < blackjack> you did?
00:20 < blackjack> its asking for user/pass now?
00:20 < subzero79> ;tls-version-min 1.2
00:20 < subzero79> like this
00:20 < blackjack> ok
00:20 < subzero79> yes type your user and pw
00:20 < subzero79> see if it passes
00:20 < subzero79> or spits error later
00:20 < blackjack> ok wait
00:21 < subzero79> tls-min was intro in 2.3.4
00:21 < blackjack> someone told me.
00:21 < blackjack> you should need a key
00:21 < blackjack> you do need a VPN key in the same directory as your configuration file. Your VPN provider may have generated it for you if you have secure e-mail
00:21 < blackjack>                     set up.
00:22 < subzero79> not in  this case
00:22 < subzero79> the keys and certs are inside the ovpn file
00:22 < blackjack> oh well. lets experiment then:)
00:22 < subzero79> you can check it yourself
00:22 < blackjack> yeah i saw that too
00:22 < blackjack> so it just needs your valid user/pass
00:22 < blackjack> which i always use
00:22 < blackjack> only when logging on ssh
00:23 < blackjack> brb. gonna edit it now
00:28 < blackjack> https://paste.debian.net/309760/
00:28 < blackjack> it errors, same error , where you type the wrong login or correct
00:28 < blackjack> after you enter password. it pukes out like that
00:32 < blackjack> tls version 1.0 is the issue. thats the only TLS that debian wheezy can provide
00:32 < blackjack> and the server we are connecting uses version 1.2
00:38 < subzero79> the problem is there is not tls-version-min directive in the current package
00:38 < subzero79> check with openvpn --help | grep tls
00:38 < blackjack> yes. i someone is teaching me how to compile the newest version which is from jessie
00:38 < blackjack> coz that seemed to work
00:39 < subzero79> mmmm
00:39 < blackjack> im changing my openvpn version to higher
00:39 < blackjack> its the only way to go
00:39 < blackjack> unless the server would downgrade to TLS version 1
00:39 < subzero79> is jessie the current whezy backport usually?
00:39 < blackjack> i can use my current one
00:39 < blackjack> the wheezy backport is also not supporting TLS version 1.2
00:40 < blackjack> thats why i need the jessie one
00:40 < subzero79> be careful there with systemd
00:40 < blackjack> errr
00:40 < blackjack> you did not get me
00:40 < blackjack> lol
00:40 < blackjack> im updating the package only  of openVpn
00:40 < blackjack> not the whole OS
00:40 < subzero79> does it come with init i mean
00:40 < blackjack> the openVPN for jessie
00:40 < subzero79> an init script
00:41 < blackjack> ahhh, you saying, the openVPN for jessie might only be for systemD
00:41 < subzero79> or you want to run it just executing the binary no daemonize
00:41 < blackjack> and not init
00:41 < blackjack> is that what you telling?
00:41 < subzero79> yes
00:41 < blackjack> that i will ask too
00:41 < subzero79> ok
00:41 < blackjack> you had a point there
00:41 < blackjack> brb
00:41 < subzero79> other thing
00:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:42 -!- mode/#openvpn [+o mattock1] by ChanServ
00:42 < subzero79> is you can grab the openvpn tarball and built it
00:42 < subzero79> it comes bare.....no init script just the bins and the man if i recall
00:44 < blackjack> ok i might try that one too
00:45 < blackjack> but thats not optimized for debian
00:45 < blackjack> thats why i think the best bet is install a debian based openVPN
00:46 < subzero79> yes don't what optimizations they do beyond a start script
00:47 < blackjack> but theres also a debian 8 and 9 (no systemd) movement going on right?
00:47 < subzero79> i would just build the binary and replace it
00:47 < blackjack> i think they would still have the option, w/o systemd
00:47 < subzero79> i think init scripts are still valid
00:50 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
00:52 < blackjack> just waiting for this dude
00:53 < blackjack> i think he will help me dget a file from jessie
00:53 < blackjack> the jessie version of openvpn
00:53 < blackjack> and then get the source
00:53 < blackjack> and compile it
00:53 < blackjack> he says its possible to do that
00:53 < blackjack> and have that particular package on jessie
00:58 < subzero79> ok
00:58 < subzero79> shouldn't be hard
00:58 < blackjack> yeah
00:58 < subzero79> need to go for walk....se you later
00:58 < blackjack> ok ok
00:58 < blackjack> thanks for the time :)
00:58 < blackjack> later.
01:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:50 -!- hojgaard [~hojgaard@78.156.117.236] has quit [Remote host closed the connection]
02:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
02:13 < subzero79> blackjack, how did it go?
02:21 -!- Mike-- [mad@mx.probie.nl] has quit []
02:24 < blackjack> i did not want too risk it :)
02:24 < blackjack> the guy is teaching me how to chroot
02:24 < blackjack> fakechroot
02:25 < blackjack> and fakeroot
02:25 < blackjack> its needed he says, so that it wont mess up my system
02:25 < blackjack> when we compile and it needs the dependency
02:25 < blackjack> there is no problem with compile of the code
02:25 < blackjack> the problem is its dependecies
02:26 < blackjack> which might look for debian jessie dependencies
02:27 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
03:06 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 272 seconds]
03:11 < subzero79> blackjack, get the openvpn tarball and use the binary
03:12 < subzero79> i use built it and your file didn't complain with tls-min
03:12 < subzero79> don't further since i don't have credentials
03:24 < Intensity> Hey. I'm wondering if anyone else has used OpenVPN-NL and has attempted to compile this in OS X.
03:24 < blackjack> subzero79, what version of openvpn you using right now?
03:30 < subzero79> bpo wheezy
03:30 < subzero79> 2.3.2
03:32 < subzero79> i just pick the built binary from ./src/openvpn an run it against the .ovpn file
03:32 < subzero79> my normal client runs with the default deb package from backports
03:40 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 256 seconds]
03:44 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
03:51 -!- dazo_afk is now known as dazo
04:16 -!- rooth_ is now known as rooth
04:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:57 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
05:04 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:09 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
05:15 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
05:22 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
05:24 < fearnothing> I'm struggling to understand how a VPN's supposed to work in relation to what users who connect to it are allowed to do at the other end
05:25 < fearnothing> I have two main networks, .1.0/24, .2.0/24 and my VPN assigns IPs in the range .3.0/24
05:28 < fearnothing> .2.0/24 is very locked down in terms of what IPs on that subnet can do, it only has connections permitted from .1.0/24 on a handful of ports, and nothing else
05:29 < fearnothing> but when I connect via the VPN, I seem to be able to reach in to .2.0/24 from there, and I don't think I should be able to
05:29 < fearnothing> why is it possible?
05:37 -!- DarkSector [~DarkSecto@unaffiliated/darthsector] has joined #openvpn
05:38 -!- DarkSector [~DarkSecto@unaffiliated/darthsector] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
06:08 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
06:11 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:29 <@plaisthos> your .2.0 is not locked down from the VPN network
06:36 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
06:47 < fearnothing> @plaisthos, why not? it should be default deny
07:15 <@plaisthos> fearnothing: that policy is outside OpenVPN's control
07:29 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
07:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
08:06 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:08 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
08:13 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has joined #openvpn
08:15 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
08:20 < leandrosansilva> Hello to all. I am running an openvpn 2.2.1 (ubuntu 12.04) server with about 3 thousand connected clients. Under such load, sometimes openvpn (on the server) just hangs and restarts in order to re-stablish the connections. It's very annoying and I am now trying to figure out a way to get rid of this issue. Before trying some loading balance move, I'd like to know if it's recommended to...
08:20 < leandrosansilva> ...update openvpn, as it might be some issue solved in the current series. I am reading the 2.3.x changelog, but I found no bugfix related to a similar problem. And I have this problem of cannot break openvpn, due the amount of connections and the importance of them.
08:21 < leandrosansilva> The connection between the clients and the server is very active, with constant file copies through rsync.
08:21 < leandrosansilva> That's why I also thought about some load balancing move, even though I am trying to postpone it
08:26 <+esde> !current
08:26 <@vpnHelper> "current" is (#1) Our policy is to only support current versions of software. If your Linux distribution's repository doesn't have the latest, you'll need to compile from source. See /topic for the latest versions of OpenVPN software (usually at the beginning). Anything earlier than these, and you'll be REQUIRED to upgrade before we offer assistance. or (#2) The current version of OpenVPN can be
08:26 <@vpnHelper> downloaded from http://openvpn.net/index.php/open-source/downloads.html for RELEASE and BETA versions, and a tarball snapshot of the development tree can be had from ftp://ftp.secure-computing.net/pub/openvpn/
08:27 < leandrosansilva> Ok, got it :-)
08:30 -!- jmacdonald [~jmacdonal@li127-104.members.linode.com] has joined #openvpn
08:31 < jmacdonald> Hello
08:34 < leandrosansilva> Ok, I have just checked and my clients are using openvpn client 2.1. In case I upgrade the server to the latest 2.3, will my clients continue working without any configuration change?
08:36 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
08:37 < leandrosansilva> I assume yes, from the compatibility web page.
08:51 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:52 -!- jmacdonald [~jmacdonal@li127-104.members.linode.com] has quit [Quit: leaving]
08:52 -!- jmacdonald [~jmacdonal@li127-104.members.linode.com] has joined #openvpn
09:22 <@plaisthos> leandrosansilva: yes
09:42 < iNs> hello, ive been doin some benching for my thesis and i noticed weird thing while openvpn benches on ubuntu, the more tests i run on a connection the slower it gets gradually, moreover, trying iperf with window size of 2M results in less than 1mbps bandwith which is weird, considering the fact that a default iperf bech, right after connection restart, easily reaches 100+ mbps, both machines are VMs on separate physical xen's, connected with a 10 gig nic
09:42 < iNs> looks like its gettin clogged up or something, or its ubuntu with its weird tcp scaling parameteres or something else, perhaps someone has experience with this?
09:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:01 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:02 <@dazo> iNs: that is not unsurprising ... openvpn is single threaded, so it only uses a single CPU core ... if more net intensive VPN clients pushes OpenVPN limits, a slowdown could be a very plausible effect ... as each client have a kind of "time slot" before the next client gets some stuff done
10:03 <@dazo> iNs: normally this is not noticed, as the VPN traffic are often not that speed critical and not all clients push the limits at the same time
10:04 <@dazo> iNs: which means those few clients which pushes the limits from time to time, fill their slots ... while less intensive clients don't use their full slot
10:04 < iNs> hmm, but im testing only a single connection
10:04 <@dazo> I don't know too much about the event handler in openvpn ... but that's the general 10.000 feet view
10:04 < iNs> in 'lab environment'
10:04 < iNs> and it had no problem while i was benching on win 2012r2
10:05 < iNs> i mean, looking at my results, benches were stable on win, but gettin crashed on ubuntu
10:05 <@dazo> aha!  that is unexpected, if it's a single client
10:05 < iNs> yea, its not a prod environment of sorts or stuff, its just me, testing the protocols themselves
10:06 <@dazo> iNs: could you share this info on the openvpn-devel list?  .... Jan Just Keijser (who wrote !gigabit) usually pays attention to performance stuff there ... so he might help out
10:06 <@dazo> be verbose on your findings and describe your setup and configs ... that'd be fruitful info!
10:20 < iNs> dazo, uhh, im in kind of hurry (deadlines :xx), you mean the sourceforge list?
10:20 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
10:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
10:34 < iNs> what about forums dazo?
10:40 <@dazo> iNs: trust me, the mailing list (yes, sf.net lists) will give you a quicker reply with more useful info
10:42 < iNs> just confirmed it again, via straight connection everything iperfs fine, the openvpn one, after 13 15 seconds it dips down to <1mbps, aight, subscribing to the list then ;)
10:44 <@dazo> iNs: would be cool if you could double check if this behavior can be found using vtun or similar other projects using the tun/tap driver ... just to see if it's the kernel driver or the user-space which causes this mishap
10:44 <@dazo> that can be done in parallel with the ML discussion, though
10:45 < iNs> true that, but isnt vtun like old and dead?
10:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
10:47 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Quit: Turning IRC client off]
10:48 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
10:49 <@dazo> iNs: it is ... but if it is an openvpn issue, the vtun program should not give you and decreased performance over time ... if you see a similar performance drop, it is most likely needed to look at the kernel instead of the openvpn :/
10:55 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-xcxwoqzinvnkithp] has joined #openvpn
10:55 < NetworkingPro> hey everyone
10:56 < NetworkingPro> I have an ovpn server and I have a lot of hosts that are sending tons of broadcast traffic, which is then getting router into the other devices consuming bandwidth. The server is in Tap mode.  Is there a  way to cause the server to discard broadcast packets or would I have to do that with iptables?
10:58 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
11:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:00 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
11:06 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has joined #openvpn
11:13 <@dazo> NetworkingPro: that is *EXACTLY* why we recommend the tun mode instead of tap ... as that removes this overhead completely
11:14 < NetworkingPro> dazo: yep.. l3 instead of 2.  :(
11:14 <@dazo> blocking it in the firewall will still saturate your VPN tunnel, unless you can filter it *before* it hits the tunnel ... which means all clients need this firewall rule
11:14 < NetworkingPro> can you push firewall rules to clients via the server?
11:15 <@dazo> nope
11:15 < NetworkingPro> or would that need to be added to their config file locally..
11:15 < NetworkingPro> ugh
11:17 -!- toli [~toli@ip-83-134-72-70.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
11:18 -!- toli [~toli@ip-62-235-212-191.dsl.scarlet.be] has joined #openvpn
11:20 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 252 seconds]
11:21 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
11:22 <@dazo> NetworkingPro: hate to do this "Told you so" ... but I just checked my IRC logs from Aug 10
11:22 <@dazo> [15:29:33] <dazo> why do you bridge?
11:22 <@dazo> ...
11:23 <@dazo> [15:46:15] <dazo> NetworkingPro: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
11:23 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
11:24 <@dazo> as that wiki page also says .... "There are no shortcuts in making networking easier - except learning how to do it properly."
11:24 <@dazo> so, please tell that to your bosses and start doing it correct from the beginning ... and I'm pretty sure you'll get closer to what you want.
11:25 <@dazo> You can do that through a migration phase, where you have another openvpn setup running with a proper tun config ... and replace the client configs one-by-one
11:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
11:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:32 < fearnothing> can someone help me understand some of the openvpn settings please, the descriptions in #pfsense are a little vague
11:33 <@dazo> !man
11:33 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
11:34 < fearnothing> I am completely lost in that, don't even know where to start
11:36 < fearnothing> it's more that I need to understand the principles of how a VPN is going to work in general
11:37 < skyroveRR> fearnothing: a VPN, in the most basic sense, gives access to an internal computer network REMOTELY.
11:38 < fearnothing> yes, not quite that general
11:38 < NetworkingPro> dazo: cause its not optional for me.. not something I can change without a complete rewrite.  :/
11:38 < skyroveRR> fearnothing: then?
11:38 < NetworkingPro> And I dont believe you hated doing that one bit!  lol
11:38 <@dazo> NetworkingPro: it doesn't change the fact that you have in reality just postponed what you need to do now
11:38 < NetworkingPro> Yep
11:38 < fearnothing> so, there are a couple of options whose purpose I haven't been able to identify what they will actually do, or have assumed they work in a particular way, and they don't
11:39 < NetworkingPro> I agree
11:39 < NetworkingPro> I didnt disagree with you then either. :/
11:39 < skyroveRR> fearnothing: like? Just list them.
11:39 < fearnothing> in particular, there's an option to specify 'interface', which I had thought was for specifying which interface on my device would be listening for clients
11:41 < fearnothing> I also wanted to ask about exactly how setting the tunnel network would behave
11:41 < fearnothing> like what would happen if there was a clash between one of my existing subnets and the network defined in the tunnel network
11:45 < NetworkingPro> dazo: I see examples of using iptables on the server with the bridge if to drop packets
11:45 < NetworkingPro> I've done input output and forward
11:46 < NetworkingPro> None of them seem to work. Is there a particular chain I can use?
11:46 <@dazo> yes, but that will still saturate the tunnel ... as clients also send broadcast traffic ... and that traffic will hit the tunnel regardless of your server iptables ... those can only be killed on the clients
11:47 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:47 <@dazo> once a package hits the tap device, openvpn picks it up and transports it to the remote side
11:48 <@dazo> NetworkingPro: you have 2 choices .... block this via iptables on all clients and servers .... or switch to tun
11:48 -!- toli [~toli@ip-62-235-212-191.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
11:49 <@dazo> NetworkingPro: well, there is third option .... to modify, compile and install a new openvpn on all clients where openvpn will kill broadcast traffic ... but then switching to tun makes way more sense
11:49 <@dazo> NetworkingPro: There's no other way to say it  ... You have to do redo your setup.  You do not have any other options
11:50 < jmacdonald> hi. i'm setting up my established openvpn such that 1 client can only access one host. using the method outlined  https://openvpn.net/index.php/open-source/documentation/howto.html#policy , my client and proxy can speak to each other however the client cannot see anything beyond the proxy. I know its route related but I added the route on the firewall of the network that the client lives on.
11:50 <@vpnHelper> Title: HOWTO (at openvpn.net)
11:50 -!- toli [~toli@ip-62-235-214-20.dsl.scarlet.be] has joined #openvpn
11:50 <@dazo> Stop wasting time looking for alternatives
11:50 < NetworkingPro> Were going to go tun mode
11:50 < jmacdonald> sorry, subsitutite that last client word with vpn server. and replace all instances of the word proxy with vpn server :) i'm doing a bunch of things at once here...
11:50 < NetworkingPro> Now I'm just salvaging.
11:50 < NetworkingPro> With iptables
11:52 <@dazo> Of course adding a block on the server side will reduce the broadcast traffic - as it is not sent out again, but clients will still saturate the tunnel ... I'd expect this rule to capture broadcast traffic on the server side:  -I FORWARD -o tap+ -m pkttype --pkt_type broadcast -j DROP
11:53 <@dazo> but that's just a lame attempt of survival
11:53 < blackjack> can someone test a configuration file for me? (those w/ old openvpn versions?)
11:53 < jmacdonald> i'll make it more clear...
11:54 < blackjack> http://respiratio.net/config_respi.ovpn
11:54 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has joined #openvpn
11:54 < blackjack> that config. doesnt work on debian wheezy
11:54 < blackjack> bot the original openvpn install and its backports version
11:54 < blackjack> both*
11:54 < blackjack> but works on jessie version of debian
11:55 < blackjack> i wonder you guys can kinda tweak that config so that it can run on old versions as well? (the owner of this one has no clue of a fix)
11:55 <@dazo> blackjack: what do you mean by 'old version'?
11:55 < blackjack> older the 2.3.3, i think 2.3.3 and higher has newer TLS
11:56 < blackjack> this is a tls type configuration
11:56 < blackjack> 2.2 and 2.3.2 are old version
11:56  * dazo uses git master .... so hard to test for me right now
11:56 < blackjack> thats what debian wheezy only has
11:57 < blackjack> dazo try the link i gave
11:57 < blackjack> and if it will open the configuration, it should show you a prompt for login
11:57 < blackjack> mine shows an error like this --> Options error: Unrecognized option or missing parameter(s) in config_respi.ovpn:7: tls-version-min (2.3.2)
11:58 <@dazo> blackjack: my git master is what comes in a future 2.4 release
11:59 < blackjack> dazo can i get your git configuration to work on debian 7 (wheezy) ?
11:59 <@dazo> 'git master' == development version of openvpn
11:59 < blackjack> that might fix it
11:59 < blackjack> its ok
11:59 < blackjack> as long as i can use the configuration file i shown you
11:59 -!- cybrNaut [cybrNaut@unaffiliated/cybrnaut] has left #openvpn []
12:00 < blackjack> the thing is, it might have dependencies that i do not currently have
12:00 < blackjack> or it needed to update some dependecies (that would break other programs)
12:03 <@dazo> blackjack: there were some issues related to tls-min-version ... so if you want to use that one, you should use at least 2.3.7
12:03 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
12:04 < blackjack> i see. dazo. how?
12:04 < blackjack> how could i use a higher version, i cannot use backport jessie
12:04 < blackjack> which is 2.3.4-5
12:04 < blackjack> there is none
12:04 < jmacdonald> folks, anyone seeing anything wrong with this syntax ?
12:04 < jmacdonald> route add -net 10.33.134.0/24 gw 10.33.33.13 dev eth0 netmask 255.255.255.0
12:05 <@dazo> agi have been good at backporting important fixes to Debian builds ... don't look yourself blind at the version number on Debian packages ... it's shipped with a bunch of patches on top of the 2.3.x base version
12:06 < blackjack> dazo. is there a way for debian wheezy to use 2.3.7 or 2.3.8?
12:06 <@dazo>  don't look yourself blind at the version number on Debian packages  <<=== look at how that package is built first
12:07 <@dazo> at a quick glance, the git commits you need to dig into are 8dc6ed28941cb9b9167e0b466e96b5f11359eb59 and a291825f7145679e6d1806029290402d0430b465
12:07 <@dazo> $ git tag --contains 8dc6ed28941cb9b9167e0b466e96b5f11359eb59v2.3.7
12:07 <@dazo> v2.3.8
12:08 <@dazo> gah ..... I'll try again: $ git tag --contains 8dc6ed28941cb9b9167e0b466e96b5f11359eb59v2.3.7
12:08 <@dazo> v2.3.8
12:08 <@dazo> (okay, so v2.3.7 and v2.3.8)
12:08 <@dazo> $ git tag --contains a291825f7145679e6d1806029290402d0430b465
12:08 <@dazo> v2.3.4
12:08 <@dazo> v2.3.5
12:08 <@dazo> v2.3.6
12:08 <@dazo> v2.3.7
12:08 <@dazo> v2.3.8
12:10 < blackjack> hmmm
12:10 < blackjack> dazo you are so technical, can you use some laymans term for me. lol
12:10 < blackjack> and i also do not know how to use git versions.
12:11 < blackjack> i just wanted to know if its possible for debian wheezy, yes or no, to get updated versions of openvpn, maybe it a git version or not
12:12 < blackjack> coz i heard its only upto 2.3.2 or 2.3.3
12:12 < blackjack> the default install on it gives you 2.3.2 actually
12:15 <@dazo> https://packages.debian.org/jessie/openvpn ... I don't have time to dig into what agi (the debian package maintainer) put into the jessie release
12:15 <@vpnHelper> Title: Debian -- Details of package openvpn in jessie (at packages.debian.org)
12:16 <@dazo> But this patch is what you most likely want ... https://github.com/OpenVPN/openvpn/commit/8dc6ed28941cb9b9167e0b466e96b5f11359eb59
12:16 <@vpnHelper> Title: Re-enable TLS version negotiation by default · OpenVPN/openvpn@8dc6ed2 · GitHub (at github.com)
12:17 -!- jmacdonald [~jmacdonal@li127-104.members.linode.com] has left #openvpn []
12:20 < blackjack> ok
12:30 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
12:31  * ki7rw hopes that openvpn will be integrated into android devices
12:33 <@dazo> ki7rw: that will probably not ever happen ... that's why Google provided a VPN API in Android 4.x, so that it would be possible for to provide third party VPN solutions ... which OpenVPN for Android and OpenVPN Connect does
12:34 < ki7rw> bummer - openvpn doesn't work as well in those devices as they do on linux
12:35 <@dazo> what doesn't work well?
12:35 < ki7rw> openvpn doesn't seem to work on windows XP or 10 also
12:36 < ki7rw> dazo, it won't start automatically on my samsung gs4 - i get a pop up window asking if i want to allow the app to do its thing
12:36 < ki7rw> on my son's nabi, it'll start in parent mode but stops whe i exit parent mode
12:37 <@dazo> that's nonsense .... I've used OpenVPN on Android quite a lot without issues, I've deployed OpenVPN for XP, Win 7 and Win 8 users ... Luckily I've not needed to play with Win10 at all, so I don't know anything about that
12:37 <@dazo> okay ... that's due to the VPN API ... which is how Google wanted it to be implemented
12:37 < ki7rw> dazo, on both XP and 10, when i launch the GUI it doesn't show up
12:38 < ki7rw> haven't tried on win 7 yet
12:38 <@dazo> If I've understood the Android VPN API correctly, it is the OS itself and not the OpenVPN app which pops up and does what you describe
12:38 < ki7rw> i think you're right about that - maybe there's a work-around?
12:38 <@dazo> ki7rw: are you sure openvpn-gui is really running?  and not hidden among the list of all the different other notification icons?
12:39 <@dazo> ki7rw: Google implemented it that way for security reasons
12:39 < ki7rw> dazo, when i try to launch it again i get a box saying that the gui is already running
12:39 <@dazo> otherwise an attacker could trick people to install an app which opened up a VPN tunnel without notifying the user and abuse that connection however the attacker wanted
12:40 <@dazo> double check with the task manager ... and double check the settings for notification icons
12:40 <@dazo> other than that ... I am not a Windows user ... just have deployed it successfully for approx 20 windows users
12:44 < ki7rw> i just launched it in win10, no visible gui - task manager says it's running
12:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:46 < ki7rw> i orinally launched it as a user - i tried launching it with admin privaledge and it still doesn't show up
12:46 <@dazo> ki7rw: I know there are some issues reported on Win10 ... but I have no idea what those issues are ... but I know WinXP and up until Win8.1 works
12:51 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
12:57 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:59 < ki7rw> don't know what i'm doing wrong but openvpn is unusable on my windows installations
13:07 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:08 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
13:15 < bruxC> Silly, dumb question. I setup my vpn server and got the client working just fine on my device. It's enabled but how does one test whether it's actually... working?
13:15 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
13:20 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
13:26 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 244 seconds]
13:33 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
13:35 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 268 seconds]
13:35 < Eugene> That depends what it is you're trying to do
13:35 < Eugene> !goal
13:35 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:35 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
13:37 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
13:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
13:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:46 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has quit [Ping timeout: 256 seconds]
13:48 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
13:49 -!- jmacdonald [~jmacdonal@li127-104.members.linode.com] has joined #openvpn
13:53 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
13:55 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:01 -!- dazo is now known as dazo_afk
14:10 -!- TikityTik [~TikityTik@162.223.44.49] has quit [Read error: Connection reset by peer]
14:10 < jmacdonald> can someone tell me if this is more or less correct http://hastebin.com/uyituyobet.vhdl
14:10 <@vpnHelper> Title: hastebin (at hastebin.com)
14:35 -!- NetworkingPro is now known as NetworkingNovice
14:46 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Remote host closed the connection]
14:48 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
14:54 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has joined #openvpn
15:10 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has joined #openvpn
15:12 < bruxC> Hey, just configured a server/client setup using pfsense. I have my client connected to my pfsense box both are on the same LAN. I also have a laptop that I'm on away from the pfsense box that's connected successfully to the pfsense/openvpn server. I've been told to watchout for dns leaks and doing the research I've gathered that if I see DNS ISP IP addresses and not that of my pfsense/openvpn then I am leaking... how would i go about
15:12 < bruxC> correcting this? Is this when I require VPN monthly services from external VPNs or...?
15:17 -!- NetworkingNovice is now known as NetworkingPro
15:22 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has quit [Ping timeout: 252 seconds]
15:30 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
15:37 -!- hennos [~midas8@167.160.44.218] has joined #openvpn
15:53 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:00 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:07 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
16:15 -!- korrosive [~unknownso@50.151.181.21] has joined #openvpn
16:21 < korrosive> Anyone familiar with Android? I have a Windows tap-bridge setup and the Android OpenVPN Connect app is giving me the error "android vpn api doesn't currently support tap-based tunnels"
16:27 < Gaffel> It says why it won't work.
16:27 < Gaffel> No TAP-support.
16:27 < Gaffel> So it's TUN only.
16:30 < korrosive> hey, you were helping me the other day. Problem with remote desktop was that I had to connect to 10.8.0.1, not a 192.x.x.x address
16:31 < korrosive> Now I want to config the server so that I can use my LAN address (192.168.1.100)
16:31 < korrosive> I have a bunch of Android apps that are set up already to do that.
16:32 < korrosive> If I have to use a different address, I'll have to make duplicate settings for everything
16:33 < Gaffel> You can write a network address rule instead of specific IP
16:34 -!- dvlwrk [~ryand@50-204-243-38-static.hfc.comcastbusiness.net] has left #openvpn []
16:34 < Gaffel> 192.168.1.0/24 <--- covers that whole subnet
16:34 < Gaffel> In iptables that is.
16:34 < korrosive> Is that in the OpenVPN config somewhere? I'm using Windows.
16:34 < Gaffel> When you connect through VPN and use differnt subnets then you need forwarding rules.
16:35 < Gaffel> oooh
16:35 < Gaffel> Sorry, I forgot. :/
16:35 < Gaffel> Windows routing rules is not my cup of tea. :(
16:35 < Gaffel> You need to change the routing rules for it to work the way you want.
16:36 < Gaffel> VPN just makes the client talk to the server if there rules are strict. You need to add more rules to allow full access across different subnets.
16:36 < Gaffel> I'm not using Windows firewall or routing so I don't know.
16:37 < Gaffel> I might have touched it in school 12 years ago but I don't remember.
16:37 < korrosive> OK. I know Windows can do that, but I'm not sure how to do it. I'll need to ask someone. What exactly do I ask them how to do?
16:38 < Gaffel> To enable the VPN subnet talk to the main LAN subnet that the VPN server is on.
16:39 < Gaffel> Once the VPN server push the routes to the client then the next step is to allow the routing between the two subnets.
16:39 < korrosive> OK. So I need to route 10.8.0.0 to 192.168.1.0
16:40 < Gaffel> Aye
16:41 < Gaffel> Subnets can't talk to each other because interfaces only listen to the packets that have a matching network address.
16:41 < Gaffel> That's when you need to change the routing rules on the router/gateway
16:42 < Gaffel> http://www.wikihow.com/Enable-IP-Routing
16:42 <@vpnHelper> Title: 3 Easy Ways to Enable IP Routing (with Pictures) - wikiHow (at www.wikihow.com)
16:42 < Gaffel> That's a start.
16:53 < Thermi> Could someone with administrative powers please delete this article? https://docs.openvpn.net/how-to-tutorialsguides/administration/extending-vpn-connectivity-to-amazon-aws-vpc-using-aws-vpc-vpn-gateway-service/
16:53 <@vpnHelper> Title: Extending VPN Connectivity to Amazon AWS VPC using AWS VPC VPN Gateway Service | Documentation (at docs.openvpn.net)
16:53 < Thermi> It's wrong and does not work.
16:53 < Thermi> Also, the strongSwan wiki has an article about Amazon VPC
16:54 -!- korrosive [~unknownso@50.151.181.21] has quit [Ping timeout: 240 seconds]
16:55 -!- korrosive [~korrosive@50.151.181.21] has joined #openvpn
16:58 < korrosive> ok, that shows how to enable IP routing, but not how to specify rules
16:59 < Thermi> korrosive: http://lartc.org/howto/lartc.rpdb.html kthxbye
16:59 <@vpnHelper> Title: Rules - routing policy database (at lartc.org)
17:01 < korrosive> Thermi, I don't see how that has to do with IP tables in Windows
17:01 < Thermi> korrosive: Oh, sorry. I assumed you meant on Linux.
17:01 < Thermi> I doubt that WIndows can handle policy based routing.
17:02 < korrosive> I know Windows has that functionality, I've never had to do it though.
17:11 < korrosive> here we go: http://www.sevenforums.com/tutorials/320978-static-routes-create-remove.html
17:13 < Thermi> I wrote "policy based routing".
17:14 < korrosive> I think what I posted will do what I need, though
17:16 < korrosive> Although, I think I may go back to trying to get OpenVPN to work on my DDWRT router
17:30 -!- Entelin [~Paruza@c-75-72-7-184.hsd1.mn.comcast.net] has quit [Quit: Leaving]
17:38 -!- chantra [~chantra@unaffiliated/chantra] has quit [Ping timeout: 252 seconds]
17:45 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 240 seconds]
17:47 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Read error: Connection reset by peer]
17:49 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
18:35 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Quit: “If we don't believe in freedom of expression for people we despise, we don't believe in it at all — Noam Chomsky”]
18:35 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
19:04 -!- |digits| [~digits@185.21.217.27] has quit [Ping timeout: 244 seconds]
19:07 -!- |digits| [~digits@185.21.217.27] has joined #openvpn
19:07 -!- |digits| [~digits@185.21.217.27] has quit [Excess Flood]
19:13 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
19:14 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Max SendQ exceeded]
19:19 -!- |digits| [~digits@185.21.217.27] has joined #openvpn
19:19 -!- |digits| [~digits@185.21.217.27] has quit [Excess Flood]
19:20 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has joined #openvpn
19:20 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has quit [Excess Flood]
19:26 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
19:26 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has joined #openvpn
19:31 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has quit [Ping timeout: 246 seconds]
19:31 -!- korrosive [~korrosive@50.151.181.21] has quit []
19:36 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
19:38 -!- nullsign [~nullsign@tyrion.nullsign.com] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
19:41 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
20:03 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 252 seconds]
20:03 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has joined #openvpn
20:03 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has quit [Excess Flood]
20:05 -!- c|oneman [cloneman@1337.montrealdark.com] has joined #openvpn
20:06 -!- |digits| [~digits@185.21.217.27] has joined #openvpn
20:10 -!- |digits| [~digits@185.21.217.27] has quit [Ping timeout: 260 seconds]
20:12 -!- hennos [~midas8@167.160.44.218] has quit [Quit: Leaving]
20:27 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 250 seconds]
20:33 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:46 -!- korrosive [~korrosive@50.151.181.21] has joined #openvpn
21:19 < korrosive> !configs server: pastebin.com/BGkuQU7N client: pastebin.com/skc1N91v
21:20 < korrosive> !goal get SMB working, pref using 192.168.1.0 subnet
21:21 < korrosive> I can use remote deskop by connecting to 10.8.0.1, but not 192.168.1.100. SMB doesn't work at all.
21:23 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Ping timeout: 256 seconds]
21:24 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has joined #openvpn
21:24 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has quit [Excess Flood]
21:30 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has joined #openvpn
21:30 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has joined #openvpn
21:30 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has quit [Excess Flood]
21:31 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has joined #openvpn
21:31 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has quit [Excess Flood]
21:39 < subzero79> korrosive, never runned a windows openvpn server, but my first guest would try to check if forwarding is enabled in the desktop
21:39 < subzero79> or windows machine
21:40 < korrosive> forwarding in the server config?
21:41 -!- |digits| [~digits@185.21.217.27] has joined #openvpn
21:42 < korrosive> I've tried it with the Windows Firewall disabled.
21:45 -!- |digits| [~digits@185.21.217.27] has quit [Ping timeout: 252 seconds]
21:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
21:50 < korrosive> Ok. I've enabled IP routing, testing now
21:53 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has joined #openvpn
21:53 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has quit [Excess Flood]
21:55 < korrosive> OK I can now connect to remote desktop @ 192.168.1.100
21:56 < korrosive> still no SMB
22:11 -!- Intensity [u4ETvVRtRD@unaffiliated/intensity] has quit [Ping timeout: 244 seconds]
22:13 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
22:18 -!- Intensity [5zfqnOM1sh@unaffiliated/intensity] has joined #openvpn
22:28 -!- korrosive [~korrosive@50.151.181.21] has quit []
22:37 < jmacdonald> Well HOT DAMN.
22:37 < jmacdonald> I can now use iptables.
22:37 < jmacdonald> hell yes
22:43 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
22:44 -!- jmacdonald [~jmacdonal@li127-104.members.linode.com] has quit [Remote host closed the connection]
22:45 -!- b0br [~b0br@unaffiliated/b0br] has quit []
22:46 -!- akamaru217 [~akamaru@2601:cd:4001:b705:fc2f:eaf3:befe:2dbd] has quit [Read error: Connection reset by peer]
22:47 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b876:305b:3c5e:f25a] has joined #openvpn
23:11 -!- Gman32 [~Gman32@188.166.94.196] has joined #openvpn
23:22 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:22 -!- Gman32 [~Gman32@188.166.94.196] has quit [Quit: Headin out...]
23:29 < NetworkingPro> hey everyone
23:29 < NetworkingPro> anyone know, can you delete a route on a remote host via the server config?
23:29 < NetworkingPro> i know you cna push them
23:29 < NetworkingPro> but can you delete them?
23:30 < NetworkingPro> I also think setting ipv6 behavior from "advertise route" to dhcp will fix it
23:30 < NetworkingPro> the igmp
23:30 < NetworkingPro> shit wrong wondow
23:30 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
23:36 -!- Gman32 [~Gman32@188.166.94.196] has joined #openvpn
23:41 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
23:43 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 244 seconds]
23:45 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
23:46 -!- johnny56_ is now known as johnny56
23:51 -!- ShadniX [dagger@p579416E1.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:52 -!- ShadniX [dagger@p5481DC77.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Tue Sep 01 2015
00:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:01 -!- mode/#openvpn [+o mattock1] by ChanServ
00:03 -!- Gman32 [~Gman32@188.166.94.196] has quit [Quit: Headin out...]
00:27 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:41 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
01:02 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
01:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:10 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
01:10 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
01:15 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
01:17 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Client Quit]
01:17 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
01:27 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit []
01:39 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
01:43 -!- TikityTik [~TikityTik@162.223.44.49] has joined #openvpn
01:43 -!- TikityTik [~TikityTik@162.223.44.49] has left #openvpn []
01:55 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
02:24 -!- chantra [~chantra@unaffiliated/chantra] has quit [Quit: ZNC - http://znc.in]
02:42 -!- hojgaard [~hojgaard@78.156.117.236] has joined #openvpn
02:49 -!- sysrex [~sysrex@cloud.sysrex.com] has quit [Remote host closed the connection]
02:52 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:16 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
03:23 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:29 -!- dazo_afk is now known as dazo
03:43 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has quit [Quit: Bye bye]
03:44 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
03:53 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:32 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 265 seconds]
04:34 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
04:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:54 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: RAGE QUIT, I GIVE UP AT COMPILING OPENWRT. brb later]
05:13 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
05:17 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has joined #openvpn
06:56 -!- wdn [~wdn@200.175.156.55] has joined #openvpn
06:59 < Schrottfresse> hey everybody
06:59 < Schrottfresse> im trying to build openvpn with mingw for windows
07:00 < Schrottfresse> but it keeps on failing building lzo because it does not find -lrt for lzotest
07:00 < Schrottfresse> any ideas?
07:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
07:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
07:28 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:32 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
07:34 < bruxC> Hi. I am connected to my OpenVPN server that is located at home. I'm currently at work and did a dns leak test. It shows the  DNS settings from my work's ISP. If this is a DNS leak and if so which DNS ips should I be seeing? My own ISP Dns?
07:43 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:45 -!- wdn [~wdn@200.175.156.55] has quit [Read error: Connection reset by peer]
07:46 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
07:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
07:54 -!- dump_01 [~dump_01@5.8.38.8] has joined #openvpn
07:56 -!- dump_01 [~dump_01@5.8.38.8] has quit [Remote host closed the connection]
07:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:57 -!- dump_01 [05082681@gateway/web/freenode/ip.5.8.38.129] has joined #openvpn
07:57 -!- jmacdonald [~jmacdonal@li127-104.members.linode.com] has joined #openvpn
07:58 < jmacdonald> hi.
07:58 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 255 seconds]
07:58 <@dazo> bruxC: normally people set up split-dns ... dnsmasq or bind running locally on the VPN client and all resolving goes through that DNS server.  The DNS server is then configured to forward the query to the appropriate backend DNS server
08:00 <@dazo> NetworkingPro: no, you can't remove routes ... you can however add additional routes using the net_gateway macro in the route statements ... that should at least add a local route going via the local gateway instead of the VPN
08:01 < dump_01> Hi! I have a situation: everything works just fine, server and some clients. But one of the client becomes untrusted, revocation will not help, cuz hi have all other client certs. What to do to stop one untrusted client from accessing my server? Is there a way to add something to server and trusted clients config, so untrusted client can't auth to my server?
08:03 < bruxC> dazo, i"m assuming there are guides to help assist me with split-dns setups?
08:03 < dump_01> may be some security settings, with no autonegotiation
08:03 < dump_01> or some magic number
08:03 <@dazo> bruxC: strictly speaking not openvpn related ... but maybe !splitdns helps?
08:03 <@dazo> !splitdns
08:03 <@vpnHelper> "splitdns" is (#1) see http://www.thekelleys.org.uk/dnsmasq/doc.html for dnsmasq, which will let you do split-dns setups or (#2) "dnsmasq" is http://rob0.nodns4.us/dnsmasq.html for a writeup on how to handle DNS for lans shared with !route
08:04 <@dazo> dump_01: so you basically want to revoke access from a client?
08:05 < dump_01> dazo: yeah, but revoke-full is not a solution, untrusted client have all other clients certs, so hi can use valid one
08:05 < jmacdonald> if i want all of my VPN clients to be able to access a network on 10.33.134.0/24, do i just put push "route 10.33.134.0 255.255.255.0" in either server.conf or a specific users ccd file?
08:06 <@dazo> dump_01: you are using shared certificates?
08:06 <@dazo> dump_01: sounds like you're in deep shit and need to setup your CA from scratch if this untrusted client have access to more VPN client certificates
08:06 < dump_01> dazo: nop, one client - one cert, but untrusted clent have all certs fron all clients
08:08 <@dazo> dump_01: the idea behind certificates is to provide an identity of the client ... so if this untrusted client have more valid client certs ... you can't trust any of these certificates at all
08:08 < dump_01> dazo: yeah, but i think i can put somehing in server and trusted clents config, so untrusted can't use any cert with thise magic settings
08:08 <@dazo> you need to revoke all these certficiates
08:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:08 < jmacdonald> answer: yes to my own question.
08:08 <@dazo> there are no other options
08:08 < Thermi> Do the untrusted clients also have any private key to any certificate?
08:09 <@dazo> oh, good point, Thermi!
08:09  * dazo took that for granted
08:09 < dump_01> dazo: i mean, for example, some password. server and trusted user will know it, but untrusted will not
08:09 < Thermi> dump_01: Please answer my last question.
08:10 <@dazo> dump_01: ehmm .... that doesn't parse ... answer Thermi's question first
08:10 < dump_01> Thermi: yep
08:10 -!- jmacdonald [~jmacdonal@li127-104.members.linode.com] has left #openvpn []
08:10 < Thermi> dump_01: You must revoke all certificates.
08:10 <@dazo> okay, these certificates and keys needs to be replaced ... no other option
08:10 <@dazo> revoke all of them
08:10 < Thermi> dump_01: Generate new private keys and issue new certificates.
08:11 < bruxC> so as it stands and how i"m currently configured. Is my setup even doing anything of benefit for me?
08:11 <@dazo> bruxC: depends on your !goal
08:11 < dump_01> thanks ppl, so deep sheeeeeiiiit
08:11 <@dazo> yes
08:12 < Thermi> dump_01: You made the mess yourself.
08:12 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:12 < bruxC> I guess my goal is to secure my traffic when on LAN and on external access points.
08:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
08:14 <@dazo> bruxC: all your Internet traffic, or just some (like to your local network behind your VPN server)?
08:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:16 < bruxC> good q
08:16 < bruxC> all of internet traffic, and local can be as well however not to the extent that it's completely isolated from other lan devices.
08:20 < NetworkingPro> gm dazo
08:20 < NetworkingPro> how are ya?
08:20 -!- dump_01 [05082681@gateway/web/freenode/ip.5.8.38.129] has left #openvpn []
08:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 268 seconds]
08:30 -!- dump_01 [05082681@gateway/web/freenode/ip.5.8.38.129] has joined #openvpn
08:31 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:32 < dump_01> dazo: what if i will use auth-user-pass-verify on server, and auth-user-pass on trusted clients, Untrusted one will not know about it!
08:32 < dump_01> Thermi:
08:32 < Thermi> Stop trying to be inventive.
08:36 -!- hennos [~midas8@167.160.44.218] has joined #openvpn
08:36 -!- dump_01 [05082681@gateway/web/freenode/ip.5.8.38.129] has left #openvpn []
08:37 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
08:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:00 < bruxC> TTL expired in transit. did a tracert on an lan ip and it appears that the packets bounce back and forth between 2 WAN ips indefinitely. this definitely doesn't seem to be openvpn related however could someone perhaps shed light on where I should direct my troubleshooting?
09:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
09:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:31 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
09:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
09:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:48 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
10:01 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:02 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:22 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:37 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
10:55 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
10:56 < Eugene> You shouldn' have LAN traffic being directed out onto the internet
10:56 < Eugene> There's a route missing someplace
11:20 -!- r00t^2 is now known as NSA
11:20 -!- NSA is now known as Guest56982
11:21 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
11:21 -!- Guest56982 [~bts@g.rainwreck.com] has left #openvpn []
11:22 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
11:48 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn
11:52 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 246 seconds]
11:53 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:56 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn
12:04 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has joined #openvpn
12:06 -!- jrgcombr__ [~jrgcombr@186.203.220.154] has joined #openvpn
12:08 -!- jrgcombr [~jrgcombr@189.40.62.114] has quit [Ping timeout: 264 seconds]
12:09 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has quit [Ping timeout: 250 seconds]
12:13 -!- linux_dr [403c9c2e@gateway/web/freenode/ip.64.60.156.46] has joined #openvpn
12:15 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
12:15 < linux_dr> Is anyone here using openvpn with the TunTap open source kernel extension for Mac OS X? The documentation indicates that they work together, but I haven't found any docs on setting them up that way.
12:15 -!- jrgcombr_ [~jrgcombr@177.148.163.35] has joined #openvpn
12:16 < linux_dr> (http://tuntaposx.sourceforge.net/)
12:16 <@vpnHelper> Title: TunTap - Home (at tuntaposx.sourceforge.net)
12:17 <@dazo> linux_dr: why not use Tunnelblick?
12:18 < linux_dr> @dazo: I tried it, and was having some difficulty getting it working... also not really liking the interface as I prefer to have all my network devices show up in the Network Control Panel pane. :-/
12:18 -!- jrgcombr__ [~jrgcombr@186.203.220.154] has quit [Ping timeout: 255 seconds]
12:19 < linux_dr> @dazo: I'm happy to give Tunnelblick another shot, though...
12:19 <@dazo> linux_dr: fair enough ... just that you might look at what tunnelblick does ... as I believe it uses a fairly good native osx tun/tap driver
12:21 < linux_dr> @dazo: I was under the (apparently mistaken) belief that there was an out-of-the-box TunTap based solution...
12:21 -!- jrgcombr__ [~jrgcombr@177.139.245.237] has joined #openvpn
12:23 <@dazo> linux_dr: I honestly wouldn't really know ... I'm more a pure Linux guy, and know most OSX users here have been quite happy with tunnelblick mostly ... others kick of either the openvpn from tunnelblick or self-compiled openvpn manually in a terminal window
12:24 < linux_dr> @dazo: tunnelblick is giving me "This computer's apparent public IP address was not different after connecting to config. It is still ##.##.##.##.\n\nThis may mean that your VPN is not configured correctly.", and being new to setting up VPNs, I'm not sure where to go from there. :-/
12:24 <@dazo> tunnelblick support forums?
12:24 -!- jrgcombr_ [~jrgcombr@177.148.163.35] has quit [Ping timeout: 250 seconds]
12:25 < linux_dr> @dazo: to you this looks like a tunnelblick (rather than a openvpn) issue?
12:25 <@dazo> linux_dr: yes, it does
12:26 < linux_dr> Ok... like I said... I'm a bit new to VPN setup...:-/
12:26 -!- jrgcombr__ [~jrgcombr@177.139.245.237] has quit [Ping timeout: 250 seconds]
12:26 <@dazo> linux_dr: I've poked quite a bit at the openvpn code, and I don't recall ever haven seen any error/warning message like that before in the openvpn code
12:27 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 246 seconds]
12:29 -!- jrgcombr [~jrgcombr@177.148.130.238] has joined #openvpn
12:29 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
12:30 < linux_dr> @dazo: Yes... it looks like a condition Tunnelblick is detecting, but perhaps one that is common enough with openvpn that tunnelblick tests for it...
12:31 <@dazo> linux_dr: I believe tunnelblick tries to help users avoiding shooting themselves in the foot sometimes ... so might be that logic kicking in
12:39 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has joined #openvpn
12:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
12:43 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:43 -!- mode/#openvpn [+o mattock1] by ChanServ
12:50 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
12:51 -!- dazo is now known as dazo_afk
12:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:59 < Raku_> I'm having a problem with my vpn, I had a working config working on a server running Debian wheezy, I got a new server and its running jesse, I moved the config filles over and I'm unable to use it. I can connect to it and access local services on the machine(ssh, sftp, etc) but no resources on the LAN, or anything else on the internet.
13:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:27 < Gaffel> You need to set up the firewall rules too.
13:28 < Gaffel> If you have INPUT at DROP as default then you need to make exceptions for it.
13:28 < Gaffel> Same goes with FORWARD. If you have DROP by default then you need to set up forwarding rules for it.
13:28 < Gaffel> Also, if you use TUN and LAN and VPN are on different subnets then you need to add firewall rules that enable forwarding properly.
13:29 < Gaffel> Raku_
13:31 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has joined #openvpn
13:31 -!- |digits| [~digits@2a04:1980:3100:1aab:290:faff:fe70:a490] has quit [Client Quit]
13:36 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
14:06 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
14:06 < Raku_> I think I have the firewall rules set, you may have to go through them with me if that's not a problem
14:09 < Gaffel> Sure
14:13 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection reset by peer]
14:13 < Raku_> I have my iptables set up with this http://paste2.org/eBmhWCef
14:14 < Raku_> I have an iptables.rules file in /etc that I have set to load on boot, I've had this issue before actually on the other server but I can't for the life of me remember how I fixed it
14:17 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 246 seconds]
14:17 -!- jrgcombr [~jrgcombr@177.148.130.238] has quit [Read error: Connection reset by peer]
14:18 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
14:18 < Gaffel> Raku_: Is the machine acting as your router too?
14:21 < Raku_> No
14:21 < Gaffel> Okay
14:21 < Gaffel> Have you turned on IP forwarding?
14:21 < Raku_> Hmm
14:21 < Raku_> Probably not
14:21 < Gaffel> echo 1 > /proc/sys/net/ipv4/ip_forward
14:21 < Gaffel> Try that and see if it helps.
14:22 < Gaffel> Also, you can use -i tun+ instead of -s 10.9.8.0 if you want.
14:22 < Gaffel> Unless you have restrictions for certain users.
14:23 < Gaffel> I use -i or -o tun+ so it applies to all TUN, in case there's tun1 on day. =)
14:29 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
14:34 -!- Netsplit *.net <-> *.split quits: joako, james41382, @dazo_afk, fugyk, cyberspace-, @vpnHelper, ghormoon, afics, phreakocious, samopotamus,  (+14 more, use /NETSPLIT to show all of them)
14:35 -!- Netsplit over, joins: @dazo_afk, mumixam, samopotamus
14:35 -!- Netsplit over, joins: @vpnHelper, Raku_, joako, phantomcircuit, supergauntlet, ntio, james41382, pythonsnake, doop, fugyk (+6 more)
14:35 -!- Netsplit over, joins: cyberspace-
14:35 -!- ghormoon [~ghormoon@ghorland.net] has quit [Max SendQ exceeded]
14:35 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Max SendQ exceeded]
14:36 -!- Netsplit over, joins: Haxxa, Eneerge
14:36 -!- Netsplit over, joins: kossy
14:36 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Max SendQ exceeded]
14:37 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
14:37 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
14:38 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
14:39 < Raku_> Gaffel: I missed anything you said after I asked if I should reboot openvpn
14:39 < Gaffel> I haven't written anything during the split.
14:39 < Raku_> Ah, OK, just doubelchecking
14:39 < Gaffel> You don't need to reboot when you change that variable.
14:39 < Gaffel> If you change VPN settings then just stop and start it again.
14:40 < Raku_> Ya I did service openvpn restart
14:40 < Gaffel> No need for reboots if you have full control over the openvpn service.
14:40 < Gaffel> Firewall rules can be changed at any times.
14:40 < Gaffel> Firewall rules are blank at boot, they can be changed at any time.
14:40 < Gaffel> That prov variable can be switched on and off at any time too.
14:40 < Raku_> I'm going to double check that the iptables rules actually set
14:47 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
14:48 -!- Netsplit *.net <-> *.split quits: joako, james41382, fugyk, @vpnHelper, phreakocious, afics, SJr, doop, liriel, zimboboyd,  (+4 more, use /NETSPLIT to show all of them)
14:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
14:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
14:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:53 -!- Netsplit over, joins: @vpnHelper, Raku_, joako, phantomcircuit, supergauntlet, ntio, james41382, doop, fugyk, afics (+4 more)
15:00 < Raku_> Gaffel: I got it fixed
15:00 < Gaffel> :)
15:01 < Raku_> The iptables didn't actually restore
15:01 < Gaffel> oh
15:01 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has left #openvpn []
15:01 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:01 < Raku_> I had it as a preup for wlan0 to restore it, and I must've typed something wrong, I'm not sure
15:02 < Gaffel> :)
15:03 < bruxC> laptop connected via openvpn client to a pfsense openvpn server located at home. it's able to connect however when i try to ping the vpn's gateway it comes back with TTL expired. doing a tracert it appears that it loops indefinitely. how do I go about troubleshooting this? http://pastebin.com/GNJLQUwp
15:06 -!- Raku_ [~raku@user-105n21p.cable.mindspring.com] has left #openvpn ["Run it as root"]
15:07 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:07 -!- mode/#openvpn [+o mattock1] by ChanServ
15:08 < Gaffel> bruxC: Does everything else work?
15:09 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
15:11 < bruxC> Gaffel, I'm able to get connected to the internet. I'm trying to figure out how to prevent this "DNS" leak as I am seeing my company's ISP DNS IP addresses and not my VPN's (pfsense located at home).
15:11 < bruxC> Any ways, short answer yes. Everything else seems to work.
15:11 < Gaffel> Are you push DNS?
15:11 < Gaffel> pushing
15:12 < bruxC> To be honest, I'm not sure. I'm new to this sort of networking. I'm guessing no.
15:12 < Gaffel> It's in the OpenVPN server config.
15:12 < Gaffel> You need to push DNS.
15:13 < Gaffel> Otherwise, the default is used.
15:15 < bruxC> I see, I'll have to read up on how to check the server config in pfsense as that was how I configured openvpn.
15:15 < bruxC> Thanks.
15:16 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
15:21 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
15:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
15:29 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
15:36 -!- novaflash is now known as novaflash_away
15:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:57 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:57 -!- Elion [~Elion@unaffiliated/elion] has joined #openvpn
15:58 < Elion> Hi, i need to setup a basic ptp vpn tunnel with high encryption, do i need to setup the whole PKI thing or is there an easier way ?
16:00 < Gaffel> PTP VPN tunnel?
16:00 < Gaffel> Do you mean PPTP?
16:01 < Gaffel> Like, a Windows compatible VPN tunnel?
16:01 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:02 < Elion> between 2 debian host
16:02 < Gaffel> oh!
16:02 < Gaffel> Use TLS and with AES
16:02 < Elion> can u give me a link to a tuto or something to help me with the setup ?
16:04 < Gaffel> In the server conf, you need this: mode server
16:04 < Gaffel> proto udp
16:04 < Gaffel> dev tun
16:04 < Gaffel> Then you need to make the certs like specified in the example conf
16:05 < Gaffel> You can change the size of dhparam for higher security, make the encrypten harder to crack. I set mine to 4096.
16:05 < Gaffel> How to do that is specified in the conf
16:06 < Gaffel> Then you need this in the conf: topology subnet
16:06 < Gaffel> You need to push the routes of the subnet at the VPN server: push "route 192.168.0.0 255.255.255.0"
16:06 < Gaffel> That's what I do.
16:07 < Elion> Gaffel: ok, i'll start with that, i have to say that i don't need forwarding at all
16:07 < Gaffel> If you want to tunnel all the traffic: push "redirect-gateway def1 bypass-dhcp"
16:07 < Gaffel> Otherwise, leaven commented.
16:07 -!- HardWall [~HardWall@188.24.62.33] has joined #openvpn
16:08 < Gaffel> Enable tls-auth in the config
16:08 < Gaffel> And add these:
16:08 < Gaffel> tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
16:08 < Gaffel> auth SHA256
16:14 < Gaffel> That will enable good TLS.
16:14 < Gaffel> The client conf is a bit easier. Just copy those tls-cipher and auth directives to the client as well.
16:14 < Gaffel> Other than that, just step through the confs and see what you need.
16:16 < Gaffel> Look at all the options and read the comments.
16:18 < Elion> Gaffel: thanks a lot :)
16:21 < Elion> Gaffel: sorry to ask that but where can i find the default conf, i have nothing in etc/openvpn or /usr/share either
16:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
16:25 < Elion> Gaffel: nevermind i found it :)
16:25 < Gaffel> :)
16:26 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:29 < Elion> Gaffel: since i have two point should i put ifconfig line twice ?
16:30 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
16:30 < Gaffel> Two point?
16:36 < Elion> i'll have two host connected to this server
16:36 < Gaffel> Doesn't matter
16:52 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
16:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
17:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:15 -!- toli [~toli@ip-62-235-214-20.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:19 -!- toli [~toli@ip-62-235-214-20.dsl.scarlet.be] has joined #openvpn
17:20 -!- HardWall [~HardWall@188.24.62.33] has quit [Read error: Connection reset by peer]
17:28 -!- toli [~toli@ip-62-235-214-20.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:29 -!- toli [~toli@ip-62-235-239-43.dsl.scarlet.be] has joined #openvpn
18:03 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
18:04 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 246 seconds]
18:07 -!- mete [~mete@91.247.253.160] has joined #openvpn
18:15 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 260 seconds]
18:20 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
18:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:28 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:36 -!- hennos [~midas8@167.160.44.218] has quit [Quit: Leaving]
19:14 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
19:16 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:36 < blackjack> Hello Guys,
19:36 < blackjack> Is there a way to exempt a certain application if i am using a client openVPN?
19:36 < blackjack> for example, i want my xchat to connect directly and wont go thru the openVPN network, is that possible?
19:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
19:59 -!- blackjack [~BJ@unaffiliated/blackjack] has quit [Ping timeout: 244 seconds]
20:19 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 256 seconds]
20:22 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
20:28 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
20:54 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
20:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
20:57 -!- linux_dr [403c9c2e@gateway/web/freenode/ip.64.60.156.46] has quit [Ping timeout: 246 seconds]
21:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:06 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
21:47 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:58 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:05 -!- abbe_ [having@badti.me] has joined #openvpn
22:05 -!- abbe [having@badti.me] has quit [Read error: Connection reset by peer]
22:08 -!- abbe_ is now known as abbe
22:10 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:12 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 255 seconds]
22:41 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:41 -!- fling_ [~fling@fsf/member/fling] has joined #openvpn
22:43 -!- fling_ is now known as fling
22:45 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Remote host closed the connection]
22:48 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
23:09 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
23:44 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
23:44 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:52 -!- ShadniX [dagger@p5481DC77.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:53 -!- ShadniX [dagger@p5DDFE4C8.dip0.t-ipconnect.de] has joined #openvpn
23:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Wed Sep 02 2015
00:12 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:12 -!- mode/#openvpn [+o mattock1] by ChanServ
00:16 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
00:32 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
00:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
01:01 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
01:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:22 < Haxxa> Does openvpn need updating very often for a server?
01:22 < Haxxa> Currently consifured so that it needs manual updates rather than auto - bad idea?
01:29 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:35 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
01:49 < subzero79> Haxxa, if you're in debian barely see updates for openvpn
01:50 < Haxxa> subzero79, Well its docker running on debian
01:50 < subzero79> i haven't seen one actually in since i updated from squeeze to wheezy
01:51 < subzero79> openvpn server running in a docker?
01:51 < subzero79> then you should have the latest one i guess
01:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
02:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
02:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:05 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection reset by peer]
02:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
02:17 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 255 seconds]
02:18 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
02:19 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:26 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
02:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:33 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
02:34 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Remote host closed the connection]
02:45 -!- deed02392 [~deed02392@unaffiliated/deed02392] has quit [Ping timeout: 256 seconds]
02:47 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 252 seconds]
02:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
02:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:59 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has joined #openvpn
02:59 -!- blackjack [~BJ@unaffiliated/blackjack] has joined #openvpn
03:02 -!- Haxxa [~Harrison@CPE-124-189-140-77.cyzn1.lon.bigpond.net.au] has quit [Client Quit]
03:06 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
03:16 -!- akamaru217 [~akamaru@2601:cd:4001:b705:b876:305b:3c5e:f25a] has quit [Ping timeout: 250 seconds]
03:16 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:22 -!- shiriru [~shiriru@95.43.212.84] has joined #openvpn
03:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:36 -!- shiriru [~shiriru@95.43.212.84] has quit [Quit: Leaving]
04:05 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
04:14 < Neighbour> what's wrong when the openvpn server does not add "route"-commands to the kernel's routing table (even though the log contains lines like "Sep  2 09:08:11 openvpn-server openvpn[19278]:   route 10.20.0.0/255.255.0.0/nil/nil")?
04:23 -!- dazo_afk is now known as dazo
04:30 < Neighbour> or when the openvpn-client does not route packets for pushed routes to it's tun0 interface
04:43 < Neighbour> client version: 2.3.2-7ubuntu3.1, client config: http://pastebin.com/pn3bbMA0, client iptables: empty:accept-all, server version: 2.2.1-8+deb7u3, server config: http://pastebin.com/EN551NT9
04:44 < Neighbour> !goal client-lan (10.20/16) to 3rdparty lan (10.142/16) on server network (10.10.0/16) routing working
04:44 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
04:45 < Neighbour> server iptables MASQs everything outgoing on LAN interface, SNATs everything to tun0-ip from non-10.10/16 network outgoing on tun interface
04:45 < Neighbour> !problem openvpn-client machine does not route client-lan-to-3rd-party-lan into tunnel, even though kernel routing table says so
04:46 < Neighbour> any help would be appreciated
04:46 < Neighbour> (ping from openvpn-client machine to 3rdparty lan works fine)
04:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
05:03 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
05:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:35 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 268 seconds]
05:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
05:41 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
05:42 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:52 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ujrzqopbjglhitkw] has quit [Quit: Connection closed for inactivity]
05:58 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
06:02 -!- wdn [~wdn@200.175.156.55] has joined #openvpn
06:30 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
06:33 < Neighbour> found it: echo 1 > /proc/sys/net/ipv4/ip_forward
06:33 < Neighbour> (doh)
06:48 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zjdrwzdhpghtdysa] has joined #openvpn
06:49 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
06:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:28 -!- gardar [~gardar@bnc.giraffi.net] has quit [Ping timeout: 250 seconds]
07:35 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
08:27 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:27 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
08:27 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
08:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:44 -!- mode/#openvpn [+o mattock1] by ChanServ
08:48 <@dazo> Neighbour: remember to update /etc/sysctl.conf so that change is persistent across boots ... modifying settings via /proc will be reset upon next boot
08:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
09:00 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
09:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:15 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:16 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 240 seconds]
09:22 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zjdrwzdhpghtdysa] has quit [Quit: Connection closed for inactivity]
09:27 < Neighbour> dazo: thanks :)
09:52 -!- nbuonanno [~nbuonanno@cpe-67-248-56-210.nycap.res.rr.com] has joined #openvpn
09:52 -!- mystica555_ [~mystica55@97-118-174-238.hlrn.qwest.net] has joined #openvpn
10:13 -!- wdn [~wdn@200.175.156.55] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:14 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
10:19 -!- bdmc [~bdmc@68.153.43.211] has joined #openvpn
10:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
10:46 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:50 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
10:51 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 246 seconds]
10:56 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
11:01 -!- bdmc_ [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
11:11 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
11:11 -!- JackWinter1 [~jack@vodsl-10287.vo.lu] has joined #openvpn
11:16 -!- illu_ [~illu@179.43.176.226] has joined #openvpn
11:18 < illu_> I recently got a VPN from PIA, and setup OpenVPN, but I need a couple ports open for SoulSeek. How would I do that? I'm on Arch Linux using OpenVPN 2.3.6
11:19 < illu_> I'm also not using OpenVPN on a router, strictly on this computer.
11:24 < JackWinter1> is there any advantage to changing mtu size when using a tun device over udp, or even playing with udp fragment size?
11:26 -!- n-st [~n-st@unaffiliated/n-st] has quit [Quit: ZNC - http://znc.in]
11:36 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has joined #openvpn
11:52 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-qpoilerotjchdwbu] has joined #openvpn
12:04 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
12:48 -!- JackWinter1 [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
12:49 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
12:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
12:56 -!- illu_ [~illu@179.43.176.226] has quit [Quit: leaving]
13:02 -!- HardWall [~HardWall@188.24.106.49] has joined #openvpn
13:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:32 -!- keep1 [keep1@gateway/shell/bnc4free/x-ilstchglngfhrimy] has joined #openvpn
13:47 -!- HardWall [~HardWall@188.24.106.49] has quit [Ping timeout: 244 seconds]
14:11 -!- dietfig [~Tervicz@69.145.204.90] has joined #openvpn
14:12 < dietfig> I have a question about changing the default gateway openvpn is pushing on debian 8, currently openvpn is pushing the IP of my openvpn server as the default gateway, where I want it to push the IP of my router as the default gateway
14:12 < dietfig> I've tried adding the option "push default-gateway 10.0.0.1" to my openvpn.conf but it just pushes that option before the second (incorrect) one
14:13 < dietfig> PUSH_REPLY,route-gateway 10.0.0.1,dhcp-option DNS 10.0.0.1,route-gateway 10.0.0.16,ping 10,ping-restart 120,ifconfig 10.0.0.240 255.255.255.0' (status=1)
14:13 < dietfig> 10.0.0.16 is my server, 10.0.0.1 is the router
14:18 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
14:22 -!- Eagleman [~Eagleman@84.107.200.6] has joined #openvpn
14:23 <@ecrist> dietfig: you're going to have problems doing that
14:23 <@ecrist> !def1
14:23 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
14:26 -!- dietfig [~Tervicz@69.145.204.90] has quit [Read error: Connection reset by peer]
14:27 -!- dietfig [~Tervicz@69.145.204.90.static.bresnan.net] has joined #openvpn
14:27 < dietfig> bleh, trying to troubleshoot this from the client computer will be difficult :P
14:27 < dietfig> not sure if my last messages went through so apologies if I spam twice
14:27 < dietfig> dietfig> that didn't seem to make a difference the previous time I tried it, just tried it and no dice, the client's default gw is still set to 10.0.0.16
14:27 < dietfig> <dietfig> in the logs...PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.0.0.1,route-gateway 10.0.0.16,ping 10,ping-restart 120,ifconfig 10.0.0.240 255.255.255.0' (status=1)
14:27 < dietfig> <dietfig> running "route add default gw 10.0.0.1 dev tap0" gets things working the way I want, btw
14:30 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 260 seconds]
14:36 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:37 -!- Pap00se [~badboykas@188.165.89.32] has joined #openvpn
14:38 < Pap00se> hey how can I make it so once open vpn disconnects it doesn't allow other connections through my normal internet server
14:38 < Pap00se> I mean internet connection
14:38 < Pap00se> so my ip is always hidden
14:40 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
14:41 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
14:44 -!- hennos [~midas8@167.160.44.218] has joined #openvpn
14:51 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
14:56 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:57 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
14:58 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
14:59 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
15:08 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
15:09 -!- JackWinter2 [~jack@vodsl-10287.vo.lu] has joined #openvpn
15:12 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Ping timeout: 265 seconds]
15:13 -!- Eagleman [~Eagleman@84.107.200.6] has quit [Ping timeout: 272 seconds]
15:15 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
15:16 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
15:17 -!- Pap00se [~badboykas@188.165.89.32] has quit [Ping timeout: 268 seconds]
15:22 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
15:23 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Remote host closed the connection]
15:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
15:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:27 -!- dietfig [~Tervicz@69.145.204.90.static.bresnan.net] has quit [Quit: Leaving]
15:28 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
15:35 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
15:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 268 seconds]
15:42 -!- dazo is now known as dazo_afk
15:50 -!- bdmc [~bdmc@68.153.43.211] has quit [Quit: leaving]
15:50 -!- bdmc_ is now known as bdmc
16:05 -!- nullsign is now known as OS-17344
16:06 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:06 < moviuro> Hi all! I ran service openvpn reload on my server and my openbsd core dumped :(
16:06 < moviuro> no idea why though
16:07 < moviuro> And I really don't have much info to provide as I don't store coredumps :/
16:07 -!- APTX [~APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer]
16:15 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
16:20 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
16:28 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
16:29 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:32 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
16:35 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
16:39 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:50 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Ping timeout: 264 seconds]
16:50 < ki7rw> fixed one openvpn problem and discovered another. even though my firewall on the router has been disabled, i still can't get out to the internet. i've spent a few hours trying to figure it out - found out that i need a more comfortable chair in the process. anyway, with the router firewall disabled, shouldn't i have un-restricted access to the internet? https://www.dd-wrt.com/phpBB2/viewtopic.php?p=982000#982000
16:56 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
16:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
17:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:05 < Gaffel> ki7rw: You need to forwarding rules for that to work.
17:06 < Gaffel> If the VPN server adopts clients into a different subnet than the main local network then it won't work unless you introduce forwarding rules.
17:07 < Gaffel> Is it bridged TAP?
17:12 < ki7rw> Gaffel, even with the firewall disabled?
17:13 < ki7rw> TUN
17:13 < Gaffel> Okay, TUN
17:13 < Gaffel> You must have forwarding rules.
17:14 < Gaffel> Allow forwarding from interface tun+ to the LAN.
17:15  * ki7rw sure hopes he remembers all this config that he's doing in case of a crash happening
17:15 < ki7rw> this is hard work
17:15 < Gaffel> :P
17:16 < Gaffel> Does DD-WRT have the raw firewall rules or does it have some GUI?
17:16 < ki7rw> GUI
17:16 < Gaffel> ah
17:16 < Gaffel> Go into the forwarding rules and see what's there.
17:16 < ki7rw> i think it can be done on the cli but i'm not sure
17:28 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 264 seconds]
18:19 -!- Denial [~Denial@81.141.6.38] has quit [Ping timeout: 246 seconds]
18:22 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
18:24 -!- Denial [~Denial@host31-54-231-10.range31-54.btcentralplus.com] has joined #openvpn
18:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
18:27 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
18:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:11 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 252 seconds]
19:12 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
19:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
19:15 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:23 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:30 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 255 seconds]
19:55 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
20:00 -!- n-st [~n-st@unaffiliated/n-st] has quit [Quit: ZNC - http://znc.in]
20:03 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
20:06 -!- JackWinter2 [~jack@vodsl-10287.vo.lu] has quit [Ping timeout: 240 seconds]
20:33 -!- n-st [~n-st@unaffiliated/n-st] has quit [Quit: ZNC - http://znc.in]
20:34 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
20:51 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
20:52 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
20:52 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
20:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
21:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:18 -!- hennos [~midas8@167.160.44.218] has quit [Quit: Leaving]
21:59 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
22:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:39 -!- arlen [~arlen@jarvis.arlen.io] has left #openvpn []
22:41 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
22:42 < IronY> Who is the fire starter
22:43 < IronY> iset
22:45 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
22:52 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:50 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-nfjkfrropzdubprs] has joined #openvpn
23:51 -!- ShadniX [dagger@p5DDFE4C8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:51 < mjkr> how is one supposed to tell https/ldap over tls/smtp over tls from openvpn tls traffic?
23:52 -!- ShadniX [dagger@p5481D54A.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Thu Sep 03 2015
00:00 -!- vif [vif@gateway/shell/layerbnc/x-zfhontvkpgqfixyy] has joined #openvpn
00:00 < vif> Access-Server?
00:23 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
00:24 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-nfjkfrropzdubprs] has quit [Quit: WeeChat 1.2]
00:24 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
00:33 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
00:39 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
00:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:48 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
00:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:56 -!- mode/#openvpn [+o mattock1] by ChanServ
00:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
01:00 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
01:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:14 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
01:19 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:23 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
01:27 -!- OS-17344 is now known as nullsign
01:36 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 264 seconds]
01:38 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 246 seconds]
01:40 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
01:46 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:56 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:17 -!- Tinyyy [~textual@128.199.100.211] has joined #openvpn
02:20 -!- keep1 [keep1@gateway/shell/bnc4free/x-ilstchglngfhrimy] has quit [Remote host closed the connection]
02:24 -!- Tinyyy [~textual@128.199.100.211] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:27 -!- Tinyyy [~textual@128.199.100.211] has joined #openvpn
02:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
02:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:20 -!- JackWinter2 [~jack@213.143.48.14] has joined #openvpn
03:21 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
03:24 -!- JackWinter [~jack@213.143.48.108] has joined #openvpn
03:25 -!- novaflash_away is now known as novaflash
03:26 -!- JackWinter2 [~jack@213.143.48.14] has quit [Ping timeout: 244 seconds]
03:33 -!- KettleCooked [~KettleCoo@h56n16-mael-a12.ias.bredband.telia.com] has joined #openvpn
03:35 < KettleCooked> Beginner question - running pfsense and a basic openvpn setup. Local network is 192.168.10.0/24, OpenVPN clients get 192.168.102.0/24. VPN clients can access servers on local network. I want to access a VPN client from the local network user but it doesn't work to just go to that IP address for example. Is this even possible without site-to-site VPN? (not sure if I already have site-to-site)
03:37 -!- Tinyyy [~textual@128.199.100.211] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:37 -!- Tinyyy [~textual@210.193.8.210] has joined #openvpn
03:38 < KettleCooked> I'm thinking it shouldn't be too hard, since we also have an IPSec VPN setup where the local network can ping the connecting clients.
03:41 -!- Tinyyy [~textual@210.193.8.210] has quit [Ping timeout: 264 seconds]
03:48 -!- dazo_afk is now known as dazo
03:55 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:07 < subzero79> KettleCooked, have you try tcpdump at vpn client and pfsense to check at what stage the packets don't go further
04:08 < KettleCooked> subzero79, no, not familiar with how to do that. The VPN Client is a windows machine where I don't have tcpdump. But I have full access to pfsense system, and ubuntu systems on the local network, where I can tcpdump from maybe. Would that help?
04:10 -!- TackleMcClean [~KettleCoo@h56n16-mael-a12.ias.bredband.telia.com] has joined #openvpn
04:10 < subzero79> I don't use pfsense, i am looking into building or buying a hw for that. But i've done testing in VM. You can run tcpdump inside pfsense with ssh
04:11 < subzero79> tcpdump just to capure icmp
04:11 < subzero79> tcpdump -nni any -e icmp
04:12 < subzero79> for  windows i think there is windump, though i haven't use it
04:12 -!- Tackle [~KettleCoo@h56n16-mael-a12.ias.bredband.telia.com] has joined #openvpn
04:13 < subzero79> also check the firewall log of pfsense if the packet is being dropped first
04:13 < subzero79> then i guess you need to add a rule
04:14 -!- Denial [~Denial@host31-54-231-10.range31-54.btcentralplus.com] has quit []
04:14 -!- KettleCooked [~KettleCoo@h56n16-mael-a12.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
04:15 -!- Intensity [5zfqnOM1sh@unaffiliated/intensity] has quit [Remote host closed the connection]
04:16 -!- TackleMcClean [~KettleCoo@h56n16-mael-a12.ias.bredband.telia.com] has quit [Ping timeout: 240 seconds]
04:18 -!- Denial [~Denial@host31-54-231-10.range31-54.btcentralplus.com] has joined #openvpn
04:26 -!- Intensity [aGQNc2K6ag@unaffiliated/intensity] has joined #openvpn
04:38 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
04:39 < Schrottfresse> mattock, mattock1: hey, i hope you can help me. i'm trying to cross-compile openvpn on linux with mingw for windows
04:40 < Schrottfresse> but it keeps failing, because lzo isn't building the liblzo2-2.dll
04:40 < Schrottfresse> any ideas?
04:45 -!- JackWinter1 [~jack@213.143.48.100] has joined #openvpn
04:46 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
04:47 -!- JackWinter1 [~jack@213.143.48.100] has quit [Client Quit]
04:48 -!- JackWinter [~jack@213.143.48.108] has quit [Ping timeout: 264 seconds]
04:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:53 -!- JackWinter [~jack@213.143.48.53] has joined #openvpn
04:53 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit []
04:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
05:04 -!- JackWinter1 [~jack@213.143.48.89] has joined #openvpn
05:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:06 -!- JackWinter [~jack@213.143.48.53] has quit [Ping timeout: 240 seconds]
05:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:18 -!- JackWinter1 [~jack@213.143.48.89] has quit [Read error: Connection reset by peer]
05:18 -!- JackWinter1 [~jack@213.143.48.89] has joined #openvpn
05:24 < JackWinter1> hmm, i just started using the openvpn plugin in nm yesterday.  it worked fine when connected over wifi and by default routed everything through the tun interface, today i'm trying exactly the same openvpn connection with a 3g connection and it doesn't work.  I end up with a routing table like this: https://gist.github.com/anonymous/633ce6b634e6b28246f5
05:24 <@vpnHelper> Title: gist:633ce6b634e6b28246f5 · GitHub (at gist.github.com)
05:27 -!- toli [~toli@ip-62-235-239-43.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:30 -!- toli [~toli@62.235.148.85] has joined #openvpn
05:32 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-qpoilerotjchdwbu] has quit [Quit: Connection closed for inactivity]
05:33 < JackWinter1> beh sorry, i really ought to ask this in the nm channel...;)  alternatively is there a client config directive that i can use that will default route all traffic through the vpn?  i know about the server directive, but would prefer to control it on the client side...
05:39 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
05:41 -!- arunpyasi [~arunpyasi@45.123.223.128] has joined #openvpn
05:41 < arunpyasi> Hello Guys !
05:59 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-rfpowyeegypfpkfn] has joined #openvpn
06:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
06:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:21 -!- JackWinter1 [~jack@213.143.48.89] has quit [Read error: Connection reset by peer]
06:21 -!- JackWinter [~jack@213.143.48.89] has joined #openvpn
06:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
06:26 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:38 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
06:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
06:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:45 -!- mode/#openvpn [+o mattock1] by ChanServ
06:50 -!- JackWinter1 [~jack@vodsl-10287.vo.lu] has joined #openvpn
06:51 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
06:53 -!- JackWinter [~jack@213.143.48.89] has quit [Ping timeout: 250 seconds]
06:54 <@dazo> !redirect
06:54 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
06:54 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
06:54 <@dazo> duh ... JackWinter1 is too impatient
06:56 < JackWinter1> dazo: i'm not, i'm playing with the nm connection and bringing the vpn up.  ;)  sorry for the disconnects...
06:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:57 <@dazo> ahh, there you are!  ... !redirect was for you
07:00 -!- slot_berlin [~slot_berl@82.144.32.138] has joined #openvpn
07:01 < JackWinter1> dazo: how do i specify that option as a directive in the client config file?
07:01 <@dazo> !--
07:01 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix is usually omitted when an option is placed in a configuration file.
07:01 < JackWinter1> ah, ok easy enough.  thx
07:02 -!- Tackle [~KettleCoo@h56n16-mael-a12.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
07:02 <@ecrist> !easyrsa
07:02 <@vpnHelper> "easyrsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Source checkouts available from the github project; current official release download is 2.2.2 with 3.x code in git-master. or (#4) Helpful wiki info about easyrsa at: https://community.openvpn.net/openvpn/wiki/EasyRSA
07:04 <@ecrist> !forget easyrsa 3
07:04 <@vpnHelper> Error: You don't have the factoids.forget capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
07:07 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Quit: Ctrl-C at console.]
07:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
07:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
07:13 -!- JackWinter1 [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
07:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
07:14 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
07:14 -!- mode/#openvpn [+o vpnHelper] by ChanServ
07:16 <@ecrist> !forget easyrsa 3
07:16 <@vpnHelper> Joo got it.
07:16 <@ecrist> !learn easyrsa Source checkouts available from the github project.
07:16 <@vpnHelper> (learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
07:17 <@ecrist> !learn easyrsa as Source checkouts available from the github project.
07:17 <@vpnHelper> Joo got it.
07:17 <@ecrist> !learn easyrsa as Current version 3.0.0 released 2015-09-02
07:17 <@vpnHelper> Joo got it.
07:17 <@ecrist> !easyrsa
07:17 <@vpnHelper> "easyrsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Helpful wiki info about easyrsa at: https://community.openvpn.net/openvpn/wiki/EasyRSA or (#4) Source checkouts available from the github project. or (#5) Current version 3.0.0 released 2015-09-02
07:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:19 -!- hennos [~midas8@167.160.44.218] has joined #openvpn
07:29 -!- moviuro_ [~TBE@mail2.xs-polesecurite.fr] has joined #openvpn
07:30 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
07:30 < moviuro_> Hi all! I just installed openvpn on Windows and I had feared it be a major PITA and guess what? It wasn't \o/ completely easy to configure and setup and stuff! And also, it seemed to work :3 AWESOME!
07:32 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
07:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
07:36 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
07:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:37 -!- zirpu [zirpu@2600:3c02::f03c:91ff:fe96:bae7] has joined #openvpn
07:38 < zirpu> !ovpnuke
07:38 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
07:39 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
07:47 -!- slot_berlin [~slot_berl@82.144.32.138] has quit [Remote host closed the connection]
07:56 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
08:00 -!- arunpyasi [~arunpyasi@45.123.223.128] has quit [Ping timeout: 255 seconds]
08:05 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
08:06 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
08:07 < bruxC> need some reassurance that what I am doing is correct. I have created separate pfsense openvpn accounts and created their own user certificates. I can now login w/ my smartphone & laptop to my local resources from home and have since deleted my port forward rules in my firewall for external access. Does this look like a safe best practice setup or am I missing something?
08:08 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:10 < moviuro_> bruxC: the idea of the VPN is indeed to have an address from inside your LAN
08:10 < moviuro_> so as long as your pfsense box can be reached from outside (even if only from port 1194), then you're good to go
08:10 < bruxC> e.g. instead of accesing externalIP:8422 from an external location it should be [vpn enabled] internalIP:8422 from external location?
08:10 < bruxC> Gotcha.
08:10 < bruxC> I feel better now.
08:10 < moviuro_> bruxC: if you pushed the right routes, yes
08:11 < bruxC> I was rocking port forwards for the longest time and people kept scolding me.
08:11 < bruxC> Could you help me understand if I am "pushing hte right routes"?
08:11 < moviuro_> your ovpn client must be told that e.g. 10.10.10.0/24 is behind your ovpn server
08:11 < moviuro_> your pfsense box has, say 2
08:11 < moviuro_> adresses
08:11 < moviuro_> 10.10.10.1/24 and 1.2.3.4
08:12 < moviuro_> all your internal stuff (including server, lightbulb and smartTV) are in 10.10.10.0/24
08:12 < moviuro_> the VPN addresses are, say 10.2.0.0/24
08:13 < moviuro_> your phone/laptop will get 10.2.0.5. Then, 10.10.10.5 (your smartTV) is not in any known subnet
08:13 < moviuro_> thus, there is something (ovpn) that mus t say to your laptop/phone: "you are 10.2.0.5 and, in case you want to reach 10.10.10.0/24, you'll need to ask me!"
08:14 < bruxC> Right, in which case I believe I have the correct routes.
08:15 < bruxC> Now, I'm having issues with DNS leaking and have resorted to manually adding OpenVPN DNS IP's in my primary NIC (not OpenVPN's eNIC) on my laptop and any other devices... How or where should I begin to troubleshoot this?
08:18 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:24 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has quit [Ping timeout: 246 seconds]
08:26 < moviuro_> cat /etc/resolv.conf
08:26 < moviuro_> push dhcp-option "ROUTERS <>" # IIRC, you might want to check
08:28 -!- JackWinter1 [~jack@213.143.48.60] has joined #openvpn
08:29 -!- JackWinter1 [~jack@213.143.48.60] has quit [Client Quit]
08:30 -!- JackWinter1 [~jack@213.143.48.102] has joined #openvpn
08:31 -!- JackWinter1 [~jack@213.143.48.102] has quit [Client Quit]
08:32 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Ping timeout: 260 seconds]
08:33 -!- JackWinter [~jack@213.143.48.89] has joined #openvpn
08:33 -!- bbert [~bbert@unaffiliated/bbert] has joined #openvpn
08:50 -!- Malsasa [~Malsasa@36.84.70.108] has joined #openvpn
09:02 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
09:05 -!- JackWinter1 [~jack@vodsl-10287.vo.lu] has joined #openvpn
09:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
09:07 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:08 -!- JackWinter [~jack@213.143.48.89] has quit [Ping timeout: 272 seconds]
09:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:20 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
09:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
09:34 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has joined #openvpn
09:47 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:48 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
09:51 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:52 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-rfpowyeegypfpkfn] has quit [Quit: Connection closed for inactivity]
09:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:59 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:00 -!- bbert [~bbert@unaffiliated/bbert] has quit [Quit: Leaving]
10:09 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
10:13 -!- s7eele [~AndChat52@108.61.68.158] has joined #openvpn
10:16 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
10:16 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:17 -!- bbert [~bbert@unaffiliated/bbert] has joined #openvpn
10:18 -!- dionysus70 is now known as dionysus69
10:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
10:26 -!- zirpu [zirpu@2600:3c02::f03c:91ff:fe96:bae7] has left #openvpn ["WeeChat 1.2"]
10:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
10:33 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
10:36 -!- s7eele [~AndChat52@108.61.68.158] has quit [Remote host closed the connection]
10:37 -!- nullsign is now known as OS-17344
10:37 -!- matt_ [~matt@ccpc-buzzer.bath.ac.uk] has quit [Quit: bye]
10:39 -!- pa [~pa@unaffiliated/pa] has quit [Remote host closed the connection]
10:51 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
10:52 -!- pa [~pa@unaffiliated/pa] has quit [Max SendQ exceeded]
10:53 -!- OS-17344 is now known as nullsign
10:55 -!- bbert [~bbert@unaffiliated/bbert] has quit [Quit: Leaving]
11:03 -!- mator [~mator@u163.east.ru] has joined #openvpn
11:10 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
11:13 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
11:22 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
11:22 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Client Quit]
11:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:35 -!- Malsasa [~Malsasa@36.84.70.108] has quit [Remote host closed the connection]
11:38 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
11:39 -!- Elion [~Elion@unaffiliated/elion] has left #openvpn []
11:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:41 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
11:46 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
11:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
11:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:51 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
11:57 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
12:11 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
12:37 -!- HardWall [~HardWall@188.24.108.69] has joined #openvpn
12:38 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
12:40 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
12:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
12:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:45 -!- mode/#openvpn [+o mattock1] by ChanServ
12:47 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
13:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:07 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
13:09 -!- nullsign is now known as OS-17344
13:22 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
13:27 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
13:27 -!- mode/#openvpn [+o plaisthos] by ChanServ
13:36 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
13:36 -!- mode/#openvpn [+o pekster] by ChanServ
13:46 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 246 seconds]
13:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
13:53 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
13:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:57 -!- HardWall [~HardWall@188.24.108.69] has quit [Ping timeout: 244 seconds]
14:03 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
14:05 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 240 seconds]
14:08 -!- dazo is now known as dazo_afk
14:22 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
14:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
14:25 -!- HardWall [~HardWall@2a02:2f0e:17b:4500:e90d:9e4:e169:fe3b] has joined #openvpn
14:26 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 272 seconds]
14:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:29 -!- RealityVoid [~HardWall@2a02:2f0e:17b:4500:e90d:9e4:e169:fe3b] has joined #openvpn
14:32 -!- HardWall [~HardWall@2a02:2f0e:17b:4500:e90d:9e4:e169:fe3b] has quit [Ping timeout: 252 seconds]
14:33 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 268 seconds]
14:34 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:36 -!- Eos [~HardWall@2a02:2f0e:17b:4500:bd98:73fc:4ec6:fd2] has joined #openvpn
14:39 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has quit [Ping timeout: 256 seconds]
14:40 -!- RealityVoid [~HardWall@2a02:2f0e:17b:4500:e90d:9e4:e169:fe3b] has quit [Ping timeout: 252 seconds]
14:42 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
14:47 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
14:52 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 272 seconds]
15:07 -!- nbuonanno [~nbuonanno@cpe-67-248-56-210.nycap.res.rr.com] has quit [Ping timeout: 240 seconds]
15:13 -!- Free99 [~Free99@146.111.200.254] has joined #openvpn
15:14 < Free99> !welcome
15:14 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:14 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
15:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:27 -!- Free99 [~Free99@146.111.200.254] has quit [Ping timeout: 250 seconds]
15:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:46 -!- Eos [~HardWall@2a02:2f0e:17b:4500:bd98:73fc:4ec6:fd2] has quit [Ping timeout: 252 seconds]
15:47 -!- moviuro_ [~TBE@mail2.xs-polesecurite.fr] has quit [Ping timeout: 268 seconds]
15:53 -!- HardWall [~HardWall@2a02:2f0e:17b:4500:81a6:ab9e:88c8:aebf] has joined #openvpn
15:54 -!- HardWall [~HardWall@2a02:2f0e:17b:4500:81a6:ab9e:88c8:aebf] has quit [Read error: Connection reset by peer]
16:00 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:31 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
16:46 -!- leo2007 [~leo2007@128.199.230.246] has quit [Ping timeout: 252 seconds]
17:29 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:50 -!- JackWinter1 [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
18:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
18:52 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
18:58 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
18:58 -!- vif [vif@gateway/shell/layerbnc/x-zfhontvkpgqfixyy] has left #openvpn ["Leaving"]
19:12 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 260 seconds]
19:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
19:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:38 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
19:51 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
20:03 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
20:14 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
20:16 -!- pppingme is now known as Cruz4prez
21:22 -!- Acidizer303 [~Worker@193.105.134.156] has joined #openvpn
21:23 -!- hennos [~midas8@167.160.44.218] has quit [Quit: Leaving]
21:29 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
21:33 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
21:36 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
21:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:46 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
21:46 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
21:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
21:56 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
21:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:02 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
22:05 -!- Acidizer303 [~Worker@193.105.134.156] has left #openvpn []
22:20 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
22:20 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
22:20 -!- mode/#openvpn [+v hazardous] by ChanServ
22:28 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
22:28 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:29 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 246 seconds]
22:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
22:32 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:33 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
22:40 -!- GitGud [~GitGud@unaffiliated/gitgud] has joined #openvpn
22:41 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
23:26 -!- mescon [~mescon@unaffiliated/mescon] has quit [Ping timeout: 250 seconds]
23:26 -!- TinFury [~TinFury@67.230.41.128] has joined #openvpn
23:27 < TinFury> Can anyone help. I have this error.
23:27 < TinFury> 2015-09-03 23:20:27-0500 [-] OVPN 2 OUT: 'Fri Sep 4 04:20:27 2015 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]67.230.41.128:65365'
23:27 < TinFury> But server side and client side doesn't require TLS...
23:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
23:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:49 -!- ShadniX [dagger@p5481D54A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:51 -!- ShadniX [dagger@p5481D877.dip0.t-ipconnect.de] has joined #openvpn
23:54 -!- Tinyyy [~textual@128.199.100.211] has joined #openvpn
23:54 < TinFury> Anyone awake?
23:58 < Tinyyy> sup
--- Day changed Fri Sep 04 2015
00:02 < TinFury> Where is everyeone?
00:02 < TinFury> They sleeping?
00:03 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
00:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:15 < subzero79> TinFury, you're using a static key?
00:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
00:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:26 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:26 -!- mode/#openvpn [+o mattock1] by ChanServ
00:27 < TinFury> SupaYoshi, damn i was afk
00:27 < TinFury> subzero79,
00:27 < TinFury> Static key?
00:30 < TinFury> ok. I've read up on it... no i'm not using a static key. I'm thinking from what i've read... maybe i should.
00:35 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
00:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
00:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:59 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
01:08 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:08 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
01:32 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:37 -!- joako [~joako@opensuse/member/joak0] has quit [Quit: quit]
01:40 -!- Changer90 [~quassel@217.160.177.68] has joined #openvpn
01:41 -!- Changer90 [~quassel@217.160.177.68] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
01:50 < leandrosansilva> Hello to all, how do I know the default value for each openvpn daemon configuration key? I could not find this information neither in the man page nor in the source code (checking src/openvpn/options.[hc])
01:50 < leandrosansilva> Aparently no option have a default value
02:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
02:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:22 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
02:22 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
02:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
02:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:38 -!- Tinyyy [~textual@128.199.100.211] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:44 < subzero79> TinFury, do you have a tls key directive in your server and client conf?
02:44 < TinFury> subzero79, sorry. I wasn't here
02:44 < TinFury> No both files have that commented out
02:45 < TinFury> I'll check back tomorrow. I can't stay up anymore.
02:45 < TinFury> nite
02:45 < TinFury> and thanks
02:45 -!- TinFury [~TinFury@67.230.41.128] has quit [Quit: Leaving]
02:51 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
02:58 -!- mator [~mator@u163.east.ru] has left #openvpn []
02:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:01 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
03:06 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
03:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
03:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:45 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
03:54 -!- arunpyasi [~arunpyasi@45.123.223.30] has joined #openvpn
03:54 < arunpyasi> Hello folks
03:55 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:03 < arunpyasi> Hello anyone around ?
04:10 -!- GitGud [~GitGud@unaffiliated/gitgud] has quit [Read error: Connection reset by peer]
04:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
04:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:26 -!- Linmu_ [~Linmu@220-128-210-232.HINET-IP.hinet.net] has quit [Quit: leaving]
04:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:37 -!- dazo_afk is now known as dazo
04:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:41 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 265 seconds]
05:53 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
06:04 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 255 seconds]
06:12 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
06:14 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
06:15 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:16 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
06:16 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
06:16 -!- dionysus70 is now known as dionysus69
06:19 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Client Quit]
06:21 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
06:21 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Remote host closed the connection]
06:23 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
06:39 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
06:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
06:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:44 -!- mode/#openvpn [+o mattock1] by ChanServ
06:46 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
06:58 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:00 -!- arunpyasi [~arunpyasi@45.123.223.30] has quit [Ping timeout: 244 seconds]
07:02 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
07:04 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
07:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
07:14 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
07:14 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 252 seconds]
07:14 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
07:15 -!- trumee_ is now known as trumee
07:16 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 250 seconds]
07:21 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
07:24 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
07:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:42 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
07:57 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
08:00 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 260 seconds]
08:01 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
08:02 -!- bruxC [~bruxC@66.63.84.178] has joined #openvpn
08:02 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:13 -!- GitGud [~GitGud@unaffiliated/gitgud] has joined #openvpn
08:13 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
08:14 < GitGud> hi there. i have a socks5 server. I want to make my openVPN (client side) travel traffic thru that socks5 server
08:14 < GitGud> any ideas how?
08:17 < GitGud> is it even possible/
08:17 < GitGud> ?
08:20 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
08:21 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 252 seconds]
08:23 -!- GitGud [~GitGud@unaffiliated/gitgud] has quit [Remote host closed the connection]
08:28 <@ecrist> he didn't wait very long
08:47 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
09:02 -!- hennos [~midas8@167.160.44.218] has joined #openvpn
09:03 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
09:06 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
09:20 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
09:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:29 -!- bbert [~bbert@unaffiliated/bbert] has joined #openvpn
09:29 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
09:30 -!- tomputer [tom@server.tomputer.nl] has joined #openvpn
09:31 < tomputer> !welcome
09:31 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
09:31 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:31 < tomputer> !/30
09:31 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
09:34 < tomputer> i have a question about the net30 (/30) topology
09:34 < tomputer> the wiki states "In short, each client (and the server itself) is allocated a virtual /30 network for compatibility with very old Windows versions"
09:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
09:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:35 < tomputer> what are these very old Windows versions?
09:37 < tomputer> or, more specific: after which version of Windows is it possible to not use the net30 solution
09:55 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
09:58 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
10:00 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:06 <@dazo> tomputer: I think we should just remove that comment ... we don't support anything older than WinXP (and barely that) ... and subnet should work just fine on anything newer than WinXP
10:06 <@dazo> I think the comment was aiming at Win2000 or older
10:08 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-hkyywmnxktbwoiku] has joined #openvpn
10:08 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:10 <@dazo> tomputer: which version are you on?
10:10 <@dazo> (openvpn versino)
10:15 -!- dothak [ad0e378b@gateway/web/freenode/ip.173.14.55.139] has joined #openvpn
10:15 < dothak> hello, I have a question about configuring openvpn that's not in the docs, I was hoping I could come here for some guidance?
10:16 < Eugene> !ask
10:16 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
10:17 < dothak> oh, shiny!
10:19 < dothak> I'm trying to set up tunnel communication between two openvpn servers.  I have one already configured, and I am wondering for the second one, do I follow the instructions on setting up a server again? or is it just configuring client.conf and copying over the server ca files?
10:21 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
10:28 < dothak> I haven't been able to find anything conclusive in the docs that answer this.
10:31 -!- bruxC [~bruxC@66.63.84.178] has quit [Quit: Leaving]
10:31 < Neighbour> from my experience, server's don't connect to servers, clients do :)  (ok, that sounds trivially silly)
10:32 < dothak> Ok, so essentially, configure the second server as a client
10:32 < dothak> ?
10:33 < Neighbour> well, maybe :)
10:33 < Eugene> "between two servers, via openvpn" or "I have two openvpn servers, and the clients on both should be able to talk to each other"
10:34 < Neighbour> do you want clients to connect to the first server, and also clients to connect to the second server?
10:34 < Neighbour> and also have traffic between the two servers?
10:34 < dothak> have two private networks behind openvpn servers communicate with each other.
10:34 < Eugene> !route
10:34 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
10:34 <@vpnHelper> client
10:34 < Neighbour> dothak: in that case you can safely configure one as client and one as server
10:34 < Eugene> The second server needs to run a second instance of openvpn in client mode, connecting to the first server
10:35 < Eugene> Set it up using clientlan above
10:35 < dothak> Ok, I'll give it a shot
10:35 < dothak> thanks guys for your help! :)
10:35 < Eugene> Good luck
10:36 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
10:44 < tomputer> dazo: i'm on OpenVPN 2.3.7, using pfSense for it
10:44 < tomputer> dazo: but i suppose the client used XP to connect, will ask them what Win/OS version it was
10:45 <@dazo> tomputer: goodie, then you shouldn't really be worried about topology subnet if clients use 2.3.x with an updated wintap driver
10:46 <@dazo> (the wintap driver should get updated when you update openvpn too)
10:46 < tomputer> yeah, i fixed it now (temporary) by allocating /30's to the client, like explained in: https://community.openvpn.net/openvpn/wiki/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode?
10:46 <@vpnHelper> Title: 273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode – OpenVPN Community (at community.openvpn.net)
10:50 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Ping timeout: 255 seconds]
10:56 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 244 seconds]
10:56 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
11:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:09 -!- dothak [ad0e378b@gateway/web/freenode/ip.173.14.55.139] has left #openvpn []
11:09 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
11:21 -!- l30 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
11:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:30 -!- dothak [ad0e378b@gateway/web/freenode/ip.173.14.55.139] has joined #openvpn
11:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:31 < dothak> Hi, I am having an issue with establishing a vpn tunnel.  everything looks good, but I get this
11:31 -!- Malsasa [~Malsasa@36.84.69.211] has joined #openvpn
11:31 < dothak> !logs ovpn-server[26994]: 52.88.124.15:46212 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
11:31 < dothak> !logs
11:31 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:31 < dothak> sorry: http://pastebin.com/0t0m8p3s
11:31 < Eugene> dothak - pastebin your certs
11:32 < Eugene> And your configs
11:32 < dothak> my certs?..
11:33 < Eugene> Yes. Not the keys, just the ca.crt, server.crt, client.crt
11:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:38 < dothak> server: http://pastebin.com/Qwt5GMJQ, client: http://pastebin.com/s6zPi0tM
11:38 < dothak> give me a sec for the certs
11:43 < dothak> i can't give out the certs, but this error could help? http://pastebin.com/VqPPAAZX
11:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
12:01 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Read error: Connection reset by peer]
12:01 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.92 [Firefox 40.0.3/20150826023504]]
12:04 < Eugene> That would definitely cause the problem.
12:04 < Eugene> Are you using a client cert on a server?
12:04 < Eugene> Or vice-versa?
12:06 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
12:11 < dothak> yeah, I am. I copied the key built on the openvpn server over to the openvpn server acting as the client
12:15 < dothak> using the build-key command
12:18 < dothak> is that wrong?  I was under the assumption I build the client.crt, client.key on the server and then copy those, and ca.crt over to the client server
12:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:27 -!- TinFury [~TinFury@67.230.41.128] has joined #openvpn
12:27 < TinFury> Can anyone help. I have this error.
12:27 < TinFury> <TinFury> 2015-09-03 23:20:27-0500 [-] OVPN 2 OUT: 'Fri Sep 4 04:20:27 2015 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]67.230.41.128:65365'
12:27 < TinFury> But server side and client side doesn't require TLS...
12:27 < TinFury> I'm running Ubuntu 14.04
12:28 < TinFury> No TLS key directive on server or client.
12:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
12:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:41 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
12:43 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
12:47 -!- Malsasa [~Malsasa@36.84.69.211] has quit [Ping timeout: 244 seconds]
13:04 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Quit: Leaving]
13:05 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
13:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
13:09 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
13:12 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:13 -!- dothak [ad0e378b@gateway/web/freenode/ip.173.14.55.139] has quit [Ping timeout: 246 seconds]
13:17 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
13:30 -!- dazo is now known as dazo_afk
13:31 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
13:31 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
13:31 -!- dothak [442531e5@gateway/web/freenode/ip.68.37.49.229] has joined #openvpn
13:35 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
13:38 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
13:42 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
13:45 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
13:46 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Client Quit]
13:50 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
13:50 -!- dothak [442531e5@gateway/web/freenode/ip.68.37.49.229] has quit [Ping timeout: 246 seconds]
13:51 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Client Quit]
13:53 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
13:59 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
14:01 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
14:04 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
14:13 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 252 seconds]
14:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
14:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:36 -!- dothak [442531e5@gateway/web/freenode/ip.68.37.49.229] has joined #openvpn
14:37 < dothak> I'm having an issues establishing a tunnel between openvpn servers
14:38 < dothak> I created the ca.crt, and client.crt/key and copied it over to the client ovpn server
14:38 < dothak> and I am getting this error: http://pastebin.com/WeNm3NLU
14:38 < dothak> I've tried ./clean-all and starting over, but still get the same error
14:39 < dothak> do I need to do something on the client ovpn server first?
14:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
14:58 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
14:59 -!- almostworking [~almostwor@unaffiliated/almostworking] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:13 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 240 seconds]
15:14 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:16 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 264 seconds]
15:16 -!- JackWinter_ [~jack@vodsl-10287.vo.lu] has joined #openvpn
15:16 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
15:16 -!- Intensity [aGQNc2K6ag@unaffiliated/intensity] has quit [Ping timeout: 244 seconds]
15:16 -!- Buffman [~Buffman@52.27.240.115] has quit [Ping timeout: 244 seconds]
15:17 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Read error: Connection reset by peer]
15:17 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 244 seconds]
15:17 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 244 seconds]
15:17 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 244 seconds]
15:17 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
15:17 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 244 seconds]
15:17 -!- Buffman [~Buffman@my.irc-bit.ch] has joined #openvpn
15:17 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
15:17 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
15:17 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
15:18 -!- mode/#openvpn [+o pekster] by ChanServ
15:18 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
15:18 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
15:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
15:19 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
15:21 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has joined #openvpn
15:21 < mutsayu> I'm setting up openvpn, but when I am opening ./vars, I have to add a few lines like: KEY_COUNTRY="US" etc, and │ airbreather
15:22 < mutsayu> I also have there: KEY_EMAIL="me@myhost.domain", do I have to change that value or not?
15:23 < mutsayu> someone pls help?
15:24 < mutsayu> is there someone here? pls?
15:24 < mutsayu> I need help
15:29 < mutsayu> hellooooooooooooo
15:29 -!- troyt [~troyt@2601:681:4601:1011:44dd:acff:fe85:9c8e] has quit [Ping timeout: 256 seconds]
15:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
15:31 -!- TinFury [~TinFury@67.230.41.128] has quit [Ping timeout: 240 seconds]
15:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
15:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:35 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has left #openvpn ["WeeChat 1.3"]
15:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:41 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
15:52 -!- K1rk [~Kirk@5.135.221.149] has quit [Quit: Leaving]
15:58 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:05 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
16:05 -!- mode/#openvpn [+o krzee] by ChanServ
16:07 < ki7rw> i'm not sure if this is the place to ask but i went to https://ipleak.net/ with my firefox browser and that website showed that i have a dns leak - so far my research indicates that it can be fixed with iptable rules but since chrome doesn't leak i don't believe it to be a firewall issue and if chrome doesn't leak then it's not a openvpn config issue (?)
16:07 <@vpnHelper> Title: IP/DNS Detect - What is your IP, what is your DNS, what informations you send to websites. (at ipleak.net)
16:08 -!- c|oneman [cloneman@1337.montrealdark.com] has quit [Ping timeout: 244 seconds]
16:08 -!- dothak [442531e5@gateway/web/freenode/ip.68.37.49.229] has quit [Ping timeout: 246 seconds]
16:08 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 260 seconds]
16:09 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 244 seconds]
16:10 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
16:10 -!- c|oneman [cloneman@209.141.58.70] has joined #openvpn
16:12 -!- skynews [~skynews@5.62.17.194] has joined #openvpn
16:12 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 268 seconds]
16:13 -!- JackWinter_ [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
16:14 -!- skynews [~skynews@5.62.17.194] has quit [Client Quit]
16:15 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:15 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
16:16 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
16:17 -!- Esya [~esya@62-210-192-133.rev.poneytelecom.eu] has joined #openvpn
16:19 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
16:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 272 seconds]
16:24 < Esya> Hey guys. Is it mandatory to use Access-server to be able to do have an high availability cluster?
16:25 < Esya> Or is there another way to do so? Everything I find online is for access server to do that
16:27 < subzero79> !AS
16:27 <@vpnHelper> "AS" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
16:29 < Esya> subzero79 did you read my question ?
16:29 < Esya> My question is not related to AS..
16:29 < Esya> I'd like to do so with the regular OpenVPN
16:29 < subzero79> sorry just saw access server
16:29 -!- wannabegeekster [~wannabege@ip72-201-43-216.ph.ph.cox.net] has joined #openvpn
16:30 < Esya> No worries. But if it's not possible well I'll consider Access. But for now I'd like to search and try things with the open source openvpn
16:30 < wannabegeekster> Where are the openvpn client logs normally stored at on a Mac?
16:31 < subzero79> wannabegeekster, depends in tunnelblick  i have a log window inside the app
16:32 -!- HardWall [~HardWall@2a02:2f0e:87:cc00:3878:ebe1:a01c:a5bb] has joined #openvpn
16:33 < wannabegeekster> subzero79, cool thanks!  I am trying to support someone and don't have access to his machine...
16:33 < subzero79> If you use the brew openvpn , you can specify the log inside the configuration file
16:40 < wannabegeekster> What client would you recommend for connecting to a Sophos firewall? Tunnelblick looks pretty cool, especially if the log window is inside the app.
16:43 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
16:43 < subzero79> tunneblick has worked for me, i haven't used sophos openvpn server
16:43 < subzero79> before that i used another app, which i think is better but is paid
16:44 < subzero79> can't remember the name
16:44 < subzero79> viscosity, that's the name
16:45 -!- hennos [~midas8@167.160.44.218] has quit [Quit: Leaving]
16:45 < subzero79> i have used against openvpn server in openwrt, linux debian, and pfsense
16:45 < subzero79> and tomato also
16:45 < wannabegeekster> Ok sweet.  Sophos recommends Tunnelblick apparently as well.
16:53 -!- hennos [~midas8@167.160.44.218] has joined #openvpn
16:57 -!- RealityVoid [~HardWall@2a02:2f0e:1a2:f400:dc2b:a5a3:c0b2:8391] has joined #openvpn
16:59 -!- HardWall [~HardWall@2a02:2f0e:87:cc00:3878:ebe1:a01c:a5bb] has quit [Ping timeout: 252 seconds]
17:07 -!- RealityVoid is now known as HardWall
17:15 < wannabegeekster> That is
17:16 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:19 < wannabegeekster> Too many keyboards, sorry.  lol.  Either way thanks subzero79.  tunnelblick worked great and solved our issuses
17:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
17:23 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Ping timeout: 250 seconds]
17:24 -!- HardWall [~HardWall@2a02:2f0e:1a2:f400:dc2b:a5a3:c0b2:8391] has quit [Read error: Connection reset by peer]
17:25 -!- hennos [~midas8@167.160.44.218] has quit [Read error: Connection reset by peer]
17:26 -!- hennos [~midas8@167.160.44.234] has joined #openvpn
17:29 -!- toli [~toli@62.235.148.85] has quit [Ping timeout: 246 seconds]
17:30 -!- toli [~toli@ip-62-235-238-102.dsl.scarlet.be] has joined #openvpn
17:31 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
17:35 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 240 seconds]
18:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
18:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
18:17 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
18:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
18:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
18:59 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Read error: Connection reset by peer]
19:13 -!- zamber [~zamber@78.10.90.243] has quit [Ping timeout: 244 seconds]
19:15 -!- seQui [~w@178.255.148.169] has joined #openvpn
19:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
19:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
19:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
19:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
19:30 -!- hennos [~midas8@167.160.44.234] has quit [Quit: Leaving]
19:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:47 -!- Ending [~user@116.31.82.27] has joined #openvpn
19:47 -!- Ending [~user@116.31.82.27] has left #openvpn ["ERC (IRC client for Emacs 24.5.1)"]
19:49 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has joined #openvpn
19:52 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
19:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
20:01 -!- almostworking [~almostwor@unaffiliated/almostworking] has joined #openvpn
20:10 -!- zamber [~zamber@dynamic-78-8-43-51.ssp.dialog.net.pl] has joined #openvpn
20:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
20:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
20:24 -!- dmilith is now known as dmilith2
20:27 -!- dmilith2 is now known as dmilith
20:28 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
20:35 -!- almostworking [~almostwor@unaffiliated/almostworking] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
21:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
21:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
21:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:21 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
21:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
21:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
21:37 -!- seQui [~w@178.255.148.169] has quit [Quit: Leaving]
21:46 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:54 -!- Jalen [~quassel@belencomputers/regular/jalen] has joined #openvpn
21:57 -!- excelereight [~excelerei@198.46.193.43] has joined #openvpn
21:59 < excelereight> Is it possible to configure the server.conf so that on client machines, domain.tld resolves to the 10.8.0.1, rather than w.x.y.z?
22:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
22:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
22:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
22:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:32 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
22:32 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 244 seconds]
22:32 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
22:33 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:42 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:09 -!- excelereight [~excelerei@198.46.193.43] has quit [Ping timeout: 250 seconds]
23:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:24 -!- Eneerge [eneergealt@unaffiliated/eneerge] has quit [Quit: ZNC - http://znc.in]
23:26 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
23:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
23:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
23:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:48 -!- ShadniX [dagger@p5481D877.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:49 -!- ShadniX_ [dagger@p5DDFFDA8.dip0.t-ipconnect.de] has joined #openvpn
23:49 -!- ShadniX_ is now known as ShadniX
--- Day changed Sat Sep 05 2015
00:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
00:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:26 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
00:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:46 -!- mode/#openvpn [+o mattock1] by ChanServ
00:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
00:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:56 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
01:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:27 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
01:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
01:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:00 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
02:05 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
02:27 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
02:32 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-hkyywmnxktbwoiku] has quit [Quit: Connection closed for inactivity]
02:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
02:35 -!- dmilith is now known as dmilith2
02:38 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
02:47 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
02:55 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:10 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
03:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:21 -!- Bitxlove [~Bitxlove@gateway/vpn/privateinternetaccess/bitxlove] has quit [Quit: Upps - gone to sleep. ZZZzzz…]
03:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
03:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
03:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:02 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:03 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:10 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
04:11 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:14 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
04:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:32 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has joined #openvpn
05:38 -!- dmilith2 is now known as dmilith
05:39 -!- hennos [~midas8@167.160.44.234] has joined #openvpn
05:42 -!- dmilith is now known as dmilith2
05:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:45 -!- dmilith2 is now known as dmilith
05:48 -!- dmilith is now known as dmilith2
05:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:52 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 244 seconds]
05:55 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
05:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
06:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:03 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 272 seconds]
06:05 -!- dmilith2 is now known as dmilith
06:12 -!- APTX [~APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer]
06:18 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:19 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
06:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
06:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
06:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:28 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
06:32 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 268 seconds]
07:05 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
07:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:40 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
07:41 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
07:44 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
07:44 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
07:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Read error: Connection reset by peer]
07:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
07:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:59 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
08:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Client Quit]
08:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
08:34 -!- wannabegeekster [~wannabege@ip72-201-43-216.ph.ph.cox.net] has quit [Remote host closed the connection]
08:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
09:00 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
09:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:10 -!- dmilith is now known as dmilith2
09:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
09:18 -!- dmilith2 is now known as dmilith
09:28 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
09:30 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
09:32 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
09:33 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:44 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
09:52 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
09:57 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
09:59 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
10:02 -!- arunpyasi [~arunpyasi@45.123.223.118] has joined #openvpn
10:03 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
10:08 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
10:27 -!- albech [~Thunderbi@188-179-157-194-static.dk.customer.tdc.net] has joined #openvpn
10:29 < albech> Hi all. wish to connect my machine in ec2 with my admin network in our data center. would it be an option to create a vpn bridge between the ec2 machine and my openvpn server or is there a better way to do it (site2site)?
10:30 < albech> the machine in ec2 will primarely work as a mysql slave for replication out of our sql cluser and other minor services (nagios etc)
10:32 < albech> i already have an openvpn server running for external clients (routing), but they are connecting to a different subnet and i dont wish external servers to connect to that same interface
10:56 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
11:01 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
11:16 -!- OS-17344 is now known as nullsign
11:16 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Quit: Quit]
11:17 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
11:21 < arunpyasi> Hi all, I am trying to make openvpn reconnect in every network restart. But its not working... Please help me fix this... :(
11:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
11:33 -!- arunpyasi [~arunpyasi@45.123.223.118] has quit [Ping timeout: 246 seconds]
11:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:49 -!- early [~early@2607:5300:100:200::160d] has quit [Ping timeout: 240 seconds]
11:54 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
11:59 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
12:02 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
12:02 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
12:11 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
12:11 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 246 seconds]
12:12 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
12:15 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
12:18 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
12:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
12:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
12:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:43 < ki7rw> i have a question about dns leaks - i'm using opendns in my server.conf but places like ipleak.dns the opendns servers still shows up - it's interesting that firefox shows the dns servers but not chrome - anyway, since my ISP dns services aren't showing up should i still be concerned that the opendns servers are showing up?
12:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
12:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:57 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
12:59 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
13:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
13:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
13:22 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
13:40 -!- ruhrdolf [ruhrdolf@gateway/vpn/mullvad/x-xqswwfgdscmuoegh] has joined #openvpn
13:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:42 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 265 seconds]
13:46 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
14:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:19 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
14:32 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:35 -!- FierceDeityLink [~shayne@c-73-161-233-107.hsd1.mi.comcast.net] has joined #openvpn
14:35 < FierceDeityLink> 10.37.225.0/24 via 10.37.225.2 dev tun0
14:35 < FierceDeityLink> 10.37.225.2 dev tun0  proto kernel  scope link  src 10.37.225.1
14:35 < FierceDeityLink> those are made every time i start the service
14:35 < FierceDeityLink> and its making routing difficult and confusing
14:35 < FierceDeityLink> any help would be great
14:46 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 250 seconds]
14:52 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
14:59 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 240 seconds]
15:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
15:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:11 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
15:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
15:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
15:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:16 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 264 seconds]
15:16 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:17 < hydrajump> I can't seem to find the source but there isn't a difference between `server.conf` and `server.ovpn` right?
15:17 < hydrajump> the format and contents of those two files are identical just the extension?
15:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
15:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
15:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
15:31 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has joined #openvpn
15:33 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:44 -!- kenyon [kenyon@darwin.kenyonralph.com] has joined #openvpn
15:44 -!- kenyon [kenyon@darwin.kenyonralph.com] has left #openvpn []
16:00 < KNERD> hydrajump: one goes in Linux, the othe goes on Windows
16:16 -!- dougl [~doug@S0106848dc7eb7679.wp.shawcable.net] has joined #openvpn
16:19 < BtbN> openvpn doesn't care about file extensions at all.
16:30 -!- Bitxlove [~Bitxlove@unaffiliated/bitxlove] has quit [Ping timeout: 272 seconds]
16:59 -!- dougl [~doug@S0106848dc7eb7679.wp.shawcable.net] has quit [Remote host closed the connection]
16:59 < hydrajump> KNERD: BtbN thanks. Some linux systems support .ovpn though
17:03 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
17:04 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
17:04 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
17:04 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:26 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
17:39 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:57 < KNERD> hydrajump: it;s just an identifier for your purpose
17:57 < KNERD> you cannameit what you want and tell it to use it
18:04 -!- Haigha [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
18:05 -!- Haigha [~root@2001:bc8:348c:100::1] has joined #openvpn
18:06 -!- FierceDeityLink [~shayne@c-73-161-233-107.hsd1.mi.comcast.net] has quit [Ping timeout: 265 seconds]
18:15 < hydrajump> ok
18:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
18:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
18:38 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:21 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit []
19:25 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
19:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
19:31 -!- dougl [~doug@S0106848dc7eb7679.wp.shawcable.net] has joined #openvpn
19:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
19:36 < dougl> I will only be connecting to my vpn server from rogers 3g network - shoul not have issues with local net being 192.168.0.0?
19:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:39 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
19:41 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
20:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:26 -!- dmilith is now known as dmilith2
20:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
20:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
20:30 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 246 seconds]
20:31 -!- hennos [~midas8@167.160.44.234] has quit [Quit: Leaving]
20:34 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
20:36 -!- dougl [~doug@S0106848dc7eb7679.wp.shawcable.net] has quit [Remote host closed the connection]
20:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
20:45 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
20:49 -!- jeev_ is now known as jeev
20:51 -!- Tinyyy [~textual@175.156.229.37] has joined #openvpn
20:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
20:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
21:01 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
21:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
21:05 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
21:07 -!- Alamode [~Alamode@116-245-47-212.rev.cloud.scaleway.com] has joined #openvpn
21:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
21:21 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 250 seconds]
21:24 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
21:42 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 252 seconds]
21:45 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
22:00 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 246 seconds]
22:02 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
22:38 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
23:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
23:36 -!- mbff [~marshall@dyn23-000.res-hall.ndsu.NoDak.edu] has joined #openvpn
23:37 < mbff> I am trying to use openvpn as a client. I ran openvpn /etc/openvpn/client.conf  as root on my ubuntu server and it gets stuck at " UDPv4 link remote: [AF_INET]"
23:37 < mbff> any ideas about how to solve this?
23:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:48 -!- ShadniX [dagger@p5DDFFDA8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:49 -!- ShadniX [dagger@p5481CD7F.dip0.t-ipconnect.de] has joined #openvpn
23:59 -!- early [~early@2607:5300:100:200::160d] has quit [K-Lined]
--- Day changed Sun Sep 06 2015
00:00 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [K-Lined]
00:00 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
00:02 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
00:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
00:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
00:31 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
00:48 < subzero79> mbff, i think is not resolving the remote address
00:48 < subzero79> or the server is down
00:53 < mbff> subzero79, thanks
00:53 < subzero79> is your server?
01:16 -!- mbff [~marshall@dyn23-000.res-hall.ndsu.NoDak.edu] has quit [Remote host closed the connection]
01:37 -!- Tinyyy [~textual@175.156.229.37] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:59 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:08 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 244 seconds]
02:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
02:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:24 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
02:25 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:30 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 244 seconds]
02:33 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
02:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
03:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
03:35 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:39 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has joined #openvpn
03:40 < mutsayu> someone can help me here? My incoming packets from the client -> server is getting rejected
03:40 < mutsayu> I followed the arch wiki tutorial, and I ofc did something from in the client/server.conf but idk what ...
03:41 < mutsayu> can someone help me? If so, I can send the output from my client/server.conf
03:42 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
03:44 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
03:44 < mutsayu> srsly, can atleast someone say a word here?
03:45 < skyroveRR> mutsayu: hello
03:46 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:46 < skyroveRR> mutsayu: paste the output of your firewall :)
03:47 < mutsayu> skyroveRR: I use ufw, but hen I do "ufw status" it responds: "Status:inactive"
03:48 < mutsayu> skyroveRR: what output do you need from ufw/
03:48 < mutsayu> ?
03:48 < skyroveRR> Ok, then paste the iptables output. iptables-save.
03:49 < mutsayu> skyroveRR: owh, I was following the instructions on the ArchWiki, and they say eventually after configuring the client/server.conf to start openvpn with client/server.conf, they will walk me through ip-tables later on
03:50 < mutsayu> just was testing out this part, but I haven't set up ip-tables I believe
03:50 < mutsayu> k moment
03:50 < skyroveRR> mutsayu: If you don't setup the firewall, you won't be able to do anything with the VPN.
03:51 < mutsayu> http://pastebin.com/tvkmPihL
03:51 < skyroveRR> I mean, you can configure it, but it won't route traffic to the right places..
03:51 < mutsayu> this is my output from: iptables-save
03:51 < skyroveRR> Without the rules.
03:52 < mutsayu> skyroveRR: yeah I am not that smart with openvpn and all those things around it. So I need a bit of help, so if you can, It's been appreciated
03:53 < skyroveRR> Those rules are insufficient... they'll only allow you to access the VPN, but they won't let you do browsing and other "internet" stuff... only LAN stuff.
03:54 < mutsayu> skyroveRR: so, how do I configure that it does allow it?
03:55 < skyroveRR> mutsayu: the openvpn devs wrote a simple howto for people like you and I, and it's pretty straight forward. By the end of reading it, you should have a working VPN with the proper firewall rules. https://openvpn.net/howto.html
03:57 -!- Codmadnesspro [~Codmadnes@codmadnesspro.com] has quit [Quit: https://codmadnesspro.com | Twitter @Codmadnesspro]
03:59 -!- Codmadnesspro [~Codmadnes@codmadnesspro.com] has joined #openvpn
04:08 -!- samopotamus [~samopotam@ks4002259.ip-198-100-147.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
04:10 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
04:11 -!- skyroveRR_ is now known as skyroveRR
04:16 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-xkhoekochdzcsbxa] has joined #openvpn
04:16 < mjkr> is there a way to know if openvpn support tls 1.2?
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:20 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:27 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
04:40 -!- alec-b [~alec@8.16.158.5.rev.vodafone.pt] has joined #openvpn
05:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
05:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:16 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
05:23 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has quit [Ping timeout: 260 seconds]
05:29 -!- toli [~toli@ip-62-235-238-102.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:31 -!- toli [~toli@ip-62-235-214-35.dsl.scarlet.be] has joined #openvpn
05:37 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
05:44 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
05:45 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Remote host closed the connection]
05:48 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:01 -!- mutsayu [~muts@546A0A99.cm-12-3a.dynamic.ziggo.nl] has joined #openvpn
06:02 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
06:03 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
06:09 < mutsayu> could someone help me with my openvpn? I get the TLS error: "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)"
06:10 < mutsayu> I just did "sudo ufw allow out 1194/udp
06:10 < mutsayu> but didn't fix it
06:11 < mutsayu> skyroveRR: u here?
06:31 < skyroveRR> mutsayu: yeah
06:32 < mutsayu> skyroveRR: okay, so I got the TLS error fixed, and I know I have to setup the iptables etc.
06:32 < mutsayu> skyroveRR: now I am at this part --> https://openvpn.net/index.php/open-source/documentation/howto.html#policy
06:32 <@vpnHelper> Title: HOWTO (at openvpn.net)
06:32 < mutsayu> skyroveRR: but do I have to do everything? cos I am setting it up on my own machine, I am the only client right?
06:34 < skyroveRR> mutsayu: your client.conf/server.conf/iptables-save files, please.
06:34 < skyroveRR> As pastebin links.
06:35 < mutsayu> skyroveRR: would ptpb also be good?
06:35 < skyroveRR> ptpb?
06:36 < mutsayu> skyroveRR: yeah, is pastebin kinda, but then another hosting
06:37 < skyroveRR> Please.
06:37 < mutsayu> skyroveRR: anyway, was the command: iptables-save?
06:37 < skyroveRR> Yes.
06:37 < mutsayu> skyroveRR: what? xD
06:37 < skyroveRR> Yes, the command was iptables-save.
06:37 < skyroveRR> Paste the output.
06:37 < skyroveRR> Along with the configuration files of the server and the client.
06:38 < skyroveRR> mutsayu: paste the firewall output of both, the client AND the server.
06:39 < mutsayu> iptables-save -> https://ptpb.pw/VW_9 || client.conf -> https://ptpb.pw/uYSy.conf || server.conf -> https://ptpb.pw/984Y.conf
06:39 < mutsayu> ehm, what output of firewall? where do I check that/
06:39 < mutsayu> ?
06:40 < skyroveRR> I told you 2 times.
06:40 < mutsayu> ufw status?
06:41 < skyroveRR> 17:07:48       skyroveRR | Yes, the command was iptables-save.
06:41 < skyroveRR> 17:08:44       skyroveRR | mutsayu: paste the firewall output of both, the client AND the server.
06:41 < mutsayu> you got that right?
06:41 < mutsayu> iptables, client and server
06:42 < skyroveRR> Are you running the client and the server on the same machine?
06:42 < mutsayu> ye? people from my college also set this up but they told me too to follow the HOWTO section at openvpn
06:43 < mutsayu> I just know how to program, not an expert on this subject ;/
06:43 < skyroveRR> Is it too difficult to mention that at the beginning? I presumed it was 2 separate machines.
06:44 < mutsayu> skyroveRR: sorry :( but I can run client and server on 1 machine right?
06:44 < skyroveRR> Yes, but I'm not a magician to know that.
06:44 < skyroveRR> Anyway.
06:44 < mutsayu> skyroveRR: owh well okay sorry I didn't mention that
06:44 < mutsayu> :(
06:44  * skyroveRR parses the conf files.
06:45 < mutsayu> uhh... it says now: "skyroverRR parses the conf files"
06:45 < skyroveRR> mutsayu: paste the output of "ip addr".
06:46 < mutsayu> without running server/client?
06:46 < mutsayu> of with
06:46 < skyroveRR> mutsayu: it means I'm looking at the links you gave me.
06:46 < skyroveRR> "ip addr" is independent of your VPN.
06:46 < mutsayu> ooh ok
06:47 < mutsayu> ip addr -> https://ptpb.pw/zjHF
06:47 < skyroveRR> Alright.
06:49 < skyroveRR> In your client.conf, your VPN client doesn't have an IP allocated to it. All it says is "establish connectivity to 10.8.0.1", that's it.
06:50 < skyroveRR> For a client to communicate, it has to have its own IP address along with its netmask.
06:50 < mutsayu> skyroveRR: owh, well it did work tho... when I did ifconfig later on, it says; inet 10.8.0.6
06:50 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 255 seconds]
06:51 < skyroveRR> Hmm.
06:51 < mutsayu> in what do I have to change it then? cos that is also a part I didn't understand. As soon as it did work, I immediately went on to the next step
06:51 < mutsayu> was trapped for it for too many hours
06:51 < skyroveRR> Start the VPN. Paste the output if "ip addr" and "status.log".
06:51 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
06:53 < mutsayu> ip addr -> https://ptpb.pw/1qqz || openvpn-status.log -
06:53 < mutsayu> ip addr -> https://ptpb.pw/1qqz || openvpn-status.log -> https://ptpb.pw/grus.log
06:54 < skyroveRR> mutsayu: btw, you should keep the configuration files as short as possible so that you can pinpoint an option quickly. In your case, the files are well over a 100 lines, in my case, it's less than 30 lines.
06:55 < mutsayu> skyroveRR: yeah those are just the example conf files and at a few settings it has a docu I wanna keep. But I might as well remove the crap later on
06:55 < skyroveRR> Ok. Ping the server 10.8.0.1.
06:56 < mutsayu> skyroveRR: yeah I got response.
06:56 < mutsayu> 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=0.039 ms
06:56 < skyroveRR> Ok.
06:57 < skyroveRR> Add this to the end of your server.conf file, mutsayu: "log-append /var/log/openvpn.log"
06:57 < skyroveRR> Then restart the VPN server, invoke the VPN client, and paste the openvpn.log file.
06:57 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 240 seconds]
07:00 < mutsayu> skyroveRR: /var/log/openvpn.log -> https://ptpb.pw/MQfW.log
07:00 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
07:01 < skyroveRR> You've got a working VPN....
07:02 < skyroveRR> What's your issue then?
07:04 < mutsayu> skyroveRR: ahaha, well I told you after your first respond, I got my problem fixed, but my new question was: I am now at this section: https://openvpn.net/index.php/open-source/documentation/howto.html#policy and I run the server on my own machine and I am the only client. Do I have to do everything here or just start to do the ip-tables?
07:05 < skyroveRR> lol
07:05 < skyroveRR> Ok.
07:06 < skyroveRR> You don't need those policy routes.
07:08 < skyroveRR> mutsayu: And as far as your firewall rules are concerned, you'll be able to access any port on the server. But nothing beyond that.
07:12 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 255 seconds]
07:14 -!- alec-b [~alec@8.16.158.5.rev.vodafone.pt] has quit [Ping timeout: 264 seconds]
07:15 -!- mutsayu_ [~muts@546A0A99.cm-12-3a.dynamic.ziggo.nl] has joined #openvpn
07:15 -!- mutsayu_ [~muts@546A0A99.cm-12-3a.dynamic.ziggo.nl] has quit [Client Quit]
07:15 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has joined #openvpn
07:15 -!- mutsayu_ [~muts@546A0A99.cm-12-3a.dynamic.ziggo.nl] has joined #openvpn
07:15 < skyroveRR> mutsayu: welcome back.
07:16 < mutsayu_> skyroveRR: so should I do the iptables configuration at the openvpn section or skip?
07:16 < mutsayu_> yeah, I'm at a friend. He has some internet issues. He had to restart
07:16 -!- mutsayu [~muts@546A0A99.cm-12-3a.dynamic.ziggo.nl] has quit [Ping timeout: 255 seconds]
07:16 < skyroveRR> Till where did you receive my messages?
07:16 < mutsayu_> the last I get was I shouldn't be concerned since I am the only user, I can use any port
07:17 < mutsayu_> which was your last one I assume
07:17 < skyroveRR> What's your goal? Access the server only and the internet beyond that?
07:18 < skyroveRR> * only or
07:18 < mutsayu_> well my friend's at my college use e.g. vpn so they can access weechat on college.
07:18 < mutsayu_> cos on college it gets blocked or some sorta thing
07:18 < skyroveRR> Ah.
07:19 < skyroveRR> So you want to access IRC through the VPN?
07:19 < mutsayu_> basically, for now.
07:19 < mutsayu_> but browsing under another ip also is something nice
07:19 < mutsayu_> and reliefing
07:19 < mutsayu_> relieving **
07:19 < skyroveRR> Read the howto. The info is there on how to do it.
07:20 < mutsayu_> I am reading the how-to, but sometimes I'm not sure weither I should do that configuration section or I should kip that
07:20 < skyroveRR> If you're unsure, just ask.
07:21 < mutsayu_> well okay, I was gonna start here, like I said before. Should I do this or continue? If continue; which step is next? https://openvpn.net/index.php/open-source/documentation/howto.html#policy
07:21 <@vpnHelper> Title: HOWTO (at openvpn.net)
07:23 < skyroveRR> You don't need that. Proceed to this if you only want to access IRC through the VPN. https://openvpn.net/index.php/open-source/documentation/howto.html#redirect
07:23 <@vpnHelper> Title: HOWTO (at openvpn.net)
07:25 < mutsayu_> skyroveRR: okay so it says there: push "redirect-gateway def1", but my server.conf has on default: push "redirect-gateway def1 bypass-dhcp"
07:25 < mutsayu_> should I remove the "bypass-dhcp" or not
07:25 < skyroveRR> Remove that.
07:26 < mutsayu_> ahh okay
07:27 < mutsayu_> now I should run the command "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE" but in my client.conf I've set "remote 10.8.0.1 1194", so shouldn't I change it to 10.8.0.1/24 on the iptables-command?
07:28 < skyroveRR> You can't have 10.8.0.1 for the server and the client at the same time. The client has to have a different IP. 10.8.0.6. Only the server can have 10.8.0.1.
07:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
07:31 < mutsayu_> so "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE" is good?
07:31 < skyroveRR> mutsayu_: so modify your client.conf... and as for the iptables command, you will have to make the interface changes accordingly.
07:33 < skyroveRR> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlp3s0 -j MASQUERADE
07:34 < mutsayu_> oowh, yeah now I get that command haha, thanks!
07:34 < mutsayu_> I seriously can't thank you enough for helping me. People in #archlinux or #linux only say; yeah read the docu
07:36 < mutsayu_> but they've done this over a hundred times, I do this for the first time and the amount of configuration is ... a lot.
07:37 < skyroveRR> Understand the options in the comments and get rid of them. Tidy up your comments so the file is less confusing.
07:37 < mutsayu_> skyroveRR: push "dhcp-option DNS 10.8.0.1, is windows-related? or should I uncomment it too?
07:38 < mutsayu_> and yeah, ofc
07:38 < skyroveRR> That isn't needed.
07:38 < mutsayu_> thanks
07:38 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has joined #openvpn
07:39 -!- shiriru [~shiriru@95-42-18-158.btc-net.bg] has quit [Remote host closed the connection]
07:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:41 -!- mutsayu_ [~muts@546A0A99.cm-12-3a.dynamic.ziggo.nl] has left #openvpn ["WeeChat 1.3"]
07:41 -!- mutsayu [~muts@546A0A99.cm-12-3a.dynamic.ziggo.nl] has joined #openvpn
07:42 < mutsayu> skyroveRR: okay so when I runned server.conf and then my client.conf, it started normal, but I didn't had internet.. or atleast the pages didn't load at all.
07:42 < mutsayu> skyroveRR: just finished the section #redirect at openvpn.net, am I done now?
07:43 < skyroveRR> Paste your iptables-save output.
07:43 < skyroveRR> And "ip r" output.
07:44 < mutsayu> ipr with or without server running?
07:44 < mutsayu> "ip r" with or without server running?
07:44 < skyroveRR> Without
07:45 < mutsayu> skyroveRR: iptables-save -> https://ptpb.pw/tOjN || ip r -> https://ptpb.pw/VmoC
07:48 < skyroveRR> mutsayu: with the VPN, "ip r" output..
07:49 < mutsayu> you said without xD
07:49 < mutsayu> k moment
07:49 < skyroveRR> I wanted to see the difference :P
07:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:51 < mutsayu> skyroveRR: ip r -> https://ptpb.pw/6PtW
07:51 < skyroveRR> Hmm.
07:52 < skyroveRR> Can you ping 8.8.8.8 while the server is running?
07:52 < mutsayu> skyroveRR: ehm, server and client or only server running and then ping?
07:52 < skyroveRR> While both of them are running.
07:53 < mutsayu> yeah I can, but when I ping google.com I get nothing.
07:53 < skyroveRR> Ok. That's a DNS issue.
07:55 < mutsayu> so how do I fix this?
07:55 < skyroveRR> Guess you'll need to use push "dhcp-option DNS 10.8.0.1" in the server config file after all. I thought that was for windows only. Upon rereading, I understood that it's for unix systems.
07:56 < skyroveRR> For unix systems, it's push "dhcp-option DNS 10.8.0.1"; for Windows, it's push "dhcp-option WINS 10.8.0.1". We obviously are running unix-like system.
07:57 < skyroveRR> Add that, restart the server/client, and then try to ping google.com.
07:59 -!- hennos [~midas8@167.160.44.234] has joined #openvpn
08:01 < mutsayu> skyroveRR: Nothing.. ;/
08:01 < skyroveRR> Paste your server config.
08:03 < mutsayu> skyroveRR: /var/log/openvpn.log -> https://ptpb.pw/84SH.log
08:04 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:05 < skyroveRR> Did you start the server as a non root user?
08:06 < skyroveRR> That's the most likely cause of "Operation not permitted".
08:06 < skyroveRR> The server needs root privileges to manipulate the routes.
08:08 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
08:09 < mutsayu> skyroveRR: ahh lemme try
08:11 < mutsayu> well I was in the /etc/openvpn folder as "sudo su" but not I was as the normal user, had to do "sudo openvpn /etc/openvpn/server.conf" and for client.conf
08:11 < mutsayu> but still nothing
08:11 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
08:12 < mutsayu> could it be a prob that I have to change "redirect-gateway def1" to "redirect-gateway local def1"
08:12 < mutsayu> I don't think so
08:12 < skyroveRR> That isn't needed.
08:13 < skyroveRR> If you can ping 8.8.8.8, that means the VPN is functional.
08:13 < skyroveRR> Only the DNS hasn't been resolved.
08:13 < skyroveRR> Anyhow. Do you get the "Operation not permitted" error still when you start the server?
08:15 < mutsayu> oh I see, it's this: RTNETLINK answers: Operation not permitted
08:15 < mutsayu> right?
08:15 < skyroveRR> Yup.
08:15 < skyroveRR> Are you running as root?
08:16 < mutsayu> no
08:16 < skyroveRR> Then do.
08:16 < mutsayu> as muts@dev
08:16 < mutsayu> and then
08:16 < mutsayu> I do: "sudo openvpn /etc/open/server.conf"
08:16 < mutsayu> that's good right?
08:17 < skyroveRR> "sudo openvpn --config /etc/open/server.conf".
08:18 < mutsayu> and for client?
08:18 < mutsayu> just "sudo openvpn /etc/openvpn/client.conf" ?
08:18 < skyroveRR> Use the --config parameter again.
08:18 < mutsayu> ahh k
08:20 < mutsayu> nothing
08:21 < skyroveRR> Can you elaborate "nothing"?
08:21 < mutsayu> I do get with client.conf running the error "ERROR: Linux route add command failed: external program exited with error status: 1"
08:21 < mutsayu> nothing as in; no ping google.com respond
08:22 < skyroveRR> Paste the openvpn.log file again, please.
08:26 < mutsayu> skyroveRR: /var/log/openvpn.log -> https://ptpb.pw/8fSh.log
08:28 -!- dmilith2 is now known as dmilith
08:30 < skyroveRR> Hmm.
08:31 < skyroveRR> mutsayu: what's the contents of the file /etc/resolv.conf?
08:32 < mutsayu> skyroveRR: /etc/resolv.conf -> https://ptpb.pw/cGu7
08:36 < skyroveRR> mutsayu: how do you terminate the server process?
08:36 < skyroveRR> And the client process as well?
08:36 < mutsayu> just ctrl c
08:37 -!- dmilith is now known as dmilith2
08:37 < skyroveRR> SIGH. Paste your client and server configs again.
08:37 < mutsayu> xD
08:37 < mutsayu> sure
08:39 < mutsayu> skyroveRR: /etc/openvpn/client.conf -> https://ptpb.pw/uYSy.conf || /etc/openvpn/server.conf -> https://ptpb.pw/bT0k.conf
08:41 -!- dmilith2 is now known as dmilith
08:41 < skyroveRR> Add this to client.conf: dhcp-option DNS 10.8.0.1, restart server and client, try to ping.
08:43 < mutsayu> skyroveRR: still nothing. Can't ping ;/
08:43 < skyroveRR> The hell? Paste your client.conf...
08:44 < mutsayu> skyroveRR: /etc/openvpn/client.conf -> https://ptpb.pw/z65D.conf
08:44 < mutsayu> at the bottom.
08:45 < skyroveRR> Replace 10.8.0.1 with one of those IPs is /etc/resolv.conf. Then restart and ping.
08:45 < skyroveRR> s/is/in.
08:46 < skyroveRR> For DNS only.
08:48 < mutsayu> again nothing ... when I run the server and client I get 7.433 lag on weechat
08:48 < skyroveRR> Are you using wifi?
08:48 < mutsayu> ye
08:48 -!- dmilith is now known as dmilith2
08:48 < skyroveRR> That's the cause.
08:49 < mutsayu> ;o
08:49 < mutsayu> explain please.
08:49 < skyroveRR> Wifi is the cause of the lag. Wifi = wireless = unreliable.
08:50 < mutsayu> so what should I do then?
08:50 < skyroveRR> But that's beside the point. The main thing is, why isn't DNS working..
08:51 < skyroveRR> Replace
08:51 < skyroveRR>     push "redirect-gateway def1"
08:51 -!- dmilith2 is now known as dmilith
08:51 < skyroveRR>  With
08:51 < skyroveRR>     push "redirect-gateway local def1"
08:51 < mutsayu> and what about the dhcp-options DNS .... in my client.conf
08:52 < mutsayu> back to 10.8.0.1?
08:52 < skyroveRR> Use 10.8.0.1 again.
08:52 < skyroveRR> Yeah.
08:53 < skyroveRR> I've actually never used a setup where the server and the client are on the same computer. My server machine is different from my clients.
08:54 < skyroveRR> I never had to go through so much trouble. It was straight forward for me, although I did have some quirks in the beginning.
08:54 < mutsayu> nope. but I got in my client this warning: "WARNING: potential conflict between --remote address [10.8.0.1] and --ifconfig address pair [10.8.0.6, 10.8.0.5] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn"
08:54 < mutsayu> still can't ping ;/
08:55 < mutsayu> and again in my logfile of server: RTNETLINK: Operation not omitted
08:55  * skyroveRR facepalms
08:55 < skyroveRR> That operation not permitted error is common, forget it.
08:56 < skyroveRR> I need to eat something, brb in about 30 mins, mutsayu. Till then, google is your friend.
08:57 < mutsayu> skyroveRR: I am googling my ass off, even tho you're here eiter to help me
09:05 -!- dmilith is now known as dmilith2
09:10 -!- dmilith2 is now known as dmilith
09:12 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:15 -!- arunpyasi [~arunpyasi@45.123.222.25] has joined #openvpn
09:18 < skyroveRR> mutsayu: back.
09:19 < skyroveRR> Which DNS server are you using in server.conf and client.conf right now?
09:20 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
09:21 < mutsayu> 10.8.0.1
09:21 < mutsayu> on both
09:21 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:21 < mutsayu> lol
09:21 < mutsayu> that can't ... right?
09:22 < mutsayu> client should be other DNS than server, or not?
09:22 < skyroveRR> Start up the server, then the client, and try pinging 8.8.8.8 and those two DNS servers mentioned in the resolv.conf file.
09:24 < mutsayu> yup, I can ping all 3
09:24 < mutsayu> the 2 dns in /etc/resolv.conf and 8.8.8.8
09:25 < skyroveRR> Ok, both, in the server, and the client, replace 10.8.0.1 with 8.8.8.8. Then restart serv/client, and ping google.com.
09:27 < mutsayu> still nothing, can't ping
09:27 < mutsayu> with dns 8.8.8.8 on both
09:27 < skyroveRR> Remove "local" from that redirect-gateway parameter.
09:28 < mutsayu> still nothing
09:31 < skyroveRR> paste server/client conf files again..
09:31 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 252 seconds]
09:32 < mutsayu> skyroveRR: I'm packing up and going home (was at a bro as I told ya), I'm back within an hour or so.
09:32 < mutsayu> I will pass you the conf now
09:32 < mutsayu> but then I g2g, kay
09:32 < mutsayu> skyroveRR: /etc/openvpn/client.conf -> https://ptpb.pw/ANKp.conf || /etc/openvpn/server.conf -> https://ptpb.pw/9R4-.conf
09:33 < mutsayu> okay, brb :)
09:33 -!- mutsayu [~muts@546A0A99.cm-12-3a.dynamic.ziggo.nl] has left #openvpn ["WeeChat 1.3"]
09:35 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
09:51 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has joined #openvpn
09:51 < mutsayu> skyroveRR: back, for 25 min. Then I'll be gone for 20 mins, max. Found anything yet?
09:55 -!- albech [~Thunderbi@188-179-157-194-static.dk.customer.tdc.net] has quit [Quit: albech]
10:00 < skyroveRR> mutsayu: delete all the comments, if you can. This comments stuff is confusing to me.
10:00 < skyroveRR> Then repaste them.
10:00 < mutsayu> kay
10:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
10:02 -!- Tinyyy [~textual@128.199.100.211] has joined #openvpn
10:04 < mutsayu> skyroveRR: /etc/openvpn/server.conf -> https://ptpb.pw/sqO1.conf || /etc/openvpn/client.conf -> https://ptpb.pw/RQe8.conf
10:06 < skyroveRR> Uncomment "user nobody" and "group nobody".
10:06 < skyroveRR> Oh wait...
10:06 < skyroveRR> Nvm, let it be as it is.
10:07 < skyroveRR> Add this to client.conf: ifconfig 10.8.0.6 255.255.255.0
10:09 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 264 seconds]
10:09 < skyroveRR> Remove the "nobind" option in client.conf.
10:09 < mutsayu> oooo
10:09 < mutsayu> ye
10:09 < mutsayu> can ping google.com now
10:09 < mutsayu> but my internet is laggy as helllll
10:09 < mutsayu> can't visit a site tho'
10:09 < mutsayu> can I just comment it out?
10:10 < skyroveRR> Just remove it. Tidy up that file.
10:10 < skyroveRR> And remove all the other commented options as well.
10:10 < mutsayu> TCP/UDP: Socket bind failed on local address [undef]: Address already in use
10:10 < skyroveRR> And remove the spaces between the options. You've got a load of spaces.
10:10 < mutsayu> when running client
10:11 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
10:11 < skyroveRR> You didn't kill the client.
10:13 < mutsayu> how can I kill it? cos ... can;t find it with ps -A
10:13 < skyroveRR> "killall openvpn", although that kills the server as well... ;)
10:14 < mutsayu> "no process found"
10:14 < mutsayu> and when rerunning, still got the error msg
10:14 < skyroveRR> ps -e | grep open
10:15 < mutsayu> nothing
10:15 < skyroveRR> Ok.
10:15 < skyroveRR> First start the server only.
10:15 < skyroveRR> Do you see any errors?
10:16 < mutsayu> nope
10:16 < skyroveRR> Oh..
10:16 < skyroveRR> Reinsert the nobind option in client.
10:16 < skyroveRR> Strange... I don't use the nobind option and it works for me ;)
10:17 < mutsayu> well we have the DNS now at 8.8.8.8
10:18 < mutsayu> idk if that has something to do with it
10:18 < mutsayu> but yeah, when I run it, I can ping google.com
10:18 < hydrajump> hi I have an odd issue. My openvpn server and client configs **work** great except when I add the same `tls cipher SSL3_GET_CLIENT_HELLO:no shared cipher
10:18 < skyroveRR> Nope.
10:18 < hydrajump> opps
10:18 < mutsayu> but still can't visit a website
10:18 < skyroveRR> Can you ping yahoo.com?
10:18 < hydrajump> the same tls-cipher setting to the server and client, e.g. `tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256`
10:18 < mutsayu> yup
10:19 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:19 < hydrajump> I get the following error "SSL3_GET_CLIENT_HELLO:no shared cipher "
10:19 < skyroveRR> Paste the ping output of 5 pings each of both the domains.
10:19 < mutsayu> okay, but I that in 20 mins
10:19 < mutsayu> got to eat
10:19 < mutsayu> brb [;
10:19 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has left #openvpn ["WeeChat 1.3"]
10:19 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
10:20 < skyroveRR> hydrajump: which openssl versions do the server and the client run?
10:23 < hydrajump> skyroveRR: server OpenSSL 1.0.1e and client openssl 1.0.2d
10:23 < hydrajump> i've checked openvpn --show-ciphers and --show-tls and the ciphers I'm setting are listed
10:24 < skyroveRR> Are you sure?
10:24 < hydrajump> that the ciphers are listed?
10:24 < skyroveRR> Yeah.
10:25 < hydrajump> I can double check
10:26 < skyroveRR> hydrajump: btw, you have to run it on OPENSSL, not openvpn. And those versions of openssl are far apart.
10:26 < hydrajump> skyroveRR: yeah just confirmed both tls-ciphers are listed on server and client
10:26 < hydrajump> oh
10:27 < hydrajump> ok let me check there as well
10:29 < hydrajump> skyroveRR: yep with openssl the ciphers are just named differently, e.g. DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256
10:29 < hydrajump> I've tried using those names instead but still doesn't work when I explicitly define `tls-ciphers`
10:30 < skyroveRR> Can you upgrade server's openssl library to match those of the client then? Or just use some other cipher, like CBC. No need for elliptic curves unless you are really paranoid.
10:32 < hydrajump> skyroveRR: Those ciphers I listed above are not using ECDHE
10:33 < skyroveRR> I guess that's because the older version of openssl on your server doesn't support it.
10:33 < skyroveRR> Or is named differently.
10:33 < skyroveRR> So, upgrade or use some other cipher.
10:33 < skyroveRR> Really simple.
10:36 < hydrajump> yeah sounds like the server is where the issue lies. unfortunately the server is running on a ubnt edgemax router and it's already running the latest firmware version. Upgrading just openssl to a newer version doesn't seem to be easily supported although I'm still waiting for a reply on that.
10:40 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:40 -!- ruhrdolf [ruhrdolf@gateway/vpn/mullvad/x-xqswwfgdscmuoegh] has quit [Quit: leaving]
10:47 -!- Tinyyy [~textual@128.199.100.211] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:59 -!- arunpyasi [~arunpyasi@45.123.222.25] has quit [Ping timeout: 250 seconds]
11:07 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-xkhoekochdzcsbxa] has quit [Quit: WeeChat 1.2]
11:25 -!- mutsayu_ [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has joined #openvpn
11:26 < mutsayu_> skyroveRR: hey, sorry that I'm a bit later than said. Had to shower, got delayed a bit
11:26 < skyroveRR> Hello :)
11:26 < mutsayu_> here are the ping results --> https://ptpb.pw/9A3a
11:27 < skyroveRR> You aren't getting any replies?
11:28 < skyroveRR> I mean, ping replies?
11:30 -!- dothak [32c72154@gateway/web/freenode/ip.50.199.33.84] has joined #openvpn
11:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
11:30 < dothak> I've been following this guide: https://community.openvpn.net/openvpn/wiki/RoutedLans to be able to have the ovpn server communicate to the client lan, but I'm not having any luck
11:30 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
11:32 < mutsayu_> skyroveRR: nope
11:32 < mutsayu_> but I can ping lol. So we're a step further then before.
11:33 < skyroveRR> mutsayu_: are you getting replies from 8.8.8.8?
11:34 < mutsayu_> nope
11:35 < skyroveRR> How are you connecting to the internet? Through a wifi router?
11:35 -!- dothak [32c72154@gateway/web/freenode/ip.50.199.33.84] has quit [Quit: Page closed]
11:35 < mutsayu_> through wifi ye
11:35 < mutsayu_> no lan
11:35 < skyroveRR> Paste your iptables-save output.
11:36 -!- grawity [grawity@virgule.cluenet.org] has joined #openvpn
11:37 < mutsayu_> got nothing as output lol
11:37 < mutsayu_> not even as sudo
11:37 < mutsayu_> anyway
11:37 < skyroveRR> What..
11:37 < mutsayu_> idkkkkk
11:37 < skyroveRR> You don't have ANY firewall rule?
11:37 < mutsayu_> but
11:38 < mutsayu_> I just restarted tho
11:38 < skyroveRR> Definitely your firewall then :D
11:38 < mutsayu_> prob
11:38 < mutsayu_> btw
11:38 < mutsayu_> when running the server/client it makes in my home folder openvn-status.log
11:38 < mutsayu_> openvpn-status.log
11:39 < skyroveRR> You can comment out the status option, if you don't want it.
11:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:40 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
11:40 < mutsayu_> also I once did send output with ">>" to ipp.txt but now it makes it everytime
11:40 < mutsayu_> in my home
11:40 < skyroveRR> ipp.txt?
11:40 < mutsayu_> when talking to you
11:40 < mutsayu_> I once send a certain output to ipp.txt and then I coud paste it to ptpb
11:40 < mutsayu_> and send it to you
11:40 < skyroveRR> Oh
11:41 < skyroveRR> If you don't have a firewall rule, you won't be able to access the internet or other stuff.
11:42 < mutsayu_> but how can I undo this?
11:42 < mutsayu_> makes it everytime now
11:42 < mutsayu_> I did set it tho
11:42 < mutsayu_> ufw allow out 1194/udp
11:42 < mutsayu_> ufw allow in 1194/udp
11:42 < mutsayu_> but prob not permanent?
11:42 < skyroveRR> I use plain iptables, so I wouldn't know.
11:42 < skyroveRR> But I guess those two are sufficient.
11:43 < mutsayu_> so ok
11:43 < mutsayu_> I haven't set the ufw right now
11:43 < mutsayu_> what to do now
11:43 < mutsayu_> cos it's maybe something with firewall
11:43 < mutsayu_> maybe..
11:44 < skyroveRR> You don't have ANY rules... IDK how you can do anything without rules :D
11:45 < skyroveRR> Run these three basic commands: iptables -P FORWARD ACCEPT; iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT.
11:45 < skyroveRR> And then, the MASQUERADE rule that we discussed about.
11:47 < mutsayu_> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlp3s0 -j MASQUERADE?
11:47 < skyroveRR> Yup.
11:47 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
11:48 < mutsayu_> skyroveRR: iptables-save -> https://ptpb.pw/Kq66
11:48 < skyroveRR> Now can you ping?
11:49 < skyroveRR> And get replies?
11:50 < mutsayu_> nope
11:50 < mutsayu_> still no replies
11:50 < mutsayu_> iptables are good tho?
11:50 < skyroveRR> Yup.
11:51 < skyroveRR> Your only issue now is the firewall. You've got a working VPN. Checkout ufw/iptables. :)
11:52 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
11:52 < mutsayu_> well what to do?
11:52 < skyroveRR> Learn about firewall :)
11:53 < skyroveRR> You are using arch linux, right? :D
11:53 < mutsayu_> ye
11:53 < skyroveRR> It's got a wiki. Check it out.
11:55 < mutsayu_> iknow
11:55 < mutsayu_> but for..
11:55 < mutsayu_> what
11:55 < mutsayu_> ufw/iptables?
11:55 < skyroveRR> iptables...
11:55 < skyroveRR> Or ufw..
11:55 < skyroveRR> Whichever you like
11:55 < mutsayu_> whats the dif? o.o
11:56 < skyroveRR> That's where google comes in.
11:56 < mutsayu_> alrighty I'll check
11:59 < skyroveRR> mutsayu_: I'll go to bed. ttyl.
12:01 < mutsayu_> skyroveRR: yeah sure! thanks mate for the help
12:02 < mutsayu_> appreciated!
13:01 -!- mutsayu_ [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has quit [Read error: Connection reset by peer]
13:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
13:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:42 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
13:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
13:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:52 -!- MikeH__ [~mystica55@97-118-103-210.hlrn.qwest.net] has joined #openvpn
13:55 -!- mystica555_ [~mystica55@97-118-174-238.hlrn.qwest.net] has quit [Ping timeout: 264 seconds]
14:00 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
14:03 -!- MikeH__ is now known as mystica555
14:08 -!- vrs [~vrs@unaffiliated/vrs] has joined #openvpn
14:09 < vrs> is it possible to bring up the tun interface in a specific netns? I can of course move it there but it will lose all configuration
14:10 < vrs> (I would also like to push the routes to only that netns afterwards)
14:13 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:17 < vrs> hm well I suppose I could run an up script and set ip/gw accordingly
14:18 -!- arunpyasi [~arunpyasi@45.123.223.146] has joined #openvpn
14:34 < vrs> also, can I set a custom ip2 path?
14:43 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:49 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
14:49 < vrs> ahh --iproute
15:00 -!- u0m3 [~u0m3@92.80.76.6] has joined #openvpn
15:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
15:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
15:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:15 -!- nullsign is now known as OS-17344
15:27 -!- u0m3 [~u0m3@92.80.76.6] has quit [Quit: Leaving]
15:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
15:38 -!- Alamode [~Alamode@116-245-47-212.rev.cloud.scaleway.com] has quit [Ping timeout: 246 seconds]
15:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:52 -!- jesopo [jess@lolnerd.net] has quit [Quit: et nos unum sumus]
16:06 -!- madmattco [~quassel@198.251.81.102] has quit [Ping timeout: 272 seconds]
16:07 -!- madmattco [~quassel@198.251.81.102] has joined #openvpn
16:11 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 255 seconds]
16:14 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
16:16 -!- tapout [~tapout@unaffiliated/tapout] has quit [Quit: ZNC - http://znc.sourceforge.net]
16:25 -!- Denial- [~Denial@host31-54-231-10.range31-54.btcentralplus.com] has joined #openvpn
16:27 -!- Denial [~Denial@host31-54-231-10.range31-54.btcentralplus.com] has quit [Ping timeout: 250 seconds]
16:32 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
16:33 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
16:39 -!- vrs [~vrs@unaffiliated/vrs] has left #openvpn ["WeeChat 1.2"]
16:53 -!- OS-17344 is now known as nullsign
17:00 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has quit [Quit: pipeworkin' it]
17:00 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
17:03 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
17:16 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
17:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Client Quit]
17:21 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
17:24 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 246 seconds]
17:36 -!- nullsign is now known as OS-17344
17:37 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
17:38 -!- huxflux [~fluffy@217.115.47.228] has joined #openvpn
17:42 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 264 seconds]
17:42 -!- n1cky [~sielicki@nicky.io] has left #openvpn []
17:47 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:57 -!- pzduniak [~pzduniak@cloudrack.io] has joined #openvpn
17:58 < pzduniak> hey, could someone tell me how can i set up routes so that only 10.0.0.0/8 gets NAT'd through OpenVPN?
17:58 < pzduniak> previously i just set up routes on server + clients, but now i can't touch the clients
18:02 < pzduniak> push "route 10.1.0.0 255.255.0.0"
18:02 < pzduniak> iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE
18:03 < pzduniak> network i want to "route" to is 10.1.0.0/16
18:03 < pzduniak> and the vpn network is 172.16.0.0/24
18:04 < pzduniak> !linnat
18:04 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
18:36 -!- pzduniak is now known as zz_pzduniak
19:06 -!- pipecloud [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
19:07 -!- arunpyasi [~arunpyasi@45.123.223.146] has quit [Read error: Connection reset by peer]
19:08 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has quit [Quit: pipeworkin' it]
19:08 -!- pipecloud is now known as pipework
19:13 -!- pipecloud [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
19:14 -!- OS-17344 is now known as nullsign
19:18 -!- Haigha is now known as xalice
19:20 -!- pipecloud [~pipework@unaffiliated/spaceghostc2c] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
19:23 -!- hennos [~midas8@167.160.44.234] has quit [Quit: Leaving]
19:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
19:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:13 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
20:16 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has joined #openvpn
20:18 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has quit [Client Quit]
20:22 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has joined #openvpn
20:28 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Remote host closed the connection]
20:30 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
20:31 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has joined #openvpn
20:33 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has quit [Client Quit]
20:35 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has joined #openvpn
20:59 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 255 seconds]
21:02 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
21:11 -!- huxflux [~fluffy@217.115.47.228] has quit [Remote host closed the connection]
21:11 -!- huxflux [~fluffy@217.115.47.228] has joined #openvpn
21:12 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
21:13 -!- APTX_ [~APTX@unaffiliated/aptx] has joined #openvpn
21:14 -!- MogDog66 [MogDog@unaffiliated/mogdog66] has joined #openvpn
21:16 -!- Netsplit *.net <-> *.split quits: Neal_, ShapeShifter499, WinstonSmith, jzaw, APTX, julie_harshaw, zamber, MogDog, Haseo, leandrosansilva,  (+4 more, use /NETSPLIT to show all of them)
21:16 -!- MogDog66 is now known as MogDog
21:16 -!- Netsplit over, joins: Jeroen, Haseo
21:18 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
21:19 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
21:24 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
21:25 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
21:25 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
21:26 -!- huxflux [~fluffy@217.115.47.228] has quit [Ping timeout: 264 seconds]
21:32 -!- sh1rtybird [~quassel@beepbeep.serverpit.com] has joined #openvpn
21:33 -!- MogDog66 [MogDog@unaffiliated/mogdog66] has joined #openvpn
21:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 272 seconds]
21:35 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 272 seconds]
21:35 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 272 seconds]
21:35 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 272 seconds]
21:35 -!- c|oneman [cloneman@209.141.58.70] has quit [Ping timeout: 272 seconds]
21:35 -!- EmperorTom [~EmperorTo@oreo.blissfulidiot.com] has quit [Ping timeout: 272 seconds]
21:35 -!- Gwoplock [~quassel@104.56.172.189] has quit [Read error: Connection reset by peer]
21:35 -!- CGML [~CGML@unaffiliated/cgml] has quit [Ping timeout: 272 seconds]
21:35 -!- MogDog66 is now known as MogDog
21:36 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
21:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Quit: sigsts]
21:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
21:46 -!- huxflux [~fluffy@185.86.106.169] has joined #openvpn
21:51 < IronY> xit
21:51 -!- Zimsky-- [~alice@unaffiliated/zimsky] has joined #openvpn
21:58 -!- Netsplit *.net <-> *.split quits: Reventlov, skyroveRR, Zimsky
22:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Quit: sigsts]
22:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:03 -!- Netsplit over, joins: Reventlov
22:03 -!- huxflux [~fluffy@185.86.106.169] has quit [Remote host closed the connection]
22:06 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
22:06 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
22:08 -!- themayor [~themayor@unaffiliated/themayor] has quit [Ping timeout: 265 seconds]
22:08 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 265 seconds]
22:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:09 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 265 seconds]
22:09 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 265 seconds]
22:10 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 265 seconds]
22:10 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 265 seconds]
22:10 -!- blackjack [~BJ@unaffiliated/blackjack] has quit [Ping timeout: 265 seconds]
22:10 -!- typ [~quassel@unaffiliated/typ] has quit [Ping timeout: 265 seconds]
22:10 -!- grawity [grawity@virgule.cluenet.org] has quit [Ping timeout: 265 seconds]
22:11 -!- grawity [grawity@virgule.cluenet.org] has joined #openvpn
22:12 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
22:15 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
22:15 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
22:15 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
22:15 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
22:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
22:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:42 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
23:30 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
23:31 -!- zamber [~zamber@dynamic-78-8-43-51.ssp.dialog.net.pl] has joined #openvpn
23:39 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
23:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:44 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 264 seconds]
23:46 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
23:47 -!- ShadniX [dagger@p5481CD7F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:47 -!- ShadniX [dagger@p5DDFC5C6.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Sep 07 2015
00:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
00:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:08 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has quit [K-Lined]
00:08 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [K-Lined]
00:09 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
00:10 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
00:19 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:34 -!- mode/#openvpn [+o mattock1] by ChanServ
01:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:13 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:20 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
01:23 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 252 seconds]
01:24 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
01:51 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
01:53 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-xbprfoawwnziojjx] has joined #openvpn
01:54 < mjkr> can I transmit jumbo frames over openvpn?
01:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
01:54 < mjkr> say, a 9000-sized ip payload
01:54 < mjkr> transmitted over a openvpn tunnel
01:55 < mjkr> which runs over a normal ethernet link
01:55 -!- zamber [~zamber@dynamic-78-8-43-51.ssp.dialog.net.pl] has quit [Ping timeout: 244 seconds]
01:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
01:58 -!- tapout_ [~tapout@unaffiliated/tapout] has joined #openvpn
02:02 -!- zamber [~zamber@78.9.6.84] has joined #openvpn
02:03 -!- tapout_ [~tapout@unaffiliated/tapout] has quit [Remote host closed the connection]
02:03 -!- tapout_ [~tapout@unaffiliated/tapout] has joined #openvpn
02:17 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
02:32 < mjkr> is it possible to tell the openvpn server to use a specific tun device?
02:35 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 250 seconds]
02:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
02:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:48 -!- hojgaard [~hojgaard@78.156.117.236] has quit [Remote host closed the connection]
02:50 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:10 -!- Panther_1 [~rherold@messaging.insecure.pw] has joined #openvpn
03:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
03:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:19 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Remote host closed the connection]
03:23 -!- elch [~elch@gubbel.zuhause.ff02.net] has joined #openvpn
03:24 < Panther_1> hi is there a known issue with openvpn 2.3.8 and port-share? I have an open vpn tcp running on *:4443 and  have configured a port share port-share 127.0.0.1 445 there is an apache running with ssl. If I connect directly to the apache no Problem. If I want do it via openvpn I got "WARNING: Bad encapsulated packet length from peer..." an an ssl error message in the browser: ssl_error_rx_record_too_long
03:25 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
03:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:30 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 260 seconds]
03:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
03:36 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
03:36 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
03:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:52 -!- x5eb is now known as _0x5eb_
04:06 -!- iNs [~ins@85.17.164.26] has joined #openvpn
04:08 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
04:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
04:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:35 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
04:38 -!- fling [~fling@fsf/member/fling] has joined #openvpn
04:40 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
04:40 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has joined #openvpn
04:40 < leandrosansilva> Hello to all. Does openvpn suport DTLS?
04:41 < leandrosansilva> What does it use for TLS when using UDP?
04:41 < mjkr> nope
04:42 < mjkr> dtls isn't secure when it comes to disconnect
04:42 < mjkr> much like tcp rst
04:42 < mjkr> I would imagine the protocol's simply encapsulating packets with udp instead of tcp
04:42 < mjkr> with some minimal retransmission
04:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
04:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:44 < leandrosansilva> So what happens if I am using tls certificates and all stuff over a udp connection?
04:46 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
04:49 < elch> mjkr, out of interest, what is insecure in dtls disconnects?
04:50 < leandrosansilva> Is here any performance/reliability issue with UDP communication happening over a TCP vpn connection?
04:52 < mjkr> elch: if I know one dtls endpoing, then I can just flood that endpoint with faked disconnect msg
04:52 < mjkr> with tls you can drop the rst packets
04:53 < mjkr> with dtls if you wanna drop these packets you will have to drop the entire dtls tunnel
04:53 < mjkr> so, if you want something after the design of dtls
04:53 < mjkr> negotiate the control channel over tls
04:54 < mjkr> then move the data channel to dtls
04:54 < mjkr> tunnel termination would be on tls
04:54 < mjkr> not dtls
04:54 < elch> mjkr: does that mean i would have to drop every tcp reset packet?
04:54 < mjkr> yep
04:54 < mjkr> tcp rsts aren't normal
04:54 < mjkr> properly implemented tls doesn't need tcp rst
04:55 < elch> makes sense
04:55 < mjkr> so in the end
04:55 < mjkr> it's something not quite unlike cisco's anyconnect
04:55 < mjkr> or ocserv
04:58 < Panther_1> so reopen the ticket 336 same problem here
04:59 < mjkr> thus, pptp in the end's got the best protocol design when it comes to resilience
04:59 < mjkr> you can do eap-tls over the tcp channel
04:59 < mjkr> while the actual tunnel's in gre-ppp
04:59 < mjkr> no tcp meltdwon woes
04:59 < mjkr> just that it needs some nat helper
05:00 < mjkr> and msft picked the wrong crypto
05:00 < mjkr> ip over tcp is only fine for a few select applications
05:01 < mjkr> and we expect a proper vpn protocol to be able to recognize this
05:01 < mjkr> along with the separation of the data plane and the control plane
05:03 < mjkr> at this stage,it's best that all control packets be sent over a tls tunnel
05:03 < mjkr> preferably with tcp authenticated options
05:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
05:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
05:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
05:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
05:52 -!- NEone [~theuser@unaffiliated/neone] has joined #openvpn
05:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:56 < NEone> Hello. Old situation: I used the Ubuntu 14.04. default repo for openvpn, therefor had openvpn 2.3.x (I think 2.3.6.). Was able to use sudo /etc/init.d/openvpn start <name-of-config> . Now I added the openvpn community PPA, therefor have 2.3.8. The mentioned command doesn't work anymore. Error complains about not able to enter user/pass on commandline. How to make that command work again? Need to change the script in /etc/init.d/openvpn ?
06:00 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 250 seconds]
06:04 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
06:23 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
06:28 < NEone> How to get rid of that "cannot get password from stdin" error? I don't know where to add a "--askpass" option, because it's handled by Ubuntu's init.d scripts.
06:33 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:41 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
06:45 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
06:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:52 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
07:01 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:01 <@plaisthos> !android
07:01 <@vpnHelper> "android" is (#1) available as OpenVPN for Android as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html or (#2) Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android or (#3) Old (pre-ICS) device? See !android-old
07:10 -!- NEone [~theuser@unaffiliated/neone] has left #openvpn ["Leaving"]
07:11 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
07:22 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
07:33 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:34 -!- dmilith is now known as dmilith2
07:35 < hydrajump> hi what's the reason for getting this in my server logs "Bad LZO decompression header byte: 69"
07:35 < hydrajump> I have comp-lzo configured on the server as well as pushing that setting to my clients with --push comp-lzo
07:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
07:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:41 -!- willeponken [~willeponk@2a03:b0c0:2:d0::1c0:f003] has joined #openvpn
07:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
07:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
07:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:45 < hydrajump> !lzo
07:46 < hydrajump> !compression
07:46 < hydrajump> !lzo-comp
07:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:04 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
08:05 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
08:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
08:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
08:27 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-xbprfoawwnziojjx] has quit [Quit: WeeChat 1.2]
08:37 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 260 seconds]
08:58 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 252 seconds]
09:05 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
09:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
09:10 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
09:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
09:33 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
09:34 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
09:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
09:37 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
09:39 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
09:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
09:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:48 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
09:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
09:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:00 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
10:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
10:07 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:08 -!- hennos [~midas8@167.160.44.234] has joined #openvpn
10:14 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
10:18 -!- shiriru [~shiriru@46.10.57.27] has joined #openvpn
10:19 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:23 -!- u0m3 [~u0m3@92.80.76.6] has joined #openvpn
10:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
10:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
10:33 -!- devtea [~tdreyer1@unaffiliated/tdreyer1] has joined #openvpn
10:34 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
10:39 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 240 seconds]
10:42 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 246 seconds]
10:45 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 240 seconds]
10:48 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
10:48 -!- Tinyyy [~textual@175.156.229.37] has joined #openvpn
10:57 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
10:59 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:00 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 246 seconds]
11:03 -!- u0m3 [~u0m3@92.80.76.6] has quit [Ping timeout: 255 seconds]
11:06 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Remote host closed the connection]
11:06 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
11:18 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
11:29 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 260 seconds]
11:30 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has joined #openvpn
11:31 -!- shiriru [~shiriru@46.10.57.27] has quit [Quit: Leaving]
11:41 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
11:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
11:45 -!- u0m3 [~u0m3@92.80.92.123] has joined #openvpn
11:46 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
11:47 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:50 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 244 seconds]
11:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:55 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
12:02 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
12:05 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
12:18 -!- moriko [~moriko@92.251.51.186] has joined #openvpn
12:28 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:28 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bdyzkuoskttwckvw] has joined #openvpn
12:35 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
12:35 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
12:39 -!- moriko [~moriko@92.251.51.186] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:44 -!- fenris_kcf [~fenris@p549BCAA7.dip0.t-ipconnect.de] has joined #openvpn
12:46 < fenris_kcf> hy. for making the broadcast work the clients have to add a route like "route add 255.255.255.255 dev tap0". is there a way to configure a network-manager-connection for OpenVPN such that it does that on connect?
12:47 -!- joako [~joako@opensuse/member/joak0] has quit [Quit: quit]
12:48 < fenris_kcf> (there is "routs" in the ipv4-settings-tab; i guess that's the place. but i don't know what to enter for "gateway" and "metric")
12:51 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
12:51 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
12:51 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:58 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
13:12 -!- Alamode [Alamode@2600:3c00::f03c:91ff:fe73:4dbf] has joined #openvpn
13:17 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
13:18 -!- dothak [442531e5@gateway/web/freenode/ip.68.37.49.229] has joined #openvpn
13:19 < dothak> Hello, I'm trying to route between two different lans with openvpn, and I'm having issues.
13:19 < dothak> !configs
13:19 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:21 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
13:24 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 250 seconds]
13:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
13:27 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
13:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:29 -!- grawity [grawity@virgule.cluenet.org] has left #openvpn []
13:30 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
13:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
13:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:37 < hydrajump> .buffer 13
13:37 < hydrajump> .buffer 13
13:37 < hydrajump> opps
13:41 -!- Rega [snowblind@gateway/shell/blinkenshell.org/x-mkaxtrvcddrfbqbd] has joined #openvpn
13:41 < Rega> hello there
13:41 < Rega> using openvpn on kali machine... anyone know how I can turn off nat so I can use the public IP straight into the box?
13:42 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
13:42 < Rega> debian
13:49 -!- Alamode [Alamode@2600:3c00::f03c:91ff:fe73:4dbf] has quit [Quit: WeeChat 0.4.2]
13:51 < Rega> anyone
13:52 < fenris_kcf> Rega: i don't see what that has to do with OpenVPN
13:53 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
13:56 < Rega> fenris_kcf: I am using openvpn interface on kali?
13:56 < Rega> nat is occuring on that interface
13:57 < fenris_kcf> guess i can't help, since i still don't get it
14:03 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:04 -!- Tinyyy [~textual@175.156.229.37] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:04 -!- Tinyyy [~textual@175.156.229.37] has joined #openvpn
14:05 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 260 seconds]
14:07 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Client Quit]
14:12 -!- Tinyyy [~textual@175.156.229.37] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:15 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:19 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
14:21 -!- Rega [snowblind@gateway/shell/blinkenshell.org/x-mkaxtrvcddrfbqbd] has quit [Quit: Lost terminal]
14:24 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:25 < flyingkiwi> dothak, what kind of ussies?
14:25 < flyingkiwi> *issues
14:30 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
14:33 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
14:37 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Remote host closed the connection]
14:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
14:48 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
15:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:55 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
15:59 -!- fenris_kcf [~fenris@p549BCAA7.dip0.t-ipconnect.de] has quit [Remote host closed the connection]
16:00 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
16:03 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
16:06 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:09 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
16:10 -!- Panther_1 [~rherold@messaging.insecure.pw] has left #openvpn ["Verlassend"]
16:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
16:25 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has joined #openvpn
16:25 < Moonlightning> What's this down-root thing? It's a useflag on Gentoo and Google isn't being too helpful about it
16:42 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
16:42 -!- mode/#openvpn [+o dazo_afk] by ChanServ
16:42 -!- dazo_afk is now known as dazo
16:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
16:47 -!- dothak [442531e5@gateway/web/freenode/ip.68.37.49.229] has quit [Ping timeout: 246 seconds]
16:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:57 < BtbN> down-root:net-misc/openvpn: Enable the down-root plugin
16:58 < BtbN> The first google hit for it seems quite self explanatory to me.
17:10 -!- Gwoplock [~quassel@104.56.172.189] has quit [Read error: Connection reset by peer]
17:14 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
17:25 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
17:30 -!- toli [~toli@ip-62-235-214-35.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:32 < Moonlightning> BtbN: yes, that's very helpful.
17:32 -!- toli [~toli@ip-83-134-71-173.dsl.scarlet.be] has joined #openvpn
17:32 < Moonlightning> The question is, what is the down-root plugin?
17:33 < Moonlightning> …huh, apparently I didn't google it right.
17:33 < Moonlightning> Never mind.
17:38 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 268 seconds]
17:42 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 255 seconds]
17:55 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
18:00 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 265 seconds]
18:09 -!- mccajm [~mccajm@unaffilated/academy] has joined #openvpn
18:09 < mccajm> I'm setting up a tunnel across two ADSL lines to bond them. The tunnel endpoint has 1 IP.  Can anyone think of a way to direct the second arm of the tunnel via gw2? All I can think of is putting a static NAT on gw2 from an internal IP to the external one, but that might cause issues with the tunnel.
18:22 -!- mccajm [~mccajm@unaffilated/academy] has quit [Quit: Leaving...]
18:50 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 240 seconds]
18:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
18:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
19:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:30 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
19:32 -!- APTX_ [~APTX@unaffiliated/aptx] has quit [Ping timeout: 246 seconds]
19:34 -!- hennos [~midas8@167.160.44.234] has quit [Quit: Leaving]
19:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
19:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:10 -!- frank-- [1000@unaffiliated/thumbs] has joined #openvpn
20:10 -!- thumbs [1000@unaffiliated/thumbs] has quit [Killed (asimov.freenode.net (Nickname regained by services))]
20:10 -!- frank-- is now known as thumbs
20:13 -!- JackWinter_ [~jack@vodsl-10287.vo.lu] has joined #openvpn
20:13 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Write error: Broken pipe]
20:13 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has quit [Write error: Broken pipe]
20:28 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
20:37 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
20:39 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:49 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
21:54 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
21:57 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
22:02 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bdyzkuoskttwckvw] has quit [Quit: Connection closed for inactivity]
22:14 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
22:28 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Read error: Connection reset by peer]
22:48 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-udfuhurayfvrhzsj] has joined #openvpn
23:13 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
23:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:23 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 246 seconds]
23:35 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
23:40 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 256 seconds]
23:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
23:47 -!- ShadniX [dagger@p5DDFC5C6.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:48 -!- ShadniX [dagger@p579413A7.dip0.t-ipconnect.de] has joined #openvpn
23:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:56 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
--- Day changed Tue Sep 08 2015
00:02 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
00:03 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
00:14 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
00:20 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 255 seconds]
00:22 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
00:26 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
00:26 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 264 seconds]
00:38 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
00:42 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 260 seconds]
00:45 -!- Cust0sLim3n [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
00:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:46 -!- mode/#openvpn [+o mattock1] by ChanServ
00:48 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:52 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:52 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-udfuhurayfvrhzsj] has quit [Quit: Connection closed for inactivity]
01:41 -!- themayor [~themayor@unaffiliated/themayor] has quit [Quit: ZNC - http://znc.in]
01:51 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
01:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:56 < leandrosansilva> Hello to all. Is it possible to make an openvpn server refuse a user connection, even if everything is correct (user/passwd/certificate) using some "cmd" style option? What I aim to achieve is a kind of load balancing where I have several instances of openvpn on the server (each one on a different port but identical on the rest) and the clients have a remote entry for each of them, and...
01:56 < leandrosansilva> ...iterate connecting on each of them until find one that accepts this connection. I want to do that this way to make the accepting rules more flexible by using an external command. Sounds nonsense? Any better way of achieving similar results?
01:59 < subzero79> leandrosansilva, you can use the management console
02:00 < subzero79> you can force disconnect of clients, never use it but it has some commands to do that
02:01 < subzero79> Put this directive in server "management localhost 7505" then log into with telnet localhost 7505
02:11 < leandrosansilva> subzero79: thx, I'll check that out.
02:23 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
02:24 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
02:58 -!- johnny56_ is now known as johnny56
03:08 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
03:17 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:18 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
03:22 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
03:22 -!- mode/#openvpn [+o dazo_afk] by ChanServ
03:22 -!- dazo_afk is now known as dazo
03:24 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
03:29 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 244 seconds]
03:34 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
03:34 -!- mode/#openvpn [+o dazo_afk] by ChanServ
03:34 -!- dazo_afk is now known as dazo
03:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
03:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:22 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 240 seconds]
04:57 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 252 seconds]
05:00 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
05:10 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
05:11 -!- mode/#openvpn [+o dazo_afk] by ChanServ
05:11 -!- dazo_afk is now known as dazo
05:15 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 240 seconds]
05:22 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
05:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
05:47 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
06:07 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has joined #openvpn
06:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
06:34 -!- thumbs [1000@unaffiliated/thumbs] has quit [Quit: Reconnecting]
06:35 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
06:36 -!- JackWinter_ [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
06:36 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Quit: leaving]
06:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:37 -!- thumbs [1000@unaffiliated/thumbs] has quit [Client Quit]
06:38 -!- frank- [1000@unaffiliated/thumbs] has joined #openvpn
06:38 -!- frank- is now known as thumbs
06:38 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
06:42 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 252 seconds]
06:50 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
06:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
07:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:20 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
07:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
07:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:01 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
08:04 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Quit: Bye]
08:05 -!- dothak [442531e5@gateway/web/freenode/ip.68.37.49.229] has joined #openvpn
08:05 < dothak> !configs
08:05 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
08:07 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
08:07 < dothak> I'm having trouble with my vpn configuration.  I have 2 vpn instances set up, one a server, the other the client.  I'm able to ping from the client to the server, but I am unable to ping from the server to the client (past the tunnel)
08:08 < dothak> I've looked at the routing doc, but Im still having issues
08:09 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
08:09 < dothak> !paste
08:09 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
08:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
08:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:12 < dothak> here is my config: https://gist.github.com/dothak/bc9dd51a0d0107f0509d
08:12 <@vpnHelper> Title: gist:bc9dd51a0d0107f0509d · GitHub (at gist.github.com)
08:12 < dothak> any guidance would be appreciated
08:16 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
08:20 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
08:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
08:29 -!- le0 [~le0@unaffiliated/le0] has quit [Read error: Connection reset by peer]
08:30 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
08:34 < dothak> anyone here?
08:35 <+esde> !rocks
08:35 <@vpnHelper> "rocks" is Nobody around but us rocks! Please go ahead and ask your question, and be patient - somebody helpful will eventually perk up.
08:35 < skyroveRR> Haha.
08:36 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
08:38 < dothak> haha, ok
08:38  * dothak sits patiently
08:38 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
08:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:58 < flyingkiwi> dothak, which addresses are you pinging? To/From 10.8.x.x or to those extra routes (10.0.1.0/24, 175.26.0.0/16)?
09:00 < flyingkiwi> Just asking because yesterday you said "Hello, I'm trying to route between two different lans with openvpn, and I'm having issues."
09:01 < dothak> from 10.0.0.0/24 I can ping 172.16.1.0/24
09:01 < dothak> I originally had a push route for 10.0.0.0/16, but quickly realized that was silly
09:02 -!- fugyk [~fugyk@ec2-52-74-78-173.ap-southeast-1.compute.amazonaws.com] has left #openvpn []
09:05 < flyingkiwi> 10.0.0.0/24? You mean 10.0.1.0/24?
09:06 < dothak> @flyingkiwi, I had both at one point.
09:08 < flyingkiwi> dothak Okay, just to clear things up: You can reach 172.16.1.0/24 from 10.0.1.0/24. Both networks are the networks *behind* the VPN client and VPN server, right? So your site2site is actual working.
09:08 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
09:09 < flyingkiwi> By saying "pinging client from server" do you mean the VPN client or a device in the network behind the client?
09:09 < dothak> both networks are behind the vpn client and server, I can ping the eth0 of the server, not the eth0 of the client
09:10 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:11 < dothak> and by 'pinging client from server', i mean the vpn client
09:12 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:15 -!- willeponken [~willeponk@2a03:b0c0:2:d0::1c0:f003] has quit [Quit: Bai]
09:20 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
09:23 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
09:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
09:44 < dothak> is it possible to have 2 vpn servers and push routes to each other?
09:44 < dothak> instead of client/server?
09:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:01 -!- wdn [~wdn@200.175.156.55.static.gvt.net.br] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:10 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
10:16 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has quit [Remote host closed the connection]
10:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:33 -!- rommel092079 [~rommel092@125.212.121.67] has joined #openvpn
10:33 -!- mode/#openvpn [+b *rommel*!*@*] by ChanServ
10:33 -!- rommel092079 was kicked from #openvpn by ChanServ [User is banned from this channel]
10:33 -!- dothak [442531e5@gateway/web/freenode/ip.68.37.49.229] has quit [Ping timeout: 246 seconds]
10:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
10:57 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:08 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
11:10 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
11:18 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
11:23 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 260 seconds]
11:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
11:50 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
11:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:53 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
11:57 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
12:00 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:02 -!- wdn [~wdn@200.175.156.55] has joined #openvpn
12:37 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
12:38 -!- Ayu121 [~Ayu@209.95.50.101] has joined #openvpn
12:39 < Ayu121> Hey guys, not sure if any of you can help me, but I have an issue I'm trying to resolve. I have 1.3gbps download and 400mbps upload. Bandwidth isn't part of the issue (I can assure you). I have an OpenVPN setup on a PFSense router with 128 bit encryption, and when I remote in using SMB, from a site that has similar speeds, I only get 600KB/s downloads, and 10% CPU utilization through PFSENSE console.
12:39 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has joined #openvpn
12:40 < Ayu121> I'm using UDP and TUN, but I can't seem to get it to cap out at higher speeds (which I know its capable of as I have it routing web traffic through a VPN which caps out at 10MB/s.
12:40 < mutsayu> skyroveRR: hey man. I was a bit dumb ;p never setup a VPN, but the dumb fault was that I setup the server on my own machine. Yeah that ain't gonna help. I host the server now at digital ocean.
12:40 < skyroveRR> Ah, ok..
12:40 < mutsayu> ahaha
12:41 < mutsayu> but yeah, now I try to figure out how I can use my vpn at home and at school.
12:41 < skyroveRR> But you'll still have to configure it on that.
12:41 < mutsayu> school blocks udp and 1194 port, so we use 334 and tcp
12:42 < skyroveRR> So hopefully they *might* help..
12:42 < mutsayu> they?
12:43 < mutsayu> as in... who?
12:43 < skyroveRR> The instructions.
12:43 < skyroveRR> You'll still have to setup the VPS on your digital ocean, no?
12:43 < mutsayu> yeah, but I got someone from my college who helped me [;
12:43 < mutsayu> got it fixed.
12:43 < skyroveRR> Ah, too bad.
12:44 < mutsayu> ah he was like; yeah just follow these instructions on this site and you'll be good for setup.
12:46 < skyroveRR> Did you actually learn anything by setting it up?
12:46 < mutsayu> yeah yeah, it was nice documentation. Just a docu from digital ocean itself.
12:46 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
12:47 < mutsayu> They explain why they execute certain commands. Which I like.
12:48 < mutsayu> but skyroveRR, now I am like... yeah I use at school gateway port 334, tcp connection and at the server I allow 443. How can I set this up on my own pc? how can I enable sorta... 334 tcp connection
12:49 < mutsayu> so I can use the vpn at home too, without having to re-configure?
12:50 < skyroveRR> lol.
12:50 < skyroveRR> That's your homework now.
12:51 < mutsayu> wha..?
12:52 < skyroveRR> Figure it out. HAH.
12:52 < Ayu121> Yay, he's onto helping ME now? :P
12:52 < mutsayu> :(
12:53 < skyroveRR> Ayu121: not likely.
12:53 < Ayu121> Crap :(
12:53 < Ayu121> http://www.reactiongifs.com/wp-content/uploads/2013/04/a-chance.gif
12:54 < skyroveRR> Ayu121: your server.conf, please.
12:54 < Ayu121> grabbing it now
12:54 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
12:58 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
13:00 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:05 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
13:06 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
13:06 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:12 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 268 seconds]
13:12 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:16 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 250 seconds]
13:17 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
13:18 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:22 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
13:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
13:24 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:27 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
13:29 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
13:30 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:31 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
13:32 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Ping timeout: 260 seconds]
13:32 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
13:35 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
13:36 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:40 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
13:40 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
13:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
13:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:42 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
13:43 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:43 -!- hennos [~midas8@167.160.44.234] has joined #openvpn
13:46 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has joined #openvpn
13:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
13:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:52 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:54 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
13:55 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:00 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 268 seconds]
14:01 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:05 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
14:07 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:11 <+esde> catsup: fix your connection please
14:11 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
14:11 <+esde> ofc
14:11 -!- hennos [~midas8@167.160.44.234] has quit [Quit: Leaving]
14:12 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
14:13 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:18 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
14:19 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:21 -!- atralheaven_ [~atralheav@151.238.5.48] has joined #openvpn
14:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
14:24 < atralheaven_> Hi, does OpenVPN protect the meta data from ISP? like the page address that has been visited
14:24 < Ayu121> Depends how you use it.
14:24 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:26 < Ayu121> If you mean to make your connection anonymous, you need a 3rd party which you forward encrypted traffic through, and they request it FOR YOU. If you want for your ISP to retrieve a page for you, you need to send your request to them in plaintext.
14:26 < atralheaven_> I have a vps, I installed openvpn on it, I can check the ovpn config file, if it helps to know my answer
14:26 < Ayu121> You're still not answering me properly. Are you saying you want to set up OpenVPN on your VPS and have your VPS handle your traffic for you?
14:27 < atralheaven_> yes, this is what I did
14:27 < Ayu121> OK, you'll need to forward your DNS request through the VPN as well.
14:27 < atralheaven_> my IP changes to vps IP
14:27 < Ayu121> https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html
14:27 <@vpnHelper> Title: DNS leak test (at www.dnsleaktest.com)
14:27 < atralheaven_> I've set dns settings on config file too
14:28 < Ayu121> Check that article/site
14:29 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
14:30 < mutsayu> I wanna create two connections for my vpn. I that used XXX port when I am in college and one when I am at home. I just read that I have to create multiple .ovpn-files in my config/ folder in /etc/openvpn, but I assume that is the server.conf in the server?
14:30 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:31 < Ayu121> You will also need to run 2 different VPN servers to bind too.
14:31 < Ayu121> IDK if you can have one instance of OpenVPN listening for 2 different connections
14:31 < mutsayu> nope
14:31 < mutsayu> idk how to do that [;
14:31 < mutsayu> pretty new in openvpn tho
14:32 -!- atralheaven_ [~atralheav@151.238.5.48] has quit [Ping timeout: 256 seconds]
14:33 < Ayu121> I don't think you can without tweaking have it listen on multiple ports for a connection, I suggest you just use one port and leave it. Unless you can set up port triggering and forwarding somewhere
14:35 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
14:36 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:38 < mutsayu> oh well, can I sorta.. open up 443 on my pc?
14:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
14:40 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:42 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:46 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
14:46 -!- atralheaven_ [~atralheav@37.48.90.208] has joined #openvpn
14:47 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:49 < atralheaven_> guys, there is no one to answer me? please tell me if I asked my question in a wrong way, and sorry for my english...
14:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
14:52 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
14:53 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:53 < Ayu121> Sorry, busy with something, talk soonm
14:54 < atralheaven_> its ok, I will wait
14:55 < Ayu121> Never open 443, that'll be handled by NAT, just choose a random 4 digit port
14:56 < Ayu121> 1194 is good, but if blocked try like...3421
14:58 -!- wdn [~wdn@200.175.156.55] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:58 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
14:59 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:59 < mutsayu> okay help me.. I have on my server 443/tcp allowed.
15:00 < mutsayu> on my school I cano only for networkmanager 334 tcp port
15:00 < mutsayu> but I'm not at home
15:00 < mutsayu> I can use any port I assume.
15:00 < mutsayu> what tcp can I use at home
15:02 < Ayu121> You need to find a common unused port
15:02 < Ayu121> Sorry, that's all I can help you with
15:04 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
15:04 < atralheaven_> I send the dnsleak results
15:05 < atralheaven_> Ayu121: may you check my question? thanks
15:05 < Ayu121> You can try not using OpenVPN and use SSH connections since those are on port 443 and TCP requests
15:06 < Ayu121> I checked your question, but I don't see your results, also, if you haven't followed the instructions and it shows the VPS/VPN IP, then there's nothing I can contribute
15:07 < Ayu121> @mytsayu, looks like this isn't the proper solution for you, then, since your school blocks all ports that you can bind to with your server, and your school connection.
15:07 < Ayu121> @atralheaven_ your situation is that you need to follow the instructions. I Can't see your results, or work with them, as that's not what the tests were designed for. You need to determine that for yourself, and see if it works. If not, try the methods below in the article
15:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 268 seconds]
15:09 < Ayu121> If you're looking to anonymize your connection, you should use something like privateinternetaccess. IF you can't bind to any connections using that, get a refund.
15:09 < Ayu121> @mytsayu.
15:10 -!- hennos [~midas8@167.160.44.254] has joined #openvpn
15:10 < atralheaven_> Ayu121: by instructions, you mean the dnsleaktest?
15:11 < Ayu121> yes
15:11 < atralheaven_> Ayu121: I didn't have DNS leak
15:12 < Ayu121> Then you're good, you've successfully anonymized your connection and hidden your DNS
15:13 < atralheaven_> so my local ISP can't see my browsing metadata when I'm connected to my openvpn? by metadata I mean things like list of websites that I visited
15:13 < Ayu121> You're passing all connection information of all kinds through your VPS now
15:14 < atralheaven_> so all things that ISP can see is the vps ip, right?
15:16 < Ayu121> yes, as long as you're not missing anything, the VPS is requesting information on behalf of you and the ISP doesn't know that
15:16 < atralheaven_> Thanks :)
15:16 < atralheaven_> may I ask another question?
15:16 < Ayu121> sup?
15:17 < atralheaven_> what is the default type of encryption for internet traffic in openvpn? (not encryption type for auth-ing)
15:17 < Ayu121> Check the documentation
15:18 < atralheaven_> how can I chekc what it is on my config file? I can see encryption type for authentication, but I need to check the traffic encryption settings too
15:25 < atralheaven_> oh I think I understood it wrong
15:26 < atralheaven_> there is one encryption, for both user authentication (for user to be able to connect to the vpn) and encrypting user traffic
15:46 -!- willeponken [~willeponk@2a03:b0c0:2:d0::1c0:f003] has joined #openvpn
15:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:57 -!- jesopo [jess@lolnerd.net] has joined #openvpn
16:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:30 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has quit [Read error: No route to host]
16:38 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:02 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
17:11 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 246 seconds]
17:12 -!- APTX_ [~APTX@unaffiliated/aptx] has joined #openvpn
17:19 -!- dothak [46c22162@gateway/web/freenode/ip.70.194.33.98] has joined #openvpn
17:27 -!- atralheaven_ [~atralheav@37.48.90.208] has quit [Ping timeout: 246 seconds]
17:30 -!- hennos [~midas8@167.160.44.254] has quit [Quit: Leaving]
17:33 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 256 seconds]
17:46 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:54 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 240 seconds]
18:01 -!- dothak [46c22162@gateway/web/freenode/ip.70.194.33.98] has quit [Ping timeout: 246 seconds]
18:02 -!- atralheaven_ [~atralheav@151.238.5.48] has joined #openvpn
18:04 -!- Ayu121 [~Ayu@209.95.50.101] has quit [Ping timeout: 264 seconds]
18:07 -!- atralheaven_ [~atralheav@151.238.5.48] has quit [Ping timeout: 265 seconds]
18:22 -!- atralheaven_ [~atralheav@37.48.90.208] has joined #openvpn
18:22 -!- serban [serban@notromania.com] has joined #openvpn
18:27 -!- Ayu121 [~Ayu@ool-4578060f.dyn.optonline.net] has joined #openvpn
18:33 -!- serban [serban@notromania.com] has left #openvpn []
18:58 -!- atralheaven_ [~atralheav@37.48.90.208] has left #openvpn []
19:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
19:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
19:16 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
19:17 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:17 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
19:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
19:44 -!- toli [~toli@ip-83-134-71-173.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
19:48 -!- abbe [having@badti.me] has quit [Read error: Connection reset by peer]
19:48 -!- toli [~toli@ip-83-134-71-173.dsl.scarlet.be] has joined #openvpn
19:48 -!- abbe [having@badti.me] has joined #openvpn
19:48 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 246 seconds]
19:50 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 246 seconds]
19:51 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 246 seconds]
19:51 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 246 seconds]
19:51 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
19:51 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
19:51 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 246 seconds]
19:51 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 246 seconds]
19:52 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 246 seconds]
19:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:54 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
19:54 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
19:55 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
19:55 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
19:55 -!- mode/#openvpn [+o syzzer] by ChanServ
19:55 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
19:56 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
19:57 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
20:00 -!- Denial- [~Denial@host31-54-231-10.range31-54.btcentralplus.com] has quit [Ping timeout: 260 seconds]
20:01 -!- Denial [~Denial@5.80.234.160] has joined #openvpn
20:03 -!- HM [~HM@81.4.101.225] has quit [Quit: Segmentation fault]
20:14 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
21:00 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
21:16 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has joined #openvpn
21:17 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 264 seconds]
21:18 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
21:19 -!- ghostboarder [~johngalt@S010650395553f02d.va.shawcable.net] has quit [Client Quit]
21:31 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
22:14 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:21 -!- TinFury [~TinFury@72.27.77.149] has joined #openvpn
22:21 < TinFury> HELP
22:21 < TinFury> Is anyone awake?
22:22 < TinFury> I'm trying to setup openvpn and i get these 2 lines of errors
22:22 < Ayu121> SUP?
22:22 < TinFury> 2015-09-08 22:20:03-0500 [-] OVPN 2 OUT: 'Wed Sep  9 03:20:03 2015 Authenticate/Decrypt packet error: packet HMAC authentication failed'
22:22 < TinFury> 2015-09-08 22:20:03-0500 [-] OVPN 2 OUT: 'Wed Sep  9 03:20:03 2015 TLS Error: incoming packet authentication failed from [AF_INET]72.27.77.149:56925'
22:22 < TinFury> I can't seem to get past it.
22:23 < TinFury> At first openvpn connected
22:23 < Ayu121> What guide did you use? You shouldn't be getting that issue at all
22:23 < Ayu121> Seems like you're authenticating with two different keys
22:23 < TinFury> https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
22:23 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Ubuntu 14.04 | DigitalOcean (at www.digitalocean.com)
22:23 < TinFury> I was using this guide
22:24 < TinFury> BUT.....
22:24 < Ayu121> What's giving you the error? The console, or the box?
22:24 < TinFury> The server ubuntu 14.04
22:24 < Ayu121> Strange.
22:24 < TinFury> I was getting this error initially....... TLS was not in use.
22:25 < TinFury> 2015-09-03 15:42:55-0500 [-] OVPN 2 OUT: 'Thu Sep  3 20:42:55 2015 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]67.230.41.128:57628'
22:25 < TinFury> That is the original error....
22:25 < TinFury> But i didn't have TLS enabled on the server or the client
22:25 < TinFury> In the guide i see a couple other with the same problem but no resolution.
22:25 < Ayu121> Do you know who those two IP addresses are?
22:25 < TinFury> I've been stuck on this for days....
22:26 < TinFury> Yes.... those 2 ip addys are mine.... trying to connect to the server
22:26 < TinFury> I've regenerated certs.... genereate ta.key
22:26 < Ayu121> How far apart are the clocks?
22:26 < TinFury> hmmmm
22:27 < TinFury> They seem to be synced
22:28 < TinFury> off by maybe 6 seconds
22:29 < TinFury> Ayu121, is there some way i can check if the openvpn service is using a different config file that what i'm ediditing?
22:29 < Ayu121> Yeah, manually check
22:29 < TinFury> Ayu121, how?
22:29 < Ayu121> You can't check for a matching keyset without attempting to connect
22:30 < TinFury> On the ubuntu i'm editing /etc/openvpn/server.conf
22:30 < TinFury> is that the right location?
22:30 < Ayu121> Got me there, forgot where it's located there. I only use routers for VPN
22:31 < Ayu121> Might be best to wait for someone else who's better suited for that than I Am
22:31 < TinFury> ok...
22:31 < TinFury> I've been on this for days....
22:31 < Ayu121> Have you been on this irc before?
22:31 < TinFury> It's driving me nuts.... was working on the first day.
22:31 < TinFury> yea.... but usually late when i'm about to pass out.
22:31 < TinFury> lol
22:32 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
22:32 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 246 seconds]
22:32 < TinFury> Hey... does openvpn free edition only allow 2 connections?
22:33 < _FBi> -AS
22:33 < _FBi> openvpn is free
22:33 < Ayu121> "Open"VPN
22:34 < _FBi> ^
22:35 < Ayu121> _FBi, do you have experience with SMB connections over OpenVPN and slow SLOW file transfer/streaming?
22:35 < Ayu121> Rather, fixing? :P
22:36 < TinFury> _FBi, Oh I saw a 2 connection limit and was wondering if it was hard coded as i don't see an option in the config
22:36 < _FBi> Negative.  Ayu121.  MTU issue?
22:36 < _FBi> TinFury, OpenVPN-AS only allows 2
22:36 < Ayu121> I thought so, but without having someone at 2 locations at once, its hard to diagnose that :P
22:37 < TinFury> _FBi, OpenVPN-AS?
22:37 < Ayu121> This is on my Router, PFsense, BTW. If it is, and you have experience with such, I'd like to know. I've done some tests, but the MTU requests get blocked, EVEN when I change my firewall rules to allow all ICMP from UDP/TCP... and the programs fail
22:38 < Ayu121> PFSense also automanages MTU, it says...
22:38 < TinFury> _FBi, I've installed from ubuntu packages.... is that the AS version?
22:38 < _FBi> I'm a simple debian users...  haha
22:38 < _FBi> my experience is using ping to get my MTU
22:39 < Ayu121> Yeah... but can't do that off network without being... off network :P
22:39 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:39 < Ayu121> Hence my dilemma
22:39 < _FBi> you can't ssh in to the other box?
22:39 < Ayu121> WHAT other box? :D
22:39 < Ayu121> OH, lol, no wait, that's for my brother
22:40 < Ayu121> And he's off at college in another state
22:41 < _FBi> I don't know how to setup the MTU.
22:41 < _FBi> !mtu
22:41 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting
22:41 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:41 < Ayu121> I'm trying to give him access to one of my servers behind my firewall, that's the issue. Its a logistics issue mostly, but the MTU or the SMB connection is what's killing the entire process in its tracks. If there's a site that you know which does MTU checkups "FOR" you, kind of like http://www.websitepulse.com/help/testtools.ping-test.html... that'd be nice
22:41 <@vpnHelper> Title: Ping Test Tool by WebSitePulse (at www.websitepulse.com)
22:41 < _FBi> TinFury, I have no idea what you've done
22:41 < Ayu121> http://www.letmecheck.it/mtu-test.php derp...
22:41 <@vpnHelper> Title: MTU test - LetMeCheck.it (at www.letmecheck.it)
22:41 < TinFury> ok
22:42 < TinFury> export KEY_COUNTRY="US"
22:42 < TinFury> This key does it have to be the country that I'm connecting from?
22:42 < _FBi> TinFury, I would assumne you're not using -AS
22:43 < _FBi> Ayu121, can't you just use ping ?
22:43 < TinFury> They keys i'm taloking about are in easy-rsa\vars
22:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
22:43 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
22:44 < Ayu121> Yeah, I can but there are sites and programs that roll through the most common MTU packets and report which one you're using
22:44 -!- lv_ [~lv_@tok.moammo.com] has quit [Ping timeout: 244 seconds]
22:45 < _FBi> if MTU is the problem
22:45 < _FBi> I find my 1Gbps uplink get's no where near that over the VPN
22:45 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:45 < Ayu121> See? TADAAA http://pastebin.com/hGCFSzBy
22:46 < TinFury> Ok let me ask a simpler question. how do i disable TLS autentication on ubuntu?
22:46 < Ayu121> Of course not. I use 10% of my CPU for my router, and get 600KB/S on a 1.5-1.6gbps line :P
22:46 < Ayu121> THAT'S the problem..
22:46 < Ayu121> So there's definitely room to grow.
22:46 < _FBi> maybe not :/
22:47 < Ayu121> Well, I have privateinternetaccess on the router to forward traffic through a range on my LAN to them, and it maxes out at 10MB/S at 89% CPU, so I know for THAT reason there's room to grow too :P
22:47 < Ayu121> The issue is that I feel either SMB or MTU is bottlenecking my connection through the VPN
22:48 < _FBi> and screw you and your fast internet!  I'm about 600KB/sec down and 70KB/sec up lol at home
22:48 < Ayu121> Sorry :\
22:48 < Ayu121> But his connection is faster than mine, so we know bandwidth isn't the issue
22:48 < Ayu121> Check my pastgebin
22:48 < _FBi> I saw
22:48 < Ayu121> So fragmented means nogo :P
22:48 < Ayu121> Right?
22:48 < Ayu121> "From the tests we did, we can assume that 1472 bytes is the largest unfragmented packet
22:48 < Ayu121> size. The MTU size would be 1500, made up from 1472 payload and 28 ICMP/IP Headers
22:48 < Ayu121> and payload information. "
22:49 < _FBi> Sorry Ayu121, but it's beyond me.  I'd like to say yes
22:49 < Ayu121> Damn, because according to this, 1500 is fine.
22:50 < Ayu121> So it's NOT an MTU issue, then it seems..
22:50 < Ayu121> "The maximum MTU size for YOUR IP is:    1500"
22:52 < _FBi> is that through your VPN connection, or just your internet
22:52 < Ayu121> The MTU? From their site to my router (No VPN)
22:57 < _FBi> try over the VPN, no?
22:57 < _FBi> did you read the guide vpnHelper gave?
22:57 < Ayu121> I didn't see it, will now.
22:57 < _FBi> TinFury, what was your question?
22:58 < TinFury> How do i completely disable TLS authentication openvpn on ubuntu?
22:58 < Ayu121> You shouldn't want to
22:58 < TinFury> I have commented out ;tls-auth ta.key 0 # This file is secret
22:58 < TinFury> Ayu121, oh... but I can't seem to get tls to work.
22:59 < _FBi> TinFury, yes, on the server and client side
22:59 < TinFury> on the client i commented #tls-auth ta.key 1
22:59 < TinFury> so it should be disabled but I keep getting this error in the server log
23:00 < TinFury> TLS Error: cannot locate HMAC in incoming packet from [AF_INET]72.27.77.149:49864'
23:01 < _FBi> looks like your server still wants it
23:02 < TinFury> _FBi, I know.... the guide i used didn't have tls enabled.... server worked on day 1.... now i can't connect.. i get that error
23:02 < TinFury> _FBi, I'm running this on VPS if that matters.
23:02 < _FBi> there's only one guide you should follow
23:02 < _FBi> !newbie
23:02 < _FBi> :/
23:02 < _FBi> !guide
23:03 < _FBi> !list
23:03 <@vpnHelper> Admin, BadWords, Channel, ChannelLogger, Config, Factoids, FloodPrevent, Google, Misc, Owner, Relay, Seen, Services, User, Weather, and Web
23:03 < _FBi> !list factoids
23:03 <@vpnHelper> change, forget, info, learn, lock, random, search, unlock, and whatis
23:03 < TinFury> _FBi, ok let me try that
23:03 < _FBi> !factoids search guide
23:03 <@vpnHelper> No keys matched that query.
23:03 < TinFury> !guide
23:03 < _FBi> !factoids search newbie
23:03 <@vpnHelper> No keys matched that query.
23:03 < _FBi> fack
23:03 < _FBi> one sec I'll get it for you
23:03 < _FBi> !factoids search howto
23:03 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
23:04 < _FBi> boom
23:04 < _FBi> use that
23:04 < _FBi> you'll learn a lot
23:04 < _FBi> ... hopefully
23:05 < TinFury> !factoids search howto
23:05 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
23:05 < TinFury> thanks
23:06 < _FBi> very welcome.  Thanks for Flying #openvpn
23:14 < TinFury> Hey
23:14 < TinFury> I just realized that i can start the openvpn server with a command instead of a service
23:14 < TinFury> if i start it like this.... should i see the clients as they attempt connection?
23:21 < TinFury> What if i fill in the wrong country in easy-rsa vars file... does that matter?
23:21 < TinFury> Will that stop the server from functioning?
23:29 -!- TinFury [~TinFury@72.27.77.149] has quit [Read error: Connection reset by peer]
23:32 -!- TinFury [~TinFury@vs1491.rosehosting.com] has joined #openvpn
23:32 < TinFury> _FBi, hey are  yo uthere?
23:32 < TinFury> I finally got it working
23:32 < TinFury> Swtiched over from udp to tcp and it worked.... any idea why?
23:36 < Ayu121> UDP is much MUCH faster BTW
23:36 < Ayu121> TCP is slooooow
23:37 < Ayu121> TUN or TAP?
23:39 < TinFury> TUN
23:39 < Ayu121> Good :P
23:39 < TinFury> I'm trying to figure out why UDP would do that.
23:40 < Ayu121> Different protocol has a different set of default rules
23:40 < TinFury> So now I know that it works with tcp is there anything you can suggest to get udp working/
23:40 < TinFury> ?
23:41 < Ayu121> I still think you should be using TLS authentication.... you REALLY should use it... otherwise its very very insecure
23:41 < TinFury> Ayu121, Sure... i'll turn it on...
23:42 < TinFury> I just couldn't establish any form of connection on udp
23:42 < Ayu121> The thing is, the way you're doing it now, is very poor... if its causing issues, you should know that.
23:42 < Ayu121> What's your purpose for using OpenVPN in the first place?
23:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
23:44 < TinFury> To hide my identity
23:44 < Ayu121> https://www.privateinternetaccess.com/
23:44 <@vpnHelper> Title: Anonymous VPN Service From The Leaders | Private Internet Access (at www.privateinternetaccess.com)
23:44 < TinFury> Ayu121, I have no problem with enabling tls
23:44 < Ayu121> Cheaper than rolling your own
23:44 < TinFury> Ayu121, yes but i dont' want it originating from a known vpn
23:45 < Ayu121> How do you pay for your VPS?
23:45 -!- ShadniX [dagger@p579413A7.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:45 < TinFury> bitcoin... lol
23:45 < TinFury> I'm jk
23:45 < Ayu121> Credit card? Then it shouldn't matter.
23:45 < TinFury> Whoever is looking isn't going that deep
23:45 < TinFury> They aren't hackers...
23:45 < TinFury> They just want to know It's not a VPN
23:46 < TinFury> But... it is a VPS
23:46 < Ayu121> I'm just going to say, if you use a public endpoint, and someone says "Who requested X" a datacenter you rented the vps from would say... these guys wouldn't
23:46 < Ayu121> OH, you're trying to prove you own X to some people?
23:46 < TinFury> yes
23:47 < TinFury> They just check the ip and want to know if it's coming from a VPN like strongVPN
23:47 < TinFury> If not it's fine
23:47 < Ayu121> I'm confused about your reasons, but.... shouldn't TLS authentication with TCP be enough? How long do you need to keep up the charade?
23:47 -!- ShadniX [dagger@p5481D721.dip0.t-ipconnect.de] has joined #openvpn
23:47 < TinFury> Ayu121, !!!!!!!!!!!!!!!!!!!!!!!
23:47 < Ayu121> ?
23:47 < TinFury> Ayu121, I have no problem with TLS
23:48 < TinFury> Ayu121, I'd love to run it... the problem was that I couldn't establish a connection with TLS or not using UDP
23:48 < Ayu121> Right, but you need to use TCP with it tho. Which is a bandwidth issue
23:48 < Ayu121> If bandwidth isn't your purpose for using it, then once you got it set up properly, you shouldn't need to "prove" anything further to these shady figures
23:48 < TinFury> Well now I have at lest got somewhere I can mess around with the config and diagnose what is happening
23:49 < TinFury> for https://www.privateinternetaccess.com/ could I get this in any state in the US?
23:49 <@vpnHelper> Title: Anonymous VPN Service From The Leaders | Private Internet Access (at www.privateinternetaccess.com)
23:50 < Ayu121> If you mean purchase FROM, yes, of course, they'll take your indian rupes if you have em. If you mean that you're looking for them to have an endpoint in michigan, then no, only certain endpoints are available
23:51 < Ayu121> https://www.privateinternetaccess.com/pages/client-support/ check "regional gateways"
23:51 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:51 <@vpnHelper> Title: Client Support Area | Private Internet Access VPN Service (at www.privateinternetaccess.com)
23:52 < Ayu121> do an NSLookup on those addresses to get the NS endpoint IP's
23:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:53 < Ayu121> https://www.privateinternetaccess.com/pages/network/ even better
23:53 <@vpnHelper> Title: VPN Virtual Private Network Services | Private Internet Access (at www.privateinternetaccess.com)
23:54 < TinFury> Awesome. I'll check them out. I was talking about endpoint
23:54 < TinFury> Neway. I'm just glad to have something work.
23:54 < Ayu121> Those are the endpoints
23:54 < TinFury> I'll catch you later.... thanks for the help :)
23:54 < TinFury> ;)
23:54 -!- TinFury [~TinFury@vs1491.rosehosting.com] has quit [Quit: Leaving]
--- Day changed Wed Sep 09 2015
00:18 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
00:45 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
00:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
00:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
01:06 -!- Ayu121 [~Ayu@ool-4578060f.dyn.optonline.net] has quit [Read error: Connection reset by peer]
01:14 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
01:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:19 -!- mode/#openvpn [+o mattock1] by ChanServ
01:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
01:34 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has joined #openvpn
01:35 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
01:37 < mutsayu> I can connect to my openvpn server, but I don't have any internet. Anyone has had this cause before?
01:37 < mutsayu> if I'm right it should be a DNS thingie right?
01:37 -!- doop [~doop@colostomy.club] has joined #openvpn
01:38 < skyroveRR> Hello mutsayu
01:38 < skyroveRR> I thought you solved all your problems.
01:38 < mutsayu> skyroveRR: hey
01:38 < mutsayu> well I have this issue now. mwaha
01:38 < skyroveRR> HEH.
01:38 < mutsayu> I thought you weren't awake :p
01:39 < skyroveRR> Go figure.
01:39 < mutsayu> skyroveRR: why you ain't helping meh? ;[
01:39 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
01:41 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
01:42 < skyroveRR> mutsayu: you haven't really given a shit about learning what you've done since the last Sunday.
01:43 < skyroveRR> All you've wanted is spoonfeeding. It's time to figure out what you are really doing.
01:44 < skyroveRR> So, help yourself.
01:44 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
01:45 -!- guntha [~rmerritt@unaffiliated/guntha] has joined #openvpn
01:46 < mutsayu> skyroveRR: wow what? I... appreciated the help a lot! I am not a vpn expert and I never said the things you just said
01:46 < mutsayu> if it came over like that; sorry!
01:47 < skyroveRR> Do you even know the meaning of the options you used in your server and client configurations? Have you tried to understand them even?
01:47 -!- doop [~doop@colostomy.club] has joined #openvpn
01:48 < mutsayu> yes but I'm bad at debugging/solving these kinda things, that's why I come to weechat. When it comes to programming, I am fine. I don't need ANY one. But for this ... I need someone.
01:52 -!- mutsayu [~muts@546B8949.cm-12-4c.dynamic.ziggo.nl] has left #openvpn ["WeeChat 1.3"]
02:16 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
02:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:18 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:28 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
02:58 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
03:01 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:06 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
03:24 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:35 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
03:35 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has left #openvpn ["ciao!"]
03:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
03:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:58 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
04:53 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:57 -!- bbert [~bbert@unaffiliated/bbert] has quit [Ping timeout: 240 seconds]
04:58 -!- bbert [~bbert@unaffiliated/bbert] has joined #openvpn
04:58 -!- Zimsky-- [~alice@unaffiliated/zimsky] has quit [Ping timeout: 240 seconds]
04:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
05:00 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
05:16 -!- Tenhi [~tenhi@178.18.241.180] has quit [Ping timeout: 260 seconds]
05:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:29 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
05:30 -!- toli [~toli@ip-83-134-71-173.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:33 -!- toli [~toli@ip-62-235-197-29.dsl.scarlet.be] has joined #openvpn
05:43 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 244 seconds]
06:45 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
06:45 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
06:48 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Client Quit]
06:52 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
07:09 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
07:13 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
07:15 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Ping timeout: 250 seconds]
07:16 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
07:19 -!- Ayu121 [~Ayu@209.95.50.90] has joined #openvpn
07:24 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
07:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
07:47 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
07:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:04 -!- zune [~zune_free@93-161-225-188-dynamic.dk.customer.tdc.net] has joined #openvpn
08:05 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
08:05 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
08:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
08:38 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
08:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Quit: Adious]
08:59 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:02 -!- SineDeviance [~quassel@2602:306:3908:8eb0:7598:4924:413e:1286] has joined #openvpn
09:03 < SineDeviance> hi all. i was hoping someone here might have some advice for me. i'm looking for a place i can rent a pre-configured openvpn server with full name resolution support (WINS, etc.)
09:03 < Ayu121> rent?
09:03 < SineDeviance> i've been trying to get one working on my own for a month now but i can't get name resolution working no matter what i've tried
09:04 < SineDeviance> yes. the clock has run out and we just need a server that does the job now
09:04 < Ayu121> Craigslist, maybe, IDK about renting...
09:04 < Ayu121> Buying, there's a few solutions.
09:05 < SineDeviance> ouch. $9.60/client connection
09:05 < SineDeviance> that wont work. i guess i'll have to keep trying
09:05 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:06 < Ayu121> What issue is forcing you to rent one?
09:06 < SineDeviance> we need name resolution. ip-based alone isn't enough, really
09:06 < SineDeviance> let me explain what we're doing and it might make more sense
09:06 < Ayu121> Oh, those services are available, yeah. That's median price too.
09:06 < Ayu121> I misunderstood what you were asking for initially
09:07 < SineDeviance> we are using raspberry pis and other small machines to do various tasks for retail clients. most of them are being used to run media displays in retail stores. we needed a cost-effective way to remote admin them even though they would be connecting from many kinds of networks we don't control
09:08 <@plaisthos> classic vpn scenario
09:08 < SineDeviance> yep! all we need is ssh/sftp access and openvpn works well
09:08 < SineDeviance> but! here's the catch
09:08 < SineDeviance> right now we have about 50 systems in the field, but by the end of next year we're planning to have 1000+
09:08 < Ayu121> HAH, oh boy
09:08 < SineDeviance> keeping track of all of those IPs could be done, but it would be much much easier to do it via name resolution
09:09 < SineDeviance> to remedy that i installed samba (for WINS support) and bind, but i can't seem to get name res working no matter how much i pound my head against it
09:11 < SineDeviance> so ... what the hell do i do? lol
09:11 < SineDeviance> we're a small startup, we can't afford $9.60/client right now
09:11 < Ayu121> Someone better suited to answer that should be around soon to answer, just idle here and check back once in a while.
09:11 < SineDeviance> thanks
09:12 < SineDeviance> for what it's worth i can provide intimate details of our server setup and the configs
09:12 < SineDeviance> i just really need to make this work
09:12 < Ayu121> Save that for direct contact
09:12 < SineDeviance> yeah
09:25 < Thermi> SineDeviance: Pro tipp: /etc/nsswitch.conf
09:27 < Thermi> SineDeviance: Also pro tip: OpenVPN tunnels from your boxes to the server. Use a private IPv6 subnet (many IPS!) to address the devices over the tunnel device.
09:33 < SineDeviance> Thermi: i'm looking at nsswitch.conf now, but i don't quite understand what it does
09:34 < Thermi> SineDeviance: Tells the glibc name resolver what system to try first and what after that.
09:34 < SineDeviance> and yeah, right now we're using ipv4 just to iron out any problems, but once that's done i planned to switch over to ipv6
09:35 < Ayu121> Deff go for IPv6 if you can.
09:36 < Ayu121> As said, once you get name resolution, OFC :P
09:36 < SineDeviance> does this look like a sane config for that file? http://www.fourm.info/Tools/nsswitch.conf/view
09:36 <@vpnHelper> Title: /etc/nsswitch.conf sample file FourM.info (at www.fourm.info)
09:36 < Thermi> SineDeviance: `man nsswitch.conf`
09:36 < SineDeviance> No manual entry for nsswitch.conf
09:36 < Thermi> SineDeviance: And nom that is not a sane sample.
09:38 < Thermi> SineDeviance: Why do you want WINS support?
09:39 < SineDeviance> Thermi: in case we ever have a windows client. plus, we do remote admin from mac and windows clients and samba/WINS helps with that
09:39 < Thermi> Windows client?
09:39 < SineDeviance> a windows openvpn client, yes
09:39 < Thermi> SineDeviance: Why do you think you need WINS for that?
09:39 < SineDeviance> google says i do? lol
09:39 < Thermi> No?!
09:39 < SineDeviance> that's the only reason
09:39 < Thermi> Windows and MAC can handle the DNS system
09:39 < SineDeviance> really?
09:39 < Thermi> How do you think you go to the internet?
09:40 < Thermi> Dear god, how did you even get that job?
09:40 < SineDeviance> it's not a job, it's a startup me and a friend are doing
09:40 < SineDeviance> vpns and DNS are just not my territory
09:41 < Thermi> You seem to have no idea how the things are pieced together
09:41 < SineDeviance> you'd be mostly correct in that assumption
09:41 < DArqueBishop> Honestly, I would do a LOT of reading and studying on VPN and DNS if it's going to be such an integral part of your business.
09:41 < SineDeviance> i mean i understand that name resolution comes from DNS
09:41 < SineDeviance> i just don't know how it actually works
09:41 <@plaisthos> SineDeviance: you to make ssh clientname723 work, or what?
09:42 <@plaisthos> or dns resolution on vpn clients?
09:42 < SineDeviance> plaisthos: if possible. clientname723.ourdomain.tld would also work
09:42 <@plaisthos> SineDeviance: so just add clientname723.ourdomain.tld in the dns
09:42 <@plaisthos> and use ccd to give clietn 723 always the same ip
09:42 <@plaisthos> !ccd
09:42 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
09:42 < Thermi> SineDeviance: Dear god, please stop right now and do /a lot/ of reading your networks, DNS and VPN.
09:42 <@plaisthos> and what Thermi says
09:42 < SineDeviance> DNS resolution to WAN from VPN clients doesn't need to work, these are embedded systems and they don't need an internet connection
09:43 <@plaisthos> try to understand what you are doing
09:43 <@plaisthos> or else you will shot yourself faster in the foot than you can say name resolution
09:43 < SineDeviance> Thermi: why do you think i am here?
09:43 <@plaisthos> !notovpn
09:43 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
09:43 < Thermi> SineDeviance: Also: The fewer time you invest into doing it correct right now, the worse your product will be.
09:44 < SineDeviance> ok, so where do i start then?
09:44 <@plaisthos> SineDeviance: we help people who help themselves
09:44 <@plaisthos> !dns
09:44 < Thermi> SineDeviance: IP based networks.
09:44 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
09:44 <@plaisthos> hm no that one
09:44 < DArqueBishop> SineDeviance, go and buy a couple of books on OpenVPN and DNS.
09:44 < SineDeviance> *sigh*
09:44 < SineDeviance> thanks for the help
09:47 < SineDeviance> you know, before you guys judge me so harshly, you could at least take a look at my configs and simply tell me if i am missing something simple here
09:47 < SineDeviance> just saying
09:47 < Thermi> So we're supposed to judge the walls of your house when your basement isn't even finished?
09:48 < SineDeviance> Thermi: the basement is finished. the VPN works just fine if you use ip-based resolution
09:48 < Thermi> And your plans are basicly so sketchy, that it's not even clear how the walls are supposed to be built?
09:49 < SineDeviance> look, i just want to be able to ssh into a VPN client via name-based resolution. that's all it needs to do. how can that be any less clear?
09:49 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:49 < Thermi> SineDeviance: Set up a local DNS server and zone, create a DNS A entry in that zone for that IP address and a name, win
09:49 < Ayu121> SineDeviance, I think your frustration is being targeted unjustly.
09:50 < SineDeviance> Thermi: i've already done that
09:50 < SineDeviance> it still doesn't work
09:50 < Thermi> SineDeviance: Make your box use that DNS server?
09:50 < Thermi> Diagnose the problem?
09:50 < SineDeviance> which box? the server OVPN is running on, or the client i am using to test? because both are setup to use that DNS server in the .ovpn and the DNS server is exposed to the virtual network
09:51 < Thermi> Whereever you're trying to resolve that name
09:51 < Thermi> Holy shit, don't make your VPN "client" try to use that DNS
09:51 < Thermi> It's going to break as soon as the tunnel breaks
09:52 < SineDeviance> so wait ... VPN clients should not be using the local DNS? i thought that was the entire point of having it?
09:52 < SineDeviance> they connect to the local DNS when the tunnel opens, and name resolution happens as a result. is that not correct?
09:53 < Thermi> SineDeviance: As far as I understand your setup, your retail box thingys are supposed to connect to a server. You do maintenance thingies from the LAN, in which the server is
09:54 < Thermi> SineDeviance: Why do you want to resolve the names from the clients? They're not supposed to do any maintenance?!
09:54 < SineDeviance> ahh. well, i thought it was a two-way street for name resolution
09:55 < Thermi> SineDeviance: Personally, I wouldn't trust the retail boxes to register names.
09:55 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
09:55 < Thermi> SineDeviance: I'd make a server side script set up the names. Probably based on certificate CNs.
09:55 < SineDeviance> so what you're saying is, there's not a reasonably reliable way of getting the VPN clients to provide their hostname to the VPN server?
09:56 < Thermi> There's not a reasonable *secure* way
09:56 < Thermi> Don't. Trust. The. Boxes.
09:56 < SineDeviance> ahh. well, that's just as important
09:56 < SineDeviance> okay. so, should we just use static IP on every client and use a spreadsheet to keep track of them, then?
09:58 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:58 < Thermi> SineDeviance: Again, use an internal IP pool. You can make OpenVPN execute a script when a client connects. You can use that script to set up DNS entries on the DNS server for the Common Name that that client's certificate has
09:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
10:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:02 < SineDeviance> Thermi: okay, i guess i will give that a try
10:09 -!- nullsign is now known as OS-17334
10:09 -!- OS-17334 is now known as Guest87597
10:10 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
10:16 < SineDeviance> actually, simply using the status log seems to work well enough. we name the ovpn certificates according to the client's hostname, so by using the status log we can quickly find which client is on which IP
10:30 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
10:50 -!- TikityTik [~user49696@134.117.249.50] has joined #openvpn
10:50 < TikityTik> Hi, I'm having issues connecting to my openvpn server that I've setup.
10:51 < Ayu121> More details pls
10:51 < TikityTik> my client's connection is closing, and I get...
10:51 < TikityTik> PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
10:51 < Ayu121> Closing after establishing?
10:51 < Ayu121> Or closing later on?
10:52 < Ayu121> Is this for ALL traffic, or just file traffic?
10:52 < TikityTik> let me paste it
10:53 < Ayu121> pastebin pls
10:53 < Ayu121> Leave out (or corrput) keys.
10:54 < TikityTik> http://sprunge.us/gNHL
10:54 < TikityTik> i believe it's established
10:54 < Ayu121> Its not
10:54 < Ayu121> Its pushing the configuration but not able to link up.
10:54 < Ayu121> Show your config
10:54 < TikityTik> my client?
10:54 < Ayu121> server.conf
10:55 < Ayu121> Client after
10:55 < Ayu121> Linux/Unix?
10:58 -!- Guest87597 [~nullsign@tyrion.nullsign.com] has left #openvpn []
10:59 < TikityTik> Ayu121, yes
10:59 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
10:59 < Ayu121> Are you running it as SU?
10:59 < TikityTik> Ayu121, I'm running client and server as nobody
10:59 < Ayu121> Try sudo openvpn (file)
11:00 < Ayu121> You're modifying network connections, you need a user.
11:01 < TikityTik> and that fixed it lol
11:01 < TikityTik> hello?
11:01 -!- TikityTik [~user49696@134.117.249.50] has quit [Quit: Leaving]
11:01 < Ayu121> Well that was.... strange
11:01 -!- TikityTik [~user49696@134.117.249.50] has joined #openvpn
11:01 < TikityTik> it worked I believe, but I couldn't connect to anything.
11:02 < Ayu121> OK, what do you mean, exactly?
11:02 < Ayu121> TO the VPN, or FROM, or both?
11:02 < TikityTik> I need to brb, be back in a min
11:02 < Ayu121> I'll be idling, I'll read up in a bit
11:03 <@dazo> !welcome
11:03 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
11:03 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:03 <@dazo> TikityTik: ^^ (just a general hint)
11:07 < TikityTik> I would like to access the internet over my vpn
11:08 < TikityTik> Ayu121, I was able to connect to the VPN
11:10 < TikityTik> i'll be back again
11:10 < TikityTik> ah wait
11:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
11:18 < TikityTik> i'll brb
11:19 < Ayu121> So it "worked worked"?
11:22 -!- TikityTik [~user49696@134.117.249.50] has quit [Ping timeout: 246 seconds]
11:28 -!- shiriru [~shiriru@46.10.57.27] has joined #openvpn
11:30 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
11:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:10 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
12:12 -!- dothak [46c24b7a@gateway/web/freenode/ip.70.194.75.122] has joined #openvpn
12:12 < dothak> I have a question about client/server configuration
12:13 < dothak> I'm under the assumption if I have a vpn server and a vpn client, they both can talk to each other's lans, correct?
12:13 < dothak> that site-to-site is bi-directional?
12:14 < Eugene> If you set it up, yes.
12:14 < Eugene> !route
12:14 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:14 <@vpnHelper> client
12:14 < Eugene> A basic setup will only include the tunnel's subnet. You need to provide the setup outlined in !serverlan and !clientlan for the respective sides to work
12:16 < dothak> @Eugene, see I've looked at that wiki on routed lans for a week, and still haven't gotten bi-directional communication
12:16 < Eugene> !serverlan
12:16 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
12:16 < Eugene> Flow charts ^
12:17 < dothak> !clientlan
12:17 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
12:17 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
12:18 -!- bpye [~quassel@unaffiliated/bpye] has joined #openvpn
12:19 < dothak> Ok @Eugene, I'll take a further look, but at this point I'm stuck.
12:19 < bpye> If I have a network, say it's on 192.168.1.0/24, another on 192.168.2.0/24 and I want these to have a vpn between, then finally I want to be able to join other devices, not on either network, on say 192.168.3.0/24, is there a good solution?
12:19 < Eugene> bpye - none of those subnets conflict, so you oughta be fine
12:20 < Eugene> dothak - pastebin time! Though I'm too busy to read through it myself right now
12:20 < Eugene> !configs
12:20 < bpye> Sure, but how do I make devices be on 192.168.3.0/24 for example?
12:20 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:20 < Eugene> !logs
12:20 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
12:20 < Eugene> bpye - what devices? Those joining the VPN?
12:20 < bpye> Yea
12:20 < dothak> @Eugene, I've pasted in the past, been waiting for help lol
12:20 < Eugene> Specify that as your VPN subnet, instead of 10.8.0.0/24.
12:21 < Eugene> (though in reality, please don't abuse 192.168 like that....)
12:21 < bpye> I won't, just used it as an example, I plan to use 172.16.0.0/12 to avoid conflicts
12:21 < Eugene> Good, good.
12:23 < bpye> Right, so at each site I should just be able to set their subnets, then just make the vpn subnet the one for the additional devices?
12:23 < Eugene> Yup.
12:23 < Eugene> If you're not already, use
12:23 < Eugene> !topology
12:23 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
12:27 -!- shiriru [~shiriru@46.10.57.27] has quit [Quit: Leaving]
12:27 < bpye> Alright thank you
12:29 -!- c|oneman [cloneman@1337.montrealdark.com] has joined #openvpn
12:29 -!- hennos [~midas8@167.160.44.254] has joined #openvpn
12:34 < dothak> @Eugene : https://gist.github.com/dothak/322e5b8326a1e1b91013
12:34 <@vpnHelper> Title: vpn conf · GitHub (at gist.github.com)
12:36 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
12:41 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
12:47 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
12:49 -!- TikityTik [~user49696@134.117.249.51] has joined #openvpn
12:49 -!- TikityTik [~user49696@134.117.249.51] has quit [Quit: Leaving]
12:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
12:51 -!- TikityTik [~user49696@134.117.249.51] has joined #openvpn
12:51 < TikityTik> ll
12:52 < TikityTik> Hi, I'm trying to connect to the internet via my vpn that I'm hosting on my VPS
12:52 < TikityTik> the connection establishes I believe, but I'm unable to connect to anything
12:53 < Eugene> TikityTik - It sounds like your goal is to connect to the internet through your VPN to a remote server
12:53 < Eugene> !redirect
12:53 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
12:53 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
12:54 < Eugene> All hail the flowchart gods ^ ;-)
12:54 < TikityTik> Eugene, I believe I have it setup correctly on my server. But I think I'm missing something on my client which is running ubuntu
13:05 -!- TikityTik [~user49696@134.117.249.51] has quit [Ping timeout: 255 seconds]
13:10 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:18 < dothak> @Eugene, do you think you have some time to take a look?  I went through the flowchart and everything checks out
13:19 < Eugene> How far do you get in the chart
13:19 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:20 < dothak> from the client, I cannot ping the server lan ip.  ip forwarding is turned on, on both vpn instances
13:21 < dothak> not sure if it matters, but this is in aws.
13:25 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
13:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:41 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.2]
13:42 -!- lev__ [~lev@stipakov.fi] has quit [Ping timeout: 248 seconds]
13:43 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Read error: Connection reset by peer]
13:43 -!- zz_pzduniak [~pzduniak@cloudrack.io] has quit [Ping timeout: 246 seconds]
13:44 -!- TikityTik [~user49696@2620:22:4000:905:3ffe:4af5:94b:9829] has joined #openvpn
13:44 < TikityTik> Ayu121, you back?
13:45 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
13:55 -!- dothak [46c24b7a@gateway/web/freenode/ip.70.194.75.122] has quit [Quit: Nope]
13:56 -!- TikityTik [~user49696@2620:22:4000:905:3ffe:4af5:94b:9829] has quit [Ping timeout: 246 seconds]
14:00 -!- TikityTik [~user49696@2620:22:4000:905:3ffe:4af5:94b:9829] has joined #openvpn
14:00 < TikityTik> alright, I'm able to connect to the internet via my VPN when I'm using a wired connection.
14:00 < TikityTik> However I'm unable to when I'm trying to use wifi.
14:01 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
14:01 -!- TikityTik [~user49696@2620:22:4000:905:3ffe:4af5:94b:9829] has left #openvpn []
14:01 -!- TikityTik [~user49696@2620:22:4000:905:3ffe:4af5:94b:9829] has joined #openvpn
14:08 < NetworkingPro> hey everyone
14:08 < NetworkingPro> hows it going?
14:10 -!- dazo is now known as dazo_afk
14:12 < NetworkingPro> dazo_afk: how are ya man?
14:12 < NetworkingPro> guess what Im doing...
14:12  * NetworkingPro loves rhetorical questions.
14:13 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
14:13 < TikityTik> I'm unable to connect to the internet via my vpn when I'm using wifi, but I'm able to when I'm using a wired connection.
14:14 < TikityTik> How can I get it to work for wifi?
14:16 < TikityTik> maybe it's a port issue
14:20 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
14:23 < NetworkingPro>  --server directive network/netmask combination is invalid
14:25 -!- grawity [grawity@virgule.cluenet.org] has joined #openvpn
14:25 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
14:25 -!- TikityTik [~user49696@2620:22:4000:905:3ffe:4af5:94b:9829] has quit [Ping timeout: 244 seconds]
14:28 < grawity> When using client cert authentication, what's a recommended way of whitelisting specific users or certificates? (I see there's the "write your own shellscript" tls-verify, but I want to avoid reinventing the wheel)
14:31 < Eugene> Sign them with a specific CA or with a given cert purpose
14:31 < Eugene> For dynamic(post-cert-issuance) it'll be tls-verify
14:32 < Eugene> --ccd-exclusive could work
14:34 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
14:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:43 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
14:44 -!- HM [~HM@81.4.101.225] has joined #openvpn
14:46 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
14:53 -!- TikityTik [~TikityTik@134.117.249.51] has joined #openvpn
14:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
14:55 < TikityTik> Any help?
15:01 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
15:04 < Ayu121> What's up? Reading now
15:05 < Ayu121> Did you make a virtual adapter TikityTik?
15:07 < TikityTik> Ayu121, no i have not
15:08 < Ayu121> You might want to investigate doing that, so you can pass all your connections through it when you connect through the client
15:08 < TikityTik> eh?
15:08 < TikityTik> why can't I just do it as is?
15:08 < TikityTik> i have no issue with wired connections but wireless gives me issues
15:08 < Ayu121> The way it seems you've set it is that it binds to one interface. Making a virtual one, it'll pass all things through it no matter the medium.
15:09 < Ayu121> I could be mistaken about your setup, but a virtual TUN interface is what I normally do.
15:09 < TikityTik> I have no idea how to do that
15:09 < Ayu121> Before you start to do that, you never once sent me your server.conf, so I can't be certain this would even help and it might just be something as simple as changing a 0 to a 1 somewhere
15:10 < Ayu121> Start by sending me that direct, please.
15:11 < TikityTik> Ayu121, also I do not have ip_forward for ipv6
15:11 < TikityTik> I think
15:11 < TikityTik> this is my server.conf, http://sprunge.us/iMTO
15:12 < Ayu121> Just going to ask, you're aware you're running 194, not 1194 :P
15:12 < TikityTik> Ayu121, yes, I'm trying different ports as this is at a university
15:12 < Ayu121> understood
15:12 < TikityTik> i'm trying udp/tcp and different ports
15:13 < TikityTik> I had it working for a split second on 194 udp but then it stopped
15:13 < Ayu121> Check out line 38 and read up on that to learn about dev tun/tap
15:13 < Ayu121> 38 and on*
15:14 < Ayu121> Just make sure you've configured that to your liking
15:14 < TikityTik> any recommended reading material?
15:15 < Ayu121> Simple google searches, just type "X Vs Y OpenVPN" into google, sometimes that brings you straight to the forums page where you can look this info up with people having the same questions
15:15 < Ayu121> Google's machine learning doesn't take Vs literally, and does a good job at learning that we're looking for comparisons.
15:19 < Ayu121> I do have to go right this moment, so we can definitely continue this if nobody else has anything to add. I won't be online so if/when I come back, cliffnotes, please.
15:19 < TikityTik> Ayu121, thanks for the help
15:19 < Ayu121> I only read a bit of the config, something came up and I had to close it out and run, so I'll look again later on.
15:19 < TikityTik> You were the only one to help me :S
15:19 < TikityTik> alright
15:19 < Ayu121> People should be getting home from work on the east coast soon, your luck should change
15:20 < Ayu121> Check back in 1 hour with some people and see if any returned and are willing to lend you aide.
15:20 -!- Ayu121 [~Ayu@209.95.50.90] has quit [Read error: Connection reset by peer]
15:31 < TikityTik>  I think I want tun
15:33 < TikityTik> I think I'm having an issue with tun and ipv6
15:34 < TikityTik> just a speculation
15:41 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has quit [Ping timeout: 246 seconds]
15:42 < TikityTik> Ok, so I can connect to my openvpn server and ssh to it.
15:42 < TikityTik> However, I'm unable to connect to anything else. And this happens only on wifi, not on wired connection
15:42 < TikityTik> Any help?
15:44 -!- ad^2 [~ad^2@wsip-70-165-87-18.dc.dc.cox.net] has joined #openvpn
15:45 -!- Esya [~esya@62-210-192-133.rev.poneytelecom.eu] has quit [Quit: Bye!]
15:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:51 < ad^2> Has anyone successfully used RPDB to route packets between tun interfaces. I can send packets from one tun to the next but I don't see them coming out the other end.
15:52 < ad^2> From tun0 to tun1 on the same OpenVPN server that is.
15:52 < ad^2> From physical interface to tun works fine but when try tun0 to tun1 nada.
15:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:01 -!- SandwichToast [49bc7423@gateway/web/freenode/ip.73.188.116.35] has joined #openvpn
16:01 < SandwichToast> !welcome
16:01 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
16:01 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:05 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
16:05 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
16:10 -!- TikityTik [~TikityTik@134.117.249.51] has quit [Ping timeout: 256 seconds]
16:10 < SandwichToast> I know I have a poor understanding of networking, but basically I'd like to set up an OpenVPN server to access an HDHomerun Prime remotely. My understanding is this requires TAP/bridged, and I can't seem to find a recent guide that works for me.
16:11 < SandwichToast> I currently have a server working well as TUN within a freebsd jail, but I think jails don't have the kind of abilities to do TAP. When I played around with a pfSense VM in ESXi I was also unable to get it working, leading me to think I must not have the configuration correct
16:12 < SandwichToast> I want to do all of this "within" the network (not on the router) so that if it goes down, internet doesn't also turn off
16:13 < SandwichToast> totally open to an alternate config if that could be easier (is it possible to forward broadcast over TUN?)
16:16 -!- SineDeviance [~quassel@2602:306:3908:8eb0:7598:4924:413e:1286] has quit [Ping timeout: 246 seconds]
16:16 -!- SineDeviance [~quassel@2602:306:3908:8eb0:49a4:facb:aa39:9029] has joined #openvpn
16:21 -!- ad^2 [~ad^2@wsip-70-165-87-18.dc.dc.cox.net] has quit [Quit: Leaving]
16:31 -!- zamba [marius@flage.org] has quit [Ping timeout: 260 seconds]
16:34 < Thermi> SandwichToast: You can not use bridges with virtualised networks.
16:34 < SandwichToast> Thermi: LAN was passed through with Intel VT-d
16:34 < Thermi> ESXi does only allow outgoing packets that have the same source MAC address as was assigned to the guest network interface.
16:34 < SandwichToast> oh so if it was getting internet from vmware, it wouldn't work?
16:35 < Thermi> 23:33 <Thermi> ESXi does only allow outgoing packets that have the same source MAC address as was assigned to the guest network interface.
16:35 < Thermi> Layer two.
16:35 < Thermi> MAC:
16:35 < Thermi> MAC ADDRESS
16:35 < Thermi> NOT IP ADDRESS
16:35 < Thermi> Of course, when you pass in a real network adapter, it will probably work as if the OS wasn't virtualised.
16:37 < SandwichToast> Hrmm, I can't recall if I ever passed two network adapters to pfsense VM, iirc there were issues when I had multiple connections to the same switch from the server
16:39 < Thermi> connections to the same switch?
16:41 < SandwichToast> server has 4 NICs, I think when I had two connected to the same switch the network went down... sorry this is from memory playing with several new things at once (ESXi, new server, pfsense)
16:52 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:52 -!- zamba [marius@flage.org] has joined #openvpn
17:01 -!- n-st [~n-st@unaffiliated/n-st] has quit [Quit: ZNC - http://znc.in]
17:04 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
17:08 -!- n-st [~n-st@unaffiliated/n-st] has quit [Client Quit]
17:08 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
17:14 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
17:18 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 268 seconds]
17:53 -!- hennos [~midas8@167.160.44.254] has quit [Quit: Leaving]
17:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
17:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
17:59 -!- Denial- [~Denial@5.80.234.175] has joined #openvpn
17:59 -!- Denial [~Denial@5.80.234.160] has quit [Ping timeout: 244 seconds]
18:17 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
18:20 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:28 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
18:43 -!- grawity [grawity@virgule.cluenet.org] has quit [Ping timeout: 252 seconds]
18:44 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 256 seconds]
18:49 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 265 seconds]
18:50 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
18:51 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
18:51 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
19:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
19:04 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
19:15 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
19:18 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:19 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
19:26 -!- TinFury [~TinFury@67.230.41.128] has joined #openvpn
19:31 -!- TinFury [~TinFury@67.230.41.128] has quit [Ping timeout: 252 seconds]
19:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:35 -!- TinFury [~yaaic@72.27.77.149] has joined #openvpn
19:35 < TinFury> hey if I want someone to host a physical server of mine
19:36 < TinFury> Like my actual computer and they provide a space and internet connection
19:36 < TinFury> What is that called?
19:36 < mystica555> colocation
19:36 < mystica555> telehousing
19:36 < mystica555> datacentre space on a breadrack
19:41 < TinFury> Ok awesome thanks
19:43 < mystica555> no prob :)
19:44 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
19:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
20:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
20:27 -!- wheels_up [uid16219@gateway/web/irccloud.com/x-aqvfkkmpbdxxsbko] has joined #openvpn
20:30 < wheels_up> I'm new to OpenVPN and I'm confused about some terminology. I have a Ubuntu OpenVPN server, a couple laptop clients, and a Mikrotek router client with several computers behind it. I have the VPN set up successfully, and all traffic from the computers behind the router go through my VPN.
20:30 < wheels_up> I'd like to be able to connect to the computers behind that router from the other laptops that aren't behind the router. Is this possible? Is that what a site-to-site VPN is?
20:30 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
20:31 < wheels_up> !welcome
20:31 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
20:31 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:31 < wheels_up> Should have done that first
20:31 < wheels_up> !route
20:31 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
20:31 <@vpnHelper> client
20:32  * ecrist looks in
20:33  * Eugene looks naked
20:33  * ecrist eeews
20:34 <@ecrist> wheels_up: you're probably looking at iroute
20:39 < wheels_up> thanks, ecrist
20:39 < wheels_up> By the way, I'm limited to TCP with the router. Is there any significant drawback to that?
20:42 < phreakocious> wheels_up: it can result in some weird retransmission timing and duplicate packet issues in certain scenarios but usually works pretty well
20:42 < wheels_up> thanks, appreciate it
21:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
21:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:14 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:19 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:55 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
23:22 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
23:28 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:38 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
23:43 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
23:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
23:46 -!- ShadniX [dagger@p5481D721.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:46 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
23:46 -!- ShadniX [dagger@p5481D92A.dip0.t-ipconnect.de] has joined #openvpn
23:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
--- Day changed Thu Sep 10 2015
00:04 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
00:12 -!- grootseun [grootseun@dsl-197-245-183-81.voxdsl.co.za] has joined #openvpn
00:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
00:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:28 < grootseun> !opvnuke
00:28 < grootseun> !ovpnuke
00:28 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
00:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
00:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:33 -!- zamber [~zamber@78.9.6.84] has quit [Ping timeout: 244 seconds]
00:35 -!- chantra [~chantra@unaffiliated/chantra] has quit [Ping timeout: 244 seconds]
00:35 -!- zamber [~zamber@78.9.6.84] has joined #openvpn
00:36 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
00:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:36 -!- mode/#openvpn [+o mattock1] by ChanServ
00:38 < grootseun> Hi everyone, i'm having a real tough time setting up an openvpn server. I am running centos 6.6 and have setup everything, the service is running, I have disabled the firewall to test and also opened the port 1194 at our datacentre. My local client (windows) is also setup but only says "connecting" and then failed to connect after a couple of seconds. My server config is http://pastebin.com/s9L6aQnH
00:46 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
01:28 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:56 -!- apollo2k is now known as aPollO2k
02:05 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
02:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
02:07 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
02:10 -!- jezekus [~User@89.24.125.244] has joined #openvpn
02:12 < jezekus> Hello all, I would like to ask what is the correct config for TCP OpenVPN - I´m using in server config "proto tcp" but lately I found that I should use "proto tcp-server", in how to on the web is proto udp/tcp but in manual is proto udp/tcp-server/tcp-client. What is the correct way?
02:13 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 240 seconds]
02:19 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
02:21 -!- skyroveRR_ is now known as skyroveRR
02:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
02:42 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
03:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:20 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 268 seconds]
03:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
03:25 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
03:25 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
03:26 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:35 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
03:42 -!- jezekus [~User@89.24.125.244] has left #openvpn []
03:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
03:49 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
03:49 -!- mode/#openvpn [+o dazo_afk] by ChanServ
03:49 -!- dazo_afk is now known as dazo
03:54 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Ping timeout: 250 seconds]
03:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:57 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
04:06 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 264 seconds]
04:07 -!- ltd_ [z@tyl.wires.net.au] has quit [Ping timeout: 250 seconds]
04:07 -!- ltd [z@tyl.wires.net.au] has joined #openvpn
04:11 -!- showaz [~showaz@unaffiliated/showaz] has quit []
04:12 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:13 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
04:14 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
04:49 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has joined #openvpn
04:54 < leandrosansilva> Hello to all. I'm having issues with mtu settings and I am really thinking about using the option mtu-test in order to avoid setting manually the proper values. How reliable is this option on setting the right values? Should I use it on both client and server? by the way, I am using UDP and firewall is disabled (temporarly, in order not to interfere in the results)
05:08 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
05:10 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
05:13 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
05:27 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:16 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has joined #openvpn
06:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
06:42 -!- aPollO2k is now known as apollo2k
06:54 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 246 seconds]
06:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
07:05 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
07:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
07:07 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:12 <+esde> !beer
07:12 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
07:31 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:45 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has left #openvpn ["Leaving"]
07:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
07:50 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 256 seconds]
07:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:01 -!- TikityTik [~TikityTik@134.117.249.35] has joined #openvpn
08:02 < TikityTik> Hi, I'm still unable to connect to the internet via my VPN that I've setup.
08:02 < TikityTik> I'm able to connect to the internet when I'm using wired connection, but unable to when I'm using wifi at my school.
08:02 < TikityTik> I notice I'm able to get ping replies via IP when on wifi but not when using domain names.
08:02 < TikityTik> any help?
08:06 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
08:07 < TikityTik> !nat
08:07 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
08:11 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:12 -!- Tinyyy [~textual@128.199.100.211] has joined #openvpn
08:15 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 272 seconds]
08:17 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has joined #openvpn
08:24 < flyingkiwi> TikityTik, sounds like your schools DHCP server gave you a DNS server outside of your subnet. example: Your device get the address 10.1.2.3/24 and the DNS server 10.2.2.1
08:25 < flyingkiwi> Since OpenVPN replaces your default gateway (but not the configured dns server) the dns requests are sent to the new default gateway instead of your schools network
08:26 < TikityTik> flyingkiwi, so what should I do?
08:26 < flyingkiwi> Just set the dns server manually to a public one
08:26 < flyingkiwi> e.g. 8.8.8.8
08:26 < DArqueBishop> Does your server.conf push a DNS server?
08:26 < TikityTik> flyingkiwi, on the server?
08:26 < TikityTik> I believe so
08:27 < DArqueBishop> Mind pasting your server.conf?
08:27 < TikityTik> my server.conf http://sprunge.us/hiGJ
08:28 < TikityTik> I believe I push opendns dns servers
08:30 < DArqueBishop> Hrm.
08:31 < TikityTik> I also followed this guide, https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
08:31 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Ubuntu 14.04 | DigitalOcean (at www.digitalocean.com)
08:32 < flyingkiwi> TikityTik, can you verify that your OS really configured the pushed nameservers?
08:32 <@dazo> TikityTik: The whole step2 is flawed and is a security risk
08:32 <@dazo> you should never ever have the CA files on an openvpn server
08:33 < TikityTik> flyingkiwi, how would I verify that?
08:33 <@dazo> (with CA files, I mean the /etc/openvpn/easy-rsa directory)
08:33 < TikityTik> dazo, I'll try to fix that once I get this vpn working for wifi then lol
08:33 < TikityTik> yes
08:35 < flyingkiwi> TikityTik, I don't know your OS.
08:37 < TikityTik> flyingkiwi, I'm running ubuntu 15.04 on both the server and client
08:38 < TikityTik> I'm also getting an error on my client, ERROR: Linux route add command failed: external program exited with error status: 2
08:39 < TikityTik> before that, Thu Sep 10 09:21:41 2015 /sbin/ip route add 104.236.25.213/32 via 172.17.32.1
08:39 < TikityTik> RTNETLINK answers: File exists
08:39 < TikityTik> which I do not understand
08:41 < TikityTik> brb, restarting
08:41 -!- TikityTik [~TikityTik@134.117.249.35] has quit [Remote host closed the connection]
08:43 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
09:05 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
09:06 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 240 seconds]
09:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
09:07 -!- Tinyyy [~textual@128.199.100.211] has quit [Ping timeout: 240 seconds]
09:08 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
09:12 -!- TikityTik [86751cb5@gateway/web/freenode/ip.134.117.28.181] has joined #openvpn
09:12 < TikityTik> Alright I got a school desktop to stay connected from
09:12 < TikityTik> I had issues with my client OS and has to flush the main routing table which fixed let me connect again, and that made me able to connect to google and do a search for "IP" which shows my VPN host's IP.
09:13 < TikityTik> However, I'm unable to visit websites I've yet to visit.
09:13 < TikityTik> So I believe I'm still having issues with DNS when I'm connecting to the internet via my VPN.
09:15 < TikityTik> and now I'm no longer able to connect to google with my VPN
09:16 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:17 < flyingkiwi> TikityTik, IIRC Ubuntu's network manager is using dnsmasq to set the nameserver. Are you using the Ubuntu OpenVPN plugin or *pure OpenVPN*?
09:18 < TikityTik> flyingkiwi: pure openvpn
09:19 < TikityTik> from cli
09:19 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
09:20 <@dazo> TikityTik: do you have a --up script which updates /etc/resolv.conf?
09:20 < TikityTik> TikityTik: No, I merely do sudo openvpn --config client.conf
09:20 < TikityTik> err I meant dazo
09:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
09:20 <@dazo> !pushdns
09:20 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
09:20 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
09:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
09:21 <@dazo> TikityTik: if you don't tell openvpn to kick off a script which updates /etc/resolv.conf, your DNS settings won't be changed on non-Windows
09:23 < TikityTik> can't I instead tell it to refresh the DNS or something like so?
09:23 < TikityTik> or is that what the script should do?
09:23 <@dazo> TikityTik: ehh, that's the intention of that script
09:23 < TikityTik> i see
09:25 <@dazo> that !pushdns factoid isn't too updated, but both client.up and client.down scripts should normally be shipped with the openvpn package on most distros ... those scripts usually do the trick ... but if you have --user/--group in your config, I recommend running the client.down script using the down-root plugin
09:26 < TikityTik> where would these scripts be stored?
09:27 <@dazo> on Fedora/RHEL/CentOS/ScientificLinux it is under /usr/share/doc/openvpn-*/
09:29 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:30 < TikityTik> dazo: closest thing I see is home.up
09:31 <@dazo> https://github.com/OpenVPN/openvpn/tree/master/contrib/pull-resolv-conf ... here you have them
09:31 <@vpnHelper> Title: openvpn/contrib/pull-resolv-conf at master · OpenVPN/openvpn · GitHub (at github.com)
09:32 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
09:35 < TikityTik> dazo: I do have an update-resolv-conf file in my /etc/openvpn
09:36 <@dazo> I dunno how your distro packages things ... I just give you an idea what to look for and where to go to reach your goal, I'm not giving you a complete solution
09:36  * dazo heads out for a while
09:37 < TikityTik> thanks
09:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:43 < TikityTik> alright, it's finally working
09:43 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 255 seconds]
09:43 < TikityTik> but it works very slowly
09:45 < TikityTik> Apparently I'm getting SIGUSER1[soft,connection-reset]
09:45 < TikityTik> err SIGUSR1
09:46 < TikityTik> yeah, i keep getting connection reset every 5-10 seconds
09:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:49 < TikityTik> and /var/log/syslog is telling me that wlan0: RSN: failed to get master session key from pre-auth EAPOL sate machines
09:50 < TikityTik> and then, WLAN0: RSN: pre-authnetication with (some mac address) failed
09:59 <@plaisthos> TikityTik: that is wpa_supplicant error
09:59 <@plaisthos> !notovpn
09:59 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
09:59 <@plaisthos> you are loosing your wifi connection
10:00 < TikityTik> this happens only when I'm using openvpn. The client.up and client.down files did not work as the commands were not recognized, but the already given update-resolv-conf made it work.
10:00 -!- AnGrYfUrBy [~AnGrYfUrB@pdpc/supporter/active/angryfurby] has joined #openvpn
10:00 < TikityTik> However, I'm still losing connection.
10:01 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
10:02 < TikityTik> I'll be reading some guides for the client as it's a client issue
10:04 < AnGrYfUrBy> Hi Y’all does anyone know if the openvpn client for IOS has a route all ipv4 traffic through the vpn option
10:04 < AnGrYfUrBy> thanks
10:04 < TikityTik> I think that's up to the server
10:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
10:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
10:15 < TikityTik> On my routing config on my server, I have: -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
10:15 < TikityTik> so for my up/down scripts on my client, would I require the same IP and subnet? Also since this is has "eth0" does this mean it won't work for VPN clients on wifi?
10:17 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
10:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:23 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
10:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:26 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:29 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
10:38 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 260 seconds]
10:48 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
10:50 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
10:51 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 246 seconds]
10:53 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
10:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
11:01 -!- SineDeviance [~quassel@2602:306:3908:8eb0:49a4:facb:aa39:9029] has quit [Remote host closed the connection]
11:07 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
11:08 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has quit [Remote host closed the connection]
11:10 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
11:15 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has quit [Remote host closed the connection]
11:16 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
11:16 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has quit [Remote host closed the connection]
11:16 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
11:18 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has quit [Remote host closed the connection]
11:19 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
11:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:22 -!- TikityTik [86751cb5@gateway/web/freenode/ip.134.117.28.181] has quit [Ping timeout: 246 seconds]
11:27 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
11:33 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:38 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
11:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:55 -!- boinkie [~boink@219-249-47-212.rev.cloud.scaleway.com] has joined #openvpn
11:55 < boinkie> moin
12:02 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-xcxwoqzinvnkithp] has left #openvpn []
12:04 -!- AnGrYfUrBy [~AnGrYfUrB@pdpc/supporter/active/angryfurby] has left #openvpn []
12:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:16 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
12:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
12:19 -!- hennos [~midas8@167.160.44.254] has joined #openvpn
12:32 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:33 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
12:33 -!- skyroveRR_ is now known as skyroveRR
12:35 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:35 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:37 -!- oskiiiiii [~oskiiiiii@46.37.66.169] has joined #openvpn
12:38 < oskiiiiii> hi there
12:38 < oskiiiiii> I am trying to start a VPN with certificates
12:40 < oskiiiiii> i built a client certificate the same day I created CA, server, DH keys and TA. Certificates that I create following days does not work :(. Is necesary to create all the keys for client at the very same moment of the creation of CA, server, etc, or there is way of creating new ones when needed?
12:42 < oskiiiiii> Any place with information about how certificates works (any info I found is about the same example (one server and two clients, one with password and the other without)
12:42 < oskiiiiii> Sorry, that was a question: Any place with information about how certificates works?
12:43 < oskiiiiii> any help is appreciatted
13:10 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
13:16 < oskiiiiii> bye people
13:16 -!- oskiiiiii [~oskiiiiii@46.37.66.169] has left #openvpn []
13:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
13:27 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 244 seconds]
13:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:32 -!- dazo is now known as dazo_afk
13:36 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:41 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
13:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
13:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
13:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 272 seconds]
14:04 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:06 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:28 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
14:37 -!- hennos [~midas8@167.160.44.254] has quit [Quit: Leaving]
14:40 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
14:52 -!- APTX_ is now known as APTX
15:20 -!- TinFury [~yaaic@72.27.77.149] has quit [Read error: Connection reset by peer]
15:28 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
15:43 -!- hennos [~midas8@167.160.44.254] has joined #openvpn
15:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
15:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:09 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
16:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:33 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
16:33 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
16:34 -!- hennos [~midas8@167.160.44.254] has quit [Quit: Leaving]
16:40 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:43 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
16:43 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:12 -!- SandwichToast [49bc7423@gateway/web/freenode/ip.73.188.116.35] has quit [Ping timeout: 246 seconds]
17:32 -!- toli [~toli@ip-62-235-197-29.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:34 -!- toli [~toli@ip-62-235-242-24.dsl.scarlet.be] has joined #openvpn
18:22 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
18:23 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has left #openvpn []
18:27 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
18:32 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
18:54 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
18:58 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
19:14 -!- Buffman is now known as Buff|Away
19:22 -!- Buff|Away is now known as Buffman
19:22 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
19:24 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
19:27 -!- Buffman is now known as Buff|Away
19:36 -!- Buff|Away is now known as Buffman
19:38 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:56 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Remote host closed the connection]
19:57 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has joined #openvpn
19:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:07 -!- Buffman is now known as Buff|Away
20:13 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
20:50 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Read error: Connection reset by peer]
20:51 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
21:04 -!- LumberCartel [60352f2a@gateway/web/freenode/ip.96.53.47.42] has joined #openvpn
21:04 < LumberCartel> !poodle
21:04 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
21:05 < LumberCartel> !ovpnuke
21:05 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
21:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
21:17 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 256 seconds]
21:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 252 seconds]
21:24 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 248 seconds]
21:24 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
21:32 -!- Buff|Away is now known as Buffman
21:40 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
22:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:14 -!- Buffman is now known as Buff|Away
22:14 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
22:19 -!- LumberCartel [60352f2a@gateway/web/freenode/ip.96.53.47.42] has quit []
22:30 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
22:35 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has quit [Remote host closed the connection]
22:36 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
22:46 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has left #openvpn []
22:50 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Excess Flood]
22:53 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:02 -!- grootseun [grootseun@dsl-197-245-183-81.voxdsl.co.za] has quit [Read error: Connection reset by peer]
23:06 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:10 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
23:20 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:20 -!- mode/#openvpn [+o mattock1] by ChanServ
23:34 -!- Buff|Away is now known as Buffman
23:35 -!- Buffman is now known as Buff|Away
23:43 -!- ShadniX [dagger@p5481D92A.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:44 -!- ShadniX [dagger@p5481DFB6.dip0.t-ipconnect.de] has joined #openvpn
23:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
--- Day changed Fri Sep 11 2015
00:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:09 -!- baetheus [~brandon@null.pub] has joined #openvpn
00:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:24 < baetheus> Hello All, I've been trying to get openvpn working on smartos for a few hours with no luck. I've tried the same config/credentials from osx on the same network using tunnelblick just fine, so I'm fairly certain it's not a firewall. I've collected the config, openvpn version, and a verb 3 log here: http://pastebin.com/NpyYf4Gy
00:25 < baetheus> Any pointers would be appreciated.
00:43 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 255 seconds]
00:44 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has quit [Read error: Connection reset by peer]
00:46 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
00:49 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
00:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
00:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
00:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
01:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
01:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:15 -!- zamber [~zamber@78.9.6.84] has quit [Ping timeout: 244 seconds]
01:22 -!- zamber [~zamber@78.9.6.71] has joined #openvpn
01:53 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
02:15 < subzero79> baetheus, looks like wrong username password
02:15 < subzero79> is that a vpn provider?
02:37 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Read error: Connection reset by peer]
02:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
02:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:46 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:07 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:22 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
03:27 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
03:36 -!- dazo_afk is now known as dazo
03:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
04:01 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
04:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:07 < leandrosansilva> Hey guys, I am trying to forward openvpn connections (udp) to another server by using this iptables rule: iptables -t nat -A PREROUTING -p udp -i eth0 -d $SERVER_IP --dport 2343 -j DNAT --to $REMOTE_SERVER_IP:2343. The openvpn server ip port is 2343 on both them and I sure have openvpn running on $REMOTE_SERVER, I can even connect to it directly.
04:07 < leandrosansilva> But only this rule didn;t make the forwarding work.
04:08 < leandrosansilva> Do I need to add any other rule? I don't know, to forward the packages back to the clients?
04:13 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has quit [Ping timeout: 244 seconds]
04:14 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has joined #openvpn
04:15 < flyingkiwi> leandrosansilva, rule looks fine. Do you have ip forwarding activated? '# cat /proc/sys/net/ipv4/ip_forward'. Does the rule even match? ('# iptables -t nat -vnxL' and check the counters)
04:15 < leandrosansilva> ops, chatzilla crashed and I lost the last messages :-(
04:15 < flyingkiwi> There were no messages, except for mine :)
04:16 < leandrosansilva> well, ip forwarding is enabled on both machines
04:18 < leandrosansilva> and yes, the rule matches. Pkg number increasing
04:18 < flyingkiwi> Do you have a source nat rule?
04:19 < leandrosansilva> Do you know if some change is required in the server the packages are forwared to?
04:19 < flyingkiwi> Otherwise $REMOTE_SERVER will send the packets directly to the remote client
04:20 < flyingkiwi> I'm pretty sure the missing (?) SNAT is your problem
04:20 < leandrosansilva> No, I don't. I added only that rule on the first server
04:20 < flyingkiwi> iptables -t nat -A POSTROUTING -d $REMOTE_SERVER -p udp --dport 2343 -j MASQUERADE
04:21 < flyingkiwi> or:
04:21 < leandrosansilva> probably that's the problem
04:21 < flyingkiwi> iptables -t nat -A POSTROUTING -d $REMOTE_SERVER -p udp --dport 2343 -j SNAT --to 1.2.3.4
04:23 < leandrosansilva> ok, so I add this rule in the non-remote server?
04:24 < leandrosansilva> and which of those two rules them are more suitable?
04:25 < flyingkiwi> to the server which have $SERVER_IP, yes. MASQUERADE automagically uses one of the ip addresses of the outgoing interface. SNAT is using the address you specified
04:25 < flyingkiwi> So, depends on your needs
04:26 < leandrosansilva> ok, thx, trying that :-)
04:26 < leandrosansilva> the first one sounds good
04:28 -!- iceTwy [~iceTwy@unaffiliated/icetwy] has joined #openvpn
04:31 < leandrosansilva> flyingkiwi: it worked. Thank you very much Really :-)
04:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:47 < iceTwy> Hey. I'm trying to setup an OpenVPN server on a KVM VPS, and everything's been working great so far (certs & key generation, configs etc), but when I try to connect to the VPN from my home PC, I'm getting a "TLS key negotiation failed to occur within 60 seconds" error
04:48 < iceTwy> I've forwarded port 1194 on my home router; here are all the relevant logs & config files: server config: https://bpaste.net/show/2824fb5a7dde, client config: https://bpaste.net/show/d5f15281645b, server iptables: https://bpaste.net/show/db7887e32c34, ovpn-server log: https://bpaste.net/show/a40cc350df47, home pc log: https://bpaste.net/show/5a9b62244f8a
04:52 < iceTwy> TUN/TAP is enabled on the server, and port 1194 over UDP is forwarded on my home router, so I'm not sure why it doesn't work
05:06 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 272 seconds]
05:07 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
05:07 < iceTwy> oh, right, so here's the error
05:08 -!- iceTwy [~iceTwy@unaffiliated/icetwy] has quit [Quit: WeeChat 1.3]
05:08 -!- iceTwy [~iceTwy@unaffiliated/icetwy] has joined #openvpn
05:10 < iceTwy> I've found the issue; I've got two IPs on this VPS. I tried to connect to the one assigned to eth0 (let's call it 0.0.0.1) but it only works if I connect to the one assigned to eth0:0 (say 0.0.0.2)
05:10 < iceTwy> is there a way to correct this?
05:12 < flyingkiwi> You can define the "local" directive to force OpenVPN to only bind on that interface
05:14 < iceTwy> yes I can, indeed! thanks flyingkiwi
05:14 < flyingkiwi> You should also check (or paste) your netfilter rules. Sometimes fancy NAT rules are breaking UDP "connections"
05:17 < flyingkiwi> Taking a look into the connection tracking table (conntrack -L) is also a good start to debug source address problems
05:19 < leandrosansilva> Hi again, I unluckly set up my server with --verb 5, which is veery verbose. Now I am trying to change this value in runtime by using the management interface. Neither "mute 3" not "log 3" are working. In fact not "log off" worked. The server receives the msssage, but the verbosity continues
05:22 < leandrosansilva> openvpn 2.3.8
05:23 -!- iceTwy [~iceTwy@unaffiliated/icetwy] has quit [Ping timeout: 240 seconds]
05:24 -!- shiriru [~shiriru@84.238.182.88] has joined #openvpn
05:24 -!- shiriru [~shiriru@84.238.182.88] has quit [Remote host closed the connection]
05:27 < flyingkiwi> leandrosansilva, what about "verb 3"?
05:28 < nemysis> is safe to use with vpn keys option reneg-sec 86400
05:28 < flyingkiwi> leandrosansilva, works for me to set "verb x" via management interface
05:30 < flyingkiwi> nemysis, what do you mean by "safe"?
05:31 < nemysis> is good to not get disconnect
05:32 < flyingkiwi> renegoation should not "disconnect" you. Is this happening with the default (iirc 3600s)?
05:33 < nemysis> yes i have get disconnect before some minutes
05:34 < nemysis> with 21600 after two hours
05:35 < flyingkiwi> Did you get any useful error messages? OpenVPN has a fair renegotiation mechanism, so its unlikely to break your connection
05:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
05:37 < nemysis> have get  failed, will try again in 5 seconds: No route to host
05:37 < nemysis> and then Fri Sep 11 12:03:55 2015 TCP connection established with
05:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:41 < flyingkiwi> "No route to host" is not a OpenVPN renegotiation problem. Your default gateway/the specific route is probably eaten by some*thing*. Do you use "redirect-gateway" in your configs?
05:43 < nemysis> i have in server conf push "redirect-gateway def1 bypass-dhcp"  and now in client conf have added redirect-gateway def1 bypass-dhcp
05:48 < flyingkiwi> nemysis, whats the lifetime of your current DHCP lease?
05:49 < nemysis> now is  86400
05:50 < flyingkiwi> I mean the lease of your local network, not the OpenVPN network
05:51 < nemysis> i not use dhcp only static network on my local netwotk
06:15 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
06:20 -!- protn [5abfb766@gateway/web/freenode/ip.90.191.183.102] has joined #openvpn
06:20 < protn> hi
06:20 < protn> as per occam razor what could cause vpn to assign local ip aka ip from where i connect instead of vpn box ip?
06:20 < protn> I checked logs nothing there
06:21 < leandrosansilva> flyingkiwi: thx again, it worked :-)
06:23 < protn> it assigns box private ip
06:23 < protn> instead
06:23 < protn> I just checled
06:23 < protn> checked
06:24 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
06:24 -!- mode/#openvpn [+o plaisthos] by ChanServ
06:25 -!- protn [5abfb766@gateway/web/freenode/ip.90.191.183.102] has quit [Quit: Page closed]
06:46 < flyingkiwi> nemysis, do you have any idea why your routes disappear? Doesnt seem to be OpenVPN related. Can you please connect to your VPN and paste us "# ip route" output?
06:49 < nemysis> flyingkiwi, this http://susepaste.org/19572720
06:50 < flyingkiwi> Sorry, I meant: connect with your OpenVPN client to your OpenVPN server and paste us "
06:50 < flyingkiwi>  # ip route" from your client
06:52 < nemysis> http://susepaste.org/d371a2dc and now is connection stable
07:01 < flyingkiwi> nemysis, routing table looks good so far, so I don't have any clue why your connection is unstable. According to your routing table "No route to host" should *never* occur (even if openVPN dies).
07:02 < nemysis> ok i knew this have added in server and client comp-lzo
07:02 < flyingkiwi> So I can only guess you/something/someone is modifying/pruning the routing tables  sometimes? Some kind of a network manager script maybe?
07:02 < flyingkiwi> comp-lzo is fine
07:05 < nemysis> and use in resolv.conf in client nameserver 10.29.0.1
07:06 < nemysis> i not use in openSUSE Network Manager only YasT wicked, server is openSUSE 13.1 and client is openSUSE 13.2
07:08 < flyingkiwi> can you please take a look @ /var/log/syslog? Maybe you'll find some hints of somethings removing routes/restarting interfaces/etc...
07:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
07:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:11 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has left #openvpn ["Leaving"]
07:12 < nemysis> only in openvpn log [SERVER] Inactivity timeout (--ping-restart), restarting and SIGUSR1[soft,ping-restart] received, process restarting and Restart pause, 5 second(s)
07:17 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
07:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
07:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
07:24 -!- shiriru [~shiriru@84.238.182.88] has joined #openvpn
07:24 < nemysis> and what is better to use --log-append file or --log file
07:28 -!- shiriru [~shiriru@84.238.182.88] has quit [Client Quit]
07:36 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Quit: Leaving]
07:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
08:05 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 244 seconds]
08:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:12 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:17 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
08:18 < flyingkiwi> nemysis, "# man openvpn"
08:18 < flyingkiwi> depends on your needs
08:21 < nemysis> thanks have read also --help
08:24 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:26 < nemysis> now is connection very stable i use openvpn-2.3.8 on client and server
08:30 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:38 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
08:44 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
08:47 -!- rich0_ is now known as rich0
08:57 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
09:00 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
09:01 -!- nullsign is now known as OS-17344
09:05 -!- shiriru [~shiriru@84.238.182.88] has joined #openvpn
09:06 -!- shiriru [~shiriru@84.238.182.88] has quit [Remote host closed the connection]
09:07 -!- OS-17344 is now known as nullsign
09:17 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
09:33 < leandrosansilva> I have ~4k clients that should be connected to my server (using udp) but  it's taking a long time to they connect. For example, since I restart the server daemon, only 930 clients are connected. And it took hours to reach this number! How can I better investigate this issue? This server isrunning in a non-large instance on google clould engine. Aparently there is no network explicit...
09:33 < leandrosansilva> ...limitation on it. The logs do not say anything I can imagine to be related to this issue
09:41 < nemysis> why udp better is tcp
09:43 < leandrosansilva> It's a kind of legacy configuration, due performance issues/tcp overhead etc. I cannot change the clients configurations easily, so this server, which is replacing an old one, had to keep the same configuration
09:43 < leandrosansilva> the prvious one had a lot of problems, but the clients connected very quickly, within a few minutes
09:50 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-kxkcccyzoqxefyev] has joined #openvpn
09:52 -!- speeddragon [~speeddrag@188.17.103.87.rev.vodafone.pt] has joined #openvpn
10:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:04 -!- speeddragon [~speeddrag@188.17.103.87.rev.vodafone.pt] has quit [Remote host closed the connection]
10:08 -!- speeddragon [~speeddrag@188.17.103.87.rev.vodafone.pt] has joined #openvpn
10:10 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
10:11 <@dazo> leandrosansilva: that actually deepends on --keepalive/--ping/--ping-restart settings ... that defines how often openvpn client and server should ping each-other and how long to wait before reconnecting (that's on the client side)
10:14 < Thermi> !help
10:14 <@vpnHelper> (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.
10:19 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has joined #openvpn
10:24 -!- speeddragon [~speeddrag@188.17.103.87.rev.vodafone.pt] has quit [Remote host closed the connection]
10:25 -!- speeddragon [~speeddrag@188.17.103.87.rev.vodafone.pt] has joined #openvpn
10:26 -!- Denial- [~Denial@5.80.234.175] has quit []
10:27 -!- speeddragon [~speeddrag@188.17.103.87.rev.vodafone.pt] has quit [Remote host closed the connection]
10:27 -!- speeddragon [~speeddrag@188.17.103.87.rev.vodafone.pt] has joined #openvpn
10:30 -!- speeddragon [~speeddrag@188.17.103.87.rev.vodafone.pt] has quit [Remote host closed the connection]
10:31 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
10:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:33 < ki7rw> i got my firewall rules setup to prevent connections outside of the tunnel but now i can't connect to my printer or ping other hosts on the LAN - so far my research suggests establishing routes that get around this limitation but i'm wondering if there's a simpler solution
10:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:39 < flyingkiwi> ki7rw, just don't block packets to your local network ;)
10:41 < flyingkiwi> you probably already have a route to your local network, so this doesnt seem to be a solution for your problem
10:41 < ki7rw> i'm not an expert with iptables - i did try setting up the firewall rules to allow outbound packets on ports 631 and 9100 but the printer still doesn't work
10:41 < flyingkiwi> !paste
10:41 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
10:42 < flyingkiwi> better paste your firewall, otherwise nobody can suggest you anything related to your firewall setup
10:43 < ki7rw> i had to reconfigure the firewall to allow port 80 just so that i can access the router gui to be able to check router settings - that worked but the same process for the printer didn't
10:44 < ki7rw> flyingkiwi, i'm using ufw and can paste that info unless you want to see an iptables printout
10:46 < ki7rw> client side firewall :  http://pastebin.com/TzG2F5TR
10:47 -!- Denial [~Denial@5.80.234.175] has joined #openvpn
10:51 < ki7rw> server side firewall: http://pastebin.com/GtvKCUfk
10:54 < ki7rw> client side iptables: http://pastebin.com/TzS41y55
10:56 < ki7rw> if i unblock eth0 and wlan0 or disable the firewall everything works
10:58 < ki7rw> i got the idea to block the traffic on eth0 and wlan0 from a web site - it does force all traffic thru the vpn tunnel and i can get out to the internet but it's the local traffic that is the problem
10:59 < ki7rw> i thought it was a dns problem at first but i couldn't ping static addresses on the LAN by IP - the static addresses are in /etc/hosts
11:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:02 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:02 -!- AlmogBaku [~almogbaku@bzq-79-180-188-35.red.bezeqint.net] has joined #openvpn
11:04 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
11:06 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 255 seconds]
11:09 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
11:11 < ki7rw> looks like i got my problem resolved by adding this to the openvpn server config file: push "route 192.168.xxx.0 255.255.255.0"
11:11 < ki7rw> that's for the physical network addressing
11:15 < ki7rw> too bad i can't get openvpn setup on all devices on my network - since there's no option for it on the TV, Roku, etc.
11:17 < ki7rw> probably not necessary at my home but i've read a couple of articles that WPA2 isn't as secure as it once was
11:18  * ki7rw was concerned about webrtc leaks but it appears that netflix won't run on chrome if it's blocked
11:22 < ki7rw> now that i've posted details about my network i'll have to make a few changes
11:23 < ki7rw> call me paranoid
11:23 -!- Buff|Away is now known as Buffman
11:26 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:35 -!- hennos [~midas8@167.160.44.254] has joined #openvpn
11:42 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:43 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
11:45 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:45 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Read error: Connection reset by peer]
11:46 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
11:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:49 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Read error: Connection reset by peer]
11:50 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
11:56 -!- AlmogBaku [~almogbaku@bzq-79-180-188-35.red.bezeqint.net] has quit [Remote host closed the connection]
12:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:12 < nemysis> lol and gone
12:12 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
12:12 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has left #openvpn ["bye"]
12:27 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
12:29 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
12:33 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:34 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 256 seconds]
12:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:37 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
12:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:49 -!- dazo is now known as dazo_afk
12:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
12:58 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:59 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
13:01 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
13:03 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
13:07 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
13:09 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:13 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:19 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
13:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
13:20 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Quit: Oops, my ZNC appears to have died!]
13:24 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:27 -!- cyberanger [cyberanger@swissknife/adak/infocop411] has quit [Read error: Connection reset by peer]
13:35 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:41 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Quit: Leaving]
13:45 -!- Tenhi_ [~tenhi@178.18.241.180] has joined #openvpn
13:46 -!- Buffman is now known as Buff|Away
13:54 -!- Buff|Away is now known as Buffman
14:02 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
14:06 -!- Buffman is now known as Buff|Away
14:13 < ki7rw> it seems that something is erratic - i can ping some devices on the LAN but for others  i get ping: sendmsg: Operation not permitted
14:13 < ki7rw> i thought that i had all this set correctly
14:20 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 268 seconds]
14:32 -!- MrVandelay [~nox@sysv.se] has joined #openvpn
14:33 < MrVandelay> If I have an active openvpn tunnel open and I lose internet connectivity, restarting openvpn takes forever. I use systemd. What gives?
14:39 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:39 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
14:42 < Crew-L-T> hi, i've just set up my first openvpn configuration. and it all seems to work perfectly with tls and all the bells and whistles. but i can't seem to get the client to parse the ccd file, any really n00b things i should check?
14:44 < Crew-L-T> i'm pushing 4 routes from the server, and two of those routes belong to a client, so i activated the ccd directive, and created a file with the two iroutes in it, but still the client pulls all 4 routes from the server :(
14:45 < Crew-L-T> the file is named the same as the clients "cn" of course
14:47 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
14:48 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:53 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 246 seconds]
14:55 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
14:55 < Dr-007> !welcome
14:55 < Dr-007> !goal
14:55 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:55 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:55 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:57 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:58 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Read error: Connection reset by peer]
14:58 < Dr-007> i've got two seperate goals/questions. question/goal 1: is it possible to create a reversed proxy (or a tunnel of somekind) from an apache webserver directly to another webserver that is on the other side of an openvpn network
14:59 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
14:59 < mystica555> sure
14:59 < mystica555> openvpn is just like a network cable, in many ways
14:59 < Dr-007> nice
14:59 < mystica555> so treat it as nothing more than such, with a bit more implementation overhead, and you can do many things :)
15:00 < Dr-007> damn.. i kind of forgot my second question
15:00 < Dr-007> lol
15:00 < Dr-007> but thats nice, i'll implement a reversed proxy then
15:01 < MrVandelay> And no one knows why openvpn takes forever to systemd restart after losing internet connectivity while having a tunnel open?
15:02 < Dr-007> nope
15:02 < Dr-007> at least i don't know why :p
15:02 < mystica555> ive not dealt with it on systemd; most times i use networkmanager as a client (or tunnelblick back in the day...or just openvpn exe on windows) and i think i have it set to not quit but attempt to reestablish upon disconnection
15:03 < mystica555> the servers, some of which run it under systemd, have for the most part not had disconnections in my experience..
15:03 < mystica555> although i am a huge fan of openwrt and use it almost exclusively if i can for vpn serving
15:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:04 < mystica555> it uses 'procd', a small internal invention similar to what systemd wanted to accomplish before it bloated to all get out
15:04 < mystica555> and 'netifd' up/down's the network connections as necessary
15:04 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
15:05 < MrVandelay> mystica555: I don't think systemd is the problem
15:06 < mystica555> its probably not
15:06 < MrVandelay> mystica555: I don't care about random disconnects or automatic re-establish of the tunnel. I can fix that
15:06 < MrVandelay> mystica555: I'm just wondering why it takes openvpn such a long time to kill an active tunnel after losing internet connectivity while it was active, and then establish a new one
15:06 < MrVandelay> I had that problem on Windows aswell
15:06 < mystica555> because timeouts are set very high
15:07 < MrVandelay> No, I'm talking about when I manually restart openvpn
15:07 < mystica555> you can manually set keepalives to be every 5-10 seconds; and maybe 30s timeout
15:07 < mystica555> or less
15:07 < mystica555> oh, then i don't really know
15:07 -!- dmz [~dmz@unaffiliated/dmz] has joined #openvpn
15:07 < MrVandelay> Yeah I haven't found anything about it either
15:07 < MrVandelay> I noticed this problem first when I was using windows and windows would hibernate with an active tunnel
15:07 < MrVandelay> afterwards it took about 45-50 seconds to manually reconnect the tunnel
15:07 < MrVandelay> same thing with systemd on arch
15:08 < mystica555> the way i see it, is that its still a factor of connection timeout
15:08 < mystica555> unless you kill -9 the openvpn service and immediately restart it, it thinks the traffic just went silent for a while - has no idea it slept for hours/days
15:08 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
15:09 < MrVandelay> But that shouldn't matter if I systemctl restart openvpn@bleh.service
15:09 < MrVandelay> It should restart the service regardles of if it's working or not
15:09 < mystica555> it may be trying to gracefully restart
15:09 < mystica555> kill -9
15:09 < MrVandelay> Right. Yeah, Kill -9 works. But it makes me feel dirty.
15:09 < mystica555> if you want to make sure something dies -now- kill -9
15:09 < MrVandelay> Yeah I know
15:09 < mystica555> or set your keepalives and timeouts insanely low
15:09 < mystica555> or figure out if the init script / sytemd unit is gracefully asking it to stop, and modif ythat
15:10 < MrVandelay> Aye. I have that on my todo list. But I've got some many projects going at the moment (and I haven't fully gotten up to date with systemd either) that it's not for today
15:11 < MrVandelay> I had hoped someone had run into this issue already
15:11 -!- Buff|Away is now known as Buffman
15:11 < MrVandelay> s/some/so
15:14 < Crew-L-T> can anyone help me figure out why my client/server doesn't parse the client config file?
15:14 -!- synapse [~sarah@unaffiliated/synapse] has joined #openvpn
15:14 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:15 < synapse> Hi guy/girls I need help with openvpn
15:15 < synapse> I can't connect
15:19 -!- MrVandelay [~nox@sysv.se] has quit [Quit: WeeChat 0.3.8]
15:21 -!- MrVandelay [~nox@sysv.se] has joined #openvpn
15:23 < Crew-L-T> i've got the whole setup up and running with routing across the tunnel, and tls on an hourly rotation. but the routing table on the client get messed up on every connect due to a fail to parse the ccd file for the client. any tips/hints?? i'm dropping root priviledges on startup.
15:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
15:25 -!- Buffman is now known as Buff|Away
15:27 -!- MrVandelay [~nox@sysv.se] has left #openvpn []
15:38 < synapse> Crew-L-T you're doing better than me
15:38 < synapse> I can't even connect
15:38 < synapse> It's doing my head in something horrid
15:38 < Crew-L-T> well what are you doing?
15:38 < Crew-L-T> send me some config in a msg, and i'll try to help as best i can :)
15:39 < synapse> Crew-L-T All the logs show it's fine
15:39 < synapse> I just can't connect
15:39 < Crew-L-T> to what?
15:39 < Crew-L-T> from where?
15:39 < synapse> But there's no reports of any connection attempts
15:39 < synapse> OpenVPN running on my server
15:39 < synapse> Trying to connect from home box
15:40 < Crew-L-T> do you have a clear open path to your server?
15:40 < synapse> There's no firewalls if that#s what you mean
15:40 < Crew-L-T> f..ex. port 1194
15:41 < Crew-L-T> well can you ping the server in question?
15:41 < synapse> dude come on
15:41 < Crew-L-T> just to establish a baseline
15:41 < Crew-L-T> ok
15:41 < synapse> I'm ssh'd into the server, I have many daemons running on the box with services
15:41 < Crew-L-T> try to nmap the port you opened then
15:42 < synapse> I just told you above I done all that
15:42 < Crew-L-T> see if it's listening
15:42 < Crew-L-T> just came back from surfing the web, sorry didn't read the backlog
15:43 < synapse> nah it's fine I'm just real grumpy right now as i spent hours on this
15:43 < synapse> maybe I should give up and try again tomorrow
15:43 < Crew-L-T> if you netstat -unlp
15:43 < Crew-L-T> is the port open on the server?
15:44 < synapse> nice command
15:44 < synapse> It shows it's open
15:44 < synapse> 0.0.0.0:1194
15:44 < Crew-L-T> well, you're half way there
15:44 < synapse> honestly I'm not
15:44 < synapse> I've been trying to connect for hours
15:44 < Crew-L-T> the server is up
15:45 < synapse> it's definitely up
15:45 < Crew-L-T> compare you're config's on the server and client, they have to match
15:45 < synapse> sec
15:45 < Crew-L-T> do you use tls or shared key?
15:45 < synapse> I use easy-rsa
15:45 < synapse> shared key I think
15:46 < synapse> ca.crt, **.key **.crt
15:46 < Crew-L-T> easy-rsa is for tls
15:46 < Crew-L-T> openvpn --gen-key , or somethinglike that is for shared key
15:47 < Crew-L-T> good, then i assume you have you're ca setup
15:47 < synapse> Do they have to match word for word, byte for byte (the configs)
15:47 < synapse> Surely if they didn't match I'd still be able to see a connection attempt though
15:47 < Crew-L-T> and key's and certs for server and client(s)
15:47 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:47 < Crew-L-T> no
15:47 < synapse> no?
15:50 < synapse> the client.conf I have on my client where would client.cong be on the server
15:50 < Crew-L-T> just the port, dev and cipher, must match and tls keys and certs have to point to the correct files, while server/client have to be respective to role.
15:51 < synapse> client.conf
15:51 < Crew-L-T> oh and comp-lzo, must match if used
15:51 < Crew-L-T> brb, get some wine
15:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
15:53 < synapse> don't get on the piss just yet lol
15:53 < Crew-L-T> np
15:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
15:53 < synapse> fuck I may even give up and get on the piss myself
15:53 < Crew-L-T> lol
15:53 < synapse> lol
15:55 < Crew-L-T> well, it isn't to hard to get connected, i just can't figure out what i'm doing wrong, have checked permissions on both sides, and it seems to be fine. but still my client fucks up every time :(
15:56 < Crew-L-T> so i have to manually reset the routes to get full connectivity back after connecting the vpn
15:57 < Crew-L-T> that is not how i want it to be
15:58 < Crew-L-T> when i turn on the computer it should boot up with the vpn tunnel setup and all routes correctly in place
15:58 < synapse> Everyone else is out on the jesus juice hence how it's only me and you talking here
15:58 < Crew-L-T> obviously
15:59 < Crew-L-T> damnit, i need some guru right now :P
15:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:00 -!- adraenwan [~quassel@vanguard.tfnux.org] has left #openvpn []
16:02 < Crew-L-T> friday 11pm, and irc is almost totally silent
16:03 < Crew-L-T> just a few channels that have ppl talking
16:04  * Crew-L-T raises the wine glass for a toast.
16:05 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 265 seconds]
16:05 < Crew-L-T> to all those about to loose their way tonight :p
16:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:09 -!- Buff|Away is now known as Buffman
16:09 < synapse> lol
16:09 < synapse> cracking me up
16:10 < synapse> it's cos we have no life
16:10 < Crew-L-T> who us
16:10 < synapse> me more so, I don't even have any wine
16:10 < Neighbour> Crew-L-T: "any tips/hints?? i'm dropping root priviledges on startup." <-- That's your problem right there
16:10 < Crew-L-T> well all files are readable by the user/group that it is dropped to
16:11 < Neighbour> and the system's routing table? :)
16:11 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:11 < Crew-L-T> it's working fine i can send any trffic through the tunnel
16:12 < Neighbour> yes, but you said the routing table on the client gets messed up upon disconnecting/reconnecting
16:12 < Neighbour> i'm assuming the client also drops root privileges?
16:12 < Crew-L-T> yeah, but i manually correct it of course
16:12 < Crew-L-T> yupp
16:12 < Neighbour> when the server pushes routing info (from the ccd, for example) to the client, the client instance can't update the kernel routing table due to insufficient rights
16:13 < synapse> FUCK YES YES got it working
16:13 < Crew-L-T> synapse: good for you
16:13 < synapse> man
16:13  * Crew-L-T cheers synapse 
16:13 < synapse> NOW I'm getting the wine open
16:13 < synapse> config files didn't match
16:14 < Crew-L-T> Neighbour: so if i don't drop root priviledges on the client it should work?
16:14 < Neighbour> if my theory holds, yes :)
16:14 -!- Buffman is now known as Buff|Away
16:14  * Crew-L-T scratching his head
16:14 < Crew-L-T> brb, try now
16:14 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
16:15 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:15 < Crew-L-T> nope
16:16 < Crew-L-T> that's not it
16:16 < Neighbour> hmm, do the logs on the server show that the routes get pushed?
16:16 < Crew-L-T> gimme a moment, have to connect a screen and kb to the box :P
16:17 < Neighbour> sure
16:19 -!- Buff|Away is now known as Buffman
16:21 < synapse> Technically I should be able to access the intranet now
16:21 < synapse> but I can't
16:22 < Crew-L-T> ok
16:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 250 seconds]
16:23 < Crew-L-T> done
16:23 < Crew-L-T> lemme just reconnect
16:23 < ki7rw> can anyone explain this network problem? http://pastebin.com/A9ks37Y2
16:25 < Crew-L-T> Neighbour: still here?
16:26 < Neighbour> yes
16:26 < Neighbour> ki7rw: is there anything in /var/log/syslog when that error occurs?
16:27 < Neighbour> (or in dmesg)
16:27 < Crew-L-T> the log says: send_push_reply(): safe_cap=940
16:27 < Crew-L-T> any idea???
16:29 < Neighbour> i'm looking through my own logs for the example to show you :)
16:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:30  * Crew-L-T is anxious to see 
16:31 < Crew-L-T> brb, smoke some while i'm waiting
16:32 < Neighbour> Sep 11 13:11:57 openvpn01 ovpn-server[2663]: <user>/<remote_ip>:52029 SENT CONTROL [<user>]: 'PUSH_REPLY,route 10.0.15.129,topology net30,ping 10,ping-restart 120,route 172.16.0.0 255.255.0.0,ifconfig 10.0.15.133 10.0.15.134' (status=1)
16:32 < Neighbour> something like that
16:32 -!- hennos [~midas8@167.160.44.254] has quit [Quit: Leaving]
16:32 < Neighbour> it should be right after the line you pasted
16:33 < Neighbour> that's what the server pushes out to the client...it has lots of data, amongst extra routes (172.16.0.0/255.255.0.0 for this example)
16:36 < ki7rw> Neighbour, nope
16:36 < ki7rw> Neighbour, there's some stuff about the vpn link but that's it
16:37 < Crew-L-T> Neighbour: there's nothing after the line i pasted
16:37  * Crew-L-T scratching head
16:37 < Neighbour> hmm, maybe your loglevel's lower than mine
16:37 < Crew-L-T> i'll change it, what verb should i set
16:38 < Neighbour> i'm using 4
16:38 < Neighbour> (higher is more verbose)
16:38 < Crew-L-T> ok, that it then
16:38 < Crew-L-T> i know
16:38 < Crew-L-T> i'm just using the default level
16:38 < Crew-L-T> i think it is 1
16:38 < Neighbour> ki7rw: that error only occurs if the kernel can't get things working...like if you're pinging a network you're not on, and there's no default route set
16:39 < Neighbour> or your firewall drops the packets :)
16:39 < Crew-L-T> synapse: did you get it working?
16:39 < ki7rw> well, i'm on the same subnet and i can ping the device in question with the client firewall disabled
16:40 < Neighbour> ki7rw: then there's some rule in the firewall that drops your ICMP ping packets
16:40 < ki7rw> i can ping other machines on the same subnet with the firewall enabled so it doesn't strike me as a firewall problem
16:40 < Neighbour> check if there's something on that host (or subnet) in iptables -L -n -v
16:41 < Crew-L-T> i have a similar problem, as a secondary issue
16:41 < Neighbour> probably in the OUTPUT chain (for packets leaving your machine) or INPUT chain (for packets destined for your machine)
16:42  * Crew-L-T is focusing on the ccd problem first
16:43 < Neighbour> Crew-L-T: do you use jail functionality on the openvpn server?
16:43 < ki7rw> Neighbour, http://pastebin.com/yUk0GYq5
16:43 < Crew-L-T> Neighbour: nope
16:43 < Crew-L-T> just dropping priv's
16:44 < Neighbour> Crew-L-T: ok, that happened to me...access rights for the ccd was all fine, except openvpn was chrooted and couldn't reach the ccd from within the jail...
16:45 < Crew-L-T> i'm modifying the config's now, just a moment and i can give some more detail's
16:45 < Neighbour> ki7rw: i'm missing the icmp type 0 (echo reply)
16:45 < Neighbour> ki7rw: also, due to grepping, I'm unable to tell which chain those rules are in
16:45 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has joined #openvpn
16:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:49 < Crew-L-T> dang, lost connection to the server-side, one more moment :P
16:49 < ki7rw> http://pastebin.com/6FwcZXfg
16:50 -!- HardWall [~HardWall@2a02:2f0e:1d5:3700:e497:8f6c:28a0:de0e] has joined #openvpn
16:51 < Neighbour> ki7rw: mmkay, so those are custom chains created by your firewall software. They're probably called from within the INPUT or FORWARD (or OUTPUT) system chains
16:51 < Crew-L-T> Neighbour: i hope ur patient?
16:51 < Neighbour> still, for ping to work, you need to allow type type 8 (ICMP echo) and type 0 (ICMP echo reply)
16:51 < ki7rw> Neighbour, FYI - i'm using ufw
16:51 < Neighbour> Crew-L-T: very :)
16:51 < Crew-L-T> Neighbour: good, brb
16:52 < Neighbour> ki7rw: yea, the chains started with that prefix...still, I've got no prior experience with that
16:53 < Crew-L-T> i hate routing loops
16:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 255 seconds]
16:54 < ki7rw> the ping was working after a reboot of both the router and client but eventually became erratic - i had to push a route out from the vpn server just to get ping to work because i have firewall rules in place to block all traffic except for the tun interface - works great for the most part but with these bugs i'm reluctant to deploy the settings across other hosts
16:55 < Neighbour> ki7rw: well, complicated firewalling complicates :P
16:55 < Neighbour> but try to see if you get replies if you add icmp type 0 to the allowed list
16:55 < ki7rw> it would have been nice to force everything thru the tunnel on the server config but not all my stuff can be configured for vpn
16:56 < ki7rw> Neighbour, yep, i was thinking that earlier - the more complicated the network the more likely you'll have problems
16:57 < Neighbour> but the basis seems ok, since it works when you disable the firewall
16:57 < ki7rw> my ultimate goal is to enforce using the vpn tunnel
16:57 < ki7rw> at least for the mobile devices
16:58 < Crew-L-T> ok, access restored
16:58 < Crew-L-T> lemme have a look at the logs
17:00 < Neighbour> ki7rw: something like having the default route pointing to the tunnel interface?
17:04 < ki7rw> Neighbour, generalized but maybe that helps to build an understanding? http://pastebin.com/T7QkW1gK
17:07 < Neighbour> ki7rw: hmm, so the device itself is router2?
17:07 < Neighbour> and if you ping itself, you get that error?
17:07 < Crew-L-T> Neighbour: well the logs now became very much more informative, thanks so much
17:07 < Neighbour> Crew-L-T: np, but informative enough to track the problem? :)
17:07 < ki7rw> i can't ping the router from the client but i can ping the router on it's cli
17:08 < Crew-L-T> but the client or server, i'm not entirely sure about this, doesn't parse the ccd file
17:08 < Neighbour> ki7rw: I suspect that's because the icmp type 0's are blocked in the output from the router
17:08 < Crew-L-T> the routes get added as they are pushed from the server, with no regard to the ccd file
17:09 < Neighbour> Crew-L-T: the server needs to parse the ccd and apply the commands in it to the connection to the client
17:09 < Crew-L-T> ok, that helps in narrowing down the problem
17:10 < Neighbour> Crew-L-T: does the output of 'namei -l /etc/openvpn/ccd/client-file' help any?
17:10 < Neighbour> (with regards to determining if the server can access the file)
17:11 < Neighbour> (or whatever the fullpath of your ccd-file is) :)
17:11 < Neighbour> ki7rw: pinging the router from cli doesn't go over the eth0-interface, but over lo (which usually has an accept-all rule on it)
17:11 < Crew-L-T> Neighbour: yeah, the access is correct
17:12 < Neighbour> ki7rw: but when pinging it from another device, the router needs to be able to send icmp echo reply packets, (icmp type 0), which are currently not allowed
17:12 < Neighbour> Crew-L-T: hmm, then my last straw with regards to debugging tools...strace
17:13 < Neighbour> can you start your openvpn daemon manually on the server-side?
17:13 < Crew-L-T> yes
17:13 < Neighbour> but with strace
17:13 < Crew-L-T> sure, but how, never used strace before
17:14 < Neighbour> so `strace -f openvpn --config /path/to/config &> ~/openvpn.strace`
17:15 < Crew-L-T> ok, one moment
17:15 < Neighbour> it should create a file called 'openvpn.strace' in your homedir (/root if you are starting it as root) which will contain everything the openvpn executable does with regards to memory and files
17:15 < Neighbour> start it up with that, connect the client, then close both (ctrl+c the server)
17:16 < Neighbour> then look in the strace-file for the ccd file it should use and check if there are any errors accessing it (or not, in which case you will have verified that openvpn can and does open and read the ccd-file)
17:19 -!- HardWall [~HardWall@2a02:2f0e:1d5:3700:e497:8f6c:28a0:de0e] has quit [Read error: Connection reset by peer]
17:24 < Crew-L-T> i'm trying now, starting the server
17:25 < Neighbour> when starting the server this way, you won't be returned to the prompt
17:25 < Crew-L-T> same on the client?? or no need, since the acces is just on the server
17:26 < Neighbour> maybe later, but right now we want to debug the server :)
17:26 < Neighbour> so you can start the client the usual way
17:26 < Crew-L-T> oh, i got a prompt :p
17:26 < Neighbour> hmm, ok :)
17:26 < Crew-L-T> deamonized it
17:26 < Neighbour> ah
17:26 < Neighbour> then you get a prompt :)
17:26 < Crew-L-T> lemme just get the client up
17:28 < Crew-L-T> oh, i hate routing loops
17:28 < Neighbour> again? :)
17:30 < synapse> I'm on my vpn but I can't access the intranet?
17:30 < Crew-L-T> yupp, but i solved how not to have to move over to the box every time
17:30 < synapse> localhost is still referring to my machine, not the vpn server
17:31 < Crew-L-T> now i'm just pushing one of two routes, so i can still connect from one ;)
17:32 < Crew-L-T> well, the openvpn.strace down's mention the ccd file in question
17:32 < Neighbour> when the client is connected, and finished setting up the tunnel, you can stop the client and the server (kill the openvpn process, that should also terminate the strace)
17:32 < Crew-L-T> down's=doesn't
17:33 < Crew-L-T> ps aux | grep strace is your friend here
17:33 < Neighbour> hmm, do you even have the "client-config-dir /etc/openvpn/ccd"-directive in your server config? :)
17:34 < Neighbour> yes, but you don't have to kill the strace, killing the process it's tracing shuts down the trace as well
17:34 < Neighbour> (the other way around doesn't quite work, in my experience)
17:36 < Crew-L-T> yes, the directive is enabled, and i also enabled the ccd-exclusive directive
17:37 < Crew-L-T> ok, i've killed it
17:37 < Crew-L-T> and the trace doesn't mention the ccd file at all
17:37 < Crew-L-T> or the ccd folder
17:37 < Neighbour> you did use the -f switch for strace? :)
17:38 < Crew-L-T> copied your message and put my config in it
17:38 < Neighbour> hmmm
17:38 < Crew-L-T> i'll msg you the namei output if you'd like to have a look
17:39 < Neighbour> sure
17:40 < Neighbour> the thing is, if openvpn was trying to access the ccd-file and couldn't (for whatever reason), that should be in the strace log
17:43 < Crew-L-T> as far as i can see from the client logs now, it does receive the iroutes, but doesn't honour them for some reason
17:43 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
17:43 < Neighbour> aah, but iroutes are for the server only :)
17:43 < Crew-L-T> yes and no
17:44 < Crew-L-T> iroutes define the owner of a subnet, according to the man pages
17:44 < Crew-L-T> and this client owns two subnets, which i want to push routes for to other clients
17:45 < Crew-L-T> so that's why i have defined the client-to-client also
17:46 < Neighbour> the iroute is so that the the openvpn *server* will know which packets to route to which openvpn client connection
17:47 < Neighbour> a log-entry on the server where the iroute is used should look like this:
17:47 < Neighbour> Aug 27 12:37:05 openvpn openvpn[17232]: <user>/<remote_ip>:17298 MULTI: internal route 10.15.0.0/16 -> <user>/<remote_ip>:17298
17:47 < Crew-L-T> yes, but it also should prevent the owner of the subnet from setting routes to the subnets
17:48 < Crew-L-T> through the tunnel that is
17:48 < Neighbour> hmm, I'm not quite sure I get what you mean by the "owner" of a subnet
17:49 < Neighbour> i do know that even if your kernel routing table is setup just peachy, without the iroute directive telling your openvpn process how to route incoming packets, it won't route properly
17:49 < Crew-L-T> my server is on subnet 192.168.146.0/24 hence it owns that subnet, while my client has access to 192.168.144.0/24 & 192.168.145/25
17:50 < Crew-L-T> i'd like both of the client side routes to get pushed to my laptop when i'm out and about, but not to my client at home
17:51 < Neighbour> um, in my case, the iroute in the ccd file is for the client's subnet(s)
17:51 < Crew-L-T> exactly
17:51 < Neighbour> and your laptop is located where in this picture?
17:51 < Crew-L-T> so that openvpn know who "own's" which subnet
17:52 < Neighbour> I'd prefer "is on", but hey :)
17:52 < Crew-L-T> outside the home-net, but that is for the future
17:53 < Neighbour> so your server is on network A (192.168.146/24), there is some client on B (192.168.144/24) and C (192.168.145/25), and there is a laptop somewhere else (D)?
17:53 < Crew-L-T> now i just want to get the home-client to not set those two specific routes
17:53 < Neighbour> because I'm a bit confused as to what's what right now :)
17:54 < Crew-L-T> no client on net c
17:54 < Crew-L-T> the vpn is running on 192.168.147.0/30
17:55 < Crew-L-T> it's just another layer of security for the wifi-interlink i'm running out to the servers
17:55 < Neighbour> but you want your laptop openvpn client to be able to reach network C?
17:55 < Neighbour> via the openvpn-server to the client that's on C
17:55 < Crew-L-T> the whole /22 subnet ideally, but like i said, that's for the future
17:56 < Neighbour> and I take it you have pushed the route to network C in your laptop's ccd?
17:57 < Neighbour> and the route to your laptop's subnet in the client's ccd (since you need both endpoints to have a route to the other's network)
17:57 < Crew-L-T> no, didn't start the laptop project yet, since i can't get the interlink server & client to do as they are told
17:57 < Neighbour> ah, so let's go back to what you want with the current setup then :)
17:57 < Crew-L-T> ok let me try to make a simple drawing, uno momento
17:58 < Neighbour> it's bedtime here, so i'll start cleaning things up on this end and check back periodically
17:59 < Neighbour> (water plants, lock doors, turn down lights, brush teeth...the works :)
18:00 < Crew-L-T> 192.168.146.0/24< VPN 192.168.147.8/29 [WiFi 192.168.147.0/30] > 192.168.144.0/24 <-> 192.168.145.0/25
18:00 < Crew-L-T> inet gw from 144.0/24 & 145.0/25
18:02 < Crew-L-T> for now i just want the client in 144 to honor the iroute command and not set routes to itself
18:02 < Neighbour> um, the client never gets the iroute command, that's for the server process only
18:03 < Neighbour> so what happens on the client that you don't want to happen?
18:03 < Crew-L-T> from the man page: In order for all clients  to  see  A's
18:03 < Crew-L-T>               subnet,  OpenVPN must push this route to all clients EXCEPT for A, since the subnet is already
18:03 < Crew-L-T>               owned by A.  OpenVPN accomplishes this by not not pushing a route to a client  if  it  matches
18:03 < Crew-L-T>               one of the client's iroutes.
18:04 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-pnkulpbmbgtyhjst] has quit [Ping timeout: 252 seconds]
18:04 < Crew-L-T> so the logic is, push your routes, add iroutes for for own net and don't recieve push
18:04 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 252 seconds]
18:05 < Crew-L-T> but it doesn't work
18:05 < Crew-L-T> or am i off by a mile here
18:05 < Neighbour> is it? The way I read it is that openvpn has "push route" directives for A's subnet (in the main configfile, so it goes to *all* clients, except the client that has the iroute for that subnet in it's ccd)
18:06 -!- willeponken [~willeponk@2a03:b0c0:2:d0::1c0:f003] has quit [Ping timeout: 252 seconds]
18:06 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 252 seconds]
18:06 -!- rbxs [~rbxs@92.63.171.51] has quit [Ping timeout: 252 seconds]
18:06 < Crew-L-T> samething
18:06 < Neighbour> and the way openvpn determines which client not to push the route to is because of the presence of the iroute directive
18:06 < Crew-L-T> well the directives are there, but the server still pushes the route to the client
18:06 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
18:07 < Crew-L-T> and that is the great why
18:07 < Crew-L-T> well, thanks anyway for all your help
18:07 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
18:07 < Crew-L-T> Neighbour: sleep well
18:07 < Neighbour> can you put the server's config, client's config and the ccd in a private pastebin perhaps?
18:08 < Crew-L-T> i'm getting a bit too drunk to continue with this sensitive operation, so i'm thinking to pick it up tomorrow maybe
18:09 < Neighbour> ok, that's probably for the better then :)
18:09 < Crew-L-T> i'll look in here then, and we can talk more then
18:09 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-eqffjlhkifehsyvo] has joined #openvpn
18:10 < Neighbour> i'm not here all day, but maybe someone else will know more rapidly what's happening and how to fix it :)
18:12 < synapse> Crew-L-T you got it all working?
18:12 < Crew-L-T> i'll check in when i'm up
18:12 < Crew-L-T> synapse: i got all connected yes
18:13 < Crew-L-T> but i still have some issue with the routing push from the server
18:14 < synapse> I literally just configured mine
18:14 < Crew-L-T> nice
18:14 < synapse> My Ip is now my servers IP so it's all going ok
18:15 < synapse> the only weird thing
18:15 < synapse> is I have nginx running, I was expecting to be able to access the intranet you know?
18:16 < synapse> Crew-L-T what's not working for you?
18:16 < Crew-L-T> which one, the virtual one in the vpn, or the one the server is on, or server to client???
18:16 < synapse> under root, did you run this? echo 1 > /proc/sys/net/ipv4/ip_forward
18:16 < synapse> that's important
18:17 < synapse> on your server
18:17 < Crew-L-T> not really, but something to the same effect yes
18:17 -!- Buffman is now known as Buff|Away
18:17 < synapse> Crew-L-T I am talking about being connected to my vpn server and I browse the web etc. When I type in localhost it doesn't show me the web server
18:17 < Crew-L-T> i'm running both my client and server on routers in my internal network
18:17 -!- Buff|Away is now known as Buffman
18:18 < synapse> oh i see
18:18 < synapse> my server is in Germany and I'm in England
18:19 < Crew-L-T> well i'm have another tunnel open home to my dad's network also, if that counts :p
18:20 < synapse> no it doesn't count, it's not leet enough
18:20  * Crew-L-T is _very_ sad
18:20 < synapse> lol
18:20 < Crew-L-T> and a bit drunk
18:20 < synapse> nice
18:20 < synapse> I popped an oxy earlier
18:21 < synapse> so I'm feeling pretty chill
18:21 < Crew-L-T> i ate my share of codein tadoy
18:21 < Crew-L-T> tadoy=toady
18:21 < Crew-L-T> toady=today
18:22  * Crew-L-T is getting really drunk
18:22 < Crew-L-T> damn it
18:23 < synapse> haha nice
18:23 < synapse> a fellow opiophile
18:24 < synapse> life's too short to stay sober
18:24 < synapse> did you set up iptables properly
18:24 < Crew-L-T> i'm working on it
18:25 < Crew-L-T> but having some issues
18:26 < Crew-L-T> can't access inet from beyond the tunnel or inside the tunnel, but the fw is on a separate box, so that can wait
18:27 < Crew-L-T> i think i know what the problem is, so just need some testing
18:30 < Crew-L-T> synapse: how about you? got the forwarding working properly?
18:34 < synapse> yeah
18:35 < synapse> the forwarding works great
18:35 < synapse> just certain things not working as expected
18:35 < synapse> but could be due to a misunderstanding on my part
18:35 < Crew-L-T> so now you're in germany?
18:35 < synapse> yeah
18:35 < synapse> All that works fine
18:35 < Crew-L-T> or was it the other waay round?
18:35 < synapse> I am physically in England
18:36 < synapse> I hire a few servers
18:36 < Crew-L-T> i just use tor, if i need to change ip quickly
18:37 < synapse> I'm gonna use tor over vpn
18:37 < synapse> for extra security
18:37 < Crew-L-T> ok
18:37 < Crew-L-T> ah
18:37 < synapse> but tbh
18:37 < synapse> I didn't use vpn just for security
18:38 < Crew-L-T> i'm using openvpn for extra security om my wifi interlink
18:38 < synapse> I installed it so that I could appear to be inside my servers network
18:38 < synapse> so I could access lan resources
18:38 < synapse> like the intranet
18:38 < synapse> but I can't get onto the intranet
18:38 < synapse> localhost doesn't resolve to my server in germany but to my machine
18:39 < synapse> so going to http://localhost/ doesn't serve up my intranet
18:39 < Crew-L-T> just add "iptables -t nat -A POSTROUTING -o 'your nic' -d 'ip subnet' -j SNAT --to-source 'your nic ip'
18:39 -!- Buffman is now known as Buff|Away
18:40 < Crew-L-T> on the server of course
18:41 < Crew-L-T> then you should be ok. some devices don't understand how to route very well
18:41 < synapse> hmm
18:41 < synapse> can I do it with ufw instead?
18:41 < Crew-L-T> dunno
18:42 < Crew-L-T> haven't used ufw
18:42 < synapse> I don't like using iptables
18:42 < synapse> cos I tend to screw them up
18:42 < synapse> and I don't know how to undo
18:42 < synapse> ufw is a simplified front end for iptables
18:42 < synapse> Crew-L-T I followed a guide to install openvpn
18:43 < synapse> I added something similar
18:43 < Crew-L-T> well the jist of it is: source nat your outgoing traffic to the local subnet, so that it looks like that traffic is comming directly from the server to the devices on the server lan
18:43 < synapse> http://pastebin.com/My6vrYCC
18:43 < synapse> I added that to iptables
18:43 < synapse> dunno what it does though
18:45 < Crew-L-T> should work, if the ip subnet is the network your server is on, and not the vpn tunnel network
18:45 < synapse> what you mean?
18:46 < synapse> I don't understand subnets right but I noticed I have two different ones
18:46 < Crew-L-T> i usually add a source and destination clause in the rules
18:46 < Crew-L-T> yeah, actually 3
18:47 < Crew-L-T> one that your computer is on, one that your server is on, and one in the vpn tunnel ;)
18:47 < synapse> I don't understand em
18:47 < synapse> just tell me something
18:47 < Crew-L-T> well what os are you running?
18:47 < synapse> why http://localhost/ doesn't view the intranet of my server in germany?
18:48 < Crew-L-T> because localhost is the computer your sitting on at the moment
18:49 < synapse> ok
18:49 < Crew-L-T> or beside maybe, hopefully not ON the computer
18:49 < synapse> so the local ip my server issued is 10.8.0.6
18:49 < synapse> but the subnet is different
18:49 < Crew-L-T> what os is on your server? win or nix?
18:50 < synapse> 10.8.0.6/255.255.255.252
18:50 < synapse> How do I access the intranet
18:50 < synapse> My server is nix
18:50 < synapse> client is windows 10
18:50 < Crew-L-T> that sounds like a vpn internal subnet
18:51 < Crew-L-T> in a commandline on your client, do ipconfig
18:51 < synapse> I did that
18:51 < synapse> that's how I posted those IP's
18:51 < Crew-L-T> and then do ifconfig on you server
18:51 < synapse> yeh
18:52 < synapse> tun0 shows it
18:52 < Crew-L-T> both computer should have two ip's
18:52 < synapse> tun0 10.8.0.1
18:52 < synapse> ahh man
18:52 < synapse> I got it
18:52 < Crew-L-T> then the 10.8.x.x network, is the network that is inside the vpn tunnel
18:52 < synapse> If I go to http://10.8.0.1
18:52 < synapse> Intranet is there
18:53 < Crew-L-T> yeah man
18:53 < synapse> I love this
18:53 < synapse> Internet is fucking amazing isn't it
18:53 < Crew-L-T> or if you want, you can now access any computer on your servers network, with the iptables rule in effect ;)
18:54 < synapse> My server is only on it's own
18:54 < synapse> it's not a network
18:55 < Crew-L-T> ok, then the iptables rule will do nothing, except hide you from the internet
18:55 < Crew-L-T> all outgoing thraffic will look like it is originating from the server ip
18:55 < synapse> of course
18:56 < synapse> I know that's working
18:56 < Crew-L-T> did you get everything the way you want now?
18:56 < synapse> yeah man
18:56 < Crew-L-T> good times
18:56 < synapse> I understand it better now
18:56 < synapse> thanks to you
18:57  * Crew-L-T is happy to help
18:57 < synapse> so my server has a network adapter called tun0 and my windows box has one two. Together they represent the the LAN IP address of the VPN
18:57 < Crew-L-T> a bit tippsy about now, but if i type a t slow speed it's not too bad
18:57 < synapse> makes sense
18:58 < Crew-L-T> yepp, that's it
18:58 < synapse> happy days
18:58 < synapse> you know so much, how have you not got yours working?
18:58 < Crew-L-T> like i saw someone say in here earlier, look at vpn as a separate cable, or network in our case
18:59 < Crew-L-T> it
18:59 < synapse> I never knew
18:59 < synapse> I thought it was all being viewed as a LAN
18:59 < synapse> not as like a unique LAN
18:59 < Crew-L-T> it's kind of a specialist problem i think, kinda niche
18:59 < synapse> or a "tunnel"
19:00 < Crew-L-T> it can be set up in that wat too if you really want it ot be
19:00 < Crew-L-T> then you use the tap device instead of tun
19:01 < Crew-L-T> and you have to set up some aditional bridging
19:01 < Crew-L-T> then you can litterally join two networks at the ethernet frame layer
19:01 < synapse> wow
19:02 < synapse> I have no need for it though
19:02 < Crew-L-T> me either
19:02 < synapse> this is very adequate
19:02 < synapse> I may add some more servers in the future
19:02 < synapse> and make a LAN of servers
19:02 < Crew-L-T> just nned the tunnel to be my last line of defence if the wpa2 get cracked ;p
19:02 < synapse> if I do so, I can access the other servers?
19:03 < Crew-L-T> no, you only need one server. then the rest can be clients
19:03 < synapse> nah you don't get me
19:04 < synapse> Client = IP10.8 Server=IP10.9 as an example.
19:04 < Crew-L-T> please elaborate, in msg if neccesary
19:04 < synapse> Currently both computers can see each other as a LAN due to openvpn
19:04 < synapse> Now what if I do this
19:06 < synapse> Server1=IP10.9 Serverr2=IP10.10 Server3=IP10.11. They are all networked together on a lan. Only server1 runs openvpn (the one I am using now). Client1 connects to Server1 via OpenVPN. Will Client1 be able to view network resources of Server2 and Server3?
19:06 < Crew-L-T> sure
19:06 < synapse> awesome
19:07 < Crew-L-T> as long as you can route the packets between the server subnets
19:09 < Crew-L-T> as an example, i can ping right through my tunnel on the wifi interlink, to my entire network no problem. but out to the internet, i'm still having some issues, but like i mentioned earlier, that is a fw issue
19:09 < Crew-L-T> i can ping both ways over the tunnel
19:10 < Crew-L-T> ways=directions
19:13  * Crew-L-T yawns
19:14 < Crew-L-T> well i'm going to turn in soon, try to sleep some on the problem
19:16 < Crew-L-T> have a good 'what ever it is at your location'
19:18 < synapse> sure
19:18 < synapse> I just made a smoothie
19:19 < synapse> Cherries, pineapple, coconut
19:19 < synapse> awesome tasting
19:23 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:32 < Crew-L-T> except the fact that i don't like any one of those fruits, it sound delicious
19:33 < Crew-L-T> but then again, nothing can beat a watermelon-shake, it's the most awesome thing in the world
19:34 < Crew-L-T> need to take my medicine again, so i'll be able to sleep soon
19:35 < Crew-L-T> brb, counting pills
19:38 < Crew-L-T> damn i hate taking pills, they taste like crap
19:40 -!- synapse [~sarah@unaffiliated/synapse] has quit [Quit: ciao]
19:44 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
20:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:08 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 250 seconds]
20:16 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:21 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
20:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
20:32 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
21:12 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:16 -!- Buff|Away is now known as Buffman
21:39 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
21:58 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Read error: Connection reset by peer]
22:14 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
22:45 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
23:16 -!- Buffman is now known as Buff|Away
23:42 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
23:42 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has left #openvpn []
23:44 -!- ShadniX [dagger@p5481DFB6.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:44 -!- ShadniX [dagger@p57941241.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Sep 12 2015
00:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:08 -!- mode/#openvpn [+o mattock1] by ChanServ
00:09 -!- luminux [heinz@mail.skylab.org] has joined #openvpn
00:10 < luminux> Hi, this isn't strictly a openvpn question, but I need to know how I can start a openvpn client automatically on boot-up on windows server 2012. Can anyone point me to a webpage, etc., on how I can do this?
00:10 < luminux> I have zero windows server experience but I need to do this for work
00:11 < luminux> I've been googling this for a day and I've gotten nowhere
00:48 < Crew-L-T> luminux: how about installing it as a service?
00:49 < luminux> I'm on that track now, 20 minutes ago I didn't have a clue what I was doing
00:49 < luminux> I got someone to point me in the right direction though. thanks :)
00:53 < Crew-L-T> nice, good luck with your project
00:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:56 -!- Buff|Away is now known as Buffman
01:27 -!- dEPy [~dEPy@180.150.157.31] has joined #openvpn
01:30 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
01:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:32 -!- showaz [~showaz@unaffiliated/showaz] has quit []
01:37 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
01:38 -!- luminux [heinz@mail.skylab.org] has left #openvpn []
02:11 -!- Buffman is now known as Buff|Away
02:18 -!- Buff|Away is now known as Buffman
02:42 -!- dEPy [~dEPy@180.150.157.31] has quit [Ping timeout: 244 seconds]
03:05 -!- rbxs [~rbxs@92.63.171.51] has joined #openvpn
03:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:07 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
03:08 -!- Buffman is now known as Buff|Away
03:08 -!- Buff|Away is now known as Buffman
03:08 -!- Buffman is now known as Buff|Away
03:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:36 -!- mjkr [jzhmer@gateway/shell/blinkenshell.org/x-kxkcccyzoqxefyev] has quit [Quit: WeeChat 1.2]
03:43 -!- willeponken [~willeponk@2a03:b0c0:2:d0::1c0:f003] has joined #openvpn
04:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:25 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Ping timeout: 272 seconds]
04:28 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
04:50 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 264 seconds]
04:51 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 240 seconds]
04:51 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
04:51 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
04:59 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
05:01 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
05:17 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
05:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
05:33 -!- toli [~toli@ip-62-235-242-24.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:34 -!- toli [~toli@ip-62-235-237-112.dsl.scarlet.be] has joined #openvpn
05:36 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 244 seconds]
05:37 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:55 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
06:02 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
06:12 -!- hennos [~midas8@167.160.44.236] has joined #openvpn
06:13 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:13 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
06:22 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 244 seconds]
06:26 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 268 seconds]
06:31 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
06:33 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:43 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 240 seconds]
06:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
06:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:02 -!- dmilith2 is now known as dmilith
07:18 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:22 < bluenemo> I'm very unhappy about the changes between easyrsa 2.2 and 3.0. I'm trying to maintain a saltstack state module, some py wrapper code around easyrsa. The new version seems hard to fully automate.
07:24 < bluenemo> while it gives more output (where did it safe the file and so on), which is nice, it for example fails when a ca has already been setup (exit code 1) :/
07:24 < bluenemo> the bigger part of the features is quite nice however
07:25 < bluenemo> why is it creating a bunch of files here that are all equal? myvpn/pki/private/ca.key.53JWeV4OZf
07:27 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
07:29 < bluenemo> why do I need to add the path here?  ./easyrsa build-server-full myvpn/pki/  isnt that already in vars?
07:29 < bluenemo> (I defined it there)
07:31 < bluenemo> is Unknown cert type 'server' a bug when build-key-server? https://paste.debian.net/311414/
07:32 < bluenemo> the left over .e3tJYBn8IP files seem to be empty
07:40 < bluenemo> so in the easyrsa script when I say sign-req it aborts telling me unknown cert type, thats the lines of code: https://paste.debian.net/311415/ why should then be dir/server present if I say cert-type server?
07:42 < bluenemo> hm this could alos be more descriptive :/ https://paste.debian.net/311416/
07:43 < bluenemo> I'm not sure if it was the idea to put everything into one long bash script. I mean the way before had less features.. but was more easy to handle for orchestration imho
07:43 < bluenemo> I like the new way of being able to simply send csr's around though..
07:43 < bluenemo> (as in client generates his key locally)
07:45 < bluenemo> hm setpass from file is nifty, should support stdin too :)
07:50 < bluenemo> being able to verify if crt & key belong together and so on is sth I use a lot (for orchestration), having that as arguments to the script would be nice
07:53 < bluenemo> lol how confusing is the file argument to set-rsa-pass :D
07:56 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 265 seconds]
08:08 < bluenemo> when singning fails, die the tmp file isnt removed as die is called via openssl || die
08:08 < bluenemo> one should clean up before one dies :)
08:10 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
08:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:23 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:26 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Remote host closed the connection]
08:36 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
08:51 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 256 seconds]
08:58 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 250 seconds]
09:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:22 -!- reiffert [~thomas@mail.reifferscheid.org] has joined #openvpn
09:23 < reiffert> Openvpn. TAP. each time the client is requesting an IP address via DHCP its MAC address is different. How to make it being stick / always the same per client?
09:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: brb]
09:25 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
09:26 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
09:26 < reiffert> I could also live with a DHCP client identifier option which would let the DHCP server know it's an openvpn client.
09:26 < reiffert> dazo_afk: hi
09:26 < reiffert> krzee: hi
09:26 < reiffert> ecrist: hi
09:29 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Client Quit]
09:31 < reiffert> thomas@reifferscheid:~$ wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.8.tar.gz
09:31 < reiffert> --2015-09-12 16:29:34--  https://swupdate.openvpn.org/community/releases/openvpn-2.3.8.tar.gz
09:31 < reiffert> Resolving swupdate.openvpn.org (swupdate.openvpn.org)... 104.28.0.12, 104.28.1.12
09:31 < reiffert> Connecting to swupdate.openvpn.org (swupdate.openvpn.org)|104.28.0.12|:443... connected.
09:31 < reiffert> GnuTLS: A TLS fatal alert has been received.
09:31 < reiffert> Unable to establish SSL connection.
09:31 < reiffert> d'oh
09:34 < reiffert> forget what I said.
09:34 -!- reiffert [~thomas@mail.reifferscheid.org] has left #openvpn []
09:46 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
09:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
10:21 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
10:27 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:27 -!- Buff|Away is now known as Buffman
10:31 -!- uuuppz [~kvirc@77.107.233.34] has joined #openvpn
10:47 < uuuppz> Did something related to cert validation, eurephia (or plugins in general) change between 2.2.1 and 2.3.4? We have just upgraded from debian sqeeze to jessie and now we are experiencing certificate validation errors
10:48 < uuuppz> "TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned"
10:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:02 < uuuppz> Ok definitely related to eurephia as once I disable this everything else works as previously, e.g. ccd is honoured, cert is validated and connection is fully established.
11:11 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 255 seconds]
11:15 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
11:30 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Read error: Connection reset by peer]
11:31 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
11:32 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Remote host closed the connection]
11:38 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
11:53 -!- Buffman is now known as Buff|Away
11:56 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
12:13 < uuuppz> compat-names added to config fixed that foranyone  who's interested.
12:17 < nemysis> hello all
12:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:18 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Quit: Leaving]
12:19 < nemysis> my local address http://192.168.178.1/ not works with VPN only without it
12:20 -!- Buff|Away is now known as Buffman
12:21 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
12:21 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
12:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:26 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
12:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
12:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:40 -!- uuuppz [~kvirc@77.107.233.34] has quit [Ping timeout: 268 seconds]
12:47 -!- uuuppz [~kvirc@77.107.233.34] has joined #openvpn
12:50 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
12:51 -!- Buffman is now known as Buff|Away
12:55 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
12:59 < nemysis> must restart VPS and VPN to works ping login and my site
13:22 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
13:25 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 250 seconds]
13:28 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
13:30 -!- rich0_ is now known as rich0
13:32 -!- fling [~fling@fsf/member/fling] has joined #openvpn
13:34 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 244 seconds]
13:35 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
13:36 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
13:47 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:47 -!- diytto [~diytto@de.diytto.com] has joined #openvpn
14:40 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
14:41 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:47 -!- cyberanger [~cyberange@swissknife/adak/infocop411] has joined #openvpn
15:01 -!- shiriru [~shiriru@84.238.182.88] has joined #openvpn
15:03 -!- shiriru [~shiriru@84.238.182.88] has quit [Remote host closed the connection]
15:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
15:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:58 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
16:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:26 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
16:28 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
16:35 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 246 seconds]
16:43 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:55 < Dr-007> is there a script to generate a server / client config in one run?
16:55 < Dr-007> i know there's easy-rsa but this requires interactive command line input
17:04 -!- uuuppz [~kvirc@77.107.233.34] has quit [Ping timeout: 240 seconds]
17:14 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 246 seconds]
17:18 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
17:27 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Read error: Connection reset by peer]
17:37 -!- shiriru [~shiriru@84.238.182.88] has joined #openvpn
17:52 -!- shiriru [~shiriru@84.238.182.88] has quit [Quit: Leaving]
19:17 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
20:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
20:07 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
20:09 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
20:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:32 -!- joat [~tim@ip70-160-161-157.hr.hr.cox.net] has joined #openvpn
21:10 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:10 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
21:14 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
21:14 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:15 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
21:24 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:25 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
21:32 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
21:59 -!- pEYEd [~kvirc@32.209.66.82] has joined #openvpn
22:04 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has quit [Read error: Connection reset by peer]
22:06 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has quit [Ping timeout: 246 seconds]
22:06 -!- hennos [~midas8@167.160.44.236] has quit [Quit: Leaving]
22:23 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
22:26 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 246 seconds]
22:29 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
22:32 < pEYEd> new vpn, I am unable to connect  https://bpaste.net/show/051c51f5a39a
22:33 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
22:39 -!- gardar [~gardar@bnc.giraffi.net] has quit [Ping timeout: 246 seconds]
22:44 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
23:13 < Gaffel> pEYEd: Unable to connect or are you connecting but can't access anything from the client?
23:14 < Gaffel> pEYEd: You're using 3 ciphers. You're better off using TLS with AES.
23:14 < Gaffel> I don't think you can have more than one cipher.
23:14 < pEYEd> it looks like a possible tls error. not even connecting. i just redid my keys, same error.
23:15 < Gaffel> What error does the server and the clints give you?
23:18 < pEYEd> I couldn't tell with all three ciphers loaded, I cannot capture the output. but using only AES is blank  http://i.imgur.com/OmMq2M0.png
23:20 < Gaffel> Which OS is the client running?
23:26 < Gaffel> I had that problem earlier today too, client didn't print shit. So I ran openvpn in command prompt. openvpn --config /path/to/config     (or C:\path\to\config)
23:27 < Gaffel> openvpn printed lots of stuff and I actually saw what was wrong.
23:27 < Gaffel> So try to run openvpn manually.
23:32 < pEYEd> freebsd
23:33 < pEYEd> https://bpaste.net/show/071dd65b0ca5
23:33 < pEYEd> client log
23:33 < pEYEd> ^^
23:34 < pEYEd> 751793 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
23:34 < Gaffel> Aye
23:36 < Gaffel> Not sure what they mean by TLS key, but I assume it's the ta.key file that's not specified on either side.
23:36 < Gaffel> What does the server spit out?
23:39 < Gaffel> Have you used the same CA private key to make both server and client certificates?
23:39 < Gaffel> And client.key
23:41 < Gaffel> Are you using only one cipher on both sides?
23:42 < Gaffel> The server log should give you a hint.
23:42 -!- ShadniX [dagger@p57941241.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:43 -!- ShadniX_ [dagger@p5DDFC4AC.dip0.t-ipconnect.de] has joined #openvpn
23:43 -!- ShadniX_ is now known as ShadniX
23:45 < pEYEd> now it won't even attempt to connect to that server since I disabled 3des and blowfish. I set them back and still no connection attempts.  Yes, I copied the ca.crt to the ovpn file for the client.
23:46 < pEYEd> from server
23:48 < Gaffel> Are you running openvpn manually and watching the output as you execute it?
23:50 < pEYEd> Gaffel: there is only one way to start the client on winblows that I know of.
23:50 < pEYEd> right click on the client connection name
23:51 < Gaffel> No, openvpn.exe is in the folder where you installed OpenVPN
23:51 < Gaffel> Open command propmpt as admin and go to where it's installed.
23:51 < pEYEd> other connections I have configure will try. that one won't. it just stopped trying.
23:52 < Gaffel> openvpn --config "C:\Program Files\OpenVPN\config\client1.ovpn
--- Day changed Sun Sep 13 2015
00:03 < pEYEd> it's just doing this  http://i.imgur.com/rNJyvLR.png  and zero way to stop it.
00:04 < Gaffel> Press F4 to stop
00:05 < pEYEd> https://bpaste.net/show/afc12e9bf31d
00:06 < Gaffel> But what does the server log say?
00:09 < pEYEd> https://bpaste.net/show/ebe87e9f71ec
00:10 < Gaffel> Read the warnings and correct your config
00:12 < Gaffel> Remove the dev MyTap line, prefix it with ; and make sure you're using either dev tun or dev tap on both server and all clients.
00:12 < Gaffel> If you want both then you need to run multiple instances with their own configs.
00:12 < Gaffel> ;dev-node MyTap
00:13 < pEYEd> same thing
00:14 < Gaffel> Have you populated the /ccd directory with the necessary files?
00:14 < Gaffel> If not, comment it out
00:15 < Gaffel> Read the warnings and make sure they're all gone before you try again
00:18 < pEYEd> I commented out ccd  https://bpaste.net/show/35cd7cd34d35  I don't know how to get rid of the 2 remaining warnings
00:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:19 < Gaffel> This one is easy: "WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info."
00:20 < Gaffel> There's a single line that will remove it. But it's not causing troubles.
00:20 < Gaffel> I'm not sitting at one of my clients at the moment but you can search for verification or verify ca
00:21 < Gaffel> It's a commented line that you just need to uncomment. Since you use the same CA for both peers then it will be easy to solve. :P
00:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:24 < pEYEd> I have duplicate-cn  enabled, but I can't see anything else relevent to ca in the config
00:24 < Gaffel> On the client?
00:25 < pEYEd> on the server
00:25 < Gaffel> Which errors remain?
00:25 < Gaffel> ...on the server.
00:26 < pEYEd> same errors/warnings. no change
00:26 < pEYEd> the client and server are using the same ca.
00:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
00:27 < Gaffel> Have you populated the ccd directory with client specific configs?
00:28 < pEYEd> but nowhere have I set the server ca.key.  I cannot see where to set it.
00:28 < pEYEd> I have done nothing with ccd. no clue what goes there.
00:28 < Gaffel> Disable the option that talks about ccd
00:29 < Gaffel> The warning that the client gets is fixed in the client conf
00:30 < Gaffel> ca.key is used by the actual CA.
00:30 < Gaffel> OpenVPN only uses ca.crt
00:31 < Gaffel> .key are private keys and should only be shared unless required.
00:31 < Gaffel> Only ta.key is shared if used, which you're not.
00:31 < Gaffel> Sharing the private CA key is not good since it will allow others to create certificates too.
00:32 < Gaffel> You only want the private CA key stored in a safe place and not share it with programs and clients.
00:37 < Gaffel> Correct those and show me the server log again or the lines with warnings and errors.
00:45 -!- KNERD [~KNERD@netservisity.com] has quit [Ping timeout: 264 seconds]
00:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:47 < Gaffel> pEYEd
00:48 < pEYEd> https://bpaste.net/show/13163ceb32d9
00:50 < pEYEd> I don't understand this line  ->  WARNING: No server certificate verification method has been enabled.   I checked the URL, it makes no sense
00:51 < Gaffel> It's in the conf
00:51 < Gaffel> Search for that word, verification.
00:52 < Gaffel> But it's not important since it doesn't affect the connection.
00:52 < pEYEd> fyi, client config  https://bpaste.net/show/7764579079c4
00:52 < Gaffel> That's not a config
00:52 < Gaffel> That's a cert of some sorty
00:53 < pEYEd> http://i.imgur.com/9szSAkA.png
00:53 < Gaffel> Why are you posting that picture?
00:53 < pEYEd> yes, that is my client ovpn file.
00:53 < pEYEd> [ "verification" not found ]
00:53 < Gaffel> No, it's not a client config file
00:54 < Gaffel> Read the content, it's clearly not a config file, it's full of keys.
00:54 < pEYEd> this  ->  https://bpaste.net/show/7764579079c4  is my client opvn file
00:55 < Gaffel> Why do you have keys in there?
00:55 < pEYEd> Gaffel: the client private key.
00:55 < Gaffel> Don't share private keys.
00:55 < Gaffel> Look in the client config sample.
00:55 < Gaffel> But fix the server warnings and errors first.
00:55 < pEYEd> how?
00:56 < Gaffel> Show me the server log
00:56 < Gaffel> A fresh one
00:56 < pEYEd> https://bpaste.net/show/13163ceb32d9  second half
00:58 < Gaffel> The second half is the client log
00:59 < Gaffel> First half is server config, second half is client log.
00:59 < Gaffel> You're making this take too long.
01:00 < pEYEd> https://bpaste.net/show/8d47710f3063
01:00 < pEYEd> I apologize
01:00 < Gaffel> First, uncomment this: topology subnet
01:01 < Gaffel> Do you want the client to be able to access the local network that the server is on?
01:02 < Gaffel> And comment this one out: duplicate-cn
01:02 < pEYEd> I just did and it's doing the same 'no connect'
01:03 < Gaffel> If you showed me the fresh server log then it's still using duplicate-cn
01:05 < Gaffel> Also, I need the log for the server from when the client tries to connect.
01:06 < Gaffel> You need to look at the log of both server and client from the time it tries to connect.
01:07 < Gaffel> Sometimes the client doesn't know why it's being rejected and the server will tell you what happens when clients connect and why they fail or work.
01:09 < pEYEd> this is the only log produced by openvpn server  https://bpaste.net/show/9f3ac84fbfee
01:11 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
01:15 < Gaffel> :|
01:15 < Gaffel> pEYEd: Even after the client fails to connect?
01:16 < Gaffel> pEYEd: Also, you can only use ONE cipher at a time and both server and client has to use the same.
01:17 < Gaffel> pEYEd: And by following the link in the client's warning, you can read that adding this: remote-cert-tls server
01:17 < Gaffel> ...to the client config will get rid of the error.
01:19 < Gaffel> Also, having "pppprrrriiiivvvvaaatttteeee key" as your private key isn't safe. :P
01:22 < pEYEd> Gaffel: that is a manual edit
01:22 < Gaffel> :P
01:23 < Gaffel> Make sure both server and client has the exact same cipher specified.
01:23 < Gaffel> And only ONE.
01:23 < Gaffel> Preferably AES
01:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
01:31 < pEYEd> all 3 fresh and only aes used https://bpaste.net/show/37c4ef314fcc
01:32 < pEYEd> I even tried to get rid of the tls by creating the ta.key  file
01:33 < Gaffel> Did you use the say ta.key on both ends?
01:34 < Gaffel> "remote-cert-tls server" is a client side option.
01:39 < Gaffel> You must use the same ta.key and have tls-auth activated on both server and client.
01:40 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:42 < Gaffel> pEYEd: Both sides must have the same configuration with the exception of server and client specific options such as the one I just mentioned.
01:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
01:48 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has joined #openvpn
01:48 < Gaffel> pEYEd: Only make changes that directly affect the problems you have and then run it to see what changed.
01:49 < Gaffel> You also need to add "topology subnet" to the server conf, it's commented out.
01:49 < Gaffel> You also need to push routes to the clients, which you do in the server conf. That part is also commented out, you need to make the necessary changes and then uncomment them
01:52 < Gaffel> When you push gateway def1, you need to append bypass-dhcp.
01:53 < Gaffel> So it becomes this: push "redirect-gateway def1 bypass-dhcp"
01:56 < Gaffel> I've got to go.
01:56 < Gaffel> Bye
02:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
02:07 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
02:16 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:28 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
03:00 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-cvbpjlbpfijasfrb] has joined #openvpn
03:01 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Remote host closed the connection]
03:13 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Read error: Connection reset by peer]
03:33 -!- wheels_up [uid16219@gateway/web/irccloud.com/x-aqvfkkmpbdxxsbko] has quit [Quit: Connection closed for inactivity]
03:59 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
04:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:21 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:22 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:18 -!- johnny56_ [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
05:19 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
05:23 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
05:23 -!- HardWall [~HardWall@2a02:2f0e:1d5:3700:3d9c:2b5f:a6c1:152c] has joined #openvpn
05:38 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 244 seconds]
05:46 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
05:53 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 240 seconds]
05:56 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
05:57 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
05:57 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
06:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:04 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 246 seconds]
06:08 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
06:20 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:23 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
06:39 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
06:50 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 268 seconds]
06:52 -!- OS-11711 [~OS-11711@unaffiliated/os-11711] has joined #openvpn
06:53 -!- hennos [~midas8@167.160.44.236] has joined #openvpn
06:53 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
07:02 -!- OS-11711 is now known as amxre
07:04 -!- amxre is now known as OS-11711
07:38 -!- OS-11711 [~OS-11711@unaffiliated/os-11711] has left #openvpn ["Leaving"]
07:56 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 256 seconds]
08:03 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-cvbpjlbpfijasfrb] has quit [Quit: Connection closed for inactivity]
08:07 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
08:12 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 265 seconds]
08:13 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
08:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:56 -!- showaz [~showaz@unaffiliated/showaz] has quit []
08:58 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:01 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
09:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:10 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-wkmgvlhlffmhxrgp] has joined #openvpn
09:17 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
10:00 -!- greyBoss [~greyBoss@175.110.12.196] has joined #openvpn
10:01 < greyBoss> hi guys
10:02 < greyBoss> how can i configure openvpn? Do i have to pay for all services? or i can get a tunnel for free
10:07 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:09 < skyroveRR> greyBoss: openvpn isn't an actual "paid VPN service". It's a software that you can use to "create a VPN server/client".
10:10 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
10:10 < skyroveRR> Neither paid nor free, actually.
10:10 < greyBoss> how can i do this for my laptop only? so i can securely connect on travel...
10:10 < skyroveRR> But the software to create that service is "free".
10:11 < skyroveRR> greyBoss: you'd need a machine that runs openvpn constantly, so when you are mobile, you can connect to it, and route traffic.
10:12 < skyroveRR> I'll put it this way: You've got an openvpn server running back home, and you have a spare laptop that you keep with you when you travel. While travelling, you can use your laptop to connect to that VPN server that's running home, and that's basically a secure tunnel.
10:13 < greyBoss> then how can i send my traffic from that server to the internet?
10:13 < skyroveRR> You have to configure your home VPN server accordingly, so it sends traffic to the internet. :)
10:13 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:13 < skyroveRR> But it can be all done, freely.
10:13 < greyBoss> it do not work like those onion networks?
10:13 < skyroveRR> No, it doesn't.
10:14 < greyBoss> so all the tunnels are between my ips? is it?
10:14 < skyroveRR> Yes.
10:15 < skyroveRR> There's communications security only between your laptop and your home VPN server. Beyond that, it depends how you use the internet.
10:15 < greyBoss> thanks skyroveRR
10:15 < greyBoss> have any tutorial ?
10:16 < skyroveRR> !howto
10:16 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
10:17 < greyBoss> gracias
10:22 -!- catsup [d@64.111.123.163] has joined #openvpn
10:26 -!- austeritysucks [~austerity@unaffiliated/austeritysucks] has joined #openvpn
10:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:28 -!- Mahayana [~Maha@c-71-62-3-138.hsd1.va.comcast.net] has joined #openvpn
10:28 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
10:28 -!- catsup [d@64.111.123.163] has quit [Ping timeout: 252 seconds]
10:29 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:34 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
10:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:37 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
10:37 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
10:41 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:46 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
10:47 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:47 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
10:48 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:49 < Dr-007> yo guys. when you're creating multiple servers do you only need one ca.crt for all the servers?
10:50 < Dr-007> let me rephrase: do you only need these files; ca.crt / ca.key / dh.pem only once on a multiple server setup ?
10:50 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
10:50 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:55 < Mahayana> Hello all, new to OpenVPN. I set up an access server internet facing, forwarded the webui and vpn transport ports through the router. I can access the webui and the tunnel via my ISP IP from my own network, but I cannot access it outside of my own network. Is there another port I should be forwarding?
10:55 < Dr-007> in your modem
10:55 < Dr-007> you should forward the ports you are trying to access inthere
10:56 < Mahayana> ok, ill try that right now. i havent had to do that in the past for other applications
10:57 < Dr-007> or in my case. i had to set the port forwarding in the first router after my modem.
10:57 < Dr-007> since i've got a "dumb" modem that just passes along any data
10:59 < Mahayana> I use one of those new xfinity modems, I have it in gateway mode and theres no option to port forward
11:00 < Mahayana> er sorry, Bridged mode
11:00 < Dr-007> then what's it bridged with?
11:00 < Dr-007> goto that device
11:00 < Mahayana> my linksys router and the isp
11:01 < Dr-007> but you should probably goto the first device after your modem. so thats the linksys router
11:01 < Dr-007> check port forwarding inthere
11:01 < Mahayana> yeah, and i have the ports forwarded on that device
11:03 < Mahayana> I have a mumble service and another sstp vpn that i could access fine through my NAT
11:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
11:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:03 < Mahayana> the sstp forward and service are turned off right now to avoid confusion
11:08 < Dr-007> weird that you can't access it via the internet if you've got the ports forwarded
11:08 < Mahayana> yeah im at a loss
11:08 < Mahayana> note that i can still get to ti from inside my network using the external internet ip for myself
11:09 < Mahayana> but if i go anywhere else i get timed out no response
11:10 < Mahayana> and i just finished checking my modems web access page, in bridge mode it apears to forward everything to the router as i intended
11:13 < Mahayana> Im gona try to forward all https trafic to the openvpn server and see what happens
11:14 < Dr-007> allright, but i'm not following your comments
11:14 < Dr-007> as in, i don't understand what you're doing
11:14 < Dr-007> or trying to accomplish
11:15 < Mahayana> the webaccess page uses https as well as the other webui port. maybe it needs both
11:16 < Mahayana> welp, that didnt work lol
11:17 < Mahayana> yeah im at a loss
11:17 < Dr-007> by the way don't you need to forward a whole range of ports?
11:17 < Dr-007> anyway, i'm here with a question myself :p
11:17 < Dr-007> do you know multiple server setup?
11:18 < Mahayana> what range?
11:18 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
11:18 < Dr-007> the range you are trying to reach
11:19 < Dr-007> and if it is an openvpn network you're trying to expose to the internet
11:19 < Dr-007> then you should forward a range of ports
11:19 < Mahayana> all ive seen was the 943 for webui and the tcp/udp transport port for the server
11:19 < Dr-007> ok
11:20 < Mahayana> https://docs.openvpn.net/frequently-asked-questions/
11:20 <@vpnHelper> Title: Frequently asked questions | Documentation (at docs.openvpn.net)
11:20 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
11:21 < Mahayana> yeah im looking at it right now, i'm only using UDP transport so from what i read i only need 943 and 1194
11:21 < Mahayana> which i did
11:21 -!- shio [marmottin@210.121.101.84.rev.sfr.net] has quit [Ping timeout: 240 seconds]
11:22 -!- shio [~shio@126.121.101.84.rev.sfr.net] has joined #openvpn
11:22 < Mahayana> maybe i should try tcp instead?
11:25 < Dr-007> in your config there's a port also right?
11:25 < Dr-007> is that inthere
11:30 < Mahayana> standby
11:31 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Max SendQ exceeded]
11:33 < Mahayana> https://gyazo.com/772e609545e8b4564e6d05c131eb5ac5
11:33 <@vpnHelper> Title: Gyazo - 772e609545e8b4564e6d05c131eb5ac5.png (at gyazo.com)
11:34 < Mahayana> thats my server network settings and my portforwards
11:37 < Dr-007> cant you host the admin web ui on your localhost?
11:37 < Dr-007> then port forward to your pcs IP address
11:37 < Dr-007> the Ovpn_WebUI entry in your cisco
11:38 < Dr-007> also, just to make sure.. its a lame question. but you are visiting http://isp_ip:943 right?
11:39 < Mahayana> https://isp:943
11:41 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
11:42 < Mahayana> ill try the loopback
11:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:47 < Mahayana> na that didnt work either, it just locked me out of the page from outside the local host, ill try back later, thanks for trying to help!
11:47 -!- Mahayana [~Maha@c-71-62-3-138.hsd1.va.comcast.net] has left #openvpn ["Leaving"]
12:09 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:17 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
12:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:35 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
12:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
12:40 -!- Buff|Away is now known as Buffman
12:42 -!- alec-b [~alec@63.237.137.78.rev.vodafone.pt] has quit [Ping timeout: 252 seconds]
12:43 -!- alec-b [~alec@59.110.108.93.rev.vodafone.pt] has joined #openvpn
12:47 -!- wheels_up [uid16219@gateway/web/irccloud.com/x-xeepgjguatxxrtlt] has joined #openvpn
12:49 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has quit [Ping timeout: 246 seconds]
12:52 < pEYEd> I am unable to connect to openvpn server  https://bpaste.net/show/8867085caff3  new configuration. The only error I see is a TLS error I cannot seem to get rid of. I have been told that probably is not my issue.
12:58 -!- HardWall [~HardWall@2a02:2f0e:1d5:3700:3d9c:2b5f:a6c1:152c] has quit [Read error: Connection reset by peer]
12:58 -!- Buffman is now known as Buff|Away
13:00 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has joined #openvpn
13:00 < Rockyfelle> So why doesn't something like "openvpn for Android" exist for Windows
13:01 < Rockyfelle> Cause I can't find anything that will allow me to just slam a config file it together with the certs and key
13:02 < Eugene> Rockyfelle - it does; the windowso penvpn package(or any `openvpn`) will take inlined certs just fine
13:02 < Eugene> !inline
13:02 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
13:02 < Rockyfelle> No but you see, I have them in 4 different files
13:03 < Rockyfelle> One config, one key, and 2 crt
13:03 < Eugene> pEYEd - at no point in that server log does a client connect attempt happen. Since you didn't grep out the comments in the config file, I have no idea what's wrong
13:04 < Eugene> pEYEd - at a random guess, you've got a firewall in the way
13:04 < Rockyfelle> And I can't access my server to make new files without correcting with a vpn using the current files
13:05 < Eugene> OK? So what does that have to do with anyhting?
13:05 < Eugene> !xy
13:05 <@vpnHelper> "xy" is http://mywiki.wooledge.org/XyProblem -- I want to do X, but I'm asking how to do Y...
13:05 < Eugene> !goal
13:05 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
13:05 < Rockyfelle> Eugene cause I want to connect to my vpn?
13:06 < Eugene> And you can't because there isn't a windows application, which there is?
13:08 < Rockyfelle> I asked for one since I can't find one, you gave me one, I told you why that one doesn't work
13:08 < Eugene> What doesn't work? The windows client? Using inline certs?
13:08 < Eugene> I can tell you emphatically that both work just fine - I'm using them right now
13:10 < Rockyfelle> As said, I don't have inline certs, I have 4 different files
13:10 < Eugene> Right..... you can inline them
13:10 < Rockyfelle> And I can't find a way to do that
13:10 < Eugene> !inline
13:10 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
13:10 < Eugene> Read the links. It explains how to do it
13:10 < pEYEd> Eugene: firewall i completely disabled on both client and server https://bpaste.net/show/e1afee72412a   <- comments removed
13:11 < Gaffel> pEYEd: Is the client able to connect without errors now?
13:11 < Rockyfelle> But why wouldn't the client allow you to choose to use 4 different files in the first place, seems like lack of feature
13:12 < Eugene> The windows client doesn't have any sort of prompt for files. It takes a .ovpn file and runs it
13:12 < Eugene> That's it
13:12 < Eugene> If you craft a .ovpn using inline certs/keys, that .ovpn becomes a single-click-to-run for oyu
13:12 < Rockyfelle> I'm just saying it's bad that that feature isn't implemented
13:12 < pEYEd> Gaffel: I think I just got rid of the tls error
13:13 < Eugene> That what feature isn't? Additional prompts?
13:13 < pEYEd> nope, still there
13:13 < Gaffel> The OpenVPN GUI is bade by a single guy to make it slightly easier than forcing everyone to use the command prompt in Windows just to connect. Windows users generally can't use the command prompt.
13:13 < Rockyfelle> An option to choose to use 4 different files
13:14 < Eugene> You're free to request this feature on the mailing list. We're a support channel here.
13:14 < pEYEd> I have ->  tls-auth C:\\Program\ Files\\OpenVPN\\config\\ta.key 1  enabled in the client config.
13:14 < Gaffel> pEYEd: Same ta.key on both ends?
13:14 < pEYEd> Gaffel: yes
13:14 < Gaffel> Disabled all ciphers?
13:15 < pEYEd> except for AES.
13:15 < Gaffel> What error do you get?
13:15 < Gaffel> Don't use GUI, use command line when you want proper log output if the GUI doesn't show anything
13:15 < pEYEd> Gaffel: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)     I am not using the gui
13:16 < Gaffel> Okay
13:16 < pEYEd> http://i.imgur.com/3zlA2kQ.png
13:16 < Gaffel> Have you opened port UDP 1194 on the server and are you allowing established and related connections?
13:17 < Gaffel> Is the client trying to connect via the internet?
13:17 < pEYEd> Gaffel: I see 1194 come live with netstat. Firewall has the proper hole and telnet attemps a connection to the port. Firewall is completely off for both client and server right now.
13:18 < pEYEd> Gaffel: yes, routable www
13:18 < Gaffel> But is the client on a separate network?
13:18 < Gaffel> It's not using the FreeBSD machine as its gateway, is it?
13:18 < pEYEd> 2 different ends of the internet
13:18 < pEYEd> Gaffel: freebsd is my openvpn server
13:19 < Gaffel> In a different physical location?
13:19 < pEYEd> not sure what gear the ISP has for front end.
13:19 < pEYEd> yes
13:19 < Gaffel> Okay, just wanted to make sure.
13:19 < pEYEd> 2 different side of planet Earth
13:19 < Gaffel> =)
13:20 < pEYEd> Japan to Connecticut to be exact.
13:20 < Gaffel> hehe =)
13:20 < Rockyfelle> On the config generated by the openvpn server, it only says the I should rename client.config to client.ovpn,is this information outdated!
13:20 < Rockyfelle> ? *
13:21 < Gaffel> No, it's correct
13:21 < pEYEd> Rockyfelle: ovpn is a much different file.
13:21 < Eugene>  .ovpn is the extension used by the Windows client for file-association(so double-click works)
13:21 < Eugene> .conf is used on most other platforms
13:21 < pEYEd> oops, vs the old method.
13:21 < Gaffel> Correct
13:21 < Eugene> It's the same in either case: a plain text file
13:21 < Rockyfelle> I'm just reading from the config file
13:21 < Gaffel> pEYEd: I'll soon give you my config for both server and client. Hold in. :)
13:22 < pEYEd> Gaffel:   thank you!
13:22 < Gaffel> It has full TLS encryption and works really good. Just the firewall needs to be configured.
13:23 < pEYEd> Rockyfelle: I don't think the old config system let you put keys into the config file. ovpn holds everything.
13:23 < Rockyfelle> Hm, apparently that's enough, the only thing you have to do to make it work on Windows is rename client.config to client.ovpn
13:23 -!- pEYEd [~kvirc@32.209.66.82] has quit [Read error: Connection reset by peer]
13:25 -!- pEYEd [~kvirc@32.209.66.82] has joined #openvpn
13:25 < pEYEd> Gaffel:  my inet connection dropped
13:25 < Gaffel> Okay
13:30 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has quit [Read error: Connection reset by peer]
13:31 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
13:31 -!- johnny56_ [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 244 seconds]
13:32 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
13:33 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
13:34 -!- johnny56_ [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
13:36 -!- johnny56_ is now known as johnny56
13:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:40 -!- johnny56_ [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
13:40 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 244 seconds]
13:50 -!- johnny56_ [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 244 seconds]
13:52 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
13:53 -!- n-st [~n-st@unaffiliated/n-st] has quit [Ping timeout: 240 seconds]
13:53 < pEYEd> Gaffel: any word on that config?
13:54 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 255 seconds]
13:54 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
13:54 < Gaffel> I went it privately a long time ago
13:59 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
14:01 -!- mete [~mete@91.247.253.160] has joined #openvpn
14:03 < Gaffel> pEYEd
14:08 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has joined #openvpn
14:08 < Rockyfelle> Can I reach the router on the other side of the vpn?
14:08 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
14:13 < Rockyfelle> The router of the server that is hosting the vpn is what I mean
14:20 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
14:21 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 260 seconds]
14:28 < Dr-007> OpenVPN requires a 'ca.crt / ca.key' what would be another name to call that? an openssl pki root key?
14:31 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
14:34 < Dr-007> hm.. so if i understand correctly. a ca.crt / key is just a selfsigned key, and the the server.crt / key is derived from the ca.crt?
14:37 -!- pEYEd [~kvirc@32.209.66.82] has quit [Read error: Connection reset by peer]
14:38 < Gaffel> Dr-007: Aye
14:38 < Gaffel> Dr-007: the .key is the private stuff that should never be shared.
14:38 -!- pEYEd [~kvirc@32.209.66.82] has joined #openvpn
14:38 < Dr-007> ok
14:38 < Gaffel> The ca.key is what is used sign other certs.
14:39 < Gaffel> Then the ca.crt can be used to see if it was signed by the right ca.
14:39 < Gaffel> That's how clients and servers know that the certs are correct, they are signed by a trusted CA.
14:39 < Dr-007> ok
14:39 < Dr-007> do you also know, in a multiple server setup. it is best to setup multiple ca.crts so when i shut down one server, people can not try to connect to antoher subnet because their keys don;t match?
14:40 < Dr-007> most examples i find online will all share one ca.crt over multiple servers
14:40 < Gaffel> The certs are used to see if something is trusted or not.
14:40 < Gaffel> Yeah
14:40 < Gaffel> Because that's how CAs are used.
14:41 < Gaffel> If you check the CAs used for the HTTPS services you use online, you'll see they are all signed by a selected few CAs
14:41 < Gaffel> You can limit and change behaviour by using the ccd options in the server configs.
14:41 < Gaffel> ...and still share a single CA.crt
14:41 < Dr-007> so if i'd like to create multiple servers i should create a seperate server.crt / key per server
14:42 < Dr-007> and create client crt / keys from the server.crt ?
14:42 < Gaffel> No
14:42 < Gaffel> All peers use the CA as the origin of their certs
14:42 < Gaffel> The certs is like a birth certificate or ID card.
14:43 < Gaffel> The entity that prints or manufacture that document is the CA
14:43 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
14:43 < Dr-007> hmmkay
14:43 < Gaffel> You only need one CA and make it your own CA.
14:43 < Gaffel> You can limit connections with configs, easier to handle than having multiple CAs
14:43 < Dr-007> but i need to have every server to get their own keys
14:44 < Gaffel> I have two CAs, one for wifi WPA2-EAP TLS and one for VPN, which is not neede.
14:44 < Dr-007> so people can't try to connect to another network
14:44 < Dr-007> another server
14:44 < Gaffel> Dr-007: They get their own keys. Each crt and key you create have their own public and private keys.
14:44 < Gaffel> Just like everyone in your country/state has the same CA for their ID card.
14:44 < Gaffel> It doesn't make it less safe.
14:45 < Gaffel> The security is about how trustworthy the CA is.
14:45 < Dr-007> ehm
14:45 < Dr-007> but if i am using the same ca.crt and the same same server.crt for my 4 openvpn servers
14:46 < Dr-007> then all the client crt / keys can connect to all 4 openvpn servers
14:46 < Dr-007> right?
14:46 < Gaffel> No, give each server their own pair of certs and keys
14:46 < Dr-007> or what am i missing
14:46 < Dr-007> ah ok
14:46 < Gaffel> Each cert created is unique, random.
14:46 < Dr-007> thats what i asked, but allright
14:46 < Dr-007> i get it :)
14:46 < Dr-007> maybe i didn't ask correctly
14:46 < Gaffel> Give each physical machine its own unique key pair and cert. :)
14:46 < Dr-007> and do you happen to know what the diffie helman paramters do?
14:46 < Gaffel> And keep the CA in a safe environment somewhere. :)
14:47 < Gaffel> I haven't understood that yet. :(
14:47 < Gaffel> I use 4096 bit DH, not sure what the benefits are.
14:48 < Gaffel> It's used in some of the key creation, together with random factors from /dev/urandom and other stuff.
14:48 < Dr-007> i haven't looked into it
14:48 < Gaffel> Why and how, I don't know. :/
14:48 < Dr-007> ok
14:48 < Dr-007> allrighty
14:48 < Dr-007> thanks :)
14:48 < Gaffel> I don't know where the DH comes in. :/
14:49 < Dr-007> i am trying to build the generation of keys inside PHP
14:49 < Gaffel> I've searched for info but I've only found what DH is and how it's created... but not where it comes in.
14:49 < Gaffel> ah, okay.
14:50 < Dr-007> thats why i'm asking
14:50 < Dr-007> its surprisingly easy
14:50 < Gaffel> I want to create my own CA that keeps track of all the certs and keys and then automatically create new ones when they get old.
14:50 < Dr-007> well you could do that via PHP i guess
14:51 < Gaffel> I want it to be done, unattended.
14:51 < Gaffel> In either scripts or C.
14:51 < Dr-007> cronjobs
14:51 < Dr-007> ok
14:51 < Dr-007> well, grep away :)
14:51 < Gaffel> :D
14:52 < Gaffel> It will become my child, an automated CA where each peer is listed in a database and all certs and keys are listed. :)
14:53 < Gaffel> Listed but not stored.
14:54 < Gaffel> Some make money just being a CA. Verisign pretty much have that as their main income.
14:54 < Dr-007> its very similair to what i am doing. i'm prodicting the next openvpn subnet and generating the server keys it should use
14:54 < Dr-007> then it should generate the clients on top of that
14:55 < Dr-007> but then again, i am just beginning to build the key generation :p the private keys were pretty easy to generate with an existing ca.crt
14:55 < Dr-007> allright, i am proceeding! thanks
14:55 < Gaffel> Are you using ca.crt as the input?
14:55 < Gaffel> or ca. something else?
14:55 < Gaffel> All these file extensions confuse me. :/
14:59 < Gaffel> A certificate is just like an ID card. It doesn't enable you to create new ones.
14:59 < Gaffel> The .key contains the private key which is used for signing (CA).
15:00 < Gaffel> Most cert and key files are plain text put der and p12 are not, they are binary.
15:01 < Gaffel> PKCS#7 and 12 are both binary.
15:01 < Gaffel> So not possible to see with a plain text editor what they contain.
15:02 < Rockyfelle> Gaffel: do you know if it's possible to access the router on the other side of a vpn?
15:03 < Gaffel> What do you mean?
15:03 < Gaffel> Like go through the tunnel and then turn around on the other side?
15:03 < Rockyfelle> I need to access the router that my vpn server is connected to
15:04 < Gaffel> The VPN server is behind the router and you want to access the local side of the router from the outside via VPN?
15:04 < Gaffel> Yes, push routes.
15:06 < Gaffel> My LAN uses 192.168.0.0/255.255.255.0 and the router/gateway on the local side is .1
15:06 < Rockyfelle> Is it complex to temporarily swtup?
15:06 < Rockyfelle> I see
15:06 < Gaffel> No, it's easy to push routes.
15:07 < Gaffel> To allow my VPN client access my LAN, I add this to server config:
15:07 < Gaffel> push "route 192.168.0.0 255.255.255.0"
15:07 < Rockyfelle> What config?
15:07 < Rockyfelle> The vpn in the server?
15:08 < Gaffel> The server, it pushes that to the clients then they connect.
15:08 < Gaffel> Yes, vpn server confgi.
15:09 < Gaffel> It will tell the clients that 192.168.0.x is found via the VPN.
15:09 < Gaffel> So adapt that depending on your network address.
15:10 < Gaffel> It's commented out in the default config
15:11 < Rockyfelle> So, if my local router address (vpn server side) is 192.168.0.1, what numbers should I use?
15:12 < Gaffel> That's the LAN stuff, you need to push that.
15:12 < Gaffel> That network is in an unknown location otherwise and therefore not routable
15:13 < Gaffel> What address does the VPN server hand out?
15:15 < Dr-007> Gaffel, i am using the ca.crt as the input file
15:16 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has quit [Read error: Connection reset by peer]
15:17 < Gaffel> Dr-007: Does it contain a private key?
15:18 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has joined #openvpn
15:18 < Rockyfelle> Network restarted
15:18 < Rockyfelle> No success
15:18 < Gaffel> :(
15:18 < Gaffel> Can you ping it?
15:18 < Gaffel> Ping router from LAN side through the VPN?
15:19 < Rockyfelle> I yes
15:19 < Rockyfelle> Wait what
15:19 < Rockyfelle> Du what now P,
15:19 < Gaffel> ?
15:20 < Rockyfelle> 192.168.0.1 still gives me local route, copied your exact code with quotes
15:20 < Gaffel> You have the same network address on both sides?
15:21 < Rockyfelle> Yes
15:21 < Gaffel> What's the address range handed out by the VPN server?
15:21 < Rockyfelle> 10.8.0.x
15:22 < Gaffel> Is your traffic rerouted at all?
15:23 < Rockyfelle> The von
15:23 < Rockyfelle> The vpn works if that's what you mean
15:23 < Gaffel> Yes
15:23 < Gaffel> So you can tracert the WAN through the VPN?
15:23 < Rockyfelle> No idea
15:23 < Gaffel> Test that first
15:25 < Rockyfelle> Wait am i supposed to add push route in local config or server config
15:25 < Gaffel> Server
15:25 < Gaffel> The server pushes route when it hands out IP
15:25 < Gaffel> That's the job of a DHCP server.
15:26 < Gaffel> To force all traffic through the VPN, this option is needed: push "redirect-gateway def1 bypass-dhcp"
15:26 < Gaffel> Also server
15:26 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
15:27 < Rockyfelle> Should I add that line to the server config then?
15:27 < Gaffel> Yes
15:27 < Gaffel> Don't add anything to the client.
15:27 < Rockyfelle> Does it matter where in the config
15:27 < Gaffel> Once the client can connect and talk to the VPN server then all you need is push gateways and routes to make traffic go through the VPN
15:28 < Gaffel> No. But those settings are commented out in the default config so if you use that config as your base then find the commented out line, uncomment it and make the necessary changes to match your network.
15:28 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has quit [Quit: Fuck rizon]
15:30 < nemysis> hello i have default network here 10.0.0.0 and ADSL modem is 192.168.178.0, i can't see in Browser ADSL site, how to fix this on client
15:30 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has joined #openvpn
15:30 < Rockyfelle> I added the thing
15:30 < nemysis> have seen https://forums.openvpn.net/topic9465.html but how to make this
15:30 <@vpnHelper> Title: OpenVPN Support Forum Accessing LAN resources when OpenVPN is not LAN's GW : Tutorials (at forums.openvpn.net)
15:31 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has quit [Client Quit]
15:34 < Gaffel> nemysis: Push the route
15:34 < Gaffel> nemysis: push "route 10.0.0.0 255.255.255.0"
15:34 < Gaffel> Add that to server config, change netmask to match your LAN
15:35 < Gaffel> Or, if 192.168.178.0
15:35 < Gaffel> Is the 10.0.0.0 the VPN or the LAN?
15:35 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
15:36 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has joined #openvpn
15:37 -!- Buff|Away is now known as Buffman
15:37 < Gaffel> Rockyfelle: How's it going?
15:37 < Gaffel> Are you restarting after each change?
15:37 < Rockyfelle> Uhu.
15:37 < Gaffel> Why?
15:38 < Gaffel> What kind of machines are the server and client running on?
15:38 < Rockyfelle> Cause I didn't think about reloading
15:38 < Rockyfelle> I'm only restarting the vpn
15:38 < Gaffel> Oh, so you're coming here through the VPN?
15:38 < Rockyfelle> Yes
15:39 < Gaffel> That explains it. ^_^
15:39 < Gaffel> Push route should do it. Next step is firewall forwarding.
15:39 < Rockyfelle> Okay
15:39 < Gaffel> You need forwarding rules for that.
15:39 < Rockyfelle> What for
15:41 < Gaffel> What OS does the OpenVPN server running on?
15:41 < Gaffel> Pushing the route should be it unless you have script forwarding rules.
15:41 < Rockyfelle> Ubuntu server
15:41 < Gaffel> strict
15:41 < Dr-007> Gaffel, i have a private key. it isn't in the .crt. why do you ask?
15:42 < Gaffel> Then how can you sign with a cert?
15:42 < Gaffel> The private key does the signing.
15:42 < Gaffel> If anyone can sign their own certs with another cert then the whole cert theory falls to pieces..
15:42 < Dr-007> ca.key?
15:42 < Gaffel> Yeah
15:42 < Dr-007> heh i dont follow..
15:43 < Dr-007> let me review the stuff i've got
15:43 < Gaffel> You say that you use ca.crt.
15:43 < Dr-007> im still building the first function
15:43 < Gaffel> .crt doesn't have the key, ca.key does.
15:43 < Dr-007> function openssl_csr_sign ($csr, $cacert, $priv_key, $days, array $configargs = null, $serial = 0) {}
15:43 < Gaffel> priv_key is what?
15:43 < Dr-007> i've got to put in the $casecrt as the second argument
15:44 < Dr-007> $privkey = openssl_pkey_new();
15:44 < Dr-007> https://www.google.nl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCYQFjAAahUKEwjstoX37_THAhVB0hoKHS6zD6k&url=http%3A%2F%2Fphp.net%2Fmanual%2Fen%2Ffunction.openssl-pkey-new.php&usg=AFQjCNGy9pUMjAyaCSYua4lfSJkrERjo2g&bvm=bv.102537793,d.d2s
15:44 < Dr-007> http://php.net/manual/en/function.openssl-pkey-new.php
15:44 <@vpnHelper> Title: PHP: openssl_pkey_new - Manual (at php.net)
15:44 -!- Droolio [~drool@host81-147-70-141.range81-147.btcentralplus.com] has joined #openvpn
15:45 < Dr-007> it outputs keys tho
15:45 < Gaffel> Yeah
15:45 < Dr-007> but i havent had a change too verify if they're right
15:45 < Dr-007> :p
15:45 < Dr-007> *chance
15:45 < Gaffel> So each cert is signed with a new priv key?
15:46 < Gaffel> Read exactly what each argument for openssl_csr_sign() does.
15:47 < Dr-007> so the first argument should be the ca.key
15:47 < Dr-007> PEM encoded CSR
15:47 < Dr-007> pfffff
15:47 < Dr-007> this stuff is hard
15:47 < Gaffel> Then it contains the private key.
15:47 < Gaffel> Aye
15:48 < Dr-007> well. let me build the functions a little bit further
15:48 < Dr-007> ill put it in pastebin when i'm satisfied
15:48 < Dr-007> and give you a link
15:48 < Gaffel> :)
15:48 < Dr-007> if your interested
15:49 < Gaffel> All the certs confuse me, so many types of encodings. :/
15:49 < Rockyfelle> Gaffel: somehow the vpn isn't working properly anymore
15:49 < Dr-007> yeah, i know
15:49 < Dr-007> just a second ago i started worrying about revoking clients
15:49 < Gaffel> Which options did you add, Rockyfelle?
15:49 < Rockyfelle> Only that push thing
15:49 < Dr-007> i thought how does that work with openvpn?! i can not just simply delete the key on my server
15:50 < Dr-007> but they've got a revoke list :)
15:50 < Rockyfelle> The vpn is on, but it's not using the vpn internet
15:50 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:50 < Gaffel> You are still connected through that IP you were on earlier.
15:50 < Rockyfelle> So if I disconnect my phone vpn as well I'll lose all access the server's ssh
15:50 < Gaffel> oh
15:51 < Gaffel> You should run ssh facing the internet with certs.
15:51 < Rockyfelle> I'm running ssh via vpn
15:51 < Gaffel> Which options have you added to the server conf?
15:51 < Rockyfelle> Sounds safer to me
15:51 < Rockyfelle> Only your gateway line
15:51 < Gaffel> It is.
15:51 < Gaffel> Are you pushing routes?
15:52 < Rockyfelle> Idk
15:52 < Gaffel> Such as this: push "route 192.168.0.0 255.255.255.0"
15:52 < Rockyfelle> I kind of just want to undo the change before my phone dies and I lose server access or something
15:52 -!- Buffman is now known as Buff|Away
15:52 < Gaffel> Then comment it out
15:53 < Rockyfelle> Yay ssh'ing trough phone :p
15:53 < Gaffel> :P
15:53 < Rockyfelle> I don't remember where it is
15:53 < Rockyfelle> The openvpn config
15:54 < Gaffel> I run SSH facing the internet on non-default port, port scanning protection, cert-only logon, short grace period etc
15:54 < Gaffel> Should be safe enough
15:54 < Gaffel> Scroll through slowly and see
15:54 < Rockyfelle> Scroll
15:54 < Rockyfelle> Phone
15:54 < Gaffel> :/
15:56 < Gaffel> I thought that you were accessing the configs through the SSH over the web since that's how you start before you have VPN up and running. :/
15:58 < Gaffel> Using the same local subnet on both ends might confuse the client.
15:58 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has quit [Read error: Connection reset by peer]
15:58 < Gaffel> I see :/
15:59 < Gaffel> Lesson: Don't limit SSH access through VPN when you configure the VPN.
16:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 246 seconds]
16:04 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has joined #openvpn
16:04 < Rockyfelle> Same join message?
16:04 < Gaffel> Aye
16:04 < Gaffel> Same IP
16:05 < Gaffel> Always have a backup for accessing the server.
16:05 < Gaffel> You can make OpenSSH really safe.
16:05 < Rockyfelle> I do have a backup
16:05 < Gaffel> Okay ^_^
16:05 < Rockyfelle> But it takes half an hour
16:05 < Rockyfelle> By public translation
16:05 < Rockyfelle> Transportation *
16:05 < Gaffel> oooh
16:05 < Gaffel> Are you VPN:ing to work?
16:06 < Gaffel> Kungälv?
16:06 < Rockyfelle> Where does it say kungalv
16:07 < Gaffel> geoiptool.com
16:07 < Rockyfelle> Where does it say my ip
16:07 < Gaffel> In the chatlog
16:07 < Rockyfelle> I see
16:08 < Gaffel> Aye, tracert goes route goes to Kungälv.
16:08 < Rockyfelle> So different networks decides wether to show ip
16:08 < Gaffel> Yes
16:08 < Rockyfelle> I see
16:08 < Gaffel> Freenode shows plain IP to limit abuse.
16:08 < Gaffel> Some have masking.
16:08 < Gaffel> Freenode has masking if you ask for it.
16:08 < Rockyfelle> Well good that I have different nicks for different servers then
16:08 < Gaffel> I haven't asked for it. I don't find it necessary.
16:09 < Gaffel> hehe
16:09 < Rockyfelle> And neither me nor server is in kungalv new
16:09 < Rockyfelle> Btw *
16:09 < Gaffel> Okay
16:09 < Rockyfelle> The geo tools always tend to be a few miles off
16:10 < Gaffel> Yeah, sometimes in the wrong country. ^_^
16:10 < Gaffel> Tracert is accurate if you know how to interpret the hostnames.
16:11 < Gaffel> http://serverfault.com/questions/601478/how-to-configure-openvpn-server-to-use-custom-default-gateway
16:11 <@vpnHelper> Title: linux - How to configure OpenVPN server to use custom default gateway? - Server Fault (at serverfault.com)
16:12 < Gaffel> Might not be relevant.
16:12 < Gaffel> So your phone uses the OpenVPN server?
16:12 < Rockyfelle> It does, yes
16:12 < Rockyfelle> Don't ask me why
16:13 < Gaffel> So what's the problem with the VPN server?
16:13 < Dr-007> Gaffel, when using easy-rsa i'd had to put in a password for my ca.cert / key but in the server / client creation process i didnt had to re-enter the password
16:13 < Rockyfelle> What privmsg
16:13 < Rockyfelle> Problem *
16:14 < Dr-007> what is it for?
16:14 < Gaffel> Rockyfelle: I've forgot what you came here for.
16:14 -!- Buff|Away is now known as Buffman
16:14 < Gaffel> Dr-007: To password protect the files.
16:14 < Rockyfelle> Ah yes, accessing the router of the vpn server
16:14 < Gaffel> ah
16:14 < Gaffel> So it's 192.168.0.1?
16:14 < Dr-007> when does this password protection reflect? when does it need to be input again?
16:14 < Rockyfelle> But I can live without it
16:14 < Rockyfelle> Yes
16:15 < Gaffel> Pushing that route should do the trick
16:15 < Gaffel> This should do it: push "route 192.168.0.0 255.255.255.0"
16:15 < Rockyfelle> That's what I did the first time
16:15 < Gaffel> If not then there's a conflict or a firewall in the way
16:15 -!- pEYEd [~kvirc@32.209.66.82] has quit [Ping timeout: 268 seconds]
16:15 < Rockyfelle> Never worked
16:15 < Gaffel> What's the local gateway for the VPN client?
16:16 < Rockyfelle> There is none
16:16 < Rockyfelle> Blank
16:16 < Gaffel> Oh, direct WWAN access?
16:16 < Rockyfelle> Dunno
16:16 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:16 < Gaffel> :|
16:16 < Rockyfelle> I have worked with this stuff before so I'm not familiar with them terms
16:17 < Gaffel> The gateway is where to send the traffic
16:17 < Gaffel> It's a way for a client to know which interface to go to when it wants to send data.
16:17 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
16:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:18 <@plaisthos> your "router"
16:18 < Gaffel> Aye
16:20 < Rockyfelle> Yeah I know that, but all cmd on my client tells me is blank
16:20 < Gaffel> Dr-007: Password protected certs stops others from importing certs.
16:20 < Gaffel> Rockyfelle: For the VPN interface, yes?
16:20 < Gaffel> I'm talking about the actual gateway used to access the internet before you connect to the VPN.
16:20 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
16:20 < Gaffel> That's your local gateway, the router.
16:21 < Dr-007> Gaffel, weird, i'm not getting errors at all while generating a new server.cert / key via my ca.key
16:21 < Dr-007> while i protected my ca with a password
16:23 -!- pEYEd [~kvirc@32.209.66.82] has joined #openvpn
16:24 < Gaffel> Dr-007: I'm not sure how that stuff works. When I import certs to Windows, it asks me for password when I import the client PKCS#12 file which has both public and private key.
16:25 < Gaffel> The ca.crt is not protected, it just asks me if I'm really sure to import cert XXXXXXXXX with the fingerprint XX:XX:XX:XX:XX:XX
16:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:26 < Dr-007> ok
16:26 -!- Buffman is now known as Buff|Away
16:26 -!- Buff|Away is now known as Buffman
16:26 < Dr-007> ill do a openssl x509 -noout -text -in server.crt
16:26 < Rockyfelle> I really like that your name is fork
16:26 < Dr-007> in a minute
16:27 < Rockyfelle> Gaffel = fork
16:27 < Gaffel> Yes
16:27 < Gaffel> I'm Swedish. ;)
16:28 < Gaffel> Instead of having some random name that nobody understands or is difficult to explain, I just take a common word. :)
16:28 < Gaffel> It's a bit funny, people don't expect you to give yourself the nickname that's the same as a word for an ordinary item. :D
16:28 < Rockyfelle> I figured you were sexism
16:28 < Rockyfelle> Swedish *
16:29 < Gaffel> ^_^
16:29 < Gaffel> A completely unrelated ordinary word as a name is funny. :)
16:29 < Rockyfelle> What part of swedenland
16:29 < Gaffel> Scania, Malmö.
16:29 < Rockyfelle> Ah, the bomb zone
16:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:30 < Gaffel> Yeah, but I'm innocent. :P
16:30 < Gaffel> I don't own any Yugoslavic handgrenades. :P
16:30 < Rockyfelle> That doesn't really work as a shield though, the innocence
16:31 < Gaffel> I know. Only a tank or diplomacy.
16:31 < Gaffel> I don't have a tank to I have to push away my fear and use diplomacy instead.
16:32 < Gaffel> *so
16:32 < Rockyfelle> Diplomacy only goes so far
16:32 < Gaffel> Yup
16:32 < Rockyfelle> Nukes are the way to go
16:32 < Gaffel> Meteors are better, they don't leave large amounts of radiation behind compared to nuclear devices. :P
16:33 < Rockyfelle> Yeah be they leave marks
16:34 < Rockyfelle> But *
16:34 < Gaffel> Creating nuclear bombs isn't hard at all. It's getting access to the high grade uranium or plutonium that's standing in the way.
16:35 < Gaffel> It's very expensive to produce the high grade fissile material.
16:35 < Gaffel> Which is why we don't see terrorists making their own bombs.
16:35 < Gaffel> They have to use ordinary explosives.
16:35 < Rockyfelle> Did you know something
16:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:36 < Rockyfelle> Creating meteors are more expensive
16:36 < Gaffel> It is? :o
16:38 -!- Buffman is now known as Buff|Away
16:38 < Rockyfelle> It is indeed
16:38 <@plaisthos> Gaffel: and your name reminded me of Göffle, which a german neologism for a mix of a fork and a spoon
16:39 < Rockyfelle> You need lots of jet fuel and steel beams to get up there
16:39 <@plaisthos> not so far off
16:39 -!- Droolio [~drool@host81-147-70-141.range81-147.btcentralplus.com] has quit [Quit: Inside every small problem is a large problem struggling to get out.]
16:39 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 268 seconds]
16:40 < Gaffel> :D
16:40 <@plaisthos> (Gabel + Löffel)
16:41 < Gaffel> :)
16:43 -!- pEYEd [~kvirc@32.209.66.82] has quit [Read error: Connection reset by peer]
16:45 < Rockyfelle> The most important question
16:45 < Rockyfelle> When were you constructed
16:46 < Gaffel> 1984
16:46 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:46 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
16:46 < Rockyfelle> I see
16:47 < Rockyfelle> Then why do you live in malmö
16:47 < Gaffel> Why not?
16:48 -!- pEYEd [~kvirc@32.209.66.82] has joined #openvpn
16:49 < Crew-L-T> hi, ya'll
16:49 < Crew-L-T> i'm back with my strange problem
16:49 < Rockyfelle> Cause it's malmö
16:50 < Crew-L-T> !configs
16:50 < HM> is it worth using GCM encryption modes with tls-auth?
16:50 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
16:50 < HM> after all tls-auth is a MAC on every packet, right?
16:51 < Crew-L-T> !paste
16:51 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
16:55 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
16:56 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:02 < HM> anyone?
17:03 < Gaffel> I have no idea, sorry.
17:03 < Gaffel> But I believe that it's only sent in TAP.
17:04 < Gaffel> TUN is a level 3 tunnel, no ethernet packets.
17:04 < Gaffel> I don't know how TLS works, but I don't think it sends MACs.
17:05 < Gaffel> HM: Are you talking about MAC as in HMAC or MAC as in ethernet?
17:08 < Gaffel> HMAC, yes.
17:08 < Gaffel> https://openvpn.net/index.php/open-source/documentation/security-overview.html
17:08 <@vpnHelper> Title: Security Overview (at openvpn.net)
17:10 -!- abbe_ [having@badti.me] has joined #openvpn
17:10 -!- abbe [having@badti.me] has quit [Read error: Connection reset by peer]
17:11 -!- greyBoss [~greyBoss@175.110.12.196] has quit [Quit: leaving]
17:11 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
17:12 -!- abbe_ is now known as abbe
17:12 < Crew-L-T> i have working setup, but it has an annoying routing bug, that i can't figure out. can anyone try to help?
17:12 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has quit [Ping timeout: 253 seconds]
17:13 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
17:14 < HM> so
17:15 < HM> the data channel is never encrypted using native TLS?
17:15 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 255 seconds]
17:27 -!- hennos [~midas8@167.160.44.236] has quit [Quit: Leaving]
17:28 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
17:28 < Crew-L-T> i've configured the server to use the ccd files and created a file for the client, but even with the iroute in place the route gets pushed to client and create a routing loop.
17:29 -!- tomodachi [~tomodachi@s-000802a0bdd3.04-30-73746f34.cust.bredbandsbolaget.se] has joined #openvpn
17:29 < tomodachi> are there any limitations with the openVPN client for IOS?
17:29 < tomodachi> thought apple sandboxed all their applications n shit
17:29 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:30 < Crew-L-T> i'm running v2.3.6
17:30 -!- CosineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
17:31 < Crew-L-T> on linux. both server and client
17:33 < Crew-L-T> i'm running both server and client at verbosity 6, and they both report the push of the route that shouldn't
17:33 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
17:33 < Gaffel> HM: Nope, you must configure tls-cipher for that
17:34 -!- toli [~toli@ip-62-235-237-112.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:35 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:35 -!- toli [~toli@ip-62-235-214-21.dsl.scarlet.be] has joined #openvpn
17:35 -!- [DS]Matej_ [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
17:35 < nemysis> i have 2.3.8
17:36 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
17:36 -!- Netsplit *.net <-> *.split quits: Netas3k, Haseo, mumixam, SineDeviance, ShapeShifter499, c|oneman, whfsdude, zamber, Neal_, APTX,  (+4 more, use /NETSPLIT to show all of them)
17:36 -!- [DS]Matej_ is now known as [DS]Matej
17:36 -!- Netsplit over, joins: Jeroen
17:37 -!- jesopo [jess@lolnerd.net] has joined #openvpn
17:38 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
17:38 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
17:39 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
17:39 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
17:41 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
17:45 < Rockyfelle> I want a gaffel
17:45 < Rockyfelle> And some hot dogs
17:46 < Gaffel> ^_^
17:46 < Dr-007> what are you planning to do with them?
17:47 < Crew-L-T> MULTI: internal route 192.168.145.0/25 -> hostname/IP:port
17:47 < Crew-L-T> PUSH: Received control message: 'PUSH_REQUEST'
17:47 < Dr-007> gaffel, the ca.key is the only file that should be moved via floppy to a pc that isn't connected to the internet. right? (to make it super duper safe
17:47 < Dr-007> )
17:47 < Rockyfelle> https://zerobin.net/?6a65e6a79897d51c#/Xasfi/lbhdZPmJdZ89Nk8v8B5WE6ODnbKWeKqjX0zk=
17:47 <@vpnHelper> Title: ZeroBin (at zerobin.net)
17:48 < Crew-L-T> SENT CONTROL [arossiach]: 'PUSH_REPLY,route 192.168.145.0 255.255.255.128
17:49 < Crew-L-T> why????
17:49 < Rockyfelle> Why?
17:52 < Crew-L-T> like i explained before, i have a fully functional setup, but! it doesn't honor the iroutes set in ccd files. why???
17:54 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
17:54 < Rockyfelle> Goodbye, nemysis
17:55 < Rockyfelle> You shall be missed
17:55 < Rockyfelle> Along with the students
17:56 < iNs> anyone really familliar with performance implications in openvpn? been doin some benchmarks for my thesis and it turns out openvpn performs significantly better with ipv6 than with ipv4, noticable with AES both 128/256, the difference is smaller using blowfish
17:58 < Crew-L-T> as far as i can read from my log files the server parses the ccd file for the client, but sends the route to the client even if it is specified as an iroute for that client
17:59 < Crew-L-T> which according to the man page, it shouldn'r do
18:06 < Gaffel> Dr-007: Yes, that kind of security  is the way to go.
18:07 < Gaffel> If the CA key ends up in the wrong hand then anyone can make up client or server certs.
18:07 < Rockyfelle> And then they will all see your child pornography.
18:07 < Gaffel> ^_^
18:08 < Rockyfelle> Oh is that not why people try to secure things?
18:09 < Rockyfelle> Or was it a secret
18:09 < Rockyfelle> My mistake.
18:09 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
18:10 -!- Buff|Away is now known as Buffman
18:10 < Gaffel> Rockyfelle :D
18:11 < Rockyfelle> It's okay Gaffel I won't tell anyone
18:12 < Rockyfelle> Gaffel: https://zerobin.net/?6a65e6a79897d51c#/Xasfi/lbhdZPmJdZ89Nk8v8B5WE6ODnbKWeKqjX0zk=
18:12 <@vpnHelper> Title: ZeroBin (at zerobin.net)
18:16 -!- Buffman is now known as Buff|Away
18:19 < Crew-L-T> can anyone answer??
18:19 < Crew-L-T> or offer any suggestions?
18:23 < Crew-L-T> from man page: OpenVPN accomplishes this by not not pushing a route to a client  if  it  matches one of the client's iroutes.
18:23 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
18:24 < Crew-L-T> but my server push'es all routes to all clients regardless
18:25 < Gaffel> Rockyfelle :o
18:25 < Crew-L-T> is there any option i am missing
18:25 < Gaffel> Rockyfelle: Did you go to that school?
18:25 < Rockyfelle> Who knows
18:25 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
18:27 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has quit [Remote host closed the connection]
18:27 < Gaffel> Crew-L-T: I'm not sure but this might help: http://backreference.org/2009/11/15/openvpn-and-iroute/
18:27 <@vpnHelper> Title: OpenVPN and iroute « \1 (at backreference.org)
18:31 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
18:34 < Rockyfelle> What happened to the kids Gaffel
18:36 < Crew-L-T> Gaffel: seems like this is kinda the same problem i've got. but i need to take a closer look. thnx for the tip
18:38 -!- austsux [~austerity@unaffiliated/austeritysucks] has joined #openvpn
18:39 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has quit [Quit: ZNC - http://znc.in]
18:42 < Gaffel> Rockyfelle: I don't know.
18:42 -!- austeritysucks [~austerity@unaffiliated/austeritysucks] has quit [Ping timeout: 246 seconds]
18:42 < Rockyfelle> But why?
18:42 < Rockyfelle> How old were they even?
18:42 < Gaffel> I don't know,
18:43 < Gaffel> Maybe a timephased house. The people who came out were offsprings of those who entered.
18:44 < Rockyfelle> But how old were the ones who entered? "
18:44 < Rockyfelle> "
18:44 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
18:46 < Gaffel> I don't know.
18:49 < Crew-L-T> Gaffel: not exactly what i was after, but i can make it work with this. thnx again
18:51 < Rockyfelle> What if I told you
18:51 < Crew-L-T> it's important to understand the theory of how stuff works, to know how to implement
18:51 < Rockyfelle> They're were kids
18:51 < Rockyfelle> The blood was from kids
18:52 < Eugene> But was it piped over a secure internet tunnel?
19:00 < Crew-L-T> Gaffel: if i understand this correctly, it will solve most of my problems. :)
19:02 < Gaffel> I didn't read too much of it, I don't have client configs, just a general config since I'm the only one using it. :)
19:05 -!- Allegiant [~allegiant@2601:c2:4102:1ec1:7072:2b54:5de5:f3bc] has joined #openvpn
19:39 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
20:02 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
20:07 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
20:10 -!- mystica555 [~mystica55@97-118-103-210.hlrn.qwest.net] has quit [Remote host closed the connection]
20:16 -!- CosineDeviance is now known as SineDeviance
20:28 -!- mystica555 [~mystica55@97-118-103-210.hlrn.qwest.net] has joined #openvpn
20:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:58 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
20:59 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
21:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
21:46 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:57 -!- adek [~adek@198.8.80.66] has joined #openvpn
22:23 -!- Allegiant [~allegiant@2601:c2:4102:1ec1:7072:2b54:5de5:f3bc] has quit [Read error: Connection reset by peer]
22:27 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 246 seconds]
22:27 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 246 seconds]
22:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
22:32 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
22:41 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
22:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
23:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
23:04 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has joined #openvpn
23:13 -!- adek [~adek@198.8.80.66] has quit [Ping timeout: 252 seconds]
23:40 -!- ShadniX [dagger@p5DDFC4AC.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:43 -!- ShadniX [dagger@p5DDFC106.dip0.t-ipconnect.de] has joined #openvpn
23:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
23:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
--- Day changed Mon Sep 14 2015
00:17 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
00:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:19 -!- mode/#openvpn [+o mattock1] by ChanServ
00:39 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
00:43 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
00:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:53 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Quit: “If we don't believe in freedom of expression for people we despise, we don't believe in it at all — Noam Chomsky”]
00:54 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
00:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:26 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has quit [Ping timeout: 250 seconds]
01:36 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has joined #openvpn
01:36 -!- leandrosansilva [~chatzilla@2001:a60:912d:14::11ae] has quit [Client Quit]
01:37 -!- leandrosansilva [~leandro@2001:a60:912d:14::11ae] has joined #openvpn
01:47 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has joined #openvpn
01:47 < Rockyfelle> Myes
01:53 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-wkmgvlhlffmhxrgp] has quit [Quit: Connection closed for inactivity]
01:57 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has quit [Ping timeout: 264 seconds]
02:00 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has joined #openvpn
02:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
02:03 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has quit [Ping timeout: 246 seconds]
02:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
02:33 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
02:46 -!- austeritysucks [~austerity@unaffiliated/austeritysucks] has joined #openvpn
02:47 -!- austsux [~austerity@unaffiliated/austeritysucks] has quit [Ping timeout: 246 seconds]
02:53 -!- austeritysucks [~austerity@unaffiliated/austeritysucks] has quit [Ping timeout: 246 seconds]
03:24 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
03:25 < Crew-L-T> morning, or what ever it is at your location
03:36 < Crew-L-T> !ovpnuke
03:36 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
04:14 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has joined #openvpn
04:14 < Rockyfelle> Yes.
04:20 -!- Rockyfelle [~name@90-230-254-168-no154.business.telia.com] has quit [Ping timeout: 246 seconds]
04:21 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 246 seconds]
04:29 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has joined #openvpn
04:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:43 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
04:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:11 -!- Borborygmi [~Casper@2a00:d880:6:4c8:9::120] has joined #openvpn
05:21 -!- Naphatul_ [~Naphatul@unaffiliated/naphatul] has joined #openvpn
05:21 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has quit [Ping timeout: 250 seconds]
05:23 -!- Borborygmi [~Casper@2a00:d880:6:4c8:9::120] has quit [Quit: irc://irc.tools:6667/IRC.tools]
05:31 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has joined #openvpn
05:32 -!- Naphatul_ [~Naphatul@unaffiliated/naphatul] has quit [Ping timeout: 255 seconds]
05:41 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has quit [Quit: Konversation terminated!]
05:44 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:50 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
06:02 -!- hennos [~midas8@167.160.44.236] has joined #openvpn
06:03 -!- ghormoon [~ghormoon@ghorland.net] has quit [Quit: ZNC - http://znc.in]
06:07 -!- shiriru [~shiriru@84.238.170.125] has joined #openvpn
06:07 -!- shiriru [~shiriru@84.238.170.125] has quit [Remote host closed the connection]
06:09 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
06:10 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:30 -!- joat [~tim@ip70-160-161-157.hr.hr.cox.net] has quit [Remote host closed the connection]
06:39 < pEYEd> if you create a new ca.key, do you also have to generate a new ta.key for TLS?
06:40 < HM> no
06:40 < HM> ta.key has nothing to do with TLS really
06:44 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has quit [Quit: irc://irc.tools:6667/IRC.tools]
06:53 < pEYEd> I keep getting a TLS handshake error https://bpaste.net/show/2e9d9a65d5d2   TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)  I have redone all of my keys three times now.  same issue.
06:54 < pEYEd> http://i.imgur.com/cTrAO2I.png
06:55 < pEYEd> both server and client firewalls are completely disabled.
07:20 -!- reuf [~reuf___@servisi.bih.net.ba] has joined #openvpn
07:42 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
07:42 -!- Buff|Away is now known as Buffman
07:48 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
08:02 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:12 < HM> fuck Android
08:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
08:22 -!- Buffman is now known as Buff|Away
08:22 -!- Buff|Away is now known as Buffman
08:24 -!- eject_ck [~eject@2001:920:1846:1dc0:1417:6590:f62e:d88e] has joined #openvpn
08:25 < eject_ck> is it right place to ask EasyRSA3 question? I have problem with getting ./easyrsa sign-req server myname myfile.csr —subject-alt-name="DNS:myname.alt.com"
08:26 < eject_ck> I'm getting cert signed, but with no SubjectAltName
08:26 < eject_ck> https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/easyrsa
08:26 <@vpnHelper> Title: easy-rsa/easyrsa at master · OpenVPN/easy-rsa · GitHub (at github.com)
08:27 < eject_ck> code says use This global option adds a subjectAltName to the request or issued cert
08:27 < eject_ck> I tried when importing with no luck
08:28 -!- n-st [~n-st@unaffiliated/n-st] has quit [Quit: ZNC - http://znc.in]
08:31 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
08:32 -!- n-st [~n-st@unaffiliated/n-st] has quit [Remote host closed the connection]
08:32 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
08:32 -!- n-st [~n-st@unaffiliated/n-st] has quit [Remote host closed the connection]
08:33 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
08:35 -!- Buffman is now known as Buff|Away
08:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
08:40 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 252 seconds]
08:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
08:45 < HM> i like the openvpn business model
08:45 < HM> make something shitty and nigh impossible to setup and then sell a premium service where it just works
08:46 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:48 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Read error: Connection reset by peer]
08:52 -!- bbert [~bbert@unaffiliated/bbert] has quit [Quit: Leaving]
08:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:54 -!- Buff|Away is now known as Buffman
08:57 -!- n-st [~n-st@unaffiliated/n-st] has quit [Quit: ZNC - http://znc.in]
08:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:00 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
09:01 -!- n-st [~n-st@unaffiliated/n-st] has quit [Client Quit]
09:01 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
09:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
09:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:18 -!- Buffman is now known as Buff|Away
09:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
09:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:21 -!- Buff|Away is now known as Buffman
09:21 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
09:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
09:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:30 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
09:30 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has left #openvpn []
09:34 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
09:34 -!- patsToms [~patsToms@radioa7.lv] has joined #openvpn
09:36 < patsToms> morning
09:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:37 < patsToms> can I ask desktop related question here? I am struggling to get connection to work .-.
09:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
09:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:01 < Gaffel> patsToms, speak up!
10:01 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
10:02 < patsToms> so I am with linux mint, here I have a nice «Add vpn gui» for open vpn. So I configured all and so on, when I connected I got that connection is successful.
10:03 < patsToms> but vpn's network is not really working
10:03 < patsToms> I can't ping anything, even broadcast. When I checked routes, there was some from VPN, but yo, seems like I have no idea how to debug and find solution to this.
10:04 -!- Buffman is now known as Buff|Away
10:06 < tomodachi> patsToms: do a ifconfig
10:06 < tomodachi> find your openvpn interface
10:06 < tomodachi> it is named tun0 most probably
10:06 < patsToms> tomodachi, yes, found it
10:06 < tomodachi> it has a local ip , and a destination ip
10:06 < tomodachi> basicall thats one ip for each end of the tunnel
10:06 < tomodachi> can you ping the remote ip_!
10:07 < patsToms> tomodachi, I can see inet addr, but can't really see «remote ip»
10:08 < patsToms> tomodachi, http://vpaste.net/gQhGH
10:08 -!- Buff|Away is now known as Buffman
10:09 < tomodachi> inet addr:192.168.84.203  P-t-P:192.168.84.203  Mask:255.255.255.0
10:09 < tomodachi> that looks wrong
10:10 < tomodachi> ah or wait , its a client to site vpn
10:10 < patsToms> seems like client
10:10 < tomodachi> hmm still weird
10:10 < tomodachi> as both adresses are the same
10:10 < tomodachi> you can start by fixing that
10:11 < patsToms> tomodachi, how can I fix it?
10:12 < tomodachi> i think there is something wrong with the setup in your server
10:13 < tomodachi>   inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
10:13 < tomodachi> is how it looks in my end
10:13 < tomodachi> the remote end has a different ip
10:13 < tomodachi> so you should have that to
10:13 < tomodachi> openvpn config on server side seems weird? dont know really never had that issue
10:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:32 -!- mete [~mete@91.247.253.160] has quit [Read error: Connection reset by peer]
10:32 -!- eject_ck [~eject@2001:920:1846:1dc0:1417:6590:f62e:d88e] has left #openvpn []
10:41 -!- mete [~mete@91.247.253.160] has joined #openvpn
10:42 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
10:47 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:52 -!- Buffman is now known as Buff|Away
10:56 -!- Buff|Away is now known as Buffman
10:59 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has joined #openvpn
11:00 < Naphatul> i'm creating certificates with easy-rsa, what's the "name" field for?
11:00 < Naphatul> because CN is already set when invoking the command with the name, and name is always the default one i set up
11:10 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
11:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
11:29 -!- speeddragon [~speeddrag@30.20.103.87.rev.vodafone.pt] has joined #openvpn
11:33 -!- speeddragon [~speeddrag@30.20.103.87.rev.vodafone.pt] has quit [Remote host closed the connection]
11:41 < cryptic1> OCT 6th new surface
11:41 < cryptic1> oops
11:41 < cryptic1> wrong channel
11:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:59 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:17 -!- jmacdona_ [~jmacdonal@drmons0544w-142068202013.dhcp-dynamic.FibreOp.ns.bellaliant.net] has joined #openvpn
12:17 -!- jmacdona_ [~jmacdonal@drmons0544w-142068202013.dhcp-dynamic.FibreOp.ns.bellaliant.net] has quit [Client Quit]
12:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:57 -!- naggappan [~nandhu@103.16.71.71] has joined #openvpn
12:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:10 -!- naggappan [~nandhu@103.16.71.71] has quit [Quit: Konversation terminated!]
13:10 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
13:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
13:32 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:50 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
13:53 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has quit [Ping timeout: 252 seconds]
13:53 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
13:54 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has joined #openvpn
14:07 -!- kossy [a@unaffiliated/kossy] has quit [Read error: Connection reset by peer]
14:08 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has quit [Ping timeout: 256 seconds]
14:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
14:12 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has joined #openvpn
14:13 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
14:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
14:50 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has quit [Quit: Konversation terminated!]
14:51 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Remote host closed the connection]
15:04 -!- cryptic1 is now known as lazyadmin
15:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
15:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:26 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 272 seconds]
15:26 -!- lazyadmin is now known as cryptic1
15:29 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
15:43 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has joined #openvpn
15:43 -!- ghostboarder [~johngalt@S0106586d8f472b44.va.shawcable.net] has left #openvpn []
15:49 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:52 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 264 seconds]
16:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
16:02 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:18 -!- nullsign is now known as OS-17344
16:33 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:39 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
16:39 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
16:47 -!- Rockyfelle [~name@7.214.216.81.static.g-mt.siw.siwnet.net] has joined #openvpn
16:47 < Rockyfelle> Hah
16:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:06 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 252 seconds]
17:15 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:30 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
17:31 < Dr-007> !heartbleed
17:31 <@vpnHelper> "heartbleed" is (#1) only affects OpenSSL 1.0.1 through 1.0.1f. Does not affect polarssl or (#2) if running vuln openssl then both client and server keys not protected by tls-auth should be considered compromised. or (#3) android 4.1.2_r1 is the first one to have -DOPENSSL_NO_HEARTBEATS and it is still in master. android 4.1 and 4.1.1 are probably affected. or (#4)
17:31 <@vpnHelper> https://community.openvpn.net/openvpn/wiki/heartbleed or (#5) http://xkcd.com/1354/
17:31 < Dr-007> !poodle
17:31 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
17:31 < Dr-007> !ovpnuke
17:31 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
17:32 -!- OS-17344 is now known as nullsign
17:37 < Dr-007> if i'd like to put my configs in another place then the /etc/openvpn directory. then should i just change the path in /etc/init.d/openvpn to make the configs load from my custom path? or is there a better approach?
17:38 < Dr-007> like execute the openvpn server customly via another script
17:38 < Dr-007> *servers
17:38 < Gaffel> Just use absolute paths or create new service scripts that start openvpn with --config /custom/path/to/config
17:39 < Gaffel> If you only specify the filename then it looks in its workpath which is the directory the file is executed in, unless specified to be something else.
17:39 < Dr-007> ok
17:40 < Dr-007> i'll check them out
17:40 < Dr-007> or do you think its stupid to put the configs in another directory in the first place?
17:40 < Gaffel> The config can also have certs and keys integrated. That makes it possible to only worry about one file, the config.
17:40 < Gaffel> It depends on the purpose.
17:41 < Dr-007> the permissions on the other directory are so that my website can overwrite the config files for servers
17:41 -!- tytan [~Terance@p5B3E518F.dip0.t-ipconnect.de] has joined #openvpn
17:41 < Dr-007> modifying the ip ranges and stuff
17:41 < Dr-007> i guess i could just add the apache user to access the /etc/openvpn dir
17:41 < Dr-007> then i'm "done" as well
17:42 < Gaffel> Set permissions
17:42 < tytan> Hello, everyone. I have installed openvpn as on ubuntu 14.04 und configured my router. I can connect to my VPN, browser the internet but I can't access computers, routers or servers in lan. Not even knowing the ip address :/
17:42 < Dr-007> haha, ok :) i thought it'd be better to keep them seperated
17:42 < Gaffel> What IP range does the VPN server hand out, tytan?
17:42 < Dr-007> but then i'll do that
17:42 < Gaffel> Dr-007: It is
17:43 < tytan> Gaffel I don't know
17:43 < Gaffel> tytan: Check your own IP.
17:43 < Gaffel> Using ifconfig or what ever tool Ubuntu uses.
17:43 < tytan> Gaffel Well, it looks like a have a totally wrong DHCP server
17:44 < Gaffel> Dr-007: If you let other programs walk over that directory then the best choice is to move the involved files to an isolated place and then make changes to service/script files that handle the starting and closing of the openvpn daemon
17:44 < tytan> Gaffel I checked it on my Windows 7 client
17:44 < Gaffel> Okay
17:44 < tytan> Gaffel My address if equally wrong, too
17:45 < Gaffel> Disconnect and paste server config here: https://bpaste.net/
17:46 < tytan> I installed the access server because I'm not really good at that stuff :/
17:46 < Gaffel> I don't know what "the access server" is.
17:46 < Gaffel> Access as in MS Access?
17:47 < Dr-007> Gaffel, ok then i'm back on course of plan A
17:47 < tytan> Gaffel No, There is something like OpenVPN Access Server. Do you want me to give you a link? :)
17:47 < Gaffel> :D
17:47 < Gaffel> tytan: Yes
18:07 < Rockyfelle> Hi gaffel <3
18:08 < Rockyfelle> Want to buy me a drink?
18:08 < tytan> I'd like to. But I live in germany :D
18:08 < Rockyfelle> Aw
18:18 < tytan> I guess you're all living far away from me
18:18 < Rockyfelle> :(
18:18 < Rockyfelle> But it's my birthday! :(
18:19 < Gaffel> Hallo Rockyfelle
18:19 < Gaffel> Happy birthday, Rockyfelle. :)
18:19 < Rockyfelle> It's my 18:th birthday and gaffel won't buy me a drink :(
18:19 < tytan> Rockyfelle Seriously?
18:20 < Rockyfelle> I'm serious
18:20 < Dr-007> if server keys are in any way not "good" will openvpn report this in the logfile?
18:20 < tytan> Then tell me there is a service I can order a drink for you and pay with paypal!
18:20 < Rockyfelle> :O
18:20 < tytan> =P
18:20 < tytan> Or come to germany. We have beer
18:20 < Rockyfelle> I'm not sure I don't drink
18:20 < tytan> Is a coke ok, too?
18:21 < Rockyfelle> Yeah
18:21 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
18:21 < Gaffel> I'm 31 and I've never liked alcohol.
18:21 < Dr-007> no one likes likes it
18:21 < Rockyfelle> I like cider
18:21 < Dr-007> thats impossible
18:21 < Dr-007> everybody drinks to get drunk!
18:21 < Gaffel> I don't like that concept, Dr-007
18:22 < Dr-007> then you'll keep your braincells
18:22 < mystica555> Dr-007: circular logic: the logic requires that one wishes to get drunk; then it makes sense: when one wishes to, yes, they drink
18:23 < Rockyfelle> tytan: http://www.drinko.se/dagligvaror/lask.html XD
18:23 <@vpnHelper> Title: Handla Läsk på nätet | Drinko.se (at www.drinko.se)
18:23 < Gaffel> haha
18:23 < tytan> I like Single Malt Scotch. But not to get drunk but to experience a great taste
18:24 < Dr-007> anyone knows if openvpn reports it when i am using a wrongfully signed server.crt/key ? it can't be that the generation works at the first try
18:25 < mystica555> Dr-007: turn up the logging verbosity; it should be there, if it didnt work
18:25 < Eugene> Dr-007 - you'll get "TLS Authentication Failed" in the server's log
18:25 < mystica555> (and maybe it did?)
18:25 < Eugene> If you're using easy-rsa, chances are it worked right
18:25 < Rockyfelle> Apparently this site won't let you buy a single drink :(
18:25 < Dr-007> eugene, i wrote a script myself. thats why it shouldn't already be working
18:25 < Eugene> Aha
18:26 < Dr-007> mystica555, good one. ill do that. verb is 4 right now
18:26 < Eugene> In that case, maybe you hit the Ballmer Peak? ;-)
18:26 < tytan> Ok everyone. Thank you very much for your kindness and have a nice day!
18:27 < Dr-007> Eugene, lol! http://cdn2.hubspot.net/hub/276560/file-405624091-png/Blog_Images/ballmer-peak.png
18:27 < Dr-007> nope, no alcohol today
18:27 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
18:27 < Rockyfelle> tytan: same to you!
18:33 -!- tytan [~Terance@p5B3E518F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
18:34 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 250 seconds]
18:40 -!- ketas [~ketas@123-88-235-80.dyn.estpak.ee] has joined #openvpn
19:13 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has quit [Ping timeout: 256 seconds]
19:14 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 250 seconds]
19:20 < Dr-007> i've got two server configs. they both got an seperate server ip, seperate port and seperate ranges.
19:20 < Dr-007> they also both go different .crt and .key
19:20 < Dr-007> only the dh.pem and ca.crt are the same in both server configs
19:21 < Dr-007> now am i using the a client cert / key on the wrong server expecting that i could not connect
19:21 < Dr-007> but i can simply connect to the server with the wrong cert / key.
19:21 < Dr-007> how come?
19:40 < Gaffel> You need to tell it to be picky.
19:40 < Gaffel> Force ccd and it will be taken care of.
19:42 < Gaffel> The common name is used as an identifier.
19:42 < Gaffel> CN (common name) in the cert.
19:42 -!- hennos [~midas8@167.160.44.236] has quit [Quit: Leaving]
20:03 -!- sh1rtybird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 240 seconds]
20:04 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
20:04 < Crew-L-T> Gaffel: how do you force ccd??
20:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
20:07 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
20:10 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 260 seconds]
20:15 -!- efm [~efm@vpn.tummy.com] has joined #openvpn
20:15 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
20:17 < efm> !welcome
20:17 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
20:17 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:18 < efm> !howto
20:18 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
20:29 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has joined #openvpn
20:37 -!- pringlescan [~Adium@c-71-224-251-248.hsd1.pa.comcast.net] has joined #openvpn
20:37 < pringlescan> !configs
20:37 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:41 < pringlescan> O
20:41 < pringlescan> Hello all, I'm having an issue with "Authenticate/Decrypt packet error: packet HMAC authentication failed", here are my server and client configs: https://gist.github.com/jmealo/636e3a1f632725591a91
20:41 <@vpnHelper> Title: client.conf · GitHub (at gist.github.com)
20:42 -!- naggappan [~nandhu@103.16.71.71] has joined #openvpn
20:42 < pringlescan> I'm able to access other OpenVPN servers and I've set them up before, however, this time it's on Google Compute Engine, so I have little control over the firewall… Some traffic gets through and then that starts happening. I checked for clock drift
20:42 < naggappan> Hi is openvpn comming up with solution for openstack
20:47 -!- naggappan [~nandhu@103.16.71.71] has quit [Ping timeout: 265 seconds]
20:49 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
20:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:11 < pringlescan> I added my openvpn server as my next hop route for my vpn's cidr range… and it seems like traffic processed by that rule is what causes the packet HMAC authentication failed. if I ping a vpn client i get that error as well as if I connect to mysql, but just basic ssh works without the errors
21:20 -!- ketas is now known as ketas-
21:23 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
21:33 -!- ketas- [~ketas@123-88-235-80.dyn.estpak.ee] has quit []
21:46 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 240 seconds]
21:50 < pringlescan> I also tried pritunl because someone claimed it works on GCE, however, that still has the "Authenticate/Decrypt packet error: packet HMAC authentication failed" errors, so I can only assume that it's not my configuration, but that it's a network or GCE issue :-\
22:21 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:30 -!- wheels_up [uid16219@gateway/web/irccloud.com/x-xeepgjguatxxrtlt] has quit [Ping timeout: 246 seconds]
22:30 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 246 seconds]
22:30 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has quit [Ping timeout: 246 seconds]
22:31 -!- wheels_up [uid16219@gateway/web/irccloud.com/x-kmtwduigolmfnzzk] has joined #openvpn
22:31 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
22:32 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
22:39 -!- efm [~efm@vpn.tummy.com] has left #openvpn ["Konversation terminated!"]
22:41 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 246 seconds]
22:42 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has quit [Ping timeout: 246 seconds]
22:44 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has joined #openvpn
22:57 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has joined #openvpn
23:05 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
23:05 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
23:07 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Read error: Connection reset by peer]
23:07 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
23:42 -!- ShadniX [dagger@p5DDFC106.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:42 -!- ShadniX_ [dagger@p579417BF.dip0.t-ipconnect.de] has joined #openvpn
23:42 -!- ShadniX_ is now known as ShadniX
23:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
--- Day changed Tue Sep 15 2015
00:01 -!- pringlescan [~Adium@c-71-224-251-248.hsd1.pa.comcast.net] has quit [Quit: Leaving.]
00:15 -!- MrVandelay [~nox@94.254.51.252] has joined #openvpn
00:21 < MrVandelay> I've got two openvpn connections that I want to keep open. One that I route all my traffic through, and one that gives me access to computers on a remote intranet. It only works if the intranet-connection is started after the connection that I route all traffic through. How can I make sure that the intranet ovpn is started _after_ the other ovpn connection?
00:25 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:28 -!- Malsasa [~Malsasa@36.84.70.90] has joined #openvpn
00:30 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
00:35 -!- MrVandel1 [~nox@sysv.se] has joined #openvpn
00:35 -!- MrVandel1 is now known as MrVandelay_
00:38 -!- MrVandelay [~nox@94.254.51.252] has quit [Ping timeout: 255 seconds]
00:39 -!- MrVandelay_ is now known as MrVandelay
00:42 -!- MrVandelay [~nox@sysv.se] has quit [Quit: WeeChat 1.3]
00:47 -!- MrVandelay [~nox@94.254.51.247] has joined #openvpn
00:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:56 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
01:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:00 -!- mode/#openvpn [+o mattock1] by ChanServ
01:06 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
01:20 -!- Rockyfelle [~name@7.214.216.81.static.g-mt.siw.siwnet.net] has quit [Ping timeout: 244 seconds]
01:21 -!- reuf [~reuf___@servisi.bih.net.ba] has quit [Quit: Leaving]
01:22 -!- Malsasa is now known as Guest40949
01:22 -!- Guest40949 [~Malsasa@36.84.70.90] has quit [Ping timeout: 240 seconds]
01:29 -!- Moonlightning [~blackl@unaffiliated/moonlightning] has quit [Remote host closed the connection]
02:04 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 246 seconds]
02:10 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
02:13 < subzero79> MrVandelay a quick though is to add the second openvpn as a script in one of the route-up directives
02:48 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 265 seconds]
02:49 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
02:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
02:53 < MrVandelay> subzero79: route-up directives?
02:56 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
03:10 -!- MrVandelay [~nox@94.254.51.247] has quit [Quit: WeeChat 1.3]
03:14 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:17 -!- MrVandelay [~nox@sysv.se] has joined #openvpn
03:18 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
03:19 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:46 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:50 -!- MrVandelay [~nox@sysv.se] has quit [Ping timeout: 252 seconds]
03:51 -!- MrVandelay [~nox@sysv.se] has joined #openvpn
03:59 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has joined #openvpn
04:04 < Naphatul> what's the difference between CN and name in the certificate? what do "remote-cert-tls" and "remote-cert-tls" check against?
04:04 < Naphatul> *and "ns-cert-type"
04:29 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:53 -!- MrVandelay [~nox@sysv.se] has quit [Quit: WeeChat 1.3]
04:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:59 -!- hennos [~midas8@167.160.44.236] has joined #openvpn
05:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:20 -!- afics is now known as af1cs
05:20 -!- af1cs is now known as afics
05:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:32 -!- Netsplit *.net <-> *.split quits: whfsdude, mumixam, Netas3k, leandrosansilva
05:34 -!- Netsplit over, joins: mumixam
05:34 -!- Netsplit over, joins: leandrosansilva
05:34 -!- toli [~toli@ip-62-235-214-21.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:34 -!- Netsplit over, joins: whfsdude
05:36 -!- toli [~toli@ip-62-235-216-57.dsl.scarlet.be] has joined #openvpn
05:38 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
06:53 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has quit [Read error: Connection reset by peer]
06:53 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
06:53 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has joined #openvpn
06:56 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:27 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
07:37 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
07:37 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
07:38 < Crew-L-T> hi, i've got a tunnel set up between two networks, the tunnel is running over the open internet and both server and client is behind a nat router. i can ping from end to end in the tunnel, but i can't figure out the routing to allow traffic between the two networks. can anyone point me to a good how to?
07:51 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 268 seconds]
07:54 < speeddragon> Crew-L-T: what software are you using ? Linux ?
07:54 < Crew-L-T> speeddragon: yes
07:54 -!- shiriru [~shiriru@84.238.170.125] has joined #openvpn
07:54 < speeddragon> A regular distribution ?
07:54 < Crew-L-T> slackware
07:55 < Crew-L-T> dunno if you think that is regular
07:55 < speeddragon> yes
07:56 < speeddragon> You have like 2 computers, one in each network running openpvn
07:56 < Crew-L-T> i have a two tunnel clients running on the box, one is routing just fine (internal tunnel) the other one can only ping from end to end
07:56 < speeddragon> and you want other computers in both of network reach each others ?
07:57 < Crew-L-T> yes
07:57 < speeddragon> Check if this helps, https://serverfault.com/questions/418354/how-to-set-up-openvpn-to-let-the-vpn-clients-to-access-all-the-servers-inside-th
07:57 <@vpnHelper> Title: How to set up OpenVPN to let the VPN clients to access all the servers inside the server LAN? - Server Fault (at serverfault.com)
07:58  * Crew-L-T flips eagerly over to the browser
08:05 < Crew-L-T> speeddragon: this is a good start, but i want bi-directional access. all machines on client side can access all machines on server side, and vice-versa
08:05 < speeddragon> You need to add a static route
08:05 < speeddragon> on your router
08:05 < speeddragon> for example
08:05 < Crew-L-T> to what?
08:05 < Crew-L-T> from where?
08:06 < speeddragon> for example
08:06 < Crew-L-T> and via who?
08:06 < speeddragon> if you want to access network 2 from network 1
08:06 < speeddragon> the network 2 need to know where to go to reach network 1
08:06 < speeddragon> you should add on your main router, I think
08:09 < Crew-L-T> i have routes on every machine on both subnets, given out in dhcp negotiation
08:13 < Crew-L-T> and if it was a fw/iptables issue, the other vpn-tunnel wouldn't work either, as they are running on the same box
08:14 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:15 -!- shiriru [~shiriru@84.238.170.125] has quit [Ping timeout: 240 seconds]
08:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
08:21 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
08:23 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:23 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
08:28 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit []
08:29 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
08:32 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 246 seconds]
08:32 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
08:33 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
08:49 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
08:52 < Crew-L-T> damn fire alarm
08:53 < Crew-L-T> if there was a fire to go wit the alarm it would be ok, but this is ridiculous running out for nothing
08:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
08:58 < Crew-L-T> speeddragon: what happened to you?
08:59 < speeddragon> went lunch
09:00 < speeddragon> I would say check the firewall and check if you have all the rules, and if the ipv4 forward is enabled
09:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:04 < Crew-L-T> i have checked, over and over. and when i compare, the only difference is that i don't use snat, since all machines on both subnets have routes to the other subnet via the openvpn server
09:05 < Crew-L-T> thanks anyways for your help
09:05 < Crew-L-T> i'll just have to experiment a bit more, to find where i've gone wrong
09:10 < hydrajump> I have a weird issue I can't figure out. I can connect fine to my openvpn server. However, during the first 2min 30sec I have no internet access. At almost 2min 30sec the connection reconnects and from that point on I have a steady connection.
09:11 < hydrajump> I have tested with several clients and almost been able to time it by pinging google.com before the openvpn connection and then waiting until it times out and then starts pinging again.
09:27 -!- trohn_javolta [d4ec1493@gateway/web/freenode/ip.212.236.20.147] has joined #openvpn
09:27 -!- trohn_javolta [d4ec1493@gateway/web/freenode/ip.212.236.20.147] has quit [Client Quit]
09:28 -!- shiriru [~shiriru@46.10.49.231] has quit [Quit: Leaving]
09:32 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Remote host closed the connection]
09:39 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:45 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
09:46 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:48 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Remote host closed the connection]
09:49 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:54 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
10:01 -!- alec-b [~alec@59.110.108.93.rev.vodafone.pt] has quit [Ping timeout: 265 seconds]
10:02 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
10:11 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:12 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:16 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Read error: Connection reset by peer]
10:17 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:33 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
10:53 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has quit [Read error: Connection reset by peer]
10:54 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has joined #openvpn
10:55 -!- SineDeviance [~quassel@2602:ffc5::d390:c24f] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
11:11 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:13 -!- r3zon8 [~r3zon8@csc.interimhealthcare.com] has joined #openvpn
11:13 < r3zon8> morning all
11:13 < r3zon8> question..to update the AS vmware appliance..a simple wget and dpkg is all i need?
11:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:22 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
11:23 < Eugene> !as
11:23 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
11:23 < Eugene> r3zon8 ^
11:24 < r3zon8> thank you
11:47 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
11:50 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:53 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
11:57 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
12:03 -!- natarej [natarej@101.188.5.229] has joined #openvpn
12:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:26 -!- l30 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:27 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
12:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
12:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
12:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:56 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 256 seconds]
12:59 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:07 < Dr-007> i've got two server configs. each one configuration has a seperate vpn server ip, ip ranges and most importantly each vpn server has a different .crt and .key. from each server .crt and .key i've created a client .crt / key.
13:07 < Dr-007> to my own amazement the vpn client connection to my server worked the first time. i'm amazed since i created the openssl generation script myself
13:09 < Dr-007> this was a connection to server 1
13:09 < Dr-007> i then overwrite the client .crt / .key from my client that was generated from my second server its .crt / key.
13:09 < Dr-007> but didn't change my openvpn.conf. so i was connecting with the .crt/key from server 2 to openvpn server 1
13:10 < Dr-007> i could simply connect to server 1 with the wrong .crt/key
13:10 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:11 < Dr-007> or is this supposed to happen? since both server .crt / key are derived from one ca.crt?
13:16 < Gaffel> No
13:17 < Gaffel> server.crt derives from server.csr which is signed by CA using ca.key.
13:17 < Gaffel> ca.crt is used to check the vaility of that signing.
13:17 < Dr-007> server.csr?
13:18 < Dr-007> ah
13:18 < Gaffel> *validity
13:18 < Dr-007> i don't understand whats wrong then
13:18 < Gaffel> server.csr is generated by the "server" together with server.key, creating a keypair. The server signs server.csr with server.key. server.csr contains details and public key.
13:19 < Gaffel> The CA takes server.csr, signs it with ca.key and creates server.crt and sends it back.
13:19 < Gaffel> Now server has server.crt and server.key.
13:20 < Dr-007> ok
13:20 < Gaffel> If server is a client and you want that client to be able to use both .crt and .key, they can be integrated and convverted into PKCS#12. client.crt+client.key=client.p12
13:20 < Gaffel> Each peer needs a pair of keys, the public and private key.
13:21 < Gaffel> http://www.area536.com/projects/be-your-own-certificate-authority-with-openssl/
13:21 <@vpnHelper> Title: Be your own Certificate Authority with OpenSSL (at www.area536.com)
13:21 < Dr-007> peer = client?
13:21 < Gaffel> Peer are equals, with can be servers and clients.
13:21 < Dr-007> ok
13:21 < Dr-007> but the whole idea i'm trying to achieve, which is:
13:21 < Gaffel> So when I say peers, I mean the two machines that talk at any given moment.
13:22 < Gaffel> Server+client
13:22 < Dr-007> i've got a bunch of devices on network/server 1 with their own client keys derived from server 1 crt/key.
13:23 < Dr-007> and a bunch of devices on server 2
13:23 < Gaffel> That's wrong. Servers don't make client certs or keys.
13:23 < Dr-007> you already answered that
13:23 < Dr-007> oh?
13:23 < Dr-007> i thought:
13:23 < Gaffel> Clients make their own pair of keys and sends a request in form of a CSR file to the CA to get it signed.
13:24 < Gaffel> Servers do the same. The difference will be restrictions inside the certs.
13:24 < Dr-007> ca.crt &key gen>>> server.crt & key
13:24 < Dr-007> server.crt & key gen>>> client.crt & key
13:24 < Gaffel> ah, no.
13:24 < Gaffel> The CA is the authority.
13:25 < Gaffel> Servers and clients go back to the ca.crt and checks if the server/client.crt is legit.
13:25 < Dr-007> allright, that i understand
13:25 < Gaffel> It's all magic. :)
13:25 < Dr-007> i've signed all cert/keys with the ca
13:25 < Dr-007> so then it is normal that my clients can reach all networks
13:25 < Dr-007> there's no way to prevent this?
13:26 < Gaffel> That's normal, yes.
13:26 < Gaffel> The certs mean that they are trusted, as long as the certs are valid and verified.
13:26 < Dr-007> or should i then be generating different ca's for each server?
13:26 < Gaffel> No, one CA
13:27 < Gaffel> Create a CA in a separate folder called "ca", for example in /root
13:27 < Dr-007> so there is absolutely no way to set up openvpn this way that it can only reach network A
13:27 < Dr-007> but not B
13:27 < Gaffel> Then, each device that's able to run openssl (there are binaries for Windows), generates a key pair and sends the .csr to the CA.
13:28 < Gaffel> Dr-007: That's up to the server to see how is allowed and who isn't.
13:28 < Dr-007> via the black / revoke list
13:28 < Dr-007> aah damn
13:28 < Dr-007> allright :)
13:29 < Gaffel> A CRL is issued by the CA.
13:29 < Dr-007> didn't i promise you to take a look at the script?
13:29 < Gaffel> The server can use other means to limit access such as only accept certain common names.
13:29 < Gaffel> I guess you did. ^_^
13:29 < Gaffel> Each certificate contains a Common Name, also known as CN, which should be unique to each device or user.
13:30 < Gaffel> You can have a unique client cert for all your own devices and give one cert to each individual that they install on all their devices.
13:30 < Gaffel> But you can also issue a cert for each device and the servers can den prohibit duplicate CNs and then limit access based on CNs.
13:31 < Gaffel> The details in a cert can not be changed once the csr has been made and sent off for signing.
13:32 < Dr-007> be quick: http://pastebin.com/Wkh0ja2N
13:32 < Gaffel> The way to do it is to create the key pairs on a non-CA machine, preferably on each unique device and then send the .csr to the CA which will sign it.
13:32 < Dr-007> it isn't finished yet tho
13:32 < Gaffel> :)
13:32 < Gaffel> Okay, do this: Create ca.key and then self-sign ca.crt.
13:33 < Gaffel> All .key files are private and should not be shared with anyone.
13:33 < Dr-007> ok
13:33 < Dr-007> just read the last you said
13:33 < Dr-007> i am creating a client crt / key for each device
13:33 < Dr-007> but i am now using the "server" generated from the "ca" to create that "client"
13:33 < Dr-007> which isn't neccaserry
13:33 < Dr-007> (you say)
13:33 < Dr-007> so i will stop to do that
13:33 < Gaffel> Don't involve server, that's the wrong way
13:34 < Dr-007> exactly
13:34 < Dr-007> so just create the "clients" straight from the "ca"
13:34 < Dr-007> right?
13:34 < Gaffel> Then let applicants (servers and clients) create .csr and .key and upload/submit their .csr file to the CA.
13:34 < Gaffel> No, servers and clients create their own .csr and .key
13:34 < Gaffel> So your CA can do this in two ways
13:35 < Gaffel> Those applicants (servers and clients) that are able to, create .csr and .key and upload/submit their .csr file to the CA.
13:35 < Gaffel> Then you, the master, will inspect these and then sign them off in batches.
13:35 < Gaffel> Then the user can come back and get their .crt
13:35 < Dr-007> i'm not looking for a system where people need to upload stuff
13:36 < Gaffel> Okay
13:36 < Dr-007> they're embedded in a router
13:36 < Dr-007> multiple routers
13:36 < Dr-007> so i need to create them myself
13:36 < Dr-007> then push them in the router
13:36 < mystica555> script up an ssh session to do it for you
13:36 < mystica555> on the routers themselves
13:36 < mystica555> never over the wire = less chance for interception ;)
13:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:37 < Gaffel> Then you can fill a form of information and have the CA create a keypair and give either client.crt and client.key or just smashed together with client.p12
13:37 < Gaffel> Do it over HTTPS or as mystica555 says, SSH.
13:37 -!- Jezekus [~Jezekus@93.99.25.19] has joined #openvpn
13:38 < Dr-007> allrighty
13:38 < Dr-007> thank you very much
13:38 < Dr-007> i'm going to eat and let it sink in
13:38 < Dr-007> then pimp it :)
13:38 < Gaffel> So crete server.csr+server.key and sign the server.csr with ca.key
13:39 < Gaffel> Then use that for create HTTPS for your stuff.
13:39 < Jezekus> hello could somebody help me as I'm getting socks_handshake: TCP port read timedout expired: Operation now in progress (errno=115)
13:39 < Gaffel> Then hand out server.crt to your devices.
13:39 < Dr-007> ok
13:40 < Gaffel> Dr-007: Never let private keys pass over unencrypted wires or radio. Always use SSH or physical media for that. Not like someone is sniffing your wifi, it's just the way it's done.
13:41 < Gaffel> Even encrypted wifi is not secure enough unless you have WPA2 EAP-TLS fully configured and you trust every single device listening in. ;)
13:42 < Gaffel> And when it comes to wifi encryption, WEP and WPA+TKIP might as well be plain text. ;)
13:42 < Gaffel> Dr-007: Let it sink in and read this: http://www.area536.com/projects/be-your-own-certificate-authority-with-openssl/
13:42 <@vpnHelper> Title: Be your own Certificate Authority with OpenSSL (at www.area536.com)
13:42 < Gaffel> Dr-007: Then let it sink in even more :)
13:44 < Gaffel> By the way, run certs/public key cryptography over SSH and only allow that. Not the default login+password.
13:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
13:54 -!- nullsign is now known as OS-17344
13:56 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
13:58 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
14:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
14:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:03 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has quit [Quit: Konversation terminated!]
14:07 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
14:19 -!- OS-17344 is now known as nullsign
14:21 -!- liriel [~liriel@185.21.217.6] has quit [Quit: bye]
14:22 -!- Jezekus [~Jezekus@93.99.25.19] has quit [Ping timeout: 250 seconds]
14:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
14:28 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
14:31 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
14:32 -!- guntha [~rmerritt@unaffiliated/guntha] has quit [Quit: Leaving]
14:45 < Gaffel> Dr-007: Distribute ca.crt to your clients and put server.crt and server.key in the httpd thingy and configure https only (force HTTPS, preferably TLS 1.2, TLS 1.0 [SSL 3.0] has known bugs). Do that before you send keys back and forth over http(s).
14:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:49 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Read error: Connection reset by peer]
14:52 -!- hennos [~midas8@167.160.44.236] has quit [Quit: Leaving]
14:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
15:10 < hydrajump> !keepalive
15:10 <@vpnHelper> "keepalive" is (#1) see --keepalive in the manual for how to make clients retry connecting if they get disconnected. or (#2) basically it is a wrapper for managing --ping and --ping-restart in server/client mode or (#3) if you use this, don't use --tls-exit and also avoid --single-session and --inactive or (#4) Also beware of --auth-nocache for automated reconnects
15:12 < hydrajump> has no one experienced the ~150sec timeout after the tunnel is esstablished until it is reconnected?
15:15 < DArqueBishop> hydrajump, it's never happened to me.
15:17 < hydrajump> DArqueBishop: I don't know how to start debugging this, but it is 100% repeatable.
15:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
15:24 < Neighbour> hydrajump: it might happen if multiple clients connect with the same credentials
15:25 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:27 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
15:28 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
15:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:34 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 264 seconds]
15:38 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
15:38 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
15:40 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
15:43 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
15:49 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 246 seconds]
15:49 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
15:49 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:51 -!- shiriru [~shiriru@46.10.49.231] has quit [Remote host closed the connection]
15:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
16:05 < hydrajump> Neighbour: all clients have separate credentials e.g. public/private keys.
16:06 < hydrajump> and this happens when no other clients are connected and I'm the only one testing
16:13 < Neighbour> and there are no firewalls in between with time limits on the connections?
16:14 -!- hennos [~midas8@167.160.44.249] has joined #openvpn
16:20 < hydrajump> Neighbour: there is a firewall but no time limits on connections specified on the firewall
16:31 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Remote host closed the connection]
16:37 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
16:38 < Neighbour> then I don't know...sorry
16:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 265 seconds]
16:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:59 < hydrajump> ok thanks for your suggestions anyway ;)
17:16 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
17:18 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Read error: Connection reset by peer]
17:23 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
17:26 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Ping timeout: 240 seconds]
17:27 -!- capri [svedrin@elwing.funzt-halt.net] has quit [Ping timeout: 252 seconds]
17:27 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:27 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
17:29 -!- capri [svedrin@elwing.funzt-halt.net] has joined #openvpn
17:30 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
17:33 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:36 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
17:38 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 246 seconds]
17:49 < Gaffel> hydrajump: Check --ping, --ping-exit, --inactive
17:49 < Gaffel> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
17:49 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
18:06 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
18:10 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
18:12 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Read error: Connection reset by peer]
18:12 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
18:35 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 244 seconds]
18:40 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 256 seconds]
18:43 -!- Telvana [~digits@2605:a000:122d:c002:213:72ff:fefc:b034] has joined #openvpn
18:53 <@krzee> hydrajump, did you fix it?
19:05 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has joined #openvpn
19:18 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:18 -!- HairyStuff [~HairyStuf@188-179-29-218-static.dk.customer.tdc.net] has quit [Quit: Leaving]
19:20 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
19:21 -!- ghoti_ [~paul@hq.experiencepoint.com] has joined #openvpn
19:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:22 -!- hazard0us [~hz@openvpn/user/hazardous] has joined #openvpn
19:22 -!- mode/#openvpn [+v hazard0us] by ChanServ
19:22 -!- petersaints_ [~petersain@a95-92-215-252.cpe.netcabo.pt] has joined #openvpn
19:22 -!- luckman212_ [~luckman21@unaffiliated/luckman212] has joined #openvpn
19:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 268 seconds]
19:23 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 268 seconds]
19:23 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Read error: Connection reset by peer]
19:23 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 268 seconds]
19:23 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
19:23 -!- Kerberos76 [~Kerberos7@107.182.184.234.16clouds.com] has quit [Ping timeout: 264 seconds]
19:23 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has quit [Ping timeout: 264 seconds]
19:23 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Ping timeout: 264 seconds]
19:23 -!- MogDog66 [MogDog@unaffiliated/mogdog66] has joined #openvpn
19:23 -!- luckman212_ is now known as luckman212
19:23 -!- hazard0us is now known as hazardous
19:23 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
19:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
19:23 -!- MogDog66 is now known as MogDog
19:23 -!- petersaints_ is now known as petersaints
19:30 -!- krzie [~k@openvpn/community/support/krzee] has joined #openvpn
19:30 -!- mode/#openvpn [+o krzie] by ChanServ
19:31 -!- BtbN_ [btbn@unaffiliated/btbn] has joined #openvpn
19:32 -!- lxusrbin_ [~lxusrbin@scotty.fr0st.it] has joined #openvpn
19:32 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Disconnected by services]
19:32 -!- lxusrbin_ is now known as lxusrbin
19:32 -!- Gaffeltruck [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
19:32 -!- CGML_ [~CGML@unaffiliated/cgml] has joined #openvpn
19:33 -!- pekster_ [~rewt@openvpn/community/developer/pekster] has joined #openvpn
19:33 -!- mode/#openvpn [+o pekster_] by ChanServ
19:33 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Disconnected by services]
19:33 -!- Gaffeltruck is now known as Gaffel
19:34 -!- r00t^2_ [~bts@g.rainwreck.com] has joined #openvpn
19:34 -!- plai [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
19:34 -!- mode/#openvpn [+o plai] by ChanServ
19:36 -!- [DS]Matej_ [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
19:36 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:37 -!- Netsplit *.net <-> *.split quits: zune, troyt, noodle, CGML, n-st, [DS]Matej, KakuRoze, @pekster, hennos, xalice,  (+9 more, use /NETSPLIT to show all of them)
19:37 -!- [DS]Matej_ is now known as [DS]Matej
19:37 -!- BtbN_ is now known as BtbN
19:37 -!- krzie is now known as krzee
19:37 -!- n-st_ [~n-st@unaffiliated/n-st] has joined #openvpn
19:38 -!- Tenhi_ is now known as Tenhi
19:38 -!- Netsplit over, joins: troyt
19:38 -!- Netsplit over, joins: nemysis
19:38 -!- n-st_ is now known as n-st
19:39 -!- Netsplit over, joins: Tools
19:40 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
19:40 -!- hennos [~midas8@167.160.44.249] has joined #openvpn
19:41 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
19:41 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
19:44 -!- zune [~zune_free@93-161-225-188-dynamic.dk.customer.tdc.net] has joined #openvpn
19:44 -!- Darkwell [~Darkwell@h-168-149.a192.priv.bahnhof.se] has joined #openvpn
19:44 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
19:44 -!- Darkwell [~Darkwell@h-168-149.a192.priv.bahnhof.se] has quit [Changing host]
19:44 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
19:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
19:52 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has joined #openvpn
19:59 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has quit [Quit: Leaving]
20:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
20:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
20:20 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
20:22 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
20:27 -!- Ghost_Chilli [~Ghostchil@168.1.6.16-static.reverse.softlayer.com] has joined #openvpn
20:29 < Ghost_Chilli> Hey guys, you might not help with this, but thought I'd check anyway. I use PIA, and it has been shit lately. Looking at the pia_manager.log, every 1 second I get "reset_bad_state"
20:50 -!- wheels_up [uid16219@gateway/web/irccloud.com/x-kmtwduigolmfnzzk] has left #openvpn []
21:12 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Read error: Connection reset by peer]
21:13 -!- hennos [~midas8@167.160.44.249] has quit [Quit: Leaving]
21:18 -!- r00t^2_ is now known as r00t^2
21:19 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
21:25 -!- birky [~birky@CPE-120-145-42-72.lnse2.wel.bigpond.net.au] has joined #openvpn
21:29 -!- Netsplit *.net <-> *.split quits: Darkwell, zune, skyroveRR, KakuRoze
21:33 -!- Netsplit over, joins: skyroveRR
21:35 -!- zune [~zune_free@93-161-225-188-dynamic.dk.customer.tdc.net] has joined #openvpn
21:35 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
21:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:13 -!- Ghost_Chilli [~Ghostchil@168.1.6.16-static.reverse.softlayer.com] has quit [Ping timeout: 264 seconds]
23:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
23:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
23:40 -!- ShadniX [dagger@p579417BF.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:41 -!- ShadniX [dagger@p5794106C.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Wed Sep 16 2015
00:11 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 260 seconds]
00:13 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
00:20 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:38 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:38 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
01:22 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:23 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
01:26 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
01:27 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
01:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:44 -!- mode/#openvpn [+o mattock1] by ChanServ
02:01 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
02:06 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Read error: Connection timed out]
02:06 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:20 -!- Netsplit *.net <-> *.split quits: zune, KakuRoze
02:25 -!- baetheus [~brandon@null.pub] has quit [Quit: Wherever I go, there I am.]
02:25 -!- Gerard_TM [~Gerard_Sh@62.213.67.135] has joined #openvpn
02:26 -!- baetheus [~brandon@null.pub] has joined #openvpn
02:27 -!- Netsplit over, joins: zune, KakuRoze
02:27 -!- Gerard_TM [~Gerard_Sh@62.213.67.135] has quit [Quit: Leaving]
02:30 -!- Gerard_TM [~Gerard_Sh@62.213.67.135] has joined #openvpn
02:51 -!- adac [~adac@c703-fwngw.uibk.ac.at] has joined #openvpn
02:51 < adac> Is there a way to cluster openvpn?
02:59 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 250 seconds]
03:00 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 250 seconds]
03:06 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
03:08 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:20 -!- leosw [~leo@193.48.172.22] has joined #openvpn
03:20 < leosw> Hello world
03:24 < leosw> I cannot connect to my OpenVPN server, is there logs and config files of the server : http://pastebin.com/erFvdhjA
03:26 < leosw> Here is my client configuration and logs : http://pastebin.com/csQCfwdq
03:27 < leosw> (I can add a LDAP user on demand if ou need to test)
03:30 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 246 seconds]
03:32 -!- birky [~birky@CPE-120-145-42-72.lnse2.wel.bigpond.net.au] has quit [Ping timeout: 240 seconds]
03:36 -!- ribasushi [~riba@113.212.96.195] has joined #openvpn
03:38 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Quit: have to go]
03:53 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:56 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
03:57 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
03:58 -!- iio7 [~iio7@gateway/vpn/privateinternetaccess/iio7] has joined #openvpn
04:00 < iio7> I have some different exports mounted via LAN, when I start OpenVPN and get a tun0, I loose access to those mounts until OpenVPN is stopped again. Is it possible to somehow route only access to the Internet through the tun0, while still being able to access LAN boxes?
04:03 -!- iio7 [~iio7@gateway/vpn/privateinternetaccess/iio7] has quit [Quit: Leaving]
04:09 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
04:11 -!- Gerard_TM [~Gerard_Sh@62.213.67.135] has quit [Read error: Connection reset by peer]
04:23 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:30 -!- hennos [~midas8@167.160.44.249] has joined #openvpn
04:37 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
04:42 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
05:03 -!- Denial [~Denial@5.80.234.175] has quit []
05:11 -!- dazo_afk is now known as dazo
05:12 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:16 -!- rtb [~rtb@unaffiliated/rtb] has joined #openvpn
05:17 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
05:18 < rtb> hey all i m on archlinux and the package version is 2.3.6-1 but i still seem to suffer from https://community.openvpn.net/openvpn/ticket/225 which is report as fixed. so i specify a file as credentials to "auth-user-pass" and i have also put auth-nocache but i get disconnected after a while with ERROR: could not read Auth username from stdin
05:18 <@vpnHelper> Title: #225 ('--auth-user-pass FILE' and '--auth-nocache' problem) – OpenVPN Community (at community.openvpn.net)
05:34 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
05:40 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
05:43 -!- phantomcircuit [~phantomci@smartcontracts.us] has quit [Ping timeout: 255 seconds]
05:46 -!- natarej [natarej@101.188.5.229] has quit [Ping timeout: 252 seconds]
05:48 -!- phantomcircuit [~phantomci@66.175.221.254] has joined #openvpn
05:55 -!- moviuro_ [~tbe@92.103.106.162] has joined #openvpn
05:56 < moviuro_> Hi all! I just changed a bit of client conf in the ccd: do I need to reload/restart openvpn for the changes to take effect?
06:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 244 seconds]
06:42 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:43 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:50 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:56 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
07:01 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:03 < moviuro_> okay, looks like the new parameters were correctly pushed, awesome :)
07:08 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
07:14 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
07:14 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:14 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:15 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:16 -!- u0m3 [~u0m3@92.80.92.123] has quit [Read error: Connection reset by peer]
07:17 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
07:49 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 246 seconds]
07:49 -!- r3zon8 [~r3zon8@csc.interimhealthcare.com] has quit [Ping timeout: 246 seconds]
07:49 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 246 seconds]
07:49 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
07:49 -!- mode/#openvpn [+o krzee] by ChanServ
07:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
07:51 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
07:51 -!- moviuro_ [~tbe@92.103.106.162] has left #openvpn []
08:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
08:02 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
08:04 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 246 seconds]
08:05 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
08:06 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
08:10 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
08:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
08:31 -!- u0m3 [~u0m3@92.80.92.123] has joined #openvpn
08:35 -!- houms [~houms@206.205.246.98] has joined #openvpn
08:37 < houms> good day, when setting up openvpn to build the server key, do you use ./build-key server or ./build-key-server server ?
08:40 < DArqueBishop> You use build-key-server.
08:40 < houms> Thanks DArqueBishop , I assume using ./build-key server will cause issues if used as the server key in server.conf?
08:41 < DArqueBishop> Probably.
08:41 < houms> Also when creating client cert ./build-key client1, ./build-key client2 this will create certs with different CN even if the Name (default to EASYRSA) is the same correct?
08:41 < houms> Thanks DarqueBishop
08:43 < DArqueBishop> Just make sure you use different Common Names for each client.
08:51 -!- goose [goose@wash.captain-kickass.net] has joined #openvpn
08:51 < goose> !paste
08:51 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
08:51 < goose> !configs
08:51 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
08:53 < goose> !logs
08:53 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
08:53 < goose> !logfile
08:53 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
08:53 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:00 < goose> ok
09:00 < goose> now that I've got all the relevant files pasted
09:00 < goose> I'm having issues getting my raspberry pi to connect to my dedicated server's openvpn network
09:00 < goose> the network appears to be working and in good order, I can connect successfully and use it properly on my windows desktop, android phone, android tablet, linux laptop
09:00 < goose> it's just the raspi that's having issues
09:01 < goose> here's the server config/log, and the raspi config/log: https://gist.github.com/anonymous/312d44f6f13f8776b527
09:01 <@vpnHelper> Title: Client Log · GitHub (at gist.github.com)
09:01 < goose> I'm trying to connect on my raspi by running (as root): openvpn --script-security 2 --config /etc/openvpn/client.conf
09:03 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:07 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
09:07 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:13 < goose> after rebooting, there's a new error I'm getting. here's the new client log file: https://gist.github.com/anonymous/73fdee98ecaa2b0beaa6
09:13 <@vpnHelper> Title: gist:73fdee98ecaa2b0beaa6 · GitHub (at gist.github.com)
09:14 < goose> specifically I think it's got to do with the error "ERROR: Linux route add command failed: external program exited with error status: 7"
09:16 < goose> and the new server log: https://gist.github.com/anonymous/44b26c8466e9055c9f98
09:16 <@vpnHelper> Title: gist:44b26c8466e9055c9f98 · GitHub (at gist.github.com)
09:17 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
09:17 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
09:17 < nestandi> hey everybody... i wan't to make openvpn client disconnect after 5 minutes of idle connection... any hints / tipps welcome :)
09:17 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:22 < DArqueBishop> nestandi, at a quick look, you might want to look at the "inactive" parameter. Keep in mind that (based on what I'm reading) that you'll have to remove the keepalive parameter if you want inactive to work.
09:23 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Read error: No route to host]
09:23 < DArqueBishop> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
09:23 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
09:24 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:26 < goose> nevermind
09:26 < goose> I seem to have gotten it working!
09:26 -!- goose [goose@wash.captain-kickass.net] has left #openvpn ["More and more, it feels like I'm doing a really bad impersonation of myself."]
09:27 < nestandi> DArqueBishop - yeh, but unfortunately it's an server parameter, isn't it?
09:27 < nestandi> DArqueBishop - i need something just for the client...
09:29 < DArqueBishop> If it's just for one client, use ccd.
09:29 < DArqueBishop> !ccd
09:29 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
09:30 < nestandi> DArqueBishop - i haven't made myself clear, sorry :( i don't have access to the server - it needs to be configured on the client side
09:32 -!- houms [~houms@206.205.246.98] has quit [Quit: Konversation terminated!]
09:33 < DArqueBishop> I don't know, then.
09:33 < DArqueBishop> !both
09:33 <@vpnHelper> "both" is If you do not control both ends of the link (server and client) then there is not much we can do to help you. Please talk to your network admin instead.
09:33 < DArqueBishop> Then again, others here might have a better idea. I'm quite frequently wrong.
09:34 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
09:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
09:49 < nestandi> DArqueBishop - anyway thx for trying :)
09:49 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:49 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
09:56 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
10:01 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
10:08 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:14 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Quit: So Long, and Thanks for All the Fish]
10:20 -!- jge [~jge@unaffiliated/bitfury] has joined #openvpn
10:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
10:31 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
10:33 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
10:38 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 246 seconds]
10:39 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
10:40 -!- ACKNAK [~regolith@79.133.97.154] has joined #openvpn
10:41 < ACKNAK> Hello! Anybody knows how to debug TAP-interface hang under windows? :S
10:41 < ACKNAK> Mine crashed and I had to disable/enable it to make openvpn work
10:42 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
10:43 -!- diytto [~diytto@de.diytto.com] has quit [Ping timeout: 246 seconds]
10:44 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
10:45 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 272 seconds]
10:45 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 240 seconds]
10:46 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
10:51 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
10:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:59 -!- ACKNAK [~regolith@79.133.97.154] has quit [Quit: Leaving]
11:00 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
11:00 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
11:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
11:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:10 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
11:11 < Dr-007> Gaffel, do you know how to add people to the revoke list without using easy-rsa?
11:12 <@krzee> !crl
11:12 <@vpnHelper> "crl" is (#1) --crl-verify <crl> A CRL (certificate revocation list) is used when a particular key is compromised but when the overall PKI is still intact. The only time when it would be necessary to rebuild the entire PKI from scratch would be if the root certificate key itself was compromised. or (#2) you can make use of CRL by using the revoke-full script in easy-rsa (packaged with openvpn) that
11:12 <@vpnHelper> will create the CRL file for you. ssl-admin will also build a crl for you or (#3) openssl ca -config openssl-1.0.0.cnf -gencrl -out keys/crl.pem
11:12 <@dazo> Dr-007: you need a CA tool to manage CRLs ... easy-rsa is just a shell wrapper around openssl.  But you may just as well use other CA tools which then first needs to be updated against the current revokes, do the revoke and produce a new CRL
11:13 < Dr-007> http://blog.abhijeetr.com/2012/06/revokeunrevoke-client-certificate-in.html
11:13 <@vpnHelper> Title: Blog: Revoke/Unrevoke a client certificate in OpenVPN (at blog.abhijeetr.com)
11:13 < Dr-007> i'm reading this now, its helpfull :)
11:13 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:14 <@dazo> Dr-007: I'd be very careful about unrevoking, but using the --tls-verify script hook may be a more flexible CRL mechanism in some scenarios
11:18 < Dr-007> dazo, then there will be no unrevoking
11:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
11:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:20 <@krzee> also ccd with --disable
11:22 <@dazo> Dr-007: to do the revoke directly with openssl, you basically need to do: openssl ca -revoke $CERT and then use openssl ca -gencrl to produce a new CRL file ... but there might be a few more steps needed too.  If you have good backups of your CA files, you can try and see what happens
11:22 < Dr-007> dazo, i'd like to revoke via PHP
11:22 < Dr-007> but i dont think this is possible: https://bugs.php.net/bug.php?id=60023
11:22 <@vpnHelper> Title: PHP :: Request #60023 :: Add certificate revocation support (at bugs.php.net)
11:23 < Dr-007> allrhough, the "bug" is from 2011
11:23 < Dr-007> so maybe this exists nowadays
11:24 <@dazo> Dr-007: hmm ... I doubt so, I don't see any 'openssl ca' related functions in the php function index
11:25 < Dr-007> yeah, i think it doesnt exist either
11:25 -!- adac [~adac@c703-fwngw.uibk.ac.at] has quit [Ping timeout: 244 seconds]
11:25 <@dazo> Dr-007: I hope you're planning on doing this CA work on a well protected box? not an openvpn server or any box available directly from the internet
11:25 < Dr-007> dazo, yes i am doing this on a protected box
11:25 <@dazo> certificate revocations require access to the CA private key .... and that file should ideally be offline when you don't need to do any CA operations
11:26 < Dr-007> and even then the ca.key should be pasted when its needed
11:26 < Dr-007> to make it super duper secure
11:26 <@dazo> good!
11:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
11:29 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:30 <@dazo> Dr-007: I believe python's pyopenssl supports this ... with python flask or django, it shouldn't be too hard to write a RESTful API which can do these CA operations from a PHP REST client
11:31 <@dazo> this way you can also protect the CA stuff even better
11:34 -!- c|oneman is now known as c|own
11:34 -!- c|own is now known as dfhsdjfhsldja
11:35 -!- dfhsdjfhsldja is now known as dup|icate
11:36 < Dr-007> dazo, too late! i'm already busy coding
11:37 < Dr-007> but thanks for your suggestions
11:39 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 250 seconds]
11:40 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
11:43 -!- HardWall [~HardWall@188.24.58.161] has joined #openvpn
11:52 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
11:59 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:01 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:02 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:04 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
12:09 -!- HardWall [~HardWall@188.24.58.161] has quit [Ping timeout: 244 seconds]
12:20 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 246 seconds]
12:34 -!- HardWall [~HardWall@188.24.58.161] has joined #openvpn
12:35 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
12:47 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
12:49 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
12:49 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 256 seconds]
12:49 -!- HardWall [~HardWall@188.24.58.161] has quit [Read error: Connection reset by peer]
13:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:00 -!- pEYEd [~kvirc@32.209.66.82] has quit [Ping timeout: 244 seconds]
13:03 -!- pEYEd [~kvirc@32.209.66.82] has joined #openvpn
13:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
13:06 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
13:06 -!- novaflash is now known as novaflash_away
13:21 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
13:32 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
13:33 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:36 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
13:40 -!- rtb [~rtb@unaffiliated/rtb] has quit [Remote host closed the connection]
13:53 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
13:54 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
14:03 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
14:07 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 256 seconds]
14:08 -!- AlmogBaku [~almogbaku@bzq-109-66-183-50.red.bezeqint.net] has joined #openvpn
14:09 -!- AlmogBaku [~almogbaku@bzq-109-66-183-50.red.bezeqint.net] has quit [Remote host closed the connection]
14:11 -!- dazo is now known as dazo_afk
14:13 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
14:14 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 272 seconds]
14:52 -!- thor77 [~thor77@communication.crapwa.re] has joined #openvpn
14:52 < thor77> !welcome
14:52 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:52 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:52 < thor77> !redirect
14:52 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
14:52 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
14:52 < thor77> !config
14:52 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
14:52 < thor77> !configs
14:53 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
14:59 < thor77> !configs
14:59 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:13 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:16 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
15:19 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 255 seconds]
15:20 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:20 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:41 -!- leosw [~leo@193.48.172.22] has quit [Quit: Leaving]
15:52 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
15:56 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 240 seconds]
15:59 -!- AlmogBaku [~almogbaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
16:22 -!- AlmogBaku [~almogbaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Remote host closed the connection]
16:37 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 240 seconds]
16:42 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
16:43 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
16:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:59 -!- zekesonxx [~zekesonxx@159.203.73.190] has joined #openvpn
16:59 < zekesonxx> !welcome
16:59 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:59 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:01 < Gaffel> !mitm
17:01 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
17:09 -!- zekesonxx [~zekesonxx@159.203.73.190] has quit [Quit: I quit life]
17:35 -!- toli [~toli@ip-62-235-216-57.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:36 -!- toli [~toli@ip-62-235-237-93.dsl.scarlet.be] has joined #openvpn
17:39 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 252 seconds]
17:54 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:14 -!- jesopo [jess@lolnerd.net] has joined #openvpn
18:18 < Dr-007> i'm generating openvpn keys via PHP. the certificates being generated by easy-rsa for openvpn start with "Certificate:"
18:18 < Dr-007> while my PHP generated certificates directly start with -----BEGIN CERTIFICATE-----
18:18 < Dr-007> does this mean my PHP certs aren't signed?
18:21 < Eugene> No, that's what PEM format looks like.
18:21 < Dr-007> how do you call the other format?
18:21 < Dr-007> certificate?
18:21 < Eugene> However, there's a slightly bigger concern in that PHP is not known for having good security, crypto, or much of anything..... but i won't get into that
18:22 < Eugene> PEM and DER are the two major encoding formats used for x.509 PKI items(certs, keys, etc)
18:22 < Eugene> You can freely convert between both; I don't know how this is done in PHP
18:22 < Dr-007> so the format easy-rsa generates is DER?
18:22 < Eugene> No, it spits out PEM
18:23 < Dr-007> so how would one call it to create from -----BEGIN CERTIFICATE----- a file that starts with "Certificate:"?
18:23 < Eugene> !xy
18:23 <@vpnHelper> "xy" is http://mywiki.wooledge.org/XyProblem -- I want to do X, but I'm asking how to do Y...
18:24 < Dr-007> i dont know how to formulate my question differently
18:24 < Dr-007> i'm trying to figure out what to do
18:25 < Dr-007> to create a .crt that looks like the one easy-rsa generates
18:25 < Dr-007> the difference in both files is
18:26 < Dr-007> that in my file it directly starts with -----BEGIN CERTIFICATE----- while the easy-rsa generated one starts with "Certificate:" and has the -----BEGIN CERTIFICATE----- on the bottom of the file
18:30 < Eugene> Everything not between the BEGIN and END lines in a PEM file is ignored
18:31 < Eugene> The output you're referring to can be generated with `openssl x509 -text -in <foo>.pem`
18:32 < Eugene> It's simply a plain-text version of the encoded data
18:33 < Dr-007> ah
18:33 < Dr-007> so i could use it to create a server
18:34 < Dr-007> and use it as clients
18:34 < Dr-007> +questionmark?
18:34 < Eugene> So long as it has the data, it's a valid cert file
18:34 < Dr-007> ok
18:34 < Eugene> The rest is just fluff for your(human) reference
18:34 < Dr-007> allright
18:35 < Dr-007> do you know how the ca.crt compares?
18:35 < Dr-007> let me explain a little further
18:36 < Dr-007> when i was generating a ca.key/crt i had to put in a distingueshed name
18:36 < Dr-007> for the server you'll have to put in a destingueshed name
18:36 < Dr-007> and alle clients need a distingueshed name
18:37 < Dr-007> do any of these need to "match up"?
18:37 < Dr-007> i'm trying to find it in my openssl.conf what i'm talking about
18:37 < Dr-007> # For the CA policy
18:37 < Dr-007> [ policy_match ]
18:37 < Dr-007> countryName             = match
18:38 < Dr-007> does it mean that if my server or client do not match the countryname from my CA that it can not connect?
18:41 < Eugene> The comparison is that the server/client's certificate was signed by the CA's key
18:41 < Eugene> You can specify additional parameters(eg, that a given usage is specified), but the basic check is only that it's a valid certificate from the CA
18:42 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
18:42 < Dr-007> hmmm, then weird!
18:42 < Dr-007> i've generated a server and a client via my beautiful PHP script
18:42 < Dr-007> the server is running
18:42 < Dr-007> i'm tailing the logfile via tail -f
18:43 < Dr-007> and then i connect with my client
18:43 < Dr-007> i can see my client negotiating with the server
18:43 < Dr-007> but the (windows) openvpn client never succeeds connecting
18:44 < Eugene> !logs
18:44 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
18:45 < Dr-007> http://pastebin.com/bVRbPQdf
18:45 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
18:45 < Dr-007> :) i was already pasting
18:45 < Dr-007> this is all that my server spits out whenever i connect
18:46 < Eugene> And how 'bout the client
18:46 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 246 seconds]
18:46 < Dr-007> the client has no logging
18:46 < Dr-007> i believe
18:46 < Eugene> !logfile
18:46 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
18:47 < Dr-007> the client is windows
18:47 < Eugene> It still respects those options
18:47 < Dr-007> ah
18:47 < Dr-007> nice
18:49 < Dr-007> nope, doesn't work. but maybe my client is too old
18:49 < Dr-007> let me upgrade it
18:50 < Dr-007> !client
18:50 < Eugene> !download
18:50 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
18:50 < Eugene> That one?
18:50 < Dr-007> no, not that one
18:50 < Dr-007> but i'll install it
18:50 < Dr-007> i've got a "prism" openvpn-client.txt
18:51 < Dr-007> .exe
18:51 <@krzee> huh?
18:51 < Eugene> Never heard of that. Immediately a bit suspicious
18:51 <@krzee> haha ya
18:52 < Dr-007> OpenVPN Technologies\OpenVPN Client\prism\openvpn-client.exe"
18:52 < Dr-007> hmmkay
18:52 < Dr-007> well that sux  :P
18:52 <@krzee> well maybe its part of AS
18:52 <@krzee> !as
18:52 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
18:52 <@krzee> we dont really know AS stuff here
18:52 < Dr-007> what is AS?
18:52 < Dr-007> access erver?
18:52 <@krzee> but if you want to use the opensource openvpn, get it from !download
18:52 <@krzee> yes
18:53 <@krzee> access server
18:53 < Dr-007> ah ok
18:53 < Dr-007> haha
18:56 < Dr-007> the installer keeps alerting em that i'm already running an openvpn client..
18:56 < Dr-007> i'll restart
18:57 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Read error: Connection reset by peer]
18:59 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
19:02 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:04 <@krzee> "openvpn client" is access server
19:05 <@krzee> get rid of the other ones
19:05 <@krzee> then install community version
19:08 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
19:08 < Dr-007> it installed :D
19:08 < Dr-007> starting now
19:09 < Dr-007> !download
19:09 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
19:12 < Dr-007> hmmkay
19:12 < Dr-007> it workededed
19:12 < Dr-007> i think the other client only accepts the human readable PEM file
19:13 < Dr-007> the one with extra info
19:13 < Dr-007> well, thats awesome! :D
19:13 < Dr-007> thanks for your help Eugene
19:24 -!- hennos [~midas8@167.160.44.249] has quit [Quit: Leaving]
19:35 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 240 seconds]
19:37 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:43 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
19:49 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 256 seconds]
19:52 -!- AlmogBaku [~almogbaku@89-139-182-102.bb.netvision.net.il] has joined #openvpn
19:56 -!- AlmogBaku [~almogbaku@89-139-182-102.bb.netvision.net.il] has quit [Ping timeout: 260 seconds]
20:23 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 250 seconds]
20:23 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:29 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 255 seconds]
20:33 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
20:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:13 -!- Telvana [~digits@2605:a000:122d:c002:213:72ff:fefc:b034] has quit [Ping timeout: 256 seconds]
21:16 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:18 -!- Telvana [~digits@104.231.85.200] has joined #openvpn
21:25 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
21:33 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
21:34 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
21:39 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 256 seconds]
21:53 -!- AlmogBaku [~almogbaku@89-139-182-102.bb.netvision.net.il] has joined #openvpn
21:57 -!- AlmogBaku [~almogbaku@89-139-182-102.bb.netvision.net.il] has quit [Ping timeout: 240 seconds]
22:25 <@krzee> hey Eugene do you code py?
22:41 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has quit [Ping timeout: 256 seconds]
22:43 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has joined #openvpn
22:52 -!- antranigv [~antranigv@2a03:b0c0:0:1010::13:1] has joined #openvpn
23:04 -!- msn [~kvirc@117.55.242.50] has joined #openvpn
23:06 < msn> I am having trouble with openvpn after migrating from one host to another with exact same config file. What has changed is the new host is using bonded network devices for the incoming connection. openvpn randomly seems to add upto 30secs of lag and stops completely sometimes
23:20 <@krzee> is it possible packets arrive with a different src address?
23:20 <@krzee> if so, --float may help
23:21 < msn> k thanks let me read up on it and use it :)
23:22 <@krzee> check logs to see if they give any info
23:23 <@krzee> !logfile
23:23 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
23:23 < msn> logs are pretty quiet on that
23:23 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
23:23 < msn> krzee: the float option is for the server or client?
23:24 < msn> or either
23:24 <@krzee> can be used on either
23:24 < msn> k thanks i think its time to send company wide email for some new config changes :)
23:25 <@krzee> well make sure to test first
23:25 <@krzee> if its not the solution you dont want to have to retract the email
23:25 < msn> its random works for a day sometimes and then well connection drops often sometimes in an hour
23:26 <@krzee> you need to find out whats happening during that hour
23:26 -!- hays_ [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
23:27 <@krzee> a link going down? asymmetric routing issue? congestion?
23:27 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 240 seconds]
23:27 <@krzee> src ip change?
23:27 < msn> we are migrating from single switch to multiple switch bonded failover solution, since the problem started recenely i am guessing the src mac change is the issue
23:28 < msn> i am going to watch the logs today but i was already guessing its a mac change iseeu
23:28 < msn> issue
23:28 <@krzee> float is ip level not mac
23:28 <@krzee> you dont even connect to openvpn on layer2
23:28 <@krzee> is the ip changing too?
23:28 < msn> nope
23:28 < msn> ip is static
23:29 <@krzee> i doubt float will help
23:30 < msn> hmm float might come in handy at a later date so i will remember it but this issue seems to be network level
23:32 < msn> is there a way to relaod openvpn config without restarting it?
23:39 -!- ShadniX [dagger@p5794106C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:40 -!- ShadniX_ [dagger@p579419F3.dip0.t-ipconnect.de] has joined #openvpn
23:40 -!- ShadniX_ is now known as ShadniX
--- Day changed Thu Sep 17 2015
00:00 <@krzee> you can send a signal to reload, but it'll restart the connection still
00:01 < Eugene> krzee - Intermediate level
00:04 <@krzee> i *just* finished figuring it out =]
00:05 < Eugene> Well, I tried
00:05 <@krzee> :D
00:06 <@krzee> well actually
00:07 <@krzee> Eugene, msg
00:09 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:22 -!- mode/#openvpn [+o mattock1] by ChanServ
00:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
00:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:02 -!- thor77 [~thor77@communication.crapwa.re] has left #openvpn ["Leaving"]
01:04 -!- iokill [~dave@pippin.sigma-star.at] has joined #openvpn
01:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:40 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
01:49 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
01:53 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:10 -!- Malsasa [~Malsasa@36.84.69.197] has joined #openvpn
02:14 -!- dazo_afk is now known as dazo
02:29 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
02:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Remote host closed the connection]
02:39 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
02:41 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:03 -!- Malsasa [~Malsasa@36.84.69.197] has quit [Remote host closed the connection]
03:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:31 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:34 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 260 seconds]
03:58 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
03:59 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 244 seconds]
04:01 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
04:01 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:06 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 246 seconds]
04:25 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has quit [Ping timeout: 246 seconds]
04:33 -!- natarej [natarej@101.188.5.229] has joined #openvpn
04:42 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
04:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Remote host closed the connection]
04:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:01 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:09 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
05:15 -!- shiriru [~shiriru@46.10.49.231] has quit [Quit: Leaving]
05:25 -!- petn-randall [~petn-rand@azuma.rocketjump.eu] has joined #openvpn
05:26 < petn-randall> !ovpnuke
05:27 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
05:38 -!- APTX_ [~APTX@unaffiliated/aptx] has joined #openvpn
05:48 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:52 -!- voidstar [~imnotf@unaffiliated/voidstar] has quit [Ping timeout: 240 seconds]
05:55 -!- pEYEd [~kvirc@32.209.66.82] has quit [Read error: Connection reset by peer]
06:00 -!- voidstar [~imnotf@unaffiliated/voidstar] has joined #openvpn
06:04 -!- veilg [~veilg@217.138.46.238] has joined #openvpn
06:05 < veilg> !welcome
06:05 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
06:05 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:12 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:12 < veilg> !ask
06:12 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
06:13 < veilg> !howto
06:13 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
06:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
06:20 < veilg> !goal
06:20 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
06:25 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
06:26 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
06:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
06:31 < veilg> !heartbleed
06:31 <@vpnHelper> "heartbleed" is (#1) only affects OpenSSL 1.0.1 through 1.0.1f. Does not affect polarssl or (#2) if running vuln openssl then both client and server keys not protected by tls-auth should be considered compromised. or (#3) android 4.1.2_r1 is the first one to have -DOPENSSL_NO_HEARTBEATS and it is still in master. android 4.1 and 4.1.1 are probably affected. or (#4)
06:31 <@vpnHelper> https://community.openvpn.net/openvpn/wiki/heartbleed or (#5) http://xkcd.com/1354/
06:32 < veilg> !poodle
06:32 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
06:32 < veilg> !ovpnuke
06:32 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
06:32 -!- veilg [~veilg@217.138.46.238] has quit []
06:42 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
06:42 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:00 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:04 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
07:07 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
07:08 -!- birky [~birky@CPE-60-228-172-98.lns2.ken.bigpond.net.au] has joined #openvpn
07:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:09 -!- ruhrdolf [ruhrdolf@gateway/vpn/mullvad/x-sdnfgiawgehzleia] has joined #openvpn
07:12 -!- JackWinter [~jack@vodsl-10287.vo.lu] has joined #openvpn
07:40 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:52 -!- msn [~kvirc@117.55.242.50] has quit [Read error: Connection reset by peer]
07:54 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
07:54 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
08:00 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
08:04 -!- shiriru [~shiriru@46.10.49.231] has quit [Quit: Leaving]
08:05 -!- bbert [~bbert@unaffiliated/bbert] has joined #openvpn
08:12 -!- dEPy [~dEPy@101.81.60.78] has joined #openvpn
08:26 -!- dEPy [~dEPy@101.81.60.78] has quit [Remote host closed the connection]
08:36 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:42 -!- birky [~birky@CPE-60-228-172-98.lns2.ken.bigpond.net.au] has quit [Remote host closed the connection]
08:45 -!- jge [~jge@unaffiliated/bitfury] has left #openvpn ["WeeChat 1.0.1"]
08:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:01 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:08 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:22 -!- cryptic1 is now known as lazyadmin
09:24 -!- lazyadmin is now known as cryptic1
09:26 < antranigv> what does it mean "vpn user" ?
09:26 < antranigv> "Now in /etc/openvpn/ccd/ you will create one file for each user you want to have a fixed ip address. You must name the file EXACTLY as the username of the VPN user" < found this on the web
09:28 < DArqueBishop> antranigv, it refers to what you put as the Common Name in the certificate for that user.
09:31 < antranigv> DArqueBishop: so if my common name was, say, "phone" I have to "touch phone"
09:31 < antranigv> tnx DArqueBishop, this will be helpfull to SSH via VPN
09:32 < antranigv> cz the place where I live (a campus) does not allow to get ssh connections :/
09:33 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:34 < DArqueBishop> If they don't allow SSH, I'd be surprised if they allow OpenVPN.
09:43 < ruhrdolf> 443 FTW
09:50 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Quit: So Long, and Thanks for All the Fish]
10:06 < DArqueBishop> ruhrdolf, true enough.
10:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:13 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
10:21 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:44 < antranigv> DArqueBishop: me too! however, it worked! ^^
10:55 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
10:59 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Read error: Connection reset by peer]
11:13 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 244 seconds]
11:15 -!- dazo is now known as dazo_afk
11:16 < natarej> my host won't assign any more internal IPs and want $60 for a VLAN
11:17 < natarej> my networking knowledge is very limited, but what I want to do is set up a pfSense VM on my server and create a VLAN on that, and connect my other VM's through it
11:17 < natarej> is this possible, or is there a better solution?
11:17 < natarej> they just give me one internal IP, one dedicated
11:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:19 -!- mode/#openvpn [+o mattock1] by ChanServ
11:25 -!- adac [~adac@chello080109174123.tirol.surfer.at] has joined #openvpn
11:26 < adac> I've deleted my vpn config file but now after a restart of openvpn it says: ptions error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/my_conf.conf
11:26 < adac> why does it still try to use the deleted file
11:43 -!- Andre483 [~Andre@2607:fb90:1700:16ca:e8ad:1a4:cc2:9217] has joined #openvpn
11:44 < Andre483> Hi, is it possible to setup a similar setup for web service calls like openvpn?
11:46 < Andre483> I am looking to do something like this but I don't know if it's possible
11:50 -!- esde [~something@openvpn/user/esde] has quit [Ping timeout: 256 seconds]
11:55 < Andre483> Anyone?
12:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
12:41 -!- Andre483 [~Andre@2607:fb90:1700:16ca:e8ad:1a4:cc2:9217] has quit [Quit: AndroIRC - Android IRC Client ( http://www.androirc.com )]
12:46 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 256 seconds]
12:48 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 256 seconds]
12:51 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
12:52 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
12:53 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
12:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:59 -!- leandrosansilva [~leandro@2001:a60:912d:14::11ae] has quit [Ping timeout: 246 seconds]
13:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:17 -!- hennos [~midas8@167.160.44.237] has joined #openvpn
13:18 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:23 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
14:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
14:48 -!- Pymous [~Pymous@62.210.74.20] has joined #openvpn
14:48 < Pymous> Hello !
14:49 < Pymous> I'm having a bit of an issue with OpenVPN on a Windows Client (and a Debian Server), I can connect and receive traffic, but not send traffic
14:52 -!- FlyingPersian [~Flying@p5088DC29.dip0.t-ipconnect.de] has joined #openvpn
14:52 < FlyingPersian> hi
14:54 < FlyingPersian> I'm running OpenVpn on my FreeNAS in a jail and it worked perfectly fine until recentliy. I cannot ping any IPs on the server side, which are on 192.168.1.0. My clients are on 10.8.0.0 and the client's original network is on 192.168.2.1. I'll paste the config/log  in a sec
14:55 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:55 < FlyingPersian> server.conf: http://pastebin.com/n1FM0F0x
14:59 < FlyingPersian> log: http://pastebin.com/ZepvwKnY
15:02 < Gaffel> topology net30?
15:02 < FlyingPersian> what? :x
15:03 < Gaffel> You're pushing topology net30.
15:03 < FlyingPersian> and that tells me what exactly?
15:03 < Gaffel> Since you seem to be using the standard subnetting and masking, add "topology subnet" to the server config.
15:04 < FlyingPersian> where to I put that?
15:04 < Gaffel> Anywhere in the server config.
15:04 < FlyingPersian> where in the config?
15:04 < FlyingPersian> okay
15:04 < FlyingPersian> just "topology subnet"?
15:04 < Gaffel> topology subnet
15:04 < FlyingPersian> okay
15:04 < Gaffel> Aye, without quotes.
15:04 < FlyingPersian> yes of course
15:05 < FlyingPersian> okay trying to reconnect
15:05 < FlyingPersian> before I could immediately ping the "normal IPs"
15:06 < Gaffel> Pymous: Clients need to add routes to know where to route the traffic. The network addresses that are used for LAN such as 192.168.0.x, 10.x.x.x etc are not routable by default. Is the server pushing routes to the clients?
15:06 < Pymous> I forgot to use iptables, sorry
15:06 < Pymous> It's working just fine now thanks :D
15:07 < Gaffel> :D
15:07 < FlyingPersian> nope not working Gaffel
15:07 < FlyingPersian> can't ping in any direction
15:07 < Gaffel> FlyingPersian: What are you trying to do?
15:07 < FlyingPersian> trying to access the IPs on the server side
15:07 < FlyingPersian> the 192.168.1.0 IPs
15:07 < FlyingPersian> which are the normal IPs in that network
15:08 < Gaffel> Are they all on the 192.168.1.0? Does your firewall allow that traffic to come through the tun interface?
15:08 < Gaffel> You haven't told it to use tun or tap.
15:09 < Gaffel> Add "dev tun" to the config if you want TUN.
15:09 < FlyingPersian> it says dev tun0
15:09 < FlyingPersian> 4th row
15:10 < Gaffel> Does your firewall allow it?
15:10 < FlyingPersian> yes everything is on 192.168.1.0 and the firewall shouldn't be blocking anything. it worked before, I accidentally changed the forwarded port's IP, but i just fixed it
15:11 < Gaffel> Did you reload the firewall rules?
15:11 < FlyingPersian> no
15:11 < FlyingPersian> how do I do that?
15:11 < Gaffel> Depends on your operating system.
15:11 < FlyingPersian> let me restart the jail
15:11 < FlyingPersian> hang on
15:16 < FlyingPersian> well openvpn isn't starting :D
15:16 < Gaffel> Why not?
15:16 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
15:17 < FlyingPersian> no idea
15:17 < FlyingPersian> there's no error
15:17 < FlyingPersian> it just says starting openvpn
15:18 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 240 seconds]
15:18 < FlyingPersian> is openvpn run as nobody?
15:19 < Gaffel> It starts as root or what ever then when it's up and ready it will degrade itself to nobody to protect the system.
15:20 < FlyingPersian> okay
15:20 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
15:20 < FlyingPersian> well there's no message
15:20 < FlyingPersian> wait
15:20 < Gaffel> Set verb to 9
15:21 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
15:21 < FlyingPersian> Thu Sep 17 22:17:35 2015 us=357842 /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up
15:21 < FlyingPersian> ifconfig: interface tun0 does not exist
15:21 < FlyingPersian> Thu Sep 17 22:17:35 2015 us=358761 FreeBSD ifconfig failed: external program exited with error status: 1
15:21 < FlyingPersian> Thu Sep 17 22:17:35 2015 us=358779 Exiting due to fatal error
15:21 < FlyingPersian> should I change tun0 to tun?
15:21 < Gaffel> Yeah, if you only tell it tun then it will pick what ever number is availible, start with 0
15:21 < FlyingPersian> ah
15:21 < FlyingPersian> no
15:21 < Gaffel> And then in iptables you can refer to tun+ to make it apply to all tunX
15:22 < FlyingPersian> because I restarted the jail tun0 went to tun1
15:23 < FlyingPersian> there we go
15:23 < FlyingPersian> changed it to tun1, now it's up
15:23 < Gaffel> You should just write tun
15:23 < FlyingPersian> now let's check if i can ping anything
15:23 < FlyingPersian> okay
15:23 < Gaffel> Then it will work regardless of what tunX it created.
15:23 < FlyingPersian> I think I got tun0/1 from the wiki back when I set it up
15:23 < Gaffel> Okay
15:24 < FlyingPersian> nope
15:24 < FlyingPersian> still not working
15:24 < FlyingPersian> hang on, let me reboot the entire server
15:25 < Gaffel> The firewall rules don't reload when you reload a program.
15:25 < Gaffel> If you just reload a container then it only affects what ever was running inside it.
15:25 < FlyingPersian> yeah I restarted the jail though
15:26 < FlyingPersian> jail's are little VMs within freenas
15:27 < Gaffel> Okay
15:28 < Gaffel> Did freeNAS update OpenVPN recentl?
15:31 < FlyingPersian> yes to the next version
15:31 < FlyingPersian> but
15:31 < FlyingPersian> I updated it after it wasn't working already
15:31 < FlyingPersian> I updated it before I posted here
15:31 < Gaffel> Okay
15:33 < FlyingPersian> ok restarted it
15:33 < FlyingPersian> trying now
15:34 < FlyingPersian> okay
15:34 < FlyingPersian> so I made 4 pings in total
15:34 < FlyingPersian> two said this: answer from 10.8.0.6: destination host not reachable
15:35 < FlyingPersian> two said: ping timout
15:35 < FlyingPersian> I pinged 192.168.1.23, which is my server
15:35 < Gaffel> Then it's not forwarded from the OpenVPN to your actual LAN
15:36 < Gaffel> All traffic should be dropped/rejected by default and it's your job to punch holes where you need them.
15:36 < Gaffel> Since the VPN is on tunX and the rest of your network is on a whole other network, then you need to somehow allow forwarding back and forth.
15:37 < FlyingPersian> but I did that by pusing
15:37 < FlyingPersian> *pushing
15:37 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
15:37 < Gaffel> Pushing just tells the client "You can find 192.168.1.0 255.255.255.0 this way"
15:37 < Gaffel> Pushing routes just makes it routable for the client.
15:37 < FlyingPersian> god damn
15:37 < FlyingPersian> why did it work before?!
15:37 < FlyingPersian> what exactly do I need to do now?
15:37 < Gaffel> Some default behaviour changed I guess.
15:38 < Gaffel> I don't know, I don't run FreeBSD so I'm not familiar with how firewall and forwarding works.
15:38 < Gaffel> Did you reboot between the "VPN works" and "VPN doesn't work"?
15:38 < FlyingPersian> yeah I did
15:38 < FlyingPersian> multiple times to update freenas itself
15:39 < Gaffel> If so, you have temporarily turned on IP forwarding and reboot just to made you confused.
15:39 < Gaffel> Read on how IP forwarding is enabled in FreeNAS
15:39 < Gaffel> I have no idea how simplified FreeNAS is, all I know is that it's based on FreeBSD.
15:42 < Gaffel> http://joepaetzel.com/2014/03/04/secure-freenas-9-2-1-2-with-a-firewall/
15:42 <@vpnHelper> Title: Secure FreeNAS 9.2.1.2 with a Firewall | The Joe Paetzel Method (at joepaetzel.com)
15:42 < Gaffel> You need to switch IP forwarding on before any traffic can jump between subnets or interfaces.
15:43 < Gaffel> If you just do echo 1 >> net.inet.ip.forwarding, then it will get set to 0 on reboot.
15:43 < Gaffel> You need to make sure that it's permanent.
15:44 < FlyingPersian> okay
15:44 < Gaffel> Since the VPN works all fine and no errors then it's something with the packet filter.
15:44 < FlyingPersian> sorry was afk for a sec
15:45 < Gaffel> No worries.,
15:45 < FlyingPersian> I've actually followed that tutorial amongst others when setting up everything
15:45 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
15:45 < Gaffel> Okay, check if IP forwarding is still on.
15:45 < FlyingPersian> echo 1 >> net.inet.ip.forwarding
15:45 < FlyingPersian> doesn't give anything
15:45 < Gaffel> No, that writes 1 to that var.
15:45 < FlyingPersian> oh
15:46 < FlyingPersian> so I need to reboot
15:46 < FlyingPersian> ?
15:46 < Gaffel> No, that's the thing, you don't need to reboot.
15:46 < Gaffel> That var can be switched at any time and default value is 0.
15:46 < FlyingPersian> oh now I got it
15:46 < Gaffel> You rarely need to reboot.
15:46 < FlyingPersian> yes true
15:46 < Gaffel> You only need to reboot when you can't restart the updated comopnent without reboot such as the kernel. :P
15:47 < Gaffel> *component
15:48 < FlyingPersian> https://forums.freenas.org/index.php?threads/openvpn.11839/
15:48 <@vpnHelper> Title: OpenVPN | FreeNAS Community (at forums.freenas.org)
15:48 < FlyingPersian> on post 10 he fixes this issue. I ahve the gatewaything already
15:49 < Gaffel> Can you ping the VPN server?
15:50 < FlyingPersian> hang on
15:50 < FlyingPersian> if the server is 10.8.0.1 I can't
15:51 < FlyingPersian> it's weird
15:51 < FlyingPersian> ipconfig on my PC says ip: 10.8.0.6
15:51 < FlyingPersian> but openvpn says 10.8.0.4
15:51 < Gaffel> Your client?
15:52 < FlyingPersian> my laptop says 10.8.0.6 in cmd with ipconfig, but openvpn (the client on my laptop) says 10.8.0.4
15:52 < Gaffel> OpenVPN server takes one address and uses that itself.
15:53 < Gaffel> It means, 10.8.0.1 might not be the OpenVPN server.
15:53 < FlyingPersian>  inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffff00
15:53 < FlyingPersian> this is what ifconfig says on the server
15:54 < FlyingPersian> neither .1 nor .2 works
15:54 < Gaffel> It had the problem with OpenVPN picking random start addresses when I start started playing with it.
15:55 < Gaffel> The randomness needs to be fixed when your config or program can't adapt itself to the changes.
15:55 < FlyingPersian> hm
15:55 < Gaffel> Interfaces might change names which is one of the problems.
15:58 < FlyingPersian> I'm not quite sure what I'm supposed to do now
15:58 < Gaffel> Double check IP-addresses
15:59 < Gaffel> Make sure that the firewall isn't blocking it and make sure that it refers to the correct interfaces.
15:59 < FlyingPersian> so the open-status.log says10.8.0.4 as does the client
15:59 < FlyingPersian> only cmd --> ipconfig differs
15:59 < Gaffel> Okay
15:59 < Gaffel> You're pushing the wrong route?
16:00 < Gaffel> Nah, looks okay.
16:00 < FlyingPersian> it should be fine
16:00 < FlyingPersian> worked fine before
16:00 -!- Cysioland [itsme@cysioland.pl] has joined #openvpn
16:01 -!- Cysioland [itsme@cysioland.pl] has left #openvpn ["Leaving"]
16:01 < Gaffel> Aye, but network interfaces might change names when you least expect it and that will break the whole chain.
16:01 < FlyingPersian> my phone can't ping anything as well
16:01 < Gaffel> Disconnect the client and reconnect and see if the IP is connect.
16:01 < Gaffel> correct
16:01 < FlyingPersian> okay client is disconnected now
16:02 < Gaffel> Disconnect all clients first.
16:02 < FlyingPersian> done
16:02 < FlyingPersian> restarted openvpn
16:02 < Gaffel> Check what IP OpenVPN is using on tun
16:02 < FlyingPersian> where?
16:03 < Gaffel> Where you check your interfaces.
16:03 < FlyingPersian> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
16:04 < FlyingPersian>         options=80000<LINKSTATE>
16:04 < FlyingPersian>         inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffff00
16:04 < FlyingPersian>         nd6 options=9<PERFORMNUD,IFDISABLED>
16:04 < Gaffel> Can server ping 10.8.0.1?
16:05 < FlyingPersian> this is messed up
16:05 < FlyingPersian> it says: answer from 10.8.0.6: destination host not reachable
16:05 < FlyingPersian> then it only says ping timeout
16:05 < FlyingPersian> I don't know what 10.8.0.6 is
16:05 < FlyingPersian> when I do ipconfig that's the IP it tells me I have on the VPN network
16:06 < Gaffel> :/
16:07 < FlyingPersian> also
16:07 < FlyingPersian> ipconfig doesn't give me a standard gateway for the vpn
16:07 < Gaffel> I've noticed that on Windows. :/
16:08 < Gaffel> But your config doesn't push that to client.
16:08 < Gaffel> Add this to server config on any line: client-to-client
16:08 < Gaffel> Save and restart openvpn.
16:09 < FlyingPersian> client-to-client is just for the devices connected to the vpn
16:09 < FlyingPersian> everything on te 10.8.0.0 network
16:09 < FlyingPersian> but I'll try
16:09 < Gaffel> Yeah
16:10 < FlyingPersian> I'll try to ping my phone
16:10 < FlyingPersian> nope
16:10 < FlyingPersian> let me restart my PC
16:11 < FlyingPersian> don't think it helps since my phone can't ping anything either
16:12 < Gaffel> Are you connecting to the VPN from outside your network?
16:12 < FlyingPersian> yes
16:12 < Gaffel> Okay
16:12 < FlyingPersian> VPN runs at my home, I'm at my parents' home
16:12 < Gaffel> ah, okay.
16:12 < Gaffel> I remember having openvpn picking random addresses at first but I don't know what I did to make it stay sane.
16:12 < FlyingPersian> https://forums.openvpn.net/topic13773.html#p33601
16:12 <@vpnHelper> Title: OpenVPN Support Forum [Solved] Windows 7 default route to VPN not working : Server Administration (at forums.openvpn.net)
16:13 < FlyingPersian> I'll try this
16:14 < Gaffel> You can make the server push that.
16:14 < Gaffel> It will cause ALL traffic to go through the VPN.
16:14 < FlyingPersian> I don
16:14 < FlyingPersian> I don't want that though
16:15 < FlyingPersian> I just want to be able to access my home network
16:15 < Gaffel> Okay, then you don't want to push a default gateway, just routes.
16:16 < FlyingPersian> okay
16:16 < FlyingPersian> I'll reboot my PC
16:17 < FlyingPersian> maybe it helps to fix the IP issue
16:17 < FlyingPersian> brb
16:17 -!- FlyingPersian [~Flying@p5088DC29.dip0.t-ipconnect.de] has quit [Quit: Verlassend]
16:23 -!- adac [~adac@chello080109174123.tirol.surfer.at] has quit [Ping timeout: 250 seconds]
16:25 -!- FlyingPersian [~Flying@p5088DC29.dip0.t-ipconnect.de] has joined #openvpn
16:25 < Gaffel> Ff the VPN server and client doesn't give you any errors and the server pushes the routes for your LAN to the client then the remaining work is in the firewall/router.
16:25 < Gaffel> But you should be able to ping the OpenVPN server.
16:26 < FlyingPersian> hm
16:26 < FlyingPersian> I dunno why nothing works
16:26 < FlyingPersian> okay the IPs match now
16:26 < FlyingPersian> cmd and openvpn client have matching IPs
16:27 < FlyingPersian> ha
16:27 < FlyingPersian> I can ping the server
16:27 < FlyingPersian> 10.8.0.1
16:27 < Gaffel> Ping the LAN
16:27 < FlyingPersian> 192.168.1.23  isn't working
16:28 < FlyingPersian> when I first set it up it took a while for the normal network to work
16:28 < FlyingPersian> it took like a minute
16:28 < Gaffel> Okay
16:28 < FlyingPersian> then somehow it changed and upon connecting I could ping the normal network
16:28 < FlyingPersian> not sure why
16:29 < Gaffel> That has happend to me too.
16:29 < FlyingPersian> okay
16:29 < FlyingPersian> I can ping server --> client
16:29 < Gaffel> But it depends on the stability of the connections etc
16:29 < FlyingPersian> naw
16:29 < FlyingPersian> it has nothing to do with that
16:29 < FlyingPersian> it just changed
16:30 < FlyingPersian> the server's IP is 192.168.1.10
16:30 < FlyingPersian> the servers IP within the VPN is 10.8.0.1
16:30 < FlyingPersian> I could ping the client from the 192 adress
16:30 < FlyingPersian> and I can ping 192.168.1.10
16:32 < FlyingPersian> okay so I can basically ping both IPs of the VPN server
16:35 -!- antranigv [~antranigv@2a03:b0c0:0:1010::13:1] has left #openvpn []
16:36 < Gaffel> FlyingPersian: Which parts aren't working now?
16:36 < FlyingPersian> I can't ping anything in the server's network except the server itself
16:36 < Gaffel> Can you connect to SSH via the VPN?
16:36 < FlyingPersian> and i can ping the server both on 192.168.1.10 (local IP) and 10.8.0.1 (IP within VPN)
16:37 < FlyingPersian> nope
16:37 < FlyingPersian> I'm reading the firewall stuff you posted
16:37 < Gaffel> I think "route 192.168.1.10 255.255.255.0 10.8.0.1" is making your server confused
16:38 < Gaffel> It tells that 192.168.1.0 is found via 10.8.0.1, doesn't it?
16:38 < FlyingPersian> well
16:38 < FlyingPersian> 192.168.1.10 is the IP of the jail, so the VPN server, at home
16:38 < Gaffel> Check your routing table.
16:38 < Gaffel> ?
16:38 < FlyingPersian> it's a little confusing
16:38 < FlyingPersian> do you know what jails are?
16:38 < FlyingPersian> within freenas
16:39 < Gaffel> No
16:39 < FlyingPersian> jails are little VMs within freenas
16:39 < Gaffel> Is it a fully functioning VM?
16:39 < FlyingPersian> yes
16:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:39 < Gaffel> So it has its own kernel and stuff?
16:39 < FlyingPersian> it's created automatically within the webgui
16:39 < FlyingPersian> oh
16:39 < Gaffel> Okay
16:39 < FlyingPersian> that I don't know
16:39 < FlyingPersian> my NAS has the ip 192.168.1.23
16:39 < FlyingPersian> and the jail of the VPN server has 192.168.1.10
16:40 < FlyingPersian> route 192.168.1.10 255.255.255.0 10.8.0.1 <-- I think this means that 192.168.1.10 = 10.8.0.1
16:40 < FlyingPersian> which is why I can ping both IPs
16:40 < Gaffel> Yeah
16:40 < Gaffel> But that route command is run locally
16:40 < Gaffel> You're not pushing it to clients, you run it on the VPN server.
16:41 < FlyingPersian> push "route 192.168.1.0 255.255.255.0"
16:41 < FlyingPersian> so this is pushed to the client
16:41 < Gaffel> Yes
16:41 < FlyingPersian> do I eed to add 10.8.0.0?
16:41 < Gaffel> No, it knows where 10.8.0.0
16:41 < FlyingPersian> like push "route 192.168.1.0 255.255.255.0 10.8.0.0"
16:41 < FlyingPersian> okay
16:41 < Gaffel> That line in the config without push is run locally on the server.
16:42 < FlyingPersian> okay
16:43 < Gaffel> That line tells the machine that openvpn runs on that 192.168.1.x is found via 10.8.0.1
16:43 < Gaffel> But that's wrong, 192.168.1.x is already found locally.
16:43 < FlyingPersian> so that means whate xactly?
16:44 < Gaffel> It tells "Hey! Guys, 192.168.1.x is found on the tun0 interface!"
16:44 < FlyingPersian> okay
16:44 < Gaffel> So all traffic that want to visit anything on that subnet will head to tun0
16:44 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
16:44 < FlyingPersian> so I need to do what?
16:44 < Gaffel> Remove it
16:44 < FlyingPersian> just to confirm, which line exactlyß
16:45 < Gaffel> The one that doesn't push
16:45 < FlyingPersian> the push etc
16:45 < FlyingPersian> oh
16:45 < FlyingPersian> route 192.168.1.10 255.255.255.0 10.8.0.1
16:45 < FlyingPersian> this
16:45 < Gaffel> The plain line "route 192.168.1.10 255.255.255.0 10.8.0.1"
16:45 < FlyingPersian> okay
16:45 < Gaffel> Yes
16:45 < Gaffel> That's done locally
16:45 < FlyingPersian> okay
16:45 < FlyingPersian> I'll just hashtagi t out for now
16:45 < Gaffel> If you want to increase security then there are a few things you should add to both server and client
16:46 < FlyingPersian> okay hang on
16:46 < FlyingPersian> step my step
16:46 < FlyingPersian> same result
16:47 < FlyingPersian> I can ping the server on both IPs
16:47 < Gaffel> Did you restart the OpenVPN service?
16:47 < FlyingPersian> yes
16:47 < FlyingPersian> only the service
16:47 < Gaffel> Okay
16:47 < Gaffel> But server can't ping anything anywhere?
16:47 < Gaffel> Only itself?
16:47 < FlyingPersian> the server?
16:47 < Gaffel> VPN server
16:47 < FlyingPersian> it can ping everything in the network
16:47 < ki7rw> this openvpn does some weird stuff - i can ping some physical ip's on the network  while others give me no route to host - the hosts are up
16:48 < FlyingPersian> the server is on the same subnet as everything at myp lace
16:48 < FlyingPersian> everything is at 192.168.1.0
16:48 < ki7rw> not all devices are connected to the vpn but that shouldn't matter
16:48 < Gaffel> FlyingPersian: The jail can ping everything except VPN clients?
16:48 < ki7rw> the routing table looks ok to me
16:48 < FlyingPersian> the jail can ping clients as well
16:48 < Gaffel> What can't ping what???
16:49 < FlyingPersian> cleint can't ping anything except the server
16:49 < FlyingPersian> anything = VPN side
16:49 < Gaffel> ICMP is blocked then.
16:49 < FlyingPersian> that is what exactly?
16:49 < Gaffel> It's a firewall issue if everything works except client -> VPN -> tunX -> BLOCKED -> other interfaces
16:50 < Gaffel> If it works the other way around then it's all okay.
16:50 < Gaffel> Ping = ICMP echo request. It's the protocol used for the common ping method as well as trade routes and return messages such as "route unreachable" or "port unreachable". It's a way to send messages to each other.
16:50 < FlyingPersian> nothing from my home network can ping my client
16:50 < FlyingPersian> only the vpn server
16:51 < FlyingPersian> so what do I need to do now?
16:51 < Gaffel> Then you aren't forwarding anything between tunX and the other interfaces.
16:51 < Gaffel> It's a firewall issue.
16:51 < FlyingPersian> wait a sec
16:52 < FlyingPersian> I found something in /etc/rc.conf
16:52 < FlyingPersian> firewall_enable="YES"
16:52 < FlyingPersian> firewall_script="/usr/local/etc/ipfw.rules"
16:52 -!- Feikki [~Feilkin@karkkirasia.ninja] has joined #openvpn
16:52 < FlyingPersian> I think I got it
16:52 < Feikki> hello, newbie here, anyone got a sec to help meh?
16:52 < Gaffel> ki7rw: Dump your server config here: http://bpaste.net
16:53 < FlyingPersian> the firewall rules say epair2b, but it should be 1b
16:53 < Gaffel> FlyingPersian: That happens.
16:53 < FlyingPersian> and I know why
16:53 < FlyingPersian> I deleted 2 jails the other day
16:53 < FlyingPersian> I think that's why epair2b changed to 1b
16:53 < Gaffel> Okay, makes sense.
16:54 < FlyingPersian> I'll reboot the system again
16:55 < FlyingPersian> if I reboot the jail only epair1b becomes 2b
16:55 < Feikki> my openvpn.log gets spammed with 'IP packet with unknown IP version=0 seen'
16:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:56 < Gaffel> Feikki: It comes from who?
16:57 < Feikki> both of the users im testing with
16:57 < Feikki> aka everyone
16:57 < Feikki> im trying to set up a vpn for me and couple of my friends
16:57 < Gaffel> IP version indicates what protocol is found inside the IP frame.
16:58 < Gaffel> Are you all using TUN or TAP?
16:58 < Feikki> tun, the server is arch linux and the clients are windows
16:59 < Feikki> pretty much the example config
16:59 < Gaffel> Both of the options in the server config needs to exist in the client config
16:59 < Gaffel> The example config is shit out of the box.
17:00 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has joined #openvpn
17:01 < Feikki> both of the options?
17:01 < Gaffel> Both?
17:01 < Gaffel> The settings have to match
17:02 < Gaffel> If the server uses cipher BF-CBC then all clients need to do that too.-
17:03 < Gaffel> Are the clients connecting properly?
17:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:03 < Feikki> yeah, they get ip addresses, but thats about it
17:03 < Feikki> i cant ping the server or other clients
17:04 < Gaffel> Have you pushed routes to the clients?
17:04 < Feikki> not sure?
17:04 < FlyingPersian> it works Gaffel
17:04 < Gaffel> FlyingPersian :)
17:04 < FlyingPersian> I tihnk the issue was the firewall the entire time
17:04 < FlyingPersian> as you said earlier
17:04 < Gaffel> Yup
17:04 < FlyingPersian> thanks a lot for your help and patience!
17:04 < Gaffel> You're welcome. ^_^
17:05 < Gaffel> Feikki: It's in the config.
17:05 < Gaffel> The clients don't know what's on the other side of that VPN connection unless they are told.
17:05 < Gaffel> Also, the clients that connect might end up in conflicts if your LAN uses the same network address as the clients who connect
17:06 < Gaffel> Like, the clients have 192.168.0.x networks
17:07 < Gaffel> FlyingPersian: I recommend that you increase the security of your VPN tunnel. =)
17:07 < FlyingPersian> oh yes
17:07 < FlyingPersian> what would you suggest?
17:07 < Feikki> the vpn addresses are 10.8.0.x so that shoudlnt be problem (my lan is 192.168.1.x
17:07 < Gaffel> cipher AES-256-CBC
17:07 -!- ruhrdolf [ruhrdolf@gateway/vpn/mullvad/x-sdnfgiawgehzleia] has quit [Ping timeout: 240 seconds]
17:07 < Gaffel> Feikki: The clients have LANs too and they already have that working.
17:08 < Gaffel> So if they also have LANs at 192.168.1.x then it will get fucked up.
17:08 < Gaffel> So connecting the VPN clients to your LAN will become a headache unless the clients or your LAN use different network addresses.
17:08 < Gaffel> The VPN server has to push the route to the clients so that they can find your LAN.
17:09 < Feikki> oh wait, you mean the server's lan?
17:09 < Gaffel> Yes
17:09 < Feikki> yeah, that wont be a problem
17:09 < Gaffel> You want your friends to be able to talk to your LAN, don't you?
17:09 < Feikki> nah, i want them to talk to the server and others on the vpn
17:10 < Feikki> the server is running on vps so it's not on my lan
17:10 < Feikki> am i doing this right?
17:11 < Feikki> like, the users on the vpn should see each other, and be able to talk to each other?
17:13 < Gaffel> Aha, yeah
17:13 < Gaffel> You need client-to-client in the config
17:13 < Feikki> have that
17:14 < Feikki> http://hastebin.com/qamewegobu my server config (stripped the comments)
17:14 <@vpnHelper> Title: hastebin (at hastebin.com)
17:17 < Gaffel> Have you shared ca.crt and ta.key with your clients?
17:17 < Feikki> yeah
17:19 < Feikki> also, im using windows 10, could that cause problems?
17:19 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:19 < Gaffel> Feikki: It shouldn't
17:19 < Gaffel> I run Arch with Windows 10 client.
17:19 < Gaffel> No problems.
17:20 < Feikki> ok
17:20 < Feikki> welp, i'll reboot and see if that fixes anything
17:21 < Feikki> brb
17:24 < Gaffel> Feikki: Also, do the clients use a different key-direction than the server?
17:24 < Feikki> key-direction?
17:24 < Gaffel> tls-auth ta.key 0 # This file is secret
17:24 < Gaffel> That number at the end is key-direction.
17:24 < Gaffel> It's either 0 or 1. The server and clients can't have the same.
17:24 < Gaffel> So if server has 0 then all clients has to use 1
17:24 < Feikki> the clients have 1
17:24 < Gaffel> Okay
17:27 < Feikki> also: the client reports this error: Fri Sep 18 01:24:36 2015 NOTE: FlushIpNetTable failed on interface [8] {D2680AC5-A9E5-47B8-BCA0-FAE460B37FF2} (status=5) : Access is denied.
17:28 < Gaffel> Must run as admin
17:28 < Gaffel> Start the OpenVPN GUI as admin
17:34 < Feikki> nbm i think i found the cause
17:34 < Feikki> *nvm
17:36 < Feikki> yeah, now i feel stupid ^^
17:37 < Feikki> deleted the fragment setting from the client conf by mistake
17:37 < Feikki> thanks for help tho :)
17:52 -!- jughead [~pi@c-76-18-184-177.hsd1.tn.comcast.net] has joined #openvpn
17:57 -!- Feikki [~Feilkin@karkkirasia.ninja] has left #openvpn []
18:12 < jughead> Where can I find a good tutorial for creating ovpn files?  I'm running ubuntu server 14.04 and followed the vpn tutorial on the ubuntu site but it does not address the creation of ovpn files.  I intend to use the vpn on android/apple devices.  thanks!
18:20 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
18:23 -!- Protected [~Join@95.211.204.167] has joined #openvpn
18:24 < Protected> Hey, real ops now
18:25 < Protected> So, I was just disconnected for a heartbeat and looking at my openvpn log from the time of the disconnection I seem to have a sequence starting with this at exact one hour intervals: "TLS: tls_process: killed expiring key". Any ideas? Googling it it seems to be something that has happened to others but I couldn't find a reason yet
18:25 < Protected> Or is this normal and unrelated?
18:26 -!- nullsign [~nullsign@tyrion.nullsign.com] has quit [Read error: Connection reset by peer]
18:26 < Protected> !paste
18:26 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
18:27 < Protected> Can never remember each channel's preference
18:28 < Protected> Here's the hourly cycle log: https://gist.github.com/anonymous/6bddfb6e45149c835d14
18:28 <@vpnHelper> Title: gist:6bddfb6e45149c835d14 · GitHub (at gist.github.com)
18:30 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
18:34 < Thermi> Protected: Normal and unrelated.
18:37 < Protected> Damn :(
18:38 < Protected> I had never paid enough attention to those logs
18:38 < Protected> So I'm going to put it down as a weird coincidence (the disconnection happened in the past two hours)
18:38 < Protected> It may not even have anything to do with openvpn
18:39 < Thermi> If you don't post logs, you won't receive useful help.
18:44 < Protected> Good thing I did then!
18:44 < Protected> No further help is required, thanks
18:45 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
18:50 -!- FlyingPersian [~Flying@p5088DC29.dip0.t-ipconnect.de] has quit [Quit: Verlassend]
18:53 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
18:57 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Ping timeout: 246 seconds]
18:59 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 256 seconds]
19:00 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
19:01 -!- esde [~something@openvpn/user/esde] has joined #openvpn
19:01 -!- mode/#openvpn [+v esde] by ChanServ
19:05 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:07 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
19:08 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
19:10 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
19:19 -!- jughead [~pi@c-76-18-184-177.hsd1.tn.comcast.net] has quit [Quit: leaving]
19:43 -!- dEPy [~dEPy@69.80.105.42] has joined #openvpn
19:44 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
19:52 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Ping timeout: 252 seconds]
20:00 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
20:00 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
20:15 -!- dEPy [~dEPy@69.80.105.42] has quit [Quit: (null)]
20:17 -!- Andre483 [~Andre@c-71-229-249-39.hsd1.co.comcast.net] has joined #openvpn
20:17 < Andre483> hi, need some help with ssl certificates
20:18 < Andre483> I am configuring the CN on the server side and I am able to put a FQDN but on the client certs, I am unable to
20:18 < Andre483> how do I go around this?>
20:27 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
20:29 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
20:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
20:40 < Gaffel> Andre483: uh
20:40 < Gaffel> What tool are you using to create those?
20:41 < Andre483> just general questions, not actually creating them yet
20:41 < Gaffel> oh
20:41 < Gaffel> If you use OpenSSL then you'll be able to.
20:41 < Andre483> isn't it bad that the CN is not a FQDN?
20:41 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
20:41 < Gaffel> Use OpenSSL directly instead of scripts.
20:42 < Gaffel> Andre483: Well, the CN is compared to the address which uses the certificate.
20:42 < Gaffel> So if there's no FQDN then it doesn't matter. Might as well be an IP.
20:42 < Andre483> the server will have a real FQDN but clients not even close
20:42 < Gaffel> Yeah
20:42 < Gaffel> Servers should use FQDN if they have one.
20:43 < Andre483> how does that work though? won't openvpn error out?
20:43 < Gaffel> Nope
20:43 < Gaffel> You can decide how to do it.
20:43 < Andre483> but technically its a failure of authentication
20:43 < Gaffel> You can let OpenVPN pass the stuff to a script and let your script verify
20:43 < Gaffel> Yes
20:44 < Andre483> can I have the client be strict but not the server?
20:44 < Gaffel> Yes
20:45 < Andre483> this is to protect against man in the middle attacks right?
20:45 < Gaffel> Yes
20:45 < Gaffel> So the client knows that the cert belongs to the machine it connects to.
20:46 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Ping timeout: 244 seconds]
20:46 < Andre483> I see, so that would assume the key got stolen?
20:47 < Gaffel> Yes, it's a way of detecting it.
20:47 < Andre483> interesting!
20:48 < Gaffel> I recommend that you dig deep into what options you have when you create certificates using OpenSSL.
20:48 < Gaffel> You can use the CN as a unique identifier for the machine that uses a client certificate.
20:48 < Gaffel> And then use that to compare against a database or server files.
20:48 < Andre483> in all honestly, I have lied. it is not for openvpn
20:48 < Gaffel> Okay, what is it for?
20:49 < Andre483> I am trying to implement what this article is explaining: http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/
20:49 <@vpnHelper> Title: Configuring Tomcat SSL Client/Server Authentication | The Blog of Maxim Porges (at www.maximporges.com)
20:49 < phreakocious> Andre483: why on earth would you come here to figure that out? :)
20:50 < Andre483> you'd be surprised but this is the only place that has been able to help me
20:50 < Gaffel> Ah, okay.
20:50 < Andre483> and honestly, I got the idea of wanting to do that from using openvpn
20:50 < phreakocious> heh
20:50 < Gaffel> The problem that you'll run into is that if the server certificate isn't signed by a widely known CA then the clients will get a warning.
20:51 < Gaffel> So if they lack the Certificate Authority certificate on their machine then they won't be able to validate it since it's not considered trusted.
20:51 -!- hennos [~midas8@167.160.44.237] has quit [Quit: Leaving]
20:51 < phreakocious> and if your clients are java, you may need to add intermediates to them even then
20:51 < Gaffel> Web browsers (or the operating system that it's running on) has a list of trusted root certificate authorities.
20:52 < Gaffel> So if you intend on running something public then your visitors will get warnings that will scare them away.
20:52 < Andre483> the users will be using a mobile app that communicates internally to a linux server
20:52 < Gaffel> Okay, as long as the app brings the ca.crt then it will be fine.
20:54 < Gaffel> Distribute ca.crt with the app.
20:55 < Gaffel> Then let the app create its own client certificate.
20:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:57 < Andre483> I was thinking I could create one certificate that can be used with all the mobile apps
20:57 < Gaffel> No, then everyone knows the private key of other users.
20:57 < Andre483> is this because I would need a way to distinguish between them?
20:58 < Gaffel> You can use something unique for the device as the CN.
20:58 < Gaffel> The client can create a selfsigned certificate.
20:58 < Gaffel> Devices contain a lot unqiue identifiers such as IMEI or the SIM's identfier.
20:59 < Andre483> I had no idea this was possible
20:59 < Gaffel> Or you can use the users' account that's used on the phone if it's present, such as Google e-mail address on Android phones.
20:59 < Gaffel> So when they connect, you'll get to know how to contact them if you need to.
21:00 < Andre483> I don't know if this helps or makes it worse but as part of the web service call, there would be a username/password authentication separate  from the cert
21:00 < Gaffel> That's good.
21:00 < Gaffel> The certs don't have to be involved.
21:00 < Andre483> I was just thinking on top of that, it would be nice if we incorporated ssl certs
21:01 < Gaffel> Since they will have to be selfsigned unless you want your CA to receive certificate requests.
21:01 < Gaffel> Yeah, certs are a good way of establishing a secure link.
21:01 < Gaffel> Asymmetric encryption or public key cryptography.
21:02 < Gaffel> That's what certs are used for.
21:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:03 < Gaffel> Do you know the basic concepts of that and what certificates contain?
21:04 < Andre483> I really don't. I barely was able to set this up years ago to work on openvpn
21:04 < Andre483> my developers didn't know this was possible
21:05 < Andre483> so I told them I'd handle it and here I am :)
21:05 < Gaffel> https://en.wikipedia.org/wiki/Public-key_cryptography
21:05 <@vpnHelper> Title: Public-key cryptography - Wikipedia, the free encyclopedia (at en.wikipedia.org)
21:06 < Gaffel> Here's an easy explanation on how it works: https://www.youtube.com/watch?v=M7kEpw1tn50
21:07 < Gaffel> That's the basic mathetical concept and what it means.
21:07 < Gaffel> That channel is another video on the same subject, explained by a computer science student.
21:14 < Andre483> watching it so far, pretty good
21:14 < Gaffel> :)
21:15 < Andre483> 1024 bit is pretty solid but 2048 is crazy it looks like
21:16 < Andre483> I am not sure how to proceed from here. I was planning on following that article to incorporate ssl certs on both sides
21:16 < Gaffel> Yup
21:16 < Gaffel> 1024 shouldn't be used since the ones who try to crack it might have a black hat.
21:17 < Gaffel> So always stay one step ahead.
21:18 < Gaffel> The keys are used in encryption algorithms such as AES.
21:19 < Gaffel> Then you can exchange information safely, either start communicating or exchange keys for symmetric encryption.
21:19 < Gaffel> Or what ever encryption that you would like to have.
21:20 < Andre483> the thing you said earlier about having the client create their own cert, I thought I had to create certs for the clients?
21:20 < Gaffel> You don't.
21:21 < Andre483> giving them the ca.crt is okay?
21:22 < Gaffel> A certificate authority signs its own certificates and then it accepts certificate requets which contains some information such as country, city, name, company, email etc. The CSR (cert request) also contains the public key.
21:22 < Gaffel> Yes
21:22 < Gaffel> ca.crt only contain the CA's public key.
21:22 < Gaffel> ca.key is private.
21:22 < Gaffel> Anyone can sign their own certificate, but by introducing a common CA that we all agree on being trustworthy then we can send our CSRs to that CA and key a signed certificate back.
21:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:23 < Gaffel> Here's a more computer oriented explanation: https://www.youtube.com/watch?v=GSIDS_lvRv4
21:23 < Andre483> on the server side, I would then be able to see all various self signed cets on the client side?
21:24 < Gaffel> You can see the certificate, yes.
21:24 < Gaffel> The certificate is public, the private key is not.
21:24 < Gaffel> The certificate contains the public key and details about who it belongs to.
21:25 < Andre483> I think I understand now. I wouldn't see the self signed cert the client is creating
21:25 < Andre483> I am giving them the access to create their own, I don't necessarily need to see it or know about it
21:25 < Gaffel> To know that you speak to the same client at every session.
21:26 < Gaffel> It's the keypair that's the important thing.
21:26 < Gaffel> Watch the video I just linked to.
21:26 < Gaffel> Then you'll understand.
21:27 < Gaffel> The certificate, .crt, that contains the information that you want.
21:27 < Andre483> the .crt is essentially the key?
21:27 < Gaffel> And with it, you'll be able to create a secure link that nobody else can tap into unless you use shitty keys or shitty algos.
21:27 < Gaffel> Yes
21:28 < Gaffel> It contains the information that you specify on creation, such as the CN you talked about.
21:28 < Andre483> video is saying there is a key a and key b though
21:28 < Gaffel> Plus, the public key.
21:28 < Gaffel> Yeah
21:28 < Gaffel> You get a keypair
21:28 < Gaffel> You just watched a whole video that explains the keypair.
21:28 < Gaffel> There are TWO keys.
21:28 < Andre483> the two prime numbers part?
21:28 < Gaffel> Yes
21:29 < Gaffel> It's all part of the key generation.
21:30 < Gaffel> The public key is a padlock, the private key is the key for that lock.
21:30 < Gaffel> I send you my public key, you use that to lock (encrypt) boxes (frames) and send it back.
21:31 < Gaffel> Nobody will be able to see what's in the boxes except me, because I have the private key.
21:31 < Andre483> makes sense. here is the test :)
21:31 < Gaffel> And you can then send me your public key and I'll send you locked data back.
21:33 < Gaffel> About encryption, methods and the problems regarding the ability to crack it: https://www.youtube.com/watch?v=sWeVOXpTOhk
21:33 < Gaffel> You should watch the first video again if you don't quite understand the keypair. ^_^
21:33 < Gaffel> Then watch the 2nd video again then that 3rd one. =)
21:34 < Andre483> I think I am following but does this handle two-way authentication though? it sounds like it's one-way
21:35 < Gaffel> It depends on who signs the certificate.
21:35 < Gaffel> A selfsigned certificate is not used for authentication.
21:36 < Gaffel> But by using certificates, you can create a safe way of letting the client authenticate itself.
21:36 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
21:36 < Gaffel> Even if the certificate is self-signed.
21:37 < Gaffel> And the server can send encrypted data back to the client.
21:38 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
21:38 < Gaffel> And by doing that, nobody can listen in unless they've cracked TLS 1.2 and AES-256
21:38 < Andre483> cool
21:39 < Gaffel> By the keys are so large that no home users will attempt it and only people like the NSA or British GCHQ, Russian FSB etc
21:40 < Andre483> I think I am following but as far as implementing it, that is another problem...
21:40 < Gaffel> And the app can generate its own keypair the first time the app is started and then delete it when the app is uninstalled.
21:40 < Gaffel> There are TLS implementations in many program libraries.
21:41 < Gaffel> TLS replaces SSL. The last version of SSL was 3.0.
21:41 < Gaffel> OpenSSL and many other libraries contain all the functions that you need.
21:41 < Andre483> looks like I can follow this https://www.sslshopper.com/tomcat-ssl-installation-instructions.html
21:41 <@vpnHelper> Title: Tomcat SSL Installation Instructions (at www.sslshopper.com)
21:42 < Gaffel> That's how you import them, yes. So getting Tomcat to use your certificate won't be a problem.
21:42 < Gaffel> OpenSSL has a commandline tool that will help you.
21:42 < Andre483> I remember I had nifty scripts to generate them back in the days
21:43 < Gaffel> There's a script called easy-rsa but I recommend using OpenSSL directly and use extensions to allow the connecting clients to know that the server they are connecting to to is a server using a server certificate.
21:44 < Gaffel> Your server can then check and make sure that the clients connecting are using a client only certificate.
21:44 < Gaffel> There are extensions that add these options.
21:44 < Andre483> I found an article to force it
21:46 < Andre483> it seems that tomcat interfaces with keystore
21:46 < Andre483> not sure if there is a way around that
21:47 < Andre483> looks like I could do it all from openssl and then export into keytool, what a drag
21:48 < Andre483> they certaintly know how to deincentize it
21:49 < Gaffel> There are enough tools that create certificates.
21:50 < Andre483> just to confirm, I don't need to create client certs on my end so long as I give the clients the ca.crt?
21:50 < Gaffel> Nope
21:50 < Gaffel> They can create their own.
21:50 < Gaffel> That's how webservers do it, they have to trust all clients at face value.
21:51 < Gaffel> Getting your own certificate signed by a trusted root certificate authority costs money.
21:52 < Gaffel> If your create your own CA then you could sign client's CSR but you shouldn't do that unless you really see a benefit in doing that.
21:58 < Gaffel> http://www.area536.com/projects/be-your-own-certificate-authority-with-openssl/
21:58 <@vpnHelper> Title: Be your own Certificate Authority with OpenSSL (at www.area536.com)
21:59 < Gaffel> Create your own config for your own CA.
22:00 < Andre483> Gaffel: wouldn't client.jks be equivalent to a ca.crt?
22:00 < Gaffel> I don't know what jks is.
22:00 < Andre483> sorry still researching
22:01 < Gaffel> Key, CSR, CRT
22:01 < Gaffel> Then you can create PKCS#12 files as well, if you want to.
22:01 < Andre483> Im in keytool's domain, they have things a little different
22:03 < Gaffel> I don't know anything about that.
22:07 < Andre483> based on this syntax, is server-public.cer equivalent to openssl's ca.crt keytool -exportcert -keystore internalserver.jks -storepass password -file server-public.cer -alias internalserverkey ?
22:08 < Gaffel> I don't know.
22:08 < Gaffel> I have only used OpenSSL.
22:10 < Gaffel> That looks like you import the certificate to a keystorage file with the file extension .JKS
22:10 < Gaffel> But the question is, where is the private key?
22:12 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:13 < Andre483> keytool displayed this message Certificate stored in file <server-public.cer>
22:13 < Gaffel> Okay
22:14 < Andre483> everything else is apparently stored in the jks file and I'd have to run some special commands to export certain things like that out
22:14 < Andre483> pretty interesting
22:25 < Andre483> I'd like to test if all this is working. i restarted tomcat and its listening on that port
22:28 < Gaffel> Have you enabled TLS?
22:30 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
22:32 < Andre483> the syntax is a bit different than what I am used to. apache was pretty straigth forward but tomcat is weird
22:33 < Gaffel> It's Java, isn't it?
22:33 < Andre483> when I access the url:port through my web browser it downloads a file
22:33 < Andre483> when I open the file it's very small and its something encrypted
22:33 < Gaffel> ?
22:33 < skyroveRR> Andre483: what's the file extension?
22:34 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:34 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Ping timeout: 246 seconds]
22:34 < Andre483> no extension. the filename is "download"
22:34 < Andre483> 

22:35 < Andre483> whatever that means...
22:35 < Gaffel> What does it contain?
22:35 < Andre483> a few ascii characters that look like this 
22:35 < Andre483> [] ?
22:35 < Gaffel> All I see are boxes
22:36 < Andre483> im sure its a configuration issue... because after that it automatically redirects the port
22:44 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 256 seconds]
22:52 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
23:28 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Quit: Tension, apprehension, and dissension have begun.]
23:32 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
23:39 -!- ShadniX [dagger@p579419F3.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:39 -!- ShadniX [dagger@p57941023.dip0.t-ipconnect.de] has joined #openvpn
23:49 -!- dEPy [~dEPy@206.222.164.178] has joined #openvpn
23:58 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 272 seconds]
23:58 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
--- Day changed Fri Sep 18 2015
00:02 -!- dEPy [~dEPy@206.222.164.178] has quit [Quit: (null)]
00:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:10 -!- mode/#openvpn [+o mattock1] by ChanServ
00:18 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
00:23 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Ping timeout: 256 seconds]
00:46 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
00:47 -!- mystica555 [~mystica55@97-118-103-210.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
00:48 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 246 seconds]
00:55 -!- Pymous [~Pymous@62.210.74.20] has quit [Remote host closed the connection]
00:56 -!- Pymous [~Pymous@62.210.74.20] has joined #openvpn
00:57 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:59 -!- mystica555 [~mystica55@ma02636d0.tmodns.net] has joined #openvpn
01:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:13 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
01:23 -!- Andre483 [~Andre@c-71-229-249-39.hsd1.co.comcast.net] has quit [Quit: Leaving]
01:24 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
01:26 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
01:39 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
01:49 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:54 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
02:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
02:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:04 -!- mode/#openvpn [+o mattock1] by ChanServ
02:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
02:05 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:06 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
02:11 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
02:18 -!- e1z0 [u571@netlinux/founder/e1z0] has joined #openvpn
02:18 < e1z0> hi
02:18 < skyroveRR> Hello
02:19 < e1z0> i'm searching for the opensource openvpn billing software for vpn service based on php or similar, maybe someone knows any ?
02:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
02:35 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 264 seconds]
02:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
02:37 -!- mystica555_ [~mystica55@97-118-103-210.hlrn.qwest.net] has joined #openvpn
02:39 < skyroveRR> ping mystica555
02:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
02:41 -!- mystica555 [~mystica55@ma02636d0.tmodns.net] has quit [Ping timeout: 256 seconds]
02:52 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:08 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
03:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:12 < mystica555_> pong skyroveRR
03:12 < skyroveRR> pm?
03:13 < mystica555_> sure
03:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:13 -!- trohn_javolta [d4ec1493@gateway/web/freenode/ip.212.236.20.147] has joined #openvpn
03:14 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
03:14 < trohn_javolta> !welcome
03:14 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
03:14 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:16 < moriko> Can anyone think of any reasons why a client configured with --ping-restart might connect successfully and then timeout within a few minutes - e.g (Inactivity timeout (--ping-restart), restarting - and then connect successfully again and then again restart due to inactivity.
03:18 < moriko> It would appear that somehow when connecting the packets arrive at the server but after connecting something starts blocking them
03:18 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
03:20 < trohn_javolta> !goal I want to connect to different servers from one vpn provider, like ping all servers every hour, choose the best server and connect to that server, except it's the same server as current one then connect to second best "ping-server"
03:21 < trohn_javolta> could someone point me to a website? I searched but could only find out, that you can state several servers in the config file and also remote option
03:22 < skyroveRR> Mm.. it's still unclear what you need to do, trohn_javolta
03:23 < trohn_javolta> i dont understand.. yes, for me it's unclear how i could manage to do that
03:23 < skyroveRR> brb
03:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
03:23 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Quit: sigsts]
03:34 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 246 seconds]
03:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
03:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:50 -!- ciss [~Adium@x55b2b9dd.dyn.telefonica.de] has joined #openvpn
03:52 -!- eike_52n [~eike@80.156.182.234] has joined #openvpn
03:52 < eike_52n> !welcome
03:52 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
03:52 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:53 < eike_52n> hi, what library are you using for vpnHelper?
03:55 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
03:55 < eike_52n> !vpnHelper
03:55 <@vpnHelper> "vpnHelper" is "bot" is I'm a bot.. just a bot. krzee and ecrist are my maintainers, and I haven't said anything, if you'd notice, the person who spoke just before me gave a !command to make me speak :P
03:55 < eike_52n> !about
03:57 -!- dazo_afk is now known as dazo
03:59 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
04:02 -!- ciss [~Adium@x55b2b9dd.dyn.telefonica.de] has left #openvpn []
04:04 -!- trohn_javolta [d4ec1493@gateway/web/freenode/ip.212.236.20.147] has quit [Quit: Page closed]
04:11 -!- ShapeShifter499 is now known as raansu
04:12 -!- raansu is now known as ShapeShifter499
04:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
04:22 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:36 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
04:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:48 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
04:48 -!- MacGyver is now known as pol
04:50 -!- pol is now known as macgyvernl
04:51 -!- macgyvernl is now known as MacGyver
04:52 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
04:52 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:52 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:57 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
05:03 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
05:12 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
05:13 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
05:18 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
05:18 < Crew-L-T> woooohoooooo!!!!!!
05:19 < Crew-L-T> i got all my vpn tunnels working
05:25 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Quit: Quit]
05:34 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
05:35 -!- toli [~toli@ip-62-235-237-93.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:37 -!- toli [~toli@ip-83-134-71-3.dsl.scarlet.be] has joined #openvpn
05:40 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
05:40 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
05:49 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
05:53 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
05:54 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:07 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
06:10 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
06:15 -!- mystica555_ [~mystica55@97-118-103-210.hlrn.qwest.net] has quit [Ping timeout: 246 seconds]
06:19 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:20 -!- hennos [~midas8@167.160.44.237] has joined #openvpn
06:28 -!- mystica555_ [~mystica55@ma02636d0.tmodns.net] has joined #openvpn
06:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:39 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
06:40 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
06:44 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
06:49 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
06:51 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Quit: Quit]
06:52 -!- thumbs is now known as httpd
06:52 -!- httpd is now known as thumbs
06:53 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
06:54 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
06:57 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
07:37 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 252 seconds]
07:39 <@ecrist> eike_52n: supybot
07:42 < eike_52n> ecrist, thanks. Just asked vpnhelper with !version hours before. Sorry for not telling you
07:43 <@ecrist> no worries
07:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:46 -!- bbert [~bbert@unaffiliated/bbert] has quit [Quit: Leaving]
07:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:52 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
07:56 -!- eike_52n [~eike@80.156.182.234] has quit [Quit: Leaving]
07:56 -!- jrgcombr [~jrgcombr@177.148.172.48] has joined #openvpn
07:57 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
08:02 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
08:10 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 255 seconds]
08:12 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Quit: So Long, and Thanks for All the Fish]
08:12 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:19 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:20 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Client Quit]
08:24 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
08:33 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
08:37 -!- rich0_ is now known as rich0
08:39 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:42 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
08:45 -!- jthunder [~jthunder@S010640167eeb5b40.ed.shawcable.net] has quit [Ping timeout: 250 seconds]
08:48 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:48 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:49 -!- nullsign [~nullsign@tyrion.nullsign.com] has quit [Ping timeout: 240 seconds]
08:52 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
08:54 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:01 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
09:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:07 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
09:11 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
09:17 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
09:28 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
09:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:38 -!- nestandi [~nestandi@p4FCD56FB.dip0.t-ipconnect.de] has joined #openvpn
09:39 -!- nestandi [~nestandi@p4FCD56FB.dip0.t-ipconnect.de] has quit [Max SendQ exceeded]
09:39 -!- nestandi [~nestandi@p4FCD56FB.dip0.t-ipconnect.de] has joined #openvpn
10:00 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
10:06 -!- Pymous [~Pymous@62.210.74.20] has quit [Remote host closed the connection]
10:07 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
10:12 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
10:40 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 240 seconds]
10:41 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:46 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 265 seconds]
10:46 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:49 -!- dup|icate is now known as c|oneman
10:50 -!- mystica555_ [~mystica55@ma02636d0.tmodns.net] has quit [Ping timeout: 240 seconds]
10:50 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
10:51 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
10:51 < Eugene> !download
10:51 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
10:55 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
10:55 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
11:02 < Eugene> !winshortcut
11:02 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0
11:05 <@krzee> somebody just setup a windows client
11:06 <@krzee> ;]
11:06 -!- mystica555_ [~mystica55@97-118-103-210.hlrn.qwest.net] has joined #openvpn
11:07 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
11:09 < ki7rw> interesting problem - i can connect to openvpn from the LAN but not from the WAN even though the configs are exactly the same on the clients - udp port scan on the WAN shows the port being open|filtered just like it does when scanned on the LAN side
11:11 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:12 <@krzee> port forwarding issue?
11:12 <@krzee> firewall issue?
11:12 <@krzee> port scanning is a bad way to check for openvpn, especially if tls-auth is used
11:17 < Eugene> Yuuuuuup.
11:18 <@krzee> Eugene, i switched to linux for my laptop now
11:18 < Eugene> This is for a $CLIENT
11:18 <@krzee> osx is getting too windowsy
11:18 < Eugene> Though my desktop is still Windows, cuz I like my nvidia/steam to work
11:18 <@krzee> ahh ya i dont game
11:18 <@krzee> when i get my nvidia to work its for cuda ;]
11:19 < Eugene> It's glorious on my 4K screen
11:19 <@krzee> 4k screen?
11:20 < Eugene> Big Ass Monitor, 3840x2160
11:20 <@krzee> daaaamn
11:22 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
11:23 <@krzee> how many inches?
11:23 < ki7rw> krzee, my new router is configured the same as the old router - didn't have a problem with the old router - both are linksys and both have been flashed to dd-wrt - different firmware of course since they're different models
11:24 <@krzee> ki7rw, use tcpdump to check if packets are making it
11:24 <@krzee> dont rely on "they should be"
11:24 < Eugene> 28", Asus. http://amzn.com/B00KJGY3TO
11:25 <@krzee> fatty res
11:26 < Eugene> It kicks butt for admin stuff, too. Terminals to everywhere
11:28 < ki7rw> krzee, according to the openvpn log - the client is trying to connect so somethings getting thru - i keep getting a TLS handshake fail even though i've triple checked that the right certificates and keys are in place
11:29 < ki7rw> kinda hard to debug this stuff using irc or forums
11:31 < ki7rw> as a matter of fact, i'm using an android phone on from both the lan side and the wan side (using the cell service) and the same certs and key are being used
11:31 < ki7rw> so, i'm at a loss to explain the WAN side failure
11:33 <@krzee> definitely a networking problem, not openvpn
11:33 <@krzee> im going to blame the router without knowing the reason
11:34 <@krzee> ive had the same issue with dd-wrt
11:34 <@krzee> switched routers to a cheap little tp-link with openwrt and the world is happy
11:36 <@krzee> gotta run for a bit
11:39 < _FBi> +1 openwrt
11:41  * ki7rw guesses he'll have to "experiment" to try to get it to work and hopes that he doesn't crash his router - could take days to solve or even weeks
11:42 < _FBi> i had much better success with OpenWRT than with DD WRT
11:42 < ki7rw> is openwrt still around? i thought they were going to merge with dd-wrt
11:43 < _FBi> however, opwenwrt can't use the modem.  so I can no longer use OpenWRT
11:43 < _FBi> I hope not?
11:43 < _FBi> dunno
11:44 -!- shiriru [~shiriru@46.10.49.231] has quit [Ping timeout: 252 seconds]
11:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:53 -!- u0m3 [~u0m3@92.80.92.123] has quit [Read error: Connection reset by peer]
11:58 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
11:58 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:02 -!- NetworkingPro [uid47591@gateway/web/irccloud.com/x-xrdzitudfstsrxrl] has joined #openvpn
12:02 < NetworkingPro> Sup everyone?
12:04 -!- u0m3 [~u0m3@92.80.92.123] has joined #openvpn
12:05 -!- elch [~elch@gubbel.zuhause.ff02.net] has quit [Remote host closed the connection]
12:09 -!- nestandi [~nestandi@p4FCD56FB.dip0.t-ipconnect.de] has quit [Quit: So Long, and Thanks for All the Fish]
12:24 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
12:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:39 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Ping timeout: 265 seconds]
12:41 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
12:43 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:55 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has joined #openvpn
13:03 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-gfygqdnpenjhlmqi] has joined #openvpn
13:03 < wallbroken> hi
13:04 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
13:04 < wallbroken> i want to ask you some question about openvpn connect app for ios: i upgraded my iOS to 9. And I figure out that It allows me to connect directly from settings.app. But connections doesn't start, if I open the app I see "transport pause" but instead if I try to connect directly from the app. All works good. I want to underline that in iOS 9. I can connect from settings.app, on iOS 7 I was
13:04 < wallbroken> receiving some advice that was
13:05 < wallbroken> saying to use the openvpn app
13:15 -!- shiriru [~shiriru@46.10.49.231] has quit [Quit: Leaving]
13:16 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
13:17 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
13:41 <@dazo> !as
13:41 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
13:44 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:45 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:46 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
13:49 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
13:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
13:50 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
14:07 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-gfygqdnpenjhlmqi] has left #openvpn []
14:08 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-gfygqdnpenjhlmqi] has joined #openvpn
14:10 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 272 seconds]
14:12 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:21 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Read error: Connection reset by peer]
14:21 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
14:23 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Read error: Connection reset by peer]
14:23 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
14:45 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit []
15:11 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:13 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
15:30 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 255 seconds]
15:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:01 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
16:12 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 255 seconds]
16:16 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
16:22 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 260 seconds]
16:23 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
16:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:35 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
16:35 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:37 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:39 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
16:46 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
16:54 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:06 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
17:15 -!- hennos [~midas8@167.160.44.237] has quit [Quit: Leaving]
17:17 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
17:17 -!- shiriru [~shiriru@46.10.49.231] has quit [Remote host closed the connection]
17:20 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
17:22 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:37 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 240 seconds]
17:52 -!- CustosLimen [~CustosLim@unaffiliated/cust0slim3n] has quit [Quit: Leaving]
18:03 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
18:04 -!- dmilith is now known as dmilith2
18:04 -!- dmilith2 is now known as dmilith
18:05 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
18:08 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Quit: gotta go]
18:09 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
18:11 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
18:16 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Quit: gotta go]
18:17 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
18:17 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
18:21 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Client Quit]
18:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:24 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Quit: gotta go]
18:26 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
18:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
18:34 -!- steelcowboy [~steelcowb@207.62.170.210] has joined #openvpn
18:35 < steelcowboy> Hi there! I'm trying to get a VPN working on my home network (which I only have access to via ssh since I'm at college) and running into issues getting internet to route through
18:36 < steelcowboy> I'm using my Android phone, and currently I can connect and ping from both sides of the network (server to client and vice versa) so the connection is completing
18:37 < steelcowboy> On the server I have:
18:37 < steelcowboy> push "route 10.0.0.0 255.255.255.0"
18:37 < steelcowboy> push "redirect-gateway def1 bypass-dhcp"
18:38 < steelcowboy> And for my phone I don't have anything special that would relate to gateways, pretty default. Am I missing something?
18:39 < Eugene> That sounds like a working setup
18:39 < Eugene> What are you using for a client?
18:39 < steelcowboy> OpenVPN connect on the Android app
18:39 < Eugene> The phone ones in particular will have a checkbox for "route traffic through vpn" or similar
18:39 < Eugene> !android
18:39 <@vpnHelper> "android" is (#1) available as OpenVPN for Android as an open source OpenVPN client for Android 4.0+. FAQ: http://ics-openvpn.blinkt.de/FAQ.html or (#2) Links: Play Store: https://play.google.com/store/apps/details?id=de.blinkt.openvpn direct apk link: http://plai.de/android or (#3) Old (pre-ICS) device? See !android-old
18:39 < Eugene> Connect is the commercial client
18:41 -!- dazo is now known as dazo_afk
18:42 < steelcowboy> So for that app I don't use a .ovpn file?
18:44 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Quit: gotta go]
18:44 -!- dmilith is now known as dmilith2
18:45 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
18:47 < steelcowboy> Oh wait, I guess I don't... wasn't working well, it was complaining about tls handshakes even though I added my ta.key and had the correct direction. I'll have to play with it later
19:17 -!- dmilith2 is now known as dmilith
19:39 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:43 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
20:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:08 -!- Andre483 [~Andre@c-71-229-249-39.hsd1.co.comcast.net] has joined #openvpn
21:08 < Andre483> hey gaff you there?
21:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
21:35 -!- maduro [~maduro@71-93-116-27.dhcp.mtpk.ca.charter.com] has joined #openvpn
21:37 < maduro> I'm trying to connect a 'road warrior' linux client to an openvpn server instance running on a machine inside AWS - I can establish the connection, push the route to the client, and ping the openvpn server from the client - but I can't ping any other machines on the amazon 'VPC'
21:45 < maduro> scratch that - had to run iptables command on server
21:45 -!- maduro [~maduro@71-93-116-27.dhcp.mtpk.ca.charter.com] has left #openvpn ["Konversation terminated!"]
21:47 < skyroveRR> !ovpnuke
21:47 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
22:25 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has quit [Remote host closed the connection]
22:29 < steelcowboy> Can anyone help me with the Android client?
22:29 < steelcowboy> I had no problem with OpenVPN Connect except for it wasn't correctly using it to route internet through
22:30 < steelcowboy> But in the other app I keep getting that the TLS Handshake failed, even though I correctly imported my ta.key file
22:33 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
22:34 < steelcowboy> Looks like I'm getting  SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
22:34 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:34 < steelcowboy> But like I said, using the same certs as in the other app
22:36 < steelcowboy> It looks like the problem is my certificate isn't trusted by Android because it's self signed maybe?
22:38 < ki7rw> sometimes i copy the wrong ca cert and get tls handshake errors - maybe you have a similar problem?
22:39 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:39 < steelcowboy> Well I got it to connect again, and it *looks* like everything is working fine
22:39 < steelcowboy> But I'm not getting internet :/
22:39 < steelcowboy> Fri Sep 18 20:36:23 2015 kumpel/172.56.16.22:34235 SENT CONTROL [kumpel]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' (status=1)
22:41 < steelcowboy> That's from the server, so it seems like everything worked fine :/
22:43 < steelcowboy> Oh wait... maybe the server isn't forwarding requests properly
22:44 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
22:48 < ki7rw> that's usually a firewall issue
22:49 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:54 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:56 < steelcowboy> Actually needed to setup port forwarding... so nice to be home :)
23:01 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:15 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:16 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:18 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 244 seconds]
23:18 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
23:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
23:37 -!- ShadniX [dagger@p57941023.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:38 -!- ShadniX [dagger@p5DDFC2B9.dip0.t-ipconnect.de] has joined #openvpn
23:39 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
23:41 -!- arlen [~arlen@jarvis.arlen.io] has quit [Client Quit]
23:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
--- Day changed Sat Sep 19 2015
00:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:05 -!- early [~early@105.ip-167-114-152.net] has quit [Quit: Leaving]
00:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:11 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
00:11 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:23 -!- johnny56_ is now known as Johnny56
00:31 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
00:37 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
00:38 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
00:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
00:56 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 244 seconds]
01:00 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
01:05 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:10 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
01:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
01:14 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-gfygqdnpenjhlmqi] has left #openvpn []
01:24 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-gfygqdnpenjhlmqi] has joined #openvpn
01:28 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
01:32 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 264 seconds]
01:32 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
01:34 -!- lauri [~lauri@shell.stipit.com] has quit [Ping timeout: 246 seconds]
01:35 -!- Gaffel [~drone@213.66.78.167] has joined #openvpn
01:39 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
02:07 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has joined #openvpn
02:11 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:15 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
02:22 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has quit [Ping timeout: 240 seconds]
02:29 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
02:35 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:37 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
02:49 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-gfygqdnpenjhlmqi] has left #openvpn []
02:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
02:58 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 244 seconds]
03:02 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
03:25 -!- Andre483 [~Andre@c-71-229-249-39.hsd1.co.comcast.net] has quit [Quit: Leaving]
03:35 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
03:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:39 -!- Sponsor [~root@unaffiliated/chehri] has joined #openvpn
03:43 -!- cheesenbiscuits [~cheesenbi@175.145.246.114] has joined #openvpn
03:43 -!- u0m3 [~u0m3@92.80.92.123] has quit [Read error: Connection reset by peer]
03:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
03:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
04:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
04:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:23 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:31 -!- pa [~pa@unaffiliated/pa] has quit [Remote host closed the connection]
04:32 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
04:32 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
04:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:10 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 246 seconds]
05:12 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
05:12 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
05:14 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:19 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
05:32 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Ping timeout: 250 seconds]
05:36 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
05:38 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
05:41 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
05:43 -!- hennos [~midas8@167.160.44.237] has joined #openvpn
05:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
05:49 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:04 -!- fling [~fling@fsf/member/fling] has quit [Read error: Connection reset by peer]
06:07 -!- fling [~fling@fsf/member/fling] has joined #openvpn
06:17 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
06:18 < Sambom> !paste
06:18 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
06:20 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
06:25 < Sambom> I have set OpenVPN up on a OpenWRT router. I will use it in road warrior configuration to secure unsecured WiFi networks (on mobile, laptop...) for both accessing home LAN services and Internet (through the tunnel). My LAN are on 192.168.0.0 subnet, currently OpenVpn gives me an IP on 10.0.8.0 network. I don't understand the IP assignemnt (does OpenVPN assign). Also I wonder if my DHCP on LAN 192.168.0.0 can handle it all
06:25 < Sambom> transparent (so VPN devices behave as LAN devices)? Please give me advice...
06:28 < cheesenbiscuits> Hi Sambom...
06:28 < Sambom> Hi!
06:28 < cheesenbiscuits> First things first... is your openvpn server working?
06:30 < Sambom> Yes, I have it working, tried to connect from my iOS Phone. Seems to be working, but connection drops after a while (some minutes) and reconnects. Maybe its some keepalive settings I need to set...
06:31 < cheesenbiscuits> you can set a keepalive... keepalive 10 120
06:31 < cheesenbiscuits> in your client config.
06:32 < Sambom> Yes, I saw that setting, but haven't tried yet. :)
06:32 < cheesenbiscuits> If I understand correctly you wish to push all your data from your openvpn openwrt client router to your openvpn server?
06:35 < Sambom> Ah, no... I'm maybe not so clear... I have my openwrt router as openvpn server (currently, if performance are bad I will put it on a server on my lan instead). So I want my vpn clients to be treated equally as the lan clients (same subnet 192.168.0.0. I will be moving to 192.168.XXX.0 to avoid the most used subnets on 192.168-range).
06:37 < cheesenbiscuits> so your after a TAP not a TUN?
06:37 < Sambom> Oh, sorry, I dont know.. :) But you seems to know..!
06:38 < Sambom> I will be gone for some minutes...
06:38 < cheesenbiscuits> A TUN is layer 3, a TAP is layer 2.
06:42 < Sambom> Ok, I must check that... I have a TUN. FOllowed this guide: http://wiki.openwrt.org/doc/howto/vpn.openvpn
06:43 < cheesenbiscuits> ok...
06:44 < cheesenbiscuits> So you're connecting from unsecured wifi... you use your openvpn openwrt client router to tunnel through the unsecured wifi to your home openvpn openwrt server...
06:45 < cheesenbiscuits> With a TUN setup you will be natted by your openwrt client router...
06:46 < cheesenbiscuits> your server will be only able to 'see' as far as your openvpn client router.
06:47 < cheesenbiscuits> eg: you-> 192.168.1.1 openvpn openwrt client-> 10.10.8.2 openvpn openwrt server->10.10.8.2 internal lan->192.168.0.1
06:48 < cheesenbiscuits> you'll still be able to access things that are routable by i.p address but layer two stuff, like samaba/cifs won't work
06:56 < Sambom> Ok, thanks for the explanation. I will go back to my config-files.. .:)
06:56 < Sambom> TAP seems to be the config I need...
06:58 < cheesenbiscuits> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
06:58 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
06:59 < cheesenbiscuits> Seriously though don't use TAP if you can.
07:03 -!- ghormoon [~ghormoon@ghorland.net] has quit [Quit: ZNC - http://znc.in]
07:06 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
07:31 -!- natarej [natarej@101.188.5.229] has quit [Ping timeout: 264 seconds]
07:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
07:34 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Remote host closed the connection]
07:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
08:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:22 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
08:23 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
08:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:29 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:32 -!- cheesenbiscuits [~cheesenbi@175.145.246.114] has quit []
08:48 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ywpbdgadtirwiflu] has joined #openvpn
08:50 -!- shiriru [~shiriru@46.10.49.231] has quit [Quit: Leaving]
09:03 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:07 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
09:10 -!- hennos [~midas8@167.160.44.237] has quit [Quit: Leaving]
09:12 -!- hennos [~midas8@167.160.44.198] has joined #openvpn
09:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:33 -!- _FBi [B@Aircrack-NG/User] has quit [Ping timeout: 250 seconds]
09:38 -!- ghoti_ is now known as ghoti
09:45 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
09:45 < _FBi> !ping
09:45 <@vpnHelper> pong
09:45 -!- JackWinter [~jack@vodsl-10287.vo.lu] has quit [Quit: Konversation terminated!]
09:48 -!- blurider [~mark@cpe-69-203-11-147.nyc.res.rr.com] has joined #openvpn
09:49 < blurider> My windows client won't route its ip traffic through an OpenWRT OpenVPN server. I check the TAP network adapter and find that it says "No Network Access"
09:59 -!- JackWinter [~jack@vodsl-10460.vo.lu] has joined #openvpn
10:07 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
10:16 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
10:20 -!- blurider [~mark@cpe-69-203-11-147.nyc.res.rr.com] has quit [Quit: Leaving.]
10:23 -!- steelcowboy [~steelcowb@207.62.170.210] has quit [Quit: leaving]
10:29 -!- atmosx [~bsd@convalesco.org] has joined #openvpn
10:29 < atmosx> hello
10:31 -!- hennos [~midas8@167.160.44.198] has quit [Quit: Leaving]
10:33 < atmosx> I'm using torguard VPN with openvpn. I know the client gets settings from the server. I want the VPN to come up, but I don't want it to modify the default route
10:33 < atmosx> any idea how to do that?
10:37 < Gaffel> huh?
10:37 < Gaffel> "come up"?
10:40 < atmosx> n/m found it
10:40 < atmosx> it was in the docs I thought it didn't work the first time. Now it works
10:40 < atmosx> so I'm fine :-)
10:40 < atmosx> bbl
10:40 -!- atmosx [~bsd@convalesco.org] has left #openvpn ["WeeChat 0.4.4-dev"]
10:45 -!- atmosx [~bsd@convalesco.org] has joined #openvpn
10:45 < atmosx> can tun0 have an ipv4 and 6 iface at the same time?
10:46 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
10:46 < atmosx> I think not.
10:47 < Gaffel> oh?
10:48 < atmosx> you need tap probably.
10:48 < atmosx> but the server won't support tap
10:48 < Gaffel> I--tun-ipv6
10:48 < Gaffel> I think --tun-ipv6  does the trick
10:48 < Gaffel> Look on the manpage.
10:48 < Gaffel> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
10:48 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
10:49 < atmosx> Gaffel: I need 4 and 6 simultaneously
10:50 < atmosx> tun devices encapsulate IPv4 or IPv6 (OSI Layer 3) while tap devices encapsulate Ethernet 802.3 (OSI Layer 2).
10:50 < atmosx> nm
10:51 < atmosx> I'll handle this issue with ip6tables if needed.
10:51 < Gaffel> Try it, just add that option and push routes if you need to.
10:51 < Gaffel> Come back with results. :)
10:51 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
10:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:53 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
10:56 -!- Andre483 [~Andre@c-71-229-249-39.hsd1.co.comcast.net] has joined #openvpn
10:57 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
10:59 -!- maduro [~maduro@71-9-82-254.dhcp.ccmn.ca.charter.com] has joined #openvpn
11:00 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Quit: Quit]
11:01 < maduro> running openvpn in AWS, can connect from 'road warrior', can ping server, can ping other AWS machines, other AWS machines can ping road warrior... but http not working. tcpdump on openvpn server/tun0 shows requests going from road warrior to aws instance, but nothing coming back...
11:03 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
11:04 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
11:04 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
11:11 < maduro> "Your problem is probably firewall, Really"   - indeed it was
11:11 -!- maduro [~maduro@71-9-82-254.dhcp.ccmn.ca.charter.com] has left #openvpn ["Konversation terminated!"]
11:17 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:21 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
11:24 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
12:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
12:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:19 < Sambom> cheesenbiscuits, Thanks for the advice, I will dig into it later, TAP seems also not to work with iOS.
12:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:27 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
13:03 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
13:21 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 268 seconds]
13:25 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
13:28 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:43 -!- u0m3 [~u0m3@92.80.92.123] has joined #openvpn
13:47 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
13:54 -!- sixgod [~cavalcade@unaffiliated/sixgod] has joined #openvpn
13:55 < sixgod> hello, i'm thinking about setting up openvpn on my server because some ports are closed at the hotel im staying at
13:55 < sixgod> would all ports be open for me to use (like torrenting) by default or do i need to configure it?
13:56 <@krzee> youd certainly need to configure anything that you wish to work over the vpn
13:56 <@krzee> by "default" you would simply have an encrypted tunnel between 2 endpoints
13:57 <@krzee> i say "default" because theres not really a default mode for openvpn
13:58 < sixgod> ah, is there any guide on how to allow all ports through the vpn?
13:58 < sixgod> or od I just need to open everything in my firewall?
13:58 < sixgod> or well, the ports I want to use
13:58 <@krzee> but more to your question, you'll need to NAT the ports you want to your client, which means you'll either want your client to have a static ip on the vpn or you'll wanna use a learn-address script to add the NAT rules
13:59 <@krzee> its not simply about opening ports, you need to forward them to the client
13:59 <@krzee> on the server
13:59 < sixgod> yeah, it'll be a static IP address
13:59 < sixgod> is there a guide on how to do so?
13:59 <@krzee> static inside the vpn, not outside
13:59 < sixgod> https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
13:59 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Debian 8 | DigitalOcean (at www.digitalocean.com)
13:59 < sixgod> i'm follwoing this one
13:59 -!- APTX_ [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
13:59 <@krzee> !factoids search nat
13:59 <@vpnHelper> 'bsdnat', 'donate', 'fbsdnat', 'freebsdnat', 'linnat', 'nat', 'nathack', 'obsdnat', 'openbsdnat', 'pfnat', and 'winnat'
13:59 <@krzee> !linnat
13:59 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
14:00 <@krzee> hmm thats not it, although you'll need that just for internet to work
14:00 -!- APTX_ [~APTX@unaffiliated/aptx] has joined #openvpn
14:00 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
14:00 <@krzee> im not going to read that guide, tell me do you have a vpn up yet?
14:00 <@krzee> if so, do you have internet redirecting over it?
14:00 < sixgod> not yet, It'll be done in about 10
14:01 < sixgod> I'll get back to you then, thanks for the help
14:01 <@krzee> !dnat
14:01 <@krzee> !factoids search dnat
14:01 <@vpnHelper> 'bsdnat', 'fbsdnat', 'freebsdnat', 'obsdnat', and 'openbsdnat'
14:01 <@krzee> !factoids search --values dnat
14:01 <@vpnHelper> 'freebsdnat', 'bsdnat', 'linportforward', 'openbsdnat', 'nat', and 'frozentux'
14:01 <@krzee> !linportforward
14:01 <@vpnHelper> "linportforward" is (#1) to forward port 80 tcp to a vpn client, use this (replacing <SERVERIP> with the real ip of the server, and <VPNIP> with the clients VPN ip) or (#2) iptables -t nat -A PREROUTING -i eth0 -d <SERVERIP> -p tcp --dport 80 -j DNAT --to <VPNIP> or (#3) iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -i eth0 -p tcp --dport 80 -j ACCEPT
14:01 <@krzee> !static
14:01 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
14:01 <@krzee> !ccd
14:01 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
14:02 <@krzee> you'll need those 3 things ^^ but first just get a vpn up and then get internet redirecting over it
14:02 <@krzee> !redirect
14:02 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
14:02 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
14:11 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:15 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
14:28 < sixgod> krzee:
14:28 < sixgod> when attempting to connect, it gets stuck on "Sat Sep 19 21:26:03 2015 UDPv4 link remote: [AF_INET]91.121.xxx.xxx:1194"
14:28 -!- hennos [~midas8@167.160.44.198] has joined #openvpn
14:28 < sixgod> any idea why?
14:28 < sixgod> no firewall
14:31 < sixgod> hmm i think it's not starting up
14:31 < sixgod> ps aux shows no openvpn
14:54 -!- shiriru [~shiriru@46.10.49.231] has quit [Ping timeout: 256 seconds]
14:59 -!- shiriru [~shiriru@46.10.49.231] has joined #openvpn
15:00 <@krzee> you should probably start it then
15:00 <@krzee> lol
15:02 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 260 seconds]
15:03 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
15:27 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
15:38 -!- protn [~alex@102-183-191-90.dyn.estpak.ee] has joined #openvpn
15:38 < protn> hi
15:39 < protn> who here used softether?
15:41 -!- shiriru [~shiriru@46.10.49.231] has quit [Remote host closed the connection]
15:55 < Gaffel> I don't know what softether is. :o
16:03 < protn> its very neat open source stuff
16:03 < protn> I am surprised there is not special room for it on freenode
16:03 < protn> *no
16:12 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:18 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 256 seconds]
16:18 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
16:22 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
16:23 -!- esde [~something@openvpn/user/esde] has quit [Quit: .]
16:24 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 260 seconds]
16:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:30 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
16:31 < hays> is there a way to make openvpn clients keep their DNS after they try the DNS that is pushed to them by the server?
16:32 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
16:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:39 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
16:39 < hays> e.g. before I connect, I might have 192.168.1.1 as my DNS, and after, I might have 8.8.8.8, 8.8.4.4, and then 192.168.1.1 (remaining from before)
16:39 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
16:48 < hays> I am trying to make it so that when I connect to openvpn when I am on my lan, I still have my DNS available, but when I am not on my LAN, I start using openvpn's DNS
16:49 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has joined #openvpn
16:52 -!- jrgcombr [~jrgcombr@177.148.172.48] has quit [Ping timeout: 246 seconds]
16:55 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
16:55 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
16:58 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:59 < hays> hm. i cannot find a way to make that happen
17:02 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
17:05 -!- protn [~alex@102-183-191-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
17:08 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
17:09 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
17:11 -!- hays_ is now known as hays
17:11 -!- moriko [~moriko@178.162.222.41.adsl.inet-telecom.org] has joined #openvpn
17:17 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
17:17 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
17:33 -!- akkad [akkad@dns.mauthesis.com] has joined #openvpn
17:36 -!- toli [~toli@ip-83-134-71-3.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:38 -!- toli [~toli@ip-62-235-237-63.dsl.scarlet.be] has joined #openvpn
17:43 -!- moriko [~moriko@178.162.222.41.adsl.inet-telecom.org] has quit [Ping timeout: 246 seconds]
17:56 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
17:56 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
18:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
18:28 -!- esde [~something@openvpn/user/esde] has joined #openvpn
18:28 -!- mode/#openvpn [+v esde] by ChanServ
18:37 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
18:39 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
18:39 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Ping timeout: 264 seconds]
18:41 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
18:47 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:51 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 244 seconds]
18:52 -!- hennos [~midas8@167.160.44.198] has quit [Quit: Leaving]
18:53 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:55 -!- jrgcombr__ [~jrgcombr@179.34.178.66] has joined #openvpn
18:58 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has quit [Ping timeout: 246 seconds]
18:59 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
19:06 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
19:06 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:19 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
19:33 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
19:35 < iNs> has anybody actually compared ipv4 vs ipv6 performance in openvpn?
19:36 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
19:36 -!- justinzane [~justinzan@24.49.199.88] has quit [Client Quit]
19:37 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
19:47 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:51 -!- pepperoni [~pepperoni@unaffiliated/pepperoni] has joined #openvpn
19:52 < pepperoni> anyone know of a collection or resource for firewall rules? just lots of examples of rules?
19:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
19:53 -!- jrgcombr__ [~jrgcombr@179.34.178.66] has quit [Ping timeout: 264 seconds]
19:57 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Quit: gotta go]
19:59 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
20:09 -!- protn [~alex@102-183-191-90.dyn.estpak.ee] has joined #openvpn
20:09 < protn> anyone here used it with ubuntu network manager?
20:09 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:09 < protn> it says invalid vpn secrets
20:09 < protn> seems like a bug
20:14 -!- protn [~alex@102-183-191-90.dyn.estpak.ee] has quit [Ping timeout: 260 seconds]
20:19 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:20 -!- ____r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has joined #openvpn
20:24 -!- ____r4z is now known as R
20:25 -!- R is now known as Guest32123
20:34 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
20:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:43 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
21:22 -!- justinzane [~justinzan@24.49.199.88] has quit [Ping timeout: 246 seconds]
21:36 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:39 -!- Guest32123 [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has quit [Ping timeout: 246 seconds]
21:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
21:50 -!- jrgcombr [~jrgcombr@179.34.136.111] has joined #openvpn
22:44 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Remote host closed the connection]
22:46 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
22:56 -!- __r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has joined #openvpn
22:59 -!- ____r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has joined #openvpn
23:00 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has joined #openvpn
23:01 -!- __r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has quit [Ping timeout: 246 seconds]
23:01 -!- ____r4z is now known as __r4z
23:03 -!- jrgcombr [~jrgcombr@179.34.136.111] has quit [Ping timeout: 240 seconds]
23:04 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:06 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
23:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:25 -!- __r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has quit [Quit: __r4z]
23:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 252 seconds]
23:32 -!- Sponsor [~root@unaffiliated/chehri] has quit [Ping timeout: 244 seconds]
23:38 -!- ShadniX [dagger@p5DDFC2B9.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:39 -!- ShadniX_ [dagger@p5DDFF9D3.dip0.t-ipconnect.de] has joined #openvpn
23:39 -!- ShadniX_ is now known as ShadniX
23:39 -!- __r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has joined #openvpn
23:39 -!- __r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has quit [Client Quit]
23:44 -!- __r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has joined #openvpn
23:50 -!- __r4z is now known as r4z
23:51 -!- r4z is now known as __r4z
23:56 -!- __r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has quit [Quit: __r4z]
23:56 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
--- Day changed Sun Sep 20 2015
00:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:11 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:13 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
01:41 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:06 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
02:07 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
02:14 -!- Sponsor [~root@unaffiliated/chehri] has joined #openvpn
02:31 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
02:33 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Read error: Connection reset by peer]
02:33 -!- moriko_ [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
02:39 -!- moriko_ [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:52 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
02:53 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:54 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Quit: going]
03:02 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:03 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:07 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 244 seconds]
03:09 -!- JackWinter [~jack@vodsl-10460.vo.lu] has quit [Ping timeout: 252 seconds]
03:16 -!- Sponsor [~root@unaffiliated/chehri] has quit [Quit: Out]
03:28 -!- Titoune [575bcafa@gateway/web/freenode/ip.87.91.202.250] has joined #openvpn
03:28 < Titoune> Hello, Bonjour
03:28 < Titoune> I need help with OPENVpn, someone can help me ? J'ai besoin d'aide avec OPENVPN quelqu'un peut m'aider s'il vous plaît ?
03:29 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
03:37 < Titoune> allô ?
03:37 < Titoune> ecrist: krzee  mattock   novaflash_away  pekster_  plai  syzzer  ?
03:40 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:03 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
04:11 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
04:21 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:21 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:22 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:23 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
04:23 -!- mode/#openvpn [+v s7r] by ChanServ
04:24 -!- Titoune [575bcafa@gateway/web/freenode/ip.87.91.202.250] has quit [Quit: Page closed]
04:43 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
04:43 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:46 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
04:46 -!- jrgcombr__ [~jrgcombr@179.34.161.44] has joined #openvpn
04:49 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
04:49 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has quit [Ping timeout: 250 seconds]
04:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:19 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
05:28 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:34 -!- CQ [~chatzilla@p57AE9236.dip0.t-ipconnect.de] has joined #openvpn
05:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:55 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
05:57 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 268 seconds]
06:00 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:00 -!- IPJryan [189e3ffc@gateway/web/freenode/ip.24.158.63.252] has joined #openvpn
06:03 < IPJryan> I'm trying to set up OpenVPN and I'm having trouble.  I type ipfw list and get 65535 allow ip from any to any.  According to the tuto that means I did something wrong.  I can't figure it out though.  Can anyone help?  I'm trying to setup a VPN inside my sabnzbd jail.  I'm running freenas 9.3.
06:10 -!- CQ [~chatzilla@p57AE9236.dip0.t-ipconnect.de] has left #openvpn []
06:17 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
06:29 < hays> Is there a way to push a DNS to a client without nuking the existing DNS?
06:34 -!- hennos [~midas8@167.160.44.198] has joined #openvpn
07:00 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
07:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
07:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
07:44 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has quit [Quit: ZNC - http://znc.in]
07:55 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has joined #openvpn
07:55 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has quit [Remote host closed the connection]
07:57 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has joined #openvpn
08:18 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:43 < sixgod> hi, I've set up openvpn on my server and I want  to open up *all* ports for my clients
08:43 < sixgod> e.g. theyll be able to use any port they want
08:43 < sixgod> I have no firewall on my server, who would I go about enabling all ports?
08:45 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has quit [Quit: ZNC - http://znc.in]
08:45 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has joined #openvpn
08:46 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
08:51 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
08:53 -!- atmosx [~bsd@convalesco.org] has quit [Ping timeout: 250 seconds]
08:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
08:58 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
09:03 -!- crane [~crane@chat.craneworks.de] has joined #openvpn
09:19 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has quit [Quit: I'll be back!]
09:20 -!- HM [~HM@81.4.101.225] has quit [Quit: Segmentation fault]
09:20 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has joined #openvpn
09:44 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 244 seconds]
09:47 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
10:01 -!- hennos [~midas8@167.160.44.198] has quit [Quit: Leaving]
10:08 -!- hennos [~midas8@167.160.44.245] has joined #openvpn
10:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
10:23 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:29 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
10:29 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:31 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
10:31 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
10:34 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Client Quit]
10:34 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
10:34 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
10:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:43 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 256 seconds]
10:45 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
10:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
10:58 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 250 seconds]
10:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
10:59 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:00 -!- skyroveRR_ is now known as skyroveRR
11:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:11 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
11:12 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
11:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
11:45 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
11:53 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
11:55 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
11:57 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Client Quit]
12:04 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:13 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 272 seconds]
12:26 -!- duelle [~duelle@unaffiliated/duelle] has joined #openvpn
12:26 < duelle> !welcome
12:26 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:26 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:27 < duelle> !goal
12:27 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
12:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
12:32 < duelle> Hi there, recently I have connection speed issues with my openvpn. Although server and client have sufficient up/down speed I only get a max of about 100 kb/s down on my client. The server (Debian 7.9) is running openvpn 2.2.1-8+deb7u3 and the client 2.3.6 (Arch Linux). The connection has not always been that slow - its just since about 2 weeks.
12:47 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 240 seconds]
12:59 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:00 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:11 -!- barnabas121 [c62634a5@gateway/web/freenode/ip.198.38.52.165] has joined #openvpn
13:13 < barnabas121> I am trying to setup openvpn on dd-wrt. when i try to connect, this is what shows up in the logs: http://pastebin.com/jeuixMUe
13:16 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Quit: ZNC - http://znc.in]
13:28 -!- barnabas121 [c62634a5@gateway/web/freenode/ip.198.38.52.165] has quit [Quit: Page closed]
13:30 -!- __r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has joined #openvpn
13:42 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
13:50 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
13:52 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
14:02 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:05 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 252 seconds]
14:06 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
14:13 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ywpbdgadtirwiflu] has quit [Quit: Connection closed for inactivity]
14:14 -!- duelle [~duelle@unaffiliated/duelle] has quit [Quit: Leaving]
14:21 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:21 -!- rhollan [~rhollan@205.185.218.236] has joined #openvpn
14:22 < rhollan> Need help getting trafific to some destination ports (25) to NOT go through the VPN.
14:22 < rhollan> I gave a novpn routing table with a different default route, and tried setting rules for 127.0.0.1 and the local address on that interface but no go.
14:23 < rhollan> I tried using iptables to mark outgoing packets and using an ip rule on that mark to select the novpn table but no go
14:23 < rhollan> any ideas?
14:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 272 seconds]
14:29 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
14:31 < rhollan> ip rule add for specific destination IP addresses works, but I want it for ALL destination IP addresses destination port 25
14:36 -!- pa [~pa@unaffiliated/pa] has quit [Remote host closed the connection]
14:37 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:40 < Neighbour> rhollan: use iptables to dnat the packets to the ip you want them to go
14:41 < rhollan> Neighbour: I can't see how that will help: I want to route ALL packets to ALL destination port 25 out the non-vpn interface
14:41 < rhollan> it looks like it may be as simple as specifying --dport smtp instead of --dport 25, but that strikes me as silly
14:42 < rhollan> Yup, that was it. Silly iptables
14:44 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
14:49 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:51 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
14:51 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Client Quit]
14:58 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
15:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:04 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:11 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 256 seconds]
15:21 -!- IPJryan [189e3ffc@gateway/web/freenode/ip.24.158.63.252] has quit [Quit: Page closed]
15:23 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has joined #openvpn
15:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:26 -!- jrgcombr__ [~jrgcombr@179.34.161.44] has quit [Ping timeout: 250 seconds]
15:26 -!- cmanns [4750f28c@gateway/web/freenode/ip.71.80.242.140] has joined #openvpn
15:28 < cmanns> If trying to use general internet through openvpn server (linux) with windows/osx clients, tun best? Will be doing gaming, etc- I've done it through tun adapter
15:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
15:41 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
15:42 < CryptoSiD> isnt verb 0 disabled all logs?
15:42 < CryptoSiD> status openvpn-status.log
15:42 < CryptoSiD> log openvpn.log
15:42 < CryptoSiD> log-append openvpn.log
15:42 < CryptoSiD> verb 0
15:42 < CryptoSiD> i still have all clients ip in openvpn-status.log i'd like to have no log at all, unless i change the verb to 1+
15:48 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
15:49 -!- cmanns [4750f28c@gateway/web/freenode/ip.71.80.242.140] has quit [Ping timeout: 246 seconds]
16:01 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:05 <@syzzer> then remove the 'status openvpn-status.log'-line from your config file
16:08 < CryptoSiD> easy!
16:08 < CryptoSiD> thanks
16:08 < CryptoSiD> (I guess that was retarded to ask)
16:17 -!- cmanns [4750f28c@gateway/web/freenode/ip.71.80.242.140] has joined #openvpn
16:17 < cmanns> So this is odd, tun openvpn linux server. My client can "see" websites that are hosted on the system via their public IP/domain name, but google, etc doesnt load.
16:18 < cmanns> Did the usual iptables/ push redirect gateway def1 etc...is odd it loads the websites though so that must mean the tun0 can talk to localhost, but not out through eth1.x (system has multiple ips) would bridging to a spare IP be better or worse for multiple clients + public internet
16:18 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has left #openvpn []
16:29 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Read error: Connection reset by peer]
16:36 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
16:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:50 -!- cmanns [4750f28c@gateway/web/freenode/ip.71.80.242.140] has quit [Ping timeout: 246 seconds]
16:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
17:19 -!- cmanns [4750f28c@gateway/web/freenode/ip.71.80.242.140] has joined #openvpn
17:19 < cmanns> !paste
17:19 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
17:23 < cmanns> Heres my OpenVPN server setup + client (same between two besides key changes) https://gist.github.com/anonymous/be2160a17c34d553c904
17:23 <@vpnHelper> Title: openvpn setup · GitHub (at gist.github.com)
17:29 -!- cmanns [4750f28c@gateway/web/freenode/ip.71.80.242.140] has quit [Ping timeout: 246 seconds]
17:30 -!- cmanns [4750f28c@gateway/web/freenode/ip.71.80.242.140] has joined #openvpn
17:32 -!- cmanns [4750f28c@gateway/web/freenode/ip.71.80.242.140] has quit [Client Quit]
17:42 < c|oneman> I have a headless machine with only 1 ethernet card. I keep breaking it trying setup a briddge when editing /etc/network/interfaces. What am I doing wrong
17:45 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:16 -!- hennos [~midas8@167.160.44.245] has quit [Quit: Leaving]
18:33 -!- jrgcombr__ [~jrgcombr@179.34.155.20] has joined #openvpn
18:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:37 -!- jrgcombr_ [~jrgcombr@177.139.245.237] has quit [Ping timeout: 272 seconds]
18:41 -!- rhollan [~rhollan@205.185.218.236] has quit [Quit: Leaving]
18:41 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
19:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
19:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:20 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
19:32 -!- __r4z [~Thunderbi@187-254-54-241-cable.cybercable.net.mx] has quit [Quit: __r4z]
19:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
20:00 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 246 seconds]
20:01 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:07 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 252 seconds]
20:09 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:14 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
21:11 -!- nhooyr [~nhooyr@69.157.106.110] has joined #openvpn
21:14 < nhooyr> hello I am trying to route everything over my openvpn. I have NAT setup, and IP forwarding via https://wiki.archlinux.org/index.php/OpenVPN#Routing_all_client_traffic_through_the_server and the appropiate server config at https://gist.github.com/aubble/63cd2fe6887a368c8292. Now I can't get my head around why its not routing properly, all traffic through the vpn. i used iptables for NAT and sysctl to enable
21:14 <@vpnHelper> Title: OpenVPN - ArchWiki (at wiki.archlinux.org)
21:14 < nhooyr> ipv4 forwarding so it should work right (i used exact command above for iptables but eth0 replaced with enp2s0 which is my interface)
21:14 < nhooyr> i'm using osx latest el capitan beta and tunnelblick as client
21:22 < Gaffel> What works and what doesn't work?
21:26 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:31 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
22:15 -!- Lycerion [~Lycerion@unaffiliated/lycerion] has joined #openvpn
22:23 -!- dEPy [~dEPy@206.222.164.64] has joined #openvpn
22:43 < nhooyr> Gaffel: i can ping my vpnserver but I cannot route anything through my interface, eg i can ping 10.8.0.1 but I cannot say ping the router on the other side (even though I have the route setup for it) which is at 192.168.4.1. i cannot route anything at all through this tun on the client side. its really weird because its a utun and it says 10.8.0.6 -> 10.8.0.5 on its description when I do ifconfig which i
22:43 < nhooyr> find odd and cannot find any information online, i can provide my client/server confs
22:44 < nhooyr> or anything else you need
22:44 < nhooyr> to help me
22:55 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-hgbkgruvgaendvyy] has joined #openvpn
23:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
23:06 < subzero79> nhooyr is forwarding enabled in the server ?
23:06 < nhooyr> subzero79: yes
23:07 < nhooyr> subzero79: NAT is good too, atleast i think it is lol im gonna try tomorrow but with ufw, there are some guides on it
23:07 < subzero79> what i usually do in this cases is use tcmpdump
23:08 < Gaffel> Show us the server config.
23:08 < subzero79> tcpdump
23:08 -!- mystica555_ [~mystica55@97-118-103-210.hlrn.qwest.net] has quit [Remote host closed the connection]
23:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:10 -!- mystica555 [~mystica55@97-118-103-210.hlrn.qwest.net] has joined #openvpn
23:12 < Gaffel> nhooyr: Show us your configs.
23:13 -!- NetworkingPro is now known as DeltaV
23:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
23:14 -!- DeltaV is now known as Singularity
23:15 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:18 -!- Singularity is now known as Event_Horizon
23:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
23:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:33 -!- dEPy [~dEPy@206.222.164.64] has quit [Quit: (null)]
23:37 -!- ShadniX [dagger@p5DDFF9D3.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:37 -!- ShadniX [dagger@p5481DD1B.dip0.t-ipconnect.de] has joined #openvpn
23:50 -!- Event_Horizon is now known as TheKeeper
--- Day changed Mon Sep 21 2015
00:09 -!- nhooyr [~nhooyr@69.157.106.110] has quit [Quit: WeeChat 1.3]
00:13 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:31 -!- mode/#openvpn [+o mattock1] by ChanServ
00:35 -!- joako [~joako@opensuse/member/joak0] has quit [Quit: quit]
00:54 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
01:03 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:04 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
01:09 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
01:11 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
01:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
01:31 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://hallowe.lt/]
01:33 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
02:51 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
02:57 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
03:05 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:14 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Read error: Connection reset by peer]
03:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:24 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
03:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:28 < sixgod> hi, port 1194 is blocked at my uni
03:28 < sixgod> all ports except 80 is blocked
03:28 < sixgod> is it possible to run teh server on port 80?
03:30 -!- novaflash_away is now known as novaflash
03:55 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-hgbkgruvgaendvyy] has quit [Remote host closed the connection]
03:55 -!- jefferai [sid1300@kde/mitchell] has quit [Remote host closed the connection]
03:55 -!- TheKeeper [uid47591@gateway/web/irccloud.com/x-xrdzitudfstsrxrl] has quit [Remote host closed the connection]
04:02 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
04:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:13 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
04:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:25 -!- mode/#openvpn [+o mattock1] by ChanServ
04:33 < Tools> sixgod, if you have nothing else running on that port, I don't see a reason why not.
04:36 < sixgod> I run it on 443 instead
04:36 < sixgod> that's most likely not blocked either
04:36 < sixgod> ran*
04:36 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lnwwjoqavmbleeak] has joined #openvpn
04:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:29 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
05:37 -!- toli [~toli@ip-62-235-237-63.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:38 -!- toli [~toli@ip-62-235-214-21.dsl.scarlet.be] has joined #openvpn
05:47 -!- duelle [~duelle@unaffiliated/duelle] has joined #openvpn
05:48 < duelle> Hi there, recently I have connection speed issues with my openvpn. Although server and client have sufficient up/down speed I only get a max of about 100 kb/s down on my client. The server (Debian 7.9) is running openvpn 2.2.1-8+deb7u3 and the client 2.3.6 (Arch Linux). The connection has not always been that slow - its just since about 2 weeks. Is there anything I could try to improve the speed again?
05:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
05:58 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:58 -!- mode/#openvpn [+o mattock2] by ChanServ
06:12 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
06:15 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
06:40 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:52 -!- jrgcombr_ [~jrgcombr@179.34.174.17] has joined #openvpn
06:53 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
06:53 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
06:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:55 -!- jrgcombr__ [~jrgcombr@179.34.155.20] has quit [Ping timeout: 240 seconds]
07:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
07:04 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 268 seconds]
07:05 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Ping timeout: 272 seconds]
07:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:09 < sixgod> sooo the firewall is blcoking all ports except 80 and 443
07:10 < sixgod> im trying to connect ot the vpn on 443 but im getting Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
07:10 < sixgod> is there any way to bypass this?
07:11 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
07:16 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
07:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:30 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 260 seconds]
07:41 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
07:41 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
07:44 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
07:44 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
07:49 -!- adac [~adac@c703-fwngw.uibk.ac.at] has joined #openvpn
07:49 < adac> Is it possible to have an openvpn cluster?
07:49 < adac> So when one openvpn server fails, I still would have a second one
07:57 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
08:01 -!- hennos [~midas8@167.160.44.245] has joined #openvpn
08:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
08:14 -!- fmerges [~fmerges@161.72.100.50] has joined #openvpn
08:15 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
08:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:18 < fmerges> i have a public network, and an openvpn server in it, so i want all the traffic to that public network to go through the openvpn server, I commented out the option to send all traffic through the vpn and i push a route so that for this public network it goest through the vpn
08:19 < fmerges> the problem is that i need also to add a concrete route that the traffic that goes to the openvpn server doesn't go through the vpn
08:19 < fmerges> but through the default route to reach that server... any ideas how i can make the server push that route?
08:20 < fmerges> what i see if the server pushes the route he associates it to the tun device...
08:25 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
08:26 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
08:28 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:29 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
08:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
08:37 < fmerges> nevermind... solved via net_gateway
08:37 -!- fmerges [~fmerges@161.72.100.50] has left #openvpn []
08:54 -!- marlinc_ [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
08:57 -!- marlinc_ is now known as marlinc
09:01 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
09:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
09:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
09:25 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
09:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
09:36 -!- duelle [~duelle@unaffiliated/duelle] has quit [Quit: Leaving]
09:37 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
09:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:11 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-shgnisxssafhamkp] has joined #openvpn
10:11 < NetworkingPro> Sup everyone?
10:12 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
10:13 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:14 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
10:16 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:17 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:17 -!- mode/#openvpn [+o mattock1] by ChanServ
10:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
10:18 -!- dionysus70 is now known as dionysus69
10:19 < NetworkingPro> dazo_afk: I made your recommendation reality.
10:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
10:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
10:28 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:28 -!- mode/#openvpn [+o mattock1] by ChanServ
10:40 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
10:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
10:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
10:48 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
10:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:49 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Client Quit]
11:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:02 -!- mode/#openvpn [+o mattock1] by ChanServ
11:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:21 < Dr-007> i'm intentionally making faults inside my openvpn server config
11:21 < Dr-007> then i restart openvpn
11:21 < Dr-007> but it doesn't say that something went wrong
11:22 < Dr-007> then i ps ax to see if the server is running
11:22 < Dr-007> and it isn't running
11:22 < Dr-007> huuh?
11:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:32 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
11:43 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:43 -!- adac [~adac@c703-fwngw.uibk.ac.at] has quit [Ping timeout: 255 seconds]
11:49 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:51 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 265 seconds]
11:52 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
11:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 255 seconds]
11:56 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
11:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
12:00 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
12:04 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has quit [Ping timeout: 255 seconds]
12:06 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has joined #openvpn
12:13 -!- gava100 [~circuser-@201.48.114.241] has joined #openvpn
12:20 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 255 seconds]
12:20 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 248 seconds]
12:21 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
12:29 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
12:32 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
12:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:36 -!- mode/#openvpn [+o mattock1] by ChanServ
12:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
12:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:37 -!- mode/#openvpn [+o mattock1] by ChanServ
12:39 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Ping timeout: 246 seconds]
12:40 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:42 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:46 -!- trohn_javolta [51d990bf@gateway/web/freenode/ip.81.217.144.191] has joined #openvpn
12:46 < trohn_javolta> hello
12:47 < trohn_javolta> i have a question, openvpn doesn't find my login.conf file and ca file
12:48 < trohn_javolta> everything is in /etc/openvpn
12:49 < trohn_javolta> if i write in client.conf: ca /etc/openvpn/ca.crt it works..but i want it to work without that
12:52 < DArqueBishop> trohn_javolta, what happens if you put "cd /etc/openvpn" in your conf file?
12:53 < trohn_javolta> where would i put that? just as first line in client.conf?
12:53 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:54 < DArqueBishop> Yes. That sets the search path for OpenVPN.
12:54 < trohn_javolta> yes it works
12:54 < trohn_javolta> hmm.. thats the point..
12:55 < trohn_javolta> i got many .ovpn files
12:55 < trohn_javolta> for each server one to be exact
12:56 < trohn_javolta> my goal is to randomly connect to a different one of these "serverconfig.ovpn files" every hour or so
12:58 < trohn_javolta> and also i want to connect to the best of these servers, so ping them before connect and choose server with lowest ping.
13:01 -!- pmarques [529b6c2e@gateway/web/cgi-irc/kiwiirc.com/ip.82.155.108.46] has joined #openvpn
13:03 < pmarques> Hi, I had a vpn server behind a router and due to some problemas with the equipment a need to move the openvpn server to directly connect to public routers, the host have two links/networks for each public IP, my problem is that the openvpn is receiving connection from one IP but sending response to another one, I have configured routing tables for
13:03 < pmarques>  each interface but I don't know what to do now
13:04 -!- trohn_javolta [51d990bf@gateway/web/freenode/ip.81.217.144.191] has quit [Quit: Page closed]
13:05 < gava100> Hello All,
13:05 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Ping timeout: 255 seconds]
13:06 < gava100> Please I'd like to hear a feedback from you guys regarding the features for openvpn NAT.
13:07 < gava100> In other words, I'd like to know if it will be merged to the main branch. :-)
13:07 -!- petn-randall [~petn-rand@azuma.rocketjump.eu] has quit [Ping timeout: 264 seconds]
13:07 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:20 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
13:24 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
13:24 < ValdikSS> Hi! Please take a look at a patch https://community.openvpn.net/openvpn/ticket/180#comment:9
13:24 <@vpnHelper> Title: #180 (OpenVPN won't send AUTH_FAILED if client-connect plugin exited successfully but script not) – OpenVPN Community (at community.openvpn.net)
13:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:39 < pmarques> maybe this is the only solution.... http://serverfault.com/questions/584374/reply-on-the-same-interface-as-incoming-with-dnated-ip
13:39 < pmarques> '
13:39 <@vpnHelper> Title: iptables - Reply on the same interface as incoming with DNATed IP - Server Fault (at serverfault.com)
13:39 < pmarques> ?
13:43 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
13:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:47 -!- GNU\colossus [colo@truschnigg.info] has joined #openvpn
13:48 < GNU\colossus> hi there.
13:50 < GNU\colossus> I'm trying to set up a new OpenVPN server in parallel to an old one that we'd like to eventually replace. (the old server is the gatway of the remote network and does WAY too many things.) I'm stuck now, because the new VPN subnet doesn't get routed the way I'd expect it to be. I've summed up the symptom(s) I fail to understand here: https://paste.debian.net/plainh/2afe4d42
13:50 < GNU\colossus> can anyone of you maybe take a look and try to help me out?
13:51 < GNU\colossus> I think I basically don't understand why this rt entry here: "172.16.43.0/25 via 10.10.10.19 dev eth0" isn't enough to have the default gw take care of routing the packages for the VPN subnet towards the new VPN server...
13:52 -!- MrVandelay [~nox@sysv.se] has joined #openvpn
13:53 < MrVandelay> How come it takes so long to stop an openvpn-session that was active while you lost your internet connectivity?
13:55 < MrVandelay> (I'm talking about manually stopping it, not for it to discover it automatically)
13:58 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
13:59 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
14:04 -!- liriel [~liriel@185.21.217.6] has quit [Max SendQ exceeded]
14:05 -!- pmarques [529b6c2e@gateway/web/cgi-irc/kiwiirc.com/ip.82.155.108.46] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
14:06 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
14:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
14:29 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 240 seconds]
14:35 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
14:38 -!- liriel [~liriel@185.21.217.6] has quit [Client Quit]
14:39 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:39 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
14:39 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:59 -!- voidstar [~imnotf@unaffiliated/voidstar] has quit [Quit: All great C programmers never die; they are simply cast into void.]
14:59 -!- voidstar [~imnotf@unaffiliated/voidstar] has joined #openvpn
15:04 -!- SJr [~sjr@70.68.163.202] has joined #openvpn
15:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
15:19 -!- gava100 [~circuser-@201.48.114.241] has quit [Remote host closed the connection]
15:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:20 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Ping timeout: 250 seconds]
15:21 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 250 seconds]
15:21 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has quit [Ping timeout: 250 seconds]
15:23 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
15:23 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
15:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:25 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
15:25 -!- MrVandelay [~nox@sysv.se] has quit [Ping timeout: 264 seconds]
15:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
15:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:38 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:43 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has quit [Ping timeout: 240 seconds]
15:44 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:48 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
15:49 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
15:50 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
15:51 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
15:51 -!- Sambom__ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
16:05 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
16:08 -!- DrCode [~DrCode@5.28.134.3] has quit [Quit: ZNC - http://znc.in]
16:17 -!- Sambom__ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
16:17 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
16:19 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
16:22 -!- DrCode [~DrCode@5.28.134.3] has quit [Quit: ZNC - http://znc.in]
16:24 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
16:25 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
16:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 268 seconds]
17:00 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:05 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.92 [Firefox 40.0.3/20150826023504]]
17:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:56 -!- shio [~shio@126.121.101.84.rev.sfr.net] has quit [Ping timeout: 264 seconds]
18:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 255 seconds]
18:00 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has joined #openvpn
18:07 < akkad> is there a way to block a given key?
18:15 < cyberanger> revoke it from your certificate authority
18:16 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
19:04 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
19:12 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Read error: Connection reset by peer]
19:13 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
19:17 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Ping timeout: 252 seconds]
19:17 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
19:17 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
19:20 -!- diytto [~diytto@de.diytto.com] has joined #openvpn
19:25 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 240 seconds]
19:26 -!- Tyklol [tykling@gibfest.dk] has joined #openvpn
19:27 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
19:27 -!- kloeri_ [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
19:30 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:32 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Ping timeout: 600 seconds]
19:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
19:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:42 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 272 seconds]
19:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:49 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
19:55 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:01 -!- hays_ is now known as hays
20:06 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
20:16 -!- hennos [~midas8@167.160.44.245] has quit [Quit: Leaving]
20:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:45 -!- Alittlemurkling [~zap@71.56.127.235] has joined #openvpn
20:47 < Alittlemurkling> !welcome
20:47 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
20:47 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:02 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
21:15 < Alittlemurkling> Hello. I am running Arch Linux, and am trying to setup my openvpn client for torrent traffic only. I am able to bind my torrent client to the vpn interface, so that portion is out of the way, but web traffic is still routed through the vpn. How do I prevent this?
21:24 < cyberanger> Alittlemurkling: From what your asking, that IS what you want, torrent traffic only. What else are you trying to do?
21:37 < Alittlemurkling> cyberanger: I would like to use firefox on my normal ethernet interface, but have transmission use the vpn.
21:38 < Alittlemurkling> Google reports the wrong ip address, and the traffic is significantly slower, so I'm definitely using the vpn in firefox.
21:46 < Alittlemurkling> And there is no "redirect-gateway" line in my .ovpn, so I'm a bit confused as to why firefox is running traffic through the vpn.
21:46 -!- sixgod [~cavalcade@unaffiliated/sixgod] has quit [Read error: Connection reset by peer]
21:46 -!- sarlalian [~sarlalian@107.170.239.102] has quit [Ping timeout: 240 seconds]
21:46 -!- Alittlemurkling [~zap@71.56.127.235] has quit [Quit: Lost terminal]
21:46 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
21:47 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
21:48 -!- Alittlemurkling [~zap@71.56.127.235] has joined #openvpn
21:50 < Alittlemurkling> cyberanger: Sorry, forgot to tmux.
21:51 < Alittlemurkling> I have tried the --route-nopull option, but now transmission does not appear to be getting any traffic at all.
21:57 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
22:12 < subzero79> Alittlemurkling in linux i've done this by creating a secondary table to route normal traffic through eth0, then you need to mark packets (iptables) that you want to go through there (like dport 80), finally a ip rule for those packets go through the secondary table
22:16 < Alittlemurkling> subzero79: Ok, I'll look into iptables some more. I'm launching transmission as the "vpnroute" group, and using iptables to prevent that group from accessing anything other than tun0. I'll look into port specific rules though.
22:17 < Alittlemurkling> *as trying to do the opposite thing with my users group didn't go so well.
22:22 < subzero79> my setup was different though, the primary (default) table route table is used for normal traffic
22:22 < subzero79> the secondary for torrent
22:35 < Alittlemurkling> Yeah, transmission is just stupid and won't bind to tun0 without a fight. I might switch torrent clients.
22:41 -!- SJr [~sjr@70.68.163.202] has quit [Read error: Connection reset by peer]
22:46 < subzero79> binding never worked for me, neither transmission or deluge
22:46 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
22:49 < Alittlemurkling> Lol, great. Hopefully I can figure out these routing rules then.
22:53 < cyberanger> Alittlemurkling: sorry, I had to step out for a bit
22:54 < cyberanger> subzero79 was describing exactly what you need, bonus is if you run transmission under it's own user, you can mark packets based on uid too
22:54 < subzero79> indeed that's the idea
22:54 < subzero79> there is also several approaches to this
22:55 < subzero79> secondary table to torrent, and default normal
22:55 < subzero79> or the inverse
22:55 < cyberanger> subzero79: sorry, I saw the bit on dport 80, that's what I get for skimming
22:56 < cyberanger> I have a tor user that I do the same idea with, anything from that user must go via tor or fail
22:58 < subzero79> ok, i documented this for a provider in github once, in script form with a closing tap in case it goes down
22:59  * cyberanger wonders if that's the script he borrowed from, wouldn't be the first time to fins FOSS' small world
23:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
23:35 -!- ShadniX [dagger@p5481DD1B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:37 -!- ShadniX [dagger@p5794113F.dip0.t-ipconnect.de] has joined #openvpn
23:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
--- Day changed Tue Sep 22 2015
00:06 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
00:15 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:39 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:48 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 260 seconds]
00:59 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
01:13 -!- kloeri_ is now known as kloeri
01:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:59 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lnwwjoqavmbleeak] has quit [Quit: Connection closed for inactivity]
02:04 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:11 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:11 -!- mode/#openvpn [+o mattock1] by ChanServ
02:18 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
02:18 -!- mode/#openvpn [+v hyper_ch] by ChanServ
02:18 <+hyper_ch> krzee: when you're awake, hit me up
02:18 <+hyper_ch> pretty please :)
02:22 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 246 seconds]
02:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
02:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:32 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
02:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:39 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 250 seconds]
02:41 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
02:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:43 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-shgnisxssafhamkp] has quit [K-Lined]
02:43 -!- dan_j [sid21651@gateway/web/irccloud.com/x-mxqsletyidgtlnpz] has quit [K-Lined]
02:43 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-eqffjlhkifehsyvo] has quit [K-Lined]
02:43 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-kolifsyonemztznp] has quit [K-Lined]
02:43 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [K-Lined]
02:43 -!- jefferai [sid1300@kde/mitchell] has quit [K-Lined]
02:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:45 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 240 seconds]
02:46 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
02:49 -!- hennos [~midas8@167.160.44.245] has joined #openvpn
03:00 -!- DrCode [~DrCode@gateway/vpn/privateinternetaccess/drcode] has joined #openvpn
03:07 <@krzee> hyper_ch, ping
03:07 <+hyper_ch> got some time?
03:07 <@krzee> sure
03:07 <@krzee> wassup
03:08 <+hyper_ch> ok, I have openvpn server at my office but my office has slow internet and dynamic ip
03:08 <+hyper_ch> so I've been pondering to rent a cheap dedi box somewhere and run server there
03:09 <+hyper_ch> however I still wanna keep all traffic originating from the office lan in the office lan because it doesn't make sense to go through the external vpn server there
03:09 <+hyper_ch> and I was wondering if you have a good idea on how that could work together
03:10 <@krzee> im missing whats confusing you
03:10 <+hyper_ch> well, I want to have same openvpn subnets whether I'm in the office or not
03:10 <@krzee> when you connect to the office vpn, is it to access the internet over the vpn, or to access the work lan
03:11 <+hyper_ch> the work lan
03:11 <+hyper_ch> e.g. when I upload a 100mb file to the data server through the vpn
03:11 <@krzee> then whats the point of the dedicated server?
03:11 <+hyper_ch> it shouldn't go through the external vpn server
03:11 <+hyper_ch> because upload is slow
03:12 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-afbourymztahqwyy] has joined #openvpn
03:12 <@krzee> upload from the office will stay the same speed
03:12 <@krzee> it wont change
03:12 <+hyper_ch> however when I'm not in the office, there's issues because of dynamic ip... so I want to have an external vpn server to connect to
03:12 <@krzee> use a dynamic dns
03:12 <@krzee> im sure youve used those before
03:13 <@krzee> and use --float in case of ip change
03:13 <+hyper_ch> yes, but I'm even pondering to switch fiberoptic connection here to LTE because my fiber connection is artifically slowed down
03:13 <+hyper_ch> and then I won't even have a public IP anymore
03:14 <@krzee> then you'll be forced to use a dedi
03:14 <+hyper_ch> or run two servers
03:14 <@krzee> huh?
03:14 <+hyper_ch> keep running the internal server as it is now
03:15 <+hyper_ch> because when I wanna upload something to it, there's no need to go outside the lan here
03:15 <@krzee> so you're asking how you can do client to client transfers without it going through the server?
03:15 <+hyper_ch> well, that would be best but isn't working yet, right?
03:15 <+hyper_ch> so I'm pondering to setup two vpn servers
03:15 <@krzee> yet? its not even a goal
03:15 <@krzee> how would 2 servers help?
03:15 <+hyper_ch> when I'm in the office it will connect to the office one
03:16 <+hyper_ch> and outside it will connect to the dedi server
03:16 <@krzee> whats the vpn for when in the office?
03:16 <@krzee> isnt the office already in the office lan?
03:16 <+hyper_ch> everything is vpned
03:16 <+hyper_ch> except the network scanners
03:16 <@krzee> so you connect over wifi, then over vpn?
03:17 <+hyper_ch> no, ethernet
03:17 <@krzee> and then you're in the lan?
03:17 <@krzee> but the rest of it?
03:17 <+hyper_ch> with just ethernet you can't access anything
03:17 <+hyper_ch> everything is vpned
03:17 <@krzee> gotchya
03:17 <+hyper_ch> except for one samba share for the network scanner
03:17 <+hyper_ch> since it doesn't support vpn
03:18 <+hyper_ch> so I've been pondering to setup a dedi server
03:18 <+hyper_ch> that uses same certs and same subnet as in the office
03:18 <@krzee> why same subnet so necessary?
03:19 <@krzee> just use proper routing
03:19 <+hyper_ch> how?
03:19 <@krzee> how what
03:19 <+hyper_ch> how to do proper routing?
03:19 <@krzee> by adding a route on each hop in the line from 1 subnet to another, adding iroute entries in openvpn when the subnet is behind a client
03:20 <@krzee> (and visa versa obviously)
03:20 <+hyper_ch> hmmmmm
03:21 <@krzee> as long as each hop knows where to send the destination's traffic and has ip forwarding enabled, it will.
03:22 <+hyper_ch> but both servers would need to ran same certs, right? because I want them to be accessible by   vpn.domain.tld
03:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:26 <@krzee> dont need to, but may
03:28 <+hyper_ch> well, how would I establish a connection to different vpn servers on the different domain name that use different certs?
03:29 <@krzee> drum roll...
03:29 <@krzee> with a different config!
03:29 <@krzee> :D
03:29 <+hyper_ch> but then the other config would try and again to connect and drain battery
03:30 <@krzee> only if you told it to
03:34 <+hyper_ch> well, it should auto-connect :)
03:35 <@krzee> maybe a script could make that happen, one which checks what subnet its on first
03:35 <@krzee> and uses the right vpn accordingly
03:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:36 <@krzee> but ya you can use the same certs if it makes ya happy :)
03:36 <@krzee> well not same certs, same CA
03:37 <@krzee> nobody said you can only sign 1 server cert ;]
03:38 -!- DrCode [~DrCode@gateway/vpn/privateinternetaccess/drcode] has quit [Remote host closed the connection]
03:41 -!- d0p [~d0p@unaffiliated/g0ts1ck] has joined #openvpn
03:41 < d0p> guys here ?
03:41 < d0p> how can i check the status of openvpn server ?
03:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:43 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:43 <@krzee> !management
03:43 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read https://github.com/OpenVPN/openvpn/blob/release/2.3/doc/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN or (#3) Enable with `--management 127.0.0.1 1234` (adjust port to taste.) See the manpage for pw and socket options
03:44 <@krzee> once you've enabled the management interface on the server you can telnet to it and say: status
03:44 <@krzee> assuming you meant connected clients and whatnot
03:44 < d0p> krzee:
03:45 < d0p> I've https://github.com/Nyr/openvpn-install setuped it using this,
03:45 <@vpnHelper> Title: Nyr/openvpn-install · GitHub (at github.com)
03:45 <@krzee> i have no interest in understanding that
03:45 < d0p> oh lol
03:48 -!- dan_j [sid21651@gateway/web/irccloud.com/x-hhmjqcdwipdqozid] has joined #openvpn
03:55 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
04:07 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 244 seconds]
04:14 -!- wbk [wallbroken@gateway/shell/bnc4free/x-gfygqdnpenjhlmqi] has joined #openvpn
04:14 < wbk> Hi
04:15 < wbk> Do you know some free service provider that offers openvpn account without changing password every week ?
04:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
04:28 -!- d0p [~d0p@unaffiliated/g0ts1ck] has quit [Ping timeout: 252 seconds]
04:41 -!- d0p [~d0p@unaffiliated/g0ts1ck] has joined #openvpn
04:44 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
04:46 -!- d0p [~d0p@unaffiliated/g0ts1ck] has quit [Ping timeout: 265 seconds]
04:48 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:49 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-dtxxdscmyerberyt] has joined #openvpn
04:50 -!- d0p [~d0p@unaffiliated/g0ts1ck] has joined #openvpn
04:55 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
04:55 -!- d0p [~d0p@unaffiliated/g0ts1ck] has quit [Ping timeout: 264 seconds]
04:56 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:58 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-mksegadecpkrfqnm] has joined #openvpn
04:58 -!- d0p [~d0p@unaffiliated/g0ts1ck] has joined #openvpn
05:11 <+hyper_ch> http://www.der-postillon.com/2013/05/studie-sprengung-von-flughafen-ber.html
05:11 <@vpnHelper> Title: Der Postillon: Studie: Sprengung von Flughafen BER würde Bauarbeiten enorm beschleunigen (at www.der-postillon.com)
05:13 <+hyper_ch> Durch die Sprengung des Geländes wäre die Flughafen Berlin Brandenburg GmbH auf einen Schlag sämtliche Baumängel los, die einzeln zu beheben eine halbe Ewigkeit in Anspruch nehmen würde.
05:13 <+hyper_ch> Dabei müsste noch nicht einmal völlig bei Null angefangen werden: Berechnungen des ARC zufolge werden nach der Explosion nämlich schon allein aus purem Zufall mehr Trümmer korrekt aufeinanderliegen als zum jetzigen Zeitpunkt.
05:13 <+hyper_ch> :)
05:18 -!- d0p [~d0p@unaffiliated/g0ts1ck] has quit [Ping timeout: 264 seconds]
05:28 -!- d0p [~d0p@unaffiliated/g0ts1ck] has joined #openvpn
05:30 < Neighbour> hyper_ch: lol...that would be an awesome sight
05:30 <+hyper_ch> sorry, wrong channel :)
05:31 <+hyper_ch> but you know German?
05:35 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
05:46 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
06:12 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Read error: Connection reset by peer]
06:12 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
06:17 -!- hennos [~midas8@167.160.44.245] has quit [Quit: Leaving]
06:24 -!- hennos [~midas8@167.160.44.250] has joined #openvpn
06:26 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 268 seconds]
06:29 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
06:30 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
06:30 -!- hennos [~midas8@167.160.44.250] has quit [Quit: Leaving]
06:31 -!- hennos [~midas8@167.160.44.250] has joined #openvpn
06:37 < wbk> Do you know some free service provider that offers openvpn account without changing password every week ?
06:48 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 240 seconds]
06:49 -!- Xeru [~Xeru@gateway/vpn/privateinternetaccess/xeru] has joined #openvpn
06:53 < Neighbour> localhost services inc :P
06:58 < wbk> nobody available?
07:03 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: time to go now]
07:16 <+hyper_ch> wbk: lmited to 1gb per month?
07:16 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
07:16 <+hyper_ch> sorry, 2gb per month
07:16 < wbk> hyper_ch could be good
07:16 < wbk> i don't like to refresh the password everytime
07:16 <+hyper_ch> hide.me
07:18 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
07:19 < wbk> hyper_ch, does not support openvpn
07:20 <+hyper_ch> they do
07:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:21 <+hyper_ch> ah, seems they changed to to plus/premium users
07:24 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 256 seconds]
07:25 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
07:29 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 240 seconds]
07:33 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
07:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:40 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
07:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:44 -!- hennos [~midas8@167.160.44.250] has quit [Quit: Leaving]
07:47 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 246 seconds]
07:48 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
07:56 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 246 seconds]
08:04 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
08:08 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 250 seconds]
08:09 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: time to go now]
08:19 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
08:27 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: time to go now]
08:33 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
08:34 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
08:35 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
08:37 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
08:38 -!- shiriru [~shiriru@77.85.251.196] has quit [Client Quit]
08:40 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
08:44 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:03 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
09:03 -!- d0p [~d0p@unaffiliated/g0ts1ck] has quit [Quit: WeeChat 1.3]
09:06 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
09:14 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 246 seconds]
09:14 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-iwtgoykhybyawvny] has joined #openvpn
09:19 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
09:22 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
09:26 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
09:35 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 264 seconds]
09:42 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Remote host closed the connection]
09:43 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 240 seconds]
09:44 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:45 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
09:46 -!- jesopo [jess@lolnerd.net] has joined #openvpn
09:50 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Ping timeout: 272 seconds]
10:07 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:12 -!- e1z0 [u571@netlinux/founder/e1z0] has quit [Read error: Connection reset by peer]
10:32 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
10:32 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
10:32 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
10:38 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
10:54 -!- FutureTense [~FutureTen@unaffiliated/futuretense] has joined #openvpn
10:56 < FutureTense> Hi all.  I've setup an OpenVPN server and have been able to connect several iOS clients to it without a problem.  However I'm trying to connect Windows 10 and keep getting various errors.   Here is what my ovpn file looks like (I'm using the same client I created for my IOS devices).  I have embedded the certs in the ovpn, but removed them for the paste.  https://bpaste.net/show/b854440ba3cf
10:58 < FutureTense> and here is my error log: https://bpaste.net/show/06fb7b462b92
10:58 < FutureTense> I suspect the "unsupported certificate purpose" is the issue
11:00 < FutureTense> Assuming I don't have a client connected already, shouldnt I be able to use the same ovpn from any machine?
11:00 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
11:00 -!- alex1723841 [~Adium@80.244.37.160] has joined #openvpn
11:06 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Ping timeout: 246 seconds]
11:10 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
11:18 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
11:24 < skyroveRR> FutureTense: may I get a look at your server.conf?
11:24 < FutureTense> Im running OpenVPN on tomato router
11:25 < FutureTense> So all I have are the keys... let me get some screenshots
11:25 < skyroveRR> There must be an option to export the config file..
11:25 < skyroveRR> Oh..
11:26 < FutureTense> http://imagebin.ca/v/2GXlcgwImp2a
11:26 <@vpnHelper> Title: Imagebin - Somewhere to Store Random Things (at imagebin.ca)
11:28 < FutureTense> http://imagebin.ca/
11:28 <@vpnHelper> Title: Imagebin - Somewhere to Store Random Things (at imagebin.ca)
11:28 < FutureTense> ooof
11:28 < FutureTense> http://imagebin.ca/v/2GXm4Tl5gS69
11:28 <@vpnHelper> Title: Imagebin - Somewhere to Store Random Things (at imagebin.ca)
11:29 < skyroveRR> Guess I found your error..
11:30 < skyroveRR> In the first screenshot, you have "Authorization Mode" to "TLS".
11:30 < FutureTense> I can probably telnet into the router and get the config file
11:30 < wbk> Do you know some free service provider that offers openvpn account without changing password every week ?
11:30 < FutureTense> what should I change it to?
11:30 < skyroveRR> But below that, the option Extra HMAC tls-auth is disabled..
11:30 < skyroveRR> You need to create a TLS auth key, and share it between the server and the clients.
11:31 -!- toli [~toli@ip-62-235-214-21.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
11:32 -!- Xeru [~Xeru@gateway/vpn/privateinternetaccess/xeru] has quit [Ping timeout: 250 seconds]
11:32 < FutureTense> Shouldnt I be able to use the same ovpn file on every client?  Assuming I am not doing multple connections
11:33 < skyroveRR> Umm. one sec.
11:34 < skyroveRR> Forget the tls-auth stuff. It's an openssl issue.
11:35 -!- toli [~toli@ip-62-235-214-21.dsl.scarlet.be] has joined #openvpn
11:35 < skyroveRR> https://devcentral.f5.com/questions/certs-chains-and-authenticate-depth
11:35 <@vpnHelper> Title: Certs chains and authenticate depth... (at devcentral.f5.com)
11:35 < FutureTense> I embedded the all of the cert files in the ovpn file
11:35 < FutureTense> Though I did import the CA cert into my windows machine... maybe thats the problem
11:36 < skyroveRR> Run this on tomato, if supported... openssl verify -CAfile ca.crt server.crt
11:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:40 -!- FutureTense [~FutureTen@unaffiliated/futuretense] has quit [Read error: No route to host]
11:40 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:41 -!- FutureTense [~FutureTen@unaffiliated/futuretense] has joined #openvpn
11:41 < FutureTense> verify is not sipported
11:42 < FutureTense> Honestly, I dont think its the server, as I'm able to connect with other clients
11:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:43 < skyroveRR> It's most likely openssl related..
11:43 < skyroveRR> Not openvpn related.
11:43 < skyroveRR> Can you pls try #openssl? :)
11:45 < skyroveRR> FutureTense: do you have some other windows client to try on?
11:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:47 < FutureTense> I can try Windows 7
11:48 < skyroveRR> Do.
11:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:51 < FutureTense> Doing..
11:57 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 272 seconds]
12:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:07 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
12:08 < skyroveRR> FutureTense: any progress?
12:08 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:11 -!- hennos [~midas8@167.160.44.250] has joined #openvpn
12:15 -!- FutureTense [~FutureTen@unaffiliated/futuretense] has quit [Ping timeout: 255 seconds]
12:25 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:26 -!- skyroveRR_ is now known as skyroveRR
12:28 < SJr> OpenVPN has stopped working I can't seem to connect at all this was working fine for months, and I didn't really make any updates. Config and Logs are here: http://www.pastebin.ca/3171217 . One thing I am seeing is that wireshark says that the server is just responding with P_CONTROL_HARD_RESET_SERVER_V2
12:29 -!- FutureTense [~FutureTen@unaffiliated/futuretense] has joined #openvpn
12:29 < FutureTense> Same deal on Windows 7
12:37 < skyroveRR> FutureTense: :(
12:37 < skyroveRR> Tried #openssl?
12:37 < FutureTense> not yet.. I just noticed this thing in the sample config about windows needing TAP
12:37 < FutureTense> trying that first
12:38 < skyroveRR> No, use TUN.
12:38 < skyroveRR> Quite easy.
12:41 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:43 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Read error: Connection reset by peer]
12:44 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
12:51 -!- FutureTense [~FutureTen@unaffiliated/futuretense] has quit [Quit: Leaving]
12:58 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
13:02 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Ping timeout: 244 seconds]
13:02 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
13:06 -!- voidstar [~imnotf@unaffiliated/voidstar] has left #openvpn ["Leaving"]
13:15 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:28 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
13:31 -!- cryptic1 is now known as cryptic11
13:33 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:34 -!- cryptic11 is now known as cryptic1
13:36 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
13:37 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
13:46 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
13:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:03 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
14:09 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:11  * m3n3chm0 nasZ
14:20 -!- jrgcombr_ [~jrgcombr@179.34.174.17] has quit [Quit: Leaving]
14:26 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Read error: Connection reset by peer]
14:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:47 -!- alex1723841 [~Adium@80.244.37.160] has quit [Quit: Leaving.]
14:59 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:02  * m3n3chm0 hi
15:22 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
15:31 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
15:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:53 -!- neurosys [~neurosys@2601:586:201:d800:20d:b9ff:fe35:3959] has joined #openvpn
15:54 < neurosys> Is it possible to have unique multi-user connecting to an OpenVPN server?
15:54 < neurosys> self-hosted?
16:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
16:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:12 -!- NetworkingPro is now known as Dildo_Baggins
16:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:22 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Read error: No route to host]
16:31 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
16:36 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:43 -!- toli [~toli@ip-62-235-214-21.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
16:44 -!- rts- [~rtsnd@130.43.141.2] has joined #openvpn
16:44 < rts-> Hello, I'm having trouble with my OpenVPN server configuration.... my client keeps failing to connect with: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) but I am certain the ca/cert/key files are correct.
16:45 -!- hennos [~midas8@167.160.44.250] has quit [Quit: Leaving]
16:47 -!- toli [~toli@ip-62-235-214-21.dsl.scarlet.be] has joined #openvpn
17:08 -!- willeponken [~willeponk@2a03:b0c0:2:d0::1c0:f003] has quit [Ping timeout: 252 seconds]
17:09 -!- Protected [~Join@95.211.204.167] has quit [Ping timeout: 252 seconds]
17:09 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 256 seconds]
17:12 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
17:14 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 252 seconds]
17:14 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 252 seconds]
17:14 -!- deviant [deviant@xion.pl] has joined #openvpn
17:15 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
17:15 < rts-> figured it out, thanks all
17:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
17:15 -!- rts- [~rtsnd@130.43.141.2] has quit [Quit: Leaving]
17:16 < deviant> I'm setting up 30 openvpn clients on debian wheezy, openvpn version 2.2.1, and I'm getting the following in logs: MULTI: new incoming connection would exceed maximum number of clients (10)
17:16 < deviant> I did add max-clients 100 to the server config, but it still complains and it won't allow any new connections past the limit of 10
17:16 -!- neurosys [~neurosys@2601:586:201:d800:20d:b9ff:fe35:3959] has quit [Ping timeout: 252 seconds]
17:16 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 252 seconds]
17:17 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
17:17 -!- mode/#openvpn [+v hazardous] by ChanServ
17:17 -!- patsToms [~patsToms@radioa7.lv] has quit [Ping timeout: 252 seconds]
17:17 < deviant> any idea what else needs to be changed to be able to use more than 10 connections at a time?
17:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:17 -!- patsToms [~patsToms@radioa7.lv] has joined #openvpn
17:17 -!- akkad [akkad@dns.mauthesis.com] has quit [Ping timeout: 252 seconds]
17:18 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Remote host closed the connection]
17:18 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
17:18 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
17:19 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has quit [Ping timeout: 252 seconds]
17:20 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has joined #openvpn
17:21 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Ping timeout: 252 seconds]
17:22 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
17:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
17:28 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 252 seconds]
17:28 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
17:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:42 -!- toli [~toli@ip-62-235-214-21.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:45 -!- toli [~toli@ip-62-235-215-48.dsl.scarlet.be] has joined #openvpn
17:47 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:52 -!- hennos [~midas8@167.160.44.227] has joined #openvpn
17:57 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
18:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:11 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
18:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:39 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 240 seconds]
18:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
18:55 -!- somazero [~somazero@ip72-198-81-29.ok.ok.cox.net] has joined #openvpn
19:18 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:22 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:57 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 256 seconds]
19:59 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:08 -!- ShadniX [dagger@p5794113F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
20:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:11 -!- hennos [~midas8@167.160.44.227] has quit [Quit: Leaving]
20:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:18 -!- Andre483 [~Andre@c-71-229-249-39.hsd1.co.comcast.net] has left #openvpn ["Leaving"]
20:25 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 265 seconds]
20:25 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
20:29 < somazero> Anyone have any decent resources for firewalld/routing setup for a single nic openvpn server setup?
20:46 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
20:56 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
21:05 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 252 seconds]
21:20 -!- Dildo_Baggins is now known as NetworkingPro
21:24 -!- Alittlemurkling [~zap@71.56.127.235] has quit [Remote host closed the connection]
21:25 -!- ShadniX [dagger@p5DDFCDB9.dip0.t-ipconnect.de] has joined #openvpn
21:25 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
21:49 -!- early [~early@2607:5300:100:200::160d] has quit [K-Lined]
21:57 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
22:02 -!- KronoZ [~KronoZ@proxy.kronoz.guru] has joined #openvpn
22:06 -!- webdawg [~webdawg@ip68-102-242-78.ks.ok.cox.net] has joined #openvpn
22:06 < webdawg> easyrsa3 support intermediate ca's?
22:13 -!- KronoZ is now known as KronoZ[away]
22:13 -!- KronoZ[away] is now known as KronoZ
22:14 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:28 < webdawg> ?
22:37 < webdawg> I suppose I would create another ca and sign the request as a ca?
22:38 < webdawg> good talk guys.
22:38 < webdawg> Thanks!
22:38 < webdawg> :p
23:12 -!- webdawg [~webdawg@ip68-102-242-78.ks.ok.cox.net] has quit [Quit: leaving]
23:33 -!- ShadniX [dagger@p5DDFCDB9.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX_ [dagger@p5481D425.dip0.t-ipconnect.de] has joined #openvpn
23:33 -!- ShadniX_ is now known as ShadniX
23:58 -!- apollo2k is now known as aPollO2k
--- Day changed Wed Sep 23 2015
00:01 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:03 -!- AMERICAN_PSYCHO [~AMERICAN_@92.sub-70-196-9.myvzw.com] has joined #openvpn
00:03 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
00:05 -!- KronoZ [~KronoZ@proxy.kronoz.guru] has quit [Quit: Coyote finally caught me]
00:06 -!- KronoZ [~KronoZ@proxy.kronoz.guru] has joined #openvpn
00:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:28 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
00:30 -!- Caplain [~shayne@c-73-161-233-107.hsd1.mi.comcast.net] has joined #openvpn
00:30 < Caplain> how do i have my ovpn server set a route when the tun0 adapter is brought up?
00:31 < Caplain> i tried the iroute entry in my ccd for the remote client that is doing the routing but it isn't showing up on the server routing table
00:59 -!- Tyklol is now known as Tykling
01:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:08 -!- mode/#openvpn [+o mattock1] by ChanServ
01:20 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 240 seconds]
01:23 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
01:23 -!- mode/#openvpn [+o krzee] by ChanServ
01:47 < Neighbour> Caplain: use: push "route <network> <mask>" on the server (or ccd)
01:49 < Caplain> push "route 10.0.3.0 255.255.255.0 10.37.225.6"
01:49 < Caplain> in my server openvpn.conf file
01:49 < Caplain> okay,t hanks
01:50 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 244 seconds]
01:51 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
02:14 -!- krzie [ba95f387@openvpn/community/support/krzee] has joined #openvpn
02:14 -!- mode/#openvpn [+o krzie] by ChanServ
02:14 <@krzie> Unrecognized option or missing parameter(s) in /etc/openvpn/server.conf:24: management (2.3.4)
02:15 <@krzie> same config works perfect on a different openwrt router
02:17 <@krzie> just updated, same thing:  Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/server.conf:24: management (2.3.6)
02:45 -!- dazo_afk is now known as dazo
02:58 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
03:03 -!- aPollO2k is now known as apollo2k
03:08 -!- krzie [ba95f387@openvpn/community/support/krzee] has quit [Ping timeout: 246 seconds]
03:14 -!- turambar [~pezus@gw1.cgn3.hosteurope.de] has joined #openvpn
03:15 < turambar> hi. what cpu features are likely to accelerate openvpn? we want to deploy a vpn between sites with 10g and are curious how much cpu load that will cause and whether choosing a "good" cpu will make a difference
03:29 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
03:48 -!- krzie [ba95f387@openvpn/community/support/krzee] has joined #openvpn
03:48 -!- mode/#openvpn [+o krzie] by ChanServ
03:54 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 240 seconds]
04:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:13 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 255 seconds]
04:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:27 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 246 seconds]
04:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:59 <@dazo> turambar: have a look at !gigabit
04:59 <@dazo> !gigabit
04:59 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
05:00 <@dazo> turambar: if your CPUs have the AES-NI instruction set, that can improve throughput if you use AES ciphers ... otherwise, the blowfish algorithm is quite strictly bound to CPU clock speed
05:01 <@dazo> turambar: but I believe most limitations you'll hit will be the tun/tap driver ... which makes harder to go over 1Gbit/s
05:02 <@dazo> (the !gigabit doc is aging, so things may have improved ... so if you can get higher throughput, we'd like to get feedback on that!)
05:14 -!- TheAlien [~alienatio@sedna.nettrip.org] has joined #openvpn
05:17 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:19 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
05:21 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
05:26 < TheAlien> !paste
05:26 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
05:34 -!- krzie [ba95f387@openvpn/community/support/krzee] has quit [Ping timeout: 246 seconds]
05:38 -!- krzie [ba95f387@openvpn/community/support/krzee] has joined #openvpn
05:38 -!- mode/#openvpn [+o krzie] by ChanServ
05:40 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:43 -!- hennos [~midas8@167.160.44.233] has joined #openvpn
05:45 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 240 seconds]
05:51 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:58 -!- somazero [~somazero@ip72-198-81-29.ok.ok.cox.net] has quit [Ping timeout: 252 seconds]
06:07 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 256 seconds]
06:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:09 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:15 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 240 seconds]
06:23 < turambar> dazo: many thanks for the answers but it seems we will try to do it via vpls as we need as much bandwidth as possible and we need it rather fast
06:23 < turambar> !gigabit
06:23 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
06:24 <@krzie> omg natting gre tunnels is harder than it sounds
06:24 -!- turambar [~pezus@gw1.cgn3.hosteurope.de] has left #openvpn ["Leaving"]
06:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:41 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:10 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:12 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Ping timeout: 255 seconds]
07:28 -!- krzie [ba95f387@openvpn/community/support/krzee] has quit [Ping timeout: 246 seconds]
07:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:33 -!- krzie [ba95f387@openvpn/community/support/krzee] has joined #openvpn
07:33 -!- mode/#openvpn [+o krzie] by ChanServ
07:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:00 -!- krzie [ba95f387@openvpn/community/support/krzee] has quit [Ping timeout: 246 seconds]
08:03 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
08:03 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Remote host closed the connection]
08:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:15 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:30 < wbk> is there some way to connect to tor network trought openvpn?
08:31 <@dazo> wbk: why would you do that?
08:32 <@dazo> connecting to an openvpn server via tor I would understand, but not the other way around
08:39 < cyberanger> dazo: I can imagine a few reasons, main one is along the same reason obfsproxy was first started, place/isp your at blocks all known entry nodes.
08:42 <@dazo> yeah, but then obfsproxy is going to give a better experience than openvpn ... as openvpn packets are often blocked if tor packets are getting blocked
08:45 < cyberanger> True
08:45 < cyberanger> wbk: is the openvpn server yours?
08:46 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:46 < cyberanger> I mean, easiest way I can think of is install a socks proxy on the server, tell tor to use that proxy (via the vpn)
08:47 < cyberanger> other ways involve tagging packets in the firewall to go via a different route, depending on your OS depends on how easy that is
08:47 < cyberanger> dazo: esp. lately, it used to be more likely
08:48 < cyberanger> I've actually had to use obfsproxy with openvpn for those reasons
08:48 < wbk> I need to use Tor but i don t want to install the Tor software
08:49 < wbk> So i asked if is there some way to connect to it via openvpn
09:02 -!- Shibe [~ShibaInu@botters/ShibaInu] has joined #openvpn
09:03 < Shibe> I'm confused
09:03 < Shibe> what does this line do
09:03 < Shibe> openvpn --remote SERVER_IP --dev tun1 --ifconfig 10.9.8.2 10.9.8.1
09:03 < Shibe> the --ifconfig part
09:03 < Shibe> what is that ip
09:04 <@dazo> wbk: ahh, you can run the tor software on an OpenVPN based server, and allow the socks traffic (which Tor uses) to pass through the VPN tunnel.  The browser on the VPN client side then need to use the VPN servers VPN IP address to access the Tor (socks) proxy
09:05 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Read error: Connection reset by peer]
09:05 <@dazo> Shibe: I recommend you reading the mini static howto and man pages
09:05 <@dazo> https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
09:05 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
09:05 <@dazo> !man
09:05 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
09:06 <@dazo> Shibe: In general, --ifconfig defines the IP subnet used by the VPN, which you normally route traffic via
09:07 < Shibe> dazo: what if my servers ip is 168.235.76.252
09:07 < Shibe> what would i set it to
09:08 <@dazo> Shibe: the VPN subnet should in the very most cases be a private subnet, within the rfc1918 recommendations
09:08 <@dazo> !1918
09:08 <@vpnHelper> "1918" is (#1) RFC1918 makes three unique netblocks available for private use: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 or (#2) see also: http://en.wikipedia.org/wiki/Private_network or http://www.faqs.org/rfcs/rfc1918.html or (#3) Too lazy to find your own subnet? Try this one: http://scarydevilmonastery.net/subnet.cgi or (#4) See !5737 for addresses to use for examples and documentation
09:09 < Shibe> dazo: so what do i set it to
09:10 < Shibe> ugh why is this so confusing :I
09:10 <@dazo> Shibe: how much network setup experience do you have?
09:10 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
09:10 < Shibe> none at all
09:10 <@dazo> Shibe: okay, that will give you quite a lot to learn ... VPN requires you to understand how TCP/IP networks work
09:11 <@dazo> As a "quick" starter, you should read this:
09:11 <@dazo> !tcpip
09:11 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know
09:11 < Shibe> dazo: I just want to set one up since youtube is banned in my country
09:11 < Shibe> and zenmate is starting to be slow as hell
09:11 < Shibe> and most vpn providers are annoying and bloated
09:11 <@dazo> Shibe: that's fine ... but to do VPN setups, you need to understand what you do ... we're not going to spoonfeed you a setup here
09:14 < wbk> Dazo: do you know some free openvpn service that offers free access to the internet without changing password every week?
09:15 <@dazo> wbk: yes ... get yourself a VPS host and configure your own VPN server
09:15 < wbk> I said "free"
09:15  * dazo considers €6/month free
09:16 <@dazo> wbk: generally speaking, you get what you pay for
09:16 < wbk> Why vpnbook changes password every week?
09:16 < wbk> It's boring to change it everyone
09:16  * dazo would never use any hosted VPN solutions, especially not any free ones
09:16 < wbk> Everytime
09:25 <@plai> you get what you pay for ...
09:26 <@plai> and with the free VPN providers you have to ask yourselves what their business model is
09:26 <@plai> sniffing user data?
09:37 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
09:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
09:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Remote host closed the connection]
09:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
10:33 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
10:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:51 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 255 seconds]
11:09 -!- canci [~nobody@46.101.195.4] has joined #openvpn
11:11 < canci> I have openvpn running in tap mode with the intent of using it for roadwarrior access to an existing lan where I need l2 access
11:12 < canci> client can connect and gets correct configuration, but it seems like neither arp nor ip packets from the lan behind the vpn server are forwarded to the client or vice versa
11:12 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
11:13 < canci> I see IP/ARP packets on the tap devices on both ends and they don't show up at the other end, while ethertypes != ARP & IP are transported fine
11:14 < canci> there is no specific output in the logs
11:16 < canci> this is the server config https://np.tl/?03c908096fa090b1#z+RhS9YDgcXDRkawTa4BNnPDD9j+STtJxBF4c7k3oio=
11:16 <@vpnHelper> Title: ZeroBin (at np.tl)
11:17 < canci> this is the client config https://np.tl/?ef108650e7a47ac2#WuAVpwyHM2MLOPHqmMiV77XYVdVSTYS0wgq5gz1FDMM=
11:17 <@vpnHelper> Title: ZeroBin (at np.tl)
11:18 -!- d3vic3 [c4cb0f82@gateway/web/freenode/ip.196.203.15.130] has joined #openvpn
11:19 < d3vic3> is there a way to generate portable .key please?
11:36 < d3vic3> this is not secure for sure but I need an exception
11:36 < d3vic3> is that even possible?
11:40 < d3vic3> just copying the .key doesn't work for me
11:47 -!- AMERICAN_PSYCHO [~AMERICAN_@92.sub-70-196-9.myvzw.com] has quit [Ping timeout: 255 seconds]
11:50 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
11:51 < canci> I now tried tun mode for now to see if that works, however here I seem to have a similar problem, connection establishes just fine, but fails to pass any traffic.
11:51 < canci> This is the log from the server for a single packet received from a client: https://np.tl/?aaa41c9ccde26a37#jcqHBnhqGlSEzNyCPOVJBCxZXscPaBZ6p+YLvznVnQ4=
11:51 <@vpnHelper> Title: ZeroBin (at np.tl)
11:52 < canci> the client is sending icmp echo requests down its tun-device and openvpn there is encapsulating it to the server. The server gets the openvpn packets, but doesn't send anything out its tun interface
11:52 < canci> any ideas?
11:52 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
12:02 -!- Owner [~Owner@unaffiliated/owner] has joined #openvpn
12:02 < Owner> whats this mean... ERROR: exceptions.AttributeError: 'ServerAgentRPCServer' object has no attribute 'query' (9000)
12:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:19 -!- d3vic3 [c4cb0f82@gateway/web/freenode/ip.196.203.15.130] has left #openvpn []
12:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
12:22 < Owner> nevermind
12:28 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
12:38 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit [Read error: Connection reset by peer]
12:39 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
12:42 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:47 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:52 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 240 seconds]
12:53 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
12:54 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:02 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 240 seconds]
13:08 -!- Caplain [~shayne@c-73-161-233-107.hsd1.mi.comcast.net] has quit [Ping timeout: 244 seconds]
13:11 < deviant> Anyone knows how to fix: MULTI: new incoming connection would exceed maximum number of clients (10) ?
13:11 < deviant> Can't get past that silly 10 concurrent clients limit ..
13:16 -!- FierceDeityLink [~shayne@c-73-161-233-107.hsd1.mi.comcast.net] has joined #openvpn
13:16 -!- FierceDeityLink is now known as Caplain
13:16 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
13:40 -!- mystica555 [~mystica55@97-118-103-210.hlrn.qwest.net] has quit [Read error: No route to host]
13:40 -!- neurosys [~neurosys@2601:586:201:d800:20d:b9ff:fe35:3959] has joined #openvpn
13:40 < neurosys> Hi. N00b here. How would i control multiple users who connect to my openvpn server? Lets say i wanna cut someone off. How would you configure that?
13:41 -!- mystica555 [~mystica55@97-118-103-210.hlrn.qwest.net] has joined #openvpn
13:45 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 240 seconds]
13:58 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:02 -!- bpye [~quassel@unaffiliated/bpye] has quit [Remote host closed the connection]
14:04 -!- bpye [~quassel@unaffiliated/bpye] has joined #openvpn
14:14 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
14:19 -!- fred`` [fred@earthli.ng] has joined #openvpn
14:19 -!- Shibe [~ShibaInu@botters/ShibaInu] has left #openvpn ["Leaving"]
14:20 <@ecrist> neurosys: a couple ways
14:20 <@ecrist> --ccd-exclusive
14:20 <@ecrist> or create a ccd entry and touch a file named after that user's CN with a single line "disable"
14:23 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Remote host closed the connection]
14:25 < canci> I have an OpenVPN setup where client and server successfully initialize a connction, but any data packet the client sends to the server will be received there, but wont't make it out of the openvpn processes tun device
14:26 < canci> without the log showing anything but a message about the udp packet getting received
14:26 < canci> any idea what might cause this, or how I could get additional information to debug this?
14:26 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 265 seconds]
14:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
14:57 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
15:08 < neurosys> ecrist: Thanks for that lead. I will research that
15:09 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:10 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
15:12 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
15:15 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
15:48 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 246 seconds]
16:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:13 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
16:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:17 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has joined #openvpn
16:20 -!- failart [~failart@162.219.178.18] has joined #openvpn
16:22 -!- Owner [~Owner@unaffiliated/owner] has left #openvpn ["Leaving"]
16:28 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 252 seconds]
16:33 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:38 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
16:39 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
16:42 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Client Quit]
16:57 -!- arlen [~arlen@jarvis.arlen.io] has left #openvpn []
16:59 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
17:04 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:06 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 240 seconds]
17:08 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
17:09 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
17:10 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:12 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
17:13 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
17:45 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 264 seconds]
17:50 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
17:54 -!- rich0_ is now known as rich0
18:03 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 250 seconds]
18:14 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 252 seconds]
18:44 -!- KronoZ is now known as KronoZ[away]
19:04 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 240 seconds]
19:07 -!- dazo is now known as dazo_afk
19:33 -!- diytto [~diytto@de.diytto.com] has quit [Ping timeout: 244 seconds]
19:35 -!- TheAlien [~alienatio@sedna.nettrip.org] has quit [Ping timeout: 246 seconds]
19:35 -!- capri [svedrin@elwing.funzt-halt.net] has quit [Excess Flood]
19:35 -!- iokill [~dave@pippin.sigma-star.at] has quit [Ping timeout: 255 seconds]
19:36 -!- pepperoni [~pepperoni@unaffiliated/pepperoni] has quit [Ping timeout: 250 seconds]
19:36 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
19:37 -!- pepperoni [~pepperoni@unaffiliated/pepperoni] has joined #openvpn
19:37 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:38 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
19:39 < cstk421> i have openvpn to autostart ALL connections on startup.  For whatever reason it tries to connect before eth0 gets an ip and then fails and never reconnects. suggestions on a fix ?
19:40 -!- capri [svedrin@elwing.funzt-halt.net] has joined #openvpn
19:46 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
19:49 < mystica555> cstk421: which linux distribution?
19:49 < cstk421> debia
19:49 < cstk421> debian
19:49 < mystica555> hm
19:49 < cstk421> ubuntu ish
19:49 < mystica555> not sure, but it sounds like a script isnt requiring the right network options
19:49 < mystica555> id ask i the debian channel
19:49 < cstk421> im gonna try using the post-up feature but that never worked before
19:50 < mystica555> nah, just get the init script order right
19:50 < mystica555> somehow
19:50 < mystica555> ask the debian ppl
19:50 < cstk421> k will do thx
19:50 < mystica555> in gentoo, you basically have to make the networking script require precisely the network iface you require to be up, not just 'networking in general' before it then starts other scripts dependent also on that network interface
19:51 < mystica555> but ive not done it in debian
19:51 < cstk421> gotcha. the other thing i will se if i need to tackle is to see if i can tie openvpn only to eth0 and ignore eth1 couse that will never route
19:56 -!- KronoZ[away] is now known as KronoZ
20:03 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:06 -!- hennos [~midas8@167.160.44.233] has quit [Quit: Leaving]
20:09 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 244 seconds]
20:10 -!- hennos [~midas8@167.160.44.230] has joined #openvpn
20:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:40 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:45 < subzero79> cstk421 how are you starting openvpn with init?
20:50 < cstk421> subzero79: dont know sorry how would i determine that ?
20:50 -!- deviant [deviant@xion.pl] has left #openvpn []
20:55 < subzero79> how are you starting openvpn?
20:55 < subzero79> or are you using the network manager of the desktop
20:57 < cstk421> oh ok no gui.  using the /etc/default/openvpn config to "auto" start all connections
20:58 < subzero79> ok so you should place the conf files at /etc/openvpn
20:58 < subzero79> sorry this is debian 7?
21:04 < cstk421> which they are
21:04 < cstk421> yes it is
21:08 < subzero79> is strange network should starts at runlevel S
21:09 < subzero79> openvpn is after that
21:13 < subzero79> something is causing your network to start delayed
21:14 < cstk421> yes thats where i was wondering of eth1 is causing an issue
21:15 -!- hennos [~midas8@167.160.44.230] has quit [Quit: Leaving]
21:16 < subzero79> is the eth1 in use also?
21:16 < subzero79> maybe set it for static ip temporarly in case is hanging waiting for dhcp
21:17 < cstk421> it has a static ip. it will be used to hand out dhcp
21:18 < subzero79> ah ok
21:20 < subzero79> you can try an init override to move openvpn to the end
21:20 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
21:21 < cstk421> ill check it out.  the OS blew up so im rebuilding the card now
22:22 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit [Read error: Connection reset by peer]
22:38 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
22:42 -!- fling [~fling@fsf/member/fling] has joined #openvpn
23:32 -!- ShadniX [dagger@p5481D425.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX_ [dagger@p5DDFC98C.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- ShadniX_ is now known as ShadniX
--- Day changed Thu Sep 24 2015
00:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:17 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has joined #openvpn
00:17 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has left #openvpn []
00:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:22 -!- Caplain [~shayne@c-73-161-233-107.hsd1.mi.comcast.net] has quit [Ping timeout: 272 seconds]
00:24 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 240 seconds]
00:26 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Quit: No Ping reply in 180 seconds.]
00:28 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
00:28 -!- c|oneman [cloneman@1337.montrealdark.com] has joined #openvpn
01:17 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:41 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Read error: Connection reset by peer]
01:43 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
01:43 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
01:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:53 -!- phantomcircuit [~phantomci@66.175.221.254] has quit [Read error: Connection reset by peer]
01:56 -!- phantomcircuit [~phantomci@strateman.ninja] has joined #openvpn
02:06 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Ping timeout: 240 seconds]
02:16 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
02:24 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has joined #openvpn
02:26 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
02:28 -!- dazo_afk is now known as dazo
02:35 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
02:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:50 -!- mode/#openvpn [+o mattock1] by ChanServ
03:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
03:56 -!- HollowPoint [~Alex@62.255.245.182] has joined #openvpn
04:12 -!- apollo2k is now known as aPollO2k
04:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
04:16 < HollowPoint> anyone in here know why disabling 'nsslapd-allow-anonymous-access' breaks our OpenVPN LDAP authentication? Our OpenVPN server has credentials to log in to our IPA server with to authenticate users and according to the TCPDump output we're getting, it is providing them, but further down the chain, the server gets denied
04:18 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:22 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 255 seconds]
04:24 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
04:45 < HollowPoint> Anyone?
04:50 <@dazo> HollowPoint: you probably need to ask the LDAP auth plugin people, as OpenVPN doesn't ship with LDAP support out-of-the-box ... that's a third-party add-on
04:51 <@dazo> HollowPoint: maybe you get some clues by checking the 389-ds logs on your IPA server, though ... under /var/log/dirsrv/
04:53 <@krzee> !linipforward
04:53 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
04:53 <@krzee> (for me)
05:01 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:03 < HollowPoint> thanks dazo
05:04 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:16 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
05:21 -!- colo-work [~jt@78.142.138.4] has joined #openvpn
05:21 < colo-work> can I make the openvpn daemon somehow listen on two specific interface's addresses, instead of one or all?
05:22 <@krzee> no
05:23 <@krzee> but you can firewall all but 2
05:23 < colo-work> ok, thanks
05:23 <@krzee> np
05:23 <@krzee> i love --multihome
05:24 <@krzee> currently running a server accessible from 3 different public ips through 3 isps, using 1 process
05:30 <@dazo> krzee: would be interesting to see how the float-patches which is in git-master would work on your setup .... that should avoid TLS renegotiation when a client changes IP address
05:31 <@krzee> oh that would be interesting for the phones
05:31 <@dazo> exactly ... it is said to work well on servers with one IP address, where esp. phones switch between 2G/3G/4G and wireless
05:32 <@krzee> the server i run with multihome is unrelated to the phones
05:32 < wbk> is there anybody who cares about "openvpn connect" developing?
05:32 < wbk> and yes, i already asked in #openvpn-as
05:32 <@krzee> wbk, yes, they are in ... oh ok ya thats the channel
05:32 <@dazo> wbk: yeah, the openvpn technologies ltd company
05:33 < wbk> dazo, yes, i alrady sent an email to ios@openvpn.net
05:33 <@dazo> wbk: but if you're on android and want a more true community/foss version of openvpn, try "OpenVPN for Android" from Arne Schwabe
05:34 <@dazo> ahh ... ios
05:34 < wbk> but no answers
05:34 <@krzee> blame apple
05:34 <@krzee> at least i will ;]
05:35 <@dazo> wbk: remember that openvpn tech is a fairly small company and have a lot to do .... and yeah, as krzee says, blame apple .... Apple is the core reason the OpenVPN Connect can't be open sourced on iOS
05:35 < wbk> apple released net API for VPN, but the app "openvpn connect" has problems with it
05:35 < wbk> and i'm looking for somebody to ask about
05:35 <@dazo> openvpn tech have some NDA with Apple on the VPN API ... so they are probably not allowed to say too much
05:36 < wbk> dazo, just about it, with new iOS release, VPN api are completely open
05:36 <@krzee> interesting
05:37 <@dazo> wbk: I don't know anything about the current API nor the new one ... but if the new one is more similar to the Android VPN API (which is fairly strict due to security), a complete rewrite of openvpn on ios is needed
05:40 < wbk> i just need to find somebody who knows something about it and saids to me: "yes, we are working on it, and a new relase of the app will be done since some week"
05:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:41 <@krzee> maybe you can try to pop into the next irc dev meeting
05:41 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
05:41 <@dazo> wbk: I'll try to remember to ask about it at the openvpn hackathon next week
05:41 <@krzee> oh hackathon in a week, even better
05:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:42 <@krzee> maybe one day ill lose enough weight to wear my openvpn tshirt :D
05:42 <@dazo> James Yonan usually comes to these hackathons, so there's a good chance he can tell about the progress
05:42 <@dazo> heh
05:42 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:44 -!- toli [~toli@ip-62-235-215-48.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:45 < wbk> where is this hackaton?
05:46 -!- toli [~toli@ip-62-235-196-39.dsl.scarlet.be] has joined #openvpn
05:48 < wbk> https://www.facebook.com/james.yonan.3
05:48 <@vpnHelper> Title: James Yonan (at www.facebook.com)
05:48 < wbk> i found this
05:48 < wbk> maybe i could ask him on facebook, if it is a good idea.
05:49 <@krzee> i doubt hes looking to be stalked on facebook
05:49 <@krzee> lol
05:49 <@dazo> wbk: that looks like James .... I doubt he'll answer too quickly, he is a lot offline and rather sinks deeps into stuff he needs to work on
05:49 <@dazo> https://community.openvpn.net/openvpn/wiki/DelftHackathon2015
05:49 <@vpnHelper> Title: DelftHackathon2015 – OpenVPN Community (at community.openvpn.net)
05:52 <@dazo> wbk: there are even some rumors that even his colleagues at the OpenVPN company have troubles getting in touch with James when he is working :)
05:57 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has joined #openvpn
06:13 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:14 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has quit [Quit: michaelhart]
06:15 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
06:39 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:07 -!- michaelhart [~michaelha@72.143.126.234] has joined #openvpn
07:12 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit []
07:21 -!- SJr [~sjr@70.68.85.166] has joined #openvpn
07:28 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
07:35 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:36 -!- hennos [~midas8@167.160.44.230] has joined #openvpn
07:58 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:06 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
08:11 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
08:17 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 256 seconds]
08:24 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
08:36 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
08:41 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 264 seconds]
08:49 < colo-work> WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
08:49 < colo-work> what's "normally"?
08:50 < colo-work> is there anything that could break because of the lower MTU?
08:50 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
08:54 -!- victorquinn [~victorqui@38.104.30.178] has joined #openvpn
08:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:55 -!- victorquinn [~victorqui@38.104.30.178] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:56 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:04 -!- dazo is now known as dazo_afk
09:06 -!- dazo_afk is now known as dazo
09:06 -!- sigsts_ [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Read error: Connection reset by peer]
09:06 -!- victorquinn [~victorqui@38.104.30.178] has joined #openvpn
09:09 -!- victorquinn [~victorqui@38.104.30.178] has quit [Client Quit]
09:10 -!- victorquinn [~victorqui@38.104.30.178] has joined #openvpn
09:10 -!- sigsts_ [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
09:13 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
09:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:15 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 255 seconds]
09:25 -!- nl6720 [~nl6720@62.85.17.131] has quit [Quit: IRC for Sailfish 0.9]
09:33 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:34 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:44 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:47 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
09:48 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
09:49 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:51 -!- HollowPoint [~Alex@62.255.245.182] has quit [Quit: Leaving]
09:53 -!- aPollO2k is now known as apollo2k
10:18 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:59 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
11:04 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
11:24 -!- ketas- [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
11:24 -!- pekster_ [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 240 seconds]
11:26 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 244 seconds]
11:26 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has quit [Ping timeout: 244 seconds]
11:26 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has quit [Ping timeout: 244 seconds]
11:26 -!- Johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
11:26 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 244 seconds]
11:26 -!- esde [~something@openvpn/user/esde] has quit [Ping timeout: 244 seconds]
11:26 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 244 seconds]
11:26 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 244 seconds]
11:26 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Ping timeout: 244 seconds]
11:26 -!- Buffman [~Buffman@my.irc-bit.ch] has quit [Ping timeout: 244 seconds]
11:26 -!- failart [~failart@162.219.178.18] has quit [Remote host closed the connection]
11:26 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
11:26 -!- TakumoKatekari [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
11:26 -!- not_phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
11:26 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
11:26 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
11:27 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
11:27 -!- Buffman [~Buffman@my.irc-bit.ch] has joined #openvpn
11:27 -!- esde [~something@openvpn/user/esde] has joined #openvpn
11:27 -!- mode/#openvpn [+v esde] by ChanServ
11:29 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
11:29 -!- not_phunyguy is now known as phunyguy
11:30 < Dr-007> in linux, is it possible to set up an openvpn client that will connect to server B if it can't connect to server A?
11:36 < Dr-007> and how would one call this? so i can google it :)
11:51 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has joined #openvpn
11:53 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 246 seconds]
11:54 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
11:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
11:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Quit: sigsts]
11:57 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
12:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:09 < Eugene> Dr-007 - in the man page, <connection> blocks
12:09 -!- slipper [~slipper@185.86.107.131] has joined #openvpn
12:38 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
12:38 -!- mode/#openvpn [+o pekster] by ChanServ
12:49 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has quit [Ping timeout: 272 seconds]
12:50 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:51 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
12:51 -!- dionysus70 is now known as dionysus69
12:55 <@dazo> Dr-007: In addition to <connection> blocks, you can also add multiple --remote lines in the config
13:07 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has quit []
13:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
13:20 < wbk> dazo, the developer of openvpn connect for iOS is a private society?
13:21 < wbk> in the sense of "commercial society"
13:21 <@dazo> wbk: The iOS and Android versions of OpenVPN Connect are closed source
13:21 < wbk> and that is the only one to use openvpn opensource on iOS ?
13:22 <@dazo> wbk: A new framework for OpenVPN which is used by OpenVPN Connect is being planned to be open sourced (aka OpenVPN 3) ... but when that will happen, I don't know  (I don't work for OpenVPN Technologies - just a pure community developer)
13:23 <@dazo> wbk: OpenVPN Connect is, afaik, the only OpenVPN client available for iOS .... and that client is not open source and can't be, due to Apple's restrictions
13:24 < wbk> apple does not allow to publish open source software on its devices?
13:25 <@dazo> wbk: so what krzee said, to blame Apple, there's a reason for that ... because Apple is really not very open source friendly, even though they claim to be and put a lot of open source stuff inside their devices ... but they don't play too nice
13:25 < cyberanger> That's why I'm glad for homebrew on the work mac, and very glad I don't have an iphone shoved down my throat
13:26 < cyberanger> I'm glad for cups from apple, but when it comes to apple, I prefer just about everything else
13:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
13:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:03 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
14:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:03 < Crew-L-T> hi,i'm back
14:04 < Crew-L-T> my goal is to reach the internet from my remote site, behind a tunnel
14:05 < Crew-L-T> how do i tell the server that a client has the route to internet?
14:05 < Crew-L-T> what iroute statement should i put in that ccd file?
14:05 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
14:06 -!- nl6720 [~nl6720@62.85.17.131] has quit [Client Quit]
14:06 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
14:09 < Crew-L-T> is it possible to have a client be the route to internet?
14:10 < Crew-L-T> for the server and all machines on that subnet
14:10 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
14:10 < Crew-L-T> the server's subnet that is
14:11 < Crew-L-T> and also, to act as internet access route for other connecting clients
14:13 < Crew-L-T> setup: LAN2 <-> Wifi + VPN <-> LAN1 <-> INET
14:14 < Crew-L-T> the openvpn server is in LAN2 and client in LAN1
14:15 < Crew-L-T> access across the tunnel works fine
14:15 < Crew-L-T> but when any computer in LAN2 try to access INET it fails
14:16 < Crew-L-T> the openvpn server doesn't forward the packets
14:16 < Crew-L-T> so, how do i tell the server that a client has the inet route?
14:24 < Crew-L-T> anyone??
14:29 < Dr-007> i've got a questio too; i've generated a 'client' crt/key with all signing information (country, state, locality, etc). then i revoked this client crt/key so it couldn't connect to the openvpn server. then i regenerated a crt/key with all the same signing information and tried to use this new crt/key to connect to the server but it recognizes this new crt/key as revoked
14:30 < Dr-007> while i did not revoke this last one
14:30 < Dr-007> is this where the serial comes in? i know you can put in a serial while generating the client/crt. but does the revoke stuff keep in account this serial?
14:34 <@dazo> !redirect
14:34 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
14:34 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
14:34 <@dazo> Crew-L-T: ^^
14:34 < Crew-L-T> dazo: :)
14:34 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:35 <@dazo> Dr-007: then your client is still using the wrong certificate/key ... if you revoke a certificate, you need a new private key too
14:35 <@dazo> sorry ... you *may* need a new private key too
14:35 < Crew-L-T> dazo: but redirect gw is a client side option :(
14:36  * m3n3chm0 nasZ
14:36 <@dazo> !push
14:36 <@vpnHelper> "push" is usage: push <command> , goes in the server config and makes the command act as if it was in the client config, can be used in ccd entries
14:36 <@dazo> Crew-L-T: ^^
14:39 < Crew-L-T> dazo: but i don't want the client to do anything, i want the server to redirect it's gateway
14:39 <@dazo> Crew-L-T: you do not have any other options ... to redirect Internet traffic via your VPN tunnel, you must use --redirect-gateway
14:40 < Crew-L-T> so, it can be used server side also then
14:40 <@dazo> And especially if you don't want to touch the client config ... then you must 'push' redirect-gateway from the server, which then hits the client
14:42 < Crew-L-T> well AGAIN, i DO NOT want to change anything on the client, i want the SERVER to redirect it's own gateway to be the tunnel it is running
14:42  * dazo gives up and doesn't care
14:42 < Crew-L-T> so, no i can't push this to the client
14:43 < Crew-L-T> this needs to be set on the machine running the server, not on the connecting client
14:44 < Crew-L-T> or in a ccd file for the connecting client
14:45 < Crew-L-T> the server needs to become aware that one of the connecting clients have a valid route to internet, and use that
14:45 < Crew-L-T> since the server is on a desert island, only connected via the wifi + vpn
14:46 < Crew-L-T> to another private subnet
14:47 < Crew-L-T> that subnet have internet access
14:48 < Crew-L-T> is 'iroute 0 0' a valid directive for the ccd file?
14:49 < Crew-L-T> or 'iroute 0'
14:51  * Crew-L-T gives up trying to explain
14:52 < Dr-007> dazo, i've generated a new crt/key
14:53 < Dr-007> but it did not work
14:53 < Dr-007> so i'm trying the serial now
14:53 <@dazo> Dr-007: then it sounds like your client is using the wrong cert/key
14:54 < Dr-007> soooo you're saying if i generated 2 different client crt/keys but with exactly the same information (common name, etc)
14:54 < Dr-007> if i revoke crt #1    then crt #2 should still work?
14:54 <@dazo> Dr-007: if you are brave, you can try the git-master version of openvpn (development, bleeding edge, but still surprisingly stable) ... we very recently added a patch which shows the serial number of the certificate when CRL kicks in
14:55 <@dazo> (it got committed Sept 20)
14:55 < Dr-007> ah ok
14:55 < Dr-007> but my serial is 0 in both
14:55 <@dazo> ahh ... if you have the same serial number, it will fail
14:55 < Dr-007> so after adding that, it should probably work :)
14:55 <@dazo> you need a new serial number
14:55 < Dr-007> thanks
14:55 <@dazo> The serial number should be unique
14:56 <@dazo> the subject can be identical (CN, O, L, emailAddress, etc)
15:03 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 256 seconds]
15:07 < Dr-007> hmmm.. thats weird. my regenerated key is exactly the same as my previous key
15:07 < Dr-007> a serial is now added aswell
15:08 < Dr-007> certificate is different tho
15:10 <@dazo> Dr-007: which CA software do you use?  easy-rsa?
15:10 < Dr-007> php
15:10 < Dr-007> well not true
15:11 < Dr-007> i generated my CA.crt / key with easy-rsa
15:11 < Dr-007> but the clients are generated via PHP
15:11 < Dr-007> clients/peers
15:11 < Dr-007> &servers
15:11 <@dazo> that's fine ... it was the client stuff I was mainly thinking of
15:11 <@dazo> so you call openssl directly from php?
15:12 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:12 < Dr-007> yeah, the build in functions
15:12 < Dr-007> $sscert = openssl_csr_sign($csr, $ca_crt, $privkey, 365, null, $serial);
15:12 < Dr-007> something like that
15:12 <@dazo> Dr-007: you've found CA functions in PHP? ... ahh ...okay, didn't know that was available
15:13 < Dr-007> anyway, my server is not complaining anymore about the certificate being revoked
15:13 <@dazo> Dr-007: okay ... how do you do the revoke?
15:13 < Dr-007> so thats a good thing. the serial did its thing
15:13 < Dr-007> no. the CA was generated via easy-rsa.
15:13 <@dazo> if you dump the CRL file, you'll see it is mostly just a list of serial numbers, optionally together with a reason
15:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
15:14 <@dazo> that doesn't matter .. how you got the CA key is of no difference
15:14 -!- nl6720 [~nl6720@62.85.17.131] has quit [Quit: IRC for Sailfish 0.9]
15:14 < Dr-007> the revoking IS being handled by easy-rsa on another server
15:14 <@dazo> the CA key/cert is mostly just a self-signed certificate with a CA flag
15:14 < Dr-007> hmmm
15:14 < Dr-007> anyway
15:14 < Dr-007> thats all good now, the revoking business works
15:14 <@dazo> ahh okay
15:14 < Dr-007> but the clients still cant connect
15:15 < Dr-007> ill paste a bit in pastebin
15:18 < Dr-007> hmm
15:19 < Dr-007> its weird. i've closed my client
15:19 < Dr-007> but there's still a connection happening to my server
15:19 < Dr-007> http://pastebin.com/DWbgefCu
15:19 < Dr-007> perhabs its my laptop..
15:21 -!- ketas- is now known as ketas
15:22 < Dr-007> well thats weird. its my pc thats connecting while i've 'exit' the program
15:23 < Dr-007> but i think everything is good
15:23 < Dr-007> thanks! ill reboot to make sure
15:23 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Read error: Connection reset by peer]
15:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
15:28 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 255 seconds]
15:28 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
15:28 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
15:34 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
15:35 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 250 seconds]
15:35 < Dr-007> hmmkay. the connection seems to work. but my windows client ends up with a 'could not connect' error
15:35 < Dr-007> in the server all seems normal
15:36 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
15:40 -!- OG_s7eele [~AndChat52@2600:100d:b113:6f9b:8def:605b:4e5:4e7d] has joined #openvpn
15:42 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 265 seconds]
15:45 -!- IronY [~IronY@unaffiliated/irony] has quit [Read error: Connection reset by peer]
15:46 -!- IronY [~IronY@unaffiliated/irony] has joined #openvpn
15:49 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
15:59 <@plai> dazo: from what I learned from the OpenVPN 3 C++ core OpenVPN Connect basically uses the android api as abstraction for the core
16:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:08 -!- hennos [~midas8@167.160.44.230] has quit [Quit: Leaving]
16:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:25 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:35 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
16:40 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 240 seconds]
16:42 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Read error: Connection reset by peer]
16:42 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
16:44 -!- dazo is now known as dazo_afk
16:48 -!- michaelhart [~michaelha@72.143.126.234] has quit [Quit: michaelhart]
17:02 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:23 -!- victorquinn [~victorqui@38.104.30.178] has quit [Ping timeout: 256 seconds]
17:25 -!- OG_s7eele [~AndChat52@2600:100d:b113:6f9b:8def:605b:4e5:4e7d] has quit [Quit: Bye]
17:27 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
17:31 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has joined #openvpn
17:44 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
17:46 < ki7rw> i want to create a static address file for assigning static addresses to clients and i've been able to do so with ccd but it seems that i can't set the last octet of the virtual address to match the last octet of the physical address. or am i missing something? i went by these instructions:  https://openvpn.net/index.php/open-source/documentation/howto.html#policy
17:46 <@vpnHelper> Title: HOWTO (at openvpn.net)
17:52 -!- moriko [~moriko@c51-186.i07-13.onvol.net] has quit [Ping timeout: 255 seconds]
17:54 < Dr-007> my client in windows is acting weird. often i dont see any logging in the clients status window af all. on the server side i see the client connecting and getting connected. but the windows client never goes to green
17:55 < Dr-007> then when i disconnect the client it doesn't do a thing
17:55 < Dr-007> then i exit the client, the client actually exits but the adapter is still keeping connected in the background
17:56 < Dr-007> so when i enter ipconfig in cmd it shows me an ip address for openvpn
17:56 < Dr-007> any ideas or suggestions?
17:57 -!- victorquinn [~victorqui@c-69-143-109-158.hsd1.va.comcast.net] has joined #openvpn
18:03 < Dr-007> MANAGEMENT: Socket bind failed on local address [AF_INET]127.0.0.1:25340: Address already in use (WSAEADDRINUSE)
18:04 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Quit:  restarting]
18:04 -!- victorquinn [~victorqui@c-69-143-109-158.hsd1.va.comcast.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:06 -!- cflowe [~kvirc@71.16.27.26] has joined #openvpn
18:10 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:14 -!- cflowe [~kvirc@71.16.27.26] has quit [Ping timeout: 240 seconds]
18:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
18:54 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 250 seconds]
18:55 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
18:56 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has joined #openvpn
18:57 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 240 seconds]
18:58 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 252 seconds]
18:59 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 240 seconds]
18:59 -!- dan_j [sid21651@gateway/web/irccloud.com/x-hhmjqcdwipdqozid] has quit [Ping timeout: 240 seconds]
18:59 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 240 seconds]
19:00 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
19:00 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
19:01 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
19:01 -!- mode/#openvpn [+o krzee] by ChanServ
19:01 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
19:02 -!- dan_j [sid21651@gateway/web/irccloud.com/x-vexjteqbwdaopyth] has joined #openvpn
19:08 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:11 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has joined #openvpn
19:13 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 240 seconds]
19:36 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Remote host closed the connection]
20:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:25 -!- Johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
20:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:27 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has joined #openvpn
20:28 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
20:35 -!- dmz [~dmz@unaffiliated/dmz] has quit [Quit: Leaving]
20:39 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 240 seconds]
20:39 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
20:52 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has quit [Quit: Leaving]
21:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:08 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
22:40 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:52 -!- pepperoni [~pepperoni@unaffiliated/pepperoni] has quit [Quit: leaving]
23:31 -!- ShadniX [dagger@p5DDFC98C.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:33 -!- ShadniX [dagger@p5481D73B.dip0.t-ipconnect.de] has joined #openvpn
23:40 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 268 seconds]
23:46 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
23:57 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
--- Day changed Fri Sep 25 2015
00:01 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 246 seconds]
00:13 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
00:14 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Client Quit]
00:17 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
00:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
00:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:32 -!- redpill [~redpill@unaffiliated/redpill] has quit [Read error: Connection reset by peer]
00:34 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 264 seconds]
00:38 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
00:51 -!- nl6720 [~nl6720@62.85.17.131] has quit [Quit: IRC for Sailfish 0.9]
01:10 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:13 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:26 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:26 -!- mode/#openvpn [+o mattock1] by ChanServ
02:01 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 250 seconds]
02:02 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 240 seconds]
02:02 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 240 seconds]
02:07 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
02:07 -!- mode/#openvpn [+o krzee] by ChanServ
02:18 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
02:27 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Ping timeout: 240 seconds]
02:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:01 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has joined #openvpn
03:01 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has left #openvpn []
03:04 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
03:08 -!- dazo_afk is now known as dazo
03:19 -!- TakumoKatekari is now known as Takumo
03:36 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Remote host closed the connection]
03:37 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:40 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
03:41 < manitu> hi ho.. a workmate is getting a bluescreen on connecting with windows 8
03:41 < manitu> i guess it might be https://community.openvpn.net/openvpn/ticket/505 .. is there any "quickfix"?
03:41 <@vpnHelper> Title: #505 (BSOD on Windows 8.1 client when issuing a ping with windows vista client software) – OpenVPN Community (at community.openvpn.net)
03:42 < manitu> he needed to install the tap seperate.. he had no tap device
03:43 < manitu> bluescreen was ICQL_NOT_LESS_EQUAL
03:53 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:01 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 252 seconds]
04:56 -!- HollowPoint [~Alex@62.255.245.182] has joined #openvpn
05:17 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
05:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:25 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 240 seconds]
05:36 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
05:37 < ValdikSS> Hi guys! Can somebody help me with custom TAP adapter on Windows? It includes some modificaction and it's not open-source. It _prevents windows 10 dns leaks_ and it can't be seen in wireshark.
05:37 < ValdikSS> Do anyone knows Windows internals? Please help.
05:56 -!- kossy [a@unaffiliated/kossy] has joined #openvpn
05:59 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has quit [Quit: michaelhart]
06:03 -!- kossy [a@unaffiliated/kossy] has quit [Ping timeout: 240 seconds]
06:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
06:21 <@plai> ValdikSS: ?!
06:21 <@plai> ValdikSS: where did you get that custom TAP adapter?
06:21 < ValdikSS> plai: from vyprvpn. Are you Connect developer?
06:21 -!- sjums [~sjums@slothkrew.com] has joined #openvpn
06:21 <@plai> ValdikSS: no
06:21 <@plai> ask for the sources of the tap adapter
06:22 < ValdikSS> plai: well, it seems that vyprvpn violates GPLv2
06:22 < sjums> Quick question; is an openvpn connection always encrypted, or is it possible to use OpenVPN as a simple proxy without any kind of encryption?
06:23 <@plai> ValdikSS: tell them that and that you want the source code
06:24 < ValdikSS> plai: I will. I actually don't use them. I want to fix https://community.openvpn.net/openvpn/ticket/605 and just testing all vpn providers with custom openvpn clients. It seems that vyprvpn has their own tap adapter since 2014.
06:24 <@vpnHelper> Title: #605 (Windows 10 DNS Leak) – OpenVPN Community (at community.openvpn.net)
06:26 <@plai> ValdikSS: but apart from that I have not much idea of windows programming
06:26 <@plai> So I have no idea how to debug what their adapter ist doing different
06:26 <@plai> sjums:
06:26 <@plai> !null
06:26 <@plai> hm
06:26 <@plai> !search null
06:26 <@vpnHelper> There were no matching configuration variables.
06:27 <@plai> !factoids
06:27 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
06:27 <@plai> !noenc
06:27 <@vpnHelper> "noenc" is (#1) if you're going to disable encryption, you might as well build a GRE tunnel or (#2) Reference --cipher in the manpage (--auth may also be useful to review)
06:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 256 seconds]
06:34 < sjums> plai: thanks
06:35 < ValdikSS> plai: who is a developer of Connect?
06:37 <@plai> ValdikSS: OpenVPN Connect?
06:37 < ValdikSS> plai: yes
06:37 <@plai> The OpenVPN Corp
06:37 <@plai> why?
06:40 < ValdikSS> plai: they also need fix for Windows 10 dns leaks
06:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:42 <@plai> ValdikSS: yeah.
06:42  * plai has no idea what to do to tell windows just to use the tap adapter's DNS
06:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:44 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
06:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:49 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-iwtgoykhybyawvny] has quit [Quit: Connection closed for inactivity]
06:59 -!- michaelhart [~michaelha@72.143.126.234] has joined #openvpn
07:04 < ValdikSS> Oh by the way, I've patched radiusplugin to be fully asynchronious
07:04 <@plai> ValdikSS: that sounds nice
07:04 < ValdikSS> https://github.com/ValdikSS/openvpn-radiusplugin
07:04 <@vpnHelper> Title: ValdikSS/openvpn-radiusplugin · GitHub (at github.com)
07:04 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
07:04 < ValdikSS> I'd like to introduce my radiusplugin fork which contain several patches:
07:04 < ValdikSS> * IPv6 Accounting fix by Comic Chang
07:04 < ValdikSS> * iroute netmask computation fix by Samuel Thibault
07:04 < ValdikSS> * IPv6 support patches by Samuel Thibault
07:04 < ValdikSS> * Accounting and memory leak related patches by Dmytro Vasylenko
07:04 < ValdikSS> * Accounting fixes by Yafeng Shan
07:04 < ValdikSS> * Asynchronous client-connect and instant client-disconnect by me
07:04 < ValdikSS> With the latest patch, radiusplugin won't stall OpenVPN's main thread when clients are connecting or disconnecting.
07:05 < ValdikSS> Asynchronous client-connect requires additional OpenVPN patch by Fabian Knitte
07:05 < ValdikSS> https://github.com/fknittel/openvpn/tree/feat_deferred_client-connect
07:05 <@vpnHelper> Title: fknittel/openvpn at feat_deferred_client-connect · GitHub (at github.com)
07:05 <@plai> yeah that patch needs also be reviewed :/
07:06 < ValdikSS> plai: could you add this to factoids?
07:06 <@plai> ValdikSS: be sure to also sent a message to openvpn-devel mailling list
07:06 < ValdikSS> plai: ok I will. I already sent to radiusplugin-devel.
07:07 <@plai> ValdikSS: I did not even that this list existed :)
07:15 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
07:45 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
07:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:43 -!- hennos [~midas8@167.160.44.230] has joined #openvpn
08:53 -!- u0m3 [~u0m3@92.80.92.123] has quit [Quit: Leaving]
08:54 -!- u0m3 [~u0m3@92.80.92.123] has joined #openvpn
08:58 <@dazo> ValdikSS: great work!
09:00 <@dazo> ValdikSS: feel free to update the community wiki containing lists of additional plugins for openvpn
09:07 -!- victorquinn [~victorqui@38.104.30.178] has joined #openvpn
09:15 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
09:19 < ValdikSS> So it seems that VyprVPN implemented userspace WFP (Windows Filtering Platform) driver to avoid DNS leaks
09:19 < ValdikSS> It has nothing with their custom tap adapter. Oh by the way they also bundle custom OpenVPN without sources.
09:23 -!- IsntFunny [~styler2go@ip-178-200-96-248.hsi07.unitymediagroup.de] has joined #openvpn
09:23 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
09:23 < IsntFunny> Hello. I simply can't get openvpn working. Why is openvpn so complicated to use? To prevent "normal" users from using it?
09:30 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
09:32 < Dr-007> in my config i've got: up /usr/smw_vpn/triggers/up.sh
09:32 < Dr-007> this script gets passed along: tap0 1500 1576 172.16.7.215 255.255.0.0 init
09:33 < Dr-007> what do 1500 and 1576 stand for?
09:33 < Dr-007> is there some page thats lists all scriptable commands with their return values?
09:36 -!- victorquinn [~victorqui@38.104.30.178] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:37 < Dr-007> or is it only possible to run a script after up / down
09:42 < ValdikSS> Dr-007: seems like tun-mtu and link-mtu values
09:43 < ValdikSS> Dr-007: you actually should use environmental variables.
09:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
09:50 < Dr-007> ValdikSS, thanks
09:58 < Dr-007> now i've added "learn-address" this is executed in --mode server mode whenever an IPv4 address/route or MAC address is added to OpenVPN's internal routing table.
09:58 < Dr-007> i expected one call to this script
09:58 < Dr-007> but its gets called a dozen times?
10:00 -!- SJr [~sjr@70.68.85.166] has quit [Read error: Connection reset by peer]
10:01 -!- IsntFunny [~styler2go@ip-178-200-96-248.hsi07.unitymediagroup.de] has quit [Quit: Leaving]
10:01 <@krzee> well
10:01 <@krzee> depends how many clients connect and/or change ips
10:02 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
10:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:02 <@krzee> maybe you wanted --client-connect if thats not what you expected... depends what you're doing
10:03 <@krzee> (hint: if you're setting up dynamic firewalling you wanted learn-address)
10:06 -!- HollowPoint [~Alex@62.255.245.182] has quit [Quit: Leaving]
10:09 <@dazo> mattock: ^^^ see comment from ValdikSS regarding VyprVPN .... "Oh by the way they also bundle custom OpenVPN without sources."
10:11 <@dazo> Hmmm ... IsntFunny wasn't funny at all ... gave us no chance to make some fun here
10:11 <@krzee> well he did advertise it correctly
10:12 < Dr-007> krzee, do you know a page from openvpn itself that lists all configuration options you can add to run a script? i'm now using https://tunnelblick.net/cUsingScripts.html
10:12 <@vpnHelper> Title: Using Scripts - Tunnelblick | Free open source OpenVPN VPN client server software GUI for Mac OS X. (at tunnelblick.net)
10:12 < Dr-007> which isn't ideal
10:13 <@krzee> !script
10:13 <@vpnHelper> "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
10:14 <@krzee> and to check the env passed to the script just make a script that saves env to a file
10:15 < Dr-007> thanks
10:20 <@krzee> np
10:26 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has joined #openvpn
10:28 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
11:03 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 246 seconds]
11:13 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:15 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
11:15 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
11:16 < Dr-007> <@krzee> and to check the env passed to the script just make a script that saves env to a file
11:16 < Dr-007> i dont understand
11:16 < Dr-007> when i put in "client-disconnect' my script gets called
11:16 < Dr-007> but without any variables / parameters
11:16 < Dr-007> this https://openvpn.net/archive/openvpn-users/2005-02/msg00346.html
11:17 <@vpnHelper> Title: [Openvpn-users] client-connect / client-disconnect (at openvpn.net)
11:17 < Dr-007> hints i can request the disconnected vpn ip on the server side
11:17 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:18 < ki7rw> i want to set static ip's for my virtual addresses using ccd but from what i've read i can't set them to have the same last octet number as my physical addresses
11:19 < ki7rw> i was using these instructions: https://openvpn.net/index.php/open-source/documentation/howto.html#policy
11:19 <@vpnHelper> Title: HOWTO (at openvpn.net)
11:23 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
11:23 < Dr-007> ah i understand now
11:23 < Dr-007> awesome-o :)
11:24 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
11:30 < ki7rw> ok. this looks like what i need: https://community.openvpn.net/openvpn/wiki/Concepts-Addressing#StaticAddressAssignment
11:30 <@vpnHelper> Title: Concepts-Addressing – OpenVPN Community (at community.openvpn.net)
11:31 < ki7rw> let's see if i can mess up my working system
11:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
11:47 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
11:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:55 -!- victorquinn [~victorqui@38.104.30.178] has joined #openvpn
11:55 -!- failart [~failart@162.219.178.18] has joined #openvpn
11:55 < victorquinn> Hey all, I'm getting the following error on my Mac when trying to connect to our OpenVPN server: "Unexpected error: JSONDialog: Error running jsondialog, status=(5, [], ['task_for_pid(): 0x5']), stdout=[], stderr=['task_for_pid(): 0x5']"
11:56 < victorquinn> I've tried Googling to no avail, uninstalling and re-installing, no one else at my company gets this error connecting, I'm at a loss, anyone seen this before?
11:57 < victorquinn> I'm on the latest client downloaded from the web interface for our server which happens to be 2.0.9.201
11:57 < victorquinn> We submitted an official support request over 2 days ago and haven't received any response, it's a real pain because I can't do any work without being able to connect. Any help would be greatly appreciated!
11:58 < victorquinn> Oh and one more useful detail,  my password is correct, I can log into the admin interface just fine, just can't connect to the VPN
12:03 <@plai> !as
12:03 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
12:08 <@krzee> victorquinn, you are using AS i take it?
12:08 <@krzee> as in, you mean to be
12:15 -!- failart [~failart@162.219.178.18] has left #openvpn []
12:17 < victorquinn> Oh yeah, I am, my apologies! I'll go to the other channel
12:21 -!- wipmonkey [~wipmonkey@ip98-165-231-233.ph.ph.cox.net] has joined #openvpn
12:21 -!- victorquinn [~victorqui@38.104.30.178] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
12:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:29 < wipmonkey> I have a question about securing openvpn on an android device. I see where you can import pkcs12 files into the android keystroke but I don't see how to add ta.key to the pkcs12 or to the keystore (or a way for openvpn to read it from there) Is this is a non issue? It just seems like keeping it on the sdcard for all to see would be a bad plan.
12:31 < wipmonkey> Thanks in advance.
12:37 < wipmonkey> For the record it works great, I just want to lock it down the best I can.
12:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:52 <@plai> wipmonkey: android keystore only supports certificate
12:52 <@plai> wipmonkey: for openvpn for android you can import hte file into the profile
12:58 < wipmonkey> once it is imported can I delete the org keyfile?
12:58 < wipmonkey> s/org/original/
13:00 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 264 seconds]
13:00 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
13:05 < wipmonkey> plai: Thanks, I deleted the ta.key and rebooted to make sure and it does keep it imported.
13:24 <@plai> wipmonkey: when you edit the profile it should show embedded file
13:24 <@plai> or something like that
13:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
13:24 -!- hennos [~midas8@167.160.44.230] has quit [Ping timeout: 246 seconds]
13:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:36 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has joined #openvpn
13:52 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
13:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 252 seconds]
14:08 -!- Denial [~Denial@81.141.16.229] has joined #openvpn
14:11 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
14:15 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:20  * m3n3chm0 nasZ
14:23 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has quit [Quit: Leaving]
14:31 -!- AlmogBaku [~almogbaku@bzq-109-65-59-51.red.bezeqint.net] has quit []
14:31 -!- hennos [~midas8@167.160.44.243] has joined #openvpn
14:34 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
14:34 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
14:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 252 seconds]
14:41 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
14:54 -!- michaelhart [~michaelha@72.143.126.234] has quit [Quit: michaelhart]
14:57 -!- f0cker [~f0cker@unaffiliated/f0cker] has joined #openvpn
15:25 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 240 seconds]
15:25 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
15:26 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
15:44 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
15:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
15:56 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
15:59 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has joined #openvpn
16:05 < Dr-007> tls_id_{n} The serial number of the certificate from the remote peer, where n is the verification level. Only set for TLS connections.
16:06 < Dr-007> when i connect with my client the server says my serial is: 2D
16:06 < Dr-007> while it actually is 43
16:06 < Dr-007> what gives?
16:06 < Dr-007> i mean tls_serial_{n}
16:06 < Dr-007> not tls_id_{n} tls_id gives the right info
16:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
16:09 < Dr-007> tls_serial_0 = 2D    $tls_serial_hex_0 = empty
16:13 < Dr-007> "only set for tls connections" this basicly means i should have 'tls-server' inside my openvpn server configuration, right?
16:33 -!- synapse [~sarah@unaffiliated/synapse] has joined #openvpn
16:33 < synapse> How can I erase all the logs?
16:33 < synapse> running openvpn server
16:33 < synapse> on ubuntu
16:34 < synapse> because I think it's in /var/log/syslog
16:52 <@dazo> synapse: rm /var/log/syslog  and then restart syslog just to be sure the file gets recreated ..... but this is most likely not something your really want to do at all
16:53 <@dazo> but it does "erase all the logs" ... absolutely all.
16:54 <@dazo> Dr-007: the {n} part is the number in the certificate chain ... normally 0 is the client/host certificate and 1 is the CA certificate ... however, if you use sub-CAs you'll have the root CA as the highest number, 0 as the client/host and sub-CAs in between
16:55 <@dazo> Dr-007: if you use --server on in your server config, you usually have --tls-server implicitly added (--server is a "macro") ... but yes, you do need --tls-server to use --key/--cert/--ca/--dh
16:56 <@dazo> and you need --tls-client (or use the --client "macro") on the client side too
16:57 -!- f0cker [~f0cker@unaffiliated/f0cker] has quit [Ping timeout: 268 seconds]
17:04 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
17:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 268 seconds]
17:17 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
17:18 < synapse> dazo: can I not somehow pipe a copy of the syslog out to a new file with grep removing "openvpn" entries?
17:18 <@dazo> synapse: that is a really bad idea ... why would you want to do that?
17:19 < synapse> I want to erase the entries
17:19 <@dazo> manipulating logs is just plain wrong
17:21 < synapse> my server I can do what I want
17:21  * dazo shrugs
17:22 < synapse> point is if I can use grep to extract all the openvpn entries, it must be possible to create a copy of syslog with those entries excluded
17:22 < Thermi> Yes, you can.
17:22 < Thermi> Why do you want to do that?
17:22 <@dazo> synapse: this isn't #syslog help ... and honestly, I don't help people doing stupid things (like manipulating logs) ... even if it is your own server, then it makes even less sense
17:22 < synapse> why isn't anyone's concern apart from my own
17:23 < synapse> ok well that's all you had to say
17:23 -!- synapse was kicked from #openvpn by dazo [go have fun somewhere else]
17:31 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
17:32 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
17:32 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:33 -!- dazo is now known as dazo_afk
17:39 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:41 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
17:42 -!- toli [~toli@ip-62-235-196-39.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
17:45 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
17:46 -!- toli [~toli@ip-62-235-196-39.dsl.scarlet.be] has joined #openvpn
18:05 < Dr-007> dazo, sub-CAs? whats the adventage of using one?
18:06 < Dr-007> and thanks :)
18:07 < Dr-007> and i assume the 'down' option in my config will only be triggered if you service openvpn stop ?
18:07 < Dr-007> and not when you killall openvpn
18:11 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
18:36 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
18:36 -!- MyNameIsJared [~MyNameIsJ@212-129-42-52.rev.poneytelecom.eu] has joined #openvpn
18:36 < MyNameIsJared> !welcome
18:36 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
18:36 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:37 < MyNameIsJared> !goal Get OpenVPN cooperating with my Debian 8 Jessie install, and have the service open automatically on boot.
18:38 < MyNameIsJared> Hope I did that correctly
18:38 < Dr-007> ah you didn't. you failed your first test ;)
18:38 < MyNameIsJared> Of course I did. I read the topic at least!
18:39 < MyNameIsJared> :)
18:39 < Dr-007> did you try this-> update-rc.d <script_name> defaults
18:39 < Dr-007> to make it boot at startup
18:39 < MyNameIsJared> I did not. Lemme try
18:39 < Dr-007> or doesn't debian 8 support this
18:39 < Dr-007> so
18:40 < Dr-007> update-rc.d /etc/init.d/openvpn defaults
18:40 < MyNameIsJared> systemd, Dr-007
18:40 < Dr-007> oh. then i dont know
18:41 < MyNameIsJared> Ah well, thanks for the attempt
18:41 < Dr-007> does /etc/rc.local exist?
18:41 < Dr-007> you can put scripts inthere that should start on boot
18:41 < Dr-007> but there's probably a better way to do this via debian
18:41 < Dr-007> like something i proposed
18:42  * MyNameIsJared shrugs
18:43 < MyNameIsJared> Again, thanks for the help :)
19:00 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:08 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 250 seconds]
19:13 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:15 -!- redpill [~redpill@unaffiliated/redpill] has quit [Client Quit]
19:30 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
20:14 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
20:29 -!- hennos [~midas8@167.160.44.243] has quit [Ping timeout: 268 seconds]
20:30 -!- hennos [~midas8@167.160.44.243] has joined #openvpn
21:04 -!- hennos [~midas8@167.160.44.243] has quit [Quit: Leaving]
21:07 -!- wipmonkey [~wipmonkey@ip98-165-231-233.ph.ph.cox.net] has quit [Remote host closed the connection]
21:11 -!- d10n [~d10n@unaffiliated/d10n] has quit [Quit: why all the #hashtags #lol #hackers #overheard]
21:19 -!- troyt [~troyt@2601:681:4600:9241:44dd:acff:fe85:9c8e] has quit [Ping timeout: 252 seconds]
21:25 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
21:39 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has joined #openvpn
21:51 -!- ghostboarder [johngalt@S010674ea3aff6a9f.va.shawcable.net] has joined #openvpn
21:52 -!- cheesenbiscuits [~cheesenbi@175.145.246.114] has joined #openvpn
21:57 -!- ghostboarder [johngalt@S010674ea3aff6a9f.va.shawcable.net] has quit [Ping timeout: 240 seconds]
22:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
22:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
22:47 -!- cstk421 [~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net] has quit []
23:32 -!- ShadniX [dagger@p5481D73B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX_ [dagger@p5481CE91.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- ShadniX_ is now known as ShadniX
23:35 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
--- Day changed Sat Sep 26 2015
00:07 -!- lazypower [~lazypower@ubuntu/member/lazypower] has joined #openvpn
00:15 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
00:21 < lazypower> Greetings, i'm attemping to setup a VPN so I can access a host only vlan for my virtual machines in a lab. My primary networking range is 10.0.10.0/24, while the VM network is 192.168.100.0 - i think i setup the bridging properly by setting the device to a TAP, with the following config http://paste.ubuntu.com/12569806/
00:22 < lazypower> i have verified there is no firewall running, when i connect i see the 192.168.100 route show up in netstat -nr, however pinging hosts that i can reach on the server, are not reachable from the client
00:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
01:10 < Crew-L-T> well, at last i finally figured out what the problem was with the setup i was trying to accomplish :)
01:11 < Crew-L-T> it was a limitation in the linux implementation of openvpn
01:40 < mystica555> Crew-L-T: oh?
01:41 < mystica555> what were you wanting to do, and being limited at doing? did you find a way to do it?
01:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:47 < mystica555> (ie, other than with linux)
01:49 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:49 -!- mode/#openvpn [+o mattock1] by ChanServ
02:09 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
02:11 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:16 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
02:16 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
02:23 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
02:33 -!- sieve [~Adium@ip5f5aef97.dynamic.kabel-deutschland.de] has joined #openvpn
02:40 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Ping timeout: 246 seconds]
02:41 < sieve> What would be the most interesting thing to monitor in /proc to work out if openvpn is working ok?
02:41 < sieve> Or at least alive
02:44 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 246 seconds]
02:45 < Eugene> sieve - look up the --status option
02:51 < sieve> Eugene: I though about that but thats not an ideal way to test that openvpn is ok because if openvpn is dead the file can still exist
02:55 < sieve> Its annoying that you cant test a UDP connection!
02:55 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:57 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
03:02 < Eugene> https://exchange.nagios.org/directory/Plugins/Security/VPN-Software/check_openvpn/details
03:02 <@vpnHelper> Title: check_openvpn - Nagios Exchange (at exchange.nagios.org)
03:02 < Eugene> I'm guessing you want this for nagios?
03:02 < Eugene> The management interface(which is what this plugin seems to use) will do that just fine.
03:03 < sieve> Eugene: systemctl is-active openvpn@server seems to be most interesting.
03:03 < sieve> Eugene: not for nagios, but yea. for monitoring and failover
03:03 < Eugene> Yeah, but doesn't provide anything really trackable, eg users active
03:04 < sieve> Eugene: This is really true. But I think for 98% of failover cases watching systemctl will be ok
03:04 < Eugene> Yah
03:04 < sieve> The other 2% is support load :)
04:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:04 -!- sieve [~Adium@ip5f5aef97.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
04:06 -!- sieve [~Adium@ip5f5aef97.dynamic.kabel-deutschland.de] has joined #openvpn
04:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
04:37 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:38 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:42 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
04:43 -!- thor77 [~thor77@communication.crapwa.re] has joined #openvpn
04:43 < thor77> !welcome
04:43 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:43 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:44 < thor77> !redirect
04:44 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
04:44 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
04:45 < thor77> !nat
04:45 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !openvznat !winnat and !fbsdnat for specific howto
04:45 < thor77> !ipforward
04:45 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
04:45 < thor77> !linipforward
04:45 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
04:46 < thor77> !linnat
04:46 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <IP ADDRESS> or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info
04:47 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:57 < thor77> is there some way to test nat through iptables?
04:57 < thor77> it seems like i'm missing smth
04:57 < thor77> i can see all the traffic reaching my server (via tcpdump)
04:58 < thor77> but no answers going back to my client
04:59 < thor77> i flushed my iptables, set the forward-policy to ACCEPT and ran "iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE" (yeah, ens3 is the name of my lan-interface)
04:59 < thor77> but still the same result
04:59 < thor77> and i'm using systemct-networkd as network-daemon and set IPForward=yes in my .network-file
05:00 < thor77> if i cat /proc/sys/net/ipv4/ip_forward it says "0"
05:01 < thor77> but maybe systemd-networkd set with some other way
05:04 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:06 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:11 < Neighbour> and what if you echo 1 > /proc/sys/net/ipv4/ip_forward ?
05:11 < ValdikSS> Hi guys
05:11 < ValdikSS> So how can I donate now?
05:12 < ValdikSS> Paypal address from secure-computing is not available for a long time
05:12 < ValdikSS> Maybe krzee knows the answer?
05:14 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 265 seconds]
05:40 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
05:42 <+s7r> what do i need to add/remove from server.conf in openvpn to permanently disable logging (ip addresses that connect, etc.) ?
05:46 < Neighbour> verb 0
05:46 <+s7r> in server, right ?
05:46 < Neighbour> yes
05:47 <+s7r> it doesn't log the ip addresses that connected anywhere else
05:47 <+s7r> ?
05:47 < Neighbour> verb 0 disables all logging except fatal errors
05:47 < Neighbour> also remove the 'status <file>'-line if it's there
05:47 <+s7r> thanks good Neighbour :)
05:47 <+s7r> on it
05:49 <+s7r> Neighbour: in /etc/openvpn i have a file openvpn-status.log which says
05:49 <+s7r> OpenVPN CLIENT LIST
05:49 <+s7r> Updated,Sat Sep 26 06:45:39 2015
05:49 <+s7r> Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
05:49 <+s7r> client1,<ip>:49205,8599338,133352554,Sat Sep 26 05:59:05 2015
05:49 <+s7r> verb 0 will disable this?
05:50 < Neighbour> no, removal of the 'status <file>'-line will do that
05:50 <+s7r> ipp.txt contains
05:50 <+s7r> client1,10.8.0.4
05:50 <+s7r> client2,10.8.0.8
05:50 <+s7r> this is not bad ...
05:51 <+s7r> # Output a short status file showing
05:51 <+s7r> # current connections, truncated
05:51 <+s7r> # and rewritten every minute.
05:51 <+s7r> right !
05:51 <+s7r> so remove status line and change from verb 3 to verb 0 will reach my goals, that's all ?
05:51 < Neighbour> ipp could also be disabled, but then your clients won't always receive the same ip
05:52 < Neighbour> (unless you manually push ifconfig's to the clients in the ccd-files)
05:52 <+s7r> no that's fine i just don't want to log the client's public ip from which he is connecting from
05:53 <+s7r> i don't care keeping the internal ips they are assign within the vpn persistent and visible on the server
05:53 < Neighbour> then afaik that should be enough (though if someone has access to the box while it's running, he can still find out the external ip's of the connected clients)
05:54 <+s7r> of course, netstat, ss -l , tcpdump, plenty of options - that i know
05:54 < Neighbour> ok :)
05:54 <+s7r> i just wanted it not to write it on disk
05:54 <+s7r> thanks !
05:54 < Neighbour> np
05:57 < thor77> Neighbour: "and what if you echo 1 > /proc/sys/net/ipv4/ip_forward ?" everything works fine then, if i set IPForward to kernel in my network-setting at least ipv4 is working fine
05:58 < thor77> but ipv4 doesn't work at all, i can see i get a v6-ip assigned in my server-log
05:59 < thor77> *ipv6
06:12 < thor77> seems like only forwarding doesn't work, i ping the client via ipv6 and the server from the client
06:13 < thor77> https://wiki.archlinux.org/index.php/Internet_sharing#Enable_packet_forwarding i used this instructions to inable packet forwarding
06:13 <@vpnHelper> Title: Internet sharing - ArchWiki (at wiki.archlinux.org)
06:14 < thor77> and the ipv6-traffic also reaches my server
06:27 < thor77> !ipv6
06:27 <@vpnHelper> "ipv6" is (#1) The wiki has IPv6 details: https://community.openvpn.net/openvpn/wiki/IPv6 or (#2) The manpage contains info about IPv6 features present in 2.3+: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ
06:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:48 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 246 seconds]
06:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
07:05 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
07:29 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has joined #openvpn
07:31 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
07:31 -!- cheesenbiscuits [~cheesenbi@175.145.246.114] has quit []
07:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:43 -!- Saturn812 [~Saturn812@128-69-30-181.broadband.corbina.ru] has joined #openvpn
07:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:53 < Saturn812> hi. i tryed to setup openvpn server on my vps usig digital ocean tutorial and automated script on github. First one uses ufw, the second one iptables as far as i can tell. Both cases somewhat working, but there is one issue. I cannot connect to any domain names website. Direct ip does work, but not dns. I tryed setting opendns server, google servers or system default dns, but the same result
07:54 < skyroveRR> !dns
07:54 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
07:54 < skyroveRR> !pushdns
07:54 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
07:54 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
07:54 < skyroveRR> Saturn812: ^^
07:55 -!- toli [~toli@ip-62-235-196-39.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
07:58 -!- toli [~toli@ip-62-235-44-109.dial.scarlet.be] has joined #openvpn
08:08 -!- hennos [~midas8@167.160.44.243] has joined #openvpn
08:11 < Saturn812> hmm, i have pushdns in openvpn server, can't seems to find such option for the phone
08:13 < skyroveRR> Which client are you using for the phone?
08:14 < Saturn812> openvpn connect
08:15 < Saturn812> tutorial suggest putting push dns option in .ovpn file, but it doesn't seems to do anything
08:15 < skyroveRR> Remove all your certs and keys from that file, and paste it.
08:22 < Saturn812> http://pastebin.com/yEryZbfS
08:23 < Saturn812> sorry for the delay
08:23 < skyroveRR> That's the client's file or the server's ?
08:23 < skyroveRR> Hmm. Client.
08:24 < skyroveRR> Your dns option is wrong.
08:24 < skyroveRR> Your "client" won't push DNS setting to the server, it's the other way around.
08:25 < Saturn812> i do have the same pushdns settings in server's openvpn config
08:25 -!- wbk [wallbroken@gateway/shell/bnc4free/x-gfygqdnpenjhlmqi] has left #openvpn []
08:26 < skyroveRR> Replace that push lines with these: dhcp-option DNS <DNS IP> in the client file
08:26 < skyroveRR> Then restart the client and check.
08:28 < skyroveRR> Saturn812: I asked whether it's a client or a server cos you had "push" options in that paste. push  lines are only application to server configs, not client configs. :)
08:28 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:28 < skyroveRR> * only applicable.
08:29 < Saturn812> oh, ok, i'll try without push
08:33 < Saturn812> page loads a really long time, that is why i am responding that long :)
08:34 < Saturn812> it doesn't seems to be working, the same result
08:34 < skyroveRR> Paste the config file again, please.
08:34 < Saturn812> client one?
08:34 < skyroveRR> Yup.
08:35 < Saturn812> http://pastebin.com/c79eqz4P
08:36 < Saturn812> i've made a separate profile with this config in the client to make sure it is the same config
08:37 < skyroveRR> Hmm.
08:37 < skyroveRR> Looks correct.
08:37 < skyroveRR> What do you get when you actually ping google.com?
08:38 < Saturn812> hm, it's working fine, i get the response with 70-80 ms ping
08:39 < skyroveRR> "cannot connect to any domain names website"?
08:40 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-mkkvivvwpsbikcud] has joined #openvpn
08:40 < skyroveRR> You can ping google, can't you?
08:40 < Saturn812> direct ip works fine in the browser, but when i try something like google.com, it doesn 't work
08:40 < skyroveRR> It should work now..
08:40 < Saturn812> not sure why ping works in this case
08:40 < skyroveRR> Did it work previously?
08:40 < Saturn812> i tryed several browsers too
08:41 < Saturn812> nope, it's my second attempt to set up openvpn server, first one was the same failure with a different hosting
08:41 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
08:42 < Saturn812> i should probably try to connect with something else to localize the issue
08:44  * m3n3chm0 nasZ
08:50 < Saturn812> actually, it works fine on linux client
08:53 < Saturn812> actually, works kinda slowly compared to socks proxy connection
08:59 < Saturn812> it seems kinda random, i do get the same errors sometimes
09:03 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
09:08 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 240 seconds]
09:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 265 seconds]
09:24 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 265 seconds]
09:37 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:43 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 240 seconds]
09:43 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
09:49 < Saturn812> well, thats interesting. Can my home router can be a problem? Using mobile network works perfectly over openvpn, while my home connection doesn't work
09:51 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:55 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
09:58 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:13 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
10:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:54 -!- sjums [~sjums@slothkrew.com] has left #openvpn []
11:07 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:10 < skyroveRR> ping Saturn812
11:14 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
11:17 < Saturn812> ping works fine and direct connection to ip too
11:17 < Saturn812> i don't know why browsing is any different
11:18 < skyroveRR> Do you have any proxies setup?
11:18 < skyroveRR> In the browsers themselves?
11:20 < Saturn812> nope
11:20 < Saturn812> linux client pretty much stock
11:21 < Saturn812> i used for lamp and other dev stuff
11:21 < skyroveRR> Saturn812: could you paste your server config?
11:21 < Saturn812> sure
11:23 < Saturn812> http://pastebin.com/kbi93AGq
11:27 < skyroveRR> IDK why you used the option on line 11... may you uncomment it?
11:28 < skyroveRR> And use this one: push "redirect-gateway def1". Then restart the server/client and check.
11:29 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
11:29 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:31 < Saturn812> ok, i'll try it. It's the config that script have generated
11:31 < Saturn812> first time i used a stock config with minor changes like port, ip and dns
11:37 < Saturn812> didn't change anything
11:37 < skyroveRR> Do you have tcpdump?
11:37 < skyroveRR> On your VPS?
11:38 < Saturn812> probably not. But i don't think it's a server's problem. My cell network works perfectly with vpn
11:38 < skyroveRR> Then enjoy :P
11:39 < Saturn812> i am curious what causes such problems. Router probably? Since both pc and phone have troubles
11:42 < skyroveRR> I wouldn't think it's the router..
11:47 < skyroveRR> Saturn812: could you paste individual responses of the ping tool to google.com/yahoo.com/facebook.com, please?
11:47 < Saturn812> sure
11:48 < skyroveRR> Saturn812: if it fails, then output it as well.
11:50 < Saturn812> http://pastebin.com/KqNWDqMt
11:51 < skyroveRR> Ok, how long does it take to completely load each of those individual sites? Take any browser and try to access them. Try to remember the time it takes to load them completely. From both, the server, and the client.
11:53 < Saturn812> it doesn't really load them at all. I can see the page title changing in 3 seconds and then it just loads infinitely, sometimes fails in few minutes with a connection timed out error
11:54 < Saturn812> or sometimes just blank screen
11:54 < skyroveRR> Is that in the client or the server?
11:54 < Saturn812> client, how would i test it on server?
11:55 < skyroveRR> X forwarding?
11:55 < Saturn812> it doesn't have X
11:55 < skyroveRR> Oh
11:56 < skyroveRR> Alright, where's the server? On a VPS?
11:56 < Saturn812> yes, KVM vps
11:56 < skyroveRR> And the client?
11:57 < Saturn812> i tried my phone and linux mint on virtual machines, both connected to my router
11:57 < skyroveRR> Where's this VPS? On some private provider?
11:58 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
11:58 < Saturn812> general hosting
11:58 < Saturn812> just a hosting company, not a provider
11:58 < skyroveRR> How's the client connectivity to the internet WITHOUT the VPN?
11:59 < Saturn812> l2tp vpn connection in router
11:59 < skyroveRR> Without the VPN...
11:59 < Saturn812> it's the isp's vpn
12:00 < skyroveRR> I was meaning the connectivity without the private provider..
12:00 < Saturn812> you mean, do i have other means to connect?
12:01 < Saturn812> *other ways
12:01 < skyroveRR> Yes, like LTE or EDGE, on the phone, when you connect without the VPN, how's the connectivity?
12:01 < Saturn812> phone lte works perfectly fine with openvpn
12:02 < Saturn812> it doesn't work when i connect it to router's wi-fi
12:02 < skyroveRR> You mean phone -> phone ISP -> internet -> VPN server works fine?
12:02 < Saturn812> yes
12:03 < Saturn812> like a clock, no slowdown at all
12:03 < skyroveRR> And... home -> L2TP ISP -> internet -> VPN server doesn't?
12:03 < Saturn812> that is correct
12:04 < skyroveRR> Then I'd say the openvpn configurations of both, the server and the clients, are correct. Your L2TP VPN ISP seems to be acting naughty..
12:05 < skyroveRR> Do you have any internet connection other than your phone or your home wifi?
12:06 < Saturn812> i can make my router get the connection from my home
12:06 < Saturn812> *from my phone
12:06 < skyroveRR> Using WIFI tethering, I suppose?
12:07 < Saturn812> yes
12:07 < skyroveRR> That still leaves us with two ISPs, your home and your phone ISP... don't you have some other ISP other than those two?
12:09 < Saturn812> no, no other connections i am afraid
12:10 < skyroveRR> Which router do you use at home?
12:10 < Saturn812> zyxel keenetic giga
12:11 < skyroveRR> It's completely Russian..
12:11 < skyroveRR> :D
12:11 < Saturn812> yeah :D
12:13 < skyroveRR> Your router is just as weird as your ISP..
12:13 < skyroveRR> :|
12:13 < Saturn812> it is actually not a bad router i think :)
12:14 < skyroveRR> Does it have any mgmt interface? Telnet/SSH?
12:14 < skyroveRR> * mgmt software.
12:16 < skyroveRR> Or can you paste your router's firewall rules? I'd like to take a look at your router's firewall.
12:16 -!- user123irc [~user@78-62-111-164.static.zebra.lt] has joined #openvpn
12:17 -!- Saturn286 [~Saturn812@128-69-61-107.broadband.corbina.ru] has joined #openvpn
12:17 < skyroveRR> Saturn812: welcome back.
12:17 < Saturn286> :D
12:17 < skyroveRR> What happened?
12:17 < Saturn286> not sure, probably isp refreshed a connection or something
12:18 < Saturn286> i don't think i did anything to it:D
12:18 < skyroveRR> Hmm. A new lease, I suppose.
12:18 < skyroveRR> skyroveRR | Does it have any mgmt interface? Telnet/SSH?
12:18 < skyroveRR> skyroveRR | * mgmt software.
12:18 < skyroveRR> skyroveRR | Or can you paste your router's firewall rules? I'd like to take a look at your router's firewall.
12:20 -!- Saturn812 [~Saturn812@128-69-30-181.broadband.corbina.ru] has quit [Ping timeout: 264 seconds]
12:22 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:23 < Saturn286> ok, i found a telnet connection
12:23 < skyroveRR> Just paste the firewall if you can..
12:25 < user123irc> is there any list of servers and other things how to connect ?
12:25 < user123irc> because I have a list and certificates and they dont work
12:25 < user123irc> how to do this ?
12:34 < Saturn286> skyroveRR, not sure if it's the one http://pastebin.com/PktaYdrp
12:35 < skyroveRR> wtf..
12:36 < skyroveRR> That will take time for me to interpret..
12:41 < skyroveRR> Saturn286: these *might* be useful.. https://www.dd-wrt.com/wiki/index.php/Router_Slowdown
12:41 <@vpnHelper> Title: Router Slowdown - DD-WRT Wiki (at www.dd-wrt.com)
12:41 < Saturn286> yeah, heard about these
12:41 < Saturn286> i am still undecided if i should install dd-wrt
12:43 < Saturn286> i don't think it's because it's slow. It usually tries to get the maximum from the network when it can. 100 mbit in torrent with large amount of seeders - no problem
12:44 < skyroveRR> Hmm.
12:45 < Saturn286> i have a DDNS client option disabled in the firewall settings, does it matter?
12:45 < skyroveRR> Nah.
12:47 < Saturn286> i can try and connect directly to pc to possibly rull out the router
12:49 < skyroveRR> I'm too exhausted..
12:49 < skyroveRR> Saturn286: maybe we can talk later?
12:49 < skyroveRR> :)
12:49 < Saturn286> sure, thank you very much :)
12:56 -!- Saturn286 [~Saturn812@128-69-61-107.broadband.corbina.ru] has quit [Quit: Leaving]
12:56 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
12:58 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:58 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Client Quit]
13:03 -!- Saturn286 [~Saturn812@2.94.168.44] has joined #openvpn
13:04 < Saturn286> doesn't look like router is a problem. Works fine with lte network
13:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
13:10 -!- FutureTense [~FutureTen@unaffiliated/futuretense] has joined #openvpn
13:11 < FutureTense> When I setup my server.ovpn file, I've used tags to embed the various keys.  I did this because I wanted to make it more portable.
13:12 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:12 < FutureTense> Since I only have an OVPN file, how does one revoke a client?  Is there a revoke command that I can specify the client cert to revoke?
13:14 < Saturn286> skyroveRR, i found a fix! :D
13:14 < FutureTense> I gues what I'm asking, is can I create a <crl-verify> tag?
13:18 -!- user123irc [~user@78-62-111-164.static.zebra.lt] has quit [Remote host closed the connection]
13:22 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
13:23 -!- FutureTense [~FutureTen@unaffiliated/futuretense] has quit [Quit: Leaving]
13:24 < Eugene> To answer FutureTense's question(why don't people stick around?) it doesn't look like you can inline crl-verify, according to the man page. Whether it actually works? I haven't tested
13:25 -!- nsgn [~nsgn@rrcs-24-173-44-210.sw.biz.rr.com] has joined #openvpn
13:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
13:26 < nsgn> so i've got a working point to point openvpn tunnel between two of our offices. i need just one computer in office B to appear to the world to be surfing from office A's public IP. i can't figure out how to get all traffic from this computer to go over the vpn when openvpn isnt running on the computer itself. it's on the router at each office.
13:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:29 < Eugene> nsgn - you'll need to deal with policy routing to do that
13:30 < nsgn> Eugene, on the workstation or on the router?
13:30 < Eugene> On the router
13:30 < Eugene> Add a second routing table, add a rule that traffic from the workstation uses that table
13:31 < nsgn> alright. will have to figure out how to do that on the wonkiness that is edgeos/vy
13:31 < Eugene> I'm so sorry
13:31 < nsgn> hehe
13:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
13:33 < nsgn> just seems there could/should be a way to get this from the workstation only. if it can route successfully to the gateway why couldn't it?
13:46 -!- nsgn [~nsgn@rrcs-24-173-44-210.sw.biz.rr.com] has quit [Ping timeout: 244 seconds]
13:47  * m3n3chm0 nasZ
14:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:08 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
14:14 -!- nl6720 [~nl6720@62.85.17.131] has quit [Quit: IRC for Sailfish 0.9]
14:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:23 -!- Tenhi [~tenhi@178.18.241.180] has quit [Read error: Connection reset by peer]
14:26 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
14:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:49 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:55 -!- u0m3 [~u0m3@92.80.92.123] has quit [Read error: Connection reset by peer]
15:02 -!- dmilith is now known as dmilith2
15:08 < lazypower> Greetings, i'm attemping to setup a VPN so I can access a host only vlan for my virtual machines in a lab. My primary networking range is 10.0.10.0/24, while the VM network is 192.168.100.0 - i think i setup the bridging properly by setting the device to a TAP, with the following config http://paste.ubuntu.com/12569806/   	i have verified there is no firewall running, when i connect i see the 192.168.100 route show up in netstat -nr,
15:08 < lazypower>  however pinging hosts that i can reach on the server, are not reachable from the client. I feel like this is a possible routing issue but i'm not sure :|
15:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.3-dev]
15:13 -!- u0m3 [~u0m3@92.80.92.123] has joined #openvpn
15:26 < DArqueBishop> lazypower, my first thought is that if the VPN is bridged, then you don't need to push a route to the VPN clients.
15:26 < lazypower> DArqueBishop: i bridged the physical eth0 device on the host, was that the proper device to bridge?
15:26 < lazypower> or should i have bridged with the virbr device used by kvm?
15:27 < DArqueBishop> You should have bridged to the virbr device used by KVM.
15:27 < lazypower> ah, thats probably why things are not working as i expected
15:27 < DArqueBishop> If you're bridging, you need to bridge to the actual network interface you need the VPN clients to communicate with.
15:28 < lazypower> inspecing the hosts routing table, i thought that networking would be inferred if i pushed those routes over the vpn connection
15:28 < lazypower> and the openvpn host (router?) would have handled that translation... i have a lot to learn :)
15:30 < tomodachi> hi guys, im trying to fiddle with my routes after openvpn starts, but having difficulties
15:31 < tomodachi> basically im launching a script in openvpn.conf
15:31 < tomodachi> with the up /myscript.sh syntax
15:31 < tomodachi> I problem is that tun0 is not up yet so script returns error and the entier openvpn connection fails
15:39 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
15:41 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
15:46 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
15:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:48 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
15:49 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
15:54 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
15:54 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
15:56 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
15:56 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
16:02 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
16:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:14 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
16:14 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
16:16 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
16:16 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:24 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
16:27 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
16:38 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has quit [Remote host closed the connection]
16:50 -!- Saturn286 [~Saturn812@2.94.168.44] has quit [Quit: Leaving]
16:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
16:59 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
17:06 -!- not_phunyguy [~ruination@ubuntu/member/phunyguy] has joined #openvpn
17:11 -!- not_phunyguy is now known as phunyguy
17:57 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 246 seconds]
17:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
18:12 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
18:26 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:49 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:51 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
18:57 < Eugene> No joke, I spent two hours last night trying to get a bridge setup going, with absolutely nothing to show for it
18:57 < Eugene> And I'm a so-called openvpn expert
18:57 < Eugene> I ended up saying fuggit and just did a NFS mount over a P2P tun instead
19:05 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
19:37 -!- mbff [~marshall@dyn23-000.res-hall.ndsu.NoDak.edu] has joined #openvpn
19:38 < mbff> Hello! I am running an openvpn client on ubuntu server. Any easy way to implement a kill switch
19:38 < mbff> ?
19:50 < subzero79> mbff what do you mean with kill switch?
19:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:57 < mbff> subzero79, if the openvpn loses connection to the vpn server, it disconnects the internet all together.
19:58 < subzero79> ahh ok
19:59 < subzero79> thinking right now, you can add a down script to flush all the iptables rules and add REJECT rule to the main gateway
19:59 < subzero79> i mean the default gateway, like in your home usually 192.168.0.1
20:00 < Thermi> That's a horrible idea.
20:00 < subzero79> probably
20:00 < subzero79> there must be better ways
20:01 < Thermi> Disable internet access by filtering traffic that goes out of the ethernet port based on the destination. Traffic to the OpenVPN port is fine, anything else is bad.
20:01 < Thermi> Don't build your own rule set from the ground up. Use the templates provided here: https://github.com/QueuingKoala/netfilter-samples
20:01 <@vpnHelper> Title: QueuingKoala/netfilter-samples · GitHub (at github.com)
20:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
20:02 < Thermi> You probably want to allow outgoing DNS etc from the box.
20:03 < mbff> hmmmm this doesn't sound very straightforward/maintainable....
20:13 < Thermi> Is is straightforward and it is maintainable.
20:13 < Thermi> This is the *only* way to do it.
20:25 < mbff> ok good to know.
20:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:39 -!- hennos [~midas8@167.160.44.243] has quit [Quit: Leaving]
20:40 -!- mbff [~marshall@dyn23-000.res-hall.ndsu.NoDak.edu] has quit [Ping timeout: 264 seconds]
20:51 -!- zopsi [~zopsi@zopsi.com] has joined #openvpn
21:05 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
21:14 -!- lazypower [~lazypower@ubuntu/member/lazypower] has quit [Quit: ZNC - http://znc.sourceforge.net]
21:15 -!- lazypower [~lazypower@ubuntu/member/lazypower] has joined #openvpn
21:31 -!- cheesenbiscuits [~cheesenbi@175.145.246.114] has joined #openvpn
21:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
21:53 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
22:01 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has joined #openvpn
22:24 -!- Telvana [~digits@104.231.85.200] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
22:28 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has joined #openvpn
22:28 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has quit []
22:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:45 -!- DrCode [~DrCode@5.28.134.3] has quit [Quit: ZNC - http://znc.in]
22:49 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:59 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
23:06 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
23:30 -!- ShadniX [dagger@p5481CE91.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:30 -!- ShadniX [dagger@p5DDFCD53.dip0.t-ipconnect.de] has joined #openvpn
23:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:47 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 252 seconds]
--- Day changed Sun Sep 27 2015
00:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:17 -!- Tenhi [~tenhi@static.100.25.4.46.clients.your-server.de] has joined #openvpn
01:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 268 seconds]
01:39 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
01:56 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:56 -!- Tenhi_ [~tenhi@178.18.241.180] has joined #openvpn
02:09 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:29 -!- phunyguy [~ruination@ubuntu/member/phunyguy] has left #openvpn []
02:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:45 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
02:49 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:55 -!- sieve [~Adium@ip5f5aef97.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
02:56 -!- sieve [~Adium@ip5f5aef97.dynamic.kabel-deutschland.de] has joined #openvpn
03:15 -!- sieve [~Adium@ip5f5aef97.dynamic.kabel-deutschland.de] has quit [Quit: Leaving.]
03:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:23 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
03:31 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
03:51 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:55 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
04:21 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:22 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:30 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
04:36 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
05:05 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 256 seconds]
05:14 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
05:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
05:21 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:37 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
05:37 < ValdikSS> Hi everyone
05:37 < ValdikSS> krzee: ping
05:38 < ValdikSS> What do you think, is it possible to make AirVPN client as an official client, replacing openvpn-gui? It's written in mono, cross-platform (Win, Lin, Mac) and works really better than openvpn-gui on Windows
05:38 < ValdikSS> And it's open-source.
05:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:52 -!- Saturn812 [~Saturn812@2.94.168.44] has joined #openvpn
05:55 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Read error: Connection reset by peer]
05:55 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
06:06 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 246 seconds]
06:08 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
06:20 -!- hive-mind [pranq@mail.bbis.us] has quit [Remote host closed the connection]
06:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
06:22 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
06:24 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
06:27 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
06:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
06:32 -!- hennos [~midas8@167.160.44.243] has joined #openvpn
06:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:49 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:54 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:02 -!- cheesenbiscuits [~cheesenbi@175.145.246.114] has quit []
07:11 -!- marlinc is now known as marlinc_
07:11 -!- marlinc_ is now known as marlinc
07:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
07:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
07:44 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
07:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 255 seconds]
07:55 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has joined #openvpn
08:00 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:08 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
08:09 -!- Lycerion [~Lycerion@unaffiliated/lycerion] has quit [Ping timeout: 256 seconds]
09:01 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:30 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Quit: Quit]
09:32 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
09:32 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Remote host closed the connection]
09:33 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
09:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:50 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
09:52 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
10:00 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:00 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Read error: Connection reset by peer]
10:28 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:33 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:41 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
10:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
10:43 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 244 seconds]
10:45 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
10:48 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
10:50 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:59 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:01 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
11:14 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: brb]
11:23 -!- Rad- [44283939@gateway/web/freenode/ip.68.40.57.57] has joined #openvpn
11:24 < Rad-> !welcome
11:24 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
11:24 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:24 < Rad-> !howto
11:24 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:24 < Rad-> !goal
11:24 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:26 < Rad-> Hi. I'm trying to access the internet through my VPN and I'm getting weird errors. I used this guide to install on my server: https://help.ubuntu.com/lts/serverguide/openvpn.html
11:26 <@vpnHelper> Title: OpenVPN (at help.ubuntu.com)
11:26 < Rad-> However, I'm having trouble client side.
11:27 < Rad-> It appears to be running (not sure because client side says address in use?) but it doesn't use vpn's IP address in client browser.
12:11 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
12:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 244 seconds]
12:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:50 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
12:51 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
12:54 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
12:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:06 -!- DrCode [~DrCode@5.28.134.3] has quit [Read error: Connection reset by peer]
13:15 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
13:33 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
13:35 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
13:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:37 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
13:39 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
13:39 < chamunks> Can I set openvpn in /etc/server.conf to accept connections from more than just the default port or can I only change the port to one other port.
13:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:51 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Quit: Exiting]
13:53 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
14:17 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
14:30 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has quit [Quit: I'll be back!]
14:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
14:41 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
14:47 < eliasp> chamunks: I faced the same issue when trying to get through a company firewall… only IPSec/500/UDP was allowed, so I set up a masquerading rule on my server which locally redirected traffic incoming on port 500 to 1194
14:48 < Eugene> That's not a bad alt-port idea, I may have to add that to my list
14:48 < chamunks> eliasp do you have an example of how you managed that?
14:48 < Eugene> iptables -A PREROUTING -p udp -m udp --dport N -j DNAT --to-destination 1.2.3.4:1194
14:49 < chamunks> Oh iptables how I really really need to spend a weekend getting to know you better...
14:50 < Eugene> This diagram makes it pretty easy http://www.linuxhomenetworking.com/wiki/images/f/f0/Iptables.gif
14:50 < Eugene> Everything past that is syntax memorization
14:51 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
14:51 < chamunks> Eugene oh nice.
14:52 < chamunks> Also Eugene  in your example I don't see the incoming port number.
14:52 < chamunks> --dport N
14:53 < chamunks> I'm guessing N=portno?
14:53 < Eugene> Correctamundo
14:53 < chamunks> Okay also whats a good outbound port scanning tech that could work for my poor windows 10 friend who needs to get past this firewall.
14:53 < Thermi> Eugene: Please use this graph: inai.de/images/nf-packet-flow.png
14:54 < Eugene> Good question! I have no answer
14:54 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 240 seconds]
14:54 -!- baetheus [~brandon@null.pub] has quit [Ping timeout: 240 seconds]
14:54 < Eugene> You're not my real mom
14:54 < Thermi> That graph is from Netfilter people.
14:54 < Eugene> I.... don't care?
14:55 < Thermi> okay.
14:55 < chamunks> facedesk
14:55 < chamunks> I'll check it out either way.
14:55 < chamunks> I just need something now to see what port will actually succeed leaving this guys network.
14:55 < chamunks> Do you think we could just use 443 or something?
14:55 < Eugene> 53, 443, 500 are all good choices
14:55 < Thermi> chamunks: The ISP filters traffic based on the destination port?
14:55 < chamunks> Its some University firewall.
14:56 < Eugene> If nothing else, run TCP mode on 20+80+443
14:56 < chamunks> They likely dont actually care if you can use it for stuff but mostly care if they can be nailed for it.
14:56 < Thermi> chamunks: Ah. Try some ports that are usually used. Like the FTP ports, ssh, HTTP(S), ...
14:58 -!- Johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
14:59 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
14:59 -!- Johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
15:01 -!- baetheus [~brandon@null.pub] has joined #openvpn
15:02 < chamunks> Also iptables -A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 142.###.###.###:1194
15:02 < chamunks> returns with iptables: No chain/target/match by that name.
15:02 < Thermi> chamunks: You forgot -t nat.
15:03 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
15:04 < chamunks> I mean forget would mean I would know more about iptables but is there a specific location I should throw that in?
15:04 < chamunks> Thermi still pretty afraid of iptables I don't tend to want to lock myself out of my own machines in the datacenter.
15:05 < chamunks> Especially since my IPMI never seems to want to load.
15:05 < Thermi> chamunks: Then delegate the task to someone who knows, if you're too afraid.
15:05 < chamunks> heh no the only option is me I just mean I've just not learned that much so the logic you'd expect me to know is not there yet.
15:06 < Thermi> Then start learning. Here inai.de/images/nf-packet-flow.png and here http://inai.de/links/iptables/
15:06 <@vpnHelper> Title: j.eng's site (at inai.de)
15:06 < Thermi> A tutorial is in the bottom section
15:06 < chamunks> I just don't know where exactly to put -t nat so if I did it I'd do something like  iptables -A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 142.###.###.###:1194 -t nat
15:06 < Thermi> iptables -t nat -A PREROUTING ...
15:06 < chamunks> <3
15:07 < Thermi> Conveniently keep stuff together that belongs together.
15:07 < chamunks> I have a very frustrating way of learning I need to see a few functional examples before it sticks.
15:13 < chamunks> Excellent that works great.  Now to go through and keep these rules loaded.  But I'll do that eventually I just needed to make sure this guy had no excuses why he wasn't doing work.
15:19 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
15:27 -!- Saturn812 [~Saturn812@2.94.168.44] has quit [Quit: Leaving]
15:27 -!- dmilith2 is now known as dmilith
15:28 < f31n> hi, i've got a problem here i can't solve with google. what do i have: a server with openvpn, and an ipsec tunnel to an aws instance from that server
15:28 < f31n> what does work: i can ping from the client the server but not the aws
15:28 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:28 < f31n> but i can ping the client and the server from the aws instance
15:28 < f31n> i followed this tutorial: https://docs.openvpn.net/how-to-tutorialsguides/administration/extending-vpn-connectivity-to-amazon-aws-vpc-using-aws-vpc-vpn-gateway-service/
15:29 <@vpnHelper> Title: Extending VPN Connectivity to Amazon AWS VPC using AWS VPC VPN Gateway Service | Documentation (at docs.openvpn.net)
15:29 < f31n> does anyone has a clue why i can't ping the aws instance from my client?
15:30 < Thermi> f31n: Immediately tear down the ipsec setup. That doc is horribly wrong.
15:30 < f31n> okay and whats the proper setup?
15:32 < Thermi> f31n: What strongSwan version are you running?
15:33 < Thermi> And what is your ipsec.conf?
15:33 < f31n> Linux strongSwan U5.2.1/K3.16.0-4-686-pae
15:34 < f31n> http://nopaste.linux-dev.org/?770501
15:35 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
15:35 < Thermi> f31n: Okay. It looks likle you only use one tunnel.
15:36 < Thermi> f31n: What's the output of "ipsec statusall"?
15:36 < f31n> yes, cause if i use two tunnel it's not working at all
15:37 < f31n> http://nopaste.linux-dev.org/?770502
15:37 < Thermi> f31n: Remove the "leftupdown" option in statusall, remove the "installpolicy" option, down the tunnel, reload the configuration
15:38 < Thermi> f31n: In what subnets are your OpenVPN clients?
15:39 < f31n> 10.100.0.0/24
15:40 < Thermi> Did you enable ip forwarding in sysctl? What are your iptables rules?
15:41 < f31n> yes i enabled forwarding; iptables -L is emty
15:41 < Thermi> f31n: Show me "iptables-save".
15:42 < f31n> http://nopaste.linux-dev.org/?770503
15:43 < Thermi> f31n: Is the tunnel up? "ipsec statusall".
15:43 < f31n> http://nopaste.linux-dev.org/?770504
15:43 < f31n> yes its upagain
15:43 < Thermi> Good. Try pinging.
15:44 < f31n> with "down the tunnel" you meant to restart the tunnel or?
15:44 < Thermi> No, "ipsec down <conn>".
15:45 < f31n> okay did that too
15:45 < Thermi> Then reload the configuration and start the tunnel again. Then try pinging.
15:47 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
15:47 < f31n> okay is up again now i can't ping the aws client from the server any more
15:47 < Thermi> aws client?
15:48 < f31n> sry
15:48 < f31n> now i can't ping the aws from the server anymore
15:48 < f31n> -client ... i'm starting to get tired
15:48 < Thermi> You can't ping the client from the server anymore?
15:50 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
15:50 < f31n> i can ping server -> openvpn client, ec2 -> server, ec2 -> openvpn client, openvpn client -> server
15:50 < Thermi> what is ec2 for you now? aws?
15:51 < f31n> yes aws ec2 instance
15:51 < Thermi> Show me route table 220, please.
15:52 < f31n> http://nopaste.linux-dev.org/?770514
15:53 < Thermi> "ip route show table 22".
15:53 < Thermi> *220
15:53 < f31n> sorry, 172.31.0.0/16 via 144.76.73.1 dev br0  proto static  src 10.100.0.1
15:54 < Thermi> And you really can't ping a host in 172.31.0.0/16?
15:54 < Thermi> Please show me "ip rule".
15:54 < f31n> i was able before
15:55 < f31n> http://nopaste.linux-dev.org/?770515
15:56 < Thermi> Interesting. Try ping -I 10.100.0.1 <destination>
15:57 < f31n> http://nopaste.linux-dev.org/?770516
15:57 < Thermi> Show me "ipsec statusall".
15:57 < f31n> was wrong, was a small l not a big i, but the same output
15:57 < f31n> http://nopaste.linux-dev.org/?770517
15:58 < Thermi> " 1260 bytes_o (15 pkts, 25s ago)" <- does that coincident with your pings?
15:59 < f31n> yes
15:59 < f31n> 15 packages in total
16:00 < Thermi> Are you sure the host you're trying to ping is up?
16:01 < f31n> yes, i can ping with this host the server
16:02 < f31n> aw ...
16:02 < Thermi> aw?
16:03 < f31n>  inet addr:172.31.22.83
16:03 < f31n> yes, thats propper, just thought i wrote the sentence wrong
16:03 < Thermi> Hmh. I can't make a rhyme of it.
16:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
16:06 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:06 < f31n> maybe my openvpn config file?
16:07 < Thermi> Are you comfortable with me trying something out?
16:07 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Ping timeout: 250 seconds]
16:07 -!- rbxs [~rbxs@92.63.171.51] has quit [Ping timeout: 246 seconds]
16:07 < Thermi> Nope.
16:07 < f31n> nah, cause i can't even ping from the server
16:07 < f31n> yes absolutely
16:07 < Thermi> The router on the other end is just .... broken.
16:07 < Thermi> Like probably completely busted software wise.
16:07 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
16:08 < f31n> the one i call server?
16:08 < Thermi> No, the AWS endpoint.
16:08 < f31n> ok
16:08 < Thermi> Change your leftsubnet to 0.0.0.0/0, rightsubnet to 0.0.0.0/0, set mark_in 0xe and mark_out 0xe
16:08 -!- magic_ninja [~sparie1@unaffiliated/magic-ninja/x-4708782] has joined #openvpn
16:08 < f31n> maybe a security rule i didn't add?
16:08 < magic_ninja> is there a way to make openvpn choose a server from a list of config files and autoconnect?
16:08 < Thermi> go to /usr/lib/strongswan/ and copy _updown to mark_updown
16:11 < f31n> how do i set the mark_in & mark_out?
16:11 < Thermi> Add "iptables -t mangle -I INPUT -p esp -s ${PLUTO_PEER} -j MARK --set-mark 0xe" and "iptables -t mangle -I POSTROUTING -d ${PLUTO_PEER_CLIENT} -j MARK --set-mark 0xf" to the "up-client" hook and "iptables -t mangle -D INPUT -p esp -s ${PLUTO_PEER} -j MARK --set-mark 0xe" and "iptables -t mangle -D POSTROUTING -d ${PLUTO_PEER_CLIENT} -j MARK --set-mark 0xf" to the "down-client" hook in the mark_updown script
16:11 < Thermi> They are options in the conn section. Just add them.
16:12 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
16:12 < Thermi> Set leftupdown to /usr/lib/strongswan/mark_updown
16:12 < Thermi> If your OS uses selinux or apparmor, you need to disable them for this test or adjust the policies/selinux contexts of the file
16:16 -!- magic_ninja [~sparie1@unaffiliated/magic-ninja/x-4708782] has quit [Ping timeout: 265 seconds]
16:16 < f31n> where should i add these rules?
16:16 < Thermi> In the mark_updown script in the hooks I mentioned
16:17 < Thermi> Look for this string: # connection to my client subnet coming up
16:22 < f31n> got a syntax error
16:23 < Thermi> Show me.
16:24 < f31n> http://nopaste.linux-dev.org/?770526
16:24 < f31n> 31 &32
16:25 < Thermi> Of course. You didn't indent it and didn't add equal signs in between the name and the value
16:26 < f31n> good one, now its working
16:27 < f31n> and now?
16:28 < Thermi> "ipsec up <conn>"
16:28 < Thermi> And reload the configuration beforehand, of course.
16:29 < f31n> thats more or less the same like ipsec restart or?
16:29 < Thermi> "ipsec update"
16:29 < f31n> okay
16:30 < f31n> http://nopaste.linux-dev.org/?770527
16:31 < Thermi> works?
16:31 < f31n> no ping no
16:32 < Thermi> "ipsec statusall", please.
16:32 < Thermi> And set leftsubnet to 0.0.0.0/0
16:33 < f31n> http://nopaste.linux-dev.org/?770528
16:33 < f31n> okay
16:33 < f31n> now we made progress
16:33 < Thermi> Works?
16:35 < f31n> now i can ping the ec2 from the server
16:35 < Thermi> The AWS router is crap
16:35 < f31n> but not from the openvpn client
16:35 < Thermi> Diagnosis complete.
16:35 < f31n> xD
16:35 < Thermi> Interesting.
16:36 < f31n> so now the problem is on my server cause the openvpn gets not redirected to the aws or?
16:37 < Thermi> Try iptables -t mangle -I FORWARD -s 10.100.0.0/24 -d <awsnet> -j MARK --set-mark 0xf
16:39 < f31n> you mean the ip of right?
16:39 < Thermi> No, the subnet of your ec2 instance
16:40 < f31n> ping from the server isn't working any more
16:40 < Thermi> What?
16:40 < Thermi> Traffic from your host doesn't even pass through that chain
16:41 < f31n> what the heck i can't ping my server any more?
16:41 < Thermi> What did you enter into -d ?
16:42 < f31n>  172.31.0.0/16
16:42 < Thermi> Where from are you connecting to the server?
16:44 < f31n> i'm in austria, my server stands at the hetzner farm, and the aws is located in frankfurt
16:44 < Thermi> IP wise.
16:45 < f31n> 10.100.0.6 is the openvpn client's ip
16:45 < f31n> 10.100.0.1 is the openvpn servers ip
16:45 < Thermi> And you're connecting from there?
16:45 < Thermi> You're pinging from 10.100.0.6 to 10.100.0.1?
16:46 < f31n> yes that is what i'm trying
16:47 < Thermi> It makes no sense. 0.
16:47 < Thermi> Everything. It makes no sense. Whatsoever.
16:48 < Thermi> Hmh.
16:48 < Thermi> Show me table 220, please. ip route show table 220.
16:48 < f31n> default via 144.76.73.1 dev br0  proto static
16:49 < f31n> http://nopaste.linux-dev.org/?770537
16:49 < Thermi> There's the problem. Set 'charon.install_routes' in strongswan.conf, please and restart strongswan.
16:49 < Thermi> Make sure you understand the dot syntax.
16:50 < Thermi> The install_routes thing goes into the charon{} section. Set it to "yes".
16:50 < Thermi> Uhm, I mean "no".
16:52 < f31n> http://nopaste.linux-dev.org/?770538
16:53 < f31n> ping openvpn client -> server working
16:53 < Thermi> Yup.
16:53 < Thermi> And client to aws?
16:53 < f31n> nop
16:53 < f31n> and server to aws neither
16:53 < Thermi> Please show me your routing table "ip route show".
16:54 < f31n> http://nopaste.linux-dev.org/?770539
16:55 < Thermi> "ip route add 172.31.0.0/16 via 144.76.73.1 src 10.100.0.1"
16:56 < f31n> 73.1?
16:56 < f31n> .18?
16:56 < Thermi> .1
16:56 < f31n> ok
16:56 < Thermi> Please show me "sysctl -A | grep forwarding".
16:57 < f31n> http://nopaste.linux-dev.org/?770540
16:58 < Thermi> sysctl -A | grep ip_foward
16:58 < f31n> empty
16:58 < Thermi> *forward
16:59 < f31n> net.ipv4.ip_forward = 1
16:59 < f31n> net.ipv4.ip_forward_use_pmtu = 0
16:59 < Thermi> looks fine.
17:00 < f31n> ah yes, i just checked aws -> server & client can't ping any more
17:00 < Thermi> ?
17:01 < f31n> at the moment there works only one ping client -> server
17:01 < f31n> but nothing else
17:01 < Thermi> It makes no sense.
17:01 < f31n> since we added the 2 last rules it sopped to work with the ping server -> aws
17:02 < f31n> but client -> server is working again
17:04 < Thermi> *shrug*
17:04 < f31n> rm -fr / ?
17:04 < Thermi> it makes no sense.
17:05 < Thermi> dd if=/dev/zero of=/dev/sda
17:05 < f31n> :D
17:10 < Thermi> Too much broken shit around
17:15 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.3]
17:15 < f31n> grml
17:18 < f31n> when i put out the mangle rule you gave me i can ping aws again
17:20 < Rad-> Hi
17:21 < Rad-> I have no idea what I'm doing wrong. I followed this guide
17:21 < Rad-> It seems successful on the client side but..... I can't connect via server IP?
17:22 < Rad-> !configs
17:22 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:22 < Rad-> !logs
17:22 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
17:23 < Rad-> Here are my client logs.
17:23 < Rad-> http://pastebin.com/92GVMhAb
17:24 < Rad-> !logfile
17:24 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
17:29 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 250 seconds]
17:32 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 268 seconds]
17:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:42 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:46 < Rad-> is part of the guide wrong or..?
17:53 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
17:56 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
17:57 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:59 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
18:03 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
18:06 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
18:17 -!- nsgn [~nsgn@rrcs-24-173-44-210.sw.biz.rr.com] has joined #openvpn
18:18 < nsgn> i've got a tap bridge with linux (centos) as the client but for the life of me I can't get the static IP address I want on the tap0 interface once openvpn is up
18:20 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Ping timeout: 246 seconds]
18:25 < Thermi> nsgn: That's because the IP belongs onto the bridge device, not onto the slaves.
18:25 < Thermi> Rad-: What guide?
18:25 < nsgn> i figured it out. i was doing something dumb 5 lines up in the config and just too blind to see it
18:25 < Thermi> Rad-: And what's your config?
18:25 < nsgn> i was overriding myself
18:25 < nsgn> works like a charm now
18:26 < Rad-> Thermi:  https://help.ubuntu.com/lts/serverguide/openvpn.html
18:26 <@vpnHelper> Title: OpenVPN (at help.ubuntu.com)
18:27 < Thermi> Rad-: Again, what is your configuration?
18:27 < Rad-> client config Thermi http://pastebin.com/8smdDuX5
18:27 < Rad-> give me a second =P
18:28 < Thermi> Sun Sep 27 12:43:48 2015 TLS Error: local/remote TLS keys are out of sync: [AF_INET]159.203.6.206:1194 [0] <- looks like a TLS problem
18:29 < Rad-> Thermi: http://sprunge.us/YMTN
18:29 < Rad-> meh. i've never worked with encryption before.
18:30 < Rad-> any idea what i'm looking for?
18:30 < Thermi> It currently looks like OpenSSL is broken or something
18:31 < Rad-> .... one might question if i installed that
18:32 < Rad-> i'm trying this on  a completely new vps so... might have forgotten a few things i suppose
18:32 < Rad-> comes installed.
18:32 < Rad-> er?
18:34 < Thermi> Rad-: Look for an open bug that matches your problem: https://community.openvpn.net/openvpn/report/1
18:34 <@vpnHelper> Title: {1} Active Tickets – OpenVPN Community (at community.openvpn.net)
18:35 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 268 seconds]
18:37 < Rad-> Don't see one
18:37 < Rad-> so it's not an error on my end?
18:37 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
18:37 < Thermi> I doubt it
18:38 < nsgn> clear
18:38 < Thermi> Unless youd did a stupid error that OpenVPN did not match
18:38 < nsgn> hahaha
18:38 < nsgn> this is not the shell
18:38 < Thermi> s/match/find/
18:38 < Thermi> \00
18:40 -!- adek [~adek@104.156.228.115] has joined #openvpn
18:40 < nsgn> alright, i thought i had this but i've still got an issue. whenever i bring up openvpn it can't complete the connection because the moment it brings up the tap0 interface the gateway somehow gets removed from my eth0 interface and nothing can find the internet until i take eth0 down and up again. try to start openvpn again after that and it all just happens again. wtf?
18:41 < Rad-> notepad doesn't have find and replace function
18:41 < Rad-> why doesn't notepad have find and replace function
18:42 < Rad-> oh. it does it's under a different thing -_-
18:42 < Rad-> Thermi: http://pastebin.com/fMMn2XC5
18:45 < Thermi> Rad-: Problem is on the Windows side.
18:46 < Rad-> ok ty
18:46 -!- liriel [~liriel@185.21.217.6] has quit [Quit: bye]
18:47 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 240 seconds]
18:47 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
18:47 < nsgn> well i'm stumped here. if i bring up tap0 the gateway changes to the remote side of the bridge's gateway (which is what I want) but this ends up in the openvpn connection being interrupted so i end up with no connectivity at all
18:48 < Rad-> eh google gives me this; http://www.sparklabs.com/forum/viewtopic.php?f=3&t=1685
18:48 <@vpnHelper> Title: SparkLabs Forum View topic - TLS Keys are out of Sync (at www.sparklabs.com)
18:52 < Rad-> i'm going to try to set it to be using tcp
18:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 255 seconds]
18:54 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 246 seconds]
18:56 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
18:56 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
19:04 -!- Rad- [44283939@gateway/web/freenode/ip.68.40.57.57] has quit [Ping timeout: 246 seconds]
19:05 < Thermi> nsgn: *whisper* policy based routing and marks *whisper*
19:05 -!- adek [~adek@104.156.228.115] has quit [Remote host closed the connection]
19:05 < nsgn> Thermi, and marks?
19:05 < Thermi> nsgn: Pay the man page for openvpn a visit and look for --mark
19:05 < nsgn> roger that
19:07 < nsgn> Thermi, Ah. I see. You mark the openvpn packets and then use policy to keep those to the gateway i want
19:11 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 255 seconds]
19:18 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
19:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:54 -!- nsgn [~nsgn@rrcs-24-173-44-210.sw.biz.rr.com] has quit [Quit: Leaving]
19:57 -!- toli [~toli@ip-62-235-44-109.dial.scarlet.be] has quit [Ping timeout: 246 seconds]
19:58 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
19:59 -!- toli [~toli@ip-62-235-197-45.dsl.scarlet.be] has joined #openvpn
20:04 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
20:06 -!- s7eele [~AndChat52@gateway/vpn/privateinternetaccess/s7eele] has quit [Remote host closed the connection]
20:07 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
20:08 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
20:11 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
20:34 -!- u0m3_ [~u0m3@92.80.92.123] has joined #openvpn
20:36 -!- crane [~crane@chat.craneworks.de] has quit [Ping timeout: 256 seconds]
20:38 -!- crane [~crane@chat.craneworks.de] has joined #openvpn
20:39 -!- eliasp_ [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
20:39 -!- batrick_ [batrick@nmap/developer/batrick] has joined #openvpn
20:39 -!- adapiratr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
20:40 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
20:40 -!- XJR-9_ [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
20:40 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Killed (hobana.freenode.net (Nickname regained by services))]
20:40 -!- XJR-9_ is now known as XJR-9
20:41 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 250 seconds]
20:41 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 250 seconds]
20:41 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 250 seconds]
20:41 -!- canci [~nobody@46.101.195.4] has quit [Ping timeout: 250 seconds]
20:41 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Ping timeout: 250 seconds]
20:41 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 250 seconds]
20:41 -!- u0m3 [~u0m3@92.80.92.123] has quit [Ping timeout: 250 seconds]
20:41 -!- esde [~something@openvpn/user/esde] has quit [Ping timeout: 250 seconds]
20:41 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
20:41 -!- tapout_ [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
20:41 -!- Visual` [~visualsta@unaffiliated/visualstation] has quit [Ping timeout: 250 seconds]
20:41 -!- tomputer [tom@server.tomputer.nl] has quit [Ping timeout: 250 seconds]
20:41 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Ping timeout: 250 seconds]
20:41 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 250 seconds]
20:41 -!- colo-work [~jt@78.142.138.4] has quit [Ping timeout: 250 seconds]
20:41 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Ping timeout: 250 seconds]
20:41 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Ping timeout: 250 seconds]
20:41 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 250 seconds]
20:41 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 250 seconds]
20:41 -!- tomodachi [~tomodachi@s-000802a0bdd3.04-30-73746f34.cust.bredbandsbolaget.se] has quit [Ping timeout: 250 seconds]
20:41 -!- atabtr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 250 seconds]
20:41 -!- lazypower [~lazypower@ubuntu/member/lazypower] has quit [Ping timeout: 250 seconds]
20:41 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 250 seconds]
20:42 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
20:43 -!- Exagone313 [exa@elou.world] has joined #openvpn
20:44 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
20:44 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
20:44 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
20:44 -!- lazypower [~lazypower@ubuntu/member/lazypower] has joined #openvpn
20:44 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has joined #openvpn
20:45 -!- esde [~something@openvpn/user/esde] has joined #openvpn
20:45 -!- mode/#openvpn [+v esde] by ChanServ
20:45 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 246 seconds]
20:46 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
20:48 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
20:49 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
20:53 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
21:01 -!- hennos [~midas8@167.160.44.243] has quit [Quit: Leaving]
21:24 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:32 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 250 seconds]
21:36 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
21:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:44 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
21:44 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 265 seconds]
21:45 -!- trumee_ is now known as trumee
21:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
21:53 -!- trumee_ [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
21:53 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 264 seconds]
21:53 -!- trumee_ is now known as trumee
22:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:17 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 252 seconds]
22:21 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
22:30 -!- CGML_ is now known as CGML
22:36 -!- quantic [quantic@unaffiliated/quantic] has joined #openvpn
22:38 < quantic> !welcome
22:38 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
22:38 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
22:38 < quantic> Wow, that's awesome. First time I've seen a channel with a welcome that actually DOES hit most of the pain points.
22:40 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.2]
22:41 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:46 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 268 seconds]
22:46 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
22:47 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
23:17 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
23:31 -!- ShadniX [dagger@p5DDFCD53.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:32 -!- ShadniX [dagger@p5DDFC8D4.dip0.t-ipconnect.de] has joined #openvpn
23:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:42 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-mksegadecpkrfqnm] has quit []
23:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
23:42 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-zytruccoesvzrocs] has joined #openvpn
23:42 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-zytruccoesvzrocs] has left #openvpn []
23:59 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Mon Sep 28 2015
00:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:19 -!- mode/#openvpn [+o mattock1] by ChanServ
00:35 < quantic> doh. I just spent the last hour troubleshooting replay issues only to find out that it was my ISP having issues.
00:40 -!- showaz [~showaz@unaffiliated/showaz] has quit []
00:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:02 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has joined #openvpn
01:14 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:27 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:33 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
01:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:33 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
02:49 -!- ghostboarder [~johngalt@S010674ea3aff6a9f.va.shawcable.net] has quit []
03:01 -!- rbxs [~rbxs@92.63.171.51] has joined #openvpn
03:09 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Ping timeout: 268 seconds]
03:13 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
03:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:27 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
03:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 252 seconds]
03:28 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Max SendQ exceeded]
03:28 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
03:29 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Max SendQ exceeded]
03:30 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
03:31 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Max SendQ exceeded]
03:33 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
03:33 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:33 < nestandi> morn... need a hint with my open vpn dd-wrt solution... my lan connects to another lan over vpn... everything is smooth... also remote connection over openvpn works into my  lan is working, but if i connect to my lan over vpn and try to ping another host, whis is also connected over vpn, than i get "network is not reacheble"...
03:34 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Max SendQ exceeded]
03:36 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
03:36 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Max SendQ exceeded]
03:39 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
03:39 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Max SendQ exceeded]
03:44 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
03:44 < nestandi> morn... need a hint with my open vpn dd-wrt solution... my lan connects to another lan over vpn... everything is smooth... also remote connection over openvpn works into my  lan is working, but if i connect to my lan over vpn and try to ping another host, whis is also connected over vpn, than i get "network is not reacheble"...
03:48 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
04:08 -!- eliasp_ is now known as eliasp
04:22 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Ping timeout: 244 seconds]
04:23 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
04:28 -!- abbe [having@badti.me] has quit [Quit: “Everytime that we are together, it's always estatically palpitating!”]
04:28 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:36 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
04:58 -!- MyNameIsJared [~MyNameIsJ@212-129-42-52.rev.poneytelecom.eu] has quit [Ping timeout: 265 seconds]
05:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 256 seconds]
05:17 -!- gardar [~gardar@bnc.giraffi.net] has quit [Ping timeout: 246 seconds]
05:19 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
05:19 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
05:31 -!- michaelhart_ [~michaelha@192-0-241-148.cpe.teksavvy.com] has joined #openvpn
05:33 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has quit [Ping timeout: 250 seconds]
05:33 -!- michaelhart_ is now known as michaelhart
05:36 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has quit [Quit: ZNC - http://znc.in]
05:38 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has joined #openvpn
05:40 -!- michaelhart [~michaelha@192-0-241-148.cpe.teksavvy.com] has quit [Quit: michaelhart]
05:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
05:45 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
05:50 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
05:51 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
05:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:59 -!- Crew-L-T [~Crew-L-T@114-22-8.connect.netcom.no] has joined #openvpn
05:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:05 -!- iokill [~dave@pippin.sigma-star.at] has joined #openvpn
06:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:16 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Quit: nestandi]
06:18 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:20 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 265 seconds]
06:25 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:26 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
06:29 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 244 seconds]
06:32 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
06:35 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
06:36 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
06:42 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
06:46 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
07:02 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
07:02 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:10 -!- michaelhart [~michaelha@72.143.126.234] has joined #openvpn
07:21 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 246 seconds]
07:21 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
07:23 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
07:24 -!- MastaG [d54b0d47@gateway/web/freenode/ip.213.75.13.71] has joined #openvpn
07:24 < MastaG> i have a question
07:24 < MastaG> I'd like to use RC4 for the cipher
07:24 < MastaG> but it refuses
07:24 < MastaG> Cipher 'RC4' uses a mode not supported by OpenVPN
07:24 < MastaG> CBC mode is always supported, while CFB and OFB modes are supported only when using SSL/TLS authentication and key exchange mode, and when OpenVPN has been built with ALLOW_NON_CBC_CIPHERS.
07:25 < MastaG> I'm using OpenVPN 2.3.2 and the source code has the define by default: src/openvpn/crypto.h:#define ALLOW_NON_CBC_CIPHERS
07:26 < MastaG> why does it still refuse?
07:27 < MastaG> here my config: http://pastebin.com/rynanY8N
07:28 < MastaG> im using tls-auth
07:41 <@plai> RC4 is not a cipher mode
07:43 < Crew-L-T> hi, i have a openvpn server behind a iptables fw, which i'm dnat'ing the connections to, but for some reason i can not connect. what am i doing wrong?
07:43 < Crew-L-T> the fw is a masquerading fw
07:43 < Crew-L-T> i can reach the server, but the connect fails
07:44 <@plai> and OpenVPN by design (lossy connection) needs IV in ciphers for them to work/be secure
07:45 < Crew-L-T> i get the error: TLS Warning: no data channel send key available
07:45 < Crew-L-T> in my logs
07:45 < Crew-L-T> the tls keys are set up and working
07:45 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
07:46 <@plai> and rc4 is considered broken and should not be used anymore
07:58 -!- Crew-L-T [~Crew-L-T@114-22-8.connect.netcom.no] has quit [Ping timeout: 252 seconds]
08:00 < MastaG> @plai I understand and accept the risks
08:00 < MastaG> the problem is that my device is a little low on cpu cycles
08:00 < MastaG> and I'd like to play movies over nfs
08:01 < MastaG> bf-cbc and aes-128-cbc just don't cut it at 600Kbyte/s
08:07 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
08:08 <@plai> MastaG: have you tested with no encryption?
08:08 <@plai> to get a upper limits?
08:08 <@plai> !no-enc
08:08 <@plai> !noenc
08:08 <@vpnHelper> "noenc" is (#1) if you're going to disable encryption, you might as well build a GRE tunnel or (#2) Reference --cipher in the manpage (--auth may also be useful to review)
08:11 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
08:14 < MastaG> without encryption I get like 2.5Mbyte/s which is more than enough for playing 8GB mkv files
08:15 < MastaG> but buffer sizes seem to impact performance as well now with: tun-mtu 48000, fragment 0 and mssfix 0 I get like 1.1Mbyte/s on aes-128-cbc
08:15 < MastaG> I'm going to tweak the rsize and wsize too for the nfs share
08:22 <@plai> syzzer has some aes-aead patches, not sure how ready they are
08:22 <@plai> but they should also speed up encryption a bit (especially on aes-ni cpus)
08:26 < MastaG> and with sndbuf 0 and rcvbuf 0 1.8Mbyte/s so I'm happy
08:27 < MastaG> it's actually a 700MHz mips single core satellite receiver running linux (enigma2)
08:28 <@plai> oh people still use these things?
08:29 < MastaG> yeah, there's many plugin addons for these receivers, one of them called "DreamPlex" which connects to my local plex server
08:29 < MastaG> that's why I need nfs over vpn
08:32 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:32 -!- batrick_ is now known as batrick
08:39 -!- hennos [~midas8@167.160.44.243] has joined #openvpn
08:49 -!- tzica [~tzica@unaffiliated/tzica] has joined #openvpn
08:49 -!- tzica [~tzica@unaffiliated/tzica] has left #openvpn []
08:52 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
08:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:00 -!- MastaG [d54b0d47@gateway/web/freenode/ip.213.75.13.71] has quit [Quit: Page closed]
09:08 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 272 seconds]
09:38 -!- michaelhart [~michaelha@72.143.126.234] has quit [Quit: michaelhart]
09:42 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
09:43 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:43 -!- michaelhart [~michaelha@72.143.126.234] has joined #openvpn
10:08 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:11 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
10:14 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
10:49 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Ping timeout: 264 seconds]
10:52 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
10:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:55 -!- michaelhart [~michaelha@72.143.126.234] has quit [Quit: michaelhart]
10:57 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:03 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:04 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:15 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
11:16 -!- le0 [~le0@unaffiliated/le0] has quit [Remote host closed the connection]
11:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
11:27 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 268 seconds]
11:32 -!- toli [~toli@ip-62-235-197-45.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
11:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:36 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:38 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has joined #openvpn
11:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:40 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:41 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:47 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:49 -!- zune [~zune_free@93-161-225-188-dynamic.dk.customer.tdc.net] has quit [Read error: Connection reset by peer]
11:51 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:04 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:09 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
12:10 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:15 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
12:16 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:21 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
12:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
12:27 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:32 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:40 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has quit [Ping timeout: 246 seconds]
12:43 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has joined #openvpn
12:47 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
12:47 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
12:51 -!- moviuro_ is now known as moviuro
13:02 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has quit [Ping timeout: 246 seconds]
13:04 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has joined #openvpn
13:34 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
13:41 -!- Netsplit *.net <-> *.split quits: AsadH, Exagone313, Brando753
13:42 -!- Netsplit over, joins: Brando753
13:42 -!- Netsplit over, joins: Exagone313
13:47 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has quit [Ping timeout: 246 seconds]
13:48 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has joined #openvpn
13:56 -!- AsadH [~AsadH@unaffiliated/asadh] has joined #openvpn
14:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:13 < dmilith> you never need nfs ;]
14:13 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
14:13 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 246 seconds]
14:13 -!- ki7rw [~ki7rw@216.75.116.100] has joined #openvpn
14:14 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 246 seconds]
14:14 -!- n-st [~n-st@unaffiliated/n-st] has quit [Ping timeout: 246 seconds]
14:16 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
14:16 -!- mode/#openvpn [+o syzzer] by ChanServ
14:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:17 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
14:18 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 250 seconds]
14:18 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
14:21 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:24  * m3n3chm0 nasZ
14:27 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
14:32 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
14:32 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:33 -!- hennos [~midas8@167.160.44.243] has quit [Quit: Leaving]
14:39 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has quit [Ping timeout: 246 seconds]
14:42 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has joined #openvpn
14:43 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has joined #openvpn
14:47 -!- hennos [~midas8@167.160.44.238] has joined #openvpn
15:08 -!- shiriru [~shiriru@77.85.251.196] has quit [Remote host closed the connection]
15:24 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
15:28 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 246 seconds]
15:51 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
15:51 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
15:52 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
15:59 -!- sacredskull [4d62efea@gateway/web/freenode/ip.77.98.239.234] has joined #openvpn
15:59 < sacredskull> is there a way to passthrough a client connection, with another client connection?
16:00 < sacredskull> my VPN provider has a connection limit, and one of my linux boxes uses it, but I'm wondering if I can pass data from my desktop through my linux box?
16:01 < sacredskull> thus only using one connection "mirroring" the client connection?
16:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:12 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
16:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:06 -!- ki7rw [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
17:07 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
17:09 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 250 seconds]
17:10 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
17:11 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 246 seconds]
17:19 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
17:24 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 244 seconds]
17:46 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
18:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:25 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:26 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
18:27 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
18:28 -!- sacredskull [4d62efea@gateway/web/freenode/ip.77.98.239.234] has quit [Quit: Page closed]
18:33 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
18:45 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
18:48 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 252 seconds]
18:50 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 264 seconds]
18:55 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 246 seconds]
19:01 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
19:30 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 255 seconds]
19:34 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
19:35 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Remote host closed the connection]
19:37 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
19:50 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
19:50 -!- esde [~something@openvpn/user/esde] has quit [Ping timeout: 252 seconds]
19:56 -!- esde [~something@openvpn/user/esde] has joined #openvpn
19:56 -!- mode/#openvpn [+v esde] by ChanServ
19:57 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
20:50 -!- hennos [~midas8@167.160.44.238] has quit [Quit: Leaving]
20:54 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Ping timeout: 240 seconds]
20:57 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Quit: Tension, apprehension, and dissension have begun.]
21:03 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
21:39 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has quit [Read error: Connection reset by peer]
21:39 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has joined #openvpn
22:03 -!- zopsi [~zopsi@zopsi.com] has left #openvpn []
22:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:22 -!- AlmogBaku [~almogbaku@79.178.126.90] has joined #openvpn
22:27 -!- AlmogBaku [~almogbaku@79.178.126.90] has quit [Ping timeout: 272 seconds]
23:29 -!- ShadniX [dagger@p5DDFC8D4.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:29 -!- ShadniX_ [dagger@p57941830.dip0.t-ipconnect.de] has joined #openvpn
23:29 -!- ShadniX_ is now known as ShadniX
--- Day changed Tue Sep 29 2015
00:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:15 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:27 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:27 -!- mode/#openvpn [+o mattock1] by ChanServ
00:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:54 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:55 < Saturn812> skyroveRR, i lowered the MTU in client's ovpn file. That fixed it :D
01:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
01:42 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Read error: Connection reset by peer]
01:48 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
01:59 -!- sarlalian [~sarlalian@107.170.239.102] has quit [Quit: WeeChat 0.4.2]
02:05 < skyroveRR> Saturn812: \o/
02:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:15 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
02:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:17 < Saturn812> o/
02:18 < Saturn812> more like slamming the head over the desk. Was a pretty common problem with this ISP actually
02:24 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
02:25 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
02:29 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:41 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
02:42 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
02:54 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
02:54 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:26 -!- HollowPoint [~Alex@62.255.245.182] has joined #openvpn
03:33 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
03:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
03:45 < nestandi> 	i connect to my lan over vpn and try to ping another host, which is also connected over vpn -> i get "network is not reachable"... any help is very welcome :)
04:02 < Neighbour> have you enabled 'client-to-client' on your vpn server?
04:17 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has quit [Ping timeout: 246 seconds]
04:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:23 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has joined #openvpn
04:50 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has quit [Quit: ZNC - http://znc.in]
04:52 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has joined #openvpn
04:57 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
05:00 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:09 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
05:12 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
05:20 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
05:29 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 260 seconds]
05:29 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
05:39 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 252 seconds]
05:39 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
05:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:51 -!- speeddragon [~speeddrag@88.210.72.99.rev.optimus.pt] has joined #openvpn
06:03 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has quit [Ping timeout: 255 seconds]
06:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:12 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has joined #openvpn
06:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:26 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Quit: update irc client]
06:41 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
07:03 -!- toli [~toli@ip-62-235-44-37.dial.scarlet.be] has quit [Ping timeout: 246 seconds]
07:15 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
07:30 -!- speeddragon [~speeddrag@88.210.72.99.rev.optimus.pt] has quit [Remote host closed the connection]
07:30 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 256 seconds]
07:31 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
07:42 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:43 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Client Quit]
07:46 -!- speeddragon [~speeddrag@88.210.72.99.rev.optimus.pt] has joined #openvpn
07:51 -!- speeddragon [~speeddrag@88.210.72.99.rev.optimus.pt] has quit [Ping timeout: 265 seconds]
08:07 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
08:12 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:12 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit []
08:18 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:19 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
08:24 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
08:24 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
08:41 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Quit: leaving]
08:42 -!- speeddragon [~speeddrag@88.210.72.99.rev.optimus.pt] has joined #openvpn
08:44 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
08:59 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
09:00 -!- speeddra_ [~speeddrag@89.180.212.34] has joined #openvpn
09:02 -!- speeddragon [~speeddrag@88.210.72.99.rev.optimus.pt] has quit [Ping timeout: 260 seconds]
09:13 -!- speeddragon [~speeddrag@88.210.72.99.rev.optimus.pt] has joined #openvpn
09:15 -!- speeddra_ [~speeddrag@89.180.212.34] has quit [Ping timeout: 252 seconds]
09:18 -!- speeddra_ [~speeddrag@89.180.212.34] has joined #openvpn
09:20 -!- speeddragon [~speeddrag@88.210.72.99.rev.optimus.pt] has quit [Ping timeout: 250 seconds]
09:44 -!- Gaffel [~drone@213.66.78.167] has quit [Quit: ZNC]
09:47 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
10:05 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:10 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
10:11 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
10:12 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
10:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:13 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:15 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
10:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:35 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
10:54 -!- HollowPoint [~Alex@62.255.245.182] has quit [Quit: Leaving]
11:11 -!- r00t^2_ [~bts@g.rainwreck.com] has joined #openvpn
11:13 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 264 seconds]
11:17 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Quit: Bye bye.]
11:20 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
11:24 -!- r00t^2_ is now known as r00t^2
11:42 -!- toli [~toli@ip-81-11-248-139.dsl.scarlet.be] has joined #openvpn
11:58 < chamunks> So I gave a friend a client certificate so that they can bypass some arbitrary network restrictions imposed by his uni.
11:58 < chamunks> Seems his windows 10 wont route traffic through the VPN
12:03 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Read error: Connection reset by peer]
12:06 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
12:07 -!- thor77 [~thor77@communication.crapwa.re] has left #openvpn ["Leaving"]
12:08 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
12:08 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
12:11 -!- hennos [~midas8@167.160.44.227] has joined #openvpn
13:01 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 240 seconds]
13:14 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
13:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:37 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
13:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:53 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:00 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 256 seconds]
14:00 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
14:02 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:12 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
14:14 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
14:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:22 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
14:36 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 256 seconds]
14:37 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
14:38 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
14:39 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
14:41 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
14:42 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
14:43 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
14:44 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
14:44 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
14:48 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 255 seconds]
14:48 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
14:48 -!- homestead [~l4cr0ss@unaffiliated/l4cr0ss] has joined #openvpn
14:49 -!- homestead [~l4cr0ss@unaffiliated/l4cr0ss] has left #openvpn []
14:51 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
14:53 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
14:56 -!- jww [~jww@46.105.182.199] has joined #openvpn
14:56 < jww> Hello.
14:57 < jww> I wish to use keepalived ( vrrp ) on two servers connected trough openvpn.This setup use unicast and I wondered if it's a good idea before starting.
14:59 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
15:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
15:04 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Read error: Connection reset by peer]
15:04 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:28 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
15:29 -!- speeddra_ [~speeddrag@89.180.212.34] has quit [Remote host closed the connection]
15:30 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 246 seconds]
15:31 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
15:32 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
15:32 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
15:33 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 246 seconds]
15:44 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
15:46 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 250 seconds]
15:47 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
15:50 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
16:00 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
16:02 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
16:05 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:24 -!- hennos [~midas8@167.160.44.227] has quit [Ping timeout: 240 seconds]
16:25 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 244 seconds]
16:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:36 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
16:38 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:53 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
17:12 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
17:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
17:19 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
17:20 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 240 seconds]
17:21 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
17:22 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
17:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
17:23 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
17:25 < eelstrebor> does anyone know why i'm getting daemon messages in my log file when i'm trying to run an openvpn client?
17:26 < eelstrebor>  DD-WRT v24-sp2 (08/12/10) vpn
17:33 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 250 seconds]
17:52 -!- ghostboarder [~johngalt@S010654a0506d3c21.va.shawcable.net] has joined #openvpn
17:53 -!- ghostboarder [~johngalt@S010654a0506d3c21.va.shawcable.net] has quit [Client Quit]
17:55 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
18:00 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
18:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
18:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:16 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
18:17 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
18:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:33 -!- ketas- [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
18:34 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 250 seconds]
18:35 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 268 seconds]
18:35 -!- toli [~toli@ip-81-11-248-139.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
18:35 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Ping timeout: 246 seconds]
18:35 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
18:35 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
18:35 -!- Arrakeen [~arrakeen@vh0st.tk] has quit [Ping timeout: 246 seconds]
18:35 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 246 seconds]
18:35 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 246 seconds]
18:35 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
18:35 -!- mete [~mete@91.247.253.160] has quit [Ping timeout: 246 seconds]
18:35 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 246 seconds]
18:35 -!- ltd [z@tyl.wires.net.au] has quit [Ping timeout: 246 seconds]
18:35 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
18:35 -!- mode/#openvpn [+o mattock] by ChanServ
18:35 -!- toli [~toli@ip-81-11-248-139.dsl.scarlet.be] has joined #openvpn
18:35 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 246 seconds]
18:35 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 246 seconds]
18:35 -!- typ [~quassel@unaffiliated/typ] has quit [Ping timeout: 246 seconds]
18:35 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
18:35 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 246 seconds]
18:35 -!- Ssquidly [~squidly@buttle.nnx.com] has quit [Ping timeout: 246 seconds]
18:35 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has quit [Ping timeout: 246 seconds]
18:36 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Ping timeout: 260 seconds]
18:36 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
18:36 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
18:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
18:36 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
18:36 -!- Ssquidly [~squidly@buttle.nnx.com] has joined #openvpn
18:37 -!- Exagone313 [exa@elou.world] has joined #openvpn
18:37 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
18:37 -!- mete [~mete@91.247.253.160] has joined #openvpn
18:38 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
18:40 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:44 -!- thomas_d [~thomas_d@unaffiliated/thomas-d/x-6984210] has joined #openvpn
18:46 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
18:47 -!- madmattco [~quassel@198.251.81.102] has quit [Quit: u wana get bottld cunt?]
18:50 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
18:52 -!- madmattco [~quassel@znc.madboxes.cc] has joined #openvpn
19:00 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 255 seconds]
19:02 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:02 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
19:04 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
19:08 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 268 seconds]
19:10 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 250 seconds]
19:11 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:14 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
19:14 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
19:19 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:22 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:24 -!- quantic [quantic@unaffiliated/quantic] has quit [Quit: leaving]
19:27 -!- MarcoSlater [~MarcoSlat@freenode/sponsor/halothe23] has quit [Quit: Quit]
19:28 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
19:29 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:30 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 268 seconds]
19:40 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
19:59 -!- ketas- is now known as ketas
20:16 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
20:17 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
20:17 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
20:17 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
20:21 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 240 seconds]
20:29 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
20:48 <@krzee> lol
20:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:01 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
21:37 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:40 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
21:40 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
21:41 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has quit [Read error: Connection reset by peer]
21:41 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has joined #openvpn
21:42 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
21:47 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 272 seconds]
21:49 -!- cstk421 [~cstk421@107.17.72.82] has joined #openvpn
21:53 -!- elwoodTX [~elwoodtxt@159.sub-70-196-86.myvzw.com] has joined #openvpn
21:55 -!- mode/#openvpn [+o Eugene] by ChanServ
21:55 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 255 seconds]
22:03 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
22:06 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
22:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:27 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:27 -!- Quadrant [~Justin@bangs.randombitches.net] has joined #openvpn
22:28 < Quadrant> what can i use to send a sighup to openvpn on windows to restart the connection
22:28 < Quadrant> theres some kind of 3rd party kill executable i can download i think right?
22:34 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:34 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:34 -!- cstk421 [~cstk421@107.17.72.82] has quit [Remote host closed the connection]
22:51 -!- sonatagreen [~sonatagre@69-18-23-193.lisco.net] has joined #openvpn
22:52 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
22:52 < sonatagreen> !welcome
22:52 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
22:52 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
22:52 < sonatagreen> !goal
22:52 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
22:53 < sonatagreen> !howto
22:53 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
22:56 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
23:03 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 244 seconds]
23:05 < IronY> Question folks
23:05 < IronY> Ubuntu server , openvpn, private internet access service
23:06 < IronY> every so often the vpn connection resets
23:06 < IronY> what would be the best way to call a script when a new connection is established and the interface becomes availablre
23:06 < IronY> s/availblre/available
23:10 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has quit [Ping timeout: 255 seconds]
23:10 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
23:11 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has joined #openvpn
23:14 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
23:15 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Excess Flood]
23:18 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
23:26 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 244 seconds]
23:28 -!- ShadniX [dagger@p57941830.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:29 -!- ShadniX_ [dagger@p57941958.dip0.t-ipconnect.de] has joined #openvpn
23:29 -!- ShadniX_ is now known as ShadniX
23:29 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
23:36 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 244 seconds]
23:39 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
23:43 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 250 seconds]
23:46 -!- elwoodTX [~elwoodtxt@159.sub-70-196-86.myvzw.com] has quit [Ping timeout: 256 seconds]
--- Day changed Wed Sep 30 2015
00:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:22 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
00:41 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
00:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:43 -!- mode/#openvpn [+o mattock1] by ChanServ
00:51 -!- Johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
00:54 -!- sonatagreen [~sonatagre@69-18-23-193.lisco.net] has left #openvpn ["Leaving"]
00:54 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:13 -!- Quadrant [~Justin@bangs.randombitches.net] has left #openvpn ["Leaving"]
01:18 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
01:27 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
01:31 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 256 seconds]
01:42 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
01:42 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:50 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has quit [Ping timeout: 244 seconds]
01:50 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has joined #openvpn
02:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
02:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:17 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 240 seconds]
02:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:20 -!- HollowPoint [~Alex@62.255.245.182] has joined #openvpn
02:40 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
02:44 -!- MogDog [MogDog@unaffiliated/mogdog66] has joined #openvpn
03:08 -!- arlen is now known as arlen_
03:09 -!- arlen_ is now known as arlen__
03:09 -!- MogDog [MogDog@unaffiliated/mogdog66] has quit [Quit: Server shutdown]
03:09 -!- arlen__ is now known as arlen
03:15 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
03:18 <@krzee> IronY,
03:18 <@krzee> !script
03:18 <@vpnHelper> "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
03:20 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 246 seconds]
03:22 -!- MogDog66 [~MogDog@unaffiliated/mogdog66] has joined #openvpn
03:28 -!- MogDog66 is now known as MogDog
03:41 -!- lama0900 [~Adium@x2f247d6.dyn.telefonica.de] has joined #openvpn
03:42 < lama0900> someone in here, who can help me a little with routing problems (i don't see it) :D
03:42 <@krzee> sure
03:42 <@krzee> !goal
03:42 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
03:44 <@krzee> lama0900
03:44 < lama0900> wait getting pastebinit ready to paste that
03:44 < lama0900> i wanna get access to my lan behind my server
03:44 <@krzee> cool
03:45 <@krzee> !configs
03:45 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
03:45 <@krzee> note the filters to remove comments =]
03:45 < lama0900> yep :) that's what i'm doing next :P
03:47 < lama0900> so server conf: http://sprunge.us/DZAc
03:48 < lama0900> client conf: http://sprunge.us/NQSW
03:49 < lama0900> lan is 10.0.0.0 subnet, vpn is 10.2.0.0
03:49 < lama0900> that's http://sprunge.us/FGWX
03:49 < lama0900> routing table
03:49 < lama0900> from server
03:49 < lama0900> so am i missing a route?
03:50 <@krzee> you only have comp-lzo on one side
03:50 <@krzee> comp-lzo settings should match
03:50 < lama0900> connecting works fine though
03:50 <@krzee> fix it then show me:
03:50 <@krzee> !logs
03:50 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
03:51 <@krzee> !linipforward
03:51 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
03:51 <@krzee> your route is fine, probably ip forwarding issue
03:51 < lama0900> ip forwarding active
03:52 -!- jww [~jww@46.105.182.199] has left #openvpn []
03:52 <@krzee> iptables-save
03:52 < lama0900> no firewall at openvpn server directly
03:53 <@krzee> put iptables -I FORWARD -i tun+ -j ACCEPT anyways
03:53 < lama0900> could you tell me which route is from my 10.2.0.0 to 10.0.0.0 ?
03:53 < lama0900> routing is not my strength :D
03:54 <@krzee> your client is on the 10.0.0.0/24 lan
03:54 <@krzee> you cannot share that same lan over the vpn
03:54 <@krzee> !samesubnet
03:54 <@vpnHelper> "samesubnet" is (#1) clients can not connect to a server pushing its lan if on the same subnet. you can only reach your subnet on layer2 or through your gateway, when you create a route for it you will try to reach your gateway over the vpn which dies because you cant reach your gateway or (#2) you can use --client-nat if on 2.3 to work around changing the subnet, but you should still just change the
03:54 <@vpnHelper> subnet
03:54 <@krzee> is the server and client at the same lan or just happen to be on the same subnet in remote locations?
03:55 <@krzee> i just looked at the routing table
03:55 < lama0900> not same subnet on client
03:55 < lama0900> tried that via mobilephone hotspot
03:56 <@krzee> whats the clients lan ip?
03:56 <@krzee> your routing table you pasted shows its on a 10.0.0.0/24
03:56 < lama0900> 192.168.43.95
03:56 <@krzee> then explain this:
03:57 <@krzee> 0.0.0.0         10.0.0.1        0.0.0.0         UG        0 0          0 eth0
03:57 <@krzee> your default gateway is 10.0.0.1
03:57 < lama0900> for the server yes? :(
03:57 <@krzee> umm
03:57 <@krzee> you're adding routes to the client not the server
03:58 <@krzee> the routing table on the server doesnt change for this ;]
03:58 <@krzee> btw, the ip forwarding needs to be active on the server, not the client
03:58 < lama0900> yes it's active on the server
03:58 <@krzee> ill wait for the connection logs
03:58 <@krzee> !logs
03:58 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
03:59 <@krzee> unless you wanna troubleshoot it without me: theres a flowchart here:
03:59 <@krzee> !serversubnet
03:59 <@krzee> !serverlan
03:59 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
03:59 <@krzee> i made #3 with the questions i would ask you basicallyt
04:00 <@krzee> i havnt been around for awhile, i forgot to go directly to that :D
04:00 < lama0900> i'll get through this chart first :D (i wanna learn something, and not getting fixed everything by other people) :D
04:01 < lama0900> very funny that the first question would be answered with no ;D
04:01 <@krzee> :/
04:01 < lama0900> but i'm connected to it anyway :D
04:02 <@krzee> obviously theres a problem with the vpn itself
04:02 <@krzee> post the logs :-p
04:02 <@krzee> verb 5
04:02 < lama0900> activating server log (how?)
04:02 <@krzee> !logfile
04:02 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
04:02 <@krzee> in !log above "(#4) if you dont know how to find your logs, see !logfile"
04:02 < lama0900> ok thanks
04:04 <@krzee> np
04:05 <@krzee> oh and when it said the vpn ip of the server, you pinged 10.2.0.1 from the client, right?
04:06 < lama0900> yes
04:21 < lama0900> funny
04:21 < lama0900> just the problem with comp-lzo
04:21 < lama0900> thank you
04:21 < lama0900> solved :)
04:21 < lama0900> krzee
04:22 < lama0900> nothing with routes or something else. just the comp-lzo made the whole problem :D great thanks
04:25 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
04:26 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:26 -!- lama0900 [~Adium@x2f247d6.dyn.telefonica.de] has left #openvpn []
04:29 < Saturn812> does it really matter to use iptables over ufw? With latter i at least understand what is going on :)
04:47 -!- dmilith is now known as dmilith2
04:47 -!- dmilith2 is now known as dmilith
04:51 -!- lama0900 [~Adium@x2f24d1e.dyn.telefonica.de] has joined #openvpn
04:57 -!- speeddragon [~speeddrag@89.180.212.34] has joined #openvpn
05:08 -!- lama0900 [~Adium@x2f24d1e.dyn.telefonica.de] has left #openvpn []
05:10 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
05:12 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
05:13 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Remote host closed the connection]
05:14 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
05:48 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
05:54 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:54 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
06:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:10 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Ping timeout: 246 seconds]
06:11 -!- dmilith is now known as dmilith2
06:12 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
06:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:58 -!- hennos [~midas8@167.160.44.211] has joined #openvpn
07:05 -!- speeddragon [~speeddrag@89.180.212.34] has quit [Remote host closed the connection]
07:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
07:22 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
07:22 -!- shio [shio@126.121.101.84.rev.sfr.net] has joined #openvpn
07:25 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 256 seconds]
07:26 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
07:26 -!- SoreGums is now known as SoreGums_
07:26 -!- SoreGums_ is now known as SoreGums
07:35 -!- unexampled [~newuser@unaffiliated/unexampled] has joined #openvpn
07:39 -!- speeddragon [~speeddrag@89.180.212.34] has joined #openvpn
07:41 -!- speeddragon [~speeddrag@89.180.212.34] has quit [Remote host closed the connection]
07:43 -!- APTX_ [~APTX@unaffiliated/aptx] has quit [Ping timeout: 240 seconds]
07:45 -!- speeddragon [~speeddrag@89-180-212-34.net.novis.pt] has joined #openvpn
07:46 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
07:47 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
07:51 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Ping timeout: 255 seconds]
07:58 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
07:59 -!- unexampled [~newuser@unaffiliated/unexampled] has left #openvpn ["Leaving"]
08:22 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Ping timeout: 250 seconds]
08:29 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
08:41 < dionysus69> hello everyone, everything was working until today, client windows computer doesn't get the default gateway on tap adapter and computer looses internet connection when connected to openvpn server. I am redirecting all traffic and I repeat, it was working until today
08:41 < dionysus69> any suggestions ?
08:50 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 240 seconds]
09:07 -!- speeddragon [~speeddrag@89-180-212-34.net.novis.pt] has quit [Remote host closed the connection]
09:09 -!- speeddragon [~speeddrag@89.180.212.34] has joined #openvpn
09:10 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-mkkvivvwpsbikcud] has quit [Quit: Connection closed for inactivity]
09:22 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-dhmpwtxjpubvprag] has joined #openvpn
09:37 -!- HewloThere [65bf2315@gateway/web/freenode/ip.101.191.35.21] has joined #openvpn
09:38 < HewloThere> Heya guys, I've been using OpenVPN fine for a few days but suddenly getting this? http://paste.hewlothere.me/iwogudubub.log
09:40 < HewloThere> Any help I would be very grateful for!
09:43 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:51 -!- speeddragon [~speeddrag@89.180.212.34] has quit [Remote host closed the connection]
09:52 -!- dougquaid [~dougquaid@unaffiliated/dougquaid] has joined #openvpn
09:52 < dougquaid> Is there a GUI for OpenVPN server that makes it easy to generate configs/certs, revoke certs and see the status?
09:54 -!- speeddragon [~speeddrag@89.180.212.34] has joined #openvpn
09:58 < DArqueBishop> HewloThere, it looks like you're not running OpenVPN as admin.
09:59 < HewloThere> On my PC?
09:59 < DArqueBishop> Yeah. OpenVPN requires root/administrator privileges in order to set routes, etc.
10:00 < HewloThere> It seems as if I'm retarded. Thanks a lot!
10:00 < DArqueBishop> No worries. :-)
10:00 < HewloThere> Now back to US Netflix! Yay!
10:01 -!- HollowPoint [~Alex@62.255.245.182] has quit [Quit: Leaving]
10:05 -!- HewloThere [65bf2315@gateway/web/freenode/ip.101.191.35.21] has quit [Ping timeout: 246 seconds]
10:07 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
10:10 -!- u0m3_ [~u0m3@92.80.92.123] has quit [Read error: Connection reset by peer]
10:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:16 -!- u0m3 [~u0m3@92.80.92.123] has joined #openvpn
10:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:28 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
10:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:31 -!- dmilith2 is now known as dmilith
10:33 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
10:35 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
10:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
10:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
10:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:54 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
11:15 < ValdikSS> community is down?
11:16 < skyroveRR> What?
11:18 < ValdikSS> dougquaid: easy-rsa 3
11:18 < ValdikSS> skyroveRR: it seems i have a problem with my ISP
11:18 < ValdikSS> skyroveRR: can't access community.openvpn.net
11:21 <@plai> ValdikSS: it is down/very slow for me too
11:21 < ValdikSS> plai: hrmm probably not my problems then
11:22 < ValdikSS> So I did a firewall to mitigate Windows 10 dns leaks
11:22 < ValdikSS> Anyone want to test it?
11:30 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:41 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
11:43 -!- DrCode [~DrCode@5.28.134.3] has quit [Read error: Connection reset by peer]
11:45 -!- speeddragon [~speeddrag@89.180.212.34] has quit [Remote host closed the connection]
11:47 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
11:49 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
11:50 < dougquaid> ValdikSS: Has easy-rsa 3 been officially released? Last time I checked, which was some months ago, it will still being developed
11:50 < ValdikSS> dougquaid: yes, not so long ago https://github.com/OpenVPN/easy-rsa/releases/tag/3.0.0
11:50 <@vpnHelper> Title: Release v3.0.0 · OpenVPN/easy-rsa · GitHub (at github.com)
11:51 < ValdikSS> dougquaid: if you want to revoke keys with ease, apply patch from the pull request
11:51 < ValdikSS> dougquaid: if you want to use one keyset for openvpn and ipsec, use ths https://github.com/ValdikSS/easy-rsa-ipsec/tree/ipsec-without-nonRepudiation
11:51 <@vpnHelper> Title: ValdikSS/easy-rsa-ipsec at ipsec-without-nonRepudiation · GitHub (at github.com)
11:53 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 264 seconds]
11:54 < ValdikSS> So what's going on with the community.openvpn.net?
11:59 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
12:04 -!- ribasushi [~riba@113.212.96.195] has quit [Ping timeout: 272 seconds]
12:04 -!- speeddragon [~speeddrag@89-180-212-34.net.novis.pt] has joined #openvpn
12:07 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
12:10 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
12:11 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
12:30 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
12:31 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
12:33 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Client Quit]
12:34 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
12:35 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 268 seconds]
12:36 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
12:39 -!- CheckYourSix [~CheckYour@143.sub-70-197-132.myvzw.com] has quit [Read error: Connection reset by peer]
12:43 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 272 seconds]
12:44 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 264 seconds]
12:45 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
12:48 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
12:52 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
13:00 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
13:01 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 265 seconds]
13:03 -!- speeddragon [~speeddrag@89-180-212-34.net.novis.pt] has quit [Remote host closed the connection]
13:09 -!- speeddragon [~speeddrag@89.180.212.34] has joined #openvpn
13:09 -!- CasperVector [~CasperVec@2001:cc0:201e:300:9e4e:36ff:fec1:d8d4] has joined #openvpn
13:10 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
13:12 -!- speeddragon [~speeddrag@89.180.212.34] has quit [Remote host closed the connection]
13:13 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
13:13 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
13:15 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 260 seconds]
13:19 -!- CasperVector [~CasperVec@2001:cc0:201e:300:9e4e:36ff:fec1:d8d4] has left #openvpn []
13:20 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
13:27 < f31n> Thermi: i found the problem i guess, ipsec status / ipsec statusall tells me the tunnel is up, aws tells me the tunnel is up, but service ipsec status tells me the connection is inactive / dead
13:27 <@ecrist> openvpn isn't ipsec
13:27 <@ecrist> dougquaid: yes, I released it.
13:28 <@ecrist> ValdikSS: what's wrong with the site?
13:28 < ValdikSS> esde: Don't know. It's very slow.
13:28 < ValdikSS> oh
13:28 < ValdikSS> ecrist:
13:28 < ValdikSS> ^^
13:34 < ValdikSS> So guys with Windows 10, please test https://community.openvpn.net/openvpn/attachment/ticket/605/testfw-d1.zip
13:36 <@ecrist> ValdikSS: I've got "Top Men" on the server slowness
13:36 <@ecrist> should be resolved soon.
13:37 <@novaflash> yes, we'll just reformat it and install windows xp
13:37 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
13:37 <@novaflash> that's what you guys use on community.openvpn.net, right? ;)
13:37 <@novaflash> but yeah we've got guys looking into it
13:38 <@ecrist> oh, I didn't realize you were in here, too, novaflash 
13:38 <@novaflash> i hide myself well
13:42 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 255 seconds]
13:46 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 264 seconds]
13:47 < ValdikSS> works fasta
13:48 <@novaflash> we blocked everyone except you, ValdikSS
13:48 <@novaflash> j/k
13:49 < ValdikSS> We really need to fix Windows 10 DNS leak to 2.3.9
13:50 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
13:50 < ValdikSS> Currently my core can be only compiled with visual studio but it's possible to port it to gcc
13:50 < ValdikSS> Or maybe it's possible to statically link it with openvpn if it's built on windows?
14:11 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
14:19 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 240 seconds]
14:20 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
14:22 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:31 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 264 seconds]
14:35 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:41 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
14:44 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 246 seconds]
14:50 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-dhmpwtxjpubvprag] has quit [Quit: Connection closed for inactivity]
14:56 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 264 seconds]
15:00 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has joined #openvpn
15:00 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
15:06  * m3n3chm0 nasZ
15:19 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:31 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:42 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
15:44 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
15:46 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 265 seconds]
15:47 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
15:49 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:49 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
16:02 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 250 seconds]
16:04 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
16:08 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 264 seconds]
16:11 -!- hennos [~midas8@167.160.44.211] has quit [Quit: Leaving]
16:16 -!- corrideat [~riv@unaffiliated/corrideat] has joined #openvpn
16:17 < corrideat> Hello. I'm trying to get a FreeBSD client to connect to a functioning server. Everything looks fine, except that I get no IP and it seems to hang at "Initialization Sequence Completed"."
16:18 < corrideat> Note: the OpenVPN "ping"/keep-alive does work
16:24 < corrideat> Client config: http://pastebin.com/aKCMezHs, client log: http://pastebin.com/aNetNLyU, server log: http://pastebin.com/X4nN5PMx (everything looks right here)
16:26 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 252 seconds]
16:29 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
16:32 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:39 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 264 seconds]
16:44 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
16:50 -!- esaym153 [~esaym153@75-1-182-8.lightspeed.snantx.sbcglobal.net] has joined #openvpn
16:54 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:56 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
16:56 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 240 seconds]
16:58 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:02 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
17:05 -!- MogDog [~MogDog@unaffiliated/mogdog66] has quit [Changing host]
17:05 -!- MogDog [~MogDog@2604:a880:800:10::59:3001] has joined #openvpn
17:11 -!- MogDog [~MogDog@2604:a880:800:10::59:3001] has quit [Quit: Server shutdown]
17:12 -!- MogDog [~MogDog@2604:a880:800:10::59:3001] has joined #openvpn
17:13 -!- MogDog [~MogDog@2604:a880:800:10::59:3001] has quit [Client Quit]
17:14 -!- MogDog [~MogDog@mog.dog] has joined #openvpn
17:16 -!- MogDog [~MogDog@mog.dog] has quit [Client Quit]
17:16 -!- MogDog [~MogDog@mog.dog] has joined #openvpn
17:19 -!- MogDog [~MogDog@mog.dog] has quit [Client Quit]
17:19 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
17:23 -!- MogDog [~mogdog@mog.dog] has quit [Client Quit]
17:23 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
17:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
17:45 -!- ValdikSS [~valdikss@176.59.0.147] has joined #openvpn
17:46 -!- ValdikSS [~valdikss@176.59.0.147] has quit [Read error: Connection reset by peer]
18:02 -!- dougquaid [~dougquaid@unaffiliated/dougquaid] has quit [Ping timeout: 264 seconds]
18:03 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 240 seconds]
18:05 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
18:08 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
18:11 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
18:14 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Client Quit]
18:16 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
18:20 -!- funnel [~funnel@unaffiliated/espiral] has quit [Quit: leaving]
18:21 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
18:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:49 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:55 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
19:14 -!- merq [~root@71.81.224.119] has joined #openvpn
19:14 < merq> anyone on?
19:19 <@Eugene> !anyone
19:19 <@Eugene> !ask
19:19 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
19:23 < merq> anyone have knowledge of flashing routers?
19:30 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:34 -!- merq [~root@71.81.224.119] has left #openvpn []
19:37 -!- Saul775 [~Saul@12.6.176.106] has joined #openvpn
19:50 -!- dmilith is now known as dmilith2
20:42 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
20:46 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
20:59 -!- corrideat [~riv@unaffiliated/corrideat] has quit [Ping timeout: 246 seconds]
21:11 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Remote host closed the connection]
21:24 -!- pqatsi [~leonardo@unaffiliated/leleobhz] has joined #openvpn
21:24 < pqatsi> In a UDP vpn configuration, is possible to the client change their external address and still have their packets accepted by server? Is HMAC (tls-auth) enough for this?
21:28 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-vohvkerdxxgatvzz] has joined #openvpn
22:22 -!- pqatsi [~leonardo@unaffiliated/leleobhz] has quit [Ping timeout: 264 seconds]
22:37 -!- pqatsi [~leonardo@unaffiliated/leleobhz] has joined #openvpn
22:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:52 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
22:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:58 -!- AlmogBaku [~almogbaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 268 seconds]
22:58 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:03 -!- mode/#openvpn [+o mattock1] by ChanServ
23:28 -!- ShadniX [dagger@p57941958.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:29 -!- ShadniX [dagger@p57941EDB.dip0.t-ipconnect.de] has joined #openvpn
23:37 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 255 seconds]
23:39 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
23:44 -!- toli [~toli@ip-81-11-248-139.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
23:46 -!- toli [~toli@ip-81-11-248-73.dsl.scarlet.be] has joined #openvpn
--- Day changed Thu Oct 01 2015
00:29 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:58 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:08 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:39 -!- f0cker [~f0cker@unaffiliated/f0cker] has joined #openvpn
01:49 -!- f0cker [~f0cker@unaffiliated/f0cker] has quit [Ping timeout: 250 seconds]
01:56 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
01:57 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
02:33 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
02:50 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
02:50 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:35 -!- d0p [~d0p@unaffiliated/g0ts1ck] has joined #openvpn
03:35 < d0p> guys if i con to a vpn, cna still localy connect to certain PC or device ?
03:45 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
03:45 < d0p> ?
03:46 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:48 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Remote host closed the connection]
03:48 < Saturn812> that probably depends on your setup. I don't think it is possible to do selective connect to something (unless you manually specify routes maybe?)
03:48 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
04:05 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
04:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:28 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:40 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 256 seconds]
04:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
05:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:24 -!- pqatsi [~leonardo@unaffiliated/leleobhz] has quit [Remote host closed the connection]
05:50 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
06:02 -!- Denial [~Denial@81.141.16.229] has quit []
06:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:59 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:04 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Client Quit]
07:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:16 -!- AlmogBaku [~almogbaku@dsl212-235-124-20.bb.netvision.net.il] has quit []
07:18 -!- AlmogBaku [~textual@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:19 -!- d0p [~d0p@unaffiliated/g0ts1ck] has quit [Quit: WeeChat 1.3]
07:20 -!- dmilith2 is now known as dmilith
07:36 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
07:38 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
07:39 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:48 -!- Denial [~Denial@81.141.16.229] has joined #openvpn
07:48 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:55 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
07:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:00 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
08:11 < ValdikSS> Hi guys
08:11 < ValdikSS> https://github.com/ValdikSS/openvpn-fix-dns-leak-plugin
08:11 <@vpnHelper> Title: ValdikSS/openvpn-fix-dns-leak-plugin · GitHub (at github.com)
08:11 -!- hennos [~midas8@167.160.44.211] has joined #openvpn
08:15 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:18 -!- hennos [~midas8@167.160.44.211] has quit [Quit: Leaving]
08:22 -!- CountessBathory [~Countess@80.82.64.98] has joined #openvpn
08:24 -!- hennos [~midas8@167.160.44.227] has joined #openvpn
08:25 -!- gangaec [b752031b@gateway/web/freenode/ip.183.82.3.27] has joined #openvpn
08:25 -!- Eagleman [~Eagleman@546BC806.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
08:42 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:44 <+s7r> ValdikSS: nice work.
08:44 <+s7r> it's really needed. on windows i just enter 10.8.0.1 (my openvpn dns resolver) to the WLAN interface, so I don't get DNS leaks
08:48 -!- zamp [~dzampi@216.56.88.4] has joined #openvpn
08:50 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 255 seconds]
08:51 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
08:51 < ValdikSS> s7r: you do if you use Windows 8.1 or 10. You just don't see it because there is no 10.8.0.1 resolver on your local network
08:51 < ValdikSS> s7r: download wireshark and see that Windows sends queries to 10.8.0.1 over your internet interface (not vpn interface)
08:52 <+s7r> yeah but since it's no reply it doesn't leak anything
08:52 -!- AlmogBaku [~textual@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:52 <+s7r> except that it's trying to connect to 10.8.0.1 on my 192.168.1.0/24 network
08:53 < ValdikSS> s7r: it does leak. Your ISP can see that queries.
08:53 < ValdikSS> s7r: if you're connected to a hackers wifi ap, hacker can easily reply to that queries
08:54 <+s7r> yeah but i have a private nat before the ISP
08:54 < ValdikSS> s7r: it is still routable
08:54 < ValdikSS> s7r: private subnets are routable and your ISP can see that queries
08:55 < Saturn812> ValdikSS, hey. You are from habra
08:55 < Saturn812> right? :)
08:55 < ValdikSS> Saturn812: yep
08:55 < Saturn812> good to see you. Thanks for the good work
08:55 < ValdikSS> Saturn812: thanks for reading :)
08:57 <+s7r> ValdikSS: good point!
08:57 <+s7r> thanks for the dll.s - good to have with openvpn
09:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
09:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
09:56 -!- tm_ebis [~tm_ebis@dslb-094-216-225-128.094.216.pools.vodafone-ip.de] has joined #openvpn
10:00 -!- esaym153 [~esaym153@75-1-182-8.lightspeed.snantx.sbcglobal.net] has left #openvpn []
10:06 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
10:12 < Saul775> Blah!  I'm trying to setup OpenVPN, but my /dev/net/tun is missing.  As such, I add it manually, but after EVERY reboot it disappears again.  Is it possible to make it persistent?
10:14 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 255 seconds]
10:14 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
10:20 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Remote host closed the connection]
10:20 -!- shio [shio@126.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
10:25 -!- fling [~fling@fsf/member/fling] has quit [Quit: ZNC - http://znc.in]
10:26 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:28 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has joined #openvpn
10:28 -!- Malsasa [~Malsasa@124.195.117.82] has joined #openvpn
10:29 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has quit [Client Quit]
10:29 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has joined #openvpn
10:37 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
11:04 -!- Malsasa [~Malsasa@124.195.117.82] has quit [Ping timeout: 240 seconds]
11:04 -!- Malsasa [~Malsasa@124.195.117.82] has joined #openvpn
11:04 -!- bobi1024 [~bobi@94.155.42.130] has joined #openvpn
11:04 < bobi1024> hi
11:04 < bobi1024> i have problem with openvpn under debian
11:05 < bobi1024> I'm starting openvpn client with the following command
11:05 < bobi1024> systemctrl start openvpn@office
11:05 < bobi1024> and it is not asking me for the private key password
11:06 < bobi1024> when i run it again with systemctrl start openvpn@office
11:06 < bobi1024> then it asks me for password
11:06 < bobi1024> can you help me in some way
11:10 -!- melt [~melt@caddy.getpimp.org] has joined #openvpn
11:36 -!- havoc [~havoc@neptune.chaillet.net] has joined #openvpn
11:43 -!- GNU\colossus [colo@truschnigg.info] has quit [Remote host closed the connection]
11:48 -!- GNU\colossus [colo@truschnigg.info] has joined #openvpn
11:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:18 -!- crane [~crane@chat.craneworks.de] has quit [Read error: Connection reset by peer]
12:23 < ValdikSS> Saul775: you should probably add "install tun" to /etc/modprobe.d/tun.conf
12:24 < Saul775> Thank you, ValdikSS.
12:24 < ValdikSS> bobi1024: try to start openvpn and restart something.
12:24 < ValdikSS> bobi1024: It should kick systemctl to ask password
12:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:30 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:38 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 240 seconds]
12:42 < bobi1024> ValdikSS: yeah it kicks in the second time
12:43 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
12:50 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-vohvkerdxxgatvzz] has quit [Quit: Connection closed for inactivity]
12:51 -!- cambazz [~can@94.55.129.151] has joined #openvpn
12:51 < cambazz> hello, i installed openvpn as, and now want to block 80,443, and 943 ports, and even though i used ufw to block those ports it will not block
12:52 < cambazz> is there an override somewhere?
12:56 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Read error: Connection reset by peer]
12:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:59 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
12:59 < cambazz> specificially is there anyway that i can stop the daemon running on 443 or 943
13:00 -!- Malsasa [~Malsasa@124.195.117.82] has quit [Ping timeout: 260 seconds]
13:00 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
13:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
13:13 -!- cambazz [~can@94.55.129.151] has quit [Ping timeout: 260 seconds]
13:16 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:18  * m3n3chm0 nasZ
13:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:30 -!- bobi1024 [~bobi@94.155.42.130] has quit [Quit: Lost terminal]
13:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:39 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
13:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:43 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
13:46 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
13:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
14:02 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:26 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
14:38 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
14:45 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:46 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:49 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
14:49 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Read error: Connection reset by peer]
14:52 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
14:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:57 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
14:58 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has quit [Client Quit]
15:02 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
15:21 < melt> can someone instruct me how to configure OpenVPN for android to use the keys i have copied to the sd card? i have tried creating quite a few .ovpn files but it is not working
15:21 < melt> my server is set up using the following guide https://thealarmclocksixam.wordpress.com/2014/09/21/how-to-setup-a-vpn-server-in-a-freenas-jail/
15:21 <@vpnHelper> Title: How to setup a VPN server in a FreeNAS jail | thealarmclocksixam (at thealarmclocksixam.wordpress.com)
15:29 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
15:34 -!- hennos [~midas8@167.160.44.227] has quit [Quit: Leaving]
15:37 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:39 -!- hennos [~midas8@167.160.44.236] has joined #openvpn
15:44 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:47 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:50 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 272 seconds]
15:53 -!- Idgarad [~Idgarad@68-191-148-204.dhcp.dlth.mn.charter.com] has joined #openvpn
15:53 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
15:56 < melt> 228 vpnfags here and not enough a snarky answer
16:05 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:18 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:26 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:38 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 264 seconds]
16:44 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
16:44 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 244 seconds]
16:59 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
17:11 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
17:12 -!- melt was kicked from #openvpn by Eugene [Bye]
17:20 -!- rbxs [~rbxs@92.63.171.51] has quit [Ping timeout: 264 seconds]
17:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:48 -!- showaz [~showaz@unaffiliated/showaz] has quit []
18:01 -!- melt [~melt@caddy.getpimp.org] has joined #openvpn
18:11 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:15 < Saul775> Hello.  I'm using OpenVPN to access my home network, for I get Internet beamed to me because we don't have a physical drop to my house.  Because of the beaming of the Internet, I'm NATed.  Therefore, I setup OpenVPN on a VPS and dd-wrt.  They're talking, but how can I have my router forward 3389 to a specific client (my Windows machine), so I can access it?
18:16 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 250 seconds]
18:16 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
18:17 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has joined #openvpn
18:24 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
18:25 -!- Mavrikant [~Mavrikant@wikimedia/Mavrikant] has joined #openvpn
18:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:05 -!- Saul775 [~Saul@12.6.176.106] has quit [Ping timeout: 264 seconds]
19:08 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:16 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
19:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
20:02 -!- hennos [~midas8@167.160.44.236] has quit [Quit: Leaving]
20:11 -!- jacekowski [jacekowski@jacekowski.org] has left #openvpn []
20:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
20:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
20:55 -!- fling [~fling@fsf/member/fling] has joined #openvpn
21:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
21:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:49 -!- Malsasa [~Malsasa@114.4.78.208] has joined #openvpn
22:08 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ttpccavlagwgolen] has joined #openvpn
22:09 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:43 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:02 -!- slipper [~slipper@185.86.107.131] has quit [Ping timeout: 246 seconds]
23:13 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
23:28 -!- ShadniX [dagger@p57941EDB.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:28 -!- ShadniX_ [dagger@p5DDFFEB7.dip0.t-ipconnect.de] has joined #openvpn
23:28 -!- ShadniX_ is now known as ShadniX
23:32 -!- fling [~fling@fsf/member/fling] has quit [Quit: ZNC - http://znc.in]
23:35 -!- fling [~fling@fsf/member/fling] has joined #openvpn
23:41 -!- Malsasa [~Malsasa@114.4.78.208] has quit [Ping timeout: 250 seconds]
23:45 -!- Malsasa [~Malsasa@114.4.78.208] has joined #openvpn
--- Day changed Fri Oct 02 2015
00:17 -!- Malsasa [~Malsasa@114.4.78.208] has quit [Ping timeout: 268 seconds]
00:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:27 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:27 -!- mode/#openvpn [+o mattock1] by ChanServ
00:52 -!- Malsasa [~Malsasa@124.195.115.38] has joined #openvpn
00:59 -!- CountessBathory [~Countess@80.82.64.98] has quit [Quit: Huh ?]
01:02 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:06 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
01:10 -!- Malsasa [~Malsasa@124.195.115.38] has quit [Ping timeout: 260 seconds]
01:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:01 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 246 seconds]
02:01 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
02:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
02:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:08 -!- deed02392 [~deed02392@unaffiliated/deed02392] has quit [Ping timeout: 256 seconds]
02:12 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
02:22 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
02:48 -!- deed02392 [~deed02392@unaffiliated/deed02392] has quit [Ping timeout: 256 seconds]
02:51 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
02:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 255 seconds]
03:01 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
03:15 -!- gangaec [b752031b@gateway/web/freenode/ip.183.82.3.27] has quit [Ping timeout: 246 seconds]
03:16 <@plai> melt: Importing keys from sdcard should be straighforward
03:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:22 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
03:30 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
03:46 -!- gvs77 [~nocturn@unaffiliated/nocturn] has joined #openvpn
03:46 < gvs77> Hi all
03:47 < gvs77> I'm trying to connect to OpenVPN from a network I never connected from before.  It can get through to the server fine but TLS handshake fails.
03:47 < gvs77> When I switch to 3G, it works, does this mean they are blocking some other way than IP?
03:50 <@plai> maybe
03:50 <@plai> what means "get through to the server"mean?
03:50 <@plai> ping?
03:59 < gvs77> @plai, I see the connection comming in in the logs
04:01 <@plai> I mean yes blocking OpenVPN with traffic detection is defenitively possible
04:01 <@plai> the chinse big firewall is known to do that for example
04:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
04:09 < gvs77> @plai, are there any workarrounds for that?
04:09 < gvs77> I already tried TCP mode, no change
04:15 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 265 seconds]
04:18 -!- JackWinter_ [~jack@vodsl-8284.vo.lu] has joined #openvpn
04:20 -!- cyberspace- [20253@ninthfloor.org] has quit [Disconnected by services]
04:20 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
04:20 -!- Tenhi [~tenhi@static.100.25.4.46.clients.your-server.de] has quit [Ping timeout: 250 seconds]
04:20 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 250 seconds]
04:20 -!- gvs77 [~nocturn@unaffiliated/nocturn] has quit [Ping timeout: 250 seconds]
04:20 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Ping timeout: 250 seconds]
04:20 -!- peder [~peder@rubin.ifi.uio.no] has quit [Ping timeout: 250 seconds]
04:20 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Ping timeout: 250 seconds]
04:20 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 250 seconds]
04:20 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 250 seconds]
04:20 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 250 seconds]
04:20 -!- boinkie [~boink@219-249-47-212.rev.cloud.scaleway.com] has quit [Ping timeout: 250 seconds]
04:20 -!- Kobaz [~kobaz@its.kobaz.net] has quit [Ping timeout: 250 seconds]
04:20 -!- Tenhi_ is now known as Tenhi
04:22 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
04:22 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
04:23 -!- peder [~peder@rubin.ifi.uio.no] has joined #openvpn
04:23 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
04:24 -!- mode/#openvpn [+v RBecker] by ChanServ
04:24 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
04:24 < iNs> anyone using latest openvpn 2.3.8 with 1.0.1k-fips openssl? im having troubles connecting to server on my fedora workstation, it just timeouts at tls handshake, connecting with debian using 2.2.1 + 1.0.1e works fine
04:25 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
04:27 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
04:28 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
04:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
04:33 -!- Tenhi_ [~tenhi@static.100.25.4.46.clients.your-server.de] has joined #openvpn
04:44 -!- tm_ebis [~tm_ebis@dslb-094-216-225-128.094.216.pools.vodafone-ip.de] has quit [Remote host closed the connection]
04:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
04:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:55 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:01 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
05:03 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
05:07 -!- tm_ebis [~tm_ebis@dslb-094-216-225-128.094.216.pools.vodafone-ip.de] has joined #openvpn
05:12 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 240 seconds]
05:18 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
05:29 -!- Malsasa [~Malsasa@120.169.255.187] has joined #openvpn
05:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:44 -!- JackWinter_ [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
05:46 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
05:57 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
06:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
06:01 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
06:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:03 -!- ghormoon [~ghormoon@ghorland.net] has quit [Read error: Connection reset by peer]
06:04 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
06:13 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
06:21 -!- Malsasa [~Malsasa@120.169.255.187] has quit [Killed (adams.freenode.net (Nickname regained by services))]
06:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:49 -!- toli [~toli@ip-81-11-248-73.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
06:50 -!- toli [~toli@ip-62-235-238-183.dsl.scarlet.be] has joined #openvpn
06:52 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:52 -!- speeddragon [~speeddrag@89.180.212.34] has joined #openvpn
06:52 -!- speeddragon [~speeddrag@89.180.212.34] has quit [Remote host closed the connection]
06:53 -!- speeddragon [~speeddrag@89.180.212.34] has joined #openvpn
07:18 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 256 seconds]
07:18 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 244 seconds]
07:23 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
07:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:42 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
07:48 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
07:48 -!- dionysus70 is now known as dionysus69
07:52 < iNs> i cant get openvpn working on fedora22, updated my openssl and openvpn from rawhide to the nwest but the connection timeouts after initial TLS packet, ive checked like everything, turning of se and firewall and still nothing, any halp ;)?
07:56 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:57 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
07:57 -!- dionysus70 is now known as dionysus69
08:02 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 250 seconds]
08:08 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:13 <+s7r> ValdikSS: your dll needs to be in the same directory with the .ovpn file?
08:13 <+s7r> (the plugin for fixing dns leaks)
08:15 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 260 seconds]
08:22 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:28 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
08:31 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
08:35 -!- hennos [~midas8@167.160.44.236] has joined #openvpn
08:36 < dionysus69> I ping an ip of a server and its normal around 20-30 and I ping it with LAN ip while vpn is on and its 500 ms average
08:37 < dionysus69> why ??? its creating a big problem for me please help
08:37 < dionysus69> i dont understand
09:00 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
09:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:06 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
09:11 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
09:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:12 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
09:17 < ValdikSS> s7r: not really, it's not bound to the ovpn file. If you put it somewhere not near ovpn, make sure to put full path to "plugin" then.
09:18 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
09:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
09:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:38 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:42 -!- speeddragon [~speeddrag@89.180.212.34] has quit [Remote host closed the connection]
09:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:51 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
09:51 -!- shio [marmot@126.121.101.84.rev.sfr.net] has joined #openvpn
09:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
09:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
10:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:00 -!- mode/#openvpn [+o mattock1] by ChanServ
10:10 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:14 -!- speeddragon [~speeddrag@89-180-212-34.net.novis.pt] has joined #openvpn
10:22 -!- trumee [~trumee@c-73-155-84-209.hsd1.tx.comcast.net] has quit [Ping timeout: 264 seconds]
10:24 -!- hennos [~midas8@167.160.44.236] has quit [Ping timeout: 240 seconds]
10:39 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has joined #openvpn
10:49 -!- Sidewinder [~de@unaffiliated/sidewinder] has joined #openvpn
10:52 -!- Sidewinder [~de@unaffiliated/sidewinder] has quit [Client Quit]
10:57 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:14 -!- thomas_d [~thomas_d@unaffiliated/thomas-d/x-6984210] has quit [Remote host closed the connection]
11:48 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
11:54 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:58 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:20 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:24 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has quit [Ping timeout: 256 seconds]
12:27 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has quit [Quit: Leaving]
12:30 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
12:50 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 260 seconds]
12:52 -!- hennos [~midas8@167.160.44.228] has joined #openvpn
12:54 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:08 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:28 -!- KronoZ is now known as KronoZ[away]
13:29 -!- KronoZ[away] is now known as KronoZ
13:31 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
13:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
13:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:39 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
13:39 < CPngN> hello all
13:40 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
13:41 -!- AlmogBaku [~textual@bzq-79-178-126-90.red.bezeqint.net] has quit [Client Quit]
13:41 < CPngN> I have a CentOS 5.5 server with openvpn 2.1.1.  We scan openvpn-status-tcp.log for a status of which devices have tunnels open to the server.  But if I do a "ifconfig tun0 down" on a device, openvpn doesn' seem to realize the connection was dropped and the log files never changes. any idea how to tighten this up?
13:41 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
13:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:48 < Poster> I very well may be off on this, but OpenVPN just delivers the traffic to the tun/tap adapter.  Aside from starting and making sure the adapter is up to accept the traffic, I don't think there is any other mechanism in place to do so.
13:52 < Poster> If you look at something like dhcpd with a scope tied to eth0, if eth0 is turned off, the dhcp daemon isn't entirely aware of it
13:52 < Poster> nor does it try to correct it
13:56 < Poster> I would question who/why someone would be turning off a network adapter on a production OpenVPN server system, but if it is a real issue in your environment, you'd probably be left to home grow scripts to try and cope with the condition
14:00 < CPngN> no, not turning it off on the server
14:00 < CPngN> on the device
14:00 < CPngN> I want to close the tunnel immediately when done with it
14:00 < CPngN> via ruby script connected with ssh over said tunnel
14:04 < CPngN> I'm on the server in a ruby script. The remote device tunnels in, I connect to it in the ruby script with the SSH library, do some stuff or xfer some files, then want to close the tunnel.  I don't see a way from the server side to say "close this tunnel to this IP" so figured I'd just send one last command over ssh: "ifconfig tun0 down". WHich works instantly. But OpenVPN on the server doesn't seem to realize that it's gone.
14:04 < CPngN> even though it works fine after a few seconds if I drop it any other way (such as the device was rebooted)
14:07 < Poster> if you're executing commands as root on the far end, why don't you consider a service stop or kill of the openvpn process?
14:07 < CPngN> hmm, I may have jus tpicked a bad device that's stuck (it is in "failure mode" after all!). Trying another to see if it's really in limbo
14:08 < CPngN> I don't want to kill the service. it needs to operate normally after hanging up on me
14:08 < CPngN> otherwise it may really be stuck, unable to open another tunnel
14:09 < Poster> ok I am not sure I understand what operate normally means, you're trying to remotely turn off the connection but not the service?
14:09 < CPngN> yep
14:10 < Poster> what is it you want the service to be doing when you turn off the connection?
14:10 < CPngN> the remote device checks in every X minutes to grab "tasks" and those tasks can tell it to open a new tunnel on the server
14:10 < CPngN> run as usual, waiting for the above scenario
14:10 < Poster> ok and what does "tell it to open a new tunnel" entail?
14:11 < CPngN> not exactly sure how it opens tunnels from the devie, aside via openvpn
14:11 < Poster> so when it comes to OpenVPN as a service, it's generally launch an OpenVPN instance per configuration present
14:12 < Poster> if you stop the service, the connection stop, if you start the service, the connections start
14:12 -!- speeddragon [~speeddrag@89-180-212-34.net.novis.pt] has quit [Remote host closed the connection]
14:13 < CPngN> found the ruby script which opens the tunnel, looking for it now
14:14 < Poster> the sysv script is more or less, for each .conf found, launch openvpn with that configuration and run as a daemon
14:14 < Poster> usually in /etc/openvpn, but could be other places too
14:14 < CPngN> hmm, can't tell. it runs a binary "opt/emu/bin/emutunnel". damnit
14:17 < Poster> unless it's been compiled, it most likely is just wrapping around a call to the openvpn binary
14:24 < CPngN> it has, but that still may be all it does more or less
14:26 < CPngN> mostly I'd just like to figure out why openvpn on the server seems to notice when a tunnel drops for any other reason (withihing a minute or two, at least), but when I kill it this way, it never figures it out (still thinks i'ts connected 10 minutes later)
14:27 < Poster> the connection is tcp or udp, if that stays up the daemon is none the wiser
14:28 < Poster> there are some keepalives, but I am not sure that they run within the tunnel to where a check of the traffic would make it break it
14:29 < Poster> in all reality turning off tun0 on the remote side looks identical to the server as there simply being no traffic
14:30 < CPngN> ah ha. If we send it a close-tunnel "task" it runs "emutunnel -d" ... so.. I'll just do that! :)  durrrr
14:31 < CPngN> Poster:  hmm ok interesting, thanks. at least that confirms what I see
14:42 < CPngN> thanks Poster
14:47 < Poster> np; gl!
14:50 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
15:02 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
15:11 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:11 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has quit [Quit: The system is going down for reboot NOW!]
15:12 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
15:18 -!- KronoZ is now known as KronoZ[away]
15:21 -!- KronoZ[away] is now known as KronoZ
15:22 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
15:34 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
15:43 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:43 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:45 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:58 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
16:08 -!- ke4nhw [ke4nhw@unaffiliated/xanthaos] has joined #openvpn
16:08 < ke4nhw> I believe I am close with my configurations, how do I start openvpn server as a service so I can start client testing?
16:08 < ke4nhw> Fedora and CentOS
16:10 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
16:10 -!- KronoZ is now known as KronoZ[away]
16:11 -!- KronoZ[away] is now known as KronoZ
16:11 < DArqueBishop> ke4nhw, if your CentOS/Fedora uses systemd, then you'll want "systemctl start openvpn.service".
16:11 < ke4nhw> I tried that, no dice
16:12 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
16:12 < ke4nhw> Failed to issue method call: Unit openvpn.service failed to load: No such file or directory. See system logs and 'systemctl status openvpn.service' for details.
16:12 < ke4nhw> Just so you know:
16:13 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Client Quit]
16:13 < ke4nhw> I'm very new to openvpn and am trying to implement a secure yet relative simple solution for a VPN tunnel to server Samba to users. Being new to this, I'm sure there's something small and simple I'm overlooking
16:13 < ke4nhw> Or am just plain clueless about
16:14 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
16:14 < DArqueBishop> OpenVPN is good for such a scenario.
16:15 < ke4nhw> I've been told this, it just takes some work go get it rolling
16:15 < ke4nhw> to get it rolling*
16:17 < ke4nhw> So when I installed openvpn, could it have failed to grab the daemon or is there a configuration file for the daemon missing? I've got the config file server.conf written in /etc/openvpn, where all of the certificates and dh files are located as well
16:18 < DArqueBishop> What happens if you run "systemctl -f enable openvpn@server.service"?
16:18  * DArqueBishop is grasping at straws, as he doesn't have time to do any full indepth troubleshooting.
16:19 < ke4nhw> Using a 3072 dh, and the pam authentication plugin in the config file. I want the users to password authenticate on their end if possible rather than certificates. It'll make the work less on this end, and the low security nature of the files is really below the point of two factor auth. Once I start going up with file sensitivity, then I'll issue certificates in addition to the password auth.
16:19 < ke4nhw> Hold on\
16:20 < ke4nhw> same thing, no such file or directory
16:20 < ke4nhw> Will you be around tomorrow and have some more time for troubleshooting?
16:20 < ke4nhw> I've also got to work so we can do it then if you'll have a moment
16:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:23 < ke4nhw> rpm -ql shows openvpn binaries and even openvpn@.service  in systemd
16:23 < ke4nhw> Could it be a path issue?
16:24 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
16:25 -!- ruwt [~weechat@unaffiliated/m10t] has joined #openvpn
16:35 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
16:41 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
16:43 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
16:43 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
16:50 -!- zamp [~dzampi@216.56.88.4] has quit [Quit: Leaving]
16:51 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
16:53 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:55 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:59 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
17:10 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
17:12 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Client Quit]
17:15 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
17:16 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Client Quit]
17:21 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:26 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
17:32 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has joined #openvpn
17:34 -!- Idgarad [~Idgarad@68-191-148-204.dhcp.dlth.mn.charter.com] has quit [Read error: Connection reset by peer]
17:35 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
17:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:38 -!- AlmogBaku [~AlmogBaku@bzq-79-178-126-90.red.bezeqint.net] has quit [Ping timeout: 260 seconds]
17:38 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:39 -!- KronoZ is now known as KronoZ[away]
17:41 -!- KronoZ[away] is now known as KronoZ
17:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:59 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
17:59 -!- KronoZ [~KronoZ@proxy.kronoz.guru] has quit [Quit: Coyote finally caught me]
17:59 -!- hennos [~midas8@167.160.44.228] has quit [Quit: Leaving]
18:20 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
18:34 -!- AlmogBaku [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
18:36 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
18:38 < bluenemo> hi guys. I can use use push "dhcp-option DNS 10.11.12.5" to push the primary DNS to the client, if I use it twice it will push the second - can I append to the list without overwriting existing configured DNS Servers and / or can I explicitly set the second one?
18:50 -!- satdav [uid15780@firefox/community/satdav] has joined #openvpn
19:04 < bluenemo> when I have multiple Servers that the clients connect to at ranodm, whats the preferred way of setting up client-to-client? As in the Servers have to talk to each other. Setup a second VPN on all servers for only the servers/
19:04 < bluenemo> ?
19:04 < bluenemo> I'm trying to scale client-to-client
19:13 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:14 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has left #openvpn ["The system is going down for reboot NOW!"]
19:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:30 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 272 seconds]
19:53 -!- AlmogBaku [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Ping timeout: 265 seconds]
20:08 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:13 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
20:15 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
20:15 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
20:28 -!- hennos [~midas8@167.160.44.220] has quit [Quit: Leaving]
20:42 -!- seQui [~a@31.204.150.108] has joined #openvpn
20:56 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
20:56  * eelstrebor set up openvpn on my router to use tap but the openvpn apps for android can't do tap
20:57 < eelstrebor> there's always something........
21:06 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:09 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 250 seconds]
21:09 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
21:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
21:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
21:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
21:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:37 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 252 seconds]
21:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:51 -!- cheesenbiscuits [~cheesenbi@175.145.246.114] has joined #openvpn
22:05 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:31 -!- madmattco [~quassel@znc.madboxes.cc] has quit [Ping timeout: 240 seconds]
22:34 -!- madmattco [~quassel@znc.madboxes.cc] has joined #openvpn
22:47 -!- nrtga [~rodney@CPE-124-182-234-248.lns4.way.bigpond.net.au] has joined #openvpn
22:54 -!- pipework is now known as sourcerer
22:55 -!- sourcerer is now known as pipework
23:11 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
23:15 -!- nrtga [~rodney@CPE-124-182-234-248.lns4.way.bigpond.net.au] has quit [Quit: Leaving]
23:25 -!- ShadniX [dagger@p5DDFFEB7.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:26 -!- ShadniX_ [dagger@p5794116F.dip0.t-ipconnect.de] has joined #openvpn
23:26 -!- ShadniX_ is now known as ShadniX
23:48 -!- seQui [~a@31.204.150.108] has quit [Quit: seQui]
23:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Sat Oct 03 2015
00:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:35 -!- Malsasa [~Malsasa@120.169.255.187] has joined #openvpn
01:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:38 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
01:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:47 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
01:50 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
01:54 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:56 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
02:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
02:31 -!- satdav [uid15780@firefox/community/satdav] has quit [Quit: Connection closed for inactivity]
02:34 -!- Malsasa [~Malsasa@120.169.255.187] has quit [Read error: Connection reset by peer]
02:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
02:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:59 -!- mode/#openvpn [+o mattock1] by ChanServ
03:09 -!- MayurYa [~textual@unaffiliated/mayurya] has joined #openvpn
03:19 -!- MayurYa [~textual@unaffiliated/mayurya] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:19 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
03:36 -!- Malsasa [~Malsasa@120.169.255.187] has joined #openvpn
03:36 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
03:37 < dionysus69> default gateway doesnt get redirected for clients in server bridge mode
03:37 < dionysus69> why?
03:49 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
03:57 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
04:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:25 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:34 < cheesenbiscuits> dionysus69 - No routes?
04:37 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:38 -!- cheesenbiscuits [~cheesenbi@175.145.246.114] has quit [Read error: Connection reset by peer]
04:43 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
04:43 < dionysus69> how do I setup tun adapter?
04:43 < dionysus69> my server doesnt start in tun mode :\
04:46 -!- cyberspace- [20253@ninthfloor.org] has quit [Quit: leaving]
04:47 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
04:50 -!- cyberspace- [20253@ninthfloor.org] has quit [Disconnected by services]
04:50 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
04:50 -!- cyberspace- [20253@ninthfloor.org] has quit [Client Quit]
04:52 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
04:52 -!- 18WAATR7J [20253@ninthfloor.org] has joined #openvpn
05:02 -!- cyberspace- [20253@ninthfloor.org] has quit [Disconnected by services]
05:03 -!- 18WAATR7J is now known as cyberspace-
05:08 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 256 seconds]
05:10 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
05:10 -!- deed02392 [~deed02392@unaffiliated/deed02392] has quit [Ping timeout: 256 seconds]
05:10 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 256 seconds]
05:12 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
05:12 -!- capri [svedrin@elwing.funzt-halt.net] has quit [Ping timeout: 256 seconds]
05:13 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Ping timeout: 256 seconds]
05:14 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
05:16 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
05:16 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
05:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:38 -!- capri [svedrin@elwing.funzt-halt.net] has joined #openvpn
05:39 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
05:39 -!- Malsasa [~Malsasa@120.169.255.187] has quit [Killed (wolfe.freenode.net (Nickname regained by services))]
05:41 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
05:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:54 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
05:54 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
05:59 -!- passt_ [~passt@p54B3D9E9.dip0.t-ipconnect.de] has joined #openvpn
06:00 < passt_> !welcome
06:00 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
06:00 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:03 < passt_> !goal
06:03 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
06:14 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
06:19 -!- deed02392 [~deed02392@unaffiliated/deed02392] has quit [Ping timeout: 256 seconds]
06:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
06:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
06:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:39 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:42 -!- riddle [riddle@us.yunix.net] has joined #openvpn
06:43 -!- Malsasa [~Malsasa@114.4.78.34] has joined #openvpn
06:49 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
06:54 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
06:54 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
06:54 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
07:01 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:01 < bluenemo> hi guys. I can use use push "dhcp-option DNS 10.11.12.5" to push the primary DNS to the client, if I use it twice it will push the second - can I append to the list without overwriting existing configured DNS Servers and / or can I explicitly set the second one?
07:02 < bluenemo> when I have multiple Servers that the clients connect to at ranodm, whats the preferred way of setting up client-to-client? As in the Servers have to talk to each other. Setup a second VPN on all servers for only server to server communication? As in if I have three servers, wouldnt a p2p vpn between each server do the trick for example?
07:02 < bluenemo> Basically I'm trying to scale client to client. Currently I have one server with multiple VPN Processes, 'client-to-client' disabled in config and ip.forward set to 1, then using iptables to define which client can create a NEW connection to which client..
07:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
07:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:08 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
07:15 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
07:16 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:28 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
07:31 -!- Malsasa [~Malsasa@114.4.78.34] has quit [Read error: Connection reset by peer]
07:32 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
07:33 -!- hennos [~midas8@167.160.44.220] has quit [Remote host closed the connection]
07:34 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
07:36 -!- BtbN [btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
07:36 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
07:50 < jackbrown> hello
07:50 < jackbrown> anyone here ?  Is there anyone that can help me to fix a VPN Leak into a linux Ubuntu based OS ?
07:54 < skyroveRR> jackbrown: read topic.
07:55 < jackbrown> skyroveRR: ?
07:55 < jackbrown> !welcome
07:55 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
07:55 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
07:57 -!- passt_ [~passt@p54B3D9E9.dip0.t-ipconnect.de] has left #openvpn []
07:57 < jackbrown> skyroveRR: do you need I post my config files ?
08:00 < bluenemo> !welcome
08:00 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:00 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:00 < bluenemo> !goal
08:00 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
08:01 < bluenemo> I want two openvpn Servers running multiple OpenVPN Processes to be able to communicate between each others, so that clients can use that route to access clients on the other server. I'm looking for the best practice way to do that.
08:17 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 240 seconds]
08:18 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 268 seconds]
08:30 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:30 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
08:47 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Read error: No route to host]
08:47 < bluenemo> this might be what I'm looking for: https://openvpn.net/archive/openvpn-users/2008-01/msg00068.html   but if client one of Server A wants to connect to client two of Server B, it will send its traffic to server A, which then routes the packets to server B. wont the openvpn at server A decrypt the traffic and then forward it unencrypted to Server B, which then encrypts again for his client?
08:47 <@vpnHelper> Title: Re: [Openvpn-users] multiple clients and multiple servers (at openvpn.net)
08:47 < bluenemo> the Idea is to have servers in multiple geo locations
08:51 < bluenemo> hm. seems to me the only way is to connect each server as client on the next server.. this would also take care of telling every server which server has which route
08:52 < bluenemo> hm that would mean I'd have to masquerade too I think, doesnt it?
08:53 < bluenemo> hmpf. atm with one server I just forward.. If I keep it that way, keeping the iptables stuff stays simple..
09:00 -!- passt_ [~passt@p54B3D9E9.dip0.t-ipconnect.de] has joined #openvpn
09:07 -!- passt_ [~passt@p54B3D9E9.dip0.t-ipconnect.de] has left #openvpn []
09:15 < bluenemo> the only way that makes sense to me is to have clients of each openvpn server instance on all other physical servers
09:16 < bluenemo> or setup everything with a seperate private network, which wont work with multiple geo locations
09:26 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
09:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:44 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
09:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:45 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Client Quit]
09:47 -!- Malsasa [~Malsasa@36.71.144.75] has joined #openvpn
09:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:00 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 244 seconds]
10:22 -!- ke4nhw [ke4nhw@unaffiliated/xanthaos] has quit [Ping timeout: 264 seconds]
10:24 -!- foofoobar [~foofoobar@146.185.179.88] has joined #openvpn
10:25 < foofoobar> Hi. I just set up an openvpn server on my server. I am connected with my laptop and with my synology server. Looking in the openvpn-status.log I can see both clients conencted and their IP adresses.
10:25 < foofoobar> But I cant ping the synology connected client from my server or from my laptop. What can be a cause for this?
10:31 < foofoobar> ping’ing the laptop from my server works, pinging the synology server not :/
10:33 < bluenemo> did you enable client-to-client in the server.conf?
10:33 < bluenemo> foofoobar,
10:36 < foofoobar> bluenemo: I had not. I did this now, give me a second to try now with this updated con
10:36 < foofoobar> *conf
10:38 < foofoobar> bluenemo: Awesome, this works now!
10:38 < bluenemo> by default openvpn will just let clients connect but not allow client-to-client communication. if you want all clients to talk freely, use client-to-client in the server.conf, otherwise disable this and use iptables with FORWARD rules
10:38 < bluenemo> cool, yw :)
10:38 < foofoobar> bluenemo: Do the clients have static ips?
10:38 < foofoobar> Or are they assigned in the order they connect?
10:38 < bluenemo> not if you dont use ccd
10:38 < foofoobar> What is ccd?
10:38 < bluenemo> type man openvpn   and then    /ccdENTER
10:38 < bluenemo> ;)
10:38 < bluenemo> its client config dir
10:39 < bluenemo> you can push specific routes per client or say ifconfig client-ip or similar
10:39 < bluenemo> basically assign static ips to clients based on there name in their ssl crt
10:39 < foofoobar> I am using cert based auth from a .ovpn I generated
10:40 < foofoobar> So I can set an ip in this file?
10:40 < bluenemo> idk what a .ovpn is, but if just create sth like ccd staticclients   in the server.conf, then mkdir /etc/openvpn/staticclients, and in there create files with the names of the clients
10:40 < bluenemo> then restart the server
10:40 < bluenemo> should work
10:40 < bluenemo> yes, exactly
10:41 < foofoobar> all right, I’m going to try this :)
10:42 < bluenemo> in case anybody read my stuff above - vpn chains seems to be the keyword, ppl use it to connect to the inet over multiple servers: http://serverfault.com/questions/518454/openvpn-chaining I think i'll use that to build my client to client, as in if i have two servers each 4 CPUs, have 4 openvpn servers running on it, which each have one clinet that runs on the second server and vice vers
10:42 <@vpnHelper> Title: vpn - OpenVPN Chaining - Server Fault (at serverfault.com)
10:42 < bluenemo> so if I have 50 servers each 4 cores each 4 instances, i have 196 clients per vpn server.. that souds kinda nuts, but its the best I came up with so far..
10:43 < bluenemo> however for each connection, no matter where, its over the vpn just three hops. client 1 => server A => via client of server B => Server B => destination client of Server B
10:44 < foofoobar> bluenemo: Works! This was easier than I thought :)
10:44 < bluenemo> is there any foothole when running 200 vpn clients on one machine? 99% of them will be idle most of the time.
10:44 < bluenemo> foofoobar, cool :)
10:45 < bluenemo> yeah this part is nifty
10:45 < bluenemo> you should use iptables for client-to-client rules
10:45 < bluenemo> then you can say your laptop may ssh to your NAS, but not vice versa
10:45 < bluenemo> sth like this
10:46 < bluenemo> https://paste.debian.net/hidden/b680a3bb/
10:46 < bluenemo> to get you started. just disable client-to-client again and study my fw example. its hard in development but should give you the picture
10:47 < bluenemo> the firewall is for more than one vpn instance, but its similar when only having one instance
10:47 < bluenemo> foofoobar, thats what I read to get me started on the topic http://backreference.org/2010/05/02/controlling-client-to-client-connections-in-openvpn/
10:47 <@vpnHelper> Title: Controlling client-to-client connections in OpenVPN « \1 (at backreference.org)
10:47 < foofoobar> thanks
10:48 < bluenemo> yw
10:51 < foofoobar> bluenemo: err, not working as it should
10:51 < foofoobar> So after using the ifconfig-push, I can see the client connected in the openvpn-status.log, but the client reports that the connection failed.
10:51 < foofoobar> also I cant access this host anymore
10:52 < foofoobar> When removing the ifconfig-push it works (but not with a static ip)
10:52 < foofoobar> The config file contains this: ifconfig-push 10.8.0.28 225.225.225.0
10:54 < bluenemo> hm. looks ok so far. did you check the routes at both clients?
10:54 < bluenemo> try to start openvpn not via init scripts but via    openvpn --config client.conf   for debugging. that way its simpler to see the output of the client + you know when the process dies ;)
10:55 < bluenemo> service openvpn start just says its started, then you have to tail -f the client log. i dont like that..
10:57 < bluenemo> paste   ip r show   on both clients
10:58 < bluenemo> and preferably ifconfig as well
10:58 < bluenemo> or ip a s
10:58 < bluenemo> or just ip a :)
10:58 -!- foofoobar_ [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
10:58 < foofoobar_> oh wait, this is without the ifconfig-push, give me a second
10:58 < bluenemo> see that for debugging you dont use the ipp.txt thingy, that saves given ips and reassigns them
10:59 < bluenemo> thats not handy in your current case with staticclients
10:59 -!- foofoobar [~foofoobar@146.185.179.88] has quit [Ping timeout: 244 seconds]
10:59 -!- foofoobar_ is now known as foofoobar
10:59 < bluenemo> oh and btw, later google the ccd-enforce or sth feature. then only clients defined in staticclients will be allowed to connect. its not as nifty as crl.pem and iptables, but doesnt hurt
11:01 < foofoobar> bluenemo: So this is the log from running the openvpn binary: http://hastebin.com/qadojekevo.plain
11:01 <@vpnHelper> Title: hastebin (at hastebin.com)
11:01 < foofoobar> (where the client fails to connect correct)
11:03 -!- Malsasa [~Malsasa@36.71.144.75] has quit [Remote host closed the connection]
11:04 < foofoobar> any idea whats wrong here?
11:06 < foofoobar> ah you meant the ifconfig-pool-persists
11:06 < foofoobar> I commented this out now
11:09 < foofoobar> same as before :/
11:14 -!- foofoobar_ [~foofoobar@146.185.179.88] has joined #openvpn
11:15 < bluenemo> do you only want clinet to client or do you want redirect-gateway?
11:16 < foofoobar_> bluenemo: What is redirect gateway?
11:16 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has quit [Ping timeout: 264 seconds]
11:16 -!- foofoobar_ is now known as foofoobar
11:16 < foofoobar> I want to use the vpn as a „proxy“ for my laptop and also client-to-client so my laptop can access the synolog client
11:16 < foofoobar> (its a diskstation @home)
11:17 < bluenemo> it tells your client to redirect ALL traffic it wants to send to the internet through this server
11:17 < bluenemo> its like the VPN gateway thingy. use VPN to access the internet and download stuff.. then there is also using vpn to just get to another server. and then there is client to client. and other stuff ;)
11:17 < bluenemo> just another usecase basically
11:18 < bluenemo> whats fun is to create a vpn server and have it listen on port 443, use that as redirect gateway, be able to access your emails in any stupid wlan coffee shop :)
11:18 < bluenemo> they NEVER Block 443 and its all just ssl :)
11:21 < foofoobar> yeah so my use case is like „use vpn to access internet and also to connect two clients“
11:22 < foofoobar> bluenemo: doesnt the ipp.txt thing ensures „static“ ips for the clients?
11:22 < bluenemo> they get one by random, then keep it this way
11:22 < bluenemo> "true" staticclients is ccd
11:22 < foofoobar> ok
11:22 < bluenemo> with ccd, you wont really need ipp.txt
11:23 < bluenemo> as far as I know
11:23 < foofoobar> yeah but the ccd fails to work properly :/
11:26 < bluenemo> hm I didnt debug this in some time but for me it sometimes was old routes that were not cleaned up correctly
11:26 < bluenemo> does the client process die or does it stay open but there is no ping?
11:27 < foofoobar> bluenemo: the client just tells me the connection did not set up correct (connection failed)
11:27 < foofoobar> I will try if it stays open and ping is possible
11:28 < foofoobar> I will try this later, need to go. Thanks for your help!
11:29 < bluenemo> np, have to go too soon ;) you'll figure this out. have fun :)
11:33 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
11:39 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:40 -!- foofoobar [~foofoobar@146.185.179.88] has quit [Ping timeout: 264 seconds]
11:40 -!- foofoobar_ [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
11:48 -!- foofoobar_ [~foofoobar@aftr-37-201-193-195.unity-media.net] has quit [Quit: foofoobar_]
11:54 -!- Sepultura [~chatzilla@unaffiliated/sepultura] has joined #openvpn
11:54 < Sepultura> bonjour
11:57 -!- hive-mind [pranq@mail.bbis.us] has quit [Quit: leaving]
11:58 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
11:58 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
12:00 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
12:02 -!- Sepultura [~chatzilla@unaffiliated/sepultura] has quit [Ping timeout: 244 seconds]
12:04 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:08 -!- Sepultura [~chatzilla@unaffiliated/sepultura] has joined #openvpn
12:24 -!- Sepultura [~chatzilla@unaffiliated/sepultura] has quit [Ping timeout: 268 seconds]
12:25 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
12:27 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Client Quit]
12:27 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
12:28 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
12:29 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Client Quit]
12:29 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
12:32 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Remote host closed the connection]
12:32 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
12:33 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Client Quit]
12:35 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
12:36 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
12:40 -!- q0_0p [~q0_0p3@2605:6000:1711:4017:21a8:1d0d:cfd4:225e] has joined #openvpn
12:40 < q0_0p> does build-dh usually takes awhile?
12:50 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
12:53 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
13:09 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:09 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
13:13 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:25 -!- GNU\colossus [colo@truschnigg.info] has quit [Remote host closed the connection]
13:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:35 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
13:46 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
13:49 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
13:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:59 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
14:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:05 < BtbN> Depends how many bits you requested
14:05 < BtbN> anything above 2048 can take a long time
14:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:12 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
14:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:14 -!- kirin` [telex@gateway/shell/anapnea.net/x-pqjtfsgpokgiktkn] has joined #openvpn
14:18 -!- kirin` [telex@gateway/shell/anapnea.net/x-pqjtfsgpokgiktkn] has quit [Client Quit]
14:41 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Remote host closed the connection]
14:41 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
14:47 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
14:52 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Ping timeout: 246 seconds]
14:56 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:02 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
15:04 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
15:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
15:08 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:08 -!- mode/#openvpn [+o mattock1] by ChanServ
15:14 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
15:22 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 256 seconds]
15:37 -!- jesopo [jess@lolnerd.net] has quit [Quit: et nos unum sumus]
15:37 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
15:39 -!- jesopo [jess@lolnerd.net] has joined #openvpn
15:51 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Ping timeout: 250 seconds]
16:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
16:18 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Read error: Connection reset by peer]
16:27 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
16:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Remote host closed the connection]
17:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
17:31 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
17:41 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
17:42 < Crew-L-T> wooohooo!! got all my tunnels working, with routing between them and all the bells and whistles
17:50 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:00 -!- KronoZ [~KronoZ@proxy.kronoz.guru] has joined #openvpn
18:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
18:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:18 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
18:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:23 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:45 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has quit [Quit: foofoobar]
18:51 -!- toli [~toli@ip-62-235-238-183.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
18:53 -!- toli [~toli@ip-83-134-71-225.dsl.scarlet.be] has joined #openvpn
19:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 244 seconds]
19:14 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
19:30 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Read error: Connection reset by peer]
19:31 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
19:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
19:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
19:46 -!- hennos [~midas8@167.160.44.220] has quit [Quit: Leaving]
20:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
20:33 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 252 seconds]
20:33 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-afbourymztahqwyy] has quit [Ping timeout: 240 seconds]
20:34 -!- chamunks [chamunks@entityreborn.com] has quit [Excess Flood]
20:34 -!- swebb [~swebb@192.152.130.179] has quit [Max SendQ exceeded]
20:35 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
20:35 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 240 seconds]
20:35 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Ping timeout: 264 seconds]
20:35 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
20:38 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
20:38 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-mvomphnssvqcgyij] has joined #openvpn
20:39 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
20:40 -!- eelstrebor [~ki7rw@216.75.116.217] has joined #openvpn
20:41 < eelstrebor> i've been trying to figure out why my openvpn clients keep connecting and immediately disconnecting - all clients do it - it's probably a config problem but so far i haven't found anything that gives me a solution
20:41 < eelstrebor> it has been mentioned that keepalive and tunnel mtu settings and persist-tun and persist-key are possible solutions but none of those suggestions has fixed my problem
20:42 < eelstrebor> i'm setup for tap
20:43 < eelstrebor> and that causes a problem with using openvpn on android since it doesn't support tap (which requires root access)
20:53 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 256 seconds]
20:53 -!- catalase [~catalase@unaffiliated/catalase] has joined #openvpn
20:54 < catalase> would a setup like this: http://askubuntu.com/questions/583679/transmission-daemon-over-openvpn-on-a-beagleboard-arm-sbc
20:54 <@vpnHelper> Title: 14.04 - Transmission daemon over OpenVPN (on a BeagleBoard ARM SBC) - Ask Ubuntu (at askubuntu.com)
20:54 < catalase> be able to run both an openvpn server and the client as described
21:01 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 255 seconds]
21:03 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
21:04 -!- krthnz [~krthnz@unaffiliated/krthnz] has joined #openvpn
21:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 252 seconds]
21:11 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
21:41 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
21:48 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
21:48 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
21:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
21:53 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
21:54 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
22:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
22:20 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
22:22 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 265 seconds]
22:22 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
22:24 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
22:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:48 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
22:48 -!- eelstrebor [~ki7rw@216.75.116.217] has quit [Quit: Ex-Chat]
23:09 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:10 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
23:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:25 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:25 -!- ShadniX [dagger@p5794116F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:26 -!- ShadniX [dagger@p5DDFF393.dip0.t-ipconnect.de] has joined #openvpn
23:27 -!- ke4nhw [ke4nhw@unaffiliated/xanthaos] has joined #openvpn
23:37 <@krzee> !factoids
23:37 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
--- Day changed Sun Oct 04 2015
00:21 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
00:25 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
00:37 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
00:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
00:47 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
00:53 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
00:59 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
01:00 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
01:16 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
01:20 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
01:45 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
01:49 -!- Malsasa [~Malsasa@114.4.78.26] has joined #openvpn
01:51 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
01:57 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
01:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:57 -!- mode/#openvpn [+o mattock1] by ChanServ
02:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
02:04 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
02:21 <@krzee> !certinfo
02:21 <@vpnHelper> "certinfo" is run `openssl x509 -in <file> -noout -text` for info from your cert file
02:27 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
02:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:30 -!- zamber [~zamber@dynamic-78-8-241-227.ssp.dialog.net.pl] has joined #openvpn
02:32 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
02:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:36 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
02:48 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:02 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
03:09 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
03:10 < q0_0p> followed this guide http://wiki.openwrt.org/doc/howto/vpn.openvpn
03:10 < q0_0p> trying to connect to openvpn on my droid; it is asking for username password
03:10 < q0_0p> although when creating certs i only remember creating password never a username
03:19 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:24 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:25 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
03:35 -!- cheesenbiscuits [~cheesenbi@175.142.64.58] has joined #openvpn
03:36 -!- q0_0p [~q0_0p3@2605:6000:1711:4017:21a8:1d0d:cfd4:225e] has quit [Read error: Connection reset by peer]
03:39 -!- q0_0p [~q0_0p3@2605:6000:1711:4017:21a8:1d0d:cfd4:225e] has joined #openvpn
03:53 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Remote host closed the connection]
03:55 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
03:56 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:56 -!- Malsasa [~Malsasa@114.4.78.26] has quit [Read error: Connection reset by peer]
03:57 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
04:16 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
04:20 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:21 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
04:21 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:22 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:22 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
04:27 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
04:37 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
04:42 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
05:00 -!- trohn_javolta [51d990bf@gateway/web/freenode/ip.81.217.144.191] has joined #openvpn
05:00 < trohn_javolta> hi @ all
05:01 < trohn_javolta> i want to randomly connect to servers
05:02 < trohn_javolta> a .ovpn file for each server is in one folder
05:03 < trohn_javolta> whats the console command to let the random parameter seach in such folder?
05:23 -!- trohn_javolta [51d990bf@gateway/web/freenode/ip.81.217.144.191] has quit [Quit: Page closed]
05:26 -!- jesopo [jess@lolnerd.net] has quit [Quit: et nos unum sumus]
05:29 -!- jesopo [jess@lolnerd.net] has joined #openvpn
05:32 -!- jesopo [jess@lolnerd.net] has quit [Client Quit]
05:35 -!- jesopo [jess@lolnerd.net] has joined #openvpn
06:08 -!- krzee [~k@openvpn/community/support/krzee] has quit [Excess Flood]
06:23 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
06:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:36 -!- ghoulsblade [~ghoulsbla@p54ACD16F.dip0.t-ipconnect.de] has joined #openvpn
06:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:41 < ghoulsblade> hi! is there a reference for the parameters in a config file? all i can find is lots of examples, but trying to convert a ShrewSoft\VPN Client  config file from a windows pc to openvpn, prolly stuck at auth-method:mutual-rsa, ident: client=asn1dn server=asn1dn
06:44 < ghoulsblade> ah, nevermind, config options = commandline options. that works =)
06:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:00 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
07:10 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:25 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
07:26 -!- cheesenbiscuits [~cheesenbi@175.142.64.58] has quit [Remote host closed the connection]
07:37 -!- ke4nhw [ke4nhw@unaffiliated/xanthaos] has quit [Ping timeout: 246 seconds]
07:49 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Remote host closed the connection]
07:51 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
08:01 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:02 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Remote host closed the connection]
08:12 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
08:13 -!- ShadniX [dagger@p5DDFF393.dip0.t-ipconnect.de] has quit [Quit: Bye.]
08:13 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
08:15 -!- ShadniX [~ShadniX@p5DDFF393.dip0.t-ipconnect.de] has joined #openvpn
08:18 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
08:26 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Remote host closed the connection]
08:28 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
08:41 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
08:44 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
08:47 -!- gics [~gics@95.233.78.193] has joined #openvpn
08:48 < gics> hello, someone use openvpn on android? I can't export the configfile, everytime i try via bluetooth i get i BT crash on android
08:50 < gics> i use de.blinkt.openvpn app
08:53 < skyroveRR> gics: which version?
08:54 < skyroveRR> I use version 0.6.35 and it works fine.
08:55 < gics> is the same version
08:55 < gics> i don't understand 1 step more now :)
08:58 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
08:59 < gics> skyroveRR, from which tab do you make the export? i go from generated config
09:00 < gics> if only i could paste it with an editor it would be better fo me
09:02 < skyroveRR> gics: I do the same thing. From the generated config.
09:04 < gics> skyroveRR, via bluetooth? and then which file extension you get on the other side? an .ovpn?
09:04 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
09:07 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:12 < skyroveRR> gics: I actually have never used that export option, I've only imported stuff, and not as an ovpn file, but as individual .key and .crt files...
09:13 < gics> skyroveRR, ok, so version doesn't matter here :)
09:14 < gics> i have a rooted phone, do you know maybe if i can copy directly the config files? or where de.blinkt.openvpn store the config?
09:15 < skyroveRR> If you import them, you would surely know where they are kept..
09:18 < skyroveRR> It's in /data/user/$num/de.blinkt.openvpn/cache/openvpn.conf.
09:18 < skyroveRR> AT least that's where my configuration is..
09:21 < skyroveRR> gics: did you find it?
09:21 < gics> skyroveRR, seems not there in my case, however thanks for your help
09:22 < gics> skyroveRR, i have instead two suspect files (i have 2 profile) in files subdirectory, with .vp extension
09:23 < gics> in /data/user/$num/de.blinkt.openvpn/files and then 2 files
09:23 < skyroveRR> You don't have cache directory?
09:24 < gics> yes i have it
09:24 < skyroveRR> What's in it?
09:24 < gics> there r 2 subdir, a file named 36 and another file with long name and opengl in its filename
09:25 < gics> the 2 subdir are empty
09:29 -!- u0m3 [~u0m3@92.80.92.123] has quit [Read error: Connection reset by peer]
09:30 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
09:30 < foofoobar> Hi. I have 3 ovpn clients: NAs (home network), laptop (home network), iphone (mobile network). They all have their network IP and a virtual IP. When I save a bookmark on my iphone to the web interface on the NAS, I would have to save two bookmarks
09:31 < foofoobar> one when I’m in the VPN (10.8.x.y) and one when I am in my local network (192.168.x.y)
09:31 < foofoobar> Is there a workaround for this scenario?
09:38 < gics> skyroveRR, in some way i managed to get them, was the 2 files in  /data/user/$num/de.blinkt.openvpn/files with .vp extension, unlucky there are some strange characters in the files but i can clean them i think. Thank you for your help! ;)
09:41 -!- u0m3 [~u0m3@92.80.92.123] has joined #openvpn
09:42 -!- u0m3 [~u0m3@92.80.92.123] has quit [Max SendQ exceeded]
09:43 -!- u0m3 [~u0m3@92.80.92.123] has joined #openvpn
09:59 -!- gics [~gics@95.233.78.193] has quit [Quit: Sto andando via]
10:01 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
10:33 < foofoobar> no hints for me?
10:34 <@plai> !splitdns
10:34 <@vpnHelper> "splitdns" is (#1) see http://www.thekelleys.org.uk/dnsmasq/doc.html for dnsmasq, which will let you do split-dns setups or (#2) "dnsmasq" is http://rob0.nodns4.us/dnsmasq.html for a writeup on how to handle DNS for lans shared with !route
10:34 <@plai> hm
10:34 <@plai> foofoobar: you could setup dnsnames
10:34 < foofoobar> plai: dnsnames?
10:35 <@plai> foofoobar: https://en.wikipedia.org/wiki/Split-horizon_DNS
10:35 <@vpnHelper> Title: Split-horizon DNS - Wikipedia, the free encyclopedia (at en.wikipedia.org)
10:36 <@plai> foofoobar: It is not the easiest stuff to setup and to use
10:36 < foofoobar> yeah
10:36 < foofoobar> is this usecase so uncommon?
10:36 <@plai> foofoobar: yes
10:36 < foofoobar> Why?
10:36 < foofoobar> How do you access your internal network things from home and from .. work ?
10:37 <@plai> foofoobar: official ips
10:37 < foofoobar> so you have two bookmarks?
10:37 < foofoobar> because the IP in your LAN must be different than the VPN ip, right?
10:37 <@plai> no the ip of these things does not change
10:37 < foofoobar> How is that working?
10:38 < foofoobar> Are you also connected to the vpn when you are at home?
10:38 <@plai> foofoobar: The ips to the ressources I want to access never changes
10:38 -!- belst [~belstgut@unaffiliated/belst] has joined #openvpn
10:39 < foofoobar> plai: mine also do not change, but depending on where I am I cant access them
10:39 <@plai> foofoobar: the case that you need access resources on a client is very very rare
10:40 <@plai> and all other resources do not move and do not change their ip addreses
10:40 <@plai> you could also use dynamic dns and =always set the right ip
10:40 <@plai> e.g. with a script
10:41 < belst> hi guys, I just set up a vpn server but I cant connect from the client. I always get WSAECONNERSET. I checked the firewall, port is open
10:42 < foofoobar> plai: the NAS on my local network does not change the ip
10:42 < foofoobar> only the mobile device
10:43 < foofoobar> http://imgur.com/vSDWHNp
10:43 <@vpnHelper> Title: Imgur: The most awesome images on the Internet (at imgur.com)
10:43 < foofoobar> The thing I want to access is the NAS
10:43 <@plai> why does your NAS have a VPN address?
10:44 <@plai> hm
10:44 < foofoobar> when the mobile phone is on the WLAN, the NAS is accessible via the hostname or static local ip (192.168..). WHen the mobile phone is not in the local network, it has to access the NAS over the VPN
10:44 < foofoobar> but then the IP is 10.8…
10:44 <@plai> the usual way would to always use 192.168.x.x
10:44 <@plai> and configure the VPN that it knows how to route to 192.x
10:44 < foofoobar> this would be nice
10:45 < foofoobar> And links for me how I can configure this?
10:45 <@plai> you might also be able to abuse client-nat
10:45 <@plai> to tell openvpn to rewrite 10.x.x.x to 192.x.x.x
10:45 <@plai> foofoobar: iroute and route
10:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:46 < foofoobar> so then the virtual ip’s are also 192… ?
10:46 < foofoobar> or just rewriting
10:47 <@plai> client-nat just does nat
10:48 <@plai> with iroute and route you can tell your vpn server how to handle 192.168.x.x ips
10:48 < foofoobar> okay
10:49 < foofoobar> so ideally I only have to do this for the mobile phone with ccd, right?
10:49 <@plai> Depends what you trying to do
10:49 < foofoobar> the mobile device needs to access the NAS
10:49 <@plai> yeah still
10:50 < foofoobar> then I will use ccd with iroute to rewrite 192.X stuff to 10.X stuff
10:50 <@plai> iroute does not rewrite
10:50 <@plai> !iroute
10:50 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
10:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:51 < foofoobar> I will google this, thanks. Short additional question which just came to my mind: I’m also using this vpn for redirect-gateway, so the NAS is accessing the internet over this vpn server (it should not). Is it possible to define the redirect-gateway only for a single client (mobile phone) ? can I do this with ccd?
10:51 <@plai> foofoobar: do not use redirect-gateway
10:52 <@plai> see
10:52 <@plai> !route
10:52 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
10:52 <@plai> and only add the ips that should be used with the vpn
10:54 < foofoobar> this is all a bit confusing. I’m going to read this, thanks
10:54 <@plai> yeah
10:54 <@plai> ip routing can be hard when you never done it
10:54 < foofoobar> yeah
10:54 < foofoobar> I’m coming back later when I read this, thanks for helping me
10:59 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has quit [Quit: foofoobar]
11:02 < belst> ok figured my problem out :D somehow openvpn isnt starting
11:07 < ghoulsblade> Hi all, trying convert a vpn config from ShrewSoft "VPN Client" with auth-method:mutual-rsa client:asn1dn server:asn1dn, what would that be in openvpn? configs: http://pastebin.com/7f7N25cq
11:15 -!- timmu [~M@109-125-191-90.dyn.estpak.ee] has joined #openvpn
11:17 -!- belst [~belstgut@unaffiliated/belst] has left #openvpn ["Leaving"]
11:17 -!- AlmogBaku [~AlmogBaku@bzq-79-178-11-25.red.bezeqint.net] has joined #openvpn
11:26 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
11:34 < ghoulsblade> hmm, possibly related to IKE :  Internet_Key_Exchange (IPsec) , at least the config contains n:network-ike-port:500   =(  is ipsec a totally different system that wont work with openvpn or is there it something additional ?
11:40 < phreakocious> ghoulsblade: openvpn is proprietary, it's not ipsec
11:42 < ghoulsblade> sorry, no clue what/where ipsec is in the chain.      would  ipsec + openvpn  combo work, or is it a totally different system ?
11:44 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
11:45 < phreakocious> totally different
11:45 < phreakocious> ike/ipsec is a standard
11:49 < ghoulsblade> ok, thanks, i'll try to compile their linux client or try wine then i guess...        i just saw they used a "VPN Client" on windows so i thought i could make a openvpn config for it to work on linux
11:53 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
11:57 -!- AlmogBaku [~AlmogBaku@bzq-79-178-11-25.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:07 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
12:07 -!- rich0_ is now known as rich0
12:09 <@plai> ghoulsblade: linux also has ipsec support
12:14 < ghoulsblade> the problem is i dont know much about the server, i was given a "vpn" config file, that mentions a hostname and network-ike-port:500 that works on windows, and i was trying to get it to work with openvpn, but seems thats not possible
12:14 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 260 seconds]
12:27 -!- hennos [~midas8@167.160.44.220] has quit [Read error: Connection reset by peer]
12:33 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:34 <@plai> ghoulsblade: no
12:34 <@plai> !ipsec
12:37 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
12:39 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has joined #openvpn
12:48 -!- grubles [~grubles@unaffiliated/grubles] has joined #openvpn
13:08 < foofoobar> plai: the links are you gave me are wirint about an openvpn with multiple lans
13:08 < foofoobar> but I do not need this, I just want to have 1 lan with 3 clients (NAS, paptop, mobile).
13:08 < foofoobar> laptop and mobile should use the vpn to access the internet an also to access the NAS
13:14 -!- AlmogBaku [~AlmogBaku@bzq-79-178-11-25.red.bezeqint.net] has joined #openvpn
13:15 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
13:17 < foofoobar> This is the network I want: http://i.imgur.com/u86LdFS.png
13:18 < foofoobar> Currently all use the VPN to access the internet (redirect-gateway) and I can access the NAS only over two IPs
13:28 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
13:30 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ttpccavlagwgolen] has quit [Quit: Connection closed for inactivity]
13:33 <@plai> foofoobar: you have multiple networks
13:34 <@plai> your local network, your vpn
13:34 < foofoobar> plai: but on the page the example was two clients with different networks
13:34 < foofoobar> I do not have this
13:34 <@plai> you want your local network be accessable via the vpn
13:34 < foofoobar> correct
13:35 < foofoobar> err, give me a second
13:35 < foofoobar> I only want the connected clients to be able to talk to each other
13:35 < foofoobar> so no need for one of these clients to share their network
13:36 <@plai> then you have different ips
13:36 <@plai> or use client-nat as hack
13:40 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
13:42 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has quit [Quit: Leaving]
13:42 -!- Willis [Willis@107.161.160.241] has joined #openvpn
13:43 < foofoobar> mh
13:44 -!- hennos [~midas8@167.160.44.254] has joined #openvpn
13:45 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
13:51 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
13:52 -!- AlmogBaku [~AlmogBaku@bzq-79-178-11-25.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:53 < foofoobar> plai: what is simpler to set up, the routing or a custom dns server?
13:53 < foofoobar> because a dns server on the vpn client could just resolv names and then I do not have to access ips
13:55 <@plai> for me the routing
13:56 <@plai> because it is the natural way fo rme
13:56 <@plai> but then again I done IP routing for year as my job
13:56 < foofoobar> currently i cant get my head around this how this should work
13:57 < foofoobar> (what to configure how)
13:58 -!- tekzilla [~jon@217.147.92.57] has joined #openvpn
14:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:13 < tekzilla> for mssfix, the docs say it will account for all encapsulation except the UDP header, so would the correct mssfix size be client-server WAN MTU minus IP header minus UDP header ?
14:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:22 <@plai> tekzilla: yeah the description is confusing
14:22 <@plai> I have no idea what it exactly
14:22 <@plai> I would have to check the source or just try and look myself
14:28 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 260 seconds]
14:28 -!- dmilith [~dmilith@verknowsys.com] has quit [Ping timeout: 260 seconds]
14:28 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
14:29 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 260 seconds]
14:29 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 260 seconds]
14:29 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 260 seconds]
14:30 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 260 seconds]
14:30 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 260 seconds]
14:31 -!- grubles [~grubles@unaffiliated/grubles] has quit [Ping timeout: 260 seconds]
14:32 -!- Tenhi [~tenhi@178.18.241.180] has quit [Ping timeout: 260 seconds]
14:32 -!- Tenhi_ is now known as Tenhi
14:33 < tekzilla> plai: ok thanks, i will experiment a bit
14:33 -!- iNs_ [~ins@85.17.164.26] has joined #openvpn
14:33 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
14:34 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
14:34 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Client Quit]
14:34 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:34 -!- mode/#openvpn [+o mattock] by ChanServ
14:35 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has quit [Ping timeout: 240 seconds]
14:35 -!- devtea [~tdreyer1@unaffiliated/tdreyer1] has quit [Ping timeout: 240 seconds]
14:35 -!- avril [~L@I.thought.this.was.dalnet.ca] has quit [Ping timeout: 240 seconds]
14:35 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 240 seconds]
14:35 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 240 seconds]
14:35 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 240 seconds]
14:35 -!- Tenhi_0 [~tenhi@178.18.241.180] has joined #openvpn
14:35 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
14:35 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
14:35 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
14:35 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
14:36 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
14:36 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
14:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:49 -!- Tenhi_0 is now known as Tenhi_
14:51 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
14:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:51 -!- AlmogBaku [~AlmogBaku@bzq-79-178-11-25.red.bezeqint.net] has joined #openvpn
14:58 -!- AlmogBaku [~AlmogBaku@bzq-79-178-11-25.red.bezeqint.net] has quit [Ping timeout: 252 seconds]
15:11 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
15:23 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 268 seconds]
15:27 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
15:43 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:47 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has left #openvpn []
15:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
15:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:56 -!- ghoulsblade [~ghoulsbla@p54ACD16F.dip0.t-ipconnect.de] has left #openvpn []
16:04 -!- ruwt [~weechat@unaffiliated/m10t] has quit [Quit: WeeChat 1.0.1]
16:08 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
16:09 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
16:13 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:17 -!- q0_0p [~q0_0p3@2605:6000:1711:4017:21a8:1d0d:cfd4:225e] has quit [Read error: Connection reset by peer]
16:24 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:35 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:59 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
16:59 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
17:01 -!- james41382_ is now known as james41382
17:07 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 264 seconds]
17:40 -!- timmu [~M@109-125-191-90.dyn.estpak.ee] has quit [Ping timeout: 246 seconds]
18:01 -!- KronoZ is now known as KronoZ[away]
18:02 -!- KronoZ[away] is now known as KronoZ
18:07 -!- KronoZ is now known as KronoZ[away]
18:09 -!- krzie [ba95f387@openvpn/community/support/krzee] has joined #openvpn
18:09 -!- mode/#openvpn [+o krzie] by ChanServ
18:09 -!- KronoZ[away] is now known as KronoZ
18:26 -!- hennos [~midas8@167.160.44.254] has quit [Ping timeout: 255 seconds]
18:40 -!- KronoZ is now known as KronoZ[away]
18:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:50 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
18:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:53 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
18:54 -!- hennos [~midas8@167.160.44.194] has joined #openvpn
18:56 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
19:17 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 250 seconds]
19:17 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:17 -!- KronoZ[away] is now known as KronoZ
19:21 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
19:22 < eelstrebor> can anyone tell me why the dd-wrt openvpn server status page  is showing clients connecting and disconnecting with no clients listed?
19:25 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
19:30 <@krzie> no
19:30 <@krzie> but if you want help understanding your openvpn logs or similar, yes.
19:30 <@krzie> otherwise...
19:30 <@krzie> !notovpn
19:30 <@vpnHelper> "notovpn" is (#1) "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem or (#2) sorry, but we dont care. this channel is only for help with openvpn.
19:30 <@krzie> (openvpn doesnt come with a server status page, that is dd-wrt not openvpn)
19:34 <@krzie> anybody have an extra vpn account for russia that i may use for a couple weeks max?
19:36 -!- AlmogBaku [~AlmogBaku@bzq-79-178-11-25.red.bezeqint.net] has joined #openvpn
19:45 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
19:53 -!- madmattco [~quassel@znc.madboxes.cc] has quit [Quit: u wana get bottld cunt?]
19:54 -!- madmattco [~quassel@znc.madboxes.cc] has joined #openvpn
20:07 < eelstrebor> krzie, my problem is with openvpn - maybe a dd-wrt issue - no need to have an attitude
20:07 < eelstrebor> gotta ask somewhere
20:10 < eelstrebor> https://www.dd-wrt.com/phpBB2/viewtopic.php?t=286301
20:12 < AlmogBaku> we need more details
20:12 < AlmogBaku> 1) try to fetch logs from the clients
20:12 < AlmogBaku> 2) try to login to the management and increase the log verbossing
20:12 < AlmogBaku> level
20:12 < AlmogBaku> eelstrebor ^
20:14 < eelstrebor> why get logs from clients when i specifically stated that there are NO clients attached to the server??
20:14 < AlmogBaku> oh didnt notice that
20:15 < AlmogBaku> maybe you HAD clients connected:
20:15 < eelstrebor> the link i posted above gives more detail about the server
20:15 < AlmogBaku> ovpn realized that the user got disconnected after a while... it usually between 20s-120s
20:15 < eelstrebor> the dd-wrt openvpn status page shows if there are any clients attached (also shown in the link)
20:17 <@krzie> eelstrebor: you need logs from the client that is *trying* to connect to the server, and from the server itself
20:17 < eelstrebor> all clients are shut down
20:17 <@krzie> and my response was not attitude, it was letting you know that we support openvpn not ddwrt so you need to use openvpn logs not ddwrt webpages
20:18 < eelstrebor> even though all clients have been disabled there are still disconnects/connects showing in the log
20:19 < eelstrebor> the server log
20:19 <@krzie> then something is connecting/ disconnecting
20:19 <@krzie> aka, not all clients are disabled
20:19 < eelstrebor> well, unless the nsa is trying to hack my system.......
20:19 <@krzie> lol
20:19 <@krzie> did you give them your tls-auth key?
20:20 < eelstrebor> nope, maybe the wife did
20:20 <@krzie> or did they first crack that to get access to the port to attempt a connection?
20:20 <@krzie> you should go have a stern talk with her ;]
20:20  * krzie hands eelstrebor a bat
20:21 <@krzie> eelstrebor: im sure looking at the ip that is trying to connect will make it easy to find the client that is trying to connect
20:21 <@krzie> and verb 5 might help you find what his problem is (verb 5 on both sides)
20:22 < eelstrebor> i'll figure it out eventually but i spend way too much time debugging computers
20:22 <@krzie> you'll see rwrwrw in the logs with verb 5, r is read and w is write
20:22 <@krzie> we'll help if you provide the relevant info
20:22 < eelstrebor> i'd pay for tech support but i usually know more about computers than the tech support people
20:23 <@krzie> we do free support here for those who dont mind doing the work themselves
20:23 <@krzie> work may be getting relevant info, or it may be reading
20:23 <@krzie> but if you normally know more than the tech support, you probably dont need to pay anybody
20:24 <@krzie> in this case "work" currently is getting the logs from client and server with verb 5
20:25 <@krzie> also, fyi, ive had plenty of problems with dd-wrt and openvpn in the past... including a router a recently tried to use as an openvpn server and it could not establish a connection with any clients
20:26 <@krzie> tcpdump showed it was mangling packets in a gross way, no idea why, so i switched to openwrt and life is good
20:26 <@krzie> !ddwrt
20:26 <@krzie> !ping
20:26 <@vpnHelper> pong
20:26 <@krzie> !dd-wrt
20:26 <@vpnHelper> "dd-wrt" is (#1) While some users have success with dd-wrt, the build system isn't very accessible to users and there have been security issues with the distro. Consider carefully if this is the platform you want to use for OpenVPN or (#2) Firewall oopsie : http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783 or (#3) more issues: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=84536
20:26 < eelstrebor> looks like the default config generated by dd-wrt sets up verb 5
20:26 < eelstrebor> oops, i mean verb 3
20:26 <@krzie> ya verb 3 is better for everyday use
20:27 <@krzie> but you're debugging... 5 is better for now
20:28 <@krzie> if your router supports openwrt i recommend the switch
20:28 < eelstrebor> i've used openwrt in the past - i've had problems with it also - i guess you get what you pay for
20:28 <@krzie> i have excellent success with openwrt in many locations
20:29 < eelstrebor> i do get clients to connect with the server running on dd-wrt but they keep dropping and re-connecting
20:29 <@krzie> i have a $25 (usd) tp-link router running ospf over multiple vpn links, running a multihomed (3 isps) vpn server, and using the internal switch as a real router using vlans for each port
20:29 <@krzie> so "you get what you pay for" i have to disagree =]
20:31 < eelstrebor> i seem to have a stable connection to my other openvpn server running on an ubuntu pc that's running on a non-standard port - maybe i'll just use it - i've been told that it's "better" to run the vpn server on a router though
20:31 <@krzie> the ubuntu pc is on the same network
20:31 <@krzie> ?
20:31 <@krzie> over the same isp, etc?
20:31 < eelstrebor> the ubuntu server is using tun while dd-wrt server is using tap
20:32 < eelstrebor> yes
20:32 <@krzie> oh, and why tap?
20:32 <@krzie> tun is probably what you want
20:32 < eelstrebor> plus, android openvpn doesn't work on tap
20:32 <@krzie> yep true
20:32 <@krzie> is there a reason you wanted tap?
20:32 < eelstrebor> tap seemed easier to setup
20:32 <@krzie> oh, nope
20:33 <@krzie> see if tun fixes your problem, i can look over your config if youd like (if so let me know and i'll tell you how i want the configs)
20:33 <@krzie> if it does not fix your problem, the working ubuntu server on the same isp proves your problem is the router (probably dd-wrt)
20:33 < eelstrebor> well, i can try to get tun to work - maybe that'll make the dd-wrt server stable but who knows
20:34 <@krzie> exactly, see if that fixes the dd-wrt or not
20:34 <@krzie> also, its not especially "better" to run the vpn on the router, it just makes routing your lan over the vpn 1 step easier
20:35 <@krzie> if you route foreign lans over the vpn then you need to configure a route on the lans gateway, unless the vpn happens to run on the gateway itself
20:35 <@krzie> other than that, no difference.
20:35 < eelstrebor> my ea6900 isn't listed in the openwrt table of hardware
20:35 <@krzie> aww thats too bad
20:36 <@krzie> same happened to me with the router i was running ddwrt on, thats why i use tp-link now (super cheap and supported by the openwrt imagebuilder)
20:36 < eelstrebor> time for some popcorn and a movie
20:36 <@krzie> done for now?
20:37 <@krzie> alright, good luck. in case you plan on sharing your lan over openvpn and not on the router (using the ubuntu server or whatev) this is the thing you'll need that you would not need when running openvpn on the router:
20:37 <@krzie> !route_outside_ovpn
20:37 <@vpnHelper> "route_outside_ovpn" is "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
20:39 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
20:41 <@krzie> oh and you mentioned that youd like to pay... i *do* accept side work, but i think you have the skill-level where you can do this yourself without paying, and id be happy to help you do it... and theres plenty of others here who will help for free as well...
20:43 <@krzie> with that said, i've paid people to just get things working without me needing to learn it all, if that's really what you prefer i don't mind being the person you use.
20:44 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
20:45 <@Eugene> I'll do it for ($krzees_price - 1)
20:45 <@krzie> Eugene will do it for a beer
20:46 <@krzie> ...id do it for a blunt lol
20:47 <@krzie> Eugene: you might wanna use the absolute value of ($krzees_price - 1), otherwise i might have you paying him for letting you do it ;]
20:48 -!- krzie was kicked from #openvpn by Eugene [innanuts]
20:49 -!- krzie [ba95f387@openvpn/community/support/krzee] has joined #openvpn
20:49 -!- mode/#openvpn [+o krzie] by ChanServ
20:49 <@krzie> :-p
20:49  * krzie charges $-99.00
20:50 -!- hennos [~midas8@167.160.44.194] has quit [Quit: Leaving]
20:51 -!- timmu [~M@109-125-191-90.dyn.estpak.ee] has joined #openvpn
21:11 -!- cyberanger [~cyberange@swissknife/adak/infocop411] has quit [Quit: Bye!]
21:13 -!- cyberanger [~cyberange@swissknife/adak/infocop411] has joined #openvpn
21:36 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
21:37 -!- AlmogBaku [~AlmogBaku@bzq-79-178-11-25.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
21:50 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
21:50 -!- mode/#openvpn [+o krzee] by ChanServ
21:55 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:56 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has joined #openvpn
21:57 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-cmncvbwkuhwzkodr] has joined #openvpn
21:59 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:23 <@krzee> !ping
22:23 <@vpnHelper> pong
22:25 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:38 -!- timmu [~M@109-125-191-90.dyn.estpak.ee] has quit [Ping timeout: 255 seconds]
22:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:58 -!- cyberanger [~cyberange@swissknife/adak/infocop411] has quit [Quit: Bye!]
23:25 -!- ShadniX [~ShadniX@p5DDFF393.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:26 -!- ShadniX [dagger@p579417F1.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Oct 05 2015
00:10 -!- catalase [~catalase@unaffiliated/catalase] has quit [Read error: Connection reset by peer]
00:44 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:47 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
00:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:59 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:15 < dionysus69> can anyone help me understand why I cant make tun adapters work on my windows setup?
01:19 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:50 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:01 < tm_ebis> dionysus69, maybe. If you tell us your windows setup and what you've tried so far.
02:15 < dionysus69> well I have a tap adapter bridged with gigabit ethernet, I have a working vpn server and when I comment out tap and uncomment tun, it wont work, I have a feeling I am missing some configuration for tun
02:16 < dionysus69> what additional setup does it need except of just uncommenting tun adapter line in config file?
02:26 -!- dcarmich [~dcarmich@c-67-176-237-158.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:32 -!- nocturn [~nocturn@unaffiliated/nocturn] has joined #openvpn
02:32 < nocturn> Hi, is there anyway to get OpenVPN to work when blocked with a layer 7 firewall?
02:34 < nocturn> I'm looking at tunneling OpenVPN in TCP mode over SSH currently
02:35 <@krzee> sure
02:36 <@krzee> if you use statickeys theres no way to know its openvpn
02:36 <@krzee> !statickey
02:36 <@vpnHelper> "statickey" is (#1) you can use static keys by using --secret </path/to/key> or (#2) static keys only work for ptp links, not client/server. They also do not provide forward encryption. A forward-secure encryption scheme (such as openvpn uses with certs) protects secret keys from exposure by evolving the keys with time. or (#3) see !forwardsecurity for more info
02:36 <@krzee> !obfs
02:36 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
02:36 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
02:37 <@krzee> if you want it to stand up to a human eye:
02:37 <@krzee> !port-share
02:37 <@vpnHelper> "port-share" is When run in TCP server mode, share the OpenVPN port with another application, such as an HTTPS server. If OpenVPN senses a connection to its port which is using a non-OpenVPN protocol, it will proxy the connection to the server at host:port. Currently only designed to work with HTTP/HTTPS, though it would be theoretically possible to extend to other protocols such as ssh. Not
02:37 <@vpnHelper> implemented on Windows.
02:38 <@krzee> dionysus69,
02:38 <@krzee> !configs
02:38 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
02:39 <@krzee> dionysus69, for 1 thing you said you have the tap adapter bridged with the ethernet adapter, to use tun you need to unbridge it
02:39 <@krzee> bridging is for sharing the lan over the vpn with layer2
02:39 < dionysus69> krzee: oh I see... :s
02:39 <@krzee> (something i recommend against)
02:39 < dionysus69> ok I will unbridge :)
02:40 <@krzee> dionysus69,
02:40 <@krzee> !goal
02:40 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
02:42 < dionysus69> I want lan to be visible of course thats primary goal of vpn
02:42 < dionysus69> for clients
02:42 <@krzee> for ip traffic?
02:42 <@krzee> for layer2 traffic? if so which?
02:42 < dionysus69> I would also be glad if clients used servers gateway
02:43 < dionysus69> meaning for ip traffic?
02:43 <@krzee> what sort of traffic will travel over the vpn to the lan?
02:44 <@krzee> ssh, http, ospf?
02:44 < dionysus69> I dont know
02:44 < dionysus69> clients connect to DB on server
02:44 <@krzee> ok thats tcp
02:45 <@krzee> lan gaming?
02:46 < dionysus69> but since I have heard udp protocol is better for use with VPNs I am aiming for it
02:46 <@krzee> ok it sounds like you want tun
02:46 <@krzee> yes, udp for the vpn is better
02:46 < dionysus69> no its accounting program connecting to server from clients
02:46 < dionysus69> yes I heard advantages of tun
02:46 < dionysus69> but I have heard that if I want to use server's gateway with clients, I need to use tap and it needs to be bridged
02:46 <@krzee> nope
02:47 <@krzee> !redirect
02:47 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
02:47 < dionysus69> is that wrong? can I use server's IP on clients with tun?
02:47 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
02:47 <@krzee> tun can do anything that requires layer3 traffic, so all ip traffic
02:48 < dionysus69> will you be here for a while? I will go to server and unbridge it for the first step
02:48 <@krzee> internet traffic is all ip, so you can definitely redirect it over a tun
02:48 <@krzee> maybe, i was passing out before i stopped in
02:48 < dionysus69> I need walkthrough because I dont know many things :S :D
02:48 <@krzee> what os is server?
02:48 < dionysus69> i will need special help on that redirect thing
02:49 < dionysus69> windows 2008 unfortuntely
02:49 <@krzee> !winnat
02:49 < dionysus69> I also have centos running on vm on it
02:49 <@vpnHelper> "winnat" is (#1) http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html for a guide on setting up NAT in windows or (#2) http://www.nanodocumet.com/?p=14 for windows XP or (#3) https://community.openvpn.net/openvpn/wiki/NatOverWindows2008 for 2k8
02:49 <@krzee> !winipforward
02:49 <@vpnHelper> "winipforward" is (#1) http://support.microsoft.com/kb/315236 to enable ip forwarding on windows or (#2) reboot after enabling it
02:49 <@krzee> you'll need both of those
02:49 < dionysus69> I have ports forwarded on router
02:49 < dionysus69> I dont understand what does it mean to enable forwarding on windows
02:50 <@krzee> ip forwarding is what lets traffic pass from 1 interface to another
02:50 < dionysus69> router redirects traffic to windows and windows gets it right?
02:50 < dionysus69> yes and I have done it on router
02:50 <@krzee> so if you want to share vpn with lan and/or let vpn clients use vpn for internet access, you need ip forwarding
02:50 <@krzee> of course you have ip forwarding on the router
02:51 <@krzee> ip forwarding is NOT port forwarding
02:51 <@krzee> a router cant exist without ip forwarding
02:51 < dionysus69> oh ip forwarding ok :D
02:51 < dionysus69> so what IP do I need to forward where
02:51 <@krzee> routers literally route traffic between interfaces, ip forwarding allows that to happen
02:51 < dionysus69> my network is 96.96.96.0
02:51 <@krzee> :/
02:51 <@krzee> !google ip forwarding
02:51 <@vpnHelper> IP forwarding - Wikipedia, the free encyclopedia: <https://en.wikipedia.org/wiki/IP_forwarding>; How to enable IP Forwarding in Linux - MDLog:/sysadmin: <http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/>; linux - IP Forwarding = when and why is this required? - Server Fault: <http://serverfault.com/questions/248841/ip-forwarding-when-and-why-is-this-required>
02:51 <@krzee> read that.
02:52 <@krzee> it has nothing to do with forwarding ips to places. you enable it to allow traffic to flow from 1 interface to another
02:53 <@krzee> without it enabled you cannot share your lan or internet over the vpn, because the vpn interface is tap and the internet interface or lan interface is something else
02:53 <@krzee> running a vpn server is advanced networking, i suggest you learn basic networking before attempting to do it.
02:53 < dionysus69> so ok I have one ethernet adapter and one tap adapter
02:53 < dionysus69> how do I enable traffic between them without bridging?
02:54 <@krzee> !redirect
02:54 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
02:54 <@krzee> !winnat
02:54 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
02:54 <@vpnHelper> "winnat" is (#1) http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html for a guide on setting up NAT in windows or (#2) http://www.nanodocumet.com/?p=14 for windows XP or (#3) https://community.openvpn.net/openvpn/wiki/NatOverWindows2008 for 2k8
02:54 <@krzee> !winipforward
02:54 <@vpnHelper> "winipforward" is (#1) http://support.microsoft.com/kb/315236 to enable ip forwarding on windows or (#2) reboot after enabling it
02:54 <@krzee> i literally gave you the answer BEFORE you asked the question
02:54 < dionysus69> I know but I am lost in all those resources :D I will go step by step then :)
02:56 <@krzee> !101
02:56 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
02:57 <@krzee> to understand what ip forwarding is and why you need it, or same for NAT, you might find better answers than from me in #networking
02:57 <@krzee> i see you're in there too
02:58 < dionysus69> yes haha
02:58 < dionysus69> I ask questions there if this channel is silent
02:59 <@krzee> just gotta ask good questions
02:59 <@krzee> !ask
02:59 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
02:59 <@krzee> you might find that link very helpful if you read it
03:00 <@krzee> (i am not being sarcastic or trying to be rude)
03:00 < dionysus69> yes I know smart questioning but I cant ask smart questions if I know little about whats going on :)
03:00 < dionysus69> yes I understand that too :D i get it ^.^
03:01 <@krzee> =]
03:02 <@krzee> anyways, im going to passout
03:02 <@krzee> when you setup the vpn
03:02 <@krzee> first dont do any internet routing or lan sharing, just get a vpn up where you can ping the vpn server by its vpn ip (10.8.0.1 in many examples)
03:03 <@krzee> then you can follow !redirect for internet sharing
03:03 <@krzee> and then you can follow !serverlan for sharing the server's lan
03:04 <@krzee> goodnight and goodluck
03:04 < dionysus69> thanks allot
03:04 <@krzee> np
03:04 < dionysus69> goodnight :)
03:04 <@krzee> !howto
03:04 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
03:10 -!- screamindynomit [~canibalki@216.252.11.187] has joined #openvpn
03:10 -!- screamindynomit [~canibalki@216.252.11.187] has left #openvpn ["you are all technicolor burps"]
03:11 -!- phanatik- [~phanatik@58-7-253-72.dyn.iinet.net.au] has joined #openvpn
03:11 < phanatik-> hi, i have a problem with my vpn not starting up when kali starts, i get the following: [FAILED] Failed to start OpenVPN connection to CG_Australia"
03:18 -!- blinkbox [blindbox@1.9.127.18] has joined #openvpn
03:19 < blinkbox> anyone here experienced with tap bridges and ubuntu
03:20 < blinkbox> i have a problem. i have a perfectly fine openvpn conf file, set to tap, and authenticated well. except, i can only ping the device that's hosting the tunnel, and not any other device that's behind the tunnel. let me paste my config asap
03:20 < blinkbox> !paste
03:20 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
03:21 < blinkbox> https://gist.github.com/anonymous/36868ddf7e71781971e4
03:21 <@vpnHelper> Title: gist:36868ddf7e71781971e4 · GitHub (at gist.github.com)
03:23 < blinkbox> forgot to say, client is windows, and host is ubuntu. the pastebin i gave is the server file
03:29 -!- phanatik- [~phanatik@58-7-253-72.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
03:35 -!- mota [~mota@about/windows/regular/mota] has joined #openvpn
03:37 -!- mota [~mota@about/windows/regular/mota] has left #openvpn []
03:38 < dionysus69> I can ping my server IP on VPN subnet but I cannot access server LAN, how do I forward traffic???
03:38 < dionysus69> I am on windows
03:44 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 272 seconds]
04:04 -!- phanatik- [~phanatik@58-7-253-72.dyn.iinet.net.au] has joined #openvpn
04:04 < phanatik-> hi, i have a problem with my vpn not starting up when kali starts, i get the following: [FAILED] Failed to start OpenVPN connection to CG_Australia"
04:11 -!- f0cker [~f0cker@unaffiliated/f0cker] has joined #openvpn
04:14 -!- nocturn [~nocturn@unaffiliated/nocturn] has quit [Quit: Lost terminal]
04:14 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:15 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
04:17 -!- f0cker [~f0cker@unaffiliated/f0cker] has quit [Ping timeout: 255 seconds]
04:19 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 255 seconds]
04:21 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:21 -!- mode/#openvpn [+o mattock1] by ChanServ
04:25 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
04:25 -!- phanatik- [~phanatik@58-7-253-72.dyn.iinet.net.au] has quit [Ping timeout: 256 seconds]
04:27 -!- HollowPoint [~Alex@62.255.245.182] has joined #openvpn
04:28 -!- blinkbox [blindbox@1.9.127.18] has quit [Read error: Connection reset by peer]
04:35 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:36 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Ping timeout: 244 seconds]
04:37 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://hallowe.lt/]
04:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:57 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:05 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:07 -!- shio [marmot@126.121.101.84.rev.sfr.net] has quit [Ping timeout: 272 seconds]
05:08 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has joined #openvpn
05:11 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Read error: Connection reset by peer]
05:12 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
05:17 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Max SendQ exceeded]
05:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:22 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
05:23 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
05:25 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Client Quit]
05:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
05:34 -!- grubles [~freebsd@unaffiliated/grubles] has joined #openvpn
05:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:49 -!- femtobot [~quassel@2a02:2658:1011:1::2:4044] has joined #openvpn
06:50 -!- toli [~toli@ip-83-134-71-225.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
06:54 -!- toli [~toli@ip-83-134-71-225.dsl.scarlet.be] has joined #openvpn
07:00 -!- f0cker [~f0cker@unaffiliated/f0cker] has joined #openvpn
07:09 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
07:10 -!- f0cker [~f0cker@unaffiliated/f0cker] has quit [Ping timeout: 240 seconds]
07:16 -!- MrVandelay [~nox@sysv.se] has joined #openvpn
07:18 < MrVandelay> Why does it take so long to 'systemd stop openvpn@whatever.service' when I've lost internet connectivity with the vpn session active, and how can I fix it?
07:19 < MrVandelay> (I'm asking in both #openvpn and #systemd because I'm not sure which is the problem)
07:23 <@mattock1> MrVandelay: not sure of the reason, but dazo might know the answer
07:23 <@mattock1> systemctl status openvpn@whatever or journalctl -xn (was it -xn) might give some clues
07:36 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has joined #openvpn
07:40 < MrVandelay> I talked to the systemd-folks and it seems as if this is an openvpn-problem. I strace'd the process during the problem if anyone cares to take a look? I can't really tell what's going on.
07:45 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
07:58 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
08:02 -!- hojgaard [~hojgaard@78.156.117.236] has joined #openvpn
08:03 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
08:16 -!- foofoobar [~foofoobar@146.185.179.88] has joined #openvpn
08:17 < foofoobar> Hi. I can use my VPN without any problem from my mobile network, but when I try to use it over the telekom hotspot, it does not work. I found out that dns resolving works, but the connection not.
08:17 < foofoobar> I read a tip that I have to switch from UDP to TCP, so I did.
08:17 < foofoobar> And see, it works.
08:17 -!- AsadH [~AsadH@unaffiliated/asadh] has quit [Ping timeout: 240 seconds]
08:17 < foofoobar> Question: What can be a cause of this? Is the hotspot provider filtering?
08:17 < foofoobar> What can be a cause to filter UDP and not TCP from the hotspot provider?
08:18 < foofoobar> And will it make a difference if I run my openvpn on UDP port 443 (so it looks like https) ?
08:26 -!- foofoobar [~foofoobar@146.185.179.88] has quit [Ping timeout: 252 seconds]
08:28 -!- foofoobar [~foofoobar@88.128.81.147] has joined #openvpn
08:28 < foofoobar> Sorry I had a disconnect. If someone answered it would be nice if you could copy-paste it
08:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
08:33 -!- HollowPoint [~Alex@62.255.245.182] has quit [Quit: Leaving]
08:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
08:58 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
09:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
09:03 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:14 < foofoobar> What does this command do: route 10.10.1.0 255.255.255.0
09:15 <@ecrist> foofoobar: It's possible your provider is filtering the UDP traffic.
09:15 <@ecrist> You'd have to run some tests to be sure, however.
09:15 < foofoobar> ecrist: Is there some way to test this?
09:15 <@ecrist> The command above routes the 10.10.1.0 network to your VPN.
09:16 < foofoobar> ecrist: I have a local network (two clients:NAS and PI with the ip scheme 192.168.178.X) and a laptop in the internet which are all connected to my VPN (10.8.0.X). When I’m on my laptop, how do I access the NAS via it’s local ip (192.168.178.X) instead of the virtual ip (10.8.0.Y) ?
09:17 <@ecrist> foofoobar: yes, there are tests, but it's really beyond the topic of this channel.
09:17 < foofoobar> ecrist: ok
09:17 <@ecrist> When on the VPN you either need to use the VPN IPs, or you need to push the route to the other network.
09:17 <@ecrist> !route
09:17 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
09:17 <@vpnHelper> client
09:18 <@ecrist> !iroute
09:18 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
09:19 < foofoobar> yeah someone refered me to this yesterday and I just read it. But I understood it as connection a whole lan behind a client. I just want to connect the client (which is already connected) via his local ip
09:19 <@ecrist> you can't do that.
09:19 < foofoobar> so I dont have to make two bookmarks (192.168.178.X when my laptop is in my home network) and (10.8.0.Y) when I
09:19 < foofoobar> when I’m not at home
09:20 <@ecrist> you either need to push the LAN subnet, or you need to use both IPs
09:21 < foofoobar> ok, so I need to push the LAN subnet
09:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
09:25 < foofoobar> ecrist: does the client push the LAN subnet or do I tell openvpn to route this subnet to one of the clients?
09:26 < foofoobar> ecrist: I also thought of adding an own DNS which resolves the correct ip, but this is more complex, right?
09:26 <@ecrist> read the factoids above from vpnhelper
09:31 < foofoobar> ecrist: okay, I think I did understand most of this. one thing comes to my mind
09:32 < foofoobar> when I push the route to my client NAS, and the NAS crashes, whats then?
09:32 < foofoobar> can I define a failover (PI) ?
09:32 <@ecrist> you shouln't push that route to the NAS
09:35 < foofoobar> why? where should I push it?
09:36 <@ecrist> This is really getting in to routing 101.
09:40 < foofoobar> ecrist: I thought working with networks is related to openvpn..
09:40 < foofoobar> https://gist.github.com/anonymous/6a9b827b9fcadfb88acb
09:40 <@vpnHelper> Title: gist:6a9b827b9fcadfb88acb · GitHub (at gist.github.com)
09:42 <@ecrist> your NAS is crashing because you're pushing a route for it's own local network.
09:42 <@ecrist> that's a conflict and will result in the NAS no longer being able to route to the local network.
09:42 <@ecrist> which means it also won't be able to get to the VPN server
09:42 < foofoobar> ah
09:42 <@ecrist> creating a lopp
09:42 <@ecrist> loop
09:42 <@ecrist> !101
09:42 <@vpnHelper> "101" is This channel is not a '101' replacement for any of the following topics or others: Networking, Firewalls, Routing, Your OS, Security, etc etc
09:45 < foofoobar> so when I choose a different subnet instead of the route from it’s own local network, I will - again - have two IP’s to access
09:45 < foofoobar> one IP from my local network and one different when it’s on the vpn ..
09:48 < foofoobar> maybe the „own DNS“ solution is better to configure than this
09:49 < foofoobar> why is such a simple thing so complex to configure
09:49 <@ecrist> no
09:49 < foofoobar> I just want to access the NAS with one ip/name
09:49 <@ecrist> It's not really that difficult, you just don't understand the mechanics.
09:50 <@ecrist> re-read the route and iroute factoids, above, and then look into the man page for those
09:50 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:55 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
09:59 < foofoobar> ecrist: I did. I cant find the error in the config I posted in the gist. The vpn server uses push route 192.178.178.0 to tell all clients that it handles this traffic. the iroute command for the NAS tells the vpn that it is responsible for this network. in the man for iroute I found „OpenVPN accomplishes this by not not pushing a route to a  client  if  it  matches  one  of  the client's iroutes.“ so this should not overwrite the routes on the clie
10:00 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
10:02 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
10:04 < foofoobar> I tried to annoate the config I made here as I understand what I am doing here: https://gist.github.com/anonymous/db11343342dd9303a590
10:04 <@vpnHelper> Title: gist:db11343342dd9303a590 · GitHub (at gist.github.com)
10:12 < foofoobar> ecrist: Maybe you can tell me where the problem in this thoughts are so I can rethink over it
10:17 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:27 -!- foofoobar [~foofoobar@88.128.81.147] has quit [Quit: foofoobar]
10:27 <@ecrist> is the NAS the only system on that network connected to the VPN?
10:27 <@ecrist> line 14, you misspelled client
10:42 <@krzee> and ipp may not do what you expect all the time
10:42 <@krzee> !ipp
10:42 <@vpnHelper> "ipp" is (#1) the option --ifconfig-pool-persist ipp.txt does NOT create static ips or (#2) Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, see !iporder and !static
10:53 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has joined #openvpn
11:02 -!- Telvana [~digits@cpe-104-231-85-200.neo.res.rr.com] has quit [Ping timeout: 246 seconds]
11:04 -!- Telvana [~digits@2605:a000:122d:c049:213:72ff:fefc:b034] has joined #openvpn
11:15 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:19 -!- maxiepax [max@locke.misse.org] has joined #openvpn
11:20 < maxiepax> i'm trying to run openvpn server as TUN on a windows 2012 R2. However when running openvpn --config server.ovpn i get a "TAP device not found".
11:20 < maxiepax> im not using TAP, is openvpn still dependant on it?
11:23 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
11:25 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 264 seconds]
11:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
11:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
11:36 <@Eugene> !tunortap
11:36 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
11:36 <@vpnHelper> rooted/jailbroken) support only tun
11:36 -!- foofoobar_ [~foofoobar@146.185.179.88] has joined #openvpn
11:36 <@Eugene> Under Windows, a single driver which identifies as TAP is used, but the device will run in either mode
11:37 < melt> and it does not seem to like it when u also have vmware workstation And virtualbox installd :)
11:37 <@Eugene> The "device not found" error means that an available(not in-use) TAP device could be found
11:37 <@Eugene> This is usually caused by having only 1 device and an existing session is using it, or having disabled it
11:37 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has quit [Ping timeout: 264 seconds]
11:37 <@Eugene> Works fine on my laptop with both installed & in-use
11:38 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
11:39 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
11:40 -!- foofoobar_ [~foofoobar@146.185.179.88] has quit [Ping timeout: 240 seconds]
11:40 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
11:40 < maxiepax> Eugene: okey, i reinstalled the tap-driver and it starts now, still can't connect to it though but that might be something else.
11:41 < maxiepax> was just confused that it was using the TAP drive even though i specified TUN.
11:41 <@krzee> yep now inspect your logs, they'll try to help you
11:44 <@Eugene> !factoids
11:44 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
11:45 -!- hennos [~midas8@167.160.44.194] has joined #openvpn
11:46 <@Eugene> !learn wintap as Windows uses a combined TUN/TAP driver, so the same device is used in both modes
11:46 <@vpnHelper> Error: You don't have the factoids.learn capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
11:46 <@Eugene> Sigh.
11:46 <@krzee> !learn wintap as Windows uses a combined TUN/TAP driver, so the same device is used in both modes
11:46 <@vpnHelper> Joo got it.
11:46 <@krzee> !forget wintap
11:46 <@vpnHelper> Joo got it.
11:47 <@krzee> !learn wintap as Windows uses a combined TUN/TAP driver, so the same "tap" device is used in both modes
11:47 <@vpnHelper> Joo got it.
11:53 <@krzee> !forget wintap
11:53 <@vpnHelper> Joo got it.
11:53 <@krzee> !learn wintap as Windows uses a combined TUN/TAP driver, so the same "TAP-Win32 device" is used in both modes
11:53 <@vpnHelper> Joo got it.
11:54 <@krzee> grr windows nomenclature
11:54 <@krzee> !forget wintap
11:54 <@vpnHelper> Joo got it.
11:54 <@krzee> !learn wintap as Windows uses a combined TUN/TAP driver, so the same "TAP-Win32 adapter" is used in both modes
11:54 <@vpnHelper> Joo got it.
11:54 <@krzee> *done*
11:59 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 240 seconds]
11:59 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
12:09 <@Eugene> Yay
12:12 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has joined #openvpn
12:12 < dyce> is there an easy to use webgui for the client? that handles the routes
12:12 < dyce> for a linux machine
12:15 <@krzee> webgui?
12:15 <@krzee> you might want:
12:15 <@krzee> !as
12:15 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
12:15 <@krzee> the openvpn we support here has no web gui
12:16 <@krzee> AS comes with an easy to use web gui
12:16 <@krzee> and pro support
12:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:18 -!- hennos [~midas8@167.160.44.194] has quit [Quit: Leaving]
12:24 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:29 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:30 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
12:30 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has quit [Quit: foofoobar]
12:33 < maxiepax> i've specified "server 10.90.0.0 255.255.255.0" in my config file, client recieves 10.9.0.0.5, however the server "TAP" device shows 10.8.0.1. I can't find any other configuration option that would do this, anyone know why this happens?
12:35 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
12:36 <@ecrist> !configs
12:36 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
12:37 <@ecrist> please post your configs, maxiepax 
12:37 <@krzee> !/30
12:37 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
12:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:37 < dyce> krzee: im actually just looking for something like the windows gui but in a webgui for linux
12:37 < dyce> for the client
12:38 <@krzee> dyce, nothing exists
12:38 <@krzee> theres not even a decent non web gui for linux clients
12:38 < dyce> krzee: https://www.acevpn.com/acevpn/kb/tomato/VPNTunneling-Client-Advanced-Step3.png the only thing i know of is the tomato router
12:38 <@krzee> in linux you can use cli or cli, or netman which will make you realize you wanted cli
12:39 <@krzee> dyce, openwrt and ddwrt have their own guis too
12:39 <@krzee> ive never seen it tho, i remove the web gui from my installations
12:40 < dyce> krzee: so the best thing to do is create a script? i know openvpn windows automatically setups the routes for you
12:41 <@krzee> what routes? openvpn can add the routes for you, you dont need a gui for that
12:41 <@krzee> nor a script
12:43 -!- fling [~fling@fsf/member/fling] has quit [Read error: Connection reset by peer]
12:44 -!- fling [~fling@fsf/member/fling] has joined #openvpn
12:44 < maxiepax> Wintendo really is a legacy os :( nothing works!
12:45 < dyce> oh okay, wasn't aware of that
12:45 <@krzee> maxiepax, you dont have an ip set manually on the tap device, right? you going to show ecrist your configs?
12:47 <@ecrist> just like OP, maxiepax never delivers...
12:47 -!- apollo2k [~aPollO@unaffiliated/apollo2k] has quit [Remote host closed the connection]
12:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:50 -!- hennos [~midas8@167.160.44.194] has joined #openvpn
12:50 -!- Silverswan [~flynpix@unaffiliated/silverswan] has joined #openvpn
12:50 < Silverswan> hello
12:51 < Silverswan> I losted my admin credentials of my openvpn AS
12:51 < Silverswan> does anyone know how can I recover it from shell?
12:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:52 <@krzee> !as
12:52 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
12:58 -!- Silverswan [~flynpix@unaffiliated/silverswan] has quit [Ping timeout: 240 seconds]
12:59 < grubles> any idea why my dns craps out after a few minutes?
12:59 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 264 seconds]
13:01 <@krzee> dhcp sets it back?
13:02 <@krzee> dns gremlins eat it?
13:02 < grubles> possibly
13:02 < grubles> my openvpn server pushes dns servers to my client correctly
13:02 < grubles> and everything works well
13:03 < grubles> but after a while, if i am browsing, dns stops working
13:03 < grubles> although i can ping my dns servers fine
13:06 <@krzee> look at the resolv.conf
13:06 <@krzee> did it change back?
13:06 < grubles> yes
13:08 < grubles> hm so the question is: why is this happening
13:09 <@krzee> its not openvpn, see what you run that changes dns
13:09 <@krzee> (probably dhcp)
13:09 < grubles> dhclient?
13:10 <@krzee> from dhclient man page, By default, the DHCP client will do the DNS update.
13:10 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:10 -!- mode/#openvpn [+o mattock_] by ChanServ
13:11 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
13:16 < grubles> ok so i just need to figure out how to get dhclient to not set the dns back
13:22 <@krzee> !google dhclient not change resolv.conf
13:22 <@vpnHelper> How To: Make Sure /etc/resolv.conf Never Get Updated By DHCP ...: <http://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/>; dns - Regenerate resolv.conf from dhclient.conf without releasing ...: <http://askubuntu.com/questions/283370/regenerate-resolv-conf-from-dhclient-conf-without-releasing-renewing-ip>; dhcp - How to edit /etc/resolv.conf on Ubuntu 12.04 - Ask Ubuntu:
13:22 <@vpnHelper> <http://askubuntu.com/questions/239169/how-to-edit-etc-resolv-conf-on-ubuntu-12-04>
13:23 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
13:23 <@krzee> note, theres probably a better way, ask your distros help channel
13:23 < grubles> ill look at those links. thanks.
13:23 <@krzee> yw
13:24 < eelstrebor> how does one determine if their clients are actually routed thru the vpn tunnel? i've found config settings that are suppose to force clients thru a tunnel but how does one confirm?
13:25 <@krzee> tcpdump / wireshark
13:25 <@krzee> a firewall could also make sure accidents are unable to happen if desired...
13:27 < eelstrebor> is there a vpn monitor to alert the user/sysadmin that the tunnel is working?
13:27 < eelstrebor> (or not working)
13:28 <@krzee> no
13:28 <@krzee> well, i mean there are plenty of network monitors
13:28 <@krzee> but openvpn did not create one, lol
13:28 <@krzee> maybe you want zabbix
13:29 < eelstrebor> well, i'm gonna have to shut down my router openvpn server - just too many problems
13:29 <@krzee> cool
13:30 < eelstrebor> the linux clients keep disconnecting and stay disconnected until i go in and restart the client
13:30 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Remote host closed the connection]
13:31 < eelstrebor> i wish i could use the appropriate language to describe my frustration
13:31 <@krzee> is that the dd-wrt router i was talking about yesterday? i dont remember
13:32 < eelstrebor> the odd thing is that my android phone stays connected - i don't see any diff in the configs
13:32 < eelstrebor> yes
13:32 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
13:33 <@krzee> but you dont have that issue when running it on the ubuntu server in the lan?
13:34 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:34 -!- mode/#openvpn [+o mattock_] by ChanServ
13:37 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
13:37 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
13:38 < foofoobar> plai, ecrist: so I got it running now.
13:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:38 < foofoobar> I did not take the route way, I just set up a simple dnsmasq and added my NAS as a static lease
13:39 < foofoobar> and voila, I can access the NAS from my WLAn and as a „road warrior“ with the same name now :)
13:39 < foofoobar> setting up the dnsmasq was simple
13:43 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
13:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
13:48 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
13:49 <@krzee> yep
13:49 <@krzee> !splitdns
13:49 <@vpnHelper> "splitdns" is (#1) see http://www.thekelleys.org.uk/dnsmasq/doc.html for dnsmasq, which will let you do split-dns setups or (#2) "dnsmasq" is http://rob0.nodns4.us/dnsmasq.html for a writeup on how to handle DNS for lans shared with !route
13:54 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
14:03 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Read error: Connection reset by peer]
14:05 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has joined #openvpn
14:09 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
14:09 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
14:09 -!- mode/#openvpn [+o mattock_] by ChanServ
14:14 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:15 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
14:30 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has left #openvpn []
14:32 -!- Malsasa [~Malsasa@120.164.40.234] has joined #openvpn
14:42 -!- Malsasa [~Malsasa@120.164.40.234] has quit [Remote host closed the connection]
14:53 -!- edux [~edux@181.171.235.188] has joined #openvpn
14:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:55 < edux> Hi, I have an user, with this error 'Unexpected error: JSONDialog: Error running jsondialog, status=(5, [],['task_for_pid(): 0x5') any suggestion?
14:55 < edux> latest stable openvpn server
14:55 < edux> running on ubuntu, and client on OSX
14:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
15:08 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
15:09 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
15:16 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Quit: IRC for Sailfish 0.9]
15:35 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:41 <@krzie> edux: sounds like you must be using access-server
15:49 <@krzie> !as
15:49 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
16:01 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
16:02 < edux> thanks krzie
16:02 -!- edux [~edux@181.171.235.188] has left #openvpn ["Leaving..."]
16:08 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has joined #openvpn
16:11 <@krzie> yw
16:12 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
16:12 -!- Neighbour [~neighbour@84-245-42-111.dsl.cambrium.nl] has quit [Ping timeout: 272 seconds]
16:12 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
16:15 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 272 seconds]
16:27 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:35 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:47 -!- knoebber [~nicolas@sheets.grinnell.edu] has joined #openvpn
16:47 < knoebber> !welcome
16:47 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:47 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:47 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has joined #openvpn
16:48 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has quit [Client Quit]
16:49 < knoebber> Hi, I've recently setup a vpn on a linux mint machine that I would like to use a server. However, I can no longer SSH to this computer. I've done a bit of research it on this problem, but I couldn't find anything very useful. Would anyone be willing to help me?
16:52 < knoebber> !configs
16:52 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
16:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:53 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has joined #openvpn
16:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:59 <@krzie> knoebber:
16:59 <@krzie> lets see if i understand your problem
16:59 <@krzie> you used to be able to ssh to a server, but you started running an openvpn client on it with --redirect-gateway and now you cannot ssh to the computer from the internet... is that right?
17:03 < knoebber> The open vpn client is running through the gui, so I'm not sure what options it has. But yes, I can no longer ssh to the computer running the vpn from the internet using the ip the vpn gives me
17:03 < knoebber> ssh works fine when the VPN is off though.
17:09 <@krzie> !splitroute
17:09 <@vpnHelper> "splitroute" is (#1) https://forums.openvpn.net/topic7175.html to see how to add a second routing table so you can use --redirect-gateway AND still serve things to the internet or (#2) see !route_override for how to override --redirect-gateway for a certain subnet
17:09 <@krzie> there you go =]
17:10 < knoebber> cool ill try to figure that out. thanks!
17:16 <@krzie> if you're in linux the link from #1 will take you through it
17:17 <@krzie> specifically the second post, https://forums.openvpn.net/topic7175.html#p8056
17:17 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN with redirect-gateway renders public ip inaccessable : Configuration (at forums.openvpn.net)
17:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
17:23 < knoebber> Sorry I'm a bit of noob at networking, can you explain what the two ip addresses are? One of them should be my computers local ip, and the other should be the ip that my vpn gives me, but I'm not sure which is which. (refering to the second post)
17:25 < grubles> knoebber: https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces
17:25 <@vpnHelper> Title: Private network - Wikipedia, the free encyclopedia (at en.wikipedia.org)
17:26 < grubles> the ip the vpn gives you is a reserved private ip
17:29 -!- knoebber [~nicolas@sheets.grinnell.edu] has quit [Ping timeout: 244 seconds]
17:37 <@krzie> knoebber: why dont you read the third post where its explained
17:37 <@krzie> lol
17:38 <@krzie> grubles: he was referring to the ip rule commands in !splitroute
18:01 -!- zamber [~zamber@dynamic-78-8-241-227.ssp.dialog.net.pl] has quit [Ping timeout: 240 seconds]
18:03 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
18:12 -!- zamber [~zamber@dynamic-78-8-244-48.ssp.dialog.net.pl] has joined #openvpn
18:12 < tekzilla> hi, trying to figure out the correct MTU settings for an UDP server, if i set _link-mtu_ to the internet MTU between client/server, does that set the right _tun-mtu_ on the tunnel interface to prevent fragmentation ?
18:15 <@krzie> im not ignoring you, i just dont have answers for mtu related questions
18:16 <@krzie> id say you can test it pretty easily tho
18:16 < tekzilla> thank you, no problem
18:37 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
19:12 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
19:13 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Client Quit]
19:14 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
19:31 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has quit [Ping timeout: 246 seconds]
19:42 -!- SGold [~Stan@cpe-172-72-132-41.carolina.res.rr.com] has joined #openvpn
19:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
20:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
20:15 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:16 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
20:23 -!- mode/#openvpn [+o mattock1] by ChanServ
20:29 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:39 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
20:44 < tekzilla> ok, the WAN MTU minus 28 byte for UDP/IP header seems to be the right setting for --link-mtu
20:44 < tekzilla> for a udp server
20:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:52 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has joined #openvpn
20:54 < tekzilla> now that i read the description for --mssfix again, its mentioned there: "The max parameter is interpreted in the same way as the --link-mtu parameter, i.e. the UDP packet size after encapsulation overhead has been added in, but not including the UDP header itself."
20:55 < tekzilla> but its not mentioned for --link-mtu itself and kind of counterintuitive, maybe the docs should be updated there
20:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:04 <@krzie> to submit that for update:
21:04 <@krzie> !trac
21:04 <@vpnHelper> "trac" is (#1) see https://community.openvpn.net for development information and bug tracker. or (#2) if you have a forum login, use that for trac, its the same database.
21:04 <@krzie> documentation is a valid section for bugs
21:04 <@krzie> the documentation is huge, submit the issue with your solution for the fix and if the devs agree it'll find its way in =]
21:43 -!- joel1nux [~jlcarnes@ip68-111-11-59.sb.sd.cox.net] has joined #openvpn
21:44 < joel1nux> Quick question...I'm trying to generate keys for openVPN on my system behind a firewall.  I'm at the point where I'm generating the keys, but the config file is asking me for a common name, organizational unit, etc.  It's just the one computer, and I don't have any web services or resolution behind it...what do I do?
21:45 <@Eugene> Common Name should be the hostname of the machine
21:45 <@Eugene> You can leave the rest blank, they're not used for anything
21:46 < joel1nux> export KEY_NAME=changeme
21:46 < joel1nux> that can remain, or should get taken out?
21:46 < joel1nux> does it require KEY_EMAIL?
21:46 < joel1nux> KEY_OU?
21:46 <@Eugene> God, I have no idea. It's been ages since I've looked at those scripts
22:07 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
22:09 -!- hennos [~midas8@167.160.44.194] has quit [Quit: Leaving]
22:18 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 240 seconds]
22:21 < tekzilla> the manpage is huge indeed, i will submit that
22:24 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
22:41 -!- SGold [~Stan@cpe-172-72-132-41.carolina.res.rr.com] has quit [Quit: Leaving]
22:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
22:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
22:58 -!- krzie [ba95f387@openvpn/community/support/krzee] has quit [Ping timeout: 246 seconds]
23:00 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
23:00 < ljvb> freaking hell I have windows 8
23:00 < ljvb> any particular trick to get it to load routes
23:04 < ljvb> wierd.. shit just started working.. nm
23:04 -!- nix8n82 [~AndChat56@2601:283:8201:d495:3126:38d6:a9ba:b8ab] has joined #openvpn
23:16 -!- james41382_ is now known as james41382
23:24 -!- ShadniX [dagger@p579417F1.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:26 -!- ShadniX [dagger@p579416F5.dip0.t-ipconnect.de] has joined #openvpn
23:58 -!- nix8n82 [~AndChat56@2601:283:8201:d495:3126:38d6:a9ba:b8ab] has quit [Ping timeout: 246 seconds]
23:59 -!- hays [~quassel@unaffiliated/hays] has quit [Read error: Connection reset by peer]
23:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
--- Day changed Tue Oct 06 2015
00:03 -!- u0m3_ [~u0m3@92.80.92.123] has joined #openvpn
00:04 -!- esde [~something@openvpn/user/esde] has quit [Ping timeout: 246 seconds]
00:04 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
00:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:05 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
00:05 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 252 seconds]
00:05 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 265 seconds]
00:05 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Ping timeout: 252 seconds]
00:05 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
00:05 -!- avril [~L@I.thought.this.was.dalnet.ca] has quit [Ping timeout: 246 seconds]
00:06 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 240 seconds]
00:06 -!- u0m3 [~u0m3@92.80.92.123] has quit [Ping timeout: 255 seconds]
00:06 -!- krthnz [~krthnz@unaffiliated/krthnz] has quit [Ping timeout: 255 seconds]
00:06 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
00:07 -!- madmattco [~quassel@znc.madboxes.cc] has quit [Ping timeout: 240 seconds]
00:07 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
00:08 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
00:08 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
00:09 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
00:10 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
00:11 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
00:11 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
00:11 -!- dEPy [~dEPy@199.48.245.220] has joined #openvpn
00:11 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
00:11 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
00:12 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
00:12 -!- esde [~something@openvpn/user/esde] has joined #openvpn
00:13 -!- mode/#openvpn [+v esde] by ChanServ
00:13 -!- madmattco [~quassel@znc.madboxes.cc] has joined #openvpn
00:15 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 272 seconds]
00:24 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:30 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
00:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
00:35 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
00:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
00:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
01:04 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
01:11 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:13 -!- joel1nux [~jlcarnes@ip68-111-11-59.sb.sd.cox.net] has quit [Quit: Leaving]
01:15 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
01:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:31 < ValdikSS> Hi guys! Did anyone test OpenVPN Connect on iOS 9 yet?
01:33 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
01:40 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
01:41 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
01:55 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
01:58 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 240 seconds]
01:59 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
02:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
02:10 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 240 seconds]
02:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
02:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
02:40 -!- hojgaard [~hojgaard@78.156.117.236] has quit [Quit: Leaving]
02:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:03 -!- dEPy [~dEPy@199.48.245.220] has quit [Quit: (null)]
03:10 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 246 seconds]
03:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:23 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
03:25 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
03:29 -!- foofoobar [~foofoobar@146.185.179.88] has joined #openvpn
03:31 < foofoobar> Hi. So there is a DNS entry for „henry.localdomain“ from the DNS my clients are using. I want the host to be accessible from just the name „henry“ now. I tried push „dhcp-option DOMAIN localdomain“, but this does not change anything. What else do I need to do ?
03:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
04:18 -!- krthnz [~krthnz@unaffiliated/krthnz] has joined #openvpn
04:23 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:32 -!- novaflash is now known as novaflash_away
04:34 < maxiepax> I've added "route 192.168.73.0 255.255.255.0" to my server.ovpn file, trying to add the route so that i can add the netwokr being NAT'ed behind "client1", it adds the gateway as 10.8.0.2, instead of 10.8.0.6, is this how it's supposed to work?
04:36 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:38 -!- nrtga [~max@CPE-124-182-234-248.lns4.way.bigpond.net.au] has joined #openvpn
04:39 -!- nrtga [~max@CPE-124-182-234-248.lns4.way.bigpond.net.au] has quit [Max SendQ exceeded]
04:40 -!- nrtga [~max@CPE-124-182-234-248.lns4.way.bigpond.net.au] has joined #openvpn
04:40 -!- nrtga [~max@CPE-124-182-234-248.lns4.way.bigpond.net.au] has quit [Max SendQ exceeded]
04:44 < ValdikSS> https://community.openvpn.net/openvpn/ticket/614
04:45 <@vpnHelper> Title: #614 (Connect on iOS 9: IPv4 routing doesn't work with dual-stack) – OpenVPN Community (at community.openvpn.net)
04:48 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
04:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:54 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
05:12 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
05:33 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:42 -!- foofoobar [~foofoobar@146.185.179.88] has quit [Ping timeout: 250 seconds]
05:42 -!- foofoobar_ [~foofoobar@88.128.81.142] has joined #openvpn
05:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
05:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
06:02 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:07 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
06:16 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
06:21 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 240 seconds]
06:31 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
06:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
07:08 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
07:14 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
07:17 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:21 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
07:22 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
07:28 -!- alec-b [~alec@bl20-88-136.dsl.telepac.pt] has joined #openvpn
07:37 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 244 seconds]
07:43 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
07:44 -!- foofoobar [~foofoobar@146.185.179.88] has joined #openvpn
07:46 -!- foofoobar_ [~foofoobar@88.128.81.142] has quit [Ping timeout: 252 seconds]
07:47 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:52 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
08:08 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
08:11 -!- GreatSage [~vishera@95.85.20.11] has joined #openvpn
08:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
08:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
08:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:24 <@krzee> !pptp
08:24 <@vpnHelper> "pptp" is (#1) PPTP is known to be a faulty protocol. The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks. Lots of people use PPTP anyway due to ease of use, but that doesn't mean it is any less hazardous. The maintainers of PPTP Client and Poptop recommend using OpenVPN (SSL based) or IPSec instead. http://pptpclient.sourceforge.net/protocol-security.phtml to
08:24 <@vpnHelper> read about why to not use pptp or (#2) Why not to use it: http://en.wikipedia.org/wiki/Pptp#Security or (#3) https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
08:32 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:32 <@krzee> !certinfo
08:32 <@vpnHelper> "certinfo" is run `openssl x509 -in <file> -noout -text` for info from your cert file
08:32 < skyroveRR> Useful.
08:33 <@krzee> yep
08:35 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:41 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
08:45 -!- foofoobar_ [~foofoobar@88.128.81.142] has joined #openvpn
08:45 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:47 -!- foofoobar [~foofoobar@146.185.179.88] has quit [Ping timeout: 264 seconds]
08:47 -!- foofoobar_ is now known as foofoobar
08:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:55 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
08:57 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
08:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:13 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
09:15 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
09:16 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:17 < DArqueBishop> ValdikSS, I have OpenVPN Connect on my iPhone 6 running iOS 9, and it works perfectly.
09:17 < ValdikSS> DArqueBishop: do you have IPv6 configured?
09:18 < DArqueBishop> ValdikSS, my router suppoers IPv6 but I never use it, so I'm going to hazard and say no. I also don't use redirect-gateway, so after reading that link (which I should have done in the first place), I'm also going to presume that my answer doesn't help you.
09:19 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:19 < ValdikSS> DArqueBishop: This problem occurs only with IPv6 inside the tunnel I believe.
09:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:19 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Remote host closed the connection]
09:20 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:20  * DArqueBishop nods.
09:24 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
09:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:26 <@krzee> wow it seems its not very easy to find good vpn providers
09:27 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:31 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:38 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
09:39 -!- alec-b [~alec@bl20-88-136.dsl.telepac.pt] has quit [Ping timeout: 250 seconds]
09:39 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:39 -!- alec-b [~alec@bl20-78-172.dsl.telepac.pt] has joined #openvpn
09:40 -!- Zzyzx_ is now known as Zzyzx
09:41 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:42 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
09:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 255 seconds]
09:49 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:51 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
09:51 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:57 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
09:57 -!- foofoobar [~foofoobar@88.128.81.142] has quit [Quit: foofoobar]
09:58 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:12 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
10:18 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
10:18 -!- mode/#openvpn [+o pekster] by ChanServ
10:18 <@krzee> !pwsave
10:19 <@krzee> !ping
10:19 <@vpnHelper> pong
10:19 <@krzee> !factoids search password
10:19 <@vpnHelper> 'password' and 'password-only'
10:19 <@krzee> !factoids search file
10:19 <@vpnHelper> 'logfile' and 'pwfile'
10:19 <@krzee> !pwfile
10:19 <@vpnHelper> "pwfile" is (#1) OpenVPN will only read passwords from a file if it has been built with the --enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in config-win32.h or (#2) see --auth-user-pass in the manual (!man) for more info or (#3) if you're using this with the windows service, you will need --askpass
10:23 -!- hennos [~midas8@167.160.44.194] has joined #openvpn
10:32 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
10:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:35 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
10:35 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:36 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:43 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:47 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
10:48 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
10:54 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:11 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
11:20 -!- nix8n82 [~AndChat56@2601:283:8201:d495:3126:38d6:a9ba:b8ab] has joined #openvpn
11:30 -!- nix8n82 [~AndChat56@2601:283:8201:d495:3126:38d6:a9ba:b8ab] has quit [Ping timeout: 246 seconds]
11:45 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:51 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
11:52 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Remote host closed the connection]
11:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:09 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
12:12 -!- manglav [6c58d5b2@gateway/web/freenode/ip.108.88.213.178] has joined #openvpn
12:12 < manglav> !welcome
12:12 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:12 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:13 < manglav> !howto
12:13 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
12:13 <@krzee> and dont forget:
12:13 <@krzee> !goal
12:13 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
12:13 < manglav> thanks krzee
12:13 <@krzee> np
12:17 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
12:17 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has joined #openvpn
12:17 < manglav> Hi Everyone. Here is my goal.  I would like to a fleet of computers, on different, distributed internet connections, to be able to accessed by a server (ssh).  My thinking is, either I "phone home" to an application server upon a client startup, and use a reverse ssh tunnel, or I set up a VPN. I believe a VPN is a more maintainable solution in the long run. I want all "clients" (computers on distributed network) to be able to acces
12:18 < manglav> (the application server). For security purposes, the clients should not be able to talk to each other.
12:19 <@krzee> sounds pretty standard
12:19 < manglav> I've gone through the configuration and wiki's, and I would be happy to pay someone to do this for me. I found an article http://backreference.org/2010/06/18/openvpns-built-in-packet-filter/ that explains what I want to do
12:20 <@krzee> you prefer to pay or read?
12:20 < manglav> I prefer to pay
12:20 < manglav> I don't mind reading, but my mind is getting a little overloaded with tuns and taps
12:20 < manglav> networking has always been a little confusing for me
12:20 <@krzee> whats the job offer? im pretty busy with $work but ill entertain ideas, and Eugene will probably do it for a beer
12:20 <@krzee> :D
12:20 < manglav> hah
12:21 <@krzee> !beer
12:21 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
12:21 < manglav> I mean, I can pay hourly? Not sure what market rate is
12:21 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has quit [Quit: foofoobar]
12:21 < manglav> I'm assuming around $50/hr?
12:22 <@krzee> are you looking for somebody to impliment it into the clients or simply give you working configs / scripts for adding firewall stuff
12:22 < manglav> I'm looking for the configs / scripts
12:22 < manglav> I can implement myself
12:22 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
12:22 < manglav> I have a openvpn server running on digital ocean right now
12:23 < manglav> and my app server will be running on heroku
12:23 <@krzee> digital ocean?
12:23 -!- shiriru [~shiriru@77.85.251.196] has quit [Client Quit]
12:23 < manglav> yeah
12:23 < manglav> a VPS
12:23 <@krzee> ahh i see
12:23 < manglav> https://www.digitalocean.com/
12:23 <@vpnHelper> Title: Simple Cloud Infrastructure for Developers | DigitalOcean (at www.digitalocean.com)
12:23 -!- shio [marmottin@126.121.101.84.rev.sfr.net] has quit [Ping timeout: 246 seconds]
12:23 < manglav> they're nice, 5$/month for ssd vps
12:24 <@krzee> its already able to run openvpn, right?
12:24 <@krzee> like you already have an openvpn process running
12:24 <@Eugene> They're using KVM, should work fine
12:24 < manglav> yes
12:24 <@krzee> werd
12:24 <@krzee> good afternoon Eugene
12:24 < manglav> I can use it right now, in a basic capacity
12:24 <@Eugene> I'm in a meeting :-/
12:24 -!- toli [~toli@ip-83-134-71-225.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
12:24 <@krzee> doh, bad afternoon!
12:25 <@Eugene> Eh, boss usually buys lunch+beer
12:25 <@krzee> nice good $boss
12:26 <@krzee> spikes in productivity are seen on beer day at eugenes office
12:27 < manglav> just don't cross ballmer's peak
12:28 <@krzee> nice
12:29 -!- shio [~shio@2.121.101.84.rev.sfr.net] has joined #openvpn
12:35 <@Eugene> We don't have an office \o/
12:36 <@krzee> oh thats dope
12:36 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has joined #openvpn
12:37 -!- AlmogBaku [~AlmogBaku@bzq-79-178-15-194.red.bezeqint.net] has quit [Client Quit]
12:38 -!- toli [~toli@ip-62-235-240-216.dsl.scarlet.be] has joined #openvpn
12:39 < manglav> eugene / krzee either of you interested in the job? Hopefully it shouldn't take too long
12:39 <@Eugene> I couldn't be bothered today
12:40 <@krzee> im interested once i finish other stuff im working on
12:40 <@krzee> im building a vpnchain through europe lol
12:40 < manglav> cool, np eugene
12:40 < manglav> krzee, mind if I pm you?
12:40 <@krzee> np
12:40 <@krzee> go for it
12:43 < manglav> krzee, let me know if you didn't get my PM, not sure if it worked
12:45 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has joined #openvpn
12:45 -!- foofoobar [~foofoobar@aftr-37-201-193-195.unity-media.net] has quit [Client Quit]
12:46 -!- nix8n82 [~AndChat56@2601:283:8201:d495:3126:38d6:a9ba:b8ab] has joined #openvpn
12:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
13:15 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:29 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
13:29 -!- nix8n82 [~AndChat56@2601:283:8201:d495:3126:38d6:a9ba:b8ab] has quit [Ping timeout: 246 seconds]
13:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:43 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
13:47 -!- fling [~fling@fsf/member/fling] has quit [Read error: Connection reset by peer]
13:48 -!- fling [~fling@fsf/member/fling] has joined #openvpn
14:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:11 < dyce> manglav: i was going to do something like this
14:11 -!- guzzles [4b921295@gateway/web/freenode/ip.75.146.18.149] has joined #openvpn
14:11 < guzzles> !welcome
14:11 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:11 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:13 < dyce> only using ssh though, because i dont understand networking that much, just port forwarding
14:13 -!- manglav [6c58d5b2@gateway/web/freenode/ip.108.88.213.178] has quit [Ping timeout: 246 seconds]
14:20 < guzzles> !paste
14:20 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
14:20 -!- Telvana [~digits@2605:a000:122d:c049:213:72ff:fefc:b034] has quit [Ping timeout: 246 seconds]
14:22 -!- Telvana [~digits@2605:a000:122d:c049:213:72ff:fefc:b034] has joined #openvpn
14:24 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
14:28 -!- shio [~shio@2.121.101.84.rev.sfr.net] has quit [Ping timeout: 250 seconds]
14:30 < guzzles> hello all, I'm having what I think is bad performance with an openvpn server. the prod server can do about 2-3MByte/s over the internet, which is about 1/5 what I can get over SSH
14:31 < guzzles> I set up a test rig in virtualbox, client ----[virtio]--->server---[virtio]--->webserver
14:31 < guzzles> and I can get about 23MByte/s over the VPN, about 55MByte/s over SSH, and about 130MByte/s unencrypted from the webserver to the vpn server
14:32 < guzzles> do those numbers sound reasonable to you all?
14:34 -!- shio [marmottin@84.101.121.2] has joined #openvpn
14:45 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
14:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
14:58 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-103-109.w86-195.abo.wanadoo.fr] has joined #openvpn
15:07 < guzzles> fwiw, I'm seeing 30MByte/s in openvpn with cipher none, auth none.
15:09 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
15:10 < guzzles> Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz (VMs only have one CPU each)
15:12 < dyce> guzzles: did you try baremetal without virtualbox?
15:17 < guzzles> Not easily
15:18 -!- toli [~toli@ip-62-235-240-216.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
15:19 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 256 seconds]
15:19 < guzzles> I can't on this hardware, basically.
15:20 < dyce> can you install docker?
15:20 < dyce> that would take out any virtualization overhead
15:21 < guzzles> Shouldn't the VM overhead be present in all three test conditions, though? (OpenVPN, openssh, and cleartext)
15:22 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
15:23 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
15:24 < dyce> guzzles: it may just be openvpn, check out this @ 1.3 https://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#1.3
15:24 <@vpnHelper> Title: 1. Ultimate Powerful VPN Connectivity - SoftEther VPN Project (at www.softether.org)
15:25 < dyce> i have been using it with openvpn
15:25 < dyce> but maybe try their client, it claims to be faster
15:25 < dyce> guzzles:
15:25 < guzzles> hmmmm
15:27 < guzzles> Okay.
15:31 < tekzilla> guzzles: good idea testing without encryption, so it can't be the CPU presumably
15:35 < tekzilla> openvpn by default has a setting called 'mssfix' to limit the size of TCP packets going over the tunnel (and when MTU discovery doesnt work between sender and VPN gateway), its set at 1450 to accomodate for most internet links
15:35 < tekzilla> you might try setting that to 0 and setting link_mtu to the smallest MTU in the path minus 28 byte for UDP/IP header for the encapsulation
15:36 < guzzles> I played with that a little bit
15:36 < guzzles> https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux   <-- is this relevant anymore?
15:36 <@vpnHelper> Title: Gigabit_Networks_Linux – OpenVPN Community (at community.openvpn.net)
15:36 < tekzilla> that then automatically subtracts the overhead of the current config and sets an MTU for the tunnel interface, so that there is no fragmentation
15:36 < guzzles> and does the mtu-test thing work?
15:37 < tekzilla> but it shouldn't be that much of a gain, full gigabit is possible with a 1500 MTU in my experience
15:39 < guzzles> okay
15:39 -!- peder [~peder@rubin.ifi.uio.no] has quit [Ping timeout: 264 seconds]
15:39 < guzzles> also, I should mention that AFAICT, AES-NI is not exposed in the VM
15:40 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
15:40 < tekzilla> mh it says there most of the performance gain is in having larger packets to encrypt, but in your case without encryption, i guess it would not make much difference for the test case..
15:40 < guzzles> (but the physical server is too old to support it anyway)
15:40 < guzzles> and yeah, that too ;-)
15:41 -!- toli [~toli@62.235.7.249] has joined #openvpn
15:42 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Ping timeout: 240 seconds]
15:42 < guzzles> my reading of that document is that by setting the tun-mtu to something very large and disabing mssfix and fragment, we cause OpenVPN to use the IP layer fragmentation, so we encrypt in larger blocks, correct?
15:42 < tekzilla> yes
15:43 < guzzles> ok
15:43 < tekzilla> and in the case of TCP there should be no fragmentation because it should adjust to the tunnel interface MTU
15:44 < guzzles> okay, for completeness let me try cleartext with those settings
15:45 < tekzilla> if thats set low enough so that after openvpn has encrypted/repackaged the data, it can still pass through to the destination withoput being fragmented
15:46 < guzzles> https://gist.github.com/guzzlinden/e6574cadb0685f711d8b
15:46 <@vpnHelper> Title: openvpn confs · GitHub (at gist.github.com)
15:46 -!- Netsplit *.net <-> *.split quits: ghoti, jareth_, jzaw, xMopxShell, eliasp, angular_mike_, xeon-enouf, Haseo, @Eugene, ValdikSS,  (+16 more, use /NETSPLIT to show all of them)
15:46 -!- Brando753-o_O_o [~Brando753@unaffiliated/brando753] has joined #openvpn
15:46 < guzzles> (and let's assume that I have the class C routing stuff correct ;-)
15:46 < mete> [22:37:07] <guzzles> also, I should mention that AFAICT, AES-NI is not exposed in the VM <-- depends on virtualization used ;)
15:47 < guzzles> ehhh... VirtualBox + OS X host... cat /proc/cpuinfo in the guest makes no mention of aes
15:47 -!- Netsplit over, joins: ghoti
15:47 < guzzles> so I'm guessing not
15:47 < mete> yep
15:47 < mete> I know that aes-ni is working fine under vsphere / esxi
15:48 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 256 seconds]
15:48 -!- Brando753-o_O_o is now known as Brando753
15:49 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:49 -!- u0m3_ [~u0m3@92.80.92.123] has joined #openvpn
15:49 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
15:49 -!- maxiepax [max@locke.misse.org] has joined #openvpn
15:49 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
15:49 -!- riddle [riddle@us.yunix.net] has joined #openvpn
15:49 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
15:49 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
15:49 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
15:49 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
15:49 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
15:49 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
15:49 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has joined #openvpn
15:49 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
15:49 -!- fred`` [fred@earthli.ng] has joined #openvpn
15:49 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
15:49 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
15:49 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
15:49 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
15:49 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
15:49 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
15:49 -!- P4k3 [~P4k3@hydrogen.frostis.se] has joined #openvpn
15:49 -!- ServerMode/#openvpn [+oo syzzer Eugene] by orwell.freenode.net
15:49 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
15:49 < guzzles> so, tekzilla, I want to do tun-mtu 6000, mssfix 0, fragment 0?
15:49 < tekzilla> if you set mssfix to 0 and link_mtu to the LAN MTU of 1500-28 (UDP/IP encapsulation header) you should see a little improvement
15:49 < guzzles> ah nm
15:49 -!- MastaG [5655fe87@gateway/web/freenode/ip.86.85.254.135] has joined #openvpn
15:49 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Max SendQ exceeded]
15:49 -!- u0m3_ [~u0m3@92.80.92.123] has quit [Max SendQ exceeded]
15:49 < mete> It seems that the freenode servers haven't a premium peering xD always these netsplits :S
15:49 < tekzilla> yeah if all hosts have jumbo frames 6000 for tun_mtu shoudl work too
15:50 -!- u0m3_ [~u0m3@92.80.92.123] has joined #openvpn
15:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
15:50 < guzzles> yeah... they don't
15:50 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
15:50 < MastaG> I've just built OpenVPN 2.3.8 for mipsel platform to run as a client to a udp openvpn server
15:50 < tekzilla> when you set link_mtu, openvpn knows its overhead according to the config, and then calculates tun_mtu for the tunnel interface
15:51 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 264 seconds]
15:51 < MastaG> both server and client have: tun-mtu 1407, fragment 1407 and mssfix 1367 and the protocol is udp
15:51 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
15:52 < MastaG> I'm testing without any encryption (cipher none)
15:52 < MastaG> I'm getting max 512Kbyte/s
15:53 < MastaG> however when I change the settings to tun-mtu 48000, fragment 0, mssfix 0 I'll get like 2.5Mbyte/s
15:53 < mete> MastaG: how do you test?
15:53 < MastaG> it seems the load on the cpu is very high when the mtu size is low
15:53 < MastaG> I'm mounting a nfs share
15:54 < mete> try to test with a network only tool, like iperf
15:54 < mete> also keep in mind, that loss, jitter and latency depends the available bandwidth
15:54 < MastaG> ro,noatime,vers=3,rsize=1048576,wsize=1048576,async,soft,proto=tcp,intr
15:55 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
15:55 < MastaG> I'm on 500/500mbit fiber and I can easily hit 120mbit using iperf when setting up the client on my desktop
15:55 -!- arlen [~arlen@jarvis.arlen.io] has quit [Excess Flood]
15:55 < MastaG> the problem is the mipsel platform only features a single core 700MHz cpu
15:56 < MastaG> somehow the load is much higher on low mtu sizes
15:56 < mete> lower mtu = more packets
15:56 < MastaG> hmm I see
15:56 < mete> more packets = more overhead
15:57 < MastaG> If I set a mtu-size of 48000 I get the required speed, but many isp's have modems which will identify the tunnel as udp flood attack
15:57 < MastaG> thats why I need to lower it
15:57 -!- arlen_ [~arlen@jarvis.arlen.io] has joined #openvpn
15:57 < MastaG> would you happen to know some kernel tweaks for optimizing the load for small packets?
15:57 < mete> I'm not familiar with mipsel... so I can't give you a direct answer on that
15:58 < tekzilla> thats probably because of all the fragmentation of the openvpn packets itself
15:59 -!- nrtga [~max@CPE-124-182-234-248.lns4.way.bigpond.net.au] has joined #openvpn
15:59 < guzzles> so it looks like link-mtu 1472 gives a slight improvement, as expected
16:00 -!- nrtga [~max@CPE-124-182-234-248.lns4.way.bigpond.net.au] has quit [Max SendQ exceeded]
16:00 < guzzles> maybe 2-3%
16:01 < MastaG> well I need to stay below 1500 to not upset many modems here in the netherlands
16:01 < MastaG> I'd rather set it to 48000
16:01 < tekzilla> yeah it shouldnt have made a huge differenec..
16:02 < mete> MastaG: If you're behind a modem, you can use jumbo frames like 9000 and you modem should fragment them then bevore sending out
16:02 < tekzilla> MastaG: 1500 is probably the highest MTU you can get between source and destination
16:02 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-odhdbiydbihsqwdg] has joined #openvpn
16:03 < tekzilla> mh yeah thats a good idea if the router does jumbo frames
16:04 < mete> I'm out, good night all
16:04 < guzzles> thanks mete
16:04 < MastaG> well thats the thing, the mipsel client is basically a small media player serving HD movies, so it needs at least 2mbyte/s to achieve fluid playback.
16:04 < MastaG> night mete
16:05 < MastaG> the problem is that using a small mtu from below 1500 will choke the cpu
16:05 < mete> MastaG: put an alix in front of it for doing vpn... now I'm out
16:06 < guzzles> MastaG: have you tried setting the MTU slightly smaller? like 1400? if your MTU is just slightly too big, then you might be getting some stubby fragments and killing performance
16:06 < guzzles> (guess what just happened to me ;-)
16:06 < MastaG> guzzles: not yet I'll try that now!
16:07 -!- nrtga [~max@CPE-124-182-234-248.lns4.way.bigpond.net.au] has joined #openvpn
16:07 < guzzles> yeah, I had a MTU 28 bytes too big just now because I didn't read t-kzilla's comment thoroughly enough and took like a 30% nosedive
16:07 -!- nrtga [~max@CPE-124-182-234-248.lns4.way.bigpond.net.au] has quit [Max SendQ exceeded]
16:08 < MastaG> I simply cannot set it bigger than 1500 because I cannot predict what kind of isp/modem/router the customer will use.. I've seen too many modems/routers will start dropping udp packets when streaming HD movies using a mtu of 48000
16:08 < MastaG> so tun-mtu 1400, fragment 0, mssfix 0 ?
16:08 < dyce> any good resources for learning about routes, vpn, how routers work (routing lan ports to wan), etc. CCNA?
16:08 < guzzles> MastaG: worth a shot
16:09 < MastaG> yeah
16:10 < guzzles> my thinking is that if you're doing PPPoE or something weird, there may be additional overhead that you're not taking into account with tun-mtu=1500
16:11 -!- HardWall [~HardWall@2a02:2f0e:1c8:d000:e118:69b2:c205:f8e9] has joined #openvpn
16:11 < MastaG> yeah it's best to say below 1476
16:11 < guzzles> tekzilla: so what exactly is the difference between tun-mtu and link-mtu? I thought the tun-mtu set the maximum packet size inside the VPN
16:12 < guzzles> and then link-mtu was setting the max MTU to the other end of the physical link
16:13 < guzzles> so if I set tun-mtu=1472 then OpenVPN would expose a tun0 device with MTU=1472 and would generate UDP packets 1500-byte total size
16:14 -!- hennos [~midas8@167.160.44.194] has quit [Quit: Leaving]
16:17 < tekzilla> guzzles: yeah tun-mtu is for tun0, and link-mtu must be low enough so that tun-mtu + openvpn overhead + 28byte openvpn udp header fit through the ougoing physical interface
16:21 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
16:21 -!- HardWall [~HardWall@2a02:2f0e:1c8:d000:e118:69b2:c205:f8e9] has quit [Read error: Connection reset by peer]
16:22 < guzzles> ahhhhhh... so the link-mtu only includes the *payload* of the UDP packet generated
16:22 < guzzles> the UDP+IP header isn't there
16:22 < guzzles> that's what I was missing
16:22 < guzzles> thanks
16:22 < tekzilla> yeah, its a bit strange
16:23 < tekzilla> i was missing that too when reading the manual
16:23 < guzzles> yup yup
16:24 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:27 -!- manglav [6c58d5b2@gateway/web/freenode/ip.108.88.213.178] has joined #openvpn
16:29 < n-st> hi, i'm trying to set up a tun-based openvpn with the server at 10.14.0.1 and clients at 10.4.2.2 and 10.4.3.65. i've set `server 10.14.0.0 255.255.0.0` in the config, but the client on android refuses to connect with the error "Tun interface setup failed : tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30)". what am i missing?
16:29 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
16:30 < MastaG> well with just tun-mtu 1500 openvpn is eating 60% cpu
16:31 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
16:32 < guzzles> MastaG: try tun-mtu 1300 or 1400
16:32 < guzzles> I think 1500 is too big, there's extra stuff getting tacked on there
16:32 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Client Quit]
16:33 < guzzles> tekzilla: thanks for your help... I'm going to try to get openssh to run over a tun adapter (which it claims to be abe to do), to test a theory I have about tun adapters and context switching overhead
16:34 < MastaG> hmm 1300 seems to be an improvement over 1500
16:34 < guzzles> but it's just about quittin time here
16:34 < guzzles> MastaG, good luck
16:34 < MastaG> thanks alot guzzles
16:34 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
16:34 < MastaG> i just need to find the right spot
16:35 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:35 -!- guzzles [4b921295@gateway/web/freenode/ip.75.146.18.149] has left #openvpn []
16:39 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
16:44 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
16:45 -!- arlen_ is now known as arlen
16:48 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:50 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
16:54 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Excess Flood]
16:56 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
17:00 < saik0> can i specify a subordinate ca to sign reqs in easyrsa 3?
17:12 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-cmncvbwkuhwzkodr] has quit [Remote host closed the connection]
17:12 -!- jefferai [sid1300@kde/mitchell] has quit [Remote host closed the connection]
17:25 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-odhdbiydbihsqwdg] has quit [Remote host closed the connection]
17:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:27 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
17:29 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 268 seconds]
17:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:40 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:56 -!- MrVandelay [~nox@sysv.se] has left #openvpn []
17:57 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:09 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-dshjiunnnzhirpuk] has joined #openvpn
18:13 < saik0> ah, just use a different cnf. no problem.
18:18 -!- manglav [6c58d5b2@gateway/web/freenode/ip.108.88.213.178] has quit [Ping timeout: 246 seconds]
18:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 264 seconds]
18:41 <@krzee> !factoids
18:41 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
18:43 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
18:45 -!- MastaG [5655fe87@gateway/web/freenode/ip.86.85.254.135] has quit [Quit: Page closed]
18:47 -!- linear [L@unaffiliated/linear] has joined #openvpn
18:48 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-zapvrbleesxpuztf] has joined #openvpn
18:51 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
19:03 -!- nhooyr [~nhooyr@SNGVON3902W-LP140-03-845495765.dsl.bell.ca] has joined #openvpn
19:04 < nhooyr> hello how can I create a route automatically from the local router to my server? I'm trying to route all client traffic over the vpn, but I need one route to send traffic to my server via the local router. How can I do this? Preferbly without creating a client side script.
19:05 <@krzee> so you want to set a route for 1 subnet to override redirect-gateway?
19:06 < nhooyr> yea, so I can actually actually access the server and everything works properly. atm I have to set this manually which is annoying
19:06 <@krzee> !redirect_override
19:07 <@krzee> !factoids search override
19:07 <@vpnHelper> "route_override" is (#1) https://forums.openvpn.net/viewtopic.php?f=15&t=7161 for how to override --redirect-gateway for a certain subnet or (#2) you can read about the net_gateway variable in --route in the manual (!man) or (#3) to see how to make it so the client will still reply to requests to its public ip over the internet and not the vpn see !splitroute
19:14 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
19:16 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has quit [Quit: The system is going down for reboot NOW!]
19:19 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:19 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-103-109.w86-195.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
19:24 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:40 -!- alec-b [~alec@bl20-78-172.dsl.telepac.pt] has quit [Ping timeout: 272 seconds]
19:40 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has joined #openvpn
19:40 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Remote host closed the connection]
19:41 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
19:41 < nhooyr> krzee: omg ok I figured it out. my client is setting routes correctly, but its setting the wrong routes. my server public ip is say 32.4.6.7. but im using a proxy in between so its not detected by my school's firewall, and the first part of this proxy runs on localhost so its adding a route for localhost (eg localhost to default gateaway instead of 32.4.6.7 to default gateaway) lol
19:46 <@krzee> see --route-gateway in the manual
20:06 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
20:09 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
20:14 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 272 seconds]
20:38 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:01 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 256 seconds]
21:09 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
21:09 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
21:22 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
21:27 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
21:42 -!- jareth_ [~jareth_@bak.project-treadstone.nl] has quit [Ping timeout: 246 seconds]
21:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:46 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
21:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:01 -!- dEPy [~dEPy@199.48.242.26] has joined #openvpn
22:15 -!- dEPy [~dEPy@199.48.242.26] has quit [Ping timeout: 256 seconds]
22:46 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
23:07 -!- dEPy [~dEPy@199.48.245.91] has joined #openvpn
23:14 -!- Xeus [uid21133@gateway/web/irccloud.com/x-dofzmsolrifywkvf] has joined #openvpn
23:16 < Xeus> I have setup OpenVPN server on a cloud server, then installed openvpn client on machines in my LAN and it is working perfectly. Server/clients can communicate effectively with all. The problem is, I installed the client to a VM running on Hyper-V in Windows Server 2012 and I can ping the OpenVPN server, access the internet, my IP shows as the VPN server's IP
23:16 < Xeus> when I check icanhazip.com -- but the server cannot ping the client. However, other clients can ping that client successfully. Any ideas as to where to look?
23:24 < ljvb> you need to setup nat I think, since odds are the IP within the VM is a different netblock then that of the hypervisor
23:24 -!- ShadniX [dagger@p579416F5.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:24 < Xeus> @ljvb
23:24 -!- ShadniX [dagger@p5DDFCFA9.dip0.t-ipconnect.de] has joined #openvpn
23:24 < ljvb> so you need to tell openvpn which networks are behind hyperv, and will most likely need to nat them
23:24 < Xeus> I'm using a virtual switch, but I will look into it, thanks :)
23:25 < Xeus> the VM is assigned a DHCP address from my router, which serves all clients on my network
23:26 < ljvb> my setup is completely different (server on a VPS, 2 other VPSs as clients, and 2 home networks as clients, the vps's only have 1 ip, but the home networks have 2 entire networks each behind them on different netblocks
23:27 < ljvb> for the home networks, I had to add their networks, iroute I think is the command, I put them in the ccd files
23:28 < ljvb> I have my own problem at the moment lol.. trying to figure out how to do split dns with unbound and nsd
23:29 < ljvb> and dynamic dns allocation from dhcpd
23:29 < ljvb> err updates
23:29 < Xeus> I wish I could help you
23:30 < Xeus> each vm appears on my network with a virtual NIC which has its own MAC, they are assigned a static IP from my router
23:30 < Xeus> I suck at networking
--- Day changed Wed Oct 07 2015
00:06 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:13 -!- dEPy [~dEPy@199.48.245.91] has quit [Quit: (null)]
00:57 -!- showaz [~showaz@unaffiliated/showaz] has quit [Remote host closed the connection]
01:04 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:27 -!- u0m3_ [~u0m3@92.80.92.123] has quit [Ping timeout: 246 seconds]
01:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:34 -!- mode/#openvpn [+o mattock1] by ChanServ
01:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:42 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
01:43 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
01:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
02:05 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
02:16 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:32 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
02:33 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
02:40 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
02:42 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
02:57 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
02:59 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
03:00 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 264 seconds]
03:02 -!- marcv [~Thunderbi@119.Red-79-146-86.dynamicIP.rima-tde.net] has joined #openvpn
03:06 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
03:15 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
03:17 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
03:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:43 -!- foofoobar [~foofoobar@88.128.80.109] has joined #openvpn
03:56 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:04 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:06 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
04:13 -!- foofoobar [~foofoobar@88.128.80.109] has quit [Quit: foofoobar]
04:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:13 -!- foofoobar [~foofoobar@88.128.80.109] has joined #openvpn
04:16 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
04:29 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 240 seconds]
04:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:43 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:48 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Quit: ||||||||||||||||||||||||||||||||||||||||||||||| 99%]
04:51 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:56 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
05:13 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:29 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:37 -!- ashka [~postmaste@pdpc/supporter/active/ashka] has joined #openvpn
05:39 -!- Telvana [~digits@2605:a000:122d:c049:213:72ff:fefc:b034] has quit [Ping timeout: 264 seconds]
05:41 < ashka> hi, I have an issue with a udp client on an unstable-ish uplink: whenever that uplink is broken the vpn won't reconnect (on the client it is stuck on "UDPv4 link remote: <remote ip>"). But I didn't check the server logs, which shows "read UDPv4: No route to host" with every failed connection attempt that I make with the client. My question is: what fails here? I can apparently connect to the server, why is the server doing an operation that
05:41 < ashka> would cause a no route to host ?
05:41 < ashka> it's very random, sometimes it will just work on the first try
05:41 -!- Telvana [~digits@2605:a000:122d:c049:213:72ff:fefc:b034] has joined #openvpn
05:44 < ashka> actually nevermind, just figured that it was the server trying to get in touch with the previous connection, but since the uplink broke the routing changed. I guess adding ping-restart on the server side will help
05:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
06:00 -!- marcv [~Thunderbi@119.Red-79-146-86.dynamicIP.rima-tde.net] has quit [Ping timeout: 240 seconds]
06:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 272 seconds]
06:02 -!- Sakyl [~Sakyl@unaffiliated/sakyl] has joined #openvpn
06:03 -!- dazo_afk is now known as dazo
06:04 < Sakyl> Hey there. I want to start a new project, where i connect from my home-router to a vpn on my vserver in germany. There again should be some redirect rules, that if i go to youtube, to traffic is redirected via the american server. what should i read to fix my config in a way that this works
06:04 -!- Eagleman [~Eagleman@546BCBD2.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
06:07 < fred``> Sakyl: some time ago i did it with a caching-only squid
06:08 < fred``> and a peer proxy which handles 'the video urls'
06:09 < fred``> i mean - a non caching squid
06:09 < Sakyl> For Netflix i.g. i just need a forwarding for netflix.com, but not for the content itself.
06:09 < fred``> so you need one squid at you router@home which is filled transparent via iptables
06:11 < Sakyl> I want to have the rules in the "central" vpn in germany, to the vpn holds the rules for forwarding. Is this somehow possible?
06:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:13 -!- mode/#openvpn [+o mattock1] by ChanServ
06:17 -!- u0m3 [~u0m3@92.80.125.233] has joined #openvpn
06:29 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:40 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
06:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:08 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:22 -!- hennos [~midas8@167.160.44.235] has joined #openvpn
07:29 -!- marcv [~Thunderbi@119.Red-79-146-86.dynamicIP.rima-tde.net] has joined #openvpn
07:38 -!- alec-b [~alec@84.3.108.93.rev.vodafone.pt] has quit [Ping timeout: 265 seconds]
07:40 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Remote host closed the connection]
07:40 -!- alec-b [~alec@165.93.166.178.rev.vodafone.pt] has joined #openvpn
07:42 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
07:43 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
07:44 -!- HollowPoint [~Alex@62.255.245.182] has joined #openvpn
07:44 < HollowPoint> Hey guys, is there a channel for the guys who do the ldap plugin does anyone know? I could use some help.
07:44 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
07:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
07:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:56 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Remote host closed the connection]
07:58 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
08:28 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:28 -!- mode/#openvpn [+o mattock1] by ChanServ
08:46 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
09:04 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:11 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:12 -!- alec-b [~alec@165.93.166.178.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
09:14 -!- hennos [~midas8@167.160.44.235] has quit [Quit: Leaving]
09:15 -!- alec-b [~alec@bl20-78-172.dsl.telepac.pt] has joined #openvpn
09:17 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:18 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:19 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Read error: Connection reset by peer]
09:19 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:21 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
09:21 -!- ValdikSS [~valdikss@185.61.149.121] has joined #openvpn
09:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:42 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:42 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:44 <@dazo> HollowPoint: I don't think it exists a big community around the ldap plug-in, unfortunately
09:47 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Ping timeout: 264 seconds]
09:48 < HollowPoint> thanks dazo
09:48 < HollowPoint> I'm trying to get authentication working via pam at the moment, as the VPN server is already on the Freeipa domain, but it's not playing ball
09:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
09:49 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
09:52 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Read error: Connection reset by peer]
09:52 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has quit [Ping timeout: 265 seconds]
09:52 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
09:53 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
09:54 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has joined #openvpn
09:59 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 265 seconds]
10:01 <@dazo> HollowPoint: which of the ldap plug-ins do you use?  I know there are at least two with the same name
10:07 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
10:07 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:11 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:12 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:13 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
10:13 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
10:21 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:22 < HollowPoint> I've removed the ldap plugin and am trying to use pam instead
10:23 < HollowPoint> it lets me on to the VPN without any issues and one of my colleagues, but everyone else is being denied with bad credentials
10:29 -!- foofoobar [~foofoobar@88.128.80.109] has quit [Quit: foofoobar]
10:30 <@dazo> HollowPoint: how have you configured the auth-pam module then?
10:31 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
10:31 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 250 seconds]
10:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
10:36 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
10:37 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
10:44 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:46 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:55 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
10:56 -!- manglavo [6c58d5b2@gateway/web/freenode/ip.108.88.213.178] has joined #openvpn
10:57 <@krzee> werd
11:00 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
11:02 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:02 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
11:04 <@dazo> HollowPoint: if you have a specific openvpn PAM service configured ... you might need a corresponding service configured in FreeIPA as well, otherwise PAM will deny access
11:04 <@dazo> krzee: not necessarily ^^
11:05 <@krzee> no werd?
11:05 <@krzee> lol
11:07 <@dazo> :)
11:08 <@krzee> how you been man? ltns
11:08 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 250 seconds]
11:10 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
11:10 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
11:13 < HollowPoint> dazo: yeah, the thing is, it's letting some of us in and some of us it isn't, I have an HBAC service configured in Freeipa and until I did that, I was getting denied access as well.
11:14 <@dazo> HollowPoint: well, then you're looking in the right directions
11:14 <@dazo> (without more details, it's not possible to help further)
11:16 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
11:16 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
11:16 -!- Sakyl [~Sakyl@unaffiliated/sakyl] has left #openvpn ["WeeChat 1.3"]
11:19 <@krzee> !script
11:19 <@vpnHelper> "script" is See SCRIPTING AND ENVIRONMENTAL VARIALBES in the manual for a list of places that scripts can hook into openvpn. Online reference at: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAR
11:20 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
11:20 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 265 seconds]
11:21 <@krzee> !ccd
11:21 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
11:23 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
11:33 <@krzee> !hmac
11:33 <@vpnHelper> "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. or (#2) openvpn --genkey --secret ta.key to make the tls
11:33 <@vpnHelper> static key , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs
11:38 <@krzee> !inline
11:38 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
11:45 <@krzee> !repo
11:45 <@vpnHelper> "repo" is openvpn runs some software repositories for your installing pleasure, http://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
11:49 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
11:51 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
12:02 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
12:03 -!- HollowPoint [~Alex@62.255.245.182] has quit [Quit: Leaving]
12:05 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
12:10 -!- toli [~toli@62.235.7.249] has quit [Ping timeout: 246 seconds]
12:13 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
12:19 -!- Martin777 [1f0f5b73@gateway/web/freenode/ip.31.15.91.115] has joined #openvpn
12:19 < Martin777> hi all
12:19 <@krzee> greetings
12:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:21 < Martin777> help me pls. How to remove the openvpn GUI for windows a limit on the number of configurations
12:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:21 -!- marcv [~Thunderbi@119.Red-79-146-86.dynamicIP.rima-tde.net] has quit [Ping timeout: 240 seconds]
12:22 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Quit: elfixit]
12:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:34 -!- DryEagle [~Unknown@unaffiliated/dryeagle] has joined #openvpn
12:34 < DryEagle> hi, i'm trying to connect to our remote server, using exact same method as before, it apparently works but i can't load any webpages. here's journalctl log relevant part: http://fpaste.org/276026/42389401/
12:34 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:41 -!- alec-b [~alec@bl20-78-172.dsl.telepac.pt] has quit [Ping timeout: 246 seconds]
12:42 <@krzee> !certverify
12:42 <@vpnHelper> "certverify" is (#1) verify your certs are signed correctly by running `openssl verify -CAfile <ca.crt> <client.crt>` for client.crt and server.crt or (#2) also make sure you use the same ca.crt on both sides by checking their md5
12:43 < DryEagle> i just had the server admin generate new certs for me to be sure, but i'll try that, one sec
12:44 < DryEagle> it says OK
12:45 -!- ValdikSS [~valdikss@185.61.149.121] has quit [Quit: Konversation terminated!]
12:45 < manglavo> sorry that wasnt for you
12:45 < manglavo> im on the phone with someone
12:46 <@krzee> lol i meant to say that
12:46 <@krzee> im on the phone (and teamsviewer) with manglavo
12:46 <@krzee> =]
12:47 < DryEagle> running the command directly it sits at http://fpaste.org/276034/44239853/
12:47 < DryEagle> and i cant connect to any pages
12:47 < manglavo> !certinfo
12:47 <@vpnHelper> "certinfo" is run `openssl x509 -in <file> -noout -text` for info from your cert file
12:48 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
12:49 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn
12:51 < rob0> !tcp
12:51 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
12:51 -!- alec-b [~alec@165.93.166.178.rev.vodafone.pt] has joined #openvpn
12:52 -!- ValdikSS [~valdikss@95.215.45.33] has joined #openvpn
12:52 < manglavo> !ssl-admin
12:52 <@vpnHelper> "ssl-admin" is (#1) if you use freebsd, it is in ports or (#2) svn co https://www.secure-computing.net/svn/trunk/ssl-admin to grab it from svn or (#3) A perl script for managing SSL certificates (being a CA). Makes a good replacement for easy-rsa
12:53 < rob0> DryEagle, ^^ re: tcp.  The bot can help you here.
12:53 < DryEagle> i just tried it with the --tcp-nodelay and it's the same
12:54 < rob0> oh, I am not suggesting that doing away with TCP will fix whatever problem you're seeing
12:54 < rob0> merely that TCP is a bad idea
12:55 < DryEagle> there's nothing there which requires security
12:55 < rob0> it has nothing to do with security
12:55 < DryEagle> ok
12:55 < DryEagle> well, i know that it was working for a fact last week
12:55 < rob0> TCP is still a bad idea
12:55 < DryEagle> in exactly the same configuration
12:55 < DryEagle> and as far as i'm aware i haven't changed anything which would cause it to not work suddenly
12:55 < rob0> So you need to assemble the facts and make a pastebin, perhaps
12:56 < DryEagle> of what?
12:56 < DryEagle> i'm not sure what to look for
12:56 < rob0> did you read the /topic here?
12:56 < DryEagle> if it looks from what i pasted http://fpaste.org/276034/44239853/ and http://fpaste.org/276026/42389401/ like it is connecting
12:56 < DryEagle> then i dont know where else to look
12:57 < DryEagle> if you want any other logs then please tell me how to summon them
12:57 < rob0> I looked at one of those, and yes, the client connected just fine.
12:59 -!- toli [~toli@ip-62-235-216-157.dsl.scarlet.be] has joined #openvpn
13:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:02 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:08 < DryEagle> so any other ideas on how to diagnose why it's not working?
13:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:10 -!- mode/#openvpn [+o mattock1] by ChanServ
13:14 -!- u0m3 [~u0m3@92.80.125.233] has quit [Ping timeout: 250 seconds]
13:14 <@dazo> !tcp
13:14 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay
13:17 -!- hennos [~midas8@167.160.44.234] has joined #openvpn
13:18 <@krzee> !easy-rsa
13:18 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
13:19 -!- Martin777 [1f0f5b73@gateway/web/freenode/ip.31.15.91.115] has quit [Ping timeout: 246 seconds]
13:21 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
13:21 -!- nl6720 [~nl6720@62.85.17.131] has quit [Client Quit]
13:21 -!- u0m3 [~u0m3@92.80.81.240] has joined #openvpn
13:21 -!- u0m3 [~u0m3@92.80.81.240] has quit [Max SendQ exceeded]
13:21 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
13:23 -!- u0m3 [~u0m3@92.80.81.240] has joined #openvpn
13:26 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
13:33 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 240 seconds]
13:34 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
13:42 -!- alec-b [~alec@165.93.166.178.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
13:43 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has joined #openvpn
13:46 -!- alec-b [~alec@165.93.166.178.rev.vodafone.pt] has joined #openvpn
13:54 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:59 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
14:09 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 264 seconds]
14:24 -!- hennos [~midas8@167.160.44.234] has quit [Quit: Leaving]
14:25 -!- manglavo [6c58d5b2@gateway/web/freenode/ip.108.88.213.178] has quit [Ping timeout: 246 seconds]
14:26 -!- nl6720 [~nl6720@62.85.17.131] has quit [Quit: IRC for Sailfish 0.9]
14:28 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has quit [Disconnected by services]
14:28 -!- CPngN_ [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
14:28 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Ping timeout: 241 seconds]
14:28 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
14:32 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
14:35 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
14:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:50 -!- avril [~L@I.thought.this.was.dalnet.ca] has quit [Ping timeout: 240 seconds]
14:50 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
14:50 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 240 seconds]
14:50 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 240 seconds]
14:50 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
14:50 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
14:50 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
14:51 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
14:51 -!- mode/#openvpn [+o dazo] by ChanServ
15:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
15:06 -!- DryEagle [~Unknown@unaffiliated/dryeagle] has quit [Remote host closed the connection]
15:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
15:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:30 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
15:33 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:34 -!- hennos [~midas8@167.160.44.197] has joined #openvpn
15:35 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:45 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
15:46 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Read error: Connection reset by peer]
15:47 -!- toli [~toli@ip-62-235-216-157.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
15:51 -!- alec-b [~alec@165.93.166.178.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
15:53 -!- alec-b [~alec@165.93.166.178.rev.vodafone.pt] has joined #openvpn
15:57 -!- toli [~toli@ip-62-235-44-210.dial.scarlet.be] has joined #openvpn
16:03 -!- CPngN_ is now known as CPng|N
16:11 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
16:13 -!- toli [~toli@ip-62-235-44-210.dial.scarlet.be] has quit [Read error: Connection reset by peer]
16:15 -!- dazo is now known as dazo_afk
16:18 -!- toli [~toli@ip-62-235-44-210.dial.scarlet.be] has joined #openvpn
16:31 -!- nl6720 [~nl6720@62.85.17.131] has quit [Quit: IRC for Sailfish 0.9]
16:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:02 -!- hennos [~midas8@167.160.44.197] has quit [Quit: Leaving]
17:12 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
17:13 -!- toli [~toli@ip-62-235-44-210.dial.scarlet.be] has quit [Ping timeout: 246 seconds]
17:14 -!- toli [~toli@ip-83-134-72-161.dsl.scarlet.be] has joined #openvpn
17:22 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
17:39 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Quit: leaving]
18:06 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:09 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:10 -!- speeddr__ [~speeddrag@51.18.103.87.rev.vodafone.pt] has joined #openvpn
18:13 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 265 seconds]
18:14 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 272 seconds]
18:25 -!- speeddr__ [~speeddrag@51.18.103.87.rev.vodafone.pt] has quit [Ping timeout: 250 seconds]
18:30 -!- speeddragon [~speeddrag@51.18.103.87.rev.vodafone.pt] has joined #openvpn
18:37 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:39 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
18:41 -!- speeddragon [~speeddrag@51.18.103.87.rev.vodafone.pt] has quit [Ping timeout: 268 seconds]
18:48 -!- Denial- [~Denial@host31-54-228-164.range31-54.btcentralplus.com] has joined #openvpn
18:48 -!- Denial [~Denial@81.141.16.229] has quit [Ping timeout: 244 seconds]
19:06 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:22 -!- CPng|N [~CPngN@unaffiliated/cpngn/x-6985199] has quit [Quit: The system is going down for reboot NOW!]
19:24 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:25 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
19:26 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 240 seconds]
19:26 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:27 -!- Steven_ [~deepstar@82.196.7.53] has quit [Ping timeout: 256 seconds]
19:27 -!- GreatSage [~vishera@95.85.20.11] has quit [Ping timeout: 268 seconds]
19:27 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
19:29 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Ping timeout: 240 seconds]
19:29 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:30 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
19:30 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
19:31 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:33 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
19:33 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:34 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:35 -!- Steven_ [~deepstar@pegasus.singularity.be] has joined #openvpn
19:44 -!- Zzyzx_ is now known as Zzyzx
19:48 -!- lykinsbd [~lykinsbd@cpe-173-174-152-48.satx.res.rr.com] has quit [Ping timeout: 240 seconds]
19:52 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 264 seconds]
19:54 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:57 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 265 seconds]
19:57 -!- Zzyzx_ is now known as Zzyzx
20:03 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has left #openvpn ["Ciao!"]
20:21 -!- atamisk [~atamisk@ip98-166-97-54.hr.hr.cox.net] has joined #openvpn
20:23 < atamisk> Alright, I'm pretty certain my problem is firewall (really), but I'm new to messing with iptables. I have 2 clients that can both successfully connect to my VPN server. However, I CANNOT connect client-to-client. I can watch ping requests pass through the server, allegedly to the other client, but the client never recieves the data.
20:26 < atamisk> ...nevermind, my routing table is wrong at the server
20:26 < atamisk> at least i think it is
20:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:34 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
20:36 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
20:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:40 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
20:52 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
21:07 -!- Kobaz [~kobaz@its.kobaz.net] has joined #openvpn
21:07 -!- Xeus [uid21133@gateway/web/irccloud.com/x-dofzmsolrifywkvf] has quit [Quit: Connection closed for inactivity]
21:15 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 255 seconds]
21:17 < atamisk> !welcome
21:17 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
21:17 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:17 < atamisk> !redirect
21:17 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
21:17 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
21:18 < atamisk> !topology
21:18 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
21:26 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:31 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
21:39 -!- atamisk [~atamisk@ip98-166-97-54.hr.hr.cox.net] has quit [Quit: WeeChat 1.3]
22:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
22:19 -!- Eugene is now known as eugennerz
22:30 -!- riddle [riddle@us.yunix.net] has quit [Ping timeout: 246 seconds]
22:42 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has joined #openvpn
22:42 -!- riddle [riddle@us.yunix.net] has joined #openvpn
22:51 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:07 -!- lykinsbd_ [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has joined #openvpn
23:08 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has quit [Ping timeout: 268 seconds]
23:10 -!- krthnz [~krthnz@unaffiliated/krthnz] has quit [Ping timeout: 268 seconds]
23:11 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 268 seconds]
23:11 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
23:12 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-zapvrbleesxpuztf] has quit [Ping timeout: 268 seconds]
23:15 -!- angular_mike_ [sid45533@gateway/web/irccloud.com/x-mjwgwjcroojuuviy] has joined #openvpn
23:22 -!- ShadniX [dagger@p5DDFCFA9.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:23 -!- ShadniX_ [dagger@p5481DD3F.dip0.t-ipconnect.de] has joined #openvpn
23:23 -!- ShadniX_ is now known as ShadniX
23:49 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Thu Oct 08 2015
00:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:35 <@krzee> good evening
00:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:50 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:03 <@plai> krzee: good morning
01:07 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:07 -!- mode/#openvpn [+o mattock1] by ChanServ
01:26 -!- dEPy [~dEPy@104.207.83.62] has joined #openvpn
01:53 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:55 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:04 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
02:13 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 252 seconds]
02:19 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
02:22 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Excess Flood]
02:23 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
02:45 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 255 seconds]
02:47 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
02:50 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
02:50 < hydrajump> krzee: sorry been away from IRC, but to your question regarding my issue with the timeout, no I have not been able to fix it yet.
02:57 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:08 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
03:13 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
03:15 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 256 seconds]
03:25 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
03:32 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
03:48 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Reboot? Or did my jail(8) just die?]
03:51 -!- krthnz [~krthnz@unaffiliated/krthnz] has joined #openvpn
03:52 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
04:16 -!- dEPy [~dEPy@104.207.83.62] has quit [Ping timeout: 272 seconds]
04:24 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Ping timeout: 244 seconds]
04:31 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:32 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
04:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:33 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:34 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Excess Flood]
04:35 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
04:36 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Excess Flood]
04:37 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
04:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:40 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Excess Flood]
04:41 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
04:43 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Excess Flood]
04:43 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
04:45 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
04:49 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
04:52 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 240 seconds]
04:54 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
04:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:59 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 255 seconds]
05:13 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
05:14 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
05:19 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:56 -!- dEPy [~dEPy@191.96.49.57] has joined #openvpn
06:04 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
06:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:06 -!- dEPy [~dEPy@191.96.49.57] has quit [Ping timeout: 260 seconds]
06:15 -!- alec-b [~alec@165.93.166.178.rev.vodafone.pt] has quit [Ping timeout: 264 seconds]
06:15 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
06:16 -!- alec-b [~alec@107.250.137.78.rev.vodafone.pt] has joined #openvpn
06:34 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 256 seconds]
06:39 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
06:41 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
06:42 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:43 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
06:44 -!- dEPy [~dEPy@101.81.60.29] has joined #openvpn
06:44 -!- dEPy [~dEPy@101.81.60.29] has quit [Client Quit]
06:46 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
06:48 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Client Quit]
06:49 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
06:51 -!- alec-b [~alec@107.250.137.78.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
06:51 -!- Tools is now known as Garfield
06:52 -!- alec-b [~alec@184.5.108.93.rev.vodafone.pt] has joined #openvpn
06:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:56 -!- mode/#openvpn [+o mattock1] by ChanServ
07:05 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 240 seconds]
07:09 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
07:16 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
07:17 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 240 seconds]
07:23 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
07:24 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:26 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
07:37 -!- nhooyr [~nhooyr@SNGVON3902W-LP140-03-845495765.dsl.bell.ca] has quit [Quit: WeeChat 1.3]
07:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
07:54 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
08:03 -!- toli [~toli@ip-83-134-72-161.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
08:05 -!- toli [~toli@ip-83-134-72-161.dsl.scarlet.be] has joined #openvpn
08:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:34 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Remote host closed the connection]
08:35 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
08:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:44 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 265 seconds]
08:59 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
09:06 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:06 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
09:12 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
09:14 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 256 seconds]
09:18 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
09:23 -!- shio [marmottin@84.101.121.2] has quit [Ping timeout: 250 seconds]
09:27 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
09:42 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:44 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:45 -!- cryptic1 is now known as cryptic1|afk
09:47 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
09:47 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Excess Flood]
09:47 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
09:48 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Ping timeout: 240 seconds]
09:49 -!- lkjahsdkfj is now known as uiyice
10:00 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:09 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:11 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:17 -!- cryptic1|afk is now known as cryptic1
10:17 -!- c|oneman is now known as zerocool
10:32 -!- apollonovich [~rdowne@2601:647:4d80:a00:4a51:b7ff:fe9b:387c] has joined #openvpn
10:35 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
10:38 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
10:56 < apollonovich> How can I use easy-rsa to sign a csr generated from a private key pair I already have created for other purposes?
11:01 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:03 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
11:08 -!- crane [~crane@chat.craneworks.de] has joined #openvpn
11:12 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Remote host closed the connection]
11:13 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
11:19 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Quit: ZNC - http://znc.in]
11:19 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
11:33 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 240 seconds]
11:33 -!- krthnz [~krthnz@unaffiliated/krthnz] has quit [Remote host closed the connection]
12:00 -!- eugennerz is now known as Eugene
12:23 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:40 -!- apollonovich [~rdowne@2601:647:4d80:a00:4a51:b7ff:fe9b:387c] has quit [Quit: Leaving]
12:43 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
12:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:49 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 264 seconds]
12:51 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:52 -!- redpill [~redpill@unaffiliated/redpill] has quit [Remote host closed the connection]
12:55 -!- dazo_afk is now known as dazo
13:01 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
13:03 -!- timmu [~M@109-125-191-90.dyn.estpak.ee] has joined #openvpn
13:13 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
13:21 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
13:22 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.92 [Firefox 41.0.1/20150929144111]]
13:25 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:25 -!- multi_io [~olaf@x55b24dca.dyn.telefonica.de] has joined #openvpn
13:26 < multi_io> is there anythign for linux that can read .ovpn files containing a vpn client configuration, with inline certificates and keys in the file?
13:29 < hydrajump> multi_io: if you just want to read the contents you can use `cat myfile.ovpn`
13:31 <@krzee> hydrajump, well now i dont remember what it was
13:31 <@krzee> haha
13:36 < multi_io> hydrajump: I want to configure the openvpn client with it
13:37 < hydrajump> krzee: no worries let me recap. Everything is working great with my openvpn setup other than that after a client connects to the server, ~150sec elapses before the connection drops and first after reconnecting can the client actually has internet access, lan access.
13:38 < DArqueBishop> multi_io, it's just a text file. If you rename the configuration file to .conf the Linux OpenVPN program will use it.
13:38 < hydrajump> multi_io: you should be able to just run openvpn and if the ovpn is in /etc/openvpn/ it should work.
13:38 < hydrajump> yes as DArqueBishop said rename it to .conf first
13:40 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 260 seconds]
13:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
13:45 -!- toli [~toli@ip-83-134-72-161.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
13:47 -!- toli [~toli@ip-62-235-220-61.dsl.scarlet.be] has joined #openvpn
13:52 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
14:02 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:06 -!- nl6720 [~nl6720@62.85.17.131] has quit [Quit: IRC for Sailfish 0.9]
14:23 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:24 < multi_io> alright, thanks, that worked.
14:24 < multi_io> a NetworkManager plugin would be nice though...
14:25 < multi_io> i.e. one that can process those files
14:31 < DArqueBishop> multi_io, OpenVPN configuration files only have .ovpn on Windows because .conf is such a generic extension. Using .ovpn allows Windows to recognize them as OpenVPN files.
14:32 < DArqueBishop> Really, like I said, they're just text files. They only require a rename.
14:33 < multi_io> I know they're text files. But the NetworkManager OpenVPN plugin can't process them, it seems...
14:34 < multi_io> also: Thu Oct  8 21:30:57 2015 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: register-dns (2.3.4)
14:34 < multi_io> does this mean my client is too old?
14:46 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:59 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 256 seconds]
15:03 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
15:06 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
15:18 -!- Telvana [~digits@2605:a000:122d:c049:213:72ff:fefc:b034] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
15:22 -!- Telvana [~digits@raven-security.com] has joined #openvpn
15:32 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 240 seconds]
15:32 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:34 -!- hennos [~midas8@167.160.44.197] has joined #openvpn
15:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:45 -!- hennos [~midas8@167.160.44.197] has quit [Quit: Leaving]
15:47 -!- hennos [~midas8@167.160.44.239] has joined #openvpn
15:51 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
15:54 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
15:55 < fearnothing> if my VPN drops after exactly 24 hours is there something in the client that might cause that?
15:55 < fearnothing> the person who runs the server has already updated the settings to remove the timeout from the server side
15:56 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
15:56 -!- dazo is now known as dazo_afk
15:57 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Client Quit]
16:01 -!- dazo_afk is now known as dazo
16:18 -!- melt [~melt@caddy.getpimp.org] has left #openvpn ["Smell ya later"]
16:30 -!- atamisk [~atamisk@ip98-166-97-54.hr.hr.cox.net] has joined #openvpn
16:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:32 < atamisk> good afternoon/evening, I'm trying to created a routed tun VPN to my home network. Currently, I can connect to the server no problem, but Layer 3 forwarding between the tun interface and the ethernet interface appear to be failing. All packets that try to cross the server from tun to eth make it to the server and disappear.
16:33 < rob0> check that IP forwarding is enabled.  Check firewall.  What's the server OS?
16:35 < atamisk> sorry, i'm gathering info. IP forwarding is forwarded in firewall (iptables) but sysctl reports forwarding is disabled. Fixing now and hoping for the best. I thought i checked that!
16:35 < atamisk> OS on both server and client is linux
16:38 < atamisk> We have a winner. Looks like ping traffic is forwarding appropriately... Thanks for the help!
16:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:39 -!- dazo is now known as dazo_afk
16:53 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has joined #openvpn
16:54 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has joined #openvpn
17:39 -!- nhooyr [~nhooyr@SNGVON3902W-LP140-03-845495765.dsl.bell.ca] has joined #openvpn
17:40 < nhooyr> what can I do to optimize my vpn? I have tcpnodelay enabled and compression but is there anything else I should also have enabled (i'm not experiencing lag or anything, just want to know if i'm missing out on anything)
18:13 -!- Xeus [uid21133@gateway/web/irccloud.com/x-npwqibzelcgucvzx] has joined #openvpn
18:16 < Xeus> How do I expose the 192.168.1.0 subnet to my OpenVPN clients?
18:17 < Xeus> Is it iroute
18:17 < Xeus> ?
18:24 -!- nhooyr [~nhooyr@SNGVON3902W-LP140-03-845495765.dsl.bell.ca] has quit [Quit: WeeChat 1.3]
18:36 <@Eugene> !route
18:36 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
18:36 <@vpnHelper> client
18:36 <@Eugene> !serverlan
18:36 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
18:36 <@Eugene> Like that ^
18:39 < Xeus> @Eugene thank you
18:43 -!- Gwoplock [~quassel@104.56.172.189] has quit [Remote host closed the connection]
18:54 -!- alec-b [~alec@184.5.108.93.rev.vodafone.pt] has quit [Ping timeout: 264 seconds]
18:56 -!- alec-b [~alec@153.191.54.77.rev.vodafone.pt] has joined #openvpn
19:35 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 255 seconds]
19:40 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
19:56 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has quit [Quit: splud]
20:14 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
20:16 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Remote host closed the connection]
20:29 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has quit [Quit: The system is going down for reboot NOW!]
20:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:33 -!- atamisk [~atamisk@ip98-166-97-54.hr.hr.cox.net] has quit [Quit: WeeChat 1.3]
20:38 -!- hennos [~midas8@167.160.44.239] has quit [Quit: Leaving]
20:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:49 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
21:37 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
21:41 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
21:49 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
21:52 -!- troyt [~troyt@2601:681:4601:cb11:44dd:acff:fe85:9c8e] has joined #openvpn
22:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:21 -!- alec-b [~alec@153.191.54.77.rev.vodafone.pt] has quit [Ping timeout: 268 seconds]
22:23 -!- alec-b [~alec@34.43.54.77.rev.vodafone.pt] has joined #openvpn
22:33 -!- alec-b [~alec@34.43.54.77.rev.vodafone.pt] has quit [Ping timeout: 272 seconds]
22:34 -!- alec-b [~alec@155.237.28.37.rev.vodafone.pt] has joined #openvpn
22:40 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:48 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 255 seconds]
23:11 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
23:23 -!- ShadniX [dagger@p5481DD3F.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:23 -!- ShadniX_ [dagger@p579411BF.dip0.t-ipconnect.de] has joined #openvpn
23:23 -!- ShadniX_ is now known as ShadniX
23:40 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
23:41 -!- troyt [~troyt@2601:681:4601:cb11:44dd:acff:fe85:9c8e] has quit [Quit: AAAGH!  IT BURNS!]
23:43 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
--- Day changed Fri Oct 09 2015
00:00 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
00:25 -!- Xel- [2B6RZiE5qV@aurora.xelman.net] has joined #openvpn
00:25 < Xel-> !welcome
00:25 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
00:25 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
00:26 < Xel-> Possibly stupid question - has anyone here been able to get OpenVPN working on iOS with proXPN if you are a proXPN customer?
00:26 < Xel-> I'm having a hell of a time.
00:27 < Xel-> Google has failed me
00:27 < Xel-> (Found some articles, but their advice doesnt worjk)
00:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:37 -!- multi_io [~olaf@x55b24dca.dyn.telefonica.de] has quit [Ping timeout: 260 seconds]
00:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:53 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection timed out]
00:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
01:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:06 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:13 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:48 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 264 seconds]
01:57 -!- Xeus [uid21133@gateway/web/irccloud.com/x-npwqibzelcgucvzx] has quit [Quit: Connection closed for inactivity]
02:00 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
02:08 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
02:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:41 -!- lykinsbd_ [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has quit [Ping timeout: 244 seconds]
02:52 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
02:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:53 -!- mode/#openvpn [+o mattock1] by ChanServ
02:59 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:01 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
03:02 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
03:09 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has joined #openvpn
03:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:18 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
03:21 -!- capri [svedrin@elwing.funzt-halt.net] has quit [Ping timeout: 252 seconds]
03:23 -!- capri [svedrin@elwing.funzt-halt.net] has joined #openvpn
03:36 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Ping timeout: 260 seconds]
03:39 -!- lykinsbd_ [~lykinsbd@70.117.21.58] has joined #openvpn
03:40 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
03:41 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has quit [Ping timeout: 240 seconds]
03:41 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
03:42 < ValdikSS> Xel-: iOS 9?
03:46 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
03:47 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:49 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
03:53 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
03:58 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has joined #openvpn
04:01 -!- lykinsbd_ [~lykinsbd@70.117.21.58] has quit [Ping timeout: 252 seconds]
04:11 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:11 -!- mode/#openvpn [+o mattock1] by ChanServ
04:12 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Ping timeout: 252 seconds]
04:21 -!- lykinsbd_ [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has joined #openvpn
04:21 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
04:23 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has quit [Ping timeout: 246 seconds]
04:23 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
04:25 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
04:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:35 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:36 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:49 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
04:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:50 -!- mode/#openvpn [+o mattock1] by ChanServ
04:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:54 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
04:54 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
04:55 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:04 -!- mode/#openvpn [+o mattock1] by ChanServ
05:26 -!- dazo_afk is now known as dazo
05:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
05:54 -!- mator [~mator@u163.east.ru] has joined #openvpn
05:54 < mator> hello
05:54 < mator> is it possible to create only ipv6 tunnel ?
05:54 < mator> without ipv4 settings?
06:02 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:09 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
06:23 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:25 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:27 < ValdikSS> mator: no
06:32 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:35 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:35 -!- mode/#openvpn [+o mattock_] by ChanServ
06:37 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:40 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 268 seconds]
06:45 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
06:47 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:48 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:52 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Remote host closed the connection]
06:52 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:53 -!- mode/#openvpn [+o mattock_] by ChanServ
06:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:56 < mator> ValdikSS, thanks
06:56 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
06:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:00 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
07:03 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
07:04 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:04 -!- mode/#openvpn [+o mattock_] by ChanServ
07:08 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:09 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
07:18 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Quit: IRC for Sailfish 0.9]
07:22 -!- hennos [~midas8@167.160.44.233] has joined #openvpn
07:26 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:27 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:28 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
07:30 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 250 seconds]
07:30 < hydrajump> .buffer 23
07:31 < hydrajump> opps
07:32 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:32 < johnny56> if I add "redirect-gateway def1" will this affect connections on the server at all?
07:32 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:33 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
07:34 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
07:36 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Ping timeout: 246 seconds]
07:36 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:41 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
07:42 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
07:43 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:44 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Ping timeout: 252 seconds]
07:59 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
08:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
08:10 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:11 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
08:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:24 -!- mode/#openvpn [+o mattock1] by ChanServ
08:27 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
08:30 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:30 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
08:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:36 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
08:38 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Client Quit]
08:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:39 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
09:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:10 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
09:13 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:20 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
09:33 -!- Socket- [~kerbooom@pool-96-255-103-79.washdc.fios.verizon.net] has joined #openvpn
09:33 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
09:34 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Read error: Connection reset by peer]
09:34 < Socket-> Hello, I am trying to install openvpn as a service and it appears selinux prohibiting my config. Can anyone help me resolve the issue without disabling selinux. http://apaste.info/iUW
09:35 <+esde> !selinux
09:35 <+esde> !factoids
09:35 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
09:36 <+esde> s/semi-regularly/seldom/
09:39 < rob0> It would probably be a question for #your-distro-here or #selinux channels.
09:42 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has quit [Ping timeout: 272 seconds]
10:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
10:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:02 -!- mode/#openvpn [+o mattock1] by ChanServ
10:11 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:11 -!- mator [~mator@u163.east.ru] has left #openvpn []
10:14 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:31 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 268 seconds]
10:34 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 250 seconds]
10:41 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
10:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
10:46 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 265 seconds]
10:46 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:49 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
10:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:59 -!- mode/#openvpn [+o mattock1] by ChanServ
11:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
11:13 -!- dazo is now known as dazo_afk
11:18 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:25 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
11:28 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
11:34 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
11:36 -!- dmilith [~dmilith@verknowsys.com] has joined #openvpn
11:39 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:40 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
11:41 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
11:42 -!- hennos [~midas8@167.160.44.233] has quit [Ping timeout: 246 seconds]
11:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:51 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:53 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
11:54 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has joined #openvpn
12:01 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
12:03 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
12:05 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
12:06 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:12 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:14 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
12:14 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
12:15 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:25 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:27 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 255 seconds]
12:28 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
12:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:37 -!- shio [marmottin@84.101.121.10] has joined #openvpn
12:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:42 -!- dmilith is now known as dmilith2
12:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
12:50 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
12:57 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:14 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 250 seconds]
13:41 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:44 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
13:45 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
13:49 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has quit [Quit: Leaving]
13:49 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:50 -!- hennos [~midas8@167.160.44.241] has joined #openvpn
14:08 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:33 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
14:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
15:14 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
15:16 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 240 seconds]
15:25 -!- hennos [~midas8@167.160.44.241] has quit [Ping timeout: 255 seconds]
15:28 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 268 seconds]
15:37 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has joined #openvpn
15:41 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
15:49 -!- Xel- [2B6RZiE5qV@aurora.xelman.net] has left #openvpn []
15:58 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
16:06 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
16:08 -!- asdfqwre [45468f82@gateway/web/freenode/ip.69.70.143.130] has joined #openvpn
16:10 < asdfqwre> I installed openVPN using apt-get (linux) how do i start it with the given files (.crt, .key and .openvpn)
16:15 < asdfqwre> When I try    "openvpn --config linux-openvpn-udp-1194.ovpn"    I get    "Fri Oct  9 17:11:21 2015 DEPRECATED OPTION: --tls-remote, please update your configuration"
16:15 < asdfqwre> does it mean the server i want to connect to is down?
16:17 -!- hennos [~midas8@84-72-3-177.dclient.hispeed.ch] has quit [Quit: Leaving]
16:21 -!- hennos [~midas8@167.160.44.209] has joined #openvpn
16:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:46 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 268 seconds]
16:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 260 seconds]
16:51 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:52 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:52 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:57 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:00 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
17:05 -!- toli [~toli@ip-62-235-220-61.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:11 -!- Shibe [~ShibaInu@botters/ShibaInu] has joined #openvpn
17:11 < Shibe> I get this error when I try to connect to my openvpn server ERROR: Linux route add command failed: external program exited with error status: 2
17:11 < Shibe> also does openvpn work on openvz vps' or not?
17:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 265 seconds]
17:17 <@krzee> !openvz
17:17 <@vpnHelper> "openvz" is (#1) http://wiki.openvz.org/VPN_via_the_TUN/TAP_device to learn bout openvz specific stuff with regards to openvpn or (#2) It is usually less painful to switch to a host with better virtualization technology, eg KVM or Xen
17:18 <@krzee> and Shibe, show the whole log
17:18 <@krzee> just that line doesnt help anybody help you
17:18 < Shibe> krzee: wait, I just realized that I messed up while generating the certificates
17:19 < Shibe> going to re-generate them but right now I'm gonna go to sleep
17:19 <@krzee> bad certs you would not have gotten to the route command
17:19 <@krzee> but ok
17:19 < asdfqwre> how can I know from which port my openvpn pass?
17:20 < asdfqwre> i only have access to 80
17:20 <@krzee> !port
17:20 < asdfqwre> :(
17:20 <@krzee> asdfqwre, by setting the port in the config
17:20 < asdfqwre> ok ty
17:21 -!- toli [~toli@ip-62-235-215-221.dsl.scarlet.be] has joined #openvpn
17:21 < asdfqwre> the config being the ovpn?
17:21 < asdfqwre> krzee
17:22 <@krzee> ya
17:22 <@krzee> could be conf or ovpn, whatev
17:22 <@krzee> its just text
17:24 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
17:31 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:49 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
17:56 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:00 -!- asdfqwre [45468f82@gateway/web/freenode/ip.69.70.143.130] has quit [Quit: Page closed]
18:06 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has joined #openvpn
19:04 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:05 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
19:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:13 -!- fling [~fling@fsf/member/fling] has joined #openvpn
19:14 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
19:14 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:16 -!- AlmogBaku [~AlmogBaku@bzq-109-67-58-47.red.bezeqint.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
19:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:33 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
19:52 -!- alec-b [~alec@155.237.28.37.rev.vodafone.pt] has quit [Ping timeout: 250 seconds]
19:55 -!- alec-b [~alec@184.255.137.78.rev.vodafone.pt] has joined #openvpn
20:07 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:30 -!- joel1nux [~jlcarnes@ip68-111-11-59.sb.sd.cox.net] has joined #openvpn
20:31 < joel1nux> I'm getting the infamous "TLS handshake failed.  I have the router set to route traffic from the right port to my OpenVPN machine...
20:31 < joel1nux> From what I can glean from the logs, the client is not responding I think...
20:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:36 < joel1nux> They are definitely talking to each other, but the TLS handshake isn't happening
20:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:49 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
20:51 < joel1nux> http://pastebin.com/kGRXutPv
20:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
20:57 -!- hennos [~midas8@167.160.44.209] has quit [Quit: Leaving]
20:58 < joel1nux> and this is my TCP
20:58 < joel1nux> http://pastebin.com/kGRXutPv
21:04 -!- joel1nux [~jlcarnes@ip68-111-11-59.sb.sd.cox.net] has quit [Ping timeout: 250 seconds]
21:18 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
21:19 -!- hennos [~midas8@167.160.44.209] has joined #openvpn
21:22 -!- hennos [~midas8@167.160.44.209] has quit [Client Quit]
21:23 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
21:55 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
22:00 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
22:10 -!- lykinsbd_ [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has quit [Ping timeout: 250 seconds]
22:17 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has joined #openvpn
22:29 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
22:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
22:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
22:57 -!- mystica555 [~mystica55@97-118-103-210.hlrn.qwest.net] has quit [Ping timeout: 268 seconds]
22:59 -!- mystica555 [~mystica55@174-16-113-35.hlrn.qwest.net] has joined #openvpn
23:09 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
23:10 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
23:11 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:13 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
23:14 -!- mystica555_ [~mystica55@184-96-131-233.hlrn.qwest.net] has joined #openvpn
23:15 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
23:16 -!- mystica555 [~mystica55@174-16-113-35.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
23:18 -!- alec-b [~alec@184.255.137.78.rev.vodafone.pt] has quit [Ping timeout: 265 seconds]
23:21 -!- ShadniX [dagger@p579411BF.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:21 -!- ShadniX_ [dagger@p5DDFDB11.dip0.t-ipconnect.de] has joined #openvpn
23:21 -!- ShadniX_ is now known as ShadniX
23:27 -!- james41382_ is now known as james41382
23:28 -!- alec-b [~alec@194.97.108.93.rev.vodafone.pt] has joined #openvpn
--- Day changed Sat Oct 10 2015
00:15 -!- baetheus [~brandon@null.pub] has quit [Remote host closed the connection]
00:17 -!- baetheus [~brandon@null.pub] has joined #openvpn
00:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:33 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:35 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 244 seconds]
00:35 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Read error: Connection reset by peer]
00:36 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
00:36 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
00:37 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
00:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:02 -!- abra0 [abra0@unaffiliated/abra0] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
01:02 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
01:03 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 240 seconds]
01:11 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
01:52 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
02:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 268 seconds]
02:11 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 265 seconds]
02:14 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
02:18 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:47 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
02:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:56 -!- mode/#openvpn [+o mattock1] by ChanServ
02:58 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:01 -!- Shibe [~ShibaInu@botters/ShibaInu] has left #openvpn ["Leaving"]
03:15 -!- Tykling [tykling@gibfest.dk] has quit [Read error: Connection reset by peer]
03:17 -!- Steven_ [~deepstar@pegasus.singularity.be] has quit [Ping timeout: 264 seconds]
03:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:18 -!- d10n [~d10n@unaffiliated/d10n] has quit [Ping timeout: 264 seconds]
03:23 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
03:24 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
03:25 -!- Steven_ [~deepstar@pegasus.singularity.be] has joined #openvpn
03:25 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
03:37 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
03:40 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:41 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:52 -!- dazo_afk is now known as dazo
04:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:40 -!- janjust [~janjust@openvpn/community/support/janjust] has joined #openvpn
04:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:00 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
06:00 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
06:05 -!- adapiratr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 252 seconds]
06:07 -!- adapiratr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
06:09 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Remote host closed the connection]
06:19 -!- dazo is now known as dazo_afk
06:19 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Ping timeout: 246 seconds]
06:22 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:23 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Excess Flood]
06:23 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:26 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
06:29 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has joined #openvpn
06:32 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
07:02 -!- rich0_ is now known as rich0
07:05 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
07:13 -!- dazo_afk is now known as dazo
07:17 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 252 seconds]
07:19 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:36 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
07:43 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
07:45 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
07:46 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
07:50 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 268 seconds]
08:01 -!- hennos [~midas8@167.160.44.209] has joined #openvpn
08:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
08:11 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:16 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
08:18 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Read error: Connection timed out]
08:23 -!- snadge [~snadge@unaffiliated/snadge] has joined #openvpn
08:24 < snadge> this is OT but ive spent the past hour or so scratching my head.. how do i connect to a cisco vpn in windows 10?
08:24 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
08:25 < snadge> theres some software anyconnect that apparently i need a paid subscription and a support contract for.. there looks to be a frontend for vpnc for windows.. and allegedly someone has hacked vpnc into openvpn
08:26 < snadge> at least the latter option is possibly even remotely on topic
08:31 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
08:33 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
08:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:34 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Excess Flood]
08:36 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
08:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:04 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
09:06 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
09:06 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
09:09 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 252 seconds]
09:09 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
09:10 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
09:37 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac]
09:38 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
09:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:51 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
09:52 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-neprvrsngilaopwf] has joined #openvpn
09:52 < wallbroken> hi
09:52 < wallbroken> do you know some free limited service like this: https://www.privatetunnel.com/ ?
09:52 <@vpnHelper> Title: Private Tunnel | Protect your Internet Traffic with Secure OpenVPN. (at www.privatetunnel.com)
09:55 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
10:01 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
10:03 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
10:19 <@dazo> wallbroken: http://lifehacker.com/5697167/if-youre-not-paying-for-it-youre-the-product
10:20 <@dazo> !free
10:20 <@dazo> !learn free as http://lifehacker.com/5697167/if-youre-not-paying-for-it-youre-the-product
10:20 <@vpnHelper> Joo got it.
10:20 < wallbroken> dazo, do you know tunnelbear?
10:21 <@dazo> nope, I don't use free services at all
10:21 <@dazo> I have my own VPS and run openvpn on that
10:21 < wallbroken> i also done it
10:21 < wallbroken> i got an odroid dev board running linux, installed openvpn server
10:21 <@dazo> it costs me €6 per month, but I consider it better than having some fake trust in free services
10:22 < wallbroken> but with my adsl it was very slow
10:22 < wallbroken> dazo, it saids that https://www.privatetunnel.com/  is mantained by official openvpn staff
10:22 <@vpnHelper> Title: Private Tunnel | Protect your Internet Traffic with Secure OpenVPN. (at www.privatetunnel.com)
10:22 <@dazo> Tor is slower, because it provides anonymity .... so do you want to protect/secure your data or do you want to be anonymous ... VPN provides the former, Tor the latter ... they solve different issues
10:23 < wallbroken> no, i don't care about it
10:23 < wallbroken> my need is different
10:23 <@dazo> yes, privatetunnel is probably the better alternatives but it isn't entirely free
10:24 < wallbroken> i can't access to some serveices different than 80, 443 port just because some public wifi does not allow that
10:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:24 < wallbroken> so i need openvpn on port 80, 443
10:24 < wallbroken> and use my services into it
10:26 <@dazo> fair enough, so you want to sneak through firewalls ... then privatetunnel is probably a safer one ... free solutions often have a bad performance
10:27 <@dazo> privatetunnel should, afaics, support 80/tcp, 443/tcp and 1194/udp
10:27 < wallbroken> it's true that is developed by openvpn staff?
10:29 <@dazo> yes, it is ... I'm in fact right now in an OpenVPN Hackathon and heard James Yonan (the creator of OpenVPN) mention Privatetunnel as part of their products
10:29 <@dazo> https://www.privatetunnel.com/home/about-us/
10:29 <@vpnHelper> Title: About Us | Private Tunnel (at www.privatetunnel.com)
10:31 < wallbroken> it offers 500 mb free for trial
10:31 <@dazo> so to turn it around, if you buy a privatetunnel quota, you actually help support further development of openvpn
10:31 < wallbroken> then i need to pay
10:31 < wallbroken> :\
10:31 <@dazo> that's right
10:31 < wallbroken> but i don't want to
10:32 <@dazo> well, then you're just greedy and don't want to contribute to the product development .... then I don't care about your needs at all
10:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
10:42 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 265 seconds]
10:43 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
10:43 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
10:44 -!- rich0__ is now known as rich0
10:48 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
10:54 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:03 -!- janjust [~janjust@openvpn/community/support/janjust] has left #openvpn ["Leaving"]
11:11 -!- aedend [~aedend@unaffiliated/aedend] has joined #openvpn
11:13 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
11:15 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
11:17 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 255 seconds]
11:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:45 -!- dazo is now known as dazo_afk
11:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
12:10 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
12:13 < eelstrebor> i don't know why i'm getting this message when i have generated unique certs/keys for every client: http://pastebin.com/8KuCBJp2
12:27 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
12:31 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:32 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
12:33 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:34 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
12:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:42 < aedend> when checking the status of openvpn does this mean it is running? https://paste.debian.net/315272/
12:44 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:54 < BtbN> it means it's exited, but the service is active
12:57 < aedend> I wonder why it is exiting?
13:06 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
13:10 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 252 seconds]
13:10 -!- lykinsbd_ [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has joined #openvpn
13:13 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has quit [Ping timeout: 246 seconds]
13:18 -!- lykinsbd_ [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has quit [Max SendQ exceeded]
13:19 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has joined #openvpn
13:39 -!- shio [marmottin@84.101.121.10] has quit [Quit: Leaving]
13:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:40 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has joined #openvpn
13:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
13:49 -!- nl6720 [~nl6720@62.85.17.131] has quit [Remote host closed the connection]
13:52 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
13:54 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
13:56 -!- Alina-malina [~Alina-mal@unaffiliated/alina-malina] has quit [Read error: Connection reset by peer]
14:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:12 -!- aedend [~aedend@unaffiliated/aedend] has left #openvpn ["Leaving"]
14:17 -!- nl6720 [~nl6720@62.85.17.131] has quit [Read error: Connection reset by peer]
14:36 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:41 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
14:45 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
14:54 -!- aedend [~aedend@unaffiliated/aedend] has joined #openvpn
14:54 < aedend> can anyone help with an exit status message after checking status of openvpn? This is what I get  https://paste.debian.net/315284/
15:20 -!- netuoso [d8739ea0@gateway/web/freenode/ip.216.115.158.160] has joined #openvpn
15:20 < netuoso> anyone here familiar with OpenSwan on linux to connect to a Cisco ASA? I have 6 established tunnels, but cant seem to get packets thru them
15:30 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
15:32 < dan_j> Hi. I'm using openvpn without pfsense. pfsense is running two instances of Openvpn. One is a sitetosite openvpn server and the other is a remote access openvpn server. The sitetosite clients can access IPs behind the pfsense/openvpn server. The remote access clients can access IPs behind the pfsense/openvpn server. But the sitetosite clients are unable to
15:32 < dan_j> access the remote access clients. Any idea what I need to do to allow this?
15:36 <@Eugene> !clientlan
15:36 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
15:36 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
15:36 <@Eugene> The clients on the site-to-site link need this ^
15:36 -!- u0m3 [~u0m3@92.80.81.240] has quit [Quit: Leaving]
15:39 < dan_j> Eugene: The ping from the site-to-site client to the remote access client can be seen on the pfsense server. So I know the routing from the site-to-site client to the vpnserver is working when trying to ping the remote access clients.
15:39 <@Eugene> So you have the clientlan stuff set up already?
15:40 < dan_j> !ipforward
15:40 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
15:40 < dan_j> !iroute
15:40 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
15:42 < aedend> what would cause an exit status on openvpn. The service starts but is not active. syslog shows no indication of what is wrong
15:42 <@Eugene> The fact that the pings are coming in just means that the client-router is working. It doesn't mean the return path works, which is just as important
15:43 <@Eugene> You'll also need to have routes set up for the client-lan subnets on the remote-access instance
15:43 <@Eugene> And a route for the remote-access instance on the client-lan instance
15:43 <@Eugene> Everything needs to talk to everywhere
15:44 <@Eugene> aedend - that depends a lot upon what init script / distro. Generally, set --log and --verb in your .conf and give it a go
15:44 -!- troyt_ [~troyt@2601:681:4601:cb11:44dd:acff:fe85:9c8e] has joined #openvpn
15:44 -!- julie_harshaw [~julie@juliekoubova.net] has joined #openvpn
15:44 <@Eugene> If `openvpn` is never being executed because of a problem in the init script then you won't get anything at all in the logs
15:44 <@Eugene> Or if there's a permissions problem on the logfile
15:44 < dan_j> The ping packets don't appear to be arriving on the remote access clients.
15:44 <@Eugene> That's a firewall problem ;-)
15:44 < dan_j> But the pfsense server is able to ping the remote access clients.
15:45 < dan_j> The firewall is totally open at the moment on the remote access client.
15:45 < aedend> This is what I get after running status  https://paste.debian.net/315286/
15:46 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
15:47 -!- KronoZ` [~KronoZ@proxy.kronoz.guru] has joined #openvpn
15:47 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 246 seconds]
15:47 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 246 seconds]
15:47 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 246 seconds]
15:48 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
15:51 -!- DzAirmaX_ [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
15:54 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:55 -!- TakumoKatekari [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
15:55 -!- u0m3 [~u0m3@92.80.81.240] has joined #openvpn
15:56 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 246 seconds]
15:56 -!- toli [~toli@ip-62-235-215-221.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
15:57 < dan_j> I assume if the pfsense/openvpn server is able to ping the remote access client, the packets from the site-to-site client (which are seen on the pfsense server) should be seen on the remote access client.
15:57 -!- Netsplit *.net <-> *.split quits: KronoZ, fearnothing, rich0, d10n, ValdikSS, Takumo
16:03 -!- Netsplit over, joins: fearnothing
16:03 -!- toli [~toli@ip-62-235-215-221.dsl.scarlet.be] has joined #openvpn
16:05 -!- toli [~toli@ip-62-235-215-221.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
16:08 -!- toli [~toli@ip-62-235-215-221.dsl.scarlet.be] has joined #openvpn
16:09 -!- netuoso [d8739ea0@gateway/web/freenode/ip.216.115.158.160] has left #openvpn []
16:10 -!- mescalito [~mescalito@unaffiliated/mescal] has quit [Quit: mescalito]
16:23 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
16:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
16:34 -!- patsToms [~patsToms@radioa7.lv] has quit [Ping timeout: 264 seconds]
16:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:35 -!- Steven_ [~deepstar@pegasus.singularity.be] has quit [Ping timeout: 255 seconds]
16:36 -!- u0m3_ [~u0m3@92.80.81.240] has joined #openvpn
16:37 -!- patsToms [~patsToms@radioa7.lv] has joined #openvpn
16:37 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:38 -!- JackWinter_ [~jack@vodsl-8284.vo.lu] has joined #openvpn
16:41 -!- cylon512_ [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
16:42 -!- pipecloud [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
16:42 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
16:42 -!- mode/#openvpn [+o plaisthos] by ChanServ
16:42 -!- bpye_ [~quassel@unaffiliated/bpye] has joined #openvpn
16:44 -!- KronoZ [~KronoZ@proxy.kronoz.guru] has joined #openvpn
16:44 -!- early` [~early@105.ip-167-114-152.net] has joined #openvpn
16:44 -!- n-st_ [~n-st@unaffiliated/n-st] has joined #openvpn
16:45 -!- IamError_ [~tom@unaffiliated/iamerror] has joined #openvpn
16:45 -!- [DS]Matej_ [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
16:45 -!- abra0_ [abra0@unaffiliated/abra0] has joined #openvpn
16:46 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
16:46 -!- Netsplit *.net <-> *.split quits: early, u0m3, @plai, JackWinter, abra0, SoreGums, capri, IamError, zpatten, cylon512,  (+15 more, use /NETSPLIT to show all of them)
16:46 -!- [DS]Matej_ is now known as [DS]Matej
16:46 -!- IamError_ is now known as IamError
16:46 -!- pipecloud is now known as pipework
16:46 -!- n-st_ is now known as n-st
16:46 -!- Netsplit over, joins: zpatten
16:46 -!- Netsplit over, joins: arlen
16:47 -!- Netsplit over, joins: jesopo
16:48 -!- abra0_ is now known as abra0
16:50 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
16:52 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
16:52 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-ripnhghvnyaktkkl] has joined #openvpn
16:53 -!- dan_j [sid21651@gateway/web/irccloud.com/x-igdukrrvswnysnts] has joined #openvpn
16:55 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:56 -!- capri [svedrin@elwing.funzt-halt.net] has joined #openvpn
16:56 -!- tekzilla [~jon@217.147.92.57] has joined #openvpn
16:56 -!- deed02392 [~deed02392@2001:41d0:2:ab60::1] has joined #openvpn
16:56 -!- Cosmoe [~Freenode@ks3301831.kimsufi.com] has joined #openvpn
16:57 -!- deed02392 [~deed02392@2001:41d0:2:ab60::1] has quit [Changing host]
16:57 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
16:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:10 -!- james41382_ is now known as james41382
17:12 -!- hennos [~midas8@167.160.44.209] has left #openvpn ["Leaving"]
17:19 -!- mescalito [~mescalito@unaffiliated/mescal] has quit [Quit: mescalito]
17:21 -!- OpenVPNWannabe [45468f82@gateway/web/freenode/ip.69.70.143.130] has joined #openvpn
17:22 < OpenVPNWannabe> My config : http://pastebin.com/KCccEvLt : how do i set it up under linux?
17:22 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
17:30 < OpenVPNWannabe> this is what I tryed http://pastebin.com/YjSLdZbx
17:30 < OpenVPNWannabe> and the result
17:39 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
17:40 < OpenVPNWannabe> also my port re restricted to 80 only
17:43 < OpenVPNWannabe> are*
17:48 < OpenVPNWannabe> !welcome
17:48 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
17:48 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:48 < OpenVPNWannabe> !howto
17:48 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
17:56 < OpenVPNWannabe> also i already have the cert and key
17:58 -!- Sander^home [irc@ellj90.ip.ssc.net] has joined #openvpn
18:02 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 250 seconds]
18:03 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
18:05 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
18:05 < OpenVPNWannabe> How do I enable openvpn under ubuntu through fortiguard
18:21 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has joined #openvpn
18:27 -!- OpenVPNWannabe [45468f82@gateway/web/freenode/ip.69.70.143.130] has quit [Ping timeout: 246 seconds]
18:37 <+s7r> has anyone setup a full IPv6 only openvpn server?
18:50 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Read error: Connection reset by peer]
19:01 -!- aedend [~aedend@unaffiliated/aedend] has quit [Read error: Connection reset by peer]
19:05 -!- mescalito [~mescalito@unaffiliated/mescal] has quit [Quit: mescalito]
19:30 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
19:42 -!- brizz [~brizz@64.31.1.2] has joined #openvpn
19:43 < brizz> is it possible to run a vpn client connection to a openvpn server..that bridges connection--and have a webserver on that same machine, and have it continue to function after vpn connection is established?
19:49 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
19:52 -!- ValdikSS [~valdikss@95.215.45.33] has joined #openvpn
20:16 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
20:31 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 240 seconds]
20:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:47 -!- Mavrikant [~Mavrikant@wikimedia/Mavrikant] has quit [Ping timeout: 264 seconds]
20:48 -!- tpw_rules [~tpw_rules@li1062-57.members.linode.com] has joined #openvpn
20:50 < tpw_rules> having trouble on windows 10 64 bit. set up my config file. launch the gui as administrattor, hit connect, and the log window pops up but no text ends up in it. 'verb 9' in the config file. a few seconds later it errors out
20:50 < tpw_rules> right click and "view log" and notepad says there is no log file
20:52 -!- Mavrikant [~Mavrikant@wikimedia/Mavrikant] has joined #openvpn
20:54 < tpw_rules> oh i figured it out. had a config option it didn't like. not sure why there was nothing in the gui about it
20:54 -!- tpw_rules [~tpw_rules@li1062-57.members.linode.com] has left #openvpn ["Leaving"]
21:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 268 seconds]
21:47 < linear> anyone have suggestions for software to create/provision/manage openvpn clients/logins? do most vpn providers use something for this or do they write it themselves?
22:21 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
23:07 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:12 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
23:21 -!- ShadniX [dagger@p5DDFDB11.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:21 -!- ShadniX_ [dagger@p5DDFCE48.dip0.t-ipconnect.de] has joined #openvpn
23:22 -!- ShadniX_ is now known as ShadniX
--- Day changed Sun Oct 11 2015
00:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:51 -!- Sander^home [irc@ellj90.ip.ssc.net] has quit [Quit: Page closed]
00:56 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
01:44 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:57 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:59 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
02:02 -!- Savemech [Savemech@gateway/shell/firrre/x-faijnsrzniauzbfz] has quit [Ping timeout: 240 seconds]
02:23 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:33 -!- Savemech [Savemech@gateway/shell/firrre/x-muvswtacldcgnocq] has joined #openvpn
02:45 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
02:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:48 -!- mode/#openvpn [+o mattock1] by ChanServ
02:49 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
03:32 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-neprvrsngilaopwf] has quit [Ping timeout: 240 seconds]
03:45 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:46 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
03:46 -!- FruitieX [~FruitieX@qyr0.kyla.fi] has joined #openvpn
03:47 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
03:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
04:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
04:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
04:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:22 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
04:22 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:22 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:23 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:30 -!- cylon512_ [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 265 seconds]
04:30 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
04:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:37 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:59 -!- dazo_afk is now known as dazo
05:12 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
05:19 -!- mescalito [~mescalito@unaffiliated/mescal] has quit [Remote host closed the connection]
05:23 -!- toli [~toli@ip-62-235-215-221.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:25 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has joined #openvpn
05:34 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:39 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 255 seconds]
05:52 -!- nl6720 [~nl6720@62.85.17.131] has left #openvpn []
05:52 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
06:15 -!- rich0_ is now known as rich0
06:27 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
06:42 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
07:06 -!- dazo is now known as dazo_afk
07:10 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
07:11 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
08:11 -!- snaap [~snaap@2001:984:d2cc:1:d4aa:4689:8377:2219] has joined #openvpn
08:11 < snaap> howdy!
08:12 < snaap> I am trying to get openvpn to work for the first time - installing seemed to work just fine, but it wont connect to the web after connecting through vpn...
08:12 < snaap> any thoughts? i'm using lnux mint 17.1 xfce
08:13 < fred``> sounds like a configuration issue
08:15 < snaap> anything more specific I could look at? :)
08:16 < fred``> with this unspecific question ?
08:17 < fred``> we are not telepaths, please ask a concrete question and wait for an answer
08:19 < snaap> what would make it more specific?
08:20 < fred``> well - what do you want to accomplish - how is the client configured - how the server - how the firewall
08:22 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:24 < snaap> fred``: firewall's off, not exactly sure how the client is configured, as I got my certificate and keys from a friend
08:24 < snaap> not exactly a pro here, first time I'm trying to use a VPN
08:25 < snaap> purpose is basically hiding my ip-address, not using it to access country-restricted material
08:28 < fred``> it sounds like you're able to establish the connection
08:29 < fred``> your friend need to check if his firewall is routing/NATing the openvpn-net to allow acces to the web
08:29 < fred``> and he need to add a option called 'redirection-gateway'
08:30 < snaap> fred``: yes, I can tell that I'm connected to the VPN indeed, it's just that nothing else connects after that
08:30 < fred``> did your default route change to the vpn after you started it ?
08:31 < snaap> fred``: I am not sure, how can I tell?
08:36 < fred``> type 'route -n' in a terminal
08:37 < fred``> any 0.0.0.0 should go via the openvpn gw
08:37 < fred``> any=a
08:39 < snaap> hmmm
08:39 < snaap> some routes go through 0.0.0.0 but not all of them
08:40 < snaap> !welcome
08:40 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:40 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:40 < snaap> !howto
08:40 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
08:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:56 < snaap> does that help at all fred`` ?
08:57 < fred``> no - not really :)
08:57 < fred``> is one of the 0.0.0.0-Routes pointing to the vpn net ?
08:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:59 < snaap> fred``: not sure, but here's what I got: http://dpaste.com/1XE73KX
09:03 < fred``> to me it looks good - i asume that the 172.16.42.9 is the vpn-network
09:04 < fred``> what happens when doing on terminal: traceroute -n 8.8.8.8
09:06 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:06 < snaap> fred``: this happens: http://dpaste.com/076MPXM
09:20 < snaap> i've tried at a different computer - apparently it does work when I run it directly through the terminal, but it doesn't when I create an extra connection in my network manager
09:22 < fred``> sounds good
09:22 < fred``> seems like some sort of permission problem
09:24 < snaap> yeah, but how?
09:24 < snaap> the config is completely the same, right?
09:47 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
09:56 -!- snaap [~snaap@2001:984:d2cc:1:d4aa:4689:8377:2219] has quit [Quit: Leaving]
10:03 -!- disconnecht [~disconnec@unaffiliated/disconnecht] has joined #openvpn
10:05 < disconnecht> hi, when making .ovpn files with attached keys (certificates), as explained here -- https://paste.debian.net/plain/315369 -- is there a tool for doing this or should i just make a bash script?
10:09 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:14 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 246 seconds]
10:38 < skyroveRR> disconnecht: you don't need to make a bash script, just a simple test file.
10:39 < skyroveRR> *text.
11:22 -!- hennos [~midas8@167.160.44.209] has joined #openvpn
11:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
11:26 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
11:27 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
11:30 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 265 seconds]
12:28 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
12:34 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:46 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
12:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:55 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
12:55 -!- aeden__d [~aeden__d@unaffiliated/aedend] has joined #openvpn
12:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:13 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
13:22 -!- puzzlerecovery [~puzzlerec@c-107-2-146-199.hsd1.co.comcast.net] has joined #openvpn
13:25 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
13:32 -!- disconnecht [~disconnec@unaffiliated/disconnecht] has quit [Ping timeout: 246 seconds]
13:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:44 -!- puzzlerecovery [~puzzlerec@c-107-2-146-199.hsd1.co.comcast.net] has quit [Quit: nerds]
13:57 -!- cambazz [~freebsd@46.101.223.155] has joined #openvpn
13:58 < cambazz> hello, i installed an openvpn as droplet, and it works with my linux laptop perfect, for the windows desktop i installed client, etc, and it works too
13:58 < cambazz> but how can i make sure that dns traffic is also going tru the pipe
14:16 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:29 -!- hennos [~midas8@167.160.44.209] has quit [Ping timeout: 244 seconds]
14:34 -!- nl6720 [~nl6720@62.85.17.131] has joined #openvpn
14:43 -!- hennos [~midas8@167.160.44.253] has joined #openvpn
14:47 -!- dazo_afk is now known as dazo
14:52 -!- cambazz [~freebsd@46.101.223.155] has left #openvpn []
15:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
15:05 -!- aeden__d [~aeden__d@unaffiliated/aedend] has quit [Ping timeout: 246 seconds]
15:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
15:20 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
15:21 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:30 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
15:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:50 -!- JackWinter_ [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
15:53 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
16:06 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:14 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Ping timeout: 264 seconds]
16:15 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
16:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
16:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:39 -!- nl6720 [~nl6720@62.85.17.131] has left #openvpn ["IRC for Sailfish 0.9"]
16:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:58 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:00 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 256 seconds]
17:11 -!- dazo is now known as dazo_afk
17:14 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
17:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
17:20 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 244 seconds]
17:35 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
17:36 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Max SendQ exceeded]
17:37 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
17:37 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Max SendQ exceeded]
17:38 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
17:39 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Max SendQ exceeded]
17:40 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
17:41 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Max SendQ exceeded]
17:41 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
17:42 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Max SendQ exceeded]
17:43 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
17:44 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Max SendQ exceeded]
17:55 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds]
17:57 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
18:49 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 252 seconds]
19:14 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 272 seconds]
19:39 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
19:43 -!- hennos [~midas8@167.160.44.253] has quit [Quit: Leaving]
19:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
20:09 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
20:26 -!- lykinsbd [~lykinsbd@cpe-70-117-21-58.satx.res.rr.com] has quit [Ping timeout: 272 seconds]
20:33 -!- lykinsbd [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
20:35 -!- Jalen [~quassel@belencomputers/regular/jalen] has quit [Ping timeout: 264 seconds]
20:52 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
20:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:53 -!- puzzlerecovery [~puzzlerec@c-107-2-146-199.hsd1.co.comcast.net] has joined #openvpn
20:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:02 -!- puzzlerecovery [~puzzlerec@c-107-2-146-199.hsd1.co.comcast.net] has quit [Read error: Connection reset by peer]
21:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:14 -!- Telvana [~digits@raven-security.com] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
21:24 -!- Telvana [~digits@raven-security.com] has joined #openvpn
21:55 -!- mystica555_ [~mystica55@184-96-131-233.hlrn.qwest.net] has quit [Quit: Leaving]
21:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
22:03 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
22:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:18 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has joined #openvpn
23:19 -!- ShadniX [dagger@p5DDFCE48.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:20 -!- ShadniX [dagger@p57941394.dip0.t-ipconnect.de] has joined #openvpn
23:46 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
23:48 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
23:53 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 272 seconds]
--- Day changed Mon Oct 12 2015
00:03 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:22 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 264 seconds]
00:24 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
00:58 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
00:58 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:02 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has quit [Remote host closed the connection]
01:05 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has joined #openvpn
01:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:16 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
01:25 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
01:25 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
01:32 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
01:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:41 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:41 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 244 seconds]
01:41 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
01:52 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has quit [Ping timeout: 272 seconds]
02:07 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:09 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
02:30 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:30 -!- mode/#openvpn [+o mattock1] by ChanServ
03:02 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
03:06 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has joined #openvpn
03:06 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:25 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
03:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:30 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 268 seconds]
04:10 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
04:11 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:12 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
04:25 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:26 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:43 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
04:47 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 265 seconds]
04:52 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
04:52 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
05:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:09 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:28 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
05:29 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:51 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:57 -!- tm_ebis [~tm_ebis@dslb-094-216-225-128.094.216.pools.vodafone-ip.de] has quit [Ping timeout: 264 seconds]
06:14 -!- alec-b [~alec@194.97.108.93.rev.vodafone.pt] has quit [Ping timeout: 255 seconds]
06:15 -!- bf_ [~bf_@xdsl-87-78-232-197.netcologne.de] has joined #openvpn
06:16 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:17 < bf_> Hey everyone, I am trying to find a way to let my VPN clients to access one specific host outside the vpn through the vpn server. All other routes should be done over local ISPs. Can anybody point me in the right direction? I would start off by trying to push a specific route to VPN clients and see if this works?
06:17 -!- alec-b [~alec@188.72.166.178.rev.vodafone.pt] has joined #openvpn
06:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
06:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:32 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Client Quit]
06:44 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
06:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:57 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Client Quit]
07:00 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:10 -!- SJr [~sjr@S0106c43dc7a31386.vf.shawcable.net] has quit [Ping timeout: 268 seconds]
07:29 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:37 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
07:58 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 264 seconds]
08:01 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:03 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
08:20 -!- bf_ [~bf_@xdsl-87-78-232-197.netcologne.de] has quit [Ping timeout: 250 seconds]
08:28 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
09:03 -!- artisan_pickle [~quigg@static.81.167.229.96.customers.terrahost.no] has joined #openvpn
09:08 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 240 seconds]
09:10 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
09:10 -!- mode/#openvpn [+o pekster] by ChanServ
09:10 -!- DrCode [~DrCode@5.28.134.3] has quit [Quit: ZNC - http://znc.in]
09:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:14 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Remote host closed the connection]
09:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:23 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
09:29 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
09:31 -!- ade_b [~Ade@redhat/adeb] has quit [Client Quit]
09:42 -!- snaap [~snaap@2001:984:d2cc:1:584f:f018:fd23:2a48] has joined #openvpn
09:42 < snaap> hey guys... I'm wondering if anybody could help me figure out how to configure openvpn correctly in LM17.2 (xfce) - I've changed the Advanced Settings in my Network Manager, but it somehow won't save them...
09:43 < snaap> In fact, it's only Custom Gateway Port that is unselected once I leave the window
09:47 < snaap> Also, when running openvpn through my terminal, it does work... not so when I create a connection in Network Manager
09:47 < snaap> any thoughts?
09:47 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:49 -!- d0p [~d0p@unaffiliated/g0ts1ck] has joined #openvpn
09:49 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:49 < d0p> http://ix.io/lnl
09:49 < d0p> Help ?
09:56 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
10:04 -!- neurosys [~neurosys@2601:586:201:d800:20d:b9ff:fe35:3959] has quit [Remote host closed the connection]
10:06 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
10:06 < lilalinuxHamburg> Aloha
10:06 < lilalinuxHamburg> is it possible to use bonjour (avahi) over openvpn?
10:06 < d0p> y
10:07 < lilalinuxHamburg> :-)
10:07 < lilalinuxHamburg> can you give me a starter?
10:08 < lilalinuxHamburg> in case the "y" meant "yes" and not "why"
10:08 < lilalinuxHamburg> as for the why: I want to use iOS homekit from remote without using an AppleTV
10:11 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 250 seconds]
10:15 < d0p> yes as yes
10:19 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
10:19 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:20 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 264 seconds]
10:21 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
10:21 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
10:22 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has joined #openvpn
10:24 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
10:24 -!- mode/#openvpn [+o pekster] by ChanServ
10:28 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:31 < saik0> lilalinuxHamburg: You'll want to look into bridging (as opposed to routing)
10:31 < lilalinuxHamburg> so, simply using a tap interface?
10:33 < saik0> The udp broadcasts will have to travserse the vpn somehow
10:34 -!- CPngN [~CPngN@unaffiliated/cpngn/x-6985199] has left #openvpn ["The system is going down for reboot NOW!"]
10:37 < saik0> (tap would have the most "ease" of setup, I've never had to do it with tun)
10:39 < lilalinuxHamburg> thank you
10:46 < lilalinuxHamburg> saik0: dev tap — This directive is not supported because the underlying iOS VPN API doesn't support tap-style tunnels.
10:46 < lilalinuxHamburg> alternatives?
10:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
11:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:09 -!- mode/#openvpn [+o mattock1] by ChanServ
11:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
11:10 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
11:12 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
11:19 -!- d0p [~d0p@unaffiliated/g0ts1ck] has quit [Quit: WeeChat 1.3]
11:22 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
11:27 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
11:46 < saik0> lilalinuxHamburg: jump off a tall building, it will hurt less xD
11:49 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
11:56 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Quit: WeeChat 0.4.2]
12:09 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 240 seconds]
12:10 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
12:22 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:39 -!- s34n [~chatzilla@104.152.131.130] has joined #openvpn
12:40 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
12:41 < s34n> I have a host running an http server. My openvpn server can interact with the webserver just fine, but vpn clients in the same subnet as the http server cannot.
12:47 < s34n> !ovpnuke
12:47 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
12:55 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
12:58 -!- Socket- [~kerbooom@pool-96-255-103-79.washdc.fios.verizon.net] has left #openvpn []
13:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:15 < Abbott> !configs
13:15 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:24 -!- snaap [~snaap@2001:984:d2cc:1:584f:f018:fd23:2a48] has quit [Remote host closed the connection]
14:01 < Abbott> Hi guys. I can't get DNS to work through my vpn. Here are my configs: http://0x0.st/iXF.conf http://0x0.st/i8i.conf
14:02 < Abbott> I can connect to other local machines on my vpn lan and it connects okay, it just looks like DNS doesnt work. I can load resolved sites just fine
14:05 -!- lazypower [~lazypower@ubuntu/member/lazypower] has left #openvpn ["Leaving"]
14:08 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
14:11 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
14:20 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 240 seconds]
14:21 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
14:43 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
14:59 -!- tomodachi [~tomodachi@s-000802a0bdd3.04-30-73746f34.cust.bredbandsbolaget.se] has joined #openvpn
15:00 < tomodachi> hi guys , im building some custome iptables rules for my openvpn server with iptables and openvpn hooks
15:00 < tomodachi> im a bit uncertain how to do a clean up
15:00 < tomodachi> with the learn-address hook
15:00 < tomodachi> i get a state sent to my script ( add|delete|update)
15:01 < tomodachi> i assumed that the script would be called agai with delete, when the user disconnects , but this doesnt seem to be the case?
15:01 < tomodachi> am i supposed to use the client-disconnect hook instead? If so , what is the delete, meant for?
15:03 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
15:03 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-haqlvqqdvtxexpei] has joined #openvpn
15:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
15:19 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:33 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
16:08 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has joined #openvpn
16:08 < vaskozl> Hey I moved to a network that supports ipv6 and now for some reason websites see my real ipv6 address rather than that of the server.
16:09 <@Eugene> That's how IPv6 works
16:09 < vaskozl> :(
16:09 <@Eugene> It's preferred over IPv4 by most client implementations
16:09 <@Eugene> If you want to have an IPv6 default gateway over the VPN then you'll have to configure that
16:10 < vaskozl> So my traffic is still router trough?
16:10 < vaskozl> But yet it still sees my real ip address?
16:10 <@Eugene> I dunno what your setup is, so I can only guess
16:10 <@Eugene> Most openvpn guides onyl assume IPv4 is present
16:10 < vaskozl> Right
16:11 <@Eugene> IPv4 traffic would thus be routed through the tunnel; IPv6 would not.
16:11 < vaskozl> This is my client: https://skozl.com/s/client.conf
16:11 <@Eugene> That only deals with v4, yup.
16:11 < vaskozl> This is server: https://skozl.com/s/server-udp.conf
16:13 < vaskozl> Would you hint me as to what I'd need to add to the config to also route ipv6 traffic?
16:13 <@Eugene> !ipv6
16:13 <@vpnHelper> "ipv6" is (#1) The wiki has IPv6 details: https://community.openvpn.net/openvpn/wiki/IPv6 or (#2) The manpage contains info about IPv6 features present in 2.3+: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ
16:14 <@Eugene> Wiki page covers it pretty well
16:14 < vaskozl> I read it
16:14 < vaskozl> That's why I added the ipv6 lines.
16:16 < tomodachi> vaskozl: you can Nat: the traffic if you have control over the infrastructure. so it appears to be coming from your firewall but its not cool
16:16 < vaskozl> I run my own server.
16:16 < tomodachi> there you go!, then you can do it
16:16 < tomodachi> but the nice thing with ipv6 is that its routed
16:17 < vaskozl> I've got the config I shared.
16:17 < tomodachi> so all those picky protocols just work!
16:18 < vaskozl> Is my config wrong?
16:18 < tomodachi> I have a question  ,when is an address in openvpn removed?
16:19 < tomodachi> im curious of when the delete variable is sent in the learn-address hook
16:28 < tomodachi> im refering to the ip adress of a client connecting to a vpn server
16:28 < tomodachi> in client to site mode,
16:41 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:14 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
17:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:20 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
17:24 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 252 seconds]
17:25 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has joined #openvpn
17:29 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 240 seconds]
17:29 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
18:03 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
18:28 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
19:12 -!- zerodata [~jubs@unaffiliated/jubs1983] has joined #openvpn
19:12 < zerodata> Hello
19:13 < zerodata> looking for some help on installing OpenVPN on my linux box
19:25 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
19:37 -!- zerodata [~jubs@unaffiliated/jubs1983] has left #openvpn []
19:43 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
19:49 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has joined #openvpn
19:50 < splud> I need to tweak openvpn configs to use UDP instead of TCP - but still permit tcp based connections to work.  This is for some embedded appliances.
19:52 < splud> This is for “phone home” capability for maintenance.  Existing config on the devices that initiate the tunnel use tcp, and also an upgrade script expects to retrieve content from a specific IP over that tunnel.  If I configure the server to have tcp and udp configurations for openssl, they must be on separate subnets - which makes that IP address unreachable from one subnet or the other.
19:53 < splud> This architecture predates me, I just need to optimize things.
19:54 < splud> The OpenVPN configuration does not establish routing or bridging - it is PtP: client, server.
19:55 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
19:55 < splud> How might I overlay the TCP and UDP networks in the OpenVPN configs on the server?
19:56 -!- lykinsbd [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has quit [Ping timeout: 244 seconds]
20:01 -!- hennos [~midas8@167.160.44.220] has quit [Quit: Leaving]
20:20 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:34 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
20:38 -!- alec-b [~alec@188.72.166.178.rev.vodafone.pt] has quit [Ping timeout: 260 seconds]
20:44 -!- neurosys [~neurosys@96.91.122.73] has joined #openvpn
20:45 -!- neurosys [~neurosys@96.91.122.73] has quit [Client Quit]
20:47 -!- neurosys [~neurosys@96.91.122.73] has joined #openvpn
20:48 -!- alec-b [~alec@116.126.108.93.rev.vodafone.pt] has joined #openvpn
20:55 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has quit [Quit: splud]
21:04 -!- artisan_pickle [~quigg@static.81.167.229.96.customers.terrahost.no] has quit [Ping timeout: 260 seconds]
21:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:38 < tomodachi> no one able to asnwer my question?
21:38 < tomodachi> i found something similair to an answer in the openvpn mailinglist
21:38 < tomodachi> ""..The delete event is raised some time after the client-instance object on
21:38 < tomodachi> the server is deleted.  This is usually a function of the keepalive
21:38 < tomodachi> parameter."
21:41 < tomodachi> but i have been disconnecte for over four hours  and i still dont see it launching learn-address with del
21:41 < tomodachi> i would suspect the keepalive ping settings, but they are all default
22:06 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has quit [Remote host closed the connection]
22:55 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has joined #openvpn
22:55 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has quit [Remote host closed the connection]
22:57 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has joined #openvpn
23:20 -!- ShadniX [dagger@p57941394.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:21 -!- ShadniX [dagger@p57941A91.dip0.t-ipconnect.de] has joined #openvpn
23:29 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 268 seconds]
23:33 -!- early` [~early@105.ip-167-114-152.net] has quit [Read error: Connection reset by peer]
23:39 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
23:40 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:43 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Read error: Connection reset by peer]
23:44 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
23:58 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
--- Day changed Tue Oct 13 2015
00:10 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:15 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
00:20 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has quit [Remote host closed the connection]
00:35 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:57 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Ping timeout: 244 seconds]
01:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
01:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
01:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:10 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Client Quit]
01:11 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:12 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-dshjiunnnzhirpuk] has quit [Quit: Connection closed for inactivity]
01:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:23 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
01:24 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
01:25 -!- u0m3__ [~u0m3@92.80.81.240] has joined #openvpn
01:27 -!- JackWinter_ [~jack@vodsl-8284.vo.lu] has joined #openvpn
01:28 -!- julie_harshaw [~julie@juliekoubova.net] has quit [Ping timeout: 250 seconds]
01:28 -!- dmilith2 [~dmilith@verknowsys.com] has quit [Ping timeout: 250 seconds]
01:28 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 250 seconds]
01:28 -!- u0m3_ [~u0m3@92.80.81.240] has quit [Ping timeout: 250 seconds]
01:28 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 250 seconds]
01:28 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 250 seconds]
01:28 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 250 seconds]
01:29 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
01:29 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
01:29 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
01:29 -!- mode/#openvpn [+v RBecker] by ChanServ
01:32 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
02:00 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 240 seconds]
02:07 -!- AjaniMember [~Ajani@107.170.118.82] has joined #openvpn
02:08 < AjaniMember> hey guys when I connect to PIA through openvpn I cant ping or connect to anything
02:08 < AjaniMember> what information do you need to help me?
02:17 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
02:17 < skyroveRR> AjaniMember: read the topic.
02:20 < AjaniMember> good point
02:20 < AjaniMember> one momento
02:21 < AjaniMember> !paste
02:21 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
02:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
02:24 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:25 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
02:28 -!- dmilith [~dmilith@verknowsys.com] has joined #openvpn
02:34 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
02:42 -!- Exagone313 [exa@elou.world] has joined #openvpn
02:55 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:26 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:27 < AjaniMember> !poodle
03:27 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
03:27 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:28 < AjaniMember> welcome, member. please wait to the left.
03:37 < AjaniMember> http://www.hastebin.com/raw/dacemijoye when I connect successfully to the vpn I cant ping anything or download anything
03:49 -!- Netsplit *.net <-> *.split quits: nemysis
03:49 -!- Netsplit over, joins: nemysis
03:54 < tomodachi> good morning everyone!
03:54 < AjaniMember> mornin
03:55 < tomodachi> any one care to explain when the variable delete is sent in openvpn learn-address
03:55 -!- dazo_afk is now known as dazo
03:55 < AjaniMember> can someone help me? I cant download anything or ping anything when I connect to a vpn succeffulyy
03:55 < tomodachi> i have some  things i want to happen when a openvpn client disconnects from the server, but cannot seem to trigger an event in openvpn around it
03:56 < AjaniMember> these are my configs
03:56 < AjaniMember> http://www.hastebin.com/raw/dacemijoye
03:57 < tomodachi> AjaniMember: does your openvpn server have access to the internet?
03:57 < tomodachi> if so ,and if you havent you have to enable NAT in iptables
03:57 < AjaniMember> yes its private inernet access's severs
03:57 < tomodachi> so your connections are nat:ed out
03:57 < AjaniMember> oh okay i havent done that
03:58 < AjaniMember> could you explain to me why that is and what that means because Im really interested?
04:03 < tomodachi> i assume you are using ipv4
04:03 < tomodachi> and you cant route out your private addresses on to the internet
04:04 < tomodachi> so you need to Network Adress Translate traffic
04:04 -!- patteh [~patteh@unaffiliated/patteh] has joined #openvpn
04:04 < tomodachi> basically just the samy way a home router lets your private network out on the internet
04:04 < patteh> lo all
04:04 < tomodachi> this is not really related to openVPN , its a firewall feature
04:04 < tomodachi> in iptables
04:04 < patteh> can anyone tell me if its possible to select which traffic to tunnel when a client is connected to openvpn?
04:04 < tomodachi> patteh: it is indeed
04:04 < tomodachi> depends on how you mean traffic
04:05 < tomodachi> you can use firewalls to filter away traffy
04:05 < AjaniMember> so would putting my server with openvpn into a demilatariezed zone work?
04:05 < patteh> basically, clients use vpn to connect to our internal machines
04:05 < patteh> i need to route traffic through our network for an external AWS machine
04:05 < tomodachi> AjaniMember: google iptables NAT tutorial , and then come back with questions
04:05 < patteh> which  has a strict secuirty policy
04:05 < AjaniMember> yeah and okay
04:05 < patteh> and only allows connections from our external IP
04:05 < tomodachi> patteh: then its just about pushing the proper routes
04:06 < patteh> okay
04:06 < patteh> pIP 255.255.255.0)
04:06 < patteh> push route*
04:06 < patteh> at the start
04:06 < patteh> sorry dodgy keyboard map
04:06 < AjaniMember> and is it possible to create a killswitch that has 100% accuracy? in terms of when the openvpn connection dies it cuts off your internet?
04:06 < patteh> push route(IP 255.255.255.0)
04:07 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:09 < tomodachi> AjaniMember: that depends on your setup
04:09 < tomodachi> if computer a (openvpnclient) connects to compuber b (openvpn server)
04:09 < tomodachi> through the internet, how could the server affect the internet connection of the client of if it alredy connects through the internet to it?
04:11 < AjaniMember> no I mean I want to cut off my own internet on purpose after openvpn loses connection due to an unknown reason
04:19 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:20 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
04:45 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:03 -!- vaskozl [~vaskozl@unaffiliated/einherjar] has left #openvpn []
05:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:11 -!- Abbott [~Abbott@unaffiliated/abbott] has joined #openvpn
05:12 < Abbott> I submitted a post with tapatalk but it hasn't showed up yet, does it take a while when submitting through tapatalk or did the app mess up?
05:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:41 -!- mode/#openvpn [+o mattock1] by ChanServ
05:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
05:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:41 -!- mode/#openvpn [+o mattock1] by ChanServ
05:54 -!- u0m3__ is now known as u0m3
06:00 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:30 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
06:41 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:45 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
07:05 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
07:43 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
07:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:53 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
08:01 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:07 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:07 -!- mode/#openvpn [+o mattock2] by ChanServ
08:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
08:49 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
08:50 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
08:51 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:57 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
08:57 < leonarth> is not possible to connect to an OpenVPN server without the Access Client?
08:57 < leonarth> can't I use a normal PPTP or L2TP connection?
08:59 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Quit: leaving]
08:59 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
09:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:30 -!- phuzion [~phuzion@chrisegeland-1-pt.tunnel.tserv8.dal1.ipv6.he.net] has joined #openvpn
09:32 -!- phuzion [~phuzion@chrisegeland-1-pt.tunnel.tserv8.dal1.ipv6.he.net] has left #openvpn ["See ya"]
09:46 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-cjskoserhmhfbmra] has joined #openvpn
09:49 < DArqueBishop> leonarth, no, because OpenVPN does not support L2TP or PPTP.
09:50 < leonarth> so OpenVPN has like its own protocol?
09:50 < leonarth> also is openVPN commercial? I see I can only have 2 users
09:53 < DArqueBishop> ... you're using Access Server, aren't you?
09:54 < DArqueBishop> There's a commerical product called OpenVPN Access Server, and there's an open source program called OpenVPN. This channel is for the open source version.
09:54 < DArqueBishop> !as
09:54 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
10:06 < leonarth> I installed the AS one erroneously, I'll remove it and install the OSS version
10:07 < leonarth> the OSS one doesn't have the web interface though right?
10:07 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:23 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-pwedfmpceafphrsb] has joined #openvpn
10:23 < NetworkingPro> sup everyone
10:23 < NetworkingPro> hey dazo you around?
10:24 < NetworkingPro> Anyone know if you can set the 60 min key expiry from the server conf.
10:24 < NetworkingPro> Or is that a client conf change?
10:25 < NetworkingPro> Also, is there  a performance benefit to expiring keys less frequently?
10:25 < leonarth> anyone got a solution for this yet? https://forums.openvpn.net/topic10469.html
10:25 <@vpnHelper> Title: OpenVPN Support Forum Client error: JSONDialog: Error running jsondialog : Access Server (at forums.openvpn.net)
10:34 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
10:37 <@Eugene> NetworkingPro - It sounds like you're referring to the data channel key, --reneg-sec parameter?
10:37 < DArqueBishop> leonarth: for Access Server support, you'll need to go to #openvpn-as.
10:37 < DArqueBishop> As to your other question, you are correct. The OSS version does not have a web interface.
10:37 <@Eugene> That one can be renegotiated as often as you like, it's just an ephermeral key used for perfect-forward-secrecy.
10:38 <@Eugene> IOW, it's a temporary key negotiated for encrypting the data channel.
10:39 <@Eugene> It takes a lil CPU to reneg. One hour is generally a good balance between doing this and the possibility of a key exploit - at most, one hour's traffic could be decrypted with a given key
10:40 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 272 seconds]
10:47 -!- Chex_ [~Chex@swampjax.northnook.ca] has joined #openvpn
10:56 -!- Chex_ [~Chex@swampjax.northnook.ca] has quit [Quit: Changing server]
10:56 -!- ChexFun [sss@swampjax.northnook.ca] has joined #openvpn
10:59 -!- ChexFun [sss@swampjax.northnook.ca] has quit [Client Quit]
10:59 -!- Chex_ [~Chex@swampjax.northnook.ca] has joined #openvpn
11:09 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
11:15 -!- Chex_ is now known as Chex-
11:18 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-haqlvqqdvtxexpei] has left #openvpn []
11:23 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:25 -!- neurosys [~neurosys@96.91.122.73] has quit [Read error: Connection reset by peer]
11:26 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
11:37 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:09 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-haqlvqqdvtxexpei] has joined #openvpn
12:20 -!- greeni [~Thunderbi@70.32.39.66] has joined #openvpn
12:21 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-haqlvqqdvtxexpei] has left #openvpn []
12:23 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
12:26 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
12:29 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:48 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:26 -!- greeni [~Thunderbi@70.32.39.66] has quit [Quit: greeni]
13:28 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
13:37 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has joined #openvpn
13:38 < splud> Okay, sorted out the TCP+UDP stuff yesterday by having OpenVPN on the server issue a route.
13:44 -!- greeni [~Thunderbi@70.32.39.66] has joined #openvpn
13:45 -!- greeni [~Thunderbi@70.32.39.66] has quit [Client Quit]
13:46 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 252 seconds]
13:53 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
14:02 -!- hennos [~midas8@167.160.44.220] has quit [Quit: Leaving]
14:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
14:10 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:20 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
14:20 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:24 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 240 seconds]
14:27 < tomodachi> how come the user variable in learn-address is not sent when doing a delete?
14:27 < tomodachi> when its sent in "add" and "update"
14:30 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:32 -!- hennos [~midas8@167.160.44.220] has quit [Quit: Leaving]
14:42 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
14:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
14:50 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:02 -!- hennos [~midas8@167.160.44.220] has quit [Quit: Leaving]
15:15 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
15:28 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
15:29 < zoredache> !factoids
15:29 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
15:31 < zoredache> Well that is no good :(  That seems to be offline.  I was hoping that it was just relocated.
15:33 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
15:49 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
15:53 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:56 <@Eugene> I blame krzee
15:56 <@Eugene> !blame
15:56 <@vpnHelper> "blame" is (#1) According to Bushmills, it's always krzee's fault or (#2) According to krzee, it's always dazo's fault or (#3) and dazo will always blame EugeneKay, Bushmills, ecrist or any other sensible victims in the required moments or (#4) cron2 says its always d12fk's fault (and sometimes the customers)
15:58 -!- hennos [~midas8@167.160.44.220] has quit [Quit: Leaving]
16:00 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
16:03 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has joined #openvpn
16:03 < Naphatul> how can i change the dhcp range? i have set up static allocations via the ccd folder but it seems my other client which doesn't have a static allocation is assigned the same address
16:04 < Naphatul> i assume this is because it assigns it by another means other than dhcp, so i'd like to change the dhcp allocations to begin higher
16:24 -!- Naphatul [~Naphatul@unaffiliated/naphatul] has quit [Quit: Konversation terminated!]
16:37 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
16:39 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:42 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:25 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
18:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 255 seconds]
18:09 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
18:11 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
18:12 -!- doop [~doop@colostomy.club] has joined #openvpn
18:17 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
18:26 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 252 seconds]
18:38 -!- Abbott [~Abbott@unaffiliated/abbott] has quit [Ping timeout: 240 seconds]
18:50 -!- Ssquidly [~squidly@buttle.nnx.com] has quit [Ping timeout: 240 seconds]
18:53 -!- hennos [~midas8@167.160.44.220] has quit [Quit: Leaving]
18:56 -!- Ssquidly [~squidly@gate.nnx.com] has joined #openvpn
19:00 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
19:10 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
19:11 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
19:12 -!- dazo is now known as dazo_afk
19:18 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 255 seconds]
19:20 -!- DzAirmaX_ [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:28 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:33 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:49 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-151-62.w86-195.abo.wanadoo.fr] has joined #openvpn
20:01 <@krzee> lol
20:02 <@krzee> ecrist, theserversdown
20:03 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has quit [Ping timeout: 240 seconds]
20:07 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
20:09 -!- hennos [~midas8@167.160.44.220] has quit [Quit: Leaving]
20:16 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 250 seconds]
20:18 <@ecrist> krzee: which one? lol
20:26 <@ecrist> krzee: seriously, though, which server is down?
20:30 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
20:30 <@ecrist> !book
20:30 <@vpnHelper> "book" is (#1) http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2! or (#2) Jan and Eric's Mastering OpenVPN: https://www.packtpub.com/networking-and-servers/mastering-openvpn
20:33 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has quit [Quit: splud]
20:34 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
20:50 -!- alec-b [~alec@116.126.108.93.rev.vodafone.pt] has quit [Ping timeout: 255 seconds]
20:53 -!- alec-b [~alec@46.106.108.93.rev.vodafone.pt] has joined #openvpn
21:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:43 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:45 <@krzee> ecrist,
21:45 <@krzee> !factoids
21:45 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
21:46 <@krzee> Unable to connect
21:46 <@krzee> Firefox can't establish a connection to the server at www.secure-computing.net.
21:49 <@ecrist> sheeet
21:50 <@krzee> Eugene used !blame to ping us all, which seems to have worked :D
21:53 <@ecrist> lol
21:53 <@ecrist> I'm working on it
21:53 <@ecrist> an upgrade last night apparently stopped my SVN stuff to work, preventing apache running
21:55 <@Eugene> ecrist - lrn2nagios
22:06 <@ecrist> Eugene: I nagiosmorethanu
22:07 <@ecrist> other than Ethan himself, I probably nagios more than most
22:40 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
22:41 <@krzee> zoredache, its back, thanks for pointing it out
22:45 <@Eugene> ecrist - https://status.kashpureff.org
22:45 <@vpnHelper> Title: Kashpureff Network Status (at status.kashpureff.org)
22:46 <@Eugene> I never got it working quite right on the phone, however :-(
22:48 <@krzee> thats badass
22:48 <@krzee> i want one
22:56 <@krzee> that looks so much cooler than when i checked out nagios and zabbix a few years back
23:15 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 240 seconds]
23:18 -!- ShadniX [dagger@p57941A91.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
23:20 -!- ShadniX [dagger@p5DDFD04F.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Wed Oct 14 2015
00:05 -!- phantomcircuit [~phantomci@strateman.ninja] has quit [Quit: quit]
00:09 <@Eugene> It's fundamentally the same CGIs still... they just tossed a fresh CSS on it
00:09 <@Eugene> That isn't even a CGI - it's staticly gen'ed.
00:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:20 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:21 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
00:25 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:31 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:31 -!- mode/#openvpn [+o mattock1] by ChanServ
00:35 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
00:53 -!- fling [~fling@fsf/member/fling] has quit [Read error: Connection reset by peer]
00:54 -!- fling [~fling@fsf/member/fling] has joined #openvpn
01:02 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:13 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
01:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:17 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
01:18 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
01:30 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:32 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:34 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
01:39 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has quit [Ping timeout: 268 seconds]
01:41 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
01:49 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
02:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
02:02 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-cjskoserhmhfbmra] has quit [Quit: Connection closed for inactivity]
02:02 -!- Savemech [Savemech@gateway/shell/firrre/x-muvswtacldcgnocq] has quit [Quit: y.u.dont.use.firrre.com]
02:04 -!- Savemech [Savemech@gateway/shell/firrre/x-wuiqakhqpvobavxe] has joined #openvpn
02:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:18 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:21 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:28 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
03:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:33 -!- dazo_afk is now known as dazo
03:37 -!- zerocool [cloneman@1337.montrealdark.com] has quit [Ping timeout: 264 seconds]
03:39 -!- c|oneman [cloneman@1337.montrealdark.com] has joined #openvpn
03:41 -!- kangyong [~Thunderbi@117.114.151.179] has joined #openvpn
03:42 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:58 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:04 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:05 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:06 -!- kangyong [~Thunderbi@117.114.151.179] has quit [Quit: kangyong]
04:09 -!- kangyong [~kangyong@117.114.151.179] has joined #openvpn
04:10 -!- kangyong [~kangyong@117.114.151.179] has left #openvpn []
04:14 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
04:14 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
04:16 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
04:17 -!- kangyong [~kangyong@117.114.151.179] has joined #openvpn
04:17 -!- kangyong [~kangyong@117.114.151.179] has left #openvpn []
04:18 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
04:21 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
04:25 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:30 -!- phantomcircuit [~phantomci@strateman.ninja] has joined #openvpn
04:30 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
04:42 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:44 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
05:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:16 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
05:21 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
05:22 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
05:22 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
05:25 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:25 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has joined #openvpn
05:30 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
05:31 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
05:32 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:38 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
05:39 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
06:16 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
06:25 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
06:39 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
06:50 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
06:57 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:00 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:11 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:16 -!- hennos [~midas8@167.160.44.220] has joined #openvpn
07:46 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:14 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:22 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
08:23 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:25 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 264 seconds]
08:26 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
08:32 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:42 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has joined #openvpn
08:43 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:43 -!- elfixit [~Icedove@dhcp-129-136.office.init7.net] has quit [Client Quit]
08:47 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:48 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:05 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
09:09 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
09:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
09:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:23 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
09:41 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:44 -!- mescalito [~mescalito@unaffiliated/mescal] has quit [Quit: mescalito]
09:48 <@ecrist> so much idle
10:15 -!- Valcorb [~Valcorb@unaffiliated/valcorb] has joined #openvpn
10:15 < Valcorb> !welcome
10:15 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
10:15 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:19 < Valcorb> Hello, can anyone help me? I'm trying to connect to my VPN, but the client doesn't even connect to it. Server conf: http://pastebin.com/87MDYR8a Client conf: http://pastebin.com/XciD7Uqx Server log: http://pastebin.com/pnBX9fRR
10:19 < Valcorb> Thanks!
10:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
10:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Client Quit]
10:23 -!- s34n [~chatzilla@104.152.131.130] has left #openvpn []
10:47 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:12 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:13 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
11:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:39 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
11:42 -!- Champi_ [Champi@damn.e-leet.be] has joined #openvpn
11:42 -!- SupaYoshi_ [~SupaYoshi@104.223.1.186] has joined #openvpn
11:43 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
11:44 -!- CGML_ [~CGML@unaffiliated/cgml] has joined #openvpn
11:45 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 260 seconds]
11:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:46 -!- mode/#openvpn [+o mattock1] by ChanServ
11:47 -!- KronoZ` [~KronoZ@proxy.kronoz.guru] has joined #openvpn
11:47 -!- unixninja92_ [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
11:48 -!- julie_harshaw [~julie@juliekoubova.net] has joined #openvpn
11:48 -!- marlinc_ [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
11:50 -!- _FBi- [~B@Aircrack-NG/User] has joined #openvpn
11:53 -!- Netsplit *.net <-> *.split quits: chamunks, defsdoor, ShadniX, Nik05, marlinc, subzero79, madmattco, julieeharshaw, Gizmokid2005, CGML,  (+18 more, use /NETSPLIT to show all of them)
11:53 -!- Champi_ is now known as Champi
11:53 -!- marlinc_ is now known as marlinc
11:53 -!- SupaYoshi_ is now known as SupaYoshi
11:54 -!- doop [~doop@colostomy.club] has joined #openvpn
11:58 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 244 seconds]
12:03 -!- Netsplit over, joins: defsdoor, DrCode, IamError, riddle, madmattco, subzero79
12:04 -!- riddle [riddle@us.yunix.net] has quit [Max SendQ exceeded]
12:05 -!- riddle [riddle@us.yunix.net] has joined #openvpn
12:10 -!- lykinsbd [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
12:10 -!- Netsplit *.net <-> *.split quits: IamError, madmattco, subzero79, DrCode, defsdoor
12:10 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
12:10 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
12:10 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has joined #openvpn
12:11 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
12:11 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
12:11 -!- ShadniX [dagger@p5DDFD04F.dip0.t-ipconnect.de] has joined #openvpn
12:11 -!- catsup [d@64.111.123.163] has joined #openvpn
12:12 <@krzee> !linipforward
12:12 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
12:13 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
12:13 -!- Netsplit over, joins: defsdoor, DrCode, IamError, madmattco, subzero79
12:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:15 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
12:16 -!- catsup [d@64.111.123.163] has quit [Ping timeout: 256 seconds]
12:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:20 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:22 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
12:22 -!- KronoZ` is now known as KronoZ
12:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:24 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 260 seconds]
12:27 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
12:27 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
12:28 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:30 -!- Mavrikant is now known as mavrikant1
12:30 -!- mavrikant1 is now known as mavrikant
12:30 -!- mavrikant is now known as Mavrikant
12:32 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
12:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
12:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:34 -!- zamber [~zamber@dynamic-78-8-244-48.ssp.dialog.net.pl] has quit [Ping timeout: 240 seconds]
12:36 < Valcorb> krzee: that's already enabled :/
12:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
12:39 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
12:39 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:40 <@krzee> Valcorb, sorry that was for me, what do you need help with?
12:43 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
12:44 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
12:45 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:46 < Valcorb> oh thought you were replying on my question :P
12:46 < Valcorb> I'm trying to connect to my VPN, but the client doesn't even connect to it. Server conf: http://pastebin.com/87MDYR8a Client conf: http://pastebin.com/XciD7Uqx Server log: http://pastebin.com/pnBX9fRR
12:51 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
12:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:54 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
12:56 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
12:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
13:03 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:05 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-151-62.w86-195.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
13:08 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
13:09 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:13 -!- splud [~sstraw@75-101-86-8.static.sonic.net] has joined #openvpn
13:13 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
13:15 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:20 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 268 seconds]
13:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:21 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:21 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 268 seconds]
13:26 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has joined #openvpn
13:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
13:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:27 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:28 < DArqueBishop> Valcorb, are you running OpenVPN as root on the server?
13:28 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 268 seconds]
13:29 < Eagle_Erwin> I have a working OpenVPN setup with IPv6-support. The server is on Debian stable and pushes client IPv6 addresses from the range fc00::/64. It also assinges IPv4 adresses in the 10.0.4.0/32 range. The client is on Windows and is able to reach hosts via IPv4 and IPv6, given the routes that are pushed by the server. All good so far.
13:30 < Eagle_Erwin> However, the client prefers IPv4 over IPv6 and I noticed that the prefix policies on Windows prefer IPv4 (::ffff:0:0/96) over fc00::/7.
13:30 <@Eugene> That's because fc00::/7 is outside of 2000::/3
13:30 < Eagle_Erwin> Is there an 'official'  way to change the prefix policies on OpenVPN connect? Or any other way to solve this?
13:31 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
13:31 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
13:32 -!- Chex- is now known as Chex
13:33 < Eagle_Erwin> It is a VPN setup for multiple (stupid :P) users and I don't want to ask them to change anything on their side, so fixing it server side has preference :)
13:33 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:34 <@Eugene> Using a 2000::/3 block ought to do the trick
13:36 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:36 -!- cryptic1 is now known as lazyadmin
13:36 < Eagle_Erwin> That might conflict with existing IPv6 addresses. That's why I chose to use the unique local address range from RFC-4193
13:38 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
13:39 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:40 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:44 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
13:44 < zoredache> I think the implied suggestion was that you should get a valid IPv6 delegation.
13:44 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:45 < zoredache> So there would be on chance of a conflict.
13:49 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
13:50 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:52 -!- pjs [~pjs@pscom.netlandish.com] has joined #openvpn
13:53 < pjs> Hey all.. I have openvpn running on freebsd 8.3 (I know, I know).. Latest tunnelblick on OS X Yosemite. Things worked fine forever but now when I connect via Tunnelblick, the connection is fine. openvpn server logs are fine, on OSX there is utun0 device and routes in place, but I can't ping the local or remote IP of the VPN connection on the utun0 interface? Any ideas?
13:54 < pjs> openvpn 2.3.2 btw on fbsd
13:55 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
13:56 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:01 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
14:02 -!- lazyadmin is now known as cryptic1
14:02 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:07 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
14:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:13 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 268 seconds]
14:14 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
14:16 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
14:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:24 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:25 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
14:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:26 <@Eugene> tcpdump the tun interface on both ends, see what's happening with the pings
14:31 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
14:31 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
14:32 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
14:35 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has joined #openvpn
14:36 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
14:37 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 240 seconds]
14:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:39 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
14:39 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
14:43 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
14:43 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:45 -!- cryptic1 is now known as cryptic1|afk
14:46 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:47 -!- dazo is now known as dazo_afk
14:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
14:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:54 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
14:55 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:59 -!- cryptic1|afk is now known as cryptic1
15:00 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
15:00 < pjs> Eugene ok.. I'll try that.. sorry was in a meeting
15:01 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
15:01 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:05 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
15:07 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:07 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
15:11 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
15:12 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:12 < Valcorb> DArqueBishop: yes I am
15:13 < Valcorb> DArqueBishop: root@ns3009379:/etc/openvpn# openvpn --config server.conf
15:18 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
15:18 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
15:24 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:25 < pjs> Eugene Odd, tcpdump looks good on both sides. Ping fails. See log and ping output here: http://dpaste.com/34DH0TG
15:26 <@Eugene> I see the echo request going out of the client, and into the server.
15:26 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-151-62.w86-195.abo.wanadoo.fr] has joined #openvpn
15:26 <@Eugene> It looks like you're using /30 toplogy, and trying to ping the opposite peer IP
15:27 <@Eugene> Try pinging 192.168.127.1 instead, which is what the server is actually accepting packets on
15:27 <@Eugene> !topology
15:27 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
15:27 < pjs> Eugene that worked
15:27 <@Eugene> And ideally, set that option ^
15:28 -!- hosler [~hosler@5.44.106.117.static.alvotech.net] has joined #openvpn
15:29 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
15:30 < hosler> hey fellas. i got openvpn on my ubuntu but when i activated it i lost ssh. i suppose its tunneling ALL traffic through VPN, which is nice, but not what i want. i want openvpn to run, but route everything through my public IP. i only want stuff to use the VPN network when i tell that service to speficially use that vpn interface
15:30 < hosler> any suggestions?
15:30 <@Eugene> !routebyapp
15:30 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on defined
15:30 <@vpnHelper> policies you set. For Linux, read about !lartc
15:30 < pjs> Eugene so add "topology subnet" to my openvpn.conf ?
15:30 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:30 < hosler> Eugene: shweet thanks
15:30 <@Eugene> pjs - on the server, yes.
15:30 <@Eugene> hosler - note that if you can separate what you do/don't want crossing the VPN by ip/subnet, it gets a lot simpler
15:31 <@Eugene> Just push selective routes instead of using redirect-gateway
15:31 <@Eugene> Eg, "I want access to my company network from home"
15:32 < hosler> can i not just tell my app to bind to a specific IP?
15:32 < hosler> i kinda thought vpn was like running a long cable
15:32 <@Eugene> You sure can, in combination with policy-routing above
15:33 <@Eugene> It is indeed. The issue is that you now have two "default" ways out to the internet, so picking one becomes tricky
15:34 < hosler> this gonna be fun
15:34 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 240 seconds]
15:34 <@Eugene> Yup.
15:35 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
15:36 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:36 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
15:37 < hosler> soo uhh
15:37 < pjs> Eugene awesome.. seems to fix it.. and the routing works again as well
15:37 < pjs> Eugene thank you
15:37 < hosler> for torrents what is easiest solution
15:37 < hosler> for a noob
15:37 <@Eugene> Buy a seedbox for $5/mo ;-)
15:37 < hosler> oh boy
15:37 <@Eugene> pjs - yay! Have fun! And update to more modern OSes :-p
15:38 < hosler> Eugene: i have a vps i dont really use. could i set it up with vpn and allow 1 port (ex 8080) for socks be accessed via public ip
15:38 < pjs> Eugene, I know haha! Need to find the time. FBSD 10.1 is awesome..
15:38 < hosler> and that can just be my vpn proxy
15:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
15:42 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:42 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
15:45 < Valcorb> Hey guys, I'm trying to connect to my VPN, but the client doesn't even connect to it. Server conf: http://pastebin.com/87MDYR8a Client conf: http://pastebin.com/XciD7Uqx Server log: http://pastebin.com/pnBX9fRR
15:47 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
15:48 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:49 < hosler> Eugene: so i guess i need a solution where i can get a vpn client to become a socks proxy and not mess with my routing tables
15:49 < hosler> or something lol
15:49 < hosler> man im just trying to wrap my head around this right now
15:53 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
15:53 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:53 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:58 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
15:59 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
16:01 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
16:03 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
16:08 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:09 -!- atralheaven_ [~atralheav@5.122.8.14] has joined #openvpn
16:10 < atralheaven_> Hello
16:11 < atralheaven_> I have a problem with connection to openvpn
16:11 < atralheaven_> I don't know its because of my server or its because of my isp
16:12 < atralheaven_> can anyone help me test it? if someone from another country can connect to my openvpn account, the problem would be because of the isp
16:16 -!- HardWall [~HardWall@188.24.99.195] has joined #openvpn
16:21 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
16:21 < Valcorb> atralheaven_: why would your ISP block a connection to another country?
16:22 < atralheaven_> Valcorb: because I live in Iran, it may not work here, but work in other countries
16:23 < Valcorb> ah I see
16:23 -!- pjs [~pjs@pscom.netlandish.com] has left #openvpn []
16:24 < atralheaven_> Valcorb: so can you test it for me?
16:24 < atralheaven_> I'll give you the .ovpn file, just test if it connects
16:25 < Valcorb> sure
16:29 -!- u0m3 [~u0m3@92.80.81.240] has quit [Quit: Leaving]
16:34 -!- atralheaven_ [~atralheav@5.122.8.14] has left #openvpn []
16:39 -!- u0m3 [~u0m3@92.80.81.240] has joined #openvpn
17:05 -!- splud [~sstraw@75-101-86-8.static.sonic.net] has quit [Ping timeout: 240 seconds]
17:05 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 268 seconds]
17:05 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has joined #openvpn
17:16 -!- hennos [~midas8@167.160.44.220] has quit [Ping timeout: 250 seconds]
17:21 -!- HardWall [~HardWall@188.24.99.195] has quit [Read error: Connection reset by peer]
17:21 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has quit [Ping timeout: 255 seconds]
17:24 -!- Valcorb [~Valcorb@unaffiliated/valcorb] has quit [Ping timeout: 264 seconds]
17:25 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
17:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:45 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Read error: Connection reset by peer]
18:35 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
18:40 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 260 seconds]
18:42 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
18:46 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
19:00 -!- hennos [~midas8@167.160.44.218] has joined #openvpn
19:02 -!- Tykling [tykling@gibfest.dk] has quit [Read error: Connection reset by peer]
19:03 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
19:04 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
19:04 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
19:04 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 264 seconds]
19:04 -!- iNs_ [~ins@85.17.164.26] has quit [Ping timeout: 264 seconds]
19:04 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
19:04 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
19:04 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
19:05 -!- alec-b [~alec@46.106.108.93.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
19:06 -!- iNs [~ins@85.17.164.26] has joined #openvpn
19:06 -!- alec-b [~alec@157.84.166.178.rev.vodafone.pt] has joined #openvpn
19:18 -!- Garfield [~Casper@get.your.free.bnc.at.irc.tools] has quit [Excess Flood]
19:30 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
19:31 -!- hennos [~midas8@167.160.44.218] has quit [Quit: Leaving]
19:57 <@krzee> is anybody waiting to get helped?
19:57 <@krzee> or shall i do actual work...?
19:58 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has quit [Quit: splud]
19:59 <@krzee> hosler,
19:59 <@krzee> !splitroute
19:59 <@krzee> !ping
19:59 <@vpnHelper> "splitroute" is (#1) https://forums.openvpn.net/topic7175.html to see how to add a second routing table so you can use --redirect-gateway AND still serve things to the internet or (#2) see !route_override for how to override --redirect-gateway for a certain subnet
19:59 <@vpnHelper> pong
20:02 <@krzee> !routebyapp
20:02 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on defined
20:02 <@vpnHelper> policies you set. For Linux, read about !lartc
20:10 -!- q0_0p [~q0_0p@2605:6000:1711:4017:6a1c:a2ff:fe01:201f] has joined #openvpn
20:10 < q0_0p> anyone here know of a good article to help with setting up openvpn on openwrt router?
20:20 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
20:20 < subzero79> !sockd
20:20 <@vpnHelper> "sockd" is if you want !routebyapp you can use this dante config www.ircpimps.org/sockd.conf but BE SURE TO ONLY RUN THIS ON THE INTERNAL VPN IP! otherwise you will be an open proxy. that config has no security because its expected to run inside openvpn
20:44 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has left #openvpn []
21:01 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
21:23 -!- alec-b [~alec@157.84.166.178.rev.vodafone.pt] has quit [Ping timeout: 264 seconds]
21:25 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
21:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:27 -!- alec-b [~alec@27.32.103.87.rev.vodafone.pt] has joined #openvpn
21:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:49 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:01 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:24 -!- baetheus [~brandon@null.pub] has quit [Ping timeout: 244 seconds]
22:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
22:31 -!- baetheus [~brandon@null.pub] has joined #openvpn
22:34 -!- q0_0p [~q0_0p@2605:6000:1711:4017:6a1c:a2ff:fe01:201f] has quit [Read error: Connection reset by peer]
22:35 -!- q0_0p [~q0_0p@2605:6000:1711:4017:6a1c:a2ff:fe01:201f] has joined #openvpn
23:19 -!- ShadniX [dagger@p5DDFD04F.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:19 -!- ShadniX [dagger@p5DDFCE7C.dip0.t-ipconnect.de] has joined #openvpn
23:47 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
--- Day changed Thu Oct 15 2015
00:07 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:11 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
00:20 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
00:20 < jackbrown> hello there
00:20 < jackbrown> anyone can help me ?
00:31 -!- explody [~explody@c-24-21-138-99.hsd1.or.comcast.net] has joined #openvpn
00:32 < explody> If one is using CCD to assign static IPs to some clients, is it ok to assign addresses out of the “server” net or will the daemon end up trying to hand them out to dynamic clients as well?
00:32 -!- u0m3 [~u0m3@92.80.81.240] has quit [Ping timeout: 256 seconds]
00:32 < explody> hand out the ones statically ifconfig-push’d I mean
00:34 < jackbrown> hello
00:59 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has joined #openvpn
01:00 -!- Malsasa [~Malsasa@202.67.46.22] has joined #openvpn
01:01 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has quit [Remote host closed the connection]
01:02 -!- q0_0p [~q0_0p@2605:6000:1711:4017:6a1c:a2ff:fe01:201f] has quit [Remote host closed the connection]
01:02 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has joined #openvpn
01:09 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:25 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
01:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:33 -!- mode/#openvpn [+o mattock1] by ChanServ
01:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:54 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
01:55 -!- lev__ [~lev@stipakov.fi] has joined #openvpn
01:58 -!- mystica555 [~mystica55@184-96-131-233.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
02:14 -!- mystica555 [~mystica55@97-118-183-160.hlrn.qwest.net] has joined #openvpn
02:25 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 264 seconds]
02:27 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 264 seconds]
02:28 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
02:33 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
02:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
02:43 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Read error: Connection reset by peer]
02:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:05 -!- mystica555_ [~mystica55@97-118-188-203.hlrn.qwest.net] has joined #openvpn
03:07 -!- mystica555 [~mystica55@97-118-183-160.hlrn.qwest.net] has quit [Ping timeout: 265 seconds]
03:30 -!- Mavrikant [~Mavrikant@wikimedia/Mavrikant] has quit [Ping timeout: 260 seconds]
03:35 -!- Mavrikant [~Mavrikant@wikimedia/Mavrikant] has joined #openvpn
03:37 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit []
03:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:00 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
04:02 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:21 -!- dazo_afk is now known as dazo
04:26 -!- kangyong [~kangyong@117.114.151.179] has joined #openvpn
04:31 -!- Malsasa [~Malsasa@202.67.46.22] has quit [Read error: Connection reset by peer]
04:33 -!- Malsasa [~Malsasa@202.67.41.22] has joined #openvpn
04:35 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
04:35 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has quit [Excess Flood]
04:36 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:36 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
04:36 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has quit [Excess Flood]
04:36 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
04:36 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has quit [Excess Flood]
04:37 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
04:37 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has quit [Excess Flood]
04:37 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
04:45 -!- KronoZ is now known as KronoZ[away]
04:53 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Ping timeout: 240 seconds]
04:53 -!- Lope [~Lope@118.107.218.11] has joined #openvpn
04:54 < Lope> inside your configuration file, when you say "dev tun0" or "dev tap0" is that single line the only thing that determines whether it's a TUN or TAP interface?
04:55 -!- adapiratr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 252 seconds]
04:55 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
04:56 < Lope> So if I want to change a simple TUN interface to a TAP interface, can I just change "dev tun0" to "dev tap0" and remove the "ifconfig x.x.x.x y.y.y.y" line?
04:56 -!- adapiratr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
05:11 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:19 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:23 -!- dEPy [~dEPy@116.228.99.252] has joined #openvpn
05:24 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
05:24 -!- dEPy [~dEPy@116.228.99.252] has quit [Remote host closed the connection]
05:27 -!- Malsasa [~Malsasa@202.67.41.22] has left #openvpn ["http://radiorasyid.com  >>  Ayo mengaji!"]
05:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:33 -!- dEPy [~dEPy@116.228.99.252] has joined #openvpn
05:34 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:35 <@dazo> Lope: if you don't have --dev-type set your config or command line, then yes, the type is derived from --dev ... if you give 'vpn0', you must use --dev-type in addition
05:36 <@dazo> Lope: you may need --ifconfig ... it all depends on the rest of your config
05:41 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
05:46 -!- dEPy [~dEPy@116.228.99.252] has quit [Quit: (null)]
05:58 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
05:58 < Lope> dazo: okay, I'm starting my openVPN servers and clients from config files like these examples: http://pastebin.com/7ZT8tyN3
05:59 <@dazo> Lope: then you must use --ifconfig on both sides
05:59 <@dazo> well, you could use an IP-less tunnel ... but not sure that's what you really want
05:59 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:00 < Lope> well, I was thinking of making TAP connections.
06:00 <@dazo> well, why do you want TAP?
06:00 <@dazo> what is your !goal?
06:00 <@dazo> !gial
06:00 <@dazo> !goal
06:00 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
06:01 -!- kangyong [~kangyong@117.114.151.179] has left #openvpn []
06:06 -!- KronoZ[away] is now known as KronoZ
06:13 -!- u0m3 [~u0m3@92.80.98.70] has joined #openvpn
06:26 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:33 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
06:34 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:41 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:43 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
06:45 -!- Assid [~assid@unaffiliated/assid] has joined #openvpn
06:45 < Assid> heya
06:45 -!- havoc [~havoc@neptune.chaillet.net] has left #openvpn []
06:47 < Assid> so i have LAN <->server <->LAN2 .. for now i can connect to each endpoints.. but i would like to use the network of  LAN2 for accessing the internet . maybe some sites (subnets)
06:48 < Assid> from my device on LAN1, i set the route to use the GW on LAN2 (doesnt work), even tried the router/device which NAT's at LAN2 as the gateway, but that doesnt work either.
06:56 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
07:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:19 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
07:20 -!- KakuRoze [~RozeD@83.250.143.139] has joined #openvpn
07:41 -!- Tools is now known as Garfield
07:49 -!- NetworkingPro is now known as MrWhiskers
07:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:01 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
08:04 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
08:26 -!- Lope [~Lope@118.107.218.11] has quit [Ping timeout: 272 seconds]
08:28 < nestandi> hey everybody.... i'm connected to a host via vpn (tun, not tap) - is it possible for him to ping my network? what should i dow to make it possible?
08:35 -!- Lope [~Lope@118.107.218.11] has joined #openvpn
08:53 <@dazo> !clientlan
08:53 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a
08:53 <@vpnHelper> better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
08:53 <@dazo> !serverlan
08:53 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
08:53 <@dazo> Assid: ^^^^
08:54 <@dazo> Those two doesn't give the exact answer for your setup, but will probably point you in the proper direction
08:55 < Assid> yeah i already have forwarding setup..
08:56 < Assid> im not sure how to redirectgateway or even route through the 2nd lan network
08:57 < Assid> !route_outside_openvpn
08:57 <@vpnHelper> "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
09:10 -!- cryptic1 is now known as lazyadmin
09:13 -!- Assid [~assid@unaffiliated/assid] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
09:19 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 240 seconds]
09:23 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
09:24 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-ripnhghvnyaktkkl] has quit [Ping timeout: 250 seconds]
09:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:27 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-ycmkjtzerwdarrbs] has joined #openvpn
09:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:36 -!- lazyadmin is now known as cryptic1
09:43 -!- Lope [~Lope@118.107.218.11] has quit [Ping timeout: 272 seconds]
09:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
09:45 -!- Garfield [~Casper@get.your.free.bnc.at.irc.tools] has quit [Excess Flood]
09:46 -!- Tools [~Casper@get.your.free.bnc.at.irc.tools] has joined #openvpn
09:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:46 -!- mode/#openvpn [+o mattock1] by ChanServ
09:53 -!- Lope [~Lope@118.107.218.11] has joined #openvpn
09:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:58 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
10:08 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
10:12 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:12 <@dazo> krzee: you around?
10:18 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Ping timeout: 255 seconds]
10:18 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:25 -!- someone [~someone@sonoshee.chronostasis.net] has joined #openvpn
10:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
10:42 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:43 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:48 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
10:53 -!- u0m3 [~u0m3@92.80.98.70] has quit [Ping timeout: 268 seconds]
11:01 -!- u0m3 [~u0m3@92.80.89.209] has joined #openvpn
11:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 268 seconds]
11:12 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:44 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
11:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
11:54 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
11:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:58 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
12:10 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
12:17 -!- Lope [~Lope@118.107.218.11] has quit [Quit: Leaving]
12:18 -!- nestandi [~nestandi@p4FCD5868.dip0.t-ipconnect.de] has joined #openvpn
12:37 -!- nestandi [~nestandi@p4FCD5868.dip0.t-ipconnect.de] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:38 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
12:41 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
12:42 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
12:44 -!- shiriru [~shiriru@77.85.251.196] has quit [Quit: Leaving]
13:20 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
13:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:34 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
13:43 -!- nestandi [~nestandi@p4FCD5868.dip0.t-ipconnect.de] has joined #openvpn
13:43  * m3n3chm0 nasZ
13:45 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:47 -!- apollonovich [~rdowne@2601:647:4d80:a00:4a51:b7ff:fe9b:387c] has joined #openvpn
13:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:56 -!- mcp [~mcp@wolk-project.de] has quit [Remote host closed the connection]
14:05 -!- hennos [~midas8@167.160.44.215] has joined #openvpn
14:07 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 250 seconds]
14:16 -!- MrPockets is now known as |__[0_0]__|
14:26 -!- |__[0_0]__| is now known as MrPockets
14:29 -!- ldc [uid116914@gateway/web/irccloud.com/x-jzqiynzsfargmjwq] has joined #openvpn
14:29 < ldc> hello
14:30 -!- apollonovich [~rdowne@2601:647:4d80:a00:4a51:b7ff:fe9b:387c] has quit [Quit: Leaving]
14:30 < ldc> do you know if it's possible to push down single /32s to openvpn clients from a server?
14:30 < ldc> I'd like traffic to specific public IP addresses to go through the tunnel, the rest should not, as in, a split tunnel configuration
14:55 <@Eugene> Yes, you can push a route of any size that you want
14:55 <@Eugene> However
14:55 <@Eugene> !routebyapp
14:55 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on defined
14:55 <@vpnHelper> policies you set. For Linux, read about !lartc
15:00 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
15:18 -!- Cipher45 [~Cipher45@unaffiliated/cipher45] has joined #openvpn
15:21 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 260 seconds]
15:21 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-haqlvqqdvtxexpei] has joined #openvpn
15:21 < wallbroken> hi guys
15:22 < wallbroken> i've tried an ookla speedtest while connected to the vpn
15:22 < wallbroken> and in upload i see and impossible speed about my xDSL
15:22 < wallbroken> it could be an openvpn related reason?
15:35 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit []
15:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 252 seconds]
15:38 -!- CHDL [PIKA@gateway/shell/bnc4free/x-pmaeuuaguhlohxwc] has joined #openvpn
15:39 < CHDL> i want to run a vpn server with low bandwith usage, can anyone help me?
15:43 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
15:53 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
15:58 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
15:58 -!- KakuRoze [~RozeD@83.250.143.139] has quit [Ping timeout: 264 seconds]
15:59 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
16:07 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has joined #openvpn
16:13 -!- Denial- [~Denial@host31-54-228-164.range31-54.btcentralplus.com] has quit []
16:17 -!- Denial [~Denial@host31-54-228-164.range31-54.btcentralplus.com] has joined #openvpn
16:22 <@dazo> CHDL: ehm ... don't use VPN if you want a low bandwidth ... network packet encapsulation and encryption will most likely just increase the bandwidth anyhow
16:24 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
16:28 -!- hennos [~midas8@167.160.44.215] has quit [Quit: Leaving]
16:30 -!- maus_ [~maus@31.29.170.113] has joined #openvpn
16:31 < maus_> !welcome
16:31 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:31 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:31 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
16:33 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
16:38 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
16:42 -!- nestandi [~nestandi@p4FCD5868.dip0.t-ipconnect.de] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:42 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
16:46 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
16:51 < maus_> ltl help plz. i tryed to up openvpn(v2.3.8) connection on centos(client). But i have error in log: VERIFY ERROR: depth=0, error=certificate signature failure: O=xx-xx, OU=xxx, CN=xx
16:51 < maus_> TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
16:51 < maus_> TLS Error: TLS object -> incoming plaintext read error
16:51 < maus_> TLS Error: TLS handshake failed
16:51 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
16:51 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
16:52 < maus_> how to fix it?
16:56 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
17:00 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
17:02 <@dazo> maus_: sounds like you're using the wrong certificate on the server
17:02 <@dazo> or that you're using the wrong CA certificate on the client
17:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 252 seconds]
17:08 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:12 < maus_> how test it?
17:21 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
17:26 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has joined #openvpn
17:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:28 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
17:29 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
17:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:37 -!- hennos [~midas8@167.160.44.215] has joined #openvpn
17:51 -!- Denial [~Denial@host31-54-228-164.range31-54.btcentralplus.com] has quit []
17:52 -!- Denial [~Denial@host31-54-228-164.range31-54.btcentralplus.com] has joined #openvpn
17:53 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
17:54 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
17:57 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-151-62.w86-195.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
18:04 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
18:04 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
18:15 -!- dazo is now known as dazo_afk
18:28 -!- hennos [~midas8@167.160.44.215] has quit [Quit: Leaving]
18:31 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
18:33 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Remote host closed the connection]
18:33 -!- Tenhi_ [~tenhi@178.18.241.180] has quit [Read error: Connection reset by peer]
18:33 -!- funnel_ [~funnel@unaffiliated/espiral] has joined #openvpn
18:34 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
18:34 -!- funnel [~funnel@unaffiliated/espiral] has quit [Read error: Connection reset by peer]
18:34 -!- funnel_ is now known as funnel
18:34 -!- Denial- [~Denial@host31-54-228-164.range31-54.btcentralplus.com] has joined #openvpn
18:34 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Excess Flood]
18:35 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
18:35 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Ping timeout: 253 seconds]
18:35 -!- Tenhi_ [~tenhi@178.18.241.180] has joined #openvpn
18:35 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
18:36 -!- Denial [~Denial@host31-54-228-164.range31-54.btcentralplus.com] has quit [Ping timeout: 265 seconds]
18:36 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-haqlvqqdvtxexpei] has quit [Ping timeout: 265 seconds]
18:36 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has quit [Ping timeout: 265 seconds]
18:36 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
18:37 -!- hennos [~midas8@167.160.44.216] has joined #openvpn
18:37 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 265 seconds]
18:37 -!- explody_ [~explody@c-24-21-138-99.hsd1.or.comcast.net] has joined #openvpn
18:37 -!- explody [~explody@c-24-21-138-99.hsd1.or.comcast.net] has quit [Ping timeout: 265 seconds]
18:37 -!- explody_ is now known as explody
18:38 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 265 seconds]
18:38 -!- madmattco [~quassel@znc.madboxes.cc] has quit [Ping timeout: 265 seconds]
18:42 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
18:43 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
18:43 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
18:43 -!- madmattco [~quassel@znc.madboxes.cc] has joined #openvpn
19:04 -!- Netsplit *.net <-> *.split quits: valkyr1e, NucWin, @krzee, Nothing4You, hive-mind, chantra, cryptic1, linear, warehouse13, dvl,  (+208 more, use /NETSPLIT to show all of them)
19:10 -!- Netsplit over, joins: @vpnHelper, @dazo_afk, ValdikSS, arlen, jeev, nullsign, +hazardous, Buffman, Pandemic_Force, gardar (+32 more)
19:11 -!- Netsplit over, joins: someone, cylon512
19:12 -!- Netsplit over, joins: splud, adapiratr, pa, Telvana, infernix, obscurehero, avril, eliasp, +esde, yoavz
19:14 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
19:14 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
19:14 -!- riddle [riddle@us.yunix.net] has joined #openvpn
19:14 -!- julie_harshaw [~julie@juliekoubova.net] has joined #openvpn
19:14 -!- KronoZ [~KronoZ@proxy.kronoz.guru] has joined #openvpn
19:14 -!- CGML_ [~CGML@unaffiliated/cgml] has joined #openvpn
19:14 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
19:14 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
19:14 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
19:14 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
19:14 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
19:14 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
19:14 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
19:14 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
19:14 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has joined #openvpn
19:14 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
19:14 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
19:14 -!- ServerMode/#openvpn [+vo RBecker pekster] by orwell.freenode.net
19:15 -!- explody [~explody@c-24-21-138-99.hsd1.or.comcast.net] has joined #openvpn
19:15 -!- CHDL [PIKA@gateway/shell/bnc4free/x-pmaeuuaguhlohxwc] has joined #openvpn
19:15 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
19:15 -!- Mavrikant [~Mavrikant@wikimedia/Mavrikant] has joined #openvpn
19:15 -!- mystica555_ [~mystica55@97-118-188-203.hlrn.qwest.net] has joined #openvpn
19:15 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
19:15 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
19:15 -!- Savemech [Savemech@gateway/shell/firrre/x-wuiqakhqpvobavxe] has joined #openvpn
19:15 -!- MrWhiskers [sid47591@gateway/web/irccloud.com/x-pwedfmpceafphrsb] has joined #openvpn
19:15 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
19:15 -!- jesopo [jess@lolnerd.net] has joined #openvpn
19:15 -!- troyt_ [~troyt@2601:681:4601:cb11:44dd:acff:fe85:9c8e] has joined #openvpn
19:15 -!- timmu [~M@109-125-191-90.dyn.estpak.ee] has joined #openvpn
19:15 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
19:15 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has joined #openvpn
19:15 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
19:15 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
19:15 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
19:15 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
19:15 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
19:15 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
19:15 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
19:15 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
19:15 -!- ServerMode/#openvpn [+v s7r] by orwell.freenode.net
19:15 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
19:15 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
19:15 -!- 16WAAIZ5O [~tenhi@178.18.241.180] has joined #openvpn
19:15 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
19:15 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
19:15 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
19:15 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
19:15 -!- c|oneman [cloneman@1337.montrealdark.com] has joined #openvpn
19:15 -!- fling [~fling@fsf/member/fling] has joined #openvpn
19:15 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
19:15 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
19:15 -!- ashka [~postmaste@pdpc/supporter/active/ashka] has joined #openvpn
19:15 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has joined #openvpn
19:15 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
19:15 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
19:15 -!- ServerMode/#openvpn [+o krzee] by orwell.freenode.net
19:16 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
19:16 -!- maus_ [~maus@31.29.170.113] has joined #openvpn
19:16 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
19:16 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-ycmkjtzerwdarrbs] has joined #openvpn
19:16 -!- alec-b [~alec@27.32.103.87.rev.vodafone.pt] has joined #openvpn
19:16 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
19:16 -!- mescalito [~mescalito@unaffiliated/mescal] has joined #openvpn
19:16 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
19:16 -!- AjaniMember [~Ajani@107.170.118.82] has joined #openvpn
19:16 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
19:16 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
19:16 -!- crane [~crane@chat.craneworks.de] has joined #openvpn
19:16 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:16 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
19:16 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
19:16 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
19:16 -!- mete [~mete@91.247.253.160] has joined #openvpn
19:16 -!- iokill [~dave@pippin.sigma-star.at] has joined #openvpn
19:18 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
19:18 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
19:18 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
19:18 -!- u0m3 [~u0m3@92.80.89.209] has joined #openvpn
19:18 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
19:18 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
19:18 -!- Champi [Champi@damn.e-leet.be] has joined #openvpn
19:18 -!- dan_j [sid21651@gateway/web/irccloud.com/x-igdukrrvswnysnts] has joined #openvpn
19:18 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
19:18 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
19:18 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
19:18 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
19:18 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
19:18 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:18 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
19:18 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
19:18 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has joined #openvpn
19:18 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
19:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
19:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
19:20 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:20 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
19:20 -!- patteh [~patteh@unaffiliated/patteh] has joined #openvpn
19:20 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has joined #openvpn
19:20 -!- bpye_ [~quassel@unaffiliated/bpye] has joined #openvpn
19:20 -!- patsToms [~patsToms@radioa7.lv] has joined #openvpn
19:20 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
19:20 -!- grubles [~freebsd@unaffiliated/grubles] has joined #openvpn
19:20 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
19:20 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
19:20 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
19:20 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
19:20 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
19:20 -!- novaflash_away [~novaflash@openvpn/corp/support/novaflash] has joined #openvpn
19:20 -!- ServerMode/#openvpn [+o novaflash_away] by orwell.freenode.net
19:20 -!- dmilith [~dmilith@verknowsys.com] has joined #openvpn
19:20 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
19:20 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
19:20 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
19:20 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
19:20 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
19:20 -!- ServerMode/#openvpn [+o mattock] by orwell.freenode.net
19:21 -!- 16WAAIZ5O is now known as Tenhi_
19:22 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 240 seconds]
19:23 -!- madmattco [~quassel@znc.madboxes.cc] has joined #openvpn
19:23 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
19:23 -!- iNs [~ins@85.17.164.26] has joined #openvpn
19:23 -!- hosler [~hosler@5.44.106.117.static.alvotech.net] has joined #openvpn
19:23 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has joined #openvpn
19:23 -!- lykinsbd [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
19:23 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
19:23 -!- phantomcircuit [~phantomci@strateman.ninja] has joined #openvpn
19:23 -!- Ssquidly [~squidly@gate.nnx.com] has joined #openvpn
19:23 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
19:23 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
19:23 -!- JackWinter_ [~jack@vodsl-8284.vo.lu] has joined #openvpn
19:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:23 -!- brizz [~brizz@64.31.1.2] has joined #openvpn
19:23 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
19:23 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
19:23 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
19:23 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
19:23 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
19:23 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
19:23 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
19:23 -!- Kobaz [~kobaz@its.kobaz.net] has joined #openvpn
19:23 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
19:23 -!- maxiepax [max@locke.misse.org] has joined #openvpn
19:23 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
19:23 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
19:23 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
19:23 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
19:23 -!- fred`` [fred@earthli.ng] has joined #openvpn
19:23 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
19:23 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
19:23 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
19:23 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
19:23 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
19:23 -!- P4k3 [~P4k3@hydrogen.frostis.se] has joined #openvpn
19:23 -!- ServerMode/#openvpn [+ooo plaisthos syzzer Eugene] by orwell.freenode.net
19:23 -!- lkjahsdkfj is now known as uiyice
19:25 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:34 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
19:35 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has joined #openvpn
19:35 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
19:38 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
19:57 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-cepksnbwtzmprggd] has joined #openvpn
19:57 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-cepksnbwtzmprggd] has left #openvpn []
19:59 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
20:01 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
20:06 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
20:16 -!- obbs [~obbs@unaffiliated/obbs] has joined #openvpn
20:18 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has quit [Quit: splud]
20:19 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
20:19 -!- biggi_mat [~biggi_mat@38.122.6.62] has joined #openvpn
20:20 < biggi_mat> Hello, are there any cool alternatives to web ui management console to openvpn access to use?
20:24 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
20:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:38 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
20:43 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
20:46 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
20:49 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:50 -!- biggi_mat [~biggi_mat@38.122.6.62] has quit [Quit: biggi_mat]
20:50 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
21:00 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
21:05 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
21:05 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
21:05 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
21:06 -!- fred`` [fred@earthli.ng] has quit [Remote host closed the connection]
21:18 -!- fred`` [fred@earthli.ng] has joined #openvpn
21:23 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
21:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:30 -!- toli [~toli@ip-62-235-214-67.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
21:30 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
21:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:36 -!- toli [~toli@ip-62-235-216-80.dsl.scarlet.be] has joined #openvpn
21:48 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
22:33 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
22:48 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:53 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 240 seconds]
22:55 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has quit [Ping timeout: 246 seconds]
22:55 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
22:55 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
22:56 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
22:58 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
23:17 -!- ShadniX [dagger@p5DDFCE7C.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:18 -!- ShadniX [dagger@p5DDFCC4E.dip0.t-ipconnect.de] has joined #openvpn
23:33 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
23:48 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Fri Oct 16 2015
00:25 -!- Tools is now known as Garfield
00:25 -!- Garfield is now known as Lasagna
00:26 -!- Lasagna is now known as Garfield
00:42 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:55 -!- nestandi [~nestandi@vpn4.hotsplots.net] has joined #openvpn
00:55 -!- nestandi [~nestandi@vpn4.hotsplots.net] has quit [Max SendQ exceeded]
01:05 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:10 -!- unixninja92_ is now known as unixninja92
01:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:34 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
01:40 -!- wowaname [~kloeri@unaffiliated/wowaname/bot/bubblebass] has joined #openvpn
01:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:41 -!- mode/#openvpn [+o mattock1] by ChanServ
01:48 < wowaname> always helpful to have no logs produced at all on the client side
01:49 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 268 seconds]
01:49 -!- dionysus70 is now known as dionysus69
01:57 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
01:58 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:14 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 260 seconds]
02:14 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit []
02:15 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
02:18 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
02:19 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
02:24 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Remote host closed the connection]
02:27 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
02:47 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
02:53 -!- julius [~julius@dslb-178-011-118-218.178.011.pools.vodafone-ip.de] has joined #openvpn
02:53 < julius> hi
03:04 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
03:08 -!- julius [~julius@dslb-178-011-118-218.178.011.pools.vodafone-ip.de] has left #openvpn ["Leaving"]
03:10 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
03:10 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
03:13 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
03:16 -!- dazo_afk is now known as dazo
03:18 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
03:19 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
03:31 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
03:32 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
03:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:39 -!- atralheaven_ [~atralheav@5.122.46.219] has joined #openvpn
03:41 < atralheaven_> hello
03:42 < atralheaven_> I can't connect to open vpn on my server, this is the log: http://pastebin.com/xRTX0vsr I have no idea whats wrong with it!
03:43 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
03:59 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
04:01 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:02 <@plaisthos> atralheaven_: check the server log
04:03 < atralheaven_> plaisthos: Hi, thank you for responding, where is it?
04:06 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:12 -!- atralheaven_ [~atralheav@5.122.46.219] has quit [Ping timeout: 250 seconds]
04:13 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
04:26 -!- bf_ [~bf_@xdsl-87-79-179-52.netcologne.de] has joined #openvpn
04:27 -!- bf_ [~bf_@xdsl-87-79-179-52.netcologne.de] has quit [Client Quit]
04:55 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:22 -!- atralheaven_ [~atralheav@5.122.226.50] has joined #openvpn
05:23 -!- atralheaven_ [~atralheav@5.122.226.50] has quit [Client Quit]
05:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:29 -!- subscope [~subscope@195.56.66.6] has quit [Ping timeout: 244 seconds]
05:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:34 -!- dEPy [~dEPy@116.228.99.252] has joined #openvpn
05:39 -!- atralheaven_ [~atralheav@5.121.218.140] has joined #openvpn
05:39 < atralheaven_> sorry I was disconnected from internet
05:40 < atralheaven_> I use openvpn version 2.3.2 on ubuntu 14.04
05:40 < atralheaven_> I can't connect to openvpn and this is the log: http://pastebin.com/xRTX0vsr
05:41 < atralheaven_> im looking for openvpn logs on the server to post it here, I don't know where is it?
05:45 -!- dEPy [~dEPy@116.228.99.252] has left #openvpn ["(null)"]
05:51 <@plaisthos> !log
05:51 <@vpnHelper> Error: You don't have the owner capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.
05:51 <@plaisthos> !logfile
05:51 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
05:51 <@plaisthos> atralheaven_: that's for your
05:51 <@plaisthos> in ubuntu check var/log/syslog
05:52 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 256 seconds]
05:52 < atralheaven_> should I change it to verb 5?
05:59 -!- atralheaven_ [~atralheav@5.121.218.140] has quit [Ping timeout: 265 seconds]
06:03 -!- atralheaven_ [~atralheav@5.121.218.140] has joined #openvpn
06:06 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:08 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:09 -!- c|oneman [cloneman@1337.montrealdark.com] has quit [Ping timeout: 240 seconds]
06:12 < atralheaven_> I really don't understand what's wrong with it. im going to reinstall and config again...
06:13 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
06:13 < atralheaven_> I follow this instruction. is it correct? https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
06:13 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Ubuntu 14.04 | DigitalOcean (at www.digitalocean.com)
06:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:20 -!- shiriru [~shiriru@77.85.251.196] has joined #openvpn
06:38 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
06:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
06:44 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:57 -!- atralheaven_ [~atralheav@5.121.218.140] has quit [Ping timeout: 256 seconds]
07:14 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
07:18 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
07:27 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:38 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
07:42 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:53 -!- atralheaven_ [~atralheav@5.121.234.246] has joined #openvpn
08:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
08:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
08:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:23 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
08:25 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:25 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:26 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
08:28 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:30 -!- AlmogBaku [~AlmogBaku@bzq-79-183-139-160.red.bezeqint.net] has joined #openvpn
08:31 -!- AlmogBaku [~AlmogBaku@bzq-79-183-139-160.red.bezeqint.net] has quit [Client Quit]
08:31 -!- AlmogBaku [~AlmogBaku@bzq-79-183-139-160.red.bezeqint.net] has joined #openvpn
08:37 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Quit: No Ping reply in 180 seconds.]
08:40 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
08:50 -!- atralheaven_ [~atralheav@5.121.234.246] has quit [Ping timeout: 250 seconds]
09:01 <@dazo> krzee: still not here?
09:03 -!- AlmogBaku [~AlmogBaku@bzq-79-183-139-160.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:25 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:31 <@ecrist> lol
09:34 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:34 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:35 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:40 < dionysus69> can anyone assist me on setting up openvpn on tun adapter? I have been unable to setup anything else except of bridge and bridge I researched has some disatvantages like speed etc, I am running windows 2008 r2, this is frustrating me for over 2 months
09:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:42 -!- mode/#openvpn [+o mattock1] by ChanServ
09:50 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
09:52 -!- AlmogBaku [~AlmogBaku@bzq-79-183-139-160.red.bezeqint.net] has joined #openvpn
09:52 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
09:52 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:53 < FlorianBd> Hi all!
09:53 < FlorianBd> Is there a way for a client to choose it's tun ip address?  or at least to ask for one and it will get another if not available?
09:59 <@plaisthos> FlorianBd:
09:59 <@plaisthos> !clinet-connect
09:59 <@plaisthos> FlorianBd: err
09:59 <@plaisthos> Well
09:59 <@plaisthos> you can push UV_ enviorenment variable from clinet to server
10:00 <@plaisthos> and then check these in a client-connect script
10:00 <@plaisthos> note with ipp the client will get the last Ip it used if that IP is still available
10:02 < FlorianBd> ok, I don't mind if it uses the same one as long as it was originally chosen by the client.  Basically, each of my clients is a particular machine number, let's say 2. 2 will request 10.8.0.102   But i'd like my script that calls openvpn on client to be able to choose that... so is there any option in command line?
10:02 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:05 < FlorianBd> plaisthos: I'm not sure what "UV_enironnement" means
10:06 <@plaisthos> FlorianBd: see push-peer-info in the man page
10:06 <@plaisthos> and setenv
10:10 <@plaisthos> and client-connect
10:11 <@plaisthos> or you give each machine a different user/certificate map these on the server in the client-connect script
10:21 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
10:24 -!- AlmogBaku [~AlmogBaku@bzq-79-183-139-160.red.bezeqint.net] has quit [Ping timeout: 250 seconds]
10:24 < FlorianBd> plaisthos: ok thanks
10:29 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Quit: biggi_mat]
10:32 < FlorianBd> plaisthos: ok I got it, we can execute a script using --client-connect, great. But I don't see how that would allow me to set the ip address, I guess this script is executed on the server side so ifconfig would not do anything useful?
10:37 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
10:41 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
10:41 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Read error: Connection reset by peer]
10:41 -!- AlmogBaku [~AlmogBaku@bzq-79-183-139-160.red.bezeqint.net] has joined #openvpn
10:42 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
10:45 -!- AlmogBaku [~AlmogBaku@bzq-79-183-139-160.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
10:50 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Quit: biggi_mat]
10:52 -!- AlmogBaku [~AlmogBaku@bzq-79-183-100-224.red.bezeqint.net] has joined #openvpn
10:53 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Ping timeout: 268 seconds]
10:57 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:57 -!- AlmogBaku [~AlmogBaku@bzq-79-183-100-224.red.bezeqint.net] has quit [Ping timeout: 255 seconds]
11:02 -!- ismail [ismail@kde/ismail] has joined #openvpn
11:02 < ismail> hmm is openvpn 3.x being developed privately atm?
11:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
11:06 <@Eugene> https://community.openvpn.net/openvpn/wiki/RoadMap
11:06 <@vpnHelper> Title: RoadMap – OpenVPN Community (at community.openvpn.net)
11:07 -!- AlmogBaku [~AlmogBaku@bzq-79-183-100-224.red.bezeqint.net] has joined #openvpn
11:07 < ismail> interesting read, thanks Eugene
11:07 <@Eugene> Note the dates ;-)
11:09 < ismail> Eugene: thats just a off-by-5 error :p
11:10 <@Eugene> There is a reimplementation of the 2.x wire protocol in a library, written for the iOS app
11:10 <@Eugene> I can never find it though
11:11 < ismail> well I am not against private development
11:11 < ismail> just wondered
11:11 <@Eugene> That's basically the OpenVPN Techonologies, Inc model
11:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:14 < ismail> hopefully it will work out
11:15 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
11:30 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:30 -!- mode/#openvpn [+o mattock1] by ChanServ
11:30 -!- biggi_mat [~biggi_mat@38.122.6.62] has joined #openvpn
11:32 <@dazo> ismail: James is getting closer to release the code for ovpn 3 ... there are stille a few missing pieces he wants to have in place
11:33 <@dazo> ismail: the architecture is very different from ovpn 2, and it is primarily a library which is linked into a command line front-end (or other apps)
11:37 -!- HardWall [~HardWall@2a02:2f0e:39:200:ddb5:4660:13:d485] has joined #openvpn
11:38 < ismail> dazo: guess it'll be easily extendable, thats a good thing.
11:38 <@dazo> ismail: well, it's actually written in C++ ... and James is a clever architect who have thought of how to easily be able reuse code in a good way
11:39 < ismail> c++ \o/
11:39 < ismail> good news
11:47 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
11:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
11:51 -!- maus__ [~maus@31.29.250.114] has joined #openvpn
11:55 -!- maus_ [~maus@31.29.170.113] has quit [Ping timeout: 268 seconds]
12:15 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Quit: brb]
12:16 -!- AlmogBaku [~AlmogBaku@bzq-79-183-100-224.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:17 -!- shiriru [~shiriru@77.85.251.196] has quit [Ping timeout: 250 seconds]
12:59 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
13:06 -!- AlmogBaku [~AlmogBaku@bzq-79-183-100-224.red.bezeqint.net] has joined #openvpn
13:11 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
13:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:28 -!- splud [~sstraw@75-101-89-251.static.sonic.net] has joined #openvpn
13:31 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
13:34 -!- AlmogBaku [~AlmogBaku@bzq-79-183-100-224.red.bezeqint.net] has quit [Ping timeout: 268 seconds]
13:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:37 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:37 -!- maus__ [~maus@31.29.250.114] has quit [Read error: Connection reset by peer]
13:37 -!- splud [~sstraw@75-101-89-251.static.sonic.net] has quit [Quit: splud]
13:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:55 -!- daffy__ [~daffy__@unaffiliated/daffy/x-4014872] has joined #openvpn
13:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:58 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has joined #openvpn
14:04 -!- AlmogBaku [~AlmogBaku@bzq-79-183-100-224.red.bezeqint.net] has joined #openvpn
14:05 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Read error: Connection reset by peer]
14:06 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
14:08 -!- AlmogBaku [~AlmogBaku@bzq-79-183-100-224.red.bezeqint.net] has quit [Ping timeout: 250 seconds]
14:21 -!- cagedwisdom [~X@124-148-37-167.dyn.iinet.net.au] has joined #openvpn
14:24 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
14:29 -!- cagedwisdom [~X@124-148-37-167.dyn.iinet.net.au] has quit [Ping timeout: 272 seconds]
14:45 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
14:46 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Remote host closed the connection]
14:50 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Read error: Connection reset by peer]
14:53 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:54 -!- RealityVoid [~HardWall@2a02:2f0e:39:200:ddb5:4660:13:d485] has joined #openvpn
14:54 -!- HardWall [~HardWall@2a02:2f0e:39:200:ddb5:4660:13:d485] has quit [Ping timeout: 252 seconds]
14:57 -!- FlorianBd [~FlorianBd@florianbador.com] has left #openvpn []
15:06 -!- daffy__ [~daffy__@unaffiliated/daffy/x-4014872] has quit [Quit: Leaving]
15:13 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
15:14 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
15:36 -!- redpill [~redpill@unaffiliated/redpill] has quit [Quit: redpill]
16:12 -!- HardWall [~HardWall@2a02:2f0e:10:c000:19f:7ee5:4356:ac4f] has joined #openvpn
16:13 -!- RealityVoid [~HardWall@2a02:2f0e:39:200:ddb5:4660:13:d485] has quit [Ping timeout: 252 seconds]
17:06 -!- HardWall [~HardWall@2a02:2f0e:10:c000:19f:7ee5:4356:ac4f] has quit [Read error: Connection reset by peer]
17:16 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
17:24 -!- dazo is now known as dazo_afk
17:35 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 244 seconds]
17:47 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 252 seconds]
17:47 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
17:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:53 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
19:11 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
20:01 -!- lvl76blastoise [~nlaveck@c-68-39-199-12.hsd1.in.comcast.net] has joined #openvpn
20:02 < lvl76blastoise> !welcome
20:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
20:02 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:02 < lvl76blastoise> !configs
20:02 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
20:03 < lvl76blastoise> is this a good channel for troubleshooting a new vpn setup?
20:04 < lvl76blastoise> !howto
20:04 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
20:05 < lvl76blastoise> hello?
20:12 <@Eugene> !anyone
20:12 <@Eugene> !ask
20:12 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
20:13 < wowaname> !version
20:13 <@vpnHelper> The current (running) version of this Supybot is 0.83.4.1.  The newest version available online is 0.83.4.1.
20:13 < wowaname> wew
20:27 -!- lvl76blastoise [~nlaveck@c-68-39-199-12.hsd1.in.comcast.net] has quit [Ping timeout: 246 seconds]
20:33 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 256 seconds]
20:33 -!- biggi_mat [~biggi_mat@38.122.6.62] has quit [Quit: biggi_mat]
20:38 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
20:46 -!- pEYEd [~kvirc@32.209.66.82] has joined #openvpn
20:47 < pEYEd> I am trying to setup an openvpn server. My server config works fine on a gentoo server, but the same openvpn server config does not work on FreeBSD. https://bpaste.net/show/fdb5a2b4c09c   I see traffic hitting the NIC with tcpdump. Port and tun interface come up fine on server.
20:59 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
21:05 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Quit: biggi_mat]
21:17 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
21:18 -!- JackWinter_ [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
21:20 < hosler> pEYEd: check ur routes
21:22 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
21:24 < pEYEd> hosler: it looks ok to me  http://sprunge.us/JOiD
21:27 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
21:34 < pEYEd> But I 'can' create a static connection and ping to the other side  https://bpaste.net/show/9d192d023718  but not using rsa
21:35 < pEYEd> the keys are verified and identical
21:51 -!- MikeH__ [~mystica55@97-118-166-64.hlrn.qwest.net] has joined #openvpn
21:52 -!- mystica555_ [~mystica55@97-118-188-203.hlrn.qwest.net] has quit [Ping timeout: 240 seconds]
21:52 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Quit: biggi_mat]
21:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:13 -!- explody [~explody@c-24-21-138-99.hsd1.or.comcast.net] has quit [Quit: explody]
22:15 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
22:16 -!- MikeH__ [~mystica55@97-118-166-64.hlrn.qwest.net] has quit [Ping timeout: 264 seconds]
22:22 -!- MikeH__ [~mystica55@97-118-170-98.hlrn.qwest.net] has joined #openvpn
22:32 < james41382> What's the best way to setup a site to site VPN with OpenVPN?
22:50 -!- alec-b [~alec@27.32.103.87.rev.vodafone.pt] has quit [Ping timeout: 268 seconds]
22:52 -!- AMERICAN_PSYCHO [~AMERICAN_@23.247.148.229] has joined #openvpn
23:18 -!- ShadniX [dagger@p5DDFCC4E.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:18 -!- ShadniX [dagger@p5DDFDA50.dip0.t-ipconnect.de] has joined #openvpn
23:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:51 -!- AMERICAN_PSYCHO [~AMERICAN_@23.247.148.229] has quit [Ping timeout: 255 seconds]
--- Day changed Sat Oct 17 2015
00:05 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
00:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:26 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:43 -!- CGML_ is now known as CGML
00:47 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:02 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 260 seconds]
01:08 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
01:16 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Read error: Connection reset by peer]
01:17 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
01:28 -!- HardWall [~HardWall@2a02:2f0e:10:c000:c969:a60a:e5ed:b1ae] has joined #openvpn
01:49 -!- zenmower [~zm@vitaslug.com] has joined #openvpn
01:52 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
01:52 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 240 seconds]
01:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:57 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:20 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
02:20 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
02:23 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
02:23 -!- KronoZ [~KronoZ@proxy.kronoz.guru] has left #openvpn ["Leaving"]
02:25 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Client Quit]
02:26 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
02:35 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:41 -!- showaz [~showaz@unaffiliated/showaz] has quit []
02:52 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
02:53 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Client Quit]
03:09 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
03:27 -!- gallatin [~gallatin@2001:4dd0:ff00:9ce5::1] has joined #openvpn
03:29 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Quit: biggi_mat]
03:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:03 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:09 -!- roentgen [~quassel@2a02:2f0a:b05f:fa00:c0c9:bce5:bbef:3e16] has joined #openvpn
04:19 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
04:19 -!- AMERICAN_PSYCHO [~AMERICAN_@66.187.64.70] has joined #openvpn
04:30 -!- AMERICAN_PSYCHO [~AMERICAN_@66.187.64.70] has quit [Max SendQ exceeded]
04:34 -!- tapout [~tapout@unaffiliated/tapout] has quit [Quit: ZNC - http://znc.sourceforge.net]
04:37 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:39 -!- AMERICAN_PSYCHO [~AMERICAN_@66.187.64.13] has joined #openvpn
04:45 -!- AMERICAN_PSYCHO [~AMERICAN_@66.187.64.13] has quit [Max SendQ exceeded]
04:46 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
04:56 -!- roentgen [~quassel@2a02:2f0a:b05f:fa00:c0c9:bce5:bbef:3e16] has quit [Remote host closed the connection]
04:57 -!- roentgen [~none@2a02:2f0a:b05f:fa00:c0c9:bce5:bbef:3e16] has joined #openvpn
04:59 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
04:59 -!- HardWall [~HardWall@2a02:2f0e:10:c000:c969:a60a:e5ed:b1ae] has quit [Read error: Connection reset by peer]
05:03 -!- subscope [~subscope@92-249-244-110.pool.digikabel.hu] has joined #openvpn
05:15 -!- roentgen [~none@2a02:2f0a:b05f:fa00:c0c9:bce5:bbef:3e16] has quit [Changing host]
05:15 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
05:24 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
05:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:07 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
06:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:34 -!- shiriru [~shiriru@84.238.149.137] has quit [Ping timeout: 240 seconds]
06:56 -!- subscope [~subscope@92-249-244-110.pool.digikabel.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:19 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
07:23 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:27 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
07:39 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
07:53 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 246 seconds]
07:54 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
07:54 -!- mode/#openvpn [+o syzzer] by ChanServ
08:17 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 246 seconds]
08:18 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
08:18 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
08:18 -!- mode/#openvpn [+o syzzer] by ChanServ
08:19 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
08:24 -!- gallatin [~gallatin@2001:4dd0:ff00:9ce5::1] has quit [Quit: Client exiting]
08:29 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
08:30 -!- Mavrikant [~Mavrikant@wikimedia/Mavrikant] has left #openvpn ["Leaving"]
08:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
08:34 -!- aedend [~aeden__d@unaffiliated/aedend] has joined #openvpn
08:35 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
08:37 < aedend> Trying to solve some dns leak issues, have tried several different configs but still showing leaks. Commented out #dnsmasq, gateway set to autolocal, packet fwd set in sysctl.conf, and I've NAT the outgoing packets
08:42 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
08:43 -!- aedend [~aeden__d@unaffiliated/aedend] has quit [Quit: Leaving]
08:45 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
08:48 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
08:55 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
09:05 -!- subscope [~subscope@92-249-244-110.pool.digikabel.hu] has joined #openvpn
09:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:32 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:37 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Remote host closed the connection]
09:39 -!- toli [~toli@ip-62-235-216-80.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
09:39 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:40 -!- toli [~toli@ip-62-235-215-12.dsl.scarlet.be] has joined #openvpn
09:44 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:48 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
09:56 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:00 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-frieyknjlopqleao] has joined #openvpn
10:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:20 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
10:21 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
10:29 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
10:59 -!- NOPonPOP [~null@unaffiliated/chek0v] has joined #openvpn
10:59 < NOPonPOP> any openvpn active contributors awake?
10:59 < NOPonPOP> wanting to briefly discuss some implementation details
11:08 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:09 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
11:11 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Quit: biggi_mat]
11:22 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
11:26 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:35 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
11:41 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:42 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
12:00 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Quit: biggi_mat]
12:01 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
12:03 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Client Quit]
12:27 -!- FlorianBd [~FlorianBd@florianbador.com] has joined #openvpn
12:28 < FlorianBd> Hi all :)
12:28 < FlorianBd> Just wondering something, is VPN compressed?
12:28 < FlorianBd> e.g. is that absurd to compress some VNC that goes through VPN?
12:29 < FlorianBd> ideally, if I setup a VNC-like that goes through VPN, I would prefer to compress at the VPN level than VNC, unless there's a good reason
12:42 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
12:51 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
13:07 -!- link0 [~dennisdeg@backend0.link0.net] has joined #openvpn
13:47 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
13:50 -!- mystica555_ [~mystica55@75-166-115-245.hlrn.qwest.net] has joined #openvpn
13:51 -!- MikeH__ [~mystica55@97-118-170-98.hlrn.qwest.net] has quit [Ping timeout: 265 seconds]
14:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:30 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Quit: biggi_mat]
14:35 < wowaname> there's a compression option
14:35 < wowaname> FlorianBd
14:35 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:52 < FlorianBd> wowaname: you mean to choose which algorithm?
14:52 < wowaname> i mean look at the option comp-lzo
14:53 < FlorianBd> ah, ok thanks
14:56 < wowaname> good luck
14:56 < wowaname> i certainly need luck
14:56 < wowaname> i may paste my config if i cant get this soon
14:59 < FlorianBd> oh! there's an ADAPTIVE compression, that is GREAT
15:00 < FlorianBd> so comp-lzo is enabled or disabled by default?
15:00 < wowaname> enabled by default for my config
15:00 < wowaname> make sure your server supports it though
15:00 < wowaname> then add the comp-lzo line to your client config
15:02 < FlorianBd> ok, they're in both already, so that's perfect
15:02 < FlorianBd> I guess that's the most common setup, it makes more sense
15:04 < wowaname> surely, saves on bandwidth :p
15:04 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 272 seconds]
15:07 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
15:18 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Read error: Connection reset by peer]
15:25 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:34 -!- subscope [~subscope@92-249-244-110.pool.digikabel.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:34 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
16:40 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has joined #openvpn
16:49 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
17:03 -!- metaf5 [~metaf5@31.220.42.38] has joined #openvpn
17:04 -!- biggi_mat [~biggi_mat@50-0-172-53.dsl.dynamic.fusionbroadband.com] has quit [Quit: biggi_mat]
17:09 -!- Syf [~syf@host-92-13-211-42.as43234.net] has joined #openvpn
17:21 < Syf> !poodle
17:21 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
17:22 -!- NOPonPOP [~null@unaffiliated/chek0v] has left #openvpn []
17:48 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:14 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 256 seconds]
18:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:26 -!- Syf [~syf@host-92-13-211-42.as43234.net] has quit []
18:30 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
18:41 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
18:47 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
18:54 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
19:15 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit []
19:16 -!- biggi_mat [~biggi_mat@216.9.110.5] has joined #openvpn
19:29 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-awwtrztiyehoibpf] has joined #openvpn
19:29 < wallbroken> hi
19:30 < wallbroken> autologin profile is used to avoid password asking on connect?
19:36 -!- biggi_mat [~biggi_mat@216.9.110.5] has quit [Quit: biggi_mat]
19:56 -!- biggi_mat [~biggi_mat@216.9.110.2] has joined #openvpn
20:30 -!- biggi_mat [~biggi_mat@216.9.110.2] has quit [Quit: biggi_mat]
20:37 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
20:40 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
20:46 -!- Kobaz [~kobaz@its.kobaz.net] has left #openvpn []
20:48 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
20:50 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
21:01 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
21:37 -!- cheesenbiscuits [~cheesenbi@175.142.64.58] has joined #openvpn
21:41 -!- mystica555_ [~mystica55@75-166-115-245.hlrn.qwest.net] has quit [Ping timeout: 272 seconds]
21:55 -!- mystica555 [~mystica55@97-118-167-112.hlrn.qwest.net] has joined #openvpn
21:58 -!- mystica555_ [~mystica55@97-118-168-154.hlrn.qwest.net] has joined #openvpn
21:59 -!- MikeH__ [~mystica55@97-118-168-180.hlrn.qwest.net] has joined #openvpn
22:02 -!- mystica555 [~mystica55@97-118-167-112.hlrn.qwest.net] has quit [Ping timeout: 256 seconds]
22:02 -!- mystica555 [~mystica55@97-118-168-83.hlrn.qwest.net] has joined #openvpn
22:03 -!- ljvb [~jason@us.vps.vanbrecht.com] has quit [Quit: BitchX-1.2.1 -- just do it.]
22:03 -!- mystica555_ [~mystica55@97-118-168-154.hlrn.qwest.net] has quit [Ping timeout: 272 seconds]
22:03 -!- MikeH__ [~mystica55@97-118-168-180.hlrn.qwest.net] has quit [Ping timeout: 255 seconds]
22:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:15 -!- ShadniX [dagger@p5DDFDA50.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:16 -!- ShadniX [dagger@p5DDFDBBB.dip0.t-ipconnect.de] has joined #openvpn
23:54 -!- MyNameIsJared [~MyNameIsJ@212-129-42-52.rev.poneytelecom.eu] has joined #openvpn
23:57 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
23:58 -!- pipecloud [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
23:58 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
--- Day changed Sun Oct 18 2015
00:00 -!- joako_ [~joako@opensuse/member/joak0] has joined #openvpn
00:00 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
00:03 -!- plai [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
00:03 -!- mode/#openvpn [+o plai] by ChanServ
00:06 -!- iNs_ [~ins@85.17.164.26] has joined #openvpn
00:06 -!- Gaffeltruck [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
00:06 -!- Netsplit *.net <-> *.split quits: thumbs, joako, jzaw, iNs, madmattco, rich0, xeon-enouf, Haseo, @plaisthos, brizz,  (+20 more, use /NETSPLIT to show all of them)
00:06 -!- joako_ is now known as joako
00:06 -!- Netsplit over, joins: DArqueBishop
00:06 -!- pipecloud is now known as pipework
00:06 -!- Netsplit over, joins: madmattco
00:06 -!- phantomcircuit_ [~phantomci@strateman.ninja] has joined #openvpn
00:07 -!- phantomcircuit_ is now known as phantomcircuit
00:07 -!- Netsplit over, joins: thumbs
00:07 -!- Netsplit over, joins: [DS]Matej
00:08 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
00:08 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
00:09 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
00:10 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
00:13 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
00:14 -!- Ssquidly [~squidly@buttle.nnx.com] has joined #openvpn
00:14 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
00:19 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
00:19 -!- mode/#openvpn [+o syzzer] by ChanServ
00:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:52 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
01:01 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
02:03 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
02:05 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
02:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:30 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:05 -!- cheesenbiscuits [~cheesenbi@175.142.64.58] has quit []
03:07 -!- wowaname [~kloeri@unaffiliated/wowaname/bot/bubblebass] has quit [Remote host closed the connection]
03:23 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-frieyknjlopqleao] has quit [Quit: Connection closed for inactivity]
03:45 -!- roentgen_ [~none@unaffiliated/roentgen] has joined #openvpn
03:48 -!- roentgen [~none@unaffiliated/roentgen] has quit [Ping timeout: 240 seconds]
04:02 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
04:22 -!- ketas [~ketas@123-88-235-80.dyn.estpak.ee] has joined #openvpn
04:22 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:24 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:32 -!- link0 [~dennisdeg@backend0.link0.net] has joined #openvpn
04:32 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:17 -!- moviuro_ is now known as moviuro
05:38 -!- atralheaven_ [~atralheav@5.122.152.183] has joined #openvpn
05:39 < atralheaven_> Hi, I have problem with connecting to my openvpn account. I live in Iran, it may be because of government DPI, how can I know if government has enabled DPI on internet? thanks
05:40 < atralheaven_> btw I use port 443 for openvpn
05:46 < atralheaven_> it was working, and now it doesn't. I have not changed anything!
05:52 -!- rich0_ is now known as rich0
06:02 -!- atralheaven_ [~atralheav@5.122.152.183] has quit [Quit: Leaving.]
06:02 -!- atralheaven_ [~atralheav@5.122.152.183] has joined #openvpn
06:06 -!- ketas is now known as ketas--
06:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:21 <@plai> !support
06:21 <@plai> atralheaven_: ask your vpn providers support
06:21 < atralheaven_> its my own server
06:21 <@plai> well then
06:22 <@plai> look into tcpdump on both sides
06:22 <@plai> and see if there is something wrong
06:22 <@plai> like few packets going through and then a rst or nothing works anything
06:22 <@plai> anymore
06:22 < atralheaven_> what is it? and how can I check?
06:25 <@plai> for wireshark/tcpdump you probably need to have a basic tcp knowlege to know what is going on
06:25 < atralheaven_> well,
06:26 < atralheaven_> I don't know much about networks
06:26 < atralheaven_> I should say I don't know anything :D
06:26 <@plai> err
06:26 <@plai> No idea then
06:26 <@plai> never worked with DPI, sorry
06:26 < Gaffeltruck> Check the OpenVPN log then.
06:26 <@plai> try another port
06:27 < atralheaven_> I did, doesn't work
06:27 < Gaffeltruck> Server log can be useful.
06:27 <@plai> try tls-auth
06:27 < atralheaven_> do you live somewhere with free internet?
06:27 < atralheaven_> by free I mean freedom
06:27 <@plai> that scrambles the packets
06:27 <@plai> or --static
06:27 <@plai> atralheaven_: yeah, europe
06:28 <@plai> we export those nasty dpi stuff
06:28 < Gaffeltruck> Europe is a vague answer.
06:28 < atralheaven_> if I send you the .ovpn file, may you check if it connects?
06:28 <@plai> Gaffeltruck: germany
06:28 < atralheaven_> my server is located on NL
06:28 <@plai> got to go
06:28 <@plai> sorry
06:28 < atralheaven_> ok...
06:29 -!- atralheaven_ [~atralheav@5.122.152.183] has left #openvpn []
06:34 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:09 < wallbroken> autologin profile is used to avoid password asking on connect?
07:21 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
07:21 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
07:22 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
07:23 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
07:23 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
07:24 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
07:25 -!- somis [~somis@70.38.6.190] has joined #openvpn
07:27 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
07:30 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
07:53 -!- ketas-- [~ketas@123-88-235-80.dyn.estpak.ee] has quit []
08:02 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:10 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
08:11 -!- pEYEd [~kvirc@32.209.66.82] has quit [Ping timeout: 240 seconds]
08:14 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
08:18 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Remote host closed the connection]
08:39 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:50 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
08:52 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
08:58 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
09:08 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
09:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:58 < _FBi> sup guys!?
09:59 < skyroveRR> I want to see your warrant!
10:00 < skyroveRR> And your ID.
10:00 < skyroveRR> And your badge.
10:05 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
10:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:20 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
10:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:29 -!- invapid [~invapid@97-104-68-118.res.bhn.net] has joined #openvpn
10:31 < invapid> how do you run openvpn in server mode for testing by the binary itself? openvpn --config [blah] --mode server  ?
10:32 < invapid> hmm, maybe just openvpn [config]
10:42 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
10:55 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:08 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:17 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
11:25 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:36 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
11:52 -!- atralheaven_ [~atralheav@5.121.214.108] has joined #openvpn
11:52 < atralheaven_> guys I need help!
11:54 < atralheaven_> I don't know what they have done, I can't connect to my server openvpn, I haven't change anything at all, but it doesn't work anymore. I live in Iran it can be from government firewalling
12:10 < wallbroken> autologin profile is used to avoid password asking on connect?
12:11 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Quit: Leaving.]
12:16 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has joined #openvpn
12:38 < atralheaven_> no one answers :(
12:39 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Read error: Connection reset by peer]
12:42 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
12:48 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
13:03 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:04 -!- Cosmoe [~Freenode@ks3301831.kimsufi.com] has quit [Remote host closed the connection]
13:08 < invapid> anyone know how to generate the "ca" "cert" and "key" using the openssl command, or know good docs?
13:10 < invapid> hmm, some people are using pktool instead
13:10 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
13:21 < invapid> I'm assuming "openssl req -new -x509 -nodes -out ca.pem -keyout ca.pem" can generate the "ca", "cert" and "key" fields for server
13:22 < invapid> and then you can copy the CERTIFICATE part which will also be the "ca" field for the client
13:46 -!- atralheaven_ [~atralheav@5.121.214.108] has quit [Ping timeout: 240 seconds]
13:59 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Excess Flood]
13:59 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
14:04 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 250 seconds]
14:09 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
14:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:16 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
14:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:27 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
15:01 < ValdikSS> Thermi: And latest version of Win10 again broke IPv4/v6 settings dialog for vpn.
15:01 < Thermi> ValdikSS: Sounds like success for Microsoft
15:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:30 -!- CompaIce [~CompaIce@pool-108-19-145-184.dllstx.fios.verizon.net] has joined #openvpn
15:34 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has quit [Quit: biggi_mat]
15:42 -!- thron77 [~thron@ti0090a400-0777.bb.online.no] has joined #openvpn
15:45 < thron77> Is is normal for VPN to block listening ports on eth0 LAN IP when active? Never had this issue on Windows. I always expected VPN to not disturb incoming traffic on LAN IP.
15:46 < thron77> This is Ubuntu (15.04) btw.
15:47 < thron77> And the usenetserver vpn service. When used on Windows, listening ports on the LAN IP are still open. Not so on Linux.
15:58 -!- somis [~somis@70.38.6.190] has quit [Quit: Leaving]
16:01 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 240 seconds]
16:08 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
16:13 -!- somis [~somis@167.160.44.205] has joined #openvpn
16:18 -!- FlorianBd [~FlorianBd@florianbador.com] has left #openvpn []
16:18 -!- CompaIce [~CompaIce@pool-108-19-145-184.dllstx.fios.verizon.net] has quit [Quit: Leaving]
16:22 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Read error: Connection reset by peer]
16:24 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:26 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
16:45 < invapid> http://pastebin.com/raw.php?i=Db4VnbmJ # TLDR "VERIFY ERROR: depth=0, error=self signed certificate"
16:45 < invapid> that's server output
16:46 < invapid> client isn't complaining though
16:48 < invapid> ca.crt is used for both client/server in "ca" param
16:54 -!- thron77 [~thron@ti0090a400-0777.bb.online.no] has quit [Ping timeout: 260 seconds]
16:56 < invapid> hmm I generated a CA cert which I'm using for for "ca", "key", "cert" config params
16:56 < invapid> but you're suposed to use CA cert to sign/make a root cert and use that instead?
16:56 < invapid> for the "key" + "cert" I assume
16:56 < invapid> server-side
16:57 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 246 seconds]
16:59 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
17:16 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
17:24 -!- Gaffeltruck [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
17:31 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
17:52 -!- mimino [~sa@pool-96-232-99-235.nycmny.fios.verizon.net] has joined #openvpn
17:54 < mimino> hey guys, could somebody tell me how I can route only wifi traffic (separate subnet) through vpn?
17:58 < mimino> I've got the gl.inet device with openvpn client running on openwrt, server does "push route" but I don't want this route to apply to my client LAN, only to wireless AP
17:59 < mimino> anyone?
18:08 -!- someone_ [~someone@somewhe.re] has joined #openvpn
18:09 -!- someone [~someone@sonoshee.chronostasis.net] has quit [Quit: ZNC - http://znc.in]
18:09 -!- someone_ is now known as someone
18:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:17 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:26 -!- somis [~somis@167.160.44.205] has quit [Ping timeout: 255 seconds]
18:28 -!- somis [~somis@167.160.44.233] has joined #openvpn
18:34 -!- alec-b [~alec@159.240.28.37.rev.vodafone.pt] has joined #openvpn
18:42 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.2]
18:53 -!- somis [~somis@167.160.44.233] has quit [Quit: Leaving]
18:57 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
18:59 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
19:13 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
19:15 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
19:36 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
19:41 -!- manglav [c04defc3@gateway/web/freenode/ip.192.77.239.195] has joined #openvpn
19:41 -!- krzie [ba95f387@openvpn/community/support/krzee] has joined #openvpn
19:41 -!- mode/#openvpn [+o krzie] by ChanServ
19:41 -!- mimino [~sa@pool-96-232-99-235.nycmny.fios.verizon.net] has quit [Quit: WeeChat 1.3]
19:43 <@krzie> !easy-rsa
19:43 <@vpnHelper> "easy-rsa" is (#1) easy-rsa is a certificate generation utility. or (#2) Download here: https://github.com/OpenVPN/easy-rsa/releases or (#3) Tutorial here: https://community.openvpn.net/openvpn/wiki/EasyRSA
19:48 -!- somis [~somis@167.160.44.233] has joined #openvpn
19:54 <@krzie> !iosinline
19:54 <@krzie> !ios
19:54 <@krzie> !inline
19:54 <@vpnHelper> "inline" is (#1) Inline files (e.g. <ca> ... </ca> are supported since OpenVPN 2.1rc1 and documented in the OpenVPN 2.3 man page at https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAV or (#2) https://community.openvpn.net/openvpn/wiki/IOSinline for a writeup that includes how to use inline certs
20:01 < manglav> https://notepad.cc/vobede59
20:01 <@krzie> !certverify
20:01 <@vpnHelper> "certverify" is (#1) verify your certs are signed correctly by running `openssl verify -CAfile <ca.crt> <client.crt>` for client.crt and server.crt or (#2) also make sure you use the same ca.crt on both sides by checking their md5
20:01 <@vpnHelper> Title: notepad.cc / vobede59 (at notepad.cc)
20:20 -!- invapid [~invapid@97-104-68-118.res.bhn.net] has quit [Quit: leaving]
20:22 -!- somis [~somis@167.160.44.233] has quit [Quit: Leaving]
20:40 <@krzie> !hmac
20:40 <@vpnHelper> "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. or (#2) openvpn --genkey --secret ta.key to make the tls
20:40 <@vpnHelper> static key , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs
20:46 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 250 seconds]
20:48 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
21:15 -!- manglav [c04defc3@gateway/web/freenode/ip.192.77.239.195] has quit [Ping timeout: 246 seconds]
21:18 -!- krzie [ba95f387@openvpn/community/support/krzee] has quit [Quit: Page closed]
21:39 -!- toli [~toli@ip-62-235-215-12.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
21:40 -!- toli [~toli@ip-62-235-214-184.dsl.scarlet.be] has joined #openvpn
22:04 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 260 seconds]
22:05 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
22:05 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
22:09 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has joined #openvpn
22:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:15 < c|oneman> I've got openvpn server setup but clients can't reach the subnet I want
22:16 < c|oneman> im not sure if im supposed to beusing iptables or route
22:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:42 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:51 -!- Aww [aww@12fcali.online] has joined #openvpn
23:06 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 256 seconds]
23:08 -!- Exagone313 [exa@elou.world] has joined #openvpn
23:16 -!- ShadniX [dagger@p5DDFDBBB.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:17 -!- ShadniX [dagger@p5481C195.dip0.t-ipconnect.de] has joined #openvpn
23:19 < c|oneman> iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE
23:19 < c|oneman> that's what I was looking for
23:25 -!- Buba1 [~Buba1@unaffiliated/buba1] has joined #openvpn
23:25 -!- Buba1 [~Buba1@unaffiliated/buba1] has quit [Remote host closed the connection]
23:25 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
23:26 -!- Buba1 [~Buba1@unaffiliated/buba1] has joined #openvpn
23:56 -!- Buba1 [~Buba1@unaffiliated/buba1] has quit [Ping timeout: 240 seconds]
--- Day changed Mon Oct 19 2015
00:01 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:55 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has quit [Quit: biggi_mat]
01:22 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
01:27 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:35 -!- biggi_mat [~biggi_mat@89.143.12.238] has joined #openvpn
01:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:47 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:21 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:37 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
02:44 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
02:48 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
02:55 -!- Lope [~Lope@118.107.218.5] has joined #openvpn
02:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:18 < Lope> I've setup and restarted the openvpn service on both ends, but I don't have any tun adapters when I type ip addr show. Any ideas?
03:22 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
03:24 < Lope> http://codepad.org/AUDFCyxN
03:24 <@vpnHelper> Title: Plain Text code - 21 lines - codepad (at codepad.org)
03:28 < Lope> I'm behind a NAT I don't control. When I switched from UDP to TCP, the tun adapters appeared and it connected. Any ideas on how I can get UDP connected?
03:33 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:40 < Lope> Okay I've tried putting the VPN server on port 53 and connecting to it there. With a ping every second. No dice.
03:55 < Lope> I've discovered openvpn doesn't like the line proto udp-server
04:15 -!- alec-b [~alec@159.240.28.37.rev.vodafone.pt] has quit [Ping timeout: 264 seconds]
04:16 -!- alec-b [~alec@172.236.28.37.rev.vodafone.pt] has joined #openvpn
04:17 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 250 seconds]
04:18 -!- Lope [~Lope@118.107.218.5] has quit [Ping timeout: 272 seconds]
04:24 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
04:34 -!- Lope [~Lope@197.244.50.60.brf03-home.tm.net.my] has joined #openvpn
04:52 -!- Lope [~Lope@197.244.50.60.brf03-home.tm.net.my] has quit [Ping timeout: 265 seconds]
05:05 -!- Lope [~Lope@118.107.218.5] has joined #openvpn
05:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 264 seconds]
05:26 -!- biax [~biax@unaffiliated/biax] has joined #openvpn
05:34 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:34 -!- mode/#openvpn [+o mattock1] by ChanServ
05:35 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:52 -!- obbs_ [~obbs@unaffiliated/obbs] has joined #openvpn
05:53 -!- obbs [~obbs@unaffiliated/obbs] has quit [Ping timeout: 255 seconds]
06:00 -!- obbs_ is now known as obbs
06:06 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
06:12 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
06:12 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:12 -!- mode/#openvpn [+o mattock1] by ChanServ
06:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:15 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:15 -!- mode/#openvpn [+o mattock2] by ChanServ
06:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
06:18 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
06:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:48 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
06:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:50 -!- mode/#openvpn [+o mattock1] by ChanServ
06:57 -!- Lope [~Lope@118.107.218.5] has quit [Ping timeout: 252 seconds]
07:12 -!- u0m3 [~u0m3@92.80.89.209] has quit [Ping timeout: 264 seconds]
07:13 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
07:15 -!- Lope [~Lope@118.107.218.5] has joined #openvpn
07:29 -!- u0m3 [~u0m3@92.80.97.104] has joined #openvpn
07:42 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
07:44 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
07:52 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:52 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:57 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has quit [K-Lined]
07:58 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
08:04 -!- Lope [~Lope@118.107.218.5] has quit [Ping timeout: 272 seconds]
08:12 -!- somis [~somis@167.160.44.233] has joined #openvpn
08:14 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:14 -!- mode/#openvpn [+o mattock1] by ChanServ
08:16 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Quit: End of line.]
08:17 -!- atralheaven_ [~atralheav@5.121.22.153] has joined #openvpn
08:17 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
08:17 < atralheaven_> Hello, is anyone here?
08:21 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 244 seconds]
08:23 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
08:26 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:26 -!- mode/#openvpn [+o mattock2] by ChanServ
08:26 <@plai> !ask
08:26 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
08:31 < atralheaven_> vpnHelper: I've asked my question here several times, but there was no one active here, I just wanted to make sure that someone is here to read what I write!
08:33 -!- Lope [~Lope@118.107.218.5] has joined #openvpn
08:49 -!- atralheaven_ [~atralheav@5.121.22.153] has quit [Ping timeout: 240 seconds]
08:51 -!- troulouliou_div2 [~troulouli@unaffiliated/troulouliou-div2/x-0271439] has joined #openvpn
08:53 < troulouliou_div2> hi i m testing some RTP traffic over openvpn ; on a wifi/ethernet link i have a perfect quality with a packet length of 1448 max; on 3G/4G i have ultra bad quality with pacquet length at 4052 max
08:53 < troulouliou_div2> is there anythong to configure in openvpn to prevent this ?
08:55 -!- biggi_mat [~biggi_mat@89.143.12.238] has quit [Quit: biggi_mat]
09:07 -!- bf_ [~bf_@xdsl-78-35-226-12.netcologne.de] has joined #openvpn
09:20 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has joined #openvpn
09:32 < wallbroken> autologin profile is used to avoid password asking on connect?
09:47 <@plai> wallbroken: sorry no idea
09:48 <@plai> that is commercial thingy
09:48 <@plai> OpenVPN itself does not really have that feature
10:00 -!- Lope [~Lope@118.107.218.5] has quit [Ping timeout: 250 seconds]
10:04 < troulouliou_div2> any idea how to prevent tcp packet len ov > 4000 between an android client and linux server ?
10:08 <@plai> troulouliou_div2: ?!
10:08 <@plai> troulouliou_div2: tcp packets should honour mtu
10:08 <@plai> and tcp framing is done by Linux
10:09 < troulouliou_div2> plai, i just don't get when i m using wifi from android client i alwauys get max tcp pacquets on a tcp-server client of 1448
10:10 < troulouliou_div2> plai, as soon as  i use 3G rmmnet0 i get pacquet of up to 4052
10:10 < troulouliou_div2> and as soon as it starts the communications are broken
10:11 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:15 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has quit [Quit: biggi_mat]
10:19 -!- Lope [~Lope@197.244.50.60.brf03-home.tm.net.my] has joined #openvpn
10:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Remote host closed the connection]
10:35 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:44 -!- wCPO [~Kristian@unaffiliated/wcpo] has joined #openvpn
10:44 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
10:45 < wCPO> I'm trying to using TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 as tls-cipher, but I getting "no shared cipher". Both client and server list it.
10:49 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
10:51 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 240 seconds]
10:53 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:57 < troulouliou_div2> i think i m faciong an incompatibility between openvpn android client and linux server; i m getting ip total length in wireshark greater then MSS with the don't fragment set
11:10 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:14 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
11:15 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:17 -!- Lope [~Lope@197.244.50.60.brf03-home.tm.net.my] has quit [Ping timeout: 250 seconds]
11:27 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
11:31 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
11:31 -!- Champi [Champi@damn.e-leet.be] has quit [Ping timeout: 264 seconds]
11:31 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 264 seconds]
11:32 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
11:32 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
11:32 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
11:32 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 264 seconds]
11:33 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
11:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
11:33 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 264 seconds]
11:33 -!- zenmower [~zm@vitaslug.com] has quit [Ping timeout: 264 seconds]
11:33 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 264 seconds]
11:33 -!- nutron [~nutron@unaffiliated/nutron] has quit [Ping timeout: 264 seconds]
11:33 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
11:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
11:34 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
11:36 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
11:37 -!- zenmower [~zm@vitaslug.com] has joined #openvpn
11:37 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
11:37 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
11:37 -!- Champi [Champi@damn.e-leet.be] has joined #openvpn
11:39 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
11:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
11:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
11:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
11:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
11:47 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
11:47 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
11:48 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:51 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
11:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
11:57 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
11:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:00 -!- Lope [~Lope@128.199.77.95] has joined #openvpn
12:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
12:03 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:04 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has joined #openvpn
12:08 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
12:09 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:14 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
12:15 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
12:19 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:22 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:22 -!- mode/#openvpn [+o mattock2] by ChanServ
12:23 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
12:25 -!- bf_ [~bf_@xdsl-78-35-226-12.netcologne.de] has quit [Ping timeout: 272 seconds]
12:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
12:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:29 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:31 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
12:32 -!- HardWall [~HardWall@2a02:2f0e:10:c000:403f:92cd:eb4a:14da] has joined #openvpn
12:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:34 < obbs> I'm running an OpenVPN with the client being in China, are there any things I should be aware of?
12:35 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
12:36 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
12:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:37 < troulouliou_div2> obbs, http://www.vpnanswers.com/bypass-great-firewall-hide-openvpn-in-china-2015/
12:37 <@vpnHelper> Title: Bypass the Great Firewall and Hide Your OpenVPN In China (at www.vpnanswers.com)
12:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
12:39 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:40 -!- Lope [~Lope@128.199.77.95] has quit [Ping timeout: 240 seconds]
12:42 < wCPO> Anyone which use TLS-ECDHE-* as tls-chiper, and got it working?
12:43 < obbs> Thanks troulouliou_div2 I've set up OpenVPN a lot, but not for someone in China, just wasn't sure if ports should be changed or if I'd need to take extra steps to ensure DNS leakage doesn't occur
12:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
12:45 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:48 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 260 seconds]
12:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
12:50 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
12:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:55 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
12:56 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:01 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
13:02 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:07 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
13:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:13 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
13:14 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
13:20 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:23 -!- troulouliou_div2 [~troulouli@unaffiliated/troulouliou-div2/x-0271439] has quit [Remote host closed the connection]
13:25 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
13:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:31 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
13:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:32 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:36 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
13:37 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:42 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
13:43 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:48 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-awwtrztiyehoibpf] has left #openvpn []
13:48 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
13:49 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
13:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:58 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
14:16 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
14:24 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
14:26 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
14:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:43 -!- atralheaven_ [~atralheav@5.121.195.193] has joined #openvpn
14:56 -!- noecc [~irc@unaffiliated/noecc] has quit [Remote host closed the connection]
14:59 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
15:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:05 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 240 seconds]
15:06 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:23 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 255 seconds]
15:28 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:28 -!- arnaud_dsa [~arnaud_ds@LPointe-a-Pitre-656-1-30-104.w81-248.abo.wanadoo.fr] has joined #openvpn
15:33 < arnaud_dsa> !welcome
15:33 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:33 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:34 < arnaud_dsa> !redirect
15:34 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
15:34 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
15:34 < arnaud_dsa> !ipforward
15:34 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
15:35 < arnaud_dsa> !goal
15:35 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
15:55 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
16:15 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
16:16 -!- arnaud_dsa [~arnaud_ds@LPointe-a-Pitre-656-1-30-104.w81-248.abo.wanadoo.fr] has quit [Quit: arnaud_dsa]
16:20 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has joined #openvpn
16:39 -!- HardWall [~HardWall@2a02:2f0e:10:c000:403f:92cd:eb4a:14da] has quit [Read error: Connection reset by peer]
16:46 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has quit [Quit: biggi_mat]
16:54 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 240 seconds]
16:58 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
17:04 -!- Buba1 [~Buba1@unaffiliated/buba1] has joined #openvpn
17:06 -!- atralheaven_ [~atralheav@5.121.195.193] has left #openvpn []
17:06 -!- Buba1 [~Buba1@unaffiliated/buba1] has quit [Client Quit]
17:09 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
17:13 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 240 seconds]
17:28 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:33 -!- Matir [~matir@ubuntu/member/matir] has quit [Ping timeout: 256 seconds]
17:34 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
17:38 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:52 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:46 -!- wCPO [~Kristian@unaffiliated/wcpo] has quit [Ping timeout: 246 seconds]
19:22 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
19:25 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
19:27 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
19:50 -!- Eneerge [~eneergeal@unaffiliated/eneerge] has joined #openvpn
19:51 < Eneerge> I have a vpn config file that works just fine when I use OpenVPN GUI to connect. I just click Connect, everything works fine. When i start the OpenVPN Service, it never even attempts to connect and it's processing the same config file. Any ideas?
19:53 < Eneerge> is there something wrong with the service?
19:53 < Eneerge> ive had this working on an older version
19:57 < Eneerge> the log just shows 2 lines: openvpn version and then the version of openssl
19:57 < Eneerge> after that it does nothing
19:57 < Eneerge> if I intentionally screw up the config, it will say theres an error in the config file
19:57 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
19:57 < Eneerge> once i fix the error, it just prints those 2 lines without any other info
19:58 < Eneerge> and it never attempts to make any connection
19:58 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has quit [Quit: splud]
19:59 < Eneerge> enter management password: is what should be on the third line, but it never shows up, which makes me think it's not reading in the username/password
20:00 < Eneerge> it doesnt flush the output out
20:01 < Eneerge> tried converting eol to unix and windows
20:02 < Eneerge> for the password file
20:07 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 255 seconds]
20:15 < Eneerge> hmm removed a few lines
20:15 < Eneerge> fixed
20:27 -!- Eneerge [~eneergeal@unaffiliated/eneerge] has quit []
20:44 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
20:57 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
20:59 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
21:35 -!- biax [~biax@unaffiliated/biax] has quit [Quit: bye]
21:46 -!- somis [~somis@167.160.44.233] has quit [Quit: Leaving]
21:57 -!- arnaud_dsa [~arnaud_ds@APointe-a-Pitre-651-1-306-153.w90-31.abo.wanadoo.fr] has joined #openvpn
22:14 -!- AMERICAN_PSYCHO [~AMERICAN_@23.105.41.147] has joined #openvpn
22:16 -!- AMERICAN_PSYCHO [~AMERICAN_@23.105.41.147] has quit [Max SendQ exceeded]
22:17 -!- AMERICAN_PSYCHO [~AMERICAN_@23.105.41.147] has joined #openvpn
22:39 -!- mystica555_ [~mystica55@97-118-161-55.hlrn.qwest.net] has joined #openvpn
22:42 -!- mystica555 [~mystica55@97-118-168-83.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
22:42 -!- MikeH__ [~mystica55@97-118-161-77.hlrn.qwest.net] has joined #openvpn
22:45 -!- mystica555_ [~mystica55@97-118-161-55.hlrn.qwest.net] has quit [Ping timeout: 252 seconds]
22:52 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:14 -!- ShadniX [dagger@p5481C195.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:16 -!- ShadniX [dagger@p5DDFC691.dip0.t-ipconnect.de] has joined #openvpn
23:26 -!- MikeH__ [~mystica55@97-118-161-77.hlrn.qwest.net] has quit [Read error: Connection reset by peer]
23:49 -!- arnaud_dsa [~arnaud_ds@APointe-a-Pitre-651-1-306-153.w90-31.abo.wanadoo.fr] has quit [Quit: arnaud_dsa]
23:50 -!- arnaud_dsa [~arnaud_ds@APointe-a-Pitre-651-1-306-153.w90-31.abo.wanadoo.fr] has joined #openvpn
23:50 -!- arnaud_dsa [~arnaud_ds@APointe-a-Pitre-651-1-306-153.w90-31.abo.wanadoo.fr] has left #openvpn []
23:53 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Tue Oct 20 2015
00:08 -!- mystica555 [~mystica55@2602:61:76a1:4d00:99ea:292d:3e40:e5d6] has joined #openvpn
00:08 -!- phantomcircuit [~phantomci@strateman.ninja] has quit [Ping timeout: 260 seconds]
00:09 -!- AMERICAN_PSYCHO [~AMERICAN_@23.105.41.147] has quit [Ping timeout: 255 seconds]
00:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:43 -!- patsToms [~patsToms@radioa7.lv] has quit [Ping timeout: 252 seconds]
00:50 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:08 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
01:11 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
01:11 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
01:17 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:29 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has joined #openvpn
01:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:29 -!- mode/#openvpn [+o mattock1] by ChanServ
01:33 -!- coffeeguy- [~coffeeguy@gateway/vpn/privateinternetaccess/coffeeguy] has joined #openvpn
01:40 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:40 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has quit [Quit: biggi_mat]
01:41 -!- showaz [~showaz@unaffiliated/showaz] has quit [Remote host closed the connection]
01:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:56 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:59 -!- coffeeguy- [~coffeeguy@gateway/vpn/privateinternetaccess/coffeeguy] has quit [Quit: Leaving]
02:00 -!- arnaud_dsa [~arnaud_ds@APointe-a-Pitre-651-1-306-153.w90-31.abo.wanadoo.fr] has joined #openvpn
02:14 -!- biggi_mat [~biggi_mat@89.143.12.238] has joined #openvpn
02:14 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
02:33 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 260 seconds]
02:36 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
02:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:52 -!- arnaud_dsa [~arnaud_ds@APointe-a-Pitre-651-1-306-153.w90-31.abo.wanadoo.fr] has left #openvpn []
03:28 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
03:28 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
03:45 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 260 seconds]
03:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:03 -!- somis [~somis@167.160.44.233] has joined #openvpn
04:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:09 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Quit: haasn]
04:10 -!- mystica555 [~mystica55@2602:61:76a1:4d00:99ea:292d:3e40:e5d6] has quit [Ping timeout: 246 seconds]
04:11 -!- somis [~somis@167.160.44.233] has quit [Quit: Leaving]
04:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:12 -!- somis [~somis@167.160.44.233] has joined #openvpn
04:16 -!- Aww is now known as PrincessAww
04:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:59 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
05:07 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
05:08 -!- biggi_mat [~biggi_mat@89.143.12.238] has quit [Quit: biggi_mat]
05:12 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:27 -!- PrincessAww is now known as Aww
05:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:39 -!- Garfield is now known as Guest57824
05:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:46 -!- biggi_mat [~biggi_mat@internet-178-58-111-59.narocnik.mobitel.si] has joined #openvpn
05:55 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
05:59 -!- biggi_mat [~biggi_mat@internet-178-58-111-59.narocnik.mobitel.si] has quit [Quit: biggi_mat]
06:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:07 -!- biggi_mat [~biggi_mat@89.143.12.238] has joined #openvpn
06:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:08 -!- AMERICAN_PSYCHO [~AMERICAN_@23.105.33.128] has joined #openvpn
06:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:21 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:39 -!- Guest57824 [~Casper@get.your.free.bnc.at.irc.tools] has left #openvpn []
06:49 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Ping timeout: 240 seconds]
06:54 -!- madmattco [~quassel@znc.madboxes.cc] has quit [Read error: Connection timed out]
06:56 -!- madmattco [~quassel@znc.madboxes.cc] has joined #openvpn
07:01 -!- patsToms [~patsToms@radioa7.lv] has joined #openvpn
07:09 -!- james_woods [~tobi@zentrale1.com] has joined #openvpn
07:10 < james_woods> Hi, I'm using an openssl cert that has already been generated for strongswan (ipsec vpn) and want to reuse it for openvpn - thus I want to generate my client cert directly and make no use of the scripts of the distribution
07:10 < james_woods> can you maybe tell me what switches openvpn is using when generating a client certificate?
07:10 < james_woods> (it seems like it does not like the --dn switch)
07:11 < james_woods> (also the flag --flag ikeIntermediate seems to cause problems)
07:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:13 < james_woods> Question: Is there documentation about how to generate the certs manually via openssl
07:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:16 < james_woods> got it
07:16 < james_woods> needed to remove flag ike intermediate but kept the --dn
07:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:37 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
07:42 -!- toli [~toli@ip-62-235-214-184.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
08:00 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
08:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
08:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:09 -!- AMERICA__ [~AMERICAN_@64.31.33.7] has joined #openvpn
08:11 -!- AMERICAN_PSYCHO [~AMERICAN_@23.105.33.128] has quit [Ping timeout: 255 seconds]
08:13 -!- AMERICA__ [~AMERICAN_@64.31.33.7] has quit [Max SendQ exceeded]
08:13 -!- AMERICAN_PSYCHO [~AMERICAN_@64.31.33.7] has joined #openvpn
08:22 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 260 seconds]
08:25 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
08:57 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
08:59 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:47 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
09:50 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
10:12 -!- AMERICAN_PSYCHO [~AMERICAN_@64.31.33.7] has quit [Ping timeout: 255 seconds]
10:12 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
10:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:19 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:38 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:41 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
10:41 < ValdikSS> james_woods: Use this https://github.com/ValdikSS/easy-rsa-ipsec/tree/ipsec-without-nonRepudiation
10:41 <@vpnHelper> Title: ValdikSS/easy-rsa-ipsec at ipsec-without-nonRepudiation · GitHub (at github.com)
11:08 -!- biggi_mat [~biggi_mat@89.143.12.238] has quit [Quit: biggi_mat]
11:15 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
11:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:27 -!- mystica555 [~mystica55@2602:b8:609c:1b00:7e0d:747f:3cc:944b] has joined #openvpn
11:51 -!- toli [~toli@109.128.250.107] has joined #openvpn
12:02 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 244 seconds]
12:04 -!- zenmower [~zm@vitaslug.com] has left #openvpn ["Konversation terminated!"]
12:35 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
12:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:44 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
12:49 -!- pppingme is now known as Cruz4prez
12:53 -!- toli [~toli@109.128.250.107] has joined #openvpn
12:59 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has joined #openvpn
13:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Quit: Adious]
13:26 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 250 seconds]
13:29 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
13:35 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:41 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
13:47 -!- Elegant [~devil@104.206.222.224] has joined #openvpn
13:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:01 < Elegant> !welcome
14:01 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:01 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:02 < Elegant> !configs
14:02 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:05 < Elegant> !logs
14:05 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
14:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:08 -!- Elegant [~devil@104.206.222.224] has quit [Quit: Til7as Tizi MDMA]
14:12 < hydrajump> just saw this on twitter https://gist.github.com/rvrsh3ll/cc93a0e05e4f7145c9eb#file-openvpnscraper-sh
14:12 <@vpnHelper> Title: openvpnScraper.sh · GitHub (at gist.github.com)
14:22 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
14:23 -!- bf_ [~bf_@xdsl-81-173-138-108.netcologne.de] has joined #openvpn
14:24 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:28 -!- mescalito [~mescalito@unaffiliated/mescal] has left #openvpn []
14:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:34 -!- bf_ [~bf_@xdsl-81-173-138-108.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
14:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:57 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
14:59 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has joined #openvpn
15:00 < Smither> Hey, So i'm setting up openvpn on my raspberry pi at home, and i think i have all the config files right, but i get this error when trying to connect http://pastebin.com/y4fCRZ9s I know that the port is open client side as i can telnet portquiz.net on the port i am using. and the port is forwarded to the pi at the other end. can any of you help or see anything i can check?
15:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
15:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:16 -!- phantomcircuit [~phantomci@strateman.ninja] has joined #openvpn
15:18 -!- hit_ [~hit@4.Red-88-0-155.dynamicIP.rima-tde.net] has joined #openvpn
15:21 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:29 -!- hit_ [~hit@4.Red-88-0-155.dynamicIP.rima-tde.net] has quit [Quit: WeeChat 1.0.1]
15:30 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has quit [Remote host closed the connection]
15:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:44 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has joined #openvpn
15:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:53 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.92 [Firefox 41.0.2/20151014143721]]
15:53 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has quit [Ping timeout: 265 seconds]
15:56 < Eugene> OpenVPN uses UDP by default
15:56 < Eugene> Make sure you've got the protocol matched between server & client & your port-forward
15:56 < Eugene> (UDP is recommended; telnet is TCP)
17:16 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 252 seconds]
17:17 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
17:17 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:17 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Quit: Leaving]
17:19 -!- Jaglor [~user@ip70-171-249-227.tc.ph.cox.net] has joined #openvpn
17:31 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.3]
17:39 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
17:57 -!- zenmower [~zm@vitaslug.com] has joined #openvpn
18:01 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
18:10 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:14 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
18:15 -!- d1rkp1tt [~chatzilla@203.97.8.42] has joined #openvpn
18:16 < d1rkp1tt> Hi guys, just wondering if anyone has a good explanation of how to setup openvpn server inside your network. I am struggling a little, trying to setup a second internal openwrt instance and want to research if I am approaching the problem in the right way.. preventing double NAT etc
18:32 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 256 seconds]
18:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
18:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:41 -!- zenmower [~zm@vitaslug.com] has left #openvpn []
18:51 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 246 seconds]
18:54 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:04 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has joined #openvpn
19:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:22 < Jaglor> !welcome
19:22 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
19:22 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
19:34 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:42 -!- obbs [~obbs@unaffiliated/obbs] has quit [Ping timeout: 240 seconds]
19:43 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has quit [Ping timeout: 265 seconds]
19:43 -!- obbs [~obbs@unaffiliated/obbs] has joined #openvpn
19:44 -!- lykinsbd [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
19:46 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has quit [Quit: biggi_mat]
19:48 -!- splud [~sstraw@75-101-86-3.static.sonic.net] has quit [Quit: splud]
19:56 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has joined #openvpn
19:58 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has quit [Client Quit]
19:59 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
20:00 -!- lykinsbd [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has quit [Ping timeout: 260 seconds]
20:06 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has joined #openvpn
20:07 < Smither> I'm getting an error when i try start openvpn server on debian "Cannot load DH parameters from /etc/openvpn/dh2048.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line" I know it is complaining about the format of my .pem file. But what should this format be?
20:11 -!- liriel [~liriel@185.21.217.6] has quit [Quit: bye]
20:20 -!- somis [~somis@167.160.44.233] has quit [Quit: Leaving]
20:25 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has joined #openvpn
20:26 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
20:41 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
20:44 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
21:13 -!- coffeeguy [~coffeeguy@gateway/vpn/privateinternetaccess/coffeeguy] has joined #openvpn
21:36 -!- d1rkp1tt [~chatzilla@203.97.8.42] has quit [Ping timeout: 244 seconds]
21:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
22:06 -!- bruxC [~bruxC@c-24-61-126-197.hsd1.nh.comcast.net] has quit [Quit: Leaving]
22:14 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
22:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
22:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
22:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
23:05 -!- roentgen_ [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
23:06 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:06 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has quit [Quit: No Ping reply in 180 seconds.]
23:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:10 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
23:11 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
23:12 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
23:14 -!- ShadniX [dagger@p5DDFC691.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:15 -!- ShadniX [dagger@p5DDFC418.dip0.t-ipconnect.de] has joined #openvpn
23:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
23:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:42 -!- coffeeguy [~coffeeguy@gateway/vpn/privateinternetaccess/coffeeguy] has quit [Quit: Leaving]
23:45 -!- RepThis1 [~alex@50-82-163-84.client.mchsi.com] has joined #openvpn
23:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
23:47 < RepThis1> Hey guys, im trying to configure openvpn via linux commandline and was wonder whats the problem. Output here is http://paste.ubuntu.com/12883499/ . After i get to the last line the machine just seems to freeze which then requires me to powercycle the vps.
23:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
23:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
--- Day changed Wed Oct 21 2015
00:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:05 -!- arlen [~arlen@jarvis.arlen.io] has left #openvpn ["exit"]
00:07 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
00:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:11 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
00:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:32 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 260 seconds]
00:57 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has joined #openvpn
01:02 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:13 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has quit [Quit: biggi_mat]
01:13 -!- RepThis1 [~alex@50-82-163-84.client.mchsi.com] has quit [Ping timeout: 240 seconds]
01:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:16 -!- mode/#openvpn [+o mattock1] by ChanServ
01:47 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
01:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:50 -!- mode/#openvpn [+o mattock1] by ChanServ
01:59 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
02:24 -!- biggi_mat [~biggi_mat@89.143.12.238] has joined #openvpn
02:32 -!- dazo_afk is now known as dazo
02:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:36 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 240 seconds]
03:46 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
03:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:59 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:20 -!- AjaniMember [~Ajani@107.170.118.82] has quit [Quit: pack her up, boys ;)]
04:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:48 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
04:50 -!- dazo is now known as dazo_afk
04:56 -!- Xat` [~Xat`@51.178.149.77.rev.sfr.net] has joined #openvpn
04:56 < Xat`> hi guys
04:56 < Xat`> I'm able to connect via my VPN, I get the IP on tap0, but I'm not able to ping local servers
04:57 < Xat`> Host unreachable
04:57 -!- ismail [ismail@kde/ismail] has left #openvpn []
04:57 < Xat`> In openvpn.log I'm able to see TCPv4_SERVER READ and TCPv4_SERVER WRITE
05:09 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
05:24 -!- spektrum_ [~ydixken@unaffiliated/spektrum/x-4869384] has joined #openvpn
05:24 < spektrum_> !welcome
05:24 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
05:24 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
05:24 < spektrum_> !route
05:25 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
05:25 <@vpnHelper> client
05:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:34 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:10 -!- waynr [~waynr@unaffiliated/waynr] has joined #openvpn
06:13 < subzero79> !openwrt
06:13 <@vpnHelper> "openwrt" is In OpenWRT, the easiest way to supply configs with the stock init is to use the `option config /path/to/your/openvpn.conf` in your UCI stanza. This allows you to maintain a standard config file that OpenWRT can launch for you.
06:25 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:35 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has joined #openvpn
06:35 -!- Aww is now known as [[[]]]
06:36 -!- [[[]]] is now known as Aww
06:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:10 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Remote host closed the connection]
07:18 -!- x5eb [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
07:29 < Xat`> go 8
07:29 < Xat`> oups
07:53 -!- x5eb is now known as _0x5eb_
08:07 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 268 seconds]
08:12 -!- leandrosansilva [~leandro@host-188-174-233-152.customer.m-online.net] has joined #openvpn
08:14 < leandrosansilva> Hello to all. Is there any way of running an ovpn server without creating tun/tap devices? I'm trying to run it in docker and my provider seems to forbid the use of linux capabilities (in this case CAP_NET_ADMIN), so running in a lower privilege level would be very useful for me
08:16 < BtbN> That doesn't make any sense. It would be entirely useless without a tunnel device.
08:18 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:20 < leandrosansilva> Ok, so no other alternative which does not require network privileges?
08:21 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
08:21 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Remote host closed the connection]
08:29 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
08:31 -!- dazo_afk is now known as dazo
08:41 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 250 seconds]
08:47 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:48 -!- subscope [~subscope@195.56.66.6] has quit [Max SendQ exceeded]
08:50 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac]
08:51 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
08:54 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
08:56 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
08:59 < spektrum_> connect irc.wavecon.de
08:59 -!- spektrum_ [~ydixken@unaffiliated/spektrum/x-4869384] has quit [Quit: bye!]
09:18 < DArqueBishop> leandrosansilva:
09:18 < DArqueBishop> !noroot
09:18 <@vpnHelper> "noroot" is "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions.
09:27 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
09:30 < leandrosansilva> thx DArqueBishop, I'll take a look at that. Sounds promising
09:48 -!- colo-work [~jt@78.142.138.4] has joined #openvpn
09:52 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:55 < colo-work> I'm trying to set up OpenVPN 2-factor-auth via its PAM plugin on Debian Jessie. for this, I'd like to use the PAM module from the libpam-oath package, and enable HOTP/TOTP-checking for _non-UNIX_-accounts. however, I can't get it to work, and worse, I can't make pam_oath.so show me useful debug info.
09:56 < colo-work> does anyone of you have a setup like this working?
09:56 < colo-work> the pam service name I'm using maps to a config file with basically just "auth sufficient pam_oath.so usersfile=/etc/openvpn/users_oath window=50 digits=6" in it; the "usersfile" exists and lists tokens I can validate OK with oath-tool
09:58 <@plai> !otp
09:58 <@plai> (hm, no luck)
09:58 <@plai> I know that people are doing this, however I have no experience with OTP myself and only bad experience with debugging PAM
10:02 -!- mystica555 [~mystica55@2602:b8:609c:1b00:7e0d:747f:3cc:944b] has quit [Ping timeout: 246 seconds]
10:05 -!- biggi_mat [~biggi_mat@89.143.12.238] has quit [Quit: biggi_mat]
10:11 <@dazo> plai: shouldn't be too hard to write an auth-otp plugin though
10:12 <@plai> dazo: tell that colo-work :)
10:13 <@dazo> :)
10:14 <@dazo> plai: I've done some really simple totp stuff in python, which works very nicely ... so could at least get it working with --auth-user-pass-verify ... moving to a C plugin just requires a fairly reasonable totp library
10:15 <@plai> dazo: yeah, I looked at the wikipedia of totp, it seemed really simple to implement
10:26 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:29 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has joined #openvpn
10:45 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
10:46 -!- somis [~somis@167.160.44.211] has joined #openvpn
10:47 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Ping timeout: 272 seconds]
10:47 -!- x5eb is now known as _0x5eb_
10:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:54 < colo-work> plai, dazo - I finally got it to work.
10:55 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
10:55 -!- liriel [~liriel@185.21.217.6] has quit [Quit: bye]
10:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:57 < colo-work> one of the problems is that pam_oath.so apparently prints debug output to nowhere when invoked by OpenVPN's openvpn-plugin-auth-pam.so. I reconfigured the `su` pam service to use it, and was finally able to see what the module did.
10:58 < colo-work> which made it apparent that there's an undocumented limit in terms of shared secret length for the PAM library alone; the oath CLI tools don't complain if you exceed it
10:58 < colo-work> and my secret was a wee few bytes too long for the PAM .so to work with
10:58 < colo-work> 2 hours of my life wasted
11:07 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
11:34 -!- mystica555 [~mystica55@2602:47:da1b:b800:54e9:efe2:2210:7bbb] has joined #openvpn
11:38 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:50 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
11:52 -!- Envil [~envil@x4db4ac2f.dyn.telefonica.de] has joined #openvpn
11:53 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has quit [Quit: biggi_mat]
12:03 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
12:09 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
12:19 -!- ntio [~ntio@unaffiliated/ntio] has quit [Read error: Connection reset by peer]
12:26 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 240 seconds]
12:30 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 240 seconds]
12:31 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:31 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 240 seconds]
12:32 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
12:33 -!- s7r_ [~s7r@openvpn/user/s7r] has joined #openvpn
12:33 -!- mode/#openvpn [+v s7r_] by ChanServ
12:33 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
12:33 -!- Envil [~envil@x4db4ac2f.dyn.telefonica.de] has quit [Read error: Connection reset by peer]
12:33 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
12:33 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 240 seconds]
12:34 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
12:34 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
12:35 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
12:40 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 244 seconds]
12:42 -!- SuzieQueue [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
12:44 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
12:44 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
12:46 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 250 seconds]
12:53 -!- toli [~toli@109.128.250.107] has joined #openvpn
12:56 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has joined #openvpn
12:59 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 246 seconds]
13:04 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:06 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 240 seconds]
13:11 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:13 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
13:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:36 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 240 seconds]
13:37 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:46 -!- Pilovali [~Jarno@dietpi.com] has joined #openvpn
14:04 -!- plexigras_ [~plexigras@46.166.190.183] has joined #openvpn
14:15 < plexigras_> hey guys i route the dns request though the vpn but it makes auto restarting imposible how can i fix this
14:27 -!- Pilovali [~Jarno@dietpi.com] has quit [Quit: Leaving]
14:45 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 264 seconds]
14:46 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:48 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has joined #openvpn
14:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:52 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 244 seconds]
14:52 -!- atralheaven_ [~atralheav@5.122.224.135] has joined #openvpn
14:54 < atralheaven_> Hello, I need someone outside of china, to test my openvpn connection. I can't connect to it I want to know if is it because of country firewalling
14:56 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
14:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:57 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has quit [Remote host closed the connection]
14:57 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
14:59 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
15:00 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
15:04 -!- dazo is now known as dazo_afk
15:11 -!- troyt_ [~troyt@2601:681:4601:cb11:44dd:acff:fe85:9c8e] has quit [Ping timeout: 240 seconds]
15:25 -!- FierceDeityLink [~shayne@c-73-161-233-107.hsd1.mi.comcast.net] has joined #openvpn
15:44 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:46 -!- SuzieQueue [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Quit: Swoosh...]
15:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:53 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
16:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
16:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:05 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has quit [Remote host closed the connection]
16:09 -!- atralheaven_ [~atralheav@5.122.224.135] has quit [Ping timeout: 252 seconds]
16:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
16:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:36 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has quit [Quit: mirco]
17:08 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:09 -!- plexigras_ [~plexigras@46.166.190.183] has quit [Quit: Leaving]
17:14 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
17:23 -!- toli [~toli@109.128.250.107] has joined #openvpn
17:25 -!- adamjt [~adamjt@unaffiliated/adamjt] has joined #openvpn
17:26 -!- adamjt [~adamjt@unaffiliated/adamjt] has quit [Client Quit]
17:26 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:42 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:49 -!- biggi_mat [~biggi_mat@89-212-127-155.dynamic.t-2.net] has quit [Quit: biggi_mat]
18:06 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 250 seconds]
18:15 -!- lazypower [~lazypower@ubuntu/member/lazypower] has joined #openvpn
18:41 -!- s7r_ is now known as s7r
18:43 -!- Aww is now known as SpookyAww
18:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
18:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
19:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:12 -!- Denial- [~Denial@81.141.1.215] has joined #openvpn
19:16 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:17 -!- SpookyAww is now known as Aww
19:25 -!- ek [ek@freebsd/contributor/ek] has joined #openvpn
19:29 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
19:32 < ek> Is anyone aware of an issue with the OpenVPN client on Android (5.1)? I can connect and ping the LAN without issue, but I cannot browse the LAN via web browser. Same client config/ovpn/credentials work fine from any other OpenVPN client (Linux, Mac and Windows).
19:36 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 252 seconds]
19:36 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
19:48 -!- somis [~somis@167.160.44.211] has quit [Quit: Leaving]
19:53 < ek> Okay. So, it appears to be an IPv6 issue. If I disable IPv6 in my APN, it works fine. :/
19:55 < ek> Even more strange, it only appears to be certain protocols. SSH to/from the LAN works fine but HTTP does not.
19:55 < ek> Ping works.
19:55  * ek be's stumped
19:56 < Eugene> !beer
19:56 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
19:56 < Eugene> That does not sound like an openvpn problem
19:56 < Eugene> Oh, nope, I got it
19:56 < Eugene> Your DNS is set wrong
19:57 < Eugene> Or, your phone's HTTP client is not using your DNS settings
20:03 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
20:03 -!- nicksloan [~nicksloan@unaffiliated/iamethos] has joined #openvpn
20:05 -!- troyt [~troyt@2601:681:4601:cb11:44dd:acff:fe85:9c8e] has joined #openvpn
20:05 < ek> DNS is all correct. It resolves everything fine on the LAN.
20:06 < ek> And I see the HTTP requests on the server-side. It's all resolving correctly. Just doesn't get the proper syn-ack replies, it appears.
20:06 < ek> Very strange.
20:06 < ek> I'll just leave IPv6 disabled on my phone's APN. It works.
20:07 < ek> And, speaking of beer... :)
20:07 < nicksloan> We have a bunch of virtualbox virtual machines running on OS X OpenVPN clients. My question is, can OpenVPN route traffic to those virtual machines, through the OS X clients?
20:08 < ek> nicksloan: As long as the clients can connect to the server, yes.
20:09 < nicksloan> cool
20:09 < nicksloan> this is going to be neat
20:10 < ek> And if you need the VMs to talk to eachother via the VPN network, be sure client-to-client is enabled.
20:11 < nicksloan> gotcha
20:12 < nicksloan> I suspect it will mostly be host operating system to virtual machine, but it will be the same setup
20:13 < ek> Sweet.
20:13 < nicksloan> the virtual machines are development environments, and the hosts are developer workstations. The idea is that we can all see each other's work at any time (provided the team member is connected to the VPN)
20:14 < ek> Ah. I see.
20:14 < ek> That should work.
20:14 < ek> I have loads of VMs that use OpenVPN so I can access them from work, home, etc...
20:17 -!- abbe [having@badti.me] has joined #openvpn
21:30 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
21:47 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
21:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
21:50 -!- mode/#openvpn [+o mattock1] by ChanServ
22:43 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 246 seconds]
22:50 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
23:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
23:12 -!- ShadniX [dagger@p5DDFC418.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:14 -!- ShadniX [dagger@p5DDFC2F3.dip0.t-ipconnect.de] has joined #openvpn
23:16 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 255 seconds]
23:19 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
23:28 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
23:51 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
23:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Thu Oct 22 2015
00:06 -!- lindylex [~lex@c-68-82-58-227.hsd1.pa.comcast.net] has joined #openvpn
00:07 < lindylex> Hello all I am trying to get openvpn to listen on port 1194.  I think I got it all setup but I get nothing listening,
00:07 < lindylex> It is running on Debian 8
00:34 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
00:41 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: Textual IRC Client: www.textualapp.com]
00:44 -!- egrain [~melissa@p4FE17464.dip0.t-ipconnect.de] has joined #openvpn
00:44 < egrain> !welcome
00:44 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
00:44 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
00:45 < egrain> !route
00:45 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
00:45 <@vpnHelper> client
00:47 < egrain> !goal
00:47 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
00:48 < egrain> okay then. here goes:
00:49 < egrain> i have a secure connection between multiple computers. now does the speed of the connection depend on the speed of the server, or is the server just there to give them IPs and establish the connection?
00:53 < egrain> !poodle
00:53 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
00:53 < egrain> !hardening
00:53 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
01:08 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:15 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
01:15 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Client Quit]
01:19 -!- diytto [~diytto@de.diytto.com] has joined #openvpn
01:31 -!- troyt [~troyt@2601:681:4601:cb11:44dd:acff:fe85:9c8e] has quit [Ping timeout: 268 seconds]
01:36 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 244 seconds]
01:39 -!- linear [L@unaffiliated/linear] has quit [Ping timeout: 244 seconds]
01:39 -!- linear [~L@unaffiliated/linear] has joined #openvpn
01:39 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
01:41 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
01:41 < egrain>  i have a secure connection between multiple computers. now does the speed of the connection depend on the speed of the server, or is the server just there to give them IPs and establish the connection?
01:44 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
01:47 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
01:48 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:50 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 255 seconds]
02:01 -!- biggi_mat [~biggi_mat@89.143.12.238] has joined #openvpn
02:12 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
02:15 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:18 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
02:32 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:34 -!- ShotokanZH [~ShotokanZ@unaffiliated/shotokanzh] has joined #openvpn
02:38 -!- ShotokanZH [~ShotokanZ@unaffiliated/shotokanzh] has left #openvpn ["Leaving"]
02:51 -!- egrain [~melissa@p4FE17464.dip0.t-ipconnect.de] has quit [Quit: welcome to chili's]
03:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:20 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
03:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:36 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has joined #openvpn
03:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:38 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 255 seconds]
03:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:39 <@plai> ek: No, I am not aware of that issue.
03:39 <@plai> ek: if you are refering to OpenVPN for Android
03:50 -!- dazo_afk is now known as dazo
03:51 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:58 -!- lindylex [~lex@c-68-82-58-227.hsd1.pa.comcast.net] has quit [Quit: Leaving]
04:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:07 <@dazo> ek: Could it be that your web server have both IPv4 and IPv6 addresses in DNS?
04:11 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:19 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
04:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:31 -!- Xat` [~Xat`@51.178.149.77.rev.sfr.net] has quit [Ping timeout: 272 seconds]
04:39 < Smither> Hey I'm trying to set up an openvpn server on debian I have got help from #debian but no one could work it out, but I am having difficulties connecting from my PC. I can't see any obvious errors in the server log. The only packages that are being transmitted/recieved are from client to server and wire shark describes it as P_CONTROL_HARD_RESET_CLIENT_V2. and the openvpn client window stalls at this line "MANAGEMENT: >
04:39 < Smither> STATE:1445502971,WAIT,,,". Google suggests this may be because port 1194 is closed but netstat returns this "udp 0 0 0.0.0.0:1194 0.0.0.0:* 1604/openvpn". server.conf http://paste.debian.net/317401/
04:40 <@dazo> !logs
04:40 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
04:40 <@dazo> !configs
04:40 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
04:41 <@dazo> please read the part with 'grep'
04:49 < Smither> client.ovpn http://pastebin.com/wEZebX3Z                    /var/log/openvpn.log ... http://pastebin.com/gPwaSH7K
04:50 <@dazo> Smither: grep -vE '^#|^;|^$' $CONFIG_FILE
04:51  * dazo rejects reading modified sample config files
04:52 < Smither> dazo: config file http://paste.debian.net/317405/
04:53 <@dazo> and then the server side ... logs and cleaned up config files
04:53 <@dazo> (--verb 4 is more than enough at this stage)
04:53 <@dazo> Client connects fine ... Thu Oct 22 08:50:00 2015 us=420184 Initialization Sequence Completed
04:56 <@dazo> Smither: I'm confused ... did you send over server config and logs?  if so, then it's the client configs and logs which is needed
04:56 <@dazo> anyhow the logfile you pasted showed that openvpn initialized fine ... and it looks like a server log, though
04:58 < Smither> sorry dazo, yes that is a server log.    client log is http://pastebin.com/YE1WyMm1
04:58 <@dazo> okay, then the server did initialize just fine
04:58 <@dazo> I need --verb 4 client logs
04:58 <@dazo> and the client config file
04:59 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:00 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:00 < Smither> dazo how can i set verb level on windows client?
05:00 <@dazo> you add 'verb 4' to the client config
05:00 < Smither>  anywhere?
05:00 <@dazo> yeah
05:00 < Smither> k thanks
05:03 < Smither> dazo that doesn't give any more verbosity on the log
05:03 -!- Neal_ [neal@felix.ineal.me] has quit [Quit: brb system upgrade]
05:03 <@dazo> okay ... can you please provide the client config file then?
05:04 < Smither> log verb 6 slightly more http://pastebin.com/e8JEn4cP
05:04 < Smither> client config is the .ovpn yes?
05:06 <@dazo> yes
05:06 -!- dmilith is now known as dmilith2
05:06 < Smither> sorry dazo, i already had a verb set. corrected no gives this as log http://pastebin.com/pdhP223N
05:06 < Smither> %s/no/now
05:07 <@dazo> that looks like a verb 4+ log
05:07 <@dazo> I'd still like to see the config though
05:08 < Smither> client config http://pastebin.com/nzz1aZZ3
05:08 <@dazo> Smither: come on! without all the garbage please
05:08 < Smither> sorry, i'll remove comments
05:10 < Smither> dazo http://pastebin.com/eqEUFbhZ
05:11 -!- dmilith2 is now known as dmilith
05:11 <@dazo> Smither: well ... you are definitely missing --key, --cert and --ca in your client config
05:13 < Smither> i have <ca><ca in here></ca>
05:13 < Smither> <cert><certificate in here></cert>
05:13 < Smither> <key><key in here></key>
05:13 < Smither> in the config as well
05:14 <@dazo> okay ... that's important details as well
05:14 <@dazo> which windows client are you using?
05:15 < Smither> open VPN GUI V7
05:16 <@dazo> !?
05:16 <@dazo> where did you get that one?
05:16 <@dazo> (never heard of any V7 GUI)
05:18 < Smither> https://openvpn.net/index.php/download/community-downloads.html    installer 64-bit win vista or later
05:18 <@vpnHelper> Title: Community Downloads (at openvpn.net)
05:19 <@dazo> okay ... which windows version?
05:19 < Smither> win 7
05:20 -!- biggi_mat [~biggi_mat@89.143.12.238] has quit [Quit: biggi_mat]
05:20 <@dazo> okay ... and you start openvpn gui with admin privileges?
05:20 < Smither> yes
05:21 <@dazo> okay ... I believe there are some issues on the network you connect from then.  I am no windows user (haven't used it on my computers since ~2000), so I can't help debugging this much further
05:22 <@dazo> I did try to use you client config with some invalid keys/certs to see if I got a connection to you openvpn server, and it could establish a connection (which was rejected, due invalid key/cert)
05:23 < Smither> so the server is set up fine, it's my client that is wrong?
05:23 <@dazo> I did notice one warning though ... but that should appear in your client config once your client is capable to get a connection
05:23 < Smither> or should i say the client -> server
05:23 <@dazo> VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=GB, ST=WEST YORKS, L=LEEDS, O=HomePi, OU=MyOrganizationalUnit, CN=HomePi CA, name=callum-desktop, emailAddress=me@myhost.mydomai
05:24 <@dazo> except of that, it looked fine on a first glance
05:24 < Smither> how can i correct that manually in case that is what is causing problems?
05:25 <@dazo> Smither: you seem to be using a wrong certificate on the server .. looks like a client cert at first look ... or that you've put a client cert as a CA cert
05:25 <@dazo> hard to say without the proper certs on the client
05:26 < Smither> how can i check that?
05:26 <@dazo> anyhow, you need to figure out why your client does not connect to your server ... there I have no idea what could be wrong now ... once that is in place, you can start fixing the server side cert issues
05:26 < Smither> okay so that is not what is causing my problem
05:26 <@dazo> not at this stage
05:27 < Smither> ok thanks
05:28 <@dazo> from your last client log, line 311-313 tells that it tried to reconnect (HARD_RESET_CLIENT_V2) but in the end gave up (Closing socket) and exits (process exiting)
05:29 <@dazo> and since I could at least get an initial connection to your server ... it is most likely an issue from your client to your server
05:29 < Smither> it gave up when i told it to disconnect otherwise it just keeps retrying
05:29 < Smither> okay thanks dazo
05:30 <@dazo> ahh, right ... yeah, that's even more the default behavior
05:30 <@dazo> you're welcome!
05:30 <@dazo> I hope some other windows gurus in this channel can help you get further
05:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 250 seconds]
05:32 < Smither> so. testing the connecting to the my server. I can telnet to portquiz.net 1194 but not my server.dns 1194. can you dazo?
05:33 <@dazo> Smither: telnet uses TCP, your server is configured for UTP
05:33 <@dazo> UDP
05:33 <@dazo> so that won't work
05:33 <@dazo> I used openvpn to test your server connection
05:34 < Smither> ah fair doos. anyway i can tell if i can connect without using the client? so i can know if it is the client or connection
05:34 <@dazo> it is most likely something related to your clients connection to the Internet
05:37 < Smither> ok thanks for all your help dazo
05:40 < Smither> if i forward through a socks proxy it connects but then fails. so it goes further. but i *really*  don't want openvpn to my server through a socks proxy on the same server.
05:42 < Smither> okay looking at the log maybe not it gives this for the socks connection "recv_socks_reply: Socks proxy returned bad reply"
05:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:42 <@dazo> Smither: if it works via the proxy and then fails, that might be the certificate issue on the server side
05:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:51 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
06:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:04 < Smither> Does that not mean that it failed to go through the socks properly, not that the server returned an error?
06:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:15 -!- dmilith is now known as dmilith2
06:16 -!- dmilith2 is now known as dmilith
06:26 -!- biggi_mat [~biggi_mat@89.143.12.238] has joined #openvpn
06:28 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:48 -!- pk12 [~pk12@198.203.28.43] has joined #openvpn
06:51 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
06:53 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 240 seconds]
06:58 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:15 -!- u0m3 [~u0m3@92.80.97.104] has quit [Quit: Leaving]
07:23 -!- u0m3 [~u0m3@92.80.97.104] has joined #openvpn
07:28 -!- plai [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 256 seconds]
07:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:39 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
07:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
07:50 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Ping timeout: 256 seconds]
07:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:51 -!- mode/#openvpn [+o mattock1] by ChanServ
07:53 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
07:53 -!- mode/#openvpn [+o plaisthos] by ChanServ
07:56 -!- pk12 [~pk12@198.203.28.43] has quit [Quit: byezzzzzzzzzz]
07:59 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:02 -!- pk12 [~pk12@198.203.28.43] has joined #openvpn
08:07 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
08:07 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
08:09 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
08:09 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
08:10 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
08:11 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
08:26 -!- egrain [~melissa@p4FC857C6.dip0.t-ipconnect.de] has joined #openvpn
08:29 -!- pk12 [~pk12@198.203.28.43] has quit [Quit: byezzzzzzzzzz]
08:29 -!- somis [~somis@167.160.44.211] has joined #openvpn
08:47 -!- shiriru [~shiriru@95.43.212.84] has joined #openvpn
08:47 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
08:50 -!- madmattco [~quassel@znc.madboxes.cc] has quit [Ping timeout: 264 seconds]
08:51 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 268 seconds]
08:52 <@dazo> krzee: http://blog.cryptographyengineering.com/2015/10/a-riddle-wrapped-in-curve.html
08:52 <@vpnHelper> Title: A Few Thoughts on Cryptographic Engineering: A riddle wrapped in a curve (at blog.cryptographyengineering.com)
08:55 -!- madmattco [~quassel@znc.madboxes.cc] has joined #openvpn
09:05 -!- dmilith is now known as dmilith2
09:07 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
09:07 < R\w\C> hey guys, i am trying to setup openvpn on a chromebook
09:07 < R\w\C> I need to fill in “Auth”: “<auth>”,
09:08 < R\w\C> this is the certificate i generated: sha256WithRSAEncryption
09:08 < R\w\C> do i put in "Auth": "sha256" ?
09:11 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
09:13 -!- dmilith2 is now known as dmilith
09:17 < egrain> does the speed of the openvpn depend on the server or the clients? let's say I have a quake server running on client1 and connect to it via client2. does it matter how fast the openvpn server is for the game to run smooth?
09:23 -!- mete [~mete@91.247.253.160] has quit [Read error: Connection reset by peer]
09:25 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
09:25 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
09:33 -!- biggi_mat [~biggi_mat@89.143.12.238] has quit [Remote host closed the connection]
09:45 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:46 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
09:52 < nicksloan> when I do sudo service openvpn start, it appears to start, but exits almost immediately. when I run openvpn --config /etc/openvpn/server.conf, it works fine. Any ideas? I'm on Debian Jessie
09:57 -!- shiriru [~shiriru@95.43.212.84] has quit [Quit: Leaving]
09:58 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:04 -!- blu_ [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
10:05 -!- funnel_ [~funnel@unaffiliated/espiral] has joined #openvpn
10:06 -!- plai [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
10:06 -!- mode/#openvpn [+o plai] by ChanServ
10:06 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 252 seconds]
10:07 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
10:07 -!- n-st_ [~n-st@unaffiliated/n-st] has joined #openvpn
10:08 -!- fling_ [~fling@fsf/member/fling] has joined #openvpn
10:08 -!- mgorbach_ [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
10:08 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
10:08 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
10:09 -!- Tenhi_0 [~tenhi@178.18.241.180] has joined #openvpn
10:10 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
10:10 -!- Netsplit *.net <-> *.split quits: _0x5eb_, jzaw, mparisi, subzero79, @krzee, somis, Haseo, MacGyver, @plaisthos, dyce,  (+18 more, use /NETSPLIT to show all of them)
10:10 -!- Olipro_ is now known as Olipro
10:10 -!- n-st_ is now known as n-st
10:10 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
10:10 -!- funnel_ is now known as funnel
10:10 -!- mgorbach_ is now known as mgorbach
10:10 -!- x5eb is now known as _0x5eb_
10:11 -!- Netsplit over, joins: deviantintegral
10:11 -!- Netsplit over, joins: whfsdude
10:13 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
10:15 -!- somis [~somis@167.160.44.211] has joined #openvpn
10:16 -!- Guest53611 [~pythonsna@fedora/pythonsnake] has joined #openvpn
10:21 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
10:24 -!- Tenhi_0 is now known as Tenhi_
10:25 -!- blu_ [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
10:25 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Quit: WeeChat 1.3]
10:27 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:28 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
10:34 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 260 seconds]
10:35 -!- somis [~somis@167.160.44.211] has quit [Quit: Leaving]
10:37 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
10:37 -!- fling_ is now known as fling
10:47 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has joined #openvpn
10:47 < egrain> does the speed of the openvpn depend on the server or the clients? let's say I have a quake server running on client1 and connect to it via client2. does it matter how fast the openvpn server is for the game to run smooth?
10:47 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
10:51 -!- abra0 is now known as ABRA0
10:57 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
11:02 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
11:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:24 < Smither> Hey, I am having problems with my openvpn client. It is the official windows openvpn client. But i can't connect to my openvpn server running at home. When i was getting help earlier today the guy who was helping me could connect to my server but as he made up the kry and stuff it wouldn't authenticate. but i can't even connect. can any windows openvpn client experts   give me a few hints on what might be going wrong?
11:24 < Smither> client config(actual has ca and key and config appended) http://pastebin.com/eqEUFbhZ        client log is http://pastebin.com/pdhP223N
11:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:29 < DArqueBishop> Smither, it's very possible that there's a firewall at your location that's blocking OpenVPN traffic.
11:29 < Smither> i can telnet out on port 1194 and 993 and 443 and that is all the ports that openvpn mention
11:30 < DArqueBishop> Telnet is a TCP protocol. Your client config indicates you're connecting via UDP.
11:30 < Smither> and my server does recieve some messages from the client just doesn't connect properly
11:32 < Smither> so they might have only blocked udp?
11:33 < DArqueBishop> It might help to see your server logs and config, then.
11:35 < Smither>  /var/log/openvpn.log ... http://pastebin.com/gPwaSH7K                     server  config file http://paste.debian.net/317405/
11:35 < Smither> I'll try swapping to port 443 see if they have blocked udp but not tcp
11:40 < DArqueBishop> I might be wrong, but I don't see anything on that server log that denotes a connection attempt.
11:51 -!- loganaden [~logan@ns1.qubic.net] has joined #openvpn
11:51 < loganaden> hoi
11:51 < loganaden> i have a tiny diff
11:51 < loganaden> recommend to create a 2048 dh pem file instead of 1024
11:51 < loganaden> http://elandsys.com/~logan/ovpn.diff
11:55 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
11:58 < Smither> DArqueBishop: so i ran a new connection on TCP, port 443 and this is my server log http://pastebin.com/K1NuMvZv
11:58 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:03 < Smither> and i know tcp 443 works as someone in the same uni block as me has his vpn working on tcp 443.
12:04 -!- ABRA0 is now known as abra0
12:05 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
12:21 -!- egrain [~melissa@p4FC857C6.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
12:57 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
12:57 -!- u0m3 [~u0m3@92.80.97.104] has quit [Quit: Leaving]
13:06 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:10 -!- u0m3 [~u0m3@92.80.97.104] has joined #openvpn
13:15 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has quit [Ping timeout: 260 seconds]
13:16 -!- Zzyzx_ is now known as Zzyzx
13:30 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
13:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:39 -!- toli [~toli@109.128.250.107] has joined #openvpn
13:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:04 -!- somis [~somis@167.160.44.211] has joined #openvpn
14:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:20 -!- KNERD [~KNERD@netservisity.com] has joined #openvpn
14:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:20 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
15:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:44 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
15:46 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
15:49 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 250 seconds]
15:59 -!- cyberspace- [20253@ninthfloor.org] has quit [Read error: Connection reset by peer]
16:18 -!- dazo is now known as dazo_afk
16:18 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
16:21 -!- somis [~somis@167.160.44.211] has quit [Quit: Leaving]
16:22 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
16:22 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
16:26 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
16:29 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 260 seconds]
16:32 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:43 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has joined #openvpn
16:45 -!- mete [~mete@91.247.253.160] has joined #openvpn
16:47 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:52 -!- omfgtora [~omfgtora@unaffiliated/omfgtora] has joined #openvpn
16:53 < omfgtora> !welcome
16:53 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:53 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:53 < omfgtora> !howto
16:53 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
16:57 < omfgtora> is there a simple explanation somewhere on how to create an ovpn file for a new user? i thought i could just reuse one and replace the username in it.
17:00 < omfgtora> all i needed was to create a new user
17:02 -!- somis [~somis@167.160.44.201] has joined #openvpn
17:03 < omfgtora> when i tried to RTFM i just got confused, lost, and frustrated
17:04 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has joined #openvpn
17:05 < lindylex> Hello all.  I can log into my Debian OpenVPN server but I can not see the other computer on the LAN where the server is located.
17:08 < subzero79> lindylex: you proably missing a MASQUERADE iptables rule in the server
17:09 < lindylex> I did run the following.
17:10 < subzero79> and forwarding enabled of course
17:10 < lindylex> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
17:10 < lindylex> Oh you mean on the router?
17:10 < subzero79> no, in the debian server where the ovpn server is hosted
17:10 < lindylex> Is that what I need iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
17:11 < lindylex> Yes
17:11 < subzero79> that's the rule, is eth1? not eth0?
17:11 < lindylex> What do I need to do on the server?
17:11 < lindylex> Yes it is eth1.
17:11 < lindylex> I did it for both.
17:12 < lindylex> I did this for both iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
17:12 < lindylex> eth1 and eth0
17:13 < subzero79> are eth1 and eth0 two separate lan subnets?
17:15 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:15 < lindylex> subzero79: http://pastebin.com/Jkv9cyvE  of ifconfig
17:16 < lindylex> Use this instead http://pastebin.com/CDiUwBbZ
17:16 -!- omfgtora [~omfgtora@unaffiliated/omfgtora] has left #openvpn ["Leaving"]
17:16 < lindylex> ifconfig -a
17:16 < subzero79> ah ok so eth0 is not connected
17:17 < lindylex> yes
17:17 < lindylex> correct
17:17 < subzero79> should be fine then,
17:17 < subzero79> the route 192.168 is being pushed to the clients also?
17:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
17:18 < subzero79> it should be in the ovpn server config
17:18 < lindylex> YOu mean the clients being assigned 192.168.X.X. as an ipaddress?
17:18 < subzero79> no
17:19 < subzero79> push route 192.168.1.0 255.255.255.0
17:19 < subzero79> in the server config
17:20 < lindylex> one sec let me check and post.
17:21 < lindylex> This is what I have http://pastebin.com/zK6xkMzt
17:21 < lindylex> I do not have that there.
17:22 < subzero79> add it...hopefully you'll reach the lan clients
17:23 < lindylex> Just add it to the file?  The other parts are ok?
17:23 < subzero79> they look fine to me
17:24 < lindylex> thanks let me reboot the vpn
17:29 < lindylex> I am connect and i do not see the other computers from the Windows Xp client
17:32 < subzero79> you won't "see" them
17:32 < subzero79> if by see you mean windows network section
17:32 < lindylex> yes
17:32 < subzero79> can you ping them?
17:32 < subzero79> by ip not by host
17:33 < subzero79> sorry not by host name
17:33 < lindylex> so no netbios working?
17:33 < subzero79> nope, you're using a routed setup
17:34 < lindylex> What must I change to get netbios working?
17:34 < subzero79> at least that's what the config you pasted here indicates
17:34 < subzero79> you need to change the whole server setup to bridge mode
17:35 < subzero79> tap adapter, unfortunatly i can't help you there since i never bother to do one
17:35 < lindylex> ok anny suggestions on a tutorial for this?
17:35 < lindylex> ok
17:36 < subzero79> but at least you're in a good road, are you  able to ping the LAN  client
17:36 < subzero79> ?
17:36 < lindylex> yes and thanks
17:36 < subzero79> !tap
17:36 <@vpnHelper> "tap" is (#1) "bridge" is (#1) http://openvpn.net/index.php/documentation/faq.html#bridge1, or (#2) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html, or (#3) Bridging looks like a good choice to people who don't know how to set up IP routing, but to learn routing is generally far better., or (#4) useful for windows sharing (without wins server) and LAN gaming,
17:36 <@vpnHelper> anything where the protocol uses MAC addresses instead of IP addresses. or (#2) For tun/tap and route/bridge comparing, see https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
17:37 < subzero79> I don't think you'll need the masquerade rule, so keep that in mind
17:37 < lindylex> ok
17:53 -!- voxadam [~adam@unaffiliated/voxadam] has joined #openvpn
17:54 < voxadam> Would this be an appproriate place to ask about easy-rsa?
17:55 < voxadam> I'm configuring OpenVPN on my router using the directions here: http://wiki.openwrt.org/doc/howto/openvpn-streamlined-server-setup
17:55 < voxadam> When build-ca asks me for a CN it says "your name or your server's hostname".
17:55 < voxadam> So, things don't exactly line up. Am I supposed to use my router's name or the name of my client?
17:57 < voxadam> Never mind. Someone in #openwrt cleared things up.
18:09 < Eugene> Your CA name should be something like "voxadam's CA"
18:10 < Eugene> The openssl prompt isn't very helpful in that regard
18:10 < voxadam> Eugene: Thanks.
18:10 < voxadam> Someone should file a bug report.
18:10 < voxadam> :)
18:10 < Eugene> openssl, bug report, hahahah
18:10 < Eugene> That's a good one
18:11 < voxadam> lol
18:38 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 240 seconds]
18:43 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has joined #openvpn
18:48 -!- MogDog [~mogdog@mog.dog] has quit [Quit: Server shutdown]
18:48 -!- voxadam [~adam@unaffiliated/voxadam] has quit [Read error: Connection reset by peer]
18:49 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
18:49 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
18:50 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:50 -!- voxadam [~adam@unaffiliated/voxadam] has joined #openvpn
18:57 -!- voxadam [~adam@unaffiliated/voxadam] has quit [Read error: Connection reset by peer]
18:58 -!- voxadam [~adam@unaffiliated/voxadam] has joined #openvpn
18:59 -!- MogDog [~mogdog@mog.dog] has quit [Quit: Server shutdown]
18:59 -!- Laika [~Laika@mog.dog] has joined #openvpn
19:00 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
19:04 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
19:04 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
19:04 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Quit: TTFNs!]
19:06 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
19:06 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
19:09 -!- MogDog [~mogdog@mog.dog] has quit [Quit: Server shutdown]
19:09 -!- Laika [~Laika@mog.dog] has quit [Quit: Server shutdown]
19:10 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
19:22 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
19:25 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit []
19:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
19:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:48 -!- mystica555_ [~mystica55@2602:47:da1b:b800:54e9:efe2:2210:7bbb] has joined #openvpn
19:49 -!- mystica555_ [~mystica55@2602:47:da1b:b800:54e9:efe2:2210:7bbb] has quit [Remote host closed the connection]
20:39 -!- pk12 [~pk12@198.203.28.43] has joined #openvpn
20:52 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
21:01 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
21:02 -!- toli [~toli@109.128.250.107] has joined #openvpn
21:02 -!- somis [~somis@167.160.44.201] has quit [Quit: Leaving]
23:07 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 272 seconds]
23:11 -!- ShadniX [dagger@p5DDFC2F3.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:12 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
23:13 -!- ShadniX [dagger@p5DDFC89F.dip0.t-ipconnect.de] has joined #openvpn
23:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
23:28 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
23:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
23:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
--- Day changed Fri Oct 23 2015
00:08 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
00:11 -!- doop [~doop@colostomy.club] has joined #openvpn
00:13 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has quit [Ping timeout: 244 seconds]
00:15 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 264 seconds]
00:23 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
01:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:12 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 244 seconds]
01:15 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
01:21 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
01:26 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:38 -!- roentgen [~none@unaffiliated/roentgen] has quit [Ping timeout: 252 seconds]
01:38 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
01:42 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Quit: Bye!]
01:43 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
01:44 -!- kubanc [~blaz@unaffiliated/kubanc] has joined #openvpn
01:46 < kubanc> Hello! I have a question. I havecreated openVPN in PFsense. I can ping IP number of computer on the network thet is accessible through openVPN but if i ping host name there is no result. I have enabled NetBIOS over TCP/IP in OpenVPN settings, set m-node type and nothing heppens...
01:47 -!- palexander [~Patrick@178.73.218.90] has joined #openvpn
01:48 < palexander> !welcome
01:48 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
01:48 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
01:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
01:49 < palexander> !route
01:49 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
01:49 <@vpnHelper> client
01:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:50 -!- mode/#openvpn [+o mattock1] by ChanServ
01:50 < palexander> !goal
01:50 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
02:02 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:02 < kubanc> I would like to access LAN behind the PFsense firewall. I have created openVPN in PFsense. I can connect and I can ping IP of computers in LAN behinf the pfsense. I can also access their shared folder if I type IP address of the computer. But If I ping computer host name I get no response.
02:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:31 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 250 seconds]
02:32 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
02:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:35 < kubanc> I have managet to solve it. I have added "DNS Default Domain" and IP of DNS server in the open VPN configuration inside PFsense and now it is working
02:43 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Quit: No Ping reply in 180 seconds.]
02:45 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
02:48 -!- thoht_ [~fox@bsd.cat] has joined #openvpn
02:49 < thoht_> hi; i got a TAP vpn between 2 box; and i d like to add vlan in addition. ex: tap0.10
02:49 < thoht_> i created the vlan interfaces and assigned ip to each node; but they can't ping each other.
02:50 < thoht_> does that mean it is not posible to use 802.1q over tapX interfaces ?
02:57 -!- FierceDeityLink [~shayne@c-73-161-233-107.hsd1.mi.comcast.net] has quit [Ping timeout: 256 seconds]
03:06 -!- kubanc [~blaz@unaffiliated/kubanc] has quit [Quit: Leaving]
03:09 -!- dazo_afk is now known as dazo
03:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:16 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
03:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:05 -!- somis [~somis@167.160.44.201] has joined #openvpn
04:06 -!- mystica555 [~mystica55@2602:47:da1b:b800:54e9:efe2:2210:7bbb] has quit [Ping timeout: 246 seconds]
04:20 -!- mystica555 [~mystica55@2602:b8:6081:2300:98a3:1175:3261:f2a1] has joined #openvpn
04:24 -!- palexander [~Patrick@178.73.218.90] has quit [Ping timeout: 265 seconds]
04:24 -!- KNERD [~KNERD@netservisity.com] has quit [Ping timeout: 265 seconds]
04:24 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 265 seconds]
04:25 -!- lazypower [~lazypower@ubuntu/member/lazypower] has quit [Ping timeout: 265 seconds]
04:25 -!- Aww [aww@12fcali.online] has quit [Ping timeout: 265 seconds]
04:25 -!- lazypower [~lazypower@ubuntu/member/lazypower] has joined #openvpn
04:26 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
04:27 -!- Aww [aww@12fcali.online] has joined #openvpn
04:58 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
04:59 -!- shio [shio@84.101.121.10] has joined #openvpn
05:04 -!- s7r_ [~s7r@openvpn/user/s7r] has joined #openvpn
05:04 -!- mode/#openvpn [+v s7r_] by ChanServ
05:04 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
05:06 -!- bpye [~quassel@unaffiliated/bpye] has joined #openvpn
05:06 -!- hive-mind [pranq@mail.bbis.us] has quit [Disconnected by services]
05:07 -!- patteh_ [~patteh@unaffiliated/patteh] has joined #openvpn
05:07 -!- Matir_ [~matir@ubuntu/member/matir] has joined #openvpn
05:07 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
05:07 -!- Vercas_ [~Vercas@unaffiliated/vercas] has joined #openvpn
05:11 -!- Netsplit *.net <-> *.split quits: grubles, manitu, @novaflash_away, sarlalian, bpye_, Matir, warehouse13, +s7r, iNs_, _KaszpiR_,  (+9 more, use /NETSPLIT to show all of them)
05:12 -!- Netsplit over, joins: deviantintegral
05:14 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
05:15 -!- iNs [~ins@85.17.164.26] has joined #openvpn
05:17 -!- Vercas_ is now known as Vercas
05:17 -!- Tinyyy [~textual@128.199.100.211] has joined #openvpn
05:18 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
05:18 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:18 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
05:19 -!- zamba [marius@flage.org] has joined #openvpn
05:19 -!- Tinyyy [~textual@128.199.100.211] has quit [Client Quit]
05:19 -!- ashka [~postmaste@pdpc/supporter/active/ashka] has joined #openvpn
05:20 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
05:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:06 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
06:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:10 -!- pk12 [~pk12@198.203.28.43] has quit [Quit: Textual IRC Client]
06:23 -!- MrWhiskers is now known as NetworkingPro
06:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
06:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:41 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:45 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 256 seconds]
06:56 -!- somis [~somis@167.160.44.201] has left #openvpn ["Leaving"]
07:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:48 -!- leandrosansilva [~leandro@host-188-174-233-152.customer.m-online.net] has joined #openvpn
07:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
07:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:50 -!- mode/#openvpn [+o mattock1] by ChanServ
08:06 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
08:52 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
09:02 -!- toli [~toli@109.128.250.107] has joined #openvpn
09:06 -!- imthenachoman [47bfd8c0@gateway/web/freenode/ip.71.191.216.192] has joined #openvpn
09:06 < imthenachoman> hey guys. anyway to get openvpn to autoconnect in ubuntu when a certain program connects to a certain URL?
09:23 -!- imthenachoman [47bfd8c0@gateway/web/freenode/ip.71.191.216.192] has quit [Ping timeout: 246 seconds]
09:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:58 -!- skyroveR- [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:58 -!- _FBi- [~B@Aircrack-NG/User] has quit [Ping timeout: 256 seconds]
09:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
09:59 -!- skyroveR- is now known as skyroveRR
10:00 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Quit: ZNC - http://znc.in]
10:01 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
10:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
10:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
10:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:05 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:06 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
10:06 -!- mode/#openvpn [+v RBecker] by ChanServ
10:25 < ek> dazo: Yeah. Strange issue. And, no, there are no IPv6 entries in DNS for my web server at the moment.
10:26 < ek> dazo: It's certainly related to the way the phone is handling IPv6, though. I don't think it's an OpenVPN issue at all.
10:27 <@dazo> ek: I'm sorry, but I honestly don't remember your issue at all now .... I've probably done a couple of 100 other things since last time
10:28 < ek> dazo: Understandable. It was a couple of days ago.
10:29 < ek> OpenVPN for Android is "iffy" when IPv6 is enabled on my phone's APN.
10:29 <@dazo> well, then plai is definitely one who could provide some clues ... being the "OpenVPN for Android" developer
10:30 < ek> Gotcha'.
10:30 < ek> Thanks!
10:48 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 255 seconds]
10:57 -!- lazypower [~lazypower@ubuntu/member/lazypower] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
11:08 -!- Denial- [~Denial@81.141.1.215] has quit [Ping timeout: 240 seconds]
11:08 -!- Denial [~Denial@81.141.3.59] has joined #openvpn
11:15 -!- ek [ek@freebsd/contributor/ek] has left #openvpn []
11:23 -!- lake_ [~lake_@209.58.131.168] has joined #openvpn
11:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
11:38 -!- lake_ [~lake_@209.58.131.168] has left #openvpn []
11:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:38 -!- roentgen [~none@unaffiliated/roentgen] has quit [Ping timeout: 240 seconds]
11:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:42 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
11:42 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has joined #openvpn
11:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Client Quit]
11:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Client Quit]
11:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:28 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
12:31 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:44 -!- barq [sid103986@gateway/web/irccloud.com/x-bgwfziuyorjeozms] has joined #openvpn
12:45 < barq> What client do you recommend for OS X?
12:45 -!- Vane- [6c045db2@gateway/web/freenode/ip.108.4.93.178] has joined #openvpn
12:49 -!- Vane- [6c045db2@gateway/web/freenode/ip.108.4.93.178] has quit [Client Quit]
12:50 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
13:00 < barq> How can I configure an openvpn certificate from the terminal?
13:07 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:20 < Jaglor> Is my problem stil likely firewall related if the VPN is up and working, but DNS is not using the VPN?  I think redirect-gateway is active, how can I look at the active configuration for it?
13:26 < DArqueBishop> barq:
13:26 < DArqueBishop> !mac
13:26 <@vpnHelper> "mac" is Use Tunnelblick for the Mac. (http://code.google.com/p/tunnelblick/)
13:26 < barq> I have tunnelblick, I get really slow and unreliable connections through it, though
13:26 < DArqueBishop> Jaglor:
13:26 < DArqueBishop> !pushdns
13:26 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN
13:26 <@vpnHelper> for Android and OpenVPN Connect will happily accept push dhcp-option
13:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:40 < Jaglor> DArqueBishop: thank you.  Which distros "don't" use resolv.conf?  I appear to be using all the right --dhcp-option settings, but I also have a /etc/resolv.conf, so that's likely the issue.
13:40 < Jaglor> debian based distro
13:40 < DArqueBishop> As far as I know, there are no distributions that don't use resolv.conf.
13:40  * DArqueBishop could be mistaken, however.
13:41 < Jaglor> yeah, I don't know of any, which makes that an odd distinction to make in the "pushdns" #4 statement.
13:43 < Jaglor> DArqueBishop: Anyway, I imagine I can sort it out from here.  Thank you for the push in the right direction!  :)
13:47 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
13:50 < DArqueBishop> Glad I could help. :-)
13:52 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Read error: Connection reset by peer]
13:57 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:15 -!- pppingme is now known as Cruz4prez
14:19 -!- somis [~somis@167.160.44.221] has joined #openvpn
15:22 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:34 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 250 seconds]
15:49 -!- somis [~somis@167.160.44.221] has quit [Quit: Leaving]
16:17 -!- DrManhattan [d8dde405@gateway/web/freenode/ip.216.221.228.5] has joined #openvpn
16:17 < DrManhattan> I am finding my downloads highly throttled on virtual machines
16:17 < DrManhattan> is there a solution or workaround for this? Maybe a root cause?
16:18 < DrManhattan> I tried a bridged connection - no love
16:18 < DrManhattan> I even tried different hypervisors but I encounter the same issue on them
16:24 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
16:34 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:36 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
16:40 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
16:49 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
17:16 -!- blackletter [~redfly@2601:704:0:3420:d0e:3f10:8f98:9f53] has joined #openvpn
17:17 < blackletter> Hello I am using the new easyrsa and cmd.exe won't execute init-pki can anyone help?
17:23 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:43 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
18:21 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:26 -!- snadge [~snadge@unaffiliated/snadge] has left #openvpn ["Leaving"]
18:38 -!- ShadniX [dagger@p5DDFC89F.dip0.t-ipconnect.de] has quit [Quit: Bye.]
18:40 -!- ShadniX [~ShadniX@p5DDFC89F.dip0.t-ipconnect.de] has joined #openvpn
18:51 -!- u0m3_ [~u0m3@89.120.204.99] has joined #openvpn
18:54 -!- f0cker [~f0cker@unaffiliated/f0cker] has joined #openvpn
18:54 -!- u0m3 [~u0m3@92.80.97.104] has quit [Ping timeout: 250 seconds]
18:58 -!- f0cker [~f0cker@unaffiliated/f0cker] has quit [Ping timeout: 240 seconds]
19:12 -!- DrManhattan [d8dde405@gateway/web/freenode/ip.216.221.228.5] has quit [Ping timeout: 246 seconds]
19:15 -!- dazo is now known as dazo_afk
19:27 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
19:32 -!- u0m3_ is now known as u0m3
19:32 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:37 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 252 seconds]
19:59 -!- blackletter [~redfly@2601:704:0:3420:d0e:3f10:8f98:9f53] has left #openvpn ["Leaving"]
20:04 -!- baetheus [~brandon@null.pub] has quit [Quit: Wherever I go, there I am.]
20:05 -!- baetheus [~brandon@null.pub] has joined #openvpn
20:16 -!- somis [~somis@167.160.44.222] has joined #openvpn
20:42 -!- somis [~somis@167.160.44.222] has quit [Quit: Leaving]
20:48 -!- Smither [~Smither@cpc65019-brad19-2-0-cust125.17-1.cable.virginm.net] has left #openvpn ["See you later"]
21:33 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
21:51 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
21:52 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
22:09 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Write error: Connection reset by peer]
22:13 -!- ghormoon [~ghormoon@ghorland.net] has quit [Quit: ZNC - http://znc.in]
22:17 -!- Aww [aww@12fcali.online] has quit [Ping timeout: 265 seconds]
22:21 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:23 -!- Aww [aww@12fcali.online] has joined #openvpn
22:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
22:25 -!- skyroveRR_ is now known as skyroveRR
22:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:30 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Ping timeout: 265 seconds]
22:41 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:03 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
23:10 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:11 -!- ShadniX [~ShadniX@p5DDFC89F.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:11 -!- ShadniX [dagger@p5DDFD875.dip0.t-ipconnect.de] has joined #openvpn
23:12 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [K-Lined]
23:12 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
23:21 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
23:27 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
23:32 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has joined #openvpn
23:51 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
23:57 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
23:57 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
--- Day changed Sat Oct 24 2015
00:17 -!- ShadniX [dagger@p5DDFD875.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:17 -!- ShadniX [dagger@p5DDFCA29.dip0.t-ipconnect.de] has joined #openvpn
00:21 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
00:31 -!- palexander [~Patrick@2a00:1a28:155a:f::1013] has joined #openvpn
00:33 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
00:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:40 -!- palexander [~Patrick@2a00:1a28:155a:f::1013] has left #openvpn ["Leaving"]
01:01 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
01:03 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 260 seconds]
01:05 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
01:24 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
01:34 -!- toli [~toli@109.128.250.107] has joined #openvpn
01:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:55 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
01:55 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:56 -!- MayurYa [~mayura@unaffiliated/mayurya] has left #openvpn []
02:07 -!- user123irc [~user@78-62-111-164.static.zebra.lt] has joined #openvpn
02:18 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
02:33 < user123irc> where to get or how to make that open vpn config file ?
02:38 -!- roentgen_ [~none@unaffiliated/roentgen] has joined #openvpn
02:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
02:41 -!- roentgen [~none@unaffiliated/roentgen] has quit [Ping timeout: 240 seconds]
02:41 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Client Quit]
02:41 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
02:43 -!- showaz [~showaz@unaffiliated/showaz] has quit []
02:46 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
03:03 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:03 -!- mode/#openvpn [+o mattock1] by ChanServ
03:07 -!- SuzieQueue [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
03:09 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 268 seconds]
03:10 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
03:11 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
03:19 -!- user123irc [~user@78-62-111-164.static.zebra.lt] has quit [Quit: Konversation terminated!]
03:21 -!- user123irc_ [4e3e6fa4@gateway/web/freenode/ip.78.62.111.164] has joined #openvpn
03:22 < user123irc_> create file failad on TAP device - all tap device are in use ?   what to do ?
03:28 -!- user123irc_ [4e3e6fa4@gateway/web/freenode/ip.78.62.111.164] has quit [Ping timeout: 246 seconds]
03:57 -!- roentgen_ is now known as roentgen
04:00 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
04:07 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Quit: ZNC - http://znc.in]
04:08 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
04:13 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 256 seconds]
04:13 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
04:17 -!- s7r_ is now known as s7r
04:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:34 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
04:42 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:54 -!- somis [~somis@167.160.44.222] has joined #openvpn
05:25 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:35 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
05:51 -!- user123irc [4e3e6fa4@gateway/web/freenode/ip.78.62.111.164] has joined #openvpn
05:54 < user123irc> vpn is connecting to network but cannot enter any website on browser
05:58 < user123irc> so what can be wrong ?
06:08 < user123irc> yow poeple ?
06:15 -!- Numline1 [~Numline1@ymir.sk] has joined #openvpn
06:15 -!- Numline1 [~Numline1@ymir.sk] has left #openvpn ["Leaving"]
06:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
06:21 -!- user123irc [4e3e6fa4@gateway/web/freenode/ip.78.62.111.164] has quit [Quit: Page closed]
06:25 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
06:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 268 seconds]
06:32 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
06:48 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
06:53 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
07:33 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:01 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
08:14 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bhbwlbmpgoqbjzdu] has joined #openvpn
08:44 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:54 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
08:59 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:04 -!- toli [~toli@109.128.250.107] has joined #openvpn
09:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
09:21 -!- CHDL [PIKA@gateway/shell/bnc4free/x-pmaeuuaguhlohxwc] has quit [Remote host closed the connection]
09:22 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 255 seconds]
09:32 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
09:37 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
09:49 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Read error: Connection reset by peer]
09:50 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
09:53 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Ping timeout: 260 seconds]
09:58 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
10:04 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Excess Flood]
10:04 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
10:05 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
10:09 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has joined #openvpn
10:27 -!- showaz [~showaz@unaffiliated/showaz] has quit []
10:37 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
10:42 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 255 seconds]
10:42 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
10:47 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
10:58 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 244 seconds]
11:00 -!- somis [~somis@167.160.44.222] has quit [Quit: Leaving]
11:06 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
11:13 -!- nullsign [~nullsign@tyrion.nullsign.com] has quit [Remote host closed the connection]
11:19 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
11:19 -!- Aww [aww@12fcali.online] has quit [Ping timeout: 265 seconds]
11:30 -!- Aww [aww@12fcali.online] has joined #openvpn
11:45 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:52 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
12:05 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
12:07 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Read error: Connection reset by peer]
12:08 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
12:10 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has joined #openvpn
12:19 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:06 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 260 seconds]
13:06 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:15 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
13:18 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
13:24 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
13:33 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bhbwlbmpgoqbjzdu] has quit [Quit: Connection closed for inactivity]
13:34 -!- toli [~toli@109.128.250.107] has joined #openvpn
13:49 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
13:52 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
14:20 -!- explody [~explody@c-24-21-138-99.hsd1.or.comcast.net] has joined #openvpn
14:23 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
14:23 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
14:25 -!- patsToms [~patsToms@radioa7.lv] has left #openvpn ["Leaving"]
14:32 -!- toli [~toli@109.128.250.107] has joined #openvpn
14:44 -!- somis [~somis@167.160.44.219] has joined #openvpn
14:45 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:53 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 244 seconds]
14:56 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
15:00 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
15:07 -!- toli [~toli@109.128.250.107] has quit [Ping timeout: 246 seconds]
15:11 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:24 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:33 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:50 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:58 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:03 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
16:13 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:30 -!- MogDog [~mogdog@mog.dog] has quit [Read error: Connection reset by peer]
16:30 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
16:35 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
16:38 -!- MogDog [~mogdog@mog.dog] has quit [Ping timeout: 265 seconds]
16:40 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
16:44 -!- Harekiet [~harekiet@095-097-219-018.static.chello.nl] has joined #openvpn
16:48 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
16:48 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
16:53 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
17:01 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
17:02 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
17:03 < mete> can anyone tell me, for what the log message "safe_cap=940" stands for? :)
17:06 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:07 -!- diesel [~diesel@216.151.16.197] has joined #openvpn
17:20 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Quit: Leaving]
17:26 -!- obbs [~obbs@unaffiliated/obbs] has quit [Remote host closed the connection]
17:36 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
17:37 < deetwelve> Hello, I recently installed and configured openvpn successfully. Upon being an idiot I installed firewalld which somehow broke my setup. After uninstalling and keeping just iptables. My openvpn installation doesn't work anymore. It will make a successful connection but I cant surf the web or anything. Any ideas?
17:47 -!- Denial [~Denial@81.141.3.59] has quit [Ping timeout: 264 seconds]
17:52 -!- DrakeDouay [~drake@ip-8-31-67-210.staticcust.wsteleport.net] has joined #openvpn
17:52 < DrakeDouay> Not sure where to post this question: Would it be feasible to set up a vpn service using a vps?
17:54 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:55 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has left #openvpn ["Parting"]
17:55 < Harekiet> DrakeDouay it's ussually possible but not all vps types provide the necessary kernel support
17:56 < DrakeDouay> Harekiet: What should I look for to determine if they do? Do you know any one that would work?
17:57 < Harekiet> DrakeDouay they have to provide the tun device support
17:58 < Harekiet> Although all the vps'es I have all seem to support it
17:58 -!- Denial [~Denial@81.141.3.59] has joined #openvpn
17:59 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:01 < DrakeDouay> Harekiet: Thanks
18:03 < Harekiet> DrakeDouay The fully virtualized ones where you can just run your own kernel should all support it but stuff like openvz where you're in your own little user container depends on the admin, but yeh all the cheapies I'm using seem to support it
18:08 -!- mystica555 [~mystica55@2602:b8:6081:2300:98a3:1175:3261:f2a1] has quit [Ping timeout: 246 seconds]
18:08 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Remote host closed the connection]
18:19 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
18:22 -!- mystica555 [~mystica55@2602:ae:1068:1200:4bbf:71bf:15b8:d949] has joined #openvpn
18:26 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit []
18:27 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
18:44 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:13 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
19:13 -!- Ultima [~Ultima@unaffiliated/ultima] has joined #openvpn
19:16 < Ultima> Hello, I have been using vpn for years and just a few days ago I discovered that it would no longer work using my verizon phone. (I use blue tooth teathering to my tablet). Is it known that verizon somehow blocks vpn's now?
19:19 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
19:20 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
19:22 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
19:22 -!- somis [~somis@167.160.44.219] has quit [Quit: Leaving]
19:26 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:55 -!- DrakeDouay [~drake@ip-8-31-67-210.staticcust.wsteleport.net] has quit [Quit: leaving]
19:56 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
19:56 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
20:08 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
20:17 -!- toli [~toli@109.128.250.107] has joined #openvpn
21:10 -!- mystica555 [~mystica55@2602:ae:1068:1200:4bbf:71bf:15b8:d949] has quit [Ping timeout: 246 seconds]
21:24 -!- mystica555 [~mystica55@2602:b8:608d:b700:97da:e6a5:b794:b2a7] has joined #openvpn
21:36 -!- Jaglor [~user@ip70-171-249-227.tc.ph.cox.net] has quit [Ping timeout: 246 seconds]
21:43 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
21:50 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Quit: “If we don't believe in freedom of expression for people we despise, we don't believe in it at all — Noam Chomsky”]
21:51 -!- toli [~toli@109.128.250.107] has joined #openvpn
21:52 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
21:53 -!- SuzieQueue [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 250 seconds]
21:57 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
22:04 -!- Xavier89 [Xavier89@unaffiliated/xavier89] has joined #openvpn
22:04 < Xavier89> Hi
22:36 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bjinvdpmqnimszod] has joined #openvpn
22:38 < Xavier89> Hi, help, please
22:42 -!- nicksloan [~nicksloan@unaffiliated/iamethos] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
22:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:46 -!- Aww is now known as SpookyAww
23:15 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
23:24 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 256 seconds]
23:24 -!- Xavier89 [Xavier89@unaffiliated/xavier89] has left #openvpn []
23:48 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 240 seconds]
23:48 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
23:49 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:50 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
23:50 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
23:51 -!- terr0r [~terr0r@cpe-172-91-90-150.socal.res.rr.com] has joined #openvpn
23:53 -!- zrilex [~george@cpe-70-113-177-16.stx.res.rr.com] has joined #openvpn
23:53 < zrilex> hello everyone
23:54 < zrilex> im having a problem, i have a vpn using openvpn , but when i try to use tcpdump -i tun0 there is no traffic when im connected to the server
--- Day changed Sun Oct 25 2015
00:13 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
00:15 -!- ShadniX [dagger@p5DDFCA29.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:15 -!- ShadniX_ [dagger@p5DDFF17C.dip0.t-ipconnect.de] has joined #openvpn
00:15 -!- ShadniX_ is now known as ShadniX
00:41 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: #freebsd]
00:41 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:43 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
00:44 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
00:53 -!- toli [~toli@109.128.250.107] has joined #openvpn
00:55 < zrilex> anyone here
00:57 < skyroveRR> zrilex: I am.
00:57 < zrilex> yo
00:57 < zrilex> im having a problem, i have a vpn using openvpn , but when i try to use tcpdump -i tun0 there is no traffic when im connected to the server
00:58 < skyroveRR> Read the topic.
00:59 < zrilex> !welcome
00:59 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
00:59 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
01:01 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:01 < zrilex> !howto
01:01 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
01:02 < zrilex> !configs
01:02 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
01:02 < zrilex> !interface
01:02 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4) For Linux:
01:02 <@vpnHelper> iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
01:02 < zrilex> !route
01:02 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
01:02 <@vpnHelper> client
01:03 < zrilex> !ask
01:03 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
01:03 < zrilex> exit
01:03 -!- zrilex [~george@cpe-70-113-177-16.stx.res.rr.com] has quit [Quit: leaving]
01:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:37 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:39 -!- terr0r [~terr0r@cpe-172-91-90-150.socal.res.rr.com] has quit [Ping timeout: 264 seconds]
02:21 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
02:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:31 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 256 seconds]
02:34 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:46 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Quit: I will be back later! :-)]
02:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:50 -!- mode/#openvpn [+o mattock1] by ChanServ
02:58 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 260 seconds]
03:00 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
03:02 -!- Harekiet [~harekiet@095-097-219-018.static.chello.nl] has quit [Read error: Connection reset by peer]
03:03 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
03:06 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
03:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:28 -!- severnaya [~severnaya@unaffiliated/severnaya] has joined #openvpn
03:29 < severnaya> when i use "openssl ca" with --out specified as a file, it creates the file I want but /also/ creates a certificate named in hex located in the cert dir specified by openssl.conf.  How do I suppress this duplicate cert so it only outputs to the place specified on the command line?
03:49 < severnaya> or maybe im misinterpreting the purpose of the .pems that go in $new_cert_dir and they are needed?
04:08 -!- Tinyyy [~textual@175.156.221.69] has joined #openvpn
04:16 -!- Tinyyy [~textual@175.156.221.69] has quit [Quit: Textual IRC Client: www.textualapp.com]
04:18 -!- Tinyyy [~textual@175.156.221.69] has joined #openvpn
04:22 -!- Tinyyy [~textual@175.156.221.69] has quit [Client Quit]
04:22 -!- Tinyyy [~textual@175.156.221.69] has joined #openvpn
04:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:23 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:24 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:24 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
04:24 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
04:25 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:29 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:30 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:35 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
04:36 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:41 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:46 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:47 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:52 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
04:52 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:57 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
04:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
05:02 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
05:03 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:08 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
05:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:17 -!- toli [~toli@109.128.250.107] has joined #openvpn
05:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:21 -!- severnaya [~severnaya@unaffiliated/severnaya] has quit [Quit: Leaving]
05:23 -!- jesopo [jess@lolnerd.net] has quit [Quit: et nos unum sumus]
05:25 -!- jesopo [jess@lolnerd.net] has joined #openvpn
05:29 -!- explody [~explody@c-24-21-138-99.hsd1.or.comcast.net] has quit [Ping timeout: 272 seconds]
05:31 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
05:40 -!- toli [~toli@109.128.250.107] has joined #openvpn
05:43 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
05:52 -!- toli [~toli@109.128.250.107] has joined #openvpn
05:59 -!- Tinyyy [~textual@175.156.221.69] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:05 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:23 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
06:33 < mete> can anyone tell me, for what the log message "safe_cap=940" stands for? :)
06:46 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:47 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
06:47 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:21 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
07:24 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
07:32 -!- toli [~toli@109.128.250.107] has joined #openvpn
07:34 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 256 seconds]
07:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:00 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
08:08 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
08:09 -!- toli [~toli@109.128.250.107] has joined #openvpn
08:17 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 255 seconds]
08:26 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
08:35 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
08:39 -!- somis [~somis@167.160.44.219] has joined #openvpn
08:41 -!- MayurYa [~mayura@unaffiliated/mayurya] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
08:43 -!- cmtptr [~corey@71.59.19.88] has joined #openvpn
08:44 < cmtptr> not sure if this is appropriate to ask here since it's not directly related to openvpn, but the easy_rsa guide I followed had me generating client keys on the server.  is this normally how it's done?  shouldn't my clients be generating their own keys and only sharing their public keys to the server?
09:06 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
09:08 -!- Wiki61 [~gerald@li341-41.members.linode.com] has joined #openvpn
09:12 < Wiki61> I am using openvpn-as and have bought some licenses. I have a couple users that have multiple devices. I am using pam and don't want to have to create users for each of their devices. I have looked into the duplicate-cn option but was wondering if there were any other options
09:13  * _FBi taps topic
09:14 < skyroveRR> _FBi: your warrant.
09:15 < skyroveRR> Show me your warrant, asshole.
09:15 < skyroveRR> :P
09:18 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
09:23 < Wiki61> haha _FBi that scrolls off the screen on irssi. Thanks
09:32 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
09:34 -!- Wiki61 [~gerald@li341-41.members.linode.com] has left #openvpn []
10:05 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
10:15 -!- toli [~toli@109.128.250.107] has joined #openvpn
10:24 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:25 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
10:32 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:32 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:33 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
10:35 -!- toli [~toli@109.128.250.107] has joined #openvpn
10:39 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
10:39 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:41 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
10:50 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
10:52 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
11:29 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
11:43 -!- shio [shio@84.101.121.10] has quit [Read error: Connection reset by peer]
11:48 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has joined #openvpn
12:05 -!- AlmogBaku [~AlmogBaku@bzq-218-152-116.cablep.bezeqint.net] has joined #openvpn
12:08 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:09 -!- AlmogBak_ [~AlmogBaku@37.26.149.211] has joined #openvpn
12:10 -!- AlmogBaku [~AlmogBaku@bzq-218-152-116.cablep.bezeqint.net] has quit [Ping timeout: 268 seconds]
12:11  * m3n3chm0 nasZ
12:16 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
12:17 -!- AlmogBak_ [~AlmogBaku@37.26.149.211] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:18 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
12:21 -!- AlmogBaku [~AlmogBaku@bzq-80-50-34.red.bezeqint.net] has joined #openvpn
12:26 -!- AlmogBak_ [~AlmogBaku@bzq-80-50-34.static.bezeqint.net] has joined #openvpn
12:27 -!- AlmogBaku [~AlmogBaku@bzq-80-50-34.red.bezeqint.net] has quit [Read error: Connection reset by peer]
12:38 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has joined #openvpn
12:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:42 -!- AlmogBak_ [~AlmogBaku@bzq-80-50-34.static.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:46 -!- AlmogBaku [~AlmogBaku@bzq-80-50-34.static.bezeqint.net] has joined #openvpn
12:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:50 -!- somis [~somis@167.160.44.219] has quit [Ping timeout: 260 seconds]
12:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:51 -!- somis [~somis@167.160.44.219] has joined #openvpn
12:53 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
12:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:59 -!- AlmogBaku [~AlmogBaku@bzq-80-50-34.static.bezeqint.net] has quit [Ping timeout: 255 seconds]
12:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:20 -!- lindylex [~lex@c-68-82-58-227.hsd1.pa.comcast.net] has joined #openvpn
13:27 -!- AlmogBaku [~AlmogBaku@37.26.149.235] has joined #openvpn
13:29 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
13:36 -!- AlmogBaku [~AlmogBaku@37.26.149.235] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:39 < lindylex> I am having problem with creating a bridge mode for open vpn.  I think it might be with iptables.  May someone help?
13:40 -!- _KaszpiR__ is now known as _KaszpiR_
13:54 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:14 < lindylex> I receiving the following error "...UDPv4: Network is unreachable (code=101)" in the /var/log/openvpn
14:34 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
14:43 -!- toli [~toli@109.128.250.107] has joined #openvpn
14:43 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
14:45 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
14:49 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
14:53 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
15:02 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
15:04 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:04 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:04 -!- abra0 [abra0@unaffiliated/abra0] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
15:07 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
15:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:09 -!- mode/#openvpn [+o mattock1] by ChanServ
15:12 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:17 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
15:18 -!- thoht_ [~fox@bsd.cat] has quit [Read error: Connection reset by peer]
15:22 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:23 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:27 -!- somis [~somis@167.160.44.219] has quit [Quit: Leaving]
15:32 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:34 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:43 < lindylex> I have been trying to get OpenVPN to work in bridge for three days with no success.  This is a link to various outputs.  http://pastebin.com/pzsexESb
15:45 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
15:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 268 seconds]
15:47 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:09 -!- lindylex [~lex@c-68-82-58-227.hsd1.pa.comcast.net] has quit [Quit: Leaving]
16:10 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Remote host closed the connection]
16:10 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
16:17 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
16:21 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
16:26 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:41 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
16:50 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:52 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
17:01 -!- toli [~toli@109.128.250.107] has joined #openvpn
17:04 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
17:11 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:16 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
17:21 -!- somis [~somis@167.160.44.199] has joined #openvpn
17:39 -!- Ultima [~Ultima@unaffiliated/ultima] has quit [Remote host closed the connection]
17:55 -!- oamador [~orlando@70.45.17.228] has joined #openvpn
17:58 < oamador> Q: Setup an openvpn tunnel from the office in the US to a Linux Server in Europe.  Can the linux server masquerade the connection of the office computers that use that tunnel?  The office computers will look line thay are the Linux Server in Europe.
18:22 < oamador> !welcome
18:22 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
18:22 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
18:23 < oamador> !redirect
18:23 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
18:23 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
18:53 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:38 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
19:41 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
20:09 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
20:28 -!- waynr [~waynr@unaffiliated/waynr] has left #openvpn ["WeeChat 1.0.1"]
21:25 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
21:26 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
21:41 -!- somis [~somis@167.160.44.199] has quit [Quit: Leaving]
21:52 -!- SuzieQueue [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
21:54 -!- O47m341 [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 256 seconds]
22:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
22:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:11 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
22:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:20 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 272 seconds]
23:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
23:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
--- Day changed Mon Oct 26 2015
00:15 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
00:15 -!- ShadniX [dagger@p5DDFF17C.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:15 -!- ShadniX_ [dagger@p5DDFC848.dip0.t-ipconnect.de] has joined #openvpn
00:15 -!- ShadniX_ is now known as ShadniX
00:18 -!- SuzieQueue [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 246 seconds]
00:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:27 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
00:37 -!- toli [~toli@109.128.250.107] has joined #openvpn
00:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:53 -!- wiz [~sid1@irc-gw.wiz.network] has joined #openvpn
00:58 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
01:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:06 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 250 seconds]
01:07 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
01:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:10 -!- mystica555 [~mystica55@2602:b8:608d:b700:97da:e6a5:b794:b2a7] has quit [Quit: Leaving]
01:12 -!- mystica555 [~mystica55@2602:b8:608d:b700:97da:e6a5:b794:b2a7] has joined #openvpn
01:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:18 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
01:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:20 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:27 -!- toli [~toli@109.128.250.107] has joined #openvpn
01:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:41 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
01:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:55 -!- mode/#openvpn [+o mattock1] by ChanServ
02:25 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
02:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:17 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
03:18 -!- AlmogBaku [~AlmogBaku@37.26.146.205] has joined #openvpn
03:24 -!- AlmogBaku [~AlmogBaku@37.26.146.205] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:35 -!- bitbit [~ermm@bzq-109-66-127-160.red.bezeqint.net] has joined #openvpn
03:39 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
03:39 -!- mode/#openvpn [+o krzee] by ChanServ
03:40 < bitbit> Hi, I'm trying to host a VPN for myself that will route through a proxy server that I'm running locally. I'm running "openvpn" from command line with the switch "--http-proxy localhost 50000", but says I need to add more parameters such as "--dev" and "--remote". When I add them it still doesn't work. Is there an example of a simple command like the one I need that I can use to start?
03:51 < bitbit> This is the cli commands and the error messages http://pastebin.com/raw.php?i=0e8ktjgQ
03:58 < Schrottfresse> You need a config, bitbit: https://openvpn.net/index.php/open-source/documentation/howto.html#config
03:58 <@vpnHelper> Title: HOWTO (at openvpn.net)
03:59 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Disconnected by services]
04:02 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
04:08 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Quit: WeeChat 1.3]
04:09 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
04:15 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:16 < leandrosansilva> Hello to all. I am working on building a highly scalable (10k+ simultaneous connections, but will increase exponentially on the next couple of years) vpn cluster and I will need some tips to check if this is even feasible. My first challange is that I already have some thousands (~3k) of clients working on a single server, so I cannot change their config files and add more "remote" entries, because they are often out
04:16 < leandrosansilva> of my control and most of them are behind firewalls which allow connection to only my current server in the current port. My plan is creating a load balancer which mimics the current service and behind this balancer have several ovpn servers (which can be added on demand). Most clients cannot talk to each other, but there is a class of clients (a small number, like 10) which are allowed to connect to all the other ones,
04:16 < leandrosansilva>  but those ones can connect to any other client. My archtecture currently is composed by a master openvpn node, where that special class of clients connect, and which also has the information of all clients, for routing, etc. and several slaves servers, where the thousand of normal clients connect. This project is quite experimental (but quite urgent as well :-() and I'd like to know the opinion if you, as I am not
04:16 < leandrosansilva> very into openvpn and my knowledge of networks is quite limited (I had classes, but am trying to remember it now :-)) or if there is a simpler and equally scallable or if my idea is just crazyness.
04:18 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
04:24 < ValdikSS> leandrosansilva: OpenVPN daemon has a limit of 200 concurrent connections.
04:25 < leandrosansilva> ValdikSS: cool, so I don't know how it's working currently, because I have thousand of clients connected simultaneously
04:25 < leandrosansilva> thousands*
04:25 < leandrosansilva> :-)
04:26 < ValdikSS> leandrosansilva: hrmm, I misinfirormed you then
04:27 -!- toli [~toli@109.128.250.107] has joined #openvpn
04:28 < leandrosansilva> it depends, perhaps openvpn always keep 200 and reconnect quite often. I'm currently using UDP, but will change to TCP on the clusterized one. Perhaps this limit does not exist on UDP, depending on the concept of connections
04:32 < leandrosansilva> Where can I obtain more information about this "200 connections" value?I cannot find anything in the manpage nor on the opvn docs
04:35 < ValdikSS> leandrosansilva: me too, but I remember somebody told about that
04:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:47 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:06 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:10 -!- Harekiet [~harekiet@095-097-219-018.static.chello.nl] has joined #openvpn
05:10 < bitbit> Schrottfresse: Thanks. How do I point to the config from the command line?
05:15 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:26 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:27 < Schrottfresse> bitbit: just use openvpn --config
05:43 -!- SpookyAww is now known as Aww
05:57 -!- hays_ [~quassel@unaffiliated/hays] has joined #openvpn
06:00 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
06:08 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:10 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
06:13 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:28 -!- seravitae [~lina@60-240-192-119.static.tpgi.com.au] has joined #openvpn
06:28 < seravitae> !welcome
06:28 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
06:28 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:28 < seravitae> !howto
06:28 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
06:28 < seravitae> !route
06:28 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
06:28 <@vpnHelper> client
06:31 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
06:51 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:52 < seravitae> Hi there, I am a little lost (I have no prior experience to OpenVPN except installing it + config files). My goal is to achieve remote access (NX, RDP/VNC, Teamviewer ideally) to a machine which is an openvpn client to an internet vpn provider. I need to remotely access the machine (security is not an issue) whilst every other program uses the VPN tunnel. Is this possible/how might I do this?
06:53 < seravitae> The machine has dual LAN ports so Im thinking maybe its possible to bind the NX/VNC/TV app to a seperate lan port that routes directly to the internet, whilst all other apps are bound to the other ethernet port which is routed through the VPN, but I have no idea how to feasibly achieve this.
06:54 < seravitae> Additionally my VPN provider does not support port forwarding.
06:58 < Harekiet> Won't teamviewer already provide remote accfess if that's connected to the teamviewer servers at the machine
06:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
07:05 < seravitae> I guess, I am not sure if teamviewer tunnels data thru its own servers or how it works specifically.
07:05 < seravitae> the other catch is, I need a linux based solution most likely, which might rule out teamviewer.
07:05 < seravitae> oh wait, they have linux teamviewer. sweet.
07:06 < seravitae> i might give that a go and see if it works.
07:06 < Harekiet> teamviewer sets up their own tunnel through their servers so yeh that should be fine
07:06 < seravitae> ah, cool.
07:06 < seravitae> i'll test it out.. oh fancy that i can test it out tomorrow as I have to go home, then go somewhere else, so i can test it externally.
07:13 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
07:34 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
07:34 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
07:37 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has quit [Ping timeout: 240 seconds]
07:43 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
07:46 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:58 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:15 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
08:19 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:27 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:27 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
08:32 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 246 seconds]
08:49 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:02 -!- AlmogBak_ [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:05 -!- patchie [~sdf@185.21.216.147] has joined #openvpn
09:05 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Ping timeout: 272 seconds]
09:05 -!- AlmogBak_ is now known as AlmogBaku
09:07 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:09 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
09:10 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:21 -!- somis [~somis@167.160.44.199] has joined #openvpn
09:30 -!- somis [~somis@167.160.44.199] has quit [Quit: Leaving]
09:45 -!- somis [~somis@167.160.44.219] has joined #openvpn
09:53 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 256 seconds]
09:53 -!- AlmogBak_ [~AlmogBaku@37.26.146.169] has joined #openvpn
09:55 -!- delikt [~delikt@chello084115004032.wrn.surfer.at] has joined #openvpn
09:55 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Ping timeout: 250 seconds]
09:55 -!- AlmogBak_ [~AlmogBaku@37.26.146.169] has quit [Read error: Connection reset by peer]
09:56 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:59 < delikt> hi guys - using: Mint 17 cinnamon - i get my vpn working and want it to autoconnect with system startup - i choose automated vpn connection in my wired connection settings. he try 3-4 times to connect if i restart the network but cant connect cause or missing vpn secrets... but if i choose manually the wired connection with a mousclick... he connect with my vpn and work? whats the problem here?
10:03 < NucWin> my guess qould be its trying to connect as a different user
10:03 < NucWin> would*
10:04 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:05 < delikt> hmm...
10:08 -!- jem^ [~jason@beastie.b0rken.org] has joined #openvpn
10:08 < jem^> !welcome
10:08 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
10:08 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:10 < jem^> Hello channel.  I'm trying to set up OpenVPN with certs issued by my private CA.  I've already had it working just fine with shared secrets and EasyCA generated certs, so there are no networking or firewall issues.
10:11 < jem^> My private CA has a root and an intermediate level, with all certs issued by the intermediate.  For some reason, cert verification is failing when I try to connect
10:11 -!- smolleyes [~smo80@unaffiliated/smolleyes] has joined #openvpn
10:11 < smolleyes> hi
10:12 < jem^> I've tried creating a ca-chain certificate file by concatenating the root and intermediate CA certs, and pointing the 'ca' config directive at this file, but no joy
10:12 < smolleyes> is it possible on ubuntu to receive vpn connexion on eth0 for exemple and share the internet received on eth1 ?
10:21 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
10:22 -!- delikt [~delikt@chello084115004032.wrn.surfer.at] has quit [Quit: Leaving]
10:30 < jem^> seems its failing on "Mon Oct 26 15:24:17 2015 VERIFY nsCertType ERROR: C=GB, O=xxxxx, CN=vpn.mydomain, require nsCertType=SERVER"
10:30 -!- smolleyes [~smo80@unaffiliated/smolleyes] has quit [Ping timeout: 255 seconds]
10:31 < jem^> the server cert has both TLS Web Client Authentication, TLS Web Server Authentication in its Extended Key Usage extension
10:36 < jem^> fixed it.  The client had 'ns-cert-type server' set, and this appears to require that the server cert is *only* a server cert, not and server+client cert.  Commenting it out allowed the connection to work.
10:36 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
10:45 < jem^> ah, it seems its relying on a deprecated x509 extension there
10:56 -!- seppi91 [86035e1c@gateway/web/freenode/ip.134.3.94.28] has joined #openvpn
11:00 < seppi91> Hi guys, I would like to ask if a resourceful person could give me some tips and hints how I can improve my speed on my openvpn server. The Server is located in the US (myself in germany) uses a gbit connection and I'm getting a Ping of 150ms. When using a non-tunneled connection I can exhaust all of my home network speed (130 down / 6 up). But when using the tunneled connection I can't exceed more than 40mbps. Processing power should
11:01 < seppi91> I'm using udp as protocol and already tried to disable encryption and compression algorithms.
11:03 < jem^> what does 'openssl speed' tell you about the throughput for your chosen algorithms?
11:05 < seppi91> http://pastebin.com/pzCs7zZd
11:06 < jem^> I can't tell you if those numbers are good.  You'll have to interpret them yourself.
11:09 < seppi91> If I'm right, it says my cpu (client) can offer 25-60MB/s of encrypted data depending on the blocksize
11:10 < seppi91> server gets around 60MB/s regardless the blocksize
11:10 < jem^> obviously its dependant on the server side as well
11:12 < seppi91> well, as already stated before I also evaluated transfer speed with disabled encryption, but there wasn't a great increase in speed.
11:12 < seppi91> So I assume the loss of bandwidth is not caused by the encryption itself.
11:14 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:18 < seppi91> just to give you all informations you need: this is my server's config http://pastebin.com/GxvzgQeM
11:28 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
11:31 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 240 seconds]
11:35 < seppi91> !welcome
11:35 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:35 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:36 < seppi91> !howto
11:36 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
11:46 -!- somis [~somis@167.160.44.219] has quit [Quit: Leaving]
11:47 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
12:03 -!- somis [~somis@167.160.44.195] has joined #openvpn
12:08 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
12:23 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:23 < jem^> !mitm
12:23 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
12:51 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
13:22 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
13:22 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
13:23 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
13:23 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
13:34 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:42 -!- AlmogBaku [~AlmogBaku@37.26.146.241] has joined #openvpn
13:51 < Eugene> !download
13:51 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
13:51 -!- AlmogBaku [~AlmogBaku@37.26.146.241] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:53 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:57 < lev__> in basic setup, with single adapter and DHCP I see no leaks in first place, but we do get reports that it sometimes happens
14:05 < Eugene> !win_shortcut
14:05 < Eugene> (this isn't for you; I'm just lazy)
14:05 < Eugene> !winshortcut
14:05 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0
14:23 -!- Gwoplock [~quassel@2602:306:838a:cbd0::40] has joined #openvpn
14:30 -!- janjust [~janjust@openvpn/community/support/janjust] has joined #openvpn
14:36 < mete> can anyone tell me, for what the log message "safe_cap=940" stands for? :)
14:47 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
14:56 -!- patchie [~sdf@185.21.216.147] has quit [Ping timeout: 240 seconds]
14:57 -!- methamp [mh@greyhat.pw] has joined #openvpn
14:58 < methamp> Are there still issues with OpenVPN Connect (iOS 9) not functioning properly? I'm on what I believe is the latest version and while the VPN looks like it's connected, no traffic is actually routed through it. Been flipping through forum threads all day.
14:59 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 240 seconds]
15:00 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
15:01 < methamp> My new VPN provider does not have their own client, and from what I'm reading OpenVPN has been "broken" on newer iOS versions for a while. :-/
15:13 < janjust> @mete: it's a bit strange that that log message is printed , as it's mostly debug info
15:14 < janjust> it tells you how many bytes are available for pushing options from server to client
15:14 < janjust> if a large number of routes is pushed then multiple push messages are needed - the safe_cap is the max number of bytes per message
15:15 < mete> methamp: I'm using ios 9 and I haven't had any problems
15:15 < mete> ok, thank you very much janjust for this info! :)
15:16 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
15:16 < janjust> mete: depends on the routes that are pushed by your provider
15:18 < mete> hm, I'm using multiple providers, no problem since today
15:18 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 256 seconds]
15:18 < janjust> ask your provider to do a "push redirect-gateway" with no parameters and watch routing go down the drain
15:19 < mete> with provider you mean the mobile network provider or the openvpn? :D
15:19 < janjust> alternatively you can add it to your .ovpn file (just add "redirect-gateway") and routing stops working, as far as I am told
15:19 < janjust> openvpn provider
15:19 < mete> ah, I'm my own provider
15:20 < mete> I'm using: push "redirect-gateway def1"
15:21 -!- liriel [~liriel@185.21.217.6] has quit [Max SendQ exceeded]
15:21 < janjust> that should work - remove the "def1" and watch routing stop
15:22 < mete> I didn't want to test it :P
15:22 < Eugene> It routes just fine, but you need policy routing to make it work
15:22 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
15:23 < janjust> iOS 9 can do policy routing?
15:24 < Eugene> The kernel probably can
15:25 < Eugene> I wouldn't know where to begin on getting the userspace tools compiled
15:46 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Quit: Leaving]
15:55 -!- somis [~somis@167.160.44.195] has quit [Quit: Leaving]
15:57 -!- lordvadr [~lordvadr@jose-tc.ctc.biz] has joined #openvpn
16:06 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:07 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
16:10 -!- somis [~somis@167.160.44.206] has joined #openvpn
16:11 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:18 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
16:27 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:30 -!- methamp [mh@greyhat.pw] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
16:36 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:36 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
16:43 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:49 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
16:58 -!- MaximumOfEnter [~AndChat11@ppp95-165-172-113.pppoe.spdop.ru] has joined #openvpn
16:58 < MaximumOfEnter> Hello
16:58 < MaximumOfEnter> I am going to make a vpn
16:59 < MaximumOfEnter> Is it possible for it to be a proxy for web and a p2p to play games with friends?
17:01 < MaximumOfEnter> /
17:01 < MaximumOfEnter> /
17:05 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:06 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
17:06 < bitbit> Schrottfresse: Hi sorry just got back home now. I tried "openvpn --config" and it says "Options error: Unrecognized option ...
17:06 < bitbit> "
17:07 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
17:08 < bitbit> Schrottfresse: OK, I figured it out
17:09 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 240 seconds]
17:10 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
17:12 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
17:12 -!- bitbit [~ermm@bzq-109-66-127-160.red.bezeqint.net] has quit []
17:13 -!- Gwoplock [~quassel@2602:306:838a:cbd0::40] has quit [Ping timeout: 246 seconds]
17:18 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
17:19 -!- seppi91 [86035e1c@gateway/web/freenode/ip.134.3.94.28] has quit [Ping timeout: 246 seconds]
17:24 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:32 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
17:37 -!- seppi91 [86035e1c@gateway/web/freenode/ip.134.3.94.28] has joined #openvpn
17:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:41 < seppi91> Hi guys could someone help me debugging my vpn tunnel. I just cant get more than 30mbit/s out of it. Without OpenVPN Tunnel i can reach my full 130mbit. http://pastebin.com/LcvzU97s
17:42 < seppi91> Already tried it with disabled auth, disabled lzo, disabled ciber and got nearly no change in speeds -.-
17:44 < seppi91> I would like to give you more information about the setup but don't want to hijack this thread...
17:45 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 240 seconds]
17:46 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
17:54 -!- seppi91 [86035e1c@gateway/web/freenode/ip.134.3.94.28] has quit [Quit: Page closed]
18:07 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:09 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 240 seconds]
18:09 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
18:13 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
18:13 -!- mode/#openvpn [+o krzee] by ChanServ
18:19 -!- toli [~toli@109.128.250.107] has joined #openvpn
18:19 -!- Neal_ [neal@felix.ineal.me] has quit [Quit: brb system upgrade]
18:20 -!- Neal_ [~neal@felix.ineal.me] has joined #openvpn
18:21 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 240 seconds]
18:25 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
18:25 -!- mode/#openvpn [+o krzee] by ChanServ
18:36 -!- metaf5 [~metaf5@31.220.42.38] has quit [Quit: WeeChat 1.3]
18:39 -!- janjust [~janjust@openvpn/community/support/janjust] has quit [Remote host closed the connection]
18:45 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 268 seconds]
18:46 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
18:52 -!- dmilith is now known as dmilith2
18:58 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Remote host closed the connection]
19:00 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
19:12 -!- Aww is now known as Awwphone
19:13 -!- Awwphone is now known as Aww
19:17 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-213-105.w82-124.abo.wanadoo.fr] has joined #openvpn
19:19 -!- u0m3 [~u0m3@89.120.204.99] has quit [Quit: Leaving]
19:27 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
19:27 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:34 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 272 seconds]
19:38 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
20:11 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:14 -!- Axeman [~axeman3@openvpn/user/axeman] has joined #openvpn
20:14 -!- mode/#openvpn [+v Axeman] by ChanServ
20:14 <+Axeman> helloooo smart people
20:15 < Eugene> Helllloooooo nurse
20:15 <+Axeman> i've got a router that generates a config file for me. for most devices ive just furnished that file and it works [windows, android].
20:15 <+Axeman> now i'm trying to setup another router
20:16 <+Axeman> to connect to that one [so router b, if you will] is now a client.
20:16 <+Axeman> this particular setup is requiring certs and keys.
20:16 <+Axeman> i'm stuck at the "ta.key"
20:16 <+Axeman> whatever the hell that is
20:18 <+Axeman> what do i do? what do i do? lol
20:22 -!- alec-b [~alec@172.236.28.37.rev.vodafone.pt] has quit [Ping timeout: 256 seconds]
20:24 -!- alec-b [~alec@50.33.54.77.rev.vodafone.pt] has joined #openvpn
20:32 -!- KNERD [~KNERD@netservisity.com] has joined #openvpn
21:03 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
21:14 <+Axeman> ah i got it
21:14 <+Axeman> tls auth
21:14 <+Axeman> finally
21:27 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
21:32 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:34 -!- Aww is now known as SpookyAww
22:15 -!- fling [~fling@fsf/member/fling] has joined #openvpn
22:16 -!- somis [~somis@167.160.44.206] has quit [Quit: Leaving]
22:22 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
22:23 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
22:42 -!- hays_ is now known as hays
22:53 -!- CaTtleyA_ [~CaTtleyA@aputeaux-653-1-213-105.w82-124.abo.wanadoo.fr] has joined #openvpn
23:03 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 250 seconds]
23:03 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
23:03 -!- mode/#openvpn [+o pekster] by ChanServ
23:11 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-213-105.w82-124.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
23:11 -!- CaTtleyA_ [~CaTtleyA@aputeaux-653-1-213-105.w82-124.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
23:29 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:34 -!- dimm0k [~dimm0k@unaffiliated/dimm0k] has joined #openvpn
23:35 < dimm0k> any idea what files are causing this??
23:35 < dimm0k> Tue Oct 27 00:24:24 2015 SENT CONTROL [alphaquadrant]: 'PUSH_REQUEST' (status=1)
23:35 < dimm0k> Tue Oct 27 00:24:24 2015 AUTH: Received control message: AUTH_FAILED
23:35 < dimm0k> Tue Oct 27 00:24:24 2015 SIGTERM[soft,auth-failure] received, process exiting
23:38 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
23:38 < dimm0k> only happening with one client
23:38 < Eugene> What are you using for auth?
23:39 < Eugene> That sounds like your auth mechanism failed; maybe the user's password expired?
23:42 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
23:42 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
--- Day changed Tue Oct 27 2015
00:09 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
00:11 -!- alec-b [~alec@50.33.54.77.rev.vodafone.pt] has quit [Ping timeout: 256 seconds]
00:14 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has joined #openvpn
00:15 -!- ShadniX [dagger@p5DDFC848.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:16 -!- ShadniX [dagger@p5DDFC118.dip0.t-ipconnect.de] has joined #openvpn
00:18 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:18 -!- toli [~toli@109.128.250.107] has joined #openvpn
01:01 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:08 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has quit [Ping timeout: 264 seconds]
01:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
01:14 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:22 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
01:44 -!- Eugene is now known as Eugennerz
01:47 -!- mystica555 [~mystica55@2602:b8:608d:b700:97da:e6a5:b794:b2a7] has quit [Ping timeout: 246 seconds]
01:49 -!- mystica555 [~mystica55@2602:47:da0d:bc00:13f4:7289:f8f0:b012] has joined #openvpn
02:11 -!- MaximumOfEnter [~AndChat11@ppp95-165-172-113.pppoe.spdop.ru] has quit [Ping timeout: 250 seconds]
02:42 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
02:44 -!- Harekiet [~harekiet@095-097-219-018.static.chello.nl] has quit [Ping timeout: 265 seconds]
02:51 -!- toli [~toli@109.128.250.107] has joined #openvpn
03:23 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:55 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:18 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 244 seconds]
04:19 -!- timmu [~M@109-125-191-90.dyn.estpak.ee] has quit [Ping timeout: 240 seconds]
04:24 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:26 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:32 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
04:32 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:41 -!- toli [~toli@109.128.250.107] has joined #openvpn
04:54 -!- oamador [~orlando@70.45.17.228] has quit [Ping timeout: 265 seconds]
05:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:02 < james_woods> I'm having some issues with OpenVPN (FreeBSD 10.2 runs OpenVPN 2.3.8, Ubuntu 14.04 runs OpenVPN 2.3.2) - when I restart server and client the connection works for a couple of seconds (e.g. pinging the server from the client or pinging 192.168.235.48/48) but after a couple of seconds it stops working without anything in the logs
05:02 < james_woods> looks like a routing problem to me, but why does it only occur after 10 or 20 seconds?
05:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:03 < james_woods> client.conf: https://gist.github.com/james-woods/835c2fbc7774f634897a / server.conf: https://gist.github.com/james-woods/23c9b8baf532504f64bc
05:03 <@vpnHelper> Title: client.conf · GitHub (at gist.github.com)
05:06 < james_woods> As a side note: even though I'm using keep alive the channel dies or reconnects every 2 to 5 minutes. Ubuntu (client) is a newly booted amazon ec2 instance with an open firewall, the server (freebsd) is publicly reachable
05:07 < james_woods> after reinitialization the channel works again (e.g. pinging the private 192.168.235.. subnet works)
05:18 < james_woods> decreasing the keep-alive settings on server and client seems to do the trick
05:19 < james_woods> nope I take that back, after 177 pings it died again
05:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:30 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:31 < james_woods> switching to tcp did the trick finally
05:37 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:41 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
05:52 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:10 -!- james_woods [~tobi@zentrale1.com] has left #openvpn []
06:14 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:16 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
06:28 -!- SpookyAww is now known as GhostlyAww
06:29 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:34 -!- GhostlyAww is now known as Aww
06:35 < dimm0k> Eugennerz: auth mechanism on the server side or client? i'm on slackware so no pam
06:37 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
06:37 < phutchins> hi
06:38 < phutchins> I'm looking for a way to set up essentially a vpn proxy or hub, where users would authenticate to a single vpn server, then depending on something (configuration) they would be VPN'd into different networks. I've googled but dont' see quite what I'm looking for. Does anyone know if this is possible and if so, the terminology that I might use to google for it?
06:44 -!- seppi91 [86035e1c@gateway/web/freenode/ip.134.3.94.28] has joined #openvpn
06:45 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
06:46 < seppi91> Hi guys already asked yesterday for help regarding speed imporvements on my openvpn connection to an leaseweb gbit dedicated server. I've just to run my openvpn traffic through a ssh tunnel and observed that this results in getting full network speed.
06:47 < seppi91> Is there anything known about leaseweb throttling openvpn connections?
06:49 < seppi91> or maybe asking the other way round: Is there anything else which could cause my openvpn connection to limit at 30mbit/s when using no ssh tunnel. And getting the full 120mbit/s when it's ssh-tunneled
07:00 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:08 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:18 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:25 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:32 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
07:41 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:42 -!- toli [~toli@109.128.250.107] has joined #openvpn
07:44 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:47 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
07:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:49 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:51 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
08:12 -!- u0m3 [~u0m3@89.120.204.99] has quit [Quit: Leaving]
08:20 -!- somis [~somis@167.160.44.206] has joined #openvpn
08:25 < phutchins> No one alive here...
08:26 < skyroveRR> phutchins: sup.
08:40 < phutchins> D: ALIVE
08:42 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:46 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Ping timeout: 250 seconds]
08:46 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:48 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Read error: Connection reset by peer]
08:49 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:49 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
08:51 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:52 -!- hyponic [~Dj@cm-84.211.18.180.getinternet.no] has joined #openvpn
08:54 < hyponic> I have rented VPN service from 3 different companies that i connect to using openvpn. there is a limit on each connection 10Mbit/s. i have a 100Mbit/s connection. Can i bond the 3 connections to get 30Mbit/s connection?
08:55 < BtbN> no
08:55 < Schrottfresse> hyponic: no, because tcp/ip is not able to route your packets this way
08:59 < hyponic> http://askubuntu.com/questions/531400/bonding-tun-interfaces
08:59 <@vpnHelper> Title: networking - Bonding TUN interfaces - Ask Ubuntu (at askubuntu.com)
09:03 < BtbN> you don't bond some unrelated interfaces and magicaly add up their bandwidth.
09:13 -!- somis [~somis@167.160.44.206] has quit [Quit: Leaving]
09:15 -!- marlinc_ [~marlinc@51.254.145.186] has joined #openvpn
09:20 -!- marlinc [~marlinc@ip2.weert.li.nl.cvo-technologies.com] has quit [Quit: Byebye]
09:20 -!- marlinc_ is now known as marlinc
09:21 -!- marlinc [~marlinc@51.254.145.186] has quit [Quit: Byebye]
09:23 -!- mystica555 [~mystica55@2602:47:da0d:bc00:13f4:7289:f8f0:b012] has quit [Ping timeout: 246 seconds]
09:28 -!- BtbN [btbn@unaffiliated/btbn] has quit [Read error: Connection reset by peer]
09:30 -!- marlinc [~marlinc@51.254.145.186] has joined #openvpn
09:32 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
09:34 < colo-work> "WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)" - why is 1500 the "magic number" that I seem to want; what's the technical reason for this?
09:34 -!- marlinc [~marlinc@51.254.145.186] has quit [Client Quit]
09:36 -!- marlinc [~marlinc@51.254.145.184] has joined #openvpn
09:37 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
09:41 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:43 -!- marlinc [~marlinc@51.254.145.184] has quit [Remote host closed the connection]
09:45 -!- marlinc [~marlinc@51.254.145.184] has joined #openvpn
09:56 < mete> hyponic: you can bond multiple openvpn interfaces on linux, but you need to have root access to both server and client. and all connections need to go to the same server
09:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:58 < mete> colo-work: ethernet frame can be 1500 bytes and your router will then fragment the packets
09:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:07 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:10 -!- u0m3 [~u0m3@89.120.204.99] has quit [Quit: Leaving]
10:10 < hyponic> mete i don't have access to the server. since i just bought vpn services. i don't own the server.
10:22 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
10:23 < colo-work> mete, but how/why, when they are smaller than the MTU of the link?
10:24 < mete> what link you've between your router and your pc/server whatever?
10:24 < mete> colo-work
10:25 < mete> also 1500 is standard ehternet frame max payload size. if you use mssfix and or fragment, it will fragment it... so there is no need to use a lower MTU that it get fragmented multiple times..
10:26 < colo-work> mete, the point is that some of our VPN users on the road have crappy mobile links with carrier-NAT between them and the openVPN server, which is why we'd like to go with a very conservative MTU that ought to cover all scenarios. performance/thruput is not paramount.
10:27 < mete> so do you use fragment in your config colo-work?
10:29 < colo-work> mete, I'm not sure what we actually WANT. I know what we HAVE now, and  that it doesn't work for a number of users due to MTU size problems, and it's kinda hard to find a definitie answer to what settings one should choose between --fragment --mssfix and all the different mtu values (link, UDP, etc.(?))
10:29 < colo-work> right now, we have neither - not mssfix, and also not fragment
10:30 < mete> --tun-mtu is for the MTU (max transmission unit) in the openvpn link. fragment 1200 will set the packet size to 1200 in which the data get routed over the internet. so if you use a low --tun-mtu and and a low --fragment, the packets get multiple times fragmented, which in this case generates load and network overhead which isn't necessary
10:30 < colo-work> but since it will be a pain to resync all client configs with what the server expects after the new VPN config has been deployed, I'd like to get it to work with ALL client from the get-go
10:32 < mete> I don't know exactly (because I'm not using it this way) but in my eyes, it should be possible to push most of the client config settings from server to client...
10:33 < mete> I'm using it for routes and com-lzo
10:33 < mete> comp-lzo*
10:35 < colo-work> tbh, I'm just not sure what's my best option to ensure a conservative MTU being in effect for the opwnvpn tunnel link, while not having redundant and possibly counterproductive config stanzas in both server and client configs
10:35 < colo-work> If the lowered MTU costs 10% performance, that's nothing we really care about
10:35 < colo-work> as long as it works reliably
10:36 < mete> I'm using --tun-mtu 1500 and no fragment settings. it is working without any problems over all types of links. ftth, adsl, vdsl, 3g, lte, edge...
10:44 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:46 -!- marlinc [~marlinc@51.254.145.184] has quit [Quit: Byebye]
10:49 -!- marlinc [~marlinc@51.254.145.184] has joined #openvpn
11:15 -!- marlinc [~marlinc@51.254.145.184] has quit [Quit: Byebye]
11:17 -!- marlinc [~marlinc@51.254.145.184] has joined #openvpn
11:34 -!- marlinc [~marlinc@51.254.145.184] has quit [Quit: Byebye]
11:37 -!- marlinc [~marlinc@51.254.145.184] has joined #openvpn
11:37 -!- FL1SK [~quassel@96-19-87-160.cpe.cableone.net] has joined #openvpn
11:40 -!- mystica555 [~mystica55@2602:4b:abee:9600:155e:ba27:ee1:4ebe] has joined #openvpn
11:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:49 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:50 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:54 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 255 seconds]
12:01 -!- sigsts_ [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:02 -!- sigsts- [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:03 -!- sigsts- is now known as sigsts
12:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:05 -!- sigsts_ [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:08 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
12:09 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:11 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
12:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:17 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
12:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:26 -!- toli [~toli@109.128.250.107] has joined #openvpn
12:33 -!- AlmogBaku [~AlmogBaku@185.28.153.1] has joined #openvpn
12:36 -!- Axeman [~axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!]
12:40 -!- AlmogBaku [~AlmogBaku@185.28.153.1] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:42 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
12:44 -!- AlmogBaku [~AlmogBaku@213.57.118.74] has joined #openvpn
12:48 -!- u0m3 [~u0m3@89.120.204.99] has quit [Read error: Connection reset by peer]
12:49 -!- AlmogBaku [~AlmogBaku@213.57.118.74] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:52 -!- AlmogBaku [~AlmogBaku@185.28.153.1] has joined #openvpn
12:53 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
12:53 -!- AlmogBaku [~AlmogBaku@185.28.153.1] has quit [Client Quit]
12:53 -!- AlmogBaku [~AlmogBaku@213.57.118.74] has joined #openvpn
12:59 -!- AlmogBaku [~AlmogBaku@213.57.118.74] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:06 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
13:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:15 -!- toli [~toli@109.128.250.107] has joined #openvpn
13:16 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Ping timeout: 250 seconds]
13:16 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
13:17 -!- AlmogBaku [~AlmogBaku@213.57.118.74] has joined #openvpn
13:17 -!- AlmogBaku [~AlmogBaku@213.57.118.74] has quit [Client Quit]
13:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:20 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
13:20 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Ping timeout: 260 seconds]
13:21 -!- marlinc [~marlinc@51.254.145.184] has quit [Quit: Byebye]
13:22 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
13:23 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
13:25 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
13:29 -!- toli [~toli@109.128.250.107] has joined #openvpn
13:30 -!- tchiwam [~tchiwam@194.177.246.246] has joined #openvpn
13:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:31 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
13:32 < tchiwam> Hello, I have a wierd one here. I made 2 sentinel sitting on the 2 ADSL modems calling my server, just in case I need to trouble shoot stuff. I can't complete a scp from the Rpi (client VPN) to the Server. Packet corrupt comes after about 67%. Tried to reduce the mtu etc etc. Next Ill try to remove the tcp offload. Any other ideas here ?
13:33 < tchiwam> openvpn-2.3.8 all over, tun/tcp interface
13:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:48 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
13:51 -!- colo-work [~jt@78.142.138.4] has quit [Ping timeout: 256 seconds]
13:57 -!- toli [~toli@109.128.250.107] has joined #openvpn
14:05 -!- dmilith2 is now known as dmilith
14:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:16 < tchiwam> well seems aes-ctr is not behaving well over tun. Other ciphers do work well...
14:16 < FL1SK> ok this is weird
14:16 < FL1SK> I redid everything and did not do any passwords and I still get the same error message
14:16 < FL1SK> used this http://wiki.openwrt.org/doc/howto/openvpn-streamlined-server-setup#vpn_server
14:21 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 240 seconds]
14:21 -!- somis [~somis@167.160.44.206] has joined #openvpn
14:23 < FL1SK> I can't get openvpn running
14:24 < FL1SK> always getting this error
14:24 < FL1SK> Tue Oct 27 09:25:18 2015 us=624599 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 25 2015
14:24 < FL1SK> Tue Oct 27 09:25:18 2015 us=624957 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
14:24 < FL1SK> Tue Oct 27 09:25:19 2015 us=413799 Diffie-Hellman initialized with 2048 bit key
14:24 < FL1SK> Enter Private Key Password:Tue Oct 27 09:25:19 2015 us=435911 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
14:24 < FL1SK> Tue Oct 27 09:25:19 2015 us=456928 Error: private key password verification failed
14:24 < FL1SK> Tue Oct 27 09:25:19 2015 us=457256 Exiting due to fatal error
14:24 < FL1SK> I have not set any passwords anywhere
14:25 < FL1SK> i just redid my entire setup
14:27 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
14:33 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Remote host closed the connection]
14:34 < tchiwam> FL1SK: I do have it working well over here. Make sure you copy the right certs and ca at the right place. PS: I use a single .ovpn file with all the certs, for that I've created a little bash script. http://pastebin.com/LkwcLfx2
14:34 < FL1SK> ok tchiwam
14:34 < FL1SK> tchiwam: should i be using openvpn or openconnect
14:36 < tchiwam> the .ovpn file goes on the clients. I use openvpn --config file.ovpn on the client side. then read carefully the logs
14:36 < FL1SK> ok
14:38 < tchiwam> http://pastebin.com/5FVKv3z6 with a template that should be working if you tweak the parameters
14:38 < FL1SK> ok
14:39 < FL1SK> thanks tchiwam
14:45 -!- AMERICAN_PSYCHO [~AMERICAN_@192.240.195.170] has joined #openvpn
14:49 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
14:51 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
15:09 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
15:12 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 260 seconds]
15:13 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
15:14 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 252 seconds]
15:25 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:29 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
15:45 -!- Harekiet [~harekiet@095-097-219-018.static.chello.nl] has joined #openvpn
15:48 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:04 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
16:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:25 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:29 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
16:32 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
16:43 -!- Harekiet [~harekiet@095-097-219-018.static.chello.nl] has quit [Quit: I brought my pogo stick just to show her a trick]
17:04 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 250 seconds]
17:17 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
17:18 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 250 seconds]
17:18 -!- AMERICAN_PSYCHO [~AMERICAN_@192.240.195.170] has quit [Ping timeout: 255 seconds]
17:22 -!- mystica555 [~mystica55@2602:4b:abee:9600:155e:ba27:ee1:4ebe] has quit [Ping timeout: 246 seconds]
17:22 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:23 -!- Harekiet [~harekiet@095-097-219-018.static.chello.nl] has joined #openvpn
17:23 -!- AMERICAN_PSYCHO [~AMERICAN_@192.240.195.150] has joined #openvpn
17:24 < dimm0k> any idea what files are causing this??
17:24 < dimm0k> Tue Oct 27 00:24:24 2015 SENT CONTROL [alphaquadrant]: 'PUSH_REQUEST' (status=1)
17:24 < dimm0k> Tue Oct 27 00:24:24 2015 AUTH: Received control message: AUTH_FAILED
17:24 -!- AMERICAN_PSYCHO [~AMERICAN_@192.240.195.150] has quit [Max SendQ exceeded]
17:24 < dimm0k> Tue Oct 27 00:24:24 2015 SIGTERM[soft,auth-failure] received, process exiting
17:24 < dimm0k> only happening with one client
17:25 -!- mystica555 [~mystica55@2602:b8:6089:5200:8327:bede:4b5d:d] has joined #openvpn
17:34 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
17:47 -!- mystica555 [~mystica55@2602:b8:6089:5200:8327:bede:4b5d:d] has quit [Ping timeout: 240 seconds]
17:55 -!- somis [~somis@167.160.44.206] has quit [Quit: Leaving]
17:59 -!- mystica555 [~mystica55@2602:47:da12:6700:a556:a97a:ba4c:69cb] has joined #openvpn
18:07 -!- Aww is now known as SpookyAww
18:11 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:13 -!- mystica555 [~mystica55@2602:47:da12:6700:a556:a97a:ba4c:69cb] has quit [Ping timeout: 246 seconds]
18:26 -!- mystica555 [~mystica55@71-218-25-14.hlrn.qwest.net] has joined #openvpn
19:05 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Read error: Connection reset by peer]
19:05 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
19:09 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 252 seconds]
19:11 -!- oamador [~orlando@70.45.17.228] has joined #openvpn
19:14 < oamador> Hello, Once a p2p is setup between a edge router and the linux server on the internet.  One would need to use iptables to forward all vtun0 traffic to eth0 (Internet) and masquerade that traffic.  Correct?
19:33 -!- mystica555 [~mystica55@71-218-25-14.hlrn.qwest.net] has quit [Ping timeout: 265 seconds]
19:34 -!- mystica555 [~mystica55@75-166-112-116.hlrn.qwest.net] has joined #openvpn
19:39 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
19:41 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 250 seconds]
19:41 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 250 seconds]
19:43 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
19:46 -!- Exagone313 [exa@elou.world] has joined #openvpn
19:49 < Eugennerz> Routing is needed to forward the traffic
19:49 < Eugennerz> iptables is used for masquerading
19:49 < Eugennerz> !forward
19:49 < Eugennerz> !def1
19:49 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
19:50 < Eugennerz> !redirect
19:50 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
19:50 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
19:50 < Eugennerz> The flowchart in particular ^
19:54 -!- mystica555_ [~mystica55@75-166-117-112.hlrn.qwest.net] has joined #openvpn
19:56 -!- mystica555 [~mystica55@75-166-112-116.hlrn.qwest.net] has quit [Ping timeout: 246 seconds]
20:02 -!- mystica555_ [~mystica55@75-166-117-112.hlrn.qwest.net] has quit [Ping timeout: 240 seconds]
20:04 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
20:09 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 256 seconds]
20:13 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
20:17 -!- mystica555 [~mystica55@75-166-122-172.hlrn.qwest.net] has joined #openvpn
20:18 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 256 seconds]
20:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:26 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:34 -!- hyponic [~Dj@cm-84.211.18.180.getinternet.no] has quit [Quit: Leaving]
20:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:46 -!- MrVandelay [~nox@sysv.se] has joined #openvpn
20:46 < MrVandelay> Hey. I'm connecting to a vpn service which has the "redirect gateway" thing set so that all my traffic is automatically routed through it when I connect. Can I override that in my client config? I want to connect to it, but I only want to route certain traffic through it - not all of it.
20:47 < Eugennerz> Sure, --route-nopull
20:48 < Eugennerz> But I'm guessing what you really want is
20:48 < Eugennerz> !routebyapp
20:48 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on
20:48 <@vpnHelper> defined policies you set. For Linux, read about !lartc
20:50 < MrVandelay> Yeah I already use iptables to route certain traffic to certain vpn's
20:50 < MrVandelay> I just need to override that redirect-gateway option that's set server-side. Thanks!
20:50 < dimm0k> Eugennerz: any suggestions on this?
20:50 < dimm0k> Tue Oct 27 00:24:24 2015 SENT CONTROL [alphaquadrant]: 'PUSH_REQUEST' (status=1)
20:50 < dimm0k> Tue Oct 27 00:24:24 2015 AUTH: Received control message: AUTH_FAILED
20:50 < dimm0k> Tue Oct 27 00:24:24 2015 SIGTERM[soft,auth-failure] received, process exiting
20:50 < Eugennerz> !beer
20:50 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
20:51 < Eugennerz> I think you suck at using a pastebin, and that a single snippet of logs is useless
20:51 < Eugennerz> !paste
20:51 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
20:51 -!- MrVandelay [~nox@sysv.se] has left #openvpn []
20:57 < dimm0k> Eugennerz: sorry, should i repaste into pastebin?
20:57 < Eugennerz> !logs
20:57 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
20:58 < Eugennerz> !configs
20:58 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
21:00 < dimm0k> hrmm, this might take some time... no access to remote vpn server without the vpn connection! =(
21:13 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
21:37 -!- seppi91 [86035e1c@gateway/web/freenode/ip.134.3.94.28] has quit [Ping timeout: 246 seconds]
21:54 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
21:56 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
21:57 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:24 -!- IronY [~IronY@unaffiliated/irony] has quit [Quit: ZNC - http://znc.in]
22:25 -!- IronY [~IronY@unaffiliated/irony] has joined #openvpn
22:30 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
22:35 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 272 seconds]
22:39 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
22:47 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 250 seconds]
23:04 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
23:08 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 240 seconds]
23:11 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
23:23 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 264 seconds]
--- Day changed Wed Oct 28 2015
00:06 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:11 -!- SpookyAww [aww@12fcali.online] has quit [Quit: ♕ KEEP CALM AND COOKIE ON]
00:13 -!- ShadniX [dagger@p5DDFC118.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:14 -!- ShadniX [dagger@p5DDFC9D5.dip0.t-ipconnect.de] has joined #openvpn
00:18 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
00:32 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 240 seconds]
00:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:39 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
00:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:58 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
01:03 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
01:06 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
01:28 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:31 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
01:37 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:40 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:41 -!- mystica555 [~mystica55@75-166-122-172.hlrn.qwest.net] has quit [Ping timeout: 255 seconds]
01:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:41 -!- mode/#openvpn [+o mattock1] by ChanServ
01:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:43 -!- skyroveRR_ is now known as skyroveRR
01:51 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:53 -!- skyroveRR_ is now known as skyroveRR
01:54 -!- mystica555 [~mystica55@2602:61:7660:1200:be96:ee4e:66cb:f6ca] has joined #openvpn
01:59 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
02:00 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
02:09 -!- toli [~toli@109.128.250.107] has joined #openvpn
02:21 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Ping timeout: 268 seconds]
02:29 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:44 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
02:48 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
02:51 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 240 seconds]
02:53 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
02:56 -!- toli [~toli@109.128.250.107] has joined #openvpn
02:57 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
03:01 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.195] has joined #openvpn
03:08 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
03:18 -!- toli [~toli@109.128.250.107] has joined #openvpn
03:23 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:24 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has joined #openvpn
03:25 -!- PsynoKhi0 [~none@c-83-233-26-188.cust.bredband2.com] has joined #openvpn
03:26 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has quit [Read error: Connection reset by peer]
03:28 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has joined #openvpn
03:30 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has quit [Read error: No route to host]
03:51 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has joined #openvpn
03:56 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has quit [Ping timeout: 264 seconds]
04:05 -!- toli [~toli@109.128.250.107] has quit [Ping timeout: 246 seconds]
04:08 -!- sjums [~Nick@cpe.ge-4-2-4-100.arcnqe10.dk.customer.tdc.net] has joined #openvpn
04:08 < sjums> Hey, I know it's pretty much the reverse of what openVPN is normally used for, but would it be possible to setup openVPN to log all HTTP traffic?
04:11 < sjums> I have a lumia smartphone, and I'd like to log all web traffic when I'm using a 3G data connection. I can't route the connection through my computer, and can't find any utilities to enable logging on the phone. So my current idea is to tunnel all my data through a VPN and log it there.
04:13 -!- AlmogBaku [~AlmogBaku@bzq-79-180-208-28.red.bezeqint.net] has joined #openvpn
04:14 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 240 seconds]
04:18 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.195] has quit [Ping timeout: 255 seconds]
04:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:18 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
04:19 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:25 -!- dazo_afk is now known as dazo
04:25 -!- AlmogBaku [~AlmogBaku@bzq-79-180-208-28.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:27 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 256 seconds]
04:28 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.195] has joined #openvpn
04:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:33 -!- AlmogBaku [~AlmogBaku@bzq-79-180-208-28.red.bezeqint.net] has joined #openvpn
04:33 -!- sigsts_ [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:36 -!- sigsts_ is now known as sigsts
04:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:41 < ValdikSS> sjums: yes you can
04:42 < sjums> Is there a word for it that'll ease my search?
04:49 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.195] has quit [Ping timeout: 255 seconds]
04:49 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.73] has joined #openvpn
04:51 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:54 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
05:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:03 -!- Aww [aww@12fcali.online] has joined #openvpn
05:04 -!- toli [~toli@109.128.250.107] has joined #openvpn
05:06 -!- AlmogBaku [~AlmogBaku@bzq-79-180-208-28.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:23 <@dazo> sjums: it's a standard !redirect setup on phone/vpn server + tcpdump on the server
05:23 <@dazo> !redirect
05:23 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
05:23 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
05:24 < sjums> awesome dazo, thanks
05:54 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:03 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Read error: Connection reset by peer]
06:08 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
06:08 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
06:16 -!- PsynoKhi0 [~none@c-83-233-26-188.cust.bredband2.com] has quit [Quit: leaving]
06:35 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has joined #openvpn
06:38 -!- JackWinter1 [~jack@vodsl-8284.vo.lu] has joined #openvpn
06:38 < JackWinter1> .j syncthing
06:41 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:47 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
06:52 -!- bmwiedemann [~bmwiedema@opensuse/member/bmwiedemann] has joined #openvpn
06:54 < bmwiedemann> Hi. is there a simple way to use "mode server" or ifconfig-pool without encryption?
07:06 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
07:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:38 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Read error: Connection reset by peer]
07:39 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
07:48 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 268 seconds]
07:48 -!- oamador [~orlando@70.45.17.228] has quit []
07:49 -!- leandrosansilva [~leandro@host-188-174-233-152.customer.m-online.net] has quit [Remote host closed the connection]
07:49 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:56 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
08:14 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.73] has quit [Ping timeout: 255 seconds]
08:25 -!- sjums is now known as sleeper
08:26 -!- sleeper is now known as sjums
08:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:37 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 256 seconds]
08:38 -!- dmilith is now known as dmilith2
08:42 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:42 -!- dmilith2 is now known as dmilith
08:43 -!- PsynoKhi0 [~none@c-83-233-26-188.cust.bredband2.com] has joined #openvpn
08:51 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 244 seconds]
08:51 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
08:52 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.153] has joined #openvpn
08:54 <@dazo> krzee: ping
08:57 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.153] has quit [Ping timeout: 255 seconds]
09:01 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.72] has joined #openvpn
09:03 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.72] has quit [Max SendQ exceeded]
09:04 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.72] has joined #openvpn
09:14 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.72] has quit [Ping timeout: 255 seconds]
09:19 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has joined #openvpn
09:21 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has quit [Max SendQ exceeded]
09:22 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has joined #openvpn
09:25 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has quit [Max SendQ exceeded]
09:26 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has joined #openvpn
09:27 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has quit [Max SendQ exceeded]
09:28 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has joined #openvpn
09:30 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has quit [Max SendQ exceeded]
09:31 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has joined #openvpn
09:33 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has quit [Max SendQ exceeded]
09:34 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has joined #openvpn
09:36 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.38] has quit [Max SendQ exceeded]
09:42 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
09:50 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Quit: TTFNs!]
09:51 -!- dmilith is now known as dmilith2
09:51 -!- dmilith2 is now known as dmilith
09:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
09:53 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:53 -!- mode/#openvpn [+o mattock1] by ChanServ
09:54 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
10:07 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
10:08 -!- sjums [~Nick@cpe.ge-4-2-4-100.arcnqe10.dk.customer.tdc.net] has quit [Quit: Leaving]
10:44 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:10 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
11:13 -!- jafa [~jafa@2001:470:80ca:2000:e83d:1:78ec:ba7f] has joined #openvpn
11:16 -!- Eugennerz is now known as Eugene
11:17 < jafa> hi, I am seeing a problem where, if the network glitches, openvpn tries once to reconnect and gives up. keepalive is enabled server-side. resolv-retry infinite is set client side. syslog shows "write UDPv6: Network is unreachable (code=101)"
11:19 < jafa> client is using ipv4 for dns so likely dns succeeds but there is a temporary ipv6 routing problem
11:19 < jafa> requires manual user intervention to restart openvpn on the client
11:21 < jafa> linux both client and server
11:23 < jafa> openvpn version 2.3.2
11:34 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
11:43 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
12:04 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has quit [Ping timeout: 272 seconds]
12:05 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:06 -!- PsynoKhi0 [~none@c-83-233-26-188.cust.bredband2.com] has quit [Quit: leaving]
12:16 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
12:23 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
12:24 < BrianBlaze420> hello everyone, I have a server with openvpn on it and I have a mac that connects to it no problem
12:24 < BrianBlaze420> I am trying to get my windows to connect with the same config but no dice
12:24 < BrianBlaze420> I am wondering what is different in the config between windows and mac
12:26 < BrianBlaze420> I changed dev from tun to tap
12:26 < BrianBlaze420> that makes sense right?
12:32 < ValdikSS> BrianBlaze420: should be no difference. What's in the log?
12:33 < BrianBlaze420> it's empty...
12:34 < BrianBlaze420> unless I am looking at the wrong log
12:34 < Eugene> BrianBlaze420 - Windows uses a combined TUN/TAP device(one driver supports both modes). If your server is in --dev tun, then all your clients must be as well
12:34 < Eugene> Otherwise the connection won't go
12:34 < BrianBlaze420> gotcha so putting it back to dev tun
12:34 < BrianBlaze420> but still not connecting from windows :(
12:34 < Eugene> !logs
12:34 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
12:34 < Eugene> !logfile
12:35 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
12:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:38 < BrianBlaze420> so where do I right click on status? when I am trying to connect I can't and when I am not connected I have no option
12:40 < Eugene> Invoke the client manually for testing, instead of the GUI
12:40 < Eugene> `openvpn --config foo.ovpn`
12:41 -!- JohnA [~John@dsl.198.58.172.161.ebox.ca] has joined #openvpn
12:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:43 < BrianBlaze420> weird worked no problem via cmd
12:43 < BrianBlaze420> lol
12:43 < BrianBlaze420> guess that's how I will do it
12:43 -!- JackWinter1 [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 252 seconds]
12:43 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 256 seconds]
12:44 < BrianBlaze420> how do I quit? lol
12:44 < Eugene> F4
12:44 < Eugene> It's probably working fine now that you've updated the conf. Kill the GUI entirely and restart.
12:44 < Eugene> Also make sure you have Run As Administrator set in the shortcut. ;-)
12:45 < BrianBlaze420> it
12:45 < BrianBlaze420> is so weird the gui says connected
12:45 < BrianBlaze420> but no ip given and connected since wed dec 31's 1969
12:45 < BrianBlaze420> lol
12:47 < BrianBlaze420> and my user is administrator
12:47 < BrianBlaze420> since I live life on the edge haha
12:48 < Eugene> Weird.
12:49 < Eugene> Set --log file.log in your config, run the GUI, and see what ends up in the log
12:49 -!- JackWinter1 [~jack@vodsl-8284.vo.lu] has joined #openvpn
12:51 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
12:52 < BrianBlaze420> # Set log file verbosity. ?
12:52 <@dazo> verb 4
12:57 < BrianBlaze420> nice found my logs
12:57 < BrianBlaze420> so I am guessing it is not looking in the same folder my ovpn files is in for the certs
12:58 < BrianBlaze420> unless I run the command from that file
13:19 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
13:19 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:26 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:45 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
13:47 -!- JackWinter1 [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 244 seconds]
13:56 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
14:10 -!- somis [~somis@167.160.44.206] has joined #openvpn
14:12 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has joined #openvpn
14:19 < lindylex> BasketCase: http://pastebin.com/YGk09S8V  This is what you requested.
14:34 < lindylex> Has anyone gotten Openvpn to work in bridge mode and netbios working?
14:36 -!- nutron [~nutron@unaffiliated/nutron] has quit [Read error: Connection reset by peer]
14:59 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 252 seconds]
15:03 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:15 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:20 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:28 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:29 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
15:29 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:29 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
15:34 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 256 seconds]
15:35 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
15:38 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
15:42 <@dazo> lindylex: why on earth would you want to do that?  why not use standard routed setup without bridging and use WINS instead?
15:42 < lindylex> i need netbios to work
15:42 <@dazo> and WINS does not work?
15:42 < lindylex> I have no idea.
15:42 <@dazo> I mean, even Microsoft have deprecated netbios
15:42 < lindylex> Is this a solution
15:43 <@dazo> WINS far better than opening the bridging can at any time
15:43 <@dazo> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
15:43 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
15:43 < lindylex> What you mention does that work when client log in?
15:44 <@dazo> If your DHCP server responds with a reasonable WINS server, then yes
15:45 <@dazo> it also depends on what you mean with "log in" as well ... do you mean windows login .... or just using windows shares over VPN with a "log in" when connecting the share
15:45 <@dazo> OpenVPN supports pushing WINS server to the virtual TUN/TAP adapter, if instructed to ... but not by default
15:45 < lindylex> "You have Windows server(s) you want to access and require network neighbourhood discovery to work via VPN and WINS is not an option to implement. If you have WINS, you don't want bridging. Really." ?
15:46 <@dazo> (as it doesn't know which wins server to use)
15:46 < lindylex> how ?
15:46 < lindylex> "pushing WINS server to the virtual TUN/TAP adapter"?
15:46 <@dazo> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage ... push "dhcp-option WINS ..."
15:46 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
15:46 < lindylex> windows shares over vpn
15:46 < lindylex> this is what I need to do.
15:47 <@dazo> then it shouldn't be too hard
15:47  * dazo adds a disclaimer .... he is not a Windows user, just knows other users do this with great success
15:47 < lindylex> As in I do not need to bridge and only use that directive in the server config file?
15:47 <@dazo> yes
15:48 <@dazo> read the man page for more details
15:48 < lindylex> ok
15:50 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has joined #openvpn
15:51 < lindylex> using this "dhcp-option WINS..." which ip do I enter?
15:51 < lindylex> for the WINS server?
15:52 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
15:52 <@dazo> lindylex: your windows server, most likely
15:53 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:53 < lindylex> Ok let me ask a better question.  Openvpn is running a Debian system on the LAN,  I need to log into the LAN from the WAN with a Windows 8 client.
15:54 <@dazo> yeah, where is your windows shares?
15:54 < lindylex> This client needs to see the Netbios computer in it network neighborhood for it to use
15:54 < lindylex> certain things like a Access database
15:54 < lindylex> or shares
15:54 <@dazo> what kind of windows box do you connect to?
15:55 < lindylex> You mean when I log into the network to use say Acces?
15:55 <@dazo> (the box hosting the windows shares)
15:56 < lindylex> dazo: the network contains many different WIndows computers.
15:57 <@dazo> okay ... do you have a windows server involved at all?  Are these windows computers members of an AD domain?
15:57 < lindylex> Some stores files one contains a Access database we need to use.
15:57  * dazo brb
15:58 < lindylex> I have no windows server involved.  Only lots of different computer on the network serving other purposes.
16:02 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:03 <@dazo> okay ... then I suggest you configure Samba on your VPN server as well.  Samba ships with a WINS server built in ... you might find some good clues here: https://www.samba.org/samba/docs/using_samba/ch07.html
16:04 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
16:04 <@dazo> your DHCP server on the LAN should also announce your VPN servers IP address as a WINS server ... then this should work as you want
16:04 < lindylex> i have Samba on it
16:05 < lindylex> my dhcp server is my router's ip address?
16:05 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
16:05 <@dazo> lindylex: most likely
16:05 < lindylex> that
16:06 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
16:07 < lindylex> in the server.cong file i will add this line "push "dhcp-option WINS 192.168.1.1"   192.168.1.1 being my routers address?
16:08 < lindylex> I meant server.conf
16:09 <@dazo> lindylex: no.  On your VPN server you need to configure Samba as your WINS server (as you have no Windows or Samba servers involved elsewhere), then you put your VPN servers LAN IP address in the 'dhcp-option WINS' setting
16:09 < lindylex> thanks
16:10 < lindylex> got it
16:10 <@dazo> in addition, on your DHCP server, you also should announce that your VPN servers LAN IP address is the WINS server ... that may remove further challenges, but might not be strictly needed .... depends a lot on how your Windows clients behaves
16:28 -!- dazo is now known as dazo_afk
16:28 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 255 seconds]
16:30 < lindylex> dazo: is there a way to automate the push "dhcp-option WINS 192.168.1.120" directive so it gets the ip of the OpenVpn server automatically?  This si the same computer that has WINS server enable via Samba.
16:31 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
16:32 -!- voxadam [~adam@unaffiliated/voxadam] has quit [Read error: Connection reset by peer]
16:34 -!- phutchins [~philip@12.226.55.2] has joined #openvpn
16:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:39 -!- phutchins [~philip@12.226.55.2] has quit [Ping timeout: 260 seconds]
16:39 -!- Guest53611 [~pythonsna@fedora/pythonsnake] has left #openvpn []
16:39 -!- Guest53611 [~pythonsna@fedora/pythonsnake] has joined #openvpn
16:39 -!- Guest53611 [~pythonsna@fedora/pythonsnake] has left #openvpn []
16:40 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
16:41 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:52 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
17:01 -!- toli [~toli@109.128.250.107] has joined #openvpn
17:02 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has quit [Ping timeout: 244 seconds]
17:14 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
17:15 -!- JohnA [~John@dsl.198.58.172.161.ebox.ca] has quit [Ping timeout: 265 seconds]
17:15 -!- poprop [~user8731@95.215.62.92] has joined #openvpn
17:18 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:19 -!- Matir_ [~matir@ubuntu/member/matir] has quit [Remote host closed the connection]
17:20 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Write error: Connection reset by peer]
17:20 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
17:22 -!- Matir [~matir@ubuntu/member/matir] has quit [Client Quit]
17:22 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
17:22 -!- JohnA [~John@dsl.198.58.171.179.ebox.ca] has joined #openvpn
17:22 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has joined #openvpn
17:24 < lindylex> dazo: I made the changes back to "dev tun" on the server and I enable WINS server on Samba.
17:24 -!- poprop [~user8731@95.215.62.92] has left #openvpn []
17:24 < lindylex> I still do not see the computer on the network,
17:27 -!- JohnA [~John@dsl.198.58.171.179.ebox.ca] has quit [Ping timeout: 240 seconds]
17:30 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
17:32 -!- JohnA [~John@dsl.198.58.168.177.ebox.ca] has joined #openvpn
17:39 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 272 seconds]
17:39 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
17:48 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:54 -!- Aww is now known as SpookyAww
18:00 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
18:03 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has quit [Quit: Leaving]
18:09 -!- toli [~toli@109.128.250.107] has joined #openvpn
18:14 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
18:16 -!- redpill [~redpill@unaffiliated/redpill] has quit [Ping timeout: 250 seconds]
18:20 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
18:23 -!- toli [~toli@109.128.250.107] has joined #openvpn
18:32 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 265 seconds]
18:33 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
18:43 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 260 seconds]
18:44 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
18:55 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:08 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
19:09 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:11 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
19:13 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Client Quit]
19:14 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:24 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 264 seconds]
19:25 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Ping timeout: 260 seconds]
19:28 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
19:39 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
19:49 -!- toli [~toli@109.128.250.107] has joined #openvpn
20:01 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 240 seconds]
20:31 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
20:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:57 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 260 seconds]
21:06 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
21:22 -!- somis [~somis@167.160.44.206] has quit [Quit: Leaving]
21:23 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Read error: Connection reset by peer]
21:25 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 244 seconds]
21:33 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
21:40 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
21:43 < _FBi> krzee, are you around?
21:51 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
21:55 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
21:56 -!- polardroid [~polardroi@173-31-231-123.client.mchsi.com] has joined #openvpn
22:02 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:02 -!- polardroid [~polardroi@173-31-231-123.client.mchsi.com] has left #openvpn ["Leaving"]
22:08 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
22:14 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:14 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
23:01 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
23:11 -!- Tykling [tykling@gibfest.dk] has quit [Read error: Connection reset by peer]
23:15 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
23:29 -!- AMERICAN_PSYCHO [~AMERICAN_@22.sub-70-196-7.myvzw.com] has joined #openvpn
23:32 -!- AMERICA__ [~AMERICAN_@209.54.35.99] has joined #openvpn
23:34 -!- AMERICAN_PSYCHO [~AMERICAN_@22.sub-70-196-7.myvzw.com] has quit [Ping timeout: 255 seconds]
23:34 -!- AMERICA__ [~AMERICAN_@209.54.35.99] has quit [Max SendQ exceeded]
23:35 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has joined #openvpn
23:37 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has quit [Max SendQ exceeded]
23:38 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has joined #openvpn
23:39 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has quit [Max SendQ exceeded]
23:40 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has joined #openvpn
23:40 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has joined #openvpn
23:41 < lindylex> I am having problems with getting client to see to ping the netbios names of the computer on the LAN.
23:42 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has quit [Max SendQ exceeded]
23:43 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has joined #openvpn
23:45 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has quit [Max SendQ exceeded]
23:46 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has joined #openvpn
23:57 < lindylex> This is my setup.  http://pastebin.com/kvYdpTt8
--- Day changed Thu Oct 29 2015
00:05 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 256 seconds]
00:08 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:14 -!- ShadniX [dagger@p5DDFC9D5.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:14 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
00:14 -!- ShadniX [dagger@p57941C21.dip0.t-ipconnect.de] has joined #openvpn
00:17 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 265 seconds]
00:18 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
00:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:10 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:33 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:37 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
01:41 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:47 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:52 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
01:53 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
02:05 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
02:16 -!- tchiwam [~tchiwam@194.177.246.246] has quit [Ping timeout: 268 seconds]
02:21 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:21 -!- mode/#openvpn [+o mattock1] by ChanServ
02:27 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
02:38 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
02:39 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
02:47 -!- dmilith is now known as dmilith2
02:48 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
02:48 -!- dmilith2 is now known as dmilith
03:11 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:33 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 246 seconds]
03:43 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:45 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Quit: WeeChat 1.4-dev]
03:48 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:50 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
03:52 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:53 -!- ShadniX [dagger@p57941C21.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
03:54 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 246 seconds]
03:55 -!- ShadniX [dagger@p57941C21.dip0.t-ipconnect.de] has joined #openvpn
03:57 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
04:21 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 244 seconds]
04:26 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
04:30 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
04:32 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
04:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:11 -!- dazo_afk is now known as dazo
05:12 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:25 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:28 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
05:34 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:36 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
05:42 -!- JohnA [~John@dsl.198.58.168.177.ebox.ca] has quit [Ping timeout: 264 seconds]
05:43 -!- JohnA [~John@dsl.198.58.168.177.ebox.ca] has joined #openvpn
05:56 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:58 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
06:01 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:13 -!- JohnA [~John@dsl.198.58.168.177.ebox.ca] has quit [Ping timeout: 260 seconds]
06:15 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
06:37 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:40 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:41 -!- lykinsbd [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
06:46 -!- lykinsbd [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has quit [Read error: Connection reset by peer]
06:46 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has joined #openvpn
06:48 -!- lykinsbd_ [~lykinsbd@cpe-173-174-131-187.satx.res.rr.com] has quit [Client Quit]
06:57 -!- somis [~somis@167.160.44.206] has joined #openvpn
07:07 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
07:22 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:26 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
07:30 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 250 seconds]
07:37 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
07:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:57 -!- SpookyAww is now known as Aww
08:12 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:20 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:33 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:47 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:49 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
08:49 -!- cryptic1 is now known as cryptic1|afk
09:12 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has joined #openvpn
09:40 -!- madmattco [~quassel@znc.madboxes.cc] has quit [Ping timeout: 240 seconds]
09:50 -!- madmattco [~quassel@znc.madboxes.cc] has joined #openvpn
10:02 -!- bmwiedemann [~bmwiedema@opensuse/member/bmwiedemann] has left #openvpn []
10:11 -!- wedgeV [~wedge@static-100-37-113-30.nycmny.fios.verizon.net] has joined #openvpn
10:13 < wedgeV> hi, i'm running two openvpn servers which used to work fine. i think this might be related to mac os 10.11, i still have websites and eg: 'dig www.google.com' working fine, but 'dig +trace www.google.com' and a few other things just hang once connected to the VPN. i traced this back to all the stuck processes hanging at mdns_addrinfo
10:14 < wedgeV> i'm using tun over udp, but also tried tap and tcp, didn't help
10:20 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:34 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:38 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:42 -!- cryptic1|afk is now known as cryptic1
10:44 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:48 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
10:54 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
10:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:03 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
11:26 -!- shiriru [~shiriru@84.238.149.137] has quit [Ping timeout: 250 seconds]
11:34 -!- AMERICAN_PSYCHO [~AMERICAN_@209.54.35.99] has quit [Ping timeout: 255 seconds]
11:46 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
11:48 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has joined #openvpn
11:50 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has quit [Client Quit]
11:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
11:54 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has joined #openvpn
11:55 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:55 -!- mode/#openvpn [+o mattock1] by ChanServ
12:04 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
12:14 -!- toli [~toli@109.128.250.107] has joined #openvpn
12:14 -!- Harekiet [~harekiet@095-097-219-018.static.chello.nl] has quit [Quit: I brought my pogo stick just to show her a trick]
12:22 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:44 -!- AlmogBaku [~AlmogBaku@185.28.153.1] has joined #openvpn
12:46 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has quit [Ping timeout: 272 seconds]
12:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:00 -!- krthnz [~krthnz@unaffiliated/krthnz] has joined #openvpn
13:10 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 252 seconds]
13:10 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
13:16 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:27 -!- AlmogBaku [~AlmogBaku@185.28.153.1] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:27 -!- AlmogBaku [~AlmogBaku@185.28.153.1] has joined #openvpn
13:30 -!- AlmogBaku [~AlmogBaku@185.28.153.1] has quit [Client Quit]
13:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:33  * m3n3chm0 nasZ
13:55 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 264 seconds]
13:55 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
14:15 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
14:25 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:35 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
15:07 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:09 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
15:26 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:51 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
16:00 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:08 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
16:17 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
16:31 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:04 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:28 -!- Aww is now known as SuperSpookyAww
17:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
17:43 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
18:13 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
18:15 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
18:16 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
18:19 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 260 seconds]
18:19 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
18:26 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
18:28 -!- toli [~toli@109.128.250.107] has joined #openvpn
18:28 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 255 seconds]
18:36 -!- rich0__ is now known as rich0
18:39 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:16 -!- dmilith is now known as dmilith2
19:24 -!- f0cker [~f0cker@unaffiliated/f0cker] has joined #openvpn
19:28 -!- f0cker [~f0cker@unaffiliated/f0cker] has quit [Ping timeout: 240 seconds]
19:28 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
19:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
19:44 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit []
19:45 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
20:31 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
20:35 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 246 seconds]
20:35 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Remote host closed the connection]
20:37 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:42 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
20:42 -!- dazo is now known as dazo_afk
20:51 -!- toli [~toli@109.128.250.107] has joined #openvpn
20:52 -!- somis [~somis@167.160.44.206] has quit [Quit: Leaving]
20:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:56 -!- rojikku [~rojikku@50.252.94.249] has joined #openvpn
20:59 < rojikku> Okay. I setup my windows server at home as an openvpn server. I can ping it at 10.8.0.1 fine. Actually, testing it, I just got into my plex server on that IP address too. I uncommented a push, changed it to 192.168.0.0 to reflect my network. My client can't ping my modem on server network, or reach its webpage. It shows up in routes, with a gateway of 10.8.0.5 (Not sure why that IP. My client's IP is 10.8.0.6). What am I missing?
21:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:00 -!- ljvb [~jason@us.vps.vanbrecht.com] has joined #openvpn
21:01 < rojikku> I can't ping 10.8.0.5 either. But it's the gateway for 10.8.0.0 network, but I can reach my server fine...
21:45 < rojikku> YOU HAVE TO ENABLE INTERNET CONNECTION SHARING
21:45 -!- rojikku [~rojikku@50.252.94.249] has quit [Quit: Leaving]
21:56 -!- universalalt [~infiniteb@bas6-toronto47-1176199102.dsl.bell.ca] has joined #openvpn
21:56 < universalalt> Without using the bot
21:56 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 265 seconds]
21:56 < universalalt> Thu Oct 29 22:51:48 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
21:56 < universalalt> How do I fix that
21:56 < universalalt> WITHOUT POINTING ME TO THE WIKI OR A BOT
21:57 < universalalt> It's not giving an error
21:57 < universalalt> its just saying that
21:58 < universalalt> 02:53:27.165369 IP > openvpn: UDP, length 14
21:58 < universalalt> is tcpdump
22:02 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:10 -!- jefferai [sid1300@kde/mitchell] has quit [Read error: Connection reset by peer]
22:10 -!- dan_j [sid21651@gateway/web/irccloud.com/x-igdukrrvswnysnts] has quit [Read error: Connection reset by peer]
22:10 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-ycmkjtzerwdarrbs] has quit [Read error: Connection reset by peer]
22:17 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
22:18 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-hjksuxuywegnkqgs] has joined #openvpn
22:20 -!- dan_j [sid21651@gateway/web/irccloud.com/x-bkazwwjobqgldkno] has joined #openvpn
22:31 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
22:32 -!- Matir [~matir@ubuntu/member/matir] has quit [Remote host closed the connection]
22:35 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
22:38 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
23:07 < BrianBlaze420> universalalt: have you ever been able to connect to that vpn?
23:07 < BrianBlaze420> lol an hour later I respond :)
23:10 < universalalt> BrianBlaze420, nope
23:10 < BrianBlaze420> you can't ping because you are not connected
23:11 < BrianBlaze420> wrong window haha
23:11 < BrianBlaze420> but if I were you I would go over my set up with a fine tooth comb
23:11 < BrianBlaze420> make sure ports are open for sure
23:11 < BrianBlaze420> all that good stuff
23:12 < BrianBlaze420> what os?
23:13 < universalalt> BrianBlaze420, Debian
23:13 < universalalt> and it works
23:13 < universalalt> (the vps)
23:13 < universalalt> not vpn
23:14 < BrianBlaze420> u checked the ports
23:14 < BrianBlaze420> for sure?
23:14 < BrianBlaze420> :)
23:14 < BrianBlaze420> well the port
23:14 < BrianBlaze420> lol
23:14 < universalalt> yes
23:21 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
23:22 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 240 seconds]
23:22 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
23:58 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
--- Day changed Fri Oct 30 2015
00:12 -!- ShadniX [dagger@p57941C21.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:13 -!- ShadniX [dagger@p57941D5E.dip0.t-ipconnect.de] has joined #openvpn
00:18 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:48 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 250 seconds]
00:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:23 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
01:24 -!- universalalt [~infiniteb@bas6-toronto47-1176199102.dsl.bell.ca] has quit [Ping timeout: 272 seconds]
01:25 -!- shiriru [~shiriru@84.238.149.137] has quit [Remote host closed the connection]
01:27 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:44 -!- themayor [~themayor@unaffiliated/themayor] has quit [Quit: ZNC - http://znc.in]
01:49 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
01:49 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
01:50 < MayurYa> How does tun/tap tunnelled over ICMP, anyone tried exploring ICMP stack (carrying TCP and/or UDP).
02:00 -!- bcsmith2846 [6b5c3e42@gateway/web/freenode/ip.107.92.62.66] has joined #openvpn
02:03 < bcsmith2846> I am in need of some assistance. I am connecting to a CentOS VPS via SSH (PuTTY). On that VPS I have installed the openvpn client. I would like to be able to keep my SSH session alive while running said VPN. Here's the issue, with all of the solutions I've found I need to know my default gateway, but the VPS is running OpenVZ, so the default gateway is 0.0.0.0. Is there a way I can do this?
02:04 -!- wedgeV [~wedge@static-100-37-113-30.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds]
02:18 -!- bcsmith2846 [6b5c3e42@gateway/web/freenode/ip.107.92.62.66] has quit [Quit: Page closed]
02:20 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
02:27 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
02:35 < AlmogBaku> hi
02:35 -!- dmilith2 is now known as dmilith
02:35 < AlmogBaku> someone have a script that tests the server with multiple connections?
02:37 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
02:42 < AlmogBaku> found this https://community.openvpn.net/openvpn/wiki/PerformanceTesting
02:42 <@vpnHelper> Title: PerformanceTesting – OpenVPN Community (at community.openvpn.net)
02:46 -!- toli [~toli@109.128.250.107] has joined #openvpn
02:47 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:47 -!- mode/#openvpn [+o mattock1] by ChanServ
02:48 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:50 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
02:52 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
02:53 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Client Quit]
02:57 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
03:13 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
03:20 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
03:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:36 -!- mode/#openvpn [+o mattock1] by ChanServ
03:38 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:50 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Quit: WeeChat 1.4-dev]
03:51 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
04:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
04:13 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:23 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 246 seconds]
04:30 -!- dmilith is now known as dmilith2
04:31 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
04:32 -!- dmilith2 is now known as dmilith
04:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:02 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:06 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 255 seconds]
05:15 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
05:15 -!- dazo_afk is now known as dazo
05:16 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:16 -!- dazo is now known as dazo_afk
05:33 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
05:43 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:44 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
05:47 -!- petersaints [~petersain@a95-92-215-252.cpe.netcabo.pt] has quit [Quit: I'll be back!]
05:56 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
06:03 -!- dazo_afk is now known as dazo
06:10 -!- jafa [~jafa@2001:470:80ca:2000:e83d:1:78ec:ba7f] has quit [Ping timeout: 240 seconds]
06:14 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:15 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
06:34 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
06:35 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:56 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:01 -!- cmtptr [~corey@71.59.19.88] has left #openvpn []
07:06 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
07:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:11 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
07:12 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
07:13 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Ping timeout: 244 seconds]
07:13 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
07:16 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:24 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:45 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 256 seconds]
07:48 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
07:56 -!- somis [~somis@167.160.44.206] has joined #openvpn
08:02 -!- love-geek [~jas@ns360088.ip-91-121-162.eu] has joined #openvpn
08:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:26 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
08:26 < phutchins> lo
08:26 < phutchins> is it possible to do ldap authentication with fallback of key auth?
08:30 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:30 -!- mode/#openvpn [+o mattock1] by ChanServ
08:31 -!- sarkofag [~sark@naas.io] has joined #openvpn
08:38 <@ecrist> phutchins: yes
08:38 <@ecrist> it would involve you writing a script yourself to do such, though.
08:42 -!- sarkofag [~sark@naas.io] has quit [Ping timeout: 260 seconds]
08:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
08:47 -!- love-geek [~jas@ns360088.ip-91-121-162.eu] has quit []
08:48 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 246 seconds]
08:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:51 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
08:53 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bjinvdpmqnimszod] has quit [Quit: Connection closed for inactivity]
09:01 < phutchins> Ah gotcha.
09:01 < phutchins> So I got key auth working jsut fine. Now i'm trying to get ldap auth workijng
09:01 < phutchins> I keep getting an error, "Unable to enable STARTTLS: Can't contact LDAP server"
09:01 < phutchins> But... i've tested it via ldap search on command line with the same params and it works just fine :-\
09:02 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 240 seconds]
09:02 < phutchins> Is there something funny I nee dto do with the URL or TLSEnable ? I have ldap://myldapserver.com
09:02 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
09:02 < phutchins> i've tried ldaps://... but that doesn't seem to work either
09:02 <@ecrist> phutchins: this is really outside the scope of openvpn
09:02 <@ecrist> your issue is with your ldap calls, not really openvpn
09:02 < phutchins> well it's an open vpn plugin :)
09:03 < phutchins> it would be a problem with ldap calls if the ldapsearch failed
09:03 < phutchins> but it doesn't
09:03 < phutchins> its openvpn plugin failing to create an ssl connection to the ldap server
09:03 < phutchins> Was just hoping someone had used the openvpn ldap auth plugin
09:03 < phutchins> and m ight have some insight... I've seen others with the same error while googling but no resolution other than them creating their own script
09:04 <@ecrist> what is in your openvpn config?
09:04 <@ecrist> do you have an auth ldap config file?
09:05 < phutchins> I do. let me pastebin them to make it easier
09:07 < phutchins> ecrist: http://pastebin.com/A4RyM1XJ <- auth-ldap.conf
09:07 < phutchins> And the important part of server.conf is...
09:07 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 244 seconds]
09:07 < phutchins> plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
09:07 < phutchins> client-cert-not-required
09:08 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
09:08 <@ecrist> I asked for your openvpn config
09:09 <@ecrist> ah, I see your issue.  ldap.provider.com doesn't resolve to anything.
09:12 <@ecrist> also, you're not going to want to use the plugin in that way.
09:12 <@ecrist> otherwise, if a user doesn't exist, there's no way to say "try" just a yes/no
09:12 <@ecrist> so, you'll want to handle this with a client-connect script that can do the LDAP auth request
09:13 <@ecrist> if that fails, then the script can determine if the user is using an SSL certificate and key and, if so, allow the connection.
09:14 < phutchins> ecrist: i changed that becuase I don't want to expose my provider... (the ldap.provider.com)
09:14 < phutchins> ecrist: so I found this: http://serverfault.com/questions/333426/openvpn-plugin-openvpn-auth-ldap-does-not-bind-to-active-directory
09:14 <@vpnHelper> Title: Openvpn plugin openvpn-auth-ldap does not bind to Active Directory - Server Fault (at serverfault.com)
09:14 < phutchins> is this something like what you're talking about?
09:15 <@ecrist> phutchins: I'm aware of why you changed it.  Generally, aside from passwords and keys, it's detrimental to assitance to hide such details.
09:15 <@ecrist> !topsecret
09:15 <@vpnHelper> "topsecret" is (#1) if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. or (#2) Clever readers may attempt to use RFC5737/RFC3849 to represent arbitrary public IPs one wishes to hide. Unclever attempts may be ignored with prejudice.
09:15 < phutchins> ecrist: i totally understand, but the more you expose, the more attack vectors are left laying around...
09:16 <@ecrist> and the less likely I am to help you.
09:16 < phutchins> :)
09:16 < phutchins> well i appreciate your help so I'll post it once more...
09:16 <@ecrist> regarldess, to do what you want you shouldn't use the ldap plugin anyhow.
09:17 <@ecrist> (the provider in this case is irrelevant)
09:18 < phutchins> ecrist: ok cool, which is what I thought. So, is there a generally accepted script to do this? I assume there are tons of people out there doing the same thing...
09:18 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
09:18 <@ecrist> not tons, no.
09:19 <@ecrist> usually it's cert + auth or just one or the other
09:19 < phutchins> gotcha.
09:19 <@ecrist> !book
09:19 <@vpnHelper> "book" is (#1) http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2! or (#2) Jan and Eric's Mastering OpenVPN: https://www.packtpub.com/networking-and-servers/mastering-openvpn
09:19 <@ecrist> those both have good examples. :)
09:20 < phutchins> Heh no time to grab a book at the moment... But thanks. I'll add them to the wishlist
09:26 <@ecrist> they're available as ebooks.
09:45 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-voxdfbxygcpqhlvy] has joined #openvpn
10:06 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 250 seconds]
10:06 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has joined #openvpn
10:12 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Ping timeout: 264 seconds]
10:33 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:39 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
10:58 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 240 seconds]
11:00 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
11:08 < phutchins> ecrist: found the ebook and used it to write a script. all is well now! thanks for the help
11:12 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:13 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:15 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
11:16 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 265 seconds]
11:24 -!- toli [~toli@109.128.250.107] has joined #openvpn
11:42 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 268 seconds]
11:53 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
11:53 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-voxdfbxygcpqhlvy] has quit [Quit: Connection closed for inactivity]
11:57 -!- mystica555 [~mystica55@2602:61:7660:1200:be96:ee4e:66cb:f6ca] has quit [Ping timeout: 240 seconds]
12:02 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:10 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
12:16 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
12:17 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
12:21 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
12:26 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 272 seconds]
12:43 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
12:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
12:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:58 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
13:03 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 252 seconds]
13:32 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:33 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
13:41 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
13:49 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:50 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
13:50 -!- toli [~toli@109.128.250.107] has joined #openvpn
13:51 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
13:52 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:00 -!- toli [~toli@109.128.250.107] has joined #openvpn
14:10 -!- cryptic1 is now known as notfelda2
14:11 -!- notfelda2 is now known as cryptic1
14:20 -!- lordvadr [~lordvadr@jose-tc.ctc.biz] has quit [Read error: Connection reset by peer]
14:24 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
14:26 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Read error: Connection reset by peer]
14:33 -!- toli [~toli@109.128.250.107] has joined #openvpn
14:41 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
14:44 -!- mystica555 [~mystica55@2602:61:76a7:2200:6f1f:1d77:5b0d:d617] has joined #openvpn
14:50 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:06 -!- noecc [~irc@unaffiliated/noecc] has quit [Remote host closed the connection]
15:06 -!- redpill [~redpill@unaffiliated/redpill] has joined #openvpn
15:08 -!- redpill [~redpill@unaffiliated/redpill] has quit [Max SendQ exceeded]
15:16 -!- mystica555 [~mystica55@2602:61:76a7:2200:6f1f:1d77:5b0d:d617] has quit [Ping timeout: 246 seconds]
15:28 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:36 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
15:39 -!- somis [~somis@167.160.44.206] has quit [Quit: Leaving]
15:43 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:44 -!- mystica555 [~mystica55@2602:61:76ad:fa00:f091:ea09:6f78:96ee] has joined #openvpn
15:45 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:45 -!- somis [~somis@167.160.44.197] has joined #openvpn
15:53 -!- mystica555 [~mystica55@2602:61:76ad:fa00:f091:ea09:6f78:96ee] has quit [Ping timeout: 246 seconds]
15:54 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:56 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
16:04 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:05 -!- dazo is now known as dazo_afk
16:07 -!- mystica555 [~mystica55@2602:61:76b3:9f00:cad1:edb1:292c:9b7] has joined #openvpn
16:11 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
16:16 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
16:32 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
16:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 268 seconds]
16:42 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Read error: Connection reset by peer]
16:43 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
16:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
16:47 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Reboot? Or did my jail(8) just die?]
16:49 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
16:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:53 -!- toli [~toli@109.128.250.107] has joined #openvpn
17:00 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
17:03 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
17:22 -!- toli [~toli@109.128.250.107] has quit [Ping timeout: 246 seconds]
17:26 -!- toli [~toli@109.128.250.107] has joined #openvpn
17:27 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
17:45 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
17:56 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
18:00 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
18:04 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 250 seconds]
18:04 -!- toli [~toli@109.128.250.107] has joined #openvpn
18:11 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
18:19 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit []
18:20 -!- toli [~toli@109.128.250.107] has joined #openvpn
18:27 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:30 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
18:30 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
18:33 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Read error: No route to host]
18:37 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
18:38 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 240 seconds]
18:39 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
18:40 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
18:40 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
18:41 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Read error: No route to host]
18:45 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has joined #openvpn
18:50 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
18:59 -!- toli [~toli@109.128.250.107] has joined #openvpn
19:11 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 255 seconds]
19:16 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
19:21 -!- AlmogBaku [~AlmogBaku@bzq-79-178-133-130.red.bezeqint.net] has quit [Ping timeout: 268 seconds]
19:24 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
19:35 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
19:37 -!- showaz [~showaz@unaffiliated/showaz] has quit []
19:47 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
19:55 -!- AlmogBak_ [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
19:57 -!- AlmogBak_ [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Client Quit]
19:58 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Ping timeout: 250 seconds]
20:02 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
20:03 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Client Quit]
20:19 -!- vane- [~vane-@static-108-4-93-178.rcmdva.fios.verizon.net] has quit [Ping timeout: 252 seconds]
20:20 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
20:20 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
20:38 -!- toli [~toli@109.128.250.107] has quit [Ping timeout: 246 seconds]
20:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
20:49 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
20:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:55 -!- toli [~toli@109.128.250.107] has joined #openvpn
21:24 -!- somis [~somis@167.160.44.197] has quit [Quit: Leaving]
21:27 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
21:39 -!- SuperSpookyAww is now known as TheGhostOfAww
21:45 -!- hendry [~hendry@sg.dabase.com] has joined #openvpn
21:47 < hendry> i use auth-user-pass pass.txt with my /etc/openvpn under linux, but on OSX, I can't see seem to get pass.txt found by Tunnelblick. So how do I embed username and password into the .ovpn file?
21:53 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 260 seconds]
21:53 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 268 seconds]
21:56 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
21:57 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
22:03 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:09 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 265 seconds]
22:18 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
22:19 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Client Quit]
22:20 -!- Uranio [~Uranio@euro217.vpnbook.com] has joined #openvpn
22:25 -!- Uranio [~Uranio@euro217.vpnbook.com] has quit [Read error: Connection reset by peer]
22:25 -!- Uranio-235 [~Uranio@euro217.vpnbook.com] has joined #openvpn
22:30 -!- Uranio-235 [~Uranio@euro217.vpnbook.com] has quit [Ping timeout: 250 seconds]
22:43 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 260 seconds]
22:44 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
22:46 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
22:51 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 244 seconds]
22:54 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 260 seconds]
23:01 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
23:04 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:12 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
23:18 -!- mystica555 [~mystica55@2602:61:76b3:9f00:cad1:edb1:292c:9b7] has quit [Ping timeout: 246 seconds]
23:19 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has joined #openvpn
23:20 < lindylex> I am trying to get OpenVPN to list hosttnames of computer in Network Places
23:21 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Quit: /quit]
23:21 < lindylex> I have had no success.  I can ping the ip and the hostname of the computer but they are not listed in Network Places
23:22 -!- mystica555 [~mystica55@2602:b8:6099:3c00:fa19:ad88:dc96:9db2] has joined #openvpn
23:23 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 246 seconds]
23:29 -!- noobineer [~noc@2601:401:8000:3022:d409:268:c298:b145] has joined #openvpn
23:36 -!- mystica555 [~mystica55@2602:b8:6099:3c00:fa19:ad88:dc96:9db2] has quit [Ping timeout: 246 seconds]
23:39 -!- hendry [~hendry@sg.dabase.com] has left #openvpn []
23:39 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
23:40 -!- mystica555 [~mystica55@2602:b8:609d:9d00:99ec:d706:2d41:b396] has joined #openvpn
23:42 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Remote host closed the connection]
23:42 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 240 seconds]
23:43 -!- chamunks [chamunks@entityreborn.com] has quit [Max SendQ exceeded]
23:43 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 264 seconds]
23:44 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
23:44 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
23:47 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
23:48 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
--- Day changed Sat Oct 31 2015
00:02 -!- noobineer [~noc@2601:401:8000:3022:d409:268:c298:b145] has quit [Remote host closed the connection]
00:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:10 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
00:10 -!- ShadniX [dagger@p57941D5E.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:12 -!- ShadniX [dagger@p5481C69C.dip0.t-ipconnect.de] has joined #openvpn
00:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:34 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 240 seconds]
00:38 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
00:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:46 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has quit [Quit: Leaving]
00:49 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
00:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
00:57 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:18 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
01:24 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 240 seconds]
01:46 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
01:50 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
02:05 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 260 seconds]
02:06 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:09 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Client Quit]
02:12 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 250 seconds]
02:15 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
02:30 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 240 seconds]
02:32 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
02:37 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 255 seconds]
02:38 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
02:41 -!- mystica555_ [~mystica55@2602:47:da14:e600:9ea5:169:3fd8:c45f] has joined #openvpn
02:43 -!- mystica555 [~mystica55@2602:b8:609d:9d00:99ec:d706:2d41:b396] has quit [Ping timeout: 246 seconds]
02:51 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Ping timeout: 250 seconds]
02:54 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:54 -!- mode/#openvpn [+o mattock1] by ChanServ
03:14 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:28 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
03:32 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:32 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 246 seconds]
03:41 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
03:42 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:11 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
04:20 -!- toli [~toli@109.128.250.107] has joined #openvpn
04:26 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
04:28 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
04:34 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:35 -!- toli [~toli@109.128.250.107] has joined #openvpn
04:49 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:55 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
04:55 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
05:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:22 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
05:27 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
05:27 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 264 seconds]
05:42 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
05:49 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 255 seconds]
05:50 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
05:52 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
05:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
06:01 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
06:01 -!- toli [~toli@109.128.250.107] has joined #openvpn
06:02 -!- dmilith is now known as dmilith2
06:02 -!- dmilith2 is now known as dmilith
06:02 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:25 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 256 seconds]
06:28 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
06:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:12 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
07:12 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
07:13 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
07:23 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
07:38 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 260 seconds]
08:04 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:07 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
08:53 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:02 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
09:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:12 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
09:15 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
09:18 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
09:19 -!- somis [~somis@167.160.44.197] has joined #openvpn
09:46 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:03 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
10:42 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
10:43 -!- biax_ [~biax@unaffiliated/biax] has joined #openvpn
10:45 < biax_> hi i dont have a clear picture how openvpn works, im following a guide. using easy-rsa, i build-ca , cert key, server cert, and client key and so on.. is it ok for them to all use the same PEM passphrase? i dont even know waht the PEM passphrase is for
10:49 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:51 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
11:01 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:04 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
11:07 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Client Quit]
11:30 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Ping timeout: 240 seconds]
11:38 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
11:43 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-pwedfmpceafphrsb] has quit [Ping timeout: 240 seconds]
11:44 -!- barq [sid103986@gateway/web/irccloud.com/x-bgwfziuyorjeozms] has quit [Ping timeout: 240 seconds]
11:44 -!- jem^ [~jason@beastie.b0rken.org] has quit [Ping timeout: 240 seconds]
11:45 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 240 seconds]
11:45 -!- Savemech [Savemech@gateway/shell/firrre/x-wuiqakhqpvobavxe] has quit [Ping timeout: 240 seconds]
11:45 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
11:45 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 240 seconds]
11:45 -!- n-st [~n-st@unaffiliated/n-st] has quit [Ping timeout: 240 seconds]
11:46 -!- barq [sid103986@gateway/web/irccloud.com/x-srvddtlqikkyzkuk] has joined #openvpn
11:47 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
11:48 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
11:48 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-bywjelblyipxowbd] has joined #openvpn
11:50 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
11:54 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
11:57 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
12:11 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
12:14 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
12:14 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
12:17 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:18 -!- mme [mme@moebius3.space.net] has joined #openvpn
12:18 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
12:27 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 272 seconds]
12:29 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
12:31 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
12:38 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 256 seconds]
12:40 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
12:41 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
12:41 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
12:49 -!- Savemech [Savemech@gateway/shell/firrre/x-ncsodcnybomfqxle] has joined #openvpn
13:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
13:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:17 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:18 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
13:28 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:29 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:31 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
13:50 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
14:17 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:18 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:18 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has joined #openvpn
14:20 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
14:24 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:26 -!- kuroro [~kuroro@69.165.253.74] has joined #openvpn
14:29 -!- AlmogBaku [~AlmogBaku@bzq-79-176-100-137.red.bezeqint.net] has quit [Quit: C'ya (www.rimoto.com)]
14:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
14:49 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:50 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:52 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:10 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:16 -!- strongenc [25a06c7d@gateway/web/freenode/ip.37.160.108.125] has joined #openvpn
15:16 < strongenc> !welcome
15:16 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:16 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:18 < strongenc> !goal
15:18 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:21 -!- mode/#openvpn [+o Eugene] by ChanServ
15:30 < strongenc> Good evening, I would like to be able to choose which program to use the VPN or not.
15:32 < strongenc> (I tried using the firewall of windows, blocking the soft for the private/domain networks and allowing it for the public networks)
15:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:32 < strongenc> But I haven't been able to make it work with Steam
15:32 < strongenc> Do you know a way to make it work ?
15:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:37 <@Eugene> !routebyapp
15:37 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on defined
15:37 <@vpnHelper> policies you set. For Linux, read about !lartc
15:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:42 < strongenc> Does it work with udp traffic as well ?
15:44 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 260 seconds]
15:47 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
15:54 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 246 seconds]
15:59 < strongenc> Thanks a lot for your help ! Good bye !
16:00 -!- strongenc [25a06c7d@gateway/web/freenode/ip.37.160.108.125] has quit []
16:06 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Quit: Bye bye.]
16:12 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
16:13 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
16:13 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
16:18 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
16:21 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Client Quit]
16:23 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
16:28 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 250 seconds]
16:38 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
16:43 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 272 seconds]
16:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:02 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
17:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
17:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
17:10 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 252 seconds]
17:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:12 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 240 seconds]
17:16 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
17:44 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 250 seconds]
17:51 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
18:09 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:11 -!- biax_ [~biax@unaffiliated/biax] has quit [Ping timeout: 255 seconds]
18:15 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:25 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
18:31 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 268 seconds]
18:32 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Read error: Connection reset by peer]
18:33 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
19:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
19:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
19:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:09 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
19:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
19:10 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
19:19 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
19:25 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
19:51 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:04 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
20:09 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
20:49 -!- toli [~toli@109.128.250.107] has quit [Quit: ZNC - http://znc.in]
20:51 -!- somis [~somis@167.160.44.197] has quit [Quit: Leaving]
20:58 -!- toli [~toli@109.128.250.107] has joined #openvpn
20:58 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Read error: Connection reset by peer]
20:59 -!- shndns [~mdoyle@104.140.58.4] has joined #openvpn
21:00 < shndns> How could I start openvpn without root privileges? Like so that my users can start it without running sudo. I feel like I'm missing something very simple. This is related to fedora .
21:04 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
21:06 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
21:34 -!- shndns [~mdoyle@104.140.58.4] has left #openvpn ["Leaving"]
21:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
21:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:46 -!- mystica555_ [~mystica55@2602:47:da14:e600:9ea5:169:3fd8:c45f] has quit [Ping timeout: 240 seconds]
21:47 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
21:47 -!- mystica555_ [~mystica55@2602:ae:1072:1f00:4b5f:7c41:a525:643c] has joined #openvpn
21:49 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
21:57 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 244 seconds]
22:03 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:03 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:10 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
22:32 -!- Ultima [~Ultima@unaffiliated/ultima] has joined #openvpn
22:33 < Ultima> is there a setting for a server to push that will cause issues for the client's server?
22:42 -!- Ultima [~Ultima@unaffiliated/ultima] has quit [Ping timeout: 240 seconds]
22:43 -!- Ultima [~Ultima@unaffiliated/ultima] has joined #openvpn
22:43 < Ultima> I figured it out, --pull
23:14 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:24 -!- Ultima [~Ultima@unaffiliated/ultima] has quit [Ping timeout: 240 seconds]
23:30 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
--- Day changed Sun Nov 01 2015
00:08 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 265 seconds]
00:08 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
00:09 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
00:09 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
00:09 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Client Quit]
00:09 -!- ShadniX [dagger@p5481C69C.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:10 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
00:10 -!- ShadniX [dagger@p5481C657.dip0.t-ipconnect.de] has joined #openvpn
00:13 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 256 seconds]
00:13 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
00:13 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 240 seconds]
00:14 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
00:14 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Ping timeout: 268 seconds]
00:15 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has quit [Ping timeout: 272 seconds]
00:16 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
00:17 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 260 seconds]
00:19 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
00:23 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has joined #openvpn
00:24 -!- mystica555 [~mystica55@2602:b8:6085:7100:6b99:8e23:21f:41ff] has joined #openvpn
00:25 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:26 -!- mystica555_ [~mystica55@2602:ae:1072:1f00:4b5f:7c41:a525:643c] has quit [Ping timeout: 246 seconds]
00:28 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 264 seconds]
00:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:28 -!- skyroveRR_ is now known as skyroveRR
00:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:31 -!- biax [~biax@unaffiliated/biax] has joined #openvpn
00:31 < biax> hi, my server is using TAP..... will my client need tap too? ;dev-node MyTap <-- if so, im wondering where i specify/obtain the tap name
00:33 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
00:34 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
00:39 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
00:40 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 256 seconds]
00:47 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has joined #openvpn
00:48 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:49 -!- skyroveR- [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:51 -!- skyroveR- is now known as skyroveRR
00:52 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:04 -!- TheGhostOfAww is now known as Aww
01:41 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:42 -!- dcarmich [~dcarmich@c-73-22-88-72.hsd1.il.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
01:47 -!- mystica555_ [~mystica55@2602:b8:6092:6200:bc90:5150:5bf4:b84a] has joined #openvpn
01:47 -!- mystica555 [~mystica55@2602:b8:6085:7100:6b99:8e23:21f:41ff] has quit [Ping timeout: 246 seconds]
01:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:08 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
01:17 -!- toli [~toli@109.128.250.107] has joined #openvpn
01:19 -!- seravitae [~lina@60-240-192-119.static.tpgi.com.au] has quit [Quit: Leaving]
02:22 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
02:56 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:56 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Quit: Konversation terminated!]
02:59 -!- JackWinter [~jack@vodsl-8284.vo.lu] has joined #openvpn
03:10 -!- abbe [having@badti.me] has quit [Ping timeout: 246 seconds]
03:13 -!- abbe [having@badti.me] has joined #openvpn
03:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:25 -!- mode/#openvpn [+o mattock1] by ChanServ
04:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
04:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:24 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
04:29 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
04:34 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:34 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:36 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
04:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
04:41 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:45 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
04:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
04:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
04:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:50 -!- mode/#openvpn [+o mattock1] by ChanServ
04:51 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 268 seconds]
04:52 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:57 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
04:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:11 -!- andreaslindeboom [~andreasli@a83-162-248-144.adsl.xs4all.nl] has joined #openvpn
05:13 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 250 seconds]
05:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
05:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:18 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
06:19 < Nomads> How come when I am using OpenVPN I am subject to WebRTC but while I'm on an SoftEther webrtc doesn't affect me? Is there a fix to this server-side?
06:24 < mystica555_> webrtc is not a throttling mechanism?
06:25 < mystica555_> or perhaps re-state the question differently
06:27 < andreaslindeboom> !welcome
06:27 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
06:27 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
06:27 < Nomads> mystica555_, do you know of webrtc leaks which shows your real ip address to sites using webrtc? When I use OpenVPN, my real ip is shown to those. When I use l2tp, they can't reveal my real ip.
06:27 < andreaslindeboom> !route
06:27 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the
06:27 <@vpnHelper> server or client
06:27 < Nomads> I was wondering if there was a config fix or something for that.
06:28 < mystica555_> there might be. the question becomes, how does the routing table look with l2tp vs with openvpn?
06:29 < mystica555_> do you still have random default routes or dns routing through the original isp and not the tunnel perhaps?
06:30 < Nomads> Checking
06:33 < Nomads> This is the routing table. https://paste.ee/p/Pal6X  I'm checking now as well
06:37 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
06:38 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
06:44 < Nomads> Found it... "route change 0.0.0.0 mask 0.0.0.0 10.8.4.1 metric 2" this command changed the default gateway and stopped my real ip from being shown.
06:44 < Nomads> Now how do I push this to windows clients :d
06:45 < andreaslindeboom> !serverlan
06:45 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
06:46 -!- teraflops [~teraflops@erebor.teraflops.info] has joined #openvpn
06:48 < andreaslindeboom> !route_outside_openvpn
06:48 <@vpnHelper> "route_outside_openvpn" is (#1) If your server is not the default gateway for the LAN, you will need to add routes to your gateway. See ROUTES TO ADD OUTSIDE OPENVPN in !route or (#2) Here are 2 diagrams that explain how this works: http://www.secure-computing.net/wiki/index.php/Graph http://i.imgur.com/BM9r1.png
06:50 < teraflops> hi, how do I troubleshoot a (I believe so) routing issue? openvpn server in bridge mode, from whatever remote lan I do the client I can access the local vpn machines and services, but when using 3g/4g connection I can ping local resources but cannot access them as in http://192.168.blah.blah/, thanks in advance
06:52 < teraflops> the weird thing is that I also can connect the local sip account and it does work as intended, but I cannot acces local http servers I mean when in 3g/4g
06:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
06:56 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
07:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:02 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
07:04 < andreaslindeboom> !route
07:05 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the
07:05 <@vpnHelper> server or client
07:05 < andreaslindeboom> !clientlan
07:05 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see
07:05 <@vpnHelper> !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
07:05 < andreaslindeboom> !route
07:05 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the
07:05 <@vpnHelper> server or client
07:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:08 < Nomads> Not helping.
07:20 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
07:24 < andreaslindeboom> How do I troubleshoot the following problem? I am trying to set up an OpenVPN server on a DigitalOcean instance (Ubuntu 15.04) to connect to my other hosts over private network (rest of the traffic should not go over VPN). I do not have access to the private network gateway.
07:24 < andreaslindeboom> I have read the pages suggested by !route and everything that follows it, but can not place my problem into context.
07:24 < andreaslindeboom> Server/client configuration, routes, ip_forward settings, and iptables output can be found here: https://gist.github.com/andreaslindeboom/d58f4333dd07bd72d3f8
07:24 < andreaslindeboom> I can connect to the OpenVPN server and I can ping it at 10.8.0.1. However, I can not reach a second host via OpenVPN. When pinging the second host by its private IP, tcpdump output on the server is what I would expect:
07:24 < andreaslindeboom> - packets hit tun0 (IP 10.8.0.6 > 10.133.x.y: ICMP echo request, id 42428, seq 1, length 64)
07:24 < andreaslindeboom> - and then eth1, which is the private network facing interface (IP 10.8.0.6 > 10.133.x.y: ICMP echo request, id 42428, seq 1, length 64)
07:24 < andreaslindeboom> However, the traffic never reach the second host, even though I can ping the second host from the server.
07:24 < andreaslindeboom> The problem that I would expect, is that the packet DOES arrive at the second host, but it doesn't know how to return it to the originating IP. (as it doesn't know how to route to the VPN LAN (10.8.0.0/24))
07:24 < andreaslindeboom> Instead, it never reaches the second host, so I'm at a loss as to how to take this further.
07:24 <@vpnHelper> Title: OpenVPN setup · GitHub (at gist.github.com)
07:26 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
07:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:48 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:49 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:53 < andreaslindeboom> !interface
07:53 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) For Windows: iface: 'ipconfig /all' routing: 'route print' (add -4 or -6 for just IPv4 or v6) or (#3) For Unix: iface: 'ifconfig -a' routing: 'netstat -rn' or (#4)
07:53 <@vpnHelper> For Linux: iface: 'ip a' routing: 'ip r' (use ip -6 for IPv6 routes)
07:53 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:54 < andreaslindeboom> !tcpip
07:54 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know
08:01 -!- teraflops [~teraflops@erebor.teraflops.info] has left #openvpn ["WeeChat 1.3"]
08:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:28 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
08:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
08:57 -!- somis [~somis@167.160.44.197] has joined #openvpn
09:21 -!- JackWinter [~jack@vodsl-8284.vo.lu] has quit [Ping timeout: 250 seconds]
09:41 -!- somis [~somis@167.160.44.197] has quit [Quit: Leaving]
10:00 -!- somis [~somis@167.160.44.215] has joined #openvpn
10:04 -!- mystica555_ [~mystica55@2602:b8:6092:6200:bc90:5150:5bf4:b84a] has quit [Ping timeout: 246 seconds]
10:18 -!- mystica555_ [~mystica55@2602:4b:a671:6900:92b3:d494:9f22:671e] has joined #openvpn
10:38 -!- andreaslindeboom [~andreasli@a83-162-248-144.adsl.xs4all.nl] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
10:38 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 252 seconds]
10:38 -!- Uranio [~Uranio@euro214.vpnbook.com] has joined #openvpn
10:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:42 < Exagone313> Hi, are you aware of any issue with openvpn port share with a TLS 1.2 connection?
10:44 <@syzzer> Exagone313: no, I'm not.  In fact, I'm using port-share with TLS 1.2 just fine.
10:46 < Exagone313> I have https port share, and owncloud has a ssl error, and someone tried tor eproduce it without openvpn, and nothing happens
10:46 < Exagone313> reproduce*
10:46 < Exagone313> it could be an issue of apache2, openssl or openvpn
10:47 < Exagone313> we will try more things to know what is concerned
10:48 <@syzzer> yes, could be some interaction problem
10:48 <@syzzer> I'm using port-share on 443 too
10:48 <@syzzer> both openvpn and apache2 are capable of doing tls 1.2
10:48 <@syzzer> so it should at least be possible to make it work :)
10:50 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
10:54 -!- mystica555_ [~mystica55@2602:4b:a671:6900:92b3:d494:9f22:671e] has quit [Ping timeout: 240 seconds]
10:54 -!- mystica555_ [~mystica55@75-166-121-112.hlrn.qwest.net] has joined #openvpn
10:57 -!- Uranio [~Uranio@euro214.vpnbook.com] has quit [Quit: Leaving]
10:59 -!- MikeH__ [~mystica55@2602:4b:a67b:600:6c36:63ec:a056:83d4] has joined #openvpn
11:02 -!- mystica555_ [~mystica55@75-166-121-112.hlrn.qwest.net] has quit [Ping timeout: 255 seconds]
11:10 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 240 seconds]
11:30 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
11:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
11:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:46 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Quit: Bye bye.]
11:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
11:56 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
11:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:03 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
12:07 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
12:10 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
12:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:28 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:27 <@Eugene> !noenc
13:27 <@vpnHelper> "noenc" is (#1) if you're going to disable encryption, you might as well build a GRE tunnel or (#2) Reference --cipher in the manpage (--auth may also be useful to review)
13:28 <@Eugene> !gigabit
13:28 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
13:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
13:30 -!- somis [~somis@167.160.44.215] has quit [Quit: Leaving]
13:32 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
13:32 -!- Uranio [~Uranio@37.48.86.168] has joined #openvpn
13:39 -!- Uranio [~Uranio@37.48.86.168] has quit [Ping timeout: 256 seconds]
13:40 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
13:42 < f31n> hi there, i've got an issue with mac clients - they get the dns server pushed through but can not access any other domain from the internet except the pushed ones.
13:48 -!- Uranio [~Uranio@free-03.protectednetgroup.com] has joined #openvpn
13:59 < f31n> found the problem- viscosity has a problem with the dns cache it doesn't clear the cache
13:59 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has left #openvpn []
14:07 -!- Uranio [~Uranio@free-03.protectednetgroup.com] has quit [Quit: Leaving]
14:09 -!- andreaslindeboom [~andreasli@ip51cf92ac.direct-adsl.nl] has joined #openvpn
14:12 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
14:16 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
14:25 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
14:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:39 -!- andreaslindeboom [~andreasli@ip51cf92ac.direct-adsl.nl] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
14:44 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 256 seconds]
14:44 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
14:45 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:49 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
14:50 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:50 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:55 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
14:56 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:56 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
15:01 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
15:02 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:06 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
15:18 -!- MikeH__ is now known as mystica555
15:20 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:27 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
15:29 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:31 -!- Ganymed [daniel@mkc1.xcx.cc] has joined #openvpn
15:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
15:55 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:57 < Nomads> Asking again, is there a way to configure openvpn to not leak the real ip when WebRTC calls for it? L2TP connections does it, openvpn leaks the real ip. How can I prevent it openvpn-side?
15:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:59 < Ganymed> Nomads: OS?
16:00 < Nomads> Client: Windows 8, Server pfSense/BSD
16:00 < Ganymed> not possible.
16:00 < Nomads> With OpenVPN you mean...
16:00 < Ganymed> client on *nix, use tun unstead of tap, on win, you're out of options (for now?)
16:03 < Nomads> Actually, I found out that when I manually run this command once the tunnel starts, it works. But I couldn't figure out how to push it
16:03 < Nomads> Command: "route change 0.0.0.0 mask 0.0.0.0 10.8.4.1 metric 2" notice the change?
16:04 < Ganymed> beware that mitigations might not work with every software you use, afaik chrome still leaks your IP when using webrtc.
16:06 < Nomads> There's an extension called "WebRTC Block" for that but I don't want to use other software. When I run that command on an elevated windows command line, it does work. "route add" doesn't work though
16:08 < Nomads> If I could only send a route change command...
16:10 < Ganymed> route delete / route add in the ifup script on win client side? just a guess, I've never fiddled with openvpn for win, just *nix.
16:22 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:28 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
16:46 < Nomads> Ganymed, I think I found a dirty way. It's not ideal but...
16:47 < Nomads> Turns out openvpn gui runs any bat files on windows if there's XXX_preup.bat XXX_up.bat XXX_down.bat in the same folder. Adding the route change command there did the trick.
16:47 < Ganymed> "... runs *any* .bat files" is something to keep in mind :)
16:48 < Nomads> not "any" (: configfile.ovpn configfile_up.bat kinda
16:49 < Nomads> http://openvpn.se/install.txt
16:50 < Nomads> But still, if I could've just add it in the ovpn file, it'ld have same me from any hassles :D
16:53 -!- u0m3 [~u0m3@89.120.204.99] has quit [Read error: Connection reset by peer]
17:01 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 252 seconds]
17:07 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:31 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
18:09 < dimm0k> booyeah!!
18:09 < dimm0k> booyeah!!
18:24 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Excess Flood]
18:25 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
18:37 -!- s7r [~s7r@openvpn/user/s7r] has quit [Read error: Connection reset by peer]
18:38 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
18:38 -!- mode/#openvpn [+v s7r] by ChanServ
18:44 -!- somis [~somis@167.160.44.215] has joined #openvpn
19:11 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
19:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:08 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
20:23 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
20:26 -!- xone [~xone@194.187.250.198] has joined #openvpn
20:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
20:44 -!- xone [~xone@194.187.250.198] has quit [Ping timeout: 256 seconds]
20:48 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
20:58 -!- xone [~xone@118.208-231-199.rdns.scalabledns.com] has joined #openvpn
21:00 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: Textual IRC Client: www.textualapp.com]
21:05 -!- somis [~somis@167.160.44.215] has quit [Quit: Leaving]
21:18 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: brb]
21:18 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:19 < xone> !welcome
21:19 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
21:19 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:23 < xone> I'm here to pull a few of the bot [!] intro stuff.  Plan to view a few of them right now, as this seems to be a quiet time.
21:24 < xone> Let me know if I'm causing too much scroll.
21:24 < xone> !wiki
21:24 <@vpnHelper> "wiki" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN for the Unofficial wiki or (#2) https://community.openvpn.net/openvpn/wiki for the Official wiki
21:24 < xone> !heartbleed
21:24 <@vpnHelper> "heartbleed" is (#1) only affects OpenSSL 1.0.1 through 1.0.1f. Does not affect polarssl or (#2) if running vuln openssl then both client and server keys not protected by tls-auth should be considered compromised. or (#3) android 4.1.2_r1 is the first one to have -DOPENSSL_NO_HEARTBEATS and it is still in master. android 4.1 and 4.1.1 are probably affected. or (#4)
21:24 <@vpnHelper> https://community.openvpn.net/openvpn/wiki/heartbleed or (#5) http://xkcd.com/1354/
21:24 < xone> two more and I'll be done
21:24 < xone> !poodle
21:24 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
21:25 < xone> and last one now
21:25 < xone> !ovpnuke
21:25 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
21:25 < xone> ok that should do it.
21:25 < xone> Thank you for supplying these materials.
21:25 < skyroveRR> xone: you could have pm'ed the bot and done all that stuff.
21:25 < xone> Thanks, I'll know that for next time.
21:27 -!- showaz [~showaz@unaffiliated/showaz] has quit []
21:36 -!- xone [~xone@118.208-231-199.rdns.scalabledns.com] has left #openvpn []
21:36 -!- somis [~somis@167.160.44.215] has joined #openvpn
21:56 -!- somis [~somis@167.160.44.215] has quit [Quit: Leaving]
21:58 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 264 seconds]
22:04 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:31 -!- vvande [~vvande@107.191.96.48] has joined #openvpn
22:57 -!- NetworkingPro [sid47591@gateway/web/irccloud.com/x-bywjelblyipxowbd] has left #openvpn []
23:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
23:10 -!- ShadniX [dagger@p5481C657.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:11 -!- ShadniX [dagger@p5DDFCC49.dip0.t-ipconnect.de] has joined #openvpn
23:13 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:42 -!- mystica555 [~mystica55@2602:4b:a67b:600:6c36:63ec:a056:83d4] has quit [Ping timeout: 240 seconds]
23:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
23:57 -!- mystica555 [~mystica55@2602:ae:106b:1200:633a:7ef3:2e32:ed37] has joined #openvpn
23:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
--- Day changed Mon Nov 02 2015
00:39 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:07 -!- dimm0k [~dimm0k@unaffiliated/dimm0k] has quit [Ping timeout: 240 seconds]
01:30 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:30 -!- mode/#openvpn [+o mattock1] by ChanServ
01:36 -!- vvande [~vvande@107.191.96.48] has quit [Quit: vvande]
01:40 -!- vvande [~vvande@107.191.96.48] has joined #openvpn
02:00 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
02:16 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
02:16 -!- mode/#openvpn [+o pekster] by ChanServ
02:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:30 -!- thoht__ [~fox@bsd.cat] has joined #openvpn
02:30 < thoht__> hi
02:31 < thoht__> i got a mystic issue on my openvpn setup. after2days, i can t reach ip hosted on the vpn server but can still reach the one of the vpn clients
02:31 < thoht__> when i restart openvpn@server, all is back normal
02:50 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:13 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 246 seconds]
03:20 -!- andreaslindeboom [~andreasli@83.96.180.98] has joined #openvpn
03:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
03:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:02 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
04:24 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 256 seconds]
04:31 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
04:31 -!- mode/#openvpn [+o pekster] by ChanServ
04:40 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:53 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:38 < Nomads> What are the correct mtu related settings? I tried many combinations but mtu-test always complains.. My pfsense seems to have 1602 link-mtu value
05:38 < Nomads> Tried link-mtu 1500, mssfix on server and tun-mtu 1450, mssfix 1400 on the client but didn't work
05:46 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
05:52 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has joined #openvpn
05:54 < thoht__> try 1300
06:03 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:05 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:07 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
06:07 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:07 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
06:19 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
06:28 -!- andreaslindeboom [~andreasli@83.96.180.98] has quit [Read error: Connection reset by peer]
06:43 -!- AMERICAN_PSYCHO [~AMERICAN_@64.31.34.197] has joined #openvpn
07:04 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:05 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
07:09 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 255 seconds]
07:33 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:40 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 255 seconds]
07:49 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
07:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:00 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:23 -!- AMERICAN_PSYCHO [~AMERICAN_@64.31.34.197] has quit [Quit: Goodbye!]
08:31 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:46 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:58 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:59 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
09:00 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:01 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
09:02 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
09:06 -!- somis [~somis@167.160.44.215] has joined #openvpn
09:13 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:13 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:14 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
09:21 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
09:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 256 seconds]
09:32 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
09:33 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
09:35 -!- abra0_ [abra0@unaffiliated/abra0] has joined #openvpn
09:36 -!- unixninja92_ [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
09:37 -!- x5eb [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
09:37 -!- frank-- [1000@unaffiliated/thumbs] has joined #openvpn
09:38 -!- SupaYoshi_ [~SupaYoshi@104.223.1.186] has joined #openvpn
09:38 -!- Champi_ [Champi@damn.e-leet.be] has joined #openvpn
09:39 -!- abra0 [abra0@unaffiliated/abra0] has quit [Disconnected by services]
09:39 -!- abra0_ is now known as abra0
09:39 -!- Netsplit *.net <-> *.split quits: capri, Eagleman, n-st, @pekster, clu5ter, bpye, _0x5eb_, mparisi, DzAirmaX, @syzzer,  (+12 more, use /NETSPLIT to show all of them)
09:39 -!- Champi_ is now known as Champi
09:39 -!- x5eb is now known as _0x5eb_
09:39 -!- SupaYoshi_ is now known as SupaYoshi
09:40 -!- Netsplit over, joins: Eagleman
09:41 -!- frank-- is now known as thumbs
09:41 -!- Netsplit over, joins: n-st
09:42 -!- Netsplit over, joins: DzAirmaX
09:43 -!- Netsplit over, joins: bpye
09:44 -!- Netsplit over, joins: d10n
09:44 -!- Netsplit over, joins: Eugene
09:47 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
09:48 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
09:50 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
09:50 -!- mode/#openvpn [+o pekster] by ChanServ
10:04 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
10:04 -!- mode/#openvpn [+o syzzer] by ChanServ
10:25 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:30 -!- PsynoKhi0 [~none@c-83-233-26-188.cust.bredband2.com] has joined #openvpn
10:43 -!- lordvadr [~lordvadr@jose-tc.ctc.biz] has joined #openvpn
10:49 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 246 seconds]
11:03 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
11:03 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
11:04 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 246 seconds]
11:05 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:05 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has quit [Ping timeout: 260 seconds]
11:06 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
11:07 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Ping timeout: 260 seconds]
11:07 < lordvadr> Hi guys.  I've got a pair of machines, working tunnel (can ping, ssh, etc across it), running OSPF to share a private lan behind them.  OSPF is working, routes are populating.  I can only reach the remote subnet behind the "server" from the client, but not the otherway around.  Stracing the OpenVPN daemon show's it reading from the tunnel but not transmitting the packets.  What config option do I need
11:07 < lordvadr> to add?
11:08 -!- Gizmokid2005 [~Gizmokid2@198.27.64.13] has joined #openvpn
11:10 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
11:13 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
11:15 < PsynoKhi0> greetings, I'm setting up an OpenVPN bridge server between multiple client laptops (win7) and a windown server 2012 machine. Both the OpenVPN server and the win2k12 machine are on an OpenStack IaaS instance (LAN 10.251.0.0/16), the OpenVPN server has a floating IP that I use as the "remote" directive in the client conf-file, which I suppose messes up packet routing since it differs from the standard gat
11:15 < PsynoKhi0> eway on the IaaS network. The OpenStack network gateway is set up to handle DHCP for hosts from 10.251.0.2 to 10.251.0.99 (for virtual servers), while the OpenVPN server manages the 10.251.0.100-10.251.255.254 pool (VPN clients). Clients can connect to the bridged network, PING requests from the clients to the OpenVPN server get replies, but never from the machines beyond that, is it safe to assume resp
11:15 < PsynoKhi0> onse traffic is trying to use the OpenStack LAN's standard gateway instead of going back through the OpenVPN server?
11:19 -!- baetheus [~brandon@null.pub] has quit [Ping timeout: 240 seconds]
11:21 -!- Gizmokid2005 [~Gizmokid2@198.27.64.13] has quit [Ping timeout: 272 seconds]
11:24 -!- early [~early@105.ip-167-114-152.net] has quit [Ping timeout: 240 seconds]
11:24 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has joined #openvpn
11:25 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:27 -!- baetheus [~brandon@192.95.29.161] has joined #openvpn
11:32 <@ecrist> You should reconsider the bridge part of that
11:32 <@ecrist> !tunortap
11:32 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
11:32 <@vpnHelper> rooted/jailbroken) support only tun
11:33 < thoht__> is it possible/recommanded to tagged vlan inside a tapX .?
11:33 <@ecrist> Not sure.  I don't think I've ever tried.
11:33 < thoht__> i did it but every time i moved a VM from an hypervizor to another one; the network goes crazy and i have to restart openvpn
11:34 < thoht__> ecrist: http://pastebin.com/2iMNrrwC
11:34 <@ecrist> lordvadr: do you have the proper route and are you allowing forwarding on that system?
11:34 < thoht__> this is my up.sh script which brings up the vlan
11:35 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 268 seconds]
11:35 < thoht__> then i bridged the VMs on br10 and br20 to have separated lan
11:36 < thoht__> all works fine but when  i moved a VM to another hypervizor; all network goes crazy
11:36 < PsynoKhi0> ecrist: alright thank you, I thiought I had covered the windows shares part, but... !wins it is! I have another OpenVPN server (cloned from the former, but with a tun setup) where I can ping the windows server jsut fine, but that's about it... but first things first
11:36 < thoht__> even VM which are not moved
11:36 < PsynoKhi0> !wins
11:36 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba
11:36 < PsynoKhi0> erm
11:36 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
11:37 < thoht__> so i just want to know if i go to a wrong direction
11:37 -!- liriel [~liriel@185.21.217.6] has quit [Ping timeout: 260 seconds]
11:37 < PsynoKhi0> so with a tun interface, the idea is to have the OpenVPN server acting as a WINS samba server as well?
11:42 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
11:43 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 264 seconds]
11:54 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
11:55 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
11:55 -!- baetheus [~brandon@192.95.29.161] has quit [Ping timeout: 255 seconds]
11:55 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
11:56 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Excess Flood]
11:59 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
12:00 -!- baetheus [~brandon@192.95.29.161] has joined #openvpn
12:07 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
12:07 -!- baetheus [~brandon@192.95.29.161] has quit [Ping timeout: 240 seconds]
12:13 < lordvadr> ecrist: Yes.  Even the reply packets in the opposite direction make it back through, so the routes are in place, and yes, forwarding, everything.  I went and strace'd the OpenVPN daemon and I can see it reading from the tunnel and doing nothing--so discarding it.  When it works in the other direction I get pairs of sendto()'s and recvfrom()'s, so it's definately the OpenVPN daemon not liking something
12:13 < lordvadr> about it.
12:17 -!- baetheus [~brandon@null.pub] has joined #openvpn
12:20 -!- mystica555 [~mystica55@2602:ae:106b:1200:633a:7ef3:2e32:ed37] has quit [Remote host closed the connection]
12:21 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 268 seconds]
12:22 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
12:32 -!- baetheus [~brandon@null.pub] has quit [Ping timeout: 265 seconds]
12:34 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
12:36 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
12:39 -!- somis [~somis@167.160.44.215] has left #openvpn ["Leaving"]
12:46 -!- baetheus [~brandon@192.95.29.161] has joined #openvpn
13:09 < Nomads> !link-mtu
13:13 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
13:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:23 -!- baetheus [~brandon@192.95.29.161] has quit [Ping timeout: 255 seconds]
13:26 -!- baetheus [~brandon@null.pub] has joined #openvpn
13:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:29 -!- mystica555 [~mystica55@2602:ae:106b:1200:633a:7ef3:2e32:ed37] has joined #openvpn
13:42 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:56 -!- baetheus [~brandon@null.pub] has quit [Ping timeout: 265 seconds]
13:59 -!- baetheus [~brandon@null.pub] has joined #openvpn
14:00 -!- mjtowell [~mjtowell@unaffiliated/mjtowell] has joined #openvpn
14:03 < PsynoKhi0> !wins
14:03 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba
14:04 -!- baetheus [~brandon@null.pub] has quit [Ping timeout: 244 seconds]
14:11 -!- baetheus [~brandon@192.95.29.161] has joined #openvpn
14:12 -!- mjtowell [~mjtowell@unaffiliated/mjtowell] has quit [Quit: Leaving]
14:14 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
14:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:27 -!- toothe [~awiggin@unaffiliated/toothe] has joined #openvpn
14:27 < toothe> is there a way to make openvpn listen on multiple ports?
14:28 -!- toli [~toli@109.128.250.107] has quit [Ping timeout: 246 seconds]
14:32 -!- mwopp [~cro@x590f4bf2.dyn.telefonica.de] has joined #openvpn
14:32 < mwopp> hi
14:34 -!- baetheus [~brandon@192.95.29.161] has quit [Ping timeout: 255 seconds]
14:34 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:35 -!- zamber [~zamber@78.10.84.227] has joined #openvpn
14:35 -!- toli [~toli@188.188.3.3] has joined #openvpn
14:36 < mwopp> can anyone tell me how "route" in the openvpn.conf works? having a problem here: http://pastebin.com/V7y4VSbq
14:36 <@ecrist> lordvadr: the openvpn process itself needs to know how to route the traffic, is that in place? (not just the kernel routing table)
14:36 -!- toli [~toli@188.188.3.3] has quit [Read error: Connection reset by peer]
14:36 <@ecrist> !route
14:36 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
14:36 <@vpnHelper> client
14:37 <@ecrist> mwopp: ^^^
14:38 < mwopp> i added the routing the openvpn.conf, i didnt do anything to iptables or so
14:39 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
14:39 < mwopp> route 192.168.180.0 255.255.255.0
14:39 < mwopp> thats whats in my conf
14:40 < mwopp> first part being my local network
14:41 -!- baetheus [~brandon@192.95.29.161] has joined #openvpn
14:42 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:43 < mwopp> its a tunnel, i'm the client, i dont have access to the server. so i dont think the whole push thing is for me?
14:43 < mwopp> +not
14:46 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
14:46 -!- baetheus [~brandon@192.95.29.161] has quit [Ping timeout: 244 seconds]
14:53 -!- baetheus [~brandon@null.pub] has joined #openvpn
14:53 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:56 < lordvadr> ecrists: Evidently not, however it's "not in place" at either end, but works from one direction only.
14:57 -!- toli [~toli@109.128.250.107] has joined #openvpn
14:58 < mwopp> err
14:59 < mwopp> what do you mean, either end? so i have to set the route on the server too? that being the one that i dont have access to
15:02 -!- master_of_master [~master_of@p4FD7B176.dip0.t-ipconnect.de] has joined #openvpn
15:05 < thoht__> is it possible that kernel 3.10 is buggy with openvpn and tap ?
15:05 < thoht__> looks like it doesn(t manage to re-learn mac client when a VM move from a NODE to another one
15:08 < mwopp> !clientlan
15:08 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
15:08 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
15:08 < mwopp> !serverlan
15:08 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
15:13 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:13 < thoht__> so i got an issue
15:13 < thoht__> when i do brctl showmacs br30
15:13 < thoht__> after a VM moved; the mac never appeared
15:14 < thoht__> if i restazrt openvpn; and i re-run brctl showmacs br30, the mac is back in state "is local : no"
15:14 < thoht__> so looks like a bug :D
15:17 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has quit [Ping timeout: 250 seconds]
15:20 -!- Gizmokid2005 [~Gizmokid2@198.27.64.13] has joined #openvpn
15:21 < mwopp> i'm running a client and behind the client theres a lan. so that cannot work unless the server pushes a route to the clients?
15:21 < DArqueBishop> mwopp, correct.
15:22 < mwopp> i dont have access to the server though. so its not possible?
15:22 < DArqueBishop> No.
15:23 -!- Exagone313 [exa@elou.world] has quit [Quit: see ya!]
15:23 < DArqueBishop> I would imagine that's by design. If I was running an OpenVPN server, I would be more than a little peeved if one of my clients was able to share his own LAN to my VPN without my permission.
15:25 -!- baetheus [~brandon@null.pub] has quit [Ping timeout: 255 seconds]
15:27 < mwopp> that sucks
15:32 -!- baetheus [~brandon@null.pub] has joined #openvpn
15:36 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
15:36 -!- Exagone313 [exa@elou.world] has joined #openvpn
15:37 < PsynoKhi0> is it even possible for hosts on the server network to initiate connections to hosts on the client network in a routed VPN setup?
15:40 < saik0> Is route-noexec and route-cmd with a script that calls through to iproute2 bin the "sanest" way of forcing pushed routes to use a particular table (policy routing)
15:40 -!- Gizmokid2005 [~Gizmokid2@198.27.64.13] has quit [Ping timeout: 250 seconds]
15:41 < DArqueBishop> PsynoKhi0:
15:41 < DArqueBishop> !clientlan
15:41 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see
15:41 <@vpnHelper> !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
15:45 < PsynoKhi0> !route
15:46 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
15:46 <@vpnHelper> client
15:47 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has joined #openvpn
15:47 < PsynoKhi0> yeah sorry "client network" was inaccurate, clients are standalone machines
15:52 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has quit [Ping timeout: 244 seconds]
15:53 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has joined #openvpn
15:54 -!- early [~early@105.ip-167-114-152.net] has joined #openvpn
15:58 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
15:59 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:00 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
16:00 -!- mode/#openvpn [+o mattock] by ChanServ
16:00 < jackbrown> anyone can help me to fix a DNS Leak when I run  openvpn --config  config-file.ovpn
16:11 < saik0> my earlier question restated: is there a way to push arbitrary ip command if I've compiled with iproute2?
16:11 < PsynoKhi0> thanks for the hints to far, bye
16:11 -!- PsynoKhi0 [~none@c-83-233-26-188.cust.bredband2.com] has quit [Quit: leaving]
16:11 < saik0> the end goal is adding a route to a non-default routing table
16:27 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has joined #openvpn
16:29 < lindylex> Windows clients' can connect and ping machines by name or ip.  The workgroups does not show up for these computer in network neighborhood.
16:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
16:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:53 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
16:58 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
17:10 -!- mwopp [~cro@x590f4bf2.dyn.telefonica.de] has quit [Ping timeout: 240 seconds]
17:15 -!- madmattco [~quassel@znc.madboxes.cc] has quit [Quit: u wana get bottld cunt?]
17:17 -!- madmattco [~quassel@81.4.103.123] has joined #openvpn
17:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:29 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 240 seconds]
17:37 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has quit [Ping timeout: 250 seconds]
17:43 -!- toothe [~awiggin@unaffiliated/toothe] has left #openvpn []
17:45 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:46 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has joined #openvpn
18:01 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
18:16 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has quit [Read error: Connection reset by peer]
18:20 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has joined #openvpn
18:22 -!- xone [~xone@208.31.49.52] has joined #openvpn
18:28 -!- xone [~xone@208.31.49.52] has left #openvpn []
18:56 -!- s7eele [~AndChat52@172.98.67.33] has joined #openvpn
19:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
19:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
19:12 -!- s7eele [~AndChat52@172.98.67.33] has quit [Quit: Bye]
19:14 -!- madmattco [~quassel@81.4.103.123] has quit [Quit: u wana get bottld cunt?]
19:19 -!- madmattco [~quassel@2a00:d880:5:5a6::2ab3] has joined #openvpn
19:53 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 240 seconds]
20:18 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
21:03 -!- lindylex [~lex@c-68-82-29-112.hsd1.pa.comcast.net] has quit [Quit: Leaving]
21:40 -!- Denial- [~Denial@host31-52-126-218.range31-52.btcentralplus.com] has joined #openvpn
21:41 -!- Denial [~Denial@81.141.3.59] has quit [Ping timeout: 250 seconds]
21:49 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
21:49 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
21:56 -!- AMERICAN_PSYCHO [~AMERICAN_@64.31.35.180] has joined #openvpn
21:58 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 250 seconds]
22:08 -!- lkjahsdkfj is now known as uiyice
22:11 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:35 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
22:45 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-wbrqdbttgfcqoyqk] has joined #openvpn
23:04 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:08 -!- ShadniX [dagger@p5DDFCC49.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:09 -!- ShadniX [dagger@p5DDFCD14.dip0.t-ipconnect.de] has joined #openvpn
23:10 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
23:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Tue Nov 03 2015
00:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
00:05 -!- ShadniX [dagger@p5DDFCD14.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:06 -!- ShadniX_ [dagger@p5794119C.dip0.t-ipconnect.de] has joined #openvpn
00:06 -!- ShadniX_ is now known as ShadniX
00:08 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:29 -!- AMERICAN_PSYCHO [~AMERICAN_@64.31.35.180] has quit [Ping timeout: 240 seconds]
00:30 -!- xone [~xone@82.221.102.34] has joined #openvpn
00:33 < xone> What is the syntax please to get the [!] messages via PM
00:34 < xone> -- /msg vpnhelper ![command] does nothing.  As does /msg vpnhelper [command]
00:35 < xone> Thanks
00:53 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
01:03 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:04 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:09 -!- xone [~xone@82.221.102.34] has left #openvpn []
01:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:33 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:33 -!- mode/#openvpn [+o mattock1] by ChanServ
01:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Client Quit]
01:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 240 seconds]
02:10 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 246 seconds]
02:22 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:43 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:06 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:08 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:14 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
03:26 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has joined #openvpn
03:45 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:57 < mwopp> DArqueBishop: you were completely wrong
04:04 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:09 -!- dmilith [~dmilith@verknowsys.com] has quit [Ping timeout: 272 seconds]
04:14 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has quit [Ping timeout: 244 seconds]
04:23 -!- Kingsy [~chris@unaffiliated/kingsy101] has joined #openvpn
04:24 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:25 < Kingsy> if I have created a connection to a vpn (tun1) which I can ping, why cant I ping any of the local ips on that vpn network? feels like I have missing something.
04:25 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:37 < Kingsy> I am not sure what I have missed.. I have setup ip forwarding. I have open 1194 to forward to the openvpn server on the router.. I opened the connection with openvpn --dev tun1 --ifconfig 10.9.8.1 10.9.8.2 and openvpn --remote home.ip.addr --dev tun1 --ifconfig 10.9.8.2 10.9.8.1
04:37 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Quit: ZNC - http://znc.in]
04:37 < Kingsy> I get a successful Initialization Sequence Completed on both sides client and server..
04:37 < Kingsy> but I cant see the local network.. via a ping
04:43 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
04:54 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
04:57 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:05 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
05:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:21 < Nomads> !clientlan
05:21 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
05:21 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
05:26 < Kingsy> !ccd
05:26 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
05:29 < Kingsy> !iroute
05:29 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd
05:30 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
05:30 -!- mode/#openvpn [+v hyper_ch] by ChanServ
05:30 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has joined #openvpn
05:30 <+hyper_ch> mwopp: poing
05:45 < Kingsy> hmm is there a reason after installation I wouldnt have a openvpn user?
05:46 < Kingsy> aolso there is no admin web interface.
05:50 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
05:50 < Kingsy> ok, which package should I use for a Raspberry Pi?
05:53 < Kingsy> I guess I will just have to stick with the one in the repos.. it just doesnt seem to do alot of the set automatically
05:56 -!- esc4rg0t [~esc4rg0t@46.140.121.76] has joined #openvpn
05:57 < esc4rg0t> Hi! When having an OpenVPN Server without "direct internet connection", how can I foward/proxy UDP packets from a host that should act like a reverse proxy to OpenVPN? Currently I use TCP as protocol and NGINX as reverse proxy, but I would like to switch to UDP...
06:15 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 240 seconds]
06:20 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
06:25 < mwopp> hyper_ch: pong
06:25 < mwopp> http://i.imgur.com/EjwwMep.png
06:26 <+hyper_ch> mwopp: you better want to translate this to english here ;)
06:26 < mwopp> can anyone tell me if this is doable at all?
06:26 < mwopp> well theres like two german words on that pic >:
06:27 <+hyper_ch> you have two routers?
06:27 < mwopp> yes
06:27 <+hyper_ch> that looks way more complicated than you said in the other channel
06:27 < mwopp> Router B connects to the internet. Router A connects to Router B.
06:28 < mwopp> its not that complicated
06:28 < mwopp> Router B is just a way to connect to the internet
06:28 <+hyper_ch> and all clients attached to router a should be vpned?
06:29 < mwopp> yes exactly
06:29 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:29 <+hyper_ch> I'm not good at that routing stuff :)
06:30 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:31 < mwopp> the tunnel client-server connection is already established. its really the routing part only that is not working apparently
06:31 < Kingsy> hmm this is alot more complex than I first thought.
06:32 < mwopp> imagine Router B as a cable modem
06:32 <+hyper_ch> redirect-gateway def1 on router a should work IMHO.. but as said, with all that routing stuff, I am not really confortable with
06:32 < mwopp> router A
06:32 < mwopp> is the important part here
06:35 < Kingsy> could someone tell me how to enable the web admin please?
06:36 <+hyper_ch> webadmin?
06:36 <+hyper_ch> !as
06:36 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
06:36 < Kingsy> sorry thankyou
06:36 <+hyper_ch> Kingsy: are you using openvpn-as?
06:38 < Kingsy> hyper_ch: hrm no.. at the moment I just have openvpn installed.
06:38 <+hyper_ch> there's no web admin for openvpn AFAIK
06:38 < Kingsy> I think openvpn-as might be easier.. but I don't know which package to install for it
06:38 < Kingsy> I am running a raspberry pi see.. so its armv6
06:38 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has quit [Ping timeout: 240 seconds]
06:39 < Kingsy> so perhaps there isnt a package that'll work
06:39 < Kingsy> well I cant see one
06:39 < Nomads> With the as,  I think there's a user limit to it.
06:39 <+hyper_ch> Kingsy: what do you want to achieve?
06:40 < Nomads> That's if I remember correct..
06:40 < Kingsy> a vpn network with 3 clients
06:40 <+hyper_ch> and one server?
06:40 < Kingsy> yeah sorry
06:40 < Kingsy> one server
06:40 <+hyper_ch> !howto
06:40 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
06:41 < Kingsy> the server is a raspberry pi
06:41 < Kingsy> hyper_ch: yeah I have read that.. I was creating the keys when I was thinking it would be nice to use a web interface if I could
06:42 < Nomads> If you want any kind of interface,  go with openvpn-as or softether vpn. :P
06:42 < Kingsy> yeah. not sure I can. I don't think there is a package that works on this system
06:43 < Nomads> For which one?
06:43 < Kingsy> openvpn-as for a raspberry pi running armv6
06:43 < mwopp> brb
06:43 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has quit []
06:44 < Nomads> Go softether then. You can have a gui if you use Windows.
06:45 < Nomads> But you can handle openvpn without gui as well
06:45 < Kingsy> naaa I am gonna stick with debian.. nevermind. I will just try and muddle through
06:45 < Kingsy> Nomads: yeah I am looking at it now.. its just a little overwhelming. there are ALOT of steps before you can even test the thing :D
06:46 < Kingsy> Nomads: heh, I did a simple test which seemed to work but I couldnt see the local network.. so perhaps I should go back to there.
06:47 <+hyper_ch> Kingsy: my configs:  https://paste.simplylinux.ch/view/09f420cd    they're pretty easy... in the server I link to the certs... in the client they're inline.
06:47 < Nomads> Check that diagram.
06:47 < Kingsy> hyper_ch: cool! tbh
06:47 < Kingsy> I think first I would like to see this working with no keys at all
06:48 <+hyper_ch> creates 10.0.8.x subnet for the vpn
06:48 < Kingsy> I am not sure I even have the firewall rules correct
06:48 <+hyper_ch> and the if device on the client is named "myOpenVPN"
06:48 <+hyper_ch> which you can alter of course
06:48 <+hyper_ch> Kingsy: just follow that howto :)
06:49 < Kingsy> hmm ok
06:49 -!- esc4rg0t [~esc4rg0t@46.140.121.76] has quit [Quit: Leaving]
06:52 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
06:53 < Kingsy> hyper_ch: I keep running into this same issue.. I cant source the ./vars
06:53 < Kingsy> it says Please source the vars script first (i.e. "source ./vars")
06:53 <+hyper_ch> then do that
06:53 <+hyper_ch> source ./vars
06:53 < Kingsy> when I run source ./vars it seems to work but it does nothing
06:53 < Kingsy> I get the same error again
06:54 <+hyper_ch> it shouldn't report anything
06:54 <+hyper_ch> source ./vars reads only some stuff into your ENV vars
06:54 <+hyper_ch> weird...
06:54 < Kingsy> http://hastebin.com/amivemapuk.vhdl
06:54 <@vpnHelper> Title: hastebin (at hastebin.com)
06:54 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:55 <+hyper_ch> you run 3rd as sudo ;)
06:55 <+hyper_ch> different environments
06:55 < Kingsy> hmm perhaps I should do all of this as root
06:55 < thoht__> i m experiencied DUP paquets with openvpn
06:55 < thoht__> how can i remove that ?
06:55 <+hyper_ch> Kingsy: that's one way
06:56 <+hyper_ch> or make that whole dir writeable by your users
06:56 < Nomads> Hyper_ch,  lol compared to yours,  I feel like I overdid mine...    http://paste.ee/p/Y1jUH
06:57 <+hyper_ch> Nomads: there's no right or wrong config as long as they work and do what you want :)
06:58 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has joined #openvpn
06:58 < Nomads> (:
06:59 <+hyper_ch> mwopp: does the fritzbox have an established vpn connection, if so, can a client in the lan ping the vpn server?
06:59 < thoht__> anybody can help me with my DUP paquet ? :/
06:59 < mwopp> i'll go check. bbs.
06:59 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has quit [Client Quit]
06:59 < thoht__> when i ping a VM inside an hypervizor node which belongs to the VPN it is DUP
07:00 < thoht__> but other hypervizors don t have DUP
07:00 <+hyper_ch> no idea what DUP IS
07:00 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has joined #openvpn
07:00 < thoht__> 64 bytes from 192.168.30.11: icmp_seq=1 ttl=64 time=7.25 ms (DUP!)
07:00 < thoht__> it is a duplicated paquet
07:00 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has quit [Client Quit]
07:01 <+hyper_ch> so you get two packets for the price of one packet?
07:01 < thoht__> yes
07:01 < Nomads> Maybe your firewall alters the packages
07:02 < thoht__> i don t have firewall
07:02 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:05 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
07:07 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has joined #openvpn
07:13 < Nomads> hyper_ch, sndbuf 0 or 393216? Did you try both?
07:13 <+hyper_ch> I like my 0 :)
07:13 <+hyper_ch> works fine for me
07:14 < Nomads> Instead of increasing the buffer, you're removing it. :D
07:15 < Nomads> As much as I remember, for UDP 393216 was mentioned to be better. That's why I'm asking
07:16 <+hyper_ch> I have the same setup for my sip phones.. weaker certs/dh though
07:17 <+hyper_ch> and also weaker cipher :)
07:17 <+hyper_ch> and owrks great there as well
07:17 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
07:18 < Nomads> http://www.lowendtalk.com/discussion/40099/why-openvpn-is-so-slow-cool-story
07:18 <@vpnHelper> Title: Why OpenVPN is so slow? (cool story) - LowEndTalk (at www.lowendtalk.com)
07:25 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:25 < n-st> hi, i've set up openvpn on a raspberry pi to connect on boot. unfortunately it dies with "Inactivity timeout (--ping-exit)" shortly afterwards. i assume this is because the system doesn't have an rtc, so the system time jumps from 1970-01-01 to 2015-11-03 a few seconds after the vpn connects and provides an internet connection. is there a way to disable --ping-exit entirely?
07:26 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Ping timeout: 240 seconds]
07:26 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
07:26 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 240 seconds]
07:26 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 240 seconds]
07:26 -!- fling [~fling@fsf/member/fling] has joined #openvpn
07:27 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
07:28 < Nomads> Try ping-timer-rem on server side and a bigger keep-alive, ping exit value?
07:30 < n-st> Nomads: i can't influence the server, unfortunately (university network, where you need a vpn to establish an internet connection)
07:31 <@ecrist> n-st: we'd need to see some detailed logs of the event.
07:33 < n-st> ecrist: http://termbin.com/trh4
07:33 < n-st> (just the part after the last reboot)
07:37 < n-st> alright, looks like setting `ping-exit 9999999999` in the config file works
07:38 < Nomads> ecrist, is there a way to use "route change" command in openvpn config file for windows clients?
07:38 -!- fooooey [~no@c-71-194-64-148.hsd1.il.comcast.net] has joined #openvpn
07:38 -!- master_o1_master [~master_of@p4FF241EA.dip0.t-ipconnect.de] has joined #openvpn
07:41 < Nomads> With OpenVPN, the only way I found that I can overcome the WebRTC leak on windows is using a "route change" command. But it seems I can't do that in config and using bat files are not my preferance
07:42 -!- master_of_master [~master_of@p4FD7B176.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
07:43 < Kingsy> I just cant figure this out.. I have connected to the network.. but I just cant ping the local machines.. I am pretty sure I opened up the firewall on the server aswell
07:43 < Kingsy> I can see the syslog changing on the server when I connect via the client.
07:43 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:43 < Kingsy> but ping <local.ip.on.server.network> doesnt work.
07:43 < Kingsy> what could I be missing?
07:44 < Nomads> can the client ping server
07:44 < Nomads> !clientlan
07:44 <@vpnHelper> "clientlan" is (#1) for a lan behind a client, the client must have ip forwarding enabled (!ipforward), the server needs a route to the lan, the server needs to push a route for the lan to clients, the server needs a ccd (!ccd) file for the client with an iroute (!iroute) entry in it, and the router of the lan the client is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for
07:44 <@vpnHelper> a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/clientlan.png
07:44 < Nomads> your really should check out the diagram :d
07:45 < Kingsy> Nomads: no, I cant.. I can see the tun device, but I cant ping the server from the client
07:46 < Kingsy> Nomads: hmm I have ready that
07:46 < Kingsy> ip_forwarding is enabled. I opened up the firewall on the server. perhaps it needs a "route"
07:46 < Kingsy> which I am hazy about
07:47 < Nomads> Of course it does need a route. :D Check the config file hyper_ch shared. On server side you need to push the route.
07:47 < Nomads> and define
07:48 < Kingsy> ok will do
07:54 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-wbrqdbttgfcqoyqk] has quit [Quit: Connection closed for inactivity]
07:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:55 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
07:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:59 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:00 -!- dvl_ [~dvl@freebsd/developer/dvl] has joined #openvpn
08:00 -!- dvl_ is now known as dvl
08:05 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
08:07 < Kingsy> hmm I am connected but it seems to be quite slow.. is that processor speed of the server? or network speed?
08:07 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has joined #openvpn
08:07 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
08:09 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
08:11 -!- leandrosansilva [~leandro@host-188-174-233-152.customer.m-online.net] has joined #openvpn
08:12 < Nomads> Is it tcp or udp
08:12 < Kingsy> udp
08:12 < Nomads> nevermind that, use sndbuf 0 rcvbuf 0 in your server and client configs
08:12 < Nomads> try that
08:12 < Nomads> openvpn is slow by default :D
08:13 < leandrosansilva> Hello to all. Is there any way to reload ovpn server configuration without restarting the daemon? I found nothing in the manpage
08:13 < Kingsy> its like very very slow tho.. 2 minutes to copy one mp3.. 20 secvonds to load folder contents
08:13 < leandrosansilva> sending some signal?\
08:13 < Kingsy> Nomads: does it matter its running on a raspberry pi A ? its like very low power.
08:13 < Nomads> Yeah, it does.
08:15 < Kingsy> yeah.. perhaps I should try a slifghtly faster server.
08:15 < Kingsy> yeah still super super slow even just browsing through a network share.
08:16 <@plai> btw. sndbuf/recvbuf will be default in the next release
08:16 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:17 < Kingsy> crap..
08:19 < Nomads> plai, defaults to 0 or ...?
08:20 < mwopp> hyper_ch: http://pastebin.com/VMpV1T4T As i see it, the connection is established. The clients cannot ping the vpn server. they cannot ping the local router either (local ip of router A)
08:20 < Nomads> Kingsy, try tcp?
08:20 < Kingsy> Nomads: I have only forwarded the udp port at the moment I would have the change that.
08:20 < mwopp> i think the traffic is getting routed somewhere
08:21 < Kingsy> Nomads: TCP would be faster than UDP?
08:21 < Kingsy> how much actual processing power is needed from the server?
08:21 < Nomads> Lol... Not sure.
08:22 < Nomads> How is your network server setup
08:22 <@plai> Nomads: basically 0, yes
08:22 < Kingsy> the network is fast.. or at least it should be.. I get decent speeds when I am at the machines
08:22 < Kingsy> the swerver is currently running on a ARMv6-compatible processor rev 7 (v6l)
08:23 < Kingsy> is that enough?
08:24 < Nomads> Lol, I have a Banana Pro, which has more computing power than a BPI and a 1Gbit port but network was never perfect :D
08:24 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zktauavtbhmpaxlj] has joined #openvpn
08:25 <@plai> Kingsy: try to run openssl speed blowfish
08:25 <@plai> that gives you the raw crypto performance
08:25 < Kingsy> on the server?
08:25 < Kingsy> 1 second
08:25 < Kingsy> plai: http://hastebin.com/qecepivexo.vhdl
08:26 <@vpnHelper> Title: hastebin (at hastebin.com)
08:26 <@plai> faster than I expected
08:27 < Kingsy> I mean.. if this is looking good.. why would it be taking 10 - 20 seconds for a directory change browsing through smb ?
08:27 < Kingsy> I could test the speed of the network perhaps? a wget?
08:27 < Nomads> try something else other than smb? Maybe do an internet speedtest
08:28 < Nomads> Try running iperf maybe
08:28 < Kingsy> Nomads: internet speed test I am getting about 2.33M/s
08:28 < Kingsy> from speedtest.net
08:29 < Nomads> lol...
08:29 < Kingsy> I'll do a scp see how fast that goes.
08:29 < Kingsy> oh feck I cant.. it doesnt support ssh
08:29 < Kingsy> its likea  windows share you see :D
08:29 < Nomads> try running iperf server on a client machine and check what is the max speed you can get.
08:29 < Nomads> what do you mean scp doesnt support ssh :S
08:30 < Kingsy> no I meant the share.
08:31 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 268 seconds]
08:31 < Nomads> apt-get install iperf.  At one machine try iperf -s to start the server and the second machine iperf -c SERVERIP -t 60 and check your speed. Make sure they are vpn ip's though. This way you can check the speed between vpn server and client.
08:32 < Kingsy> doing it now
08:33 < Kingsy> Nomads: by vpn ipsdo you mean the 10.x etc ip? not the local ones?
08:34 < Nomads> yep
08:35 < Nomads> make sure the server is listening on vpn ip and the client connects to that ip. you are complaining about the vpn speed afterall :D
08:35 < Kingsy> wow
08:35 < Kingsy> [  3]  0.0-62.7 sec  11.5 MBytes  1.54 Mbits/sec
08:36 < Kingsy> thats slow.. like 150k sec? something like that.
08:36 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
08:37 < Nomads> Now, try it again with your regular network ip's.
08:37 < Kingsy> 1 second
08:38 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:38 < Kingsy> [  3]  0.0-61.0 sec  11.2 MBytes  1.55 Mbits/sec
08:38 < Kingsy> exactly the same.
08:39 < Nomads> So... The problem lies with your network or Raspberry config, not openvpn eh?
08:39 -!- dmilith [~dmilith@verknowsys.com] has joined #openvpn
08:39 < Kingsy> hehe :D very cool
08:40 < Nomads> BTW, just to be sure, run iperf while vpn connection is disabled
08:40 < Nomads> (:
08:40 < Kingsy> Nomads: wouldnt I need to forward a port for that?
08:41 < Kingsy> I am running all of thos external fom the client machine, and ssh'ed into the server.
08:41 < Nomads> When openvpn is disconnected, can those machines talk to eachother?
08:41 < Nomads> If they can't how did you run the iperf test? :D
08:41 < Kingsy> via ports 22, 900 and 1194
08:42 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
08:42 < Kingsy> can you tell iperf to use one of those?
08:42 < Kingsy> Nomads: because I am connected to the server through the vpn on port 1194
08:43 < Nomads> You can tell iperf to listen to any port you want on any ip you have.
08:44 < Kingsy> trying ti now
08:44 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
08:45 < Nomads> for example:  iperf -s -p 9001 start iperf at port 9001 and iperf -s -p 9001 -B ANOTHERIP start iperf on anotherip with port 9001. Like that.
08:45 < Nomads> when you are connecting you should specify -p X to the client as well.
08:46 < Kingsy> hmm doesnt seem to work..
08:46 < Kingsy> not sure why.. 1194 is defintely being routed to the server.
08:46 < Kingsy> ohhh
08:46 < Nomads> Because you have openvpn running on port 1194?
08:46 < Kingsy> naa I stopped it
08:46 < Kingsy> its because its TCP
08:46 < Kingsy> and 1194 is UDP
08:46 < Nomads> use -u flag
08:47 < Kingsy> great.
08:47 < Kingsy> working now
08:48 < Kingsy> curious.. is this "downloading" from the server.. or "uploading" from the client?
08:49 < Kingsy> that test was even worse..
08:49 < Kingsy> 0.0-60.0 sec  7.50 MBytes  1.05 Mbits/sec
08:49 < Nomads> Yep, possible since openvpn uses comp-lzo to compress data.
08:50 < Nomads> Now do tell, is it something related to your network/raspberry/modem/firewall OR openvpn? :D
08:50 < Kingsy> heheheh
08:50 < Kingsy> should I focus on the client network? or the servers network?
08:51 < Nomads> the connection between them. You need to figure out the culprit. So... Both?
08:51 < Kingsy> I am assuming the client network should be fine, if I am doing is "downloading" datafrom the VPN.. so browsing files
08:53 -!- toli [~toli@109.128.250.107] has joined #openvpn
08:56 -!- mumixam [~m@unaffiliated/mumixam] has quit [Ping timeout: 240 seconds]
08:57 < Kingsy> Nomads: well, I will look into it for sure.. thankyou for your help!! I have learned alot
08:57 < Nomads> You're welcome. ;)
08:58 < Kingsy> alos
08:58 < Kingsy> you have blown my mind with iperf.. I didnt know about it.. absolutely amazing
08:59 < Nomads> (: Never trust speedtest.net results.
08:59 -!- mumixam [~m@unaffiliated/mumixam] has joined #openvpn
09:03 -!- mwopp [~cro@x5ce394c5.dyn.telefonica.de] has quit []
09:04 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
09:06 -!- somis [~somis@167.160.44.218] has joined #openvpn
09:07 < Kingsy> Nomads: out of curiosity.. when you do iperf and you connect to a server.. is it the client which sends the data to the server?
09:07 < Kingsy> if so then that wasnt a good test.
09:08 < Kingsy> because I was downloading from the vpn, not uploading to it.
09:10 <+hyper_ch> Kingsy: why do you deploy a VPN? For security or just as comfort to have easy access to your home lan or something?
09:11 < Nomads> Kingsy, client uploads as much as I know.
09:11 < Kingsy> yep thats the reason
09:11 < Kingsy> 0.0-60.0 sec  35.8 MBytes  5.00 Mbits/sec
09:11 < Kingsy> LOADS better the other way around..
09:11 < Kingsy> so I am still unsure as to why I can browse a network share without waiting 15 seconds for a dir list
09:12 < Kingsy> hyper_ch: just for comfort.. I need to also be able to access music and things.. just makes it so so much easy.
09:12 < Kingsy> easier*
09:12 <+hyper_ch> Kingsy: then you might want to use a weaker cipher that taxes the raspi cpu less
09:13 < Kingsy> hyper_ch: good idea.. umm I am assuming we are not talking the encrpyrtion used on the keys here?
09:13 <+hyper_ch> 2nd gen intel and no-idea-what-gen amd chips have integrated aes support
09:13 <+hyper_ch> raspi doesn't have that
09:14 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:14 < Kingsy> hyper_ch: at the moment I don't have a cipher set in my server.conf
09:14 <+hyper_ch> maybe try in both server and client config this:     cipher BF-CBC
09:14 < Kingsy> ok
09:14 < Kingsy> lets have a go
09:15 <+hyper_ch> good luck
09:16 < Kingsy> ok thats done
09:16 < Kingsy> ok connected.. I guess just browse a share?
09:17 <+hyper_ch> just try
09:17 < Kingsy> cant really test with iperf it seems.
09:17 < Nomads> hyper_ch, even without a vpn his network crawls to 1-2 Mbits/s. So the problem lies with the network it seems.
09:17 <+hyper_ch> Nomads: hmmmm
09:17 <+hyper_ch> lan?
09:17 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
09:18 < Kingsy> hyper_ch: still SUPER slow
09:18 <+hyper_ch> ha, having added www.google.com/url?q= to my postfix content filter rules helps :)
09:18 <+hyper_ch> Kingsy: well, if your network without vpn is so slow... then you should fix that first
09:18 < Kingsy> hyper_ch: its not
09:18 <+hyper_ch> Nomads: said it is
09:18 < Kingsy> downloading from the client is about 5Mbit/s
09:18 < Kingsy> uploading to it is slow
09:19 < Kingsy> surely 5mbit/s is enough to browse some folders via the vpn
09:19 <+hyper_ch> well, don't know
09:19 <+hyper_ch> what program do you use to browse folders?
09:19 < Kingsy> just a file manager.. pcmanfm
09:20 <+hyper_ch> well, I noticed that Dolphin is a lot slower on cifs chares than krusader
09:20 < Kingsy> oh.. you could be right..
09:20 < Kingsy> I'll try a few out
09:21 < Kingsy> so is BF-CBC the lightest cipher I can use? just to minimize any load on the pi
09:21 <+hyper_ch> yes
09:21 -!- geniack [~geniack@unaffiliated/geniack] has joined #openvpn
09:21 < Kingsy> great. thanks
09:22 < geniack> hello, i am trying to create a OpenVPN based side-2-side tunnel using tap devices, can anyone point me to the right ressoruce to do this? using google i didnt find a solution that will fit my needs
09:30 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:34 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
09:37 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:44 -!- toli [~toli@109.128.250.107] has joined #openvpn
09:45 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:53 -!- fooooey [~no@c-71-194-64-148.hsd1.il.comcast.net] has quit [Ping timeout: 252 seconds]
09:55 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
10:04 -!- toli [~toli@109.128.250.107] has joined #openvpn
10:18 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
10:18 < phutchins> lo all
10:19 < phutchins> Trying to determine what network (the addresses after 'server') I need to set up for my vpn server and I'm having trouble getting that from the docs. I have a VPN server in AWS who's interface is a 10.10.0.0 255.255.254.0 address. Do I need to set the client pool outside of this range?
10:20 < phutchins> Any time I attempt to set the pool to inside (something like 'server 10.10.0.50 255.255.254.0') OpenVPN doesn't start and doesn't provide any logs... :-\
10:20 <+hyper_ch> hi ecrist
10:20 < phutchins> But then when I set that outside the range, I can connect to VPN but cann't connect to any of the 10.10.0.0 hosts.
10:21 < phutchins> Does that mean that I need to bridge it?
10:27 <@plai> !ipforward
10:27 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
10:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
10:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:37 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
10:46 < phutchins> plai: yeah I've got that down. no worries there.
10:46 < phutchins> I finally found the doc on the difference between routing and bridging
10:47 < phutchins> and i know conceptually what they are but the applicaiton to openvpn is where i was fuzzy
10:47 < phutchins> i just added a push route for the network that I want clients to be able to reach
10:47 < phutchins> with the user IP range outside of the destination network
10:47 < phutchins> and that works.
10:57 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
11:03 -!- Takumo [~Takumo@unaffiliated/takumokatekari] has left #openvpn ["WeeChat 1.3"]
11:14 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:18 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:18 <@ecrist> hi hyper_ch 
11:24 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:33 -!- tamazaki [~tamazaki@95.85.35.109] has joined #openvpn
11:36 < tamazaki> We have a couple hundred users and experiencing significant packet loss. Using iperf and testing without connecting through the VPN we see 0% packet loss. But through the VPN we see around 8%. We suspect that it may have to do with the kernel receive buffers, but are not sure. Does anyone have any experience with troubleshooting this issue?
11:55 <@plai> look also at cpu load
11:55 <@plai> openvpn might be overloaded
11:55 <@plai> for buffer tuning see sndbuf and rcvbuf
11:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
11:58 < tamazaki> plai: thanks, the cpu load is low, looking into rcvbuf.
12:00 < tamazaki> plai: do you think that the --txqueuelen option could be affecting it? ( --txqueuelen n  Linux only) Set the TX queue length on the TUN/TAP interface.  Currently defaults to 100.)
12:01 -!- fooooey [~no@c-71-194-64-148.hsd1.il.comcast.net] has joined #openvpn
12:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:01 < fooooey> question - whats a good radius server to use with openvpn? some i found are a bit outdated
12:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:18 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
12:19 <@plai> tamazaki: no idea
12:19 <@plai> never played with txqueuelen
12:19 <@plai> fooooey: that is more a radius than openvpn question
12:20 <@plai> but freeradius seems to be one of the most common (at least as opensource software)
12:26 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
12:36 -!- _MinerMonster_ [4f327619@gateway/web/cgi-irc/kiwiirc.com/ip.79.50.118.25] has joined #openvpn
12:37 < _MinerMonster_> Hey, guys. I' need to set up a vpn and I'm unsure how to. I've read the "Howto" on the server and I think I'm halfway trough
12:37 < _MinerMonster_> I have all the keys running on the server
12:37 < _MinerMonster_> But I'm unsure on how to connect to it
12:37 < _MinerMonster_> I mean, what filses should I run with openvpn on my client to connect?
12:38 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
12:42 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:51 -!- fooooey [~no@c-71-194-64-148.hsd1.il.comcast.net] has quit [Remote host closed the connection]
13:15  * m3n3chm0 nasZ
13:18 -!- IronY [~IronY@unaffiliated/irony] has quit [Ping timeout: 260 seconds]
13:19 -!- IronY [~IronY@unaffiliated/irony] has joined #openvpn
13:36 -!- AlmogBaku [~AlmogBaku@37.26.149.171] has joined #openvpn
13:37 -!- cryptic1 is now known as cryptic1|afk
13:37 -!- AlmogBaku [~AlmogBaku@37.26.149.171] has quit [Client Quit]
13:39 -!- _MinerMonster_ [4f327619@gateway/web/cgi-irc/kiwiirc.com/ip.79.50.118.25] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
13:47 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:59 < SCHAAP137> hi, i've compiled 2.3.8 from source using LibreSSL 2.2.4 instead of OpenSSL/PolarSSL, compilation succeeds, no issues, however, when I try to forcibly select DHE-RSA-CHACHA20-POLY1305 as a ciphersuite it seems to fail
13:59 < SCHAAP137> I've tried adding them into ssl.c, both on the client and server, but also then it skips this cipher and just selects the next one
13:59 < SCHAAP137> *tls-cipher
14:00 < SCHAAP137> it's as if some kind of extra mechanism, or extra piece of code, would be needed to make it work
14:00 < SCHAAP137> anyone got an idea about this?
14:00 < SCHAAP137> the ciphersuite itself is available in this ssl version, it works on my webserver and ircd without issues
14:01 < SCHAAP137> what i expected was that, when both client and server have the cipher, and both client and server explicitly try to negotiate it, it should just work
14:02 < _FBi> 1seen krzee
14:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
14:14 -!- OS-15853 [~an0n@catv-89-132-205-66.catv.broadband.hu] has joined #openvpn
14:19 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 240 seconds]
14:25 < SCHAAP137> nm, fixed it, it works now
14:25 < SCHAAP137> Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-CHACHA20-POLY1305, 4096 bit RSA
14:28 < SCHAAP137> was my error, sry to bother
14:28 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has joined #openvpn
14:34 < _FBi> !seen krzee
14:34 <@vpnHelper> krzee was last seen in #openvpn 2 weeks, 5 days, 19 hours, 32 minutes, and 32 seconds ago: <krzee> !routebyapp
14:36 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:38 -!- showaz [~showaz@unaffiliated/showaz] has quit []
14:50 -!- vmmello [~vmmello@pdpc/supporter/professional/vmmello] has joined #openvpn
14:50 -!- cryptic1|afk is now known as cryptic1
14:51 < OS-15853> !welcome
14:51 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
14:51 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:52 < OS-15853> !goal
14:52 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:58 < OS-15853> hello. i would like to connect to lans (e.g. A & B) with an openvpn tunnel. the openvpn client runs on an openwrt device (especially the gateway) on network A, the openvpn server runs on an other openwrt device (not the gateway) on network B. i have studied these kinds of configs a lot, and the connection is nearly working well. hosts on lan B can reach all of the hosts on lan A, but from lan A only the openwrt device which runs the
14:58 < OS-15853> server can be reached on lan B.
14:59 < OS-15853> i think it should be a firewall issue on the openwrt device in lan B, but can't figure out the exact problem...
15:01 < OS-15853> on the server log there is "write to TUN/TAP returned 84" when trying to reach a host on lan B other than the server from lan A
15:02 < OS-15853> anybody here with experience connecting two lans using openwrt's openvpn?
15:05 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:05 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:07 < saik0> OS-15853: openwrt's openvpn is just openvpn
15:09 < OS-15853> okay, but i think it is a firewall issue, that's why i mentioned openvpn...
15:09 < OS-15853> openwrt
15:09 < saik0> post /etc/config/firewall from both devs on some pastebin type service
15:09 < OS-15853> okay, thanks.
15:22 -!- flugger [~flugger@c-76-29-125-90.hsd1.il.comcast.net] has joined #openvpn
15:23 < OS-15853> http://0bin.net/paste/baZVJCIG4qOvUiWA#fkN2HZMbLROtCrg7d5XfYfcsTgh-aHSxLTItQva8Mck
15:23 < OS-15853> firewall.user is empty in both cases
15:25 < flugger> !welcome
15:25 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:25 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:26 < flugger> !route
15:26 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
15:26 <@vpnHelper> client
15:26 < saik0> OS-15853: See lines 192-end, A has no vpn zone or forwards
15:30 < OS-15853> okay, but when i connect to lan B with a client other than openwrt in lan A, there is the same situation: there is no traffic to lan B's hosts other than the openvpn server itself.
15:31 < OS-15853> so the problem should be somewhere in lan B (probably on openwrt openvpn server)
15:32 < saik0> hosts on each side need a route to the other. SOMETHING needs to forward the packets
15:35 < OS-15853> routing should be ok on client side(?), the packets targeting lan B reach the tunnel. especially, packets targeting the openvpn server are working well. packets targeting other hosts in lan B stucks at the tunnel with: "write to TUN/TAP returned 84"
15:37 < OS-15853> i do not understand this issue, because if the packet is in the tunnel, the openvpn should route it to the kernel's network stack, and then the kernel's network stack should forward it to the appropriate lan interface. it seems to be that openvpn routing in the tunnel fails?
15:45 < OS-15853> moreover, as i mentioned earlier, the tunnel works well from any host in lan B to any host on lan A (there is a static route specifying lan A on the default gateway of lan B pointing to the openwrt openvpn server on lan B).
15:48 -!- AlmogBaku [~AlmogBaku@bzq-79-180-211-94.red.bezeqint.net] has joined #openvpn
15:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:57 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
15:57 < flugger> I'm trying to make a second key for another client, and I receive an error asking to 'edit the vars script to reflect my configuration....run './clean-all' .. this is not the result I'm looking for as aI already have my other keys made...
16:00 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
16:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:04 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
16:06 -!- Nomads [~Qann@5.135.176.3] has quit [Ping timeout: 250 seconds]
16:07 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Ping timeout: 250 seconds]
16:08 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
16:12 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
16:13 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:14 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
16:15 < OS-15853> saik0: i do not understand. it is annoying. the packet initated from lan A and targeting a host on lan B appears in the tunnel, appears at the lan B (openvpn server) end of the tunnel, even appears on the lan interface of openvpn server in lan B... but no reply.
16:17 < OS-15853> but the backing route is set up correctly (theroetically): the vpn tunnel's subnet is specified as a static route on the default gw of lan B pointing to the openvpn server...
16:41 < flugger> in my ovpn/conf file, can I specify more than one cert/.crt and .key file for multiple clients?
16:52 < OS-15853> flugger: i think no. each client should have its own ovpn config file.
16:53 < flugger> hmm, I see
16:53 < OS-15853> and the server should have another one.
16:55 < flugger> so I've created a certificate authority, and the server's own certificate and key
16:56 < flugger> and I created a certficate and key and ovpn file for 1 client
16:56 < flugger> now I want to go back and make a new certificate and key for 2nd client
16:57 < flugger> ..I don't have to start against with the server cert and .key, do I ?
16:59 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:59 < flugger> sorry... this is my first attempt at configuring openvpn.. I don't want to stat firing off commands blindly...creating a little linux mess that I can't untangle.
16:59 < saik0> flugger: no, just generate new client cert/keys for each client, they should each have unique common names
16:59 < flugger> okay
17:00 < flugger> thats what I thought.. but I'll run ./build-key client2
17:00 < flugger> and not get the expected result..
17:01 < flugger> "pkitool: Need a readable ca.crt and ca.key in /etc/openvpn/easy-rsa/keys"
17:04 < flugger> the keys folder was cleaned by ./clean-all from the previous step after source ./vars
17:04 < flugger> so there are no more files in it
17:04 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
17:05 < saik0> flugger: If you dont have the key to the CA you'll need to initialize a new pki
17:05 < saik0> I'm not familiar with easy-rsa, sorry
17:06 < flugger> okay.. I'll see what I can regenerate
17:07 < flugger> followed the this tutorial to the letter...and it worked "well"...and just going back to add another client is where this kind of got derailed..
17:07 < flugger> I'll backtrack a little and see what I can do
17:09 < flugger> side-note: is it expected that a wifi iPad on the same lan as the vpn server to have connection timeout issues ?
17:14 < flugger> lol loaded question, I know.
17:16 < OS-15853> it is a quiet annoying thing here with this routing problem. sometimes (rarely-randomly) the connections are working. most of the time they doesn't. strange...
17:23 < OS-15853> deeper debugging with tcpdump: the packets reach the target in lan B everytime, the problem is with backrouting to lan A.
17:24 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 240 seconds]
17:27 < OS-15853> ok, i added a backroute through openvpn server in lan B on a specific host manually, and the networking works well! :) maybe the gateway (proprietary tplink device) does not handle the routing well...
17:31 -!- AlmogBaku [~AlmogBaku@bzq-79-180-211-94.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:35 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:40 < OS-15853> saik0: i have solved the issue! it was about the backrouting. the backing route to lan A was: host on lan B -> default gw on lan B -> openvpn server on lan B -> openvpn server on lan A -> host on lan A.
17:41 < saik0> OS-15853: great!
17:41 < OS-15853> the issue was on default gw on lan B. it had static routes set up well, but the spi firewall setting blocked the packet flow
17:42 < OS-15853> so i disabled spi firewall and temporarily fixed the problem.
17:43 < OS-15853> altough the secure solution would be installing openwrt on the default gw device too, and configuring a custom secure firewall...
17:45 < OS-15853> another fix should be pushing the openvpn static route to all of the hosts on lan B via dhcp...
17:49 -!- AlmogBaku [~AlmogBaku@bzq-79-180-211-94.red.bezeqint.net] has joined #openvpn
17:50 -!- AlmogBaku [~AlmogBaku@bzq-79-180-211-94.red.bezeqint.net] has quit [Client Quit]
17:58 < saik0> OS-15853: Maybe you can help me with something. My server has a config push "dhcp-option DNS ..." but the openwrt clients dont add a nameserver to /tmp/resolv.conf or /tmp/resolv.conf.auto
17:58 < saik0> log does show OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
18:03 < OS-15853> saik0: i do not have experience with dhcp-option DNS thing, but according to the docs: https://openvpn.net/index.php/open-source/documentation/howto.html#dhcp only win clients accept and process it automatically, non-win clients need client-side up script...
18:03 <@vpnHelper> Title: HOWTO (at openvpn.net)
18:06 -!- Savemech [Savemech@gateway/shell/firrre/x-ncsodcnybomfqxle] has quit [Excess Flood]
18:06 < saik0> I jumped through some rather silly hoops to avoid calling any shell scripts and getting pushed routes on a secondary routing table. For nothing it seems, haha.
18:09 -!- Savemech [Savemech@gateway/shell/firrre/x-yxhktwhytkkxbqwu] has joined #openvpn
18:16 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
18:16 < fearnothing> how would one have openvpn client configuration override the default dns-search setting in /etc/network/interfaces?
18:17 < fearnothing> (and then undo it when the connection was closed)
18:18 < saik0> fearnothing: something like https://github.com/masterkorp/openvpn-update-resolv-conf/blob/master/update-resolv-conf.sh for up and down scripts
18:19 <@vpnHelper> Title: openvpn-update-resolv-conf/update-resolv-conf.sh at master · masterkorp/openvpn-update-resolv-conf · GitHub (at github.com)
18:19 < fearnothing> I thought so, mine has that in there but I'm still getting weird issues with resolution
18:19 < fearnothing> I'm going to have to come back to it tomorrow, it's too late now
18:19 < saik0> If you got packages fomr your distro it might have a bundled script
18:20 < fearnothing> the issue's come up since I started running my own internal dns server
18:21 < fearnothing> if I set my dns-search to my own dns, I can connect but once it connects it can't resolve any of the servers on the remote network
18:21 < fearnothing> servers/hosts
18:22 < fearnothing> ok, nightnight, talk to you tomorrow
18:25 -!- flugger [~flugger@c-76-29-125-90.hsd1.il.comcast.net] has quit [Ping timeout: 260 seconds]
18:28 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
18:34 < Eugene> !linipforward
18:34 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
18:34 < Eugene> !def1
18:34 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
18:34 < Eugene> !redirect
18:34 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
18:34 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
18:37 < saik0> !dns
18:37 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
18:37 < saik0> !pushdns
18:37 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
18:37 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
19:22 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:24 -!- cagedwisdom [~X@106-69-102-73.dyn.iinet.net.au] has joined #openvpn
19:27 -!- lordvadr [~lordvadr@jose-tc.ctc.biz] has quit [Ping timeout: 260 seconds]
19:31 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:37 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
19:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
19:58 -!- mystica555 [~mystica55@2602:ae:106b:1200:633a:7ef3:2e32:ed37] has quit [Ping timeout: 246 seconds]
20:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:08 -!- cagedwisdom [~X@106-69-102-73.dyn.iinet.net.au] has quit [Ping timeout: 265 seconds]
20:12 -!- mystica555 [~mystica55@2602:ae:1063:f100:7270:ddbf:3e73:7aa8] has joined #openvpn
20:15 -!- somis [~somis@167.160.44.218] has quit [Quit: Leaving]
20:29 -!- liriel [~liriel@185.21.217.6] has quit [Excess Flood]
20:30 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
20:32 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has quit [Read error: Connection reset by peer]
20:39 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has joined #openvpn
20:39 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has quit [Remote host closed the connection]
20:47 -!- sigsts is now known as skyroveRR
21:00 -!- skyroveRR is now known as sigsts
21:08 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Ping timeout: 246 seconds]
21:10 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 250 seconds]
21:11 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
21:13 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Max SendQ exceeded]
21:14 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
21:22 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
21:40 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Max SendQ exceeded]
21:41 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
21:48 <+RBecker> VERIFY ERROR: depth=0, error=unsupported certificate purpose: <blah blah blah>, error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
21:48 <+RBecker> is that an improperly created server cert?
21:51 -!- vmmello [~vmmello@pdpc/supporter/professional/vmmello] has quit [Quit: Leaving]
21:57 <+RBecker> fixed it
21:59 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 260 seconds]
22:12 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:13 -!- jefferai_ [sid1300@kde/mitchell] has joined #openvpn
22:14 -!- Meow-J_ [uid69628@gateway/web/irccloud.com/x-fklnngbbmmfwtefb] has joined #openvpn
22:15 -!- abbe [having@badti.me] has quit [Ping timeout: 240 seconds]
22:15 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 240 seconds]
22:15 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 240 seconds]
22:16 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zktauavtbhmpaxlj] has quit [Ping timeout: 240 seconds]
22:16 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Ping timeout: 240 seconds]
22:16 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 240 seconds]
22:16 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 240 seconds]
22:16 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 240 seconds]
22:16 -!- jefferai [jefferai@kde/mitchell] has quit [Ping timeout: 240 seconds]
22:16 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Ping timeout: 240 seconds]
22:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
22:16 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
22:16 -!- mode/#openvpn [+o krzee] by ChanServ
22:16 -!- abbe [having@badti.me] has joined #openvpn
22:18 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
22:19 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
22:19 -!- Meow-J_ is now known as Meow-J
22:19 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
22:19 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
22:21 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
22:21 -!- jefferai_ is now known as jefferai
22:26 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
22:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
23:13 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Max SendQ exceeded]
23:14 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
23:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:17 -!- mode/#openvpn [+o mattock1] by ChanServ
23:17 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
23:18 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
23:20 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
23:21 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
23:22 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
23:39 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
--- Day changed Wed Nov 04 2015
00:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:05 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has joined #openvpn
00:06 -!- ShadniX [dagger@p5794119C.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:06 -!- ShadniX_ [dagger@p579419A8.dip0.t-ipconnect.de] has joined #openvpn
00:06 -!- ShadniX_ is now known as ShadniX
00:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:24 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 265 seconds]
00:30 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
00:32 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
00:46 -!- shivaya [~root@162-207-204-31.lightspeed.sntcca.sbcglobal.net] has joined #openvpn
00:47 < shivaya> hi guys, i have openvpn server and web server running on one machine. and I wanted to make web availably only through VPN
00:47 < shivaya> however when i am connected to openvpn and go to web in apache logs I see my original IP
00:48 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
00:48 < shivaya> is there a reason for that?
00:52 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
00:57 -!- shivaya [~root@162-207-204-31.lightspeed.sntcca.sbcglobal.net] has quit [Ping timeout: 240 seconds]
01:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:09 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
01:10 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:10 -!- mode/#openvpn [+o mattock] by ChanServ
01:13 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
01:22 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 240 seconds]
01:23 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
01:23 -!- mode/#openvpn [+o dazo_afk] by ChanServ
01:24 -!- dazo_afk is now known as dazo
01:25 -!- early` [~early@105.ip-167-114-152.net] has joined #openvpn
01:25 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 240 seconds]
01:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
01:32 -!- Netsplit *.net <-> *.split quits: early, deetwelve
01:57 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
01:57 -!- mode/#openvpn [+o krzee] by ChanServ
02:03 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:20 < Nomads> Does starting one match block end the previous one? Also, can we do nested match? Like match ip, then match user then apply the rules
02:20 < Nomads> Ehem... Wrong channel :P
02:30 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
02:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:56 < thoht__> hey
02:56 < thoht__> !goal
02:56 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
02:56 < thoht__> i want to create a virtual hub
02:57 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:20 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:26 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has quit [Ping timeout: 260 seconds]
03:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:33 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has joined #openvpn
03:43 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
03:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:55 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:56 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:01 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:15 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:16 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
04:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
04:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
04:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:54 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:59 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:02 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
05:08 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
05:37 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
05:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:40 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
05:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:41 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
05:44 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
05:44 -!- BtbN [btbn@unaffiliated/btbn] has quit [Client Quit]
05:45 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
05:53 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:57 -!- diesel [~diesel@216.151.16.197] has quit [Ping timeout: 272 seconds]
06:24 -!- dazo is now known as dazo_afk
06:24 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 264 seconds]
06:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:35 -!- somis [~somis@167.160.44.218] has joined #openvpn
06:44 -!- somis [~somis@167.160.44.218] has quit [Quit: Leaving]
06:48 -!- somis [~somis@167.160.44.204] has joined #openvpn
06:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 264 seconds]
07:01 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:02 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
07:04 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
07:05 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
07:39 -!- master_of_master [~master_of@p4FD7BFB3.dip0.t-ipconnect.de] has joined #openvpn
07:42 -!- master_o1_master [~master_of@p4FF241EA.dip0.t-ipconnect.de] has quit [Ping timeout: 255 seconds]
07:44 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:58 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
08:01 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 265 seconds]
08:01 -!- dazo_afk is now known as dazo
08:04 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
08:06 -!- saik0_ [~saik0@unaffiliated/saik0] has quit [Ping timeout: 260 seconds]
08:10 -!- _MinerMonster_ [50b70dd0@gateway/web/cgi-irc/kiwiirc.com/ip.80.183.13.208] has joined #openvpn
08:10 < _MinerMonster_> !welcome
08:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
08:10 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:13 < _MinerMonster_> Hey, guys. I have a small problem with easy-rsa. I can't really manage to install it. Could anyone help me with that? :(
08:14 < _MinerMonster_> I don't have it in my dirs and I can't install it from the github cause I can't find the right files in the dl
08:20 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: C'ya (www.rimoto.com)]
08:23 -!- derRichard [~derRichar@pippin.sigma-star.at] has joined #openvpn
08:23 < derRichard> hi
08:24 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:26 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 244 seconds]
08:28 < derRichard> i run a openvpn link over a very stable internet connect (fiber, no packet loss, rtt <5ms, ...). but within the tunnel i'm facing from time (some times minutes, sometimes hours) to time latency peaks >1000ms
08:28 < derRichard> any idea what the cause would be?
08:28 < derRichard> as i run voip over this vpn tunnel, the issue is nasty :)
08:30 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Read error: No route to host]
08:30 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
08:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
08:41 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
08:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:43 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 240 seconds]
08:44 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
08:47 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
08:48 -!- saik0__ [~saik0@unaffiliated/saik0] has joined #openvpn
08:49 -!- saik0_ [~saik0@unaffiliated/saik0] has quit [Ping timeout: 246 seconds]
08:51 -!- dvl [~dvl@freebsd/developer/dvl] has quit [Quit: Ride fast. Take chances.]
08:52 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 260 seconds]
08:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
08:55 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
08:58 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
09:00 -!- saik0__ [~saik0@unaffiliated/saik0] has quit [Ping timeout: 240 seconds]
09:03 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
09:05 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 260 seconds]
09:12 -!- somis [~somis@167.160.44.204] has quit [Quit: Leaving]
09:21 -!- _MinerMonster_ [50b70dd0@gateway/web/cgi-irc/kiwiirc.com/ip.80.183.13.208] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
09:21 -!- fooooey [~no@c-71-194-64-148.hsd1.il.comcast.net] has joined #openvpn
09:22 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
09:24 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:24 -!- saik0_ [~saik0@unaffiliated/saik0] has quit [Ping timeout: 255 seconds]
09:26 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:27 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
09:32 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:32 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
09:33 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:35 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
09:36 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 268 seconds]
09:36 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
09:37 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:38 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:42 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
09:45 -!- saik0_ [~saik0@unaffiliated/saik0] has quit [Ping timeout: 240 seconds]
09:47 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
09:48 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Disconnected by services]
09:48 -!- saik0_ is now known as saik0
09:48 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 244 seconds]
09:50 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:51 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
09:52 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Disconnected by services]
09:52 -!- saik0_ is now known as saik0
09:53 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
09:54 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Client Quit]
10:17 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
10:19 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 268 seconds]
10:20 -!- fooooey [~no@c-71-194-64-148.hsd1.il.comcast.net] has quit [Remote host closed the connection]
10:20 -!- saik0_ [~saik0@unaffiliated/saik0] has quit [Client Quit]
10:32 -!- samu [s@unaffiliated/samaelszafran] has joined #openvpn
10:32 < samu> Hi
10:33 < samu> I have a openvpn server A, that is also a client of another openvpn server B
10:33 < samu> what should I do to make B-s openvpn network available to A clients?
10:33 < samu> A is a tun openvpn server, while B is a tap openvpn server.
10:49 < DArqueBishop> samu:
10:49 < DArqueBishop> !lans
10:49 <@vpnHelper> "lans" is https://www.secure-computing.net/wiki/index.php/OpenVPN/Routing
10:49 < DArqueBishop> !route
10:49 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
10:49 <@vpnHelper> client
10:52 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
11:05 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
11:08 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:14 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:14 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 244 seconds]
11:24 < samu> oh!
11:24 < samu> so i think i missed the route directive, i have the push
11:24 < samu> will try, thanks
11:26 < samu> DArqueBishop: I don't think this works in my setup.
11:27 < samu> i must be missing something
11:29 -!- BtbN_ [btbn@unaffiliated/btbn] has joined #openvpn
11:29 -!- BtbN [btbn@unaffiliated/btbn] has quit [Ping timeout: 240 seconds]
11:30 < samu> DArqueBishop: https://dpaste.de/WcCd - this is more-or-less my setup
11:30 -!- BtbN_ is now known as BtbN
11:30 < samu> i think that in order to allow CLIENT access ips behind DEV i need the client to be able to access the DEV gateway, am i right?
11:31 < samu> so it can route then all traffic to 10.0.0.0/255.240.0.0 through 10.5.0.0.1
11:31 < samu> through 10.5.0.1*
11:31 < samu> btw, MAIN can access all ips from that subnet, so i am able to send and recieve packets to and from 10.10.2.1 from main, but not between client and 10.10.2.1
11:35 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
12:04 -!- DrCode [~DrCode@5.28.134.3] has quit [Read error: Connection reset by peer]
12:06 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
12:14 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
12:15 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
12:20 -!- DrCode [~DrCode@5.28.134.3] has quit [Read error: Connection reset by peer]
12:24 -!- Uranio [~Uranio@ns1.unaicc.cu] has joined #openvpn
12:25 < Uranio> hi there, I'm rahter new to openvpn, now setting up a server. But, after my clients get up, their loss the routes for connect to the vpn server, because the server send a new route table
12:26 < Uranio> how could I push to the client that conserver the route to the server, or what I'm doing wrong
12:26 < Uranio> sorry for may patethic english
12:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
12:38 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
12:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:44 < Uranio> I mean, avid to route trafic to vpn server, over vpn tunnel
12:44 < Uranio> avoid*
12:48 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:53 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:59 < Uranio> redirect-gateway def1
13:17 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
13:24 <@dazo> !howto
13:24 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror
13:25 <@dazo> !learn howto as Getting started with OpenVPN: https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
13:25 <@vpnHelper> Joo got it.
13:26 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:27 -!- Uranio [~Uranio@ns1.unaicc.cu] has quit [Quit: Leaving]
13:33 -!- andreaslindeboom [~andreasli@a83-162-248-144.adsl.xs4all.nl] has joined #openvpn
14:11 -!- somis [~somis@167.160.44.204] has joined #openvpn
14:25 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:36 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
14:45 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:45  * m3n3chm0 nasZ
14:47 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 252 seconds]
14:47 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
14:50 -!- dazo is now known as dazo_afk
14:56 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
15:03 -!- AlmogBaku [~AlmogBaku@62.90.77.78] has joined #openvpn
15:06 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 268 seconds]
15:10 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:24 -!- AlmogBaku [~AlmogBaku@62.90.77.78] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:45 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:10 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
16:22 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
16:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
16:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:44 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
16:54 < KNERD> Who has soem advice for setting up the client to have the comoutert/device to use the gateway on the openVPN server side than liocally?
16:56 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
16:56 < Nomads> Come again?
16:56 < Nomads> Use the openvpn server as a gateway OR use openvpn servers gateway as a gateway?
16:57 < KNERD> okay...thanks
16:58 -!- Denial- [~Denial@host31-52-126-218.range31-52.btcentralplus.com] has quit []
17:00 -!- andreaslindeboom [~andreasli@a83-162-248-144.adsl.xs4all.nl] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:01 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:01 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:06 -!- Denial [~Denial@host31-52-126-218.range31-52.btcentralplus.com] has joined #openvpn
17:17 -!- shadok [~muaddib@unaffiliated/shadok] has joined #openvpn
17:28 -!- shadok [~muaddib@unaffiliated/shadok] has quit [Quit: Konversation terminated!]
17:30 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 246 seconds]
17:32 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
17:32 -!- mode/#openvpn [+o pekster] by ChanServ
18:04 -!- Smrtz [~Jake@unaffiliated/smrtz] has joined #openvpn
18:05 < Smrtz> Hey, I've got a VPN question, but it's not OpenVPN specific.  I hope it's ok if I ask it here?
18:09 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 264 seconds]
18:11 -!- ValdikSS [~valdikss@95.215.45.33] has quit [Ping timeout: 244 seconds]
18:23 < Nomads> Yeah, yu can watch porn on vpn Smrtz
18:24 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
18:25 < Smrtz> I'm working on an android app that needs a secure connection to a remote server.  I'm trying to decide between an IPSec tunnel, PPTP, L2TP, SSTP, or IKEv2.  I'm struggeling to understand the differences between them, would someone help outline them for me please?\
18:25 < Smrtz> Sorry, I thought I hit enter on that a while ago, haha.
18:31 < Nomads> I'm not a guru. I'll try to write what I know. Someone else will correct me if I'm wrong. Well, PPTP is NOT secure but it helps you get a fast connection. L2TP is pretty secure and kind of new tech compared to most. SSTP uses PPP or L2TP via ssl3 but... if security is what you want that's a big naaaah! IKE, I dunno. OpenVPN, not THAT secure. IPSec is mostly client o client connection.
18:31 < Nomads> No worries, we all know you meant that. :P
18:31 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
18:31 -!- mode/#openvpn [+v s7r] by ChanServ
18:31 -!- valdikss [~valdikss@95.215.45.33] has joined #openvpn
18:32 < Smrtz> IPSec is client to client?  What do you mean by that?  And thanks for the help.
18:37 < Nomads> As a person who never had to deal with them before... My understanding is that they work like a layer 2 tap openvpn. I might be wrong though. Better check google for those
18:37 < Smrtz> Ahh, cool.
18:37 < Smrtz> Thanks for the help man.
18:37 < Nomads> Sorry, when nobody speaks, I feel an urge to do so :P
18:38 < Smrtz> Haha, no worries dude, I'm glad you helped.
19:57 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 272 seconds]
20:00 -!- zoredache [~zoredache@pdpc/supporter/professional/zoredache] has quit [Remote host closed the connection]
20:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
20:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
20:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
20:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Client Quit]
21:06 -!- ShadniX [dagger@p579419A8.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
21:07 -!- ShadniX [dagger@p579419A8.dip0.t-ipconnect.de] has joined #openvpn
22:00 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 260 seconds]
22:13 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:45 -!- GitGud [~GitGud@unaffiliated/gitgud] has joined #openvpn
22:46 -!- SirCrunkleton [~SirCrunkl@67-7-230-55.dlth.qwest.net] has joined #openvpn
22:46 < SirCrunkleton> hi, I'm using Debian and trying to use the KDE network connection manager to use a vpn. it connects fine but my ip address never changes
22:52 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
23:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:22 -!- SirCrunkleton [~SirCrunkl@67-7-230-55.dlth.qwest.net] has quit [Remote host closed the connection]
23:44 -!- ayaz_ [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:45 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 255 seconds]
23:53 -!- ayaz_ is now known as ayaz
23:53 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 272 seconds]
23:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
--- Day changed Thu Nov 05 2015
00:04 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:04 -!- ShadniX [dagger@p579419A8.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:04 -!- ShadniX_ [dagger@p57941809.dip0.t-ipconnect.de] has joined #openvpn
00:05 -!- ShadniX_ is now known as ShadniX
00:06 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
00:13 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
00:14 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
00:25 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
00:29 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Read error: Connection reset by peer]
00:29 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:31 -!- mystica555 [~mystica55@2602:ae:1063:f100:7270:ddbf:3e73:7aa8] has quit [Ping timeout: 246 seconds]
00:32 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 264 seconds]
00:45 -!- mystica555 [~mystica55@2602:b8:6086:2400:21a8:757:6922:233c] has joined #openvpn
00:51 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 255 seconds]
00:52 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
00:59 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Max SendQ exceeded]
00:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:01 -!- sigsts is now known as skyroveRR
01:01 -!- skyroveRR is now known as sigsts
01:10 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:15 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
01:20 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:20 -!- mode/#openvpn [+o mattock1] by ChanServ
01:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
01:31 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
01:36 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
01:55 -!- Aww [aww@12fcali.online] has left #openvpn ["Leaving"]
01:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:03 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:29 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 255 seconds]
02:31 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 265 seconds]
02:35 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
02:37 <@plai> Smrtz: does only the app need the secure connection or do you want secure connection for everything on the phone
02:48 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
02:58 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
02:59 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
02:59 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
03:07 -!- tekzilla [~jon@217.147.92.57] has joined #openvpn
03:07 -!- deed02392 [~deed02392@2001:41d0:2:ab60::1] has joined #openvpn
03:07 -!- deed02392 [~deed02392@2001:41d0:2:ab60::1] has quit [Changing host]
03:07 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
03:12 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has joined #openvpn
03:48 -!- kelyane [~kelyane@095-097-075-130.static.chello.nl] has joined #openvpn
03:49 -!- kelyane [~kelyane@095-097-075-130.static.chello.nl] has left #openvpn ["Leaving"]
03:49 < Kingsy> when you connect to an openvpn its possible to ping the local ips from the client.. butj you cant ping the local ip of the client from the server machine, would you need to use the tun0 addr and not the local addresss? so 10.8.0.6 ?
03:55 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
03:55 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has joined #openvpn
04:01 -!- dazo_afk is now known as dazo
04:03 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: Textual IRC Client: www.textualapp.com]
04:05 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:07 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:10 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
04:13 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:24 -!- BtbN [btbn@unaffiliated/btbn] has quit [Remote host closed the connection]
04:25 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
04:27 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
04:31 -!- mystica555 [~mystica55@2602:b8:6086:2400:21a8:757:6922:233c] has quit [Ping timeout: 240 seconds]
04:43 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:45 -!- mystica555 [~mystica55@2602:47:da13:d100:2bea:b3d7:9e91:9cd2] has joined #openvpn
05:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:19 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:39 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
05:44 -!- turlando [~turlando@151.20.178.30] has joined #openvpn
05:44 < turlando> Hello everyone
05:46 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:49 < turlando> I was trying to set up a VPN to my home network in order to access to my services in mobility. Since I don't know the networks I will be connecting from how should I set up the routing rules?
05:49 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
05:50 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:52 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
05:55 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:08 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
06:11 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:14 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 268 seconds]
06:17 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
06:18 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:22 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
06:23 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:28 -!- Nomads [~Qann@5.135.176.3] has quit [Remote host closed the connection]
06:33 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
06:39 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
06:59 <@dazo> turlando: you will always need to configure routing with VPN
07:03 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:04 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
07:06 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:08 -!- troydm [~troydm@unaffiliated/troydm] has joined #openvpn
07:09 < troydm> I have a openvpn server with push "route ...." configuration but when I connect to using my Mac OS X client route gets added to route table however interface is en0 instead of tap0
07:09 < troydm> what is wrong? should it bind the route to interface vpn is on?
07:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:23 < troydm> nvm I got it, had incorrect gw and thus it binded to incorrect interface
07:23 -!- troydm [~troydm@unaffiliated/troydm] has left #openvpn ["What is hope? That all of your wishes and all of your dreams come true? (C) Rau Le Creuset"]
07:26 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 246 seconds]
07:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
07:28 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
07:29 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:39 -!- master_o1_master [~master_of@p4FF248FA.dip0.t-ipconnect.de] has joined #openvpn
07:42 -!- master_of_master [~master_of@p4FD7BFB3.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
07:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:56 < turlando> Does OpenVPN support ec keys? Because I'm getting this error using those on openvpn 2.3.6 Thu Nov  5 14:23:08 2015 Private key does not match the certificate: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you should not call: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
07:56 < turlando> Thu Nov  5 14:23:08 2015 Exiting due to fatal error
08:03 -!- nullsign [~nullsign@tyrion.nullsign.com] has quit [Ping timeout: 264 seconds]
08:06 -!- nullsign [~nullsign@tyrion.nullsign.com] has joined #openvpn
08:24 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
08:27 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
08:30 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
08:31 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
08:41 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
08:42 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:46 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 250 seconds]
08:47 -!- biax_ [~biax@unaffiliated/biax] has joined #openvpn
08:48 -!- d10n [~d10n@unaffiliated/d10n] has quit [Ping timeout: 250 seconds]
08:48 -!- julie_harshaw [~julie@juliekoubova.net] has quit [Ping timeout: 250 seconds]
08:48 -!- dmilith [~dmilith@verknowsys.com] has quit [Ping timeout: 265 seconds]
08:48 -!- CGML [~CGML@unaffiliated/cgml] has quit [Quit: No Ping reply in 180 seconds.]
08:48 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 244 seconds]
08:48 -!- Kingsy [~chris@unaffiliated/kingsy101] has quit [Ping timeout: 250 seconds]
08:49 -!- riddle [riddle@us.yunix.net] has quit [Ping timeout: 250 seconds]
08:49 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has quit [Ping timeout: 250 seconds]
08:49 -!- biax [~biax@unaffiliated/biax] has quit [Ping timeout: 255 seconds]
08:50 -!- master_o1_master [~master_of@p4FF248FA.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
08:50 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
08:50 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
08:50 -!- master_of_master [~master_of@p4FF248FA.dip0.t-ipconnect.de] has joined #openvpn
08:51 -!- riddle [riddle@us.yunix.net] has joined #openvpn
08:51 -!- abra0 [abra0@unaffiliated/abra0] has quit [Remote host closed the connection]
08:51 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
08:52 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 250 seconds]
08:52 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
08:52 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
08:54 -!- Exagone313 [exa@elou.world] has joined #openvpn
08:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
09:04 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
09:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:09 -!- showaz [~showaz@unaffiliated/showaz] has quit []
09:20 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:33 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has quit [Quit: Lost terminal]
09:34 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has joined #openvpn
10:01 <@dazo> turlando: in openvpn 2.3, only partial EC support is available ... but I always gets confused what is supported or not .... maybe syzzer or plai can shed some light on this topic?
10:02 -!- nhooyr [~nhooyr@aubble.com] has joined #openvpn
10:03 < nhooyr> how would I have proper authentication with openvpn? I want to use certificates but I don't want them to last longer than 30 days but then I have to resign and send the new ones to the clients. I don't want to use passwords because I have to create user accounts for each person. is there an alternative?
10:04 <@dazo> nhooyr: how would you like to have it solved then, if you don't want to re-issue certificates due to expiry or you don't want to create user accounts?
10:05 < nhooyr> dazo: uh sorry forgot to mention that the way I want it is to store my users/passwords in a database instead of user accounts. i'd like to seperate them.
10:06 < DArqueBishop> Just out of curiosity, why don't you want the certificates to last longer than 30 days?
10:06 < nhooyr> or even certificates that I can reauthenticate every 30 days without sending to clients somehow
10:06 < nhooyr> uh my friends pay me $5 a month for a vpn, i don't want them to be able to use the certiicates after 30 days so they can pay me first.
10:06 -!- dmilith [~dmilith@verknowsys.com] has joined #openvpn
10:07 <@dazo> nhooyr: it is possible to have long lasting certificates, and then have a --tls-verify script which blocks or allows certificates on a per user basis
10:07 < nhooyr> dazo: ah ok ill check that out. i need to create a script anyway to block multilogins.
10:08 <@dazo> nhooyr: unless you add the --duplicate-cn option, if the CN is unique per user, they can't connect multiple times ... their connections will at best be really unstable as the other already connected client gets kicked out
10:08 < DArqueBishop> You can't log in more than once with the same certificate.
10:09 <@dazo> nhooyr: this is probably an overkill solution for you, but have a look at !eurephia too
10:09 <@dazo> !eurephia
10:09 <@vpnHelper> "eurephia" is http://www.eurephia.net/
10:10 <@dazo> it somewhat provides that access control you're looking for ... but it adds/expects username/password auth in addition to certificates
10:13 < nhooyr> oh
10:14 < nhooyr> alright thanks for the help bois
10:21 -!- Nomads [~Qann@5.135.176.3] has quit [Remote host closed the connection]
10:22 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
10:22 -!- Nomads [~Qann@5.135.176.3] has quit [Remote host closed the connection]
10:23 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
10:23 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
10:24 -!- Nomads [~Qann@5.135.176.3] has quit [Remote host closed the connection]
10:25 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
10:28 < turlando> dazo: should I try with the development version?
10:41 < nhooyr> dazo: is there any way to store the users in a postgressql database and then do authentication from there, or do i have to write my own plugin. actually i think i'll do that.
10:42 < nhooyr> is there anyything really important I should know before i create the script? I know i have to use auth-user-pass-verify or plugin
10:45 -!- CaTtleyA [~CaTtleyA@46.218.7.250] has quit [Ping timeout: 272 seconds]
10:48 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
10:53 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
10:55 -!- ketas- [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
10:55 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:55 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
10:57 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-fklnngbbmmfwtefb] has quit [Ping timeout: 264 seconds]
10:57 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:58 -!- troyt_ [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has joined #openvpn
10:58 -!- hive-mind [pranq@mail.bbis.us] has quit [Disconnected by services]
10:58 -!- iokill_ [~dave@pippin.sigma-star.at] has joined #openvpn
10:58 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-hdhmtclbprdjlqic] has joined #openvpn
10:58 -!- lxusrbin_ [~lxusrbin@scotty.fr0st.it] has joined #openvpn
10:58 -!- cylon512_ [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
10:58 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Disconnected by services]
10:58 -!- Eagleman7 [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:58 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Disconnected by services]
10:59 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
10:59 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
10:59 -!- MrPocketz [~John@unaffiliated/mrpockets] has joined #openvpn
11:00 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
11:00 -!- netwoodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
11:01 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 264 seconds]
11:01 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
11:01 -!- mode/#openvpn [+o plaisthos] by ChanServ
11:02 -!- arlen_ [~arlen@2600:3c00:e000:d6::5] has joined #openvpn
11:03 -!- Tyklol [tykling@gibfest.dk] has joined #openvpn
11:03 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has quit [Disconnected by services]
11:03 -!- netwoodle is now known as noodle
11:04 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
11:04 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 264 seconds]
11:04 -!- barq [sid103986@gateway/web/irccloud.com/x-srvddtlqikkyzkuk] has quit [Ping timeout: 264 seconds]
11:05 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 264 seconds]
11:08 -!- barq [sid103986@gateway/web/irccloud.com/x-tdqmucehuluxrsqb] has joined #openvpn
11:09 -!- Netsplit *.net <-> *.split quits: @plai, ketas, madmattco, rich0, dyce, MrPockets, Poster, iokill, Eagle_Erwin, ljvb,  (+9 more, use /NETSPLIT to show all of them)
11:09 -!- arlen_ is now known as arlen
11:09 -!- Eagleman7 is now known as Eagleman
11:10 -!- Netsplit over, joins: Poster
11:10 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:10 -!- Netsplit over, joins: KNERD
11:12 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has joined #openvpn
11:14 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 250 seconds]
11:17 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
11:26 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 240 seconds]
11:36 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
11:36 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
11:37 < turlando> I'm posting again since I didn't get much replies: Does OpenVPN support ec keys? Because I'm getting this error using those on openvpn 2.3.6 Thu Nov  5 14:23:08 2015 Private key does not match the certificate: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you should not call: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
11:39 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
11:49 <@dazo> nomad_fr: you'll have to write it ... I actually have come quite far on a postgresql driver for eurephia, but it is quite bleeding edge and the eurephia management part isn't quite there yet ... other than that, read the SCRIPTING AND ENVIRONMENT section of the man page careful, and the details about --auth-user-pass-verify ... for the highest security level, a plugin is probably better - if implemented correctly
11:49 <@dazo> (for SQL based auth, that means you should use prepared statements to avoid SQL injection attacks)
11:52 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:09 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
12:21 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Ping timeout: 250 seconds]
12:28 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:34 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has joined #openvpn
12:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
12:52 -!- defsdoor [~andy@cpc37-sutt4-2-0-cust84.19-1.cable.virginm.net] has quit [Ping timeout: 252 seconds]
12:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
13:01 -!- somis [~somis@167.160.44.204] has quit [Quit: Leaving]
13:02 -!- GitGud [~GitGud@unaffiliated/gitgud] has quit [Quit: Bye na :}]
13:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
13:12 -!- hive-mind [pranq@mail.bbis.us] has quit [Remote host closed the connection]
13:13 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
13:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:21 < Smrtz> if I've got two clients connecting threw OpenVPN, can they see eachothers traffic?  Is it encrypted?
13:22 < samu> it depends on the traffic and your configuration.
13:23 < samu> but in general, a client should not see the traffic that flows between the vpn server and another client
13:29 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
13:31 -!- OS-15853 [~an0n@catv-89-132-205-66.catv.broadband.hu] has quit [Read error: Connection reset by peer]
13:36 -!- DemonWav [~DemonWav@unaffiliated/demonwav] has joined #openvpn
13:36 -!- DemonWav [~DemonWav@unaffiliated/demonwav] has left #openvpn ["Leaving"]
13:52 -!- ketas- is now known as ketas
13:56 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
14:03 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 250 seconds]
14:07 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:08 -!- biax_ [~biax@unaffiliated/biax] has quit [Read error: Connection timed out]
14:09 -!- biax_ [~biax@unaffiliated/biax] has joined #openvpn
14:15 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
14:21 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 260 seconds]
14:30 <@dazo> turlando: https://github.com/OpenVPN/openvpn/blob/master/README.ec
14:30 <@vpnHelper> Title: openvpn/README.ec at master · OpenVPN/openvpn · GitHub (at github.com)
14:31 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Quit: Leaving]
14:33 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
14:47 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
15:04 -!- Smrtz [~Jake@unaffiliated/smrtz] has quit [Read error: Connection reset by peer]
15:40 -!- somis [~somis@167.160.44.205] has joined #openvpn
15:40 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:46 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 255 seconds]
15:58 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
16:06 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Excess Flood]
16:07 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
16:13 -!- troyt_ [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 240 seconds]
16:13 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 240 seconds]
16:13 -!- mystica555 [~mystica55@2602:47:da13:d100:2bea:b3d7:9e91:9cd2] has quit [Ping timeout: 240 seconds]
16:14 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
16:15 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has joined #openvpn
16:17 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
16:17 -!- mode/#openvpn [+o plaisthos] by ChanServ
16:18 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Quit: Ex-Chat]
16:18 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
16:19 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
16:20 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Remote host closed the connection]
16:23 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
16:28 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:31 -!- mystica555 [~mystica55@2602:47:da13:d100:2bea:b3d7:9e91:9cd2] has joined #openvpn
16:36 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 264 seconds]
16:48 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
16:49 -!- DemonWav [~DemonWav@unaffiliated/demonwav] has joined #openvpn
16:50 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 246 seconds]
16:51 < DemonWav> #openvpn_as is pretty much dead, is it against the rules if I'm using it and I ask a question here?
16:52 -!- phantomcircuit [~phantomci@strateman.ninja] has quit [Quit: quit]
16:52 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
17:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
17:18 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 246 seconds]
17:19 -!- drwx [~drwx@unaffiliated/drwx] has joined #openvpn
17:20 < drwx> !welcome
17:20 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
17:20 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:20 < drwx> !goal
17:20 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
17:21 < drwx> hi, i'm not sure this is the right place to ask but i have a routing issue which involves an openvpn tunnel
17:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:23 < drwx> so i have this server with eth0 192.18.1.7, tun0 w.x.y.128 (some public ip)
17:24 < drwx> routes are the following: http://sprunge.us/LhXj
17:24 < drwx> so all traffic goes through tun0
17:25 < drwx> but in case the vpn starts acting up, i'd like to have a backup ssh access via eth0
17:26 < drwx> but whenever i receive a packet from a public ip on eth0, the reply never arrives because it would have to be sent through another interface
17:26 < drwx> is there any way i can mark the return packet to make it be sent via eth0 if it came from eth0
17:27 < drwx> i looked into CONNMARK but couldn't make it work
17:30 < drwx> and i can't an ip rule from 192.168.1.254 because that router doesn't do SNAT
17:30 < drwx> so packets arrive on eth0 directly with a public IP as source address
17:31 < drwx> let me know if i'm not specific enough, i can show more examples
17:31 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
17:39 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
17:41 -!- vvande [~vvande@107.191.96.48] has quit [Read error: Connection reset by peer]
17:41 -!- liriel [~liriel@185.21.217.6] has quit [Quit: bye]
18:03 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 264 seconds]
18:04 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
18:07 -!- dazo is now known as dazo_afk
18:13 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
18:14 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
18:14 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 252 seconds]
18:15 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
18:17 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
18:24 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has joined #openvpn
18:35 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
18:58 -!- somis [~somis@167.160.44.205] has quit [Quit: Leaving]
19:10 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
19:50 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
19:50 -!- liriel [~liriel@185.21.217.6] has quit [Remote host closed the connection]
19:53 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
19:53 -!- liriel [~liriel@185.21.217.6] has quit [Remote host closed the connection]
20:05 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
20:05 -!- liriel [~liriel@185.21.217.6] has quit [Remote host closed the connection]
20:19 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 272 seconds]
20:21 -!- rich0_ is now known as rich0
20:22 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
21:13 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 264 seconds]
21:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
21:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:21 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
21:23 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 260 seconds]
21:24 < DemonWav> drwx yeah I asked for help about 4-5 hours before you did as well
21:24 < DemonWav> it's like no one ever looks at this channel
21:24 < DemonWav> or #openvpn-as
21:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
21:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:31 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
21:34 -!- vvande [~vvande@107.191.96.48] has joined #openvpn
22:01 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
22:22 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
22:54 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:04 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
23:06 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
23:10 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
23:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:23 -!- mode/#openvpn [+o mattock1] by ChanServ
23:49 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
--- Day changed Fri Nov 06 2015
00:00 -!- diytto [~diytto@de.diytto.com] has quit [Ping timeout: 264 seconds]
00:00 -!- DrCode [~DrCode@5.28.134.3] has quit [Quit: ZNC - http://znc.in]
00:02 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
00:04 -!- ShadniX [dagger@p57941809.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:05 -!- ShadniX [dagger@p5481DDD8.dip0.t-ipconnect.de] has joined #openvpn
00:11 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:18 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
00:29 < turlando> dazo: So it should be working, but it's not
00:30 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
00:32 < turlando> !poodle
00:32 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
00:36 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has joined #openvpn
00:38 -!- arlen [~arlen@2600:3c00:e000:d6::5] has quit [Quit: exit]
00:39 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
01:12 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
01:14 -!- boneskul_ [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 260 seconds]
01:16 -!- boneskull [~boneskull@108.62.153.252] has joined #openvpn
01:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
01:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
01:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:18 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:19 -!- bigdadykang [~patrick@dc.gigenet.com] has joined #openvpn
02:24 < drwx> hehe alright DemonWav
02:29 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:33 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has quit [Remote host closed the connection]
02:33 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
02:37 < bigdadykang> hello, I have a centos web server hosting wordpress and was thinking about setting up an openvpn server. I want to require vpn to access(ssh or wordpress dash) the web server content. would this effect my wordpress site's web traffic?
02:38 -!- Crew-L-T [~Crew-L-T@89-162-71-239.fiber.signal.no] has quit [Ping timeout: 244 seconds]
02:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:01 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:03 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
03:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:23 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:38 < drwx> bigdadykang: no, not unless you change how routing is done on the server
03:52 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 250 seconds]
03:54 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
04:00 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
04:00 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
04:02 -!- mystica555 [~mystica55@2602:47:da13:d100:2bea:b3d7:9e91:9cd2] has quit [Ping timeout: 250 seconds]
04:15 -!- mystica555 [~mystica55@2602:47:da16:4e00:66c7:d1da:db86:721e] has joined #openvpn
04:22 < subzero79> !routebyapp
04:22 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on
04:22 <@vpnHelper> defined policies you set. For Linux, read about !lartc
04:22 -!- turlando [~turlando@151.20.178.30] has quit [Ping timeout: 246 seconds]
04:23 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
04:25 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 260 seconds]
04:44 -!- dazo_afk is now known as dazo
04:50 -!- ashka [~postmaste@pdpc/supporter/active/ashka] has joined #openvpn
05:08 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Ping timeout: 265 seconds]
05:10 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
05:30 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:46 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:48 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:17 < drwx> !lartc
06:17 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
06:17 -!- mjtowell [~mjtowell@unaffiliated/mjtowell] has joined #openvpn
06:23 < bigdadykang> drwx: ty
06:32 -!- mjtowell [~mjtowell@unaffiliated/mjtowell] has quit [Quit: Leaving]
06:44 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
06:48 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: sigterm]
06:48 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
06:48 -!- mode/#openvpn [+v s7r] by ChanServ
06:49 -!- valdikss [~valdikss@95.215.45.33] has quit [Ping timeout: 265 seconds]
06:50 -!- valdikss [~valdikss@95.215.45.33] has joined #openvpn
07:15 < drwx> 00:19 < drwx> so i have this server with eth0 192.18.1.7, tun0 w.x.y.128 (some public ip)
07:15 < drwx> 00:19 < drwx> routes are the following: http://sprunge.us/LhXj
07:15 < drwx> 00:20 < drwx> so all traffic goes through tun0
07:16 < drwx> 00:21 < drwx> but in case the vpn starts acting up, i'd like to have a backup ssh access via eth0
07:16 < drwx> 00:21 < drwx> but whenever i receive a packet from a public ip on eth0, the reply never arrives because it would have to be sent through another interface
07:16 < drwx> 00:22 < drwx> is there any way i can mark the return packet to make it be sent via eth0 if it came from eth0
07:16 < drwx> 00:22 < drwx> i looked into CONNMARK but couldn't make it work
07:16 < drwx> 00:25 < drwx> and i can't an ip rule from 192.168.1.254 because that router doesn't do SNAT
07:16 < drwx> 00:26 < drwx> so packets arrive on eth0 directly with a public IP as source address
07:16 < drwx> 00:26 < drwx> let me know if i'm not specific enough, i can show more examples
07:19 <@ecrist> what was the point of that?
07:21 < drwx> ecrist: 14:11 < drwx> 00:21 < drwx> but in case the vpn starts acting up, i'd like to have a backup ssh access via eth0
07:22 < drwx> as i said yesterday it might not be the best place to ask but i don't know any other relevant channel
07:26 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:27 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
07:28 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
07:32 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:38 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:40 -!- master_o1_master [~master_of@p4FD7BFC2.dip0.t-ipconnect.de] has joined #openvpn
07:43 -!- master_of_master [~master_of@p4FF248FA.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
07:44 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
07:50 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 240 seconds]
07:54 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:57 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
07:57 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:10 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 244 seconds]
08:11 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:13 -!- bigdadykang [~patrick@dc.gigenet.com] has quit [Quit: Leaving]
08:13 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
08:21 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
08:22 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 240 seconds]
08:23 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
08:29 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
08:35 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:38 -!- u0m3 [~u0m3@89.120.204.99] has quit [Read error: Connection reset by peer]
08:40 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:49 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
08:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
08:58 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
08:59 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
09:19 -!- cylon512_ [~cylon@nat2-nj01.vmpanel.net] has quit [Quit: leaving]
09:19 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
09:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
09:36 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:42 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
09:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:48 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
09:50 -!- leo2007 [~leo2007@128.199.230.246] has quit [Quit: happy hacking]
09:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:00 -!- passt_ [d4caf772@gateway/web/freenode/ip.212.202.247.114] has joined #openvpn
10:01 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 255 seconds]
10:03 < passt_> I've created a client certificate without a password. I want to delete this certificate instead of revoking it.
10:03 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
10:05 < passt_> I don't think that moving or deleting the three client certificate files is the right option, because the client's certificate name is still in the file index.txt and possibly  in other files, too.
10:09 < drwx> passt_: delete from where? what's the issue?
10:10 < passt_> from the folder ./keys
10:10 < drwx> keys is just the folder where keys are generated
10:10 < drwx> the server will accept the certificate as long as it isn't revoked and was signed with your CA
10:11 < passt_> hm, I'm not quite sure if I understand right
10:12 < DArqueBishop> passt_, the server doesn't actually need a copy of the client certificate to accept it.
10:12 < passt_> when I revoke a client's certificate, can I create a new certificate with the same client's common name?
10:13 < DArqueBishop> passt_, yes.
10:14 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-hdhmtclbprdjlqic] has quit [Quit: Connection closed for inactivity]
10:14 < passt_> and when I don't revoke it, I can't create a new cert with the same CN?
10:18 < passt_> ok, thanks, I think I understand
10:19 -!- passt_ [d4caf772@gateway/web/freenode/ip.212.202.247.114] has quit [Quit: Page closed]
10:28 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
10:31 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
10:31 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Ping timeout: 264 seconds]
10:32 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 264 seconds]
10:33 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
10:34 -!- Denial [~Denial@host31-52-126-218.range31-52.btcentralplus.com] has quit [Ping timeout: 260 seconds]
10:34 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
10:35 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
10:46 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
10:47 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has joined #openvpn
10:51 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 264 seconds]
10:51 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
10:56 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:57 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
10:59 -!- GFXDude [~GFXDude@ciscoasa.ecrsoft.com] has joined #openvpn
11:04 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
11:17 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
11:19 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
11:50 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:52 -!- boneskull [~boneskull@108.62.153.252] has quit [Ping timeout: 272 seconds]
11:54 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
12:03 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
12:10 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has joined #openvpn
12:10 < tete_> !welcome
12:10 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
12:10 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
12:11 < tete_> !goal i have a ubiquity router running edgemax (like vyatta) and would like to connect from my windows (7)/linux (Fedora 23) machine to it. but i get an error http://pastebin.com/u8m6pkF5 and i really dont understand why i get it
12:12 < tete_> i also re-created the CA, the server cert and the client cert
12:13 < tete_> it would help me a lot if i could somehow do some testing (connect to openvpn and get the server certificate in use etc.) for further analysis
12:15 < tete_> this is btw. the log from the server
12:25 -!- PsynoKhi0 [~none@c-83-233-26-188.cust.bredband2.com] has joined #openvpn
12:30 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
12:32 -!- APTX [~APTX@unaffiliated/aptx] has quit [Remote host closed the connection]
12:33 < DArqueBishop> tete_, I could be mistaken, but it looks like your client is simply unable to connect to the server.
12:33 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
12:33 < tete_> DArqueBishop, i think so too, guess its firewall related on the ubiquity device
12:33 < tete_> the device did never rx any paket
12:37 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:47 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has quit [Quit: Leaving]
12:59 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:08 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
13:08 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
13:19 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
13:19 -!- dvl [~dvl@freebsd/developer/dvl] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
13:26 -!- pipework is now known as |work
13:29 -!- |work is now known as spaceghost|work
13:47 -!- dazo is now known as dazo_afk
13:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
13:57 -!- stryngs [~stryngs@unaffiliated/stryngs] has joined #openvpn
13:57 < stryngs> !welcome
13:57 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:57 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:58 < stryngs> !goal test
13:59 < stryngs> !howto
13:59 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror or (#3) Getting started with OpenVPN: https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
14:00 < stryngs> Hi, is this channel pretty active?  I'm looking to setup OpenVPN on some DD-WRT Routers...
14:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:01 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
14:17 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:19 < Eugene> Active? Not particularly. Helpful? Yes.
14:20 < Eugene> Patience is a virtue
14:26 -!- julius [~julius@2a01:4f8:c17:1f9::2] has joined #openvpn
14:26 < julius> hi
14:29 < julius> i keep getting: skysedge/62.226.x.x:42749 MULTI: bad source address from client [62.226.153.x.x]            skysedge is a client with a network (192.168.1.0) behind it.   the server got the ccd file: /etc/openvpn/ccd/skysedge     it got: iroute 192.168.1.0 255.255.255.0 in it
14:29 < julius> why am i still getting these messages?
14:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
14:31 < Eugene> Because the client is routing traffic via the VPN that the server isn't expecting
14:31 < Eugene> In this case, 62.226.153.x.x, which it turns out isn't even a valid IP address ;-)
14:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:34 < julius> you know what i mean by that
14:34 < julius> how can he not accept a client that is connected via pppoe?
14:35 < julius> wait, it might only be happening when --redirect-gateway def1 is in use
14:35 < julius> without it it seems ok, till now
14:46 -!- PsynoKhi0 [~none@c-83-233-26-188.cust.bredband2.com] has quit [Quit: leaving]
15:06 < julius> im not really sure what the difference between "redirect-gateway" AND "redirect-gateway def1" is
15:06 < julius> can somebody explain that?
15:08 < fearnothing> hi, I'm running a vpn server and getting my sister to connect to it and it's doing something weird
15:09 < fearnothing> she has her laptop connected to wireless, but when she connects to my vpn it's applying the network settings to her ethernet interface
15:13 < fearnothing> so the connection gets established but she's never getting routed correctly
15:14 -!- alchemistswl [~alchemist@p4FC85E59.dip0.t-ipconnect.de] has joined #openvpn
15:15 < alchemistswl> Good Day everyone, I have a question regarding OpenVPN and IP addresses. I have two external IP Addresses on my virtual private server and want one of those IP's to be assigned to a VPN Client connecting, my question is that a) even possible and b) what should I look for in the documentation? Any help greatly appreciated.
15:16 < fearnothing> what do you mean by one of those IPs to be assigned to a VPN client connecting?
15:16 < alchemistswl> Right, the thing is, I want to have one of these IP Addresses to be routed to a VPN Client accessing
15:17 < alchemistswl> so there is only 1 client which will connect to this OpenVPN setup and that client should get assigned one of the IP Address my server has and then be reachable over that
15:17 < alchemistswl> I dont have an IP-Block just 2 Addresses
15:18 < fearnothing> that's fine, I believe the normal behaviour is for the server to bind to a single IP... someone else correct me if I'm wrong there please
15:19 < alchemistswl> Right so the server should bind to IP-1 and when client connected, this client gets assigned IP-2 of the server, thats basically my thinking if that is even possible instead of the privat subnets
15:19 < fearnothing> ah, I see
15:20 < fearnothing> I really don't think that's a good idea
15:21 < fearnothing> I mean, these IPs are your public IPs right?
15:21 < DArqueBishop> Not only do I not think it's a good idea, I'm pretty sure (though I could be wrong) that it's not even possible.
15:21 < fearnothing> heh DArqueBishop - I suspect it would be possible, although you might have to do some hackery
15:22 < alchemistswl> the public IP isnt the problem since that IP would be pulled over to a second server.
15:22 < fearnothing> alchemistswl I think you have misunderstood how it's supposed to work
15:22 < fearnothing> the clue is in the name: Virtual PRIVATE Network
15:23 < fearnothing> if you had the client being given a public IP, that would completely defeat the object
15:23 < fearnothing> because then anyone would be able to connect to your client.
15:23 < alchemistswl> Thats not always the case, for example if I had an IP-Block for myself I could assign every client its own external IP
15:23 < alchemistswl> And this is common for providers who allow ppl to access the internet without censorship
15:24 < fearnothing> ok, maybe I'm just not following your description properly
15:24 < fearnothing> sorry
15:27 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
15:40 < derRichard> i'm using openvpn between two endpoints, both have a good internet connection (fiber, ~5ms rtt, no packet loss). but within the vpn tunnel i'm facing latency issues. every few minutes latency goes from 5ms to 1000ms for a few seconds. what can be the root cause?
15:43 < derRichard> btw: of course i'm using udp as transport
15:44 < fearnothing> there don't seem to be many people answering at the minute
15:44 < fearnothing> friday night, I guess everyone's out at the pub
15:45 < derRichard> i can wait :-)
15:45 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 265 seconds]
15:45 < fearnothing> well while you do I'm gonna throw my question out again
15:46 < fearnothing> weird issue with my sister's connection to my vpn: she has her laptop connected to wireless, but when she connects to my vpn it's applying the network settings to her ethernet interface
15:46 < c|oneman> I thought openvpn creates a new interface
15:47 < c|oneman> which might look like an enternet interface to you... maybe.
15:51 < DArqueBishop> fearnothing, it might help if you posted the logs.
15:51 < DArqueBishop> !logs
15:51 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
15:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
15:58 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
16:03 -!- cryptic1 [~cryptic1@unaffiliated/cryptic1] has quit [K-Lined]
16:06 < fearnothing> I'm sharing screens with her over skype... might have just spotted the problem as I was walking her through copying her logs into pastebin
16:06 < fearnothing> it's getting permission denied when it tries to add the route
16:07 < fearnothing> trying again but with the client running as administrator
16:07 < DArqueBishop> She needs to run the OpenVPN client as administrator.
16:07 < fearnothing> :D
16:09 -!- noecc [~irc@unaffiliated/noecc] has quit [Remote host closed the connection]
16:10 < fearnothing> wooo success
16:11 < fearnothing> but yeah, seeing the VPN interface IP being assigned to her ethernet adapter was frickin weird
16:12 < fearnothing> confused me a lot
16:20 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
16:29 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
16:38 -!- toli [~toli@109.128.250.107] has joined #openvpn
16:49 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
16:59 -!- somis [~somis@167.160.44.204] has joined #openvpn
17:20 -!- MrPocketz is now known as MrPockets
17:27 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
17:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:00 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
18:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:04 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
18:15 -!- mystica555 [~mystica55@2602:47:da16:4e00:66c7:d1da:db86:721e] has quit [Ping timeout: 246 seconds]
18:26 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:28 -!- mystica555 [~mystica55@2602:61:76b0:f500:9a04:e057:441e:fab8] has joined #openvpn
18:29 -!- alchemistswl [~alchemist@p4FC85E59.dip0.t-ipconnect.de] has left #openvpn ["Leaving"]
18:32 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
18:35 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:39 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
18:45 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
18:46 -!- somis [~somis@167.160.44.204] has quit [Quit: Leaving]
18:47 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
18:53 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:54 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:10 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
19:17 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
19:20 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
19:35 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
19:38 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
19:42 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 252 seconds]
19:49 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:54 -!- mystica555 [~mystica55@2602:61:76b0:f500:9a04:e057:441e:fab8] has quit [Ping timeout: 246 seconds]
19:58 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has quit [Quit: mirco]
20:08 -!- mystica555 [~mystica55@2602:ae:1061:9f00:7c37:b72a:c22b:1225] has joined #openvpn
20:13 -!- mystica555 [~mystica55@2602:ae:1061:9f00:7c37:b72a:c22b:1225] has quit [Ping timeout: 246 seconds]
20:16 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 260 seconds]
20:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
20:19 -!- sigdk [~sigdk@2a02:aa16:3301:1e80:762b:62ff:fe86:6d88] has joined #openvpn
20:21 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
20:21 < sigdk> hi. I got an IP, a username, a password and another password (I guess ?). How do I connect to the vpn ?
20:21 < sigdk> Do I need any kind of certificate or the above credentials are enough ?
20:24 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
20:27 -!- mystica555 [~mystica55@2602:ae:1065:a300:c746:8a48:3cc6:8986] has joined #openvpn
20:30 -!- iamaway [iam@unaffiliated/iam4722202468] has joined #openvpn
20:30 < iamaway> I have an openvpn server working (i think)
20:30 < iamaway> how do i check?
20:30 < iamaway> pinging 10.8.0.1 on the machine works
20:30 < iamaway> but how do i connect from other computers?
20:30 < iamaway> no port seems to be open
20:31 < iamaway> 1194 is not open on the server?
20:33 < iamaway> i'm running this on arch linux, and when i start the server there is no problem
20:33 -!- toli [~toli@109.128.250.107] has joined #openvpn
20:33 < iamaway> so it probably is working, i just don't know how to use it
20:40 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
20:40 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
20:48 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
20:57 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
21:05 -!- lotharn|2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
21:07 -!- lotharn|2 is now known as lotharn
21:08 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Client Quit]
21:08 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
21:13 < iamaway> !welcome
21:13 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
21:13 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
21:13 < iamaway> 'I would like to access the internet over my vpn
21:13 < iamaway> !ask
21:13 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
21:14 < iamaway> can someone help me access the internet over my vpn
21:14 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 244 seconds]
21:15 < iamaway> i portscanned the server running openvpn (on the server) and it doesn't show 1194 as open
21:15 < iamaway> wait
21:15 < iamaway> it works...
21:15 < iamaway> how even
21:15 < iamaway> openvpn is magic
21:17 < c|oneman> udp
21:39 < iamaway> hmm
21:39 < iamaway> can't connect from an outside computer :(
21:40 -!- chasecaleb [~chasecale@chasecaleb.com] has joined #openvpn
21:42 < chasecaleb> is there anything i can do to improve throughput? i'm getting about 5MB/s client->linode server through vpn, 50MB/s direct with google fiber. server cpu usage is 25-50% when maxing the connection. using udp.
21:43 < iamaway> :o it works
21:48 -!- mystica555_ [~mystica55@2602:ae:1072:c600:3406:949:3224:20af] has joined #openvpn
21:50 -!- mystica555 [~mystica55@2602:ae:1065:a300:c746:8a48:3cc6:8986] has quit [Ping timeout: 240 seconds]
21:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
21:57 -!- MikeH__ [~mystica55@2602:ae:1073:f000:480d:53:3f8:7f8e] has joined #openvpn
21:57 -!- MikeH__ is now known as mystica555
21:59 -!- mystica555_ [~mystica55@2602:ae:1072:c600:3406:949:3224:20af] has quit [Ping timeout: 240 seconds]
22:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:02 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
22:05 -!- mystica555 [~mystica55@2602:ae:1073:f000:480d:53:3f8:7f8e] has quit [Ping timeout: 246 seconds]
22:07 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: brbv]
22:07 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:09 -!- mystica555 [~mystica55@2602:ae:1074:9200:2b3e:2f7c:83c8:76b1] has joined #openvpn
22:13 -!- sigdk [~sigdk@2a02:aa16:3301:1e80:762b:62ff:fe86:6d88] has quit [Quit: Leaving]
22:15 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 265 seconds]
22:17 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
22:19 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
22:38 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has left #openvpn []
22:59 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:08 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 246 seconds]
23:10 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
--- Day changed Sat Nov 07 2015
00:02 -!- ShadniX [dagger@p5481DDD8.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:03 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Quit: Tension, apprehension, and dissension have begun.]
00:05 -!- ShadniX [dagger@p5481DB85.dip0.t-ipconnect.de] has joined #openvpn
00:05 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
00:06 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
00:21 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 240 seconds]
00:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:22 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
00:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:35 -!- iamaway [iam@unaffiliated/iam4722202468] has left #openvpn ["Leaving"]
00:50 -!- joako [~joako@opensuse/member/joak0] has quit [Quit: quit]
00:52 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
01:04 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
01:09 -!- vvande [~vvande@107.191.96.48] has quit [Remote host closed the connection]
01:15 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:16 -!- mode/#openvpn [+o mattock1] by ChanServ
01:38 -!- chasecaleb [~chasecale@chasecaleb.com] has left #openvpn ["WeeChat 0.4.3"]
01:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
01:58 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
02:00 -!- mystica555_ [~mystica55@2602:b8:609f:4300:7c11:f952:1188:6a4] has joined #openvpn
02:00 -!- mystica555 [~mystica55@2602:ae:1074:9200:2b3e:2f7c:83c8:76b1] has quit [Ping timeout: 240 seconds]
02:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:27 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
02:33 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
02:36 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
02:55 -!- mystica555_ [~mystica55@2602:b8:609f:4300:7c11:f952:1188:6a4] has quit [Ping timeout: 246 seconds]
03:02 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:04 -!- mystica555_ [~mystica55@2602:47:da04:bd00:40f4:8e97:1a2d:bd92] has joined #openvpn
03:16 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
03:22 -!- mystica555_ [~mystica55@2602:47:da04:bd00:40f4:8e97:1a2d:bd92] has quit [Ping timeout: 240 seconds]
03:35 -!- mystica555_ [~mystica55@2602:47:da09:9700:a191:b72:d48:8e15] has joined #openvpn
04:06 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has joined #openvpn
04:09 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
04:17 -!- mystica555_ [~mystica55@2602:47:da09:9700:a191:b72:d48:8e15] has quit [Ping timeout: 240 seconds]
04:17 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has quit [Quit: mirco]
04:19 -!- biax_ [~biax@unaffiliated/biax] has quit [Ping timeout: 255 seconds]
04:31 -!- mystica555_ [~mystica55@2602:47:da0e:c300:95a:3259:1508:1474] has joined #openvpn
04:39 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
04:44 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:55 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
04:56 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
04:58 -!- Tyklol is now known as Tykling
05:06 -!- mystica555_ [~mystica55@2602:47:da0e:c300:95a:3259:1508:1474] has quit [Ping timeout: 246 seconds]
05:10 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
05:15 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
05:20 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
05:20 -!- mystica555_ [~mystica55@2602:47:da16:c900:debb:b629:110c:a5ad] has joined #openvpn
05:25 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:25 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
05:26 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Client Quit]
05:27 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
05:31 -!- mystica555_ [~mystica55@2602:47:da16:c900:debb:b629:110c:a5ad] has quit [Ping timeout: 240 seconds]
05:32 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
05:33 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
05:35 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has joined #openvpn
05:44 -!- mystica555_ [~mystica55@2602:47:da19:4100:2779:b421:214b:ee13] has joined #openvpn
05:46 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
05:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:57 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has joined #openvpn
06:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:05 -!- fearnothing [~nothing@82-69-15-121.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 246 seconds]
06:31 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
06:34 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
06:39 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:40 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
06:40 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
06:42 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
07:03 -!- MMukherjee [~Howaboutt@unaffiliated/powerkiller] has joined #openvpn
07:03 < MMukherjee> I have a OpenVPN server running at 192.168.0.3
07:04 < MMukherjee> On server I need the OpenVPN server to route all this client's data via the TOR SOCKS5 proxy running at 127.0.0.1
07:04 < MMukherjee> port 9050
07:04 < MMukherjee> any guides on that
07:04 < MMukherjee> !configs
07:04 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
07:04 < MMukherjee> !paste
07:04 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
07:05 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:29 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Excess Flood]
07:30 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
07:40 -!- master_of_master [~master_of@p4FD7BCA7.dip0.t-ipconnect.de] has joined #openvpn
07:43 -!- master_o1_master [~master_of@p4FD7BFC2.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
08:01 -!- riano [~quassel@unaffiliated/riano] has joined #openvpn
08:23 -!- riano [~quassel@unaffiliated/riano] has quit [Quit: No Ping reply in 180 seconds.]
08:51 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
09:05 -!- MMukherjee [~Howaboutt@unaffiliated/powerkiller] has quit [Ping timeout: 255 seconds]
09:30 -!- KakuRoze [~RozeD@c83-250-143-139.bredband.comhem.se] has quit [Ping timeout: 264 seconds]
09:31 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
09:33 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
09:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:31 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 246 seconds]
10:32 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
10:33 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
10:38 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has joined #openvpn
10:39 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
10:46 -!- veverak [~squirrel@ip-89-102-104-133.net.upcbroadband.cz] has joined #openvpn
10:48 < veverak> hi folks, I've got question... I have openvpn server inside network with some IP range (let's say 192.168.0.0/24). It's vpn port is portfowared from router to that server and I connect to it with my laptop... point is that I wanted to access all other devices on that network via that openvpn server
10:48 < veverak> so I tried the basic 'push route' example
10:48 < veverak> and it somehow failed, because I am with ma laptop on that network too
10:49 < veverak> so I was pushing route for network I was actually in -> that sounds like something that can fail
10:51 < veverak> what is proper way to handle this?
10:53 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
11:02 -!- somis [~somis@167.160.44.204] has joined #openvpn
11:03 < Poster> overlapping networks are rough,ideally you should consider changing the remote network to some other subnet which is not so widely used
11:04 < Poster> past that you can consider using something like the iptables NETMAP option to readdress everything, though you'll have to come up with some mechanism to deal with name resolution to other addresses
11:04 < Poster> long ago I did that and combined it with a BIND zone transfer where I did a search and replace, when the zone was transferred, it came in as 192.168.x.x, when piped through sed it came out as 10.168.x.x
11:05 < Poster> I then setup iptables NETMAP to map 10.168.0.0/16 -> 192.168.0.0/16
11:05 < veverak> it's not two networks :D
11:05 < Poster> lastly I had to perform NAT prior to leaving the VPN host before entering the 192.168.0.0/16 network
11:05 < veverak> it's when you have openvpn server, you want to see it's network
11:05 < veverak> and you can ocassianly actually be on that network
11:05 < Poster> oops
11:05  * Poster sips his coffee
11:06 < veverak> but yeah, I hread that "ip translation" could be solution
11:06 < veverak> bot not sure if it woudln't make more problems O:)
11:06 < Poster> so you're occasionally on the same IP subnet as the OpenVPN server, but you want to connect to it anyway?
11:07 < veverak> yeah
11:07 < veverak> it's like, I am occasionally on that network
11:07 < veverak> but I want to have access to it anytime
11:08 < Poster> so what is it you want to happen when you're on the same IP subnet?
11:11 < veverak> even nothing?
11:11 < veverak> I mean, if I am on that network, route doesn't have to be pushed
11:12 < Poster> so is the client automatically trying to connect to the server, via system service or similar?
11:12 < veverak> yeah, systemd here
11:12 < veverak> but I want to be still connected to the VPN network itself
11:13 < veverak> or, I don't have to?
11:13 < Poster> it may be possible to author some type of check to determine when you're on the home network and stop the daemon
11:13 < Poster> such as an IP range, default gateway MAC address, etc
11:13 < veverak> so, write script that handles it?
11:13 < Poster> yeah you could probably invoke it from the dhcp client script
11:14 < Poster> there may be something else out there, a network profile of sorts
11:14 < veverak> well, openvpn doesn't have anything
11:14 < veverak> to push route based on some condition?
11:14 < Poster> no it's not an openvpn function, it's an OS function
11:15 < Poster> that might be available too, but from what I recall conditions are based upon things like client certificates
11:15 < veverak> well
11:15 < veverak> one thing I am able to do
11:16 < Poster> another option would be to disallow VPN links that originate from your internal IP subnet, if you're running OpenVPN server on linux, your local subnet is 192.168.0.0/24 and you're running OpenVPN on 1194/udp, you could create a rule like
11:16 < veverak> is to setup 'local openvpn server address' as first address to try in openvpn config
11:16 < veverak> and it's public one as second to make a difference
11:16 < Poster> iptables -A INPUT -i eth0 -p udp -s 192.168.0.0/24 --dport 1194 -j REJECT
11:16 < veverak> I see
11:18 < Poster> if you are using a DNS based server address on the client, you could also consider publishing an internal-only record to point that address to some bogus IP address or no IP address
11:18 < Poster> vpn.company.org -> 127.0.0.2
11:18 < Poster> or simply create a zone for company.org and do not create a record called "vpn"
11:19 < Poster> The OpenVPN daemon would like interpret it as a failed DNS lookup and not establish a connection
11:26 < veverak> http://www.nimlabs.org/dirtynat.html
11:26 <@vpnHelper> Title: NAT tricks for VPN with clients in private address ranges (at www.nimlabs.org)
11:26 < veverak> this sounds interesting
11:29 < Poster> yeah that touches on the NETMAP part
11:29 < veverak> --client-nat also this option in manual seems like it
11:30 < veverak> but can't find examples :)
11:35 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
11:36 -!- mystica555_ [~mystica55@2602:47:da19:4100:2779:b421:214b:ee13] has quit [Ping timeout: 240 seconds]
11:53 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:56 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
12:00 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
12:01 -!- rich0_ is now known as rich0
12:01 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
12:02 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: Textual IRC Client: www.textualapp.com]
12:04 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Client Quit]
12:05 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
12:06 -!- James_Epp [~james@216.36.146.9] has joined #openvpn
12:07 < James_Epp> I think I cannot read and/or am blind. Where do I find the download for the openvpn server, windows?
12:07 < James_Epp> I downloaded the one from the community downloads page, in the install I don't see an option for the server.
12:14 -!- julius [~julius@2a01:4f8:c17:1f9::2] has left #openvpn ["Leaving"]
12:21 < James_Epp> Okay, I learned how to read a bit more and am going through the howto/install. Do I copy the sample-config files to the config directory?
12:27 -!- iamaway [iam@unaffiliated/iam4722202468] has joined #openvpn
12:27 < iamaway> how do i know if openvpn is working?
12:27 -!- iamaway is now known as iam
12:31 < iam> http://qp.mniip.com/p/23
12:31 < iam> is it working?
12:45 -!- timmu [~M@109-125-191-90.dyn.estpak.ee] has joined #openvpn
12:47 < timmu> is there a way to check openvpn config before restarting the service?
12:47 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:48 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:50 < James_Epp> Okay, I have a server up and running. Clients can ping the server, other hosts. But the client cannot ping one host, the router/gateway on the remote network. Also, I cannot access web interfaces of devices, and can't rdp into another host. Seems a bit weird. Ideas?
12:53 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
12:56 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Remote host closed the connection]
12:57 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
13:02 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
13:06 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:12 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
13:14 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
13:15 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
13:16 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
13:17 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
13:17 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 240 seconds]
13:18 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
13:18 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
13:19 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Max SendQ exceeded]
13:19 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
13:20 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Max SendQ exceeded]
13:20 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
13:32 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has quit [Quit: mirco]
13:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:12 < stryngs> Hi, I'm trying to get OpenVPN setup between two routers.  The desired setup is:  http://s7.postimg.org/wy91c84x7/snap.png
14:13 < stryngs> I've generated all my keys and such, but am kind of lost as to the configuration I should use
14:14 -!- iam [iam@unaffiliated/iam4722202468] has left #openvpn ["Leaving"]
14:16 < c|oneman> so basically you install openvpn server on the 33.33.33.33 network and connect both other routers to that via openvpn client right?
14:17 < stryngs> Yes
14:17 < stryngs> The dd-wrt openvpn
14:17 < stryngs> No local clients will use the OpenVPN directly.
14:17 < c|oneman> and the two other networks dont need to see each other right?
14:19 < stryngs> Correct
14:19 < stryngs> And the only time a client router should push traffic TO the VPN, is when SMB traffic occurs to the 192.168.2.100
14:19 < stryngs> Otherwise, the client routers should use "normal" routing for their clients
14:23 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:25 < stryngs> c|oneman: ?
14:27 < c|oneman> so basically, default config should work :/
14:27 < c|oneman> TUN, UDP is fine
14:27 < c|oneman> were you able to bring download the keys from the server and put them in the config of the clients?
14:28 < stryngs> Yes
14:28 < stryngs> 1 client is at my house right now as a testbox
14:28 < stryngs> I will try TUN, since ICMP works over it, if I can at least ping, then I know i'm "halfway" there
14:31 < stryngs> c|oneman: http://www.picpaste.com/Screenshot-BkDq5Tvp.png
14:33 < c|oneman> so it connects and you can ping 191.168.9.1?
14:33 < stryngs> No pinging
14:33 < stryngs> One sec, trying some more stuff
14:33 -!- stryngs [~stryngs@unaffiliated/stryngs] has left #openvpn []
14:34 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:47 -!- aushalten [~aushalten@108.61.228.18] has joined #openvpn
14:53 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
15:00 -!- aushalten [~aushalten@108.61.228.18] has quit [Quit: Leaving]
15:10 -!- houtens [~houtens@happy.avruga.net] has joined #openvpn
15:10 -!- somis [~somis@167.160.44.204] has quit [Quit: Leaving]
15:12 -!- somis [~somis@167.160.44.204] has joined #openvpn
15:14 < c|oneman> useless fact of the day, I get 70mbit openvpn performance on quad core  1.6GHz Cortex A9 RK3188 CPU
15:19 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
15:21 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
15:22 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
15:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
15:24 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has joined #openvpn
15:25 < tete_> !goal
15:25 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:25 -!- Ganymed [daniel@mkc1.xcx.cc] has left #openvpn []
15:26 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:26 < tete_> Hi, i was already here yesterday. I got the old problem fixed (thought its a firewall problem, but it was not, it was an issue as i did not tell openvpn which device to listen on). Now i can connect but get an error http://pastebin.com/JexmuhyS - thats the error on my fedora machine connecting with openvpn to the edgemax ubiquiti router where the server runs at.
15:26 < tete_> i checked the CA certificate, it looks ok to me, also the server/client cert look ok to me
15:29 < tete_> the server certificate does not have any x509 extension... did i create the server cert wrong?
15:31 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has quit [Ping timeout: 264 seconds]
15:31 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has joined #openvpn
15:33 -!- s7r_ [~s7r@openvpn/user/s7r] has joined #openvpn
15:33 -!- mode/#openvpn [+v s7r_] by ChanServ
15:33 -!- s7r [~s7r@openvpn/user/s7r] has quit [Max SendQ exceeded]
15:33 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 264 seconds]
15:33 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 264 seconds]
15:34 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
15:34 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
15:35 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
15:36 -!- Denial- [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has joined #openvpn
15:42 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 264 seconds]
15:47 -!- derRichard [~derRichar@pippin.sigma-star.at] has quit [Ping timeout: 264 seconds]
15:54 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
15:57 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Read error: Connection reset by peer]
15:58 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
15:59 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
16:00 -!- catsup [d@ps38852.dreamhost.com] has quit [Client Quit]
16:29 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:30 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
16:42 -!- apocr [~apoc@82.221.111.210] has joined #openvpn
16:43 < apocr> hi! Is there some way for a client to read the server config?
16:52 < BtbN> no
16:56 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:57 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
17:09 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
17:16 -!- toothe [~awiggin@unaffiliated/toothe] has joined #openvpn
17:17 < toothe> is there a way to make openvpn listen on two ports, ie, both TCP and UDP ?
17:17 < toothe> or would thjis require two instances?
17:24 -!- s7r_ is now known as s7r
17:28 <+s7r> toothe: not on the same instance afaik
17:29 < toothe> cool. I got it working, just was a bit of a run-around
17:29 < toothe> was hoping there was a cleaner solution
17:35 -!- toothe [~awiggin@unaffiliated/toothe] has left #openvpn []
17:39 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Quit: ||||||||||||||||||||||||||||||||||||||||||||||| 99%]
17:40 -!- apocr [~apoc@82.221.111.210] has quit [Quit: leaving]
17:43 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has quit [Quit: Leaving]
17:48 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
17:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:00 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
18:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:05 < nhooyr> creating a CA and in the openssl conf I'm just wondering what RANDFILE does? is it like /dev/urandom?
18:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:18 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Quit: Leaving]
18:19 -!- Neal|ZNC [~neal@felix.ineal.me] has joined #openvpn
18:20 -!- Neal_ [~neal@felix.ineal.me] has quit [Ping timeout: 250 seconds]
18:23 < nhooyr> on this page https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/openssl-1.0.cnf why does the policy_anything section have name   = optional. since when does a distinguished name have a field called "name"?
18:23 <@vpnHelper> Title: easy-rsa/openssl-1.0.cnf at master · OpenVPN/easy-rsa · GitHub (at github.com)
18:27 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
18:27 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has joined #openvpn
18:27 -!- mirco [~mirco@b2b-130-180-116-94.unitymedia.biz] has quit [Remote host closed the connection]
18:43 -!- somis [~somis@167.160.44.204] has quit [Quit: Leaving]
19:15 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
19:15 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
19:26 -!- vvande [~vvande@66.244.241.35] has joined #openvpn
19:32 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:04 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
21:03 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
21:32 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
21:32 < Dougy> hey ecrist, any updates to check_printer?
21:32 < Dougy> last copy i have is
21:33 < Dougy> actually pm
22:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:20 -!- Willis [Willis@107.161.160.241] has quit [Ping timeout: 255 seconds]
22:33 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
22:34 -!- Willis [Willis@107.161.160.241] has joined #openvpn
22:35 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 244 seconds]
22:38 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
23:24 -!- frank-- [1000@unaffiliated/thumbs] has joined #openvpn
23:24 -!- thumbs [1000@unaffiliated/thumbs] has quit [Quit: Reconnecting]
23:27 -!- frank-- is now known as thumbs
23:38 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
23:38 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Client Quit]
--- Day changed Sun Nov 08 2015
00:02 -!- ShadniX [dagger@p5481DB85.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:03 -!- ShadniX [dagger@p5481D67B.dip0.t-ipconnect.de] has joined #openvpn
00:18 -!- mystica555 [~mystica55@174-16-105-109.hlrn.qwest.net] has joined #openvpn
00:37 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:11 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
01:12 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Client Quit]
01:15 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Quit: Bye!]
01:16 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
01:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:16 -!- mode/#openvpn [+o mattock1] by ChanServ
01:45 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 255 seconds]
01:45 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:46 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
02:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
02:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:28 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has joined #openvpn
02:32 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:37 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
02:39 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-tsqwnfgnwehhaear] has joined #openvpn
02:42 < sillysausage> so, i've got a multi-home setup where ppp0 is a point to point link to my ISP, and tun0 is a point to point link to a VPN provider
02:43 < sillysausage> as this is a router, i've decided to nopull the routes from my VPN provider
02:43 < sillysausage> because they would by default send everything through the tun0 interface.
02:43 < sillysausage> I've documented this here http://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#VPN_Tunnel_on_specific_subnet
02:43 <@vpnHelper> Title: Linux Router with VPN on a Raspberry Pi - Alpine Linux (at wiki.alpinelinux.org)
02:43 < sillysausage> now, my ISP provides me with dual-stack prefixed delegated IPv6
02:44 < sillysausage> however i've decided to for simplicity run that behind an IPv6 NAT
02:44 < sillysausage> the VPN provider also provides IPv6 on their point-to-point link, although it's not a delegated prefix, it's a single ULA address
02:44 < sillysausage> so NAT will be unavoidable in this situation
02:45 < sillysausage> essentially i am doing sourced based routing in the case of IPv4, whereby packets with a source of 192.168.1.0/24 is fwmarked with 0x1 and put straight into the ppp0 interface to my ISP
02:46 < sillysausage> with the VPN, packets sourced from 192.168.2.0/24 are marked with 0x2 and routed straight into tun0 to the VPN
02:47 < sillysausage> now with a IPv6 adaption, the intention is to use my 2001 delegated range direct into ppp0
02:47 < sillysausage> and a ULA range like fd89:2cb8:e21c::/64 into the VPN (essentially this is behaving the same way as 192.168.2.0/24 did)
02:48 < sillysausage> now my question comes with the route-up script in regard to IPv6
02:48 < sillysausage> wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#.2Fetc.2Fopenvpn.2Froute-up-fwmark.sh
02:48 < sillysausage> that's how i did it with IPv4, using OpenVPN's hooks in order to determine the interface's aassigned IP
02:49 < sillysausage> in regard to IPv6, does this behave somewhat similar to /etc/ppp/ip-up and /etc/ppp/ipv6-up ?
02:49 < sillysausage> I was having a look at https://community.openvpn.net/openvpn/wiki/IPv6
02:49 <@vpnHelper> Title: IPv6 – OpenVPN Community (at community.openvpn.net)
02:50 < sillysausage> http://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#OpenVPN_Routing
02:50 <@vpnHelper> Title: Linux Router with VPN on a Raspberry Pi - Alpine Linux (at wiki.alpinelinux.org)
02:51 < sillysausage> here is where i modify my VPN's configuration files using "route-noexec" to tell their pushed routes to get lost :)
02:51 < sillysausage> will route-noexec prevent IPv6 routes?
02:51 < sillysausage> or is there some special route-ipv6-noexec command?
02:53 < sillysausage> likewise: i used
02:53 < sillysausage> route-up /etc/openvpn/route-up-fwmark.sh
02:53 < sillysausage> route-pre-down /etc/openvpn/route-pre-down-fwmark.sh
02:53 < sillysausage> is there a special alternative to "route-up" and "route-pre-down"
02:54 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has quit [Remote host closed the connection]
02:56 < sillysausage> oh maybe it's not split
02:57 < sillysausage> and instead I use ${ifconfig-ipv6} ?
02:57 < sillysausage> https://serverfault.com/questions/700357/openvpn-ifconfig-ipv6-in-tap-mode
02:57 <@vpnHelper> Title: OpenVPN ifconfig-ipv6 in TAP mode - Server Fault (at serverfault.com)
03:00 < sillysausage> the main reason im confused is because there certainly seems to be different commands
03:00 < sillysausage> for ipv6 when pushing from a server
03:00 < sillysausage> eg server-ipv6, route-ipv6, route-ipv6
03:07 < sillysausage> http://silmor.de/ipv6.openvpn.php
03:07 <@vpnHelper> Title: IPv6 via OpenVPN (at silmor.de)
03:08 < sillysausage> it sort of looks like from this openvpn just looks to see if it has -6 and if it is then ${ifconfig_local} would be the ipv6 address?
03:08 < sillysausage> for example my interface has https://dpaste.de/QxAc
03:09 < sillysausage> ${ifconfig_local} seems to refer to "inet 172.16.48.29"
03:09 < sillysausage> what im trying to figure out is how to get the inet6 address
03:10 < sillysausage> eg
03:10 < sillysausage> /sbin/ip -6 route add default via fd48:8bea:68a5:1016:ffff:ffff:ffff:ff08 dev tun0 table VPN
03:10 < sillysausage> is what i'm trying to add
03:20 -!- Tenhi_ [~tenhi@178.18.241.180] has quit [Ping timeout: 265 seconds]
03:22 < sillysausage> maybe this question is better suited to the openvpn mailing lists
03:25 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:27 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
03:31 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
03:51 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
03:55 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Quit: WeeChat 1.2]
04:02 -!- KNERD [~KNERD@netservisity.com] has quit [Ping timeout: 255 seconds]
04:13 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
04:14 < sillysausage> oops
04:14 < sillysausage> i think i accidentally parted from the channel
04:14 -!- Chemmy [~chris@93.187.144.141] has joined #openvpn
04:24 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:25 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:26 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:27 < sillysausage> https://community.openvpn.net/openvpn/wiki/OpenVPN2.4
04:27 <@vpnHelper> Title: OpenVPN2.4 – OpenVPN Community (at community.openvpn.net)
04:27 < sillysausage> oh it looks like i have to wait for openvpn 2.4
04:27 < sillysausage> "discover IPv6 default gateway "
04:28 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:29 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
04:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:44 < sillysausage> https://community.openvpn.net/openvpn/ticket/230
04:44 <@vpnHelper> Title: #230 (IPV6 environment variables missing for client-connect) – OpenVPN Community (at community.openvpn.net)
04:44 < sillysausage> hmm this kind of makes me think what im trying to do isn't possible
04:56 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:08 -!- somis [~somis@167.160.44.204] has joined #openvpn
05:20 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Quit: WeeChat 1.2]
05:21 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
05:23 -!- shio [marmottin@10.121.101.84.rev.sfr.net] has quit [Ping timeout: 250 seconds]
05:24 -!- hadi [~Instantbi@31.59.2.44] has joined #openvpn
05:25 < hadi> Hi there guys. I have a problem with my country's censorship blocking off openvpn from connecting. I don't know how to solve this problem.
05:25 < hadi> Basically, what happen is that i get redirected to  a blocked ip when openvpn is trying to connect.
05:25 < hadi> so the remote domain is france.privateinternetaccess.com
05:26 < hadi> when openvpn is trying to connect, i get redirected to an internal IP, instead of connecting to  one of the VPN servers.
05:26 -!- shio [shio@10.121.101.84.rev.sfr.net] has joined #openvpn
05:27 < hadi> here: Sun Nov  8 11:22:02 2015 Attempting to establish TCP connection with [AF_INET]10.10.34.36:443 [nonblock]
05:28 < hadi> I changed resolv.conf to use google dns, but It seems to not work at all
05:28 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:37 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:37 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
05:40 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:40 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
05:51 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
05:53 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
05:56 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 272 seconds]
05:56 -!- rich0_ is now known as rich0
06:03 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:07 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:17 < sillysausage> if there is something at your ISP mangling your packets and redirecting them
06:17 < sillysausage> the only solution is going to be to connect to an IP that is not on that "censorship list"
06:18 < sillysausage> that might mean your own VPS, and then creating a connectio to your VPN provider from there
06:18 < sillysausage> and personally i wouldn't use PIA
06:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:21 < sillysausage> hadi: anyway it sounds like you're behind a carrier grade NAT 10.10.34.36 is a private address
06:22 < sillysausage> > hadi | I changed resolv.conf to use google dns, but It seems to not work at all
06:22 < sillysausage> that won't work if their censorship system simply mangles the packet
06:23 < sillysausage> i imagine it lookst at the destination of the packet in this case france.privateinternetaccess.com (108.61.122.121)
06:23 < sillysausage> and then just changes it, which any router can do in between you and the remote destination
06:23 < hadi> well
06:24 < sillysausage> i didn't think france was that anal?
06:24 < sillysausage> or are you not in france
06:24 < hadi> I use PIA for just access to twitter/youtube, I don't care about security for now untill I find a good vpn provider
06:24 < sillysausage> oh, so probably china or iran kind of censorship :)
06:24 < hadi> No i live in Iran, france has.. some good ping to us
06:24 < sillysausage> do they do DPI?
06:24 < hadi> I think so
06:24 < sillysausage> it might be that they packet inspect and can see they are openvpn packets
06:24 < sillysausage> there is supposed to be some obfuscation patches merged with openvpn
06:25 < sillysausage> ie what obfsproxy4 from Tor can do
06:25 < hadi> wow really? is this new?
06:25 < hadi> I'd use tor but ehh, just imagine a crappy connection being torred
06:25 < sillysausage> https://community.openvpn.net/openvpn/wiki/TrafficObfuscation
06:25 <@vpnHelper> Title: TrafficObfuscation – OpenVPN Community (at community.openvpn.net)
06:25 < sillysausage> hadi: you might also be interested in my guide http://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi
06:25 <@vpnHelper> Title: Linux Router with VPN on a Raspberry Pi - Alpine Linux (at wiki.alpinelinux.org)
06:26 < sillysausage> essentially 192.168.1.0/24 is routed directly out so low latency
06:26 < sillysausage> and 192.168.2.0/24 is routed into VPN :)
06:26 < sillysausage> the obfuscation stuff does require patches serverside too
06:26 < hadi> does this mean that If i buy another pi and configure it, It can be a bridge that let's all clients in over the censorship?
06:26 < sillysausage> yup
06:26 < sillysausage> out rather
06:26 < sillysausage> basically the way i use it
06:27 < sillysausage> is that computers on 192.168.1.0/24 IPs are source routed out directly
06:27 < sillysausage> you know for games and low latency stuff
06:27 < sillysausage> everything else however is forced into the VPN at the router
06:27 < sillysausage> meaning my workstation doesn't actually have openvpn installed
06:27 < sillysausage> it just goes "oh this packet is from 192.168.2.50, that goes into tun0"
06:28 < sillysausage> or "oh this packet is from 192.168.1.68 that then goes into ppp0 (the point to point link with my ISP)"
06:28 < sillysausage> the idea is that you then don't need to individually install openvpn on things
06:28 < hadi> This is very cool
06:28 < sillysausage> and it doesn't have to be a raspberry pi, that's just what i used because it was inexpensive
06:29 < sillysausage> it could be an old desktop, it just needs two network cards
06:29 < sillysausage> and you need a modem that can be used in full bridge mode
06:29 < hadi> IDK if i could get this running, I don't have too much tehnical info
06:29 < sillysausage> yeah its pretty much step-by-step
06:29 < sillysausage> im actually adapting it currently, to use VLANs
06:29 < sillysausage> instead of aliased IPs which is what i did for 192.168.1.0/24 and 192.168.2.0/24
06:29 < hadi> about the pia thing, It's just a kodi pi that I'm trying to get a vpn connection on it.
06:30 < sillysausage> but that requires a managed switch
06:30 < sillysausage> yeah
06:30 < sillysausage> hadi: i suspect it's simply just null routing because it knows it's PIA
06:30 < sillysausage> i read somewhere iran does that
06:30 < sillysausage> and some VPN providers bribe the government
06:31 < hadi> hmm. I see. and there's like, no way around it?
06:31 < sillysausage> well there is
06:31 < hadi> the windows client passes this thing, i don't know what magic  they're using
06:31 < sillysausage> not to contact an IP that is going to get blocked
06:31 < hadi> :)
06:31 < sillysausage> btw does your ISP in iran give you an actual IPv4 IP
06:31 < sillysausage> or are you behind carrier grade NAT
06:31 < sillysausage> 10.10.34.36 should never be routable
06:32 < sillysausage> https://en.wikipedia.org/wiki/Carrier_Grade_NAT
06:32 <@vpnHelper> Title: Carrier-grade NAT - Wikipedia, the free encyclopedia (at en.wikipedia.org)
06:33 < hadi> yes, it does give me an actual IP, this  10 ip thing is just what we get when trying to access block domains and such
06:33 < sillysausage> hmm weird.
06:33 < hadi> for example 10.10.34.34 is an ip that shows you a long document about laws and  stuff
06:34 < hadi> so if i  want to go to facebook it redirects me to 10.10.34.34, not an actual redirect, it's... a very clever one i guess
06:34 < sillysausage> yeah im not even sure how that works lol.
06:34 < sillysausage> because that is a private address :P
06:34 < sillysausage> so your external address must be shared by other users
06:34 < sillysausage> it must not be unique to you
06:35 < hadi> Well, it's not static i know that
06:35 < sillysausage> yeah that's something else again
06:35 < sillysausage> but it's not obviously a dynamic assignment either
06:35 < sillysausage> https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt (those for example would never appear on the public internet)
06:36 < sillysausage> in any case it doesn't matter much for you
06:36 < hadi> I don't know if there are any good vpn services that don't use dumb sub domains that could be easily blocked. I guess  ultimately i have to  setup a server myself, If i could get one
06:36 < sillysausage> there is no way around that, without either connecting to an IP your ISP isn't filtering eg france.privateinternetaccess.com (108.61.122.121)
06:36 < sillysausage> or getting around the DPI (if they are doing that)
06:37 < hadi> hmm, I wonder, let me try editting the config file and  putting the IP there
06:37 < sillysausage> that wont work
06:37 < sillysausage> the only way that would work is if you were using your ISPs DNS
06:37 < sillysausage> and it was just giving you back a different address in the record
06:38 < hadi> oh well
06:38 < sillysausage> if they do DPI, that means they're actually looking at the type of packets too
06:38 < sillysausage> not even just the destination
06:38 < sillysausage> i'd say iran probably does both
06:38 < sillysausage> looks at the destination, they know 108.61.122.121 is PIA, so they're gonna filter on that
06:39 < sillysausage> and then secondarily, they probably look at the actual type of packet
06:39 < hadi> How does their windows client connect then, this's odd
06:39 < sillysausage> really so you can get a connection?
06:39 < sillysausage> to that address?
06:39 < hadi> no, their windows client just works. I'm on a linux that can't get this working
06:39 < sillysausage> btw france.privateinternetaccess.com is a number of IPs
06:39 < sillysausage> notjust one
06:40 < hadi> I'm botting the pi right now, I'm gonna try putting the IP in
06:41 < sillysausage> i messaged you all the IPs
06:41 < sillysausage> it is possible maybe the windows client is using a different IP
06:41 < sillysausage> because that domain i think probably load balanced
06:41 < sillysausage> across a number of "france servers"
06:41 < hadi> got 'em
06:41 < sillysausage> you could look in netstat in windows
06:41 < sillysausage> and see which one the windows machine is using
06:41 < hadi> oh so, that first IP,  is like a gateway?
06:41 < sillysausage> i would have thought iran would have periodically looked at the domains for new servers
06:42 < sillysausage> well no they're all separate servers in the "answer section"
06:42 < sillysausage> i'd say it just load balances
06:42 < hadi> I'm just happy that Iran just buys pre config packages/softwares  instead of hiring  intelligent people people to do their work
06:42 < sillysausage> lol yeah well..
06:42 < sillysausage> the thing is there's no point in making their own
06:42 < sillysausage> too much cost
06:43 < sillysausage> and its not the only country to be an ass about people using the internet
06:43 < sillysausage> in the western world, they just prefer to spy on everyone
06:43 < sillysausage> rather than repress them ;)
06:43 < sillysausage> its kind of sad in a way though
06:43 < sillysausage> because it fragments and segments the internet
06:43 < sillysausage> this wonderful device that lets you talk to a citizen on the other side of the world
06:44 < hadi> oh heh
06:44 < sillysausage> imagine how shitty the world would be if everyone took the north korea style to internet ;)
06:44 < hadi> noooo~
06:44 < hadi> do they have their own network
06:44 < sillysausage> s/internet/intranet/
06:45 < sillysausage> hadi: im just checking to see if the pia client does anything special
06:45 < sillysausage> i do know that some VPN providers patch openvpn
06:45 < hadi> well um, I think I just connected to one of these  ips you gave me
06:45 < hadi> Sun Nov  8 12:32:58 2015 Initialization Sequence Completed
06:45 < sillysausage> yes that is good news
06:45 < sillysausage> that means it is working
06:45 < sillysausage> and you should see the routes pushed to you
06:45 < sillysausage> so yes it's most likely IP filtering
06:46 < sillysausage> and some of the france servers are blocked.
06:46 < hadi> And they don't  scan the rest to  block then?
06:46 < sillysausage> maybe they will some day
06:46 < sillysausage> or maybe they added it not because the block was scanned
06:46 < sillysausage> the only concern though is
06:46 < sillysausage> your ISP will know you're using OpenVPN to PIA
06:46 < sillysausage> you may not like that
06:46 < sillysausage> it would be the same as if you used plain Tor without a bridge
06:47 < sillysausage> is it actually a crime? you know to circumvent censorship?
06:47 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:47 < sillysausage> i don't know about that
06:47 < sillysausage> the reliability of it may vary, just because it connects does not mean the link will be reliable
06:47 < sillysausage> i was sure i read somewhere that iran checks to see if it can recognize the packet type
06:48 < hadi> Well, the thing is that they track you, If you  write a blog about them, you're in trouble, but else I guess you're ok
06:48 < sillysausage> oh okay
06:48 < hadi> because then they have to arest  30 milion people who're using facebook/twitter/youtube/other sites
06:48 < sillysausage> haha
06:48 < sillysausage> yeah so that's the problem ;)
06:49 < hadi> I'm pretty sure that these servers are not that stable though, That'd suck if i have to change the config file every so often
06:49 < sillysausage> yes it would
06:49 < sillysausage> the only real way to get out of that is to have your own dedicated IP
06:49 < sillysausage> eg you > VPS > VPN
06:49 < sillysausage> or just you > VPS
06:49 < sillysausage> ie something that they wont be checking
06:50 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 240 seconds]
06:51 < hadi> the only great thing about pia is that it has a strong connection
06:51 < sillysausage> i believe things like openwrt allow you do essentially what i did with my router on alpinelinux
06:51 < sillysausage> a lot do
06:51 < hadi> strong: as in strong for my type of connection, 2.5 mbps
06:51 < sillysausage> ah so bandwidth
06:51 < sillysausage> note your ISP may be throttling VPN connections, it can happen
06:52 < sillysausage> is 2.5mbps the maximum you get downstream?
06:52 < hadi> I'm pretty sure they do it
06:52 < hadi> yup
06:52 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
06:52 < hadi> it's like 290-380 kb/s
06:52 < sillysausage> yeah so ADSL1 of some kind it sounds like
06:52 < sillysausage> then it shouldn't matter really what VPN you use they should have ample bandwidth
06:52 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
06:52 < hadi> they have an 8mbps package, but it's not unlimited, and buying traffic is expensive.
06:52 < sillysausage> ah
06:53 < sillysausage> yeah still ADSL1 my guess
06:53 < sillysausage> and 8MBs is the max you can do on ADSL1
06:53 < hadi> this type of service i have is  "unlimited" I just have to download smartly so their system doesn't flag me
06:53 < sillysausage> anything over that requires ADSL2+
06:53 < hadi> you know what's funny
06:53 < hadi> hold on
06:54 -!- rich0__ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:56 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 246 seconds]
06:56 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 250 seconds]
07:04 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:12 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Excess Flood]
07:14 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
07:15 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Quit: ZNC - http://znc.in]
07:16 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
07:18 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Excess Flood]
07:20 -!- hadi [~Instantbi@31.59.2.44] has quit [Read error: Connection reset by peer]
07:22 -!- hadi [~Instantbi@31.59.2.44] has joined #openvpn
07:27 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
07:30 -!- CrazyyMaxx [CrazyyMaxx@ns364484.ip-188-165-236.eu] has joined #openvpn
07:41 -!- master_o1_master [~master_of@p4FD7B825.dip0.t-ipconnect.de] has joined #openvpn
07:44 -!- master_of_master [~master_of@p4FD7BCA7.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
07:51 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
07:59 < AlmogBaku> hi
08:00 < AlmogBaku> im not sure how the life-cycle works on openvpn
08:00 < AlmogBaku> (scripts life-cycle)
08:00 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
08:00 < AlmogBaku> first i have the on-connect script, then learn-address, then on-disconnect and then learn-address again?
08:01 < AlmogBaku> and when learn-address update happened?
08:01 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
08:27 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
08:34 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Quit: Leaving]
08:37 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
08:38 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
08:38 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
08:47 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
08:59 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
08:59 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
09:07 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has joined #openvpn
09:08 < tete_> hi, i just noticed that i can not use openvpn 2.3.8 because of https://community.openvpn.net/openvpn/ticket/618 - so i thought i compile openvpn myself, but the sources i found (github openvpn -> master branch) did not contain that patch
09:08 <@vpnHelper> Title: #618 (OpenVPN 2.3.8 no longer asks for username/password) – OpenVPN Community (at community.openvpn.net)
09:09 < tete_> can someone tell me why? when i download the sources and compile them, is this the up-to-date version or are patches missing?
09:12 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
09:12 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
09:23 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
09:26 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
09:26 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
09:33 -!- somis [~somis@167.160.44.204] has quit [Quit: Leaving]
09:39 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
09:39 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
09:40 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:41 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 272 seconds]
09:46 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
10:03 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has joined #openvpn
10:09 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
10:09 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has quit [Remote host closed the connection]
10:13 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:35 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:40 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 250 seconds]
10:41 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
10:45 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Max SendQ exceeded]
10:46 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
10:46 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:47 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
10:51 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Ping timeout: 250 seconds]
10:58 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
10:58 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
11:16 -!- rich0__ is now known as rich0
11:16 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
11:22 -!- AlmogBaku [~AlmogBaku@37.26.146.192] has joined #openvpn
11:23 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
11:26 -!- hadi [~Instantbi@31.59.2.44] has quit [Ping timeout: 260 seconds]
11:27 -!- hadi [~Instantbi@31.59.50.1] has joined #openvpn
11:29 -!- AlmogBaku [~AlmogBaku@37.26.146.192] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:35 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
11:38 -!- hadi [~Instantbi@31.59.50.1] has quit [Read error: Connection reset by peer]
11:38 -!- hadi [~Instantbi@31.59.50.1] has joined #openvpn
11:39 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:51 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
12:08 -!- DemonWav [~DemonWav@unaffiliated/demonwav] has left #openvpn ["Leaving"]
12:44 -!- Sidewinder [~de@unaffiliated/sidewinder] has joined #openvpn
12:44 -!- Sidewinder [~de@unaffiliated/sidewinder] has quit [Client Quit]
12:46 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has joined #openvpn
12:48 < tete_> after a long time, i got it working... more or less. the client connects now, i can ping the vpn server on the vpn interface, but i get disconnects every ~60 seconds, and i dont know why. can someone tell me how i can get more informations? the log just prints some error which seems a bit wierd http://pastebin.com/SPFSkRxb
13:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:20 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 240 seconds]
13:22 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
13:24 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
13:39 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.3]
13:40 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
13:40 -!- somis [~somis@167.160.44.204] has joined #openvpn
13:58 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 240 seconds]
13:59 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
14:00 -!- Amnez777 [~Amnez777@37.157.216.171] has joined #openvpn
14:00 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:15 -!- Chemmy [~chris@93.187.144.141] has quit [Quit: I've gone.]
14:17 -!- Chemmy [~chris@93.187.144.141] has joined #openvpn
14:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:22 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
14:34 < nhooyr> is there any current way to do https://forums.openvpn.net/topic20036.html or do I need to implement it myself in a script?
14:34 -!- haploid [~vox_molli@206.190.145.85.adsl.inet-telecom.org] has joined #openvpn
14:34 <@vpnHelper> Title: OpenVPN Support Forum Prevent multiple login with the same certificate : Cert / Config management (at forums.openvpn.net)
14:35 < haploid> Is there any known way around the "Sorry, 'Auth' password cannot be read from a file" error without having to set up the entire gcc toolchain and rebuild the entire client ?
14:36 < haploid> Is there no relevant config option?
14:46 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
14:58 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
15:19 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
15:23 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
15:25 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
15:26 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Quit: Leaving]
15:33 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has quit [Quit: Leaving]
15:34 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:35 < haploid> Is there any known way to force openvpn to use an existing tun interface? I'd like to connect to one vpn through an existing vpn, but openvpn seems to only want to use re0 instead of tun0
15:39 < BtbN> "Use" as in put the VPN on that device, or connect via that device?
15:40 < haploid> I basically want two clients. I want to FIRST connect to vpn A via ethernet, thus creating tun0, then I want to connect to vpn B via tun0, thus creating tun1
15:40 < haploid> such that vpn A is encapsulating vpn B
15:41 < BtbN> Setup all your routes manualy and configure them propperly for that to work out.
15:44 < haploid> well once tun0 is up, the routes are already set up( default 0.0.0.0/1 -> tun0 ), but it looks like openvpn is somehow not using them
15:46 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:47 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 272 seconds]
15:48 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
15:48 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
16:09 < BtbN> haploid, it will imediately override them when it connects, breaking its own connection.
16:09 < BtbN> So you need to manualy specify the routes for the outer VPN.
16:09 < BtbN> And also ignore any routes pushed to you
16:12 -!- mystica555_ [~mystica55@97-118-111-133.hlrn.qwest.net] has joined #openvpn
16:15 -!- mystica555 [~mystica55@174-16-105-109.hlrn.qwest.net] has quit [Ping timeout: 264 seconds]
16:22 -!- Chemmy [~chris@93.187.144.141] has quit [Quit: I've gone.]
16:46 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:37 -!- hadi [~Instantbi@31.59.50.1] has quit [Quit: Instantbird 1.6a1pre -- http://www.instantbird.com]
17:46 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:09 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
19:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
19:44 -!- vvande [~vvande@66.244.241.35] has quit [Ping timeout: 250 seconds]
20:12 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Quit: Tension, apprehension, and dissension have begun.]
20:18 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
21:05 -!- somis [~somis@167.160.44.204] has quit [Quit: Leaving]
21:16 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Quit: WeeChat 1.2]
21:33 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
21:43 -!- twb [~twb@203.7.155.119] has joined #openvpn
21:44 < twb> I'm used to doing OpenVPN between linux boxes.  I have to grant access to a Windows box.  https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide#ClientConfigFiles  talks about some client.ovpn file --- where does that come from?
21:44 <@vpnHelper> Title: Easy_Windows_Guide – OpenVPN Community (at community.openvpn.net)
21:44 < twb> Is it just an openvpn .conf file (e.g. "dev tap" and "proto udp"), with a funny extension?
22:05 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
22:08 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has joined #openvpn
22:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:20 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
22:26 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
22:33 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has joined #openvpn
22:36 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
23:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:19 -!- MikeH__ [~mystica55@174-16-111-227.hlrn.qwest.net] has joined #openvpn
23:22 -!- MikeH__ is now known as mystica555
23:22 -!- mystica555_ [~mystica55@97-118-111-133.hlrn.qwest.net] has quit [Ping timeout: 240 seconds]
23:25 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
23:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:42 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 240 seconds]
23:43 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
--- Day changed Mon Nov 09 2015
00:02 -!- ShadniX [dagger@p5481D67B.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:03 -!- ShadniX [dagger@p5DDFF4AA.dip0.t-ipconnect.de] has joined #openvpn
00:07 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
00:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
00:19 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:00 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
01:09 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:09 -!- mode/#openvpn [+o mattock1] by ChanServ
01:39 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:02 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:13 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
02:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
02:16 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Client Quit]
02:19 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:32 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:55 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
03:02 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:09 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:11 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
03:20 -!- zamber [~zamber@78.10.84.227] has quit [Read error: Connection reset by peer]
03:21 -!- zamber [~zamber@78.10.84.227] has joined #openvpn
03:27 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:42 -!- twb [~twb@203.7.155.119] has quit [Remote host closed the connection]
03:48 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Quit: Aaaaaaaaa!]
03:58 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Ping timeout: 272 seconds]
04:00 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Quit: bye]
04:00 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
04:00 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
04:01 -!- hadi [~Instantbi@31.59.61.178] has joined #openvpn
04:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:04 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
04:04 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
04:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:21 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 250 seconds]
04:37 < veverak> yep
04:37 < veverak> or it was as I remember
04:37 < veverak> :)
04:39 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
04:44 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Read error: Connection reset by peer]
04:52 -!- valdikss [~valdikss@95.215.45.33] has quit [Remote host closed the connection]
04:56 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:59 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
05:00 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:01 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:04 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:06 -!- valdikss [~valdikss@95.215.45.33] has joined #openvpn
05:08 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:16 -!- Red-Bull [~red-bull@64.x86.be] has joined #openvpn
05:16 < Red-Bull> Hello
05:17 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
05:17 < Red-Bull> i am using a LANCOM router and using the QoS function for VoIP - this will enable MTU fragmentation and PTMU reduction during voip calls (QoS for RTP) - but when this is active my existing openvpn connections drop or fail (https requests) any idea how i can get both running?
05:18 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Client Quit]
05:38 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
05:38 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 272 seconds]
05:41 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Client Quit]
05:41 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
05:50 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
05:51 < defsdoor> Red-Bull, try not using auto mtu detection in openvpn ?
05:51 < defsdoor> https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn  maybe ?
05:51 <@vpnHelper> Title: Setting correct MTU for OpenVPN - Sonassi - High Performance Magento Hosting with Expert Support (at www.sonassi.com)
05:52 < Red-Bull> thank you - i will have a look at it
05:53 < Red-Bull> it openvpn "safe" for changeing mtu and ptmu during existing connections?
05:53 < defsdoor> why does it drop ? you got keepalive set ?
05:54 < Red-Bull> it does not drop but https connections are not working
05:54 < defsdoor> https over the vpn ? and just https ?
05:54 < Red-Bull> https over the openvpn connection when router is doing qos > mtu and ptmu to 576
05:54 < Red-Bull> read UDPv4 [EMSGSIZE Path-MTU=576]: Message too long (code=90)
05:54 < Red-Bull> shows the syslog
05:55 < defsdoor> sounds like a mix of packet loss and mtu
05:55 < Red-Bull> the openvpn connection was established with mtu 1480 during qos was not active
05:56 < defsdoor> syslog on the openvpn server or the router ?
05:56 < Red-Bull> no. at a client
05:56 < defsdoor> whats the issue with restart the vpn server ? all you clients should auto reconnect without noticing
05:57 < Red-Bull> hm the issue dissappears when voip call ends and router sets mtu and pmtu back to normal
05:57 < Red-Bull> maybe a solution would be to set everything to mtu 576 in all openvpn configs?
05:59 < defsdoor> do your client pull settings ?
05:59 < Red-Bull> ya
06:02 <@plaisthos> defsdoor: they will not
06:03 <@plaisthos> only after ping-timeout
06:03 <@plaisthos> but there is a patch from lev__ that fixes that
06:03 < defsdoor> plaisthos, yeah but most user don't notice - bit of log and off it goes again
06:04 < defsdoor> lag*
06:05 < Red-Bull> plaisthos> is this patch something for me?
06:08 <@plaisthos> Red-Bull: probably not
06:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:18 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
06:19 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:32 -!- haploid [~vox_molli@206.190.145.85.adsl.inet-telecom.org] has quit [Quit: Lost terminal]
06:38 -!- b3d0u1n [~none@unaffiliated/b3d0u1n] has joined #openvpn
06:39 < b3d0u1n> I run OpenVPN over TCP.  The client side is a DSL connection; the server is in a data center and I have control over it's config files if needed.  I am trying to find out the best mtu settings, but mtu-test doesn't work over TCP.  Can you give me any reccommendations?
06:40 < BtbN> Don't use TCP if you can avoid it.
06:41 < b3d0u1n> Well, I was having connection issues with my DSL connection over UDP so I switched to TCP.  What would happen is the client would get disconnected and just try to reconnect for 5 or 10 minutes before it succeeded.  This could've been related to bad MTU settings, but I never quite worked it out.
06:41 < b3d0u1n> Switching to TCP made it go away.  Shrug.
06:43 < BtbN> Now you're tunneling TCP over TCP. Which has a huge performance and reliabilty impact, specialy on unstable connections.
06:43 < BtbN> The inner TCP is enough
06:44 < b3d0u1n> So I should go back to UDP and try to figure out what's going wrong?
06:44 < b3d0u1n> There is another issue altogether and that's that I think my ISP is throttling VPN traffic.
06:45 < b3d0u1n> Switching to any port makes no difference.  Even 443 or 80.
06:45 < b3d0u1n> But then again I'm not sure, because this could be a MTU issue.
06:46 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:47 < b3d0u1n> I have a 2mb connection.  Without the VPN I get roughly the 2mb.  With the VPN, no matter what port or protocol, I'm stuck about 0.5mb.  Strangely, if two connections are going concurrently it will move up to 1mb.
06:48 < b3d0u1n> For example, two FTP transfers at once.
06:49 < b3d0u1n> The same VPN performs with no bottlenecks over my 3G connection.
06:50 < b3d0u1n> Using the same exact parameters and OS.
06:50 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
06:51 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:52 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Client Quit]
06:53 < b3d0u1n> If I ping the vpn server from my dsl connection without the vpn connected, latency is low; traceroutes look good too.  Inside the VPN itself though, latency is pretty insane.  Packets dropped.
06:54 < BtbN> So either your ISP is activately trying to sabotage any kind VPN, or you just misconfigured it.
06:54 < b3d0u1n> I live in Egypt.  So the latter is very possible.
06:54 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
06:55 < b3d0u1n> I think more likely though is that they're doing aggressive traffic shaping because they are overselling their bandwidth.
06:55 < b3d0u1n> Since this all fluctuates a bit according to the time of day.
07:02 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:04 < b3d0u1n> It's been an ongoing thing for months.  But I don't have any work today so I thought I'd investigate a bit more.
07:05 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:13 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:21 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Ping timeout: 252 seconds]
07:22 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:23 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
07:23 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:24 -!- hadi [~Instantbi@31.59.61.178] has quit [Quit: Instantbird 1.6a1pre -- http://www.instantbird.com]
07:31 -!- b3d0u1n [~none@unaffiliated/b3d0u1n] has quit [Quit: Leaving]
07:41 -!- master_of_master [~master_of@p4FF24EA0.dip0.t-ipconnect.de] has joined #openvpn
07:44 -!- master_o1_master [~master_of@p4FD7B825.dip0.t-ipconnect.de] has quit [Ping timeout: 252 seconds]
07:48 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Read error: Connection reset by peer]
07:49 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
07:50 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
07:56 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Ping timeout: 264 seconds]
07:58 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
08:00 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 264 seconds]
08:01 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Read error: Connection reset by peer]
08:07 -!- Tykling [tykling@89.233.43.74] has joined #openvpn
08:11 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:13 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
08:14 -!- unixninja92_ [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Ping timeout: 264 seconds]
08:14 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
08:27 -!- Amnez777 [~Amnez777@37.157.216.171] has quit [Changing host]
08:27 -!- Amnez777 [~Amnez777@unaffiliated/amnez777] has joined #openvpn
08:29 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Ping timeout: 272 seconds]
08:30 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
08:41 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
08:42 -!- dvl [~dvl@freebsd/developer/dvl] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
08:43 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:54 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:08 -!- av6 [~av6@109.194.253.181] has joined #openvpn
09:09 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
09:10 < av6> hi
09:10 < av6> it's possible to include the contents of ca, cert & key files into client config with xml-like syntax, but can i include tls-auth as well? if so, how?
09:15 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:19 < av6> ok, <tls-auth> works as long as there's key-direction 1
09:20 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 240 seconds]
09:23 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
09:39 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Quit: WeeChat 1.2]
09:39 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
09:43 -!- hadi [~Instantbi@31.59.61.178] has joined #openvpn
10:13 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 250 seconds]
10:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
10:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:33 -!- hadi [~Instantbi@31.59.61.178] has quit [Quit: Instantbird 1.6a1pre -- http://www.instantbird.com]
10:34 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
10:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
10:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:47 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
11:03 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:12 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
11:13 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:14 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
11:20 -!- tokumada [32f39466@gateway/web/freenode/ip.50.243.148.102] has joined #openvpn
11:21 < tokumada> I'm trying to connect to my vpn using tunnelblick and the connection fails saying "openvpnstart returned with status #173"  anyone here seen anything like that
11:21 < tokumada> ?
11:22 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Ping timeout: 252 seconds]
11:31 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
11:34 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:40 -!- tokumada [32f39466@gateway/web/freenode/ip.50.243.148.102] has quit [Ping timeout: 246 seconds]
11:53 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:54 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
11:58 -!- monster^ [~monster@unaffiliated/monster/x-2037710] has joined #openvpn
12:02 < monster^> I am having an issue configuring openvpn in a specific manner
12:02 < monster^> I have an ec2 instances that when I run openvpn  --config file.ovpn kills my ssh session
12:03 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
12:03 < monster^> Ideal I just want to setup a tunneled interface that docker can use
12:04 < monster^> http://paste.openstack.org/raw/478365/ is my ovpn file
12:04 < monster^> any help would be appreciated
12:06 < Eugene> What's your server config look like? If you're pushing a route that overrides the default(or the one used for your SSH session), tada!
12:09 < monster^> yeah when I run openvpn --config with that file is adjusts the default gateway to tun0
12:09 < monster^> breaking my connections in
12:10 < monster^> I need to figure out a way to only use a special interface for VPN routes
12:16 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
12:20 -!- Chemmy [~Chemmy@93.187.144.141] has joined #openvpn
12:21 -!- Uranio [~Uranio@51.254.133.169] has joined #openvpn
12:22 -!- Uranio [~Uranio@51.254.133.169] has quit [Read error: Connection reset by peer]
12:24 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:28 -!- Uranio [~Uranio@169.ip-51-254-133.eu] has joined #openvpn
12:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:32 -!- amites [~amites@75-166-152-245.hlrn.qwest.net] has joined #openvpn
12:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:38 < amites> Hey Guys -- anyone here ever have issues with a client being able to connect to a remote server (using TCP) but unable to transfer? -- this is a log from openvpn when I try to ssh into a remote system -- https://gist.github.com/amites/ea0be4053a5917386eb6
12:38 <@vpnHelper> Title: gist:ea0be4053a5917386eb6 · GitHub (at gist.github.com)
12:44 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
12:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:52 -!- Uranio [~Uranio@169.ip-51-254-133.eu] has quit [Quit: Leaving]
13:00 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
13:09 -!- toli [~toli@109.128.250.107] has joined #openvpn
13:16 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Quit: WeeChat 1.2]
13:17 -!- Uranio [~Uranio@169.ip-51-254-133.eu] has joined #openvpn
13:17 -!- Uranio [~Uranio@169.ip-51-254-133.eu] has quit [Client Quit]
13:17 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 276 seconds]
13:18 -!- sillysausage [~sillysaus@5.79.74.142] has joined #openvpn
13:19 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:21 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
13:22 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Client Quit]
13:27 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
13:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:35 -!- amites [~amites@75-166-152-245.hlrn.qwest.net] has quit [Ping timeout: 276 seconds]
13:38 -!- nhooyr [~nhooyr@aubble.com] has quit [Remote host closed the connection]
13:38 -!- somis [~somis@167.160.44.204] has joined #openvpn
13:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:48 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
13:49 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
13:49 -!- amites [~amites@75-166-152-8.hlrn.qwest.net] has joined #openvpn
13:54 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:01 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:01 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
14:08 -!- Cruz4prez [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
14:13 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:15 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Quit: Aaaaaaaaa!]
14:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:21 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
14:21 -!- amites [~amites@75-166-152-8.hlrn.qwest.net] has quit [Ping timeout: 272 seconds]
14:34 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
14:35 -!- amites [~amites@97-124-224-227.hlrn.qwest.net] has joined #openvpn
14:47 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:48 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:50 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
15:04 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
15:13 -!- toli [~toli@109.128.250.107] has joined #openvpn
15:17 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
15:24 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
15:36 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:37 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
16:00 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 252 seconds]
16:06 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
16:12 -!- pandabearit [~pandabear@rrcs-50-75-146-102.nys.biz.rr.com] has joined #openvpn
16:13 < pandabearit> Hey all, so plan running two concurrent vpns over two seperate nics on a xen vm. For this kind of stuff I'll be bridge my nic's to the vms, does this just automatically mean I should be running my vpns in bridged mode or would there/should there be any reason i should be using routing?
16:13 < pandabearit> on two seperate xen vms*
16:24 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:26 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
16:28 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Ping timeout: 246 seconds]
16:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:43 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Ping timeout: 250 seconds]
16:47 -!- AlmogBaku [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
16:59 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
17:00 -!- AlmogBak_ [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
17:02 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
17:03 -!- AlmogBaku [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Ping timeout: 240 seconds]
17:08 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
17:09 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
17:18 -!- toli [~toli@109.128.250.107] has joined #openvpn
17:21 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
17:25 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:29 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
17:36 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 255 seconds]
17:38 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
17:47 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:55 -!- pandabearit [~pandabear@rrcs-50-75-146-102.nys.biz.rr.com] has quit [Ping timeout: 250 seconds]
17:57 -!- Uranio [~Uranio@169.ip-51-254-133.eu] has joined #openvpn
18:10 -!- Uranio [~Uranio@169.ip-51-254-133.eu] has quit [Ping timeout: 246 seconds]
18:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:26 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 240 seconds]
18:28 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
18:52 -!- AlmogBak_ [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:06 -!- milky [~discovery@textual/developer/mikeym] has joined #openvpn
19:59 -!- somis [~somis@167.160.44.204] has quit [Quit: Leaving]
20:49 -!- Triffid_Hunter [~Triffid_H@unaffiliated/triffid-hunter] has joined #openvpn
21:36 -!- Triffid_Hunter [~Triffid_H@unaffiliated/triffid-hunter] has left #openvpn ["Democracy: a system of government by which 51% of the population can oppress the other 49%"]
21:59 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 255 seconds]
22:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:50 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:23 -!- ntio [~ntio@unaffiliated/ntio] has quit [Quit: WeeChat 1.3]
23:48 -!- vvande [~vvande@168.235.86.179] has joined #openvpn
23:56 -!- jesopo [jess@lolnerd.net] has quit [Quit: et nos unum sumus]
--- Day changed Tue Nov 10 2015
00:01 -!- ShadniX [dagger@p5DDFF4AA.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:01 -!- ShadniX [dagger@p579415E6.dip0.t-ipconnect.de] has joined #openvpn
00:05 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
00:15 -!- vvande [~vvande@168.235.86.179] has quit [Ping timeout: 252 seconds]
00:37 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
00:42 -!- sillysausage [~sillysaus@5.79.74.142] has quit [Ping timeout: 264 seconds]
00:43 -!- sillysau1 [~sillysaus@5.254.103.246] has joined #openvpn
00:44 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
00:47 -!- sillysau1 [~sillysaus@5.254.103.246] has quit [Ping timeout: 240 seconds]
00:50 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Remote host closed the connection]
00:50 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
00:53 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Quit: Bye!]
00:53 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
00:53 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
00:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:57 -!- mode/#openvpn [+o mattock1] by ChanServ
01:07 -!- jesopo [jess@lolnerd.net] has joined #openvpn
01:20 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 250 seconds]
01:25 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
01:33 -!- Rymax99 [Ryan@unaffiliated/rymax99] has joined #openvpn
01:34 -!- toli [~toli@109.128.250.107] has joined #openvpn
01:39 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
01:44 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 244 seconds]
01:45 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
01:49 -!- toli [~toli@109.128.250.107] has joined #openvpn
01:57 -!- amites [~amites@97-124-224-227.hlrn.qwest.net] has quit [Ping timeout: 240 seconds]
01:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
02:02 -!- AlmogBaku [~AlmogBaku@79.181.98.13] has joined #openvpn
02:13 -!- FL1SK [~quassel@96-19-87-160.cpe.cableone.net] has quit [Ping timeout: 265 seconds]
02:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
02:19 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 246 seconds]
02:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:23 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
02:34 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Quit: Bye!]
02:35 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
02:39 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
02:47 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:55 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:04 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 260 seconds]
03:09 -!- AlmogBaku [~AlmogBaku@79.181.98.13] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:17 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:18 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
03:20 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Client Quit]
03:23 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
03:34 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:17 -!- quenode [~quenode@cable-89-216-16-150.static.sbb.rs] has joined #openvpn
04:30 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has quit [Ping timeout: 252 seconds]
04:31 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:33 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:44 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
04:58 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:01 -!- Chemmy [~Chemmy@93.187.144.141] has quit [Ping timeout: 255 seconds]
05:05 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
05:08 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
05:30 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
05:38 < quenode> Hi guys need a little help kind a stuck with routes so here is the diagram http://s8.postimg.org/vmbyume2t/openvpntunnel.png
05:39 < quenode> I am trying to access 10.18.0.6 to 192.168.153.228 example what I need to push to 10.18.0.6 tnx ?
05:46 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:51 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:04 -!- ploynog [~ploynog@pd95c890f.dip0.t-ipconnect.de] has joined #openvpn
06:06 -!- ploynog [~ploynog@pd95c890f.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
06:14 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
06:14 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
06:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:17 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
06:20 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
06:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:27 -!- toli [~toli@109.128.250.107] has joined #openvpn
06:31 -!- hojgaard [~hojgaard@78.156.117.236] has joined #openvpn
06:35 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
06:36 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
06:39 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Quit: No Ping reply in 180 seconds.]
06:39 -!- shio [shio@10.121.101.84.rev.sfr.net] has quit [Disconnected by services]
06:39 -!- shio [shio@84.101.121.10] has joined #openvpn
06:40 -!- quenode [~quenode@cable-89-216-16-150.static.sbb.rs] has quit [Ping timeout: 240 seconds]
06:40 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Ping timeout: 255 seconds]
06:40 -!- BtbN_ [btbn@unaffiliated/btbn] has joined #openvpn
06:41 -!- BtbN [btbn@unaffiliated/btbn] has quit [Read error: Connection reset by peer]
06:41 -!- BtbN_ is now known as BtbN
06:41 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
06:42 -!- abbe [having@badti.me] has quit [Ping timeout: 240 seconds]
06:44 -!- abbe [having@badti.me] has joined #openvpn
06:53 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
06:53 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Ping timeout: 252 seconds]
06:59 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
06:59 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 276 seconds]
07:01 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
07:03 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
07:03 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
07:06 -!- quenode [~quenode@cable-89-216-16-150.static.sbb.rs] has joined #openvpn
07:08 -!- lilalinuxHamburg [znc@ist.deswahnsinns.de] has joined #openvpn
07:15 -!- ploynog [~ploynog@217.92.137.15] has joined #openvpn
07:17 < ploynog> is there a guide somewhere on how to upgrade an easy-rsa v2 CA to v3? The upgrade notes don't mention this at all. Or do I just init the pki system in v3 and then copy the old certificates/keys and index/serial files to the new location?
07:22 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:23 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
07:25 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
07:31 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:36 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:39 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:41 -!- master_o1_master [~master_of@p4FD7BA09.dip0.t-ipconnect.de] has joined #openvpn
07:44 -!- master_of_master [~master_of@p4FF24EA0.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
07:48 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
07:52 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
07:52 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
07:55 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
07:55 < quenode> Hey anyone can give me a hand please if not to busy :)
07:56 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
08:00 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has joined #openvpn
08:01 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
08:01 < phutchins> morning
08:02 < phutchins> Anyone know what I can search for to find information on selectively allowing access to certain subnets on a per user basis?
08:02 < phutchins> Basically I have a vpn and I want to allow certain users (depending on LDAP group) access to certain networks...
08:03 < phutchins> I've already written the LDAP script that does the autnetication and can check the groups but looking for the next step.
08:03 < GFXDude> I would imagine that is set in the User Permissions
08:04 < GFXDude> there's a box for "Allow Access To" where you can place subnets
08:04 < phutchins> GFXDude: I have no box... All is command line
08:04 < phutchins> i'll google allow access to and see if i can find the same in the configs
08:04 < GFXDude> Are you not using OpenVPN-AS?
08:05 < phutchins> I'm using openvpn
08:05 < phutchins> The subject in this channel suggests that one would go to #openvpn-as for access server
08:05 < GFXDude> There's an entire web interface for administration
08:06 < GFXDude> Hmm. I had not noticed that.
08:06 < phutchins> I've seen it but haven't used it.
08:06 < phutchins> Have considered... :)
08:07 < GFXDude> I've been very happy with the results of AS; is very simple to get a basic setup running.
08:07 -!- AlmogBaku [~AlmogBaku@bzq-79-181-98-13.red.bezeqint.net] has quit [Ping timeout: 255 seconds]
08:07 < phutchins> Nice. And open source and free?
08:08 < GFXDude> Free to an extent
08:08 < GFXDude> Gotta get user licenses
08:09 -!- AlmogBaku [~AlmogBaku@bzq-79-177-107-108.red.bezeqint.net] has joined #openvpn
08:09 < phutchins> and the license is free?
08:09 < phutchins> i did start to install the aws ami for the access server and it asked me for a license so i nuked it lol
08:13 < GFXDude> It comes with two free licenses
08:13 < GFXDude> I think they come in bundles of 10 after that, which are not free
08:14 < GFXDude> but for a simple VPN solution with complete customization available, paying a little for client licenses doesn't seem to bad
08:16 < GFXDude> !configs
08:16 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
08:17 -!- AlmogBak_ [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
08:18 -!- AlmogBaku [~AlmogBaku@bzq-79-177-107-108.red.bezeqint.net] has quit [Ping timeout: 272 seconds]
08:23 -!- James_Epp [~james@216.36.146.9] has left #openvpn []
08:27 -!- AlmogBak_ [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:29 -!- abbe [having@badti.me] has quit [Ping timeout: 264 seconds]
08:29 -!- abbe [having@badti.me] has joined #openvpn
08:33 -!- houtens [~houtens@happy.avruga.net] has quit [Quit: leaving]
08:38 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
08:50 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
08:50 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
08:50 -!- shiriru [~shiriru@84.238.149.137] has quit [Client Quit]
08:52 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 264 seconds]
08:54 -!- lxusrbin_ [~lxusrbin@scotty.fr0st.it] has quit [Ping timeout: 264 seconds]
08:54 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
08:58 -!- albercuba [~albercuba@p578070da.dip0.t-ipconnect.de] has joined #openvpn
08:58 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
09:02 < albercuba> Hello everyone. I have 2 openvpn installations,using TAP, one virtualized and the other one as bare metal, both with exactly the same configuration (of course each server has its own IP) When i connect to the bare metal server , i can access everything on the intranet and ping all computers and servers without any problem. But when i connect to the virtualized server i can ping only specific servers and not other computers on the intr
09:02 < albercuba> anet. So, does virtualized openvpn servers need special parameter or what?
09:05 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
09:06 -!- ploynog [~ploynog@217.92.137.15] has quit [Read error: Connection reset by peer]
09:11 -!- lilalinuxHamburg [znc@ist.deswahnsinns.de] has quit [Ping timeout: 240 seconds]
09:24 -!- noob1234 [bc81300d@gateway/web/freenode/ip.188.129.48.13] has joined #openvpn
09:24 < noob1234> hello2all
09:25 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
09:25 < noob1234> Strange thing when trying to install Openvpn on windows server 2003. It stops wit error that it is already running, but it is not. Any help is appreciated beacuse i dont know where to start. Thx
09:26 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:26 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:30 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:30 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:31 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:31 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:33 < noob1234> Its OK now, it was the wrong version of the openvpn it seems.
09:34 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:34 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:35 -!- toli [~toli@109.128.250.107] has joined #openvpn
09:35 -!- noob1234 [bc81300d@gateway/web/freenode/ip.188.129.48.13] has quit [Quit: Page closed]
09:35 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:35 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:36 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:36 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:37 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:37 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:38 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:38 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:39 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:39 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:40 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:40 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:41 -!- lilalinuxHamburg [znc@ist.deswahnsinns.de] has joined #openvpn
09:41 -!- lilalinuxHamburg [znc@ist.deswahnsinns.de] has quit [Excess Flood]
09:42 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:42 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:42 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:43 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:43 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:44 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:44 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
09:45 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:45 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:47 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
09:47 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:47 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:48 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:48 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:49 -!- houms [~houms@38.104.66.142] has joined #openvpn
09:49 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:49 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:50 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:50 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:50 < houms> good day all , trying to figure out how to have users able to connect to multiple openvpn servers at the same time in linux. using network-manager seems to not work as the second tunnel always causes the first connected to drop before you can connect to second tunnel. with the cli it seems to work, but users have to run the cli as root, is there any options for this dilemma ?
09:51 -!- lilalinuxHamburg [znc@ist.deswahnsinns.de] has joined #openvpn
09:51 -!- lilalinuxHamburg [znc@ist.deswahnsinns.de] has quit [Excess Flood]
09:51 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:52 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:52 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:53 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:53 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:53 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:54 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:54 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:55 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:55 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:56 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:56 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
09:56 -!- lilalinuxHamburg [znc@80.69.39.131] has quit [Excess Flood]
09:57 -!- lilalinuxHamburg [znc@80.69.39.131] has joined #openvpn
10:05 -!- milky [~discovery@textual/developer/mikeym] has quit [Ping timeout: 250 seconds]
10:08 -!- milky [~discovery@textual/developer/mikeym] has joined #openvpn
10:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:22 -!- lilalinuxHamburg [znc@80.69.39.131] has left #openvpn ["Leaving..."]
10:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:29 -!- AlmogBaku [~AlmogBaku@37.26.146.140] has joined #openvpn
10:31 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 252 seconds]
10:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:37 -!- AlmogBaku [~AlmogBaku@37.26.146.140] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:43 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
10:44 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
10:44 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
10:49 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
10:52 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
10:59 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:10 -!- houms [~houms@38.104.66.142] has quit [Quit: Konversation terminated!]
11:13 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:27 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:33 -!- AlmogBaku [~AlmogBaku@80.178.197.51.adsl.012.net.il] has joined #openvpn
11:37 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
11:39 -!- toli [~toli@109.128.250.107] has quit [Ping timeout: 246 seconds]
11:45 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has joined #openvpn
11:46 -!- undecim [455c22f7@gateway/web/freenode/ip.69.92.34.247] has joined #openvpn
11:47 < undecim> How can I configure my client to not modify the routing table, but just create the tun device?
11:52 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
11:56 -!- toli [~toli@109.128.250.107] has joined #openvpn
12:17 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
12:20 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
12:44 -!- AlmogBaku [~AlmogBaku@80.178.197.51.adsl.012.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:56 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:00 -!- poseidon1157 [~kbaegis@38.104.27.26] has joined #openvpn
13:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:01 < poseidon1157> Hi all.  I need some tricks for debugging: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
13:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:03 < poseidon1157> TCP connection established with [AF_INET]
13:10 -!- poseidon1157 [~kbaegis@38.104.27.26] has quit [Ping timeout: 276 seconds]
13:13 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 260 seconds]
13:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:16 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
13:17 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:24 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-tsqwnfgnwehhaear] has quit [Quit: Connection closed for inactivity]
13:25 -!- liriel [~liriel@185.21.217.6] has quit [Remote host closed the connection]
13:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:31 -!- liriel [~liriel@185.21.217.6] has joined #openvpn
13:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:34 -!- PGNd [~PGNd@unaffiliated/pgngw] has joined #openvpn
13:42 -!- liriel [~liriel@185.21.217.6] has left #openvpn ["bye"]
13:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:48 -!- PGNd [~PGNd@unaffiliated/pgngw] has left #openvpn []
13:54 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
13:59 -!- appro [~appro@gentoo/user/appro] has joined #openvpn
14:05 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
14:06 < infernix> is there some way to update UV_* variables whenever client connects to server?
14:07 < infernix> i'm passing along --setenv UV_FOO `cat /etc/bar` for example
14:07 < infernix> but that gets parsed only at openvpn startup, which isn't exactly dynamic enough
14:07 -!- FruitieX [~FruitieX@qyr0.kyla.fi] has quit [Quit: ZNC - http://znc.in]
14:14 -!- toli [~toli@109.128.250.107] has joined #openvpn
14:18 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:28 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 276 seconds]
14:35 < defsdoor> infernix, what are you trying to do ?
14:35 < infernix> i am passing along the contents of a file. essentialy a version number
14:36 < defsdoor> passing it where ?
14:36 < infernix> something akin to --setenv UV_MY_DEVICE_VERSION `cat /etc/myversion`
14:36 < infernix> when clients connect to a server
14:36 < infernix> but when the openvpn client isn't restarted, that variable isn't being refreshed if it changes
14:37 < infernix> and i'm using the VPN to make changes to that file, so restarting the tunnel isn't ideal
14:37 < defsdoor> no you'd need to restart the server and set the environment variable again
14:38 < infernix> this setenv is client sie
14:38 < infernix> using --push-peer-info
14:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:38 < infernix> so that's the question, is it avoidable somehow
14:38 < infernix> I don't think the client can be passed any UV_* variables in a script that gets executed before it connects to the server
14:39 < defsdoor> no
14:39 < defsdoor> you'd need to amend the environment and recall openvpn
14:39 < infernix> right. so maybe i need to run a simple tcp daemon on the client vpn IP that I can pull this sort of data from
14:40 < infernix> since there is no way to dynamically pass any such info along as far as i can tell
14:40 < defsdoor> finger ?
14:40 < infernix> or similar,y es
14:40 < infernix> wow, i haven't thought of using that in probably 10 years
14:40 < infernix> :)
14:41 < defsdoor> does anyone use finger anymore ?
14:41 < defsdoor> I remember when you could finger John Carmack
14:41 < defsdoor> he used to update his plan regularly
14:41 < infernix> i think last time i used finger is when i tried to exploit something
14:42 < infernix> so that must have been 20 years ago then
14:42 < defsdoor> you might be better off just modifying the source to amend the current environment
14:43 < defsdoor> setup a load env option that points to a file of key,value pairs
14:43 < infernix> nah i think i'll move into a state daemon that runs on the client side
14:43 < defsdoor> and load on reconnect
14:44 < infernix> since i probably want to address those variables from outside the server in the future
14:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:45 < infernix> the only thing i really need to pass along with openvpn is its mac address which is as static as you can get
14:46 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 272 seconds]
14:53 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
15:00 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
15:02 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
15:05 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
15:06 -!- goldkatze [~nobody@unaffiliated/goldkatze] has quit [Client Quit]
15:19 < undecim> I need some client config help. I'm passing --route-noexec, but i'm still getting routes automatically added, and my route-up script isn't executing.
15:36 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
15:37 -!- undecim [455c22f7@gateway/web/freenode/ip.69.92.34.247] has quit [Quit: Page closed]
15:39 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
15:58 -!- somis [~somis@167.160.44.200] has joined #openvpn
16:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 276 seconds]
16:22 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
16:32 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
16:38 -!- avril [~L@I.thought.this.was.dalnet.ca] has quit [Ping timeout: 240 seconds]
16:42 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
16:42 -!- poseidon1157 [~kbaegis@38.104.27.26] has joined #openvpn
16:43 < poseidon1157> Hey guys, I have a problem
16:43 < poseidon1157> http://pastebin.com/j68AbrUt
16:45 < poseidon1157> Here are the commands I used to generate the associated cert: http://pastebin.com/UqFGPF1n
16:46 -!- avril [~L@I.thought.this.was.dalnet.ca] has quit [Ping timeout: 265 seconds]
16:46 < poseidon1157> !logs
16:46 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:47 < poseidon1157> Can anyone help?
16:48 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
16:50 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:08 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:46 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has joined #openvpn
17:46 < NightMonkey> Howdy. Where does OpenVPN server keep it's list of assigned "dhcp" addresses? :)
17:47 < NightMonkey> its, rather.
17:47 < NightMonkey> I'm hoping that it is in a file, but any way to make OpenVPN server spit out this list?
17:48 < NightMonkey> We seem to have had a problem where a duplicate IP was assigned to clients, but we'd like to better troubleshoot.
17:48 < Eugene> !ipp
17:49 <@vpnHelper> "ipp" is (#1) the option --ifconfig-pool-persist ipp.txt does NOT create static ips or (#2) Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, see !iporder and !static
17:49 < Eugene> --ifconfig-pool-persist will give you a file with a list of assignments, but they are only suggestions and do not reflect live/active clients
17:49 < Eugene> For that you will want to consult the MANAGEMENT INTERFACE section of the man page
17:50 < NightMonkey> Eugene: Heh, great, I'm reading about the Management Interface now. :)
17:51 < NightMonkey> Eugene: So, if a OpenVPN server is restarted, are existing clients 'marooned' as far as address assignments?
17:52 < Eugene> If IPP is setup, openvpn will look for an address in there before picking one
17:52 < Eugene> I'm not sure under what circumstances it would ignore an IPP entry - I don't use it myself, in favor of doing real static addressing
17:52 < Eugene> (or just not caring)
17:54 < NightMonkey> Eugene: Ah! So, if we didn't set that, it isn't default?
17:54 < Eugene> Yah, it would just be the internal list
17:54 < Eugene> Which would not persist through restarts
17:55 < NightMonkey> Awesome!
17:55 < NightMonkey> Eugene: Thank you!
17:57 < NightMonkey> Eugene: OK, sadly, we had that enabled. :( So, the mystery of how duplicate IPs were assigned still remains.
17:57 < Eugene> !beer
17:57 <@vpnHelper> "beer" is what's for dinner (and occasionally breakfast)
17:57 < NightMonkey> lol
17:58 < NightMonkey> !iporder
17:58 <@vpnHelper> "iporder" is (#1) OpenVPN's internal client IP address selection algorithm works as follows: 1 -- Use --client-connect script generated file for static IP (first choice). or (#2) Use --client-config-dir file for static IP (next choice) !static for more info or (#3) Use --ifconfig-pool allocation for dynamic IP (last choice) or (#4) if you use --ifconfig-pool-persist see !ipp
17:58 < NightMonkey> !static
17:58 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder or (#4) with static IPs, limit your --ifconfig-pool to exclude the static range or (#5) See also: !addressing
18:01 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
18:04 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 240 seconds]
18:05 < NightMonkey> !ccd
18:05 <@vpnHelper> "ccd" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
18:09 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:17 < poseidon1157> I can't even get the stupid TLS set up appropriately
18:17 < poseidon1157> Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
18:22 < Eugene> TLS failure usually indicates one of: networking(packets never reach the destination system), firewall(packets are blocked instead of being received by the openvpn process), typo(check your IPs & names!), expired cert, or missing a shared key
18:22 < Eugene> !logs
18:22 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
18:23 < Eugene> The server logs will help narrow down which of these it is
18:28 < poseidon1157> I'll uploade
18:28 < poseidon1157> Second
18:28 < poseidon1157> http://pastebin.com/efbikyv6
18:30 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:30 < poseidon1157> Absolutely no useful info
18:30 < poseidon1157> From what I was reading
18:30 < Eugene> That's the client log
18:30 < poseidon1157> just "TCPv4_SERVER link local: [undef]"
18:31 < poseidon1157> No, that's actually the server log
18:31 < poseidon1157> At verb 6
18:31 < Eugene> Oh, so it is. I misread the options strings
18:31 < Eugene> What's the client's log say, then?
18:32 < Eugene> That's lots of useful info - it indicates that it isn't a network or firewall issue. You've got a TCP connection from client-->server successfully, but somewhere TLS is failing
18:32 < Eugene> The fact that it's a server-side timeout tells me that the client doesn't like something about the server
18:32 -!- poseidon1157 [~kbaegis@38.104.27.26] has quit [Quit: Leaving.]
18:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:08 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
19:13 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 252 seconds]
19:15 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
19:21 -!- mystica555 [~mystica55@174-16-111-227.hlrn.qwest.net] has quit [Remote host closed the connection]
19:22 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:32 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:35 < milky> This isn’t relevant to the current conversation but I thought I would brag I got IPv6 working through OpenVPN: http://www.ıoı.com/shares/jBvj6upPSi.png
19:36 < Eugene> What did they knock a point off for?
19:37 < Eugene> SLAAC?
19:37 < milky> Heh, I didn’t even notice it was 19/20
19:37 < milky> Just ran again and showed 20/20
19:45 < Eugene> Woohoo
19:47 <+esde> !botsnack
19:47 <@vpnHelper> "botsnack" is Om nom nom!
19:52 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 255 seconds]
19:54 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
20:09 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Quit: No Ping reply in 180 seconds.]
20:14 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
20:27 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 250 seconds]
20:34 -!- somis [~somis@167.160.44.200] has quit [Quit: Leaving]
20:34 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
21:05 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 250 seconds]
21:05 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
21:55 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-wxixpjtmrkzuduue] has joined #openvpn
22:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:59 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
23:08 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
23:26 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Ping timeout: 250 seconds]
23:32 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:50 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
--- Day changed Wed Nov 11 2015
00:01 -!- ShadniX [dagger@p579415E6.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:02 -!- ShadniX [dagger@p5794120E.dip0.t-ipconnect.de] has joined #openvpn
00:12 -!- mgorbach_ [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
00:12 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds]
00:12 -!- ashka [~postmaste@pdpc/supporter/active/ashka] has quit [Ping timeout: 240 seconds]
00:12 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 240 seconds]
00:12 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
00:12 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
00:13 -!- mgorbach_ is now known as mgorbach
00:15 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
00:15 -!- mode/#openvpn [+o krzee] by ChanServ
00:18 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:37 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: Textual IRC Client: www.textualapp.com]
00:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:07 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:07 -!- mode/#openvpn [+o mattock1] by ChanServ
01:40 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
01:48 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 244 seconds]
01:48 -!- loganaden [~logan@ns1.qubic.net] has quit [Ping timeout: 240 seconds]
01:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
01:50 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:50 -!- mode/#openvpn [+o mattock1] by ChanServ
01:51 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
01:51 -!- mode/#openvpn [+v RBecker] by ChanServ
01:56 -!- hojgaard [~hojgaard@78.156.117.236] has quit [Read error: Connection reset by peer]
01:57 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 250 seconds]
01:59 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
01:59 -!- mode/#openvpn [+v RBecker] by ChanServ
01:59 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:03 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
02:04 -!- solomon56 [~solomon56@steven.es] has joined #openvpn
02:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:12 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
02:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
02:26 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
02:39 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit []
02:40 < albercuba> Hello everyone. I have 2 openvpn installations,using TAP, one virtualized and the other one as bare metal, both with exactly the same configuration (of course each server has its own IP) When i connect to the bare metal server , i can access everything on the intranet and ping all computers and servers without any problem. But when i connect to the virtualized server i can ping only specific servers and not other computers on the intr
02:40 < albercuba> anet. So, does virtualized openvpn servers need special parameter or what?
02:40 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
02:42 -!- Tenhi_ [~tenhi@178.18.241.180] has joined #openvpn
02:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:45 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:57 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:06 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:10 -!- hadi [~Instantbi@31.59.59.120] has joined #openvpn
03:10 -!- hadi [~Instantbi@31.59.59.120] has quit [Client Quit]
03:11 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
03:13 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:14 -!- hadi [~Instantbi@31.59.59.120] has joined #openvpn
03:15 -!- hadi [~Instantbi@31.59.59.120] has quit [Client Quit]
03:17 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 260 seconds]
03:23 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
03:30 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
03:35 < albercuba> Hello everyone. I have 2 openvpn installations,using TAP, one virtualized and the other one as bare metal, both with exactly the same configuration (of course each server has its own IP) When i connect to the bare metal server , i can access everything on the intranet and ping all computers and servers without any problem. But when i connect to the virtualized server i can ping only specific servers and not other computers on the intr
03:35 < albercuba> anet. So, does virtualized openvpn servers need special parameter or what?
03:38 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:51 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:56 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
04:02 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:03 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:28 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
04:41 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 240 seconds]
04:55 -!- dazo_afk is now known as dazo
04:58 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:58 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:19 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:19 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:20 -!- mystica555 [~mystica55@174-16-111-227.hlrn.qwest.net] has joined #openvpn
05:20 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
05:21 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
05:25 -!- master_o1_master [~master_of@p4FD7BA09.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
05:26 -!- master_of_master [~master_of@p4FD7BA09.dip0.t-ipconnect.de] has joined #openvpn
05:28 -!- sillysausage [~sillysaus@178.17.168.21] has joined #openvpn
05:32 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
05:35 -!- kuroro [~kuroro@69.165.253.74] has quit [Read error: Connection reset by peer]
05:37 -!- shiriru [~shiriru@84.238.149.137] has quit [Ping timeout: 250 seconds]
05:42 -!- toli [~toli@109.128.250.107] has joined #openvpn
05:52 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:57 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
05:57 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
06:06 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
06:10 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:10 -!- goopen [~niclas@host-85-30-182-195.sydskane.nu] has joined #openvpn
06:12 < goopen> Hi folks, does it matter where in a local network you place the openvpn server to which you want clients to be able to connect to? Or do I have to have a combined "router/openvpn" server connected as the 1st device towards internet?
06:12 < goopen> (if that makes sense)
06:13 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
06:17 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
06:33 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:33 < albercuba> goopen, you can put it wherever you want as long as you redirect traffic to it via your firewall
06:33 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:39 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
06:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:46 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:46 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:51 < goopen> albercuba: thank you, I figured it out :)
07:14 -!- sillysausage [~sillysaus@178.17.168.21] has quit [Ping timeout: 250 seconds]
07:16 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
07:41 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
07:41 -!- master_o1_master [~master_of@p4FF24065.dip0.t-ipconnect.de] has joined #openvpn
07:42 -!- sillysausage [~sillysaus@178.17.168.21] has joined #openvpn
07:44 -!- master_of_master [~master_of@p4FD7BA09.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
07:49 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 255 seconds]
07:49 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
07:51 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
07:55 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
07:59 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:06 < albercuba> Hello everyone. I have 2 openvpn installations,using TAP, one virtualized and the other one as bare metal, both with exactly the same configuration (of course each server has its own IP) When i connect to the bare metal server , i can access everything on the intranet and ping all computers and servers without any problem. But when i connect to the virtualized server i can ping only specific servers and not other computers on the intr
08:06 < albercuba> anet. So, does virtualized openvpn servers need special parameter or what?
08:06 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:08 -!- derRichard [~derRichar@pippin.sigma-star.at] has joined #openvpn
08:08 < derRichard> hi
08:08 < derRichard> --reneg-sec is not pushable, correct?
08:09 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
08:12 -!- mystica555_ [~mystica55@71-218-28-140.hlrn.qwest.net] has joined #openvpn
08:13 -!- Netsplit *.net <-> *.split quits: clu5ter, deed02392, shio, tekzilla, BtbN, sillysausage
08:14 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
08:15 -!- mystica555 [~mystica55@174-16-111-227.hlrn.qwest.net] has quit [Ping timeout: 265 seconds]
08:16 -!- Netsplit over, joins: BtbN
08:18 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:20 -!- shio [shio@84.101.121.10] has joined #openvpn
08:20 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
08:20 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
08:32 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:58 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Ping timeout: 240 seconds]
09:00 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
09:06 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
09:09 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
09:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:11 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:15 -!- poseidon1157 [~kbaegis@38.104.27.26] has joined #openvpn
09:36 -!- shiriru [~shiriru@84.238.149.137] has quit [Ping timeout: 240 seconds]
09:38 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:45 < poseidon1157> Eugene Hey
09:57 -!- poseidon11571 [~kbaegis@38.104.27.26] has joined #openvpn
09:57 -!- poseidon1157 [~kbaegis@38.104.27.26] has quit [Ping timeout: 272 seconds]
09:57 < poseidon11571> If you guys know?
10:11 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:19 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:20 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
10:20 -!- riddle [riddle@us.yunix.net] has quit [Disconnected by services]
10:21 -!- riddle [riddle@us.yunix.net] has joined #openvpn
10:21 -!- Eagleman7 [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:21 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
10:21 -!- EugeneKay [eugene@kashpureff.org] has joined #openvpn
10:22 -!- APTX_ [~APTX@unaffiliated/aptx] has joined #openvpn
10:22 -!- zamber [~zamber@78.10.84.227] has quit [Ping timeout: 240 seconds]
10:22 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 240 seconds]
10:22 -!- valdikss [~valdikss@95.215.45.33] has quit [Ping timeout: 240 seconds]
10:22 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 240 seconds]
10:22 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Ping timeout: 240 seconds]
10:22 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 240 seconds]
10:22 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Ping timeout: 240 seconds]
10:22 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 240 seconds]
10:22 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]
10:22 -!- Eagleman7 is now known as Eagleman
10:22 -!- EugeneKay is now known as Eugene
10:22 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
10:22 -!- jesopo [jess@lolnerd.net] has joined #openvpn
10:22 -!- valdikss [~valdikss@95.215.45.33] has joined #openvpn
10:22 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
10:23 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
10:23 -!- mode/#openvpn [+o krzee] by ChanServ
10:30 -!- av6 [~av6@109.194.253.181] has quit [Ping timeout: 272 seconds]
10:31 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 250 seconds]
10:32 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:32 -!- poseidon1157 [~kbaegis@38.104.27.26] has joined #openvpn
10:33 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
10:34 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
10:34 -!- poseidon11571 [~kbaegis@38.104.27.26] has quit [Ping timeout: 264 seconds]
10:35 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
10:38 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
10:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:40 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
10:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:50 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has joined #openvpn
10:51 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:55 < goopen> Hi again, im trying to connect my computer to a remote home network just as if I was there. Would the best approach be to bridge the servers nic and also get an IP from the remote LANs DHCP server? Since I want to be able to access devices in that network, like printers, shares etc.
10:57 < DArqueBishop> goopen, unless you absolutely need to bridge, you should use tunnelling.
10:57 < DArqueBishop> !tunortap
10:57 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
10:57 <@vpnHelper> rooted/jailbroken) support only tun
10:57 < DArqueBishop> For example, I've never had problems accessing shares or printers on my home network when VPNed in, and I've always used tunnelling.
10:59 < goopen> DArqueBishop: sweet, but do who should give a client an ip? the remote lan or should it be handled by openvpn server?
10:59 < DArqueBishop> The OpenVPN server would assign the client an IP address.
10:59 < DArqueBishop> !howto
10:59 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror or (#3) Getting started with OpenVPN: https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
11:00 < goopen> Right thats my current setup - Im able to connect but id like to access the internet too but it doesnt work yet. :)
11:01 -!- poseidon1157 [~kbaegis@38.104.27.26] has quit [Ping timeout: 265 seconds]
11:12 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
11:15 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 272 seconds]
11:16 -!- dazo is now known as dazo_afk
11:18 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:19 -!- Red-Bull is now known as _Red-Bull
11:20 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:38 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
11:40 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
11:40 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
11:44 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:44 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
11:50 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 276 seconds]
11:54 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Ping timeout: 260 seconds]
11:55 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
12:02 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
12:10 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
12:11 -!- toli [~toli@109.128.250.107] has joined #openvpn
12:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:25 -!- Denial- [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has quit []
12:26 < goopen> DArqueBishop: Are broadcasts sent to clients aswell over the tunnel? For example I have Steam running at the remote network - which normally pics up "other" Steam clients in the network. But it doesnt appear to do so here.
12:27 < DArqueBishop> goopen: no.
12:28 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has joined #openvpn
12:29 < goopen> DArqueBishop: And its not possible to enable on tun?
12:31 < BtbN> broadcasts don't operate on layer 3.
12:32 < DArqueBishop> You would need special software to forward broadcasts.
12:32 < DArqueBishop> !bcast
12:32 <@vpnHelper> "bcast" is (#1) pptp source tree has bcrelay in it, bcrelay can be used to relay broadcasts over a tun setup or (#2) http://www.hanksoft.de/service/46-udpbroadcastforwarder seems to be a windows program for relaying bcast (use google translate if needed)
12:40 < goopen> I see, Alright.  thanks guys
12:54 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
12:56 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
13:11 -!- poseidon1157 [~kbaegis@38.104.27.26] has joined #openvpn
13:11 < poseidon1157> Hi all.  First of all, I keep getting disconnected from this channel, and only this channel
13:12 < poseidon1157> Second, openvpn is failing to establish TLS
13:12 < poseidon1157> It's not my certificates, it's not a firewall
13:12 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
13:12 < poseidon1157> I was able to successfully create a TLS session with openssl s_server/s_client
13:13 < poseidon1157> The error is "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)"
13:13 -!- somis [~somis@167.160.44.200] has joined #openvpn
13:13 < poseidon1157> Sanitizing logs, posting soon
13:13 < poseidon1157> Please help :)
13:19 -!- poseidon1157 [~kbaegis@38.104.27.26] has quit [Ping timeout: 276 seconds]
13:24 -!- poseidon1157 [~kbaegis@38.104.27.26] has joined #openvpn
13:24 < poseidon1157> Hi again
13:24 < poseidon1157> DCed again
13:24 < poseidon1157> http://pastebin.com/MQ8GqYQz
13:25 < poseidon1157> Here's the client-side issue from s_client to the same openvpn port:
13:25 < poseidon1157> 8054:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_lib.c:185:
13:25 < poseidon1157> I can't get one from the tomato router
13:25 < poseidon1157> But same validation error
13:28 -!- poseidon11571 [~kbaegis@38.104.27.26] has joined #openvpn
13:29 < poseidon11571> Okay, back
13:29 -!- poseidon11571 [~kbaegis@38.104.27.26] has left #openvpn []
13:29 -!- poseidon1157 [~kbaegis@38.104.27.26] has quit [Ping timeout: 240 seconds]
13:31 -!- somis [~somis@167.160.44.200] has quit [Quit: Leaving]
13:31 -!- poseidon1157 [~poseidon1@38.104.27.26] has joined #openvpn
13:31 < poseidon1157> Back again :/
13:31 < poseidon1157> So again, http://pastebin.com/MQ8GqYQz
13:32 < Eugene> Guess who's back, back again? Shady's back, tell a friend
13:32 < poseidon1157> :)
13:33 < Eugene> I see a server log, but not a client log.
13:33 < Eugene> AFAIK s_client/s_server aren't compatible with openvpn, so that's just silly to do
13:33 < poseidon1157> The client I'm using is viscosity
13:33 < poseidon1157> And I've also got a tomato router
13:33 < poseidon1157> Same issue
13:34 < Eugene> Well without a logfile there's not much to say other than 'it's broke'
13:34 < poseidon1157> Really I was trying to validate the certificates
13:34 < Eugene> !configs
13:34 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:34 < Eugene> That might be helpful too, but logs are key
13:34  * Eugene disappears to lunch
13:35 < mystica555_> Eugene: so i just went from crosby stills nash to eminem due to your lyric. thanks. ;p
13:35 < mystica555_> (yay spotify)
13:36 < poseidon1157> http://pastebin.com/eTQTxdxB
13:36 < poseidon1157> I'll work on client logs
13:37 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:40 -!- somis [~somis@167.160.44.210] has joined #openvpn
13:53 < poseidon1157> There ya go.  Client log:
13:54 < poseidon1157> http://pastebin.com/wrA6S7MD
13:55 < poseidon1157> Server log:
13:55 < poseidon1157> http://pastebin.com/9Yz0zabM
13:58 < poseidon1157> In either case, TLS simply isn't occurring.  And I've established that it isn't an openssl/cert issue
14:00 < poseidon1157> Client conf: http://pastebin.com/s1842kcv
14:04 < poseidon1157> The option strings match too
14:04 < poseidon1157> No variance, expected and sent match
14:05 < poseidon1157> I'll get a packet capture too I suppose :/
14:07 < Eugene> Hmmm that looks matchy-matchy
14:07 < poseidon1157> Right?
14:07 < poseidon1157> Well, I have a packet capture from the server now
14:07 < Eugene> It'll be obvious once you find it
14:07 < Eugene> But I don't see it
14:08 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 276 seconds]
14:09 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:14 < poseidon1157> Umm
14:14 < poseidon1157> Hmm
14:15 < poseidon1157> Here I have a PPPoE payload length incongruity
14:15 < poseidon1157> 54 instead of 72
14:15 < poseidon1157> Could my ISP be malforming packets?
14:16 < Eugene> That could be
14:16 < poseidon1157> How does one reduce the fragmentation size?
14:16 < poseidon1157> In an openvpn config?
14:17 < Eugene> See --mtu-test and friends
14:17 < poseidon1157> My dumb ISP does ethernet->VLAN->PPPoE->PPP->IPv4->tcp.  They're lonnnng headers
14:17 < Eugene> You poor bastard
14:18 -!- milky [~discovery@textual/developer/mikeym] has quit [Quit: Textual IRC Client: www.textualapp.com]
14:18 < poseidon1157> Know what the default mtu is?
14:18 < poseidon1157> Gonna try subtracting 18 bits
14:25 < Eugene> Not off the top of my head
14:25 < Eugene> Try the test
14:28 -!- milky [~discovery@textual/developer/mikeym] has joined #openvpn
14:31 -!- _Red-Bull is now known as Red-Bull
14:38 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
14:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:39 < jerichowasahoax> Do I *have* to have keys for OpenVPN? Security isn't a chief concern in this particular case
14:40 < milky> jerichowasahoax this is probably relevant https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
14:40 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
14:41 < jerichowasahoax> milky: I'm asking if I can skip that. The single client connecting to the server has no other form of Internet access and I intend to restrict connection to its private LAN
14:43 < milky> Ah, thought you were referring to a PKI setup, not any key at all
14:43 < milky> Not sure
14:45 -!- poseidon11571 [~poseidon1@38.104.27.26] has joined #openvpn
14:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:46 < jerichowasahoax> seems like keys are too tightly tied into openvpn, at least from what the howto reads
14:46 < jerichowasahoax> ah well, it ain't like generating keys will kill me
14:46 < Eugene> jerichowasahoax - nope, you can run totally unencrypted if you really want
14:46 < Eugene> !noenc
14:46 <@vpnHelper> "noenc" is (#1) if you're going to disable encryption, you might as well build a GRE tunnel or (#2) Reference --cipher in the manpage (--auth may also be useful to review)
14:47 -!- poseidon1157 [~poseidon1@38.104.27.26] has quit [Ping timeout: 260 seconds]
15:10 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
15:15 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:17 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 252 seconds]
15:22 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
15:30 -!- thumbs [1000@unaffiliated/thumbs] has quit [Ping timeout: 240 seconds]
15:33 < poseidon11571> Hey Eugene, sorry but how do I run mtu-test?
15:33 < poseidon11571> I'm across the internet from my server.
15:34 < Eugene> !man
15:34 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
15:34 < Eugene> ;-)
15:37 < poseidon11571> Just want to validate one thing:  You can have an alternative server be your CA right?  OpenVPN doesn't require that it be the CA itself
15:42 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
15:45 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
15:49 -!- frank- [1000@unaffiliated/thumbs] has joined #openvpn
15:50 -!- frank- is now known as thumbs
15:54 < Eugene> openvpn doesn't care about the CA beyond validity checks
15:54 < poseidon11571> Eugene good to know
15:54 < Eugene> The easy-rsa tool set will help you set up a new PKI/CA, but you can use anything you want, so long as its valid and has the constraints openvpn needs
15:55 < Eugene> Eg, non-expired, and has the server or client flag set
15:57 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
16:02 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
16:03 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
16:07 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:14 < poseidon11571> So how do I run noenc?
16:14 < poseidon11571> cipher noenc?
16:18 < poseidon11571> I give up.  It's frankly unusable, and I don't know why.
16:18 < poseidon11571> The logs give me no useful information whatsoever, even at verb 9
16:19 < poseidon11571> Just "didn't happen to authenticate" *whistles*
16:26 -!- poseidon11571 [~poseidon1@38.104.27.26] has left #openvpn []
16:38 < Eugene> If you'd bothered to hang around, it's "cipher none" and "auth none"
16:38 < Eugene> But who wants to be patient!
16:52 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 240 seconds]
17:02 -!- albercuba [~albercuba@p578070da.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
17:02 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:20 -!- cm_ [~chris@2a01:e34:ef30:94f1:611a:c3a1:5581:b02d] has joined #openvpn
17:33 -!- cm_ [~chris@2a01:e34:ef30:94f1:611a:c3a1:5581:b02d] has quit [Quit: cm_]
18:03 -!- toli [~toli@109.128.250.107] has quit [Read error: Connection reset by peer]
18:13 -!- toli [~toli@109.128.250.107] has joined #openvpn
18:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:05 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
19:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
20:03 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 265 seconds]
20:18 -!- somis [~somis@167.160.44.210] has quit [Read error: Connection reset by peer]
21:41 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
21:47 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:31 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
23:47 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
23:52 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
--- Day changed Thu Nov 12 2015
00:00 -!- ShadniX [dagger@p5794120E.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:00 -!- ShadniX [dagger@p5DDFC27E.dip0.t-ipconnect.de] has joined #openvpn
00:13 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:26 -!- Telvana [~digits@raven-security.com] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
00:34 -!- Telvana [~digits@2a04:1980:3100:1aab:e61d:2dff:fe29:fc40] has joined #openvpn
00:37 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 255 seconds]
00:46 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
00:57 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
00:59 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:59 -!- mode/#openvpn [+o mattock1] by ChanServ
01:05 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
01:05 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
01:10 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
01:13 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 250 seconds]
01:14 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
01:17 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Read error: Connection reset by peer]
01:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
01:18 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
01:21 -!- riddle [riddle@us.yunix.net] has quit [Ping timeout: 250 seconds]
01:21 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 250 seconds]
01:21 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 250 seconds]
01:22 -!- linear [~L@unaffiliated/linear] has quit [Remote host closed the connection]
01:22 -!- linear [~L@unaffiliated/linear] has joined #openvpn
01:23 -!- riddle [riddle@us.yunix.net] has joined #openvpn
01:23 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
01:26 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
01:26 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
01:27 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 246 seconds]
01:39 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
01:40 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit []
01:47 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
01:52 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 240 seconds]
01:56 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
01:59 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
02:01 -!- toli [~toli@109.128.250.107] has quit [Ping timeout: 246 seconds]
02:03 -!- toli [~toli@109.128.250.107] has joined #openvpn
02:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:10 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:16 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
02:16 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:34 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
02:35 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
02:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:13 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Read error: Connection reset by peer]
03:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:22 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:19 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 260 seconds]
04:22 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Quit: ZNC - http://znc.in]
04:25 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
04:36 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Ping timeout: 246 seconds]
04:42 -!- dazo_afk is now known as dazo
04:43 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:05 -!- ashka [~postmaste@pdpc/supporter/active/ashka] has joined #openvpn
05:09 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 244 seconds]
05:11 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
05:29 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Remote host closed the connection]
05:39 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:45 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
05:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:08 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
06:11 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
06:29 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:33 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:58 -!- cm_ [cm@datura.ielf.org] has joined #openvpn
07:09 -!- phutchins [~philip@96.91.128.250] has joined #openvpn
07:31 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Ping timeout: 250 seconds]
07:32 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
07:40 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:42 -!- master_of_master [~master_of@p4FD7BEBB.dip0.t-ipconnect.de] has joined #openvpn
07:42 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:45 -!- master_o1_master [~master_of@p4FF24065.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
07:46 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:00 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
08:03 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
08:03 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 272 seconds]
08:05 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
08:08 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
08:30 -!- cm_ [cm@datura.ielf.org] has quit [Quit: leaving]
08:33 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
09:17 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 244 seconds]
09:17 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Ping timeout: 264 seconds]
09:20 -!- shiriru [~shiriru@84.238.149.137] has joined #openvpn
09:23 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
09:32 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Ping timeout: 265 seconds]
09:34 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:37 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Client Quit]
09:41 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
09:43 < Dr-007> hey guys. question, what if i've got 3 openvpn servers running on 3 seperate pc's with the same IP and range/subnet. (lets say they al got Ip 172.16.0.1 and their range starts at 172.16.0.2 and end at 17.16.0.10). i've got 1 openvpn client that connected to all 3 openvpn servers. how can i make sure i'm connecting to the right OpenVPN server client?
09:43 < Dr-007> or is this something i should avoid
09:50 -!- shiriru [~shiriru@84.238.149.137] has quit [Quit: Leaving]
09:57 <@dazo> Dr-007: conflicting IP ranges is something you should ALWAYS avoid
09:58 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:02 < Dr-007> dazo, i was trying to think of an argument like "but openvpn is not a normal network" but it actually is, right?
10:02 < Dr-007> so i must make sure people vpn servers can not conflict in their ip ranges
10:03 <@dazo> Dr-007: You should look at OpenVPN as a virtual network cable ... in many ways it is very much like any normal network
10:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
10:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:03 < Dr-007> ok, thanks
10:04 < Dr-007> and what do you recommend? creating a different CA for every server?
10:04 < Dr-007> of share the CA over the 3 servers?
10:05 < Dr-007> *share one CA over 3 openvpn servers?
10:05 <@dazo> Dr-007: no, that's not needed ... just use separate IP ranges for each VPN config, they can very much share the same CA if you want all your clients to be accepted on all of your server ports
10:09 < Dr-007> ok, ne last question; i've been reading upon creating scripts that will be triggered via openvpn-client.conf. the endgoal is to hop to the next openvpn server if the client detects that it can not connect to the an openvpn server. is there a better / easier way to do this? or should i stick to the scripts via client-openvpn.conf?
10:10 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
10:14 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:16 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:23 -!- toli [~toli@109.128.250.107] has quit [Ping timeout: 246 seconds]
10:26 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:26 -!- toli [~toli@ip-62-235-221-243.dsl.scarlet.be] has joined #openvpn
10:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:31 -!- bakhtiya [~me@office.addictivemobility.com] has joined #openvpn
10:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
10:34 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
10:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:36 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
10:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:44 -!- monster^ [~monster@unaffiliated/monster/x-2037710] has left #openvpn ["Leaving..."]
10:48 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:07 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:08 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:17 <@dazo> Dr-007: you can add multiple --remote options in your config, and the client will go to the next one if it can't get a connection ... combine that with --remote-random, and you'll have some kind of simple load balancing
11:18 <@dazo> Dr-007: also search up <connection> in the man page, it'll give you some more clues what you can do
11:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:39 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
12:08 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:23 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Read error: Connection reset by peer]
12:28 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:36 -!- manitu [~manitu@2a01:4f8:131:5169::2] has quit [Ping timeout: 250 seconds]
12:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:48 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds]
12:49 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 272 seconds]
12:50 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
12:53 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
13:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
13:45 -!- somis [~somis@167.160.44.210] has joined #openvpn
14:06 -!- dazo is now known as dazo_afk
14:08 -!- noecc [~irc@unaffiliated/noecc] has quit [Remote host closed the connection]
14:11 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:17 -!- phutchins [~philip@96.91.128.250] has quit [Ping timeout: 260 seconds]
14:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
14:32 -!- stigmagr1 [025552c7@gateway/web/freenode/ip.2.85.82.199] has joined #openvpn
14:33 < stigmagr1> hello everyone I would like to ask some questions regarding openvpn if possible please
14:34 < stigmagr1> is it possible to setup openvpn in order to let clients choose what public ip they want to use ?
14:45 < stigmagr1> is anyone here? :s
14:51 <@ecrist> stigmagr1: people are here
14:51 <@ecrist> you want to hand out public IPs?
14:51 < stigmagr1> I have a server with 3 /26 subnets
14:52 < stigmagr1> all configured on various interfaces
14:52 < stigmagr1> I would like to setup an openvpn server and make it so the client can decide what public ip he would get
14:52 < stigmagr1> is that possible?
14:52 <@ecrist> Yes, but there's no mechanism in OpenVPN to do that directly.
14:53 <@ecrist> You'd have to write some sort of --client-connect script that did some sort of argument handling.
14:53 <@ecrist> Something like the user logs in to a web page, selects what IP he wants, saves that, and from then on the vpn server would assign that IP to that user
14:54 < stigmagr1> I do not want the user to always receive the same ip address
14:54 < stigmagr1> for example
14:54 < stigmagr1> in my server I have a squid server at the moment
14:54 < stigmagr1> by defining xxx.xxx.xxx.51 for example on the browser
14:54 < stigmagr1> the user uses that public ip to access the internet
14:55 < stigmagr1> but the proxy is not good anylonger
14:55 < stigmagr1> so I am thinking to use a vpn server instead
14:55 < stigmagr1> is this configuration possible with openvpn?
14:55 -!- Amnez777 [~Amnez777@unaffiliated/amnez777] has quit [Ping timeout: 250 seconds]
14:55 <@ecrist> I'm not clear what you're really trying to do.
14:56 -!- timmu [~M@109-125-191-90.dyn.estpak.ee] has quit [Ping timeout: 265 seconds]
14:56 < stigmagr1> I would my clients to access the internet using a randomly selected IP address from my 3 /26 subnets
14:56 <@ecrist> that's completely different that your initial question
14:56 < stigmagr1> and I do not want any user to have the same ip at a time
14:57 < stigmagr1> I did not clarify my initial question well enough then I am sorry
14:57 <@ecrist> well, you said you want your user to be able to choose their IP
14:57 <@ecrist> now you want a random IP
14:57 <@ecrist> yes, that's doable.
14:57 <@ecrist> again, --client-connect script can handle that for you
14:57 < stigmagr1> but that random ip should never be the same for different users
14:58 < stigmagr1> so I should search for --client-connect scripting
14:58 < stigmagr1> is that configuration possible using openvpn access server?
14:59 <@ecrist> not sure about access server, you'll have to ask them
14:59 <@ecrist> !as
14:59 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
14:59 <@ecrist> the client connect script is a script you'll have to write yourself.
14:59 < stigmagr1> I am already at that channel :)
15:00 < stigmagr1> and how would that script interruct with openvpn?
15:00 <@ecrist> !man
15:00 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
15:00 <@ecrist> !client-connect
15:00 <@vpnHelper> "client-connect" is --client-connect <script>, runs script on client connection. This can be useful for generating firewall rules dynamicly, or for assigning static ips. This can do anything that a ccd (see !ccd) entry can do, but dynamicly... to use it that way, you should write your dynamic ccd commands to the file named by $1.
15:00 <@ecrist> !book
15:00 <@vpnHelper> "book" is (#1) http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2! or (#2) Jan and Eric's Mastering OpenVPN: https://www.packtpub.com/networking-and-servers/mastering-openvpn
15:01 < stigmagr1> ok I am going to read :)
15:01 < stigmagr1> thanks for the info mate
15:07 -!- stigmagr1 [025552c7@gateway/web/freenode/ip.2.85.82.199] has quit [Quit: Page closed]
15:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:20 -!- extri [~extri@162.217.250.127] has joined #openvpn
15:21 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
15:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:24 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Client Quit]
15:26 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:30 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
15:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:32 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
15:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:35 -!- extri [~extri@162.217.250.127] has quit [Quit: leaving]
15:36 -!- extri [~extri@162.217.250.127] has joined #openvpn
15:36 -!- extri [~extri@162.217.250.127] has quit [Client Quit]
15:37 -!- extri [~extri@162.217.250.127] has joined #openvpn
15:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:44 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
15:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:06 -!- fred`` [fred@earthli.ng] has joined #openvpn
16:07 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
16:07 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 272 seconds]
16:09 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
16:11 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
16:14 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
16:23 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
16:37 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:45 -!- extri [~extri@162.217.250.127] has quit [Quit: leaving]
16:51 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:51 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
16:56 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:57 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has joined #openvpn
17:17 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:18 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:22 -!- milky [~discovery@textual/developer/mikeym] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:22 -!- milky [~discovery@textual/developer/mikeym] has joined #openvpn
17:27 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
17:29 -!- hadi [~Instantbi@31.59.59.120] has joined #openvpn
17:39 -!- thumbs [1000@unaffiliated/thumbs] has quit [Remote host closed the connection]
17:39 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
17:56 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 240 seconds]
17:56 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 240 seconds]
17:58 -!- Haseo [~Haseo@aufrinfo.net] has quit [Ping timeout: 246 seconds]
17:58 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
17:58 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Ping timeout: 246 seconds]
18:00 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
18:00 -!- Haseo [~Haseo@aufrinfo.net] has joined #openvpn
18:01 -!- varesa [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
18:03 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
18:03 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
18:16 -!- phutchins [~philip@99-39-102-241.lightspeed.tukrga.sbcglobal.net] has quit [Ping timeout: 264 seconds]
18:27 -!- hadi [~Instantbi@31.59.59.120] has quit [Remote host closed the connection]
18:41 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:05 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
19:08 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
19:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
19:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
19:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:45 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has quit [Ping timeout: 240 seconds]
20:06 -!- somis [~somis@167.160.44.210] has quit [Quit: Leaving]
20:22 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Read error: Connection reset by peer]
20:27 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
20:30 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
20:30 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 240 seconds]
20:32 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
20:32 -!- Tykling [tykling@89.233.43.74] has quit [Ping timeout: 264 seconds]
20:40 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 264 seconds]
20:40 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 264 seconds]
20:40 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
20:40 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
20:41 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 264 seconds]
20:42 -!- Netsplit *.net <-> *.split quits: Darkwell, _FBi, derRichard, veverak, nemysis, lxusrbin, funnel
20:43 -!- Netsplit over, joins: funnel
20:47 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
20:47 -!- lxusrbin_ [~lxusrbin@scotty.fr0st.it] has joined #openvpn
20:47 -!- lxusrbin_ is now known as lxusrbin
20:49 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
20:49 -!- derRichard [~derRichar@pippin.sigma-star.at] has joined #openvpn
20:49 -!- veverak [~squirrel@ip-89-102-104-133.net.upcbroadband.cz] has joined #openvpn
20:49 -!- veverak [~squirrel@ip-89-102-104-133.net.upcbroadband.cz] has quit [Ping timeout: 264 seconds]
20:50 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
21:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
21:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Quit: sigsts]
21:06 -!- fling [~fling@fsf/member/fling] has joined #openvpn
21:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
21:25 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
21:26 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
21:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:42 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:47 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
22:49 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
22:50 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:50 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
22:50 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
22:52 -!- Telvana [~digits@2a04:1980:3100:1aab:e61d:2dff:fe29:fc40] has quit [Ping timeout: 250 seconds]
22:53 -!- Telvana [~digits@185.21.217.56] has joined #openvpn
23:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
23:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
--- Day changed Fri Nov 13 2015
00:00 -!- ShadniX [dagger@p5DDFC27E.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
00:01 -!- ShadniX [dagger@p5DDFC5EE.dip0.t-ipconnect.de] has joined #openvpn
00:18 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:30 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
00:34 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
00:36 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
01:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
01:06 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:50 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
01:52 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
01:59 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
02:00 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:00 -!- mode/#openvpn [+o mattock1] by ChanServ
02:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:18 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:19 -!- ade_b [~Ade@redhat/adeb] has quit [Read error: Connection reset by peer]
02:23 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
02:24 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Read error: Connection reset by peer]
02:31 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
02:38 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Read error: Connection reset by peer]
02:44 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
02:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:54 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
02:57 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:58 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:01 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
03:08 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:10 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
03:17 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:41 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
03:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:48 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:52 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:12 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:13 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
04:24  * mete waiting for openvpn 2.4 with aes-ni support :)
04:29 -!- albercuba [~albercuba@p57804459.dip0.t-ipconnect.de] has joined #openvpn
04:29 < albercuba> Hello everyone. Is there a way to display a banner when someone connects to a vpn server?
04:29 < albercuba> openvpn
04:30 < BtbN> a banner?
04:30 < albercuba> BtbN, yes, when you connect to openvpn in the status windows it shows lots of information, I want to show also a banner
04:31 < albercuba> not image
04:31 < albercuba> just text
04:31 < BtbN> No idea what status window you mean, but OpenVPN does not link against X, and that would be a kinda pointless dependency just for some advertisements.
04:32 < albercuba> BtbN, for windows users, when they execute the gui to connect to an openvpn server you can see a status windows
04:32 < albercuba> and that windows shows lots of info regarding the connection
04:33 < BtbN> That Window must be some external application.
04:33 < albercuba> no it is not
04:35 < albercuba> do u use linux or windows?
04:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:35 < albercuba> in linux you see as well
04:35 < albercuba> when i run openvpn from the command line as a client
04:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:41 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:43 -!- dazo_afk is now known as dazo
04:50 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:57 -!- albercuba [~albercuba@p57804459.dip0.t-ipconnect.de] has quit [Quit: Leaving]
05:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:24 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:26 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
05:27 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
05:28 -!- Kingsy [~chris@unaffiliated/kingsy101] has joined #openvpn
05:33 -!- albercuba [~root@p57804459.dip0.t-ipconnect.de] has joined #openvpn
05:33 < albercuba> exit
05:34 -!- albercuba [~root@p57804459.dip0.t-ipconnect.de] has quit [Client Quit]
05:43 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 240 seconds]
05:46 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
06:15 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:21 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit []
06:25 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
06:30 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
06:49 -!- DrCode [~DrCode@5.28.134.3] has quit [Read error: Connection reset by peer]
06:56 < Kingsy> when you are connected to a vpn do you always hhave to add a route on the client side to get access to the server side local ips?
07:01 < Kingsy> sorry.. just saw the documentation on that part.. my bad.. got it
07:08 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
07:20 <@ecrist> Kingsy: you don't have to, but the VPN is of little utility if you're not pointing any traffic at the tunnel.
07:22 < Kingsy> yeah sorted it.
07:22 < Kingsy> everything just started "working"
07:22 < Kingsy> heh
07:23 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
07:28 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
07:29 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 276 seconds]
07:42 -!- master_o1_master [~master_of@p4FD7BDB3.dip0.t-ipconnect.de] has joined #openvpn
07:45 -!- master_of_master [~master_of@p4FD7BEBB.dip0.t-ipconnect.de] has quit [Ping timeout: 265 seconds]
07:49 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
07:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
07:58 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:01 -!- GFXDude [~GFXDude@ciscoasa.ecrsoft.com] has quit []
08:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
08:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:25 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
08:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:31 -!- DrCode [~DrCode@5.28.134.3] has quit [Read error: Connection reset by peer]
08:36 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
08:38 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
08:40 -!- Paruza_ [~Paruza@c-50-171-130-111.hsd1.mn.comcast.net] has joined #openvpn
08:40 < Paruza_> is there a packet loss counter for openvpn that can be gotten?
08:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
08:43 <@plaisthos> no
08:43 <@plaisthos> not out of the box
08:43 <@plaisthos> you may be able to hack the code which check packet sequence numbers to count lost packets
08:48 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:49 < Paruza_> ok thanks
09:05 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:10 -!- sillysau1 [~sillysaus@79.172.193.80] has joined #openvpn
09:12 -!- varesa is now known as varesa_
09:13 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
09:20 -!- dmilith is now known as dmilith2
09:21 -!- dmilith2 is now known as dmilith
09:23 -!- Paruza_ [~Paruza@c-50-171-130-111.hsd1.mn.comcast.net] has quit [Quit: Leaving]
09:35 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
09:59 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has joined #openvpn
10:06 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
10:07 < Eugene> !download
10:07 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
10:07 -!- sillysau1 [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
10:15 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
10:17 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:20 < Eugene> !winshortcut
10:20 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0
10:24 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
10:24 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
10:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
10:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:48 -!- bf_ [~bf_@xdsl-89-0-105-112.netcologne.de] has joined #openvpn
10:54 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-wxixpjtmrkzuduue] has quit [Quit: Connection closed for inactivity]
10:56 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
10:56 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
11:00 -!- quenode [~quenode@cable-89-216-16-150.static.sbb.rs] has quit [Quit: Leaving]
11:06 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
11:10 -!- sillysausage [~sillysaus@2001:44b8:279:b001::20] has joined #openvpn
11:10 -!- sillysausage [~sillysaus@2001:44b8:279:b001::20] has quit [Client Quit]
11:10 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
11:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Quit: sigsts]
11:30 -!- poseidon1157 [~poseidon1@38.104.27.26] has joined #openvpn
11:30 < poseidon1157> So looking through packet captures, I'm finding that the server's response gets dropped.
11:31 < poseidon1157> From the client's perspective it's unidirectional
11:31 < poseidon1157> So that's what was going on for me
11:31 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:31 < poseidon1157> Must be a firewall policy here on the remote end that I don't control
11:31 < poseidon1157> Just if anyone was curious :)
11:33 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
11:35 < Eugene> And you said it wasn't the firewall ;-)
11:43 -!- poseidon1157 [~poseidon1@38.104.27.26] has quit [Ping timeout: 240 seconds]
11:49 -!- poseidon1157 [~poseidon1@38.104.27.26] has joined #openvpn
11:50 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
11:53 < poseidon1157> Eugene Well, it wasn't my firewall anyway :)
11:53 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
11:54 < poseidon1157> Eugene There must be an on-site one here that I was not told about.
11:54 < poseidon1157> ls
11:54 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
11:54 < Eugene> rm -rf /
11:54 < poseidon1157> Eugene thanks.
11:55 < Eugene> Any time
11:55 -!- poseidon1157 [~poseidon1@38.104.27.26] has quit [Quit: Leaving.]
11:57 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:59 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
12:02 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
12:35 -!- somis [~somis@167.160.44.210] has joined #openvpn
12:38 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ssuvvcwwpdtccjfi] has joined #openvpn
12:46 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:47 -!- dazo is now known as dazo_afk
12:50 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
13:01 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
13:23 -!- bf_ [~bf_@xdsl-89-0-105-112.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
13:25 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:34 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
14:12 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
14:21 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
14:28 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:30 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:43 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 265 seconds]
14:47 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
14:51 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
15:25 -!- somis [~somis@167.160.44.210] has quit [Quit: Leaving]
15:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
15:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
15:36 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: llorephie]
15:45 -!- somis [~somis@167.160.44.208] has joined #openvpn
15:52 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 260 seconds]
15:54 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
15:54 -!- tamazaki [~tamazaki@95.85.35.109] has quit [Ping timeout: 244 seconds]
16:08 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:10 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
16:13 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
16:36 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
17:05 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:06 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:25 -!- zylinx [uid43406@gateway/web/irccloud.com/x-hibuvtkdzhpfnloq] has joined #openvpn
17:25 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
17:29 < zylinx> hey, when using openvpn, how are DNS nameservers configured and how can i modify these entries myself ?
17:29 < zylinx> it's really confusing me
17:29 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has joined #openvpn
17:30 < zylinx> if i use openvpn normally everything works fine, but if i tunnel it over SSL/SSH i cant resolve any hostnames
17:32 < ke4nhw> Quick question: I'm very new to openvpn and I need to test configurations (server and client) before I send the configs out to my users. Can I test with computers here in the house  as long as the server (Linux) and the client (Windows) are on separate subnets and vlan's, so they can't see each other? I'd set the client to my IP and allow my router to forward the incoming openvpn connection
17:32 < ke4nhw> to the server. Or does the test have to be done from a completely remote machine that is outside of the house (the client having to come from a different WAN IP than the server is on)?
18:34 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:47 -!- somis [~somis@167.160.44.208] has quit [Quit: Leaving]
18:49 -!- extri [~extri@162.217.250.127] has joined #openvpn
18:53 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
19:00 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:00 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:04 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit []
19:13 -!- extri [~extri@162.217.250.127] has quit [Quit: leaving]
19:53 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
20:12 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 255 seconds]
20:13 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
20:14 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
20:15 -!- CGML [~CGML@unaffiliated/cgml] has quit [Ping timeout: 246 seconds]
20:15 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
20:21 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:59 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
21:00 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
21:01 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Client Quit]
21:01 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
21:09 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
21:21 -!- zylinx [uid43406@gateway/web/irccloud.com/x-hibuvtkdzhpfnloq] has quit [Quit: Connection closed for inactivity]
21:22 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
21:31 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
21:32 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
22:01 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
22:01 < Terminus> hello. anybody using openvpn server on digital ocean with floating ip addresses? openvpn is not responding to me when i try to connect via the floating address but if i connect directly, it works. openvpn is listening on 0.0.0.0:1194. any idea why?
22:21 -!- toli [~toli@ip-62-235-221-243.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
22:24 < Terminus> welp, turns out it might be because udp doesn't work over floating ip addresses.
22:26 -!- toli [~toli@ip-62-235-221-243.dsl.scarlet.be] has joined #openvpn
22:28 -!- joako [~joako@opensuse/member/joak0] has quit [Max SendQ exceeded]
22:28 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
22:49 -!- joako [~joako@opensuse/member/joak0] has quit [Quit: quit]
22:52 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
22:55 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
22:57 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
23:01 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
23:12 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
23:14 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 240 seconds]
23:18 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:19 -!- MrPocketz [~John@unaffiliated/mrpockets] has joined #openvpn
23:19 -!- Netsplit *.net <-> *.split quits: Netas3k, Telvana, MrPockets, kantlivelong, catsup, chantra, swebb, funnel, @mattock, Nomads,  (+1 more, use /NETSPLIT to show all of them)
23:19 -!- Netsplit over, joins: mattock
23:19 -!- mode/#openvpn [+o mattock] by ChanServ
23:20 -!- Tenhi_0 [~tenhi@178.18.241.180] has joined #openvpn
23:22 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
23:23 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
23:23 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
23:35 -!- Tenhi_0 is now known as Tenhi_
23:35 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
23:37 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 244 seconds]
23:47 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:52 -!- appro [~appro@gentoo/user/appro] has quit [Disconnected by services]
23:54 -!- abra0_ [abra0@unaffiliated/abra0] has joined #openvpn
23:56 -!- SoreGums_ [sid22927@gateway/web/irccloud.com/x-loxrfidapphhdprx] has joined #openvpn
23:56 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 250 seconds]
23:56 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ssuvvcwwpdtccjfi] has quit [Ping timeout: 250 seconds]
23:56 -!- milky [~discovery@textual/developer/mikeym] has quit [Ping timeout: 250 seconds]
23:56 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has quit [Ping timeout: 250 seconds]
23:56 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 250 seconds]
23:56 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
23:56 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-hjksuxuywegnkqgs] has quit [Ping timeout: 250 seconds]
23:56 -!- Ssquidly [~squidly@buttle.nnx.com] has quit [Ping timeout: 250 seconds]
23:56 -!- varesa_ [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 250 seconds]
23:56 -!- abra0 [abra0@unaffiliated/abra0] has quit [Ping timeout: 250 seconds]
23:56 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 250 seconds]
23:56 -!- typ [~quassel@unaffiliated/typ] has quit [Ping timeout: 250 seconds]
23:56 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 250 seconds]
23:56 -!- krthnz [~krthnz@unaffiliated/krthnz] has quit [Ping timeout: 250 seconds]
23:56 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
23:56 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 250 seconds]
23:56 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
23:56 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 250 seconds]
23:56 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has quit [Ping timeout: 250 seconds]
23:56 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 250 seconds]
23:56 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 250 seconds]
23:56 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 250 seconds]
23:56 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 250 seconds]
23:56 -!- manitu [~manitu@2a01:4f8:131:5169::2] has quit [Ping timeout: 250 seconds]
23:56 -!- abra0_ is now known as abra0
23:56 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
23:56 -!- ketas- [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
23:56 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
23:56 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
23:56 -!- iNs_ [~ins@85.17.164.26] has joined #openvpn
23:56 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
23:56 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
23:57 -!- milky [~discovery@textual/developer/mikeym] has joined #openvpn
23:57 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
23:57 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has joined #openvpn
23:57 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
23:57 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:57 -!- mode/#openvpn [+o mattock] by ChanServ
23:57 -!- varesa_ [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
23:58 -!- ShadniX [dagger@p5DDFC5EE.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:58 -!- Ssquidly [~squidly@buttle.nnx.com] has joined #openvpn
23:58 -!- SoreGums_ is now known as SoreGums
23:59 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
--- Day changed Sat Nov 14 2015
00:00 -!- haasn [~haasn@static.102.126.46.78.clients.your-server.de] has joined #openvpn
00:00 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 252 seconds]
00:00 -!- ShadniX [dagger@p57941F10.dip0.t-ipconnect.de] has joined #openvpn
00:04 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-qpipbsebtqupxjgm] has joined #openvpn
00:04 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
00:11 < Terminus> anybody here using the android openvpn client? the route i'm pushing isn't being added to the routing table.
00:14 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
00:15 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
00:15 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
00:20 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
00:21 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 244 seconds]
00:22 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
00:22 -!- mode/#openvpn [+o dazo] by ChanServ
00:22 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 244 seconds]
00:22 -!- gardar [~gardar@bnc.giraffi.net] has quit [Ping timeout: 244 seconds]
00:25 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 252 seconds]
00:25 -!- Buffman [~Buffman@my.irc-bit.ch] has quit [Ping timeout: 244 seconds]
00:25 -!- geniack [~geniack@unaffiliated/geniack] has quit [Ping timeout: 244 seconds]
00:25 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
00:25 -!- mode/#openvpn [+o pekster] by ChanServ
00:26 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
00:26 -!- Buffman [~Buffman@my.irc-bit.ch] has joined #openvpn
00:26 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
00:46 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has left #openvpn []
00:47 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
00:51 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:05 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
01:09 -!- baetheus [~brandon@null.pub] has quit [Ping timeout: 255 seconds]
01:09 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
01:09 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 255 seconds]
01:09 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Ping timeout: 255 seconds]
01:09 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
01:09 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 255 seconds]
01:09 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 255 seconds]
01:09 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
01:09 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
01:09 -!- mode/#openvpn [+o vpnHelper] by ChanServ
01:09 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 255 seconds]
01:09 -!- zamba [marius@flage.org] has quit [Ping timeout: 255 seconds]
01:09 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 255 seconds]
01:10 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
01:10 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
01:10 -!- doop [~doop@colostomy.club] has joined #openvpn
01:10 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
01:10 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
01:10 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
01:10 -!- mode/#openvpn [+v hazardous] by ChanServ
01:11 -!- zamba [marius@flage.org] has joined #openvpn
01:12 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
01:27 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Quit: Leaving]
01:30 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
01:45 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:52 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
02:24 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:25 -!- mode/#openvpn [+o mattock1] by ChanServ
02:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:47 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
02:50 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has joined #openvpn
02:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
02:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:39 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has quit [Ping timeout: 255 seconds]
03:40 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has joined #openvpn
03:46 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
04:13 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has quit [Ping timeout: 272 seconds]
04:17 -!- u0m3 [~u0m3@89.120.204.99] has quit [Quit: Leaving]
04:20 -!- Denial- [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has joined #openvpn
04:23 -!- JackWinter_ [~jack@vodsl-11049.vo.lu] has joined #openvpn
04:24 -!- XJR-9_ [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
04:24 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Killed (sinisalo.freenode.net (Nickname regained by services))]
04:24 -!- XJR-9_ is now known as XJR-9
04:24 -!- dan_j_ [sid21651@gateway/web/irccloud.com/x-entbkquriylijrxl] has joined #openvpn
04:24 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-qpipbsebtqupxjgm] has quit [Quit: Connection closed for inactivity]
04:25 -!- iokill [~dave@pippin.sigma-star.at] has joined #openvpn
04:25 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Disconnected by services]
04:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
04:25 -!- Champi_ [Champi@damn.e-leet.be] has joined #openvpn
04:25 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
04:25 -!- lxusrbin_ [~lxusrbin@scotty.fr0st.it] has joined #openvpn
04:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:25 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has quit [Ping timeout: 252 seconds]
04:25 -!- barq [sid103986@gateway/web/irccloud.com/x-tdqmucehuluxrsqb] has quit [Ping timeout: 252 seconds]
04:25 -!- solomon56 [~solomon56@steven.es] has quit [Ping timeout: 252 seconds]
04:25 -!- Champi [Champi@damn.e-leet.be] has quit [Ping timeout: 252 seconds]
04:25 -!- iokill_ [~dave@pippin.sigma-star.at] has quit [Ping timeout: 252 seconds]
04:25 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Ping timeout: 252 seconds]
04:25 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Ping timeout: 252 seconds]
04:25 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Ping timeout: 252 seconds]
04:25 -!- CrazyyMaxx [CrazyyMaxx@ns364484.ip-188-165-236.eu] has quit [Ping timeout: 252 seconds]
04:25 -!- jefferai [sid1300@kde/mitchell] has quit [Ping timeout: 252 seconds]
04:25 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 252 seconds]
04:25 -!- bpye [~quassel@unaffiliated/bpye] has quit [Ping timeout: 252 seconds]
04:25 -!- dan_j [sid21651@gateway/web/irccloud.com/x-bkazwwjobqgldkno] has quit [Ping timeout: 252 seconds]
04:25 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 252 seconds]
04:25 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 252 seconds]
04:25 -!- CrazyyMaxx [CrazyyMaxx@2001:41d0:2:b743::] has joined #openvpn
04:25 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
04:26 -!- bpye [~quassel@unaffiliated/bpye] has joined #openvpn
04:26 -!- Champi_ is now known as Champi
04:26 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
04:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:27 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has joined #openvpn
04:27 -!- Olipro_ is now known as Olipro
04:29 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
04:29 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:29 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Remote host closed the connection]
04:30 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 246 seconds]
04:30 -!- dan_j_ is now known as dan_j
04:31 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
04:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:32 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
04:36 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
04:36 -!- zylinx [uid43406@gateway/web/irccloud.com/x-roogljejtpkkivqg] has joined #openvpn
04:37 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
04:38 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
04:40 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
04:40 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
04:40 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
04:41 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
04:42 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
04:42 -!- somis [~somis@167.160.44.208] has joined #openvpn
04:44 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
04:45 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
04:46 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
04:48 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
04:48 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Remote host closed the connection]
04:49 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
04:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:50 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
04:52 -!- llorephie [~Thunderbi@static.117.193.46.78.clients.your-server.de] has joined #openvpn
04:53 -!- JackWinter_ [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
04:55 -!- llorephie1 [~Thunderbi@broadband-46-188-19-171.2com.net] has joined #openvpn
04:55 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
04:56 -!- llorephie [~Thunderbi@static.117.193.46.78.clients.your-server.de] has quit [Ping timeout: 252 seconds]
04:56 -!- llorephie1 is now known as llorephie
05:00 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:29 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
05:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:32 -!- Lope [~Lope@113.210.130.143] has joined #openvpn
05:32 < Lope> is there any inherant disadvantage in using a static key with OpenVPN? I only plan to use the connection very occasionally, for maintenance.
05:33 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
05:34 < NP-Hardass> Terminus: tap or tun?
05:34 -!- Terminus [~null@unaffiliated/terminus] has quit [Ping timeout: 260 seconds]
05:35 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
05:38 < llorephie> Tun
05:39 < llorephie> err... sorry
05:39 -!- llorephie [~Thunderbi@broadband-46-188-19-171.2com.net] has quit [Quit: llorephie]
05:45 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
05:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:54 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
05:57 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
06:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
06:14 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
06:15 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
06:17 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:19 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:20 -!- AlmogBaku [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
06:30 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
06:31 -!- Terminus [~null@unaffiliated/terminus] has quit [Ping timeout: 246 seconds]
06:33 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 260 seconds]
06:36 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
06:45 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
07:33 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
07:36 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 240 seconds]
07:41 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Ping timeout: 240 seconds]
07:42 -!- master_of_master [~master_of@p4FD7BBE6.dip0.t-ipconnect.de] has joined #openvpn
07:45 -!- master_o1_master [~master_of@p4FD7BDB3.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
07:47 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
07:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
07:49 -!- AlmogBaku [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:01 -!- Lope [~Lope@113.210.130.143] has quit [Ping timeout: 240 seconds]
08:24 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 244 seconds]
08:27 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
08:44 -!- Lope [~Lope@113.210.131.147] has joined #openvpn
09:20 -!- ntz [~jdoe@static-84-42-228-122.net.upcbroadband.cz] has joined #openvpn
09:20 < ntz> hello
09:21 < ntz> I was not setting up openvpn for quite so9me time ... can I request few instant answers ?
09:21 < ntz> 1) iirc I was always using tcp, not udp .... is tcp generally better ?
09:25 < mete> what applications are you using over the vpn ntz?
09:25 -!- pguima [18bf155a@gateway/web/freenode/ip.24.191.21.90] has joined #openvpn
09:25 < mete> if you're using tcp over the openvpn connection, you should always use udp for vpn
09:26 < mete> if you're using udp applications, the applications should have a built in option to determine lost pakets, also use udp
09:26 < pguima> Good Morning, is there any mod here that would be able to assist with an open ticket regarding licensing?
09:26 < mete> tcp is only for high loss connections good, otherwise tcp eats peformance
09:28 -!- Lope [~Lope@113.210.131.147] has quit [Quit: Leaving]
09:28 < pguima> nvm saw the openvpn-as room
09:28 < pguima> thx
09:28 -!- pguima [18bf155a@gateway/web/freenode/ip.24.191.21.90] has left #openvpn []
09:34 -!- arbos [~arbos@unaffiliated/arbos] has joined #openvpn
09:34 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 252 seconds]
09:40 -!- ketas- [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Ping timeout: 272 seconds]
09:42 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
09:51 < arbos> I'd like to bypass some geo-ip restrictions on a certain website, can I use openvpn route-nopull route website.ip. To only use the vpn on that website, will it leak the ip this way?
09:51 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:57 -!- ketas [~ketas@123-88-235-80.dyn.estpak.ee] has joined #openvpn
10:27 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
10:35 < ntz> pff. I'm geting Sat Nov 14 17:29:49 2015 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
10:35 < ntz> why ? could it be caused, that I have openvpn bound to the iface with two ip addresses ?
10:36 < ntz> I have ports open ofc (in iptables)
10:48 -!- ketas is now known as ketas-
10:51 -!- soLucien [~Lu@h209.natout.aau.dk] has joined #openvpn
10:51 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
10:52 < soLucien> hello guys ! I have an issue with my openvpn setup
10:52 < soLucien> so i have 2 ovpn clients at the moment, and a server
10:52 < soLucien> client 1 , my laptop, is able to ping the server. the server is able to ping back
10:52 < soLucien> client 2, a raspberry pi can ping the server
10:53 < soLucien> but the server cannot ping the raspberry pi
10:53 < soLucien> how is this even possible?
10:54 < soLucien> the clients can also ping each other
10:54 < soLucien> this is unbelievable
10:56 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
10:56 < CryptoSiD> hi !
10:56 < CryptoSiD> im having a little problem with client-connect client disconnect, im trying to:
10:56 < CryptoSiD> client-connect netsh interface ipv4 delete dnsserver "vEthernet (Internetz)" all
10:56 < CryptoSiD> client-disconnect netsh interface ipv4 set dns "vEthernet (Internetz)" static 192.168.2.1
10:56 < CryptoSiD> but it keep saying: Options error: the --client-connect directive should have at most 1 parameter
10:57 < CryptoSiD> using last version of openvpn
10:57 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
11:00 < CryptoSiD> my bad:D should use up and down
11:01 -!- debian_noob [7b3f913d@gateway/web/freenode/ip.123.63.145.61] has joined #openvpn
11:02 < debian_noob> !welcome
11:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
11:02 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:04 < zylinx> !mitm
11:04 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
11:04 < debian_noob> I would like to set up an OpenVPN server on my computer, which would then connect through a squid proxy server (with authentication) to the internet. So the connection would look something like :  Application-->VPN-->Squid Proxy-->Internet. Would it be possible?
11:10 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
11:10 -!- ketas- [~ketas@123-88-235-80.dyn.estpak.ee] has quit []
11:10 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
11:15 < CryptoSiD> well
11:15 < CryptoSiD> http://pastebin.com/fKCTtnMj
11:15 < CryptoSiD> i tryed all this, nothing work
11:23 -!- debian_noob [7b3f913d@gateway/web/freenode/ip.123.63.145.61] has quit [Ping timeout: 246 seconds]
11:51 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
12:29 -!- debian_noob [7b3f913d@gateway/web/freenode/ip.123.63.145.61] has joined #openvpn
12:29 < debian_noob> I would like to set up an OpenVPN server on my computer, which would then connect through a squid proxy server (with authentication) to the internet. So the connection would look something like :  Application-->VPN-->Squid Proxy-->Internet. Would it be possible?
12:31 < debian_noob> !poodle
12:31 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
12:31 < debian_noob> !ovpnuke
12:31 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
12:32 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
12:33 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
12:33 < debian_noob> Well, is there any way to do it?
12:35 -!- soLucien [~Lu@h209.natout.aau.dk] has quit [Ping timeout: 276 seconds]
12:41 < debian_noob> I would like to set up an OpenVPN server on my computer, which would then connect through a squid proxy server (with authentication) to the internet. So the connection would look something like :  Application-->VPN-->Squid Proxy-->Internet. Would it be possible?
13:01 -!- debian_noob [7b3f913d@gateway/web/freenode/ip.123.63.145.61] has quit [Ping timeout: 246 seconds]
13:12 -!- iNject [5c0dd32a@gateway/web/freenode/ip.92.13.211.42] has joined #openvpn
13:12 < iNject> Hello.
13:12 < iNject> !welcome
13:12 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:12 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:22 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-twxcowtnwcanksqi] has joined #openvpn
13:35 -!- iNject [5c0dd32a@gateway/web/freenode/ip.92.13.211.42] has quit [Quit: Page closed]
13:36 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Quit: foobar]
13:55 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
14:00 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
14:29 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
14:40 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 244 seconds]
14:43 -!- extri [~extri@162.217.250.127] has joined #openvpn
14:47 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
15:13 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
15:14 < jerichowasahoax> So what happens with the client if the server disappears? Does it try to reconnect itself or do I have to manually restart OpenVPN on the client?
15:31 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
15:32 < sillysausage> https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html#lbAS
15:32 <@vpnHelper> Title: OpenVPN 2.0.x (at openvpn.net)
15:33 < sillysausage> do those environmental variables work with IPv6
15:33 < sillysausage> in particular ${ifconfig_local}
15:34 < sillysausage> eg http://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#VPN_Tunnel_on_specific_subnet
15:34 <@vpnHelper> Title: Linux Router with VPN on a Raspberry Pi - Alpine Linux (at wiki.alpinelinux.org)
15:34 < sillysausage> i had set this up in regards to IPv4
15:34 < sillysausage> specifically: http://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#.2Fetc.2Fopenvpn.2Froute-up-fwmark.sh
15:34 <@vpnHelper> Title: Linux Router with VPN on a Raspberry Pi - Alpine Linux (at wiki.alpinelinux.org)
15:39 < sillysausage> I was thinking of going down this road http://imgh.us/network_diagram_ipv6_tunnel.svg
15:41 < sillysausage> the reason i ask is because in https://community.openvpn.net/openvpn/wiki/OpenVPN2.4 it says:
15:41 <@vpnHelper> Title: OpenVPN2.4 – OpenVPN Community (at community.openvpn.net)
15:42 < sillysausage> handle ipv6 payload over ipv6 transport, when the VPN server is inside the pushed IPv6 routes
15:42 < sillysausage>  *  discover IPv6 default gateway
15:42 < sillysausage>  *  install IPv6 route to VPN server via gateway
15:42 < sillysausage>  *  cleanup afterwards
15:42 < sillysausage> and i'm wondering if that even works at all
15:43 < sillysausage> * handle iroute-ipv6 and pushed route-ipv6 consistently with IPv4: do not send pushed routes to the very client that the iroute-ipv6 points to (local route confusion at client), also trac#354.
15:43 < sillysausage> maybe i do not understand and have read it wrong
15:45 -!- newbie|2 [~kvirc@103.43.82.123] has joined #openvpn
15:45 < newbie|2> Never used OpenVPN server. Only used SoftEther VPN server. Is there any limitation on how many users can connect on OpenVPN server which is available in CentOS?
15:48 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
15:51 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
15:51 -!- newbie|2 [~kvirc@103.43.82.123] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"]
16:13 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
16:14 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-twxcowtnwcanksqi] has quit [Quit: Connection closed for inactivity]
16:26 < jerichowasahoax> I'm asking both #gentoo and #openvpn because I'm not sure who's issue it is, but how come I can't get my client to access the internet through my VPN? https://bpaste.net/show/e8c40a00be89
16:28 -!- extri [~extri@162.217.250.127] has quit [Ping timeout: 244 seconds]
16:30 < jerichowasahoax> The connection server-side works, and intra-VPN communication (`ping 172.24.16.X`) works fine
16:34 < jerichowasahoax> ...apparently my default gateway was never set and that was the problem. weird, but i think i can figure out something more permanent
16:49 < wiz> im having trouble getting OpenVPN 3 to work... where is the latest source code? i only found a ~2 year old tarball
17:31 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Ping timeout: 276 seconds]
17:36 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:37 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
17:49 -!- KNERD [~KNERD@netservisity.com] has joined #openvpn
17:57 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
18:25 < CryptoSiD> can anyone help me with up/down command
18:25 < CryptoSiD> im unable to run netsh...
18:25 < CryptoSiD> http://pastebin.com/fKCTtnMj i tryed all those
18:25 < CryptoSiD> none work
18:34 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
18:35 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
18:44 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
18:45 -!- arbos [~arbos@unaffiliated/arbos] has quit [Quit: Nettalk6 - www.ntalk.de]
18:46 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
19:13 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:15 -!- Terminus [~null@unaffiliated/terminus] has quit [Ping timeout: 240 seconds]
19:21 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
19:25 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
19:33 -!- somis [~somis@167.160.44.208] has quit [Quit: Leaving]
19:40 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
20:13 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:21 -!- zylinx [uid43406@gateway/web/irccloud.com/x-roogljejtpkkivqg] has quit [Quit: Connection closed for inactivity]
20:49 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
20:50 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
20:50 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
20:51 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
20:51 -!- mode/#openvpn [+o mattock] by ChanServ
20:56 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Read error: Connection reset by peer]
20:57 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
21:35 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
21:36 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
21:37 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
21:38 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
21:38 -!- mode/#openvpn [+o mattock] by ChanServ
21:49 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
22:21 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
22:32 -!- Tinyyy [~textual@175.156.248.65] has joined #openvpn
22:36 -!- Tinyyy [~textual@175.156.248.65] has quit [Client Quit]
22:45 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
22:46 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 240 seconds]
22:47 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
22:49 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 264 seconds]
22:49 -!- JackWinter_ [~jack@vodsl-11049.vo.lu] has joined #openvpn
22:50 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 264 seconds]
22:50 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
22:50 -!- derRichard [~derRichar@pippin.sigma-star.at] has quit [Ping timeout: 264 seconds]
22:50 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Ping timeout: 264 seconds]
22:50 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 264 seconds]
22:51 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Ping timeout: 264 seconds]
22:51 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
22:51 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
22:51 -!- Vercas_ [~Vercas@unaffiliated/vercas] has joined #openvpn
22:55 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
22:55 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
22:55 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
23:03 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
23:09 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
23:10 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
23:40 -!- tessier [~treed@kernel-panic/copilotco] has joined #openvpn
23:40 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-jnaolnbvwsrontaf] has joined #openvpn
23:41 < tessier> Hello all! systemd is driving me nuts. :( Anyone know how to troubleshoot this?
23:41 < tessier>   Active: failed (Result: exit-code) since Sat 2015-11-14 21:32:12 PST; 3min 17s ago
23:41 < tessier>   Process: 28152 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
23:41 < tessier> journalctl -xn barely has anything in it and nothing involving openvpn
23:42 < tessier> This had been working perfectly for months and now the vpn client got restarted accidentally and stuff is down. :(
23:45 < Terminus> tessier: got the output of journalctl or systemctl status?
23:46 < Terminus> tessier: grep the logs for openvpn too. that's how i typically troubleshoot my openvpn problems.
23:47 < tessier> Terminus: That's the frustrating thing...there's barely anything in those outputs...just a sec and let me pastebin, maybe you see something I don't...
23:47 < Terminus> tessier: sometimes i've gotten info out of them.
23:48 < tessier> http://pastebin.ca/3254484
23:48 -!- dw1 [~me@dw1.xyz] has joined #openvpn
23:48 < tessier> That is the *entire* output of both those commands.
23:49 < dw1> is it normal to not be able to access LAN computers when the android openvpn app is connected?
23:49 < dw1> or did i mess up my ovpn file
23:49 < tessier> Initially the server had the wrong system time and it said the cert was not yet valid. I fixed that...now I don't see anything on either end.
23:49 < Terminus> tessier: yep, that's not helpful. can you grep /var/log/ for openvpn?
23:49 < tessier> Terminus: Already done...not a single instance of openvpn anywhere.
23:49 < tessier> dw1: Check netmask and default route...
23:49 < tessier> dw1: Sometimes when a VPN is running you can only talk to the other end of the VPN.
23:50 < tessier> dw1: That is safest actually.
23:50 < Terminus> dw1: is your phone on the same subnet as the LAN you're trying to access? if yes, you need client-to-client. otherwise, you need routing as tessier said.
23:50 < dw1> yeah, that happens for me on the phone. but not other comps
23:50 < dw1> yeah, can't even ping other computers
23:50 < dw1> tracert says it goes through teh vpn
23:50 < dw1> traceroute app*
23:50 < tessier> Making systemd control everything like this is really frustrating. I don't understand how there could be no logs.
23:50 < Terminus> tessier: can you try restarting openvpn and then immediately check status and journalctl -xe? it may be the case that other errors have already popped up.
23:52 < tessier> Let me try that....
23:52 < CryptoSiD> can anyone help me with up/down command, im unable to run netsh..., http://pastebin.com/fKCTtnMj i tryed all those, none work
23:53 < dw1> i get it's more secure when i use public networks but i want to stream some media over the LAN
23:53 < CryptoSiD> id really appreciate if someone can help me with this
23:53 < tessier> I just did:
23:53 < tessier> systemctl restart openvpn@server.service;  systemctl status openvpn@server.service; journalctl -xn
23:53 < tessier> and the output of status and journalctl have not changed
23:53 < tessier> I'm going to take the windows way out and try rebooting. No idea what else to do.
23:54 < Terminus> CryptoSiD: why not just use --dhcp-option?
23:54 < Terminus> CryptoSiD: like dhcp-option DNS 192.168.2.1
23:55 < Terminus> *sigh* i wish dhcp-option would work elsewhere besides windows.
23:55 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
23:55 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:55 < CryptoSiD> i want to remove 192.168.2.1 when the vpn is up, else it dnsleak
23:55 < CryptoSiD> and add it back when vpn is down
23:56 < Terminus> CryptoSiD: dhcp-option should be taking care of that for you.
23:56 < CryptoSiD> i cant find " dhcp-option" in the manual
23:57 < CryptoSiD> nevermind
23:57 < Terminus> =P
23:57 < CryptoSiD> --dhcp-option type [parm]
23:57 < CryptoSiD> Set extended TAP-Win32 TCP/IP
23:57 < CryptoSiD> i dont want 192.168.2.1 on tap win32 interface
23:57 < CryptoSiD> nor to remove it from the tap interface
23:57 < CryptoSiD> i want to remove it from the main interface, physical one
23:57 < CryptoSiD> then add it back when i disconnect the vpn
23:57 -!- ShadniX [dagger@p57941F10.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:58 < CryptoSiD> i dont understand why up/down dont work, i googled, cant find anything usefull
23:58 < Terminus> CryptoSiD: oh. can't help you there right now then. i don't have a windows box handy.
23:59 -!- ShadniX [dagger@p57941E49.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Nov 15 2015
00:00 -!- dw1 [~me@dw1.xyz] has left #openvpn []
00:00 < CryptoSiD> Options error: the --up directive should have at most 1 parameter
00:00 < CryptoSiD> how stupid is this...
00:01 < CryptoSiD> and i cant find anything usefull on google, so im dnsleaking:D
00:04 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
00:15 < Terminus> CryptoSiD: quotes?
00:34 < CryptoSiD> yes
00:34 < CryptoSiD> tryed with quotes and without quote
00:35 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
00:36 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
00:47 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
00:50 -!- Vercas_ is now known as Vercas
00:55 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:57 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
01:23 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:30 < CryptoSiD> as anyone here been able to run netsh with up/down command ?
01:31 < CryptoSiD> have*
01:31 < CryptoSiD> has (excuse my poor english)
02:18 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
02:24 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 240 seconds]
02:29 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
02:34 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:03 -!- somis [~somis@167.160.44.208] has joined #openvpn
03:03 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
03:12 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
03:16 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
03:33 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
04:08 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Read error: Connection reset by peer]
04:10 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
04:16 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
04:16 -!- mode/#openvpn [+v RBecker] by ChanServ
04:24 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:25 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
04:25 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:46 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
05:04 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
05:09 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:33 < tessier> Terminus: Restarting the machine fixed it. Don't know why. We were back up hours ago. Thanks! :)
05:50 -!- Terminus [~null@unaffiliated/terminus] has quit [Ping timeout: 260 seconds]
05:52 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has joined #openvpn
06:25 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
06:25 < Terminus> tessier: lol. that's so weird. no thanks needed. i didn't fix anything. =P
06:25 < Terminus> tessier: now that i think about it though, i should have asked if there was a running openvpn process not controlled by systemd. XD
06:41 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
06:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:47 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 246 seconds]
06:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:54 -!- Terminus [~null@unaffiliated/terminus] has quit [Ping timeout: 260 seconds]
06:54 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-jnaolnbvwsrontaf] has quit [Quit: Connection closed for inactivity]
06:57 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 260 seconds]
06:59 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
07:16 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has left #openvpn ["WeeChat 1.1.1"]
07:17 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
07:23 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
07:26 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
07:28 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: time to go now]
07:42 -!- master_o1_master [~master_of@p4FD7B226.dip0.t-ipconnect.de] has joined #openvpn
07:45 -!- master_of_master [~master_of@p4FD7BBE6.dip0.t-ipconnect.de] has quit [Ping timeout: 255 seconds]
08:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:16 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-rwogmnnrdpivalhc] has joined #openvpn
08:19 -!- tete_ [~John@178-82-199-42.dynamic.hispeed.ch] has left #openvpn ["Leaving"]
08:24 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
08:59 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
09:00 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
09:12 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
09:13 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
09:15 -!- somis [~somis@167.160.44.208] has quit [Quit: Leaving]
09:15 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 260 seconds]
09:16 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
09:18 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
09:23 -!- somis [~somis@167.160.44.213] has joined #openvpn
09:31 -!- Terminus [~null@unaffiliated/terminus] has quit [Ping timeout: 246 seconds]
09:45 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
09:52 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
10:05 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
10:13 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
10:14 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
10:23 -!- toli [~toli@ip-62-235-221-243.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
10:26 -!- toli [~toli@ip-62-235-239-27.dsl.scarlet.be] has joined #openvpn
10:58 -!- opt1mal [~opty@162.216.46.52] has joined #openvpn
11:00 < opt1mal> I'm using openvpn on android tablet, with my own home openvpn server which is serving just a virtual LAN and not a proxy, but the android tablet, using openvpn app, is trying to use the vpn as a proxy also. How do I tell the openvpn app on android to only use the virtual LAN and not an internet proxy? The tablet cannot access internet while using openvpn.
11:01 < opt1mal> my linux machines are working just fine on this home vpn
11:31 -!- Denial- [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has quit []
11:34 -!- sillysausage [~sillysaus@2001:44b8:279:b001:5545:1cf6:3f91:7c54] has joined #openvpn
11:34 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has joined #openvpn
11:36 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
11:36 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
11:37 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has quit [Client Quit]
11:40 -!- sillysausage [~sillysaus@2001:44b8:279:b001:5545:1cf6:3f91:7c54] has quit [Quit: WeeChat 1.2]
11:40 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has joined #openvpn
11:42 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
11:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:50 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
12:08 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Remote host closed the connection]
12:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:10 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
12:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:16 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
12:16 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
12:16 -!- mjtowell [~mjtowell@unaffiliated/mjtowell] has joined #openvpn
12:22 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
12:31 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has quit []
12:34 < tessier> Terminus: Actually, I think a running openvpn process not controlled by systemd was probably on the right track.
12:53 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:55 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has joined #openvpn
13:01 -!- mjtowell [~mjtowell@unaffiliated/mjtowell] has quit [Quit: Leaving]
13:05 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
13:06 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
13:16 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
13:18 -!- lotharn7 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
13:19 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 250 seconds]
13:35 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
13:40 -!- milky [~discovery@textual/developer/mikeym] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
14:07 -!- opt1mal [~opty@162.216.46.52] has quit [Quit: Leaving]
14:49 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
14:52 -!- lotharn7 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 246 seconds]
15:09 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
15:20 -!- lotharn7 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
15:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
16:05 -!- zylinx [uid43406@gateway/web/irccloud.com/x-wktgwqdorkwxumiy] has joined #openvpn
16:09 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:21 -!- krthnz [~krthnz@unaffiliated/krthnz] has joined #openvpn
16:22 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
16:31 -!- baetheus [~brandon@null.pub] has joined #openvpn
16:37 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:53 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
16:53 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
17:13 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Ping timeout: 260 seconds]
17:19 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
17:25 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:09 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
18:42 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
18:42 -!- JackWinter_ [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 260 seconds]
18:48 -!- lotharn7 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
19:09 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:15 -!- somis [~somis@167.160.44.213] has quit [Quit: Leaving]
19:26 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 240 seconds]
19:33 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
19:37 -!- abbe [having@badti.me] has quit [Read error: Connection reset by peer]
19:37 -!- abbe [having@badti.me] has joined #openvpn
19:38 -!- fred`` [fred@earthli.ng] has quit [Quit: +++ATH0]
19:38 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 246 seconds]
19:38 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
19:39 -!- APTX_ [~APTX@unaffiliated/aptx] has quit [Quit: No Ping reply in 180 seconds.]
19:39 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 246 seconds]
19:39 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Ping timeout: 246 seconds]
19:39 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
19:40 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 246 seconds]
19:40 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
19:40 -!- fred`` [fred@2001:6f8:10c0:0:2010:abec:24d:2500] has joined #openvpn
19:40 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 246 seconds]
19:42 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
19:43 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
19:43 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
19:43 -!- jesopo [jess@lolnerd.net] has joined #openvpn
19:43 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
19:44 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
19:44 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
19:44 -!- mode/#openvpn [+o syzzer] by ChanServ
19:44 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
19:44 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
19:44 -!- mode/#openvpn [+o dazo_afk] by ChanServ
19:45 -!- dazo_afk is now known as dazo
19:48 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
20:01 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
20:19 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Read error: Connection reset by peer]
20:27 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
21:07 -!- xTz [~xTz@118.189.185.68] has joined #openvpn
21:07 -!- xTz [~xTz@118.189.185.68] has left #openvpn []
21:31 -!- zylinx [uid43406@gateway/web/irccloud.com/x-wktgwqdorkwxumiy] has quit [Quit: Connection closed for inactivity]
22:16 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has quit [Ping timeout: 265 seconds]
22:23 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
22:30 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:59 -!- Terminus [~null@unaffiliated/terminus] has quit [Ping timeout: 240 seconds]
23:10 -!- bakhtiya [~me@office.addictivemobility.com] has quit [Ping timeout: 240 seconds]
23:25 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Quit: “If we don't believe in freedom of expression for people we despise, we don't believe in it at all — Noam Chomsky”]
23:30 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
23:46 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
23:56 -!- ShadniX [dagger@p57941E49.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:57 -!- ShadniX [dagger@p5DDFD948.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Nov 16 2015
00:01 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
00:01 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
00:21 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
00:21 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
00:24 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:33 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 260 seconds]
00:33 -!- dmilith [~dmilith@verknowsys.com] has quit [Ping timeout: 260 seconds]
00:34 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
00:37 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has quit [Excess Flood]
00:37 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
01:07 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
01:08 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
01:13 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
01:14 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Disconnected by services]
01:14 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
01:15 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
01:15 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:15 -!- mode/#openvpn [+o mattock1] by ChanServ
01:16 -!- funnel_ [~funnel@unaffiliated/espiral] has joined #openvpn
01:20 -!- funnel [~funnel@unaffiliated/espiral] has quit [Write error: Broken pipe]
01:21 -!- riddle [riddle@us.yunix.net] has quit [Remote host closed the connection]
01:21 -!- dan_j [sid21651@gateway/web/irccloud.com/x-entbkquriylijrxl] has quit [Ping timeout: 448 seconds]
01:21 -!- alec-b [~alec@13.57.54.77.rev.vodafone.pt] has quit [Ping timeout: 448 seconds]
01:21 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 448 seconds]
01:21 -!- MrPocketz [~John@unaffiliated/mrpockets] has quit [Ping timeout: 448 seconds]
01:21 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 448 seconds]
01:21 -!- c|oneman [cloneman@2605:6400:2:fed5:22:0:3b06:3913] has quit [Remote host closed the connection]
01:21 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Write error: Connection reset by peer]
01:21 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Write error: Connection reset by peer]
01:21 -!- funnel_ is now known as funnel
01:22 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
01:23 -!- krzee [~k@openvpn/community/support/krzee] has joined #openvpn
01:23 -!- mode/#openvpn [+o krzee] by ChanServ
01:23 -!- riddle [riddle@us.yunix.net] has joined #openvpn
01:23 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
01:23 -!- KNERD [~KNERD@netservisity.com] has quit [Ping timeout: 258 seconds]
01:23 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
01:24 -!- dan_j [sid21651@gateway/web/irccloud.com/x-jwpedkczjeldmhus] has joined #openvpn
01:27 -!- leo2007 [~leo2007@128.199.230.246] has quit [Ping timeout: 250 seconds]
01:31 -!- shio [shio@84.101.121.10] has quit [Ping timeout: 276 seconds]
01:40 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has joined #openvpn
01:40 < v0lZy> Hi everyone
01:42 < v0lZy> Based on the needs of one of our client's I'm writing our own version of the windows openvpn-gui tray application. The change I'm making is that I'm introducing a service, so that the gui client can run as non-admin and instruct the service to execute openvpn.exe for a given configuration file.
01:42 < v0lZy> (and the service can talk bakc to the client for some notifications) ... this all goes over a tcp port on 127.0.0.1
01:43 < v0lZy> But I have a couple of things I'm unclear about.
01:44 < v0lZy> 1st) The OpenVPN Gui offers the 'change password' option... are users able to change their passwords on the fly by informing the openvpn server of what password they want?
01:45 < v0lZy> 2nd) without a management interface open, what would be the best way detect which openvpn config is in which state (connected, disconnected, etc.)
01:45 < v0lZy> Or can the management interface be open on several ports?
01:48 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
01:49 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
01:50 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has quit [Ping timeout: 244 seconds]
01:54 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has joined #openvpn
01:54 < v0lZy> seems my connection was interrupted
01:55 < v0lZy> anyone?
02:19 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
02:19 -!- dmilith [~dmilith@verknowsys.com] has joined #openvpn
02:20 < v0lZy> hi
02:21 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
02:23 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Client Quit]
02:37 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
02:40 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 260 seconds]
02:44 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
02:45 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Client Quit]
02:47 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
02:51 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
02:51 -!- zylinx [uid43406@gateway/web/irccloud.com/x-xokkmzcaadoiesfh] has joined #openvpn
02:55 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:56 < CryptoSiD> anyone able to run netsh with up/down
02:56 < CryptoSiD> im always getting: Options error: the --up directive should have at most 1 parameter
02:56 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
02:57 < CryptoSiD> http://pastebin.com/fKCTtnMj tryed all those
03:01 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Read error: Connection reset by peer]
03:02 < v0lZy> CryptoSiD: i just happened to run into that
03:03 < v0lZy> CryptoSiD: answer is in the error message
03:03 < v0lZy> try with " "
03:03 < v0lZy> instead of ' '
03:03 < v0lZy> CryptoSiD: I think your issues is double quotes in double quotes etc
03:03 < v0lZy> I think you have to '"' the double quotes on the inside
03:04 < CryptoSiD> its " no '
03:04 < CryptoSiD> not*
03:04 < v0lZy> No I mean
03:04 < CryptoSiD> humm can you give me an example plz
03:04 < CryptoSiD> :)
03:04 < v0lZy> inside
03:05 < v0lZy> this is what you are doing up "netsh.exe interface ipv4 delete dnsserver "vEthernet (Internetz)" all"
03:05 < CryptoSiD> and what should i do?:)
03:05 < v0lZy> try doing this instead: up "netsh.exe interface ipv4 delete dnsserver '"'vEthernet (Internetz)'"' all"
03:05 < CryptoSiD> ho ok
03:05 < CryptoSiD> let me try brb
03:05 < v0lZy> try that part
03:05 < v0lZy> basically the issue is with the inner quotes
03:05 < v0lZy> i'm not sure if '"' will do the trick or """
03:06 < v0lZy> I was once doing something like this with regards to SQL and command line stuff in Delphi, and I think the solution was """
03:06 < v0lZy> so if '"' doesnt work, try """
03:06 < v0lZy> or ""
03:06 < v0lZy> play around with those
03:09 < CryptoSiD> up "netsh.exe interface ipv4 delete dnsserver '"'vEthernet (Internetz)'"' all"
03:09 < CryptoSiD> down "netsh.exe interface ipv4 set dns ""vEthernet (Internetz)"" static 192.168.2.1"
03:09 < CryptoSiD> Options error: the --up directive should have at most 1 parameter. To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").
03:09 < CryptoSiD> Use --help for more information.
03:09 < CryptoSiD> :(
03:09 < CryptoSiD> im struggling with this for days...
03:09 < CryptoSiD> [04:01:18] (v0lZy): so if '"' doesnt work, try """
03:09 < CryptoSiD> i dont get what u mean?
03:10 < CryptoSiD> guess im slow this morning, example please:D
03:10 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
03:10 < v0lZy> ...
03:11 < CryptoSiD> " " ", where should i put those 3 quotes!?
03:11 < v0lZy> CryptoSiD: "<-outer double quote, "<--inner double quote, "<--- inner double quote, outer double quote-->"
03:12 < CryptoSiD> isnt it what i just tryed?
03:12 < CryptoSiD> up "netsh.exe interface ipv4 delete dnsserver '"'vEthernet (Internetz)'"' all"
03:12 < CryptoSiD> up "netsh.exe interface ipv4 delete dnsserver ''vEthernet (Internetz)'" all"
03:12 < CryptoSiD> already tryed those 2.
03:12 < v0lZy> "if you write "stuff like" this" the double quotes get expanded to "if you write" and " this"
03:13 < v0lZy> your issue is with how the inner double quotes are expanded
03:13 < v0lZy> you're double quoting a double quote basically
03:13 < v0lZy> so
03:13 < v0lZy> "try typing ""it"" like this"
03:13 < CryptoSiD> up "netsh.exe interface ipv4 delete dnsserver '"'vEthernet (Internetz)'"' all"
03:13 < v0lZy> "or """like""" this"
03:13 < CryptoSiD> exactly what i did there.
03:13 < CryptoSiD> huh ok
03:14 < CryptoSiD> up "netsh.exe interface ipv4 delete dnsserver '""'vEthernet (Internetz)'"'" all"
03:14 < CryptoSiD> rogjt?
03:14 < CryptoSiD> right*
03:14 < v0lZy> no
03:14 < v0lZy> remove the single quotes
03:14 < CryptoSiD> which one.
03:14 < v0lZy> THE SINGLE QUOTES
03:14 < CryptoSiD> there is none.
03:14 < v0lZy> ' <- single quote, " <- double quote
03:14 < CryptoSiD> its all "
03:14 < v0lZy> ok
03:14 < CryptoSiD> its all " " " " " "
03:14 < v0lZy> then yes, try like the above
03:15 < v0lZy> try with """ (so double quoting a double quote) and if that doesnt work, try with duplicating ""
03:15 < v0lZy> so
03:15 < v0lZy> "like """this""" and then"
03:15 < v0lZy> and if that doesnt work
03:15 < v0lZy> "try ""this"" instead"
03:15 < CryptoSiD> [04:10:34] (v0lZy): "try ""this"" instead"
03:15 < CryptoSiD> i just tryed this one.
03:16 < CryptoSiD> there is not a single SINGLE QUOTE in this
03:16 < CryptoSiD> i mean in what i tryed
03:18 < v0lZy> and, any luck?
03:20 < CryptoSiD> seriously, why is it so hard
03:20 < CryptoSiD> up "netsh.exe interface ipv4 delete dnsserver """vEthernet (Internetz)""" all"
03:20 < CryptoSiD> down "netsh.exe interface ipv4 set dns """vEthernet (Internetz)""" static 192.168.2.1"
03:20 < CryptoSiD> Options error: the --up directive should have at most 1 parameter. To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").
03:20 < CryptoSiD> Use --help for more information.
03:20 < v0lZy> CryptoSiD: it has to do with the language openvpn.exe is written in
03:21 < CryptoSiD> i started trying this 3 days ago thinking it would be easy
03:21 < v0lZy> try \" in place of the innter " then
03:21 < CryptoSiD> up "netsh.exe interface ipv4 delete dnsserver ""\vEthernet (Internetz)\"" all"
03:21 < CryptoSiD> ?
03:21 < v0lZy> CryptoSiD: it has to do with the language openvpn.exe is coded in ... in delphi, you quote quotes with repetition for example... "so ""like"" this" would give you "so "like" this"
03:22 < v0lZy> in C its probably different
03:22 < CryptoSiD> the problem is i cant find any documentation about this anywhere, or a working example
03:22 < v0lZy> and since you're running this from cmd.exe or however, you also have the factor of how cmd.exe does the quotes
03:22 < v0lZy> CryptoSiD: no ... like this
03:22 < v0lZy> "netsh.exe interface ipv4 delete dnsserver \"vEthernet (Internetd)\" all"
03:22 < CryptoSiD> netsh.exe interface ipv4 delete dnsserver "\vEthernet (Internetz)" all this command work in cmd.exe
03:26 < v0lZy> "\ sounds wrong
03:26 < v0lZy> shoudl be \"
03:26 < v0lZy> CryptoSiD: how do you expect to find documentation on this if its specific to what shell you call this from... and the other is specific to what language openvpn is coded in
03:30 < CryptoSiD> up "c:\\windows\\system32\\netsh.exe interface ipv4 delete dnsserver \"vEthernet (Internetz)\" all"
03:30 < CryptoSiD> down "c:\\windows\\system32\\netsh.exe interface ipv4 set dns \"vEthernet (Internetz)\" static 192.168.2.1"
03:30 < CryptoSiD> Options error: --up script fails with 'c:\windows\system32\netsh.exe interface ipv4 delete dnsserver "vEthernet (Internetz)" all': Invalid argument
03:30 < CryptoSiD> Options error: Please correct this error.
03:30 < CryptoSiD> Use --help for more information.
03:30 < CryptoSiD> at begining it wasnt finding netsh.exe, so i added c:\windws\ bla bla, then it told me to use double \\
03:30 < sillysausage> what the fuck is this ugly shit you're writing CryptoSiD lol
03:31 < CryptoSiD> C:\Windows\system32>c:\\windows\\system32\\netsh.exe interface ipv4 set dns \"vEthernet (Internetz)\" static 192.168.2.1
03:31 < CryptoSiD> this command is working #1 in cmd.exe
03:31 < CryptoSiD> but not with up (in openvpn)
03:31 < CryptoSiD> im trying to fix the dnsleak by removing the nameserver on my physical interface when the vpn is up
03:31 < CryptoSiD> but it look like its VERY hard to succeed
03:32 < sillysausage> the best way to fix leaks is to route with a separate physical machine into VPN ;)
03:32 < sillysausage> that prevents any kind of bypass
03:33 < v0lZy> CryptoSiD: again, you have to find the way that works for the whole sequence
03:33 < CryptoSiD> im already doing it, and its dns leaking anyway
03:33 < sillysausage> i did it with IPv4 with source based routing http://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#VPN_Tunnel_on_specific_subnet
03:33 < v0lZy> CryptoSiD: if you are running a batch script, you have to account for
03:33 <@vpnHelper> Title: Linux Router with VPN on a Raspberry Pi - Alpine Linux (at wiki.alpinelinux.org)
03:33 < CryptoSiD> if i run c:\\windows\\system32\\netsh.exe interface ipv4 delete dnsserver \"vEthernet (Internetz)\" all in cmd.exe it work.
03:33 < v0lZy> 1 - batch expansion, 2 - C expansion, 3 - batch expansion
03:33 < CryptoSiD> but up say invalid argument
03:33 < CryptoSiD> im getting mad.
03:34 < v0lZy> CryptoSiD: because --up is parsed in C!
03:34 < CryptoSiD> id resume it by saying because up is stupid as fk:D
03:34 < CryptoSiD> but i wont
03:34 < v0lZy> and it has to be parsed such that it recognizes only 1 parameter, and then it has to fling it out as something batch understands as two parameters
03:34 < v0lZy> CryptoSiD: probably your easiest work around is to write the netsh.exe stuff into a .bat file
03:34 < fling> D'oh!
03:34 < v0lZy> and then provide that bat file
03:34 < v0lZy> to the --up
03:35 < v0lZy> CryptoSiD: its not that --up is stupid, its that this stuff is difficult to code upfront for all combinations out there.
03:37 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:47 < CryptoSiD> up "c:\\windows\\up.bat"
03:47 < CryptoSiD> down "c:\\windows\\down.bat"
03:47 < CryptoSiD> Mon Nov 16 04:41:23 2015 WARNING: Failed running command (--up/--down): external program did not execute -- returned error code -1
03:48 < CryptoSiD> netsh interface ipv4 delete dnsserver "vEthernet (Internetz)" all (in up.bat)
03:48 < CryptoSiD> i also tryed c:\windows\system32\netsh.exe interface ipv4 delete dnsserver "vEthernet (Internetz)" all
03:48 < CryptoSiD> seriously............
03:48 < CryptoSiD> how can i not lose patience?
03:49 < CryptoSiD> i think i know why:)
03:50 < v0lZy> CryptoSiD: remove the \\ there
03:51 < v0lZy> up "C:\windows\up.bat"
03:51 < v0lZy> down "C:\windows\down.bat"
03:51 < CryptoSiD> i need 2 else openvpn complain
03:51 < CryptoSiD> its finally working, needed script-security 2
03:51 < CryptoSiD> thanks for help:D
03:52 < CryptoSiD> now if i want more pain ill try to make it work directly without the .bat, another day
03:52 < v0lZy> openvpn wouldnt complain about \\ there i think
03:52 < v0lZy> not in case of --up and --down anyway
03:52 < v0lZy> CryptoSiD: you could make it work without bat as long as you properly account for the batch->C->batch expansion
03:54 < CryptoSiD> Options warning: Bad backslash ('\') usage in client.ovpn:18: remember that backslashes are treated as shell-escapes and if you need to pass backslash characters as part of a Windows filename, you should use double backslashes such as "c:\\openvpn\\static.key"
03:55 < CryptoSiD> thanks for help and sorry for my bad mood:D
03:57 < v0lZy> interesting then
03:57 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
03:57 < v0lZy> by this logic
03:58 < v0lZy> \\" might we what you're after...
03:58 < v0lZy> --up "something \"some other\" thing"
04:08 -!- shio [shio@10.121.101.84.rev.sfr.net] has joined #openvpn
04:16 -!- danci1973 [~danci1973@router.agenda.si] has joined #openvpn
04:16 < danci1973> Hello...
04:21 < danci1973> I have a bit of a problem with Windows 10 client as the routes pushed (including 'default') by OpenVPN get a higher metrics value than existing gateway - consequently routing doesn't work well. Is this a know issue and is there workaround?
04:56 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:58 -!- subscope [~subscope@BC24348C.unconfigured.pool.telekom.hu] has joined #openvpn
05:06 < ntz> hello
05:08 < ntz> I have one question .... I have a task to set up vpn on one older server (sle 11) ... not sure about ssl vulnerabilities but ... is very hard to build openvpn from sources along with whole openssl stack ?
05:09 < ntz> if I use openvpn from distro it ofc works with these versions: # rpm -qa openvpn openssl
05:09 < ntz> openssl-0.9.8k-3.14.1.i586
05:09 < ntz> openvpn-2.1.0.20-0.1.1.i586
05:13 < danci1973> ntz: Does the SLE11 server have active subscription? Ie. is it updated to latest SLES packages?
05:15 < danci1973> ntz: If it does, 'all' vulnerabilites should be fixed in those versions.
05:16 < ntz> danci1973: unfortunatelly not
05:17 < ntz> at least these versions are up-to-date and only available
05:17 < ntz> ^^ from the POV of server repos
05:18 < ntz> danci1973: I also consider using these versions .... not sure how many ppl can break through openssl but I don't care for NSA right now
05:22 < danci1973> ntz: Chances are low (imho), but it's finally up to you and what you have to loose...
05:28 < ntz> ok
05:28 < ntz> thanks
05:56 < ntz> hmm. can you please tell me one more thing ... how do I forcefully disable pushing a def1 (eg default gateway) .. I know that I can configure client to not accept default gateway but can I do it on the server side ?
05:58 < BtbN> Just don't push the route?
06:04 < ntz> I need to push routes I'd guess .... I was configuring vpn serveral times few years in past and I was always able to do it .... at least, if i don't use bridge and use tun with 172.16.255.1 I I need to push to clients 192.168.60.245/32 and 192.168.60.113/32
06:04 < ntz> ^^ I'm pushing ONLY two hosts !!! not whole subnet
06:05 < ntz> I have set up on server in FORWARD chain, that only these are allowed to forward between eth0 and tun0 ... other are -j REJECT
06:30 < danci1973> ntz: Don't inlcude 'push "redirect-gateway"' - that should do it.
06:43 -!- somis [~somis@167.160.44.213] has joined #openvpn
06:58 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:18 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:18 -!- bf_ [~bf_@130.226.41.19] has joined #openvpn
07:19 -!- dmilith is now known as dmilith2
07:25 -!- somis [~somis@167.160.44.213] has quit [Quit: Leaving]
07:35 -!- subscope [~subscope@BC24348C.unconfigured.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:42 -!- Savemech [Savemech@gateway/shell/firrre/x-yxhktwhytkkxbqwu] has quit [Ping timeout: 240 seconds]
07:43 -!- master_of_master [~master_of@p4FF2411C.dip0.t-ipconnect.de] has joined #openvpn
07:44 -!- Savemech [Savemech@gateway/shell/firrre/x-dcsfirqbnizpfbvw] has joined #openvpn
07:46 -!- master_o1_master [~master_of@p4FD7B226.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
07:52 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
07:58 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 240 seconds]
07:58 -!- jefferai [jefferai@kde/mitchell] has quit [Ping timeout: 240 seconds]
07:58 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 240 seconds]
07:59 -!- m-kern [~kern@p509899d3.dip0.t-ipconnect.de] has joined #openvpn
08:00 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds]
08:00 < m-kern> Hey, does anyone have experience with using openVPN through a loadbalaner that combines 4 Internet Connections?
08:00 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
08:00 < m-kern> s/balaner/balancer
08:01 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
08:02 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
08:02 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
08:05 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:06 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
08:12 < ntz> is supported scenario to use with openvpn keys/certs/ca build in the ssl version higher than the one which is local openvpn build with ?
08:12 < m-kern> are you replying to me?
08:13 < ntz> no, sorry
08:13 < m-kern> :(
08:13 < ntz> m-kern: openvpn don't care for your lb
08:14 < m-kern> in the sense that it wont work anyway or that is doesnt matter?
08:19 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 250 seconds]
08:26 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
08:27 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
08:32 -!- designbybeck [~designbyb@x174y168.angelo.edu] has joined #openvpn
08:36 < designbybeck> Greetings all, I was planning on giving this Project a go: http://www.randarlabs.com/2013/09/have-raspberrypi-need-vpn-server.html
08:36 <@vpnHelper> Title: Randar Labs: Have a RaspberryPi? Need a VPN server? (at www.randarlabs.com)
08:36 < designbybeck> Was going to order me a new RaspberryPi 2
08:37 < designbybeck> and wanted to check if there was anything else recommended or suggested for settings up OpenVPN. This is mostly just to access my computer at home securely while at work or else where
08:59 -!- shiriru [~shiriru@46.10.123.114] has joined #openvpn
09:05 -!- danci1973 [~danci1973@router.agenda.si] has quit [Quit: KVIrc 4.0.2 Insomnia http://www.kvirc.net/]
09:09 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:13 <@ecrist> designbybeck: depending on your internet connection those Rasberry Pis will tip over pretty quickly
09:13 < designbybeck> ecrist: as in, can't handle fast internet?
09:14 <@ecrist> Yeah, just a quick glance, I'm guessing it will top out at 30Mbps or so, maybe more
09:14 < designbybeck> hmmm
09:14 < designbybeck> I've never tried any VPN project so I wasn't sure what to expect
09:14 <@ecrist> You can give it a go, that's probably going to be sufficient for remote control.
09:15 <@ecrist> If you're using SSH or RDP or something, it should be fine.
09:15 <@ecrist> If you're going to be transferring files to a from, etc, it might not meet your expectations.
09:15 < designbybeck> what else could you use besides ssh or RDP ecrist ?
09:16 <@ecrist> VNC
09:16 <@ecrist> rsh
09:16 < designbybeck> ah yes
09:16 <@ecrist> telnet
09:16 <@ecrist> X11 forwarding over ssh
09:16 < designbybeck> Isn't RDP and VNC the same?
09:16 <@ecrist> SlingPlayer
09:16 <@ecrist> no
09:16 < designbybeck> ....I'm learning as I go
09:17 <@ecrist> RDP is windows-specific
09:17 < designbybeck> ick
09:18 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:19 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has joined #openvpn
09:19 < designbybeck> just trying to learn how to do encrypted remote vpn stuff on my box at home, when I'm not at home
09:19 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 264 seconds]
09:19 -!- nestandi [~nestandi@ip25057c44.dynamic.kabel-deutschland.de] has quit [Max SendQ exceeded]
09:22 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
09:23 -!- mode/#openvpn [+v RBecker] by ChanServ
09:36 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
09:39 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:49 <@ecrist> designbybeck: in that case, it'll be a good start.
09:52 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
09:54 -!- kuahara [kuahara@cpe-66-69-147-81.sw.res.rr.com] has joined #openvpn
09:56 < kuahara> Ordinarily, I use windows VPN for our clients incoming vpn connection.  Windows server 2008 R2.  For most people, there are no issues.  There is one county (not country) where users cannot concurrently connect.  They are all using their own credentials to authenticate with the server, but for some strange reason, if user B connects while user A is already connected, user A gets booted.
09:56 < kuahara> None of the other counties that VPN in have this issue.  We suspect there is something setup on their hardware firewall that is causing this.
09:57 < kuahara> Until they get it resolved, is it possible to use openVPN to handle just that one counties incoming VPN connections without effecting how we handle VPN for everyone else?
09:58 < kuahara> s/counties/county's/
09:59 < kuahara> Also, will openVPN allow multiple concurrent outgoing VPN connections?  The end user needs to connect to networks in 3 different counties simultaneously.
10:02 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
10:13 -!- m-kern [~kern@p509899d3.dip0.t-ipconnect.de] has quit [Quit: Lost terminal]
10:14 -!- sppadic [~sppadic@90.216.134.197] has joined #openvpn
10:18 < Eugene> Sure, openvpn doesn't care.
10:18 < Eugene> You'll need to ensure that the connections don't have overlapping routes, or use policy routing if they do
10:19 < Eugene> As for the being booted, that sounds like duplicate-client behaviour. Are you using a shared certificate?
10:36 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
10:41 -!- bf_ [~bf_@130.226.41.19] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
10:49 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
11:06 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:09 -!- psynor [~patrick.s@69-39-85-101.static.123.net] has joined #openvpn
11:10 < psynor> hello all.  I have an odd scenario that I wanted to bounce off the group.  I have a device which will be connecting to an openvpn server, and I was wondering if it is possible to have multiple static IPs assigned (e.g. IP alias) to a tun interface?
11:11 < psynor> right now things are fine, but I have a need for multiple IP addresses to be assigned to a specific client.  I was thinking I could run multiple instances of the client, but I dont want to have 10 or so tunnel connections form point to point if I really just need 10 IP addresses all through the same tunnel
11:18 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:19 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has joined #openvpn
11:29 -!- shiriru [~shiriru@46.10.123.114] has quit [Quit: Leaving]
11:30 -!- kfogel [~Karl@74-92-190-114-Illinois.hfc.comcastbusiness.net] has joined #openvpn
11:31 < kfogel> Anyone used OpenVPN client on Debian GNU/Linux?  I was trying to use it recently with commands of the form 'sudo openvpn --config my-config-file.ovpn', and all it seemed to do was shut down my networking; tried with both a VPN server I had set up myself and even with a commercial provider (whose .ovpn file presumably was correct, since this is their business), but no luck.  This was OpenVPN 2.3.x, I believe; I see that 2.3.7
11:31 < kfogel> is the latest packaged version on Debian, but my experiences were back in October so it might have been a slightly earlier version then.
11:32 < kfogel> !welcome
11:32 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:32 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:39 -!- Free99 [~Free99@146.111.200.254] has joined #openvpn
11:41 < Free99> hello everyone. I am trying to bridge a network protected with obfsproxy to clients who connect without obfsproxy
11:41 < Free99> is the only way to do this by running two openvpn servers?
11:41 < Free99> and routing between the two?
11:44 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
11:47 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
11:50 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
11:50 < Dr-007> !goal
11:50 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:51 < Dr-007> i want to start openvpn with a configuration file in a non-default location.
11:51 < Dr-007> i thought it was openvpn -c <absolute filepath>
11:52 < Dr-007> and that would be it
11:54 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
11:55 -!- Free99 [~Free99@146.111.200.254] has quit [Ping timeout: 250 seconds]
11:55 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
11:55 < Dr-007> ah it is --config
11:55 -!- moss [~moss@unaffiliated/moss] has joined #openvpn
11:56 -!- psynor [~patrick.s@69-39-85-101.static.123.net] has quit [Ping timeout: 240 seconds]
11:56 < moss> Hello.  Is there an easy way to only route SSH through a VPN vs. all traffic?
11:56 < moss> through OpenVPN i should say.
11:57 < moss> I currently have OpenVPN configured successfully but it is routing all traffic and I really only need SSH routed through the VPN.
11:57 < Dr-007> you should use iptables for that
11:57 < Dr-007> or whatever it is called now-a-days
11:57 < Dr-007> with that you can manage / redirect network packets to whatever device
11:58 < moss> Well.. I have 2 servers. One is a web server and I *only* want to allow SSH/ftp access from the VPN IP
11:58 < moss> So you're saying on the vpn server-side I would need to configure iptables to only route the SSH port through the tunnel ?
12:02 < Dr-007> yup
12:02 < DArqueBishop> moss, just set the firewall on that server to only allow ssh/ftp from the VPN subnet.
12:02 < Dr-007> let me have a looksie..
12:03 < moss> DArqueBishop: right, i did that on the webserver :) The problem is on the VPN server.  It is routing _all_ traffic through the VPN.  I can't be routing web traffic when connected to the VPN
12:03 -!- kfogel [~Karl@74-92-190-114-Illinois.hfc.comcastbusiness.net] has left #openvpn ["Ex-Chat"]
12:04 < Dr-007> moss, i thought i had an example. but its gone
12:05 < moss> :(
12:05 < Dr-007> iptables -I zone_wan_src_REJECT 1 --protocol tcp --dport 22 --jump ACCEPT
12:05 < Dr-007> its now something like this, which only tells to accept SSH connections on my openwrt wan port
12:05 < Dr-007> good luck anyways.
12:05 < moss> ah
12:05 < moss> thanks
12:06 < Dr-007> DArqueBishop, has a point tho. most firewalls use iptables to create security
12:06 < Dr-007> so you can probably do it via the firewall
12:06 < DArqueBishop> This is probably me being pedantic, but are you saying your VPN is now your default gateway when you connect, and you don't want ALL traffic routed through the VPN, but just traffic for hosts within the network behind your VPN?
12:07 < moss> DArqueBishop: yes, that is correct!
12:07 < moss> sorry, i am terrible at communicating this :D
12:08 < DArqueBishop> moss, see if there's a line in your server's OpenVPN file that says something like "push 'redirect-gateway def1'". If so, comment it out.
12:08 < moss> DArqueBishop: I did that
12:09 < DArqueBishop> Did you restart the OpenVPN server?
12:09 < moss> DArqueBishop: yes.
12:10 < DArqueBishop> moss, if that line is removed from your conf file and not in any ccd files, then your OpenVPN server should not be telling the clients to redirect all traffic through the VPN.
12:10 < moss> DArqueBishop: my apologies. I should have said that I've tried that already
12:11 < moss> When i comment out that line and try to SSH to the webserver it does not connect.
12:11 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
12:11 < DArqueBishop> moss, do you have a route line for the network behind the VPN?
12:11 < DArqueBishop> !route
12:12 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
12:12 <@vpnHelper> client
12:13 < moss> DArqueBishop: I do not
12:13 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:13 < moss> I can't add a public IP to that can I?
12:14 < moss> nevermind
12:14 < moss> hehe
12:16 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
12:17 < moss> perfect DArqueBishop - your guidance helped massively!!!!
12:18 < DArqueBishop> Glad to help. :-)
12:20 < moss> ahh i am so happy. that is actually exactly what i needed! that is so easy.
12:20 < moss> thanks again
12:20 < moss> have a great day guys.
12:20 -!- moss [~moss@unaffiliated/moss] has left #openvpn ["Laters"]
12:21 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:23 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:25 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
12:28 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has quit [Ping timeout: 260 seconds]
12:29 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:39 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:59 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Remote host closed the connection]
13:00 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
13:01 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Remote host closed the connection]
13:05 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Ping timeout: 240 seconds]
13:08 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
13:25 -!- Gaffel [~drone@h167n11-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
13:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:34 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
13:43 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 265 seconds]
13:51 -!- Free99 [~Free99@146.111.200.254] has joined #openvpn
13:51 < Free99> goal: I need to let users connect to my network using plain openVPN clients while keeping one leg of the network obfuscated and encrypted using openvpn+obfsproxy
14:00 -!- samu_ [s@unaffiliated/samaelszafran] has joined #openvpn
14:00 -!- samu [s@unaffiliated/samaelszafran] has quit [Read error: Connection reset by peer]
14:00 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 240 seconds]
14:00 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
14:03 -!- esde [~something@openvpn/user/esde] has quit [Ping timeout: 240 seconds]
14:03 -!- CGML [~CGML@unaffiliated/cgml] has quit [Ping timeout: 240 seconds]
14:03 -!- Rymax99 [Ryan@unaffiliated/rymax99] has quit [Ping timeout: 240 seconds]
14:03 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 240 seconds]
14:03 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
14:03 -!- Rymax99 [Ryan@unaffiliated/rymax99] has joined #openvpn
14:04 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
14:06 -!- esde [~something@openvpn/user/esde] has joined #openvpn
14:06 -!- mode/#openvpn [+v esde] by ChanServ
14:20 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
14:26 -!- CrazyyMaxx [CrazyyMaxx@2001:41d0:2:b743::] has quit [Quit: Bye!]
14:33 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:34 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:43 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:47 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
14:49 -!- CrazyyMaxx [CrazyyMaxx@2001:41d0:2:b743::] has joined #openvpn
15:00 -!- psynor [~patrick.s@69-39-85-101.static.123.net] has joined #openvpn
15:00 < psynor> does anyone know if there is a way to assign multiple IPs to a single client?
15:06 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has quit []
15:17 -!- Free99 [~Free99@146.111.200.254] has quit [Quit: See you later.]
15:17 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has joined #openvpn
15:21 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:21 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
15:30 -!- Denial [~Denial@host31-52-125-250.range31-52.btcentralplus.com] has quit [Ping timeout: 250 seconds]
15:31 -!- Denial [~Denial@5.80.233.113] has joined #openvpn
15:37 -!- somis [~somis@70.38.6.188] has joined #openvpn
15:41 -!- zylinx [uid43406@gateway/web/irccloud.com/x-xokkmzcaadoiesfh] has quit [Quit: Connection closed for inactivity]
15:41 -!- Red-Bull [~red-bull@64.x86.be] has left #openvpn []
15:43 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 260 seconds]
15:53 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
16:03 -!- zylinx [uid43406@gateway/web/irccloud.com/x-qbvqbbikwbjsezdr] has joined #openvpn
16:17 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
16:19 -!- psynor [~patrick.s@69-39-85-101.static.123.net] has quit [Quit: Leaving.]
16:31 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:33 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
16:39 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:45 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:47 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:47 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
16:56 -!- james41382__ [~james4138@unaffiliated/james41382] has joined #openvpn
16:58 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 265 seconds]
16:58 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 265 seconds]
16:59 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 265 seconds]
16:59 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
16:59 -!- ashka [~postmaste@pdpc/supporter/active/ashka] has quit [Ping timeout: 265 seconds]
16:59 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Ping timeout: 265 seconds]
16:59 -!- mcp [~mcp@wolk-project.de] has quit [Ping timeout: 265 seconds]
16:59 -!- Matir [~matir@ubuntu/member/matir] has quit [Ping timeout: 265 seconds]
16:59 -!- drwx [~drwx@unaffiliated/drwx] has quit [Ping timeout: 265 seconds]
17:00 -!- designbybeck [~designbyb@x174y168.angelo.edu] has quit [Ping timeout: 265 seconds]
17:00 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
17:00 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Ping timeout: 265 seconds]
17:00 -!- shootbird [~quassel@beepbeep.serverpit.com] has quit [Ping timeout: 265 seconds]
17:01 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
17:01 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
17:01 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
17:01 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:01 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
17:02 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
17:03 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 272 seconds]
17:05 -!- kantlivelong [~kantlivel@47.23.189.90] has joined #openvpn
17:05 -!- ashka [~postmaste@pdpc/supporter/active/ashka] has joined #openvpn
17:05 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
17:06 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
17:06 -!- drwx [~drwx@unaffiliated/drwx] has joined #openvpn
17:06 -!- master_o1_master [~master_of@p4FF2411C.dip0.t-ipconnect.de] has joined #openvpn
17:07 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:10 -!- iNs [~ins@85.17.164.26] has joined #openvpn
17:11 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
17:11 -!- luckman212_ [~luckman21@unaffiliated/luckman212] has joined #openvpn
17:12 -!- Netsplit *.net <-> *.split quits: master_of_master, luckman212, Champi, Willis, james41382__, Cultist, baetheus, deetwelve, jerichowasahoax, avril,  (+1 more, use /NETSPLIT to show all of them)
17:12 -!- Netsplit over, joins: jerichowasahoax
17:12 -!- luckman212_ is now known as luckman212
17:12 -!- Netsplit over, joins: avril
17:12 -!- Netsplit over, joins: Champi
17:13 -!- Netsplit over, joins: Cultist
17:13 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:13 -!- Netsplit over, joins: Willis
17:13 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
17:16 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
17:18 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
17:18 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
17:24 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:26 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:29 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
17:29 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
17:30 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:35 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
17:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:38 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
17:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
17:41 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:42 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
17:45 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
17:46 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
17:48 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:52 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
17:53 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds]
17:54 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
17:59 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
17:59 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
18:00 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:04 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
18:05 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:10 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
18:11 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:12 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
18:15 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
18:16 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:21 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
18:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:23 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
18:27 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
18:27 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
18:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
18:30 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 276 seconds]
18:32 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
18:33 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:33 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:35 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
18:38 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
18:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
18:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:46 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
18:51 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
18:52 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:56 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 244 seconds]
18:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
18:57 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
19:01 -!- james41382_ is now known as james41382
19:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
19:03 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:08 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
19:08 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:09 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
19:13 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
19:14 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:17 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
19:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
19:21 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
19:29 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
19:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:38 -!- baetheus [~brandon@null.pub] has joined #openvpn
19:38 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
19:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 255 seconds]
19:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:44 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
19:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
19:49 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
19:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
19:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
20:06 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.3]
20:21 -!- zylinx [uid43406@gateway/web/irccloud.com/x-qbvqbbikwbjsezdr] has quit [Quit: Connection closed for inactivity]
20:29 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
20:32 -!- somis [~somis@70.38.6.188] has quit [Quit: Leaving]
20:36 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 240 seconds]
20:39 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
21:02 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
21:15 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
21:16 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds]
21:17 -!- Vercas [~Vercas@unaffiliated/vercas] has quit [Quit: No Ping reply in 180 seconds.]
21:18 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
21:19 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
21:19 -!- mode/#openvpn [+o mattock] by ChanServ
21:19 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
21:21 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 272 seconds]
21:23 -!- Tenhi_ [~tenhi@178.18.241.180] has quit [Ping timeout: 240 seconds]
21:24 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 240 seconds]
21:25 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
21:27 -!- Tenhi_ [~tenhi@178.18.241.180] has joined #openvpn
21:30 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
21:31 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
21:33 -!- krzee [~k@openvpn/community/support/krzee] has quit [Ping timeout: 240 seconds]
21:33 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
21:36 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
21:39 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
21:41 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
21:42 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Ping timeout: 240 seconds]
21:43 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
21:43 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 240 seconds]
21:43 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
21:44 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
21:44 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
21:44 -!- mode/#openvpn [+o mattock] by ChanServ
21:45 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
21:48 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has quit [Quit: /quit]
21:50 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:50 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
21:54 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:57 -!- Terminus [~null@unaffiliated/terminus] has quit [Ping timeout: 255 seconds]
22:21 -!- toli [~toli@ip-62-235-239-27.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
22:26 -!- toli [~toli@ip-62-235-239-27.dsl.scarlet.be] has joined #openvpn
22:55 -!- u0m3_ [~u0m3@89.120.204.99] has joined #openvpn
22:59 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
23:01 -!- r00t^2_ [~bts@g.rainwreck.com] has joined #openvpn
23:02 -!- MrPocketz [~John@unaffiliated/mrpockets] has joined #openvpn
23:03 -!- n-st_ [~n-st@unaffiliated/n-st] has joined #openvpn
23:05 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Disconnected by services]
23:05 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
23:05 -!- jefferai [jefferai@kde/mitchell] has quit [Ping timeout: 246 seconds]
23:05 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Ping timeout: 246 seconds]
23:05 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 246 seconds]
23:05 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 246 seconds]
23:05 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has quit [Ping timeout: 246 seconds]
23:05 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 246 seconds]
23:05 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 246 seconds]
23:05 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 246 seconds]
23:05 -!- kantlivelong [~kantlivel@47.23.189.90] has quit [Ping timeout: 246 seconds]
23:05 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 246 seconds]
23:05 -!- Ssquidly [~squidly@buttle.nnx.com] has quit [Ping timeout: 246 seconds]
23:05 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has quit [Ping timeout: 246 seconds]
23:05 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Ping timeout: 246 seconds]
23:05 -!- n-st [~n-st@unaffiliated/n-st] has quit [Ping timeout: 246 seconds]
23:05 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
23:05 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 246 seconds]
23:05 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
23:05 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 246 seconds]
23:05 -!- n-st_ is now known as n-st
23:05 -!- r00t^2_ is now known as r00t^2
23:05 -!- NP-Compl1 [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:05 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
23:06 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
23:07 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
23:07 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
23:07 -!- mode/#openvpn [+o syzzer] by ChanServ
23:07 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
23:07 -!- Guest83647 [~dazo@openvpn/community/developer/dazo] has joined #openvpn
23:07 -!- mode/#openvpn [+o Guest83647] by ChanServ
23:07 -!- Guest83647 is now known as dazo
23:08 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
23:08 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
23:08 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
23:08 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
23:08 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
23:10 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
23:10 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 250 seconds]
23:11 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:11 -!- mode/#openvpn [+o mattock] by ChanServ
23:12 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
23:13 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
23:21 -!- Denial- [~Denial@5.80.233.113] has joined #openvpn
23:25 < fling> How to fix? -> Authenticate/Decrypt packet error -> http://dpaste.com/29T9H4A
23:25 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Disconnected by services]
23:26 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
23:27 < fling> also pinging the default gateway gives me 64 bytes from 172.16.0.1: icmp_seq=1 ttl=254 time=1.48 ms (DUP!) -> http://dpaste.com/2CQ3V50
23:28 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
23:29 -!- bpye_ [~quassel@unaffiliated/bpye] has joined #openvpn
23:30 -!- Netsplit *.net <-> *.split quits: Rymax99, OS-16517, Denial, CrazyyMaxx, skyroveRR, bpye
23:31 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
23:35 -!- willeponken [~willeponk@2a03:b0c0:2:d0::155:4001] has joined #openvpn
23:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:46 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
23:47 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
23:48 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
23:52 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
23:57 -!- ShadniX [dagger@p5DDFD948.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:58 -!- ShadniX [dagger@p5481DF24.dip0.t-ipconnect.de] has joined #openvpn
23:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:58 -!- mode/#openvpn [+o mattock1] by ChanServ
--- Day changed Tue Nov 17 2015
00:00 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
00:01 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
00:03 < Terminus> hello. i've got push "dhcp-option DNS 192.168.23.1" in my server.conf but foreign_option isn't getting set on the client. any idea why? both boxes running debian. i dumped the vars with set > /tmp/vpnout
00:10 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
00:20 < Terminus> omfg i'm stupid. the ovpn i'm testing has a push-reset. >_<
00:21 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 250 seconds]
00:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
00:23 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:24 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
00:37 -!- MikeH__ [~mystica55@75-166-103-23.hlrn.qwest.net] has joined #openvpn
00:37 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
00:37 -!- MikeH__ is now known as mystica555
00:37 -!- mystica555_ [~mystica55@71-218-28-140.hlrn.qwest.net] has quit [Ping timeout: 260 seconds]
00:41 -!- mystica555 [~mystica55@75-166-103-23.hlrn.qwest.net] has quit [Ping timeout: 240 seconds]
00:43 -!- mystica555 [~mystica55@75-171-236-63.hlrn.qwest.net] has joined #openvpn
00:46 -!- Saturn812 [~Saturn812@87.76.14.52] has joined #openvpn
00:52 -!- Linuxnet [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
01:02 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
01:04 -!- kuahara [kuahara@cpe-66-69-147-81.sw.res.rr.com] has quit [Ping timeout: 260 seconds]
01:08 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
01:11 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
01:26 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
01:35 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
01:37 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
01:49 -!- themayor [~themayor@unaffiliated/themayor] has quit [Quit: ZNC - http://znc.in]
01:51 -!- Terminus [~null@unaffiliated/terminus] has quit [Ping timeout: 272 seconds]
01:52 -!- u0m3_ [~u0m3@89.120.204.99] has quit [Ping timeout: 265 seconds]
02:06 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
02:10 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Quit: He who dares .... wins.]
02:11 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 240 seconds]
02:13 -!- mystica555 [~mystica55@75-171-236-63.hlrn.qwest.net] has quit [Ping timeout: 276 seconds]
02:14 -!- mystica555 [~mystica55@97-118-162-250.hlrn.qwest.net] has joined #openvpn
02:25 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
02:26 -!- zylinx [uid43406@gateway/web/irccloud.com/x-aljizckozvcnfker] has joined #openvpn
02:37 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:38 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
02:38 -!- Terminus [~null@unaffiliated/terminus] has joined #openvpn
02:44 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
02:50 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
03:03 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
03:05 -!- samu_ is now known as samu
03:06 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:18 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
03:23 -!- Terminus [~null@unaffiliated/terminus] has left #openvpn []
03:26 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:40 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
03:41 -!- Denial [~Denial@82-69-28-228.dsl.in-addr.zen.co.uk] has joined #openvpn
03:43 -!- Denial- [~Denial@5.80.233.113] has quit [Ping timeout: 272 seconds]
03:44 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:50 -!- x72eme [bc813000@gateway/web/freenode/ip.188.129.48.0] has joined #openvpn
03:50 < x72eme> hello2all
03:51 < x72eme> I installed openvpn as service on windows server 2003. When the machine is rebooted i can connect from client, but cant ping the server or connect to remote desktop. If i restart service manually everthing works.
03:52 < x72eme> Cant provide log now, but maybe someone had problem like this? Thx
04:02 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
04:02 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 260 seconds]
04:11 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:14 -!- sppadic [~sppadic@90.216.134.197] has quit [Remote host closed the connection]
04:22 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
04:32 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
04:35 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
04:35 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
04:36 -!- amites_ [~amites@71-211-183-226.hlrn.qwest.net] has joined #openvpn
04:37 -!- mystica555 [~mystica55@97-118-162-250.hlrn.qwest.net] has quit [Ping timeout: 265 seconds]
04:37 -!- mystica555_ [~mystica55@174-16-116-208.hlrn.qwest.net] has joined #openvpn
04:37 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:39 -!- amites [~amites@184-96-235-245.hlrn.qwest.net] has quit [Ping timeout: 260 seconds]
04:44 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:51 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
04:55 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:55 -!- sillysau1 [~sillysaus@79.172.193.80] has joined #openvpn
04:56 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Ping timeout: 240 seconds]
05:00 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Quit: WeeChat 1.4-dev]
05:07 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
05:10 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has left #openvpn []
05:18 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
05:32 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 244 seconds]
05:41 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
05:48 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
05:59 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:17 -!- sillysau1 [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
06:19 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 264 seconds]
06:29 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:31 -!- u0m3 [~Radu@89.120.204.99] has joined #openvpn
06:34 -!- shiriru [~shiriru@46.10.123.114] has joined #openvpn
06:39 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
06:52 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
07:02 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 265 seconds]
07:05 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
07:11 -!- sillysausage [~sillysaus@ppp14-2-62-59.lns21.adl2.internode.on.net] has joined #openvpn
07:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 240 seconds]
07:35 -!- Denial- [~Denial@5.80.233.113] has joined #openvpn
07:38 -!- Denial [~Denial@82-69-28-228.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 276 seconds]
07:43 -!- master_of_master [~master_of@p4FD7B146.dip0.t-ipconnect.de] has joined #openvpn
07:46 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:46 -!- master_o1_master [~master_of@p4FF2411C.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
07:49 -!- somis [~somis@70.38.6.188] has joined #openvpn
08:17 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
08:17 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
08:21 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
08:25 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:27 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
08:30 -!- nullsign [~nullsign@tyrion.nullsign.com] has quit [Read error: Connection reset by peer]
08:33 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
08:41 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 255 seconds]
08:42 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
08:43 -!- shiriru [~shiriru@46.10.123.114] has quit [Quit: Leaving]
08:50 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
08:58 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Quit: leaving]
08:58 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
08:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:12 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
09:13 -!- Saturn812 [~Saturn812@87.76.14.52] has quit [Quit: Leaving]
09:16 -!- sppadic [~sppadic@90.216.134.197] has joined #openvpn
09:38 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 260 seconds]
09:41 -!- u0m3 [~Radu@89.120.204.99] has quit [Ping timeout: 265 seconds]
09:45 -!- sillysausage [~sillysaus@ppp14-2-62-59.lns21.adl2.internode.on.net] has quit [Quit: WeeChat 1.2]
09:47 -!- x72eme [bc813000@gateway/web/freenode/ip.188.129.48.0] has quit [Ping timeout: 246 seconds]
09:52 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 264 seconds]
09:53 -!- ntz [~jdoe@static-84-42-228-122.net.upcbroadband.cz] has left #openvpn []
09:54 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
09:59 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 240 seconds]
10:00 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 250 seconds]
10:08 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
10:09 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
10:15 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 250 seconds]
10:16 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
10:20 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
10:20 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
10:21 -!- arbos [~arbos@unaffiliated/arbos] has joined #openvpn
10:23 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 276 seconds]
10:24 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
10:25 -!- u0m3 [~Radu@89.120.204.99] has joined #openvpn
10:27 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:29 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 276 seconds]
10:30 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
10:31 -!- arbos [~arbos@unaffiliated/arbos] has quit [Ping timeout: 260 seconds]
10:31 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
10:31 -!- zylinx [uid43406@gateway/web/irccloud.com/x-aljizckozvcnfker] has quit [Quit: Connection closed for inactivity]
10:35 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
10:35 -!- arbos [~arbos@unaffiliated/arbos] has joined #openvpn
10:37 < arbos> I just set up an openvpn server, but when I connect dns lookups take like 3-4 seconds,(and dns is leaking) I
10:37 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 255 seconds]
10:37 < arbos> I've tried quite a few things, any tips on what to try to reduce this lookup time?
10:38 < arbos> (ping is fine 20ms, server is not far away)
10:38 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
10:43 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:50 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
11:01 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
11:03 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
11:04 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 240 seconds]
11:05 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Remote host closed the connection]
11:06 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
11:08 -!- arbos [~arbos@unaffiliated/arbos] has quit [Ping timeout: 260 seconds]
11:12 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 240 seconds]
11:14 -!- arbos2 [~arbos@unaffiliated/arbos] has joined #openvpn
11:24 -!- dmilith2 is now known as dmilith
11:25 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
11:25 < Thermi> arbos2: windows 10?
11:28 < arbos2> Thermi: yea I came across some info of big problems with 10, running 8.1 here
11:29 < Thermi> Then fix your DNS settings
11:29 < Thermi> !dns
11:29 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
11:29 < Thermi> !pushdns
11:29 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN for
11:29 <@vpnHelper> Android and OpenVPN Connect will happily accept push dhcp-option
11:29 < arbos2> Thermi: It is much better now, not sure what setting did it but after rebooting both systems it's much better
11:29 < arbos2> ah nice
11:36 < Dr-007> is there a way to create a openvpn server where the config is compiled in? or something
11:36 < Dr-007> i dont want people to mess with the client / server config
11:36 < Dr-007> compiling it in seems stupid tho
11:36 < Dr-007> i'm looking for another way
11:40 < DArqueBishop> Dr-007, the config file should only be readable by root and openvpn should only be usable as root, so if you have users with root privileges on your server you have bigger problems. :-)
11:44 < Dr-007> DArqueBishop, lol, god no
11:44 < Dr-007> my website generates openvpn server settings for people to run
11:44 < Dr-007> then my website connects to the openvpn server
11:45 < Dr-007> in those openvpn networks they can manage their routers
11:45 < Dr-007> only if they start messing with the ip range start / end. then my webserver could get in trouble
11:46 < Dr-007> but..
11:46 < Dr-007> i think i will build a script that will just check what ip range a server is using
11:46 < Dr-007> if it is not using our "adviced" settings, it will disconnect inmediately
11:48 < Thermi> Just prevent them from doing any working changes on your side
11:48 < Dr-007> Thermi, what do you mean?
11:49 < Thermi> Judging from your description, you control one side of the tunnel and the client controls the other, right?
11:49 < Dr-007> yeah, im controlling the client
11:50 < Dr-007> but i generate the ip range conf that they should be using
11:50 < Dr-007> (as a server)
11:50 < Thermi> How does that look like? Routes? CCD?
11:51 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
11:51 < Dr-007> !routes
11:51 < Dr-007> !CCD
11:51 <@vpnHelper> "CCD" is (#1) entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir <dir> to enable it, then put the config options for the client in <dir>/common-name or (#2) the ccd file is parsed each time the client connects.
11:52 < Dr-007> nice
11:52 < Dr-007> im still learning
11:52 < Dr-007> but never mind, i'll refactor along the way
11:52 < Dr-007> until i'm certain it wont mess up anything
12:02 -!- Denial [~Denial@5.80.233.113] has joined #openvpn
12:03 -!- Denial- [~Denial@5.80.233.113] has quit [Ping timeout: 265 seconds]
12:05 -!- u0m3 [~Radu@89.120.204.99] has quit [Ping timeout: 265 seconds]
12:05 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Ping timeout: 265 seconds]
12:05 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit [Ping timeout: 265 seconds]
12:05 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 265 seconds]
12:05 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
12:05 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
12:06 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
12:10 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
12:10 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
12:17 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
12:19 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
12:23 -!- sillysausage [~sillysaus@79.172.193.80] has joined #openvpn
12:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:31 -!- occupant [~null@207.173.20.37] has joined #openvpn
12:36 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 240 seconds]
13:09 -!- bpye_ is now known as bpye
13:20 -!- sillysausage [~sillysaus@79.172.193.80] has quit [Quit: WeeChat 1.2]
13:49 -!- blackbeard [~Blackbear@177.102.180.246] has joined #openvpn
13:50 < blackbeard> Hi guys. I need some help (oh really?)
14:01 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:05 -!- KNERD [~KNERD@netservisity.com] has joined #openvpn
14:12 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
14:17 -!- dazo [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 246 seconds]
14:24 -!- reiffert [~thomas@mail.reifferscheid.org] has joined #openvpn
14:25 < reiffert> Hola pacos
14:32 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
14:34 -!- noecc [~irc@unaffiliated/noecc] has quit [Remote host closed the connection]
14:44 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
14:44 -!- mode/#openvpn [+o dazo_afk] by ChanServ
14:44 -!- dazo_afk is now known as dazo
14:47 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
14:51 -!- _Cyclone_ [~Cyclone@66.129.241.10] has joined #openvpn
15:02 -!- Neal|ZNC is now known as Neal_
15:08 -!- jpentland [~joe@p4FF5A5F3.dip0.t-ipconnect.de] has joined #openvpn
15:09 < jpentland> If I have a bunch of .conf files in /etc/openvpn and I want to add login information (auth-user-pass) do i have to edit every file or can there be a system-wide config?
15:15 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-rwogmnnrdpivalhc] has quit [Quit: Connection closed for inactivity]
15:17 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
15:18 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
15:23 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
15:31 -!- fixxxermet [~lopan@mail01.gnulnx.net] has joined #openvpn
15:32 < fixxxermet> Hey I'm getting a 'Halt command was pushed by server ('disconnected due to new connection by same user')' however I have 'Allow multiple concurrent VPN connections for a user' box checked
15:32 < fixxxermet> er, wrong channel, meant to be in access server
15:32 -!- fixxxermet [~lopan@mail01.gnulnx.net] has left #openvpn []
15:35 -!- _Cyclone_ [~Cyclone@66.129.241.10] has quit [Ping timeout: 265 seconds]
15:43 -!- somis [~somis@70.38.6.188] has quit [Quit: Leaving]
15:57 -!- jpentland [~joe@p4FF5A5F3.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
15:58 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:59 -!- eliasp is now known as eliasp_______
16:01 -!- pzduniak [~pzduniak@cloudrack.io] has joined #openvpn
16:01 -!- eliasp_______ is now known as eliasp
16:01 < pzduniak> !routedlans
16:02 < pzduniak> !welcome
16:02 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:02 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:03 < pzduniak> hmm
16:03 < pzduniak> what was that command with a nice graph for lan routing debugging
16:04 < pzduniak> basically im pushing a 10.10.10.0/24 route through tun
16:05 < pzduniak> then i manually added a route on a server in lan
16:05 < pzduniak> but ping still doesn't work for some reason
16:20 < pzduniak> !topology
16:20 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
17:24 -!- svetlana [~noone@129.94.238.131] has joined #openvpn
17:27 -!- arianna_ [~arianna@host36-17-dynamic.21-79-r.retail.telecomitalia.it] has joined #openvpn
17:30 < arianna_> hello everyone..I would like to setup a vpn server on my mint laptop..is there a very simple guide I can follow? tried with this one https://www.linux.com/learn/tutorials/457103-install-and-configure-openvpn-server-on-linux but it seems a bit old..
17:30 <@vpnHelper> Title: Install and Configure OpenVPN Server on Linux | Linux.com (at www.linux.com)
17:30 < arianna_> it had me modify my "interfaces" file but when I restarted my network was completely gone :( I had to revert back interfaces to how it used to be..
17:31 < arianna_> I am a newbie, yes..
17:33 < arianna_> tell you what, I did create server + clients (2) certificates
17:34 < arianna_> what is totally unclear to me, is how I can have the 10.8.0.0/24 used for IP assigning..I am on a 192.168.1.x subnet and clients are on 192.168.0.x and 2.x
17:35 < arianna_> !welcome
17:35 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
17:35 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:35 < arianna_> !howto
17:35 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror or (#3) Getting started with OpenVPN: https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
17:37 < arianna_> !sample
17:37 <@vpnHelper> "sample" is (#1) http://www.ircpimps.org/openvpn.configs for a working sample config or (#2) DO NOT use these configs until you understand the commands in them, read up on each first column of the configs in the manpage (see !man) or (#3) these configs are for a basic multi-user vpn, which you can then build upon to add lans or internet redirecting
17:38 < arianna_> !route
17:38 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
17:38 <@vpnHelper> client
17:38 -!- svetlana [~noone@129.94.238.131] has left #openvpn []
17:39 < arianna_> !topology
17:39 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
17:39 < arianna_> www.ircpimps.org/openvpn.configs doesn't open in browser..
17:44 -!- arianna_ [~arianna@host36-17-dynamic.21-79-r.retail.telecomitalia.it] has quit [Ping timeout: 240 seconds]
18:32 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
18:40 -!- artaslove [~sillyhead@2001:470:1d:557:3d0f:4457:788e:838] has joined #openvpn
18:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
18:43 < artaslove> anyone using openwrt chaos calmer as an openvpn server? I have set it up and I can connect with a client and ping the openvpn server ip but I cannot access any clients on the remote lan. I can see the route to my client is pushed by the server however
18:44 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:44 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 246 seconds]
18:47 < subzero79> artaslove: i use openwrt,
18:47 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
18:50 < subzero79> have you authorized the forwarding in the firewall section?
18:50 < subzero79> VPN to LAN
18:52 -!- pzduniak is now known as zz_pzduniak
18:53 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 272 seconds]
18:53 < artaslove> I'm going to give forwarding and masquerading another try.
18:53 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
18:54 < artaslove> The last time I tried adding forwarding and masquerading rules, I stopped being able to ping the openvpn server address from a connected client
18:54 < artaslove> which led me to believe that chaos calmer was doing something differently. I'll have another look
18:56 < subzero79> I am using DD not CC, but i only have those two forwarding
18:58 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
19:02 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
19:04 < subzero79> masquerading rules sholdn't be necesary
19:07 < artaslove> I'm noticing some people also add a forwarding rule between vpn and wan, but I don't think I want that. I only need to access the remote lan
19:08 < artaslove> I've added forwarding rules between tun+ and br-lan ... still can't ping the remote lan
19:13 < subzero79> are you adding rules directly to iptables?
19:13 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:18 < artaslove> I've tried through the luci interface and editing /etc/config/firewall and reloading that
19:18 < artaslove> I just found a guide for chaos calmer, I'm going to try to follow it to the letter: https://www.loganmarchione.com/2015/08/openwrt-with-openvpn-server-on-tp-link-archer-c7/
19:18 <@vpnHelper> Title: OpenWrt with OpenVPN server on TP-Link Archer C7 - Logan Marchione (at www.loganmarchione.com)
19:20 < subzero79> You can configure openvpn with your custom file, if you want to avoid the uci
19:20 < subzero79> !openwrt
19:20 <@vpnHelper> "openwrt" is In OpenWRT, the easiest way to supply configs with the stock init is to use the `option config /path/to/your/openvpn.conf` in your UCI stanza. This allows you to maintain a standard config file that OpenWRT can launch for you.
19:23 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:23 -!- blackbeard [~Blackbear@177.102.180.246] has quit [Ping timeout: 255 seconds]
19:28 < artaslove> partial success, a tracert shows I can ping a machine on the remote network now, but I can't connect with samba yet
19:29 < artaslove> oh... derp. I bet I know why
19:30 < artaslove> hurrah!
19:30 < artaslove> all done
19:30 < artaslove> I forgot to add that IP to hosts allowed under samba :/
19:35 < artaslove> thanks
19:35 -!- artaslove [~sillyhead@2001:470:1d:557:3d0f:4457:788e:838] has left #openvpn ["bye!"]
19:36 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
19:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:39 < subzero79> 8)
19:47 -!- toli [~toli@ip-62-235-239-27.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
19:47 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
19:49 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
19:51 -!- toli [~toli@ip-62-235-239-27.dsl.scarlet.be] has joined #openvpn
20:15 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Remote host closed the connection]
20:18 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
20:20 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
20:20 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
20:22 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
20:23 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
20:25 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
20:27 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
20:29 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
20:29 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
20:30 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
20:31 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
20:32 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 244 seconds]
20:32 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
20:33 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
20:33 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
20:34 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
20:47 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Ping timeout: 264 seconds]
20:48 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
21:04 -!- arbos2 [~arbos@unaffiliated/arbos] has quit [Quit: Nettalk6 - www.ntalk.de]
21:11 -!- qg_ [~qg_@c-73-43-119-1.hsd1.ga.comcast.net] has joined #openvpn
21:34 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has joined #openvpn
21:35 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
21:36 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
21:36 -!- ChrissKO [~ChrissKO@p57B4983E.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
21:43 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
21:45 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
21:57 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
22:10 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 250 seconds]
22:19 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-doimmqhyfxewdunj] has joined #openvpn
22:22 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
22:46 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
22:55 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
23:00 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
23:06 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 244 seconds]
23:15 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
23:18 -!- qg_ [~qg_@c-73-43-119-1.hsd1.ga.comcast.net] has quit [Ping timeout: 240 seconds]
23:38 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
23:55 -!- ShadniX [dagger@p5481DF24.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:56 -!- ShadniX [dagger@p5DDFC16E.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Wed Nov 18 2015
00:04 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:21 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
00:23 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
00:31 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 255 seconds]
00:44 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
00:52 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
00:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:57 -!- mode/#openvpn [+o mattock1] by ChanServ
01:01 -!- amites_ [~amites@71-211-183-226.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
01:01 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
01:11 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
01:22 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
01:29 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
01:39 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
01:39 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
01:39 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
01:41 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 244 seconds]
01:51 -!- albercuba [~albercuba@p578070da.dip0.t-ipconnect.de] has joined #openvpn
01:53 < albercuba> Hello everyone. Does someone knows why if have OpenVPN (TAP) installed as a virtual machine, in a virtual switch with two NICs it does not work properly, but if i remove one of the NICs then everything works perfect?
02:06 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 272 seconds]
02:07 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 244 seconds]
02:10 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
02:16 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:19 -!- zylinx [uid43406@gateway/web/irccloud.com/x-ffrfdtezzvtetymt] has joined #openvpn
02:19 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
02:36 -!- Linuxnet [~netas@unaffiliated/netas3k] has quit [Ping timeout: 255 seconds]
02:37 -!- ariscop [~Phase4@ppp118-209-118-166.lns20.mel4.internode.on.net] has joined #openvpn
02:37 < ariscop> !ovpnuke
02:37 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
02:44 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
02:49 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
02:58 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
03:01 -!- ziggypup [~ziggypup@202-180-115-128.callplus.net.nz] has joined #openvpn
03:01 -!- ziggypup [~ziggypup@202-180-115-128.callplus.net.nz] has left #openvpn []
03:02 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has left #openvpn []
03:03 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
03:03 -!- mode/#openvpn [+o pekster] by ChanServ
03:08 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:28 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
03:40 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Ping timeout: 255 seconds]
03:41 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:42 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
03:46 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 244 seconds]
03:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:51 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:54 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
03:55 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
03:56 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 265 seconds]
03:58 -!- ziggypup [~ziggypup@202-180-115-128.callplus.net.nz] has joined #openvpn
03:58 -!- ziggypup [~ziggypup@202-180-115-128.callplus.net.nz] has left #openvpn []
03:59 < albercuba> Hello everyone. Does someone knows why if have OpenVPN (TAP) installed as a virtual machine, in a virtual switch with two NICs it does not work properly, but if i remove one of the NICs then everything works perfect?
04:01 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:13 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
04:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Read error: Connection reset by peer]
04:22 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has quit [Quit: WeeChat 1.4-dev]
04:25 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:25 -!- ariscop [~Phase4@ppp118-209-118-166.lns20.mel4.internode.on.net] has quit [Ping timeout: 265 seconds]
04:30 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
04:37 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:44 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
04:45 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:53 -!- repozitor [~repozitor@unaffiliated/deadperson] has joined #openvpn
04:53 < repozitor> there is an option in client configuration named "http-proxy"
04:53 < repozitor> my ISP blocked openvpn traffic
04:54 < repozitor> i want to use this option in my client, but i don't what part of openvpn shoulb be changed in server side
04:54 < repozitor> anyone can help me?
04:55 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 260 seconds]
04:57 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
04:58 < BtbN> An http proxy with connect support somewhere.
04:59 < repozitor> BtbN, just tell me more
04:59 < BtbN> There's nothing more.
04:59 -!- Linuxnet [~netas@unaffiliated/netas3k] has quit [Read error: Connection reset by peer]
04:59 < repozitor> so i can't understand that sentence
04:59 < repozitor> amybe a tutorial is good solution
05:00 < BtbN> You just need an HTTP proxy that supports CONNECT.
05:00 < BtbN> And that you are allowed to connect to, obviously.
05:01 < repozitor> BtbN, squid can handle that?
05:01 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
05:01 < BtbN> I'd guess so
05:01 < repozitor> but it's configuration is too hard to me
05:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 276 seconds]
05:06 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
05:12 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Read error: Connection reset by peer]
05:12 -!- sillysau1 [~sillysaus@82.221.111.210] has joined #openvpn
05:19 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:26 -!- repozitor [~repozitor@unaffiliated/deadperson] has quit [Read error: Connection reset by peer]
05:26 -!- repozitor [~repozitor@unaffiliated/deadperson] has joined #openvpn
05:27 -!- repozitor [~repozitor@unaffiliated/deadperson] has quit [Client Quit]
05:34 -!- sillysau1 is now known as sillysausage
05:46 -!- dazo is now known as dazo_afk
05:46 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:47 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
05:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:58 -!- mode/#openvpn [+o mattock1] by ChanServ
06:14 -!- dazo_afk is now known as dazo
06:26 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:26 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
06:26 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
06:31 < albercuba> Hello everyone. Does someone knows why if have OpenVPN (TAP) installed as a virtual machine, in a virtual switch with two NICs it does not work properly, but if i remove one of the NICs then everything works perfect?
06:45 <@plaisthos> probably because of virtualization
06:46 <@plaisthos> is one of the nics on the virtual switch the "pysical" nic fo the vm?
06:47 -!- repozitor [~repozitor@unaffiliated/deadperson] has joined #openvpn
06:50 < albercuba> plaisthos, they are both the physical NIC. one active, one in stand by
06:50 -!- repozitor [~repozitor@unaffiliated/deadperson] has left #openvpn []
06:50 -!- shiriru [~shiriru@46.10.123.114] has joined #openvpn
06:50 < albercuba> as soon as i remove one NIC, everything works
06:51 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
06:58 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
07:00 <@plaisthos> the virtualization might disallow you to use other macs than the assigned amac
07:08 < albercuba> plaisthos, it does not matter which NIC I remove, the problem is that with two NICs it does not work
07:08 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:21 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
07:23 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:32 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 250 seconds]
07:34 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
07:40 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 265 seconds]
07:44 -!- master_o1_master [~master_of@p4FF24E79.dip0.t-ipconnect.de] has joined #openvpn
07:44 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has joined #openvpn
07:45 -!- mode/#openvpn [+v hyper_ch] by ChanServ
07:45 <+hyper_ch> hmmmm, I'm facing issues with systemd.... I have a vpn client added to systemd. However if the server is not up and the client can't connect, it will stop trying to do so after 60s. How can I make it re-try infinitely?
07:47 <+hyper_ch> https://paste.simplylinux.ch/view/bf015e2a
07:48 -!- master_of_master [~master_of@p4FD7B146.dip0.t-ipconnect.de] has quit [Ping timeout: 276 seconds]
07:49  * hyper_ch pokes dazo
07:49  * dazo hides
07:50 <@dazo> :)
07:50 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
07:50 <@dazo> sounds like openvpn stops running, systemd won't necessarily restart openvpn if openvpn stops by itself
07:50 < reiffert> hey guys
07:51 <+hyper_ch> dazo: hmmmm, I have resolv-retry infinite
07:51 <+hyper_ch> on debian wheezy and earlier it would keep running
07:51 <+hyper_ch> on jessie with systemd I have now issues
07:52 <@dazo> hyper_ch: try starting openvpn manually and see what happens ... I have noticed something similar on one of my (non-systemd) boxes as well, however haven't had time to dig into it
07:53 <@dazo> hmmm
07:53 <@dazo> SIGUSR1[soft,tls-error] received, process restarting .... so it should try to restart :/
07:53 <+hyper_ch> dazo: https://paste.simplylinux.ch/view/e76b65af
07:54 <+hyper_ch> after powering up the server and issuing on the client systemctl restart openvpn@client.service it connected just fine
07:54 <@dazo> can you provide the unit file your distro is using?
07:55 <+hyper_ch> dazo: if you tell me how :)
07:56 <@dazo> 'systemctl status' should be able to tell you which unit file it uses
07:57 <@dazo> That's the 'Loaded: loaded (/full/path/to/unit/file)' line
07:58 <+hyper_ch> dazo: https://paste.simplylinux.ch/view/b6337221
07:58 <@dazo> okay ... that looks very different from what we ship ....
07:59 <@dazo> anyhow, systemd should not be the culprit here
07:59 <+hyper_ch> dazo: that's jessie
07:59 <@dazo> (there are no restrictions in what it allows OpenVPN to do)
08:00 <+hyper_ch> dazo: also weird:  systemctl status says it's still up... but the tun itnerface is gone
08:00 <@dazo> that is also very odd
08:00 < albercuba> Hello everyone. Does someone knows why if have OpenVPN (TAP) installed as a virtual machine, in a virtual switch with two NICs it does not work properly, but if i remove one of the NICs then everything works perfect?
08:01 <+hyper_ch> dazo: hmmm, I fear the problem lies with proxmox
08:02 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
08:02 <@dazo> hyper_ch: Can you try to install this unit file?  http://sourceforge.net/p/openvpn/openvpn/ci/master/tree/distro/systemd/openvpn-client%40.service
08:02 <@vpnHelper> Title: OpenVPN / openvpn / [7546cb] /distro/systemd/openvpn-client@.service (at sourceforge.net)
08:03 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:03 <@dazo> then you place config files under /etc/openvpn/client ... do a 'systemctl daemon-reload' ... then you can do 'systemctl start openvpn-client@CONFIG-NAME'
08:04 <@dazo> you can put this unit file under /etc/systemd/system
08:04 <+hyper_ch> dazo: how to install that unit file?
08:04 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
08:05 <@dazo> just save the ini file under /etc/systemd/system ... that's all
08:05 <@dazo> then you need 'systemctl daemon-reload' to make systemd aware of config changes
08:12 <+hyper_ch> dazo: hmmm, looks like there's some other issue going on
08:31 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
08:40 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
08:52 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
08:59 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 255 seconds]
08:59 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
09:01 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
09:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
09:13 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
09:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:17 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
09:29 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
09:53 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 244 seconds]
10:04 -!- MrPocketz is now known as MrPockets
10:25 -!- toli [~toli@ip-62-235-239-27.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
10:26 -!- toli [~toli@ip-83-134-71-90.dsl.scarlet.be] has joined #openvpn
10:31 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
10:47 -!- shiriru [~shiriru@46.10.123.114] has quit [Quit: Leaving]
10:48 -!- hyper_ch [~hyper_ch@openvpn/user/hyper-ch] has left #openvpn ["Konversation terminated!"]
11:06 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:26 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
11:41 -!- arianna_ [~arianna@host36-17-dynamic.21-79-r.retail.telecomitalia.it] has joined #openvpn
11:42 < arianna_> !welcome
11:42 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:42 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:42 < arianna_> Hello, I would like to set up a VPN Server on my laptop, using OpenVPN, so that 2 client machines can connect to this from away
11:43 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:44 < arianna_> !howto
11:44 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror or (#3) Getting started with OpenVPN: https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
11:50 -!- boneskull [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has joined #openvpn
11:51 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
12:12 < arianna_> can anyone help me with the setup?
12:20 -!- gffa [~unknown@unaffiliated/gffa] has quit [Read error: Connection reset by peer]
12:21 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:26 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
12:54 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:58 -!- Gizmokid2010 [~Gizmokid2@ns517807.ip-192-99-6.net] has joined #openvpn
13:01 -!- Gizmokid2005 [~Gizmokid2@dedi1.gizmokid2005.com] has quit [Quit: Uh-oh!! The Gizmo is gone!!!! Good Riddance.]
13:01 -!- Gizmokid2010 is now known as Gizmokid2005
13:17 -!- arianna_ [~arianna@host36-17-dynamic.21-79-r.retail.telecomitalia.it] has quit [Ping timeout: 250 seconds]
13:33 < Eugene> Not if you leave before anybody can respond
13:33 -!- mode/#openvpn [+o Eugene] by ChanServ
13:34 -!- Eugene changed the topic of #openvpn to: OpenVPN Community Support Channel || PLEASE read entire topic || Current Release: 2.3.8 (4 Aug 2015) || First time? Use !welcome and !goal || Access-Server? /join #openvpn-as || We're not psychic - please !paste your !configs and !logs and a description of the issue  || Your problem is probably firewall, Really || Vulninfo: !heartbleed !poodle !ovpnuke || Patience is a virtue: we can't h
13:34 <@Eugene> Figures
13:34 -!- Eugene changed the topic of #openvpn to: OpenVPN Community Support Channel || PLEASE read entire topic || Current Release: 2.3.8 (4 Aug 2015) || First time? Use !welcome and !goal || Access-Server? /join #openvpn-as || We're not psychic - please !paste your !configs and !logs and a description of the issue  || Your problem is probably firewall, Really || Vulninfo: !heartbleed !poodle !ovpnuke || Patience is a virtue
14:11 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:11 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
14:14 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
14:15 -!- subscope [~subscope@BC24348C.unconfigured.pool.telekom.hu] has joined #openvpn
14:22 -!- subscope [~subscope@BC24348C.unconfigured.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:31 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 260 seconds]
14:34 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:34 -!- appleguru [~appleguru@74.10.72.66] has joined #openvpn
14:36 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Max SendQ exceeded]
14:36 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
14:39 -!- appleguru [~appleguru@74.10.72.66] has quit [Remote host closed the connection]
14:44 -!- appleguru [~appleguru@74.10.72.66] has joined #openvpn
14:46 < appleguru> Where can I download the latest official openvpn client?
14:49 -!- dazo is now known as dazo_afk
14:49 < appleguru> (for OS X)
14:50 < appleguru> only thing I can find online is tunnelblick
14:50 < appleguru> I can get an older version from my server
14:50 < appleguru> but where can I get the latest from?
14:50 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Remote host closed the connection]
14:50 <@Eugene> !osx
14:50 <@vpnHelper> "osx" is (#1) Tunnelblick includes everything you need to run OpenVPN on OS X. https://code.google.com/p/tunnelblick/ or (#2) Viscosity is another OpenVPN client for OS X, but it is commercial. http://www.thesparklabs.com/viscosity/
14:50 <@Eugene> !download
14:50 <@vpnHelper> "download" is (#1) http://openvpn.net/index.php/download/community-downloads.html to download openvpn or (#2) in the community version of openvpn (only thing supported here) there is no separate download for client/server, it is the same install with different configs
14:51 <@Eugene> There is not an official client for OS X. Tunnelblick/Viscosity are both good & recommended.
14:51 < appleguru> Then what is the official looking client that my server gives me?
14:51 < appleguru> openvpn-connect-2.0.9.201.dmg
14:51 < appleguru> where does that come from?
14:51 <@Eugene> !connect
14:51 <@vpnHelper> "connect" is (#1) OpenVPN Connect is part of the commercial, non-free (non-GPL) corporate offering; see #openvpn-as for help with these. For the community-maintained GPL OpenVPN, see !download for download links, !android for GPL-openvpn on Android, or !howto for the beginner how-to guide or (#2) https://forums.openvpn.net/post34969.html#p34969 or (#3) the source is here:
14:51 <@vpnHelper> http://staging.openvpn.net/openvpn3/ except for the portion that may not be released because of NDA with apple (for its vpn API)
14:52 <@Eugene> If your server gave you that, then the above applies as well
14:52 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
14:53 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
14:56 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:58 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Quit: time to go now]
14:59 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
15:04 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
15:14 < appleguru> can connect be used with the community edition?
15:27 -!- jzaw [~jzaw@loki.dzki.co.uk] has quit [Read error: Connection timed out]
15:36 -!- appleguru [~appleguru@74.10.72.66] has quit [Quit: appleguru]
15:38 -!- _Cyclone_ is now known as _Cyclone_[away]
15:39 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:41 -!- boneskull is now known as boneskull[away]
15:46 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Ping timeout: 240 seconds]
15:55 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.92 [Firefox 41.0.2/20151014143721]]
16:02 -!- arianna_ [~arianna@host36-17-dynamic.21-79-r.retail.telecomitalia.it] has joined #openvpn
16:30 -!- arianna_ [~arianna@host36-17-dynamic.21-79-r.retail.telecomitalia.it] has quit [Ping timeout: 246 seconds]
16:48 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
17:02 -!- albercuba [~albercuba@p578070da.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
17:04 -!- _Cyclone_[away] is now known as _Cyclone_
17:23 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
17:27 -!- boneskull[away] is now known as boneskull
17:27 -!- boneskull is now known as boneskull[away]
17:29 -!- boneskull[away] is now known as boneskull
17:30 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
17:42 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
18:09 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:15 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
18:15 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
18:24 -!- RiskReward_ [~risk.rewa@remote.design-industry.com.au] has joined #openvpn
18:26 < RiskReward_> Hi, I have a new user using a Mac with OSX El Capitan installed. He gets a JSONDialog error when he tries to log in. Is this a known problem? I've heard something about Apple's new "System Integrity Protection".
18:29 -!- _Cyclone_ is now known as _Cyclone_[away]
18:33 < goopen> If I make a bridged connection to my nic on a server, would that somehow disrupt other services using that interface?
18:36 < goopen> It does apparently, once you assign a nic to a bridge it will loose its current ip address
18:48 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
19:54 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 265 seconds]
20:02 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
20:08 -!- boneskull is now known as boneskull[away]
20:12 -!- dmilith is now known as dmilith2
20:26 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
20:29 -!- Champi [Champi@damn.e-leet.be] has quit [Ping timeout: 250 seconds]
20:29 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 250 seconds]
20:29 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 250 seconds]
20:29 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 250 seconds]
20:29 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 250 seconds]
20:29 -!- reiffert [~thomas@mail.reifferscheid.org] has quit [Ping timeout: 250 seconds]
20:29 -!- goopen [~niclas@host-85-30-182-195.sydskane.nu] has quit [Ping timeout: 250 seconds]
20:29 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 250 seconds]
20:29 -!- boneskull[away] [~boneskull@c-50-137-151-209.hsd1.or.comcast.net] has quit [Ping timeout: 250 seconds]
20:29 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 250 seconds]
20:29 -!- Champi_ [Champi@damn.e-leet.be] has joined #openvpn
20:29 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
20:29 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has joined #openvpn
20:29 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
20:30 -!- Champi_ is now known as Champi
20:30 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
20:30 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
20:30 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
20:31 -!- zylinx [uid43406@gateway/web/irccloud.com/x-ffrfdtezzvtetymt] has quit [Quit: Connection closed for inactivity]
20:37 -!- _Cyclone_[away] is now known as _Cyclone_
20:48 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: Textual IRC Client: www.textualapp.com]
20:50 <@Eugene> That sounds like a DHCP behaviour
20:50 <@Eugene> But, you've buggered off before having your question answered.
21:04 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
21:14 -!- KNERD [~KNERD@netservisity.com] has quit [Ping timeout: 255 seconds]
21:17 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
21:17 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
22:58 -!- RiskReward_ [~risk.rewa@remote.design-industry.com.au] has quit [Quit: Leaving]
23:05 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
23:11 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
23:32 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
23:36 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
23:52 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
23:55 -!- ShadniX [dagger@p5DDFC16E.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:56 -!- ShadniX [dagger@p57941F30.dip0.t-ipconnect.de] has joined #openvpn
23:57 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
--- Day changed Thu Nov 19 2015
00:01 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
00:26 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:26 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
00:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Client Quit]
00:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:33 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
00:39 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has quit [Remote host closed the connection]
00:53 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:00 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
01:00 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
01:25 -!- mystica555_ is now known as mystica555
01:34 -!- albercuba [~albercuba@p578070da.dip0.t-ipconnect.de] has joined #openvpn
01:34 < albercuba> Hello everyone. Does someone knows why if have OpenVPN (TAP) installed as a virtual machine, in a virtual switch with two NICs it does not work properly, but if i remove one of the NICs then everything works perfect?
01:41 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
02:00 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Ping timeout: 240 seconds]
02:14 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
02:14 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Client Quit]
02:26 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:37 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
02:39 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 240 seconds]
02:40 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
02:45 -!- dazo_afk is now known as dazo
02:57 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 255 seconds]
03:00 -!- doop [~doop@colostomy.club] has joined #openvpn
03:32 -!- beeloo [~beeloo@mimas.xoclock.com] has joined #openvpn
03:32 < beeloo> hi there
03:33 < beeloo> i have a question regarding my server.conf
03:33 < beeloo> i'd like to chroot in a custom directory
03:34 < beeloo> so i changed the following line: "chroot /etc/openvpn/in/jail"
03:35 < beeloo> but i get the following error:
03:35 < beeloo> chroot to '/etc/openvpn/jail' failed: No such file or directory (errno=2)
03:35 < beeloo> i don't understand...
03:35 < beeloo> any suggestion ?
03:36 < beeloo> i'm running OpenVPN 2.2.1 x86_64-linux-gnu on a debian wheezy
03:38 < albercuba> just read what you just wrote
03:38 < albercuba> "chroot /etc/openvpn/in/jail" ----> chroot to '/etc/openvpn/jail'
03:38 < albercuba> see the difference?
03:39 < albercuba> beeloo,
03:39 < beeloo> yes i see that ^^
03:40 < beeloo> but openvpn doesn't seem to take care about my config line
03:44 < albercuba> so even if you fix the line to an existing directory it doesnt work?
03:45 < beeloo> exactly
03:45 < albercuba> and you get the same error
03:45 < beeloo> yes
03:46 < albercuba> did you check if somewhere in your conf there is a line doing the chroot to /etc/openvpn/jail?
03:46 < beeloo> yes, none
03:48 < albercuba> beeloo,  in which folder do you have openvpn installed?
03:48 < beeloo>  /usr/sbin/openvpn
03:48 < beeloo> ?
03:48 < albercuba> the server.conf is in that folder?
03:48 < beeloo> nop, in/etc/openvpn
03:48 < albercuba> a ok
03:49 < albercuba> beeloo, try this grep --include=\* -rnw '/etc/openvpn' -e "/etc/openvpn/jail"
03:49 < beeloo> # grep --include=\* -rnw '/etc/openvpn' -e "/etc/openvpn/jail"
03:49 < beeloo> /etc/openvpn/in.conf:45:chroot /etc/openvpn/jail
03:49 < beeloo> hinhin
03:49 < albercuba> so int /etc/openvpn/in.conf in line 45
03:50 < albercuba> edit that line
03:51 < beeloo> my scp did not work !
03:51 < albercuba> what do you mean? did you copy that file from another server?
03:52 < beeloo> yes, from my mac via an sftp client
03:52 < beeloo> sorry for bothering you, it's working properly
03:52 < beeloo> thank you
03:52 < albercuba> no problem. Glad to help
03:52 < beeloo> ;)
03:52 < albercuba> :P
03:58 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:05 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
04:08 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
04:12 < beeloo> bye everyone
04:12 -!- beeloo [~beeloo@mimas.xoclock.com] has left #openvpn []
04:13 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:13 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
04:13 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
04:28 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Ping timeout: 260 seconds]
04:28 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
04:30 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
04:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
04:30 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
04:42 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 252 seconds]
04:45 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:51 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
04:58 -!- shiriru [~shiriru@46.10.123.114] has joined #openvpn
05:06 -!- s7r_ [~s7r@openvpn/user/s7r] has joined #openvpn
05:06 -!- mode/#openvpn [+v s7r_] by ChanServ
05:06 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
05:06 -!- Denial- [~Denial@5.80.233.113] has joined #openvpn
05:06 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Write error: Broken pipe]
05:06 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Write error: Broken pipe]
05:06 -!- Denial [~Denial@5.80.233.113] has quit [Write error: Broken pipe]
05:06 -!- krthnz [~krthnz@unaffiliated/krthnz] has quit [Write error: Broken pipe]
05:06 -!- fred`` [fred@2001:6f8:10c0:0:2010:abec:24d:2500] has quit [Quit: +++ATH0]
05:06 -!- s7r [~s7r@openvpn/user/s7r] has quit [Quit: sigterm]
05:07 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
05:07 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
05:09 -!- fred`` [fred@2001:6f8:10c0:0:2010:abec:24d:2500] has joined #openvpn
05:10 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Ping timeout: 240 seconds]
05:33 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
05:43 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
05:44 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
05:45 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:45 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
05:45 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Client Quit]
05:56 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:01 -!- shio [shio@10.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
06:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:23 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:37 -!- wiz [~sid1@irc-gw.wiz.network] has quit [Ping timeout: 260 seconds]
06:47 -!- _Cyclone_ is now known as _Cyclone_[away]
07:01 -!- zylinx [uid43406@gateway/web/irccloud.com/x-ubxkjdbsabpachzn] has joined #openvpn
07:03 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
07:11 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
07:33 -!- wiz [~sid1@irc-gw.wiz.network] has joined #openvpn
07:44 -!- _Cyclone_[away] is now known as _Cyclone_
07:44 -!- master_of_master [~master_of@p4FF24682.dip0.t-ipconnect.de] has joined #openvpn
07:47 -!- raphinou [~raphinou@5.149.142.22] has joined #openvpn
07:47 -!- master_o1_master [~master_of@p4FF24E79.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
07:47 -!- Amnez777 [~Amnez777@unaffiliated/amnez777] has joined #openvpn
07:49 < raphinou> can I run a dns server to resolve names of hosts in the vpn range, but still have clients contact other DNS servers for other names? Eg the vpn dns server telling client to contact 8.8.8.8 if it can't resolve the name itself
08:13 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:28 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 255 seconds]
08:34 -!- samael [~earendil@multivac.valis-e.com] has joined #openvpn
08:36 < samael> hello. are there known problems with openvpn connect (latest version of the client on android 5.1)? i seem to connect normally to the server, but then no traffic is allowed. found this on several android clients.
08:37 -!- shio [~shio@55.188.103.84.rev.sfr.net] has joined #openvpn
08:51 -!- _xela_ [97ede884@gateway/web/freenode/ip.151.237.232.132] has joined #openvpn
08:51 < _xela_> hi
08:54 < _xela_> I got a working vpn (!) and a flow is my client (A): local ip (192.168.0.0/24 network)  + vpn ip 172.16.10.30 on tun0. Server has 172.16.10.1 on its tun0. There is another client (B) that gets 172.16.10.4 on tun0 and that is able to connect to 10.1.1.20
08:55 -!- dmilith2 is now known as dmilith
08:55 -!- shiriru [~shiriru@46.10.123.114] has quit [Ping timeout: 240 seconds]
08:55 < _xela_> I did setup all the routing/forwarding/natting rules so when i start the connection B -> server, from A i can ping and ssh to 10.1.1.20 with no problems
08:55 < _xela_> after a while, that goes away
08:56 < _xela_> i still can go from A to B thru the server
08:56 < _xela_> but the routing from B disappear, even if the network routes are still there.
08:57 < _xela_> if i restart the connection B-> server, everything goes back to normal.
08:57 < _xela_> (i.e. A to 10.1.1.20)
08:57 < _xela_> any idea as i went already thru debug and verbose mode
09:00 -!- extri [~extri@162.217.250.127] has joined #openvpn
09:00 < extri> hi
09:01 < extri> is the diffie hellman parameter that I give to the client actually being used, or is that completely under the control of the server and not a client option, and is silently ignored?
09:08 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
09:12 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
09:23 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:24 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Remote host closed the connection]
09:26 < _xela_> hope it is enough clear
09:28 -!- mystica555 [~mystica55@174-16-116-208.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
09:33 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
09:37 -!- mystica555 [~mystica55@174-16-116-208.hlrn.qwest.net] has joined #openvpn
09:45 -!- extri [~extri@162.217.250.127] has quit [Quit: leaving]
09:49 -!- jem^ [~jason@beastie.b0rken.org] has joined #openvpn
09:49 -!- lkjahsdkfj is now known as uiyice
09:55 -!- raphinou [~raphinou@5.149.142.22] has quit [Quit: Leaving]
10:05 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
10:06 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
10:07 < jem^> Hello channel.  My OpenVPN server doesn't seem to be using the maximum MTU available between two hosts.  When tcpdumping the physical interface, OpenVPN's UDP packets are never larger than 1473 bytes, yet I know there's a 1500 byte capable path between the server and client
10:07 < jem^> I've not specified any MTU settings in my server or client config
10:12 < Dr-007> can i put all openvpn servers and client configs in /etc/openvpn ?
10:12 < Dr-007> so they all 'run'
10:16 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
10:17 < jem^> Have a look at the init script to see how it handles multiple confs
10:17 -!- extri [~extri@162.217.250.127] has joined #openvpn
10:18 < jem^> might vary from distro to distro
10:29 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:30 -!- subscope [~subscope@BC24348C.unconfigured.pool.telekom.hu] has joined #openvpn
10:31 -!- subscope [~subscope@BC24348C.unconfigured.pool.telekom.hu] has quit [Client Quit]
10:33 <@dazo> jem^: 1473 sounds like the correct result, as 1500 includes ethernet headers, iirc  (ethernet is osi layer 2, udp is part of the tcp/ip layer which is osi layer 3)
10:34 <@dazo> Dr-007: which distro?
10:34 -!- spaceghost|work [~pipework@unaffiliated/spaceghostc2c] has quit [Quit: pipeworkin' it]
10:34 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
10:35 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has quit [Client Quit]
10:36 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
10:40 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
10:46 < jem^> dazo: I was takign headers into account.  Packet sizes were ether:1487 / ipv4:1473 / udp:1453 / data:1445
10:47 <@dazo> !logs
10:47 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
10:47 < jem^> a straight http transfer between the same two hosts gave ether:1514 / ipv4:1500 / tcp:1480
10:48 <@dazo> fair enough, might be an offset miscalculation ... or it may be related to some openvpn config options
10:48 <@dazo> f.ex do you use --tls-auth?
10:48 < jem^> no
10:48 < jem^> I'll increase verb and see if the logs give any further info
10:48 <@dazo> hmm ... then we need to see --verb 4 logs of client and server
10:48 -!- Free99 [~Free99@146.111.200.254] has joined #openvpn
10:50 <@dazo> (IIRC, there are also some other bytes spent outside the encrypted VPN data which may influence it, but the ipv4 packets on the wire should normally be what --link-mtu says it should be)
10:51 < jem^> I'll try enabling --mtu-test as well
10:51 -!- _Cyclone_ is now known as _Cyclone_[away]
10:52 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:58 < Dr-007> dazo; Linux version 3.2.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.60-1+deb7u3
10:59 < Dr-007> dazo, in the openvpn configs there is either "server" or "client" present
10:59 < Dr-007> which makes me assume it is possible
11:01 -!- s7r_ is now known as s7r
11:01 < jem^> interesting.  The tunnel MTU is actually 1557, due to compression I expect.  This must mean that normal 1500 byte ethernet traffic doesn't get fragmented when it traverses the VPN
11:01 < jem^> that's kinda cool
11:02 < Thermi> Boolshit
11:03 < Thermi> Traffic will get fragmented and you can not rely on compression, because the input is mostly unpredictable
11:05 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:05 -!- _xela_ [97ede884@gateway/web/freenode/ip.151.237.232.132] has quit [Ping timeout: 246 seconds]
11:06 < jem^> hmm, thinking about it, that makes sense
11:06 < jem^> an ssh connection through the tunnel, for example, would be almost totally uncompressible
11:12 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Quit: bye]
11:13 < Thermi> So go forth and fix your tunnel mtu
11:14 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
11:14 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
11:15 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
11:16 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
11:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:27 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
11:54 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
12:06 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:06 -!- mode/#openvpn [+o mattock1] by ChanServ
12:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:35 -!- Free99 [~Free99@146.111.200.254] has quit [Ping timeout: 265 seconds]
12:40 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
12:59 -!- RabbitFood [~rabbit@c-c86b70d5.39-2-64736c10.cust.bredbandsbolaget.se] has joined #openvpn
12:59 < RabbitFood> Hello people, many people use the openvpn client on linux here?
13:00 < RabbitFood> Cause I need some help.
13:00 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:01 -!- RabbitFood [~rabbit@c-c86b70d5.39-2-64736c10.cust.bredbandsbolaget.se] has quit [Client Quit]
13:05 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
13:06 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
13:13 <@dazo> !logs
13:13 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
13:13 <@dazo> !configs
13:13 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
13:13 <@dazo> duh
13:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
13:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:40 -!- ade_ [~Ade@redhat/adeb] has joined #openvpn
13:40 -!- ade_b [~Ade@redhat/adeb] has quit [Read error: Connection reset by peer]
13:45 -!- extri [~extri@162.217.250.127] has quit [Ping timeout: 244 seconds]
13:52 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:03 -!- somis [~somis@70.38.6.188] has joined #openvpn
14:11 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 264 seconds]
14:12 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
14:13 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
14:14 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
14:14 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
14:15 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
14:17 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
14:18 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
14:23 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
14:24 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
14:25 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
14:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
14:52 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
14:53 -!- michele [eraser@unaffiliated/michele] has joined #openvpn
14:58 < michele> Hi there! After upgrading openvpn to 2.3.7 (from 2.3.2), my openvpn returns a strange error: [ PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-plugin-auth-pam.so ] - yes, username and password are correct. Conf: http://pastie.org/private/otvzio7iomxbtrbyolvuw Log: http://pastie.org/pastes/10568356/reply?key=gxphj2bknase3zsbrgwlg - Any clues?
15:07 -!- gswallow [~Adium@207-250-246-98.static.twtelecom.net] has joined #openvpn
15:09 < gswallow> Howdy y'all.  May I ask a question?  I was struggling to get decent throughput on an openvpn link I stood up between AWS regions, so I've been tweaking.  I diagrammed the frame down from ethernet to the encapsulated packet, and found out that — with TCP — my MSS should be 1350.
15:09 < gswallow> But then I read this:
15:09 -!- _Cyclone_[away] is now known as _Cyclone_
15:09 < gswallow> The (mss-fix) max parameter is interpreted in the same way as the --link-mtu parameter, i.e. the UDP packet size after encapsulation overhead has been added in, but not including the UDP header itself.
15:10 < gswallow> I had thrown in mss-fix 1350, but according to that doc, I should have set it to mss-fix 1448?  Because I'm setting it to the largest size possible inside IP and TCP headers?
15:11 < gswallow> I'm using mostly defaults.  blowfish-cbc, comp-lzo, pre-shared keys (not TLS).  I have to use TCP protocol.  UDP falls on its face.
15:17 -!- gswallow [~Adium@207-250-246-98.static.twtelecom.net] has left #openvpn []
15:22 < Gaffel> Why not use TLS?
15:22 -!- gswallow [~Adium@207-250-246-98.static.twtelecom.net] has joined #openvpn
15:22 -!- beeloo [~beeloo@mimas.xoclock.com] has joined #openvpn
15:22 < beeloo> hi everyone, again
15:23 < Gaffel> Hello
15:23 < beeloo> i'm trying to use learn-address /etc/openvpn/clients/learn-address.sh
15:23 < beeloo> but I get WARNING: Failed running command (--learn-address): could not execute external program
15:23 < beeloo> i'm using script-security 2
15:23 < beeloo> or 3... same issue
15:23 < Gaffel> Okay
15:24 < beeloo> any advise ? :)
15:24 < Gaffel> I have no idea what that is nor what external program is being called.
15:24 < beeloo> hum
15:25 < beeloo> maybe someone else ?
15:25 < Gaffel> Hopefully :)
15:25 < beeloo> hehe
15:29 < Gaffel> What is script-security?
15:29 < Gaffel> What programs is learn-address.sh calling?
15:29 -!- hrdflt [~hft@204.187.100.19] has joined #openvpn
15:30 < beeloo> script-security 3
15:30 < beeloo> http://pastebin.com/7YHLudU4
15:31 < hrdflt> Hi everyone. I am trying to setup an ethernet bridge on a server I am renting and I've been provided with 2 internet IP's. The first IP is allocated for the server itself and the second I intend on using for the remote vpn client using the bridge. The problem is that the secondary IP is not within the same subnet as the first, and therefore server-bridge directive doesn't allow me to use it.
15:31 < hrdflt> Does anyone know of a workaround for this?
15:32 < beeloo> hi hrdflt, sorry no idea imho
15:35 < beeloo> Gaffel, are you reading my script ?
15:35 < Gaffel> I just skimmed through it.
15:35 < beeloo> not so complicated script :/
15:36 < Gaffel> What does script-security do?
15:36 < beeloo> what do you mean ?
15:36 < Gaffel> The warning you get is vague. Can't you get better info?
15:36 < beeloo> verb 3 ?
15:36 < Gaffel> I guess
15:37 < Gaffel> verb 9?
15:37 < beeloo> i try...
15:37 < beeloo> not much more
15:38 < Gaffel> :/
15:38 < beeloo> Thu Nov 19 21:32:00 2015 us=315520 McDo11-Salvaza/88.123.177.60:56074 WARNING: Failed running command (--learn-address): could not execute external program
15:38 < beeloo> Thu Nov 19 21:32:00 2015 us=315609 McDo11-Salvaza/88.123.177.60:56074 MULTI: Learn FAILED: 10.8.1.100 -> McDo11-Salvaza/88.123.177.60:56074
15:39 < Gaffel> Turn off script-security?
15:40 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:40 < beeloo> same
15:40 < beeloo> WARNING: External program may not be called unless '--script-security 2' or higher is enabled.  Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.  See --help text or man page for detailed info.
15:42 < Gaffel> Is the script in the correct directory and is it allowed to be executed by the user that the openvpn process is running as?
15:42 < beeloo> -rw-r--r-- 1 root root 1983 Nov 19 22:27 learn-address.sh
15:42 < beeloo> trying chmod +x
15:42 < Gaffel> :)
15:43 < beeloo> failed
15:43 < beeloo> what about
15:43 < beeloo> user nobody
15:43 < beeloo> group nogroup
15:43 < beeloo> ?
15:43 < beeloo> and chroot ?
15:44 < Gaffel> Do you chroot?
15:44 < beeloo> yeap
15:44 < Gaffel> Try without
15:46 < beeloo> i cant auth anymore
15:46 < Gaffel> :/
15:48 < beeloo> hum
15:49 < beeloo> because of ccd
15:49 < Dr-007> you can not use relative paths inside a configuration file? im trying to load my crt / key with: cert ./keys/client.crt
15:50 < Dr-007> where the config if in ./
15:50 < Dr-007> *is in ./
15:50 < beeloo> remove ./
15:50 < Dr-007> i did that
15:50 < Dr-007> didn't work either
15:50 < Dr-007> absolute paths work
15:50 < Dr-007> but i dont know what the path is
15:51 < beeloo> WARNING: Failed running command (--learn-address): could not execute external program
15:51 < beeloo> strange
15:52 < Gaffel> cert keys/client.crt
15:52 < Dr-007> ah, the file is actually missing in my case :P
15:53 < Dr-007> beelo, you've got the script execution secrity on 2?
15:53 < Gaffel> :P
15:53 < beeloo> yes
15:53 < Gaffel> beeloo, I think that the script that you're trying to run can't be found.
15:54 < Gaffel> Maybe put it somewhere else if you chroot.
15:54 < beeloo> in the chroot ?
15:54 < Gaffel> It has to be somewhere in the new root
15:54 < Gaffel> It can't be outside that new root.
15:55 < beeloo> same issue
15:56 < beeloo> actually, i'm doing this because i'd like to have a dns entry for each client
15:57 < beeloo> maybe therer is a better solution ?
15:57 < Gaffel> I guess
15:57 < Gaffel> TAP?
15:57 < beeloo> dunno
15:57 < beeloo> tun here
15:57 < Gaffel> Okay
15:58 < Gaffel> If you want dynamic DNS and use the DHCP server running somewhere else then you need TAP, I think.
15:58 < Gaffel> I've never used TAP in OpenVPN.
16:00 < beeloo> hum no idea
16:01 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:06 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:10 < beeloo> https://openvpn.net/archive/openvpn-devel/2007-04/msg00006.html
16:10 <@vpnHelper> Title: Re: [Openvpn-devel] learn address problems with chroot, or userid (at openvpn.net)
16:11 < beeloo> thanks vpnHelper
16:14 < beeloo> that's an evidence
16:18 < beeloo> do you know how to add sh to the jail ?
16:27 < mete> tap is layer2, it should work with dhcp
16:27 < mete> do your openvpn clients and server are physical or virtual?
16:36 < beeloo> physica
16:36 < beeloo> l
16:37 < beeloo> can i have Bonjour, Rendezvous, or Zeroconf working with OpenVPN ??
16:38 < beeloo> i mean if tap is layer2, perhaps ?
16:39 < beeloo> if yes, i will not need that learn-address script
16:51 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
16:53 -!- gswallow [~Adium@207-250-246-98.static.twtelecom.net] has quit [Quit: Leaving.]
16:55 -!- ade_ [~Ade@redhat/adeb] has quit [Ping timeout: 276 seconds]
17:01 -!- albercuba [~albercuba@p578070da.dip0.t-ipconnect.de] has quit [Read error: Connection reset by peer]
17:01 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
--- Log closed Thu Nov 19 17:16:03 2015
--- Log opened Fri Nov 20 08:06:18 2015
08:06 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
08:06 -!- Irssi: #openvpn: Total of 220 nicks [8 ops, 0 halfops, 4 voices, 208 normal]
08:06 !verne.freenode.net [freenode-info] channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp
08:06 -!- mode/#openvpn [+o ecrist] by ChanServ
08:06 -!- Irssi: Join to #openvpn was synced in 1 secs
08:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
08:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:15 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
08:15 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
08:15 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
08:16 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
08:26 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
08:26 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:31 -!- gswallow [~Adium@207-250-246-98.static.twtelecom.net] has joined #openvpn
08:45 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
09:04 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
09:06 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:18 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
09:19 -!- gswallow [~Adium@207-250-246-98.static.twtelecom.net] has left #openvpn []
09:21 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
09:21 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Ping timeout: 272 seconds]
09:24 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
09:26 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Ping timeout: 240 seconds]
09:33 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 246 seconds]
09:37 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Ping timeout: 240 seconds]
09:52 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
10:03 -!- rizz [~z@whois.not.found.404.mn] has joined #openvpn
10:03 -!- rizz [~z@whois.not.found.404.mn] has left #openvpn []
10:05 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
10:10 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
10:12 < Dr-007> im having trouble connecting to my openvpn server. as the irc topic suggests. i think its a firewall issue
10:12 < Dr-007> i've opened up one port 1194 in my home router where the server is running
10:12 < Dr-007> let me pastebin the configs
10:12 < Dr-007> !paste
10:12 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
10:12 < DArqueBishop> The logs would be helpful, too.
10:13 < Dr-007> cool
10:14 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Ping timeout: 240 seconds]
10:17 < Dr-007> these are the configs / logs: https://gist.github.com/anonymous/1b118fcfdc90e9bed673
10:17 <@vpnHelper> Title: client cannot connect to server · GitHub (at gist.github.com)
10:18 < Dr-007> brb my sister needs a jump start for her car, back in 5
10:28 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 240 seconds]
10:29 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
10:36 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
10:37 < Dr-007> allright, NY IDEAS?
10:37 < Dr-007> [DS]Matej,oops
10:37 < Dr-007> anyideas?
10:45  * ecrist reads
10:48 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
10:57 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:24 -!- zz_pzduniak is now known as pzduniak
11:26 -!- pzduniak [~pzduniak@cloudrack.io] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
11:27 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
11:29 < DArqueBishop> Dr-007, I'd check your server firewall configuration. If that's fine and you can confirm the port is open, it could be the location your client is located blocks outgoing OpenVPN.
11:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:34 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
11:47 < Dr-007> Darque, ah that i havent checked yet
11:47 < Dr-007> thats probably it
11:51 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
11:51 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Ping timeout: 276 seconds]
11:52 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
11:55 -!- spai [~spai@nomad198-196.d.umn.edu] has joined #openvpn
12:05 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
12:06 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
12:14 -!- spai [~spai@nomad198-196.d.umn.edu] has quit [Ping timeout: 272 seconds]
12:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:33 -!- dazo is now known as dazo_afk
12:39 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: C'ya]
12:40 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-cixyrlfhyzuhljiq] has joined #openvpn
12:43 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
12:47 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:57 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:03 -!- WarDriver [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
13:09 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
13:21 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:35 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:39 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
13:40 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
13:44 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
13:44 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
13:51 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
13:54 -!- mzbotr [~mzbotr@unaffiliated/mzbotr] has joined #openvpn
13:58 -!- somis [~somis@70.38.6.185] has joined #openvpn
14:42 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:43 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:09 < michele> Hi there! After upgrading openvpn to 2.3.7 (from 2.3.2), my openvpn returns a strange error: [ PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-plugin-auth-pam.so ] - yes, username and password are correct. Conf: http://pastie.org/private/otvzio7iomxbtrbyolvuw Log: http://pastie.org/pastes/10568356/reply?key=gxphj2bknase3zsbrgwlg - Any clues?
15:21 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:25 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
15:25 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
15:26 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
15:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
15:28 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
15:42 -!- ade_ [~Ade@redhat/adeb] has quit [Ping timeout: 276 seconds]
15:42 -!- mzbotr [~mzbotr@unaffiliated/mzbotr] has quit [Ping timeout: 246 seconds]
15:54 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
15:55 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:19 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
16:25 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:28 -!- NP-Compl1 [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 0.4.3]
16:30 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:55 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:40 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
17:42 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:50 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:59 -!- hrdflt [~hft@204.187.100.19] has quit []
18:07 -!- MikeH__ [~mystica55@97-118-190-159.hlrn.qwest.net] has joined #openvpn
18:10 -!- mystica555_ [~mystica55@71-218-30-236.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
18:15 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
18:38 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
18:47 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has joined #openvpn
18:52 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
18:54 -!- kraut [~kraut@blackhole.netzdeponie.de] has joined #openvpn
18:54 < kraut> hoi
18:54 < kraut> i've got this setup: client -> firewall with openvpn server -> client connected to openvpn server -> openvpnserver on that client -> firewall to that openvpn server -> client
18:54 < kraut> all with tun devices
18:55 < kraut> packets to the client with openvpn server get packets from the client through routing and send them via tun to the client on the right site
18:55 < kraut> on the incoming tun interface, everything is ok, on the outgoing, the server masks the IP with the server ip, not from the incoming ip
18:56 < kraut> i mean this:
18:56 < kraut> incoming:
18:56 < kraut> 01:50:38.792278 IP 192.168.1.193 > 172.20.0.66: ICMP echo request, id 22472, seq 307, length 64
18:56 < kraut> outgoing:
18:56 < kraut> 01:51:08.040924 IP 192.168.200.1 > 172.20.0.66: ICMP echo request, id 11859, seq 4107, length 64
18:56 < kraut> 01:51:08.068945 IP 172.20.0.66 > 192.168.200.1: ICMP echo reply, id 11859, seq 4107, length 64
18:57 < kraut> why is this not 192.168.1.193 anymore, instead it's 192.168.200.1
19:05 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
19:14 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
19:15 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:04 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:24 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
20:24 -!- Savemech [Savemech@gateway/shell/firrre/x-alikacnlkshjfytk] has quit [Excess Flood]
20:24 -!- samael [~earendil@multivac.valis-e.com] has quit [Remote host closed the connection]
20:24 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Remote host closed the connection]
20:24 -!- lxusrbin_ [~lxusrbin@scotty.fr0st.it] has quit [Remote host closed the connection]
20:24 -!- kraut [~kraut@blackhole.netzdeponie.de] has quit [Remote host closed the connection]
20:24 -!- pekster_ [~rewt@openvpn/community/developer/pekster] has joined #openvpn
20:24 -!- mode/#openvpn [+o pekster_] by ChanServ
20:25 -!- Savemech [Savemech@gateway/shell/firrre/x-tlypoasevtryfizs] has joined #openvpn
20:46 -!- somis [~somis@70.38.6.185] has quit [Quit: Leaving]
21:38 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has quit [Ping timeout: 260 seconds]
21:42 -!- MikeH__ is now known as mystica555
22:58 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
23:54 -!- ShadniX [dagger@p57941B59.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:55 -!- ShadniX [dagger@p5DDFDE33.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Nov 21 2015
00:18 -!- shio [~shio@55.188.103.84.rev.sfr.net] has quit [Quit: Leaving]
00:33 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
00:37 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
00:39 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
00:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
00:47 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:00 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
01:23 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
01:25 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:30 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
01:45 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
01:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
01:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:49 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
02:00 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
02:08 -!- extri [~extri@unaffiliated/xyk] has joined #openvpn
02:09 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 252 seconds]
02:12 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
02:14 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:19 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 240 seconds]
02:20 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
02:23 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 276 seconds]
02:23 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 250 seconds]
02:26 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:29 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:29 -!- mode/#openvpn [+o mattock1] by ChanServ
02:34 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
02:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:42 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:43 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:21 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
03:22 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Client Quit]
03:25 -!- IronY [~IronY@unaffiliated/irony] has quit [Quit: ZNC - http://znc.in]
03:25 -!- IronY [~IronY@unaffiliated/irony] has joined #openvpn
03:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
03:51 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
03:51 -!- extri [~extri@unaffiliated/xyk] has quit [Ping timeout: 244 seconds]
03:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:57 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:00 -!- ade_ [~Ade@redhat/adeb] has joined #openvpn
04:06 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
04:08 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
04:20 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
04:25 < michele> Hi there! After upgrading openvpn to 2.3.7 (from 2.3.2), my openvpn returns a strange error: [ PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-plugin-auth-pam.so ] - yes, username and password are correct. Conf: http://pastie.org/private/otvzio7iomxbtrbyolvuw Log: http://pastie.org/pastes/10568356/reply?key=gxphj2bknase3zsbrgwlg - Any clues?
04:25 -!- ade_ [~Ade@redhat/adeb] has quit [Read error: Connection reset by peer]
04:46 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
04:50 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
04:55 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:56 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
05:15 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
05:16 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
05:23 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has joined #openvpn
05:24 < POQDavid> hi how i can use dhcp-option for 2 DNS address
05:26 -!- michele [eraser@unaffiliated/michele] has left #openvpn ["WeeChat 1.3"]
05:30 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
05:33 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
05:46 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
05:55 < POQDavid> so 2 lines of dhcp-option DNS works for 2 DNS
05:56 < POQDavid> where in the config i add those lines is better
05:56 < POQDavid> or it wont matter
06:01 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
06:04 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:14 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
06:46 -!- yhs4260 [~yhs4260@93-186-148-62.ifnl.net] has joined #openvpn
06:48 < yhs4260> Hello. I was hoping someone might be able to help me with a query. I have my OpenVPN server running, and have 5 seperate OpenVPN subnets, each subnet routes out on a different eth gateway so have different WAN ip's to the world.
06:48 < yhs4260> What I want to do, is for ALL traffic destined for akamai.com to be routed by a specific ETH interface.
06:48 < yhs4260> Is their some way this can be achived?
06:48 < yhs4260> Thanks
07:04 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Ping timeout: 260 seconds]
07:38 -!- banco [~BaN@212.164.222.212] has joined #openvpn
07:45 -!- master_of_master [~master_of@p4FD7B82B.dip0.t-ipconnect.de] has joined #openvpn
07:48 -!- master_o1_master [~master_of@p4FD7BDDC.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
08:02 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
08:03 -!- magic_ninja [~sparie1@unaffiliated/magic-ninja/x-4708782] has joined #openvpn
08:03 < magic_ninja> hey guys, I was wondering if there is any way to make openvpn on windows run at startup and select a random server from my configuration files
08:03 < magic_ninja> perhaps a parameter or something to run the executable with
08:17 < banco> you can run it at startup with service
08:17 -!- magic_ninja [~sparie1@unaffiliated/magic-ninja/x-4708782] has quit [Ping timeout: 260 seconds]
08:17 < banco> to select a random server from config, you need to add remote-random in your config
08:22 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:34 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
09:00 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
09:14 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 240 seconds]
09:22 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
09:35 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:41 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
09:56 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
10:10 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
10:21 -!- toli [~toli@ip-83-134-71-90.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
10:26 -!- toli [~toli@ip-83-134-71-90.dsl.scarlet.be] has joined #openvpn
10:34 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:37 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
10:43 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
10:45 -!- banco [~BaN@212.164.222.212] has quit [Ping timeout: 260 seconds]
10:48 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
10:48 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:12 -!- banco [~BaN@212.164.222.212] has joined #openvpn
11:12 -!- lotharn2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
11:13 -!- lotharn2 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Client Quit]
11:14 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
11:27 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has joined #openvpn
11:28 < spai> quick question, is there a way of forcing network traffic from one process over vpn while allowing all else through the local network?
11:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
11:38 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
11:50 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 240 seconds]
11:51 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 240 seconds]
11:51 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
11:51 -!- mode/#openvpn [+o plaisthos] by ChanServ
11:51 -!- Savemech [Savemech@gateway/shell/firrre/x-tlypoasevtryfizs] has quit [Ping timeout: 240 seconds]
11:54 -!- arianna_ [~arianna_@host36-17-dynamic.21-79-r.retail.telecomitalia.it] has joined #openvpn
11:55 < banco> spai, use iptables owner module
11:55 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
11:56 < spai> sorry, I should have clarified, it is on windows.
11:56 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
12:05 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:06 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Remote host closed the connection]
12:13 < banco> spai, try to use ForceBindIP or some other specialized soft
12:14 < spai> Alright, I'll look into that. Thanks!
12:15 -!- extri [~extri@unaffiliated/xyk] has joined #openvpn
12:15 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 250 seconds]
12:18 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:23 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"]
12:25 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:27 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has quit [Quit: Leaving]
12:36 -!- master_of_master [~master_of@p4FD7B82B.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
12:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:41 -!- Savemech [Savemech@gateway/shell/firrre/x-gscgchyxyxmertmn] has joined #openvpn
12:42 -!- master_of_master [~master_of@p4FD7B82B.dip0.t-ipconnect.de] has joined #openvpn
12:45 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:56 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
12:58 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
12:59 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
13:06 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:10 -!- e1z0 [~null@netlinux/founder/e1z0] has joined #openvpn
13:53 -!- Uranio [~Uranio@free-03.protectednetgroup.com] has joined #openvpn
13:58 -!- Uranio [~Uranio@free-03.protectednetgroup.com] has quit [Quit: Leaving]
14:08 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has joined #openvpn
14:09 < spai> Anyone else get a bunch of these Sat Jun 01 09:29:13 2013 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
14:09 < spai> Sat Jun 01 09:29:13 2013 Route: Waiting for TUN/TAP interface to come up...
14:09 < spai> Sat Jun 01 09:29:16 2013 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
14:09 < spai> Sat Jun 01 09:29:16 2013 Route: Waiting for TUN/TAP interface to come up...
14:09 < spai> Sat Jun 01 09:29:17 2013 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
14:09 < spai> Sat Jun 01 09:29:17 2013 Route: Waiting for TUN/TAP interface to come up...
14:09 < spai> still trying to figure out why that is coming up
14:15 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
14:21 -!- master_of_master [~master_of@p4FD7B82B.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
14:21 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
14:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
14:31 < arianna_> hello, I'm trying a point2point connection with openvpn. server side I have
14:32 < arianna_> (linux server) openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun
14:32 < arianna_> client side (win 7) openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --remote xxxx.yyyy.it
14:32 < arianna_> (of course server name is the correct one not the x'ed above)
14:32 < arianna_> connection is estabilished
14:32 < arianna_> "initialization sequence completed"
14:33 < arianna_> but I can't ping the 2 hosts
14:33 < arianna_> win side I have disabled the firewall
14:33 < arianna_> ..what can it be? in "ipconfig /all" I can't see the 10.200.0.2 address actually..
14:52 < arianna_> ..
14:54 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 244 seconds]
15:17 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
15:17 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 240 seconds]
15:18 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Client Quit]
15:18 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
15:20 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:23 -!- s7eele [~AndChat52@162.216.46.62] has joined #openvpn
15:24 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
15:25 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
15:28 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
15:32 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
15:38 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
15:45 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
16:01 < arianna_> hello, anyone there? this should be the fastest way to get help :-(
16:08 -!- extri [~extri@unaffiliated/xyk] has quit [Ping timeout: 244 seconds]
16:25 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Remote host closed the connection]
16:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
16:26 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
16:26 < valdikss> arianna_:
16:27 < valdikss> arianna_: do you use topology p2p? It doesn't work with Windows.
16:28 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
16:28 < arianna_> no, I didn't use the topology option
16:29 < arianna_> I just wanted to create a vpn tunnel..and ping the 2 pcs..I'm just at the beginning..
16:29 < valdikss> arianna_: all right, what do you get with ipconfig on Windows?
16:31 < arianna_> Microsoft Windows [Version 6.1.7601]
16:31 < arianna_> Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
16:31 < arianna_> C:\Users\arianna_>ipconfig
16:31 < arianna_> Windows IP Configuration
16:31 < arianna_> Ethernet adapter Local Area Connection:
16:31 < arianna_>    Media State . . . . . . . . . . . : Media disconnected
16:31 < arianna_>    Connection-specific DNS Suffix  . :
16:31 < arianna_> Ethernet adapter OpenVPN Bridge:
16:31 < arianna_>    Media State . . . . . . . . . . . : Media disconnected
16:31 < arianna_>    Connection-specific DNS Suffix  . :
16:31 < arianna_> Wireless LAN adapter Wireless Network Connection:
16:31 < arianna_>    Media State . . . . . . . . . . . : Media disconnected
16:31 < arianna_>    Connection-specific DNS Suffix  . :
16:31 < arianna_> Ethernet adapter Ethernet:
16:31 < arianna_>    Media State . . . . . . . . . . . : Media disconnected
16:31 < arianna_>    Connection-specific DNS Suffix  . :
16:31 < arianna_> Wireless LAN adapter WLAN:
16:31 < arianna_>    Connection-specific DNS Suffix  . : homenet.telecomitalia.it
16:31 < arianna_>    Link-local IPv6 Address . . . . . : fe80::10ed:f1b2:b481:a0eb%11
16:31 < arianna_>    IPv4 Address. . . . . . . . . . . : 192.168.1.25
16:31 < arianna_>    Subnet Mask . . . . . . . . . . . : 255.255.255.0
16:31 < arianna_>    Default Gateway . . . . . . . . . : 192.168.1.1
16:31 < arianna_> Ethernet adapter VirtualBox Host-Only Network:
16:31 < arianna_>    Connection-specific DNS Suffix  . :
16:31 < arianna_>    Link-local IPv6 Address . . . . . : fe80::f870:2e25:a314:7dc3%25
16:31 < arianna_>    IPv4 Address. . . . . . . . . . . : 192.168.56.1
16:32 < arianna_>    Subnet Mask . . . . . . . . . . . : 255.255.255.0
16:32 < arianna_>    Default Gateway . . . . . . . . . :
16:32 < arianna_> ...
16:32 < arianna_> unfortunately
16:32 < arianna_> I can't see any of the 10.200.1.2 addressing..
16:32 < arianna_> though the openvpn windows seems to give me good result
16:32 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:33 < valdikss> arianna_: uh-oh, next time use paste service please
16:33 < arianna_> valdikss I'm new also on irc :) sorry
16:33 < valdikss> arianna_: what do you have in the log on Windows?
16:37 < arianna_> http://pastebin.com/KQfDzsVS
16:37 < arianna_> this is my current openvpn command prompt
16:37 < arianna_> on windows
16:37 < arianna_> I xx.yy'ed the static ip but the rest is fine
16:41 -!- Gizmokid2005 [~Gizmokid2@ns517807.ip-192-99-6.net] has quit [Ping timeout: 276 seconds]
16:42 < valdikss> arianna_: well, Windows doesn't set IP address. I don't know why.
16:42 < valdikss> arianna_: Maybe you have a firewall configured to block DHCP on a OpenVPN tap interface?
16:42 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Quit: ZNC - http://znc.in]
16:44 < valdikss> arianna_: anyway, try adding --ip-win32 netsh
16:44 -!- Gizmokid2005 [~Gizmokid2@dedi2.gizmokid2005.com] has joined #openvpn
16:44 < valdikss> arianna_: you should run OpenVPN as administrator
16:44 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
16:45 < arianna_> valdikss: where would I add that option? "--ip-win32 netsh"?
16:45 < valdikss> arianna_: Windows command like or config
16:47 < arianna_> mmh..
16:48 < arianna_> tried with this
16:48 < arianna_> openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev t
16:48 < arianna_> un --secret secret.key --remote xx.yy.zz --ip-win32 netsh
16:48 < arianna_> that was what you meant by adding the "--ip-win32 netsh" option?
16:49 < valdikss> arianna_: yes
16:49 < arianna_> Sat Nov 21 23:41:53 2015 NETSH: C:\Windows\system32\netsh.exe interface ip set a
16:49 < arianna_> ddress OpenVPN static 10.200.0.2 255.255.255.252
16:49 < arianna_> Sat Nov 21 23:41:55 2015 ERROR: netsh command failed: returned error code 1
16:49 < valdikss> arianna_: run it as administrator
16:49 < arianna_> I did
16:49 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:50 < arianna_> I opened a cmd as admin, went to config folder of openvpn
16:50 < arianna_> launched command..
16:50 < valdikss> arianna_: try to remove tap adapter and add it again then
16:50 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
16:50 < valdikss> arianna_: there are bundled scripts for that
16:50 < arianna_> am I not using --dev tun?
16:50 < arianna_> why are you speaking about tap adapter?
16:51 < valdikss> arianna_: because it's called TAP adapter in Windows, even if you use tun topology.
16:51 < arianna_> ah, ok, I didn't know
16:51 < valdikss> arianna_: your virtual NIC, if you prefer that
16:55 < arianna_> oh, I found that the Win TAP was bridged!
16:55 < arianna_> I de-bridged it
16:55 < arianna_> re-launched the command
16:55 < arianna_> and it seems something happened..no errors
16:55 < arianna_> let me paste-bin
16:57 < arianna_> http://pastebin.com/McHYnPJU
16:57 < arianna_> now, on the server shell on linux
16:57 < arianna_> ai see a lot of activity..might be positive
16:58 < valdikss> arianna_: try to ping remote side then
16:58 < arianna_> I have the IP :)
16:58 < arianna_>    Connection-specific DNS Suffix  . :
16:58 < arianna_>    Description . . . . . . . . . . . : TAP-Windows Adapter V9
16:58 < arianna_>    Physical Address. . . . . . . . . : 00-FF-39-51-56-06
16:58 < arianna_>    DHCP Enabled. . . . . . . . . . . : No
16:58 < arianna_>    Autoconfiguration Enabled . . . . : Yes
16:58 < arianna_>    Link-local IPv6 Address . . . . . : fe80::e198:f3e2:27b0:afc0%30(Preferred)
16:58 < arianna_>    IPv4 Address. . . . . . . . . . . : 10.200.0.2(Preferred)
16:58 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
16:59 < valdikss> arianna_: you can try to remove ip-win32 option now and see if it works. You can run openvpn as a usual user without this option.
16:59 < arianna_> yay! :)
16:59 < arianna_> it pings!
16:59 < valdikss> arianna_: Cool! I'm going to sleep.
16:59 < arianna_> "usual user" means no-admin?
16:59 < valdikss> arianna_: yes
17:00 < arianna_> cool :) thanks a lot for your help
17:00 < valdikss> arianna_: np
17:00 < arianna_> I'm gettin excited over this..now I'm asking what I can do with this vpn tunnel :P
17:00 < arianna_> like folder sharing and so on
17:00 < arianna_> (asking myself that is
17:01 < arianna_> not you..you're going to bed :) )
17:01 < valdikss> arianna_: you'd better configure keys authentication. It's more secure than a static keys
17:01 < valdikss> arianna_: it supports reauthentication and Diffie-Hellman ephemeral keys.
17:02 < arianna_> will try tomorrow..hope I can find some good guide :)
17:02 < valdikss> arianna_: use easy-rsa for that, better version 3.
17:02 < valdikss> arianna_: a guide is on OpenVPN side, it's a bit dated but the base things are still the same.
17:03 < arianna_> any chance to have a GUI instead of launching commands via cli? ^__^
17:04 < valdikss> arianna_: sure, there's a gui bundled for Windows
17:04 < valdikss> arianna_: Don't you have OpenVPN GUI shortcut?
17:06 < arianna_> I do have it..but it just let me "edit config"
17:06 < arianna_> btw, command successfull without the --ip-win32 option
17:06 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
17:07 < arianna_> ok, this was my 1st point 2 point test..and it worked :) I will try something more complicate tomorrow then, with easy-rsa
17:09 -!- master_of_master [~master_of@p4FD7B82B.dip0.t-ipconnect.de] has joined #openvpn
17:21 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:29 -!- somis [~somis@70.38.6.185] has joined #openvpn
17:30 -!- arianna_ [~arianna_@host36-17-dynamic.21-79-r.retail.telecomitalia.it] has quit [Ping timeout: 260 seconds]
17:32 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has quit [Ping timeout: 276 seconds]
17:39 -!- arianna_ [~arianna_@37.176.168.197] has joined #openvpn
17:39 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:40 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
17:40 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
17:58 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
17:59 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 264 seconds]
18:00 -!- s7eele [~AndChat52@162.216.46.62] has quit [Quit: Bye]
18:06 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:07 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:10 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:15 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
18:21 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
18:23 -!- Cultist [~CultOfThe@unaffiliated/cultist] has quit [Quit: Tension, apprehension, and dissension have begun.]
18:24 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:26 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
18:28 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
18:28 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
18:31 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:32 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
18:39 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
18:45 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
19:01 -!- wiz [~sid1@irc-gw.wiz.network] has quit [Remote host closed the connection]
19:12 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 240 seconds]
19:16 -!- arianna_ [~arianna_@37.176.168.197] has quit [Read error: Connection reset by peer]
19:16 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:17 -!- Cultist [~CultOfThe@unaffiliated/cultist] has joined #openvpn
19:24 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:37 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
19:38 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
20:53 -!- somis [~somis@70.38.6.185] has quit [Quit: Leaving]
21:12 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
21:41 -!- lotharn1 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
21:43 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
21:44 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
21:44 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
21:44 -!- riddle [riddle@us.yunix.net] has quit [Ping timeout: 264 seconds]
21:44 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 264 seconds]
21:44 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 264 seconds]
21:45 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
21:45 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 264 seconds]
21:45 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 264 seconds]
21:45 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 264 seconds]
21:45 -!- samu [s@unaffiliated/samaelszafran] has quit [Ping timeout: 264 seconds]
21:45 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Disconnected by services]
21:47 -!- riddle [~decadance@us.yunix.net] has joined #openvpn
21:47 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
21:47 -!- mode/#openvpn [+o vpnHelper] by ChanServ
21:50 -!- jeev_ [~j@unaffiliated/jeev] has joined #openvpn
21:50 -!- Netsplit *.net <-> *.split quits: BrianBlaze420, jzaw, subzero79, lotharn, @syzzer
21:50 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
21:51 -!- Netsplit *.net <-> *.split quits: shootbird, CGML, FruitieX, johnny56, baetheus, early`, yoavz, troyt, drwx, pythonsnake,  (+21 more, use /NETSPLIT to show all of them)
21:52 -!- Netsplit over, joins: ashka
21:52 -!- Netsplit over, joins: lbft
21:53 -!- Netsplit over, joins: supergauntlet
21:55 -!- Netsplit over, joins: mystica555
21:56 -!- Netsplit over, joins: infernix
21:56 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
21:56 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
21:56 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
21:57 -!- Denial- [~Denial@5.80.233.113] has quit [Ping timeout: 250 seconds]
21:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
21:58 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 250 seconds]
21:58 -!- Mike-- [mad@mx.probie.nl] has quit [Ping timeout: 250 seconds]
21:58 -!- yoink [~yoink@66.171.168.10] has quit [Ping timeout: 250 seconds]
21:58 -!- varesa_ [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 250 seconds]
21:58 -!- yoink_ [~yoink@66.171.168.10] has joined #openvpn
21:58 -!- yoink_ is now known as yoink
21:58 -!- Netsplit over, joins: BrianBlaze420
21:58 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 250 seconds]
21:58 -!- Tenhi_ [~tenhi@178.18.241.180] has quit [Ping timeout: 250 seconds]
21:58 -!- Matir [~matir@ubuntu/member/matir] has quit [Ping timeout: 250 seconds]
21:58 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 250 seconds]
21:59 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
22:00 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
22:01 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
22:01 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
22:01 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
22:01 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
22:01 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
22:01 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
22:01 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
22:01 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
22:01 -!- doop [~doop@colostomy.club] has joined #openvpn
22:01 -!- occupant [~null@207.173.20.37] has joined #openvpn
22:01 -!- baetheus [~brandon@null.pub] has joined #openvpn
22:01 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
22:01 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
22:01 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
22:01 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
22:01 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
22:01 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
22:01 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has joined #openvpn
22:01 -!- early` [~early@105.ip-167-114-152.net] has joined #openvpn
22:04 -!- varesa_ [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
22:11 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
22:12 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
22:14 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 240 seconds]
22:17 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
22:17 -!- mode/#openvpn [+o dazo_afk] by ChanServ
22:17 -!- dazo_afk is now known as dazo
22:22 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
22:23 -!- Tenhi_ [~tenhi@178.18.241.180] has joined #openvpn
22:25 -!- dhcpfreely [~dhcp_free@ec2-52-33-220-248.us-west-2.compute.amazonaws.com] has joined #openvpn
22:43 -!- syzzer [~syzzer@2001:610:697::12] has joined #openvpn
22:44 -!- marus [Elite13751@gateway/shell/elitebnc/x-pqghlquhcscpnucu] has quit [Ping timeout: 240 seconds]
22:44 -!- syzzer [~syzzer@2001:610:697::12] has quit [Changing host]
22:44 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
22:44 -!- mode/#openvpn [+o syzzer] by ChanServ
22:46 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
22:53 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
22:59 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:00 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
23:03 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
23:05 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
23:09 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has joined #openvpn
23:11 < nitay> im trying to get a vpn server configured on an ec2 instance - the server is up and clients can connect to it, but even though I added a “push route …” to the server config and I see it in my route table on the client when I connect, it still doesn’t reach IPs
23:16 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has left #openvpn []
23:16 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has joined #openvpn
23:17 < nitay> my firewall btw is open I’m fairly certain that’s not the issue
23:21 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:21 -!- mode/#openvpn [+o mattock1] by ChanServ
23:24 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has quit [Quit: nitay]
23:25 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has joined #openvpn
23:37 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has quit [Quit: nitay]
23:38 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has joined #openvpn
23:44 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has quit [Quit: nitay]
23:46 -!- banco [~BaN@212.164.222.212] has quit [Ping timeout: 252 seconds]
23:52 -!- ShadniX [dagger@p5DDFDE33.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:53 -!- ShadniX [dagger@p5DDFE583.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Nov 22 2015
00:00 -!- banco [~BaN@212.164.222.212] has joined #openvpn
00:03 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has joined #openvpn
00:14 -!- nitay [~nitay@ool-4350232a.dyn.optonline.net] has quit [Quit: nitay]
00:15 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
00:48 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
00:52 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:09 -!- cattune [~bryan110@unaffiliated/bryan110] has joined #openvpn
01:17 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
01:19 < cattune> Hello, I don't suppose anyone here has installed airvpn's "Eddie" client in qubes?...just after some "how to" clues
01:38 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:46 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
02:14 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:17 -!- tiago [~tiago@unaffiliated/ttsda] has joined #openvpn
02:18 < tiago> hi. I setup openvpn on a server I own, and connected to it from a windows machine. I am forwarding all the internet traffic through the vpn and it works fine, but when I try to ping the client's virtual ip (in this case 10.8.0.8) from the server, there is no reply. do I need to change something?
02:18 < tiago> *10.8.0.6 not that it matters though
02:19 < tiago> what I want is to have server -> client communication too, so I can forward port 80 on the server to the client
02:19 < tiago> so that when you access the server IP on a browser a page served by the client is shown
02:25 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:27 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:36 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
02:37 < tiago> it seems like it was a problem with the client firewall
02:37 < tiago> I disabled windows firewall and it is now working :)
03:12 -!- cattune [~bryan110@unaffiliated/bryan110] has left #openvpn []
03:22 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
03:26 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Read error: Connection reset by peer]
03:26 -!- AlmogBak_ [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
03:39 -!- AlmogBak_ [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: C'ya]
03:41 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
04:13 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
04:24 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:25 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:25 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:41 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
04:58 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:13 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
05:23 -!- Buffman [~Buffman@my.irc-bit.ch] has joined #openvpn
05:23 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
05:23 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
05:26 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:44 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
05:55 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
06:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
06:03 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:30 -!- abra0 [abra0@unaffiliated/abra0] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
06:37 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
06:44 -!- banco [~BaN@212.164.222.212] has quit [Ping timeout: 246 seconds]
06:51 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
06:59 -!- banco [~BaN@212.164.222.212] has joined #openvpn
07:31 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:33 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
07:36 -!- rich0_ is now known as rich0
07:38 -!- banco [~BaN@212.164.222.212] has quit [Ping timeout: 252 seconds]
07:40 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:42 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
07:45 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
07:45 -!- master_o1_master [~master_of@p4FD7B2C3.dip0.t-ipconnect.de] has joined #openvpn
07:48 -!- master_of_master [~master_of@p4FD7B82B.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
07:54 -!- banco [~BaN@212.164.222.212] has joined #openvpn
07:55 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:29 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
08:30 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:41 -!- magic_ninja [~sparie1@unaffiliated/magic-ninja/x-4708782] has joined #openvpn
08:41 < magic_ninja> hey guys, I was wondering if there is any way to make openvpn on windows run at startup and select a random server from my configuration files
08:41 < magic_ninja> perhaps a parameter or something to run the executable with
08:44 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
08:46 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
08:47 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Client Quit]
08:56 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
08:59 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
09:01 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
09:05 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:15 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
09:18 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
09:21 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
09:28 < magic_ninja> nevermind, got it
09:41 -!- ZitZ [~paul@c-69-253-144-159.hsd1.pa.comcast.net] has joined #openvpn
09:42 -!- ZitZ [~paul@c-69-253-144-159.hsd1.pa.comcast.net] has quit [Read error: Connection reset by peer]
09:46 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 260 seconds]
09:47 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
09:52 -!- rich0_ is now known as rich0
09:55 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
09:57 -!- marus [Elite13751@gateway/shell/elitebnc/x-ayvljtlveiuniolz] has joined #openvpn
09:58 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
10:07 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Read error: Connection reset by peer]
10:14 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
10:19 -!- jujuza [69e5d9dc@gateway/web/freenode/ip.105.229.217.220] has joined #openvpn
10:25 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
10:34 -!- extri [~extri@unaffiliated/xyk] has joined #openvpn
10:35 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:37 -!- bigeasy_ [~prettyrob@ec2-52-70-58-47.compute-1.amazonaws.com] has joined #openvpn
10:40 -!- AlmogBaku [~AlmogBaku@109.226.51.54] has joined #openvpn
10:42 -!- AlmogBaku [~AlmogBaku@109.226.51.54] has quit [Client Quit]
10:47 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
10:47 -!- AlmogBaku [~AlmogBaku@109.226.51.54] has joined #openvpn
10:50 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
10:51 -!- AlmogBaku [~AlmogBaku@109.226.51.54] has quit [Ping timeout: 244 seconds]
10:53 -!- mystica555 [~mystica55@97-118-190-159.hlrn.qwest.net] has quit [Remote host closed the connection]
11:05 -!- mystica555 [~mystica55@97-118-190-159.hlrn.qwest.net] has joined #openvpn
11:06 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:18 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
12:29 -!- Tenhi_ [~tenhi@178.18.241.180] has quit [Ping timeout: 250 seconds]
12:34 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
12:34 -!- lotharn1 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
12:34 -!- lotharn1 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
12:35 -!- lotharn1 is now known as lotharn
12:40 -!- extri [~extri@unaffiliated/xyk] has quit [Ping timeout: 244 seconds]
12:45 -!- extri [~extri@unaffiliated/xyk] has joined #openvpn
12:56 -!- baetheus [~brandon@null.pub] has left #openvpn []
13:09 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
13:11 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
13:32 -!- extri [~extri@unaffiliated/xyk] has quit [Ping timeout: 244 seconds]
13:37 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has joined #openvpn
13:37 < POQDavid> Hi i need help with setting the MTU on TAP and openvpn config
13:38 < POQDavid> my mtu is 1500 but once i test it using ping it says 1472
13:38 < POQDavid> how i setup my openvpn client so i get good connection
13:45 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:06 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
14:11 < POQDavid> is this tun-mtu 1500 link-mtu 1442 mssfix 1460 correct?
14:14 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
14:15 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
14:23 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:25 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
14:30 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
14:32 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:34 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 240 seconds]
14:38 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
14:52 -!- jujuza [69e5d9dc@gateway/web/freenode/ip.105.229.217.220] has quit [Ping timeout: 246 seconds]
14:53 -!- shio [~shio@220.188.103.84.rev.sfr.net] has joined #openvpn
15:01 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
15:04 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Client Quit]
15:05 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 264 seconds]
15:09 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has joined #openvpn
15:14 -!- Sidewinder [~de@unaffiliated/sidewinder] has joined #openvpn
15:14 -!- Sidewinder [~de@unaffiliated/sidewinder] has quit [Read error: Connection reset by peer]
15:18 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has joined #openvpn
15:19 -!- smrtak [~smrtak@50.7.211.251] has joined #openvpn
15:23 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
15:39 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
15:41 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
15:44 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
15:46 < smrtak> hello :)
15:57 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
15:59 -!- fearnothing [~nothing@unaffiliated/fearnothing] has joined #openvpn
15:59 < fearnothing> if I am using an HTTP proxy, does it get overriden when I connect to a vpn?
16:00 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"]
16:00 < fearnothing> if not, is it possible to set it up so that connecting overrides it?
16:14 < banco> fearnothing, if your vpn is configured to route all client traffic through the VPN, then your proxy will be used through vpn
16:14 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
16:14 < banco> https://openvpn.net/index.php/open-source/documentation/howto.html#redirect
16:14 <@vpnHelper> Title: HOWTO (at openvpn.net)
16:19 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
16:20 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
16:20 < fearnothing> yeah but the point is the client will sometimes be on my network and sometimes not
16:21 < fearnothing> or rather, sometimes it will be VPNed to another network
16:21 < fearnothing> I want it to use my proxy when not VPNed, but when it is, for the proxy setting to be ignored
16:22 < fearnothing> if the answer is "this is a weird edge case and there's no automated way to do that", then I'll have to put up with that
16:23 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:23 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
16:24 < banco> you can use up/down scripts to disable/enable your proxy
16:24 < fearnothing> ok, that's workable
16:24 < fearnothing> thanks
16:33 < marus> my andoird client can't ping host that are at the same subnet like the openvpn server
16:34 < marus> do you i have a routing Problem?
16:35 -!- yhs4260 [~yhs4260@93-186-148-62.ifnl.net] has quit [Quit: Leaving]
16:35 < banco> do you have push "your subnet" in server config?
16:35 < marus> banco: yes
16:36 < marus> so i need a route on my andoid client?
16:36 < banco> check your routing table on android to see, if you have route to the subnet
16:37 < banco> also, you have "route your_subnet" option in server config as well?
16:37 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
16:39 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:42 < marus> banco: yes i have "route my subnet" in server.conf
16:42 < marus> but it's worth to make a default route at any new client
16:42 < marus> is there a workaround?
16:43 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Client Quit]
16:45 < banco> if you mean to add route option in client config, then it's a bad idea, just push from server config is enough
16:45 < marus> banco: actualy the clients can reach the servers and the server can't reach the client
16:45 < banco> check your routing table on android first
16:45 < banco> maybe firewall problem?
16:46 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
16:46 < marus> banco: i can reach everything from the andoird
16:46 < marus> banco: nope no firewall at place
16:46 < banco> can you ping server from android?
16:47 < marus> but i thing it's good practice that the servers on the lan behind openvpn can't ping the clients
16:47 < marus> banco: yes
16:49 < banco> server should be able to ping client as well, but it can't, so there is a firewall
16:49 < banco> if there is a firewalls on clients, then clients can't ping each other as server can't ping any of them
16:57 < banco> ok, wait a minute, which server did you mean in "the clients can reach the servers and the server can't reach the client"? I meant OpenVPN server.
16:57 < marus> i meant a server at the same subnet like openvpn
16:58 < banco> can clients ping the OpenVPN server?
16:59 < marus> yes
17:01 < banco> then check your routing tables on OpenVPN server and OpenVPN clients to see, if your vpn subnet is there
17:02 < marus> banco: my client can reach my openvpn server and my vpn, so it have routes
17:03 < marus> my server into the vpn can't reach the clients, so they musst have a new route
17:04 < banco> you mean OpenVPN server or server that is OpenVPN client in vpn subnet?
17:07 < banco> if your OpenVPN clients can reach the OpenVPN server it doesn't meant, that they have the route to the vpn subnet, because OpenVPN server will push separate route to the OpenVPN server to the clients
17:08 < banco> so OpenVPN clients may see the OVPN server, but not each other in the vpn subnet
17:09 < marus> banco: but as i tell you, my andoid client can read a web server at the same subnet as the openvpn server
17:10 < marus> OpenVPN clients can reach openvpn server and oder server at the same subnets as the openvpn server
17:12 -!- AlmogBaku [~AlmogBaku@bzq-79-182-188-79.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:14 < banco> didn't the problem was "my andoird client can't ping host that are at the same subnet like the openvpn server"
17:14 < banco> or the problem is only with android clients?
17:15 < marus> banco: i thing there is no Problem, i miss spelled the question Sorry :-)
17:19 -!- smrtak [~smrtak@50.7.211.251] has left #openvpn []
17:22 < banco> so what is the problem in the end? some of your OVPN clients can reach another OVPN client (which also is some kind of server) but this OVPN client (that server) can't reach the other OVPN clients?
17:31 -!- somis [~somis@70.38.6.187] has joined #openvpn
17:36 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:40 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:56 -!- yoink [~yoink@66.171.168.10] has quit [Ping timeout: 252 seconds]
18:11 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:38 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
18:56 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 240 seconds]
19:01 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
19:03 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
19:05 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has joined #openvpn
19:06 -!- bigeasy_ [~prettyrob@ec2-52-70-58-47.compute-1.amazonaws.com] has quit [Quit: ZNC - http://znc.in]
19:07 < spai> Hey all, another question. I cannot use another piece of 3rd party software, im trying to route a specific process over vpn and nothing else. I know it's possible to add a route into the routing tables for certain IPs, but I don't know that a process will always use the same IP address.
19:08 < spai> So I guess my question is if this is possible for just one aplication over openvpn without use of more 3rd party software
19:09 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
19:17 -!- r00t66 [~r00t66@2602:306:3593:9700::48] has joined #openvpn
20:25 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
20:25 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
20:26 -!- GerryMander [~quassel@unaffiliated/haxxed] has joined #openvpn
20:29 < GerryMander> Alright y'all I've got a wrt 1900ac and I can connect connect via open vpn from outside but I can't see or access any of the shared folders. I can ping the printer but nothing else
20:36 -!- AnnaRooks [~M@unaffiliated/annarooks] has joined #openvpn
20:36 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has quit [Ping timeout: 260 seconds]
20:37 < AnnaRooks> Help? I'm getting the TLS key negotiation failed within 60 seconds, but the firewalls are all clear
20:38 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
20:45 < AnnaRooks> Sorry.
20:45 -!- AnnaRooks [~M@unaffiliated/annarooks] has left #openvpn ["hopefully will be back"]
21:12 -!- somis [~somis@70.38.6.187] has quit [Quit: Leaving]
21:18 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
21:20 < GerryMander> Does anyone here use openvpn on a linksys wrt1900ac?
21:23 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 272 seconds]
21:39 < subzero79> GerryMander: I use openvpn in openwrt but i dont have a 1900AC
21:40 < subzero79> does it run well now in the 1900?
21:40 < GerryMander> Well that's the thing. I can connect just fine but I can't see any network machines
21:40 < GerryMander> Besides the printer
21:40 < subzero79> ah ok, you're running on tap then
21:41 < GerryMander> Is there a way to fix it?
21:41 < GerryMander> Cause the whole point for me is file access
21:42 < subzero79> There should be a way, ppoint is i don't use tap, i've always used routed vpn
21:42 < subzero79> do you really need a bridged setup?
21:43 < GerryMander> No
21:43 < GerryMander> I dont even really know what tap is
21:43 < subzero79> ok maybe we got things wrong
21:44 < subzero79> i understood that you have problems "seeing" network devices
21:44 < subzero79> like in the windows network icon? is that correct?
21:45 < GerryMander> There's only one way to run the server really
21:45 < GerryMander> Well there but also ping
21:45 < GerryMander> Or trying to access them in Explorer by \\
21:46 < subzero79> How did you configure the openvpn server? did you follow a tutorial ?
21:46 < GerryMander> But I can ping the printer
21:47 < GerryMander> Naw just by deduction. The 1900ac menu is really simple. Basically on or off and username
21:47 < GerryMander> Then it generated the client configuration file and you dl it
21:48 < subzero79> ah ok, got lost again the 1900ac router has openvpn in the default firmware?
21:48 < subzero79> the one provided by linksys?
21:48 < GerryMander> Yeah but it doesn't support http tunneling. Just file share which seems to just work out of the box for people
21:49 < subzero79> ah ok,
21:49 < subzero79> didn't know that , i am just reading throught their webpage
21:50 < GerryMander> I tried disabling windows firewall and O still couldn't ping the IP for that machine
21:50 < subzero79> mmmm
21:50 < subzero79> wonder how they configure the server, and the firewall rules.
21:51 < GerryMander> What needs to happen on the firewall? Do I need to do anything with the default port?
21:51 < subzero79> have you runned tcpdump to catch icmp  in a lan client and ping from a vpn client to see if the packets are arriving. Sometimes happens the packets get there, is the clients don't know how to route back
21:52 < GerryMander> No but I can do that lwter
21:52 < GerryMander> A little above my head but I think I can figure that out
21:53 < subzero79> i believe there is an equivalent of tcpdump for win
21:53 < subzero79> https://www.winpcap.org/windump/docs/manual.htm
21:53 <@vpnHelper> Title: WinDump - Manual (at www.winpcap.org)
21:53 < GerryMander> Ya winpcap and Wireshark I think will yet me what I need
21:53 < GerryMander> Get
21:54 < subzero79> you should run like tcpdump -nni any 'icmp' and ping from the vpn client, if you see packets arriving from the vpn subnet
21:54 < subzero79> means is working
21:54 < GerryMander> So about subnets
21:54 < subzero79> but the lan clients don't know how to route back
21:55 < GerryMander> My Lan is 255.255.255. 0 but on the VPN the third 255 is 254
21:55 < GerryMander> Do I need to attach that to my request for the machine?
21:55 < subzero79> that's your maks
21:55 < subzero79> subnet mask
21:56 < subzero79> your lan subnet should be the typical 192.168.1 or similar
21:56 < GerryMander> I never learned how that stuff works :/ I'm not very familiar with the stack unfortunately
21:56 < GerryMander> Ah ok
21:56 < subzero79> and the vpn linksys shows 172.19.13.x
21:57 < GerryMander> Yes that sounds right
21:57 < subzero79> where's the printer connected ?
21:57 < GerryMander> Wired to the linksys
21:57 < GerryMander> . 1.133
21:59 < subzero79> as network printer through ethernet or usb?
21:59 < GerryMander> Ethernet
21:59 < GerryMander> It's got its own nic
22:00 < subzero79> ah ok,
22:00 < subzero79> i see the linksys doesn't provide many options for the server
22:01 -!- r00t66 [~r00t66@2602:306:3593:9700::48] has quit [Quit: Leaving]
22:01 < GerryMander> None at all pretty much
22:01 < GerryMander> No access to the config file
22:02 < subzero79> so i wonder if is configured as bridge or tun mode, you shoud see that in the  client config file
22:03 < GerryMander> Sec
22:05 < GerryMander> Line 2 is "dev tun"
22:05 < subzero79> ok, so is routed
22:09 < GerryMander> Does that mean it should be working?
22:12 < subzero79> not the pretty icons in windows
22:12 < subzero79> for the network, but you should be able to reach them by ip
22:12 < GerryMander> Hmm
22:13 < GerryMander> It seems like it's firewall relayed with my limited it knowledge but I tried that already
22:18 < subzero79> does the linksys have an advanced firewall configuration ?
22:18 < subzero79> i wouldn't expect that from a home router with default fw
22:23 < GerryMander> How advanced are we tslking
22:23 < GerryMander> I can do quite a bit with it
22:24 -!- toli [~toli@ip-83-134-71-90.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
22:26 < subzero79> masquerade rules, forwarding in between interfaces
22:27 < subzero79> my guess is the openvpn configures that by default,
22:27 < subzero79> but who knows
22:27 -!- toli [~toli@ip-62-235-196-248.dsl.scarlet.be] has joined #openvpn
22:30 < subzero79> need to go now, check with the tool if the packets are getting to destination
22:30 < GerryMander> Will do thanks for the help
22:43 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:00 -!- prettyrobots [~prettyrob@ec2-52-70-58-47.compute-1.amazonaws.com] has joined #openvpn
23:40 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:51 -!- ShadniX [dagger@p5DDFE583.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:51 -!- ShadniX [dagger@p5DDFDF02.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Nov 23 2015
00:24 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Read error: Connection reset by peer]
00:44 -!- Savemech [Savemech@gateway/shell/firrre/x-gscgchyxyxmertmn] has quit [Quit: y.u.dont.use.firrre.com]
00:49 -!- Savemech [Savemech@gateway/shell/firrre/x-mhzkyeiunqwqrrcq] has joined #openvpn
00:54 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
01:01 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:01 -!- mode/#openvpn [+o mattock1] by ChanServ
01:55 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
01:57 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Read error: Connection reset by peer]
02:19 -!- zamba [~marius@flage.org] has joined #openvpn
02:45 -!- Cylindric [~mark.hanf@185.47.105.9] has joined #openvpn
02:48 -!- RBecker [~Ryan@openvpn/user/RBecker] has quit [Ping timeout: 252 seconds]
02:53 < Cylindric> Hi folks. I'm having a strange problem with my OpenVPN AS. We got a new internet connection on Friday, so I had to change the default Gateway on the server to the new firewall. Since then, the VPN clients can't connect...
02:53 < Cylindric> On the client, after I put in the username and password, I get the Google Auth prompt, so I guess _something_ must be getting to the VPN server
02:54 -!- marus [Elite13751@gateway/shell/elitebnc/x-ayvljtlveiuniolz] has left #openvpn []
02:54 < Cylindric> In the capi.log on the client I get a "DynamicClientBase: Unable to obtain Session ID from u'vpn.mydomain.co.uk'
02:55 < Cylindric> My new firewall logs show nothing being blocked either in or out.
02:55 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
02:55 -!- mode/#openvpn [+v RBecker] by ChanServ
02:59 < Cylindric> Hmm, this may be an #openvpn-as question.
03:08 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
03:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:23 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
03:42 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:48 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
03:56 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Read error: Connection reset by peer]
03:57 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
04:02 -!- bulle [~bulle@136.149.216.81.static.u-a.siw.siwnet.net] has joined #openvpn
04:04 < bulle> Do openvpn currently support the client changing ip and still keeping the vpn going ? Im thinking handoff between mobile and wifi networks, for roadwarrior setups
04:06 < BtbN> The client will just reconnect
04:07 <@plaisthos>  bulle: yes but server has to be -master and client 2.3.6+
04:08 <@plaisthos> Also OpenVPN for Android supports that handover
04:08 <@plaisthos> but has currently problem with Ipv4/Ipv6 handover
04:32 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:33 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
04:37 -!- workerbeetwo [~workerbee@x4db39dcc.dyn.telefonica.de] has joined #openvpn
04:37 < workerbeetwo> Hi.
04:37 < workerbeetwo> I ran "openvp --config file"   but nothing seems to happen. wahts wrong?
04:38 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:46 < albercuba> Hello everyone. One question. If I have a bare metal openvpn server and i want to move it to another server (with exactly the same configuration) and have it all working again with the same certificates, is it enough to copy the server and client certificates?
04:53 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:56 < workerbeetwo> I ran "openvp --config file"   but nothing seems to happen. wahts wrong?
05:05 < albercuba> workerbeetwo, don't you get an error or something?
05:05 < albercuba> check your logs
05:05 < albercuba> i am going to have lunch
05:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
05:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:11 < workerbeetwo> albercuba: I get exit due to fatal error : ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
05:22 < albercuba> workerbeetwo, did you try executing the file as root?
05:22 < albercuba> or with sudo
05:23 < workerbeetwo> sudo
05:23 < albercuba> because it sounds like a permission prob
05:24 < albercuba> workerbeetwo,  run it as root
05:24 < albercuba> and see if it works
05:25 -!- zylinx [uid43406@gateway/web/irccloud.com/x-cnysjrqzqjbplmhb] has joined #openvpn
05:30 -!- workerbeetwo [~workerbee@x4db39dcc.dyn.telefonica.de] has quit [Remote host closed the connection]
05:49 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:53 -!- zimboboy- [~zimboboyd@213.183.76.156] has joined #openvpn
05:54 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
05:56 < Cylindric> I've just had to replace my OpenVPN AS server - is there an easy way to transfer the license, or do I have to wait for OpenVPN to get me a new key?
06:00 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:01 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
06:06 < Cylindric> Anyone know the support hours? No idea when to expect a reply to my support ticket...
06:08 < Thermi> #openvpn-as
06:10 < Cylindric> Tried that. The !hours command didn't work.
06:11 < Cylindric> The !staff one was fine
06:12 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:16 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
06:26 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
06:28 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:45 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
06:47 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
07:13 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:19 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:24 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
07:30 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:31 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
07:33 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
07:45 -!- master_of_master [~master_of@p4FF246B0.dip0.t-ipconnect.de] has joined #openvpn
07:48 -!- shio [~shio@220.188.103.84.rev.sfr.net] has quit [Ping timeout: 272 seconds]
07:48 -!- master_o1_master [~master_of@p4FD7B2C3.dip0.t-ipconnect.de] has quit [Ping timeout: 252 seconds]
07:52 -!- shio [~shio@220.188.103.84.rev.sfr.net] has joined #openvpn
07:59 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
08:12 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
08:22 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:29 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
08:31 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
08:41 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:53 -!- goopen [~niclas@host-85-30-182-195.sydskane.nu] has joined #openvpn
08:54 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
08:55 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
08:56 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
08:56 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
09:03 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:24 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:27 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
09:38 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
09:43 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
09:44 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Client Quit]
09:45 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
09:46 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has joined #openvpn
09:47 < POQDavid> hi all my connection is working fine with MTU 1500 but i was wondering how i must set correct mtu for the tap and in config file
09:47 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
09:48 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Client Quit]
09:49 < POQDavid> is it 1492 or 1450???
09:55 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
09:56 < POQDavid> because my connection slows down after i use openvpn
09:58 < POQDavid> i am sure openvpn config or the tap is wrong so i set the correct mtu for openvpn if my max is 1500
10:02 -!- kaak [~kelledge@wsip-72-205-198-77.ks.ks.cox.net] has joined #openvpn
10:02 < kaak> how does the def1 option work? At the IP level, how does it accomplish the gateway redirection?
10:03 < kaak> And I guess most specifically, what are the routes it sets up?
10:05 < POQDavid> anyone here knows about MTU config in openvpn?
10:08 < goopen> hi, im trying to setup a TAP based openvpn server and use the existing dhcp on the host network, the documentation/faq says that I have to reserve an ip range in the dhcp config, is this necessary though? https://openvpn.net/index.php/open-source/faq/77-server/323-i-want-to-set-up-an-ethernet-bridge-on-the-1921681024-subnet-existing-dhcp.html
10:08 <@vpnHelper> Title: I want to set up an ethernet bridge on the 192.168.1.0/24 subnet. existing DHCP. (at openvpn.net)
10:09 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
10:10 < banco> POQDavid, if everything works fine with 1500 MTU, then leave it as it is. Smaller MTU values = smaller delay&smaller throughput, bigger MTU values = bigger delay&bigger throughput
10:10 < POQDavid> banco: so why default mtu for the tap was 1450
10:13 < POQDavid> banco: so i change the MTU for the tap to 1500 and how i can force MTU 1500 in config
10:13 < banco> "The TAP-Windows adapter MTU defaults to "1500" which is the required setting for ethernet bridging."
10:13 < banco> https://openvpn.net/index.php/open-source/documentation/install.html?start=1
10:13 <@vpnHelper> Title: Installation Notes (at openvpn.net)
10:13 < POQDavid> to make sure it's beaning used
10:15 < banco> POQDavid, http://serverfault.com/questions/521765/openvpn-to-host-tap-device-having-very-large-mtu
10:15 <@vpnHelper> Title: linux - OpenVPN to host tap device having very large MTU - Server Fault (at serverfault.com)
10:15 < goopen> I guess what I really wanna know is, if the the ip range which is going to be used by clients connecting to the openvpn server - is it defined on the dhcp server or is it managed by openvpn? in the server-bridge directive
10:17 < POQDavid> banco: thanks i will check it out
10:22 < banco> goopen, the ip/mask of the clients is managed by dhcp server
10:22 < banco> goopen, but see: Notes -- Setting TAP-Windows address/subnet automatically via DHCP
10:22 < banco> https://openvpn.net/index.php/open-source/documentation/install.html?start=1
10:22 <@vpnHelper> Title: Installation Notes (at openvpn.net)
10:22 < banco> goopen, The problem with getting addresses for VPN clients via DHCP is that you only want to get the IP address and subnet mask, not the gateway. Therefore in a bridge situation, a DHCP server must be able to differentiate between local clients and remote VPN clients.
10:28 < banco> kaak, It is described in manual, read about redirect-gateway
10:28 < kaak> banco: thanks! I'll pull up the man page
10:29 -!- CrazyyMaxx [CrazyyMaxx@ns364484.ip-188-165-236.eu] has joined #openvpn
10:30 -!- CrazyyMaxx [CrazyyMaxx@ns364484.ip-188-165-236.eu] has quit [Client Quit]
10:30 -!- CrazyyMaxx [CrazyyMaxx@2001:41d0:2:b743::] has joined #openvpn
10:32 -!- zylinx [uid43406@gateway/web/irccloud.com/x-cnysjrqzqjbplmhb] has quit [Quit: Connection closed for inactivity]
10:32 < POQDavid> banco: is this correct tun-mtu 1500 fragment 1400
10:32 < POQDavid> or both 1500
10:32 -!- baetheus [~brandon@null.pub] has joined #openvpn
10:39 < banco> POQDavid, if you use TAP device, then don't touch tun-mtu - it has no meaning for tap (at least based on manual). And also, are tou using udp or tcp protocol?
10:39 < POQDavid> tcp
10:39 < POQDavid> is that bad?
10:40 < banco> then fragment and mssfix does not make sense
10:40 < banco> read the ma
10:40 < banco> man
10:40 < banco> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
10:40 < POQDavid> whats this dev tun
10:40 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
10:41 < POQDavid> i am using a tap device but also i set dev tun
10:41 < banco> for dev tun tun-mtu is usable, but not fragment and mssfix
10:42 < POQDavid> banco: if i am using tap do i need to set to dev tap?
10:42 < banco> fragment and mssfix only makes sense when you are using the UDP protocol
10:42 < banco> well, yes?
10:42 < POQDavid> by tap means TAP-Windows Adapter V9
10:43 < POQDavid> right?
10:43 < DArqueBishop> POQDavid, the "TAP-Windows Adapter V9" interface is used for both tun and tap.
10:43 < POQDavid> wait let me pastebin my config
10:44 < DArqueBishop> !tunortap
10:44 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
10:44 <@vpnHelper> rooted/jailbroken) support only tun
10:46 < POQDavid> http://pastebin.com/gMh6Qr2b
10:49 < banco> POQDavid, well, you're using tun and tcp, so you can adjust your mtu with tun-mtu, but don't touch fragment or mssfix
10:49 < banco> POQDavid, to measure MTU you can use mtu-test
10:49 < banco> POQDavid, option in OpenVPN config
10:50 < goopen> banco: thanks for the reply. Im a bit confused here, so if I want to be able to connect to my homework as if Im there physically - yet im not. I have to use a TAP device and also the server-bridge directive. But if im using the server-bridge directive, do I actually need to use the remote networks dhcp server? Cuz I will do whatever is the easiest - I need TAP because I wanna pickup broadcasts etc and play video games.
10:50 < POQDavid> banco: ok
10:50 -!- KNERD [~KNERD@netservisity.com] has joined #openvpn
10:52 < goopen> banco: What confuses me is the part where (or by what) the ip address is assigned to the connecting client.
10:52 < goopen> banco: this "server-bridge 192.168.1.1 255.255.255.0 192.168.1.200 192.168.1.254" suggests to me that the openvpn server handles the assignation of ip addresses to the connecting clients - am I wrong?
10:53 < banco> goopen, https://openvpn.net/index.php/open-source/faq/77-server/323-i-want-to-set-up-an-ethernet-bridge-on-the-1921681024-subnet-existing-dhcp.html
10:53 <@vpnHelper> Title: I want to set up an ethernet bridge on the 192.168.1.0/24 subnet. existing DHCP. (at openvpn.net)
10:53 < banco> ah, you sq that one
10:53 < banco> saw*
10:54 < goopen> banco: yes thats the one im reading from right now. but it confuses me a bit hehe
10:56 -!- subscope [~subscope@195.56.66.6] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:56 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
10:58 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 260 seconds]
10:59 < banco> goopen, ok, man states that if you use server-bridge option without parameters, then DHCP from your LAN will handle the clients
11:00 < banco> goopen, or openvpn server may handle the clients ip/mask/gw
11:00 < banco> goopen, https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html
11:00 <@vpnHelper> Title: Ethernet Bridging (at openvpn.net)
11:00 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
11:01 < goopen> banco: thanks for clearing that up, so essentially I only need to hook one interface to a bridge upon runtime and then use the server bridge directive with parameters so openvpn will handle it. Since that seems easier than to mess with the local dhcp server :)
11:03 < banco> goopen, I didn't try it, but it should work like this. Just assign the different range on the subnet for OpenVPN clients from your LAN DHCP server
11:08 < goopen> banco: ill try this, thank you. Ill report back :)
11:08 < banco> goopen, good luck!
11:08 < POQDavid> banco: when or how i have to use mtu-test
11:09 < banco> POQDavid, To empirically measure MTU on connection startup, add the --mtu-test option to your configuration. OpenVPN will send ping packets of various sizes to the remote peer and measure the largest packets which were successfully received. The --mtu-test process normally takes about 3 minutes to complete.
11:11 < POQDavid> banco: so then i use the max on the both tap and config?
11:11 < banco> POQDavid, no, just config
11:12 < POQDavid> so just mtu-tun and i leave the tap to 1500
11:12 < banco> POQDavid, yes
11:12 < POQDavid> cool
11:13 < POQDavid> where i put the mtu test in the config
11:13 < banco> POQDavid, doesn't matter
11:13 < POQDavid> ok thanks a lot
11:17 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:22 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:24 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
11:27 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
11:33 -!- acu [~acu@24-159-215-148.static.roch.mn.charter.com] has joined #openvpn
11:36 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:38 < acu> Hello Guys - I want to install openvpn - I run Debian GNU/Linux Ver 8.2 and the repository version of openvpn is 2.3.4-5 - I notice that latest openvpn version is 2.3.8 and there are only repository for debian 7. (Wheezy) - I check the Debian Jessie (8.2) current stable version backports and there is no openvpn - so I would like to ask what would be best route - should I install openvpn 2.3.4-5 ? are the bugs and features backported t
11:38 < acu> o older version or 2.3.8 is significantly different ?
11:46 -!- albercuba [~albercuba@87.128.112.217] has quit [Ping timeout: 272 seconds]
11:50 < banco> acu, there is no significant difference, you can use 2.3.4 version just fine
11:53 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:55 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:56 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
12:03 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:06 < acu> banco thanks a bunch
12:07 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:18 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
12:22 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
12:26 -!- GerryMander [~quassel@unaffiliated/haxxed] has quit [Remote host closed the connection]
12:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:58 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
13:02 < POQDavid> ok guys i gtg take care bye
13:02 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"]
13:03 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
13:05 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:07 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
13:09 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:12 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
13:13 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
13:19 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
13:28 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has joined #openvpn
13:38 -!- Denial- [~Denial@82-69-28-228.dsl.in-addr.zen.co.uk] has joined #openvpn
13:52 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
13:54 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
14:03 -!- gmc [~gmc@freenode/sponsor/gmc] has joined #openvpn
14:03 < gmc> !welcome
14:03 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
14:03 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
14:04 < gmc> !goal
14:04 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
14:05 < gmc> hmm i guess my goal is to satisfy my curiosity as to why the TLS rekeying every hour would lead to an interruption of tunnel traffic of ~1 minute, and how to avoid interruption :)
14:10 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 240 seconds]
14:12 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
14:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
14:18 <@syzzer> gmc: hi :)
14:18 <@syzzer> why would you think it would lead to a one-minute interruption?
14:19 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 240 seconds]
14:21 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
14:23 < gmc> syzzer: hey :) coz i got annoyed with interruptions in applications, so decided to keep a ping to an upstream server open and correlate that with the openvpn log
14:24 < gmc> and for sure, the ping stops ponging every hour, right at the time that the log shows a TLS soft reset (which, if i'm not mistaken, indicates rekeying)
14:24 <@syzzer> gmc: is the TLS handshake very slow perhaps?  openvpn keeps the old data channel open, but since it's single-threaded, it will block while e.g. doing asymmetric crypto
14:26 <@syzzer> it should still process data packets in between handshake packets, I think
14:26 < gmc> how would i know? here's a snippet of the most recent log
14:26 < gmc> http://pastebin.ca/3270622
14:27 < gmc> seems like it renegs within a second
14:29 -!- wiz [~sid1@irc-gw.wiz.network] has joined #openvpn
14:30 < banco> check what happens on server and client side with verb 6
14:30 <@syzzer> no clue why that would result in one-minute traffic interruptions...
14:30 <@syzzer> it really shouldn't
14:34 < gmc> i always seem to end up in those code branches mark 'this shouldn't happen' :)
14:35 < banco> gmc, what's your verb level?
14:35 < gmc> 4 on the client atm
14:35 < banco> gmc, for my verb 2, tls renegatiation ends with "Initialization Sequence Completed" line
14:35 < gmc> changing to 6 now
14:35 < banco> maybe your renegatiation is not ending successfully
14:36 < gmc> hmm wouldn't the connection drop altogether then?
14:37 < gmc> hmm odd, the server only showed a reneg at 17:47.. not after that
14:37 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:38 < gmc> uhm, 18:47
14:38 < gmc> oh, i did check if the link outside the tunnel didn't give the problem, but ping to the openvpn server outside of the tunnel works fine
14:40 <@syzzer> and there's nothing in the logs during that minute?
14:40 <@syzzer> to get a bit more information, you could start logging with at least verb 5 (as banco suggested).  that will give you rw/RW indications about packets begin sent/received
14:41 < gmc> right, that'll probably slow down the connection a lot and fill up my logs in no time, but i'll gave that a try :)
14:42 < banco> gmc, just use mute option
14:43 <@syzzer> if you some speedup to compensate, switch to aes128 instead of bf ;)
14:43 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
14:47 -!- gmc [~gmc@freenode/sponsor/gmc] has quit [Ping timeout: 272 seconds]
14:47 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:48 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
14:49 < banco> gmc, regarding "Initialization Sequence Completed", I was wrong, got confused in log
14:54 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
14:54 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
14:55 -!- Hink [~Hink@146.115.152.96] has joined #openvpn
15:03 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
15:06 -!- Ryushin [user@windwalker.chrisdos.com] has joined #openvpn
15:06 -!- acu [~acu@24-159-215-148.static.roch.mn.charter.com] has quit [Quit: Leaving]
15:26 -!- debdog [~debdog@p549C9719.dip0.t-ipconnect.de] has joined #openvpn
15:29 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
15:32 -!- gmc [~gmc@freenode/sponsor/gmc] has joined #openvpn
15:33 < gmc> well.. that ended badly.. i'm going to revisit this issue some other time.. some idiot invited me for lunch at 7:45AM, and it's not the kind of invitation i can reject sadly
15:33 < gmc> thanks for your help so far!
15:39 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
15:45 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
15:49 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
15:52 -!- gmc [~gmc@freenode/sponsor/gmc] has quit [Ping timeout: 276 seconds]
15:52 -!- Hink [~Hink@146.115.152.96] has quit [Quit: Leaving]
15:54 -!- kraut [~kraut@blackhole.netzdeponie.de] has joined #openvpn
15:58 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 260 seconds]
16:03 < debdog> ahoy peopls! I am having a tiny issue whith running an openvpn server. I have to say, when it comes to network stuff I am total noob.
16:03 < debdog> I am following this guide: https://openvpn.net/index.php/open-source/documentation/howto.html
16:03 < debdog> when I start the brindging thingy my internet connection is lost.
16:03 <@vpnHelper> Title: HOWTO (at openvpn.net)
16:04 < debdog> openvpn version: https://dpaste.de/zQeX
16:04 < debdog> the bridge-start script: https://dpaste.de/RSw2/raw
16:05 < debdog> it seems it somehow configures eth0 to ipv6: https://dpaste.de/VLqu/raw
16:06 < debdog> which my oldish router does not speak
16:06 < debdog> any hint for solving this really appreciated!
16:08 < debdog> system is Devuan, if that matters
16:09 -!- GGBaby [~GitGud@unaffiliated/gitgud] has joined #openvpn
16:11 -!- GGBaby [~GitGud@unaffiliated/gitgud] has left #openvpn ["You're a poopiehead"]
16:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
16:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:13 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
16:17 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
16:27 < debdog> the output of dmesg for the duration of running the bridge-start script till I reset eth0 using /etc/init.d/network stop|start https://dpaste.de/sc9Q/raw
16:33 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:38 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
16:41 < debdog> hmm, might it be worth trying this approach: https://wiki.archlinux.org/index.php/OpenVPN_Bridge ß
16:41 <@vpnHelper> Title: OpenVPN Bridge - ArchWiki (at wiki.archlinux.org)
16:41 < debdog> s/ß/?/
17:00 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
17:01 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:02 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
17:14 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Remote host closed the connection]
17:15 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:17 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
17:17 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
17:28 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 260 seconds]
17:34 -!- bulle [~bulle@136.149.216.81.static.u-a.siw.siwnet.net] has quit [Ping timeout: 244 seconds]
17:35 -!- debdog [~debdog@p549C9719.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
17:40 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 260 seconds]
17:44 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:45 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
17:53 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
17:53 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has quit [Quit: Bye]
17:54 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
17:57 -!- Zzyzx is now known as THX1138
18:04 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
18:04 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
18:04 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
18:14 -!- debdog [~debdog@p549C9719.dip0.t-ipconnect.de] has joined #openvpn
18:14 < debdog> aight, ipv6 was not the problem
18:14 < debdog> a missing default route was. I've added a line to the bridge-start script:
18:15 < debdog> ip route add default via $ip_router dev $br
18:23 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
18:38 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
18:45 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has joined #openvpn
18:47 -!- AlmogBaku [~AlmogBaku@79.177.207.57] has joined #openvpn
18:47 -!- AlmogBaku [~AlmogBaku@79.177.207.57] has quit [Client Quit]
18:53 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has quit [Quit: Leaving]
19:01 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:11 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
19:13 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
19:29 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
19:29 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
19:44 -!- dhcpfreely [~dhcp_free@ec2-52-33-220-248.us-west-2.compute.amazonaws.com] has quit [Quit: segfault]
19:47 -!- dhcpfreely [~dhcp_free@ec2-52-33-220-248.us-west-2.compute.amazonaws.com] has joined #openvpn
20:35 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:35 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
20:36 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
20:36 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Ping timeout: 252 seconds]
20:45 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
21:02 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
21:16 -!- fling [~fling@fsf/member/fling] has joined #openvpn
21:23 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has joined #openvpn
21:29 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
21:34 -!- qg_ [~qg_@75-143-66-19.dhcp.aubn.al.charter.com] has joined #openvpn
21:36 < qg_> anybody there?
21:39 -!- banco [~BaN@212.164.222.212] has quit [Ping timeout: 272 seconds]
21:40 < qg_> I'm unable to ping/connect to any machine in my home network
21:40 < qg_> looking at nslookup, it's using 192.168.1.1 on my local connection which is not my openvpn network, what do I have misonfigured?
21:46 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
22:02 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
22:09 -!- qg_ [~qg_@75-143-66-19.dhcp.aubn.al.charter.com] has quit [Remote host closed the connection]
22:10 -!- Zzyzx is now known as THX1138
22:19 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:31 -!- qg_ [~qg_@75-143-66-19.dhcp.aubn.al.charter.com] has joined #openvpn
22:31 < qg_> how do I get my mac os x client to work with DNS on OpenVPN?
22:33 < qg_> anyone?
22:48 -!- qg_ [~qg_@75-143-66-19.dhcp.aubn.al.charter.com] has quit [Read error: Connection reset by peer]
23:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:07 -!- fahmad [~fahmad@unaffiliated/fahmad] has joined #openvpn
23:13 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 265 seconds]
23:18 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
23:20 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
23:25 -!- JujuZA [~Juju_ZA@105.229.171.237] has joined #openvpn
23:26 -!- JujuZA [~Juju_ZA@105.229.171.237] has quit [Client Quit]
23:27 -!- JujuZA [~JujuZA@105.229.171.237] has joined #openvpn
23:28 < JujuZA> !paste
23:28 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
23:28 < JujuZA> !config
23:28 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
23:29 < fahmad> can someone tell me how can i block all traffic on openvpn as and only allow port 80 and 443 through VPN ?
23:30 < fahmad> i have read about iptables.append ... but after that where i can put rules ?
23:41 < JujuZA> hello guys, here is the logs and configs and problem description for my issue https://gist.github.com/anonymous/e8402f4989dd7ef17287
23:41 <@vpnHelper> Title: my configs and problem description (OpenWrt Server to Windows Client) · GitHub (at gist.github.com)
23:42 < JujuZA> everything connects fine, but it seems no traffic wants to pass over the VPN interfaces ( i have verified with Wireshark on windows, and TCPDUMP on the Linux server)
23:51 -!- ShadniX [dagger@p5DDFDF02.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:52 -!- ShadniX [dagger@p5794185E.dip0.t-ipconnect.de] has joined #openvpn
23:54 -!- chantra [~chantra@unaffiliated/chantra] has quit [Quit: ZNC - http://znc.in]
--- Day changed Tue Nov 24 2015
00:01 < JujuZA> anyway guys, any help will be much appreciated, i dont believe there is too much wrong and its just something small, (i have entire IPtables and Windows firewall disabled)
00:02 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
00:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 276 seconds]
00:07 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
00:09 -!- extri [~extri@unaffiliated/xyk] has joined #openvpn
00:29 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 255 seconds]
00:57 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:57 -!- mode/#openvpn [+o mattock1] by ChanServ
00:57 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
01:18 -!- chantra [~chantra@unaffiliated/chantra] has quit [Quit: ZNC - http://znc.in]
01:19 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
01:24 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:39 -!- chantra [~chantra@unaffiliated/chantra] has quit [Quit: ZNC - http://znc.in]
01:40 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
01:44 < subzero79> JujuZA, have you created the forwarding zones in openwrt so traffic can pass back and fwd?
01:44 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
01:45 -!- chantra [~chantra@unaffiliated/chantra] has quit [Quit: ZNC - http://znc.in]
01:45 < JujuZA> hi subzero79 , yes i think I have because i followed the whole guide on the OpenWRT site
01:46 < JujuZA> please tell more and how do it test to see if thats not the problem?
01:46 < JujuZA> but shoulndt i be able to atleast ping my VPN gateway from the client?
01:47 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
02:00 -!- chantra [~chantra@unaffiliated/chantra] has quit [Quit: ZNC - http://znc.in]
02:04 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
02:26 < subzero79> JujuZA, you should be able to ping the server at this address 10.1.1.1
02:26 < JujuZA> Pinging 10.1.1.1 with 32 bytes of data:
02:26 < JujuZA> Request timed out.
02:26 < JujuZA> Request timed out.
02:27 < JujuZA> i did and even listened on the other side with tcpdump on tun0
02:27 < JujuZA> nothing is going throug
02:28 < subzero79> are you running the openvpn client as admin in windows?
02:28 < JujuZA> yes
02:28 < JujuZA> just made double sure
02:30 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
02:31 < JujuZA> tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
02:31 < JujuZA>           inet addr:10.1.1.1  P-t-P:10.1.1.1  Mask:255.255.255.0
02:31 < JujuZA> is that p-t-p not wrong?
02:31 < subzero79> that's openwrt adapter
02:32 < subzero79> is normal when you use topology subnet
02:32 < JujuZA> yeah
02:32 < JujuZA>  Connection-specific DNS Suffix  . :
02:32 < JujuZA>  Link-local IPv6 Address . . . . . : fe80::105c:5ee4:8ba9:c9e6%36
02:32 < JujuZA>  IPv4 Address. . . . . . . . . . . : 10.1.1.2
02:32 < JujuZA>  Subnet Mask . . . . . . . . . . . : 255.255.255.0
02:32 < JujuZA> windows side
02:33 -!- e7d [~e7d@31.222.198.45] has joined #openvpn
02:34 < JujuZA> when i ping from Openwrt with TCPdump running
02:34 < JujuZA> PING 10.1.1.2 (10.1.1.2): 56 data bytes
02:34 < JujuZA> 10:28:31.295380 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 6012, seq 0, length 64
02:34 < JujuZA> 10:28:32.305505 IP 10.1.1.1 > 10.1.1.2: ICMP echo request, id 6012, seq 1, le
02:34 < JujuZA> it can see the packets leaving
02:34 < JujuZA> but on windows host with wireshark nothing is arriving
02:35 < subzero79> an at the other side?
02:35 < subzero79> ok
02:35 < subzero79> in openwrt have you assigned tun0 to a logical interface
02:35 < JujuZA> config interface 'vpn0'
02:35 < JujuZA>         option ifname 'tun0'
02:35 < JujuZA>         option proto 'none'
02:35 < JujuZA>         option auto '1'
02:36 < JujuZA> its vpn0
02:36 < subzero79> that should do it at least to ping .1
02:37 < JujuZA> yeah
02:37 < JujuZA> im suspecting its something on the VPN layer
02:38 < JujuZA> also i have disabled the iptables firewall completely
02:38 < subzero79> what does the server log shows?
02:39 < subzero79>  they are in the paste
02:39 < subzero79> forgot
02:40 < subzero79> i see the server logs complaining about duplicate connectation
02:40 < JujuZA> there is only my windows PC
02:41 < subzero79> but is the same ip
02:41 < JujuZA> yes, server always give my pc 10.1.1.2
02:41 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
02:43 < JujuZA> https://gist.github.com/anonymous/4bb6740de6f86c5a8346
02:43 <@vpnHelper> Title: gist:4bb6740de6f86c5a8346 · GitHub (at gist.github.com)
02:43 < JujuZA> the status log
02:43 < JujuZA> only one client, which is me
02:45 < subzero79> i see,
02:46 < subzero79> what about the windows firewall have you tried turn it off?
02:48 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
02:48 -!- JujuZA [~JujuZA@105.229.171.237] has quit [Read error: Connection reset by peer]
02:49 -!- JujuZA [~JujuZA@105.229.171.237] has joined #openvpn
02:49 < JujuZA> windows firewall is off
02:50 < JujuZA> http://imgur.com/hO8zdKZ
02:50 <@vpnHelper> Title: Imgur: The most awesome images on the Internet (at imgur.com)
02:50 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
02:50 -!- fling [~fling@fsf/member/fling] has joined #openvpn
02:54 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:56 -!- e7d [~e7d@31.222.198.45] has quit [Quit: Leaving]
02:57 < subzero79> Can you pastebin the windows route table
02:57 < JujuZA> second.
02:57 < subzero79> also for testing purposes disable the def1 directive in the server
02:57 < JujuZA> https://gist.github.com/anonymous/7c064f811da9e4c1452d
02:57 <@vpnHelper> Title: routing table windows client · GitHub (at gist.github.com)
02:57 < JujuZA> i will do so now
02:58 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:05 < subzero79> besides is redirect-gateway def1
03:05 < subzero79> you have redirect-gateway def
03:07 < JujuZA> just removed it and restarted
03:07 < JujuZA> no difference..
03:08 -!- e7d [~e7d@31.222.198.45] has joined #openvpn
03:10 < subzero79>  option tun_mtu           '48000'
03:11 < subzero79>  JujuZA is easier to config the server this way !openwrt
03:11 < subzero79> !openwrt
03:11 <@vpnHelper> "openwrt" is In OpenWRT, the easiest way to supply configs with the stock init is to use the `option config /path/to/your/openvpn.conf` in your UCI stanza. This allows you to maintain a standard config file that OpenWRT can launch for you.
03:11 < JujuZA> is that mtu wrong ?
03:11 < JujuZA> must it be the same both sides?
03:11 < subzero79> instead of using those uci option here and list there
03:12 < subzero79> for the moment disable from  option sndbuf            '393216' to  list push    'rcvbuf 393216'
03:13 -!- debdog [~debdog@p549C9719.dip0.t-ipconnect.de] has left #openvpn ["part-y"]
03:15 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:15 < JujuZA> just changed it and restarted
03:15 < JujuZA> no difference
03:15 < JujuZA> maybe i must look into the client config abit?
03:15 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:17 < subzero79> I am trying to clean your config a little bit
03:17 < subzero79> the server one
03:18 < JujuZA> thank you man, i am very greatful for your help!!! i have been struggling for days with this
03:19 < subzero79> Ok, did you understand how to configure it with a path like the bot mentioned before?
03:19 < JujuZA> yes
03:19 < JujuZA> will do that...
03:22 < JujuZA> config openvpn 'myvpn'
03:22 < JujuZA> 	 option config /etc/config/openvpn.conf
03:22 < JujuZA>        
03:23 < JujuZA> my new 2 line config
03:24 < subzero79> yes
03:24 < subzero79> http://pastebin.com/csjCr92q
03:24 < subzero79> left the redirect gateway commented out for now
03:27 < JujuZA> root@GERMgw:~# uci show openvpn
03:27 < JujuZA> openvpn.myvpn=openvpn
03:27 < JujuZA> openvpn.myvpn.config=/etc/config/openvpn.conf
03:27 < JujuZA> root@GERMgw:~#
03:27 < JujuZA> so ive restarted, settings have taken effect. will test in a few seconds!
03:29 < subzero79> check is running in wrt with ps ax | grep openvpn
03:30 < JujuZA>  1339 nobody    3056 S    /usr/sbin/openvpn --syslog openvpn(myvpn) --write
03:30 < JujuZA>  1522 root      1168 S    grep openvpn
03:30 < JujuZA> running
03:30 < JujuZA> new configs used. both sides. same story...
03:31 < JujuZA> can i give you some keys to test with your client?
03:31 < subzero79> what version of openwrt are you running?
03:31 < JujuZA> attitude adjustment x86
03:32 < JujuZA> OpenWrt Attitude Adjustment 12.09
03:32 < subzero79> pretty old,
03:32 < subzero79> i would have to recreate in a VM
03:32 < JujuZA> i can upgrade it
03:33 < JujuZA> that would be better idea ?
03:34 < subzero79> the vpn is running as nobody, strange, I've used openwrt since BB to CC and DD
03:34 < subzero79> all run as root
03:34 < subzero79> but i did not use AA
03:35 < subzero79> i would upgrade to at least CC
03:43 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:50 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Quit: Textual IRC Client: www.textualapp.com]
03:54 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
03:58 -!- shiriru [~shiriru@84.238.181.198] has joined #openvpn
03:59 -!- Phrk_ [~dast@nl-lw0.204vpn.net] has joined #openvpn
03:59 < Phrk_> Hi, is there a way to execute a bash script *before* openvpn do everything ? (up and down don't do that)
04:02 < subzero79> Phrk_, would be that in the script that executes openvpn?
04:02 < subzero79> like init for example
04:02 < Phrk_> you mean i can execute openvpn in the script ?
04:04 < subzero79> well if you wre running in debian i guess you can tweak the init script of openvpn so it executes something before it starts
04:08 < Phrk_> good idea, do you know where systemd put the openvpn@vpn.service file?
04:08 < subzero79> haven't gone into systemd book yet....i am still on wheezy
04:09 < Phrk_> ok ^^
04:10 < subzero79> but you get the idea, anyway whats the purpose of that?
04:10 < subzero79> and why do up and down dont work for you in this particular case?
04:10 < subzero79> just curious
04:12 < Phrk_> i want to setup a linux network namespaces
04:12 < Phrk_> since i need to do a bridge, this desactivate ethernet connection and crash openvpn
04:13 < Phrk_> so i need to execute this script before openvpn and not after
04:13 < Mike--> Is there a way to tell openvpn to flush the local resolver after the vpn is established? (ipconfig /flushdns)?
04:16 < Phrk_> (with a namespaces i can go out of the vpn without stopping it)
04:16 < subzero79> sounds to advanced to me Phrk_
04:17 < subzero79> but my guess is you should create your own script that once it finishes starts openvpn
04:17 < Phrk_> yes, well i'm very new to linux world.
04:18 < subzero79> Mike--, you should look at up and route-up directives they can execute scripts
04:36 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:36 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:45 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:47 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:47 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
05:00 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
05:02 -!- dmilith is now known as dmilith2
05:03 -!- dmilith2 is now known as dmilith
05:05 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:08 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
05:16 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
05:21 -!- ade_b [~Ade@redhat/adeb] has quit [Client Quit]
05:23 -!- MalMen [~MalMen@xmr.link] has joined #openvpn
05:24 < MalMen> !paste
05:24 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
05:24 < MalMen> hi
05:26 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
05:26 < MalMen> i have tow machines connected between openvpn (one server and one client), the connection is successfull, but then the client cant ping the server and the server cant ping the client
05:26 < MalMen> https://gist.github.com/anonymous/d9ea19c792312929ea78
05:26 <@vpnHelper> Title: gist:d9ea19c792312929ea78 · GitHub (at gist.github.com)
05:26 < MalMen> here is my client setting, i think it may be an routing problem
05:33 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
05:51 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
05:52 -!- Cylindric [~mark.hanf@185.47.105.9] has left #openvpn ["Leaving"]
05:59 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
06:01 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:06 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:07 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
06:17 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 255 seconds]
06:19 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:20 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:44 -!- banco [~BaN@212.164.222.212] has joined #openvpn
06:49 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
06:50 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:50 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
06:52 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
07:02 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
07:46 -!- master_o1_master [~master_of@p4FD7B0C7.dip0.t-ipconnect.de] has joined #openvpn
07:49 -!- master_of_master [~master_of@p4FF246B0.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
07:55 < fahmad> can someone tell me how can i block all traffic on openvpn as and only allow port 80 and 443 through VPN ?
07:55 < fahmad> i have read about iptables.append ... but after that where i can put rules ?
08:04 < Phrk_> fahmad: this https://wiki.archlinux.org/index.php/OpenVPN#Prevent_leaks_if_vpn_goes_down ?
08:04 <@vpnHelper> Title: OpenVPN - ArchWiki (at wiki.archlinux.org)
08:05 < Phrk_> sorry i missunderstood your question
08:06 < Phrk_> but you can put a rules on tun0 to deny all port except 443 and 80
08:06 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:10 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit []
08:10 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:15 <@ecrist> fahmad: what you want to do isn't really a function of openvpn, rather the system firewall.
08:15 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:15 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 244 seconds]
08:16 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
08:17 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:19 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
08:19 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:22 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
08:23 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 250 seconds]
08:23 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:23 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 260 seconds]
08:28 -!- n31lw [~Neil@2604:6000:8041:5b00:f1b0:2712:42bf:f642] has joined #openvpn
08:28 -!- n31lw [~Neil@2604:6000:8041:5b00:f1b0:2712:42bf:f642] has left #openvpn ["Leaving"]
08:32 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has joined #openvpn
08:33 < spai> Question: I have a connection setup on windows. The server recognizes when the client is active and vice versa. Unfortunately when looking at network connections it still show indentifying and the client cannot ping the server or vice verse.
08:34 < spai> Also I get the TEST ROUTES: 0/0 succeeded spam
08:34 < spai> any ideas?
08:35 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
08:35 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
08:35 < banco> check your routes and ifconfig
08:38 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:38 < spai> Should the TAP device have the ip 10.8.0.4? windows seems to autoconfgure that and when I set it as static, netsh fails
08:49 < banco> yes, it should:
08:49 < banco> https://community.openvpn.net/openvpn/wiki/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode?
08:49 <@vpnHelper> Title: 273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode – OpenVPN Community (at community.openvpn.net)
08:57 < spai> Okay, that makes sense. Do you happen to have ane example of what the route should look like?
09:03 -!- toli [~toli@ip-62-235-196-248.dsl.scarlet.be] has quit [Quit: ZNC - http://znc.in]
09:06 -!- toli [~toli@ip-62-235-196-248.dsl.scarlet.be] has joined #openvpn
09:09 < banco> spai, http://pastebin.com/8ZTb0WKB
09:13 < spai> That does help quite a bit actually., Thanks! This is my first time using OpenVPN so I still need to figure out ccd files
09:23 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 255 seconds]
09:26 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
09:31 < spai> after entering the ifconfig option, that should change the IPv4 Address in ipconfig /all to 10.8.0.1 right?
09:32 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:33 < banco> if you mean "ifconfig 10.10.0.1 10.10.0.2" line in my server config, then it's for server IP address
09:33 < spai> yes sorry, I am using 10.8 instead of 10.10
09:34 -!- ghormoon [~ghormoon@ghorland.net] has quit [Max SendQ exceeded]
09:34 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
09:34 < spai> I guess my issue right now is still not being able to ping, and the TAP adapter reading as indentifying
09:35 -!- ghormoon [~ghormoon@ghorland.net] has quit [Max SendQ exceeded]
09:35 < banco> are you talking about server IP adress "that should change the IPv4 Address in ipconfig /all to 10.8.0.1"?
09:35 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
09:36 < banco> if yes, then yes, you're right
09:37 < spai> Yes, thats what I was saying, but it doesnt. It still reads as Auto configured 169.xxx.xxx.xxx
09:38 < banco> wait, are you talking about OpenVPN server? You have "ifconfig 10.8.0.1 10.8.0.2" option in your server config, but ipconfig /all in server shows 169.xxx.xxx.xxx&
09:38 < banco> ?*
09:38 < spai> correct
09:39 < banco> there something wrong then, check your logs
09:41 < banco> here is what I have with verb 2: http://pastebin.com/Qmu7Cc9u
09:42 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:43 < spai> http://pastebin.com/xQdUQD65
09:43 < spai> thats the log file I get
09:43 < banco> paste your config
09:44 -!- magic_ninja [~sparie1@unaffiliated/magic-ninja/x-4708782] has quit [Ping timeout: 260 seconds]
09:45 < spai> It's going to be very long since I havent remoeved any of the comments
09:45 < spai> http://pastebin.com/4veDtZEb
09:46 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
09:49 <@ecrist> spai: many verterans here won't read a config or log without some level of filtering
09:49 < banco> you have a problem with topology
09:49 <@ecrist> !configs
09:49 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
09:49 < banco> you use dev tap, but it always uses subnet topology
09:50 < banco> you need to use dev tun to use net30 topology
09:50 <@ecrist> who want to use net30 anymore?
09:50 < banco> ecrist, those who have windows clients?
09:51 <@ecrist> no
09:51 <@ecrist> Windows can do topology subnet for quite some time now
09:52 -!- JujuZA [~JujuZA@105.229.171.237] has quit [Read error: Connection reset by peer]
09:52 -!- JujuZA__ [~JujuZA@105.229.171.237] has joined #openvpn
09:52 < banco> hm, yeah, since OpenVPN 2.1 is almost extinct it's preferable
09:53 -!- Lzy [~lazy@cm-84.215.168.87.getinternet.no] has joined #openvpn
09:54 < Lzy> Hello :) I'm running Linux Mint 17.2 and I have some issues with my vpn. I'm currently using Mullvad and I have downloaded their configuration files as instructed, installed openvpn and openvpn-gnoe, restarted the service and imported the configuration. It connects, but I cannot get internet access. However, by copying the files to /etc/openvpn I get it working by going sudo service openvpn start
09:55 < Lzy> Problem is I'd like the gnome one to work so I can get it to connect at boot.
09:58 <@ecrist> What is Mullvad?
09:58 < Lzy> my vpn provider
09:58 <@ecrist> you're going to need to talk to them.
09:59 <@ecrist> or the gnome people
10:00 < Lzy> hm, when I go sudo services openvpn start it connects and works, is it any way to make this happen at boot, and is it safe since its sudo?
10:00 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
10:01 < spai> banco, I changed the dev to tun on both client and server and same issue arises. (sorry about not removing comments, I will do so next time)
10:01 <@ecrist> OpenVPN is generally going to require sudo (root) or some level of polkit and other black magic to make interface and routing changes.
10:03 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
10:03 -!- rhn [~rhn@unaffiliated/rhn] has joined #openvpn
10:04 < rhn> hi! I'm having trouble with OpenVPN - after not using it for a while, it starts but doesn't create a tapX network interface
10:04 -!- Lzy [~lazy@cm-84.215.168.87.getinternet.no] has quit [Quit: Leaving]
10:04 < rhn> I can see nothing relevant in the logs
10:05 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
10:07 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
10:08 < banco> spai, you have a mess in youe config, change "server 10.8.0.0 255.255.255.0" to "mode server", and comment out ifconfig-pool-persist option
10:09 < spai> I get Options error: --mode server requires --tls-server
10:09 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
10:13 < banco> add tls-server
10:14 < banco> though you can just use "server 10.8.0.0 255.255.255.0" and delete "push "topology net30"" and "ifconfig 10.8.0.1 10.8.0.2" from your config
10:15 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
10:15 < spai> ill try that since when I changed it to tls-server it said bad mode operator
10:16 < spai> it trys to add the routes but gets Warning: Route gateway is not reachable on any active network adapters: 10.8.0.2
10:19 < banco> did you run your openvpn as admin?
10:20 < spai> yes
10:21 < spai> http://pastebin.com/qDBT0Hc9
10:24 -!- toli [~toli@ip-62-235-196-248.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
10:24 < rhn> never mind, I used old certificate
10:26 -!- mistiry [~mistiry@2604:a880:1:20::19f:9001] has joined #openvpn
10:27 < mistiry> !welcome
10:27 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
10:27 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:27 -!- toli [~toli@ip-83-134-71-90.dsl.scarlet.be] has joined #openvpn
10:28 < mistiry> !goal 'I am having issues using the auth-user-pass-verify [script] get-env functionality; It does not seem that the 'password' environment variable is being set, if I wall message the values for getenv('username') and getenv('password') I only see values for username.
10:29 < mistiry> hm
10:29 < mistiry> not sure i did that !goal thing right
10:29 -!- rhn [~rhn@unaffiliated/rhn] has left #openvpn ["Konversation terminated!"]
10:29 < mistiry> !goal "I am having issues using the auth-user-pass-verify [script] get-env functionality; It does not seem that the 'password' environment variable is being set, if I wall message the values for getenv('username') and getenv('password') I only see values for username."
10:30 < mistiry> oh well...someone can tell me what i did wrong if i did....but, does anyone have any ideas?
10:31 < mistiry> And...I may have solved it myself :D
10:32 < banco> spai, try to change server option to "server 10.8.0.0 255.255.255.0 nopool"
10:33 < spai> same thing
10:33 < spai> I think the issue is the TAP Ethernet adaptor is not getting set to the right IP
10:35 < banco> spai, once again, to be sure, did you start your openvpn with Run as Administrator?
10:35 < spai> yes, on both client and server
10:37 < banco> maybe try to remove all tap devices from the system and install them again?
10:37 -!- Phrk_ [~dast@nl-lw0.204vpn.net] has quit [Quit: Leaving]
10:38 < banco> C:\Program Files\TAP-Windows\bin\deltapall.bat | C:\Program Files\TAP-Windows\bin\addtap.bat
10:40 < banco> or maybe you did change your tap device TCP/IP settings manually and left it with some static IP?
10:40 < spai> no it doesn't run if I set it to a static IP
10:43 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has quit [Ping timeout: 272 seconds]
10:44 < banco> mistiry, use script-security 3 option
10:49 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:53 < mistiry> banco: yes, you were correct, i thought i did that but i apparently had not. it is now accepting the username environment variable. thank you.
10:54 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
10:59 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
11:00 < spai> the worst part about this is it says client connected and shows the IP address I assigned using ifconfig, but it doesnt ping or test routes successfully
11:00 < banco> check the client routing table
11:00 < banco> and server as well
11:01 < banco> did you try to remove/add tap devices?
11:01 < spai> 10.8.0.0 255.255.255.0 10.8.0.1 on the client, using the server as a gateway it seems
11:02 < spai> yes I tried the remove/add
11:03 < spai> route exists on server as 10.8.0.0 255.255.255.0 10.8.0.2
11:03 -!- goopen [~niclas@host-85-30-182-195.sydskane.nu] has quit [Remote host closed the connection]
11:04 < banco> paste client and server ipconfig
11:07 < spai> http://pastebin.com/gMLZZznj
11:07 < spai> server route and ip
11:08 -!- mystica555 [~mystica55@97-118-190-159.hlrn.qwest.net] has quit [Ping timeout: 244 seconds]
11:09 < spai> http://pastebin.com/RAhqiW56
11:09 < spai> ip of client
11:10 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit []
11:10 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
11:10 < banco> set verb 5 and paste the logs
11:13 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:13 < spai> http://pastebin.com/rgG5EPCK
11:13 < spai> client
11:14 < spai> http://pastebin.com/jCwaJjaV
11:14 < spai> server
11:18 -!- sillysausage [~sillysaus@82.221.111.210] has joined #openvpn
11:21 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
11:25 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
11:27 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
11:32 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:32 -!- sillysausage [~sillysaus@82.221.111.210] has quit [Quit: WeeChat 1.2]
11:35 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
11:45 -!- jem^ [~jason@beastie.b0rken.org] has quit [Quit: leaving]
11:50 < banco> spai, try to restart dhcp-client service
11:59 < banco> if it won't help, try to reset winsock and execute these commands as admin "netsh winsock reset catalog" "netsh int ipv4 reset reset.log" and reboot afterwards
12:02 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has quit [Ping timeout: 246 seconds]
12:07 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has joined #openvpn
12:08 < spai> sorry, got DCed, yes that shows the IP in ipconfig
12:08 < spai> still unable to ping though
12:09 < banco> did you restart server and client?
12:11 < spai> yeah
12:11 < banco> paste ipconfig and routes for server and client
12:13 < spai> http://pastebin.com/45CuEjBn
12:13 < spai> server
12:13 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
12:14 < spai> http://pastebin.com/wvh5nDmc
12:14 < spai> client
12:16 < banco> the server tap adapter config is wrong
12:16 < banco> wrong netmask and dhcp server ip
12:16 < banco> maybe try to reboot the system
12:22 < spai> what should it look like? I thought we set the dhcp server to 10.8.0.0
12:23 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
12:25 < banco> like this http://pastebin.com/weTk5R9K
12:26 < banco> no, dhcp is not 10.8.0.0
12:33 < spai> hmmm, restart did not help
12:33 < banco> show your current server config
12:34 < banco> do you have firewall enabled?
12:36 < spai> http://pastebin.com/QSVgg49B
12:36 < spai> no firewall enabled
12:37 < banco> change to dev tun
12:38 < banco> and add change to "server 10.8.0.0 255.255.255.0 nopool"
12:38 < spai> client error, --dev tun also requires ifconfig
12:40 < banco> is this the server log error?
12:40 < spai> no that is from the slient log
12:41 < spai> server works
12:41 < banco> show the client config
12:41 < spai> dhcp server is now 10/8/0/2
12:41 < banco> good
12:41 < spai> http://pastebin.com/66WFmsR9
12:42 < banco> show the config
12:45 < spai> http://pastebin.com/vPLiuDW7
12:48 < banco> did you change server config to "server 10.8.0.0 255.255.255.0 nopool"?
12:48 < spai> yes
12:48 < banco> restart server and client once again
12:50 < spai> no luck
12:51 < banco> what's client ip address? same 169.x.x.x?
12:51 < spai> well it doesnt connect so it has no IP yet
12:55 < banco> what's in the ccd folder?
12:55 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-cixyrlfhyzuhljiq] has quit [Quit: Connection closed for inactivity]
12:55 < spai> client.txt
12:55 < banco> -_-
12:55 < spai> lol
12:56 < banco> what is the cn of the client?
12:56 < spai> sorry its what the guide said to do
12:56 < banco> rename the fine with the cn
12:56 < spai> cn?
12:56 < banco> common name
12:56 < spai> it is named client
12:56 < spai> for ease
12:57 < banco> rename it to client without .tt
12:57 < banco> .txt*
12:57 < banco> and what is the content of the file?
12:57 < spai> ifconfig-push 10.8.1.5 10.8.1.6
12:57 -!- shiriru [~shiriru@84.238.181.198] has quit [Quit: Leaving]
12:58 < banco> that's ok
12:59 < spai> huzzah!
12:59 < spai> you have saved me, removing the txt allowed it to wor
12:59 < spai> work*
12:59 < spai> thanks so much
12:59 < banco> finally
12:59 < spai> +10 internet points
13:17 -!- spai [~spai@71-13-37-198.dhcp.dlth.mn.charter.com] has quit [Quit: Leaving]
13:38 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
13:41 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:45 -!- ello_govna [~ello_govn@98.231.186.89] has joined #openvpn
13:48 < ello_govna> I've recently set up OpenVPN on pfsense and am able and connect to some resources as expected, but sometimes I'm unable to reach another service on the same host.  I.E. I can hit apache but not ssh.  No host firewall, and all any/any rules from the source to the dest.
13:51 < ello_govna> Any ideas why I wouldn't be able to access multiple services on the same host?
13:52 < banco> maybe mtu problem
13:53 < ello_govna> VM host networks support jumbo frames, but all the guests and their networks use default 1500
13:54 < ello_govna> I'd be less stumped if I couldn't access anything.  That I can access some services seems odd.
13:54 < ello_govna> There are also subnets that I seem to only be able to connect to certain hosts on
13:55 -!- qg_ [~qg_@75-143-66-19.dhcp.aubn.al.charter.com] has joined #openvpn
13:56 < banco> you can start with checking packets logs
13:57 < ello_govna> i.e. Do packet capture on VPN interface?
13:58 < banco> packets capture on server and client vpn interface
13:58 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 240 seconds]
13:59 < banco> and see if the packets that the client send will reach the server (ssh connection or whatever is not working)
14:00 < banco> if not, then it's most likely mtu
14:01 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
14:08 -!- qg_ [~qg_@75-143-66-19.dhcp.aubn.al.charter.com] has quit [Remote host closed the connection]
14:10 -!- leeyaa [5778dd2d@gateway/web/freenode/ip.87.120.221.45] has joined #openvpn
14:10 < leeyaa> hello
14:11 < leeyaa> i have an open vpn server on 192.168.0.4 (tun0 interface is at 10.10.10.1) and a remote network on 192.168.200.1 (tun0 interface is at 10.10.10.2). how to push a route to access 192.168.0/24 from 192.168.200.0/24 ?
14:11 < leeyaa> can i do it at server config ?
14:12 < leeyaa> i know i can use static routes on the remote router, but i would like to push routes from the server, so i dont have to change clients manually
14:16 < banco> https://community.openvpn.net/openvpn/wiki/RoutedLans
14:16 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
14:19 < leeyaa> ah thanks banco
14:20 < leeyaa> i forgot to enable ip forwarding on one of the machines
14:27 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
14:27 < wizbit> i am running openvpn on the latest version of pfsense
14:27 < wizbit> OpenVPN 2.3.8
14:27 < wizbit> when i transfer a file using nfs the cpu hits 100%
14:27 -!- mystica555 [~mystica55@75-166-119-26.hlrn.qwest.net] has joined #openvpn
14:27 < wizbit> my firewall uses a VIA 600mhz cpu
14:27 < wizbit> could my CPU be too slow for this version of openvpn?
14:32 < banco> this is not the OpenVPN version problem
14:32 < banco> what's your resulting throughput?
14:33 < banco> with 100% load cpu
14:36 < wizbit> its when i transfer a file over nfs
14:36 < wizbit> using my latop what is connected at 54mbps
14:36 < wizbit> 802.11g
14:36 < wizbit> the firewall hits 100% cpu and the transfer is dog slow
14:36 < wizbit> maybe cpu on firewall isnt fast enough
14:36 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:37 < banco> what's the specific value in KB/s or MB/s?
14:38 < wizbit> ill do some tests and report back but it isnt much for it to reach 100%
14:40 < banco> if it's around 1MB/s, then it's the insufficient CPU processing power
14:59 -!- yutu [~yutu@crb44-h03-87-88-248-201.dsl.sta.abo.bbox.fr] has joined #openvpn
15:01 -!- mistiry [~mistiry@2604:a880:1:20::19f:9001] has left #openvpn ["WeeChat 0.4.3"]
15:05 -!- yutu [~yutu@crb44-h03-87-88-248-201.dsl.sta.abo.bbox.fr] has quit [Quit: Leaving]
15:34 -!- mystica555 [~mystica55@75-166-119-26.hlrn.qwest.net] has quit [Remote host closed the connection]
15:35 -!- mystica555 [~mystica55@75-166-119-26.hlrn.qwest.net] has joined #openvpn
15:44 -!- chrisb [~chrisb@li482-205.members.linode.com] has joined #openvpn
15:50 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
15:50 < chrisb> dns lookups for some domains (freebsd.org, update2.freebsd.org) fail, but succeed when the vpn connection is off...why?  the resolver is unbound on freebsd
15:51 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
15:54 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
15:55 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Client Quit]
15:56 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
16:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
16:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:21 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
16:39 -!- leeyaa [5778dd2d@gateway/web/freenode/ip.87.120.221.45] has quit [Ping timeout: 246 seconds]
16:41 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
16:45 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
16:57 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:01 -!- DMA [~dma@190.146.128.106] has joined #openvpn
17:01 < DMA> Hello
17:01 < DMA> I just installed, configured and created certs and cfg files for a server and a client. When trying to connect the log stalls at this line in the client: Tue Nov 24 17:55:33 2015 MANAGEMENT: >STATE:1448405733,WAIT,,,
17:02 < DMA> Any ideas on why?
17:08 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:14 < DMA> Got the solution! :D
17:15 -!- DMA [~dma@190.146.128.106] has left #openvpn []
17:28 -!- chrisb [~chrisb@li482-205.members.linode.com] has quit [Ping timeout: 272 seconds]
17:35 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:40 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
17:54 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
17:57 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
18:14 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:15 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
18:29 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
18:44 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
19:00 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
19:08 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
19:18 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
19:20 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 260 seconds]
19:24 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:28 < mystica555> "Hi, i have this problem: ... oh wait, i fixed it, bye!"
19:28 < mystica555> i wish there was more often a 'how' i fixed it.
19:30 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
19:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:35 -!- ShadniX [dagger@p5794185E.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
20:37 -!- ShadniX [dagger@p5794185E.dip0.t-ipconnect.de] has joined #openvpn
20:56 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Read error: Connection reset by peer]
21:41 -!- r00t66 [~r00t66@2602:306:3593:9700::48] has joined #openvpn
21:52 -!- JujuZA__ [~JujuZA@105.229.171.237] has quit [Read error: Connection reset by peer]
21:52 -!- JujuZA__ [~JujuZA@105.229.171.237] has joined #openvpn
22:02 -!- JujuZA [~JujuZA@105.228.41.114] has joined #openvpn
22:03 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-xsrvgqzqbdfrhvdg] has joined #openvpn
22:04 -!- JujuZA__ [~JujuZA@105.229.171.237] has quit [Ping timeout: 240 seconds]
22:10 -!- fahmad [~fahmad@unaffiliated/fahmad] has quit [Ping timeout: 250 seconds]
22:12 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 272 seconds]
22:34 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
22:46 -!- ello_govna [~ello_govn@98.231.186.89] has quit [Ping timeout: 260 seconds]
22:47 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:17 -!- andy09usa [~andy@unaffiliated/andy09usa] has joined #openvpn
23:29 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:32 -!- banco [~BaN@212.164.222.212] has quit [Remote host closed the connection]
23:33 -!- banco [~BaN@212.164.222.212] has joined #openvpn
23:51 -!- ShadniX [dagger@p5794185E.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:51 -!- ShadniX [dagger@p57941DDC.dip0.t-ipconnect.de] has joined #openvpn
23:53 -!- r00t66 [~r00t66@2602:306:3593:9700::48] has quit [Quit: Leaving]
--- Day changed Wed Nov 25 2015
00:05 -!- fahmad [~fahmad@unaffiliated/fahmad] has joined #openvpn
00:12 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
00:34 -!- extri [~extri@unaffiliated/xyk] has left #openvpn []
00:35 -!- fling [~fling@fsf/member/fling] has joined #openvpn
01:18 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 252 seconds]
01:35 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-xsrvgqzqbdfrhvdg] has quit [Quit: Connection closed for inactivity]
01:37 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
01:38 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
02:08 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:49 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
03:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:51 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:59 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 272 seconds]
04:00 -!- themayor [~themayor@unaffiliated/themayor] has quit [Ping timeout: 272 seconds]
04:00 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
04:01 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
04:22 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:28 -!- X-Scale [~gbabios@2001:0:53aa:64c:0:6bf8:4d59:8d7b] has joined #openvpn
04:30 -!- X-Scale [~gbabios@2001:0:53aa:64c:0:6bf8:4d59:8d7b] has left #openvpn []
04:32 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
04:37 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
04:38 < f31n> hi, does anyone use openvpn + DNS pushing on a mac mashine here? - i ran into major problems ...
04:41 < MalMen> not using
04:41 < MalMen> but what problems ? just for note... and someone can help you
04:42 < f31n> situation as it is: i have openvpn running on a debian, with a bind9 server on it; and some windows clients using openvpn software to connect - everything is working perfectly
04:43 < f31n> i added to a mac the configuration (with viscosity) and i can't relsolve any dns from the server
04:44 < f31n> when i explicitly add the internal dns server i can only resolve the dns from the server and nothing else
04:44 < f31n> so the machine is not using fallback dns server as it meant to be
04:45 < f31n> and if i add a second dns server live 8.8.8.8 it ignores totally my local dns server
04:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
04:52 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:57 -!- agorecki [agorecki@S0106b8a38657b866.ok.shawcable.net] has joined #openvpn
04:58 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
05:00 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
05:05 -!- agorecki [agorecki@S0106b8a38657b866.ok.shawcable.net] has quit [Quit: Leaving]
05:23 -!- JujuZA__ [~JujuZA@105.229.224.231] has joined #openvpn
05:23 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:26 -!- JujuZA [~JujuZA@105.228.41.114] has quit [Ping timeout: 260 seconds]
05:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
05:51 -!- mode/#openvpn [+o mattock1] by ChanServ
06:08 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:58 -!- shio [~shio@220.188.103.84.rev.sfr.net] has quit [Quit: Leaving]
07:02 < fahmad> can someone tell me how can i block torrent while users are using my vpn connection
07:03 -!- banco [~BaN@212.164.222.212] has quit [Ping timeout: 250 seconds]
07:03 <@ecrist> fahmad: that can be difficult
07:03 <@ecrist> You can start by blocking access to the trackers
07:04 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:04 <@ecrist> but then it's a game of whack-a-mole
07:04 -!- banco [~BaN@212.164.222.212] has joined #openvpn
07:05 <@ecrist> Default ports are tcp/6881-6889,6969 and 8080
07:05 <@ecrist> most clients seem to fall back to port 80 if those ports aren't reachable.
07:14 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
07:16 < fahmad> hmm
07:19 < fahmad> so its impossible
07:19 <@ecrist> Not impossible, difficult.
07:19 <@ecrist> It's probably be easier to ask the user to stop
07:19 <@ecrist> or to not route all internet traffic over the VPN
07:22 < fahmad> ecrist: how can i add custom rules into OpenVPN Access Server ?
07:22 <@ecrist> !as
07:22 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
07:23 < fahmad> i went there but no answer :)
07:28 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:46 -!- master_of_master [~master_of@p4FD7BC80.dip0.t-ipconnect.de] has joined #openvpn
07:49 -!- master_o1_master [~master_of@p4FD7B0C7.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
08:13 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:16 <@dazo> fahmad: KR
08:16 <@dazo> L
08:16 <@dazo> fahmad: IRC and IM are instant messaging ... not instant answer
08:17 <@dazo> be patient, hang out on the channel ... and replies will eventually appear ... sometimes after a few minutes, other times after a few days
08:23 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
08:25 < fahmad> dazo: i know brother
08:31 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
08:35 -!- christobill [uid60328@gateway/web/irccloud.com/x-yqldvdwaktjlffrt] has joined #openvpn
08:37 < christobill> Hello guys! Has anyone ever tried routed lan/vlan as explained in http://backreference.org/2009/11/15/openvpn-and-iroute/ ?
08:37 <@vpnHelper> Title: OpenVPN and iroute « \1 (at backreference.org)
08:38 -!- e7d [~e7d@31.222.198.45] has quit [Quit: Leaving]
08:39 -!- AndChat484449 [~AndChat48@37.155.236.26] has joined #openvpn
08:42 -!- shio [marmottin@84.103.188.220] has joined #openvpn
08:48 -!- DMA [~dma@190.146.128.106] has joined #openvpn
08:54 -!- fahmad [~fahmad@unaffiliated/fahmad] has quit []
08:55 < banco> christobill, is there a problem with it?
08:58 < christobill> I wonder if any additional iptables config are needed. Because my nodes from VLAN C cannot ping nodes from VLAN A
09:02 < banco> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
09:02 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
09:03 < banco> you can disable firewall drop rules to check if it blocks vpn traffic
09:04 < AndChat484449> Hi , I have problem with connecting to openvpn ,private tunel, and tor via my university network, but there is no problem with connecting via other network like 3g. I can connect port like 8080, 88, 80. But i havent access to 443. I tried to change tcp port to 8080 , but client still cant connect. Any help is welcome.
09:04 < christobill> thanks banco. I'm going to check this out
09:07 < banco> AndChat484449, how exactly are you trying to connect? PC -> TOR -> VPN -> Internet?
09:14 < DArqueBishop> AndChat484449, it's very likely that the university network blocks those protocols.
09:16 < AndChat484449> I have installed openvpn client on both pc and android. And openvpn as runnig on cloud server.
09:17 <@ecrist> AndChat484449: you should talk to the folks in #openvpn-as
09:17 <@ecrist> that's the commercial side of OpenVPN
09:22 <@dazo> christobill: you need to consider firewalling on all VPN clients and the server as well, so that cross-subnet access is allowed
09:32 -!- AndChat484449 [~AndChat48@37.155.236.26] has quit [Ping timeout: 240 seconds]
09:32 < christobill> https://www.irccloud.com/pastebin/YKCw5AE0/What%20I%20get%20when%20a%20node%20%22a%22%20tries%20to%20ping%20gwC
09:32 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
09:34 < christobill> Doesn't seem  to head in the right direction
09:42 < banco> is 46.x.x.254/46.x.x.253 - default gw for node "a"?
09:48 < christobill> No I guess it belongs to my cloud provider. Not one of my machines, I just checked
09:48 < banco> check your routes
09:49 < banco> check if gwc 10.x.x.x subnet is routed to the cloud provider
09:50 < banco> instead of gwA LAN ip
09:50 < banco> (default gateway, I assume?)
09:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
09:56 < christobill> https://www.irccloud.com/pastebin/nzRqjxtI/routes%20on%20node%20a%20(non%20ovpn%20node)%2010.aaa.0.0%20being%20A%20subnet
09:57 < banco> is 10.aaa.0.0/24 and 10.x.0.0/24 (from 10.x.x.190) is the same subnet?
09:59 < christobill> no 10.x.x.190 is in the subnet C
10:00 -!- somis [~somis@67.205.112.74] has joined #openvpn
10:01 < banco> well, to make it work, you need the gwA to be default gw for the network A machines
10:01 < banco> but in your case the default gw is different - 178.x.x.1
10:02 < banco> so you need to add to every network A machines the route to VPN networks via gwA network A IP
10:02 -!- JujuZA__ [~JujuZA@105.229.224.231] has quit [Read error: Connection reset by peer]
10:02 -!- JujuZA__ [~JujuZA@105.229.224.231] has joined #openvpn
10:04 < christobill> Ok that makes sense. Thanks banco!
10:29 < christobill> https://www.irccloud.com/pastebin/5IhbolW5/Trying%20to%20add%20route%20to%2010.ccc.0.0%20via%20gwA
10:30 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
10:30 < christobill> Did I do something wrong?
10:30 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
10:32 < banco> can you ping 10.ccc.x.190 from 10.aaa.gwa.206?
10:33 < banco> and can you even ping 10.aaa.gwa.206 from node "a"?
10:34 < MalMen> i want to set an static ip to an client, its and server side configuration or client side configuration ?
10:34 < MalMen> when i try to change the ip with ifconfig i lost the connection to the vpn
10:35 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:36 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
10:36 < banco> MalMen, see client-config-dir option
10:36 < christobill> I can ping 10.aaa.gwa.206 from node "a" and I can ping 10.ccc.x.190 from 10.aaa.gwa.206
10:37 -!- DMA [~dma@190.146.128.106] has quit [Ping timeout: 276 seconds]
10:38 < banco> christobill, paste 10.aaa.gwa.206 routes
10:44 < christobill> https://www.irccloud.com/pastebin/AeJN89hn/
10:47 < banco> christobill, enable iptables logging and see what happens with connection from node "a" to 10.ccc.x.190, for example, with telnet 10.ccc.x.190 to some port
10:47 < banco> logging on 10.aaa.gwa.206
10:52 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
10:55 -!- PerfDave [~grimoire@fsf/member/perfdave] has joined #openvpn
11:00 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
11:11 -!- DMA [~dma@190.146.128.106] has joined #openvpn
11:11 < christobill> I've got load of iptables logs on 10.aaa.gwa.206
11:15 < infernix> does anyone know what's up with LZO compression in the OpenVPN Connect clients?
11:15 < infernix> I can't get it to work with OpenVPN 2.3.x
11:15 < infernix> only when i explicitly disable lzo and don't use either comp-lzo yes or adaptive, all I get is  Bad LZO decompression header byte: 0
11:15 < infernix> other openvpn 2.3.x clients on linux/windows/osx boxes work fine
11:16 < infernix> it's just the OpenVPN connect on IOS and Android that refuse to work
11:16 < banco> christobill, telnet from node "a" to 10.ccc.x.190 on some port like 9999 and grep iptables log with "TP=9999"
11:20 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
11:21 < banco> infernix, try to ask this on #openvpn-as
11:30 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
11:38 < PerfDave> I have to run a VPN service for users over a variety of connections (mixture of tun/tap, tcp/udp but all routed). I'm planning to use say 10.40.0.0/16 as my namespace, and carve out /20s from that for each connection. Do I need to do anything clever here, or just push the full 10.40.0.0/16 route to each client no matter where they connect?
12:05 < christobill> https://www.irccloud.com/pastebin/gZlcgt8t/Cannot%20telnet%2010.ccc.x.190%20but%20cannot%20telnet%2010.aaa.gwa.206
12:07 < christobill> Is that normal, I don't have any iptables rules other than ACCEPT rules?
12:08 < banco> do you have ACCEPT policy for every chains?
12:11 < banco> do you have IP forwarding enabled on 10.aaa.gwa.206 and 10.ccc.x.190?
12:12 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
12:17 < christobill> https://www.irccloud.com/pastebin/o8xwRI4U/iptables%20on%20gwA%20(cluster-master1)
12:18 < christobill> https://www.irccloud.com/pastebin/vO1apNRM/
12:18 < banco> iptables -t nat -L -n -v --line-numbers ?
12:20 < christobill> https://www.irccloud.com/pastebin/eitvoAEJ/%20iptables%20-t%20nat%20-L%20-n%20-v%20--line-numbers%20on%20gwA
12:21 < banco> so do you see any connections in iptables log when you telnet to 9999 port?
12:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
12:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:26 < christobill> https://www.irccloud.com/pastebin/3I7paP8K/when%20telnet%2010.aaa.gwa.206%209999%20from%2010.aaa.x.219
12:27 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
12:28 < banco> well, ok, that was the telnet 10.aaa.gwa.206 9999? what about telnet 10.ccc.x.190 9999?
12:29 -!- PerfDave [~grimoire@fsf/member/perfdave] has left #openvpn ["Sorteeed"]
12:30 < MalMen> on vpn server how can i set default gw to another ip ?
12:30 < MalMen> its an openvpn config or need to redirect the trafic throw iptables ?
12:30 < christobill> nothing in the iptables logs on 10.aaa.gwa.206 when I telnet 10.ccc.x.190 9999
12:30 < banco> christobill, add the logging in prerouting and postrouting chains and rename each chain logs accordingly so we can distinguish them
12:32 < banco> christobill, do you have firewall on the client?
12:32 < banco> MalMen, set default gw for the clients?
12:33 <@ecrist> MalMen: it's an option to the push argument
12:33 <@ecrist> !def1
12:33 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
12:33 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Ping timeout: 240 seconds]
12:33 -!- Savemech [Savemech@gateway/shell/firrre/x-mhzkyeiunqwqrrcq] has quit [Ping timeout: 240 seconds]
12:36 -!- u0m3 [~u0m3@89.120.204.99] has quit [Read error: Connection reset by peer]
12:39 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
12:43 -!- Savemech [Savemech@gateway/shell/firrre/x-syythiuurmdzpgjn] has joined #openvpn
12:46 < christobill> https://www.irccloud.com/pastebin/HofxZGbO/when%20I%20telnet%2010.aaa.gwa.206%209999%20(ie%20prerouting%20log%20is%20working)
12:47 < christobill> But still nothing in the iptables logs on 10.aaa.gwa.206 when I telnet 10.ccc.x.190 9999 from node "a"
12:47 < banco> do you have firewall on node "a"?
12:48 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
12:48 < banco> what's with it rules?
12:48 -!- dazo is now known as dazo_afk
12:49 < christobill> the firewall rules are the same on "a" and on "gwA"
12:51 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 264 seconds]
12:52 < banco> show the current node "a" routing table
12:53 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
12:54 < christobill> https://www.irccloud.com/pastebin/NPgP4Bby/route%20on%20node%20%22a%22
12:57 < banco> do you have correct subnet and mask (10.ccc.0.0 255.255.248.0) to reach 10.ccc.x.190?
12:59 < banco> if yes, then enable iptables logging on node "a" and see what's going on with telnet 10.ccc.x.190 9999
13:01 < christobill> ifconfig 10.ccc.2.190 > inet 10.ccc.2.190 netmask fffff800 > 10.ccc.0.0 255.255.248.0
13:03 < banco> yes, that's correct, try to see the logs on node "a" then
13:09 < christobill> https://www.irccloud.com/pastebin/fFso6g6e/when%20I%20telnet%2010.ccc.2.190%209999%20from%20%22a%22
13:19 < banco> what's the output of "ip r get 10.ccc.2.190" on node "a"?
13:26 < banco> ah, wait, there is problem with gwA routes, "10.ccc.0.0      10.9.8.2        255.255.248.0   UG    0      0        0 tun0" where is this 10.9.8.2 gw?
13:27 < banco> or it's tun0 if ip?
13:53 < christobill> it comes from the server.conf > route 10.ccc.0.0 255.255.248.0 10.9.8.2
13:54 < banco> where is the route to 10.9.8.2 then?
13:54 < banco> what's ip a tun0?
13:55 < christobill> associated with ccd/gwC ifconfig-push 10.9.8.2 255.255.248.0
13:56 < christobill> and the corresponding iroute
13:56 < banco> what's ccd/gwA?
13:56 < MalMen> I have an openvpn server, and want to use another ip inside openvpn network to do the gateway, how can i do that ?
13:56 < MalMen> i already tryed google for hours
13:57 < christobill> gwA is the server so no ccd
13:57 < banco> what's the ifconfig in server config then?
13:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
13:59 < banco> MalMen, you mean to route all the clients traffic from OpenVPN clients via one of OpenVPN clients instead of via OpenVPN server?
14:00 < christobill> server.conf > ifconfig 10.9.8.1 255.255.255.0 (the netmask above are also /24)
14:01 < MalMen> banco yes, i want to do that
14:01 < banco> christobill, then there should be "10.9.8.0/24 dev tun0  proto kernel  scope link  src 10.9.8.1" in your gwA routes
14:01 < banco> christobill, what's with this route? "10.8.1.0        *               255.255.255.0   U     0      0        0 tun0"
14:03 < MalMen> banco, it is possible ?
14:03 < MalMen> well, it must be possible, i just didnt figure out how yet
14:03 < banco> MalMen, use iroute to all subnets in that client ccd and push the routes to all subnets
14:03 < banco> https://forums.openvpn.net/topic13095.html
14:03 <@vpnHelper> Title: OpenVPN Support Forum iroute 0.0.0.0 0.0.0.0 or alternatives : Routing and Firewall Scripts (at forums.openvpn.net)
14:04 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
14:04 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:05 < MalMen> my vpn server ip is 10.8.0.1, the vpn client that i want to use as gateway is 10.8.0.2
14:06 < MalMen> how do i set it with iroute ? i already was checking i have push iroute 10.9.0.0. 255.255.0.0 to enable my openvpn clients access to pptp clients
14:08 < banco> in the server config file you need to push "route 1.0.0.0 255.0.0.0" ... push "route 255.0.0.0 255.0.0.0" and in your vpn client 10.8.0.2 ccd file you need to add iroute 1.0.0.0 255.0.0.0 ... iroute 255.0.0.0 255.0.0.0
14:09 < banco> you need to add push*
14:09 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
14:10 < banco> that's a bit of a hack, but I don't know any other ways
14:11 < MalMen> why route 1.0.0.0 ?
14:11 < banco> ah, and add option max-clients 300
14:12 < banco> MalMen, you can't override default gw on the clients, but you can add 255 routes to all the network subnets that will override default gateway
14:12 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 276 seconds]
14:13 < banco> you can't change default gateway*
14:21 < MalMen> banco didnt do the tric
14:21 < banco> did you check the routes on the clients?
14:22 < MalMen> !paste
14:22 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
14:23 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
14:26 < MalMen> i am compiling an paste with all configs and all routes
14:26 < banco> ok
14:28 < MalMen> https://paste.kde.org/pq3dx1mzy/capcx4
14:29 < banco> you don't get it
14:29 < banco> you need not just 1.0.0.0 255.0.0.0 and 255.0.0.0 255.0.0.0
14:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
14:29 < banco> you need all the 255 subnets
14:29 < banco> 255 lines
14:29 < MalMen> wtf :O
14:29 < banco> from 1 to 255
14:29 < MalMen> on 10.8.0.2 ?
14:30 < banco> in server config push .. and in ccd file for 10.8.0.2 iroute
14:32 < banco> wait
14:32 < banco> your config is wrong
14:32 < banco> read about client-config-dir
14:32 < banco> you need to add iroute in ccd on server
14:32 < banco> not in the client config dile
14:33 < banco> file*
14:47 < christobill> Ok banco there might be a problem with this route. Time to call it a day for me. Thanks for all the tips
14:48 < banco> christobill, ok, good night
14:50 -!- stemid [~avatar@vpn.sydit.se] has joined #openvpn
14:51 < stemid> I want to start a dnsmasq service in --up script but I keep getting the error WARNING: Failed running command (--up/--down): external program exited with error status: 1
14:51 < stemid> I have script-security 2
14:52 < stemid> my up script is simply #!/bin/bash shebang and sudo /bin/systemctl start dnsmasq, two lines.
14:52 < stemid> I have allowed the openvpn user to run that sudo command
14:53 < banco> chroot?
14:54 < stemid> no
14:54 < banco> try to echo in some file to test the script
14:54 < stemid> also I've tried becoming the openvpn user and running the up/down scripts without error. I tried echo "test" > /tmp/test.log and openvpn started then but the test.log file was never created.
14:55 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:56 < stemid> I replaced echo with logger -t openvpn_test -p local0.info testar and that worked, I could see the message.
14:56 < stemid> maybe if I try sudo logger, see what happens
14:57 < stemid> then it fails
14:58 < stemid> I think I need to write a wrapper that uses sudo https://community.openvpn.net/openvpn/wiki/UnprivilegedUser
14:58 <@vpnHelper> Title: UnprivilegedUser – OpenVPN Community (at community.openvpn.net)
14:58 < MalMen> banco didnt work
14:59 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
15:00 < MalMen> https://paste.kde.org/pkrpnjgx5
15:00 < MalMen> this are my routes on my client pc now
15:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
15:04 < banco> stemid, I tried up script with echo and it worked fine for me. Config with chroot, user nobody and group nogroup
15:05 < banco> MalMen, client that is gw 10.8.0.2 or other client?
15:06 < banco> MalMen, also, paste the configs
15:09 < banco> stemid, try to use just run command in up option, instead of script: up "/bin/echo test > /tmp/2312312312"
15:16 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:23 < MalMen> one momment
15:29 < MalMen> hmmmm
15:29 < MalMen> one issue
15:29 < MalMen> Wed Nov 25 16:22:27 2015 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
15:29 < MalMen> on clinet 10.8.0.2
15:29 < MalMen> i am using like this
15:29 < MalMen> push iroute 2.0.0.0 255.0.0.0
15:29 < banco> dont push it
15:29 < banco> just iroute
15:29 < banco> show the configs
15:29 < MalMen> hmmm
15:29 < MalMen> ok
15:31 < MalMen> Options error: option 'iroute' cannot be used in this context (pop.conf)
15:31 < banco> paste configs
15:32 < MalMen> https://paste.kde.org/pkzaqgxog
15:32 < MalMen> i just removed the push iroute from 10.8.0.2 to just iroute
15:33 < banco> [02:26:24] <banco> your config is wrong
15:33 < banco> [02:26:38] <banco> read about client-config-dir
15:33 < banco> [02:26:57] <banco> you need to add iroute in ccd on server
15:33 < banco> [02:27:04] <banco> not in the client config file
15:40 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
15:40 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
15:44 -!- AndyML [~quassel@unaffiliated/andymli7] has joined #openvpn
15:45 < AndyML> My iOS client is giving me "PolarSSL: SSL read error : SSL - A fatal alert message was received from our peer". I'm able to connect from other clients (that don't use PolarSSL, I presume.) I would love some advice, as I can't find anything online about workarounds or even proper fixes...
15:48 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:50 < MalMen> banco, i think this soluction make my service slow
15:50 < MalMen> there is no other way like redirect from 10.8.0.1 to 10.8.0.2 with iptables ?
15:54 < banco> what do you mean with slow? bigger bing? less throughput?
15:54 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 265 seconds]
15:55 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 250 seconds]
15:55 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
15:55 < banco> there shouldn't be a big impact on throughput, as toute lookup is happen only once when connection is being established
15:55 < banco> route lookup*
15:56 < banco> and mere 260 routes in table is not a big number
16:01 -!- Denial [~Denial@81.141.18.138] has joined #openvpn
16:01 -!- Denial- [~Denial@82-69-28-228.dsl.in-addr.zen.co.uk] has quit [Ping timeout: 276 seconds]
16:09 < MalMen> i am leaving
16:10 < banco> ok, bye
16:27 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 260 seconds]
16:32 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
16:47 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:00 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
17:15 < beeloo> bye everyone, thank you for your help
17:15 -!- beeloo [~beeloo@mimas.xoclock.com] has left #openvpn []
17:17 -!- fearnothing [~nothing@unaffiliated/fearnothing] has quit [Remote host closed the connection]
17:39 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:41 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Ping timeout: 240 seconds]
17:48 < _FBi> thanks for all the fihs
17:48 < _FBi> fish
17:52 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Read error: Connection reset by peer]
17:53 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
17:54 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
17:56 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
18:01 -!- mystica555 [~mystica55@75-166-119-26.hlrn.qwest.net] has quit [Remote host closed the connection]
18:05 < occupant> so this isn't my first server config, but I feel like I'm overlooking something simple... if I've added my postrouting rule in iptables, what else could be preventing client from reaching the blocks I'm trying to route?
18:11 -!- s7eele [~AndChat52@162.216.46.30] has joined #openvpn
18:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Read error: Connection reset by peer]
18:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:19 -!- mystica555 [~mystica55@75-166-119-26.hlrn.qwest.net] has joined #openvpn
18:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Quit: Adious]
18:32 -!- mystica555_ [~mystica55@97-118-103-175.hlrn.qwest.net] has joined #openvpn
18:34 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:35 -!- mystica555 [~mystica55@75-166-119-26.hlrn.qwest.net] has quit [Ping timeout: 240 seconds]
18:42 -!- apoc_ [~apoc@perimeter3.nwt.fhstp.ac.at] has joined #openvpn
18:43 < apoc_> hi! Can someone give me a hint why this config doesn't work? http://pastebin.com/w4RfsZuK (server.conf and error printed)
18:43 < apoc_> I just updated the deprecated tls-cipher names
18:48 < apoc_> OpenVPN version 2.3.4
18:55 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:04 < apoc_> I assume there snuck in some faulty character in line 13, but I just can't find it..
19:05 < _FBi> crazy cipher names man
19:08 < _FBi> one sec, I might've found it
19:08 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
19:09 < apoc_> yeah, openvpn has been printing this for a while http://pastebin.com/TmZ0HmsE ..thought I should update my config
19:10 < AndyML> apoc_: TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA i suspect
19:10 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
19:11 < AndyML> of course, there it is in your log as the recommended name so i'm probably wrong
19:17 -!- goopen [~niclas@host-85-30-182-195.sydskane.nu] has joined #openvpn
19:18 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
19:19 < apoc_> I think the config file is not read properly. I added a line break after the first cipher and commented the rest in the new line..
19:19 < apoc_> now the line, starting with # throws the error
19:22 < apoc_> is there some sort of character limitation per configuration line? pretty much seems like that to me
19:22 < _FBi> maybe an exploit ;)
19:23 < _FBi> goodnight ninjas
19:24 < apoc_> I'm investigating
19:27 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 240 seconds]
19:28 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
19:29 -!- mode/#openvpn [+o dazo_afk] by ChanServ
19:29 -!- dazo_afk is now known as dazo
19:32 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
19:36 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:42 -!- apoc_ [~apoc@perimeter3.nwt.fhstp.ac.at] has quit [Quit: leaving]
20:09 -!- apoc_ [~apoc@perimeter3.nwt.fhstp.ac.at] has joined #openvpn
20:09 < apoc_> Where in the source of OpenVPN are the configuration lines read?
20:23 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
21:34 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Remote host closed the connection]
21:36 -!- apoc_ [~apoc@perimeter3.nwt.fhstp.ac.at] has quit [Ping timeout: 260 seconds]
21:37 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
21:39 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 240 seconds]
21:39 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 240 seconds]
21:40 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
21:43 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
21:50 -!- somis [~somis@67.205.112.74] has quit [Quit: Leaving]
22:00 -!- Eugene is now known as fcktasarausrex
22:02 -!- JujuZA__ [~JujuZA@105.229.224.231] has quit [Read error: Connection reset by peer]
22:02 -!- JujuZA___ [~JujuZA@105.229.224.231] has joined #openvpn
22:18 -!- JujuZA___ [~JujuZA@105.229.224.231] has quit [Read error: Connection reset by peer]
22:24 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 244 seconds]
22:26 -!- toli [~toli@ip-83-134-71-90.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
22:27 -!- toli [~toli@ip-83-134-71-65.dsl.scarlet.be] has joined #openvpn
22:49 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
23:01 -!- agorecki [agorecki@S0106b8a38657b866.ok.shawcable.net] has joined #openvpn
23:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 252 seconds]
23:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:25 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: bath]
23:35 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
23:43 -!- kappri [~kappri@116.68.120.150] has joined #openvpn
23:44 < kappri> can anyone tell how people get free mobile data using openvpn???
23:44 < kappri> i dont want the config file
23:44 < kappri> i want to know how it works
23:44 < kappri> !hours
23:47 < kappri> !welcome
23:47 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
23:47 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
23:48 -!- ShadniX [dagger@p57941DDC.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:50 -!- ShadniX [dagger@p57941AFA.dip0.t-ipconnect.de] has joined #openvpn
23:53 -!- kappri [~kappri@116.68.120.150] has quit [Quit: Leaving]
--- Day changed Thu Nov 26 2015
00:06 -!- banco [~BaN@212.164.222.212] has quit [Ping timeout: 250 seconds]
00:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:35 -!- mode/#openvpn [+o mattock1] by ChanServ
00:41 -!- s7eele [~AndChat52@162.216.46.30] has quit [Ping timeout: 240 seconds]
01:06 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
01:06 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
01:12 -!- wizbit [~wizbit@unaffiliated/wizbit] has left #openvpn []
01:26 < agorecki> How can I configure my router to authenticate certain hosts so that it know it's not passing on traffic to a VPN from untrusted computers? That as opposed to using the router as a VPN server, requiring all clients to connect to it, then having it connect to other VPN servers as part of a bigger network
01:27 < agorecki> Maybe that's a better idea. Each client pc would have two ip addresses, but I was curious about doing it the other way...
01:31 -!- u0m3_ [~u0m3@89.120.204.99] has joined #openvpn
01:33 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
01:33 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 265 seconds]
01:33 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 265 seconds]
01:33 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 265 seconds]
01:33 -!- Schrottfresse [~quassel@schrottfresse.de] has quit [Ping timeout: 265 seconds]
01:34 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 265 seconds]
01:34 -!- jeev_ [~j@unaffiliated/jeev] has quit [Ping timeout: 265 seconds]
01:34 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
01:34 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 265 seconds]
01:34 -!- goopen [~niclas@host-85-30-182-195.sydskane.nu] has quit [Ping timeout: 265 seconds]
01:34 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 265 seconds]
01:34 -!- Matir [~matir@ubuntu/member/matir] has quit [Ping timeout: 265 seconds]
01:34 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 265 seconds]
01:34 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Ping timeout: 265 seconds]
01:34 -!- pipecloud [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
01:35 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
01:35 -!- n-st_ [~n-st@unaffiliated/n-st] has joined #openvpn
01:35 -!- [DS]Matej_ [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
01:35 -!- MarcoSlater_ [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
01:35 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
01:36 -!- iokill_ [~dave@pippin.sigma-star.at] has joined #openvpn
01:36 -!- s7r_ [~s7r@openvpn/user/s7r] has joined #openvpn
01:36 -!- mode/#openvpn [+v s7r_] by ChanServ
01:36 -!- linear_ [~L@unaffiliated/linear] has joined #openvpn
01:37 -!- pekster_ [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 264 seconds]
01:37 -!- sh1rtybird [~quassel@205.185.122.214] has joined #openvpn
01:37 -!- Exagone314 [exa@elou.world] has joined #openvpn
01:38 -!- NP-Compl1 [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
01:38 -!- frank-- [~frank@unaffiliated/thumbs] has joined #openvpn
01:38 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
01:39 -!- deetwelv- [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
01:39 -!- plai [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
01:39 -!- mode/#openvpn [+o plai] by ChanServ
01:39 -!- jerich1wasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
01:39 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
01:39 -!- Kniaz1 [Kniaz@unaffiliated/kniaz] has joined #openvpn
01:39 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
01:39 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
01:39 -!- luckman212_ [~luckman21@unaffiliated/luckman212] has joined #openvpn
01:40 -!- mumixam_ [~m@unaffiliated/mumixam] has joined #openvpn
01:40 -!- Netsplit *.net <-> *.split quits: AlexRussia, JackWinter, MrPockets, catsup, DArqueBishop, ashka, luckman212, @mattock
01:40 -!- luckman212_ is now known as luckman212
01:41 -!- mode/#openvpn [+o mattock] by ChanServ
01:41 -!- Netsplit over, joins: mattock
01:41 -!- Netsplit over, joins: ashka
01:41 -!- Gaffeltruck [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
01:41 -!- fling [~fling@fsf/member/fling] has joined #openvpn
01:41 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
01:41 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
01:41 -!- Netsplit *.net <-> *.split quits: christobill, skyroveRR, willeponken, uiyice, +s7r, saik0
01:42 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
01:42 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
01:42 -!- Netsplit *.net <-> *.split quits: swebb
01:42 -!- abbe_ [having@badti.me] has joined #openvpn
01:42 -!- Netsplit *.net <-> *.split quits: APTX, NP-Hardass, Gaffel, KNERD, Mike--, @syzzer, ntio, Chex
01:43 -!- master_o1_master [~master_of@p4FD7BC80.dip0.t-ipconnect.de] has joined #openvpn
01:43 -!- CGML_ [~CGML@unaffiliated/cgml] has joined #openvpn
01:44 -!- troyt_ [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has joined #openvpn
01:44 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
01:46 -!- Netsplit *.net <-> *.split quits: CGML, shootbird, johnny56, troyt, baetheus, pythonsnake, early`, NightMonkey, deetwelve, yoavz,  (+7 more, use /NETSPLIT to show all of them)
01:46 -!- deetwelv- is now known as deetwelve
01:46 -!- Kniaz1 is now known as Kniaz
01:46 -!- Netsplit *.net <-> *.split quits: hive-mind, linear, n-st, clu5ter, Ryushin, whfsdude, Jeroen, thumbs, NP-Completeass, jerichowasahoax,  (+20 more, use /NETSPLIT to show all of them)
01:46 -!- n-st_ is now known as n-st
01:46 -!- [DS]Matej_ is now known as [DS]Matej
01:46 -!- pipecloud is now known as pipework
01:46 -!- MarcoSlater_ is now known as MarcoSlater
01:47 -!- Netsplit over, joins: APTX
01:48 -!- Netsplit over, joins: Pandemic_Force
01:48 -!- Netsplit *.net <-> *.split quits: hays, Buffman, mystica555_, MidnightCommand-
01:48 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
01:49 -!- Netsplit over, joins: DArqueBishop
01:50 -!- Netsplit over, joins: saik0
01:50 -!- Netsplit over, joins: mystica555_
01:51 -!- Netsplit over, joins: NP-Hardass, ntio
01:52 -!- agorecki_ [agorecki@S0106b8a38657b866.ok.shawcable.net] has joined #openvpn
01:53 -!- lkjahsdkfj is now known as uiyice
01:54 -!- mode/#openvpn [+v RBecker] by ChanServ
01:54 -!- Netsplit over, joins: RBecker
01:55 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
01:56 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has joined #openvpn
01:57 -!- MikeH__ [~mystica55@97-118-103-175.hlrn.qwest.net] has joined #openvpn
01:57 -!- marlinc_ [~marlinc@bouncer.cvo.technology] has joined #openvpn
01:58 -!- phreakocious_ [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
01:58 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
01:59 -!- Netsplit over, joins: CGML, plaisthos
01:59 -!- mode/#openvpn [+o plaisthos] by ChanServ
02:00 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
02:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:02 -!- Netsplit *.net <-> *.split quits: sillysausage, @plai, Savemech, mgorbach, valkyr1e, infernix, marlinc, joako, CGML_, troyt_,  (+10 more, use /NETSPLIT to show all of them)
02:02 -!- marlinc_ is now known as marlinc
02:02 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has joined #openvpn
02:02 -!- Netsplit over, joins: MogDog
02:03 -!- Netsplit over, joins: sillysausage
02:04 -!- Netsplit over, joins: ender|
02:06 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
02:09 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
02:13 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
02:14 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
02:14 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
02:14 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
02:15 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
02:16 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
02:17 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
02:17 -!- mode/#openvpn [+o dazo_afk] by ChanServ
02:17 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
02:17 -!- mode/#openvpn [+o pekster] by ChanServ
02:17 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
02:17 -!- mode/#openvpn [+o syzzer] by ChanServ
02:17 -!- baetheus [~brandon@null.pub] has joined #openvpn
02:17 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
02:17 -!- dazo_afk is now known as dazo
02:17 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
02:18 -!- joako [~joako@opensuse/member/joak0] has quit [Quit: quit]
02:18 -!- willeponken [~willeponk@2a03:b0c0:2:d0::155:4001] has joined #openvpn
02:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
02:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:19 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
02:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Client Quit]
02:23 -!- jeev [~j@107.170.196.88] has joined #openvpn
02:23 -!- occupant [~null@207.173.20.37] has joined #openvpn
02:23 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
02:23 -!- Buffman [~Buffman@my.irc-bit.ch] has joined #openvpn
02:23 -!- hays [~quassel@93.171.216.190] has joined #openvpn
02:23 -!- hays [~quassel@93.171.216.190] has quit [Changing host]
02:23 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
02:24 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:24 -!- jeev [~j@107.170.196.88] has quit [Changing host]
02:24 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
02:25 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
02:25 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
02:25 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
02:25 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
02:27 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:35 -!- prettyrobots [~prettyrob@ec2-52-70-58-47.compute-1.amazonaws.com] has joined #openvpn
02:36 -!- prettyrobots is now known as Guest14248
02:37 -!- pekster_ [~rewt@openvpn/community/developer/pekster] has joined #openvpn
02:37 -!- mode/#openvpn [+o pekster_] by ChanServ
02:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 264 seconds]
02:43 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
02:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:43 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 240 seconds]
02:43 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 240 seconds]
02:43 -!- lbft_ [~lbft@unaffiliated/lbft] has joined #openvpn
02:44 -!- lbft_ is now known as lbft
02:44 -!- Brando753-o_O_o [~Brando753@unaffiliated/brando753] has joined #openvpn
02:46 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:47 -!- Netsplit *.net <-> *.split quits: @syzzer, @dazo, Chex, whfsdude
02:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 264 seconds]
02:49 -!- Netsplit *.net <-> *.split quits: JackWinter
02:50 -!- Netsplit *.net <-> *.split quits: Brando753
02:50 -!- Brando753-o_O_o is now known as Brando753
02:51 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
02:51 -!- mode/#openvpn [+o dazo_afk] by ChanServ
02:51 -!- dazo_afk is now known as dazo
02:51 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
02:52 -!- zimboboyd is now known as zimboboy-
02:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:54 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
02:56 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Quit: ZNC - http://znc.in]
02:58 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:06 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
03:11 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
03:15 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
03:15 -!- mode/#openvpn [+o syzzer] by ChanServ
03:22 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has joined #openvpn
03:33 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
03:34 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:35 -!- lotharn5 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
03:36 -!- agorecki__ [agorecki@S0106b8a38657b866.ok.shawcable.net] has joined #openvpn
03:38 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
03:38 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
03:39 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 264 seconds]
03:39 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 264 seconds]
03:39 -!- Gaffeltruck [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
03:39 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 264 seconds]
03:39 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
03:39 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
03:39 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
03:39 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 264 seconds]
03:39 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 257 seconds]
03:39 -!- moviuro_ [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Ping timeout: 264 seconds]
03:39 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 264 seconds]
03:39 -!- agorecki_ [agorecki@S0106b8a38657b866.ok.shawcable.net] has quit [Ping timeout: 264 seconds]
03:39 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 264 seconds]
03:39 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 264 seconds]
03:39 -!- master_o1_master [~master_of@p4FD7BC80.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
03:39 -!- linear_ [~L@unaffiliated/linear] has quit [Ping timeout: 264 seconds]
03:39 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
03:40 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 265 seconds]
03:41 -!- master_of_master [~master_of@p4FD7BC80.dip0.t-ipconnect.de] has joined #openvpn
03:41 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
03:41 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:42 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
03:44 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 240 seconds]
03:44 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
03:44 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
03:44 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
03:45 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
03:45 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
03:45 -!- mode/#openvpn [+o vpnHelper] by ChanServ
03:47 -!- linear [~L@unaffiliated/linear] has joined #openvpn
03:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
03:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:52 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
03:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
03:53 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
03:53 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 272 seconds]
03:53 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:54 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
03:57 -!- abbe_ is now known as abbe
04:02 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:18 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
04:18 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
04:30 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
04:31 -!- f0o [~f0o@46.246.25.82] has joined #openvpn
04:40 -!- JackWinter1 [~jack@vodsl-11049.vo.lu] has joined #openvpn
04:42 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
04:51 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:57 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
05:05 -!- agorecki__ [agorecki@S0106b8a38657b866.ok.shawcable.net] has quit [Quit: Leaving]
05:07 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:14 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
05:16 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
05:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 250 seconds]
05:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:26 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
05:29 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
05:32 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:48 -!- andy09usa [~andy@unaffiliated/andy09usa] has quit [Quit: leaving]
06:30 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:33 -!- JackWinter1 [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 240 seconds]
06:45 -!- red-lichtie [~red-licht@host31-50-166-34.range31-50.btcentralplus.com] has joined #openvpn
06:47 < red-lichtie> Hi, I joined and posted on forums yesterday morning but it still hasn't shown up yet. All I've had is a welcome to the forums message. Any ideas?
06:54 -!- somis [~somis@67.205.112.74] has joined #openvpn
07:00 -!- frank-- is now known as thumbs
07:02 < red-lichtie> Well, the gist of the question was about the error message "MULTI: bad source address from client [192.168.1.131], packet dropped" that I keep getting in the server log. Everything appears to be working and I can't control the IP address on my laptop that I am assigned when I am on the go. What do I have to change in my configuration to get rid of this error messgae?
07:03 -!- banco [~BaN@212.164.222.212] has joined #openvpn
07:07 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has joined #openvpn
07:23 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
07:37 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
07:39 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 240 seconds]
07:46 -!- master_o1_master [~master_of@p4FD7BAC1.dip0.t-ipconnect.de] has joined #openvpn
07:49 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 276 seconds]
07:49 -!- master_of_master [~master_of@p4FD7BC80.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
08:02 -!- Guest14248 [~prettyrob@ec2-52-70-58-47.compute-1.amazonaws.com] has left #openvpn []
08:03 -!- JackWinter1 [~jack@vodsl-11049.vo.lu] has joined #openvpn
08:05 -!- prettyrobots [~prettyrob@ec2-52-70-58-47.compute-1.amazonaws.com] has joined #openvpn
08:18 -!- banco [~BaN@212.164.222.212] has quit [Ping timeout: 260 seconds]
08:21 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 265 seconds]
08:22 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
08:26 -!- bf_ [~bf_@xdsl-89-0-94-18.netcologne.de] has joined #openvpn
08:28 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:34 -!- somis [~somis@67.205.112.74] has quit [Quit: Leaving]
08:37 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:37 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Quit: TTFNs!]
08:47 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
08:50 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
08:56 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:58 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:02 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
09:02 -!- pekster_ [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 272 seconds]
09:11 -!- banco [~BaN@212.164.222.212] has joined #openvpn
09:12 -!- DMA [~dma@190.146.128.106] has joined #openvpn
09:17 -!- l30 is now known as le0
09:31 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
09:33 -!- JackWinter1 [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
09:34 -!- JackWinter1 [~jack@vodsl-11049.vo.lu] has joined #openvpn
09:43 -!- rax- [~rax-@bnc.localh0st.co.uk] has joined #openvpn
09:47 -!- bf_ [~bf_@xdsl-89-0-94-18.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
09:48 -!- JackWinter1 [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 260 seconds]
09:49 < rax-> Hi guys, strange issue my end and this maybe isn't thr right place for it but kind of at a loss otherwise. So we are using Open VPN through Sophos UTM but on my local machine I have a certificate issue when verifying x509, showing 'email@domain' but saying 'must be email2@domain'. I've completely uninstalled the vpn client and reinstalled but it remains the same, the certs called in the program files area all look OK and downloading the client package on a
09:49 < rax-> This might not make any sense, so any questions fire away
09:50 < rax-> I've also been through certmgr.msc and can't find any local certs which may be causing problems
09:54 < banco> just a thought, but maybe someone manually changed the email in certificate instead of regenerating the certificate with different email?
09:57 < rax-> yea I thought that as well, as it appears as though the cert I'm using from the local machine contains the wrong email
09:57 < rax-> but the 2 certs in the vpn program file directory both show the correct email address
09:57 < rax-> not the one I'm seeing in the log saying 'must be email2@domain'
09:59 < banco> maybe email was changed in the both files? You can try and generate new certificates and see if they'll work
09:59 < red-lichtie> rax: 'openssl x509 -noout -text -in your.crt' is correct?
10:03 < rax-> let me go back a little. The email in the cert used to be email2@domain (for simplicity we'll say admin@domain previously and now it is servicedesk@domain)
10:03 < rax-> I have 2 certficiates in the program files dir, one for the ca and one for the user
10:03 < rax-> both say servicedesk@domain
10:04 < rax-> so if I was to run openssl x509 -noout -text -in and point it to either of these certs, it will display the correct email but give me 5 and I'll try it
10:08 <@dazo> rax-: the x509 certificate information is not easily modified ... the process is that a CSR is sent to a CA, the CSR contains all this information.  When the CA cryptographically signs the CSR, you get an X.509 certificate as output ... at this point, the information in the certificate cannot be changed without breaking the signature the CA added
10:09 <@dazo> so, if openvpn shows something else than what your openssl commands provides .... openvpn is using the wrong certificate
10:11 < rax-> both the ca cert and user cert show CA/emailAddress=servicedesk@
10:11 < rax-> when using openssl to check them
10:11 <@dazo> !configs
10:11 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:13 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
10:15 < rax-> I don't really want to paste the entire config, and removing the sensitive details would make it pointless
10:15 < rax-> however the client config references the 2 certs within the same directory
10:15 <@dazo> then I don't care to help
10:15 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
10:16 < rax-> well alright but I don't know how much it will help you
10:16 < rax-> gimme 5
10:16 <@dazo> nm ... I need to run out for a couple of hours
10:16 -!- kraut [~kraut@blackhole.netzdeponie.de] has quit [Ping timeout: 264 seconds]
10:17 < rax-> http://pastebin.com/3QgHLyCV
10:17 < rax-> this is the client config
10:22 -!- defsdoor_ [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
10:23 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
10:23 < banco> is "**** emailAddress=servicedesk@domain" really your server CN?
10:23 < banco> also, tls-remote is deprecated
10:26 < rax-> no I blanked that out
10:26 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 260 seconds]
10:28 < banco> so is it "tls-remote ServerCN" or with email part?
10:28 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:29 < rax-> tls-remote "C=uk, L=*****, O=*****, CN=***.co.uk, emailAddress=servicedesk@**********.co.uk"
10:29 < rax-> like I say though, this config works on other laptops
10:29 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
10:29 < rax-> the issue seems to be that my laptop is using the wrong cert, even though the ones in the directory are fine
10:30 < rax-> I can create a test user and download the files for that one and it connects fine
10:30 < rax-> from the same laptop
10:30 < rax-> or I can use the problematic user account on another laptop and it's OK
10:30 < rax-> just specific to a single user on a single laptop
10:36 < banco> don't even know then, try to specify the full path to the cert files just in case
10:38 < rax-> doesn't help
10:38 -!- _KaszpiR__ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
10:39 < rax-> I knew it was a long shot anyway
10:39 < rax-> I've obviously done something stupid while configuring it
10:40 < rax-> even the sophos support guys can't figure it out :P
10:41 -!- R\w\C [~so_corpor@unaffiliated/richwestcoast] has quit [Read error: Connection reset by peer]
10:41 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 240 seconds]
10:41 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Ping timeout: 240 seconds]
10:41 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Ping timeout: 240 seconds]
10:41 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 240 seconds]
10:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 240 seconds]
10:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:43 < banco> you can try to connect from this laptob, but from different system - livecd or vm, maybe it will give you any hints
10:43 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
10:43 -!- mode/#openvpn [+o syzzer] by ChanServ
10:44 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
10:45 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
10:46 < rax-> banco - strangely I've just messed about right
10:46 < rax-> so I have 2 configs one as normal user, one as an admin both available on the vpn gui
10:46 < rax-> the admin can connect fine
10:47 < rax-> so i replaced the cert and key
10:47 -!- bf_ [~bf_@xdsl-89-0-94-18.netcologne.de] has joined #openvpn
10:47 < rax-> and can connect using the normal user credentials now
10:47 < rax-> I've renamed the directory to that of the normal user
10:47 < rax-> still works but the gui displays the admin name
10:48 < rax-> so admin dir now contains a normal user cert and key and I can connect as the normal user
10:54 < banco> don't really understand what's with that, but why your config didn't work with full path to the ca/cert/key then?
10:58 < rax-> I've no idea
10:59 < rax-> I would like to know where the GUI gets its data from because I've renamed the config folder for the admin to normal user but the GUI doesn't update, while it evidently uses the correct path
10:59 < rax-> checked appdata and can't find anything besides logs
11:00 < banco> it's from the *.conf filename
11:00 < banco> also, restart the app
11:01 < banco> or *.ovpn for windows
11:01 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:03 < rax-> right
11:03 < rax-> yea
11:03 < rax-> so I've renamed the ovpn file and it's now doing the same certificate warning
11:05 < rax-> i.e. I took adminuser@*.ovpn and renamed it to user@*.ovpn
11:05 < rax-> user being the one with the issue
11:05 < rax-> if I rename that ovpn file to anything else it works
11:05 < rax-> I've just set it to test-user@*.ovpn and can connect fine
11:07 < banco> do you have the file with user@*.ovpn filename somewhere else in the OpenVPN config folder?
11:08 < rax-> nah but at first it complained about having 2 config files with the same name not being allowed, even if they are in different config folders
11:08 < rax-> so I renamed the old user one to old user@*.ovpn
11:08 < rax-> so the GUI is clear now
11:08 < rax-> and it starts ok
11:09 < rax-> could there be some registry entry somewhere?
11:10 < banco> no
11:10 -!- bf_ [~bf_@xdsl-89-0-94-18.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
11:10 < banco> try to move everything from config dir and leave there only files for user@*.ovpn
11:11 < rax-> as in remove the certs and key files?
11:12 < banco> move all the files from from C:\Program Files\OpenVPN\config to another dir and leave there only user@*.ovpn and it's ca/crt/key files
11:14 -!- s7r_ is now known as s7r
11:18 -!- DMA [~dma@190.146.128.106] has quit [Ping timeout: 276 seconds]
11:27 -!- huig [93606e7b@gateway/web/freenode/ip.147.96.110.123] has joined #openvpn
11:28 < huig> hello, i just installed openvpn on linux and cant connect using openvpn to a certain vpn. how can i know what is the reason?
11:28 < huig> i used network-manager-openvpn btw
11:28 < banco> enable logging in config and see the logs
11:32 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Remote host closed the connection]
11:34 -!- huig [93606e7b@gateway/web/freenode/ip.147.96.110.123] has quit [Quit: Page closed]
11:50 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
11:54 < MalMen> my server cant ping the clients, but clients ping the server all right and comicate with him
11:55 < MalMen> https://paste.kde.org/poyc78322
11:55 < MalMen> this are my server routes
11:55 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
11:57 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
11:58 < MalMen> on server i only can ping it own ip 10.8.0.1
11:58 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
11:59 < banco> what's the clients ip's? can clients ping each other?
12:00 < MalMen> ip clients 10.8.0.x 255.255.255.0
12:00 < MalMen> yes, they can ping each other
12:00 < banco> what's with firewall rules on server?
12:01 < MalMen> https://paste.kde.org/pbmgjy8tm
12:05 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Remote host closed the connection]
12:05 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
12:06 < banco> can you telnet to some open port of the client from server?
12:06 -!- Mike-- [mad@mx.probie.nl] has quit []
12:07 < MalMen> yes i can
12:07 < MalMen> wait
12:07 < MalMen> from the server
12:07 < MalMen> no
12:07 < MalMen> i cant
12:07 < MalMen> from client to client i can
12:07 < MalMen> server to clioent no
12:07 < MalMen> client to server yes
12:08 < banco> hm, something's strange, show your server config
12:09 < MalMen> one momment
12:09 -!- MikeH__ is now known as mystica555
12:15 < MalMen> https://paste.kde.org/pbexg6zm1
12:15 < MalMen> here it is
12:19 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
12:19 -!- huig [93606e7b@gateway/web/freenode/ip.147.96.110.123] has joined #openvpn
12:20 < huig> hi, after running sudo openvpn --config myfile.ovpn and entering a user and a pass i get "Initialization Sequence Completed", but i cannot access any web pages
12:21 < huig> i have read that maybe it has something to do with the DNS
12:21 < banco> MalMen, what if you remove push route 0.0.0.0 0.0.0.0 option?
12:23 < MalMen> will try
12:24 < banco> huig, depends on what do you have in your configs, here is an example http://askubuntu.com/questions/462533/route-all-traffic-through-openvpn
12:24 <@vpnHelper> Title: vpn - Route all traffic through OpenVPN - Ask Ubuntu (at askubuntu.com)
12:26 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
12:26 < huig> banco: that is not really my issue, i cant even connect to a web page
12:27 < MalMen> banco the server still not reach any clients
12:27 < MalMen> but the clients still connect to each other, so i supose i can drop that line
12:29 -!- huig [93606e7b@gateway/web/freenode/ip.147.96.110.123] has quit [Quit: Page closed]
12:31 -!- deetwelv- [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
12:34 -!- jeev_ [~j@unaffiliated/jeev] has joined #openvpn
12:36 -!- deetwelv- [~deetwelve@unaffiliated/deetwelve] has quit [Client Quit]
12:38 -!- le0 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
12:39 -!- deetwelv- [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
12:39 -!- Netsplit *.net <-> *.split quits: deetwelve
12:40 -!- deetwelv- is now known as deetwelve
12:40 -!- Netsplit *.net <-> *.split quits: supergauntlet, hays, Buffman, occupant, @dazo, jeev, MidnightCommand-
12:40 -!- Netsplit over, joins: supergauntlet
12:42 < banco> MalMen, don't really know, where to look for the problem, show your server iptables -t nat -L -n -v --line-numbers
12:42 -!- mode/#openvpn [+o dazo] by ChanServ
12:42 -!- Netsplit over, joins: dazo
12:47 -!- huig [93606e7b@gateway/web/freenode/ip.147.96.110.123] has joined #openvpn
12:48 < huig> i just checked and the problem is the dns server. when i try to ping www.google.com i get unknown host. but if i ping the ip of google then it works
12:49 < MalMen> banco here it is
12:49 < MalMen> https://paste.kde.org/pcd9zw0hh
12:50 < red-lichtie> huig: Did you add "push >> dhcp-option DNS 8.8.4.4" << to let your client know which DNS to use?
12:50 < red-lichtie> Or something like that
12:51 < red-lichtie> Otherwise it will try to use your LAN's DNS and that won't be in the route
12:51 < banco> MalMen, why do you have SNAT from 10.8.0.0/24 to 92.222.235.218?
12:51 < banco> MalMen, delete it
12:52 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
12:53 -!- huig [93606e7b@gateway/web/freenode/ip.147.96.110.123] has quit [Quit: Page closed]
12:55 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
13:16 -!- Netsplit *.net <-> *.split quits: Chex, Tykling, mgorbach, deetwelve, jefferai, m3n3chm0, troyt, wiz, @plaisthos, Neal_,  (+179 more, use /NETSPLIT to show all of them)
13:16 -!- Amnez777 [~Amnez777@unaffiliated/amnez777] has quit [Excess Flood]
13:17 -!- Zimsky-- [~alice@unaffiliated/zimsky] has joined #openvpn
13:17 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
13:17 -!- MalMen [~MalMen@xmr.link] has joined #openvpn
13:17 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
13:17 -!- toli [~toli@ip-83-134-71-65.dsl.scarlet.be] has joined #openvpn
13:17 -!- Exagone314 [exa@elou.world] has joined #openvpn
13:17 -!- ashka [~postmaste@pdpc/supporter/active/ashka] has joined #openvpn
13:17 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
13:17 -!- Tenhi [~tenhi@static.100.25.4.46.clients.your-server.de] has joined #openvpn
13:17 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
13:17 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has joined #openvpn
13:17 -!- lev__ [~lev@stipakov.fi] has joined #openvpn
13:17 -!- mete [~mete@91.247.253.160] has joined #openvpn
13:17 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
13:17 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has joined #openvpn
13:17 -!- Reventlov [~Reventlov@unaffiliated/reventlov] has joined #openvpn
13:17 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
13:17 -!- Neal_ [~neal@felix.ineal.me] has joined #openvpn
13:17 -!- iNs [~ins@85.17.164.26] has joined #openvpn
13:17 -!- mcp [~mcp@wolk-project.de] has joined #openvpn
13:17 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
13:17 -!- IronY [~IronY@unaffiliated/irony] has joined #openvpn
13:17 -!- Gizmokid2005 [~Gizmokid2@dedi2.gizmokid2005.com] has joined #openvpn
13:17 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
13:17 -!- wiz [~sid1@irc-gw.wiz.network] has joined #openvpn
13:17 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
13:17 -!- stemid [~avatar@vpn.sydit.se] has joined #openvpn
13:17 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
13:17 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
13:17 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
13:17 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
13:17 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
13:17 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:17 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
13:17 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
13:17 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
13:17 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
13:17 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
13:17 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
13:17 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
13:17 -!- Willis [Willis@107.161.160.241] has joined #openvpn
13:17 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:17 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
13:17 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
13:17 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
13:17 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
13:17 -!- ServerMode/#openvpn [+vv s7r hazardous] by verne.freenode.net
13:17 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
13:17 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
13:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:17 -!- Poster|x [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
13:17 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
13:17 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
13:17 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
13:17 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
13:17 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
13:17 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
13:17 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
13:17 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
13:17 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
13:17 -!- rax- [~rax-@bnc.localh0st.co.uk] has joined #openvpn
13:17 -!- banco [~BaN@212.164.222.212] has joined #openvpn
13:17 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
13:17 -!- prettyrobots [~prettyrob@ec2-52-70-58-47.compute-1.amazonaws.com] has joined #openvpn
13:17 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
13:17 -!- f0o [~f0o@46.246.25.82] has joined #openvpn
13:17 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
13:17 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
13:17 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
13:17 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
13:17 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
13:17 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
13:17 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
13:17 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
13:17 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
13:17 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
13:17 -!- willeponken [~willeponk@2a03:b0c0:2:d0::155:4001] has joined #openvpn
13:17 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
13:17 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
13:17 -!- zimboboy- [~zimboboyd@213.183.76.156] has joined #openvpn
13:17 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
13:17 -!- ServerMode/#openvpn [+oooo dazo syzzer vpnHelper plaisthos] by verne.freenode.net
13:17 -!- mystica555 [~mystica55@97-118-103-175.hlrn.qwest.net] has joined #openvpn
13:17 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
13:17 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
13:17 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
13:17 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
13:17 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
13:17 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
13:17 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:17 -!- mumixam_ [~m@unaffiliated/mumixam] has joined #openvpn
13:17 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
13:17 -!- Kniaz [Kniaz@unaffiliated/kniaz] has joined #openvpn
13:17 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
13:17 -!- ServerMode/#openvpn [+vo RBecker mattock] by verne.freenode.net
13:17 -!- thumbs [~frank@unaffiliated/thumbs] has joined #openvpn
13:17 -!- sh1rtybird [~quassel@205.185.122.214] has joined #openvpn
13:17 -!- iokill_ [~dave@pippin.sigma-star.at] has joined #openvpn
13:17 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
13:17 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
13:17 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
13:17 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
13:17 -!- u0m3_ [~u0m3@89.120.204.99] has joined #openvpn
13:17 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
13:17 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
13:17 -!- Denial [~Denial@81.141.18.138] has joined #openvpn
13:17 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
13:17 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
13:17 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
13:17 -!- dhcpfreely [~dhcp_free@ec2-52-33-220-248.us-west-2.compute.amazonaws.com] has joined #openvpn
13:17 -!- CrazyyMaxx [CrazyyMaxx@2001:41d0:2:b743::] has joined #openvpn
13:17 -!- zamba [~marius@flage.org] has joined #openvpn
13:17 -!- varesa_ [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
13:17 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
13:17 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
13:17 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
13:17 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
13:17 -!- riddle [~decadance@us.yunix.net] has joined #openvpn
13:17 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
13:17 -!- e1z0 [~null@netlinux/founder/e1z0] has joined #openvpn
13:17 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
13:17 -!- Champi [~Champi@damn.e-leet.be] has joined #openvpn
13:17 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
13:17 -!- bpye [~quassel@unaffiliated/bpye] has joined #openvpn
13:17 -!- jefferai [jefferai@kde/mitchell] has joined #openvpn
13:17 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
13:17 -!- fcktasarausrex [eugene@kashpureff.org] has joined #openvpn
13:17 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
13:17 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-loxrfidapphhdprx] has joined #openvpn
13:17 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
13:17 -!- ServerMode/#openvpn [+oo mattock1 fcktasarausrex] by verne.freenode.net
13:18 -!- dmilith [~dmilith@verknowsys.com] has joined #openvpn
13:18 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
13:19 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
13:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
13:19 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
13:19 -!- dmilith [~dmilith@verknowsys.com] has quit [Max SendQ exceeded]
13:19 -!- dmilith_ [~dmilith@verknowsys.com] has joined #openvpn
13:20 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
13:20 -!- red-lichtie [~red-licht@host31-50-166-34.range31-50.btcentralplus.com] has joined #openvpn
13:20 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
13:20 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
13:20 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
13:20 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
13:20 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:20 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
13:20 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
13:20 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has joined #openvpn
13:20 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has joined #openvpn
13:20 -!- abbe [having@badti.me] has joined #openvpn
13:20 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
13:20 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
13:20 -!- fling [~fling@fsf/member/fling] has joined #openvpn
13:20 -!- jerich1wasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
13:20 -!- NP-Compl1 [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
13:20 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
13:20 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
13:20 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
13:20 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
13:20 -!- shio [marmottin@84.103.188.220] has joined #openvpn
13:20 -!- mparisi [~mparisi@marcelo.feitoza.com.br] has joined #openvpn
13:20 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
13:20 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
13:20 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
13:20 -!- tiago [~tiago@unaffiliated/ttsda] has joined #openvpn
13:20 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
13:20 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
13:20 -!- fred`` [fred@2001:6f8:10c0:0:2010:abec:24d:2500] has joined #openvpn
13:20 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
13:20 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
13:20 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
13:20 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
13:20 -!- dan_j [sid21651@gateway/web/irccloud.com/x-jwpedkczjeldmhus] has joined #openvpn
13:20 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
13:20 -!- jesopo [jess@lolnerd.net] has joined #openvpn
13:20 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
13:21 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Max SendQ exceeded]
13:21 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has quit [Max SendQ exceeded]
13:21 -!- dan_j [sid21651@gateway/web/irccloud.com/x-jwpedkczjeldmhus] has quit [Max SendQ exceeded]
13:21 -!- ntio [~ntio@unaffiliated/ntio] has quit [Max SendQ exceeded]
13:21 -!- dmilith_ is now known as dmilith
13:21 -!- Amnez777 [~Amnez777@unaffiliated/amnez777] has joined #openvpn
13:22 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
13:23 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
13:24 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
13:26 -!- dan_j [sid21651@gateway/web/irccloud.com/x-cfkshcouhdpnornb] has joined #openvpn
13:31 -!- Buffman [~Buffman@my.irc-bit.ch] has joined #openvpn
13:31 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
13:31 -!- ShadniX [dagger@p57941AFA.dip0.t-ipconnect.de] has joined #openvpn
13:31 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
13:31 -!- Vercas_ [~Vercas@unaffiliated/vercas] has joined #openvpn
13:32 -!- tychotithonus_ [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
13:32 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:32 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 240 seconds]
13:32 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 240 seconds]
13:32 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 240 seconds]
13:32 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 240 seconds]
13:33 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
13:33 -!- Netsplit *.net <-> *.split quits: tychotithonus, ashka, Vercas, @dazo, Gaffel, Chex, Poster|x, skyroveRR, f0o
13:34 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
13:34 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 264 seconds]
13:35 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 264 seconds]
13:35 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 264 seconds]
13:36 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
13:36 -!- mode/#openvpn [+v hazardous] by ChanServ
13:36 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 264 seconds]
13:36 -!- rax- [~rax-@bnc.localh0st.co.uk] has quit [Ping timeout: 264 seconds]
13:36 -!- banco [~BaN@212.164.222.212] has quit [Ping timeout: 264 seconds]
13:36 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
13:36 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
13:37 -!- pythonsnake [~pythonsna@fedora/pythonsnake] has joined #openvpn
13:37 -!- julie_harshaw [~julie@juliekoubova.net] has joined #openvpn
13:38 -!- Netsplit over, joins: skyroveRR
13:38 -!- mode/#openvpn [+o dazo] by ChanServ
13:38 -!- Netsplit over, joins: dazo
13:38 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
13:41 -!- ShadniX [dagger@p57941AFA.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
13:41 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has quit [Ping timeout: 260 seconds]
13:41 -!- thoht_ [~fox@bsd.cat] has joined #openvpn
13:41 -!- ShadniX [dagger@p57941AFA.dip0.t-ipconnect.de] has joined #openvpn
13:41 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
13:42 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
13:44 -!- ShadniX [dagger@p57941AFA.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
13:45 -!- Netsplit *.net <-> *.split quits: julieeharshaw, mumixam_, ntio, NP-Hardass, deviantintegral
13:45 -!- ShadniX [dagger@p57941AFA.dip0.t-ipconnect.de] has joined #openvpn
13:50 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
13:52 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has quit [Ping timeout: 260 seconds]
13:52 -!- colinstgeorge [~colinstge@ny1.datasec.io] has joined #openvpn
13:52 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
13:52 -!- ShadniX [dagger@p57941AFA.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
13:52 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has quit [Ping timeout: 260 seconds]
13:52 -!- thoht_ [~fox@bsd.cat] has quit [Ping timeout: 260 seconds]
13:52 -!- thoht_ [~fox@bsd.cat] has joined #openvpn
13:52 -!- ShadniX [dagger@p57941AFA.dip0.t-ipconnect.de] has joined #openvpn
13:53 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
13:57 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 264 seconds]
13:57 -!- abra0_ [abra0@unaffiliated/abra0] has joined #openvpn
13:57 -!- phreakocious_ [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
13:58 -!- hazard0us [~hz@openvpn/user/hazardous] has joined #openvpn
13:58 -!- mode/#openvpn [+v hazard0us] by ChanServ
13:58 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 240 seconds]
13:58 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 240 seconds]
13:58 -!- hazard0us is now known as hazardous
13:58 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 240 seconds]
13:58 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 240 seconds]
14:00 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
14:00 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
14:02 -!- arlen is now known as 77CAAA5E8
14:02 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
14:02 -!- leo2007- [~leo2007@128.199.230.246] has joined #openvpn
14:03 -!- mumixam_ [~m@unaffiliated/mumixam] has joined #openvpn
14:03 -!- Netsplit *.net <-> *.split quits: deed02392, marlinc, DzAirmaX, 77CAAA5E8, abra0
14:03 -!- abra0_ is now known as abra0
14:03 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has quit [Ping timeout: 260 seconds]
14:04 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
14:04 -!- Netsplit over, joins: DzAirmaX
14:05 -!- marigeo [~marigeo@KD121108029227.ppp-bb.dion.ne.jp] has joined #openvpn
14:06 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
14:06 -!- mumixam_ is now known as mumixam
14:07 -!- arlen [~arlen@jarvis.arlen.io] has quit [Max SendQ exceeded]
14:08 -!- colinstgeorge [~colinstge@ny1.datasec.io] has quit [Max SendQ exceeded]
14:08 < marigeo> not isre if this has been asked before can a openvpn server running a tunnel for a client at the same time connect to another openvpn server running tunnel for that first openvpn server?
14:09 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 264 seconds]
14:12 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
14:12 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
14:14 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
14:14 -!- mode/#openvpn [+o syzzer] by ChanServ
14:17 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 240 seconds]
14:18 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
14:21 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
14:22 -!- marus [Elite13751@gateway/shell/elitebnc/x-sazprxtewqcjobxj] has joined #openvpn
14:24 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:32 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
14:32 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
14:36 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
14:36 -!- f0o [~f0o@46.246.25.82] has joined #openvpn
14:36 -!- Chex is now known as Guest89309
14:41 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
14:42 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
14:44 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
14:45 < marus> any hardware recommendation for openvpn server (about 30 users)? like a mini-itx or something like that?
14:47 -!- mumixam [~m@unaffiliated/mumixam] has quit [Read error: Connection reset by peer]
14:51 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
14:51 -!- jerich1wasahoax is now known as jerichowasahoax
14:52 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
14:53 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
14:55 -!- hazard0us [~hz@openvpn/user/hazardous] has joined #openvpn
14:55 -!- mode/#openvpn [+v hazard0us] by ChanServ
14:56 -!- DzAirmaX_ [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
14:56 -!- Zzyzx_ [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
14:56 -!- Exagone313 [exa@elou.world] has joined #openvpn
14:57 -!- marigeo [~marigeo@KD121108029227.ppp-bb.dion.ne.jp] has quit [Ping timeout: 240 seconds]
15:01 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
15:01 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
15:02 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
15:03 -!- Zimsky-- [~alice@unaffiliated/zimsky] has quit [Ping timeout: 246 seconds]
15:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Ping timeout: 246 seconds]
15:03 -!- tychotithonus_ [~tychotith@unaffiliated/tychotithonus] has quit [Ping timeout: 246 seconds]
15:03 -!- phreakocious_ [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 246 seconds]
15:03 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
15:03 -!- Exagone314 [exa@elou.world] has quit [Ping timeout: 246 seconds]
15:03 -!- chamunks [chamunks@entityreborn.com] has quit [Ping timeout: 246 seconds]
15:03 -!- julie_harshaw [~julie@juliekoubova.net] has quit [Ping timeout: 246 seconds]
15:03 -!- toli [~toli@ip-83-134-71-65.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
15:03 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 246 seconds]
15:03 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 246 seconds]
15:03 -!- MalMen [~MalMen@xmr.link] has quit [Ping timeout: 246 seconds]
15:03 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Ping timeout: 246 seconds]
15:03 -!- toli [~toli@ip-83-134-71-65.dsl.scarlet.be] has joined #openvpn
15:03 -!- hazard0us is now known as hazardous
15:03 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
15:04 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
15:04 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 276 seconds]
15:04 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
15:11 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
15:11 -!- marigeo [~marigeo@KD121108029227.ppp-bb.dion.ne.jp] has joined #openvpn
15:11 < Exagone313> Hi, I use OpenVPN client on Windows 8. For now, I route everything to my VPN. I want that it ignores some ports or outgoing subnets. How do I do that without iptables (Windows...)? Thanks for your help.
15:25 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:28 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Client Quit]
15:32 -!- Zzyzx_ is now known as THX1138
15:36 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 252 seconds]
15:40 -!- Mike-- [mad@mx.probie.nl] has quit []
15:43 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
15:47 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:47 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has quit [Quit: ZNC - http://znc.in]
15:53 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:00 -!- marigeo [~marigeo@KD121108029227.ppp-bb.dion.ne.jp] has quit [Ping timeout: 260 seconds]
16:04 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
16:13 -!- Gaffeltruck [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
16:14 -!- rax- [~rax-@bnc.localh0st.co.uk] has joined #openvpn
16:14 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 246 seconds]
16:14 -!- f0o [~f0o@46.246.25.82] has quit [Ping timeout: 246 seconds]
16:14 -!- Guest89309 [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
16:15 -!- f0o [~f0o@46.246.25.82] has joined #openvpn
16:20 -!- Vercas_ is now known as Vercas
16:22 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
16:22 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
16:26 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Client Quit]
16:30 -!- Chex is now known as Guest52045
16:32 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
16:36 -!- defsdoor_ [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
16:37 -!- m3n3chm0_ [uid129754@gateway/web/irccloud.com/x-wbduirzulftdlftm] has joined #openvpn
16:37 -!- m3n3chm0_ [uid129754@gateway/web/irccloud.com/x-wbduirzulftdlftm] has quit [Client Quit]
16:44 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:47 -!- m3n3chm0 [uid129754@gateway/web/irccloud.com/x-ponayyyimhattqim] has joined #openvpn
16:49 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
16:57 -!- jefferai [jefferai@kde/mitchell] has quit [Remote host closed the connection]
17:04 -!- m3n3chm0 [uid129754@gateway/web/irccloud.com/x-ponayyyimhattqim] has quit []
17:05 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
17:08 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
17:10 -!- m3n3chm0_ [uid129754@gateway/web/irccloud.com/x-bumotclqdvphwcgf] has joined #openvpn
17:13 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
17:15 -!- m3n3chm0_ [uid129754@gateway/web/irccloud.com/x-bumotclqdvphwcgf] has quit []
17:18 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:24 -!- someone [~someone@somewhe.re] has joined #openvpn
17:28 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
17:28 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:40 -!- red-lichtie [~red-licht@host31-50-166-34.range31-50.btcentralplus.com] has quit [Quit: Leaving.]
17:42 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
17:51 -!- poseidon1157 [~poseidon1@97-118-31-38.hlrn.qwest.net] has joined #openvpn
17:51 < poseidon1157> Hi all.  I'm having a weird issue with HMAC auth
17:51 < poseidon1157> So I have a client and server cert generated, and both signed by the CA.
17:59 -!- Zimsky-- [~alice@unaffiliated/zimsky] has joined #openvpn
18:00 -!- Netsplit *.net <-> *.split quits: showaz, ntio, Zimsky, __FBi, sillysausage
18:08 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
18:10 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
18:10 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
18:13 -!- poseidon1157 [~poseidon1@97-118-31-38.hlrn.qwest.net] has quit [Ping timeout: 240 seconds]
18:15 -!- poseidon1157 [~poseidon1@97-118-31-38.hlrn.qwest.net] has joined #openvpn
18:16 -!- poseidon1157 [~poseidon1@97-118-31-38.hlrn.qwest.net] has quit [Client Quit]
18:19 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has joined #openvpn
18:21 < dolohow> Hello guys, i have a problem with dns resolving, here are my configs https://gist.github.com/dolohow/2129c948c6bd3069234e
18:21 <@vpnHelper> Title: client.conf · GitHub (at gist.github.com)
18:26 -!- defsdoor_ [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:27 -!- dazo is now known as dazo_afk
18:30 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has left #openvpn []
18:30 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has joined #openvpn
18:32 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has left #openvpn []
18:32 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has joined #openvpn
18:40 -!- gallant [~gallant__@185.47.61.118] has joined #openvpn
18:40 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has left #openvpn []
18:40 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has joined #openvpn
18:45 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has left #openvpn []
18:45 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has joined #openvpn
18:46 -!- dolohow [959c7c10@gateway/web/freenode/ip.149.156.124.16] has quit [Quit: Page closed]
18:54 -!- gallant [~gallant__@185.47.61.118] has quit [Quit: Leaving]
18:58 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has joined #openvpn
18:58 < dimitry7> Hi guys!
18:59 < dimitry7> What's the best cipher for openvpn client-server communication: I have this: cipher AES-256-CBC
19:09 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:14 -!- mystica555 [~mystica55@97-118-103-175.hlrn.qwest.net] has quit [Read error: Connection reset by peer]
19:34 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
19:36  * dimitry7 wonders where all the guys have gone...
19:37  * dimitry7 thinks the FBI put all of them at jail
19:37  * dimitry7 *in
19:44 -!- dimitry7 [~dimitry7@gate.aaamerica.com.mx] has quit [Read error: Connection reset by peer]
19:59 -!- poseidon1157 [~poseidon1@63.224.64.142] has joined #openvpn
20:06 -!- poseidon1157 [~poseidon1@63.224.64.142] has quit [Ping timeout: 265 seconds]
20:06 -!- poseidon1157 [~poseidon1@63.224.64.142] has joined #openvpn
20:09 -!- poseidon11571 [~poseidon1@63.224.64.142] has joined #openvpn
20:10 -!- poseidon1157 [~poseidon1@63.224.64.142] has quit [Ping timeout: 246 seconds]
20:33 -!- Guest52045 [~Chex@swampjax.northnook.ca] has left #openvpn []
20:34 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
20:44 -!- mystica555 [~mystica55@97-118-103-175.hlrn.qwest.net] has joined #openvpn
21:01 -!- poseidon11571 [~poseidon1@63.224.64.142] has quit [Quit: Leaving.]
21:12 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
21:13 -!- haasn [~haasn@static.102.126.46.78.clients.your-server.de] has joined #openvpn
21:40 -!- poseidon1157 [~poseidon1@63.224.64.142] has joined #openvpn
22:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 265 seconds]
22:40 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
22:42 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 265 seconds]
22:45 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
22:59 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 265 seconds]
23:01 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
23:02 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: fuckin]
23:04 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
23:15 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:20 -!- agorecki [agorecki@S0106b8a38657b866.ok.shawcable.net] has joined #openvpn
23:38 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
23:48 -!- ShadniX [dagger@p57941AFA.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
23:49 -!- ShadniX [dagger@p5481DE4E.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Fri Nov 27 2015
00:00 -!- banco [~ban@212.164.222.212] has joined #openvpn
00:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
00:18 -!- mode/#openvpn [+o mattock1] by ChanServ
00:27 -!- agorecki_ [agorecki@S0106b8a38657b866.ok.shawcable.net] has joined #openvpn
00:28 -!- Zimsky-- [~alice@unaffiliated/zimsky] has quit [Ping timeout: 265 seconds]
00:29 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 264 seconds]
00:29 -!- f0o [~f0o@46.246.25.82] has quit [Ping timeout: 264 seconds]
00:29 -!- sarlalian [~sarlalian@107.170.239.102] has quit [Ping timeout: 264 seconds]
00:29 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 264 seconds]
00:29 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 264 seconds]
00:29 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
00:29 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 265 seconds]
00:30 -!- agorecki [agorecki@S0106b8a38657b866.ok.shawcable.net] has quit [Ping timeout: 265 seconds]
00:30 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 265 seconds]
00:30 -!- Gaffeltruck [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
00:30 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 264 seconds]
00:34 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
00:35 -!- f0o [~f0o@46.246.25.82] has joined #openvpn
00:42 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
00:43 -!- Netsplit *.net <-> *.split quits: toli
00:44 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
00:45 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
00:45 -!- mode/#openvpn [+v hazardous] by ChanServ
00:46 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:07 -!- dmilith is now known as dmilith2
01:08 -!- dmilith2 is now known as dmilith
01:11 -!- dmilith is now known as dmilith2
01:12 -!- agorecki_ [agorecki@S0106b8a38657b866.ok.shawcable.net] has quit [Quit: Leaving]
01:15 -!- doop [~doop@colostomy.club] has joined #openvpn
01:17 -!- dmilith2 is now known as dmilith
01:19 -!- banco [~ban@212.164.222.212] has joined #openvpn
01:19 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
01:21 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Ping timeout: 272 seconds]
01:30 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
01:33 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
01:35 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Ping timeout: 240 seconds]
01:47 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
01:48 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
01:49 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
01:56 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Ping timeout: 264 seconds]
01:57 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
01:58 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 264 seconds]
01:58 -!- MogDog [~mogdog@mog.dog] has quit [Excess Flood]
01:59 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
02:02 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
02:09 -!- zylinx [uid43406@gateway/web/irccloud.com/x-rfdhvhlawxhzytap] has joined #openvpn
02:22 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:23 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Excess Flood]
02:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:24 -!- Tykling [~tykling@89.233.43.74] has joined #openvpn
02:24 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
02:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has left #openvpn []
02:24 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has left #openvpn []
02:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
02:26 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
02:29 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
02:31 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has joined #openvpn
02:32 -!- Champi [~Champi@damn.e-leet.be] has quit [Ping timeout: 272 seconds]
02:33 -!- Champi [Champi@damn.e-leet.be] has joined #openvpn
02:33 -!- kraut [~kraut@blackhole.netzdeponie.de] has joined #openvpn
02:36 -!- Netsplit *.net <-> *.split quits: ShadniX, marlinc, subzero79, poseidon1157, thoht_, haasn, cylon512, mystica555, DzAirmaX_, leo2007-,  (+3 more, use /NETSPLIT to show all of them)
02:36 -!- Netsplit over, joins: cylon512, poseidon1157, bf_
02:36 -!- Tykling [~tykling@89.233.43.74] has quit [Ping timeout: 264 seconds]
02:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
02:37 -!- dmilith [~dmilith@verknowsys.com] has quit [Excess Flood]
02:37 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
02:37 -!- Netsplit over, joins: Exagone313
02:40 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Disconnected by services]
02:42 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
02:42 -!- mode/#openvpn [+o vpnHelper] by ChanServ
02:42 -!- agorecki [agorecki@S0106b8a38657b866.ok.shawcable.net] has joined #openvpn
02:46 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
02:48 -!- Netsplit *.net <-> *.split quits: pppingme, jeev, poseidon1157, Champi, Willis, prettyrobots, cylon512, willeponken, supergauntlet, Thermi,  (+6 more, use /NETSPLIT to show all of them)
02:48 -!- Netsplit *.net <-> *.split quits: MidnightCommand-, @dazo_afk, leo2007, Buffman
02:49 -!- Netsplit over, joins: poseidon1157
02:50 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
02:51 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 264 seconds]
02:52 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
02:52 -!- mode/#openvpn [+o syzzer] by ChanServ
03:05 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
03:06 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
03:06 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
03:07 -!- poseidon11571 [~poseidon1@63.224.64.142] has joined #openvpn
03:07 -!- andy09usa [~andy@unaffiliated/andy09usa] has joined #openvpn
03:09 -!- Netsplit *.net <-> *.split quits: poseidon1157, f31n, defsdoor, agorecki, @vpnHelper, haasn, ade_b, MogDog, banco, THX1138,  (+2 more, use /NETSPLIT to show all of them)
03:09 -!- Netsplit *.net <-> *.split quits: NP-Hardass
03:09 -!- Netsplit *.net <-> *.split quits: __FBi
03:09 -!- ghormoon [~ghormoon@ghorland.net] has quit [Excess Flood]
03:13 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
03:17 -!- poseidon11571 [~poseidon1@63.224.64.142] has quit [Ping timeout: 264 seconds]
03:17 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
03:18 -!- Netsplit over, joins: @vpnHelper, haasn, agorecki, xMopxShell, zylinx, defsdoor, banco, THX1138, NP-Hardass, __FBi
03:19 -!- Netsplit over, joins: ade_b
03:19 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
03:20 -!- agorecki [agorecki@S0106b8a38657b866.ok.shawcable.net] has quit [Quit: Leaving]
03:21 -!- mystica555 [~mystica55@97-118-103-175.hlrn.qwest.net] has joined #openvpn
03:24 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
03:25 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:26 -!- poseidon1157 [~poseidon1@63.224.64.142] has joined #openvpn
03:26 -!- subscope [~subscope@195.56.66.6] has quit [Client Quit]
03:27 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
03:28 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
03:31 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
03:34 -!- poseidon11571 [~poseidon1@63.224.64.142] has joined #openvpn
03:35 < dionysus69> I need help please
03:36 < dionysus69> I have a setup working on  tcp but when i switch to UDP, clients cannot connect
03:36 < dionysus69> can anyone help me troubleshoot this?
03:36 < dionysus69> tcp is being a little too slow and my workmates are frustrated
03:37 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 264 seconds]
03:40 -!- Netsplit *.net <-> *.split quits: pppingme, __FBi, poseidon1157, defsdoor, marlinc, @vpnHelper, haasn, ade_b, mystica555, subscope,  (+5 more, use /NETSPLIT to show all of them)
03:40 -!- Netsplit over, joins: @vpnHelper, xMopxShell, zylinx, defsdoor, banco, THX1138, NP-Hardass, __FBi
03:41 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 241 seconds]
03:41 -!- jeev [~j@107.170.196.88] has joined #openvpn
03:41 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
03:41 -!- Buffman [~Buffman@my.irc-bit.ch] has joined #openvpn
03:41 -!- agorecki [~agorecki@S0106b8a38657b866.ok.shawcable.net] has joined #openvpn
03:41 -!- jeev [~j@107.170.196.88] has quit [Changing host]
03:41 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
03:41 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
03:42 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
03:43 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
03:43 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
03:47 -!- toli [~toli@ip-83-134-71-65.dsl.scarlet.be] has joined #openvpn
03:48 -!- MogDog [~mogdog@104.131.20.250] has joined #openvpn
03:49 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 272 seconds]
03:50 -!- tapout [~tapout@unaffiliated/tapout] has quit [Quit: ZNC - http://znc.sourceforge.net]
03:51 -!- Amnez777 [~Amnez777@unaffiliated/amnez777] has quit [Excess Flood]
03:52 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
03:53 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
03:53 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn
03:54 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:54 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
03:55 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:56 -!- agorecki [~agorecki@S0106b8a38657b866.ok.shawcable.net] has left #openvpn ["Leaving"]
03:56 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
03:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 240 seconds]
03:59 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
04:01 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 240 seconds]
04:01 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
04:02 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 240 seconds]
04:04 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 240 seconds]
04:06 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
04:06 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
04:12 -!- mystica555 [~mystica55@97-118-103-175.hlrn.qwest.net] has joined #openvpn
04:12 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:12 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:13 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
04:16 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
04:23 -!- [DS]Matej_ [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
04:23 -!- WarDriver [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
04:26 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has quit [Ping timeout: 272 seconds]
04:26 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 272 seconds]
04:26 -!- Jeroen52 [~Jeroen@milkyway.jeroendeneef.com] has quit [Ping timeout: 272 seconds]
04:26 -!- [DS]Matej_ is now known as [DS]Matej
04:26 -!- typ [~quassel@unaffiliated/typ] has quit [Read error: Connection reset by peer]
04:27 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
04:29 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
04:29 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
04:29 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 272 seconds]
04:30 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Ping timeout: 246 seconds]
04:30 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
04:30 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
04:30 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:38 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
04:39 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
04:39 -!- _FBi- [~B@Aircrack-NG/User] has joined #openvpn
04:41 -!- Netsplit *.net <-> *.split quits: pppingme, __FBi, skyroveRR, defsdoor, WarDriver, marlinc, cylon512, [DS]Matej, @vpnHelper, lbft,  (+10 more, use /NETSPLIT to show all of them)
04:41 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
04:42 -!- Chex [~Chex@swampjax.northnook.ca] has joined #openvpn
04:45 -!- DzAirmaX_ [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
04:46 -!- Netsplit *.net <-> *.split quits: clu5ter, DzAirmaX
04:48 -!- Netsplit over, joins: @vpnHelper, [DS]Matej, subscope, Olipro, haasn, lbft, zylinx
04:50 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
04:50 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
04:52 -!- Netsplit *.net <-> *.split quits: @vpnHelper, haasn, subscope, Olipro, [DS]Matej, zylinx, lbft
04:52 -!- Netsplit over, joins: @vpnHelper, [DS]Matej, subscope, Olipro, haasn, lbft, zylinx
04:54 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
04:57 -!- banco [~ban@212.164.222.212] has joined #openvpn
04:57 -!- riddle [~decadance@us.yunix.net] has quit [Ping timeout: 271 seconds]
05:04 -!- Kniaz [Kniaz@unaffiliated/kniaz] has quit [Ping timeout: 325 seconds]
05:04 -!- n-st [~n-st@unaffiliated/n-st] has quit [Ping timeout: 325 seconds]
05:04 -!- themayor [~themayor@unaffiliated/themayor] has quit [Ping timeout: 325 seconds]
05:04 -!- e1z0 [~null@netlinux/founder/e1z0] has quit [Ping timeout: 325 seconds]
05:04 -!- fcktasarausrex [eugene@kashpureff.org] has quit [Ping timeout: 264 seconds]
05:07 -!- rich0_ is now known as rich0
05:11 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
05:12 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:16 -!- Kniaz [Kniaz@unaffiliated/kniaz] has joined #openvpn
05:16 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
05:29 -!- toli [~toli@ip-83-134-71-65.dsl.scarlet.be] has quit [Max SendQ exceeded]
05:29 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
05:30 -!- Netsplit *.net <-> *.split quits: @vpnHelper, marlinc, haasn, Olipro, [DS]Matej, lbft, zylinx
05:30 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 270 seconds]
05:30 -!- _FBi- [~B@Aircrack-NG/User] has quit [Ping timeout: 270 seconds]
05:30 -!- sarlalian [~sarlalian@107.170.239.102] has quit [Ping timeout: 270 seconds]
05:30 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 270 seconds]
05:31 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has quit [Ping timeout: 264 seconds]
05:31 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 264 seconds]
05:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 264 seconds]
05:31 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
05:31 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 264 seconds]
05:31 -!- toli [~toli@ip-83-134-71-65.dsl.scarlet.be] has joined #openvpn
05:35 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:35 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 264 seconds]
05:40 -!- CrazyyMaxx [CrazyyMaxx@2001:41d0:2:b743::] has quit [Ping timeout: 264 seconds]
05:42 -!- Netsplit over, joins: @vpnHelper, [DS]Matej, Olipro, haasn, lbft, zylinx
05:44 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has quit [Quit: /quit]
05:45 -!- toli [~toli@ip-83-134-71-65.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:45 -!- jefferai [sid1300@kde/mitchell] has quit [Ping timeout: 264 seconds]
05:46 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
05:48 -!- MarcoSlater_ [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
05:48 -!- Exagone314 [exa@elou.world] has joined #openvpn
05:50 -!- Netsplit *.net <-> *.split quits: lxusrbin, Magiobiwan, troyt, uiyice, jareth_, tapout, manitu, BtbN, _0x5eb_, jesopo,  (+24 more, use /NETSPLIT to show all of them)
05:50 -!- MarcoSlater_ is now known as MarcoSlater
05:50 -!- abbe_ [having@badti.me] has joined #openvpn
05:50 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
05:50 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
05:50 -!- mode/#openvpn [+o syzzer] by ChanServ
05:51 -!- Exagone314 is now known as Exagone313
05:51 -!- Netsplit over, joins: early
05:51 -!- Netsplit over, joins: pipework, jareth_
05:52 -!- Netsplit over, joins: tiago
05:52 -!- dan_j [sid21651@gateway/web/irccloud.com/x-cfkshcouhdpnornb] has quit [Ping timeout: 264 seconds]
05:52 -!- tiago [~tiago@unaffiliated/ttsda] has quit [Excess Flood]
05:53 -!- tiago [~tiago@unaffiliated/ttsda] has joined #openvpn
05:53 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
05:54 -!- NP-Compl1 [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
05:54 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
05:54 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
05:54 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
05:54 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Max SendQ exceeded]
05:54 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Max SendQ exceeded]
05:55 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
05:57 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
05:58 -!- tiago [~tiago@unaffiliated/ttsda] has quit [Ping timeout: 264 seconds]
05:59 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
05:59 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
06:01 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
06:01 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
06:02 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
06:03 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 264 seconds]
06:03 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
06:06 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
06:07 -!- jesopo [jess@2a00:d880:5:3a:2::1] has joined #openvpn
06:07 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
06:07 -!- Eugene [eugene@2600:3c01::14:7116] has joined #openvpn
06:09 -!- poseidon11571 [~poseidon1@63.224.64.142] has left #openvpn []
06:10 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
06:12 -!- Kniaz [Kniaz@unaffiliated/kniaz] has quit [Ping timeout: 264 seconds]
06:13 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has joined #openvpn
06:13 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
06:14 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has quit [Excess Flood]
06:14 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has joined #openvpn
06:14 -!- Kniaz [Kniaz@unaffiliated/kniaz] has joined #openvpn
06:15 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
06:15 -!- ShadniX [dagger@p5481DE4E.dip0.t-ipconnect.de] has joined #openvpn
06:16 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
06:17 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
06:17 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
06:17 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
06:17 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
06:17 -!- riddle [riddle@us.yunix.net] has joined #openvpn
06:18 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
06:18 -!- WarDriver [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
06:18 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
06:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:18 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
06:18 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
06:18 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
06:18 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
06:18 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:18 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
06:18 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
06:18 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
06:18 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
06:18 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
06:18 -!- mystica555 [~mystica55@97-118-103-175.hlrn.qwest.net] has joined #openvpn
06:18 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
06:18 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
06:19 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-loxrfidapphhdprx] has quit [Ping timeout: 264 seconds]
06:19 -!- fling [~fling@fsf/member/fling] has joined #openvpn
06:21 -!- banco [~ban@212.164.222.212] has joined #openvpn
06:21 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
06:24 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
06:28 -!- Eugene [eugene@2600:3c01::14:7116] has quit [Ping timeout: 264 seconds]
06:29 -!- subscope [~subscope@195.56.66.6] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:31 -!- manitu [~manitu@2a01:4f8:131:5169::2] has quit [Ping timeout: 264 seconds]
06:32 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
06:32 -!- subscope [~subscope@195.56.66.6] has joined #openvpn
06:33 -!- dan_j [sid21651@gateway/web/irccloud.com/x-gmfppkcljriyczsx] has joined #openvpn
06:33 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:37 -!- shio [~shio@220.188.103.84.rev.sfr.net] has joined #openvpn
06:39 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 264 seconds]
06:42 -!- Eugene [eugene@2600:3c01::14:7116] has joined #openvpn
06:43 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 264 seconds]
06:44 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Ping timeout: 264 seconds]
06:44 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 264 seconds]
06:44 -!- wsky [~sexyboy@unaffiliated/sexyboy] has joined #openvpn
06:44 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
06:45 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 264 seconds]
06:45 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 264 seconds]
06:45 -!- skyroveRR_ is now known as skyroveRR
06:45 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
06:45 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 264 seconds]
06:45 -!- xMopxShell [~xMopxShel@192.95.23.134] has quit [Ping timeout: 264 seconds]
06:45 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 264 seconds]
06:45 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 264 seconds]
06:45 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Ping timeout: 264 seconds]
06:45 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 264 seconds]
06:45 -!- riddle [riddle@us.yunix.net] has quit [Ping timeout: 264 seconds]
06:45 -!- subscope [~subscope@195.56.66.6] has quit [Ping timeout: 264 seconds]
06:45 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Ping timeout: 264 seconds]
06:45 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 264 seconds]
06:45 -!- mystica555 [~mystica55@97-118-103-175.hlrn.qwest.net] has quit [Ping timeout: 264 seconds]
06:45 -!- WarDriver [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has quit [Ping timeout: 264 seconds]
06:46 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
06:46 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 264 seconds]
06:46 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
06:46 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has joined #openvpn
06:48 < wsky> anyone heard of this: https://www.perfect-privacy.com/blog/2015/11/26/ip-leak-vulnerability-affecting-vpn-providers-with-port-forwarding/
06:48 <@vpnHelper> Title: Port Fail: Vulnerability reveals real IP | Perfect Privacy (at www.perfect-privacy.com)
06:49 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
06:49 < linuxthefish> hey, is it possible to combine 2 internet connections together to get higher bandwidth to a VPN server?
06:49 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-mfaxhuvhmvjfhsgx] has joined #openvpn
06:50 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
06:50 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
06:51 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
06:51 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
06:51 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
06:51 -!- Eugene [eugene@2600:3c01::14:7116] has quit [Ping timeout: 264 seconds]
06:54 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
06:54 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has quit [Read error: Connection reset by peer]
06:55 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
06:56 -!- fling [~fling@fsf/member/fling] has joined #openvpn
06:56 -!- WarDriver [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
06:58 -!- Eugene [eugene@2600:3c01::14:7116] has joined #openvpn
06:58 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
07:00 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
07:00 -!- _0x5eb_ [~seb@2001:470:d0ba:8000::1] has joined #openvpn
07:04 -!- _0x5eb_ [~seb@2001:470:d0ba:8000::1] has quit [Excess Flood]
07:05 -!- Eugene [eugene@2600:3c01::14:7116] has quit [Ping timeout: 264 seconds]
07:07 -!- mystica555 [~mystica55@97-118-103-175.hlrn.qwest.net] has joined #openvpn
07:09 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
07:10 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
07:10 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 264 seconds]
07:11 -!- Eugene [eugene@2600:3c01::14:7116] has joined #openvpn
07:11 -!- riddle [riddle@us.yunix.net] has joined #openvpn
07:12 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
07:12 -!- mode/#openvpn [+o syzzer] by ChanServ
07:15 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
07:16 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
07:18 -!- zylinx [uid43406@gateway/web/irccloud.com/x-rfdhvhlawxhzytap] has quit [Remote host closed the connection]
07:18 -!- jefferai [sid1300@kde/mitchell] has quit [Write error: Connection reset by peer]
07:19 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
07:20 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
07:20 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
07:21 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
07:23 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
07:23 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
07:25 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
07:26 -!- jesopo [jess@2a00:d880:5:3a:2::1] has quit [Excess Flood]
07:27 -!- dmilith [~dmilith@verknowsys.com] has joined #openvpn
07:27 -!- diytto [~diytto@2a01:4f8:162:124::2] has quit [Ping timeout: 264 seconds]
07:28 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
07:29 -!- _FBi [B@Aircrack-NG/User] has quit [Ping timeout: 264 seconds]
07:30 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 264 seconds]
07:30 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
07:31 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 264 seconds]
07:31 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 264 seconds]
07:31 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
07:31 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 264 seconds]
07:32 -!- jesopo [jess@lolnerd.net] has joined #openvpn
07:33 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Client Quit]
07:34 -!- kraut [~kraut@blackhole.netzdeponie.de] has quit [Ping timeout: 264 seconds]
07:35 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
07:36 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
07:36 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
07:36 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
07:37 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
07:39 -!- Eugene [eugene@2600:3c01::14:7116] has quit [Ping timeout: 264 seconds]
07:40 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
07:41 -!- JackWinter1 [~jack@vodsl-11049.vo.lu] has joined #openvpn
07:42 -!- JackWinter1 [~jack@vodsl-11049.vo.lu] has quit [Client Quit]
07:45 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
07:50 -!- master_o1_master [~master_of@p4FD7BAC1.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
07:54 < banco> linuxthefish: you can do the load balancing with iptables
07:56 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
07:56 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
07:57 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
07:58 -!- zylinx [uid43406@gateway/web/irccloud.com/x-kmfxppsojqgpistf] has joined #openvpn
07:58 -!- Netsplit *.net <-> *.split quits: sarlalian, k0nsl, jesopo
08:03 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 240 seconds]
08:03 -!- jesopo [jess@lolnerd.net] has joined #openvpn
08:18 < banco> !ovpnuke
08:19 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
08:25 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zwinonegqdnylwyr] has joined #openvpn
08:26 -!- dannier [~dannier@192.73.244.253] has joined #openvpn
08:26 < dannier> hi
08:26 < dannier> quick Q
08:27 < dannier> to use .cert, .key .ovpn with OpenVpn connect on an iphone, should i make sure they are all in UTF-8
08:27 < dannier> atm they are ANSI
08:31 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
08:33 -!- Netsplit *.net <-> *.split quits: @vpnHelper, marlinc, haasn, Olipro, lxusrbin, [DS]Matej, lbft, sillysausage
08:36 -!- Netsplit over, joins: marlinc
08:43 < dannier> no-one?
08:47 -!- dannier [~dannier@192.73.244.253] has quit [Read error: Connection reset by peer]
08:47 -!- Mike-- [mad@mx.probie.nl] has quit [Read error: Connection reset by peer]
08:51 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
08:54 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
08:54 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
08:54 -!- haasn [~haasn@2a01:4f8:d13:5245::2] has joined #openvpn
08:54 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
08:54 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
08:54 -!- ServerMode/#openvpn [+o vpnHelper] by verne.freenode.net
08:55 -!- DMA [~dma@190.146.128.106] has joined #openvpn
09:04 -!- banco [~ban@212.164.222.212] has quit [Quit: Lost terminal]
09:06 -!- banco [~ban@212.164.222.212] has joined #openvpn
09:14 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
09:17 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
09:17 -!- mode/#openvpn [+o dazo] by ChanServ
09:20 -!- dannier [dannier@117.185.76.94] has joined #openvpn
09:22 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 265 seconds]
09:24 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
09:25 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
09:30 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has joined #openvpn
09:31 -!- MalMen [~malmen@188.250.90.61] has joined #openvpn
09:31 < POQDavid> Hi i got problem with the TAP adapter
09:32 < POQDavid> WARNING: Failed to renew DHCP IP address lease on TAP-Windows adapter: The system cannot find the file specified.   (code=2)
09:32 < POQDavid> Fri Nov 27 18:53:35 2015 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
09:32 < POQDavid> and my vpn connects with errors and it wont work at all
09:40 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
09:45 -!- Zzyzx is now known as THX1138
09:47 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:58 -!- dannier [dannier@117.185.76.94] has quit [Ping timeout: 250 seconds]
09:59 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
10:00 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 250 seconds]
10:00 -!- NP-Compl1 [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
10:01 -!- abra0 [abra0@unaffiliated/abra0] has quit [Ping timeout: 250 seconds]
10:02 -!- banco [~ban@212.164.222.212] has joined #openvpn
10:07 -!- banco [~ban@212.164.222.212] has quit [Client Quit]
10:14 -!- NP-Compl1 [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
10:22 -!- banco [~ban@212.164.222.212] has joined #openvpn
10:24 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
10:24 -!- mode/#openvpn [+o pekster] by ChanServ
10:30 -!- banco [~ban@212.164.222.212] has quit [Quit: leaving]
10:30 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zwinonegqdnylwyr] has quit [Quit: Connection closed for inactivity]
10:35 -!- jafa [~jafa@2001:470:80ca:2000:cda0:281a:b015:4a1b] has joined #openvpn
10:36 < jafa> hi guys, I am seeing a problem where the openvpn client service terminates any time there is a network connectivity issue
10:37 < jafa> after lose connectivity the inactivity timer triggers and tries to restart things
10:38 < jafa> openvpn fails to reconnect (expected) due to the connectivity problem
10:38 < jafa> then reports that it is terminating due to a fatal error
10:38 < jafa> http://pastebin.com/uuS6RnNw
10:39 < jafa> at which point the service is no longer running
10:40 < jafa> log is from the client, trying to maintain two openvpn connections, neither of which are accessible due to a network connectivity issues somewhere upstream
10:40 -!- Amnez777 [~Amnez777@unaffiliated/amnez777] has joined #openvpn
10:42 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
10:47 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
10:51 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
10:52 -!- Netsplit *.net <-> *.split quits: jafa, sillysausage, @dazo, lxusrbin, @pekster, [DS]Matej, NP-Compl1, @vpnHelper, haasn, lbft
10:55 -!- mode/#openvpn [+o dazo] by ChanServ
10:55 -!- Netsplit over, joins: dazo
10:58 -!- pekster [~rewt@openvpn/community/developer/pekster] has joined #openvpn
10:58 -!- mode/#openvpn [+o pekster] by ChanServ
11:02 -!- jafa [~jafa@2001:470:80ca:2000:cda0:281a:b015:4a1b] has joined #openvpn
11:02 -!- NP-Compl1 [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
11:02 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
11:02 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
11:02 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
11:02 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
11:02 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
11:02 -!- ServerMode/#openvpn [+o vpnHelper] by verne.freenode.net
11:07 -!- banco [~ban@212.164.222.212] has joined #openvpn
11:07 -!- banco [~ban@212.164.222.212] has quit [Client Quit]
11:07 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
11:08 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
11:09 -!- banco [~ban@212.164.222.212] has joined #openvpn
11:10 -!- banco [~ban@212.164.222.212] has quit [Client Quit]
11:16 -!- banco [~ban@212.164.222.212] has joined #openvpn
11:16 -!- banco [~ban@212.164.222.212] has quit [Client Quit]
11:17 -!- banco [~ban@212.164.222.212] has joined #openvpn
11:19 -!- banco [~ban@212.164.222.212] has quit [Client Quit]
11:19 -!- banco [~ban@212.164.222.212] has joined #openvpn
11:20 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:22 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"]
11:30 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 240 seconds]
11:31 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 272 seconds]
11:31 -!- Exagone313 [exa@elou.world] has joined #openvpn
11:31 -!- zylinx [uid43406@gateway/web/irccloud.com/x-kmfxppsojqgpistf] has quit [Quit: Connection closed for inactivity]
11:32 -!- abbe [having@badti.me] has joined #openvpn
11:33 -!- abbe_ [having@badti.me] has quit [Ping timeout: 240 seconds]
11:33 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 240 seconds]
11:33 -!- Netsplit *.net <-> *.split quits: @pekster
11:38 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
11:41 -!- Netsplit over, joins: pekster
11:41 -!- mode/#openvpn [+o pekster] by ChanServ
11:41 -!- stemid [~avatar@vpn.sydit.se] has left #openvpn []
11:42 -!- abbe [having@badti.me] has quit [Ping timeout: 246 seconds]
11:42 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 246 seconds]
11:43 -!- GillesM [~gilles@mar75-5-82-235-31-65.fbx.proxad.net] has joined #openvpn
11:43 < GillesM> !welcome
11:43 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:43 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:46 -!- pekster [~rewt@openvpn/community/developer/pekster] has quit [Ping timeout: 246 seconds]
11:47 -!- Gaffel [~drone@217.215.243.210] has joined #openvpn
11:48 -!- abbe [having@badti.me] has joined #openvpn
11:50 -!- jefferai_ [sid1300@kde/mitchell] has joined #openvpn
11:51 -!- jefferai [sid1300@kde/mitchell] has quit []
11:51 -!- jefferai_ is now known as jefferai
11:53 -!- GillesM [~gilles@mar75-5-82-235-31-65.fbx.proxad.net] has quit [Quit: Quitte]
11:53 -!- f0o [~f0o@46.246.25.82] has quit [Ping timeout: 246 seconds]
11:54 -!- f0o [~f0o@46.246.25.82] has joined #openvpn
11:59 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
12:12 -!- Gaffel [~drone@217.215.243.210] has quit [Ping timeout: 245 seconds]
12:14 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
12:25 -!- Chex [~Chex@swampjax.northnook.ca] has quit [Remote host closed the connection]
12:25 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 246 seconds]
12:30 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
12:34 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
12:53 -!- dazo is now known as dazo_afk
13:11 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 246 seconds]
13:16 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 260 seconds]
13:18 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
13:18 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 246 seconds]
13:23 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
13:35 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
13:35 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:37 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
13:39 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
13:40 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
13:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
13:44 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:45 < jafa> http://pastebin.com/uuS6RnNw
13:47 < jafa> problem sequence: internet connectivity issue somewhere upstream. OpenVPN client try to reconnect. It fails (expected). OpenVPN client service terminates with fatal error.
13:48 < jafa> I need the OpenVPN client service to continue retrying so it will reconnect when the internet connectivity issue is resolved
13:50 < Eugene> jafa - you mean like --resolv-retry?
13:51 < jafa> I am using "resolv-retry infinite" in the client config
13:52 < jafa> log could suggest it is trying to do an operation on a non-existent tunnel which triggers a fatal error and the service dies
13:52 < jafa> OpenVPN does detect a problem and does retry
13:53 < jafa> but thows a fatal error cleanup up after the first retry fails
13:59 < banco> you seem to have two openvpn processes with master1 and master2 configs, maybe they interfere with each other?
14:10 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 246 seconds]
14:11 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
14:11 -!- MalMen [~malmen@188.250.90.61] has quit [Ping timeout: 264 seconds]
14:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 264 seconds]
14:17 -!- stemid [~avatar@vpn.sydit.se] has joined #openvpn
14:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:26 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has joined #openvpn
14:29 -!- stemid [~avatar@vpn.sydit.se] has left #openvpn []
14:30 -!- tomodachi [~tomodachi@s-000802a0bdd3.04-30-73746f34.cust.bredbandsbolaget.se] has joined #openvpn
14:30 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has joined #openvpn
14:30 < tomodachi> hi guys,  im trying to debug an issue I have,  im not sure that the keep alive 10 120 , is correct in my vpn tunnel?
14:30 < tomodachi> is UDP packet of lenght 53 every second when doing a TCPDUMP
14:31 < tomodachi> dont know exactly how filter for the ping packets, I assume they are not going within the tunnel, but are a part of the tunnel itself
14:34 < banco> tomodachi: try to use verb 9
14:36 < jafa> banco: confirming I am trying to maintain two vpn sessions on each client
14:37 -!- troyt [~troyt@2601:681:4600:99c1:44dd:acff:fe85:9c8e] has quit [Ping timeout: 264 seconds]
14:38 < banco> jafa: try with only one connection
14:38 < POQDavid> Hi
14:39 < POQDavid> i am getting this errors like
14:39 < POQDavid> WARNING: Failed to renew DHCP IP address lease on TAP-Windows adapter: The system cannot find the file specified.   (code=2)
14:39 < POQDavid> TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
14:39 < jafa> I could set up another client, problem is how to simulate an upstream network outage (these are VMs at datacenters)
14:39 < POQDavid> and i am on Windows 10 64bit
14:40 < POQDavid> vpn connects just fine but it looks like wont route my connection
14:40 < POQDavid> how i can fix it
14:41 < banco> jafa: ifdown && sleep && ifup?
14:45 < banco> POQDavid: show your configs
14:45 < POQDavid> banco: wait let me pastbin it
14:46 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
14:48 < POQDavid> banco: http://pastebin.com/NV5fXVjw
14:49 < banco> POQDavid: server config as well
14:50 < POQDavid> banco: oh sadly server is not mine
14:50 < POQDavid> banco: but this problem is fixed like with a reboot
14:52 < banco> POQDavid: when exactly are you getting this error? On first connection? On reconnect after timeout?
14:52 < POQDavid> banco: Well i get in both case
14:52 < POQDavid> banco: i get lots of lines like this TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
14:53 < POQDavid> banco: is that a bug in openvpn?
14:53 < POQDavid> banco: fails to route
14:54 < banco> POQDavid: try to disable tap adapter and reenable it
14:54 < POQDavid> banco: done that many times i even reinstalled it
14:54 < banco> POQDavid: it's something with the windows tap adapter
14:54 < POQDavid> banco: so whats wrong with it???
14:55 < POQDavid> banco: note that i am using 64bit openvpn and the tap also is 64bit
14:55 < POQDavid> is that wrong??
14:56 < banco> POQDavid: well, I also use 64-bit openvpn and tap driver, but never had this problem
14:56 < banco> POQDavid: there is a few such cases on openvpn forum
14:56 < POQDavid> banco: i know i saw them and test the ways they done
14:57 < POQDavid> i was wondering
14:57 < POQDavid> i need OemVista
14:57 < POQDavid> or
14:57 < POQDavid> OemWin2k
14:57 < POQDavid> because looked like TAP-Windows installed OemWin2k
14:58 < banco> POQDavid: try to stop and start again dhcp client
14:58 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
14:58 < POQDavid> banco: the service you mean?
14:58 < banco> POQDavid: yes
15:00 < POQDavid> banco: just that service or the rest of those that asking to be restarted
15:01 < POQDavid> banco: it's asking me to restart 6 other services do i restart them also
15:01 < banco> POQDavid: restart them too
15:02 < POQDavid> banco: ok done
15:02 < banco> POQDavid: try to connect then
15:02 < POQDavid> banco: ok
15:03 < POQDavid> banco: lol it worked wow
15:03 < banco> POQDavid: don't know though, how long it'll work
15:04 < POQDavid> banco: ok so what is the problem why the restart worked
15:04 < banco> POQDavid: dunno, just read this tip on forum
15:05 < banco> POQDavid: if the problem persists, try to remove options dhcp-renew and dhcp-release
15:05 < POQDavid> banco: oh ok
15:05 < banco> POQDavid: just a thought
15:06 < POQDavid> banco: well sure i can try it :) thanks a lot
15:06 < POQDavid> banco: i have to tell you that dhcp client some times fails to reboot lol
15:06 -!- toli [~toli@ip-83-134-64-124.dsl.scarlet.be] has joined #openvpn
15:06 < banco> POQDavid: is there any error message?
15:07 < POQDavid> banco: it happend once so i forgot to log it
15:07 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Remote host closed the connection]
15:08 < POQDavid> banco: can i use Ethernet Bridging in linux to route the vpn in linux to eth0
15:09 < POQDavid> like replacing br0 to eth0
15:09 < banco> POQDavid: what exactly you want to do? Route what and from where to where?
15:10 < POQDavid> banco: this is for other system not this one
15:10 < POQDavid> banco: i also got a linux so there is a pp0 that's my connection
15:10 < POQDavid> banco: then there is my eth0
15:11 -!- wiz [~sid1@irc-gw.wiz.network] has quit [Ping timeout: 260 seconds]
15:11 < POQDavid> with that i share connection to this one
15:11 < POQDavid> i was thinking if i use openvpn on linux it will be better
15:12 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
15:13 < banco> don't really understood. You have one machine with ppp0 - ISP and eth0 - LAN, and the second machite is connected to the eth0 of the first machine and have internet access from it?
15:16 < POQDavid> lol yah
15:16 -!- Kephael_ [~Kephael@unaffiliated/kephael] has joined #openvpn
15:16 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
15:18 < banco> POQDavid: and you want to move the vpn connection from second machine to first machine, but still have access to the vpn from the first machine?
15:18 < POQDavid> yes
15:20 < POQDavid> banco: and i am running a old version of ubuntu
15:23 < banco> POQDavid: yes, you can do this
15:23 < POQDavid> banco: ok when the eth0 is connected vpn fails to connect
15:24 < banco> POQDavid: it should work without any changes if your second machine have the first machine as default gateway and the first machine is not blocking any traffic
15:24 < banco> POQDavid: check the routes
15:25 < banco> POQDavid: what's the default gw
15:25 < POQDavid> banco: the internet?
15:26 < banco> POQDavid: paste output of "ip a" on first machine with eth0 connected
15:26 < banco> POQDavid: with eth0 and ppp0 connected
15:26 < banco> POQDavid: ah, sry "ip r"
15:27 < POQDavid> banco: ok ppp0 is my internet and then eth0 is the adapter i  use to share the connection
15:27 < banco> POQDavid: vpn is connecting to the host in internet?
15:28 < POQDavid> banco: well when i connect the vpn in first system it wont connect at all if eth0 is connected
15:30 < banco> POQDavid: paste the output of "ip r" on first system with eth0 connected
15:30 < POQDavid> banco: ok just a sec
15:33 -!- doop [~doop@colostomy.club] has joined #openvpn
15:37 < POQDavid> banco: http://pastebin.com/SAgqpUTN
15:38 < banco> POQDavid: what's in the openvpn log?
15:39 < POQDavid> banco: Well i used the connection manager from Ubuntu to connect
15:40 < banco> POQDavid: add log option to the config
15:40 < POQDavid> look is it possible to install a new openvpn on old linux
15:42 < banco> POQDavid: apt-get update && apt-get upgrade?
15:42 < POQDavid> oh well no that wont work
15:42 < banco> POQDavid: what's the openvpn version?
15:42 < POQDavid> wait
15:44 < POQDavid> ok openvpn 2.1.3-2ubuntu3
15:46 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 264 seconds]
15:46 -!- wiz [~sid1@irc-gw.wiz.network] has joined #openvpn
15:47 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
15:47 -!- mode/#openvpn [+o syzzer] by ChanServ
15:48 < banco> POQDavid: you can try to compile new version from sources, but I don't know what's with dependencies
15:49 < banco> POQDavid: check the logs first, the problem seems to be not the openvpn version
15:50 < POQDavid> banco: can it be my firewall
15:50 < banco> POQDavid: I think not, but what's the firewall policy?
15:52 < POQDavid> banco: http://pastebin.com/RpFkcBVr
15:55 < banco> POQDavid: don't see anything problematic, give me openvpn logs, when eth0 is connected
15:55 -!- Telvana [~digits@2605:a000:122d:c0b0:213:72ff:fefc:b034] has joined #openvpn
15:55 < POQDavid> banco: idk where they are in linux
15:56 < banco> POQDavid: add log /path/to/the/file option in config
15:56 < POQDavid> banco: so i have to run it from console
15:57 < banco> POQDavid: doesn't matter
16:02 < POQDavid> banco: ok wait
16:12 < POQDavid> banco: http://pastebin.com/3QVKAhDZ
16:12 < POQDavid> banco: sorry it took time
16:12 < banco> POQDavid: did you start openvpn as root?
16:13 < POQDavid> banco: then it wont let me read the log
16:13 < POQDavid> banco: but let me try
16:13 < banco> POQDavid: you need to start openvpn as root
16:14 < POQDavid> ok wait
16:17 < POQDavid> banco: i lose connection in the other system
16:17 < POQDavid> but now it's connects fine in the linux
16:17 < POQDavid> it*
16:18 < banco> POQDavid: openvpn connects on first machine, but you lose internet connection on second machine?
16:18 < POQDavid> yes
16:18 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Read error: Connection reset by peer]
16:19 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
16:19 < banco> POQDavid: you still can connect to the first machine?
16:19 < POQDavid> yes
16:19 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
16:19 < POQDavid> all works fine in first machine
16:19 < POQDavid> now
16:20 < banco> POQDavid: paste output of the "ip r" on the first machine
16:20 < POQDavid> it's same as before
16:21 < banco> POQDavid: paste routes of second machine
16:21 < POQDavid> oh the second one is windows
16:21 < banco> POQDavid: "route print"
16:21 < POQDavid> but looks like i got to route the openvpn connection to eth0
16:22 -!- JackWinter is now known as JackWinter_
16:23 < POQDavid> banco: sudo openvpn --config config.ovpn --log logs.log --auth-retry interact --management 127.0.0.1 25340
16:25 < POQDavid> banco: can be the --management 127.0.0.1 25340 the problem?
16:25 < banco> POQDavid: first you need to find out why the internet on the second machine stops working
16:25 < banco> POQDavid: no, it can't
16:25 < banco> POQDavid: paste the routes
16:25 < POQDavid> wait
16:27 < POQDavid> banco: http://pastebin.com/XPu0gNvk
16:29 < banco> POQDavid: the internet and vpn is working on the first machine?
16:29 < POQDavid> banco: yes
16:30 < POQDavid> banco: no error the log was 100% clean
16:31 < banco> POQDavid: but you have the same routes as here? http://pastebin.com/SAgqpUTN
16:31 < banco> POQDavid: no vpn routes?
16:31 < POQDavid> do i get the ip r when vpn is connected in linux?
16:32 < banco> POQDavid: yes
16:32 < POQDavid> okl
16:32 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
16:37 < POQDavid> banco: http://pastebin.com/e1rem9Hu
16:37 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 246 seconds]
16:37 -!- majestiic [~majestic@193.180.165.199] has joined #openvpn
16:37 < majestiic> If one installs OpenVPN on a windows 7 machine and connects to the VPN service the internet doesnt work. Even after disconnect and resetting the network adapter. Should you uninstall OpenVPN and reboot to just "restore" or what should one do?
16:37 < majestiic> It shows a connection to the wifi network but the pages cant load
16:39 < banco> POQDavid: well, you got some strange routes "0.0.0.0/1 via 10.130.0.13 dev tun0" and "128.0.0.0/1 via 10.130.0.13 dev tun0" that route part of the internet traffic via vpn instead of ppp0
16:39 < POQDavid> banco: ok you have any idea how i fix it
16:40 < banco> POQDavid: iptables -t nat -A POSTROUTING -s 192.168.58.0/24 -o tun0 -j MASQUERADE
16:40 < majestiic> NVM Solved it
16:40 < banco> POQDavid: try it
16:40 < POQDavid> ok hold on
16:47 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
16:50 < POQDavid> banco: Thank you so much
16:50 < POQDavid> banco: it works gr8
16:51 < banco> POQDavid: with these settings machine 2 will go in the internet via ppp0 if vpn is down or via tun0 if vpn is up
16:52 -!- somis [~somis@70.38.6.190] has joined #openvpn
16:52 < POQDavid> banco: if i remove -A POSTROUTING -s 192.168.58.0/24 -o ppp0 -j MASQUERADE
16:52 < POQDavid> banco: it wont connect when vpn is off right?
16:52 < banco> POQDavid: yes
16:53 < banco> POQDavid: but still, it's better to block it in forward chain
16:53 < POQDavid> banco: Well that's really cool :)
16:53 < POQDavid> banco: how?
16:55 < banco> POQDavid: paste the iptables rules once again, the old link is dead
16:56 < POQDavid> banco: give me a sec
16:57 < POQDavid> banco: http://pastebin.com/VeRkB7yP
16:57 -!- Exagone313 [exa@elou.world] has quit [Quit: see ya!]
16:59 < banco> iptables -D FORWARD 2 && iptables -I FORWARD 2 -s 192.168.58.0/24  -i eth0 -o tun0 -m conntrack --ctstate NEW -j ACCEPT
17:00 < POQDavid> banco: ok what that will do?
17:00 < banco> POQDavid: and you can remove  -A POSTROUTING -s 192.168.58.0/24 -o ppp0 -j MASQUERADE as well
17:00 < banco> POQDavid: it will forward only traffic from eth0 to tun0
17:00 < POQDavid> banco: i made a firewall rule for the openvpn
17:00 < banco> POQDavid: because you have DROP policy, then traffic from eth0 to ppp0 will be blocked
17:01 < POQDavid> banco: so for normal connection i use my old rule this one for openvpn right
17:02 < banco> POQDavid: for normal connection - from second machine via ppp0?
17:04 < POQDavid> banco: yap
17:04 < banco> If you want the second machine to go via ppp0, you need these rules:
17:04 < banco> -A POSTROUTING -s 192.168.58.0/24 -o ppp0 -j MASQUERADE
17:04 < banco> -A FORWARD -s 192.168.58.0/24 -i eth0 -o ppp0 -m conntrack --ctstate NEW -j ACCEPT
17:04 < banco> If you want the second machine to go via tun0, you need these rules:
17:04 < banco> -A POSTROUTING -s 192.168.58.0/24 -o tun0 -j MASQUERADE
17:04 -!- Exagone313 [exa@elou.world] has joined #openvpn
17:04 < banco> -A FORWARD -s 192.168.58.0/24 -i eth0 -o tun0 -m conntrack --ctstate NEW -j ACCEPT
17:05 < POQDavid> banco: ok well i have other rule that i use
17:05 < POQDavid> banco: i see now how it works
17:10 < POQDavid> banco: so with this firewall rule at any case if my vpn fails my ip wont leak?
17:12 < banco> POQDavid: with only tun0 rules above - yes
17:12 < banco> POQDavid: without ppp0 rules
17:13 -!- troyt [~troyt@2601:681:4600:7461:44dd:acff:fe85:9c8e] has joined #openvpn
17:14 < POQDavid> banco: ok that's very good :)
17:14 < POQDavid> banco: Thanks a lot
17:15 < POQDavid> banco: you just solved all my network problems :)
17:18 < POQDavid> banco: ok well you saw the version of my openvpn you think it's ok/safe to not update it?
17:21 < banco> POQDavid: it's better to install the new system, because there may be other outdated programs with some vulnerabilities
17:22 < POQDavid> banco: ah well that's right
17:22 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
17:25 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 265 seconds]
17:27 < POQDavid> banco: ok well all my problems are fixed with openvpn very cool :)
17:28 < POQDavid> banco: Well once more really thanks for the help and i gtg take care, bye
17:29 < banco> POQDavid: no problem, bye
17:29 -!- POQDavid [POQDavid@unaffiliated/poqdavid] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"]
17:47 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Excess Flood]
17:47 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
17:50 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:53 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 240 seconds]
17:57 -!- somis [~somis@70.38.6.190] has quit [Read error: Connection reset by peer]
18:08 -!- Kephael__ [~Kephael@unaffiliated/kephael] has joined #openvpn
18:09 -!- Kephael_ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
18:09 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Remote host closed the connection]
18:10 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:10 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
18:10 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 244 seconds]
18:13 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
18:25 -!- somis [~somis@70.38.6.186] has joined #openvpn
18:44 -!- blurider [45cb0b93@gateway/web/freenode/ip.69.203.11.147] has joined #openvpn
18:44 < blurider> I recently lost my ca.key
18:45 < blurider> I'd like to create a new ca.key but key the currently distributed keys. Is there a way for me to just sign the old ca.crt with my new ca.crt?
18:46 < blurider> So basically, clients have ca.crt and keys; I have a new ca.key and ca.crt. I'd like them to not to have to make any changes but for my server to trust the old ca.crt with the new ca.key
18:50 < banco> blurider: you can't sigh with .crt, you need to have a .key to sign any .crt
18:51 -!- troyt [~troyt@2601:681:4600:7461:44dd:acff:fe85:9c8e] has quit [Quit: AAAGH!  IT BURNS!]
18:52 < blurider> banco: Yeah. So I generate a new .key and .crt. I lost my old .key. Can I just sign the old.crt with a new .key?
18:54 < banco> blurider: you can try it: openssl x509 -in ca_new.crt -days 36500 -out ca_old.crt -signkey ca_new.key
18:56 < blurider> banco: Before I do that; I'd like to go through it in theory. Basically, new.key signs old.crt. What will I need to update server side and client side?
18:56 < blurider> banco: Will the server need a new ca.crt? Can the clients use their old ca.crt?
19:13 < banco> blurider: http://community.openvpn.net/openvpn/wiki/Using_Certificate_Chains
19:13 <@vpnHelper> Title: Using_Certificate_Chains – OpenVPN Community (at community.openvpn.net)
19:33 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:11 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
20:16 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
20:17 -!- Kephael__ [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:32 -!- somis [~somis@70.38.6.186] has quit [Quit: Leaving]
21:00 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
21:00 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
21:04 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Remote host closed the connection]
21:10 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
21:16 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
21:47 -!- blurider [45cb0b93@gateway/web/freenode/ip.69.203.11.147] has quit [Ping timeout: 246 seconds]
22:04 -!- johnny56_ is now known as johnny56
23:01 -!- excalibr [excalibr@gateway/shell/firrre/x-ilecjvfdtcvguqpz] has joined #openvpn
23:06 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
23:23 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:26 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
23:38 -!- abbe_ [having@badti.me] has joined #openvpn
23:41 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
23:42 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 265 seconds]
23:42 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 265 seconds]
23:42 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
23:43 -!- DzAirmaX_ [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 246 seconds]
23:43 -!- toli [~toli@ip-83-134-64-124.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
23:43 -!- toli [~toli@ip-83-134-64-124.dsl.scarlet.be] has joined #openvpn
23:44 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 265 seconds]
23:47 -!- jerich1wasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
23:47 -!- ShadniX [dagger@p5481DE4E.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:48 -!- Netsplit *.net <-> *.split quits: Telvana, majestiic, jerichowasahoax, @syzzer, rich0, abbe, skyroveRR, Thermi, pppingme
23:49 -!- Netsplit *.net <-> *.split quits: jeev, Buffman, MidnightCommand-, @dazo_afk, sillysausage
23:49 -!- ShadniX [dagger@p5DDFC8CD.dip0.t-ipconnect.de] has joined #openvpn
23:50 -!- MogDog [~mogdog@104.131.20.250] has quit [Quit: Server shutdown]
23:51 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
23:52 -!- Netsplit over, joins: Thermi
23:54 -!- Netsplit over, joins: skyroveRR
23:54 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
23:54 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
23:54 -!- jerich1wasahoax is now known as jerichowasahoax
23:54 -!- lkjahsdkfj is now known as uiyice_
23:55 -!- abra0_ [abra0@unaffiliated/abra0] has joined #openvpn
23:55 -!- dan_j_ [sid21651@gateway/web/irccloud.com/x-mnaonhldpcroccxm] has joined #openvpn
23:55 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
23:56 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
23:56 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
23:56 -!- pipecloud [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
--- Day changed Sat Nov 28 2015
00:00 -!- x5eb [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
00:00 -!- fling_ [~fling@fsf/member/fling] has joined #openvpn
00:01 -!- xMopxShe- [~xMopxShel@192.95.23.134] has joined #openvpn
00:01 -!- varesa- [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
00:01 -!- DzAirmaX_ [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
00:01 -!- _FBi- [~B@Aircrack-NG/User] has joined #openvpn
00:01 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
00:02 -!- Netsplit *.net <-> *.split quits: valkyr1e, AlexRussia, uiyice, riddle, MrPockets, WarDriver, _0x5eb_, mgorbach, moviuro, xMopxShell,  (+21 more, use /NETSPLIT to show all of them)
00:02 -!- fling_ [~fling@fsf/member/fling] has quit [Excess Flood]
00:02 -!- abra0_ is now known as abra0
00:02 -!- Brando753-o_O_o [~Brando753@unaffiliated/brando753] has joined #openvpn
00:02 -!- pipecloud is now known as pipework
00:02 -!- x5eb is now known as _0x5eb_
00:02 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Max SendQ exceeded]
00:03 -!- fling_ [~fling@fsf/member/fling] has joined #openvpn
00:03 -!- xMopxShe- is now known as xMopxShell
00:03 -!- Netsplit over, joins: OS-16517
00:03 -!- Netsplit over, joins: riddle
00:04 -!- Netsplit over, joins: linuxthefish
00:04 -!- moviuro [~moviuro@151.80.43.167] has joined #openvpn
00:04 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
00:04 -!- Netsplit over, joins: ayaz
00:04 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
00:05 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
00:05 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
00:05 -!- fling_ is now known as fling
00:07 -!- Netsplit over, joins: valkyr1e, mgorbach
00:07 -!- Netsplit over, joins: mystica555, themayor
00:08 -!- Netsplit *.net <-> *.split quits: Brando753, chamunks
00:08 -!- Brando753-o_O_o is now known as Brando753
00:09 -!- Netsplit over, joins: MogDog
00:09 -!- Netsplit over, joins: cylon512
00:09 -!- Netsplit over, joins: chamunks
00:10 -!- dan_j_ is now known as dan_j
00:11 -!- Netsplit over, joins: AlexRussia
00:14 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
00:15 -!- jerichowasahoax [~nick@unaffiliated/jerichowasahoax] has joined #openvpn
00:19 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
00:42 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
00:56 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
01:20 -!- subzero79 [~subzero79@static.9.105.9.5.clients.your-server.de] has joined #openvpn
01:22 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 240 seconds]
01:44 -!- ShadniX [dagger@p5DDFC8CD.dip0.t-ipconnect.de] has joined #openvpn
02:09 -!- banco [~ban@212.164.222.212] has quit [Quit: leaving]
02:12 -!- banco [~ban@212.164.222.212] has joined #openvpn
02:13 -!- banco [~ban@212.164.222.212] has quit [Client Quit]
02:13 -!- banco [~ban@212.164.222.212] has joined #openvpn
02:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
02:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:28 -!- banco [~ban@212.164.222.212] has quit [Quit: leaving]
02:28 -!- banco [~ban@212.164.222.212] has joined #openvpn
02:32 -!- banco [~ban@212.164.222.212] has quit [Client Quit]
02:33 -!- banco [~ban@212.164.222.212] has joined #openvpn
02:48 -!- banco [~ban@212.164.222.212] has quit [Quit: leaving]
02:50 -!- jeev [~j@107.170.196.88] has joined #openvpn
02:50 -!- Buffman [~Buffman@my.irc-bit.ch] has joined #openvpn
02:50 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
02:51 -!- jeev [~j@107.170.196.88] has quit [Changing host]
02:51 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
02:52 -!- Guest34000 [~staff@2606:df00:2::c507:6bf4] has joined #openvpn
02:59 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
03:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 240 seconds]
03:00 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
03:01 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
03:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:06 -!- wkts [~wkts@159.203.5.131] has joined #openvpn
03:07 -!- banco [~ban@212.164.222.212] has joined #openvpn
03:07 -!- banco [~ban@212.164.222.212] has quit [Client Quit]
03:07 < wkts> My google-fu has failed. Is there anyway to allow one program operating on a specific port to bypass openVPN?
03:07 -!- banco [~ban@212.164.222.212] has joined #openvpn
03:07 -!- banco [~ban@212.164.222.212] has quit [Client Quit]
03:08 -!- banco [~ban@212.164.222.212] has joined #openvpn
03:18 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:18 -!- mode/#openvpn [+o mattock1] by ChanServ
03:19 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:19 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
03:19 -!- mode/#openvpn [+o syzzer] by ChanServ
03:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 240 seconds]
03:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 240 seconds]
03:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 240 seconds]
03:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
03:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
03:53 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:02 -!- doop [~doop@colostomy.club] has joined #openvpn
04:07 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 244 seconds]
04:09 -!- GillesM [~gilles@mar75-5-82-235-31-65.fbx.proxad.net] has joined #openvpn
04:22 < GillesM> hello I got openvpn working but I can ssh through vpn .. can you help me ?
04:31 -!- gallatin [~gallatin@2001:4dd0:ff00:9ce5::1] has joined #openvpn
04:35 -!- doop [~doop@colostomy.club] has joined #openvpn
04:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
04:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:51 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
04:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
04:51 < Sambom> !paste
04:51 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
04:52 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:52 < Sambom> !config
04:52 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
04:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:01 -!- v2 [~vtwo@unaffiliated/vtwo] has joined #openvpn
05:05 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:07 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:18 -!- shio [shio@220.188.103.84.rev.sfr.net] has joined #openvpn
05:19 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
05:27 -!- v2 is now known as vtwo
05:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
06:09 -!- dannier [~dannier@192.73.244.253] has joined #openvpn
06:10 < dannier> anyone have experience with OpenVpn Connect?
06:10 -!- lotharn5 is now known as lotharn
06:10 < dannier> for android or iOS phones
06:18 -!- dannier [~dannier@192.73.244.253] has quit [Ping timeout: 260 seconds]
06:22 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has joined #openvpn
06:33 -!- stemid [~avatar@vpn.sydit.se] has joined #openvpn
06:38 -!- dannier [~dannier@192.73.244.253] has joined #openvpn
06:38 < dannier> im getting a weird issue where after connect with client, need wait around 10 minutes before can browse websites etc
06:39 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
06:42 < dannier> here's the conf's and logs
06:42 < dannier> http://pastebin.com/AxFW1jyi
06:43 < dannier> if anyone spots a possible reason many thanks
06:48 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
06:48 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:57 < dannier> one thing i've noticed happening constantly in log:
06:57 < dannier> http://pastebin.com/W4NCpQBU
06:57 < dannier> Sat Nov 28 12:49:56 2015 180.159.204.178:55687 TLS Error: reading acknowledgement record from packet
07:02 < dannier> its making the log file take up alot of disk space quickly
07:13 < banco> dannier: check the client logs
07:13 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
07:21 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
07:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
07:25 -!- gallatin [~gallatin@2001:4dd0:ff00:9ce5::1] has quit [Ping timeout: 240 seconds]
07:26 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
07:31 < dannier> nothing unusual in clientr log
07:31 < dannier> but ive only got it set to verb 3
07:35 < banco> dannier: there should be something, for example, in this log http://pastebin.com/AxFW1jyi the client connects at 12:14 and as I understood from your explanation, for the next 10 minutes vpn network on client is not working, but when the client reconnects after 10 minutes at 12:24 then all start working, then what happens on the client in between 12:14 and 12:24? What is the reason for reconnect? Inactivity timeout?
07:36 -!- GillesM [~gilles@mar75-5-82-235-31-65.fbx.proxad.net] has quit [Ping timeout: 240 seconds]
07:36 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
07:37 -!- dannier [~dannier@192.73.244.253] has quit [Ping timeout: 260 seconds]
07:45 -!- dannier [dannier@117.185.76.94] has joined #openvpn
07:46 < dannier> k here's client log on verb 7
07:50 < dannier> http://pastebin.com/nW7wgLKV
07:55 < banco> dannier: I need the log, from the moment where client connect first and vpn network is not working for it till the moment after ~10 min, when the vpn network start to work for the client (client reconnect or something)
07:56 < banco> dannier: or vpn start to work without anything in client log?
08:01 < dannier> banco OK
08:01 < dannier> its very verbose on verb 7
08:02 -!- GillesM [~gilles@mar75-5-82-235-31-65.fbx.proxad.net] has joined #openvpn
08:13 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Ping timeout: 240 seconds]
08:13 < banco> dannier: enable mute
08:24 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 272 seconds]
08:30 -!- FlipBill [~bill@smtpv3.cosi.net] has joined #openvpn
08:33 < GillesM> hi I have problem to ping through vpn ... :(
09:02 < dannier> keep getting this error on server log
09:02 < dannier> Sat Nov 28 14:56:04 2015 client1/180.159.204.178:56179 Authenticate/Decrypt packet error: packet HMAC authentication failed
09:05 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
09:10 < stemid> oops, got disconnected. not sure if my message went through so sorry if I'm repeating myself.
09:11 < stemid> my openvpn configuration gives me a default route even though I've tried to disable this. I only want a single subnet routed. here is the config and you can see I've commented out the old redirect-gateway def1 part http://fpaste.org/295372/44872304/
09:11 -!- JackWinter_ [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
09:18 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
09:21 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
09:24 < banco> dannier: seems to me, like you have two openvpn processes running on client with the same config
09:25 < dannier> http://pastebin.com/ZFf7MXNS
09:25 < dannier> client log doesn't show anything odd, that's the server log
09:26 < dannier> after a 5 to 10 min delay vpn works fine, but when it starts working nothing new is in the log
09:26 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:29 < banco> dannier: do you have unstable internet connection on the client?
09:30 < dannier> nope
09:30 < dannier> internet works just fine
09:33 < banco> dannier: can you give me the client log from 15:11 to 15:17? Otherwise I have no clues.
09:38 < banco> stemid: restart server, restart client, show client config
09:42 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
10:05 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
10:10 -!- repozitor [~repozitor@unaffiliated/deadperson] has joined #openvpn
10:11 < repozitor> hi
10:11 < repozitor> why i can't connect to openvpn server?
10:11 < repozitor> http://paste.ubuntu.com/13543996/
10:11 < repozitor> this is the log file of openvpn client
10:11 < repozitor> i can connect to openvpn server direct, but i setup an squid, and throughout squid i see this error on openvpn client
10:11 < repozitor> what is wrong with me?
10:17 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
10:24 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
10:25 -!- repozitor [~repozitor@unaffiliated/deadperson] has quit [Ping timeout: 246 seconds]
10:42 -!- Tenhi_ [~tenhi@static-ip-69-64-50-196.inaddr.ip-pool.com] has joined #openvpn
10:54 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
11:07 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
11:30 -!- NP-Compl1 [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 0.4.3]
11:31 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
11:35 -!- somis [~somis@70.38.6.186] has joined #openvpn
11:45 -!- valdikss [~valdikss@95.215.45.33] has joined #openvpn
12:22 -!- zykotick9 [~zykotick9@fsf/member/zykotick9] has joined #openvpn
12:22 -!- zykotick9 [~zykotick9@fsf/member/zykotick9] has left #openvpn []
12:23 -!- ShadniX [dagger@p5DDFC8CD.dip0.t-ipconnect.de] has quit [Quit: Bye.]
12:24 -!- ShadniX [~ShadniX@p5DDFC8CD.dip0.t-ipconnect.de] has joined #openvpn
12:24 -!- ShadniX [~ShadniX@p5DDFC8CD.dip0.t-ipconnect.de] has quit [Client Quit]
12:25 -!- ShadniX [dagger@p5DDFC8CD.dip0.t-ipconnect.de] has joined #openvpn
12:26 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
12:27 -!- isReKT2000 [isReKT2000@gateway/shell/layerbnc/x-nnczpeeeoanvwiaf] has joined #openvpn
12:28 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
12:37 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
12:38 -!- DJ_Bitcon [~lda@unaffiliated/dj-bitcon/x-8087057] has joined #openvpn
12:39 < DJ_Bitcon> !ovpnuke
12:39 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
12:48 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
12:48 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
13:05 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
13:05 -!- repozitor [~repozitor@unaffiliated/deadperson] has joined #openvpn
13:13 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:19 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
13:20 -!- Zzyzx is now known as THX1138
13:20 -!- repozitor [~repozitor@unaffiliated/deadperson] has left #openvpn []
14:16 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Quit: leaving]
14:17 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
14:23 -!- cylon512 [~cylon@nat2-nj01.vmpanel.net] has quit [Quit: leaving]
14:23 -!- cylon_ [~cylon@nat2-nj01.vmpanel.net] has joined #openvpn
14:24 -!- cylon_ [~cylon@nat2-nj01.vmpanel.net] has quit [Client Quit]
14:26 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
14:26 -!- cylon512 [~cylon512@nat2-nj01.vmpanel.net] has joined #openvpn
14:27 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Max SendQ exceeded]
14:28 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
14:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
14:30 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Max SendQ exceeded]
14:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:31 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
14:36 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Remote host closed the connection]
15:06 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
15:06 -!- metaf5 [~metaf5@31.220.42.38] has joined #openvpn
15:10 -!- stemid [~avatar@vpn.sydit.se] has quit [Remote host closed the connection]
15:12 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 265 seconds]
15:17 -!- Netsplit *.net <-> *.split quits: Buffman, doop, MidnightCommand-, jeev
15:19 -!- Netsplit *.net <-> *.split quits: toli
15:24 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has joined #openvpn
15:24 < BankZ> Where can I find the windows openvpn client?
15:25 < BankZ> This looks like the server: https://openvpn.net/index.php/open-source/downloads.html
15:25 <@vpnHelper> Title: Downloads (at openvpn.net)
15:25 < BankZ> but I could be wrong
15:25 -!- Tenhi_ [~tenhi@static-ip-69-64-50-196.inaddr.ip-pool.com] has quit [Read error: Connection reset by peer]
15:25 < BankZ> so, that link is the client and not server?
15:26 < banco> BankZ: openvpn may be client or server depending on config file
15:27 < BankZ> ok, thanks
15:27 < BankZ> im trying to setup a server on openwrt
15:27 < BankZ> should be fun
15:34 -!- zylinx [uid43406@gateway/web/irccloud.com/session] has joined #openvpn
15:37 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
15:37 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
15:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
15:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
15:53 -!- Tenhi_ [~tenhi@static-ip-69-64-50-196.inaddr.ip-pool.com] has joined #openvpn
16:05 < BankZ> when setting up a server, when should I use tun vs tap?
16:05 < BankZ> im a noob
16:05 < banco> tun for routing, tap for bridging
16:06 < BankZ> I just want to be able to connect to my network remotely and use it to secure my traffic when im at a hotel
16:08 < banco> use tun
16:09 < banco> https://openvpn.net/index.php/open-source/documentation/howto.html#redirect
16:09 <@vpnHelper> Title: HOWTO (at openvpn.net)
16:11 < BankZ> banco: thanks, im following this: https://wiki.openwrt.org/doc/howto/vpn.openvpn
16:11 < BankZ> but I will read that too
16:19 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer]
16:20 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
16:25 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 240 seconds]
16:27 -!- zylinx [uid43406@gateway/web/irccloud.com/session] has quit [Changing host]
16:27 -!- zylinx [uid43406@gateway/web/irccloud.com/x-voeupbaaqtjdrqmi] has joined #openvpn
17:00 -!- toli [~toli@62.235.57.162] has joined #openvpn
17:22 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:31 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has joined #openvpn
18:23 -!- jeev [~j@107.170.196.88] has joined #openvpn
18:23 -!- doop [~doop@colostomy.club] has joined #openvpn
18:23 -!- Buffman [~Buffman@my.irc-bit.ch] has joined #openvpn
18:23 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has joined #openvpn
18:24 -!- jeev [~j@107.170.196.88] has quit [Changing host]
18:24 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
18:32 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has quit [Remote host closed the connection]
18:32 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
18:36 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Remote host closed the connection]
19:17 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
19:34 -!- somis [~somis@70.38.6.186] has quit [Quit: Leaving]
19:54 -!- s7eele [~AndChat52@162.216.46.14] has joined #openvpn
20:05 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 244 seconds]
20:05 -!- Buffman [~Buffman@my.irc-bit.ch] has quit [Ping timeout: 244 seconds]
20:05 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.1.1]
20:06 -!- MidnightCommand- [~MidnightC@li438-231.members.linode.com] has quit [Ping timeout: 244 seconds]
20:06 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
20:07 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 244 seconds]
20:10 -!- BankZ- [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has joined #openvpn
20:10 < BankZ-> Is there an openvpn client for macos?
20:29 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
20:34 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
20:53 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has joined #openvpn
20:53 < BankZ> i cant get DNS to work with my local network
20:53 -!- BankZ- [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has quit [Ping timeout: 260 seconds]
20:54 < BankZ> when I do a nslookup, it seems like its picking the right server
20:54 < BankZ> but it doesnt resolve
21:04 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
21:05 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer]
21:22 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has joined #openvpn
21:22 < BankZ> does the order of the items in the conf matter?
21:24 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
21:30 -!- jerichowasahoax [~nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 240 seconds]
21:30 < DJ_Bitcon> no
21:36 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
21:52 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
21:59 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer]
22:08 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
22:16 -!- zylinx [uid43406@gateway/web/irccloud.com/x-voeupbaaqtjdrqmi] has quit [Quit: Connection closed for inactivity]
22:29 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 260 seconds]
22:37 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 246 seconds]
22:38 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Ping timeout: 272 seconds]
22:39 -!- sh1rtybird [~quassel@205.185.122.214] has quit [Ping timeout: 272 seconds]
22:40 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
22:41 -!- shootbird [~quassel@205.185.122.214] has joined #openvpn
22:41 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
22:49 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
22:53 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
23:19 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Quit: Leaving]
23:29 -!- mystica555_ [~mystica55@184-96-152-170.hlrn.qwest.net] has joined #openvpn
23:29 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 246 seconds]
23:29 -!- shootbird [~quassel@205.185.122.214] has quit [Quit: No Ping reply in 180 seconds.]
23:30 -!- Netsplit *.net <-> *.split quits: Guest34000
23:32 -!- mystica555 [~mystica55@97-118-103-175.hlrn.qwest.net] has quit [Ping timeout: 260 seconds]
23:32 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
23:32 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
23:34 -!- Netsplit *.net <-> *.split quits: sillysausage
23:34 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
23:42 -!- Netsplit over, joins: sillysausage
23:43 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
23:44 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
23:45 -!- ShadniX [dagger@p5DDFC8CD.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:47 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
23:47 -!- dograt [~dograt@wsip-24-120-113-61.lv.lv.cox.net] has joined #openvpn
23:48 -!- ShadniX [dagger@p57941040.dip0.t-ipconnect.de] has joined #openvpn
23:57 -!- doop [~doop@colostomy.club] has joined #openvpn
--- Day changed Sun Nov 29 2015
00:03 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:51 -!- Tenhi_ [~tenhi@static-ip-69-64-50-196.inaddr.ip-pool.com] has quit [Read error: Connection reset by peer]
00:54 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:54 -!- Tenhi_ [~tenhi@static-ip-69-64-50-196.inaddr.ip-pool.com] has joined #openvpn
01:36 -!- e1z0 [u571@netlinux/founder/e1z0] has joined #openvpn
02:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:02 -!- mode/#openvpn [+o mattock1] by ChanServ
02:17 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
02:17 -!- wiz_ [~sid1@irc-gw.wiz.network] has joined #openvpn
02:17 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 264 seconds]
02:18 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 264 seconds]
02:18 -!- Tykling [tykling@gibfest.dk] has quit [Ping timeout: 264 seconds]
02:18 -!- wiz [~sid1@irc-gw.wiz.network] has quit [Ping timeout: 264 seconds]
02:18 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 264 seconds]
02:18 -!- f0o [~f0o@46.246.25.82] has quit [Ping timeout: 264 seconds]
02:18 -!- sarlalian [~sarlalian@107.170.239.102] has quit [Ping timeout: 264 seconds]
02:18 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has quit [Ping timeout: 264 seconds]
02:18 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
02:18 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
02:18 -!- wiz_ is now known as wiz
02:19 -!- Tykling [tykling@gibfest.dk] has joined #openvpn
02:20 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
02:29 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
02:30 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
02:30 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
02:30 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 260 seconds]
02:31 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
02:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
02:33 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
02:33 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
02:36 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
02:36 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
02:37 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Ping timeout: 240 seconds]
02:41 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
03:11 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
03:29 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
03:36 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
03:39 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:40 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
03:49 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
03:55 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
03:57 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
04:21 -!- dmilith_ [~dmilith@verknowsys.com] has joined #openvpn
04:21 -!- dmilith_ is now known as dmilith
04:25 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:25 -!- dmilith is now known as dmilith2
04:26 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:27 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:27 -!- dmilith2 is now known as dmilith
04:27 -!- dmilith is now known as dmilith2
04:32 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:32 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:35 -!- dmilith2 is now known as dmilith
04:37 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
04:37 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
04:38 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:43 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:44 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:47 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
04:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:54 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:55 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:00 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
05:00 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:03 -!- s7eele [~AndChat52@162.216.46.14] has quit [Quit: Bye]
05:05 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
05:06 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:07 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has quit [Read error: Connection reset by peer]
05:11 -!- dmilith is now known as dmilith2
05:12 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has joined #openvpn
05:12 < BankZ> Is there an openvpn client for macos?
05:14 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
05:22 -!- dmilith2 is now known as dmilith
05:26 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer]
05:36 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has joined #openvpn
05:38 < abbe_> Tunnelblick is one of the OpenVPN client for OS X
05:39 -!- cheesenbiscuits [~cheesenbi@115.134.2.66] has joined #openvpn
05:39 < cheesenbiscuits> Hi All..
05:39 < cheesenbiscuits> Do anybody know of a good example of using policy based routing with OpenVPN using a destination i.p range insted of a source i.p address?
05:39 < cheesenbiscuits> (using dd-wrt)
05:42 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer]
06:02 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has joined #openvpn
06:04 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
06:08 -!- cheesenbiscuits [~cheesenbi@115.134.2.66] has quit [Remote host closed the connection]
06:19 -!- BankZ [~temp@c-73-161-152-148.hsd1.mi.comcast.net] has quit [Read error: No route to host]
06:34 -!- GillesM [~gilles@mar75-5-82-235-31-65.fbx.proxad.net] has quit [Quit: Quitte]
06:36 -!- Denial [~Denial@81.141.18.138] has quit []
06:38 -!- Denial [~Denial@81.141.18.138] has joined #openvpn
06:44 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has joined #openvpn
06:56 -!- subscope [~subscope@BC24348C.catv.pool.telekom.hu] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:59 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
07:08 -!- dograt [~dograt@wsip-24-120-113-61.lv.lv.cox.net] has quit [Quit: Leaving]
07:11 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
07:43 -!- cnf [G2al1Eczzj@unaffiliated/cnf] has joined #openvpn
07:45 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
07:47 -!- rax- is now known as RAX
07:48 -!- RAX is now known as rax-
07:49 -!- ghoti [~paul@hq.experiencepoint.com] has quit [Read error: Connection reset by peer]
07:49 -!- ghoti [~paul@hq.experiencepoint.com] has joined #openvpn
07:49 -!- doop [~doop@colostomy.club] has quit [Excess Flood]
07:49 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
07:50 -!- doop [~doop@colostomy.club] has joined #openvpn
07:53 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
08:13 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 240 seconds]
08:13 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Ping timeout: 240 seconds]
08:14 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
08:28 < cnf> hi, is there a way to change the restart pause?
08:29 -!- openvpn812 [53847a99@gateway/web/freenode/ip.83.132.122.153] has joined #openvpn
08:30 < openvpn812> hello, after install and run successful my open vpn server apache cannot serve http on port 80, restart the process wont do anything suspicious as it starts ok any ideia of what might be happening?
08:31 < openvpn812> dns is ok I've done dig...
08:36 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ywykubsxkhiladlj] has joined #openvpn
08:37 -!- iNs [~ins@85.17.164.26] has quit [Quit: probably fiddling... x)]
08:40 -!- iNs [~ins@85.17.164.26] has joined #openvpn
09:05 -!- openvpn812 [53847a99@gateway/web/freenode/ip.83.132.122.153] has quit [Ping timeout: 246 seconds]
09:11 -!- jsparks [53847a99@gateway/web/freenode/ip.83.132.122.153] has joined #openvpn
09:17 -!- musca [~musca@tyrael.eu] has joined #openvpn
09:39 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
09:42 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
10:14 -!- julianoliver [~julian@ip5b406daa.dynamic.kabel-deutschland.de] has joined #openvpn
10:14 -!- jsparks [53847a99@gateway/web/freenode/ip.83.132.122.153] has quit [Ping timeout: 246 seconds]
10:19 -!- avril [~L@I.thought.this.was.dalnet.ca] has quit [Remote host closed the connection]
10:29 -!- albru123 [~Albert@ip-89-176-183-241.net.upcbroadband.cz] has joined #openvpn
10:30 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Quit: I will be back later! :-)]
10:32 < albru123> Hello there, I'm now trying to troubleshoot "TLS handshake failed" issue on a server side. Should those CA values be the same? http://i.imgur.com/Fo5tNQN.png
10:33 < albru123> Also sorry for not using pastebin, I'm just too lazy, to copy it from SSH terminal.
10:33 -!- rax- is now known as RAX
10:34 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
10:35 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
10:35 -!- RAX is now known as rax-
10:40 -!- Mantaalex [~alex@gsi.opelmanta.be] has joined #openvpn
10:40 < Mantaalex> hey i got a question i have 1 vps with debian 6 on it with only 1 internet IP
10:41 < Mantaalex> can i use openvpn for only 1 client?
10:42 < Mantaalex> with only 1 ip i want to set server my.ip.is.118 255.255.255.0 in config
10:42 < Mantaalex> but than openvpn doesn't start only if i put in my my.ip.is.0 but than he uses ips that doesn't belong to my vps
10:43 < Mantaalex> anyone got a solution did not find anything on google
10:46 < julianoliver> hi. i run an OpenVPN server that currently has around 20 clients. i need to be able to scale up to support ~1000 DHCP IPv4 clients at any given time. client-to-client is not necessary. what is the advised method for dealing with subnets and DHCP? can address ranges dynamically scale into new subnets as needed?
10:47 < Mantaalex> julianoliver: you know the solution for me ? :)
10:48 < julianoliver> Mantaalex: seems to me you need to use ccd directives to statically assign IPs google "ccd static ip openvpn"
10:50 < Mantaalex> maybe stupid question
10:50 < Mantaalex> i see in most google things ips like 10.etc
10:50 < Mantaalex> my vps ip is 185.etc
10:50 < Mantaalex> 10. is used somethimes in local lans
10:50 < Mantaalex> i guess i don't need that
10:51 < Mantaalex> or does openvpn needs local ips anyway
10:51 < julianoliver> OpenVPN uses 10.9.8.* by default, internally.
10:51 < Mantaalex> oh ok
10:51 < Mantaalex> http://safesrv.net/simple-guide-to-assign-openvpn-users-static-ips/
10:51 < Mantaalex> this should be my solution julianoliver ? :)
10:53 < julianoliver> yep, as i said 'ccd'.
10:53 < julianoliver> (which is what that guide walks you through)
10:53 -!- shio [shio@220.188.103.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
10:54 -!- M4rc3l [~xxx@unaffiliated/m4rc3l] has joined #openvpn
10:55 < M4rc3l> Hi I just installed openvpn and it connects fine but the traffic is not routed out to the internet so i can only acess the server my vpn runs on by ip
10:55 < Mantaalex> ok :)
10:55 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
10:55 < M4rc3l> what are the rules to make it route out to the internet
10:56 < Mantaalex> i just don't understand what line in server.conf i need to add
10:56 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
10:56 < Mantaalex> server 185.83.218.118 255.255.255.0
10:57 < Mantaalex> i have now but doesn't work ;)
10:57 < Mantaalex> only if i put .0 or put local ip in
10:57 < Mantaalex> and use the ccd for the users
10:57 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
11:00 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
11:00 < M4rc3l> nevermind just fixed it thanks
11:01 -!- doop [~doop@colostomy.club] has quit [Excess Flood]
11:02 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 246 seconds]
11:12 -!- wkts [~wkts@159.203.5.131] has quit [Ping timeout: 260 seconds]
11:18 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
11:18 < Mantaalex> julianoliver: one more question ;)
11:18 < Mantaalex> i followed the manual and i got the correct ip on the client
11:19 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
11:19 < Mantaalex> but on the server self if i run ping i got 100% loss
11:19 < Mantaalex> if i do ping -I tun0 8.8.8.8
11:24 < julianoliver> tun0 is probably not facing the Internet.
11:25 < julianoliver> check if client can ping server and server client
11:31 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:42 < Mantaalex> the client can ping the server
11:43 < Mantaalex> and reverse on the normal ips
11:44 < Mantaalex> i keep getting problems with the local ip
11:44 < Mantaalex> thats all the client can connect to server etc
11:44 < Mantaalex> but the Warning: route gateway is not reachable on any active network adapters: 10.10.10.1
11:44 < Mantaalex> Sun Nov 29 18:34:34 2015 Route addition via IPAPI failed [adaptive]
11:44 < Mantaalex> that ip doesn't have internet
11:46 -!- Mantaalex [~alex@gsi.opelmanta.be] has quit [Quit: leaving]
11:52 -!- albru123 [~Albert@ip-89-176-183-241.net.upcbroadband.cz] has quit [Quit: Leaving]
12:00 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
12:17 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:42 -!- dannier [dannier@117.185.76.94] has quit [Read error: Connection reset by peer]
12:43 -!- jesopo [jess@lolnerd.net] has quit [Quit: et nos unum sumus]
12:54 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Quit: Namaste]
13:09 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
13:17 -!- doop [~doop@2602:ffea:a::6f2f:d8d8] has joined #openvpn
13:21 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
13:30 -!- wiz [~sid1@irc-gw.wiz.network] has quit [Remote host closed the connection]
13:38 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
13:56 -!- shio [shio@220.188.103.84.rev.sfr.net] has joined #openvpn
14:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 240 seconds]
14:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:05 -!- Gaffeltruck [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
14:06 -!- mcp [~mcp@wolk-project.de] has quit [Remote host closed the connection]
14:06 -!- Netsplit *.net <-> *.split quits: Gaffel
14:26 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
14:28 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 276 seconds]
14:31 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
14:34 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 264 seconds]
14:35 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 260 seconds]
14:40 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
14:42 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
14:44 -!- somis [~somis@70.38.6.189] has joined #openvpn
14:45 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
14:47 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Excess Flood]
14:48 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 264 seconds]
14:48 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 264 seconds]
14:48 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 264 seconds]
14:48 -!- Gaffeltruck [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Ping timeout: 264 seconds]
14:48 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
14:49 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 264 seconds]
14:50 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
14:52 -!- JackWinter [~jack@85.93.209.41] has joined #openvpn
14:56 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
15:05 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
15:06 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Excess Flood]
15:07 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
15:09 -!- Uranio [~Uranio@37.48.86.168] has joined #openvpn
15:11 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
15:18 -!- Netsplit *.net <-> *.split quits: @mattock, Matir, funnel, thumbs, zamba, infernix, dhcpfreely, c0ded, @plaisthos, DzAirmaX_,  (+8 more, use /NETSPLIT to show all of them)
15:18 -!- Netsplit over, joins: Matir
15:18 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
15:18 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
15:18 -!- Jeroen [~Jeroen@2001:41d0:1:9592::1] has joined #openvpn
15:18 -!- julianoliver [~julian@ip5b406daa.dynamic.kabel-deutschland.de] has quit [Ping timeout: 246 seconds]
15:18 -!- doop [~doop@colostomy.club] has joined #openvpn
15:20 -!- Netsplit over, joins: RBecker
15:20 -!- mode/#openvpn [+v RBecker] by ChanServ
15:20 -!- mode/#openvpn [+o plaisthos] by ChanServ
15:20 -!- Netsplit over, joins: plaisthos
15:23 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Read error: Connection reset by peer]
15:23 -!- Netsplit over, joins: zamba
15:25 -!- mnathani_ [~mnathani_@192.0.149.228] has joined #openvpn
15:26 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
15:26 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:27 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
15:28 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
15:28 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Quit: Leaving]
15:29 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:29 -!- mode/#openvpn [+o mattock] by ChanServ
15:31 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
15:33 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
15:34 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
15:36 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
15:39 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Ping timeout: 240 seconds]
15:41 -!- _FBi [B@Aircrack-NG/User] has quit [Ping timeout: 264 seconds]
15:41 -!- Uranio [~Uranio@37.48.86.168] has quit [Quit: Leaving]
15:42 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 264 seconds]
15:43 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
15:44 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
15:46 -!- erasmus [~erasmus@unaffiliated/erasmus] has joined #openvpn
15:46 -!- mnathani_ [~mnathani_@192.0.149.228] has quit [Ping timeout: 276 seconds]
15:48 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
15:49 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has quit [Quit: /quit]
15:50 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
15:52 -!- erasmus [~erasmus@unaffiliated/erasmus] has quit [Remote host closed the connection]
15:53 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
15:54 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 264 seconds]
15:54 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 264 seconds]
15:54 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
15:55 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
15:57 -!- doop [~doop@colostomy.club] has quit [Excess Flood]
15:57 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Excess Flood]
15:58 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
16:00 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
16:01 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
16:01 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
16:03 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
16:08 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Excess Flood]
16:09 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
16:09 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Client Quit]
16:10 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
16:10 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
--- Log closed Sun Nov 29 16:15:51 2015
--- Log opened Mon Nov 30 07:22:33 2015
07:22 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
07:22 -!- Irssi: #openvpn: Total of 189 nicks [5 ops, 0 halfops, 4 voices, 180 normal]
07:22 -!- mode/#openvpn [+o ecrist] by ChanServ
07:22 -!- Irssi: Join to #openvpn was synced in 2 secs
07:34 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
07:35 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
07:38 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
07:40 -!- toli [~toli@ip-83-134-71-67.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
07:45 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 240 seconds]
07:45 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 260 seconds]
07:47 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
07:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 261 seconds]
07:55 -!- toli [~toli@ip-83-134-71-67.dsl.scarlet.be] has joined #openvpn
07:56 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 245 seconds]
07:58 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
07:59 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Excess Flood]
08:00 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
08:01 -!- abra0 [~abra0@unaffiliated/abra0] has quit [Ping timeout: 258 seconds]
08:08 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
08:10 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 261 seconds]
08:31 < Thermi> tiago: Obviously OSPF/BGP.
08:31 < tiago> Thermi, it's not so obvious for someone who is not technical and is just getting into this stuff :/
08:31 < Thermi> Why are you doing that then? Hire someone who knows
08:32 < tiago> because I want to learn
08:32 < tiago> this is a home setup
08:32 < Thermi> Okay
08:32 < tiago> what a dick
08:32 -!- BtbN [btbn@unaffiliated/btbn] has quit [Excess Flood]
08:32 < tiago> I thought this was a community support channel
08:32 < Thermi> Most people asking for complex setups are actually working for businesses
08:32 < Thermi> This is a community channel, but a lot of people actually build stuff for businesses.
08:32 < tiago> I am really just trying to learn this stuff
08:33 -!- toli [~toli@ip-83-134-71-67.dsl.scarlet.be] has quit [Ping timeout: 247 seconds]
08:33 -!- toli [~toli@ip-83-134-71-67.dsl.scarlet.be] has joined #openvpn
08:33 < Thermi> Well, either put dynamic routing over it or set up the routes manually
08:34 < Thermi> both the routing table on the host, as well as openvpn need the routes
08:35 < tiago> I've been reading about using OSPF and quagga
08:36 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
08:43 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 260 seconds]
08:44 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 245 seconds]
08:44 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Ping timeout: 260 seconds]
08:45 -!- jerichowasahoax [~nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 260 seconds]
08:46 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 260 seconds]
08:46 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has quit [Ping timeout: 260 seconds]
08:46 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 260 seconds]
08:47 -!- NP-Completeass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
08:47 -!- d10n [~d10n@unaffiliated/d10n] has quit [Ping timeout: 260 seconds]
08:59 -!- Netsplit *.net <-> *.split quits: Exagone313
08:59 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
09:01 -!- toli [~toli@ip-83-134-71-67.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
09:05 -!- Netsplit over, joins: Exagone313
09:08 -!- toli [~toli@ip-83-134-71-67.dsl.scarlet.be] has joined #openvpn
09:11 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
09:15 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
09:17 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
09:20 -!- Netsplit *.net <-> *.split quits: Exagone313
09:21 -!- marus [Elite13751@gateway/shell/elitebnc/x-sazprxtewqcjobxj] has left #openvpn []
09:23 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Remote host closed the connection]
09:27 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
09:34 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 244 seconds]
09:34 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has quit [Excess Flood]
09:34 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
09:35 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
09:36 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
09:40 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
09:41 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
09:43 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
09:44 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
09:44 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has quit [Excess Flood]
09:45 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
09:47 -!- Netsplit over, joins: Exagone313
09:48 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
09:50 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
09:52 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
09:53 -!- mode/#openvpn [+v hazardous] by ChanServ
09:53 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
09:54 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
09:59 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
10:01 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
10:01 -!- toli [~toli@ip-83-134-71-67.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
10:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:10 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
10:11 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
10:12 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:13 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
10:17 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 260 seconds]
10:18 -!- albech [~Thunderbi@188-179-157-194-static.dk.customer.tdc.net] has quit [Quit: albech]
10:18 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
10:20 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
10:20 -!- baetheus [~brandon@null.pub] has joined #openvpn
10:20 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
10:20 -!- baetheus [~brandon@null.pub] has left #openvpn ["Where you go, there you are."]
10:29 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Quit: Horrible Error: Connection Reset by Fear]
10:30 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
10:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
10:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
10:42 -!- s7r [~s7r@openvpn/user/s7r] has quit [Max SendQ exceeded]
10:43 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
10:43 -!- mode/#openvpn [+v s7r] by ChanServ
10:45 -!- toli [~toli@ip-83-134-71-67.dsl.scarlet.be] has joined #openvpn
10:51 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
10:53 -!- tapout [~tapout@unaffiliated/tapout] has quit [Ping timeout: 250 seconds]
10:55 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
11:21 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
11:22 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:24 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
11:26 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 260 seconds]
11:27 -!- iNs [~ins@85.17.164.26] has joined #openvpn
11:28 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
11:28 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
11:29 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: leaving]
11:29 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has joined #openvpn
11:29 -!- Oatmeal [~Suzeanne@75-103-145-152.ccrtc.com] has quit [Max SendQ exceeded]
11:30 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:30 -!- gffa [~unknown@unaffiliated/gffa] has quit [Client Quit]
11:31 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:35 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 246 seconds]
11:46 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 260 seconds]
11:48 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has joined #openvpn
12:10 -!- DMA [~dma@190.146.128.106] has joined #openvpn
12:13 -!- willer [potato@gateway/shell/blinkenshell.org/x-tugmnamddfrraber] has joined #openvpn
12:21 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 240 seconds]
12:22 -!- clu5ter [~staff@unaffiliated/clu5ter] has quit [Ping timeout: 240 seconds]
12:23 -!- jafa [~jafa@2001:470:80ca:2000:cda0:281a:b015:4a1b] has quit [Ping timeout: 240 seconds]
12:24 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 250 seconds]
12:25 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 245 seconds]
12:26 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has quit [Quit: pipeworkin' it]
12:27 -!- chamunks [chamunks@entityreborn.com] has quit [Ping timeout: 260 seconds]
12:28 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 264 seconds]
12:28 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
12:28 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
12:29 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 264 seconds]
12:29 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
12:30 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
12:31 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 260 seconds]
12:31 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
12:36 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
12:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 250 seconds]
12:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:44 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
12:45 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
12:45 -!- d10n [~d10n@unaffiliated/d10n] has quit [Ping timeout: 245 seconds]
12:48 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
12:48 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
12:50 < willer> i just set up openvpn and i'm getting this "ERROR: Linux route add command failed: external program exited with error status: 2"
12:50 < willer> setup & logs here: http://paste.ee/p/oiedR
12:51 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
12:52 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
12:53 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Excess Flood]
12:54 < banco> willer: "RTNETLINK answers: File exists" tells you that this route already exist
12:55 < banco> willer: *.*.*.*    pfSense.localdo 255.255.255.255 UGH   0      0        0 wlp3s0
12:56 -!- _cmd_ [~cmd@ec2-54-201-126-146.us-west-2.compute.amazonaws.com] has quit [Quit: WeeChat 0.4.2]
12:56 -!- julianoliver [~julian@202.66.238.89.in-addr.arpa.manitu.net] has joined #openvpn
12:56 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
12:58 < willer> ok so what should i do?
12:59 < julianoliver> how would i host, say, 500 simultaneous IPv4 clients on a single machine? i don't want to run multiple instances on different ports. Rather I'd like to have them assigned IPs dynamically without having to worry about subnet range limitations.
12:59 < banco> willer: is pfSense.localdo == 192.168.2.1?
13:00 < willer> banco: yes
13:00 < julianoliver> s/multiple\ instances/multiple\ server\ instances/
13:00 < banco> willer: then you can disregard this error
13:01 < willer> banco: i'm asking because it doesn't work
13:01 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Ping timeout: 260 seconds]
13:02 < banco> willer: then search for the cause of the problem in other places: firewall or something else
13:03 < willer> ok, thank you
13:04 -!- doop [~doop@colostomy.club] has joined #openvpn
13:05 < banco> julianoliver: don't really get, what you want to do. You want to run 500 clients on the single machine? Or 500 clients will be connecting to the single server machine?
13:06 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
13:08 < willer> banco: no entries in pfsense fw logs where source ip is the client machine
13:09 -!- uiyice_ is now known as uiyice
13:10 < willer> and nothing with destination address of server ip
13:10 < willer> that pfsense box is pretty much at default settings. there's a transparent proxy though
13:11 < julianoliver> banco: i'd like ~500 clients to connect to a single server machine
13:12 < banco> willer: can the client ping (or better - telnet to open port if ping is blocked) the server vpn address and vice versa?
13:13 -!- shiriru [~shiriru@84.238.181.198] has joined #openvpn
13:14 < banco> julianoliver: there's pretty much no problem with it? It can distribute the ip's to the clients from the pool. Just choose the fitting subnet size.
13:16 < willer> banco: i can ping  10.8.0.1 from the client
13:17 < banco> willer: what about server pinging the client?
13:18 < willer> banco: that works too
13:18 < banco> willer: then what is not working?
13:18 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 245 seconds]
13:18 < willer> web browsing
13:18 < banco> willer: can you ping 8.8.8.8 from the client?
13:19 < banco> willer: with vpn connected
13:19 < willer> banco: nope
13:19 < banco> willer: what about ping 173.194.112.130?
13:20 < willer> no
13:20 -!- obscurehero [~obscurehe@via.arcis.pw] has quit [Ping timeout: 260 seconds]
13:21 < banco> willer: what's your firewall config on server?
13:21 < julianoliver> banco: ok, thanks. I'll give /23 a go.
13:22 < willer> banco: there's no fw installed, just arch linux and openssh/openvpn
13:22 -!- valdikss [~valdikss@95.215.45.33] has quit [Ping timeout: 245 seconds]
13:23 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
13:23 < banco> willer: there should be iptables by default, check it rules and policy
13:23 -!- shiriru [~shiriru@84.238.181.198] has quit [Quit: Leaving]
13:25 < willer> banco:  iptables -nvL tells me there are no rules
13:25 -!- ShadniX [dagger@p5DDFD27D.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
13:25 -!- valdikss [~valdikss@95.215.45.33] has joined #openvpn
13:26 -!- ShadniX [dagger@p5DDFD27D.dip0.t-ipconnect.de] has joined #openvpn
13:26 < banco> willer: ah, forgot about POSTROUTING, you need to add rule: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ISP_IF -j MASQUERADE
13:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:32 < willer> banco: do i now need to enable the service too?
13:32 < banco> willer: which server? iptables should be running by default.
13:33 < banco> willer: just add this rule on server
13:33 < willer> i did but it still doesn't work
13:33 < willer> iptables is installed by default but looks like it's not enabled
13:34 < willer> sorry i'm very new to this and especially iptables
13:34 < banco> willer: did you specified the right interface in the rule? It shoud be your isp interface
13:36 < willer> oh god, no. just pasted it in there :)
13:37 < willer> "-o ens3" then? that's what ifconfig tells me
13:38 < willer> ooh it works, fantastic
13:39 < willer> thank you so much.
13:39 < banco> willer: good, don't forget to save the iptables rules
13:52 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
13:53 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:57 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
13:59 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
14:11 -!- mystica555_ [~mystica55@184-96-152-170.hlrn.qwest.net] has quit [Ping timeout: 246 seconds]
14:23 -!- sarlalian [~sarlalian@107.170.239.102] has quit [Quit: WeeChat 0.4.2]
14:24 -!- allizom [~Thunderbi@87.18.161.191] has joined #openvpn
14:27 -!- allizom [~Thunderbi@87.18.161.191] has quit [Client Quit]
14:28 -!- sarlalian [~sarlalian@107.170.239.102] has joined #openvpn
14:32 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 260 seconds]
14:34 -!- iNs [~ins@85.17.164.26] has joined #openvpn
14:37 -!- julianoliver [~julian@202.66.238.89.in-addr.arpa.manitu.net] has quit [Quit: leaving]
14:49 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
14:53 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 260 seconds]
14:53 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
15:08 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
15:21 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has quit [Ping timeout: 245 seconds]
15:50 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
15:52 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has quit [Ping timeout: 260 seconds]
15:54 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
15:56 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 260 seconds]
15:58 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
15:58 -!- mode/#openvpn [+v hazardous] by ChanServ
16:10 < Sambom> Hello, I have two Windows machines on two diferent locations. One configured as Server, and one as client (plan to add some more clients whern it works). I can connect from lient to server in the OpenVPN GUI. But I cannot ping any of the remote sites (10.8.x.x) adresses from either server/client. My goal is to be able to access a share located on the Server (on the Server machine, not the server-network). I appreciate your
16:10 < Sambom> advices! Thanks alot!
16:10 < Sambom> This is my configs: http://pastebin.com/MnXDaQn1
16:13 < DArqueBishop> Sambon: you're not pushing a route to any other subnet in your server config.
16:13 < DArqueBishop> !routing
16:14 < Sambom> !routing
16:14 < DArqueBishop> Oops.
16:14 < DArqueBishop> !route
16:14 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
16:14 <@vpnHelper> client
16:15 < DArqueBishop> Also, you may want to check and make sure you have IP forwarding enabled.
16:15 < DArqueBishop> !winipforward
16:15 <@vpnHelper> "winipforward" is (#1) http://support.microsoft.com/kb/315236 to enable ip forwarding on windows or (#2) reboot after enabling it
16:17 < Sambom> Aha, I can see why I cannot access lan-devices. But shouldn't I be able to ping Server IP from the client? The 10.8... address...
16:18 < Sambom> Routing = If I want to connect from Client to Server and access other LAN-devices? Right?...
16:19 < Sambom> In this case I want to use resources on the Server.
16:19 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
16:19 < DArqueBishop> !logs
16:19 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
16:20 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:23 < Sambom> DArqueBishop: Thanks for the guidance... I must read the resources, and then I will bring the questions..! Now I must get some sleep! Thanks for now!
16:33 -!- Gwoplock [~quassel@104.56.172.189] has joined #openvpn
16:38 -!- unholycrab [~unholycra@unaffiliated/computer] has joined #openvpn
16:38 < unholycrab> how do i download/generate a client.openvpn configuration file, so that i can connect with a 3rd party vpn client?
16:39 < unholycrab> im guessing theres a client certificate embedded somewhere that i need to use
16:47 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has quit [Read error: Connection reset by peer]
16:48 < unholycrab> either that, or i am thoroughly confused
16:49 < unholycrab> using tunnelblick i get an authentication failure
16:49 < unholycrab> the documentation for connecting with the linux client says to use the client.openvpn file, but doesn't show how to obtain the file https://openvpn.net/index.php/access-server/docs/admin-guides/182-how-to-connect-to-access-server-with-linux-clients.html
16:49 <@vpnHelper> Title: How to connect to Access Server from a Linux computer (at openvpn.net)
16:52 < unholycrab> im using AS right now. under Customize Client Web Server UI, i have the boxes "Offer user-locked profile", and "Offer autologic profile" checked
16:53 < unholycrab> but when i visit the web server, i only see "OpenVPN Connect for Mac OS X", etc... which downloads a .dmg package
16:53 < unholycrab> the "OpenVPN for Linux" link just redirects me to the documentation...
16:53 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
16:56 < Eugene> !as
16:56 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
16:58 -!- allizom [~Thunderbi@87.18.161.191] has joined #openvpn
17:00 < unholycrab> piss
17:00 < unholycrab> can i generate it without AS?
17:00 < unholycrab> i dont care that im using AS on top of openvpn
17:00 < Eugene> Sure, .ovpn and .openvpn are just a different name for a .conf file
17:00 < Eugene> See the HOWTO for a minimal .conf
17:00 < Eugene> But we won't help you much with it, beause AS ;-)
17:01 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
17:01 < unholycrab> god
17:01 < unholycrab> is there a client certificate in there? can i generate or download a client certificate
17:02 < Eugene> I have no idea what AS uses for certs
17:02 < unholycrab> oh ok
17:02 < unholycrab> well thanks Eugene
17:02 < unholycrab> i figured it might be the same
17:02 < Eugene> God no, if it were simple, you wouldn't be paying for it
17:06 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
17:07 < unholycrab> yea i see
17:10 -!- Ryan_Lane [sid126379@wikimedia/Ryan-lane] has joined #openvpn
17:11 < Ryan_Lane> hi there. If I want to push dhcp options from a client-connect script, would I use: push dhcp-option or just dhcp-option ?
17:11 < Ryan_Lane> can't really find any docs for that
17:13 < Eugene> I want to say push? Try it, see what blows up
17:13 < Ryan_Lane> :D
17:13 < Ryan_Lane> was hoping to not try it and see if it blows up, but I'll give it a try. I guess I have a dev environment for this reason.
17:14 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:21 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
17:30 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:32 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:38 -!- batrick [batrick@nmap/developer/batrick] has quit [Quit: WeeChat 1.3]
17:39 -!- mystica555 [~mystica55@mf22636d0.tmodns.net] has joined #openvpn
17:40 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
17:47 < Ryan_Lane> for those reading this after the fact, it's push
18:00 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
18:05 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
18:06 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Client Quit]
18:10 -!- mystica555 [~mystica55@mf22636d0.tmodns.net] has quit [Read error: Connection reset by peer]
18:11 -!- mystica555 [~mystica55@mf22636d0.tmodns.net] has joined #openvpn
18:45 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Quit: i don’t know why i think pressing ctrl-c harder will help.]
18:46 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
19:03 -!- allizom [~Thunderbi@87.18.161.191] has quit [Quit: allizom]
19:03 -!- mystica555 [~mystica55@mf22636d0.tmodns.net] has quit [Read error: Connection reset by peer]
19:05 -!- mystica555 [~mystica55@172.56.9.61] has joined #openvpn
19:17 -!- alec-b [~alec@132.42.103.87.rev.vodafone.pt] has joined #openvpn
19:47 -!- mystica555 [~mystica55@172.56.9.61] has quit [Ping timeout: 245 seconds]
19:55 -!- mystica555 [~mystica55@172.56.8.57] has joined #openvpn
20:21 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 240 seconds]
20:21 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
20:26 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has quit [Ping timeout: 264 seconds]
20:27 -!- Ryan_Lane [sid126379@wikimedia/Ryan-lane] has left #openvpn []
22:14 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:28 -!- mystica555 [~mystica55@172.56.8.57] has quit [Ping timeout: 260 seconds]
22:33 -!- mystica555 [~mystica55@172.56.8.57] has joined #openvpn
22:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 250 seconds]
22:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:51 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
22:55 -!- mystica555 [~mystica55@172.56.8.57] has quit [Ping timeout: 250 seconds]
22:59 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
23:03 -!- mystica555 [~mystica55@172.56.8.38] has joined #openvpn
23:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 250 seconds]
23:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:38 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
23:39 < ybgd> Does anyone have any idea why people cannot *initiate p2p connections* with me?  I can initiate connections with others no problem
23:40 < ybgd> I am connected to openvpn server (as a client) on a virtual machine
23:41 < ybgd> cloud vps.. ive tried a few different providers, same problem.. can connect to vpn no problem, internet connection is fine, but people cant initiate p2p connections with me (through an in-browser multiplayer flash game)
23:42 < ybgd> I can join other game rooms no problem, but if others try to join my room - they cannot establish connection
23:44 -!- ShadniX [dagger@p5DDFD27D.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:46 -!- ShadniX [dagger@p57941379.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Tue Dec 01 2015
00:05 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
00:57 -!- sgronblo [~samu@108.166.105.112] has joined #openvpn
01:03 < sgronblo> Hello, I am trying to figure out why I cant access a server through a dd-wrt router running openvpn. When checking with nc THE_HOST 80; GET / HTTP/1.0; End I get a response from the web server so I know that the openVPN connection is working properly from there. However when I wget the same THE_HOST from a laptop connected to the dd-wrt router it just hangs.
02:07 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:32 -!- ShadniX [dagger@p57941379.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
02:35 -!- ShadniX [dagger@p57941379.dip0.t-ipconnect.de] has joined #openvpn
02:51 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
02:58 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Quit: Quit.]
02:59 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
03:12 -!- cjd [~user@2c0f:f930:2:1::] has joined #openvpn
03:12 -!- cjd [~user@2c0f:f930:2:1::] has left #openvpn []
03:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
03:41 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
03:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
03:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
03:52 -!- mode/#openvpn [+o mattock1] by ChanServ
03:53 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 260 seconds]
04:04 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:20 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 245 seconds]
04:21 -!- speeddra_ [~speeddrag@193.137.28.200] has joined #openvpn
04:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:24 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 245 seconds]
04:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
04:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 250 seconds]
04:40 -!- blu_ [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:41 -!- Vamp898 [511b7bb0@gateway/web/cgi-irc/kiwiirc.com/ip.81.27.123.176] has joined #openvpn
04:43 < Vamp898> Hi there, small question. I have an OpenVPN Server (http://pastebin.com/mW3NiGe6) and 4 Clients. The Clients can reach everything inside the OpenVPN Network, but the OpenVPN Server cant reach anything behind the clients. Do i need multiple servers connected together to get this working? Routes are there, ping is sent using the correct interface (tu
04:43 < Vamp898> n0) but never reaches the client (according to tcpdump)
04:43 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 264 seconds]
04:44 < banco> !route
04:44 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
04:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:48 < Vamp898> banco: If this was meant to me, im not sure what im missing. I'd say the routes are there (ip route shows them) and according to tcpdump the ping package is sent to the correct direction using the correct interface. SNAT is also applied. So tcpdump on the VPN Server shows that the ping is using the correct route to the correct desitination, it just
04:48 < Vamp898>  never reaches it.
04:52 < Vamp898> The weird thing is, the ping just stucks. It doesnt get any reply at all. No "Host not reachable" or something like that. He sends out the pings and just never gets any reply from nowhere.
04:54 < banco> Vamp898: where is ccd with iroute? make everything like in https://community.openvpn.net/openvpn/wiki/RoutedLans
04:54 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
04:55 < banco> Vamp898: also, check the firewalls
04:56 < banco> Vamp898: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
04:56 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
05:02 < Vamp898> banco: Ah dammit, i somehow kicked the client-config-dir ccd out of my openvpn.conf. To be sure, it is correct that i have to set the iroute in the ccd/intf0003 _and_ the route in the openvpn.conf, right?
05:04 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
05:05 < Vamp898> weird, i re-added the client-config-dir ccd (i even renamed it ccd, it was called different before), checked if ccd/intf0003 contains the iroute statement and so on, but still, identical behaviour. As this is an testing Network, all netfilter tables are flushed (except an SNAT rule for traffic coming from the 10.x.x.x network going to the 192.x.x.x
05:05 < Vamp898>  network
05:11 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 244 seconds]
05:11 < Vamp898> This is my Firewall setup http://pastebin.com/qBTqSbjQ I dont suspect the routing cause if the routing would be wrong, the package would go to an wrong place and i should get an reply that i sent it to the wrong place. Just getting no response doesnt sound like an routing problem to me
05:14 < Vamp898> Here is the output of tracepath and tcpdump: http://pastebin.com/vuHSYgU7
05:18 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 245 seconds]
05:21 < Vamp898> In the OpenVPN log i an see that the ping packages arrives at the destination, but i cant see anything of that in TCPDUMP
05:22 < banco> Vamp898: "i have to set the iroute in the ccd/intf0003 _and_ the route in the openvpn.conf, right?" - yes
05:22 < banco> Vamp898: change this "-A POSTROUTING -s 10.9.0.0/24 -j MASQUERADE" to "-A POSTROUTING -s 10.9.0.0/24 -o YOUR_LAN_IF -j MASQUERADE"
05:23 < banco> Vamp898: also, is the firewall setup from here http://pastebin.com/qBTqSbjQ is the same for server and client?
05:23 < Vamp898> it is, yes
05:24 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
05:24 < Vamp898> i adjusted the SNAT settings, but so far the behaviour didnt changed. The Clients can ping the Server using its local lan address, the server just cant reaches the clients.
05:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:25 < Vamp898> With clients i mean the OpenVPN Clients, not the clients behind the OpenVPN in the LAN
05:28 < Vamp898> Server [10.9.0.1 :: 192.168.173.9] :: Client [10.9.0.10 :: 192.168.174.53] :: ping 10.9.0.1 --> 10.9.0.10: Works :: ping 10.9.0.10 --> 10.9.0.1: Works. ping 10.9.0.10 --> 192.168.173.9: Works. ping 10.9.0.1 --> 192.168.174.53: Does not work
05:30 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
05:30 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
05:31 < Vamp898> But i noticed something different strange (may be related to this problem). According to ipp.conf, intf0003 should get 10.9.0.8, but it gets 10.9.0.10. But OpenVPN reads the ipp.conf correctly: http://pastebin.com/QwM6saQg
05:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
05:34 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 260 seconds]
05:34 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
05:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:37 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 260 seconds]
05:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
05:43 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 250 seconds]
05:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:50 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
05:51 < Vamp898> dammit finally got it. OpenVPN was running as user/group nobody and even with 777 on the Directory (recursive), he was not able to read the ccd/* files
05:54 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
05:57 < Vamp898> But it works now, thanks for the help
06:02 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
06:04 -!- Vamp898 [511b7bb0@gateway/web/cgi-irc/kiwiirc.com/ip.81.27.123.176] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
06:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:04 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
06:11 -!- zimboboy- [~zimboboyd@213.183.76.156] has quit [Excess Flood]
06:12 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
06:22 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
06:22 -!- mode/#openvpn [+o mattock1] by ChanServ
06:24 -!- rooth [~rooth@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
06:26 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:41 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Ping timeout: 245 seconds]
06:48 -!- AlmogBaku [~AlmogBaku@31.154.9.254] has joined #openvpn
06:48 -!- AlmogBaku [~AlmogBaku@31.154.9.254] has quit [Client Quit]
06:49 -!- AlmogBaku [~AlmogBaku@31.154.9.254] has joined #openvpn
06:52 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:53 -!- AlmogBaku [~AlmogBaku@31.154.9.254] has quit [Client Quit]
06:54 -!- lumidee [~esing@unaffiliated/esing] has joined #openvpn
06:55 < lumidee> hi, i don't want all traffic to go via my openvpn, but only firefox. chromium instead should use the direct internet connection without tunnel. is that possible?
06:55 < lumidee> maybe i shouldn't use openvpn then, and instead ssh tunneling?
06:57 < banco> lumidee: google the iptables owner module
06:58 < banco> lumidee: or just install proxy server on vpn
06:59 -!- AlmogBaku [~AlmogBaku@31.154.9.254] has joined #openvpn
07:00 < lumidee>  banco with the owner module i can then run e.g. chromium with a different user and now iptables will redirect packages with the chromium user directly and not via vpn?
07:01 < lumidee> banco, do you mean i should install openvpn and a proxy server on my server and then configure firefox with the openvpn data?
07:03 < banco> lumidee: with iptables and owner module you can tunnel all packets from specific application (e.g. Firefox) through selected interface
07:03 < lumidee> that sounds good. i think go with that solution
07:03 < lumidee> thanks!
07:03 < banco> linear: yeah, you can just install any proxy server on vpn server and in Firefox proxy settings select vpn server address in vpn network
07:05 -!- PhoenixS [~seedbox@ns3096936.ip-91-121-194.eu] has joined #openvpn
07:05 < PhoenixS> Hello
07:06 < PhoenixS> sb can tell which proxy provider is worth to buy ?
07:17 -!- AlmogBaku [~AlmogBaku@31.154.9.254] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:19 -!- AlmogBaku [~AlmogBaku@31.154.9.254] has joined #openvpn
07:19 -!- AlmogBaku [~AlmogBaku@31.154.9.254] has quit [Client Quit]
07:42 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 260 seconds]
08:21 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 245 seconds]
08:22 -!- ello_govna [~ello_govn@98.231.186.89] has joined #openvpn
08:26 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
08:42 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Read error: Connection reset by peer]
08:43 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
08:45 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
09:04 -!- speeddra_ [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:09 -!- shiriru [~shiriru@84.238.181.198] has joined #openvpn
09:11 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
09:14 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:17 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
09:18 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 250 seconds]
09:26 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
09:35 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:35 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
09:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
09:56 -!- shiriru [~shiriru@84.238.181.198] has quit [Quit: Leaving]
10:04 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:06 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
10:08 -!- blu_ [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
10:16 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:17 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:43 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
11:02 -!- AlmogBaku [~AlmogBaku@37.26.149.218] has joined #openvpn
11:08 -!- AlmogBaku [~AlmogBaku@37.26.149.218] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:12 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Quit: Leaving]
11:17 -!- AlmogBaku [~AlmogBaku@37.26.149.218] has joined #openvpn
11:19 -!- AlmogBaku [~AlmogBaku@37.26.149.218] has quit [Client Quit]
11:21 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:25 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 250 seconds]
11:26 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:31 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
11:35 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
11:38 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
12:26 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 264 seconds]
12:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:32 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Client Quit]
12:34 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:35 -!- rax- [~rax-@bnc.localh0st.co.uk] has quit [Ping timeout: 260 seconds]
12:37 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Client Quit]
12:38 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
12:38 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:39 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
12:42 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
12:45 < Dr-007> good evening, my goal is to read an openvpn logfile via PHP. i thought i'd just add "cat <logfile dir>" into the /etc/sudoers file and then i could cat the logfile via PHP. only, this is not working. can i create a script or is there a configuration setting that chowns a logfile to a particular user and group? and perhabs chmod aswell, if needed.
12:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 245 seconds]
12:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:53 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 250 seconds]
12:53 -!- Champi [Champi@damn.e-leet.be] has joined #openvpn
12:54 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 250 seconds]
12:56 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
13:01 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
13:21 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
13:22 < jerichowasahoax> My OpenVPN server is on Windows 10. I open the OpenVPN GUI, double click the tray icon to start the service, absolutely *nothing* happens for about 10 seconds, and then "Connecting to server has failed." What gives?
13:22 < banco> jerichowasahoax: run as administrator
13:23 < jerichowasahoax> banco: Makes no difference
13:23 < banco> jerichowasahoax: enable logging in config and see the log
13:26 < jerichowasahoax> banco: What's the default log directory under Windows?
13:26 < banco> jerichowasahoax: in the config dir
13:26 < jerichowasahoax> banco: Then my log isn't being generated.
13:27 < jerichowasahoax> I uncommented the sample "log openvpn.log" line, and openvpn.log still does not exist, even though I exited and relaunched the GUI between config saves
13:28 < banco> jerichowasahoax: try to run openvpn from console
13:29 < jerichowasahoax> banco: openvpn.exe my_config.file ?
13:30 < banco> jerichowasahoax: openvpn --config "C:\Program Files\OpenVPN\config\server.ovpn"
13:31 < jerichowasahoax> banco: Just found that after dealing with Windows' sorry excuse for a commandline window
13:31 < jerichowasahoax> apparently i had a dim moment and forgot to escape my backslashes
13:37 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:45 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 264 seconds]
14:05 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:12 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
14:16 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Client Quit]
14:26 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
14:43 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:48 -!- mystica555 [~mystica55@172.56.8.38] has quit [Ping timeout: 250 seconds]
14:49 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
14:55 -!- mystica555 [~mystica55@172.56.8.38] has joined #openvpn
15:10 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
15:25 -!- brutser [brutser@109.129.82.196] has joined #openvpn
15:27 < brutser> hi guys, i try to get openvpn work on centos with selinux enabled by default - i use pritunl as i was advised to use this to make the creation of certs somewhat easier and have a panel to work from - but with selinux enabled i get a socket bind error - so decided to set selinux to permissive mode and all works fine now
15:27 < brutser> centos7
15:28 < brutser> what to do to make it work in enforcing mode?
15:56 -!- toli [~toli@ip-83-134-71-67.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
15:57 -!- mystica555 [~mystica55@172.56.8.38] has quit [Ping timeout: 250 seconds]
16:01 -!- toli [~toli@ip-62-235-241-54.dsl.scarlet.be] has joined #openvpn
16:03 -!- mystica555 [~mystica55@172.56.8.38] has joined #openvpn
16:12 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
16:28 < FlipBill> brutser, I don't use selinux, but doesn't permissive mode (IIRC) provide a log of what permissions would be denied if in enforcing mode as the program runs?  Would that be the place to start to determine what permissions need to be given to run in enforcing mode?  Or would that be another mode I'm thinking of?
16:30 < brutser> FlipBill: must look into that, not familiar with selinux at all, i actually dont know what is the big worry if i leave mode in permissive, the box is not that critical and without selinux on it, it is still decent secured i think
16:34 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:37 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
16:42 < tomodachi> im curious about the traffic that openvpn sends itself  with its tun to tun link
16:43 < tomodachi> tcpdumping on my wan interface i see that i get a re occuring udp package of lenght 53, whats included in it?
16:43 < tomodachi> key renegotation?
16:43 < tomodachi> seems to come every 5 or 6 seconds , anyone that could point me in the right direction?
16:50 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
16:50 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 276 seconds]
16:52 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
16:54 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:55 < saik0> tomodachi: keepalive heartbeats?
16:55 < saik0> --keepalive n m
16:57 < tomodachi> saik0:  well , the keepalive is set to 10  120
16:57 < tomodachi> so 10 pings every 120 seconds?
16:59 < tomodachi> i mean ping every 10 seconds
17:02 < saik0> tomodachi: IIRC default is 10 120
17:02 < saik0> er, misread
17:02 < saik0> the manual is more reliable than my memory ;)
17:04 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:05 < tomodachi> yeah every 10 seconds,  and if no response within a 120second time limit then openvpn deletes the connection
17:05 < tomodachi> but since this was more often than that I believed it could be something else going in the link itself
17:05 < tomodachi> saik0:
17:12 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:12 < tomodachi> ah the keepalive seems to be both from client and server
17:12 < tomodachi> so if its ten and they dont send their packets at the same time
17:13 < tomodachi> i can get a packet ever 5 seconds or so  including both directions
17:15 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:16 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:24 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has joined #openvpn
17:44 -!- mystica555 [~mystica55@172.56.8.38] has quit [Ping timeout: 250 seconds]
17:56 < brutser> what is the advantage of ping interval and ping timeout and when should one use them?
18:30 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 260 seconds]
18:30 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
18:31 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 244 seconds]
18:33 < linuxthefish> hi, is it possible to have a VPN connection going out over one internet connection on tun0, and another VPN connection going out over another IP then bonding the 2 tun interfaces together for redundancy and faster speed?
18:39 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 260 seconds]
18:42 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
18:42 -!- mode/#openvpn [+v hazardous] by ChanServ
18:53 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
19:04 < linuxthefish> argh i get "Incoming packet rejected from" as openvpn is using wrong gateway
19:08 -!- brutser [brutser@109.129.82.196] has quit []
19:24 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:33 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
20:04 -!- mystica555 [~mystica55@172.56.8.63] has joined #openvpn
20:13 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
20:16 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Remote host closed the connection]
20:19 -!- mystica555 [~mystica55@172.56.8.63] has quit [Ping timeout: 250 seconds]
20:35 -!- mystica555 [~mystica55@172.56.8.63] has joined #openvpn
20:55 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
20:59 < eelstrebor> i've been trying to figure out IP and DNS leaks - i don't understand how you can hide these - if i'm using my openvpn server the endpoint is still gonna know where the packets are coming from so someone will always see my public IP - it doesn't seem to matter that i'm using dns servers other than my isp's dns because you still have to do dns queries and someone will see that also
21:01 < eelstrebor> i just don't get it - how can you truly anonimize your web surfing with openvpn? you would have to somehow provide phony info?
21:07 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
21:24 -!- wiz [~sid1@irc-gw.wiz.network] has joined #openvpn
21:32 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Quit: Ex-Chat]
21:41 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Disconnected by services]
21:44 -!- mystica555_ [~mystica55@172.56.9.101] has joined #openvpn
21:46 -!- mystica555 [~mystica55@172.56.8.63] has quit [Ping timeout: 245 seconds]
21:48 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
21:54 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
21:59 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
22:05 -!- skyroveRR_ [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
22:08 -!- skyroveRR_ is now known as skyroveRR
22:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 250 seconds]
22:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:20 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
22:25 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
22:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 250 seconds]
22:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
22:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
22:48 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:22 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:44 -!- ShadniX [dagger@p57941379.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:46 -!- ShadniX [dagger@p5481DE67.dip0.t-ipconnect.de] has joined #openvpn
23:50 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
23:52 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:52 -!- mode/#openvpn [+o mattock1] by ChanServ
23:59 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 264 seconds]
--- Day changed Wed Dec 02 2015
00:13 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 250 seconds]
00:27 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:36 -!- mystica555_ [~mystica55@172.56.9.101] has quit [Ping timeout: 260 seconds]
00:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:01 -!- casdr [sid130744@gateway/web/irccloud.com/x-nalwelivyfydzjpz] has joined #openvpn
01:08 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
01:18 -!- mystica555 [~mystica55@172.56.9.101] has joined #openvpn
01:27 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
01:27 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
01:39 -!- mystica555_ [~mystica55@172.56.12.96] has joined #openvpn
01:40 -!- mystica555 [~mystica55@172.56.9.101] has quit [Ping timeout: 245 seconds]
01:49 -!- themayor [~themayor@unaffiliated/themayor] has quit [Quit: ZNC - http://znc.in]
02:25 -!- Fusl [Fusl@unaffiliated/fusl] has quit [Quit: Contact: http://meo.ws/]
02:26 -!- r4inmak3r [~n0b0dyh3r@93.186.251.170] has joined #openvpn
02:27 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit []
02:27 -!- r4inmak3r [~n0b0dyh3r@93.186.251.170] has quit [Remote host closed the connection]
02:28 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
02:29 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
02:38 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:48 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
02:53 -!- deed02392 [~deed02392@unaffiliated/deed02392] has quit [Ping timeout: 246 seconds]
03:14 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:19 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:25 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
03:25 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
03:36 -!- Willis [Willis@107.161.160.241] has joined #openvpn
03:46 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 245 seconds]
03:47 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
03:55 -!- juriadobalzac [~cpe@www.badcode.net] has joined #openvpn
03:55 < juriadobalzac> Hey all! So I'm running a machine with OpenVPN and experience quite a lot of packet loss during high loads. Is this common? Googling a bit and trying to figure out if the problem is the machine running openvpn or openvpn itself.
03:56 < juriadobalzac> Or something completely different
04:06 -!- Lonie [~Lonie@109.73.19.2] has joined #openvpn
04:13 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:35 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Quit: Byebye]
04:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 245 seconds]
04:43 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
04:45 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
04:56 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Ping timeout: 246 seconds]
04:58 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
05:02 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
05:05 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
05:08 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:32 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:38 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
05:40 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Quit: ZNC - http://znc.in]
05:46 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:47 -!- allizom [~Thunderbi@87.18.161.191] has joined #openvpn
06:01 -!- Lonie [~Lonie@109.73.19.2] has quit [Ping timeout: 250 seconds]
06:03 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
06:21 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:23 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
06:24 -!- alec-b [~alec@132.42.103.87.rev.vodafone.pt] has quit [Ping timeout: 260 seconds]
06:24 -!- alec-b [~alec@120.227.28.37.rev.vodafone.pt] has joined #openvpn
06:34 -!- allizom [~Thunderbi@87.18.161.191] has quit [Quit: allizom]
06:36 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:37 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:48 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Read error: Connection reset by peer]
06:49 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
07:00 -!- alec-b [~alec@120.227.28.37.rev.vodafone.pt] has quit [Ping timeout: 245 seconds]
07:09 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:11 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-ywykubsxkhiladlj] has quit [Quit: Connection closed for inactivity]
07:15 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 245 seconds]
07:15 -!- alec-b [~alec@237.24.158.5.rev.vodafone.pt] has joined #openvpn
07:29 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
07:37 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:38 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
07:38 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
07:40 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
07:40 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:41 -!- james41382_ [~james4138@unaffiliated/james41382] has quit [Ping timeout: 250 seconds]
07:51 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:52 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
07:54 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 245 seconds]
07:56 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
08:00 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
08:03 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 260 seconds]
08:10 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has joined #openvpn
08:10 < v0lZy> hi
08:11 < v0lZy> I'm having issues with openvpn runinng as client on Windows Server 2012
08:11 < v0lZy> The issue is that sometimes, the routes seem to be added with the wrong interface
08:12 < v0lZy> (for example, if i do 'route print' I see that the routes im pushing are applied to the LAN adapter rather than the tuntap adapter)
08:13 < v0lZy> Is this a known problem with OpenVPN and Windows Server 2012 combo?
08:28 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
08:43 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
08:48 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
08:51 -!- Jenkens [~Jenkens@unaffiliated/jenkens] has joined #openvpn
08:52 < Jenkens> hello folks. i'm trying to use confdba to reset google 2FA for an account, but it seems that if I do that via sudo the setting doesn't stick?
09:00 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:15 -!- yoavz [yoavz@yoavz.net] has quit [Ping timeout: 245 seconds]
09:17 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:17 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
09:27 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:28 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:28 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:30 <@ecrist> v0lZy: this is the first I've heard mention of this problem.
09:30 <@ecrist> Jenkens: how is this openvpn related?
09:36 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:42 -!- Netsplit *.net <-> *.split quits: sillysausage, casdr, +hazardous, v0lZy, Left_Turn, SupaYoshi, lumidee, jeev, varesa, Brando753,  (+65 more, use /NETSPLIT to show all of them)
09:43 -!- Netsplit *.net <-> *.split quits: Denial, tychotithonus, @mattock, funnel, MrPockets, wazaptr, ghoti, julieeharshaw, abra0, eliasp_,  (+15 more, use /NETSPLIT to show all of them)
09:44 -!- Netsplit *.net <-> *.split quits: lxusrbin, vtwo, uiyice, @mattock1, leo2007, BtbN, mgorbach, metaf5, isReKT2000, lbft,  (+20 more, use /NETSPLIT to show all of them)
09:44 -!- Netsplit *.net <-> *.split quits: Matir, CGML, pythonsnake, Gizmokid2005, thumbs, Poster, mcp, drwx, Neal_, zpatten,  (+17 more, use /NETSPLIT to show all of them)
09:45 -!- Netsplit *.net <-> *.split quits: iokill_, varesa_, xeon-enouf, tomodachi, Schrottfresse, u0m3_
09:45 -!- Netsplit *.net <-> *.split quits: FruitieX, n-st, Darkwell, SoreGums, Kniaz, Jeroen, jefferai, c0ded, ender|, @plaisthos,  (+14 more, use /NETSPLIT to show all of them)
09:45 -!- Tenhi_ [~tenhi@static.100.25.4.46.clients.your-server.de] has quit [Max SendQ exceeded]
09:45 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Write error: Broken pipe]
09:49 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:35 -!- Fusl [Fusl@unaffiliated/fusl] has joined #openvpn
10:35 -!- mystica555_ [~mystica55@172.56.12.96] has joined #openvpn
10:35 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:35 -!- drwx [~drwx@unaffiliated/drwx] has joined #openvpn
10:35 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has joined #openvpn
10:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
10:35 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
10:35 -!- FlipBill [~bill@smtpv3.cosi.net] has joined #openvpn
10:35 -!- wsky [~sexyboy@unaffiliated/sexyboy] has joined #openvpn
10:35 -!- andy09usa [~andy@unaffiliated/andy09usa] has joined #openvpn
10:35 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
10:35 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
10:35 -!- CGML [~CGML@unaffiliated/cgml] has joined #openvpn
10:35 -!- Gizmokid2005 [~Gizmokid2@dedi2.gizmokid2005.com] has joined #openvpn
10:35 -!- IronY [~IronY@unaffiliated/irony] has joined #openvpn
10:35 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
10:35 -!- Neal_ [~neal@felix.ineal.me] has joined #openvpn
10:35 -!- lev__ [~lev@stipakov.fi] has joined #openvpn
10:35 -!- zpatten [~zpatten@unaffiliated/zpatten] has joined #openvpn
10:35 -!- ServerMode/#openvpn [+o mattock1] by verne.freenode.net
10:40 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
10:40 -!- Kniaz [Kniaz@unaffiliated/kniaz] has joined #openvpn
10:40 -!- Jeroen [~Jeroen@2001:41d0:1:9592::1] has joined #openvpn
10:40 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
10:40 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
10:40 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
10:40 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
10:40 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-fiztsaxaynygvhas] has joined #openvpn
10:40 -!- kraut [~kraut@2a02:8204:d601:4::2] has joined #openvpn
10:40 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
10:40 -!- troyt [~troyt@2601:681:4600:7461:44dd:acff:fe85:9c8e] has joined #openvpn
10:40 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
10:40 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
10:40 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
10:40 -!- dan_j [sid21651@gateway/web/irccloud.com/x-jrtsgftgrefdkzuf] has joined #openvpn
10:40 -!- jesopo [jess@lolnerd.net] has joined #openvpn
10:40 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
10:40 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
10:40 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
10:40 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
10:40 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
10:40 -!- doop [~doop@colostomy.club] has joined #openvpn
10:40 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
10:40 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
10:40 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
10:40 -!- vtwo [~vtwo@unaffiliated/vtwo] has joined #openvpn
10:40 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
10:40 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
10:40 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
10:40 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
10:40 -!- Denial [~Denial@81.141.18.138] has joined #openvpn
10:40 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
10:40 -!- M4rc3l [~xxx@unaffiliated/m4rc3l] has joined #openvpn
10:40 -!- shio [shio@220.188.103.84.rev.sfr.net] has joined #openvpn
10:40 -!- tiago [tiago@unaffiliated/ttsda] has joined #openvpn
10:40 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
10:40 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
10:40 -!- ShadniX [dagger@p5481DE67.dip0.t-ipconnect.de] has joined #openvpn
10:40 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
10:40 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:40 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
10:40 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
10:40 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
10:40 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
10:40 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
10:40 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
10:40 -!- ServerMode/#openvpn [+ovo plaisthos s7r mattock] by verne.freenode.net
10:40 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has joined #openvpn
10:40 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
10:40 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
10:40 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
10:40 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
10:40 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:40 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
10:40 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
10:40 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
10:40 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:40 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
10:40 -!- PhoenixS [~seedbox@ns3096936.ip-91-121-194.eu] has joined #openvpn
10:40 -!- lumidee [~esing@unaffiliated/esing] has joined #openvpn
10:40 -!- rooth [~rooth@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
10:40 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
10:40 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
10:40 -!- iNs [~ins@85.17.164.26] has joined #openvpn
10:40 -!- valdikss [~valdikss@95.215.45.33] has joined #openvpn
10:40 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
10:40 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
10:40 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
10:40 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
10:40 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
10:40 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
10:40 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
10:40 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
10:40 -!- mete [~mete@91.247.253.160] has joined #openvpn
10:40 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
10:40 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:40 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
10:40 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
10:40 -!- Tykling [~tykling@gibfest.dk] has joined #openvpn
10:40 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has joined #openvpn
10:40 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:40 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
10:40 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:40 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:40 -!- casdr [sid130744@gateway/web/irccloud.com/x-nalwelivyfydzjpz] has joined #openvpn
10:40 -!- wiz [~sid1@irc-gw.wiz.network] has joined #openvpn
10:40 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
10:40 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has joined #openvpn
10:40 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
10:40 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
10:40 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:40 -!- ello_govna [~ello_govn@98.231.186.89] has joined #openvpn
10:40 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
10:40 -!- ServerMode/#openvpn [+v hazardous] by verne.freenode.net
10:40 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
10:40 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
10:40 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:40 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
10:40 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
10:40 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
10:40 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
10:40 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
10:40 -!- Champi [Champi@damn.e-leet.be] has joined #openvpn
10:40 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
10:40 -!- unholycrab [~unholycra@unaffiliated/computer] has joined #openvpn
10:40 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
10:40 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
10:40 -!- wazaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
10:40 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
10:40 -!- musca [~musca@tyrael.eu] has joined #openvpn
10:40 -!- metaf5 [~metaf5@31.220.42.38] has joined #openvpn
10:40 -!- isReKT2000 [isReKT2000@gateway/shell/layerbnc/x-nnczpeeeoanvwiaf] has joined #openvpn
10:40 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
10:40 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has joined #openvpn
10:40 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
10:40 -!- banco [~ban@212.164.222.212] has joined #openvpn
10:40 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
10:40 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
10:40 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
10:40 -!- fling [~fling@fsf/member/fling] has joined #openvpn
10:40 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
10:40 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
10:40 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
10:40 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
10:40 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
10:40 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
10:40 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
10:40 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:40 -!- toli [~toli@ip-62-235-241-54.dsl.scarlet.be] has joined #openvpn
10:40 -!- Willis [Willis@107.161.160.241] has joined #openvpn
10:40 -!- mcp [~mcp@178.63.188.211] has joined #openvpn
10:40 -!- dhcpfreely [~dhcp_free@ec2-52-33-220-248.us-west-2.compute.amazonaws.com] has joined #openvpn
10:40 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
10:40 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
10:40 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
10:40 -!- tomodachi [~tomodachi@s-000802a0bdd3.04-30-73746f34.cust.bredbandsbolaget.se] has joined #openvpn
10:40 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
10:40 -!- iokill_ [~dave@pippin.sigma-star.at] has joined #openvpn
10:40 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
10:40 -!- varesa_ [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
10:40 -!- ServerMode/#openvpn [+oov syzzer vpnHelper RBecker] by verne.freenode.net
10:40 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
10:40 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
10:40 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
10:40 -!- Exagone313 [exa@elou.world] has joined #openvpn
10:50 -!- Netsplit *.net <-> *.split quits: Darkwell, @mattock, Denial, OS-16517, fling, Kniaz, SoreGums, Vercas, @syzzer, jeev,  (+76 more, use /NETSPLIT to show all of them)
10:51 -!- Netsplit *.net <-> *.split quits: lxusrbin, d10n, Gaffel, NP-Hardass, Magiobiwan, Zimsky, AlexRussia, XJR-9, le0, valkyr1e,  (+46 more, use /NETSPLIT to show all of them)
10:55 -!- early [~early@2607:5300:100:200::160d] has joined #openvpn
10:55 -!- Kniaz [Kniaz@unaffiliated/kniaz] has joined #openvpn
10:55 -!- Jeroen [~Jeroen@2001:41d0:1:9592::1] has joined #openvpn
10:55 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
10:55 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
10:55 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
10:55 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
10:55 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-fiztsaxaynygvhas] has joined #openvpn
10:55 -!- kraut [~kraut@2a02:8204:d601:4::2] has joined #openvpn
10:55 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
10:55 -!- troyt [~troyt@2601:681:4600:7461:44dd:acff:fe85:9c8e] has joined #openvpn
10:55 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
10:55 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
10:55 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has joined #openvpn
10:55 -!- dan_j [sid21651@gateway/web/irccloud.com/x-jrtsgftgrefdkzuf] has joined #openvpn
10:55 -!- jesopo [jess@lolnerd.net] has joined #openvpn
10:55 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn
10:55 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
10:55 -!- _0x5eb_ [~seb@seb-hpws2.w1.tele.crt1.net] has joined #openvpn
10:55 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
10:55 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
10:55 -!- doop [~doop@colostomy.club] has joined #openvpn
10:55 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
10:55 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
10:55 -!- diytto [~diytto@2a01:4f8:162:124::2] has joined #openvpn
10:55 -!- vtwo [~vtwo@unaffiliated/vtwo] has joined #openvpn
10:55 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
10:55 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
10:55 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
10:55 -!- _KaszpiR_ [quasselcor@unaffiliated/kaszpir/x-3157048] has joined #openvpn
10:55 -!- Denial [~Denial@81.141.18.138] has joined #openvpn
10:55 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
10:55 -!- M4rc3l [~xxx@unaffiliated/m4rc3l] has joined #openvpn
10:55 -!- shio [shio@220.188.103.84.rev.sfr.net] has joined #openvpn
10:55 -!- tiago [tiago@unaffiliated/ttsda] has joined #openvpn
10:55 -!- abra0 [abra0@unaffiliated/abra0] has joined #openvpn
10:55 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
10:55 -!- ShadniX [dagger@p5481DE67.dip0.t-ipconnect.de] has joined #openvpn
10:55 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
10:55 -!- Exagone313 [exa@elou.world] has joined #openvpn
10:55 -!- clu5ter [~staff@unaffiliated/clu5ter] has joined #openvpn
10:55 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
10:55 -!- FruitieX [~FruitieX@unaffiliated/fruitiex] has joined #openvpn
10:55 -!- varesa_ [~varesa@ec2-54-171-127-114.eu-west-1.compute.amazonaws.com] has joined #openvpn
10:55 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
10:55 -!- iokill_ [~dave@pippin.sigma-star.at] has joined #openvpn
10:55 -!- ServerMode/#openvpn [+ov plaisthos s7r] by verne.freenode.net
10:55 -!- Schrottfresse [~quassel@schrottfresse.de] has joined #openvpn
10:55 -!- tomodachi [~tomodachi@s-000802a0bdd3.04-30-73746f34.cust.bredbandsbolaget.se] has joined #openvpn
10:55 -!- Matir [~matir@ubuntu/member/matir] has joined #openvpn
10:55 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
10:55 -!- RBecker [~Ryan@openvpn/user/RBecker] has joined #openvpn
10:55 -!- dhcpfreely [~dhcp_free@ec2-52-33-220-248.us-west-2.compute.amazonaws.com] has joined #openvpn
10:55 -!- mcp [~mcp@178.63.188.211] has joined #openvpn
10:55 -!- Willis [Willis@107.161.160.241] has joined #openvpn
10:55 -!- toli [~toli@ip-62-235-241-54.dsl.scarlet.be] has joined #openvpn
10:55 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
10:55 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
10:55 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
10:55 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
10:55 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
10:55 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
10:55 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
10:55 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
10:55 -!- fling [~fling@fsf/member/fling] has joined #openvpn
10:55 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
10:55 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
10:55 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
10:55 -!- banco [~ban@212.164.222.212] has joined #openvpn
10:55 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
10:55 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has joined #openvpn
10:55 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
10:55 -!- isReKT2000 [isReKT2000@gateway/shell/layerbnc/x-nnczpeeeoanvwiaf] has joined #openvpn
10:55 -!- metaf5 [~metaf5@31.220.42.38] has joined #openvpn
10:55 -!- musca [~musca@tyrael.eu] has joined #openvpn
10:55 -!- Vercas [~Vercas@unaffiliated/vercas] has joined #openvpn
10:55 -!- wazaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
10:55 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
10:55 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
10:55 -!- unholycrab [~unholycra@unaffiliated/computer] has joined #openvpn
10:55 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
10:55 -!- Champi [Champi@damn.e-leet.be] has joined #openvpn
10:55 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
10:55 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
10:55 -!- Nomads [~Qann@5.135.176.3] has joined #openvpn
10:55 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
10:55 -!- d10n [~d10n@unaffiliated/d10n] has joined #openvpn
10:55 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:55 -!- Magiobiwan [~Magiobiwa@unaffiliated/magiobiwan] has joined #openvpn
10:55 -!- ketas [~ketas@229-211-191-90.dyn.estpak.ee] has joined #openvpn
10:55 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
10:55 -!- ello_govna [~ello_govn@98.231.186.89] has joined #openvpn
10:55 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:55 -!- ServerMode/#openvpn [+voo RBecker vpnHelper syzzer] by verne.freenode.net
10:55 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
10:55 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
10:55 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has joined #openvpn
10:55 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
10:55 -!- wiz [~sid1@irc-gw.wiz.network] has joined #openvpn
10:55 -!- casdr [sid130744@gateway/web/irccloud.com/x-nalwelivyfydzjpz] has joined #openvpn
10:55 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:55 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
10:55 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:55 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has joined #openvpn
10:55 -!- Tykling [~tykling@gibfest.dk] has joined #openvpn
10:55 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
10:55 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
10:55 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:55 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
10:55 -!- mete [~mete@91.247.253.160] has joined #openvpn
10:55 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
10:55 -!- whfsdude [~whfsdude@Zenoss/Support/whfsdude] has joined #openvpn
10:55 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
10:55 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
10:55 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
10:55 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
10:55 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
10:55 -!- obscurehero [~obscurehe@via.arcis.pw] has joined #openvpn
10:55 -!- valdikss [~valdikss@95.215.45.33] has joined #openvpn
10:55 -!- iNs [~ins@85.17.164.26] has joined #openvpn
10:55 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
10:55 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
10:55 -!- rooth [~rooth@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
10:55 -!- lumidee [~esing@unaffiliated/esing] has joined #openvpn
10:55 -!- PhoenixS [~seedbox@ns3096936.ip-91-121-194.eu] has joined #openvpn
10:55 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
10:55 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
10:55 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
10:55 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
10:55 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
10:55 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:55 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
10:55 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
10:55 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
10:55 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
10:55 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has joined #openvpn
10:55 -!- xMopxShell [~xMopxShel@192.95.23.134] has joined #openvpn
10:55 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
10:55 -!- shootbird [~quassel@beepbeep.serverpit.com] has joined #openvpn
10:55 -!- ServerMode/#openvpn [+v hazardous] by verne.freenode.net
10:55 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
10:55 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
10:55 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
10:55 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:55 -!- ServerMode/#openvpn [+o mattock] by verne.freenode.net
10:56 -!- catsup [d@ps38852.dreamhost.com] has quit [Max SendQ exceeded]
10:59 -!- wsky [~sexyboy@unaffiliated/sexyboy] has quit [Ping timeout: 260 seconds]
11:04 -!- mystica555_ [~mystica55@172.56.12.96] has quit [Ping timeout: 260 seconds]
11:11 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
11:11 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
11:11 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:11 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
11:11 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
11:11 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
11:12 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
11:12 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
11:13 -!- mystica555 [~mystica55@172.56.12.96] has joined #openvpn
11:13 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
11:13 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
11:33 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
11:34 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
11:40 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:40 -!- mystica555 [~mystica55@172.56.12.96] has quit [Read error: Connection reset by peer]
11:43 -!- mystica555 [~mystica55@172.56.12.96] has joined #openvpn
11:43 -!- zamba [~marius@flage.org] has joined #openvpn
11:44 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
11:57 -!- saik0_ [~saik0@unaffiliated/saik0] has quit [Ping timeout: 260 seconds]
12:02 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
12:11 -!- mystica555_ [~mystica55@174-16-116-90.hlrn.qwest.net] has joined #openvpn
12:15 -!- mystica555 [~mystica55@172.56.12.96] has quit [Ping timeout: 245 seconds]
12:16 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
12:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:39 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
12:44 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
12:44 -!- v0lZy [~Thunderbi@BSN-77-81-109.static.siol.net] has quit [Ping timeout: 250 seconds]
12:47 -!- _Cyclone_ [~Cyclone@66.110.236.162] has joined #openvpn
12:47 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 245 seconds]
12:55 -!- AlmogBaku [~AlmogBaku@37.26.149.130] has joined #openvpn
12:59 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
13:03 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
13:16 -!- AlmogBaku [~AlmogBaku@37.26.149.130] has quit [Ping timeout: 260 seconds]
13:23 -!- resurtm [~resurtm@178.88.26.39] has joined #openvpn
13:25 < resurtm> Hello! I have some questions regarding using OpenVPN under SSL/TLS blocking circumstances. My government is going to substitute all the SSL/TLS certificates. They will force all the people here to install their new certificate and use it.
13:25 < resurtm> Is there any way to use OpenVPN with such conditions? I really do not like idea to share all my data with government.
13:26 < resurtm> So basically it will be like current situation in China with their so-called Golden Shield Project (refer to Wikipedia for more info).
13:27 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
13:27 < resurtm> Any advices and thoughts are appreciated!
13:28 < resurtm> Also I'm sorry if this subject is offtopic.
13:29 < resurtm> First of all I've found KVM based server located in Germany to run my OpenVPN. I personally use Debian GNU/Linux. There are no issues with hardward and gates at all.
13:29 < resurtm> Question is: how can I evade that TLS/SSL crap?
13:30 < resurtm> I saw obfsproxy way. Is it alive and promising in practice?
13:30 < resurtm> That's all. :-)
13:30 -!- kevdev [62659fe2@gateway/web/freenode/ip.98.101.159.226] has joined #openvpn
13:31 <@ecrist> resurtm: you'll need to find an open port out of the hostile environment and tunnel your vpn over that.
13:31 < kevdev> Hey there everyone, having some issues. I setup OpenvpnAS, everything worked fine was able to login fine. Then I turned on Google Authenticator and I cannot connect to my VPN with TFA, any special trick I need to do to get this working? Do I need to use PAM or can I use local?
13:31 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
13:32 < resurtm> ecrist, thanks! What if they block SSL/TLS on *ALL* ports at all? Is that possible to do?
13:33 <@ecrist> resurtm: it's not that they can block SSL/TLS
13:33 < resurtm> I know they use Deep Packet Inspection, if that helps.
13:33 <@ecrist> they would have to do some level of deep packet inspection
13:33 < resurtm> And they are blocking Tor for more than 3 years. I'm using it over obfsproxy.
13:33 <@ecrist> and from there, apply a policy to that traffic
13:33 < resurtm> Hm...
13:34 < Eugene> !as
13:34 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
13:34 < Eugene> kevdev ^
13:34 < kevdev> ty!
13:34 -!- kevdev [62659fe2@gateway/web/freenode/ip.98.101.159.226] has left #openvpn []
13:38 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:38 < resurtm> ecrist, ok, thanks! I just wanted to be sure I'm prepared and I'm ready for that. The law will start to work from 1st Jan 2016. Really upset of that. :-(
13:38 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
13:40 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has joined #openvpn
13:40 < hydrajump> if you have the server and client on the same LAN can the client connect for testing purposes before exposing the server to the internet?
13:46 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
13:49 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
13:53 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
13:56 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 245 seconds]
13:58 -!- __FBi [~B@Aircrack-NG/User] has joined #openvpn
13:58 -!- resurtm [~resurtm@178.88.26.39] has quit [Quit: Leaving]
13:59 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
14:00 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-fiztsaxaynygvhas] has quit [Write error: Connection reset by peer]
14:00 -!- dan_j [sid21651@gateway/web/irccloud.com/x-jrtsgftgrefdkzuf] has quit [Write error: Connection reset by peer]
14:00 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Read error: Connection reset by peer]
14:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:01 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:03 -!- Sakyl [~Sakyl@unaffiliated/sakyl] has joined #openvpn
14:03 < Sakyl> hi there
14:03 < Sakyl> I just installed openvpn on my debian vserver, following this tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
14:03 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Debian 8 | DigitalOcean (at www.digitalocean.com)
14:04 < Sakyl> Now I got a wierd errror in my syslog, when i try to connect: Authenticate/Decrypt packet error: missing authentication info
14:04 < Sakyl> I just rebuild all the certs for the server and the client, but the error persists
14:06 < Sakyl> I just can't get my head around it. There is no sepcial error and openvpn itself does not throw a single thing. This error comes up every time, when i try to connect. And, of course, the connection itself does not work
14:06 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
14:06 < DArqueBishop> Sakyl:
14:07 < DArqueBishop> !logs
14:07 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
14:07 < DArqueBishop> !configs
14:07 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:09 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
14:10 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
14:10 -!- mode/#openvpn [+o dazo] by ChanServ
14:13 < Sakyl> The logs, the ovpn and all the good stuff here. http://pastebin.com/dL0ENCG2
14:21 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
14:27 < Sakyl> At least, Im not the only who don't understand this error :D
14:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
14:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:31 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-esxystjoczsznawe] has joined #openvpn
14:31 -!- dan_j [sid21651@gateway/web/irccloud.com/x-lzylwrhszhqnqzhh] has joined #openvpn
14:35 -!- r3z [~r3z@8.28.81.17] has joined #openvpn
14:38 < r3z> Stepped in to try to fix an openvpn installation that has apparently stopped working. CLient cannot connect to anything inside the network.
14:41 < r3z> It doesnt look like it is adding the appropriate routes for the client.
14:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
14:42 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:42 < r3z> it only adds routes for the VPN vif subnet but not the LAN subnets
14:44 < r3z> internet traffic works and pops from the vpn but no other LAN traffic works
15:00 -!- dazo is now known as dazo_afk
15:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
15:07 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
15:14 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
15:14 -!- MogDog [~mogdog@mog.dog] has quit [Ping timeout: 245 seconds]
15:15 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 245 seconds]
15:16 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
15:17 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
15:34 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 264 seconds]
15:35 -!- jesopo [jess@lolnerd.net] has joined #openvpn
15:52 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:31 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:31 -!- r3z [~r3z@8.28.81.17] has quit [Ping timeout: 260 seconds]
17:08 -!- somis [~somis@70.38.6.189] has joined #openvpn
17:11 -!- papertigers [~papertige@pool-98-118-154-213.bflony.fios.verizon.net] has joined #openvpn
17:13 < papertigers> The documetation for including multiple machines on the client side of the vpn assumes you are using named clients.  Is it possible to do the same with a static key?
17:15 < banco> papertigers: you mean connect two LANs with VPN and static key? One LAN is behind server and one LAN is behind client?
17:15 < banco> papertigers: then yes, you can
17:15 < papertigers> banco: exactly
17:16 < papertigers> I can ping client and server
17:16 < papertigers> when I try to ping from the server to the client network, the client tries to respond via its default gw rather than the route
17:17 < banco> papertigers: that's right behavior
17:17 < banco> papertigers: you just need to add SNAT rules to the server and client firewalls
17:20 < papertigers> if the packet comes in sourced with the servers ip why isnt the client using the route it already knows about to send traffic back
17:20 < papertigers> if I ping the address directly it works
17:20 < banco> papertigers: that is if the server is default gw for its LAN machines and client is default gw for its LAN machines
17:20 < papertigers> (server ip)
17:21 < papertigers> let me be more clear.  Server has a public ip and the openvpn ip say 10.4.4.1
17:22 < papertigers> client has internal network and ip 10.0.1.5 and openvpn ip 10.4.4.2
17:22 < papertigers> the 10.4.4.x pings both ways
17:23 < papertigers> if I ping from the server to 10.0.1.5 I can see the packet come from 10.4.4.1 but the client instead tries to respond out of its ip to the gateway 10.0.1.1
17:24 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Ping timeout: 240 seconds]
17:25 < banco> papertigers: you need to use source NAT, read about it
17:25 -!- Kniaz [Kniaz@unaffiliated/kniaz] has quit [Ping timeout: 264 seconds]
17:26 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 250 seconds]
17:27 < papertigers> I understand that other machines using the client as a GW will need the SNAT.  I dont understand why the thing that knows how to reply to that network does as well
17:27 -!- cyberspace- [~cyberspac@ninthfloor.org] has joined #openvpn
17:29 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has joined #openvpn
17:29 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has joined #openvpn
17:37 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:56 < banco> papertigers: hm, yeah, paste your client routes and fw rules
17:59 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
18:01 -!- manitu [~manitu@2a01:4f8:131:5169::2] has quit [Ping timeout: 264 seconds]
18:02 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
18:12 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 250 seconds]
18:14 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Ping timeout: 244 seconds]
18:16 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:24 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
18:25 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
18:32 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
18:44 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 245 seconds]
19:00 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
19:24 -!- _Cyclone_ is now known as _Cyclone_[away]
19:26 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 246 seconds]
19:39 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 245 seconds]
19:40 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
19:42 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
20:13 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
20:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
21:18 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has joined #openvpn
21:29 -!- Lehvyn [~Lehvyn@unaffiliated/lehvyn] has joined #openvpn
21:44 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:54 -!- corpus [~mimesis@unaffiliated/corpus] has joined #openvpn
22:00 -!- somis [~somis@70.38.6.189] has quit [Quit: Leaving]
22:01 -!- corpus [~mimesis@unaffiliated/corpus] has quit [Read error: Connection reset by peer]
22:03 -!- wkts [~wkts@45.55.231.187] has joined #openvpn
22:04 < wkts> So this might be a weird question but I have a game server hosted on my VPS, which my VPN is also on. I noticed that when I have my VPN on when I connect to it, my actual IP shows.
22:04 < wkts> Is there anyway to get my VPN IP to show on my game server?
23:04 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
23:06 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
23:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
23:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:24 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:32 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
23:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:40 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Ping timeout: 260 seconds]
23:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
23:42 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 260 seconds]
23:43 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:44 -!- ShadniX [dagger@p5481DE67.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:45 -!- ShadniX [dagger@p5481DF40.dip0.t-ipconnect.de] has joined #openvpn
23:55 < Poster> wkts: yeah, instead of connecting to the public IP address of your game server, connect to the private, VPN address, likely somewhere in RFC1918
23:56 < Poster> When you launch a VPN that tunnels all Internet traffic, a host route is created to the public IP of the VPN server system, that route is also carrying your game traffic by default
--- Day changed Thu Dec 03 2015
00:02 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
00:16 -!- sgronblo [~samu@108.166.105.112] has left #openvpn []
00:43 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 240 seconds]
00:45 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 260 seconds]
00:45 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Ping timeout: 260 seconds]
00:46 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
00:46 -!- jesopo [jess@lolnerd.net] has joined #openvpn
00:47 -!- Exagone313 [exa@elou.world] has joined #openvpn
01:12 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
01:12 -!- mode/#openvpn [+o mattock1] by ChanServ
01:15 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
01:17 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:19 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
01:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
01:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:36 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
01:37 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
01:41 -!- lumidee [~esing@unaffiliated/esing] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
01:44 -!- lumidee [~esing@unaffiliated/esing] has joined #openvpn
01:44 -!- lumidee [~esing@unaffiliated/esing] has quit [Remote host closed the connection]
01:46 -!- lumidee [~esing@unaffiliated/esing] has joined #openvpn
01:46 -!- lumidee [~esing@unaffiliated/esing] has left #openvpn []
01:48 -!- ofaq [~lbz@unaffiliated/ofaq] has joined #openvpn
01:49 < ofaq> is there a windows 2012 client that works as a service?
01:49 < ofaq> latest community version doesn't work for me
01:54 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
01:58 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
01:59 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 260 seconds]
02:11 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
02:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
02:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
02:30 -!- {shiver} [~rob@101.178.136.234] has joined #openvpn
02:31 < {shiver}> !welcome
02:31 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
02:31 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
02:39 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 260 seconds]
02:40 < {shiver}> !goal
02:40 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
02:41 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
02:58 -!- {shiver} [~rob@101.178.136.234] has quit [Quit: WeeChat 1.3]
03:04 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
03:36 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
03:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
03:54 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:56 -!- toli [~toli@ip-62-235-241-54.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
04:00 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:00 -!- SubMind [~work@unaffiliated/submind] has joined #openvpn
04:01 < SubMind> hey wazzup in here ?
04:01 -!- toli [~toli@ip-62-235-241-54.dsl.scarlet.be] has joined #openvpn
04:02 < SubMind> what do you think of I2P ?
04:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 245 seconds]
04:06 -!- SubMind [~work@unaffiliated/submind] has quit [Quit: WeeChat 1.3]
04:07 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:17 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:22 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
04:23 < wizbit> i got openvpn working on pfsense, it works perfectly when browsing websites, watching iplayer, etc however, when i copy a file, the CPU instantly hits 100%, could this be a configuration problem?
04:34 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:37 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:40 < mystica555_> wizbit: depends on a lot of factors.. what sort of cpu is running pfsense? what speed are you getting from the file copy"
04:40 < mystica555_> ?
04:46 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:00 -!- dazo_afk is now known as dazo
05:10 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 276 seconds]
05:11 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
05:31 -!- tuxmartin [~martin@89.190.50.140] has joined #openvpn
05:31 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Remote host closed the connection]
05:35 < tomodachi> wizbit: could it be that you have lz compression enabled? and end up wasting cpu cycles trying to compress your data in the cpu of pfsense?
05:35 < tuxmartin> i, people from my company will travel to China next week. I need setup VPN for him. They need access to Gmail, Slack, Facebook,... I have sucesfully installed and tested OpenVPN on TCP443. By https://en.greatfire.org/ my server is not blocked in China. How much it is likely that it will work?
05:35 <@vpnHelper> Title: Online Censorship In China | GreatFire.org (at en.greatfire.org)
05:35 < tomodachi> tuxmartin: its impossible to say really
05:35 < tomodachi> tuxmartin: it can work one day fail another, also seems dependant on WHERE in china you connect from etc
05:36 < tomodachi> since we dont know exactly how their maching algoritm for VPN traffic works
05:36 < tuxmartin> tomodachi, It has more significance to install IPSEC, PPTP, ...?
05:36 < tuxmartin> tomodachi, but OpenVPN on TCP443 looks like regular web traffic
05:36 < tomodachi> tuxmartin: no it does not
05:37 < tuxmartin> I found on https://greycoder.com/best-vpn-china/ : "OpenVPN: Strangely, this is the least reliable protocol/client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets."
05:37 <@vpnHelper> Title: The Best VPN For China (Updated November 2015) - GreyCoder (at greycoder.com)
05:37 < tuxmartin> tomodachi, is good idea to run openvpn on multiple ports? for examle tcp443 and udp1194?
05:38 < tomodachi> tuxmartin: anything you can think of to obfuscate or run a non standard configuration will help
05:38 < wizbit> tomodachi: motherboard is a VIA EPIA-MII EPIA-MII12000 1200mhz
05:38 < wizbit> its only for home use, just 1 user
05:38 < wizbit> i will turn off lz compression and rest
05:39 < tomodachi> wizbit: sounds like some pfsense problem or something, check whats taking all your cpu in the terminal on your pfsense machine, and perhaps try asking in their channel *they have never answered a single question i have asked there though*
05:39 < wizbit> tomodachi: if i turn off al encryption its fast as hell
05:39 < wizbit> i have a soekris vpn1411 card, just waiting for a mini-pci to pci adapter, hopefully that might solve the issue
05:40 < wizbit> will do some tests with BF-CBC and no compression
05:42 -!- vtwo [~vtwo@unaffiliated/vtwo] has quit [Ping timeout: 250 seconds]
05:42 < tomodachi> wizbit: dont see how that is nessecary really unless you have shitloads of connections and traffic
05:42 < tomodachi> i just used a poweredge 1750 dell server,
05:42 < tomodachi> 100/100 mb internet connection ~ 120 users never had any cpu spikes
05:42 < tomodachi> cpu was probably around 1.2 Ghz
05:43 < tomodachi> tuxmartin: initially we we ran openvpn to our chineese branch office it worked well for years
05:43 < tomodachi> i guess openvpn was small enough not to be "noticed" or pattern matched in the Great Firewall of china
05:44 < tomodachi> but the last couple of years we started having more and more sporadic issues
05:44 < tomodachi> i tried ipsec,  l3vpn over ssh
05:44 < tomodachi> lots of stuff
05:44 < tomodachi> it worked for a short while just to start getting the same connectino issues
05:45 < tuxmartin> tomodachi, is possible to have only one OVPN file for client with multiple ports connections?
05:48 < tuxmartin> tomodachi, i found it <connection>
05:49 < wizbit> tomodachi: wow 120 users! if i turn off all encryption the CPU is fine
05:49 < wizbit> i will do some more tests
06:02 -!- tuxmartin [~martin@89.190.50.140] has quit [Quit: Leaving]
06:06 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
06:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
06:10 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:13 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 260 seconds]
06:16 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
06:16 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:20 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:21 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
06:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
06:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:33 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
06:38 -!- hydrajump [~hydrajump@unaffiliated/hydrajump] has left #openvpn ["WeeChat 0.4.3"]
06:42 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:45 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:46 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:02 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
07:15 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:37 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
07:44 -!- Ryushin [chris@2001:5c0:1000:a::37f] has joined #openvpn
07:55 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
08:01 -!- _Cyclone_[away] is now known as _Cyclone_
08:03 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 245 seconds]
08:12 < zamba> lo guys.. i'm running openvpn on a pppoe tunnel.. do i need to do anything in regards to mtu?
08:12 < zamba> the pppoe interface has mtu set to 1492
08:21 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
08:26 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:46 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:18 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:19 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
09:26 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:50 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
09:54 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has left #openvpn ["C'ya"]
09:55 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
09:58 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
10:04 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
10:06 -!- Denial [~Denial@81.141.18.138] has quit []
10:07 < Ryushin> Does Eurephia work with the 2.3.8?  I'm looking at implementing OpenVPN-NL with virtual users and password auth.
10:07 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:09 -!- Denial [~Denial@81.141.18.138] has joined #openvpn
10:12 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
10:13 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 240 seconds]
10:14 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
10:17 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
10:18 -!- johnny56 [~johnny56@gateway/vpn/privateinternetaccess/johnny56] has quit [Ping timeout: 264 seconds]
10:18 < wkts> Er
10:18 < wkts> Can someone translate this?
10:18 < wkts> [00:49:35] <Poster> wkts: yeah, instead of connecting to the public IP address of your game server, connect to the private, VPN address, likely somewhere in RFC1918
10:18 < wkts> [00:50:04] <Poster> When you launch a VPN that tunnels all Internet traffic, a host route is created to the public IP of the VPN server system, that route is also carrying your game traffic by default
10:19 < wkts> I'm guessing private VPN address is the 10.8.0.0.x address?
10:19 < wkts> The second part I completely can't guess.
10:20 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Client Quit]
10:20 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
10:21 -!- banco [~ban@212.164.222.212] has joined #openvpn
10:24 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
10:31 -!- somis [~somis@70.38.6.186] has joined #openvpn
10:42 < Ryushin> Trying to find docs about creating username/password auth using virtual users.
10:55 < Poster> wkts: yes 10.8.0.x sounds reasonable for the gateway to your OpenVPN server system
10:56 < Poster> The second part I was just trying to explain why your traffic wasn't showing up as coming from your VPN server address
10:57 < wkts> So let's say my IP is
10:57 < wkts> A.A.A.A
10:57 < wkts> instead of connecting to that (sorry for extra octet last time btw)
10:57 < wkts> If I connect to 10.8.0.0 it should show up as A.A.A.A?
10:58 -!- jefferai [sid1300@kde/mitchell] has quit []
10:59 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
10:59 < Poster> When you make connections to 10.8.0.0 (I'm assuming this is the IP address on the OpenVPN server), your traffic is most likely sourcing from 10.8.0.2 (or some address near 10.8.0.0)
11:00 < Poster> whatever that client address is, will appear as your connecting address to your gaming server system
11:01 < wkts> Ah okay. Just tested this and yeah my client shows up as 10.8.0.0
11:01 < wkts> x*
11:01 < wkts> Is it possible for it to show as A.A.A.A?
11:05 < Poster> ok what does A.A.A.A correspond to?
11:05 < Poster> Is it your Internet public address or the public address of your OpenVPN server system?
11:08 < wkts> the latter
11:08 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:09 < Poster> it might be, what OS is the OpenVPN server system?
11:14 -!- jefferai [sid1300@kde/mitchell] has quit [Ping timeout: 264 seconds]
11:14 < wkts> ubuntu
11:14 < Poster> ok and what port(s) does your gaming server run on?
11:15 < wkts> 1111
11:15 < Poster> also, is it TCP, UDP or both?
11:15 < wkts> ..............
11:15 < wkts> let me find out
11:15 < wkts> i think it's udp though
11:15 < Poster> a lot of games are
11:16 -!- jefferai [sid1300@kde/mitchell] has joined #openvpn
11:16 < wkts> i think it's udp
11:16 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 245 seconds]
11:16 < Poster> ok I am not 100% sure if this will work, but we can try
11:17 < wkts> ok
11:17 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
11:17 < Poster> I'm going to assume that your OpenVPN server public IP is 1.2.3.4 with a device name of eth0, the OpenVPN server VPN address (where clients route traffic) is 10.8.0.1 with a device name of tap0
11:18 < wkts> tun0 ?
11:18 < Poster> oh ok, it's a tun interface
11:18 < Poster> np there
11:18 < Poster> sudo iptables -t nat -A PREROUTING -i tun0 -p udp -d 10.8.0.1 --dport -j DNAT --to-dest 1.2.3.4
11:19 < wkts> god i need to learn iptables what does that do >.>
11:19 < Poster> sorry scratch that
11:19 < Poster> sudo iptables -t nat -A PREROUTING -i tun0 -p udp -d 10.8.0.1 --dport 1111 -j DNAT --to-dest 1.2.3.4
11:19 < Poster> sudo iptables -t nat -A POSTROUTING -o eth0 -p udp -d 1.2.3.4 --dport 1234 -j SNAT --to-source 1.2.3.4
11:20 < Poster> I am not 100% sure that will work, but you can give it a try
11:21 < Poster> the prerouting rule takes traffic destined to 10.8.0.1 (VPN Server) and does a "port forward" to the public IP address on the OpenVPN server itself
11:21 < wkts> i'm confused what -A does atm one sec let me read through the rest of the man page
11:21 < Poster> the postrouing rule takes the traffic destined for for the public IP address of the OpenVPN server and forces the source IP address to be 1.2.3.4, rather than preserving the original 10.8.0.x
11:21 < Poster> -A is append
11:22 < Poster> if you have an existing firewall script/iptables-save, you will need to try and merge it in there somewhere
11:22 < wkts> i guess i should say i'm not sure where it appends as i don't have a good understanding of iptables
11:22 < Poster> it's to the end of anything existing
11:22 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
11:23 < wkts> does that not... muck up routing?
11:23 < Poster> not really, it is essentially a "port forward" for VPN traffic only
11:23 < Poster> you can purge the rules by changing the -A (append) to -D (delete)
11:24 < wkts> ah
11:24 < Poster> -D might be drop, I don't remember, it removes though
11:25 < wkts> -D seems to be delete
11:25 < Poster> wow sorry
11:25  * Poster sips more coffee
11:25 < wkts> oops i forgot to change 1.2.3.4
11:25 < Poster> yeah also make sure --dport 1111
11:25 < wkts> i just -D that to delete it right?
11:25 < wkts> XD
11:25 < Poster> yep
11:26 < wkts> what's port 1234 in the second command
11:26 < Poster> a typo
11:26 < Poster> please make it 1111
11:26 < Poster> sudo iptables -t nat -A PREROUTING -i tun0 -p udp -d 10.8.0.1 --dport 1111 -j DNAT --to-dest 1.2.3.4
11:26 < Poster> sudo iptables -t nat -A POSTROUTING -o eth0 -p udp -d 1.2.3.4 --dport 1111 -j SNAT --to-source 1.2.3.4
11:27 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
11:28 < wkts> restart openvpn?
11:28 < wkts> or not necessary?
11:28 < Poster> should not need to
11:28 < Poster> I am not really sure if it will work
11:28 < wkts> so dont connect to 1.2.3.4
11:28 < wkts> connect to 10.8.0.1 to test?
11:28 < Poster> no, connect to 10.8.0.x
11:28 < Poster> yep
11:29 < wkts> could not connect to server
11:30 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:30 < Poster> ok make sure you replaced 1.2.3.4 in both iptables lines with the public IP address of your VPN/Gaming server
11:30 < wkts> yup
11:30 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
11:30 < Poster> ok let's try dropping the postrouing rule
11:31 < Poster> sudo iptables -t nat -D POSTROUTING -o eth0 -p udp -d 1.2.3.4 --dport 1111 -j SNAT --to-source 1.2.3.4
11:31 < wkts> change A to D?
11:31 < Poster> yep
11:31 < Poster> once that's deleted, retry your game connection
11:32 < wkts> could not connect to server
11:32 < Poster> ok when you run an "ifconfig tun0" on your OpenVPN server system, is the local address 10.8.0.1 ?
11:33 < wkts> tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
11:33 < wkts>           inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.2
11:33 < wkts> yes not sure what ptp is
11:33 < Poster> point to point
11:33 < wkts> op gotta go see you in a bit
11:33 < wkts> ty for help
11:33 < Poster> np, ttyl
11:36 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:39 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 264 seconds]
11:39 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
11:40 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
11:42 < Dr-007> good evening, when acting as a "client" i trigger a script when the openvpn client gets "up". this script echo's $tls_id_0. i expected it to give me the client cert signing info but instead it seems the info inside $tls_id_0 is from the openvpn server
11:43 < Dr-007> is it possible to get the client signing info? or am i just not looking good
11:43 < Dr-007> and should it already be like that
11:51 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 260 seconds]
11:54 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 250 seconds]
11:54 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 246 seconds]
11:58 -!- banco [~ban@212.164.222.212] has joined #openvpn
12:13 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:25 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
12:29 -!- _FBi [B@Aircrack-NG/User] has quit [Ping timeout: 264 seconds]
12:33 -!- veverak [~squirrel@ip-89-102-104-133.net.upcbroadband.cz] has joined #openvpn
12:33 < veverak> hi folks
12:34 < veverak> I have openvpn server on linux machine in network with upnp streaming device (minidlna)... I can see upnp on eth0 on that vpn server
12:34 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
12:34 < veverak> what's proper way to setup linux, so it forwards upnp packects into vpn?
12:35 < veverak> I could find some examples for cases when upnp streaming software was on same machine as vpn server
12:35 < veverak> but not sure about how I should approach mine case
12:35 < veverak> P.S: vpn is running over "tap" devices :)
12:40 < Poster> I think that might be somewhat tricky, as I understand upnp, it is a broadcast based protocol
12:40 < Poster> the only way I can think to have it work across a VPN would be to use a "bridged" VPN - layer 2 instead of a "routed" VPN - layer 3
12:40 < Poster> It does appear there are upnp proxy systems available, that might be a better choice
12:41 < Poster> http://www.nongnu.org/upnpproxy/ is one I found in a quick search
12:41 <@vpnHelper> Title: UPnP Proxy (at www.nongnu.org)
12:41 <@ecrist> veverak: what are you trying to do with upnp over your vpn?
12:42 < veverak> access upnp server that is on that network via my laptop
12:42 < veverak> :)
12:42 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
12:44 < veverak> Poster: can't use, it needs SW on both sides
12:44 < veverak> in future I would like to enable this feature to android (openvpn client)
12:45 < Poster> that being the case, I think a bridged connection is the only option
12:45 < veverak> I had this setup (both android, linux clients) working in past
12:45 < veverak> but ... that was when openvpn server/minidlna was one machine
12:45 < Poster> it might also work if the OpenVPN server IS the uPnP server too
12:45 < veverak> than I rebuilded entire server into virtualized servers and ... :)
12:46 < Poster> though I think that you'd probably need to run in a tap mode versus tun mode for the uPnP broadcasts to fly across the VPN link
12:47  * veverak runs tap mode
12:49 < veverak> (not sure if setup is correct :) )
12:49 < veverak> anyway, so far I am stuck with the fact that UPNP packets are not visible on servers tap0 interface...
12:50 < veverak> (not openvpn problem yet )
12:50 < veverak> tried to setup smcroute bet seems i failed
12:53 < Poster> is the OpenVPN server also the system running uPnP?
12:53 < veverak> nope
12:53 < Poster> ok that would be the only other way I could think it might work
13:00 -!- AlmogBaku [~AlmogBaku@bzq-199-168-31-125.red.bezeqint.net] has joined #openvpn
13:01 < veverak> fuuu, fail 1
13:01 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
13:01 < veverak> devices on vpn can't properly see any device on the network where vpn server is
13:02 < veverak> nah...
13:02 < veverak> (reason is that I didn't yet figuret out proper solution)
13:03 -!- AlmogBaku [~AlmogBaku@bzq-199-168-31-125.red.bezeqint.net] has quit [Client Quit]
13:04 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Ping timeout: 260 seconds]
13:05 < veverak> hmm
13:05 < veverak> yeah, this needs proper solution
13:05 < veverak> let's use sshfs as backup to get my media... thanks for now guys! :)
13:10 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:21 -!- wizbit [~wizbit@unaffiliated/wizbit] has left #openvpn []
13:26 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
13:30 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 260 seconds]
13:32 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
13:45 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
13:56 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
14:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
14:20 < Poster> veverak: a lot of what you are after may be solved by using a layer 2 bridge, but it's not as efficient
14:20 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:21 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 245 seconds]
14:22 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
14:32 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
14:41 < wkts> iptables --flush to redo my iptables?
14:42 < wkts> btw
14:42 -!- Chatterbox- [~Chatterbo@104.156.254.139] has joined #openvpn
14:42 < wkts> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
14:42 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
14:42 < wkts> what is the "LAN"
14:43 < wkts> LAN is the 10.8.0.x?
14:46 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:51 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
14:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
14:53 -!- kraut [~kraut@2a02:8204:d601:4::2] has quit [Ping timeout: 264 seconds]
14:56 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
15:21 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
15:22 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Ping timeout: 264 seconds]
15:55 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
15:58 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
15:59 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
16:02 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
16:03 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:04 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
16:06 < Poster> wkts: yes if you want to flush all rules, iptables -F will get it
16:07 < Poster> be advised that iptables -F implies the filter table
16:07 < Poster> iptables -t nat -F
16:07 < Poster> will flush the nat table
16:07 < Poster> you can also flush the mangle table, but it is likely unused with: iptables -t mangle -F
16:13 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Read error: Connection reset by peer]
16:13 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
16:14 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:15 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
16:16 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
16:28 -!- Ryushin [chris@2001:5c0:1000:a::37f] has quit [Ping timeout: 250 seconds]
16:28 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 260 seconds]
16:31 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
16:42 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Read error: Connection reset by peer]
16:42 -!- egrain [~melissa@p4FC84BE7.dip0.t-ipconnect.de] has joined #openvpn
16:42 < egrain> what is the correct syntax for the server config. i want to enable client-to-client in there.
16:43 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
16:43 < egrain> oh, never mind, found it. it's just "client-to-client" in the config.
16:43 < egrain> thanks anyway.
16:44 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Quit: Leaving]
16:44 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Read error: Connection reset by peer]
16:45 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
16:47 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
16:48 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Read error: Connection reset by peer]
16:51 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
16:54 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
16:56 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Read error: Connection reset by peer]
16:56 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has joined #openvpn
16:56 -!- egrain [~melissa@p4FC84BE7.dip0.t-ipconnect.de] has quit [Quit: Spass und Freude]
17:04 < wkts> ah  okay need to get my iptables back to normal Poster  XD
17:11 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
17:20 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
17:20 -!- AlmogBaku [~AlmogBaku@bzq-79-177-207-57.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:27 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
17:29 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:31 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:31 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Ping timeout: 240 seconds]
17:35 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
17:45 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
17:47 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
17:51 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
17:55 -!- Zzyzx is now known as THX1138
17:55 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
18:06 -!- volkswagner [~Adium@2604:2000:1114:4009:96f:cbe1:4314:6d6f] has joined #openvpn
18:11 -!- Chatterbox- [~Chatterbo@104.156.254.139] has quit [Ping timeout: 245 seconds]
18:18 -!- Ryushin [user@windwalker.chrisdos.com] has joined #openvpn
18:18 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Quit: Leaving]
18:35 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
18:37 -!- {shiver} [~shiver@mail.vally.co.nz] has joined #openvpn
18:39 < volkswagner> Greetings, I'm trying to get open
18:39 < volkswagner> OpenVPN with two client connections on Netgear WNDR3800 running OpenWRT.
18:40 < volkswagner> I can get each config to work individually, but It seems my firewall.user config does not work when both tun adapters are up (user firewall > http://pastebin.com/chQn1wk5)
18:41 < volkswagner> Here is openVPNconfig  http://pastebin.com/hCtu8c4E
18:41 < volkswagner> I can get both tun adapters up, but can't ping server, so I think it's a firewall issue. I don't know how to adapt iptables configs to point to individual tun adapters
19:03 < {shiver}> hiya. looking for some advice for a setup that i have inherited. basically we have public facing site. There are aspects of this which are restricted based on the origin IP. a layer 3 openvpn setup has been esabilished, but we are not replacing clients default gateway. simply adding routes to the relevant subnets which would go over the tun device
19:04 < {shiver}> this has proved to be somewhat unreliable since clients will sometimes connect via the tun device and sometimes not
19:05 < {shiver}> ideally we dont want the vpn to serve all client traffic. only traffic destined for the specific subnets
19:05 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:05 < {shiver}> but since the subnet is publically available, i assume our setup is not really feasbile?
19:07 < {shiver}> is a vpn even the right thing to be using in this situation?
19:13 -!- u0m3 [~u0m3@89.120.204.99] has quit [Read error: Connection reset by peer]
19:18 -!- somis [~somis@70.38.6.186] has quit [Quit: Leaving]
19:24 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has joined #openvpn
19:30 < anabain> Hi, I want to know why, after having established the VPN successfully, pinging from my remote android device works in all cases, i.e., to members of the local LAN and to "the internet" (8.8.8.8), but *not* to the virtual VPN gateway nor to the "real" one, which are the same physical device, that is, a dd-wrt router running openvpn.
19:41 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
19:43 -!- dazo is now known as dazo_afk
20:17 -!- r4inmak3r [~n0b0dyh3r@93.186.251.170] has joined #openvpn
20:19 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Ping timeout: 260 seconds]
20:36 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
20:37 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
20:39 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
21:13 -!- ofaq [~lbz@unaffiliated/ofaq] has left #openvpn ["Leaving"]
21:20 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
21:35 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
21:39 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Quit: Leaving]
21:53 -!- _Cyclone_ is now known as _Cyclone_[away]
22:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
22:03 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
22:04 -!- r4inmak3r [~n0b0dyh3r@93.186.251.170] has quit [Ping timeout: 246 seconds]
22:14 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
23:15 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
23:27 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
23:27 -!- mode/#openvpn [+o mattock1] by ChanServ
23:34 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Ping timeout: 260 seconds]
23:42 -!- ShadniX [dagger@p5481DF40.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:44 -!- ShadniX [dagger@p5481DA51.dip0.t-ipconnect.de] has joined #openvpn
23:45 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
23:48 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 245 seconds]
23:49 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
23:49 < _FBi> !seen krzee
23:49 <@vpnHelper> krzee was last seen in #openvpn 7 weeks, 1 day, 4 hours, 47 minutes, and 42 seconds ago: <krzee> !routebyapp
23:50 < _FBi> good night ninjas
--- Day changed Fri Dec 04 2015
00:16 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has quit [Ping timeout: 246 seconds]
00:16 -!- s7eele [~AndChat52@104.156.228.79] has joined #openvpn
00:26 -!- extri [~extri@unaffiliated/xyk] has joined #openvpn
00:28 -!- mystica555_ [~mystica55@174-16-116-90.hlrn.qwest.net] has quit [Remote host closed the connection]
00:28 -!- Gwoplock [~quassel@104.56.172.189] has quit [Quit: No Ping reply in 180 seconds.]
00:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:00 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has quit [Ping timeout: 260 seconds]
01:06 -!- f31n [~f31n@chello080108087069.7.11.vie.surfer.at] has joined #openvpn
01:39 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
01:42 < subzero79> volkswagner, try to declare explicit tun adapters tun0 and tun1
01:43 < subzero79> also is easier to configure in openwrt using a openvpn.conf
01:43 < subzero79> !openwrt
01:43 <@vpnHelper> "openwrt" is In OpenWRT, the easiest way to supply configs with the stock init is to use the `option config /path/to/your/openvpn.conf` in your UCI stanza. This allows you to maintain a standard config file that OpenWRT can launch for you.
01:56 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 246 seconds]
02:04 -!- banco [~ban@212.164.222.212] has joined #openvpn
02:14 -!- c0ded [~c0ded@unaffiliated/c0ded] has quit [Quit: I Was Just De-c0ded!]
02:26 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
02:32 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
02:36 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Read error: Connection reset by peer]
02:39 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
02:40 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Read error: Connection reset by peer]
02:41 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
02:44 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Read error: Connection reset by peer]
02:45 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
02:46 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
03:22 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
03:26 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:37 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
03:53 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
03:53 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
04:07 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has quit [Read error: Connection reset by peer]
04:09 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
04:09 -!- cylon512 [~cylon512@108.61.24.5] has quit [Ping timeout: 245 seconds]
04:10 -!- cylon512 [~cylon512@nat2-nj01.vmpanel.net] has joined #openvpn
04:15 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 264 seconds]
04:16 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
04:16 -!- jesopo [jess@lolnerd.net] has joined #openvpn
04:19 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 245 seconds]
04:27 -!- netforhack [~netfo@176.113.254.160] has joined #openvpn
04:29 < netforhack> Hi, is it posible to run IPv6 server with dual-stack inside on DigitalOcean with /124 ipv6 network ?
04:38 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
04:49 < netforhack> !welcome
04:49 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:49 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:49 -!- dazo_afk is now known as dazo
04:54 < infernix> anyone know why the connected time in openvpn is weirdly off?
04:55 < netforhack> !welcome
04:55 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
04:55 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
04:55 < netforhack> !/30
04:55 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
04:55 < infernix> i'm booting a device at 10:34 UTC, it connects to openvpn at 10:35 UTC, but the openvpn server status (telnet) reports it connected at 10:47 UTC
04:55 < netforhack> !topology
04:55 < infernix> server is in the same timezone (UTC) as client
04:55 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
04:56 < netforhack> !logs
04:56 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
04:56 < infernix> so it seems like the openvpn connected since timestamp lies in the future
04:56 -!- netforhack [~netfo@176.113.254.160] has quit [Quit: Leaving]
05:02 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: C'ya]
05:03 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
05:06 -!- somis [~somis@70.38.6.186] has joined #openvpn
05:09 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has joined #openvpn
05:09 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:32 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:34 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
05:41 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
05:52 -!- shiriru [~shiriru@84.238.181.198] has joined #openvpn
06:12 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit []
06:12 -!- XJR-9_ [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
06:12 -!- XJR-9_ is now known as XJR-9
06:22 -!- veverak [~squirrel@ip-89-102-104-133.net.upcbroadband.cz] has left #openvpn ["WeeChat 1.0.1"]
06:36 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:36 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
06:41 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
06:53 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:54 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
06:54 -!- shiriru [~shiriru@84.238.181.198] has quit [Ping timeout: 260 seconds]
06:56 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:05 -!- _Cyclone_[away] is now known as _Cyclone_
07:19 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:31 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:32 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:47 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:05 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 264 seconds]
08:06 -!- jesopo [jess@lolnerd.net] has joined #openvpn
08:07 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Read error: Connection reset by peer]
08:13 -!- Stigmagr [57ca59ce@gateway/web/cgi-irc/kiwiirc.com/ip.87.202.89.206] has joined #openvpn
08:14 < Stigmagr> hello, could anyone help me please? I have just installed openvpn 2.3.8 on centos but i cant find easy-rsa scripts
08:14 < Stigmagr> where can i get them from ?
08:14 < Stigmagr> !welcome
08:14 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:14 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:15 < Stigmagr> !howto
08:15 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror or (#3) Getting started with OpenVPN: https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
08:16 < Stigmagr> !goal I would like to complete openvpn 2.3.8 on centos and find easy-rsa scripts
08:16 < Stigmagr> !welcome
08:16 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
08:16 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
08:17 < Stigmagr> the only place that i have found easy rsa is on github
08:17 < Stigmagr> but i dont know how to get them on my centos machine plus i havent used github before
08:18 < Stigmagr> is there anyone here who can help please?
08:25 < skyroveRR> Stigmagr: you can clone the repo.
08:25 < skyroveRR> git clone <path/to/that/github/repo>
08:26 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has joined #openvpn
08:27 < anabain> Stigmagr, I'm a ubuntu user, so perhaps I can only help you indirectly. Do you have any tool to install packages in CentOs?
08:33 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:38 < anabain> BTW, my own question is still open.
08:39 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 260 seconds]
08:50 < Stigmagr> hekki anabain\
08:50 < Stigmagr> centos is using yum
08:51 < Stigmagr> skyroveRR:should i install git and just clone it?
08:51 < skyroveRR> Stigmagr: yeah.
08:51 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:52 -!- mode/#openvpn [+o mattock1] by ChanServ
08:52 < Stigmagr> and then what ?
08:52 < Stigmagr> do i copy the scripts from the cloned folrder?
08:52 < skyroveRR> Then enter the easy-rsa directory, and create the necessary certs.
08:52 < Stigmagr> oh
08:52 < Stigmagr> i just write git and the path to repo?
08:53 < Stigmagr> in what ever folder i like?
08:53 < Stigmagr> sorry for the many questions it is just that i have never used github
09:02 < anabain> if you can perform any searching tasks with your package tool, try to find the easy-rsa package
09:03 < anabain> Stigmagr, in ubuntu is:    apt-cache search easy-rsa     which yields:    easy-rsa - Simple shell based CA utility
09:03 < Stigmagr> umm
09:03 < Stigmagr> i think there is non for openvpn 2.3.8
09:03 < anabain> then, you can apt-get install easy-rsa
09:04 < Stigmagr> or that is what i read
09:04 < Stigmagr> ohh
09:04 < Stigmagr> now i understand
09:04 < Stigmagr> mmm
09:06 < Stigmagr> i installed an easy-rsa-2.2.2-1.el6.noarch.rpm
09:06 < Stigmagr> is that it?
09:07 < anabain> easy-rsa does not have any necessary relation to openvpn in terms of dependency to work. Easy-rsa is a cryptographic utility, as far as I know.
09:07 < anabain> yes, that must work
09:07 < Stigmagr> so in /usr/share/easy-rsa/2.0/ are the scripts?
09:07 < anabain> you must have easy-rsa installed in your box
09:08 < Stigmagr> the think i installed right now was it right?
09:09 < anabain> yes, try to find them and copy them on another location, as said here, for example: http://wazem.blogspot.com.es/2013/07/how-to-configure-openvpn-between-dd-wrt.html
09:09 <@vpnHelper> Title: Victor's Blog: How To Configure OpenVPN between DD-WRT, Ubuntu and Android (at wazem.blogspot.com.es)
09:10 < Stigmagr> anabain: i already did thank you mate :)
09:10 < anabain> take a look at it, especially the first part, which can be useful to generate certificates and keys
09:10 < Stigmagr> i will proceed with the configuration now
09:10 < anabain> :)
09:10 < anabain> Stigmagr, you're welcome.
09:11 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:16 < anabain> Stigmagr, later, after the crypto stuff, if you're facing problems, perhaps another place worth to have a look is this guide, especially if you are setting an OpenVPN on a router with OpenVPN embedded: http://advancedhomeserver.com/dd-wrt-and-openvpn-part-2/
09:16 <@vpnHelper> Title: OpenVPN And DD-WRT Part 2 | Advanced Home Server (at advancedhomeserver.com)
09:17 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:20 < anabain> Stigmagr, I mean, an OpenVPN server on your home router.
09:24 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
09:24 < Dr-007> I just got the error There are no TAP-Windows adapters on this system.
09:24 < Dr-007> as a windows 10 client connecting to an openvpn server
09:25 < Dr-007> after re-installing the client it worked again
09:25 < Dr-007> this error appeared after restarting
09:25 < Dr-007> i'm using openvpn-install-2.3.8-I601-x86_64
09:32 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
09:40 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has quit [Remote host closed the connection]
09:44 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has joined #openvpn
09:49 < extri> !mitm
09:49 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
09:50 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
09:54 < extri> hi. speaking of mitm which of the TLS attacks is it vulnerable to?
09:55 < extri> !ovpnuke
09:55 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
09:56 < extri> !poodle
09:56 <@vpnHelper> "poodle" is (#1) http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html . OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. See also: !hardening for some unrelated TLS security options OpenVPN has or (#2) https://www.tinfoilsecurity.com/poodle for a tool for testing your websites
09:56 < extri> !hardening
09:56 <@vpnHelper> "hardening" is https://community.openvpn.net/openvpn/wiki/Hardening
10:05 < Ryushin> Can't quite figure out what parameter will reject clients that don't use "remote-cert-tls server" in their config.
10:08 < Ryushin> Which is more secure for TLS Cipehr: TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 or TLS-DHE-RSA-WITH-AES-256-CBC-SHA256?  I would think "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384".
10:08 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:12 < banco> Dr-007: check if you have openvpn process still running
10:12 < banco> Dr-007: else check if you have the TAP interface in the system
10:14 < banco> Dr-007: if you have the interface, then run as admin deltapall.bat and then addtap.bat from "C:\Program Files\TAP-Windows\bin"
10:14 < banco> Dr-007: fix: if you have the interface and there is no openvpn process running*
10:15 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
10:18 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
10:18 < banco> Ryushin: use ccd
10:20 < banco> Ryushin: you can push this option to the clients
10:20 < Ryushin> banco: ccd does not seem to be one of the otpions for the tls cipher?
10:20 < Ryushin> Or do you mean for rejecting clients that do not have remote-cert-tls server in their config?
10:20 < banco> Ryushin: I'm talking about the rejecting question
10:21 < Ryushin> Okay, I'll google that.
10:21 < banco> Ryushin: you can push this option to the clients instead of rejecting them
10:22 < banco> Ryushin: or you can just use push option in server config file instead of ccd
10:22 < banco> Ryushin: and just push this option to every clietn
10:22 < Ryushin> banco:  So essentially that forces it and the client will reject the connection itself.
10:23 < Ryushin> So will that fully protect MiTM attacks then?
10:25 < banco> Ryushin: hm, on second thought, it seems like this option is useless if it'll be pushed to the client after the client is connected to the server
10:25 < Ryushin> Yea, that is kind of what I was thinking as well.
10:26 < banco> Ryushin: though, if you read this "This is an important security precaution to protect against a man-in-the-middle attack where an authorized client attempts to connect to another client by impersonating the server."
10:26 < banco> Ryushin: then it'll work
10:26 < Ryushin> Running 2.3.8.  The server seems to accept connections without "remote-cert-tls server".  I used the new version of easy-rsa build-server-full to make the certs.
10:28 < Ryushin> But I guess I need to make sure the client has that option.  So if they connect to a fake server it will fail.
10:28 < Ryushin> So I guess it does not matter on the server end so much as the client end.
10:28 < banco> Ryushin: this option prevent the attacks from one client to the other client, but they should be connected and authorized to do so, then the will already have the "remote-cert-tls server" option pushed from server
10:29 < Ryushin> Oh, so it permanently adds it to their config.  That is cool.
10:30 < extri> nothing fully protects against mitm, especially with TLS
10:30 < banco> Ryushin: not in their config file, but the clients on connection to the server will receive this pushed options from server and will use them in this session
10:33 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
10:34 < Ryushin> Okay.  I guess I just need to read more.  I don't see how that protects against mitm if the client and server have already negotiated and authorized the connection.  I thought the client needs that option on the initial connect to reject the server if the cert presented is not correct.
10:35 < banco> Ryushin: "This is an important security precaution to protect against a man-in-the-middle attack where an authorized client attempts to connect to another client by impersonating the server."
10:35 < Ryushin> I've been using PPTP and IPSec with Win7 client for VPNs.  Going to complete migrate away to OpenVPN at this point.  PPTP is compromised and IPSec with the Win7 client force to use dh1024.
10:38 < Ryushin> I thought that adding "remote-cert-tls client" to the server config would reject clients that do not have that option, but that does not seem to be the case.
10:42 < Stigmagr> i have setup and configured openvpn server and my client
10:42 < Stigmagr> but when trying to connect it stops on MANAGEMENT: > STATE:1339246921, WAIT,,,
10:43 < Stigmagr> i do not receive an error messages
10:43 < Stigmagr> anyone knows what i am doing wrong?
10:44 < Stigmagr> sorry state is 1449246921
10:45 < banco> Ryushin: no, the "remote-cert-tls client" int he server config instructs the server to only allow connections from clients that have a cert with the X.509 EKU attribute set to "TLS Web Client Authentication"
10:45 -!- DMA [~dma@190.146.128.106] has joined #openvpn
10:46 < banco> Ryushin: https://goo.gl/oSuYnt
10:47 <@vpnHelper> Title: Mastering OpenVPN - Eric F Crist, Jan Just Keijser - Google Книги (at goo.gl)
10:47 < Stigmagr> that is the actual error that i am receiving
10:47 < Stigmagr> Fri Dec 04 18:39:57 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
10:47 < Stigmagr> Fri Dec 04 18:39:57 2015 TLS Error: TLS handshake failed
10:47 < Stigmagr> Fri Dec 04 18:39:57 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
10:47 < Stigmagr> Fri Dec 04 18:39:57 2015 TLS Error: TLS handshake failed
10:47 -!- dazo is now known as dazo_afk
10:50 < Stigmagr> i have set a rule on iptables in order to allow connection to port 1194
10:50 < banco> Stigmagr: what's stops on "MANAGEMENT: > STATE:1339246921, WAIT,,,"? Client?
10:50 < Ryushin> banco:  Thank you.
10:50 < banco> Stigmagr: the error says, that client can't connect to the server
10:50 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:50 < banco> Stigmagr: check the connection/fw
10:51 < Stigmagr> windows fw?
10:52 < banco> Stigmagr: client and server firewalls
10:52 < Stigmagr> server firewall is only iptables
10:52 < banco> Stigmagr: if you use windows, then windows fw
10:52 < Stigmagr> ok
10:53 < banco> Stigmagr: check if you can connect from client to the server port 1194 without openvpn first
10:54 < Stigmagr> how can i check that?
10:54 < banco> Stigmagr: are you using tcp or udp protocol in openvpn?
10:54 < Stigmagr> tcp
10:55 < banco> Stigmagr: then you can start openvpn on server and try to telnet to the server from client
10:57 < Stigmagr> sorry not tcp i am using udp :p
10:57 < Stigmagr> i was mistaken
10:59 < banco> Stigmagr: use tcpdump on served side and netcat on client side
11:02 < banco> Stigmagr: tcpdump 'port <port>'  and  nc -u <host> <port>
11:02 < Stigmagr> have to install it on server
11:02 < Stigmagr> what is the response that i should have?
11:03 < banco> Stigmagr: when you run tcpdump on server and netcat on client, then when you will type anything in the netcat, this should appear in the tcpdump output
11:04 < Stigmagr> ok i get it
11:04 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has quit [Remote host closed the connection]
11:05 < Stigmagr> is there a windows version for netcat?
11:05 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has joined #openvpn
11:05 < banco> Stigmagr: yes
11:05 < Stigmagr> 4th on google netcat for windows - jon craton?
11:07 < banco> Stigmagr: I'd use ncat from nmap
11:07 < banco> Stigmagr: https://nmap.org/ncat/
11:07 <@vpnHelper> Title: Ncat - Netcat for the 21st Century (at nmap.org)
11:07 < Stigmagr> thank you very much
11:07 -!- AlmogBaku [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
11:09 -!- user123irc [~user@78-62-111-164.static.zebra.lt] has joined #openvpn
11:10 < user123irc> hello if the OpenVPN gui is saying  Invalid setting VPN: ca      ,  from where I need to get it ?
11:10 < banco> user123irc: check the config file
11:10 < banco> the ca option
11:11 < user123irc> in config file only files for gateway
11:12 < banco> user123irc: paste the config file
11:12 < user123irc> http://www.vpnbook.com/#openvpn   downloaded it from here
11:12 <@vpnHelper> Title: Free VPN 100% Free PPTP and OpenVPN Service (at www.vpnbook.com)
11:14 < user123irc> http://www.vpnbook.com/free-openvpn-account/VPNBook.com-OpenVPN-Euro1.zip
11:14 < user123irc> so where is that CA ?
11:15 < banco> user123irc: in the <ca>...</ca> tags
11:16 < user123irc> aaa
11:17 < user123irc> that means my linux does something wrong
11:17 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:17 < user123irc> it should run imported and saved yes ?
11:17 < Stigmagr> banco: netcat and tcpdump seems to be working
11:18 < Stigmagr> i am receiving packets to tcp dump from my ip to server's ip.openvpn udp port 1194
11:18 < banco> user123irc: it works for me on windows client
11:19 < banco> Stigmagr: check once again the openvpn connection
11:19 < Stigmagr> i did
11:19 < Stigmagr> now i turned windows firewall off
11:19 < banco> Stigmagr: if it'll still won't work, then paste configs
11:19 < Stigmagr> and i am restarting
11:19 < Stigmagr> ok one second please
11:20 < user123irc> Have a quistion regarding Open VPN   I have downloaded files bundle from http://www.vpnbook.com/free-openvpn-account/VPNBook.com-OpenVPN-Euro1.zip   her , than imported them via GUI manager  after that I cannot save it because it says Invalid stting VPN: ca
11:20 < Stigmagr> banco: what config do you want me to paste? openvpn's?
11:20 -!- extri [~extri@unaffiliated/xyk] has left #openvpn []
11:20 < banco> Stigmagr: openvpn client and server
11:20 < Stigmagr> ok
11:21 < Stigmagr> client
11:21 < Stigmagr> dev tun
11:21 < Stigmagr> proto udp
11:21 < Stigmagr> remote 31.22.119.162 1194
11:21 < Stigmagr> resolv-retry infinite
11:21 < Stigmagr> nobind
11:21 < Stigmagr> persist-key
11:21 < Stigmagr> persist-tun
11:21 < Stigmagr> comp-lzo
11:21 < Stigmagr> verb 3
11:21 < Stigmagr> ca ca.crt
11:21 < Stigmagr> cert client.crt
11:21 < Stigmagr> key client.key
11:21 < Stigmagr> that is the openvpn client config
11:21 < Stigmagr> the ovpn file
11:22 < Stigmagr> as for the openvpn server config i followed https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-6
11:22 <@vpnHelper> Title: How to Setup and Configure an OpenVPN Server on CentOS 6 | DigitalOcean (at www.digitalocean.com)
11:22 < banco> user123irc: http://wiki.astrill.com/index.php/Astrill_Setup_Manual:How_to_configure_OpenVPN_with_Network_Manager_on_Linux
11:22 <@vpnHelper> Title: Astrill Setup Manual:How to configure OpenVPN with Network Manager on Linux - Astrill Wiki (at wiki.astrill.com)
11:23 < user123irc> banco:  thanks
11:24 < Stigmagr> banco
11:24 < Stigmagr> i think i found the problem
11:24 < banco> Stigmagr: I don't know, what;s in the server file based on this link, upload the server config on pastebin or something
11:24 < Stigmagr> i am connected to the vpn now
11:24 < Stigmagr> but i dont seem to have internetconnection
11:25 < banco> Stigmagr: you can't connect from the client via server to the host in internet?
11:25 < Stigmagr> no i am correctly connected to the openvpn server from the client
11:26 < Stigmagr> the client does not have internet connection
11:27 < banco> Stigmagr: did you do, what's beed descrideb in "Routing Configuration and Starting OpenVPN Server" part of your link?
11:28 < Stigmagr> yes
11:29 < banco> Stigmagr: check it one more time, seems like the iptables rule is missing
11:30 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:31 < Stigmagr> i will past my iptables
11:31 < Stigmagr> one sec
11:32 < Stigmagr> # Generated by iptables-save v1.4.7 on Fri Dec  4 17:20:33 2015
11:32 < Stigmagr> *nat
11:32 < Stigmagr> :PREROUTING ACCEPT [21:1677]
11:32 < Stigmagr> :POSTROUTING ACCEPT [2:142]
11:32 < Stigmagr> :OUTPUT ACCEPT [2:142]
11:32 < Stigmagr> -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
11:32 < Stigmagr> COMMIT
11:32 < Stigmagr> # Completed on Fri Dec  4 17:20:33 2015
11:32 < Stigmagr> # Generated by iptables-save v1.4.7 on Fri Dec  4 17:20:33 2015
11:32 < Stigmagr> *filter
11:33 < Stigmagr> :INPUT ACCEPT [0:0]
11:33 < Stigmagr> :FORWARD ACCEPT [0:0]
11:33 < Stigmagr> :OUTPUT ACCEPT [111116927:21917106597]
11:33 < Stigmagr> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
11:33 < Stigmagr> the openvpn gui is connecting now and it is yellow
11:33 < Stigmagr> but i do not have internet access
11:33 < Stigmagr> and now it is green
11:33 < Stigmagr> but still no internet access
11:34 < banco> Stigmagr: is eth0 - your isp interface?
11:34 < Stigmagr> yes
11:34 < Stigmagr> and it has many interfaces as well
11:34 < Stigmagr> this server has several ips
11:34 < banco> Stigmagr: paste the client routes
11:35 < banco> Stigmagr: use pastebin.com or something
11:35 < Stigmagr> client routes?
11:35 < banco> Stigmagr: route print
11:35 < Stigmagr> ok
11:36 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
11:37 < banco> Stigmagr: also, what's the output of the "cat /proc/sys/net/ipv4/ip_forward" command on server?
11:38 < Stigmagr> http://pastebin.com/YsjVx11V
11:38 < Stigmagr> sure one sec
11:39 < Stigmagr> it linux command returned 1
11:39 < Stigmagr> i have used google's dns is there anyway that this is the problem?
11:40 < banco> Stigmagr: no
11:40 < banco> Stigmagr: what's with this route? "          0.0.0.0          0.0.0.0    192.168.200.2  192.168.200.138      10"
11:40 < Stigmagr> the client is a vm
11:41 < Stigmagr> it is probably made from the vm?!
11:41 < Stigmagr> its from the vm's adapter that is nating to my computer's network i think
11:44 < banco> Stigmagr: try to ping 213.180.204.3 from the client
11:46 < Stigmagr> reply from 10.8.0.1 destination host unreachable
11:46 < Stigmagr> google returns the same
11:46 < banco> Stigmagr: try to ping 213.180.204.3 from the server
11:47 -!- Dr-007 [~Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Ping timeout: 260 seconds]
11:47 < Stigmagr> pings normally
11:49 < Stigmagr> is there anything else that i need to do to openvpn to grand me internet access?
11:49 < Stigmagr> :S
11:52 < banco> Stigmagr: paste the server routes
11:52 < banco> Stigmagr: or add iptables rules for all isp interfaces
11:52 < Stigmagr> route -n?
11:52 < banco> Stigmagr: ip r
11:54 < BrianBlaze420> wo weird... I haven't changed any settings, client or server side and I can connect to my vpn but I can't actually do any routing
11:54 < Stigmagr> http://pastebin.com/wv4ZGdTB
11:54 < BrianBlaze420> and all the clients say the same thing along these lines /sbin/route delete -net 128.0.0.0 10.8.0.5 128.0.0.0
11:54 < BrianBlaze420> route: must be root to alter routing table
11:57 < BrianBlaze420> since it has always worked just fine I am wondering if anyone has any idea where I should start to looj
11:57 < BrianBlaze420> look* :)
11:57 < Stigmagr> if i add iptable rules for all isp interfaces the thing i get is that i get to use all my ips on openvpn right?
11:59 < banco> Stigmagr: it'll allow to use the internet from the clients via this isp interface if the server will use this isp
12:00 < Stigmagr> banco can we private chat if you have the time?
12:00 < banco> Stigmagr: but you don't use other isp's so you don't need these rules
12:00 < Stigmagr> so that we dont bother everyone here
12:00 < banco> Stigmagr: it's better to chat here, cause I can leave at some point and other can continue
12:01 < Stigmagr> ok
12:01 < banco> Stigmagr: is 31.22.112.54 - your server eth0 ip?
12:01 < Stigmagr> my server has many ip address ~ 124
12:01 < Stigmagr> every ip address is setup on a different interface
12:01 < Stigmagr> so far i can only connect to the vpn through the main server's ip address
12:02 < BrianBlaze420> damn how can I connect to my vpn still no problem but all of a sudden I can't actually get routes?!
12:02 < Stigmagr> now i have changed the iptables to eth0:1
12:02 < Stigmagr> but now when i use the eth0:1 ip address to connect to vpn again i cant connect
12:03 < banco> BrianBlaze420: did you run openvpn as root?
12:03 < BrianBlaze420> no
12:03 < BrianBlaze420> but I never have
12:03 < banco> BrianBlaze420: you need to rut it as root
12:03 < BrianBlaze420> so in windows how do i run as root?
12:04 < banco> BrianBlaze420: dunno, why it worked for you
12:04 < BrianBlaze420> as administator?
12:04 < banco> BrianBlaze420: rught click on OpenVPN Gui - Run as Administrator
12:04 < BrianBlaze420> yeah what I don't get is I have another vpn server set up and it works just fine same way
12:05 < Stigmagr> banco: yes the server ip is 31.22.112.54
12:05 < BrianBlaze420> on mac I use tunnelblick
12:05 < banco> Stigmagr: can you ping 31.22.112.54 from the client?
12:05 < Stigmagr> yes
12:05 < Stigmagr> i can ping all my interface ips from the client
12:07 < Stigmagr> if i setup my iptables normally with eth0 and i try to connect to the server's ip the openvpn gui connects naturally
12:07 < Stigmagr> but it does not have internet connection
12:07 < banco> BrianBlaze420: don't know about mac, but you don't get permission problems with adding routes when connecting with OpenVPN GUI that was run as user? Not possible.
12:07 < Stigmagr> now i can added eth0:1 as well on iptables i have tried using my 1st interfaces ip but it does not connect
12:08 < BrianBlaze420> well my user has root access so I am thinking the program asked for permissions and i gave it
12:08 < banco> Stigmagr: if you can ping it, then it's the problem with iptables
12:08 < BrianBlaze420> so that would explain why i can connect to vpn's
12:08 < BrianBlaze420> but doesn't explain my route issue
12:08 < BrianBlaze420> which is happening windows mac and linux :'(
12:08 < banco> Stigmagr: try to add this rule iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
12:09 < Stigmagr> when restarting with this line it returns error
12:10 < Stigmagr> iptables: Applying firewall rules: iptables-restore v1.4.7: Line 7 seems to have a -t table option.
12:10 < banco> Stigmagr: what about this? iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth+ -j MASQUERADE
12:10 < Stigmagr> oh sorry my mistake
12:10 < Stigmagr> one moment
12:11 < BrianBlaze420> damn this is frustrating
12:11 < banco> BrianBlaze420: so do you have the routing issue when you run openvpn as root/admin?
12:11 < BrianBlaze420> I have no idea where to look
12:11 < BrianBlaze420> yeah
12:11 < BrianBlaze420> since the user i use in windows is administrator
12:11 < BrianBlaze420> and my user on mac has admin priveleges
12:11 < banco> BrianBlaze420: no
12:12 < banco> BrianBlaze420: not just from user with admin privileges, but to run as admin
12:12 < BrianBlaze420> and I get the same message from every machine i try
12:12 < BrianBlaze420> i hear u
12:12 < Stigmagr> banco: first rule passed
12:12 < BrianBlaze420> but u didn't understand... I literally use the administartor user in windows
12:12 < Stigmagr> but still no internet
12:13 < banco> BrianBlaze420: read about UAC
12:14 < BrianBlaze420> I know all about UAC... hense why I enable the administartor account
12:14 < BrianBlaze420> lol
12:14 -!- Jebran [6e5dcb62@gateway/web/freenode/ip.110.93.203.98] has joined #openvpn
12:14 < BrianBlaze420> and like i said same message on macs too
12:14 < banco> Stigmagr: still not working?
12:14 < BrianBlaze420> and it has always worked
12:14 < Stigmagr> banco: yes mate :(
12:14 < Stigmagr> still no internet connection
12:15 < banco> BrianBlaze420: ok, give me the log of the windows client
12:15 < Jebran> Hello, Can you please advise me if there is any update of build with OpenSSL 1.0.1q
12:15 < banco> Stigmagr: try to enable logging on the server
12:16 < banco> Stigmagr: iptables logging
12:16 < banco> Stigmagr: and see, what's with the packets
12:16 < Stigmagr> iptables -log?
12:16 < banco> iptables -t nat -I POSTROUTING 1 -j LOG --log-prefix "POSTROUTING:" --log-level 6
12:16 < banco> iptables -I FORWARD 1 -j LOG --log-prefix "FORWARD:" --log-level 6
12:17 < banco> and tail -f /var/log/messages
12:17 < banco> and try to ping 8.8.8.8 from client or somethin
12:19 < Stigmagr> i have too many answers on the tail
12:19 -!- Jebran [6e5dcb62@gateway/web/freenode/ip.110.93.203.98] has quit []
12:20 < Stigmagr> http://pastebin.com/yd9tkTnu
12:22 < BrianBlaze420> I really feel this is server side :'(
12:27 < banco> Stigmagr: ping some other host, so it wont spam with DNS packets
12:28 < banco> Stigmagr: I don't see these packets in postrouting table
12:29 < Stigmagr> banco: Dec  4 20:10:49 host kernel: FORWARD:IN=tun0 OUT=eth0 SRC=10.8.0.6 DST=8.8.8.8 LEN=54 TOS=0x00 PREC=0x00 TTL=127 ID=5918 PROTO=UDP SPT=60919 DPT=53 LEN=34 this for example should be from post routing
12:29 < Stigmagr> but even if i do nothing
12:29 < Stigmagr> when i use the tail command
12:29 < Stigmagr> it floods
12:29 < Stigmagr> even if i am not connected
12:29 < Stigmagr> and i dont know for what reason
12:29 < banco> Stigmagr: just use tail -f /var/log/messages | grep host_that_you_ping
12:31 < Stigmagr> banco: i have used service openvpn stop
12:31 < Stigmagr> with the previous command it still returns values
12:31 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
12:31 < Stigmagr> is that normal?
12:33 < banco> what values?
12:33 < banco> iptables logs?
12:33 < Stigmagr> yes
12:33 < banco> yes, that's works as expected
12:34 < Stigmagr> so it should always post Dec  4 20:23:02 host kernel: POSTROUTING:IN= OUT=eth0 SRC=31.22.112.54 DST=8.8.8.8 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=7543 DF PROTO=UDP SPT=39888 DPT=53 LEN=52
12:36 < banco> if you want to disable the iptables logs, then delete the log rules
12:36 < banco> iptables -t nat -D POSTROUTING 1
12:36 < banco> iptables -D FORWARD 1
12:36 < banco> but first check the ping
12:36 < Stigmagr> ok
12:36 < banco> ping some host from host, for example 8.8.4.4
12:37 < banco> Stigmagr: and check the logs with tail -f /var/log/messages | grep 8.8.4.4
12:37 < banco> there should be first log in postrouting and then logs for forward rule
12:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
12:40 < banco> like this:
12:40 < banco> Dec  5 00:26:05 my_host kernel: [203743.242469] POSTROUTING:IN= OUT=tun1 SRC=10.10.1.5 DST=10.11.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=11081 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=125
12:40 < banco> Dec  5 00:26:05 my_host kernel: [203743.382769] FORWARD:IN=tun1 OUT=tun0 MAC= SRC=10.11.0.1 DST=10.10.1.5 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=9108 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=125
12:40 < banco> Dec  5 00:26:06 my_host kernel: [203744.248146] FORWARD:IN=tun0 OUT=tun1 MAC= SRC=10.10.1.5 DST=10.11.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=11082 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=126
12:40 < banco> Dec  5 00:26:06 my_host kernel: [203744.531820] FORWARD:IN=tun1 OUT=tun0 MAC= SRC=10.11.0.1 DST=10.10.1.5 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=9109 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=126
12:40 < banco> you can see the pings and pongs
12:41 < banco> ping 10.11.0.1 from 10.10.1.5
12:41 < Stigmagr> i will try it when my server finish restarting
12:42 < BrianBlaze420> upon further research I am able to connect to my vpn for a short time and then I am disconnected...
12:42 < BrianBlaze420> by disconnected I mean i have no rout
12:42 < BrianBlaze420> but am still actually connect to my vpn server
12:42 < Stigmagr> banco: also is it possible to use all my ips for openvpn and let the client select what ip he wants?
12:42 < BrianBlaze420> hmmmmm I was disconnected then reconnected...
12:43 < banco> Stigmagr: yes, it's possible
12:43 < BrianBlaze420> also excuse me while I think out loud :)
12:43 < banco> BrianBlaze420: paste the log
12:43 < Stigmagr> banco: by adding the interfaces on the iptables and assigning a different ip on the ovpn as the server ip?
12:43 < BrianBlaze420> will do 1 sec banco :)
12:45 < banco> Stigmagr: hm, I think if client will manually set the desired vpn ip in his config file, then server can route the client via one of it's isp based on the client ip
12:46 < banco> Stigmagr: but it'll give you a headache if the clients will be not only you
12:47 < BrianBlaze420> hopefully this helps
12:47 < BrianBlaze420> http://pastebin.com/bgtWvQEi
12:48 < BrianBlaze420> I see this Fri Dec  4 13:36:14 2015 [BlazeServer] Inactivity timeout (--ping-restart), restarting
12:48 < BrianBlaze420> which is the beginning of the fail... any ideas?
12:49 < Stigmagr> banco: i have created a software that is able to access a database search for an unused ip address from my server and use that ip then that software can alter the ovpn file for the client instead
12:49 < Stigmagr> banco: but is it possible for the vpn server to assign the selected ip to the client and how?
12:49 < BrianBlaze420> it's consistantly connecting working... 5 minutes later disconnected... if I restart the connection it works same deal
12:51 < BrianBlaze420> I am guessing I need to check something on my server... but where
12:51 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
12:53 < banco> Stigmagr: obviously, you can assign each client it's static ip an the server using ccd
12:54 < BrianBlaze420> any ideas on what could cause connection and then lose connection and repeat?
12:55 < Stigmagr> banco: but this is not what is needed, i need each client to be able to randomly select an ip from a database (using my software) and connect to the vpn using that ip that is assigned on my server, then that client should have that ip shown as a public ip
12:55 < banco> Stigmagr: on other thought, you can write the client script, that will run on connection to the server and infrom the server via some connection that it want to use certain isp
12:56 < Stigmagr> banco: so it cant happen while manually assigning it to the ovpn file eh?
12:56 < banco> Stigmagr: if you need to assign the public ip of the client randomly, then why not to do this on server side?
12:57 < banco> Stigmagr: in the ovpn side you only can assign client ip in vpn network
12:57 < banco> Stigmagr: but basing on this ip the server can route the client via certain public ip
12:58 < banco> BrianBlaze420: show the routes
12:58 < banco> BrianBlaze420: can you ping the server from the client, whn you're connected?
12:58 < banco> BrianBlaze420: the routes of the client
12:58 < banco> BrianBlaze420: when the client is connected
12:59 < Stigmagr> banco: i see so i can assign the local ip on the ovpn file and the route it to one of my eth0 interfaces right?
12:59 < BrianBlaze420> just got disconnected again checking
12:59 < banco> Stigmagr: yes, with SNAT rulse
13:00 < Stigmagr> banco: i get it i think now the only small thing i need to do is to fix the internet problem haha
13:00 < Stigmagr> banco: by the way how can i assign the local ip on the ovpn file?
13:00 < BrianBlaze420> i don't think I can ping the server from anywhere lol
13:00 < banco> Stigmagr: ifconfig
13:01 < banco> BrianBlaze420: seems loke you have the troubes with routes or firewall
13:01 < Stigmagr> banco: no i mean on the windows client side ovpn file
13:02 < banco> Stigmagr: it's openvpn config option
13:02 < banco> Stigmagr: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
13:02 <@vpnHelper> Title: Openvpn23ManPage – OpenVPN Community (at community.openvpn.net)
13:02 < banco> Stigmagr: search for "--ifconfig l rn"
13:02 < BrianBlaze420> what is the proper way to check routes?
13:03 < banco> BrianBlaze420: route print
13:04 < BrianBlaze420> hmm so my routes are good when I am connected
13:05 < BrianBlaze420> so I need to figure out what is dropping me
13:05 < BrianBlaze420> and it has to be server side
13:05 < Stigmagr> banco: as for the tail with the grep option for 8.8.4.4 the only responce i got was when the client connected for the 1st time to the vpn and it was Dec  4 20:57:47 host openvpn[3241]: client/87.202.89.206:59838 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topolo
13:05 < Stigmagr> gy net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
13:05 < BrianBlaze420> so firewall I imagine
13:05 < Stigmagr> banco: when i ping 8.8.4.4 i get nothing from the tail
13:06 < banco> Stigmagr: you didn't delete the log rules, right?
13:06 < Stigmagr> banco: nop
13:06 < banco> BrianBlaze420: paste the routes, I'll check them
13:06 < Stigmagr> banco: maybe they got deleted automatically because i restarted the server?
13:06 < BrianBlaze420> netstat -r I think is the equivelant of route print in os x
13:07 < banco> Stigmagr: check the rules
13:07 < banco> iptables -t nat -L -n -v --line-numbers
13:07 < banco> iptables -L -n -v --line-numbers
13:09 < BrianBlaze420> banco http://i.imgur.com/UrGI6sh.png
13:09 < BrianBlaze420> first routes are without vpn
13:09 < BrianBlaze420> second are with
13:09 < banco> BrianBlaze420: netstat -nr
13:10 < Stigmagr> banco: http://pastebin.com/kVDFXHPZ that is the ping's responce
13:10 < banco> Stigmagr: was there log from postrouting chain?
13:11 < Stigmagr> banco: non other since i am using grep 8.8.4.4
13:11 < BrianBlaze420> http://imgur.com/8CQ7zzr
13:11 <@vpnHelper> Title: Imgur: The most awesome images on the Internet (at imgur.com)
13:11 < BrianBlaze420> banco
13:13 < Stigmagr> banco: should i add ptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 31.22.112.54 something like this as well?
13:15 < BrianBlaze420> damn this is so ugly
13:15 < BrianBlaze420> connect disconnect conect :'(
13:16 < BrianBlaze420> if I disconnect manually and connect manually it connects right away
13:16 < banco> Stigmagr: paste the output of iptables -t nat -L -n -v --line-numbers
13:17 < banco> BrianBlaze420: can you ping 10.8.0.1 from the client?
13:17 < banco> BrianBlaze420: if not, then check the fw
13:18 < Stigmagr> banco: one sec
13:18 < banco> Stigmagr: and no, you don't need that snat rule
13:19 < BrianBlaze420> when I am connected I can ping
13:20 < banco> BrianBlaze420: can the server ping 10.8.0.5?
13:21 < BrianBlaze420> yup
13:21 < BrianBlaze420> oh nope
13:21 < BrianBlaze420> it can ping .1
13:21 < BrianBlaze420> but not .5
13:21 < banco> .1 is itself
13:21 < Stigmagr> banco: http://pastebin.com/jRS1C0FE
13:22 < banco> BrianBlaze420: hw, paste the server routes
13:22 < banco> Stigmagr: paste the output of ip a
13:24 < Stigmagr> banco: http://pastebin.com/4nYtHeQn
13:25 -!- wkts [~wkts@45.55.231.187] has quit [Quit: Bye!]
13:25 < banco> BrianBlaze420: do you have the blocking iptables rules on the server side?
13:26 < BrianBlaze420> i am using ufw
13:26 < banco> BrianBlaze420: rules or policies
13:26 < banco> BrianBlaze420: ufw then
13:27 -!- Eagleman [~Eagleman@546BCC70.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 260 seconds]
13:29 < BrianBlaze420> I would have assumed that if there was a rule preventing it then I wouldn't be able to connect at all
13:33 < banco> Stigmagr: try this:
13:33 < banco> iptables -t nat -D POSTROUTING 1
13:33 < banco> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
13:33 < banco> and check ping once again
13:33 < banco> BrianBlaze420: what's the fw default policy
13:33 < Stigmagr> should i delete the previous rules from iptables since i saved them?
13:34 < BrianBlaze420> i think deny all
13:34 < banco> Stigmagr: delete the old masquarade rule with iptables -t nat -D POSTROUTING 1
13:34 < banco> ah, sry
13:34 < banco> not thi
13:34 < banco> this
13:34 < banco> iptables -t nat -D POSTROUTING 2
13:36 < BrianBlaze420> is it weird that I do iptables --list
13:36 < BrianBlaze420> and see all my ufw rules?
13:36 < banco> BrianBlaze420: what's in /etc/default/ufw
13:36 < Stigmagr> banco: http://pastebin.com/eRBrU1Ja this are the ip tables right now with cat
13:36 < BrianBlaze420> default_input_policy drop
13:37 < BrianBlaze420> default forward policy accept
13:37 < banco> Stigmagr: don't cat it, use iptables-save
13:37 < Stigmagr> yes i know i used can to show the iptables to you
13:37 < BrianBlaze420> anything I should be looking for in perticular?
13:37 < banco> BrianBlaze420: I want to knot, if server fw blocking outgoing connections
13:38 < banco> BrianBlaze420: particulary to the cpn subnet
13:38 < banco> vpn*
13:38 < BrianBlaze420> defualt_outpu_policy accept
13:39 < banco> BrianBlaze420: then you need to check the client fw
13:39 < banco> BrianBlaze420: server side seems fine
13:39 < BrianBlaze420> all 3 of them?
13:39 < BrianBlaze420> when they all worked... and now all do the same intermittent connection
13:40 < banco> BrianBlaze420: first make one of them work
13:40 < banco> BrianBlaze420: so only one of them
13:40 < BrianBlaze420> i don't even have a firewall enabled on my mac
13:40 < banco> BrianBlaze420: do you have linux client?
13:40 < BrianBlaze420> and on my windows machine I opened the ports
13:40 < BrianBlaze420> in windows firewall
13:41 < BrianBlaze420> I don't have a linux client at the moment
13:41 < BrianBlaze420> but I could set it up i guess
13:42 < banco> Stigmagr: the file that you cat is not represent the current iptables rules
13:44 < BrianBlaze420> I didn't have sudo ufw allow out on tun0
13:44 < BrianBlaze420> i just added it
13:44 < BrianBlaze420> and am now seeing if it fixed
13:45 < BrianBlaze420> aaaaand same deal
13:47 < banco> Stigmagr: based on that file, you have all forward packets blocked
13:49 < banco> BrianBlaze420: can you try to ping the connected windows client vpn ip from the server?
13:52 < banco> BrianBlaze420: paste the output of these commands:
13:52 < banco> iptables -t nat -L -n -v --line-numbers
13:52 < banco> iptables -L -n -v --line-numbers
13:52 < banco> on the server
13:56 -!- AlmogBaku [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:58 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
13:59 < Stigmagr> banco: it does represent them
14:02 < Stigmagr> banco: still what ever i do it is a dead end
14:02 < Stigmagr> banco: is there any way to restore iptables and start over?
14:02 < Stigmagr> banco:i tried iptables-restore but it did nothing
14:02 < banco> Stigmagr: run these commands:
14:02 < banco> iptables -F
14:02 < banco> iptables -t nat -F
14:02 < banco> iptables -t nat -I POSTROUTING 1 -j LOG --log-prefix "POSTROUTING:" --log-level 6
14:02 < banco> iptables -I FORWARD 1 -j LOG --log-prefix "FORWARD:" --log-level 6
14:02 < banco> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
14:03 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
14:03 < banco> and check the log from the client ping again
14:04 -!- volkswagner [~Adium@2604:2000:1114:4009:96f:cbe1:4314:6d6f] has quit [Quit: Leaving.]
14:04 < Stigmagr> it works now
14:04 < Stigmagr> now i have internet connection! :D
14:05 < banco> heh, good
14:05 < Stigmagr> now i do service iptables save?
14:05 < banco> the problem was your blocking rule in the forward chain
14:05 < banco> don save it
14:05 < banco> you'll lose your old rules
14:05 < Stigmagr> since the new rules are working why not save it?
14:06 < Stigmagr> how should i persist them then?
14:06 < banco> Stigmagr: wait a sec
14:07 < Stigmagr> banco: sure i'll wait you are the BIGGEST MAN ever lol
14:08 < banco> Stigmagr: run these commands:
14:09 < banco> iptables-restore /etc/sysconfig/iptables
14:09 < banco> iptables -t nat -D POSTROUTING 1
14:09 < banco> iptables -D FORWARD 1
14:09 < banco> iptables -t nat -D POSTROUTING 1
14:09 < banco> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
14:09 < banco> iptables -I FORWARD 1 -i tun0 -s 10.8.0.0/24 -j ACCEPT
14:09 < banco> iptables-save /etc/sysconfig/iptables
14:09 < banco> fix
14:09 < banco> iptables-save > /etc/sysconfig/iptables
14:10 < Stigmagr> banco: the second iptables -t nat -D POSTROUTING 1 returns iptables: index of deletion too big
14:11 < banco> Stigmagr: that's ok then, also, run this command before iptables-save:
14:11 < banco> iptables -A INPUT -i tun0 -j ACCEPT
14:12 < Stigmagr> done
14:13 < banco> Stigmagr: paste the file to check it
14:13 < Stigmagr> with cat?
14:13 < banco> yes
14:14 < Stigmagr> banco: http://pastebin.com/mWxdJD84 the file
14:15 < banco> Stigmagr: run these commands:
14:15 < banco> iptables -D INPUT 8
14:16 < banco> iptables -I INPUT 2 -i tun0 -j ACCEPT
14:16 < banco> iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
14:16 < banco> iptables-save > /etc/sysconfig/iptables
14:17 < Stigmagr> banco: done the file is now http://pastebin.com/bK0DK02u
14:18 < banco> though, in your case it's better to remove the input tun0 rule, run these:
14:18 < banco> iptables -D INPUT 2 -i tun0 -j ACCEPT
14:18 < banco> iptables-save > /etc/sysconfig/iptables
14:18 < banco> and check the internet connection
14:18 < Stigmagr> illegal option -f
14:19 < Stigmagr> -j*
14:19 < banco> ah, ny bad
14:19 < banco> iptables -D INPUT 2
14:20 < Stigmagr> request time out
14:20 < Stigmagr> banco: no internet connection
14:20 < banco> Stigmagr: ok, a sec
14:21 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
14:23 < banco> run these:
14:23 < banco> iptables -D FORWARD 1
14:23 < banco> iptables -I FORWARD -i tun0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
14:23 < banco> iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
14:23 < banco> and check the connection
14:24 < Stigmagr> banco: it has internet now
14:24 < banco> Stigmagr: good, then save the rules with: iptables-save > /etc/sysconfig/iptables
14:25 < Stigmagr> banco: done the rules now http://pastebin.com/zmWy8Ev3
14:26 < banco> Stigmagr: all good now
14:26 < Stigmagr> banco: thank you so much mate
14:26 < Stigmagr> banco: for the matter about clients using the rest of the ip, i should do the routing via iptables
14:26 < Stigmagr> banco: ?
14:27 < banco> Stigmagr: Stigmagr yes, you need to add SNAT rules for particular IPs
14:28 -!- Dr-007 [Dr-007@178-84-248-47.dynamic.upc.nl] has joined #openvpn
14:28 < Stigmagr> banco: so i will add them one by one for each ip i have and then i will simple add the local ip that corresponds to the public ip on the config file right?
14:28 < banco> Stigmagr: and with priority higher than masquarade
14:28 < Stigmagr> should i completely remove the masquarade?
14:29 < Dr-007> good evening, i've got a question. i was wondering if it is somehow possible to run a script after the 10th failed connection. (or after every failed connection).
14:29 < banco> no, just add single snat rules above masquarade
14:29 < Stigmagr> banco: can i bother you some more by asking you how should i add them? :S
14:29 < Stigmagr> sorry
14:29 < Dr-007> i've been trying up / down and up-restart to test if they get triggered on a "failed, will try again in 5 seconds" openvpn error
14:30 < Stigmagr> banco: for example if i want 10.8.0.2 to correspond to 31.22.112.91
14:30 < Stigmagr> i am completely useless with iptables :(
14:31 < banco> Stigmagr: the rules will be like this:
14:31 < banco> iptables -t nat -A POSTROUTING -s CLIENT_IP/32 -o ISP_IF -j SNAT --to-source ISP_IP
14:31 < banco> and you need to add routes
14:31 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 260 seconds]
14:32 < banco> Stigmagr: you'll need source policy routing with ip rule
14:33 < Stigmagr> banco: for example: iptables -t nat -A POSTROUTING -s 10.8.0.2 -o eth0:1 -j SNAT --to-source 31.22.112.91
14:33 < Stigmagr> ?
14:33 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
14:33 < Stigmagr> routes are not handled by openvpn?
14:33 -!- zarren_ [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has joined #openvpn
14:34 < banco> yes, something like this, where 10.8.0.2 is client ip
14:34 < Stigmagr> yes
14:34 < banco> routes are not handled by openvpn
14:34 < Stigmagr> and what would the route be for the above example?
14:35 < Stigmagr> also how do i ask iptables to add the above rule above the masquarade rule?
14:35 < banco> like this: iptables -t nat -I POSTROUTING -s 10.8.0.2 -o eth0:1 -j SNAT --to-source 31.22.112.91
14:36 < zarren_> Hey everybody. Trying to setup a openvpn tunnel into vcloud director and can only ping the boxes. I've used wireshark to watch the connection and if I try and do something like connect to ssh I can see traffic but still no connection. All packets are bad but I'm out of my depth now and was wondering if someone would be be kind enough to help me ut a bit ?
14:36 < Stigmagr> will this work with a bash file?
14:37 < banco> Stigmagr: the routes is like this:
14:37 < banco> ip rule add from 10.8.0.2 table 1000
14:37 < banco> ip route add default via ISP_GW table 1000
14:38 < Stigmagr> isp gateway?
14:38 < banco> for second client ip it'll be like this:
14:38 < banco> ip rule add from 10.8.0.3 table 1001
14:38 < banco> ip route add default via ISP_GW table 1001
14:38 < banco> etc
14:38 < Stigmagr> ye i got that
14:38 < banco> Stigmagr: yes, ISP gateway
14:38 < zarren_> http://pastebin.com/p4NU5HnB
14:38 < Stigmagr> if i dont do that it will not work?
14:39 < zarren_> thats a  packet dump of me trying to ssh from director
14:39 < banco> Stigmagr: yes, you can do it in bash script
14:39 < banco> Stigmagr: without routes it won't work
14:39 < Stigmagr> i see
14:40 < zarren_> http://pastebin.com/RaKhLQcn
14:40 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has joined #openvpn
14:40 < zarren_> Thats a dump of the ssh connection from the client
14:42 < Stigmagr> banco: and the config file should ifconfig 10.8.0.2 SERVER_IP ?
14:42 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Ping timeout: 245 seconds]
14:43 < banco> Stigmagr: yes, where server ip is 10.8.0.1
14:44 < Stigmagr> # 10.1.0.1 is our local VPN endpoint
14:44 < Stigmagr> # 10.1.0.2 is our remote VPN endpoint
14:44 < Stigmagr> ifconfig 10.1.0.1 10.1.0.2
14:44 < banco> ah, yea
14:44 < Stigmagr> local vpn endpoint should be for example the 10.8.0.1 ?
14:44 < Stigmagr> the remote should be the server's ip?
14:44 < Stigmagr> and where do i choose the client's ip? :o
14:48 < banco> Stigmagr: show your server config
14:48 < banco> Stigmagr: it depends on topology
14:49 < Stigmagr> banco: http://pastebin.com/9fUaxN1j there you go
14:49 < BrianBlaze420> so you are 100% correct as u probably knew banco
14:50 < BrianBlaze420> on window 8 I must have done something with UAC to make it so i didn't need to open cmd as admin
14:50 < BrianBlaze420> but as i updated to windows 10 recently I need to... and it works...
14:50 < BrianBlaze420> now I am just seeing if it stays connected :)
14:52 < BrianBlaze420> so yeah now I can at least connect just like os x
14:52 < BrianBlaze420> but it does not stay connected
14:53 < BrianBlaze420> exact same thing :'(
14:53 < BrianBlaze420> but at least I am not getting routing errors
14:54 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
14:55 < banco> based on config, you're using net30 topology, so your clients IPs  must be taken from successive /30 subnets, from the last octet in the IP address of each endpoint pair must be taken from this set. Read it here:
14:56 < banco> https://openvpn.net/index.php/open-source/documentation/howto.html#policy
14:56 <@vpnHelper> Title: HOWTO (at openvpn.net)
14:56 < banco> So, for the first client ip it'll this:
14:56 < banco> ifconfig 10.8.0.5 10.8.0.6
14:56 < banco> And for the server interface this:
14:56 < banco> ifconfig 10.8.0.1 10.8.0.2
14:57 < banco> BrianBlaze420: paste the logs from server and client where I can see the moment of disconnect and some time before and after
14:57 < Stigmagr> banco: i can change this topology no problem in something more suitable i dont mind
14:57 < Stigmagr> banco:what is the best topology to use?
14:57 < banco> Stigmagr: then uncomment this opetion: topology subnet
14:58 < BrianBlaze420> It says the same message it it did in my mac screenshot
14:58 < banco> Stigmagr: and in ifconfig option you need to just enter the ip of the client and subnet
14:58 < BrianBlaze420> the first thing it says after disconnect
14:58 < BrianBlaze420> Inactivity timeout
14:59 < banco> BrianBlaze420: I need to see all the logs to know, if there was any other problems
14:59 < BrianBlaze420> np
14:59 < Stigmagr> banco: so the ovpn file should just contain a line ifconfig 10.8.0.2 255.255.255.0 for example?
15:00 < banco> BrianBlaze420: inactiviry timeout means that the server tried multiple times to ping the client but couldn't receive reply
15:00 < zarren_> All my packets seem to be 0 length ? could this be some sort of vpn block from the cloud provider ?
15:00 < BrianBlaze420> so weird that it connects then I am getting the log :)
15:00 < banco> Stigmagr: no, you need to add this line in the existing config
15:01 < Stigmagr> banco: yes that is what i mean so the config should be as follows
15:01 < Exagone313> Hi, is there an issue with the openvpn "service" on ubuntu/debian that do not load a server config, maybe because is does not use user/group? Thanks.
15:02 < Stigmagr> client
15:02 < Stigmagr> dev tun
15:02 < Stigmagr> proto udp
15:02 < Stigmagr> remote 31.22.112.54 1194
15:02 < Stigmagr> resolv-retry infinite
15:02 < Stigmagr> nobind
15:02 < Stigmagr> persist-key
15:02 < Stigmagr> persist-tun
15:02 < Stigmagr> comp-lzo
15:02 < Stigmagr> verb 3
15:02 < Stigmagr> ifconfig 10.8.0.2 255.255.255.0
15:02 < Stigmagr> ca ca.crt
15:02 < Stigmagr> cert client.crt
15:02 < Stigmagr> key client.key
15:02 < Exagone313> omg
15:02 < Exagone313> http://pastie.org
15:02 < BrianBlaze420> pastebin.com/Junrz4ya
15:02 < banco> Stigmagr: yeah, like this
15:02 < Stigmagr> sorry i reached the limit :S
15:02 < BrianBlaze420> u will notice it's 4 minute intervals
15:02 < Stigmagr> banco: thanks man i will test it right now
15:02 < Exagone313> Stigmagr: use a paste bin
15:04 < banco> BrianBlaze420: give me the server log as well from 15:42:19 to 15:54:30
15:05 < banco> Exagone313: maybe you're using wrong config files location? Or wrong file extension instead of *.conf?
15:06 < Exagone313> I asked the guy to do a ls, he has a file /etc/openvpn/server.conf
15:06 < Exagone313> with 644 perm
15:06 < BrianBlaze420> http://pastebin.com/LhHVhu94
15:06 < BrianBlaze420> banco :)
15:06 < Exagone313> so I don't get why he cannot use it
15:07 < Exagone313> when the service start, unlike me, it does not prints that its config file is loaded
15:08 < banco> Exagone313: maybe there is a problem in the config and the openvpn try to start with this config but fails and stops? try to start openvon from console with this config file first
15:09 < Exagone313> it works with a console
15:10 < BrianBlaze420> oh emmmm geeee
15:10 < BrianBlaze420> Dec  4 15:56:30 BlazeServer ovpn-server[1009]: MULTI: new connection by client 'blaze' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
15:10 < BrianBlaze420> I am thinking I have a mac in my bedroom and I forgot to turn the vpn off
15:10 < BrianBlaze420> testing lol
15:11 < banco> Exagone313: paste the init script (/etc/init.d/openvpn or something, that will be in the output of the "service openvpn" command)
15:12 < Exagone313> he just gave up, he will use openvpn server.Conf &
15:12 < Exagone313> conf*
15:12 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
15:13 < BrianBlaze420> bah I am so dumb
15:13 < BrianBlaze420> but thank you banco for sticking with me
15:13 < BrianBlaze420> much appreciated
15:14 < BrianBlaze420> I think that was my issue was using my vpn in my room and never turned it off and it's been a few days
15:14 < banco> BrianBlaze420: well, good that you made it work
15:15 < BrianBlaze420> it makes sense it was going back and forth between connections I would imagine
15:15 < BrianBlaze420> right?
15:17 -!- Uranio [~Uranio@37.48.86.168] has joined #openvpn
15:17 < banco> zarren_: I don't know what's with vcloud director and boxes, but if you can ping, but cant ssh, then it's most likely the fw problem or maybe mtu
15:17 < banco> BrianBlaze420: yes, that's expected behavior
15:17 -!- volkswagner [~Adium@cpe-104-162-40-201.hvc.res.rr.com] has joined #openvpn
15:18 < BrianBlaze420> yeah I am readin about it
15:18 < zarren_> tried measuring mtu and set it but still nothing.
15:18 < banco> zarren_: what about fw?
15:18 < zarren_> every packet is dropped with zero length I;ve gone through the range from 1200 up to 1500
15:19 < zarren_> disabled @ both ends for testing
15:19 < zarren_> but I'm only allowing udp:1194 for testing
15:20 < zarren_> sorry through the director firewall
15:20 < zarren_> strange thing is both ends I can see packets streaming through but they all zero length
15:21 < banco> zarren_: can you draw the network interconnections to understand what's where
15:21 < zarren_> thats what makes me think they up to something within their hardware
15:21 < zarren_> Ok
15:23 < zarren_> 213.12.12.12 - public gw only udp:1194
15:23 < zarren_> 10.10.9.0 - vcloud nat firewall disabled
15:23 < zarren_> 192.168.2.0 - vm ovpn server local ip firewall disabled
15:24 < zarren_> if that makes sense ? Routes must be good because I can ping everything fine
15:24 < zarren_> but everything else fails
15:24 < zarren_> port scan shows nothing up
15:24 < zarren_> ssh fails but I see traffic on both ends
15:25 < zarren_> so mush be talking on the right port
15:25 < zarren_> *must
15:26 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
15:27 < banco> zarren_: I just want to understand first from where to where you're trying to connect
15:27 < banco> zarren_: can you draw a network diagram in mspaint or somethins?
15:27 < zarren_> I'll draw a diagram
15:28 -!- Uranio [~Uranio@37.48.86.168] has quit [Read error: Connection reset by peer]
15:29 -!- volkswagner [~Adium@cpe-104-162-40-201.hvc.res.rr.com] has quit [Quit: Leaving.]
15:31 -!- _Cyclone_ [~Cyclone@66.110.236.162] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:33 < Stigmagr> banco:the route applies for when using topology subnet as well?
15:33 < banco> Stigmagr: yes
15:34 < Stigmagr> banco: and the iptables -t nat -I POSTROUTING -s 10.8.0.2 -o eth0:1 -j SNAT --to-source 31.22.112.92 should have put this rule above the masquarade?
15:34 < zarren_> http://s12.postimg.org/45cx7r0ql/Untitled_Diagram_1.png
15:35 < banco> Stigmagr: yes, there is -I (insert) flag, that will insert this tule in the beginning
15:35 < zarren_> Is that any better
15:35 < banco> zarren_: ok, that's good
15:36 < zarren_> My next move was to hide it via stunnel to see if that worked. If I'm on the office network it works as expected
15:36 < banco> zarren_: now, can you ping 10.9.8.1 from client and 10.9.8.6 from server?
15:36 < zarren_> But comming in from the top and I get this
15:36 < zarren_> yes
15:36 < zarren_> and 192.168.2.0/24
15:36 < banco> zarren_: can you try to make connection between server and client with tcpdump and netcat instead of ssh for test purpose?
15:37 < zarren_> sure
15:38 < zarren_> What just dump a port scan or something ? sorry don't use netcat much
15:38 < anabain> Well, can anybody answer my former question? May I repeat it?: On a *working* vpn setup consisting of an android device (10.1.1.2) running OpenVPN for Android app connected to a remote LAN via OpenVPN, why can't I ping the gateway (10.1.1.1) from the android device, but can I ping the LAN's gateway (192.168.1.1) and the other members of the LAN (192.168.1.x)? (OpenVPN server is embedded in a dd-wrt router).
15:39 < banco> zarren_: yes
15:39 < banco> zarren_: http://www.kossboss.com/linux-and-windows---check-if-port-gets-traffic-udp-or-tcp-by-sending-any-traffic
15:41 < banco> anabain: maybe dd-wrt block icpm
15:41 < banco> icmp*
15:41 < anabain> and how can I check it?
15:41 < banco> check the iptables rules
15:42 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Ping timeout: 245 seconds]
15:43 < Stigmagr> banco: when i add the ip rules and ip route do i need to do something to save them ?
15:43 < zarren_> http://pastebin.com/qyGqLe1K
15:43 < anabain> banco, they are the same as these: http://advancedhomeserver.com/dd-wrt-and-openvpn-part-2/ Please look at the "Altering the DD-WRT Firewall" part
15:43 < zarren_> dump from using nc and telnet
15:43 <@vpnHelper> Title: OpenVPN And DD-WRT Part 2 | Advanced Home Server (at advancedhomeserver.com)
15:44 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
15:44 < banco> Stigmagr: you'll need to add them with script on system startup
15:45 < zarren_> mss 43210
15:45 < zarren_> but I've tried all sizes with the same results
15:45 < Stigmagr> banco: i have done this configuration you told me but i do not receive the 10.8.0.2 ip and so i am not receiving the external ip i need as well
15:46 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
15:50 < Stigmagr> banco: the client is receiving the ip 10.8.0.4 instead of 10.8.0.2 :S
15:52 -!- Dr-007 [Dr-007@178-84-248-47.dynamic.upc.nl] has quit [Ping timeout: 246 seconds]
15:53 < zarren_> Every single packet's checksum fails what leads me to believe the vCloud black magic killing my connection
15:56 < banco> zarren_: run this on server 'tcpdump "port 5145"' and this on client 'nc -vu 10.9.8.1 5145' then type anythyng in netcat and see if you'll get anything in tcpdump output
15:56 -!- toli [~toli@ip-62-235-241-54.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
15:57 -!- toli [~toli@ip-62-235-241-54.dsl.scarlet.be] has joined #openvpn
15:58 < banco> anabain: that's not all the rules, connect to the dd-wrt console and paste the output of commands:
15:58 < banco> iptables -t nat -L -n -v --line-numbers
15:58 < banco> iptables -L -n -v --line-numbers
15:58 < anabain> both?
15:58 < zarren_> Yes it connects and I can see packets on the server end
15:58 < zarren_> bad udp checksum
15:59 < zarren_> I'll upload the dump
15:59 < banco> Stigmagr: change in server config "server 10.8.0.0 255.255.255.0" to "server 10.8.0.0 255.255.255.0 nopoold"
16:00 < banco> Stigmagr: change in server config "server 10.8.0.0 255.255.255.0" to "server 10.8.0.0 255.255.255.0 nopool"
16:00 < zarren_> http://pastebin.com/UF01PSAg
16:00 < zarren_> So looks like UDP is ok
16:01 < banco> zarren_: what's with wireshark packet length?
16:01 < Stigmagr> banco: changed it and now openvpn fails to start on restart
16:01 < banco> Stigmagr: server?
16:02 < Stigmagr> banco: yes
16:02 < zarren_> Can;t use wireshart I have no gui on the server
16:02 < Stigmagr> banco: i changed the configuration did service openvpn restart and it fails to start
16:02 < banco> Stigmagr: did you change it to this? "server 10.8.0.0 255.255.255.0 nopool"
16:02 < zarren_> wireshark sorry
16:02 < anabain> banco, the first iptables command yields this: http://pastebin.com/1KJ5TnUr
16:02 < Stigmagr> banco: yes without ""
16:02 < anabain> the second outputs nothing
16:03 < banco> anabain: what if iptables -L ?
16:04 < banco> Stigmagr: paste the log
16:05 < anabain> banco, http://pastebin.com/r2L1BDAT
16:06 < Stigmagr> banco: http://pastie.org/10609515
16:06 < zarren_> I can use tshark riht ?
16:07 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:07 < anabain> banco, is the problem at line 12?:   DROP       icmp --  anywhere             anywhere
16:08 < zarren_> packet lenth with tshark is 4 too
16:13 < banco> zarren_: now try the tcp connection: on server side nc -lvp 4444, on client side nc 10.9.8.1 4444
16:15 < zarren_> dead but packets comming through I'll upload the dump
16:15 < banco> anabain: yes, it should be because of it, you can try to connect to one of the opened dd-wrt port on ip 10.1.1.1
16:16 < banco> zarren_: did you type and press the enter in nc?
16:16 < zarren_> yup
16:19 < anabain> banco, how can I do that (sorry I'm a newbie)?
16:19 < zarren_> http://pastebin.com/NaupuYPk
16:20 < banco> Stigmagr: paste the log with the errors
16:20 < Stigmagr> banco: there is no error log its just the thing i paste, the configuration as well as the error i am getting that is at the bottom
16:21 < banco> Stigmagr: uncomment log option ;log         openvpn.log
16:21 < banco> Stigmagr: and restart the openvpn
16:21 -!- user123irc [~user@78-62-111-164.static.zebra.lt] has quit [Quit: Konversation terminated!]
16:21 < banco> then paste the file openvpn.log
16:22 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
16:22 < Stigmagr> Options error: --ifconfig-pool-persist must be used with --ifconfig-pool
16:22 < Stigmagr> Use --help for more information.
16:23 < banco> anabain: try to run the command: telnet 10.1.1.1 443
16:23 < banco> Stigmagr: comment --ifconfig-pool option
16:23 < banco> Stigmagr: in the config
16:24 < Stigmagr> banco: ok it started normally lemme try it
16:25 < Stigmagr> banco: it works now but no internet :S ping returns request timeout
16:25 < banco> zarren_: can you check the iptables logs on server when you try to connect and send data to 4444 port?
16:26 < banco> Stigmagr: can you ping the server?
16:26 < Stigmagr> banco:when i am connected to the vpn?
16:26 -!- zarren [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has joined #openvpn
16:26 < banco> Stigmagr: yes
16:26 < zarren> Sorry got disconnecte
16:26 < banco> zarren_: can you check the iptables logs on server when you try to connect and send data to 4444 port?
16:26 < Stigmagr> banco: yes
16:27 < banco> Stigmagr: paste the client routes
16:28 -!- zarren_ [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has quit [Ping timeout: 252 seconds]
16:29 < anabain> banco, it doesn't do anything from the android device. telnet-ing from the lan (host 192.168.1.33) to 10.1.1.1 *does* work
16:29 < Stigmagr> banco: http://pastie.org/10609554
16:30 < banco> anabain: is there any output for this command on dd-wrt? iptables -L -n -v
16:30 < banco> Stigmagr: paste the output of these commands on server:
16:31 < banco> iptables -t nat -L -n -v --line-numbers
16:31 < banco> iptables -L -n -v --line-numbers
16:31 < banco> ip r
16:31 < banco> ip rule
16:31 < banco> ip r show table 1000
16:32 < anabain> banco, http://pastebin.com/Xm7U2c0r
16:33 < Stigmagr> banco: http://pastie.org/10609562
16:34 < zarren> banco: Could it be vmware tcp checksum offloading ?
16:35 < anabain> banco, it seems any remote icmp requests comingt through WAN are being DROPped, am I right? 22  1825 DROP       icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0
16:38 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Remote host closed the connection]
16:40 < anabain> but this is weird, as I can ping LAN hosts 192.168.1.x (even more weird, now I cannot ping gateway 192.168.1.1, although I was able to 15 minutes ago...
16:40 < banco> Stigmagr: run this commands on server and try again:
16:40 < banco> ip r add 10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.1 table 1000
16:40 < banco> ip r add 31.22.112.0/24 dev eth0  proto kernel  scope link  src 31.22.112.54 table 1000
16:42 < banco> anabain: the icmp request coming to the 192.168.1.1 are being dropped, but forwarded icmp packets are not
16:43 < anabain> and the same for 10.1.1.1, right?
16:43 < banco> anabain: and only icmp packets coming to the 192.168.1.1 from interface ppp0 are dropped
16:43 < Stigmagr> banco: same request timeout on ping and no internet
16:43 < banco> anabain: yes, the same is for 10.1.1.1
16:44 < banco> Stigmagr: can you ping the 31.22.112.54 from client?
16:44 < Stigmagr> banco: yes i can
16:44 < Stigmagr> banco
16:45 < banco> zarren: don't know, didn't work with vmware
16:45 < banco> Stigmagr: what about 31.22.112.1?
16:45 < Stigmagr> banco: nop
16:45 < zarren> I reckon it's some sort of packet shaping or weird setup they have. Oh well was trying to save a buck.
16:45 < zarren> :D
16:45 < banco> Stigmagr: can you ping 31.22.112.1 from server?
16:46 < Stigmagr> banco: yes
16:46 < anabain> banco, then, when connecting remotely to the home router through vpn its firewall detects the ppp0 interface and then drops icmp packets?
16:48 < banco> anabain: no, you just don't have the rule to accept the input connections from vpn tun interface
16:50 < Stigmagr> banco: how do i reset the ip routes etc in order to try a different subnet ?
16:50 < anabain> banco, then forwarding through the gw is allowed but connecting to it isn't (please excuse me if I'm asking silly questions)?
16:52 < banco> anabain: yes
16:52 < anabain> ok, thank you very much
16:52 < banco> anabain: what's the openvpn interface? tun0? tun2?
16:53 < anabain> I think it's tun0, at least that's what my openvpn server config says:
16:53 < anabain> dev tun0   proto tcp   keepalive 10 120
16:53 < banco> anabain: run this command on dd-wrt
16:53 < banco> iptables -I INPUT 11 -i tun0 -m conntrack --ctstate NEW -j ACCEPT
16:53 < banco> and try to ping
16:53 < anabain> ok
16:55 < banco> Stigmagr: ip rule del table 1000
16:55 < banco> Stigmagr: ip route flush table 1000
16:55 < anabain> banco, ping is now working for both gw's
16:55 < anabain> :)
16:55 < banco> anabain: you can annd this rule to the others
16:55 < Stigmagr> banco: RTNETLINK answers: Operation not permitted
16:56 < banco> Stigmagr: on which command?
16:56 < Stigmagr> banco: 1st
16:56 < banco> Stigmagr: what's the output of ip rule?
16:56 < anabain> ok, banco. To leave it without effect again do I need to execute the same rule but with -j DROP  option?
16:57 < Stigmagr> 0: from all lookup local
16:57 < Stigmagr> 32765: from 10.8.0.2 lookup 1000
16:57 < Stigmagr> 32766: from all lookup main
16:57 < Stigmagr> 32767: from all lookup default
16:57 < banco> anabain: you need to delete it: iptables -D INPUT 11
16:57 < anabain> ok, thanks
16:58 < banco> Stigmagr: are you running this command as rot?
16:58 < banco> root*
16:58 < Stigmagr> yes i am running everything as root
16:58 < banco> it should work
16:59 < Stigmagr> banco: [root@host ~]# ip rule del table 1000
16:59 < Stigmagr> RTNETLINK answers: Operation not permitted
16:59 < banco> hm
16:59 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:59 < banco> try this:
16:59 < banco> ip rule add table 1001
16:59 < banco> ip rule
16:59 < banco> ip rule del table 1001
16:59 < banco> are you able to delete the table?
17:00 < Stigmagr> banco: [root@host ~]# ip rule add table 1001
17:00 < Stigmagr> [root@host ~]# ip rule
17:00 < Stigmagr> 0: from all lookup local
17:00 < Stigmagr> 32764: from all lookup 1001
17:00 < Stigmagr> 32765: from 10.8.0.2 lookup 1000
17:00 < Stigmagr> 32766: from all lookup main
17:00 < Stigmagr> 32767: from all lookup default
17:00 < Stigmagr> [root@host ~]# ip rule del table 1001
17:00 < Stigmagr> RTNETLINK answers: Operation not permitted
17:01 < banco> don't know why
17:01 < banco> it works for me
17:01 < Stigmagr> banco:on restart this should no longer exist right?
17:01 < banco> yes
17:01 < Stigmagr> banco: i will restart
17:02 < banco> ok
17:02 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:05 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:05 < Stigmagr> banco:it takes ages for all the interfaces to start lol after a restart
17:06 < Stigmagr> banco: it was so much easier with squid to do all this but squid doesnt cut it anymore ppl from office need flash to be able to be tunneled as well and flash does not work with proxy
17:06 < banco> zarren: so, did you check the iptables logs on server when you try to connect and send data to 4444 port? Can you see the packets coming from client?
17:07 < zarren> yes I can see packets both ways
17:07 < zarren> tcp always has zero length
17:07 < banco> just the length is zero?
17:07 < zarren> yes
17:08 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
17:10 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
17:11 < banco> zarren: can you see any errors in the openvpn logs? Try to check the logs with verb 9
17:11 < zarren> no errors
17:11 < zarren> every connectiong fine
17:12 < zarren> First thing I checked bud
17:12 < zarren> The same configuration works if I'm @ the 10.10.5.0 level
17:12 < zarren> It's all going wrong fter the NAT
17:13 < zarren> 192.168.2.4 -> 10.10.5.10 -> 213.blah
17:13 < zarren> 192.168.2.4 --- here vCloud handles the NAT ---> 10.10.5.10 -> 213.blah
17:14 < zarren> no sorry :D
17:14 < zarren> 192.168.2.4 --- here vCloud handles the NAT ---> 10.10.5.10 ----- and NATS here ----> 213.blah
17:14 < zarren> Too many cooks spoil the broth :D
17:15 < zarren> Plus they sell VPN solutions called "edge gateways". I would say they blocking vpn traffic unless it comes from the edge
17:15 < zarren> then it nats correctly
17:15 < Stigmagr> banco: on this configuration http://pastie.org/10609635 if i want to delete -A POSTROUTING -s 10.8.0.2/32 -o eth0:1 -j SNAT --to-source 31.22.112.92 i write iptables -D POSTROUTING 1?
17:16 -!- zarren [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has quit [Quit: Page closed]
17:16 < banco> Stigmagr: yes
17:16 < banco> Zimsky: nah, they can't block just tcp, because it's all tunneled
17:16 < Stigmagr> banco: [root@host ~]# iptables -D POSTROUTING 1
17:16 < Stigmagr> iptables: No chain/target/match by that name.
17:17 < banco> Stigmagr: ah, sry iptables -t nat -D POSTROUTING 1
17:18 -!- zarren [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has joined #openvpn
17:18 < banco> zarren: nah, they can't block just tcp, because it's all tunneled
17:19 < banco> zarren: what's your tun interfaces myu?
17:19 < banco> mtu*
17:19 < zarren> set it at all sorts
17:19 < zarren> 1372 atm though
17:21 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
17:21 < Stigmagr> banco: [root@host ~]# ip route add default via 31.22.115.128 table 1000
17:21 < Stigmagr> RTNETLINK answers: Invalid argument
17:21 < Stigmagr> ??
17:22 < zarren> Do you think mtu-test will help ?
17:26 < banco> zarren: set the mtu to 1500 for both client and server tun interfaces
17:27 < banco> zarren: and then try to ping one another with ping -M do -s 1472 IP
17:27 < banco> zarren: and decrease the packet size until it will ping normally
17:29 < banco> Stigmagr: what's the output of tis command: ip r show table 1000
17:29 < zarren> pings normally @ 1472
17:29 < Stigmagr> banco: nothing
17:30 < banco> Stigmagr: can you ping 31.22.115.128?
17:30 < Stigmagr> banco: from server?
17:30 < zarren> http://pastebin.com/NQ2qEC3i
17:30 < banco> Stigmagr: yes
17:30 < zarren> such a shame as I've got three servers in a failoversetup and it works sweet in the office
17:30 < Stigmagr> banco: it says do you want to ping broadcast then -b
17:32 < banco> Stigmagr: ah, 31.22.119.128 is not the machine ip, it's subnet
17:32 < banco> Stigmagr: you can't specify subnet in the gw IP
17:32 < Stigmagr> not 119
17:32 < Stigmagr> 115
17:33 -!- zarren_ [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has joined #openvpn
17:33 < banco> Stigmagr: yeah, the same, 31.22.115.128/26
17:33 < Stigmagr> Subnet: 31.22.115.128/26
17:33 < Stigmagr>  
17:33 < Stigmagr> Gateway: 31.22.115.128
17:33 < Stigmagr> Broadcast: 31.22.115.191
17:33 < Stigmagr> Subnet: 255.255.255.192
17:33 < Stigmagr> Usable IPs: 31.22.115.129 – 31.22.115.190 (62 IPs)
17:33 < Stigmagr> that is what they gave me
17:33 < zarren_> Sorry got disconnected again. Just a thought but my home internet is pretty shoddy atm you don't think it could be my pipe out ?
17:33 < zarren_> Sorry got disconnected again. Just a thought but my home internet is pretty shoddy atm you don't think it could be my pipe out ?
17:33 < Stigmagr> banco: i was using this ips from squid as public ips
17:33 < zarren_> It's just strange that every packet is zero length
17:33 < Stigmagr> banco: i want to use them from openvpn as well
17:33 < banco> zarren: no, it shouldn't be the problem
17:34 < Stigmagr> banco: can i set this up somehow?
17:35 -!- zarren [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has quit [Ping timeout: 252 seconds]
17:36 < banco> Stigmagr: well I don't know, why the gave you 31.22.115.128 as gw or maybe just doesn't understand, but run ip a and see what's the gateway for the eth0
17:38 < Stigmagr> banco: it doesnt mention the gateway on ip a
17:38 -!- AlmogBaku [~AlmogBaku@109.64.158.142] has joined #openvpn
17:38 < banco> Stigmagr: paste the output
17:38 < Stigmagr> but it is probably 31.22.112.1 since eth0 has 31.22.112.54/24 with broadcast 255
17:39 < banco> Stigmagr: though, toy have the default gateway 31.22.112.1
17:39 < Stigmagr> banco: http://pastie.org/10609669
17:39 -!- AlmogBak_ [~AlmogBaku@ec2-52-28-186-83.eu-central-1.compute.amazonaws.com] has quit [Ping timeout: 260 seconds]
17:41 < banco> Stigmagr: how did you get these virtual interfaces? They have static settings?
17:41 < Stigmagr> i added them as they instructed me to do by creating files
17:41 < Stigmagr> lemme show you for example one of them
17:42 < Stigmagr> banco: http://pastie.org/10609678
17:44 < banco> Stigmagr: ok, so all these interfaces are from your ISPs. Are they have the same ISP gw?
17:44 < Stigmagr> since there is no GW specified on the file i assume that all of the use 31.22.112.1 probably
17:44 < Stigmagr> but when they gave them to me they didnt give this GW
17:46 < zarren_> Cheers for your help banco. I'll put something up on the forums and see if anyone else has had this before. It's a strange one :/
17:48 < Stigmagr> banco: http://pastie.org/10609684 this is the file for eth0
17:48 < banco> Stigmagr: try to check then, run these commands:
17:48 < banco> ip r del 31.22.112.0/24 dev eth0  proto kernel  scope link  src 31.22.112.54
17:48 < banco> ip r del default via 31.22.112.1 dev eth0
17:48 < banco> ip r del 31.22.112.0/24 dev eth0:1  proto kernel  scope link  src 31.22.112.92
17:48 < banco> ip r del default via 31.22.112.1 dev eth0:1
17:48 < banco> will the internet on the server still work?
17:49 < Stigmagr> banco: i pasted the second command and it froze i think it lost internet connection
17:50 < Stigmagr> banco: yes now the server is disconnected from the internet
17:50 < Stigmagr> banco: i cant ping it anymore
17:51 < Stigmagr> banco: how do i undo the 1st and 2nd command?
17:51 < Stigmagr> ip r add 31.22.112.0/24 dev eth0  proto kernel  scope link  src 31.22.112.54
17:51 < Stigmagr> ip r add default via 31.22.112.1 dev eth0
17:51 < Stigmagr> ?
17:52 < banco> Stigmagr: if the server is remote - only via reboot
17:52 < Stigmagr> banco: it is remote but i have access via vm console
17:52 < banco> Stigmagr: reboot it then
17:52 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
17:52 < Stigmagr> banco: shouldnt i just add the commands again?
17:52 < banco> Stigmagr: ah, you have the console
17:52 < banco> Stigmagr: yes
17:53 < Stigmagr> ip r add 31.22.112.0/24 dev eth0  proto kernel  scope link  src 31.22.112.54
17:53 < banco> just run them from console again
17:53 < Stigmagr> ip r add default via 31.22.112.1 dev eth0
17:53 < Stigmagr> ?
17:53 -!- zarren_ [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has quit [Quit: Page closed]
17:53 < Stigmagr> like that?
17:53 < banco> did you delete those 2 routes?
17:53 < Stigmagr> yes
17:53 < banco> then add these 2
17:54 < banco> ah no
17:54 < banco> wait
17:54 < banco> ip r add 31.22.112.0/24 dev eth0:1  proto kernel  scope link  src 31.22.112.92
17:54 < banco> ip r add default via 31.22.112.1 dev eth0:1
17:54 < banco> these
17:55 < Stigmagr> banco: these for testing?
17:55 < banco> Stigmagr: yes
17:55 < banco> Stigmagr: to test that you can use the internet from 31.22.112.92 addres via 31.22.112.1 gw
17:57 < Stigmagr> i can ping the server now
17:57 < Stigmagr> to every ip it has
17:59 < Stigmagr> banco: also i pinged google.com from the server with the above configuration but i had to reboot the server because i couldnt stop the ping from the console lol
17:59 < banco> Stigmagr: ok, then it works fine, I think for the others interfaces the gw will be 31.22.115.1 and 31.22.119.1
17:59 < Stigmagr> banco: because ctrl + c was not working, waiting for the server to come back up again
17:59 < Stigmagr> banco: should we test?
18:00 < banco> Stigmagr: you can test it later, it's not critical right now
18:01 < Stigmagr> banco: ok then what should i do after the server reboot is finished?
18:01 < Stigmagr> banco: you are pretty much certain that i can use this interfaces via openvpn as well right?
18:01 < banco> Stigmagr: yes
18:02 < Stigmagr> banco: then this should be the configuration?
18:02 < Stigmagr> iptables -t nat -I POSTROUTING -s 10.8.0.2 -o eth0:8 -j SNAT --to-source 31.22.115.129
18:02 < Stigmagr>  
18:02 < Stigmagr> ip rule add from 10.8.0.2 table 1000
18:02 < Stigmagr> ip route add default via 31.22.115.1 table 1000
18:03 < banco> no
18:03 < banco> wait a sec
18:03 < Stigmagr> ok sorry
18:03 < banco> First, you don't need to add the SNAT rules, just leave one masquarade rule.
18:03 < banco> don't add anu tables
18:03 < Stigmagr> ok i will remove the snat
18:04 < banco> check, that you can connect to the internet from the client
18:04 < Stigmagr> i will recheck right after the reboot but from 31.22.112.54 the client could connect to the internet normally
18:05 < banco> Stigmagr: it's just to be sure
18:05 < Stigmagr> banco: yes offcourse :) just waiting for all the interfaces to come up, also should i restore the original ip r configuration after the reboot or should it be restored automatically because of the reboot?
18:07 < banco> it should be restored to the default
18:07 < banco> automatically
18:07 < Stigmagr> banco: to check it just ip r right?
18:07 < banco> yes
18:08 < Stigmagr> banco: ok it is restored removing the iptables snat
18:08 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
18:09 < banco> can you access internet from the client?
18:10 < Stigmagr> banco: no but the client has the ifconfig
18:10 < Stigmagr> banco: should i restore it as well?
18:11 < banco> Stigmagr: can the client ping the 31.22.112.54 ip?
18:11 < Stigmagr> banco: yes
18:11 < Stigmagr> banco: it should connect to the internet as well i dont know why it doesnt
18:11 < banco> paste the output of:
18:11 < banco> iptables -t nat -L -n -v --line-numbers
18:11 < banco> iptables -L -n -v --line-numbers
18:12 < Stigmagr> banco: http://pastie.org/10609735
18:16 -!- nutron [~nutron@unaffiliated/nutron] has quit [Ping timeout: 260 seconds]
18:18 -!- nutron [~nutron@unaffiliated/nutron] has joined #openvpn
18:20 < banco> Stigmagr: hm, should be working
18:21 < banco> Stigmagr: try to add logging in iptables to see what happens
18:21 < banco> iptables -I FORWARD 1 -j LOG --log-prefix "FORWARD:" --log-level 6
18:21 < banco> iptables -t nat -I POSTROUTING 1 -j LOG --log-prefix "POSTROUTING:" --log-level 6
18:21 < banco> tail -f /var/log/messages | grep 8.8.4.4
18:22 < banco> and try to ping 8.8.4.4 from the client
18:22 < Stigmagr> bacon: nothing
18:22 < Stigmagr> sorry for the "bacon"
18:23 < banco> add this:
18:23 < banco> iptables -t nat -I INPUT 1 -j LOG --log-prefix "NAT_INPUT:" --log-level 6
18:23 < banco> and try to ping 31.22.112.54
18:23 < banco> tail -f /var/log/messages | grep 31.22.112.54
18:24 < Stigmagr> iptables: No chain/target/match by that name.
18:24 < banco> ah, wrong one
18:24 < banco> iptables -I INPUT 1 -j LOG --log-prefix "INPUT:" --log-level 6
18:24 < banco> tail -f /var/log/messages | grep 31.22.112.54 | grep icmp
18:24 < Stigmagr> banco: it flooded
18:25 < banco> add grep icmp
18:25 < Stigmagr> client ping normally but nothing shown on server
18:27 < Stigmagr> should i remove the ifconfig 10.8.0.2 255.255.255.0 from ovpn file and restore the server configuration to what it was before this ?
18:27 < banco> Stigmagr: what if like this? tail -f /var/log/messages | grep icmp
18:27 < banco> no
18:27 < banco> don't remove
18:28 < Stigmagr> banco: again client pinged normally but nothing on server
18:28 < Stigmagr> banco: i tried ping 10.8.0.1 on client and i got request timeout
18:29 < banco> hm
18:29 < Stigmagr> banco: and that is very weird since 10.8.0.1 is set as a gateway on client
18:29 < banco> paste the client routes
18:30 < Stigmagr> http://pastie.org/10609765
18:35 < banco> maybe something conflicts with the ifconfig option in client config
18:35 < Stigmagr> so should i remove it?
18:35 < banco> trying to search for the reason
18:35 < banco> no
18:35 < banco> if it's not possible to use this option on the client, then you won't be able to do what you want
18:36 < Stigmagr> you think it is a client side configuration conflict or server side problem?
18:38 < banco> don't know which one yet
18:38 < Stigmagr> banco: to remind you we have changed to topology subnet and we added nopool as well as commented something on the server configuration
18:38 < banco> Stigmagr: for now try to restore the options - remove nopool from server config and remove ifconfig from client config and see if it works
18:38 < banco> just to be sure
18:38 < Stigmagr> ok
18:41 < Stigmagr> banco: ok i left the topology subnet uncommented, but removed the nopool as well as uncommented ifconfig-pool-persist and also remove the ifconfig from client and it has internet now
18:41 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
18:47 < banco> ah
18:48 < banco> Stigmagr: no, not this
18:48 < Stigmagr> banco: ?
18:48 < banco> I thought that client had wrong topology
18:48 < banco> but no
18:49 < banco> it's pushed from server option
18:49 < Stigmagr> banco: so the problem is server sided?
18:49 < banco> don't know
18:50 < banco> trying to figure it out
18:50 < Stigmagr> banco: do you need me to paste anything from server/client?
18:50 < banco> not yet
18:56 -!- lotharn5 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
18:56 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
19:00 < banco> Stigmagr: can you ping 10.8.0.1 from the client?
19:00 < Stigmagr> banco: yes right now ik can
19:01 < Stigmagr> banco: but i had the configurations i mentioned before removed
19:01 < banco> Stigmagr: yes, with configuration removed
19:01 < Stigmagr> banco: yes i can
19:04 < banco> Stigmagr: paste your server and client config once again
19:04 < banco> Stigmagr: I'm trying to test it myself
19:04 < Stigmagr> banco: sure thing mate just a second
19:05 < Stigmagr> banco: server config: http://pastie.org/private/b4bzydhu94uabrvs7z4yhg
19:05 < Stigmagr> banco: client config: http://pastie.org/private/e07zxwkvz9xcczvm2wxdxw
19:10 -!- AlmogBaku [~AlmogBaku@109.64.158.142] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:11 -!- papertigers [~papertige@pool-98-118-154-213.bflony.fios.verizon.net] has quit [Ping timeout: 250 seconds]
19:20 < Stigmagr> banco: you can see the configs right mate? asking because they have this private in the string
19:20 < banco> Stigmagr: yes
19:20 < Stigmagr> ok cool
19:22 < banco> Stigmagr: still don't know, why it won't work with tun devices, seems like there may be some configs adding with ifconfig-pool option, routes between tun device or something
19:22 < banco> Stigmagr: but if you use bridging, then it works
19:22 < banco> i.e. change tun to tap
19:22 < Stigmagr> banco: its fine, what should i change
19:22 < Stigmagr> banco: on client config or server?
19:22 < banco> dev tun to dev tap
19:22 < banco> on both
19:23 < Stigmagr> banco: ok done that, so now i should restore the previous ifconfig configuration as well?
19:24 < banco> Stigmagr: yes
19:24 < Stigmagr> banco: and the nopool?
19:24 < banco> Stigmagr: yes
19:25 < Stigmagr> banco: ok now i can ping 10.8.0.1 from client but the client does not have accept to the internet
19:26 < Stigmagr> banco: and ping 8.8.4.4 returns reply from 10.8.0.1: Destination host unreachable
19:28 < banco> Stigmagr: can you see ping in the iptables logs on the server?
19:28 < Stigmagr> lemme tail it
19:29 < Stigmagr> with tail -f /var/log/messages | grep icmp
19:29 < Stigmagr> i see nothing
19:29 < Stigmagr> with grep 8.8.4.4
19:30 < Stigmagr> Dec  5 03:23:22 host kernel: FORWARD:IN=tap0 OUT=eth0 SRC=10.8.0.2 DST=8.8.4.4 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=51715 PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=30976
19:30 < Stigmagr> Dec  5 03:23:23 host kernel: FORWARD:IN=tap0 OUT=eth0 SRC=10.8.0.2 DST=8.8.4.4 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=51717 PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=31232
19:30 < Stigmagr> Dec  5 03:23:24 host kernel: FORWARD:IN=tap0 OUT=eth0 SRC=10.8.0.2 DST=8.8.4.4 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=51719 PROTO=ICMP TYPE=8 CODE=0 ID=768 SEQ=31488
19:30 < banco> ah
19:30 < banco> change the interface frop tun0 to tap0 in iptables rules
19:31 < Stigmagr> er
19:31 < Stigmagr> how? :D
19:31 < banco> delete old rule, intert new rule
19:31 < Stigmagr> 10.8.0.0/24 dev tap0  proto kernel  scope link  src 10.8.0.1  ?
19:32 < banco> iptables
19:32 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Read error: Connection reset by peer]
19:32 < Stigmagr> -A FORWARD -s 10.8.0.0/24 -i tun0 -m conntrack --ctstate NEW -j ACCEPT  ?
19:32 < banco> paste the output:
19:32 < banco> iptables -t nat -L -n -v --line-numbers
19:32 < banco> iptables -L -n -v --line-numbers
19:33 < Stigmagr> banco: 1st command output : http://pastie.org/private/rfjdymxd7p33z675n0asa
19:34 < Stigmagr> banco: 2nd command output: http://pastie.org/private/r8q4kgjgmdpdbr5du00hfq
19:35 < banco> iptables -D FORWARD 3
19:35 < banco> iptables -I FORWARD -i tap0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
19:35 < Stigmagr> banco: ok client has internet now
19:35 < banco> run this after that
19:35 < banco> iptables -D FORWARD 1
19:35 < banco> iptables -I FORWARD 3 -i tap0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
19:36 < banco> ok, now we need to test the source routing
19:36 < Stigmagr> banco: client has internet again
19:36 < Stigmagr> banco: what ever you say boss! :)
19:36 < banco> what's the ip rule output?
19:37 < Stigmagr> 31.22.119.128/26 dev eth0  proto kernel  scope link  src 31.22.119.159
19:37 < Stigmagr> 31.22.115.128/26 dev eth0  proto kernel  scope link  src 31.22.115.131
19:37 < Stigmagr> 10.8.0.0/24 dev tap0  proto kernel  scope link  src 10.8.0.1
19:37 < Stigmagr> 31.22.112.0/24 dev eth0  proto kernel  scope link  src 31.22.112.54
19:37 < Stigmagr> 169.254.0.0/16 dev eth0  scope link  metric 1002
19:37 < Stigmagr> default via 31.22.112.1 dev eth0
19:37 < banco> ip rule
19:37 < Stigmagr> [root@host ~]# ip rule
19:37 < Stigmagr> 0: from all lookup local
19:37 < Stigmagr> 32766: from all lookup main
19:37 < Stigmagr> 32767: from all lookup default
19:38 < Stigmagr> banco: what is that 169.254.0.0/16 dev eth0 scope link metric 1002?
19:38 < banco> ok, run these commands:
19:38 < banco> ip route add default via 31.22.112.1 dev eth0:1 table 1000
19:38 < banco> 31.22.112.0/24 dev eth0:1  proto kernel  scope link  src 31.22.112.92
19:38 < banco> 10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.1
19:38 < banco> ip rule add from 10.8.0.2 table 1000
19:38 < Stigmagr> [root@host ~]# 31.22.112.0/24 dev eth0:1  proto kernel  scope link  src 31.22.112.92
19:38 < Stigmagr> -bash: 31.22.112.0/24: No such file or directory
19:38 < banco> Stigmagr: don't know from where you got that route
19:38 < Stigmagr> sorry
19:39 < banco> ah, sry
19:39 < banco> wait
19:39 < Stigmagr> npnp i know
19:39 < banco> ip route add default via 31.22.112.1 dev eth0:1 table 1000
19:39 < banco> ip route add 31.22.112.0/24 dev eth0:1  proto kernel  scope link  src 31.22.112.92
19:39 < banco> ip route add 10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.1
19:39 < banco> ip rule add from 10.8.0.2 table 1000
19:39 < banco> wait again
19:39 < banco> these
19:39 < banco> ip route add default via 31.22.112.1 dev eth0:1 table 1000
19:39 < banco> ip route add 31.22.112.0/24 dev eth0:1  proto kernel  scope link  src 31.22.112.92 table 1000
19:39 < banco> ip route add 10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.1  table 1000
19:39 < banco> ip rule add from 10.8.0.2 table 1000
19:40 < Stigmagr> [root@host ~]# ip route add 10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.1  table 1000
19:40 < Stigmagr> Cannot find device "tun0"
19:40 < Stigmagr> maybe tap0?
19:40 < banco> ah, forgot to change
19:40 < banco> yes
19:40 < banco> change it
19:41 < Stigmagr> banco: ok added them
19:41 < banco> now try to access internet from the client
19:41 < Stigmagr> without changing anything on the client or connecting and disconnecting?
19:41 < banco> yes
19:42 < Stigmagr> banco: client still accesses the internet
19:42 < Stigmagr> banco: the ip is still 31.22.112.54
19:42 < banco> Stigmagr: can you check the client public address?
19:42 < Stigmagr> it is still the server's
19:42 < Stigmagr> 31.22.112.54
19:46 < banco> run these:
19:46 < banco> ip route add default via 31.22.112.1 dev eth0:1 table 999
19:46 < banco> ip route add 31.22.112.0/24 dev eth0:1  proto kernel  scope link  src 31.22.112.92 table 999
19:46 < banco> ip route add 10.8.0.0/24 dev tap0  proto kernel  scope link  src 10.8.0.1  table 999
19:47 < banco> ip rule add from all table 999
19:47 < banco> and check if server have internet
19:48 < Stigmagr> banco: both server and client have internet
19:48 < Stigmagr> banco: the public ip is still the server's
19:49 < Stigmagr> banco: i havent added any snat rules on iptables
19:49 < banco> can you check the public ip from the server?
19:50 < Stigmagr> i dont know how to do that
19:50 < Stigmagr> it should probably be 31.22.112.54
19:50 < Stigmagr> is there any linux command to check the public ip?
19:50 < banco> do you have gui there?
19:50 < banco> or only console?
19:51 < Stigmagr> its centos minimal so only console
19:52 < banco> run this command: wget http://ipinfo.io/ip -qO -
19:52 < Stigmagr> 31.22.112.54
19:53 < banco> hm
19:54 < banco> the question is: do you have the public IP on every single virtual interface? or only these 3: 31.22.112.54 31.22.115.131 31.22.119.159?
19:55 < Stigmagr> every interface is configured like this:
19:56 < Stigmagr> banco: http://pastie.org/private/17sriazxgibd8tp3rpe33g
19:57 < Stigmagr> the only thing that change is the device eth0:1 eth0:2 etc
19:57 < Stigmagr> and the ipaddr
20:01 < banco> run this command on server:
20:01 < banco> iptables -I OUTPUT 1 -j LOG --log-prefix "OUTPUT:" --log-level 6
20:01 < Stigmagr> done
20:01 < banco> and in one server console run:
20:01 < banco> tail -f /var/log/messages | grep 52.29.4.233
20:01 < banco> in second console run:
20:01 < banco> wget http://52.29.4.233/ip -qO -
20:02 < Stigmagr> in second console that i will connect with ssh as well?
20:02 < banco> yes
20:02 < banco> also, add this
20:02 < banco> iptables -t nat -I POSTROUTING 1 -j LOG --log-prefix "POSTROUTING:" --log-level 6
20:02 < banco> (if it's missing)
20:03 < Stigmagr> banco: http://pastie.org/private/swafu2ryrjwsy0arjflgg
20:04 < banco> run ip rule
20:04 < Stigmagr> [root@host network-scripts]# ip rule
20:04 < Stigmagr> 0: from all lookup local
20:04 < Stigmagr> 32764: from all lookup 999
20:04 < Stigmagr> 32765: from 10.8.0.2 lookup 1000
20:04 < Stigmagr> 32766: from all lookup main
20:04 < Stigmagr> 32767: from all lookup default
20:04 < banco> now ip r show table 999
20:04 < Stigmagr> [root@host network-scripts]# ip r show table 999
20:05 < Stigmagr> 10.8.0.0/24 dev tap0  proto kernel  scope link  src 10.8.0.1
20:05 < Stigmagr> 31.22.112.0/24 dev eth0  proto kernel  scope link  src 31.22.112.92
20:05 < Stigmagr> default via 31.22.112.1 dev eth0
20:05 < banco> hm, why eth0
20:05 < Stigmagr> indeed why eth0
20:05 < banco> run these:ip route del 31.22.112.0/24 dev eth0  proto kernel  scope link  src 31.22.112.92 table 999
20:05 < banco> ip route add 31.22.112.0/24 dev eth0:1  proto kernel  scope link  src 31.22.112.92 table 999
20:06 < banco> and check again
20:06 < Stigmagr> [root@host network-scripts]# ip r show table 999
20:06 < Stigmagr> 10.8.0.0/24 dev tap0  proto kernel  scope link  src 10.8.0.1
20:06 < Stigmagr> 31.22.112.0/24 dev eth0  proto kernel  scope link  src 31.22.112.92
20:06 < Stigmagr> default via 31.22.112.1 dev eth0
20:06 < Stigmagr> again eth0
20:07 < Stigmagr> it refuses to accept the interface?
20:08 < banco> how about this?
20:08 < banco> ip route del 31.22.112.0/24 dev eth0  proto kernel  scope link  src 31.22.112.92 table 999
20:08 < banco> ip route add 31.22.112.0/24 dev eth0.1  proto kernel  scope link  src 31.22.112.92 table 999
20:08 < Stigmagr> cannot find device eth0.1
20:14 < Stigmagr> banco: this is a routing problem, you think?
20:14 < banco> Stigmagr: yes, right now it's the routing problemm we need to fix it first
20:18 < Stigmagr> banco: google mentions that we should be able to route with dev interface such as eth0:1 i dont understand why it does not accept it
20:20 < banco> Stigmagr: try to run this: ip link set dev eth0:1 up
20:20 < banco> and then paste the output of ip a
20:21 < Stigmagr> banco: http://pastie.org/private/gcy2vf1bo5d2oqqijodfmw
20:21 < banco> can you ping /24 brd 31.22.112.255 scope global secondary eth0:1 inet
20:22 < banco> wrong one
20:22 < banco> ping 31.22.112.92
20:22 < Stigmagr> from the server?
20:22 < banco> yes
20:22 < Stigmagr> it works
20:23 < Stigmagr> i can ping every ip on the virtual interfaces either from the server or from my computer no problem
20:23 < Stigmagr> tested many of them before
20:24 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 246 seconds]
20:29 < Stigmagr> banco: any ideas? :S
20:30 < banco> only one
20:30 < banco> that it can be something to do with the secondary interface parameter
20:31 < banco> in ip a
20:31 < Stigmagr> can we do anything about it?
20:32 < banco> you can see, that you have 3 virtual interfaces eth0, eth0:10 and eth0:100 with the IPs that you can see in the ip r: 31.22.112.54, 31.22.115.131 and 31.22.119.159
20:32 < Stigmagr> i have 3 subnets added
20:32 < banco> for them you don't have "secondary" int the parameters, but for all others interfaces there is "secondary"
20:33 < banco> it cause me to think, that you only have 3 public IPs from 3 ISP's: 31.22.112.54, 31.22.115.131 and 31.22.119.159
20:33 < banco> others are just virtual IPs on server or something
20:34 < Stigmagr> that is not true because i have already used all this ips as public ips in the past via squid proxy server
20:34 < banco> I just don't have any experience with the virtual interfaces, so I can't think of anything
20:34 < Stigmagr> on squid i gave any of this ips on the proxy server ip and i had it as public
20:35 < Stigmagr> if i did what is my ip i would get any ip from all 3 subnets that i needed
20:35 < Stigmagr> is there any other way to do this with openvpn?
20:36 < banco> try to run this:
20:36 < banco> ip route add default via 31.22.115.1 dev eth0:10 table 998
20:36 < banco> ip route add 31.22.115.128/26 dev eth0:10  proto kernel  scope link  src 31.22.115.131 table 998
20:36 < banco> ip rule add from all table 998
20:36 < banco> ip r show table 998
20:36 < Stigmagr> banco: this is an output of ifconfig -a as well http://pastie.org/private/foi00aixwupwxtefb2rjw
20:37 < Stigmagr> banco: [root@host network-scripts]# ip route add default via 31.22.115.1 dev eth0:10 table 998
20:37 < Stigmagr> RTNETLINK answers: Network is unreachable
20:38 < banco> ip route add default via 31.22.115.129 dev eth0:10 table 998
20:38 < Stigmagr> that passed
20:38 < Stigmagr> running the 2nd command
20:39 < banco> you can't do anything if the routing won't work
20:39 < Stigmagr> i think i lost connection
20:39 < banco> go to the vm console
20:39 < Stigmagr> [root@host network-scripts]# ip route add 31.22.115.128/26 dev eth0:10  proto kernel  scope link  src 31.22.115.131 table 998
20:39 < Stigmagr> [root@host network-scripts]# ip rule add from all table 998 packet_write_wait: Connection to 31.22.112.54: Broken pipe
20:39 < Stigmagr> no i didnt loose it
20:40 < Stigmagr> it just took a while
20:40 < banco> what's the output of this command: ip r show table 998
20:40 < Stigmagr> i lost it
20:40 < Stigmagr> going to console
20:41 < Poster> 31.22.115.1 falls outside of the local IP subnet which appears to be 31.22.115.129-190
20:41 < banco> yes
20:41 < Stigmagr> the output is 31.22.115.128/26 deb eth0 proto kernel scope link scr 31.22.115.131
20:42 < Stigmagr> default via 31.22.115.129 dev eth0
20:42 < banco> wget http://52.29.4.233/ip -qO -
20:42 < banco> run it
20:43 < Stigmagr> no answer
20:44 < banco> hm, do you know the gw for this subnet?
20:44 < Stigmagr> it was supposed to be 31.22.115.128 from what they said
20:44 < Poster> that's the network address
20:44 < Stigmagr> that is what they gave me as GW for what ever reason
20:45 < Stigmagr> i think that they are using the main GW 31.22.112.1 for everything
20:45 < banco> nah, 31.22.115.128 will be the subnet for /26, like 10.8.0.0 is subnet for /24
20:45 < Stigmagr> but i cant be sure
20:45 < Poster> it's possible, but seems a bit off
20:45 < Stigmagr> Subnet: 31.22.115.128/26
20:45 < Stigmagr>  
20:45 < Stigmagr> Gateway: 31.22.115.128
20:45 < Stigmagr> Broadcast: 31.22.115.191
20:45 < Stigmagr> Subnet: 255.255.255.192
20:45 < Stigmagr> Usable IPs: 31.22.115.129 – 31.22.115.190 (62 IPs)
20:45 < Stigmagr> this is what they emailed me
20:46 < Stigmagr> but on the virtual interfaces we never used a gateway
20:46 < Poster> they might be a /25 or larger on the other side
20:46 < banco> what did they give you for 31.22.112.0/24?
20:46 < Poster> do you have an arp entry for 31.22.115.128 ?
20:46 -!- Eatmeimanazuki [~azuki@wikipedia/Eat-me-Im-an-azuki] has joined #openvpn
20:46 < Stigmagr> arp entry?
20:46 < Stigmagr> ripe?
20:46 -!- Eatmeimanazuki [~azuki@wikipedia/Eat-me-Im-an-azuki] has left #openvpn []
20:47 < Poster> layer 2, try "arp -an | grep 31.22.115.128"
20:47 < Stigmagr> one sec re opening console
20:48 < Stigmagr> for whatever reason it closes
20:48 < Stigmagr> it returned nothing
20:48 < Poster> ok it's no in cache
20:48 < Poster> it may be reachable, can you try pinging it?
20:48 < banco> not yet
20:49 < banco> first delete all ip rule tables
20:49 < Stigmagr> nothing is reachable atm
20:49 < Stigmagr> if i restart the server or delete all rules
20:49 < Stigmagr> it will be reachable
20:49 < Stigmagr> should i restart it banco?
20:49 < banco> ip rule del table ...
20:49 < banco> for tables 998, 999, 1000
20:49 < Stigmagr> i get the operation not permitted again
20:50 < banco> hm, reboot then
20:50 < Stigmagr> ok rebooting
20:50 < Stigmagr> after this reboot Poster every virtual IF ip will be reachable via ping
20:54 < Stigmagr> ripe mentions that this subnet is part of 31.22.115.0/24 offcourse so it should have GW 31.22.115.1 ?
20:54 < Poster> ripe is mostly talking about allocations to carriers
20:54 < Poster> they likely suballocate to you
20:54 < Stigmagr> yes that is what they did
20:54 < banco> Stigmagr: 31.22.115.1 is not reachable for your subnet
20:55 < Stigmagr> i see
20:55 < banco> Stigmagr: maybe it's 31.22.115.254
20:56 < Stigmagr> i tried to ping 31.22.115.254 from my main computer and it is not reachable
20:56 < Poster> try 31.22.115.128
20:56 < Poster> ping -^
20:56 < Stigmagr> 128 is not reachable atm since my server is restarting
20:56 < Stigmagr> it will be reachable after the restart
20:56 < banco> Stigmagr: did you try to ping it before?
20:57 < Stigmagr> 31.22.115.128?
20:57 < banco> y
20:57 < Stigmagr> yes
20:57 < Stigmagr> it was reachable
20:57 < banco> I see now
20:57 < Poster> I am just confused by their allocation, it is's truly a /26, 31.22.115.128 is network and 31.22.115.191 is broadcast
20:58 < Stigmagr> yes
20:58 < Stigmagr> banco: 128 will be reachable sortly
20:58 < Stigmagr> from everyone
20:58 < banco> run this:
20:58 < banco> ip route add default via 31.22.115.128 dev eth0:10 table 1000
20:58 < banco> ip route add 31.22.115.128/26 dev eth0:10  proto kernel  scope link  src 31.22.115.131 table 1000
20:58 < banco> ip rule add from all table 1000
20:58 < banco> ip r show table 1000
20:58 < Stigmagr> server not yet up
20:58 < banco> k
20:58 < Poster> but they are claiming 31.22.115.128 is your gateway and 31.22.115.191 is the broadcast
20:59 < Poster> if the other side is say a /25 or /24, 31.22.115.191 should be a host address, not a broadcast
20:59 < Poster> I don't know, it's just odd
21:00 < Stigmagr> the provider owns 31.22.115.0/24
21:00 < Stigmagr> and they allocated it as such
21:01 < Stigmagr> banco: server is up
21:01 < banco> try those commands
21:01 < Stigmagr> 31.22.115.128 is still unreachable
21:01 < banco> unreachable?
21:01 < Stigmagr> but 31.22.115.129 is reachable
21:01 < banco> then don't run the commands yet
21:01 < Stigmagr> when i ping it from my host computer yet
21:01 < Stigmagr> yes
21:02 < Stigmagr> 128 is unreachable
21:02 < banco> show ip r
21:02 < banco> and ip rule
21:02 < Stigmagr> 191 is unreachable as well
21:02 < Stigmagr> ok
21:02 < Stigmagr> you can try ping from your computer as well
21:03 < Stigmagr> so the 31.22.115.128/26 the network and broadcast addresses are unreachable
21:03 < Stigmagr> so its probably my mistake saying that it is reachable
21:03 < banco> can you ping the 31.22.115.128 from the server?
21:03 < Stigmagr> one moment
21:03 < Stigmagr> [root@host ~]# ping 31.22.115.128
21:03 < Stigmagr> Do you want to ping broadcast? Then -b
21:03 < Stigmagr> so no
21:03 < banco> not broadcast
21:04 < Stigmagr> no i dont use -b
21:04 < Stigmagr> do you have teamviewer?
21:04 < banco> yes, have it somewhere
21:04 < Stigmagr> want to join me and watch?
21:05 < banco> well, there is not so much to watch at
21:05 < Stigmagr> ok
21:05 < banco> I think, you need to contact the isp provider and ask him about this
21:06 < banco> at least about gw
21:06 < Stigmagr> i am going to do that
21:06 < banco> and I'm just going to sleep at last as it's 9AM for me already, lol
21:06 < Stigmagr> sorry man
21:07 < Stigmagr> and really thank you very VERY much for all your trouble
21:07 < Stigmagr> i am REALLY thankful
21:07 < Stigmagr> i am going to contact isp
21:07 < Stigmagr> and at least find out about the subnet
21:07 < Stigmagr> err
21:07 < Stigmagr> the GW i mean
21:08 < Stigmagr> good night mate
21:08 < banco> ok, I'll be on the channel latter (tomorrow morning for you?)
21:08 < banco> thanks
21:08 < Stigmagr> i will join the channel as well
21:08 < Stigmagr> i hope i will have an answer from the isp by tomorrow
21:08 < Stigmagr> I will be on the channel all day whenever you join we can talk again
21:09 < Stigmagr> i just dont understand how squid used this ips
21:09 < Stigmagr> how it routed them :S
21:13 < Poster> one thing that may be present is that one subnet is routed via the other
21:14 < Poster> but yes I would agree contacting the ISP
21:14 < Poster> something seems off
21:16 < Stigmagr> i have already sent them a ticket
21:16 < Stigmagr> will be waiting for their answer
21:16 < Poster> yeah probably best
21:17 < Stigmagr> the subnet is 31.22.115.128/26
21:18 < Stigmagr> the network offcourse is 31.22.115.128
21:18 < Poster> it's possible they may be routing 31.22.115.128/26 via 31.22.112.x
21:18 < Stigmagr> but they mention it as gateway for some reason on the email
21:18 < Poster> the .x being something on your host
21:18 < Stigmagr> i dont know about that
21:18 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
21:18 < Poster> at which point ip forwarding can carry it over
21:19 < Stigmagr> i just wanted to use openvpn like i used to use squid
21:19 < Stigmagr> i need to use every ip on my server
21:19 < Poster> yeah it can work
21:19 < Stigmagr> ye that is what banco was trying to assist me with
21:19 < Poster> I did the routing method several jobs ago, they had a disjoined IP network assigned
21:19 < Stigmagr> but we did not manage to do it
21:20 < Stigmagr> is there an other method as well?
21:20 < Poster> a separate ip routing table is possible, it's tough to guess without knowing what the carrier is set to do
21:21 < Stigmagr> what else should i ask them apart from the GW for each of my subnet you think?
21:21 < Poster> maybe clarify the subnet assignments, gateway
21:21 < Poster> possibly the routing table for your IP assignment
21:21 < Stigmagr> all this should help right
21:21 < Stigmagr> ?
21:22 < Poster> yeah once we understand the circuit end to end we should be able to get your side up and running
21:22 < Stigmagr> cool
21:23 < Stigmagr> you think squid worked because he handles routes with some other method ?
21:23 < Poster> squid ultimately depends on the OS it's running on
21:23 < Stigmagr> what do you mean?
21:24 < Poster> I don't think it has any method to superceed what the OS can/cannot do
21:24 < Stigmagr> squid was running on the same server that i now installed openvpn
21:24 < Stigmagr> its a centos 6.7
21:24 < Stigmagr> i just disabled it now
21:25 < Stigmagr> squid did not requid a single route to use the ips i just acled them in the configuration
21:25 < Poster> what changed?
21:25 < Stigmagr> acl ip8 myip 31.22.115.129
21:25 < Stigmagr> tcp_outgoing_address 31.22.115.129 ip8
21:25 < Stigmagr> like that
21:25 < Stigmagr> nothing changed
21:25 < Stigmagr> i just disabled squid
21:26 < Stigmagr> since proxy is not needed anymore
21:26 < Stigmagr> because of the lack of the ability to carry flash
21:26 < Stigmagr> that is why we decided to use openvpn
21:26 < Stigmagr> since everything can be routed through vpn
21:26 < Stigmagr> squid is just http/https proxy
21:26 < Poster> yeah I am somewhat familiar with squid
21:27 < Stigmagr> if i turn squid on now
21:27 < Stigmagr> u can join it as well and get a public ip from my server
21:27 < Stigmagr> very very easy
21:27 < Stigmagr> but for squid i didnt have to setup any custom routes or anything it just used the ips from the interfaces
21:28 < Poster> can you paste the output of "route -n"?
21:28 < Stigmagr> for example you setup your browser to go to 31.22.115.129 port 3128
21:28 < Stigmagr> you are prompt for username/password
21:28 < Stigmagr> and then your public ip is 31.22.115.129
21:31 < Poster> ok let's try this
21:31 < Poster> traceroute -I 31.22.112.54 8.8.8.8
21:32 < Poster> sorry
21:32 -!- somis [~somis@70.38.6.186] has quit [Quit: Leaving]
21:32 < Poster> traceroute -s 31.22.112.54 8.8.8.8
21:32 < Poster> then do
21:32 < Poster> traceroute -s 31.22.115.129 8.8.8.8
21:33 < Poster> from the other side, I see the same hop before both networks
21:33 < Poster>  20   168 ms   171 ms   169 ms  te-0-1.core-ase.hyperhosting.net [62.1.2.2]
21:33 < Poster>  21   170 ms   169 ms   168 ms  31.22.115.129
21:33 < Stigmagr> should i do that on the server?
21:33 < Poster> yep
21:33 < Poster>  20   166 ms   170 ms   165 ms  te-0-1.core-ase.hyperhosting.net [62.1.2.2]
21:33 < Poster>  21   181 ms   178 ms   179 ms  host.telecomns.gr [31.22.112.54]
21:33 < Poster> So both are reachable
21:34 < Stigmagr> traceroute command not found
21:34 < Poster> another thing, on the server system, please type:
21:34 < Poster> cat /proc/sys/net/ipv4/ip_forward
21:34 < Poster> thinking it might be 1, but could also be 0
21:34 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
21:34 < Stigmagr> its 1
21:34 < Poster> ok hang on
21:35 < Poster> ok please type as root
21:35 < Poster> echo "0" > /proc/sys/net/ipv4/ip_forward
21:35 < Poster> I am running a continuous ping
21:35 < Poster> if it stops, your host is forwarding IP
21:35 < Stigmagr> it did not do anything
21:35 < Poster> ok yeah I am still pinging
21:36 < Poster> ok you can turn it back on
21:36 < Poster> echo "1" > /proc/sys/net/ipv4/ip_forward
21:36 < Stigmagr> now the cat /proc/sys/net etc is 0
21:36 < Poster> you should be able to install traceroute via yum
21:36 < Stigmagr> ok done
21:36 < Stigmagr> wait i will do it
21:36 < Poster> is this a virtual private server?
21:37 < Stigmagr> yes
21:37 < Poster> do you know your hypervisor? (Xen, VMWare, HyperV, OpenVZ, etc)
21:37 < Stigmagr> installed traceroute sec i am running the commands
21:37 < Poster> ok
21:37 < Stigmagr> vmware i think
21:38 < Stigmagr> [root@host ~]# traceroute -s 31.22.112.54 8.8.8.8
21:38 < Stigmagr> traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
21:38 < Stigmagr>  1  gateway.hyperhosting.gr (31.22.112.1)  0.160 ms  0.140 ms  0.131 ms
21:38 < Stigmagr>  2  e2-10.host-ase-01.forthnet.gr (62.1.2.1)  0.763 ms  0.676 ms  0.859 ms
21:38 < Stigmagr>  3  te0-2-0-0.distr-kln-01.forthnet.gr (213.16.252.169)  0.887 ms te0-0-0-1.distr-kln-02.forthnet.gr (213.16.247.201)  1.114 ms te0-2-0-0.distr-kln-01.forthnet.gr (213.16.252.169)  0.897 ms
21:38 < Stigmagr>  4  core-kln-12Be2.forthnet.gr (213.16.247.13)  7.529 ms core-kln-12Be3.forthnet.gr (213.16.247.17)  11.583 ms core-kln-13Be3.forthnet.gr (213.16.247.21)  8.658 ms
21:38 < Stigmagr>  5  core-lsf-08XE-0-0-1.forthnet.gr (212.251.94.18)  7.550 ms  7.551 ms  7.436 ms
21:38 < Stigmagr>  6  74.125.48.74 (74.125.48.74)  11.997 ms  15.415 ms  15.398 ms
21:38 < Stigmagr>  7  72.14.237.27 (72.14.237.27)  15.528 ms  15.432 ms 72.14.237.189 (72.14.237.189)  12.203 ms
21:38 < Stigmagr>  8  209.85.240.160 (209.85.240.160)  25.545 ms 209.85.253.114 (209.85.253.114)  25.776 ms 209.85.240.160 (209.85.240.160)  25.570 ms
21:38 < Stigmagr>  9  216.239.58.8 (216.239.58.8)  46.246 ms  46.237 ms  46.227 ms
21:38 < Stigmagr> 10  209.85.251.178 (209.85.251.178)  44.825 ms 66.249.95.39 (66.249.95.39)  46.540 ms 209.85.253.216 (209.85.253.216)  44.768 ms
21:38 < Poster> ok please pastebin
21:38 < Stigmagr> ok sorry
21:38 < Poster> np
21:38 < Poster> while you're in there, please also paste the output of "arp -an"
21:39 < Stigmagr> http://pastie.org/private/eehvbetajagqc9vt89e8aw
21:39 < Stigmagr> arp -an output: http://pastie.org/private/rg0e3mo7pjbrxcd0toynw
21:39 < Poster> ok so that second trace, the first hop is outside of the local subnet
21:39 < Poster> so I think forwarding is present
21:40 < Poster> what is it you were trying to accomplish with OpenVPN?
21:40 -!- qg__ [~qg_@2600:1005:b01c:b3ac:61e4:93bd:142d:5fe4] has joined #openvpn
21:40 < qg__> I could use some help me my openvpn setup
21:40  * Poster helps
21:41 < qg__> so I'm connected to my openvpn via my cell phone
21:41 < Stigmagr> i need a vpn that will work as squid did so that each clinet can have different public ip selected by a software i created randomly but each client should also have unique public ip
21:41 < qg__> I run nslookup to check to see if I can find other computers on my home network
21:41 < Stigmagr> the problem with the proxy was that flash couldnt work with it
21:41 < qg__> I get server 192.168.1.1
21:42 < qg__> that's not going to work if I'm on someone else's local area network
21:42 < Poster> Stigmagr: ok, you probably want iptables to do some source NAT
21:42 < Poster> how many clients are you working with?
21:42 < qg__> what should be the dns ip when I'm on my openvpn connection?
21:43 < Stigmagr> ~ 20 clients
21:43 < Stigmagr> but each one of them might use 2-5 vms that needs to get a unique public ip
21:43 < Stigmagr> that is why we have 124 public ips
21:43 < qg__> shouldn't it be the outside IP of my router that I connected my openvpn connection to?
21:44 < Stigmagr> qg__:i have set my dns to 8.8.8.8 & 8.8.4.4
21:44 < Poster> ok that's fine, what you can do is create iptables rules per source address
21:44 < Stigmagr> from google
21:44 < Poster> so say your OpenVPN client is 10.8.0.150, you could do something like
21:44 < qg__> Stigmagr: that won't resolve the other computers on your network though
21:44 < Stigmagr> Poster: we have tried snat today as well
21:45 < Stigmagr> qg__: ah i see, i cant help then since i am pretty new to openvpn as well :s
21:45 < Poster> iptables -t nat -A POSTROUTING -s 10.8.0.150 -j SNAT --to-source 31.22.115.150
21:45 < qg__> what do I have configured wrong here?
21:46 < Poster> then repeat for 10.8.0.151 -> 31.22.115.151, etc
21:46 < Stigmagr> Poster: yes we did this today we tried it
21:46 < Stigmagr> but banco said that it will not work without routing
21:46 < Poster> it is working now
21:46 < Poster> we can ping that address
21:46 < Poster> I am pretty sure it will work
21:46 < Poster> are there other iptables rules active?
21:46 < Stigmagr> wait i will test it with what i have setup already
21:46 < Stigmagr> adding an iptable rule
21:47 < Poster> ok just make sure you get the OpenVPN IP address with the "-s" section and some IP in your range for "--to-source"
21:48 < Poster> I am fairly sure your carrier is routing the 31.22.115.128/26 via your 31.22.112.x interface
21:48 < Stigmagr> ye did that
21:48 < qg__> so how do I configure openvpn to configure dns for my clients that will resolve my local network hostnames?
21:49 < Poster> qg__: do you have an internal DNS server for your local network?
21:49 < Stigmagr> Poster: http://pastie.org/private/nlstrku2wiql75oyvjjxdw the iptables config
21:49 < qg__> Poster: yes, it's my router
21:49 < Poster> Stigmagr: ok that looks ok, dial in the VPN and see what your public address is
21:50 < Stigmagr> Poster: client does not have internet access
21:50 < Stigmagr> that was the problem before as well
21:50 < Stigmagr> if i remove the previous rule client will have internet access but will have 31.22.112.54 as the public address
21:50 < Stigmagr> client's ip is offcourse 10.8.0.2
21:51 < Poster> hrmm ok
21:51 < anabain> qg__, do you happen to have this config:  android cell phone --> openvpn app --> internet -> home router with openvpn server -> lan
21:51 < anabain> ?
21:51 < Poster> qg__: see the: push "dhcp-option DNS x.x.x.x"
21:51 < qg__> anabain: not the first 2 hops
21:51 < Stigmagr> Poster: and that is the route print from the client: http://pastie.org/private/uo1iexp2mtkhtpgd2o2zg
21:52 < qg__> Poster: but what IP, my home router is 192.168.1.1, and if I'm on another network that IP won't resolve my home machines
21:52 < Poster> qg__: is 192.168.1.1 reachable through your VPN link?
21:53 < qg__> Poster: if I'm on another person's home network, won't that be their local router and not mine?
21:54 < Poster> yeah IP overlap is a big problem, I would reassign your home network to something less common
21:54 < Poster> Stigmagr: can you try from the OpenVPN client: tracert -d 8.8.8.8
21:54 < anabain> qg__, just in case: http://advancedhomeserver.com/dd-wrt-and-openvpn-part-2/  that worked for me like a charm. Particularly interesting are remarks about iptables and additional config options, which may well apply to your case
21:54 <@vpnHelper> Title: OpenVPN And DD-WRT Part 2 | Advanced Home Server (at advancedhomeserver.com)
21:55 < Stigmagr> yes
21:55 < qg__> anabain: I'm running asuswrt-merlin, I wonder if it would still apply
21:55 < Stigmagr> Tracing route to 8.8.8.8 over a maximum of 30 hops
21:55 < Stigmagr>   1    30 ms    16 ms    15 ms  10.8.0.1
21:55 < Stigmagr>   2  10.8.0.1  reports: Destination host unreachable.
21:55 < Stigmagr> Trace complete.
21:55 < Stigmagr> sorry lol
21:56 < Poster> yikes ok
21:56 < anabain> qg__, if this firm has openwrt embedded, I don't see why not...
21:56 < Stigmagr> it pasted a huge block for 2 lines
21:56 < anabain> qg__, *openvpn
21:56 < Stigmagr> although i can ping 31.22.112.54
21:57 < qg__> anabain: is your local network on 192.1.168.x?
21:57 < anabain> yes, 192.168.1.x
21:57 < Stigmagr> and i can also ping 31.22.115.150
21:57 < Stigmagr> Poster: i can ping all the ips from my interfaces
21:57 < Stigmagr> from the client
21:58 < Stigmagr> but i cant access the internet
21:58 < Poster> how about 31.22.112.1 ?
21:58 < Stigmagr> nop
21:58 < qg__> anabain: awesome, thanks for the link
21:59 < anabain> you're welcome qg__
21:59 < Poster> ok Stigmagr, let's temporarily do
21:59 < Poster> actually let me double check my syntax
22:00 < Poster> I want to flush the forward chain
22:00 < Poster> sudo iptables -F FORWARD
22:00 < Poster> then retry pinging your gateway
22:00 < Stigmagr> from client the ping right?
22:01 < Poster> yep
22:01 < qg__> Poster: what would you recommend?
22:01 < Stigmagr> works
22:01 < Poster> ok I think your reject rule is breaking this
22:01 < Stigmagr> has internet as well lol
22:01 < Poster> go ahead and check your public IP
22:01 < Stigmagr> lemme check public ip
22:01 < Stigmagr> LOL IT WORKS
22:01 < Stigmagr> OMFG
22:02 < Stigmagr> i will seriously fap all over the keyboard
22:02 < Poster> ok let's touch up your iptables
22:02 < Stigmagr> speak up master!
22:02 < Stigmagr> save em?
22:02 < Poster> no I wouldn't do that
22:02 < Stigmagr> mmm then?
22:03 < Stigmagr> now what did the flush remove?
22:03 < Poster> all the forwarding rules
22:03 < Poster> just to test, I wouldn't run that way
22:03 < Stigmagr> -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
22:03 < Stigmagr> -A FORWARD -s 10.8.0.0/24 -i tun0 -m conntrack --ctstate NEW -j ACCEPT
22:03 < Stigmagr> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
22:03 < Stigmagr> that where the forward rules
22:03 < Poster> can you confirm on your linux host that 10.8.0.1 is assigned to the device named tun0 ?
22:04 < Stigmagr> how do i do that?
22:04 < Poster> ifconfig tun0
22:04 < Stigmagr> [root@host ~]# ifconfig tun0
22:04 < Stigmagr> tun0: error fetching interface information: Device not found
22:04 < Poster> ok I bet it's tap0
22:04 < Poster> try
22:04 < Stigmagr> actually the vpn is set to tap
22:04 < Poster> ifconfig tap0
22:05 < Stigmagr> ye its tap
22:05 < Poster> ok that would be it
22:05 < Stigmagr> 100%
22:05 < Stigmagr> i set it my self
22:05 < Stigmagr> lol i wanna try
22:05 < Poster> so on your /etc/sysconfig/iptables file, let's update line 15
22:05 < Stigmagr> i think banco did not notice that cause he was sleepy and i am dump cause i saw it and didnt speak up
22:05 -!- qg_ [~qg_@c-73-43-119-1.hsd1.ga.comcast.net] has joined #openvpn
22:05 < Poster> -A FORWARD -s 10.8.0.0/24 -i tap0 -m conntrack --ctstate NEW -j ACCEPT
22:05 < Stigmagr> what to do now restore iptables 1st?
22:06 < Poster> edit /etc/sysconfig/iptables, replace line 15 with ^^^
22:06 < Poster> just change tun0 to tap0
22:06 < Stigmagr> shouldnt i do it from command line?
22:06 < Stigmagr> like iptables -D FORWARD 3
22:06 < Poster> admittedly I don't use iptables-save
22:06 < Poster> yeah you can try that
22:06 < Poster> but the forward chain is currently empty
22:06 < Stigmagr> i should restore it first though?
22:06 < Poster> yeah restore
22:07 < Stigmagr> iptables-restore > /etc/sysconfig/iptables?
22:07 < Poster> might be :O
22:07 < Poster> I've always just edited /etc/sysconfig/iptables
22:07 < Poster> which probably is a bad practice
22:07 < Stigmagr> iptables-restore < /etc/sysconfig/iptables
22:07 < Stigmagr> it was that
22:08 < Stigmagr> bulcrap
22:08 < Stigmagr> client still has internet
22:08 < Stigmagr> so it restored shit
22:08 < Stigmagr> :p
22:08 < Stigmagr> there is no iptables file now :D:D
22:08 -!- qg__ [~qg_@2600:1005:b01c:b3ac:61e4:93bd:142d:5fe4] has quit [Ping timeout: 260 seconds]
22:08 < Poster> ok go ahead and restore it from your paste
22:08 < Poster> http://pastie.org/private/nlstrku2wiql75oyvjjxdw#15-16,18
22:09 < Poster> while in there, just change tun0 to tap0
22:09 < Poster> from there, I think "service iptables restart"
22:13 < Stigmagr> Poster: HOHO ITS WORKING! :D
22:13 < Poster> ok cool
22:14 < Stigmagr> lemme paste the cat
22:14 < Poster> just crank out rules for your VPN range to your public range and you should be set
22:14 < Stigmagr> Poster: http://pastie.org/private/aat4mt9dqdwp8qpimchcq
22:14 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has quit [Remote host closed the connection]
22:14 < Stigmagr> check it out a bit please
22:14 < Poster> yeah I think you're good there
22:15 < Stigmagr> :D:D:D:D
22:15 < Stigmagr> lemme ask
22:15 < Stigmagr> is there anyway to add multiple rules with a bash script?
22:15 < Poster> sure
22:15 < Stigmagr> cause it will be a pain to add 123 more rules
22:15 < Stigmagr> :D
22:15 < Stigmagr> how would i do that?
22:15 < Poster> the quickest is actually to adjust the VPN range last octet to match the public
22:16 < Stigmagr> mm
22:16 < Stigmagr> any examples?
22:16 < Poster> if you can update your OpenVPN configuration to hand out starting 129 and ending at 191
22:16 < Poster> so I think you have 10.8.0.2-10.8.0.x
22:17 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has joined #openvpn
22:17 < Stigmagr> how would the iptables look like for that?
22:17 < Poster> so I was going to suggest a quick bash loop
22:17 < Stigmagr> tbh
22:17 < Stigmagr> i can just write a software in c# that will print everything
22:18 < Stigmagr> and then just copy paste them in iptables
22:18 < Stigmagr> thats reliable as well
22:18 < Poster> hang on
22:18 < Stigmagr> ok
22:18 < Poster> for n in $(seq 129 190); do echo iptables -t nat -A POSTROUTING -s 10.8.0.$n -j SNAT --to-source 31.22.115.$n ; done
22:19 < Poster> that will map 10.8.0.129 to 31.22.115.129 .. 10.8.0.190 to 31.22.115.190
22:19 < Stigmagr> mmm
22:19 < Stigmagr> can i use 2 subnets in openvpn?
22:20 < Poster> yep
22:20 < Stigmagr> 10.8.0.128/26 and 10.8.1.128/26?
22:20 < Poster> I think you may need two instances
22:20 < Poster> but yeah you can do that
22:20 < Stigmagr> cause i have 31.22.115.x and 31.22.119.x
22:20 < Poster> sure
22:20 < Poster> you don't have to do the 1:1 mapping
22:20 < Poster> it's just quick
22:20 < Stigmagr> ye
22:21 < Stigmagr> if i directly paste lines on the iptables file
22:21 < Stigmagr> will that be ok?
22:21 < Poster> yeah, though the loop I shared will not
22:21 < Poster> it's slightly modified, if you want to paste-
22:22 < Poster> for n in $(seq 129 190); do echo -A POSTROUTING -s 10.8.0.$n -j SNAT --to-source 31.22.115.$n ; done
22:22 < Stigmagr> nah not from a batch
22:22 < Poster> then paste that below the other "-A POSTROUTING" rule
22:22 < Poster> ok if you want it to execute, just drop the "echo" portion
22:22 < Poster> it'll apply the rules
22:23 < Stigmagr> ok
22:23 < Stigmagr> you have been SOOOOOOO Helpful :)
22:23 < Stigmagr> thank you so much bro seriously
22:23 < Poster> we can write a better loop too
22:23 < Stigmagr> I am very very happy right now
22:23 < Poster> yeah it's np
22:23 < Stigmagr> this configuration is so much easier than the god damn routes
22:23 < Poster> root issue was a mismatch of interface name
22:24 < Stigmagr> i would like a loop like the following which i would use in c#
22:24 < Poster> yeah iproute2, while powerful, can become complicated
22:24 < Poster> yeah if you have a preferred method, by all means go for it
22:24 < Stigmagr> yep it is much simpler for me with c# and i will just paste the text in iptables after
22:24 < Stigmagr> :)
22:24 < Stigmagr> then i will not have to use 2 subnets as well
22:25 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has quit [Remote host closed the connection]
22:25 < Poster> yeah that's fine too
22:25 < Poster> but you have the important parts now
22:25 < Poster> should be able to stretch it for your need
22:25 < Stigmagr> yep
22:25 < Stigmagr> i have the everything i need now
22:25 < Stigmagr> extactly
22:25 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has joined #openvpn
22:25 < Stigmagr> thank you sooooooo much seriously
22:25 < Poster> yeah np
22:25 < Poster> have fun
22:25 < Stigmagr> <3
22:29 < Stigmagr> poster lemme ask you something else does openvpn reveal the actual ip anywhere?
22:43 -!- qg_ [~qg_@c-73-43-119-1.hsd1.ga.comcast.net] has quit [Ping timeout: 260 seconds]
22:45 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
23:12 -!- Stigmagr [57ca59ce@gateway/web/cgi-irc/kiwiirc.com/ip.87.202.89.206] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
23:40 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
23:42 -!- ShadniX [dagger@p5481DA51.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:43 -!- ShadniX [dagger@p5DDFECA0.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sat Dec 05 2015
00:07 < Poster> OpenVPN itself, I don't think so
00:07 < Poster> internal addresses can leak out via other systems, things like email, etc
00:13 < mystica555> openvpn only knows about the ips of its endpoints, like any router would. routers don't expose ips unless you explicitly configure bgp or ospf or osmething on them to do such
00:13 < mystica555> and openvpn could indeed tunnel such traffic; you must run the services yourself in addition
00:13 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:20 -!- wkts [~wkts@45.55.231.187] has joined #openvpn
00:25 -!- lotharn5 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
00:25 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
00:42 -!- quarters [4ceae415@gateway/web/freenode/ip.76.234.228.21] has joined #openvpn
00:42 < quarters> hello
00:42 < quarters> I was wondering if the CA cert on the client should be identical to that found on the server
00:42 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
00:42 < quarters> !welcome
00:42 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
00:42 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
00:43 < quarters> !goal
00:43 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
00:48 < quarters> I'm trying to setup openvpn so that I can access a LAN through dd-wrt, which has openvpn already baked into it
00:52 -!- quarters [4ceae415@gateway/web/freenode/ip.76.234.228.21] has quit [Ping timeout: 252 seconds]
01:03 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
01:11 -!- mystica555_ [~mystica55@75-166-101-13.hlrn.qwest.net] has joined #openvpn
01:12 -!- mystica555 [~mystica55@174-16-116-90.hlrn.qwest.net] has quit [Ping timeout: 245 seconds]
01:33 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
02:14 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Quit: He who dares .... wins.]
02:21 -!- mystica555_ [~mystica55@75-166-101-13.hlrn.qwest.net] has quit [Remote host closed the connection]
02:22 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has joined #openvpn
02:54 -!- freedon2 [~qwerty@46.166.190.141] has joined #openvpn
02:54 < freedon2> hi
02:54 < freedon2> just wondering if anyone had a moment to help me setup openvpn server on a netgear r7000 router
02:54 < freedon2> pls and thanks
02:55 < freedon2> ive entered ca cert, public server certm, private server key and dh pem into the OpenVPN Server/Daemon section of ddwrt
03:24 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:25 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
03:28 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Quit: “If we don't believe in freedom of expression for people we despise, we don't believe in it at all — Noam Chomsky”]
03:34 < wizbit> I think I've figured out why OpenVPN CPU is high when transfering large files. If I transfer a large file on WLAN at 35Mbits/sec OpenVPN CPU usuage slowly rises and peaks at around 45%. If I transfer a large file on LAN at 75Mbits/sec Open CPU usuage slowly rises until the cpu is hitting 100%. So my OpenVPN setup is capable of around 50Mbits/sec before the CPU hits 100%.
03:34 -!- freedon2 [~qwerty@46.166.190.141] has quit []
03:34 < wizbit> Is there a way to limit OpenVPN bandwidth per user?
03:36 < wizbit> Also, does 50Mbits/sec sound about right for a EPIA VIA 1200Mhz CPU?
03:37 < mystica555> 1: not aware of mechanisms within openvpn to do this; you can always mangle packets in iptables/tc.. 2: yea, that sounds about right for an epia
03:38 < wizbit> aye thats good, have to rememeber file transfers and downloads will always try to eat as much bandwidth as possible
03:38 < wizbit> so i will try and add a limiter on pfsense so users cant drain bandwidth and eat cpu
03:39 < wizbit> 10Mbits/sec for 5x users sounds good enough
03:49 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
03:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
03:54 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
03:54 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
04:44 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
04:48 -!- kloeri [kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn
05:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
05:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:30 -!- drwx [~drwx@unaffiliated/drwx] has quit [Ping timeout: 260 seconds]
05:31 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 245 seconds]
05:36 -!- drwx [~drwx@unaffiliated/drwx] has joined #openvpn
05:44 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
05:52 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
05:56 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
05:58 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
05:59 -!- drgr33n [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has joined #openvpn
06:00 < drgr33n> Just wanted to ask here again. Banco gave me a little help last night but after another few hours tweaking mss/mtu I'm still ettin zero length packets no matter what I do :(
06:01 < drgr33n> I've setup a tunnel to a vm within vCloud director. Everythin connects fine and I can ping every machine as expected but when I try to connect to a service eveything times out.
06:03 < drgr33n> When sniffing the connection from the server and the client, I can see packets coming through but anythin TCP related is zero length with invalid checksum :(
06:03 < drgr33n> I've tried turning off tx / rx checksum on the virtual adapters
06:04 < drgr33n> http://pastebin.com/p4NU5HnB
06:04 < drgr33n> http://pastebin.com/NaupuYPk
06:05 < drgr33n> http://pastebin.com/UF01PSAg
06:05 < drgr33n> They are links to various packet dumps as directed by banco
06:06 < drgr33n> Proper head scratcher
06:26 -!- ShadniX [dagger@p5DDFECA0.dip0.t-ipconnect.de] has quit [Quit: Bye.]
06:27 -!- ShadniX [dagger@p5DDFECA0.dip0.t-ipconnect.de] has joined #openvpn
06:43 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
06:54 < banco> drgr33n: try to disable offloading and see the tcpdump output
06:54 < banco> https://sokratisg.net/2012/04/01/udp-tcp-checksum-errors-from-tcpdump-nic-hardware-offloading/
06:54 <@vpnHelper> Title: TCP / UDP Checksum errors from tcpdump | Techie In IT (at sokratisg.net)
06:54 < banco> http://sandilands.info/sgordon/segmentation-offloading-with-wireshark-and-ethtool
06:54 <@vpnHelper> Title: Segmentation and Checksum Offloading: Turning Off with ethtool | Steven Gordon (at sandilands.info)
06:55 < drgr33n> Already done this
06:55 < drgr33n> It could be a case of the third parties equipment has this set somewhere I don't have access
06:55 < banco> drgr33n: and the checksum is still incorrect?
06:55 < drgr33n> Yes
06:56 < banco> drgr33n: you did it for tun interfaces, right?
06:56 < drgr33n> Won't let me theose values are fixed
06:58 < drgr33n> But rx / tx checksum offloading is off by default
07:01 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
07:02 -!- drgr33n_ [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has joined #openvpn
07:02 < drgr33n_> Sorry when I fook about with vpn it seems to disconnect me too :(
07:03 < drgr33n_> Just checked both ends and I can confirm tx / rx checksum offloading is off both ends
07:03 < drgr33n_> for the virtual and physical adapters
07:05 -!- drgr33n [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has quit [Ping timeout: 252 seconds]
07:05 < drgr33n_> lol
07:05 < drgr33n_> I'm still here :D
07:07 < banco> drgr33n_: can you check tcpdump on both sides - sending and receiving at the same time?
07:07 < drgr33n_> Yes
07:07 < drgr33n_> But it's always the same
07:08 < drgr33n_> 0 lengh and checksum invalid
07:08 < drgr33n_> tx checksum is on on tun0 on the client by the way but won't let me change it :(
07:11 < drgr33n_> Just humor me but could it be my laptop
07:11 < drgr33n_> I've just noticed I can't change any values with ethtool. Most is off but tx checksum is fixed
07:12 < drgr33n_> When I connected within the office I was on a different machine
07:12 < drgr33n_> My laptop is one of these intel frankensteins with two gpus lol
07:12 < drgr33n_> one intel and one nvidia
07:13 < drgr33n_> But could it be some issue with the hardware in my laptop ?
07:13 < drgr33n_> Trust me I've been through every link on google and tried adjusting everything with the same results
07:15 < drgr33n_> either that or checksum offloading is on the bridge.
07:15 < drgr33n_> http://www.hypervizor.com/2010/09/diagram-vmware-vcloud-director-networking-architecture/
07:15 <@vpnHelper> Title: Diagram: VMware vCloud Director Networking Architecture | HYPERVIZOR (at www.hypervizor.com)
07:15 < drgr33n_> thats a link to vclouds network topology
07:21 -!- HSaka [~textual@unaffiliated/hsaka] has joined #openvpn
07:22 < HSaka> Hello, I´m trying to find any startup script for my openvpn on the net for my debian server. But I can´t seem to find any that works. Do you guys have any recommendations?
07:22 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
07:29 < drgr33n_> yey confirmed
07:29 < drgr33n_> on my desktop it works as it should !!!
07:29 < drgr33n_> fookin
07:29 < drgr33n_> thing
07:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
07:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
07:35 -!- repozitor [~repozitor@unaffiliated/deadperson] has joined #openvpn
07:36 < repozitor> hey  buddies, can i ask something about client version?
07:36 < repozitor> i have setup client using shimo application(one of openvpn client)
07:37 < drgr33n_> Now got to figure out if it's a software or hardware issue :/
07:37 < repozitor> and i set it to use sock-proxy 8080 on my localhost
07:37 < banco> drgr33n_: maybe something to do with the laptop NIC
07:37 < drgr33n_> But thats another day thanks for your help banco !! If I could I'd send you some cash for your time !!
07:37 < repozitor> but, when my client connected successfuly to server, all connection will disconnected
07:37 < drgr33n_> Yea I was thinking that
07:37 < repozitor> so how can i fix this/
07:38 < drgr33n_> I would say it's hardware because I cannot turn off tx checksum on the adapter :(
07:38 < banco> drgr33n_: try to find external nic or connect via wireless interface
07:38 < drgr33n_> It was my wireless I was connected with
07:38 < banco> drgr33n_: do you have ethernet port?
07:39 < drgr33n_> I haven't tried ethernet yet.
07:39 < drgr33n_> Yes I'll try now
07:39 -!- repozitor [~repozitor@unaffiliated/deadperson] has left #openvpn []
07:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
07:41 -!- Stigmagr [57ca59ce@gateway/web/cgi-irc/kiwiirc.com/ip.87.202.89.206] has joined #openvpn
07:41 < Stigmagr> hello
07:41 < Stigmagr> banco: hello! :)
07:41 < banco> Stigmagr: hi
07:41 < banco> Stigmagr: seems like you make it work
07:41 < Stigmagr> banco: i fixed it with snat only without routing
07:42 < banco> Stigmagr: that's good
07:42 < Stigmagr> banco: i have an answer from my isp as well
07:42 < Stigmagr> banco: the subnets i have are all routed to my server via the main subnet 31.22.112.0
07:42 < Stigmagr> banco: so all of them have the same GW 31.22.112.1
07:43 -!- drgr33n_ [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has quit [Ping timeout: 252 seconds]
07:43 < Stigmagr> banco: is there any way that vpn is detectable via flash?
07:44 < Stigmagr> Poster: hello mate
07:45 -!- drgr33n [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has joined #openvpn
07:45 < drgr33n> Confirmed not working on ethernet via my laptop too
07:48 < drgr33n> Sooo could be a kernel module, openvpn or hardware error. I'll debug and keep you posted. Thanks again banco
07:49 < banco> Stigmagr: yes, flash can reveal that you're using vpn and leak your ip behind vpn
07:50 < Stigmagr> banc: is there anyway to avoid this?
07:50 < Stigmagr> with openvpn
07:50 < Stigmagr> ?
07:50 < banco> drgr33n: maybe it's something to do with the system, try to check on the same livecd from the laptop and from desktop
07:51 < banco> Stigmagr: no, only to disable flash
07:51 < HSaka> Hello, could any of you by chance give me some help with autostartup openvpn?
07:52 -!- drgr33n [50e5aef1@gateway/web/freenode/ip.80.229.174.241] has quit [Ping timeout: 252 seconds]
07:52 < Stigmagr> banco: flash is able to reveal the usage of vpn what ever way we setup the openvpn then eh?
07:53 -!- toli_ [~toli@ip-81-11-248-215.dsl.scarlet.be] has joined #openvpn
07:53 < banco> HSaka: describe your problem, maybe someone will help
07:53 < banco> Stigmagr: yes
07:55 < banco> Stigmagr: though you can use VM on the client connected to the openvpn server and work from VM
07:55 < banco> Stigmagr: they it won't leak hat you use VPN
07:56 -!- toli [~toli@ip-62-235-241-54.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
07:56 -!- toli_ is now known as toli
07:56 < HSaka> banco: I have downloaded vpn from pia(private internet access) and make it run. Now I´m trying to make it auto run, everytime i start my linux server.  I have tried many different startup script with no luck. I was hoping any of you could give me advice how I could fix it.
07:56 < banco> Stigmagr: but it may cause some troubles for clients, because they will need to work from VM
07:59 < Stigmagr> banco: how should i do that? open the openvpn gui from host and then fire up a vm to get the ip ?
07:59 < Stigmagr> banco: clients already use vms
08:00 < Stigmagr> banco: but they connect to the openvpn gui through the vm
08:00 < Stigmagr> banco: flash for some reason still detects the vpn, what is the solution you mean?
08:01 < banco> Stigmagr: they have a few VM running on their host system and inside the guest systems they connect to the VPN?
08:01 < banco> Stigmagr: then they'll need to use VM inside VM
08:01 < Stigmagr> banco: yes
08:01 < Stigmagr> banco: i see
08:01 < banco> Stigmagr: if you want to read more about it, then read about whonix
08:01 < Stigmagr> whonix?
08:02 < banco> Stigmagr: and their considerations about anonymity
08:02 < Stigmagr> banco: https://www.whonix.org/ ?
08:02 <@vpnHelper> Title: Whonix - Anonymous Operating System (at www.whonix.org)
08:02 < banco> Stigmagr: yes
08:02 < Stigmagr> banco: they mention things like that inside?
08:03 < Stigmagr> banco: thanks for the information bro! :)
08:03 < banco> Stigmagr: yeah, they mention the problems lile this
08:05 < banco> Stigmagr: read the info section there, for example:
08:05 < banco> https://www.whonix.org/wiki/Security_Guide
08:05 <@vpnHelper> Title: Security Guide - Whonix (at www.whonix.org)
08:05 < banco> https://www.whonix.org/wiki/Warning
08:05 <@vpnHelper> Title: Warning - Whonix (at www.whonix.org)
08:05 < banco> https://www.whonix.org/wiki/Design
08:05 <@vpnHelper> Title: Design - Whonix (at www.whonix.org)
08:08 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:09 < banco> HSaka: do you have linux server, on which you run your OpenVPN client with config file, that you get from pia vpn provider?
08:10 < HSaka> banco: Yes I have a linux server, debian server. Yes I run the config file that I got from pia vpn provider. I´m trying to use it together with openvpn.
08:11 < banco> HSaka: did you start the OpenVPN client from console like this? openvpn --config myy.conf
08:12 < HSaka> banco: No, i started like this : openvpn London.ovpn
08:12 < banco> HSaka: did you install openvpn on your debian system from package?
08:12 < banco> HSaka: do you have /etc/init.d/openvpn file?
08:12 < HSaka> banco: yes I did.
08:13 < HSaka> banco: Yes I do, I´ve tried different script on the internett, but none of them seems to work for me.
08:13 < banco> HSaka: rename the London.ovpn file to London.conf and move this file in /etc/openvpn folder
08:14 < banco> HSaka: then try to start the openvpn whit /etc/init.d/openvpn start
08:16 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
08:16 < HSaka> I think my script in /etc/init.d/openvpn is wrong
08:16 < HSaka> banco: I think my /etc/init.d/openvpn is wrong
08:17 < HSaka> banco: the script
08:18 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
08:19 < banco> HSaka: did you replace the original script with somethin else?
08:19 < HSaka> banco: I think I did, how can i replace it back to original?
08:19 < banco> HSaka: then purge openvpn and install in anew
08:20 < Stigmagr> banco: i dont need to use whonix in order to do what we said right? if i setup a windows vm and an other vm inside that vm it is still fine right?
08:20 < banco> HSaka: apt-get purge openvpn && apt-get install openvpn
08:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:22 < HSaka> banco: okey done. Now i try and run it again?
08:24 < banco> Stigmagr: you don't need to use whinox, you need to find their consideration about using VM to not leak your IP and you don't need their main funclions to provide anonymity
08:24 < banco> Stigmagr: they use two VMs to not leak the host machine IP
08:24 < banco> Stigmagr: one VM is GW and second VM is the workstation
08:24 < Stigmagr> banco: so a vm with openvpn and a piggybacked vm inside that vm should work right?
08:25 < Stigmagr> banco: the workstation should nat to the 1st?
08:25 < banco> Stigmagr: don't remember their reasons to do it like this, try to read about it
08:25 < HSaka> banco: Okey it works now, how can i make it autostart on reboot/startup?
08:25 < banco> Stigmagr: yes, you need to use NAT there
08:26 < Stigmagr> banco: the 1st vm should also nat to the router's ip?
08:26 < banco> HSaka: can you start the openvpn with script?
08:26 < HSaka> banco: is it posslbe to do update-rc.d defaults or something?
08:26 < HSaka> banco: yes I can.
08:26 < banco> HSaka: you don't need update-rc.d defaults, it already should be configurated
08:26 < banco> HSaka: just try to restart
08:27 < HSaka> okey :)
08:27 < banco> HSaka: it should work
08:27 < HSaka> Restarting now :)
08:27 < banco> Stigmagr: Yes, it's like this: Host system -> NAT -> GW VM -> NAT -> Workstation VM
08:28 < Stigmagr> banco: cool thanks mate
08:28 < banco> Stigmagr: though I don't know if you need this setup
08:28 < banco> Stigmagr: maybe you won't need GW VM
08:28 < banco> Stigmagr: read about their reasons for this setup
08:29 < Stigmagr> banco: ok :)
08:30 -!- s7eele [~AndChat52@104.156.228.79] has quit [Remote host closed the connection]
08:30 < HSaka> banco: thanks it works! But could you explain to my, how it autostart openvpn when I haven´t added it to autostart?
08:30 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
08:31 < banco> HSaka: when you installed the package, it copied openvpn script in /etc/init.d folder and run update-rc.d defaults /etc/init.d/openvpn
08:31 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:32 < HSaka> I see :9
08:32 < HSaka> Thank you very much for your help!
08:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
08:37 < banco> Stigmagr: maybe the best way will be to do like they did: on host machine create 2 VM - one for GW on which you will connect to the VPN and on the second - workstation from which you will work in the internet via GW VM
08:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:40 < Stigmagr> banco: and not vm inside vm?
08:41 < Stigmagr> banco: if vm inside vm works its the best for me because i can create a software that will run inside the gw vm and will connect to openvpn and open a new vm as well that will be the workstation vm
08:41 < banco> Stigmagr: VM inside VM will consume more resources
08:42 < banco> Stigmagr: with 2 independed VMs you can run GW with smal amount of resources
08:42 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
08:43 < autrilla> Hello! I have ping 1 and ping-restart 5, but when my network goes down, openvpn doesn't try to reconnect. I see traffic trying to flow towards my server, I guess those are ping attempts, but there's no pong.
08:43 < autrilla> !goal
08:43 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
08:44 < banco> autrilla: check the logs from client and server
08:44 < autrilla> Okay, my goal is making my connection more reliable. My ISP changes my WAN every 2h, so I get disconnected from services every 2 hours.
08:44 < autrilla> banco: the client does nothing. The server also does nothing.
08:47 < banco> autrilla: is openvpn still running and does nothing or not running at all?
08:48 < banco> autrilla: if running - there should be logs
08:48 < autrilla> This is my client's config http://sprunge.us/jHSX, and this is my server's: http://sprunge.us/TKNB
08:50 < autrilla> banco: it is running.
08:50 < autrilla> But nothing gets appended to the logs
08:55 < banco> autrilla: enable logging - the log option
08:55 < autrilla> banco: it's all logged to systemd's journal already
08:55 < banco> autrilla: also, increase ping-restart in the client config
08:55 < autrilla> banco: to how much?
08:55 < autrilla> and why?
08:57 < banco> autrilla: maybe it just keep restarting because it can't ping the remote
08:58 < banco> autrilla: do you see the openvpn logs in systemd journal?
08:58 < autrilla> banco: yes
08:58 < autrilla> banco: and it works fine until I disable my network iface, remove the networkmanager dhcp lease, and enable it again
08:59 < banco> autrilla: when the network goes sown you don't see any logs?
09:00 < banco> goes down*
09:00 < autrilla> banco: I don't.
09:00 < autrilla> The logs just stay on Initialization sequence completed, from the last time I connected
09:00 < banco> autrilla: then enable logs explicitly
09:00 < autrilla> Then, if I manually restart, with systemctl restart openvpn@client, it goes back again
09:00 < banco> add log /var/log/openvpn.log
09:00 < autrilla> banco: verb 9 or what?
09:01 < banco> verb 4 is enough
09:01 < autrilla> Okay
09:02 -!- dan_j [sid21651@gateway/web/irccloud.com/x-lzylwrhszhqnqzhh] has quit [Ping timeout: 260 seconds]
09:06 -!- dan_j [sid21651@gateway/web/irccloud.com/x-ttxcevqrnitxsxzu] has joined #openvpn
09:07 < autrilla> banco: http://sprunge.us/SbgV
09:07 < autrilla> banco: that just keeps looping after a disconnect
09:08 < autrilla> I guess the inactivity timeout is too small? Is there a way for it to wait until it fully connects before it starts the timeout?
09:11 < banco> autrilla: is server running?
09:11 < banco> autrilla: check the server log
09:14 < banco> autrilla: and can you even ping the 188.166.112.145 when openvpn can't reconnect?
09:15 < Sakyl> Is there a way to tell openvpn, that it sould route via a proxy if there is a *.com in a domain?
09:17 < banco> Sakyl: do you need it for browser only?
09:18 < Sakyl> The *.com stuff, yeah
09:19 < banco> Sakyl: then do it with browsers extensions, for example foxyproxy
09:19 < Sakyl> I live in germany and want to make a setup, so i can watch netflix and youtube easily... Without a complicated setup for my family - so i enter the vpn access at the router and want to route special requests via my american prox
09:20 < Sakyl> Basically: Router->VPN->Is *.com?->Proxy->else->normal
09:22 < banco> Sakyl: you can do in in the browser extension
09:23 < autrilla> banco: okay. The server is running. I tried disconnecting at 10 minutes past. After that, 188.166.112.145 was inaccessible from my PC. At 14 past, four minutes later, I restarted openvpn through systemd, and proceeded to check the logs. There was nothing there from 9 past to 14 past.
09:23 < Sakyl> There is no Browser Extension for Playstations, most Smartphones, Chromecasts etc. And installing and maintaining these at all the devices in our network... Not interested :D Want to simplify that. Just configuring my servers
09:23 < autrilla> So the server isnt getting reconnection attempts
09:25 < autrilla> 188.166.112.145 is probably inaccessible because it tries to access it through the VPN
09:26 < autrilla> which is down
09:29 < banco> Sakyl: use squid on router then and select router as proxy on your devices
09:30 < Sakyl> I already got squid set up. I dont want to route anything via the proxy, because it hase a limited bandwith. I just want to route *.com connections.
09:31 < banco> Sakyl: you can configure squild to route *.com connections via one more proxy and everithyng else via normal
09:32 < Sakyl> Ah - so i set up a proxy on the same server as the openvpn. i connect the openvpn to the local proxy and put a rule on that local proxy, that if a *.com connection is there, it should be routed to the american proxy
09:35 < banco> Sakyl: yes
09:35 < Sakyl> Nice - thanks for the infos!
09:36 < banco> autrilla: check your network configuration on VPN client, what're you doing with in after you connectiong to the VPN server
09:36 < autrilla> banco: ?
09:36 < banco> "and it works fine until I disable my network iface, remove the networkmanager dhcp lease, and enable it again"
09:38 < autrilla> banco: yes?
09:38 < banco> autrilla: after these actions you lose you can't access 188.166.112.145 from your VPN client?
09:40 < autrilla> banco: correct
09:41 < banco> autrilla: so try to do this to your iface without connection to the VPN server
09:41 < banco> autrilla: seems like you just ruin your network connection and this is not a openvpn problem
09:42 < autrilla> banco: with openvpn stopped, if I do that, I just miss a ping packet, but it works fine afterwards
09:42 < Sakyl> banco: I don't find anything to make openvpn route thorugh a proxy so PC->VPN->Proxy - you got any documentation?
09:42 < autrilla> however, with openvpn running, if I do that while running ping, I won't get any responses after restarting my interface
09:46 < banco> autrilla: what if you stop openvpn at this point, will you be able o ping again?
09:46 < autrilla> good question, let me check
09:46 < banco> Sakyl: what's your connection again?
09:47 < autrilla> banco: okay, yes
09:47 < banco> Sakyl: PC - Router - VPN - [ internet OR internet via proxy]?
09:47 -!- johnny56_ is now known as johnny56
09:48 < Sakyl> exactly: PC - WiFi Box/Router - VPN - [boring german internet or american proxy]
09:48 < banco> autrilla: seems like something wuth your routes
09:49 < autrilla> banco: can I tell openvpn to execute something before reconnecting?
09:49 < banco> autrilla: check your routes before you connected to the vpn and after
09:49 < banco> autrilla: --up-restart
09:50 < autrilla> http://sprunge.us/NjLA without open vpn
09:51 < banco> Sakyl: so you need to install on the router the squid and configure the squid so it will route *.com traffic via american proxy and all other just via german internet
09:51 < autrilla> And with openvpn http://sprunge.us/CePK
09:52 < Sakyl> banco: The easiest way, at least for me, would be, to route behind the vpn. So decide at the vpn where to route
09:52 < banco> Sakyl: and on PC you need to set in brouser settings to use router as proxy
09:53 < banco> Sakyl: do you have it like this? PC - Router (VPN Client) - Your server in the internet (VPN Server) - [ german internet or american proxy ]
09:54 < banco> well, you can install the squid on your VPN server then
09:56 < banco> autrilla: what is your routes when you disable/enable the network iface ant the openvpn client start to reconnecting in the loop
09:59 < Sakyl> banco: Thats what i just did. But how do i route the vpn traffic through the squid
10:00 < autrilla> banco: http://sprunge.us/OBWR
10:04 < banco> Sakyl: google it, there is some guides
10:05 < autrilla> banco: so as far as I can tell, those routes will route absolutely everything through the VPN. So it's trying to reconnect to the VPN through the VPN?
10:06 < banco> autrilla: yes, but on iface down the routes should be deleted
10:07 < banco> autrilla: also, the problem is, that you lose this route "188.166.112.145 via 10.4.11.1 dev enp0s25"
10:07 < banco> after iface down/up
10:09 < banco> autrilla: try to remove last 3 options from the client config
10:09 < banco> ping 1
10:09 < banco> ping-restart 4
10:09 < banco> explicit-exit-notify 3
10:09 < banco> and check again
10:15 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
10:18 < Sakyl> banco: Thats my problem i didnt find anything... Just the other way around - so Proxy-VPN
10:18 < autrilla> banco: yeah, it was the route missing
10:26 < banco> Sakyl: the idea is like this:
10:26 < banco> for example, the OpenVPN server have the address 10.8.0.1 in the VPN network
10:26 < banco> you configure the local devices in the LAN behind router to use address 10.8.0.1 as proxy server
10:26 < banco> you install on the VPN server the squid and configure it to route some content (*.com) via another proxy like this:
10:26 < banco> https://aacable.wordpress.com/2011/10/15/howto-redirect-audiovideo-or-some-contents-to-another-proxy-using-squid/
10:26 <@vpnHelper> Title: Howto redirect audio/video or some contents to another proxy using SQUID | Syed Jahanzaib Personal Blog to Share Knowledge ! (at aacable.wordpress.com)
10:27 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:28 -!- tapout [~tapout@unaffiliated/tapout] has joined #openvpn
10:32 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
10:32 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
10:32 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.3]
10:33 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
10:33 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
10:34 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
10:42 -!- allizom [~Thunderbi@95.234.175.172] has joined #openvpn
10:49 -!- Sakyl [~Sakyl@unaffiliated/sakyl] has quit [Ping timeout: 276 seconds]
10:53 < autrilla> Does compression add a lot of latency?
10:54 < banco> autrilla: no
10:54 < autrilla> Mkay, I get 20ms without my vpn and 40 with it
10:54 < autrilla> It's probably due to latency to my vpn being higher than latency to google directly
10:58 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Read error: Connection reset by peer]
11:06 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
11:13 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:29 < autrilla> banco: why did you tell me to remove the ping and ping-restart optins?
11:29 < autrilla> options*
11:29 < autrilla> As it is right now, it does restart, but it takes a very long time until it does
11:30 < banco> autrilla: just to try it, when it restart is it the same and don't remove the routes?
11:30 < autrilla> banco: yes, it works perfectly after it restarts, but it takes a while to do so
11:31 < banco> autrilla: and if you uncomment those options back it will work as well?
11:31 < banco> autrilla: or it won't work and will loop restart?
11:31 < autrilla> banco: I have to wait around 2hours to get a new WAN IP, I guess I'll know then
11:31 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-esxystjoczsznawe] has quit [Ping timeout: 260 seconds]
11:32 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
11:33 < banco> autrilla: the default ping-reset option is 120 seconds
11:33 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-jidgvjhdjyrosuuc] has joined #openvpn
11:34 < banco> autrilla: if with ping-reset 10 it won't work, but with ping-reset 120 it works, then just decrease the parameter so it will be the minimum working value
11:36 -!- allizom [~Thunderbi@95.234.175.172] has quit [Quit: allizom]
11:43 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
11:54 < autrilla> Is there a way to set ping to some value smaller than 1?
11:54 < banco> autrilla: no
11:54 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has joined #openvpn
11:54 < banco> autrilla: though, I didn't try
11:54 < banco> autrilla: give it a try with 0.5
11:55 < autrilla> banco: no, that didn't work :p
11:55 < banco> autrilla: then no
11:55 < autrilla> I have problems with my client restarting
11:55 < autrilla> When I have keepalive 1 5
11:55 < autrilla> Although ICMP packets get to my server just fine
12:00 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
12:01 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:12 -!- L0uk3 [~lukethedr@unaffiliated/lukethedrifter] has quit [Quit: bis später]
12:32 -!- HSaka [~textual@unaffiliated/hsaka] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:35 < autrilla> !mailing-list
12:36 < autrilla> how do I send a message to the mailing list?
12:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
12:37 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:37 -!- mode/#openvpn [+o mattock1] by ChanServ
12:46 < banco> autrilla: https://lists.sourceforge.net/lists/listinfo/openvpn-users
12:46 <@vpnHelper> Title: Openvpn-users Info Page (at lists.sourceforge.net)
12:49 -!- someone [~someone@somewhe.re] has joined #openvpn
12:57 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
13:03 -!- bambam [~root@mymojo.nl] has joined #openvpn
13:04 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
13:05 < bambam> !welcome
13:05 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:05 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:05 < bambam> !route
13:05 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
13:05 <@vpnHelper> client
13:06 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has joined #openvpn
13:06 < autrilla> You are not allowed to post to this mailing list, and your message has been automatically rejected. :(
13:08 < bambam> gday
13:08 < bambam> ive read thru the topics in the welcome msg
13:08 < bambam> dont think they apply to my situation so ill go ahead and ask
13:09 < bambam> im trying to access a remote openvpn host from my router
13:09 < bambam> ive managed to get the connection up ip changes as expected
13:09 < bambam> clients are able to communicate amongst eachother
13:09 < bambam> but as one of the items in the welcome msg suggest
13:10 < bambam> no way of contacting other servers behind the openvpn lan
13:10 < bambam> I am also running both networks on the same range (openvpnserver is also dhcp for its own local subnet as well as vpn clients)
13:11 < bambam> internet connection is also working and all clients can access the openvpn host
13:12 < bambam> !paste
13:12 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
13:17 < bambam> http://fpaste.org/297759/
13:17 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 246 seconds]
13:21 < banco> !tuntap
13:21 < banco> !taptun
13:21 < banco> ah, you're already using tap
13:22 < bambam> i think i might have used everything there is under the sun
13:22 < bambam> except the right config
13:22 < bambam> ipforwarding should also be enabled correctly if i can access the internet right
13:23 < banco> bambam: check if it's enabled:
13:23 < banco> sysctl -w net.ipv4.ip_forward
13:24 < banco> sry sysctl net.ipv4.ip_forward
13:24 < bambam> running bsd like system
13:24 < banco> freebsd?
13:24 < banco> osx?
13:24 < bambam> freebsd
13:24 < banco> sysctl net.inet.ip.forwarding
13:25 < bambam> 1
13:25 < banco> what about fw? ipfw/pf
13:27 < bambam> not completely sure about that part
13:27 < bambam> the system looks to be setup for nat
13:29 < banco> can you draw a diagram with your network connection and from where to where you're trying to connect
13:29 < bambam> firewall_enable="YES"
13:29 < bambam> firewall_type="OPEN"
13:29 < bambam> firewall_quit="NO"
13:29 < bambam> gateway_enable="YES"
13:29 < bambam> natd_enable="YES"
13:29 < bambam> natd_interface="em0"
13:30 < bambam> ok ill try and draw something up
13:31 < banco> what's the ipfw rules? ipfw -d -e list
13:37 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in]
13:43 < bambam> http://fpaste.org/297760/44213144/
13:44 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
13:46 < bambam> that last line looks like the firewall is closed :s
13:46 < bambam> while line 6 says its open
13:49 < banco> these rules are checked by their priority from 0 to 65535
13:50 < banco> so everything that wasn't denied before 65000 rule will be allowed by it
13:51 < autrilla> Is the mailing list owner perchance here?
13:52 < bambam> 00500 means *.1 to anywhere else is denied correct?
13:57 < banco> bambam: it's the IPv6 loopback
13:57 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
13:57 < banco> bambam: the ipfw doesn't seem to block anything that you need
13:58 < banco> bambam: so the problem is elsewhere
14:00 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Client Quit]
14:01 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has joined #openvpn
14:17 < Fusl> can someone help me increasing the upload/download speed of my openvpn setup? it's a very simple setup between 2 freebsd boxes, without cipher or auth ("auth none"/"cipher none"), but all i get through the link is 1 mbit/s (over udp, tested with iperf tcp inside the tunnel) on a 100 mbit/s link
14:43 -!- JackWinter_ [~jack@vodsl-11049.vo.lu] has joined #openvpn
14:45 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 260 seconds]
14:46 < Eugene> !gigabit
14:46 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
14:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
14:57 -!- jesopo [jess@lolnerd.net] has quit [Ping timeout: 264 seconds]
14:57 < bambam> hi banco
14:58 < bambam> tnx for verifing
14:58 < bambam> is there anywhere else that you could think of?
14:58 < bambam> everything else seems to work fine
15:00 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
15:01 -!- jesopo [jess@lolnerd.net] has joined #openvpn
15:06 < banco> bambam: draw the diagram of your network connection to understand from where to where you're connecting
15:26 -!- Dime|2 [~kvirc@cable-82-119-23-120.cust.telecolumbus.net] has joined #openvpn
15:26 < Dime|2> Hi everyone
15:29 < Dime|2> I was wondering if anyone could tell me, if it is possible to allow client-to-client connections from different openvpn instances on the same server
15:33 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
15:39 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
16:01 < bambam> @banco http://www.gliffy.com/go/publish/image/9589985/L.png
16:03 -!- HSaka [~textual@unaffiliated/hsaka] has joined #openvpn
16:05 < banco> bambam: so can you ping 192.168.250.2 and 192.168.250.1 from the PC in router LAN?
16:08 < bambam> yes
16:08 < bambam> and also mobile clients
16:11 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
16:13 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 260 seconds]
16:14 < banco> bambam: did you create bridge between em1 and tap0?
16:14 < bambam> yes
16:15 < bambam> no ip assigned
16:15 < banco> bambam: show your rc.conf
16:19 < bambam> http://fpaste.org/297778/
16:19 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
16:32 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
16:41 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
16:41 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
16:42 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Quit: Bye]
16:43 < Dime|2> Are connections from clients of different openvpn instances possible?
16:43 < Dime|2> I mean between clients
16:44 < banco> bambam: try to add this ipfw rule to bypass the nat for bridge:
16:44 < banco> ipfw -q add 30 allow all from any to any via bridge0
16:45 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
16:47 < bambam> no luck
16:47 < bambam> or do i need to restart openvpn
16:48 < banco> no
16:49 < banco> bambam: what if you add these as well:
16:49 < banco> ipfw -q add 31 allow all from any to any via em1
16:49 < banco> ipfw -q add 32 allow all from any to any via tap0
16:50 < bambam> nothing
16:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
16:51 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:01 -!- bambam [~root@mymojo.nl] has quit [Quit: Lost terminal]
17:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
17:11 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
17:17 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
17:18 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:26 -!- bambam [~root@mymojo.nl] has joined #openvpn
17:44 -!- bambam [~root@mymojo.nl] has quit [Quit: Lost terminal]
17:50 -!- HSaka [~textual@unaffiliated/hsaka] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:51 -!- isReKT2000 is now known as yes|i|am|isReKT2
17:52 -!- yes|i|am|isReKT2 is now known as |i|am|isReKT2000
17:57 -!- akurilin [~alex@208.80.70.250] has joined #openvpn
17:58 < akurilin> quick question: how doable is it for me to use one single instance of openvpn client to connect to multiple opevpn servers each pushing its own routes?
17:58 < akurilin> assuming those routes don't overlap
17:59 < akurilin> googling for the answer has been all over the place
18:01 < Dime|2> It is pretty straight forward
18:02 < Dime|2> I am multiple such setups, only problem I have is routing between different instances of openvpn
18:02 < akurilin> Dime|2: I can't use one single client.conf file, can I?
18:03 < akurilin> each VPN server has its own PKI
18:04 < Dime|2> seems I have misread your first question
18:05 < Dime|2> can you use multiple ovpn files?
18:05 < Dime|2> so kind of multiple clients running in one instance?
18:06 < akurilin> seems like I'd have to configure ubuntu's upstart to boot two instances of openvpn client at once?
18:06 < Dime|2> not at all
18:06 < Dime|2> just create a second conf file in /etc/openvpn/config
18:06 < subzero79> akurilin, in debian for example you can place all your conf's at /etc/openvpn. init will start as many instances as conf presents there
18:06 < Dime|2> service will launch all conf files
18:06 < akurilin> oooh seriously?
18:07 < Dime|2> yes
18:07 < akurilin> wow that will simplify things so much if it actually works
18:07 < subzero79> that includes servers and  clients
18:12 < akurilin> let me see if I can make this work. Got a bunch of environments like prod and dev that have separate openvpn servers and I'd love to have both tunnels up at once to be braindead if possible
18:45 -!- Dime|2 [~kvirc@cable-82-119-23-120.cust.telecolumbus.net] has quit [Ping timeout: 246 seconds]
18:53 < akurilin> seems to be working!
19:11 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:18 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
19:24 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
19:32 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
19:36 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
19:52 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
19:53  * m3n3chm0 nasZ
19:56 -!- autrilla [uid86014@python/site-packages/autrilla] has left #openvpn []
20:19 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
21:20 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
21:32 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Quit: Leaving]
21:38 -!- Vercas [~Vercas@unaffiliated/vercas] has left #openvpn ["Farewell."]
21:43 -!- |i|am|isReKT2000 is now known as isReKT2000
22:06 -!- Stigmagr [57ca59ce@gateway/web/cgi-irc/kiwiirc.com/ip.87.202.89.206] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
22:45 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
22:47 < ybgd> can someone help me?  im connected to my openvpn server as a client, and when I run an ip check online it shows that my public IP is masked appropriately
22:48 < ybgd> however, in establishing a p2p connection with a user/client of my vpn .. i almost see a 'traceroute' in my packet capture software
22:50 < ybgd> I send a p2p connection request and instead of just sending this packet to my OpenVPN Server IP (end point),  I can see it getting sent 3 times
22:52 < ybgd> the request is sent to my OpenVPN Server IP (endpoint), my OpenVPN local IP (10.8.0.1), AND most concerningly the IP of OpenVPN client connection (starting point)
22:54 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Quit: Leaving]
22:55 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
22:57 < ybgd> ive come here like 3-4 times in the past months, never got a response, and never seen any1 else chatting in here !!
22:59 < Eugene> !anyone
22:59  * Eugene slaps the bot
23:05 -!- ntio [~ntio@unaffiliated/ntio] has quit [Read error: Connection reset by peer]
23:06 -!- ntio [~ntio@unaffiliated/ntio] has joined #openvpn
23:13 < skyroveRR> Eugene: sup.
23:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:17 < Eugene> Jo mamma
23:19 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
23:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Client Quit]
23:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:20 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
23:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Quit: sigsts]
23:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:33 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Client Quit]
23:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Quit: sigsts]
23:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:34 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Client Quit]
23:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Client Quit]
23:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
23:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Client Quit]
23:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Client Quit]
23:40 -!- ShadniX [dagger@p5DDFECA0.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:41 -!- ShadniX [dagger@p5DDFE6DA.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Dec 06 2015
00:36 -!- shivaya [~root@162-207-204-31.lightspeed.sntcca.sbcglobal.net] has joined #openvpn
00:37 < shivaya> hello, I am trying to set up openvpn with default settings, through tun interface but it keeps pushing default gateway to 10.0.8.5 even though I don't have that specific IP nowhere in config
00:37 < shivaya> did anyone enounter this?
00:38 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
00:47 < Eugene> Are you doing a redirect setup?
00:48 < Eugene> !redirect
00:48 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
00:48 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
00:49 < shivaya> yeah I have push "redirect-gateway def1"
00:49 < shivaya> i can ping the servers private ip when I connect
00:49 < shivaya> and vice versa
00:49 < shivaya> but it doesn't route to public
00:50 < shivaya> it pushes default route 10.0.8.5, but the server is 10.0.8.1
00:55 -!- shivaya [~root@162-207-204-31.lightspeed.sntcca.sbcglobal.net] has quit [Quit: leaving]
01:11 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:36 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
01:40 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Client Quit]
01:51 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
01:52 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Client Quit]
02:11 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
02:11 -!- mode/#openvpn [+o mattock1] by ChanServ
02:12 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
02:50 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:17 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has quit [Ping timeout: 240 seconds]
03:34 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has joined #openvpn
03:48 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
03:53 < wizbit> when i connect openvpn to my home network, my ip address changes into a new subnet, is there a way to grab the ip from the dhcp server of the network openvpn is connecting to?
03:53 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
03:54 < wizbit> at the moment my ip is the tunnel network rather than my home network ip
04:01 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
04:05 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zeudrtzneghrfejh] has joined #openvpn
04:14 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
04:15 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:18 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has joined #openvpn
04:20 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has quit [Client Quit]
04:25 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:26 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:32 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 260 seconds]
04:39 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
04:43 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has joined #openvpn
04:49 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:50 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has joined #openvpn
04:51 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has quit [Client Quit]
04:54 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has joined #openvpn
05:08 -!- AlmogBaku [~AlmogBaku@bzq-82-81-241-237.cablep.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:14 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:27 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
05:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Client Quit]
05:31 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
05:52 -!- somis [~somis@70.38.6.186] has joined #openvpn
05:56 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:57 -!- deicide- [~war@unaffiliated/deicide-] has joined #openvpn
05:57 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
05:59 < deicide-> is there an update to tap 9.0.0.21?
05:59 < deicide-> https://forums.openvpn.net/topic16933.html https://forums.openvpn.net/topic17962.html
05:59 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN 2.3.4 i603 Windows x64 - TAP driver buggy : Server Administration (at forums.openvpn.net)
06:00 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
06:13 -!- bhuey [~bhuey@162-204-182-53.lightspeed.sndgca.sbcglobal.net] has joined #openvpn
06:13 < bhuey> hey
06:18 -!- deicide- is now known as Guest35531
06:18 -!- Guest35531 [~war@unaffiliated/deicide-] has quit [Disconnected by services]
06:18 -!- deicide- [~war@unaffiliated/deicide-] has joined #openvpn
06:19 -!- deicide- [~war@unaffiliated/deicide-] has quit [Client Quit]
06:24 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
06:30 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-zeudrtzneghrfejh] has quit [Quit: Connection closed for inactivity]
06:41 -!- nutron [~nutron@unaffiliated/nutron] has quit [Ping timeout: 260 seconds]
07:03 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:08 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-79-52.w86-195.abo.wanadoo.fr] has joined #openvpn
07:12 -!- Dime|2 [~kvirc@cable-82-119-23-120.cust.telecolumbus.net] has joined #openvpn
07:14 < Dime|2> Hi, Quick Question - is it possible allow connections between clients of different openvpn server instances on the same machine?
07:16 -!- Nomads [~Qann@5.135.176.3] has left #openvpn ["undefined"]
07:35 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:40 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
07:42 -!- catsup [~d@64.111.123.163] has joined #openvpn
07:45 -!- lkjahsdkfj [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
07:45 -!- typ [~quassel@unaffiliated/typ] has joined #openvpn
07:46 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Disconnected by services]
07:47 -!- catsup [~d@64.111.123.163] has quit [Ping timeout: 260 seconds]
07:48 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:48 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
07:48 -!- funnel_ [~funnel@unaffiliated/espiral] has joined #openvpn
07:48 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
07:48 -!- mode/#openvpn [+o vpnHelper] by ChanServ
07:48 -!- lbft_ [~lbft@unaffiliated/lbft] has joined #openvpn
07:48 -!- WarDriver [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
07:48 -!- Champi_ [Champi@damn.e-leet.be] has joined #openvpn
07:48 -!- L3hvyn [~Lehvyn@unaffiliated/lehvyn] has joined #openvpn
07:49 -!- Thermi_ [~Thermi@unaffiliated/thermi] has joined #openvpn
07:49 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 240 seconds]
07:49 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has quit [Ping timeout: 240 seconds]
07:49 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has quit [Ping timeout: 240 seconds]
07:49 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Ping timeout: 240 seconds]
07:49 -!- Champi [Champi@damn.e-leet.be] has quit [Ping timeout: 240 seconds]
07:49 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Ping timeout: 240 seconds]
07:49 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Ping timeout: 240 seconds]
07:49 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Quit: No Ping reply in 180 seconds.]
07:49 -!- Lehvyn [~Lehvyn@unaffiliated/lehvyn] has quit [Ping timeout: 240 seconds]
07:49 -!- Champi_ is now known as Champi
07:49 -!- isReKT2000 [isReKT2000@gateway/shell/layerbnc/x-nnczpeeeoanvwiaf] has quit [Ping timeout: 240 seconds]
07:49 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Ping timeout: 240 seconds]
07:49 -!- wazaptr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 240 seconds]
07:49 -!- linuxthefish [~ltf@unaffiliated/edmundf] has quit [Ping timeout: 240 seconds]
07:49 -!- musca [~musca@tyrael.eu] has quit [Ping timeout: 240 seconds]
07:49 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 240 seconds]
07:49 -!- fling [~fling@fsf/member/fling] has quit [Ping timeout: 240 seconds]
07:49 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 240 seconds]
07:49 -!- lbft_ is now known as lbft
07:49 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has quit [Ping timeout: 240 seconds]
07:49 -!- unholycrab [~unholycra@unaffiliated/computer] has quit [Ping timeout: 240 seconds]
07:49 -!- metaf5 [~metaf5@31.220.42.38] has quit [Ping timeout: 240 seconds]
07:49 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Ping timeout: 240 seconds]
07:49 -!- chamunks [chamunks@entityreborn.com] has quit [Read error: Connection reset by peer]
07:49 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 240 seconds]
07:49 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit [Ping timeout: 240 seconds]
07:49 -!- L3hvyn is now known as Lehvyn
07:49 -!- Thermi_ is now known as Thermi
07:49 -!- linuxfish_ [~ltf@unaffiliated/edmundf] has joined #openvpn
07:49 -!- funnel_ is now known as funnel
07:49 -!- linuxfish_ is now known as linuxthefish
07:50 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
07:50 -!- metaf5 [~metaf5@31.220.42.38] has joined #openvpn
07:50 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
07:50 -!- wazaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
07:52 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 245 seconds]
07:53 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
07:53 -!- fling [~fling@fsf/member/fling] has joined #openvpn
07:53 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
07:54 -!- deicide- [~war@unaffiliated/deicide-] has joined #openvpn
07:54 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
07:55 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
07:58 -!- catsup [~d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
07:59 -!- catsup [~d@64.111.123.163] has joined #openvpn
07:59 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
08:04 -!- manitu [~manitu@2a01:4f8:131:5169::2] has quit [Ping timeout: 264 seconds]
08:05 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
08:12 -!- Guest54322 [isReKT2000@gateway/shell/layerbnc/x-wydedvmqblxfbkgc] has joined #openvpn
08:14 -!- manitu [~manitu@2a01:4f8:131:5169::2] has joined #openvpn
08:14 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
08:18 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bqarpxzngdgrtykn] has joined #openvpn
08:23 -!- Guest54322 [isReKT2000@gateway/shell/layerbnc/x-wydedvmqblxfbkgc] has left #openvpn []
08:23 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
08:25 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
08:29 < banco> Dime|2: maybe with bridging
08:29 < Dime|2> you mean a tap device?
08:29 < banco> Dime|2: yes
08:30 < banco> Dime|2: though, you can do it with routing as well
08:30 < Dime|2> I've been trying for some time now and did not get it working
08:31 < Dime|2> I have a udp server which has some other networks connected through clients
08:31 < Dime|2> works great
08:31 < Dime|2> but now I would like an other with tcp as fallback for clients
08:31 < Dime|2> but cannot ping either clients from the other instance nor their networks
08:32 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
08:33 < banco> Dime|2: you need to have different subnets for udp and tcp server and add the routes from one of your server to the other and vice versa
08:33 < Dime|2> I did that
08:34 < Dime|2> 192.168.127.0/24 for udp and 192.168.128.0/24 for tcp
08:34 < Dime|2> I could ping 192.168.127.1 and 192.168.128.1 from both instances
08:34 < Dime|2> bot no clients
08:34 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 260 seconds]
08:35 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Client Quit]
08:35 < Dime|2> well not from different instances atleast
08:35 < Dime|2> udp -> udp client worked
08:36 < Dime|2> udp -> tcp client not
08:36 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
08:36 -!- mode/#openvpn [+o syzzer] by ChanServ
08:37 < banco> Dime|2: if you just want to have the second server as fallback, then it'll be easier for you to just use bridging instead routing
08:37 -!- iNs [~ins@85.17.164.26] has joined #openvpn
08:37 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
08:37 -!- bittin [~luna@unaffiliated/bittin] has joined #openvpn
08:38 < banco> Dime|2: you'll have tap0 for udp server and tap1 for tcp server and all you need is to create a bridge between tap0 and tap1
08:38 < bittin> anyone here that has setup OVPN in FreeBSD before?
08:40 -!- rich0_ is now known as rich0
08:40 < Dime|2> I will have to read more into tap, thanks for the advice @banco
08:45 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 246 seconds]
08:52 -!- iNs [~ins@85.17.164.26] has joined #openvpn
08:53 <@syzzer> !tuntap
08:55 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:55 <@syzzer> !tunortap
08:55 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. or (#2) and if your reason for wanting tap is windows shares, see !wins or use DNS or (#3) remember layer2 has no security, arp poisoning works over tap vpns or (#4) lan gaming? use tap! or (#5) Normal Android/iOS devices (not
08:55 <@vpnHelper> rooted/jailbroken) support only tun
08:56 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
09:02 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
09:09 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
09:10 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
09:23 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
09:29 < wkts> Does openvpn still need stunnel to hide traffic from the chinese firewall?
09:44 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 245 seconds]
09:44 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 260 seconds]
09:48 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
09:49 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 264 seconds]
09:50 -!- isReKT2000 [isReKT2000@gateway/shell/layerbnc/x-wydedvmqblxfbkgc] has joined #openvpn
09:53 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
09:53 -!- mode/#openvpn [+o plaisthos] by ChanServ
09:53 -!- showaz [~showaz@unaffiliated/showaz] has joined #openvpn
09:54 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:04 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
10:04 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Client Quit]
10:06 -!- dazo_afk [~dazo@openvpn/community/developer/dazo] has joined #openvpn
10:06 -!- mode/#openvpn [+o dazo_afk] by ChanServ
10:06 -!- dazo_afk is now known as dazo
10:11 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
10:17 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:21 < deicide-> is there an update to tap 9.0.0.21?
10:21 < deicide-> i mean newer version than that
10:28 <@syzzer> deicide: no
10:31 -!- Gaffel [~drone@h210n21-m-sp-d1.ias.bredband.telia.com] has quit [Quit: ZNC]
10:32 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
10:37 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 245 seconds]
10:42 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 250 seconds]
10:43 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:45 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:49 -!- _FBi [B@Aircrack-NG/User] has quit [Ping timeout: 264 seconds]
10:50 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
10:58 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
11:02 -!- AlmogBak_ [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
11:03 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Ping timeout: 246 seconds]
11:08 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has quit [Remote host closed the connection]
11:12 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 260 seconds]
11:13 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
11:18 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has joined #openvpn
11:29 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
11:36 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Read error: Connection reset by peer]
11:38 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 246 seconds]
11:40 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
11:40 -!- mode/#openvpn [+o plaisthos] by ChanServ
11:41 -!- AlmogBak_ is now known as AlmogBaku
11:44 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
11:49 -!- MogDog [~mogdog@mog.dog] has quit [Ping timeout: 250 seconds]
11:50 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
11:58 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:00 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
12:02 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
12:03 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Remote host closed the connection]
12:04 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Client Quit]
12:06 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
12:12 -!- lkjahsdkfj is now known as uiyice
12:13 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:15 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
12:16 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has quit [Remote host closed the connection]
12:18 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has joined #openvpn
12:20 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
12:24 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Remote host closed the connection]
12:28 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:29 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has joined #openvpn
12:42 -!- cyberspace- [~cyberspac@ninthfloor.org] has quit [Ping timeout: 260 seconds]
12:59 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has quit [Ping timeout: 260 seconds]
13:00 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
13:02 -!- AlmogBaku [~AlmogBaku@bzq-109-64-158-142.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:14 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Ping timeout: 260 seconds]
13:31 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 245 seconds]
13:33 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:36 -!- AlmogBaku [~AlmogBaku@109.64.158.142] has joined #openvpn
13:38 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
14:02 -!- showaz [~showaz@unaffiliated/showaz] has quit [Remote host closed the connection]
14:17 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has quit [Remote host closed the connection]
14:17 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Ping timeout: 245 seconds]
14:17 -!- AlmogBaku [~AlmogBaku@109.64.158.142] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:19 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
14:19 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has joined #openvpn
14:21 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has quit [Client Quit]
14:23 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has joined #openvpn
14:33 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
14:40 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Remote host closed the connection]
14:43 < wizbit> is there a way to limit bandwidth on openvpn?
14:52 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
14:55 -!- Dime|2 [~kvirc@cable-82-119-23-120.cust.telecolumbus.net] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
15:00 -!- n-st [~n-st@unaffiliated/n-st] has quit [Max SendQ exceeded]
15:03 -!- abra0 [abra0@unaffiliated/abra0] has quit [Max SendQ exceeded]
15:03 -!- n-st [~n-st@unaffiliated/n-st] has joined #openvpn
15:04 -!- abra0 [znc-admin@unaffiliated/abra0] has joined #openvpn
15:09 -!- dupondje [~dupondje@2a01:4f8:200:5009::2:1] has joined #openvpn
15:10 < dupondje> Are there still known issue with the NDIS-6 Tap driver? Installed it on my win7 pc, but it seems way slower than the old one
15:10 < dupondje> packetloss etc s
15:16 -!- vegii [~gp@87-207-164-118.dynamic.chello.pl] has joined #openvpn
15:16 < vegii> >your problem is probably firewall
15:17 < vegii> oh, okay... I can't reach wan via vpn
15:18 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:20 < vegii> I was wondering if that's because I provided my ddns address in the "wan address" inputbox in openmediavault
15:25 -!- JackWinter_ [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
15:27 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Read error: Connection reset by peer]
15:27 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
15:27 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
15:28 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
15:30 -!- leeyaa [4df6d773@gateway/web/freenode/ip.77.246.215.115] has joined #openvpn
15:30 < leeyaa> hello
15:30 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
15:32 < leeyaa> when using an openvpn box as a router for local lan what do i need to do so clients behind the vpn preserve their real ip address ? for example at the moment when i reach 192.168.1.2 from 192.168.200.0/24 all clients get 192.168.1.1 as source ip
15:32 < leeyaa> thats my setup https://ghostbin.com/paste/6sv3w
15:33 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: My Mac Mini has gone to sleep. ZZZzzz…]
15:33  * m3n3chm0 nasZZ
15:35 -!- vegii [~gp@87-207-164-118.dynamic.chello.pl] has quit [Ping timeout: 245 seconds]
15:39 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
15:43 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
15:43 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
15:44 -!- deicide- [~war@unaffiliated/deicide-] has quit [Ping timeout: 245 seconds]
15:48 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
15:49 < wkts> Does openVPN still require something like stunnel to get through the chinese firewall?
15:57 -!- somis [~somis@70.38.6.186] has quit [Quit: Leaving]
16:02 < tomodachi> wkts: ordinary openvpn traffic according to my experience
16:02 < tomodachi> is being actively blocked nowdays
16:06 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
16:12 < wkts> tomodachi,  so stunnel is worth it?
16:12 < tomodachi> wkts: im no longer working in the company that had a branch office in china
16:12 < tomodachi> where we had to work with all these work arounds not to get blocked
16:13 < tomodachi> so cant tell what works right now honestly
16:13 < tomodachi> but just "vanilla openvPN" im quite sure will not work
16:14 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
16:17 -!- joako [~joako@opensuse/member/joak0] has quit [Ping timeout: 256 seconds]
16:25 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
16:27 < wkts> ah ok ty
16:48 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 260 seconds]
16:50 -!- zylinx [uid43406@gateway/web/irccloud.com/x-yslutoxiijeayrmz] has joined #openvpn
16:54 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
16:57 -!- ustn [~ustn@p4FDB1BC5.dip0.t-ipconnect.de] has joined #openvpn
17:09 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
17:09 -!- leeyaa [4df6d773@gateway/web/freenode/ip.77.246.215.115] has quit [Ping timeout: 252 seconds]
17:36 -!- ustn [~ustn@p4FDB1BC5.dip0.t-ipconnect.de] has quit [Quit: ustn]
17:41 -!- deicide- [~war@unaffiliated/deicide-] has joined #openvpn
17:44 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
17:54 -!- bittin is now known as bittin_US
18:04 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
18:09 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Read error: Connection reset by peer]
18:13 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
18:50 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
18:58 -!- mystica555_ [~mystica55@97-118-127-139.hlrn.qwest.net] has joined #openvpn
18:59 < Eugene> !gfw
18:59 < Eugene> either the bot is fucked or I've forgotten all my factoids
19:02 -!- mystica555 [~mystica55@75-166-101-13.hlrn.qwest.net] has quit [Ping timeout: 260 seconds]
19:05 -!- somis [~somis@70.38.6.185] has joined #openvpn
19:20 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Quit: Leaving]
19:30 -!- NickelSpike [~textual@209.95.50.143] has joined #openvpn
19:32 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Ping timeout: 245 seconds]
19:57 -!- toli [~toli@ip-81-11-248-215.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
19:58 -!- toli [~toli@ip-62-235-196-87.dsl.scarlet.be] has joined #openvpn
20:34 -!- somis [~somis@70.38.6.185] has quit [Quit: Leaving]
21:13 -!- NickelSpike [~textual@209.95.50.143] has quit [Ping timeout: 246 seconds]
21:39 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
21:57 -!- zylinx [uid43406@gateway/web/irccloud.com/x-yslutoxiijeayrmz] has quit [Quit: Connection closed for inactivity]
22:20 -!- s7eele [~AndChat52@104.156.228.79] has joined #openvpn
23:09 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
23:17 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:18 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
23:18 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
23:41 -!- ShadniX [dagger@p5DDFE6DA.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:42 -!- ShadniX [dagger@p5DDFF465.dip0.t-ipconnect.de] has joined #openvpn
23:56 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
--- Day changed Mon Dec 07 2015
00:02 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
00:44 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
00:48 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Quit: Leaving]
01:03 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
01:20 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 260 seconds]
01:27 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
01:36 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
01:40 -!- iokill_ is now known as iokill
01:47 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Read error: Connection reset by peer]
01:48 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
01:50 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
01:53 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
01:54 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
02:03 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
02:11 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
02:26 -!- mystica555_ [~mystica55@97-118-127-139.hlrn.qwest.net] has quit [Remote host closed the connection]
02:32 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 250 seconds]
02:34 -!- mystica555 [~mystica55@97-118-127-139.hlrn.qwest.net] has joined #openvpn
02:34 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
02:52 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
03:30 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:37 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 260 seconds]
03:39 -!- DArqueBishop [~drkbish@tyrande.darquecathedral.org] has joined #openvpn
04:07 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:18 -!- deicide- [~war@unaffiliated/deicide-] has quit [Quit: Leaving]
04:27 -!- toli [~toli@ip-62-235-196-87.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
04:28 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 260 seconds]
04:38 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
04:38 -!- toli [~toli@ip-62-235-216-111.dsl.scarlet.be] has joined #openvpn
04:38 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 260 seconds]
04:47 -!- f0cker [~f0cker@unaffiliated/f0cker] has joined #openvpn
04:50 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
04:52 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 260 seconds]
04:53 -!- batrick [~batrick@nmap/developer/batrick] has joined #openvpn
04:54 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
04:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
05:04 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
05:06 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
05:09 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
05:14 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
05:16 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:22 -!- deicide- [~war@unaffiliated/deicide-] has joined #openvpn
05:23 -!- deicide- [~war@unaffiliated/deicide-] has left #openvpn ["Leaving"]
05:49 -!- allizom [~Thunderbi@host87-178-dynamic.5-87-r.retail.telecomitalia.it] has joined #openvpn
06:12 -!- allizom [~Thunderbi@host87-178-dynamic.5-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
06:19 -!- Mike-- [mad@mx.probie.nl] has joined #openvpn
06:25 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:27 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 264 seconds]
06:32 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 245 seconds]
06:32 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
06:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Quit: skyroveRR]
06:36 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
06:44 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Read error: Connection reset by peer]
06:52 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:53 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:54 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
07:13 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:13 -!- mode/#openvpn [+o mattock_] by ChanServ
07:14 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
07:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Quit: sigsts]
07:34 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
07:36 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
07:42 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:43 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:43 -!- mode/#openvpn [+o mattock_] by ChanServ
07:45 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
07:46 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:46 -!- mode/#openvpn [+o mattock_] by ChanServ
07:47 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 246 seconds]
07:48 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
07:48 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:48 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:49 -!- mode/#openvpn [+o mattock_] by ChanServ
07:53 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
07:55 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Quit: ZNC - http://znc.in]
07:58 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:59 -!- AlmogBaku [~AlmogBaku@212.235.124.20] has joined #openvpn
07:59 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
07:59 -!- mode/#openvpn [+o mattock_] by ChanServ
08:00 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
08:05 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
08:09 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
08:11 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
08:15 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
08:16 -!- ghormoon [~ghormoon@ghorland.net] has quit [Ping timeout: 264 seconds]
08:16 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
08:16 -!- s7r_ [~s7r@openvpn/user/s7r] has joined #openvpn
08:16 -!- mode/#openvpn [+v s7r_] by ChanServ
08:18 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 264 seconds]
08:18 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 264 seconds]
08:22 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 265 seconds]
08:22 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
08:23 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
08:23 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 265 seconds]
08:27 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
08:29 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
08:29 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 260 seconds]
08:30 -!- Exagone314 [exa@elou.world] has joined #openvpn
08:30 -!- toli [~toli@ip-62-235-216-111.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
08:30 -!- afics [~afics@unaffiliated/-x-/x-5730914] has quit [Ping timeout: 246 seconds]
08:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Ping timeout: 246 seconds]
08:30 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 246 seconds]
08:30 -!- Lehvyn [~Lehvyn@unaffiliated/lehvyn] has quit [Ping timeout: 246 seconds]
08:30 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Ping timeout: 246 seconds]
08:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
08:30 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
08:30 -!- toli [~toli@ip-62-235-216-111.dsl.scarlet.be] has joined #openvpn
08:32 -!- chamunks [chamunks@entityreborn.com] has joined #openvpn
08:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:32 -!- doop [~doop@colostomy.club] has joined #openvpn
08:32 -!- Lehvyn [~Lehvyn@unaffiliated/lehvyn] has joined #openvpn
08:34 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 260 seconds]
08:35 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
08:35 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
08:44 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Quit: ZNC - http://znc.in]
08:45 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:45 -!- mode/#openvpn [+o mattock_] by ChanServ
08:48 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:48 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
08:50 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
08:50 -!- mode/#openvpn [+o mattock_] by ChanServ
08:50 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
08:58 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
09:00 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
09:02 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
09:02 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Quit: ZNC - http://znc.in]
09:04 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
09:06 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
09:09 -!- DMA [~dma@190.146.128.106] has joined #openvpn
09:13 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
09:13 -!- mode/#openvpn [+o mattock_] by ChanServ
09:17 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
09:28 -!- AlmogBaku [~AlmogBaku@212.235.124.20] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:31 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
09:34 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
09:46 -!- jsfrerot [~jsfrerot@192.252.133.70] has joined #openvpn
09:48 < jsfrerot> hi, I have a question about openvpn performance. I have been able to reach almost 100% of my internet link (1Gbps) with openvpn using the following settings: tun-mtu 9000, fragment 0, mssfix 0, cipher aes-256-cbc
09:48 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:48 < jsfrerot> this is acheived between my top vpn servers on the internet (ping of ~20ms)
09:49 < jsfrerot> however when i try to test the speed from servers behing my VPN nodes, I can't reach more than ~100Mbs
09:50 < jsfrerot> I see that when I test directly on my vpn nodes, packets are using the 9000 mtu, but not when servers behind the vpn nodes. It's using only the 1500 mtu.
09:51 < jsfrerot> I was wondering if openvpn was able to kind of "merge" packets to use the MTU in between the openvpn connections and then downsize the packet back to it's 1500 MTU ok the other side of the VPN
09:52 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
09:55 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
09:55 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Read error: Connection reset by peer]
09:56 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:02 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:03 -!- MogDog [~mogdog@mog.dog] has quit [Ping timeout: 260 seconds]
10:05 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
10:09 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 264 seconds]
10:10 -!- linuxthefish [~ltf@unaffiliated/edmundf] has quit [Ping timeout: 260 seconds]
10:12 <@plaisthos> jsfrerot: I am not what mssfix 0 and fragment 0 actually do
10:13 <@plaisthos> and no openvpn does not put multiple packets in a UDP packet
10:30 < jsfrerot> Any idea how I can improve the vpn connection performance between servers behind my VPN nodes ?
10:34 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
10:35 -!- linuxthefish [~ltf@unaffiliated/edmundf] has joined #openvpn
10:43 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
10:48 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
10:52 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
10:53 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
10:54 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
10:55 < infernix> i have around a dozen openvpn servers with various tunnels running
10:56 < infernix> i can connect with any windows, OSX or linux client without any issue
10:56 < infernix> however, no matter what configuration i apply to the OpenVPN connect Android and IOS clients, it just isn't working
10:56 < infernix> i either get "Bad LZO decompression header byte: 0" or "IP packet with unknown IP version=0 seen"
10:57 < infernix> the former with comp-lzo yes or adaptive, the latter with comp-lzo no
10:57 < infernix> i've tried upgrading to openvpn server 2.3.7 on the host side to no avail
10:57 < infernix> meanwhile all the PC clients connect just fine in any configuration
10:57 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
10:58 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
11:02 -!- alec-b [~alec@49.45.103.87.rev.vodafone.pt] has joined #openvpn
11:05 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
11:10 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
11:11 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
11:13 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:16 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:21 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
11:21 <@plaisthos> infernix: do you use tap?
11:28 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
11:29 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
11:33 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
11:33 -!- willer [potato@gateway/shell/blinkenshell.org/x-tugmnamddfrraber] has quit [Ping timeout: 245 seconds]
11:37 < infernix> tun
11:37 < infernix> i think i've got a working config by enforcing comp-lzo adaptive on all sides
11:37 < infernix> but comp-lzo no and yes both seem to break everything
11:38 < infernix> it's as if the openvpn connect client ignores everything and only uses adaptive
12:00 -!- willer [potato@gateway/shell/blinkenshell.org/x-ukspfcirmzstwklu] has joined #openvpn
12:06 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
12:25 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
12:27 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 245 seconds]
12:32 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Max SendQ exceeded]
12:33 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has joined #openvpn
12:33 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has joined #openvpn
12:40 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-bqarpxzngdgrtykn] has quit [Quit: Connection closed for inactivity]
12:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
12:45 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit []
12:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
12:56 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
12:57 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:59 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
13:03 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
13:04 -!- shiriru [~shiriru@46.10.54.164] has quit [Client Quit]
13:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
13:12 < jsfrerot> Can I reach more than 100Mbps over a 1G link with 20ms delay at mtu 1500 through openvpn?
13:13 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:18 < banco> !gigabit
13:18 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
13:23 < jsfrerot> banco, I've seens and tested what is on this links, this works only from the server to the client with mtu 9000, when servers behing the cluster are using mtu 1500 it's falls back to ~100Mbps
13:24 < jsfrerot> i'm looking to have a site-to-site vpn which allows me to use my gig link
13:26 < banco> I didn't try it myself, but based on that page, seems like it's impossible with mtu 1500
13:35 < jsfrerot> banco, only if you use mtu 9000 and the example on this page is clearly showing an host to host vpn, no servers behind the 2 vpn hosts. They would need to have jumbo frame enabled which I can't do.
13:36 < jsfrerot> mtu 1500 at 8.8Gbps is without encryption and not taking into consideration the latency
13:39 -!- somis [~somis@70.38.6.189] has joined #openvpn
13:47 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
13:52 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
13:54 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
14:00 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
14:16 < Eugene> Without tuning or any fiddling I can get ~200mbps(on a 250mbps link) between my house and a VPS 20ms away
14:16 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
14:16 < BtbN> jsfrerot, the mtu of the physical links don't matter. It's about encryption performance, which is better on larger batches
14:17 < Eugene> Using a Xeon 5520(client) and a E5-2680(server)
14:17 < Eugene> So I have no idea what it is that people do to get such slowness
14:17 < jsfrerot> Eugene, are you testing your traffic with host behind your vpn servers ?
14:18 < Eugene> This was unrouted, with no iptables. I don't have that particular setup anymore; I've rearranged my living room since
14:18 < jsfrerot> BtbN, If i use mtu 1500 on the tun interface I get ~100Mpbs, but using mtu 9000 I can reach almost 1Gbps
14:18 < Eugene> Purely just stuffing iperf down the tun
14:19 < BtbN> jsfrerot, well, then try using 30k or something.
14:19 < BtbN> And if that works, just use it?
14:19 < Eugene> 30K is a bit over what most switches will pass fro a MTU size
14:19 < BtbN> <BtbN> jsfrerot, the mtu of the physical links don't matter.
14:19 < jsfrerot> BtbN, the problem is my servers behing my vpns can't use an mtu of more than 1500 because of hardware restriction
14:19 < BtbN> ...
14:20 < jsfrerot> so my servers sends packet at mtu 1500 and the vpn server receives it, and simply forward it to the vpn tunnel at the same mtu
14:20 < jsfrerot> which is 1500.
14:21 < jsfrerot> I clearly see this behaviur by doing a tcpdump on the tun interface and on the eth0 interface. Packets are not bigger than 1500
14:21 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
14:21 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
14:21 < Eugene> Screwing around with compression and tunnel MTU is only going to make your connection slower
14:21 < jsfrerot> so unless there is a way to tell openvpn to buffer packets to send the to the tunnel when it reaches 9000 I don't see how it can go faster
14:22 < Eugene> You will always be limited to MTU1500 on the open internet; your in-tunnel traffic should thus be smaller than that(to allow encapsulation)
14:22 < BtbN> That's exactly what TCP does though, unless explicitly disabled.
14:23 < BtbN> Setting a huge MTU on the tun isn't uncommon. It increases encryption performance a lot.
14:23 < jsfrerot> well, I don't know what is happening but looking at encrypted udp packets on the receving vpn server i see packets at 9000
14:23 < BtbN> The UDP packages are just split
14:24 < jsfrerot> I can try not setting mtu, again just to test
14:26 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
14:28 < jsfrerot> cpu at 8% for the openvpn process, and doing 30Mbps...
14:29 < jsfrerot> from vpn to vpn cpu 45% doing 80Mbps
14:29 < jsfrerot> humm, now around 200Mbps
14:29 < jsfrerot> but not faster than this
14:30 < jsfrerot> how can I know if it's really using aesni ?
14:38 < jsfrerot> without openvpn can can easily reach 1Gbps at 1500 mtu...
14:40 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:41 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
14:55 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
15:01 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:07 -!- f0cker [~f0cker@unaffiliated/f0cker] has quit [Read error: Connection timed out]
15:11 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
15:17 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
15:23 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
15:25 -!- f0cker [~f0cker@unaffiliated/f0cker] has joined #openvpn
15:34 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:35 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
15:40 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
15:45 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
15:48 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
15:49 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
15:51 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
16:00 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 244 seconds]
16:14 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
16:28 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
16:38 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
16:44 -!- pandabearit [~pandabear@pool-98-118-162-190.bflony.fios.verizon.net] has joined #openvpn
16:49 -!- pandabearit [~pandabear@pool-98-118-162-190.bflony.fios.verizon.net] has quit [Quit: Leaving]
16:57 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
17:08 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
17:09 -!- bambam [~root@mymojo.nl] has joined #openvpn
17:13 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
17:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
17:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:21 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:26 -!- mikjaer [~mikjaer@127-0-0-1.dk] has joined #openvpn
17:26 < mikjaer> Can i setup OpenVPN so that the clients will received my custom root ssl certificate?
17:27 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:34 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
17:39 -!- bambam [~root@mymojo.nl] has quit [Quit: Lost terminal]
17:44 < Eugene> No.
17:52 -!- s7eele [~AndChat52@104.156.228.79] has quit [Quit: Bye]
17:58 -!- nemysis [~nemysis@freebsd/developer/pcbsd.nemysis] has quit [Quit: nemysis]
18:02 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Remote host closed the connection]
18:08 -!- Exagone314 is now known as Exagone313
18:10 -!- thumbs [1000@unaffiliated/thumbs] has quit [Quit: Reconnecting]
18:14 -!- Taftse|Mac [~taftse@unaffiliated/taftse] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:16 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn
18:16 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 264 seconds]
18:17 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
18:36 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
18:39 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Remote host closed the connection]
18:39 -!- jefferai [sid1300@kde/mitchell] has quit [Remote host closed the connection]
18:52 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
19:00 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
19:19 -!- f0cker [~f0cker@unaffiliated/f0cker] has quit [Ping timeout: 272 seconds]
19:21 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
19:23 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 245 seconds]
19:29 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Ping timeout: 260 seconds]
19:29 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
19:31 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
20:26 -!- _FBi [B@Aircrack-NG/User] has joined #openvpn
20:28 -!- mikjaer [~mikjaer@127-0-0-1.dk] has quit [Ping timeout: 260 seconds]
20:37 -!- s7eele [~AndChat52@104.156.228.79] has joined #openvpn
21:04 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
21:09 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
21:13 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
21:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
21:18 -!- somis [~somis@70.38.6.189] has quit [Quit: Leaving]
21:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:46 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
22:07 -!- mystica555 [~mystica55@97-118-127-139.hlrn.qwest.net] has quit [Remote host closed the connection]
22:25 -!- mystica555 [~mystica55@97-118-108-213.hlrn.qwest.net] has joined #openvpn
23:13 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: #rson]
23:13 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:40 -!- ShadniX [dagger@p5DDFF465.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:41 -!- ShadniX [dagger@p5481DB04.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Tue Dec 08 2015
00:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 260 seconds]
00:15 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
00:59 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
01:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:23 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Read error: Connection reset by peer]
01:51 -!- {shiver} [~shiver@mail.vally.co.nz] has left #openvpn ["WeeChat 1.3"]
01:56 -!- ade_ [~Ade@redhat/adeb] has joined #openvpn
01:57 -!- ade_ [~Ade@redhat/adeb] has quit [Read error: Connection reset by peer]
01:59 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 250 seconds]
02:07 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
02:45 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 260 seconds]
03:07 -!- AlmogBaku [~AlmogBaku@212.235.124.20] has joined #openvpn
03:08 -!- AlmogBaku [~AlmogBaku@212.235.124.20] has quit [Client Quit]
03:09 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
03:09 < drwx> plaisthos: seeing how microsoft, google and mozilla are going to depreciate sha1, is there any chance of a future version of the openvpn client refusing to connect to a server with a sha1 certificate?
03:10 < drwx> or should i ask this to openssl developers?
03:15 -!- Balveda [~cnekk@181.90.35.108] has joined #openvpn
03:22 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 256 seconds]
03:23 < Balveda> Has anyone had to deal with trying to get an AWS instance to tunnel traffic through HMA's VPN service and keeping the ssh connection running?
03:28 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
03:40 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 250 seconds]
03:44 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 260 seconds]
03:45 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
03:51 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 264 seconds]
03:53 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
03:54 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:07 -!- JoshX [~joshx@townsville.nl] has joined #openvpn
04:08 < JoshX> Hello! would it be possible to config an openvpn server to have a fallback cipher? We're in the process of migrating ~100 clients from cipher 'none' to blowfish but the transition will take time...
04:09 < JoshX> (or does anyone have a super-cool sollution on how to run 2 instances of openvpn on the same address pool?)
04:09 < JoshX> else i'm looking at a ton of work with static routes and stuff...
04:12 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
04:16 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 240 seconds]
04:18 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
04:27 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has quit [Ping timeout: 260 seconds]
04:28 -!- pipework [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
04:54 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:55 <@plaisthos> drwx: I don't know if there is an openssl option for that (disallowing sha1)
04:57 < drwx> plaisthos: well they did disable md5 at some point i think, or do something that made openvpn hard to use with md5 certificates, i don't remember what exactly
05:10 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
05:13 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
05:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:15 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
05:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:25 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit []
05:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
05:41 -!- ellipsis753_ [538ff373@gateway/web/freenode/ip.83.143.243.115] has joined #openvpn
05:42 < ellipsis753_> Hello. I've set up a vpn so that some clients have access to ssh to any of the other clients (via the vpn). Is it possible for me to get hostnames on the vpn to resolve? (for example ssh foo@bar) As the vpn IP addresses are dynamic, so I can't really predict them.
05:52 < wizbit> ellipsis753_: i think you need to create a OPT openvpn interface and turn on DHCP server
05:52 < wizbit> i might be wrong..
05:52 -!- jeev [~j@unaffiliated/jeev] has quit [Ping timeout: 256 seconds]
05:52 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:57 -!- jeev [~j@unaffiliated/jeev] has joined #openvpn
06:06 < ellipsis753_> wizbit: Thank you. That sounds good but I'm having trouble finding documentation on it. Do you know of something I could search for an OPT interface?
06:13 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:28 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:31 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 256 seconds]
06:37 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
06:37 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:43 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
06:43 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
06:47 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
06:48 -!- ellipsis753_ [538ff373@gateway/web/freenode/ip.83.143.243.115] has quit [Ping timeout: 252 seconds]
06:48 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
06:53 -!- ello_govna [~ello_govn@98.231.186.89] has quit [Quit: WeeChat 0.4.2]
06:56 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
07:15 -!- somis [~somis@70.38.6.189] has joined #openvpn
07:24 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Quit: WeeChat 1.2]
07:28 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has joined #openvpn
07:47 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
07:49 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Client Quit]
07:49 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
08:15 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
08:29 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 256 seconds]
08:37 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
08:39 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
08:41 -!- doebi [~doebi@doebi.at] has joined #openvpn
08:44 -!- hive-mind [pranq@mail.bbis.us] has quit [Remote host closed the connection]
08:45 < doebi> i got some problems setting up my openvpn gateway. when starting the client everything works as expected. connecting and setting up routes. but i cant ping the server on the internal ip (10.8.0.1)
08:47 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
08:49 -!- mystica555_ [~mystica55@174-16-109-104.hlrn.qwest.net] has joined #openvpn
08:50 -!- mystica555 [~mystica55@97-118-108-213.hlrn.qwest.net] has quit [Ping timeout: 256 seconds]
08:59 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:02 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
09:13 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
09:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:22 -!- MikeH__ [~mystica55@174-16-113-213.hlrn.qwest.net] has joined #openvpn
09:23 -!- mystica555 [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
09:24 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
09:26 -!- mystica555_ [~mystica55@174-16-109-104.hlrn.qwest.net] has quit [Ping timeout: 250 seconds]
09:27 -!- MikeH__ [~mystica55@174-16-113-213.hlrn.qwest.net] has quit [Ping timeout: 272 seconds]
09:27 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Read error: Connection reset by peer]
09:30 -!- mystica555 [~mystica55@63-224-69-174.customers.uswest.net] has quit [Read error: Connection reset by peer]
09:30 -!- mystica555 [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
09:49 -!- akurilin [~alex@208.80.70.250] has quit [Ping timeout: 250 seconds]
09:53 -!- Balveda [~cnekk@181.90.35.108] has quit [Quit: Leaving]
09:59 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:08 -!- saik0_ [~saik0@unaffiliated/saik0] has quit [Read error: Connection reset by peer]
10:17 -!- akurilin [~alex@208.80.70.250] has joined #openvpn
10:37 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit []
10:39 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:50 -!- sillysausage [~sillysaus@178-17-168-21.ip.as43289.net] has quit [Ping timeout: 272 seconds]
10:52 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:12 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
11:15 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:31 -!- sliddis [33af9b0b@gateway/web/freenode/ip.51.175.155.11] has joined #openvpn
11:36 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
11:40 < sliddis> my openvpn client says https://pastee.org/9jg5f what could be going wrong?
11:41 < sliddis> !welcome
11:41 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
11:41 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
11:41 < sliddis> !goal
11:41 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:41 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
11:42 < sliddis> !goal I would like to access the lan behind the vpn server
11:42 < sliddis> !configs
11:42 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
11:43 < DArqueBishop> sliddis, I'm not an expert, but it might be a problem with your certificates.
11:45 < sliddis> DArqueBishop: I have made a CA, intermediate CA that signed my vpnserver cert. I imported the vpnserver.crt into the android openvpn client. I auth with user+pass
11:46 < banco> sliddis: paste your server and client configs
11:47 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 272 seconds]
11:50 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Ping timeout: 246 seconds]
11:52 < sliddis> https://pastee.org/rcjcc this is the server (mikrotik routerOS). https://pastee.org/7qm86
11:52 < sliddis> banco: there
11:53 < sliddis> what certificate should the client have? Just the vpn-server certificate or the whole CA-chain + vpn server cert?
11:54 <@ecrist> the ca, and then the client cert/key pair.
11:54 <@ecrist> so, two certificates and a single key
11:54 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
11:56 < sliddis> ecrist: but Im not using certificates on the client. just username/password. I dont think RouterOS "without username/pass is supported" (ref: http://wiki.mikrotik.com/wiki/Manual:Interface/OVPN)
11:56 <@vpnHelper> Title: Manual:Interface/OVPN - MikroTik Wiki (at wiki.mikrotik.com)
11:57 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
12:05 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
12:05 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:05 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
12:06 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
12:07 < sliddis> ideas?
12:07 < banco> sliddis: you're using the wrong cert on the client side
12:08 < banco> sliddis: you need to use intermediate CA cert instead of vpnserver cert
12:11 < sliddis> banco seems to me Im getting the same error using the intermediate CA cert in the client
12:15 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
12:17 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Ping timeout: 256 seconds]
12:17 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-79-52.w86-195.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
12:17 < banco> sliddis: you should have the CA cert, server cert and server key in the server config, I see only "certificate=home.server.cert.pem_0" in your config
12:19 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-221-180.w86-217.abo.wanadoo.fr] has joined #openvpn
12:23 < sliddis> banco: the CA cert aswell? Doesnt the client have the ca cert since it trust's the CA-chain? and also certificate=home.server.cert.pem_0 is both key and cert
12:26 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has joined #openvpn
12:27 < banco> sliddis: you need to have your intermediate CA cert in your server and client configs
12:28 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has quit [Max SendQ exceeded]
12:31 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Read error: Connection reset by peer]
12:32 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
12:33 < banco> sliddis: http://wiki.mikrotik.com/wiki/OpenVPN
12:33 <@vpnHelper> Title: OpenVPN - MikroTik Wiki (at wiki.mikrotik.com)
12:36 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
12:40 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has joined #openvpn
12:42 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has quit [Max SendQ exceeded]
12:48 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
12:50 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
12:53 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has joined #openvpn
12:56 < sliddis> banco: I dont understand why the vpnserver would need the intermediate ca cert installed? I have a https service installed on the same machine, without needing the int-ca cert. The client on the other hand has both int-ca-cert and root-ca-cert installed
12:56 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has quit [Max SendQ exceeded]
12:57 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has joined #openvpn
13:00 < banco> sliddis: https://openvpn.net/index.php/open-source/documentation/howto.html#pki
13:00 <@vpnHelper> Title: HOWTO (at openvpn.net)
13:02 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has quit [Max SendQ exceeded]
13:02 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has joined #openvpn
13:04 -!- AlmogBaku [~AlmogBaku@37.26.146.160] has quit [Client Quit]
13:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
13:20 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit []
13:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:22 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
13:29 -!- lucidguy [~fern@d72-39-55-175.home1.cgocable.net] has joined #openvpn
13:29 < lucidguy> Ok, I could use some help.
13:30 < lucidguy> anyone alive?
13:37 -!- tekk [~me@185.17.149.149] has joined #openvpn
13:40 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
13:41 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
13:49 < lucidguy> hmm I've configured the openVPN server as per instructions, transfered files needed for client.  When I attempt to connect it succeeds.  I can see the assigned IP with ipconfig also.  But when I surf "whats my ip" for example I'm still showing the local network of the laptop, not the vpned network?
13:53 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Read error: Connection reset by peer]
13:56 < sliddis> lucidguy: did you push all routes (0.0.0.0/0) to the client or just the remote subnet_
13:56 < sliddis> lucidguy: try traceroute :)
13:56 < lucidguy> this is the problem.. very new to me.
13:57 < sliddis> banco: thanks that guide is if you use certificates on the clients though? I am not using certificates on the client, just user/pass
13:57 < lucidguy> First off .. should I be setting this up as a TCP server of UDP?
13:59 < lucidguy> secondly do I have to create a tap0 device?  I need a bridged vpn connection.
14:01 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
14:10 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
14:13 < Ryushin> Any other settings I should set to increase security: tls-auth /etc/openvpn/keys/ta.key, tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, cipher AES-256-CBC, auth SHA512, tls-version-min 1.2, dh /etc/openvpn/keys/dh4096.pem, remote-cert-tls client
14:14 < banco> sliddis: no, that's on the whole about using certs/keys in OpenVPN. The mikrotic use "require-client-certificate no" (OpenVPN option client-cert-not-required) option by default, so you don't need to have the client cert/key on the client, only CA cert. But it's still required to have CA cert, server cert and server key on server side.
14:16 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
14:17 < lucidguy> boo no assistance
14:17 < lucidguy> :)
14:17 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
14:17 < DArqueBishop> lucidguy: mind pasting your server config?
14:17 < DArqueBishop> !configs
14:17 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
14:17 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
14:19 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
14:19 < lucidguy> DArqueBishop: http://paste.ubuntu.com/13833729/
14:19 < lucidguy> running on Centos 6.6
14:20 < DArqueBishop> lucidguy, if you want ALL internet traffic to go through the VPN, you need to add the line 'push "redirect-gateway def1"' to the server config.
14:20 < DArqueBishop> You'll also want to push DNS as well.
14:21 -!- hive-mind [pranq@mail.bbis.us] has quit [Ping timeout: 240 seconds]
14:21 < DArqueBishop> !pushdns
14:21 <@vpnHelper> "pushdns" is (#1) push dhcp-option DNS a.b.c.d to push dns to the client or (#2) For pushing DNS to a Windows client, see: !windns or (#3) Unix-alikes are required to process the env-var in an --up script; read about --dhcp-option in the manpage or (#4) For distros that use resolvconf(8) you can try the pull-resolv-conf script under the contrib/ source dir or (#5) Mobile Client like OpenVPN
14:21 <@vpnHelper> for Android and OpenVPN Connect will happily accept push dhcp-option
14:21 < lucidguy> ok .. should I not be able to see the tap0 devie when I run brctl show?
14:21 < DArqueBishop> !redirect
14:21 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
14:21 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
14:22 < DArqueBishop> I couldn't tell you. I don't use bridging.
14:22 < DArqueBishop> I've only used bridging once, and that was ten years or so to get Command & Conquer Generals LAN play working between me and a friend in another city.
14:23 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
14:23 < banco> lucidguy: I don't know what's the brctl, but if it controls system bridges, then no, tap0 should be seen as network interface
14:27 < lucidguy> did as suggested .. same results
14:27 < lucidguy> hmm
14:28 < lucidguy> http://paste.ubuntu.com/13833963/
14:28 < lucidguy> I may have the server-bridge line wrong also, should that first IP be the IP of the server running OpenVPN which is also the local setting
14:32 -!- weary [~weary@2a01:7c8:aab2:9e:5054:ff:fe05:c4ae] has joined #openvpn
14:33 -!- bambam [~tony.wijn@mymojo.nl] has joined #openvpn
14:34  * weary reads topic. my problem is probably firewall. any way to debug what the firewall is missing? tcpdump gives two-way communication on port 1194 when connecting, but i get 'TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)' anyway
14:39 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:40 -!- hive-mind [pranq@mail.bbis.us] has joined #openvpn
14:41 < bambam> I'm trying to connect multiple networks together thru 1 open vpn instance with dhcp and dns being served outside of openvpn. I am able to connect to the internet, the openvpn host and other vpn clients fine. However I am not able to ping any servers on the openvpn servers local network and vice versa. ipfw is enabled firewall is open. Running on FreeBSD 10.2
14:41 < bambam> https://www.gliffy.com/go/publish/image/9589985/L.png
14:42 < bambam> rc.confhttp://fpaste.org/297778/
14:42 < bambam> ipfw rules http://fpaste.org/297760/44213144/
14:42 < bambam> openvpn conf http://fpaste.org/297759/
14:59 < banco> bambam: hi, can you first disconnect openvpn client on router and try to connect to the openvpn server from mobile client or PC not via your router (so it won't have same subnet as VPN)
15:01 < banco> bambam: maybe there's some issue when you try to create the bridge on the OpenVPN client
15:01 -!- whitebook [~whitebook@ool-457b8513.dyn.optonline.net] has joined #openvpn
15:01 -!- bambam [~tony.wijn@mymojo.nl] has quit [Quit: Lost terminal]
15:02 < whitebook> Hello. I am trying to route from the server to the clients LAN.
15:02 < whitebook> I have been reading all the tutorials and guess I a missing a step.
15:03 < whitebook> The client is connected to the server.
15:03 < whitebook> and they can ping each other.
15:03 < whitebook> however, I need to add some entries in the config to be able to route
15:03 < whitebook> I have see some commands like iroute, and push
15:04 < whitebook> I have tried that, but I still dont see the packets routing to the network
15:06 -!- whitebook [~whitebook@ool-457b8513.dyn.optonline.net] has quit [Remote host closed the connection]
15:08 < sliddis> banco: I do have server key and servercert +intermediate CA cert on the mikrotik openvpnserver. Client has intermediate CA cert. Still same thing when connecting....
15:09 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 240 seconds]
15:11 < banco> sliddis: try to delete the 22 line (or which one it was, empty line in the <ca>...</ca> tags) from the client config, dunno if it makes any difference though
15:12 < banco> sliddis: if it still won't work then set up your OpenVPN based on this instruction: http://wiki.mikrotik.com/wiki/OpenVPN
15:12 <@vpnHelper> Title: OpenVPN - MikroTik Wiki (at wiki.mikrotik.com)
15:15 < Ryushin> Do I need to specify the CRL in the config file?  Or is it linked to the certificate in some manner?
15:20 -!- bambam [~tony.wijn@mymojo.nl] has joined #openvpn
15:22 -!- wizbit [~wizbit@unaffiliated/wizbit] has quit [Read error: Connection reset by peer]
15:34 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
15:34 -!- lucidguy [~fern@d72-39-55-175.home1.cgocable.net] has quit [Quit: leaving]
15:36 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
15:46 -!- hadi [~Instantbi@31.59.6.190] has joined #openvpn
15:49 -!- wizbit [~wizbit@unaffiliated/wizbit] has joined #openvpn
15:51 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
15:52 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Read error: Connection reset by peer]
15:53 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
16:18 -!- Kniaz [~Kniaz@unaffiliated/kniaz] has left #openvpn []
16:26 -!- hadi1 [~Instantbi@31.59.8.135] has joined #openvpn
16:28 -!- hadi [~Instantbi@31.59.6.190] has quit [Ping timeout: 240 seconds]
16:28 -!- hadi1 is now known as hadi
16:31 -!- toli [~toli@ip-62-235-216-111.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
16:31 -!- toli [~toli@ip-62-235-215-188.dsl.scarlet.be] has joined #openvpn
16:46 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 256 seconds]
16:48 < sliddis> banco: well fucking finally. Its working =)  I had to add option tls-cipher DEFAULT
16:48 < sliddis> ref: http://forum.mikrotik.com/viewtopic.php?t=93663 not sure exactly what its doing tho?
16:48 <@vpnHelper> Title: OpenVPN doesn't work after client update. - MikroTik RouterOS (at forum.mikrotik.com)
16:52 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:55 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
17:03 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Ping timeout: 240 seconds]
17:06 -!- bambam [~tony.wijn@mymojo.nl] has quit [Quit: Lost terminal]
17:10 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 256 seconds]
17:13 < subzero79> !routebyapp
17:13 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on
17:13 <@vpnHelper> defined policies you set. For Linux, read about !lartc
17:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
17:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:35 < subzero79> !sockd
17:35 <@vpnHelper> "sockd" is if you want !routebyapp you can use this dante config www.ircpimps.org/sockd.conf but BE SURE TO ONLY RUN THIS ON THE INTERNAL VPN IP! otherwise you will be an open proxy. that config has no security because its expected to run inside openvpn
17:40 < sliddis> banco: and I also didnt need CA(intermediate) cert on server. just servercert
17:44 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:48 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
17:50 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
17:59 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
18:00 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit []
18:05 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
18:05 <@plaisthos> drwx: yes upgraded the openssl version :)
18:06 <@plaisthos> drwx: that is part of OpenSSL behaviour
18:06 <@plaisthos> drwx: OpenVPN just relays on OpenSSL
18:07 < drwx> plaisthos: so openvpn has no plan to depreciate sha1, but openssl might?
18:08 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
18:09 < wizbit> plaisthos: will openvpn detect hardware cypher engines from openssl?
18:09 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
18:11 <@plaisthos> drwx: it has been that important for OpenVPN
18:11 <@plaisthos> so we did not write any custom code for it
18:12 <@plaisthos> most CAs used in OpenVPN are under tight control anyway
18:12 <@plaisthos> wizbit: OpenVPN just uses OPenSSL
18:12 <@plaisthos> if OpenSSL uses HW crypt then OpenVPN will do it
18:16 < drwx> well thanks i'll try to see what openssl plans to do :)
18:19 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-221-180.w86-217.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
18:19 -!- darlinger [~darlinger@li1238-151.members.linode.com] has joined #openvpn
18:20 < darlinger> hello :) I'm trying to test out a setup with two openvpn servers and a client
18:20 < darlinger> basically I want anything that goes into one server to be forwarded over a tunnel into the next server
18:20 < darlinger> (client)----->(server1)---->(server2)
18:20 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
18:20 < darlinger> (client)----->(server1)---->(server2)--->internet
18:21 < darlinger> redirect-gateway won't work because it blocks incoming
18:21 < darlinger> I know it'll take some routing table commands to do thits
18:21 < darlinger> though not sure where to start
18:22 < darlinger> waiiiiit
18:22 < darlinger> is it as simple as setting up a bridge?
18:23 < darlinger> between say, a tun_server interface and a tun_client interface on (server1)
18:25 < darlinger> or would I do this with iptables rules...
18:26 -!- sliddis [33af9b0b@gateway/web/freenode/ip.51.175.155.11] has quit [Ping timeout: 252 seconds]
18:27 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 245 seconds]
18:27 -!- IamError [~tom@unaffiliated/iamerror] has joined #openvpn
18:30 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
18:31 < Eugene> darlinger - No, not bridging
18:31 < Eugene> Nor iptables
18:31 < Eugene> You want policy routing
18:31 < Eugene> !lartc
18:31 <@vpnHelper> "lartc" is (#1) LARTC is the de-facto guide to policy routing and QoS (tc, or traffic control) on Linux. http://lartc.org/howto/ . Policy routing in Ch. 4, QoS in Ch. 9. Start at the beginning if you're new to advanced routing on Linux or (#2) there is also a writeup on policy routing at https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
18:31 < Eugene> You'll need a rule stating that traffic from the client's tunnel IP goes via server2's tunnel IP
18:32 < darlinger> hmmm
18:32 < darlinger> thanks
18:32 < darlinger> I was about to get lost in mangle tables :p
18:32 < darlinger> the objective here is that the first server well allow me to connect to other devices that I have on that vpn
18:33 < darlinger> however, anything internet bound will be headed through the second vpn
18:33 < darlinger> does that make sense?
18:33 < darlinger> so I don't want ALL traffic
18:33 < darlinger> just some
18:33 < darlinger> I mean the internet bound traffic
18:35 < darlinger> lartc is sort of huge, can you direct me to which part pertains to what I'm trying to accomplish?
18:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
18:39 -!- wizbit [~wizbit@unaffiliated/wizbit] has left #openvpn []
18:39 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Read error: Connection reset by peer]
18:50 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit []
18:51 -!- Balveda [~cnekk@181.90.35.108] has joined #openvpn
18:57 < Balveda> Hello, has anyone had to deal with connecting to a VPN on an Amazon Web Services instance? I'm having issues with the ssh connection dropping and I'm not so sure of how to continue
18:59 < Balveda> I assume it's a routing problem but I don't know enough to deal with it properly
19:19 < anabain> Why can I ping from remote my android 10.1.1.2 to scanner/printer 192.168.1.3 through vpn on a dd-wrt router (10.1.1.1 / 192.168.1.1) with an embedded OpenVPN server but do I need to use iptables masquerading in order to be able to scan/print?
19:25 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:28 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
19:32 -!- OG_s7eele [~AndChat52@104.156.228.79] has joined #openvpn
19:36 -!- s7eele [~AndChat52@104.156.228.79] has quit [Ping timeout: 250 seconds]
19:36 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:37 -!- s7eele [~AndChat52@2600:100d:b118:3dff:9b51:9dfd:ab1f:a504] has joined #openvpn
19:37 -!- s7eele [~AndChat52@2600:100d:b118:3dff:9b51:9dfd:ab1f:a504] has quit [Client Quit]
19:38 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has joined #openvpn
19:39 -!- OG_s7eele [~AndChat52@104.156.228.79] has quit [Ping timeout: 240 seconds]
19:59 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
20:04 < Balveda> !welcome
20:04 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
20:04 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:05 < Balveda> !goal 'I would like to mantain an SSH connection to my AWS instance that is connecting to a Hidemyass VPN to spoof the AWS IP'
20:06 < Balveda> !route
20:06 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
20:06 <@vpnHelper> client
20:09 < Balveda> !redirect
20:09 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns or (#3) if using ipv6 try: route-ipv6 2000::/3 or (#4) Handy troubleshooting flowchart:
20:09 <@vpnHelper> http://pekster.sdf.org/misc/redirect.png
20:10 < Balveda> !def1
20:10 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1"
20:25 -!- somis [~somis@70.38.6.189] has quit [Quit: Leaving]
20:27 -!- hadi1 [~Instantbi@31.59.55.207] has joined #openvpn
20:29 -!- hadi [~Instantbi@31.59.8.135] has quit [Ping timeout: 256 seconds]
20:29 -!- hadi1 is now known as hadi
20:33 -!- hadi [~Instantbi@31.59.55.207] has quit [Read error: Connection reset by peer]
20:39 -!- Balveda [~cnekk@181.90.35.108] has quit [Ping timeout: 256 seconds]
20:55 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
20:57 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has joined #openvpn
20:58 < Konigsforst> !welcome
20:58 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
20:58 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
20:59 < Konigsforst> !goal
20:59 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
21:03 < Konigsforst> What is the best way to end a VPN connection while running Linux. In this case, i am referring not to one that has been started in a terminal, but one that has been started with the system, so i wont be able to "ctrl + c". I know i can use sudo killall openvpn. However i am unsure if that is the cleanest and most efficient way. Is there a better way than this? Or is kill/killall the best thing to do?
21:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
21:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:24 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has quit [Quit: Leaving]
21:28 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
21:53 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
22:00 -!- isReKT2000 is now known as imReKt1000
22:06 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
22:06 < darlinger> Eugene: alright, I'm still stuck. I've tried adding a custom table that matches an traffic coming from the server tunnel's ip
22:06 < darlinger> but I still can't get it to redirect over into the second vpn
22:06 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
22:07 < darlinger> mtr won't change either
22:08 < darlinger> well I mean that's a given
22:09 < darlinger> the only time I get any progress is if I specify a single IP in server1's routing tables to be directed via it's client tunel
22:09 < darlinger> tunnel
22:10 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:13 -!- imReKt1000 is now known as imReKT1000
22:18 < darlinger> I figured it out!
22:21 < darlinger> Eugene: thanks!
22:34 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
22:37 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
22:51 < ybgd> How can I test if UPNP is enabled on my OpenVPN server?  I've added server.up/server.down scripts to my server.conf but im not sure how to be certain all is working ???
23:11 < Eugene> darlinger - anytime! Except I was out at dinner!
23:28 -!- IamError [~tom@unaffiliated/iamerror] has quit [Ping timeout: 240 seconds]
23:29 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
23:30 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:32 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
23:39 -!- ShadniX [dagger@p5481DB04.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:40 -!- ShadniX [dagger@p5481D692.dip0.t-ipconnect.de] has joined #openvpn
23:43 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
--- Day changed Wed Dec 09 2015
00:02 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:09 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
00:34 -!- mgorbach [~mgorbach@pool-100-0-124-175.bstnma.fios.verizon.net] has quit [Ping timeout: 246 seconds]
00:46 -!- mgorbach [~mgorbach@pool-96-237-153-21.bstnma.ftas.verizon.net] has joined #openvpn
00:56 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:04 < ybgd> do i exist?
01:17 < valdikss> ybgd: upnp? It doen
01:17 < valdikss> ybgd: doesn't have anything with OpenVPN
01:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
01:22 < ybgd> i followed this tutorial https://blog.celogeek.com/201505/615/openvpn-with-upnp-support-in-10-minutes/  it seems upnp can be supported in openvpn??
01:22 <@vpnHelper> Title: OpenVPN with uPNP support in 10 minutes | Celogeek (at blog.celogeek.com)
01:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:32 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Remote host closed the connection]
01:33 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
01:56 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
02:06 -!- IamError_ [~tom@unaffiliated/iamerror] has joined #openvpn
02:14 -!- doop [~doop@colostomy.club] has quit [Ping timeout: 256 seconds]
02:37 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has quit []
02:44 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
02:52 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:55 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Read error: Connection reset by peer]
03:08 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Max SendQ exceeded]
03:10 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
03:11 -!- doop [~doop@colostomy.club] has joined #openvpn
03:11 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
03:17 <@mattock_> FYI: OSTIF.org started Kickstarter campaign for auditing and improving security software, including OpenVPN: https://forums.openvpn.net/topic20423.html
03:17 <@vpnHelper> Title: OpenVPN Support Forum Kickstarter campaign for improving security software : Off Topic, Related (at forums.openvpn.net)
03:18 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:28 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
03:37 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
03:46 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
03:46 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:59 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:08 -!- ghormoon [~ghormoon@ghorland.net] has quit [Read error: Connection reset by peer]
04:08 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Ping timeout: 240 seconds]
04:09 -!- ghormoon [~ghormoon@ghorland.net] has joined #openvpn
04:19 -!- christobill [uid60328@gateway/web/irccloud.com/x-oecehxzzokgqkqgc] has joined #openvpn
04:22 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Ping timeout: 250 seconds]
04:23 < christobill> Hello guy. I have some problems with the implementation of routed (V)LAN, as described in https://community.openvpn.net/openvpn/wiki/RoutedLans or http://backreference.org/2009/11/15/openvpn-and-iroute/
04:23 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
04:26 -!- u0m3_ [~u0m3@89.120.204.99] has joined #openvpn
04:27 < christobill> Basically what I am trying to do is to use routed LANs on 2 different cloud providers. The problem is I am not sure I can change the gateways of my cloud provider private network.
04:27 -!- sliddis [33af9b0b@gateway/web/freenode/ip.51.175.155.11] has joined #openvpn
04:28 < christobill> Any tools, pointers would be warmly welcomed
04:29 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 246 seconds]
04:31 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
04:32 < christobill> If that is not possible, I was thinking I could have all my machines as openvpn clients. with client-to-client enabled
04:32 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
04:37 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Remote host closed the connection]
04:39 < sliddis> I cannot access the local lan behind vpn server, even though I put remote clients in that specific lan. so no firewall issues._
04:40 < christobill> You have to  add an Iptable rule
04:42 < sliddis> christobill: why? they on the same lan?
04:42 < christobill> iptables -t nat -A POSTROUTING -s 10.tun.ovpn.0/24 -o eth1 -j MASQUERADE
04:42 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
04:44 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
04:45 < christobill> Not an openvpn specialist sliddis :( . But without this rule, my client cannot access the LAN behind my server
04:46 < flyingkiwi> sliddis, VPN server and your LAN clients default gateway are not the same physical device? Then, yes, you can just NAT everything or add a static route on your LAN clients default gateway to your VPN servers client network. Last one is most preferable
04:59 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
05:02 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Ping timeout: 256 seconds]
05:06 < christobill> My openvpn server can ping the client, but not the LAN behind the client (even with iroute). How can I debug that?
05:13 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
05:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:16 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
05:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:27 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
05:37 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
05:39 -!- u0m3 [~u0m3@89.120.204.99] has quit [Client Quit]
05:40 -!- u0m3_ [~u0m3@89.120.204.99] has quit [Ping timeout: 272 seconds]
05:41 -!- lotharn6 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
05:41 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Read error: Connection reset by peer]
05:47 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
05:47 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:06 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
06:08 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit []
06:12 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:14 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Read error: Connection reset by peer]
06:14 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
06:18 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 256 seconds]
06:36 -!- ustn [~ustn@p4FDB0B31.dip0.t-ipconnect.de] has joined #openvpn
06:42 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
06:47 -!- sliddis [33af9b0b@gateway/web/freenode/ip.51.175.155.11] has quit [Quit: Page closed]
06:51 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Remote host closed the connection]
07:07 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:09 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
07:09 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
07:10 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Client Quit]
07:14 < darlinger> Eugene: maybe you can help me with what I was originally trying to do
07:14 < darlinger> I was trying to use MARK in FORWARD in the mangle table, and then have a routing table that looks for the mark
07:15 < darlinger> couldn't get it to work
07:15 < darlinger> I just wanted anything that was going to get forwarded out of the first server to be intercepted by iptables and routing tables and them pumped through its client tunnel interface
07:17 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:19 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
07:21 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
07:25 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:26 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Ping timeout: 272 seconds]
07:28 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Read error: Connection reset by peer]
07:31 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
07:51 -!- JustEra [~JustEra@217.138.37.156] has joined #openvpn
08:01 < JustEra> Hello, I don't know if I'm on the right channel so sorry, I want to reach a 192.168.0.x subnet that is thought a VPN server in another location , I tried to set a static route from the router to the VPN server but still cant ping the good subnet, my architecture is like that  : https://drive.google.com/file/d/0B3L-YhaWTcxqekx6RWx5QWF6c1U/view?usp=sharing
08:01 <@vpnHelper> Title: Diagramme sans nom.html - Google Drive (at drive.google.com)
08:02 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
08:03 -!- ustn [~ustn@p4FDB0B31.dip0.t-ipconnect.de] has quit [Quit: ustn]
08:18 -!- dannier [dannier@117.185.76.94] has joined #openvpn
08:19 < dannier> hi
08:19 < dannier> i have keep getting this message when trying to connect
08:19 < dannier> Wed Dec 09 22:11:15 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
08:19 < dannier> repeates 12 times then tries to reconnect
08:20 < dannier> does anyone have an idea what is wrong
08:28 < dannier> its odd because the client does not connect but i can browse website that don't work without the vpn
08:28 < dannier> such as youtube here in china
08:28 < dannier> however my ip if i check is not the vpn's but my local one
08:32 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
08:40 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Read error: Connection reset by peer]
08:41 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
08:46 -!- ustn [~ustn@p4FDB0B31.dip0.t-ipconnect.de] has joined #openvpn
08:47 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
08:50 < valdikss> dannier: probably a Chinese firewall blocked your connection?
08:54 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Quit: Konversation terminated!]
08:56 -!- Ryushin [user@windwalker.chrisdos.com] has quit [Ping timeout: 246 seconds]
08:56 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Read error: Connection reset by peer]
08:56 < dannier> Wed Dec  9 09:49:43 2015 us=796450 180.159.207.34:61075 TLS Error: reading acknowledgement record from packet
08:56 < dannier> Wed Dec  9 09:49:52 2015 us=652838 IP packet with unknown IP version=15 seen
08:57 < dannier> weird error messages
08:57 < darlinger> valdikss: all hail the GFW
08:57 < dannier> thats from the server log
08:57 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
08:57 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
08:58 < DArqueBishop> dannier, like valdikss said, it's very possible the Great Firewall is interfering with your VPN traffic.
08:58 < dannier> i think its a setup issue
08:58 < dannier> been using vpn here for years never had those error messages
09:00 < dannier> first time ever been able to view youtube while the client is yellow
09:00 < dannier> but not other websites and ip is still the local chinese one
09:01 < dannier> lol youtube works but pastebin doesn't
09:01 < dannier> both are blocked in china without vpn
09:02 < dannier> could it be the firewall on server?
09:05 < dannier> the great firewall wouldn't make the server log mention tls errors and ip version = 15
09:08 < dannier> in fact even when i disconnect the client, i can still access youtube and google
09:08 < dannier> those never work without vpn
09:08 < dannier> this is so so weird
09:11 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Remote host closed the connection]
09:12 -!- greyhammer [614db77a@gateway/web/freenode/ip.97.77.183.122] has joined #openvpn
09:12 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Ping timeout: 272 seconds]
09:12 < greyhammer> !welcome
09:12 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
09:12 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
09:13 < greyhammer> !route
09:13 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
09:13 <@vpnHelper> client
09:15 < greyhammer> Hello, I'm not asking for a walk through, i just want to know its possible. do you have successful setups for accessing servers in an AWS VPC when openvpn is installed on an instance in that vpc?
09:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
09:16 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
09:17 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
09:19 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Remote host closed the connection]
09:19 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
09:20 < dannier> what's the default openvpn port
09:20 < dannier> 1093?
09:23 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:23 < greyhammer> 1194?
09:24 < DArqueBishop> 1194.
09:24 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
09:24 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Remote host closed the connection]
09:26 -!- shio [shio@220.188.103.84.rev.sfr.net] has quit [Ping timeout: 246 seconds]
09:28 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
09:30 < dannier> this fixed it
09:30 < dannier> echo 'lo' > /sys/module/aoe/parameters/aoe_iflist
09:30 < dannier> no idea why
09:31 < dannier> anyone know?
09:31 < dannier> damn
09:31 < dannier> client goes green but server log says
09:31 < dannier> Wed Dec  9 10:24:07 2015 us=934684 client2/117.185.76.94:62709 MULTI: bad source address from client [::], packet dropped
09:32 < dannier> can't browse any websites but the client is green
09:37 < dannier> Wed Dec  9 10:30:38 2015 us=466750 client2/117.185.76.94:61871 MULTI: bad source address from client [::], packet dropped
09:38 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
09:38 -!- user123irc [~quassel@176.126.237.207] has joined #openvpn
09:39 < user123irc> hello wanted tosk, maybe someone could recommend good free vpn servers  something like http://freevpn.me/accounts  or better, thanks
09:45 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
10:00 < greyhammer> Hello, im having issues routing traffic from the lan the openvpn server is on to the vpn clients. This is running in AWS VPC
10:00 < greyhammer> i can pin vpn client and server from one another
10:00 < greyhammer> my vpn lan is the default 10.8.0.0/24 and the VPC lan is 10.0.0.0/24
10:01 < greyhammer> i have enabled ip forwarding
10:01 < greyhammer> !paste
10:01 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
10:01 -!- shio [~shio@129.121.101.84.rev.sfr.net] has joined #openvpn
10:02 < greyhammer> my server config https://gist.github.com/anonymous/e0c2aa7a684f636589bc
10:02 <@vpnHelper> Title: Server.conf · GitHub (at gist.github.com)
10:02 < greyhammer> client config https://gist.github.com/anonymous/cd41fd90e13b74720ae9
10:02 <@vpnHelper> Title: keith.opvn · GitHub (at gist.github.com)
10:03 < greyhammer> im using a setup simular to the second one here and i've setup those iptables rules on the server https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
10:03 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
10:04 < greyhammer> and i added a route in the AWS Routes for the VPC subnet to point the VPN subnet to the VPC ip of the openvpn server
10:05 < greyhammer> i have the windows firewall completely off
10:06 < greyhammer> my iptables on the openvpn server https://gist.github.com/anonymous/d6fa87c5f2da4fcd8532
10:06 <@vpnHelper> Title: iptables -L on openvpn server · GitHub (at gist.github.com)
10:06 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Read error: Connection reset by peer]
10:06 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has joined #openvpn
10:07 < greyhammer> i want to be able to connect to servers in the VPC lan from the clients, but so far pings, ssh, rdp are all failing
10:07 < greyhammer> any help is greatly appreciated!
10:10 < greyhammer> oh dang, my appoligies on not reading the config posting guidlines
10:10 < greyhammer> !configs
10:10 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
10:11 < greyhammer> i am running OpenVPN 2.3.2 on Ubuntu 14.04
10:12 < greyhammer> and Openvpn Gui for windows 10
10:18 -!- christobill [uid60328@gateway/web/irccloud.com/x-oecehxzzokgqkqgc] has quit []
10:21 < greyhammer> here is the server.conf without the comments https://gist.github.com/anonymous/0c18fee1d015563a7739
10:21 <@vpnHelper> Title: server.conf · GitHub (at gist.github.com)
10:23 < DArqueBishop> greyhammer: did you enable IP forwarding in your server's kernel?
10:23 < DArqueBishop> !ipforward
10:23 <@vpnHelper> "ipforward" is (#1) ip forwarding is needed any time you want packets to flow from 1 interface to another, so from tun to eth, eth to tun, tun to tun, etc etc. it must be enabled in the kernel AND allowed in the firewall or (#2) please choose between !linipforward !winipforward !osxipforward and !fbsdipforward
10:29 < greyhammer> if im understanding you correctly, i have.  i run sysctl -p /etc/sysctl.conf and it returns net.ipv4.ip_forward = 1
10:29 -!- speeddragon [~speeddrag@port-87-193-142-46.static.qsc.de] has quit [Remote host closed the connection]
10:33 -!- M4rc3l [~xxx@unaffiliated/m4rc3l] has quit [Ping timeout: 246 seconds]
10:34 -!- ustn [~ustn@p4FDB0B31.dip0.t-ipconnect.de] has quit [Quit: ustn]
10:36 -!- M4rc3l [~xxx@unaffiliated/m4rc3l] has joined #openvpn
10:38 < anabain> Does host 192.168.1.4 go through 192.168.1.1 in order to reach host 192.168.1.5? I mean, does 192.168.1.1 act as a gateway the same way as if the target host was, e.g., 192.168.33.5?
10:47 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:53 < greyhammer> !linipforward
10:53 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware or (#3) you also must allow forwarding in your forward chain in iptables. iptables -I FORWARD -i tun+ -j ACCEPT
10:54 < greyhammer> maybe my route in aws route table is wrong?
11:03 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has joined #openvpn
11:04 < ke4nhw> !ovpnuke
11:04 <@vpnHelper> "ovpnuke" is https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b for info on CVE-2014-8104 which is a DOS that allows an authenticated client to crash an openvpn server running openvpn before 2.3.6
11:08 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:13 < greyhammer> i created a serverfault question with the updated into.  still having the issues http://serverfault.com/questions/741904/openvpn-and-aws-vpc-vpn-client-can-connect-to-vpn-and-ping-vpn-server-but-canno
11:13 <@vpnHelper> Title: amazon web services - OpenVPN and AWS VPC. VPN Client can connect to VPN and ping VPN Server but cannot connect to VPC Servers through the VPN - Server Fault (at serverfault.com)
11:13 < greyhammer> !goal
11:13 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
11:14 < greyhammer> !logs
11:14 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
11:15 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:15 < greyhammer> !logfile
11:15 <@vpnHelper> "logfile" is (#1) If you want logging you can easily just specify your own logfile with: log /path/to/logfile or (#2) openvpn will log to syslog if started in daemon mode, but without any log-redirection options, openvpn sends output to stdout. or (#3) verb 3 is good for everyday usage, verb 5 for debugging. see --daemon --log and --verb in the manual (!man) for more info
11:18 < greyhammer> ok, i put all 4 files in the gist, now including the log file from the server with verb set to 4 https://gist.github.com/greyhammer/7eba7bf3e9e3bf2e3b0f
11:18 <@vpnHelper> Title: cleitn.ovpn · GitHub (at gist.github.com)
11:25 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
11:27 < greyhammer> turns out i missed a NAT command iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
11:29 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Client Quit]
11:29 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Read error: Connection reset by peer]
11:30 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
11:30 -!- greyhammer [614db77a@gateway/web/freenode/ip.97.77.183.122] has quit [Quit: Page closed]
11:33 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Read error: Connection reset by peer]
11:33 -!- speeddragon [~speeddrag@tmo-100-178.customers.d1-online.com] has joined #openvpn
11:38 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 246 seconds]
11:39 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 250 seconds]
11:56 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
11:56 -!- mode/#openvpn [+v hazardous] by ChanServ
11:56 -!- iNs [~ins@85.17.164.26] has joined #openvpn
12:04 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
12:09 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Client Quit]
12:20 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
12:21 < user123irc> why vpn book  bundle files doesint work and why freevpn.me files works on my openvpn gui ?
12:23 -!- autrilla_ [~autrilla@python/site-packages/autrilla] has joined #openvpn
12:23 < autrilla_> Hello! My VPN is super slow today, what can I do to help find the culprit?
12:28 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
12:30 -!- autrilla_ [~autrilla@python/site-packages/autrilla] has quit [Ping timeout: 272 seconds]
12:31 -!- speeddragon [~speeddrag@tmo-100-178.customers.d1-online.com] has quit [Ping timeout: 272 seconds]
12:32 -!- user123irc [~quassel@176.126.237.207] has quit [Ping timeout: 272 seconds]
12:33 -!- speeddr__ [~speeddrag@tmo-107-83.customers.d1-online.com] has joined #openvpn
12:35 -!- speeddr__ [~speeddrag@tmo-107-83.customers.d1-online.com] has quit [Remote host closed the connection]
12:39 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:41 < Eugene> Drink heavily
12:45 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
12:47 < autrilla> My OpenVPN vpn is reaally slow today. Without it, I can download at about 500KB/s, with it, it goes down to 15KB/s
12:53 <@dazo> !ddwrt
12:53 <@dazo> !dd-wrt
12:53 <@vpnHelper> "dd-wrt" is (#1) While some users have success with dd-wrt, the build system isn't very accessible to users and there have been security issues with the distro. Consider carefully if this is the platform you want to use for OpenVPN or (#2) Firewall oopsie : http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783 or (#3) more issues: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=84536
12:55 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
12:55 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Quit: Byebye]
12:56 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Client Quit]
13:00 -!- marlinc [~marlinc@bouncer.cvo.technology] has joined #openvpn
13:00 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 250 seconds]
13:02 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
13:08 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 240 seconds]
13:15 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
13:17 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
13:19 -!- IamError_ is now known as IamError
13:19 -!- user123irc [~quassel@176.126.237.207] has joined #openvpn
13:20 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
13:21 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 250 seconds]
13:23 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:27 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 244 seconds]
13:29 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
13:33 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
13:33 -!- ade_b [~Ade@redhat/adeb] has quit [Remote host closed the connection]
13:33 -!- jsgrant [~jsgrant@71-81-84-194.dhcp.stls.mo.charter.com] has joined #openvpn
13:34 < jsgrant> How can I check, via a remote terminal, if I'm connected to a vpn network; I'm at a loss.
13:35 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:48 < banco> jsgrant: ping another host in the vpn network
13:49 -!- ybgd [~ybgd@unaffiliated/ybgd] has joined #openvpn
13:50 -!- dazo is now known as dazo_afk
13:51 -!- ybgd [~ybgd@unaffiliated/ybgd] has quit [Read error: Connection reset by peer]
13:54 -!- speeddragon [~speeddrag@tmo-107-83.customers.d1-online.com] has joined #openvpn
13:55 -!- m3n3chm0 [~XFCE@47.61.108.171] has left #openvpn ["Life Is killing me"]
13:55 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:56 -!- m3n3chm0 [~XFCE@47.61.108.171] has left #openvpn ["Life Is killing me"]
13:56 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
13:58 -!- speeddragon [~speeddrag@tmo-107-83.customers.d1-online.com] has quit [Ping timeout: 256 seconds]
14:00 -!- JustEra [~JustEra@217.138.37.156] has quit [Ping timeout: 272 seconds]
14:05 -!- Ryushin [chris@2001:5c0:1000:a::141] has joined #openvpn
14:11 -!- Ryushin [chris@2001:5c0:1000:a::141] has quit [Ping timeout: 250 seconds]
14:16 -!- xenkey [~xen@unaffiliated/xenkey] has joined #openvpn
14:16 < xenkey> Hi everyone!
14:17 < xenkey> I've got an internal network which I need to access via a VPN, the server assigns me a unique ipv4 address in the 172. range and redirecting all traffic through this vpn works, and internal ranges are also accessible. Is it possible to do something similar with ipv6?
14:18 -!- jsgrant [~jsgrant@71-81-84-194.dhcp.stls.mo.charter.com] has quit [Remote host closed the connection]
14:20 < xenkey> http://pastie.org/10621495
14:21 < xenkey> Accessing the ipv4 and ipv6 internet is a good start for me, the internal routes can be done later if they don't work after having set up the first part
14:24 -!- Ryushin [chris@2001:5c0:1000:a::89] has joined #openvpn
14:32 -!- Ryushin [chris@2001:5c0:1000:a::89] has quit [Ping timeout: 250 seconds]
14:34 -!- somis [~somis@70.38.6.189] has joined #openvpn
14:40 -!- jsfrerot [~jsfrerot@192.252.133.70] has left #openvpn ["Leaving"]
14:45 -!- Ryushin [chris@2001:5c0:1000:a::81] has joined #openvpn
14:59 -!- noecc [~irc@unaffiliated/noecc] has quit [Remote host closed the connection]
15:06 -!- roy2098 [a6abbad4@gateway/web/freenode/ip.166.171.186.212] has joined #openvpn
15:07 < roy2098> HI all, I have a FreeBSD server running openvpn and need to connect Windows OVPN GUI clients to it
15:07 < roy2098> I would like some starter very basic example conf's that I can build off
15:07 < roy2098> I do have experience with OVPN but it is only via the implementation within pfSense - I've never started "from scratch"
15:08 < roy2098> My attempts so far have not been successful ...
15:08 < roy2098> I'd like something very basic so I can make sure there is nothing more fundamental (datacenter routing/firewalling etc) interfering
15:09 < roy2098> In other words, I would like to have a basic config that lets me see the Windows gui's green lights
15:10 -!- ikonia [~irc@unaffiliated/ikonia] has joined #openvpn
15:25 -!- ikonia [~irc@unaffiliated/ikonia] has left #openvpn []
15:32 < Eugene> roy2098 - the howto has example server/client.conf files
15:34 < Eugene> The simplest "normal" client is something like: openvpn --client --remote <address> --key foo.key --cert foo.crt --ca ca.crt
15:34 < Eugene> Oh, and --dev tun
15:38 <@ecrist> roy2098: ssl-admin is something you might want to look at, as well.
15:44 -!- uiyice [~uiywtf@c-69-143-201-7.hsd1.md.comcast.net] has joined #openvpn
16:03 < roy2098> thank you Eugene and ecrist, I will have a look...
16:05 -!- user123irc [~quassel@176.126.237.207] has quit [Remote host closed the connection]
16:29 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:31 < roy2098> Eugene and ecrist - I've turned up logging to 5 and on the client side i get:
16:31 < roy2098> Wed Dec 09 17:23:23 2015 MANAGEMENT: >STATE:1449699803,WAIT,,, Wed Dec 09 17:24:23 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Dec 09 17:24:23 2015 TLS Error: TLS handshake failed Wed Dec 09 17:24:23 2015 TCP/UDP: Closing socket Wed Dec 09 17:24:23 2015 SIGUSR1[soft,tls-error] received, process restarting
16:32 < roy2098> this is about where I left off
16:32 < roy2098> the example file given with the FBSD port of openvpn was basically the same server.conf as in the how-to
16:33 -!- Denial [~Denial@81.141.18.138] has quit [Ping timeout: 260 seconds]
16:33 -!- Denial [~Denial@81.141.7.174] has joined #openvpn
16:33 < roy2098> and I've used the how-to client config with just the addition of the remote-cert-tls server directive to suppress the cert verifcation warning
16:34 < banco> roy2098: check the connection between client and server
16:34 < roy2098> full disclosure: server in datacenter, but ports 1-65535 both udp and tcp are open to this virtual machine
16:34 < roy2098> banco: i can ssh into the server fine
16:34 < roy2098> from the windows client
16:34 < roy2098> sorry, from the windows machine
16:35 < banco> roy2098: not ssh, but check the OpenVPN port
16:35 < roy2098> i don't have telnet on that windows machine
16:35 < banco> roy2098: use netcat to check it
16:35 < roy2098> how else can i check port 1194?
16:36 < roy2098> lemme see...
16:36 < roy2098> netcat? from where and how?
16:37 < banco> roy2098: listen with netcat on UDP port 1194 on the server side and on the client side send some data with netcat on the server IP and port
16:37 < banco> roy2098: for windows client use ncat from nmap
16:37 < roy2098> banco: hmmmm
16:38 < banco> roy2098: https://www.digitalocean.com/community/tutorials/how-to-use-netcat-to-establish-and-test-tcp-and-udp-connections-on-a-vps
16:38 <@vpnHelper> Title: How To Use Netcat to Establish and Test TCP and UDP Connections on a VPS | DigitalOcean (at www.digitalocean.com)
16:39 < roy2098> netstat -a on server shows this: udp4       0      0 *.openvpn              *.*
16:41 < banco> roy2098: so?
16:41 < banco> roy2098: before you try to test with netcat you obviously ned to stop openvpn
16:43 < roy2098> ok i got it, downloading nmap for windows ....
16:43 < roy2098> stopping openvpn
16:44 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 250 seconds]
16:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
16:45 < banco> roy2098: not nmap, you need only their ncat
16:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:47 < banco> roy2098: https://nmap.org/ncat/
16:47 <@vpnHelper> Title: Ncat - Netcat for the 21st Century (at nmap.org)
16:47 < banco> roy2098: there is link to the portable version: http://nmap.org/dist/ncat-portable-5.59BETA1.zip
16:48 < roy2098> banco: i've installed the whole mess... is the syntax ncat ip.ad.dr.es port ?
16:48 < banco> roy2098: the syntax is the same as for netcat
16:49 < roy2098> and on the server side, I don't have netcat, only netstat
16:49 < roy2098> bsd world
16:49 < banco> roy2098: install it
16:49 < roy2098> ok
16:49 < banco> roy2098: nc
16:50 < roy2098> ok, installed
16:51 < banco> roy2098: netcat -ul 1194 on the server side
16:51 < banco> roy2098: netcat -u ip 1194 on the client side
16:53 < roy2098> i've opened both but don't see anything happening
16:54 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:54 < roy2098> banco: nothing
16:55 < banco> roy2098: type something on the client side
16:56 < roy2098> still nothing after typing
16:56 < roy2098> banco: wait a minute, i forgot, i've got to forward the port!
16:57 < roy2098> banco: to the vm in the datacenter!
16:57 < roy2098> banco: what an idiot!
16:57 < roy2098> please stand by
16:58 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:01 < autrilla> Hmm, I can't access anything on the internet (other than my VPN server) with this routes, any idea? https://gist.github.com/autrilla/5d5f8f5e961baa44e294
17:01 <@vpnHelper> Title: gist:5d5f8f5e961baa44e294 · GitHub (at gist.github.com)
17:02 < autrilla> Those routes were all added by openvpn, except the docker one
17:03 < banco> autrilla: routes looks fine, check the server side
17:03 < autrilla> banco: what on the server side?
17:03 < autrilla> I mean I see the client connect from the server
17:04 < roy2098> banco: done! had to deal with CloudStack's firewall, my brain needs a tune-up!
17:04 < banco> autrilla: check if you have the ip forwarding enabled
17:05 < roy2098> banco: thank you very much for assisting
17:05 < banco> roy2098: good
17:05 < banco> autrilla: check if you have nat enabled
17:06 < autrilla> banco: on openvpn's config?
17:06 < banco> autrilla: and check fw rules on the whole
17:06 < banco> autrilla: no, in the system
17:07 < banco> autrilla: https://openvpn.net/index.php/open-source/documentation/howto.html#redirect
17:07 <@vpnHelper> Title: HOWTO (at openvpn.net)
17:07 < autrilla> banco: yeah, I've got push "redirect-gateway def1 bypass-dhcp"
17:07 < banco> autrilla: what's about NAT?
17:08 < autrilla> I have no idea
17:08 < banco> autrilla: also, what's the output of the sysctl net.ipv4.ip_forward?
17:09 < autrilla> banco: well I have net.ipv4.ip_forward = 1 in /etc/sysctl.conf if that's what you mean
17:11 -!- speeddragon [~speeddrag@46.189.67.141] has joined #openvpn
17:11 < banco> autrilla: read about the NAT rule with iptables on the link above (iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE)
17:12 < autrilla> banco: I don't think i'm even using iptables, this stopped working after a reboot so it's probably firewall
17:14 < autrilla> banco: do I need iptables?
17:15 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:15 < banco> autrilla: did you even read the link above?
17:15 < banco> Pushing the redirect-gateway option to clients will cause all IP network traffic originating on client machines to pass through the OpenVPN server. The server will need to be configured to deal with this traffic somehow, such as by NATing it to the internet, or routing it through the server site's HTTP proxy.
17:15 < banco> On Linux, you could use a command such as this to NAT the VPN client traffic to the internet:
17:18 -!- speeddragon [~speeddrag@46.189.67.141] has quit [Ping timeout: 272 seconds]
17:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
17:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:24 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
17:28 < dannier> hi
17:28 < dannier> i keep getting this error in server config
17:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
17:28 < dannier> Wed Dec  9 18:21:01 2015 us=609145 client2/117.185.76.94:54792 MULTI: bad source address from client [::], packet dropped
17:28 < dannier> it breaks the vpn
17:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:35 < banco> dannier: check your client routes, seems like you routed the traffic from your loopback interface (:: - ipv6 loopback address) to the tun interface
17:35 < banco> ot is ipv6 loopback ::1? don't remember
17:39 < dannier> banco how to check?
17:41 < banco> dannier: ip r / route print (linux/windows)
17:42 < dannier> cheers
17:42 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has joined #openvpn
17:42 < dannier> pastebin is blocked here so apologies for this:
17:42 < dannier> default via 192.73.252.1 dev eth0  proto static  metric 1024
17:42 < dannier> 10.8.0.0/24 via 10.8.0.2 dev tun0
17:42 < dannier> 10.8.0.2 dev tun0  proto kernel  scope link  src 10.8.0.1
17:42 < dannier> 192.73.252.0/24 dev eth0  proto kernel  scope link  src 192.73.252.155
17:43 < banco> seems ok
17:44 < dannier> i have to get ready for the day, later on i'll try to post all the configs/logs
17:44 < dannier> banco cheers
17:44 < banco> dannier: ok, buy
17:45 < banco> bay*
17:45 < Konigsforst> !welcome
17:45 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
17:45 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
17:45 < subzero79> 192.73.252.x?
17:46 < Konigsforst> !logs
17:46 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
17:47 < Konigsforst> !config
17:47 <@vpnHelper> (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.
17:48 < Konigsforst> !configs
17:48 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
17:50 < banco> dannier: check "ip -6 r"
17:56 -!- roy2098 [a6abbad4@gateway/web/freenode/ip.166.171.186.212] has quit [Quit: Page closed]
17:57 < dannier> banco here:
17:57 < dannier> again aplogies for the flood
17:57 < dannier> unreachable ::/96 dev lo  metric 1024  error -101
17:57 < dannier> unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101
17:57 < dannier> unreachable 2002:a00::/24 dev lo  metric 1024  error -101
17:57 < dannier> unreachable 2002:7f00::/24 dev lo  metric 1024  error -101
17:57 < dannier> unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101
17:57 < dannier> unreachable 2002:ac10::/28 dev lo  metric 1024  error -101
17:57 < dannier> unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101
17:57 < dannier> unreachable 2002:e000::/19 dev lo  metric 1024  error -101
17:57 < dannier> 2607:f740:0:3f::/64 dev eth0  proto kernel  metric 256
17:57 < dannier> unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101
17:57 < dannier> fe80::/64 dev eth0  proto kernel  metric 256
18:05 -!- Ryushin [chris@2001:5c0:1000:a::81] has quit [Ping timeout: 264 seconds]
18:05 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
18:05 < banco> dannier: seems ok too, you can try to check iptables logs to see what's going via the tunnel from the client side
18:12 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
18:12 < dannier> client is windows machine
18:12 < dannier> iptables -L -v looks super weird on the server side though
18:12 < dannier> its a mile long
18:13 < banco> dannier: which routes was that then?
18:13 < banco> dannier: from server?
18:13 < dannier> banco all from server
18:14 < dannier> i'd post the windows client route but it'll flood the room
18:14 < banco> 05:28:34 < banco> dannier: check your client routes
18:15 < dannier> dont know if it helps but all the ip's in the route print output are ipv6
18:15 < dannier> ignore that
18:15 < dannier> early morning here
18:15 < dannier> looking at the active routes table
18:16 < dannier> none of the ip's are that of the server
18:16 < dannier> and im connected now to vpn
18:16 < banco> dannier: there should be somewhere ip from 10.8.0.0/24 subnet
18:17 < banco> dannier: do you have empty ipv4 table?
18:17 < dannier> can i take a screenshot and post it
18:17 < dannier> imagine posting not blocked here
18:17 < banco> dannier: post the image then
18:18 < dannier> https://imageupload.co.uk/image/cVeV
18:18 <@vpnHelper> Title: 1 - Free Image Hosting (at imageupload.co.uk)
18:18 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:21 < Konigsforst> Hello. My goal is to get the update-resolv-conf script to work for me ( https://github.com/masterkorp/openvpn-update-resolv-conf ). My problem is that when i disconnect from openvpn, the script does not work and i get the error message seen here in the paste, which also contains the config, and additional info ( http://pastebin.com/ctcsJDLK ). I would really appreciate any help
18:21 <@vpnHelper> Title: masterkorp/openvpn-update-resolv-conf · GitHub (at github.com)
18:21 < Konigsforst> Forgot to mention I'm on linux
18:22 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
18:24 < banco> dannier: post the screenshot of your tap adapter from ipconfig /all
18:27 < banco> dannier: also, post the screenshot of the beginning of the route print output with the list of the interfaces
18:30 < banco> Konigsforst: /etc/openvpn/update-resolv-conf? not /etc/openvpn/update-resolv-conf.sh?
18:30 < dannier> banco server doesn't have ipconfig
18:30 < dannier> its centos 7
18:30 < dannier> so many things missing from it
18:31 < banco> Konigsforst: what's with execution permissions?
18:31 < banco> dannier: I'm talking about client
18:32 < dannier> banco woops misread that as ifconfig
18:33 < Konigsforst> banco, Indeed. i didn't include the sh, on the arch wiki it didn't include it (which was what i was following), and it wasn't needed to make it executable.
18:34 < Konigsforst> banco, Sorry, what do you mean by "what's with execution permissions?". Did i mess up with the permissions?
18:35 < banco> Konigsforst: it's not necessary to have .sh, you just need to make sure that you select the right filename
18:35 < banco> Konigsforst: chmod +x /etc/openvpn/update-resolv-conf
18:35 < Konigsforst> banco, Yes, i made sure to not include the .sh in the path
18:36 < Konigsforst> banco, I had already chmod +x the file
18:38 < banco> Konigsforst: what's the /usr/bin/resolvconf permissions?
18:38 < banco> Konigsforst: also, do you use chroot in OpenVPN config?
18:40 < Konigsforst> banco, The permissions are '-rwxr-xr-x'
18:41 < Konigsforst> banco, I don't think i use chroot
18:42 -!- Uranio [~Uranio@free-02.protectednetgroup.com] has joined #openvpn
18:43 -!- Uranio [~Uranio@free-02.protectednetgroup.com] has quit [Read error: Connection reset by peer]
18:45 < banco> Konigsforst: can you check if the script works - first from root, then from openvuser?
18:45 < banco> Konigsforst: just set the envs manually to some test values
18:46 < Konigsforst> banco, Okay. I will give that a go, i will rejoin the chat when i have the results
18:47 < Konigsforst> banco, When you say to set the envs manually you mean just from the cli?
18:48 < banco> Konigsforst: yes, from the shell
18:48 < Konigsforst> i normally launch it with system and use systemctl start but i could write out the full command if that is what you're saying
18:48 < Konigsforst> okay
18:48 < Konigsforst> banco, I will be right back
18:48 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has quit [Quit: Leaving]
18:52 < subzero79> dannier, just out of curiosity you posted here some address 192.73.x something? is that correct?
18:53 < subzero79> for the server i mean
18:56 -!- Eagle_Erwin [~Erwin@erwinb.xs4all.nl] has quit [Ping timeout: 260 seconds]
18:59 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
19:06 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has joined #openvpn
19:07 < Konigsforst> banco, Hello again. Running from the shell as root worked perfectly. Then when running from openvuser did not work at all
19:08 < Konigsforst> banco, So i think this means i messed up somewhere with the permissions, right?
19:08 < banco> Konigsforst: how did you run it from openvuser?
19:10 -!- m3n3chm0 [~XFCE@47.61.108.171] has quit [Quit: Life Is killing me]
19:11 < Konigsforst> banco, First i tried with the --user command. This stayed stalled and didn't really connect. Then when using, 'su openvuser -', it got further then that but was giving me warnings about tun saying that everything will not be encryppted and it will be plain text. When disconnecting, it didn't have any effect on the update-resolv-conf
19:13 < banco> Konigsforst: did you run the script fom up/down option of openvpn? I'm talking about just running the script itself without openvpn
19:15 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:16 < Konigsforst> banco, My mistake. I thought you meant something different. I can try that, however usually when i try running that script nothing happens, i have tried adding --down and --up before, although this never seemed to do anything even as root. I wouldn't even get any feedback, which makes me think i am messing up with the syntax
19:17 < banco> Konigsforst: you need to manually set the enviroment variables for test
19:17 < banco> # Example envs set from openvpn:
19:17 < banco> # foreign_option_1='dhcp-option DNS 193.43.27.132'
19:17 < banco> ...
19:17 < banco> from the update-resolv-conf.sh
19:19 < Konigsforst> banco, Sorry, i am still fairly new to linux/coding. I'm not too sure what you mean. I should enter things from the script into the shell?
19:21 < banco> Konigsforst: before openvpn run your up/down script, it sets system enviroment variables to pass the options to the script
19:22 < banco> Konigsforst: so instead of openvpn for test purpose you need to set these variables manually before you run your script
19:23 < banco> Konigsforst: to set the system variable you need to run $var='asdqwdq'
19:25 -!- Ryushin [user@windwalker.chrisdos.com] has joined #openvpn
19:25 < Konigsforst> banco, Oh, i think i understand. I should only enter the env variables in the shell while openvpn is not running, for testing purposes?
19:25 < banco> Konigsforst: no, my bad, export var_name='asdasdq'
19:25 < banco> Konigsforst: yes
19:26 < banco> Konigsforst: for example export foreign_option_1='dhcp-option DNS 193.43.27.132'
19:26 < banco> etc
19:26 < Konigsforst> Okay, i should first try this as root, and then as openvuser?
19:26 < banco> Konigsforst: yes
19:27 < Konigsforst> banco, I will try that now. Thanks
19:27 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has quit [Quit: Leaving]
20:00 -!- troyt [~troyt@2601:681:4600:7461:44dd:acff:fe85:9c8e] has quit [Ping timeout: 264 seconds]
20:01 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 264 seconds]
20:02 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
20:07 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
20:08 -!- somis [~somis@70.38.6.189] has quit [Quit: Leaving]
20:25 -!- weox [uid112413@gateway/web/irccloud.com/x-rfudlloduxdhkmeo] has joined #openvpn
20:26 < weox> Is openvpn in udp mode connectionless ?
20:27 < Eugene> weox - short answer: no.
20:28 < Eugene> Client-Server mode(with certs and the rest) has handshake & verify steps, then it creates a symmetric tunnel that re-keys every hour(by default)
20:28 < weox> Eugene: Our firewall will block every encrypted connection in 4 5 minutes . so basically there is no way to connect to vpn. but encrypted socks works just fine , is there to use openvpn in connection less mode ?
20:28 < Eugene> Most setups have a keepalive that will periodically send packets to keep the tunnel from timing out(NAT devices have a habit of dropping UDP)
20:29 < Eugene> You can use P2P mode, which does not use certs/handshake, and is "just send packets at the other end"
20:29 < weox> Eugene: exactly , our firewall in iran , don't have any other way to block openvpn other than this ,
20:30 < Eugene> !obfsproxy
20:30 <@vpnHelper> "obfsproxy" is (#1) For a writeup on using obfsproxy with OpenVPN see https://syria.hacktivist.me/?p=148 or (#2) See also !obfs. The link to TrafficObfuscation also contains a setup example
20:30 < Eugene> !obfs
20:30 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
20:30 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
20:30 < weox> Eugene: thank you , p2p mode is the word I am going to search about .
20:30 < Eugene> Yup, lots of reading in the above
20:31 < weox> Eugene: other question , I am CS student, personally I am in love with openvpn , and I find it so deep , is there any book , like reference , about it other than site's own documentation
20:42 < Eugene> !book
20:42 <@vpnHelper> "book" is (#1) http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2! or (#2) Jan and Eric's Mastering OpenVPN: https://www.packtpub.com/networking-and-servers/mastering-openvpn
20:53 < weox> Eugene: Thanks
20:59 < weox> My network is 192.168.1.0/24 , I added to my tun file and even I can see 192.168.1.0/24 via 10.9.8.1 dev tun0  in my ip route, but my traffic does not go through 10.9.8.1
21:30 -!- speeddragon [~speeddrag@46.189.67.141] has joined #openvpn
21:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
21:36 -!- speeddragon [~speeddrag@46.189.67.141] has quit [Ping timeout: 240 seconds]
21:41 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Excess Flood]
21:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:41 -!- JackWinter [~jack@vodsl-11049.vo.lu] has joined #openvpn
22:36 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:59 -!- arlen [~arlen@jarvis.arlen.io] has quit [Remote host closed the connection]
23:19 -!- speeddragon [~speeddrag@46.189.67.141] has joined #openvpn
23:21 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
23:23 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has quit []
23:26 -!- speeddragon [~speeddrag@46.189.67.141] has quit [Ping timeout: 272 seconds]
23:36 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:38 -!- ShadniX [dagger@p5481D692.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:40 -!- ShadniX [dagger@p57941D12.dip0.t-ipconnect.de] has joined #openvpn
23:40 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
23:43 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
23:43 -!- james41382_ is now known as james41382
23:47 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 240 seconds]
23:49 -!- weox [uid112413@gateway/web/irccloud.com/x-rfudlloduxdhkmeo] has quit [Quit: Connection closed for inactivity]
--- Day changed Thu Dec 10 2015
00:03 -!- jesopo [jess@lolnerd.net] has quit [Quit: et nos unum sumus]
00:12 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
00:14 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
00:14 -!- james41382_ is now known as james41382
00:33 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
01:07 -!- speeddragon [~speeddrag@46.189.67.141] has joined #openvpn
01:11 -!- speeddragon [~speeddrag@46.189.67.141] has quit [Ping timeout: 272 seconds]
01:15 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has joined #openvpn
01:18 < ke4nhw> I am working through my server.conf. Assume I want to use the subnet 10.8.0.0 and I want to give a specific client johnnyboy a particular IP address from that same range. The config example shows the user being assigned a specific IP from another subnet though. Can I use the same technique, with the client config file and assign him, for example, 10.8.0.22?
01:19 < ke4nhw> If so would I need to use the route statement since that subnet is already created by the server statement?
01:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
01:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:45 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
01:48 -!- greves [~greves@111-251-222-115.dynamic.hinet.net] has joined #openvpn
01:49 < greves> hello, having a bit of trouble getting openvpn working. i believe i have my server and clent configs set up correctly because the server is running and i can connect from the client, but i don't have internet access on the client when connected
01:50 < greves> i think its like an ip/routing config mistake on the server, but not sure how to diagnose
01:52 < greves> (server is debian, client is mac with tunnelblick)
01:57 -!- greves [~greves@111-251-222-115.dynamic.hinet.net] has quit [Ping timeout: 272 seconds]
02:12 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has quit [Ping timeout: 244 seconds]
02:20 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has joined #openvpn
02:20 -!- jesopo [jess@lolnerd.net] has joined #openvpn
02:38 < bhuey> sync
02:38 < bhuey> bah
03:03 < ke4nhw> Can you give me some quick help?
03:03 -!- lotharn6 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 256 seconds]
03:04 < ke4nhw> I seem to have the server running okay, running pretty much from the server.conf file
03:04 < ke4nhw> However, the client connection is a mess
03:19 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
03:35 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
03:44 -!- dazo_afk is now known as dazo
03:49 -!- speeddragon [~speeddrag@212.66.30.174] has joined #openvpn
03:49 -!- speeddragon [~speeddrag@212.66.30.174] has quit [Remote host closed the connection]
03:53 -!- speeddragon [~speeddrag@212.66.30.174] has joined #openvpn
03:57 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:59 -!- speeddragon [~speeddrag@212.66.30.174] has quit [Ping timeout: 240 seconds]
04:03 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:04 -!- eSgr [~eSgr@priv.is-infra.net] has joined #openvpn
04:06 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
04:07 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 250 seconds]
04:10 -!- weox [uid112413@gateway/web/irccloud.com/x-tqvpbcssqkmfuaax] has joined #openvpn
04:12 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
04:15 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
04:27 -!- toli [~toli@ip-62-235-215-188.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
04:27 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
04:28 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Quit: WeeChat 1.2]
04:32 -!- toli [~toli@ip-62-235-215-188.dsl.scarlet.be] has joined #openvpn
04:57 -!- apollo13 [apollo13@django/committer/apollo13] has joined #openvpn
04:58 < apollo13> I am seeing  "Inactivity timeout (--ping-restart), restarting" in client and server logs, but after that no traffic flows over the wire, any ideas what could be happening here?
05:00 < apollo13> I have keepalive 10 60 and ping-timer-rem
05:13 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
05:20 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 272 seconds]
05:26 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
05:28 -!- shiriru [~shiriru@46.10.54.164] has quit [Ping timeout: 250 seconds]
05:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:38 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
05:41 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
05:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:49 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 256 seconds]
05:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:56 -!- m3n3chm0 [~XFCE@47.61.108.171] has joined #openvpn
06:03 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
06:11 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
06:14 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
06:32 -!- m3n3chm0 [~XFCE@47.61.108.171] has left #openvpn ["Life Is killing me"]
06:39 <@ecrist> apollo13: poor network connection
06:39 <@ecrist> or a firewall is terminating state
06:50 < apollo13> ecrist: mhm, time to go debugging then, I mean I know that the network connection into our office isn't the best, but…
06:57 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:58 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
07:00 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
07:03 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has quit [Ping timeout: 250 seconds]
07:03 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 250 seconds]
07:03 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
07:03 -!- xeon-enouf [~xeon-enou@unaffiliated/xeon-enouf] has joined #openvpn
07:11 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
07:21 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
07:21 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 250 seconds]
07:21 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:22 -!- ade_b [~Ade@redhat/adeb] has quit [Read error: Connection reset by peer]
07:22 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
07:23 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
07:26 -!- catsup [~d@64.111.123.163] has quit [Ping timeout: 260 seconds]
07:26 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
07:31 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Quit: WeeChat 1.3]
07:32 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
07:42 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Quit: WeeChat 1.3]
07:46 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has quit [Ping timeout: 240 seconds]
07:49 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has joined #openvpn
07:58 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
08:04 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 260 seconds]
08:04 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 260 seconds]
08:06 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
08:06 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
08:12 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Quit: WeeChat 1.3]
08:13 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 260 seconds]
08:14 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
08:18 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
08:25 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
08:31 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
08:42 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 256 seconds]
08:46 -!- rooth [~rooth@stuck.in.the.basement.at.fritzl.nu] has quit [Ping timeout: 260 seconds]
08:52 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:53 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
08:59 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
09:05 -!- Ryushin [user@windwalker.chrisdos.com] has quit [Ping timeout: 250 seconds]
09:17 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
09:49 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
09:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
09:55 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
09:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:52 -!- Ryushin [chris@2001:5c0:1000:a::12f] has joined #openvpn
09:56 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:15 -!- hazardous [~hz@openvpn/user/hazardous] has quit [Ping timeout: 272 seconds]
10:16 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
10:16 -!- mode/#openvpn [+o mattock1] by ChanServ
10:17 -!- DMA [~dma@190.146.128.106] has joined #openvpn
10:18 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 256 seconds]
10:18 -!- hazardous [~hz@openvpn/user/hazardous] has joined #openvpn
10:18 -!- mode/#openvpn [+v hazardous] by ChanServ
10:18 -!- sillysau1 [~sillysaus@93.115.83.37] has joined #openvpn
10:18 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Read error: Connection reset by peer]
10:20 -!- iNs [~ins@85.17.164.26] has joined #openvpn
10:22 -!- weox [uid112413@gateway/web/irccloud.com/x-tqvpbcssqkmfuaax] has quit [Quit: Connection closed for inactivity]
10:24 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 246 seconds]
10:25 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
10:31 -!- sillysau1 is now known as sillysausage
10:45 -!- OG_s7eele [~AndChat52@2600:100d:b120:8b99:d3fe:b6f4:8f3c:e4fb] has joined #openvpn
10:48 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has quit [Ping timeout: 256 seconds]
11:11 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Read error: Connection reset by peer]
11:12 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
11:15 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Quit: WeeChat 1.3]
11:23 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
11:34 -!- nhooyr [~nhooyr@mail.aubble.com] has joined #openvpn
11:37 < nhooyr> How can I run a script when reconnecting openvpn? I change my dns to 8.8.8.8 when i connect with the up script but if I close my laptop and openvpn tries to reconnect it will try to resolve my IP with 8.8.8.8 except it cannot because its normally blocked. It needs the tunnel to resolve with 8.8.8.8 except the tunnel is down. so when reconnecting I want to change my dns back to the normal one with a script.
11:39 < nhooyr> it tries to resolve my server ip with 8.8.8.8 but its blocked to clarify. it needs my tunnel to resolve any dns name with 8.8.8.8.
11:42 < nhooyr> i think I found my solution http://hints.macworld.com/article.php?story=2004062902195410 so i'm gonna use that
11:43 <@vpnHelper> Title: Use different DNS servers for different domains - Mac OS X Hints (at hints.macworld.com)
11:43 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:56 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Ping timeout: 250 seconds]
11:57 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
12:05 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 240 seconds]
12:08 -!- JackWinter1 [~jack@70.Red-88-22-105.staticIP.rima-tde.net] has joined #openvpn
12:14 -!- weox [uid112413@gateway/web/irccloud.com/x-stavhqlavjgogukg] has joined #openvpn
12:18 -!- OG_s7eele [~AndChat52@2600:100d:b120:8b99:d3fe:b6f4:8f3c:e4fb] has quit [Quit: Bye]
12:18 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has joined #openvpn
12:24 < nhooyr> well that doesn't really work that well so does anyone know of another solution?
12:26 < nhooyr> and I don't think it has to do with dns though now because I added the IP for it in /etc/hosts and it now reconnects but won't route properly and I'm not sure whats wrong so Ima just leave it. reconnecting is much easier by closing it lol
12:54 -!- JackWinter2 [~jack@vodsl-11049.vo.lu] has joined #openvpn
12:54 -!- JackWinter1 [~jack@70.Red-88-22-105.staticIP.rima-tde.net] has quit [Ping timeout: 240 seconds]
12:57 -!- BarneyG [~joel@162.216.46.111] has joined #openvpn
13:00 < BarneyG> Hello Everyone. I subscribe to a commercial vpn service. Is it possible to set up OpenVPN in such a way that I can connect to an OpenVPN server which then forwards the traffic to my commercial vpn account?
13:10 -!- Ryushin [chris@2001:5c0:1000:a::12f] has quit [Ping timeout: 250 seconds]
13:14 < nhooyr> BarneyG: thats fairly simple. just setup the commercial vpn client on your server to forward all outgoing traffic to the commericial vpn and just connect with openvpn to the server. all the traffic you send to the server with openvpn should be forwarded to the commercial vpn. if you want only the openvpn traffic to be forwarded over the commercial vpn thats should be simple with a bit of google. is there any
13:14 < nhooyr> specific problem you have?
13:16 < BarneyG> nhooyr: no specific problem other than I have a laptop, smartphone and tablet that I travel with and would love to be able to have the vpn protection while away AND at home
13:18 < BarneyG> So OpenVPN can act as BOTH a client as well as a server?
13:19 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit []
13:21 < nhooyr> BarneyG: what do you mean both? you just change the routing settings on your server to send it to the commercial vpn, thus when the openvpn server is routing the data from clients it automaically gets sent to the commercial vpn.
13:26 < BarneyG> That's exactly what I was hoping was possible. Server to my devices but a client to my commercial vpn. But I think you already understand that based on your reply. I couldn't find any information about doing this via Google
13:31 -!- Roland- [~pro@unaffiliated/roland-] has joined #openvpn
13:32 < Roland-> hi flks, if I have a geotrust certificate on the server do I need any type of certificate on the client? it is not initiating the connection for some reasons
13:37 < BarneyG> nhooyr: Thank you so much for your help for this new guy. Have a great day
13:37 <@ecrist> Roland-: you usually want to roll your own CA for your VPN
13:37 -!- Ryushin [chris@2001:5c0:1000:a::23] has joined #openvpn
13:37 < ke4nhw> Hi, I've got openvpn working and tests look good. I am having trouble locating the files needed to start up the server side on startup so it will run automatically. I've got two serverside, one on Fedora and one on CentOS.
13:38 < ke4nhw> Can someone help me with this setup? I want it to run automatically and run 24/7
13:39 < apollo13> systemctl enable openvpn is probably enough
13:39 < ke4nhw> let me try
13:39 < apollo13> maybe check the generator, you might have to add something to /etc/default/openvpn (at least that is on debian)
13:39 < apollo13> ie AUTOSTART="all"
13:39 < apollo13> but make sure to check the actual service files on centos
13:39 < ke4nhw> nope
13:39 < apollo13> nope what?
13:40 < ke4nhw> openvpn doesn't have a service file apparently
13:40 < ke4nhw> systemctl enable openvpn.service gives no such file or directory
13:40 < ke4nhw> systemctl enable openvpn gives invalid call
13:41 < apollo13> which centos?
13:41 < ke4nhw> 7
13:41 < apollo13> ah epel
13:42 < ke4nhw> and testing on two Fedora right now (virtuals), one is latest and one is 16 (yes I still mess around with some EOL's for fun)
13:42 < apollo13> /usr/lib/systemd/system/openvpn@.service sounds like an idea
13:42 -!- lucidguy [~fern@d72-39-55-175.home1.cgocable.net] has joined #openvpn
13:42 < ke4nhw> I ran a find and located that file
13:42 < apollo13> can you paste that for me? I currently do not want to install openvpn on that machine
13:42 < ke4nhw> at /lib/systemd/system/openvpn@.service
13:42 < apollo13> yes
13:42 < apollo13> please show me the contents of that
13:42 < lucidguy> Finally got openVPN server and a clients to connect.  What is making this secure?  Is it the client.key file that is allowing me in?
13:43 < apollo13> ke4nhw: but basically you'd do systemctl enable openvpn@your_instance_name
13:43 < apollo13> where your_instance_name is (hopefully) the basename of your config file, can tell you more once I see the file
13:43 < ke4nhw> okay hold on I'll pastebin
13:44 < lucidguy> My clients have ca.crt, client.crt, and client.key.  Which of these files do I have to keep safe?  As in whats allowing for the connection to take place.
13:44 < apollo13> also add an ls -l of /etc/openvpn for good measure :D
13:44 -!- BarneyG [~joel@162.216.46.111] has quit [Quit: Leaving]
13:45 < ke4nhw> http://pastebin.com/ixKyM44d
13:45 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 272 seconds]
13:45 < ke4nhw> okay, so it should be systemctl enable openvpn@server.conf.service
13:45 < ke4nhw> ?
13:46 < apollo13> --config %i.conf
13:46 < apollo13> no
13:46 < ke4nhw> or full path
13:46 < apollo13> just server
13:46 < apollo13> systemctl enable openvpn@server
13:46 < ke4nhw> okay
13:46 < ke4nhw> it assumes the .conf then
13:46 < apollo13> as you can see in there it has --config %i.conf
13:46 < ke4nhw> okay
13:46 < apollo13> no, it does not assume, it explicitelly adds
13:47 < ke4nhw> And using this method I can actually run multiple daemons by having different .conf files and enabling each one separately?
13:47 < apollo13> yes
13:47 -!- BarneyG [~Barney@162.216.46.111] has joined #openvpn
13:47 < ke4nhw> awesome
13:48 -!- BarneyG [~Barney@162.216.46.111] has quit [Client Quit]
13:48 < ke4nhw> I hope I don't have to do that.
13:48 < apollo13> ?
13:48 < ke4nhw> I'd rather just have one running daemon
13:48 < apollo13> well if you want to connect to more than one server you are out of luck
13:48 < apollo13> or also if you want a server + a client running
13:49 -!- lucidguy [~fern@d72-39-55-175.home1.cgocable.net] has quit [Quit: leaving]
13:49 < apollo13> and I think it is nice to have multiple processes running, I am currently running like 10 getmail instances via this systemd instance stuff
13:49 < apollo13> you can also automatically enable the services using systemd generators, really powerful and cool stuff
13:51 < ke4nhw> I do have two oddball configurations that I can't quite figure out in the howto... One: assume I assigned 10.8.0.0 as the address pool for users. I want to specifically assign addresses to each user from within that address pool. I do see the client-config-ccd line, I believe that should be uncommented, but I also see a route 10.9.0.0, which I'm not wanting to put the users into another address
13:51 < ke4nhw> pool.
13:52 < ke4nhw> Do I just uncomment the client-config-ccd and in the ccd directory create a file for the user cert CN with 10.8.0.15 for example?
13:52 < apollo13> ke4nhw: yes you can use client-config-ccd to create a config file for each user and assign the ip
13:53 < ke4nhw> Okay, just got to find now how to format that
13:53 < apollo13> http://michlstechblog.info/blog/openvpn-set-a-static-ip-address-for-a-client/
13:53 <@vpnHelper> Title: OpenVPN: Set a static IP Address for a client | Michls Tech Blog (at michlstechblog.info)
13:53 < apollo13> last few lines there
13:53 < apollo13> format is the same as the main config file
13:57 < ke4nhw> In those last few lines do I need all of them or only the first line? I don't need any additional routes for most users
13:57 < ke4nhw> Most users should never see beyond the server at all. They will be accessing Samba shares on that server
13:58 < ke4nhw> Only one user will need to see beyond the server (needing a route to the server's local subnet) to access other machines in this network. That user will be my certificate.
13:58 < apollo13> try with just the first line and see what routes you end up with
13:59 < ke4nhw> Lemme bring up the VM I've been testing with
13:59 < apollo13> btw: unless you configure firewalling properly, users can manually add the routes and walk behind what you pushed iirc
14:00 < ke4nhw> I'll look into what firewalling is needed to prevent that then
14:01 < ke4nhw> I can still proceed with this though. There are only two other users besides myself getting access certs, and both of these users I have a high degree of trust with them.
14:02 < apollo13> trust is good, control is better
14:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:02 < apollo13> ymmv
14:02 < ke4nhw> I agree
14:02 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Quit: Leaving.]
14:02 < ke4nhw> Ya can't always know what is happening on their end, they might get compromised.
14:02 < apollo13> openvpn supports a "simple" firewall ootb
14:03 < apollo13> never used it though
14:03 < ke4nhw> I'll check into it, and I'll also look into how to configure my iptables to be explicit on forwards
14:04 < ke4nhw> Like I say, only one certificate will need routing inside the subnet, and since every certificate will get an assigned IP that'll help in that regard.
14:04 < apollo13> see http://backreference.org/2010/06/18/openvpns-built-in-packet-filter/
14:04 < apollo13> not sure how much is still up2date
14:08 -!- JackWinter1 [~jack@70.Red-88-22-105.staticIP.rima-tde.net] has joined #openvpn
14:08 -!- JackWinter2 [~jack@vodsl-11049.vo.lu] has quit [Ping timeout: 272 seconds]
14:08 < ke4nhw> I'll take a look at it. Now that I can setup static IP's for clients, all I need now is to allow that one user to see the internal network. If I am reading the doc correctly, I need to add a route into that CN's file on the line below the static IP?
14:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:09 < ke4nhw> or push a route rather?
14:10 < ke4nhw> as well as configure the route in the network gateway and in the server's iptables?
14:10 < apollo13> you need to push the route
14:11 < ke4nhw> push "route 10.66.0.0 255.255.255.0" is what I am seeing in the docs
14:11 < apollo13> well yes
14:12 < ke4nhw> And to avoid everyone getting this push I just put it into that user's file
14:12 < apollo13> yes
14:12 < apollo13> also you should separate the dynamic pool from the static pool
14:13 < ke4nhw> That's where I am getting confused.
14:13 < apollo13> ie as shown here https://redmine.pfsense.org/issues/4728
14:13 <@vpnHelper> Title: Bug #4728: Openvpn "Address Pool" settings non-functional - pfSense - pfSense bugtracker (at redmine.pfsense.org)
14:14 < ke4nhw> I'll have to read that then. The reason is that even though there is a dynamic pool, I don't want anyone getting a dynamic address. I want to assign every user a static address from the pool
14:15 < apollo13> why do you even need a pool then?
14:15 < ke4nhw> Good point, I was following the docs and it says to assign a pool with the server mode
14:16 < apollo13> ke4nhw: the "server" directive is just a short hand for a few other directives, if you need no pool, then use the expanded form
14:16 < apollo13> ke4nhw: man openvpn and search for --server
14:16 < apollo13> For example, --server 10.8.0.0 255.255.255.0 expands as follows: …
14:19 < ke4nhw> Okay I can see that now. But if I do not assign a pool, will I need to assign the server an address?
14:19 < ke4nhw> I know that when I assign a pool, the server grabs the .1 of that pool for itself
14:20 < apollo13> as you can see in the expanded form
14:20 < apollo13> ipconfig specifies the ip addr of the server + the subnet to use
14:20 < apollo13> and no, the server does not grab .1 of that pool
14:21 < apollo13> it grabs the first available address of your pool
14:21 < apollo13> which depending on the arguments to server is not .1
14:27 < ke4nhw> So looking at the expanded version by using 'mode server' instead of server [pool] [subnet] it will run in server mode without establishing any address pool or subnet? If so, can I use the ifconfig 10.8.0.1 255.255.255.0 in the server.conf file to give the server the desired address, and use 10.8.0.15 255.255.255.0 and similar in the ifconfig push of each user's file to give them the desired
14:27 < ke4nhw> address? If yes, will these addresses then exist in the same subnet and the clients be able to see the Samba server at 10.8.0.1?
14:27 < apollo13> ke4nhw: well yes, you specified the same subnet after all
14:28 < apollo13> that is as long as you push an addr which is in the address space of the first one
14:30 < ke4nhw> Okay. So instead of 'server 10.8.0.0 255.255.255.0' I would use 'mode server' on one line and 'ifconfig 10.8.0.1 255.255.255.0' to assign that address to the tun interface created by openvpn?
14:30 < apollo13> yes
14:31 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
14:32 < ke4nhw> I'm gonna give this all a try, see what happens (in other words, see if I can do this without screwing it up LOL). Once I get this, I'll have everything configured just right and I can enable it.
14:33 < apollo13> ke4nhw: btw, man openvpn is really an interesting read if you got a spare afternoon one day :D
14:33 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
14:34 < ke4nhw> I've had that and the OpenVPN Howto page both open, I just get overwhelmed with the options at times, and the longer the man file the more times I've got to read it to find the useful options. Especially in a product as capable as openvpn
14:37 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
14:37 < ke4nhw> Thank you so much for helping me out on this and get a better understanding, and for the links :) I got 'em all bookmarked in now for future reference
14:38 -!- Roland- [~pro@unaffiliated/roland-] has quit []
14:39 < apollo13> you are welcome
14:41 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Ping timeout: 250 seconds]
14:48 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
14:52 -!- AlmogBak_ [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has joined #openvpn
14:53 -!- AlmogBaku [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Read error: Connection reset by peer]
14:55 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Remote host closed the connection]
15:15 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
15:20 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
15:21 -!- AlmogBak_ [~AlmogBaku@bzq-109-64-121-162.red.bezeqint.net] has quit [Read error: Connection reset by peer]
15:29 -!- somis [~somis@70.38.6.188] has joined #openvpn
15:37 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:44 -!- Ryushin [chris@2001:5c0:1000:a::23] has quit [Ping timeout: 240 seconds]
16:00 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
16:04 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Client Quit]
16:05 -!- JackWinter1 [~jack@70.Red-88-22-105.staticIP.rima-tde.net] has quit [Ping timeout: 250 seconds]
16:08 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has joined #openvpn
16:11 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has quit [Ping timeout: 250 seconds]
16:13 -!- Hink [~Hink@146-115-152-96.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com] has quit [Remote host closed the connection]
16:14 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has joined #openvpn
16:15 -!- jerichowasahoax [nick@unaffiliated/jerichowasahoax] has left #openvpn []
16:33 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has joined #openvpn
16:34 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
16:37 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has left #openvpn []
16:43 < ke4nhw> I have one more question. When I am expanding out the server directive to 'mode server' and 'ifconfig 10.8.0.0 255.255.255.0' do I also need to add 'tls-server' so that everything continues to work? This expansion is to allow for static addressing rather than a dynamic pool.
16:43 < ke4nhw> apollo13
16:50 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
16:50 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:53 -!- Eagleman [~Eagleman@84.107.198.167] has joined #openvpn
16:58 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Ping timeout: 240 seconds]
17:04 -!- Eagleman [~Eagleman@84.107.198.167] has quit [Quit: Bye!]
17:11 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
17:14 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
17:27 -!- bhuey [~bhuey@162-204-182-53.lightspeed.sndgca.sbcglobal.net] has quit [Read error: Connection reset by peer]
17:37 -!- s7eele [~AndChat52@ip184-187-143-124.lf.br.cox.net] has quit [Remote host closed the connection]
17:41 -!- Ryushin [user@windwalker.chrisdos.com] has joined #openvpn
17:54 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
17:59 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has joined #openvpn
17:59 < CryptoSiD> W: Failed to fetch http://swupdate.openvpn.net/apt/dists/trusty/Release Invalid 'Date' entry in Release file /var/lib/apt/lists/swupdate.openvpn.net_apt_dists_trusty_Release
17:59 < CryptoSiD> something is wrong with the apt repo
18:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:15 -!- s7eele [~AndChat52@104.156.228.79] has joined #openvpn
18:32 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
18:38 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
19:03 < CryptoSiD> anyone know who's managing http://swupdate.openvpn.net/apt/
19:03 <@vpnHelper> Title: Index of /apt/ (at swupdate.openvpn.net)
19:18 -!- alec-b [~alec@49.45.103.87.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
19:19 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
19:27 -!- mystica555 [~mystica55@63-224-69-174.customers.uswest.net] has quit [Remote host closed the connection]
19:27 -!- alec-b [~alec@49.45.103.87.rev.vodafone.pt] has joined #openvpn
19:41 -!- mystica555 [~mystica55@63.224.69.174] has joined #openvpn
19:48 -!- somis [~somis@70.38.6.188] has quit [Quit: Leaving]
20:13 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
20:19 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Read error: Connection reset by peer]
20:19 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
20:26 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
20:28 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has joined #openvpn
20:28 -!- Konigsforst [~Konigsfor@unaffiliated/konigsforst] has left #openvpn []
20:32 -!- DrManhattan [~DrManhatt@unaffiliated/drmanhattan] has joined #openvpn
20:33 < DrManhattan> Good evening. I am using ubuntu 14.04 with dual NICs. Is there any way for me to force my VPN to only be used on a specific NIC?
20:47 -!- dazo is now known as dazo_afk
20:51 -!- jamira [~jamira@c-73-165-151-60.hsd1.pa.comcast.net] has joined #openvpn
20:54 < jamira> Hello, I just installed Fedora 23 lxde spin for the 1st time since I found ubuntu 15.10 has a DNS leak in it's openvpn implementation. In Fedora I installed openvpn, NetworkManager-openvpn, and NetworkManager-openvpn-gnome. I can setup my vpn in the NM gui but selecting in does not activate or connect it and there is no tun entry listed by ifconfig. Is something else required required that I wouldn't have run into with Debian flavors?
21:21 -!- mystica555 [~mystica55@63.224.69.174] has quit [Remote host closed the connection]
21:22 -!- DonRichie [~DonRichie@ricl.de] has joined #openvpn
21:22 < DonRichie> I want to understand routing during vpn. How there can be two default routes at the same time?
21:23 -!- Ryushin [user@windwalker.chrisdos.com] has quit [Ping timeout: 240 seconds]
21:30 -!- mystica555 [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
21:36 -!- Ryushin [chris@2001:5c0:1000:a::1a7] has joined #openvpn
21:38 -!- mystica555 [~mystica55@63-224-69-174.customers.uswest.net] has quit [Remote host closed the connection]
21:47 -!- mystica555 [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
21:52 -!- weox [uid112413@gateway/web/irccloud.com/x-stavhqlavjgogukg] has quit [Quit: Connection closed for inactivity]
22:00 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:02 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:15 -!- james41382_ [~james4138@unaffiliated/james41382] has joined #openvpn
22:17 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 256 seconds]
22:32 < CryptoSiD> W: Failed to fetch http://swupdate.openvpn.net/apt/dists/trusty/Release Invalid 'Date' entry in Release file /var/lib/apt/lists/swupdate.openvpn.net_apt_dists_trusty_Release
22:32 < CryptoSiD> apt repo still broken
22:32 < CryptoSiD> i'd like to have the manager contact to let him know
22:57 -!- NP-Hardass is now known as NP-Smartass
23:03 -!- Ryushin [chris@2001:5c0:1000:a::1a7] has quit [Ping timeout: 264 seconds]
23:03 -!- NP-Smartass is now known as NP-Hardass
23:17 -!- Ryushin [user@windwalker.chrisdos.com] has joined #openvpn
23:18 -!- s7eele [~AndChat52@104.156.228.79] has quit [Ping timeout: 256 seconds]
23:19 -!- speeddragon [~speeddrag@46.189.67.141] has joined #openvpn
23:19 -!- s7eele [~AndChat52@104.156.228.79] has joined #openvpn
23:20 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:23 -!- speeddragon [~speeddrag@46.189.67.141] has quit [Ping timeout: 240 seconds]
23:29 -!- ShadniX [dagger@p57941D12.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:30 -!- DonRichie [~DonRichie@ricl.de] has quit [Quit: bye]
23:32 -!- ShadniX [dagger@p5DDFC4BA.dip0.t-ipconnect.de] has joined #openvpn
23:41 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
23:51 -!- james41382_ is now known as james41382
--- Day changed Fri Dec 11 2015
00:36 -!- OG_s7eele [~AndChat52@2600:100d:b117:38d8:585a:c5ec:55c:8a33] has joined #openvpn
00:38 -!- s7eele [~AndChat52@104.156.228.79] has quit [Ping timeout: 272 seconds]
00:54 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 250 seconds]
01:02 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
01:10 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
01:29 -!- weary [~weary@2a01:7c8:aab2:9e:5054:ff:fe05:c4ae] has left #openvpn []
01:29 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
02:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
02:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:11 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
02:28 -!- PsynoKhi0 [~none@c-83-233-26-186.cust.bredband2.com] has joined #openvpn
02:30 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Quit: Leaving]
02:31 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
02:36 < apollo13> ke4nhw: you need exactly what the expansion of server shows in the manpage, so yes tls-server is obviously a requirement
02:52 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
02:54 -!- jamira [~jamira@c-73-165-151-60.hsd1.pa.comcast.net] has quit [Remote host closed the connection]
03:01 -!- speeddragon [~speeddrag@46.189.67.141] has joined #openvpn
03:06 -!- speeddragon [~speeddrag@46.189.67.141] has quit [Ping timeout: 250 seconds]
03:06 -!- ustn [~ustn@p4FDB0764.dip0.t-ipconnect.de] has joined #openvpn
03:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
03:46 -!- speeddragon [~speeddrag@46.189.67.141] has joined #openvpn
03:55 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
04:06 -!- speeddragon [~speeddrag@46.189.67.141] has quit [Remote host closed the connection]
04:11 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
04:27 -!- MarcoSlater [MarcoSlate@freenode/sponsor/halothe23] has quit [Quit: Quit]
04:39 -!- JackWinter1 [~jack@70.Red-88-22-105.staticIP.rima-tde.net] has joined #openvpn
04:42 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
04:46 -!- JackWinter1 [~jack@70.Red-88-22-105.staticIP.rima-tde.net] has quit [Ping timeout: 256 seconds]
04:52 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
04:55 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Ping timeout: 250 seconds]
05:04 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Ping timeout: 256 seconds]
05:05 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
05:09 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
05:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 272 seconds]
05:28 -!- nhooyr [~nhooyr@mail.aubble.com] has quit [Quit: WeeChat 1.3]
05:52 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
06:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:02 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
06:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:17 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
06:29 < PsynoKhi0> greetings, for openvpn clients traffic to flow to and from the remote network, one has to add an iptables rule for NAT: iptables -t nat -A POSTROUTING -s $VPN-IP -o eth0 -j MASQUERADE... what would the equivalent for traffic sourced from the remove network to reach VPN clients be?
06:30 < PsynoKhi0> remove -> remote*
06:36 -!- somis [~somis@70.38.6.188] has joined #openvpn
06:41 < ke4nhw> Am I correct in stating that when assigning static IP's to Windows clients, it must be a .252 subnet, or can I define a different subnet with slightly more hosts?
06:43 < PsynoKhi0> ke4nhw: I think that only applied to older windows versions, you can have a larget subnet if you add "topology subnet" to your server.conf
06:45 < PsynoKhi0> although you'd better check versions for your server and clients
06:47 < ke4nhw> Okay, what I really wanted to do is to have better control over which clients can traverse beyond the server. The openvpn server is setup on the same box as a Samba server, and that's the limit of what everyone else will need, so no need for routing. However, I want my certs (since I'm the admin and owner) to allow me the Samba server as well as give me a route into the internal lan here
06:47 < ke4nhw> I was under the impression that had to be done with static addressing
06:48 < ke4nhw> Also to ensure that the server does get .1 of the pool
06:49 < PsynoKhi0> static addressing of clients is done through directives in the server.ccd directory if I remember correctly
06:50 < ke4nhw> Yep, I tried it yesterday and it didn't work, the log on the client stated that the remote and local IP's must be from the same .252 block
06:50 < PsynoKhi0> I doubt it impacts the size of the subent for your clients though
06:51 < ke4nhw> And at that time I had defined the subnet as .0 in the ccd client file
06:51 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
06:52 < PsynoKhi0> ok, then have a look at "topology subnet, it wasn't activated by default on my installation and my client also got a .252 netmask at first
06:52 < ke4nhw> Okay I'll man openvpn and search --topology-subnet
06:53 < PsynoKhi0> or the website, I stumbled upon it by sheer luck
06:53 -!- ustn [~ustn@p4FDB0764.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
06:56 < ke4nhw> Ok, and I am correct in saying that in order to stick to strictly static addressing, I would not use the --server directive, but instead use 'mode server' 'ifconfig 10.8.0.0 255.255.255.0' 'tls-server' and then the topology subnet, which essentially is breaking down the --server directive into the chunks I want while omitting the ifconfig-pool
06:56 < ke4nhw> Since I don't want an address pool.
06:58 < PsynoKhi0> that's more than I know, sorry
06:59 < ke4nhw> Ok no prob, I'm thinking I'm good with all of those directives since they're part of the --server directive. I found the --topology subnet, and I will put that in and give it a go with another test.
06:59 < ke4nhw> Since I'm using a VM as a testing client I can play as I wish lol
07:01 < PsynoKhi0> hehe
07:21 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:53 -!- dazo_afk is now known as dazo
08:06 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
08:09 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:14 -!- weox [uid112413@gateway/web/irccloud.com/x-vpbhpqvgrqemesmg] has joined #openvpn
08:24 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
08:28 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
08:32 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:39 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
08:47 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
08:47 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Quit: C'ya]
09:01 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
09:09 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
09:09 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
09:21 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
09:22 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Client Quit]
09:29 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
09:35 -!- PsynoKhi0 [~none@c-83-233-26-186.cust.bredband2.com] has quit [Quit: leaving]
09:41 -!- yoink [~yoink@66.171.168.10] has joined #openvpn
09:48 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:49 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
09:56 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
10:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:05 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:05 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
10:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:16 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: brb]
10:16 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:22 -!- weox [uid112413@gateway/web/irccloud.com/x-vpbhpqvgrqemesmg] has quit [Quit: Connection closed for inactivity]
10:25 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Ping timeout: 250 seconds]
11:01 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
11:08 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
11:22 < CryptoSiD> W: Failed to fetch http://swupdate.openvpn.net/apt/dists/trusty/Release Invalid 'Date' entry in Release file /var/lib/apt/lists/swupdate.openvpn.net_apt_dists_trusty_Release
11:23 < CryptoSiD> still broken
11:23 < CryptoSiD> anyone know who i could contact to get this fixed?
11:35 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 240 seconds]
11:38 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:43 -!- Gizmokid2005 [~Gizmokid2@dedi2.gizmokid2005.com] has quit [Quit: Uh-oh!! The Gizmo is gone!!!! Good Riddance.]
11:44 -!- Gizmokid2005 [~Gizmokid2@dedi2.gizmokid2005.com] has joined #openvpn
11:48 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
12:25 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
12:38 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
12:42 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Client Quit]
12:42 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
12:46 -!- OG_s7eele [~AndChat52@2600:100d:b117:38d8:585a:c5ec:55c:8a33] has quit [Quit: Bye]
12:47 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
12:47 -!- s7eele [~AndChat52@104.156.228.79] has joined #openvpn
12:48 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has joined #openvpn
12:51 -!- OG_s7eele [~AndChat52@2600:100d:b123:6561:75a6:da8b:af6f:dc94] has joined #openvpn
12:54 -!- s7eele [~AndChat52@104.156.228.79] has quit [Ping timeout: 256 seconds]
13:09 -!- SCHAAP137 [~dorian@unaffiliated/schaap137] has quit [Quit: Leaving]
13:09 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
13:11 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
13:15 -!- TheoMurpse [~TheoMurps@cpe-72-191-48-158.satx.res.rr.com] has joined #openvpn
13:15 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 272 seconds]
13:17 < TheoMurpse> Suppose I have a VPN. One client has previously been compromised but isn't currently. Is there a way to configure a VPN so that the client, when connecting via VPN, has access to my VPN but only a specific computer:port on that VPN? Basically I want a client to connect to a RabbitMQ server over my VPN but not be able to do anything else, see any file shares, etc.
13:19 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
13:30 -!- weox [uid112413@gateway/web/irccloud.com/x-tkqjwjnrofonxndh] has joined #openvpn
13:30 < Poster> you can manage what routes are pushed to the client, but if you want to really restrict access, you should look into using network packet filtering, such as iptables on linux, pf on OpenBSD, etc
13:32 < banco> TheoMurpse: You can add firewall rules for this client to block everything except your RabbitMQ server
13:34 < banco> TheoMurpse: it's better to do it in openvpn client-connect script
13:35 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has joined #openvpn
13:36 < TheoMurpse> banco, are these firewall rules something i'd set up in an OpenVPN config file? because my VPN server came with my router and I don't think I can configure the router's firewall manually
13:36 < TheoMurpse> actually I do see there is some configuration stuff
13:36 < TheoMurpse> I just found this page. Is there a reason I shouldn't be doing it this way? https://openvpn.net/index.php/open-source/documentation/howto.html#policy
13:36 <@vpnHelper> Title: HOWTO (at openvpn.net)
13:36 < TheoMurpse> "Configuring client-specific rules and access policies"
13:38 < banco> TheoMurpse: it's not really what you want, but it uses firewall as well
13:39 < banco> TheoMurpse: you just need to restrict access from only one client
13:39 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:40 < banco> TheoMurpse: "are these firewall rules something i'd set up in an OpenVPN config file" - no, those rules need to be set for the system firewall, not in OpenVPN config
13:40 < banco> TheoMurpse: for some router OS it's possible to do it
13:41 < banco> TheoMurpse: dd-wrt/openwrt/etc
13:46 < banco> TheoMurpse: also, if you set your OpenVPN server on your router with simple config file and not with web-forms, then you can add the firewall rules in the config file
13:48 < TheoMurpse> banco, OK thanks. The router in question has some web interface for adding firewall rules. I'll check that out.
13:48 < TheoMurpse> I don't want to install ddwrt/openwrt/tomato beause I've borked cheap routers in the past trying; I don't want to bork a $300 router this time around, so I'm sticking with the stock, and I purposefully bought a router that had VPN and DDNS and such built-in so I wouldn't have to futz about with alt firmwares
13:49 < TheoMurpse> anyway, sounds like this is possible, so i'll just do research, no need to bother you anymore now that i know it's possible
13:49 < TheoMurpse> thank you
14:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:04 -!- Roland- [~pro@unaffiliated/roland-] has joined #openvpn
14:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:01 -!- Roland- [~pro@unaffiliated/roland-] has quit [Read error: Connection reset by peer]
15:08 -!- abra0 [znc-admin@unaffiliated/abra0] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
15:09 -!- abra0 [znc-admin@unaffiliated/abra0] has joined #openvpn
15:31 -!- TheoMurpse [~TheoMurps@cpe-72-191-48-158.satx.res.rr.com] has quit [Quit: This computer has gone to sleep]
15:34 -!- TheoMurpse [~TheoMurps@cpe-72-191-48-158.satx.res.rr.com] has joined #openvpn
15:39 < weox> Is point-to-point , connectionless ? in iran stop openvpn working after 5 6 minutes , everytime you connect , the only solution they have is to stop every ssl connection in small interval , in this way they managed to stop openvpn , I want to use openvpn in connectionless fashion , I know with ssl negotiation it is not possible , is there any symmetric
15:39 < weox> algorithm for implementing something like this.
15:39 -!- TheoMurpse [~TheoMurps@cpe-72-191-48-158.satx.res.rr.com] has quit [Quit: This computer has gone to sleep]
16:13 < ke4nhw> I am having some trouble with my vpn setup. Right now I am using the 'server 10.8.0.0 255.255.255.0' directive, creating an address pool. What I would like to do, either by strictly static addressing or by pool and pushing specific addresses to specific clients, I want to set it up so that certain clients always get the same IP.
16:15 < ke4nhw> I tried modifying the server.conf to remove the 'server...' directive and replaced it with 'mode server' 'ifconfig 10.8.0.0 255.255.255.0' 'tls-server' and added a file in ccd for that particular user CN with 'ifconfig-push 10.8.0.10 255.255.255.0'
16:15 < ke4nhw> Server started up fine, with no errors, but when I try to connect with the client it fails
16:15 < banco> ke4nhw: read about --client-config-dir dir in the manual
16:24 -!- toli [~toli@ip-62-235-215-188.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
16:24 < banco> ke4nhw: leave the server part, just replace it with "server 10.8.0.0 255.255.255.0 nopool"
16:25 < banco> ke4nhw: check the logs if the clients fails
16:25 -!- toli [~toli@ip-62-235-214-28.dsl.scarlet.be] has joined #openvpn
16:26 -!- Badimo [~dgfdf@ppp-2-86-132-45.home.otenet.gr] has joined #openvpn
16:27 < Badimo> !welcome
16:27 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:27 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:28 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:33 < ke4nhw> Okay I have the man page pulled up, read about the client config dir, and I'm matching everything there, including read permissions. So what I should do is remove 'mode server' 'ifconfig ...' 'tls-server' and 'topology subnet' and just use the server directive followed by nopool?
16:34 < ke4nhw> then by setting the client IP to an address within that /24 block it will be in the subnet and be able to see the server?
16:37 < banco> ke4nhw: yes, the problem in yor replacing server option with separate options is that you set ifconfig option wrong it needs to be "ifconfig 10.8.0.1 255.255.255.0"
16:40 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:40 < weox> I can reach my server via tunnel (server ip : 10.9.8.1 , local : 10.9.8.1) , but I have problem redirecting openvpn traffic in the server to internet . What I am missing ?
16:40 < ke4nhw> Okay I made a mistake typing here, I just rechecked the config file since I left the lines there but commented out, it does say 10.8.0.1 255.255.255.0
16:41 < ke4nhw> ifconfig ...
16:41 < ke4nhw> with the mode server and all
16:41 < ke4nhw> Like I said the server had no troubles starting up, the client is what had a fit.
16:41 < banco> ke4nhw: well, check the logs then
16:42 < banco> weox: same ip>
16:42 < banco> weox: same ip?
16:43 < weox> banco: oh so sorry , typo : serrver 10.9.8.1 local : 10.9.8.2
16:43 < ke4nhw> I will after I get ready for work, I'll rerun the setup as was and see what the logs are saying. Before they were screaming about a .252 subnet when I defined a .0 subnet. Running Win7 Ultimate I'd think the interface was current enough to support the whole subnet (something about the old interface only supporting .252 in a document I read somewhere)
16:43 < weox> banco: It works perfectly between two , I can saw packets flow with out any problem via tcpdump or --verb 6
16:43 < banco> weox: what is server and local? OpenVPN server and OpenVPN client?
16:43 < weox> but I cant redirect server openvpn to net .
16:44 < weox> banco: yeah , sorry for not being correct, openvpn server and openvpn client
16:45 < weox> banco: I redirect my network connection in client successfully via : redirect-gateway def1
16:45 < banco> ke4nhw: yes, latest windows tap driver can use subnet topology, earlier it could only use net30
16:46 < banco> weox: did you enable SNAT?
16:47 < banco> weox: https://openvpn.net/index.php/open-source/documentation/howto.html#redirect
16:47 <@vpnHelper> Title: HOWTO (at openvpn.net)
16:47 < weox> banco: thank you , I am reading link carefully
16:52 < ke4nhw> It's a driver limitation of the tap-win32 driver, as I'm testing on a win 7 ultimate 32bit virtual. I will try testing tomorrow on a 64bit win 7 ultimate
16:52 < ke4nhw> I tested the same connection, one from the win vm, and one from a centos netbook. windows failed to connect, centos did just fine
16:52 < ke4nhw> so it's a problem on the client end
16:53 < ke4nhw> brb
16:56 < weox> banco: it is same , about client part it was okay and correct , but in server side, about NATing, I changed iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE to my personal config (ip) , but does not work , I can see my traffic comes to open server , but it does not pass my traffic to internet
16:58 < CryptoSiD> W: Failed to fetch http://swupdate.openvpn.net/apt/dists/trusty/Release Invalid 'Date' entry in Release file /var/lib/apt/lists/swupdate.openvpn.net_apt_dists_trusty_Release
16:58 < CryptoSiD> still broken
16:58 < CryptoSiD> anyone know who i could contact to get this fixed?
16:58 < CryptoSiD> now broken for 2 days or so
16:58 < banco> weox: did you enable ip forwarding?
16:58 -!- OG_s7eele [~AndChat52@2600:100d:b123:6561:75a6:da8b:af6f:dc94] has quit [Quit: Bye]
16:59 < banco> weox: check sysctl net.ipv4.ip_forward
17:00 -!- s7eele [~AndChat52@104.156.228.136] has joined #openvpn
17:01 < weox> banco: it was not 1 , I change /etc/systemctl.conf to enable it permanently
17:02 < weox> banco:  and now it works . I owe you , thank you so much
17:02 < banco> weox: you're welcome
17:08 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 250 seconds]
17:09 < ke4nhw> Now I just need to find out how I can either accomplish my goal straightforward, or workaround. Hmm, how long does the ipp.txt file hold on the persistent assignments?
17:10 < banco> ke4nhw: why don't you use ccd?
17:10 < ke4nhw> I am, but windows clients don't like it. The windows client is insisting on a .252 subnet.
17:10 < ke4nhw> There is a problem in your selection of --ifconfig endpoints [local=10.147.93.2, remote=255.255.255.0].  The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet.  This is a limitation of --dev tun when used with the TAP-WIN32 driver.  Try 'openvpn --show-valid-subnets' option for more info.
17:11 < ke4nhw> from the client log
17:11 < ke4nhw> As you can see I was using 10.8.0.0 and so on as a substitute for my actual values
17:11 < ke4nhw> sorry, security habit
17:12 < ke4nhw>  In the ccd file for this user, I have 'ifconfig-push 10.147.93.2 255.255.255.0'
17:12 < ke4nhw> only
17:12 < ke4nhw> Windows client will not accept this
17:14 < ke4nhw> Do you have any suggestions on this one?
17:14 < banco> ke4nhw: are you using "server 10.8.0.0 255.255.255.0 nopool"?
17:14 < ke4nhw> yes
17:14 < ke4nhw> Well, now that you know my addressing scheme '10.147.93.0 255.255.255.0'
17:15 < banco> ke4nhw: yes, I get it
17:15 < ke4nhw> I get the same results with the server nopool as I was getting with the expanded 'mode server' and so on.
17:15 < ke4nhw> However, if I use a straight server directive with a pool and do not use the ccd, the windows client will connect just fine
17:16 < ke4nhw> And when testing the nopool from the windows vm and the centos netbook, I used the same testing certificate and config, to keep everything identical between the two client tests.
17:16 < banco> ke4nhw: show youe client config
17:17 < ke4nhw> I tested each one at a time, disconnecting one before attempting to connect another.
17:17 < ke4nhw> hold on I'll pastebin
17:18 < ke4nhw> http://pastebin.com/Q6zuW9dC
17:18 < banco> ke4nhw: do you have in the server config "topology subnet" option?
17:19 < ke4nhw> right now, no, since I'm using the server ... nopool directive. When I had everything expanded, 'mode server' and so on, I was using the 'topology subnet' directive in the server conf
17:20 < banco> ke4nhw: add the topology option
17:20 < ke4nhw> ok hold on
17:20 < banco> ke4nhw: the default topology is net30
17:21 < ke4nhw> well I'll be stinkbombed lol
17:22 < ke4nhw> it worked
17:22 < ke4nhw> thanks
17:22 < ke4nhw> Now...
17:22 < banco> ke4nhw: that's good
17:22 < ke4nhw> Why will the topology subnet work with the server directive nopool and not when I expanded the server directive with 'mode server' et al?
17:23 < banco> ke4nhw: because you didn't expand it fully/precisely?
17:24 < banco> ke4nhw: also, nopool is removing ifconfig-pool option so you can use ccd
17:24 < ke4nhw> I'm looking at man openvpn --server and I see that one directive I did not use was the route directive
17:24 < ke4nhw> I used mode server tls-server topology subnet and ifconfig serverip serversubnet
17:25 < ke4nhw> ut no route or push route
17:25 < ke4nhw> could that have caused the error I showed you?
17:26 < banco> ke4nhw: though no, removing ifconfig-pool is not necessary, because openvpn have the priority for client IP selection:
17:26 < banco> 1 -- Use --client-connect script generated file for static IP (first choice).
17:26 < banco> 2 -- Use --client-config-dir file for static IP (next choice).
17:26 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
17:26 < banco> 3 -- Use --ifconfig-pool allocation for dynamic IP (last choice).
17:26 < ke4nhw> okay
17:26 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
17:26 < banco> ke4nhw: did you add "push "topology subnet""
17:26 < banco> ?
17:26 < ke4nhw> no I didn't
17:26 < banco> you should have
17:27 < ke4nhw> with the other setup or the one I currently have 'server ... nopool'?
17:27 < banco> with the expanded setup
17:29 < ke4nhw> Ahh, okay. I think I'll stick with this one for now since it's working. Now all I need, since the server is now pushing the correct address, is to configure one client's ccd so that it can see other computers on the server's subnet. I want my certificate to give me full network access, whereas the other users should not be able to be routed into the local lan and should be restricted to the
17:29 < ke4nhw> server itself, since that's where the resource they need resides (a Samba server on the same machine as the openvpn server).
17:29 < ke4nhw> i'll work on that one tomorrow as I have to head to work. If you have an document suggestions on this topic that I can read would you send them in a pm to me, so I don't have to search back through the room to find it?
17:30 < banco> ke4nhw: yeah, a sec
17:31 < ke4nhw> Okay, thanks, I'll take a look at them in the morning, and give them a try. If I can't get it to work I'll jump back in here to ask...
17:31 < banco> https://openvpn.net/index.php/open-source/documentation/howto.html#policy
17:31 <@vpnHelper> Title: HOWTO (at openvpn.net)
17:31 < ke4nhw> Thanks again and I think I'll stay with this setup as it's working
17:32 < ke4nhw> Okay got it, I'm headed out, if you think of anymore docs along this line PM them to me so I can find them in the morning. thanks again and ttys.
17:32 < banco> ke4nhw: ok, buy
17:33 -!- underplank [~mlakewood@216.38.130.196] has joined #openvpn
17:35 < underplank> Hi all. I’ve set up openvpn with 3 backends. Im also using the auth-user-pass-verify to do third party 2FA. THe issue is if the user doesnt ack the 2FA then the openvpn client will just keep trying to connect. I havent seemed to be able to find a “try this many times to authenticate and then give up option” in the documentation. Any pointers?
17:39 < banco> underplank: check the --auth-retry or --connect-retry-max options
17:48 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
17:48 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 272 seconds]
17:59 -!- s7r_ is now known as s7r
18:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:03 -!- underplank [~mlakewood@216.38.130.196] has quit [Quit: underplank]
18:04 -!- underplank [~mlakewood@216.38.130.196] has joined #openvpn
18:05 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-237-135.w86-195.abo.wanadoo.fr] has joined #openvpn
18:06 -!- underplank [~mlakewood@216.38.130.196] has quit [Client Quit]
18:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:23 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:36 -!- underplank [~mlakewood@216.38.130.196] has joined #openvpn
18:46 -!- underplank [~mlakewood@216.38.130.196] has quit [Quit: underplank]
18:51 -!- underplank [~mlakewood@216.38.130.196] has joined #openvpn
19:10 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
19:20 -!- CryptoSiD [SiD@CryptoSiD.DonSiD.net] has left #openvpn []
19:23 -!- underplank [~mlakewood@216.38.130.196] has quit [Quit: underplank]
19:24 -!- dazo is now known as dazo_afk
19:28 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 240 seconds]
19:38 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Ping timeout: 250 seconds]
19:43 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:43 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:48 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
20:28 -!- QORRiE [~QORRiE@unaffiliated/schaap137] has quit [Remote host closed the connection]
20:32 -!- weox [uid112413@gateway/web/irccloud.com/x-tkqjwjnrofonxndh] has quit [Quit: Connection closed for inactivity]
20:39 -!- somis [~somis@70.38.6.188] has quit [Quit: Leaving]
20:49 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
20:50 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
22:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:06 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
22:06 -!- mystica555 [~mystica55@63-224-69-174.customers.uswest.net] has quit [Read error: Connection reset by peer]
22:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:40 -!- s7eele [~AndChat52@104.156.228.136] has quit [Quit: Bye]
22:49 -!- henkie_ [~henkie@2ee3ea86.ftth.concepts.nl] has joined #openvpn
22:52 < henkie_> Hi, I have an issue with OpenVPN ( on a raspberry PI / Debian 8 ). When I change settings on the server (e.g. push route) the client wants to reload these settings, and it fails. I assume because the client has dropped its privileges. I have used OpenVPN in the past and this issue is new for me.  This is the error I am seeing:   ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
23:04 < henkie_> for now I have 'fixed' this and I keep running OpenVPN as root, I wasn't able to find for a solution on the web. If there is a way to acomplish this, I am all ears   :)
23:08 < subzero79> henkie_,i was just reading the man, seems like persist-tun might be the option
23:09 < henkie_> I have tried it with both persist-tun enabled and disabled
23:09 < henkie_> sorry, I cannot reach the client at the moment, or I could have pasted the config
23:11 < henkie_> The /dev/net/tun  device is r/w for everybody
23:12 -!- s7eele [~AndChat52@104.156.228.69] has joined #openvpn
23:12 < subzero79> “persist-tun and persist-key instruct OpenVPN to not reopen the tun device or generate new keying material whenever the tunnel is restarted.”
23:12 < subzero79> i don't run my clients with user, let me see if i get teh same result
23:13 < henkie_> I guess running it as root won't be that much of an issue in this case, it's a client, behind a NAT
23:13 < henkie_> oki
23:17 < subzero79> well with persist key and tun takes about 2 minutes for the client until it gets sigusr1, and restarts and everything back to normal when restarting the server
23:18 < henkie_> ok, in my case it seems to fail almost instantly
23:18 < subzero79> i just turn the option off
23:19 < henkie_> yes, I will keep it for now running as root, I might fiddle with it some more when I have physical access, restoring the connection is a bit hard at the moment  :)
23:20 < henkie_> thanks for looking tho
23:20 < subzero79> now it fails
23:20 < subzero79> WARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restarts to fail
23:21 < henkie_> yes, I have seen this message as well, it fails the same for me tho
23:22 < subzero79> how are you running the client?
23:22 < subzero79> in debian also?
23:22 < henkie_> yes, my first adventure in systemd  :)
23:23 < henkie_> the unit files where supplied by debian tho, so I think they are correct
23:23 < subzero79> me too, the server is jessie
23:23 < subzero79> the client is wheezy but i was just running the client in cli with openvpn client.conf with --user --group
23:23 < henkie_> ok, client is debian, and server is gentoo
23:24 < henkie_> http://pastebin.com/ivWF07Tw
23:24 < henkie_> this is my client
23:26 < henkie_> now it works, if I enable the user/group privilege thing, it fails after changing the server settings and restarting the server
23:28 < subzero79> nowhat about auth-nocache?
23:28 < subzero79> are you using authentication?
23:29 < henkie_> no
23:30 -!- ShadniX [dagger@p5DDFC4BA.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:32 -!- ShadniX [dagger@p57941506.dip0.t-ipconnect.de] has joined #openvpn
23:32 < henkie_> it's getting late here, thanks for your help subzero, I will be afk for a few hours
23:33 < subzero79> no worries
23:37 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Sat Dec 12 2015
00:00 -!- Badimo [~dgfdf@ppp-2-86-132-45.home.otenet.gr] has quit [Ping timeout: 256 seconds]
00:24 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:41 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-axulxacgogwubbbx] has joined #openvpn
02:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
02:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:16 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:21 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
02:21 -!- Ofloo [ofloo@narf.ofloo.net] has joined #openvpn
02:30 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
02:35 < Ofloo> Is there an equivalent of server-bridge for IPv6 ?
02:35 < Ofloo> Which is supported by tap interface
02:59 -!- leonarth [~leonarth@unaffiliated/leonarth] has joined #openvpn
02:59 -!- weox [uid112413@gateway/web/irccloud.com/x-ooumqjuxkcojomex] has joined #openvpn
03:01 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
03:16 -!- Ofloo [ofloo@narf.ofloo.net] has quit [Ping timeout: 240 seconds]
03:32 < subzero79> !routebyapp
03:32 <@vpnHelper> "routebyapp" is (#1) if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (windows, osx) or tsocks (linux, BSD) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. or (#2) Alternatively, read up about Policy Routing to make routing decisions based on
03:32 <@vpnHelper> defined policies you set. For Linux, read about !lartc
03:44 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-axulxacgogwubbbx] has quit [Quit: Connection closed for inactivity]
04:05 -!- lotharn1 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
04:06 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
04:07 -!- autrilla_ [uid86014@python/site-packages/autrilla] has joined #openvpn
04:07 -!- weox_ [uid112413@gateway/web/irccloud.com/x-dlczdsynnmiocnjl] has joined #openvpn
04:07 -!- s7r_ [~s7r@openvpn/user/s7r] has joined #openvpn
04:07 -!- mode/#openvpn [+v s7r_] by ChanServ
04:08 -!- roentgen_ [~none@unaffiliated/roentgen] has joined #openvpn
04:10 -!- iNs_ [~ins@85.17.164.26] has joined #openvpn
04:11 -!- weox [uid112413@gateway/web/irccloud.com/x-ooumqjuxkcojomex] has quit [Ping timeout: 240 seconds]
04:11 -!- iNs [~ins@85.17.164.26] has quit [Ping timeout: 240 seconds]
04:11 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 240 seconds]
04:11 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has quit [Ping timeout: 240 seconds]
04:11 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Ping timeout: 240 seconds]
04:11 -!- roentgen [~none@unaffiliated/roentgen] has quit [Quit: No Ping reply in 180 seconds.]
04:11 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
04:11 -!- dannier [dannier@117.185.76.94] has quit [Ping timeout: 240 seconds]
04:11 -!- Left_Turn [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 240 seconds]
04:11 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 240 seconds]
04:11 -!- willer [potato@gateway/shell/blinkenshell.org/x-ukspfcirmzstwklu] has quit [Ping timeout: 240 seconds]
04:11 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
04:11 -!- weox_ is now known as weox
04:11 -!- willer [potato@gateway/shell/blinkenshell.org/x-uhniegfptbrvzfzt] has joined #openvpn
04:12 -!- autrilla_ is now known as autrilla
04:13 -!- lotharn1 is now known as lotharn
04:14 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-jidgvjhdjyrosuuc] has quit [Ping timeout: 245 seconds]
04:14 -!- leonarth [~leonarth@unaffiliated/leonarth] has quit [Max SendQ exceeded]
04:15 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has quit [Remote host closed the connection]
04:16 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has quit [Ping timeout: 245 seconds]
04:16 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-mecoqlyvhbyanbce] has joined #openvpn
04:17 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 250 seconds]
04:17 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has joined #openvpn
04:18 -!- Ryushin [user@windwalker.chrisdos.com] has quit [Ping timeout: 256 seconds]
04:18 -!- eliasp [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
04:25 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
04:25 -!- arcsky [~arcsky@87.117.231.108] has joined #openvpn
04:45 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 264 seconds]
04:48 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
04:56 -!- mezo [~Daniel@46.101.117.26] has joined #openvpn
04:57 < mezo> hey, i just setup a vpn server and get following error when connecting: http://pastebin.com/BxYjsFtv
04:57 < mezo> on windows with the openvpn client the connection works
05:08 -!- mezo [~Daniel@46.101.117.26] has quit [Ping timeout: 250 seconds]
05:08 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 244 seconds]
05:36 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 250 seconds]
06:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:18 -!- doebi [~doebi@doebi.at] has quit [Remote host closed the connection]
06:23 -!- s7r_ is now known as s7r
06:30 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:34 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
07:29 -!- Ryushin [chris@2001:5c0:1000:a::11b] has joined #openvpn
07:34 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Quit: WeeChat 1.3]
07:40 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
08:02 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Quit: WeeChat 1.3]
08:17 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has quit [Ping timeout: 250 seconds]
08:17 -!- iokill [~dave@pippin.sigma-star.at] has quit [Ping timeout: 276 seconds]
08:18 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
08:27 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 246 seconds]
08:28 -!- ke4nhw [ke4nhw@unaffiliated/xanthaos] has joined #openvpn
08:28 -!- banco [~ban@212.164.222.212] has joined #openvpn
08:29 < ke4nhw> Hi. I'm almost at the point where I need to be. I am running the VPN server here, using server ... nopool and assigning IP's by ifconfig-push in ccd/<cn> files
08:31 < ke4nhw> For all the other users, I only want them to access the Samba shares that are on the same server so that's not a problem. However, for my user, I want my user to be able to access the Samba shares AND all the other computers in this local subnet (of course this is for when I am away from the house).
08:31 < ke4nhw> All of the vpn addresses are from the same subnet, using topology subnet
08:32 < ke4nhw> Is there a way to create a route just for my user cn that the others will not be able to see? If so, how, and are there ny docs you can point me to for this?
08:32 < ke4nhw> Or would it be better for me to run two openvpn daemons: one for the regular users and one for my user with the route pushed?
08:33 < ke4nhw> Which is not the idea I'd prefer to use...
08:36 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
08:38 -!- Ryushin [chris@2001:5c0:1000:a::11b] has quit [Ping timeout: 240 seconds]
08:38 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 240 seconds]
08:45 -!- Badimo [~Badimo@ppp-2-86-132-45.home.otenet.gr] has joined #openvpn
08:45 -!- banco [~ban@212.164.222.212] has joined #openvpn
08:45 -!- iokill [~dave@pippin.sigma-star.at] has joined #openvpn
08:47 -!- Nothing4You [N4Y@nothing4you.w.tf-w.tf] has joined #openvpn
08:49 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
08:56 -!- Paaltomo [~Paaltomo@128.90.105.40] has joined #openvpn
09:02 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
09:04 -!- Paaltomo [~Paaltomo@128.90.105.40] has left #openvpn ["Leaving"]
09:22 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
09:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:23 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Client Quit]
09:27 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:47 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
09:53 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:16 -!- Badimo [~Badimo@ppp-2-86-132-45.home.otenet.gr] has quit []
10:52 -!- mgorbach [~mgorbach@pool-96-237-153-21.bstnma.ftas.verizon.net] has quit [Ping timeout: 272 seconds]
10:54 -!- mgorbach [~mgorbach@pool-96-237-153-21.bstnma.ftas.verizon.net] has joined #openvpn
11:33 -!- willer [potato@gateway/shell/blinkenshell.org/x-uhniegfptbrvzfzt] has quit [Ping timeout: 256 seconds]
11:35 -!- dan_j_ [sid21651@gateway/web/irccloud.com/x-pcpvbiqahadaswpw] has joined #openvpn
11:37 -!- x5eb [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
11:38 -!- pipecloud [~pipework@unaffiliated/spaceghostc2c] has joined #openvpn
11:39 -!- early` [~early@105.ip-167-114-152.net] has joined #openvpn
11:40 -!- Netsplit *.net <-> *.split quits: NP-Hardass, flyingkiwi, early, ender|, pipework, [DS]Matej, jareth_, dan_j, johnny56, _0x5eb_,  (+7 more, use /NETSPLIT to show all of them)
11:40 -!- pipecloud is now known as pipework
11:40 -!- x5eb is now known as _0x5eb_
11:40 -!- Jeroen [~Jeroen@milkyway.jeroendeneef.com] has joined #openvpn
11:43 -!- Netsplit over, joins: NP-Hardass
11:43 -!- Darkwell [~Darkwell@155.4.72.115] has joined #openvpn
11:44 -!- Darkwell [~Darkwell@155.4.72.115] has quit [Changing host]
11:44 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
11:45 -!- dan_j_ is now known as dan_j
11:46 -!- doebi [~doebi@doebi.at] has joined #openvpn
11:46 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
11:48 -!- cippaciong [~cippacion@host169-204-dynamic.45-79-r.retail.telecomitalia.it] has joined #openvpn
11:53 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
11:54 -!- Netsplit *.net <-> *.split quits: Darkwell
11:57 < sillysausage> https://news.ycombinator.com/item?id=10716283
11:57 <@vpnHelper> Title: How the penis disappeared from the sex toy | Hacker News (at news.ycombinator.com)
11:58 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Client Quit]
11:58 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
11:58 -!- johnny56 [~johnny56@108.61.228.73] has joined #openvpn
11:58 -!- Darkwell [~Darkwell@h-72-115.a192.priv.bahnhof.se] has joined #openvpn
11:59 -!- johnny56 [~johnny56@108.61.228.73] has quit [Max SendQ exceeded]
11:59 -!- Darkwell [~Darkwell@h-72-115.a192.priv.bahnhof.se] has quit [Changing host]
11:59 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
11:59 -!- johnny56 [~johnny56@unaffiliated/johnny56] has joined #openvpn
12:03 -!- willer [potato@gateway/shell/blinkenshell.org/x-cjhoysvmuytgjbvl] has joined #openvpn
12:09 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
12:15 -!- willer [potato@gateway/shell/blinkenshell.org/x-cjhoysvmuytgjbvl] has quit [Ping timeout: 250 seconds]
12:15 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
12:16 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Ping timeout: 250 seconds]
12:17 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
12:22 -!- cippaciong [~cippacion@host169-204-dynamic.45-79-r.retail.telecomitalia.it] has left #openvpn ["WeeChat 1.3"]
12:25 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 250 seconds]
12:26 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
12:29 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has quit [Ping timeout: 264 seconds]
12:32 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 264 seconds]
12:34 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
12:41 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 264 seconds]
12:41 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
12:42 -!- willer [potato@gateway/shell/blinkenshell.org/x-xwofxyicmoblvrba] has joined #openvpn
12:46 -!- somis [~somis@70.38.6.188] has joined #openvpn
12:54 -!- lotharn1 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
12:55 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has quit [Read error: Connection reset by peer]
12:55 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
12:56 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 256 seconds]
13:02 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has quit [Read error: Connection reset by peer]
13:03 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
13:11 -!- willer [potato@gateway/shell/blinkenshell.org/x-xwofxyicmoblvrba] has quit [Ping timeout: 272 seconds]
13:17 -!- linuxdevman [~chatzilla@108.61.68.152] has joined #openvpn
13:18 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has quit [Read error: Connection reset by peer]
13:19 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
13:24 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has quit [Read error: Connection reset by peer]
13:24 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
13:39 -!- willer [potato@gateway/shell/blinkenshell.org/x-wwswgstysuicznyk] has joined #openvpn
13:42 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has quit [Read error: Connection reset by peer]
13:42 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
13:45 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has quit [Read error: Connection reset by peer]
13:45 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
13:49 -!- Ryushin [~Ryushin@38.102.245.226] has joined #openvpn
13:49 -!- mystica555_ [~mystica55@63-224-69-174.customers.uswest.net] has quit [Read error: Connection reset by peer]
13:49 -!- MikeH__ [~mystica55@63-224-69-174.customers.uswest.net] has joined #openvpn
13:52 -!- MikeH__ is now known as mystica555
13:59 -!- mystica555 [~mystica55@63-224-69-174.customers.uswest.net] has quit [Quit: Leaving]
13:59 -!- mystica555 [~mystica55@2602:3f:e045:ae00:a48b:b605:631c:6c46] has joined #openvpn
14:00 -!- willer [potato@gateway/shell/blinkenshell.org/x-wwswgstysuicznyk] has quit [Ping timeout: 240 seconds]
14:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:08 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
14:09 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
14:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:17 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
14:23 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 264 seconds]
14:25 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
14:27 -!- willer [potato@gateway/shell/blinkenshell.org/x-wffojolyeohdknro] has joined #openvpn
14:41 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
14:49 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has quit [Ping timeout: 260 seconds]
14:52 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
15:34 -!- linuxdevman [~chatzilla@108.61.68.152] has quit [Quit: oui]
15:58 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 240 seconds]
15:59 -!- banco [~ban@212.164.222.212] has joined #openvpn
16:04 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
16:10 -!- underplank [~mlakewood@104.193.169-242.PUBLIC.monkeybrains.net] has joined #openvpn
16:21 -!- ShadniX [dagger@p57941506.dip0.t-ipconnect.de] has quit [Quit: Bye.]
16:23 -!- ShadniX [~ShadniX@p57941506.dip0.t-ipconnect.de] has joined #openvpn
16:32 -!- somis [~somis@70.38.6.188] has quit [Quit: Leaving]
16:45 -!- somis [~somis@67.205.112.74] has joined #openvpn
17:18 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
17:18 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Quit: “If we don't believe in freedom of expression for people we despise, we don't believe in it at all — Noam Chomsky”]
17:18 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
17:20 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
17:57 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
17:58 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
18:01 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
18:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:13 -!- underplank [~mlakewood@104.193.169-242.PUBLIC.monkeybrains.net] has quit [Quit: underplank]
18:15 -!- underplank [~mlakewood@104.193.169-242.PUBLIC.monkeybrains.net] has joined #openvpn
18:18 -!- underplank [~mlakewood@104.193.169-242.PUBLIC.monkeybrains.net] has quit [Client Quit]
18:30 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 240 seconds]
18:43 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
19:26 -!- dannier [~dannier@208.111.39.60] has joined #openvpn
19:32 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
19:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
19:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:38 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:42 -!- marlinc [~marlinc@bouncer.cvo.technology] has quit [Changing host]
19:42 -!- marlinc [~marlinc@unaffiliated/marlinc] has joined #openvpn
19:56 -!- somis [~somis@67.205.112.74] has quit [Quit: Leaving]
20:02 -!- fling [~fling@fsf/member/fling] has left #openvpn []
20:11 -!- Ryushin [~Ryushin@38.102.245.226] has quit [Ping timeout: 240 seconds]
20:17 -!- Ryushin [~Ryushin@38.102.245.226] has joined #openvpn
20:30 < ke4nhw> I hope I've got this set up right, unfortunately I won't know until I can test it from a remote location
20:57 -!- KNERD [~KNERD@netservisity.com] has joined #openvpn
21:05 -!- willer [potato@gateway/shell/blinkenshell.org/x-wffojolyeohdknro] has quit [Ping timeout: 250 seconds]
21:09 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:11 < KNERD> is -> push "dhcp-option DNS 10.66.0.4"   the same as having the client side to have all traffice go through the VPN?
21:14 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has quit [Ping timeout: 264 seconds]
21:30 -!- [DS]Matej [~dsmatej@unaffiliated/dsmatej/x-9142595] has joined #openvpn
21:32 -!- willer [potato@gateway/shell/blinkenshell.org/x-nhwunqgggsguroza] has joined #openvpn
21:54 -!- Ryushin [~Ryushin@38.102.245.226] has quit [Ping timeout: 272 seconds]
22:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:25 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 272 seconds]
22:27 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
22:32 -!- weox [uid112413@gateway/web/irccloud.com/x-dlczdsynnmiocnjl] has quit [Quit: Connection closed for inactivity]
22:38 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
23:17 -!- Ryushin [~Ryushin@109.sub-70-211-144.myvzw.com] has joined #openvpn
23:29 -!- ShadniX [~ShadniX@p57941506.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:30 -!- ShadniX [dagger@p5DDFEAD3.dip0.t-ipconnect.de] has joined #openvpn
23:41 -!- cyberspace- [20253@ninthfloor.org] has quit [Read error: Connection reset by peer]
23:45 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
23:56 -!- Bose [Bose@gateway/shell/bnc4free/x-adbvzumuzvygmoen] has joined #openvpn
23:57 < Bose> CyberghostVPN Special Editon, OkayFreedom VPN, F-secure Freedome - 1 year License for 10 USD/unit - valid keys from promos/deals, legit offers, if you really wana buy join ##vpn
23:58 -!- Bose [Bose@gateway/shell/bnc4free/x-adbvzumuzvygmoen] has left #openvpn ["Leaving"]
23:58 -!- Ryushin [~Ryushin@109.sub-70-211-144.myvzw.com] has quit [Ping timeout: 272 seconds]
--- Day changed Sun Dec 13 2015
00:03 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
00:09 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
00:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
00:44 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
01:14 -!- roentgen_ [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
01:53 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
01:56 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
01:56 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
02:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
02:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:34 -!- bittin_US is now known as bittin
02:47 -!- subzero79 [~subzero79@2a01:4f8:162:4107::2] has joined #openvpn
03:24 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
04:13 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
04:20 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:22 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:24 -!- toli [~toli@ip-62-235-214-28.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
04:25 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-mecoqlyvhbyanbce] has quit [Ping timeout: 272 seconds]
04:25 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Read error: Connection reset by peer]
04:26 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
04:26 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has joined #openvpn
04:27 -!- casdr [sid130744@gateway/web/irccloud.com/x-nalwelivyfydzjpz] has quit [Ping timeout: 250 seconds]
04:27 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:28 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
04:29 -!- dan_j [sid21651@gateway/web/irccloud.com/x-pcpvbiqahadaswpw] has quit [Ping timeout: 240 seconds]
04:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:36 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:38 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
04:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
04:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:42 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Ping timeout: 240 seconds]
04:45 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:45 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-cqqpqentlvlenlhp] has joined #openvpn
04:45 -!- casdr [sid130744@gateway/web/irccloud.com/x-yosssbzqpmauyxcn] has joined #openvpn
04:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:46 -!- dan_j [sid21651@gateway/web/irccloud.com/x-hvtqshonaiazgjxh] has joined #openvpn
04:50 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
04:51 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
04:53 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
04:56 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Disconnected by services]
04:57 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
04:57 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:02 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
05:03 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:08 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
05:09 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:14 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
05:15 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:20 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
05:21 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:26 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
05:27 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:33 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
05:33 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:38 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
05:39 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:44 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 256 seconds]
05:44 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:49 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
05:50 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:54 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
05:54 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:55 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:01 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
06:01 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:06 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
06:06 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:09 -!- mrx-420 [~mrx@192.162.100.240] has joined #openvpn
06:10 < mrx-420> anyone know how to cascade vpn with perfect privacy in linux it wont work withe he manual : https://www.perfect-privacy.com/howto/cascading-your-vpn-connection-over-multiple-hops-with-linux/
06:11 <@vpnHelper> Title: Cascading your VPN (multihop) with Linux | Perfect Privacy (at www.perfect-privacy.com)
06:11 < mrx-420> syslog: ovpn dissapeared
06:11 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 250 seconds]
06:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:12 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:17 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
06:18 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:18 -!- ioanm [~ioanm@unaffiliated/ioanm] has joined #openvpn
06:19 < ioanm> guys i need your help
06:19 < ioanm> i've set up a openvpn server using a ubuntu server machine and TUN
06:19 < ioanm> it works to connect to it
06:19 < ioanm> but I can't ping 8.8.8.8 or 10.8.0.1 or access the internet
06:20 < ioanm> ip addr shows tun0 lo and eth0 on server
06:20 < ioanm> please help me fast
06:21 -!- Ryushin [chris@2001:5c0:1000:a::c5] has joined #openvpn
06:23 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
06:23 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:25 -!- ustn [~ustn@p4FDB1124.dip0.t-ipconnect.de] has joined #openvpn
06:26 < ioanm> please help me
06:33 -!- JackWinter [~jack@vodsl-11049.vo.lu] has quit [Remote host closed the connection]
06:34 -!- AlmogBaku [~AlmogBaku@212.235.124.20] has joined #openvpn
06:39 -!- PhoenixS [~seedbox@ns3096936.ip-91-121-194.eu] has quit [Quit: Lost terminal]
06:54 -!- ustn [~ustn@p4FDB1124.dip0.t-ipconnect.de] has quit [Quit: ustn]
06:57 -!- ioanm [~ioanm@unaffiliated/ioanm] has quit [Ping timeout: 240 seconds]
07:45 -!- Ryushin [chris@2001:5c0:1000:a::c5] has quit [Ping timeout: 250 seconds]
08:08 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has quit [Quit: “If we don't believe in freedom of expression for people we despise, we don't believe in it at all — Noam Chomsky”]
08:11 -!- k0nsl [~k0nsl@unaffiliated/k0nsl] has joined #openvpn
08:20 -!- mrx-420 [~mrx@192.162.100.240] has quit [Ping timeout: 240 seconds]
08:26 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:33 -!- Ryushin [chris@2001:5c0:1000:a::fb] has joined #openvpn
08:40 -!- ustn [~ustn@p4FDB1124.dip0.t-ipconnect.de] has joined #openvpn
08:46 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
08:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
08:54 -!- ustn [~ustn@p4FDB1124.dip0.t-ipconnect.de] has quit [Quit: ustn]
09:12 -!- Ryushin [chris@2001:5c0:1000:a::fb] has quit [Read error: Connection reset by peer]
09:24 -!- Ryushin [chris@2001:5c0:1000:a::17b] has joined #openvpn
09:44 -!- AlmogBaku [~AlmogBaku@212.235.124.20] has quit [Read error: Connection reset by peer]
09:49 -!- JackWinter2 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
09:58 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has joined #openvpn
10:00 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 272 seconds]
10:01 -!- hadi [~Instantbi@31.59.9.81] has joined #openvpn
10:02 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
10:08 -!- AlmogBaku [~AlmogBaku@dsl212-235-124-20.bb.netvision.net.il] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:26 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 240 seconds]
10:36 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:39 -!- Paaltomo [~Paaltomo@75-119-249-227.dsl.teksavvy.com] has joined #openvpn
10:39 < Paaltomo> hi
10:39 < Paaltomo> how's it going
10:44 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
10:44 < Paaltomo> i'm having an issue with openvpn connecting to my shiny new server
10:44 < Paaltomo> says that the TLS key negotiation failed to ccur
10:44 < Paaltomo> *occur
10:44 < Paaltomo> I tried following this guide, https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
10:44 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Ubuntu 14.04 | DigitalOcean (at www.digitalocean.com)
10:45 < Paaltomo> followed every step but can't seem to connect
10:45 < Paaltomo> I'm on Antergos linux
10:45 < Paaltomo> my google-fu isn't helping either
10:45 < Paaltomo> help me, #openvpn, you're my only hope :3
10:45 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:49 < Paaltomo> is it a port thing?
10:57 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
11:01 < banco> Paaltomo: check the connection with netcat first
11:02 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Read error: Connection reset by peer]
11:02 < Paaltomo> roger
11:02 < Paaltomo> thanks banco
11:03 < Paaltomo> um
11:03 < Paaltomo> ok
11:03 < Paaltomo> so i pinged the port
11:03 < Paaltomo> nothing happened
11:03 < banco> pinged the port?
11:03 < Paaltomo> i'm sorry
11:03 < Paaltomo> i'm still waking up
11:04 -!- akurilin [~alex@208.80.70.250] has quit [Ping timeout: 256 seconds]
11:04 < banco> if you the ping to the server ip is timed out, then check your connection/fw
11:04 < Paaltomo> ok how should i do that
11:05 < Paaltomo> b/c it for sure is timing out
11:05 < Paaltomo> i'm obviouisly connected, because i'm talking to you
11:05 < Paaltomo> but should i enable forwarding in ufw or something :/ not sure
11:05 < Paaltomo> bah
11:05 < banco> the icmp can be blocked with server fw
11:05 -!- cfuture [~xmg@ltea-047-066-070-086.pools.arcor-ip.net] has joined #openvpn
11:06 < banco> check the iptables rules
11:06 < banco> iptables -t nat -L -n -v --line-numbers
11:06 < banco> iptables -L -n -v --line-numbers
11:08 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
11:08 < Paaltomo> i don't see it in forwarding
11:08 < Paaltomo> only input
11:08 < banco> paste the rules
11:09 < Paaltomo> sent
11:12 < banco> Paaltomo: check the udp connection with netcat:
11:12 < banco> https://www.digitalocean.com/community/tutorials/how-to-use-netcat-to-establish-and-test-tcp-and-udp-connections-on-a-vps
11:12 <@vpnHelper> Title: How To Use Netcat to Establish and Test TCP and UDP Connections on a VPS | DigitalOcean (at www.digitalocean.com)
11:12 < banco> shoul be working
11:13 < banco> netcat -lu 1194 on server and netcat -u server_ip 1194 on client
11:14 < banco> and terminate openvpn before you try
11:14 < Paaltomo> great thanks for the help
11:15 < Paaltomo> um
11:15 < Paaltomo> it's pooping out random non-ascii characters
11:15 < Paaltomo> >_>
11:15 < banco> did you terminate openvpn?
11:15 < Paaltomo> i thought so
11:15 < Paaltomo> i'll double check
11:17 < Paaltomo> yeah, no openvpn processes
11:18 < banco> no openvpn on client side?
11:18 -!- xenkey [~xen@unaffiliated/xenkey] has left #openvpn ["Leaving"]
11:18 < Paaltomo> i'm testing the server atm
11:18 < Paaltomo> let me check tho
11:19 -!- AlmogBaku [~AlmogBaku@bzq-79-183-229-135.red.bezeqint.net] has joined #openvpn
11:20 < Paaltomo> nope
11:20 < Paaltomo> doesn't look like it
11:20 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Quit: Bye!]
11:20 < Paaltomo> nothing in processes
11:21 < banco> hm, strange, if you see some garbage on the 1194/udp on the server side, then it should be some openvpn client trying to connect
11:21 < banco> you had only one client?
11:21 < Paaltomo> :/
11:21 < Paaltomo> yep
11:21 < Paaltomo> just installed this distro yesterday
11:22 < Paaltomo> and same with the server
11:22 < Paaltomo> they're both fresh installs
11:22 < Paaltomo> no custom params
11:22 < banco> try to test netcat on different port, 1195 or something
11:23 < Paaltomo> okies
11:23 < Paaltomo> weird
11:23 < Paaltomo> looks like it's doing the same thing
11:24 < banco> how did you check it exactly?
11:24 < Paaltomo> netcat -lu 1195
11:24 < Paaltomo> and it just gives no output
11:24 < banco> that's expected
11:24 < Paaltomo> ok cool
11:25 < banco> netcat -lu 1195 run on the server side
11:25 < banco> and netcat -u server_ip 1194 on client side
11:25 < Paaltomo> 8���8k��^
11:25 < Paaltomo> that's what netcat -lu 1194 outputs
11:25 < banco> then type something on the client side and press enter
11:25 < Paaltomo> ok
11:25 < banco> netcat -u server_ip 1195 fix
11:26 < Paaltomo> i did the thing
11:26 < Paaltomo> no output on either console
11:26 < Paaltomo> is that good? >_>
11:27 < banco> ah, forgot about fw
11:27 < Paaltomo> :3
11:27 < banco> ufw allow 1195/udp
11:27 < Paaltomo> on what, client or server
11:27 < Paaltomo> or both
11:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:27 < banco> server
11:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Client Quit]
11:28 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
11:28 < Paaltomo> ok
11:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:28 < Paaltomo> ok i did the ufw allow thing and i'm trying again
11:28 < Paaltomo> but still no output on either
11:28 < Paaltomo> did i have to refresh ufw or something?
11:29 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
11:29 < banco> no, it should be workink like this
11:30 < banco> enable logging
11:30 < banco> ufw logging on
11:30 < banco> and check the logs when you type something in netcat
11:31 < Paaltomo> okies
11:31 < Paaltomo> thanks
11:31 < Paaltomo> :)
11:31 < Paaltomo> will paste soon
11:31 < banco> Paaltomo: tail -F /var/log/syslog | grep "PT=1195"
11:32 < Paaltomo> did that, no output
11:32 < banco> check if there is any fw logs with tail -F /var/log/syslog
11:33 < banco> should be something loke:
11:33 < banco> Feb  4 23:33:37 hostname kernel: [ 3529.289825] [UFW BLOCK] IN=eth0 OUT= MAC=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd SRC=444.333.222.111 DST=111.222.333.444 LEN=103 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=53 DPT=36427 LEN=83
11:34 < Paaltomo> i see stuff there
11:35 < Paaltomo> tried to do netcat on client but there's no output happening on server
11:35 < banco> when you tried netcat on the client - did you type something and pressed enter?
11:35 < Paaltomo> yesh
11:36 < banco> hm, check the ufw status
11:36 < Paaltomo> okies
11:37 < Paaltomo> ok i noticed that 1195 wasn't in the list
11:37 < Paaltomo> so i added it
11:37 < Paaltomo> udp
11:38 < Paaltomo> now there's stuff happening on the terminal
11:38 < Paaltomo> UFW block
11:38 < Paaltomo> yay
11:38 < Paaltomo> it's doin stuff
11:38 < banco> netcat?
11:38 < Paaltomo> i think so
11:39 < banco> so can you see on server side what you type on client side/
11:39 < banco> ?
11:40 < Paaltomo> oh
11:40 < Paaltomo> no
11:40 < Paaltomo> lol
11:40 < banco> what do you see then?
11:40 < Paaltomo> just some output mentioning UFT blocks
11:40 < Paaltomo> with info about the connection
11:40 < Paaltomo> * UFW
11:40 < banco> with tail -F /var/log/syslog | grep "PT=1195"
11:40 < banco> or tail -F /var/log/syslog
11:40 < banco> ?
11:41 < Paaltomo> the latter
11:41 < Paaltomo> no output for the former
11:42 < banco> add this rule ufw allow log 1194/udp
11:42 < banco> add this rule ufw allow log 1195/udp
11:42 < banco> fix
11:42 < banco> and check the logs again
11:42 < Paaltomo> okies :)
11:43 < Paaltomo> still nothing
11:43 < banco> hm, paste the ufw status verbose
11:43 < Paaltomo> from server?
11:43 < banco> yes
11:44 < Paaltomo> # ufw status
11:44 < Paaltomo> Status: active
11:44 < Paaltomo> To                         Action      From
11:44 < Paaltomo> --                         ------      ----
11:44 < Paaltomo> 22                         ALLOW       Anywhere
11:44 < Paaltomo> 1194/udp                   ALLOW       Anywhere
11:44 < Paaltomo> 1195/udp                   ALLOW       Anywhere (log)
11:44 < Paaltomo> 22 (v6)                    ALLOW       Anywhere (v6)
11:44 < Paaltomo> 1194/udp (v6)              ALLOW       Anywhere (v6)
11:44 < Paaltomo> 1195/udp (v6)              ALLOW       Anywhere (v6) (log)
11:44 < Paaltomo> oops
11:44 < Paaltomo> i'm sorry didn't mean to spam >_>
11:44 < banco> hm, it should be ok
11:44 < Paaltomo> :c
11:44 < banco> maybe there is fw blocking on client side?
11:45 < Paaltomo> i'm running antergos
11:45 < banco> though it's unlikely
11:46 < Paaltomo> :/
11:47 < banco> Paaltomo: what is your client-server connection? Is server connected to the internet directly or behind a NAT?
11:47 < Paaltomo> it's just a DO droplet
11:48 < Paaltomo> i mean
11:48 < Paaltomo> i enabled private networking
11:49 < Paaltomo> is that the issue?
11:49 < Paaltomo> isn't that just supplementary, and doesn't replace the whole access bit?
11:50 < banco> no, seems like it's not the problem
11:50 < banco> paste the ip a
11:51 < Paaltomo> sent
11:52 < banco> no I want to know what interfaces you have on the server and on which ip are you connecting, you can change the ip
11:53 < Paaltomo> >_>
11:53 < Paaltomo> interfaces?
11:53 < banco> eth0/eth1/something
11:53 < Paaltomo> <_<
11:53 < Paaltomo> oh
11:53 < Paaltomo> eth0
11:53 < Paaltomo> afaik
11:55 < banco> check if you have the 1195/udp port open on the server side with netstat -plnt | grep ':1195'
11:56 < Paaltomo> doesn't poop out any output
11:57 < banco> check this
11:57 < banco> netstat -lun | grep "1195"
12:00 < Paaltomo> nope
12:00 < Paaltomo> no output either
12:01 < banco> do you have netcat -lu 1195 running?
12:02 < Paaltomo> on the server?
12:02 < banco> yes
12:03 < Paaltomo> uh should i have two terminals up then? :/
12:03 < banco> yes
12:03 < banco> open the secon ssh session
12:04 < Paaltomo> gotcha
12:04 < Paaltomo> okies there we go
12:04 < Paaltomo> # netstat -lun | grep "1195"
12:04 < Paaltomo> udp        0      0 0.0.0.0:1195            0.0.0.0:*
12:05 < banco> ok, now leave the netcat -lu 1195 running on server in first ssh session, and in the second session run this tail -F /var/log/syslog | grep "PT=1195"
12:05 < banco> and try to netcat -u server_ip 1195 from the client
12:06 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 240 seconds]
12:06 < Paaltomo> ok grat
12:06 < Paaltomo> thanks a tonne for your help banco :)
12:07 < Paaltomo> alright just did that
12:07 < Paaltomo> nothing's happening on any of the 3 consoles
12:08 < banco> did you type something and pressed enter on the client netcat?
12:08 < Paaltomo> ran netcat as sudo and nothing's happening either
12:08 < Paaltomo> ermagerd
12:08 < Paaltomo> ERMAGERD
12:08  * Paaltomo hugs banco
12:08 < Paaltomo> stuff is there!
12:08 < banco> ok, good
12:08 < Paaltomo> \\o
12:08 < Paaltomo> o//
12:08 < banco> now change the server and client config files from port 1194 to port 1195
12:08 < Paaltomo> now what :3
12:08 < Paaltomo> kk
12:08 < banco> and then try to connect again
12:08 < banco> with openvpn
12:08 -!- AlmogBaku [~AlmogBaku@bzq-79-183-229-135.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:09 < banco> but before it - terminate the netcat
12:09 -!- dan_j_ [sid21651@gateway/web/irccloud.com/x-skxllrkprbninyim] has joined #openvpn
12:09 -!- AlmogBaku [~AlmogBaku@bzq-79-183-229-135.red.bezeqint.net] has joined #openvpn
12:09 -!- roentgen_ [~none@unaffiliated/roentgen] has joined #openvpn
12:09 < Paaltomo> kk
12:11 < Paaltomo> ok attempting to connect
12:12 -!- iokill_ [~dave@pippin.sigma-star.at] has joined #openvpn
12:13 < Paaltomo> i'm checking the syslog and it's saying it's allowing the connection but openvpn isn't connecting
12:13 -!- dan_j [sid21651@gateway/web/irccloud.com/x-hvtqshonaiazgjxh] has quit [Ping timeout: 240 seconds]
12:13 -!- roentgen [~none@unaffiliated/roentgen] has quit [Ping timeout: 240 seconds]
12:13 -!- swebb [~swebb@192.152.130.179] has quit [Ping timeout: 240 seconds]
12:13 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 240 seconds]
12:13 -!- iokill [~dave@pippin.sigma-star.at] has quit [Ping timeout: 240 seconds]
12:13 < banco> Paaltomo: paste the client and server openvpn logs
12:13 -!- AlmogBaku [~AlmogBaku@bzq-79-183-229-135.red.bezeqint.net] has quit [Write error: Broken pipe]
12:14 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
12:14 < Paaltomo> okies
12:14 < Paaltomo> one moment
12:14 -!- dan_j_ is now known as dan_j
12:14 -!- AlmogBaku [~AlmogBaku@bzq-79-183-229-135.red.bezeqint.net] has joined #openvpn
12:15 -!- AlmogBaku [~AlmogBaku@bzq-79-183-229-135.red.bezeqint.net] has quit [Client Quit]
12:16 -!- ke4nhw [ke4nhw@unaffiliated/xanthaos] has quit [Ping timeout: 272 seconds]
12:18 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
12:20 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
12:20 < Paaltomo> banco where are client openvpn logs
12:20 < Paaltomo> can't see them on google
12:20 < banco> did you enable the logging?
12:20 < banco> log /the/path/to/file
12:20 < banco> option in config
12:21 < Paaltomo> probably not, knowing myself
12:21 -!- swebb [~swebb@192.152.130.179] has joined #openvpn
12:22 < Paaltomo> do i put it in the .ovpn file
12:23 < banco> yes
12:23 < Paaltomo> kewl
12:23 < Paaltomo> fixed it
12:24 < Paaltomo> attempting to connect again
12:25 -!- darlinger [~darlinger@li1238-151.members.linode.com] has quit [Ping timeout: 260 seconds]
12:26 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
12:26 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
12:27 -!- darlinger [~darlinger@li1238-151.members.linode.com] has joined #openvpn
12:27 < Paaltomo> nothing is happening, banco :c
12:27 < Paaltomo> i added "log /var/log/openvpn.log" in the .ovpn file but nothing is showing up there
12:28 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:28 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
12:28 < Paaltomo> nhvm i lied
12:28 < Paaltomo> i'm no abe lincoln
12:29 < Paaltomo> okies sent :)
12:31 < banco> Paaltomo: paste the server log
12:32 < Paaltomo> i did
12:32 < Paaltomo> in the same paste
12:32 < Paaltomo> it's the first part
12:32 < banco> is that with the log option in server config?
12:32 < Paaltomo> oh
12:32 < Paaltomo> no
12:32 < Paaltomo> one moment
12:32 < Paaltomo> sorry
12:32 -!- __FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 260 seconds]
12:34 -!- _FBi [~B@Aircrack-NG/User] has joined #openvpn
12:42 < Paaltomo> banco: it's not doing anything with the logfile
12:42 < Paaltomo> ont he server
12:42 < Paaltomo> i set the log config in the server.conf but it's not writing to that file
12:43 < banco> Paaltomo: did you restart the server?
12:43 < Paaltomo> oh no, i just restarted openvpn
12:43 < Paaltomo> my bad
12:44 < Paaltomo> sorry for my newbness banco
12:49 -!- Paaltomo [~Paaltomo@75-119-249-227.dsl.teksavvy.com] has quit [Ping timeout: 250 seconds]
12:59 -!- Paaltomo [~Paaltomo@75-119-249-227.dsl.teksavvy.com] has joined #openvpn
12:59 < Paaltomo> ermagerd
12:59 < Paaltomo> lost mah internets
12:59 < Paaltomo> banco: still here? :d
13:04 < banco> Paaltomo: yes, what's with the logs?
13:04 < Paaltomo> did you get them? i resent linky
13:04 < banco> yes
13:04 < banco> i got them
13:05 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
13:06 -!- clockers [~ariqs@dynamic-173-243-77-158.wirelessbroadband.galt.softcom.net] has joined #openvpn
13:06 < clockers> I just got openvpn and connected to a server. It says my IP has been changed, but it clearly isn't
13:06 < clockers> any ideas?
13:09 < banco> that's strange, based on the server log, there should be some more info in the client log as well
13:10 < banco> paste the client log once again
13:10 < Paaltomo> I can up the verbosity in the client log if you'd like
13:10 < banco> verb 4 should be enough
13:11 < banco> also, restart the openvpn, when you make any changes in the config
13:12 < Paaltomo> yep yep
13:14 < clockers> it says my ip is changed with openvpn, but it's not :P redirect-gateway is in the config file
13:14 < clockers> ERROR: Windows route add command failed [adaptive]: returned error code 1
13:14 < clockers> oh
13:15 < clockers> maybe I didn't run it as admin or something
13:15  * clockers tries that
13:16 < clockers> success
13:17 -!- Paaltomo [~Paaltomo@75-119-249-227.dsl.teksavvy.com] has quit [Ping timeout: 240 seconds]
13:19 < clockers> is there a good way to find vpns near you for latency?
13:23 -!- Paaltomo [~Paaltomo@75-119-249-227.dsl.teksavvy.com] has joined #openvpn
13:23 < Paaltomo> gah
13:23 < Paaltomo> sorry banco
13:23 < Paaltomo> keep losing connection for some reason :/
13:24 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
13:27 < banco> Paaltomo: so did you get the client logs?
13:27 < Paaltomo> yep one moment
13:28 < Paaltomo> sorry thought you got it but i must have sent it during my outage
13:30 < banco> cat you ping 10.8.0.1 from the client?
13:30 < banco> or 10.8.0.6 from the server
13:31 < Paaltomo> one moment
13:31 < Paaltomo> PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
13:31 < Paaltomo> PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.
13:34 -!- Netsplit *.net <-> *.split quits: Denial, clockers, lxusrbin, zmachine, shootbird, callumacrae, tychotithonus, Zimsky, APTX, Matir,  (+166 more, use /NETSPLIT to show all of them)
13:34 -!- Netsplit over, joins: Keridos, Paaltomo, clockers, bluenemo, _FBi, JackWinter1, darlinger, swebb, ender|, iokill_ (+166 more)
13:35 < banco> paste the client routing table
13:35 < banco> ip r
13:35 < banco> when you're connected to the OpenVPN server
13:37 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Remote host closed the connection]
13:38 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Ping timeout: 272 seconds]
13:38 -!- Lehvyn [~Lehvyn@unaffiliated/lehvyn] has quit [Ping timeout: 272 seconds]
13:38 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
13:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 272 seconds]
13:39 < Paaltomo> 100% packet loss each time
13:39 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
13:39 < Paaltomo> on both client and server
13:39 < Paaltomo> what do, banco? :s
13:39 < banco> ok, paste the output of the ip r comand
13:39 < Paaltomo> okies
13:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:40 -!- Lehvyn [~Lehvyn@unaffiliated/lehvyn] has joined #openvpn
13:40 < Paaltomo> sent
13:42 < banco> were you connected to the openvpn server?
13:42 -!- Badimo [~Badimo@ppp-2-86-132-23.home.otenet.gr] has joined #openvpn
13:42 < Paaltomo> nope
13:43 < banco> did you disconnect manually or not?
13:43 < Paaltomo> wait
13:43 < Paaltomo> you mean in the terminal?
13:43 < banco> if not - send the logs from client and server when it was disconnected
13:43 < Paaltomo> or through openvpn
13:43 < banco> were your openvpn client connected to the openvon server?
13:44 < Paaltomo> nope
13:44 < Paaltomo> i can't connect
13:44 < Paaltomo> that's mah problem
13:44 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds]
13:44 < banco> based on the logs it seems like you connected "Initialization Sequence Completed"
13:44 < banco> paste the logs then once again
13:45 < banco> from the start on the openvpn to the end
13:45 < banco> from client and server
13:45 < banco> from the start of the openvpn*
13:45 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
13:46 < Paaltomo> lol ok
13:56 -!- somis [~somis@167.160.44.200] has joined #openvpn
14:01 -!- underplank [~mlakewood@104.193.169-242.PUBLIC.monkeybrains.net] has joined #openvpn
14:19 < banco> Paaltomo: so what's with the logs?
14:19 -!- underplank [~mlakewood@104.193.169-242.PUBLIC.monkeybrains.net] has quit [Quit: underplank]
14:21 < Paaltomo> i'm waiting for thunderbird to finish installing
14:21 < Paaltomo> it's taking forevvvverrrrrr
14:27 -!- XanThaOs [~ke4nhw@unaffiliated/xanthaos] has joined #openvpn
14:29 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
14:31 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
14:42 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:43 -!- n0Str3s5 [~n0Str3s5@QUBCPQ1306W-LP140-01-1088776231.dsl.bell.ca] has joined #openvpn
14:43 -!- Crontab [~Crontab@static.130.189.46.78.clients.your-server.de] has joined #openvpn
14:46 -!- Crontab [~Crontab@static.130.189.46.78.clients.your-server.de] has quit [Client Quit]
14:47 -!- Crontab [~Crontab@static.130.189.46.78.clients.your-server.de] has joined #openvpn
14:58 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Quit: No Ping reply in 180 seconds.]
14:59 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
15:05 -!- Crontab [~Crontab@static.130.189.46.78.clients.your-server.de] has quit [Ping timeout: 240 seconds]
15:16 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Quit: Goodbye beautiful people! (ʎɐpʎɹəʌə pəəʍ əʞoɯs)]
15:20 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
15:21 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Remote host closed the connection]
15:23 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:28 -!- n0Str3s5 [~n0Str3s5@QUBCPQ1306W-LP140-01-1088776231.dsl.bell.ca] has left #openvpn []
15:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:30 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
15:32 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Client Quit]
15:35 -!- akurilin [~alex@208.80.70.250] has joined #openvpn
15:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:44 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
15:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:51 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
15:55 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Ping timeout: 240 seconds]
15:57 < XanThaOs> If I only want one user to access the lan behind the server can I put the push route in that user's ccd file or does it need to go in the main server.conf file?
15:58 < apollo13> XanThaOs: ccd is fine
15:58 < apollo13> XanThaOs: though you have to ensure that you also set proper firewall rules, otherwise users can just manually add the route and access everything
15:58 < XanThaOs> ok and if the server's local subnet lan is 10.2.0.128 255.255.255.128 that is what I will put in the push right?
15:59 < XanThaOs> Yep Every user will get a forward rule that spells out exactly what they can and cannot do. Most will get a -s their vpn address -d server vpn address so they are limited to the samba server there
15:59 < XanThaOs> Only this user will get a full forward
16:01 < XanThaOs> I've got everything set up but I can't test it right now. I gotta either put this computer in an isolated subnet or go somewhere outside of my network
16:01 < XanThaOs> May be a good excuse to go to starbucks lol
16:05 < XanThaOs> I'm thinking about changing the way my users are allowed to use their vpn
16:06 < XanThaOs> Have them keep the config, certs, and key on a flash drive, and use it that way. In that setup even if their computer is stolen their keys aren't compromised as long as the keep their flash drive separate and locked up
16:07 < apollo13> just encrypt the computer file systems :D
16:08 < XanThaOs> I can't dictate how they use their personal computers
16:08 < XanThaOs> As far as the keys, the keys will be generated with strong passwords and used only from flash. Besides this (and without dictating how their system is setup) is there anything else I can do to safguard the keys?
16:10 < apollo13> " the keys will be generated with strong passwords and used only from flash" and what is going to ensure that?
16:10 < apollo13> I would just laugh at you, put the password into seahorse and the key onto my local fs
16:10 < apollo13> and then destroy the flash drive
16:11 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
16:13 < XanThaOs> I see what you're saying, and I can't think of any way to enforce the usage policy. Fortunate for me there are only two users, and I have a very high degree of trust that they'll follow my recommendations, which in truth is about all I can do, unless you can think of a way that I can indeed enforce it... I don't see the need given the users. My concern is not so much enforcing how the keys
16:13 < XanThaOs> are kept (they will do this willingly) but ensuring that they are safe from theft should their computer be stolen.
16:13 < XanThaOs> Which is why I will generate keys here, set the passwords myself (to ensure their strength) and put them on flash for them. Beyond that there is little I can do.
16:14 < XanThaOs> My issue with these users is not trust. if I had a trust issue they wouldn't be getting access
16:14 < XanThaOs> in fact there are a few that wanted access that I flatly denied because of trust issues
16:15 < XanThaOs> As far as getting the config and keys to them, that'll be done via sneakernet
16:16 -!- Paaltomo [~Paaltomo@75-119-249-227.dsl.teksavvy.com] has quit [Ping timeout: 272 seconds]
16:17 < XanThaOs> Now as far as the users keys and certs I don't need those do I? All that is necessary as that they are signed by my ca?
16:23 -!- gamer_592 [~Gamer@c-67-177-199-16.hsd1.co.comcast.net] has joined #openvpn
16:23 < gamer_592> !welcome
16:23 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
16:23 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
16:24 < gamer_592> !sk
16:24 < gamer_592> !ask
16:24 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
16:25 < gamer_592> i've got a fresh install of debian 8 that I am trying to get the openvpn to run on startup.  It isn't working.  I can start the service just fine "service openvpn start" and have the correct ca.crt, pass, and conf file for the vpn provider.  also /etc/default/openvpn has been updated with the autostart="all" uncommented
16:25 < XanThaOs> My goal is obvious and I did state my question. Is it necessary to have the user's key or cert on the openvpn server machine or is it only necessary that it is signed by the server's ca?
16:25 < XanThaOs> oh, sorry
16:26 -!- doop [~doop@colostomy.club] has left #openvpn []
16:26 < gamer_592> also /etc/openvpn/ contains the necessary .conf file, ca, and pass
16:27 < apollo13> gamer_592: are you using systemd?
16:28 < gamer_592> not sure if that's on by default in debian 8, I did install upstart to assist some other applications i'm starting on the box as well
16:28 < gamer_592> I haven't specifically done anything with systemd, is there a way to check that?
16:28 < XanThaOs> yea but before I open up this server for outside access I wanted to know if I can just keep all of the certificate management on another machine, preferredly a vm that I keep turned off except to sign or generate certificates, or if I have to do all the generation and signing on the same machine as the vpn server?
16:28 < apollo13> gamer_592: wtf, why would you need upstart?
16:28 < gamer_592> cause I'm a noob following some guides
16:28 < gamer_592> :-)
16:29 < gamer_592> and that's the config they provided
16:30 < gamer_592> apollo13, could that be causing a conflict?
16:30 < apollo13> dunno, you cannot use two init systems
16:30 < apollo13> that is for sure
16:30 < gamer_592> ah
16:36 < XanThaOs> Don't worry gamer_592 I'm in the same boat: new to openvpn and trudging forward on docs guides and help from the folks here
16:37 < gamer_592> XanThaOs, thank, i've been pouring over mailing lists, google searching till my eyes bleed and I guess I'm the only one having this problem...yeash, then again it could be the two init systems but everything on the box is fine, this is the last piece
16:38 < apollo13> well, first of figure out what you are actually using
16:38 < gamer_592> oh sweet jesus
16:38 < gamer_592> it worked
16:38 < XanThaOs> I wish I could help you on that one but it's over my head
16:38 < apollo13> if systemd check if the systemd openvpn generator is working properly, if yes look at the log files
16:38 < gamer_592> I made a upstart script for it and it executed correctly
16:39 < gamer_592> on bootup
16:39 < gamer_592> whew
16:39 < gamer_592> project complete!
16:39 < apollo13> upstart on a debian box *cough*
16:41 -!- somis [~somis@167.160.44.200] has quit [Ping timeout: 272 seconds]
16:42 < gamer_592> apollo13, i'm sure some day i'll understand why upstart on debian is a terrible idea, but thanks to you the vpn is starting on boot so thanks! :-)
16:42 < gamer_592> you got me looking in the right direction
16:42 -!- gamer_592 [~Gamer@c-67-177-199-16.hsd1.co.comcast.net] has quit [Quit: --> fucking finally]
16:51 < apollo13> cause upstart itself will soon be dead
16:55 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has joined #openvpn
17:06 -!- somis [~somis@70.38.6.185] has joined #openvpn
17:23 -!- AlmogBaku [~AlmogBaku@bzq-79-183-7-85.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:46 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
18:16 -!- cfuture [~xmg@ltea-047-066-070-086.pools.arcor-ip.net] has quit [Ping timeout: 272 seconds]
18:29 -!- weox [uid112413@gateway/web/irccloud.com/x-uognwgjfoytxnbnb] has joined #openvpn
18:40 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
18:59 -!- EmperorTom [~EmperorTo@108.61.229.148] has joined #openvpn
19:00 -!- EmperorTom is now known as _quadDamage
19:24 -!- dannier [~dannier@208.111.39.60] has quit []
19:31 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 250 seconds]
19:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
19:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
20:40 -!- Ryushin [chris@2001:5c0:1000:a::17b] has quit [Ping timeout: 250 seconds]
20:43 -!- somis [~somis@70.38.6.185] has quit [Quit: Leaving]
21:00 -!- Neal_ [~neal@felix.ineal.me] has quit [Quit: brb system upgrade]
21:02 -!- s7eele [~AndChat52@104.156.228.69] has quit [Read error: Connection reset by peer]
21:05 -!- s7eele [~AndChat52@104.156.228.108] has joined #openvpn
21:21 -!- Ryushin [chris@2001:5c0:1000:a::7f] has joined #openvpn
21:37 -!- Ryushin [chris@2001:5c0:1000:a::7f] has quit [Ping timeout: 240 seconds]
22:33 -!- Neal_ [~neal@felix.ineal.me] has joined #openvpn
22:35 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 250 seconds]
22:35 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 250 seconds]
22:37 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has quit [Ping timeout: 250 seconds]
22:37 -!- mystica555 [~mystica55@2602:3f:e045:ae00:a48b:b605:631c:6c46] has quit [Ping timeout: 250 seconds]
22:37 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
22:38 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
22:38 -!- mystica555 [~mystica55@2602:3f:e045:ae00:a48b:b605:631c:6c46] has joined #openvpn
22:39 -!- ender| [krneki@2a01:260:4094:1:42:42:42:42] has joined #openvpn
22:43 -!- roentgen_ [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
22:43 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-237-135.w86-195.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
23:05 -!- chamunks [chamunks@entityreborn.com] has quit [Quit: Don't worry I'm not gone yet.]
23:18 -!- hadi [~Instantbi@31.59.9.81] has quit [Quit: Instantbird 1.6a1pre -- http://www.instantbird.com]
23:28 -!- ShadniX [dagger@p5DDFEAD3.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:29 -!- ShadniX [dagger@p5DDFF64C.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- gardar [~gardar@82.221.78.13] has quit [Ping timeout: 245 seconds]
23:32 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:36 -!- gardar [~gardar@bnc.giraffi.net] has joined #openvpn
23:38 -!- Badimo [~Badimo@ppp-2-86-132-23.home.otenet.gr] has quit []
23:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
23:48 -!- lotharn1 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 256 seconds]
23:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
--- Day changed Mon Dec 14 2015
00:06 -!- cfuture [~xmg@p57924BD1.dip0.t-ipconnect.de] has joined #openvpn
00:31 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
00:33 -!- cfuture [~xmg@p57924BD1.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
00:53 -!- ayaz_ [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:54 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 272 seconds]
00:57 -!- cfuture [~xmg@128.90.14.101] has joined #openvpn
01:05 -!- cfuture [~xmg@128.90.14.101] has quit [Ping timeout: 256 seconds]
01:22 -!- weox [uid112413@gateway/web/irccloud.com/x-uognwgjfoytxnbnb] has quit [Quit: Connection closed for inactivity]
02:03 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
02:18 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 250 seconds]
02:26 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
02:44 -!- ustn [~ustn@p4FDB17A6.dip0.t-ipconnect.de] has joined #openvpn
03:05 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 256 seconds]
03:08 -!- zylinx [uid43406@gateway/web/irccloud.com/x-fhpqpwoyfcldrida] has joined #openvpn
03:11 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
03:20 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:44 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
03:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
03:50 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
03:51 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Client Quit]
03:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:37 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 272 seconds]
04:43 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
04:44 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:51 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 240 seconds]
04:55 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
04:57 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
05:00 -!- ustn [~ustn@p4FDB17A6.dip0.t-ipconnect.de] has quit [Quit: ustn]
05:01 -!- dazo_afk is now known as dazo
05:01 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:20 -!- ustn [~ustn@p4FDB17A6.dip0.t-ipconnect.de] has joined #openvpn
05:47 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:18 -!- ustn [~ustn@p4FDB17A6.dip0.t-ipconnect.de] has quit [Quit: ustn]
06:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:25 -!- iokill_ [~dave@pippin.sigma-star.at] has quit [Quit: leaving]
06:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:46 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:48 -!- henkie_ [~henkie@2ee3ea86.ftth.concepts.nl] has quit [Remote host closed the connection]
06:48 -!- iokill [~dave@pippin.sigma-star.at] has joined #openvpn
06:53 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:00 -!- clockers [~ariqs@dynamic-173-243-77-158.wirelessbroadband.galt.softcom.net] has quit [Ping timeout: 250 seconds]
07:05 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:17 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
07:25 -!- Ryushin [chris@2001:5c0:1000:a::18d] has joined #openvpn
07:39 -!- Ryushin [chris@2001:5c0:1000:a::18d] has quit [Ping timeout: 250 seconds]
07:43 -!- shiriru [~shiriru@77-85-10-215.btc-net.bg] has joined #openvpn
07:43 -!- shiriru [~shiriru@77-85-10-215.btc-net.bg] has quit [Client Quit]
07:44 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
07:50 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:51 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:52 -!- noodle [~noodle@c-73-225-53-64.hsd1.wa.comcast.net] has quit [Ping timeout: 260 seconds]
07:55 -!- noodle [~noodle@2601:601:600:fc0e:d250:99ff:fe84:56e8] has joined #openvpn
07:57 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
08:05 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 256 seconds]
08:10 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Ping timeout: 260 seconds]
08:11 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:12 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
08:12 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
08:12 < Paaltomo> good morning
08:21 <@ecrist> howdy
08:22 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 240 seconds]
08:26 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 245 seconds]
08:26 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
08:35 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
08:47 -!- Ryushin [chris@2001:5c0:1000:a::2dd] has joined #openvpn
08:48 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
08:53 -!- DMA [~dma@190.146.128.106] has joined #openvpn
09:03 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 272 seconds]
09:08 -!- underplank [~mlakewood@104.193.169-242.PUBLIC.monkeybrains.net] has joined #openvpn
09:12 -!- underplank [~mlakewood@104.193.169-242.PUBLIC.monkeybrains.net] has quit [Ping timeout: 240 seconds]
09:19 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
09:22 < XanThaOs> I am going to generate one key for admin whose ccd will include options not for other users. I am going to keep this key/cert pair strictly offline on a SD Card that I can put in the netbook and mount, so that even if this computer were to be stolen, that key would not be compromised. <cont>
09:24 < XanThaOs> As an added safeguard, is there a way I can generate this key with a password so that whenever I activate the openvpn client with this key/cert pair it will prompt me for a password before accessing it?
09:24 <@plaisthos> XanThaOs: pkcs12
09:24 <@plaisthos> or encrypted key
09:25 < XanThaOs> Is that built into openvpn and if so where and how do I generate the keys? Are there any server.conf requirements, and if so, can they be put into that user's ccd?
09:26 <@plaisthos> XanThaOs: that are openssl features
09:26 <@plaisthos> and openvpn will ask you for the password
09:30 < XanThaOs> Okay, so easy-rsa isn't going to have an option for generating the password protected key/cert pair? Can you recommend a good doc to show me the syntax and explain what it means?
09:38 <@plaisthos> XanThaOs: no idea about easy-rsa
09:38 <@plaisthos> just google for openssl and pkcs
09:38 <@plaisthos> 12
09:38 <@plaisthos> or openssl and encrypt key
09:39 <@plaisthos> you can use the key + cert from easy-rsa as input?
09:39 <@plaisthos> -?
09:40 -!- NucWin [~nucwin@unaffiliated/nucwin] has quit [Quit: ttfn]
09:40 < XanThaOs> I'll have to look at the docs, see if the keys have to be generated elsewhere and password protected by pkcs12
09:41 < XanThaOs> Or if pkcs12 can generate and password protect te key/cert pair in one step
09:42 -!- NucWin [~nucwin@unaffiliated/nucwin] has joined #openvpn
09:45 <@plaisthos> you can take key+ca+cert as input to generate a pkcs12
09:46 <@plaisthos> openssl pkcs12 -nodes -export -in $HOST.pem -inkey $HOST.key   -name "$HOST.blinkt.de" -out $HOST.p12
09:46 <@plaisthos> as example command line
10:06 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 250 seconds]
10:14 -!- ayaz_ is now known as ayaz
10:21 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
10:21 -!- HollowPoint [~quassel@62.255.245.182] has quit [Remote host closed the connection]
10:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:36 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
10:41 -!- Paaltomo [~Paaltomo@75-119-249-227.dsl.teksavvy.com] has joined #openvpn
11:05 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
11:10 -!- DrCode [~DrCode@5.28.134.3] has quit [Remote host closed the connection]
11:15 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
11:17 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Quit: por que no los dos]
11:21 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
11:28 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
12:03 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
12:06 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
12:07 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
12:12 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Quit: Ctrl-C at console.]
12:13 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
12:13 -!- mode/#openvpn [+o vpnHelper] by ChanServ
13:00 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
13:01 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
13:01 -!- zylinx [uid43406@gateway/web/irccloud.com/x-fhpqpwoyfcldrida] has quit [Quit: Connection closed for inactivity]
13:05 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac]
13:06 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
13:10 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
13:11 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
13:15 -!- cylon512 [~cylon512@nat2-nj01.vmpanel.net] has quit [Quit: leaving]
13:16 -!- cylon512 [~cylon512@nat2-nj01.vmpanel.net] has joined #openvpn
13:48 -!- dazo is now known as dazo_afk
14:14 -!- leo2007 [~leo2007@128.199.230.246] has quit [Ping timeout: 240 seconds]
14:21 -!- u0m3 [~u0m3@89.120.204.99] has quit [Read error: Connection reset by peer]
14:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:35 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
14:49 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:52 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Remote host closed the connection]
15:00 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
15:02 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:02 -!- mode/#openvpn [+o mattock2] by ChanServ
15:03 -!- __FBi [B@Aircrack-NG/User] has joined #openvpn
15:06 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Remote host closed the connection]
15:06 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
15:06 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:06 -!- mode/#openvpn [+o mattock2] by ChanServ
15:11 -!- rich0_ is now known as rich0
15:15 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
15:20 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
15:23 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Client Quit]
15:26 < Paaltomo> hay dods
15:26 < Paaltomo> *dods
15:26 < Paaltomo> *doods
15:26 < Paaltomo> anyone able to help me with this connection issue
15:26 < __FBi> yooo
15:26 < Paaltomo> >_>
15:26 < Paaltomo> nice hostname
15:27 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:28 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Remote host closed the connection]
15:28 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
15:28 -!- mode/#openvpn [+o mattock2] by ChanServ
15:29 -!- mattock2 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
15:33 -!- Paaltomo [~Paaltomo@75-119-249-227.dsl.teksavvy.com] has quit [Disconnected by services]
15:43 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
15:43 < Paaltomo> hey doods
15:43 < Paaltomo> how do i set a custom hostname on my server
15:43 < Paaltomo> now that i actually got it working
15:47 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Quit: It's 420 somewhere]
15:50 < __FBi> what hostname am I using today?
15:50 < __FBi> oh, he's gone
15:52 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
15:52 < Paaltomo> yo yo
15:52 < Paaltomo> got it working!
15:52 < Paaltomo> wabalubadubdub!
15:52 < Paaltomo> \\o
15:52 < Paaltomo> o//
15:52 < Paaltomo> is there a gui for linux tho?
15:52 < Paaltomo> also is it worth it installing access server on the server itself? ?+?
15:57 -!- M4rc3l [~xxx@unaffiliated/m4rc3l] has quit [Ping timeout: 255 seconds]
15:57 < __FBi> you pay for AS
15:57 -!- M4rc3l [~xxx@unaffiliated/m4rc3l] has joined #openvpn
15:58 < Paaltomo> whaaat
15:58 < __FBi> if you want login control, you can add FreeRadius
15:58 < Paaltomo> really, __FBi?
15:58 < Paaltomo> cool i'll check it out
15:58 < Paaltomo> thanks
16:12 < Paaltomo> hmmm
16:12 < Paaltomo> is it advisable or dumb to run a small irc server on the same box i'm running openvpn on
16:20 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has joined #openvpn
16:21 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
16:26 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has joined #openvpn
16:28 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Quit: It's 420 somewhere]
16:29 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
16:31 -!- leo2007 [~leo2007@2400:6180:0:d0::1f7:a001] has quit [Quit: happy hacking]
16:37 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Quit: It's 420 somewhere]
16:37 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
17:00 -!- Doyle [~Doyle@66.207.222.94] has joined #openvpn
17:02 -!- leo2007 [~leo2007@128.199.230.246] has joined #openvpn
17:04 -!- u0m3 [~u0m3@89.120.204.99] has quit [Read error: Connection reset by peer]
17:05 < Paaltomo> hey can i or even ~should~ i run a small irc server on a box that's running openvpn?
17:12 -!- Doyle [~Doyle@66.207.222.94] has quit [Ping timeout: 260 seconds]
17:16 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
17:27 -!- Doyle [~Doyle@184.151.178.251] has joined #openvpn
17:35 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
17:47 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:58 -!- Doyle [~Doyle@184.151.178.251] has quit [Read error: Connection reset by peer]
18:31 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has joined #openvpn
18:32 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has quit [Ping timeout: 250 seconds]
18:33 < anabain> I'm using openvpn in a dd-wrt router. Is there any chance to have wake-on-lan remotely through the vpn? I'm trying from an wol android app and it says the box's been woken but nothing happens actually. Any ideas?
18:34 < anabain> I want to be able to wake-on-lan my two linux boxes behind that router
18:38 -!- SupaYoshi [~SupaYoshi@104.223.1.186] has joined #openvpn
18:38 < subzero79> anabain, have you read the tutorials on how to make WOL work outside of the LAN?
18:38 < anabain> are there any?
18:38 < anabain> oh excuse, me
18:38 < anabain> I didn't know
18:39 < anabain> thanks, I'll have a look, subzero79
18:39 < subzero79> Does the android app of openvpn supports TAP?
18:40 < anabain> no, of course
18:41 < anabain> TAP on android is nearly a taboo
18:53 < subzero79> ok
18:55 < subzero79> well in openwrt i have this line at start up
18:55 < subzero79> ip neigh add 10.10.10.130 lladdr ff:ff:ff:ff:ff:ff nud permanent dev br-lan
18:56 < subzero79> 10.10.10.130 is an ip assigned to nobody in the LAN
18:56 < subzero79> so i send the magic packet over wan in a high port, then fwd that port to that IP at port 9
18:57 < subzero79> that wakes any device the magic packet corresponds
19:05 -!- TSS [TheSilverS@gateway/shell/bnc4free/x-qeiklpflqreziszc] has joined #openvpn
19:07 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:10 < anabain> subzero79, I got it!
19:10 < anabain> :)
19:11 < anabain> I followed this: http://www.dd-wrt.com/wiki/index.php/WOL
19:11 <@vpnHelper> Title: Wake-on-LAN (tutorial) - DD-WRT Wiki (at www.dd-wrt.com)
19:11 < subzero79> i have not tested this in openvpn, but it should work the same way
19:12 < anabain> both methods work:   1st) telnet/ssh on the router, obvious
19:13 < anabain> 2nd) port forwarding and adding an arp command also works
19:15 < anabain> subzero79, but the app I'm using "wake on lan" by mike webb, needs to be instructed a custom broadcast address, i.e., the one used on the dd-wrt configuration, e.g., 192.168.1.254
19:16 < anabain> by default this app uses 192.168.1.255, as expected
19:17 -!- DrCode [~DrCode@5.28.134.3] has quit [Ping timeout: 272 seconds]
19:18 < subzero79> anabain, the wol apps i have in my phone don't need to specify bcast address
19:20 < anabain> I'll try other apps, but at least I can be sure that this one works, it only needs this minor tweak
19:24 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
19:31 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
19:33 -!- artaslove [~sillyhead@unaffiliated/artaslove] has joined #openvpn
19:35 < artaslove> help! I'm trying to connect to openvpn with dd-wrt and on the server side I can see the connection attempts but I get a TLS handshake failed. I can connect to the openvpn server using the same keys using the windows client.
19:37 < artaslove> ddwrt was able to connect to an openvpn server running on openwrt just earlier today, but now I'm trying to connect to openvpn server running on a windows box. Please don't ask why.
19:38 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
19:40 < artaslove> I know the port is open and properly forwarded because the windows client can connect. If I disconnect the windows box and try to connect with the ddwrt client, using the same keys, I get a tls handshake failed
19:41 < artaslove> I'm in the process of making sure the client configurations are exactly the same. it looks like they are so far
19:43 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 250 seconds]
19:47 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
19:52 < artaslove> ddwrt client logs are filled with unroutable control packet received?
19:53 < anabain> subzero79, when I'm in the LAN without VPN, I have to revert to 192.168.1.255 on my phone app in order to get it working.
19:53 < artaslove> omg I have the time wrong?
19:57 < artaslove> yes. the time was wrong.
19:58 < artaslove> It connects.
19:58 < artaslove> Doh!!!!!!
19:58 -!- artaslove [~sillyhead@unaffiliated/artaslove] has left #openvpn ["foo"]
19:58 -!- Ryushin [chris@2001:5c0:1000:a::2dd] has quit [Ping timeout: 240 seconds]
20:35 -!- bittin [~luna@unaffiliated/bittin] has quit [Ping timeout: 245 seconds]
21:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
21:49 -!- s7r_ [~s7r@openvpn/user/s7r] has joined #openvpn
21:49 -!- mode/#openvpn [+v s7r_] by ChanServ
21:51 -!- s7r [~s7r@openvpn/user/s7r] has quit [Ping timeout: 240 seconds]
21:52 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 260 seconds]
22:02 -!- bdmc [~bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
22:18 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
22:27 -!- L3hvyn [~Lehvyn@unaffiliated/lehvyn] has joined #openvpn
22:28 -!- Netsplit *.net <-> *.split quits: Lehvyn
22:28 -!- L3hvyn is now known as Lehvyn
22:32 -!- Dr_Manhattan [~DrManhatt@gateway/vpn/privateinternetaccess/drmanhattan] has joined #openvpn
22:34 -!- weox [uid112413@gateway/web/irccloud.com/x-qmubcbbyykmfaofj] has joined #openvpn
22:35 -!- DrManhattan [~DrManhatt@unaffiliated/drmanhattan] has quit [Ping timeout: 272 seconds]
23:08 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
23:15 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
23:28 -!- ShadniX [dagger@p5DDFF64C.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:28 -!- ShadniX [dagger@p57941802.dip0.t-ipconnect.de] has joined #openvpn
23:31 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:48 -!- fling [~fling@fsf/member/fling] has joined #openvpn
23:49 < fling> I have a server with tap interface enabled. I'm trying to connect with an android device. Do I need to enable tun somehow?
23:58 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
--- Day changed Tue Dec 15 2015
00:06 < fling> I'm now running two servers.
00:06 -!- fling [~fling@fsf/member/fling] has left #openvpn []
00:19 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
00:45 -!- s7eele [~AndChat52@104.156.228.108] has quit [Ping timeout: 272 seconds]
00:46 -!- s7eele [~AndChat52@104.156.228.108] has joined #openvpn
01:41 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 256 seconds]
02:13 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has quit [Ping timeout: 272 seconds]
02:15 -!- Eagleman [~Eagleman@546BC6A7.cm-12-4d.dynamic.ziggo.nl] has joined #openvpn
02:26 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
02:27 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
03:03 -!- ibins [~moros@p20030062491E140102E04DFFFE35C6EB.dip0.t-ipconnect.de] has joined #openvpn
03:08 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:10 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
03:13 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 240 seconds]
03:26 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:58 < ibins> Is OpenVPN able to internally route packets to diffent clients, when they have been marked with iptables (-j MARK --set-mark 1)?
03:58 < ibins> Or does OpenVPN option --mark just mark all encrypted packets?
04:04 < apollo13> I think the latter
04:06 < ibins> Hm, unfortunate. This would be a solution to avoid the need for NAT in case the clients subnets are identical, wouldn't it?
04:08 < apollo13> ibins: so to get you right, you are trying to install routes to the subnets of two clients which are identical?
04:09 < ibins> yes
04:09 < apollo13> does the server need access to those subnets or just reply to them?
04:09 < apollo13> cause if the clients masquerades you should be fine
04:10 < ibins> All communication is initiated from the servers net. Unfortunatelly NAT (masquerading) is not an option, because there are crippled devices on the clients net, that do not work with NAT
04:24 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:29 < ibins> What I'm looking for ist something like the option --iroute in combination mit the clients common name
04:32 < apollo13> ibins: well you will need some kind of nat anyways
04:32 < apollo13> ibins: how would a client in the server net know what 192.168.0.1 means
04:32 < apollo13> or rather how would the server decide where to send it
04:32 < ibins> I would use static VPN IP addresses in combination with the clients ceritificates common name
04:33 < apollo13> so just add iroutes to the individual addresses
04:34 < apollo13> that said, your client still cannot specify a common name if it wants to access 192.168.0.1, tcp has no concept of that…
04:35 < apollo13> The following options are legal in a client-specific context: --push, --push-reset, --iroute, --ifconfig-push, and --config.
04:35 < apollo13> so just push the ips you want to access per client
04:35 < apollo13> if the ips still overlap you are out of luck I guess
04:37 < ibins> You are right, this seems to be a dead end.
04:37 < apollo13> and you are sure that a 1:1 nat does not work?
04:37 < apollo13> ie NETMAP in iptables sense
04:39 < ibins> NAT is definitelly out of the question, the stupid protocol of the devices mix IP and payload.
04:39 < ibins> The idea was:
04:40 < ibins> a host in the servers net wants to connect a device with IP 192.168.1.1
04:40 < ibins> Because all devices in the clients nets have the same IP the host has to set a route to the VPN IP address
04:41 < apollo13> "Because all devices in the clients nets have the same IP" wait what?
04:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
04:41 -!- mode/#openvpn [+o mattock1] by ChanServ
04:41 -!- mattock1 [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
04:41 < ibins> Addidtionally the host marks the packets, that he sends.
04:41 < apollo13> how can you have the same ip in one subnet
04:41 < apollo13> but it still does not know on whether to send 192.168.1.1 to client1 or client2
04:41 < ibins> Sorry, that i did to express very good.
04:41 < apollo13> where should it draw that information
04:42 < apollo13> btw which protocol are we talking about (the one mixing payload and ip proto)
04:42 < ibins> client 1 and client 2 are behind different VPN clients, so we should call them host a and host b behind OpenVPN client 1 and client 2
04:43 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
04:44 < apollo13> okay and host a and host b have the same ip just to make things hard, right?
04:44 < ibins> The devices are a customers device (some PLCs), that use the IP address again in the payload. So the originate sender of a packet has to put the IP address into the payload, too.
04:44 < ibins> Yes, perfeclty stupid :-)
04:44 < apollo13> well, you could write a proxy to retranslate those :D
04:44 < ibins> 8-)
04:44 < apollo13> or you could just run away in pain
04:45 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Client Quit]
04:45 < apollo13> which sounds like a valid option^^
04:45 < ibins> Other options would be:
04:45 < ibins> - using several OpenVPN servers that can be addressed under different ports
04:45 < apollo13> still does not help
04:45 < ibins> - using another tunnel through the OpenVPN tunnel
04:47 < ibins> True. This is all ugly. Apart from that: thank you for your time!
04:48 < apollo13> well, sitting in a university lecture anyways :D
05:21 -!- tdn [~tdn@62.198.234.11] has joined #openvpn
05:22 < tdn> I have created an udp and tcp openvpn server instance. I can connect just fine to tcp instance, however, when I connect to the udp instance, I get this error on the server log: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
05:22 < tdn> I have set up port forwarding of the 1194 port for both udp and tcp and have verified with netcat that the port forwarding does work and that the port appears open for both udp and tcp from the outside.
05:23 < tdn> Also, ovpn clearly receives packages from the client on the udp port, because otherwise there would not be any visible connect attempt in the server log, right?
05:26 < tdn> I have now tried changing the port to 1195 on the theory that ovpn might not be able to handle two instances on the same port number with different protocols. However, this does not make any difference.
05:27 < tdn> I have also tried changing the local ip address from the udp server instance from 10.8.0.0 to 10.9.0.0 (before both tcp and udp was on 10.8.0.0). This did not solve the problem either.
05:28 < tdn> I have also tried to disable the tcp server configuration (by renaming tcp.conf to tcp.conf.disabled and restarting services). This did not solve it.
05:28 < tdn> I hope you can help.æ
05:34 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
05:35 -!- dazo_afk is now known as dazo
05:36 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:41 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
05:50 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has quit [Remote host closed the connection]
05:59 -!- bdmc [~bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 250 seconds]
06:00 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has joined #openvpn
06:05 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
06:09 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 272 seconds]
06:16 -!- Ryushin [chris@2001:5c0:1000:a::2a5] has joined #openvpn
06:17 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
06:21 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:22 -!- Ryushin [chris@2001:5c0:1000:a::2a5] has quit [Ping timeout: 240 seconds]
06:25 < banco> tdn: check the port with netcat
06:26 < banco> tdn: 1. kill openvpn client&server 2. on server side run netcat -lu 1194 3. on client side run netcat -u server_ip 1194 then type something and press enter
06:38 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
06:39 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
06:40 < tdn> banco, yes, netcat works. I just tried again, however, I already tried earlier as I wrote above.
06:40 < tdn> banco, so the port is open.
06:41 < tdn> banco, also, if it wasnt open, there would not be anything in ovpn server log, correct?
06:52 -!- tytan [~mbeste@dslb-188-109-147-112.188.109.pools.vodafone-ip.de] has joined #openvpn
06:53 < tytan> Hello, everyone. I tried to install openvpnas on my debian 8.2 server. It seems to run but I can't reach any web interface for configuration. Do you know what to do? =/
06:53 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:54 -!- noecc [~irc@unaffiliated/noecc] has quit [Remote host closed the connection]
06:55 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
06:55 < banco> tdn: maybe your isp filter the OpenVPN traffic
06:56 < banco> !as
06:56 <@vpnHelper> "as" is Please go to #OpenVPN-AS for help with commercial products from OpenVPN Technologies, including Access  Server, OpenVPN Connect for iOS/Android, etc. Access Server is a  commercial product, different from open source OpenVPN
07:01 < banco> tdn: maybe try to connect to the UDP openvpn server via TCP openvpn tunnel to check it?
07:07 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
07:10 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds]
07:10 -!- mattock_ is now known as mattock
07:12 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:17 < tytan> banco: oh, sorry ^^ have a nice day then :)
07:24 -!- nox-Hand [658d7abc@gateway/web/cgi-irc/kiwiirc.com/ip.101.141.122.188] has joined #openvpn
07:25 -!- zylinx [uid43406@gateway/web/irccloud.com/x-hsemjzbdmxwhybij] has joined #openvpn
07:25 < nox-Hand> Hello, guys!  I've been running OpenVPN happily in a FreeBSD jail for a long time. The other day, I made a backup of my router settings and set about working to set up an alternate VPN on that. After eventually deciding against it, I reverted my settings to the original. My router had also buggered up (not liking the load of running an OpenVPN serv
07:25 < nox-Hand> er) so the revert fixed me up.
07:26 < nox-Hand> Issue: My OpenVPN client in the FreeBSD jail now will not connect. I am getting an error: FreeBSD ifconfig failed: external program exited with error status: 1
07:28 < nox-Hand> Not entirely sure where to search first.
07:29 -!- cylon512 [~cylon512@nat2-nj01.vmpanel.net] has quit [Remote host closed the connection]
07:29 -!- cylon512 [~cylon512@nat2-nj01.vmpanel.net] has joined #openvpn
07:30 -!- tytan [~mbeste@dslb-188-109-147-112.188.109.pools.vodafone-ip.de] has quit [Quit: Konversation terminated!]
07:33 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
07:35 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Client Quit]
07:36 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:37 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
07:38 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:44 < tdn> banco, no filtering of UDP
07:45 < tdn> banco, it appears that it was a routing problem on the server.
07:45 < tdn> banco, so the server received packets from client. But it could not send packets back to client.
07:45 < tdn> banco, now it works.
07:45 -!- Ryushin [chris@2001:5c0:1000:a::10f] has joined #openvpn
07:48 -!- ibins [~moros@p20030062491E140102E04DFFFE35C6EB.dip0.t-ipconnect.de] has left #openvpn ["Verlassend"]
07:55 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:59 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
08:00 -!- Denial- [~Denial@81.141.7.174] has joined #openvpn
08:02 -!- Denial [~Denial@81.141.7.174] has quit [Ping timeout: 272 seconds]
08:07 -!- grttgedz [~DrManhatt@gateway/vpn/privateinternetaccess/drmanhattan] has joined #openvpn
08:09 < nox-Hand> I made the mistake of asking my VPN provider. They were all like "FreeBSD?"...
08:10 -!- Dr_Manhattan [~DrManhatt@gateway/vpn/privateinternetaccess/drmanhattan] has quit [Ping timeout: 256 seconds]
08:16 -!- Capprentice [Capprentic@103.43.83.22] has joined #openvpn
08:21 -!- goldkatze [~nobody@unaffiliated/goldkatze] has joined #openvpn
08:25 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
08:27 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
08:27 -!- goldkatze [~nobody@unaffiliated/goldkatze] has left #openvpn []
08:28 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
08:36 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
08:44 < Paaltomo> nox-Hand, that's funny :4
08:46 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
08:47 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
08:55 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
08:58 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
09:17 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:25 -!- julianoliver [~julian@202.66.238.89.in-addr.arpa.manitu.net] has joined #openvpn
09:27 < julianoliver> on one of my openvpn servers i use a 10.10.12.0 network and for some reason all my clients are being set '/sbin/ifconfig tun0 10.10.12.6 pointopoint 10.10.12.5' rather than 10.10.12.1. as such 10.10.12.5, which can't be pinged, is sprinkled through my routing table. how can i stop this?
09:30 < julianoliver> similarly, the route command pushes this weird 10.10.12.5 into my routing table: '/sbin/route add -net 10.10.12.1 netmask 255.255.255.255 gw 10.10.12.5'
09:37 < banco> !net30
09:37 <@vpnHelper> "net30" is "/30" is (#1) http://openvpn.net/index.php/documentation/faq.html#slash30 explains why routed clients each use 4 ips, or (#2) you can avoid this behavior with by reading !topology
09:38 < banco> julianoliver: check the topology option
09:39 -!- DMA [~dma@190.146.128.106] has joined #openvpn
09:39 < julianoliver> great, thanks
09:40 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
09:40 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
09:47 <@ecrist> julianoliver: you're seeing the net30 behavior, as banco indicated.
09:47 <@ecrist> you won't be able to ping the assigned gateway IP, but you will be able to ping the .1 address.
09:48 <@ecrist> It's an odd manifestation.  topology subnet is a better way to handle this, and allows better use of the IP space.
09:49 -!- unix4linux [4b701526@gateway/web/freenode/ip.75.112.21.38] has joined #openvpn
09:49 < julianoliver> ecrist: banco it's working great now. thanks
09:50 < julianoliver> had me totally baffled
09:52 < julianoliver> great thing now is i have a 'sheathed' VPN over 'stunnel', nice and performant on many OpenVPN/OpenWrt clients
09:52 < julianoliver> virtually undetectable by DPI
09:56 < unix4linux> I get "SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure". Looking at my mobile client (OpenVPN for Android), the instructions say that if I get that error, that I should go to my server settings and add "DEFAULT:!EXP:!PSK:!SRP:!kRSA"
09:56 <@plaisthos> anabain: more lack of interest :)
09:56 < unix4linux> where on the server would I add that entry?
09:56 <@plaisthos> anabain: could be coded in a day or day if you really wanted
09:56 <@plaisthos> (And already know ARP, NDP and OpenVPN source code)
09:57 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Quit: WeeChat 1.3]
10:00 -!- pirx [~akol@h-2-241.a230.priv.bahnhof.se] has joined #openvpn
10:02 < pirx> hello! i have an openvpn server that used to work fine. i think it quit working after an OS upgrade (ubuntu 14.04). but it might also have bee some other change:) i can connect fine from linux computers and with viscosity-clients, but the traffic is not routed
10:03 < pirx> when i do 'tcpdump -i tap0' on the server i can see the traffic from the clients
10:03 < pirx> but when i tcpdump on interface vlan3 (public internet) then i see nothing
10:04 < pirx> right now i tried:  iptables -A FORWARD -j ACCEPT --in-interface tun0 --out-interface vlan3
10:04 < pirx> but no packets exit on vlan3
10:04 < pirx> so the question is
10:05 < pirx> if a client connects just fine, it should only be a matter of allowing traffic with iptables?
10:05 < pirx> (the openvpn server is a router for several vlans, and all that routing works fine)
10:05 -!- s7eele [~AndChat52@104.156.228.108] has quit [Remote host closed the connection]
10:06 < pirx> i have in server.conf:   server 10.10.2.0 255.255.255.0
10:06 < pirx> and the client cant even ping 10.10.2.1
10:07 < pirx> any suggestions?
10:08 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Read error: Connection reset by peer]
10:09 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
10:13 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Client Quit]
10:14 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
10:24 < banco> pirx: is it tap0 or tun0?
10:27 < banco> pirx: if you can't ping the server from the client then check your fw first
10:30 -!- sillysausage [~sillysaus@93.115.83.37] has joined #openvpn
10:42 -!- sillysausage [~sillysaus@93.115.83.37] has quit [Quit: WeeChat 1.3]
10:50 -!- magbo [~sweater@balticom-142-125-56.balticom.lv] has joined #openvpn
10:53 < magbo> Greetings, beautiful people! I require to offload authentication and authorization from OpenVPN certificate infrastructure to another AA infrastructure. For instance, ssh's authorized_keys. Is it possible to do that via config?
10:58 -!- s7r_ is now known as s7r
11:00 < magbo> My end goal is to have a very-very dynamic, yet simple access control to the VPN. Client machine hits an Overlord server over SSH, if it gets to execute ssh-command, it receives an IP address of a Drone server, which has exactly the same authorized_keys as the Overlord and allows the client iff it is mentioned there.
11:04 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Read error: Connection reset by peer]
11:04 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
11:17 -!- toothe [~awiggin@unaffiliated/toothe] has joined #openvpn
11:17 < toothe> I keep getting intermitted disconnections on my OpenVPN tunnel
11:17 < toothe> I have verb set to 5, but I don't see anything out of the ordinary besides this:
11:17 < toothe>  SIGUSR1[soft,connection-reset] received, process restarting
11:32 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
11:35 < JagaJaga> Hello! Client has certificates to access openvpn server. But can I make also a layer of authorization by ssh keys?
11:36 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:38 -!- HollowPoint [~quassel@62.255.245.182] has quit [Remote host closed the connection]
11:46 < toothe> fixedi t...
11:46 < toothe> i don't believe openvpn uses ssh....
11:49 < JagaJaga> I need some kind of double auth :(
11:51 < pipework> JagaJaga: Um, why not just issue certificates per user?
11:52 < pipework> I mean, if you issue certs to them anyways, and they route to a box that they SSH into, you can configure the box like you would if it weren't on the VPN so..
11:52 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
11:57 < JagaJaga> pipework: I've already issued certs, but I need to create a system for blocking users. My idea is to accept clients after they successfuly passed ssh (they can pass it only if their public keys are added to server)
11:57 < pipework> JagaJaga: Why not just drop the cert if you need to 'block' it?
11:57 < JagaJaga> pipework: can I unblock it in future?
11:57 < pipework> Or only let them access a subset or another set of things?
11:58 < pipework> JagaJaga:
11:58 < pipework> http://stackoverflow.com/questions/281741/revoke-openvpn-access
11:58 <@vpnHelper> Title: Revoke OpenVPN Access - Stack Overflow (at stackoverflow.com)
11:59 < JagaJaga> pipework: I don't need to restart openvpn server to manage users?
11:59 < pipework> JagaJaga: probably a reload if anything
12:00 < JagaJaga> pipework: so that will hurt a connection of existing users?
12:01 < pipework> JagaJaga: I don't think it will, give it a go.
12:01 < JagaJaga> pipework: thank you.
12:01 < pipework> JagaJaga: Good luck!
12:01 < JagaJaga> pipework: ^_^
12:11 -!- zylinx [uid43406@gateway/web/irccloud.com/x-hsemjzbdmxwhybij] has quit [Quit: Connection closed for inactivity]
12:12 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
12:46 -!- magbo [~sweater@balticom-142-125-56.balticom.lv] has left #openvpn ["WeeChat 1.1.1"]
12:51 -!- Ryushin [chris@2001:5c0:1000:a::10f] has quit [Ping timeout: 240 seconds]
13:25 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
13:37 -!- pcex [4623c496@gateway/web/freenode/ip.70.35.196.150] has joined #openvpn
13:40 < pcex> Hello. When looking at the server and client logs, should the Socket Buffers be the same number on each?
13:40 < pcex> For example, server:Socket Buffers: R=[87380->131072] S=[87380->131072]  and client:R=[87380->131072] S=[16384->131072]
13:43 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
13:46 < pcex> let me rephrase my question: If I force teh same sndbuf and rcvbuf on both client and server, shouldn't at least the min value be the same?
13:59 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
14:03 -!- cayspekko [~dapplegat@216-64-128-1.static.twtelecom.net] has joined #openvpn
14:09 < cayspekko> Hi. Is there a way to get OpenVPN to check the kernel routing table to know where to forward a client packet without the need for --iroute?  I'm trying to get a 'road warrior' type configuration where connecting clients are routers. These routers run a routing protocol (iBGP) to populate the server's routing table for networks behind the client.  Since I don't know these routes ahead of time I can't use --iroute.  However, each rout
14:15 -!- unix4linux [4b701526@gateway/web/freenode/ip.75.112.21.38] has quit [Ping timeout: 252 seconds]
14:22 < pcex> cayspekko: I'm just a newb but I'll through out something... don't you need only iroute for your routers (the client) so they can talk to each other? Then your routes can be distributed via your routing protocol
14:23 < Thermi> iroutes are needed for openvpn to know where packets with whatever IP go where
14:23 < Thermi> You could use layer 2 tunneling, so you don't have to deal with iroutes
14:24 < cayspekko> suppose layer 2 tunneling is not an option (too much overhead) is it possible for openvpn to dynamically learn iroutes?
14:24 < Thermi> addressing is done via MAC addresses, so I don't think iroutes are needed. But I could be wrong.
14:24 < Thermi> Look at the man page, especially the management port
14:26 < cayspekko> Ah thanks for the tip about management port
14:27 < Thermi> I looked at the text file describing the management protocol and couldn't find any remarkable mention of the iroute term
14:35 < cayspekko> I notice you can specify plugins. Perhaps that could be useful.
14:47 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:52 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
15:00 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
15:08 < cayspekko> Can you "push" iroutes to the server from a client?
15:10 < banco> cayspekko: no
15:12 < apollo13> cayspekko: that would be quite a security nightmare :D
15:14 < banco> cayspekko: well, if you don't mind any security issues and you trust every client, then you can just give the access to the ccd files on server to the corresponding client
15:14 < cayspekko> Well, the end goal is to use routing protocols over openvpn server/client, so I'm already trusting routes from clients.
15:14 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
15:15 < cayspekko> can you modify ccd files without reconnecting to the server?
15:15 < apollo13> no
15:15 < apollo13> well yes, but it won't have any effect
15:17 -!- dazo is now known as dazo_afk
15:20 < cayspekko> Thanks for the help!
15:20 -!- cayspekko [~dapplegat@216-64-128-1.static.twtelecom.net] has left #openvpn []
15:29 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
15:30 -!- failshell [~failshell@modemcable094.190-201-24.mc.videotron.ca] has joined #openvpn
15:31 < failshell> my google fu is failing me. is it possible to append DNS servers instead of completely override /etc/resolv? id like to leave whatever is local and add the one im pushing
15:32 < apollo13> failshell: that is what network-manager and my openvpn scripts do here by default
15:32 < failshell> all my clients are on OSX. what are your scripts doing?
15:33 < apollo13> well the standard update-resolvconf script shipped with openvpn
15:34 < banco> oh, actually, it's possible to push iroute from client to server, it can be done with --push-peer-info and UV_<name>=<value> client enviroment variables, then these variables can be parsed in the --client-connect script and then pass dynamically generated config file directives back to OpenVPN
15:35 < apollo13> wow
15:36 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
15:37 -!- failshell [~failshell@modemcable094.190-201-24.mc.videotron.ca] has quit []
15:49 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-237-135.w86-195.abo.wanadoo.fr] has joined #openvpn
15:54 -!- julianoliver [~julian@202.66.238.89.in-addr.arpa.manitu.net] has quit [Ping timeout: 260 seconds]
16:04 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
16:04 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
16:06 -!- pcex [4623c496@gateway/web/freenode/ip.70.35.196.150] has quit [Ping timeout: 252 seconds]
16:13 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
16:18 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
16:20 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
16:29 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
16:31 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
16:36 < pirx> banco: sorry, i wrote wrong there on one line. its tun0
16:36 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Client Quit]
16:40 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Ping timeout: 256 seconds]
16:46 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
16:49 < banco> pirx: that's most likely the fw issue, try to flush the rules and check again:
16:49 < banco> iptables -F
16:49 < banco> iptables -P INPUT ACCEPT
16:49 < banco> iptables -P FORWARD ACCEPT
16:49 < banco> iptables -P OUTPUT ACCEPT
16:51 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
16:52 < pirx> i see that openvpn creates a tap0 interface. has it always done that? because the server also has a vlan-interface specified that also has the same ip-range (10.10.2.0/24)
16:52 < pirx> when i remove that vlan interface and do forward accept on everything, it works
16:53 < pirx> so its something with the interface/iptables, thats for sure
16:53 < pirx> banco: thanks
16:59 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
17:05 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Read error: Connection reset by peer]
17:08 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
17:12 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Client Quit]
17:25 -!- NickelSpike [~textual@72.45.3.179] has joined #openvpn
17:26 -!- NickelSpike [~textual@72.45.3.179] has quit [Max SendQ exceeded]
17:28 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
17:39 -!- wazaptr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 260 seconds]
17:56 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
18:07 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
18:14 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
18:16 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-237-135.w86-195.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
18:18 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-45-121.w86-195.abo.wanadoo.fr] has joined #openvpn
18:25 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
18:25 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 240 seconds]
18:33 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
18:39 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Remote host closed the connection]
19:11 < autrilla> How do I tell ovpn on windows (client) to route all traffic through the VPN?
19:19 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:23 < subzero79> autrilla, put redirect-gateway def1 in the server or in the client config
19:24 < autrilla> subzero79: yeah, that's there already. I'm starting it as administrator now, it couldn't add routes before. However, I don't get an internet connection when openvpn is running.
19:24 < subzero79> well can you ping the vpn gateway?
19:25 < autrilla> subzero79: yep, it's on 10.8.0.1, and I can ping it
19:25 < subzero79> good.
19:25 < subzero79> can you ping 8.8.8.8?
19:28 < autrilla> subzero79: nope
19:28 < autrilla> oh, wait
19:29 < autrilla> I turned off firewalld on my server'
19:29 < subzero79> do you have control of the vpn server?
19:29 < autrilla> Yes, I think I know what's uo
19:29 < autrilla> up
19:29 < subzero79> is a linux server?
19:29 < autrilla> yeah centos 7
19:29 < autrilla> I stopped firewalld before
19:30 < autrilla> I have to start it up again :)
19:30 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:30 < autrilla> Yup, working now
19:35 < subzero79> good
20:18 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
20:23 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
20:28 -!- grttgedz [~DrManhatt@gateway/vpn/privateinternetaccess/drmanhattan] has quit [Ping timeout: 260 seconds]
20:31 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 272 seconds]
20:36 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
20:37 -!- Capprentice [Capprentic@103.43.83.22] has quit [Ping timeout: 240 seconds]
20:38 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
20:56 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
21:14 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
21:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:32 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
21:43 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
21:57 -!- wazaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
22:31 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Quit: It's 420 somewhere]
22:40 -!- Ztjuh [~Ztjuh@4dafbfd6.ftth.telfortglasvezel.nl] has joined #openvpn
22:40 < Ztjuh> !welcome
22:40 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
22:40 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
22:41 < Ztjuh> !goal
22:41 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
22:42 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
22:43 -!- Ztjuh [~Ztjuh@4dafbfd6.ftth.telfortglasvezel.nl] has quit [Quit: too tired right now maybe back tomorrow]
22:49 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
22:50 -!- linuxdevman [~chatzilla@208.167.254.70] has joined #openvpn
22:54 -!- linuxdevman [~chatzilla@208.167.254.70] has quit [Quit: oui]
22:55 -!- linuxdevman [~chatzilla@208.167.254.70] has joined #openvpn
23:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
23:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:16 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
23:27 -!- ShadniX [dagger@p57941802.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:28 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
23:29 -!- ShadniX [dagger@p5481DDA5.dip0.t-ipconnect.de] has joined #openvpn
23:32 -!- weox [uid112413@gateway/web/irccloud.com/x-qmubcbbyykmfaofj] has quit [Quit: Connection closed for inactivity]
23:41 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:50 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
--- Day changed Wed Dec 16 2015
00:30 -!- Ryushin [~Ryushin@246.sub-70-199-98.myvzw.com] has joined #openvpn
00:51 -!- tomflint [~tomflint@unaffiliated/tomflint] has joined #openvpn
01:04 -!- Ryushin [~Ryushin@246.sub-70-199-98.myvzw.com] has quit [Ping timeout: 255 seconds]
01:06 -!- hays [~quassel@unaffiliated/hays] has quit [Ping timeout: 244 seconds]
01:08 < tomflint> so -- how can I create a second user for openvpn?
01:19 < tomflint> gah. much easier than I thought it would be. :) Night, folks
01:19 -!- tomflint [~tomflint@unaffiliated/tomflint] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
01:24 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
01:26 -!- Ofloo [ofloo@narf.ofloo.net] has joined #openvpn
01:27 < Ofloo> hi, is there some documentation on how to setup ipv6 on an tap interface i've bot IPv4 working but now i wana add IPv6 to it but there doesn't seem much information about this.
01:32 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
01:39 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
01:43 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 240 seconds]
01:47 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
01:54 -!- Changer90 [~quassel@217.160.177.68] has joined #openvpn
01:55 -!- Changer90 [~quassel@217.160.177.68] has left #openvpn ["http://quassel-irc.org - Chat comfortably. Anywhere."]
02:12 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
02:13 < hid3> Hello. Is it possible to use OpenVPN server with user/password combinations? I recall some time ago it was certificate based...
02:15 < banco> hid3: yes, it's possible:
02:15 < banco> https://openvpn.net/index.php/open-source/documentation/howto.html#auth
02:15 <@vpnHelper> Title: HOWTO (at openvpn.net)
02:22 < hid3> excellent, thanks a lot
02:44 < Ofloo> ifconfig-ipv6 doesn't add an ip to the interface is that normal?
02:58 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:59 < nox-Hand> Hey guys, was in yesterday with an issue I didn't get resolved (sorry if anyone wrote back, I dropped off later and my backlog wasn't long enough to scroll back to yesterday) - might anyone know where to start in troubleshooting "FreeBSD ifconfig failed: external program exited with error status: 1"?
02:59 -!- Ofloo [ofloo@narf.ofloo.net] has quit [Ping timeout: 240 seconds]
02:59 < nox-Hand> FreeBSD jail, was working until I reset stuff on my router (and restored to previously working config again). Had been fiddling with openvpn server on the router, but reverted back.
03:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
03:05 -!- nox-Hand [658d7abc@gateway/web/cgi-irc/kiwiirc.com/ip.101.141.122.188] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
03:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:14 -!- nox-Hand [b49158a9@gateway/web/cgi-irc/kiwiirc.com/ip.180.145.88.169] has joined #openvpn
03:14 -!- shio [~shio@129.121.101.84.rev.sfr.net] has quit [Ping timeout: 272 seconds]
03:16 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
03:40 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
03:43 -!- akurilin [~alex@208.80.70.250] has quit [Ping timeout: 250 seconds]
03:55 -!- dazo_afk is now known as dazo
03:55 < tdn> I have this option in my server configuration: ifconfig-pool-persist ipp.txt     I have multiple server instances (tcp, udp, various port numbers) should I then use a different ipp.txt for each instance? Or can they share the same?
04:00 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
04:01 -!- akurilin [~alex@208.80.70.250] has joined #openvpn
04:04 -!- shio [marmottin@129.121.101.84.rev.sfr.net] has joined #openvpn
04:06 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
04:07 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
04:14 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:20 -!- lbft [~lbft@unaffiliated/lbft] has quit [Ping timeout: 260 seconds]
04:21 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
04:25 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has joined #openvpn
04:34 <@dazo> tdn: it must be a different file ... otherwise each process will overwrite changes from the other ones
04:41 < marlinc> I have a OpenVPN server using a tap device. I'd like to see the traffic that flows between the clients using things like tcpdump on tap. Would that be possible?
04:47 -!- lbft [~lbft@unaffiliated/lbft] has joined #openvpn
04:56 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
04:57 < nox-Hand> My connection issue is resolved. A config file was calling on the wrong tun interface... Thanks though! :)
05:04 -!- nox-Hand [b49158a9@gateway/web/cgi-irc/kiwiirc.com/ip.180.145.88.169] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
05:07 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
05:09 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:14 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 246 seconds]
05:18 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
05:24 -!- yoavz [yoavz@yoavz.net] has quit [Read error: Connection reset by peer]
05:27 -!- yoavz [yoavz@yoavz.net] has joined #openvpn
05:28 < marlinc> I have a OpenVPN server using a tap device. I'd like to see the traffic that flows between the clients using things like tcpdump on tap. Would that be possible?
05:41 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
05:53 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:00 -!- ustn [~ustn@p4FDB0DCB.dip0.t-ipconnect.de] has joined #openvpn
06:01 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
06:03 -!- somis [~somis@167.160.44.201] has joined #openvpn
06:20 -!- davekbv [~davekbv@212.225.125.94] has joined #openvpn
06:22 -!- davekbv [~davekbv@212.225.125.94] has quit [Quit: Leaving]
06:26 < tdn> dazo, ok
06:26 < hid3> Is there any OpenVPN repository for debian which I could add to my sources.list and that way keep the openvpn up to date?
06:27 <@dazo> marlinc: yes, that is possible ... just use tcpdump -i tap0 ... or whatever your tap interface is called
06:28 <@dazo> hid3: I believe that the debian releases are quite up-to-date, at least when it comes to security and bug fixes .... agi (the package maintainer) is fairly good at keeping openvpn in good shape on deb
06:29 <@dazo> hid3: if you want a bleeding edge version of openvpn, then you might loose the stability debian packages may offer ... but here's at least a repository for deb with more bleeding edge stuff, but I dunno how updated it is: https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
06:29 <@vpnHelper> Title: OpenvpnSoftwareRepos – OpenVPN Community (at community.openvpn.net)
06:34 -!- Ryushin [~Ryushin@246.sub-70-199-98.myvzw.com] has joined #openvpn
06:34 < hid3> Well, that page says it's only for Debian 7
06:34 < hid3> I have Debian 8
06:35 < hid3> also, the HTTP listing contains only wheezy directory, no jessie
06:35 < hid3> and from the page I've downloaded and installed openvpn-as 2.0.21-Debian8
06:37 <@dazo> openvpn-as is not provided by the community at all ... that's a commercial product
06:37 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:41 -!- Ryushin [~Ryushin@246.sub-70-199-98.myvzw.com] has quit [Ping timeout: 240 seconds]
06:53 < hid3> hm...
06:54 < hid3> the features look really neat
06:54 < hid3> web interface, etc
06:54 < hid3> licensed for 2 connections
07:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
07:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:16 -!- ustn [~ustn@p4FDB0DCB.dip0.t-ipconnect.de] has quit [Quit: ustn]
07:27 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:32 < marlinc> dazo, it only shows the traffic going to the server's IP itself. Not the traffic that flows between the clients
07:32 < marlinc> That's why I'm asking :)
07:50 <@dazo> marlinc: then you have some troubles with routing or firewalling
07:53 < marlinc> We do have 'client-to-client' in the config
07:55 <@dazo> marlinc: ahh, that might be a game changer ... but I honestly don't remember now if that did not have effect on tun or tap configurations, but I vaguely something here
07:55 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
07:57 -!- ustn [~ustn@p4FDB0DCB.dip0.t-ipconnect.de] has joined #openvpn
08:02 -!- Ofloo [ofloo@narf.ofloo.net] has joined #openvpn
08:02 < Ofloo> hi
08:02 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 272 seconds]
08:02 < Ofloo> how do i assign an IPv6 on a tap interface
08:02 < Ofloo> automaticly
08:02 <@dazo> !ipv6
08:02 <@vpnHelper> "ipv6" is (#1) The wiki has IPv6 details: https://community.openvpn.net/openvpn/wiki/IPv6 or (#2) The manpage contains info about IPv6 features present in 2.3+: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ
08:03 <@dazo> Ofloo: ^^^
08:03 < Ofloo> thank you
08:03 < Ofloo> hmm
08:03 < Ofloo> can i use that in tap
08:03 < Ofloo> tun-ipv6
08:03 <@dazo> tap is supported as well as tun
08:03 <@dazo> tun-ipv6 is to tell openvpn to tunnel ipv6
08:04 < Ofloo> ok
08:04 < Ofloo> so basicly it's for both tun and tap
08:04 <@dazo> actually, I don't know if tun-ipv6 is needed at all in tap mode ... but don't recall the details ... I've used IPv6 on both tun and tap
08:04 < Ofloo> can i add proto udp6 in config with proto udp
08:04 < Ofloo> dazo, i got the ipv6 part working
08:04 < Ofloo> only problem is that i staticly assigned the ipv6
08:05 < Ofloo> asside from that everything works fine
08:05 <@dazo> if you want to enable ipv6 connectivity (clients connecting to server over ipv6) .... udp6 will listen to both ipv4 and ipv6 in parallel
08:05 < Ofloo> i'm just wondering how i can assign ipv6 to the interfaces automaticly
08:05 <@dazo> (unless you use --local)
08:05 < Ofloo> i use local
08:05 < Ofloo> cause it's on a jail server
08:05 < Ofloo> so can't not use local
08:06 <@dazo> nope, then it'll listen to only a single IP address
08:06 < Ofloo> but is there a way to assign an ip to the tap interface
08:06 <@dazo> --server-ipv6
08:06 < Ofloo> ic
08:06 < Ofloo> both works in tap and tun?
08:07 <@dazo> there's also ifconfig-ipv6 too ... but if you use --server-ipv6 ... it pushes IPv6 addresses within that prefix to clients automatically too
08:07 < Ofloo> i use ifconfig-ipv6 fc00::/64 ::
08:07 < Ofloo> but that doesn't do anything
08:07 < Ofloo> tried fc00::1/64 as well
08:08 < Ofloo> well it does something
08:08 < Ofloo> it adds a route in freebsd to tap0
08:08 < Ofloo> it's not nothing
08:08 < Ofloo> but that's all it does
08:08 <@dazo> I've never tried such addresses, I've always used public IPv6 addresses .... to avoid the NAT mess
08:08 < Ofloo> well for me it's just to reroute internal network connections
08:10 < Ofloo> tried doing it with routeable ipv6 but for some reason that always went wrong
08:10 <@dazo> !logs
08:10 <@vpnHelper> "logs" is (#1) please pastebin your logfiles from both client and server with verb set to 4 (only use 5 if asked) or (#2) In the Windows client(OpenVPN-GUI) right-click the status icon and pick View Log or (#3) In the OS X client(Tunnelblick) right-click it and select Copy log text to clipboard or (#4) if you dont know how to find your logs, see !logfile
08:10 <@dazo> !configs
08:10 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
08:12 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 260 seconds]
08:13 < Ofloo> http://pastebin.com/kjiykjVK
08:13 < Ofloo> that's the servers config
08:18 <@dazo> oh dear ... do bridging ... that is a show stopper
08:18 <@dazo> why do you bridge?
08:18 < Ofloo> because it's in jail
08:18 <@dazo> no reason
08:18 < Ofloo> em0 => bridge0 < epairs
08:19 < Ofloo> i mean on a jail
08:19 <@dazo> you can do routing
08:19 < Ofloo> hmm
08:19 < Ofloo> so i don't need to bridge?
08:19 <@dazo> I highly doubt so
08:19 < Ofloo> when would i bridge ?
08:20 <@dazo> out of closer to a 1000 openvpn setups I've seen over the years ..... 2 or 3 setups needed to use bridge
08:20 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
08:20 <@dazo> you want to bridge when VPN clients and LAN needs to be on the same broadcast domain
08:20 < Ofloo> hmm so you're saying i'm better of just using server
08:20 < Ofloo> and server-ipv6
08:20 <@dazo> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
08:20 <@vpnHelper> Title: BridgingAndRouting – OpenVPN Community (at community.openvpn.net)
08:20 <@dazo> yesh
08:20 < Ofloo> i'll give it a shot
08:21 < Ofloo> bbs
08:22 <@dazo> Ofloo: the most common setup us tun+routing ... and that gives a big benefit in regards to tunnel overhead as well ... much less broadcast noise, so it can perform far better
08:22 <@dazo> in addition, only IP packets are transferred ... so you save the overhead of the Ethernet headers in the tunnel
08:23 < Ofloo> the reason i did tap was because i wanted to transport brigde an ip
08:24 <@dazo> yeah, and bridges requires tap ... but doing bridging, that isn't a job for the faint hearted .... those who knows when they need it, seldom appear here ... as they are truly network pros
08:24 <@dazo> (the kind of people who eats ethernet packets raw for breakfast)
08:25 < Ofloo> hehe
08:25 < Ofloo> well what i wanted to do was i have /28 on dedicated server
08:25 < Ofloo> and i wanted to route over vpn to my localnetwork
08:26 < Ofloo> and give a server an ip out of the /28
08:26 < Ofloo> i figur that would require bridge
08:26 < Ofloo> sound probably a lot harder then it is
08:26 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
08:26 < Ofloo> but first things first
08:26 < Ofloo> lets see
08:26 <@dazo> :)
08:30 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
08:31 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
08:31 -!- Ryushin [chris@2001:5c0:1000:a::229] has joined #openvpn
08:39 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
08:42 -!- HollowPoint [~quassel@62.255.245.182] has quit [Ping timeout: 255 seconds]
08:46 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
08:48 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
09:01 < Ofloo> hmm, basicly changed server-bridge to server
09:01 < Ofloo> however the ipv4 is assigned but ipv6 isn't
09:01 < Ofloo> lets see
09:06 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:09 < Ofloo> dazo client http://pastebin.com/nB3WZXSL
09:11 < Ofloo> http://pastebin.com/qNq5rK26 server
09:11 < Ofloo> the server link gets an ip however the client link doesn't get an ipv6
09:11 < Ofloo> huh
09:14 < Ofloo> lol pfsense has a configuration error in the config
09:16 -!- u0m3 [~u0m3@89.120.204.99] has quit [Quit: Leaving]
09:16 < Ofloo> do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=1
09:16 < Ofloo> yet no ipv6
09:18 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
09:23 < Ofloo> there seems to work now
09:23 < Ofloo> how can i assign static ipv6 to the client
09:23 < Ofloo> ipp.txt
09:23 < Ofloo> deosn't seem to work
09:23 < Ofloo> i've got edp,10.0.0.10,fc00::10
09:23 < Ofloo> the ipv4 works however the ipv6 is fc00::1008 instead of the 10 address
09:35 -!- blu_ [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
09:37 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
09:38 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
09:47 < Ofloo> Wed Dec 16 16:46:32 2015 ifconfig_pool_read(), in='edpnet,10.0.0.10,fc00::10', TODO: IPv6
09:47 < Ofloo> Wed Dec 16 16:46:32 2015 succeeded -> ifconfig_pool_set()
09:47 < Ofloo> Wed Dec 16 16:46:32 2015 IFCONFIG POOL LIST
09:47 < Ofloo> Wed Dec 16 16:46:32 2015 edpnet,10.0.0.10,fc00::1008
09:48 < Ofloo> few seconds later
09:48 < Ofloo> ??
09:51 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Quit: He who dares .... wins.]
09:52 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
09:58 -!- HollowPoint [~quassel@62.255.245.182] has quit [Remote host closed the connection]
10:12 -!- somis [~somis@167.160.44.201] has quit [Quit: Leaving]
10:13 -!- unix4linux [~unix4linu@75.112.169.137] has joined #openvpn
10:14 < unix4linux> in my clients.conf, how do I have VPN set two DNS servers instead of only pushing one? I have tried adding two push option lines for DNS and I have also tried just one line with two DNS entries in it. Neither seems to work
10:25 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Read error: Connection reset by peer]
10:25 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
10:53 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
10:54 -!- ustn [~ustn@p4FDB0DCB.dip0.t-ipconnect.de] has quit [Quit: ustn]
11:00 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
11:07 -!- weox [uid112413@gateway/web/irccloud.com/x-ysuspgyltlsmibig] has joined #openvpn
11:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:15 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 265 seconds]
11:23 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
11:36 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
11:42 -!- unix4linux [~unix4linu@75.112.169.137] has quit [Ping timeout: 265 seconds]
11:47 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 250 seconds]
11:47 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
11:56 -!- anexit [~anexit@push.anexit.net] has joined #openvpn
11:57 < anexit> Question, is it safe to use one "cert" for many machines?
11:57 < anexit> I have a openbsd server running openvpn and my thought was to stash the certs for the windows machines on the C:
12:10 -!- DMA [~dma@190.146.128.106] has joined #openvpn
12:17 -!- linuxdevman [~chatzilla@208.167.254.70] has quit [Ping timeout: 265 seconds]
12:23 < hid3> Hello. I've set up a small openvpn server and did the initial configuration. However, when from a client computer (Windows XP) I try to connect, it says 'connected', however, 'ipconfig /all' shows tunneling device having ip address 0.0.0.0. And the traffic to VPN subnets is not available... Any ideas what is wrong?
12:24 < anexit> pastebin the conf file on the server
12:24 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
12:25 -!- blu_ [~bluenemo@unaffiliated/bluenemo] has quit [Remote host closed the connection]
12:27 < hid3> Not sure where do I get it - I've configured everything from the web panel
12:28 < hid3> there seems to be 'config.db' file but it is not a plaintext one
12:28 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 240 seconds]
12:36 < hid3> strange, from Windows 7 it seems to work just fine...
12:43 -!- CGML [~CGML@unaffiliated/cgml] has quit [Quit: CGML]
12:43 -!- cfuture [~xmg@p508B486B.dip0.t-ipconnect.de] has joined #openvpn
12:51 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
12:54 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
12:54 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Remote host closed the connection]
12:58 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
13:04 -!- cfuture [~xmg@p508B486B.dip0.t-ipconnect.de] has quit [Quit: leaving]
13:04 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
13:07 -!- cfuture [~xmg@p508B486B.dip0.t-ipconnect.de] has joined #openvpn
13:12 -!- roentgen [~none@unaffiliated/roentgen] has quit [Remote host closed the connection]
13:20 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
13:36 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
13:56 -!- somis [~somis@167.160.44.233] has joined #openvpn
14:05 -!- wkts [~wkts@45.55.231.187] has quit [Quit: Bye!]
14:09 -!- noecc [~irc@unaffiliated/noecc] has quit [Remote host closed the connection]
14:11 -!- wkts [~wkts@45.55.231.187] has joined #openvpn
14:12 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Ping timeout: 240 seconds]
14:25 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
14:30 -!- JagaJaga [~JagaJaga@109.205.252.215] has joined #openvpn
14:31 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 265 seconds]
14:32 -!- Joel [~Joel@unaffiliated/joel] has joined #openvpn
14:33 < Joel> https://github.com/OpenVPN/easy-rsa/blob/master/README.quickstart.md - I'm confused, I've completed step 1, and I've generated a dh params, how do I generate a key pair for the server, and a key pair for each user connecting?
14:33 <@vpnHelper> Title: easy-rsa/README.quickstart.md at master · OpenVPN/easy-rsa · GitHub (at github.com)
14:34 < Joel> Is that steps 2-6 run for every need, like the server, and every user connecting?
14:35 < Joel> also, is there a way to set the common name in the vars file?
14:49 -!- JagaJaga [~JagaJaga@109.205.252.215] has quit [Ping timeout: 240 seconds]
14:50 -!- roentgen [~none@unaffiliated/roentgen] has joined #openvpn
14:51 -!- jmk [~jmalik@2a01:6600:8081:4e03:dcb1:86b3:4630:a035] has joined #openvpn
15:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:03 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
15:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:09 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-thhbnjiccumpykyl] has joined #openvpn
15:09 < wallbroken> hi
15:09 < wallbroken> is there some openvpn connect app developer here?
15:09 < wallbroken> i tried in -as channel but it's without activity since mounths
15:10 < wallbroken> https://forums.openvpn.net/openvpn-connect-ios-f36.html
15:10 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN Connect (iOS) (at forums.openvpn.net)
15:10 < wallbroken> and no useful information here
15:15 -!- averagecase [~anon@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
15:16 -!- klimt [~root@unaffiliated/klimt] has joined #openvpn
15:22 -!- weox [uid112413@gateway/web/irccloud.com/x-ysuspgyltlsmibig] has quit [Quit: Connection closed for inactivity]
15:25 -!- averagecase [~anon@cl-6544.cgn-01.de.sixxs.net] has quit [Quit: Verlassend]
15:32 < KNERD> WHat is the option to have the client use only  the remote address for internet access?
15:32 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
15:34 < KNERD> redirect-gateway ?
15:36 -!- psofa [~psofa@ppp-2-84-144-43.home.otenet.gr] has joined #openvpn
15:36 < psofa> quick question:pushing static ip configs to clients to identify them is not secure is it?
15:37 < psofa> like in a normal lan
15:37 < KNERD> redirect-gateway  block-local ?
15:42 < XanThaOs>                                                                                                                                                                                                                                                                                                                                                                                                           
15:43 < XanThaOs>                                                          Why would static ip's be insecure?
15:43 < XanThaOs> sorry
15:43 < XanThaOs> but what is wrong with static ip's?
15:44 < psofa> i said using static ips to 'identify' clients
15:44 < psofa> not using static ips generally
15:45 < XanThaOs> i am missing the meaning then what do you mean by identify?
15:47 < psofa> as in configure access to resources based on client ip
15:48 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
15:50 < XanThaOs> In openvpn some of the resource access is based on the cert CN but as far as IP-based resource allocation, sometimes its necessary
15:50 < XanThaOs> Standard or stateless firewalling for example: choosing which machines can traverse a firewall on which ports: usually based on IP
15:51 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:51 < XanThaOs> If this is done in a dynamic IP environment, then the wrong machine could get the IP and would therefore get the privs that should be for another client
15:52 < XanThaOs> static IP, even in this context, provide the admin the ability to restrict activity reliably based on an IP that he or she knows the machine will be using
15:53 < XanThaOs> Remember: with openvpn the push of the IP to the client will take place through the tunnel, therefore encrypted. Once it gets there, it's as secure or as vulnerable as that machine's firewall rules allow
15:54 < Thermi> Restricting access by IP is like restricting access by an ugly scrabbled name plate
15:54 < Thermi> on a standard piece of paper in arial
15:55 < psofa> this is what i believed thats why I asked to make sure.Maybe somehow openvpn enforced checking of the ips of the clients when setup to push static ips
15:55 < Thermi> OpenVPN has a built in path filter.
15:56 < Thermi> If you specifically assign a client an IP, it associates it with its identity.
15:56 < XanThaOs> I never said it was bulletproof, only that it is the way that many firewalls operate. iptables for example, and most routers as well.
15:56 < Thermi> But that is only true if you use a tun device (layer 3 tunneling).
15:56 < psofa> XanThaOs, nope
15:56 < Thermi> if you use a tap device (layer 2 tunneling) it is as insecure as a normal LAN.
15:57 < Thermi> You can not cryptographically securely identify a host by its IP address.
15:57 < Thermi> I'm going now. It's late here. gn8.
15:57 < psofa> XanThaOs, secure iptables configs filter by incoming interface not ip addresses
15:57 < psofa> Thermi, thanks for the pointers ill look into it
15:58 < XanThaOs> iptables configs can filter by interface, but that's effective only if each incoming connection has its own dedicated interface
15:59 < XanThaOs> If many different connections come in and out an interface, how does iptables differeniate each connection?
16:02 < XanThaOs> All of my rules are bound to an interface as well. However, in order to be specific, I have to identify which IP on which port on which interface. As you omit these parts the rule becomes more and more generic and allows more and more info through
16:02 < psofa> you are right I didnt phrase my question correctly
16:02 < XanThaOs> I must be thinking in hard networking
16:03 < XanThaOs> But many of the same rules apply in vpn's as well, except that in vpn's clients are identified by their cert CN, right?
16:05 < XanThaOs> Maybe if I understood more of what you meant I would better understand the point being made
16:05 < shio> v2.3.9 is available
16:08 < XanThaOs> psofa maybe you can elaborate where my thinking is off?
16:09 < psofa> the point is i want to allow specific clients access to specific resources on the vpn server.If i created a separate vpn tun/tap iface for each i could filter securely
16:10 < psofa> if all clients come through the same interface I think im open to spoofing
16:11 < psofa> like Thermi implied
16:11 < XanThaOs> Okay I can see that, and you're right, it's easier to spoof L3 and L2 than L1
16:12 < XanThaOs> individual interfaces would be more secure. the question is how would you bind a specific client to a specific interface? Would you run a separete server daemon for each, or call a new interface in each user's ./ccd/* file?
16:19 < XanThaOs> I can see this as being a good idea if you have only a few clients, but if you have a lot of clients, that is a lot of virtual interfaces. And I agree with Thermi on one thing: I prefer L3 tunneling. Bridging is not my idea of safe
16:20 < XanThaOs> Although I am, admitttedly, inexperienced with openvpn, so mine may not be the best opinion
16:20 < XanThaOs> I'm more knowledgeable in networking in general, specifically hard networking, not vpn's
16:21 < klimt> hello
16:22 < XanThaOs> Now a question for you: when you mention spoofing: at least in the few examples I have set up so far, openvpn pushes a static IP to the client based on the cn on the cert.
16:22 < XanThaOs> If someone wants to spoof the IP, wouldn't they also have to spoof the cert and key?
16:23 < XanThaOs> And if they could do that, wouldn't they then be able to spoof their way to the specific tun iface?
16:23 < klimt> I just setup an openvpn server in ubuntu/ generated certificates/ got dnsmasq + openvpn server up and running/ clients connect properly in VPN and can access internet/ HOWEVER when I ssh into the OpenVPN server VPS and attempt to ping an external IP or do 'apt-get update' I have no access/ Any advice please much appreciated.
16:23 -!- Badimo [~fds@ppp-2-86-132-23.home.otenet.gr] has joined #openvpn
16:24 < klimt> *I have no access --> I mean I receive nothing from the ping or apt-get does not resolve to anywhere
16:25 < XanThaOs> Does it work if you stop the server side?
16:25 < XanThaOs> the vpn server?
16:26 < klimt> when i drop all iptables rules i can access the internet
16:26 < klimt> so I suspect there is sth wrong there
16:26 < klimt> i can send you a pastebin if you can help
16:27 < XanThaOs> I will take a look, but yes if turning off iptables stops it then the problem is there
16:28 < XanThaOs> Now, when your server connects out, as in a ping or for apt, is it still running off its physical host IP or is it running off its virtual IP?
16:31 < XanThaOs> Just remember iptables reads top down in each chain till it hits a matching rule. If no rule matches it will use the chain default
16:32 < klimt> http://pastebin.com/Bh5Qu0hK
16:32 < XanThaOs> ok hold on
16:32 < klimt> thx
16:34 < klimt> i have 3 running interfaces/ eth0 facing public IP/ lo/ tun0 with 10.8.0.1
16:36 < klimt> and yes about the top/down approach that IPTABLES takes/ I tried to be careful as to how I have been setting up the rules.
16:37 < XanThaOs> I can see that this script sets output default to drop, and only allows outbound related and established. it can't establish a new state based on this except where the rules specifically allow it.
16:37 < XanThaOs> I'm not as good reading through scripts, I do better looking at the /etc/sysconfig/iptables file
16:37 < klimt> I understand your point
16:37 < defsdoor> you're right
16:37 < klimt> I will try add NEW then
16:38 < XanThaOs> which I believe is in /etc in ubuntu
16:38 < defsdoor> that script doesnt allow any output connections at all
16:38 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Ping timeout: 272 seconds]
16:38 < klimt> well
16:38 < XanThaOs> It allows only those that are related or established, likely only those that are established by incoming connections
16:38 < klimt> right now I am talking to you from an irc client sitting in this server
16:38 < XanThaOs> new outgoing is completely blocked
16:39 < defsdoor> you dont need that
16:39 < klimt> would I then not be able to talk to you guys?
16:39 < klimt> ok
16:39 < defsdoor> INPUT connections aren't OUTPUT connections
16:39 < klimt> let me try amend the FW in the OUTPUT part and I will let you know
16:41 < klimt> this is correct --> $IPT -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
16:42 < klimt> so would that not allow connections from within the server?
16:43 < klimt> I also get "ping: unknown host google.com" so isnt that there is sth wrong with DNS?
16:43 < XanThaOs> I will say this and probably stir up a hornet's nest. A lot of people make a big deal about setting a default drop policy on all chains. For input and forward this is good. But for output I have found that a default drop causes more problems than it solves
16:43 < XanThaOs> In most cases
16:43 < defsdoor> your firewall inst allowing DNS output either
16:44 < defsdoor> default drop is the right thing to do - you just need to be specific a about what you want to allow
16:44 < XanThaOs> The exception is where the server is a small list of known outbound connections that are easily manageable. Otherwise the output rules can get unruly
16:44 < defsdoor> I don't agree - 10 or 1000 - its simply a list
16:46 < klimt> ok
16:46 < klimt> I think I will study the FW a bit closer and try understand step by step what's wrong
16:46 < defsdoor> https://gist.github.com/defsdoor/a430c33ddb1478211282
16:46 <@vpnHelper> Title: gist:a430c33ddb1478211282 · GitHub (at gist.github.com)
16:47 < defsdoor> thats my firewall on one of my servers
16:47 < XanThaOs> again it's a personal decision and depends on the particular use of the machine
16:47 < klimt> thanks for sharing defsdoor
16:47 < defsdoor> I have a core set of rules that allow/forward etc.. based on packet marks
16:48 < defsdoor> so the main effort after than is just marking packets
16:48 < XanThaOs> And it's a list, yes, and if the machine has limited uses the policy is justified. Otherwise a user might find themselves editing the output chain every time they do something online.
16:48 < klimt> XanThaOs I am actually trying to learn by doing the right thing/ that being (IMHO) eliminating everything and then slowly allowing only what's required.
16:48 < XanThaOs> I'm not saying it's wrong or invalid, it is a valid security measure and is more secure than an allow policy
16:48 < defsdoor> thats a very simple example mind - on other machines I have marks for DNATing etc..
16:48 < klimt> right- I understand that
16:49 < klimt> sounds good.
16:49 < XanThaOs> Only that different cases require different rules on output
16:49 < XanThaOs> Now incoming and forward, those should always be default drop
16:49 < XanThaOs> brb
16:50 < klimt> thanks guys for your time - I will experiment further and it's a good opportunity to get to know iptables a bit better.
16:50 < klimt> thanks XanThaOs
16:50 < klimt> and defsdoor
16:50 < defsdoor> just before you need to learn nf ;)
16:50 < klimt> :)
16:50 -!- Badimo [~fds@ppp-2-86-132-23.home.otenet.gr] has quit []
16:50 < defsdoor> nftables is much more powerful
16:51 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
16:58 -!- dazo is now known as dazo_afk
17:06 < XanThaOs> I'll have to take a look at nftables then
17:06 -!- unix4linux [4b701526@gateway/web/freenode/ip.75.112.21.38] has joined #openvpn
17:07 -!- XanThaOs is now known as ke4nhw
17:07 < unix4linux> does anyone know how I can add two DNS servers to clients.conf instead of just pushing just one?
17:09 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Remote host closed the connection]
17:10 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
17:11 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Client Quit]
17:12 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
17:50 < subzero79> unix4linux, you add another dhcp-option line
17:50 < unix4linux> hmm, I did add one just like the current one and VPN failed to start/work properly when I did
17:51 < unix4linux> I added this second line: push "dhcp-option DNS 10.10.10.245"
17:52 < subzero79> mmm, i don't recall pushing two dns servers, but i pushed two domains
17:52 < subzero79> so i guess the options should work
18:20 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-thhbnjiccumpykyl] has left #openvpn []
18:20 -!- Ryushin [chris@2001:5c0:1000:a::229] has quit [Ping timeout: 260 seconds]
18:52 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has quit [Ping timeout: 250 seconds]
18:54 -!- bdmc [bdmc@cl-745.bos-01.us.sixxs.net] has joined #openvpn
18:59 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
19:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
19:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:13 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has quit [Quit: It's 420 somewhere]
19:41 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has quit [Quit: Leaving]
20:07 -!- somis [~somis@167.160.44.233] has quit [Quit: Leaving]
20:24 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
20:28 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
20:29 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
20:29 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
20:36 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Ping timeout: 256 seconds]
20:39 -!- jimmyjohn12 [4c73cd51@gateway/web/freenode/ip.76.115.205.81] has joined #openvpn
20:40 < jimmyjohn12> ello, I tried updating to the latest OpenVPN but it doesn't seem that block-outside-dns is working.
20:40 < jimmyjohn12> When I enable it, there is no dns and nothing loads. this is on win 7
20:51 -!- jimmyjohn12 [4c73cd51@gateway/web/freenode/ip.76.115.205.81] has quit [Ping timeout: 252 seconds]
21:07 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
21:11 -!- jimmyjohn12 [4c73cd51@gateway/web/freenode/ip.76.115.205.81] has joined #openvpn
21:11 < jimmyjohn12> Any way to make  block-outside-dns  work with Windows7?
21:21 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 250 seconds]
21:23 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
21:36 -!- jimmyjohn12 [4c73cd51@gateway/web/freenode/ip.76.115.205.81] has quit [Ping timeout: 252 seconds]
21:47 -!- cfuture [~xmg@p508B486B.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
21:52 -!- debdog [~debdog@2a02:8070:4382:5600:7a24:afff:fe8a:d04d] has joined #openvpn
21:53 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
22:09 -!- Nizbot [~Nizbot@088.106-30-64.ftth.swbr.surewest.net] has joined #openvpn
22:23 -!- psofa [~psofa@ppp-2-84-144-43.home.otenet.gr] has quit [Quit: Leaving]
22:26 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: brb]
22:26 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
22:33 -!- Nizbot [~Nizbot@088.106-30-64.ftth.swbr.surewest.net] has left #openvpn ["Leaving"]
22:34 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
22:42 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
22:56 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 240 seconds]
22:58 -!- Ofloo [ofloo@narf.ofloo.net] has quit [Ping timeout: 240 seconds]
23:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
23:02 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 246 seconds]
23:03 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
23:07 -!- ribasushi [~riba@mujunyku.leporine.io] has joined #openvpn
23:07 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:25 -!- ShadniX [dagger@p5481DDA5.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:27 -!- ShadniX [dagger@p5794132B.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Thu Dec 17 2015
00:12 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
00:13 -!- johnny56_ [~johnny56@unaffiliated/johnny56] has joined #openvpn
00:14 -!- johnny56 [~johnny56@unaffiliated/johnny56] has quit [Ping timeout: 264 seconds]
00:15 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
00:18 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:37 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has quit [Ping timeout: 272 seconds]
00:52 -!- mgorbach [~mgorbach@pool-96-237-153-21.bstnma.ftas.verizon.net] has quit [Ping timeout: 272 seconds]
00:53 -!- mgorbach [~mgorbach@pool-96-237-153-21.bstnma.ftas.verizon.net] has joined #openvpn
00:54 -!- Ofloo [ofloo@narf.ofloo.net] has joined #openvpn
01:08 -!- Ofloo [ofloo@narf.ofloo.net] has quit [Remote host closed the connection]
01:13 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 260 seconds]
01:17 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
01:26 -!- akurilin [~alex@208.80.70.250] has quit [Ping timeout: 272 seconds]
01:27 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
01:32 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 260 seconds]
01:33 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 240 seconds]
01:36 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 240 seconds]
01:42 -!- akurilin [~alex@208.80.70.250] has joined #openvpn
01:47 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
01:47 -!- jmk [~jmalik@2a01:6600:8081:4e03:dcb1:86b3:4630:a035] has quit [Quit: Leaving.]
02:01 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
02:03 -!- jmk [~jmalik@mail.step-email.net] has joined #openvpn
02:20 -!- ribasushi [~riba@mujunyku.leporine.io] has quit [Ping timeout: 240 seconds]
02:28 -!- ribasushi [~riba@113.212.96.195] has joined #openvpn
02:37 -!- DArqueBishop [~drkbish@tyrande.darquecathedral.org] has quit [Ping timeout: 260 seconds]
02:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 256 seconds]
02:54 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 240 seconds]
02:55 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:57 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
03:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
03:07 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 255 seconds]
03:07 -!- le0 [~le0@unaffiliated/le0] has joined #openvpn
03:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:09 -!- DArqueBishop [drkbish@tyrande.darquecathedral.org] has joined #openvpn
03:19 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
03:25 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
03:28 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
03:33 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 255 seconds]
03:38 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
04:02 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
04:07 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
04:14 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
04:25 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
04:27 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:36 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has joined #openvpn
04:37 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
04:38 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
04:40 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:42 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
04:43 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
04:49 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has quit [Remote host closed the connection]
04:52 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Ping timeout: 256 seconds]
05:00 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
05:01 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
05:03 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
05:04 -!- Ryushin [chris@2001:5c0:1000:a::45] has joined #openvpn
05:12 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:14 -!- dazo_afk is now known as dazo
05:44 -!- Ryushin [chris@2001:5c0:1000:a::45] has quit [Ping timeout: 240 seconds]
05:49 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 265 seconds]
05:57 -!- XJR-9 [XJR-9@pdpc/supporter/active/xjr-9] has joined #openvpn
06:08 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Quit: WeeChat 1.1.1]
06:08 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
06:10 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has quit [Client Quit]
06:11 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
06:13 -!- bf_ [~bf_@cable-78-34-19-180.netcologne.de] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
06:21 -!- XJR-9 [XJR-9@pdpc/supporter/active/xjr-9] has quit [Ping timeout: 255 seconds]
06:29 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:33 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
06:46 -!- Ryushin [chris@2001:5c0:1000:a::2d3] has joined #openvpn
06:51 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:52 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
07:02 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:08 -!- lotharn3 [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has joined #openvpn
07:10 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has quit []
07:10 -!- XJR-9 [sid2977@pdpc/supporter/active/xjr-9] has joined #openvpn
07:11 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
07:11 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit [Ping timeout: 240 seconds]
07:34 -!- ustn [~ustn@p4FDB0702.dip0.t-ipconnect.de] has joined #openvpn
07:51 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
07:55 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Quit: ZNC - http://znc.in]
07:55 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:57 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
07:57 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
07:58 -!- AlmogBaku [~AlmogBaku@37.26.146.195] has joined #openvpn
07:59 < AlmogBaku> hi
08:00 -!- AlmogBaku [~AlmogBaku@37.26.146.195] has quit [Remote host closed the connection]
08:02 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
08:04 -!- weox [uid112413@gateway/web/irccloud.com/x-xvtartaxyskicyui] has joined #openvpn
08:09 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has left #openvpn ["WeeChat 1.1.1"]
08:18 -!- shio [marmottin@129.121.101.84.rev.sfr.net] has quit [Read error: Connection reset by peer]
08:28 -!- debdog [~debdog@2a02:8070:4382:5600:7a24:afff:fe8a:d04d] has quit [Ping timeout: 250 seconds]
08:35 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has joined #openvpn
08:49 -!- shio [~shio@129.121.101.84.rev.sfr.net] has joined #openvpn
08:50 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has quit [Read error: Connection reset by peer]
09:03 -!- ustn [~ustn@p4FDB0702.dip0.t-ipconnect.de] has quit [Quit: ustn]
09:10 -!- noecc [~irc@unaffiliated/noecc] has quit [Ping timeout: 240 seconds]
09:15 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
09:17 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 256 seconds]
09:18 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has joined #openvpn
09:23 < anexit> For some reason when the workstation established a vpn, it does not use "my dns" but the isp.  Anyway to force this?
09:25 -!- Hadi [~Instantbi@31.59.7.15] has joined #openvpn
09:30 < apollo13> anexit: are you pushing your dns information over to the client?
09:30 < apollo13> also on linux, depending on how you start it, you have to tell the client to actually update resolvconf
09:31 < anexit> apollo13: indeed (windows 10 clients)
09:31 < anexit> I'm rebooting as of now
09:31 < apollo13> oh windows, no idea about those
09:32 < apollo13> I think by default it would keep all dns servers and query all of them on parallel on win 10 and take the fastest answer
09:32 < anexit> Ah, so it works.  When I reboot the service it destroys my bridge
09:32 < anexit> push "dhcp-option DNS 10.0.1.3"
09:32 < anexit> push "dhcp-option DNS 10.0.1.5"
09:32 < anexit> I need to make sure the bridge is up when I restart the service
09:32 < anexit> ugh
09:32 < apollo13> linux server?
09:32 < anexit> freebsd
09:33 < apollo13> mhm, still surprised that openvpn would kill a bridge
09:33 < anexit> Doesn't kill it, kills the tap device
09:33 < anexit> which the bridge drops
09:35 < anexit> so this works really well, time to ditch sonicwall
09:35 < anexit> :D
09:47 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:48 -!- DMA [~dma@190.146.128.106] has joined #openvpn
09:49 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
09:52 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Client Quit]
09:53 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:55 -!- unix4linux [4b701526@gateway/web/freenode/ip.75.112.21.38] has quit [Ping timeout: 252 seconds]
10:02 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
10:05 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 240 seconds]
10:07 -!- JackWinter [~jack@88.22.243.252] has joined #openvpn
10:23 -!- jmk [~jmalik@mail.step-email.net] has quit [Remote host closed the connection]
10:30 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
10:31 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:32 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
10:55 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
11:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
11:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:10 -!- l30 [~le0@unaffiliated/le0] has joined #openvpn
11:13 -!- le0 [~le0@unaffiliated/le0] has quit [Ping timeout: 272 seconds]
11:14 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
11:15 -!- HollowPoint [~quassel@62.255.245.182] has quit [Remote host closed the connection]
11:15 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
11:19 -!- l30 [~le0@unaffiliated/le0] has quit [Quit: Leaving]
11:20 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 260 seconds]
11:21 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
11:24 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
11:24 -!- rem5 [~rem5@vtelinet-216-66-102-25.vermontel.net] has joined #openvpn
11:24 < rem5> hey folks.. any plans for kerberos support?
11:25 < apollo13> rem5: for what exactly?
11:26 < rem5> auth for users connecting via the client
11:26 < apollo13> openvpn supports pam, so you got kerberos support there, no?
11:26 < rem5> yeah, but would be better to have a vpn service vs the default keytab for the host
11:27 < apollo13> you can tell pam_krb5 which keytab to use
11:27 < rem5> for just the vpn service?
11:28 < apollo13> sure, you tell openvpn to use blabla as pam service and in blablaba you tell pam_krb5 which keytab to use
11:28 < rem5> ah ok
11:28 < rem5> thanks!
11:30 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
11:31 < apollo13> rem5: never tried, but I don't see why it wouldn't work :D
11:34 < apollo13> rem5: you can even write a script to redirect different users to different pam services if you are feeling crazy
11:35 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:36 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
11:42 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 240 seconds]
11:45 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Ping timeout: 260 seconds]
11:45 -!- akkad [akkad@dns.mauthesis.com] has joined #openvpn
11:46 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
11:52 -!- weox [uid112413@gateway/web/irccloud.com/x-xvtartaxyskicyui] has quit [Quit: Connection closed for inactivity]
12:33 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
12:35 -!- rem5 [~rem5@vtelinet-216-66-102-25.vermontel.net] has quit [Remote host closed the connection]
12:40 -!- twodogs [~encee@hunan.bhi.me] has joined #openvpn
12:42 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
12:52 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
12:53 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
12:59 -!- yoink [~yoink@66.171.168.10] has quit [Quit: ...]
12:59 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
13:04 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
13:13 < linuxthefish> does openvpn work on win10?
13:14 < banco> linuxthefish: yes
13:18 -!- dazo is now known as dazo_afk
13:18 < linuxthefish> it gets stuck on installing tap - "may require confirmation"
13:22 < linuxthefish> stuck like http://i.imgur.com/w88q6JH.png
13:23 < banco> linuxthefish: https://community.openvpn.net/openvpn/ticket/592
13:23 <@vpnHelper> Title: #592 (Tap-Windows Adapter not work Windows 10) – OpenVPN Community (at community.openvpn.net)
13:34 < linuxthefish> ah useless windows
13:34 < banco> linuxthefish: seems like antivirus or something is a problem
13:35 < banco> https://forums.openvpn.net/topic7663.html
13:35 <@vpnHelper> Title: OpenVPN Support Forum TAP Device driver will not install in Win7 64bit : Installation Help (at forums.openvpn.net)
13:35 < banco> McAfee software left the registry on our Win7 machine in a bad state. Cleaning out the "ghost" network interfaces with the tool allowed us to install the TAP device driver without any further issues.
13:37 < banco> there was a problem with Kaspersky Total Security 2016 as well
13:39 < drwx> openvpn seems to never reach more than 50 Mbit/s, am i using some wrong ciphers? both ends have quite powerful cpus
13:40 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-thhbnjiccumpykyl] has joined #openvpn
13:40 < wallbroken> hi guys
13:41 < wallbroken> i already asked about "openvpn connect ios" app, it's still supported? what about it?
13:42 < banco> !gigabit
13:42 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
13:42 < banco> drwx: ^
13:42 < drwx> thanks banco
13:48 < drwx> banco: absolutely no change with a higher mtu and fragment/mssfix = 0
13:48 < drwx> and cipher is blowfish afaik since i didn't change defaults
13:51 < banco> drwx: maybe check the cpu usage
13:52 < drwx> banco: not even in the top processes
13:52 < drwx> as i said i have decent cpus
13:52 < drwx> 8-core amd fx
13:52 < drwx> and equivalent xeon
13:54 < drwx> banco: i use tcp though, but it should not be such a big deal?
13:54 < drwx> i just tried cipher none and still 50M
13:58 < banco> drwx: tcp is slow, also the fragment and mssfix only makes sense when you are using the UDP protocol
14:03 -!- Hadi [~Instantbi@31.59.7.15] has quit [Read error: Connection reset by peer]
14:11 -!- Hadi [~Instantbi@31.59.7.15] has joined #openvpn
14:13 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Ping timeout: 272 seconds]
14:19 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
14:51 -!- JackWinter [~jack@88.22.243.252] has quit [Quit: Konversation terminated!]
14:54 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
15:02 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
15:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:05 -!- weox [uid112413@gateway/web/irccloud.com/x-fgxeimanbiydzjhs] has joined #openvpn
15:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:26 < mete> always try to use udp when possible drwx
15:27 < mete> I'm bound to tcp at home, and I don't get more than ~40mbit over tcp... :(
15:28 < drwx> banco: still, iperf over tcp  gives 920 Mb/s  or so
15:28 < drwx> mete: i'll try udp
15:30 < mete> [20:51:56] <drwx> 8-core amd fx  // openvpn is single threaded as I know, so your 8 cores doesn't help here...
15:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 255 seconds]
15:35 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
15:43 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has joined #openvpn
15:43 < ke4nhw> d
15:48 < Joel> ./easyrsa sign-req server vs ./easyrsa sign-req client, what's the difference? I presume you use "server" for the openvpn server side, and client for all the clients connecting, or?
15:56 < Joel> also, I'm getting that my credentials are being denied when connecting, but I'm not seeing anything in openvpns log, thoughts?
15:56 < Joel> like, not even a connection attempt
16:06 -!- nitdega [~nitdega@2602:304:ab12:e981:2356:5e:4d56:c840] has joined #openvpn
16:08 < Joel> fucking keys are going to be the death of me
16:09 < apollo13> missing static tls auth key?
16:12 -!- Ryushin [chris@2001:5c0:1000:a::2d3] has quit [Ping timeout: 240 seconds]
16:12 < Joel> current battle is: Cannot load private keu file joel.key: error:0B080074:x509 ceritificate routines:X509_check_private_key:key values mistmatch
16:14 < Joel> using the following to quickly make keys: https://gist.github.com/jjshoe/9f8780a188e68f9005e0
16:14 <@vpnHelper> Title: gist:9f8780a188e68f9005e0 · GitHub (at gist.github.com)
16:20 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
16:21 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
16:26 < ke4nhw> Hi apollo13
16:26 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has joined #openvpn
16:29 < ke4nhw> I'm reading the docs on how to allow a connected client to see the physical network behind the server, and I'm finding myself confused. I understand advertising the physical subnet with route, and can even see the route push for the client IP's if they are not in the same subnet as the server. What is confusing me is the ifconfig-push  of the /30 pairs
16:30 < wallbroken> is there some openvpn developer please?
16:30 < ke4nhw> Right now I have everything in the same virtual subnet, 10.147.93.0/24
16:31 < ke4nhw> Server at .1 obviously, using nopool, clients being assigned by their ./ccd files with random (non-sequential) .?/32 addresses in that subnet
16:32 < ke4nhw> The docs are telling me that I have to push a /30 address pair to the client, but I am failing to see where this comes into play.
16:34 < ke4nhw> apollo13 can you help me understand this a bit better? The goal is this: I have multiple clients, most only need to see the Samba shares on the server itself (simple enough, that's already working). I do have one client that needs to see the Samba shares, the SSH, and all other resources on the server, as well as resources that are on the physical subnet of the server (what I am calling "behind"
16:34 < ke4nhw> the server).
16:34 < ke4nhw> that would be my administrative keys
16:35 < Joel> is there a script out there that makes it easy to generate a CA, server, and user certs? like pre-made? I just feed it some info?
16:36 < ke4nhw> The two questions I have are this: Why is every user group being assigned to a different subnet, and why are the users needing access to resources on the server's physical subnet needing /30 address pairs?
16:37 < drwx> mete: the core isn't used at all and i'm pretty sure i have aesni anyway
16:37 < ke4nhw> Joel I used the ./openvpn/easy-rsa/2.0/* scripts, build-key stuff
16:37 < drwx> perf is slightly better with udp, i reach 100M
16:38 < Joel> ke4nhw, yeah, but you have to call easy rsa with multiple options, and it's just not working out here :\
16:38 < ke4nhw> What distro?
16:38 < ke4nhw> I'm using RHEL-based distros
16:38 < Joel> ke4nhw, this is what I have: https://gist.github.com/jjshoe/49eb05ffe6b7bd3c53c5
16:38 <@vpnHelper> Title: gist:49eb05ffe6b7bd3c53c5 · GitHub (at gist.github.com)
16:40 < ke4nhw> Definitely different than the docs I am following. I am working straight from the OpenVPN docs on their website: https://openvpn.net/index.php/open-source/documentation/howto.html
16:40 <@vpnHelper> Title: HOWTO (at openvpn.net)
16:41 < ke4nhw> I literally walked through the steps on Setting up your own CA and generating certificates and keys for an OpenVPN server and multiple clients. Once I generated the keys and made sure that the conf file was set right, everything worked fine.
16:42 < ke4nhw> One thing I found out is that in the conf file I had to do everything by absolute pwd
16:43 < ke4nhw> absolute working directory rather
16:43 < ke4nhw> Even if I put the generated keys in the same directory as openvpn, I still called them in the conf file by absolute path
16:44 < ke4nhw> as in 'ca /etc/openvpn/ca.crt' and so on. You have to have three generated: the CA, the server.crt, and the server.key
16:45 < ke4nhw> You also need to generate and make available your dh1024.pem or dh2048.pem
16:45 < ke4nhw> I used 2048, though I wish I had the ability to use 4096
16:46 < Joel> I have way too many accounts to do them one by one
16:48 < ke4nhw> As far as scripting them I'm not sure how the system might handle that one: I'd imagine you could batch produce the keys, but that could open the door to errors if done incorrectly. However, since you're having some problems with connectivity perhaps you should manually walk through generating the server and dh by hand and one client by hand, just to debug out the connectivity issues.
16:49 < ke4nhw> Then you can worry about batching the rest
16:49 < ke4nhw> Start small, build big
16:50 < ke4nhw> Might I ask a question: you have a great many accounts: do they all have the same level of access, or do some of them have higher rights than others (some key/cert pairs going to clients that will have elevated privileges on the server or its physical network)?
16:51 < Joel> so far, you've provided no insight, what so ever, no offense intended.
16:51 < Joel> the steps I'm taking are clearly outlined in the gist.
16:52 < Joel> am I missing a step? performing an extra step?
16:52 < ke4nhw> If all of the clients have absolute base minimum privs then you might get away with generating the keys with no passwords. However, any user keys that will have any level of admin access I wouldn't batch those: gen those with passwords
16:53 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
16:53 < ke4nhw> I'm sorry, as I mentioned I can't help much on this. Even more, I'm not familiar with the gist you're using
16:53 < Joel> dry theory having nothing to do with my issue, love it.
16:54 < Joel> <3
16:55 < ke4nhw> I'm working directly from the web howto I sent you. The one thing I did note is that you are having connectivity issues, and I did recommend walking through a single pair generation and working out your connectivity issues first.
16:55 < ke4nhw> sorry I don't have the answers you need
16:56 < ke4nhw> Again, I'm not familiar with the methods you're using.
16:56 < Joel> not sure why you sent it to me, as it hasn't answered a single question I asked :)
16:59 < ke4nhw> Perhaps the same reason that someone else here sent it to me: it pointed out that I was overlooking a configuration step that was completely unrelated to my key/cert pair generation issue as well. i thought my key/cert pair was bad, turns out that it was something in the config file totally unrelated. The whole "not related to my problem" fixed my problem.
16:59 < ke4nhw> But I apologize for interrupting the droves of other people that were sending you specific answers to your questions, I'll let you get back to them...
17:16 < Joel> does anyone know how to get openvpn to tell tunnelblick to prompt for a username/password?
17:19 -!- Hadi1 [~Instantbi@31.59.9.67] has joined #openvpn
17:21 -!- Hadi [~Instantbi@31.59.7.15] has quit [Ping timeout: 246 seconds]
17:21 -!- Hadi1 is now known as Hadi
17:27 < Joel> got it
17:27 < Joel> and none of which was related to that doc.
17:28 < ke4nhw> glad ya got it
17:28 < ke4nhw> Now I just gotta get my setup to work
17:34 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:35 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
17:35 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:36 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
17:38 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:39 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
17:41 < Joel> I'm shocked yours doesn't work :P
17:42 < ke4nhw> Well, the vpn works, but I'm trying to expand the capabilities of one of the clients
17:42 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:43 < ke4nhw> And truth be told I'm not fully understanding some of the instructions given in the docs
17:43 < ke4nhw> as far as contacting and working on the server itself, no probs. As far as expanding it to the other machines on the server's physical subnet, I'm still working on that one.
17:45 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
17:46 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:50 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Quit: Ex-Chat]
18:02 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
18:25 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
18:35 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Ping timeout: 260 seconds]
18:51 -!- hays [~quassel@unaffiliated/hays] has joined #openvpn
19:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
19:04 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:05 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has quit [Quit: Leaving]
19:06 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
19:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:16 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:19 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:24 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:25 < KNERD> I have set up a few ovpn installs and have made myself a guide in which all I need to do is copy and paste ..done..has been working 100% of the time...until now.. The Windowd client just will not connect to my newest install. I have multiple clients here and they all connect, excet my newest one.
19:25 < KNERD> The odd thing is Wireshark is showing no connection attempts to the IP address I have set in the client config
19:26 < KNERD> the only differences in the client configs is the IP address and the cetificate names.
19:27 < KNERD> Any ideas?
19:28 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
19:28 < KNERD> \Onl thing the client responds with is "Cannot connect"
19:35 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
19:42 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:48 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:52 < KNERD> foudn it...a typo
20:03 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
20:07 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
20:15 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
20:26 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
20:44 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 260 seconds]
21:13 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
21:17 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
21:20 < ke4nhw> I need some help getting these routing tables setup to work. I am having trouble seeing machines in the server's physical lan
21:21 -!- unix4linux [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
21:31 -!- unix4linux [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 240 seconds]
21:57 -!- Hadi [~Instantbi@31.59.9.67] has quit [Quit: Instantbird 1.6a1pre -- http://www.instantbird.com]
22:31 < KNERD> looks liek you will have to wait for several hours..it went wquiet here hours ago
22:31 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
22:46 < ke4nhw> I've lost the whole damn server
22:46 < ke4nhw> bloody f hell
22:47 < ke4nhw> I followed the howto to the blinkin letter, now the client is blind to the whole server, except for authentication
22:47 < ke4nhw> other than that, it's dead
23:02 < ke4nhw> Okay I had to revert to the old setup. I'll have to deal with the main problem tomorrow
23:02 < ke4nhw> maybe when everyone's here
23:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
23:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:26 -!- ShadniX [dagger@p5794132B.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:27 -!- ShadniX [dagger@p5481DD9D.dip0.t-ipconnect.de] has joined #openvpn
23:42 -!- weox [uid112413@gateway/web/irccloud.com/x-fgxeimanbiydzjhs] has quit [Quit: Connection closed for inactivity]
23:56 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:58 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Client Quit]
--- Day changed Fri Dec 18 2015
00:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:05 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Max SendQ exceeded]
00:07 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:13 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
00:14 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has quit []
00:21 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
00:27 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
00:38 -!- ke4nhw [ke4nhw@unaffiliated/xanthaos] has joined #openvpn
01:10 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
01:14 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
01:14 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 240 seconds]
01:30 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 255 seconds]
01:32 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
01:42 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
01:50 -!- weox [uid112413@gateway/web/irccloud.com/x-wfidhoretvahwpct] has joined #openvpn
01:57 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
02:16 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
02:17 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
02:33 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
02:34 -!- Ryushin [user@windwalker.chrisdos.com] has joined #openvpn
02:48 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
03:02 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
03:02 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 250 seconds]
03:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
03:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:13 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:15 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:16 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
03:20 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 272 seconds]
03:26 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
03:32 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 256 seconds]
04:09 -!- kampsun [~hendrik@unaffiliated/kampsun] has joined #openvpn
04:10 < kampsun> I'm trying to make it so that all outgoing connections on my VPS would go through VPN.
04:11 < kampsun> Right now it seems that I can connect to the VPN, but somethigns probably wrong with routing
04:15 < kampsun> Maybe someone could take a look at the serverfault question I've created - http://serverfault.com/questions/743492/configuring-vps-as-vpn-client
04:15 <@vpnHelper> Title: networking - Configuring VPS as VPN client - Server Fault (at serverfault.com)
04:17 -!- dazo_afk is now known as dazo
04:27 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:29 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
04:30 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
04:32 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:48 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
04:52 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-hqwvauyxwxhbnhsa] has joined #openvpn
05:03 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Ping timeout: 256 seconds]
05:05 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
05:14 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:26 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
05:36 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
05:43 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
05:48 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 272 seconds]
05:52 -!- Linuxnet [~netas@unaffiliated/netas3k] has joined #openvpn
06:02 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:06 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
06:08 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:09 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
06:14 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 265 seconds]
06:19 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
06:23 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:30 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
06:44 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
06:54 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-hqwvauyxwxhbnhsa] has quit [Quit: Connection closed for inactivity]
06:55 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:58 -!- kampsun [~hendrik@unaffiliated/kampsun] has quit [Ping timeout: 246 seconds]
06:59 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
07:00 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
07:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
07:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:10 -!- kampsun [~hendrik@unaffiliated/kampsun] has joined #openvpn
07:14 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
07:34 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:35 -!- somis [~somis@70.38.6.189] has joined #openvpn
07:38 -!- DMA [~dma@190.146.128.106] has joined #openvpn
07:43 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
07:53 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
08:18 -!- HollowPoint [~quassel@62.255.245.182] has quit [Remote host closed the connection]
08:20 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
08:21 -!- Denial- [~Denial@81.141.7.174] has quit []
08:25 -!- Denial [~Denial@81.141.7.174] has joined #openvpn
08:27 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-45-121.w86-195.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
08:28 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-45-121.w86-195.abo.wanadoo.fr] has joined #openvpn
08:41 -!- unix4linux [~unix4linu@75.112.21.38] has joined #openvpn
08:44 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
08:45 -!- unix4linux [~unix4linu@75.112.21.38] has quit [Ping timeout: 240 seconds]
08:54 -!- Joel [~Joel@unaffiliated/joel] has quit [Ping timeout: 240 seconds]
09:10 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
09:11 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
09:16 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
09:16 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
09:25 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:27 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:47 -!- klimt [~root@unaffiliated/klimt] has quit [Quit: WeeChat 1.3]
10:06 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
10:08 -!- HollowPoint [~quassel@62.255.245.182] has quit [Read error: Connection reset by peer]
10:09 -!- SpaceBass [~sp@50.253.22.9] has joined #openvpn
10:14 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
10:15 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:20 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has quit [Remote host closed the connection]
10:23 -!- _0x5eb_ [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
10:23 -!- iNs_ [~ins@85.17.164.26] has quit [Ping timeout: 250 seconds]
10:25 -!- iNs [~ins@85.17.164.26] has joined #openvpn
10:27 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:28 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
10:36 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
10:39 -!- nitdega [~nitdega@2602:304:ab12:e981:2356:5e:4d56:c840] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
10:58 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
11:00 -!- kampsun [~hendrik@unaffiliated/kampsun] has quit [Quit: Lost terminal]
11:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
11:03 -!- akurilin [~alex@208.80.70.250] has quit [Ping timeout: 265 seconds]
11:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:18 -!- akurilin [~alex@208.80.70.250] has joined #openvpn
11:23 -!- SpaceBass [~sp@50.253.22.9] has quit [Quit: This computer has gone to sleep]
11:38 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
11:43 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
11:51 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
11:53 -!- weox [uid112413@gateway/web/irccloud.com/x-wfidhoretvahwpct] has quit [Quit: Connection closed for inactivity]
11:58 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
11:59 < wallbroken> ecrist, do you know some developer of "openvpn connect" to ask about if the app is still supported?
12:16 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
12:18 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
12:30 -!- lotharn3 is now known as lotharn
12:49 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
12:51 -!- dazo is now known as dazo_afk
12:51 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
13:04 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
13:15 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 255 seconds]
13:22 -!- JagaJaga [~JagaJaga@109.205.252.215] has joined #openvpn
13:22 < JagaJaga> How can I forward vpn client through server's tor proxy?
13:26 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
13:34 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
13:40 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-thhbnjiccumpykyl] has left #openvpn []
13:40 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-thhbnjiccumpykyl] has joined #openvpn
13:53 -!- ofloo [ofloo@narf.ofloo.net] has joined #openvpn
13:55 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via]
14:06 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:10 -!- pa [~pa@unaffiliated/pa] has joined #openvpn
14:14 -!- nitdega [~nitdega@2602:304:ab12:e981:5a91:ca9a:575b:4063] has joined #openvpn
14:14 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
14:21 -!- nitdega [~nitdega@2602:304:ab12:e981:5a91:ca9a:575b:4063] has quit [Ping timeout: 264 seconds]
14:23 -!- weox [uid112413@gateway/web/irccloud.com/x-jfxmxrioqkpxqigd] has joined #openvpn
14:25 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:23 -!- ofloo [ofloo@narf.ofloo.net] has quit [Ping timeout: 255 seconds]
15:35 -!- JagaJaga [~JagaJaga@109.205.252.215] has quit [Ping timeout: 272 seconds]
15:44 -!- nitdega [~nitdega@2602:304:ab12:e981:5a91:ca9a:575b:4063] has joined #openvpn
15:47 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
16:07 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
16:22 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Ping timeout: 260 seconds]
16:27 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:30 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
16:32 -!- xalice [~root@2001:bc8:348c:100::1] has quit [Remote host closed the connection]
16:33 -!- xalice [~root@2001:bc8:348c:100::1] has joined #openvpn
16:41 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: quit]
17:00 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:01 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
17:05 -!- FlipBill [~bill@smtpv3.cosi.net] has left #openvpn ["Leaving"]
17:11 -!- wallbroken [wallbroken@gateway/shell/bnc4free/x-thhbnjiccumpykyl] has left #openvpn []
17:12 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
17:18 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
17:29 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
17:39 -!- DMA [~dma@190.146.128.106] has quit [Quit: Thanks, Thermi =)]
17:39 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:40 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
18:23 -!- weox [uid112413@gateway/web/irccloud.com/x-jfxmxrioqkpxqigd] has quit [Quit: Connection closed for inactivity]
18:27 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:28 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
18:29 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
19:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
19:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:42 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
19:51 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
20:41 -!- anabain [~joan@62.175.213.41.static.user.ono.com] has quit [Remote host closed the connection]
20:46 -!- Nik05__ [~Nik05@unaffiliated/nik05] has joined #openvpn
20:47 -!- Nik05__ [~Nik05@unaffiliated/nik05] has quit [Client Quit]
20:50 -!- Nik05__ [~Nik05@unaffiliated/nik05] has joined #openvpn
20:55 -!- Nik05__ is now known as Nik05
20:56 -!- wkts [~wkts@45.55.231.187] has quit [Ping timeout: 240 seconds]
20:57 -!- poffs [~poffs@172.86.179.30] has joined #openvpn
20:58 -!- wkts [~wkts@45.55.231.187] has joined #openvpn
21:36 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
21:37 -!- somis [~somis@70.38.6.189] has quit [Quit: Leaving]
21:43 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
21:44 < dvl> A recent development, when I connect via OpenVPN, Mail.app on OSX crashes.  Disconnect from OpenVPN, restart Mail, all OK. I think the key part of my openvpn configuration is: My DNS servers changes when I connect.
22:35 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
22:59 -!- MayurYa [~mayura@unaffiliated/mayurya] has joined #openvpn
23:05 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
23:08 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
23:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:13 -!- weox [uid112413@gateway/web/irccloud.com/x-uzwepdrgmskdvhsb] has joined #openvpn
23:23 -!- ShadniX [dagger@p5481DD9D.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:24 -!- ShadniX [dagger@p57941064.dip0.t-ipconnect.de] has joined #openvpn
23:59 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 272 seconds]
--- Day changed Sat Dec 19 2015
00:28 -!- MayurYa [~mayura@unaffiliated/mayurya] has quit [Read error: Connection reset by peer]
00:30 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit [Ping timeout: 272 seconds]
00:32 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
00:36 -!- kabeero [~pulsar@cpe-24-242-97-113.neb.res.rr.com] has joined #openvpn
00:38 < kabeero> lets say I have VPN working to connect Machine A to Machine B, but Machine A can't get to Network B.... do I need to setup Machine B as a router of some sort?
00:40 < kabeero> maybe with iptables masquerading / NAT ?
00:40 < banco> !route
00:40 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or client
00:41 -!- kabeero [~pulsar@cpe-24-242-97-113.neb.res.rr.com] has quit [Changing host]
00:41 -!- kabeero [~pulsar@unaffiliated/kabeero] has joined #openvpn
00:42 < kabeero> banco: thank you!
01:15 -!- kabeero [~pulsar@unaffiliated/kabeero] has quit [Quit: Leaving]
01:16 -!- kabeero [~kabeero@unaffiliated/kabeero] has joined #openvpn
01:27 -!- kabeero [~kabeero@unaffiliated/kabeero] has quit [Remote host closed the connection]
02:08 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-45-121.w86-195.abo.wanadoo.fr] has quit [Ping timeout: 272 seconds]
02:09 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-45-121.w86-195.abo.wanadoo.fr] has joined #openvpn
02:12 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
02:13 -!- weox [uid112413@gateway/web/irccloud.com/x-uzwepdrgmskdvhsb] has quit [Quit: Connection closed for inactivity]
02:14 -!- alec-b [~alec@49.45.103.87.rev.vodafone.pt] has quit [Ping timeout: 250 seconds]
02:15 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Client Quit]
03:04 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
03:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:15 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
03:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:24 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:42 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-45-121.w86-195.abo.wanadoo.fr] has quit [Remote host closed the connection]
03:42 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-45-121.w86-195.abo.wanadoo.fr] has joined #openvpn
03:47 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
03:53 -!- fred`` [fred@earthli.ng] has joined #openvpn
03:54 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
04:11 -!- Sambom [~Sambom@217.209.182.119] has joined #openvpn
04:24 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
04:24 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
04:26 -!- toli [~toli@62.235.7.37] has joined #openvpn
04:29 < Sambom> Have done a setup very close to this: https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide . A quick question. How can I in the server configure the allowed certificates/clients, so I can revoke access for a client?...
04:29 <@vpnHelper> Title: Easy_Windows_Guide – OpenVPN Community (at community.openvpn.net)
04:44 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
04:53 -!- u0m3 [~u0m3@89.120.204.99] has quit [Read error: Connection reset by peer]
04:53 -!- jzaw [~jzaw@loki.dzki.co.uk] has joined #openvpn
06:14 -!- HollowPoint [~quassel@2.29.137.99] has joined #openvpn
07:21 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
07:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:32 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
07:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
07:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:09 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:28 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
08:29 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
09:01 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 240 seconds]
09:07 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
09:12 -!- alec-b [~alec@195.25.43.5.rev.vodafone.pt] has joined #openvpn
09:16 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
09:19 -!- alec-b [~alec@195.25.43.5.rev.vodafone.pt] has quit [Ping timeout: 246 seconds]
09:21 -!- alec-b [~alec@135.167.54.77.rev.vodafone.pt] has joined #openvpn
09:24 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
09:29 -!- alec-b [~alec@135.167.54.77.rev.vodafone.pt] has quit [Ping timeout: 265 seconds]
09:30 -!- alec-b [~alec@211.242.28.37.rev.vodafone.pt] has joined #openvpn
09:37 -!- alec-b [~alec@211.242.28.37.rev.vodafone.pt] has quit [Ping timeout: 260 seconds]
09:39 -!- alec-b [~alec@169.4.108.93.rev.vodafone.pt] has joined #openvpn
09:46 -!- alec-b [~alec@169.4.108.93.rev.vodafone.pt] has quit [Ping timeout: 255 seconds]
09:53 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
09:53 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
09:53 -!- alec-b [~alec@207.81.166.178.rev.vodafone.pt] has joined #openvpn
10:00 -!- alec-b [~alec@207.81.166.178.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
10:02 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
10:03 -!- alec-b [~alec@176.61.54.77.rev.vodafone.pt] has joined #openvpn
10:09 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
10:14 -!- alec-b [~alec@176.61.54.77.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
10:16 -!- alec-b [~alec@5.43.50.47] has joined #openvpn
10:22 -!- poffs [~poffs@172.86.179.30] has quit [Ping timeout: 265 seconds]
11:02 -!- roentgen [~none@unaffiliated/roentgen] has quit [Quit: roentgen]
11:04 -!- weox [uid112413@gateway/web/irccloud.com/x-zopwynuiglubbuer] has joined #openvpn
11:21 -!- git [~git@firefox/community/pilif12p] has joined #openvpn
11:30 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
11:31 -!- pk12_ [~pk12@104.243.24.236] has joined #openvpn
11:31 -!- XanThaOs [ke4nhw@unaffiliated/xanthaos] has joined #openvpn
11:32 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
11:32 -!- Sambom [~Sambom@217.209.182.119] has quit [Read error: Connection reset by peer]
11:32 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Excess Flood]
11:32 -!- alec-b [~alec@5.43.50.47] has quit [Ping timeout: 272 seconds]
11:32 -!- ke4nhw [ke4nhw@unaffiliated/xanthaos] has quit [Ping timeout: 272 seconds]
11:32 -!- Zimsky [~alice@unaffiliated/zimsky] has quit [Ping timeout: 272 seconds]
11:32 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 272 seconds]
11:32 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
11:33 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
11:34 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 272 seconds]
11:34 -!- mattock [~mattock@openvpn/corp/admin/mattock] has quit [Ping timeout: 272 seconds]
11:34 -!- alec-b [~alec@47.50.43.5.rev.vodafone.pt] has joined #openvpn
11:34 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:34 -!- mode/#openvpn [+o mattock_] by ChanServ
11:34 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
11:34 -!- mattock [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:34 -!- mode/#openvpn [+o mattock] by ChanServ
11:34 -!- pk12 [~pk12@104.243.24.236] has quit [Ping timeout: 272 seconds]
11:34 -!- Zimsky [~alice@unaffiliated/zimsky] has joined #openvpn
11:40 -!- alec-b [~alec@47.50.43.5.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
11:41 -!- alec-b [~alec@46.47.103.87.rev.vodafone.pt] has joined #openvpn
11:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
11:47 -!- ntio [~ntio@unaffiliated/ntio] has quit [Ping timeout: 260 seconds]
11:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
11:52 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
11:58 -!- deed02392 [~deed02392@unaffiliated/deed02392] has quit [Ping timeout: 246 seconds]
11:59 -!- marlinc [~marlinc@unaffiliated/marlinc] has quit [Ping timeout: 246 seconds]
11:59 -!- typ [~quassel@unaffiliated/typ] has quit [Ping timeout: 246 seconds]
11:59 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
12:01 -!- marlinc [~marlinc@unaffiliated/marlinc] has joined #openvpn
12:01 -!- deed02392 [~deed02392@unaffiliated/deed02392] has joined #openvpn
12:04 -!- somis [~somis@70.38.6.189] has joined #openvpn
12:14 -!- roentgen_ [~roentgen@unaffiliated/roentgen] has joined #openvpn
12:17 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
12:21 -!- roentgen_ [~roentgen@unaffiliated/roentgen] has quit [Quit: WeeChat 1.3]
12:22 -!- roentgen_ [~roentgen@unaffiliated/roentgen] has joined #openvpn
12:34 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
12:41 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
12:45 -!- roentgen_ [~roentgen@unaffiliated/roentgen] has quit [Quit: WeeChat 1.3]
12:45 -!- roentgen [~roentgen@unaffiliated/roentgen] has joined #openvpn
13:04 -!- HollowPoint [~quassel@2.29.137.99] has quit [Remote host closed the connection]
13:12 < dvl> I am trying to specfy a domain search for one client.  I've tried & failed with: dhcp-option type DOMAIN int.unixathome.org;
13:12 -!- roentgen [~roentgen@unaffiliated/roentgen] has quit [Quit: WeeChat 1.3]
13:12 -!- pppingme [~pppingme@unaffiliated/pppingme] has quit [Remote host closed the connection]
13:15 -!- roentgen [~roentgen@unaffiliated/roentgen] has joined #openvpn
13:16 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
13:20 -!- alec-b [~alec@46.47.103.87.rev.vodafone.pt] has quit [Ping timeout: 272 seconds]
13:22 -!- alec-b [~alec@145.16.158.5.rev.vodafone.pt] has joined #openvpn
13:28 -!- DMA [~dma@190.159.250.38] has joined #openvpn
13:32 -!- Aguapanelo [~dma@190.159.250.38] has joined #openvpn
13:34 -!- DMA [~dma@190.159.250.38] has quit [Ping timeout: 240 seconds]
13:44 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
13:45 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
13:57 -!- alec-b [~alec@145.16.158.5.rev.vodafone.pt] has quit [Ping timeout: 260 seconds]
13:57 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
14:03 -!- DMA [~dma@190.159.250.38] has joined #openvpn
14:06 -!- Aguapanelo [~dma@190.159.250.38] has quit [Ping timeout: 240 seconds]
14:06 -!- DMA [~dma@190.159.250.38] has quit [Remote host closed the connection]
14:06 -!- alec-b [~alec@198.9.158.5.rev.vodafone.pt] has joined #openvpn
14:09 -!- DMA [~dma@190.159.250.38] has joined #openvpn
14:12 -!- DMA [~dma@190.159.250.38] has quit [Remote host closed the connection]
14:24 -!- DMA [~dma@190.159.250.38] has joined #openvpn
14:27 -!- DMA [~dma@190.159.250.38] has quit [Remote host closed the connection]
14:34 -!- DMA [~dma@190.159.250.38] has joined #openvpn
14:34 -!- who0 [~who0@MTRLPQ1945W-LP130-02-1176487948.dsl.bell.ca] has joined #openvpn
14:36 < who0> Hi guys, I would like to add 'automatically' a route on a openvpn server when client connect. ie: add a new site.
14:36 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has quit [Read error: Connection reset by peer]
14:37 -!- DMA [~dma@190.159.250.38] has quit [Remote host closed the connection]
14:37 -!- DMA [~dma@190.159.250.38] has joined #openvpn
14:37 -!- DMA [~dma@190.159.250.38] has quit [Client Quit]
14:37 -!- phreakocious [~phreakoci@recalcitrant.phreakocious.net] has joined #openvpn
15:05 -!- alec-b [~alec@198.9.158.5.rev.vodafone.pt] has quit [Ping timeout: 256 seconds]
15:08 -!- alec-b [~alec@64.248.137.78.rev.vodafone.pt] has joined #openvpn
15:13 -!- weox [uid112413@gateway/web/irccloud.com/x-zopwynuiglubbuer] has quit [Quit: Connection closed for inactivity]
15:39 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Ping timeout: 246 seconds]
15:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:45 -!- Sambom_ [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has quit [Read error: Connection reset by peer]
15:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:51 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Read error: Connection reset by peer]
15:52 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
15:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:56 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
16:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:04 -!- wathek [~wathek@dsl-10-129-97.b2b2c.ca] has joined #openvpn
16:36 -!- alec-b [~alec@64.248.137.78.rev.vodafone.pt] has quit [Ping timeout: 265 seconds]
16:37 -!- alec-b [~alec@14.35.103.87.rev.vodafone.pt] has joined #openvpn
17:31 -!- somis [~somis@70.38.6.189] has quit [Quit: Leaving]
17:33 -!- Dougy [~dhaber@openvpn/community/support/Dougy] has quit [Ping timeout: 246 seconds]
17:35 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:36 -!- dvl [~dvl@freebsd/developer/dvl] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
17:38 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has joined #openvpn
19:01 -!- alec-b [~alec@14.35.103.87.rev.vodafone.pt] has quit [Ping timeout: 246 seconds]
19:03 -!- alec-b [~alec@207.35.54.77.rev.vodafone.pt] has joined #openvpn
19:22 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
19:25 -!- toothe [~awiggin@unaffiliated/toothe] has left #openvpn []
19:35 -!- arlen [~arlen@jarvis.arlen.io] has quit [Quit: exit]
19:44 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has quit [Quit: Leaving]
19:46 -!- alec-b [~alec@207.35.54.77.rev.vodafone.pt] has quit [Ping timeout: 265 seconds]
19:47 -!- alec-b [~alec@84.43.43.5.rev.vodafone.pt] has joined #openvpn
19:55 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
20:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
20:03 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
20:03 < drwx> who0: you could use some of the up/down scripts i guess
20:03 < drwx> or client scripts
20:03 < drwx> i don't really remember
20:07 < drwx> banco: i played a bit more with mtu etc. and i reached 200Mb out of 1gbit, i use up to 70% of one core, it seems
20:07 < drwx> i'm sticking with blf, aes seemed slower
20:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:19 -!- reves [reves@118.211.31.57] has joined #openvpn
20:20 < reves> I've installed openvpn access server on a bunch of digitalocean droplets. ubuntu, debian and centos. each of them faisl to load the admin web interface after setup.
20:20 < reves> anybody have any idea why this is?
20:20 < who0> drwx: It works (use tun, iroute, ccd, net30)
20:20 < reves> *fail
20:23 < reves> openvpn is a horrible pile of shit
20:24 < reves> is there anything better nerds?
20:24 -!- reves [reves@118.211.31.57] has quit []
20:44 -!- krthnz [~krthnz@unaffiliated/krthnz] has joined #openvpn
20:50 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
20:56 -!- who0 [~who0@MTRLPQ1945W-LP130-02-1176487948.dsl.bell.ca] has quit [Remote host closed the connection]
21:41 -!- alec-b [~alec@84.43.43.5.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
21:47 -!- alec-b [~alec@62.48.43.5.rev.vodafone.pt] has joined #openvpn
21:59 -!- phantomcircuit [~phantomci@strateman.ninja] has joined #openvpn
22:49 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 265 seconds]
23:23 -!- ShadniX [dagger@p57941064.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:24 -!- ShadniX [dagger@p579414E4.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Dec 20 2015
00:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:28 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:12 -!- wathek [~wathek@dsl-10-129-97.b2b2c.ca] has quit [Ping timeout: 265 seconds]
01:55 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Quit: Leaving]
02:23 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:26 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
03:22 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
03:27 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
03:39 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
03:45 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:58 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 240 seconds]
04:03 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
04:13 < debdog> MAHLZEIT! I hope to find someone knowledgeable with IPv6. due to a change of ISP I have to move from v4 to v6. my problem, I have no clue.
04:13 < debdog> atm I am trying to translate the bridge-start script which I had to alter a tad: https://dpaste.de/LYeq (ignore the ">"s and "?"s)
04:13 < debdog> what I wasn't able yet to figure out are the addresses for eth0 and the router. with IPv4 I've set them in /etc/hosts for the network behind the router. with IPv6 I have no clue what the router does exactly and what values to enter for eth_ip and router_ip
04:13 < debdog> mayhap there is a command to get these?
04:13 < debdog> well, just a thought, any other solution will do as well.
04:19 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:20 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
04:21 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
04:24 < debdog> also, I assume I can just omit the eth_netmask and eth_broadcast stuff, right?
04:27 -!- phantomcircuit [~phantomci@strateman.ninja] has quit [Max SendQ exceeded]
04:29 < debdog> I've configured the router to use my DDNS provider and I am able to ping6 it from the outside. plus I've ordered it to forward requests on a certain port to the PC with the openvpn server which it does using the interface-ID
04:30 -!- phantomcircuit [~phantomci@strateman.ninja] has joined #openvpn
04:33 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:48 -!- ustn [~ustn@p4FDB0DEE.dip0.t-ipconnect.de] has joined #openvpn
05:12 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
06:00 -!- JagaJaga [~JagaJaga@178.62.202.50] has joined #openvpn
06:00 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has quit [Ping timeout: 246 seconds]
06:02 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has quit [Quit: Reboot? Or did my jail(8) just die?]
06:02 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
06:04 -!- defsdoor_ [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
06:04 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Quit: Ex-Chat]
06:08 -!- moviuro [~moviuro@ns3007255.ip-151-80-43.eu] has joined #openvpn
06:10 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has joined #openvpn
06:10 < debdog> aight, that did not work out
06:15 -!- ustn [~ustn@p4FDB0DEE.dip0.t-ipconnect.de] has quit [Quit: ustn]
06:21 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
06:35 -!- JackWinter1 [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
06:36 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
06:58 -!- alec-b [~alec@62.48.43.5.rev.vodafone.pt] has quit [Ping timeout: 256 seconds]
07:00 -!- alec-b [~alec@145.114.108.93.rev.vodafone.pt] has joined #openvpn
07:10 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has quit [Ping timeout: 246 seconds]
07:14 < marlinc> Does server-bridge support IPv6?
07:16 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
07:17 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has joined #openvpn
07:17 -!- Sambom [~Sambom@h119n19-k-flo-a13.ias.bredband.telia.com] has joined #openvpn
07:20 < Sambom> Have done a setup very close to this: https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide . A quick question. How can I in the server configure the allowed certificates/clients, so I can revoke access for a client?...
07:20 <@vpnHelper> Title: Easy_Windows_Guide – OpenVPN Community (at community.openvpn.net)
07:28 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 260 seconds]
07:58 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
08:03 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
08:34 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
08:43 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
08:56 -!- Stigmagr [57ca5ef8@gateway/web/freenode/ip.87.202.94.248] has joined #openvpn
08:56 < Stigmagr> banco: hello mate!
08:56 < Stigmagr> banco: are you here?
08:58 < Stigmagr> does anyone know how to avoid detection by flash when using openvpn? I have setup a centos server as openvpn server a centos vm as openvpn gateway and a windows machine as the workstation and flash still identifies that I am behind a vpn
09:03 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:07 -!- pk12_ [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
09:09 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
09:13 -!- ustn [~ustn@p4FDB0DEE.dip0.t-ipconnect.de] has joined #openvpn
09:20 -!- ustn [~ustn@p4FDB0DEE.dip0.t-ipconnect.de] has quit [Quit: ustn]
09:28 < Stigmagr> banco: still not here?
09:48 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
09:53 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
09:59 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
10:03 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
10:08 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Quit: Ciao!]
10:09 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
10:11 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
10:14 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 272 seconds]
10:15 -!- alec-b [~alec@145.114.108.93.rev.vodafone.pt] has quit [Ping timeout: 256 seconds]
10:15 -!- JagaJaga [~JagaJaga@178.62.202.50] has quit [Ping timeout: 256 seconds]
10:18 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
10:24 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has quit [Ping timeout: 245 seconds]
10:31 -!- alec-b [~alec@145.114.108.93.rev.vodafone.pt] has joined #openvpn
10:32 -!- debdog [~debdog@2a02:8070:4382:5600:7a24:afff:fe8a:d04d] has joined #openvpn
10:36 -!- alec-b [~alec@145.114.108.93.rev.vodafone.pt] has quit [Ping timeout: 272 seconds]
10:39 -!- alec-b [~alec@125.48.54.77.rev.vodafone.pt] has joined #openvpn
10:40 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
10:43 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
10:44 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
10:44 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
10:58 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
11:03 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
11:05 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
11:06 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Client Quit]
11:07 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
11:14 -!- debdog [~debdog@2a02:8070:4382:5600:7a24:afff:fe8a:d04d] has quit [Ping timeout: 250 seconds]
11:31 -!- rich0 [~quassel@gentoo/developer/rich0] has joined #openvpn
11:36 -!- rich0_ [~quassel@gentoo/developer/rich0] has quit [Ping timeout: 265 seconds]
11:56 -!- somis [~somis@70.38.6.188] has joined #openvpn
12:05 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 260 seconds]
12:07 -!- somis [~somis@70.38.6.188] has quit [Quit: Leaving]
12:12 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
12:23 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
12:40 -!- somis [~somis@70.38.6.190] has joined #openvpn
13:25 -!- Bewstir [~Bewstir@69.80.99.86] has joined #openvpn
13:26 < Bewstir> Im using VyprVPN and would be using the SHA1 Blowfish 160, how secure is this please
13:27 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
13:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
13:33 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has joined #openvpn
13:39 -!- debdog [~debdog@2a02:8070:4382:5600:7a24:afff:fe8a:d04d] has joined #openvpn
13:46 -!- allizom [~Thunderbi@host30-164-dynamic.20-87-r.retail.telecomitalia.it] has quit [Quit: allizom]
14:09 < Sambom> Have done a setup very close to this: https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide . A quick question. How can I in the server configure the allowed certificates/clients, so I can revoke access for a client?...
14:09 <@vpnHelper> Title: Easy_Windows_Guide – OpenVPN Community (at community.openvpn.net)
14:19 -!- Bewstir [~Bewstir@69.80.99.86] has quit []
14:46 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
15:26 -!- kaiza [~kaiza@172.98.67.41] has joined #openvpn
15:27 < subzero79> Sambom, you need to put a CRL file in your server.conf
15:28 < subzero79> sorry a crl fie directive pointing to a file to be more clear
15:34 < XanThaOs> Is it possible to generate dh****.pem at 8192? docs account for up to 2048 and calls that paranoid...
15:35 < BtbN> If you want to wait a few days/weeks, propably.
15:35 < BtbN> But i would expect stuff to fail with anything bigger than 4096
15:35 < XanThaOs> If it's more secure, why not, it's only one-time generation... Why would things fail above 4096?
15:36 < BtbN> Because they don't expect that big dh params.
15:36 < XanThaOs> ahhh
15:36 < BtbN> And there isn't realy any meaningfull security gain with big dh params
15:37 < BtbN> And I'm serious about them taking multiple days to generate.
15:37 < XanThaOs> so there's no gain between 1024 and 4096?
15:38 < XanThaOs> I'd expect them to take at least 4 days to generate without the assistance of a rack of Xeon's or better...
15:38 < BtbN> It's a matter of collecting entropy, not raw CPU power.
15:39 < XanThaOs> but it takes raw cpu power to collect and process the entropy right? Entropy is not difficult to generate... But seriously, I won't gain any significant security going to 4096 or higher?
15:40 -!- cdancette [coco@nat/ecp/x-tpwygwiyrjapovfj] has joined #openvpn
15:42 < XanThaOs> Can you help me understand why I'd not get an appreciable gain?
15:42 < subzero79> Did a 2048 gen the other day, like an hour on a celeron
15:42 < subzero79> rpi can take up to 24 hours
15:43 < XanThaOs> I'm gonna get shitstormed when I recommend we go with 1024 since there's "no security gain" going higher...
15:43 -!- Ryushin [user@windwalker.chrisdos.com] has quit [Ping timeout: 272 seconds]
15:44 < Stigmagr> banco: hello mate are you here?
15:44 < Thermi> Just follow the NIST recommendations. http://www.keylength.com/en/4/
15:44 <@vpnHelper> Title: Keylength - NIST Report on Cryptographic Key Length and Cryptoperiod (2012) (at www.keylength.com)
15:44 < cdancette> i, i'm trying to set up a vpn server in bridge mode, using the existing dhcp server in the lan, but I didn't find the documentation
15:44 < Thermi> I always use the recommendations for security past 2030
15:45 < debdog> does openvpn support open tunnels inside IPv6? my new ISP only provides unique IPv6 addresses. no way to establish a conection from the outside via v4
15:46 < Thermi> debdog: Yes, I do that.
15:47 < XanThaOs> Thermi this is gonna take some time to understand, I was looking at the dh****.pem paramaters, looking at 4096 or above.
15:47 < cdancette> i managed to get an ip with the internal dhcp for my tap0 interface, but the connexio doesn't work
15:47 < debdog> Thermi: thanks for that info, been trying for weeks. do you have a link to an howto or such, please?
15:48 < Thermi> XanThaOs: Generate your own set of parameters with a length higher than 1024 bit.
15:48 < Thermi> debdog: well, just use IPv6 addresses for the endpoints. There's no magic involved.
15:48 < XanThaOs> 8192?
15:48 < Thermi> At least Unitymedia prevents opening connections from the Internet to their domestic IPv6 range.
15:48 < Thermi> If you want that, sure.
15:49 < XanThaOs> or is that overkill?
15:49 < Thermi> That's overkill
15:49 < Thermi> I regularely use 2048 or 4096, depending on the necessary security.
15:49 < XanThaOs> where is the cutoff between secure enough and just plain useless or no additional gain
15:49 < Thermi> Please use the NIST recommendations
15:50 < Thermi> I don't want to argue over that topic
15:50 < debdog> yes, unitiymedia is my problem
15:50 < Thermi> Make your home setup connect to your box on the Internet.
15:50 < Thermi> "proto udp6"
15:52 < Thermi> debdog: https://bpaste.net/show/f3a385fb6c53 https://bpaste.net/show/2b39ab5d8140
15:52 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:53 < debdog> Thermi: thanks a lot! I'll have a look at it and won't refuse to boither you the upcoming days if I have problems :)
15:53 < Thermi> Thank you
15:54 < Thermi> yw
15:58 < Stigmagr> does anyone know how to avoid being detected by flash when using openvpn connection?
15:59 < Thermi> You can't.
15:59 < Stigmagr> I am using a vm setup
15:59 < Thermi> That doesn't matter.
15:59 < Thermi> You might as well set it up on top of you head.
15:59 < Stigmagr> i have a vm workstation with windows and a linux vm as gateway
15:59 < Thermi> *your
16:00 < Stigmagr> how does flash detect that you are using vpn?
16:00 < Thermi> Route MTU
16:00 < Thermi> https://medium.com/@ValdikSS/detecting-vpn-and-its-configuration-and-proxy-users-on-the-server-side-1bcc59742413#.9ulw4gsai
16:00 <@vpnHelper> Title: Detecting VPN (and its configuration!) and proxy users on the server side — Medium (at medium.com)
16:00 < Thermi> http://witch.valdikss.org.ru/
16:00 <@vpnHelper> Title: ＷＩＴＣＨ？ (at witch.valdikss.org.ru)
16:01 < valdikss> Witch, we're on, we're strong like nothing you'll see!
16:01 < Thermi> ^
16:01 < Thermi> valdikss: My VPN setup is currently not detected. :)
16:01 < Stigmagr> Thermi: the links you pasted are for flash detection?
16:02 < Stigmagr> not detected by flash?
16:02 < Thermi> Stigmagr: Just read it
16:02 < valdikss> Thermi: probably you have mssfix 0?
16:02 < Thermi> That's how it works
16:02 < valdikss> Thermi: or you're using strongSwan ;)
16:02 < Thermi> Nah, OpenVPN.
16:02 < Thermi> Route MTU is an odd 1126, thanks to tun-mtu 1300 and fragment 1200
16:02 < Thermi> Also, mssfix.
16:02 < valdikss> Oh, why would you do that?
16:03 < Thermi> I like to do crazy things
16:03 < Thermi> Don't touch a running machine. :)
16:05 < Stigmagr> Thermi: then how your vpn configuration is undetectable currently?
16:05 < Thermi> Because the route MTU is so odd.
16:06 < Thermi> But I don't use any crappy flash application that does VPN detection, so I don't need to care about that
16:06 < Stigmagr> so there is no way to remain undetected from flash?
16:07 < Thermi> I don't know that, because I don't know what exactly Flash does.
16:08 < Stigmagr> is there anyway to setup a proxy that will not be detected by flash?
16:08 < Thermi> Probably not.
16:09 < Stigmagr> the thing is that openvpn with my setup is not immediatelly detected by flash websites
16:10 < Stigmagr> but it gets detected after a while
16:10 < Stigmagr> for example i log in do anything i want to do then log out
16:10 < Stigmagr> and the next time i cant login anymore
16:10 < Thermi> Why do they do that?
16:10 < Stigmagr> because they do not want to allow vpn users to enter their website
16:11 < valdikss> I may guess they probably use something like WebRTC
16:11 < valdikss> They detect that you have 2 network interfaces and suppose you're using VPN
16:11 < Stigmagr> i do not have 2 nics in my workstation
16:11 < XanThaOs> Thermi thanks for the assist. Now before I trudge forward blindly, and since case law in the US is a tangled web of twisted words, in plain english: is there a legal limit on encryption in the US, or can I go as high as my little heart desires?
16:11 < Stigmagr> the workstation vm has just 1 nics connected to the linux gateway
16:12 < valdikss> Stigmagr: if you run VPN on the same PC, you have 2 'nics'
16:12 < XanThaOs> given that the server and client are both located here in the states?
16:12 < valdikss> The usual Ethernet and OpenVPN TAP
16:12 < Thermi> XanThaOs: I'm not a lawyer or in any way familiar with encryption law in the US, but I think you can as high as you want.
16:12 < Stigmagr> valdikss: i do not run vpn on my workstation vm
16:12 < Stigmagr> valdikss: that is what i said
16:12 < valdikss> Stigmagr: oh, what PTR do you have?
16:13 < Stigmagr> valdikss: sorry what is PTR?
16:13 < valdikss> Stigmagr: a DNS record.
16:13 < valdikss> https://en.wikipedia.org/wiki/List_of_DNS_record_types#PTR
16:13 <@vpnHelper> Title: List of DNS record types - Wikipedia, the free encyclopedia (at en.wikipedia.org)
16:13 < XanThaOs> Okay, I just have to ask. the vpn tunnel is for file sharing for administration of an emergency communications organization, and as such we must adhere to all applicable laws, or we could get slashed...
16:14 < Stigmagr> valdikss: non i guess since the workstation has an internal network card connected just with the local gateway vm
16:14 < Stigmagr> valdikss: nothing more
16:14 < Thermi> " emergency communications organization" <- what exactly?
16:14 < valdikss> Stigmagr: http://witch.valdikss.org.ru/
16:14 <@vpnHelper> Title: ＷＩＴＣＨ？ (at witch.valdikss.org.ru)
16:14 < valdikss> Stigmagr: what PTR test says?
16:15 < Stigmagr> valdikss: wait i will need to connect through my workstation vm one moment please
16:15 < XanThaOs> We're strictly voluntary and not tied to any government organization directly, but we do have government as served agencies... We're a new amateur radio emergency communications group that functions similar to ARES, providing operators, equipment, and expertise in comms to emergency or disaster situations to serve as either auxiliary (backup) comms or even primary comms should the normal
16:15 < XanThaOs> primary routes go down.
16:16 < Thermi> Ah, okay.
16:16 < XanThaOs> We primarily serve hospitals but also deal with the National Weather Service (Dept. of Commerce) and county and state EOC's (state emergency management)
16:17 < Stigmagr> valdikss: PTR test      = Probably home user
16:17 < Stigmagr> valdikss: there is no ptr mentioned at all
16:17 < XanThaOs> So if we're going to be moving files back and forth we want them to be locked down to the highest levels reasonable
16:17 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
16:18 < Stigmagr> valdikss: http://pastebin.com/VKMja0d7
16:18 < Thermi> XanThaOs: Okay, security has more points than VPN tunnels. If you're serious about the things you do, you want to employ a full disaster recovery plan and a fully redundant architecture.
16:18 < XanThaOs> The current model is to use CentOS clients, a CentOS server, and use ssh/scp over openvpn for access to samba shares
16:18 < valdikss> Ok guys, here it goes https://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2#.8o2qz5jzq
16:18 <@vpnHelper> Title: Another “critical” “VPN” “vulnerability” and why Port Fail is bullshit — Medium (at medium.com)
16:18 < Thermi> Also, employ a CISO and other stuff
16:19 < Stigmagr> valdikss: did you check my W I T C H ?
16:20 < XanThaOs> absolutely, we are developing all of this as well, including a fully wire-independent system for regional intranet coverage (likely using Ubiquity gear) at all sites, and I'm also looking at a mirrored server architecture or DFS with a failover or round-robin to provide redundancy.
16:20 < XanThaOs> We deal primarily with the tech side of it. Our disaster recovery plans are based largely on the plans already in place with our served agencies
16:21 < Stigmagr> valdikss: maybe i get detected cause no PTR?
16:21 < XanThaOs> We're not the emergency managers: we're the comms... I'm just trying to lay out a set of plans to include data in the communications plan.
16:21 < Thermi> You need to have them in your organization as well. You can not rely on other organizations to help you out. If something happens, you have no time to adapt other people's plans to your case.
16:21 < Thermi> You also want fully redundant VPN servers and storage.
16:22 < valdikss> Stigmagr: Not sure
16:22 < Thermi> If possible, triple redundant.
16:22 < Stigmagr> valdikss: you checked the link?
16:22 < valdikss> Stigmagr: yes
16:22 < Thermi> You probably want to authenticate your traffic with sha256, encrypt it with aes192, use rsa certs with key length 4096 and use dh params with 4096 bit length
16:23 < Stigmagr> valdikss: maybe because there is no network link detected and no ptr detected?
16:23 < Stigmagr> valdikss: the weird thing that i do not get detected immediatelly and sometimes i might not get detected at all
16:24 -!- toli [~toli@62.235.7.37] has quit [Ping timeout: 246 seconds]
16:26 < XanThaOs> One suggestion would be to have a whole group of servers, all mirrored (vpn and file storage) throughout the network, and all available on a failover system. We do have disaster recovery plans as it relates to our particular job as communications. This is a new system we wish to implement so we're still developing the plans. In the initial stages of this I have to demonstrate that it can be
16:26 < XanThaOs> first and foremost reliable and second (but close second) secure.
16:26 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has joined #openvpn
16:27 < XanThaOs> Reliability is being handled on a different front, I have someone working with me on a fully redundant system (more than triple, in fact we've considered up to 12 devices so far, some of which are mobile) all operable on a wired or fully wireless system.
16:27 < XanThaOs> Right now I'm getting hit with questions regarding security
16:28 < Stigmagr> valdikss: how is it possible for flash to identify that i am using a vpn since my workstation does not actually connect to the vpn ?
16:29 < valdikss> Stigmagr: I don't know. I can only guess.
16:29 < Stigmagr> valdikss: feel free to theorycraft, sometimes it helps a lot
16:29 < valdikss> Stigmagr: maybe they just see whois of the network block
16:29 < Thermi> XanThaOs: Sure, go ahead and ask them.
16:30 < Stigmagr> valdikss: if they did whois they would do the same when i connected to their mobile site
16:30 < XanThaOs> As part of this, I'm establishing the ability for the other tac admins to use the fileserver here using secure protocols. Not only does this give them the ability to work directly with files (not having to email back and forth) but it lets them see that even high levels of encryption and security can be implemented in ways that are still fairly user-friendly.
16:30 < Thermi> But keep in mind that availability is important
16:30 < Stigmagr> valdikss: but in their mobile site i am simple undetectable
16:30 < Stigmagr> valdikss: even with my squid proxy i am undetectable in their mobile site, the only reason they detected the squid proxy from desktop site was because flash uses a different port than http and https
16:31 < Stigmagr> valdikss: and it could not route flash's traffic through proxy
16:32 < XanThaOs> Availability and overall system reliability, especially if we decide to use this operationally, is of highest importance... But those questions are being addressed separately...
16:33 < XanThaOs> Well I have already gotten answers to many of the questions.
16:34 < Stigmagr> valdikss: is it possible that they can detect me because i use tap and not tun on my openvpn server?
16:34 < XanThaOs> Unfortunately the scheme I've got setup is still a little complex and is not designed around a transparent user experience.
16:44 < XanThaOs> One additional question: currently I generate all cert/key pairs and distribute them by hand delivery. Is it relatively safe to generate these cert/key pairs here and allow someone to retrieve them electronically through an openvpn tunnel (an authorized user at a location retrieve the keys for another user/device, or a user requesting a new key/cert pair)?
16:45 < Thermi> Ideally, a private key is generated on the device that uses it.
16:45 < Thermi> You're encouraged to transport the public key corresponding to the private key and create the certificate based on that public key.
16:46 < Thermi> You're also encouraged to use a CA and OCSP/CRLs.
16:47 < XanThaOs> yep currently I do the whole works as the other users aren't as tech savvy, which is why I give them their cert/key via flash/sneakernet
16:47 < Thermi> You're better off using small hard drives
16:47 < Thermi> And then wiping them afterwards. You can not securely erase flash drives.
16:50 < XanThaOs> good point. Something to consider: I do currently have the only flash used for this purpose literally in my pocket...
16:53 < Thermi> Kill it.
16:54 < Thermi> Get thermite and encase it in molten glass
16:54 < Thermi> !!!art!!!
16:56 < Thermi> Grinding it to dust will also work
16:56 < XanThaOs> Or just put a .45 hollow point dead center on the device at point blank range... It'll have effectively the same result as the grinder...
16:57 < Thermi> There's too much structure left if you hit it with a bullet
17:03 < XanThaOs> and if you can actually recover enough useable and working components after that to piece together access to the server you deserve it :)
17:06 < XanThaOs> Right now I'll just keep it locked in my safe at home and in my pocket when I'm not...
17:07 -!- Ryushin [chris@2001:5c0:1000:a::b] has joined #openvpn
17:10 < Thermi> Also, the fact that the hit object literally goes *everywhere* is not very useful when you try to prevent access. :)
17:11 < cdancette> hi, i'm trying to set a vpn in bridge mode, i managed to get an ip with the internal dhcp for my tap0 interface, but the connexion doesn't work
17:11 < cdancette> and I can't find any documentation about this
17:11 < XanThaOs> Well, in order for the IC
17:11 < XanThaOs> IC's to hold onto the data they generally need to remain intact...
17:12 < XanThaOs> If they can remain intact with that level of energy exchange, then I'm gonna buy more of those flash drives...
17:12 < cdancette> someone knows where I could find help ?
17:12 < Thermi> Nah
17:13 < Thermi> it's hard, but possible. You just have to find enough fragments to get enough parts of the data, so you can brute force the rest of it
17:15 < XanThaOs> in all reality, the only way to completely ensure this is to atomize the device (a visit to CERN might be in order later)... But for now, let's face it. I'm not carrying keys to our entire nuclear arsenal, so nobody's gonna go through that much trouble... It's a perfectly good flash drive, and as long as I still have physical control over the device, then it is safe...
17:15 < Thermi> Good argument
17:16 < XanThaOs> Once I decide to chuck it, I generally get rather brutal anyway... One of them that contained my personal information I hit with 240V 30A (damn that was interesting) and hammered out what was left of it... chucked the remains of that at a landfill...
17:16 < XanThaOs> have fun
17:17 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-45-121.w86-195.abo.wanadoo.fr] has quit [Remote host closed the connection]
17:17 < Thermi> I'll just enlist the NSA to do it for me
17:18 < XanThaOs> Odds of recovery, given that it was about a year ago, damn near zero... Just as effective as any NSA method and probably cheaper (and doesn't involve them making a personal copy for themselves first...)
17:19 < XanThaOs> Besides it was hella fun to watch that thing fry!!!
17:20 < Thermi> heh.
17:20 < Thermi> Fry and grind to dust.
17:25 < XanThaOs> For that matter recovery from a small hard drive is still possible as well unless you take a blowtorch to them... Realistically though we're not dealing with anything requiring that level of security...
17:25 < XanThaOs> If I were, I wouldn't have my systems online or open at all. They'd be totally air-gapped
17:27 < Thermi> https://www.botconf.eu/wp-content/uploads/2015/12/OK-P17-Chaouki-Kasmi-Jose-Lopes-Esteves-Philippe-Valembois-Air-Gap-Command-Control-IEMI.pdf
17:42 < XanThaOs> Very interesting doc, and addresses many things I meant with "totally" airgapped... A totally airgapped system would have absolutely zero outside connections for data, exists inside a dual-faraday cage (inside cage kept RF-neutral outside cage heavy randomized RF "static" whitenoise interference on the entire cage, power conditioning coming into the cage, AC lines outside cage would be saturated
17:42 < XanThaOs> with the same RF randomization... full SCIF design protocols as per DoD standards or higher...
17:43 -!- Hadi [~Instantbi@31.59.48.151] has joined #openvpn
17:43 < XanThaOs> let's face it, nothing here warrants that treatment
17:44 < Thermi> Yup
17:47 < XanThaOs> If it did, I wouldn't even be here to start with: just being here would be a horribly massive breach of protocol.
17:49 < XanThaOs> Anyway, back to reality...
17:52 < XanThaOs> I am having trouble with one aspect of openvpn... I'm using routed, not bridged, and want to allow a single client (mine) access to machines on the server's physical subnet. To test this, I placed this client into a separate vlan/subnet, pushed the route via the ./ccd/ file for that user, and placed a route in the primary gateway (router) pointing at the server's physical lan IP as the gateway.
17:52 < XanThaOs> The test failed.
17:52 < XanThaOs> I was able to access the server itself, but nothing else. I did ensure it wasn't a firewall issue on the target machine (a vm established for testing) but still no go.
17:58 -!- lotharn [~lotharn@c-73-37-14-65.hsd1.or.comcast.net] has quit []
18:00 < subzero79> XanThaOs, i usually to test this run a tcpdump on a client in the lan, and start ping from the vpn client to check the source address
18:06 < XanThaOs> I didn't run a tcpdump but I did use mtr to try to determine the failure point. I was able to see back to the server, nothing beyond the server was available. It's a routing issue, I'm just not sure if it was a config routing issue or a proximity routing issue (I was in a different vlan/subnet but still behind the same primary gateway router)
18:06 < XanThaOs> Wondering if my results would have been different if tested from completely outside the network
18:09 -!- defsdoor_ [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:11 -!- excalibr is now known as excalibr-
18:15 -!- excalibr- is now known as excalibr
18:18 < XanThaOs> Thermi I'm cuirrently using 2048 dh params and want to go 4096. Do I need to edit the ./vars in easy-rsa and regen everything (ca, server, dh, clients, all) or can I simply generate a separate dh4096.pem and put it in the openvpn directory and the server.conf file?
18:34 -!- Ryushin [chris@2001:5c0:1000:a::b] has quit [Read error: Connection reset by peer]
18:51 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has left #openvpn []
18:58 < Thermi> XanThaOs: openssl dhparam...
19:00 < Thermi> Enable forwarding and stuff
19:00 < Thermi> And actually debug your network with Wireshark or tcpdump
19:14 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
19:15 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
19:24 -!- Ryushin [user@windwalker.chrisdos.com] has joined #openvpn
19:39 -!- somis [~somis@70.38.6.190] has quit [Quit: Leaving]
20:10 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
20:14 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
20:16 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
20:30 -!- Hadi [~Instantbi@31.59.48.151] has quit [Quit: Instantbird 1.6a1pre -- http://www.instantbird.com]
21:01 < XanThaOs> Thermi again I'm thinking it's a config error, but I'll deal with it more tomorrow. I'll have to recreate my testing environment, which will take a few minutes.
21:35 -!- XanThaOs [ke4nhw@unaffiliated/xanthaos] has quit []
21:36 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
22:20 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: brb]
22:57 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 240 seconds]
22:58 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 260 seconds]
22:59 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
23:00 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
23:00 -!- themayor [~themayor@unaffiliated/themayor] has quit [Ping timeout: 250 seconds]
23:00 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
23:00 -!- mode/#openvpn [+o plaisthos] by ChanServ
23:01 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:01 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Client Quit]
23:02 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
23:02 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
23:06 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
23:08 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:15 -!- themayor_ [~themayor@unaffiliated/themayor] has joined #openvpn
23:16 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
23:16 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
23:17 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has quit [Ping timeout: 264 seconds]
23:17 -!- Keridos [~Keridos@2a00:5ba0:8000:64:2e0:4cff:fe23:44af] has joined #openvpn
23:19 -!- n0b0dyh3r3 [~n0b0dyh3r@220.240.90.112] has joined #openvpn
23:20 -!- n0b0dyh3r3 [~n0b0dyh3r@220.240.90.112] has quit [Remote host closed the connection]
23:21 -!- ShadniX [dagger@p579414E4.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:21 -!- n0b0dyh3r3 [~n0b0dyh3r@220.240.90.112] has joined #openvpn
23:24 -!- ShadniX [dagger@p5DDFE2ED.dip0.t-ipconnect.de] has joined #openvpn
23:28 -!- themayor_ [~themayor@unaffiliated/themayor] has quit [Ping timeout: 276 seconds]
23:30 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 240 seconds]
23:30 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
23:31 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 265 seconds]
23:32 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
--- Day changed Mon Dec 21 2015
00:02 -!- n0b0dyh3r3 [~n0b0dyh3r@220.240.90.112] has quit [Remote host closed the connection]
00:04 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
00:05 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Remote host closed the connection]
00:08 <+hazardous> does anyone know an (ideally out of the box/simple) solution to do a VM that connects to openvpn server that i can route other VMs through so they don't leak?
00:08 <+hazardous> googling tunrs up janusvm but that seems outdated/broken/insecure
00:56 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
01:07 -!- chamunks- [chamunks@li992-23.members.linode.com] has joined #openvpn
01:07 -!- chamunks- is now known as chamunks
01:09 -!- Stigmagr [57ca5ef8@gateway/web/freenode/ip.87.202.94.248] has quit [Ping timeout: 252 seconds]
01:17 -!- Eugene [eugene@kashpureff.org] has quit [Quit: ZNC - http://znc.sourceforge.net]
01:18 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
01:47 < banco> hazardous: https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor
01:47 <@vpnHelper> Title: Tunnels/Connecting to a VPN before Tor - Whonix (at www.whonix.org)
01:47 < banco> hazardous: didn't try it though
02:16 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
02:44 -!- phantomcircuit [~phantomci@strateman.ninja] has quit [Max SendQ exceeded]
02:46 -!- phantomcircuit [~phantomci@strateman.ninja] has joined #openvpn
02:57 -!- phantomcircuit [~phantomci@strateman.ninja] has left #openvpn []
03:10 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
03:16 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
03:35 -!- Hadi [~Instantbi@31.59.48.151] has joined #openvpn
03:38 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
03:46 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has quit [Disconnected by services]
03:46 -!- Fiouz [~Fiouz@2001:bc8:3068::dead:beef] has joined #openvpn
03:46 -!- Tyklol [tykling@gibfest.dk] has joined #openvpn
03:49 -!- WarDriver_ [~WarDriver@ec2-54-94-215-163.sa-east-1.compute.amazonaws.com] has joined #openvpn
03:49 -!- n-st_ [~n-st@unaffiliated/n-st] has joined #openvpn
03:50 -!- dazo [~dazo@openvpn/community/developer/dazo] has joined #openvpn
03:50 -!- mode/#openvpn [+o dazo] by ChanServ
03:50 -!- Netsplit *.net <-> *.split quits: arcsky, valkyr1e, n-st, zamba, mete, metaf5, obscurehero, imReKT1000, @syzzer, Tykling,  (+9 more, use /NETSPLIT to show all of them)
03:50 -!- n-st_ is now known as n-st
03:51 -!- Netsplit over, joins: obscurehero
03:51 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
03:53 -!- varesa [~varesa@ec2-54-246-169-192.eu-west-1.compute.amazonaws.com] has joined #openvpn
03:56 -!- troyt_ [~troyt@2601:681:4600:7461:44dd:acff:fe85:9c8e] has joined #openvpn
03:56 -!- u0m3_ [~u0m3@89.120.204.99] has joined #openvpn
03:56 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
03:57 -!- zamba [marius@flage.org] has joined #openvpn
03:58 -!- pythonsnake1 [~pythonsna@fedora/pythonsnake] has joined #openvpn
03:58 -!- metaf5 [~metaf5@31.220.42.38] has joined #openvpn
03:58 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
03:58 -!- Tenhi_0 [~tenhi@static.100.25.4.46.clients.your-server.de] has joined #openvpn
03:59 -!- joako_ [~joako@opensuse/member/joak0] has joined #openvpn
03:59 -!- dyce [~otr@ns3290920.ip-5-135-184.eu] has joined #openvpn
03:59 -!- IamError_ [~tom@unaffiliated/iamerror] has joined #openvpn
04:00 -!- iokill_ [~dave@pippin.sigma-star.at] has joined #openvpn
04:00 -!- adaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
04:01 -!- Hadi1 [~Instantbi@31.59.48.151] has joined #openvpn
04:02 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has quit [Disconnected by services]
04:02 -!- MogDog66 [~mogdog@mog.dog] has joined #openvpn
04:03 -!- Gizmokid2010 [~Gizmokid2@dedi2.gizmokid2005.com] has joined #openvpn
04:04 -!- vpnHelper [~vpnHelper@openvpn/bot/vpnHelper] has joined #openvpn
04:04 -!- mode/#openvpn [+o vpnHelper] by ChanServ
04:04 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
04:04 -!- frank-- [1000@unaffiliated/thumbs] has joined #openvpn
04:04 -!- x5eb [~seb@seb-hpws2.elen.ucl.ac.be] has joined #openvpn
04:05 -!- Hadi1 [~Instantbi@31.59.48.151] has quit [Read error: Connection reset by peer]
04:05 -!- Tenhi_0 is now known as Tenhi_
04:05 -!- eliasp_ [~quassel@HSI-KBW-46-223-71-248.hsi.kabel-badenwuerttemberg.de] has joined #openvpn
04:07 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
04:08 -!- MrPocketz [~John@unaffiliated/mrpockets] has joined #openvpn
04:09 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:10 -!- Zimsky-- [~alice@unaffiliated/zimsky] has joined #openvpn
04:12 -!- Netsplit *.net <-> *.split quits: chamunks, Willis, thumbs, ghormoon, _0x5eb_, joako, afics, pppingme, NucWin, rich0,  (+19 more, use /NETSPLIT to show all of them)
04:12 -!- MogDog66 is now known as MogDog
04:12 -!- IamError_ is now known as IamError
04:12 -!- joako_ is now known as joako
04:12 -!- x5eb is now known as _0x5eb_
04:12 -!- Gizmokid2010 is now known as Gizmokid2005
04:14 -!- Netsplit over, joins: hid3
04:18 -!- callumacrae [ubuntu@phpbb/website/callumacrae] has joined #openvpn
04:27 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
04:29 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
04:38 -!- Hadi [~Instantbi@31.59.48.151] has joined #openvpn
04:41 -!- rkos [~rkos@228.ip-176-31-189.eu] has joined #openvpn
04:42 < rkos> yo i set up openvpn on my rpi2 and i can get connections to it but how should i proceed?
04:58 -!- u0m3__ [~u0m3@89.120.204.99] has joined #openvpn
05:01 -!- u0m3_ [~u0m3@89.120.204.99] has quit [Ping timeout: 265 seconds]
05:03 -!- u0m3_ [~u0m3@89.120.204.99] has joined #openvpn
05:05 -!- u0m3__ [~u0m3@89.120.204.99] has quit [Ping timeout: 276 seconds]
05:29 -!- debdog [~debdog@2a02:8070:4382:5600:7a24:afff:fe8a:d04d] has quit [Remote host closed the connection]
05:33 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
05:33 -!- u0m3_ [~u0m3@89.120.204.99] has quit [Ping timeout: 240 seconds]
05:38 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 276 seconds]
05:38 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
05:39 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has joined #openvpn
05:40 -!- afics [~afics@unaffiliated/-x-/x-5730914] has joined #openvpn
05:47 < rkos> i set up openvpn on my server now how do i get a client who uses linux mint to connect to it? doing "openvpn client.conf" worked fine but i dont think thats enough on its own?
05:49 -!- somis [~somis@167.160.44.220] has joined #openvpn
06:03 -!- HollowPoint [~quassel@62.255.245.182] has quit [Remote host closed the connection]
06:04 -!- speeddra_ [~speeddrag@193.137.28.200] has joined #openvpn
06:05 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
06:07 -!- speeddra_ [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:08 -!- Hadi [~Instantbi@31.59.48.151] has quit [Quit: Instantbird 1.6a1pre -- http://www.instantbird.com]
06:12 -!- speeddra_ [~speeddrag@193.137.28.200] has joined #openvpn
06:31 -!- c0ded [~c0ded@unaffiliated/c0ded] has joined #openvpn
06:40 -!- Tyklol is now known as Tykling
06:41 -!- speeddra_ [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:45 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
06:56 -!- shiriru [~shiriru@95.43.212.84] has joined #openvpn
07:04 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 260 seconds]
07:11 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
07:11 -!- frank-- is now known as thumbs
07:38 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
07:39 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Client Quit]
07:42 -!- speeddra_ [~speeddrag@193.137.28.200] has joined #openvpn
07:42 -!- DammitJim [~DammitJim@173.227.148.6] has joined #openvpn
07:42 < DammitJim> is this the wrong place to ask about openvpn on a router?
07:46 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
07:47 -!- speeddra_ [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:48 -!- speeddra_ [~speeddrag@193.137.28.200] has joined #openvpn
07:50 -!- Badimo [~3456@ppp-2-86-158-96.home.otenet.gr] has joined #openvpn
07:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
07:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
07:59 -!- DammitJim [~DammitJim@173.227.148.6] has quit [Quit: Leaving]
07:59 -!- johnny56_ is now known as johnny56
08:23 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
08:24 -!- Bogdar [~bogdan@93.85.92.98] has joined #openvpn
08:24 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:25 < Bogdar> Hello! Are there any failover solution for OpenVPN, to protect established VPN connection in case of single server failure ?
08:27 -!- gchristensen [~gchristen@unaffiliated/grahamc] has joined #openvpn
08:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Remote host closed the connection]
08:29 < gchristensen> Hi, I'm betting my problem is the firewall, really, but just in case. some of my users were having issues with their connection being intermittently broken. It turned out their MTU was too high and needed lowering, so they lowered from 1496 to 1400. My question is why didn't MTU discovery work? is it simply because ICMP may not work correctly due to overzealous rules, or is there something else causing this
08:29 < gchristensen> problem?
08:39 -!- somis [~somis@167.160.44.220] has quit [Quit: Leaving]
08:40 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
08:54 -!- somis [~somis@167.160.44.215] has joined #openvpn
08:54 -!- noecc [~irc@unaffiliated/noecc] has joined #openvpn
08:56 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:02 -!- Ryushin [user@windwalker.chrisdos.com] has quit [Ping timeout: 240 seconds]
09:13 < anexit> when creating a client cert, is it normal to password protect?
09:13 < anexit> what does this do? Lock the cert from general access?
09:17 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
09:18 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-umqellatbmdnvtvb] has joined #openvpn
09:27 -!- alec-b [~alec@125.48.54.77.rev.vodafone.pt] has quit [Ping timeout: 265 seconds]
09:30 -!- alec-b [~alec@159.47.54.77.rev.vodafone.pt] has joined #openvpn
09:31 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 260 seconds]
09:32 -!- cdancette [coco@nat/ecp/x-tpwygwiyrjapovfj] has quit [Ping timeout: 240 seconds]
09:38 -!- shiriru [~shiriru@95.43.212.84] has quit [Quit: Leaving]
09:41 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
09:43 -!- yoink [~yoink@66.171.168.10] has joined #openvpn
09:44 < defsdoor> anexit, encrypts its locally
09:44 < defsdoor> anexit, you will always need password to get to cert
09:44 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
09:45 -!- speeddra_ [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:46 -!- speeddra_ [~speeddrag@193.137.28.200] has joined #openvpn
09:53 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: C'ya]
10:03 < anexit> defsdoor: for the client cert, I just left it blank
10:09 -!- Ryushin [chris@2001:5c0:1000:a::285] has joined #openvpn
10:17 < debdog> oy, I still don't really get that IPv6 stuff. have got a sample config from Thermi for client and server. but I am uncertain about the prerequirements. I want to (well, rather have to) establish a tunnel between two IPv6 PCs. do I need a TAP/TUN device? and do I need a bridge?
10:17 < Thermi> Just use a freaking tun device
10:17 < Thermi> Jesus christ
10:17 < debdog> hehe, sorry
10:17 < Thermi> You obviously need IPv6 addresses on either end
10:17 < Thermi> And routes
10:17 < debdog> ok, sorry, I am network noob
10:18 < anexit> Thermi if you keep saying that he might just appear!
10:18 < Thermi> He's fucking dead
10:19 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
10:20 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
10:40 < debdog> https://openvpn.net/index.php/open-source/documentation/howto.html#vpntype "I would recommend using routing unless you need a specific feature which requires bridging, such as:
10:40 < debdog> you are running applications over the VPN which rely on network broadcasts (such as LAN games)"
10:40 <@vpnHelper> Title: HOWTO (at openvpn.net)
10:40 < debdog> I my case I might need a bridge
10:44 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
10:45 -!- alec-b [~alec@159.47.54.77.rev.vodafone.pt] has quit [Ping timeout: 260 seconds]
10:47 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
10:50 -!- alec-b [~alec@67.51.103.87.rev.vodafone.pt] has joined #openvpn
10:52 -!- HollowPoint [~quassel@62.255.245.182] has quit [Remote host closed the connection]
10:52 < tomodachi> debdog: what is your case?
10:52 < tomodachi> most modern games do not require briding networks
11:07 < debdog> tomodachi: Battlefield 2 (about 10 years old)
11:25 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-umqellatbmdnvtvb] has quit [Quit: Connection closed for inactivity]
11:37 -!- alec-b [~alec@67.51.103.87.rev.vodafone.pt] has quit [Ping timeout: 260 seconds]
11:44 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
11:46 -!- speeddra_ [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
11:47 -!- speeddra_ [~speeddrag@193.137.28.200] has joined #openvpn
11:48 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:49 -!- alec-b [~alec@199.231.137.78.rev.vodafone.pt] has joined #openvpn
11:52 -!- weox [uid112413@gateway/web/irccloud.com/x-atuawjpipgxjsycc] has joined #openvpn
11:55 -!- pppingme [~pppingme@unaffiliated/pppingme] has joined #openvpn
11:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
12:01 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:04 -!- alec-b [~alec@199.231.137.78.rev.vodafone.pt] has quit [Ping timeout: 265 seconds]
12:06 -!- alec-b [~alec@195.26.158.5.rev.vodafone.pt] has joined #openvpn
12:19 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
12:20 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 240 seconds]
12:26 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
12:29 -!- speeddra_ [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
13:01 -!- somis [~somis@167.160.44.215] has quit [Quit: Leaving]
13:07 < tomodachi> debdog: im quite certain that you can specify the ip of the server you want to connect to
13:07 < tomodachi> hence there is no need for a bridged VPN (wich is much more complicated to set up)
13:08 < tomodachi> in battle field 2
13:23 -!- NoNamesLeft [ChairmanMa@92.236.232.130] has joined #openvpn
13:36 -!- pk12 [~pk12@104.243.24.236] has quit [Ping timeout: 276 seconds]
13:41 -!- themayor [~themayor@unaffiliated/themayor] has quit [Max SendQ exceeded]
13:42 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
13:52 -!- somis [~somis@167.160.44.215] has joined #openvpn
14:03 -!- somis [~somis@167.160.44.215] has quit [Quit: Leaving]
14:03 -!- weox [uid112413@gateway/web/irccloud.com/x-atuawjpipgxjsycc] has quit [Quit: Connection closed for inactivity]
14:26 -!- MrPocketz is now known as MrPockets
14:26 -!- OverCoder [Elite15119@gateway/shell/elitebnc/x-kbpfarryxfyonjue] has joined #openvpn
14:27 < OverCoder> Um, hHi?
14:28 < OverCoder> I use OpenVPN Connect (Android), latest version, when I connect to a VPN server such as vpnbook.com's, it connects fine, but after exactly 5 minutes it disconnects, reconnects fine, and then disconnects again after 5 minutes
14:28 < OverCoder> What could be the cause?
14:28 < OverCoder> I'm a programmer and I can provide whatever it takes to fix this shit
14:29 -!- Pandemic_Force_ [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has quit [Quit: Bye!]
14:30 -!- Pandemic_Force [~Pandemic_@unaffiliated/pandemic-force/x-1349428] has joined #openvpn
14:37 -!- noecc [~irc@unaffiliated/noecc] has left #openvpn ["pax"]
14:40 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
14:45 -!- somis [~somis@193.105.134.158] has joined #openvpn
14:51 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
15:04 < debdog> tomodachi: yes, there is a button that suggests this should be working, though clicking that button does absolutely nothing. so I read some old forum threads and everyone there suggested to create a VPN
15:05 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
15:06 < debdog> same with rFactor. in theory it should work by entering the IP but we never were able to establish a connection. we hope this will be solved with the VPN as well
15:06 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:10 -!- Ryushin [chris@2001:5c0:1000:a::285] has quit [Ping timeout: 240 seconds]
15:12 -!- rich0_ is now known as rich0
15:24 < tomodachi> debdog: well i think you have other issues , like firewall issues
15:24 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
15:24 < tomodachi> start in that end
15:24 < tomodachi> i think
15:25 < tomodachi> at least easier than a layer2 vpn
15:25 < debdog> hehe, I am not even that far. I don't even know what I need to acomplishe the task
15:25 < tomodachi> debdog: did you port forward the nessecary ports if you are behind NAT?
15:25 < debdog> had it running with IPv4 but my new ISP only provides v6 from the outside
15:25 < debdog> now I am trying to 'translate' my v4 setup to that
15:26 < tomodachi> your ISP only provide ipv6?
15:26 < tomodachi> har to believe
15:26 < debdog> if I don't need a bridge, I might not even have a problem
15:26 < debdog> IPv4 only dual stack lite
15:26 < debdog> well, didn't belive it at first either
15:33 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 240 seconds]
15:37 < OverCoder> Alright so I have VERY slow connection, should I use UDP or TCP VPN?
15:38 < OverCoder> I've seen a comparison but things aren't quite clear, my connection is just poor and very slow, which one seems best to me?
15:42 -!- NoNamesLeft [ChairmanMa@92.236.232.130] has quit [Read error: Connection reset by peer]
15:42 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
15:46 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
15:55 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
15:56 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
15:57 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
15:59 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:01 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
16:02 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:05 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:06 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
16:09 -!- somis [~somis@193.105.134.158] has quit [Read error: Connection reset by peer]
16:09 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
16:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:13 -!- Ryushin [user@windwalker.chrisdos.com] has joined #openvpn
16:20 -!- somis [~somis@167.160.44.243] has joined #openvpn
16:24 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
16:39 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:43 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has quit [Ping timeout: 250 seconds]
16:54 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
16:54 -!- alec-b [~alec@195.26.158.5.rev.vodafone.pt] has quit [Ping timeout: 276 seconds]
16:55 -!- alec-b [~alec@201.103.108.93.rev.vodafone.pt] has joined #openvpn
16:58 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has joined #openvpn
17:00 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Read error: Connection reset by peer]
17:01 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:18 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 255 seconds]
17:21 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
17:21 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
17:42 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has quit [Ping timeout: 240 seconds]
17:44 < Sambom> Are there any way to do a CRL file reverse?... I mean: "list all allowed certificates".
17:49 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
17:50 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
18:06 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has quit [Quit: It's 420 somewhere]
18:08 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Read error: Connection reset by peer]
18:08 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:21 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:30 -!- onezuff [~onezuff@ip68-3-211-21.ph.ph.cox.net] has joined #openvpn
18:31 < onezuff> i'm trying to use PIA in linux and it asks for User/Pass when you start openvpn. i added auth-user-pass /path/to/file.txt to the file.ovpn and it still prompts for it
18:41 < tomodachi> onezuff: if you dont want it to use passwords, why not disable it and only use keys?
18:44 < onezuff> can you do that with PIA? tomodachi i don't see any option to do that
18:46 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
18:47 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
18:48 -!- mystica555 [~mystica55@2602:3f:e045:ae00:a48b:b605:631c:6c46] has quit [Remote host closed the connection]
19:06 -!- speeddr__ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Read error: Connection reset by peer]
19:07 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:17 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
19:18 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
19:20 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Client Quit]
19:36 -!- somis [~somis@167.160.44.243] has quit [Quit: Leaving]
19:38 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Read error: Connection reset by peer]
19:39 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:41 -!- Hadi [~Instantbi@31.59.48.151] has joined #openvpn
19:41 -!- weox [uid112413@gateway/web/irccloud.com/x-jvqdvkyhohxpaioc] has joined #openvpn
19:43 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 256 seconds]
20:07 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
20:08 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Read error: Connection reset by peer]
20:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
20:16 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
20:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:21 -!- MogDog [~mogdog@mog.dog] has quit [Quit: Server shutdown]
20:22 -!- MogDog [~mogdog@mog.dog] has joined #openvpn
20:24 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
20:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
20:31 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
20:47 -!- Hadi [~Instantbi@31.59.48.151] has quit [Quit: Instantbird 1.6a1pre -- http://www.instantbird.com]
21:11 -!- n0Str3s5 [~n0Str3s5@QUBCPQ1306W-LP140-01-1088776231.dsl.bell.ca] has joined #openvpn
21:18 -!- nomizzz [20d18b7d@gateway/web/freenode/ip.32.209.139.125] has joined #openvpn
21:20 < nomizzz> I'm having trouble with routing through my openvpn server (internal subnet and external).  After successfully connecting to the VPN server from my client (MacOS via Tunnelblick), I can see TCP packets going out when I try telneting to an open port on a client of the internal network of my openvpn server, but according to tcpdump on my openvpn server no packets make it to the tun0 interface
21:22 < nomizzz> When I watch the tunnel interface on my mac client via wireshark, it looks like some packets are coming back on the utun, but they seem corrupted
21:24 < nomizzz> What's the best way for me to debug this issue?  The server IP Tables are wide open, firewall ports are opened, the server has IPv4 forwarding enabled
21:25 < nomizzz> Config:
21:28 < nomizzz> http://pastebin.com/vifjK3q1
21:30 < subzero79> nomizzz, do you have any compression or mtu settings in your configs?
21:30 < nomizzz> yeah, the default compression in the sample config
21:30 < nomizzz> comp-lzo
21:32 < nomizzz> subzero79:  I don't think there are any modified MTU settings that I'm aware of...  The pastebin link above has my short server.conf file
21:43 < nomizzz> Specifically, Wireshark on the client's utun0 sees my telnet TCP request going out from source 10.8.0.6 with a destination of 10.240.0.2 (which is the IP address of my open VPN server on the remote internal network), which seems correct.
21:45 < nomizzz> At that point, Wireshark sees some "Malformed Packets" coming back from source 10.152.31.199 but there is no Destination (N/A), but this probably cuz the packet it gets back is abruptly terminated
21:46 < nomizzz> That 10.152.31.199 packet doesn't make any sense, as that is definitely not a host on any network I'm running (so perhaps the whole packet gets mangled somewhere along the way)
21:46 -!- n0Str3s5 [~n0Str3s5@QUBCPQ1306W-LP140-01-1088776231.dsl.bell.ca] has quit [Ping timeout: 246 seconds]
21:50 -!- nomizzz_ [~nomizzz@32.209.139.125] has joined #openvpn
21:51 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
21:53 -!- nomizzz_ [~nomizzz@32.209.139.125] has left #openvpn []
21:53 -!- nomizzz [20d18b7d@gateway/web/freenode/ip.32.209.139.125] has left #openvpn []
21:53 -!- nomizzz_ [~nomizzz@32.209.139.125] has joined #openvpn
21:53 -!- nomizzz_ [~nomizzz@32.209.139.125] has quit [Client Quit]
21:55 -!- nomizzz [~nomizzz@32.209.139.125] has joined #openvpn
22:02 -!- nomizzz [~nomizzz@32.209.139.125] has quit [Read error: Connection reset by peer]
22:36 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
23:01 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 260 seconds]
23:08 -!- Badimo [~3456@ppp-2-86-158-96.home.otenet.gr] has quit []
23:13 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
23:16 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 272 seconds]
23:22 -!- ShadniX [dagger@p5DDFE2ED.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:23 -!- ShadniX [dagger@p5DDFC223.dip0.t-ipconnect.de] has joined #openvpn
23:24 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
23:24 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has quit [Quit: It's 420 somewhere]
23:33 -!- weox [uid112413@gateway/web/irccloud.com/x-jvqdvkyhohxpaioc] has quit [Quit: Connection closed for inactivity]
23:50 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Ping timeout: 240 seconds]
--- Day changed Tue Dec 22 2015
00:04 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 272 seconds]
00:06 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
00:09 -!- ayaz_ [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:09 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 265 seconds]
00:09 -!- ayaz_ is now known as ayaz
00:10 -!- b00gz [uid6869@gateway/web/irccloud.com/x-ytudauhudoiaqaqf] has joined #openvpn
00:10 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:14 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:51 -!- roentgen [~roentgen@unaffiliated/roentgen] has quit [Ping timeout: 240 seconds]
00:59 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:05 -!- roentgen [~roentgen@unaffiliated/roentgen] has joined #openvpn
01:08 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 240 seconds]
01:32 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
01:40 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
01:41 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 264 seconds]
02:01 -!- kaiza [~kaiza@172.98.67.41] has quit [Ping timeout: 250 seconds]
02:18 -!- syzzer [~syzzer@openvpn/community/developer/syzzer] has joined #openvpn
02:18 -!- mode/#openvpn [+o syzzer] by ChanServ
02:35 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 276 seconds]
02:36 -!- b00gz [uid6869@gateway/web/irccloud.com/x-ytudauhudoiaqaqf] has quit [Quit: Connection closed for inactivity]
02:39 -!- HollowPoint [~quassel@62.255.245.182] has joined #openvpn
02:43 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
02:48 -!- u0m3 [~u0m3@89.120.204.99] has joined #openvpn
02:52 -!- nomad_fr [~nomad_fr@ks397872.ip-192-95-25.net] has joined #openvpn
02:58 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
02:58 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 245 seconds]
02:59 -!- u0m3 [~u0m3@89.120.204.99] has quit [Ping timeout: 265 seconds]
03:07 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:11 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
03:34 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 246 seconds]
03:34 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
03:35 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
03:35 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Remote host closed the connection]
03:43 -!- kaiza [~kaiza@172.98.67.62] has joined #openvpn
04:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
04:14 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
04:18 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Ping timeout: 246 seconds]
04:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:20 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:21 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
04:26 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has joined #openvpn
04:27 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
04:37 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
04:38 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 250 seconds]
05:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
05:15 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
05:16 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:17 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 265 seconds]
05:36 -!- toli [~toli@ip-83-134-71-106.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:42 -!- toli [~toli@ip-62-235-212-241.dsl.scarlet.be] has joined #openvpn
05:44 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
05:50 -!- TannerPaaltomo [~Paaltomo@159.203.30.107] has quit [Ping timeout: 246 seconds]
05:51 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
05:52 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
06:04 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:16 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
06:16 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
06:19 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Client Quit]
06:28 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
06:28 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has quit [Ping timeout: 240 seconds]
06:41 -!- Joost [~Joost@unaffiliated/joost] has joined #openvpn
06:42 < Joost> I just installed openvpn and tried to test (as listed on https://wiki.debian.org/OpenVPN), but I'm surprised it worked.. I have not opened up my firewall on either side; any guesses why it was still able to establish a connection?
06:42 <@vpnHelper> Title: OpenVPN - Debian Wiki (at wiki.debian.org)
06:42 < Joost> doesn't at least one side need to have a port opened up?
06:42 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
06:46 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:15 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:22 <@plaisthos> maybe both sides think that the other initated the connection
07:22 <@plaisthos> are you running --static setup with --remote on both sides?
07:27 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:29 < Joost> I was running `openvpn --remote <IP A> --dev tun1 --ifconfig 10.9.8.1 10.9.8.2 on B, and `openvpn --remote <IP B> --dev tun1 --ifconfig 10.9.8.2 10.9.8.1` on A
07:30 < Joost> both sides would need to think that they themselves initiated the connection
07:30 < Joost> I guess that's possible
07:33 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
07:39 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
07:47 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:49 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
07:50 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:55 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: C'ya]
08:06 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
08:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
08:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:21 -!- allizom [~Thunderbi@79.37.168.90] has joined #openvpn
08:23 -!- weox [uid112413@gateway/web/irccloud.com/x-doexiifzhbbqjcwu] has joined #openvpn
08:24 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
08:26 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
08:28 -!- allizom [~Thunderbi@79.37.168.90] has quit [Quit: allizom]
08:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:36 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
08:47 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:51 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:52 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
08:56 -!- pk12_ [~pk12@104.243.24.236] has joined #openvpn
08:57 -!- pk12 [~pk12@104.243.24.236] has quit [Ping timeout: 240 seconds]
09:02 -!- NP-Hardass [~NP-Hardas@gentoo/developer/np-hardass] has quit [Quit: WeeChat 1.3]
09:05 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
09:10 -!- pk12_ [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
09:13 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
09:16 -!- kaiza [~kaiza@172.98.67.62] has quit [Ping timeout: 240 seconds]
09:20 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
09:25 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 240 seconds]
09:27 -!- banco [~ban@212.164.222.212] has joined #openvpn
09:42 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
09:44 -!- yoink_ [~yoink@66.171.168.10] has joined #openvpn
09:45 -!- yoink [~yoink@66.171.168.10] has quit [Ping timeout: 240 seconds]
09:45 -!- yoink_ is now known as yoink
09:45 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
09:46 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
09:52 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has quit [Ping timeout: 246 seconds]
09:54 -!- u0m3 [~u0m3@188.27.74.65] has joined #openvpn
09:55 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
10:02 -!- ValdikSS [~valdikss@95.215.45.33] has joined #openvpn
10:05 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
10:12 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has quit [Ping timeout: 260 seconds]
10:17 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
10:20 -!- saik0 [~saik0@unaffiliated/saik0] has joined #openvpn
10:21 < saik0> Is the text encoding of the management interface US ASCII, or might I have to deal with UTF-8?
10:21 -!- msg [2edf0110@gateway/web/cgi-irc/kiwiirc.com/ip.46.223.1.16] has joined #openvpn
10:21 < msg> hi :)
10:22 < msg> !welcome
10:22 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki
10:22 <@vpnHelper> !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
10:22 < msg> !mitm
10:22 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
10:24 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
10:26 -!- HanSooloo_ [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
10:27 -!- HanSooloo_ [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Client Quit]
10:28 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Ping timeout: 240 seconds]
10:28 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
10:37 -!- n0Str3s5 [~n0Str3s5@QUBCPQ1306W-LP140-01-1088776231.dsl.bell.ca] has joined #openvpn
10:37 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 250 seconds]
10:43 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
10:44 -!- HollowPoint [~quassel@62.255.245.182] has quit [Remote host closed the connection]
10:45 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
10:49 -!- n0Str3s5 [~n0Str3s5@QUBCPQ1306W-LP140-01-1088776231.dsl.bell.ca] has quit [Ping timeout: 246 seconds]
10:49 -!- mystica555 [~mystica55@2602:3f:e045:ae00:a48b:b605:631c:6c46] has joined #openvpn
10:51 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Quit: HanSooloo]
10:52 -!- Bogdar [~bogdan@93.85.92.98] has quit [Disconnected by services]
10:55 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:05 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
11:22 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
11:32 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:39 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
11:43 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:44 -!- msg [2edf0110@gateway/web/cgi-irc/kiwiirc.com/ip.46.223.1.16] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
11:44 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
11:44 -!- msg [2edf0110@gateway/web/cgi-irc/kiwiirc.com/ip.46.223.1.16] has joined #openvpn
11:51 -!- Stigmagr [57ca5ef8@gateway/web/cgi-irc/kiwiirc.com/ip.87.202.94.248] has joined #openvpn
11:51 -!- Stigmagr [57ca5ef8@gateway/web/cgi-irc/kiwiirc.com/ip.87.202.94.248] has left #openvpn []
11:52 -!- notgeekyenough [42d7b10d@gateway/web/freenode/ip.66.215.177.13] has joined #openvpn
11:52 < notgeekyenough> Hey all, I'm going to start this with I'm a terrible person and I know this has been documented ad nauseum
11:52 < notgeekyenough> but I just can't get it to work, and I know it's something stupid
11:53 < notgeekyenough> so, here's what I'm trying to do, if maybe one of you can enlighten me
11:53 < notgeekyenough> effectively, I think I'm trying to do this
11:53 < notgeekyenough> https://community.openvpn.net/openvpn/wiki/RoutedLans
11:53 <@vpnHelper> Title: RoutedLans – OpenVPN Community (at community.openvpn.net)
11:53 < notgeekyenough> I have 2 Asus routers that I've setup as VPN clients
11:53 < notgeekyenough> behind those routers I have a few machines
11:54 < notgeekyenough> I want those machines to be able to talk to each other using their DHCP assigned IP address from the router
11:54 < notgeekyenough> for now, I've made it as simple as I can,  router 1 gives out 192.168.43.1-10
11:54 < notgeekyenough> router 2 gives out 192.168.43.11-20
11:56 < notgeekyenough> I use the same client ovpn for both routers, as seen here
11:56 < notgeekyenough> https://gist.github.com/BrettSwaim/01bb8188dde6307d81e5
11:56 <@vpnHelper> Title: mb4 openvpn · GitHub (at gist.github.com)
11:57 < notgeekyenough> this is my server conf
11:57 < notgeekyenough> https://gist.github.com/BrettSwaim/069994d7e39140ca78af
11:57 <@vpnHelper> Title: server.conf · GitHub (at gist.github.com)
11:58 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Quit: ZNC - http://znc.in]
11:58 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
11:58 -!- mode/#openvpn [+o mattock_] by ChanServ
11:59 < notgeekyenough> now, when I try to go to 10.172.200.1 that works
11:59 < notgeekyenough> I see the server, for example I can SSH to that
12:00 < notgeekyenough> and when I look at the server log, I see
12:00 < notgeekyenough> https://gist.githubusercontent.com/BrettSwaim/0f8571f36d8d5905aeb7/raw/313be0fef6c301dc0d288588b1a992f840b2661b/log
12:01 < notgeekyenough> trying to go to either of those addresses ends up being what you might expect, the config page for the asus routers
12:01 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
12:02 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:02 -!- mode/#openvpn [+o mattock_] by ChanServ
12:03 < notgeekyenough> oh here's something interesting
12:03 -!- weox [uid112413@gateway/web/irccloud.com/x-doexiifzhbbqjcwu] has quit [Quit: Connection closed for inactivity]
12:03 < notgeekyenough> wait, nevermind... researching the potentially interesting thing
12:04 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has quit [Client Quit]
12:06 < notgeekyenough> the routers also cannot ping each other on their internal addresses
12:06 < notgeekyenough> 100% packet loss
12:07 < notgeekyenough> I'm assuming the issue is this statement here:
12:07 < notgeekyenough> Dec 22 09:25:20 openvpn[2445]: /sbin/ifconfig tun11 10.172.200.18 pointopoint 10.172.200.17 mtu 1500 Dec 22 09:25:20 openvpn[2445]: Ignore conflicted routing rule: 192.168.43.0 255.255.255.0 Dec 22 09:25:20 openvpn[2445]: /sbin/route add -net 10.0.1.0 netmask 255.255.0.0 gw 10.172.200.17
12:08 < notgeekyenough> so, any thoughts on what I'm doing wrong here?
12:11 -!- mattock_ [~mattock@openvpn/corp/admin/mattock] has joined #openvpn
12:11 -!- mode/#openvpn [+o mattock_] by ChanServ
12:13 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
12:16 < saik0> notgeekyenough: short answer: use unique subnets on the LANs
12:17 < notgeekyenough> okay, I can do that. I will change it to 192.168.1.0 and 192.168.2.0 with 255.255.255.0
12:17 < notgeekyenough> and change the routes accordingly
12:17 -!- yoink [~yoink@66.171.168.10] has quit [Quit: yoink]
12:17 < notgeekyenough> 5 mins
12:22 -!- notgeekyenough [42d7b10d@gateway/web/freenode/ip.66.215.177.13] has quit [Ping timeout: 252 seconds]
12:24 -!- notgeekyenough [42d7b10d@gateway/web/freenode/ip.66.215.177.13] has joined #openvpn
12:25 < notgeekyenough> got dropped when I reset the router :)
12:25 < notgeekyenough> https://gist.github.com/BrettSwaim/069994d7e39140ca78af
12:25 <@vpnHelper> Title: server.conf · GitHub (at gist.github.com)
12:25 < notgeekyenough> changed my server.conf to the above
12:25 < notgeekyenough> my asus router here at my office is now 192.168.42.0 255.255.255.0
12:25 < notgeekyenough> the other is 192.168.43.0, 255.255.255.0
12:26 < notgeekyenough> → ping 192.168.43.29 PING 192.168.43.29 (192.168.43.29): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1
12:27 < notgeekyenough> still times out
12:27 < notgeekyenough> that's from 192.168.42.211
12:28 < notgeekyenough> I see this in my netstat -nr
12:28 < notgeekyenough> 192.168.43         10.172.200.13      UGSc            2      266   utun0
12:28 < notgeekyenough> so it appears that my laptop knows that .43 should go to the vpn
12:30 < notgeekyenough> on the server, running route -n give me: https://gist.github.com/BrettSwaim/5ca39360147f2add0d44
12:30 <@vpnHelper> Title: server route -n · GitHub (at gist.github.com)
12:30 < notgeekyenough> so that appears correct
12:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
12:30 < notgeekyenough> I think...
12:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:48 < notgeekyenough> any other thoughts?
12:51 < notgeekyenough> hm, my server is at 172.31.38.80 and I can't hit that directly either
13:11 < notgeekyenough> the route table from my asus router: https://gist.github.com/BrettSwaim/ca22a4838c7e11daf2b5
13:11 <@vpnHelper> Title: asus route table · GitHub (at gist.github.com)
13:16 -!- msg [2edf0110@gateway/web/cgi-irc/kiwiirc.com/ip.46.223.1.16] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
13:30 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has quit [Remote host closed the connection]
13:31 -!- monster_ [~monster@unaffiliated/monster/x-2037710] has joined #openvpn
13:31 < monster_> !welcome
13:31 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:31 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:32 < monster_> I would like to setup a bidirectional vpn from my datacenter to aws
13:33 < monster_> I have an openvpn server running on a nodes in each datacenter
13:33 < monster_> If someone could point me to documentation that would be great! ;>
13:33 < monster_> example openconf.conf or ovpn_env.sh
13:33 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has joined #openvpn
13:34 < monster_> should both my node act as both a client and a server?
13:34 < monster_> or one as a server one as a client?
13:53 -!- CihanKaygusuz [~cihankayg@78.185.48.89] has joined #openvpn
13:55 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn
13:55 -!- ade_b [~Ade@redhat/adeb] has quit [Ping timeout: 264 seconds]
13:57 -!- msg [2edf0110@gateway/web/cgi-irc/kiwiirc.com/ip.46.223.1.16] has joined #openvpn
14:07 < saik0> monster_: There are other considerations. For one, whether to use a bridged (ethernet, layer 2)or routed (tcp/ip, layer 3) vpn
14:08 < monster_> routed layer3
14:09 < saik0> monster_: and you just want to establish a secure link between two points?
14:10 -!- CihanKaygusuz [~cihankayg@78.185.48.89] has quit [Quit: CihanKaygusuz]
14:10 < monster_> correct, and route to subnets on both sides
14:10 -!- CihanKaygusuz [~CihanKayg@78.185.48.89] has joined #openvpn
14:10 < monster_> bidirectional
14:10 < saik0> https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
14:10 <@vpnHelper> Title: Static Key Mini-HOWTO (at openvpn.net)
14:11 < saik0> If PFS is not a requirement this is the simplest thing you can do
14:11 < monster_> awesome thanks!
14:12 < saik0> no problem
14:17 < monster_> inside the conf
14:17 < monster_> ifconfg localip remoteip
14:17 < monster_> are these the external ips that are reachable?
14:17 < monster_> not sure where to state the external ips
14:18 < saik0> remote is the directive for the external of the other side of the tunnel
14:19 < monster_> awesome
14:19 < saik0> ifconfig is the internal VPN ips
14:20 < saik0> !/30
14:20 <@vpnHelper> "/30" is (#1) http://goo.gl/SbKrT5 explains why routed clients each use 4 ips or (#2) you can avoid this behavior with by reading !topology
14:20 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has joined #openvpn
14:21 < monster_> saik0: do I spesifc remote on both configs?
14:21 < saik0> monster_: no, the server is listening on UDP 0.0.0.0:1194
14:22 < monster_> I mean both openvpn nodes?
14:22 < monster_> so they no where each other is
14:23 < saik0> the server does not make an outbound connection, it's listening. It does not care where the client is
14:24 -!- msg [2edf0110@gateway/web/cgi-irc/kiwiirc.com/ip.46.223.1.16] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
14:24 < monster_> gotcha, I thought I ran both as servers
14:34 -!- pk12_ [~pk12@pool-71-178-163-65.washdc.fios.verizon.net] has joined #openvpn
14:35 -!- pk12 [~pk12@104.243.24.236] has quit [Ping timeout: 240 seconds]
14:40 -!- pk12_ [~pk12@pool-71-178-163-65.washdc.fios.verizon.net] has quit [Quit: byezzzzzzzzzz]
14:46 -!- somis [~somis@167.160.44.243] has joined #openvpn
15:08 -!- DMA [~dma@190.146.128.106] has joined #openvpn
15:11 < monster_> saik0: looks like I have both openvpn nodes connected
15:11 < monster_> w00t
15:12 < monster_> now to setup routes
15:17 < saik0> monster_: congrats. Once you get your routes setup I'd suggest you also consider the choice of cipher and digest and configuring what the client does when the connection drops :)
15:17 < monster_> i think I have done most of that
15:17 -!- neatchee [423ef405@gateway/web/freenode/ip.66.62.244.5] has joined #openvpn
15:17 < monster_> btw what should I see if they connect in the logs?
15:18 < saik0> Initialization Sequence Completed
15:18 < neatchee> Hi all. I'm having trouble specifically with IPv6 transport for my OpenVPN connection to my Android device (ASUS RT-AC66U as host)
15:18 < saik0> Firing Orbital Death Laser
15:18 < neatchee> If I set my APN to force IPv4, everything works perfectly. However, when connecting over IPv6 I experience something I can only describe as a "request size limit".  Essentially, I can connect to the VPN perfectly, however any request I send that returns data over a certain size "freezes" mid-response.
15:18 < saik0> I'm not sure if i remember that second one right ;D
15:18 < neatchee> e.g. I can issue simple bash commands (mkdir, start/stop services, etc) to my linux machine, but if I do, say, "ps -ef" I receive the first 15 lines of the response, then the terminal freezes (waiting for the rest of the data)
15:19 < neatchee> Same issue when loading, e.g. the deluge-web interface over OpenVPN connection with IPv6 transport. The first several kilobytes of the page load, but the page essentially "freezes" after the first bit
15:19 < neatchee> Kinda lost as to what the problem could be.
15:25 < neatchee> !configs
15:25 <@vpnHelper> "configs" is (#1) please !paste your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and ovpn version or (#2) dont forget to include any ccd entries or (#3) pfSense, see http://www.secure-computing.net/wiki/index.php/OpenVPN/pfSense to obtain your config or (#4) remove inline private key or tls-auth key before posting
15:25 < neatchee> !paste
15:25 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
15:29 < monster_> saik0: to confirm, the client can also give routes the the server?
15:32 < monster_> crap I give up for the day.
15:32 < monster_> tomorrow is a new day
15:35 < saik0> monster_: yes, it can
15:35 < saik0> oh, long day for me as well
15:35 < monster_> the only initialize i see in the logs is "Diffie-Hellman initialized with 2048 bit key"
15:36 < monster_> so I dont think I am connected yet
15:36 < monster_> ill come at it with fresh eye, you gonna be around tomorrow?
15:36 < saik0> I dont think the client can push anything to the server
15:37 < saik0> I wont, but the community is pretty helpful. Good luck.
15:37 < monster_> so the server cant reach anything on the client side?
15:37 < monster_> ah been fing that up then  :>
15:37 < saik0> Just setup the routes by hand in each sidess config
15:37 < monster_> kk
15:38 -!- dekr4ken [~user88392@105.9.151.127] has joined #openvpn
15:44 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
15:45 < neatchee> Here's my conf as created by the ASUS-WRT web-UI: https://gist.github.com/anonymous/b70c8d447bd834d49cb6
15:46 <@vpnHelper> Title: server.conf · GitHub (at gist.github.com)
15:51 -!- Badimo [~yyy@ppp-2-86-158-96.home.otenet.gr] has joined #openvpn
15:54 -!- CihanKaygusuz is now known as Cihan
15:54 -!- dekr4ken [~user88392@105.9.151.127] has quit [Ping timeout: 260 seconds]
15:57 -!- CihanKaygusuz [uid135380@gateway/web/irccloud.com/x-zbgqkxinollpmdnk] has joined #openvpn
16:19 -!- dekr4ken [~androirc@vc-nat-gp-s-41-13-16-211.umts.vodacom.co.za] has joined #openvpn
16:19 < notgeekyenough> okay, new question
16:19 < notgeekyenough> I can ping the server now on it's private IP, but I can't ping the client's private IP from the server
16:20 < notgeekyenough> when running netstat -nr on the server I see
16:20 < notgeekyenough> 192.168.42.0    10.8.0.2        255.255.255.0   UG        0 0          0 tun0
16:20 < notgeekyenough> so it looks like the route is there to the client, right?
16:25 -!- Cihan_ [uid135385@gateway/web/irccloud.com/x-rjgwqfofbacfsdfp] has joined #openvpn
16:26 < ValdikSS> https://torrentfreak.com/routing-feature-can-expose-vpn-users-real-ip-addresses-151222/
16:26 <@vpnHelper> Title: Routing Feature Can Expose VPN Users Real IP-Addresses - TorrentFreak (at torrentfreak.com)
16:29 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
16:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
16:30 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
16:30 -!- speeddra_ [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
16:33 -!- Cihan_ [uid135385@gateway/web/irccloud.com/x-rjgwqfofbacfsdfp] has quit [Quit: Updating details, brb]
16:34 -!- Cihan_ [uid135385@gateway/web/irccloud.com/x-ybemclgqwnfdlrog] has joined #openvpn
16:34 -!- Cihan [~CihanKayg@78.185.48.89] has quit [Quit: Cihan]
16:34 -!- Cihan_ is now known as Cihan
16:35 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: C'ya]
16:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:47 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
16:58 -!- dekr4ken [~androirc@vc-nat-gp-s-41-13-16-211.umts.vodacom.co.za] has left #openvpn ["they"]
17:00 -!- alec-b [~alec@201.103.108.93.rev.vodafone.pt] has quit [Ping timeout: 245 seconds]
17:01 -!- alec-b [~alec@250.240.28.37.rev.vodafone.pt] has joined #openvpn
17:07 -!- notgeekyenough [42d7b10d@gateway/web/freenode/ip.66.215.177.13] has quit [Quit: Page closed]
17:08 -!- pk12_ [~pk12@pool-71-178-163-65.washdc.fios.verizon.net] has joined #openvpn
17:10 -!- pk12 [~pk12@104.243.24.236] has quit [Ping timeout: 260 seconds]
17:22 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
17:22 -!- pk12 [~pk12@104.243.24.236] has quit [Client Quit]
17:25 -!- pk12_ [~pk12@pool-71-178-163-65.washdc.fios.verizon.net] has quit [Ping timeout: 260 seconds]
17:25 -!- aldebaran [~aldebaran@83.112.189.109.customer.cdi.no] has joined #openvpn
17:31 -!- kaiza [~kaiza@71-17-31-175.sktn.hsdb.sasknet.sk.ca] has joined #openvpn
17:32 -!- Thermi [~Thermi@unaffiliated/thermi] has quit [Quit: Meet your opposition - Profane and disciplined - Take back your pride - With a pounding hammer]
17:34 -!- Thermi [~Thermi@unaffiliated/thermi] has joined #openvpn
17:50 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has quit [Ping timeout: 250 seconds]
18:04 -!- weox [uid112413@gateway/web/irccloud.com/x-rcajplmrqcoorzhz] has joined #openvpn
18:15 -!- u0m3 [~u0m3@188.27.74.65] has quit [Read error: Connection reset by peer]
18:19 -!- somis [~somis@167.160.44.243] has quit [Quit: Leaving]
18:20 -!- kaiza [~kaiza@71-17-31-175.sktn.hsdb.sasknet.sk.ca] has quit [Ping timeout: 244 seconds]
18:42 -!- kaiza [~kaiza@172.98.67.33] has joined #openvpn
19:03 -!- Stigmagr [5e45fb80@gateway/web/cgi-irc/kiwiirc.com/ip.94.69.251.128] has joined #openvpn
19:03 < Stigmagr> hello
19:03 < Stigmagr> does anyone know why while i am behind vpn and no proxy https://whoer.net/#extended after using the flash test reports that i am behind a proxy?
19:03 <@vpnHelper> Title: My IP (at whoer.net)
19:06 < Stigmagr> banco: are you here mate?
19:06 < Stigmagr> anyone?
19:14 < Stigmagr> is anyone here?
19:19 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
19:21 -!- DeaDSouL [~deadsoul@94.29.131.128] has joined #openvpn
19:24 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
19:27 -!- autrilla [uid86014@python/site-packages/autrilla] has quit [Quit: Connection closed for inactivity]
19:36 < onezuff> vpn service?
19:36 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:49 -!- DeaDSouL [~deadsoul@94.29.131.128] has quit [Ping timeout: 246 seconds]
19:53 < Stigmagr> anyone here that can help me abit?
20:00 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-cqqpqentlvlenlhp] has quit [Ping timeout: 272 seconds]
20:05 -!- SoreGums [sid22927@gateway/web/irccloud.com/x-aimoetnfilwjtmcr] has joined #openvpn
20:30 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
20:30 -!- delizin [48a16124@gateway/web/freenode/ip.72.161.97.36] has joined #openvpn
20:34 < delizin> Hey all. I am trying to get OpenVPN working on Ubuntu 14.04.3, but I am having trouble starting the server. First it couldn't find /dev/net/tun so I created the folder, then it gave me the error that it Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
20:34 < delizin> Here is my log https://dpaste.de/SGrG
20:38 < onezuff> Stigmagr are you using a vpn provider?
20:43 -!- weox [uid112413@gateway/web/irccloud.com/x-rcajplmrqcoorzhz] has quit [Quit: Connection closed for inactivity]
20:46 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 245 seconds]
20:50 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
21:08 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
21:25 -!- Stigmagr [5e45fb80@gateway/web/cgi-irc/kiwiirc.com/ip.94.69.251.128] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
21:49 -!- Paaltomo [~Paaltomo@159.203.30.107] has quit [Quit: It's 420 somewhere]
22:25 -!- delizin [48a16124@gateway/web/freenode/ip.72.161.97.36] has quit [Ping timeout: 252 seconds]
22:29 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
22:43 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 240 seconds]
22:45 -!- Badimo [~yyy@ppp-2-86-158-96.home.otenet.gr] has quit []
23:02 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 240 seconds]
23:02 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
23:02 -!- mode/#openvpn [+o plaisthos] by ChanServ
23:20 -!- ShadniX [dagger@p5DDFC223.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:21 -!- ShadniX [dagger@p5DDFC894.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Wed Dec 23 2015
00:28 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has joined #openvpn
00:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:31 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 265 seconds]
00:31 -!- banco [~ban@212.164.222.212] has joined #openvpn
00:37 -!- roentgen [~roentgen@unaffiliated/roentgen] has quit [Ping timeout: 240 seconds]
00:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:24 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:37 -!- roentgen [~roentgen@unaffiliated/roentgen] has joined #openvpn
02:15 -!- roentgen [~roentgen@unaffiliated/roentgen] has quit [Ping timeout: 255 seconds]
02:29 -!- roentgen [~roentgen@unaffiliated/roentgen] has joined #openvpn
02:49 -!- ade_b [~Ade@redhat/adeb] has joined #openvpn
03:10 -!- voiture [~netrunner@unaffiliated/voiture] has joined #openvpn
03:10 -!- hid3 [~arnoldas@78.157.71.116] has quit [Ping timeout: 245 seconds]
03:12 -!- voiture [~netrunner@unaffiliated/voiture] has left #openvpn ["Konversation terminated!"]
03:16 -!- autrilla [uid86014@python/site-packages/autrilla] has joined #openvpn
03:16 -!- autrilla [uid86014@python/site-packages/autrilla] has left #openvpn []
03:21 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
03:37 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
03:40 -!- kaiza [~kaiza@172.98.67.33] has quit [Ping timeout: 272 seconds]
04:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
04:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:39 -!- lmkone [53906dda@gateway/web/freenode/ip.83.144.109.218] has joined #openvpn
04:42 < lmkone> hello all
05:08 -!- hid3 [~arnoldas@78.157.71.116] has joined #openvpn
05:10 -!- Sheraf [~Sheraf@sheraf.wtf] has joined #openvpn
05:10 < Sheraf> Hi
05:10 < Sheraf> is there a way to use the icmp protocol?
05:12 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
05:23 -!- shio [~shio@129.121.101.84.rev.sfr.net] has quit [Quit: Leaving]
05:44 -!- shio [~shio@129.121.101.84.rev.sfr.net] has joined #openvpn
05:55 < tomodachi> shio: yes there is
05:55 < tomodachi> just use is
05:56 < shio> thanks "friend", though i think it's more for Sheraf ;)
06:26 -!- Neighbour [neighbour@84-245-42-111.dsl.cambrium.nl] has joined #openvpn
06:29 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
06:55 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has quit [Ping timeout: 240 seconds]
07:16 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
07:17 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
07:18 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
07:38 < Sheraf> ?
07:47 -!- twodogs [~encee@hunan.bhi.me] has quit [Ping timeout: 255 seconds]
07:51 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
08:09 -!- lmkone [53906dda@gateway/web/freenode/ip.83.144.109.218] has left #openvpn []
08:17 -!- somis [~somis@167.160.44.243] has joined #openvpn
08:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
08:33 -!- u0m3 [~u0m3@188.27.74.65] has joined #openvpn
08:34 -!- HollowPoint [~quassel@2.29.137.99] has joined #openvpn
08:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:39 -!- Sheraf [~Sheraf@sheraf.wtf] has left #openvpn ["WeeChat 1.0.1"]
09:00 -!- allizom [~Thunderbi@host90-168-dynamic.37-79-r.retail.telecomitalia.it] has joined #openvpn
09:01 -!- DMA [~dma@190.146.128.106] has joined #openvpn
09:20 -!- allizom [~Thunderbi@host90-168-dynamic.37-79-r.retail.telecomitalia.it] has quit [Quit: allizom]
09:20 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:21 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 255 seconds]
09:23 -!- ayaz [~Ayaz@linuxpakistan/ayaz] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:28 -!- banco [~ban@212.164.222.212] has joined #openvpn
10:05 -!- Badimo [~yyy@ppp-2-86-158-96.home.otenet.gr] has joined #openvpn
10:29 -!- MrPockets [~John@unaffiliated/mrpockets] has quit [Ping timeout: 264 seconds]
10:31 -!- MrPockets [~John@unaffiliated/mrpockets] has joined #openvpn
10:49 -!- yoink [~yoink@66.171.168.10] has joined #openvpn
10:56 -!- weox [uid112413@gateway/web/irccloud.com/x-sydimfjwzealpzfu] has joined #openvpn
11:45 -!- rich0 [~quassel@gentoo/developer/rich0] has quit [Read error: Connection reset by peer]
11:52 -!- rich0_ [~quassel@gentoo/developer/rich0] has joined #openvpn
11:53 -!- yoink [~yoink@66.171.168.10] has quit [Ping timeout: 240 seconds]
12:09 -!- neatchee [423ef405@gateway/web/freenode/ip.66.62.244.5] has quit [Ping timeout: 252 seconds]
12:10 -!- yoink [~yoink@66.171.168.10] has joined #openvpn
12:11 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
12:18 -!- alec-b [~alec@250.240.28.37.rev.vodafone.pt] has quit [Ping timeout: 264 seconds]
12:21 -!- alec-b [~alec@160.47.103.87.rev.vodafone.pt] has joined #openvpn
12:21 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:23 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
12:25 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
12:26 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Client Quit]
12:27 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
12:29 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
12:31 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
12:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
12:37 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:40 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:41 -!- DrCode [~DrCode@5.28.134.3] has quit [Read error: Connection reset by peer]
12:54 -!- yoink [~yoink@66.171.168.10] has quit [Ping timeout: 255 seconds]
12:58 -!- troyt_ [~troyt@2601:681:4600:7461:44dd:acff:fe85:9c8e] has quit [Ping timeout: 250 seconds]
13:01 -!- DrCode [~DrCode@5.28.134.3] has joined #openvpn
13:03 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
13:06 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
13:11 -!- infernix [nix@unaffiliated/infernix] has quit [Quit: ZNC - http://znc.sourceforge.net]
13:19 -!- infernix [nix@unaffiliated/infernix] has joined #openvpn
13:23 -!- weox [uid112413@gateway/web/irccloud.com/x-sydimfjwzealpzfu] has quit [Quit: Connection closed for inactivity]
13:38 -!- DMA [~dma@190.146.128.106] has quit [Quit: Mindwall!!]
13:40 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
14:06 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Quit: He who dares .... wins.]
14:07 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
14:12 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 260 seconds]
15:15 -!- shiriru [~shiriru@46.10.54.164] has joined #openvpn
15:16 -!- shiriru [~shiriru@46.10.54.164] has quit [Client Quit]
15:35 -!- darrin [4b7998ef@gateway/web/freenode/ip.75.121.152.239] has joined #openvpn
15:36 < darrin> !welcome
15:36 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:36 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:37 < darrin> !man
15:37 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
15:37 < darrin> !ask
15:37 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please, see this link for how to get help on IRC: http://workaround.org/getting-help-on-irc or (#2) See also, How to ask questions the smart way here: http://catb.org/~esr/faqs/smart-questions.html or (#3) if you had asked your question this might be an answer instead of a message from the bot about how to ask questions on IRC :)
15:39 < darrin> !goal
15:39 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc
15:40 < onezuff> i would like to create a vpn box in my lan that routes all traffic through the vpn. what steps do i need to do to ensure it does not leak through my real ip and stop sending traffic if the vpn disconects?
15:47 < darrin> I would like to figure out how to tell if traffic is being routed through my vpn.  The vpn starts and sets everything up but when I use traceroute it doesn't look like it goes through the vpn.
15:50 < Poster> is your remote VPN host a static address?
15:51 < darrin> Is that directed towards my question?
15:51 < Poster> yep
15:51 < darrin> The box itself has a static IP address yes
15:51 < Poster> ok and what is the VPN client OS?
15:51 < darrin> Ubuntu 14.04
15:52 < Poster> ok is it running NAT for a LAN or just a single computer system?
15:52 < darrin> The client is NATed yes.  It has a 192.168 address.
15:54 < Poster> ok so is the Ubuntu host behind another NAT device or is it the NAT device?
15:55 < darrin> The client Ubuntu host?  That one is just behind the NAT device.  I'm sorry I don't fully understand the question.  Its a simple home network and the client is connected to the router
15:56 < Poster> sorry am trying to understand the topology, so it's
15:56 < Poster> Ubuntu 14.04 Host -> NAT Router -> VPN Host -> Internet ?
15:57 < darrin> It's fine I'm trying my best to explain it as well haha.  I would say that sounds right
15:58 < Poster> ok so the 1st thing to do will be to get the Internet connection through the VPN working
15:58 < darrin> so i started the vpn again and this time the traceroute looks like it went through my VPN?
15:58 < Poster> what OS is the remote VPN Server?
15:58 < darrin> remote VPN server is ubuntu 14.04 as well
15:59 < darrin> however I just restarted it and tried agian and it works. which is odd becaues I've been restarting it all day trying stuff and it hasn't worked
15:59 < Poster> ok try taking a browser to http://checkip.dyndns.org and see if you're getting the expected (VPN Server) IP address
15:59 <@vpnHelper> Title: Current IP Check (at checkip.dyndns.org)
15:59 < darrin> well just the traceroute looks as if it went through the vpn
15:59 < darrin> I'm not sure if all traffic is.  I would assume so if my understanding of how openvpn works.
16:00 < Poster> it's routing yeah
16:00 < Poster> I'd try the checkip URL and see what you get
16:02 < darrin> I think its working now.  Google.com is in russian and thats where I purchased my box that I have the vpn on
16:03 < Poster> ok
16:03 < darrin> So I'm curious was I just impatient or didn't check it properly before or how come it wasn't working then but is now.  I haven't changed anything
16:03 < darrin> odd
16:03 < Poster> in your Ubuntu 14.04 VPN client, do you have your OpenVPN configuration file set to use a hostname or IP address when connecting to your remove VPS/VPN Server?
16:05 < Poster> sorry, remote VPS/VPN
16:06 -!- nitdega [~nitdega@2602:304:ab12:e981:5a91:ca9a:575b:4063] has quit [Ping timeout: 264 seconds]
16:07 < Poster> it's likely the line: remote x.x.x.x
16:07 < darrin> I use the IP address of the server
16:07 < Poster> ok good
16:08 < Poster> are you on the Ubuntu 14.04 host right now?
16:08 < Poster> for iRC
16:08 < darrin> so its "remote xxx.xxx.xxx.xxx. 1194
16:08 < darrin> No I
16:08 < darrin> No I'm on my normal desktop
16:08 < darrin> the Ubuntu client is a second old junker I'm playing with
16:11 < Poster> ok cool
16:11 < Poster> so on your Ubuntu client, subbing in your remote VPS address
16:11 < Poster> sudo iptables -A OUTPUT -o eth0 -d xxx.xxx.xxx.xxx -j ACCEPT
16:12 < Poster> sudo iptables -A OUTPUT -o eth0 -j REJECT
16:12 < Poster> if all goes well you should still have Internet access via the OpenVPN link
16:12 < Poster> once confirmed, stop OpenVPN and try to access the Internet again, it should fail
16:12 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
16:14 < darrin> so add type those iptables rules and what will they do?
16:14 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Client Quit]
16:14 < Poster> the first rule permits traffic to leave eth0 if destined to your VPS/VPN host
16:14 < Poster> the second rule rejects everything else
16:15 < darrin> then turn off the vpn and I shouldn't have connection correct?
16:15 < Poster> yep
16:15 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
16:15 < Poster> the VPN traffic will run across the ACCEPT rule
16:15 < Poster> if something is wrong with the VPN or it's otherwise down, the system will attempt to go out directly via eth0, the REJECT rule will prohibit it from doing so
16:16 < Poster> when the VPN is up, it's likely using a tun or tap adapter, since we specified -o eth0, the iptables will not be applied there, allowing all traffic out
16:16 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Client Quit]
16:18 < rkos> im at the same point as darrin i got openvpn set up and it takes connections but i guess i need to do something with iptables? is there some guide?
16:18 < Poster> is your Internet access being sent across the OpenVPN link?
16:18 < darrin> i added those two rules and it still seems to work however I don't think dns works now
16:19 < Poster> ok that might be true, you should consider using some other DNS, possibly by your VPS provider
16:19 < Poster> or another public offering such as OpenDNS and/or Google
16:19 < darrin> oh wait
16:19 < Poster> the DNS may default to your default gateway
16:19 < darrin> So I had the vpn running from the command line from a terminal I sshed into the client with
16:20 < Poster> which the iptables rule will block
16:20 < darrin> and when I added the second rule it brought all that down
16:20 < Poster> yeah it will kill everything :O
16:20 < Poster> let's try a 3rd rule
16:20 < Poster> sudo iptables -F OUTPUT
16:20 < Poster> sudo iptables -A OUTPUT -o eth0 -d xxx.xxx.xxx.xxx -j ACCEPT
16:20 < darrin> so is that process that was running the vpn stopped?
16:20 < darrin> I don't need to find it and kill it
16:20 < Poster> sudo iptables -A OUTPUT -o eth0 -d your.home.network/24 -j ACCEPT
16:20 < Poster> sudo iptables -A OUTPUT -o eth0 -j REJECT
16:21 < Poster> the 2nd line will permit traffic to your LAN
16:21 < Poster> assuming it's something like 192.168.0.0/24
16:22 < Poster> be careful about your LAN traffic
16:22 < Poster> if your anonymity is important, sending your DNS queries to your router (or ISP) could clue in whomever may be watching as to where you are going, even if they don't see your actual traffic
16:22 < Poster> the 2nd rule will permit traffic to your LAN
16:23 < Poster> I need to step out, hopefully that'll get you there
16:23 < Poster> if you want to clear the iptables rules, it's just
16:23 < Poster> sudo iptables -F OUTPUT
16:26 < rkos> what should i do next now that i got openvpn on my server and it can take a connection
16:26 < rkos> it doesnt route traffic yet
16:27 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
16:28 < darrin> I just removed the rules haha
16:28 < darrin> I'm fiddling with it now now that I know it works.
16:28 < darrin> just seeing how stuff works and what not
16:30 < darrin> ok I got it working
16:31 < darrin> Might just hold off on that other stuff for now till I understand whats going on with it now
16:32 -!- Linuxnet [~netas@unaffiliated/netas3k] has quit [Ping timeout: 265 seconds]
16:32 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 245 seconds]
16:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
16:34 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has joined #openvpn
16:34 -!- AlmogBaku [~AlmogBaku@bzq-79-182-161-26.red.bezeqint.net] has quit [Client Quit]
16:37 -!- wallbroken [~vpnuser@unaffiliated/wallbroken] has joined #openvpn
16:38 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
16:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:20 -!- Denial- [~Denial@81.141.7.174] has joined #openvpn
17:20 -!- Denial [~Denial@81.141.7.174] has quit [Ping timeout: 255 seconds]
17:21 -!- freach42 [~freach42@67.40.90.20] has joined #openvpn
17:23 < freach42> anyone doing openvpn with chromebooks?
17:23 -!- Denial- [~Denial@81.141.7.174] has quit [Client Quit]
17:27 < Eugene> Not for ~2 years, and back then it was basically "set it to unlocked mode and run these janky ubuntu/gentoo scripts"
17:27 -!- Denial [~Denial@81.141.7.174] has joined #openvpn
17:27 < Eugene> At which point, why use a chromebook?
17:32 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
17:33 < freach42> I use a chromebook as a relatively "disposable" terminal, remote control of development machines across VPNs when I'm not on location
17:34 < freach42> my little linux laptop does great, but I wanted a bigger screen, so my holiday project is to get the chromebook operating (it has a much better display)
17:36 -!- darrin [4b7998ef@gateway/web/freenode/ip.75.121.152.239] has quit [Quit: Page closed]
17:43 -!- allizom [~Thunderbi@host90-168-dynamic.37-79-r.retail.telecomitalia.it] has joined #openvpn
17:46 -!- toli [~toli@ip-62-235-212-241.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:47 -!- toli [~toli@ip-62-235-212-32.dsl.scarlet.be] has joined #openvpn
17:48 -!- allizom [~Thunderbi@host90-168-dynamic.37-79-r.retail.telecomitalia.it] has quit [Quit: allizom]
17:56 < wallbroken> somebody of you knows if openvpn connect app for ios is still supported?
18:01 < freach42> mine still works (ios9)
18:02 < freach42> ios 9.2
18:11 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Quit: Konversation terminated!]
18:12 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
18:18 < wallbroken> freach42, works not at all
18:18 < wallbroken> for example if you try to start the connection from settings.app
18:18 < wallbroken> it won't
18:19 < freach42> there's not a lot of standardization of openvpn clients, the server has to strike a balance and get a little lucky to support them all
18:21 < wallbroken> i just want to know if the app is no more in developing
18:21 < wallbroken> but nobody alive on the official stuff
18:21 < wallbroken> *staff
18:38 < wallbroken> is it possible to put user and password directly in the cnfiguration file?
18:42 < freach42> not sure, I think you would use a client cert for that, but I've only learned enough to get my different devices going
18:42 < freach42> (except the chromebook)
18:53 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has quit [Quit: Leaving]
19:02 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
19:07 -!- somis [~somis@167.160.44.243] has quit [Quit: Leaving]
19:09 -!- Uranio [~Uranio@mx1.unaicc.cu] has joined #openvpn
19:15 -!- Uranio [~Uranio@mx1.unaicc.cu] has quit [Quit: Leaving]
19:31 -!- nitdega [~nitdega@2602:304:ab12:d3c1:8440:a9d6:7fbf:afa3] has joined #openvpn
19:36 -!- John [c325d161@gateway/web/cgi-irc/kiwiirc.com/ip.195.37.209.97] has joined #openvpn
19:36 < John> hi all
19:37 < John> i followed the guide here: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
19:37 <@vpnHelper> Title: How To Set Up an OpenVPN Server on Ubuntu 14.04 | DigitalOcean (at www.digitalocean.com)
19:37 < John> And everything seemed to work great
19:37 < John> But now when i try to get a client to connect, it cant
19:38 < John> @TLS key negotionation failed to occur within 60 seconds (check your network connectivity)
19:38 < John> And it does that over and over
19:38 < John> no logs on the server side
19:38 < John> Please if anyone could help, that would be really great because im stuck at work and i just want to go home -_-
19:44 -!- CheckYourSix [~CheckYour@104.236.45.57] has joined #openvpn
19:47 < Poster> Make sure that connections are being permitted to your OpenVPN server system
19:47 < Poster> if you're running TCP based, a telnet to the public address on whichever port you selected should validate it
19:47 < Poster> if you feel comfortable in sharing the address, I can test it as well
19:47 < John> im running udp based
19:48 < John> sure, the ip is 52.4.74.33
19:48 < John> 1194
19:48 < CheckYourSix> Hi there. I use 4G internet at my house (no other option). It uses Carrier Grade NAT, so it's not accessible from the internet, period. I want to be able to connect back into my home network via a VPN. I'm guessing it's possible to do by having a VPS at Digital Ocean (or wherever) with an OpenVPN server on it, a VM at my house that will site-to-site connect with the OpenVPN server at DO, and my laptop/phone connecting to the OpenVPN server at DO.
19:48 < CheckYourSix> Is this doable and am I thinking about it the right way?
19:49 < John> CheckYourSix: Yeah I think thats correct
19:49 < John> im trying to do the same thing, but to connect to my work PC
19:50 < CheckYourSix> Now, has anyone done it before? I've only messed around with OpenVPN, so I'm brand new to it. I can't seem to find a tutorial for what I need to do.
19:50 < John> If you have any luck with that oh, i have errors in my /var/log
19:51 < John> CheckYourSix: im using https://wiki.debian.org/OpenVPN
19:51 <@vpnHelper> Title: OpenVPN - Debian Wiki (at wiki.debian.org)
19:51 < John> and https://openvpn.net/index.php/open-source/documentation/howto.html
19:51 <@vpnHelper> Title: HOWTO (at openvpn.net)
19:51 < John> Mainly the latter for the server
19:52 < CheckYourSix> There are tutorials from DO on how to make it so you can connect to the OpenVPN server and browse the internet from your phone/laptop if you're on public wifi or whatever. There are also other tutorials for site-to-site. Just nothing putting them together
19:52 <@ecrist> John: really, the official wiki applies to both.
19:52 < John> ecrist: ah ok :)
19:52 <@ecrist> the only real difference between distros/OS is the init/startup routine
19:53 < CheckYourSix> I don't know enough about routing stuff and all of the settings on OpenVPN to know how to tweak it all to make it work
19:53 < John> I see in my logs now "TLS Error: TLS key negotiation failed to occur within 60 seconds@
19:53 < John> Which is the same error i get on the client
19:54 < John> then also seeing a lot of BLOCKs in the fw for what i imagine is Poster trying to help me out :)
19:54 <@ecrist> John: that's indicative of a network or firewall issue
19:54 < John> ecrist: makes sense  -  but im seeing the error both for client AND server
19:54 < John> So they can talk ... just not, um, easily :)
19:55 <@ecrist> the server makes no connections
19:55 <@ecrist> it only responds to incoming connections
19:57 < John> This is the error in the client: bit.ly/1JwlvNt
19:58 < John> http://bit.ly/1JwlvNt
19:58 <@vpnHelper> Title: Paste ofCode (at bit.ly)
19:59 < John> Error server-side:
19:59 < John> http://bit.ly/1ScY96l
20:00 < John> Ah, whoops, sorry - last char is a capital i not a lower l
20:00 < John> http://bit.ly/1ScY96I
20:00 <@vpnHelper> Title: Paste ofCode (at bit.ly)
20:18 < John> Ugh, someone
20:18 < John> Someone's doing a full portscan -_- lame
20:18 < John> you could just ask
20:31 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
20:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:42 < CheckYourSix> Well, I have the VPS set up and I can connect to it from my phone and browse the internet. Now I need to make a site-to-site connection from a VM at my house to the VPS. Then the hard part is tying them together'
20:48 < CheckYourSix> I can't believe nobody has created a tutorial explaining how do to all of this. There has to be more people in the same position
21:01 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Read error: Connection reset by peer]
21:11 -!- blurgher [~blurgher@212.18.232.88] has joined #openvpn
21:12 < blurgher> Will an OpenVPN server with the default configuration be blocked in China?
22:22 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
22:44 -!- linuxdevman [~chatzilla@gateway/vpn/privateinternetaccess/linuxdevman] has joined #openvpn
22:56 -!- Badimo [~yyy@ppp-2-86-158-96.home.otenet.gr] has quit []
23:01 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
23:11 -!- Brando753 [~Brando753@unaffiliated/brando753] has quit [Ping timeout: 240 seconds]
23:20 -!- ShadniX [dagger@p5DDFC894.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:21 -!- ShadniX [dagger@p5DDFC85C.dip0.t-ipconnect.de] has joined #openvpn
23:24 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 256 seconds]
--- Day changed Thu Dec 24 2015
00:00 -!- Brando753 [~Brando753@unaffiliated/brando753] has joined #openvpn
00:04 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
00:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
00:47 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
00:55 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
01:13 -!- banco [~ban@212.164.222.212] has quit [Ping timeout: 255 seconds]
01:35 < Eugene> blurgher - anecdotal evidence says that yes, the GFW does do openvpn fingerprinting+blocking
01:35 < Eugene> !obfuscate
01:35 < Eugene> !obfs
01:35 <@vpnHelper> "obfs" is (#1) if you are looking to obfuscate your traffic to get through a firewall that recognizes and blocks openvpn, try using this proxy: obfsproxy https://www.torproject.org/projects/obfsproxy.html.en to encapsulate your packets in other protocols or (#2) http://community.openvpn.net/openvpn/wiki/TrafficObfuscation or (#3) in client/server mode an admin can know that openvpn is being used. in
01:36 <@vpnHelper> static-key mode they only know that it is some encrypted data, but not specifically openvpn; however with static-key you lose forward security (!forwardsecurity)
01:38 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 265 seconds]
02:02 -!- linuxdevman [~chatzilla@gateway/vpn/privateinternetaccess/linuxdevman] has quit [Quit: oui]
02:04 -!- mahaw [~mahaw@unaffiliated/mahaw] has joined #openvpn
02:05 < mahaw> Hi which is better to use in Linux for OpenVPN, rp_filter=1 or rp_filter=0?
02:05 < mahaw> for security...
02:07 < apollo13> mahaw: rp_filter=1 obviously
02:08 < mahaw> This is what I thought, interestinly Slackware sets it as 0 hmm
02:09 < apollo13> everyone has at it 0 by default afaik
02:10 < apollo13> ah no, centos has it at 1, my debian has it at 0
02:11 < mahaw> yeah I'm surprised distros set it at 0 hmm
02:15 < mahaw> thanks
02:25 < mahaw> thanks apollo13
02:25 -!- mahaw [~mahaw@unaffiliated/mahaw] has quit [Quit: mahaw]
02:29 -!- linuxdevman [~chatzilla@gateway/vpn/privateinternetaccess/linuxdevman] has joined #openvpn
02:44 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:19 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has joined #openvpn
03:25 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
03:48 -!- themayor [~themayor@unaffiliated/themayor] has quit [Ping timeout: 260 seconds]
03:50 -!- themayor [~themayor@unaffiliated/themayor] has joined #openvpn
03:53 -!- valentt [~valentt@93-141-140-171.adsl.net.t-com.hr] has joined #openvpn
03:56 < valentt> Question regarding OpenVPN clients that use Windows - I know there was some limitation on which IP adresses they can use for gateway and their own IP, but not I can't remember this... is there some FAQ online I can read to refresh my memory? Google isn't helping :(
03:59 -!- aerth [~aerth@unaffiliated/aerth] has joined #openvpn
04:04 -!- weox [uid112413@gateway/web/irccloud.com/x-kzrwmdyaifspsnjy] has joined #openvpn
04:15 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
04:33 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
04:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:44 -!- OverCoder [Elite15119@gateway/shell/elitebnc/x-kbpfarryxfyonjue] has left #openvpn ["idk"]
04:50 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
04:51 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
05:00 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:09 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
05:15 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:15 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
05:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
05:34 -!- Darkwell [~Darkwell@unaffiliated/phantom-x] has joined #openvpn
05:42 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
05:46 -!- pk12 [~pk12@104.243.24.236] has quit [Client Quit]
05:46 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
06:20 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: Textual IRC Client]
06:21 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
06:23 -!- weox [uid112413@gateway/web/irccloud.com/x-kzrwmdyaifspsnjy] has quit [Quit: Connection closed for inactivity]
06:36 -!- wallbroken [~vpnuser@unaffiliated/wallbroken] has quit [Ping timeout: 250 seconds]
06:52 -!- valent [~valentt@93-137-240-233.adsl.net.t-com.hr] has joined #openvpn
06:56 -!- valentt [~valentt@93-141-140-171.adsl.net.t-com.hr] has quit [Ping timeout: 240 seconds]
07:07 -!- debdogw [~Wowbagger@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has joined #openvpn
07:09 -!- HollowPoint [~quassel@2.29.137.99] has quit [Remote host closed the connection]
07:12 < debdogw> oy! trying to establish a connection via IPv6 on my home network. client is a WinXP SP3 laptop and I don't know whether XP's IPv6 support is fully functioning. does someone has experience with that and is ale to enlighten me?
07:13 < debdogw> the client's log, the last line is worrying me: https://dpaste.de/2EVn/raw
07:15 < debdogw> according to "ipv6 if" XP has an IPv6 address. sorry, not able to copy'n'paste from windows' command line interface
07:20 < debdog> hmm, found a note somewhere, dunno what it means, though
07:20 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
07:20 < debdog> https://www.su4me.de/old/soft_openvpn.html#vpn-check
07:21 < debdog> it just says "WSACancelBlockingCall"
07:27 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
07:32 < debdog> hmm, if i am lucky I can borrow a win7 PC from work
07:36 -!- debdogw [~Wowbagger@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has quit [Ping timeout: 276 seconds]
07:58 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
08:03 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
08:18 -!- JackWinter1 [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has joined #openvpn
08:19 -!- JackWinter [~jack@252.Red-88-22-243.staticIP.rima-tde.net] has quit [Ping timeout: 250 seconds]
08:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
08:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:50 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
08:59 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
09:08 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
09:12 -!- alec-b [~alec@160.47.103.87.rev.vodafone.pt] has quit [Ping timeout: 246 seconds]
09:13 -!- alec-b [~alec@69.19.158.5.rev.vodafone.pt] has joined #openvpn
09:14 -!- DWWagner [~DWagner@pool-96-250-176-61.nycmny.fios.verizon.net] has joined #openvpn
09:15 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 260 seconds]
09:15 < DWWagner> Hi all, I was wondering if anyone could guess why all of my DNS lookups are being performed (and answered) twice while connected.  One lookup is being done with the pushed DNS server, and the other appears to be performed by the DHCP assigned resolver.
09:23 < Thermi> That's a feature of Windows 10.
09:23 < Thermi> !dns
09:23 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns
09:23 < Thermi> !win10
09:23 < Thermi> !windows
09:23 <@vpnHelper> "windows" is (#1) computers are like air conditioners, they work well until you open windows. or (#2) http://secure-computing.net/files/windows.jpg for funny or (#3) http://secure-computing.net/files/windows_2.jpg for more funny
09:23 < Thermi> !windows10
09:23 < Thermi> !list
09:23 <@vpnHelper> Admin, BadWords, Channel, ChannelLogger, Config, Factoids, FloodPrevent, Google, Misc, Owner, Relay, Seen, Services, User, Weather, and Web
09:23 < DWWagner> Yeah, I think I see it.  Parallel resolution...
09:23 < Thermi> !Factoids
09:23 <@vpnHelper> "Factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php
09:31 -!- DWWagner [~DWagner@pool-96-250-176-61.nycmny.fios.verizon.net] has quit [Ping timeout: 255 seconds]
09:33 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit [Read error: Connection reset by peer]
09:33 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has joined #openvpn
09:33 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
09:38 -!- pythonsnake1 is now known as pythonsnake
09:41 -!- DWWagner [~DWagner@pool-96-250-176-61.nycmny.fios.verizon.net] has joined #openvpn
09:41 < DWWagner> Awesome, block-outside-dns did the charm.
09:41 < DWWagner> Thanks
09:58 -!- JackWinter1 [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has quit [Quit: Konversation terminated!]
10:00 -!- JackWinter [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has joined #openvpn
10:12 -!- JackWinter1 [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has joined #openvpn
10:12 -!- JackWinter [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has quit [Ping timeout: 265 seconds]
10:16 < CheckYourSix> Am I better off using OpenVPN Access Server or just the standard server? Site-to-Site VPN and remote connections coming back in
10:45 < Poster> "better off" is relative to your objectives
10:45 < Poster> if you want commercial support, access server is probably "better"
10:45 < Poster> if you want to avoid support fees, community edition is probably "better"
10:48 < CheckYourSix> I don't need commercial support. I just need to be able to connect back to my house, but it needs a VPS in between. Site-to-site between my house and the VPS, then my phone and laptop can connect to the VPS and be able to see everything on my home network.
10:48 < CheckYourSix> I can't figure it out though
10:49 < Poster> ok so if you are willing to learn, community edition is for you
10:50 < CheckYourSix> Ok. Well right now, I have the VPS set up and I can connect to it and browse the internet from it using my phone. I can't figure out how to get the site-to site working, and even when I do, I can't find anything that's easy to understand that will allow them all to communicate
10:53 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
10:53 < Poster> ok so it sounds like you have 2 parts, the first would be connecting your home LAN to your VPS and establish routing between the two
10:54 < CheckYourSix> I'm trying to do that now, but I'm getting the error TLS Error: cannot locate HMAC in incoming packet
10:54 < CheckYourSix> Using pfSense as my home router
10:56 < Poster> https://www.google.com/search?q=TLS+Error%3A+cannot+locate+HMAC&ie=utf-8&oe=utf-8
10:56 <@vpnHelper> Title: TLS Error: cannot locate HMAC - Google-Suche (at www.google.com)
10:56 < Poster> top link has it
11:01 -!- KaiForce [~chatzilla@107-223-70-10.lightspeed.bcvloh.sbcglobal.net] has quit [Quit: ChatZilla 0.9.92 [Firefox 43.0.1/20151216175450]]
11:01 < CheckYourSix> I don't even have a tls auth line in my openvpn file for my iphone (which can connect). I also don't have a ta.key file at all.
11:01 < CheckYourSix> I followed this tutorial https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
11:01 <@vpnHelper> Title: How To Setup and Configure an OpenVPN Server on CentOS 7 | DigitalOcean (at www.digitalocean.com)
11:02 < CheckYourSix> I generated a client set for my phone and another set for my house
11:07 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
11:07 -!- linuxdevman [~chatzilla@gateway/vpn/privateinternetaccess/linuxdevman] has quit [Remote host closed the connection]
11:08 < Poster> ok which system is giving you the TLS Error?
11:09 < CheckYourSix> pfSense
11:10 < Poster> ok so from the article it talks about a checkbox on the pfSense UI
11:11 < Poster> and a client configuration doesn't always have the same options as a server configuration
11:12 < CheckYourSix> I unchecked the TLS auth box and it connected. I can't resolve websites now though
11:14 < Poster> ok are you pushing DNS server addresses from your OpenVPN server system?
11:14 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
11:35 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has quit [Ping timeout: 255 seconds]
11:38 -!- jareth_ [~jareth_@2001:980:e1c0:1:219:66ff:fea0:a502] has joined #openvpn
11:48 < CheckYourSix> Well that was a disaster. It connected, but then I lost all connection to the internet. Even after I disconnected from the VPS, I couldn't get on the internet at all. I had to restart everything.
11:49 -!- aldebaran [~aldebaran@83.112.189.109.customer.cdi.no] has left #openvpn ["WeeChat 1.3"]
11:52 < CheckYourSix> Unchecking the TLS box did allow it to connect. Now I need to figure out what to do so I can use that and the internet
11:54 -!- wallbroken [~vpnuser@unaffiliated/wallbroken] has joined #openvpn
11:54 -!- DWWagner [~DWagner@pool-96-250-176-61.nycmny.fios.verizon.net] has quit [Quit: Leaving]
12:08 -!- AlmogBaku [~AlmogBaku@bzq-199-168-31-125.red.bezeqint.net] has joined #openvpn
12:11 -!- AlmogBaku [~AlmogBaku@bzq-199-168-31-125.red.bezeqint.net] has quit [Client Quit]
12:12 -!- AlmogBaku [~AlmogBaku@bzq-199-168-31-125.red.bezeqint.net] has joined #openvpn
12:14 -!- AlmogBaku [~AlmogBaku@bzq-199-168-31-125.red.bezeqint.net] has quit [Client Quit]
12:17 -!- AlmogBaku [~AlmogBaku@bzq-199-168-31-125.red.bezeqint.net] has joined #openvpn
12:24 -!- AlmogBaku [~AlmogBaku@bzq-199-168-31-125.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
12:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
12:36 -!- rich0_ is now known as rich0
12:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:42 -!- mystica555 [~mystica55@2602:3f:e045:ae00:a48b:b605:631c:6c46] has quit [Quit: Leaving]
12:46 -!- valent [~valentt@93-137-240-233.adsl.net.t-com.hr] has quit [Ping timeout: 240 seconds]
12:58 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has joined #openvpn
13:01 -!- testerbit [~smuxi@unaffiliated/testerbit] has joined #openvpn
13:02 < testerbit> I setup a VPN connection(client) and can ping ip's behind the VPN, but cannot resolve DNS on this client. I'm sure it's not the server because I can access the DNS behind the VPN using a different machine. What is likely the issue and fix here?
13:06 < Poster> on your VPN connection, are you configured to push all traffic across the VPN or just specific routes?
13:07 < ke4nhw> I'm having a bit of trouble. Openvpn running on Fedora. I can run the service just fine, but if the server reboots (power outage) then the service will not restart. I have tried several variants of systemctl enable * and one took (can't remember which now) but still not starting at reboot. I know that I can start it with 'systemctl start openvpn@server.service' just fine, but that is not the
13:07 < ke4nhw> one that works with 'systemctl enable'
13:10 < Poster> I think that might be more of a fedora issue than an OpenVPN issue
13:10 < ke4nhw> Okay, didn't know
13:10 < Poster> if the service didn't start or there was an issue with the connection, I'd say OpenVPN
13:11 < Poster> but if it runs ok, but isn't starting on a reboot, that would be more OS
13:11 < Poster> there is probably a #fedora on here
13:11 < Poster> might be good to try there
13:11 < ke4nhw> I just ran through the systemctl list-units, and found two instances of openvpn: one is openvpn@multi-user.service which is loaded failed failed, and openvpn@server.service which I started manually and is fine.
13:12 < Poster> ok I am not familiar with either of those, someone else may be, it's been a long time since I've used fedora personally
13:12 < ke4nhw> There is a #fedora, I just wanted to make sure first since it's odd as hell how it's called
13:12 < Poster> I don't think the naming is dictated by the OpenVPN project
13:12 < ke4nhw> Do you know how I enable openvpn in systemctl?
13:13 < Poster> if it's relatively new version of Fedora, it may overlap with CentOS7 and support may be possible from #centos
13:13 < Poster> I do not sorry
13:15 < ke4nhw> Okay I'll check around here a bit more before I go psycho, and I'll look in on #fedora. Other than that I'm likely going to just write the 'systemctl start...' into my init scripts; kinda a dirty hack but it'll do...
13:16 < Eugene> ke4nhw - for a config file named /etc/openvpn/my-server.conf, you would use `systemctl start|enable openvpn@my-server`
13:17 < Eugene> If you have multiple foo.conf files, each one gets its own systemd unit
13:18 < Eugene> This lets you start/stop them separately, without having to home-roll an init script
13:18 < ke4nhw> Let me try this; gonna disable the dead one first though
13:18 < Poster> oh that's a good idea
13:18 < Eugene> I rather like it
13:18 < Poster> most implementations I've seen just loop through all .conf files in /etc/openvpn
13:18 < wallbroken> is it possible to put user and password directly in the cnfiguration file?
13:18 < Eugene> Yeah, that's the old sysvinit behaviour
13:19 < Eugene> wallbroken - only if it has been compiled with --enable-password-save
13:19 < Poster> I am not sure about directly in the configuration, I seem to recall a method to read a file that held credentials though
13:20 < Eugene> Which is not the default(for good reasons), and not in most packaged versions
13:20 < wallbroken> Eugene, i need to use it on openvpn connect for iOS, how to know it?
13:20 < ke4nhw> Eugene that is not working. I am using 'systemctl enable openvpn@server.service' with a no such file or directory, 'systemctl enable openvpn@server' with invalid argument
13:20 < ke4nhw> Yet 'systemctl start|restart|stop openvpn@server.service' works fine
13:21 < Poster> --auth-user-pass
13:21 < Eugene> ke4nhw - do you have /etc/openvpn/server.conf ?
13:21 < ke4nhw> yes
13:21 < Poster> then the file was username on line 1 then password on line 2
13:21 < ke4nhw> hence the success of 'systemctl start openvpn@server.service
13:22 < Eugene> Works4me on CentOS 7. Hm.
13:22 < ke4nhw> It's just the enable disable that's acting quirky
13:22 < Eugene> https://vomitb.in/hVusNqDTZX
13:22 < Eugene> Poke around, see if you're missing something in those directories
13:23 < Eugene> Rename the .conf to something else and try again. It might be something in systemd that's cached
13:23 < ke4nhw> will do, and I do see the symlinks that match the name in my systemctl list-units so may be a relationship there with a failed symlink
13:23 < Eugene> `systemctl daemon-reload` wouldn't hurt either
13:25 -!- testerbit [~smuxi@unaffiliated/testerbit] has quit [Ping timeout: 276 seconds]
13:28 -!- Uranio [~Uranio@free-02.protectednetgroup.com] has joined #openvpn
13:33 -!- Uranio [~Uranio@free-02.protectednetgroup.com] has quit [Read error: Connection reset by peer]
13:37 < ke4nhw> Refresh my memory again... permissions: 1rwxrwxrwx. Can't remember the 1 unless it's the sticky bit
13:43 -!- onezuff [~onezuff@ip68-3-211-21.ph.ph.cox.net] has quit [Ping timeout: 240 seconds]
13:55 < CheckYourSix> Poster: Well I think I'm halfway to my goal. The site-to-site works (but I can't access the internet when I'm connected, and I'm not sure why). The remote connect with my phone works and browses the internet from the vps. Now I just need to make it so when they are all connected, my phone can see everything on my home network and I can still browse the internet from home. What step do I need to take next?
14:00 < Poster> ok so do you want to route all traffic from home to the Internet by way of the VPS or do you just want the home to VPS link to carry traffic for the LAN access only?
14:04 -!- mgorbach [~mgorbach@pool-96-237-153-21.bstnma.ftas.verizon.net] has quit [Ping timeout: 240 seconds]
14:07 -!- mgorbach [~mgorbach@pool-96-237-153-21.bstnma.ftas.verizon.net] has joined #openvpn
14:08 < CheckYourSix> Sorry, didn't notice you responded. It doesn't matter, but lets just route it out of my home internet like normal and use the VPS as a way for my phone and laptop to connect back home.
14:09 < Poster> ok so are you trying to use the same OpenVPN instance on your VPS for both your phone and your home?
14:11 < ke4nhw> I found a solution online, kind of a hack but works. Systemd and openvpn don't play well as openvpn allows for multiple instances. I created my own .service file with the name of the config file written in directly. All I have to do then is call it as 'systemctl enable <filename>.service'
14:11 < apollo13> ke4nhw: outch…
14:12 < apollo13> you should have just used systemd instance support
14:12 < ke4nhw> I have been trying for days
14:12 < apollo13> I just do systemctl enable openvpn@confname
14:12 < ke4nhw> I did
14:12 < ke4nhw> failed
14:12 < apollo13> what is the problem?
14:12 < CheckYourSix> Poster: It needs to act like a relay I guess you could say. My home IP is not routeable, so there's no possible way to expose it to the internet, otherwise this would all be very easy. The VPS needs to be a relay of sort so the phones and laptops can connect to it, then the VPS and my house are connected site-to-site, so the phones and laptops can connect into my home network
14:12 < apollo13> it is really simple, just grep the unit file and the generator from the debian package
14:12 < ke4nhw> No matter what standard call I use I either get invalid argument or file not found
14:13 < ke4nhw> I found this solution on openvpn.net archives
14:13 < ke4nhw> specific to fedora
14:13 < ke4nhw> sorry
14:13 < ke4nhw> found on serverfault
14:13 < ke4nhw> specific to fedora
14:13 < Poster> CheckYourSix: ok that's fine, based on what you've said, the OpenVPN instance on the VPS is attempting to route all traffic through it (as described for your phone).  If this is true, it is going to try and do the same for your home connection (assuming it is the same instance).
14:14 < ke4nhw> damn
14:14 < ke4nhw> I need coffee
14:14 < apollo13> ke4nhw: https://dpaste.de/CNok generator file and service files: https://dpaste.de/7cES https://dpaste.de/puGy
14:14 < apollo13> pretty easy and self explanatory
14:14 < ke4nhw> The solution was on ask.fedoraproject
14:14 < CheckYourSix> Poster: It is the same instance. The thing is it didn't actually let any traffic flow. It killed my internet.
14:14 < ke4nhw> too many tabs and screens open lol
14:14 < Poster> CheckYourSix: you may consider a separate OpenVPN instance with just private routes being sent across between the VPS and Home
14:15 < Poster> It could be a few things impacting it, if you can ping Internet IP addresses such as 8.8.8.8 but not browse, it is likely a DNS issue
14:15 < apollo13> ke4nhw: systemctl restart openvpn will now restart all enabled systemd instances, and systemctl restart openvpn@blabla the individual (if you use the config I provided)
14:15 < apollo13> certainly works on fedora if it works with an old systemd on debian :D
14:15 < ke4nhw> That always worked for me
14:16 < apollo13> well what was the issue?
14:16 < CheckYourSix> Poster: The concept to me seems like it should be extremely simple, but it's been ridiculous to try finding answers on how to accomplish all of this
14:16 < apollo13> (restart was just a placeholder for whatever you want)
14:16 < ke4nhw> I could easily 'systemctl restart|start|stop openvpn@server.service'
14:16 < ke4nhw> I couldn't enable or disable
14:16 < apollo13> cause you did not have the generator I assume?
14:16 < Poster>  it's not entirely too bad, the link between home pfsense and VPS will just need to route your LAN/VPN addresses (probably RFC1918) and leave default routes alone
14:16 < ke4nhw> enable or disable failed, but all the others, even status worked
14:16 < ke4nhw> likely so
14:17 < apollo13> yes, you were missing the generator
14:17 < CheckYourSix> If it's possible, I'd also like it so all of my phone's traffic was routed out through the VPS or through my home internet, that way it's secure all the time even if I use public wifi.
14:17 < CheckYourSix> Poster: I don't know how to configure that
14:17 < ke4nhw> Yep... What is the generator file name and its location, and does it ship with openvpn?
14:18 < Poster> the end result might be your phone or laptops coming in on say tap0 and the link from VPS to Home on tun0
14:18 < Poster> then you just permit IP routing between the two
14:18 < CheckYourSix> Poster: Yeah, I have no idea how to do that.
14:19 < apollo13> ke4nhw: paths are described here http://www.freedesktop.org/software/systemd/man/systemd.generator.html -- it is named openvpn-generator in debian, not sure if upstream has it
14:19 <@vpnHelper> Title: systemd.generator (at www.freedesktop.org)
14:19 < ke4nhw> I will look at or create this generator, or may even leave it this way who knows. It's now working but again it's a bit of a hack
14:20 -!- justinzane [~justinzan@24.49.199.88] has joined #openvpn
14:20 < ke4nhw> One benefit is that leaving it this way prevents a .conf file from getting slipped in and triggered by a reboot
14:21 < ke4nhw> Of course if someone does slip in a conf file then they've already gotten too far for any of that to matter lol
14:21 < Poster> CheckYourSix: you're most of the way there, just need a second OpenVPN instance that doesn't route all traffic through it
14:23 < CheckYourSix> So leave "push "redirect-gateway def1 bypass-dhcp"" commented out
14:23 < Poster> you can probably copy your current configuration, change the IP range, interface name if specified and yes remove the redirect-gateway line
14:23 < CheckYourSix> And leave out the push "dhcp-option DNS 8.8.8.8"
14:23 < Poster> yeah
14:24 < Poster> you will need to push the route for whatever range your existing instance is using
14:24 < CheckYourSix> https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
14:24 <@vpnHelper> Title: How To Setup and Configure an OpenVPN Server on CentOS 7 | DigitalOcean (at www.digitalocean.com)
14:24 < Poster> actually, that might not entirely work, the OpenVPN server will need to route traffic to your home network back to the pfsense instance
14:25 < CheckYourSix> That is the tutorial I followed
14:25 < CheckYourSix> It has some added route stuff at the bottom for iptables
14:27 < Poster> ok this should be close
14:27 < Poster> https://docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/site-to-site-layer-3-routin-using-openvpn-access-server/
14:27 <@vpnHelper> Title: Site-to-Site Layer 3 Routing Using OpenVPN Access Server and a Linux Gateway Client | Documentation (at docs.openvpn.net)
14:27 < Poster> treat the remote LAN as your existing OpenVPN  instance
14:27 < CheckYourSix> Does it make a difference that I'm not using access server
14:28 < Poster> actually yeah scratch that
14:28 < Poster> :(
14:28 < Poster> I am coming up short on examples hang on
14:28 < Poster> basically you're just looking to link with fixed addresses on each side, then route the remote subnet via the fixed address
14:28 < CheckYourSix> Yeah, that's what I keep running into. No examples. When I figure it out, I'm writing a tutorial for it and putting it online.
14:53 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
14:54 < CheckYourSix> Poster: Any luck?
14:54 < Poster> sorry no I am at work so kinda split :|
14:59 < Poster> ok this is close
14:59 < Poster> http://shorewall.net/OPENVPN.html#Routed
14:59 <@vpnHelper> Title: OpenVPN Tunnels and Bridges (at shorewall.net)
15:00 < Poster> skip down to the "This is the OpenVPN config on system A:" section
15:07 -!- ke4nhw [~ke4nhw@unaffiliated/xanthaos] has quit []
15:34 -!- allizom [~Thunderbi@host90-168-dynamic.37-79-r.retail.telecomitalia.it] has joined #openvpn
15:43 -!- allizom [~Thunderbi@host90-168-dynamic.37-79-r.retail.telecomitalia.it] has quit [Quit: allizom]
15:49 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Quit: Leaving]
16:04 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
16:30 -!- somis [~somis@167.160.44.215] has joined #openvpn
16:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
16:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
16:52 -!- Badimo [~yuuuuu@ppp-2-86-158-96.home.otenet.gr] has joined #openvpn
17:08 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
17:10 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Ping timeout: 255 seconds]
17:11 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
17:11 -!- JackWinter1 [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has quit [Ping timeout: 256 seconds]
17:12 -!- JackWinter [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has joined #openvpn
17:13 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Ping timeout: 276 seconds]
17:23 -!- JackWinter [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has quit [Quit: Konversation terminated!]
17:24 -!- JackWinter [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has joined #openvpn
17:28 -!- nitdega [~nitdega@2602:304:ab12:d3c1:8440:a9d6:7fbf:afa3] has quit [Ping timeout: 264 seconds]
17:37 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has quit [Remote host closed the connection]
17:40 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:45 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has joined #openvpn
17:58 < wallbroken> is there some developer of openvpn connect?
17:58 < wallbroken> i need to ask him if the project is no longer in development
17:58 < wallbroken> i get no updates since + 1 year
18:09 -!- AlmogBaku [~AlmogBaku@79.177.15.253] has joined #openvpn
18:22 -!- AlmogBaku [~AlmogBaku@79.177.15.253] has quit [Ping timeout: 260 seconds]
18:27 -!- nitdega [~nitdega@2602:304:af2b:4221:5e04:d096:fcb0:b181] has joined #openvpn
18:47 -!- somis [~somis@167.160.44.215] has quit [Quit: Leaving]
19:04 -!- valent [~valentt@46.54.226.50] has joined #openvpn
19:08 -!- s7eele [~AndChat52@104.156.228.71] has joined #openvpn
19:11 -!- s7eele [~AndChat52@104.156.228.71] has quit [Client Quit]
19:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
19:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:11 -!- aerth [~aerth@unaffiliated/aerth] has quit [Disconnected by services]
20:17 -!- valent [~valentt@46.54.226.50] has quit [Read error: Connection timed out]
20:18 -!- valent [~valentt@46.54.226.50] has joined #openvpn
20:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
20:37 -!- valent [~valentt@46.54.226.50] has quit [Read error: Connection timed out]
20:38 -!- valent [~valentt@46.54.226.50] has joined #openvpn
20:40 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
20:47 -!- u0m3 [~u0m3@188.27.74.65] has quit [Quit: Leaving]
20:48 -!- u0m3 [~u0m3@188.27.74.65] has joined #openvpn
20:55 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has joined #openvpn
20:58 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
21:03 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
23:07 -!- JackWinter [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has quit [Ping timeout: 265 seconds]
23:08 -!- abra0 is now known as santa0
23:17 -!- Badimo [~yuuuuu@ppp-2-86-158-96.home.otenet.gr] has quit []
23:20 -!- ShadniX [dagger@p5DDFC85C.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:21 -!- ShadniX [dagger@p5DDFC98D.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Fri Dec 25 2015
00:22 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
00:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:37 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
00:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:31 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 246 seconds]
01:44 -!- nitdega [~nitdega@2602:304:af2b:4221:5e04:d096:fcb0:b181] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
02:02 < KNERD> wallbroken: I have seen many community project have no updatres for 2 years or more
02:03 < KNERD> nobody is getting paid for it, an dno hurry to work on it unless there is an exploit
02:10 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
02:10 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:15 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
03:01 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has joined #openvpn
03:06 -!- julieeharshaw [~julie@juliekoubova.net] has quit [Ping timeout: 246 seconds]
03:07 -!- n0b0dyh3r3 [~n0b0dyh3r@93.186.251.170] has quit [Read error: Connection reset by peer]
03:09 -!- julieeharshaw [~julie@juliekoubova.net] has joined #openvpn
03:15 -!- JackWinter [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has joined #openvpn
03:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
03:51 -!- Joost [~Joost@unaffiliated/joost] has left #openvpn ["WeeChat 1.0.1"]
04:04 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 240 seconds]
04:19 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
04:20 -!- valent [~valentt@46.54.226.50] has joined #openvpn
04:36 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
04:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
04:42 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
04:50 -!- roentgen [~roentgen@unaffiliated/roentgen] has quit [Quit: WeeChat 1.3]
04:53 -!- roentgen [~roentgen@unaffiliated/roentgen] has joined #openvpn
05:00 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
05:04 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has quit [Ping timeout: 255 seconds]
05:06 -!- zmachine [~zmachine@pool-74-100-90-30.lsanca.fios.verizon.net] has joined #openvpn
05:11 -!- ustn [~ustn@p4FDB1895.dip0.t-ipconnect.de] has joined #openvpn
05:23 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
05:44 -!- toli [~toli@ip-62-235-212-32.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
05:46 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 276 seconds]
05:47 -!- toli [~toli@ip-62-235-212-241.dsl.scarlet.be] has joined #openvpn
05:58 -!- valent [~valentt@46.54.226.50] has joined #openvpn
06:15 -!- ustn [~ustn@p4FDB1895.dip0.t-ipconnect.de] has quit [Quit: ustn]
06:17 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
06:17 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
06:21 -!- JackWinter1 [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has joined #openvpn
06:22 -!- JackWinter [~jack@10.Red-83-41-215.dynamicIP.rima-tde.net] has quit [Ping timeout: 260 seconds]
06:30 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
06:36 -!- JujuZA [~JujuZA@105.229.171.60] has joined #openvpn
06:37 -!- JujuZA__ [~JujuZA@105.229.171.60] has joined #openvpn
06:41 -!- JujuZA__ [~JujuZA@105.229.171.60] has quit [Client Quit]
06:48 -!- Denial [~Denial@81.141.7.174] has quit [Ping timeout: 265 seconds]
06:48 -!- Denial [~Denial@81.141.22.6] has joined #openvpn
06:59 -!- adaptr [~jgeilman@unaffiliated/adaptr] has quit [Ping timeout: 276 seconds]
07:01 -!- adaptr [~jgeilman@unaffiliated/adaptr] has joined #openvpn
07:09 -!- somis [~somis@167.160.44.201] has joined #openvpn
07:18 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
07:18 < dionysus69> hello all
08:05 -!- roentgen [~roentgen@unaffiliated/roentgen] has quit [Quit: WeeChat 1.3]
08:06 -!- roentgen [~roentgen@unaffiliated/roentgen] has joined #openvpn
08:19 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 264 seconds]
08:32 -!- Badimo [~1111@ppp-2-86-158-96.home.otenet.gr] has joined #openvpn
08:32 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
08:41 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
08:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
08:57 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:07 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
09:10 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
09:32 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has quit [Quit: No Ping reply in 180 seconds.]
09:34 -!- unixninja92 [~unixninja@whirlpool.stdnt.hampshire.edu] has joined #openvpn
09:57 -!- nitdega [~nitdega@2602:304:ab12:e8a1:dcc1:fee:97eb:eb31] has joined #openvpn
10:22 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:26 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
10:33 < deed02392> i'm trying to get openvpn server running on tomato firmware, behind another router. i've set up port forwarding but it doesn't seem to let me establish a vpn client connection (timeout)
10:34 -!- JujuZA [~JujuZA@105.229.171.60] has quit [Read error: Connection reset by peer]
10:44 < KNERD> deed02392: then you neeed to read the log to find out why
10:45 < deed02392> of what? the server?
10:45 < KNERD> of course
10:46 < KNERD> the client should have a log also
10:49 -!- debdog [~debdog@HSI-KBW-091-089-090-034.hsi2.kabelbw.de] has quit [Remote host closed the connection]
10:55 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:11 -!- debdog [~debdog@HSI-KBW-091-089-090-057.hsi2.kabelbw.de] has joined #openvpn
11:12 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
11:15 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
11:17 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
11:18 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Client Quit]
11:22 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
11:27 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
11:36 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
11:43 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
11:57 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has quit [Remote host closed the connection]
12:34 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
12:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
12:41 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
12:42 -!- banco [~ban@212.164.222.212] has joined #openvpn
12:46 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
12:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:09 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 244 seconds]
13:15 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
13:19 -!- troyt [~troyt@c-24-10-220-108.hsd1.ut.comcast.net] has joined #openvpn
13:21 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 244 seconds]
13:22 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
13:36 -!- saik0_ [~saik0@unaffiliated/saik0] has joined #openvpn
13:39 -!- saik0 [~saik0@unaffiliated/saik0] has quit [Ping timeout: 250 seconds]
13:40 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
13:42 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
13:57 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 260 seconds]
13:59 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
14:02 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 255 seconds]
14:02 -!- Neal_ [~neal@felix.ineal.me] has quit [Ping timeout: 240 seconds]
14:03 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 244 seconds]
14:10 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
14:16 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Max SendQ exceeded]
14:16 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
14:27 -!- santa0 is now known as santa4631
14:36 -!- santa4631 is now known as abra0
14:36 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
14:37 -!- Neal_ [~neal@felix.ineal.me] has joined #openvpn
14:38 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
15:25 -!- ikonia [~irc@unaffiliated/ikonia] has joined #openvpn
15:26 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
15:27 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
15:27 < ikonia> !welcome
15:27 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
15:27 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
15:29 < ikonia> !howto
15:29 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror or (#3) Getting started with OpenVPN: https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
15:43 < ikonia> I'm trying to use an old openvpn build as an access point on a dual homed server internet/internal network, version 2.1
15:44 < BtbN> Don't do that.
15:44 < ikonia> BtbN: ok, educate me
15:44 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 255 seconds]
15:44 < BtbN> about what? Old versions are bad.
15:45 < ikonia> I appreciate that, thats why I need to set it up, to remove this host and replace it with a new one
15:45 < BtbN> Why not just update to the latest versions?
15:45 < ikonia> because I don't want to put compilers and build tools on this machine
15:45 < BtbN> Use its package manager then
15:45 < ikonia> when I can lock it to a single IP via the firewall
15:46 < ikonia> what's package manager ?
15:46 < ikonia> I'm using the package supplied by the distro
15:46 < ikonia> it's a legacy box, hence I want to swap it over
15:48 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
15:50 -!- alec-b [~alec@69.19.158.5.rev.vodafone.pt] has quit [Ping timeout: 255 seconds]
15:52 -!- alec-b [~alec@150.6.158.5.rev.vodafone.pt] has joined #openvpn
16:02 < ikonia> I've brought up openvpn on a dual homed machine, and the tun virtual device has the same IP address as the internal NIC, that seems wrong, or have I miss-understood how openvpn will use the tun device ?
16:02 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
16:18 < Poster> yeah it is wrong, if you are trying to create a routed connection, the tun device should be a unique address not appearing anywhere on the OpenVPN host
16:22 < ikonia> thank you, thats what I expected
16:22 < ikonia> what sets the tun address ?
16:22 < ikonia> it doesn't appear to be set anywhere in the config, so I'm not %100 sure whats setting it
16:23 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
16:29 < Poster> if you are the OpenVPN client, the server may be assigning the address
16:35 < ikonia> this is on the physical server
16:35 < ikonia> if I check the interface state, the tun device has the same ip as eth1
16:35 < ikonia> just seems a bit odd
16:35 < ikonia> I can work it out, I've used AS before,
16:38 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
16:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Client Quit]
16:39 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
16:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
16:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
16:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:18 -!- BrianBlaze420 [~blaze@unaffiliated/brianblaze] has joined #openvpn
17:36 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
18:25 -!- wallbroken [~vpnuser@unaffiliated/wallbroken] has quit [Ping timeout: 240 seconds]
18:38 -!- valent [~valentt@46.54.226.50] has quit [Read error: Connection timed out]
18:38 -!- valent [~valentt@46.54.226.50] has joined #openvpn
18:42 -!- somis [~somis@167.160.44.201] has quit [Quit: Leaving]
18:45 -!- justinzane [~justinzan@24.49.199.88] has quit []
19:16 -!- joako [~joako@opensuse/member/joak0] has quit [Quit: quit]
19:18 -!- joako [~joako@opensuse/member/joak0] has joined #openvpn
19:43 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 264 seconds]
19:44 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 244 seconds]
19:47 -!- HanSooloo [~HanSooloo@pool-108-48-120-141.washdc.fios.verizon.net] has quit [Quit: HanSooloo]
19:49 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
19:59 -!- valent [~valentt@46.54.226.50] has joined #openvpn
20:01 -!- JackWinter1 [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has quit [Quit: Konversation terminated!]
20:02 -!- JackWinter [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has joined #openvpn
20:28 -!- JackWinter [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has quit [Ping timeout: 246 seconds]
20:34 -!- JackWinter [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has joined #openvpn
20:52 -!- __FBi [B@Aircrack-NG/User] has quit [Ping timeout: 240 seconds]
20:52 -!- _FBi [~B@Aircrack-NG/User] has quit [Ping timeout: 240 seconds]
20:52 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
20:52 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
20:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:11 -!- JackWinter [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has quit [Ping timeout: 260 seconds]
21:19 -!- JackWinter [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has joined #openvpn
21:24 -!- JackWinter [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has quit [Ping timeout: 240 seconds]
21:25 -!- JackWinter [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has joined #openvpn
21:28 -!- JackWinter [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has quit [Remote host closed the connection]
23:08 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lahuplpsjwkvvzmr] has joined #openvpn
23:10 -!- Badimo [~1111@ppp-2-86-158-96.home.otenet.gr] has quit []
23:16 -!- daniear [~ben@180.159.207.34] has joined #openvpn
23:16 < daniear> vpn has connected but couldn't visit websites etc
23:17 < daniear> just noticed didn't have push "redirect-gateway def1"  in the firewall
23:17 < daniear> but when i add push "redirect-gateway def1"
23:17 < daniear> but when i add push "redirect-gateway def1"  i get this error
23:17 < daniear> ./firewall.sh: line 14: push: command not found
23:17 < daniear> any fix?
23:18 -!- ShadniX [dagger@p5DDFC98D.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:18 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 264 seconds]
23:19 -!- ShadniX [dagger@p5DDFC75A.dip0.t-ipconnect.de] has joined #openvpn
23:20 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
23:43 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has quit [Quit: ZNC - http://znc.in]
23:47 -!- supergauntlet [~supergaun@unaffiliated/supergauntlet] has joined #openvpn
23:47 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: byezzzzzzzzzz]
--- Day changed Sat Dec 26 2015
00:03 -!- whoa [~whoa@unaffiliated/whoa] has joined #openvpn
00:20 < daniear> is rpmforge a good way to install openvpn?
00:35 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 276 seconds]
00:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
00:58 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
01:15 -!- Meow-J [uid69628@gateway/web/irccloud.com/x-lahuplpsjwkvvzmr] has quit [Quit: Connection closed for inactivity]
01:26 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
01:36 < dionysus69> anyone here?
01:38 -!- whoa [~whoa@unaffiliated/whoa] has left #openvpn ["Leaving"]
01:40 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 260 seconds]
01:43 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
01:54 -!- valent [~valentt@46.54.226.50] has joined #openvpn
02:04 -!- weox [uid112413@gateway/web/irccloud.com/x-qlcxnyhmnihitwru] has joined #openvpn
02:11 < daniear> [root@seven ~]# systemctl start openvpn@server.service
02:11 < daniear> Job for openvpn@server.service failed because the control process exited with error code. See "systemctl status openvpn@server.service" and "journalctl -xe" for details.
02:11 < daniear> [root@seven ~]#
02:24 < dionysus69> I am hangin on this Initialization Sequence Completed
02:24 < dionysus69> ERROR: Linux route add command failed: external program exited with error status: 2 this error more specifically
02:30 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has quit [Ping timeout: 250 seconds]
02:34 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
02:37 < daniear> http://www.pastebin.ca/3302055
02:37 < daniear> can connect, ping 10.8.0.1 but
02:38 < daniear> all websites i can visit still use my local ip not the servers ipv4
02:38 < daniear> anything wrong with the configs?
02:41 < daniear>  push "redirect-gateway local def1 bypass-dhcp bypass-dns"
02:41 < daniear> i added that
02:41 < daniear> still internet isn't exiting through the vpn at all
02:50 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Quit: dionysus69]
02:51 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:01 < daniear> anyone here?
03:03 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Remote host closed the connection]
03:04 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:12 < KNERD> dionysus69: look for syntax errrors
03:12 < dionysus69> wait
03:12 < dionysus69> where?
03:12 < KNERD> in the configs?
03:12 < dionysus69> I reloged so I lost what I posted, https://gist.github.com/anonymous/c17c2f5e71c2b2cd87c5 heres my gist
03:12 <@vpnHelper> Title: gist:c17c2f5e71c2b2cd87c5 · GitHub (at gist.github.com)
03:13 < dionysus69> hmm will post my config no problem but I doubt there is a syntax error
03:13 < KNERD> daniear:  push "redirect-gateway local def1 bypass-dhcp bypass-dns"  notice LOCAL
03:13 < daniear> thanks ill try that
03:13 < KNERD> no
03:13 < KNERD> you already using that
03:13 < dionysus69> also can you tell me what is the last final repeating part of log level 9 in what I gisted?
03:13 < daniear> i'll post my current configs
03:14 < daniear> http://www.pastebin.ca/3302073
03:14 < KNERD> daniear: you using local..not the port
03:15 < dionysus69> heres my config file https://gist.github.com/anonymous/d0a87f7be83bc70bd0e8
03:15 <@vpnHelper> Title: gist:d0a87f7be83bc70bd0e8 · GitHub (at gist.github.com)
03:15 -!- illuminated [~illuminat@freebsd/user/illuminated] has joined #openvpn
03:16 < illuminated> can 2 different clients be authenticated with the same certificate at the same time?
03:16 < KNERD> dionysus69: no configs for client
03:17 < dionysus69> first I am tring to setup server
03:17 < dionysus69> its not working
03:17 < dionysus69> you see the first gist I posted in the end theres 5 lines repeating with some digit incrementing
03:17 < dionysus69> is that an error or what it is?
03:17 < daniear> its my first time using just a static key
03:17 < daniear> so im not sure if my configs are correct
03:18 < dionysus69> MULTI: REAP range 48 -> 64
03:18 < dionysus69> MULTI: REAP range 64 -> 80
03:18 < dionysus69> so on
03:19 < dionysus69> on log level 6 it hangs on Initialization Sequence Completed
03:20 < daniear> am i supposed to use push "redirect-gateway def1 bypass-dhcp"
03:21 < daniear> or put local in there?
03:21 -!- viric [~viric@unaffiliated/viric] has joined #openvpn
03:21 < viric> Hello
03:21 < viric> I have a properly connected openvpn (tap, over tcp) to a mikrotik
03:22 < viric> (Init Seq Completed, IPs set, all that)
03:22 < viric> But I have RX packets:0 in tap0
03:22 < viric> I try to ping, and I see mikrotik receiving and sending back answers
03:23 < viric> With verbose openvpn I think that the answer packets really come in, but they don't go to the tap0
03:23 < viric> I don't see any complaint in the log.
03:29 -!- daniear [~ben@180.159.207.34] has quit [Quit: Leaving]
03:41 -!- ustn [~ustn@p4FDB0A50.dip0.t-ipconnect.de] has joined #openvpn
03:44 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 240 seconds]
03:46 -!- valent [~valentt@46.54.226.50] has joined #openvpn
03:47 -!- daniear [~ben@180.159.207.34] has joined #openvpn
03:49 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:51 < daniear> are there any obvious errors in these configs? its my first time using a static key
03:51 < daniear> http://pastebin.ca/3302102
03:51 < daniear> atm i can't connect but it may be due to slow internet
03:52 < daniear> http://pastebin.ca/3302103
03:52 < daniear> first link i posted the server config twice
03:59 < daniear> ?
03:59 < daniear> :)
04:04 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 260 seconds]
04:08 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
04:08 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
04:11 -!- dionysus70 is now known as dionysus69
04:36 -!- ustn [~ustn@p4FDB0A50.dip0.t-ipconnect.de] has quit [Quit: ustn]
04:41 -!- roentgen [~roentgen@unaffiliated/roentgen] has quit [Quit: WeeChat 1.3]
04:49 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 250 seconds]
04:54 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
04:58 -!- [Mew2] [~Br0ck@unaffiliated/br0ck] has joined #openvpn
04:59 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:03 < [Mew2]> Can users be limited by data usage?
05:03 -!- weox [uid112413@gateway/web/irccloud.com/x-qlcxnyhmnihitwru] has quit [Quit: Connection closed for inactivity]
05:03 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:32 < [Mew2]> Hello?
05:37 < daniear> hi
05:41 -!- AlmogBaku [~AlmogBaku@79.177.15.253] has joined #openvpn
05:43 < [Mew2]> ] Can users be limited by data usage?
05:44 < ikonia> check the topic [Mew2] it's a slow traffic channel, just ask and wait, people do get back to you when they are active, plus it's christmas, so not many people will be at their computer
05:45 < apollo13> [Mew2]: not out of the box afaik
05:46 < apollo13> there is a management interface where you can get information about the consumed bandwith and then disconnect users accordingly I'd say
05:46 < apollo13> there are also some radius plugins afaik
05:48 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
05:54 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
05:55 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:01 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
06:07 < wkts> So according to https://openvpn.net/index.php/open-source/documentation/howto.html windows auto startup can happen by adding a service.
06:07 <@vpnHelper> Title: HOWTO (at openvpn.net)
06:07 < wkts> Which works.... but if the laptop sleeps and wakes up, I seem to lose my vpn?
06:08 < apollo13> sounds sensible
06:08 < wkts> but the GUI automatically reconnects?
06:08 < apollo13> no idea, I do not use windows
06:15 < daniear> having issues
06:15 < daniear> https://dpaste.de/DxQS
06:15 < daniear> trying to wrap openvpn in ssl layer
06:17 < BtbN> why?
06:18 < daniear> because openvpn doesnt work longer than a few days here in chia
06:18 < daniear> china
06:18 < daniear> due to new deep packet inspection
06:21 < ikonia> isn't the ssl connection encypted already
06:21 < marlinc> Is it possible to also send IPv6 addresses using server-bridge?
06:21 < daniear> ikonia, what
06:21 < daniear> wrapping openvpn in ssl confuses the dpi
06:22 < daniear> they're dpi specifically searches for openvpn connections and shuts them down
06:25 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 245 seconds]
06:27 < ikonia> so basically you're trying to bypass the law of the country you'r ein
06:27 < daniear> ikonia, you're damn right
06:27 < ikonia> ok
06:27 < daniear> that's what millions of people use vpn's for
06:27 < Neighbour> daniear: looks like the stunnel client won't connect to the stunnel server
06:28 < daniear> Neighbour, yea
06:28 < Neighbour> (or can't)
06:28 < daniear> but the configs seem ok
06:28 < Neighbour> yea, the only thing I can find is that it complains about the permissions set on the config file
06:29 < Neighbour> can you connect to port 443 on the ip specified in the client config from the client at all?
06:29 < Neighbour> because it looks like that is being blocked
06:29 < ikonia> I told you this already daniear
06:29 < ikonia> fix the pem permissions and look at why that connection is timing out
06:30 < daniear> Neighbour, the firewall is wide open on the server and client
06:30 < ikonia> I stated this in #centos where the same discussion is going on
06:30 < ikonia> then why can't you connect to 443 on the remote host
06:30 < ikonia> do a port test
06:30 < Neighbour> daniear: there might be other firewalls in between :)
06:31 < daniear> how to check?
06:31 < Neighbour> what ikonia said: do a port test
06:32 < ikonia> this seems silly
06:32 < Neighbour> get nmap and run a portscan (though that might not be the most stealthiest way to do this)
06:32 < ikonia> you ask in #centos - get told what to do, then ask in #openvpn and get told again
06:32 < ikonia> just telnet to the port
06:32 < ikonia> or use npr
06:32 < ikonia> that will show a dumb connection
06:33 < daniear> putty can't telnet to 443 from client
06:33 < Neighbour> well then, there you have it
06:34 < Neighbour> if putty can't connect on port 443, then stunnel can't either
06:34 < Neighbour> s/putty/telnet/
06:37 < daniear> hmm
06:37 < daniear> well i get this in stunnel client log
06:37 < daniear> 2015.12.26 20:35:30 LOG3[63]: s_connect: connect 208.111.39.206:443: Connection refused (WSAECONNREFUSED) (10061)
06:37 < daniear> 2015.12.26 20:35:30 LOG5[63]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
06:37 < daniear> thats after i increased the connect timeout
06:37 < daniear> and i also openned 443 on the server even though the input default chain rule is accept
06:37 < apollo13> a timeout has nothing to do with connrefused
06:38 < daniear> it says connection refused though
06:38 < ikonia> you won't get anywhere until you can do the handhake that is timing out
06:38 < ikonia> so you need to fix that first
06:38 < ikonia> (and fix the permissions on your certs !)
06:38 < daniear> its not timing out anymore
06:38 < daniear> but now it says refused
06:38 < daniear> i made the certs 400 already
06:40 < ikonia> the service the stunnel client is is refusing your connection then, look at it's logs to show why
06:40 < Neighbour> try `tcpdump -n tcp port 443` on the server and see if you are getting any traffic from the client there
06:40 < ikonia> again, do dumb port tests to see if you get any idea
06:41 < daniear> putty also says connect refused
06:42 < daniear> hmm
06:43 < daniear> tcp dump is showing activity on server when i try to connect
06:43 < daniear> https://dpaste.de/9h7F
06:44 < daniear> it shows my local ipv4 addy and the servers
06:45 < daniear> that would suggest a problem server side wouldnt it
06:45 < daniear> since the packets are getting there to be recorded
06:47 < Neighbour> ?
06:47 < Neighbour> i don't see that as a problem...this is what you would expect
06:48 < Neighbour> if you do a `netstat -anp`, does it list anything (stunnel preferably) listening on either 0.0.0.0 or the IP you're trying to connect to on port 443?
06:48 < Neighbour> (on the server)
06:48 < daniear> one second
06:50 -!- MacGyver [~macgyver@unaffiliated/macgyvernl] has joined #openvpn
06:51 < daniear> https://dpaste.de/47Np
06:51 < daniear> i think it doesnt
06:51 < Neighbour> indeed
06:51 < Neighbour> so stunnel is not running on the server
06:51 < Neighbour> fix that :)
06:51 < Neighbour> or it is running, but not listening for incoming connections
06:53 < daniear> ok now it says
06:53 < daniear> tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      10481/stunnel
06:53 < daniear> will try to connect again
06:53 < Neighbour> ah, that's better
06:54 < daniear> holy *** it works now
06:54 < Neighbour> :)
06:54 < daniear> openvpn client went straight to green
06:54 -!- roentgen [~roentgen@unaffiliated/roentgen] has joined #openvpn
06:54 < Neighbour> don't forget to fix the .pem-file permissions
06:55 < daniear> i made .pem chmod 400
06:55 < Neighbour> that should work :)
06:55 < daniear> hmm well i can ping 10.8.0.1 from client
06:55 < daniear> thats a good start
06:55 < Neighbour> afk, breakfast
06:56 < daniear> Neighbour, thanks
06:59 < daniear> the remaining issue to fix is my internet isn't exiting the server
06:59 < daniear> once i connect can't browse websites at all
07:00 < daniear> push "redirect-gateway local def1"  in server
07:00 < daniear> and ip forewarding is enabled
07:02 < daniear> this is the firewall scrip im use on server
07:02 < daniear> http://pastebin.ca/3302356
07:03 < daniear> iptables -L -v shows me that zero packets are being accepted by the FORWARD chain
07:11 < daniear> any ideas?
07:25 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has quit [Ping timeout: 244 seconds]
07:26 -!- Ofloo [~admin@narf.ofloo.net] has joined #openvpn
07:26 < Ofloo> hi, .. i got this issue where the vpn server assigns the IP to the client with the wrong broadcast anyone how i can fix this
07:26 < Ofloo> the broadcast equals the servers assigned IP
07:26 < apollo13> Ofloo: show your server config…
07:27 < Ofloo> moment
07:28 -!- daniear [~ben@180.159.207.34] has quit [Read error: Connection reset by peer]
07:30 < Ofloo> http://pastebin.com/M7W1taXA
07:30 < Ofloo> there
07:30 -!- deetwelve [~deetwelve@unaffiliated/deetwelve] has joined #openvpn
07:32 < Ofloo> oh and in the ccd of that client is basicly only this ifconfig-push 10.0.0.11
07:33 < apollo13> and your problem is what now?
07:33 < Ofloo> that the broadcast ip on the client has the same as the gateway
07:33 < Ofloo> meaning the server is 10.0.0.1
07:33 < Ofloo> subnet is /24
07:34 < apollo13> yes server is 10.0.0.1, gateway is 10.0.0.2 and then you have a pool starting with 3
07:34 < Ofloo> so the clients shoudl have broadcast of 10.0.0.255
07:35 < apollo13> I'd say yes, please show the output of ip addr show on the client and server
07:35 < Ofloo> inet 10.0.0.11 netmask 0xffffff00 broadcast 10.0.0.1
07:35 < Ofloo> this is the problem
07:35 < apollo13> any reason you added this: route 10.0.0.0 255.255.255.0 94.23.206.121 ?
07:35 < Ofloo> not really
07:36 < Ofloo> i don't think i need that
07:36 < apollo13> first of all, if you are doing ifconfig-push 10.0.0.11 you are overlapping static clients with the pool, which is probably not the best idea
07:36 < Ofloo> however that doesn't stop the problem
07:37 < Ofloo> ifconfig push is in ccd
07:37 < apollo13> also tun-ipv6 should be used if you use tun, you did specify tap0 as dev though, not sure if that is a good idea
07:37 < Ofloo> and each has it's own
07:37 < apollo13> I know, still overlaps
07:37 < apollo13> also topology subnet is default for tap
07:37 < Ofloo> i just added now because of the bcast issue
07:37 < apollo13> aside from that it looks okayish
07:37 -!- daniear [~ben@180.159.207.34] has joined #openvpn
07:38 < daniear> anyone have a sample firewall script?
07:38 < daniear> packets aren't being forwarded from tun0 to eth0 on server
07:38 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
07:39 < Ofloo> tun-ipv6, should be allowed for both, at least that's what i've been told
07:39 < Ofloo> i thought it had a confusing name but tun-ipv6 should be allowed for both tap and tun
07:40 < apollo13> ah okay
07:40 -!- AlmogBaku [~AlmogBaku@79.177.15.253] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
07:44 < daniear> http://pastebin.ca/3302413
07:44 < daniear> what am i missing? i see packets going through the forward chain when iptables -L -v
07:44 < daniear> but no websites can reach
07:46 < daniear> finally it works
07:46 < daniear> ah oh
07:46 < daniear> it worked for 5 seconds i went to whatsmyip.com
07:46 < daniear> now can't go to any website
07:46 < daniear> here's the new firewall script:
07:47 < daniear> http://pastebin.ca/3302419
07:48 < apollo13> well there isn't really any diff to before, SNAT and MASQUERADE are essentially the same here I'd say
07:53 < daniear> im thinking it might be dns iissue
07:54 < daniear> i can visit websites intermittendtly then get dns-probe error in chrome
07:55 -!- daniear [~ben@180.159.207.34] has quit [Read error: Connection reset by peer]
08:16 < ikonia> if I'm trying to use openvpn on a dual homed box (internet/internal network) to make a client participate as part of the internal network, would I be better placed using routed or bridged mode within openvpn ?
08:16 < ikonia> the dhcp service for the clients would not be provided by openvpn, but a dhcp server on the network already
08:17 < ikonia> from my reading bridged seems more logical, but I'm not %100 sure I've got it straight in my head
08:17 < Neighbour> dhcp doesn't work over routed vpn's
08:18 < Neighbour> so if you want the client to get a dhcp-lease from your server's network, use bridged mode
08:18 < Neighbour> um, machines on the client network, of course :)
08:18 < Neighbour> the client has to have an ip already in order to connect to the server :P
08:19 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
08:21 -!- pk12 [~pk12@104.243.24.236] has quit [Quit: Textual IRC Client]
08:38 -!- valent [~valentt@93-143-181-86.adsl.net.t-com.hr] has joined #openvpn
08:53 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
08:59 < ikonia> ahh thats a fair point, I'd not considered it at that basic a level, makes sense, thank you
09:10 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
09:13 -!- Ofloo [~admin@narf.ofloo.net] has quit [Ping timeout: 240 seconds]
09:14 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:24 -!- weox [uid112413@gateway/web/irccloud.com/x-uxdfmkyfspifrgyp] has joined #openvpn
09:56 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Ping timeout: 240 seconds]
09:57 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:00 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
10:02 < ikonia> should openvpn be setting the tap device IP address in a bridged configuration, or should it be setup before openvpn starts
10:05 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:07 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
10:36 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
10:42 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 245 seconds]
10:44 -!- Neal_ [~neal@felix.ineal.me] has quit [Ping timeout: 246 seconds]
10:44 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 260 seconds]
10:45 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
10:47 -!- APTX [~APTX@unaffiliated/aptx] has quit [Ping timeout: 240 seconds]
10:49 -!- APTX [~APTX@unaffiliated/aptx] has joined #openvpn
10:51 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
10:54 -!- Neal_ [neal@felix.ineal.me] has joined #openvpn
10:55 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
11:02 -!- Nik05 [~Nik05@unaffiliated/nik05] has quit [Ping timeout: 246 seconds]
11:31 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
11:34 -!- gchristensen [~gchristen@unaffiliated/grahamc] has quit [Ping timeout: 272 seconds]
11:35 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 250 seconds]
11:41 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
11:42 -!- daniear [~ben@180.159.207.34] has joined #openvpn
11:43 < daniear> got it working, works wonderfully
11:57 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 255 seconds]
11:58 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
12:41 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
12:57 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 245 seconds]
13:09 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
13:14 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has quit [Quit: We here br0.... xD]
13:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
13:30 -!- gchristensen [~gchristen@unaffiliated/grahamc] has joined #openvpn
13:39 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
13:41 -!- DzAirmaX [~AirmaX@unaffiliated/dzairmax] has joined #openvpn
13:50 -!- daniear [~ben@180.159.207.34] has quit [Ping timeout: 245 seconds]
14:05 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
14:19 -!- [Mew2] [~Br0ck@unaffiliated/br0ck] has quit [Quit: Br0ck]
14:19 -!- [Mew2] [~Br0ck@unaffiliated/br0ck] has joined #openvpn
14:34 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 260 seconds]
14:40 -!- somis [~somis@167.160.44.201] has joined #openvpn
15:00 -!- Hadi [~Instantbi@gateway/vpn/privateinternetaccess/merandus] has joined #openvpn
15:04 -!- [Mew2] [~Br0ck@unaffiliated/br0ck] has left #openvpn []
15:05 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
15:17 -!- [Mew2] [~Br0ck@unaffiliated/br0ck] has joined #openvpn
15:31 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
16:01 -!- Badimo [~1111@ppp-2-86-158-96.home.otenet.gr] has joined #openvpn
16:10 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Read error: Connection reset by peer]
16:19 -!- Hadi [~Instantbi@gateway/vpn/privateinternetaccess/merandus] has quit [Quit: Instantbird 1.6a1pre -- http://www.instantbird.com]
16:22 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
16:22 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 256 seconds]
16:23 -!- pk12 [~pk12@104.243.24.236] has quit [Client Quit]
16:25 -!- pk12 [~pk12@104.243.24.236] has joined #openvpn
16:30 -!- pk12 [~pk12@104.243.24.236] has quit [Client Quit]
16:58 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has quit [Ping timeout: 250 seconds]
17:01 -!- zamber [~zamber@dynamic-78-8-1-13.ssp.dialog.net.pl] has joined #openvpn
17:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
17:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
17:29 -!- [Mew2] [~Br0ck@unaffiliated/br0ck] has quit [Quit: Br0ck]
17:30 -!- [Mew2] [~Br0ck@unaffiliated/br0ck] has joined #openvpn
17:42 -!- toli [~toli@ip-62-235-212-241.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
17:45 < [Mew2]> hey guys
17:46 < [Mew2]> does a mobile phone need a vpn
17:46 < [Mew2]> does it send otu plain text things that can be sniffed
17:47 < dvl> [Mew2]: No.
17:47 -!- toli [~toli@ip-62-235-212-241.dsl.scarlet.be] has joined #openvpn
17:50 < [Mew2]> really?
17:50 < ikonia> won't it depend on the app
17:50 < ikonia> if you install an ftp app on a phone - it will send out plain text
17:51 < Thermi> Modern wireless carrier networks are usually encrypted. Your provider can sniff it though.
17:51 < [Mew2]> but if phone is in wifi then?
17:51 < Thermi> Modern wireless networks are encrypted and authenticated
17:52 < Thermi> Only the carrier network is, though.
17:52 < ikonia> but if you're the network owner, you can sniff
17:52 < Thermi> Or if you're somewhere on the network path between source and destination.
17:52 < [Mew2]> hmm ok
17:53 < [Mew2]> thanks  guys
18:04 -!- funnel [~funnel@unaffiliated/espiral] has quit [Ping timeout: 260 seconds]
18:05 -!- funnel [~funnel@unaffiliated/espiral] has joined #openvpn
18:10 -!- abra0_ [znc-admin@unaffiliated/abra0] has joined #openvpn
18:11 -!- iokill [~dave@pippin.sigma-star.at] has joined #openvpn
18:12 -!- tiago_ [tiago@unaffiliated/ttsda] has joined #openvpn
18:13 -!- Exagone314 [exa@elou.world] has joined #openvpn
18:16 -!- infernixx [nix@unaffiliated/infernix] has joined #openvpn
18:19 -!- somis [~somis@167.160.44.201] has quit [Quit: Leaving]
18:19 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:19 -!- ShadniX [dagger@p5DDFC75A.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
18:19 -!- abra0 [znc-admin@unaffiliated/abra0] has quit [Ping timeout: 246 seconds]
18:19 -!- avril [~L@I.thought.this.was.dalnet.ca] has quit [Ping timeout: 246 seconds]
18:19 -!- infernix [nix@unaffiliated/infernix] has quit [Ping timeout: 246 seconds]
18:19 -!- M4rc3l [~xxx@unaffiliated/m4rc3l] has quit [Ping timeout: 246 seconds]
18:19 -!- Exagone313 [exa@elou.world] has quit [Ping timeout: 246 seconds]
18:19 -!- abra0_ is now known as abra0
18:19 -!- infernixx is now known as infernix
18:19 -!- Exagone314 is now known as Exagone313
18:19 -!- avril [~L@I.thought.this.was.dalnet.ca] has joined #openvpn
18:19 -!- iokill_ [~dave@pippin.sigma-star.at] has quit [Ping timeout: 246 seconds]
18:20 -!- tiago [tiago@unaffiliated/ttsda] has quit [Ping timeout: 246 seconds]
18:20 -!- eSgr [~eSgr@priv.is-infra.net] has quit [Ping timeout: 246 seconds]
18:20 -!- tiago_ is now known as tiago
18:20 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
18:20 -!- ShadniX [dagger@p5DDFC75A.dip0.t-ipconnect.de] has joined #openvpn
18:20 -!- eSgr [~eSgr@priv.is-infra.net] has joined #openvpn
18:26 -!- valent [~valentt@93-143-181-86.adsl.net.t-com.hr] has quit [Ping timeout: 272 seconds]
18:50 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
18:54 -!- warehouse13 [~Left_Turn@unaffiliated/turn-left/x-3739067] has joined #openvpn
19:00 -!- alec-b [~alec@150.6.158.5.rev.vodafone.pt] has quit [Ping timeout: 240 seconds]
19:03 -!- alec-b [~alec@118.106.108.93.rev.vodafone.pt] has joined #openvpn
19:17 -!- Badimo is now known as carbon
19:49 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
19:50 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Max SendQ exceeded]
19:51 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
20:16 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Quit: He who dares .... wins.]
21:11 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
21:18 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
21:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
21:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:05 -!- carbon [~1111@ppp-2-86-158-96.home.otenet.gr] has quit []
23:13 -!- cyberspace- [20253@ninthfloor.org] has quit [Ping timeout: 272 seconds]
23:17 -!- ShadniX [dagger@p5DDFC75A.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:19 -!- ShadniX [dagger@p5481DCD0.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Sun Dec 27 2015
00:08 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
00:38 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Ping timeout: 245 seconds]
00:46 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
00:54 -!- luckman212 [~luckman21@unaffiliated/luckman212] has quit [Quit: Bye]
01:24 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 276 seconds]
01:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
01:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:13 -!- ayyad [~zm0@41.45.77.134] has joined #openvpn
02:16 < ayyad> Hello.. I'm having a rather weird problem.  I keep getting the error msg "TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" for like 10-15 minutes before the connection occurs.  Once it's connected though, I have no issues what so ever
02:16 < ayyad> any ideas would be highly appreciated
02:27 -!- luckman212 [~luckman21@unaffiliated/luckman212] has joined #openvpn
02:27 -!- TakeTwo [~The_Ares@unaffiliated/taketwo] has joined #openvpn
02:27 < TakeTwo> i installed openvpn using the deb web gui file as manually doing it doesn't work, but i cant find where the ovpn files are located, any help?
02:30 < TakeTwo> nvm
02:30 < TakeTwo> im just redoing it
02:30 -!- TakeTwo [~The_Ares@unaffiliated/taketwo] has left #openvpn ["Screw You Guys, I'm Going Home!"]
02:33 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
02:38 -!- [Mew2] [~Br0ck@unaffiliated/br0ck] has quit [Ping timeout: 264 seconds]
02:39 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 260 seconds]
02:40 -!- [Mew2] [~Br0ck@unaffiliated/br0ck] has joined #openvpn
02:46 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has quit [Ping timeout: 240 seconds]
02:53 -!- WinstonSmith [~WinstonSm@unaffiliated/winstonsmith] has joined #openvpn
03:03 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
03:03 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Client Quit]
03:10 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
03:11 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
03:11 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
03:12 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Client Quit]
03:28 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
03:37 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
03:39 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:41 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
03:44 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Client Quit]
03:52 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
03:55 -!- ustn [~ustn@p4FDB01C2.dip0.t-ipconnect.de] has joined #openvpn
04:09 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 250 seconds]
04:16 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 260 seconds]
04:22 -!- chamunks [chamunks@loki.entityreborn.com] has joined #openvpn
04:27 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
04:29 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
04:34 < [Mew2]> Hey guys
04:34 < [Mew2]> Anyone here?
04:37 -!- NightMonkey [~NightMonk@pdpc/supporter/professional/nightmonkey] has quit [Ping timeout: 250 seconds]
04:37 -!- chamunks [chamunks@loki.entityreborn.com] has quit [Ping timeout: 246 seconds]
04:41 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Read error: Connection reset by peer]
04:48 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
05:09 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 276 seconds]
05:11 -!- ustn [~ustn@p4FDB01C2.dip0.t-ipconnect.de] has quit [Quit: ustn]
05:18 -!- valent [~valentt@93-143-181-86.adsl.net.t-com.hr] has joined #openvpn
05:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:32 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
05:35 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:39 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
05:40 -!- Tinyyy [~textual@203.211.151.204] has joined #openvpn
05:41 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Read error: No route to host]
05:41 -!- Zimsky-- is now known as Zimsky
05:41 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
05:42 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn
05:42 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer]
05:43 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
05:44 -!- somis [~somis@167.160.44.201] has joined #openvpn
05:44 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
05:48 < [Mew2]> Anyone here?
05:48 -!- Eugene [eugene@kashpureff.org] has quit [Ping timeout: 240 seconds]
05:48 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 260 seconds]
05:49 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:54 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 264 seconds]
05:55 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
05:59 -!- Tinyyy [~textual@203.211.151.204] has quit [Quit: Textual IRC Client: www.textualapp.com]
06:00 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
06:01 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:04 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
06:05 -!- PeterReid [~quassel@faraday.reidweb.com] has joined #openvpn
06:06 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 265 seconds]
06:07 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:07 -!- chamunks [chamunks@loki.entityreborn.com] has joined #openvpn
06:11 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
06:12 -!- Eugene [eugene@kashpureff.org] has joined #openvpn
06:12 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:16 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
06:17 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 246 seconds]
06:18 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
06:52 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 272 seconds]
06:53 -!- valent_ [~valentt@93-141-156-91.adsl.net.t-com.hr] has joined #openvpn
06:57 -!- valent [~valentt@93-143-181-86.adsl.net.t-com.hr] has quit [Ping timeout: 276 seconds]
07:06 -!- u0m3 [~u0m3@188.27.74.65] has quit [Quit: Leaving]
07:07 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 276 seconds]
07:08 -!- gchristensen [~gchristen@unaffiliated/grahamc] has quit [Ping timeout: 256 seconds]
07:08 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 256 seconds]
07:08 -!- darlinger [~darlinger@li1238-151.members.linode.com] has quit [Ping timeout: 240 seconds]
07:09 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
07:14 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
07:34 -!- somis [~somis@167.160.44.201] has quit [Quit: Leaving]
07:35 -!- u0m3 [~u0m3@188.27.74.65] has joined #openvpn
07:45 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Read error: Connection reset by peer]
07:49 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
07:58 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
08:02 -!- rkos [~rkos@228.ip-176-31-189.eu] has quit [Quit: Lost terminal]
08:03 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
08:04 -!- darlinger [darlinger@2600:3c03::f03c:91ff:fea8:7bc8] has joined #openvpn
08:04 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
08:08 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Ping timeout: 240 seconds]
08:08 -!- darlinger [darlinger@2600:3c03::f03c:91ff:fea8:7bc8] has quit [Ping timeout: 260 seconds]
08:10 -!- r00t^2 [~bts@g.rainwreck.com] has quit [Ping timeout: 255 seconds]
08:12 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has quit [Ping timeout: 250 seconds]
08:18 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
08:29 -!- viric [~viric@unaffiliated/viric] has quit [Ping timeout: 255 seconds]
08:32 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 260 seconds]
08:48 -!- darlinger [darlinger@2600:3c03::f03c:91ff:fea8:7bc8] has joined #openvpn
08:48 -!- deviantintegral [~deviantin@drupal.org/user/71291/view] has joined #openvpn
08:50 -!- r00t^2 [~bts@g.rainwreck.com] has joined #openvpn
08:51 -!- valent_ [~valentt@93-141-156-91.adsl.net.t-com.hr] has quit [Ping timeout: 255 seconds]
09:00 -!- pk12 [~pk12@pool-71-178-163-65.washdc.fios.verizon.net] has joined #openvpn
09:00 -!- jackbrown [~se@unaffiliated/jackbrown] has joined #openvpn
09:01 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
09:04 -!- ayyad [~zm0@41.45.77.134] has quit [Ping timeout: 256 seconds]
09:07 -!- gchristensen [~gchristen@unaffiliated/grahamc] has joined #openvpn
09:08 < casdr> [Mew2]: Just ask and wait for somebody to answer
09:16 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
09:16 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:17 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
09:18 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
09:19 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Client Quit]
09:37 -!- valentt [~valentt@46.54.226.50] has joined #openvpn
09:41 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has joined #openvpn
09:41 -!- valentt [~valentt@46.54.226.50] has quit [Ping timeout: 260 seconds]
09:43 -!- valentt [~valentt@46.54.226.50] has joined #openvpn
09:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
09:46 -!- bluenemo [~bluenemo@unaffiliated/bluenemo] has quit [Quit: Leaving]
09:49 -!- valent [~valentt@46.54.226.50] has joined #openvpn
09:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
09:52 -!- valentt [~valentt@46.54.226.50] has quit [Ping timeout: 255 seconds]
10:00 -!- tomodachi [~tomodachi@s-000802a0bdd3.04-30-73746f34.cust.bredbandsbolaget.se] has quit [Ping timeout: 276 seconds]
10:01 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 246 seconds]
10:12 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:16 -!- mkay [mkay@gentoo/user/mkay] has joined #openvpn
10:17 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:19 < mkay> hi. i've got problem with vpn connection on UDP. i've got setup, which worked for several months, but few days ago i had power failure and since then i've got this problem... i can connecto to vpn server with UDP proto, but i have about 50% of packet loss (it's like ~50 packets goes throught and ~50 next doesn't). no problem if i change UDP to TCP. any ideas what can couse that?
10:20 < mkay> it's a client problem (i'm able to connect with UDP to this server with another client and it's stable)
10:21 -!- pk12 [~pk12@pool-71-178-163-65.washdc.fios.verizon.net] has quit [Quit: byezzzzzzzzzz]
10:23 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Ping timeout: 260 seconds]
10:23 -!- pk12 [~pk12@pool-71-178-163-65.washdc.fios.verizon.net] has joined #openvpn
10:27 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Read error: No route to host]
10:28 -!- james41382 [~james4138@unaffiliated/james41382] has quit [Read error: Connection reset by peer]
10:30 -!- james41382 [~james4138@unaffiliated/james41382] has joined #openvpn
10:30 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Ping timeout: 240 seconds]
10:31 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has joined #openvpn
10:31 -!- AlmogBaku [~AlmogBaku@bzq-79-180-136-77.red.bezeqint.net] has quit [Client Quit]
10:40 -!- valent [~valentt@46.54.226.50] has joined #openvpn
10:48 -!- hhhhhhhh [~mike@host-92-16-102-48.as13285.net] has joined #openvpn
10:49 -!- jackbrown [~se@unaffiliated/jackbrown] has quit [Quit: Sto andando via]
10:49 < hhhhhhhh> hi, i'm trying to connect a client/server with openvpn. both sides are logging peer connection initiated/initialization complete
10:49 < hhhhhhhh> the client can ping the server but the server can't ping back
10:50 < hhhhhhhh> if i disable pf it just hangs
10:52 < hhhhhhhh> ok i deleted a few lines and it's all good again
10:53 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 276 seconds]
11:08 -!- valent [~valentt@46.54.226.50] has joined #openvpn
11:28 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
11:36 -!- Stigmagr [5e45f0dd@gateway/web/cgi-irc/kiwiirc.com/ip.94.69.240.221] has joined #openvpn
11:36 < Stigmagr> hello everyone
11:36 < Stigmagr> banco: hello mate
11:36 < Stigmagr> marry xmas
11:37 < Stigmagr> guys i wanna ask: cant 2 computers connect to the same vpn server using the same client certificate?
11:42 < Stigmagr> guys anyone please?
11:45 -!- dvl [~dvl@freebsd/developer/dvl] has left #openvpn ["Textual IRC Client: www.textualapp.com"]
11:45 -!- dvl [~dvl@freebsd/developer/dvl] has joined #openvpn
11:45 < dvl> hhhhhhhh: what was the cause?
11:46 < hhhhhhhh> don't know
11:46 < hhhhhhhh> :D
11:46 < dvl> Stigmagr: I'd use two different client certs.  Why are you asking?
11:46 < dvl> hhhhhhhh: Sounds like firewall rules to me.
11:46 < dvl> or perhaps routing
11:46 < hhhhhhhh> it was some lines in my config but i don't remember which
11:48 < Stigmagr> dvl: I have clients that need to connect to the vpn while creating clones of virtual machines
11:48 < Stigmagr> dvl: each clone will be connected to the vpn at the same time
11:48 < Stigmagr> dvl: so each client needs to connect with the same cert, key
11:48 < dvl> Stigmagr: have you tried it?
11:49 < Stigmagr> dvl: yes and when 1 vm is connected the others are disconnected
11:49 < Stigmagr> dvl: they cant even ping 10.8.0.1
11:49 < dvl> Stigmagr: Have you read the docs looking for an option to allow this?
11:49 < dvl> ... because that's what I would do, but you should instead...
11:49 < Stigmagr> dvl: i just found an option for multiple clients with same cert
11:49 < dvl> I'd look for concurrent or multiple
11:49 < Stigmagr> dvl: i will try that 1st
11:49 < dvl> well ....
11:50 < Stigmagr> dvl: but the documentation mentions that i should only use that on a test enviroment lol :p
11:50 < Stigmagr> dvl: well if it works its fine by me :D
11:53 < Stigmagr> dvl: also i am unable to connect to the vpn server with a tun setup and i dont know why, i have set everything up for tun and couldnt connect to the internet from the client but when i change everything to tap it works fine
11:54 < dvl> Stigmagr: what OS?
11:54 < Stigmagr> dvl: btw the option i checked on google works for multple clients with same certificate
11:54 < Stigmagr> dvl: the server is on centos 6.7
11:54 < Stigmagr> dvl: the client is on both centos 6.7 and on windows ( i have tested both)
11:54 < Stigmagr> dvl: marry xmas btw :)
11:55 < dvl>  Merry Christmas
11:58 < Stigmagr> is there something special i would need to install on centos vpn server for having the tun setup?
11:58 < Stigmagr> I dont get why it works perfectly with tap setup
12:06 < ikonia> when you push routed in openvpn what actually sets up the routing on the vpn server, eg: does openvpn append an iptables rule ? how is the routing between the vpn and he private subnet managed /
12:06 -!- fearnothing [52450f79@gateway/web/freenode/ip.82.69.15.121] has joined #openvpn
12:06 < fearnothing> hi folks, have a question about openvpn... using viscosity client, not sure if I should be asking here
12:07 < ikonia> I'm trying to route between a subnet I've setup within openvpn 172 based, to a private network on the vpn server machine 10.11 based, where is the "router 172 clients to 10.11 addresses configured and pushed out"
12:07 < fearnothing> but it's worked just fine before and I'm trying to figure out what's different
12:07 < fearnothing> I have a connection to my home network with an openvpn connection running on pfsense
12:07 < fearnothing> previously there have been no problems, but now it seems to not  be routing my connection via my vpn
12:08 < fearnothing> it says I'm connected, I have the IP I'm expecting
12:08 < fearnothing> and the configuration is set to route all traffic via the vpn
12:08 < fearnothing> but it's not doing so
12:08 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has quit [Remote host closed the connection]
12:09 < fearnothing> what can I try?
12:11 < fearnothing> if I do traceroute to the default gateway for my VPN that works fine
12:11 < fearnothing> but nothing else is routing as it should
12:14 < dvl> Stigmagr: perhaps tap is not in your kernel
12:17 < [Mew2]> Hello
12:18 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
12:19 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
12:23 < Stigmagr> dvl: tap works normally tun is not working
12:23 < dvl> Stigmagr: Adjust my comment for your situation...
12:23 < fearnothing> any ideas anyone?
12:23 < Stigmagr> dvl: oh :P
12:25 -!- rooth [tomte@stuck.in.the.basement.at.fritzl.nu] has joined #openvpn
12:25 < Stigmagr> dvl: it seems it is enabled ;o
12:33 -!- nitdega [~nitdega@2602:304:ab12:e8a1:dcc1:fee:97eb:eb31] has quit [Quit: ZNC - 1.6.0 - http://znc.in]
12:36 < [Mew2]> Anyone help me?
12:38 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
12:39 < ikonia> I'm currently using this as my config for a routed openvpn server
12:39 < ikonia> http://pastebin.centos.org/37446/
12:40 < ikonia> I can connect to the vpn and my virtual interface gets a 172 address as it should, however I can't route/get through to 10.11 addresses on the other side of the vpn
12:40 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has joined #openvpn
12:40 < fearnothing> having a similar issue ikonia
12:40 < fearnothing> nobody's responded yet
12:44 -!- hhhhhhhh [~mike@host-92-16-102-48.as13285.net] has quit [Quit: WeeChat 1.3]
12:45 -!- nitdega [~nitdega@2602:306:2420:b291:68a7:b3a:42c6:83c7] has joined #openvpn
12:47 < fearnothing> oh ffs, I think this is the problem
12:48 < fearnothing> the local network I'm on wireless with is using the same subnet as the one I want to do ssh stuff on
12:48 < fearnothing> would that be the cause?
12:48 < fearnothing> if so, how do I get around that?
12:51 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 245 seconds]
13:01 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
13:02 -!- BtbN [btbn@unaffiliated/btbn] has joined #openvpn
13:21 -!- valent [~valentt@93-141-156-91.adsl.net.t-com.hr] has joined #openvpn
13:30 -!- fearnothing [52450f79@gateway/web/freenode/ip.82.69.15.121] has quit [Ping timeout: 252 seconds]
13:36 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
13:38 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
13:46 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
13:50 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
13:54 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-88-226.w90-61.abo.wanadoo.fr] has joined #openvpn
13:55 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has quit [Ping timeout: 250 seconds]
14:07 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
14:07 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-88-226.w90-61.abo.wanadoo.fr] has quit [Read error: Connection reset by peer]
14:07 -!- CaTtleyA [~CaTtleyA@aputeaux-653-1-88-226.w90-61.abo.wanadoo.fr] has joined #openvpn
14:16 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:17 -!- pk12_ [~pk12@104.243.24.236] has joined #openvpn
14:19 -!- pk12 [~pk12@pool-71-178-163-65.washdc.fios.verizon.net] has quit [Ping timeout: 250 seconds]
14:22 -!- Nik05 [~Nik05@unaffiliated/nik05] has joined #openvpn
14:22 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has quit [Ping timeout: 265 seconds]
14:22 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:26 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:28 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:31 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 240 seconds]
14:33 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:34 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:34 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
14:34 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:37 -!- eelstrebor [~ki7rw@216.75.116.100] has joined #openvpn
14:38 -!- somis [~somis@167.160.44.220] has joined #openvpn
14:38 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:44 -!- catsup [d@ps38852.dreamhost.com] has quit [Remote host closed the connection]
14:44 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn
14:44 -!- valent [~valentt@93-141-156-91.adsl.net.t-com.hr] has quit [Ping timeout: 256 seconds]
15:02 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
15:08 -!- ayyad [~zm0@197.53.15.155] has joined #openvpn
15:09 < ayyad> hello.. I'm going to repeat my morning question incase anyone is awake
15:09 < ayyad> I'm having a rather weird problem.  I keep getting the error msg "TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" for like 10-15 minutes before the connection occurs.  Once it's connected though, I have no issues what so ever
15:09 < ayyad> any ideas are appreciated
15:13 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
15:13 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
15:17 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Client Quit]
15:18 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
15:20 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Client Quit]
15:21 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has joined #openvpn
15:46 -!- ayyad [~zm0@197.53.15.155] has quit [Ping timeout: 240 seconds]
16:31 < [Mew2]> guys
16:32 < [Mew2]> what kind of specs does a openvpn server need
16:32 < [Mew2]> minimum
16:33 < ikonia> depends
16:33 < [Mew2]> on?
16:33 < ikonia> many things
16:33 < [Mew2]> tell me and i will answer
16:33 < ikonia> I dont want an answer
16:33 < [Mew2]> what do u want
16:33 < ikonia> it's up to you to work out your load
16:34 < [Mew2]> can i tell you what i using it for
16:34 < [Mew2]> and u will recomend me minimum specs?
16:35 < ikonia> no
16:35 < [Mew2]> then how do i find out
16:35 < ikonia> research
16:36 < [Mew2]> i came here hoping some knowledgeable folks can help me
16:36 < ikonia> how old are you ?
16:36 < [Mew2]> is my age relevent?
16:36 < ikonia> yes
16:36 < [Mew2]> to the openvvpn server?
16:36 < ikonia> because based on all the other channels you're asking this in, you come across as a 15 year old kid playing at servers
16:36 < ikonia> so I'm curious to if your approach is because you are young or not
16:37 < [Mew2]> or a senior citizen, doing this stuff for the first time?
16:37 < ikonia> no
16:37 < ikonia> a 15 year old kid
16:37 < [Mew2]> you have some great bias against young folks?
16:37 < ikonia> (which is ok)
16:37 < [Mew2]> what race are you?
16:37 < ikonia> not at all
16:37 < ikonia> I'm just curious if your approach / lack of approach is down to your age or some other factor
16:37 < ikonia> I don't actually care how old you are
16:38 < [Mew2]> but can you tell me your race?
16:38 < ikonia> white
16:38 < ikonia> which again points at a child
16:38 < [Mew2]> that makes sense
16:38 < [Mew2]> you fit the bigoted stereo type
16:38 < ikonia> right......
16:38 < ikonia> ok, so I'm guessing you are quite young then, with this attitude
16:39 < [Mew2]> seeing as age has nothign to do with open vpn
16:39 < ikonia> nope it doesn't
16:39 < [Mew2]> yet you continue to ask
16:39 < [Mew2]> as if it were relevent
16:39 < ikonia> but you're askin the same questions in loads of channels and ignoring info and behaving like a young person who wants spoon feeding
16:39 < [Mew2]> somehow you convince your self using bigot logic that it is in fact important
16:39 < ikonia> as I said I was curious to if your approach was down to your age, or if it was something else
16:39 < ikonia> I don't actually care, I was just curious if it was down to your age or not
16:39 < [Mew2]> see you convinced yourself
16:39 < ikonia> and then I can adjust my approach
16:40 < ikonia> (to how I give you info)
16:40 < [Mew2]> you really havent given me much info
16:40 < [Mew2]> just smart ass answers
16:42 < [Mew2]> why are you even here?
16:42 < ikonia> to get info, help with openvpn learn a bit and give a bit of help where possible
16:42 < [Mew2]> do you enjoy showing your knowledge while never sharing it?
16:42 < ikonia> I share loads of it where possible, I'm pretty active in a few open source projects
16:43 < [Mew2]> maybe but you like to troll the noobs
16:43 < ikonia> not at all
16:43 < [Mew2]> seeing as ive watsed about a half hour on this childish arguemtn, very much so
16:43 < ikonia> I just asked one question, how old are you
16:44 < ikonia> you could have just answered
16:44 < [Mew2]> it is irrelevent, and frankly i am offended by you even asking
16:44 < ikonia> I was only going to adjust how I gave info
16:44 < [Mew2]> piss off and welcome to my ignore list ikonia
16:44 < [Mew2]> bye
16:44 < ikonia> oh dear
16:44 < ikonia> 15 years old then
16:44 < [Mew2]> can anyone else help me?
16:45 < ikonia> not the best way to foster help telling people to piss off
16:52 < [Mew2]> anyone here?
16:53 < Eugene> Nobody but us rocks
16:54 -!- mode/#openvpn [+o Eugene] by ChanServ
16:54 < [Mew2]> Eugene
16:54 < [Mew2]> can you tell me the minimum specs i need for an openvpn server
16:54 < [Mew2]> estimated
16:55 <@Eugene> openvpn will run on just about anything, from a low-power RasPi or phone all the way up to super Xeons. The only difference is how much throughput you can get, which depends upon the encryption algorithm and CPU speed
16:55 <@Eugene> !gigabit
16:55 <@vpnHelper> "gigabit" is https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux for JJK's writeup on getting the most out of openvpn over gigabit
16:56 <@Eugene> That page has some numbers you can use as an estimate point, but the best way to find out is to just try it
16:56 -!- AlmogBaku [~AlmogBaku@bzq-79-177-15-253.red.bezeqint.net] has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
16:56 <@Eugene> I get 100mbit+ easily out of a 5-year old Atom
16:56 < [Mew2]> ok let me ask u this.
16:57 < [Mew2]> VPS SSD 1
16:57 < [Mew2]> OpenStack KVM
16:57 < [Mew2]> 1 vCore
16:57 < [Mew2]> 2.4 GHz
16:57 < [Mew2]> 2 GB RAM
16:57 < [Mew2]> 10 GB SSD
16:57 < [Mew2]> Local RAID 10
16:57 < [Mew2]> this is the vps i am looking at
16:57 <@Eugene> Please not so much with the pasting
16:57 < [Mew2]> sorry
16:57 < [Mew2]> i want to run a network out of it that uses about 250 GB/month
16:57 < [Mew2]> and i want max encryption possible
16:58 < [Mew2]> you think i will be ok?
16:58 <@Eugene> 1 core of a modern-ish Xeon(which is what you'll get from a VPS) will easily do 100mbit+
16:58 < [Mew2]> so no bottle necking from server side then?
16:58 <@Eugene> Which should pass 250GB in.... like an hour? I'm not drunk enough to do the math
16:58 <@Eugene> No, it shouldn't.
16:58 < [Mew2]> its mostly netflix type stuff
16:58 < [Mew2]> which i get throttled from at the moment
16:58 < [Mew2]> by my isp
16:59 < [Mew2]> ok
16:59 < [Mew2]> excellent
16:59 < [Mew2]> i think i will do this
16:59 < [Mew2]> thank you Eugene <33
17:00 < [Mew2]> what doesnt make sense to me tho
17:00 < [Mew2]> is the cost of this server
17:00 <@Eugene> !enter
17:00 <@vpnHelper> "enter" is The enter key is not a punctuation mark.
17:00 < [Mew2]> which is like a fraction of some vpn providers out there
17:00 < [Mew2]> sorry
17:01 < [Mew2]> $3.49 /month  while im seeing vpn for sale at 3 times that
17:01 <@Eugene> You get what you pay for. I use+recommend Linode
17:01 < [Mew2]> theres lowest option is $10
17:02 < [Mew2]> ovh and DO can do $5 or less
17:02 < [Mew2]> there all so low cost but still
17:02 <@Eugene> See my first sentence again ;-)
17:02 < [Mew2]> what do you mean by this, uptime?
17:03 <@Eugene> Uptime, network fullness, amount of bullshit you have to go through with support....
17:03 < [Mew2]> hmmm ok
17:03 < [Mew2]> ok i will research that next
17:03 < [Mew2]> thanks again Eugene :)
17:22 < ikonia> host contention
17:22 < ikonia> network contention
17:27 < ikonia> should openvpn set a default route on the client ? my config is setting a second default route which is causing a problem
17:29 < apollo13> you can push a redirect-gateway yes
17:29 < ikonia> ah, I wonder if thats what I'm doing then
17:29 < ikonia> I thought I was only pushing a route to the private network
17:29 < ikonia> doesn't look like it's set
17:30 < ikonia> the client private network route is being set (although to an add address) which isn't working, but I suspect thats not working as the conflicting default gateway is stopping it getting out to the vpn side network
17:31 < apollo13> without showing your config, it is just guesswork ;)
17:31 < ikonia> http://pastebin.centos.org/37446/
17:31 < ikonia> it's a pretty basic config taken from the default template
17:32 < apollo13> unless I missed something you are just pushing two routes to /24 subnets
17:33 < apollo13> which will work just fine
17:33 < ikonia> thats mostly down to my lack of understanding, I was trying to do the route back
17:33 < ikonia> so the box is dual homed, I've set a 172 address for the VPN client and I want to route it through to the private 10.11 address on the server
17:33 < apollo13> ?
17:34 < apollo13> if 10.11.216/24 is the "private lan" behind the server, that is all you need
17:34 < apollo13> not sure why you would push the 172.16. though
17:34 < ikonia> the route I've added in my head should work, but it sets a default route of 0.0.0.0 to 172.16.0.5 - which is a non-existant address
17:34 < ikonia> ahh, so I thought I needed the 172 route as a route back
17:34 < ikonia> let me dump that
17:35 < ikonia> I'll give it a try without now, thank you
17:35 < apollo13> ikonia: by default openvpn does not add a default route
17:36 < apollo13> network-manager on desktop os system will do though
17:36 < apollo13> unless you check an extra checkbox
17:36 < ikonia> I wonder if thats what's doing it then
17:36 < apollo13> namely "Use this connection only for resources on its network"
17:36 < ikonia> as when I connect my route changes to this
17:36 < apollo13> otherwise nm will route everything
17:38 < ikonia> it seems its more likley it's network manager from what you are saying, but looking at the network manager connection it "shouldn't"
17:39 < ikonia> http://pastebin.centos.org/37451/
17:39 < ikonia> before and after
17:39 < ikonia> a second default route is being added that basically drops the machine off the internet
17:40 < ikonia> I suspect you're right that it's network manager
17:40 < ikonia> although I don't know why it's setting the default to 172.16.0.5  as that doesn't appear to exist anywhere
17:41 < apollo13> can you show "ip route show" that should include the metric
17:42 < apollo13> but yeah, I'd bet on network manager
17:42 < ikonia> yeah of course, one moment
17:42 < apollo13> you can write a normal openvpn config file and test using that instead of nm
17:43 < ikonia> I guess that would be the next thing, no idea where .5 is coming from as the interface is .6
17:44 < apollo13> that one is interesting too :D
17:44 < ikonia> http://pastebin.centos.org/37456/
17:45 < apollo13> yeah the lower metric is over the vpn, so you lost there :D
17:45 < ikonia> yup,
17:46 < ikonia> best build a manual file, and try without network manager
17:46 < ikonia> great spot though, I'd not even considered network manager
17:46 < apollo13> 88.97.208.57 via 192.168.0.1 dev wlp3s0  proto static  metric 600
17:46 < apollo13> that is also weird
17:46 < ikonia> what the 600 metric you men ?
17:46 < ikonia> mean
17:46 < apollo13> ah no
17:46 < apollo13> nevermind
17:46 < ikonia> good
17:47 < ikonia> seems "ok" to me
17:47 < apollo13> that is needed to keep the connection to the vpn active
17:47 < ikonia> thought you'd spotted something I'd missed
17:47 < apollo13> yeah, I missread
17:47 < ikonia> correct
17:47 < ikonia> thats the physical interface here
17:47 < ikonia> (as in the real one to the internet)
17:47 < apollo13> https://dpaste.de/MBtQ/raw that is what it should look like
17:48 < apollo13> 172.22.2.0/24 dev tun0  proto kernel  scope link  src 172.22.2.2  metric 50 -- that is the default vpn net
17:48 < apollo13> and 172.22.1.0/24 via 172.22.2.1 dev tun0  proto static  metric 50  is the pushed route
17:48 < ikonia> yeah, I'd expect to see something like that
17:48 < apollo13> btw your route to the 10.x is missing there too
17:48 < ikonia> is it, it was there before
17:48 < ikonia> I'd not noticed
17:49 < apollo13> it is not there in http://pastebin.centos.org/37456/
17:49 < ikonia> so it is
17:49 < ikonia> I wonder if my network manager change did that
17:49 < ikonia> let me set it back
17:50 < apollo13> can you show /etc/NetworkManager/system-connections/<name of the vpn conn>
17:50 < ikonia> good spot, I'd not noiced it had gone
17:50 < ikonia> yeah, hang on
17:50 < apollo13> oh no, it is in VPN, not system-connections
17:51 < apollo13> ups no, where the hell is it :D
17:51 < ikonia> I'd not even looked at network manager, so excellent spot/idea
17:51 < ikonia> I know where it is hang on
17:51 < apollo13> ah yeah system-connections
17:52 < ikonia> http://pastebin.centos.org/37461/
17:52 < apollo13> I have "never-default=true" -- maybe newer network manager?!
17:52 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
17:52 < apollo13> anyways, I am out of ideas, try to repro with openvpn alone and then readd nm
17:53 < ikonia> apollo13: super ideas
17:53 < apollo13> also time for bed! :D
17:53 < ikonia> agreed
17:53 < ikonia> I'll pick it up tomorrow, but great spots
18:00 < ikonia> it was network manager
18:00 < ikonia> got that sorted
18:01 < ikonia> it's setting the route to 10.11.216.0 to 172.16.0.5 which is wrong, but I think thats the vpn server not network manager now, I'll pick it up tomorrow
18:01 < ikonia> but it was network manager, super idea
18:29 -!- linuxdevman [~chatzilla@gateway/vpn/privateinternetaccess/linuxdevman] has joined #openvpn
18:43 < Stigmagr> can anyone tell me why only tap configuration is working and not tun on my centos openvpn server?
18:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
18:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
19:01 -!- linuxdevman [~chatzilla@gateway/vpn/privateinternetaccess/linuxdevman] has quit [Ping timeout: 240 seconds]
19:03 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
19:07 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 240 seconds]
19:19 -!- linuxdevman [~chatzilla@173.246.193.100] has joined #openvpn
19:28 -!- linuxdevman [~chatzilla@173.246.193.100] has quit [Remote host closed the connection]
19:40 -!- somis [~somis@167.160.44.220] has quit [Quit: Leaving]
20:13 -!- weox [uid112413@gateway/web/irccloud.com/x-uxdfmkyfspifrgyp] has quit [Quit: Connection closed for inactivity]
20:24 -!- Stigmagr [5e45f0dd@gateway/web/cgi-irc/kiwiirc.com/ip.94.69.240.221] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
20:42 -!- NickelSpike [~textual@72-45-3-179-dhcp.gsv.md.atlanticbb.net] has joined #openvpn
20:50 -!- NickelSpike [~textual@72-45-3-179-dhcp.gsv.md.atlanticbb.net] has quit [Quit: Textual IRC Client: www.textualapp.com]
21:51 -!- pk12_ [~pk12@104.243.24.236] has quit [Quit: Textual IRC Client]
22:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
22:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
23:08 -!- eelstrebor [~ki7rw@216.75.116.100] has quit [Remote host closed the connection]
23:16 -!- ShadniX [dagger@p5481DCD0.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:17 -!- ShadniX [dagger@p5481C5DC.dip0.t-ipconnect.de] has joined #openvpn
--- Day changed Mon Dec 28 2015
00:03 -!- gansteed [~jiajun@116.226.79.227] has joined #openvpn
00:05 < gansteed> hi, I'm using networkmanager-openvpn, and I connect to my vpn by nm-applet, it seems not work as expect. where can I find the log?
00:09 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Ping timeout: 250 seconds]
00:48 -!- John [c325d161@gateway/web/cgi-irc/kiwiirc.com/ip.195.37.209.97] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
01:03 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has quit []
01:05 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
01:10 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 264 seconds]
01:11 -!- abra0 [znc-admin@unaffiliated/abra0] has quit [Ping timeout: 276 seconds]
01:14 -!- abra0 [znc-admin@unaffiliated/abra0] has joined #openvpn
01:19 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
01:35 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Ping timeout: 256 seconds]
01:39 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
01:40 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Max SendQ exceeded]
01:41 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
01:42 -!- arlen [~arlen@jarvis.arlen.io] has quit [Ping timeout: 264 seconds]
01:44 -!- batrick [batrick@nmap/developer/batrick] has quit [Ping timeout: 260 seconds]
01:44 -!- Neal_ [neal@felix.ineal.me] has quit [Ping timeout: 250 seconds]
01:58 -!- darlinger [darlinger@2600:3c03::f03c:91ff:fea8:7bc8] has quit [Ping timeout: 250 seconds]
02:00 -!- darlinger [~darlinger@li1238-151.members.linode.com] has joined #openvpn
02:01 -!- arlen [~arlen@jarvis.arlen.io] has joined #openvpn
02:04 -!- batrick [batrick@nmap/developer/batrick] has joined #openvpn
02:04 -!- Neal_ [~neal@felix.ineal.me] has joined #openvpn
02:05 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Read error: Connection reset by peer]
02:06 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has quit [Ping timeout: 260 seconds]
02:08 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
02:09 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Max SendQ exceeded]
02:10 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has joined #openvpn
02:14 -!- rrichardsr3 [~rrichards@pdpc/supporter/professional/rrichardsr3] has quit [Ping timeout: 246 seconds]
02:14 -!- Hadi [~Instantbi@31.59.0.114] has joined #openvpn
02:18 -!- PsynoKhi0 [~Psyno@c-83-233-26-186.cust.bredband2.com] has joined #openvpn
02:23 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
02:30 -!- ayyad [~zm0@197.53.88.15] has joined #openvpn
02:31 < ayyad> !welcome
02:31 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
02:31 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
02:31 < PsynoKhi0> hi, is any specific OpenVPN server configuration directive needed to get connections initiated from the server LAN side to reach openvpn clients and back?
02:32 < ayyad> !forum
02:32 <@vpnHelper> "forum" is (#1) The official OpenVPN support forum is available at http://forums.openvpn.net or (#2) you can join #OpenVPN-Forum to see the forum-feed announcements if you want to.
02:39 < PsynoKhi0> I'm using a routed openvpn setup btw
02:41 < PsynoKhi0> the clients are on 10.254.0.0/16, the server I need them to communicate with is at 10.255.0.6
02:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
02:44 < PsynoKhi0> traffic flows normally if I initiate the connection from the 10.254.0.0/16 network, but if I try to initiate traffic from 10.255.0.6, the packets reach 10.254.0.0/16, the answer flows back through tun0 and eth0 on the openvpn server but never get back to 10.255.0.6
02:47 -!- weox [uid112413@gateway/web/irccloud.com/x-mbfbjrxbzxltadpy] has joined #openvpn
02:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
02:52 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
02:53 < apollo13> ikonia: glad I could help
03:14 -!- valent [~valentt@46.54.226.50] has joined #openvpn
03:21 -!- iszak [~iszak@unaffiliated/supavisah] has joined #openvpn
03:23 < iszak> I am trying to use openvpn on my mac and it seems to connect all fine but then i'm unable to access the internet after connecting, I also tried tunnelblink and this connects fine but also reports the same lack of connectivity.
03:23 < iszak> the config I am using is from the openvpn connect
03:27 < iszak> the connect supports over tcp/443 so I don't think it's a firewall issue, I think it's a routing issue
03:28 -!- valent [~valentt@46.54.226.50] has quit [Ping timeout: 240 seconds]
03:31 < iszak> when using openvpn I can access websites, but I can't access 10.250/16 for example but I can see in my routing tables I do indeed have a route to the vpn gateway over the tunnel interface
03:31 -!- friendlydave [465efe84@gateway/web/freenode/ip.70.94.254.132] has joined #openvpn
03:31 < iszak> So I think it's a routing issue when it gets to the gateway
03:31 < friendlydave> !welcome
03:31 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample
03:31 <@vpnHelper> !forum !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
03:32 < friendlydave> !route
03:32 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing or https://community.openvpn.net/openvpn/wiki/RoutedLans (same page mirrored) if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT! or (#3) See !tcpip for a basic networking guide or (#4) See !serverlan or !clientlan for steps and troubleshooting flowcharts for LANs behind the server or
03:32 <@vpnHelper> client
03:38 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
03:38 < iszak> vpnHelper: the thing is I don't have any ability to configure the server.. so if the server config is broken, I'm out of luck
03:39 < iszak> !mitm
03:39 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: remote-cert-tls server in the client config
03:40 < iszak> I meant friendlydave not vpnHelper
03:40 < friendlydave> huh?
03:40 < iszak> friendlydave: the links you gave me, I am saying I don't have the ability to configure the server
03:41 < friendlydave> iszak: I just joined the channel, I haven't been following your conversation.
03:41 < friendlydave> I was typing !route for my own research! :P
03:42 < iszak> friendlydave: oh right, I just entered anyway
03:43 < subzero79> !serverlan
03:43 <@vpnHelper> "serverlan" is (#1) for a lan behind a server, the server must have ip forwarding enabled (!ipforward), the server needs to push a route for its lan to clients, and the router of the lan the server is on needs a route added to it (!route_outside_openvpn) or (#2) see !route for a better explanation or (#3) Handy troubleshooting flowchart: http://pekster.sdf.org/misc/serverlan.png
03:43 -!- valent [~valentt@93-141-156-91.adsl.net.t-com.hr] has joined #openvpn
03:44 < iszak> subzero79: it does that, I have the routes
03:45 -!- gansteed [~jiajun@116.226.79.227] has quit [Read error: Connection timed out]
03:45 < subzero79> fire a tcpdump in a lan client, ping from a vpn client the lan client running tcpdump. See if the packets are hitting the lan client
03:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
03:46 < iszak> subzero79: I tried pinging, I can timeouts to the 10.250/16 block
03:47 < subzero79> if the lan client doesnt know how to route back the replies. then ping would timeout.
03:49 < iszak> subzero79: so it routes it correctly to the openvpn gateway, but it gets dropped from there
03:51 < subzero79> did you read the flowchart?
03:51 < friendlydave> I setup a route to my LAN, and from a vpn client I can access the vpn server and the router, but not another machine on the LAN... any ideas?
03:52 < subzero79> again, run tcpdump in a lan client capturing icmp
03:52 < friendlydave> Looking at the flowchart, looks like I
03:52 < friendlydave> looks like I'
03:52 < friendlydave> Looks like I'm doing "Add a route to the router...", but it isn't working still
03:53 < subzero79> there are three ways of solving this, static route in the lan client, static route in the router or masquerade rule in the server
03:53 < iszak> subzero79: flow chart is dead
03:53 < subzero79> works for me
03:53 < ayyad> iszak, make sure that there's a route back or use NAT.. depends on what you want
03:54 < subzero79> https://www.dropbox.com/s/htsgx61rc82h597/serverlan.png?dl=0
03:56 < ayyad> friendlydave, are those lan machines in the same subnet?
03:56 < iszak> subzero79: thanks
03:56 < friendlydave> ayyad: I'm not sure what you're asking, but let me give you some more information
03:56 < ayyad> friendlydave, oh wait I might have misunderstood your question
03:56 < ayyad> yes, please do
03:58 < ayyad> friendlydave, if what i understood is correct.. that too is a routing/nat issue
03:58 < ayyad> the lan machines don't have a route back to the vpn client's subnet
03:58 < ayyad> so either advertise that route on the local router or just use NAT
03:58 < friendlydave> I routed 192.168.1.0/24, and the vpn client can ping the vpn server at 192.168.1.37, the router at 192.168.1.1, but not another machine at 192.168.1.57
03:59 < subzero79> friendlydave, what's the vpn subnet?
03:59 < ayyad> try to nat/masquerade everything coming fromthe vpn network and going to the local lan.. it should work
04:00 < ayyad> just use masquerade to start with.. that'll juse the server's local interface
04:00 < friendlydave> subzero79: I think its 10.8.0.0/24, the default or whatever.
04:00 < friendlydave> ayyad: I'm not familiar with masquerading, I'll look into, and would appreciate any links
04:01 < subzero79> ok so in your router you put static route network 10.8.0.0/24 with gateway 192.168.1.37
04:01 < subzero79> if your router can do that of course
04:02 < friendlydave> subzero79: before I did that, I was unable to ping the router at 192.168.1.1. putting in the static route only allowed me to ping the router then, no where else on the lan
04:02 < ayyad> if my memory is working... iptables -t nat -A POSTROUTING -s <vpn_subnet> -o <lan_interface> -j MASQUERADE
04:03 < ayyad> and also ensure that the firewall is not blocking access to the lan from that interface
04:03 < subzero79> try to renew dhcp in the lan client,
04:04 < subzero79> or use masquerade rule as ayyad says
04:06 < ayyad> renewing dhcp should not affect it.. since the clients' flow already points them to the router (which I assume is the gateway).  but if that IS setup correctly, then it should just work because the clients would know how to reach 10.8.0.0/24
04:07 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
04:07 < friendlydave> subzero79: I just restarted the machine (which should renew dhcp), still unable to ping from VPN client
04:08 < friendlydave> I'll try ayyad 's masquerading idea now
04:08 < ayyad> friendlydave, masquerading will work.. it's just not the best approach
04:09 < friendlydave> ayyad: you wouldn't happen to know how to rename a network interface, would you?
04:09 < friendlydave> for some reason, its called "wlxf8d1110e6b55" on my machine :(
04:10 < ayyad> i would if it's in the "debian/ubuntu" world
04:10 < friendlydave> it is, ubuntu server. it was a real pain, the server went through the install just fine, but when I turned it on it was missing from /etc/network/interfaces
04:10 < subzero79> friendlydave, have you check with tcpdump in the lan clients whats going on?
04:11 < ayyad> that looks wrong... or atleast I've never seen such a name
04:11 < friendlydave> subzero79: I'
04:11 < friendlydave> I'll try using tcpdump
04:12 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 256 seconds]
04:12 < ayyad> friendlydave, i'm a bit lost..
04:12 < ayyad> ifconfig on the vpn server shows you what exactly?
04:12 < subzero79> what linux distro do you have that uses that iface name?
04:12 < friendlydave> subzero79: this is ubuntu server 15.10
04:13 < friendlydave> !paste
04:13 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into a pastebin site or (#2) https://gist.github.com is recommended for fewest ads; try fpaste.org or paste.kde.org as backups or (#3) If you're pasting config files, see !configs for grep syntax to remove comments or (#4) gist allows multiple files per paste, useful if you have several files to show
04:13 < friendlydave> https://gist.github.com/anonymous/4350003bf16a2a6aefb2
04:13 <@vpnHelper> Title: results of ifconfig · GitHub (at gist.github.com)
04:14 < ayyad> friendlydave, you weren't kidding :)
04:15 < friendlydave> ayyad: I had to manually add the wpa-* settings to /etc/network/interfaces after it installed.
04:15 < ayyad> anyways to change that you should look at: /etc/udev/rules.d/70-persistent-net.rules
04:15 < friendlydave> I'm proud, I did it without consulting people in IRC
04:16 < friendlydave> ayyad: that folder is empty?
04:17 < friendlydave> subzero79: wait, I probably can't use tcpdump over ssh, can I?
04:18 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
04:18 < subzero79> what's the lan client OS? another linux? or win?
04:18 < friendlydave> Window, but I have another machine I can load linux on... nevermind
04:19 < subzero79> is ok, in windows you can use wireshark
04:34 -!- friendlydave is now known as _friendlydave
04:34 -!- friendlydave [~chatzilla@cpe-70-94-254-132.new.res.rr.com] has joined #openvpn
04:34 -!- _friendlydave [465efe84@gateway/web/freenode/ip.70.94.254.132] has left #openvpn []
04:39 < friendlydave> subzero79: looks like my machine is receiving the pings, but wireshark says "no response found!"
04:40 < friendlydave> Yup, their coming from 10.8.0.10, my vpn client's IP, and I have the static route setup in my router...
04:41 < subzero79> is there a reply ? or just the incoming req?
04:42 < friendlydave> looks like just a request: "98 Echo (ping) request  id=0x..."
04:43 < friendlydave> would masquerading on my vpn server would help?
04:45 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has joined #openvpn
04:46 < friendlydave> shoot, I lost the CLI ayyad posted before...
04:48 < subzero79> try the windows firewall down
04:49 -!- ayyad [~zm0@197.53.88.15] has quit [Ping timeout: 264 seconds]
04:52 < friendlydave> subzero79: I turned the firewall off, and now wireshark is showing replies, but the client still has ping timeouts...
04:53 < subzero79> Did you put the route in the router?
04:54 < friendlydave> subzero79: Yes, and I am able to ping the router (192.168.1.1) only when the static route is active.
04:54 < friendlydave> so I think that is configured correctly.
04:55 < subzero79> what happens when you ping from lan client to vpn gateway 10.8.0.1
04:57 < friendlydave> subzero79, that works fine!
04:57 < friendlydave> how unusual...
04:58 < friendlydave> maybe its my vpn client? its a smart phone on my carrier's network.
04:59 < subzero79> well pings should go through the tunnel so the carrier does not see it
05:01 < friendlydave> hmm, yeah you're right...
05:02 -!- somis [~somis@167.160.44.220] has joined #openvpn
05:02 < subzero79> tryy another vpn client, a laptop using tethering maybe
05:03 < friendlydave> subzero79: tether my laptop to my phone and run the vpn on my laptop?
05:03 < subzero79> yes
05:07 < friendlydave> alternatively, I could route 192.168.99.0/24 and add a netmask to my iptables on the vpn server, I was playing around with that earlier
05:08 < friendlydave> subzero79: tether my laptop to my phone and run the vpn on my laptexitasdawsdop?
05:08 < friendlydave> whoops
05:08 < friendlydave> wrong keyboard
05:10 < subzero79> seeing your paste link looks like your network for vpn is 10.69.229.1
05:10 < subzero79> not 10.8.0.0
05:10 < friendlydave> subzero: I was translating between 10.69.229.0 and 10.8.0.0 for chat
05:11 < friendlydave> *subzero79
05:11 < subzero79> ok
05:13 < subzero79> need to go, seems like you're getting close, the nat rule is  iptables -t nat -A POSTROUTING -s <vpn_subnet> -o <lan_interface> -j MASQUERADE
05:14 < friendlydave> thanks for all your help subzero79!
05:15 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 276 seconds]
05:28 < friendlydave> subzero79: Well, the masquerading worked, although I can see why its not ideal... all vpn traffic now appears as though the vpn server sent it
05:29 < friendlydave> I would thank ayyad if he were still here. looks like this solution will work for now.
05:30 < friendlydave> it would be interesting to figure out why it wasn't working though...
05:33 < friendlydave> Looks like I'm able to ping 10.8.0.1, the vpn server's address, so maybe my vpn server is setup incorrectly...
05:38 -!- valent [~valentt@93-141-156-91.adsl.net.t-com.hr] has quit [Ping timeout: 240 seconds]
05:43 -!- toli [~toli@ip-62-235-212-241.dsl.scarlet.be] has quit [Read error: Connection reset by peer]
05:47 -!- Hadi [~Instantbi@31.59.0.114] has quit [Read error: Connection reset by peer]
05:48 -!- toli [~toli@ip-62-235-212-241.dsl.scarlet.be] has joined #openvpn
05:50 -!- valent [~valentt@46.54.226.50] has joined #openvpn
05:56 -!- friendlydave [~chatzilla@cpe-70-94-254-132.new.res.rr.com] has quit [Quit: ChatZilla 0.9.92 [Firefox 43.0.2/20151221130713]]
06:03 -!- stemid [~avatar@vpn.sydit.se] has joined #openvpn
06:03 < stemid> I'd like to append my dns to the clients configuration, is that possible?
06:08 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
06:09 < stemid> dhcp-option is the only thing I know of and that overwrites the DNS, discarding the old system DNS. is there a way to only append new search domains and nameservers?
06:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
06:12 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 264 seconds]
06:13 < stemid> I think I'll just have to add a dhcp-option in the client configuration and update that if and when the client side DNS changes.
06:29 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
06:45 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
06:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
06:52 -!- stemid [~avatar@vpn.sydit.se] has left #openvpn []
07:08 -!- fellipe1 [~fellipe@187.85.181.85] has joined #openvpn
07:13 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
07:15 < fellipe1> hi all. I followed this https://wiki.debian.org/OpenVPN  with static key and everything is working fine. But, I am trying to use push route but the client don't get the route pushed. What's wrong?
07:15 <@vpnHelper> Title: OpenVPN - Debian Wiki (at wiki.debian.org)
07:21 < Neighbour> does the ccd file have the same name as the certificate?
07:26 < fellipe1> Neighbour: hi! I don't have ccd dir. and I am using a static key on server and on the client
07:28 < fellipe1> Neighbour: I am not using ccd dir option..
07:30 <@plaisthos> fellipe1: mind sharing your config file?
07:31 < fellipe1> plaisthos: sure. no problem!
07:33 < fellipe1> plaisthos: http://pastie.org/10657125  and  http://pastie.org/10657124
07:34 <@plaisthos> fellipe1: your client side has no --pull
07:34 <@plaisthos> but --pull might not even work with --secret
07:34 < fellipe1> plaisthos: what pull?
07:34 <@plaisthos> I am not sure
07:34 <@plaisthos> !man
07:34 <@vpnHelper> "man" is (#1) For man pages, see http://openvpn.net/index.php/open-source/documentation/manuals/ or (#2) the man pages are your friend! or (#3) Protip: you can search the manpage for a specific --option (with dashes) to find it quicker
07:34 <@plaisthos> search for --pull
07:35 < fellipe1> plaisthos: ok let me see. and, what should I do for make it auto reconnect ?
07:35 <@plaisthos> fellipe1: you already have keepalive in the config
07:36 <@plaisthos> should try to reconnet after 300s
07:36 < fellipe1> plaisthos: hum.... right..
07:38 < fellipe1> plaisthos: I read about --pull but,
07:39 < fellipe1> plaisthos: it seems I need to pass it as a parameter, like --daemon, right? So, how to do it in windows, for example?  The newbie clients on windows will launch via openvpn GUI
07:41 < fellipe1> plaisthos: and one more question. should I have keepalive option on both server and client configs?
07:41 -!- alec-b [~alec@118.106.108.93.rev.vodafone.pt] has quit [Quit: ZNC - http://znc.in]
07:43 -!- alec-b [~alec@118.106.108.93.rev.vodafone.pt] has joined #openvpn
07:43 < fellipe1> plaisthos: ops, forget. --pull is equivalent to "pull" on config file :)
08:00 < fellipe1> plaisthos: shit, pull option can be only used with tls stuff
08:16 -!- Poster [~poster@cpe-74-140-100-29.columbus.res.rr.com] has joined #openvpn
08:33 -!- fellipe1 [~fellipe@187.85.181.85] has quit [Quit: Leaving.]
08:40 -!- Cihan [uid135385@gateway/web/irccloud.com/x-ybemclgqwnfdlrog] has quit []
08:53 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 265 seconds]
09:12 -!- Paaltomo [~Paaltomo@159.203.30.107] has joined #openvpn
09:18 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has quit [Quit: leaving]
09:22 -!- flyingkiwi [~kiwi@manu.backend.hamburg] has joined #openvpn
09:26 -!- PsynoKhi0 [~Psyno@c-83-233-26-186.cust.bredband2.com] has quit [Quit: leaving]
09:27 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
09:27 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
09:41 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Remote host closed the connection]
09:41 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
09:43 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
09:45 -!- lxusrbin [~lxusrbin@scotty.fr0st.it] has joined #openvpn
09:58 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has quit [Remote host closed the connection]
09:58 -!- mnathani_ [~mnathani_@192-0-149-228.cpe.teksavvy.com] has joined #openvpn
10:09 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
10:13 -!- weox [uid112413@gateway/web/irccloud.com/x-mbfbjrxbzxltadpy] has quit [Quit: Connection closed for inactivity]
10:14 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 245 seconds]
10:18 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
10:22 < ikonia> trying to pick up a problem I had from last night, where my VPN connection sets the gateway for the route it pushes to the wrong address
10:22 < ikonia> if I show the routing tables http://pastebin.centos.org/37466/
10:23 < ikonia> as you see the tun device on the client has an ip address of 172.16.0.6 and the route it adds is for 172.16.0.5, however 172.16.0.5 doesn't exist, so the traffic is blocked
10:23 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
10:24 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
10:24 < ikonia> the tun device on the openvpn server is 172.16.0.1
10:24 < ikonia> so the actual route destintion is correct.
10:25 < ikonia> I don't understand what's telling the clients tun device to use 172.16.0.5 as the gateway
10:28 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
10:30 -!- OS-16517 [OS-16517@unaffiliated/os-16517] has quit []
10:38 < Poster> that is probably ok, if you're set to assign /30 pairs to your VPN client/server
10:39 < Poster> https://community.openvpn.net/openvpn/wiki/Topology
10:39 <@vpnHelper> Title: Topology – OpenVPN Community (at community.openvpn.net)
10:43 < flyingkiwi> ikonia, well, yes, OpenVPN is expected to behave like this. "Every client gets it own gateway address in tun mode". May I ask whats the actual problem?
10:43 < ikonia> flyingkiwi: maybe it's a red herring then
10:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
10:44 < ikonia> the actual problem is after the client auth's against the server, the routing table gets updated, as shown, but I can't talk to the openvpn server address, nor can I talk to the private addresses behind the vpn server that I've pushed the route for
10:45 < ikonia> as 172.16.0.5 doesn't appear to exist anywhere, I'm assuming that it's routing to a non-existant address, and black holing
10:47 < Poster> it's a net30 pair, do you have iptables/pf active on the OpenVPN server (assuming it's *n?x)?
10:48 < ikonia> sorry yes, it's iptables
10:49 < Poster> see if you can adjust your ruleset to permit the entire /24 network, where you have 172.16.0.1 (guessing), apply 172.16.0.0/24
10:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
10:51 < ikonia> Poster: maybe thats my mistake actually, I was assuming openvpn would update the forwarding rules for the routed config
10:52 < flyingkiwi> Haha, had to google red herring. Yeah, since you even can't talk (whatever this exactly means) to your VPN server, its probably your ruleset
10:52 < Poster> well routing is part of it, permitting the traffic via iptables is another
10:53 < ikonia> let me check
10:53 < ikonia> flyingkiwi: sorry, red herring is a common saying in the UK, should have been clearer
10:55 < Poster> OpenVPN will apply routing changes as configured, but it is unaware of any filtering which may be present on the host OS, so updating those rules are up to the administrator
10:55 < ikonia> looking at my iptables config I've got an accept all on tun0 interface, so the whole range should be open as long as it hits that interface
10:55 < Poster> ok now is that on INPUT or FORWARD ?
10:56 < ikonia> I can flush iptables so it's all clean and restart openvpn to let it add just it's rules
10:56 < ikonia> -A INPUT rules
10:56 < ikonia> sorry INPUT rules
10:56 < Poster> ok so are you just trying to reach the OpenVPN host or is there a network behind it you wish to access?
10:56 < ikonia> network behind
10:57 < Poster> ok and does the OpenVPN server have an interface in that network?  Probably somewhere in the RFC1918 range
10:57 < ikonia> I've got a private range 10.11.216.0/24 on a second interface on the openvpn server
10:57 < ikonia> I've pushed a route for the openvpn range 172.16.0.0/24 to the 10.11.216.0/24
10:57 < ikonia> it does
10:57 < Poster> ok, try pinging the local IP address on the OpenVPN server from the OpenVPN client - 10.11.216.x
10:58 < ikonia> nothing
10:59 < ikonia> however if you look at the routes on the openvpn client
10:59 < ikonia> it needs to use 172.16.0.5 to get to the 10.11.216.0 range
10:59 < ikonia> and as I can't talk to 172.16.0.5 that seens correct that it would fail to route
10:59 < ikonia> I'll flush all the rules and leave them blank
11:00 < ikonia> that way nothing should block it
11:00 < Poster> also make sure you have ip forwarding enabled
11:00 < Poster> for Linux that would be
11:00 < Poster> echo 1 > /proc/sys/net/ipv4/ip_forward
11:00 < ikonia> I do
11:00 < ikonia> it's enabled
11:00 < Poster> ok good
11:00 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:01 < ikonia> interesting, if I flush all my iptables rules, and restart openvpn and connect to it, iptables -L and iptables -t nat -L shows no rules
11:01 < ikonia> that suggests openvpn is not adding any rules
11:02 < Poster> unless you tell it to specificially it will not
11:02 < ikonia> what is the trigger for it to add the rules ?
11:02 < Poster> there isn't one
11:02 < ikonia> ok,
11:03 < ikonia> so that seems to be my problem and lack of understanding, you have to manually add the routing rules
11:03 < Poster> ok please try to not confuse routing rules with iptables rules
11:03 < Poster> they are two independent systems
11:04 < ikonia> yes, a fair point
11:04 < Poster> openvpn will add routes, but it will not add iptables rules
11:04 < ikonia> so openvpn has correctly added a client route, but on the server there is no iptable to manage the route that has been pushed
11:04 < ikonia> so I need to add an iptables rule myself, thank you for clairfying that
11:05 < Poster> iptables rules are generally kept somewhere else depending upon your linux distribution
11:07 < ikonia> yes, I can manage the rules, it's just my mistake thinking openvpn added the iptables rules to match the route it pushed
11:07 -!- somis [~somis@167.160.44.220] has quit [Read error: Connection reset by peer]
11:07 < ikonia> getting that clarified by you was key, thank you
11:08 < Poster> yeah it's np
11:08 < Poster> keep in mind that openvpn doesn't know what is on the other end either
11:08 < Poster> not all VPN connections may be 100% trusted (allowing all services)
11:09 < Poster> it's possible to establish a VPN link to a business partner or some other partially trusted system, at which point the iptables rules could vary, only permitting access to an HTTP system and nothing else, for example
11:15 -!- directionalpad [~direction@142-196-66-74.res.bhn.net] has joined #openvpn
11:16 < directionalpad> Greetings guys! In the latest OpenVPN release (2.3.9) I noticed that a parameter was added --block-outside-dns - is there any support for that in OpenVPN configuration files or does it have to be passed as an argument/flag to the executable?
11:17 < Poster> I would imagine it can just be placed into the configuration file
11:17 < directionalpad> As simple as "block-outside-dns"
11:17 < directionalpad> I just wanted to confirm that :)
11:17 < Poster> yeah
11:17 < directionalpad> Appreciated.
11:17 < Poster> test it, but in general: openvpn --argument foo is the same as "argument foo" in a configuration file
11:18 -!- anexit [~anexit@push.anexit.net] has quit [Read error: Connection reset by peer]
11:18 < directionalpad> Thats what I always assumed, but I wanted to be explicitly sure on this one was we have consumer facing software we want to push a change to and we'd hate to say "yeah we fixed that" and then find out the configuration option is being ignored
11:19 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has quit [Ping timeout: 276 seconds]
11:20 < Poster> yeah I wouldn't trust what I say here, but I don't know of a reason it wouldn't work
11:20 < directionalpad> Oh I do plan on running several tests. I just wanted to ensure my train of thought was in the right place.
11:20 -!- somis [~somis@84-72-3-177.dclient.hispeed.ch] has joined #openvpn
11:20 < Poster> yeah I think you're there
11:20 < directionalpad> Your insight has been helpful and is much appreciated. Thank you.
11:22 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has quit [Quit: WeeChat 1.4-dev]
11:25 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
11:25 -!- AlexRussia [~Alex@unaffiliated/alexrussia] has joined #openvpn
11:29 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
11:32 -!- tychotithonus [~tychotith@unaffiliated/tychotithonus] has joined #openvpn
11:35 -!- fellipe1 [~fellipe@187.85.181.85] has joined #openvpn
11:36 < fellipe1> hi all. do the "keepalive" setting should be set only on client server or in both server and client sides?
11:37 -!- GFXDude [~GFXDude@ciscoasa.ecrsoft.com] has joined #openvpn
11:37 < ikonia> I've fixed the lack of iptables rules for the vpn addresses, so should be working, but I'm not, I'm still getting nowhere past the .5 address that in my view doesn't exist
11:37 < ikonia> i'm clearly missing a key part of how this setup works in my head
11:39 < GFXDude> ikonia, I missed the first part of your question, but sounds like you're trying to do bi-directional communication?
11:40 < ikonia> nope, just route my VPN client through to my private network,
11:40 -!- fellipe1 [~fellipe@187.85.181.85] has quit [Client Quit]
11:40 < GFXDude> Are you trying to do it globally, or in User Permissions for each user?
11:41 < ikonia> globally, but in reality there is only one user, me
11:42 < GFXDude> Under VPN Settings > Routing, are you using NAT or routing (advanced)
11:42 < ikonia> using routed
11:42 < ikonia> although not sure what the gui you're talking about is
11:43 < GFXDude> Ok, and the "Allow access from these private subnets to all VPN client IP addresses and subnets" is checked?
11:43 < ikonia> (I assume you're referencing a gui)
11:43 < GFXDude> ahh, yes
11:43 < GFXDude> That's a magical checkboxs
11:44 < GFXDude> I had all kinds of issues until I found that checkbox
11:44 < ikonia> I don't have a gui
11:44 < ikonia> my problem appears to be the client is routing to an address that doesn't exist to the client
11:44 < ikonia> but I could be wrong
11:44 < GFXDude> You're using openvpn-as?
11:44 < Poster> GFXDude: are you referring to OpenVPN Access Server?
11:45 < Poster> Access Server support is in #openvpn-as for what it's wroth
11:45 < GFXDude> Hmm
11:50 -!- friendlydave [~chatzilla@2605:a000:1507:a049:786a:553c:cc38:7866] has joined #openvpn
11:51 -!- roentgen [~roentgen@unaffiliated/roentgen] has quit [Quit: WeeChat 1.3]
11:51 < ikonia> I'm just using openvpn, not access server in this instance
11:54 < ikonia> on the openvpn server the routing table looks like this
11:54 < ikonia> http://pastebin.centos.org/37471/
11:54 < ikonia> so similar concept to the client
11:54 < ikonia> physical addres of .1, gateway of .2
11:54 < ikonia> the server can't hit .2 though
11:54 < ikonia> and on the client physical address of .6, gateway address of .5
11:54 < ikonia> but I can't ping .5 on the client
11:54 < ikonia> am I correct that this is the issue and these two addresses should respond to ping
11:55 < ikonia> (no iptables rules on either client or server blocking ICMP)
11:58 -!- mac_ified [~mac_ified@67-9-150-210.res.bhn.net] has joined #openvpn
11:59 < ikonia> my forward chain also shows what I believe to be valid entries for the 2 routed networks
11:59 < ikonia> pkts bytes target     prot opt in     out     source               destination          0     0 ACCEPT     all  --  eth0   tun0    10.11.216.0/24       172.16.0.0/24        0     0 ACCEPT     all  --  tun0   eth0    172.16.0.0/24        10.11.216.0/24
11:59 < ikonia> this should accept in my mind the traffic I need on th server
12:06 -!- roentgen [~roentgen@unaffiliated/roentgen] has joined #openvpn
12:13 <@Eugene> It's not your mind that matters, its iptables
12:14 < ikonia> is that what's letting it down though ?
12:14 < ikonia> eg: on the client if I do an ip addr show, I see this for the tun device
12:14 <@Eugene> Beats me.
12:14 < ikonia>     inet 172.16.0.6 peer 172.16.0.5/32 brd 172.16.0.6 scope global tun0
12:14 < ikonia> that suggests I should be able to see/ping the .5 address ?
12:19 <@Eugene> !subnet
12:19 <@vpnHelper> "subnet" is (#1) http://www.subnet-calculator.com/ or http://en.wikipedia.org/wiki/Subnetwork or (#2) Want a random subnet generator? See: !randomsubnet or (#3) You may be looking for !toplogy
12:19 <@Eugene> !topology
12:19 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) details and examples at: https://community.openvpn.net/openvpn/wiki/Topology
12:20 <@Eugene> Set the option as above; net30 is a terrible legacy hack and I'm sorry you've run into it
12:20 < ikonia> let me see what I missed, as I did read this link when I started the setup,
12:20 < ikonia> than kyou
12:21 < ikonia> (zero need to apologise)
12:27 < ikonia> ok - that looks much better and more sensible on a routing table point of view, its still not working as I can't reach .1 which is the address on the server, but it does look like it's correctly trying to route out of the client tun interface now
12:28 -!- somis [~somis@84-72-3-177.dclient.hispeed.ch] has quit [Quit: Leaving]
12:34 < friendlydave> I setup a static route on my LAN's router, but my VPN client can't ping other machines on the LAN.
12:36 < friendlydave> I'm running tcpdump on the vpn server, and I can see pings from vpn-client -> router -> vpn-client
12:36 < friendlydave> but when I ping another machine, I only see pings from vpn-client -> other machine (no reply)
12:37 < friendlydave> I was able to work around this with masquerading, but I wanted to try and figure out why it isn't working.
12:39 -!- skyroveRR [~skyroveRR@unaffiliated/skyroverr] has quit [Ping timeout: 260 seconds]
12:42 -!- somis [~somis@167.160.44.198] has joined #openvpn
12:42 < friendlydave> Hmm, it must be my router... wireshark on the other machine shows ping packets from vpn-client -> machine and machine -> vpn-client, but
12:43 < friendlydave> on my vpn server, I only see ping packets from vpn-client -> machine, and no reply... I guess my router isn't routing, even though I have a static route setup?
12:43 < friendlydave> am I missing something, or is my router just broken?
12:47 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Remote host closed the connection]
13:03 < friendlydave> Well this is very strange... It just started working, I was able to ping the other machine via vpn client! But then a few minutes later it stopped again...
13:07 -!- zimboboyd [~zimboboyd@213.183.76.156] has quit [Remote host closed the connection]
13:08 -!- zimboboyd [~zimboboyd@213.183.76.156] has joined #openvpn
13:08 < friendlydave> I got it to momentarily work again, it looks like if I ping the vpn server from the machine, the vpn client is able to ping the machine, but then randomly stops working like before.
13:09 < friendlydave> this is very bizarre...
13:10 < friendlydave> this must be something to do with the router?
13:10 < friendlydave> anyone have any idea whats going on here?
13:13 < somis> Is there a recommended way (or package) for a killswitch if my openvpn connection breaks?
13:15 < ikonia> kill switch ?
13:15 < ikonia> it will just disconnect
13:16 < somis> i need to rephrase, sorry
13:17 < somis> i want to disconnect the ethernet adpter eth0 when the tun0 fails
13:18 < somis> is this a bad way? i use now NetortkManager. maybe my "issue" is related to NM. it doesn't reconnect the vpn.
13:18 < somis> instead it connect without vpn
13:20 < somis> maybe my usecase is "weird". i googled a little and found some strange scipts on a ubuntu forum named "killswitch". that's why i used this term.
13:23 < friendlydave> I'll brb, but maybe someone can take a look at the tcpdump log: https://gist.github.com/anonymous/38b30232ea9972a30e73
13:23 <@vpnHelper> Title: tcpdump output · GitHub (at gist.github.com)
13:31 < somis> I found what i searched for. Thanks for reading. I can prevent the leaks with the right routing. I searched in the wrong direction.
13:36 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
13:42 -!- dionysus70 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
13:42 -!- BtbN_ [btbn@unaffiliated/btbn] has joined #openvpn
13:43 -!- eSgr [~eSgr@priv.is-infra.net] has quit [Ping timeout: 246 seconds]
13:43 -!- ShadniX [dagger@p5481C5DC.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
13:43 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
13:43 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
13:43 -!- dionysus70 is now known as dionysus69
13:44 -!- BtbN [btbn@unaffiliated/btbn] has quit [Quit: Bye]
13:44 -!- BtbN_ is now known as BtbN
13:48 -!- somis [~somis@167.160.44.198] has quit [Quit: Leaving]
13:50 -!- ShadniX [dagger@p5481C5DC.dip0.t-ipconnect.de] has joined #openvpn
13:50 -!- eSgr [~eSgr@priv.is-infra.net] has joined #openvpn
13:50 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
14:02 -!- Netas3k [~netas@unaffiliated/netas3k] has quit [Read error: Connection reset by peer]
14:11 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has joined #openvpn
14:15 -!- unix4linux_ [~unix4linu@50-88-20-246.res.bhn.net] has quit [Ping timeout: 260 seconds]
14:17 -!- Netas3k [~netas@unaffiliated/netas3k] has joined #openvpn
14:22 -!- somis [~somis@167.160.44.198] has joined #openvpn
14:23 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
14:25 -!- directionalpad [~direction@142-196-66-74.res.bhn.net] has quit [Ping timeout: 246 seconds]
14:28 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 260 seconds]
14:34 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has joined #openvpn
14:44 -!- sigsts [~sigsts@unaffiliated/skyroverr] has quit [Ping timeout: 246 seconds]
14:46 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 240 seconds]
14:46 -!- gffa [~unknown@unaffiliated/gffa] has quit [Read error: Connection reset by peer]
14:47 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
14:51 -!- sigsts [~sigsts@unaffiliated/skyroverr] has joined #openvpn
15:06 -!- Hadi [~Instantbi@31.59.52.74] has joined #openvpn
15:57 -!- Hadi [~Instantbi@31.59.52.74] has quit [Read error: Connection reset by peer]
15:57 -!- Hadi [~Instantbi@31.59.52.74] has joined #openvpn
15:57 -!- GFXDude [~GFXDude@ciscoasa.ecrsoft.com] has quit []
16:11 -!- friendlydave [~chatzilla@2605:a000:1507:a049:786a:553c:cc38:7866] has quit [Quit: ChatZilla 0.9.92 [Firefox 43.0.2/20151221130713]]
16:13 -!- JackWinter [~jack@73.Red-83-37-230.dynamicIP.rima-tde.net] has joined #openvpn
16:17 -!- speeddragon [~speeddrag@193.137.28.200] has joined #openvpn
16:20 -!- ponyofdeath [~vladi@cpe-76-172-86-115.socal.res.rr.com] has joined #openvpn
16:21 < ponyofdeath> hi, trying to get pfsense openvpn talking to my openvpn server and am getting tons of TLS errors. any idea what could be causing this? I have the proper certs and ca's in pfsense "TLS key negotiation failed to occur"
16:23 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 246 seconds]
16:25 -!- eliasp_ is now known as eliasp
16:27 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has quit [Ping timeout: 264 seconds]
16:28 -!- Cihan [uid136525@gateway/web/irccloud.com/x-rudbomeznhiytybk] has joined #openvpn
16:29 -!- valkyr1e [~valkyr1e@unaffiliated/hydralisk] has joined #openvpn
16:33 -!- CihanKaygusuz [uid135380@gateway/web/irccloud.com/x-zbgqkxinollpmdnk] has quit []
16:35 -!- CihanKaygusuz [uid136531@gateway/web/irccloud.com/x-emseoszyseleiubb] has joined #openvpn
16:45 -!- Hadi1 [~Instantbi@gateway/vpn/privateinternetaccess/merandus] has joined #openvpn
16:45 < Poster> clock skew?
16:47 -!- Hadi [~Instantbi@31.59.52.74] has quit [Ping timeout: 260 seconds]
16:47 -!- Hadi1 is now known as Hadi
16:51 -!- Hadi [~Instantbi@gateway/vpn/privateinternetaccess/merandus] has quit [Ping timeout: 240 seconds]
--- Log closed Mon Dec 28 16:56:18 2015
--- Log opened Mon Jan 04 08:08:05 2016
08:08 -!- ecrist [~ecrist@freebsd/contributor/openvpn.ecrist] has joined #openvpn
08:08 -!- Irssi: #openvpn: Total of 233 nicks [8 ops, 0 halfops, 4 voices, 221 normal]
08:08 -!- mode/#openvpn [+o ecrist] by ChanServ
08:08 -!- Irssi: Join to #openvpn was synced in 1 secs
08:34 <@dazo> ravegen: you should not use any commercial certificates for OpenVPN ... if you do that, others with certificates from the same issues may be able to connect to your openvpn server
08:36 <@dazo> DzAirmaX: you seem to have an issue with overlapping subnets ... tun0 and tun1 may not use the same subnet
08:37 < ravegen> If i have certs and keys for my websites https, can i use that on the config?
08:37 <@dazo> ravegen: you should not use any commercial certificates for OpenVPN ... if you do that, others with certificates from the same issues may be able to connect to your openvpn server
08:38 <@dazo> ravegen: for VPN, you should issue your own certificates to your own users
08:38 <@dazo> (and servers)
08:40 < ravegen> Dazo its the only i created with openssl intended for website.  I asked this question bcoz i read openvpn ssl is not standard like used by https
08:54 -!- deadlift44 [~kai@2a00:c1a0:4889:7100:9de4:1371:84b:1e2b] has joined #openvpn
08:58 < deadlift44> hi. i have a problem with updating the resolv.conf-file after openvpn is started. the dns information that i got from the server is not passed to the up/down script so it cannot correctly update the resolv.conf. http://dpaste.com/2THCPFV
08:59 < deadlift44> does somone have an idea on why that might be the case? i mean, the dns information is sent by the server. why it is not being passed as an argument to the up/down script along with the other parameters? thanks
09:00 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:00 < DzAirmaX> 10.8.8.0/24 is different from 10.8.0.0/24 no ?
09:01 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 260 seconds]
09:04 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
09:04 -!- mode/#openvpn [+o plaisthos] by ChanServ
09:04 <@ecrist> DzAirmaX: yes
09:04 <@ecrist> They are different subnets
09:04 < ravegen> Dazo its the only i created with openssl intended for website.  I asked this question bcoz i read openvpn ssl is not standard like used by https
09:05 < DzAirmaX> ecrist : how can they overlap ? I don't understand
09:05 <@ecrist> ravegen: HTTPS is a different protocol from OpenVPN
09:05 <@dazo> ravegen: you can use those certificates ... but it is highly discouraged
09:05 <@ecrist> they both can utilize x509 certificates for encryption, however.
09:05 <@ecrist> DzAirmaX: they don't overlap
09:06 <@dazo> DzAirmaX: sorry!  I didn't notice 10.8.8 vs 10.8.0
09:06 < DzAirmaX> ecrist : whats is wrong with my routing : http://pastebin.com/qiqLV0M8  ?
09:06 < Neighbour> DzAirmaX: 0.0.0.0/1 overlaps with 10.8.8.0/24
09:06 < DzAirmaX> dazo : np, I am just trying to figured it out and I am loosing it xD
09:07 < ravegen> How and why they differ when the certs and key were generated by openssl. Why the article stated that the ssl security of openvpn is not standard?
09:08 <@ecrist> The 0.0.0.0/1 essentially changes most of your default route, pointing to your VPN interface
09:08 < Neighbour> ravegen: HTTPS is HTTP over SSL, OpenVPN does IP over SSL (tun) or Ethernet over SSL (tap)
09:11 < deadlift44> can i somewhere configure what information are getting passed to the up/down scripts?
09:11 <@dazo> ravegen: the SSL/TLS protocol is strictly TCP by design.  But VPNs should always try to use UDP instead, to avoid TCP-over-TCP issues.  So OpenVPN intercepts the SSL/TLS network packets generated by the SSL library, adds some more encapsulation to make it usable both over UDP and TCP.  These encapsulated packets are sent over the network.  And these packets is not compatible with the SSL/TLS protocol directly (not until you remove the
09:11 <@dazo> encapsulation)
09:12 < DzAirmaX> hmm you are right
09:12 < Neighbour> dazo: interesting, didn't know that :)
09:14 < ravegen> Dazo, is there a way for openvpn to be more like https for bypassing purposes using port 443 tcp?
09:15 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
09:15 <@dazo> ravegen: nope ... then you must use some kind of proxy which encapsulates the openvpn packets as HTTP requests ... or you need to hack on the openvpn code to add such support
09:15 <@dazo> ravegen: with that said ... many have had success using obfsproxy though
09:16 <@dazo> the downside of using such proxies is that you must switch to TCP ... and then you're often getting TCP-over-TCP-over TCP .... which can really be a true pain on unreliable connections
09:18 <@dazo> (remember that the TCP stack can resend packets ... an application via the tunnel does that, and then the tunnel starts to resend packets, and then the proxy on top of that ... then you'll have a solid party for packet collisions and duplicated packets
09:18 < ravegen> Yeah i read  about obfsproxy but i thought i can just improvised more on openvpn only.
09:19 -!- weox [uid112413@gateway/web/irccloud.com/x-rxmqjxjkpxcfazxg] has joined #openvpn
09:20 <@dazo> what would be cool to see is a proxy which can proxy UDP connections over TCP (and HTTP/HTTPS as an extension) ... for those situations that is the only option - but with that you avoid the trippled TCP-over-TCP, and only get a double one
09:20 < DzAirmaX> `guyz, is there a tutorial for redirecting all route except a specific one without overlapping pb ?
09:23 < ravegen> Dazo anyway i had to ask that because for bypassing.  Right now  i am using a http proxy.  The problem  client connection is dropped immediately or maybe not.  Tcp recv eof is receive with that http proxy.  Do you have advice on this?
09:24 <@dazo> I have no experience with using http proxies at all
09:25 < ravegen> Alright. Tnx for the answers. Good day.
09:26 -!- teksimian [~chatzilla@174-138-204-15.cpe.distributel.net] has joined #openvpn
09:27 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has quit [Ping timeout: 255 seconds]
09:31 -!- plaisthos [~arne@openvpn/community/developer/plaisthos] has joined #openvpn
09:31 -!- mode/#openvpn [+o plaisthos] by ChanServ
09:32 < DzAirmaX> mybe I should push all the specifics routes in the ccd for this specific clients ?
09:38 < DzAirmaX> I guess I am looking to do something impossible ...
09:43 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
09:47 < ravegen> Dazo can use port-share to another https website for port 443?
09:51 <@dazo> ravegen: port-share is intended to "hide" an openvpn server behind a https service.  So what happens is that when someone connects to the server on port 443/tcp, openvpn looks at the packet.  If it is an openvpn packet, it will process it as VPN tunnel data ... if not, it pushes it further to the server configured with --port-share
09:52 <@dazo> And how openvpn decides if it is an openvpn packet or https packet ... it "fingerprints" the packet.   So you will not get any OpenVPN packets looking like plain SSL/TLS packet (which HTTPS in essence is on the wire)
09:53 < ravegen> Ok but do i need to own the web service for this option to work?
09:54 < Neighbour> DzAirmaX: I think that if you play with the route metrics, you should be able to get it to work
09:54 < Neighbour> assign the 10.8.8.0/24 route a numerically lower (higher priority) metric than the 0.0.0.0/1 route
09:55 -!- deadlift44 [~kai@2a00:c1a0:4889:7100:9de4:1371:84b:1e2b] has quit []
09:55 < ravegen> Or can i have the web service not on the same server
09:57 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
10:09 < DzAirmaX> Neighbour : gonna try that right away
10:15 -!- ravegen [~androirc@199.175.48.56] has quit [Quit: AndroIRC - Android IRC Client ( http://www.androirc.com )]
10:20 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
10:22 -!- xamindar [~quassel@c-24-4-76-244.hsd1.ca.comcast.net] has joined #openvpn
10:27 < DzAirmaX> Neighbour : I am struggling, I guess I need to increase the metric of 0.0.0.0/1 routefirst right ?
10:31 -!- shio [marmottin@129.121.101.84.rev.sfr.net] has quit [Ping timeout: 255 seconds]
10:38 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection]
10:41 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn
10:53 -!- Ryushin [user@windwalker.chrisdos.com] has quit [Ping timeout: 264 seconds]
11:17 -!- unix4linux_ [~unix4linu@75.112.21.38] has joined #openvpn
11:23 -!- wiz is now known as jmaurice
11:23 -!- jmaurice is now known as wiz
11:33 -!- gffa [~unknown@unaffiliated/gffa] has joined #openvpn
11:36 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
11:36 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
11:37 -!- andy09usa [~andy@unaffiliated/andy09usa] has quit [Quit: leaving]
11:39 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
11:39 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
11:51 < DzAirmaX> ok I GIVE UP
11:51 < DzAirmaX> thank you for your precious help
11:51 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has joined #openvpn
11:53 -!- shio [marmottin@129.121.101.84.rev.sfr.net] has joined #openvpn
11:53 < Neighbour> DzAirmaX: yes, the metric of 0.0.0.0/1 needs to be a higher number than the metric for 10.8.8.0/24
11:54 < DzAirmaX> Neighbour : yep have done it by replacing the routes with ip route
11:54 -!- unix4linux_ [~unix4linu@75.112.21.38] has quit [Ping timeout: 250 seconds]
11:55 < DzAirmaX> Neighbour: but not the expected result
11:55 < Neighbour> what happened?
11:55 < DzAirmaX> still the same pb, the tun1 traffic still go through tun0
11:56 < DzAirmaX> I put a metric of 30 on the 0.0.0.0/1 and a metric of 1 on the 10.8.8.0/24
11:57 < Neighbour> and what kind of traffic would that be? (src, dst ip)
11:57 < DzAirmaX> traffic from 10.8.8.2 to 10.8.8.3
11:58 < DzAirmaX> still goes trough tun0 which is 10.8.0.1 (the ither vpn server)
11:58 < DzAirmaX> other*
12:00 < Neighbour> um, so there are 10.8.8 ip's connected to tun0?
12:01 -!- HollowPoint [~quassel@62.255.245.182] has quit [Remote host closed the connection]
12:01 < DzAirmaX> nope
12:02 < DzAirmaX> tun0 = 10.8.0.0/24 with push "redirect-gateway def1 bypass-dhcp"
12:02 < DzAirmaX> tun1 = 10.8.8.0/24 with no push
12:03 < Neighbour> and both tun0 and tun1 are client-openvpn's?
12:03 < DzAirmaX> yep
12:04 < DzAirmaX> my first idea was to change the ccd of the client tun0, for it to bypass 10.8.8.0/24 .... I couldn't figure it out
12:05 <@ecrist> DzAirmaX: you're thinking backwards a bit
12:05 <@ecrist> you have to actually create a route for it if you're going to set a default
12:05 < Neighbour> could you put the output of `route -n` on pastebin please? It should not differ much from the output of `ip route show` that you already put up, but I'm more familiar with it, so it might help me :)
12:05 <@ecrist> or you need to break up your default into smaller subnets that avoid the 10.8.8/24 network
12:07 < DzAirmaX> ecrist : yeah that's the idea, but I don't have the required knowledge I guess for putting that into place
12:08 <@ecrist> DzAirmaX: google how to calculate subnets
12:10 < DzAirmaX> Neighbour : http://pastebin.com/mRsaRVyd
12:15 -!- shiriru [~shiriru@46.10.54.164] has quit [Quit: Leaving]
12:17 -!- ade_b [~Ade@redhat/adeb] has quit [Quit: Too sexy for his shirt]
12:20 < Neighbour> ok, that looks like it should work
12:21 < Neighbour> do you have any nat firewall rules active?
12:21 < DzAirmaX> wait double checking
12:22 < Neighbour> `iptables -t nat -L -n -v`
12:23 < DzAirmaX> nope
12:23 < DzAirmaX> this is on client side
12:25 < Neighbour> ok, so if you run a `tcpdump -n -i tun0 icmp` on one console, and `ping -I 10.8.8.2 10.8.8.3` on the other, what does the tcpdump show?
12:26 < Neighbour> (if it does really go over tun0, it should show the icmp packets going out, but if it goes as you want it to go, the pings shouldn't show up)
12:27 < Neighbour> you could monitor tun1 as well with another tcpdump on yet another console
12:27 < DzAirmaX> they dont show on the tun0
12:27 < Neighbour> well, good, then the traffic is not routed over tun0, as you wanted it :)
12:27 < Neighbour> so where *are* they going? :)
12:27 < DzAirmaX> wait 2 sec
12:28 < Neighbour> by 'the traffic is not routed', i meant 'the pings aren't sent oud' :)
12:28 < Neighbour> out*
12:28 < DzAirmaX> why the status of my server tun1 show the ip of my server tun0 ?
12:29 < Neighbour> 'status'?
12:30 < DzAirmaX> client 10.8.8.2 shows up with the ip of tun0 on the openvpn status (CLIENT_LIST,client etc..)
12:30 < Neighbour> ah, the openvpn status file
12:33 < Neighbour> the subnet assigned, the tunnel ip and all detected and learned client-net ip's and the external IP of the client all show up in the server's status file
12:33 < Neighbour> the learned IP's have a 'C' appended to them
12:43 < DzAirmaX> I agree with you
12:45 < DzAirmaX> If I do a  iftop on the host of tun0, I can still see the ip of the server tun1.... somehow it still redirect packets on it
12:55 < Neighbour> what do you mean by that?
13:10 -!- yoink [~yoink@66.171.168.10] has joined #openvpn
13:11 < DzAirmaX> Neighbour: I was not clear enough, my bad
13:13 -!- LordDragon [~Dragon@unaffiliated/lorddragon] has joined #openvpn
13:14 < Neighbour> i get confused easily :)
13:16 < LordDragon> !welcome
13:16 <@vpnHelper> "welcome" is (#1) Start by stating your goal, such as 'I would like to access the internet over my vpn' || new to IRC? see the link in !ask || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum
13:16 <@vpnHelper> !wiki !mitm or (#2) Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict)
13:17 < DzAirmaX> Neighbour: If I do a "iftop" on the host of the openvpn server tun0, I can see the ip of the client of tun1...
13:17 < LordDragon> hey all. my goal is to gain access to my windows samba drive share via the internet over openvpn
13:18 < LordDragon> openvpn server is running on my router. the samba share i want to get to is my hardwired windows PC which is connected to the router. the openvpn client is tunnelblick on mac os x
13:19 -!- ShapeShifter499 [~ShapeShif@unaffiliated/shapeshifter499] has quit [Remote host closed the connection]
13:19 < LordDragon> i have successfully connected and can see various http servers on my local network from remote pc. BUT, for some reason, when i try to access the smb share, it just hangs and wont connect
13:19 < Neighbour> DzAirmaX: which ip specifically? the Internet IP, or any other specific IP?
13:20 < DzAirmaX> Neighbour: internet ip
13:20 < LordDragon> i have verified that the samba share is working correctly when the mac is connected direct to local network via wifi
13:21 < Neighbour> LordDragon: can you ping both hosts from eachother?
13:23 < Neighbour> DzAirmaX: hm, that's odd...could you do a `tcpdump -n -i tun0 src host <ip>` on the openvpn server for tun0 and see which IP it's trying to connect to?
13:24 < Neighbour> maybe that sheds some light on it
13:24 < Neighbour> (because if you see the internet IP, that means traffic went out on eth0 on the openvpn client)
13:28 < LordDragon> Neighbour: i cannot ping my windows pc's local IP address over the vpn tunnel. i CAN ping other servers on the LAN via the tunnel though
13:29 < DzAirmaX> Neighbour : yeah its shows something
13:34 < DzAirmaX> Neighbour : for trying to be superclear, HOST 1 (IP Internet : IP_1) openvpn server tun0 IP 10.8.0.0 and HOST 2 (IP INTERNET : IP_2) openvpn server tun21 IP 10.8.8.0 and HOST 3 (IP INTERNET : IP_3) openvpn client 1 & client 2 tun0 / tun1
13:34 < DzAirmaX> Neighbour : somehow on the HOST 1, iftop shows me IP_2. your tcpdump shows it too
13:36 < DzAirmaX> Neighbour : on HOST 1, tcpdump -n -i tun0 src host IP_2  =>> results from 10.8.0.x client from HOST3
13:37 < Neighbour> ahh, that's very clear..thank you :)
13:38 < Neighbour> LordDragon: Ok, but you want to access the shares on the windows pc right? so if you can't ping it (try turning any windows firewalls off), smb access is also unlikely
13:40 < Neighbour> DzAirmaX: ok, so host2 sends something to host3 (src IP_2, dst 10.8.0.x?), which checks its routing table and sees that it must go to tun0 (because it's not 10.8.8/24 and everything else goes out tun0), and then it arrives at host1
13:41 < Neighbour> what I'm wondering then, is why host2 is sending traffic for 10.8.0.x to host3 in the first place?
13:42 < LordDragon> Neighbour: yep. it says it right in the topic too "probably firewall". lol. and it was. turning windows firewall off fixed it
13:42 < LordDragon> but i dont want to run with no firewall. so im trying to figure out what sort of exception to setup to make samba work
13:42 < Neighbour> tcp port 445 should generally work
13:46 < LordDragon> Neighbour: yeah "File and Printer Sharing" which says "port 445" is allowed and enabled. but still no go unless i disable the whole windows firewall
13:46 -!- speeddragon [~speeddrag@193.137.28.200] has quit [Ping timeout: 240 seconds]
13:46 < DzAirmaX> Neighbour : I think the problem is linked to the fact that openvpn creates the tun0 / redirect all traffic. Then when it comes to create tun1, it goes through tun0...
13:47 < DzAirmaX> Neighbour : and If I do it the other other, somehow the route between client 2 and server 2 is reset....
13:47 -!- Mikato [~Mikato@unaffiliated/mikato] has joined #openvpn
13:48 < DzAirmaX> Neighbour: I think ecrist is right, I should check for breaking the default to small subnet... I checked the calculator subnet as he told me but I am still lost lol
13:49 < Neighbour> how about if you start by not redirecting all traffic through openvpn
13:49 < Neighbour> and then checking if everything else works as expected
13:49 < LordDragon> Neighbour: ah ok. it was the "firewall scope" of the file sharing rule. i had to set it to "remote ip = any"
13:50 < Neighbour> LordDragon: uh, ok...good :) I have no experience with Windows Firewalling, except turning it off :P
13:51 < LordDragon> hehe. yeah its prob useless. but it makes it easier to pretend im semi secure :)
14:00 < DzAirmaX> Neighbour : yeah everything is workiung perfectly....
14:01 < [Mew2]> Is there a free alternative to openvpnAS available?
14:01 -!- gchristensen [~gchristen@unaffiliated/grahamc] has left #openvpn ["WeeChat 0.4.2"]
14:04 < Neighbour> DzAirmaX: hm, if you manually add routes to the internet IP's of host1 and host2 with metric 1 over eth0, and then add routes to 0.0.0.0/1 and 128.0.0.0/1 with metric 10 over tun0 after both tunnels are setup?
14:04 < Neighbour> does everything then still work as expected? :)
14:05 -!- andy09usa [~andy@unaffiliated/andy09usa] has joined #openvpn
14:08 < [Mew2]> Is there a free alternative to openvpnAS available?
14:08 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Read error: Connection reset by peer]
14:08 < DzAirmaX> [Mew2] : no idea
14:08 < DzAirmaX> Neighbour : adding the route now
14:09 < [Mew2]> I need a web admin
14:09 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has joined #openvpn
14:13 -!- rfizzle [~textual@108.150.211.130.bc.googleusercontent.com] has joined #openvpn
14:13 < DzAirmaX> Neighbour : you lost me there, you want me to manually route the internet traffic on tun0, right ?
14:14 -!- andy09usa [~andy@unaffiliated/andy09usa] has quit [Remote host closed the connection]
14:15 < DzAirmaX> Neighbour : here is my route -n here http://pastebin.com/cBwX8dQL
14:15 -!- hubbunny [~Administr@176.61.67.143] has joined #openvpn
14:16 -!- Mikato [~Mikato@unaffiliated/mikato] has quit [Quit: Leaving]
14:17 < hubbunny> Hey guys, I've set up a vpn server on ubuntu. When I connect my windows client to the server, I'm still getting the same public ip address. I'm sure I'm missing some simple configuration can anyone point me in the right direction?
14:27 -!- hubbunny [~Administr@176.61.67.143] has quit [Ping timeout: 240 seconds]
14:31 < DzAirmaX> Neighbour : something is wrong with what you are saying...
14:32 -!- unix4linux_ [~unix4linu@75.112.21.38] has joined #openvpn
14:38 < Neighbour> how so?
14:38 < DzAirmaX> I added the route but the weight dosnt seems right
14:38 < Neighbour> you need to make sure that any traffic to the openvpn servers goes out eth0, and all traffic to the tunneled LANs goes trough the respective tunnels, and then all other traffic to tun0
14:39 < DzAirmaX> ip route add 0.0.0.0/1 dev tun0 metric 10
14:40 < DzAirmaX> ip route add 128.0.0.0/1 dev tun0 metric 10
14:41 < DzAirmaX> ip route add IP1 dev eth0 metric 1
14:41 < DzAirmaX> ip route add IP2 dev eth0 metric 1
14:41 < Neighbour> you might even be able to scrap those and just do a `ip route add default dev tun0 metric 10`, but only after you've added routes for IP1 and IP2
14:41 < DzAirmaX> it went trough
14:41 < DzAirmaX> but tun1 disconnected and I can't ping the world anymore
14:42 < Neighbour> tun1 is to host2 right?
14:42 < DzAirmaX> yeah
14:42 < Neighbour> try a `traceroute -I IP2` and see where it goes
14:44 < Neighbour> you might need to change the IP1 and IP2 routes to `ip route add IP1 gw 192.168.1.1 dev eth0 metric 1`
14:44 < Neighbour> (though specifying gw 192.168.1.1 already implies dev eth0)
14:45 < DzAirmaX> rofl i dont have this packet installed lol need to delete all the route 2 sec
14:45 < DzAirmaX> ok
14:50 -!- ustn [~ustn@p4FDB0427.dip0.t-ipconnect.de] has joined #openvpn
14:50 < DzAirmaX> with the gw I have got the Error: either "to" is duplicate, or "gw" is a garbage.
14:51 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
14:53 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
14:57 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
14:58 -!- rfizzle [~textual@108.150.211.130.bc.googleusercontent.com] has quit [Quit: Textual IRC Client: www.textualapp.com]
15:02 < Neighbour> my bad...under linux, 'gw' is implicit and should not be mentioned explicitly, but under windows it is
15:03 < Neighbour> or not...bleh, i'm confusing myself now
15:03 < DzAirmaX> lol
15:03 < Neighbour> `route add IP1 gw 192.168.1.1 dev eth0 metric 10`
15:03 < DzAirmaX> 0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
15:03 < Neighbour> it's the newfangled ip route that throws me off :)
15:03 < DzAirmaX> I am supposed to deltete his one too ?
15:04 < Neighbour> well, you could leave out the 0.0.0.0/1 and 128.0.0.0/1 routes and just change the default (0.0.0.0) route
15:04 < Neighbour> the 0.0.0.0/1 and 128.0.0.0/1 are a trick to override the default route without deleting it
15:05 < DzAirmaX> ok I didnt know
15:05 < Neighbour> but if you have created routes for the internet IP's of the vpn servers (which shouldn't go through a tunnel), you can redirect everything else to the tunnel
15:07 < DzAirmaX> making some test for being sur everything goes trough tun0
15:07 < Neighbour> traceroute should help you determine where traffic goes
15:11 < DzAirmaX> ok its working
15:11 < DzAirmaX> hmm this drive me CRAZY
15:12 < Neighbour> so is it working, or isn't it? :)
15:12 < DzAirmaX> yeah it is
15:13 < Neighbour> \o/
15:13 < DzAirmaX> how should I do for pushing those route trough ccd ?
15:13 < Neighbour> host1 pushes the route to ip1 with metric
15:13 < Neighbour> host2 pushes the route to ip2 with metric
15:14 < Neighbour> and one of those (the one where you want all other traffic to go to) pushes routes 0.0.0.0/1 and 128.0.0.0/1
15:14 -!- dionysus69 [~Thunderbi@unaffiliated/dionysus69] has quit [Ping timeout: 246 seconds]
15:15 -!- unix4linux_ [~unix4linu@75.112.21.38] has quit [Ping timeout: 276 seconds]
15:16 < DzAirmaX> can I also push the dns like before ?
15:16 < Neighbour> though i'm not sure if openvpn allows you to push routes to other devices
15:16 < Neighbour> dns? I must've missed that earlier
15:16 < DzAirmaX> yeah I my ccd I have this line too
15:16 < Neighbour> (it would make sense that openvpn assumes you're pushing routes that need to go to the tunnel...which means you can't push routes to IP1 and IP2)
15:17 < DzAirmaX> push "dhcp-option DNS 213.186.33.99"
15:18 < Neighbour> I've never used that, so I don't know how (and especially when) that works
15:18 < DzAirmaX> ok gonna make some test
15:18 < DzAirmaX> Neighbour : thank you for your patience
15:18 < DzAirmaX> Neighbour : and your help
15:18 < Neighbour> np, glad I could help
15:34 -!- Ryushin [user@windwalker.chrisdos.com] has joined #openvpn
15:50 -!- gffa [~unknown@unaffiliated/gffa] has quit [Quit: sleep]
16:22 -!- unix4linux_ [~unix4linu@75.112.21.38] has joined #openvpn
16:29 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
16:29 -!- Zzyzx [~Zzyzx@unaffiliated/zzyzx] has joined #openvpn
16:30 -!- THX1138 [~Zzyzx@unaffiliated/zzyzx] has quit [Ping timeout: 246 seconds]
16:30 -!- Zzyzx is now known as THX1138
16:32 < [Mew2]> please
16:32 < [Mew2]> can someone tell me about a free alternative to openvpn access server
16:32 < [Mew2]> i need a webadmin for openvpn
16:33 <@plaisthos> I do not know of any
16:34 < [Mew2]> why do they do this
16:34 < [Mew2]> give a free openvpn and then charge for webadmin
16:36 <@plaisthos> Because they also need to make money?
16:37 < [Mew2]> its cut throat
16:37 < [Mew2]> but i gueess all things in this world are
16:39 <@plaisthos> not really
16:40 <@plaisthos> if you have time do it manually
16:40 <@plaisthos> if you want it quick and easy, pay for it
16:40 <@plaisthos> and I think up to 2 users or something AS is free
16:42 <@plaisthos> you can also buy sophos utm
16:42 <@plaisthos> it also includes an OpenVPN UI
16:42 < [Mew2]> my funding is limited atm
16:47 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has joined #openvpn
16:49 -!- ustn [~ustn@p4FDB0427.dip0.t-ipconnect.de] has quit [Quit: ustn]
16:52 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
17:06 -!- friendlydave [~dave@2605:a000:1507:8024:c51c:b284:a380:e95] has quit [Ping timeout: 240 seconds]
17:08 -!- friendlydave [~dave@cpe-70-94-254-132.new.res.rr.com] has joined #openvpn
17:08 -!- toretore [~toretore@crr06-3-82-231-12-81.fbx.proxad.net] has joined #openvpn
17:14 -!- potatoes_ [~choches_@207.140.243.134] has joined #openvpn
17:15 < potatoes_> so I have a question, when I have the same user connecting to our OpenVPN tunnel from the same IP we constantly fight for access, whats the best way to address this?  setting up specific users with separate keys or passwords, OR allowing some settings to tweak to allow multiple connections from the same IP?
17:36 < ValdikSS> https://bugs.archlinux.org/task/47535
17:36 <@vpnHelper> Title: FS#47535 : [networkmanager] 1.0.10-1 openvpn plugin fails to add routes. (at bugs.archlinux.org)
17:46 -!- toli [~toli@ip-62-235-216-60.dsl.scarlet.be] has quit [Ping timeout: 246 seconds]
17:46 -!- dazo is now known as dazo_afk
17:48 -!- toli [~toli@ip-62-235-237-195.dsl.scarlet.be] has joined #openvpn
17:51 -!- potatoes_ [~choches_@207.140.243.134] has quit [Ping timeout: 245 seconds]
18:10 -!- defsdoor [~andy@cpc73037-sutt4-2-0-cust62.19-1.cable.virginm.net] has quit [Remote host closed the connection]
18:24 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
18:42 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
18:46 -!- somis [~somis@70.38.6.189] has quit [Quit: Leaving]
18:51 -!- Buba1 [~Buba1@unaffiliated/buba1] has joined #openvpn
18:51 -!- Buba1 [~Buba1@unaffiliated/buba1] has quit [Read error: Connection reset by peer]
18:51 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:07 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:19 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:21 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:28 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:31 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:36 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Remote host closed the connection]
19:37 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has joined #openvpn
19:58 -!- OS-16517 [~YBPL@unaffiliated/os-16517] has quit []
20:04 -!- speeddragon [~speeddrag@sm2-84-91-40-157.netvisao.pt] has quit [Ping timeout: 265 seconds]
20:12 -!- averagecase [~bolle@cl-6544.cgn-01.de.sixxs.net] has quit [Quit: Leaving]
20:21 -!- akurilin [~alex@208.80.70.250] has quit [Quit: WeeChat 1.2]
20:30 -!- Kephael [~Kephael@unaffiliated/kephael] has joined #openvpn
20:56 -!- yoink [~yoink@66.171.168.10] has quit [Read error: Connection reset by peer]
21:04 -!- yoink [~yoink@66.171.168.10] has joined #openvpn
21:37 -!- tobinski___ [~tobinski@x2f5ecd5.dyn.telefonica.de] has joined #openvpn
21:40 -!- tobinski_ [~tobinski@x2f564dd.dyn.telefonica.de] has quit [Ping timeout: 246 seconds]
21:54 -!- weox [uid112413@gateway/web/irccloud.com/x-rxmqjxjkpxcfazxg] has quit [Quit: Connection closed for inactivity]
22:29 -!- troyt [~troyt@2601:681:4600:3381:44dd:acff:fe85:9c8e] has quit [Ping timeout: 264 seconds]
22:38 -!- Kephael [~Kephael@unaffiliated/kephael] has quit [Read error: Connection reset by peer]
22:47 -!- teksimian [~chatzilla@174-138-204-15.cpe.distributel.net] has quit [Ping timeout: 276 seconds]
22:47 -!- troyt [~troyt@2601:681:4600:3381:44dd:acff:fe85:9c8e] has joined #openvpn
23:10 -!- ShadniX [dagger@p5DDFEEC3.dip0.t-ipconnect.de] has quit [Ping timeout: 246 seconds]
23:10 -!- ShadniX [dagger@p5DDFC27A.dip0.t-ipconnect.de] has joined #openvpn